4 * Maintainer: Jason Wessel <jason.wessel@windriver.com>
6 * Copyright (C) 2000-2001 VERITAS Software Corporation.
7 * Copyright (C) 2002-2004 Timesys Corporation
8 * Copyright (C) 2003-2004 Amit S. Kale <amitkale@linsyssoft.com>
9 * Copyright (C) 2004 Pavel Machek <pavel@suse.cz>
10 * Copyright (C) 2004-2006 Tom Rini <trini@kernel.crashing.org>
11 * Copyright (C) 2004-2006 LinSysSoft Technologies Pvt. Ltd.
12 * Copyright (C) 2005-2009 Wind River Systems, Inc.
13 * Copyright (C) 2007 MontaVista Software, Inc.
14 * Copyright (C) 2008 Red Hat, Inc., Ingo Molnar <mingo@redhat.com>
16 * Contributors at various stages not listed above:
17 * Jason Wessel ( jason.wessel@windriver.com )
18 * George Anzinger <george@mvista.com>
19 * Anurekh Saxena (anurekh.saxena@timesys.com)
20 * Lake Stevens Instrument Division (Glenn Engel)
21 * Jim Kingdon, Cygnus Support.
23 * Original KGDB stub: David Grothe <dave@gcom.com>,
24 * Tigran Aivazian <tigran@sco.com>
26 * This file is licensed under the terms of the GNU General Public License
27 * version 2. This program is licensed "as is" without any warranty of any
28 * kind, whether express or implied.
31 #include <linux/kernel.h>
32 #include <linux/kgdb.h>
33 #include <linux/kdb.h>
34 #include <linux/reboot.h>
35 #include <linux/uaccess.h>
36 #include <asm/cacheflush.h>
37 #include <asm/unaligned.h>
38 #include "debug_core.h"
40 #define KGDB_MAX_THREAD_QUERY 17
42 /* Our I/O buffers. */
43 static char remcom_in_buffer[BUFMAX];
44 static char remcom_out_buffer[BUFMAX];
46 /* Storage for the registers, in GDB format. */
47 static unsigned long gdb_regs[(NUMREGBYTES +
48 sizeof(unsigned long) - 1) /
49 sizeof(unsigned long)];
52 * GDB remote protocol parser:
55 #ifdef CONFIG_KGDB_KDB
56 static int gdbstub_read_wait(void)
61 /* poll any additional I/O interfaces that are defined */
63 for (i = 0; kdb_poll_funcs[i] != NULL; i++) {
64 ret = kdb_poll_funcs[i]();
71 static int gdbstub_read_wait(void)
73 int ret = dbg_io_ops->read_char();
74 while (ret == NO_POLL_CHAR)
75 ret = dbg_io_ops->read_char();
79 /* scan for the sequence $<data>#<checksum> */
80 static void get_packet(char *buffer)
82 unsigned char checksum;
83 unsigned char xmitcsum;
89 * Spin and wait around for the start character, ignore all
92 while ((ch = (gdbstub_read_wait())) != '$')
102 * now, read until a # or end of buffer is found:
104 while (count < (BUFMAX - 1)) {
105 ch = gdbstub_read_wait();
108 checksum = checksum + ch;
115 xmitcsum = hex_to_bin(gdbstub_read_wait()) << 4;
116 xmitcsum += hex_to_bin(gdbstub_read_wait());
118 if (checksum != xmitcsum)
119 /* failed checksum */
120 dbg_io_ops->write_char('-');
122 /* successful transfer */
123 dbg_io_ops->write_char('+');
124 if (dbg_io_ops->flush)
127 } while (checksum != xmitcsum);
131 * Send the packet in buffer.
132 * Check for gdb connection if asked for.
134 static void put_packet(char *buffer)
136 unsigned char checksum;
141 * $<packet info>#<checksum>.
144 dbg_io_ops->write_char('$');
148 while ((ch = buffer[count])) {
149 dbg_io_ops->write_char(ch);
154 dbg_io_ops->write_char('#');
155 dbg_io_ops->write_char(hex_asc_hi(checksum));
156 dbg_io_ops->write_char(hex_asc_lo(checksum));
157 if (dbg_io_ops->flush)
160 /* Now see what we get in reply. */
161 ch = gdbstub_read_wait();
164 ch = gdbstub_read_wait();
166 /* If we get an ACK, we are done. */
171 * If we get the start of another packet, this means
172 * that GDB is attempting to reconnect. We will NAK
173 * the packet being sent, and stop trying to send this
177 dbg_io_ops->write_char('-');
178 if (dbg_io_ops->flush)
185 static char gdbmsgbuf[BUFMAX + 1];
187 void gdbstub_msg_write(const char *s, int len)
199 /* Fill and send buffers... */
201 bufptr = gdbmsgbuf + 1;
203 /* Calculate how many this time */
204 if ((len << 1) > (BUFMAX - 2))
205 wcount = (BUFMAX - 2) >> 1;
209 /* Pack in hex chars */
210 for (i = 0; i < wcount; i++)
211 bufptr = pack_hex_byte(bufptr, s[i]);
219 put_packet(gdbmsgbuf);
224 * Convert the memory pointed to by mem into hex, placing result in
225 * buf. Return a pointer to the last char put in buf (null). May
228 int kgdb_mem2hex(char *mem, char *buf, int count)
234 * We use the upper half of buf as an intermediate buffer for the
235 * raw memory copy. Hex conversion will work against this one.
239 err = probe_kernel_read(tmp, mem, count);
242 buf = pack_hex_byte(buf, *tmp);
254 * Convert the hex array pointed to by buf into binary to be placed in
255 * mem. Return a pointer to the character AFTER the last byte
256 * written. May return an error.
258 int kgdb_hex2mem(char *buf, char *mem, int count)
264 * We use the upper half of buf as an intermediate buffer for the
265 * raw memory that is converted from hex.
267 tmp_raw = buf + count * 2;
269 tmp_hex = tmp_raw - 1;
270 while (tmp_hex >= buf) {
272 *tmp_raw = hex_to_bin(*tmp_hex--);
273 *tmp_raw |= hex_to_bin(*tmp_hex--) << 4;
276 return probe_kernel_write(mem, tmp_raw, count);
280 * While we find nice hex chars, build a long_val.
281 * Return number of chars processed.
283 int kgdb_hex2long(char **ptr, unsigned long *long_val)
296 hex_val = hex_to_bin(**ptr);
300 *long_val = (*long_val << 4) | hex_val;
306 *long_val = -*long_val;
312 * Copy the binary array pointed to by buf into mem. Fix $, #, and
313 * 0x7d escaped with 0x7d. Return -EFAULT on failure or 0 on success.
314 * The input buf is overwitten with the result to write to mem.
316 static int kgdb_ebin2mem(char *buf, char *mem, int count)
321 while (count-- > 0) {
324 c[size] = *buf++ ^ 0x20;
328 return probe_kernel_write(mem, c, size);
331 /* Write memory due to an 'M' or 'X' packet. */
332 static int write_mem_msg(int binary)
334 char *ptr = &remcom_in_buffer[1];
336 unsigned long length;
339 if (kgdb_hex2long(&ptr, &addr) > 0 && *(ptr++) == ',' &&
340 kgdb_hex2long(&ptr, &length) > 0 && *(ptr++) == ':') {
342 err = kgdb_ebin2mem(ptr, (char *)addr, length);
344 err = kgdb_hex2mem(ptr, (char *)addr, length);
347 if (CACHE_FLUSH_IS_SAFE)
348 flush_icache_range(addr, addr + length);
355 static void error_packet(char *pkt, int error)
359 pkt[1] = hex_asc[(error / 10)];
360 pkt[2] = hex_asc[(error % 10)];
365 * Thread ID accessors. We represent a flat TID space to GDB, where
366 * the per CPU idle threads (which under Linux all have PID 0) are
367 * remapped to negative TIDs.
370 #define BUF_THREAD_ID_SIZE 8
372 static char *pack_threadid(char *pkt, unsigned char *id)
374 unsigned char *limit;
377 limit = id + (BUF_THREAD_ID_SIZE / 2);
379 if (!lzero || *id != 0) {
380 pkt = pack_hex_byte(pkt, *id);
387 pkt = pack_hex_byte(pkt, 0);
392 static void int_to_threadref(unsigned char *id, int value)
394 put_unaligned_be32(value, id);
397 static struct task_struct *getthread(struct pt_regs *regs, int tid)
400 * Non-positive TIDs are remapped to the cpu shadow information
402 if (tid == 0 || tid == -1)
403 tid = -atomic_read(&kgdb_active) - 2;
404 if (tid < -1 && tid > -NR_CPUS - 2) {
405 if (kgdb_info[-tid - 2].task)
406 return kgdb_info[-tid - 2].task;
408 return idle_task(-tid - 2);
411 printk(KERN_ERR "KGDB: Internal thread select error\n");
417 * find_task_by_pid_ns() does not take the tasklist lock anymore
418 * but is nicely RCU locked - hence is a pretty resilient
421 return find_task_by_pid_ns(tid, &init_pid_ns);
426 * Remap normal tasks to their real PID,
427 * CPU shadow threads are mapped to -CPU - 2
429 static inline int shadow_pid(int realpid)
434 return -raw_smp_processor_id() - 2;
438 * All the functions that start with gdb_cmd are the various
439 * operations to implement the handlers for the gdbserial protocol
440 * where KGDB is communicating with an external debugger
443 /* Handle the '?' status packets */
444 static void gdb_cmd_status(struct kgdb_state *ks)
447 * We know that this packet is only sent
448 * during initial connect. So to be safe,
449 * we clear out our breakpoints now in case
450 * GDB is reconnecting.
452 dbg_remove_all_break();
454 remcom_out_buffer[0] = 'S';
455 pack_hex_byte(&remcom_out_buffer[1], ks->signo);
458 /* Handle the 'g' get registers request */
459 static void gdb_cmd_getregs(struct kgdb_state *ks)
461 struct task_struct *thread;
462 void *local_debuggerinfo;
465 thread = kgdb_usethread;
467 thread = kgdb_info[ks->cpu].task;
468 local_debuggerinfo = kgdb_info[ks->cpu].debuggerinfo;
470 local_debuggerinfo = NULL;
471 for_each_online_cpu(i) {
473 * Try to find the task on some other
474 * or possibly this node if we do not
475 * find the matching task then we try
476 * to approximate the results.
478 if (thread == kgdb_info[i].task)
479 local_debuggerinfo = kgdb_info[i].debuggerinfo;
484 * All threads that don't have debuggerinfo should be
485 * in schedule() sleeping, since all other CPUs
486 * are in kgdb_wait, and thus have debuggerinfo.
488 if (local_debuggerinfo) {
489 pt_regs_to_gdb_regs(gdb_regs, local_debuggerinfo);
492 * Pull stuff saved during switch_to; nothing
493 * else is accessible (or even particularly
496 * This should be enough for a stack trace.
498 sleeping_thread_to_gdb_regs(gdb_regs, thread);
500 kgdb_mem2hex((char *)gdb_regs, remcom_out_buffer, NUMREGBYTES);
503 /* Handle the 'G' set registers request */
504 static void gdb_cmd_setregs(struct kgdb_state *ks)
506 kgdb_hex2mem(&remcom_in_buffer[1], (char *)gdb_regs, NUMREGBYTES);
508 if (kgdb_usethread && kgdb_usethread != current) {
509 error_packet(remcom_out_buffer, -EINVAL);
511 gdb_regs_to_pt_regs(gdb_regs, ks->linux_regs);
512 strcpy(remcom_out_buffer, "OK");
516 /* Handle the 'm' memory read bytes */
517 static void gdb_cmd_memread(struct kgdb_state *ks)
519 char *ptr = &remcom_in_buffer[1];
520 unsigned long length;
524 if (kgdb_hex2long(&ptr, &addr) > 0 && *ptr++ == ',' &&
525 kgdb_hex2long(&ptr, &length) > 0) {
526 err = kgdb_mem2hex((char *)addr, remcom_out_buffer, length);
528 error_packet(remcom_out_buffer, err);
530 error_packet(remcom_out_buffer, -EINVAL);
534 /* Handle the 'M' memory write bytes */
535 static void gdb_cmd_memwrite(struct kgdb_state *ks)
537 int err = write_mem_msg(0);
540 error_packet(remcom_out_buffer, err);
542 strcpy(remcom_out_buffer, "OK");
545 /* Handle the 'X' memory binary write bytes */
546 static void gdb_cmd_binwrite(struct kgdb_state *ks)
548 int err = write_mem_msg(1);
551 error_packet(remcom_out_buffer, err);
553 strcpy(remcom_out_buffer, "OK");
556 /* Handle the 'D' or 'k', detach or kill packets */
557 static void gdb_cmd_detachkill(struct kgdb_state *ks)
561 /* The detach case */
562 if (remcom_in_buffer[0] == 'D') {
563 error = dbg_remove_all_break();
565 error_packet(remcom_out_buffer, error);
567 strcpy(remcom_out_buffer, "OK");
570 put_packet(remcom_out_buffer);
573 * Assume the kill case, with no exit code checking,
574 * trying to force detach the debugger:
576 dbg_remove_all_break();
581 /* Handle the 'R' reboot packets */
582 static int gdb_cmd_reboot(struct kgdb_state *ks)
584 /* For now, only honor R0 */
585 if (strcmp(remcom_in_buffer, "R0") == 0) {
586 printk(KERN_CRIT "Executing emergency reboot\n");
587 strcpy(remcom_out_buffer, "OK");
588 put_packet(remcom_out_buffer);
591 * Execution should not return from
592 * machine_emergency_restart()
594 machine_emergency_restart();
602 /* Handle the 'q' query packets */
603 static void gdb_cmd_query(struct kgdb_state *ks)
605 struct task_struct *g;
606 struct task_struct *p;
607 unsigned char thref[BUF_THREAD_ID_SIZE];
613 switch (remcom_in_buffer[1]) {
616 if (memcmp(remcom_in_buffer + 2, "ThreadInfo", 10))
620 remcom_out_buffer[0] = 'm';
621 ptr = remcom_out_buffer + 1;
622 if (remcom_in_buffer[1] == 'f') {
623 /* Each cpu is a shadow thread */
624 for_each_online_cpu(cpu) {
626 int_to_threadref(thref, -cpu - 2);
627 ptr = pack_threadid(ptr, thref);
633 do_each_thread(g, p) {
634 if (i >= ks->thr_query && !finished) {
635 int_to_threadref(thref, p->pid);
636 ptr = pack_threadid(ptr, thref);
639 if (ks->thr_query % KGDB_MAX_THREAD_QUERY == 0)
643 } while_each_thread(g, p);
649 /* Current thread id */
650 strcpy(remcom_out_buffer, "QC");
651 ks->threadid = shadow_pid(current->pid);
652 int_to_threadref(thref, ks->threadid);
653 pack_threadid(remcom_out_buffer + 2, thref);
656 if (memcmp(remcom_in_buffer + 1, "ThreadExtraInfo,", 16))
660 ptr = remcom_in_buffer + 17;
661 kgdb_hex2long(&ptr, &ks->threadid);
662 if (!getthread(ks->linux_regs, ks->threadid)) {
663 error_packet(remcom_out_buffer, -EINVAL);
666 if ((int)ks->threadid > 0) {
667 kgdb_mem2hex(getthread(ks->linux_regs,
669 remcom_out_buffer, 16);
671 static char tmpstr[23 + BUF_THREAD_ID_SIZE];
673 sprintf(tmpstr, "shadowCPU%d",
674 (int)(-ks->threadid - 2));
675 kgdb_mem2hex(tmpstr, remcom_out_buffer, strlen(tmpstr));
678 #ifdef CONFIG_KGDB_KDB
680 if (strncmp(remcom_in_buffer, "qRcmd,", 6) == 0) {
681 int len = strlen(remcom_in_buffer + 6);
683 if ((len % 2) != 0) {
684 strcpy(remcom_out_buffer, "E01");
687 kgdb_hex2mem(remcom_in_buffer + 6,
688 remcom_out_buffer, len);
690 remcom_out_buffer[len++] = 0;
692 kdb_parse(remcom_out_buffer);
693 strcpy(remcom_out_buffer, "OK");
700 /* Handle the 'H' task query packets */
701 static void gdb_cmd_task(struct kgdb_state *ks)
703 struct task_struct *thread;
706 switch (remcom_in_buffer[1]) {
708 ptr = &remcom_in_buffer[2];
709 kgdb_hex2long(&ptr, &ks->threadid);
710 thread = getthread(ks->linux_regs, ks->threadid);
711 if (!thread && ks->threadid > 0) {
712 error_packet(remcom_out_buffer, -EINVAL);
715 kgdb_usethread = thread;
716 ks->kgdb_usethreadid = ks->threadid;
717 strcpy(remcom_out_buffer, "OK");
720 ptr = &remcom_in_buffer[2];
721 kgdb_hex2long(&ptr, &ks->threadid);
723 kgdb_contthread = NULL;
725 thread = getthread(ks->linux_regs, ks->threadid);
726 if (!thread && ks->threadid > 0) {
727 error_packet(remcom_out_buffer, -EINVAL);
730 kgdb_contthread = thread;
732 strcpy(remcom_out_buffer, "OK");
737 /* Handle the 'T' thread query packets */
738 static void gdb_cmd_thread(struct kgdb_state *ks)
740 char *ptr = &remcom_in_buffer[1];
741 struct task_struct *thread;
743 kgdb_hex2long(&ptr, &ks->threadid);
744 thread = getthread(ks->linux_regs, ks->threadid);
746 strcpy(remcom_out_buffer, "OK");
748 error_packet(remcom_out_buffer, -EINVAL);
751 /* Handle the 'z' or 'Z' breakpoint remove or set packets */
752 static void gdb_cmd_break(struct kgdb_state *ks)
755 * Since GDB-5.3, it's been drafted that '0' is a software
756 * breakpoint, '1' is a hardware breakpoint, so let's do that.
758 char *bpt_type = &remcom_in_buffer[1];
759 char *ptr = &remcom_in_buffer[2];
761 unsigned long length;
764 if (arch_kgdb_ops.set_hw_breakpoint && *bpt_type >= '1') {
769 if (*bpt_type != '0' && *bpt_type != '1')
775 * Test if this is a hardware breakpoint, and
778 if (*bpt_type == '1' && !(arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT))
782 if (*(ptr++) != ',') {
783 error_packet(remcom_out_buffer, -EINVAL);
786 if (!kgdb_hex2long(&ptr, &addr)) {
787 error_packet(remcom_out_buffer, -EINVAL);
790 if (*(ptr++) != ',' ||
791 !kgdb_hex2long(&ptr, &length)) {
792 error_packet(remcom_out_buffer, -EINVAL);
796 if (remcom_in_buffer[0] == 'Z' && *bpt_type == '0')
797 error = dbg_set_sw_break(addr);
798 else if (remcom_in_buffer[0] == 'z' && *bpt_type == '0')
799 error = dbg_remove_sw_break(addr);
800 else if (remcom_in_buffer[0] == 'Z')
801 error = arch_kgdb_ops.set_hw_breakpoint(addr,
802 (int)length, *bpt_type - '0');
803 else if (remcom_in_buffer[0] == 'z')
804 error = arch_kgdb_ops.remove_hw_breakpoint(addr,
805 (int) length, *bpt_type - '0');
808 strcpy(remcom_out_buffer, "OK");
810 error_packet(remcom_out_buffer, error);
813 /* Handle the 'C' signal / exception passing packets */
814 static int gdb_cmd_exception_pass(struct kgdb_state *ks)
816 /* C09 == pass exception
817 * C15 == detach kgdb, pass exception
819 if (remcom_in_buffer[1] == '0' && remcom_in_buffer[2] == '9') {
821 ks->pass_exception = 1;
822 remcom_in_buffer[0] = 'c';
824 } else if (remcom_in_buffer[1] == '1' && remcom_in_buffer[2] == '5') {
826 ks->pass_exception = 1;
827 remcom_in_buffer[0] = 'D';
828 dbg_remove_all_break();
833 gdbstub_msg_write("KGDB only knows signal 9 (pass)"
834 " and 15 (pass and disconnect)\n"
835 "Executing a continue without signal passing\n", 0);
836 remcom_in_buffer[0] = 'c';
839 /* Indicate fall through */
844 * This function performs all gdbserial command procesing
846 int gdb_serial_stub(struct kgdb_state *ks)
851 /* Clear the out buffer. */
852 memset(remcom_out_buffer, 0, sizeof(remcom_out_buffer));
854 if (kgdb_connected) {
855 unsigned char thref[BUF_THREAD_ID_SIZE];
858 /* Reply to host that an exception has occurred */
859 ptr = remcom_out_buffer;
861 ptr = pack_hex_byte(ptr, ks->signo);
862 ptr += strlen(strcpy(ptr, "thread:"));
863 int_to_threadref(thref, shadow_pid(current->pid));
864 ptr = pack_threadid(ptr, thref);
866 put_packet(remcom_out_buffer);
869 kgdb_usethread = kgdb_info[ks->cpu].task;
870 ks->kgdb_usethreadid = shadow_pid(kgdb_info[ks->cpu].task->pid);
871 ks->pass_exception = 0;
876 /* Clear the out buffer. */
877 memset(remcom_out_buffer, 0, sizeof(remcom_out_buffer));
879 get_packet(remcom_in_buffer);
881 switch (remcom_in_buffer[0]) {
882 case '?': /* gdbserial status */
885 case 'g': /* return the value of the CPU registers */
888 case 'G': /* set the value of the CPU registers - return OK */
891 case 'm': /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */
894 case 'M': /* MAA..AA,LLLL: Write LLLL bytes at address AA..AA */
895 gdb_cmd_memwrite(ks);
897 case 'X': /* XAA..AA,LLLL: Write LLLL bytes at address AA..AA */
898 gdb_cmd_binwrite(ks);
900 /* kill or detach. KGDB should treat this like a
903 case 'D': /* Debugger detach */
904 case 'k': /* Debugger detach via kill */
905 gdb_cmd_detachkill(ks);
907 case 'R': /* Reboot */
908 if (gdb_cmd_reboot(ks))
911 case 'q': /* query command */
914 case 'H': /* task related */
917 case 'T': /* Query thread status */
920 case 'z': /* Break point remove */
921 case 'Z': /* Break point set */
924 #ifdef CONFIG_KGDB_KDB
925 case '3': /* Escape into back into kdb */
926 if (remcom_in_buffer[1] == '\0') {
927 gdb_cmd_detachkill(ks);
928 return DBG_PASS_EVENT;
931 case 'C': /* Exception passing */
932 tmp = gdb_cmd_exception_pass(ks);
937 /* Fall through on tmp < 0 */
938 case 'c': /* Continue packet */
939 case 's': /* Single step packet */
940 if (kgdb_contthread && kgdb_contthread != current) {
941 /* Can't switch threads in kgdb */
942 error_packet(remcom_out_buffer, -EINVAL);
945 dbg_activate_sw_breakpoints();
946 /* Fall through to default processing */
949 error = kgdb_arch_handle_exception(ks->ex_vector,
956 * Leave cmd processing on error, detach,
957 * kill, continue, or single step.
959 if (error >= 0 || remcom_in_buffer[0] == 'D' ||
960 remcom_in_buffer[0] == 'k') {
967 /* reply to the request */
968 put_packet(remcom_out_buffer);
972 if (ks->pass_exception)
977 int gdbstub_state(struct kgdb_state *ks, char *cmd)
983 error = kgdb_arch_handle_exception(ks->ex_vector,
992 strcpy(remcom_in_buffer, cmd);
998 strcpy(remcom_out_buffer, "");
1001 dbg_io_ops->write_char('+');
1002 put_packet(remcom_out_buffer);