qemu/gdbstub.c
<<
>>
Prefs
   1/*
   2 * gdb server stub
   3 *
   4 * This implements a subset of the remote protocol as described in:
   5 *
   6 *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
   7 *
   8 * Copyright (c) 2003-2005 Fabrice Bellard
   9 *
  10 * This library is free software; you can redistribute it and/or
  11 * modify it under the terms of the GNU Lesser General Public
  12 * License as published by the Free Software Foundation; either
  13 * version 2 of the License, or (at your option) any later version.
  14 *
  15 * This library is distributed in the hope that it will be useful,
  16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  18 * Lesser General Public License for more details.
  19 *
  20 * You should have received a copy of the GNU Lesser General Public
  21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  22 *
  23 * SPDX-License-Identifier: LGPL-2.0+
  24 */
  25
  26#include "qemu/osdep.h"
  27#include "qemu-common.h"
  28#include "qapi/error.h"
  29#include "qemu/error-report.h"
  30#include "qemu/ctype.h"
  31#include "qemu/cutils.h"
  32#include "qemu/module.h"
  33#include "trace/trace-root.h"
  34#include "exec/gdbstub.h"
  35#ifdef CONFIG_USER_ONLY
  36#include "qemu.h"
  37#else
  38#include "monitor/monitor.h"
  39#include "chardev/char.h"
  40#include "chardev/char-fe.h"
  41#include "hw/cpu/cluster.h"
  42#include "hw/boards.h"
  43#endif
  44
  45#define MAX_PACKET_LENGTH 4096
  46
  47#include "qemu/sockets.h"
  48#include "sysemu/hw_accel.h"
  49#include "sysemu/kvm.h"
  50#include "sysemu/runstate.h"
  51#include "semihosting/semihost.h"
  52#include "exec/exec-all.h"
  53#include "sysemu/replay.h"
  54
  55#ifdef CONFIG_USER_ONLY
  56#define GDB_ATTACHED "0"
  57#else
  58#define GDB_ATTACHED "1"
  59#endif
  60
  61#ifndef CONFIG_USER_ONLY
  62static int phy_memory_mode;
  63#endif
  64
  65static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
  66                                         uint8_t *buf, int len, bool is_write)
  67{
  68    CPUClass *cc;
  69
  70#ifndef CONFIG_USER_ONLY
  71    if (phy_memory_mode) {
  72        if (is_write) {
  73            cpu_physical_memory_write(addr, buf, len);
  74        } else {
  75            cpu_physical_memory_read(addr, buf, len);
  76        }
  77        return 0;
  78    }
  79#endif
  80
  81    cc = CPU_GET_CLASS(cpu);
  82    if (cc->memory_rw_debug) {
  83        return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
  84    }
  85    return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
  86}
  87
  88/* Return the GDB index for a given vCPU state.
  89 *
  90 * For user mode this is simply the thread id. In system mode GDB
  91 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
  92 */
  93static inline int cpu_gdb_index(CPUState *cpu)
  94{
  95#if defined(CONFIG_USER_ONLY)
  96    TaskState *ts = (TaskState *) cpu->opaque;
  97    return ts ? ts->ts_tid : -1;
  98#else
  99    return cpu->cpu_index + 1;
 100#endif
 101}
 102
 103enum {
 104    GDB_SIGNAL_0 = 0,
 105    GDB_SIGNAL_INT = 2,
 106    GDB_SIGNAL_QUIT = 3,
 107    GDB_SIGNAL_TRAP = 5,
 108    GDB_SIGNAL_ABRT = 6,
 109    GDB_SIGNAL_ALRM = 14,
 110    GDB_SIGNAL_IO = 23,
 111    GDB_SIGNAL_XCPU = 24,
 112    GDB_SIGNAL_UNKNOWN = 143
 113};
 114
 115#ifdef CONFIG_USER_ONLY
 116
 117/* Map target signal numbers to GDB protocol signal numbers and vice
 118 * versa.  For user emulation's currently supported systems, we can
 119 * assume most signals are defined.
 120 */
 121
 122static int gdb_signal_table[] = {
 123    0,
 124    TARGET_SIGHUP,
 125    TARGET_SIGINT,
 126    TARGET_SIGQUIT,
 127    TARGET_SIGILL,
 128    TARGET_SIGTRAP,
 129    TARGET_SIGABRT,
 130    -1, /* SIGEMT */
 131    TARGET_SIGFPE,
 132    TARGET_SIGKILL,
 133    TARGET_SIGBUS,
 134    TARGET_SIGSEGV,
 135    TARGET_SIGSYS,
 136    TARGET_SIGPIPE,
 137    TARGET_SIGALRM,
 138    TARGET_SIGTERM,
 139    TARGET_SIGURG,
 140    TARGET_SIGSTOP,
 141    TARGET_SIGTSTP,
 142    TARGET_SIGCONT,
 143    TARGET_SIGCHLD,
 144    TARGET_SIGTTIN,
 145    TARGET_SIGTTOU,
 146    TARGET_SIGIO,
 147    TARGET_SIGXCPU,
 148    TARGET_SIGXFSZ,
 149    TARGET_SIGVTALRM,
 150    TARGET_SIGPROF,
 151    TARGET_SIGWINCH,
 152    -1, /* SIGLOST */
 153    TARGET_SIGUSR1,
 154    TARGET_SIGUSR2,
 155#ifdef TARGET_SIGPWR
 156    TARGET_SIGPWR,
 157#else
 158    -1,
 159#endif
 160    -1, /* SIGPOLL */
 161    -1,
 162    -1,
 163    -1,
 164    -1,
 165    -1,
 166    -1,
 167    -1,
 168    -1,
 169    -1,
 170    -1,
 171    -1,
 172#ifdef __SIGRTMIN
 173    __SIGRTMIN + 1,
 174    __SIGRTMIN + 2,
 175    __SIGRTMIN + 3,
 176    __SIGRTMIN + 4,
 177    __SIGRTMIN + 5,
 178    __SIGRTMIN + 6,
 179    __SIGRTMIN + 7,
 180    __SIGRTMIN + 8,
 181    __SIGRTMIN + 9,
 182    __SIGRTMIN + 10,
 183    __SIGRTMIN + 11,
 184    __SIGRTMIN + 12,
 185    __SIGRTMIN + 13,
 186    __SIGRTMIN + 14,
 187    __SIGRTMIN + 15,
 188    __SIGRTMIN + 16,
 189    __SIGRTMIN + 17,
 190    __SIGRTMIN + 18,
 191    __SIGRTMIN + 19,
 192    __SIGRTMIN + 20,
 193    __SIGRTMIN + 21,
 194    __SIGRTMIN + 22,
 195    __SIGRTMIN + 23,
 196    __SIGRTMIN + 24,
 197    __SIGRTMIN + 25,
 198    __SIGRTMIN + 26,
 199    __SIGRTMIN + 27,
 200    __SIGRTMIN + 28,
 201    __SIGRTMIN + 29,
 202    __SIGRTMIN + 30,
 203    __SIGRTMIN + 31,
 204    -1, /* SIGCANCEL */
 205    __SIGRTMIN,
 206    __SIGRTMIN + 32,
 207    __SIGRTMIN + 33,
 208    __SIGRTMIN + 34,
 209    __SIGRTMIN + 35,
 210    __SIGRTMIN + 36,
 211    __SIGRTMIN + 37,
 212    __SIGRTMIN + 38,
 213    __SIGRTMIN + 39,
 214    __SIGRTMIN + 40,
 215    __SIGRTMIN + 41,
 216    __SIGRTMIN + 42,
 217    __SIGRTMIN + 43,
 218    __SIGRTMIN + 44,
 219    __SIGRTMIN + 45,
 220    __SIGRTMIN + 46,
 221    __SIGRTMIN + 47,
 222    __SIGRTMIN + 48,
 223    __SIGRTMIN + 49,
 224    __SIGRTMIN + 50,
 225    __SIGRTMIN + 51,
 226    __SIGRTMIN + 52,
 227    __SIGRTMIN + 53,
 228    __SIGRTMIN + 54,
 229    __SIGRTMIN + 55,
 230    __SIGRTMIN + 56,
 231    __SIGRTMIN + 57,
 232    __SIGRTMIN + 58,
 233    __SIGRTMIN + 59,
 234    __SIGRTMIN + 60,
 235    __SIGRTMIN + 61,
 236    __SIGRTMIN + 62,
 237    __SIGRTMIN + 63,
 238    __SIGRTMIN + 64,
 239    __SIGRTMIN + 65,
 240    __SIGRTMIN + 66,
 241    __SIGRTMIN + 67,
 242    __SIGRTMIN + 68,
 243    __SIGRTMIN + 69,
 244    __SIGRTMIN + 70,
 245    __SIGRTMIN + 71,
 246    __SIGRTMIN + 72,
 247    __SIGRTMIN + 73,
 248    __SIGRTMIN + 74,
 249    __SIGRTMIN + 75,
 250    __SIGRTMIN + 76,
 251    __SIGRTMIN + 77,
 252    __SIGRTMIN + 78,
 253    __SIGRTMIN + 79,
 254    __SIGRTMIN + 80,
 255    __SIGRTMIN + 81,
 256    __SIGRTMIN + 82,
 257    __SIGRTMIN + 83,
 258    __SIGRTMIN + 84,
 259    __SIGRTMIN + 85,
 260    __SIGRTMIN + 86,
 261    __SIGRTMIN + 87,
 262    __SIGRTMIN + 88,
 263    __SIGRTMIN + 89,
 264    __SIGRTMIN + 90,
 265    __SIGRTMIN + 91,
 266    __SIGRTMIN + 92,
 267    __SIGRTMIN + 93,
 268    __SIGRTMIN + 94,
 269    __SIGRTMIN + 95,
 270    -1, /* SIGINFO */
 271    -1, /* UNKNOWN */
 272    -1, /* DEFAULT */
 273    -1,
 274    -1,
 275    -1,
 276    -1,
 277    -1,
 278    -1
 279#endif
 280};
 281#else
 282/* In system mode we only need SIGINT and SIGTRAP; other signals
 283   are not yet supported.  */
 284
 285enum {
 286    TARGET_SIGINT = 2,
 287    TARGET_SIGTRAP = 5
 288};
 289
 290static int gdb_signal_table[] = {
 291    -1,
 292    -1,
 293    TARGET_SIGINT,
 294    -1,
 295    -1,
 296    TARGET_SIGTRAP
 297};
 298#endif
 299
 300#ifdef CONFIG_USER_ONLY
 301static int target_signal_to_gdb (int sig)
 302{
 303    int i;
 304    for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
 305        if (gdb_signal_table[i] == sig)
 306            return i;
 307    return GDB_SIGNAL_UNKNOWN;
 308}
 309#endif
 310
 311static int gdb_signal_to_target (int sig)
 312{
 313    if (sig < ARRAY_SIZE (gdb_signal_table))
 314        return gdb_signal_table[sig];
 315    else
 316        return -1;
 317}
 318
 319typedef struct GDBRegisterState {
 320    int base_reg;
 321    int num_regs;
 322    gdb_get_reg_cb get_reg;
 323    gdb_set_reg_cb set_reg;
 324    const char *xml;
 325    struct GDBRegisterState *next;
 326} GDBRegisterState;
 327
 328typedef struct GDBProcess {
 329    uint32_t pid;
 330    bool attached;
 331
 332    char target_xml[1024];
 333} GDBProcess;
 334
 335enum RSState {
 336    RS_INACTIVE,
 337    RS_IDLE,
 338    RS_GETLINE,
 339    RS_GETLINE_ESC,
 340    RS_GETLINE_RLE,
 341    RS_CHKSUM1,
 342    RS_CHKSUM2,
 343};
 344typedef struct GDBState {
 345    bool init;       /* have we been initialised? */
 346    CPUState *c_cpu; /* current CPU for step/continue ops */
 347    CPUState *g_cpu; /* current CPU for other ops */
 348    CPUState *query_cpu; /* for q{f|s}ThreadInfo */
 349    enum RSState state; /* parsing state */
 350    char line_buf[MAX_PACKET_LENGTH];
 351    int line_buf_index;
 352    int line_sum; /* running checksum */
 353    int line_csum; /* checksum at the end of the packet */
 354    GByteArray *last_packet;
 355    int signal;
 356#ifdef CONFIG_USER_ONLY
 357    int fd;
 358    char *socket_path;
 359    int running_state;
 360#else
 361    CharBackend chr;
 362    Chardev *mon_chr;
 363#endif
 364    bool multiprocess;
 365    GDBProcess *processes;
 366    int process_num;
 367    char syscall_buf[256];
 368    gdb_syscall_complete_cb current_syscall_cb;
 369    GString *str_buf;
 370    GByteArray *mem_buf;
 371} GDBState;
 372
 373/* By default use no IRQs and no timers while single stepping so as to
 374 * make single stepping like an ICE HW step.
 375 */
 376static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
 377
 378/* Retrieves flags for single step mode. */
 379static int get_sstep_flags(void)
 380{
 381    /*
 382     * In replay mode all events written into the log should be replayed.
 383     * That is why NOIRQ flag is removed in this mode.
 384     */
 385    if (replay_mode != REPLAY_MODE_NONE) {
 386        return SSTEP_ENABLE;
 387    } else {
 388        return sstep_flags;
 389    }
 390}
 391
 392static GDBState gdbserver_state;
 393
 394static void init_gdbserver_state(void)
 395{
 396    g_assert(!gdbserver_state.init);
 397    memset(&gdbserver_state, 0, sizeof(GDBState));
 398    gdbserver_state.init = true;
 399    gdbserver_state.str_buf = g_string_new(NULL);
 400    gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
 401    gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
 402}
 403
 404#ifndef CONFIG_USER_ONLY
 405static void reset_gdbserver_state(void)
 406{
 407    g_free(gdbserver_state.processes);
 408    gdbserver_state.processes = NULL;
 409    gdbserver_state.process_num = 0;
 410}
 411#endif
 412
 413bool gdb_has_xml;
 414
 415#ifdef CONFIG_USER_ONLY
 416
 417static int get_char(void)
 418{
 419    uint8_t ch;
 420    int ret;
 421
 422    for(;;) {
 423        ret = qemu_recv(gdbserver_state.fd, &ch, 1, 0);
 424        if (ret < 0) {
 425            if (errno == ECONNRESET)
 426                gdbserver_state.fd = -1;
 427            if (errno != EINTR)
 428                return -1;
 429        } else if (ret == 0) {
 430            close(gdbserver_state.fd);
 431            gdbserver_state.fd = -1;
 432            return -1;
 433        } else {
 434            break;
 435        }
 436    }
 437    return ch;
 438}
 439#endif
 440
 441static enum {
 442    GDB_SYS_UNKNOWN,
 443    GDB_SYS_ENABLED,
 444    GDB_SYS_DISABLED,
 445} gdb_syscall_mode;
 446
 447/* Decide if either remote gdb syscalls or native file IO should be used. */
 448int use_gdb_syscalls(void)
 449{
 450    SemihostingTarget target = semihosting_get_target();
 451    if (target == SEMIHOSTING_TARGET_NATIVE) {
 452        /* -semihosting-config target=native */
 453        return false;
 454    } else if (target == SEMIHOSTING_TARGET_GDB) {
 455        /* -semihosting-config target=gdb */
 456        return true;
 457    }
 458
 459    /* -semihosting-config target=auto */
 460    /* On the first call check if gdb is connected and remember. */
 461    if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
 462        gdb_syscall_mode = gdbserver_state.init ?
 463            GDB_SYS_ENABLED : GDB_SYS_DISABLED;
 464    }
 465    return gdb_syscall_mode == GDB_SYS_ENABLED;
 466}
 467
 468static bool stub_can_reverse(void)
 469{
 470#ifdef CONFIG_USER_ONLY
 471    return false;
 472#else
 473    return replay_mode == REPLAY_MODE_PLAY;
 474#endif
 475}
 476
 477/* Resume execution.  */
 478static inline void gdb_continue(void)
 479{
 480
 481#ifdef CONFIG_USER_ONLY
 482    gdbserver_state.running_state = 1;
 483    trace_gdbstub_op_continue();
 484#else
 485    if (!runstate_needs_reset()) {
 486        trace_gdbstub_op_continue();
 487        vm_start();
 488    }
 489#endif
 490}
 491
 492/*
 493 * Resume execution, per CPU actions. For user-mode emulation it's
 494 * equivalent to gdb_continue.
 495 */
 496static int gdb_continue_partial(char *newstates)
 497{
 498    CPUState *cpu;
 499    int res = 0;
 500#ifdef CONFIG_USER_ONLY
 501    /*
 502     * This is not exactly accurate, but it's an improvement compared to the
 503     * previous situation, where only one CPU would be single-stepped.
 504     */
 505    CPU_FOREACH(cpu) {
 506        if (newstates[cpu->cpu_index] == 's') {
 507            trace_gdbstub_op_stepping(cpu->cpu_index);
 508            cpu_single_step(cpu, sstep_flags);
 509        }
 510    }
 511    gdbserver_state.running_state = 1;
 512#else
 513    int flag = 0;
 514
 515    if (!runstate_needs_reset()) {
 516        if (vm_prepare_start()) {
 517            return 0;
 518        }
 519
 520        CPU_FOREACH(cpu) {
 521            switch (newstates[cpu->cpu_index]) {
 522            case 0:
 523            case 1:
 524                break; /* nothing to do here */
 525            case 's':
 526                trace_gdbstub_op_stepping(cpu->cpu_index);
 527                cpu_single_step(cpu, get_sstep_flags());
 528                cpu_resume(cpu);
 529                flag = 1;
 530                break;
 531            case 'c':
 532                trace_gdbstub_op_continue_cpu(cpu->cpu_index);
 533                cpu_resume(cpu);
 534                flag = 1;
 535                break;
 536            default:
 537                res = -1;
 538                break;
 539            }
 540        }
 541    }
 542    if (flag) {
 543        qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
 544    }
 545#endif
 546    return res;
 547}
 548
 549static void put_buffer(const uint8_t *buf, int len)
 550{
 551#ifdef CONFIG_USER_ONLY
 552    int ret;
 553
 554    while (len > 0) {
 555        ret = send(gdbserver_state.fd, buf, len, 0);
 556        if (ret < 0) {
 557            if (errno != EINTR)
 558                return;
 559        } else {
 560            buf += ret;
 561            len -= ret;
 562        }
 563    }
 564#else
 565    /* XXX this blocks entire thread. Rewrite to use
 566     * qemu_chr_fe_write and background I/O callbacks */
 567    qemu_chr_fe_write_all(&gdbserver_state.chr, buf, len);
 568#endif
 569}
 570
 571static inline int fromhex(int v)
 572{
 573    if (v >= '0' && v <= '9')
 574        return v - '0';
 575    else if (v >= 'A' && v <= 'F')
 576        return v - 'A' + 10;
 577    else if (v >= 'a' && v <= 'f')
 578        return v - 'a' + 10;
 579    else
 580        return 0;
 581}
 582
 583static inline int tohex(int v)
 584{
 585    if (v < 10)
 586        return v + '0';
 587    else
 588        return v - 10 + 'a';
 589}
 590
 591/* writes 2*len+1 bytes in buf */
 592static void memtohex(GString *buf, const uint8_t *mem, int len)
 593{
 594    int i, c;
 595    for(i = 0; i < len; i++) {
 596        c = mem[i];
 597        g_string_append_c(buf, tohex(c >> 4));
 598        g_string_append_c(buf, tohex(c & 0xf));
 599    }
 600    g_string_append_c(buf, '\0');
 601}
 602
 603static void hextomem(GByteArray *mem, const char *buf, int len)
 604{
 605    int i;
 606
 607    for(i = 0; i < len; i++) {
 608        guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
 609        g_byte_array_append(mem, &byte, 1);
 610        buf += 2;
 611    }
 612}
 613
 614static void hexdump(const char *buf, int len,
 615                    void (*trace_fn)(size_t ofs, char const *text))
 616{
 617    char line_buffer[3 * 16 + 4 + 16 + 1];
 618
 619    size_t i;
 620    for (i = 0; i < len || (i & 0xF); ++i) {
 621        size_t byte_ofs = i & 15;
 622
 623        if (byte_ofs == 0) {
 624            memset(line_buffer, ' ', 3 * 16 + 4 + 16);
 625            line_buffer[3 * 16 + 4 + 16] = 0;
 626        }
 627
 628        size_t col_group = (i >> 2) & 3;
 629        size_t hex_col = byte_ofs * 3 + col_group;
 630        size_t txt_col = 3 * 16 + 4 + byte_ofs;
 631
 632        if (i < len) {
 633            char value = buf[i];
 634
 635            line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
 636            line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
 637            line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
 638                    ? value
 639                    : '.';
 640        }
 641
 642        if (byte_ofs == 0xF)
 643            trace_fn(i & -16, line_buffer);
 644    }
 645}
 646
 647/* return -1 if error, 0 if OK */
 648static int put_packet_binary(const char *buf, int len, bool dump)
 649{
 650    int csum, i;
 651    uint8_t footer[3];
 652
 653    if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
 654        hexdump(buf, len, trace_gdbstub_io_binaryreply);
 655    }
 656
 657    for(;;) {
 658        g_byte_array_set_size(gdbserver_state.last_packet, 0);
 659        g_byte_array_append(gdbserver_state.last_packet,
 660                            (const uint8_t *) "$", 1);
 661        g_byte_array_append(gdbserver_state.last_packet,
 662                            (const uint8_t *) buf, len);
 663        csum = 0;
 664        for(i = 0; i < len; i++) {
 665            csum += buf[i];
 666        }
 667        footer[0] = '#';
 668        footer[1] = tohex((csum >> 4) & 0xf);
 669        footer[2] = tohex((csum) & 0xf);
 670        g_byte_array_append(gdbserver_state.last_packet, footer, 3);
 671
 672        put_buffer(gdbserver_state.last_packet->data,
 673                   gdbserver_state.last_packet->len);
 674
 675#ifdef CONFIG_USER_ONLY
 676        i = get_char();
 677        if (i < 0)
 678            return -1;
 679        if (i == '+')
 680            break;
 681#else
 682        break;
 683#endif
 684    }
 685    return 0;
 686}
 687
 688/* return -1 if error, 0 if OK */
 689static int put_packet(const char *buf)
 690{
 691    trace_gdbstub_io_reply(buf);
 692
 693    return put_packet_binary(buf, strlen(buf), false);
 694}
 695
 696static void put_strbuf(void)
 697{
 698    put_packet(gdbserver_state.str_buf->str);
 699}
 700
 701/* Encode data using the encoding for 'x' packets.  */
 702static void memtox(GString *buf, const char *mem, int len)
 703{
 704    char c;
 705
 706    while (len--) {
 707        c = *(mem++);
 708        switch (c) {
 709        case '#': case '$': case '*': case '}':
 710            g_string_append_c(buf, '}');
 711            g_string_append_c(buf, c ^ 0x20);
 712            break;
 713        default:
 714            g_string_append_c(buf, c);
 715            break;
 716        }
 717    }
 718}
 719
 720static uint32_t gdb_get_cpu_pid(CPUState *cpu)
 721{
 722    /* TODO: In user mode, we should use the task state PID */
 723    if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
 724        /* Return the default process' PID */
 725        int index = gdbserver_state.process_num - 1;
 726        return gdbserver_state.processes[index].pid;
 727    }
 728    return cpu->cluster_index + 1;
 729}
 730
 731static GDBProcess *gdb_get_process(uint32_t pid)
 732{
 733    int i;
 734
 735    if (!pid) {
 736        /* 0 means any process, we take the first one */
 737        return &gdbserver_state.processes[0];
 738    }
 739
 740    for (i = 0; i < gdbserver_state.process_num; i++) {
 741        if (gdbserver_state.processes[i].pid == pid) {
 742            return &gdbserver_state.processes[i];
 743        }
 744    }
 745
 746    return NULL;
 747}
 748
 749static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
 750{
 751    return gdb_get_process(gdb_get_cpu_pid(cpu));
 752}
 753
 754static CPUState *find_cpu(uint32_t thread_id)
 755{
 756    CPUState *cpu;
 757
 758    CPU_FOREACH(cpu) {
 759        if (cpu_gdb_index(cpu) == thread_id) {
 760            return cpu;
 761        }
 762    }
 763
 764    return NULL;
 765}
 766
 767static CPUState *get_first_cpu_in_process(GDBProcess *process)
 768{
 769    CPUState *cpu;
 770
 771    CPU_FOREACH(cpu) {
 772        if (gdb_get_cpu_pid(cpu) == process->pid) {
 773            return cpu;
 774        }
 775    }
 776
 777    return NULL;
 778}
 779
 780static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
 781{
 782    uint32_t pid = gdb_get_cpu_pid(cpu);
 783    cpu = CPU_NEXT(cpu);
 784
 785    while (cpu) {
 786        if (gdb_get_cpu_pid(cpu) == pid) {
 787            break;
 788        }
 789
 790        cpu = CPU_NEXT(cpu);
 791    }
 792
 793    return cpu;
 794}
 795
 796/* Return the cpu following @cpu, while ignoring unattached processes. */
 797static CPUState *gdb_next_attached_cpu(CPUState *cpu)
 798{
 799    cpu = CPU_NEXT(cpu);
 800
 801    while (cpu) {
 802        if (gdb_get_cpu_process(cpu)->attached) {
 803            break;
 804        }
 805
 806        cpu = CPU_NEXT(cpu);
 807    }
 808
 809    return cpu;
 810}
 811
 812/* Return the first attached cpu */
 813static CPUState *gdb_first_attached_cpu(void)
 814{
 815    CPUState *cpu = first_cpu;
 816    GDBProcess *process = gdb_get_cpu_process(cpu);
 817
 818    if (!process->attached) {
 819        return gdb_next_attached_cpu(cpu);
 820    }
 821
 822    return cpu;
 823}
 824
 825static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
 826{
 827    GDBProcess *process;
 828    CPUState *cpu;
 829
 830    if (!pid && !tid) {
 831        /* 0 means any process/thread, we take the first attached one */
 832        return gdb_first_attached_cpu();
 833    } else if (pid && !tid) {
 834        /* any thread in a specific process */
 835        process = gdb_get_process(pid);
 836
 837        if (process == NULL) {
 838            return NULL;
 839        }
 840
 841        if (!process->attached) {
 842            return NULL;
 843        }
 844
 845        return get_first_cpu_in_process(process);
 846    } else {
 847        /* a specific thread */
 848        cpu = find_cpu(tid);
 849
 850        if (cpu == NULL) {
 851            return NULL;
 852        }
 853
 854        process = gdb_get_cpu_process(cpu);
 855
 856        if (pid && process->pid != pid) {
 857            return NULL;
 858        }
 859
 860        if (!process->attached) {
 861            return NULL;
 862        }
 863
 864        return cpu;
 865    }
 866}
 867
 868static const char *get_feature_xml(const char *p, const char **newp,
 869                                   GDBProcess *process)
 870{
 871    size_t len;
 872    int i;
 873    const char *name;
 874    CPUState *cpu = get_first_cpu_in_process(process);
 875    CPUClass *cc = CPU_GET_CLASS(cpu);
 876
 877    len = 0;
 878    while (p[len] && p[len] != ':')
 879        len++;
 880    *newp = p + len;
 881
 882    name = NULL;
 883    if (strncmp(p, "target.xml", len) == 0) {
 884        char *buf = process->target_xml;
 885        const size_t buf_sz = sizeof(process->target_xml);
 886
 887        /* Generate the XML description for this CPU.  */
 888        if (!buf[0]) {
 889            GDBRegisterState *r;
 890
 891            pstrcat(buf, buf_sz,
 892                    "<?xml version=\"1.0\"?>"
 893                    "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
 894                    "<target>");
 895            if (cc->gdb_arch_name) {
 896                gchar *arch = cc->gdb_arch_name(cpu);
 897                pstrcat(buf, buf_sz, "<architecture>");
 898                pstrcat(buf, buf_sz, arch);
 899                pstrcat(buf, buf_sz, "</architecture>");
 900                g_free(arch);
 901            }
 902            pstrcat(buf, buf_sz, "<xi:include href=\"");
 903            pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
 904            pstrcat(buf, buf_sz, "\"/>");
 905            for (r = cpu->gdb_regs; r; r = r->next) {
 906                pstrcat(buf, buf_sz, "<xi:include href=\"");
 907                pstrcat(buf, buf_sz, r->xml);
 908                pstrcat(buf, buf_sz, "\"/>");
 909            }
 910            pstrcat(buf, buf_sz, "</target>");
 911        }
 912        return buf;
 913    }
 914    if (cc->gdb_get_dynamic_xml) {
 915        char *xmlname = g_strndup(p, len);
 916        const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
 917
 918        g_free(xmlname);
 919        if (xml) {
 920            return xml;
 921        }
 922    }
 923    for (i = 0; ; i++) {
 924        name = xml_builtin[i][0];
 925        if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
 926            break;
 927    }
 928    return name ? xml_builtin[i][1] : NULL;
 929}
 930
 931static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
 932{
 933    CPUClass *cc = CPU_GET_CLASS(cpu);
 934    CPUArchState *env = cpu->env_ptr;
 935    GDBRegisterState *r;
 936
 937    if (reg < cc->gdb_num_core_regs) {
 938        return cc->gdb_read_register(cpu, buf, reg);
 939    }
 940
 941    for (r = cpu->gdb_regs; r; r = r->next) {
 942        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 943            return r->get_reg(env, buf, reg - r->base_reg);
 944        }
 945    }
 946    return 0;
 947}
 948
 949static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
 950{
 951    CPUClass *cc = CPU_GET_CLASS(cpu);
 952    CPUArchState *env = cpu->env_ptr;
 953    GDBRegisterState *r;
 954
 955    if (reg < cc->gdb_num_core_regs) {
 956        return cc->gdb_write_register(cpu, mem_buf, reg);
 957    }
 958
 959    for (r = cpu->gdb_regs; r; r = r->next) {
 960        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 961            return r->set_reg(env, mem_buf, reg - r->base_reg);
 962        }
 963    }
 964    return 0;
 965}
 966
 967/* Register a supplemental set of CPU registers.  If g_pos is nonzero it
 968   specifies the first register number and these registers are included in
 969   a standard "g" packet.  Direction is relative to gdb, i.e. get_reg is
 970   gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
 971 */
 972
 973void gdb_register_coprocessor(CPUState *cpu,
 974                              gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
 975                              int num_regs, const char *xml, int g_pos)
 976{
 977    GDBRegisterState *s;
 978    GDBRegisterState **p;
 979
 980    p = &cpu->gdb_regs;
 981    while (*p) {
 982        /* Check for duplicates.  */
 983        if (strcmp((*p)->xml, xml) == 0)
 984            return;
 985        p = &(*p)->next;
 986    }
 987
 988    s = g_new0(GDBRegisterState, 1);
 989    s->base_reg = cpu->gdb_num_regs;
 990    s->num_regs = num_regs;
 991    s->get_reg = get_reg;
 992    s->set_reg = set_reg;
 993    s->xml = xml;
 994
 995    /* Add to end of list.  */
 996    cpu->gdb_num_regs += num_regs;
 997    *p = s;
 998    if (g_pos) {
 999        if (g_pos != s->base_reg) {
1000            error_report("Error: Bad gdb register numbering for '%s', "
1001                         "expected %d got %d", xml, g_pos, s->base_reg);
1002        } else {
1003            cpu->gdb_num_g_regs = cpu->gdb_num_regs;
1004        }
1005    }
1006}
1007
1008#ifndef CONFIG_USER_ONLY
1009/* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
1010static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
1011{
1012    static const int xlat[] = {
1013        [GDB_WATCHPOINT_WRITE]  = BP_GDB | BP_MEM_WRITE,
1014        [GDB_WATCHPOINT_READ]   = BP_GDB | BP_MEM_READ,
1015        [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1016    };
1017
1018    CPUClass *cc = CPU_GET_CLASS(cpu);
1019    int cputype = xlat[gdbtype];
1020
1021    if (cc->gdb_stop_before_watchpoint) {
1022        cputype |= BP_STOP_BEFORE_ACCESS;
1023    }
1024    return cputype;
1025}
1026#endif
1027
1028static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
1029{
1030    CPUState *cpu;
1031    int err = 0;
1032
1033    if (kvm_enabled()) {
1034        return kvm_insert_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1035    }
1036
1037    switch (type) {
1038    case GDB_BREAKPOINT_SW:
1039    case GDB_BREAKPOINT_HW:
1040        CPU_FOREACH(cpu) {
1041            err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
1042            if (err) {
1043                break;
1044            }
1045        }
1046        return err;
1047#ifndef CONFIG_USER_ONLY
1048    case GDB_WATCHPOINT_WRITE:
1049    case GDB_WATCHPOINT_READ:
1050    case GDB_WATCHPOINT_ACCESS:
1051        CPU_FOREACH(cpu) {
1052            err = cpu_watchpoint_insert(cpu, addr, len,
1053                                        xlat_gdb_type(cpu, type), NULL);
1054            if (err) {
1055                break;
1056            }
1057        }
1058        return err;
1059#endif
1060    default:
1061        return -ENOSYS;
1062    }
1063}
1064
1065static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
1066{
1067    CPUState *cpu;
1068    int err = 0;
1069
1070    if (kvm_enabled()) {
1071        return kvm_remove_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1072    }
1073
1074    switch (type) {
1075    case GDB_BREAKPOINT_SW:
1076    case GDB_BREAKPOINT_HW:
1077        CPU_FOREACH(cpu) {
1078            err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1079            if (err) {
1080                break;
1081            }
1082        }
1083        return err;
1084#ifndef CONFIG_USER_ONLY
1085    case GDB_WATCHPOINT_WRITE:
1086    case GDB_WATCHPOINT_READ:
1087    case GDB_WATCHPOINT_ACCESS:
1088        CPU_FOREACH(cpu) {
1089            err = cpu_watchpoint_remove(cpu, addr, len,
1090                                        xlat_gdb_type(cpu, type));
1091            if (err)
1092                break;
1093        }
1094        return err;
1095#endif
1096    default:
1097        return -ENOSYS;
1098    }
1099}
1100
1101static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1102{
1103    cpu_breakpoint_remove_all(cpu, BP_GDB);
1104#ifndef CONFIG_USER_ONLY
1105    cpu_watchpoint_remove_all(cpu, BP_GDB);
1106#endif
1107}
1108
1109static void gdb_process_breakpoint_remove_all(GDBProcess *p)
1110{
1111    CPUState *cpu = get_first_cpu_in_process(p);
1112
1113    while (cpu) {
1114        gdb_cpu_breakpoint_remove_all(cpu);
1115        cpu = gdb_next_cpu_in_process(cpu);
1116    }
1117}
1118
1119static void gdb_breakpoint_remove_all(void)
1120{
1121    CPUState *cpu;
1122
1123    if (kvm_enabled()) {
1124        kvm_remove_all_breakpoints(gdbserver_state.c_cpu);
1125        return;
1126    }
1127
1128    CPU_FOREACH(cpu) {
1129        gdb_cpu_breakpoint_remove_all(cpu);
1130    }
1131}
1132
1133static void gdb_set_cpu_pc(target_ulong pc)
1134{
1135    CPUState *cpu = gdbserver_state.c_cpu;
1136
1137    cpu_synchronize_state(cpu);
1138    cpu_set_pc(cpu, pc);
1139}
1140
1141static void gdb_append_thread_id(CPUState *cpu, GString *buf)
1142{
1143    if (gdbserver_state.multiprocess) {
1144        g_string_append_printf(buf, "p%02x.%02x",
1145                               gdb_get_cpu_pid(cpu), cpu_gdb_index(cpu));
1146    } else {
1147        g_string_append_printf(buf, "%02x", cpu_gdb_index(cpu));
1148    }
1149}
1150
1151typedef enum GDBThreadIdKind {
1152    GDB_ONE_THREAD = 0,
1153    GDB_ALL_THREADS,     /* One process, all threads */
1154    GDB_ALL_PROCESSES,
1155    GDB_READ_THREAD_ERR
1156} GDBThreadIdKind;
1157
1158static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1159                                      uint32_t *pid, uint32_t *tid)
1160{
1161    unsigned long p, t;
1162    int ret;
1163
1164    if (*buf == 'p') {
1165        buf++;
1166        ret = qemu_strtoul(buf, &buf, 16, &p);
1167
1168        if (ret) {
1169            return GDB_READ_THREAD_ERR;
1170        }
1171
1172        /* Skip '.' */
1173        buf++;
1174    } else {
1175        p = 1;
1176    }
1177
1178    ret = qemu_strtoul(buf, &buf, 16, &t);
1179
1180    if (ret) {
1181        return GDB_READ_THREAD_ERR;
1182    }
1183
1184    *end_buf = buf;
1185
1186    if (p == -1) {
1187        return GDB_ALL_PROCESSES;
1188    }
1189
1190    if (pid) {
1191        *pid = p;
1192    }
1193
1194    if (t == -1) {
1195        return GDB_ALL_THREADS;
1196    }
1197
1198    if (tid) {
1199        *tid = t;
1200    }
1201
1202    return GDB_ONE_THREAD;
1203}
1204
1205/**
1206 * gdb_handle_vcont - Parses and handles a vCont packet.
1207 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1208 *         a format error, 0 on success.
1209 */
1210static int gdb_handle_vcont(const char *p)
1211{
1212    int res, signal = 0;
1213    char cur_action;
1214    char *newstates;
1215    unsigned long tmp;
1216    uint32_t pid, tid;
1217    GDBProcess *process;
1218    CPUState *cpu;
1219    GDBThreadIdKind kind;
1220#ifdef CONFIG_USER_ONLY
1221    int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1222
1223    CPU_FOREACH(cpu) {
1224        max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1225    }
1226#else
1227    MachineState *ms = MACHINE(qdev_get_machine());
1228    unsigned int max_cpus = ms->smp.max_cpus;
1229#endif
1230    /* uninitialised CPUs stay 0 */
1231    newstates = g_new0(char, max_cpus);
1232
1233    /* mark valid CPUs with 1 */
1234    CPU_FOREACH(cpu) {
1235        newstates[cpu->cpu_index] = 1;
1236    }
1237
1238    /*
1239     * res keeps track of what error we are returning, with -ENOTSUP meaning
1240     * that the command is unknown or unsupported, thus returning an empty
1241     * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1242     *  or incorrect parameters passed.
1243     */
1244    res = 0;
1245    while (*p) {
1246        if (*p++ != ';') {
1247            res = -ENOTSUP;
1248            goto out;
1249        }
1250
1251        cur_action = *p++;
1252        if (cur_action == 'C' || cur_action == 'S') {
1253            cur_action = qemu_tolower(cur_action);
1254            res = qemu_strtoul(p, &p, 16, &tmp);
1255            if (res) {
1256                goto out;
1257            }
1258            signal = gdb_signal_to_target(tmp);
1259        } else if (cur_action != 'c' && cur_action != 's') {
1260            /* unknown/invalid/unsupported command */
1261            res = -ENOTSUP;
1262            goto out;
1263        }
1264
1265        if (*p == '\0' || *p == ';') {
1266            /*
1267             * No thread specifier, action is on "all threads". The
1268             * specification is unclear regarding the process to act on. We
1269             * choose all processes.
1270             */
1271            kind = GDB_ALL_PROCESSES;
1272        } else if (*p++ == ':') {
1273            kind = read_thread_id(p, &p, &pid, &tid);
1274        } else {
1275            res = -ENOTSUP;
1276            goto out;
1277        }
1278
1279        switch (kind) {
1280        case GDB_READ_THREAD_ERR:
1281            res = -EINVAL;
1282            goto out;
1283
1284        case GDB_ALL_PROCESSES:
1285            cpu = gdb_first_attached_cpu();
1286            while (cpu) {
1287                if (newstates[cpu->cpu_index] == 1) {
1288                    newstates[cpu->cpu_index] = cur_action;
1289                }
1290
1291                cpu = gdb_next_attached_cpu(cpu);
1292            }
1293            break;
1294
1295        case GDB_ALL_THREADS:
1296            process = gdb_get_process(pid);
1297
1298            if (!process->attached) {
1299                res = -EINVAL;
1300                goto out;
1301            }
1302
1303            cpu = get_first_cpu_in_process(process);
1304            while (cpu) {
1305                if (newstates[cpu->cpu_index] == 1) {
1306                    newstates[cpu->cpu_index] = cur_action;
1307                }
1308
1309                cpu = gdb_next_cpu_in_process(cpu);
1310            }
1311            break;
1312
1313        case GDB_ONE_THREAD:
1314            cpu = gdb_get_cpu(pid, tid);
1315
1316            /* invalid CPU/thread specified */
1317            if (!cpu) {
1318                res = -EINVAL;
1319                goto out;
1320            }
1321
1322            /* only use if no previous match occourred */
1323            if (newstates[cpu->cpu_index] == 1) {
1324                newstates[cpu->cpu_index] = cur_action;
1325            }
1326            break;
1327        }
1328    }
1329    gdbserver_state.signal = signal;
1330    gdb_continue_partial(newstates);
1331
1332out:
1333    g_free(newstates);
1334
1335    return res;
1336}
1337
1338typedef union GdbCmdVariant {
1339    const char *data;
1340    uint8_t opcode;
1341    unsigned long val_ul;
1342    unsigned long long val_ull;
1343    struct {
1344        GDBThreadIdKind kind;
1345        uint32_t pid;
1346        uint32_t tid;
1347    } thread_id;
1348} GdbCmdVariant;
1349
1350#define get_param(p, i)    (&g_array_index(p, GdbCmdVariant, i))
1351
1352static const char *cmd_next_param(const char *param, const char delimiter)
1353{
1354    static const char all_delimiters[] = ",;:=";
1355    char curr_delimiters[2] = {0};
1356    const char *delimiters;
1357
1358    if (delimiter == '?') {
1359        delimiters = all_delimiters;
1360    } else if (delimiter == '0') {
1361        return strchr(param, '\0');
1362    } else if (delimiter == '.' && *param) {
1363        return param + 1;
1364    } else {
1365        curr_delimiters[0] = delimiter;
1366        delimiters = curr_delimiters;
1367    }
1368
1369    param += strcspn(param, delimiters);
1370    if (*param) {
1371        param++;
1372    }
1373    return param;
1374}
1375
1376static int cmd_parse_params(const char *data, const char *schema,
1377                            GArray *params)
1378{
1379    const char *curr_schema, *curr_data;
1380
1381    g_assert(schema);
1382    g_assert(params->len == 0);
1383
1384    curr_schema = schema;
1385    curr_data = data;
1386    while (curr_schema[0] && curr_schema[1] && *curr_data) {
1387        GdbCmdVariant this_param;
1388
1389        switch (curr_schema[0]) {
1390        case 'l':
1391            if (qemu_strtoul(curr_data, &curr_data, 16,
1392                             &this_param.val_ul)) {
1393                return -EINVAL;
1394            }
1395            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1396            g_array_append_val(params, this_param);
1397            break;
1398        case 'L':
1399            if (qemu_strtou64(curr_data, &curr_data, 16,
1400                              (uint64_t *)&this_param.val_ull)) {
1401                return -EINVAL;
1402            }
1403            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1404            g_array_append_val(params, this_param);
1405            break;
1406        case 's':
1407            this_param.data = curr_data;
1408            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1409            g_array_append_val(params, this_param);
1410            break;
1411        case 'o':
1412            this_param.opcode = *(uint8_t *)curr_data;
1413            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1414            g_array_append_val(params, this_param);
1415            break;
1416        case 't':
1417            this_param.thread_id.kind =
1418                read_thread_id(curr_data, &curr_data,
1419                               &this_param.thread_id.pid,
1420                               &this_param.thread_id.tid);
1421            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1422            g_array_append_val(params, this_param);
1423            break;
1424        case '?':
1425            curr_data = cmd_next_param(curr_data, curr_schema[1]);
1426            break;
1427        default:
1428            return -EINVAL;
1429        }
1430        curr_schema += 2;
1431    }
1432
1433    return 0;
1434}
1435
1436typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
1437
1438/*
1439 * cmd_startswith -> cmd is compared using startswith
1440 *
1441 *
1442 * schema definitions:
1443 * Each schema parameter entry consists of 2 chars,
1444 * the first char represents the parameter type handling
1445 * the second char represents the delimiter for the next parameter
1446 *
1447 * Currently supported schema types:
1448 * 'l' -> unsigned long (stored in .val_ul)
1449 * 'L' -> unsigned long long (stored in .val_ull)
1450 * 's' -> string (stored in .data)
1451 * 'o' -> single char (stored in .opcode)
1452 * 't' -> thread id (stored in .thread_id)
1453 * '?' -> skip according to delimiter
1454 *
1455 * Currently supported delimiters:
1456 * '?' -> Stop at any delimiter (",;:=\0")
1457 * '0' -> Stop at "\0"
1458 * '.' -> Skip 1 char unless reached "\0"
1459 * Any other value is treated as the delimiter value itself
1460 */
1461typedef struct GdbCmdParseEntry {
1462    GdbCmdHandler handler;
1463    const char *cmd;
1464    bool cmd_startswith;
1465    const char *schema;
1466} GdbCmdParseEntry;
1467
1468static inline int startswith(const char *string, const char *pattern)
1469{
1470  return !strncmp(string, pattern, strlen(pattern));
1471}
1472
1473static int process_string_cmd(void *user_ctx, const char *data,
1474                              const GdbCmdParseEntry *cmds, int num_cmds)
1475{
1476    int i;
1477    g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
1478
1479    if (!cmds) {
1480        return -1;
1481    }
1482
1483    for (i = 0; i < num_cmds; i++) {
1484        const GdbCmdParseEntry *cmd = &cmds[i];
1485        g_assert(cmd->handler && cmd->cmd);
1486
1487        if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1488            (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1489            continue;
1490        }
1491
1492        if (cmd->schema) {
1493            if (cmd_parse_params(&data[strlen(cmd->cmd)],
1494                                 cmd->schema, params)) {
1495                return -1;
1496            }
1497        }
1498
1499        cmd->handler(params, user_ctx);
1500        return 0;
1501    }
1502
1503    return -1;
1504}
1505
1506static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
1507{
1508    if (!data) {
1509        return;
1510    }
1511
1512    g_string_set_size(gdbserver_state.str_buf, 0);
1513    g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1514
1515    /* In case there was an error during the command parsing we must
1516    * send a NULL packet to indicate the command is not supported */
1517    if (process_string_cmd(NULL, data, cmd, 1)) {
1518        put_packet("");
1519    }
1520}
1521
1522static void handle_detach(GArray *params, void *user_ctx)
1523{
1524    GDBProcess *process;
1525    uint32_t pid = 1;
1526
1527    if (gdbserver_state.multiprocess) {
1528        if (!params->len) {
1529            put_packet("E22");
1530            return;
1531        }
1532
1533        pid = get_param(params, 0)->val_ul;
1534    }
1535
1536    process = gdb_get_process(pid);
1537    gdb_process_breakpoint_remove_all(process);
1538    process->attached = false;
1539
1540    if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1541        gdbserver_state.c_cpu = gdb_first_attached_cpu();
1542    }
1543
1544    if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1545        gdbserver_state.g_cpu = gdb_first_attached_cpu();
1546    }
1547
1548    if (!gdbserver_state.c_cpu) {
1549        /* No more process attached */
1550        gdb_syscall_mode = GDB_SYS_DISABLED;
1551        gdb_continue();
1552    }
1553    put_packet("OK");
1554}
1555
1556static void handle_thread_alive(GArray *params, void *user_ctx)
1557{
1558    CPUState *cpu;
1559
1560    if (!params->len) {
1561        put_packet("E22");
1562        return;
1563    }
1564
1565    if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1566        put_packet("E22");
1567        return;
1568    }
1569
1570    cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1571                      get_param(params, 0)->thread_id.tid);
1572    if (!cpu) {
1573        put_packet("E22");
1574        return;
1575    }
1576
1577    put_packet("OK");
1578}
1579
1580static void handle_continue(GArray *params, void *user_ctx)
1581{
1582    if (params->len) {
1583        gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1584    }
1585
1586    gdbserver_state.signal = 0;
1587    gdb_continue();
1588}
1589
1590static void handle_cont_with_sig(GArray *params, void *user_ctx)
1591{
1592    unsigned long signal = 0;
1593
1594    /*
1595     * Note: C sig;[addr] is currently unsupported and we simply
1596     *       omit the addr parameter
1597     */
1598    if (params->len) {
1599        signal = get_param(params, 0)->val_ul;
1600    }
1601
1602    gdbserver_state.signal = gdb_signal_to_target(signal);
1603    if (gdbserver_state.signal == -1) {
1604        gdbserver_state.signal = 0;
1605    }
1606    gdb_continue();
1607}
1608
1609static void handle_set_thread(GArray *params, void *user_ctx)
1610{
1611    CPUState *cpu;
1612
1613    if (params->len != 2) {
1614        put_packet("E22");
1615        return;
1616    }
1617
1618    if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1619        put_packet("E22");
1620        return;
1621    }
1622
1623    if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1624        put_packet("OK");
1625        return;
1626    }
1627
1628    cpu = gdb_get_cpu(get_param(params, 1)->thread_id.pid,
1629                      get_param(params, 1)->thread_id.tid);
1630    if (!cpu) {
1631        put_packet("E22");
1632        return;
1633    }
1634
1635    /*
1636     * Note: This command is deprecated and modern gdb's will be using the
1637     *       vCont command instead.
1638     */
1639    switch (get_param(params, 0)->opcode) {
1640    case 'c':
1641        gdbserver_state.c_cpu = cpu;
1642        put_packet("OK");
1643        break;
1644    case 'g':
1645        gdbserver_state.g_cpu = cpu;
1646        put_packet("OK");
1647        break;
1648    default:
1649        put_packet("E22");
1650        break;
1651    }
1652}
1653
1654static void handle_insert_bp(GArray *params, void *user_ctx)
1655{
1656    int res;
1657
1658    if (params->len != 3) {
1659        put_packet("E22");
1660        return;
1661    }
1662
1663    res = gdb_breakpoint_insert(get_param(params, 0)->val_ul,
1664                                get_param(params, 1)->val_ull,
1665                                get_param(params, 2)->val_ull);
1666    if (res >= 0) {
1667        put_packet("OK");
1668        return;
1669    } else if (res == -ENOSYS) {
1670        put_packet("");
1671        return;
1672    }
1673
1674    put_packet("E22");
1675}
1676
1677static void handle_remove_bp(GArray *params, void *user_ctx)
1678{
1679    int res;
1680
1681    if (params->len != 3) {
1682        put_packet("E22");
1683        return;
1684    }
1685
1686    res = gdb_breakpoint_remove(get_param(params, 0)->val_ul,
1687                                get_param(params, 1)->val_ull,
1688                                get_param(params, 2)->val_ull);
1689    if (res >= 0) {
1690        put_packet("OK");
1691        return;
1692    } else if (res == -ENOSYS) {
1693        put_packet("");
1694        return;
1695    }
1696
1697    put_packet("E22");
1698}
1699
1700/*
1701 * handle_set/get_reg
1702 *
1703 * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1704 * This works, but can be very slow. Anything new enough to understand
1705 * XML also knows how to use this properly. However to use this we
1706 * need to define a local XML file as well as be talking to a
1707 * reasonably modern gdb. Responding with an empty packet will cause
1708 * the remote gdb to fallback to older methods.
1709 */
1710
1711static void handle_set_reg(GArray *params, void *user_ctx)
1712{
1713    int reg_size;
1714
1715    if (!gdb_has_xml) {
1716        put_packet("");
1717        return;
1718    }
1719
1720    if (params->len != 2) {
1721        put_packet("E22");
1722        return;
1723    }
1724
1725    reg_size = strlen(get_param(params, 1)->data) / 2;
1726    hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1727    gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1728                       get_param(params, 0)->val_ull);
1729    put_packet("OK");
1730}
1731
1732static void handle_get_reg(GArray *params, void *user_ctx)
1733{
1734    int reg_size;
1735
1736    if (!gdb_has_xml) {
1737        put_packet("");
1738        return;
1739    }
1740
1741    if (!params->len) {
1742        put_packet("E14");
1743        return;
1744    }
1745
1746    reg_size = gdb_read_register(gdbserver_state.g_cpu,
1747                                 gdbserver_state.mem_buf,
1748                                 get_param(params, 0)->val_ull);
1749    if (!reg_size) {
1750        put_packet("E14");
1751        return;
1752    } else {
1753        g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1754    }
1755
1756    memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, reg_size);
1757    put_strbuf();
1758}
1759
1760static void handle_write_mem(GArray *params, void *user_ctx)
1761{
1762    if (params->len != 3) {
1763        put_packet("E22");
1764        return;
1765    }
1766
1767    /* hextomem() reads 2*len bytes */
1768    if (get_param(params, 1)->val_ull >
1769        strlen(get_param(params, 2)->data) / 2) {
1770        put_packet("E22");
1771        return;
1772    }
1773
1774    hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1775             get_param(params, 1)->val_ull);
1776    if (target_memory_rw_debug(gdbserver_state.g_cpu,
1777                               get_param(params, 0)->val_ull,
1778                               gdbserver_state.mem_buf->data,
1779                               gdbserver_state.mem_buf->len, true)) {
1780        put_packet("E14");
1781        return;
1782    }
1783
1784    put_packet("OK");
1785}
1786
1787static void handle_read_mem(GArray *params, void *user_ctx)
1788{
1789    if (params->len != 2) {
1790        put_packet("E22");
1791        return;
1792    }
1793
1794    /* memtohex() doubles the required space */
1795    if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1796        put_packet("E22");
1797        return;
1798    }
1799
1800    g_byte_array_set_size(gdbserver_state.mem_buf,
1801                          get_param(params, 1)->val_ull);
1802
1803    if (target_memory_rw_debug(gdbserver_state.g_cpu,
1804                               get_param(params, 0)->val_ull,
1805                               gdbserver_state.mem_buf->data,
1806                               gdbserver_state.mem_buf->len, false)) {
1807        put_packet("E14");
1808        return;
1809    }
1810
1811    memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1812             gdbserver_state.mem_buf->len);
1813    put_strbuf();
1814}
1815
1816static void handle_write_all_regs(GArray *params, void *user_ctx)
1817{
1818    target_ulong addr, len;
1819    uint8_t *registers;
1820    int reg_size;
1821
1822    if (!params->len) {
1823        return;
1824    }
1825
1826    cpu_synchronize_state(gdbserver_state.g_cpu);
1827    len = strlen(get_param(params, 0)->data) / 2;
1828    hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1829    registers = gdbserver_state.mem_buf->data;
1830    for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1831         addr++) {
1832        reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, addr);
1833        len -= reg_size;
1834        registers += reg_size;
1835    }
1836    put_packet("OK");
1837}
1838
1839static void handle_read_all_regs(GArray *params, void *user_ctx)
1840{
1841    target_ulong addr, len;
1842
1843    cpu_synchronize_state(gdbserver_state.g_cpu);
1844    g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1845    len = 0;
1846    for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs; addr++) {
1847        len += gdb_read_register(gdbserver_state.g_cpu,
1848                                 gdbserver_state.mem_buf,
1849                                 addr);
1850    }
1851    g_assert(len == gdbserver_state.mem_buf->len);
1852
1853    memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1854    put_strbuf();
1855}
1856
1857static void handle_file_io(GArray *params, void *user_ctx)
1858{
1859    if (params->len >= 1 && gdbserver_state.current_syscall_cb) {
1860        target_ulong ret, err;
1861
1862        ret = (target_ulong)get_param(params, 0)->val_ull;
1863        if (params->len >= 2) {
1864            err = (target_ulong)get_param(params, 1)->val_ull;
1865        } else {
1866            err = 0;
1867        }
1868        gdbserver_state.current_syscall_cb(gdbserver_state.c_cpu, ret, err);
1869        gdbserver_state.current_syscall_cb = NULL;
1870    }
1871
1872    if (params->len >= 3 && get_param(params, 2)->opcode == (uint8_t)'C') {
1873        put_packet("T02");
1874        return;
1875    }
1876
1877    gdb_continue();
1878}
1879
1880static void handle_step(GArray *params, void *user_ctx)
1881{
1882    if (params->len) {
1883        gdb_set_cpu_pc((target_ulong)get_param(params, 0)->val_ull);
1884    }
1885
1886    cpu_single_step(gdbserver_state.c_cpu, get_sstep_flags());
1887    gdb_continue();
1888}
1889
1890static void handle_backward(GArray *params, void *user_ctx)
1891{
1892    if (!stub_can_reverse()) {
1893        put_packet("E22");
1894    }
1895    if (params->len == 1) {
1896        switch (get_param(params, 0)->opcode) {
1897        case 's':
1898            if (replay_reverse_step()) {
1899                gdb_continue();
1900            } else {
1901                put_packet("E14");
1902            }
1903            return;
1904        case 'c':
1905            if (replay_reverse_continue()) {
1906                gdb_continue();
1907            } else {
1908                put_packet("E14");
1909            }
1910            return;
1911        }
1912    }
1913
1914    /* Default invalid command */
1915    put_packet("");
1916}
1917
1918static void handle_v_cont_query(GArray *params, void *user_ctx)
1919{
1920    put_packet("vCont;c;C;s;S");
1921}
1922
1923static void handle_v_cont(GArray *params, void *user_ctx)
1924{
1925    int res;
1926
1927    if (!params->len) {
1928        return;
1929    }
1930
1931    res = gdb_handle_vcont(get_param(params, 0)->data);
1932    if ((res == -EINVAL) || (res == -ERANGE)) {
1933        put_packet("E22");
1934    } else if (res) {
1935        put_packet("");
1936    }
1937}
1938
1939static void handle_v_attach(GArray *params, void *user_ctx)
1940{
1941    GDBProcess *process;
1942    CPUState *cpu;
1943
1944    g_string_assign(gdbserver_state.str_buf, "E22");
1945    if (!params->len) {
1946        goto cleanup;
1947    }
1948
1949    process = gdb_get_process(get_param(params, 0)->val_ul);
1950    if (!process) {
1951        goto cleanup;
1952    }
1953
1954    cpu = get_first_cpu_in_process(process);
1955    if (!cpu) {
1956        goto cleanup;
1957    }
1958
1959    process->attached = true;
1960    gdbserver_state.g_cpu = cpu;
1961    gdbserver_state.c_cpu = cpu;
1962
1963    g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1964    gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1965    g_string_append_c(gdbserver_state.str_buf, ';');
1966cleanup:
1967    put_strbuf();
1968}
1969
1970static void handle_v_kill(GArray *params, void *user_ctx)
1971{
1972    /* Kill the target */
1973    put_packet("OK");
1974    error_report("QEMU: Terminated via GDBstub");
1975    gdb_exit(0);
1976    exit(0);
1977}
1978
1979static const GdbCmdParseEntry gdb_v_commands_table[] = {
1980    /* Order is important if has same prefix */
1981    {
1982        .handler = handle_v_cont_query,
1983        .cmd = "Cont?",
1984        .cmd_startswith = 1
1985    },
1986    {
1987        .handler = handle_v_cont,
1988        .cmd = "Cont",
1989        .cmd_startswith = 1,
1990        .schema = "s0"
1991    },
1992    {
1993        .handler = handle_v_attach,
1994        .cmd = "Attach;",
1995        .cmd_startswith = 1,
1996        .schema = "l0"
1997    },
1998    {
1999        .handler = handle_v_kill,
2000        .cmd = "Kill;",
2001        .cmd_startswith = 1
2002    },
2003};
2004
2005static void handle_v_commands(GArray *params, void *user_ctx)
2006{
2007    if (!params->len) {
2008        return;
2009    }
2010
2011    if (process_string_cmd(NULL, get_param(params, 0)->data,
2012                           gdb_v_commands_table,
2013                           ARRAY_SIZE(gdb_v_commands_table))) {
2014        put_packet("");
2015    }
2016}
2017
2018static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
2019{
2020    g_string_printf(gdbserver_state.str_buf, "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
2021                    SSTEP_ENABLE, SSTEP_NOIRQ, SSTEP_NOTIMER);
2022    put_strbuf();
2023}
2024
2025static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
2026{
2027    if (!params->len) {
2028        return;
2029    }
2030
2031    sstep_flags = get_param(params, 0)->val_ul;
2032    put_packet("OK");
2033}
2034
2035static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
2036{
2037    g_string_printf(gdbserver_state.str_buf, "0x%x", sstep_flags);
2038    put_strbuf();
2039}
2040
2041static void handle_query_curr_tid(GArray *params, void *user_ctx)
2042{
2043    CPUState *cpu;
2044    GDBProcess *process;
2045
2046    /*
2047     * "Current thread" remains vague in the spec, so always return
2048     * the first thread of the current process (gdb returns the
2049     * first thread).
2050     */
2051    process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2052    cpu = get_first_cpu_in_process(process);
2053    g_string_assign(gdbserver_state.str_buf, "QC");
2054    gdb_append_thread_id(cpu, gdbserver_state.str_buf);
2055    put_strbuf();
2056}
2057
2058static void handle_query_threads(GArray *params, void *user_ctx)
2059{
2060    if (!gdbserver_state.query_cpu) {
2061        put_packet("l");
2062        return;
2063    }
2064
2065    g_string_assign(gdbserver_state.str_buf, "m");
2066    gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
2067    put_strbuf();
2068    gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
2069}
2070
2071static void handle_query_first_threads(GArray *params, void *user_ctx)
2072{
2073    gdbserver_state.query_cpu = gdb_first_attached_cpu();
2074    handle_query_threads(params, user_ctx);
2075}
2076
2077static void handle_query_thread_extra(GArray *params, void *user_ctx)
2078{
2079    g_autoptr(GString) rs = g_string_new(NULL);
2080    CPUState *cpu;
2081
2082    if (!params->len ||
2083        get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
2084        put_packet("E22");
2085        return;
2086    }
2087
2088    cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
2089                      get_param(params, 0)->thread_id.tid);
2090    if (!cpu) {
2091        return;
2092    }
2093
2094    cpu_synchronize_state(cpu);
2095
2096    if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
2097        /* Print the CPU model and name in multiprocess mode */
2098        ObjectClass *oc = object_get_class(OBJECT(cpu));
2099        const char *cpu_model = object_class_get_name(oc);
2100        const char *cpu_name =
2101            object_get_canonical_path_component(OBJECT(cpu));
2102        g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
2103                        cpu->halted ? "halted " : "running");
2104    } else {
2105        g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
2106                        cpu->halted ? "halted " : "running");
2107    }
2108    trace_gdbstub_op_extra_info(rs->str);
2109    memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
2110    put_strbuf();
2111}
2112
2113#ifdef CONFIG_USER_ONLY
2114static void handle_query_offsets(GArray *params, void *user_ctx)
2115{
2116    TaskState *ts;
2117
2118    ts = gdbserver_state.c_cpu->opaque;
2119    g_string_printf(gdbserver_state.str_buf,
2120                    "Text=" TARGET_ABI_FMT_lx
2121                    ";Data=" TARGET_ABI_FMT_lx
2122                    ";Bss=" TARGET_ABI_FMT_lx,
2123                    ts->info->code_offset,
2124                    ts->info->data_offset,
2125                    ts->info->data_offset);
2126    put_strbuf();
2127}
2128#else
2129static void handle_query_rcmd(GArray *params, void *user_ctx)
2130{
2131    const guint8 zero = 0;
2132    int len;
2133
2134    if (!params->len) {
2135        put_packet("E22");
2136        return;
2137    }
2138
2139    len = strlen(get_param(params, 0)->data);
2140    if (len % 2) {
2141        put_packet("E01");
2142        return;
2143    }
2144
2145    g_assert(gdbserver_state.mem_buf->len == 0);
2146    len = len / 2;
2147    hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
2148    g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
2149    qemu_chr_be_write(gdbserver_state.mon_chr, gdbserver_state.mem_buf->data,
2150                      gdbserver_state.mem_buf->len);
2151    put_packet("OK");
2152}
2153#endif
2154
2155static void handle_query_supported(GArray *params, void *user_ctx)
2156{
2157    CPUClass *cc;
2158
2159    g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
2160    cc = CPU_GET_CLASS(first_cpu);
2161    if (cc->gdb_core_xml_file) {
2162        g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
2163    }
2164
2165    if (stub_can_reverse()) {
2166        g_string_append(gdbserver_state.str_buf,
2167            ";ReverseStep+;ReverseContinue+");
2168    }
2169
2170#ifdef CONFIG_USER_ONLY
2171    if (gdbserver_state.c_cpu->opaque) {
2172        g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
2173    }
2174#endif
2175
2176    if (params->len &&
2177        strstr(get_param(params, 0)->data, "multiprocess+")) {
2178        gdbserver_state.multiprocess = true;
2179    }
2180
2181    g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
2182    put_strbuf();
2183}
2184
2185static void handle_query_xfer_features(GArray *params, void *user_ctx)
2186{
2187    GDBProcess *process;
2188    CPUClass *cc;
2189    unsigned long len, total_len, addr;
2190    const char *xml;
2191    const char *p;
2192
2193    if (params->len < 3) {
2194        put_packet("E22");
2195        return;
2196    }
2197
2198    process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2199    cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
2200    if (!cc->gdb_core_xml_file) {
2201        put_packet("");
2202        return;
2203    }
2204
2205    gdb_has_xml = true;
2206    p = get_param(params, 0)->data;
2207    xml = get_feature_xml(p, &p, process);
2208    if (!xml) {
2209        put_packet("E00");
2210        return;
2211    }
2212
2213    addr = get_param(params, 1)->val_ul;
2214    len = get_param(params, 2)->val_ul;
2215    total_len = strlen(xml);
2216    if (addr > total_len) {
2217        put_packet("E00");
2218        return;
2219    }
2220
2221    if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2222        len = (MAX_PACKET_LENGTH - 5) / 2;
2223    }
2224
2225    if (len < total_len - addr) {
2226        g_string_assign(gdbserver_state.str_buf, "m");
2227        memtox(gdbserver_state.str_buf, xml + addr, len);
2228    } else {
2229        g_string_assign(gdbserver_state.str_buf, "l");
2230        memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
2231    }
2232
2233    put_packet_binary(gdbserver_state.str_buf->str,
2234                      gdbserver_state.str_buf->len, true);
2235}
2236
2237#if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2238static void handle_query_xfer_auxv(GArray *params, void *user_ctx)
2239{
2240    TaskState *ts;
2241    unsigned long offset, len, saved_auxv, auxv_len;
2242
2243    if (params->len < 2) {
2244        put_packet("E22");
2245        return;
2246    }
2247
2248    offset = get_param(params, 0)->val_ul;
2249    len = get_param(params, 1)->val_ul;
2250    ts = gdbserver_state.c_cpu->opaque;
2251    saved_auxv = ts->info->saved_auxv;
2252    auxv_len = ts->info->auxv_len;
2253
2254    if (offset >= auxv_len) {
2255        put_packet("E00");
2256        return;
2257    }
2258
2259    if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2260        len = (MAX_PACKET_LENGTH - 5) / 2;
2261    }
2262
2263    if (len < auxv_len - offset) {
2264        g_string_assign(gdbserver_state.str_buf, "m");
2265    } else {
2266        g_string_assign(gdbserver_state.str_buf, "l");
2267        len = auxv_len - offset;
2268    }
2269
2270    g_byte_array_set_size(gdbserver_state.mem_buf, len);
2271    if (target_memory_rw_debug(gdbserver_state.g_cpu, saved_auxv + offset,
2272                               gdbserver_state.mem_buf->data, len, false)) {
2273        put_packet("E14");
2274        return;
2275    }
2276
2277    memtox(gdbserver_state.str_buf,
2278           (const char *)gdbserver_state.mem_buf->data, len);
2279    put_packet_binary(gdbserver_state.str_buf->str,
2280                      gdbserver_state.str_buf->len, true);
2281}
2282#endif
2283
2284static void handle_query_attached(GArray *params, void *user_ctx)
2285{
2286    put_packet(GDB_ATTACHED);
2287}
2288
2289static void handle_query_qemu_supported(GArray *params, void *user_ctx)
2290{
2291    g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
2292#ifndef CONFIG_USER_ONLY
2293    g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
2294#endif
2295    put_strbuf();
2296}
2297
2298#ifndef CONFIG_USER_ONLY
2299static void handle_query_qemu_phy_mem_mode(GArray *params,
2300                                           void *user_ctx)
2301{
2302    g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
2303    put_strbuf();
2304}
2305
2306static void handle_set_qemu_phy_mem_mode(GArray *params, void *user_ctx)
2307{
2308    if (!params->len) {
2309        put_packet("E22");
2310        return;
2311    }
2312
2313    if (!get_param(params, 0)->val_ul) {
2314        phy_memory_mode = 0;
2315    } else {
2316        phy_memory_mode = 1;
2317    }
2318    put_packet("OK");
2319}
2320#endif
2321
2322static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2323    /* Order is important if has same prefix */
2324    {
2325        .handler = handle_query_qemu_sstepbits,
2326        .cmd = "qemu.sstepbits",
2327    },
2328    {
2329        .handler = handle_query_qemu_sstep,
2330        .cmd = "qemu.sstep",
2331    },
2332    {
2333        .handler = handle_set_qemu_sstep,
2334        .cmd = "qemu.sstep=",
2335        .cmd_startswith = 1,
2336        .schema = "l0"
2337    },
2338};
2339
2340static const GdbCmdParseEntry gdb_gen_query_table[] = {
2341    {
2342        .handler = handle_query_curr_tid,
2343        .cmd = "C",
2344    },
2345    {
2346        .handler = handle_query_threads,
2347        .cmd = "sThreadInfo",
2348    },
2349    {
2350        .handler = handle_query_first_threads,
2351        .cmd = "fThreadInfo",
2352    },
2353    {
2354        .handler = handle_query_thread_extra,
2355        .cmd = "ThreadExtraInfo,",
2356        .cmd_startswith = 1,
2357        .schema = "t0"
2358    },
2359#ifdef CONFIG_USER_ONLY
2360    {
2361        .handler = handle_query_offsets,
2362        .cmd = "Offsets",
2363    },
2364#else
2365    {
2366        .handler = handle_query_rcmd,
2367        .cmd = "Rcmd,",
2368        .cmd_startswith = 1,
2369        .schema = "s0"
2370    },
2371#endif
2372    {
2373        .handler = handle_query_supported,
2374        .cmd = "Supported:",
2375        .cmd_startswith = 1,
2376        .schema = "s0"
2377    },
2378    {
2379        .handler = handle_query_supported,
2380        .cmd = "Supported",
2381        .schema = "s0"
2382    },
2383    {
2384        .handler = handle_query_xfer_features,
2385        .cmd = "Xfer:features:read:",
2386        .cmd_startswith = 1,
2387        .schema = "s:l,l0"
2388    },
2389#if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2390    {
2391        .handler = handle_query_xfer_auxv,
2392        .cmd = "Xfer:auxv:read::",
2393        .cmd_startswith = 1,
2394        .schema = "l,l0"
2395    },
2396#endif
2397    {
2398        .handler = handle_query_attached,
2399        .cmd = "Attached:",
2400        .cmd_startswith = 1
2401    },
2402    {
2403        .handler = handle_query_attached,
2404        .cmd = "Attached",
2405    },
2406    {
2407        .handler = handle_query_qemu_supported,
2408        .cmd = "qemu.Supported",
2409    },
2410#ifndef CONFIG_USER_ONLY
2411    {
2412        .handler = handle_query_qemu_phy_mem_mode,
2413        .cmd = "qemu.PhyMemMode",
2414    },
2415#endif
2416};
2417
2418static const GdbCmdParseEntry gdb_gen_set_table[] = {
2419    /* Order is important if has same prefix */
2420    {
2421        .handler = handle_set_qemu_sstep,
2422        .cmd = "qemu.sstep:",
2423        .cmd_startswith = 1,
2424        .schema = "l0"
2425    },
2426#ifndef CONFIG_USER_ONLY
2427    {
2428        .handler = handle_set_qemu_phy_mem_mode,
2429        .cmd = "qemu.PhyMemMode:",
2430        .cmd_startswith = 1,
2431        .schema = "l0"
2432    },
2433#endif
2434};
2435
2436static void handle_gen_query(GArray *params, void *user_ctx)
2437{
2438    if (!params->len) {
2439        return;
2440    }
2441
2442    if (!process_string_cmd(NULL, get_param(params, 0)->data,
2443                            gdb_gen_query_set_common_table,
2444                            ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2445        return;
2446    }
2447
2448    if (process_string_cmd(NULL, get_param(params, 0)->data,
2449                           gdb_gen_query_table,
2450                           ARRAY_SIZE(gdb_gen_query_table))) {
2451        put_packet("");
2452    }
2453}
2454
2455static void handle_gen_set(GArray *params, void *user_ctx)
2456{
2457    if (!params->len) {
2458        return;
2459    }
2460
2461    if (!process_string_cmd(NULL, get_param(params, 0)->data,
2462                            gdb_gen_query_set_common_table,
2463                            ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2464        return;
2465    }
2466
2467    if (process_string_cmd(NULL, get_param(params, 0)->data,
2468                           gdb_gen_set_table,
2469                           ARRAY_SIZE(gdb_gen_set_table))) {
2470        put_packet("");
2471    }
2472}
2473
2474static void handle_target_halt(GArray *params, void *user_ctx)
2475{
2476    g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2477    gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2478    g_string_append_c(gdbserver_state.str_buf, ';');
2479    put_strbuf();
2480    /*
2481     * Remove all the breakpoints when this query is issued,
2482     * because gdb is doing an initial connect and the state
2483     * should be cleaned up.
2484     */
2485    gdb_breakpoint_remove_all();
2486}
2487
2488static int gdb_handle_packet(const char *line_buf)
2489{
2490    const GdbCmdParseEntry *cmd_parser = NULL;
2491
2492    trace_gdbstub_io_command(line_buf);
2493
2494    switch (line_buf[0]) {
2495    case '!':
2496        put_packet("OK");
2497        break;
2498    case '?':
2499        {
2500            static const GdbCmdParseEntry target_halted_cmd_desc = {
2501                .handler = handle_target_halt,
2502                .cmd = "?",
2503                .cmd_startswith = 1
2504            };
2505            cmd_parser = &target_halted_cmd_desc;
2506        }
2507        break;
2508    case 'c':
2509        {
2510            static const GdbCmdParseEntry continue_cmd_desc = {
2511                .handler = handle_continue,
2512                .cmd = "c",
2513                .cmd_startswith = 1,
2514                .schema = "L0"
2515            };
2516            cmd_parser = &continue_cmd_desc;
2517        }
2518        break;
2519    case 'C':
2520        {
2521            static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2522                .handler = handle_cont_with_sig,
2523                .cmd = "C",
2524                .cmd_startswith = 1,
2525                .schema = "l0"
2526            };
2527            cmd_parser = &cont_with_sig_cmd_desc;
2528        }
2529        break;
2530    case 'v':
2531        {
2532            static const GdbCmdParseEntry v_cmd_desc = {
2533                .handler = handle_v_commands,
2534                .cmd = "v",
2535                .cmd_startswith = 1,
2536                .schema = "s0"
2537            };
2538            cmd_parser = &v_cmd_desc;
2539        }
2540        break;
2541    case 'k':
2542        /* Kill the target */
2543        error_report("QEMU: Terminated via GDBstub");
2544        gdb_exit(0);
2545        exit(0);
2546    case 'D':
2547        {
2548            static const GdbCmdParseEntry detach_cmd_desc = {
2549                .handler = handle_detach,
2550                .cmd = "D",
2551                .cmd_startswith = 1,
2552                .schema = "?.l0"
2553            };
2554            cmd_parser = &detach_cmd_desc;
2555        }
2556        break;
2557    case 's':
2558        {
2559            static const GdbCmdParseEntry step_cmd_desc = {
2560                .handler = handle_step,
2561                .cmd = "s",
2562                .cmd_startswith = 1,
2563                .schema = "L0"
2564            };
2565            cmd_parser = &step_cmd_desc;
2566        }
2567        break;
2568    case 'b':
2569        {
2570            static const GdbCmdParseEntry backward_cmd_desc = {
2571                .handler = handle_backward,
2572                .cmd = "b",
2573                .cmd_startswith = 1,
2574                .schema = "o0"
2575            };
2576            cmd_parser = &backward_cmd_desc;
2577        }
2578        break;
2579    case 'F':
2580        {
2581            static const GdbCmdParseEntry file_io_cmd_desc = {
2582                .handler = handle_file_io,
2583                .cmd = "F",
2584                .cmd_startswith = 1,
2585                .schema = "L,L,o0"
2586            };
2587            cmd_parser = &file_io_cmd_desc;
2588        }
2589        break;
2590    case 'g':
2591        {
2592            static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2593                .handler = handle_read_all_regs,
2594                .cmd = "g",
2595                .cmd_startswith = 1
2596            };
2597            cmd_parser = &read_all_regs_cmd_desc;
2598        }
2599        break;
2600    case 'G':
2601        {
2602            static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2603                .handler = handle_write_all_regs,
2604                .cmd = "G",
2605                .cmd_startswith = 1,
2606                .schema = "s0"
2607            };
2608            cmd_parser = &write_all_regs_cmd_desc;
2609        }
2610        break;
2611    case 'm':
2612        {
2613            static const GdbCmdParseEntry read_mem_cmd_desc = {
2614                .handler = handle_read_mem,
2615                .cmd = "m",
2616                .cmd_startswith = 1,
2617                .schema = "L,L0"
2618            };
2619            cmd_parser = &read_mem_cmd_desc;
2620        }
2621        break;
2622    case 'M':
2623        {
2624            static const GdbCmdParseEntry write_mem_cmd_desc = {
2625                .handler = handle_write_mem,
2626                .cmd = "M",
2627                .cmd_startswith = 1,
2628                .schema = "L,L:s0"
2629            };
2630            cmd_parser = &write_mem_cmd_desc;
2631        }
2632        break;
2633    case 'p':
2634        {
2635            static const GdbCmdParseEntry get_reg_cmd_desc = {
2636                .handler = handle_get_reg,
2637                .cmd = "p",
2638                .cmd_startswith = 1,
2639                .schema = "L0"
2640            };
2641            cmd_parser = &get_reg_cmd_desc;
2642        }
2643        break;
2644    case 'P':
2645        {
2646            static const GdbCmdParseEntry set_reg_cmd_desc = {
2647                .handler = handle_set_reg,
2648                .cmd = "P",
2649                .cmd_startswith = 1,
2650                .schema = "L?s0"
2651            };
2652            cmd_parser = &set_reg_cmd_desc;
2653        }
2654        break;
2655    case 'Z':
2656        {
2657            static const GdbCmdParseEntry insert_bp_cmd_desc = {
2658                .handler = handle_insert_bp,
2659                .cmd = "Z",
2660                .cmd_startswith = 1,
2661                .schema = "l?L?L0"
2662            };
2663            cmd_parser = &insert_bp_cmd_desc;
2664        }
2665        break;
2666    case 'z':
2667        {
2668            static const GdbCmdParseEntry remove_bp_cmd_desc = {
2669                .handler = handle_remove_bp,
2670                .cmd = "z",
2671                .cmd_startswith = 1,
2672                .schema = "l?L?L0"
2673            };
2674            cmd_parser = &remove_bp_cmd_desc;
2675        }
2676        break;
2677    case 'H':
2678        {
2679            static const GdbCmdParseEntry set_thread_cmd_desc = {
2680                .handler = handle_set_thread,
2681                .cmd = "H",
2682                .cmd_startswith = 1,
2683                .schema = "o.t0"
2684            };
2685            cmd_parser = &set_thread_cmd_desc;
2686        }
2687        break;
2688    case 'T':
2689        {
2690            static const GdbCmdParseEntry thread_alive_cmd_desc = {
2691                .handler = handle_thread_alive,
2692                .cmd = "T",
2693                .cmd_startswith = 1,
2694                .schema = "t0"
2695            };
2696            cmd_parser = &thread_alive_cmd_desc;
2697        }
2698        break;
2699    case 'q':
2700        {
2701            static const GdbCmdParseEntry gen_query_cmd_desc = {
2702                .handler = handle_gen_query,
2703                .cmd = "q",
2704                .cmd_startswith = 1,
2705                .schema = "s0"
2706            };
2707            cmd_parser = &gen_query_cmd_desc;
2708        }
2709        break;
2710    case 'Q':
2711        {
2712            static const GdbCmdParseEntry gen_set_cmd_desc = {
2713                .handler = handle_gen_set,
2714                .cmd = "Q",
2715                .cmd_startswith = 1,
2716                .schema = "s0"
2717            };
2718            cmd_parser = &gen_set_cmd_desc;
2719        }
2720        break;
2721    default:
2722        /* put empty packet */
2723        put_packet("");
2724        break;
2725    }
2726
2727    if (cmd_parser) {
2728        run_cmd_parser(line_buf, cmd_parser);
2729    }
2730
2731    return RS_IDLE;
2732}
2733
2734void gdb_set_stop_cpu(CPUState *cpu)
2735{
2736    GDBProcess *p = gdb_get_cpu_process(cpu);
2737
2738    if (!p->attached) {
2739        /*
2740         * Having a stop CPU corresponding to a process that is not attached
2741         * confuses GDB. So we ignore the request.
2742         */
2743        return;
2744    }
2745
2746    gdbserver_state.c_cpu = cpu;
2747    gdbserver_state.g_cpu = cpu;
2748}
2749
2750#ifndef CONFIG_USER_ONLY
2751static void gdb_vm_state_change(void *opaque, bool running, RunState state)
2752{
2753    CPUState *cpu = gdbserver_state.c_cpu;
2754    g_autoptr(GString) buf = g_string_new(NULL);
2755    g_autoptr(GString) tid = g_string_new(NULL);
2756    const char *type;
2757    int ret;
2758
2759    if (running || gdbserver_state.state == RS_INACTIVE) {
2760        return;
2761    }
2762    /* Is there a GDB syscall waiting to be sent?  */
2763    if (gdbserver_state.current_syscall_cb) {
2764        put_packet(gdbserver_state.syscall_buf);
2765        return;
2766    }
2767
2768    if (cpu == NULL) {
2769        /* No process attached */
2770        return;
2771    }
2772
2773    gdb_append_thread_id(cpu, tid);
2774
2775    switch (state) {
2776    case RUN_STATE_DEBUG:
2777        if (cpu->watchpoint_hit) {
2778            switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2779            case BP_MEM_READ:
2780                type = "r";
2781                break;
2782            case BP_MEM_ACCESS:
2783                type = "a";
2784                break;
2785            default:
2786                type = "";
2787                break;
2788            }
2789            trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2790                    (target_ulong)cpu->watchpoint_hit->vaddr);
2791            g_string_printf(buf, "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2792                            GDB_SIGNAL_TRAP, tid->str, type,
2793                            (target_ulong)cpu->watchpoint_hit->vaddr);
2794            cpu->watchpoint_hit = NULL;
2795            goto send_packet;
2796        } else {
2797            trace_gdbstub_hit_break();
2798        }
2799        tb_flush(cpu);
2800        ret = GDB_SIGNAL_TRAP;
2801        break;
2802    case RUN_STATE_PAUSED:
2803        trace_gdbstub_hit_paused();
2804        ret = GDB_SIGNAL_INT;
2805        break;
2806    case RUN_STATE_SHUTDOWN:
2807        trace_gdbstub_hit_shutdown();
2808        ret = GDB_SIGNAL_QUIT;
2809        break;
2810    case RUN_STATE_IO_ERROR:
2811        trace_gdbstub_hit_io_error();
2812        ret = GDB_SIGNAL_IO;
2813        break;
2814    case RUN_STATE_WATCHDOG:
2815        trace_gdbstub_hit_watchdog();
2816        ret = GDB_SIGNAL_ALRM;
2817        break;
2818    case RUN_STATE_INTERNAL_ERROR:
2819        trace_gdbstub_hit_internal_error();
2820        ret = GDB_SIGNAL_ABRT;
2821        break;
2822    case RUN_STATE_SAVE_VM:
2823    case RUN_STATE_RESTORE_VM:
2824        return;
2825    case RUN_STATE_FINISH_MIGRATE:
2826        ret = GDB_SIGNAL_XCPU;
2827        break;
2828    default:
2829        trace_gdbstub_hit_unknown(state);
2830        ret = GDB_SIGNAL_UNKNOWN;
2831        break;
2832    }
2833    gdb_set_stop_cpu(cpu);
2834    g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
2835
2836send_packet:
2837    put_packet(buf->str);
2838
2839    /* disable single step if it was enabled */
2840    cpu_single_step(cpu, 0);
2841}
2842#endif
2843
2844/* Send a gdb syscall request.
2845   This accepts limited printf-style format specifiers, specifically:
2846    %x  - target_ulong argument printed in hex.
2847    %lx - 64-bit argument printed in hex.
2848    %s  - string pointer (target_ulong) and length (int) pair.  */
2849void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2850{
2851    char *p;
2852    char *p_end;
2853    target_ulong addr;
2854    uint64_t i64;
2855
2856    if (!gdbserver_state.init) {
2857        return;
2858    }
2859
2860    gdbserver_state.current_syscall_cb = cb;
2861#ifndef CONFIG_USER_ONLY
2862    vm_stop(RUN_STATE_DEBUG);
2863#endif
2864    p = &gdbserver_state.syscall_buf[0];
2865    p_end = &gdbserver_state.syscall_buf[sizeof(gdbserver_state.syscall_buf)];
2866    *(p++) = 'F';
2867    while (*fmt) {
2868        if (*fmt == '%') {
2869            fmt++;
2870            switch (*fmt++) {
2871            case 'x':
2872                addr = va_arg(va, target_ulong);
2873                p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2874                break;
2875            case 'l':
2876                if (*(fmt++) != 'x')
2877                    goto bad_format;
2878                i64 = va_arg(va, uint64_t);
2879                p += snprintf(p, p_end - p, "%" PRIx64, i64);
2880                break;
2881            case 's':
2882                addr = va_arg(va, target_ulong);
2883                p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2884                              addr, va_arg(va, int));
2885                break;
2886            default:
2887            bad_format:
2888                error_report("gdbstub: Bad syscall format string '%s'",
2889                             fmt - 1);
2890                break;
2891            }
2892        } else {
2893            *(p++) = *(fmt++);
2894        }
2895    }
2896    *p = 0;
2897#ifdef CONFIG_USER_ONLY
2898    put_packet(gdbserver_state.syscall_buf);
2899    /* Return control to gdb for it to process the syscall request.
2900     * Since the protocol requires that gdb hands control back to us
2901     * using a "here are the results" F packet, we don't need to check
2902     * gdb_handlesig's return value (which is the signal to deliver if
2903     * execution was resumed via a continue packet).
2904     */
2905    gdb_handlesig(gdbserver_state.c_cpu, 0);
2906#else
2907    /* In this case wait to send the syscall packet until notification that
2908       the CPU has stopped.  This must be done because if the packet is sent
2909       now the reply from the syscall request could be received while the CPU
2910       is still in the running state, which can cause packets to be dropped
2911       and state transition 'T' packets to be sent while the syscall is still
2912       being processed.  */
2913    qemu_cpu_kick(gdbserver_state.c_cpu);
2914#endif
2915}
2916
2917void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2918{
2919    va_list va;
2920
2921    va_start(va, fmt);
2922    gdb_do_syscallv(cb, fmt, va);
2923    va_end(va);
2924}
2925
2926static void gdb_read_byte(uint8_t ch)
2927{
2928    uint8_t reply;
2929
2930#ifndef CONFIG_USER_ONLY
2931    if (gdbserver_state.last_packet->len) {
2932        /* Waiting for a response to the last packet.  If we see the start
2933           of a new command then abandon the previous response.  */
2934        if (ch == '-') {
2935            trace_gdbstub_err_got_nack();
2936            put_buffer(gdbserver_state.last_packet->data,
2937                       gdbserver_state.last_packet->len);
2938        } else if (ch == '+') {
2939            trace_gdbstub_io_got_ack();
2940        } else {
2941            trace_gdbstub_io_got_unexpected(ch);
2942        }
2943
2944        if (ch == '+' || ch == '$') {
2945            g_byte_array_set_size(gdbserver_state.last_packet, 0);
2946        }
2947        if (ch != '$')
2948            return;
2949    }
2950    if (runstate_is_running()) {
2951        /* when the CPU is running, we cannot do anything except stop
2952           it when receiving a char */
2953        vm_stop(RUN_STATE_PAUSED);
2954    } else
2955#endif
2956    {
2957        switch(gdbserver_state.state) {
2958        case RS_IDLE:
2959            if (ch == '$') {
2960                /* start of command packet */
2961                gdbserver_state.line_buf_index = 0;
2962                gdbserver_state.line_sum = 0;
2963                gdbserver_state.state = RS_GETLINE;
2964            } else {
2965                trace_gdbstub_err_garbage(ch);
2966            }
2967            break;
2968        case RS_GETLINE:
2969            if (ch == '}') {
2970                /* start escape sequence */
2971                gdbserver_state.state = RS_GETLINE_ESC;
2972                gdbserver_state.line_sum += ch;
2973            } else if (ch == '*') {
2974                /* start run length encoding sequence */
2975                gdbserver_state.state = RS_GETLINE_RLE;
2976                gdbserver_state.line_sum += ch;
2977            } else if (ch == '#') {
2978                /* end of command, start of checksum*/
2979                gdbserver_state.state = RS_CHKSUM1;
2980            } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2981                trace_gdbstub_err_overrun();
2982                gdbserver_state.state = RS_IDLE;
2983            } else {
2984                /* unescaped command character */
2985                gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2986                gdbserver_state.line_sum += ch;
2987            }
2988            break;
2989        case RS_GETLINE_ESC:
2990            if (ch == '#') {
2991                /* unexpected end of command in escape sequence */
2992                gdbserver_state.state = RS_CHKSUM1;
2993            } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2994                /* command buffer overrun */
2995                trace_gdbstub_err_overrun();
2996                gdbserver_state.state = RS_IDLE;
2997            } else {
2998                /* parse escaped character and leave escape state */
2999                gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
3000                gdbserver_state.line_sum += ch;
3001                gdbserver_state.state = RS_GETLINE;
3002            }
3003            break;
3004        case RS_GETLINE_RLE:
3005            /*
3006             * Run-length encoding is explained in "Debugging with GDB /
3007             * Appendix E GDB Remote Serial Protocol / Overview".
3008             */
3009            if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
3010                /* invalid RLE count encoding */
3011                trace_gdbstub_err_invalid_repeat(ch);
3012                gdbserver_state.state = RS_GETLINE;
3013            } else {
3014                /* decode repeat length */
3015                int repeat = ch - ' ' + 3;
3016                if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
3017                    /* that many repeats would overrun the command buffer */
3018                    trace_gdbstub_err_overrun();
3019                    gdbserver_state.state = RS_IDLE;
3020                } else if (gdbserver_state.line_buf_index < 1) {
3021                    /* got a repeat but we have nothing to repeat */
3022                    trace_gdbstub_err_invalid_rle();
3023                    gdbserver_state.state = RS_GETLINE;
3024                } else {
3025                    /* repeat the last character */
3026                    memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
3027                           gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
3028                    gdbserver_state.line_buf_index += repeat;
3029                    gdbserver_state.line_sum += ch;
3030                    gdbserver_state.state = RS_GETLINE;
3031                }
3032            }
3033            break;
3034        case RS_CHKSUM1:
3035            /* get high hex digit of checksum */
3036            if (!isxdigit(ch)) {
3037                trace_gdbstub_err_checksum_invalid(ch);
3038                gdbserver_state.state = RS_GETLINE;
3039                break;
3040            }
3041            gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
3042            gdbserver_state.line_csum = fromhex(ch) << 4;
3043            gdbserver_state.state = RS_CHKSUM2;
3044            break;
3045        case RS_CHKSUM2:
3046            /* get low hex digit of checksum */
3047            if (!isxdigit(ch)) {
3048                trace_gdbstub_err_checksum_invalid(ch);
3049                gdbserver_state.state = RS_GETLINE;
3050                break;
3051            }
3052            gdbserver_state.line_csum |= fromhex(ch);
3053
3054            if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
3055                trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
3056                /* send NAK reply */
3057                reply = '-';
3058                put_buffer(&reply, 1);
3059                gdbserver_state.state = RS_IDLE;
3060            } else {
3061                /* send ACK reply */
3062                reply = '+';
3063                put_buffer(&reply, 1);
3064                gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
3065            }
3066            break;
3067        default:
3068            abort();
3069        }
3070    }
3071}
3072
3073/* Tell the remote gdb that the process has exited.  */
3074void gdb_exit(int code)
3075{
3076  char buf[4];
3077
3078  if (!gdbserver_state.init) {
3079      return;
3080  }
3081#ifdef CONFIG_USER_ONLY
3082  if (gdbserver_state.socket_path) {
3083      unlink(gdbserver_state.socket_path);
3084  }
3085  if (gdbserver_state.fd < 0) {
3086      return;
3087  }
3088#endif
3089
3090  trace_gdbstub_op_exiting((uint8_t)code);
3091
3092  snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
3093  put_packet(buf);
3094
3095#ifndef CONFIG_USER_ONLY
3096  qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3097#endif
3098}
3099
3100/*
3101 * Create the process that will contain all the "orphan" CPUs (that are not
3102 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
3103 * be attachable and thus will be invisible to the user.
3104 */
3105static void create_default_process(GDBState *s)
3106{
3107    GDBProcess *process;
3108    int max_pid = 0;
3109
3110    if (gdbserver_state.process_num) {
3111        max_pid = s->processes[s->process_num - 1].pid;
3112    }
3113
3114    s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3115    process = &s->processes[s->process_num - 1];
3116
3117    /* We need an available PID slot for this process */
3118    assert(max_pid < UINT32_MAX);
3119
3120    process->pid = max_pid + 1;
3121    process->attached = false;
3122    process->target_xml[0] = '\0';
3123}
3124
3125#ifdef CONFIG_USER_ONLY
3126int
3127gdb_handlesig(CPUState *cpu, int sig)
3128{
3129    char buf[256];
3130    int n;
3131
3132    if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3133        return sig;
3134    }
3135
3136    /* disable single step if it was enabled */
3137    cpu_single_step(cpu, 0);
3138    tb_flush(cpu);
3139
3140    if (sig != 0) {
3141        gdb_set_stop_cpu(cpu);
3142        g_string_printf(gdbserver_state.str_buf,
3143                        "T%02xthread:", target_signal_to_gdb(sig));
3144        gdb_append_thread_id(cpu, gdbserver_state.str_buf);
3145        g_string_append_c(gdbserver_state.str_buf, ';');
3146        put_strbuf();
3147    }
3148    /* put_packet() might have detected that the peer terminated the
3149       connection.  */
3150    if (gdbserver_state.fd < 0) {
3151        return sig;
3152    }
3153
3154    sig = 0;
3155    gdbserver_state.state = RS_IDLE;
3156    gdbserver_state.running_state = 0;
3157    while (gdbserver_state.running_state == 0) {
3158        n = read(gdbserver_state.fd, buf, 256);
3159        if (n > 0) {
3160            int i;
3161
3162            for (i = 0; i < n; i++) {
3163                gdb_read_byte(buf[i]);
3164            }
3165        } else {
3166            /* XXX: Connection closed.  Should probably wait for another
3167               connection before continuing.  */
3168            if (n == 0) {
3169                close(gdbserver_state.fd);
3170            }
3171            gdbserver_state.fd = -1;
3172            return sig;
3173        }
3174    }
3175    sig = gdbserver_state.signal;
3176    gdbserver_state.signal = 0;
3177    return sig;
3178}
3179
3180/* Tell the remote gdb that the process has exited due to SIG.  */
3181void gdb_signalled(CPUArchState *env, int sig)
3182{
3183    char buf[4];
3184
3185    if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3186        return;
3187    }
3188
3189    snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3190    put_packet(buf);
3191}
3192
3193static void gdb_accept_init(int fd)
3194{
3195    init_gdbserver_state();
3196    create_default_process(&gdbserver_state);
3197    gdbserver_state.processes[0].attached = true;
3198    gdbserver_state.c_cpu = gdb_first_attached_cpu();
3199    gdbserver_state.g_cpu = gdbserver_state.c_cpu;
3200    gdbserver_state.fd = fd;
3201    gdb_has_xml = false;
3202}
3203
3204static bool gdb_accept_socket(int gdb_fd)
3205{
3206    int fd;
3207
3208    for(;;) {
3209        fd = accept(gdb_fd, NULL, NULL);
3210        if (fd < 0 && errno != EINTR) {
3211            perror("accept socket");
3212            return false;
3213        } else if (fd >= 0) {
3214            qemu_set_cloexec(fd);
3215            break;
3216        }
3217    }
3218
3219    gdb_accept_init(fd);
3220    return true;
3221}
3222
3223static int gdbserver_open_socket(const char *path)
3224{
3225    struct sockaddr_un sockaddr = {};
3226    int fd, ret;
3227
3228    fd = socket(AF_UNIX, SOCK_STREAM, 0);
3229    if (fd < 0) {
3230        perror("create socket");
3231        return -1;
3232    }
3233
3234    sockaddr.sun_family = AF_UNIX;
3235    pstrcpy(sockaddr.sun_path, sizeof(sockaddr.sun_path) - 1, path);
3236    ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3237    if (ret < 0) {
3238        perror("bind socket");
3239        close(fd);
3240        return -1;
3241    }
3242    ret = listen(fd, 1);
3243    if (ret < 0) {
3244        perror("listen socket");
3245        close(fd);
3246        return -1;
3247    }
3248
3249    return fd;
3250}
3251
3252static bool gdb_accept_tcp(int gdb_fd)
3253{
3254    struct sockaddr_in sockaddr = {};
3255    socklen_t len;
3256    int fd;
3257
3258    for(;;) {
3259        len = sizeof(sockaddr);
3260        fd = accept(gdb_fd, (struct sockaddr *)&sockaddr, &len);
3261        if (fd < 0 && errno != EINTR) {
3262            perror("accept");
3263            return false;
3264        } else if (fd >= 0) {
3265            qemu_set_cloexec(fd);
3266            break;
3267        }
3268    }
3269
3270    /* set short latency */
3271    if (socket_set_nodelay(fd)) {
3272        perror("setsockopt");
3273        close(fd);
3274        return false;
3275    }
3276
3277    gdb_accept_init(fd);
3278    return true;
3279}
3280
3281static int gdbserver_open_port(int port)
3282{
3283    struct sockaddr_in sockaddr;
3284    int fd, ret;
3285
3286    fd = socket(PF_INET, SOCK_STREAM, 0);
3287    if (fd < 0) {
3288        perror("socket");
3289        return -1;
3290    }
3291    qemu_set_cloexec(fd);
3292
3293    socket_set_fast_reuse(fd);
3294
3295    sockaddr.sin_family = AF_INET;
3296    sockaddr.sin_port = htons(port);
3297    sockaddr.sin_addr.s_addr = 0;
3298    ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3299    if (ret < 0) {
3300        perror("bind");
3301        close(fd);
3302        return -1;
3303    }
3304    ret = listen(fd, 1);
3305    if (ret < 0) {
3306        perror("listen");
3307        close(fd);
3308        return -1;
3309    }
3310
3311    return fd;
3312}
3313
3314int gdbserver_start(const char *port_or_path)
3315{
3316    int port = g_ascii_strtoull(port_or_path, NULL, 10);
3317    int gdb_fd;
3318
3319    if (port > 0) {
3320        gdb_fd = gdbserver_open_port(port);
3321    } else {
3322        gdb_fd = gdbserver_open_socket(port_or_path);
3323    }
3324
3325    if (gdb_fd < 0) {
3326        return -1;
3327    }
3328
3329    if (port > 0 && gdb_accept_tcp(gdb_fd)) {
3330        return 0;
3331    } else if (gdb_accept_socket(gdb_fd)) {
3332        gdbserver_state.socket_path = g_strdup(port_or_path);
3333        return 0;
3334    }
3335
3336    /* gone wrong */
3337    close(gdb_fd);
3338    return -1;
3339}
3340
3341/* Disable gdb stub for child processes.  */
3342void gdbserver_fork(CPUState *cpu)
3343{
3344    if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3345        return;
3346    }
3347    close(gdbserver_state.fd);
3348    gdbserver_state.fd = -1;
3349    cpu_breakpoint_remove_all(cpu, BP_GDB);
3350    cpu_watchpoint_remove_all(cpu, BP_GDB);
3351}
3352#else
3353static int gdb_chr_can_receive(void *opaque)
3354{
3355  /* We can handle an arbitrarily large amount of data.
3356   Pick the maximum packet size, which is as good as anything.  */
3357  return MAX_PACKET_LENGTH;
3358}
3359
3360static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3361{
3362    int i;
3363
3364    for (i = 0; i < size; i++) {
3365        gdb_read_byte(buf[i]);
3366    }
3367}
3368
3369static void gdb_chr_event(void *opaque, QEMUChrEvent event)
3370{
3371    int i;
3372    GDBState *s = (GDBState *) opaque;
3373
3374    switch (event) {
3375    case CHR_EVENT_OPENED:
3376        /* Start with first process attached, others detached */
3377        for (i = 0; i < s->process_num; i++) {
3378            s->processes[i].attached = !i;
3379        }
3380
3381        s->c_cpu = gdb_first_attached_cpu();
3382        s->g_cpu = s->c_cpu;
3383
3384        vm_stop(RUN_STATE_PAUSED);
3385        replay_gdb_attached();
3386        gdb_has_xml = false;
3387        break;
3388    default:
3389        break;
3390    }
3391}
3392
3393static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3394{
3395    g_autoptr(GString) hex_buf = g_string_new("O");
3396    memtohex(hex_buf, buf, len);
3397    put_packet(hex_buf->str);
3398    return len;
3399}
3400
3401#ifndef _WIN32
3402static void gdb_sigterm_handler(int signal)
3403{
3404    if (runstate_is_running()) {
3405        vm_stop(RUN_STATE_PAUSED);
3406    }
3407}
3408#endif
3409
3410static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3411                             bool *be_opened, Error **errp)
3412{
3413    *be_opened = false;
3414}
3415
3416static void char_gdb_class_init(ObjectClass *oc, void *data)
3417{
3418    ChardevClass *cc = CHARDEV_CLASS(oc);
3419
3420    cc->internal = true;
3421    cc->open = gdb_monitor_open;
3422    cc->chr_write = gdb_monitor_write;
3423}
3424
3425#define TYPE_CHARDEV_GDB "chardev-gdb"
3426
3427static const TypeInfo char_gdb_type_info = {
3428    .name = TYPE_CHARDEV_GDB,
3429    .parent = TYPE_CHARDEV,
3430    .class_init = char_gdb_class_init,
3431};
3432
3433static int find_cpu_clusters(Object *child, void *opaque)
3434{
3435    if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3436        GDBState *s = (GDBState *) opaque;
3437        CPUClusterState *cluster = CPU_CLUSTER(child);
3438        GDBProcess *process;
3439
3440        s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3441
3442        process = &s->processes[s->process_num - 1];
3443
3444        /*
3445         * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3446         * runtime, we enforce here that the machine does not use a cluster ID
3447         * that would lead to PID 0.
3448         */
3449        assert(cluster->cluster_id != UINT32_MAX);
3450        process->pid = cluster->cluster_id + 1;
3451        process->attached = false;
3452        process->target_xml[0] = '\0';
3453
3454        return 0;
3455    }
3456
3457    return object_child_foreach(child, find_cpu_clusters, opaque);
3458}
3459
3460static int pid_order(const void *a, const void *b)
3461{
3462    GDBProcess *pa = (GDBProcess *) a;
3463    GDBProcess *pb = (GDBProcess *) b;
3464
3465    if (pa->pid < pb->pid) {
3466        return -1;
3467    } else if (pa->pid > pb->pid) {
3468        return 1;
3469    } else {
3470        return 0;
3471    }
3472}
3473
3474static void create_processes(GDBState *s)
3475{
3476    object_child_foreach(object_get_root(), find_cpu_clusters, s);
3477
3478    if (gdbserver_state.processes) {
3479        /* Sort by PID */
3480        qsort(gdbserver_state.processes, gdbserver_state.process_num, sizeof(gdbserver_state.processes[0]), pid_order);
3481    }
3482
3483    create_default_process(s);
3484}
3485
3486int gdbserver_start(const char *device)
3487{
3488    trace_gdbstub_op_start(device);
3489
3490    char gdbstub_device_name[128];
3491    Chardev *chr = NULL;
3492    Chardev *mon_chr;
3493
3494    if (!first_cpu) {
3495        error_report("gdbstub: meaningless to attach gdb to a "
3496                     "machine without any CPU.");
3497        return -1;
3498    }
3499
3500    if (!device)
3501        return -1;
3502    if (strcmp(device, "none") != 0) {
3503        if (strstart(device, "tcp:", NULL)) {
3504            /* enforce required TCP attributes */
3505            snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3506                     "%s,wait=off,nodelay=on,server=on", device);
3507            device = gdbstub_device_name;
3508        }
3509#ifndef _WIN32
3510        else if (strcmp(device, "stdio") == 0) {
3511            struct sigaction act;
3512
3513            memset(&act, 0, sizeof(act));
3514            act.sa_handler = gdb_sigterm_handler;
3515            sigaction(SIGINT, &act, NULL);
3516        }
3517#endif
3518        /*
3519         * FIXME: it's a bit weird to allow using a mux chardev here
3520         * and implicitly setup a monitor. We may want to break this.
3521         */
3522        chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3523        if (!chr)
3524            return -1;
3525    }
3526
3527    if (!gdbserver_state.init) {
3528        init_gdbserver_state();
3529
3530        qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3531
3532        /* Initialize a monitor terminal for gdb */
3533        mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3534                                   NULL, NULL, &error_abort);
3535        monitor_init_hmp(mon_chr, false, &error_abort);
3536    } else {
3537        qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3538        mon_chr = gdbserver_state.mon_chr;
3539        reset_gdbserver_state();
3540    }
3541
3542    create_processes(&gdbserver_state);
3543
3544    if (chr) {
3545        qemu_chr_fe_init(&gdbserver_state.chr, chr, &error_abort);
3546        qemu_chr_fe_set_handlers(&gdbserver_state.chr, gdb_chr_can_receive,
3547                                 gdb_chr_receive, gdb_chr_event,
3548                                 NULL, &gdbserver_state, NULL, true);
3549    }
3550    gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
3551    gdbserver_state.mon_chr = mon_chr;
3552    gdbserver_state.current_syscall_cb = NULL;
3553
3554    return 0;
3555}
3556
3557static void register_types(void)
3558{
3559    type_register_static(&char_gdb_type_info);
3560}
3561
3562type_init(register_types);
3563#endif
3564