Merge remote-tracking branch 'remotes/alistair23/tags/pull-riscv-to-apply-20210921...
[qemu.git] / gdbstub.c
1 /*
2 * gdb server stub
3 *
4 * This implements a subset of the remote protocol as described in:
5 *
6 * https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7 *
8 * Copyright (c) 2003-2005 Fabrice Bellard
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 *
23 * SPDX-License-Identifier: LGPL-2.0+
24 */
25
26 #include "qemu/osdep.h"
27 #include "qemu-common.h"
28 #include "qapi/error.h"
29 #include "qemu/error-report.h"
30 #include "qemu/ctype.h"
31 #include "qemu/cutils.h"
32 #include "qemu/module.h"
33 #include "trace/trace-root.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "qemu.h"
36 #else
37 #include "monitor/monitor.h"
38 #include "chardev/char.h"
39 #include "chardev/char-fe.h"
40 #include "exec/gdbstub.h"
41 #include "hw/cpu/cluster.h"
42 #include "hw/boards.h"
43 #endif
44
45 #define MAX_PACKET_LENGTH 4096
46
47 #include "qemu/sockets.h"
48 #include "sysemu/hw_accel.h"
49 #include "sysemu/kvm.h"
50 #include "sysemu/runstate.h"
51 #include "semihosting/semihost.h"
52 #include "exec/exec-all.h"
53 #include "sysemu/replay.h"
54
55 #ifdef CONFIG_USER_ONLY
56 #define GDB_ATTACHED "0"
57 #else
58 #define GDB_ATTACHED "1"
59 #endif
60
61 #ifndef CONFIG_USER_ONLY
62 static int phy_memory_mode;
63 #endif
64
65 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
66 uint8_t *buf, int len, bool is_write)
67 {
68 CPUClass *cc;
69
70 #ifndef CONFIG_USER_ONLY
71 if (phy_memory_mode) {
72 if (is_write) {
73 cpu_physical_memory_write(addr, buf, len);
74 } else {
75 cpu_physical_memory_read(addr, buf, len);
76 }
77 return 0;
78 }
79 #endif
80
81 cc = CPU_GET_CLASS(cpu);
82 if (cc->memory_rw_debug) {
83 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
84 }
85 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
86 }
87
88 /* Return the GDB index for a given vCPU state.
89 *
90 * For user mode this is simply the thread id. In system mode GDB
91 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
92 */
93 static inline int cpu_gdb_index(CPUState *cpu)
94 {
95 #if defined(CONFIG_USER_ONLY)
96 TaskState *ts = (TaskState *) cpu->opaque;
97 return ts->ts_tid;
98 #else
99 return cpu->cpu_index + 1;
100 #endif
101 }
102
103 enum {
104 GDB_SIGNAL_0 = 0,
105 GDB_SIGNAL_INT = 2,
106 GDB_SIGNAL_QUIT = 3,
107 GDB_SIGNAL_TRAP = 5,
108 GDB_SIGNAL_ABRT = 6,
109 GDB_SIGNAL_ALRM = 14,
110 GDB_SIGNAL_IO = 23,
111 GDB_SIGNAL_XCPU = 24,
112 GDB_SIGNAL_UNKNOWN = 143
113 };
114
115 #ifdef CONFIG_USER_ONLY
116
117 /* Map target signal numbers to GDB protocol signal numbers and vice
118 * versa. For user emulation's currently supported systems, we can
119 * assume most signals are defined.
120 */
121
122 static int gdb_signal_table[] = {
123 0,
124 TARGET_SIGHUP,
125 TARGET_SIGINT,
126 TARGET_SIGQUIT,
127 TARGET_SIGILL,
128 TARGET_SIGTRAP,
129 TARGET_SIGABRT,
130 -1, /* SIGEMT */
131 TARGET_SIGFPE,
132 TARGET_SIGKILL,
133 TARGET_SIGBUS,
134 TARGET_SIGSEGV,
135 TARGET_SIGSYS,
136 TARGET_SIGPIPE,
137 TARGET_SIGALRM,
138 TARGET_SIGTERM,
139 TARGET_SIGURG,
140 TARGET_SIGSTOP,
141 TARGET_SIGTSTP,
142 TARGET_SIGCONT,
143 TARGET_SIGCHLD,
144 TARGET_SIGTTIN,
145 TARGET_SIGTTOU,
146 TARGET_SIGIO,
147 TARGET_SIGXCPU,
148 TARGET_SIGXFSZ,
149 TARGET_SIGVTALRM,
150 TARGET_SIGPROF,
151 TARGET_SIGWINCH,
152 -1, /* SIGLOST */
153 TARGET_SIGUSR1,
154 TARGET_SIGUSR2,
155 #ifdef TARGET_SIGPWR
156 TARGET_SIGPWR,
157 #else
158 -1,
159 #endif
160 -1, /* SIGPOLL */
161 -1,
162 -1,
163 -1,
164 -1,
165 -1,
166 -1,
167 -1,
168 -1,
169 -1,
170 -1,
171 -1,
172 #ifdef __SIGRTMIN
173 __SIGRTMIN + 1,
174 __SIGRTMIN + 2,
175 __SIGRTMIN + 3,
176 __SIGRTMIN + 4,
177 __SIGRTMIN + 5,
178 __SIGRTMIN + 6,
179 __SIGRTMIN + 7,
180 __SIGRTMIN + 8,
181 __SIGRTMIN + 9,
182 __SIGRTMIN + 10,
183 __SIGRTMIN + 11,
184 __SIGRTMIN + 12,
185 __SIGRTMIN + 13,
186 __SIGRTMIN + 14,
187 __SIGRTMIN + 15,
188 __SIGRTMIN + 16,
189 __SIGRTMIN + 17,
190 __SIGRTMIN + 18,
191 __SIGRTMIN + 19,
192 __SIGRTMIN + 20,
193 __SIGRTMIN + 21,
194 __SIGRTMIN + 22,
195 __SIGRTMIN + 23,
196 __SIGRTMIN + 24,
197 __SIGRTMIN + 25,
198 __SIGRTMIN + 26,
199 __SIGRTMIN + 27,
200 __SIGRTMIN + 28,
201 __SIGRTMIN + 29,
202 __SIGRTMIN + 30,
203 __SIGRTMIN + 31,
204 -1, /* SIGCANCEL */
205 __SIGRTMIN,
206 __SIGRTMIN + 32,
207 __SIGRTMIN + 33,
208 __SIGRTMIN + 34,
209 __SIGRTMIN + 35,
210 __SIGRTMIN + 36,
211 __SIGRTMIN + 37,
212 __SIGRTMIN + 38,
213 __SIGRTMIN + 39,
214 __SIGRTMIN + 40,
215 __SIGRTMIN + 41,
216 __SIGRTMIN + 42,
217 __SIGRTMIN + 43,
218 __SIGRTMIN + 44,
219 __SIGRTMIN + 45,
220 __SIGRTMIN + 46,
221 __SIGRTMIN + 47,
222 __SIGRTMIN + 48,
223 __SIGRTMIN + 49,
224 __SIGRTMIN + 50,
225 __SIGRTMIN + 51,
226 __SIGRTMIN + 52,
227 __SIGRTMIN + 53,
228 __SIGRTMIN + 54,
229 __SIGRTMIN + 55,
230 __SIGRTMIN + 56,
231 __SIGRTMIN + 57,
232 __SIGRTMIN + 58,
233 __SIGRTMIN + 59,
234 __SIGRTMIN + 60,
235 __SIGRTMIN + 61,
236 __SIGRTMIN + 62,
237 __SIGRTMIN + 63,
238 __SIGRTMIN + 64,
239 __SIGRTMIN + 65,
240 __SIGRTMIN + 66,
241 __SIGRTMIN + 67,
242 __SIGRTMIN + 68,
243 __SIGRTMIN + 69,
244 __SIGRTMIN + 70,
245 __SIGRTMIN + 71,
246 __SIGRTMIN + 72,
247 __SIGRTMIN + 73,
248 __SIGRTMIN + 74,
249 __SIGRTMIN + 75,
250 __SIGRTMIN + 76,
251 __SIGRTMIN + 77,
252 __SIGRTMIN + 78,
253 __SIGRTMIN + 79,
254 __SIGRTMIN + 80,
255 __SIGRTMIN + 81,
256 __SIGRTMIN + 82,
257 __SIGRTMIN + 83,
258 __SIGRTMIN + 84,
259 __SIGRTMIN + 85,
260 __SIGRTMIN + 86,
261 __SIGRTMIN + 87,
262 __SIGRTMIN + 88,
263 __SIGRTMIN + 89,
264 __SIGRTMIN + 90,
265 __SIGRTMIN + 91,
266 __SIGRTMIN + 92,
267 __SIGRTMIN + 93,
268 __SIGRTMIN + 94,
269 __SIGRTMIN + 95,
270 -1, /* SIGINFO */
271 -1, /* UNKNOWN */
272 -1, /* DEFAULT */
273 -1,
274 -1,
275 -1,
276 -1,
277 -1,
278 -1
279 #endif
280 };
281 #else
282 /* In system mode we only need SIGINT and SIGTRAP; other signals
283 are not yet supported. */
284
285 enum {
286 TARGET_SIGINT = 2,
287 TARGET_SIGTRAP = 5
288 };
289
290 static int gdb_signal_table[] = {
291 -1,
292 -1,
293 TARGET_SIGINT,
294 -1,
295 -1,
296 TARGET_SIGTRAP
297 };
298 #endif
299
300 #ifdef CONFIG_USER_ONLY
301 static int target_signal_to_gdb (int sig)
302 {
303 int i;
304 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
305 if (gdb_signal_table[i] == sig)
306 return i;
307 return GDB_SIGNAL_UNKNOWN;
308 }
309 #endif
310
311 static int gdb_signal_to_target (int sig)
312 {
313 if (sig < ARRAY_SIZE (gdb_signal_table))
314 return gdb_signal_table[sig];
315 else
316 return -1;
317 }
318
319 typedef struct GDBRegisterState {
320 int base_reg;
321 int num_regs;
322 gdb_get_reg_cb get_reg;
323 gdb_set_reg_cb set_reg;
324 const char *xml;
325 struct GDBRegisterState *next;
326 } GDBRegisterState;
327
328 typedef struct GDBProcess {
329 uint32_t pid;
330 bool attached;
331
332 char target_xml[1024];
333 } GDBProcess;
334
335 enum RSState {
336 RS_INACTIVE,
337 RS_IDLE,
338 RS_GETLINE,
339 RS_GETLINE_ESC,
340 RS_GETLINE_RLE,
341 RS_CHKSUM1,
342 RS_CHKSUM2,
343 };
344 typedef struct GDBState {
345 bool init; /* have we been initialised? */
346 CPUState *c_cpu; /* current CPU for step/continue ops */
347 CPUState *g_cpu; /* current CPU for other ops */
348 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
349 enum RSState state; /* parsing state */
350 char line_buf[MAX_PACKET_LENGTH];
351 int line_buf_index;
352 int line_sum; /* running checksum */
353 int line_csum; /* checksum at the end of the packet */
354 GByteArray *last_packet;
355 int signal;
356 #ifdef CONFIG_USER_ONLY
357 int fd;
358 char *socket_path;
359 int running_state;
360 #else
361 CharBackend chr;
362 Chardev *mon_chr;
363 #endif
364 bool multiprocess;
365 GDBProcess *processes;
366 int process_num;
367 char syscall_buf[256];
368 gdb_syscall_complete_cb current_syscall_cb;
369 GString *str_buf;
370 GByteArray *mem_buf;
371 } GDBState;
372
373 /* By default use no IRQs and no timers while single stepping so as to
374 * make single stepping like an ICE HW step.
375 */
376 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
377
378 /* Retrieves flags for single step mode. */
379 static int get_sstep_flags(void)
380 {
381 /*
382 * In replay mode all events written into the log should be replayed.
383 * That is why NOIRQ flag is removed in this mode.
384 */
385 if (replay_mode != REPLAY_MODE_NONE) {
386 return SSTEP_ENABLE;
387 } else {
388 return sstep_flags;
389 }
390 }
391
392 static GDBState gdbserver_state;
393
394 static void init_gdbserver_state(void)
395 {
396 g_assert(!gdbserver_state.init);
397 memset(&gdbserver_state, 0, sizeof(GDBState));
398 gdbserver_state.init = true;
399 gdbserver_state.str_buf = g_string_new(NULL);
400 gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
401 gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
402 }
403
404 #ifndef CONFIG_USER_ONLY
405 static void reset_gdbserver_state(void)
406 {
407 g_free(gdbserver_state.processes);
408 gdbserver_state.processes = NULL;
409 gdbserver_state.process_num = 0;
410 }
411 #endif
412
413 bool gdb_has_xml;
414
415 #ifdef CONFIG_USER_ONLY
416
417 static int get_char(void)
418 {
419 uint8_t ch;
420 int ret;
421
422 for(;;) {
423 ret = qemu_recv(gdbserver_state.fd, &ch, 1, 0);
424 if (ret < 0) {
425 if (errno == ECONNRESET)
426 gdbserver_state.fd = -1;
427 if (errno != EINTR)
428 return -1;
429 } else if (ret == 0) {
430 close(gdbserver_state.fd);
431 gdbserver_state.fd = -1;
432 return -1;
433 } else {
434 break;
435 }
436 }
437 return ch;
438 }
439 #endif
440
441 static enum {
442 GDB_SYS_UNKNOWN,
443 GDB_SYS_ENABLED,
444 GDB_SYS_DISABLED,
445 } gdb_syscall_mode;
446
447 /* Decide if either remote gdb syscalls or native file IO should be used. */
448 int use_gdb_syscalls(void)
449 {
450 SemihostingTarget target = semihosting_get_target();
451 if (target == SEMIHOSTING_TARGET_NATIVE) {
452 /* -semihosting-config target=native */
453 return false;
454 } else if (target == SEMIHOSTING_TARGET_GDB) {
455 /* -semihosting-config target=gdb */
456 return true;
457 }
458
459 /* -semihosting-config target=auto */
460 /* On the first call check if gdb is connected and remember. */
461 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
462 gdb_syscall_mode = gdbserver_state.init ?
463 GDB_SYS_ENABLED : GDB_SYS_DISABLED;
464 }
465 return gdb_syscall_mode == GDB_SYS_ENABLED;
466 }
467
468 static bool stub_can_reverse(void)
469 {
470 #ifdef CONFIG_USER_ONLY
471 return false;
472 #else
473 return replay_mode == REPLAY_MODE_PLAY;
474 #endif
475 }
476
477 /* Resume execution. */
478 static inline void gdb_continue(void)
479 {
480
481 #ifdef CONFIG_USER_ONLY
482 gdbserver_state.running_state = 1;
483 trace_gdbstub_op_continue();
484 #else
485 if (!runstate_needs_reset()) {
486 trace_gdbstub_op_continue();
487 vm_start();
488 }
489 #endif
490 }
491
492 /*
493 * Resume execution, per CPU actions. For user-mode emulation it's
494 * equivalent to gdb_continue.
495 */
496 static int gdb_continue_partial(char *newstates)
497 {
498 CPUState *cpu;
499 int res = 0;
500 #ifdef CONFIG_USER_ONLY
501 /*
502 * This is not exactly accurate, but it's an improvement compared to the
503 * previous situation, where only one CPU would be single-stepped.
504 */
505 CPU_FOREACH(cpu) {
506 if (newstates[cpu->cpu_index] == 's') {
507 trace_gdbstub_op_stepping(cpu->cpu_index);
508 cpu_single_step(cpu, sstep_flags);
509 }
510 }
511 gdbserver_state.running_state = 1;
512 #else
513 int flag = 0;
514
515 if (!runstate_needs_reset()) {
516 if (vm_prepare_start()) {
517 return 0;
518 }
519
520 CPU_FOREACH(cpu) {
521 switch (newstates[cpu->cpu_index]) {
522 case 0:
523 case 1:
524 break; /* nothing to do here */
525 case 's':
526 trace_gdbstub_op_stepping(cpu->cpu_index);
527 cpu_single_step(cpu, get_sstep_flags());
528 cpu_resume(cpu);
529 flag = 1;
530 break;
531 case 'c':
532 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
533 cpu_resume(cpu);
534 flag = 1;
535 break;
536 default:
537 res = -1;
538 break;
539 }
540 }
541 }
542 if (flag) {
543 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
544 }
545 #endif
546 return res;
547 }
548
549 static void put_buffer(const uint8_t *buf, int len)
550 {
551 #ifdef CONFIG_USER_ONLY
552 int ret;
553
554 while (len > 0) {
555 ret = send(gdbserver_state.fd, buf, len, 0);
556 if (ret < 0) {
557 if (errno != EINTR)
558 return;
559 } else {
560 buf += ret;
561 len -= ret;
562 }
563 }
564 #else
565 /* XXX this blocks entire thread. Rewrite to use
566 * qemu_chr_fe_write and background I/O callbacks */
567 qemu_chr_fe_write_all(&gdbserver_state.chr, buf, len);
568 #endif
569 }
570
571 static inline int fromhex(int v)
572 {
573 if (v >= '0' && v <= '9')
574 return v - '0';
575 else if (v >= 'A' && v <= 'F')
576 return v - 'A' + 10;
577 else if (v >= 'a' && v <= 'f')
578 return v - 'a' + 10;
579 else
580 return 0;
581 }
582
583 static inline int tohex(int v)
584 {
585 if (v < 10)
586 return v + '0';
587 else
588 return v - 10 + 'a';
589 }
590
591 /* writes 2*len+1 bytes in buf */
592 static void memtohex(GString *buf, const uint8_t *mem, int len)
593 {
594 int i, c;
595 for(i = 0; i < len; i++) {
596 c = mem[i];
597 g_string_append_c(buf, tohex(c >> 4));
598 g_string_append_c(buf, tohex(c & 0xf));
599 }
600 g_string_append_c(buf, '\0');
601 }
602
603 static void hextomem(GByteArray *mem, const char *buf, int len)
604 {
605 int i;
606
607 for(i = 0; i < len; i++) {
608 guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
609 g_byte_array_append(mem, &byte, 1);
610 buf += 2;
611 }
612 }
613
614 static void hexdump(const char *buf, int len,
615 void (*trace_fn)(size_t ofs, char const *text))
616 {
617 char line_buffer[3 * 16 + 4 + 16 + 1];
618
619 size_t i;
620 for (i = 0; i < len || (i & 0xF); ++i) {
621 size_t byte_ofs = i & 15;
622
623 if (byte_ofs == 0) {
624 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
625 line_buffer[3 * 16 + 4 + 16] = 0;
626 }
627
628 size_t col_group = (i >> 2) & 3;
629 size_t hex_col = byte_ofs * 3 + col_group;
630 size_t txt_col = 3 * 16 + 4 + byte_ofs;
631
632 if (i < len) {
633 char value = buf[i];
634
635 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
636 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
637 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
638 ? value
639 : '.';
640 }
641
642 if (byte_ofs == 0xF)
643 trace_fn(i & -16, line_buffer);
644 }
645 }
646
647 /* return -1 if error, 0 if OK */
648 static int put_packet_binary(const char *buf, int len, bool dump)
649 {
650 int csum, i;
651 uint8_t footer[3];
652
653 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
654 hexdump(buf, len, trace_gdbstub_io_binaryreply);
655 }
656
657 for(;;) {
658 g_byte_array_set_size(gdbserver_state.last_packet, 0);
659 g_byte_array_append(gdbserver_state.last_packet,
660 (const uint8_t *) "$", 1);
661 g_byte_array_append(gdbserver_state.last_packet,
662 (const uint8_t *) buf, len);
663 csum = 0;
664 for(i = 0; i < len; i++) {
665 csum += buf[i];
666 }
667 footer[0] = '#';
668 footer[1] = tohex((csum >> 4) & 0xf);
669 footer[2] = tohex((csum) & 0xf);
670 g_byte_array_append(gdbserver_state.last_packet, footer, 3);
671
672 put_buffer(gdbserver_state.last_packet->data,
673 gdbserver_state.last_packet->len);
674
675 #ifdef CONFIG_USER_ONLY
676 i = get_char();
677 if (i < 0)
678 return -1;
679 if (i == '+')
680 break;
681 #else
682 break;
683 #endif
684 }
685 return 0;
686 }
687
688 /* return -1 if error, 0 if OK */
689 static int put_packet(const char *buf)
690 {
691 trace_gdbstub_io_reply(buf);
692
693 return put_packet_binary(buf, strlen(buf), false);
694 }
695
696 static void put_strbuf(void)
697 {
698 put_packet(gdbserver_state.str_buf->str);
699 }
700
701 /* Encode data using the encoding for 'x' packets. */
702 static void memtox(GString *buf, const char *mem, int len)
703 {
704 char c;
705
706 while (len--) {
707 c = *(mem++);
708 switch (c) {
709 case '#': case '$': case '*': case '}':
710 g_string_append_c(buf, '}');
711 g_string_append_c(buf, c ^ 0x20);
712 break;
713 default:
714 g_string_append_c(buf, c);
715 break;
716 }
717 }
718 }
719
720 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
721 {
722 /* TODO: In user mode, we should use the task state PID */
723 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
724 /* Return the default process' PID */
725 int index = gdbserver_state.process_num - 1;
726 return gdbserver_state.processes[index].pid;
727 }
728 return cpu->cluster_index + 1;
729 }
730
731 static GDBProcess *gdb_get_process(uint32_t pid)
732 {
733 int i;
734
735 if (!pid) {
736 /* 0 means any process, we take the first one */
737 return &gdbserver_state.processes[0];
738 }
739
740 for (i = 0; i < gdbserver_state.process_num; i++) {
741 if (gdbserver_state.processes[i].pid == pid) {
742 return &gdbserver_state.processes[i];
743 }
744 }
745
746 return NULL;
747 }
748
749 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
750 {
751 return gdb_get_process(gdb_get_cpu_pid(cpu));
752 }
753
754 static CPUState *find_cpu(uint32_t thread_id)
755 {
756 CPUState *cpu;
757
758 CPU_FOREACH(cpu) {
759 if (cpu_gdb_index(cpu) == thread_id) {
760 return cpu;
761 }
762 }
763
764 return NULL;
765 }
766
767 static CPUState *get_first_cpu_in_process(GDBProcess *process)
768 {
769 CPUState *cpu;
770
771 CPU_FOREACH(cpu) {
772 if (gdb_get_cpu_pid(cpu) == process->pid) {
773 return cpu;
774 }
775 }
776
777 return NULL;
778 }
779
780 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
781 {
782 uint32_t pid = gdb_get_cpu_pid(cpu);
783 cpu = CPU_NEXT(cpu);
784
785 while (cpu) {
786 if (gdb_get_cpu_pid(cpu) == pid) {
787 break;
788 }
789
790 cpu = CPU_NEXT(cpu);
791 }
792
793 return cpu;
794 }
795
796 /* Return the cpu following @cpu, while ignoring unattached processes. */
797 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
798 {
799 cpu = CPU_NEXT(cpu);
800
801 while (cpu) {
802 if (gdb_get_cpu_process(cpu)->attached) {
803 break;
804 }
805
806 cpu = CPU_NEXT(cpu);
807 }
808
809 return cpu;
810 }
811
812 /* Return the first attached cpu */
813 static CPUState *gdb_first_attached_cpu(void)
814 {
815 CPUState *cpu = first_cpu;
816 GDBProcess *process = gdb_get_cpu_process(cpu);
817
818 if (!process->attached) {
819 return gdb_next_attached_cpu(cpu);
820 }
821
822 return cpu;
823 }
824
825 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
826 {
827 GDBProcess *process;
828 CPUState *cpu;
829
830 if (!pid && !tid) {
831 /* 0 means any process/thread, we take the first attached one */
832 return gdb_first_attached_cpu();
833 } else if (pid && !tid) {
834 /* any thread in a specific process */
835 process = gdb_get_process(pid);
836
837 if (process == NULL) {
838 return NULL;
839 }
840
841 if (!process->attached) {
842 return NULL;
843 }
844
845 return get_first_cpu_in_process(process);
846 } else {
847 /* a specific thread */
848 cpu = find_cpu(tid);
849
850 if (cpu == NULL) {
851 return NULL;
852 }
853
854 process = gdb_get_cpu_process(cpu);
855
856 if (pid && process->pid != pid) {
857 return NULL;
858 }
859
860 if (!process->attached) {
861 return NULL;
862 }
863
864 return cpu;
865 }
866 }
867
868 static const char *get_feature_xml(const char *p, const char **newp,
869 GDBProcess *process)
870 {
871 size_t len;
872 int i;
873 const char *name;
874 CPUState *cpu = get_first_cpu_in_process(process);
875 CPUClass *cc = CPU_GET_CLASS(cpu);
876
877 len = 0;
878 while (p[len] && p[len] != ':')
879 len++;
880 *newp = p + len;
881
882 name = NULL;
883 if (strncmp(p, "target.xml", len) == 0) {
884 char *buf = process->target_xml;
885 const size_t buf_sz = sizeof(process->target_xml);
886
887 /* Generate the XML description for this CPU. */
888 if (!buf[0]) {
889 GDBRegisterState *r;
890
891 pstrcat(buf, buf_sz,
892 "<?xml version=\"1.0\"?>"
893 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
894 "<target>");
895 if (cc->gdb_arch_name) {
896 gchar *arch = cc->gdb_arch_name(cpu);
897 pstrcat(buf, buf_sz, "<architecture>");
898 pstrcat(buf, buf_sz, arch);
899 pstrcat(buf, buf_sz, "</architecture>");
900 g_free(arch);
901 }
902 pstrcat(buf, buf_sz, "<xi:include href=\"");
903 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
904 pstrcat(buf, buf_sz, "\"/>");
905 for (r = cpu->gdb_regs; r; r = r->next) {
906 pstrcat(buf, buf_sz, "<xi:include href=\"");
907 pstrcat(buf, buf_sz, r->xml);
908 pstrcat(buf, buf_sz, "\"/>");
909 }
910 pstrcat(buf, buf_sz, "</target>");
911 }
912 return buf;
913 }
914 if (cc->gdb_get_dynamic_xml) {
915 char *xmlname = g_strndup(p, len);
916 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
917
918 g_free(xmlname);
919 if (xml) {
920 return xml;
921 }
922 }
923 for (i = 0; ; i++) {
924 name = xml_builtin[i][0];
925 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
926 break;
927 }
928 return name ? xml_builtin[i][1] : NULL;
929 }
930
931 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
932 {
933 CPUClass *cc = CPU_GET_CLASS(cpu);
934 CPUArchState *env = cpu->env_ptr;
935 GDBRegisterState *r;
936
937 if (reg < cc->gdb_num_core_regs) {
938 return cc->gdb_read_register(cpu, buf, reg);
939 }
940
941 for (r = cpu->gdb_regs; r; r = r->next) {
942 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
943 return r->get_reg(env, buf, reg - r->base_reg);
944 }
945 }
946 return 0;
947 }
948
949 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
950 {
951 CPUClass *cc = CPU_GET_CLASS(cpu);
952 CPUArchState *env = cpu->env_ptr;
953 GDBRegisterState *r;
954
955 if (reg < cc->gdb_num_core_regs) {
956 return cc->gdb_write_register(cpu, mem_buf, reg);
957 }
958
959 for (r = cpu->gdb_regs; r; r = r->next) {
960 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
961 return r->set_reg(env, mem_buf, reg - r->base_reg);
962 }
963 }
964 return 0;
965 }
966
967 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
968 specifies the first register number and these registers are included in
969 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
970 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
971 */
972
973 void gdb_register_coprocessor(CPUState *cpu,
974 gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
975 int num_regs, const char *xml, int g_pos)
976 {
977 GDBRegisterState *s;
978 GDBRegisterState **p;
979
980 p = &cpu->gdb_regs;
981 while (*p) {
982 /* Check for duplicates. */
983 if (strcmp((*p)->xml, xml) == 0)
984 return;
985 p = &(*p)->next;
986 }
987
988 s = g_new0(GDBRegisterState, 1);
989 s->base_reg = cpu->gdb_num_regs;
990 s->num_regs = num_regs;
991 s->get_reg = get_reg;
992 s->set_reg = set_reg;
993 s->xml = xml;
994
995 /* Add to end of list. */
996 cpu->gdb_num_regs += num_regs;
997 *p = s;
998 if (g_pos) {
999 if (g_pos != s->base_reg) {
1000 error_report("Error: Bad gdb register numbering for '%s', "
1001 "expected %d got %d", xml, g_pos, s->base_reg);
1002 } else {
1003 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
1004 }
1005 }
1006 }
1007
1008 #ifndef CONFIG_USER_ONLY
1009 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
1010 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
1011 {
1012 static const int xlat[] = {
1013 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1014 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1015 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1016 };
1017
1018 CPUClass *cc = CPU_GET_CLASS(cpu);
1019 int cputype = xlat[gdbtype];
1020
1021 if (cc->gdb_stop_before_watchpoint) {
1022 cputype |= BP_STOP_BEFORE_ACCESS;
1023 }
1024 return cputype;
1025 }
1026 #endif
1027
1028 static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
1029 {
1030 CPUState *cpu;
1031 int err = 0;
1032
1033 if (kvm_enabled()) {
1034 return kvm_insert_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1035 }
1036
1037 switch (type) {
1038 case GDB_BREAKPOINT_SW:
1039 case GDB_BREAKPOINT_HW:
1040 CPU_FOREACH(cpu) {
1041 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
1042 if (err) {
1043 break;
1044 }
1045 }
1046 return err;
1047 #ifndef CONFIG_USER_ONLY
1048 case GDB_WATCHPOINT_WRITE:
1049 case GDB_WATCHPOINT_READ:
1050 case GDB_WATCHPOINT_ACCESS:
1051 CPU_FOREACH(cpu) {
1052 err = cpu_watchpoint_insert(cpu, addr, len,
1053 xlat_gdb_type(cpu, type), NULL);
1054 if (err) {
1055 break;
1056 }
1057 }
1058 return err;
1059 #endif
1060 default:
1061 return -ENOSYS;
1062 }
1063 }
1064
1065 static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
1066 {
1067 CPUState *cpu;
1068 int err = 0;
1069
1070 if (kvm_enabled()) {
1071 return kvm_remove_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1072 }
1073
1074 switch (type) {
1075 case GDB_BREAKPOINT_SW:
1076 case GDB_BREAKPOINT_HW:
1077 CPU_FOREACH(cpu) {
1078 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1079 if (err) {
1080 break;
1081 }
1082 }
1083 return err;
1084 #ifndef CONFIG_USER_ONLY
1085 case GDB_WATCHPOINT_WRITE:
1086 case GDB_WATCHPOINT_READ:
1087 case GDB_WATCHPOINT_ACCESS:
1088 CPU_FOREACH(cpu) {
1089 err = cpu_watchpoint_remove(cpu, addr, len,
1090 xlat_gdb_type(cpu, type));
1091 if (err)
1092 break;
1093 }
1094 return err;
1095 #endif
1096 default:
1097 return -ENOSYS;
1098 }
1099 }
1100
1101 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1102 {
1103 cpu_breakpoint_remove_all(cpu, BP_GDB);
1104 #ifndef CONFIG_USER_ONLY
1105 cpu_watchpoint_remove_all(cpu, BP_GDB);
1106 #endif
1107 }
1108
1109 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
1110 {
1111 CPUState *cpu = get_first_cpu_in_process(p);
1112
1113 while (cpu) {
1114 gdb_cpu_breakpoint_remove_all(cpu);
1115 cpu = gdb_next_cpu_in_process(cpu);
1116 }
1117 }
1118
1119 static void gdb_breakpoint_remove_all(void)
1120 {
1121 CPUState *cpu;
1122
1123 if (kvm_enabled()) {
1124 kvm_remove_all_breakpoints(gdbserver_state.c_cpu);
1125 return;
1126 }
1127
1128 CPU_FOREACH(cpu) {
1129 gdb_cpu_breakpoint_remove_all(cpu);
1130 }
1131 }
1132
1133 static void gdb_set_cpu_pc(target_ulong pc)
1134 {
1135 CPUState *cpu = gdbserver_state.c_cpu;
1136
1137 cpu_synchronize_state(cpu);
1138 cpu_set_pc(cpu, pc);
1139 }
1140
1141 static void gdb_append_thread_id(CPUState *cpu, GString *buf)
1142 {
1143 if (gdbserver_state.multiprocess) {
1144 g_string_append_printf(buf, "p%02x.%02x",
1145 gdb_get_cpu_pid(cpu), cpu_gdb_index(cpu));
1146 } else {
1147 g_string_append_printf(buf, "%02x", cpu_gdb_index(cpu));
1148 }
1149 }
1150
1151 typedef enum GDBThreadIdKind {
1152 GDB_ONE_THREAD = 0,
1153 GDB_ALL_THREADS, /* One process, all threads */
1154 GDB_ALL_PROCESSES,
1155 GDB_READ_THREAD_ERR
1156 } GDBThreadIdKind;
1157
1158 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1159 uint32_t *pid, uint32_t *tid)
1160 {
1161 unsigned long p, t;
1162 int ret;
1163
1164 if (*buf == 'p') {
1165 buf++;
1166 ret = qemu_strtoul(buf, &buf, 16, &p);
1167
1168 if (ret) {
1169 return GDB_READ_THREAD_ERR;
1170 }
1171
1172 /* Skip '.' */
1173 buf++;
1174 } else {
1175 p = 1;
1176 }
1177
1178 ret = qemu_strtoul(buf, &buf, 16, &t);
1179
1180 if (ret) {
1181 return GDB_READ_THREAD_ERR;
1182 }
1183
1184 *end_buf = buf;
1185
1186 if (p == -1) {
1187 return GDB_ALL_PROCESSES;
1188 }
1189
1190 if (pid) {
1191 *pid = p;
1192 }
1193
1194 if (t == -1) {
1195 return GDB_ALL_THREADS;
1196 }
1197
1198 if (tid) {
1199 *tid = t;
1200 }
1201
1202 return GDB_ONE_THREAD;
1203 }
1204
1205 /**
1206 * gdb_handle_vcont - Parses and handles a vCont packet.
1207 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1208 * a format error, 0 on success.
1209 */
1210 static int gdb_handle_vcont(const char *p)
1211 {
1212 int res, signal = 0;
1213 char cur_action;
1214 char *newstates;
1215 unsigned long tmp;
1216 uint32_t pid, tid;
1217 GDBProcess *process;
1218 CPUState *cpu;
1219 GDBThreadIdKind kind;
1220 #ifdef CONFIG_USER_ONLY
1221 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1222
1223 CPU_FOREACH(cpu) {
1224 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1225 }
1226 #else
1227 MachineState *ms = MACHINE(qdev_get_machine());
1228 unsigned int max_cpus = ms->smp.max_cpus;
1229 #endif
1230 /* uninitialised CPUs stay 0 */
1231 newstates = g_new0(char, max_cpus);
1232
1233 /* mark valid CPUs with 1 */
1234 CPU_FOREACH(cpu) {
1235 newstates[cpu->cpu_index] = 1;
1236 }
1237
1238 /*
1239 * res keeps track of what error we are returning, with -ENOTSUP meaning
1240 * that the command is unknown or unsupported, thus returning an empty
1241 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1242 * or incorrect parameters passed.
1243 */
1244 res = 0;
1245 while (*p) {
1246 if (*p++ != ';') {
1247 res = -ENOTSUP;
1248 goto out;
1249 }
1250
1251 cur_action = *p++;
1252 if (cur_action == 'C' || cur_action == 'S') {
1253 cur_action = qemu_tolower(cur_action);
1254 res = qemu_strtoul(p, &p, 16, &tmp);
1255 if (res) {
1256 goto out;
1257 }
1258 signal = gdb_signal_to_target(tmp);
1259 } else if (cur_action != 'c' && cur_action != 's') {
1260 /* unknown/invalid/unsupported command */
1261 res = -ENOTSUP;
1262 goto out;
1263 }
1264
1265 if (*p == '\0' || *p == ';') {
1266 /*
1267 * No thread specifier, action is on "all threads". The
1268 * specification is unclear regarding the process to act on. We
1269 * choose all processes.
1270 */
1271 kind = GDB_ALL_PROCESSES;
1272 } else if (*p++ == ':') {
1273 kind = read_thread_id(p, &p, &pid, &tid);
1274 } else {
1275 res = -ENOTSUP;
1276 goto out;
1277 }
1278
1279 switch (kind) {
1280 case GDB_READ_THREAD_ERR:
1281 res = -EINVAL;
1282 goto out;
1283
1284 case GDB_ALL_PROCESSES:
1285 cpu = gdb_first_attached_cpu();
1286 while (cpu) {
1287 if (newstates[cpu->cpu_index] == 1) {
1288 newstates[cpu->cpu_index] = cur_action;
1289 }
1290
1291 cpu = gdb_next_attached_cpu(cpu);
1292 }
1293 break;
1294
1295 case GDB_ALL_THREADS:
1296 process = gdb_get_process(pid);
1297
1298 if (!process->attached) {
1299 res = -EINVAL;
1300 goto out;
1301 }
1302
1303 cpu = get_first_cpu_in_process(process);
1304 while (cpu) {
1305 if (newstates[cpu->cpu_index] == 1) {
1306 newstates[cpu->cpu_index] = cur_action;
1307 }
1308
1309 cpu = gdb_next_cpu_in_process(cpu);
1310 }
1311 break;
1312
1313 case GDB_ONE_THREAD:
1314 cpu = gdb_get_cpu(pid, tid);
1315
1316 /* invalid CPU/thread specified */
1317 if (!cpu) {
1318 res = -EINVAL;
1319 goto out;
1320 }
1321
1322 /* only use if no previous match occourred */
1323 if (newstates[cpu->cpu_index] == 1) {
1324 newstates[cpu->cpu_index] = cur_action;
1325 }
1326 break;
1327 }
1328 }
1329 gdbserver_state.signal = signal;
1330 gdb_continue_partial(newstates);
1331
1332 out:
1333 g_free(newstates);
1334
1335 return res;
1336 }
1337
1338 typedef union GdbCmdVariant {
1339 const char *data;
1340 uint8_t opcode;
1341 unsigned long val_ul;
1342 unsigned long long val_ull;
1343 struct {
1344 GDBThreadIdKind kind;
1345 uint32_t pid;
1346 uint32_t tid;
1347 } thread_id;
1348 } GdbCmdVariant;
1349
1350 #define get_param(p, i) (&g_array_index(p, GdbCmdVariant, i))
1351
1352 static const char *cmd_next_param(const char *param, const char delimiter)
1353 {
1354 static const char all_delimiters[] = ",;:=";
1355 char curr_delimiters[2] = {0};
1356 const char *delimiters;
1357
1358 if (delimiter == '?') {
1359 delimiters = all_delimiters;
1360 } else if (delimiter == '0') {
1361 return strchr(param, '\0');
1362 } else if (delimiter == '.' && *param) {
1363 return param + 1;
1364 } else {
1365 curr_delimiters[0] = delimiter;
1366 delimiters = curr_delimiters;
1367 }
1368
1369 param += strcspn(param, delimiters);
1370 if (*param) {
1371 param++;
1372 }
1373 return param;
1374 }
1375
1376 static int cmd_parse_params(const char *data, const char *schema,
1377 GArray *params)
1378 {
1379 const char *curr_schema, *curr_data;
1380
1381 g_assert(schema);
1382 g_assert(params->len == 0);
1383
1384 curr_schema = schema;
1385 curr_data = data;
1386 while (curr_schema[0] && curr_schema[1] && *curr_data) {
1387 GdbCmdVariant this_param;
1388
1389 switch (curr_schema[0]) {
1390 case 'l':
1391 if (qemu_strtoul(curr_data, &curr_data, 16,
1392 &this_param.val_ul)) {
1393 return -EINVAL;
1394 }
1395 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1396 g_array_append_val(params, this_param);
1397 break;
1398 case 'L':
1399 if (qemu_strtou64(curr_data, &curr_data, 16,
1400 (uint64_t *)&this_param.val_ull)) {
1401 return -EINVAL;
1402 }
1403 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1404 g_array_append_val(params, this_param);
1405 break;
1406 case 's':
1407 this_param.data = curr_data;
1408 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1409 g_array_append_val(params, this_param);
1410 break;
1411 case 'o':
1412 this_param.opcode = *(uint8_t *)curr_data;
1413 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1414 g_array_append_val(params, this_param);
1415 break;
1416 case 't':
1417 this_param.thread_id.kind =
1418 read_thread_id(curr_data, &curr_data,
1419 &this_param.thread_id.pid,
1420 &this_param.thread_id.tid);
1421 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1422 g_array_append_val(params, this_param);
1423 break;
1424 case '?':
1425 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1426 break;
1427 default:
1428 return -EINVAL;
1429 }
1430 curr_schema += 2;
1431 }
1432
1433 return 0;
1434 }
1435
1436 typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
1437
1438 /*
1439 * cmd_startswith -> cmd is compared using startswith
1440 *
1441 *
1442 * schema definitions:
1443 * Each schema parameter entry consists of 2 chars,
1444 * the first char represents the parameter type handling
1445 * the second char represents the delimiter for the next parameter
1446 *
1447 * Currently supported schema types:
1448 * 'l' -> unsigned long (stored in .val_ul)
1449 * 'L' -> unsigned long long (stored in .val_ull)
1450 * 's' -> string (stored in .data)
1451 * 'o' -> single char (stored in .opcode)
1452 * 't' -> thread id (stored in .thread_id)
1453 * '?' -> skip according to delimiter
1454 *
1455 * Currently supported delimiters:
1456 * '?' -> Stop at any delimiter (",;:=\0")
1457 * '0' -> Stop at "\0"
1458 * '.' -> Skip 1 char unless reached "\0"
1459 * Any other value is treated as the delimiter value itself
1460 */
1461 typedef struct GdbCmdParseEntry {
1462 GdbCmdHandler handler;
1463 const char *cmd;
1464 bool cmd_startswith;
1465 const char *schema;
1466 } GdbCmdParseEntry;
1467
1468 static inline int startswith(const char *string, const char *pattern)
1469 {
1470 return !strncmp(string, pattern, strlen(pattern));
1471 }
1472
1473 static int process_string_cmd(void *user_ctx, const char *data,
1474 const GdbCmdParseEntry *cmds, int num_cmds)
1475 {
1476 int i;
1477 g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
1478
1479 if (!cmds) {
1480 return -1;
1481 }
1482
1483 for (i = 0; i < num_cmds; i++) {
1484 const GdbCmdParseEntry *cmd = &cmds[i];
1485 g_assert(cmd->handler && cmd->cmd);
1486
1487 if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1488 (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1489 continue;
1490 }
1491
1492 if (cmd->schema) {
1493 if (cmd_parse_params(&data[strlen(cmd->cmd)],
1494 cmd->schema, params)) {
1495 return -1;
1496 }
1497 }
1498
1499 cmd->handler(params, user_ctx);
1500 return 0;
1501 }
1502
1503 return -1;
1504 }
1505
1506 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
1507 {
1508 if (!data) {
1509 return;
1510 }
1511
1512 g_string_set_size(gdbserver_state.str_buf, 0);
1513 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1514
1515 /* In case there was an error during the command parsing we must
1516 * send a NULL packet to indicate the command is not supported */
1517 if (process_string_cmd(NULL, data, cmd, 1)) {
1518 put_packet("");
1519 }
1520 }
1521
1522 static void handle_detach(GArray *params, void *user_ctx)
1523 {
1524 GDBProcess *process;
1525 uint32_t pid = 1;
1526
1527 if (gdbserver_state.multiprocess) {
1528 if (!params->len) {
1529 put_packet("E22");
1530 return;
1531 }
1532
1533 pid = get_param(params, 0)->val_ul;
1534 }
1535
1536 process = gdb_get_process(pid);
1537 gdb_process_breakpoint_remove_all(process);
1538 process->attached = false;
1539
1540 if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1541 gdbserver_state.c_cpu = gdb_first_attached_cpu();
1542 }
1543
1544 if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1545 gdbserver_state.g_cpu = gdb_first_attached_cpu();
1546 }
1547
1548 if (!gdbserver_state.c_cpu) {
1549 /* No more process attached */
1550 gdb_syscall_mode = GDB_SYS_DISABLED;
1551 gdb_continue();
1552 }
1553 put_packet("OK");
1554 }
1555
1556 static void handle_thread_alive(GArray *params, void *user_ctx)
1557 {
1558 CPUState *cpu;
1559
1560 if (!params->len) {
1561 put_packet("E22");
1562 return;
1563 }
1564
1565 if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1566 put_packet("E22");
1567 return;
1568 }
1569
1570 cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1571 get_param(params, 0)->thread_id.tid);
1572 if (!cpu) {
1573 put_packet("E22");
1574 return;
1575 }
1576
1577 put_packet("OK");
1578 }
1579
1580 static void handle_continue(GArray *params, void *user_ctx)
1581 {
1582 if (params->len) {
1583 gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1584 }
1585
1586 gdbserver_state.signal = 0;
1587 gdb_continue();
1588 }
1589
1590 static void handle_cont_with_sig(GArray *params, void *user_ctx)
1591 {
1592 unsigned long signal = 0;
1593
1594 /*
1595 * Note: C sig;[addr] is currently unsupported and we simply
1596 * omit the addr parameter
1597 */
1598 if (params->len) {
1599 signal = get_param(params, 0)->val_ul;
1600 }
1601
1602 gdbserver_state.signal = gdb_signal_to_target(signal);
1603 if (gdbserver_state.signal == -1) {
1604 gdbserver_state.signal = 0;
1605 }
1606 gdb_continue();
1607 }
1608
1609 static void handle_set_thread(GArray *params, void *user_ctx)
1610 {
1611 CPUState *cpu;
1612
1613 if (params->len != 2) {
1614 put_packet("E22");
1615 return;
1616 }
1617
1618 if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1619 put_packet("E22");
1620 return;
1621 }
1622
1623 if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1624 put_packet("OK");
1625 return;
1626 }
1627
1628 cpu = gdb_get_cpu(get_param(params, 1)->thread_id.pid,
1629 get_param(params, 1)->thread_id.tid);
1630 if (!cpu) {
1631 put_packet("E22");
1632 return;
1633 }
1634
1635 /*
1636 * Note: This command is deprecated and modern gdb's will be using the
1637 * vCont command instead.
1638 */
1639 switch (get_param(params, 0)->opcode) {
1640 case 'c':
1641 gdbserver_state.c_cpu = cpu;
1642 put_packet("OK");
1643 break;
1644 case 'g':
1645 gdbserver_state.g_cpu = cpu;
1646 put_packet("OK");
1647 break;
1648 default:
1649 put_packet("E22");
1650 break;
1651 }
1652 }
1653
1654 static void handle_insert_bp(GArray *params, void *user_ctx)
1655 {
1656 int res;
1657
1658 if (params->len != 3) {
1659 put_packet("E22");
1660 return;
1661 }
1662
1663 res = gdb_breakpoint_insert(get_param(params, 0)->val_ul,
1664 get_param(params, 1)->val_ull,
1665 get_param(params, 2)->val_ull);
1666 if (res >= 0) {
1667 put_packet("OK");
1668 return;
1669 } else if (res == -ENOSYS) {
1670 put_packet("");
1671 return;
1672 }
1673
1674 put_packet("E22");
1675 }
1676
1677 static void handle_remove_bp(GArray *params, void *user_ctx)
1678 {
1679 int res;
1680
1681 if (params->len != 3) {
1682 put_packet("E22");
1683 return;
1684 }
1685
1686 res = gdb_breakpoint_remove(get_param(params, 0)->val_ul,
1687 get_param(params, 1)->val_ull,
1688 get_param(params, 2)->val_ull);
1689 if (res >= 0) {
1690 put_packet("OK");
1691 return;
1692 } else if (res == -ENOSYS) {
1693 put_packet("");
1694 return;
1695 }
1696
1697 put_packet("E22");
1698 }
1699
1700 /*
1701 * handle_set/get_reg
1702 *
1703 * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1704 * This works, but can be very slow. Anything new enough to understand
1705 * XML also knows how to use this properly. However to use this we
1706 * need to define a local XML file as well as be talking to a
1707 * reasonably modern gdb. Responding with an empty packet will cause
1708 * the remote gdb to fallback to older methods.
1709 */
1710
1711 static void handle_set_reg(GArray *params, void *user_ctx)
1712 {
1713 int reg_size;
1714
1715 if (!gdb_has_xml) {
1716 put_packet("");
1717 return;
1718 }
1719
1720 if (params->len != 2) {
1721 put_packet("E22");
1722 return;
1723 }
1724
1725 reg_size = strlen(get_param(params, 1)->data) / 2;
1726 hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1727 gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1728 get_param(params, 0)->val_ull);
1729 put_packet("OK");
1730 }
1731
1732 static void handle_get_reg(GArray *params, void *user_ctx)
1733 {
1734 int reg_size;
1735
1736 if (!gdb_has_xml) {
1737 put_packet("");
1738 return;
1739 }
1740
1741 if (!params->len) {
1742 put_packet("E14");
1743 return;
1744 }
1745
1746 reg_size = gdb_read_register(gdbserver_state.g_cpu,
1747 gdbserver_state.mem_buf,
1748 get_param(params, 0)->val_ull);
1749 if (!reg_size) {
1750 put_packet("E14");
1751 return;
1752 } else {
1753 g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1754 }
1755
1756 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, reg_size);
1757 put_strbuf();
1758 }
1759
1760 static void handle_write_mem(GArray *params, void *user_ctx)
1761 {
1762 if (params->len != 3) {
1763 put_packet("E22");
1764 return;
1765 }
1766
1767 /* hextomem() reads 2*len bytes */
1768 if (get_param(params, 1)->val_ull >
1769 strlen(get_param(params, 2)->data) / 2) {
1770 put_packet("E22");
1771 return;
1772 }
1773
1774 hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1775 get_param(params, 1)->val_ull);
1776 if (target_memory_rw_debug(gdbserver_state.g_cpu,
1777 get_param(params, 0)->val_ull,
1778 gdbserver_state.mem_buf->data,
1779 gdbserver_state.mem_buf->len, true)) {
1780 put_packet("E14");
1781 return;
1782 }
1783
1784 put_packet("OK");
1785 }
1786
1787 static void handle_read_mem(GArray *params, void *user_ctx)
1788 {
1789 if (params->len != 2) {
1790 put_packet("E22");
1791 return;
1792 }
1793
1794 /* memtohex() doubles the required space */
1795 if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1796 put_packet("E22");
1797 return;
1798 }
1799
1800 g_byte_array_set_size(gdbserver_state.mem_buf,
1801 get_param(params, 1)->val_ull);
1802
1803 if (target_memory_rw_debug(gdbserver_state.g_cpu,
1804 get_param(params, 0)->val_ull,
1805 gdbserver_state.mem_buf->data,
1806 gdbserver_state.mem_buf->len, false)) {
1807 put_packet("E14");
1808 return;
1809 }
1810
1811 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1812 gdbserver_state.mem_buf->len);
1813 put_strbuf();
1814 }
1815
1816 static void handle_write_all_regs(GArray *params, void *user_ctx)
1817 {
1818 target_ulong addr, len;
1819 uint8_t *registers;
1820 int reg_size;
1821
1822 if (!params->len) {
1823 return;
1824 }
1825
1826 cpu_synchronize_state(gdbserver_state.g_cpu);
1827 len = strlen(get_param(params, 0)->data) / 2;
1828 hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1829 registers = gdbserver_state.mem_buf->data;
1830 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1831 addr++) {
1832 reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, addr);
1833 len -= reg_size;
1834 registers += reg_size;
1835 }
1836 put_packet("OK");
1837 }
1838
1839 static void handle_read_all_regs(GArray *params, void *user_ctx)
1840 {
1841 target_ulong addr, len;
1842
1843 cpu_synchronize_state(gdbserver_state.g_cpu);
1844 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1845 len = 0;
1846 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs; addr++) {
1847 len += gdb_read_register(gdbserver_state.g_cpu,
1848 gdbserver_state.mem_buf,
1849 addr);
1850 }
1851 g_assert(len == gdbserver_state.mem_buf->len);
1852
1853 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1854 put_strbuf();
1855 }
1856
1857 static void handle_file_io(GArray *params, void *user_ctx)
1858 {
1859 if (params->len >= 1 && gdbserver_state.current_syscall_cb) {
1860 target_ulong ret, err;
1861
1862 ret = (target_ulong)get_param(params, 0)->val_ull;
1863 if (params->len >= 2) {
1864 err = (target_ulong)get_param(params, 1)->val_ull;
1865 } else {
1866 err = 0;
1867 }
1868 gdbserver_state.current_syscall_cb(gdbserver_state.c_cpu, ret, err);
1869 gdbserver_state.current_syscall_cb = NULL;
1870 }
1871
1872 if (params->len >= 3 && get_param(params, 2)->opcode == (uint8_t)'C') {
1873 put_packet("T02");
1874 return;
1875 }
1876
1877 gdb_continue();
1878 }
1879
1880 static void handle_step(GArray *params, void *user_ctx)
1881 {
1882 if (params->len) {
1883 gdb_set_cpu_pc((target_ulong)get_param(params, 0)->val_ull);
1884 }
1885
1886 cpu_single_step(gdbserver_state.c_cpu, get_sstep_flags());
1887 gdb_continue();
1888 }
1889
1890 static void handle_backward(GArray *params, void *user_ctx)
1891 {
1892 if (!stub_can_reverse()) {
1893 put_packet("E22");
1894 }
1895 if (params->len == 1) {
1896 switch (get_param(params, 0)->opcode) {
1897 case 's':
1898 if (replay_reverse_step()) {
1899 gdb_continue();
1900 } else {
1901 put_packet("E14");
1902 }
1903 return;
1904 case 'c':
1905 if (replay_reverse_continue()) {
1906 gdb_continue();
1907 } else {
1908 put_packet("E14");
1909 }
1910 return;
1911 }
1912 }
1913
1914 /* Default invalid command */
1915 put_packet("");
1916 }
1917
1918 static void handle_v_cont_query(GArray *params, void *user_ctx)
1919 {
1920 put_packet("vCont;c;C;s;S");
1921 }
1922
1923 static void handle_v_cont(GArray *params, void *user_ctx)
1924 {
1925 int res;
1926
1927 if (!params->len) {
1928 return;
1929 }
1930
1931 res = gdb_handle_vcont(get_param(params, 0)->data);
1932 if ((res == -EINVAL) || (res == -ERANGE)) {
1933 put_packet("E22");
1934 } else if (res) {
1935 put_packet("");
1936 }
1937 }
1938
1939 static void handle_v_attach(GArray *params, void *user_ctx)
1940 {
1941 GDBProcess *process;
1942 CPUState *cpu;
1943
1944 g_string_assign(gdbserver_state.str_buf, "E22");
1945 if (!params->len) {
1946 goto cleanup;
1947 }
1948
1949 process = gdb_get_process(get_param(params, 0)->val_ul);
1950 if (!process) {
1951 goto cleanup;
1952 }
1953
1954 cpu = get_first_cpu_in_process(process);
1955 if (!cpu) {
1956 goto cleanup;
1957 }
1958
1959 process->attached = true;
1960 gdbserver_state.g_cpu = cpu;
1961 gdbserver_state.c_cpu = cpu;
1962
1963 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1964 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1965 g_string_append_c(gdbserver_state.str_buf, ';');
1966 cleanup:
1967 put_strbuf();
1968 }
1969
1970 static void handle_v_kill(GArray *params, void *user_ctx)
1971 {
1972 /* Kill the target */
1973 put_packet("OK");
1974 error_report("QEMU: Terminated via GDBstub");
1975 gdb_exit(0);
1976 exit(0);
1977 }
1978
1979 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1980 /* Order is important if has same prefix */
1981 {
1982 .handler = handle_v_cont_query,
1983 .cmd = "Cont?",
1984 .cmd_startswith = 1
1985 },
1986 {
1987 .handler = handle_v_cont,
1988 .cmd = "Cont",
1989 .cmd_startswith = 1,
1990 .schema = "s0"
1991 },
1992 {
1993 .handler = handle_v_attach,
1994 .cmd = "Attach;",
1995 .cmd_startswith = 1,
1996 .schema = "l0"
1997 },
1998 {
1999 .handler = handle_v_kill,
2000 .cmd = "Kill;",
2001 .cmd_startswith = 1
2002 },
2003 };
2004
2005 static void handle_v_commands(GArray *params, void *user_ctx)
2006 {
2007 if (!params->len) {
2008 return;
2009 }
2010
2011 if (process_string_cmd(NULL, get_param(params, 0)->data,
2012 gdb_v_commands_table,
2013 ARRAY_SIZE(gdb_v_commands_table))) {
2014 put_packet("");
2015 }
2016 }
2017
2018 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
2019 {
2020 g_string_printf(gdbserver_state.str_buf, "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
2021 SSTEP_ENABLE, SSTEP_NOIRQ, SSTEP_NOTIMER);
2022 put_strbuf();
2023 }
2024
2025 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
2026 {
2027 if (!params->len) {
2028 return;
2029 }
2030
2031 sstep_flags = get_param(params, 0)->val_ul;
2032 put_packet("OK");
2033 }
2034
2035 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
2036 {
2037 g_string_printf(gdbserver_state.str_buf, "0x%x", sstep_flags);
2038 put_strbuf();
2039 }
2040
2041 static void handle_query_curr_tid(GArray *params, void *user_ctx)
2042 {
2043 CPUState *cpu;
2044 GDBProcess *process;
2045
2046 /*
2047 * "Current thread" remains vague in the spec, so always return
2048 * the first thread of the current process (gdb returns the
2049 * first thread).
2050 */
2051 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2052 cpu = get_first_cpu_in_process(process);
2053 g_string_assign(gdbserver_state.str_buf, "QC");
2054 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
2055 put_strbuf();
2056 }
2057
2058 static void handle_query_threads(GArray *params, void *user_ctx)
2059 {
2060 if (!gdbserver_state.query_cpu) {
2061 put_packet("l");
2062 return;
2063 }
2064
2065 g_string_assign(gdbserver_state.str_buf, "m");
2066 gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
2067 put_strbuf();
2068 gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
2069 }
2070
2071 static void handle_query_first_threads(GArray *params, void *user_ctx)
2072 {
2073 gdbserver_state.query_cpu = gdb_first_attached_cpu();
2074 handle_query_threads(params, user_ctx);
2075 }
2076
2077 static void handle_query_thread_extra(GArray *params, void *user_ctx)
2078 {
2079 g_autoptr(GString) rs = g_string_new(NULL);
2080 CPUState *cpu;
2081
2082 if (!params->len ||
2083 get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
2084 put_packet("E22");
2085 return;
2086 }
2087
2088 cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
2089 get_param(params, 0)->thread_id.tid);
2090 if (!cpu) {
2091 return;
2092 }
2093
2094 cpu_synchronize_state(cpu);
2095
2096 if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
2097 /* Print the CPU model and name in multiprocess mode */
2098 ObjectClass *oc = object_get_class(OBJECT(cpu));
2099 const char *cpu_model = object_class_get_name(oc);
2100 const char *cpu_name =
2101 object_get_canonical_path_component(OBJECT(cpu));
2102 g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
2103 cpu->halted ? "halted " : "running");
2104 } else {
2105 g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
2106 cpu->halted ? "halted " : "running");
2107 }
2108 trace_gdbstub_op_extra_info(rs->str);
2109 memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
2110 put_strbuf();
2111 }
2112
2113 #ifdef CONFIG_USER_ONLY
2114 static void handle_query_offsets(GArray *params, void *user_ctx)
2115 {
2116 TaskState *ts;
2117
2118 ts = gdbserver_state.c_cpu->opaque;
2119 g_string_printf(gdbserver_state.str_buf,
2120 "Text=" TARGET_ABI_FMT_lx
2121 ";Data=" TARGET_ABI_FMT_lx
2122 ";Bss=" TARGET_ABI_FMT_lx,
2123 ts->info->code_offset,
2124 ts->info->data_offset,
2125 ts->info->data_offset);
2126 put_strbuf();
2127 }
2128 #else
2129 static void handle_query_rcmd(GArray *params, void *user_ctx)
2130 {
2131 const guint8 zero = 0;
2132 int len;
2133
2134 if (!params->len) {
2135 put_packet("E22");
2136 return;
2137 }
2138
2139 len = strlen(get_param(params, 0)->data);
2140 if (len % 2) {
2141 put_packet("E01");
2142 return;
2143 }
2144
2145 g_assert(gdbserver_state.mem_buf->len == 0);
2146 len = len / 2;
2147 hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
2148 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
2149 qemu_chr_be_write(gdbserver_state.mon_chr, gdbserver_state.mem_buf->data,
2150 gdbserver_state.mem_buf->len);
2151 put_packet("OK");
2152 }
2153 #endif
2154
2155 static void handle_query_supported(GArray *params, void *user_ctx)
2156 {
2157 CPUClass *cc;
2158
2159 g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
2160 cc = CPU_GET_CLASS(first_cpu);
2161 if (cc->gdb_core_xml_file) {
2162 g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
2163 }
2164
2165 if (stub_can_reverse()) {
2166 g_string_append(gdbserver_state.str_buf,
2167 ";ReverseStep+;ReverseContinue+");
2168 }
2169
2170 #ifdef CONFIG_USER_ONLY
2171 if (gdbserver_state.c_cpu->opaque) {
2172 g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
2173 }
2174 #endif
2175
2176 if (params->len &&
2177 strstr(get_param(params, 0)->data, "multiprocess+")) {
2178 gdbserver_state.multiprocess = true;
2179 }
2180
2181 g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
2182 put_strbuf();
2183 }
2184
2185 static void handle_query_xfer_features(GArray *params, void *user_ctx)
2186 {
2187 GDBProcess *process;
2188 CPUClass *cc;
2189 unsigned long len, total_len, addr;
2190 const char *xml;
2191 const char *p;
2192
2193 if (params->len < 3) {
2194 put_packet("E22");
2195 return;
2196 }
2197
2198 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2199 cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
2200 if (!cc->gdb_core_xml_file) {
2201 put_packet("");
2202 return;
2203 }
2204
2205 gdb_has_xml = true;
2206 p = get_param(params, 0)->data;
2207 xml = get_feature_xml(p, &p, process);
2208 if (!xml) {
2209 put_packet("E00");
2210 return;
2211 }
2212
2213 addr = get_param(params, 1)->val_ul;
2214 len = get_param(params, 2)->val_ul;
2215 total_len = strlen(xml);
2216 if (addr > total_len) {
2217 put_packet("E00");
2218 return;
2219 }
2220
2221 if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2222 len = (MAX_PACKET_LENGTH - 5) / 2;
2223 }
2224
2225 if (len < total_len - addr) {
2226 g_string_assign(gdbserver_state.str_buf, "m");
2227 memtox(gdbserver_state.str_buf, xml + addr, len);
2228 } else {
2229 g_string_assign(gdbserver_state.str_buf, "l");
2230 memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
2231 }
2232
2233 put_packet_binary(gdbserver_state.str_buf->str,
2234 gdbserver_state.str_buf->len, true);
2235 }
2236
2237 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2238 static void handle_query_xfer_auxv(GArray *params, void *user_ctx)
2239 {
2240 TaskState *ts;
2241 unsigned long offset, len, saved_auxv, auxv_len;
2242
2243 if (params->len < 2) {
2244 put_packet("E22");
2245 return;
2246 }
2247
2248 offset = get_param(params, 0)->val_ul;
2249 len = get_param(params, 1)->val_ul;
2250 ts = gdbserver_state.c_cpu->opaque;
2251 saved_auxv = ts->info->saved_auxv;
2252 auxv_len = ts->info->auxv_len;
2253
2254 if (offset >= auxv_len) {
2255 put_packet("E00");
2256 return;
2257 }
2258
2259 if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2260 len = (MAX_PACKET_LENGTH - 5) / 2;
2261 }
2262
2263 if (len < auxv_len - offset) {
2264 g_string_assign(gdbserver_state.str_buf, "m");
2265 } else {
2266 g_string_assign(gdbserver_state.str_buf, "l");
2267 len = auxv_len - offset;
2268 }
2269
2270 g_byte_array_set_size(gdbserver_state.mem_buf, len);
2271 if (target_memory_rw_debug(gdbserver_state.g_cpu, saved_auxv + offset,
2272 gdbserver_state.mem_buf->data, len, false)) {
2273 put_packet("E14");
2274 return;
2275 }
2276
2277 memtox(gdbserver_state.str_buf,
2278 (const char *)gdbserver_state.mem_buf->data, len);
2279 put_packet_binary(gdbserver_state.str_buf->str,
2280 gdbserver_state.str_buf->len, true);
2281 }
2282 #endif
2283
2284 static void handle_query_attached(GArray *params, void *user_ctx)
2285 {
2286 put_packet(GDB_ATTACHED);
2287 }
2288
2289 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
2290 {
2291 g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
2292 #ifndef CONFIG_USER_ONLY
2293 g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
2294 #endif
2295 put_strbuf();
2296 }
2297
2298 #ifndef CONFIG_USER_ONLY
2299 static void handle_query_qemu_phy_mem_mode(GArray *params,
2300 void *user_ctx)
2301 {
2302 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
2303 put_strbuf();
2304 }
2305
2306 static void handle_set_qemu_phy_mem_mode(GArray *params, void *user_ctx)
2307 {
2308 if (!params->len) {
2309 put_packet("E22");
2310 return;
2311 }
2312
2313 if (!get_param(params, 0)->val_ul) {
2314 phy_memory_mode = 0;
2315 } else {
2316 phy_memory_mode = 1;
2317 }
2318 put_packet("OK");
2319 }
2320 #endif
2321
2322 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2323 /* Order is important if has same prefix */
2324 {
2325 .handler = handle_query_qemu_sstepbits,
2326 .cmd = "qemu.sstepbits",
2327 },
2328 {
2329 .handler = handle_query_qemu_sstep,
2330 .cmd = "qemu.sstep",
2331 },
2332 {
2333 .handler = handle_set_qemu_sstep,
2334 .cmd = "qemu.sstep=",
2335 .cmd_startswith = 1,
2336 .schema = "l0"
2337 },
2338 };
2339
2340 static const GdbCmdParseEntry gdb_gen_query_table[] = {
2341 {
2342 .handler = handle_query_curr_tid,
2343 .cmd = "C",
2344 },
2345 {
2346 .handler = handle_query_threads,
2347 .cmd = "sThreadInfo",
2348 },
2349 {
2350 .handler = handle_query_first_threads,
2351 .cmd = "fThreadInfo",
2352 },
2353 {
2354 .handler = handle_query_thread_extra,
2355 .cmd = "ThreadExtraInfo,",
2356 .cmd_startswith = 1,
2357 .schema = "t0"
2358 },
2359 #ifdef CONFIG_USER_ONLY
2360 {
2361 .handler = handle_query_offsets,
2362 .cmd = "Offsets",
2363 },
2364 #else
2365 {
2366 .handler = handle_query_rcmd,
2367 .cmd = "Rcmd,",
2368 .cmd_startswith = 1,
2369 .schema = "s0"
2370 },
2371 #endif
2372 {
2373 .handler = handle_query_supported,
2374 .cmd = "Supported:",
2375 .cmd_startswith = 1,
2376 .schema = "s0"
2377 },
2378 {
2379 .handler = handle_query_supported,
2380 .cmd = "Supported",
2381 .schema = "s0"
2382 },
2383 {
2384 .handler = handle_query_xfer_features,
2385 .cmd = "Xfer:features:read:",
2386 .cmd_startswith = 1,
2387 .schema = "s:l,l0"
2388 },
2389 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2390 {
2391 .handler = handle_query_xfer_auxv,
2392 .cmd = "Xfer:auxv:read::",
2393 .cmd_startswith = 1,
2394 .schema = "l,l0"
2395 },
2396 #endif
2397 {
2398 .handler = handle_query_attached,
2399 .cmd = "Attached:",
2400 .cmd_startswith = 1
2401 },
2402 {
2403 .handler = handle_query_attached,
2404 .cmd = "Attached",
2405 },
2406 {
2407 .handler = handle_query_qemu_supported,
2408 .cmd = "qemu.Supported",
2409 },
2410 #ifndef CONFIG_USER_ONLY
2411 {
2412 .handler = handle_query_qemu_phy_mem_mode,
2413 .cmd = "qemu.PhyMemMode",
2414 },
2415 #endif
2416 };
2417
2418 static const GdbCmdParseEntry gdb_gen_set_table[] = {
2419 /* Order is important if has same prefix */
2420 {
2421 .handler = handle_set_qemu_sstep,
2422 .cmd = "qemu.sstep:",
2423 .cmd_startswith = 1,
2424 .schema = "l0"
2425 },
2426 #ifndef CONFIG_USER_ONLY
2427 {
2428 .handler = handle_set_qemu_phy_mem_mode,
2429 .cmd = "qemu.PhyMemMode:",
2430 .cmd_startswith = 1,
2431 .schema = "l0"
2432 },
2433 #endif
2434 };
2435
2436 static void handle_gen_query(GArray *params, void *user_ctx)
2437 {
2438 if (!params->len) {
2439 return;
2440 }
2441
2442 if (!process_string_cmd(NULL, get_param(params, 0)->data,
2443 gdb_gen_query_set_common_table,
2444 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2445 return;
2446 }
2447
2448 if (process_string_cmd(NULL, get_param(params, 0)->data,
2449 gdb_gen_query_table,
2450 ARRAY_SIZE(gdb_gen_query_table))) {
2451 put_packet("");
2452 }
2453 }
2454
2455 static void handle_gen_set(GArray *params, void *user_ctx)
2456 {
2457 if (!params->len) {
2458 return;
2459 }
2460
2461 if (!process_string_cmd(NULL, get_param(params, 0)->data,
2462 gdb_gen_query_set_common_table,
2463 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2464 return;
2465 }
2466
2467 if (process_string_cmd(NULL, get_param(params, 0)->data,
2468 gdb_gen_set_table,
2469 ARRAY_SIZE(gdb_gen_set_table))) {
2470 put_packet("");
2471 }
2472 }
2473
2474 static void handle_target_halt(GArray *params, void *user_ctx)
2475 {
2476 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2477 gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2478 g_string_append_c(gdbserver_state.str_buf, ';');
2479 put_strbuf();
2480 /*
2481 * Remove all the breakpoints when this query is issued,
2482 * because gdb is doing an initial connect and the state
2483 * should be cleaned up.
2484 */
2485 gdb_breakpoint_remove_all();
2486 }
2487
2488 static int gdb_handle_packet(const char *line_buf)
2489 {
2490 const GdbCmdParseEntry *cmd_parser = NULL;
2491
2492 trace_gdbstub_io_command(line_buf);
2493
2494 switch (line_buf[0]) {
2495 case '!':
2496 put_packet("OK");
2497 break;
2498 case '?':
2499 {
2500 static const GdbCmdParseEntry target_halted_cmd_desc = {
2501 .handler = handle_target_halt,
2502 .cmd = "?",
2503 .cmd_startswith = 1
2504 };
2505 cmd_parser = &target_halted_cmd_desc;
2506 }
2507 break;
2508 case 'c':
2509 {
2510 static const GdbCmdParseEntry continue_cmd_desc = {
2511 .handler = handle_continue,
2512 .cmd = "c",
2513 .cmd_startswith = 1,
2514 .schema = "L0"
2515 };
2516 cmd_parser = &continue_cmd_desc;
2517 }
2518 break;
2519 case 'C':
2520 {
2521 static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2522 .handler = handle_cont_with_sig,
2523 .cmd = "C",
2524 .cmd_startswith = 1,
2525 .schema = "l0"
2526 };
2527 cmd_parser = &cont_with_sig_cmd_desc;
2528 }
2529 break;
2530 case 'v':
2531 {
2532 static const GdbCmdParseEntry v_cmd_desc = {
2533 .handler = handle_v_commands,
2534 .cmd = "v",
2535 .cmd_startswith = 1,
2536 .schema = "s0"
2537 };
2538 cmd_parser = &v_cmd_desc;
2539 }
2540 break;
2541 case 'k':
2542 /* Kill the target */
2543 error_report("QEMU: Terminated via GDBstub");
2544 gdb_exit(0);
2545 exit(0);
2546 case 'D':
2547 {
2548 static const GdbCmdParseEntry detach_cmd_desc = {
2549 .handler = handle_detach,
2550 .cmd = "D",
2551 .cmd_startswith = 1,
2552 .schema = "?.l0"
2553 };
2554 cmd_parser = &detach_cmd_desc;
2555 }
2556 break;
2557 case 's':
2558 {
2559 static const GdbCmdParseEntry step_cmd_desc = {
2560 .handler = handle_step,
2561 .cmd = "s",
2562 .cmd_startswith = 1,
2563 .schema = "L0"
2564 };
2565 cmd_parser = &step_cmd_desc;
2566 }
2567 break;
2568 case 'b':
2569 {
2570 static const GdbCmdParseEntry backward_cmd_desc = {
2571 .handler = handle_backward,
2572 .cmd = "b",
2573 .cmd_startswith = 1,
2574 .schema = "o0"
2575 };
2576 cmd_parser = &backward_cmd_desc;
2577 }
2578 break;
2579 case 'F':
2580 {
2581 static const GdbCmdParseEntry file_io_cmd_desc = {
2582 .handler = handle_file_io,
2583 .cmd = "F",
2584 .cmd_startswith = 1,
2585 .schema = "L,L,o0"
2586 };
2587 cmd_parser = &file_io_cmd_desc;
2588 }
2589 break;
2590 case 'g':
2591 {
2592 static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2593 .handler = handle_read_all_regs,
2594 .cmd = "g",
2595 .cmd_startswith = 1
2596 };
2597 cmd_parser = &read_all_regs_cmd_desc;
2598 }
2599 break;
2600 case 'G':
2601 {
2602 static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2603 .handler = handle_write_all_regs,
2604 .cmd = "G",
2605 .cmd_startswith = 1,
2606 .schema = "s0"
2607 };
2608 cmd_parser = &write_all_regs_cmd_desc;
2609 }
2610 break;
2611 case 'm':
2612 {
2613 static const GdbCmdParseEntry read_mem_cmd_desc = {
2614 .handler = handle_read_mem,
2615 .cmd = "m",
2616 .cmd_startswith = 1,
2617 .schema = "L,L0"
2618 };
2619 cmd_parser = &read_mem_cmd_desc;
2620 }
2621 break;
2622 case 'M':
2623 {
2624 static const GdbCmdParseEntry write_mem_cmd_desc = {
2625 .handler = handle_write_mem,
2626 .cmd = "M",
2627 .cmd_startswith = 1,
2628 .schema = "L,L:s0"
2629 };
2630 cmd_parser = &write_mem_cmd_desc;
2631 }
2632 break;
2633 case 'p':
2634 {
2635 static const GdbCmdParseEntry get_reg_cmd_desc = {
2636 .handler = handle_get_reg,
2637 .cmd = "p",
2638 .cmd_startswith = 1,
2639 .schema = "L0"
2640 };
2641 cmd_parser = &get_reg_cmd_desc;
2642 }
2643 break;
2644 case 'P':
2645 {
2646 static const GdbCmdParseEntry set_reg_cmd_desc = {
2647 .handler = handle_set_reg,
2648 .cmd = "P",
2649 .cmd_startswith = 1,
2650 .schema = "L?s0"
2651 };
2652 cmd_parser = &set_reg_cmd_desc;
2653 }
2654 break;
2655 case 'Z':
2656 {
2657 static const GdbCmdParseEntry insert_bp_cmd_desc = {
2658 .handler = handle_insert_bp,
2659 .cmd = "Z",
2660 .cmd_startswith = 1,
2661 .schema = "l?L?L0"
2662 };
2663 cmd_parser = &insert_bp_cmd_desc;
2664 }
2665 break;
2666 case 'z':
2667 {
2668 static const GdbCmdParseEntry remove_bp_cmd_desc = {
2669 .handler = handle_remove_bp,
2670 .cmd = "z",
2671 .cmd_startswith = 1,
2672 .schema = "l?L?L0"
2673 };
2674 cmd_parser = &remove_bp_cmd_desc;
2675 }
2676 break;
2677 case 'H':
2678 {
2679 static const GdbCmdParseEntry set_thread_cmd_desc = {
2680 .handler = handle_set_thread,
2681 .cmd = "H",
2682 .cmd_startswith = 1,
2683 .schema = "o.t0"
2684 };
2685 cmd_parser = &set_thread_cmd_desc;
2686 }
2687 break;
2688 case 'T':
2689 {
2690 static const GdbCmdParseEntry thread_alive_cmd_desc = {
2691 .handler = handle_thread_alive,
2692 .cmd = "T",
2693 .cmd_startswith = 1,
2694 .schema = "t0"
2695 };
2696 cmd_parser = &thread_alive_cmd_desc;
2697 }
2698 break;
2699 case 'q':
2700 {
2701 static const GdbCmdParseEntry gen_query_cmd_desc = {
2702 .handler = handle_gen_query,
2703 .cmd = "q",
2704 .cmd_startswith = 1,
2705 .schema = "s0"
2706 };
2707 cmd_parser = &gen_query_cmd_desc;
2708 }
2709 break;
2710 case 'Q':
2711 {
2712 static const GdbCmdParseEntry gen_set_cmd_desc = {
2713 .handler = handle_gen_set,
2714 .cmd = "Q",
2715 .cmd_startswith = 1,
2716 .schema = "s0"
2717 };
2718 cmd_parser = &gen_set_cmd_desc;
2719 }
2720 break;
2721 default:
2722 /* put empty packet */
2723 put_packet("");
2724 break;
2725 }
2726
2727 if (cmd_parser) {
2728 run_cmd_parser(line_buf, cmd_parser);
2729 }
2730
2731 return RS_IDLE;
2732 }
2733
2734 void gdb_set_stop_cpu(CPUState *cpu)
2735 {
2736 GDBProcess *p = gdb_get_cpu_process(cpu);
2737
2738 if (!p->attached) {
2739 /*
2740 * Having a stop CPU corresponding to a process that is not attached
2741 * confuses GDB. So we ignore the request.
2742 */
2743 return;
2744 }
2745
2746 gdbserver_state.c_cpu = cpu;
2747 gdbserver_state.g_cpu = cpu;
2748 }
2749
2750 #ifndef CONFIG_USER_ONLY
2751 static void gdb_vm_state_change(void *opaque, bool running, RunState state)
2752 {
2753 CPUState *cpu = gdbserver_state.c_cpu;
2754 g_autoptr(GString) buf = g_string_new(NULL);
2755 g_autoptr(GString) tid = g_string_new(NULL);
2756 const char *type;
2757 int ret;
2758
2759 if (running || gdbserver_state.state == RS_INACTIVE) {
2760 return;
2761 }
2762 /* Is there a GDB syscall waiting to be sent? */
2763 if (gdbserver_state.current_syscall_cb) {
2764 put_packet(gdbserver_state.syscall_buf);
2765 return;
2766 }
2767
2768 if (cpu == NULL) {
2769 /* No process attached */
2770 return;
2771 }
2772
2773 gdb_append_thread_id(cpu, tid);
2774
2775 switch (state) {
2776 case RUN_STATE_DEBUG:
2777 if (cpu->watchpoint_hit) {
2778 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2779 case BP_MEM_READ:
2780 type = "r";
2781 break;
2782 case BP_MEM_ACCESS:
2783 type = "a";
2784 break;
2785 default:
2786 type = "";
2787 break;
2788 }
2789 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2790 (target_ulong)cpu->watchpoint_hit->vaddr);
2791 g_string_printf(buf, "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2792 GDB_SIGNAL_TRAP, tid->str, type,
2793 (target_ulong)cpu->watchpoint_hit->vaddr);
2794 cpu->watchpoint_hit = NULL;
2795 goto send_packet;
2796 } else {
2797 trace_gdbstub_hit_break();
2798 }
2799 tb_flush(cpu);
2800 ret = GDB_SIGNAL_TRAP;
2801 break;
2802 case RUN_STATE_PAUSED:
2803 trace_gdbstub_hit_paused();
2804 ret = GDB_SIGNAL_INT;
2805 break;
2806 case RUN_STATE_SHUTDOWN:
2807 trace_gdbstub_hit_shutdown();
2808 ret = GDB_SIGNAL_QUIT;
2809 break;
2810 case RUN_STATE_IO_ERROR:
2811 trace_gdbstub_hit_io_error();
2812 ret = GDB_SIGNAL_IO;
2813 break;
2814 case RUN_STATE_WATCHDOG:
2815 trace_gdbstub_hit_watchdog();
2816 ret = GDB_SIGNAL_ALRM;
2817 break;
2818 case RUN_STATE_INTERNAL_ERROR:
2819 trace_gdbstub_hit_internal_error();
2820 ret = GDB_SIGNAL_ABRT;
2821 break;
2822 case RUN_STATE_SAVE_VM:
2823 case RUN_STATE_RESTORE_VM:
2824 return;
2825 case RUN_STATE_FINISH_MIGRATE:
2826 ret = GDB_SIGNAL_XCPU;
2827 break;
2828 default:
2829 trace_gdbstub_hit_unknown(state);
2830 ret = GDB_SIGNAL_UNKNOWN;
2831 break;
2832 }
2833 gdb_set_stop_cpu(cpu);
2834 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
2835
2836 send_packet:
2837 put_packet(buf->str);
2838
2839 /* disable single step if it was enabled */
2840 cpu_single_step(cpu, 0);
2841 }
2842 #endif
2843
2844 /* Send a gdb syscall request.
2845 This accepts limited printf-style format specifiers, specifically:
2846 %x - target_ulong argument printed in hex.
2847 %lx - 64-bit argument printed in hex.
2848 %s - string pointer (target_ulong) and length (int) pair. */
2849 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2850 {
2851 char *p;
2852 char *p_end;
2853 target_ulong addr;
2854 uint64_t i64;
2855
2856 if (!gdbserver_state.init) {
2857 return;
2858 }
2859
2860 gdbserver_state.current_syscall_cb = cb;
2861 #ifndef CONFIG_USER_ONLY
2862 vm_stop(RUN_STATE_DEBUG);
2863 #endif
2864 p = &gdbserver_state.syscall_buf[0];
2865 p_end = &gdbserver_state.syscall_buf[sizeof(gdbserver_state.syscall_buf)];
2866 *(p++) = 'F';
2867 while (*fmt) {
2868 if (*fmt == '%') {
2869 fmt++;
2870 switch (*fmt++) {
2871 case 'x':
2872 addr = va_arg(va, target_ulong);
2873 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2874 break;
2875 case 'l':
2876 if (*(fmt++) != 'x')
2877 goto bad_format;
2878 i64 = va_arg(va, uint64_t);
2879 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2880 break;
2881 case 's':
2882 addr = va_arg(va, target_ulong);
2883 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2884 addr, va_arg(va, int));
2885 break;
2886 default:
2887 bad_format:
2888 error_report("gdbstub: Bad syscall format string '%s'",
2889 fmt - 1);
2890 break;
2891 }
2892 } else {
2893 *(p++) = *(fmt++);
2894 }
2895 }
2896 *p = 0;
2897 #ifdef CONFIG_USER_ONLY
2898 put_packet(gdbserver_state.syscall_buf);
2899 /* Return control to gdb for it to process the syscall request.
2900 * Since the protocol requires that gdb hands control back to us
2901 * using a "here are the results" F packet, we don't need to check
2902 * gdb_handlesig's return value (which is the signal to deliver if
2903 * execution was resumed via a continue packet).
2904 */
2905 gdb_handlesig(gdbserver_state.c_cpu, 0);
2906 #else
2907 /* In this case wait to send the syscall packet until notification that
2908 the CPU has stopped. This must be done because if the packet is sent
2909 now the reply from the syscall request could be received while the CPU
2910 is still in the running state, which can cause packets to be dropped
2911 and state transition 'T' packets to be sent while the syscall is still
2912 being processed. */
2913 qemu_cpu_kick(gdbserver_state.c_cpu);
2914 #endif
2915 }
2916
2917 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2918 {
2919 va_list va;
2920
2921 va_start(va, fmt);
2922 gdb_do_syscallv(cb, fmt, va);
2923 va_end(va);
2924 }
2925
2926 static void gdb_read_byte(uint8_t ch)
2927 {
2928 uint8_t reply;
2929
2930 #ifndef CONFIG_USER_ONLY
2931 if (gdbserver_state.last_packet->len) {
2932 /* Waiting for a response to the last packet. If we see the start
2933 of a new command then abandon the previous response. */
2934 if (ch == '-') {
2935 trace_gdbstub_err_got_nack();
2936 put_buffer(gdbserver_state.last_packet->data,
2937 gdbserver_state.last_packet->len);
2938 } else if (ch == '+') {
2939 trace_gdbstub_io_got_ack();
2940 } else {
2941 trace_gdbstub_io_got_unexpected(ch);
2942 }
2943
2944 if (ch == '+' || ch == '$') {
2945 g_byte_array_set_size(gdbserver_state.last_packet, 0);
2946 }
2947 if (ch != '$')
2948 return;
2949 }
2950 if (runstate_is_running()) {
2951 /* when the CPU is running, we cannot do anything except stop
2952 it when receiving a char */
2953 vm_stop(RUN_STATE_PAUSED);
2954 } else
2955 #endif
2956 {
2957 switch(gdbserver_state.state) {
2958 case RS_IDLE:
2959 if (ch == '$') {
2960 /* start of command packet */
2961 gdbserver_state.line_buf_index = 0;
2962 gdbserver_state.line_sum = 0;
2963 gdbserver_state.state = RS_GETLINE;
2964 } else {
2965 trace_gdbstub_err_garbage(ch);
2966 }
2967 break;
2968 case RS_GETLINE:
2969 if (ch == '}') {
2970 /* start escape sequence */
2971 gdbserver_state.state = RS_GETLINE_ESC;
2972 gdbserver_state.line_sum += ch;
2973 } else if (ch == '*') {
2974 /* start run length encoding sequence */
2975 gdbserver_state.state = RS_GETLINE_RLE;
2976 gdbserver_state.line_sum += ch;
2977 } else if (ch == '#') {
2978 /* end of command, start of checksum*/
2979 gdbserver_state.state = RS_CHKSUM1;
2980 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2981 trace_gdbstub_err_overrun();
2982 gdbserver_state.state = RS_IDLE;
2983 } else {
2984 /* unescaped command character */
2985 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2986 gdbserver_state.line_sum += ch;
2987 }
2988 break;
2989 case RS_GETLINE_ESC:
2990 if (ch == '#') {
2991 /* unexpected end of command in escape sequence */
2992 gdbserver_state.state = RS_CHKSUM1;
2993 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2994 /* command buffer overrun */
2995 trace_gdbstub_err_overrun();
2996 gdbserver_state.state = RS_IDLE;
2997 } else {
2998 /* parse escaped character and leave escape state */
2999 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
3000 gdbserver_state.line_sum += ch;
3001 gdbserver_state.state = RS_GETLINE;
3002 }
3003 break;
3004 case RS_GETLINE_RLE:
3005 /*
3006 * Run-length encoding is explained in "Debugging with GDB /
3007 * Appendix E GDB Remote Serial Protocol / Overview".
3008 */
3009 if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
3010 /* invalid RLE count encoding */
3011 trace_gdbstub_err_invalid_repeat(ch);
3012 gdbserver_state.state = RS_GETLINE;
3013 } else {
3014 /* decode repeat length */
3015 int repeat = ch - ' ' + 3;
3016 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
3017 /* that many repeats would overrun the command buffer */
3018 trace_gdbstub_err_overrun();
3019 gdbserver_state.state = RS_IDLE;
3020 } else if (gdbserver_state.line_buf_index < 1) {
3021 /* got a repeat but we have nothing to repeat */
3022 trace_gdbstub_err_invalid_rle();
3023 gdbserver_state.state = RS_GETLINE;
3024 } else {
3025 /* repeat the last character */
3026 memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
3027 gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
3028 gdbserver_state.line_buf_index += repeat;
3029 gdbserver_state.line_sum += ch;
3030 gdbserver_state.state = RS_GETLINE;
3031 }
3032 }
3033 break;
3034 case RS_CHKSUM1:
3035 /* get high hex digit of checksum */
3036 if (!isxdigit(ch)) {
3037 trace_gdbstub_err_checksum_invalid(ch);
3038 gdbserver_state.state = RS_GETLINE;
3039 break;
3040 }
3041 gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
3042 gdbserver_state.line_csum = fromhex(ch) << 4;
3043 gdbserver_state.state = RS_CHKSUM2;
3044 break;
3045 case RS_CHKSUM2:
3046 /* get low hex digit of checksum */
3047 if (!isxdigit(ch)) {
3048 trace_gdbstub_err_checksum_invalid(ch);
3049 gdbserver_state.state = RS_GETLINE;
3050 break;
3051 }
3052 gdbserver_state.line_csum |= fromhex(ch);
3053
3054 if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
3055 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
3056 /* send NAK reply */
3057 reply = '-';
3058 put_buffer(&reply, 1);
3059 gdbserver_state.state = RS_IDLE;
3060 } else {
3061 /* send ACK reply */
3062 reply = '+';
3063 put_buffer(&reply, 1);
3064 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
3065 }
3066 break;
3067 default:
3068 abort();
3069 }
3070 }
3071 }
3072
3073 /* Tell the remote gdb that the process has exited. */
3074 void gdb_exit(int code)
3075 {
3076 char buf[4];
3077
3078 if (!gdbserver_state.init) {
3079 return;
3080 }
3081 #ifdef CONFIG_USER_ONLY
3082 if (gdbserver_state.socket_path) {
3083 unlink(gdbserver_state.socket_path);
3084 }
3085 if (gdbserver_state.fd < 0) {
3086 return;
3087 }
3088 #endif
3089
3090 trace_gdbstub_op_exiting((uint8_t)code);
3091
3092 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
3093 put_packet(buf);
3094
3095 #ifndef CONFIG_USER_ONLY
3096 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3097 #endif
3098 }
3099
3100 /*
3101 * Create the process that will contain all the "orphan" CPUs (that are not
3102 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
3103 * be attachable and thus will be invisible to the user.
3104 */
3105 static void create_default_process(GDBState *s)
3106 {
3107 GDBProcess *process;
3108 int max_pid = 0;
3109
3110 if (gdbserver_state.process_num) {
3111 max_pid = s->processes[s->process_num - 1].pid;
3112 }
3113
3114 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3115 process = &s->processes[s->process_num - 1];
3116
3117 /* We need an available PID slot for this process */
3118 assert(max_pid < UINT32_MAX);
3119
3120 process->pid = max_pid + 1;
3121 process->attached = false;
3122 process->target_xml[0] = '\0';
3123 }
3124
3125 #ifdef CONFIG_USER_ONLY
3126 int
3127 gdb_handlesig(CPUState *cpu, int sig)
3128 {
3129 char buf[256];
3130 int n;
3131
3132 if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3133 return sig;
3134 }
3135
3136 /* disable single step if it was enabled */
3137 cpu_single_step(cpu, 0);
3138 tb_flush(cpu);
3139
3140 if (sig != 0) {
3141 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
3142 put_packet(buf);
3143 }
3144 /* put_packet() might have detected that the peer terminated the
3145 connection. */
3146 if (gdbserver_state.fd < 0) {
3147 return sig;
3148 }
3149
3150 sig = 0;
3151 gdbserver_state.state = RS_IDLE;
3152 gdbserver_state.running_state = 0;
3153 while (gdbserver_state.running_state == 0) {
3154 n = read(gdbserver_state.fd, buf, 256);
3155 if (n > 0) {
3156 int i;
3157
3158 for (i = 0; i < n; i++) {
3159 gdb_read_byte(buf[i]);
3160 }
3161 } else {
3162 /* XXX: Connection closed. Should probably wait for another
3163 connection before continuing. */
3164 if (n == 0) {
3165 close(gdbserver_state.fd);
3166 }
3167 gdbserver_state.fd = -1;
3168 return sig;
3169 }
3170 }
3171 sig = gdbserver_state.signal;
3172 gdbserver_state.signal = 0;
3173 return sig;
3174 }
3175
3176 /* Tell the remote gdb that the process has exited due to SIG. */
3177 void gdb_signalled(CPUArchState *env, int sig)
3178 {
3179 char buf[4];
3180
3181 if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3182 return;
3183 }
3184
3185 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3186 put_packet(buf);
3187 }
3188
3189 static void gdb_accept_init(int fd)
3190 {
3191 init_gdbserver_state();
3192 create_default_process(&gdbserver_state);
3193 gdbserver_state.processes[0].attached = true;
3194 gdbserver_state.c_cpu = gdb_first_attached_cpu();
3195 gdbserver_state.g_cpu = gdbserver_state.c_cpu;
3196 gdbserver_state.fd = fd;
3197 gdb_has_xml = false;
3198 }
3199
3200 static bool gdb_accept_socket(int gdb_fd)
3201 {
3202 int fd;
3203
3204 for(;;) {
3205 fd = accept(gdb_fd, NULL, NULL);
3206 if (fd < 0 && errno != EINTR) {
3207 perror("accept socket");
3208 return false;
3209 } else if (fd >= 0) {
3210 qemu_set_cloexec(fd);
3211 break;
3212 }
3213 }
3214
3215 gdb_accept_init(fd);
3216 return true;
3217 }
3218
3219 static int gdbserver_open_socket(const char *path)
3220 {
3221 struct sockaddr_un sockaddr;
3222 int fd, ret;
3223
3224 fd = socket(AF_UNIX, SOCK_STREAM, 0);
3225 if (fd < 0) {
3226 perror("create socket");
3227 return -1;
3228 }
3229
3230 sockaddr.sun_family = AF_UNIX;
3231 pstrcpy(sockaddr.sun_path, sizeof(sockaddr.sun_path) - 1, path);
3232 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3233 if (ret < 0) {
3234 perror("bind socket");
3235 close(fd);
3236 return -1;
3237 }
3238 ret = listen(fd, 1);
3239 if (ret < 0) {
3240 perror("listen socket");
3241 close(fd);
3242 return -1;
3243 }
3244
3245 return fd;
3246 }
3247
3248 static bool gdb_accept_tcp(int gdb_fd)
3249 {
3250 struct sockaddr_in sockaddr;
3251 socklen_t len;
3252 int fd;
3253
3254 for(;;) {
3255 len = sizeof(sockaddr);
3256 fd = accept(gdb_fd, (struct sockaddr *)&sockaddr, &len);
3257 if (fd < 0 && errno != EINTR) {
3258 perror("accept");
3259 return false;
3260 } else if (fd >= 0) {
3261 qemu_set_cloexec(fd);
3262 break;
3263 }
3264 }
3265
3266 /* set short latency */
3267 if (socket_set_nodelay(fd)) {
3268 perror("setsockopt");
3269 close(fd);
3270 return false;
3271 }
3272
3273 gdb_accept_init(fd);
3274 return true;
3275 }
3276
3277 static int gdbserver_open_port(int port)
3278 {
3279 struct sockaddr_in sockaddr;
3280 int fd, ret;
3281
3282 fd = socket(PF_INET, SOCK_STREAM, 0);
3283 if (fd < 0) {
3284 perror("socket");
3285 return -1;
3286 }
3287 qemu_set_cloexec(fd);
3288
3289 socket_set_fast_reuse(fd);
3290
3291 sockaddr.sin_family = AF_INET;
3292 sockaddr.sin_port = htons(port);
3293 sockaddr.sin_addr.s_addr = 0;
3294 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3295 if (ret < 0) {
3296 perror("bind");
3297 close(fd);
3298 return -1;
3299 }
3300 ret = listen(fd, 1);
3301 if (ret < 0) {
3302 perror("listen");
3303 close(fd);
3304 return -1;
3305 }
3306
3307 return fd;
3308 }
3309
3310 int gdbserver_start(const char *port_or_path)
3311 {
3312 int port = g_ascii_strtoull(port_or_path, NULL, 10);
3313 int gdb_fd;
3314
3315 if (port > 0) {
3316 gdb_fd = gdbserver_open_port(port);
3317 } else {
3318 gdb_fd = gdbserver_open_socket(port_or_path);
3319 }
3320
3321 if (gdb_fd < 0) {
3322 return -1;
3323 }
3324
3325 if (port > 0 && gdb_accept_tcp(gdb_fd)) {
3326 return 0;
3327 } else if (gdb_accept_socket(gdb_fd)) {
3328 gdbserver_state.socket_path = g_strdup(port_or_path);
3329 return 0;
3330 }
3331
3332 /* gone wrong */
3333 close(gdb_fd);
3334 return -1;
3335 }
3336
3337 /* Disable gdb stub for child processes. */
3338 void gdbserver_fork(CPUState *cpu)
3339 {
3340 if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3341 return;
3342 }
3343 close(gdbserver_state.fd);
3344 gdbserver_state.fd = -1;
3345 cpu_breakpoint_remove_all(cpu, BP_GDB);
3346 cpu_watchpoint_remove_all(cpu, BP_GDB);
3347 }
3348 #else
3349 static int gdb_chr_can_receive(void *opaque)
3350 {
3351 /* We can handle an arbitrarily large amount of data.
3352 Pick the maximum packet size, which is as good as anything. */
3353 return MAX_PACKET_LENGTH;
3354 }
3355
3356 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3357 {
3358 int i;
3359
3360 for (i = 0; i < size; i++) {
3361 gdb_read_byte(buf[i]);
3362 }
3363 }
3364
3365 static void gdb_chr_event(void *opaque, QEMUChrEvent event)
3366 {
3367 int i;
3368 GDBState *s = (GDBState *) opaque;
3369
3370 switch (event) {
3371 case CHR_EVENT_OPENED:
3372 /* Start with first process attached, others detached */
3373 for (i = 0; i < s->process_num; i++) {
3374 s->processes[i].attached = !i;
3375 }
3376
3377 s->c_cpu = gdb_first_attached_cpu();
3378 s->g_cpu = s->c_cpu;
3379
3380 vm_stop(RUN_STATE_PAUSED);
3381 replay_gdb_attached();
3382 gdb_has_xml = false;
3383 break;
3384 default:
3385 break;
3386 }
3387 }
3388
3389 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3390 {
3391 g_autoptr(GString) hex_buf = g_string_new("O");
3392 memtohex(hex_buf, buf, len);
3393 put_packet(hex_buf->str);
3394 return len;
3395 }
3396
3397 #ifndef _WIN32
3398 static void gdb_sigterm_handler(int signal)
3399 {
3400 if (runstate_is_running()) {
3401 vm_stop(RUN_STATE_PAUSED);
3402 }
3403 }
3404 #endif
3405
3406 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3407 bool *be_opened, Error **errp)
3408 {
3409 *be_opened = false;
3410 }
3411
3412 static void char_gdb_class_init(ObjectClass *oc, void *data)
3413 {
3414 ChardevClass *cc = CHARDEV_CLASS(oc);
3415
3416 cc->internal = true;
3417 cc->open = gdb_monitor_open;
3418 cc->chr_write = gdb_monitor_write;
3419 }
3420
3421 #define TYPE_CHARDEV_GDB "chardev-gdb"
3422
3423 static const TypeInfo char_gdb_type_info = {
3424 .name = TYPE_CHARDEV_GDB,
3425 .parent = TYPE_CHARDEV,
3426 .class_init = char_gdb_class_init,
3427 };
3428
3429 static int find_cpu_clusters(Object *child, void *opaque)
3430 {
3431 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3432 GDBState *s = (GDBState *) opaque;
3433 CPUClusterState *cluster = CPU_CLUSTER(child);
3434 GDBProcess *process;
3435
3436 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3437
3438 process = &s->processes[s->process_num - 1];
3439
3440 /*
3441 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3442 * runtime, we enforce here that the machine does not use a cluster ID
3443 * that would lead to PID 0.
3444 */
3445 assert(cluster->cluster_id != UINT32_MAX);
3446 process->pid = cluster->cluster_id + 1;
3447 process->attached = false;
3448 process->target_xml[0] = '\0';
3449
3450 return 0;
3451 }
3452
3453 return object_child_foreach(child, find_cpu_clusters, opaque);
3454 }
3455
3456 static int pid_order(const void *a, const void *b)
3457 {
3458 GDBProcess *pa = (GDBProcess *) a;
3459 GDBProcess *pb = (GDBProcess *) b;
3460
3461 if (pa->pid < pb->pid) {
3462 return -1;
3463 } else if (pa->pid > pb->pid) {
3464 return 1;
3465 } else {
3466 return 0;
3467 }
3468 }
3469
3470 static void create_processes(GDBState *s)
3471 {
3472 object_child_foreach(object_get_root(), find_cpu_clusters, s);
3473
3474 if (gdbserver_state.processes) {
3475 /* Sort by PID */
3476 qsort(gdbserver_state.processes, gdbserver_state.process_num, sizeof(gdbserver_state.processes[0]), pid_order);
3477 }
3478
3479 create_default_process(s);
3480 }
3481
3482 int gdbserver_start(const char *device)
3483 {
3484 trace_gdbstub_op_start(device);
3485
3486 char gdbstub_device_name[128];
3487 Chardev *chr = NULL;
3488 Chardev *mon_chr;
3489
3490 if (!first_cpu) {
3491 error_report("gdbstub: meaningless to attach gdb to a "
3492 "machine without any CPU.");
3493 return -1;
3494 }
3495
3496 if (!device)
3497 return -1;
3498 if (strcmp(device, "none") != 0) {
3499 if (strstart(device, "tcp:", NULL)) {
3500 /* enforce required TCP attributes */
3501 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3502 "%s,wait=off,nodelay=on,server=on", device);
3503 device = gdbstub_device_name;
3504 }
3505 #ifndef _WIN32
3506 else if (strcmp(device, "stdio") == 0) {
3507 struct sigaction act;
3508
3509 memset(&act, 0, sizeof(act));
3510 act.sa_handler = gdb_sigterm_handler;
3511 sigaction(SIGINT, &act, NULL);
3512 }
3513 #endif
3514 /*
3515 * FIXME: it's a bit weird to allow using a mux chardev here
3516 * and implicitly setup a monitor. We may want to break this.
3517 */
3518 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3519 if (!chr)
3520 return -1;
3521 }
3522
3523 if (!gdbserver_state.init) {
3524 init_gdbserver_state();
3525
3526 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3527
3528 /* Initialize a monitor terminal for gdb */
3529 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3530 NULL, NULL, &error_abort);
3531 monitor_init_hmp(mon_chr, false, &error_abort);
3532 } else {
3533 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3534 mon_chr = gdbserver_state.mon_chr;
3535 reset_gdbserver_state();
3536 }
3537
3538 create_processes(&gdbserver_state);
3539
3540 if (chr) {
3541 qemu_chr_fe_init(&gdbserver_state.chr, chr, &error_abort);
3542 qemu_chr_fe_set_handlers(&gdbserver_state.chr, gdb_chr_can_receive,
3543 gdb_chr_receive, gdb_chr_event,
3544 NULL, &gdbserver_state, NULL, true);
3545 }
3546 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
3547 gdbserver_state.mon_chr = mon_chr;
3548 gdbserver_state.current_syscall_cb = NULL;
3549
3550 return 0;
3551 }
3552
3553 static void register_types(void)
3554 {
3555 type_register_static(&char_gdb_type_info);
3556 }
3557
3558 type_init(register_types);
3559 #endif