1 /*
2  * gdb server stub
3  *
4  * This implements a subset of the remote protocol as described in:
5  *
6  *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7  *
8  * Copyright (c) 2003-2005 Fabrice Bellard
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22  *
23  * SPDX-License-Identifier: LGPL-2.0-or-later
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qemu/ctype.h"
28 #include "qemu/cutils.h"
29 #include "qemu/module.h"
30 #include "qemu/error-report.h"
31 #include "qemu/target-info.h"
32 #include "trace.h"
33 #include "exec/gdbstub.h"
34 #include "gdbstub/commands.h"
35 #include "gdbstub/syscalls.h"
36 #ifdef CONFIG_USER_ONLY
37 #include "accel/tcg/vcpu-state.h"
38 #include "gdbstub/user.h"
39 #else
40 #include "hw/cpu/cluster.h"
41 #include "hw/boards.h"
42 #endif
43 #include "hw/core/cpu.h"
44 
45 #include "system/hw_accel.h"
46 #include "system/runstate.h"
47 #include "exec/replay-core.h"
48 #include "exec/hwaddr.h"
49 
50 #include "internals.h"
51 
52 typedef struct GDBRegisterState {
53     int base_reg;
54     gdb_get_reg_cb get_reg;
55     gdb_set_reg_cb set_reg;
56     const GDBFeature *feature;
57 } GDBRegisterState;
58 
59 GDBState gdbserver_state;
60 
gdb_init_gdbserver_state(void)61 void gdb_init_gdbserver_state(void)
62 {
63     g_assert(!gdbserver_state.init);
64     memset(&gdbserver_state, 0, sizeof(GDBState));
65     gdbserver_state.init = true;
66     gdbserver_state.str_buf = g_string_new(NULL);
67     gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
68     gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
69 
70     /*
71      * What single-step modes are supported is accelerator dependent.
72      * By default try to use no IRQs and no timers while single
73      * stepping so as to make single stepping like a typical ICE HW step.
74      */
75     gdbserver_state.supported_sstep_flags = accel_supported_gdbstub_sstep_flags();
76     gdbserver_state.sstep_flags = SSTEP_ENABLE | SSTEP_NOIRQ | SSTEP_NOTIMER;
77     gdbserver_state.sstep_flags &= gdbserver_state.supported_sstep_flags;
78 }
79 
80 /* writes 2*len+1 bytes in buf */
gdb_memtohex(GString * buf,const uint8_t * mem,int len)81 void gdb_memtohex(GString *buf, const uint8_t *mem, int len)
82 {
83     int i, c;
84     for(i = 0; i < len; i++) {
85         c = mem[i];
86         g_string_append_c(buf, tohex(c >> 4));
87         g_string_append_c(buf, tohex(c & 0xf));
88     }
89     g_string_append_c(buf, '\0');
90 }
91 
gdb_hextomem(GByteArray * mem,const char * buf,int len)92 void gdb_hextomem(GByteArray *mem, const char *buf, int len)
93 {
94     int i;
95 
96     for(i = 0; i < len; i++) {
97         guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
98         g_byte_array_append(mem, &byte, 1);
99         buf += 2;
100     }
101 }
102 
hexdump(const char * buf,int len,void (* trace_fn)(size_t ofs,char const * text))103 static void hexdump(const char *buf, int len,
104                     void (*trace_fn)(size_t ofs, char const *text))
105 {
106     char line_buffer[3 * 16 + 4 + 16 + 1];
107 
108     size_t i;
109     for (i = 0; i < len || (i & 0xF); ++i) {
110         size_t byte_ofs = i & 15;
111 
112         if (byte_ofs == 0) {
113             memset(line_buffer, ' ', 3 * 16 + 4 + 16);
114             line_buffer[3 * 16 + 4 + 16] = 0;
115         }
116 
117         size_t col_group = (i >> 2) & 3;
118         size_t hex_col = byte_ofs * 3 + col_group;
119         size_t txt_col = 3 * 16 + 4 + byte_ofs;
120 
121         if (i < len) {
122             char value = buf[i];
123 
124             line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
125             line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
126             line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
127                     ? value
128                     : '.';
129         }
130 
131         if (byte_ofs == 0xF)
132             trace_fn(i & -16, line_buffer);
133     }
134 }
135 
136 /* return -1 if error, 0 if OK */
gdb_put_packet_binary(const char * buf,int len,bool dump)137 int gdb_put_packet_binary(const char *buf, int len, bool dump)
138 {
139     int csum, i;
140     uint8_t footer[3];
141 
142     if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
143         hexdump(buf, len, trace_gdbstub_io_binaryreply);
144     }
145 
146     for(;;) {
147         g_byte_array_set_size(gdbserver_state.last_packet, 0);
148         g_byte_array_append(gdbserver_state.last_packet,
149                             (const uint8_t *) "$", 1);
150         g_byte_array_append(gdbserver_state.last_packet,
151                             (const uint8_t *) buf, len);
152         csum = 0;
153         for(i = 0; i < len; i++) {
154             csum += buf[i];
155         }
156         footer[0] = '#';
157         footer[1] = tohex((csum >> 4) & 0xf);
158         footer[2] = tohex((csum) & 0xf);
159         g_byte_array_append(gdbserver_state.last_packet, footer, 3);
160 
161         gdb_put_buffer(gdbserver_state.last_packet->data,
162                    gdbserver_state.last_packet->len);
163 
164         if (gdb_got_immediate_ack()) {
165             break;
166         }
167     }
168     return 0;
169 }
170 
171 /* return -1 if error, 0 if OK */
gdb_put_packet(const char * buf)172 int gdb_put_packet(const char *buf)
173 {
174     trace_gdbstub_io_reply(buf);
175 
176     return gdb_put_packet_binary(buf, strlen(buf), false);
177 }
178 
gdb_put_strbuf(void)179 void gdb_put_strbuf(void)
180 {
181     gdb_put_packet(gdbserver_state.str_buf->str);
182 }
183 
184 /* Encode data using the encoding for 'x' packets.  */
gdb_memtox(GString * buf,const char * mem,int len)185 void gdb_memtox(GString *buf, const char *mem, int len)
186 {
187     char c;
188 
189     while (len--) {
190         c = *(mem++);
191         switch (c) {
192         case '#': case '$': case '*': case '}':
193             g_string_append_c(buf, '}');
194             g_string_append_c(buf, c ^ 0x20);
195             break;
196         default:
197             g_string_append_c(buf, c);
198             break;
199         }
200     }
201 }
202 
gdb_get_cpu_pid(CPUState * cpu)203 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
204 {
205 #ifdef CONFIG_USER_ONLY
206     return getpid();
207 #else
208     if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
209         /* Return the default process' PID */
210         int index = gdbserver_state.process_num - 1;
211         return gdbserver_state.processes[index].pid;
212     }
213     return cpu->cluster_index + 1;
214 #endif
215 }
216 
gdb_get_process(uint32_t pid)217 GDBProcess *gdb_get_process(uint32_t pid)
218 {
219     int i;
220 
221     if (!pid) {
222         /* 0 means any process, we take the first one */
223         return &gdbserver_state.processes[0];
224     }
225 
226     for (i = 0; i < gdbserver_state.process_num; i++) {
227         if (gdbserver_state.processes[i].pid == pid) {
228             return &gdbserver_state.processes[i];
229         }
230     }
231 
232     return NULL;
233 }
234 
gdb_get_cpu_process(CPUState * cpu)235 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
236 {
237     return gdb_get_process(gdb_get_cpu_pid(cpu));
238 }
239 
find_cpu(uint32_t thread_id)240 static CPUState *find_cpu(uint32_t thread_id)
241 {
242     CPUState *cpu;
243 
244     CPU_FOREACH(cpu) {
245         if (gdb_get_cpu_index(cpu) == thread_id) {
246             return cpu;
247         }
248     }
249 
250     return NULL;
251 }
252 
gdb_get_first_cpu_in_process(GDBProcess * process)253 CPUState *gdb_get_first_cpu_in_process(GDBProcess *process)
254 {
255     CPUState *cpu;
256 
257     CPU_FOREACH(cpu) {
258         if (gdb_get_cpu_pid(cpu) == process->pid) {
259             return cpu;
260         }
261     }
262 
263     return NULL;
264 }
265 
gdb_next_cpu_in_process(CPUState * cpu)266 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
267 {
268     uint32_t pid = gdb_get_cpu_pid(cpu);
269     cpu = CPU_NEXT(cpu);
270 
271     while (cpu) {
272         if (gdb_get_cpu_pid(cpu) == pid) {
273             break;
274         }
275 
276         cpu = CPU_NEXT(cpu);
277     }
278 
279     return cpu;
280 }
281 
282 /* Return the cpu following @cpu, while ignoring unattached processes. */
gdb_next_attached_cpu(CPUState * cpu)283 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
284 {
285     cpu = CPU_NEXT(cpu);
286 
287     while (cpu) {
288         if (gdb_get_cpu_process(cpu)->attached) {
289             break;
290         }
291 
292         cpu = CPU_NEXT(cpu);
293     }
294 
295     return cpu;
296 }
297 
298 /* Return the first attached cpu */
gdb_first_attached_cpu(void)299 CPUState *gdb_first_attached_cpu(void)
300 {
301     CPUState *cpu = first_cpu;
302     GDBProcess *process = gdb_get_cpu_process(cpu);
303 
304     if (!process->attached) {
305         return gdb_next_attached_cpu(cpu);
306     }
307 
308     return cpu;
309 }
310 
gdb_get_cpu(uint32_t pid,uint32_t tid)311 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
312 {
313     GDBProcess *process;
314     CPUState *cpu;
315 
316     if (!pid && !tid) {
317         /* 0 means any process/thread, we take the first attached one */
318         return gdb_first_attached_cpu();
319     } else if (pid && !tid) {
320         /* any thread in a specific process */
321         process = gdb_get_process(pid);
322 
323         if (process == NULL) {
324             return NULL;
325         }
326 
327         if (!process->attached) {
328             return NULL;
329         }
330 
331         return gdb_get_first_cpu_in_process(process);
332     } else {
333         /* a specific thread */
334         cpu = find_cpu(tid);
335 
336         if (cpu == NULL) {
337             return NULL;
338         }
339 
340         process = gdb_get_cpu_process(cpu);
341 
342         if (pid && process->pid != pid) {
343             return NULL;
344         }
345 
346         if (!process->attached) {
347             return NULL;
348         }
349 
350         return cpu;
351     }
352 }
353 
get_feature_xml(const char * p,const char ** newp,GDBProcess * process)354 static const char *get_feature_xml(const char *p, const char **newp,
355                                    GDBProcess *process)
356 {
357     CPUState *cpu = gdb_get_first_cpu_in_process(process);
358     GDBRegisterState *r;
359     size_t len;
360 
361     /*
362      * qXfer:features:read:ANNEX:OFFSET,LENGTH'
363      *                     ^p    ^newp
364      */
365     char *term = strchr(p, ':');
366     *newp = term + 1;
367     len = term - p;
368 
369     /* Is it the main target xml? */
370     if (strncmp(p, "target.xml", len) == 0) {
371         if (!process->target_xml) {
372             g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free);
373 
374             g_ptr_array_add(
375                 xml,
376                 g_strdup("<?xml version=\"1.0\"?>"
377                          "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
378                          "<target>"));
379 
380             if (cpu->cc->gdb_arch_name) {
381                 g_ptr_array_add(
382                     xml,
383                     g_markup_printf_escaped("<architecture>%s</architecture>",
384                                             cpu->cc->gdb_arch_name(cpu)));
385             }
386             for (guint i = 0; i < cpu->gdb_regs->len; i++) {
387                 r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
388                 g_ptr_array_add(
389                     xml,
390                     g_markup_printf_escaped("<xi:include href=\"%s\"/>",
391                                             r->feature->xmlname));
392             }
393             g_ptr_array_add(xml, g_strdup("</target>"));
394             g_ptr_array_add(xml, NULL);
395 
396             process->target_xml = g_strjoinv(NULL, (void *)xml->pdata);
397         }
398         return process->target_xml;
399     }
400     /* Is it one of the features? */
401     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
402         r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
403         if (strncmp(p, r->feature->xmlname, len) == 0) {
404             return r->feature->xml;
405         }
406     }
407 
408     /* failed */
409     return NULL;
410 }
411 
gdb_feature_builder_init(GDBFeatureBuilder * builder,GDBFeature * feature,const char * name,const char * xmlname,int base_reg)412 void gdb_feature_builder_init(GDBFeatureBuilder *builder, GDBFeature *feature,
413                               const char *name, const char *xmlname,
414                               int base_reg)
415 {
416     char *header = g_markup_printf_escaped(
417         "<?xml version=\"1.0\"?>"
418         "<!DOCTYPE feature SYSTEM \"gdb-target.dtd\">"
419         "<feature name=\"%s\">",
420         name);
421 
422     builder->feature = feature;
423     builder->xml = g_ptr_array_new();
424     g_ptr_array_add(builder->xml, header);
425     builder->regs = g_ptr_array_new();
426     builder->base_reg = base_reg;
427     feature->xmlname = xmlname;
428     feature->name = name;
429 }
430 
gdb_feature_builder_append_tag(const GDBFeatureBuilder * builder,const char * format,...)431 void gdb_feature_builder_append_tag(const GDBFeatureBuilder *builder,
432                                     const char *format, ...)
433 {
434     va_list ap;
435     va_start(ap, format);
436     g_ptr_array_add(builder->xml, g_markup_vprintf_escaped(format, ap));
437     va_end(ap);
438 }
439 
gdb_feature_builder_append_reg(const GDBFeatureBuilder * builder,const char * name,int bitsize,int regnum,const char * type,const char * group)440 void gdb_feature_builder_append_reg(const GDBFeatureBuilder *builder,
441                                     const char *name,
442                                     int bitsize,
443                                     int regnum,
444                                     const char *type,
445                                     const char *group)
446 {
447     if (builder->regs->len <= regnum) {
448         g_ptr_array_set_size(builder->regs, regnum + 1);
449     }
450 
451     builder->regs->pdata[regnum] = (gpointer *)name;
452 
453     if (group) {
454         gdb_feature_builder_append_tag(
455             builder,
456             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\" group=\"%s\"/>",
457             name, bitsize, builder->base_reg + regnum, type, group);
458     } else {
459         gdb_feature_builder_append_tag(
460             builder,
461             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\"/>",
462             name, bitsize, builder->base_reg + regnum, type);
463     }
464 }
465 
gdb_feature_builder_end(const GDBFeatureBuilder * builder)466 void gdb_feature_builder_end(const GDBFeatureBuilder *builder)
467 {
468     g_ptr_array_add(builder->xml, (void *)"</feature>");
469     g_ptr_array_add(builder->xml, NULL);
470 
471     builder->feature->xml = g_strjoinv(NULL, (void *)builder->xml->pdata);
472 
473     for (guint i = 0; i < builder->xml->len - 2; i++) {
474         g_free(g_ptr_array_index(builder->xml, i));
475     }
476 
477     g_ptr_array_free(builder->xml, TRUE);
478 
479     builder->feature->num_regs = builder->regs->len;
480     builder->feature->regs = (void *)g_ptr_array_free(builder->regs, FALSE);
481 }
482 
gdb_find_static_feature(const char * xmlname)483 const GDBFeature *gdb_find_static_feature(const char *xmlname)
484 {
485     const GDBFeature *feature;
486 
487     for (feature = gdb_static_features; feature->xmlname; feature++) {
488         if (!strcmp(feature->xmlname, xmlname)) {
489             return feature;
490         }
491     }
492 
493     g_assert_not_reached();
494 }
495 
gdb_get_register_list(CPUState * cpu)496 GArray *gdb_get_register_list(CPUState *cpu)
497 {
498     GArray *results = g_array_new(true, true, sizeof(GDBRegDesc));
499 
500     /* registers are only available once the CPU is initialised */
501     if (!cpu->gdb_regs) {
502         return results;
503     }
504 
505     for (int f = 0; f < cpu->gdb_regs->len; f++) {
506         GDBRegisterState *r = &g_array_index(cpu->gdb_regs, GDBRegisterState, f);
507         for (int i = 0; i < r->feature->num_regs; i++) {
508             const char *name = r->feature->regs[i];
509             GDBRegDesc desc = {
510                 r->base_reg + i,
511                 name,
512                 r->feature->name
513             };
514             g_array_append_val(results, desc);
515         }
516     }
517 
518     return results;
519 }
520 
gdb_read_register(CPUState * cpu,GByteArray * buf,int reg)521 int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
522 {
523     GDBRegisterState *r;
524 
525     if (reg < cpu->cc->gdb_num_core_regs) {
526         return cpu->cc->gdb_read_register(cpu, buf, reg);
527     }
528 
529     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
530         r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
531         if (r->base_reg <= reg && reg < r->base_reg + r->feature->num_regs) {
532             return r->get_reg(cpu, buf, reg - r->base_reg);
533         }
534     }
535     return 0;
536 }
537 
gdb_write_register(CPUState * cpu,uint8_t * mem_buf,int reg)538 int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
539 {
540     GDBRegisterState *r;
541 
542     if (reg < cpu->cc->gdb_num_core_regs) {
543         return cpu->cc->gdb_write_register(cpu, mem_buf, reg);
544     }
545 
546     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
547         r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
548         if (r->base_reg <= reg && reg < r->base_reg + r->feature->num_regs) {
549             return r->set_reg(cpu, mem_buf, reg - r->base_reg);
550         }
551     }
552     return 0;
553 }
554 
gdb_register_feature(CPUState * cpu,int base_reg,gdb_get_reg_cb get_reg,gdb_set_reg_cb set_reg,const GDBFeature * feature)555 static void gdb_register_feature(CPUState *cpu, int base_reg,
556                                  gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
557                                  const GDBFeature *feature)
558 {
559     GDBRegisterState s = {
560         .base_reg = base_reg,
561         .get_reg = get_reg,
562         .set_reg = set_reg,
563         .feature = feature
564     };
565 
566     g_array_append_val(cpu->gdb_regs, s);
567 }
568 
gdb_get_core_xml_file(CPUState * cpu)569 static const char *gdb_get_core_xml_file(CPUState *cpu)
570 {
571     CPUClass *cc = cpu->cc;
572 
573     /*
574      * The CPU class can provide the XML filename via a method,
575      * or as a simple fixed string field.
576      */
577     if (cc->gdb_get_core_xml_file) {
578         return cc->gdb_get_core_xml_file(cpu);
579     }
580     return cc->gdb_core_xml_file;
581 }
582 
gdb_init_cpu(CPUState * cpu)583 void gdb_init_cpu(CPUState *cpu)
584 {
585     CPUClass *cc = cpu->cc;
586     const GDBFeature *feature;
587     const char *xmlfile = gdb_get_core_xml_file(cpu);
588 
589     cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
590 
591     if (xmlfile) {
592         feature = gdb_find_static_feature(xmlfile);
593         gdb_register_feature(cpu, 0,
594                              cc->gdb_read_register, cc->gdb_write_register,
595                              feature);
596         cpu->gdb_num_regs = cpu->gdb_num_g_regs = feature->num_regs;
597     }
598 
599     if (cc->gdb_num_core_regs) {
600         cpu->gdb_num_regs = cpu->gdb_num_g_regs = cc->gdb_num_core_regs;
601     }
602 }
603 
gdb_register_coprocessor(CPUState * cpu,gdb_get_reg_cb get_reg,gdb_set_reg_cb set_reg,const GDBFeature * feature,int g_pos)604 void gdb_register_coprocessor(CPUState *cpu,
605                               gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
606                               const GDBFeature *feature, int g_pos)
607 {
608     GDBRegisterState *s;
609     guint i;
610     int base_reg = cpu->gdb_num_regs;
611 
612     for (i = 0; i < cpu->gdb_regs->len; i++) {
613         /* Check for duplicates.  */
614         s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
615         if (s->feature == feature) {
616             return;
617         }
618     }
619 
620     gdb_register_feature(cpu, base_reg, get_reg, set_reg, feature);
621 
622     /* Add to end of list.  */
623     cpu->gdb_num_regs += feature->num_regs;
624     if (g_pos) {
625         if (g_pos != base_reg) {
626             error_report("Error: Bad gdb register numbering for '%s', "
627                          "expected %d got %d", feature->xml, g_pos, base_reg);
628         } else {
629             cpu->gdb_num_g_regs = cpu->gdb_num_regs;
630         }
631     }
632 }
633 
gdb_unregister_coprocessor_all(CPUState * cpu)634 void gdb_unregister_coprocessor_all(CPUState *cpu)
635 {
636     /*
637      * Safe to nuke everything. GDBRegisterState::xml is static const char so
638      * it won't be freed
639      */
640     g_array_free(cpu->gdb_regs, true);
641 
642     cpu->gdb_regs = NULL;
643     cpu->gdb_num_regs = 0;
644     cpu->gdb_num_g_regs = 0;
645 }
646 
gdb_process_breakpoint_remove_all(GDBProcess * p)647 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
648 {
649     CPUState *cpu = gdb_get_first_cpu_in_process(p);
650 
651     while (cpu) {
652         gdb_breakpoint_remove_all(cpu);
653         cpu = gdb_next_cpu_in_process(cpu);
654     }
655 }
656 
657 
gdb_set_cpu_pc(vaddr pc)658 static void gdb_set_cpu_pc(vaddr pc)
659 {
660     CPUState *cpu = gdbserver_state.c_cpu;
661 
662     cpu_synchronize_state(cpu);
663     cpu_set_pc(cpu, pc);
664 }
665 
gdb_append_thread_id(CPUState * cpu,GString * buf)666 void gdb_append_thread_id(CPUState *cpu, GString *buf)
667 {
668     if (gdbserver_state.multiprocess) {
669         g_string_append_printf(buf, "p%02x.%02x",
670                                gdb_get_cpu_pid(cpu), gdb_get_cpu_index(cpu));
671     } else {
672         g_string_append_printf(buf, "%02x", gdb_get_cpu_index(cpu));
673     }
674 }
675 
read_thread_id(const char * buf,const char ** end_buf,uint32_t * pid,uint32_t * tid)676 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
677                                       uint32_t *pid, uint32_t *tid)
678 {
679     unsigned long p, t;
680     int ret;
681 
682     if (*buf == 'p') {
683         buf++;
684         ret = qemu_strtoul(buf, &buf, 16, &p);
685 
686         if (ret) {
687             return GDB_READ_THREAD_ERR;
688         }
689 
690         /* Skip '.' */
691         buf++;
692     } else {
693         p = 0;
694     }
695 
696     ret = qemu_strtoul(buf, &buf, 16, &t);
697 
698     if (ret) {
699         return GDB_READ_THREAD_ERR;
700     }
701 
702     *end_buf = buf;
703 
704     if (p == -1) {
705         return GDB_ALL_PROCESSES;
706     }
707 
708     if (pid) {
709         *pid = p;
710     }
711 
712     if (t == -1) {
713         return GDB_ALL_THREADS;
714     }
715 
716     if (tid) {
717         *tid = t;
718     }
719 
720     return GDB_ONE_THREAD;
721 }
722 
723 /**
724  * gdb_handle_vcont - Parses and handles a vCont packet.
725  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
726  *         a format error, 0 on success.
727  */
gdb_handle_vcont(const char * p)728 static int gdb_handle_vcont(const char *p)
729 {
730     int res, signal = 0;
731     char cur_action;
732     unsigned long tmp;
733     uint32_t pid, tid;
734     GDBProcess *process;
735     CPUState *cpu;
736     GDBThreadIdKind kind;
737     unsigned int max_cpus = gdb_get_max_cpus();
738     /* uninitialised CPUs stay 0 */
739     g_autofree char *newstates = g_new0(char, max_cpus);
740 
741     /* mark valid CPUs with 1 */
742     CPU_FOREACH(cpu) {
743         newstates[cpu->cpu_index] = 1;
744     }
745 
746     /*
747      * res keeps track of what error we are returning, with -ENOTSUP meaning
748      * that the command is unknown or unsupported, thus returning an empty
749      * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
750      *  or incorrect parameters passed.
751      */
752     res = 0;
753 
754     /*
755      * target_count and last_target keep track of how many CPUs we are going to
756      * step or resume, and a pointer to the state structure of one of them,
757      * respectively
758      */
759     int target_count = 0;
760     CPUState *last_target = NULL;
761 
762     while (*p) {
763         if (*p++ != ';') {
764             return -ENOTSUP;
765         }
766 
767         cur_action = *p++;
768         if (cur_action == 'C' || cur_action == 'S') {
769             cur_action = qemu_tolower(cur_action);
770             res = qemu_strtoul(p, &p, 16, &tmp);
771             if (res) {
772                 return res;
773             }
774             signal = gdb_signal_to_target(tmp);
775         } else if (cur_action != 'c' && cur_action != 's') {
776             /* unknown/invalid/unsupported command */
777             return -ENOTSUP;
778         }
779 
780         if (*p == '\0' || *p == ';') {
781             /*
782              * No thread specifier, action is on "all threads". The
783              * specification is unclear regarding the process to act on. We
784              * choose all processes.
785              */
786             kind = GDB_ALL_PROCESSES;
787         } else if (*p++ == ':') {
788             kind = read_thread_id(p, &p, &pid, &tid);
789         } else {
790             return -ENOTSUP;
791         }
792 
793         switch (kind) {
794         case GDB_READ_THREAD_ERR:
795             return -EINVAL;
796 
797         case GDB_ALL_PROCESSES:
798             cpu = gdb_first_attached_cpu();
799             while (cpu) {
800                 if (newstates[cpu->cpu_index] == 1) {
801                     newstates[cpu->cpu_index] = cur_action;
802 
803                     target_count++;
804                     last_target = cpu;
805                 }
806 
807                 cpu = gdb_next_attached_cpu(cpu);
808             }
809             break;
810 
811         case GDB_ALL_THREADS:
812             process = gdb_get_process(pid);
813 
814             if (!process->attached) {
815                 return -EINVAL;
816             }
817 
818             cpu = gdb_get_first_cpu_in_process(process);
819             while (cpu) {
820                 if (newstates[cpu->cpu_index] == 1) {
821                     newstates[cpu->cpu_index] = cur_action;
822 
823                     target_count++;
824                     last_target = cpu;
825                 }
826 
827                 cpu = gdb_next_cpu_in_process(cpu);
828             }
829             break;
830 
831         case GDB_ONE_THREAD:
832             cpu = gdb_get_cpu(pid, tid);
833 
834             /* invalid CPU/thread specified */
835             if (!cpu) {
836                 return -EINVAL;
837             }
838 
839             /* only use if no previous match occourred */
840             if (newstates[cpu->cpu_index] == 1) {
841                 newstates[cpu->cpu_index] = cur_action;
842 
843                 target_count++;
844                 last_target = cpu;
845             }
846             break;
847         }
848     }
849 
850     /*
851      * if we're about to resume a specific set of CPUs/threads, make it so that
852      * in case execution gets interrupted, we can send GDB a stop reply with a
853      * correct value. it doesn't really matter which CPU we tell GDB the signal
854      * happened in (VM pauses stop all of them anyway), so long as it is one of
855      * the ones we resumed/single stepped here.
856      */
857     if (target_count > 0) {
858         gdbserver_state.c_cpu = last_target;
859     }
860 
861     gdbserver_state.signal = signal;
862     gdb_continue_partial(newstates);
863     return res;
864 }
865 
cmd_next_param(const char * param,const char delimiter)866 static const char *cmd_next_param(const char *param, const char delimiter)
867 {
868     static const char all_delimiters[] = ",;:=";
869     char curr_delimiters[2] = {0};
870     const char *delimiters;
871 
872     if (delimiter == '?') {
873         delimiters = all_delimiters;
874     } else if (delimiter == '0') {
875         return strchr(param, '\0');
876     } else if (delimiter == '.' && *param) {
877         return param + 1;
878     } else {
879         curr_delimiters[0] = delimiter;
880         delimiters = curr_delimiters;
881     }
882 
883     param += strcspn(param, delimiters);
884     if (*param) {
885         param++;
886     }
887     return param;
888 }
889 
cmd_parse_params(const char * data,const char * schema,GArray * params)890 static int cmd_parse_params(const char *data, const char *schema,
891                             GArray *params)
892 {
893     const char *curr_schema, *curr_data;
894 
895     g_assert(schema);
896     g_assert(params->len == 0);
897 
898     curr_schema = schema;
899     curr_data = data;
900     while (curr_schema[0] && curr_schema[1] && *curr_data) {
901         GdbCmdVariant this_param;
902 
903         switch (curr_schema[0]) {
904         case 'l':
905             if (qemu_strtoul(curr_data, &curr_data, 16,
906                              &this_param.val_ul)) {
907                 return -EINVAL;
908             }
909             curr_data = cmd_next_param(curr_data, curr_schema[1]);
910             g_array_append_val(params, this_param);
911             break;
912         case 'L':
913             if (qemu_strtou64(curr_data, &curr_data, 16,
914                               (uint64_t *)&this_param.val_ull)) {
915                 return -EINVAL;
916             }
917             curr_data = cmd_next_param(curr_data, curr_schema[1]);
918             g_array_append_val(params, this_param);
919             break;
920         case 's':
921             this_param.data = curr_data;
922             curr_data = cmd_next_param(curr_data, curr_schema[1]);
923             g_array_append_val(params, this_param);
924             break;
925         case 'o':
926             this_param.opcode = *(uint8_t *)curr_data;
927             curr_data = cmd_next_param(curr_data, curr_schema[1]);
928             g_array_append_val(params, this_param);
929             break;
930         case 't':
931             this_param.thread_id.kind =
932                 read_thread_id(curr_data, &curr_data,
933                                &this_param.thread_id.pid,
934                                &this_param.thread_id.tid);
935             curr_data = cmd_next_param(curr_data, curr_schema[1]);
936             g_array_append_val(params, this_param);
937             break;
938         case '?':
939             curr_data = cmd_next_param(curr_data, curr_schema[1]);
940             break;
941         default:
942             return -EINVAL;
943         }
944         curr_schema += 2;
945     }
946 
947     return 0;
948 }
949 
startswith(const char * string,const char * pattern)950 static inline int startswith(const char *string, const char *pattern)
951 {
952   return !strncmp(string, pattern, strlen(pattern));
953 }
954 
process_string_cmd(const char * data,const GdbCmdParseEntry * cmds,int num_cmds)955 static bool process_string_cmd(const char *data,
956                                const GdbCmdParseEntry *cmds, int num_cmds)
957 {
958     int i;
959     g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
960 
961     if (!cmds) {
962         return false;
963     }
964 
965     for (i = 0; i < num_cmds; i++) {
966         const GdbCmdParseEntry *cmd = &cmds[i];
967         void *user_ctx = NULL;
968         g_assert(cmd->handler && cmd->cmd);
969 
970         if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
971             (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
972             continue;
973         }
974 
975         if (cmd->schema) {
976             if (cmd_parse_params(&data[strlen(cmd->cmd)],
977                                  cmd->schema, params)) {
978                 return false;
979             }
980         }
981 
982         if (cmd->need_cpu_context) {
983             user_ctx = (void *)gdbserver_state.g_cpu;
984         }
985 
986         gdbserver_state.allow_stop_reply = cmd->allow_stop_reply;
987         cmd->handler(params, user_ctx);
988         return true;
989     }
990 
991     return false;
992 }
993 
run_cmd_parser(const char * data,const GdbCmdParseEntry * cmd)994 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
995 {
996     if (!data) {
997         return;
998     }
999 
1000     g_string_set_size(gdbserver_state.str_buf, 0);
1001     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1002 
1003     /* In case there was an error during the command parsing we must
1004     * send a NULL packet to indicate the command is not supported */
1005     if (!process_string_cmd(data, cmd, 1)) {
1006         gdb_put_packet("");
1007     }
1008 }
1009 
handle_detach(GArray * params,void * user_ctx)1010 static void handle_detach(GArray *params, void *user_ctx)
1011 {
1012     GDBProcess *process;
1013     uint32_t pid = 1;
1014 
1015     if (gdbserver_state.multiprocess) {
1016         if (!params->len) {
1017             gdb_put_packet("E22");
1018             return;
1019         }
1020 
1021         pid = gdb_get_cmd_param(params, 0)->val_ul;
1022     }
1023 
1024 #ifdef CONFIG_USER_ONLY
1025     if (gdb_handle_detach_user(pid)) {
1026         return;
1027     }
1028 #endif
1029 
1030     process = gdb_get_process(pid);
1031     gdb_process_breakpoint_remove_all(process);
1032     process->attached = false;
1033 
1034     if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1035         gdbserver_state.c_cpu = gdb_first_attached_cpu();
1036     }
1037 
1038     if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1039         gdbserver_state.g_cpu = gdb_first_attached_cpu();
1040     }
1041 
1042     if (!gdbserver_state.c_cpu) {
1043         /* No more process attached */
1044         gdb_disable_syscalls();
1045         gdb_continue();
1046     }
1047     gdb_put_packet("OK");
1048 }
1049 
handle_thread_alive(GArray * params,void * user_ctx)1050 static void handle_thread_alive(GArray *params, void *user_ctx)
1051 {
1052     CPUState *cpu;
1053 
1054     if (!params->len) {
1055         gdb_put_packet("E22");
1056         return;
1057     }
1058 
1059     if (gdb_get_cmd_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1060         gdb_put_packet("E22");
1061         return;
1062     }
1063 
1064     cpu = gdb_get_cpu(gdb_get_cmd_param(params, 0)->thread_id.pid,
1065                       gdb_get_cmd_param(params, 0)->thread_id.tid);
1066     if (!cpu) {
1067         gdb_put_packet("E22");
1068         return;
1069     }
1070 
1071     gdb_put_packet("OK");
1072 }
1073 
handle_continue(GArray * params,void * user_ctx)1074 static void handle_continue(GArray *params, void *user_ctx)
1075 {
1076     if (params->len) {
1077         gdb_set_cpu_pc(gdb_get_cmd_param(params, 0)->val_ull);
1078     }
1079 
1080     gdbserver_state.signal = 0;
1081     gdb_continue();
1082 }
1083 
handle_cont_with_sig(GArray * params,void * user_ctx)1084 static void handle_cont_with_sig(GArray *params, void *user_ctx)
1085 {
1086     unsigned long signal = 0;
1087 
1088     /*
1089      * Note: C sig;[addr] is currently unsupported and we simply
1090      *       omit the addr parameter
1091      */
1092     if (params->len) {
1093         signal = gdb_get_cmd_param(params, 0)->val_ul;
1094     }
1095 
1096     gdbserver_state.signal = gdb_signal_to_target(signal);
1097     if (gdbserver_state.signal == -1) {
1098         gdbserver_state.signal = 0;
1099     }
1100     gdb_continue();
1101 }
1102 
handle_set_thread(GArray * params,void * user_ctx)1103 static void handle_set_thread(GArray *params, void *user_ctx)
1104 {
1105     uint32_t pid, tid;
1106     CPUState *cpu;
1107 
1108     if (params->len != 2) {
1109         gdb_put_packet("E22");
1110         return;
1111     }
1112 
1113     if (gdb_get_cmd_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1114         gdb_put_packet("E22");
1115         return;
1116     }
1117 
1118     if (gdb_get_cmd_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1119         gdb_put_packet("OK");
1120         return;
1121     }
1122 
1123     pid = gdb_get_cmd_param(params, 1)->thread_id.pid;
1124     tid = gdb_get_cmd_param(params, 1)->thread_id.tid;
1125 #ifdef CONFIG_USER_ONLY
1126     if (gdb_handle_set_thread_user(pid, tid)) {
1127         return;
1128     }
1129 #endif
1130     cpu = gdb_get_cpu(pid, tid);
1131     if (!cpu) {
1132         gdb_put_packet("E22");
1133         return;
1134     }
1135 
1136     /*
1137      * Note: This command is deprecated and modern gdb's will be using the
1138      *       vCont command instead.
1139      */
1140     switch (gdb_get_cmd_param(params, 0)->opcode) {
1141     case 'c':
1142         gdbserver_state.c_cpu = cpu;
1143         gdb_put_packet("OK");
1144         break;
1145     case 'g':
1146         gdbserver_state.g_cpu = cpu;
1147         gdb_put_packet("OK");
1148         break;
1149     default:
1150         gdb_put_packet("E22");
1151         break;
1152     }
1153 }
1154 
handle_insert_bp(GArray * params,void * user_ctx)1155 static void handle_insert_bp(GArray *params, void *user_ctx)
1156 {
1157     int res;
1158 
1159     if (params->len != 3) {
1160         gdb_put_packet("E22");
1161         return;
1162     }
1163 
1164     res = gdb_breakpoint_insert(gdbserver_state.c_cpu,
1165                                 gdb_get_cmd_param(params, 0)->val_ul,
1166                                 gdb_get_cmd_param(params, 1)->val_ull,
1167                                 gdb_get_cmd_param(params, 2)->val_ull);
1168     if (res >= 0) {
1169         gdb_put_packet("OK");
1170         return;
1171     } else if (res == -ENOSYS) {
1172         gdb_put_packet("");
1173         return;
1174     }
1175 
1176     gdb_put_packet("E22");
1177 }
1178 
handle_remove_bp(GArray * params,void * user_ctx)1179 static void handle_remove_bp(GArray *params, void *user_ctx)
1180 {
1181     int res;
1182 
1183     if (params->len != 3) {
1184         gdb_put_packet("E22");
1185         return;
1186     }
1187 
1188     res = gdb_breakpoint_remove(gdbserver_state.c_cpu,
1189                                 gdb_get_cmd_param(params, 0)->val_ul,
1190                                 gdb_get_cmd_param(params, 1)->val_ull,
1191                                 gdb_get_cmd_param(params, 2)->val_ull);
1192     if (res >= 0) {
1193         gdb_put_packet("OK");
1194         return;
1195     } else if (res == -ENOSYS) {
1196         gdb_put_packet("");
1197         return;
1198     }
1199 
1200     gdb_put_packet("E22");
1201 }
1202 
1203 /*
1204  * handle_set/get_reg
1205  *
1206  * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1207  * This works, but can be very slow. Anything new enough to understand
1208  * XML also knows how to use this properly. However to use this we
1209  * need to define a local XML file as well as be talking to a
1210  * reasonably modern gdb. Responding with an empty packet will cause
1211  * the remote gdb to fallback to older methods.
1212  */
1213 
handle_set_reg(GArray * params,void * user_ctx)1214 static void handle_set_reg(GArray *params, void *user_ctx)
1215 {
1216     int reg_size;
1217 
1218     if (params->len != 2) {
1219         gdb_put_packet("E22");
1220         return;
1221     }
1222 
1223     reg_size = strlen(gdb_get_cmd_param(params, 1)->data) / 2;
1224     gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 1)->data, reg_size);
1225     gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1226                        gdb_get_cmd_param(params, 0)->val_ull);
1227     gdb_put_packet("OK");
1228 }
1229 
handle_get_reg(GArray * params,void * user_ctx)1230 static void handle_get_reg(GArray *params, void *user_ctx)
1231 {
1232     int reg_size;
1233 
1234     if (!params->len) {
1235         gdb_put_packet("E14");
1236         return;
1237     }
1238 
1239     reg_size = gdb_read_register(gdbserver_state.g_cpu,
1240                                  gdbserver_state.mem_buf,
1241                                  gdb_get_cmd_param(params, 0)->val_ull);
1242     if (!reg_size) {
1243         gdb_put_packet("E14");
1244         return;
1245     } else {
1246         g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1247     }
1248 
1249     gdb_memtohex(gdbserver_state.str_buf,
1250                  gdbserver_state.mem_buf->data, reg_size);
1251     gdb_put_strbuf();
1252 }
1253 
handle_write_mem(GArray * params,void * user_ctx)1254 static void handle_write_mem(GArray *params, void *user_ctx)
1255 {
1256     if (params->len != 3) {
1257         gdb_put_packet("E22");
1258         return;
1259     }
1260 
1261     /* gdb_hextomem() reads 2*len bytes */
1262     if (gdb_get_cmd_param(params, 1)->val_ull >
1263         strlen(gdb_get_cmd_param(params, 2)->data) / 2) {
1264         gdb_put_packet("E22");
1265         return;
1266     }
1267 
1268     gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 2)->data,
1269                  gdb_get_cmd_param(params, 1)->val_ull);
1270     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1271                                    gdb_get_cmd_param(params, 0)->val_ull,
1272                                    gdbserver_state.mem_buf->data,
1273                                    gdbserver_state.mem_buf->len, true)) {
1274         gdb_put_packet("E14");
1275         return;
1276     }
1277 
1278     gdb_put_packet("OK");
1279 }
1280 
handle_read_mem(GArray * params,void * user_ctx)1281 static void handle_read_mem(GArray *params, void *user_ctx)
1282 {
1283     if (params->len != 2) {
1284         gdb_put_packet("E22");
1285         return;
1286     }
1287 
1288     /* gdb_memtohex() doubles the required space */
1289     if (gdb_get_cmd_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1290         gdb_put_packet("E22");
1291         return;
1292     }
1293 
1294     g_byte_array_set_size(gdbserver_state.mem_buf,
1295                           gdb_get_cmd_param(params, 1)->val_ull);
1296 
1297     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1298                                    gdb_get_cmd_param(params, 0)->val_ull,
1299                                    gdbserver_state.mem_buf->data,
1300                                    gdbserver_state.mem_buf->len, false)) {
1301         gdb_put_packet("E14");
1302         return;
1303     }
1304 
1305     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1306              gdbserver_state.mem_buf->len);
1307     gdb_put_strbuf();
1308 }
1309 
handle_write_all_regs(GArray * params,void * user_ctx)1310 static void handle_write_all_regs(GArray *params, void *user_ctx)
1311 {
1312     int reg_id;
1313     size_t len;
1314     uint8_t *registers;
1315     int reg_size;
1316 
1317     if (!params->len) {
1318         return;
1319     }
1320 
1321     cpu_synchronize_state(gdbserver_state.g_cpu);
1322     len = strlen(gdb_get_cmd_param(params, 0)->data) / 2;
1323     gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 0)->data, len);
1324     registers = gdbserver_state.mem_buf->data;
1325     for (reg_id = 0;
1326          reg_id < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1327          reg_id++) {
1328         reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, reg_id);
1329         len -= reg_size;
1330         registers += reg_size;
1331     }
1332     gdb_put_packet("OK");
1333 }
1334 
handle_read_all_regs(GArray * params,void * user_ctx)1335 static void handle_read_all_regs(GArray *params, void *user_ctx)
1336 {
1337     int reg_id;
1338     size_t len;
1339 
1340     cpu_synchronize_state(gdbserver_state.g_cpu);
1341     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1342     len = 0;
1343     for (reg_id = 0; reg_id < gdbserver_state.g_cpu->gdb_num_g_regs; reg_id++) {
1344         len += gdb_read_register(gdbserver_state.g_cpu,
1345                                  gdbserver_state.mem_buf,
1346                                  reg_id);
1347         g_assert(len == gdbserver_state.mem_buf->len);
1348     }
1349 
1350     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1351     gdb_put_strbuf();
1352 }
1353 
1354 
handle_step(GArray * params,void * user_ctx)1355 static void handle_step(GArray *params, void *user_ctx)
1356 {
1357     if (params->len) {
1358         gdb_set_cpu_pc(gdb_get_cmd_param(params, 0)->val_ull);
1359     }
1360 
1361     cpu_single_step(gdbserver_state.c_cpu, gdbserver_state.sstep_flags);
1362     gdb_continue();
1363 }
1364 
handle_backward(GArray * params,void * user_ctx)1365 static void handle_backward(GArray *params, void *user_ctx)
1366 {
1367     if (!gdb_can_reverse()) {
1368         gdb_put_packet("E22");
1369     }
1370     if (params->len == 1) {
1371         switch (gdb_get_cmd_param(params, 0)->opcode) {
1372         case 's':
1373             if (replay_reverse_step()) {
1374                 gdb_continue();
1375             } else {
1376                 gdb_put_packet("E14");
1377             }
1378             return;
1379         case 'c':
1380             if (replay_reverse_continue()) {
1381                 gdb_continue();
1382             } else {
1383                 gdb_put_packet("E14");
1384             }
1385             return;
1386         }
1387     }
1388 
1389     /* Default invalid command */
1390     gdb_put_packet("");
1391 }
1392 
handle_v_cont_query(GArray * params,void * user_ctx)1393 static void handle_v_cont_query(GArray *params, void *user_ctx)
1394 {
1395     gdb_put_packet("vCont;c;C;s;S");
1396 }
1397 
handle_v_cont(GArray * params,void * user_ctx)1398 static void handle_v_cont(GArray *params, void *user_ctx)
1399 {
1400     int res;
1401 
1402     if (!params->len) {
1403         return;
1404     }
1405 
1406     res = gdb_handle_vcont(gdb_get_cmd_param(params, 0)->data);
1407     if ((res == -EINVAL) || (res == -ERANGE)) {
1408         gdb_put_packet("E22");
1409     } else if (res) {
1410         gdb_put_packet("");
1411     }
1412 }
1413 
handle_v_attach(GArray * params,void * user_ctx)1414 static void handle_v_attach(GArray *params, void *user_ctx)
1415 {
1416     GDBProcess *process;
1417     CPUState *cpu;
1418 
1419     g_string_assign(gdbserver_state.str_buf, "E22");
1420     if (!params->len) {
1421         goto cleanup;
1422     }
1423 
1424     process = gdb_get_process(gdb_get_cmd_param(params, 0)->val_ul);
1425     if (!process) {
1426         goto cleanup;
1427     }
1428 
1429     cpu = gdb_get_first_cpu_in_process(process);
1430     if (!cpu) {
1431         goto cleanup;
1432     }
1433 
1434     process->attached = true;
1435     gdbserver_state.g_cpu = cpu;
1436     gdbserver_state.c_cpu = cpu;
1437 
1438     if (gdbserver_state.allow_stop_reply) {
1439         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1440         gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1441         g_string_append_c(gdbserver_state.str_buf, ';');
1442         gdbserver_state.allow_stop_reply = false;
1443 cleanup:
1444         gdb_put_strbuf();
1445     }
1446 }
1447 
handle_v_kill(GArray * params,void * user_ctx)1448 static void handle_v_kill(GArray *params, void *user_ctx)
1449 {
1450     /* Kill the target */
1451     gdb_put_packet("OK");
1452     error_report("QEMU: Terminated via GDBstub");
1453     gdb_exit(0);
1454     gdb_qemu_exit(0);
1455 }
1456 
1457 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1458     /* Order is important if has same prefix */
1459     {
1460         .handler = handle_v_cont_query,
1461         .cmd = "Cont?",
1462         .cmd_startswith = true
1463     },
1464     {
1465         .handler = handle_v_cont,
1466         .cmd = "Cont",
1467         .cmd_startswith = true,
1468         .allow_stop_reply = true,
1469         .schema = "s0"
1470     },
1471     {
1472         .handler = handle_v_attach,
1473         .cmd = "Attach;",
1474         .cmd_startswith = true,
1475         .allow_stop_reply = true,
1476         .schema = "l0"
1477     },
1478     {
1479         .handler = handle_v_kill,
1480         .cmd = "Kill;",
1481         .cmd_startswith = true
1482     },
1483 #ifdef CONFIG_USER_ONLY
1484     /*
1485      * Host I/O Packets. See [1] for details.
1486      * [1] https://sourceware.org/gdb/onlinedocs/gdb/Host-I_002fO-Packets.html
1487      */
1488     {
1489         .handler = gdb_handle_v_file_open,
1490         .cmd = "File:open:",
1491         .cmd_startswith = true,
1492         .schema = "s,L,L0"
1493     },
1494     {
1495         .handler = gdb_handle_v_file_close,
1496         .cmd = "File:close:",
1497         .cmd_startswith = true,
1498         .schema = "l0"
1499     },
1500     {
1501         .handler = gdb_handle_v_file_pread,
1502         .cmd = "File:pread:",
1503         .cmd_startswith = true,
1504         .schema = "l,L,L0"
1505     },
1506     {
1507         .handler = gdb_handle_v_file_readlink,
1508         .cmd = "File:readlink:",
1509         .cmd_startswith = true,
1510         .schema = "s0"
1511     },
1512 #endif
1513 };
1514 
handle_v_commands(GArray * params,void * user_ctx)1515 static void handle_v_commands(GArray *params, void *user_ctx)
1516 {
1517     if (!params->len) {
1518         return;
1519     }
1520 
1521     if (!process_string_cmd(gdb_get_cmd_param(params, 0)->data,
1522                             gdb_v_commands_table,
1523                             ARRAY_SIZE(gdb_v_commands_table))) {
1524         gdb_put_packet("");
1525     }
1526 }
1527 
handle_query_qemu_sstepbits(GArray * params,void * user_ctx)1528 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
1529 {
1530     g_string_printf(gdbserver_state.str_buf, "ENABLE=%x", SSTEP_ENABLE);
1531 
1532     if (gdbserver_state.supported_sstep_flags & SSTEP_NOIRQ) {
1533         g_string_append_printf(gdbserver_state.str_buf, ",NOIRQ=%x",
1534                                SSTEP_NOIRQ);
1535     }
1536 
1537     if (gdbserver_state.supported_sstep_flags & SSTEP_NOTIMER) {
1538         g_string_append_printf(gdbserver_state.str_buf, ",NOTIMER=%x",
1539                                SSTEP_NOTIMER);
1540     }
1541 
1542     gdb_put_strbuf();
1543 }
1544 
handle_set_qemu_sstep(GArray * params,void * user_ctx)1545 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
1546 {
1547     int new_sstep_flags;
1548 
1549     if (!params->len) {
1550         return;
1551     }
1552 
1553     new_sstep_flags = gdb_get_cmd_param(params, 0)->val_ul;
1554 
1555     if (new_sstep_flags  & ~gdbserver_state.supported_sstep_flags) {
1556         gdb_put_packet("E22");
1557         return;
1558     }
1559 
1560     gdbserver_state.sstep_flags = new_sstep_flags;
1561     gdb_put_packet("OK");
1562 }
1563 
handle_query_qemu_sstep(GArray * params,void * user_ctx)1564 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
1565 {
1566     g_string_printf(gdbserver_state.str_buf, "0x%x",
1567                     gdbserver_state.sstep_flags);
1568     gdb_put_strbuf();
1569 }
1570 
handle_query_curr_tid(GArray * params,void * user_ctx)1571 static void handle_query_curr_tid(GArray *params, void *user_ctx)
1572 {
1573     CPUState *cpu;
1574     GDBProcess *process;
1575 
1576     /*
1577      * "Current thread" remains vague in the spec, so always return
1578      * the first thread of the current process (gdb returns the
1579      * first thread).
1580      */
1581     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1582     cpu = gdb_get_first_cpu_in_process(process);
1583     g_string_assign(gdbserver_state.str_buf, "QC");
1584     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1585     gdb_put_strbuf();
1586 }
1587 
handle_query_threads(GArray * params,void * user_ctx)1588 static void handle_query_threads(GArray *params, void *user_ctx)
1589 {
1590     if (!gdbserver_state.query_cpu) {
1591         gdb_put_packet("l");
1592         return;
1593     }
1594 
1595     g_string_assign(gdbserver_state.str_buf, "m");
1596     gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
1597     gdb_put_strbuf();
1598     gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
1599 }
1600 
handle_query_gdb_server_version(GArray * params,void * user_ctx)1601 static void handle_query_gdb_server_version(GArray *params, void *user_ctx)
1602 {
1603 #if defined(CONFIG_USER_ONLY)
1604     g_string_printf(gdbserver_state.str_buf, "name:qemu-%s;version:%s;",
1605                     target_name(), QEMU_VERSION);
1606 #else
1607     g_string_printf(gdbserver_state.str_buf, "name:qemu-system-%s;version:%s;",
1608                     target_name(), QEMU_VERSION);
1609 #endif
1610     gdb_put_strbuf();
1611 }
1612 
handle_query_first_threads(GArray * params,void * user_ctx)1613 static void handle_query_first_threads(GArray *params, void *user_ctx)
1614 {
1615     gdbserver_state.query_cpu = gdb_first_attached_cpu();
1616     handle_query_threads(params, user_ctx);
1617 }
1618 
handle_query_thread_extra(GArray * params,void * user_ctx)1619 static void handle_query_thread_extra(GArray *params, void *user_ctx)
1620 {
1621     g_autoptr(GString) rs = g_string_new(NULL);
1622     CPUState *cpu;
1623 
1624     if (!params->len ||
1625         gdb_get_cmd_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1626         gdb_put_packet("E22");
1627         return;
1628     }
1629 
1630     cpu = gdb_get_cpu(gdb_get_cmd_param(params, 0)->thread_id.pid,
1631                       gdb_get_cmd_param(params, 0)->thread_id.tid);
1632     if (!cpu) {
1633         return;
1634     }
1635 
1636     cpu_synchronize_state(cpu);
1637 
1638     if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
1639         /* Print the CPU model and name in multiprocess mode */
1640         ObjectClass *oc = object_get_class(OBJECT(cpu));
1641         const char *cpu_model = object_class_get_name(oc);
1642         const char *cpu_name =
1643             object_get_canonical_path_component(OBJECT(cpu));
1644         g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
1645                         cpu->halted ? "halted " : "running");
1646     } else {
1647         g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
1648                         cpu->halted ? "halted " : "running");
1649     }
1650     trace_gdbstub_op_extra_info(rs->str);
1651     gdb_memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
1652     gdb_put_strbuf();
1653 }
1654 
1655 
1656 static char **extra_query_flags;
1657 
gdb_extend_qsupported_features(char * qflags)1658 void gdb_extend_qsupported_features(char *qflags)
1659 {
1660     if (!extra_query_flags) {
1661         extra_query_flags = g_new0(char *, 2);
1662         extra_query_flags[0] = g_strdup(qflags);
1663     } else if (!g_strv_contains((const gchar * const *) extra_query_flags,
1664                                 qflags)) {
1665         int len = g_strv_length(extra_query_flags);
1666         extra_query_flags = g_realloc_n(extra_query_flags, len + 2,
1667                                         sizeof(char *));
1668         extra_query_flags[len] = g_strdup(qflags);
1669     }
1670 }
1671 
handle_query_supported(GArray * params,void * user_ctx)1672 static void handle_query_supported(GArray *params, void *user_ctx)
1673 {
1674     g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
1675     if (gdb_get_core_xml_file(first_cpu)) {
1676         g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
1677     }
1678 
1679     if (gdb_can_reverse()) {
1680         g_string_append(gdbserver_state.str_buf,
1681             ";ReverseStep+;ReverseContinue+");
1682     }
1683 
1684 #if defined(CONFIG_USER_ONLY)
1685 #if defined(CONFIG_LINUX)
1686     if (get_task_state(gdbserver_state.c_cpu)) {
1687         g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
1688     }
1689     g_string_append(gdbserver_state.str_buf, ";QCatchSyscalls+");
1690 
1691     g_string_append(gdbserver_state.str_buf, ";qXfer:siginfo:read+");
1692 #endif
1693     g_string_append(gdbserver_state.str_buf, ";qXfer:exec-file:read+");
1694 #endif
1695 
1696     if (params->len) {
1697         const char *gdb_supported = gdb_get_cmd_param(params, 0)->data;
1698 
1699         if (strstr(gdb_supported, "multiprocess+")) {
1700             gdbserver_state.multiprocess = true;
1701         }
1702 #if defined(CONFIG_USER_ONLY)
1703         gdb_handle_query_supported_user(gdb_supported);
1704 #endif
1705     }
1706 
1707     g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
1708 
1709     if (extra_query_flags) {
1710         int extras = g_strv_length(extra_query_flags);
1711         for (int i = 0; i < extras; i++) {
1712             g_string_append(gdbserver_state.str_buf, extra_query_flags[i]);
1713         }
1714     }
1715 
1716     gdb_put_strbuf();
1717 }
1718 
handle_query_xfer_features(GArray * params,void * user_ctx)1719 static void handle_query_xfer_features(GArray *params, void *user_ctx)
1720 {
1721     GDBProcess *process;
1722     unsigned long len, total_len, addr;
1723     const char *xml;
1724     const char *p;
1725 
1726     if (params->len < 3) {
1727         gdb_put_packet("E22");
1728         return;
1729     }
1730 
1731     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1732     if (!gdb_get_core_xml_file(gdbserver_state.g_cpu)) {
1733         gdb_put_packet("");
1734         return;
1735     }
1736 
1737     p = gdb_get_cmd_param(params, 0)->data;
1738     xml = get_feature_xml(p, &p, process);
1739     if (!xml) {
1740         gdb_put_packet("E00");
1741         return;
1742     }
1743 
1744     addr = gdb_get_cmd_param(params, 1)->val_ul;
1745     len = gdb_get_cmd_param(params, 2)->val_ul;
1746     total_len = strlen(xml);
1747     if (addr > total_len) {
1748         gdb_put_packet("E00");
1749         return;
1750     }
1751 
1752     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
1753         len = (MAX_PACKET_LENGTH - 5) / 2;
1754     }
1755 
1756     if (len < total_len - addr) {
1757         g_string_assign(gdbserver_state.str_buf, "m");
1758         gdb_memtox(gdbserver_state.str_buf, xml + addr, len);
1759     } else {
1760         g_string_assign(gdbserver_state.str_buf, "l");
1761         gdb_memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
1762     }
1763 
1764     gdb_put_packet_binary(gdbserver_state.str_buf->str,
1765                       gdbserver_state.str_buf->len, true);
1766 }
1767 
handle_query_qemu_supported(GArray * params,void * user_ctx)1768 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
1769 {
1770     g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
1771 #ifndef CONFIG_USER_ONLY
1772     g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
1773 #endif
1774     gdb_put_strbuf();
1775 }
1776 
1777 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
1778     /* Order is important if has same prefix */
1779     {
1780         .handler = handle_query_qemu_sstepbits,
1781         .cmd = "qemu.sstepbits",
1782     },
1783     {
1784         .handler = handle_query_qemu_sstep,
1785         .cmd = "qemu.sstep",
1786     },
1787     {
1788         .handler = handle_set_qemu_sstep,
1789         .cmd = "qemu.sstep=",
1790         .cmd_startswith = true,
1791         .schema = "l0"
1792     },
1793 };
1794 
1795 /**
1796  * extend_table() - extend one of the command tables
1797  * @table: the command table to extend (or NULL)
1798  * @extensions: a list of GdbCmdParseEntry pointers
1799  *
1800  * The entries themselves should be pointers to static const
1801  * GdbCmdParseEntry entries. If the entry is already in the table we
1802  * skip adding it again.
1803  *
1804  * Returns (a potentially freshly allocated) GPtrArray of GdbCmdParseEntry
1805  */
extend_table(GPtrArray * table,GPtrArray * extensions)1806 static GPtrArray *extend_table(GPtrArray *table, GPtrArray *extensions)
1807 {
1808     if (!table) {
1809         table = g_ptr_array_new();
1810     }
1811 
1812     for (int i = 0; i < extensions->len; i++) {
1813         gpointer entry = g_ptr_array_index(extensions, i);
1814         if (!g_ptr_array_find(table, entry, NULL)) {
1815             g_ptr_array_add(table, entry);
1816         }
1817     }
1818 
1819     return table;
1820 }
1821 
1822 /**
1823  * process_extended_table() - run through an extended command table
1824  * @table: the command table to check
1825  * @data: parameters
1826  *
1827  * returns true if the command was found and executed
1828  */
process_extended_table(GPtrArray * table,const char * data)1829 static bool process_extended_table(GPtrArray *table, const char *data)
1830 {
1831     for (int i = 0; i < table->len; i++) {
1832         const GdbCmdParseEntry *entry = g_ptr_array_index(table, i);
1833         if (process_string_cmd(data, entry, 1)) {
1834             return true;
1835         }
1836     }
1837     return false;
1838 }
1839 
1840 
1841 /* Ptr to GdbCmdParseEntry */
1842 static GPtrArray *extended_query_table;
1843 
gdb_extend_query_table(GPtrArray * new_queries)1844 void gdb_extend_query_table(GPtrArray *new_queries)
1845 {
1846     extended_query_table = extend_table(extended_query_table, new_queries);
1847 }
1848 
1849 static const GdbCmdParseEntry gdb_gen_query_table[] = {
1850     {
1851         .handler = handle_query_curr_tid,
1852         .cmd = "C",
1853     },
1854     {
1855         .handler = handle_query_threads,
1856         .cmd = "sThreadInfo",
1857     },
1858     {
1859         .handler = handle_query_gdb_server_version,
1860         .cmd = "GDBServerVersion",
1861     },
1862     {
1863         .handler = handle_query_first_threads,
1864         .cmd = "fThreadInfo",
1865     },
1866     {
1867         .handler = handle_query_thread_extra,
1868         .cmd = "ThreadExtraInfo,",
1869         .cmd_startswith = true,
1870         .schema = "t0"
1871     },
1872 #ifdef CONFIG_USER_ONLY
1873     {
1874         .handler = gdb_handle_query_offsets,
1875         .cmd = "Offsets",
1876     },
1877 #else
1878     {
1879         .handler = gdb_handle_query_rcmd,
1880         .cmd = "Rcmd,",
1881         .cmd_startswith = true,
1882         .schema = "s0"
1883     },
1884 #endif
1885     {
1886         .handler = handle_query_supported,
1887         .cmd = "Supported:",
1888         .cmd_startswith = true,
1889         .schema = "s0"
1890     },
1891     {
1892         .handler = handle_query_supported,
1893         .cmd = "Supported",
1894         .schema = "s0"
1895     },
1896     {
1897         .handler = handle_query_xfer_features,
1898         .cmd = "Xfer:features:read:",
1899         .cmd_startswith = true,
1900         .schema = "s:l,l0"
1901     },
1902 #if defined(CONFIG_USER_ONLY)
1903 #if defined(CONFIG_LINUX)
1904     {
1905         .handler = gdb_handle_query_xfer_auxv,
1906         .cmd = "Xfer:auxv:read::",
1907         .cmd_startswith = true,
1908         .schema = "l,l0"
1909     },
1910     {
1911         .handler = gdb_handle_query_xfer_siginfo,
1912         .cmd = "Xfer:siginfo:read::",
1913         .cmd_startswith = true,
1914         .schema = "l,l0"
1915      },
1916 #endif
1917     {
1918         .handler = gdb_handle_query_xfer_exec_file,
1919         .cmd = "Xfer:exec-file:read:",
1920         .cmd_startswith = true,
1921         .schema = "l:l,l0"
1922     },
1923 #endif
1924     {
1925         .handler = gdb_handle_query_attached,
1926         .cmd = "Attached:",
1927         .cmd_startswith = true
1928     },
1929     {
1930         .handler = gdb_handle_query_attached,
1931         .cmd = "Attached",
1932     },
1933     {
1934         .handler = handle_query_qemu_supported,
1935         .cmd = "qemu.Supported",
1936     },
1937 #ifndef CONFIG_USER_ONLY
1938     {
1939         .handler = gdb_handle_query_qemu_phy_mem_mode,
1940         .cmd = "qemu.PhyMemMode",
1941     },
1942 #endif
1943 };
1944 
1945 /* Ptr to GdbCmdParseEntry */
1946 static GPtrArray *extended_set_table;
1947 
gdb_extend_set_table(GPtrArray * new_set)1948 void gdb_extend_set_table(GPtrArray *new_set)
1949 {
1950     extended_set_table = extend_table(extended_set_table, new_set);
1951 }
1952 
1953 static const GdbCmdParseEntry gdb_gen_set_table[] = {
1954     /* Order is important if has same prefix */
1955     {
1956         .handler = handle_set_qemu_sstep,
1957         .cmd = "qemu.sstep:",
1958         .cmd_startswith = true,
1959         .schema = "l0"
1960     },
1961 #ifndef CONFIG_USER_ONLY
1962     {
1963         .handler = gdb_handle_set_qemu_phy_mem_mode,
1964         .cmd = "qemu.PhyMemMode:",
1965         .cmd_startswith = true,
1966         .schema = "l0"
1967     },
1968 #endif
1969 #if defined(CONFIG_USER_ONLY)
1970     {
1971         .handler = gdb_handle_set_catch_syscalls,
1972         .cmd = "CatchSyscalls:",
1973         .cmd_startswith = true,
1974         .schema = "s0",
1975     },
1976 #endif
1977 };
1978 
handle_gen_query(GArray * params,void * user_ctx)1979 static void handle_gen_query(GArray *params, void *user_ctx)
1980 {
1981     const char *data;
1982 
1983     if (!params->len) {
1984         return;
1985     }
1986 
1987     data = gdb_get_cmd_param(params, 0)->data;
1988 
1989     if (process_string_cmd(data,
1990                            gdb_gen_query_set_common_table,
1991                            ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1992         return;
1993     }
1994 
1995     if (process_string_cmd(data,
1996                            gdb_gen_query_table,
1997                            ARRAY_SIZE(gdb_gen_query_table))) {
1998         return;
1999     }
2000 
2001     if (extended_query_table &&
2002         process_extended_table(extended_query_table, data)) {
2003         return;
2004     }
2005 
2006     /* Can't handle query, return Empty response. */
2007     gdb_put_packet("");
2008 }
2009 
handle_gen_set(GArray * params,void * user_ctx)2010 static void handle_gen_set(GArray *params, void *user_ctx)
2011 {
2012     const char *data;
2013 
2014     if (!params->len) {
2015         return;
2016     }
2017 
2018     data = gdb_get_cmd_param(params, 0)->data;
2019 
2020     if (process_string_cmd(data,
2021                            gdb_gen_query_set_common_table,
2022                            ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2023         return;
2024     }
2025 
2026     if (process_string_cmd(data,
2027                            gdb_gen_set_table,
2028                            ARRAY_SIZE(gdb_gen_set_table))) {
2029         return;
2030     }
2031 
2032     if (extended_set_table &&
2033         process_extended_table(extended_set_table, data)) {
2034         return;
2035     }
2036 
2037     /* Can't handle set, return Empty response. */
2038     gdb_put_packet("");
2039 }
2040 
handle_target_halt(GArray * params,void * user_ctx)2041 static void handle_target_halt(GArray *params, void *user_ctx)
2042 {
2043     if (gdbserver_state.allow_stop_reply) {
2044         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2045         gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2046         g_string_append_c(gdbserver_state.str_buf, ';');
2047         gdb_put_strbuf();
2048         gdbserver_state.allow_stop_reply = false;
2049     }
2050     /*
2051      * Remove all the breakpoints when this query is issued,
2052      * because gdb is doing an initial connect and the state
2053      * should be cleaned up.
2054      */
2055     gdb_breakpoint_remove_all(gdbserver_state.c_cpu);
2056 }
2057 
gdb_handle_packet(const char * line_buf)2058 static int gdb_handle_packet(const char *line_buf)
2059 {
2060     const GdbCmdParseEntry *cmd_parser = NULL;
2061 
2062     trace_gdbstub_io_command(line_buf);
2063 
2064     switch (line_buf[0]) {
2065     case '!':
2066         gdb_put_packet("OK");
2067         break;
2068     case '?':
2069         {
2070             static const GdbCmdParseEntry target_halted_cmd_desc = {
2071                 .handler = handle_target_halt,
2072                 .cmd = "?",
2073                 .cmd_startswith = true,
2074                 .allow_stop_reply = true,
2075             };
2076             cmd_parser = &target_halted_cmd_desc;
2077         }
2078         break;
2079     case 'c':
2080         {
2081             static const GdbCmdParseEntry continue_cmd_desc = {
2082                 .handler = handle_continue,
2083                 .cmd = "c",
2084                 .cmd_startswith = true,
2085                 .allow_stop_reply = true,
2086                 .schema = "L0"
2087             };
2088             cmd_parser = &continue_cmd_desc;
2089         }
2090         break;
2091     case 'C':
2092         {
2093             static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2094                 .handler = handle_cont_with_sig,
2095                 .cmd = "C",
2096                 .cmd_startswith = true,
2097                 .allow_stop_reply = true,
2098                 .schema = "l0"
2099             };
2100             cmd_parser = &cont_with_sig_cmd_desc;
2101         }
2102         break;
2103     case 'v':
2104         {
2105             static const GdbCmdParseEntry v_cmd_desc = {
2106                 .handler = handle_v_commands,
2107                 .cmd = "v",
2108                 .cmd_startswith = true,
2109                 .schema = "s0"
2110             };
2111             cmd_parser = &v_cmd_desc;
2112         }
2113         break;
2114     case 'k':
2115         /* Kill the target */
2116         error_report("QEMU: Terminated via GDBstub");
2117         gdb_exit(0);
2118         gdb_qemu_exit(0);
2119         break;
2120     case 'D':
2121         {
2122             static const GdbCmdParseEntry detach_cmd_desc = {
2123                 .handler = handle_detach,
2124                 .cmd = "D",
2125                 .cmd_startswith = true,
2126                 .schema = "?.l0"
2127             };
2128             cmd_parser = &detach_cmd_desc;
2129         }
2130         break;
2131     case 's':
2132         {
2133             static const GdbCmdParseEntry step_cmd_desc = {
2134                 .handler = handle_step,
2135                 .cmd = "s",
2136                 .cmd_startswith = true,
2137                 .allow_stop_reply = true,
2138                 .schema = "L0"
2139             };
2140             cmd_parser = &step_cmd_desc;
2141         }
2142         break;
2143     case 'b':
2144         {
2145             static const GdbCmdParseEntry backward_cmd_desc = {
2146                 .handler = handle_backward,
2147                 .cmd = "b",
2148                 .cmd_startswith = true,
2149                 .allow_stop_reply = true,
2150                 .schema = "o0"
2151             };
2152             cmd_parser = &backward_cmd_desc;
2153         }
2154         break;
2155     case 'F':
2156         {
2157             static const GdbCmdParseEntry file_io_cmd_desc = {
2158                 .handler = gdb_handle_file_io,
2159                 .cmd = "F",
2160                 .cmd_startswith = true,
2161                 .schema = "L,L,o0"
2162             };
2163             cmd_parser = &file_io_cmd_desc;
2164         }
2165         break;
2166     case 'g':
2167         {
2168             static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2169                 .handler = handle_read_all_regs,
2170                 .cmd = "g",
2171                 .cmd_startswith = true
2172             };
2173             cmd_parser = &read_all_regs_cmd_desc;
2174         }
2175         break;
2176     case 'G':
2177         {
2178             static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2179                 .handler = handle_write_all_regs,
2180                 .cmd = "G",
2181                 .cmd_startswith = true,
2182                 .schema = "s0"
2183             };
2184             cmd_parser = &write_all_regs_cmd_desc;
2185         }
2186         break;
2187     case 'm':
2188         {
2189             static const GdbCmdParseEntry read_mem_cmd_desc = {
2190                 .handler = handle_read_mem,
2191                 .cmd = "m",
2192                 .cmd_startswith = true,
2193                 .schema = "L,L0"
2194             };
2195             cmd_parser = &read_mem_cmd_desc;
2196         }
2197         break;
2198     case 'M':
2199         {
2200             static const GdbCmdParseEntry write_mem_cmd_desc = {
2201                 .handler = handle_write_mem,
2202                 .cmd = "M",
2203                 .cmd_startswith = true,
2204                 .schema = "L,L:s0"
2205             };
2206             cmd_parser = &write_mem_cmd_desc;
2207         }
2208         break;
2209     case 'p':
2210         {
2211             static const GdbCmdParseEntry get_reg_cmd_desc = {
2212                 .handler = handle_get_reg,
2213                 .cmd = "p",
2214                 .cmd_startswith = true,
2215                 .schema = "L0"
2216             };
2217             cmd_parser = &get_reg_cmd_desc;
2218         }
2219         break;
2220     case 'P':
2221         {
2222             static const GdbCmdParseEntry set_reg_cmd_desc = {
2223                 .handler = handle_set_reg,
2224                 .cmd = "P",
2225                 .cmd_startswith = true,
2226                 .schema = "L?s0"
2227             };
2228             cmd_parser = &set_reg_cmd_desc;
2229         }
2230         break;
2231     case 'Z':
2232         {
2233             static const GdbCmdParseEntry insert_bp_cmd_desc = {
2234                 .handler = handle_insert_bp,
2235                 .cmd = "Z",
2236                 .cmd_startswith = true,
2237                 .schema = "l?L?L0"
2238             };
2239             cmd_parser = &insert_bp_cmd_desc;
2240         }
2241         break;
2242     case 'z':
2243         {
2244             static const GdbCmdParseEntry remove_bp_cmd_desc = {
2245                 .handler = handle_remove_bp,
2246                 .cmd = "z",
2247                 .cmd_startswith = true,
2248                 .schema = "l?L?L0"
2249             };
2250             cmd_parser = &remove_bp_cmd_desc;
2251         }
2252         break;
2253     case 'H':
2254         {
2255             static const GdbCmdParseEntry set_thread_cmd_desc = {
2256                 .handler = handle_set_thread,
2257                 .cmd = "H",
2258                 .cmd_startswith = true,
2259                 .schema = "o.t0"
2260             };
2261             cmd_parser = &set_thread_cmd_desc;
2262         }
2263         break;
2264     case 'T':
2265         {
2266             static const GdbCmdParseEntry thread_alive_cmd_desc = {
2267                 .handler = handle_thread_alive,
2268                 .cmd = "T",
2269                 .cmd_startswith = true,
2270                 .schema = "t0"
2271             };
2272             cmd_parser = &thread_alive_cmd_desc;
2273         }
2274         break;
2275     case 'q':
2276         {
2277             static const GdbCmdParseEntry gen_query_cmd_desc = {
2278                 .handler = handle_gen_query,
2279                 .cmd = "q",
2280                 .cmd_startswith = true,
2281                 .schema = "s0"
2282             };
2283             cmd_parser = &gen_query_cmd_desc;
2284         }
2285         break;
2286     case 'Q':
2287         {
2288             static const GdbCmdParseEntry gen_set_cmd_desc = {
2289                 .handler = handle_gen_set,
2290                 .cmd = "Q",
2291                 .cmd_startswith = true,
2292                 .schema = "s0"
2293             };
2294             cmd_parser = &gen_set_cmd_desc;
2295         }
2296         break;
2297     default:
2298         /* put empty packet */
2299         gdb_put_packet("");
2300         break;
2301     }
2302 
2303     if (cmd_parser) {
2304         run_cmd_parser(line_buf, cmd_parser);
2305     }
2306 
2307     return RS_IDLE;
2308 }
2309 
gdb_set_stop_cpu(CPUState * cpu)2310 void gdb_set_stop_cpu(CPUState *cpu)
2311 {
2312     GDBProcess *p = gdb_get_cpu_process(cpu);
2313 
2314     if (!p->attached) {
2315         /*
2316          * Having a stop CPU corresponding to a process that is not attached
2317          * confuses GDB. So we ignore the request.
2318          */
2319         return;
2320     }
2321 
2322     gdbserver_state.c_cpu = cpu;
2323     gdbserver_state.g_cpu = cpu;
2324 }
2325 
gdb_read_byte(uint8_t ch)2326 void gdb_read_byte(uint8_t ch)
2327 {
2328     uint8_t reply;
2329 
2330     gdbserver_state.allow_stop_reply = false;
2331 #ifndef CONFIG_USER_ONLY
2332     if (gdbserver_state.last_packet->len) {
2333         /* Waiting for a response to the last packet.  If we see the start
2334            of a new command then abandon the previous response.  */
2335         if (ch == '-') {
2336             trace_gdbstub_err_got_nack();
2337             gdb_put_buffer(gdbserver_state.last_packet->data,
2338                        gdbserver_state.last_packet->len);
2339         } else if (ch == '+') {
2340             trace_gdbstub_io_got_ack();
2341         } else {
2342             trace_gdbstub_io_got_unexpected(ch);
2343         }
2344 
2345         if (ch == '+' || ch == '$') {
2346             g_byte_array_set_size(gdbserver_state.last_packet, 0);
2347         }
2348         if (ch != '$')
2349             return;
2350     }
2351     if (runstate_is_running()) {
2352         /*
2353          * When the CPU is running, we cannot do anything except stop
2354          * it when receiving a char. This is expected on a Ctrl-C in the
2355          * gdb client. Because we are in all-stop mode, gdb sends a
2356          * 0x03 byte which is not a usual packet, so we handle it specially
2357          * here, but it does expect a stop reply.
2358          */
2359         if (ch != 0x03) {
2360             trace_gdbstub_err_unexpected_runpkt(ch);
2361         } else {
2362             gdbserver_state.allow_stop_reply = true;
2363         }
2364         vm_stop(RUN_STATE_PAUSED);
2365     } else
2366 #endif
2367     {
2368         switch(gdbserver_state.state) {
2369         case RS_IDLE:
2370             if (ch == '$') {
2371                 /* start of command packet */
2372                 gdbserver_state.line_buf_index = 0;
2373                 gdbserver_state.line_sum = 0;
2374                 gdbserver_state.state = RS_GETLINE;
2375             } else if (ch == '+') {
2376                 /*
2377                  * do nothing, gdb may preemptively send out ACKs on
2378                  * initial connection
2379                  */
2380             } else {
2381                 trace_gdbstub_err_garbage(ch);
2382             }
2383             break;
2384         case RS_GETLINE:
2385             if (ch == '}') {
2386                 /* start escape sequence */
2387                 gdbserver_state.state = RS_GETLINE_ESC;
2388                 gdbserver_state.line_sum += ch;
2389             } else if (ch == '*') {
2390                 /* start run length encoding sequence */
2391                 gdbserver_state.state = RS_GETLINE_RLE;
2392                 gdbserver_state.line_sum += ch;
2393             } else if (ch == '#') {
2394                 /* end of command, start of checksum*/
2395                 gdbserver_state.state = RS_CHKSUM1;
2396             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2397                 trace_gdbstub_err_overrun();
2398                 gdbserver_state.state = RS_IDLE;
2399             } else {
2400                 /* unescaped command character */
2401                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2402                 gdbserver_state.line_sum += ch;
2403             }
2404             break;
2405         case RS_GETLINE_ESC:
2406             if (ch == '#') {
2407                 /* unexpected end of command in escape sequence */
2408                 gdbserver_state.state = RS_CHKSUM1;
2409             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2410                 /* command buffer overrun */
2411                 trace_gdbstub_err_overrun();
2412                 gdbserver_state.state = RS_IDLE;
2413             } else {
2414                 /* parse escaped character and leave escape state */
2415                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2416                 gdbserver_state.line_sum += ch;
2417                 gdbserver_state.state = RS_GETLINE;
2418             }
2419             break;
2420         case RS_GETLINE_RLE:
2421             /*
2422              * Run-length encoding is explained in "Debugging with GDB /
2423              * Appendix E GDB Remote Serial Protocol / Overview".
2424              */
2425             if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2426                 /* invalid RLE count encoding */
2427                 trace_gdbstub_err_invalid_repeat(ch);
2428                 gdbserver_state.state = RS_GETLINE;
2429             } else {
2430                 /* decode repeat length */
2431                 int repeat = ch - ' ' + 3;
2432                 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2433                     /* that many repeats would overrun the command buffer */
2434                     trace_gdbstub_err_overrun();
2435                     gdbserver_state.state = RS_IDLE;
2436                 } else if (gdbserver_state.line_buf_index < 1) {
2437                     /* got a repeat but we have nothing to repeat */
2438                     trace_gdbstub_err_invalid_rle();
2439                     gdbserver_state.state = RS_GETLINE;
2440                 } else {
2441                     /* repeat the last character */
2442                     memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2443                            gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2444                     gdbserver_state.line_buf_index += repeat;
2445                     gdbserver_state.line_sum += ch;
2446                     gdbserver_state.state = RS_GETLINE;
2447                 }
2448             }
2449             break;
2450         case RS_CHKSUM1:
2451             /* get high hex digit of checksum */
2452             if (!isxdigit(ch)) {
2453                 trace_gdbstub_err_checksum_invalid(ch);
2454                 gdbserver_state.state = RS_GETLINE;
2455                 break;
2456             }
2457             gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2458             gdbserver_state.line_csum = fromhex(ch) << 4;
2459             gdbserver_state.state = RS_CHKSUM2;
2460             break;
2461         case RS_CHKSUM2:
2462             /* get low hex digit of checksum */
2463             if (!isxdigit(ch)) {
2464                 trace_gdbstub_err_checksum_invalid(ch);
2465                 gdbserver_state.state = RS_GETLINE;
2466                 break;
2467             }
2468             gdbserver_state.line_csum |= fromhex(ch);
2469 
2470             if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2471                 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2472                 /* send NAK reply */
2473                 reply = '-';
2474                 gdb_put_buffer(&reply, 1);
2475                 gdbserver_state.state = RS_IDLE;
2476             } else {
2477                 /* send ACK reply */
2478                 reply = '+';
2479                 gdb_put_buffer(&reply, 1);
2480                 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2481             }
2482             break;
2483         default:
2484             abort();
2485         }
2486     }
2487 }
2488 
2489 /*
2490  * Create the process that will contain all the "orphan" CPUs (that are not
2491  * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2492  * be attachable and thus will be invisible to the user.
2493  */
gdb_create_default_process(GDBState * s)2494 void gdb_create_default_process(GDBState *s)
2495 {
2496     GDBProcess *process;
2497     int pid;
2498 
2499 #ifdef CONFIG_USER_ONLY
2500     assert(gdbserver_state.process_num == 0);
2501     pid = getpid();
2502 #else
2503     if (gdbserver_state.process_num) {
2504         pid = s->processes[s->process_num - 1].pid;
2505     } else {
2506         pid = 0;
2507     }
2508     /* We need an available PID slot for this process */
2509     assert(pid < UINT32_MAX);
2510     pid++;
2511 #endif
2512 
2513     s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2514     process = &s->processes[s->process_num - 1];
2515     process->pid = pid;
2516     process->attached = false;
2517     process->target_xml = NULL;
2518 }
2519 
2520