xref: /openbmc/qemu/gdbstub/gdbstub.c (revision 5b5968c4)
1 /*
2  * gdb server stub
3  *
4  * This implements a subset of the remote protocol as described in:
5  *
6  *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7  *
8  * Copyright (c) 2003-2005 Fabrice Bellard
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22  *
23  * SPDX-License-Identifier: LGPL-2.0+
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/error.h"
28 #include "qemu/error-report.h"
29 #include "qemu/ctype.h"
30 #include "qemu/cutils.h"
31 #include "qemu/module.h"
32 #include "trace.h"
33 #include "exec/gdbstub.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "qemu.h"
36 #else
37 #include "monitor/monitor.h"
38 #include "chardev/char.h"
39 #include "chardev/char-fe.h"
40 #include "hw/cpu/cluster.h"
41 #include "hw/boards.h"
42 #endif
43 
44 #define MAX_PACKET_LENGTH 4096
45 
46 #include "qemu/sockets.h"
47 #include "sysemu/hw_accel.h"
48 #include "sysemu/runstate.h"
49 #include "semihosting/semihost.h"
50 #include "exec/exec-all.h"
51 #include "exec/replay-core.h"
52 
53 #include "internals.h"
54 
55 #ifdef CONFIG_USER_ONLY
56 #define GDB_ATTACHED "0"
57 #else
58 #define GDB_ATTACHED "1"
59 #endif
60 
61 #ifndef CONFIG_USER_ONLY
62 static int phy_memory_mode;
63 #endif
64 
65 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
66                                          uint8_t *buf, int len, bool is_write)
67 {
68     CPUClass *cc;
69 
70 #ifndef CONFIG_USER_ONLY
71     if (phy_memory_mode) {
72         if (is_write) {
73             cpu_physical_memory_write(addr, buf, len);
74         } else {
75             cpu_physical_memory_read(addr, buf, len);
76         }
77         return 0;
78     }
79 #endif
80 
81     cc = CPU_GET_CLASS(cpu);
82     if (cc->memory_rw_debug) {
83         return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
84     }
85     return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
86 }
87 
88 /* Return the GDB index for a given vCPU state.
89  *
90  * For user mode this is simply the thread id. In system mode GDB
91  * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
92  */
93 static inline int cpu_gdb_index(CPUState *cpu)
94 {
95 #if defined(CONFIG_USER_ONLY)
96     TaskState *ts = (TaskState *) cpu->opaque;
97     return ts ? ts->ts_tid : -1;
98 #else
99     return cpu->cpu_index + 1;
100 #endif
101 }
102 
103 enum {
104     GDB_SIGNAL_0 = 0,
105     GDB_SIGNAL_INT = 2,
106     GDB_SIGNAL_QUIT = 3,
107     GDB_SIGNAL_TRAP = 5,
108     GDB_SIGNAL_ABRT = 6,
109     GDB_SIGNAL_ALRM = 14,
110     GDB_SIGNAL_IO = 23,
111     GDB_SIGNAL_XCPU = 24,
112     GDB_SIGNAL_UNKNOWN = 143
113 };
114 
115 #ifdef CONFIG_USER_ONLY
116 
117 /* Map target signal numbers to GDB protocol signal numbers and vice
118  * versa.  For user emulation's currently supported systems, we can
119  * assume most signals are defined.
120  */
121 
122 static int gdb_signal_table[] = {
123     0,
124     TARGET_SIGHUP,
125     TARGET_SIGINT,
126     TARGET_SIGQUIT,
127     TARGET_SIGILL,
128     TARGET_SIGTRAP,
129     TARGET_SIGABRT,
130     -1, /* SIGEMT */
131     TARGET_SIGFPE,
132     TARGET_SIGKILL,
133     TARGET_SIGBUS,
134     TARGET_SIGSEGV,
135     TARGET_SIGSYS,
136     TARGET_SIGPIPE,
137     TARGET_SIGALRM,
138     TARGET_SIGTERM,
139     TARGET_SIGURG,
140     TARGET_SIGSTOP,
141     TARGET_SIGTSTP,
142     TARGET_SIGCONT,
143     TARGET_SIGCHLD,
144     TARGET_SIGTTIN,
145     TARGET_SIGTTOU,
146     TARGET_SIGIO,
147     TARGET_SIGXCPU,
148     TARGET_SIGXFSZ,
149     TARGET_SIGVTALRM,
150     TARGET_SIGPROF,
151     TARGET_SIGWINCH,
152     -1, /* SIGLOST */
153     TARGET_SIGUSR1,
154     TARGET_SIGUSR2,
155 #ifdef TARGET_SIGPWR
156     TARGET_SIGPWR,
157 #else
158     -1,
159 #endif
160     -1, /* SIGPOLL */
161     -1,
162     -1,
163     -1,
164     -1,
165     -1,
166     -1,
167     -1,
168     -1,
169     -1,
170     -1,
171     -1,
172 #ifdef __SIGRTMIN
173     __SIGRTMIN + 1,
174     __SIGRTMIN + 2,
175     __SIGRTMIN + 3,
176     __SIGRTMIN + 4,
177     __SIGRTMIN + 5,
178     __SIGRTMIN + 6,
179     __SIGRTMIN + 7,
180     __SIGRTMIN + 8,
181     __SIGRTMIN + 9,
182     __SIGRTMIN + 10,
183     __SIGRTMIN + 11,
184     __SIGRTMIN + 12,
185     __SIGRTMIN + 13,
186     __SIGRTMIN + 14,
187     __SIGRTMIN + 15,
188     __SIGRTMIN + 16,
189     __SIGRTMIN + 17,
190     __SIGRTMIN + 18,
191     __SIGRTMIN + 19,
192     __SIGRTMIN + 20,
193     __SIGRTMIN + 21,
194     __SIGRTMIN + 22,
195     __SIGRTMIN + 23,
196     __SIGRTMIN + 24,
197     __SIGRTMIN + 25,
198     __SIGRTMIN + 26,
199     __SIGRTMIN + 27,
200     __SIGRTMIN + 28,
201     __SIGRTMIN + 29,
202     __SIGRTMIN + 30,
203     __SIGRTMIN + 31,
204     -1, /* SIGCANCEL */
205     __SIGRTMIN,
206     __SIGRTMIN + 32,
207     __SIGRTMIN + 33,
208     __SIGRTMIN + 34,
209     __SIGRTMIN + 35,
210     __SIGRTMIN + 36,
211     __SIGRTMIN + 37,
212     __SIGRTMIN + 38,
213     __SIGRTMIN + 39,
214     __SIGRTMIN + 40,
215     __SIGRTMIN + 41,
216     __SIGRTMIN + 42,
217     __SIGRTMIN + 43,
218     __SIGRTMIN + 44,
219     __SIGRTMIN + 45,
220     __SIGRTMIN + 46,
221     __SIGRTMIN + 47,
222     __SIGRTMIN + 48,
223     __SIGRTMIN + 49,
224     __SIGRTMIN + 50,
225     __SIGRTMIN + 51,
226     __SIGRTMIN + 52,
227     __SIGRTMIN + 53,
228     __SIGRTMIN + 54,
229     __SIGRTMIN + 55,
230     __SIGRTMIN + 56,
231     __SIGRTMIN + 57,
232     __SIGRTMIN + 58,
233     __SIGRTMIN + 59,
234     __SIGRTMIN + 60,
235     __SIGRTMIN + 61,
236     __SIGRTMIN + 62,
237     __SIGRTMIN + 63,
238     __SIGRTMIN + 64,
239     __SIGRTMIN + 65,
240     __SIGRTMIN + 66,
241     __SIGRTMIN + 67,
242     __SIGRTMIN + 68,
243     __SIGRTMIN + 69,
244     __SIGRTMIN + 70,
245     __SIGRTMIN + 71,
246     __SIGRTMIN + 72,
247     __SIGRTMIN + 73,
248     __SIGRTMIN + 74,
249     __SIGRTMIN + 75,
250     __SIGRTMIN + 76,
251     __SIGRTMIN + 77,
252     __SIGRTMIN + 78,
253     __SIGRTMIN + 79,
254     __SIGRTMIN + 80,
255     __SIGRTMIN + 81,
256     __SIGRTMIN + 82,
257     __SIGRTMIN + 83,
258     __SIGRTMIN + 84,
259     __SIGRTMIN + 85,
260     __SIGRTMIN + 86,
261     __SIGRTMIN + 87,
262     __SIGRTMIN + 88,
263     __SIGRTMIN + 89,
264     __SIGRTMIN + 90,
265     __SIGRTMIN + 91,
266     __SIGRTMIN + 92,
267     __SIGRTMIN + 93,
268     __SIGRTMIN + 94,
269     __SIGRTMIN + 95,
270     -1, /* SIGINFO */
271     -1, /* UNKNOWN */
272     -1, /* DEFAULT */
273     -1,
274     -1,
275     -1,
276     -1,
277     -1,
278     -1
279 #endif
280 };
281 #else
282 /* In system mode we only need SIGINT and SIGTRAP; other signals
283    are not yet supported.  */
284 
285 enum {
286     TARGET_SIGINT = 2,
287     TARGET_SIGTRAP = 5
288 };
289 
290 static int gdb_signal_table[] = {
291     -1,
292     -1,
293     TARGET_SIGINT,
294     -1,
295     -1,
296     TARGET_SIGTRAP
297 };
298 #endif
299 
300 #ifdef CONFIG_USER_ONLY
301 static int target_signal_to_gdb (int sig)
302 {
303     int i;
304     for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
305         if (gdb_signal_table[i] == sig)
306             return i;
307     return GDB_SIGNAL_UNKNOWN;
308 }
309 #endif
310 
311 static int gdb_signal_to_target (int sig)
312 {
313     if (sig < ARRAY_SIZE (gdb_signal_table))
314         return gdb_signal_table[sig];
315     else
316         return -1;
317 }
318 
319 typedef struct GDBRegisterState {
320     int base_reg;
321     int num_regs;
322     gdb_get_reg_cb get_reg;
323     gdb_set_reg_cb set_reg;
324     const char *xml;
325     struct GDBRegisterState *next;
326 } GDBRegisterState;
327 
328 typedef struct GDBProcess {
329     uint32_t pid;
330     bool attached;
331 
332     char target_xml[1024];
333 } GDBProcess;
334 
335 enum RSState {
336     RS_INACTIVE,
337     RS_IDLE,
338     RS_GETLINE,
339     RS_GETLINE_ESC,
340     RS_GETLINE_RLE,
341     RS_CHKSUM1,
342     RS_CHKSUM2,
343 };
344 typedef struct GDBState {
345     bool init;       /* have we been initialised? */
346     CPUState *c_cpu; /* current CPU for step/continue ops */
347     CPUState *g_cpu; /* current CPU for other ops */
348     CPUState *query_cpu; /* for q{f|s}ThreadInfo */
349     enum RSState state; /* parsing state */
350     char line_buf[MAX_PACKET_LENGTH];
351     int line_buf_index;
352     int line_sum; /* running checksum */
353     int line_csum; /* checksum at the end of the packet */
354     GByteArray *last_packet;
355     int signal;
356 #ifdef CONFIG_USER_ONLY
357     int fd;
358     char *socket_path;
359     int running_state;
360 #else
361     CharBackend chr;
362     Chardev *mon_chr;
363 #endif
364     bool multiprocess;
365     GDBProcess *processes;
366     int process_num;
367     char syscall_buf[256];
368     gdb_syscall_complete_cb current_syscall_cb;
369     GString *str_buf;
370     GByteArray *mem_buf;
371     int sstep_flags;
372     int supported_sstep_flags;
373 } GDBState;
374 
375 static GDBState gdbserver_state;
376 
377 static void init_gdbserver_state(void)
378 {
379     g_assert(!gdbserver_state.init);
380     memset(&gdbserver_state, 0, sizeof(GDBState));
381     gdbserver_state.init = true;
382     gdbserver_state.str_buf = g_string_new(NULL);
383     gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
384     gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
385 
386     /*
387      * What single-step modes are supported is accelerator dependent.
388      * By default try to use no IRQs and no timers while single
389      * stepping so as to make single stepping like a typical ICE HW step.
390      */
391     gdbserver_state.supported_sstep_flags = accel_supported_gdbstub_sstep_flags();
392     gdbserver_state.sstep_flags = SSTEP_ENABLE | SSTEP_NOIRQ | SSTEP_NOTIMER;
393     gdbserver_state.sstep_flags &= gdbserver_state.supported_sstep_flags;
394 }
395 
396 #ifndef CONFIG_USER_ONLY
397 static void reset_gdbserver_state(void)
398 {
399     g_free(gdbserver_state.processes);
400     gdbserver_state.processes = NULL;
401     gdbserver_state.process_num = 0;
402 }
403 #endif
404 
405 bool gdb_has_xml;
406 
407 #ifdef CONFIG_USER_ONLY
408 
409 static int get_char(void)
410 {
411     uint8_t ch;
412     int ret;
413 
414     for(;;) {
415         ret = recv(gdbserver_state.fd, &ch, 1, 0);
416         if (ret < 0) {
417             if (errno == ECONNRESET)
418                 gdbserver_state.fd = -1;
419             if (errno != EINTR)
420                 return -1;
421         } else if (ret == 0) {
422             close(gdbserver_state.fd);
423             gdbserver_state.fd = -1;
424             return -1;
425         } else {
426             break;
427         }
428     }
429     return ch;
430 }
431 #endif
432 
433 /*
434  * Return true if there is a GDB currently connected to the stub
435  * and attached to a CPU
436  */
437 static bool gdb_attached(void)
438 {
439     return gdbserver_state.init && gdbserver_state.c_cpu;
440 }
441 
442 static enum {
443     GDB_SYS_UNKNOWN,
444     GDB_SYS_ENABLED,
445     GDB_SYS_DISABLED,
446 } gdb_syscall_mode;
447 
448 /* Decide if either remote gdb syscalls or native file IO should be used. */
449 int use_gdb_syscalls(void)
450 {
451     SemihostingTarget target = semihosting_get_target();
452     if (target == SEMIHOSTING_TARGET_NATIVE) {
453         /* -semihosting-config target=native */
454         return false;
455     } else if (target == SEMIHOSTING_TARGET_GDB) {
456         /* -semihosting-config target=gdb */
457         return true;
458     }
459 
460     /* -semihosting-config target=auto */
461     /* On the first call check if gdb is connected and remember. */
462     if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
463         gdb_syscall_mode = gdb_attached() ? GDB_SYS_ENABLED : GDB_SYS_DISABLED;
464     }
465     return gdb_syscall_mode == GDB_SYS_ENABLED;
466 }
467 
468 static bool stub_can_reverse(void)
469 {
470 #ifdef CONFIG_USER_ONLY
471     return false;
472 #else
473     return replay_mode == REPLAY_MODE_PLAY;
474 #endif
475 }
476 
477 /* Resume execution.  */
478 static inline void gdb_continue(void)
479 {
480 
481 #ifdef CONFIG_USER_ONLY
482     gdbserver_state.running_state = 1;
483     trace_gdbstub_op_continue();
484 #else
485     if (!runstate_needs_reset()) {
486         trace_gdbstub_op_continue();
487         vm_start();
488     }
489 #endif
490 }
491 
492 /*
493  * Resume execution, per CPU actions. For user-mode emulation it's
494  * equivalent to gdb_continue.
495  */
496 static int gdb_continue_partial(char *newstates)
497 {
498     CPUState *cpu;
499     int res = 0;
500 #ifdef CONFIG_USER_ONLY
501     /*
502      * This is not exactly accurate, but it's an improvement compared to the
503      * previous situation, where only one CPU would be single-stepped.
504      */
505     CPU_FOREACH(cpu) {
506         if (newstates[cpu->cpu_index] == 's') {
507             trace_gdbstub_op_stepping(cpu->cpu_index);
508             cpu_single_step(cpu, gdbserver_state.sstep_flags);
509         }
510     }
511     gdbserver_state.running_state = 1;
512 #else
513     int flag = 0;
514 
515     if (!runstate_needs_reset()) {
516         bool step_requested = false;
517         CPU_FOREACH(cpu) {
518             if (newstates[cpu->cpu_index] == 's') {
519                 step_requested = true;
520                 break;
521             }
522         }
523 
524         if (vm_prepare_start(step_requested)) {
525             return 0;
526         }
527 
528         CPU_FOREACH(cpu) {
529             switch (newstates[cpu->cpu_index]) {
530             case 0:
531             case 1:
532                 break; /* nothing to do here */
533             case 's':
534                 trace_gdbstub_op_stepping(cpu->cpu_index);
535                 cpu_single_step(cpu, gdbserver_state.sstep_flags);
536                 cpu_resume(cpu);
537                 flag = 1;
538                 break;
539             case 'c':
540                 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
541                 cpu_resume(cpu);
542                 flag = 1;
543                 break;
544             default:
545                 res = -1;
546                 break;
547             }
548         }
549     }
550     if (flag) {
551         qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
552     }
553 #endif
554     return res;
555 }
556 
557 static void put_buffer(const uint8_t *buf, int len)
558 {
559 #ifdef CONFIG_USER_ONLY
560     int ret;
561 
562     while (len > 0) {
563         ret = send(gdbserver_state.fd, buf, len, 0);
564         if (ret < 0) {
565             if (errno != EINTR)
566                 return;
567         } else {
568             buf += ret;
569             len -= ret;
570         }
571     }
572 #else
573     /* XXX this blocks entire thread. Rewrite to use
574      * qemu_chr_fe_write and background I/O callbacks */
575     qemu_chr_fe_write_all(&gdbserver_state.chr, buf, len);
576 #endif
577 }
578 
579 static inline int fromhex(int v)
580 {
581     if (v >= '0' && v <= '9')
582         return v - '0';
583     else if (v >= 'A' && v <= 'F')
584         return v - 'A' + 10;
585     else if (v >= 'a' && v <= 'f')
586         return v - 'a' + 10;
587     else
588         return 0;
589 }
590 
591 static inline int tohex(int v)
592 {
593     if (v < 10)
594         return v + '0';
595     else
596         return v - 10 + 'a';
597 }
598 
599 /* writes 2*len+1 bytes in buf */
600 static void memtohex(GString *buf, const uint8_t *mem, int len)
601 {
602     int i, c;
603     for(i = 0; i < len; i++) {
604         c = mem[i];
605         g_string_append_c(buf, tohex(c >> 4));
606         g_string_append_c(buf, tohex(c & 0xf));
607     }
608     g_string_append_c(buf, '\0');
609 }
610 
611 static void hextomem(GByteArray *mem, const char *buf, int len)
612 {
613     int i;
614 
615     for(i = 0; i < len; i++) {
616         guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
617         g_byte_array_append(mem, &byte, 1);
618         buf += 2;
619     }
620 }
621 
622 static void hexdump(const char *buf, int len,
623                     void (*trace_fn)(size_t ofs, char const *text))
624 {
625     char line_buffer[3 * 16 + 4 + 16 + 1];
626 
627     size_t i;
628     for (i = 0; i < len || (i & 0xF); ++i) {
629         size_t byte_ofs = i & 15;
630 
631         if (byte_ofs == 0) {
632             memset(line_buffer, ' ', 3 * 16 + 4 + 16);
633             line_buffer[3 * 16 + 4 + 16] = 0;
634         }
635 
636         size_t col_group = (i >> 2) & 3;
637         size_t hex_col = byte_ofs * 3 + col_group;
638         size_t txt_col = 3 * 16 + 4 + byte_ofs;
639 
640         if (i < len) {
641             char value = buf[i];
642 
643             line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
644             line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
645             line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
646                     ? value
647                     : '.';
648         }
649 
650         if (byte_ofs == 0xF)
651             trace_fn(i & -16, line_buffer);
652     }
653 }
654 
655 /* return -1 if error, 0 if OK */
656 static int put_packet_binary(const char *buf, int len, bool dump)
657 {
658     int csum, i;
659     uint8_t footer[3];
660 
661     if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
662         hexdump(buf, len, trace_gdbstub_io_binaryreply);
663     }
664 
665     for(;;) {
666         g_byte_array_set_size(gdbserver_state.last_packet, 0);
667         g_byte_array_append(gdbserver_state.last_packet,
668                             (const uint8_t *) "$", 1);
669         g_byte_array_append(gdbserver_state.last_packet,
670                             (const uint8_t *) buf, len);
671         csum = 0;
672         for(i = 0; i < len; i++) {
673             csum += buf[i];
674         }
675         footer[0] = '#';
676         footer[1] = tohex((csum >> 4) & 0xf);
677         footer[2] = tohex((csum) & 0xf);
678         g_byte_array_append(gdbserver_state.last_packet, footer, 3);
679 
680         put_buffer(gdbserver_state.last_packet->data,
681                    gdbserver_state.last_packet->len);
682 
683 #ifdef CONFIG_USER_ONLY
684         i = get_char();
685         if (i < 0)
686             return -1;
687         if (i == '+')
688             break;
689 #else
690         break;
691 #endif
692     }
693     return 0;
694 }
695 
696 /* return -1 if error, 0 if OK */
697 static int put_packet(const char *buf)
698 {
699     trace_gdbstub_io_reply(buf);
700 
701     return put_packet_binary(buf, strlen(buf), false);
702 }
703 
704 static void put_strbuf(void)
705 {
706     put_packet(gdbserver_state.str_buf->str);
707 }
708 
709 /* Encode data using the encoding for 'x' packets.  */
710 static void memtox(GString *buf, const char *mem, int len)
711 {
712     char c;
713 
714     while (len--) {
715         c = *(mem++);
716         switch (c) {
717         case '#': case '$': case '*': case '}':
718             g_string_append_c(buf, '}');
719             g_string_append_c(buf, c ^ 0x20);
720             break;
721         default:
722             g_string_append_c(buf, c);
723             break;
724         }
725     }
726 }
727 
728 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
729 {
730     /* TODO: In user mode, we should use the task state PID */
731     if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
732         /* Return the default process' PID */
733         int index = gdbserver_state.process_num - 1;
734         return gdbserver_state.processes[index].pid;
735     }
736     return cpu->cluster_index + 1;
737 }
738 
739 static GDBProcess *gdb_get_process(uint32_t pid)
740 {
741     int i;
742 
743     if (!pid) {
744         /* 0 means any process, we take the first one */
745         return &gdbserver_state.processes[0];
746     }
747 
748     for (i = 0; i < gdbserver_state.process_num; i++) {
749         if (gdbserver_state.processes[i].pid == pid) {
750             return &gdbserver_state.processes[i];
751         }
752     }
753 
754     return NULL;
755 }
756 
757 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
758 {
759     return gdb_get_process(gdb_get_cpu_pid(cpu));
760 }
761 
762 static CPUState *find_cpu(uint32_t thread_id)
763 {
764     CPUState *cpu;
765 
766     CPU_FOREACH(cpu) {
767         if (cpu_gdb_index(cpu) == thread_id) {
768             return cpu;
769         }
770     }
771 
772     return NULL;
773 }
774 
775 static CPUState *get_first_cpu_in_process(GDBProcess *process)
776 {
777     CPUState *cpu;
778 
779     CPU_FOREACH(cpu) {
780         if (gdb_get_cpu_pid(cpu) == process->pid) {
781             return cpu;
782         }
783     }
784 
785     return NULL;
786 }
787 
788 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
789 {
790     uint32_t pid = gdb_get_cpu_pid(cpu);
791     cpu = CPU_NEXT(cpu);
792 
793     while (cpu) {
794         if (gdb_get_cpu_pid(cpu) == pid) {
795             break;
796         }
797 
798         cpu = CPU_NEXT(cpu);
799     }
800 
801     return cpu;
802 }
803 
804 /* Return the cpu following @cpu, while ignoring unattached processes. */
805 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
806 {
807     cpu = CPU_NEXT(cpu);
808 
809     while (cpu) {
810         if (gdb_get_cpu_process(cpu)->attached) {
811             break;
812         }
813 
814         cpu = CPU_NEXT(cpu);
815     }
816 
817     return cpu;
818 }
819 
820 /* Return the first attached cpu */
821 static CPUState *gdb_first_attached_cpu(void)
822 {
823     CPUState *cpu = first_cpu;
824     GDBProcess *process = gdb_get_cpu_process(cpu);
825 
826     if (!process->attached) {
827         return gdb_next_attached_cpu(cpu);
828     }
829 
830     return cpu;
831 }
832 
833 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
834 {
835     GDBProcess *process;
836     CPUState *cpu;
837 
838     if (!pid && !tid) {
839         /* 0 means any process/thread, we take the first attached one */
840         return gdb_first_attached_cpu();
841     } else if (pid && !tid) {
842         /* any thread in a specific process */
843         process = gdb_get_process(pid);
844 
845         if (process == NULL) {
846             return NULL;
847         }
848 
849         if (!process->attached) {
850             return NULL;
851         }
852 
853         return get_first_cpu_in_process(process);
854     } else {
855         /* a specific thread */
856         cpu = find_cpu(tid);
857 
858         if (cpu == NULL) {
859             return NULL;
860         }
861 
862         process = gdb_get_cpu_process(cpu);
863 
864         if (pid && process->pid != pid) {
865             return NULL;
866         }
867 
868         if (!process->attached) {
869             return NULL;
870         }
871 
872         return cpu;
873     }
874 }
875 
876 static const char *get_feature_xml(const char *p, const char **newp,
877                                    GDBProcess *process)
878 {
879     size_t len;
880     int i;
881     const char *name;
882     CPUState *cpu = get_first_cpu_in_process(process);
883     CPUClass *cc = CPU_GET_CLASS(cpu);
884 
885     len = 0;
886     while (p[len] && p[len] != ':')
887         len++;
888     *newp = p + len;
889 
890     name = NULL;
891     if (strncmp(p, "target.xml", len) == 0) {
892         char *buf = process->target_xml;
893         const size_t buf_sz = sizeof(process->target_xml);
894 
895         /* Generate the XML description for this CPU.  */
896         if (!buf[0]) {
897             GDBRegisterState *r;
898 
899             pstrcat(buf, buf_sz,
900                     "<?xml version=\"1.0\"?>"
901                     "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
902                     "<target>");
903             if (cc->gdb_arch_name) {
904                 gchar *arch = cc->gdb_arch_name(cpu);
905                 pstrcat(buf, buf_sz, "<architecture>");
906                 pstrcat(buf, buf_sz, arch);
907                 pstrcat(buf, buf_sz, "</architecture>");
908                 g_free(arch);
909             }
910             pstrcat(buf, buf_sz, "<xi:include href=\"");
911             pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
912             pstrcat(buf, buf_sz, "\"/>");
913             for (r = cpu->gdb_regs; r; r = r->next) {
914                 pstrcat(buf, buf_sz, "<xi:include href=\"");
915                 pstrcat(buf, buf_sz, r->xml);
916                 pstrcat(buf, buf_sz, "\"/>");
917             }
918             pstrcat(buf, buf_sz, "</target>");
919         }
920         return buf;
921     }
922     if (cc->gdb_get_dynamic_xml) {
923         char *xmlname = g_strndup(p, len);
924         const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
925 
926         g_free(xmlname);
927         if (xml) {
928             return xml;
929         }
930     }
931     for (i = 0; ; i++) {
932         name = xml_builtin[i][0];
933         if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
934             break;
935     }
936     return name ? xml_builtin[i][1] : NULL;
937 }
938 
939 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
940 {
941     CPUClass *cc = CPU_GET_CLASS(cpu);
942     CPUArchState *env = cpu->env_ptr;
943     GDBRegisterState *r;
944 
945     if (reg < cc->gdb_num_core_regs) {
946         return cc->gdb_read_register(cpu, buf, reg);
947     }
948 
949     for (r = cpu->gdb_regs; r; r = r->next) {
950         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
951             return r->get_reg(env, buf, reg - r->base_reg);
952         }
953     }
954     return 0;
955 }
956 
957 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
958 {
959     CPUClass *cc = CPU_GET_CLASS(cpu);
960     CPUArchState *env = cpu->env_ptr;
961     GDBRegisterState *r;
962 
963     if (reg < cc->gdb_num_core_regs) {
964         return cc->gdb_write_register(cpu, mem_buf, reg);
965     }
966 
967     for (r = cpu->gdb_regs; r; r = r->next) {
968         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
969             return r->set_reg(env, mem_buf, reg - r->base_reg);
970         }
971     }
972     return 0;
973 }
974 
975 /* Register a supplemental set of CPU registers.  If g_pos is nonzero it
976    specifies the first register number and these registers are included in
977    a standard "g" packet.  Direction is relative to gdb, i.e. get_reg is
978    gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
979  */
980 
981 void gdb_register_coprocessor(CPUState *cpu,
982                               gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
983                               int num_regs, const char *xml, int g_pos)
984 {
985     GDBRegisterState *s;
986     GDBRegisterState **p;
987 
988     p = &cpu->gdb_regs;
989     while (*p) {
990         /* Check for duplicates.  */
991         if (strcmp((*p)->xml, xml) == 0)
992             return;
993         p = &(*p)->next;
994     }
995 
996     s = g_new0(GDBRegisterState, 1);
997     s->base_reg = cpu->gdb_num_regs;
998     s->num_regs = num_regs;
999     s->get_reg = get_reg;
1000     s->set_reg = set_reg;
1001     s->xml = xml;
1002 
1003     /* Add to end of list.  */
1004     cpu->gdb_num_regs += num_regs;
1005     *p = s;
1006     if (g_pos) {
1007         if (g_pos != s->base_reg) {
1008             error_report("Error: Bad gdb register numbering for '%s', "
1009                          "expected %d got %d", xml, g_pos, s->base_reg);
1010         } else {
1011             cpu->gdb_num_g_regs = cpu->gdb_num_regs;
1012         }
1013     }
1014 }
1015 
1016 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
1017 {
1018     CPUState *cpu = get_first_cpu_in_process(p);
1019 
1020     while (cpu) {
1021         gdb_breakpoint_remove_all(cpu);
1022         cpu = gdb_next_cpu_in_process(cpu);
1023     }
1024 }
1025 
1026 
1027 static void gdb_set_cpu_pc(target_ulong pc)
1028 {
1029     CPUState *cpu = gdbserver_state.c_cpu;
1030 
1031     cpu_synchronize_state(cpu);
1032     cpu_set_pc(cpu, pc);
1033 }
1034 
1035 static void gdb_append_thread_id(CPUState *cpu, GString *buf)
1036 {
1037     if (gdbserver_state.multiprocess) {
1038         g_string_append_printf(buf, "p%02x.%02x",
1039                                gdb_get_cpu_pid(cpu), cpu_gdb_index(cpu));
1040     } else {
1041         g_string_append_printf(buf, "%02x", cpu_gdb_index(cpu));
1042     }
1043 }
1044 
1045 typedef enum GDBThreadIdKind {
1046     GDB_ONE_THREAD = 0,
1047     GDB_ALL_THREADS,     /* One process, all threads */
1048     GDB_ALL_PROCESSES,
1049     GDB_READ_THREAD_ERR
1050 } GDBThreadIdKind;
1051 
1052 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1053                                       uint32_t *pid, uint32_t *tid)
1054 {
1055     unsigned long p, t;
1056     int ret;
1057 
1058     if (*buf == 'p') {
1059         buf++;
1060         ret = qemu_strtoul(buf, &buf, 16, &p);
1061 
1062         if (ret) {
1063             return GDB_READ_THREAD_ERR;
1064         }
1065 
1066         /* Skip '.' */
1067         buf++;
1068     } else {
1069         p = 1;
1070     }
1071 
1072     ret = qemu_strtoul(buf, &buf, 16, &t);
1073 
1074     if (ret) {
1075         return GDB_READ_THREAD_ERR;
1076     }
1077 
1078     *end_buf = buf;
1079 
1080     if (p == -1) {
1081         return GDB_ALL_PROCESSES;
1082     }
1083 
1084     if (pid) {
1085         *pid = p;
1086     }
1087 
1088     if (t == -1) {
1089         return GDB_ALL_THREADS;
1090     }
1091 
1092     if (tid) {
1093         *tid = t;
1094     }
1095 
1096     return GDB_ONE_THREAD;
1097 }
1098 
1099 /**
1100  * gdb_handle_vcont - Parses and handles a vCont packet.
1101  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1102  *         a format error, 0 on success.
1103  */
1104 static int gdb_handle_vcont(const char *p)
1105 {
1106     int res, signal = 0;
1107     char cur_action;
1108     char *newstates;
1109     unsigned long tmp;
1110     uint32_t pid, tid;
1111     GDBProcess *process;
1112     CPUState *cpu;
1113     GDBThreadIdKind kind;
1114 #ifdef CONFIG_USER_ONLY
1115     int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1116 
1117     CPU_FOREACH(cpu) {
1118         max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1119     }
1120 #else
1121     MachineState *ms = MACHINE(qdev_get_machine());
1122     unsigned int max_cpus = ms->smp.max_cpus;
1123 #endif
1124     /* uninitialised CPUs stay 0 */
1125     newstates = g_new0(char, max_cpus);
1126 
1127     /* mark valid CPUs with 1 */
1128     CPU_FOREACH(cpu) {
1129         newstates[cpu->cpu_index] = 1;
1130     }
1131 
1132     /*
1133      * res keeps track of what error we are returning, with -ENOTSUP meaning
1134      * that the command is unknown or unsupported, thus returning an empty
1135      * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1136      *  or incorrect parameters passed.
1137      */
1138     res = 0;
1139     while (*p) {
1140         if (*p++ != ';') {
1141             res = -ENOTSUP;
1142             goto out;
1143         }
1144 
1145         cur_action = *p++;
1146         if (cur_action == 'C' || cur_action == 'S') {
1147             cur_action = qemu_tolower(cur_action);
1148             res = qemu_strtoul(p, &p, 16, &tmp);
1149             if (res) {
1150                 goto out;
1151             }
1152             signal = gdb_signal_to_target(tmp);
1153         } else if (cur_action != 'c' && cur_action != 's') {
1154             /* unknown/invalid/unsupported command */
1155             res = -ENOTSUP;
1156             goto out;
1157         }
1158 
1159         if (*p == '\0' || *p == ';') {
1160             /*
1161              * No thread specifier, action is on "all threads". The
1162              * specification is unclear regarding the process to act on. We
1163              * choose all processes.
1164              */
1165             kind = GDB_ALL_PROCESSES;
1166         } else if (*p++ == ':') {
1167             kind = read_thread_id(p, &p, &pid, &tid);
1168         } else {
1169             res = -ENOTSUP;
1170             goto out;
1171         }
1172 
1173         switch (kind) {
1174         case GDB_READ_THREAD_ERR:
1175             res = -EINVAL;
1176             goto out;
1177 
1178         case GDB_ALL_PROCESSES:
1179             cpu = gdb_first_attached_cpu();
1180             while (cpu) {
1181                 if (newstates[cpu->cpu_index] == 1) {
1182                     newstates[cpu->cpu_index] = cur_action;
1183                 }
1184 
1185                 cpu = gdb_next_attached_cpu(cpu);
1186             }
1187             break;
1188 
1189         case GDB_ALL_THREADS:
1190             process = gdb_get_process(pid);
1191 
1192             if (!process->attached) {
1193                 res = -EINVAL;
1194                 goto out;
1195             }
1196 
1197             cpu = get_first_cpu_in_process(process);
1198             while (cpu) {
1199                 if (newstates[cpu->cpu_index] == 1) {
1200                     newstates[cpu->cpu_index] = cur_action;
1201                 }
1202 
1203                 cpu = gdb_next_cpu_in_process(cpu);
1204             }
1205             break;
1206 
1207         case GDB_ONE_THREAD:
1208             cpu = gdb_get_cpu(pid, tid);
1209 
1210             /* invalid CPU/thread specified */
1211             if (!cpu) {
1212                 res = -EINVAL;
1213                 goto out;
1214             }
1215 
1216             /* only use if no previous match occourred */
1217             if (newstates[cpu->cpu_index] == 1) {
1218                 newstates[cpu->cpu_index] = cur_action;
1219             }
1220             break;
1221         }
1222     }
1223     gdbserver_state.signal = signal;
1224     gdb_continue_partial(newstates);
1225 
1226 out:
1227     g_free(newstates);
1228 
1229     return res;
1230 }
1231 
1232 typedef union GdbCmdVariant {
1233     const char *data;
1234     uint8_t opcode;
1235     unsigned long val_ul;
1236     unsigned long long val_ull;
1237     struct {
1238         GDBThreadIdKind kind;
1239         uint32_t pid;
1240         uint32_t tid;
1241     } thread_id;
1242 } GdbCmdVariant;
1243 
1244 #define get_param(p, i)    (&g_array_index(p, GdbCmdVariant, i))
1245 
1246 static const char *cmd_next_param(const char *param, const char delimiter)
1247 {
1248     static const char all_delimiters[] = ",;:=";
1249     char curr_delimiters[2] = {0};
1250     const char *delimiters;
1251 
1252     if (delimiter == '?') {
1253         delimiters = all_delimiters;
1254     } else if (delimiter == '0') {
1255         return strchr(param, '\0');
1256     } else if (delimiter == '.' && *param) {
1257         return param + 1;
1258     } else {
1259         curr_delimiters[0] = delimiter;
1260         delimiters = curr_delimiters;
1261     }
1262 
1263     param += strcspn(param, delimiters);
1264     if (*param) {
1265         param++;
1266     }
1267     return param;
1268 }
1269 
1270 static int cmd_parse_params(const char *data, const char *schema,
1271                             GArray *params)
1272 {
1273     const char *curr_schema, *curr_data;
1274 
1275     g_assert(schema);
1276     g_assert(params->len == 0);
1277 
1278     curr_schema = schema;
1279     curr_data = data;
1280     while (curr_schema[0] && curr_schema[1] && *curr_data) {
1281         GdbCmdVariant this_param;
1282 
1283         switch (curr_schema[0]) {
1284         case 'l':
1285             if (qemu_strtoul(curr_data, &curr_data, 16,
1286                              &this_param.val_ul)) {
1287                 return -EINVAL;
1288             }
1289             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1290             g_array_append_val(params, this_param);
1291             break;
1292         case 'L':
1293             if (qemu_strtou64(curr_data, &curr_data, 16,
1294                               (uint64_t *)&this_param.val_ull)) {
1295                 return -EINVAL;
1296             }
1297             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1298             g_array_append_val(params, this_param);
1299             break;
1300         case 's':
1301             this_param.data = curr_data;
1302             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1303             g_array_append_val(params, this_param);
1304             break;
1305         case 'o':
1306             this_param.opcode = *(uint8_t *)curr_data;
1307             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1308             g_array_append_val(params, this_param);
1309             break;
1310         case 't':
1311             this_param.thread_id.kind =
1312                 read_thread_id(curr_data, &curr_data,
1313                                &this_param.thread_id.pid,
1314                                &this_param.thread_id.tid);
1315             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1316             g_array_append_val(params, this_param);
1317             break;
1318         case '?':
1319             curr_data = cmd_next_param(curr_data, curr_schema[1]);
1320             break;
1321         default:
1322             return -EINVAL;
1323         }
1324         curr_schema += 2;
1325     }
1326 
1327     return 0;
1328 }
1329 
1330 typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
1331 
1332 /*
1333  * cmd_startswith -> cmd is compared using startswith
1334  *
1335  *
1336  * schema definitions:
1337  * Each schema parameter entry consists of 2 chars,
1338  * the first char represents the parameter type handling
1339  * the second char represents the delimiter for the next parameter
1340  *
1341  * Currently supported schema types:
1342  * 'l' -> unsigned long (stored in .val_ul)
1343  * 'L' -> unsigned long long (stored in .val_ull)
1344  * 's' -> string (stored in .data)
1345  * 'o' -> single char (stored in .opcode)
1346  * 't' -> thread id (stored in .thread_id)
1347  * '?' -> skip according to delimiter
1348  *
1349  * Currently supported delimiters:
1350  * '?' -> Stop at any delimiter (",;:=\0")
1351  * '0' -> Stop at "\0"
1352  * '.' -> Skip 1 char unless reached "\0"
1353  * Any other value is treated as the delimiter value itself
1354  */
1355 typedef struct GdbCmdParseEntry {
1356     GdbCmdHandler handler;
1357     const char *cmd;
1358     bool cmd_startswith;
1359     const char *schema;
1360 } GdbCmdParseEntry;
1361 
1362 static inline int startswith(const char *string, const char *pattern)
1363 {
1364   return !strncmp(string, pattern, strlen(pattern));
1365 }
1366 
1367 static int process_string_cmd(void *user_ctx, const char *data,
1368                               const GdbCmdParseEntry *cmds, int num_cmds)
1369 {
1370     int i;
1371     g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
1372 
1373     if (!cmds) {
1374         return -1;
1375     }
1376 
1377     for (i = 0; i < num_cmds; i++) {
1378         const GdbCmdParseEntry *cmd = &cmds[i];
1379         g_assert(cmd->handler && cmd->cmd);
1380 
1381         if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1382             (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1383             continue;
1384         }
1385 
1386         if (cmd->schema) {
1387             if (cmd_parse_params(&data[strlen(cmd->cmd)],
1388                                  cmd->schema, params)) {
1389                 return -1;
1390             }
1391         }
1392 
1393         cmd->handler(params, user_ctx);
1394         return 0;
1395     }
1396 
1397     return -1;
1398 }
1399 
1400 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
1401 {
1402     if (!data) {
1403         return;
1404     }
1405 
1406     g_string_set_size(gdbserver_state.str_buf, 0);
1407     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1408 
1409     /* In case there was an error during the command parsing we must
1410     * send a NULL packet to indicate the command is not supported */
1411     if (process_string_cmd(NULL, data, cmd, 1)) {
1412         put_packet("");
1413     }
1414 }
1415 
1416 static void handle_detach(GArray *params, void *user_ctx)
1417 {
1418     GDBProcess *process;
1419     uint32_t pid = 1;
1420 
1421     if (gdbserver_state.multiprocess) {
1422         if (!params->len) {
1423             put_packet("E22");
1424             return;
1425         }
1426 
1427         pid = get_param(params, 0)->val_ul;
1428     }
1429 
1430     process = gdb_get_process(pid);
1431     gdb_process_breakpoint_remove_all(process);
1432     process->attached = false;
1433 
1434     if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1435         gdbserver_state.c_cpu = gdb_first_attached_cpu();
1436     }
1437 
1438     if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1439         gdbserver_state.g_cpu = gdb_first_attached_cpu();
1440     }
1441 
1442     if (!gdbserver_state.c_cpu) {
1443         /* No more process attached */
1444         gdb_syscall_mode = GDB_SYS_DISABLED;
1445         gdb_continue();
1446     }
1447     put_packet("OK");
1448 }
1449 
1450 static void handle_thread_alive(GArray *params, void *user_ctx)
1451 {
1452     CPUState *cpu;
1453 
1454     if (!params->len) {
1455         put_packet("E22");
1456         return;
1457     }
1458 
1459     if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1460         put_packet("E22");
1461         return;
1462     }
1463 
1464     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1465                       get_param(params, 0)->thread_id.tid);
1466     if (!cpu) {
1467         put_packet("E22");
1468         return;
1469     }
1470 
1471     put_packet("OK");
1472 }
1473 
1474 static void handle_continue(GArray *params, void *user_ctx)
1475 {
1476     if (params->len) {
1477         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1478     }
1479 
1480     gdbserver_state.signal = 0;
1481     gdb_continue();
1482 }
1483 
1484 static void handle_cont_with_sig(GArray *params, void *user_ctx)
1485 {
1486     unsigned long signal = 0;
1487 
1488     /*
1489      * Note: C sig;[addr] is currently unsupported and we simply
1490      *       omit the addr parameter
1491      */
1492     if (params->len) {
1493         signal = get_param(params, 0)->val_ul;
1494     }
1495 
1496     gdbserver_state.signal = gdb_signal_to_target(signal);
1497     if (gdbserver_state.signal == -1) {
1498         gdbserver_state.signal = 0;
1499     }
1500     gdb_continue();
1501 }
1502 
1503 static void handle_set_thread(GArray *params, void *user_ctx)
1504 {
1505     CPUState *cpu;
1506 
1507     if (params->len != 2) {
1508         put_packet("E22");
1509         return;
1510     }
1511 
1512     if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1513         put_packet("E22");
1514         return;
1515     }
1516 
1517     if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1518         put_packet("OK");
1519         return;
1520     }
1521 
1522     cpu = gdb_get_cpu(get_param(params, 1)->thread_id.pid,
1523                       get_param(params, 1)->thread_id.tid);
1524     if (!cpu) {
1525         put_packet("E22");
1526         return;
1527     }
1528 
1529     /*
1530      * Note: This command is deprecated and modern gdb's will be using the
1531      *       vCont command instead.
1532      */
1533     switch (get_param(params, 0)->opcode) {
1534     case 'c':
1535         gdbserver_state.c_cpu = cpu;
1536         put_packet("OK");
1537         break;
1538     case 'g':
1539         gdbserver_state.g_cpu = cpu;
1540         put_packet("OK");
1541         break;
1542     default:
1543         put_packet("E22");
1544         break;
1545     }
1546 }
1547 
1548 static void handle_insert_bp(GArray *params, void *user_ctx)
1549 {
1550     int res;
1551 
1552     if (params->len != 3) {
1553         put_packet("E22");
1554         return;
1555     }
1556 
1557     res = gdb_breakpoint_insert(gdbserver_state.c_cpu,
1558                                 get_param(params, 0)->val_ul,
1559                                 get_param(params, 1)->val_ull,
1560                                 get_param(params, 2)->val_ull);
1561     if (res >= 0) {
1562         put_packet("OK");
1563         return;
1564     } else if (res == -ENOSYS) {
1565         put_packet("");
1566         return;
1567     }
1568 
1569     put_packet("E22");
1570 }
1571 
1572 static void handle_remove_bp(GArray *params, void *user_ctx)
1573 {
1574     int res;
1575 
1576     if (params->len != 3) {
1577         put_packet("E22");
1578         return;
1579     }
1580 
1581     res = gdb_breakpoint_remove(gdbserver_state.c_cpu,
1582                                 get_param(params, 0)->val_ul,
1583                                 get_param(params, 1)->val_ull,
1584                                 get_param(params, 2)->val_ull);
1585     if (res >= 0) {
1586         put_packet("OK");
1587         return;
1588     } else if (res == -ENOSYS) {
1589         put_packet("");
1590         return;
1591     }
1592 
1593     put_packet("E22");
1594 }
1595 
1596 /*
1597  * handle_set/get_reg
1598  *
1599  * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1600  * This works, but can be very slow. Anything new enough to understand
1601  * XML also knows how to use this properly. However to use this we
1602  * need to define a local XML file as well as be talking to a
1603  * reasonably modern gdb. Responding with an empty packet will cause
1604  * the remote gdb to fallback to older methods.
1605  */
1606 
1607 static void handle_set_reg(GArray *params, void *user_ctx)
1608 {
1609     int reg_size;
1610 
1611     if (!gdb_has_xml) {
1612         put_packet("");
1613         return;
1614     }
1615 
1616     if (params->len != 2) {
1617         put_packet("E22");
1618         return;
1619     }
1620 
1621     reg_size = strlen(get_param(params, 1)->data) / 2;
1622     hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1623     gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1624                        get_param(params, 0)->val_ull);
1625     put_packet("OK");
1626 }
1627 
1628 static void handle_get_reg(GArray *params, void *user_ctx)
1629 {
1630     int reg_size;
1631 
1632     if (!gdb_has_xml) {
1633         put_packet("");
1634         return;
1635     }
1636 
1637     if (!params->len) {
1638         put_packet("E14");
1639         return;
1640     }
1641 
1642     reg_size = gdb_read_register(gdbserver_state.g_cpu,
1643                                  gdbserver_state.mem_buf,
1644                                  get_param(params, 0)->val_ull);
1645     if (!reg_size) {
1646         put_packet("E14");
1647         return;
1648     } else {
1649         g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1650     }
1651 
1652     memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, reg_size);
1653     put_strbuf();
1654 }
1655 
1656 static void handle_write_mem(GArray *params, void *user_ctx)
1657 {
1658     if (params->len != 3) {
1659         put_packet("E22");
1660         return;
1661     }
1662 
1663     /* hextomem() reads 2*len bytes */
1664     if (get_param(params, 1)->val_ull >
1665         strlen(get_param(params, 2)->data) / 2) {
1666         put_packet("E22");
1667         return;
1668     }
1669 
1670     hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1671              get_param(params, 1)->val_ull);
1672     if (target_memory_rw_debug(gdbserver_state.g_cpu,
1673                                get_param(params, 0)->val_ull,
1674                                gdbserver_state.mem_buf->data,
1675                                gdbserver_state.mem_buf->len, true)) {
1676         put_packet("E14");
1677         return;
1678     }
1679 
1680     put_packet("OK");
1681 }
1682 
1683 static void handle_read_mem(GArray *params, void *user_ctx)
1684 {
1685     if (params->len != 2) {
1686         put_packet("E22");
1687         return;
1688     }
1689 
1690     /* memtohex() doubles the required space */
1691     if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1692         put_packet("E22");
1693         return;
1694     }
1695 
1696     g_byte_array_set_size(gdbserver_state.mem_buf,
1697                           get_param(params, 1)->val_ull);
1698 
1699     if (target_memory_rw_debug(gdbserver_state.g_cpu,
1700                                get_param(params, 0)->val_ull,
1701                                gdbserver_state.mem_buf->data,
1702                                gdbserver_state.mem_buf->len, false)) {
1703         put_packet("E14");
1704         return;
1705     }
1706 
1707     memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1708              gdbserver_state.mem_buf->len);
1709     put_strbuf();
1710 }
1711 
1712 static void handle_write_all_regs(GArray *params, void *user_ctx)
1713 {
1714     target_ulong addr, len;
1715     uint8_t *registers;
1716     int reg_size;
1717 
1718     if (!params->len) {
1719         return;
1720     }
1721 
1722     cpu_synchronize_state(gdbserver_state.g_cpu);
1723     len = strlen(get_param(params, 0)->data) / 2;
1724     hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1725     registers = gdbserver_state.mem_buf->data;
1726     for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1727          addr++) {
1728         reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, addr);
1729         len -= reg_size;
1730         registers += reg_size;
1731     }
1732     put_packet("OK");
1733 }
1734 
1735 static void handle_read_all_regs(GArray *params, void *user_ctx)
1736 {
1737     target_ulong addr, len;
1738 
1739     cpu_synchronize_state(gdbserver_state.g_cpu);
1740     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1741     len = 0;
1742     for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs; addr++) {
1743         len += gdb_read_register(gdbserver_state.g_cpu,
1744                                  gdbserver_state.mem_buf,
1745                                  addr);
1746     }
1747     g_assert(len == gdbserver_state.mem_buf->len);
1748 
1749     memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1750     put_strbuf();
1751 }
1752 
1753 static void handle_file_io(GArray *params, void *user_ctx)
1754 {
1755     if (params->len >= 1 && gdbserver_state.current_syscall_cb) {
1756         uint64_t ret;
1757         int err;
1758 
1759         ret = get_param(params, 0)->val_ull;
1760         if (params->len >= 2) {
1761             err = get_param(params, 1)->val_ull;
1762         } else {
1763             err = 0;
1764         }
1765 
1766         /* Convert GDB error numbers back to host error numbers. */
1767 #define E(X)  case GDB_E##X: err = E##X; break
1768         switch (err) {
1769         case 0:
1770             break;
1771         E(PERM);
1772         E(NOENT);
1773         E(INTR);
1774         E(BADF);
1775         E(ACCES);
1776         E(FAULT);
1777         E(BUSY);
1778         E(EXIST);
1779         E(NODEV);
1780         E(NOTDIR);
1781         E(ISDIR);
1782         E(INVAL);
1783         E(NFILE);
1784         E(MFILE);
1785         E(FBIG);
1786         E(NOSPC);
1787         E(SPIPE);
1788         E(ROFS);
1789         E(NAMETOOLONG);
1790         default:
1791             err = EINVAL;
1792             break;
1793         }
1794 #undef E
1795 
1796         gdbserver_state.current_syscall_cb(gdbserver_state.c_cpu, ret, err);
1797         gdbserver_state.current_syscall_cb = NULL;
1798     }
1799 
1800     if (params->len >= 3 && get_param(params, 2)->opcode == (uint8_t)'C') {
1801         put_packet("T02");
1802         return;
1803     }
1804 
1805     gdb_continue();
1806 }
1807 
1808 static void handle_step(GArray *params, void *user_ctx)
1809 {
1810     if (params->len) {
1811         gdb_set_cpu_pc((target_ulong)get_param(params, 0)->val_ull);
1812     }
1813 
1814     cpu_single_step(gdbserver_state.c_cpu, gdbserver_state.sstep_flags);
1815     gdb_continue();
1816 }
1817 
1818 static void handle_backward(GArray *params, void *user_ctx)
1819 {
1820     if (!stub_can_reverse()) {
1821         put_packet("E22");
1822     }
1823     if (params->len == 1) {
1824         switch (get_param(params, 0)->opcode) {
1825         case 's':
1826             if (replay_reverse_step()) {
1827                 gdb_continue();
1828             } else {
1829                 put_packet("E14");
1830             }
1831             return;
1832         case 'c':
1833             if (replay_reverse_continue()) {
1834                 gdb_continue();
1835             } else {
1836                 put_packet("E14");
1837             }
1838             return;
1839         }
1840     }
1841 
1842     /* Default invalid command */
1843     put_packet("");
1844 }
1845 
1846 static void handle_v_cont_query(GArray *params, void *user_ctx)
1847 {
1848     put_packet("vCont;c;C;s;S");
1849 }
1850 
1851 static void handle_v_cont(GArray *params, void *user_ctx)
1852 {
1853     int res;
1854 
1855     if (!params->len) {
1856         return;
1857     }
1858 
1859     res = gdb_handle_vcont(get_param(params, 0)->data);
1860     if ((res == -EINVAL) || (res == -ERANGE)) {
1861         put_packet("E22");
1862     } else if (res) {
1863         put_packet("");
1864     }
1865 }
1866 
1867 static void handle_v_attach(GArray *params, void *user_ctx)
1868 {
1869     GDBProcess *process;
1870     CPUState *cpu;
1871 
1872     g_string_assign(gdbserver_state.str_buf, "E22");
1873     if (!params->len) {
1874         goto cleanup;
1875     }
1876 
1877     process = gdb_get_process(get_param(params, 0)->val_ul);
1878     if (!process) {
1879         goto cleanup;
1880     }
1881 
1882     cpu = get_first_cpu_in_process(process);
1883     if (!cpu) {
1884         goto cleanup;
1885     }
1886 
1887     process->attached = true;
1888     gdbserver_state.g_cpu = cpu;
1889     gdbserver_state.c_cpu = cpu;
1890 
1891     g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1892     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1893     g_string_append_c(gdbserver_state.str_buf, ';');
1894 cleanup:
1895     put_strbuf();
1896 }
1897 
1898 static void handle_v_kill(GArray *params, void *user_ctx)
1899 {
1900     /* Kill the target */
1901     put_packet("OK");
1902     error_report("QEMU: Terminated via GDBstub");
1903     gdb_exit(0);
1904     exit(0);
1905 }
1906 
1907 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1908     /* Order is important if has same prefix */
1909     {
1910         .handler = handle_v_cont_query,
1911         .cmd = "Cont?",
1912         .cmd_startswith = 1
1913     },
1914     {
1915         .handler = handle_v_cont,
1916         .cmd = "Cont",
1917         .cmd_startswith = 1,
1918         .schema = "s0"
1919     },
1920     {
1921         .handler = handle_v_attach,
1922         .cmd = "Attach;",
1923         .cmd_startswith = 1,
1924         .schema = "l0"
1925     },
1926     {
1927         .handler = handle_v_kill,
1928         .cmd = "Kill;",
1929         .cmd_startswith = 1
1930     },
1931 };
1932 
1933 static void handle_v_commands(GArray *params, void *user_ctx)
1934 {
1935     if (!params->len) {
1936         return;
1937     }
1938 
1939     if (process_string_cmd(NULL, get_param(params, 0)->data,
1940                            gdb_v_commands_table,
1941                            ARRAY_SIZE(gdb_v_commands_table))) {
1942         put_packet("");
1943     }
1944 }
1945 
1946 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
1947 {
1948     g_string_printf(gdbserver_state.str_buf, "ENABLE=%x", SSTEP_ENABLE);
1949 
1950     if (gdbserver_state.supported_sstep_flags & SSTEP_NOIRQ) {
1951         g_string_append_printf(gdbserver_state.str_buf, ",NOIRQ=%x",
1952                                SSTEP_NOIRQ);
1953     }
1954 
1955     if (gdbserver_state.supported_sstep_flags & SSTEP_NOTIMER) {
1956         g_string_append_printf(gdbserver_state.str_buf, ",NOTIMER=%x",
1957                                SSTEP_NOTIMER);
1958     }
1959 
1960     put_strbuf();
1961 }
1962 
1963 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
1964 {
1965     int new_sstep_flags;
1966 
1967     if (!params->len) {
1968         return;
1969     }
1970 
1971     new_sstep_flags = get_param(params, 0)->val_ul;
1972 
1973     if (new_sstep_flags  & ~gdbserver_state.supported_sstep_flags) {
1974         put_packet("E22");
1975         return;
1976     }
1977 
1978     gdbserver_state.sstep_flags = new_sstep_flags;
1979     put_packet("OK");
1980 }
1981 
1982 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
1983 {
1984     g_string_printf(gdbserver_state.str_buf, "0x%x",
1985                     gdbserver_state.sstep_flags);
1986     put_strbuf();
1987 }
1988 
1989 static void handle_query_curr_tid(GArray *params, void *user_ctx)
1990 {
1991     CPUState *cpu;
1992     GDBProcess *process;
1993 
1994     /*
1995      * "Current thread" remains vague in the spec, so always return
1996      * the first thread of the current process (gdb returns the
1997      * first thread).
1998      */
1999     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2000     cpu = get_first_cpu_in_process(process);
2001     g_string_assign(gdbserver_state.str_buf, "QC");
2002     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
2003     put_strbuf();
2004 }
2005 
2006 static void handle_query_threads(GArray *params, void *user_ctx)
2007 {
2008     if (!gdbserver_state.query_cpu) {
2009         put_packet("l");
2010         return;
2011     }
2012 
2013     g_string_assign(gdbserver_state.str_buf, "m");
2014     gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
2015     put_strbuf();
2016     gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
2017 }
2018 
2019 static void handle_query_first_threads(GArray *params, void *user_ctx)
2020 {
2021     gdbserver_state.query_cpu = gdb_first_attached_cpu();
2022     handle_query_threads(params, user_ctx);
2023 }
2024 
2025 static void handle_query_thread_extra(GArray *params, void *user_ctx)
2026 {
2027     g_autoptr(GString) rs = g_string_new(NULL);
2028     CPUState *cpu;
2029 
2030     if (!params->len ||
2031         get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
2032         put_packet("E22");
2033         return;
2034     }
2035 
2036     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
2037                       get_param(params, 0)->thread_id.tid);
2038     if (!cpu) {
2039         return;
2040     }
2041 
2042     cpu_synchronize_state(cpu);
2043 
2044     if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
2045         /* Print the CPU model and name in multiprocess mode */
2046         ObjectClass *oc = object_get_class(OBJECT(cpu));
2047         const char *cpu_model = object_class_get_name(oc);
2048         const char *cpu_name =
2049             object_get_canonical_path_component(OBJECT(cpu));
2050         g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
2051                         cpu->halted ? "halted " : "running");
2052     } else {
2053         g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
2054                         cpu->halted ? "halted " : "running");
2055     }
2056     trace_gdbstub_op_extra_info(rs->str);
2057     memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
2058     put_strbuf();
2059 }
2060 
2061 #ifdef CONFIG_USER_ONLY
2062 static void handle_query_offsets(GArray *params, void *user_ctx)
2063 {
2064     TaskState *ts;
2065 
2066     ts = gdbserver_state.c_cpu->opaque;
2067     g_string_printf(gdbserver_state.str_buf,
2068                     "Text=" TARGET_ABI_FMT_lx
2069                     ";Data=" TARGET_ABI_FMT_lx
2070                     ";Bss=" TARGET_ABI_FMT_lx,
2071                     ts->info->code_offset,
2072                     ts->info->data_offset,
2073                     ts->info->data_offset);
2074     put_strbuf();
2075 }
2076 #else
2077 static void handle_query_rcmd(GArray *params, void *user_ctx)
2078 {
2079     const guint8 zero = 0;
2080     int len;
2081 
2082     if (!params->len) {
2083         put_packet("E22");
2084         return;
2085     }
2086 
2087     len = strlen(get_param(params, 0)->data);
2088     if (len % 2) {
2089         put_packet("E01");
2090         return;
2091     }
2092 
2093     g_assert(gdbserver_state.mem_buf->len == 0);
2094     len = len / 2;
2095     hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
2096     g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
2097     qemu_chr_be_write(gdbserver_state.mon_chr, gdbserver_state.mem_buf->data,
2098                       gdbserver_state.mem_buf->len);
2099     put_packet("OK");
2100 }
2101 #endif
2102 
2103 static void handle_query_supported(GArray *params, void *user_ctx)
2104 {
2105     CPUClass *cc;
2106 
2107     g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
2108     cc = CPU_GET_CLASS(first_cpu);
2109     if (cc->gdb_core_xml_file) {
2110         g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
2111     }
2112 
2113     if (stub_can_reverse()) {
2114         g_string_append(gdbserver_state.str_buf,
2115             ";ReverseStep+;ReverseContinue+");
2116     }
2117 
2118 #ifdef CONFIG_USER_ONLY
2119     if (gdbserver_state.c_cpu->opaque) {
2120         g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
2121     }
2122 #endif
2123 
2124     if (params->len &&
2125         strstr(get_param(params, 0)->data, "multiprocess+")) {
2126         gdbserver_state.multiprocess = true;
2127     }
2128 
2129     g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
2130     put_strbuf();
2131 }
2132 
2133 static void handle_query_xfer_features(GArray *params, void *user_ctx)
2134 {
2135     GDBProcess *process;
2136     CPUClass *cc;
2137     unsigned long len, total_len, addr;
2138     const char *xml;
2139     const char *p;
2140 
2141     if (params->len < 3) {
2142         put_packet("E22");
2143         return;
2144     }
2145 
2146     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2147     cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
2148     if (!cc->gdb_core_xml_file) {
2149         put_packet("");
2150         return;
2151     }
2152 
2153     gdb_has_xml = true;
2154     p = get_param(params, 0)->data;
2155     xml = get_feature_xml(p, &p, process);
2156     if (!xml) {
2157         put_packet("E00");
2158         return;
2159     }
2160 
2161     addr = get_param(params, 1)->val_ul;
2162     len = get_param(params, 2)->val_ul;
2163     total_len = strlen(xml);
2164     if (addr > total_len) {
2165         put_packet("E00");
2166         return;
2167     }
2168 
2169     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2170         len = (MAX_PACKET_LENGTH - 5) / 2;
2171     }
2172 
2173     if (len < total_len - addr) {
2174         g_string_assign(gdbserver_state.str_buf, "m");
2175         memtox(gdbserver_state.str_buf, xml + addr, len);
2176     } else {
2177         g_string_assign(gdbserver_state.str_buf, "l");
2178         memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
2179     }
2180 
2181     put_packet_binary(gdbserver_state.str_buf->str,
2182                       gdbserver_state.str_buf->len, true);
2183 }
2184 
2185 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2186 static void handle_query_xfer_auxv(GArray *params, void *user_ctx)
2187 {
2188     TaskState *ts;
2189     unsigned long offset, len, saved_auxv, auxv_len;
2190 
2191     if (params->len < 2) {
2192         put_packet("E22");
2193         return;
2194     }
2195 
2196     offset = get_param(params, 0)->val_ul;
2197     len = get_param(params, 1)->val_ul;
2198     ts = gdbserver_state.c_cpu->opaque;
2199     saved_auxv = ts->info->saved_auxv;
2200     auxv_len = ts->info->auxv_len;
2201 
2202     if (offset >= auxv_len) {
2203         put_packet("E00");
2204         return;
2205     }
2206 
2207     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2208         len = (MAX_PACKET_LENGTH - 5) / 2;
2209     }
2210 
2211     if (len < auxv_len - offset) {
2212         g_string_assign(gdbserver_state.str_buf, "m");
2213     } else {
2214         g_string_assign(gdbserver_state.str_buf, "l");
2215         len = auxv_len - offset;
2216     }
2217 
2218     g_byte_array_set_size(gdbserver_state.mem_buf, len);
2219     if (target_memory_rw_debug(gdbserver_state.g_cpu, saved_auxv + offset,
2220                                gdbserver_state.mem_buf->data, len, false)) {
2221         put_packet("E14");
2222         return;
2223     }
2224 
2225     memtox(gdbserver_state.str_buf,
2226            (const char *)gdbserver_state.mem_buf->data, len);
2227     put_packet_binary(gdbserver_state.str_buf->str,
2228                       gdbserver_state.str_buf->len, true);
2229 }
2230 #endif
2231 
2232 static void handle_query_attached(GArray *params, void *user_ctx)
2233 {
2234     put_packet(GDB_ATTACHED);
2235 }
2236 
2237 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
2238 {
2239     g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
2240 #ifndef CONFIG_USER_ONLY
2241     g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
2242 #endif
2243     put_strbuf();
2244 }
2245 
2246 #ifndef CONFIG_USER_ONLY
2247 static void handle_query_qemu_phy_mem_mode(GArray *params,
2248                                            void *user_ctx)
2249 {
2250     g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
2251     put_strbuf();
2252 }
2253 
2254 static void handle_set_qemu_phy_mem_mode(GArray *params, void *user_ctx)
2255 {
2256     if (!params->len) {
2257         put_packet("E22");
2258         return;
2259     }
2260 
2261     if (!get_param(params, 0)->val_ul) {
2262         phy_memory_mode = 0;
2263     } else {
2264         phy_memory_mode = 1;
2265     }
2266     put_packet("OK");
2267 }
2268 #endif
2269 
2270 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2271     /* Order is important if has same prefix */
2272     {
2273         .handler = handle_query_qemu_sstepbits,
2274         .cmd = "qemu.sstepbits",
2275     },
2276     {
2277         .handler = handle_query_qemu_sstep,
2278         .cmd = "qemu.sstep",
2279     },
2280     {
2281         .handler = handle_set_qemu_sstep,
2282         .cmd = "qemu.sstep=",
2283         .cmd_startswith = 1,
2284         .schema = "l0"
2285     },
2286 };
2287 
2288 static const GdbCmdParseEntry gdb_gen_query_table[] = {
2289     {
2290         .handler = handle_query_curr_tid,
2291         .cmd = "C",
2292     },
2293     {
2294         .handler = handle_query_threads,
2295         .cmd = "sThreadInfo",
2296     },
2297     {
2298         .handler = handle_query_first_threads,
2299         .cmd = "fThreadInfo",
2300     },
2301     {
2302         .handler = handle_query_thread_extra,
2303         .cmd = "ThreadExtraInfo,",
2304         .cmd_startswith = 1,
2305         .schema = "t0"
2306     },
2307 #ifdef CONFIG_USER_ONLY
2308     {
2309         .handler = handle_query_offsets,
2310         .cmd = "Offsets",
2311     },
2312 #else
2313     {
2314         .handler = handle_query_rcmd,
2315         .cmd = "Rcmd,",
2316         .cmd_startswith = 1,
2317         .schema = "s0"
2318     },
2319 #endif
2320     {
2321         .handler = handle_query_supported,
2322         .cmd = "Supported:",
2323         .cmd_startswith = 1,
2324         .schema = "s0"
2325     },
2326     {
2327         .handler = handle_query_supported,
2328         .cmd = "Supported",
2329         .schema = "s0"
2330     },
2331     {
2332         .handler = handle_query_xfer_features,
2333         .cmd = "Xfer:features:read:",
2334         .cmd_startswith = 1,
2335         .schema = "s:l,l0"
2336     },
2337 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX_USER)
2338     {
2339         .handler = handle_query_xfer_auxv,
2340         .cmd = "Xfer:auxv:read::",
2341         .cmd_startswith = 1,
2342         .schema = "l,l0"
2343     },
2344 #endif
2345     {
2346         .handler = handle_query_attached,
2347         .cmd = "Attached:",
2348         .cmd_startswith = 1
2349     },
2350     {
2351         .handler = handle_query_attached,
2352         .cmd = "Attached",
2353     },
2354     {
2355         .handler = handle_query_qemu_supported,
2356         .cmd = "qemu.Supported",
2357     },
2358 #ifndef CONFIG_USER_ONLY
2359     {
2360         .handler = handle_query_qemu_phy_mem_mode,
2361         .cmd = "qemu.PhyMemMode",
2362     },
2363 #endif
2364 };
2365 
2366 static const GdbCmdParseEntry gdb_gen_set_table[] = {
2367     /* Order is important if has same prefix */
2368     {
2369         .handler = handle_set_qemu_sstep,
2370         .cmd = "qemu.sstep:",
2371         .cmd_startswith = 1,
2372         .schema = "l0"
2373     },
2374 #ifndef CONFIG_USER_ONLY
2375     {
2376         .handler = handle_set_qemu_phy_mem_mode,
2377         .cmd = "qemu.PhyMemMode:",
2378         .cmd_startswith = 1,
2379         .schema = "l0"
2380     },
2381 #endif
2382 };
2383 
2384 static void handle_gen_query(GArray *params, void *user_ctx)
2385 {
2386     if (!params->len) {
2387         return;
2388     }
2389 
2390     if (!process_string_cmd(NULL, get_param(params, 0)->data,
2391                             gdb_gen_query_set_common_table,
2392                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2393         return;
2394     }
2395 
2396     if (process_string_cmd(NULL, get_param(params, 0)->data,
2397                            gdb_gen_query_table,
2398                            ARRAY_SIZE(gdb_gen_query_table))) {
2399         put_packet("");
2400     }
2401 }
2402 
2403 static void handle_gen_set(GArray *params, void *user_ctx)
2404 {
2405     if (!params->len) {
2406         return;
2407     }
2408 
2409     if (!process_string_cmd(NULL, get_param(params, 0)->data,
2410                             gdb_gen_query_set_common_table,
2411                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2412         return;
2413     }
2414 
2415     if (process_string_cmd(NULL, get_param(params, 0)->data,
2416                            gdb_gen_set_table,
2417                            ARRAY_SIZE(gdb_gen_set_table))) {
2418         put_packet("");
2419     }
2420 }
2421 
2422 static void handle_target_halt(GArray *params, void *user_ctx)
2423 {
2424     g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2425     gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2426     g_string_append_c(gdbserver_state.str_buf, ';');
2427     put_strbuf();
2428     /*
2429      * Remove all the breakpoints when this query is issued,
2430      * because gdb is doing an initial connect and the state
2431      * should be cleaned up.
2432      */
2433     gdb_breakpoint_remove_all(gdbserver_state.c_cpu);
2434 }
2435 
2436 static int gdb_handle_packet(const char *line_buf)
2437 {
2438     const GdbCmdParseEntry *cmd_parser = NULL;
2439 
2440     trace_gdbstub_io_command(line_buf);
2441 
2442     switch (line_buf[0]) {
2443     case '!':
2444         put_packet("OK");
2445         break;
2446     case '?':
2447         {
2448             static const GdbCmdParseEntry target_halted_cmd_desc = {
2449                 .handler = handle_target_halt,
2450                 .cmd = "?",
2451                 .cmd_startswith = 1
2452             };
2453             cmd_parser = &target_halted_cmd_desc;
2454         }
2455         break;
2456     case 'c':
2457         {
2458             static const GdbCmdParseEntry continue_cmd_desc = {
2459                 .handler = handle_continue,
2460                 .cmd = "c",
2461                 .cmd_startswith = 1,
2462                 .schema = "L0"
2463             };
2464             cmd_parser = &continue_cmd_desc;
2465         }
2466         break;
2467     case 'C':
2468         {
2469             static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2470                 .handler = handle_cont_with_sig,
2471                 .cmd = "C",
2472                 .cmd_startswith = 1,
2473                 .schema = "l0"
2474             };
2475             cmd_parser = &cont_with_sig_cmd_desc;
2476         }
2477         break;
2478     case 'v':
2479         {
2480             static const GdbCmdParseEntry v_cmd_desc = {
2481                 .handler = handle_v_commands,
2482                 .cmd = "v",
2483                 .cmd_startswith = 1,
2484                 .schema = "s0"
2485             };
2486             cmd_parser = &v_cmd_desc;
2487         }
2488         break;
2489     case 'k':
2490         /* Kill the target */
2491         error_report("QEMU: Terminated via GDBstub");
2492         gdb_exit(0);
2493         exit(0);
2494     case 'D':
2495         {
2496             static const GdbCmdParseEntry detach_cmd_desc = {
2497                 .handler = handle_detach,
2498                 .cmd = "D",
2499                 .cmd_startswith = 1,
2500                 .schema = "?.l0"
2501             };
2502             cmd_parser = &detach_cmd_desc;
2503         }
2504         break;
2505     case 's':
2506         {
2507             static const GdbCmdParseEntry step_cmd_desc = {
2508                 .handler = handle_step,
2509                 .cmd = "s",
2510                 .cmd_startswith = 1,
2511                 .schema = "L0"
2512             };
2513             cmd_parser = &step_cmd_desc;
2514         }
2515         break;
2516     case 'b':
2517         {
2518             static const GdbCmdParseEntry backward_cmd_desc = {
2519                 .handler = handle_backward,
2520                 .cmd = "b",
2521                 .cmd_startswith = 1,
2522                 .schema = "o0"
2523             };
2524             cmd_parser = &backward_cmd_desc;
2525         }
2526         break;
2527     case 'F':
2528         {
2529             static const GdbCmdParseEntry file_io_cmd_desc = {
2530                 .handler = handle_file_io,
2531                 .cmd = "F",
2532                 .cmd_startswith = 1,
2533                 .schema = "L,L,o0"
2534             };
2535             cmd_parser = &file_io_cmd_desc;
2536         }
2537         break;
2538     case 'g':
2539         {
2540             static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2541                 .handler = handle_read_all_regs,
2542                 .cmd = "g",
2543                 .cmd_startswith = 1
2544             };
2545             cmd_parser = &read_all_regs_cmd_desc;
2546         }
2547         break;
2548     case 'G':
2549         {
2550             static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2551                 .handler = handle_write_all_regs,
2552                 .cmd = "G",
2553                 .cmd_startswith = 1,
2554                 .schema = "s0"
2555             };
2556             cmd_parser = &write_all_regs_cmd_desc;
2557         }
2558         break;
2559     case 'm':
2560         {
2561             static const GdbCmdParseEntry read_mem_cmd_desc = {
2562                 .handler = handle_read_mem,
2563                 .cmd = "m",
2564                 .cmd_startswith = 1,
2565                 .schema = "L,L0"
2566             };
2567             cmd_parser = &read_mem_cmd_desc;
2568         }
2569         break;
2570     case 'M':
2571         {
2572             static const GdbCmdParseEntry write_mem_cmd_desc = {
2573                 .handler = handle_write_mem,
2574                 .cmd = "M",
2575                 .cmd_startswith = 1,
2576                 .schema = "L,L:s0"
2577             };
2578             cmd_parser = &write_mem_cmd_desc;
2579         }
2580         break;
2581     case 'p':
2582         {
2583             static const GdbCmdParseEntry get_reg_cmd_desc = {
2584                 .handler = handle_get_reg,
2585                 .cmd = "p",
2586                 .cmd_startswith = 1,
2587                 .schema = "L0"
2588             };
2589             cmd_parser = &get_reg_cmd_desc;
2590         }
2591         break;
2592     case 'P':
2593         {
2594             static const GdbCmdParseEntry set_reg_cmd_desc = {
2595                 .handler = handle_set_reg,
2596                 .cmd = "P",
2597                 .cmd_startswith = 1,
2598                 .schema = "L?s0"
2599             };
2600             cmd_parser = &set_reg_cmd_desc;
2601         }
2602         break;
2603     case 'Z':
2604         {
2605             static const GdbCmdParseEntry insert_bp_cmd_desc = {
2606                 .handler = handle_insert_bp,
2607                 .cmd = "Z",
2608                 .cmd_startswith = 1,
2609                 .schema = "l?L?L0"
2610             };
2611             cmd_parser = &insert_bp_cmd_desc;
2612         }
2613         break;
2614     case 'z':
2615         {
2616             static const GdbCmdParseEntry remove_bp_cmd_desc = {
2617                 .handler = handle_remove_bp,
2618                 .cmd = "z",
2619                 .cmd_startswith = 1,
2620                 .schema = "l?L?L0"
2621             };
2622             cmd_parser = &remove_bp_cmd_desc;
2623         }
2624         break;
2625     case 'H':
2626         {
2627             static const GdbCmdParseEntry set_thread_cmd_desc = {
2628                 .handler = handle_set_thread,
2629                 .cmd = "H",
2630                 .cmd_startswith = 1,
2631                 .schema = "o.t0"
2632             };
2633             cmd_parser = &set_thread_cmd_desc;
2634         }
2635         break;
2636     case 'T':
2637         {
2638             static const GdbCmdParseEntry thread_alive_cmd_desc = {
2639                 .handler = handle_thread_alive,
2640                 .cmd = "T",
2641                 .cmd_startswith = 1,
2642                 .schema = "t0"
2643             };
2644             cmd_parser = &thread_alive_cmd_desc;
2645         }
2646         break;
2647     case 'q':
2648         {
2649             static const GdbCmdParseEntry gen_query_cmd_desc = {
2650                 .handler = handle_gen_query,
2651                 .cmd = "q",
2652                 .cmd_startswith = 1,
2653                 .schema = "s0"
2654             };
2655             cmd_parser = &gen_query_cmd_desc;
2656         }
2657         break;
2658     case 'Q':
2659         {
2660             static const GdbCmdParseEntry gen_set_cmd_desc = {
2661                 .handler = handle_gen_set,
2662                 .cmd = "Q",
2663                 .cmd_startswith = 1,
2664                 .schema = "s0"
2665             };
2666             cmd_parser = &gen_set_cmd_desc;
2667         }
2668         break;
2669     default:
2670         /* put empty packet */
2671         put_packet("");
2672         break;
2673     }
2674 
2675     if (cmd_parser) {
2676         run_cmd_parser(line_buf, cmd_parser);
2677     }
2678 
2679     return RS_IDLE;
2680 }
2681 
2682 void gdb_set_stop_cpu(CPUState *cpu)
2683 {
2684     GDBProcess *p = gdb_get_cpu_process(cpu);
2685 
2686     if (!p->attached) {
2687         /*
2688          * Having a stop CPU corresponding to a process that is not attached
2689          * confuses GDB. So we ignore the request.
2690          */
2691         return;
2692     }
2693 
2694     gdbserver_state.c_cpu = cpu;
2695     gdbserver_state.g_cpu = cpu;
2696 }
2697 
2698 #ifndef CONFIG_USER_ONLY
2699 static void gdb_vm_state_change(void *opaque, bool running, RunState state)
2700 {
2701     CPUState *cpu = gdbserver_state.c_cpu;
2702     g_autoptr(GString) buf = g_string_new(NULL);
2703     g_autoptr(GString) tid = g_string_new(NULL);
2704     const char *type;
2705     int ret;
2706 
2707     if (running || gdbserver_state.state == RS_INACTIVE) {
2708         return;
2709     }
2710     /* Is there a GDB syscall waiting to be sent?  */
2711     if (gdbserver_state.current_syscall_cb) {
2712         put_packet(gdbserver_state.syscall_buf);
2713         return;
2714     }
2715 
2716     if (cpu == NULL) {
2717         /* No process attached */
2718         return;
2719     }
2720 
2721     gdb_append_thread_id(cpu, tid);
2722 
2723     switch (state) {
2724     case RUN_STATE_DEBUG:
2725         if (cpu->watchpoint_hit) {
2726             switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2727             case BP_MEM_READ:
2728                 type = "r";
2729                 break;
2730             case BP_MEM_ACCESS:
2731                 type = "a";
2732                 break;
2733             default:
2734                 type = "";
2735                 break;
2736             }
2737             trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2738                     (target_ulong)cpu->watchpoint_hit->vaddr);
2739             g_string_printf(buf, "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2740                             GDB_SIGNAL_TRAP, tid->str, type,
2741                             (target_ulong)cpu->watchpoint_hit->vaddr);
2742             cpu->watchpoint_hit = NULL;
2743             goto send_packet;
2744         } else {
2745             trace_gdbstub_hit_break();
2746         }
2747         tb_flush(cpu);
2748         ret = GDB_SIGNAL_TRAP;
2749         break;
2750     case RUN_STATE_PAUSED:
2751         trace_gdbstub_hit_paused();
2752         ret = GDB_SIGNAL_INT;
2753         break;
2754     case RUN_STATE_SHUTDOWN:
2755         trace_gdbstub_hit_shutdown();
2756         ret = GDB_SIGNAL_QUIT;
2757         break;
2758     case RUN_STATE_IO_ERROR:
2759         trace_gdbstub_hit_io_error();
2760         ret = GDB_SIGNAL_IO;
2761         break;
2762     case RUN_STATE_WATCHDOG:
2763         trace_gdbstub_hit_watchdog();
2764         ret = GDB_SIGNAL_ALRM;
2765         break;
2766     case RUN_STATE_INTERNAL_ERROR:
2767         trace_gdbstub_hit_internal_error();
2768         ret = GDB_SIGNAL_ABRT;
2769         break;
2770     case RUN_STATE_SAVE_VM:
2771     case RUN_STATE_RESTORE_VM:
2772         return;
2773     case RUN_STATE_FINISH_MIGRATE:
2774         ret = GDB_SIGNAL_XCPU;
2775         break;
2776     default:
2777         trace_gdbstub_hit_unknown(state);
2778         ret = GDB_SIGNAL_UNKNOWN;
2779         break;
2780     }
2781     gdb_set_stop_cpu(cpu);
2782     g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
2783 
2784 send_packet:
2785     put_packet(buf->str);
2786 
2787     /* disable single step if it was enabled */
2788     cpu_single_step(cpu, 0);
2789 }
2790 #endif
2791 
2792 /* Send a gdb syscall request.
2793    This accepts limited printf-style format specifiers, specifically:
2794     %x  - target_ulong argument printed in hex.
2795     %lx - 64-bit argument printed in hex.
2796     %s  - string pointer (target_ulong) and length (int) pair.  */
2797 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2798 {
2799     char *p;
2800     char *p_end;
2801     target_ulong addr;
2802     uint64_t i64;
2803 
2804     if (!gdb_attached()) {
2805         return;
2806     }
2807 
2808     gdbserver_state.current_syscall_cb = cb;
2809 #ifndef CONFIG_USER_ONLY
2810     vm_stop(RUN_STATE_DEBUG);
2811 #endif
2812     p = &gdbserver_state.syscall_buf[0];
2813     p_end = &gdbserver_state.syscall_buf[sizeof(gdbserver_state.syscall_buf)];
2814     *(p++) = 'F';
2815     while (*fmt) {
2816         if (*fmt == '%') {
2817             fmt++;
2818             switch (*fmt++) {
2819             case 'x':
2820                 addr = va_arg(va, target_ulong);
2821                 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2822                 break;
2823             case 'l':
2824                 if (*(fmt++) != 'x')
2825                     goto bad_format;
2826                 i64 = va_arg(va, uint64_t);
2827                 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2828                 break;
2829             case 's':
2830                 addr = va_arg(va, target_ulong);
2831                 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2832                               addr, va_arg(va, int));
2833                 break;
2834             default:
2835             bad_format:
2836                 error_report("gdbstub: Bad syscall format string '%s'",
2837                              fmt - 1);
2838                 break;
2839             }
2840         } else {
2841             *(p++) = *(fmt++);
2842         }
2843     }
2844     *p = 0;
2845 #ifdef CONFIG_USER_ONLY
2846     put_packet(gdbserver_state.syscall_buf);
2847     /* Return control to gdb for it to process the syscall request.
2848      * Since the protocol requires that gdb hands control back to us
2849      * using a "here are the results" F packet, we don't need to check
2850      * gdb_handlesig's return value (which is the signal to deliver if
2851      * execution was resumed via a continue packet).
2852      */
2853     gdb_handlesig(gdbserver_state.c_cpu, 0);
2854 #else
2855     /* In this case wait to send the syscall packet until notification that
2856        the CPU has stopped.  This must be done because if the packet is sent
2857        now the reply from the syscall request could be received while the CPU
2858        is still in the running state, which can cause packets to be dropped
2859        and state transition 'T' packets to be sent while the syscall is still
2860        being processed.  */
2861     qemu_cpu_kick(gdbserver_state.c_cpu);
2862 #endif
2863 }
2864 
2865 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2866 {
2867     va_list va;
2868 
2869     va_start(va, fmt);
2870     gdb_do_syscallv(cb, fmt, va);
2871     va_end(va);
2872 }
2873 
2874 static void gdb_read_byte(uint8_t ch)
2875 {
2876     uint8_t reply;
2877 
2878 #ifndef CONFIG_USER_ONLY
2879     if (gdbserver_state.last_packet->len) {
2880         /* Waiting for a response to the last packet.  If we see the start
2881            of a new command then abandon the previous response.  */
2882         if (ch == '-') {
2883             trace_gdbstub_err_got_nack();
2884             put_buffer(gdbserver_state.last_packet->data,
2885                        gdbserver_state.last_packet->len);
2886         } else if (ch == '+') {
2887             trace_gdbstub_io_got_ack();
2888         } else {
2889             trace_gdbstub_io_got_unexpected(ch);
2890         }
2891 
2892         if (ch == '+' || ch == '$') {
2893             g_byte_array_set_size(gdbserver_state.last_packet, 0);
2894         }
2895         if (ch != '$')
2896             return;
2897     }
2898     if (runstate_is_running()) {
2899         /* when the CPU is running, we cannot do anything except stop
2900            it when receiving a char */
2901         vm_stop(RUN_STATE_PAUSED);
2902     } else
2903 #endif
2904     {
2905         switch(gdbserver_state.state) {
2906         case RS_IDLE:
2907             if (ch == '$') {
2908                 /* start of command packet */
2909                 gdbserver_state.line_buf_index = 0;
2910                 gdbserver_state.line_sum = 0;
2911                 gdbserver_state.state = RS_GETLINE;
2912             } else {
2913                 trace_gdbstub_err_garbage(ch);
2914             }
2915             break;
2916         case RS_GETLINE:
2917             if (ch == '}') {
2918                 /* start escape sequence */
2919                 gdbserver_state.state = RS_GETLINE_ESC;
2920                 gdbserver_state.line_sum += ch;
2921             } else if (ch == '*') {
2922                 /* start run length encoding sequence */
2923                 gdbserver_state.state = RS_GETLINE_RLE;
2924                 gdbserver_state.line_sum += ch;
2925             } else if (ch == '#') {
2926                 /* end of command, start of checksum*/
2927                 gdbserver_state.state = RS_CHKSUM1;
2928             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2929                 trace_gdbstub_err_overrun();
2930                 gdbserver_state.state = RS_IDLE;
2931             } else {
2932                 /* unescaped command character */
2933                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2934                 gdbserver_state.line_sum += ch;
2935             }
2936             break;
2937         case RS_GETLINE_ESC:
2938             if (ch == '#') {
2939                 /* unexpected end of command in escape sequence */
2940                 gdbserver_state.state = RS_CHKSUM1;
2941             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2942                 /* command buffer overrun */
2943                 trace_gdbstub_err_overrun();
2944                 gdbserver_state.state = RS_IDLE;
2945             } else {
2946                 /* parse escaped character and leave escape state */
2947                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2948                 gdbserver_state.line_sum += ch;
2949                 gdbserver_state.state = RS_GETLINE;
2950             }
2951             break;
2952         case RS_GETLINE_RLE:
2953             /*
2954              * Run-length encoding is explained in "Debugging with GDB /
2955              * Appendix E GDB Remote Serial Protocol / Overview".
2956              */
2957             if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2958                 /* invalid RLE count encoding */
2959                 trace_gdbstub_err_invalid_repeat(ch);
2960                 gdbserver_state.state = RS_GETLINE;
2961             } else {
2962                 /* decode repeat length */
2963                 int repeat = ch - ' ' + 3;
2964                 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2965                     /* that many repeats would overrun the command buffer */
2966                     trace_gdbstub_err_overrun();
2967                     gdbserver_state.state = RS_IDLE;
2968                 } else if (gdbserver_state.line_buf_index < 1) {
2969                     /* got a repeat but we have nothing to repeat */
2970                     trace_gdbstub_err_invalid_rle();
2971                     gdbserver_state.state = RS_GETLINE;
2972                 } else {
2973                     /* repeat the last character */
2974                     memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2975                            gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2976                     gdbserver_state.line_buf_index += repeat;
2977                     gdbserver_state.line_sum += ch;
2978                     gdbserver_state.state = RS_GETLINE;
2979                 }
2980             }
2981             break;
2982         case RS_CHKSUM1:
2983             /* get high hex digit of checksum */
2984             if (!isxdigit(ch)) {
2985                 trace_gdbstub_err_checksum_invalid(ch);
2986                 gdbserver_state.state = RS_GETLINE;
2987                 break;
2988             }
2989             gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2990             gdbserver_state.line_csum = fromhex(ch) << 4;
2991             gdbserver_state.state = RS_CHKSUM2;
2992             break;
2993         case RS_CHKSUM2:
2994             /* get low hex digit of checksum */
2995             if (!isxdigit(ch)) {
2996                 trace_gdbstub_err_checksum_invalid(ch);
2997                 gdbserver_state.state = RS_GETLINE;
2998                 break;
2999             }
3000             gdbserver_state.line_csum |= fromhex(ch);
3001 
3002             if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
3003                 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
3004                 /* send NAK reply */
3005                 reply = '-';
3006                 put_buffer(&reply, 1);
3007                 gdbserver_state.state = RS_IDLE;
3008             } else {
3009                 /* send ACK reply */
3010                 reply = '+';
3011                 put_buffer(&reply, 1);
3012                 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
3013             }
3014             break;
3015         default:
3016             abort();
3017         }
3018     }
3019 }
3020 
3021 /* Tell the remote gdb that the process has exited.  */
3022 void gdb_exit(int code)
3023 {
3024   char buf[4];
3025 
3026   if (!gdbserver_state.init) {
3027       return;
3028   }
3029 #ifdef CONFIG_USER_ONLY
3030   if (gdbserver_state.socket_path) {
3031       unlink(gdbserver_state.socket_path);
3032   }
3033   if (gdbserver_state.fd < 0) {
3034       return;
3035   }
3036 #endif
3037 
3038   trace_gdbstub_op_exiting((uint8_t)code);
3039 
3040   snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
3041   put_packet(buf);
3042 
3043 #ifndef CONFIG_USER_ONLY
3044   qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3045 #endif
3046 }
3047 
3048 /*
3049  * Create the process that will contain all the "orphan" CPUs (that are not
3050  * part of a CPU cluster). Note that if this process contains no CPUs, it won't
3051  * be attachable and thus will be invisible to the user.
3052  */
3053 static void create_default_process(GDBState *s)
3054 {
3055     GDBProcess *process;
3056     int max_pid = 0;
3057 
3058     if (gdbserver_state.process_num) {
3059         max_pid = s->processes[s->process_num - 1].pid;
3060     }
3061 
3062     s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3063     process = &s->processes[s->process_num - 1];
3064 
3065     /* We need an available PID slot for this process */
3066     assert(max_pid < UINT32_MAX);
3067 
3068     process->pid = max_pid + 1;
3069     process->attached = false;
3070     process->target_xml[0] = '\0';
3071 }
3072 
3073 #ifdef CONFIG_USER_ONLY
3074 int
3075 gdb_handlesig(CPUState *cpu, int sig)
3076 {
3077     char buf[256];
3078     int n;
3079 
3080     if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3081         return sig;
3082     }
3083 
3084     /* disable single step if it was enabled */
3085     cpu_single_step(cpu, 0);
3086     tb_flush(cpu);
3087 
3088     if (sig != 0) {
3089         gdb_set_stop_cpu(cpu);
3090         g_string_printf(gdbserver_state.str_buf,
3091                         "T%02xthread:", target_signal_to_gdb(sig));
3092         gdb_append_thread_id(cpu, gdbserver_state.str_buf);
3093         g_string_append_c(gdbserver_state.str_buf, ';');
3094         put_strbuf();
3095     }
3096     /* put_packet() might have detected that the peer terminated the
3097        connection.  */
3098     if (gdbserver_state.fd < 0) {
3099         return sig;
3100     }
3101 
3102     sig = 0;
3103     gdbserver_state.state = RS_IDLE;
3104     gdbserver_state.running_state = 0;
3105     while (gdbserver_state.running_state == 0) {
3106         n = read(gdbserver_state.fd, buf, 256);
3107         if (n > 0) {
3108             int i;
3109 
3110             for (i = 0; i < n; i++) {
3111                 gdb_read_byte(buf[i]);
3112             }
3113         } else {
3114             /* XXX: Connection closed.  Should probably wait for another
3115                connection before continuing.  */
3116             if (n == 0) {
3117                 close(gdbserver_state.fd);
3118             }
3119             gdbserver_state.fd = -1;
3120             return sig;
3121         }
3122     }
3123     sig = gdbserver_state.signal;
3124     gdbserver_state.signal = 0;
3125     return sig;
3126 }
3127 
3128 /* Tell the remote gdb that the process has exited due to SIG.  */
3129 void gdb_signalled(CPUArchState *env, int sig)
3130 {
3131     char buf[4];
3132 
3133     if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3134         return;
3135     }
3136 
3137     snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3138     put_packet(buf);
3139 }
3140 
3141 static void gdb_accept_init(int fd)
3142 {
3143     init_gdbserver_state();
3144     create_default_process(&gdbserver_state);
3145     gdbserver_state.processes[0].attached = true;
3146     gdbserver_state.c_cpu = gdb_first_attached_cpu();
3147     gdbserver_state.g_cpu = gdbserver_state.c_cpu;
3148     gdbserver_state.fd = fd;
3149     gdb_has_xml = false;
3150 }
3151 
3152 static bool gdb_accept_socket(int gdb_fd)
3153 {
3154     int fd;
3155 
3156     for(;;) {
3157         fd = accept(gdb_fd, NULL, NULL);
3158         if (fd < 0 && errno != EINTR) {
3159             perror("accept socket");
3160             return false;
3161         } else if (fd >= 0) {
3162             qemu_set_cloexec(fd);
3163             break;
3164         }
3165     }
3166 
3167     gdb_accept_init(fd);
3168     return true;
3169 }
3170 
3171 static int gdbserver_open_socket(const char *path)
3172 {
3173     struct sockaddr_un sockaddr = {};
3174     int fd, ret;
3175 
3176     fd = socket(AF_UNIX, SOCK_STREAM, 0);
3177     if (fd < 0) {
3178         perror("create socket");
3179         return -1;
3180     }
3181 
3182     sockaddr.sun_family = AF_UNIX;
3183     pstrcpy(sockaddr.sun_path, sizeof(sockaddr.sun_path) - 1, path);
3184     ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3185     if (ret < 0) {
3186         perror("bind socket");
3187         close(fd);
3188         return -1;
3189     }
3190     ret = listen(fd, 1);
3191     if (ret < 0) {
3192         perror("listen socket");
3193         close(fd);
3194         return -1;
3195     }
3196 
3197     return fd;
3198 }
3199 
3200 static bool gdb_accept_tcp(int gdb_fd)
3201 {
3202     struct sockaddr_in sockaddr = {};
3203     socklen_t len;
3204     int fd;
3205 
3206     for(;;) {
3207         len = sizeof(sockaddr);
3208         fd = accept(gdb_fd, (struct sockaddr *)&sockaddr, &len);
3209         if (fd < 0 && errno != EINTR) {
3210             perror("accept");
3211             return false;
3212         } else if (fd >= 0) {
3213             qemu_set_cloexec(fd);
3214             break;
3215         }
3216     }
3217 
3218     /* set short latency */
3219     if (socket_set_nodelay(fd)) {
3220         perror("setsockopt");
3221         close(fd);
3222         return false;
3223     }
3224 
3225     gdb_accept_init(fd);
3226     return true;
3227 }
3228 
3229 static int gdbserver_open_port(int port)
3230 {
3231     struct sockaddr_in sockaddr;
3232     int fd, ret;
3233 
3234     fd = socket(PF_INET, SOCK_STREAM, 0);
3235     if (fd < 0) {
3236         perror("socket");
3237         return -1;
3238     }
3239     qemu_set_cloexec(fd);
3240 
3241     socket_set_fast_reuse(fd);
3242 
3243     sockaddr.sin_family = AF_INET;
3244     sockaddr.sin_port = htons(port);
3245     sockaddr.sin_addr.s_addr = 0;
3246     ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3247     if (ret < 0) {
3248         perror("bind");
3249         close(fd);
3250         return -1;
3251     }
3252     ret = listen(fd, 1);
3253     if (ret < 0) {
3254         perror("listen");
3255         close(fd);
3256         return -1;
3257     }
3258 
3259     return fd;
3260 }
3261 
3262 int gdbserver_start(const char *port_or_path)
3263 {
3264     int port = g_ascii_strtoull(port_or_path, NULL, 10);
3265     int gdb_fd;
3266 
3267     if (port > 0) {
3268         gdb_fd = gdbserver_open_port(port);
3269     } else {
3270         gdb_fd = gdbserver_open_socket(port_or_path);
3271     }
3272 
3273     if (gdb_fd < 0) {
3274         return -1;
3275     }
3276 
3277     if (port > 0 && gdb_accept_tcp(gdb_fd)) {
3278         return 0;
3279     } else if (gdb_accept_socket(gdb_fd)) {
3280         gdbserver_state.socket_path = g_strdup(port_or_path);
3281         return 0;
3282     }
3283 
3284     /* gone wrong */
3285     close(gdb_fd);
3286     return -1;
3287 }
3288 
3289 /* Disable gdb stub for child processes.  */
3290 void gdbserver_fork(CPUState *cpu)
3291 {
3292     if (!gdbserver_state.init || gdbserver_state.fd < 0) {
3293         return;
3294     }
3295     close(gdbserver_state.fd);
3296     gdbserver_state.fd = -1;
3297     cpu_breakpoint_remove_all(cpu, BP_GDB);
3298     cpu_watchpoint_remove_all(cpu, BP_GDB);
3299 }
3300 #else
3301 static int gdb_chr_can_receive(void *opaque)
3302 {
3303   /* We can handle an arbitrarily large amount of data.
3304    Pick the maximum packet size, which is as good as anything.  */
3305   return MAX_PACKET_LENGTH;
3306 }
3307 
3308 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3309 {
3310     int i;
3311 
3312     for (i = 0; i < size; i++) {
3313         gdb_read_byte(buf[i]);
3314     }
3315 }
3316 
3317 static void gdb_chr_event(void *opaque, QEMUChrEvent event)
3318 {
3319     int i;
3320     GDBState *s = (GDBState *) opaque;
3321 
3322     switch (event) {
3323     case CHR_EVENT_OPENED:
3324         /* Start with first process attached, others detached */
3325         for (i = 0; i < s->process_num; i++) {
3326             s->processes[i].attached = !i;
3327         }
3328 
3329         s->c_cpu = gdb_first_attached_cpu();
3330         s->g_cpu = s->c_cpu;
3331 
3332         vm_stop(RUN_STATE_PAUSED);
3333         replay_gdb_attached();
3334         gdb_has_xml = false;
3335         break;
3336     default:
3337         break;
3338     }
3339 }
3340 
3341 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3342 {
3343     g_autoptr(GString) hex_buf = g_string_new("O");
3344     memtohex(hex_buf, buf, len);
3345     put_packet(hex_buf->str);
3346     return len;
3347 }
3348 
3349 #ifndef _WIN32
3350 static void gdb_sigterm_handler(int signal)
3351 {
3352     if (runstate_is_running()) {
3353         vm_stop(RUN_STATE_PAUSED);
3354     }
3355 }
3356 #endif
3357 
3358 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3359                              bool *be_opened, Error **errp)
3360 {
3361     *be_opened = false;
3362 }
3363 
3364 static void char_gdb_class_init(ObjectClass *oc, void *data)
3365 {
3366     ChardevClass *cc = CHARDEV_CLASS(oc);
3367 
3368     cc->internal = true;
3369     cc->open = gdb_monitor_open;
3370     cc->chr_write = gdb_monitor_write;
3371 }
3372 
3373 #define TYPE_CHARDEV_GDB "chardev-gdb"
3374 
3375 static const TypeInfo char_gdb_type_info = {
3376     .name = TYPE_CHARDEV_GDB,
3377     .parent = TYPE_CHARDEV,
3378     .class_init = char_gdb_class_init,
3379 };
3380 
3381 static int find_cpu_clusters(Object *child, void *opaque)
3382 {
3383     if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3384         GDBState *s = (GDBState *) opaque;
3385         CPUClusterState *cluster = CPU_CLUSTER(child);
3386         GDBProcess *process;
3387 
3388         s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3389 
3390         process = &s->processes[s->process_num - 1];
3391 
3392         /*
3393          * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3394          * runtime, we enforce here that the machine does not use a cluster ID
3395          * that would lead to PID 0.
3396          */
3397         assert(cluster->cluster_id != UINT32_MAX);
3398         process->pid = cluster->cluster_id + 1;
3399         process->attached = false;
3400         process->target_xml[0] = '\0';
3401 
3402         return 0;
3403     }
3404 
3405     return object_child_foreach(child, find_cpu_clusters, opaque);
3406 }
3407 
3408 static int pid_order(const void *a, const void *b)
3409 {
3410     GDBProcess *pa = (GDBProcess *) a;
3411     GDBProcess *pb = (GDBProcess *) b;
3412 
3413     if (pa->pid < pb->pid) {
3414         return -1;
3415     } else if (pa->pid > pb->pid) {
3416         return 1;
3417     } else {
3418         return 0;
3419     }
3420 }
3421 
3422 static void create_processes(GDBState *s)
3423 {
3424     object_child_foreach(object_get_root(), find_cpu_clusters, s);
3425 
3426     if (gdbserver_state.processes) {
3427         /* Sort by PID */
3428         qsort(gdbserver_state.processes, gdbserver_state.process_num, sizeof(gdbserver_state.processes[0]), pid_order);
3429     }
3430 
3431     create_default_process(s);
3432 }
3433 
3434 int gdbserver_start(const char *device)
3435 {
3436     trace_gdbstub_op_start(device);
3437 
3438     char gdbstub_device_name[128];
3439     Chardev *chr = NULL;
3440     Chardev *mon_chr;
3441 
3442     if (!first_cpu) {
3443         error_report("gdbstub: meaningless to attach gdb to a "
3444                      "machine without any CPU.");
3445         return -1;
3446     }
3447 
3448     if (!gdb_supports_guest_debug()) {
3449         error_report("gdbstub: current accelerator doesn't support guest debugging");
3450         return -1;
3451     }
3452 
3453     if (!device)
3454         return -1;
3455     if (strcmp(device, "none") != 0) {
3456         if (strstart(device, "tcp:", NULL)) {
3457             /* enforce required TCP attributes */
3458             snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3459                      "%s,wait=off,nodelay=on,server=on", device);
3460             device = gdbstub_device_name;
3461         }
3462 #ifndef _WIN32
3463         else if (strcmp(device, "stdio") == 0) {
3464             struct sigaction act;
3465 
3466             memset(&act, 0, sizeof(act));
3467             act.sa_handler = gdb_sigterm_handler;
3468             sigaction(SIGINT, &act, NULL);
3469         }
3470 #endif
3471         /*
3472          * FIXME: it's a bit weird to allow using a mux chardev here
3473          * and implicitly setup a monitor. We may want to break this.
3474          */
3475         chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3476         if (!chr)
3477             return -1;
3478     }
3479 
3480     if (!gdbserver_state.init) {
3481         init_gdbserver_state();
3482 
3483         qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3484 
3485         /* Initialize a monitor terminal for gdb */
3486         mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3487                                    NULL, NULL, &error_abort);
3488         monitor_init_hmp(mon_chr, false, &error_abort);
3489     } else {
3490         qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3491         mon_chr = gdbserver_state.mon_chr;
3492         reset_gdbserver_state();
3493     }
3494 
3495     create_processes(&gdbserver_state);
3496 
3497     if (chr) {
3498         qemu_chr_fe_init(&gdbserver_state.chr, chr, &error_abort);
3499         qemu_chr_fe_set_handlers(&gdbserver_state.chr, gdb_chr_can_receive,
3500                                  gdb_chr_receive, gdb_chr_event,
3501                                  NULL, &gdbserver_state, NULL, true);
3502     }
3503     gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
3504     gdbserver_state.mon_chr = mon_chr;
3505     gdbserver_state.current_syscall_cb = NULL;
3506 
3507     return 0;
3508 }
3509 
3510 static void register_types(void)
3511 {
3512     type_register_static(&char_gdb_type_info);
3513 }
3514 
3515 type_init(register_types);
3516 #endif
3517