xref: /openbmc/qemu/gdbstub/gdbstub.c (revision 6b568e3f)
1 /*
2  * gdb server stub
3  *
4  * This implements a subset of the remote protocol as described in:
5  *
6  *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7  *
8  * Copyright (c) 2003-2005 Fabrice Bellard
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22  *
23  * SPDX-License-Identifier: LGPL-2.0+
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qemu/ctype.h"
28 #include "qemu/cutils.h"
29 #include "qemu/module.h"
30 #include "qemu/error-report.h"
31 #include "trace.h"
32 #include "exec/gdbstub.h"
33 #include "gdbstub/syscalls.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "gdbstub/user.h"
36 #else
37 #include "hw/cpu/cluster.h"
38 #include "hw/boards.h"
39 #endif
40 #include "hw/core/cpu.h"
41 
42 #include "sysemu/hw_accel.h"
43 #include "sysemu/runstate.h"
44 #include "exec/replay-core.h"
45 #include "exec/hwaddr.h"
46 
47 #include "internals.h"
48 
49 typedef struct GDBRegisterState {
50     int base_reg;
51     gdb_get_reg_cb get_reg;
52     gdb_set_reg_cb set_reg;
53     const GDBFeature *feature;
54 } GDBRegisterState;
55 
56 GDBState gdbserver_state;
57 
58 void gdb_init_gdbserver_state(void)
59 {
60     g_assert(!gdbserver_state.init);
61     memset(&gdbserver_state, 0, sizeof(GDBState));
62     gdbserver_state.init = true;
63     gdbserver_state.str_buf = g_string_new(NULL);
64     gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
65     gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
66 
67     /*
68      * What single-step modes are supported is accelerator dependent.
69      * By default try to use no IRQs and no timers while single
70      * stepping so as to make single stepping like a typical ICE HW step.
71      */
72     gdbserver_state.supported_sstep_flags = accel_supported_gdbstub_sstep_flags();
73     gdbserver_state.sstep_flags = SSTEP_ENABLE | SSTEP_NOIRQ | SSTEP_NOTIMER;
74     gdbserver_state.sstep_flags &= gdbserver_state.supported_sstep_flags;
75 }
76 
77 /* writes 2*len+1 bytes in buf */
78 void gdb_memtohex(GString *buf, const uint8_t *mem, int len)
79 {
80     int i, c;
81     for(i = 0; i < len; i++) {
82         c = mem[i];
83         g_string_append_c(buf, tohex(c >> 4));
84         g_string_append_c(buf, tohex(c & 0xf));
85     }
86     g_string_append_c(buf, '\0');
87 }
88 
89 void gdb_hextomem(GByteArray *mem, const char *buf, int len)
90 {
91     int i;
92 
93     for(i = 0; i < len; i++) {
94         guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
95         g_byte_array_append(mem, &byte, 1);
96         buf += 2;
97     }
98 }
99 
100 static void hexdump(const char *buf, int len,
101                     void (*trace_fn)(size_t ofs, char const *text))
102 {
103     char line_buffer[3 * 16 + 4 + 16 + 1];
104 
105     size_t i;
106     for (i = 0; i < len || (i & 0xF); ++i) {
107         size_t byte_ofs = i & 15;
108 
109         if (byte_ofs == 0) {
110             memset(line_buffer, ' ', 3 * 16 + 4 + 16);
111             line_buffer[3 * 16 + 4 + 16] = 0;
112         }
113 
114         size_t col_group = (i >> 2) & 3;
115         size_t hex_col = byte_ofs * 3 + col_group;
116         size_t txt_col = 3 * 16 + 4 + byte_ofs;
117 
118         if (i < len) {
119             char value = buf[i];
120 
121             line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
122             line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
123             line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
124                     ? value
125                     : '.';
126         }
127 
128         if (byte_ofs == 0xF)
129             trace_fn(i & -16, line_buffer);
130     }
131 }
132 
133 /* return -1 if error, 0 if OK */
134 int gdb_put_packet_binary(const char *buf, int len, bool dump)
135 {
136     int csum, i;
137     uint8_t footer[3];
138 
139     if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
140         hexdump(buf, len, trace_gdbstub_io_binaryreply);
141     }
142 
143     for(;;) {
144         g_byte_array_set_size(gdbserver_state.last_packet, 0);
145         g_byte_array_append(gdbserver_state.last_packet,
146                             (const uint8_t *) "$", 1);
147         g_byte_array_append(gdbserver_state.last_packet,
148                             (const uint8_t *) buf, len);
149         csum = 0;
150         for(i = 0; i < len; i++) {
151             csum += buf[i];
152         }
153         footer[0] = '#';
154         footer[1] = tohex((csum >> 4) & 0xf);
155         footer[2] = tohex((csum) & 0xf);
156         g_byte_array_append(gdbserver_state.last_packet, footer, 3);
157 
158         gdb_put_buffer(gdbserver_state.last_packet->data,
159                    gdbserver_state.last_packet->len);
160 
161         if (gdb_got_immediate_ack()) {
162             break;
163         }
164     }
165     return 0;
166 }
167 
168 /* return -1 if error, 0 if OK */
169 int gdb_put_packet(const char *buf)
170 {
171     trace_gdbstub_io_reply(buf);
172 
173     return gdb_put_packet_binary(buf, strlen(buf), false);
174 }
175 
176 void gdb_put_strbuf(void)
177 {
178     gdb_put_packet(gdbserver_state.str_buf->str);
179 }
180 
181 /* Encode data using the encoding for 'x' packets.  */
182 void gdb_memtox(GString *buf, const char *mem, int len)
183 {
184     char c;
185 
186     while (len--) {
187         c = *(mem++);
188         switch (c) {
189         case '#': case '$': case '*': case '}':
190             g_string_append_c(buf, '}');
191             g_string_append_c(buf, c ^ 0x20);
192             break;
193         default:
194             g_string_append_c(buf, c);
195             break;
196         }
197     }
198 }
199 
200 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
201 {
202 #ifdef CONFIG_USER_ONLY
203     return getpid();
204 #else
205     if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
206         /* Return the default process' PID */
207         int index = gdbserver_state.process_num - 1;
208         return gdbserver_state.processes[index].pid;
209     }
210     return cpu->cluster_index + 1;
211 #endif
212 }
213 
214 GDBProcess *gdb_get_process(uint32_t pid)
215 {
216     int i;
217 
218     if (!pid) {
219         /* 0 means any process, we take the first one */
220         return &gdbserver_state.processes[0];
221     }
222 
223     for (i = 0; i < gdbserver_state.process_num; i++) {
224         if (gdbserver_state.processes[i].pid == pid) {
225             return &gdbserver_state.processes[i];
226         }
227     }
228 
229     return NULL;
230 }
231 
232 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
233 {
234     return gdb_get_process(gdb_get_cpu_pid(cpu));
235 }
236 
237 static CPUState *find_cpu(uint32_t thread_id)
238 {
239     CPUState *cpu;
240 
241     CPU_FOREACH(cpu) {
242         if (gdb_get_cpu_index(cpu) == thread_id) {
243             return cpu;
244         }
245     }
246 
247     return NULL;
248 }
249 
250 CPUState *gdb_get_first_cpu_in_process(GDBProcess *process)
251 {
252     CPUState *cpu;
253 
254     CPU_FOREACH(cpu) {
255         if (gdb_get_cpu_pid(cpu) == process->pid) {
256             return cpu;
257         }
258     }
259 
260     return NULL;
261 }
262 
263 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
264 {
265     uint32_t pid = gdb_get_cpu_pid(cpu);
266     cpu = CPU_NEXT(cpu);
267 
268     while (cpu) {
269         if (gdb_get_cpu_pid(cpu) == pid) {
270             break;
271         }
272 
273         cpu = CPU_NEXT(cpu);
274     }
275 
276     return cpu;
277 }
278 
279 /* Return the cpu following @cpu, while ignoring unattached processes. */
280 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
281 {
282     cpu = CPU_NEXT(cpu);
283 
284     while (cpu) {
285         if (gdb_get_cpu_process(cpu)->attached) {
286             break;
287         }
288 
289         cpu = CPU_NEXT(cpu);
290     }
291 
292     return cpu;
293 }
294 
295 /* Return the first attached cpu */
296 CPUState *gdb_first_attached_cpu(void)
297 {
298     CPUState *cpu = first_cpu;
299     GDBProcess *process = gdb_get_cpu_process(cpu);
300 
301     if (!process->attached) {
302         return gdb_next_attached_cpu(cpu);
303     }
304 
305     return cpu;
306 }
307 
308 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
309 {
310     GDBProcess *process;
311     CPUState *cpu;
312 
313     if (!pid && !tid) {
314         /* 0 means any process/thread, we take the first attached one */
315         return gdb_first_attached_cpu();
316     } else if (pid && !tid) {
317         /* any thread in a specific process */
318         process = gdb_get_process(pid);
319 
320         if (process == NULL) {
321             return NULL;
322         }
323 
324         if (!process->attached) {
325             return NULL;
326         }
327 
328         return gdb_get_first_cpu_in_process(process);
329     } else {
330         /* a specific thread */
331         cpu = find_cpu(tid);
332 
333         if (cpu == NULL) {
334             return NULL;
335         }
336 
337         process = gdb_get_cpu_process(cpu);
338 
339         if (pid && process->pid != pid) {
340             return NULL;
341         }
342 
343         if (!process->attached) {
344             return NULL;
345         }
346 
347         return cpu;
348     }
349 }
350 
351 static const char *get_feature_xml(const char *p, const char **newp,
352                                    GDBProcess *process)
353 {
354     CPUState *cpu = gdb_get_first_cpu_in_process(process);
355     CPUClass *cc = CPU_GET_CLASS(cpu);
356     GDBRegisterState *r;
357     size_t len;
358 
359     /*
360      * qXfer:features:read:ANNEX:OFFSET,LENGTH'
361      *                     ^p    ^newp
362      */
363     char *term = strchr(p, ':');
364     *newp = term + 1;
365     len = term - p;
366 
367     /* Is it the main target xml? */
368     if (strncmp(p, "target.xml", len) == 0) {
369         if (!process->target_xml) {
370             g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free);
371 
372             g_ptr_array_add(
373                 xml,
374                 g_strdup("<?xml version=\"1.0\"?>"
375                          "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
376                          "<target>"));
377 
378             if (cc->gdb_arch_name) {
379                 g_ptr_array_add(
380                     xml,
381                     g_markup_printf_escaped("<architecture>%s</architecture>",
382                                             cc->gdb_arch_name(cpu)));
383             }
384             for (guint i = 0; i < cpu->gdb_regs->len; i++) {
385                 r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
386                 g_ptr_array_add(
387                     xml,
388                     g_markup_printf_escaped("<xi:include href=\"%s\"/>",
389                                             r->feature->xmlname));
390             }
391             g_ptr_array_add(xml, g_strdup("</target>"));
392             g_ptr_array_add(xml, NULL);
393 
394             process->target_xml = g_strjoinv(NULL, (void *)xml->pdata);
395         }
396         return process->target_xml;
397     }
398     /* Is it one of the features? */
399     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
400         r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
401         if (strncmp(p, r->feature->xmlname, len) == 0) {
402             return r->feature->xml;
403         }
404     }
405 
406     /* failed */
407     return NULL;
408 }
409 
410 void gdb_feature_builder_init(GDBFeatureBuilder *builder, GDBFeature *feature,
411                               const char *name, const char *xmlname,
412                               int base_reg)
413 {
414     char *header = g_markup_printf_escaped(
415         "<?xml version=\"1.0\"?>"
416         "<!DOCTYPE feature SYSTEM \"gdb-target.dtd\">"
417         "<feature name=\"%s\">",
418         name);
419 
420     builder->feature = feature;
421     builder->xml = g_ptr_array_new();
422     g_ptr_array_add(builder->xml, header);
423     builder->regs = g_ptr_array_new();
424     builder->base_reg = base_reg;
425     feature->xmlname = xmlname;
426     feature->name = name;
427 }
428 
429 void gdb_feature_builder_append_tag(const GDBFeatureBuilder *builder,
430                                     const char *format, ...)
431 {
432     va_list ap;
433     va_start(ap, format);
434     g_ptr_array_add(builder->xml, g_markup_vprintf_escaped(format, ap));
435     va_end(ap);
436 }
437 
438 void gdb_feature_builder_append_reg(const GDBFeatureBuilder *builder,
439                                     const char *name,
440                                     int bitsize,
441                                     int regnum,
442                                     const char *type,
443                                     const char *group)
444 {
445     if (builder->regs->len <= regnum) {
446         g_ptr_array_set_size(builder->regs, regnum + 1);
447     }
448 
449     builder->regs->pdata[regnum] = (gpointer *)name;
450 
451     if (group) {
452         gdb_feature_builder_append_tag(
453             builder,
454             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\" group=\"%s\"/>",
455             name, bitsize, builder->base_reg + regnum, type, group);
456     } else {
457         gdb_feature_builder_append_tag(
458             builder,
459             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\"/>",
460             name, bitsize, builder->base_reg + regnum, type);
461     }
462 }
463 
464 void gdb_feature_builder_end(const GDBFeatureBuilder *builder)
465 {
466     g_ptr_array_add(builder->xml, (void *)"</feature>");
467     g_ptr_array_add(builder->xml, NULL);
468 
469     builder->feature->xml = g_strjoinv(NULL, (void *)builder->xml->pdata);
470 
471     for (guint i = 0; i < builder->xml->len - 2; i++) {
472         g_free(g_ptr_array_index(builder->xml, i));
473     }
474 
475     g_ptr_array_free(builder->xml, TRUE);
476 
477     builder->feature->num_regs = builder->regs->len;
478     builder->feature->regs = (void *)g_ptr_array_free(builder->regs, FALSE);
479 }
480 
481 const GDBFeature *gdb_find_static_feature(const char *xmlname)
482 {
483     const GDBFeature *feature;
484 
485     for (feature = gdb_static_features; feature->xmlname; feature++) {
486         if (!strcmp(feature->xmlname, xmlname)) {
487             return feature;
488         }
489     }
490 
491     g_assert_not_reached();
492 }
493 
494 GArray *gdb_get_register_list(CPUState *cpu)
495 {
496     GArray *results = g_array_new(true, true, sizeof(GDBRegDesc));
497 
498     /* registers are only available once the CPU is initialised */
499     if (!cpu->gdb_regs) {
500         return results;
501     }
502 
503     for (int f = 0; f < cpu->gdb_regs->len; f++) {
504         GDBRegisterState *r = &g_array_index(cpu->gdb_regs, GDBRegisterState, f);
505         for (int i = 0; i < r->feature->num_regs; i++) {
506             const char *name = r->feature->regs[i];
507             GDBRegDesc desc = {
508                 r->base_reg + i,
509                 name,
510                 r->feature->name
511             };
512             g_array_append_val(results, desc);
513         }
514     }
515 
516     return results;
517 }
518 
519 int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
520 {
521     CPUClass *cc = CPU_GET_CLASS(cpu);
522     GDBRegisterState *r;
523 
524     if (reg < cc->gdb_num_core_regs) {
525         return cc->gdb_read_register(cpu, buf, reg);
526     }
527 
528     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
529         r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
530         if (r->base_reg <= reg && reg < r->base_reg + r->feature->num_regs) {
531             return r->get_reg(cpu, buf, reg - r->base_reg);
532         }
533     }
534     return 0;
535 }
536 
537 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
538 {
539     CPUClass *cc = CPU_GET_CLASS(cpu);
540     GDBRegisterState *r;
541 
542     if (reg < cc->gdb_num_core_regs) {
543         return cc->gdb_write_register(cpu, mem_buf, reg);
544     }
545 
546     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
547         r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
548         if (r->base_reg <= reg && reg < r->base_reg + r->feature->num_regs) {
549             return r->set_reg(cpu, mem_buf, reg - r->base_reg);
550         }
551     }
552     return 0;
553 }
554 
555 static void gdb_register_feature(CPUState *cpu, int base_reg,
556                                  gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
557                                  const GDBFeature *feature)
558 {
559     GDBRegisterState s = {
560         .base_reg = base_reg,
561         .get_reg = get_reg,
562         .set_reg = set_reg,
563         .feature = feature
564     };
565 
566     g_array_append_val(cpu->gdb_regs, s);
567 }
568 
569 void gdb_init_cpu(CPUState *cpu)
570 {
571     CPUClass *cc = CPU_GET_CLASS(cpu);
572     const GDBFeature *feature;
573 
574     cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
575 
576     if (cc->gdb_core_xml_file) {
577         feature = gdb_find_static_feature(cc->gdb_core_xml_file);
578         gdb_register_feature(cpu, 0,
579                              cc->gdb_read_register, cc->gdb_write_register,
580                              feature);
581         cpu->gdb_num_regs = cpu->gdb_num_g_regs = feature->num_regs;
582     }
583 
584     if (cc->gdb_num_core_regs) {
585         cpu->gdb_num_regs = cpu->gdb_num_g_regs = cc->gdb_num_core_regs;
586     }
587 }
588 
589 void gdb_register_coprocessor(CPUState *cpu,
590                               gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
591                               const GDBFeature *feature, int g_pos)
592 {
593     GDBRegisterState *s;
594     guint i;
595     int base_reg = cpu->gdb_num_regs;
596 
597     for (i = 0; i < cpu->gdb_regs->len; i++) {
598         /* Check for duplicates.  */
599         s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
600         if (s->feature == feature) {
601             return;
602         }
603     }
604 
605     gdb_register_feature(cpu, base_reg, get_reg, set_reg, feature);
606 
607     /* Add to end of list.  */
608     cpu->gdb_num_regs += feature->num_regs;
609     if (g_pos) {
610         if (g_pos != base_reg) {
611             error_report("Error: Bad gdb register numbering for '%s', "
612                          "expected %d got %d", feature->xml, g_pos, base_reg);
613         } else {
614             cpu->gdb_num_g_regs = cpu->gdb_num_regs;
615         }
616     }
617 }
618 
619 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
620 {
621     CPUState *cpu = gdb_get_first_cpu_in_process(p);
622 
623     while (cpu) {
624         gdb_breakpoint_remove_all(cpu);
625         cpu = gdb_next_cpu_in_process(cpu);
626     }
627 }
628 
629 
630 static void gdb_set_cpu_pc(vaddr pc)
631 {
632     CPUState *cpu = gdbserver_state.c_cpu;
633 
634     cpu_synchronize_state(cpu);
635     cpu_set_pc(cpu, pc);
636 }
637 
638 void gdb_append_thread_id(CPUState *cpu, GString *buf)
639 {
640     if (gdbserver_state.multiprocess) {
641         g_string_append_printf(buf, "p%02x.%02x",
642                                gdb_get_cpu_pid(cpu), gdb_get_cpu_index(cpu));
643     } else {
644         g_string_append_printf(buf, "%02x", gdb_get_cpu_index(cpu));
645     }
646 }
647 
648 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
649                                       uint32_t *pid, uint32_t *tid)
650 {
651     unsigned long p, t;
652     int ret;
653 
654     if (*buf == 'p') {
655         buf++;
656         ret = qemu_strtoul(buf, &buf, 16, &p);
657 
658         if (ret) {
659             return GDB_READ_THREAD_ERR;
660         }
661 
662         /* Skip '.' */
663         buf++;
664     } else {
665         p = 0;
666     }
667 
668     ret = qemu_strtoul(buf, &buf, 16, &t);
669 
670     if (ret) {
671         return GDB_READ_THREAD_ERR;
672     }
673 
674     *end_buf = buf;
675 
676     if (p == -1) {
677         return GDB_ALL_PROCESSES;
678     }
679 
680     if (pid) {
681         *pid = p;
682     }
683 
684     if (t == -1) {
685         return GDB_ALL_THREADS;
686     }
687 
688     if (tid) {
689         *tid = t;
690     }
691 
692     return GDB_ONE_THREAD;
693 }
694 
695 /**
696  * gdb_handle_vcont - Parses and handles a vCont packet.
697  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
698  *         a format error, 0 on success.
699  */
700 static int gdb_handle_vcont(const char *p)
701 {
702     int res, signal = 0;
703     char cur_action;
704     unsigned long tmp;
705     uint32_t pid, tid;
706     GDBProcess *process;
707     CPUState *cpu;
708     GDBThreadIdKind kind;
709     unsigned int max_cpus = gdb_get_max_cpus();
710     /* uninitialised CPUs stay 0 */
711     g_autofree char *newstates = g_new0(char, max_cpus);
712 
713     /* mark valid CPUs with 1 */
714     CPU_FOREACH(cpu) {
715         newstates[cpu->cpu_index] = 1;
716     }
717 
718     /*
719      * res keeps track of what error we are returning, with -ENOTSUP meaning
720      * that the command is unknown or unsupported, thus returning an empty
721      * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
722      *  or incorrect parameters passed.
723      */
724     res = 0;
725 
726     /*
727      * target_count and last_target keep track of how many CPUs we are going to
728      * step or resume, and a pointer to the state structure of one of them,
729      * respectively
730      */
731     int target_count = 0;
732     CPUState *last_target = NULL;
733 
734     while (*p) {
735         if (*p++ != ';') {
736             return -ENOTSUP;
737         }
738 
739         cur_action = *p++;
740         if (cur_action == 'C' || cur_action == 'S') {
741             cur_action = qemu_tolower(cur_action);
742             res = qemu_strtoul(p, &p, 16, &tmp);
743             if (res) {
744                 return res;
745             }
746             signal = gdb_signal_to_target(tmp);
747         } else if (cur_action != 'c' && cur_action != 's') {
748             /* unknown/invalid/unsupported command */
749             return -ENOTSUP;
750         }
751 
752         if (*p == '\0' || *p == ';') {
753             /*
754              * No thread specifier, action is on "all threads". The
755              * specification is unclear regarding the process to act on. We
756              * choose all processes.
757              */
758             kind = GDB_ALL_PROCESSES;
759         } else if (*p++ == ':') {
760             kind = read_thread_id(p, &p, &pid, &tid);
761         } else {
762             return -ENOTSUP;
763         }
764 
765         switch (kind) {
766         case GDB_READ_THREAD_ERR:
767             return -EINVAL;
768 
769         case GDB_ALL_PROCESSES:
770             cpu = gdb_first_attached_cpu();
771             while (cpu) {
772                 if (newstates[cpu->cpu_index] == 1) {
773                     newstates[cpu->cpu_index] = cur_action;
774 
775                     target_count++;
776                     last_target = cpu;
777                 }
778 
779                 cpu = gdb_next_attached_cpu(cpu);
780             }
781             break;
782 
783         case GDB_ALL_THREADS:
784             process = gdb_get_process(pid);
785 
786             if (!process->attached) {
787                 return -EINVAL;
788             }
789 
790             cpu = gdb_get_first_cpu_in_process(process);
791             while (cpu) {
792                 if (newstates[cpu->cpu_index] == 1) {
793                     newstates[cpu->cpu_index] = cur_action;
794 
795                     target_count++;
796                     last_target = cpu;
797                 }
798 
799                 cpu = gdb_next_cpu_in_process(cpu);
800             }
801             break;
802 
803         case GDB_ONE_THREAD:
804             cpu = gdb_get_cpu(pid, tid);
805 
806             /* invalid CPU/thread specified */
807             if (!cpu) {
808                 return -EINVAL;
809             }
810 
811             /* only use if no previous match occourred */
812             if (newstates[cpu->cpu_index] == 1) {
813                 newstates[cpu->cpu_index] = cur_action;
814 
815                 target_count++;
816                 last_target = cpu;
817             }
818             break;
819         }
820     }
821 
822     /*
823      * if we're about to resume a specific set of CPUs/threads, make it so that
824      * in case execution gets interrupted, we can send GDB a stop reply with a
825      * correct value. it doesn't really matter which CPU we tell GDB the signal
826      * happened in (VM pauses stop all of them anyway), so long as it is one of
827      * the ones we resumed/single stepped here.
828      */
829     if (target_count > 0) {
830         gdbserver_state.c_cpu = last_target;
831     }
832 
833     gdbserver_state.signal = signal;
834     gdb_continue_partial(newstates);
835     return res;
836 }
837 
838 static const char *cmd_next_param(const char *param, const char delimiter)
839 {
840     static const char all_delimiters[] = ",;:=";
841     char curr_delimiters[2] = {0};
842     const char *delimiters;
843 
844     if (delimiter == '?') {
845         delimiters = all_delimiters;
846     } else if (delimiter == '0') {
847         return strchr(param, '\0');
848     } else if (delimiter == '.' && *param) {
849         return param + 1;
850     } else {
851         curr_delimiters[0] = delimiter;
852         delimiters = curr_delimiters;
853     }
854 
855     param += strcspn(param, delimiters);
856     if (*param) {
857         param++;
858     }
859     return param;
860 }
861 
862 static int cmd_parse_params(const char *data, const char *schema,
863                             GArray *params)
864 {
865     const char *curr_schema, *curr_data;
866 
867     g_assert(schema);
868     g_assert(params->len == 0);
869 
870     curr_schema = schema;
871     curr_data = data;
872     while (curr_schema[0] && curr_schema[1] && *curr_data) {
873         GdbCmdVariant this_param;
874 
875         switch (curr_schema[0]) {
876         case 'l':
877             if (qemu_strtoul(curr_data, &curr_data, 16,
878                              &this_param.val_ul)) {
879                 return -EINVAL;
880             }
881             curr_data = cmd_next_param(curr_data, curr_schema[1]);
882             g_array_append_val(params, this_param);
883             break;
884         case 'L':
885             if (qemu_strtou64(curr_data, &curr_data, 16,
886                               (uint64_t *)&this_param.val_ull)) {
887                 return -EINVAL;
888             }
889             curr_data = cmd_next_param(curr_data, curr_schema[1]);
890             g_array_append_val(params, this_param);
891             break;
892         case 's':
893             this_param.data = curr_data;
894             curr_data = cmd_next_param(curr_data, curr_schema[1]);
895             g_array_append_val(params, this_param);
896             break;
897         case 'o':
898             this_param.opcode = *(uint8_t *)curr_data;
899             curr_data = cmd_next_param(curr_data, curr_schema[1]);
900             g_array_append_val(params, this_param);
901             break;
902         case 't':
903             this_param.thread_id.kind =
904                 read_thread_id(curr_data, &curr_data,
905                                &this_param.thread_id.pid,
906                                &this_param.thread_id.tid);
907             curr_data = cmd_next_param(curr_data, curr_schema[1]);
908             g_array_append_val(params, this_param);
909             break;
910         case '?':
911             curr_data = cmd_next_param(curr_data, curr_schema[1]);
912             break;
913         default:
914             return -EINVAL;
915         }
916         curr_schema += 2;
917     }
918 
919     return 0;
920 }
921 
922 typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
923 
924 /*
925  * cmd_startswith -> cmd is compared using startswith
926  *
927  * allow_stop_reply -> true iff the gdbstub can respond to this command with a
928  *   "stop reply" packet. The list of commands that accept such response is
929  *   defined at the GDB Remote Serial Protocol documentation. see:
930  *   https://sourceware.org/gdb/onlinedocs/gdb/Stop-Reply-Packets.html#Stop-Reply-Packets.
931  *
932  * schema definitions:
933  * Each schema parameter entry consists of 2 chars,
934  * the first char represents the parameter type handling
935  * the second char represents the delimiter for the next parameter
936  *
937  * Currently supported schema types:
938  * 'l' -> unsigned long (stored in .val_ul)
939  * 'L' -> unsigned long long (stored in .val_ull)
940  * 's' -> string (stored in .data)
941  * 'o' -> single char (stored in .opcode)
942  * 't' -> thread id (stored in .thread_id)
943  * '?' -> skip according to delimiter
944  *
945  * Currently supported delimiters:
946  * '?' -> Stop at any delimiter (",;:=\0")
947  * '0' -> Stop at "\0"
948  * '.' -> Skip 1 char unless reached "\0"
949  * Any other value is treated as the delimiter value itself
950  */
951 typedef struct GdbCmdParseEntry {
952     GdbCmdHandler handler;
953     const char *cmd;
954     bool cmd_startswith;
955     const char *schema;
956     bool allow_stop_reply;
957 } GdbCmdParseEntry;
958 
959 static inline int startswith(const char *string, const char *pattern)
960 {
961   return !strncmp(string, pattern, strlen(pattern));
962 }
963 
964 static int process_string_cmd(const char *data,
965                               const GdbCmdParseEntry *cmds, int num_cmds)
966 {
967     int i;
968     g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
969 
970     if (!cmds) {
971         return -1;
972     }
973 
974     for (i = 0; i < num_cmds; i++) {
975         const GdbCmdParseEntry *cmd = &cmds[i];
976         g_assert(cmd->handler && cmd->cmd);
977 
978         if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
979             (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
980             continue;
981         }
982 
983         if (cmd->schema) {
984             if (cmd_parse_params(&data[strlen(cmd->cmd)],
985                                  cmd->schema, params)) {
986                 return -1;
987             }
988         }
989 
990         gdbserver_state.allow_stop_reply = cmd->allow_stop_reply;
991         cmd->handler(params, NULL);
992         return 0;
993     }
994 
995     return -1;
996 }
997 
998 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
999 {
1000     if (!data) {
1001         return;
1002     }
1003 
1004     g_string_set_size(gdbserver_state.str_buf, 0);
1005     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1006 
1007     /* In case there was an error during the command parsing we must
1008     * send a NULL packet to indicate the command is not supported */
1009     if (process_string_cmd(data, cmd, 1)) {
1010         gdb_put_packet("");
1011     }
1012 }
1013 
1014 static void handle_detach(GArray *params, void *user_ctx)
1015 {
1016     GDBProcess *process;
1017     uint32_t pid = 1;
1018 
1019     if (gdbserver_state.multiprocess) {
1020         if (!params->len) {
1021             gdb_put_packet("E22");
1022             return;
1023         }
1024 
1025         pid = get_param(params, 0)->val_ul;
1026     }
1027 
1028 #ifdef CONFIG_USER_ONLY
1029     if (gdb_handle_detach_user(pid)) {
1030         return;
1031     }
1032 #endif
1033 
1034     process = gdb_get_process(pid);
1035     gdb_process_breakpoint_remove_all(process);
1036     process->attached = false;
1037 
1038     if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1039         gdbserver_state.c_cpu = gdb_first_attached_cpu();
1040     }
1041 
1042     if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1043         gdbserver_state.g_cpu = gdb_first_attached_cpu();
1044     }
1045 
1046     if (!gdbserver_state.c_cpu) {
1047         /* No more process attached */
1048         gdb_disable_syscalls();
1049         gdb_continue();
1050     }
1051     gdb_put_packet("OK");
1052 }
1053 
1054 static void handle_thread_alive(GArray *params, void *user_ctx)
1055 {
1056     CPUState *cpu;
1057 
1058     if (!params->len) {
1059         gdb_put_packet("E22");
1060         return;
1061     }
1062 
1063     if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1064         gdb_put_packet("E22");
1065         return;
1066     }
1067 
1068     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1069                       get_param(params, 0)->thread_id.tid);
1070     if (!cpu) {
1071         gdb_put_packet("E22");
1072         return;
1073     }
1074 
1075     gdb_put_packet("OK");
1076 }
1077 
1078 static void handle_continue(GArray *params, void *user_ctx)
1079 {
1080     if (params->len) {
1081         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1082     }
1083 
1084     gdbserver_state.signal = 0;
1085     gdb_continue();
1086 }
1087 
1088 static void handle_cont_with_sig(GArray *params, void *user_ctx)
1089 {
1090     unsigned long signal = 0;
1091 
1092     /*
1093      * Note: C sig;[addr] is currently unsupported and we simply
1094      *       omit the addr parameter
1095      */
1096     if (params->len) {
1097         signal = get_param(params, 0)->val_ul;
1098     }
1099 
1100     gdbserver_state.signal = gdb_signal_to_target(signal);
1101     if (gdbserver_state.signal == -1) {
1102         gdbserver_state.signal = 0;
1103     }
1104     gdb_continue();
1105 }
1106 
1107 static void handle_set_thread(GArray *params, void *user_ctx)
1108 {
1109     uint32_t pid, tid;
1110     CPUState *cpu;
1111 
1112     if (params->len != 2) {
1113         gdb_put_packet("E22");
1114         return;
1115     }
1116 
1117     if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1118         gdb_put_packet("E22");
1119         return;
1120     }
1121 
1122     if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1123         gdb_put_packet("OK");
1124         return;
1125     }
1126 
1127     pid = get_param(params, 1)->thread_id.pid;
1128     tid = get_param(params, 1)->thread_id.tid;
1129 #ifdef CONFIG_USER_ONLY
1130     if (gdb_handle_set_thread_user(pid, tid)) {
1131         return;
1132     }
1133 #endif
1134     cpu = gdb_get_cpu(pid, tid);
1135     if (!cpu) {
1136         gdb_put_packet("E22");
1137         return;
1138     }
1139 
1140     /*
1141      * Note: This command is deprecated and modern gdb's will be using the
1142      *       vCont command instead.
1143      */
1144     switch (get_param(params, 0)->opcode) {
1145     case 'c':
1146         gdbserver_state.c_cpu = cpu;
1147         gdb_put_packet("OK");
1148         break;
1149     case 'g':
1150         gdbserver_state.g_cpu = cpu;
1151         gdb_put_packet("OK");
1152         break;
1153     default:
1154         gdb_put_packet("E22");
1155         break;
1156     }
1157 }
1158 
1159 static void handle_insert_bp(GArray *params, void *user_ctx)
1160 {
1161     int res;
1162 
1163     if (params->len != 3) {
1164         gdb_put_packet("E22");
1165         return;
1166     }
1167 
1168     res = gdb_breakpoint_insert(gdbserver_state.c_cpu,
1169                                 get_param(params, 0)->val_ul,
1170                                 get_param(params, 1)->val_ull,
1171                                 get_param(params, 2)->val_ull);
1172     if (res >= 0) {
1173         gdb_put_packet("OK");
1174         return;
1175     } else if (res == -ENOSYS) {
1176         gdb_put_packet("");
1177         return;
1178     }
1179 
1180     gdb_put_packet("E22");
1181 }
1182 
1183 static void handle_remove_bp(GArray *params, void *user_ctx)
1184 {
1185     int res;
1186 
1187     if (params->len != 3) {
1188         gdb_put_packet("E22");
1189         return;
1190     }
1191 
1192     res = gdb_breakpoint_remove(gdbserver_state.c_cpu,
1193                                 get_param(params, 0)->val_ul,
1194                                 get_param(params, 1)->val_ull,
1195                                 get_param(params, 2)->val_ull);
1196     if (res >= 0) {
1197         gdb_put_packet("OK");
1198         return;
1199     } else if (res == -ENOSYS) {
1200         gdb_put_packet("");
1201         return;
1202     }
1203 
1204     gdb_put_packet("E22");
1205 }
1206 
1207 /*
1208  * handle_set/get_reg
1209  *
1210  * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1211  * This works, but can be very slow. Anything new enough to understand
1212  * XML also knows how to use this properly. However to use this we
1213  * need to define a local XML file as well as be talking to a
1214  * reasonably modern gdb. Responding with an empty packet will cause
1215  * the remote gdb to fallback to older methods.
1216  */
1217 
1218 static void handle_set_reg(GArray *params, void *user_ctx)
1219 {
1220     int reg_size;
1221 
1222     if (params->len != 2) {
1223         gdb_put_packet("E22");
1224         return;
1225     }
1226 
1227     reg_size = strlen(get_param(params, 1)->data) / 2;
1228     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1229     gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1230                        get_param(params, 0)->val_ull);
1231     gdb_put_packet("OK");
1232 }
1233 
1234 static void handle_get_reg(GArray *params, void *user_ctx)
1235 {
1236     int reg_size;
1237 
1238     if (!params->len) {
1239         gdb_put_packet("E14");
1240         return;
1241     }
1242 
1243     reg_size = gdb_read_register(gdbserver_state.g_cpu,
1244                                  gdbserver_state.mem_buf,
1245                                  get_param(params, 0)->val_ull);
1246     if (!reg_size) {
1247         gdb_put_packet("E14");
1248         return;
1249     } else {
1250         g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1251     }
1252 
1253     gdb_memtohex(gdbserver_state.str_buf,
1254                  gdbserver_state.mem_buf->data, reg_size);
1255     gdb_put_strbuf();
1256 }
1257 
1258 static void handle_write_mem(GArray *params, void *user_ctx)
1259 {
1260     if (params->len != 3) {
1261         gdb_put_packet("E22");
1262         return;
1263     }
1264 
1265     /* gdb_hextomem() reads 2*len bytes */
1266     if (get_param(params, 1)->val_ull >
1267         strlen(get_param(params, 2)->data) / 2) {
1268         gdb_put_packet("E22");
1269         return;
1270     }
1271 
1272     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1273                  get_param(params, 1)->val_ull);
1274     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1275                                    get_param(params, 0)->val_ull,
1276                                    gdbserver_state.mem_buf->data,
1277                                    gdbserver_state.mem_buf->len, true)) {
1278         gdb_put_packet("E14");
1279         return;
1280     }
1281 
1282     gdb_put_packet("OK");
1283 }
1284 
1285 static void handle_read_mem(GArray *params, void *user_ctx)
1286 {
1287     if (params->len != 2) {
1288         gdb_put_packet("E22");
1289         return;
1290     }
1291 
1292     /* gdb_memtohex() doubles the required space */
1293     if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1294         gdb_put_packet("E22");
1295         return;
1296     }
1297 
1298     g_byte_array_set_size(gdbserver_state.mem_buf,
1299                           get_param(params, 1)->val_ull);
1300 
1301     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1302                                    get_param(params, 0)->val_ull,
1303                                    gdbserver_state.mem_buf->data,
1304                                    gdbserver_state.mem_buf->len, false)) {
1305         gdb_put_packet("E14");
1306         return;
1307     }
1308 
1309     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1310              gdbserver_state.mem_buf->len);
1311     gdb_put_strbuf();
1312 }
1313 
1314 static void handle_write_all_regs(GArray *params, void *user_ctx)
1315 {
1316     int reg_id;
1317     size_t len;
1318     uint8_t *registers;
1319     int reg_size;
1320 
1321     if (!params->len) {
1322         return;
1323     }
1324 
1325     cpu_synchronize_state(gdbserver_state.g_cpu);
1326     len = strlen(get_param(params, 0)->data) / 2;
1327     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1328     registers = gdbserver_state.mem_buf->data;
1329     for (reg_id = 0;
1330          reg_id < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1331          reg_id++) {
1332         reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, reg_id);
1333         len -= reg_size;
1334         registers += reg_size;
1335     }
1336     gdb_put_packet("OK");
1337 }
1338 
1339 static void handle_read_all_regs(GArray *params, void *user_ctx)
1340 {
1341     int reg_id;
1342     size_t len;
1343 
1344     cpu_synchronize_state(gdbserver_state.g_cpu);
1345     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1346     len = 0;
1347     for (reg_id = 0; reg_id < gdbserver_state.g_cpu->gdb_num_g_regs; reg_id++) {
1348         len += gdb_read_register(gdbserver_state.g_cpu,
1349                                  gdbserver_state.mem_buf,
1350                                  reg_id);
1351     }
1352     g_assert(len == gdbserver_state.mem_buf->len);
1353 
1354     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1355     gdb_put_strbuf();
1356 }
1357 
1358 
1359 static void handle_step(GArray *params, void *user_ctx)
1360 {
1361     if (params->len) {
1362         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1363     }
1364 
1365     cpu_single_step(gdbserver_state.c_cpu, gdbserver_state.sstep_flags);
1366     gdb_continue();
1367 }
1368 
1369 static void handle_backward(GArray *params, void *user_ctx)
1370 {
1371     if (!gdb_can_reverse()) {
1372         gdb_put_packet("E22");
1373     }
1374     if (params->len == 1) {
1375         switch (get_param(params, 0)->opcode) {
1376         case 's':
1377             if (replay_reverse_step()) {
1378                 gdb_continue();
1379             } else {
1380                 gdb_put_packet("E14");
1381             }
1382             return;
1383         case 'c':
1384             if (replay_reverse_continue()) {
1385                 gdb_continue();
1386             } else {
1387                 gdb_put_packet("E14");
1388             }
1389             return;
1390         }
1391     }
1392 
1393     /* Default invalid command */
1394     gdb_put_packet("");
1395 }
1396 
1397 static void handle_v_cont_query(GArray *params, void *user_ctx)
1398 {
1399     gdb_put_packet("vCont;c;C;s;S");
1400 }
1401 
1402 static void handle_v_cont(GArray *params, void *user_ctx)
1403 {
1404     int res;
1405 
1406     if (!params->len) {
1407         return;
1408     }
1409 
1410     res = gdb_handle_vcont(get_param(params, 0)->data);
1411     if ((res == -EINVAL) || (res == -ERANGE)) {
1412         gdb_put_packet("E22");
1413     } else if (res) {
1414         gdb_put_packet("");
1415     }
1416 }
1417 
1418 static void handle_v_attach(GArray *params, void *user_ctx)
1419 {
1420     GDBProcess *process;
1421     CPUState *cpu;
1422 
1423     g_string_assign(gdbserver_state.str_buf, "E22");
1424     if (!params->len) {
1425         goto cleanup;
1426     }
1427 
1428     process = gdb_get_process(get_param(params, 0)->val_ul);
1429     if (!process) {
1430         goto cleanup;
1431     }
1432 
1433     cpu = gdb_get_first_cpu_in_process(process);
1434     if (!cpu) {
1435         goto cleanup;
1436     }
1437 
1438     process->attached = true;
1439     gdbserver_state.g_cpu = cpu;
1440     gdbserver_state.c_cpu = cpu;
1441 
1442     if (gdbserver_state.allow_stop_reply) {
1443         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1444         gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1445         g_string_append_c(gdbserver_state.str_buf, ';');
1446         gdbserver_state.allow_stop_reply = false;
1447 cleanup:
1448         gdb_put_strbuf();
1449     }
1450 }
1451 
1452 static void handle_v_kill(GArray *params, void *user_ctx)
1453 {
1454     /* Kill the target */
1455     gdb_put_packet("OK");
1456     error_report("QEMU: Terminated via GDBstub");
1457     gdb_exit(0);
1458     gdb_qemu_exit(0);
1459 }
1460 
1461 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1462     /* Order is important if has same prefix */
1463     {
1464         .handler = handle_v_cont_query,
1465         .cmd = "Cont?",
1466         .cmd_startswith = 1
1467     },
1468     {
1469         .handler = handle_v_cont,
1470         .cmd = "Cont",
1471         .cmd_startswith = 1,
1472         .allow_stop_reply = true,
1473         .schema = "s0"
1474     },
1475     {
1476         .handler = handle_v_attach,
1477         .cmd = "Attach;",
1478         .cmd_startswith = 1,
1479         .allow_stop_reply = true,
1480         .schema = "l0"
1481     },
1482     {
1483         .handler = handle_v_kill,
1484         .cmd = "Kill;",
1485         .cmd_startswith = 1
1486     },
1487 #ifdef CONFIG_USER_ONLY
1488     /*
1489      * Host I/O Packets. See [1] for details.
1490      * [1] https://sourceware.org/gdb/onlinedocs/gdb/Host-I_002fO-Packets.html
1491      */
1492     {
1493         .handler = gdb_handle_v_file_open,
1494         .cmd = "File:open:",
1495         .cmd_startswith = 1,
1496         .schema = "s,L,L0"
1497     },
1498     {
1499         .handler = gdb_handle_v_file_close,
1500         .cmd = "File:close:",
1501         .cmd_startswith = 1,
1502         .schema = "l0"
1503     },
1504     {
1505         .handler = gdb_handle_v_file_pread,
1506         .cmd = "File:pread:",
1507         .cmd_startswith = 1,
1508         .schema = "l,L,L0"
1509     },
1510     {
1511         .handler = gdb_handle_v_file_readlink,
1512         .cmd = "File:readlink:",
1513         .cmd_startswith = 1,
1514         .schema = "s0"
1515     },
1516 #endif
1517 };
1518 
1519 static void handle_v_commands(GArray *params, void *user_ctx)
1520 {
1521     if (!params->len) {
1522         return;
1523     }
1524 
1525     if (process_string_cmd(get_param(params, 0)->data,
1526                            gdb_v_commands_table,
1527                            ARRAY_SIZE(gdb_v_commands_table))) {
1528         gdb_put_packet("");
1529     }
1530 }
1531 
1532 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
1533 {
1534     g_string_printf(gdbserver_state.str_buf, "ENABLE=%x", SSTEP_ENABLE);
1535 
1536     if (gdbserver_state.supported_sstep_flags & SSTEP_NOIRQ) {
1537         g_string_append_printf(gdbserver_state.str_buf, ",NOIRQ=%x",
1538                                SSTEP_NOIRQ);
1539     }
1540 
1541     if (gdbserver_state.supported_sstep_flags & SSTEP_NOTIMER) {
1542         g_string_append_printf(gdbserver_state.str_buf, ",NOTIMER=%x",
1543                                SSTEP_NOTIMER);
1544     }
1545 
1546     gdb_put_strbuf();
1547 }
1548 
1549 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
1550 {
1551     int new_sstep_flags;
1552 
1553     if (!params->len) {
1554         return;
1555     }
1556 
1557     new_sstep_flags = get_param(params, 0)->val_ul;
1558 
1559     if (new_sstep_flags  & ~gdbserver_state.supported_sstep_flags) {
1560         gdb_put_packet("E22");
1561         return;
1562     }
1563 
1564     gdbserver_state.sstep_flags = new_sstep_flags;
1565     gdb_put_packet("OK");
1566 }
1567 
1568 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
1569 {
1570     g_string_printf(gdbserver_state.str_buf, "0x%x",
1571                     gdbserver_state.sstep_flags);
1572     gdb_put_strbuf();
1573 }
1574 
1575 static void handle_query_curr_tid(GArray *params, void *user_ctx)
1576 {
1577     CPUState *cpu;
1578     GDBProcess *process;
1579 
1580     /*
1581      * "Current thread" remains vague in the spec, so always return
1582      * the first thread of the current process (gdb returns the
1583      * first thread).
1584      */
1585     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1586     cpu = gdb_get_first_cpu_in_process(process);
1587     g_string_assign(gdbserver_state.str_buf, "QC");
1588     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1589     gdb_put_strbuf();
1590 }
1591 
1592 static void handle_query_threads(GArray *params, void *user_ctx)
1593 {
1594     if (!gdbserver_state.query_cpu) {
1595         gdb_put_packet("l");
1596         return;
1597     }
1598 
1599     g_string_assign(gdbserver_state.str_buf, "m");
1600     gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
1601     gdb_put_strbuf();
1602     gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
1603 }
1604 
1605 static void handle_query_first_threads(GArray *params, void *user_ctx)
1606 {
1607     gdbserver_state.query_cpu = gdb_first_attached_cpu();
1608     handle_query_threads(params, user_ctx);
1609 }
1610 
1611 static void handle_query_thread_extra(GArray *params, void *user_ctx)
1612 {
1613     g_autoptr(GString) rs = g_string_new(NULL);
1614     CPUState *cpu;
1615 
1616     if (!params->len ||
1617         get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1618         gdb_put_packet("E22");
1619         return;
1620     }
1621 
1622     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1623                       get_param(params, 0)->thread_id.tid);
1624     if (!cpu) {
1625         return;
1626     }
1627 
1628     cpu_synchronize_state(cpu);
1629 
1630     if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
1631         /* Print the CPU model and name in multiprocess mode */
1632         ObjectClass *oc = object_get_class(OBJECT(cpu));
1633         const char *cpu_model = object_class_get_name(oc);
1634         const char *cpu_name =
1635             object_get_canonical_path_component(OBJECT(cpu));
1636         g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
1637                         cpu->halted ? "halted " : "running");
1638     } else {
1639         g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
1640                         cpu->halted ? "halted " : "running");
1641     }
1642     trace_gdbstub_op_extra_info(rs->str);
1643     gdb_memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
1644     gdb_put_strbuf();
1645 }
1646 
1647 static void handle_query_supported(GArray *params, void *user_ctx)
1648 {
1649     CPUClass *cc;
1650 
1651     g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
1652     cc = CPU_GET_CLASS(first_cpu);
1653     if (cc->gdb_core_xml_file) {
1654         g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
1655     }
1656 
1657     if (gdb_can_reverse()) {
1658         g_string_append(gdbserver_state.str_buf,
1659             ";ReverseStep+;ReverseContinue+");
1660     }
1661 
1662 #if defined(CONFIG_USER_ONLY)
1663 #if defined(CONFIG_LINUX)
1664     if (gdbserver_state.c_cpu->opaque) {
1665         g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
1666     }
1667     g_string_append(gdbserver_state.str_buf, ";QCatchSyscalls+");
1668 
1669     g_string_append(gdbserver_state.str_buf, ";qXfer:siginfo:read+");
1670 #endif
1671     g_string_append(gdbserver_state.str_buf, ";qXfer:exec-file:read+");
1672 #endif
1673 
1674     if (params->len) {
1675         const char *gdb_supported = get_param(params, 0)->data;
1676 
1677         if (strstr(gdb_supported, "multiprocess+")) {
1678             gdbserver_state.multiprocess = true;
1679         }
1680 #if defined(CONFIG_USER_ONLY)
1681         gdb_handle_query_supported_user(gdb_supported);
1682 #endif
1683     }
1684 
1685     g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
1686     gdb_put_strbuf();
1687 }
1688 
1689 static void handle_query_xfer_features(GArray *params, void *user_ctx)
1690 {
1691     GDBProcess *process;
1692     CPUClass *cc;
1693     unsigned long len, total_len, addr;
1694     const char *xml;
1695     const char *p;
1696 
1697     if (params->len < 3) {
1698         gdb_put_packet("E22");
1699         return;
1700     }
1701 
1702     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1703     cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
1704     if (!cc->gdb_core_xml_file) {
1705         gdb_put_packet("");
1706         return;
1707     }
1708 
1709     p = get_param(params, 0)->data;
1710     xml = get_feature_xml(p, &p, process);
1711     if (!xml) {
1712         gdb_put_packet("E00");
1713         return;
1714     }
1715 
1716     addr = get_param(params, 1)->val_ul;
1717     len = get_param(params, 2)->val_ul;
1718     total_len = strlen(xml);
1719     if (addr > total_len) {
1720         gdb_put_packet("E00");
1721         return;
1722     }
1723 
1724     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
1725         len = (MAX_PACKET_LENGTH - 5) / 2;
1726     }
1727 
1728     if (len < total_len - addr) {
1729         g_string_assign(gdbserver_state.str_buf, "m");
1730         gdb_memtox(gdbserver_state.str_buf, xml + addr, len);
1731     } else {
1732         g_string_assign(gdbserver_state.str_buf, "l");
1733         gdb_memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
1734     }
1735 
1736     gdb_put_packet_binary(gdbserver_state.str_buf->str,
1737                       gdbserver_state.str_buf->len, true);
1738 }
1739 
1740 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
1741 {
1742     g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
1743 #ifndef CONFIG_USER_ONLY
1744     g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
1745 #endif
1746     gdb_put_strbuf();
1747 }
1748 
1749 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
1750     /* Order is important if has same prefix */
1751     {
1752         .handler = handle_query_qemu_sstepbits,
1753         .cmd = "qemu.sstepbits",
1754     },
1755     {
1756         .handler = handle_query_qemu_sstep,
1757         .cmd = "qemu.sstep",
1758     },
1759     {
1760         .handler = handle_set_qemu_sstep,
1761         .cmd = "qemu.sstep=",
1762         .cmd_startswith = 1,
1763         .schema = "l0"
1764     },
1765 };
1766 
1767 static const GdbCmdParseEntry gdb_gen_query_table[] = {
1768     {
1769         .handler = handle_query_curr_tid,
1770         .cmd = "C",
1771     },
1772     {
1773         .handler = handle_query_threads,
1774         .cmd = "sThreadInfo",
1775     },
1776     {
1777         .handler = handle_query_first_threads,
1778         .cmd = "fThreadInfo",
1779     },
1780     {
1781         .handler = handle_query_thread_extra,
1782         .cmd = "ThreadExtraInfo,",
1783         .cmd_startswith = 1,
1784         .schema = "t0"
1785     },
1786 #ifdef CONFIG_USER_ONLY
1787     {
1788         .handler = gdb_handle_query_offsets,
1789         .cmd = "Offsets",
1790     },
1791 #else
1792     {
1793         .handler = gdb_handle_query_rcmd,
1794         .cmd = "Rcmd,",
1795         .cmd_startswith = 1,
1796         .schema = "s0"
1797     },
1798 #endif
1799     {
1800         .handler = handle_query_supported,
1801         .cmd = "Supported:",
1802         .cmd_startswith = 1,
1803         .schema = "s0"
1804     },
1805     {
1806         .handler = handle_query_supported,
1807         .cmd = "Supported",
1808         .schema = "s0"
1809     },
1810     {
1811         .handler = handle_query_xfer_features,
1812         .cmd = "Xfer:features:read:",
1813         .cmd_startswith = 1,
1814         .schema = "s:l,l0"
1815     },
1816 #if defined(CONFIG_USER_ONLY)
1817 #if defined(CONFIG_LINUX)
1818     {
1819         .handler = gdb_handle_query_xfer_auxv,
1820         .cmd = "Xfer:auxv:read::",
1821         .cmd_startswith = 1,
1822         .schema = "l,l0"
1823     },
1824     {
1825         .handler = gdb_handle_query_xfer_siginfo,
1826         .cmd = "Xfer:siginfo:read::",
1827         .cmd_startswith = 1,
1828         .schema = "l,l0"
1829      },
1830 #endif
1831     {
1832         .handler = gdb_handle_query_xfer_exec_file,
1833         .cmd = "Xfer:exec-file:read:",
1834         .cmd_startswith = 1,
1835         .schema = "l:l,l0"
1836     },
1837 #endif
1838     {
1839         .handler = gdb_handle_query_attached,
1840         .cmd = "Attached:",
1841         .cmd_startswith = 1
1842     },
1843     {
1844         .handler = gdb_handle_query_attached,
1845         .cmd = "Attached",
1846     },
1847     {
1848         .handler = handle_query_qemu_supported,
1849         .cmd = "qemu.Supported",
1850     },
1851 #ifndef CONFIG_USER_ONLY
1852     {
1853         .handler = gdb_handle_query_qemu_phy_mem_mode,
1854         .cmd = "qemu.PhyMemMode",
1855     },
1856 #endif
1857 };
1858 
1859 static const GdbCmdParseEntry gdb_gen_set_table[] = {
1860     /* Order is important if has same prefix */
1861     {
1862         .handler = handle_set_qemu_sstep,
1863         .cmd = "qemu.sstep:",
1864         .cmd_startswith = 1,
1865         .schema = "l0"
1866     },
1867 #ifndef CONFIG_USER_ONLY
1868     {
1869         .handler = gdb_handle_set_qemu_phy_mem_mode,
1870         .cmd = "qemu.PhyMemMode:",
1871         .cmd_startswith = 1,
1872         .schema = "l0"
1873     },
1874 #endif
1875 #if defined(CONFIG_USER_ONLY)
1876     {
1877         .handler = gdb_handle_set_catch_syscalls,
1878         .cmd = "CatchSyscalls:",
1879         .cmd_startswith = 1,
1880         .schema = "s0",
1881     },
1882 #endif
1883 };
1884 
1885 static void handle_gen_query(GArray *params, void *user_ctx)
1886 {
1887     if (!params->len) {
1888         return;
1889     }
1890 
1891     if (!process_string_cmd(get_param(params, 0)->data,
1892                             gdb_gen_query_set_common_table,
1893                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1894         return;
1895     }
1896 
1897     if (process_string_cmd(get_param(params, 0)->data,
1898                            gdb_gen_query_table,
1899                            ARRAY_SIZE(gdb_gen_query_table))) {
1900         gdb_put_packet("");
1901     }
1902 }
1903 
1904 static void handle_gen_set(GArray *params, void *user_ctx)
1905 {
1906     if (!params->len) {
1907         return;
1908     }
1909 
1910     if (!process_string_cmd(get_param(params, 0)->data,
1911                             gdb_gen_query_set_common_table,
1912                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1913         return;
1914     }
1915 
1916     if (process_string_cmd(get_param(params, 0)->data,
1917                            gdb_gen_set_table,
1918                            ARRAY_SIZE(gdb_gen_set_table))) {
1919         gdb_put_packet("");
1920     }
1921 }
1922 
1923 static void handle_target_halt(GArray *params, void *user_ctx)
1924 {
1925     if (gdbserver_state.allow_stop_reply) {
1926         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1927         gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
1928         g_string_append_c(gdbserver_state.str_buf, ';');
1929         gdb_put_strbuf();
1930         gdbserver_state.allow_stop_reply = false;
1931     }
1932     /*
1933      * Remove all the breakpoints when this query is issued,
1934      * because gdb is doing an initial connect and the state
1935      * should be cleaned up.
1936      */
1937     gdb_breakpoint_remove_all(gdbserver_state.c_cpu);
1938 }
1939 
1940 static int gdb_handle_packet(const char *line_buf)
1941 {
1942     const GdbCmdParseEntry *cmd_parser = NULL;
1943 
1944     trace_gdbstub_io_command(line_buf);
1945 
1946     switch (line_buf[0]) {
1947     case '!':
1948         gdb_put_packet("OK");
1949         break;
1950     case '?':
1951         {
1952             static const GdbCmdParseEntry target_halted_cmd_desc = {
1953                 .handler = handle_target_halt,
1954                 .cmd = "?",
1955                 .cmd_startswith = 1,
1956                 .allow_stop_reply = true,
1957             };
1958             cmd_parser = &target_halted_cmd_desc;
1959         }
1960         break;
1961     case 'c':
1962         {
1963             static const GdbCmdParseEntry continue_cmd_desc = {
1964                 .handler = handle_continue,
1965                 .cmd = "c",
1966                 .cmd_startswith = 1,
1967                 .allow_stop_reply = true,
1968                 .schema = "L0"
1969             };
1970             cmd_parser = &continue_cmd_desc;
1971         }
1972         break;
1973     case 'C':
1974         {
1975             static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
1976                 .handler = handle_cont_with_sig,
1977                 .cmd = "C",
1978                 .cmd_startswith = 1,
1979                 .allow_stop_reply = true,
1980                 .schema = "l0"
1981             };
1982             cmd_parser = &cont_with_sig_cmd_desc;
1983         }
1984         break;
1985     case 'v':
1986         {
1987             static const GdbCmdParseEntry v_cmd_desc = {
1988                 .handler = handle_v_commands,
1989                 .cmd = "v",
1990                 .cmd_startswith = 1,
1991                 .schema = "s0"
1992             };
1993             cmd_parser = &v_cmd_desc;
1994         }
1995         break;
1996     case 'k':
1997         /* Kill the target */
1998         error_report("QEMU: Terminated via GDBstub");
1999         gdb_exit(0);
2000         gdb_qemu_exit(0);
2001         break;
2002     case 'D':
2003         {
2004             static const GdbCmdParseEntry detach_cmd_desc = {
2005                 .handler = handle_detach,
2006                 .cmd = "D",
2007                 .cmd_startswith = 1,
2008                 .schema = "?.l0"
2009             };
2010             cmd_parser = &detach_cmd_desc;
2011         }
2012         break;
2013     case 's':
2014         {
2015             static const GdbCmdParseEntry step_cmd_desc = {
2016                 .handler = handle_step,
2017                 .cmd = "s",
2018                 .cmd_startswith = 1,
2019                 .allow_stop_reply = true,
2020                 .schema = "L0"
2021             };
2022             cmd_parser = &step_cmd_desc;
2023         }
2024         break;
2025     case 'b':
2026         {
2027             static const GdbCmdParseEntry backward_cmd_desc = {
2028                 .handler = handle_backward,
2029                 .cmd = "b",
2030                 .cmd_startswith = 1,
2031                 .allow_stop_reply = true,
2032                 .schema = "o0"
2033             };
2034             cmd_parser = &backward_cmd_desc;
2035         }
2036         break;
2037     case 'F':
2038         {
2039             static const GdbCmdParseEntry file_io_cmd_desc = {
2040                 .handler = gdb_handle_file_io,
2041                 .cmd = "F",
2042                 .cmd_startswith = 1,
2043                 .schema = "L,L,o0"
2044             };
2045             cmd_parser = &file_io_cmd_desc;
2046         }
2047         break;
2048     case 'g':
2049         {
2050             static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2051                 .handler = handle_read_all_regs,
2052                 .cmd = "g",
2053                 .cmd_startswith = 1
2054             };
2055             cmd_parser = &read_all_regs_cmd_desc;
2056         }
2057         break;
2058     case 'G':
2059         {
2060             static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2061                 .handler = handle_write_all_regs,
2062                 .cmd = "G",
2063                 .cmd_startswith = 1,
2064                 .schema = "s0"
2065             };
2066             cmd_parser = &write_all_regs_cmd_desc;
2067         }
2068         break;
2069     case 'm':
2070         {
2071             static const GdbCmdParseEntry read_mem_cmd_desc = {
2072                 .handler = handle_read_mem,
2073                 .cmd = "m",
2074                 .cmd_startswith = 1,
2075                 .schema = "L,L0"
2076             };
2077             cmd_parser = &read_mem_cmd_desc;
2078         }
2079         break;
2080     case 'M':
2081         {
2082             static const GdbCmdParseEntry write_mem_cmd_desc = {
2083                 .handler = handle_write_mem,
2084                 .cmd = "M",
2085                 .cmd_startswith = 1,
2086                 .schema = "L,L:s0"
2087             };
2088             cmd_parser = &write_mem_cmd_desc;
2089         }
2090         break;
2091     case 'p':
2092         {
2093             static const GdbCmdParseEntry get_reg_cmd_desc = {
2094                 .handler = handle_get_reg,
2095                 .cmd = "p",
2096                 .cmd_startswith = 1,
2097                 .schema = "L0"
2098             };
2099             cmd_parser = &get_reg_cmd_desc;
2100         }
2101         break;
2102     case 'P':
2103         {
2104             static const GdbCmdParseEntry set_reg_cmd_desc = {
2105                 .handler = handle_set_reg,
2106                 .cmd = "P",
2107                 .cmd_startswith = 1,
2108                 .schema = "L?s0"
2109             };
2110             cmd_parser = &set_reg_cmd_desc;
2111         }
2112         break;
2113     case 'Z':
2114         {
2115             static const GdbCmdParseEntry insert_bp_cmd_desc = {
2116                 .handler = handle_insert_bp,
2117                 .cmd = "Z",
2118                 .cmd_startswith = 1,
2119                 .schema = "l?L?L0"
2120             };
2121             cmd_parser = &insert_bp_cmd_desc;
2122         }
2123         break;
2124     case 'z':
2125         {
2126             static const GdbCmdParseEntry remove_bp_cmd_desc = {
2127                 .handler = handle_remove_bp,
2128                 .cmd = "z",
2129                 .cmd_startswith = 1,
2130                 .schema = "l?L?L0"
2131             };
2132             cmd_parser = &remove_bp_cmd_desc;
2133         }
2134         break;
2135     case 'H':
2136         {
2137             static const GdbCmdParseEntry set_thread_cmd_desc = {
2138                 .handler = handle_set_thread,
2139                 .cmd = "H",
2140                 .cmd_startswith = 1,
2141                 .schema = "o.t0"
2142             };
2143             cmd_parser = &set_thread_cmd_desc;
2144         }
2145         break;
2146     case 'T':
2147         {
2148             static const GdbCmdParseEntry thread_alive_cmd_desc = {
2149                 .handler = handle_thread_alive,
2150                 .cmd = "T",
2151                 .cmd_startswith = 1,
2152                 .schema = "t0"
2153             };
2154             cmd_parser = &thread_alive_cmd_desc;
2155         }
2156         break;
2157     case 'q':
2158         {
2159             static const GdbCmdParseEntry gen_query_cmd_desc = {
2160                 .handler = handle_gen_query,
2161                 .cmd = "q",
2162                 .cmd_startswith = 1,
2163                 .schema = "s0"
2164             };
2165             cmd_parser = &gen_query_cmd_desc;
2166         }
2167         break;
2168     case 'Q':
2169         {
2170             static const GdbCmdParseEntry gen_set_cmd_desc = {
2171                 .handler = handle_gen_set,
2172                 .cmd = "Q",
2173                 .cmd_startswith = 1,
2174                 .schema = "s0"
2175             };
2176             cmd_parser = &gen_set_cmd_desc;
2177         }
2178         break;
2179     default:
2180         /* put empty packet */
2181         gdb_put_packet("");
2182         break;
2183     }
2184 
2185     if (cmd_parser) {
2186         run_cmd_parser(line_buf, cmd_parser);
2187     }
2188 
2189     return RS_IDLE;
2190 }
2191 
2192 void gdb_set_stop_cpu(CPUState *cpu)
2193 {
2194     GDBProcess *p = gdb_get_cpu_process(cpu);
2195 
2196     if (!p->attached) {
2197         /*
2198          * Having a stop CPU corresponding to a process that is not attached
2199          * confuses GDB. So we ignore the request.
2200          */
2201         return;
2202     }
2203 
2204     gdbserver_state.c_cpu = cpu;
2205     gdbserver_state.g_cpu = cpu;
2206 }
2207 
2208 void gdb_read_byte(uint8_t ch)
2209 {
2210     uint8_t reply;
2211 
2212     gdbserver_state.allow_stop_reply = false;
2213 #ifndef CONFIG_USER_ONLY
2214     if (gdbserver_state.last_packet->len) {
2215         /* Waiting for a response to the last packet.  If we see the start
2216            of a new command then abandon the previous response.  */
2217         if (ch == '-') {
2218             trace_gdbstub_err_got_nack();
2219             gdb_put_buffer(gdbserver_state.last_packet->data,
2220                        gdbserver_state.last_packet->len);
2221         } else if (ch == '+') {
2222             trace_gdbstub_io_got_ack();
2223         } else {
2224             trace_gdbstub_io_got_unexpected(ch);
2225         }
2226 
2227         if (ch == '+' || ch == '$') {
2228             g_byte_array_set_size(gdbserver_state.last_packet, 0);
2229         }
2230         if (ch != '$')
2231             return;
2232     }
2233     if (runstate_is_running()) {
2234         /*
2235          * When the CPU is running, we cannot do anything except stop
2236          * it when receiving a char. This is expected on a Ctrl-C in the
2237          * gdb client. Because we are in all-stop mode, gdb sends a
2238          * 0x03 byte which is not a usual packet, so we handle it specially
2239          * here, but it does expect a stop reply.
2240          */
2241         if (ch != 0x03) {
2242             trace_gdbstub_err_unexpected_runpkt(ch);
2243         } else {
2244             gdbserver_state.allow_stop_reply = true;
2245         }
2246         vm_stop(RUN_STATE_PAUSED);
2247     } else
2248 #endif
2249     {
2250         switch(gdbserver_state.state) {
2251         case RS_IDLE:
2252             if (ch == '$') {
2253                 /* start of command packet */
2254                 gdbserver_state.line_buf_index = 0;
2255                 gdbserver_state.line_sum = 0;
2256                 gdbserver_state.state = RS_GETLINE;
2257             } else if (ch == '+') {
2258                 /*
2259                  * do nothing, gdb may preemptively send out ACKs on
2260                  * initial connection
2261                  */
2262             } else {
2263                 trace_gdbstub_err_garbage(ch);
2264             }
2265             break;
2266         case RS_GETLINE:
2267             if (ch == '}') {
2268                 /* start escape sequence */
2269                 gdbserver_state.state = RS_GETLINE_ESC;
2270                 gdbserver_state.line_sum += ch;
2271             } else if (ch == '*') {
2272                 /* start run length encoding sequence */
2273                 gdbserver_state.state = RS_GETLINE_RLE;
2274                 gdbserver_state.line_sum += ch;
2275             } else if (ch == '#') {
2276                 /* end of command, start of checksum*/
2277                 gdbserver_state.state = RS_CHKSUM1;
2278             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2279                 trace_gdbstub_err_overrun();
2280                 gdbserver_state.state = RS_IDLE;
2281             } else {
2282                 /* unescaped command character */
2283                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2284                 gdbserver_state.line_sum += ch;
2285             }
2286             break;
2287         case RS_GETLINE_ESC:
2288             if (ch == '#') {
2289                 /* unexpected end of command in escape sequence */
2290                 gdbserver_state.state = RS_CHKSUM1;
2291             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2292                 /* command buffer overrun */
2293                 trace_gdbstub_err_overrun();
2294                 gdbserver_state.state = RS_IDLE;
2295             } else {
2296                 /* parse escaped character and leave escape state */
2297                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2298                 gdbserver_state.line_sum += ch;
2299                 gdbserver_state.state = RS_GETLINE;
2300             }
2301             break;
2302         case RS_GETLINE_RLE:
2303             /*
2304              * Run-length encoding is explained in "Debugging with GDB /
2305              * Appendix E GDB Remote Serial Protocol / Overview".
2306              */
2307             if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2308                 /* invalid RLE count encoding */
2309                 trace_gdbstub_err_invalid_repeat(ch);
2310                 gdbserver_state.state = RS_GETLINE;
2311             } else {
2312                 /* decode repeat length */
2313                 int repeat = ch - ' ' + 3;
2314                 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2315                     /* that many repeats would overrun the command buffer */
2316                     trace_gdbstub_err_overrun();
2317                     gdbserver_state.state = RS_IDLE;
2318                 } else if (gdbserver_state.line_buf_index < 1) {
2319                     /* got a repeat but we have nothing to repeat */
2320                     trace_gdbstub_err_invalid_rle();
2321                     gdbserver_state.state = RS_GETLINE;
2322                 } else {
2323                     /* repeat the last character */
2324                     memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2325                            gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2326                     gdbserver_state.line_buf_index += repeat;
2327                     gdbserver_state.line_sum += ch;
2328                     gdbserver_state.state = RS_GETLINE;
2329                 }
2330             }
2331             break;
2332         case RS_CHKSUM1:
2333             /* get high hex digit of checksum */
2334             if (!isxdigit(ch)) {
2335                 trace_gdbstub_err_checksum_invalid(ch);
2336                 gdbserver_state.state = RS_GETLINE;
2337                 break;
2338             }
2339             gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2340             gdbserver_state.line_csum = fromhex(ch) << 4;
2341             gdbserver_state.state = RS_CHKSUM2;
2342             break;
2343         case RS_CHKSUM2:
2344             /* get low hex digit of checksum */
2345             if (!isxdigit(ch)) {
2346                 trace_gdbstub_err_checksum_invalid(ch);
2347                 gdbserver_state.state = RS_GETLINE;
2348                 break;
2349             }
2350             gdbserver_state.line_csum |= fromhex(ch);
2351 
2352             if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2353                 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2354                 /* send NAK reply */
2355                 reply = '-';
2356                 gdb_put_buffer(&reply, 1);
2357                 gdbserver_state.state = RS_IDLE;
2358             } else {
2359                 /* send ACK reply */
2360                 reply = '+';
2361                 gdb_put_buffer(&reply, 1);
2362                 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2363             }
2364             break;
2365         default:
2366             abort();
2367         }
2368     }
2369 }
2370 
2371 /*
2372  * Create the process that will contain all the "orphan" CPUs (that are not
2373  * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2374  * be attachable and thus will be invisible to the user.
2375  */
2376 void gdb_create_default_process(GDBState *s)
2377 {
2378     GDBProcess *process;
2379     int pid;
2380 
2381 #ifdef CONFIG_USER_ONLY
2382     assert(gdbserver_state.process_num == 0);
2383     pid = getpid();
2384 #else
2385     if (gdbserver_state.process_num) {
2386         pid = s->processes[s->process_num - 1].pid;
2387     } else {
2388         pid = 0;
2389     }
2390     /* We need an available PID slot for this process */
2391     assert(pid < UINT32_MAX);
2392     pid++;
2393 #endif
2394 
2395     s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2396     process = &s->processes[s->process_num - 1];
2397     process->pid = pid;
2398     process->attached = false;
2399     process->target_xml = NULL;
2400 }
2401 
2402