xref: /openbmc/qemu/gdbstub/gdbstub.c (revision 87417811)
1 /*
2  * gdb server stub
3  *
4  * This implements a subset of the remote protocol as described in:
5  *
6  *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7  *
8  * Copyright (c) 2003-2005 Fabrice Bellard
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22  *
23  * SPDX-License-Identifier: LGPL-2.0+
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qemu/ctype.h"
28 #include "qemu/cutils.h"
29 #include "qemu/module.h"
30 #include "qemu/error-report.h"
31 #include "trace.h"
32 #include "exec/gdbstub.h"
33 #include "gdbstub/syscalls.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "gdbstub/user.h"
36 #else
37 #include "hw/cpu/cluster.h"
38 #include "hw/boards.h"
39 #endif
40 
41 #include "sysemu/hw_accel.h"
42 #include "sysemu/runstate.h"
43 #include "exec/replay-core.h"
44 #include "exec/hwaddr.h"
45 
46 #include "internals.h"
47 
48 typedef struct GDBRegisterState {
49     int base_reg;
50     int num_regs;
51     gdb_get_reg_cb get_reg;
52     gdb_set_reg_cb set_reg;
53     const char *xml;
54 } GDBRegisterState;
55 
56 GDBState gdbserver_state;
57 
58 void gdb_init_gdbserver_state(void)
59 {
60     g_assert(!gdbserver_state.init);
61     memset(&gdbserver_state, 0, sizeof(GDBState));
62     gdbserver_state.init = true;
63     gdbserver_state.str_buf = g_string_new(NULL);
64     gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
65     gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
66 
67     /*
68      * What single-step modes are supported is accelerator dependent.
69      * By default try to use no IRQs and no timers while single
70      * stepping so as to make single stepping like a typical ICE HW step.
71      */
72     gdbserver_state.supported_sstep_flags = accel_supported_gdbstub_sstep_flags();
73     gdbserver_state.sstep_flags = SSTEP_ENABLE | SSTEP_NOIRQ | SSTEP_NOTIMER;
74     gdbserver_state.sstep_flags &= gdbserver_state.supported_sstep_flags;
75 }
76 
77 /* writes 2*len+1 bytes in buf */
78 void gdb_memtohex(GString *buf, const uint8_t *mem, int len)
79 {
80     int i, c;
81     for(i = 0; i < len; i++) {
82         c = mem[i];
83         g_string_append_c(buf, tohex(c >> 4));
84         g_string_append_c(buf, tohex(c & 0xf));
85     }
86     g_string_append_c(buf, '\0');
87 }
88 
89 void gdb_hextomem(GByteArray *mem, const char *buf, int len)
90 {
91     int i;
92 
93     for(i = 0; i < len; i++) {
94         guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
95         g_byte_array_append(mem, &byte, 1);
96         buf += 2;
97     }
98 }
99 
100 static void hexdump(const char *buf, int len,
101                     void (*trace_fn)(size_t ofs, char const *text))
102 {
103     char line_buffer[3 * 16 + 4 + 16 + 1];
104 
105     size_t i;
106     for (i = 0; i < len || (i & 0xF); ++i) {
107         size_t byte_ofs = i & 15;
108 
109         if (byte_ofs == 0) {
110             memset(line_buffer, ' ', 3 * 16 + 4 + 16);
111             line_buffer[3 * 16 + 4 + 16] = 0;
112         }
113 
114         size_t col_group = (i >> 2) & 3;
115         size_t hex_col = byte_ofs * 3 + col_group;
116         size_t txt_col = 3 * 16 + 4 + byte_ofs;
117 
118         if (i < len) {
119             char value = buf[i];
120 
121             line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
122             line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
123             line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
124                     ? value
125                     : '.';
126         }
127 
128         if (byte_ofs == 0xF)
129             trace_fn(i & -16, line_buffer);
130     }
131 }
132 
133 /* return -1 if error, 0 if OK */
134 int gdb_put_packet_binary(const char *buf, int len, bool dump)
135 {
136     int csum, i;
137     uint8_t footer[3];
138 
139     if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
140         hexdump(buf, len, trace_gdbstub_io_binaryreply);
141     }
142 
143     for(;;) {
144         g_byte_array_set_size(gdbserver_state.last_packet, 0);
145         g_byte_array_append(gdbserver_state.last_packet,
146                             (const uint8_t *) "$", 1);
147         g_byte_array_append(gdbserver_state.last_packet,
148                             (const uint8_t *) buf, len);
149         csum = 0;
150         for(i = 0; i < len; i++) {
151             csum += buf[i];
152         }
153         footer[0] = '#';
154         footer[1] = tohex((csum >> 4) & 0xf);
155         footer[2] = tohex((csum) & 0xf);
156         g_byte_array_append(gdbserver_state.last_packet, footer, 3);
157 
158         gdb_put_buffer(gdbserver_state.last_packet->data,
159                    gdbserver_state.last_packet->len);
160 
161         if (gdb_got_immediate_ack()) {
162             break;
163         }
164     }
165     return 0;
166 }
167 
168 /* return -1 if error, 0 if OK */
169 int gdb_put_packet(const char *buf)
170 {
171     trace_gdbstub_io_reply(buf);
172 
173     return gdb_put_packet_binary(buf, strlen(buf), false);
174 }
175 
176 void gdb_put_strbuf(void)
177 {
178     gdb_put_packet(gdbserver_state.str_buf->str);
179 }
180 
181 /* Encode data using the encoding for 'x' packets.  */
182 void gdb_memtox(GString *buf, const char *mem, int len)
183 {
184     char c;
185 
186     while (len--) {
187         c = *(mem++);
188         switch (c) {
189         case '#': case '$': case '*': case '}':
190             g_string_append_c(buf, '}');
191             g_string_append_c(buf, c ^ 0x20);
192             break;
193         default:
194             g_string_append_c(buf, c);
195             break;
196         }
197     }
198 }
199 
200 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
201 {
202 #ifdef CONFIG_USER_ONLY
203     return getpid();
204 #else
205     if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
206         /* Return the default process' PID */
207         int index = gdbserver_state.process_num - 1;
208         return gdbserver_state.processes[index].pid;
209     }
210     return cpu->cluster_index + 1;
211 #endif
212 }
213 
214 GDBProcess *gdb_get_process(uint32_t pid)
215 {
216     int i;
217 
218     if (!pid) {
219         /* 0 means any process, we take the first one */
220         return &gdbserver_state.processes[0];
221     }
222 
223     for (i = 0; i < gdbserver_state.process_num; i++) {
224         if (gdbserver_state.processes[i].pid == pid) {
225             return &gdbserver_state.processes[i];
226         }
227     }
228 
229     return NULL;
230 }
231 
232 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
233 {
234     return gdb_get_process(gdb_get_cpu_pid(cpu));
235 }
236 
237 static CPUState *find_cpu(uint32_t thread_id)
238 {
239     CPUState *cpu;
240 
241     CPU_FOREACH(cpu) {
242         if (gdb_get_cpu_index(cpu) == thread_id) {
243             return cpu;
244         }
245     }
246 
247     return NULL;
248 }
249 
250 CPUState *gdb_get_first_cpu_in_process(GDBProcess *process)
251 {
252     CPUState *cpu;
253 
254     CPU_FOREACH(cpu) {
255         if (gdb_get_cpu_pid(cpu) == process->pid) {
256             return cpu;
257         }
258     }
259 
260     return NULL;
261 }
262 
263 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
264 {
265     uint32_t pid = gdb_get_cpu_pid(cpu);
266     cpu = CPU_NEXT(cpu);
267 
268     while (cpu) {
269         if (gdb_get_cpu_pid(cpu) == pid) {
270             break;
271         }
272 
273         cpu = CPU_NEXT(cpu);
274     }
275 
276     return cpu;
277 }
278 
279 /* Return the cpu following @cpu, while ignoring unattached processes. */
280 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
281 {
282     cpu = CPU_NEXT(cpu);
283 
284     while (cpu) {
285         if (gdb_get_cpu_process(cpu)->attached) {
286             break;
287         }
288 
289         cpu = CPU_NEXT(cpu);
290     }
291 
292     return cpu;
293 }
294 
295 /* Return the first attached cpu */
296 CPUState *gdb_first_attached_cpu(void)
297 {
298     CPUState *cpu = first_cpu;
299     GDBProcess *process = gdb_get_cpu_process(cpu);
300 
301     if (!process->attached) {
302         return gdb_next_attached_cpu(cpu);
303     }
304 
305     return cpu;
306 }
307 
308 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
309 {
310     GDBProcess *process;
311     CPUState *cpu;
312 
313     if (!pid && !tid) {
314         /* 0 means any process/thread, we take the first attached one */
315         return gdb_first_attached_cpu();
316     } else if (pid && !tid) {
317         /* any thread in a specific process */
318         process = gdb_get_process(pid);
319 
320         if (process == NULL) {
321             return NULL;
322         }
323 
324         if (!process->attached) {
325             return NULL;
326         }
327 
328         return gdb_get_first_cpu_in_process(process);
329     } else {
330         /* a specific thread */
331         cpu = find_cpu(tid);
332 
333         if (cpu == NULL) {
334             return NULL;
335         }
336 
337         process = gdb_get_cpu_process(cpu);
338 
339         if (pid && process->pid != pid) {
340             return NULL;
341         }
342 
343         if (!process->attached) {
344             return NULL;
345         }
346 
347         return cpu;
348     }
349 }
350 
351 static const char *get_feature_xml(const char *p, const char **newp,
352                                    GDBProcess *process)
353 {
354     CPUState *cpu = gdb_get_first_cpu_in_process(process);
355     CPUClass *cc = CPU_GET_CLASS(cpu);
356     size_t len;
357 
358     /*
359      * qXfer:features:read:ANNEX:OFFSET,LENGTH'
360      *                     ^p    ^newp
361      */
362     char *term = strchr(p, ':');
363     *newp = term + 1;
364     len = term - p;
365 
366     /* Is it the main target xml? */
367     if (strncmp(p, "target.xml", len) == 0) {
368         if (!process->target_xml) {
369             GDBRegisterState *r;
370             g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free);
371 
372             g_ptr_array_add(
373                 xml,
374                 g_strdup("<?xml version=\"1.0\"?>"
375                          "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
376                          "<target>"));
377 
378             if (cc->gdb_arch_name) {
379                 g_ptr_array_add(
380                     xml,
381                     g_markup_printf_escaped("<architecture>%s</architecture>",
382                                             cc->gdb_arch_name(cpu)));
383             }
384             g_ptr_array_add(
385                 xml,
386                 g_markup_printf_escaped("<xi:include href=\"%s\"/>",
387                                         cc->gdb_core_xml_file));
388             for (guint i = 0; i < cpu->gdb_regs->len; i++) {
389                 r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
390                 g_ptr_array_add(
391                     xml,
392                     g_markup_printf_escaped("<xi:include href=\"%s\"/>",
393                                             r->xml));
394             }
395             g_ptr_array_add(xml, g_strdup("</target>"));
396             g_ptr_array_add(xml, NULL);
397 
398             process->target_xml = g_strjoinv(NULL, (void *)xml->pdata);
399         }
400         return process->target_xml;
401     }
402     /* Is it dynamically generated by the target? */
403     if (cc->gdb_get_dynamic_xml) {
404         g_autofree char *xmlname = g_strndup(p, len);
405         const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
406         if (xml) {
407             return xml;
408         }
409     }
410     /* Is it one of the encoded gdb-xml/ files? */
411     for (int i = 0; gdb_static_features[i].xmlname; i++) {
412         const char *name = gdb_static_features[i].xmlname;
413         if ((strncmp(name, p, len) == 0) &&
414             strlen(name) == len) {
415             return gdb_static_features[i].xml;
416         }
417     }
418 
419     /* failed */
420     return NULL;
421 }
422 
423 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
424 {
425     CPUClass *cc = CPU_GET_CLASS(cpu);
426     CPUArchState *env = cpu_env(cpu);
427     GDBRegisterState *r;
428 
429     if (reg < cc->gdb_num_core_regs) {
430         return cc->gdb_read_register(cpu, buf, reg);
431     }
432 
433     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
434         r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
435         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
436             return r->get_reg(env, buf, reg - r->base_reg);
437         }
438     }
439     return 0;
440 }
441 
442 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
443 {
444     CPUClass *cc = CPU_GET_CLASS(cpu);
445     CPUArchState *env = cpu_env(cpu);
446     GDBRegisterState *r;
447 
448     if (reg < cc->gdb_num_core_regs) {
449         return cc->gdb_write_register(cpu, mem_buf, reg);
450     }
451 
452     for (guint i = 0; i < cpu->gdb_regs->len; i++) {
453         r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
454         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
455             return r->set_reg(env, mem_buf, reg - r->base_reg);
456         }
457     }
458     return 0;
459 }
460 
461 void gdb_register_coprocessor(CPUState *cpu,
462                               gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
463                               int num_regs, const char *xml, int g_pos)
464 {
465     GDBRegisterState *s;
466     guint i;
467 
468     if (cpu->gdb_regs) {
469         for (i = 0; i < cpu->gdb_regs->len; i++) {
470             /* Check for duplicates.  */
471             s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
472             if (strcmp(s->xml, xml) == 0) {
473                 return;
474             }
475         }
476     } else {
477         cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
478         i = 0;
479     }
480 
481     g_array_set_size(cpu->gdb_regs, i + 1);
482     s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
483     s->base_reg = cpu->gdb_num_regs;
484     s->num_regs = num_regs;
485     s->get_reg = get_reg;
486     s->set_reg = set_reg;
487     s->xml = xml;
488 
489     /* Add to end of list.  */
490     cpu->gdb_num_regs += num_regs;
491     if (g_pos) {
492         if (g_pos != s->base_reg) {
493             error_report("Error: Bad gdb register numbering for '%s', "
494                          "expected %d got %d", xml, g_pos, s->base_reg);
495         } else {
496             cpu->gdb_num_g_regs = cpu->gdb_num_regs;
497         }
498     }
499 }
500 
501 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
502 {
503     CPUState *cpu = gdb_get_first_cpu_in_process(p);
504 
505     while (cpu) {
506         gdb_breakpoint_remove_all(cpu);
507         cpu = gdb_next_cpu_in_process(cpu);
508     }
509 }
510 
511 
512 static void gdb_set_cpu_pc(vaddr pc)
513 {
514     CPUState *cpu = gdbserver_state.c_cpu;
515 
516     cpu_synchronize_state(cpu);
517     cpu_set_pc(cpu, pc);
518 }
519 
520 void gdb_append_thread_id(CPUState *cpu, GString *buf)
521 {
522     if (gdbserver_state.multiprocess) {
523         g_string_append_printf(buf, "p%02x.%02x",
524                                gdb_get_cpu_pid(cpu), gdb_get_cpu_index(cpu));
525     } else {
526         g_string_append_printf(buf, "%02x", gdb_get_cpu_index(cpu));
527     }
528 }
529 
530 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
531                                       uint32_t *pid, uint32_t *tid)
532 {
533     unsigned long p, t;
534     int ret;
535 
536     if (*buf == 'p') {
537         buf++;
538         ret = qemu_strtoul(buf, &buf, 16, &p);
539 
540         if (ret) {
541             return GDB_READ_THREAD_ERR;
542         }
543 
544         /* Skip '.' */
545         buf++;
546     } else {
547         p = 0;
548     }
549 
550     ret = qemu_strtoul(buf, &buf, 16, &t);
551 
552     if (ret) {
553         return GDB_READ_THREAD_ERR;
554     }
555 
556     *end_buf = buf;
557 
558     if (p == -1) {
559         return GDB_ALL_PROCESSES;
560     }
561 
562     if (pid) {
563         *pid = p;
564     }
565 
566     if (t == -1) {
567         return GDB_ALL_THREADS;
568     }
569 
570     if (tid) {
571         *tid = t;
572     }
573 
574     return GDB_ONE_THREAD;
575 }
576 
577 /**
578  * gdb_handle_vcont - Parses and handles a vCont packet.
579  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
580  *         a format error, 0 on success.
581  */
582 static int gdb_handle_vcont(const char *p)
583 {
584     int res, signal = 0;
585     char cur_action;
586     unsigned long tmp;
587     uint32_t pid, tid;
588     GDBProcess *process;
589     CPUState *cpu;
590     GDBThreadIdKind kind;
591     unsigned int max_cpus = gdb_get_max_cpus();
592     /* uninitialised CPUs stay 0 */
593     g_autofree char *newstates = g_new0(char, max_cpus);
594 
595     /* mark valid CPUs with 1 */
596     CPU_FOREACH(cpu) {
597         newstates[cpu->cpu_index] = 1;
598     }
599 
600     /*
601      * res keeps track of what error we are returning, with -ENOTSUP meaning
602      * that the command is unknown or unsupported, thus returning an empty
603      * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
604      *  or incorrect parameters passed.
605      */
606     res = 0;
607 
608     /*
609      * target_count and last_target keep track of how many CPUs we are going to
610      * step or resume, and a pointer to the state structure of one of them,
611      * respectivelly
612      */
613     int target_count = 0;
614     CPUState *last_target = NULL;
615 
616     while (*p) {
617         if (*p++ != ';') {
618             return -ENOTSUP;
619         }
620 
621         cur_action = *p++;
622         if (cur_action == 'C' || cur_action == 'S') {
623             cur_action = qemu_tolower(cur_action);
624             res = qemu_strtoul(p, &p, 16, &tmp);
625             if (res) {
626                 return res;
627             }
628             signal = gdb_signal_to_target(tmp);
629         } else if (cur_action != 'c' && cur_action != 's') {
630             /* unknown/invalid/unsupported command */
631             return -ENOTSUP;
632         }
633 
634         if (*p == '\0' || *p == ';') {
635             /*
636              * No thread specifier, action is on "all threads". The
637              * specification is unclear regarding the process to act on. We
638              * choose all processes.
639              */
640             kind = GDB_ALL_PROCESSES;
641         } else if (*p++ == ':') {
642             kind = read_thread_id(p, &p, &pid, &tid);
643         } else {
644             return -ENOTSUP;
645         }
646 
647         switch (kind) {
648         case GDB_READ_THREAD_ERR:
649             return -EINVAL;
650 
651         case GDB_ALL_PROCESSES:
652             cpu = gdb_first_attached_cpu();
653             while (cpu) {
654                 if (newstates[cpu->cpu_index] == 1) {
655                     newstates[cpu->cpu_index] = cur_action;
656 
657                     target_count++;
658                     last_target = cpu;
659                 }
660 
661                 cpu = gdb_next_attached_cpu(cpu);
662             }
663             break;
664 
665         case GDB_ALL_THREADS:
666             process = gdb_get_process(pid);
667 
668             if (!process->attached) {
669                 return -EINVAL;
670             }
671 
672             cpu = gdb_get_first_cpu_in_process(process);
673             while (cpu) {
674                 if (newstates[cpu->cpu_index] == 1) {
675                     newstates[cpu->cpu_index] = cur_action;
676 
677                     target_count++;
678                     last_target = cpu;
679                 }
680 
681                 cpu = gdb_next_cpu_in_process(cpu);
682             }
683             break;
684 
685         case GDB_ONE_THREAD:
686             cpu = gdb_get_cpu(pid, tid);
687 
688             /* invalid CPU/thread specified */
689             if (!cpu) {
690                 return -EINVAL;
691             }
692 
693             /* only use if no previous match occourred */
694             if (newstates[cpu->cpu_index] == 1) {
695                 newstates[cpu->cpu_index] = cur_action;
696 
697                 target_count++;
698                 last_target = cpu;
699             }
700             break;
701         }
702     }
703 
704     /*
705      * if we're about to resume a specific set of CPUs/threads, make it so that
706      * in case execution gets interrupted, we can send GDB a stop reply with a
707      * correct value. it doesn't really matter which CPU we tell GDB the signal
708      * happened in (VM pauses stop all of them anyway), so long as it is one of
709      * the ones we resumed/single stepped here.
710      */
711     if (target_count > 0) {
712         gdbserver_state.c_cpu = last_target;
713     }
714 
715     gdbserver_state.signal = signal;
716     gdb_continue_partial(newstates);
717     return res;
718 }
719 
720 static const char *cmd_next_param(const char *param, const char delimiter)
721 {
722     static const char all_delimiters[] = ",;:=";
723     char curr_delimiters[2] = {0};
724     const char *delimiters;
725 
726     if (delimiter == '?') {
727         delimiters = all_delimiters;
728     } else if (delimiter == '0') {
729         return strchr(param, '\0');
730     } else if (delimiter == '.' && *param) {
731         return param + 1;
732     } else {
733         curr_delimiters[0] = delimiter;
734         delimiters = curr_delimiters;
735     }
736 
737     param += strcspn(param, delimiters);
738     if (*param) {
739         param++;
740     }
741     return param;
742 }
743 
744 static int cmd_parse_params(const char *data, const char *schema,
745                             GArray *params)
746 {
747     const char *curr_schema, *curr_data;
748 
749     g_assert(schema);
750     g_assert(params->len == 0);
751 
752     curr_schema = schema;
753     curr_data = data;
754     while (curr_schema[0] && curr_schema[1] && *curr_data) {
755         GdbCmdVariant this_param;
756 
757         switch (curr_schema[0]) {
758         case 'l':
759             if (qemu_strtoul(curr_data, &curr_data, 16,
760                              &this_param.val_ul)) {
761                 return -EINVAL;
762             }
763             curr_data = cmd_next_param(curr_data, curr_schema[1]);
764             g_array_append_val(params, this_param);
765             break;
766         case 'L':
767             if (qemu_strtou64(curr_data, &curr_data, 16,
768                               (uint64_t *)&this_param.val_ull)) {
769                 return -EINVAL;
770             }
771             curr_data = cmd_next_param(curr_data, curr_schema[1]);
772             g_array_append_val(params, this_param);
773             break;
774         case 's':
775             this_param.data = curr_data;
776             curr_data = cmd_next_param(curr_data, curr_schema[1]);
777             g_array_append_val(params, this_param);
778             break;
779         case 'o':
780             this_param.opcode = *(uint8_t *)curr_data;
781             curr_data = cmd_next_param(curr_data, curr_schema[1]);
782             g_array_append_val(params, this_param);
783             break;
784         case 't':
785             this_param.thread_id.kind =
786                 read_thread_id(curr_data, &curr_data,
787                                &this_param.thread_id.pid,
788                                &this_param.thread_id.tid);
789             curr_data = cmd_next_param(curr_data, curr_schema[1]);
790             g_array_append_val(params, this_param);
791             break;
792         case '?':
793             curr_data = cmd_next_param(curr_data, curr_schema[1]);
794             break;
795         default:
796             return -EINVAL;
797         }
798         curr_schema += 2;
799     }
800 
801     return 0;
802 }
803 
804 typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
805 
806 /*
807  * cmd_startswith -> cmd is compared using startswith
808  *
809  * allow_stop_reply -> true iff the gdbstub can respond to this command with a
810  *   "stop reply" packet. The list of commands that accept such response is
811  *   defined at the GDB Remote Serial Protocol documentation. see:
812  *   https://sourceware.org/gdb/onlinedocs/gdb/Stop-Reply-Packets.html#Stop-Reply-Packets.
813  *
814  * schema definitions:
815  * Each schema parameter entry consists of 2 chars,
816  * the first char represents the parameter type handling
817  * the second char represents the delimiter for the next parameter
818  *
819  * Currently supported schema types:
820  * 'l' -> unsigned long (stored in .val_ul)
821  * 'L' -> unsigned long long (stored in .val_ull)
822  * 's' -> string (stored in .data)
823  * 'o' -> single char (stored in .opcode)
824  * 't' -> thread id (stored in .thread_id)
825  * '?' -> skip according to delimiter
826  *
827  * Currently supported delimiters:
828  * '?' -> Stop at any delimiter (",;:=\0")
829  * '0' -> Stop at "\0"
830  * '.' -> Skip 1 char unless reached "\0"
831  * Any other value is treated as the delimiter value itself
832  */
833 typedef struct GdbCmdParseEntry {
834     GdbCmdHandler handler;
835     const char *cmd;
836     bool cmd_startswith;
837     const char *schema;
838     bool allow_stop_reply;
839 } GdbCmdParseEntry;
840 
841 static inline int startswith(const char *string, const char *pattern)
842 {
843   return !strncmp(string, pattern, strlen(pattern));
844 }
845 
846 static int process_string_cmd(const char *data,
847                               const GdbCmdParseEntry *cmds, int num_cmds)
848 {
849     int i;
850     g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
851 
852     if (!cmds) {
853         return -1;
854     }
855 
856     for (i = 0; i < num_cmds; i++) {
857         const GdbCmdParseEntry *cmd = &cmds[i];
858         g_assert(cmd->handler && cmd->cmd);
859 
860         if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
861             (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
862             continue;
863         }
864 
865         if (cmd->schema) {
866             if (cmd_parse_params(&data[strlen(cmd->cmd)],
867                                  cmd->schema, params)) {
868                 return -1;
869             }
870         }
871 
872         gdbserver_state.allow_stop_reply = cmd->allow_stop_reply;
873         cmd->handler(params, NULL);
874         return 0;
875     }
876 
877     return -1;
878 }
879 
880 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
881 {
882     if (!data) {
883         return;
884     }
885 
886     g_string_set_size(gdbserver_state.str_buf, 0);
887     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
888 
889     /* In case there was an error during the command parsing we must
890     * send a NULL packet to indicate the command is not supported */
891     if (process_string_cmd(data, cmd, 1)) {
892         gdb_put_packet("");
893     }
894 }
895 
896 static void handle_detach(GArray *params, void *user_ctx)
897 {
898     GDBProcess *process;
899     uint32_t pid = 1;
900 
901     if (gdbserver_state.multiprocess) {
902         if (!params->len) {
903             gdb_put_packet("E22");
904             return;
905         }
906 
907         pid = get_param(params, 0)->val_ul;
908     }
909 
910     process = gdb_get_process(pid);
911     gdb_process_breakpoint_remove_all(process);
912     process->attached = false;
913 
914     if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
915         gdbserver_state.c_cpu = gdb_first_attached_cpu();
916     }
917 
918     if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
919         gdbserver_state.g_cpu = gdb_first_attached_cpu();
920     }
921 
922     if (!gdbserver_state.c_cpu) {
923         /* No more process attached */
924         gdb_disable_syscalls();
925         gdb_continue();
926     }
927     gdb_put_packet("OK");
928 }
929 
930 static void handle_thread_alive(GArray *params, void *user_ctx)
931 {
932     CPUState *cpu;
933 
934     if (!params->len) {
935         gdb_put_packet("E22");
936         return;
937     }
938 
939     if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
940         gdb_put_packet("E22");
941         return;
942     }
943 
944     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
945                       get_param(params, 0)->thread_id.tid);
946     if (!cpu) {
947         gdb_put_packet("E22");
948         return;
949     }
950 
951     gdb_put_packet("OK");
952 }
953 
954 static void handle_continue(GArray *params, void *user_ctx)
955 {
956     if (params->len) {
957         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
958     }
959 
960     gdbserver_state.signal = 0;
961     gdb_continue();
962 }
963 
964 static void handle_cont_with_sig(GArray *params, void *user_ctx)
965 {
966     unsigned long signal = 0;
967 
968     /*
969      * Note: C sig;[addr] is currently unsupported and we simply
970      *       omit the addr parameter
971      */
972     if (params->len) {
973         signal = get_param(params, 0)->val_ul;
974     }
975 
976     gdbserver_state.signal = gdb_signal_to_target(signal);
977     if (gdbserver_state.signal == -1) {
978         gdbserver_state.signal = 0;
979     }
980     gdb_continue();
981 }
982 
983 static void handle_set_thread(GArray *params, void *user_ctx)
984 {
985     CPUState *cpu;
986 
987     if (params->len != 2) {
988         gdb_put_packet("E22");
989         return;
990     }
991 
992     if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
993         gdb_put_packet("E22");
994         return;
995     }
996 
997     if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
998         gdb_put_packet("OK");
999         return;
1000     }
1001 
1002     cpu = gdb_get_cpu(get_param(params, 1)->thread_id.pid,
1003                       get_param(params, 1)->thread_id.tid);
1004     if (!cpu) {
1005         gdb_put_packet("E22");
1006         return;
1007     }
1008 
1009     /*
1010      * Note: This command is deprecated and modern gdb's will be using the
1011      *       vCont command instead.
1012      */
1013     switch (get_param(params, 0)->opcode) {
1014     case 'c':
1015         gdbserver_state.c_cpu = cpu;
1016         gdb_put_packet("OK");
1017         break;
1018     case 'g':
1019         gdbserver_state.g_cpu = cpu;
1020         gdb_put_packet("OK");
1021         break;
1022     default:
1023         gdb_put_packet("E22");
1024         break;
1025     }
1026 }
1027 
1028 static void handle_insert_bp(GArray *params, void *user_ctx)
1029 {
1030     int res;
1031 
1032     if (params->len != 3) {
1033         gdb_put_packet("E22");
1034         return;
1035     }
1036 
1037     res = gdb_breakpoint_insert(gdbserver_state.c_cpu,
1038                                 get_param(params, 0)->val_ul,
1039                                 get_param(params, 1)->val_ull,
1040                                 get_param(params, 2)->val_ull);
1041     if (res >= 0) {
1042         gdb_put_packet("OK");
1043         return;
1044     } else if (res == -ENOSYS) {
1045         gdb_put_packet("");
1046         return;
1047     }
1048 
1049     gdb_put_packet("E22");
1050 }
1051 
1052 static void handle_remove_bp(GArray *params, void *user_ctx)
1053 {
1054     int res;
1055 
1056     if (params->len != 3) {
1057         gdb_put_packet("E22");
1058         return;
1059     }
1060 
1061     res = gdb_breakpoint_remove(gdbserver_state.c_cpu,
1062                                 get_param(params, 0)->val_ul,
1063                                 get_param(params, 1)->val_ull,
1064                                 get_param(params, 2)->val_ull);
1065     if (res >= 0) {
1066         gdb_put_packet("OK");
1067         return;
1068     } else if (res == -ENOSYS) {
1069         gdb_put_packet("");
1070         return;
1071     }
1072 
1073     gdb_put_packet("E22");
1074 }
1075 
1076 /*
1077  * handle_set/get_reg
1078  *
1079  * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1080  * This works, but can be very slow. Anything new enough to understand
1081  * XML also knows how to use this properly. However to use this we
1082  * need to define a local XML file as well as be talking to a
1083  * reasonably modern gdb. Responding with an empty packet will cause
1084  * the remote gdb to fallback to older methods.
1085  */
1086 
1087 static void handle_set_reg(GArray *params, void *user_ctx)
1088 {
1089     int reg_size;
1090 
1091     if (params->len != 2) {
1092         gdb_put_packet("E22");
1093         return;
1094     }
1095 
1096     reg_size = strlen(get_param(params, 1)->data) / 2;
1097     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1098     gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1099                        get_param(params, 0)->val_ull);
1100     gdb_put_packet("OK");
1101 }
1102 
1103 static void handle_get_reg(GArray *params, void *user_ctx)
1104 {
1105     int reg_size;
1106 
1107     if (!params->len) {
1108         gdb_put_packet("E14");
1109         return;
1110     }
1111 
1112     reg_size = gdb_read_register(gdbserver_state.g_cpu,
1113                                  gdbserver_state.mem_buf,
1114                                  get_param(params, 0)->val_ull);
1115     if (!reg_size) {
1116         gdb_put_packet("E14");
1117         return;
1118     } else {
1119         g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1120     }
1121 
1122     gdb_memtohex(gdbserver_state.str_buf,
1123                  gdbserver_state.mem_buf->data, reg_size);
1124     gdb_put_strbuf();
1125 }
1126 
1127 static void handle_write_mem(GArray *params, void *user_ctx)
1128 {
1129     if (params->len != 3) {
1130         gdb_put_packet("E22");
1131         return;
1132     }
1133 
1134     /* gdb_hextomem() reads 2*len bytes */
1135     if (get_param(params, 1)->val_ull >
1136         strlen(get_param(params, 2)->data) / 2) {
1137         gdb_put_packet("E22");
1138         return;
1139     }
1140 
1141     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1142                  get_param(params, 1)->val_ull);
1143     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1144                                    get_param(params, 0)->val_ull,
1145                                    gdbserver_state.mem_buf->data,
1146                                    gdbserver_state.mem_buf->len, true)) {
1147         gdb_put_packet("E14");
1148         return;
1149     }
1150 
1151     gdb_put_packet("OK");
1152 }
1153 
1154 static void handle_read_mem(GArray *params, void *user_ctx)
1155 {
1156     if (params->len != 2) {
1157         gdb_put_packet("E22");
1158         return;
1159     }
1160 
1161     /* gdb_memtohex() doubles the required space */
1162     if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1163         gdb_put_packet("E22");
1164         return;
1165     }
1166 
1167     g_byte_array_set_size(gdbserver_state.mem_buf,
1168                           get_param(params, 1)->val_ull);
1169 
1170     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1171                                    get_param(params, 0)->val_ull,
1172                                    gdbserver_state.mem_buf->data,
1173                                    gdbserver_state.mem_buf->len, false)) {
1174         gdb_put_packet("E14");
1175         return;
1176     }
1177 
1178     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1179              gdbserver_state.mem_buf->len);
1180     gdb_put_strbuf();
1181 }
1182 
1183 static void handle_write_all_regs(GArray *params, void *user_ctx)
1184 {
1185     int reg_id;
1186     size_t len;
1187     uint8_t *registers;
1188     int reg_size;
1189 
1190     if (!params->len) {
1191         return;
1192     }
1193 
1194     cpu_synchronize_state(gdbserver_state.g_cpu);
1195     len = strlen(get_param(params, 0)->data) / 2;
1196     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1197     registers = gdbserver_state.mem_buf->data;
1198     for (reg_id = 0;
1199          reg_id < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1200          reg_id++) {
1201         reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, reg_id);
1202         len -= reg_size;
1203         registers += reg_size;
1204     }
1205     gdb_put_packet("OK");
1206 }
1207 
1208 static void handle_read_all_regs(GArray *params, void *user_ctx)
1209 {
1210     int reg_id;
1211     size_t len;
1212 
1213     cpu_synchronize_state(gdbserver_state.g_cpu);
1214     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1215     len = 0;
1216     for (reg_id = 0; reg_id < gdbserver_state.g_cpu->gdb_num_g_regs; reg_id++) {
1217         len += gdb_read_register(gdbserver_state.g_cpu,
1218                                  gdbserver_state.mem_buf,
1219                                  reg_id);
1220     }
1221     g_assert(len == gdbserver_state.mem_buf->len);
1222 
1223     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1224     gdb_put_strbuf();
1225 }
1226 
1227 
1228 static void handle_step(GArray *params, void *user_ctx)
1229 {
1230     if (params->len) {
1231         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1232     }
1233 
1234     cpu_single_step(gdbserver_state.c_cpu, gdbserver_state.sstep_flags);
1235     gdb_continue();
1236 }
1237 
1238 static void handle_backward(GArray *params, void *user_ctx)
1239 {
1240     if (!gdb_can_reverse()) {
1241         gdb_put_packet("E22");
1242     }
1243     if (params->len == 1) {
1244         switch (get_param(params, 0)->opcode) {
1245         case 's':
1246             if (replay_reverse_step()) {
1247                 gdb_continue();
1248             } else {
1249                 gdb_put_packet("E14");
1250             }
1251             return;
1252         case 'c':
1253             if (replay_reverse_continue()) {
1254                 gdb_continue();
1255             } else {
1256                 gdb_put_packet("E14");
1257             }
1258             return;
1259         }
1260     }
1261 
1262     /* Default invalid command */
1263     gdb_put_packet("");
1264 }
1265 
1266 static void handle_v_cont_query(GArray *params, void *user_ctx)
1267 {
1268     gdb_put_packet("vCont;c;C;s;S");
1269 }
1270 
1271 static void handle_v_cont(GArray *params, void *user_ctx)
1272 {
1273     int res;
1274 
1275     if (!params->len) {
1276         return;
1277     }
1278 
1279     res = gdb_handle_vcont(get_param(params, 0)->data);
1280     if ((res == -EINVAL) || (res == -ERANGE)) {
1281         gdb_put_packet("E22");
1282     } else if (res) {
1283         gdb_put_packet("");
1284     }
1285 }
1286 
1287 static void handle_v_attach(GArray *params, void *user_ctx)
1288 {
1289     GDBProcess *process;
1290     CPUState *cpu;
1291 
1292     g_string_assign(gdbserver_state.str_buf, "E22");
1293     if (!params->len) {
1294         goto cleanup;
1295     }
1296 
1297     process = gdb_get_process(get_param(params, 0)->val_ul);
1298     if (!process) {
1299         goto cleanup;
1300     }
1301 
1302     cpu = gdb_get_first_cpu_in_process(process);
1303     if (!cpu) {
1304         goto cleanup;
1305     }
1306 
1307     process->attached = true;
1308     gdbserver_state.g_cpu = cpu;
1309     gdbserver_state.c_cpu = cpu;
1310 
1311     if (gdbserver_state.allow_stop_reply) {
1312         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1313         gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1314         g_string_append_c(gdbserver_state.str_buf, ';');
1315         gdbserver_state.allow_stop_reply = false;
1316 cleanup:
1317         gdb_put_strbuf();
1318     }
1319 }
1320 
1321 static void handle_v_kill(GArray *params, void *user_ctx)
1322 {
1323     /* Kill the target */
1324     gdb_put_packet("OK");
1325     error_report("QEMU: Terminated via GDBstub");
1326     gdb_exit(0);
1327     gdb_qemu_exit(0);
1328 }
1329 
1330 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1331     /* Order is important if has same prefix */
1332     {
1333         .handler = handle_v_cont_query,
1334         .cmd = "Cont?",
1335         .cmd_startswith = 1
1336     },
1337     {
1338         .handler = handle_v_cont,
1339         .cmd = "Cont",
1340         .cmd_startswith = 1,
1341         .allow_stop_reply = true,
1342         .schema = "s0"
1343     },
1344     {
1345         .handler = handle_v_attach,
1346         .cmd = "Attach;",
1347         .cmd_startswith = 1,
1348         .allow_stop_reply = true,
1349         .schema = "l0"
1350     },
1351     {
1352         .handler = handle_v_kill,
1353         .cmd = "Kill;",
1354         .cmd_startswith = 1
1355     },
1356 #ifdef CONFIG_USER_ONLY
1357     /*
1358      * Host I/O Packets. See [1] for details.
1359      * [1] https://sourceware.org/gdb/onlinedocs/gdb/Host-I_002fO-Packets.html
1360      */
1361     {
1362         .handler = gdb_handle_v_file_open,
1363         .cmd = "File:open:",
1364         .cmd_startswith = 1,
1365         .schema = "s,L,L0"
1366     },
1367     {
1368         .handler = gdb_handle_v_file_close,
1369         .cmd = "File:close:",
1370         .cmd_startswith = 1,
1371         .schema = "l0"
1372     },
1373     {
1374         .handler = gdb_handle_v_file_pread,
1375         .cmd = "File:pread:",
1376         .cmd_startswith = 1,
1377         .schema = "l,L,L0"
1378     },
1379     {
1380         .handler = gdb_handle_v_file_readlink,
1381         .cmd = "File:readlink:",
1382         .cmd_startswith = 1,
1383         .schema = "s0"
1384     },
1385 #endif
1386 };
1387 
1388 static void handle_v_commands(GArray *params, void *user_ctx)
1389 {
1390     if (!params->len) {
1391         return;
1392     }
1393 
1394     if (process_string_cmd(get_param(params, 0)->data,
1395                            gdb_v_commands_table,
1396                            ARRAY_SIZE(gdb_v_commands_table))) {
1397         gdb_put_packet("");
1398     }
1399 }
1400 
1401 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
1402 {
1403     g_string_printf(gdbserver_state.str_buf, "ENABLE=%x", SSTEP_ENABLE);
1404 
1405     if (gdbserver_state.supported_sstep_flags & SSTEP_NOIRQ) {
1406         g_string_append_printf(gdbserver_state.str_buf, ",NOIRQ=%x",
1407                                SSTEP_NOIRQ);
1408     }
1409 
1410     if (gdbserver_state.supported_sstep_flags & SSTEP_NOTIMER) {
1411         g_string_append_printf(gdbserver_state.str_buf, ",NOTIMER=%x",
1412                                SSTEP_NOTIMER);
1413     }
1414 
1415     gdb_put_strbuf();
1416 }
1417 
1418 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
1419 {
1420     int new_sstep_flags;
1421 
1422     if (!params->len) {
1423         return;
1424     }
1425 
1426     new_sstep_flags = get_param(params, 0)->val_ul;
1427 
1428     if (new_sstep_flags  & ~gdbserver_state.supported_sstep_flags) {
1429         gdb_put_packet("E22");
1430         return;
1431     }
1432 
1433     gdbserver_state.sstep_flags = new_sstep_flags;
1434     gdb_put_packet("OK");
1435 }
1436 
1437 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
1438 {
1439     g_string_printf(gdbserver_state.str_buf, "0x%x",
1440                     gdbserver_state.sstep_flags);
1441     gdb_put_strbuf();
1442 }
1443 
1444 static void handle_query_curr_tid(GArray *params, void *user_ctx)
1445 {
1446     CPUState *cpu;
1447     GDBProcess *process;
1448 
1449     /*
1450      * "Current thread" remains vague in the spec, so always return
1451      * the first thread of the current process (gdb returns the
1452      * first thread).
1453      */
1454     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1455     cpu = gdb_get_first_cpu_in_process(process);
1456     g_string_assign(gdbserver_state.str_buf, "QC");
1457     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1458     gdb_put_strbuf();
1459 }
1460 
1461 static void handle_query_threads(GArray *params, void *user_ctx)
1462 {
1463     if (!gdbserver_state.query_cpu) {
1464         gdb_put_packet("l");
1465         return;
1466     }
1467 
1468     g_string_assign(gdbserver_state.str_buf, "m");
1469     gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
1470     gdb_put_strbuf();
1471     gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
1472 }
1473 
1474 static void handle_query_first_threads(GArray *params, void *user_ctx)
1475 {
1476     gdbserver_state.query_cpu = gdb_first_attached_cpu();
1477     handle_query_threads(params, user_ctx);
1478 }
1479 
1480 static void handle_query_thread_extra(GArray *params, void *user_ctx)
1481 {
1482     g_autoptr(GString) rs = g_string_new(NULL);
1483     CPUState *cpu;
1484 
1485     if (!params->len ||
1486         get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1487         gdb_put_packet("E22");
1488         return;
1489     }
1490 
1491     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1492                       get_param(params, 0)->thread_id.tid);
1493     if (!cpu) {
1494         return;
1495     }
1496 
1497     cpu_synchronize_state(cpu);
1498 
1499     if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
1500         /* Print the CPU model and name in multiprocess mode */
1501         ObjectClass *oc = object_get_class(OBJECT(cpu));
1502         const char *cpu_model = object_class_get_name(oc);
1503         const char *cpu_name =
1504             object_get_canonical_path_component(OBJECT(cpu));
1505         g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
1506                         cpu->halted ? "halted " : "running");
1507     } else {
1508         g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
1509                         cpu->halted ? "halted " : "running");
1510     }
1511     trace_gdbstub_op_extra_info(rs->str);
1512     gdb_memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
1513     gdb_put_strbuf();
1514 }
1515 
1516 static void handle_query_supported(GArray *params, void *user_ctx)
1517 {
1518     CPUClass *cc;
1519 
1520     g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
1521     cc = CPU_GET_CLASS(first_cpu);
1522     if (cc->gdb_core_xml_file) {
1523         g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
1524     }
1525 
1526     if (gdb_can_reverse()) {
1527         g_string_append(gdbserver_state.str_buf,
1528             ";ReverseStep+;ReverseContinue+");
1529     }
1530 
1531 #if defined(CONFIG_USER_ONLY)
1532 #if defined(CONFIG_LINUX)
1533     if (gdbserver_state.c_cpu->opaque) {
1534         g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
1535     }
1536 #endif
1537     g_string_append(gdbserver_state.str_buf, ";qXfer:exec-file:read+");
1538 #endif
1539 
1540     if (params->len &&
1541         strstr(get_param(params, 0)->data, "multiprocess+")) {
1542         gdbserver_state.multiprocess = true;
1543     }
1544 
1545     g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
1546     gdb_put_strbuf();
1547 }
1548 
1549 static void handle_query_xfer_features(GArray *params, void *user_ctx)
1550 {
1551     GDBProcess *process;
1552     CPUClass *cc;
1553     unsigned long len, total_len, addr;
1554     const char *xml;
1555     const char *p;
1556 
1557     if (params->len < 3) {
1558         gdb_put_packet("E22");
1559         return;
1560     }
1561 
1562     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1563     cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
1564     if (!cc->gdb_core_xml_file) {
1565         gdb_put_packet("");
1566         return;
1567     }
1568 
1569     p = get_param(params, 0)->data;
1570     xml = get_feature_xml(p, &p, process);
1571     if (!xml) {
1572         gdb_put_packet("E00");
1573         return;
1574     }
1575 
1576     addr = get_param(params, 1)->val_ul;
1577     len = get_param(params, 2)->val_ul;
1578     total_len = strlen(xml);
1579     if (addr > total_len) {
1580         gdb_put_packet("E00");
1581         return;
1582     }
1583 
1584     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
1585         len = (MAX_PACKET_LENGTH - 5) / 2;
1586     }
1587 
1588     if (len < total_len - addr) {
1589         g_string_assign(gdbserver_state.str_buf, "m");
1590         gdb_memtox(gdbserver_state.str_buf, xml + addr, len);
1591     } else {
1592         g_string_assign(gdbserver_state.str_buf, "l");
1593         gdb_memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
1594     }
1595 
1596     gdb_put_packet_binary(gdbserver_state.str_buf->str,
1597                       gdbserver_state.str_buf->len, true);
1598 }
1599 
1600 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
1601 {
1602     g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
1603 #ifndef CONFIG_USER_ONLY
1604     g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
1605 #endif
1606     gdb_put_strbuf();
1607 }
1608 
1609 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
1610     /* Order is important if has same prefix */
1611     {
1612         .handler = handle_query_qemu_sstepbits,
1613         .cmd = "qemu.sstepbits",
1614     },
1615     {
1616         .handler = handle_query_qemu_sstep,
1617         .cmd = "qemu.sstep",
1618     },
1619     {
1620         .handler = handle_set_qemu_sstep,
1621         .cmd = "qemu.sstep=",
1622         .cmd_startswith = 1,
1623         .schema = "l0"
1624     },
1625 };
1626 
1627 static const GdbCmdParseEntry gdb_gen_query_table[] = {
1628     {
1629         .handler = handle_query_curr_tid,
1630         .cmd = "C",
1631     },
1632     {
1633         .handler = handle_query_threads,
1634         .cmd = "sThreadInfo",
1635     },
1636     {
1637         .handler = handle_query_first_threads,
1638         .cmd = "fThreadInfo",
1639     },
1640     {
1641         .handler = handle_query_thread_extra,
1642         .cmd = "ThreadExtraInfo,",
1643         .cmd_startswith = 1,
1644         .schema = "t0"
1645     },
1646 #ifdef CONFIG_USER_ONLY
1647     {
1648         .handler = gdb_handle_query_offsets,
1649         .cmd = "Offsets",
1650     },
1651 #else
1652     {
1653         .handler = gdb_handle_query_rcmd,
1654         .cmd = "Rcmd,",
1655         .cmd_startswith = 1,
1656         .schema = "s0"
1657     },
1658 #endif
1659     {
1660         .handler = handle_query_supported,
1661         .cmd = "Supported:",
1662         .cmd_startswith = 1,
1663         .schema = "s0"
1664     },
1665     {
1666         .handler = handle_query_supported,
1667         .cmd = "Supported",
1668         .schema = "s0"
1669     },
1670     {
1671         .handler = handle_query_xfer_features,
1672         .cmd = "Xfer:features:read:",
1673         .cmd_startswith = 1,
1674         .schema = "s:l,l0"
1675     },
1676 #if defined(CONFIG_USER_ONLY)
1677 #if defined(CONFIG_LINUX)
1678     {
1679         .handler = gdb_handle_query_xfer_auxv,
1680         .cmd = "Xfer:auxv:read::",
1681         .cmd_startswith = 1,
1682         .schema = "l,l0"
1683     },
1684 #endif
1685     {
1686         .handler = gdb_handle_query_xfer_exec_file,
1687         .cmd = "Xfer:exec-file:read:",
1688         .cmd_startswith = 1,
1689         .schema = "l:l,l0"
1690     },
1691 #endif
1692     {
1693         .handler = gdb_handle_query_attached,
1694         .cmd = "Attached:",
1695         .cmd_startswith = 1
1696     },
1697     {
1698         .handler = gdb_handle_query_attached,
1699         .cmd = "Attached",
1700     },
1701     {
1702         .handler = handle_query_qemu_supported,
1703         .cmd = "qemu.Supported",
1704     },
1705 #ifndef CONFIG_USER_ONLY
1706     {
1707         .handler = gdb_handle_query_qemu_phy_mem_mode,
1708         .cmd = "qemu.PhyMemMode",
1709     },
1710 #endif
1711 };
1712 
1713 static const GdbCmdParseEntry gdb_gen_set_table[] = {
1714     /* Order is important if has same prefix */
1715     {
1716         .handler = handle_set_qemu_sstep,
1717         .cmd = "qemu.sstep:",
1718         .cmd_startswith = 1,
1719         .schema = "l0"
1720     },
1721 #ifndef CONFIG_USER_ONLY
1722     {
1723         .handler = gdb_handle_set_qemu_phy_mem_mode,
1724         .cmd = "qemu.PhyMemMode:",
1725         .cmd_startswith = 1,
1726         .schema = "l0"
1727     },
1728 #endif
1729 };
1730 
1731 static void handle_gen_query(GArray *params, void *user_ctx)
1732 {
1733     if (!params->len) {
1734         return;
1735     }
1736 
1737     if (!process_string_cmd(get_param(params, 0)->data,
1738                             gdb_gen_query_set_common_table,
1739                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1740         return;
1741     }
1742 
1743     if (process_string_cmd(get_param(params, 0)->data,
1744                            gdb_gen_query_table,
1745                            ARRAY_SIZE(gdb_gen_query_table))) {
1746         gdb_put_packet("");
1747     }
1748 }
1749 
1750 static void handle_gen_set(GArray *params, void *user_ctx)
1751 {
1752     if (!params->len) {
1753         return;
1754     }
1755 
1756     if (!process_string_cmd(get_param(params, 0)->data,
1757                             gdb_gen_query_set_common_table,
1758                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1759         return;
1760     }
1761 
1762     if (process_string_cmd(get_param(params, 0)->data,
1763                            gdb_gen_set_table,
1764                            ARRAY_SIZE(gdb_gen_set_table))) {
1765         gdb_put_packet("");
1766     }
1767 }
1768 
1769 static void handle_target_halt(GArray *params, void *user_ctx)
1770 {
1771     if (gdbserver_state.allow_stop_reply) {
1772         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1773         gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
1774         g_string_append_c(gdbserver_state.str_buf, ';');
1775         gdb_put_strbuf();
1776         gdbserver_state.allow_stop_reply = false;
1777     }
1778     /*
1779      * Remove all the breakpoints when this query is issued,
1780      * because gdb is doing an initial connect and the state
1781      * should be cleaned up.
1782      */
1783     gdb_breakpoint_remove_all(gdbserver_state.c_cpu);
1784 }
1785 
1786 static int gdb_handle_packet(const char *line_buf)
1787 {
1788     const GdbCmdParseEntry *cmd_parser = NULL;
1789 
1790     trace_gdbstub_io_command(line_buf);
1791 
1792     switch (line_buf[0]) {
1793     case '!':
1794         gdb_put_packet("OK");
1795         break;
1796     case '?':
1797         {
1798             static const GdbCmdParseEntry target_halted_cmd_desc = {
1799                 .handler = handle_target_halt,
1800                 .cmd = "?",
1801                 .cmd_startswith = 1,
1802                 .allow_stop_reply = true,
1803             };
1804             cmd_parser = &target_halted_cmd_desc;
1805         }
1806         break;
1807     case 'c':
1808         {
1809             static const GdbCmdParseEntry continue_cmd_desc = {
1810                 .handler = handle_continue,
1811                 .cmd = "c",
1812                 .cmd_startswith = 1,
1813                 .allow_stop_reply = true,
1814                 .schema = "L0"
1815             };
1816             cmd_parser = &continue_cmd_desc;
1817         }
1818         break;
1819     case 'C':
1820         {
1821             static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
1822                 .handler = handle_cont_with_sig,
1823                 .cmd = "C",
1824                 .cmd_startswith = 1,
1825                 .allow_stop_reply = true,
1826                 .schema = "l0"
1827             };
1828             cmd_parser = &cont_with_sig_cmd_desc;
1829         }
1830         break;
1831     case 'v':
1832         {
1833             static const GdbCmdParseEntry v_cmd_desc = {
1834                 .handler = handle_v_commands,
1835                 .cmd = "v",
1836                 .cmd_startswith = 1,
1837                 .schema = "s0"
1838             };
1839             cmd_parser = &v_cmd_desc;
1840         }
1841         break;
1842     case 'k':
1843         /* Kill the target */
1844         error_report("QEMU: Terminated via GDBstub");
1845         gdb_exit(0);
1846         gdb_qemu_exit(0);
1847         break;
1848     case 'D':
1849         {
1850             static const GdbCmdParseEntry detach_cmd_desc = {
1851                 .handler = handle_detach,
1852                 .cmd = "D",
1853                 .cmd_startswith = 1,
1854                 .schema = "?.l0"
1855             };
1856             cmd_parser = &detach_cmd_desc;
1857         }
1858         break;
1859     case 's':
1860         {
1861             static const GdbCmdParseEntry step_cmd_desc = {
1862                 .handler = handle_step,
1863                 .cmd = "s",
1864                 .cmd_startswith = 1,
1865                 .allow_stop_reply = true,
1866                 .schema = "L0"
1867             };
1868             cmd_parser = &step_cmd_desc;
1869         }
1870         break;
1871     case 'b':
1872         {
1873             static const GdbCmdParseEntry backward_cmd_desc = {
1874                 .handler = handle_backward,
1875                 .cmd = "b",
1876                 .cmd_startswith = 1,
1877                 .allow_stop_reply = true,
1878                 .schema = "o0"
1879             };
1880             cmd_parser = &backward_cmd_desc;
1881         }
1882         break;
1883     case 'F':
1884         {
1885             static const GdbCmdParseEntry file_io_cmd_desc = {
1886                 .handler = gdb_handle_file_io,
1887                 .cmd = "F",
1888                 .cmd_startswith = 1,
1889                 .schema = "L,L,o0"
1890             };
1891             cmd_parser = &file_io_cmd_desc;
1892         }
1893         break;
1894     case 'g':
1895         {
1896             static const GdbCmdParseEntry read_all_regs_cmd_desc = {
1897                 .handler = handle_read_all_regs,
1898                 .cmd = "g",
1899                 .cmd_startswith = 1
1900             };
1901             cmd_parser = &read_all_regs_cmd_desc;
1902         }
1903         break;
1904     case 'G':
1905         {
1906             static const GdbCmdParseEntry write_all_regs_cmd_desc = {
1907                 .handler = handle_write_all_regs,
1908                 .cmd = "G",
1909                 .cmd_startswith = 1,
1910                 .schema = "s0"
1911             };
1912             cmd_parser = &write_all_regs_cmd_desc;
1913         }
1914         break;
1915     case 'm':
1916         {
1917             static const GdbCmdParseEntry read_mem_cmd_desc = {
1918                 .handler = handle_read_mem,
1919                 .cmd = "m",
1920                 .cmd_startswith = 1,
1921                 .schema = "L,L0"
1922             };
1923             cmd_parser = &read_mem_cmd_desc;
1924         }
1925         break;
1926     case 'M':
1927         {
1928             static const GdbCmdParseEntry write_mem_cmd_desc = {
1929                 .handler = handle_write_mem,
1930                 .cmd = "M",
1931                 .cmd_startswith = 1,
1932                 .schema = "L,L:s0"
1933             };
1934             cmd_parser = &write_mem_cmd_desc;
1935         }
1936         break;
1937     case 'p':
1938         {
1939             static const GdbCmdParseEntry get_reg_cmd_desc = {
1940                 .handler = handle_get_reg,
1941                 .cmd = "p",
1942                 .cmd_startswith = 1,
1943                 .schema = "L0"
1944             };
1945             cmd_parser = &get_reg_cmd_desc;
1946         }
1947         break;
1948     case 'P':
1949         {
1950             static const GdbCmdParseEntry set_reg_cmd_desc = {
1951                 .handler = handle_set_reg,
1952                 .cmd = "P",
1953                 .cmd_startswith = 1,
1954                 .schema = "L?s0"
1955             };
1956             cmd_parser = &set_reg_cmd_desc;
1957         }
1958         break;
1959     case 'Z':
1960         {
1961             static const GdbCmdParseEntry insert_bp_cmd_desc = {
1962                 .handler = handle_insert_bp,
1963                 .cmd = "Z",
1964                 .cmd_startswith = 1,
1965                 .schema = "l?L?L0"
1966             };
1967             cmd_parser = &insert_bp_cmd_desc;
1968         }
1969         break;
1970     case 'z':
1971         {
1972             static const GdbCmdParseEntry remove_bp_cmd_desc = {
1973                 .handler = handle_remove_bp,
1974                 .cmd = "z",
1975                 .cmd_startswith = 1,
1976                 .schema = "l?L?L0"
1977             };
1978             cmd_parser = &remove_bp_cmd_desc;
1979         }
1980         break;
1981     case 'H':
1982         {
1983             static const GdbCmdParseEntry set_thread_cmd_desc = {
1984                 .handler = handle_set_thread,
1985                 .cmd = "H",
1986                 .cmd_startswith = 1,
1987                 .schema = "o.t0"
1988             };
1989             cmd_parser = &set_thread_cmd_desc;
1990         }
1991         break;
1992     case 'T':
1993         {
1994             static const GdbCmdParseEntry thread_alive_cmd_desc = {
1995                 .handler = handle_thread_alive,
1996                 .cmd = "T",
1997                 .cmd_startswith = 1,
1998                 .schema = "t0"
1999             };
2000             cmd_parser = &thread_alive_cmd_desc;
2001         }
2002         break;
2003     case 'q':
2004         {
2005             static const GdbCmdParseEntry gen_query_cmd_desc = {
2006                 .handler = handle_gen_query,
2007                 .cmd = "q",
2008                 .cmd_startswith = 1,
2009                 .schema = "s0"
2010             };
2011             cmd_parser = &gen_query_cmd_desc;
2012         }
2013         break;
2014     case 'Q':
2015         {
2016             static const GdbCmdParseEntry gen_set_cmd_desc = {
2017                 .handler = handle_gen_set,
2018                 .cmd = "Q",
2019                 .cmd_startswith = 1,
2020                 .schema = "s0"
2021             };
2022             cmd_parser = &gen_set_cmd_desc;
2023         }
2024         break;
2025     default:
2026         /* put empty packet */
2027         gdb_put_packet("");
2028         break;
2029     }
2030 
2031     if (cmd_parser) {
2032         run_cmd_parser(line_buf, cmd_parser);
2033     }
2034 
2035     return RS_IDLE;
2036 }
2037 
2038 void gdb_set_stop_cpu(CPUState *cpu)
2039 {
2040     GDBProcess *p = gdb_get_cpu_process(cpu);
2041 
2042     if (!p->attached) {
2043         /*
2044          * Having a stop CPU corresponding to a process that is not attached
2045          * confuses GDB. So we ignore the request.
2046          */
2047         return;
2048     }
2049 
2050     gdbserver_state.c_cpu = cpu;
2051     gdbserver_state.g_cpu = cpu;
2052 }
2053 
2054 void gdb_read_byte(uint8_t ch)
2055 {
2056     uint8_t reply;
2057 
2058     gdbserver_state.allow_stop_reply = false;
2059 #ifndef CONFIG_USER_ONLY
2060     if (gdbserver_state.last_packet->len) {
2061         /* Waiting for a response to the last packet.  If we see the start
2062            of a new command then abandon the previous response.  */
2063         if (ch == '-') {
2064             trace_gdbstub_err_got_nack();
2065             gdb_put_buffer(gdbserver_state.last_packet->data,
2066                        gdbserver_state.last_packet->len);
2067         } else if (ch == '+') {
2068             trace_gdbstub_io_got_ack();
2069         } else {
2070             trace_gdbstub_io_got_unexpected(ch);
2071         }
2072 
2073         if (ch == '+' || ch == '$') {
2074             g_byte_array_set_size(gdbserver_state.last_packet, 0);
2075         }
2076         if (ch != '$')
2077             return;
2078     }
2079     if (runstate_is_running()) {
2080         /*
2081          * When the CPU is running, we cannot do anything except stop
2082          * it when receiving a char. This is expected on a Ctrl-C in the
2083          * gdb client. Because we are in all-stop mode, gdb sends a
2084          * 0x03 byte which is not a usual packet, so we handle it specially
2085          * here, but it does expect a stop reply.
2086          */
2087         if (ch != 0x03) {
2088             trace_gdbstub_err_unexpected_runpkt(ch);
2089         } else {
2090             gdbserver_state.allow_stop_reply = true;
2091         }
2092         vm_stop(RUN_STATE_PAUSED);
2093     } else
2094 #endif
2095     {
2096         switch(gdbserver_state.state) {
2097         case RS_IDLE:
2098             if (ch == '$') {
2099                 /* start of command packet */
2100                 gdbserver_state.line_buf_index = 0;
2101                 gdbserver_state.line_sum = 0;
2102                 gdbserver_state.state = RS_GETLINE;
2103             } else if (ch == '+') {
2104                 /*
2105                  * do nothing, gdb may preemptively send out ACKs on
2106                  * initial connection
2107                  */
2108             } else {
2109                 trace_gdbstub_err_garbage(ch);
2110             }
2111             break;
2112         case RS_GETLINE:
2113             if (ch == '}') {
2114                 /* start escape sequence */
2115                 gdbserver_state.state = RS_GETLINE_ESC;
2116                 gdbserver_state.line_sum += ch;
2117             } else if (ch == '*') {
2118                 /* start run length encoding sequence */
2119                 gdbserver_state.state = RS_GETLINE_RLE;
2120                 gdbserver_state.line_sum += ch;
2121             } else if (ch == '#') {
2122                 /* end of command, start of checksum*/
2123                 gdbserver_state.state = RS_CHKSUM1;
2124             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2125                 trace_gdbstub_err_overrun();
2126                 gdbserver_state.state = RS_IDLE;
2127             } else {
2128                 /* unescaped command character */
2129                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2130                 gdbserver_state.line_sum += ch;
2131             }
2132             break;
2133         case RS_GETLINE_ESC:
2134             if (ch == '#') {
2135                 /* unexpected end of command in escape sequence */
2136                 gdbserver_state.state = RS_CHKSUM1;
2137             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2138                 /* command buffer overrun */
2139                 trace_gdbstub_err_overrun();
2140                 gdbserver_state.state = RS_IDLE;
2141             } else {
2142                 /* parse escaped character and leave escape state */
2143                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2144                 gdbserver_state.line_sum += ch;
2145                 gdbserver_state.state = RS_GETLINE;
2146             }
2147             break;
2148         case RS_GETLINE_RLE:
2149             /*
2150              * Run-length encoding is explained in "Debugging with GDB /
2151              * Appendix E GDB Remote Serial Protocol / Overview".
2152              */
2153             if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2154                 /* invalid RLE count encoding */
2155                 trace_gdbstub_err_invalid_repeat(ch);
2156                 gdbserver_state.state = RS_GETLINE;
2157             } else {
2158                 /* decode repeat length */
2159                 int repeat = ch - ' ' + 3;
2160                 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2161                     /* that many repeats would overrun the command buffer */
2162                     trace_gdbstub_err_overrun();
2163                     gdbserver_state.state = RS_IDLE;
2164                 } else if (gdbserver_state.line_buf_index < 1) {
2165                     /* got a repeat but we have nothing to repeat */
2166                     trace_gdbstub_err_invalid_rle();
2167                     gdbserver_state.state = RS_GETLINE;
2168                 } else {
2169                     /* repeat the last character */
2170                     memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2171                            gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2172                     gdbserver_state.line_buf_index += repeat;
2173                     gdbserver_state.line_sum += ch;
2174                     gdbserver_state.state = RS_GETLINE;
2175                 }
2176             }
2177             break;
2178         case RS_CHKSUM1:
2179             /* get high hex digit of checksum */
2180             if (!isxdigit(ch)) {
2181                 trace_gdbstub_err_checksum_invalid(ch);
2182                 gdbserver_state.state = RS_GETLINE;
2183                 break;
2184             }
2185             gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2186             gdbserver_state.line_csum = fromhex(ch) << 4;
2187             gdbserver_state.state = RS_CHKSUM2;
2188             break;
2189         case RS_CHKSUM2:
2190             /* get low hex digit of checksum */
2191             if (!isxdigit(ch)) {
2192                 trace_gdbstub_err_checksum_invalid(ch);
2193                 gdbserver_state.state = RS_GETLINE;
2194                 break;
2195             }
2196             gdbserver_state.line_csum |= fromhex(ch);
2197 
2198             if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2199                 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2200                 /* send NAK reply */
2201                 reply = '-';
2202                 gdb_put_buffer(&reply, 1);
2203                 gdbserver_state.state = RS_IDLE;
2204             } else {
2205                 /* send ACK reply */
2206                 reply = '+';
2207                 gdb_put_buffer(&reply, 1);
2208                 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2209             }
2210             break;
2211         default:
2212             abort();
2213         }
2214     }
2215 }
2216 
2217 /*
2218  * Create the process that will contain all the "orphan" CPUs (that are not
2219  * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2220  * be attachable and thus will be invisible to the user.
2221  */
2222 void gdb_create_default_process(GDBState *s)
2223 {
2224     GDBProcess *process;
2225     int pid;
2226 
2227 #ifdef CONFIG_USER_ONLY
2228     assert(gdbserver_state.process_num == 0);
2229     pid = getpid();
2230 #else
2231     if (gdbserver_state.process_num) {
2232         pid = s->processes[s->process_num - 1].pid;
2233     } else {
2234         pid = 0;
2235     }
2236     /* We need an available PID slot for this process */
2237     assert(pid < UINT32_MAX);
2238     pid++;
2239 #endif
2240 
2241     s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2242     process = &s->processes[s->process_num - 1];
2243     process->pid = pid;
2244     process->attached = false;
2245     process->target_xml = NULL;
2246 }
2247 
2248