xref: /openbmc/qemu/gdbstub/gdbstub.c (revision f6e33708)
1 /*
2  * gdb server stub
3  *
4  * This implements a subset of the remote protocol as described in:
5  *
6  *   https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7  *
8  * Copyright (c) 2003-2005 Fabrice Bellard
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public
12  * License as published by the Free Software Foundation; either
13  * version 2 of the License, or (at your option) any later version.
14  *
15  * This library is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22  *
23  * SPDX-License-Identifier: LGPL-2.0+
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qemu/ctype.h"
28 #include "qemu/cutils.h"
29 #include "qemu/module.h"
30 #include "qemu/error-report.h"
31 #include "trace.h"
32 #include "exec/gdbstub.h"
33 #include "gdbstub/syscalls.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "gdbstub/user.h"
36 #else
37 #include "hw/cpu/cluster.h"
38 #include "hw/boards.h"
39 #endif
40 
41 #include "sysemu/hw_accel.h"
42 #include "sysemu/runstate.h"
43 #include "exec/replay-core.h"
44 #include "exec/hwaddr.h"
45 
46 #include "internals.h"
47 
48 typedef struct GDBRegisterState {
49     int base_reg;
50     int num_regs;
51     gdb_get_reg_cb get_reg;
52     gdb_set_reg_cb set_reg;
53     const char *xml;
54 } GDBRegisterState;
55 
56 GDBState gdbserver_state;
57 
58 void gdb_init_gdbserver_state(void)
59 {
60     g_assert(!gdbserver_state.init);
61     memset(&gdbserver_state, 0, sizeof(GDBState));
62     gdbserver_state.init = true;
63     gdbserver_state.str_buf = g_string_new(NULL);
64     gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
65     gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
66 
67     /*
68      * What single-step modes are supported is accelerator dependent.
69      * By default try to use no IRQs and no timers while single
70      * stepping so as to make single stepping like a typical ICE HW step.
71      */
72     gdbserver_state.supported_sstep_flags = accel_supported_gdbstub_sstep_flags();
73     gdbserver_state.sstep_flags = SSTEP_ENABLE | SSTEP_NOIRQ | SSTEP_NOTIMER;
74     gdbserver_state.sstep_flags &= gdbserver_state.supported_sstep_flags;
75 }
76 
77 /* writes 2*len+1 bytes in buf */
78 void gdb_memtohex(GString *buf, const uint8_t *mem, int len)
79 {
80     int i, c;
81     for(i = 0; i < len; i++) {
82         c = mem[i];
83         g_string_append_c(buf, tohex(c >> 4));
84         g_string_append_c(buf, tohex(c & 0xf));
85     }
86     g_string_append_c(buf, '\0');
87 }
88 
89 void gdb_hextomem(GByteArray *mem, const char *buf, int len)
90 {
91     int i;
92 
93     for(i = 0; i < len; i++) {
94         guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
95         g_byte_array_append(mem, &byte, 1);
96         buf += 2;
97     }
98 }
99 
100 static void hexdump(const char *buf, int len,
101                     void (*trace_fn)(size_t ofs, char const *text))
102 {
103     char line_buffer[3 * 16 + 4 + 16 + 1];
104 
105     size_t i;
106     for (i = 0; i < len || (i & 0xF); ++i) {
107         size_t byte_ofs = i & 15;
108 
109         if (byte_ofs == 0) {
110             memset(line_buffer, ' ', 3 * 16 + 4 + 16);
111             line_buffer[3 * 16 + 4 + 16] = 0;
112         }
113 
114         size_t col_group = (i >> 2) & 3;
115         size_t hex_col = byte_ofs * 3 + col_group;
116         size_t txt_col = 3 * 16 + 4 + byte_ofs;
117 
118         if (i < len) {
119             char value = buf[i];
120 
121             line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
122             line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
123             line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
124                     ? value
125                     : '.';
126         }
127 
128         if (byte_ofs == 0xF)
129             trace_fn(i & -16, line_buffer);
130     }
131 }
132 
133 /* return -1 if error, 0 if OK */
134 int gdb_put_packet_binary(const char *buf, int len, bool dump)
135 {
136     int csum, i;
137     uint8_t footer[3];
138 
139     if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
140         hexdump(buf, len, trace_gdbstub_io_binaryreply);
141     }
142 
143     for(;;) {
144         g_byte_array_set_size(gdbserver_state.last_packet, 0);
145         g_byte_array_append(gdbserver_state.last_packet,
146                             (const uint8_t *) "$", 1);
147         g_byte_array_append(gdbserver_state.last_packet,
148                             (const uint8_t *) buf, len);
149         csum = 0;
150         for(i = 0; i < len; i++) {
151             csum += buf[i];
152         }
153         footer[0] = '#';
154         footer[1] = tohex((csum >> 4) & 0xf);
155         footer[2] = tohex((csum) & 0xf);
156         g_byte_array_append(gdbserver_state.last_packet, footer, 3);
157 
158         gdb_put_buffer(gdbserver_state.last_packet->data,
159                    gdbserver_state.last_packet->len);
160 
161         if (gdb_got_immediate_ack()) {
162             break;
163         }
164     }
165     return 0;
166 }
167 
168 /* return -1 if error, 0 if OK */
169 int gdb_put_packet(const char *buf)
170 {
171     trace_gdbstub_io_reply(buf);
172 
173     return gdb_put_packet_binary(buf, strlen(buf), false);
174 }
175 
176 void gdb_put_strbuf(void)
177 {
178     gdb_put_packet(gdbserver_state.str_buf->str);
179 }
180 
181 /* Encode data using the encoding for 'x' packets.  */
182 void gdb_memtox(GString *buf, const char *mem, int len)
183 {
184     char c;
185 
186     while (len--) {
187         c = *(mem++);
188         switch (c) {
189         case '#': case '$': case '*': case '}':
190             g_string_append_c(buf, '}');
191             g_string_append_c(buf, c ^ 0x20);
192             break;
193         default:
194             g_string_append_c(buf, c);
195             break;
196         }
197     }
198 }
199 
200 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
201 {
202 #ifdef CONFIG_USER_ONLY
203     return getpid();
204 #else
205     if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
206         /* Return the default process' PID */
207         int index = gdbserver_state.process_num - 1;
208         return gdbserver_state.processes[index].pid;
209     }
210     return cpu->cluster_index + 1;
211 #endif
212 }
213 
214 GDBProcess *gdb_get_process(uint32_t pid)
215 {
216     int i;
217 
218     if (!pid) {
219         /* 0 means any process, we take the first one */
220         return &gdbserver_state.processes[0];
221     }
222 
223     for (i = 0; i < gdbserver_state.process_num; i++) {
224         if (gdbserver_state.processes[i].pid == pid) {
225             return &gdbserver_state.processes[i];
226         }
227     }
228 
229     return NULL;
230 }
231 
232 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
233 {
234     return gdb_get_process(gdb_get_cpu_pid(cpu));
235 }
236 
237 static CPUState *find_cpu(uint32_t thread_id)
238 {
239     CPUState *cpu;
240 
241     CPU_FOREACH(cpu) {
242         if (gdb_get_cpu_index(cpu) == thread_id) {
243             return cpu;
244         }
245     }
246 
247     return NULL;
248 }
249 
250 CPUState *gdb_get_first_cpu_in_process(GDBProcess *process)
251 {
252     CPUState *cpu;
253 
254     CPU_FOREACH(cpu) {
255         if (gdb_get_cpu_pid(cpu) == process->pid) {
256             return cpu;
257         }
258     }
259 
260     return NULL;
261 }
262 
263 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
264 {
265     uint32_t pid = gdb_get_cpu_pid(cpu);
266     cpu = CPU_NEXT(cpu);
267 
268     while (cpu) {
269         if (gdb_get_cpu_pid(cpu) == pid) {
270             break;
271         }
272 
273         cpu = CPU_NEXT(cpu);
274     }
275 
276     return cpu;
277 }
278 
279 /* Return the cpu following @cpu, while ignoring unattached processes. */
280 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
281 {
282     cpu = CPU_NEXT(cpu);
283 
284     while (cpu) {
285         if (gdb_get_cpu_process(cpu)->attached) {
286             break;
287         }
288 
289         cpu = CPU_NEXT(cpu);
290     }
291 
292     return cpu;
293 }
294 
295 /* Return the first attached cpu */
296 CPUState *gdb_first_attached_cpu(void)
297 {
298     CPUState *cpu = first_cpu;
299     GDBProcess *process = gdb_get_cpu_process(cpu);
300 
301     if (!process->attached) {
302         return gdb_next_attached_cpu(cpu);
303     }
304 
305     return cpu;
306 }
307 
308 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
309 {
310     GDBProcess *process;
311     CPUState *cpu;
312 
313     if (!pid && !tid) {
314         /* 0 means any process/thread, we take the first attached one */
315         return gdb_first_attached_cpu();
316     } else if (pid && !tid) {
317         /* any thread in a specific process */
318         process = gdb_get_process(pid);
319 
320         if (process == NULL) {
321             return NULL;
322         }
323 
324         if (!process->attached) {
325             return NULL;
326         }
327 
328         return gdb_get_first_cpu_in_process(process);
329     } else {
330         /* a specific thread */
331         cpu = find_cpu(tid);
332 
333         if (cpu == NULL) {
334             return NULL;
335         }
336 
337         process = gdb_get_cpu_process(cpu);
338 
339         if (pid && process->pid != pid) {
340             return NULL;
341         }
342 
343         if (!process->attached) {
344             return NULL;
345         }
346 
347         return cpu;
348     }
349 }
350 
351 static const char *get_feature_xml(const char *p, const char **newp,
352                                    GDBProcess *process)
353 {
354     CPUState *cpu = gdb_get_first_cpu_in_process(process);
355     CPUClass *cc = CPU_GET_CLASS(cpu);
356     size_t len;
357 
358     /*
359      * qXfer:features:read:ANNEX:OFFSET,LENGTH'
360      *                     ^p    ^newp
361      */
362     char *term = strchr(p, ':');
363     *newp = term + 1;
364     len = term - p;
365 
366     /* Is it the main target xml? */
367     if (strncmp(p, "target.xml", len) == 0) {
368         if (!process->target_xml) {
369             GDBRegisterState *r;
370             g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free);
371 
372             g_ptr_array_add(
373                 xml,
374                 g_strdup("<?xml version=\"1.0\"?>"
375                          "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
376                          "<target>"));
377 
378             if (cc->gdb_arch_name) {
379                 g_ptr_array_add(
380                     xml,
381                     g_markup_printf_escaped("<architecture>%s</architecture>",
382                                             cc->gdb_arch_name(cpu)));
383             }
384             g_ptr_array_add(
385                 xml,
386                 g_markup_printf_escaped("<xi:include href=\"%s\"/>",
387                                         cc->gdb_core_xml_file));
388             if (cpu->gdb_regs) {
389                 for (guint i = 0; i < cpu->gdb_regs->len; i++) {
390                     r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
391                     g_ptr_array_add(
392                         xml,
393                         g_markup_printf_escaped("<xi:include href=\"%s\"/>",
394                                                 r->xml));
395                 }
396             }
397             g_ptr_array_add(xml, g_strdup("</target>"));
398             g_ptr_array_add(xml, NULL);
399 
400             process->target_xml = g_strjoinv(NULL, (void *)xml->pdata);
401         }
402         return process->target_xml;
403     }
404     /* Is it dynamically generated by the target? */
405     if (cc->gdb_get_dynamic_xml) {
406         g_autofree char *xmlname = g_strndup(p, len);
407         const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
408         if (xml) {
409             return xml;
410         }
411     }
412     /* Is it one of the encoded gdb-xml/ files? */
413     for (int i = 0; gdb_static_features[i].xmlname; i++) {
414         const char *name = gdb_static_features[i].xmlname;
415         if ((strncmp(name, p, len) == 0) &&
416             strlen(name) == len) {
417             return gdb_static_features[i].xml;
418         }
419     }
420 
421     /* failed */
422     return NULL;
423 }
424 
425 void gdb_feature_builder_init(GDBFeatureBuilder *builder, GDBFeature *feature,
426                               const char *name, const char *xmlname,
427                               int base_reg)
428 {
429     char *header = g_markup_printf_escaped(
430         "<?xml version=\"1.0\"?>"
431         "<!DOCTYPE feature SYSTEM \"gdb-target.dtd\">"
432         "<feature name=\"%s\">",
433         name);
434 
435     builder->feature = feature;
436     builder->xml = g_ptr_array_new();
437     g_ptr_array_add(builder->xml, header);
438     builder->base_reg = base_reg;
439     feature->xmlname = xmlname;
440     feature->num_regs = 0;
441 }
442 
443 void gdb_feature_builder_append_tag(const GDBFeatureBuilder *builder,
444                                     const char *format, ...)
445 {
446     va_list ap;
447     va_start(ap, format);
448     g_ptr_array_add(builder->xml, g_markup_vprintf_escaped(format, ap));
449     va_end(ap);
450 }
451 
452 void gdb_feature_builder_append_reg(const GDBFeatureBuilder *builder,
453                                     const char *name,
454                                     int bitsize,
455                                     int regnum,
456                                     const char *type,
457                                     const char *group)
458 {
459     if (builder->feature->num_regs < regnum) {
460         builder->feature->num_regs = regnum;
461     }
462 
463     if (group) {
464         gdb_feature_builder_append_tag(
465             builder,
466             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\" group=\"%s\"/>",
467             name, bitsize, builder->base_reg + regnum, type, group);
468     } else {
469         gdb_feature_builder_append_tag(
470             builder,
471             "<reg name=\"%s\" bitsize=\"%d\" regnum=\"%d\" type=\"%s\"/>",
472             name, bitsize, builder->base_reg + regnum, type);
473     }
474 }
475 
476 void gdb_feature_builder_end(const GDBFeatureBuilder *builder)
477 {
478     g_ptr_array_add(builder->xml, (void *)"</feature>");
479     g_ptr_array_add(builder->xml, NULL);
480 
481     builder->feature->xml = g_strjoinv(NULL, (void *)builder->xml->pdata);
482 
483     for (guint i = 0; i < builder->xml->len - 2; i++) {
484         g_free(g_ptr_array_index(builder->xml, i));
485     }
486 
487     g_ptr_array_free(builder->xml, TRUE);
488 }
489 
490 const GDBFeature *gdb_find_static_feature(const char *xmlname)
491 {
492     const GDBFeature *feature;
493 
494     for (feature = gdb_static_features; feature->xmlname; feature++) {
495         if (!strcmp(feature->xmlname, xmlname)) {
496             return feature;
497         }
498     }
499 
500     g_assert_not_reached();
501 }
502 
503 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
504 {
505     CPUClass *cc = CPU_GET_CLASS(cpu);
506     CPUArchState *env = cpu_env(cpu);
507     GDBRegisterState *r;
508 
509     if (reg < cc->gdb_num_core_regs) {
510         return cc->gdb_read_register(cpu, buf, reg);
511     }
512 
513     if (cpu->gdb_regs) {
514         for (guint i = 0; i < cpu->gdb_regs->len; i++) {
515             r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
516             if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
517                 return r->get_reg(env, buf, reg - r->base_reg);
518             }
519         }
520     }
521     return 0;
522 }
523 
524 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
525 {
526     CPUClass *cc = CPU_GET_CLASS(cpu);
527     CPUArchState *env = cpu_env(cpu);
528     GDBRegisterState *r;
529 
530     if (reg < cc->gdb_num_core_regs) {
531         return cc->gdb_write_register(cpu, mem_buf, reg);
532     }
533 
534     if (cpu->gdb_regs) {
535         for (guint i = 0; i < cpu->gdb_regs->len; i++) {
536             r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
537             if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
538                 return r->set_reg(env, mem_buf, reg - r->base_reg);
539             }
540         }
541     }
542     return 0;
543 }
544 
545 void gdb_register_coprocessor(CPUState *cpu,
546                               gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
547                               int num_regs, const char *xml, int g_pos)
548 {
549     GDBRegisterState *s;
550     guint i;
551 
552     if (cpu->gdb_regs) {
553         for (i = 0; i < cpu->gdb_regs->len; i++) {
554             /* Check for duplicates.  */
555             s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
556             if (strcmp(s->xml, xml) == 0) {
557                 return;
558             }
559         }
560     } else {
561         cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
562         i = 0;
563     }
564 
565     g_array_set_size(cpu->gdb_regs, i + 1);
566     s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
567     s->base_reg = cpu->gdb_num_regs;
568     s->num_regs = num_regs;
569     s->get_reg = get_reg;
570     s->set_reg = set_reg;
571     s->xml = xml;
572 
573     /* Add to end of list.  */
574     cpu->gdb_num_regs += num_regs;
575     if (g_pos) {
576         if (g_pos != s->base_reg) {
577             error_report("Error: Bad gdb register numbering for '%s', "
578                          "expected %d got %d", xml, g_pos, s->base_reg);
579         } else {
580             cpu->gdb_num_g_regs = cpu->gdb_num_regs;
581         }
582     }
583 }
584 
585 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
586 {
587     CPUState *cpu = gdb_get_first_cpu_in_process(p);
588 
589     while (cpu) {
590         gdb_breakpoint_remove_all(cpu);
591         cpu = gdb_next_cpu_in_process(cpu);
592     }
593 }
594 
595 
596 static void gdb_set_cpu_pc(vaddr pc)
597 {
598     CPUState *cpu = gdbserver_state.c_cpu;
599 
600     cpu_synchronize_state(cpu);
601     cpu_set_pc(cpu, pc);
602 }
603 
604 void gdb_append_thread_id(CPUState *cpu, GString *buf)
605 {
606     if (gdbserver_state.multiprocess) {
607         g_string_append_printf(buf, "p%02x.%02x",
608                                gdb_get_cpu_pid(cpu), gdb_get_cpu_index(cpu));
609     } else {
610         g_string_append_printf(buf, "%02x", gdb_get_cpu_index(cpu));
611     }
612 }
613 
614 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
615                                       uint32_t *pid, uint32_t *tid)
616 {
617     unsigned long p, t;
618     int ret;
619 
620     if (*buf == 'p') {
621         buf++;
622         ret = qemu_strtoul(buf, &buf, 16, &p);
623 
624         if (ret) {
625             return GDB_READ_THREAD_ERR;
626         }
627 
628         /* Skip '.' */
629         buf++;
630     } else {
631         p = 0;
632     }
633 
634     ret = qemu_strtoul(buf, &buf, 16, &t);
635 
636     if (ret) {
637         return GDB_READ_THREAD_ERR;
638     }
639 
640     *end_buf = buf;
641 
642     if (p == -1) {
643         return GDB_ALL_PROCESSES;
644     }
645 
646     if (pid) {
647         *pid = p;
648     }
649 
650     if (t == -1) {
651         return GDB_ALL_THREADS;
652     }
653 
654     if (tid) {
655         *tid = t;
656     }
657 
658     return GDB_ONE_THREAD;
659 }
660 
661 /**
662  * gdb_handle_vcont - Parses and handles a vCont packet.
663  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
664  *         a format error, 0 on success.
665  */
666 static int gdb_handle_vcont(const char *p)
667 {
668     int res, signal = 0;
669     char cur_action;
670     unsigned long tmp;
671     uint32_t pid, tid;
672     GDBProcess *process;
673     CPUState *cpu;
674     GDBThreadIdKind kind;
675     unsigned int max_cpus = gdb_get_max_cpus();
676     /* uninitialised CPUs stay 0 */
677     g_autofree char *newstates = g_new0(char, max_cpus);
678 
679     /* mark valid CPUs with 1 */
680     CPU_FOREACH(cpu) {
681         newstates[cpu->cpu_index] = 1;
682     }
683 
684     /*
685      * res keeps track of what error we are returning, with -ENOTSUP meaning
686      * that the command is unknown or unsupported, thus returning an empty
687      * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
688      *  or incorrect parameters passed.
689      */
690     res = 0;
691 
692     /*
693      * target_count and last_target keep track of how many CPUs we are going to
694      * step or resume, and a pointer to the state structure of one of them,
695      * respectively
696      */
697     int target_count = 0;
698     CPUState *last_target = NULL;
699 
700     while (*p) {
701         if (*p++ != ';') {
702             return -ENOTSUP;
703         }
704 
705         cur_action = *p++;
706         if (cur_action == 'C' || cur_action == 'S') {
707             cur_action = qemu_tolower(cur_action);
708             res = qemu_strtoul(p, &p, 16, &tmp);
709             if (res) {
710                 return res;
711             }
712             signal = gdb_signal_to_target(tmp);
713         } else if (cur_action != 'c' && cur_action != 's') {
714             /* unknown/invalid/unsupported command */
715             return -ENOTSUP;
716         }
717 
718         if (*p == '\0' || *p == ';') {
719             /*
720              * No thread specifier, action is on "all threads". The
721              * specification is unclear regarding the process to act on. We
722              * choose all processes.
723              */
724             kind = GDB_ALL_PROCESSES;
725         } else if (*p++ == ':') {
726             kind = read_thread_id(p, &p, &pid, &tid);
727         } else {
728             return -ENOTSUP;
729         }
730 
731         switch (kind) {
732         case GDB_READ_THREAD_ERR:
733             return -EINVAL;
734 
735         case GDB_ALL_PROCESSES:
736             cpu = gdb_first_attached_cpu();
737             while (cpu) {
738                 if (newstates[cpu->cpu_index] == 1) {
739                     newstates[cpu->cpu_index] = cur_action;
740 
741                     target_count++;
742                     last_target = cpu;
743                 }
744 
745                 cpu = gdb_next_attached_cpu(cpu);
746             }
747             break;
748 
749         case GDB_ALL_THREADS:
750             process = gdb_get_process(pid);
751 
752             if (!process->attached) {
753                 return -EINVAL;
754             }
755 
756             cpu = gdb_get_first_cpu_in_process(process);
757             while (cpu) {
758                 if (newstates[cpu->cpu_index] == 1) {
759                     newstates[cpu->cpu_index] = cur_action;
760 
761                     target_count++;
762                     last_target = cpu;
763                 }
764 
765                 cpu = gdb_next_cpu_in_process(cpu);
766             }
767             break;
768 
769         case GDB_ONE_THREAD:
770             cpu = gdb_get_cpu(pid, tid);
771 
772             /* invalid CPU/thread specified */
773             if (!cpu) {
774                 return -EINVAL;
775             }
776 
777             /* only use if no previous match occourred */
778             if (newstates[cpu->cpu_index] == 1) {
779                 newstates[cpu->cpu_index] = cur_action;
780 
781                 target_count++;
782                 last_target = cpu;
783             }
784             break;
785         }
786     }
787 
788     /*
789      * if we're about to resume a specific set of CPUs/threads, make it so that
790      * in case execution gets interrupted, we can send GDB a stop reply with a
791      * correct value. it doesn't really matter which CPU we tell GDB the signal
792      * happened in (VM pauses stop all of them anyway), so long as it is one of
793      * the ones we resumed/single stepped here.
794      */
795     if (target_count > 0) {
796         gdbserver_state.c_cpu = last_target;
797     }
798 
799     gdbserver_state.signal = signal;
800     gdb_continue_partial(newstates);
801     return res;
802 }
803 
804 static const char *cmd_next_param(const char *param, const char delimiter)
805 {
806     static const char all_delimiters[] = ",;:=";
807     char curr_delimiters[2] = {0};
808     const char *delimiters;
809 
810     if (delimiter == '?') {
811         delimiters = all_delimiters;
812     } else if (delimiter == '0') {
813         return strchr(param, '\0');
814     } else if (delimiter == '.' && *param) {
815         return param + 1;
816     } else {
817         curr_delimiters[0] = delimiter;
818         delimiters = curr_delimiters;
819     }
820 
821     param += strcspn(param, delimiters);
822     if (*param) {
823         param++;
824     }
825     return param;
826 }
827 
828 static int cmd_parse_params(const char *data, const char *schema,
829                             GArray *params)
830 {
831     const char *curr_schema, *curr_data;
832 
833     g_assert(schema);
834     g_assert(params->len == 0);
835 
836     curr_schema = schema;
837     curr_data = data;
838     while (curr_schema[0] && curr_schema[1] && *curr_data) {
839         GdbCmdVariant this_param;
840 
841         switch (curr_schema[0]) {
842         case 'l':
843             if (qemu_strtoul(curr_data, &curr_data, 16,
844                              &this_param.val_ul)) {
845                 return -EINVAL;
846             }
847             curr_data = cmd_next_param(curr_data, curr_schema[1]);
848             g_array_append_val(params, this_param);
849             break;
850         case 'L':
851             if (qemu_strtou64(curr_data, &curr_data, 16,
852                               (uint64_t *)&this_param.val_ull)) {
853                 return -EINVAL;
854             }
855             curr_data = cmd_next_param(curr_data, curr_schema[1]);
856             g_array_append_val(params, this_param);
857             break;
858         case 's':
859             this_param.data = curr_data;
860             curr_data = cmd_next_param(curr_data, curr_schema[1]);
861             g_array_append_val(params, this_param);
862             break;
863         case 'o':
864             this_param.opcode = *(uint8_t *)curr_data;
865             curr_data = cmd_next_param(curr_data, curr_schema[1]);
866             g_array_append_val(params, this_param);
867             break;
868         case 't':
869             this_param.thread_id.kind =
870                 read_thread_id(curr_data, &curr_data,
871                                &this_param.thread_id.pid,
872                                &this_param.thread_id.tid);
873             curr_data = cmd_next_param(curr_data, curr_schema[1]);
874             g_array_append_val(params, this_param);
875             break;
876         case '?':
877             curr_data = cmd_next_param(curr_data, curr_schema[1]);
878             break;
879         default:
880             return -EINVAL;
881         }
882         curr_schema += 2;
883     }
884 
885     return 0;
886 }
887 
888 typedef void (*GdbCmdHandler)(GArray *params, void *user_ctx);
889 
890 /*
891  * cmd_startswith -> cmd is compared using startswith
892  *
893  * allow_stop_reply -> true iff the gdbstub can respond to this command with a
894  *   "stop reply" packet. The list of commands that accept such response is
895  *   defined at the GDB Remote Serial Protocol documentation. see:
896  *   https://sourceware.org/gdb/onlinedocs/gdb/Stop-Reply-Packets.html#Stop-Reply-Packets.
897  *
898  * schema definitions:
899  * Each schema parameter entry consists of 2 chars,
900  * the first char represents the parameter type handling
901  * the second char represents the delimiter for the next parameter
902  *
903  * Currently supported schema types:
904  * 'l' -> unsigned long (stored in .val_ul)
905  * 'L' -> unsigned long long (stored in .val_ull)
906  * 's' -> string (stored in .data)
907  * 'o' -> single char (stored in .opcode)
908  * 't' -> thread id (stored in .thread_id)
909  * '?' -> skip according to delimiter
910  *
911  * Currently supported delimiters:
912  * '?' -> Stop at any delimiter (",;:=\0")
913  * '0' -> Stop at "\0"
914  * '.' -> Skip 1 char unless reached "\0"
915  * Any other value is treated as the delimiter value itself
916  */
917 typedef struct GdbCmdParseEntry {
918     GdbCmdHandler handler;
919     const char *cmd;
920     bool cmd_startswith;
921     const char *schema;
922     bool allow_stop_reply;
923 } GdbCmdParseEntry;
924 
925 static inline int startswith(const char *string, const char *pattern)
926 {
927   return !strncmp(string, pattern, strlen(pattern));
928 }
929 
930 static int process_string_cmd(const char *data,
931                               const GdbCmdParseEntry *cmds, int num_cmds)
932 {
933     int i;
934     g_autoptr(GArray) params = g_array_new(false, true, sizeof(GdbCmdVariant));
935 
936     if (!cmds) {
937         return -1;
938     }
939 
940     for (i = 0; i < num_cmds; i++) {
941         const GdbCmdParseEntry *cmd = &cmds[i];
942         g_assert(cmd->handler && cmd->cmd);
943 
944         if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
945             (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
946             continue;
947         }
948 
949         if (cmd->schema) {
950             if (cmd_parse_params(&data[strlen(cmd->cmd)],
951                                  cmd->schema, params)) {
952                 return -1;
953             }
954         }
955 
956         gdbserver_state.allow_stop_reply = cmd->allow_stop_reply;
957         cmd->handler(params, NULL);
958         return 0;
959     }
960 
961     return -1;
962 }
963 
964 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
965 {
966     if (!data) {
967         return;
968     }
969 
970     g_string_set_size(gdbserver_state.str_buf, 0);
971     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
972 
973     /* In case there was an error during the command parsing we must
974     * send a NULL packet to indicate the command is not supported */
975     if (process_string_cmd(data, cmd, 1)) {
976         gdb_put_packet("");
977     }
978 }
979 
980 static void handle_detach(GArray *params, void *user_ctx)
981 {
982     GDBProcess *process;
983     uint32_t pid = 1;
984 
985     if (gdbserver_state.multiprocess) {
986         if (!params->len) {
987             gdb_put_packet("E22");
988             return;
989         }
990 
991         pid = get_param(params, 0)->val_ul;
992     }
993 
994     process = gdb_get_process(pid);
995     gdb_process_breakpoint_remove_all(process);
996     process->attached = false;
997 
998     if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
999         gdbserver_state.c_cpu = gdb_first_attached_cpu();
1000     }
1001 
1002     if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1003         gdbserver_state.g_cpu = gdb_first_attached_cpu();
1004     }
1005 
1006     if (!gdbserver_state.c_cpu) {
1007         /* No more process attached */
1008         gdb_disable_syscalls();
1009         gdb_continue();
1010     }
1011     gdb_put_packet("OK");
1012 }
1013 
1014 static void handle_thread_alive(GArray *params, void *user_ctx)
1015 {
1016     CPUState *cpu;
1017 
1018     if (!params->len) {
1019         gdb_put_packet("E22");
1020         return;
1021     }
1022 
1023     if (get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1024         gdb_put_packet("E22");
1025         return;
1026     }
1027 
1028     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1029                       get_param(params, 0)->thread_id.tid);
1030     if (!cpu) {
1031         gdb_put_packet("E22");
1032         return;
1033     }
1034 
1035     gdb_put_packet("OK");
1036 }
1037 
1038 static void handle_continue(GArray *params, void *user_ctx)
1039 {
1040     if (params->len) {
1041         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1042     }
1043 
1044     gdbserver_state.signal = 0;
1045     gdb_continue();
1046 }
1047 
1048 static void handle_cont_with_sig(GArray *params, void *user_ctx)
1049 {
1050     unsigned long signal = 0;
1051 
1052     /*
1053      * Note: C sig;[addr] is currently unsupported and we simply
1054      *       omit the addr parameter
1055      */
1056     if (params->len) {
1057         signal = get_param(params, 0)->val_ul;
1058     }
1059 
1060     gdbserver_state.signal = gdb_signal_to_target(signal);
1061     if (gdbserver_state.signal == -1) {
1062         gdbserver_state.signal = 0;
1063     }
1064     gdb_continue();
1065 }
1066 
1067 static void handle_set_thread(GArray *params, void *user_ctx)
1068 {
1069     CPUState *cpu;
1070 
1071     if (params->len != 2) {
1072         gdb_put_packet("E22");
1073         return;
1074     }
1075 
1076     if (get_param(params, 1)->thread_id.kind == GDB_READ_THREAD_ERR) {
1077         gdb_put_packet("E22");
1078         return;
1079     }
1080 
1081     if (get_param(params, 1)->thread_id.kind != GDB_ONE_THREAD) {
1082         gdb_put_packet("OK");
1083         return;
1084     }
1085 
1086     cpu = gdb_get_cpu(get_param(params, 1)->thread_id.pid,
1087                       get_param(params, 1)->thread_id.tid);
1088     if (!cpu) {
1089         gdb_put_packet("E22");
1090         return;
1091     }
1092 
1093     /*
1094      * Note: This command is deprecated and modern gdb's will be using the
1095      *       vCont command instead.
1096      */
1097     switch (get_param(params, 0)->opcode) {
1098     case 'c':
1099         gdbserver_state.c_cpu = cpu;
1100         gdb_put_packet("OK");
1101         break;
1102     case 'g':
1103         gdbserver_state.g_cpu = cpu;
1104         gdb_put_packet("OK");
1105         break;
1106     default:
1107         gdb_put_packet("E22");
1108         break;
1109     }
1110 }
1111 
1112 static void handle_insert_bp(GArray *params, void *user_ctx)
1113 {
1114     int res;
1115 
1116     if (params->len != 3) {
1117         gdb_put_packet("E22");
1118         return;
1119     }
1120 
1121     res = gdb_breakpoint_insert(gdbserver_state.c_cpu,
1122                                 get_param(params, 0)->val_ul,
1123                                 get_param(params, 1)->val_ull,
1124                                 get_param(params, 2)->val_ull);
1125     if (res >= 0) {
1126         gdb_put_packet("OK");
1127         return;
1128     } else if (res == -ENOSYS) {
1129         gdb_put_packet("");
1130         return;
1131     }
1132 
1133     gdb_put_packet("E22");
1134 }
1135 
1136 static void handle_remove_bp(GArray *params, void *user_ctx)
1137 {
1138     int res;
1139 
1140     if (params->len != 3) {
1141         gdb_put_packet("E22");
1142         return;
1143     }
1144 
1145     res = gdb_breakpoint_remove(gdbserver_state.c_cpu,
1146                                 get_param(params, 0)->val_ul,
1147                                 get_param(params, 1)->val_ull,
1148                                 get_param(params, 2)->val_ull);
1149     if (res >= 0) {
1150         gdb_put_packet("OK");
1151         return;
1152     } else if (res == -ENOSYS) {
1153         gdb_put_packet("");
1154         return;
1155     }
1156 
1157     gdb_put_packet("E22");
1158 }
1159 
1160 /*
1161  * handle_set/get_reg
1162  *
1163  * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1164  * This works, but can be very slow. Anything new enough to understand
1165  * XML also knows how to use this properly. However to use this we
1166  * need to define a local XML file as well as be talking to a
1167  * reasonably modern gdb. Responding with an empty packet will cause
1168  * the remote gdb to fallback to older methods.
1169  */
1170 
1171 static void handle_set_reg(GArray *params, void *user_ctx)
1172 {
1173     int reg_size;
1174 
1175     if (params->len != 2) {
1176         gdb_put_packet("E22");
1177         return;
1178     }
1179 
1180     reg_size = strlen(get_param(params, 1)->data) / 2;
1181     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 1)->data, reg_size);
1182     gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1183                        get_param(params, 0)->val_ull);
1184     gdb_put_packet("OK");
1185 }
1186 
1187 static void handle_get_reg(GArray *params, void *user_ctx)
1188 {
1189     int reg_size;
1190 
1191     if (!params->len) {
1192         gdb_put_packet("E14");
1193         return;
1194     }
1195 
1196     reg_size = gdb_read_register(gdbserver_state.g_cpu,
1197                                  gdbserver_state.mem_buf,
1198                                  get_param(params, 0)->val_ull);
1199     if (!reg_size) {
1200         gdb_put_packet("E14");
1201         return;
1202     } else {
1203         g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1204     }
1205 
1206     gdb_memtohex(gdbserver_state.str_buf,
1207                  gdbserver_state.mem_buf->data, reg_size);
1208     gdb_put_strbuf();
1209 }
1210 
1211 static void handle_write_mem(GArray *params, void *user_ctx)
1212 {
1213     if (params->len != 3) {
1214         gdb_put_packet("E22");
1215         return;
1216     }
1217 
1218     /* gdb_hextomem() reads 2*len bytes */
1219     if (get_param(params, 1)->val_ull >
1220         strlen(get_param(params, 2)->data) / 2) {
1221         gdb_put_packet("E22");
1222         return;
1223     }
1224 
1225     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 2)->data,
1226                  get_param(params, 1)->val_ull);
1227     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1228                                    get_param(params, 0)->val_ull,
1229                                    gdbserver_state.mem_buf->data,
1230                                    gdbserver_state.mem_buf->len, true)) {
1231         gdb_put_packet("E14");
1232         return;
1233     }
1234 
1235     gdb_put_packet("OK");
1236 }
1237 
1238 static void handle_read_mem(GArray *params, void *user_ctx)
1239 {
1240     if (params->len != 2) {
1241         gdb_put_packet("E22");
1242         return;
1243     }
1244 
1245     /* gdb_memtohex() doubles the required space */
1246     if (get_param(params, 1)->val_ull > MAX_PACKET_LENGTH / 2) {
1247         gdb_put_packet("E22");
1248         return;
1249     }
1250 
1251     g_byte_array_set_size(gdbserver_state.mem_buf,
1252                           get_param(params, 1)->val_ull);
1253 
1254     if (gdb_target_memory_rw_debug(gdbserver_state.g_cpu,
1255                                    get_param(params, 0)->val_ull,
1256                                    gdbserver_state.mem_buf->data,
1257                                    gdbserver_state.mem_buf->len, false)) {
1258         gdb_put_packet("E14");
1259         return;
1260     }
1261 
1262     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1263              gdbserver_state.mem_buf->len);
1264     gdb_put_strbuf();
1265 }
1266 
1267 static void handle_write_all_regs(GArray *params, void *user_ctx)
1268 {
1269     int reg_id;
1270     size_t len;
1271     uint8_t *registers;
1272     int reg_size;
1273 
1274     if (!params->len) {
1275         return;
1276     }
1277 
1278     cpu_synchronize_state(gdbserver_state.g_cpu);
1279     len = strlen(get_param(params, 0)->data) / 2;
1280     gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len);
1281     registers = gdbserver_state.mem_buf->data;
1282     for (reg_id = 0;
1283          reg_id < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1284          reg_id++) {
1285         reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, reg_id);
1286         len -= reg_size;
1287         registers += reg_size;
1288     }
1289     gdb_put_packet("OK");
1290 }
1291 
1292 static void handle_read_all_regs(GArray *params, void *user_ctx)
1293 {
1294     int reg_id;
1295     size_t len;
1296 
1297     cpu_synchronize_state(gdbserver_state.g_cpu);
1298     g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1299     len = 0;
1300     for (reg_id = 0; reg_id < gdbserver_state.g_cpu->gdb_num_g_regs; reg_id++) {
1301         len += gdb_read_register(gdbserver_state.g_cpu,
1302                                  gdbserver_state.mem_buf,
1303                                  reg_id);
1304     }
1305     g_assert(len == gdbserver_state.mem_buf->len);
1306 
1307     gdb_memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1308     gdb_put_strbuf();
1309 }
1310 
1311 
1312 static void handle_step(GArray *params, void *user_ctx)
1313 {
1314     if (params->len) {
1315         gdb_set_cpu_pc(get_param(params, 0)->val_ull);
1316     }
1317 
1318     cpu_single_step(gdbserver_state.c_cpu, gdbserver_state.sstep_flags);
1319     gdb_continue();
1320 }
1321 
1322 static void handle_backward(GArray *params, void *user_ctx)
1323 {
1324     if (!gdb_can_reverse()) {
1325         gdb_put_packet("E22");
1326     }
1327     if (params->len == 1) {
1328         switch (get_param(params, 0)->opcode) {
1329         case 's':
1330             if (replay_reverse_step()) {
1331                 gdb_continue();
1332             } else {
1333                 gdb_put_packet("E14");
1334             }
1335             return;
1336         case 'c':
1337             if (replay_reverse_continue()) {
1338                 gdb_continue();
1339             } else {
1340                 gdb_put_packet("E14");
1341             }
1342             return;
1343         }
1344     }
1345 
1346     /* Default invalid command */
1347     gdb_put_packet("");
1348 }
1349 
1350 static void handle_v_cont_query(GArray *params, void *user_ctx)
1351 {
1352     gdb_put_packet("vCont;c;C;s;S");
1353 }
1354 
1355 static void handle_v_cont(GArray *params, void *user_ctx)
1356 {
1357     int res;
1358 
1359     if (!params->len) {
1360         return;
1361     }
1362 
1363     res = gdb_handle_vcont(get_param(params, 0)->data);
1364     if ((res == -EINVAL) || (res == -ERANGE)) {
1365         gdb_put_packet("E22");
1366     } else if (res) {
1367         gdb_put_packet("");
1368     }
1369 }
1370 
1371 static void handle_v_attach(GArray *params, void *user_ctx)
1372 {
1373     GDBProcess *process;
1374     CPUState *cpu;
1375 
1376     g_string_assign(gdbserver_state.str_buf, "E22");
1377     if (!params->len) {
1378         goto cleanup;
1379     }
1380 
1381     process = gdb_get_process(get_param(params, 0)->val_ul);
1382     if (!process) {
1383         goto cleanup;
1384     }
1385 
1386     cpu = gdb_get_first_cpu_in_process(process);
1387     if (!cpu) {
1388         goto cleanup;
1389     }
1390 
1391     process->attached = true;
1392     gdbserver_state.g_cpu = cpu;
1393     gdbserver_state.c_cpu = cpu;
1394 
1395     if (gdbserver_state.allow_stop_reply) {
1396         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1397         gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1398         g_string_append_c(gdbserver_state.str_buf, ';');
1399         gdbserver_state.allow_stop_reply = false;
1400 cleanup:
1401         gdb_put_strbuf();
1402     }
1403 }
1404 
1405 static void handle_v_kill(GArray *params, void *user_ctx)
1406 {
1407     /* Kill the target */
1408     gdb_put_packet("OK");
1409     error_report("QEMU: Terminated via GDBstub");
1410     gdb_exit(0);
1411     gdb_qemu_exit(0);
1412 }
1413 
1414 static const GdbCmdParseEntry gdb_v_commands_table[] = {
1415     /* Order is important if has same prefix */
1416     {
1417         .handler = handle_v_cont_query,
1418         .cmd = "Cont?",
1419         .cmd_startswith = 1
1420     },
1421     {
1422         .handler = handle_v_cont,
1423         .cmd = "Cont",
1424         .cmd_startswith = 1,
1425         .allow_stop_reply = true,
1426         .schema = "s0"
1427     },
1428     {
1429         .handler = handle_v_attach,
1430         .cmd = "Attach;",
1431         .cmd_startswith = 1,
1432         .allow_stop_reply = true,
1433         .schema = "l0"
1434     },
1435     {
1436         .handler = handle_v_kill,
1437         .cmd = "Kill;",
1438         .cmd_startswith = 1
1439     },
1440 #ifdef CONFIG_USER_ONLY
1441     /*
1442      * Host I/O Packets. See [1] for details.
1443      * [1] https://sourceware.org/gdb/onlinedocs/gdb/Host-I_002fO-Packets.html
1444      */
1445     {
1446         .handler = gdb_handle_v_file_open,
1447         .cmd = "File:open:",
1448         .cmd_startswith = 1,
1449         .schema = "s,L,L0"
1450     },
1451     {
1452         .handler = gdb_handle_v_file_close,
1453         .cmd = "File:close:",
1454         .cmd_startswith = 1,
1455         .schema = "l0"
1456     },
1457     {
1458         .handler = gdb_handle_v_file_pread,
1459         .cmd = "File:pread:",
1460         .cmd_startswith = 1,
1461         .schema = "l,L,L0"
1462     },
1463     {
1464         .handler = gdb_handle_v_file_readlink,
1465         .cmd = "File:readlink:",
1466         .cmd_startswith = 1,
1467         .schema = "s0"
1468     },
1469 #endif
1470 };
1471 
1472 static void handle_v_commands(GArray *params, void *user_ctx)
1473 {
1474     if (!params->len) {
1475         return;
1476     }
1477 
1478     if (process_string_cmd(get_param(params, 0)->data,
1479                            gdb_v_commands_table,
1480                            ARRAY_SIZE(gdb_v_commands_table))) {
1481         gdb_put_packet("");
1482     }
1483 }
1484 
1485 static void handle_query_qemu_sstepbits(GArray *params, void *user_ctx)
1486 {
1487     g_string_printf(gdbserver_state.str_buf, "ENABLE=%x", SSTEP_ENABLE);
1488 
1489     if (gdbserver_state.supported_sstep_flags & SSTEP_NOIRQ) {
1490         g_string_append_printf(gdbserver_state.str_buf, ",NOIRQ=%x",
1491                                SSTEP_NOIRQ);
1492     }
1493 
1494     if (gdbserver_state.supported_sstep_flags & SSTEP_NOTIMER) {
1495         g_string_append_printf(gdbserver_state.str_buf, ",NOTIMER=%x",
1496                                SSTEP_NOTIMER);
1497     }
1498 
1499     gdb_put_strbuf();
1500 }
1501 
1502 static void handle_set_qemu_sstep(GArray *params, void *user_ctx)
1503 {
1504     int new_sstep_flags;
1505 
1506     if (!params->len) {
1507         return;
1508     }
1509 
1510     new_sstep_flags = get_param(params, 0)->val_ul;
1511 
1512     if (new_sstep_flags  & ~gdbserver_state.supported_sstep_flags) {
1513         gdb_put_packet("E22");
1514         return;
1515     }
1516 
1517     gdbserver_state.sstep_flags = new_sstep_flags;
1518     gdb_put_packet("OK");
1519 }
1520 
1521 static void handle_query_qemu_sstep(GArray *params, void *user_ctx)
1522 {
1523     g_string_printf(gdbserver_state.str_buf, "0x%x",
1524                     gdbserver_state.sstep_flags);
1525     gdb_put_strbuf();
1526 }
1527 
1528 static void handle_query_curr_tid(GArray *params, void *user_ctx)
1529 {
1530     CPUState *cpu;
1531     GDBProcess *process;
1532 
1533     /*
1534      * "Current thread" remains vague in the spec, so always return
1535      * the first thread of the current process (gdb returns the
1536      * first thread).
1537      */
1538     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1539     cpu = gdb_get_first_cpu_in_process(process);
1540     g_string_assign(gdbserver_state.str_buf, "QC");
1541     gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1542     gdb_put_strbuf();
1543 }
1544 
1545 static void handle_query_threads(GArray *params, void *user_ctx)
1546 {
1547     if (!gdbserver_state.query_cpu) {
1548         gdb_put_packet("l");
1549         return;
1550     }
1551 
1552     g_string_assign(gdbserver_state.str_buf, "m");
1553     gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
1554     gdb_put_strbuf();
1555     gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
1556 }
1557 
1558 static void handle_query_first_threads(GArray *params, void *user_ctx)
1559 {
1560     gdbserver_state.query_cpu = gdb_first_attached_cpu();
1561     handle_query_threads(params, user_ctx);
1562 }
1563 
1564 static void handle_query_thread_extra(GArray *params, void *user_ctx)
1565 {
1566     g_autoptr(GString) rs = g_string_new(NULL);
1567     CPUState *cpu;
1568 
1569     if (!params->len ||
1570         get_param(params, 0)->thread_id.kind == GDB_READ_THREAD_ERR) {
1571         gdb_put_packet("E22");
1572         return;
1573     }
1574 
1575     cpu = gdb_get_cpu(get_param(params, 0)->thread_id.pid,
1576                       get_param(params, 0)->thread_id.tid);
1577     if (!cpu) {
1578         return;
1579     }
1580 
1581     cpu_synchronize_state(cpu);
1582 
1583     if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
1584         /* Print the CPU model and name in multiprocess mode */
1585         ObjectClass *oc = object_get_class(OBJECT(cpu));
1586         const char *cpu_model = object_class_get_name(oc);
1587         const char *cpu_name =
1588             object_get_canonical_path_component(OBJECT(cpu));
1589         g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
1590                         cpu->halted ? "halted " : "running");
1591     } else {
1592         g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
1593                         cpu->halted ? "halted " : "running");
1594     }
1595     trace_gdbstub_op_extra_info(rs->str);
1596     gdb_memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
1597     gdb_put_strbuf();
1598 }
1599 
1600 static void handle_query_supported(GArray *params, void *user_ctx)
1601 {
1602     CPUClass *cc;
1603 
1604     g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
1605     cc = CPU_GET_CLASS(first_cpu);
1606     if (cc->gdb_core_xml_file) {
1607         g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
1608     }
1609 
1610     if (gdb_can_reverse()) {
1611         g_string_append(gdbserver_state.str_buf,
1612             ";ReverseStep+;ReverseContinue+");
1613     }
1614 
1615 #if defined(CONFIG_USER_ONLY)
1616 #if defined(CONFIG_LINUX)
1617     if (gdbserver_state.c_cpu->opaque) {
1618         g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
1619     }
1620     g_string_append(gdbserver_state.str_buf, ";QCatchSyscalls+");
1621 #endif
1622     g_string_append(gdbserver_state.str_buf, ";qXfer:exec-file:read+");
1623 #endif
1624 
1625     if (params->len &&
1626         strstr(get_param(params, 0)->data, "multiprocess+")) {
1627         gdbserver_state.multiprocess = true;
1628     }
1629 
1630     g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
1631     gdb_put_strbuf();
1632 }
1633 
1634 static void handle_query_xfer_features(GArray *params, void *user_ctx)
1635 {
1636     GDBProcess *process;
1637     CPUClass *cc;
1638     unsigned long len, total_len, addr;
1639     const char *xml;
1640     const char *p;
1641 
1642     if (params->len < 3) {
1643         gdb_put_packet("E22");
1644         return;
1645     }
1646 
1647     process = gdb_get_cpu_process(gdbserver_state.g_cpu);
1648     cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
1649     if (!cc->gdb_core_xml_file) {
1650         gdb_put_packet("");
1651         return;
1652     }
1653 
1654     p = get_param(params, 0)->data;
1655     xml = get_feature_xml(p, &p, process);
1656     if (!xml) {
1657         gdb_put_packet("E00");
1658         return;
1659     }
1660 
1661     addr = get_param(params, 1)->val_ul;
1662     len = get_param(params, 2)->val_ul;
1663     total_len = strlen(xml);
1664     if (addr > total_len) {
1665         gdb_put_packet("E00");
1666         return;
1667     }
1668 
1669     if (len > (MAX_PACKET_LENGTH - 5) / 2) {
1670         len = (MAX_PACKET_LENGTH - 5) / 2;
1671     }
1672 
1673     if (len < total_len - addr) {
1674         g_string_assign(gdbserver_state.str_buf, "m");
1675         gdb_memtox(gdbserver_state.str_buf, xml + addr, len);
1676     } else {
1677         g_string_assign(gdbserver_state.str_buf, "l");
1678         gdb_memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
1679     }
1680 
1681     gdb_put_packet_binary(gdbserver_state.str_buf->str,
1682                       gdbserver_state.str_buf->len, true);
1683 }
1684 
1685 static void handle_query_qemu_supported(GArray *params, void *user_ctx)
1686 {
1687     g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
1688 #ifndef CONFIG_USER_ONLY
1689     g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
1690 #endif
1691     gdb_put_strbuf();
1692 }
1693 
1694 static const GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
1695     /* Order is important if has same prefix */
1696     {
1697         .handler = handle_query_qemu_sstepbits,
1698         .cmd = "qemu.sstepbits",
1699     },
1700     {
1701         .handler = handle_query_qemu_sstep,
1702         .cmd = "qemu.sstep",
1703     },
1704     {
1705         .handler = handle_set_qemu_sstep,
1706         .cmd = "qemu.sstep=",
1707         .cmd_startswith = 1,
1708         .schema = "l0"
1709     },
1710 };
1711 
1712 static const GdbCmdParseEntry gdb_gen_query_table[] = {
1713     {
1714         .handler = handle_query_curr_tid,
1715         .cmd = "C",
1716     },
1717     {
1718         .handler = handle_query_threads,
1719         .cmd = "sThreadInfo",
1720     },
1721     {
1722         .handler = handle_query_first_threads,
1723         .cmd = "fThreadInfo",
1724     },
1725     {
1726         .handler = handle_query_thread_extra,
1727         .cmd = "ThreadExtraInfo,",
1728         .cmd_startswith = 1,
1729         .schema = "t0"
1730     },
1731 #ifdef CONFIG_USER_ONLY
1732     {
1733         .handler = gdb_handle_query_offsets,
1734         .cmd = "Offsets",
1735     },
1736 #else
1737     {
1738         .handler = gdb_handle_query_rcmd,
1739         .cmd = "Rcmd,",
1740         .cmd_startswith = 1,
1741         .schema = "s0"
1742     },
1743 #endif
1744     {
1745         .handler = handle_query_supported,
1746         .cmd = "Supported:",
1747         .cmd_startswith = 1,
1748         .schema = "s0"
1749     },
1750     {
1751         .handler = handle_query_supported,
1752         .cmd = "Supported",
1753         .schema = "s0"
1754     },
1755     {
1756         .handler = handle_query_xfer_features,
1757         .cmd = "Xfer:features:read:",
1758         .cmd_startswith = 1,
1759         .schema = "s:l,l0"
1760     },
1761 #if defined(CONFIG_USER_ONLY)
1762 #if defined(CONFIG_LINUX)
1763     {
1764         .handler = gdb_handle_query_xfer_auxv,
1765         .cmd = "Xfer:auxv:read::",
1766         .cmd_startswith = 1,
1767         .schema = "l,l0"
1768     },
1769 #endif
1770     {
1771         .handler = gdb_handle_query_xfer_exec_file,
1772         .cmd = "Xfer:exec-file:read:",
1773         .cmd_startswith = 1,
1774         .schema = "l:l,l0"
1775     },
1776 #endif
1777     {
1778         .handler = gdb_handle_query_attached,
1779         .cmd = "Attached:",
1780         .cmd_startswith = 1
1781     },
1782     {
1783         .handler = gdb_handle_query_attached,
1784         .cmd = "Attached",
1785     },
1786     {
1787         .handler = handle_query_qemu_supported,
1788         .cmd = "qemu.Supported",
1789     },
1790 #ifndef CONFIG_USER_ONLY
1791     {
1792         .handler = gdb_handle_query_qemu_phy_mem_mode,
1793         .cmd = "qemu.PhyMemMode",
1794     },
1795 #endif
1796 };
1797 
1798 static const GdbCmdParseEntry gdb_gen_set_table[] = {
1799     /* Order is important if has same prefix */
1800     {
1801         .handler = handle_set_qemu_sstep,
1802         .cmd = "qemu.sstep:",
1803         .cmd_startswith = 1,
1804         .schema = "l0"
1805     },
1806 #ifndef CONFIG_USER_ONLY
1807     {
1808         .handler = gdb_handle_set_qemu_phy_mem_mode,
1809         .cmd = "qemu.PhyMemMode:",
1810         .cmd_startswith = 1,
1811         .schema = "l0"
1812     },
1813 #endif
1814 #if defined(CONFIG_USER_ONLY)
1815     {
1816         .handler = gdb_handle_set_catch_syscalls,
1817         .cmd = "CatchSyscalls:",
1818         .cmd_startswith = 1,
1819         .schema = "s0",
1820     },
1821 #endif
1822 };
1823 
1824 static void handle_gen_query(GArray *params, void *user_ctx)
1825 {
1826     if (!params->len) {
1827         return;
1828     }
1829 
1830     if (!process_string_cmd(get_param(params, 0)->data,
1831                             gdb_gen_query_set_common_table,
1832                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1833         return;
1834     }
1835 
1836     if (process_string_cmd(get_param(params, 0)->data,
1837                            gdb_gen_query_table,
1838                            ARRAY_SIZE(gdb_gen_query_table))) {
1839         gdb_put_packet("");
1840     }
1841 }
1842 
1843 static void handle_gen_set(GArray *params, void *user_ctx)
1844 {
1845     if (!params->len) {
1846         return;
1847     }
1848 
1849     if (!process_string_cmd(get_param(params, 0)->data,
1850                             gdb_gen_query_set_common_table,
1851                             ARRAY_SIZE(gdb_gen_query_set_common_table))) {
1852         return;
1853     }
1854 
1855     if (process_string_cmd(get_param(params, 0)->data,
1856                            gdb_gen_set_table,
1857                            ARRAY_SIZE(gdb_gen_set_table))) {
1858         gdb_put_packet("");
1859     }
1860 }
1861 
1862 static void handle_target_halt(GArray *params, void *user_ctx)
1863 {
1864     if (gdbserver_state.allow_stop_reply) {
1865         g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1866         gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
1867         g_string_append_c(gdbserver_state.str_buf, ';');
1868         gdb_put_strbuf();
1869         gdbserver_state.allow_stop_reply = false;
1870     }
1871     /*
1872      * Remove all the breakpoints when this query is issued,
1873      * because gdb is doing an initial connect and the state
1874      * should be cleaned up.
1875      */
1876     gdb_breakpoint_remove_all(gdbserver_state.c_cpu);
1877 }
1878 
1879 static int gdb_handle_packet(const char *line_buf)
1880 {
1881     const GdbCmdParseEntry *cmd_parser = NULL;
1882 
1883     trace_gdbstub_io_command(line_buf);
1884 
1885     switch (line_buf[0]) {
1886     case '!':
1887         gdb_put_packet("OK");
1888         break;
1889     case '?':
1890         {
1891             static const GdbCmdParseEntry target_halted_cmd_desc = {
1892                 .handler = handle_target_halt,
1893                 .cmd = "?",
1894                 .cmd_startswith = 1,
1895                 .allow_stop_reply = true,
1896             };
1897             cmd_parser = &target_halted_cmd_desc;
1898         }
1899         break;
1900     case 'c':
1901         {
1902             static const GdbCmdParseEntry continue_cmd_desc = {
1903                 .handler = handle_continue,
1904                 .cmd = "c",
1905                 .cmd_startswith = 1,
1906                 .allow_stop_reply = true,
1907                 .schema = "L0"
1908             };
1909             cmd_parser = &continue_cmd_desc;
1910         }
1911         break;
1912     case 'C':
1913         {
1914             static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
1915                 .handler = handle_cont_with_sig,
1916                 .cmd = "C",
1917                 .cmd_startswith = 1,
1918                 .allow_stop_reply = true,
1919                 .schema = "l0"
1920             };
1921             cmd_parser = &cont_with_sig_cmd_desc;
1922         }
1923         break;
1924     case 'v':
1925         {
1926             static const GdbCmdParseEntry v_cmd_desc = {
1927                 .handler = handle_v_commands,
1928                 .cmd = "v",
1929                 .cmd_startswith = 1,
1930                 .schema = "s0"
1931             };
1932             cmd_parser = &v_cmd_desc;
1933         }
1934         break;
1935     case 'k':
1936         /* Kill the target */
1937         error_report("QEMU: Terminated via GDBstub");
1938         gdb_exit(0);
1939         gdb_qemu_exit(0);
1940         break;
1941     case 'D':
1942         {
1943             static const GdbCmdParseEntry detach_cmd_desc = {
1944                 .handler = handle_detach,
1945                 .cmd = "D",
1946                 .cmd_startswith = 1,
1947                 .schema = "?.l0"
1948             };
1949             cmd_parser = &detach_cmd_desc;
1950         }
1951         break;
1952     case 's':
1953         {
1954             static const GdbCmdParseEntry step_cmd_desc = {
1955                 .handler = handle_step,
1956                 .cmd = "s",
1957                 .cmd_startswith = 1,
1958                 .allow_stop_reply = true,
1959                 .schema = "L0"
1960             };
1961             cmd_parser = &step_cmd_desc;
1962         }
1963         break;
1964     case 'b':
1965         {
1966             static const GdbCmdParseEntry backward_cmd_desc = {
1967                 .handler = handle_backward,
1968                 .cmd = "b",
1969                 .cmd_startswith = 1,
1970                 .allow_stop_reply = true,
1971                 .schema = "o0"
1972             };
1973             cmd_parser = &backward_cmd_desc;
1974         }
1975         break;
1976     case 'F':
1977         {
1978             static const GdbCmdParseEntry file_io_cmd_desc = {
1979                 .handler = gdb_handle_file_io,
1980                 .cmd = "F",
1981                 .cmd_startswith = 1,
1982                 .schema = "L,L,o0"
1983             };
1984             cmd_parser = &file_io_cmd_desc;
1985         }
1986         break;
1987     case 'g':
1988         {
1989             static const GdbCmdParseEntry read_all_regs_cmd_desc = {
1990                 .handler = handle_read_all_regs,
1991                 .cmd = "g",
1992                 .cmd_startswith = 1
1993             };
1994             cmd_parser = &read_all_regs_cmd_desc;
1995         }
1996         break;
1997     case 'G':
1998         {
1999             static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2000                 .handler = handle_write_all_regs,
2001                 .cmd = "G",
2002                 .cmd_startswith = 1,
2003                 .schema = "s0"
2004             };
2005             cmd_parser = &write_all_regs_cmd_desc;
2006         }
2007         break;
2008     case 'm':
2009         {
2010             static const GdbCmdParseEntry read_mem_cmd_desc = {
2011                 .handler = handle_read_mem,
2012                 .cmd = "m",
2013                 .cmd_startswith = 1,
2014                 .schema = "L,L0"
2015             };
2016             cmd_parser = &read_mem_cmd_desc;
2017         }
2018         break;
2019     case 'M':
2020         {
2021             static const GdbCmdParseEntry write_mem_cmd_desc = {
2022                 .handler = handle_write_mem,
2023                 .cmd = "M",
2024                 .cmd_startswith = 1,
2025                 .schema = "L,L:s0"
2026             };
2027             cmd_parser = &write_mem_cmd_desc;
2028         }
2029         break;
2030     case 'p':
2031         {
2032             static const GdbCmdParseEntry get_reg_cmd_desc = {
2033                 .handler = handle_get_reg,
2034                 .cmd = "p",
2035                 .cmd_startswith = 1,
2036                 .schema = "L0"
2037             };
2038             cmd_parser = &get_reg_cmd_desc;
2039         }
2040         break;
2041     case 'P':
2042         {
2043             static const GdbCmdParseEntry set_reg_cmd_desc = {
2044                 .handler = handle_set_reg,
2045                 .cmd = "P",
2046                 .cmd_startswith = 1,
2047                 .schema = "L?s0"
2048             };
2049             cmd_parser = &set_reg_cmd_desc;
2050         }
2051         break;
2052     case 'Z':
2053         {
2054             static const GdbCmdParseEntry insert_bp_cmd_desc = {
2055                 .handler = handle_insert_bp,
2056                 .cmd = "Z",
2057                 .cmd_startswith = 1,
2058                 .schema = "l?L?L0"
2059             };
2060             cmd_parser = &insert_bp_cmd_desc;
2061         }
2062         break;
2063     case 'z':
2064         {
2065             static const GdbCmdParseEntry remove_bp_cmd_desc = {
2066                 .handler = handle_remove_bp,
2067                 .cmd = "z",
2068                 .cmd_startswith = 1,
2069                 .schema = "l?L?L0"
2070             };
2071             cmd_parser = &remove_bp_cmd_desc;
2072         }
2073         break;
2074     case 'H':
2075         {
2076             static const GdbCmdParseEntry set_thread_cmd_desc = {
2077                 .handler = handle_set_thread,
2078                 .cmd = "H",
2079                 .cmd_startswith = 1,
2080                 .schema = "o.t0"
2081             };
2082             cmd_parser = &set_thread_cmd_desc;
2083         }
2084         break;
2085     case 'T':
2086         {
2087             static const GdbCmdParseEntry thread_alive_cmd_desc = {
2088                 .handler = handle_thread_alive,
2089                 .cmd = "T",
2090                 .cmd_startswith = 1,
2091                 .schema = "t0"
2092             };
2093             cmd_parser = &thread_alive_cmd_desc;
2094         }
2095         break;
2096     case 'q':
2097         {
2098             static const GdbCmdParseEntry gen_query_cmd_desc = {
2099                 .handler = handle_gen_query,
2100                 .cmd = "q",
2101                 .cmd_startswith = 1,
2102                 .schema = "s0"
2103             };
2104             cmd_parser = &gen_query_cmd_desc;
2105         }
2106         break;
2107     case 'Q':
2108         {
2109             static const GdbCmdParseEntry gen_set_cmd_desc = {
2110                 .handler = handle_gen_set,
2111                 .cmd = "Q",
2112                 .cmd_startswith = 1,
2113                 .schema = "s0"
2114             };
2115             cmd_parser = &gen_set_cmd_desc;
2116         }
2117         break;
2118     default:
2119         /* put empty packet */
2120         gdb_put_packet("");
2121         break;
2122     }
2123 
2124     if (cmd_parser) {
2125         run_cmd_parser(line_buf, cmd_parser);
2126     }
2127 
2128     return RS_IDLE;
2129 }
2130 
2131 void gdb_set_stop_cpu(CPUState *cpu)
2132 {
2133     GDBProcess *p = gdb_get_cpu_process(cpu);
2134 
2135     if (!p->attached) {
2136         /*
2137          * Having a stop CPU corresponding to a process that is not attached
2138          * confuses GDB. So we ignore the request.
2139          */
2140         return;
2141     }
2142 
2143     gdbserver_state.c_cpu = cpu;
2144     gdbserver_state.g_cpu = cpu;
2145 }
2146 
2147 void gdb_read_byte(uint8_t ch)
2148 {
2149     uint8_t reply;
2150 
2151     gdbserver_state.allow_stop_reply = false;
2152 #ifndef CONFIG_USER_ONLY
2153     if (gdbserver_state.last_packet->len) {
2154         /* Waiting for a response to the last packet.  If we see the start
2155            of a new command then abandon the previous response.  */
2156         if (ch == '-') {
2157             trace_gdbstub_err_got_nack();
2158             gdb_put_buffer(gdbserver_state.last_packet->data,
2159                        gdbserver_state.last_packet->len);
2160         } else if (ch == '+') {
2161             trace_gdbstub_io_got_ack();
2162         } else {
2163             trace_gdbstub_io_got_unexpected(ch);
2164         }
2165 
2166         if (ch == '+' || ch == '$') {
2167             g_byte_array_set_size(gdbserver_state.last_packet, 0);
2168         }
2169         if (ch != '$')
2170             return;
2171     }
2172     if (runstate_is_running()) {
2173         /*
2174          * When the CPU is running, we cannot do anything except stop
2175          * it when receiving a char. This is expected on a Ctrl-C in the
2176          * gdb client. Because we are in all-stop mode, gdb sends a
2177          * 0x03 byte which is not a usual packet, so we handle it specially
2178          * here, but it does expect a stop reply.
2179          */
2180         if (ch != 0x03) {
2181             trace_gdbstub_err_unexpected_runpkt(ch);
2182         } else {
2183             gdbserver_state.allow_stop_reply = true;
2184         }
2185         vm_stop(RUN_STATE_PAUSED);
2186     } else
2187 #endif
2188     {
2189         switch(gdbserver_state.state) {
2190         case RS_IDLE:
2191             if (ch == '$') {
2192                 /* start of command packet */
2193                 gdbserver_state.line_buf_index = 0;
2194                 gdbserver_state.line_sum = 0;
2195                 gdbserver_state.state = RS_GETLINE;
2196             } else if (ch == '+') {
2197                 /*
2198                  * do nothing, gdb may preemptively send out ACKs on
2199                  * initial connection
2200                  */
2201             } else {
2202                 trace_gdbstub_err_garbage(ch);
2203             }
2204             break;
2205         case RS_GETLINE:
2206             if (ch == '}') {
2207                 /* start escape sequence */
2208                 gdbserver_state.state = RS_GETLINE_ESC;
2209                 gdbserver_state.line_sum += ch;
2210             } else if (ch == '*') {
2211                 /* start run length encoding sequence */
2212                 gdbserver_state.state = RS_GETLINE_RLE;
2213                 gdbserver_state.line_sum += ch;
2214             } else if (ch == '#') {
2215                 /* end of command, start of checksum*/
2216                 gdbserver_state.state = RS_CHKSUM1;
2217             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2218                 trace_gdbstub_err_overrun();
2219                 gdbserver_state.state = RS_IDLE;
2220             } else {
2221                 /* unescaped command character */
2222                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2223                 gdbserver_state.line_sum += ch;
2224             }
2225             break;
2226         case RS_GETLINE_ESC:
2227             if (ch == '#') {
2228                 /* unexpected end of command in escape sequence */
2229                 gdbserver_state.state = RS_CHKSUM1;
2230             } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2231                 /* command buffer overrun */
2232                 trace_gdbstub_err_overrun();
2233                 gdbserver_state.state = RS_IDLE;
2234             } else {
2235                 /* parse escaped character and leave escape state */
2236                 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2237                 gdbserver_state.line_sum += ch;
2238                 gdbserver_state.state = RS_GETLINE;
2239             }
2240             break;
2241         case RS_GETLINE_RLE:
2242             /*
2243              * Run-length encoding is explained in "Debugging with GDB /
2244              * Appendix E GDB Remote Serial Protocol / Overview".
2245              */
2246             if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2247                 /* invalid RLE count encoding */
2248                 trace_gdbstub_err_invalid_repeat(ch);
2249                 gdbserver_state.state = RS_GETLINE;
2250             } else {
2251                 /* decode repeat length */
2252                 int repeat = ch - ' ' + 3;
2253                 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2254                     /* that many repeats would overrun the command buffer */
2255                     trace_gdbstub_err_overrun();
2256                     gdbserver_state.state = RS_IDLE;
2257                 } else if (gdbserver_state.line_buf_index < 1) {
2258                     /* got a repeat but we have nothing to repeat */
2259                     trace_gdbstub_err_invalid_rle();
2260                     gdbserver_state.state = RS_GETLINE;
2261                 } else {
2262                     /* repeat the last character */
2263                     memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2264                            gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2265                     gdbserver_state.line_buf_index += repeat;
2266                     gdbserver_state.line_sum += ch;
2267                     gdbserver_state.state = RS_GETLINE;
2268                 }
2269             }
2270             break;
2271         case RS_CHKSUM1:
2272             /* get high hex digit of checksum */
2273             if (!isxdigit(ch)) {
2274                 trace_gdbstub_err_checksum_invalid(ch);
2275                 gdbserver_state.state = RS_GETLINE;
2276                 break;
2277             }
2278             gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2279             gdbserver_state.line_csum = fromhex(ch) << 4;
2280             gdbserver_state.state = RS_CHKSUM2;
2281             break;
2282         case RS_CHKSUM2:
2283             /* get low hex digit of checksum */
2284             if (!isxdigit(ch)) {
2285                 trace_gdbstub_err_checksum_invalid(ch);
2286                 gdbserver_state.state = RS_GETLINE;
2287                 break;
2288             }
2289             gdbserver_state.line_csum |= fromhex(ch);
2290 
2291             if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2292                 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2293                 /* send NAK reply */
2294                 reply = '-';
2295                 gdb_put_buffer(&reply, 1);
2296                 gdbserver_state.state = RS_IDLE;
2297             } else {
2298                 /* send ACK reply */
2299                 reply = '+';
2300                 gdb_put_buffer(&reply, 1);
2301                 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2302             }
2303             break;
2304         default:
2305             abort();
2306         }
2307     }
2308 }
2309 
2310 /*
2311  * Create the process that will contain all the "orphan" CPUs (that are not
2312  * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2313  * be attachable and thus will be invisible to the user.
2314  */
2315 void gdb_create_default_process(GDBState *s)
2316 {
2317     GDBProcess *process;
2318     int pid;
2319 
2320 #ifdef CONFIG_USER_ONLY
2321     assert(gdbserver_state.process_num == 0);
2322     pid = getpid();
2323 #else
2324     if (gdbserver_state.process_num) {
2325         pid = s->processes[s->process_num - 1].pid;
2326     } else {
2327         pid = 0;
2328     }
2329     /* We need an available PID slot for this process */
2330     assert(pid < UINT32_MAX);
2331     pid++;
2332 #endif
2333 
2334     s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2335     process = &s->processes[s->process_num - 1];
2336     process->pid = pid;
2337     process->attached = false;
2338     process->target_xml = NULL;
2339 }
2340 
2341