search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/cleber/tags/python-next-pull-request' into...
[qemu.git] / gdbstub.c
blob013fb1ac0f1872964c803e0bff5b154c18b04330
1 /*
2 * gdb server stub
3 *
4 * This implements a subset of the remote protocol as described in:
5 *
6 * https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7 *
8 * Copyright (c) 2003-2005 Fabrice Bellard
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 *
23 * SPDX-License-Identifier: LGPL-2.0+
24 */
25
26 #include "qemu/osdep.h"
27 #include "qemu-common.h"
28 #include "qapi/error.h"
29 #include "qemu/error-report.h"
30 #include "qemu/ctype.h"
31 #include "qemu/cutils.h"
32 #include "qemu/module.h"
33 #include "trace-root.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "qemu.h"
36 #else
37 #include "monitor/monitor.h"
38 #include "chardev/char.h"
39 #include "chardev/char-fe.h"
40 #include "sysemu/sysemu.h"
41 #include "exec/gdbstub.h"
42 #include "hw/cpu/cluster.h"
43 #include "hw/boards.h"
44 #endif
45
46 #define MAX_PACKET_LENGTH 4096
47
48 #include "qemu/sockets.h"
49 #include "sysemu/hw_accel.h"
50 #include "sysemu/kvm.h"
51 #include "sysemu/runstate.h"
52 #include "hw/semihosting/semihost.h"
53 #include "exec/exec-all.h"
54
55 #ifdef CONFIG_USER_ONLY
56 #define GDB_ATTACHED "0"
57 #else
58 #define GDB_ATTACHED "1"
59 #endif
60
61 #ifndef CONFIG_USER_ONLY
62 static int phy_memory_mode;
63 #endif
64
65 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
66 uint8_t *buf, int len, bool is_write)
67 {
68 CPUClass *cc;
69
70 #ifndef CONFIG_USER_ONLY
71 if (phy_memory_mode) {
72 if (is_write) {
73 cpu_physical_memory_write(addr, buf, len);
74 } else {
75 cpu_physical_memory_read(addr, buf, len);
76 }
77 return 0;
78 }
79 #endif
80
81 cc = CPU_GET_CLASS(cpu);
82 if (cc->memory_rw_debug) {
83 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
84 }
85 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
86 }
87
88 /* Return the GDB index for a given vCPU state.
89 *
90 * For user mode this is simply the thread id. In system mode GDB
91 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
92 */
93 static inline int cpu_gdb_index(CPUState *cpu)
94 {
95 #if defined(CONFIG_USER_ONLY)
96 TaskState *ts = (TaskState *) cpu->opaque;
97 return ts->ts_tid;
98 #else
99 return cpu->cpu_index + 1;
100 #endif
101 }
102
103 enum {
104 GDB_SIGNAL_0 = 0,
105 GDB_SIGNAL_INT = 2,
106 GDB_SIGNAL_QUIT = 3,
107 GDB_SIGNAL_TRAP = 5,
108 GDB_SIGNAL_ABRT = 6,
109 GDB_SIGNAL_ALRM = 14,
110 GDB_SIGNAL_IO = 23,
111 GDB_SIGNAL_XCPU = 24,
112 GDB_SIGNAL_UNKNOWN = 143
113 };
114
115 #ifdef CONFIG_USER_ONLY
116
117 /* Map target signal numbers to GDB protocol signal numbers and vice
118 * versa. For user emulation's currently supported systems, we can
119 * assume most signals are defined.
120 */
121
122 static int gdb_signal_table[] = {
123 0,
124 TARGET_SIGHUP,
125 TARGET_SIGINT,
126 TARGET_SIGQUIT,
127 TARGET_SIGILL,
128 TARGET_SIGTRAP,
129 TARGET_SIGABRT,
130 -1, /* SIGEMT */
131 TARGET_SIGFPE,
132 TARGET_SIGKILL,
133 TARGET_SIGBUS,
134 TARGET_SIGSEGV,
135 TARGET_SIGSYS,
136 TARGET_SIGPIPE,
137 TARGET_SIGALRM,
138 TARGET_SIGTERM,
139 TARGET_SIGURG,
140 TARGET_SIGSTOP,
141 TARGET_SIGTSTP,
142 TARGET_SIGCONT,
143 TARGET_SIGCHLD,
144 TARGET_SIGTTIN,
145 TARGET_SIGTTOU,
146 TARGET_SIGIO,
147 TARGET_SIGXCPU,
148 TARGET_SIGXFSZ,
149 TARGET_SIGVTALRM,
150 TARGET_SIGPROF,
151 TARGET_SIGWINCH,
152 -1, /* SIGLOST */
153 TARGET_SIGUSR1,
154 TARGET_SIGUSR2,
155 #ifdef TARGET_SIGPWR
156 TARGET_SIGPWR,
157 #else
158 -1,
159 #endif
160 -1, /* SIGPOLL */
161 -1,
162 -1,
163 -1,
164 -1,
165 -1,
166 -1,
167 -1,
168 -1,
169 -1,
170 -1,
171 -1,
172 #ifdef __SIGRTMIN
173 __SIGRTMIN + 1,
174 __SIGRTMIN + 2,
175 __SIGRTMIN + 3,
176 __SIGRTMIN + 4,
177 __SIGRTMIN + 5,
178 __SIGRTMIN + 6,
179 __SIGRTMIN + 7,
180 __SIGRTMIN + 8,
181 __SIGRTMIN + 9,
182 __SIGRTMIN + 10,
183 __SIGRTMIN + 11,
184 __SIGRTMIN + 12,
185 __SIGRTMIN + 13,
186 __SIGRTMIN + 14,
187 __SIGRTMIN + 15,
188 __SIGRTMIN + 16,
189 __SIGRTMIN + 17,
190 __SIGRTMIN + 18,
191 __SIGRTMIN + 19,
192 __SIGRTMIN + 20,
193 __SIGRTMIN + 21,
194 __SIGRTMIN + 22,
195 __SIGRTMIN + 23,
196 __SIGRTMIN + 24,
197 __SIGRTMIN + 25,
198 __SIGRTMIN + 26,
199 __SIGRTMIN + 27,
200 __SIGRTMIN + 28,
201 __SIGRTMIN + 29,
202 __SIGRTMIN + 30,
203 __SIGRTMIN + 31,
204 -1, /* SIGCANCEL */
205 __SIGRTMIN,
206 __SIGRTMIN + 32,
207 __SIGRTMIN + 33,
208 __SIGRTMIN + 34,
209 __SIGRTMIN + 35,
210 __SIGRTMIN + 36,
211 __SIGRTMIN + 37,
212 __SIGRTMIN + 38,
213 __SIGRTMIN + 39,
214 __SIGRTMIN + 40,
215 __SIGRTMIN + 41,
216 __SIGRTMIN + 42,
217 __SIGRTMIN + 43,
218 __SIGRTMIN + 44,
219 __SIGRTMIN + 45,
220 __SIGRTMIN + 46,
221 __SIGRTMIN + 47,
222 __SIGRTMIN + 48,
223 __SIGRTMIN + 49,
224 __SIGRTMIN + 50,
225 __SIGRTMIN + 51,
226 __SIGRTMIN + 52,
227 __SIGRTMIN + 53,
228 __SIGRTMIN + 54,
229 __SIGRTMIN + 55,
230 __SIGRTMIN + 56,
231 __SIGRTMIN + 57,
232 __SIGRTMIN + 58,
233 __SIGRTMIN + 59,
234 __SIGRTMIN + 60,
235 __SIGRTMIN + 61,
236 __SIGRTMIN + 62,
237 __SIGRTMIN + 63,
238 __SIGRTMIN + 64,
239 __SIGRTMIN + 65,
240 __SIGRTMIN + 66,
241 __SIGRTMIN + 67,
242 __SIGRTMIN + 68,
243 __SIGRTMIN + 69,
244 __SIGRTMIN + 70,
245 __SIGRTMIN + 71,
246 __SIGRTMIN + 72,
247 __SIGRTMIN + 73,
248 __SIGRTMIN + 74,
249 __SIGRTMIN + 75,
250 __SIGRTMIN + 76,
251 __SIGRTMIN + 77,
252 __SIGRTMIN + 78,
253 __SIGRTMIN + 79,
254 __SIGRTMIN + 80,
255 __SIGRTMIN + 81,
256 __SIGRTMIN + 82,
257 __SIGRTMIN + 83,
258 __SIGRTMIN + 84,
259 __SIGRTMIN + 85,
260 __SIGRTMIN + 86,
261 __SIGRTMIN + 87,
262 __SIGRTMIN + 88,
263 __SIGRTMIN + 89,
264 __SIGRTMIN + 90,
265 __SIGRTMIN + 91,
266 __SIGRTMIN + 92,
267 __SIGRTMIN + 93,
268 __SIGRTMIN + 94,
269 __SIGRTMIN + 95,
270 -1, /* SIGINFO */
271 -1, /* UNKNOWN */
272 -1, /* DEFAULT */
273 -1,
274 -1,
275 -1,
276 -1,
277 -1,
278 -1
279 #endif
280 };
281 #else
282 /* In system mode we only need SIGINT and SIGTRAP; other signals
283 are not yet supported. */
284
285 enum {
286 TARGET_SIGINT = 2,
287 TARGET_SIGTRAP = 5
288 };
289
290 static int gdb_signal_table[] = {
291 -1,
292 -1,
293 TARGET_SIGINT,
294 -1,
295 -1,
296 TARGET_SIGTRAP
297 };
298 #endif
299
300 #ifdef CONFIG_USER_ONLY
301 static int target_signal_to_gdb (int sig)
302 {
303 int i;
304 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
305 if (gdb_signal_table[i] == sig)
306 return i;
307 return GDB_SIGNAL_UNKNOWN;
308 }
309 #endif
310
311 static int gdb_signal_to_target (int sig)
312 {
313 if (sig < ARRAY_SIZE (gdb_signal_table))
314 return gdb_signal_table[sig];
315 else
316 return -1;
317 }
318
319 typedef struct GDBRegisterState {
320 int base_reg;
321 int num_regs;
322 gdb_get_reg_cb get_reg;
323 gdb_set_reg_cb set_reg;
324 const char *xml;
325 struct GDBRegisterState *next;
326 } GDBRegisterState;
327
328 typedef struct GDBProcess {
329 uint32_t pid;
330 bool attached;
331
332 char target_xml[1024];
333 } GDBProcess;
334
335 enum RSState {
336 RS_INACTIVE,
337 RS_IDLE,
338 RS_GETLINE,
339 RS_GETLINE_ESC,
340 RS_GETLINE_RLE,
341 RS_CHKSUM1,
342 RS_CHKSUM2,
343 };
344 typedef struct GDBState {
345 bool init; /* have we been initialised? */
346 CPUState *c_cpu; /* current CPU for step/continue ops */
347 CPUState *g_cpu; /* current CPU for other ops */
348 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
349 enum RSState state; /* parsing state */
350 char line_buf[MAX_PACKET_LENGTH];
351 int line_buf_index;
352 int line_sum; /* running checksum */
353 int line_csum; /* checksum at the end of the packet */
354 GByteArray *last_packet;
355 int signal;
356 #ifdef CONFIG_USER_ONLY
357 int fd;
358 int running_state;
359 #else
360 CharBackend chr;
361 Chardev *mon_chr;
362 #endif
363 bool multiprocess;
364 GDBProcess *processes;
365 int process_num;
366 char syscall_buf[256];
367 gdb_syscall_complete_cb current_syscall_cb;
368 GString *str_buf;
369 GByteArray *mem_buf;
370 } GDBState;
371
372 /* By default use no IRQs and no timers while single stepping so as to
373 * make single stepping like an ICE HW step.
374 */
375 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
376
377 static GDBState gdbserver_state;
378
379 static void init_gdbserver_state(void)
380 {
381 g_assert(!gdbserver_state.init);
382 memset(&gdbserver_state, 0, sizeof(GDBState));
383 gdbserver_state.init = true;
384 gdbserver_state.str_buf = g_string_new(NULL);
385 gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
386 gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
387 }
388
389 #ifndef CONFIG_USER_ONLY
390 static void reset_gdbserver_state(void)
391 {
392 g_free(gdbserver_state.processes);
393 gdbserver_state.processes = NULL;
394 gdbserver_state.process_num = 0;
395 }
396 #endif
397
398 bool gdb_has_xml;
399
400 #ifdef CONFIG_USER_ONLY
401 /* XXX: This is not thread safe. Do we care? */
402 static int gdbserver_fd = -1;
403
404 static int get_char(void)
405 {
406 uint8_t ch;
407 int ret;
408
409 for(;;) {
410 ret = qemu_recv(gdbserver_state.fd, &ch, 1, 0);
411 if (ret < 0) {
412 if (errno == ECONNRESET)
413 gdbserver_state.fd = -1;
414 if (errno != EINTR)
415 return -1;
416 } else if (ret == 0) {
417 close(gdbserver_state.fd);
418 gdbserver_state.fd = -1;
419 return -1;
420 } else {
421 break;
422 }
423 }
424 return ch;
425 }
426 #endif
427
428 static enum {
429 GDB_SYS_UNKNOWN,
430 GDB_SYS_ENABLED,
431 GDB_SYS_DISABLED,
432 } gdb_syscall_mode;
433
434 /* Decide if either remote gdb syscalls or native file IO should be used. */
435 int use_gdb_syscalls(void)
436 {
437 SemihostingTarget target = semihosting_get_target();
438 if (target == SEMIHOSTING_TARGET_NATIVE) {
439 /* -semihosting-config target=native */
440 return false;
441 } else if (target == SEMIHOSTING_TARGET_GDB) {
442 /* -semihosting-config target=gdb */
443 return true;
444 }
445
446 /* -semihosting-config target=auto */
447 /* On the first call check if gdb is connected and remember. */
448 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
449 gdb_syscall_mode = gdbserver_state.init ?
450 GDB_SYS_ENABLED : GDB_SYS_DISABLED;
451 }
452 return gdb_syscall_mode == GDB_SYS_ENABLED;
453 }
454
455 /* Resume execution. */
456 static inline void gdb_continue(void)
457 {
458
459 #ifdef CONFIG_USER_ONLY
460 gdbserver_state.running_state = 1;
461 trace_gdbstub_op_continue();
462 #else
463 if (!runstate_needs_reset()) {
464 trace_gdbstub_op_continue();
465 vm_start();
466 }
467 #endif
468 }
469
470 /*
471 * Resume execution, per CPU actions. For user-mode emulation it's
472 * equivalent to gdb_continue.
473 */
474 static int gdb_continue_partial(char *newstates)
475 {
476 CPUState *cpu;
477 int res = 0;
478 #ifdef CONFIG_USER_ONLY
479 /*
480 * This is not exactly accurate, but it's an improvement compared to the
481 * previous situation, where only one CPU would be single-stepped.
482 */
483 CPU_FOREACH(cpu) {
484 if (newstates[cpu->cpu_index] == 's') {
485 trace_gdbstub_op_stepping(cpu->cpu_index);
486 cpu_single_step(cpu, sstep_flags);
487 }
488 }
489 gdbserver_state.running_state = 1;
490 #else
491 int flag = 0;
492
493 if (!runstate_needs_reset()) {
494 if (vm_prepare_start()) {
495 return 0;
496 }
497
498 CPU_FOREACH(cpu) {
499 switch (newstates[cpu->cpu_index]) {
500 case 0:
501 case 1:
502 break; /* nothing to do here */
503 case 's':
504 trace_gdbstub_op_stepping(cpu->cpu_index);
505 cpu_single_step(cpu, sstep_flags);
506 cpu_resume(cpu);
507 flag = 1;
508 break;
509 case 'c':
510 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
511 cpu_resume(cpu);
512 flag = 1;
513 break;
514 default:
515 res = -1;
516 break;
517 }
518 }
519 }
520 if (flag) {
521 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
522 }
523 #endif
524 return res;
525 }
526
527 static void put_buffer(const uint8_t *buf, int len)
528 {
529 #ifdef CONFIG_USER_ONLY
530 int ret;
531
532 while (len > 0) {
533 ret = send(gdbserver_state.fd, buf, len, 0);
534 if (ret < 0) {
535 if (errno != EINTR)
536 return;
537 } else {
538 buf += ret;
539 len -= ret;
540 }
541 }
542 #else
543 /* XXX this blocks entire thread. Rewrite to use
544 * qemu_chr_fe_write and background I/O callbacks */
545 qemu_chr_fe_write_all(&gdbserver_state.chr, buf, len);
546 #endif
547 }
548
549 static inline int fromhex(int v)
550 {
551 if (v >= '0' && v <= '9')
552 return v - '0';
553 else if (v >= 'A' && v <= 'F')
554 return v - 'A' + 10;
555 else if (v >= 'a' && v <= 'f')
556 return v - 'a' + 10;
557 else
558 return 0;
559 }
560
561 static inline int tohex(int v)
562 {
563 if (v < 10)
564 return v + '0';
565 else
566 return v - 10 + 'a';
567 }
568
569 /* writes 2*len+1 bytes in buf */
570 static void memtohex(GString *buf, const uint8_t *mem, int len)
571 {
572 int i, c;
573 for(i = 0; i < len; i++) {
574 c = mem[i];
575 g_string_append_c(buf, tohex(c >> 4));
576 g_string_append_c(buf, tohex(c & 0xf));
577 }
578 g_string_append_c(buf, '\0');
579 }
580
581 static void hextomem(GByteArray *mem, const char *buf, int len)
582 {
583 int i;
584
585 for(i = 0; i < len; i++) {
586 guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
587 g_byte_array_append(mem, &byte, 1);
588 buf += 2;
589 }
590 }
591
592 static void hexdump(const char *buf, int len,
593 void (*trace_fn)(size_t ofs, char const *text))
594 {
595 char line_buffer[3 * 16 + 4 + 16 + 1];
596
597 size_t i;
598 for (i = 0; i < len || (i & 0xF); ++i) {
599 size_t byte_ofs = i & 15;
600
601 if (byte_ofs == 0) {
602 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
603 line_buffer[3 * 16 + 4 + 16] = 0;
604 }
605
606 size_t col_group = (i >> 2) & 3;
607 size_t hex_col = byte_ofs * 3 + col_group;
608 size_t txt_col = 3 * 16 + 4 + byte_ofs;
609
610 if (i < len) {
611 char value = buf[i];
612
613 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
614 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
615 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
616 ? value
617 : '.';
618 }
619
620 if (byte_ofs == 0xF)
621 trace_fn(i & -16, line_buffer);
622 }
623 }
624
625 /* return -1 if error, 0 if OK */
626 static int put_packet_binary(const char *buf, int len, bool dump)
627 {
628 int csum, i;
629 uint8_t footer[3];
630
631 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
632 hexdump(buf, len, trace_gdbstub_io_binaryreply);
633 }
634
635 for(;;) {
636 g_byte_array_set_size(gdbserver_state.last_packet, 0);
637 g_byte_array_append(gdbserver_state.last_packet,
638 (const uint8_t *) "$", 1);
639 g_byte_array_append(gdbserver_state.last_packet,
640 (const uint8_t *) buf, len);
641 csum = 0;
642 for(i = 0; i < len; i++) {
643 csum += buf[i];
644 }
645 footer[0] = '#';
646 footer[1] = tohex((csum >> 4) & 0xf);
647 footer[2] = tohex((csum) & 0xf);
648 g_byte_array_append(gdbserver_state.last_packet, footer, 3);
649
650 put_buffer(gdbserver_state.last_packet->data,
651 gdbserver_state.last_packet->len);
652
653 #ifdef CONFIG_USER_ONLY
654 i = get_char();
655 if (i < 0)
656 return -1;
657 if (i == '+')
658 break;
659 #else
660 break;
661 #endif
662 }
663 return 0;
664 }
665
666 /* return -1 if error, 0 if OK */
667 static int put_packet(const char *buf)
668 {
669 trace_gdbstub_io_reply(buf);
670
671 return put_packet_binary(buf, strlen(buf), false);
672 }
673
674 static void put_strbuf(void)
675 {
676 put_packet(gdbserver_state.str_buf->str);
677 }
678
679 /* Encode data using the encoding for 'x' packets. */
680 static void memtox(GString *buf, const char *mem, int len)
681 {
682 char c;
683
684 while (len--) {
685 c = *(mem++);
686 switch (c) {
687 case '#': case '$': case '*': case '}':
688 g_string_append_c(buf, '}');
689 g_string_append_c(buf, c ^ 0x20);
690 break;
691 default:
692 g_string_append_c(buf, c);
693 break;
694 }
695 }
696 }
697
698 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
699 {
700 /* TODO: In user mode, we should use the task state PID */
701 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
702 /* Return the default process' PID */
703 int index = gdbserver_state.process_num - 1;
704 return gdbserver_state.processes[index].pid;
705 }
706 return cpu->cluster_index + 1;
707 }
708
709 static GDBProcess *gdb_get_process(uint32_t pid)
710 {
711 int i;
712
713 if (!pid) {
714 /* 0 means any process, we take the first one */
715 return &gdbserver_state.processes[0];
716 }
717
718 for (i = 0; i < gdbserver_state.process_num; i++) {
719 if (gdbserver_state.processes[i].pid == pid) {
720 return &gdbserver_state.processes[i];
721 }
722 }
723
724 return NULL;
725 }
726
727 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
728 {
729 return gdb_get_process(gdb_get_cpu_pid(cpu));
730 }
731
732 static CPUState *find_cpu(uint32_t thread_id)
733 {
734 CPUState *cpu;
735
736 CPU_FOREACH(cpu) {
737 if (cpu_gdb_index(cpu) == thread_id) {
738 return cpu;
739 }
740 }
741
742 return NULL;
743 }
744
745 static CPUState *get_first_cpu_in_process(GDBProcess *process)
746 {
747 CPUState *cpu;
748
749 CPU_FOREACH(cpu) {
750 if (gdb_get_cpu_pid(cpu) == process->pid) {
751 return cpu;
752 }
753 }
754
755 return NULL;
756 }
757
758 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
759 {
760 uint32_t pid = gdb_get_cpu_pid(cpu);
761 cpu = CPU_NEXT(cpu);
762
763 while (cpu) {
764 if (gdb_get_cpu_pid(cpu) == pid) {
765 break;
766 }
767
768 cpu = CPU_NEXT(cpu);
769 }
770
771 return cpu;
772 }
773
774 /* Return the cpu following @cpu, while ignoring unattached processes. */
775 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
776 {
777 cpu = CPU_NEXT(cpu);
778
779 while (cpu) {
780 if (gdb_get_cpu_process(cpu)->attached) {
781 break;
782 }
783
784 cpu = CPU_NEXT(cpu);
785 }
786
787 return cpu;
788 }
789
790 /* Return the first attached cpu */
791 static CPUState *gdb_first_attached_cpu(void)
792 {
793 CPUState *cpu = first_cpu;
794 GDBProcess *process = gdb_get_cpu_process(cpu);
795
796 if (!process->attached) {
797 return gdb_next_attached_cpu(cpu);
798 }
799
800 return cpu;
801 }
802
803 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
804 {
805 GDBProcess *process;
806 CPUState *cpu;
807
808 if (!pid && !tid) {
809 /* 0 means any process/thread, we take the first attached one */
810 return gdb_first_attached_cpu();
811 } else if (pid && !tid) {
812 /* any thread in a specific process */
813 process = gdb_get_process(pid);
814
815 if (process == NULL) {
816 return NULL;
817 }
818
819 if (!process->attached) {
820 return NULL;
821 }
822
823 return get_first_cpu_in_process(process);
824 } else {
825 /* a specific thread */
826 cpu = find_cpu(tid);
827
828 if (cpu == NULL) {
829 return NULL;
830 }
831
832 process = gdb_get_cpu_process(cpu);
833
834 if (pid && process->pid != pid) {
835 return NULL;
836 }
837
838 if (!process->attached) {
839 return NULL;
840 }
841
842 return cpu;
843 }
844 }
845
846 static const char *get_feature_xml(const char *p, const char **newp,
847 GDBProcess *process)
848 {
849 size_t len;
850 int i;
851 const char *name;
852 CPUState *cpu = get_first_cpu_in_process(process);
853 CPUClass *cc = CPU_GET_CLASS(cpu);
854
855 len = 0;
856 while (p[len] && p[len] != ':')
857 len++;
858 *newp = p + len;
859
860 name = NULL;
861 if (strncmp(p, "target.xml", len) == 0) {
862 char *buf = process->target_xml;
863 const size_t buf_sz = sizeof(process->target_xml);
864
865 /* Generate the XML description for this CPU. */
866 if (!buf[0]) {
867 GDBRegisterState *r;
868
869 pstrcat(buf, buf_sz,
870 "<?xml version=\"1.0\"?>"
871 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
872 "<target>");
873 if (cc->gdb_arch_name) {
874 gchar *arch = cc->gdb_arch_name(cpu);
875 pstrcat(buf, buf_sz, "<architecture>");
876 pstrcat(buf, buf_sz, arch);
877 pstrcat(buf, buf_sz, "</architecture>");
878 g_free(arch);
879 }
880 pstrcat(buf, buf_sz, "<xi:include href=\"");
881 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
882 pstrcat(buf, buf_sz, "\"/>");
883 for (r = cpu->gdb_regs; r; r = r->next) {
884 pstrcat(buf, buf_sz, "<xi:include href=\"");
885 pstrcat(buf, buf_sz, r->xml);
886 pstrcat(buf, buf_sz, "\"/>");
887 }
888 pstrcat(buf, buf_sz, "</target>");
889 }
890 return buf;
891 }
892 if (cc->gdb_get_dynamic_xml) {
893 char *xmlname = g_strndup(p, len);
894 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
895
896 g_free(xmlname);
897 if (xml) {
898 return xml;
899 }
900 }
901 for (i = 0; ; i++) {
902 name = xml_builtin[i][0];
903 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
904 break;
905 }
906 return name ? xml_builtin[i][1] : NULL;
907 }
908
909 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
910 {
911 CPUClass *cc = CPU_GET_CLASS(cpu);
912 CPUArchState *env = cpu->env_ptr;
913 GDBRegisterState *r;
914
915 if (reg < cc->gdb_num_core_regs) {
916 return cc->gdb_read_register(cpu, buf, reg);
917 }
918
919 for (r = cpu->gdb_regs; r; r = r->next) {
920 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
921 return r->get_reg(env, buf, reg - r->base_reg);
922 }
923 }
924 return 0;
925 }
926
927 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
928 {
929 CPUClass *cc = CPU_GET_CLASS(cpu);
930 CPUArchState *env = cpu->env_ptr;
931 GDBRegisterState *r;
932
933 if (reg < cc->gdb_num_core_regs) {
934 return cc->gdb_write_register(cpu, mem_buf, reg);
935 }
936
937 for (r = cpu->gdb_regs; r; r = r->next) {
938 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
939 return r->set_reg(env, mem_buf, reg - r->base_reg);
940 }
941 }
942 return 0;
943 }
944
945 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
946 specifies the first register number and these registers are included in
947 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
948 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
949 */
950
951 void gdb_register_coprocessor(CPUState *cpu,
952 gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
953 int num_regs, const char *xml, int g_pos)
954 {
955 GDBRegisterState *s;
956 GDBRegisterState **p;
957
958 p = &cpu->gdb_regs;
959 while (*p) {
960 /* Check for duplicates. */
961 if (strcmp((*p)->xml, xml) == 0)
962 return;
963 p = &(*p)->next;
964 }
965
966 s = g_new0(GDBRegisterState, 1);
967 s->base_reg = cpu->gdb_num_regs;
968 s->num_regs = num_regs;
969 s->get_reg = get_reg;
970 s->set_reg = set_reg;
971 s->xml = xml;
972
973 /* Add to end of list. */
974 cpu->gdb_num_regs += num_regs;
975 *p = s;
976 if (g_pos) {
977 if (g_pos != s->base_reg) {
978 error_report("Error: Bad gdb register numbering for '%s', "
979 "expected %d got %d", xml, g_pos, s->base_reg);
980 } else {
981 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
982 }
983 }
984 }
985
986 #ifndef CONFIG_USER_ONLY
987 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
988 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
989 {
990 static const int xlat[] = {
991 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
992 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
993 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
994 };
995
996 CPUClass *cc = CPU_GET_CLASS(cpu);
997 int cputype = xlat[gdbtype];
998
999 if (cc->gdb_stop_before_watchpoint) {
1000 cputype |= BP_STOP_BEFORE_ACCESS;
1001 }
1002 return cputype;
1003 }
1004 #endif
1005
1006 static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
1007 {
1008 CPUState *cpu;
1009 int err = 0;
1010
1011 if (kvm_enabled()) {
1012 return kvm_insert_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1013 }
1014
1015 switch (type) {
1016 case GDB_BREAKPOINT_SW:
1017 case GDB_BREAKPOINT_HW:
1018 CPU_FOREACH(cpu) {
1019 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
1020 if (err) {
1021 break;
1022 }
1023 }
1024 return err;
1025 #ifndef CONFIG_USER_ONLY
1026 case GDB_WATCHPOINT_WRITE:
1027 case GDB_WATCHPOINT_READ:
1028 case GDB_WATCHPOINT_ACCESS:
1029 CPU_FOREACH(cpu) {
1030 err = cpu_watchpoint_insert(cpu, addr, len,
1031 xlat_gdb_type(cpu, type), NULL);
1032 if (err) {
1033 break;
1034 }
1035 }
1036 return err;
1037 #endif
1038 default:
1039 return -ENOSYS;
1040 }
1041 }
1042
1043 static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
1044 {
1045 CPUState *cpu;
1046 int err = 0;
1047
1048 if (kvm_enabled()) {
1049 return kvm_remove_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1050 }
1051
1052 switch (type) {
1053 case GDB_BREAKPOINT_SW:
1054 case GDB_BREAKPOINT_HW:
1055 CPU_FOREACH(cpu) {
1056 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1057 if (err) {
1058 break;
1059 }
1060 }
1061 return err;
1062 #ifndef CONFIG_USER_ONLY
1063 case GDB_WATCHPOINT_WRITE:
1064 case GDB_WATCHPOINT_READ:
1065 case GDB_WATCHPOINT_ACCESS:
1066 CPU_FOREACH(cpu) {
1067 err = cpu_watchpoint_remove(cpu, addr, len,
1068 xlat_gdb_type(cpu, type));
1069 if (err)
1070 break;
1071 }
1072 return err;
1073 #endif
1074 default:
1075 return -ENOSYS;
1076 }
1077 }
1078
1079 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1080 {
1081 cpu_breakpoint_remove_all(cpu, BP_GDB);
1082 #ifndef CONFIG_USER_ONLY
1083 cpu_watchpoint_remove_all(cpu, BP_GDB);
1084 #endif
1085 }
1086
1087 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
1088 {
1089 CPUState *cpu = get_first_cpu_in_process(p);
1090
1091 while (cpu) {
1092 gdb_cpu_breakpoint_remove_all(cpu);
1093 cpu = gdb_next_cpu_in_process(cpu);
1094 }
1095 }
1096
1097 static void gdb_breakpoint_remove_all(void)
1098 {
1099 CPUState *cpu;
1100
1101 if (kvm_enabled()) {
1102 kvm_remove_all_breakpoints(gdbserver_state.c_cpu);
1103 return;
1104 }
1105
1106 CPU_FOREACH(cpu) {
1107 gdb_cpu_breakpoint_remove_all(cpu);
1108 }
1109 }
1110
1111 static void gdb_set_cpu_pc(target_ulong pc)
1112 {
1113 CPUState *cpu = gdbserver_state.c_cpu;
1114
1115 cpu_synchronize_state(cpu);
1116 cpu_set_pc(cpu, pc);
1117 }
1118
1119 static void gdb_append_thread_id(CPUState *cpu, GString *buf)
1120 {
1121 if (gdbserver_state.multiprocess) {
1122 g_string_append_printf(buf, "p%02x.%02x",
1123 gdb_get_cpu_pid(cpu), cpu_gdb_index(cpu));
1124 } else {
1125 g_string_append_printf(buf, "%02x", cpu_gdb_index(cpu));
1126 }
1127 }
1128
1129 typedef enum GDBThreadIdKind {
1130 GDB_ONE_THREAD = 0,
1131 GDB_ALL_THREADS, /* One process, all threads */
1132 GDB_ALL_PROCESSES,
1133 GDB_READ_THREAD_ERR
1134 } GDBThreadIdKind;
1135
1136 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1137 uint32_t *pid, uint32_t *tid)
1138 {
1139 unsigned long p, t;
1140 int ret;
1141
1142 if (*buf == 'p') {
1143 buf++;
1144 ret = qemu_strtoul(buf, &buf, 16, &p);
1145
1146 if (ret) {
1147 return GDB_READ_THREAD_ERR;
1148 }
1149
1150 /* Skip '.' */
1151 buf++;
1152 } else {
1153 p = 1;
1154 }
1155
1156 ret = qemu_strtoul(buf, &buf, 16, &t);
1157
1158 if (ret) {
1159 return GDB_READ_THREAD_ERR;
1160 }
1161
1162 *end_buf = buf;
1163
1164 if (p == -1) {
1165 return GDB_ALL_PROCESSES;
1166 }
1167
1168 if (pid) {
1169 *pid = p;
1170 }
1171
1172 if (t == -1) {
1173 return GDB_ALL_THREADS;
1174 }
1175
1176 if (tid) {
1177 *tid = t;
1178 }
1179
1180 return GDB_ONE_THREAD;
1181 }
1182
1183 /**
1184 * gdb_handle_vcont - Parses and handles a vCont packet.
1185 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1186 * a format error, 0 on success.
1187 */
1188 static int gdb_handle_vcont(const char *p)
1189 {
1190 int res, signal = 0;
1191 char cur_action;
1192 char *newstates;
1193 unsigned long tmp;
1194 uint32_t pid, tid;
1195 GDBProcess *process;
1196 CPUState *cpu;
1197 GDBThreadIdKind kind;
1198 #ifdef CONFIG_USER_ONLY
1199 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1200
1201 CPU_FOREACH(cpu) {
1202 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1203 }
1204 #else
1205 MachineState *ms = MACHINE(qdev_get_machine());
1206 unsigned int max_cpus = ms->smp.max_cpus;
1207 #endif
1208 /* uninitialised CPUs stay 0 */
1209 newstates = g_new0(char, max_cpus);
1210
1211 /* mark valid CPUs with 1 */
1212 CPU_FOREACH(cpu) {
1213 newstates[cpu->cpu_index] = 1;
1214 }
1215
1216 /*
1217 * res keeps track of what error we are returning, with -ENOTSUP meaning
1218 * that the command is unknown or unsupported, thus returning an empty
1219 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1220 * or incorrect parameters passed.
1221 */
1222 res = 0;
1223 while (*p) {
1224 if (*p++ != ';') {
1225 res = -ENOTSUP;
1226 goto out;
1227 }
1228
1229 cur_action = *p++;
1230 if (cur_action == 'C' || cur_action == 'S') {
1231 cur_action = qemu_tolower(cur_action);
1232 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1233 if (res) {
1234 goto out;
1235 }
1236 signal = gdb_signal_to_target(tmp);
1237 } else if (cur_action != 'c' && cur_action != 's') {
1238 /* unknown/invalid/unsupported command */
1239 res = -ENOTSUP;
1240 goto out;
1241 }
1242
1243 if (*p == '\0' || *p == ';') {
1244 /*
1245 * No thread specifier, action is on "all threads". The
1246 * specification is unclear regarding the process to act on. We
1247 * choose all processes.
1248 */
1249 kind = GDB_ALL_PROCESSES;
1250 } else if (*p++ == ':') {
1251 kind = read_thread_id(p, &p, &pid, &tid);
1252 } else {
1253 res = -ENOTSUP;
1254 goto out;
1255 }
1256
1257 switch (kind) {
1258 case GDB_READ_THREAD_ERR:
1259 res = -EINVAL;
1260 goto out;
1261
1262 case GDB_ALL_PROCESSES:
1263 cpu = gdb_first_attached_cpu();
1264 while (cpu) {
1265 if (newstates[cpu->cpu_index] == 1) {
1266 newstates[cpu->cpu_index] = cur_action;
1267 }
1268
1269 cpu = gdb_next_attached_cpu(cpu);
1270 }
1271 break;
1272
1273 case GDB_ALL_THREADS:
1274 process = gdb_get_process(pid);
1275
1276 if (!process->attached) {
1277 res = -EINVAL;
1278 goto out;
1279 }
1280
1281 cpu = get_first_cpu_in_process(process);
1282 while (cpu) {
1283 if (newstates[cpu->cpu_index] == 1) {
1284 newstates[cpu->cpu_index] = cur_action;
1285 }
1286
1287 cpu = gdb_next_cpu_in_process(cpu);
1288 }
1289 break;
1290
1291 case GDB_ONE_THREAD:
1292 cpu = gdb_get_cpu(pid, tid);
1293
1294 /* invalid CPU/thread specified */
1295 if (!cpu) {
1296 res = -EINVAL;
1297 goto out;
1298 }
1299
1300 /* only use if no previous match occourred */
1301 if (newstates[cpu->cpu_index] == 1) {
1302 newstates[cpu->cpu_index] = cur_action;
1303 }
1304 break;
1305 }
1306 }
1307 gdbserver_state.signal = signal;
1308 gdb_continue_partial(newstates);
1309
1310 out:
1311 g_free(newstates);
1312
1313 return res;
1314 }
1315
1316 typedef union GdbCmdVariant {
1317 const char *data;
1318 uint8_t opcode;
1319 unsigned long val_ul;
1320 unsigned long long val_ull;
1321 struct {
1322 GDBThreadIdKind kind;
1323 uint32_t pid;
1324 uint32_t tid;
1325 } thread_id;
1326 } GdbCmdVariant;
1327
1328 static const char *cmd_next_param(const char *param, const char delimiter)
1329 {
1330 static const char all_delimiters[] = ",;:=";
1331 char curr_delimiters[2] = {0};
1332 const char *delimiters;
1333
1334 if (delimiter == '?') {
1335 delimiters = all_delimiters;
1336 } else if (delimiter == '0') {
1337 return strchr(param, '\0');
1338 } else if (delimiter == '.' && *param) {
1339 return param + 1;
1340 } else {
1341 curr_delimiters[0] = delimiter;
1342 delimiters = curr_delimiters;
1343 }
1344
1345 param += strcspn(param, delimiters);
1346 if (*param) {
1347 param++;
1348 }
1349 return param;
1350 }
1351
1352 static int cmd_parse_params(const char *data, const char *schema,
1353 GdbCmdVariant *params, int *num_params)
1354 {
1355 int curr_param;
1356 const char *curr_schema, *curr_data;
1357
1358 *num_params = 0;
1359
1360 if (!schema) {
1361 return 0;
1362 }
1363
1364 curr_schema = schema;
1365 curr_param = 0;
1366 curr_data = data;
1367 while (curr_schema[0] && curr_schema[1] && *curr_data) {
1368 switch (curr_schema[0]) {
1369 case 'l':
1370 if (qemu_strtoul(curr_data, &curr_data, 16,
1371 &params[curr_param].val_ul)) {
1372 return -EINVAL;
1373 }
1374 curr_param++;
1375 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1376 break;
1377 case 'L':
1378 if (qemu_strtou64(curr_data, &curr_data, 16,
1379 (uint64_t *)&params[curr_param].val_ull)) {
1380 return -EINVAL;
1381 }
1382 curr_param++;
1383 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1384 break;
1385 case 's':
1386 params[curr_param].data = curr_data;
1387 curr_param++;
1388 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1389 break;
1390 case 'o':
1391 params[curr_param].opcode = *(uint8_t *)curr_data;
1392 curr_param++;
1393 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1394 break;
1395 case 't':
1396 params[curr_param].thread_id.kind =
1397 read_thread_id(curr_data, &curr_data,
1398 &params[curr_param].thread_id.pid,
1399 &params[curr_param].thread_id.tid);
1400 curr_param++;
1401 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1402 break;
1403 case '?':
1404 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1405 break;
1406 default:
1407 return -EINVAL;
1408 }
1409 curr_schema += 2;
1410 }
1411
1412 *num_params = curr_param;
1413 return 0;
1414 }
1415
1416 typedef struct GdbCmdContext {
1417 GdbCmdVariant *params;
1418 int num_params;
1419 } GdbCmdContext;
1420
1421 typedef void (*GdbCmdHandler)(GdbCmdContext *gdb_ctx, void *user_ctx);
1422
1423 /*
1424 * cmd_startswith -> cmd is compared using startswith
1425 *
1426 *
1427 * schema definitions:
1428 * Each schema parameter entry consists of 2 chars,
1429 * the first char represents the parameter type handling
1430 * the second char represents the delimiter for the next parameter
1431 *
1432 * Currently supported schema types:
1433 * 'l' -> unsigned long (stored in .val_ul)
1434 * 'L' -> unsigned long long (stored in .val_ull)
1435 * 's' -> string (stored in .data)
1436 * 'o' -> single char (stored in .opcode)
1437 * 't' -> thread id (stored in .thread_id)
1438 * '?' -> skip according to delimiter
1439 *
1440 * Currently supported delimiters:
1441 * '?' -> Stop at any delimiter (",;:=\0")
1442 * '0' -> Stop at "\0"
1443 * '.' -> Skip 1 char unless reached "\0"
1444 * Any other value is treated as the delimiter value itself
1445 */
1446 typedef struct GdbCmdParseEntry {
1447 GdbCmdHandler handler;
1448 const char *cmd;
1449 bool cmd_startswith;
1450 const char *schema;
1451 } GdbCmdParseEntry;
1452
1453 static inline int startswith(const char *string, const char *pattern)
1454 {
1455 return !strncmp(string, pattern, strlen(pattern));
1456 }
1457
1458 static int process_string_cmd(void *user_ctx, const char *data,
1459 const GdbCmdParseEntry *cmds, int num_cmds)
1460 {
1461 int i, schema_len, max_num_params = 0;
1462 GdbCmdContext gdb_ctx;
1463
1464 if (!cmds) {
1465 return -1;
1466 }
1467
1468 for (i = 0; i < num_cmds; i++) {
1469 const GdbCmdParseEntry *cmd = &cmds[i];
1470 g_assert(cmd->handler && cmd->cmd);
1471
1472 if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1473 (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1474 continue;
1475 }
1476
1477 if (cmd->schema) {
1478 schema_len = strlen(cmd->schema);
1479 if (schema_len % 2) {
1480 return -2;
1481 }
1482
1483 max_num_params = schema_len / 2;
1484 }
1485
1486 gdb_ctx.params =
1487 (GdbCmdVariant *)alloca(sizeof(*gdb_ctx.params) * max_num_params);
1488 memset(gdb_ctx.params, 0, sizeof(*gdb_ctx.params) * max_num_params);
1489
1490 if (cmd_parse_params(&data[strlen(cmd->cmd)], cmd->schema,
1491 gdb_ctx.params, &gdb_ctx.num_params)) {
1492 return -1;
1493 }
1494
1495 cmd->handler(&gdb_ctx, user_ctx);
1496 return 0;
1497 }
1498
1499 return -1;
1500 }
1501
1502 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
1503 {
1504 if (!data) {
1505 return;
1506 }
1507
1508 g_string_set_size(gdbserver_state.str_buf, 0);
1509 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1510
1511 /* In case there was an error during the command parsing we must
1512 * send a NULL packet to indicate the command is not supported */
1513 if (process_string_cmd(NULL, data, cmd, 1)) {
1514 put_packet("");
1515 }
1516 }
1517
1518 static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
1519 {
1520 GDBProcess *process;
1521 uint32_t pid = 1;
1522
1523 if (gdbserver_state.multiprocess) {
1524 if (!gdb_ctx->num_params) {
1525 put_packet("E22");
1526 return;
1527 }
1528
1529 pid = gdb_ctx->params[0].val_ul;
1530 }
1531
1532 process = gdb_get_process(pid);
1533 gdb_process_breakpoint_remove_all(process);
1534 process->attached = false;
1535
1536 if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1537 gdbserver_state.c_cpu = gdb_first_attached_cpu();
1538 }
1539
1540 if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1541 gdbserver_state.g_cpu = gdb_first_attached_cpu();
1542 }
1543
1544 if (!gdbserver_state.c_cpu) {
1545 /* No more process attached */
1546 gdb_syscall_mode = GDB_SYS_DISABLED;
1547 gdb_continue();
1548 }
1549 put_packet("OK");
1550 }
1551
1552 static void handle_thread_alive(GdbCmdContext *gdb_ctx, void *user_ctx)
1553 {
1554 CPUState *cpu;
1555
1556 if (!gdb_ctx->num_params) {
1557 put_packet("E22");
1558 return;
1559 }
1560
1561 if (gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
1562 put_packet("E22");
1563 return;
1564 }
1565
1566 cpu = gdb_get_cpu(gdb_ctx->params[0].thread_id.pid,
1567 gdb_ctx->params[0].thread_id.tid);
1568 if (!cpu) {
1569 put_packet("E22");
1570 return;
1571 }
1572
1573 put_packet("OK");
1574 }
1575
1576 static void handle_continue(GdbCmdContext *gdb_ctx, void *user_ctx)
1577 {
1578 if (gdb_ctx->num_params) {
1579 gdb_set_cpu_pc(gdb_ctx->params[0].val_ull);
1580 }
1581
1582 gdbserver_state.signal = 0;
1583 gdb_continue();
1584 }
1585
1586 static void handle_cont_with_sig(GdbCmdContext *gdb_ctx, void *user_ctx)
1587 {
1588 unsigned long signal = 0;
1589
1590 /*
1591 * Note: C sig;[addr] is currently unsupported and we simply
1592 * omit the addr parameter
1593 */
1594 if (gdb_ctx->num_params) {
1595 signal = gdb_ctx->params[0].val_ul;
1596 }
1597
1598 gdbserver_state.signal = gdb_signal_to_target(signal);
1599 if (gdbserver_state.signal == -1) {
1600 gdbserver_state.signal = 0;
1601 }
1602 gdb_continue();
1603 }
1604
1605 static void handle_set_thread(GdbCmdContext *gdb_ctx, void *user_ctx)
1606 {
1607 CPUState *cpu;
1608
1609 if (gdb_ctx->num_params != 2) {
1610 put_packet("E22");
1611 return;
1612 }
1613
1614 if (gdb_ctx->params[1].thread_id.kind == GDB_READ_THREAD_ERR) {
1615 put_packet("E22");
1616 return;
1617 }
1618
1619 if (gdb_ctx->params[1].thread_id.kind != GDB_ONE_THREAD) {
1620 put_packet("OK");
1621 return;
1622 }
1623
1624 cpu = gdb_get_cpu(gdb_ctx->params[1].thread_id.pid,
1625 gdb_ctx->params[1].thread_id.tid);
1626 if (!cpu) {
1627 put_packet("E22");
1628 return;
1629 }
1630
1631 /*
1632 * Note: This command is deprecated and modern gdb's will be using the
1633 * vCont command instead.
1634 */
1635 switch (gdb_ctx->params[0].opcode) {
1636 case 'c':
1637 gdbserver_state.c_cpu = cpu;
1638 put_packet("OK");
1639 break;
1640 case 'g':
1641 gdbserver_state.g_cpu = cpu;
1642 put_packet("OK");
1643 break;
1644 default:
1645 put_packet("E22");
1646 break;
1647 }
1648 }
1649
1650 static void handle_insert_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1651 {
1652 int res;
1653
1654 if (gdb_ctx->num_params != 3) {
1655 put_packet("E22");
1656 return;
1657 }
1658
1659 res = gdb_breakpoint_insert(gdb_ctx->params[0].val_ul,
1660 gdb_ctx->params[1].val_ull,
1661 gdb_ctx->params[2].val_ull);
1662 if (res >= 0) {
1663 put_packet("OK");
1664 return;
1665 } else if (res == -ENOSYS) {
1666 put_packet("");
1667 return;
1668 }
1669
1670 put_packet("E22");
1671 }
1672
1673 static void handle_remove_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1674 {
1675 int res;
1676
1677 if (gdb_ctx->num_params != 3) {
1678 put_packet("E22");
1679 return;
1680 }
1681
1682 res = gdb_breakpoint_remove(gdb_ctx->params[0].val_ul,
1683 gdb_ctx->params[1].val_ull,
1684 gdb_ctx->params[2].val_ull);
1685 if (res >= 0) {
1686 put_packet("OK");
1687 return;
1688 } else if (res == -ENOSYS) {
1689 put_packet("");
1690 return;
1691 }
1692
1693 put_packet("E22");
1694 }
1695
1696 /*
1697 * handle_set/get_reg
1698 *
1699 * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1700 * This works, but can be very slow. Anything new enough to understand
1701 * XML also knows how to use this properly. However to use this we
1702 * need to define a local XML file as well as be talking to a
1703 * reasonably modern gdb. Responding with an empty packet will cause
1704 * the remote gdb to fallback to older methods.
1705 */
1706
1707 static void handle_set_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1708 {
1709 int reg_size;
1710
1711 if (!gdb_has_xml) {
1712 put_packet("");
1713 return;
1714 }
1715
1716 if (gdb_ctx->num_params != 2) {
1717 put_packet("E22");
1718 return;
1719 }
1720
1721 reg_size = strlen(gdb_ctx->params[1].data) / 2;
1722 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[1].data, reg_size);
1723 gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1724 gdb_ctx->params[0].val_ull);
1725 put_packet("OK");
1726 }
1727
1728 static void handle_get_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1729 {
1730 int reg_size;
1731
1732 if (!gdb_has_xml) {
1733 put_packet("");
1734 return;
1735 }
1736
1737 if (!gdb_ctx->num_params) {
1738 put_packet("E14");
1739 return;
1740 }
1741
1742 reg_size = gdb_read_register(gdbserver_state.g_cpu,
1743 gdbserver_state.mem_buf,
1744 gdb_ctx->params[0].val_ull);
1745 if (!reg_size) {
1746 put_packet("E14");
1747 return;
1748 } else {
1749 g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1750 }
1751
1752 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, reg_size);
1753 put_strbuf();
1754 }
1755
1756 static void handle_write_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1757 {
1758 if (gdb_ctx->num_params != 3) {
1759 put_packet("E22");
1760 return;
1761 }
1762
1763 /* hextomem() reads 2*len bytes */
1764 if (gdb_ctx->params[1].val_ull > strlen(gdb_ctx->params[2].data) / 2) {
1765 put_packet("E22");
1766 return;
1767 }
1768
1769 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[2].data,
1770 gdb_ctx->params[1].val_ull);
1771 if (target_memory_rw_debug(gdbserver_state.g_cpu, gdb_ctx->params[0].val_ull,
1772 gdbserver_state.mem_buf->data,
1773 gdbserver_state.mem_buf->len, true)) {
1774 put_packet("E14");
1775 return;
1776 }
1777
1778 put_packet("OK");
1779 }
1780
1781 static void handle_read_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1782 {
1783 if (gdb_ctx->num_params != 2) {
1784 put_packet("E22");
1785 return;
1786 }
1787
1788 /* memtohex() doubles the required space */
1789 if (gdb_ctx->params[1].val_ull > MAX_PACKET_LENGTH / 2) {
1790 put_packet("E22");
1791 return;
1792 }
1793
1794 g_byte_array_set_size(gdbserver_state.mem_buf, gdb_ctx->params[1].val_ull);
1795
1796 if (target_memory_rw_debug(gdbserver_state.g_cpu, gdb_ctx->params[0].val_ull,
1797 gdbserver_state.mem_buf->data,
1798 gdbserver_state.mem_buf->len, false)) {
1799 put_packet("E14");
1800 return;
1801 }
1802
1803 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1804 gdbserver_state.mem_buf->len);
1805 put_strbuf();
1806 }
1807
1808 static void handle_write_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1809 {
1810 target_ulong addr, len;
1811 uint8_t *registers;
1812 int reg_size;
1813
1814 if (!gdb_ctx->num_params) {
1815 return;
1816 }
1817
1818 cpu_synchronize_state(gdbserver_state.g_cpu);
1819 len = strlen(gdb_ctx->params[0].data) / 2;
1820 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[0].data, len);
1821 registers = gdbserver_state.mem_buf->data;
1822 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1823 addr++) {
1824 reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, addr);
1825 len -= reg_size;
1826 registers += reg_size;
1827 }
1828 put_packet("OK");
1829 }
1830
1831 static void handle_read_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1832 {
1833 target_ulong addr, len;
1834
1835 cpu_synchronize_state(gdbserver_state.g_cpu);
1836 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1837 len = 0;
1838 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs; addr++) {
1839 len += gdb_read_register(gdbserver_state.g_cpu,
1840 gdbserver_state.mem_buf,
1841 addr);
1842 }
1843 g_assert(len == gdbserver_state.mem_buf->len);
1844
1845 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1846 put_strbuf();
1847 }
1848
1849 static void handle_file_io(GdbCmdContext *gdb_ctx, void *user_ctx)
1850 {
1851 if (gdb_ctx->num_params >= 1 && gdbserver_state.current_syscall_cb) {
1852 target_ulong ret, err;
1853
1854 ret = (target_ulong)gdb_ctx->params[0].val_ull;
1855 if (gdb_ctx->num_params >= 2) {
1856 err = (target_ulong)gdb_ctx->params[1].val_ull;
1857 } else {
1858 err = 0;
1859 }
1860 gdbserver_state.current_syscall_cb(gdbserver_state.c_cpu, ret, err);
1861 gdbserver_state.current_syscall_cb = NULL;
1862 }
1863
1864 if (gdb_ctx->num_params >= 3 && gdb_ctx->params[2].opcode == (uint8_t)'C') {
1865 put_packet("T02");
1866 return;
1867 }
1868
1869 gdb_continue();
1870 }
1871
1872 static void handle_step(GdbCmdContext *gdb_ctx, void *user_ctx)
1873 {
1874 if (gdb_ctx->num_params) {
1875 gdb_set_cpu_pc((target_ulong)gdb_ctx->params[0].val_ull);
1876 }
1877
1878 cpu_single_step(gdbserver_state.c_cpu, sstep_flags);
1879 gdb_continue();
1880 }
1881
1882 static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
1883 {
1884 put_packet("vCont;c;C;s;S");
1885 }
1886
1887 static void handle_v_cont(GdbCmdContext *gdb_ctx, void *user_ctx)
1888 {
1889 int res;
1890
1891 if (!gdb_ctx->num_params) {
1892 return;
1893 }
1894
1895 res = gdb_handle_vcont(gdb_ctx->params[0].data);
1896 if ((res == -EINVAL) || (res == -ERANGE)) {
1897 put_packet("E22");
1898 } else if (res) {
1899 put_packet("");
1900 }
1901 }
1902
1903 static void handle_v_attach(GdbCmdContext *gdb_ctx, void *user_ctx)
1904 {
1905 GDBProcess *process;
1906 CPUState *cpu;
1907
1908 g_string_assign(gdbserver_state.str_buf, "E22");
1909 if (!gdb_ctx->num_params) {
1910 goto cleanup;
1911 }
1912
1913 process = gdb_get_process(gdb_ctx->params[0].val_ul);
1914 if (!process) {
1915 goto cleanup;
1916 }
1917
1918 cpu = get_first_cpu_in_process(process);
1919 if (!cpu) {
1920 goto cleanup;
1921 }
1922
1923 process->attached = true;
1924 gdbserver_state.g_cpu = cpu;
1925 gdbserver_state.c_cpu = cpu;
1926
1927 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1928 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1929 g_string_append_c(gdbserver_state.str_buf, ';');
1930 cleanup:
1931 put_strbuf();
1932 }
1933
1934 static void handle_v_kill(GdbCmdContext *gdb_ctx, void *user_ctx)
1935 {
1936 /* Kill the target */
1937 put_packet("OK");
1938 error_report("QEMU: Terminated via GDBstub");
1939 exit(0);
1940 }
1941
1942 static GdbCmdParseEntry gdb_v_commands_table[] = {
1943 /* Order is important if has same prefix */
1944 {
1945 .handler = handle_v_cont_query,
1946 .cmd = "Cont?",
1947 .cmd_startswith = 1
1948 },
1949 {
1950 .handler = handle_v_cont,
1951 .cmd = "Cont",
1952 .cmd_startswith = 1,
1953 .schema = "s0"
1954 },
1955 {
1956 .handler = handle_v_attach,
1957 .cmd = "Attach;",
1958 .cmd_startswith = 1,
1959 .schema = "l0"
1960 },
1961 {
1962 .handler = handle_v_kill,
1963 .cmd = "Kill;",
1964 .cmd_startswith = 1
1965 },
1966 };
1967
1968 static void handle_v_commands(GdbCmdContext *gdb_ctx, void *user_ctx)
1969 {
1970 if (!gdb_ctx->num_params) {
1971 return;
1972 }
1973
1974 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
1975 gdb_v_commands_table,
1976 ARRAY_SIZE(gdb_v_commands_table))) {
1977 put_packet("");
1978 }
1979 }
1980
1981 static void handle_query_qemu_sstepbits(GdbCmdContext *gdb_ctx, void *user_ctx)
1982 {
1983 g_string_printf(gdbserver_state.str_buf, "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1984 SSTEP_ENABLE, SSTEP_NOIRQ, SSTEP_NOTIMER);
1985 put_strbuf();
1986 }
1987
1988 static void handle_set_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1989 {
1990 if (!gdb_ctx->num_params) {
1991 return;
1992 }
1993
1994 sstep_flags = gdb_ctx->params[0].val_ul;
1995 put_packet("OK");
1996 }
1997
1998 static void handle_query_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1999 {
2000 g_string_printf(gdbserver_state.str_buf, "0x%x", sstep_flags);
2001 put_strbuf();
2002 }
2003
2004 static void handle_query_curr_tid(GdbCmdContext *gdb_ctx, void *user_ctx)
2005 {
2006 CPUState *cpu;
2007 GDBProcess *process;
2008
2009 /*
2010 * "Current thread" remains vague in the spec, so always return
2011 * the first thread of the current process (gdb returns the
2012 * first thread).
2013 */
2014 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2015 cpu = get_first_cpu_in_process(process);
2016 g_string_assign(gdbserver_state.str_buf, "QC");
2017 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
2018 put_strbuf();
2019 }
2020
2021 static void handle_query_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
2022 {
2023 if (!gdbserver_state.query_cpu) {
2024 put_packet("l");
2025 return;
2026 }
2027
2028 g_string_assign(gdbserver_state.str_buf, "m");
2029 gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
2030 put_strbuf();
2031 gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
2032 }
2033
2034 static void handle_query_first_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
2035 {
2036 gdbserver_state.query_cpu = gdb_first_attached_cpu();
2037 handle_query_threads(gdb_ctx, user_ctx);
2038 }
2039
2040 static void handle_query_thread_extra(GdbCmdContext *gdb_ctx, void *user_ctx)
2041 {
2042 g_autoptr(GString) rs = g_string_new(NULL);
2043 CPUState *cpu;
2044
2045 if (!gdb_ctx->num_params ||
2046 gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
2047 put_packet("E22");
2048 return;
2049 }
2050
2051 cpu = gdb_get_cpu(gdb_ctx->params[0].thread_id.pid,
2052 gdb_ctx->params[0].thread_id.tid);
2053 if (!cpu) {
2054 return;
2055 }
2056
2057 cpu_synchronize_state(cpu);
2058
2059 if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
2060 /* Print the CPU model and name in multiprocess mode */
2061 ObjectClass *oc = object_get_class(OBJECT(cpu));
2062 const char *cpu_model = object_class_get_name(oc);
2063 g_autofree char *cpu_name;
2064 cpu_name = object_get_canonical_path_component(OBJECT(cpu));
2065 g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
2066 cpu->halted ? "halted " : "running");
2067 } else {
2068 g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
2069 cpu->halted ? "halted " : "running");
2070 }
2071 trace_gdbstub_op_extra_info(rs->str);
2072 memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
2073 put_strbuf();
2074 }
2075
2076 #ifdef CONFIG_USER_ONLY
2077 static void handle_query_offsets(GdbCmdContext *gdb_ctx, void *user_ctx)
2078 {
2079 TaskState *ts;
2080
2081 ts = gdbserver_state.c_cpu->opaque;
2082 g_string_printf(gdbserver_state.str_buf,
2083 "Text=" TARGET_ABI_FMT_lx
2084 ";Data=" TARGET_ABI_FMT_lx
2085 ";Bss=" TARGET_ABI_FMT_lx,
2086 ts->info->code_offset,
2087 ts->info->data_offset,
2088 ts->info->data_offset);
2089 put_strbuf();
2090 }
2091 #else
2092 static void handle_query_rcmd(GdbCmdContext *gdb_ctx, void *user_ctx)
2093 {
2094 const guint8 zero = 0;
2095 int len;
2096
2097 if (!gdb_ctx->num_params) {
2098 put_packet("E22");
2099 return;
2100 }
2101
2102 len = strlen(gdb_ctx->params[0].data);
2103 if (len % 2) {
2104 put_packet("E01");
2105 return;
2106 }
2107
2108 g_assert(gdbserver_state.mem_buf->len == 0);
2109 len = len / 2;
2110 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[0].data, len);
2111 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
2112 qemu_chr_be_write(gdbserver_state.mon_chr, gdbserver_state.mem_buf->data,
2113 gdbserver_state.mem_buf->len);
2114 put_packet("OK");
2115 }
2116 #endif
2117
2118 static void handle_query_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2119 {
2120 CPUClass *cc;
2121
2122 g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
2123 cc = CPU_GET_CLASS(first_cpu);
2124 if (cc->gdb_core_xml_file) {
2125 g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
2126 }
2127
2128 if (gdb_ctx->num_params &&
2129 strstr(gdb_ctx->params[0].data, "multiprocess+")) {
2130 gdbserver_state.multiprocess = true;
2131 }
2132
2133 g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
2134 put_strbuf();
2135 }
2136
2137 static void handle_query_xfer_features(GdbCmdContext *gdb_ctx, void *user_ctx)
2138 {
2139 GDBProcess *process;
2140 CPUClass *cc;
2141 unsigned long len, total_len, addr;
2142 const char *xml;
2143 const char *p;
2144
2145 if (gdb_ctx->num_params < 3) {
2146 put_packet("E22");
2147 return;
2148 }
2149
2150 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2151 cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
2152 if (!cc->gdb_core_xml_file) {
2153 put_packet("");
2154 return;
2155 }
2156
2157 gdb_has_xml = true;
2158 p = gdb_ctx->params[0].data;
2159 xml = get_feature_xml(p, &p, process);
2160 if (!xml) {
2161 put_packet("E00");
2162 return;
2163 }
2164
2165 addr = gdb_ctx->params[1].val_ul;
2166 len = gdb_ctx->params[2].val_ul;
2167 total_len = strlen(xml);
2168 if (addr > total_len) {
2169 put_packet("E00");
2170 return;
2171 }
2172
2173 if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2174 len = (MAX_PACKET_LENGTH - 5) / 2;
2175 }
2176
2177 if (len < total_len - addr) {
2178 g_string_assign(gdbserver_state.str_buf, "m");
2179 memtox(gdbserver_state.str_buf, xml + addr, len);
2180 } else {
2181 g_string_assign(gdbserver_state.str_buf, "l");
2182 memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
2183 }
2184
2185 put_packet_binary(gdbserver_state.str_buf->str,
2186 gdbserver_state.str_buf->len, true);
2187 }
2188
2189 static void handle_query_attached(GdbCmdContext *gdb_ctx, void *user_ctx)
2190 {
2191 put_packet(GDB_ATTACHED);
2192 }
2193
2194 static void handle_query_qemu_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2195 {
2196 g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
2197 #ifndef CONFIG_USER_ONLY
2198 g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
2199 #endif
2200 put_strbuf();
2201 }
2202
2203 #ifndef CONFIG_USER_ONLY
2204 static void handle_query_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx,
2205 void *user_ctx)
2206 {
2207 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
2208 put_strbuf();
2209 }
2210
2211 static void handle_set_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx, void *user_ctx)
2212 {
2213 if (!gdb_ctx->num_params) {
2214 put_packet("E22");
2215 return;
2216 }
2217
2218 if (!gdb_ctx->params[0].val_ul) {
2219 phy_memory_mode = 0;
2220 } else {
2221 phy_memory_mode = 1;
2222 }
2223 put_packet("OK");
2224 }
2225 #endif
2226
2227 static GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2228 /* Order is important if has same prefix */
2229 {
2230 .handler = handle_query_qemu_sstepbits,
2231 .cmd = "qemu.sstepbits",
2232 },
2233 {
2234 .handler = handle_query_qemu_sstep,
2235 .cmd = "qemu.sstep",
2236 },
2237 {
2238 .handler = handle_set_qemu_sstep,
2239 .cmd = "qemu.sstep=",
2240 .cmd_startswith = 1,
2241 .schema = "l0"
2242 },
2243 };
2244
2245 static GdbCmdParseEntry gdb_gen_query_table[] = {
2246 {
2247 .handler = handle_query_curr_tid,
2248 .cmd = "C",
2249 },
2250 {
2251 .handler = handle_query_threads,
2252 .cmd = "sThreadInfo",
2253 },
2254 {
2255 .handler = handle_query_first_threads,
2256 .cmd = "fThreadInfo",
2257 },
2258 {
2259 .handler = handle_query_thread_extra,
2260 .cmd = "ThreadExtraInfo,",
2261 .cmd_startswith = 1,
2262 .schema = "t0"
2263 },
2264 #ifdef CONFIG_USER_ONLY
2265 {
2266 .handler = handle_query_offsets,
2267 .cmd = "Offsets",
2268 },
2269 #else
2270 {
2271 .handler = handle_query_rcmd,
2272 .cmd = "Rcmd,",
2273 .cmd_startswith = 1,
2274 .schema = "s0"
2275 },
2276 #endif
2277 {
2278 .handler = handle_query_supported,
2279 .cmd = "Supported:",
2280 .cmd_startswith = 1,
2281 .schema = "s0"
2282 },
2283 {
2284 .handler = handle_query_supported,
2285 .cmd = "Supported",
2286 .schema = "s0"
2287 },
2288 {
2289 .handler = handle_query_xfer_features,
2290 .cmd = "Xfer:features:read:",
2291 .cmd_startswith = 1,
2292 .schema = "s:l,l0"
2293 },
2294 {
2295 .handler = handle_query_attached,
2296 .cmd = "Attached:",
2297 .cmd_startswith = 1
2298 },
2299 {
2300 .handler = handle_query_attached,
2301 .cmd = "Attached",
2302 },
2303 {
2304 .handler = handle_query_qemu_supported,
2305 .cmd = "qemu.Supported",
2306 },
2307 #ifndef CONFIG_USER_ONLY
2308 {
2309 .handler = handle_query_qemu_phy_mem_mode,
2310 .cmd = "qemu.PhyMemMode",
2311 },
2312 #endif
2313 };
2314
2315 static GdbCmdParseEntry gdb_gen_set_table[] = {
2316 /* Order is important if has same prefix */
2317 {
2318 .handler = handle_set_qemu_sstep,
2319 .cmd = "qemu.sstep:",
2320 .cmd_startswith = 1,
2321 .schema = "l0"
2322 },
2323 #ifndef CONFIG_USER_ONLY
2324 {
2325 .handler = handle_set_qemu_phy_mem_mode,
2326 .cmd = "qemu.PhyMemMode:",
2327 .cmd_startswith = 1,
2328 .schema = "l0"
2329 },
2330 #endif
2331 };
2332
2333 static void handle_gen_query(GdbCmdContext *gdb_ctx, void *user_ctx)
2334 {
2335 if (!gdb_ctx->num_params) {
2336 return;
2337 }
2338
2339 if (!process_string_cmd(NULL, gdb_ctx->params[0].data,
2340 gdb_gen_query_set_common_table,
2341 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2342 return;
2343 }
2344
2345 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
2346 gdb_gen_query_table,
2347 ARRAY_SIZE(gdb_gen_query_table))) {
2348 put_packet("");
2349 }
2350 }
2351
2352 static void handle_gen_set(GdbCmdContext *gdb_ctx, void *user_ctx)
2353 {
2354 if (!gdb_ctx->num_params) {
2355 return;
2356 }
2357
2358 if (!process_string_cmd(NULL, gdb_ctx->params[0].data,
2359 gdb_gen_query_set_common_table,
2360 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2361 return;
2362 }
2363
2364 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
2365 gdb_gen_set_table,
2366 ARRAY_SIZE(gdb_gen_set_table))) {
2367 put_packet("");
2368 }
2369 }
2370
2371 static void handle_target_halt(GdbCmdContext *gdb_ctx, void *user_ctx)
2372 {
2373 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2374 gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2375 g_string_append_c(gdbserver_state.str_buf, ';');
2376 put_strbuf();
2377 /*
2378 * Remove all the breakpoints when this query is issued,
2379 * because gdb is doing an initial connect and the state
2380 * should be cleaned up.
2381 */
2382 gdb_breakpoint_remove_all();
2383 }
2384
2385 static int gdb_handle_packet(const char *line_buf)
2386 {
2387 const GdbCmdParseEntry *cmd_parser = NULL;
2388
2389 trace_gdbstub_io_command(line_buf);
2390
2391 switch (line_buf[0]) {
2392 case '!':
2393 put_packet("OK");
2394 break;
2395 case '?':
2396 {
2397 static const GdbCmdParseEntry target_halted_cmd_desc = {
2398 .handler = handle_target_halt,
2399 .cmd = "?",
2400 .cmd_startswith = 1
2401 };
2402 cmd_parser = &target_halted_cmd_desc;
2403 }
2404 break;
2405 case 'c':
2406 {
2407 static const GdbCmdParseEntry continue_cmd_desc = {
2408 .handler = handle_continue,
2409 .cmd = "c",
2410 .cmd_startswith = 1,
2411 .schema = "L0"
2412 };
2413 cmd_parser = &continue_cmd_desc;
2414 }
2415 break;
2416 case 'C':
2417 {
2418 static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2419 .handler = handle_cont_with_sig,
2420 .cmd = "C",
2421 .cmd_startswith = 1,
2422 .schema = "l0"
2423 };
2424 cmd_parser = &cont_with_sig_cmd_desc;
2425 }
2426 break;
2427 case 'v':
2428 {
2429 static const GdbCmdParseEntry v_cmd_desc = {
2430 .handler = handle_v_commands,
2431 .cmd = "v",
2432 .cmd_startswith = 1,
2433 .schema = "s0"
2434 };
2435 cmd_parser = &v_cmd_desc;
2436 }
2437 break;
2438 case 'k':
2439 /* Kill the target */
2440 error_report("QEMU: Terminated via GDBstub");
2441 exit(0);
2442 case 'D':
2443 {
2444 static const GdbCmdParseEntry detach_cmd_desc = {
2445 .handler = handle_detach,
2446 .cmd = "D",
2447 .cmd_startswith = 1,
2448 .schema = "?.l0"
2449 };
2450 cmd_parser = &detach_cmd_desc;
2451 }
2452 break;
2453 case 's':
2454 {
2455 static const GdbCmdParseEntry step_cmd_desc = {
2456 .handler = handle_step,
2457 .cmd = "s",
2458 .cmd_startswith = 1,
2459 .schema = "L0"
2460 };
2461 cmd_parser = &step_cmd_desc;
2462 }
2463 break;
2464 case 'F':
2465 {
2466 static const GdbCmdParseEntry file_io_cmd_desc = {
2467 .handler = handle_file_io,
2468 .cmd = "F",
2469 .cmd_startswith = 1,
2470 .schema = "L,L,o0"
2471 };
2472 cmd_parser = &file_io_cmd_desc;
2473 }
2474 break;
2475 case 'g':
2476 {
2477 static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2478 .handler = handle_read_all_regs,
2479 .cmd = "g",
2480 .cmd_startswith = 1
2481 };
2482 cmd_parser = &read_all_regs_cmd_desc;
2483 }
2484 break;
2485 case 'G':
2486 {
2487 static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2488 .handler = handle_write_all_regs,
2489 .cmd = "G",
2490 .cmd_startswith = 1,
2491 .schema = "s0"
2492 };
2493 cmd_parser = &write_all_regs_cmd_desc;
2494 }
2495 break;
2496 case 'm':
2497 {
2498 static const GdbCmdParseEntry read_mem_cmd_desc = {
2499 .handler = handle_read_mem,
2500 .cmd = "m",
2501 .cmd_startswith = 1,
2502 .schema = "L,L0"
2503 };
2504 cmd_parser = &read_mem_cmd_desc;
2505 }
2506 break;
2507 case 'M':
2508 {
2509 static const GdbCmdParseEntry write_mem_cmd_desc = {
2510 .handler = handle_write_mem,
2511 .cmd = "M",
2512 .cmd_startswith = 1,
2513 .schema = "L,L:s0"
2514 };
2515 cmd_parser = &write_mem_cmd_desc;
2516 }
2517 break;
2518 case 'p':
2519 {
2520 static const GdbCmdParseEntry get_reg_cmd_desc = {
2521 .handler = handle_get_reg,
2522 .cmd = "p",
2523 .cmd_startswith = 1,
2524 .schema = "L0"
2525 };
2526 cmd_parser = &get_reg_cmd_desc;
2527 }
2528 break;
2529 case 'P':
2530 {
2531 static const GdbCmdParseEntry set_reg_cmd_desc = {
2532 .handler = handle_set_reg,
2533 .cmd = "P",
2534 .cmd_startswith = 1,
2535 .schema = "L?s0"
2536 };
2537 cmd_parser = &set_reg_cmd_desc;
2538 }
2539 break;
2540 case 'Z':
2541 {
2542 static const GdbCmdParseEntry insert_bp_cmd_desc = {
2543 .handler = handle_insert_bp,
2544 .cmd = "Z",
2545 .cmd_startswith = 1,
2546 .schema = "l?L?L0"
2547 };
2548 cmd_parser = &insert_bp_cmd_desc;
2549 }
2550 break;
2551 case 'z':
2552 {
2553 static const GdbCmdParseEntry remove_bp_cmd_desc = {
2554 .handler = handle_remove_bp,
2555 .cmd = "z",
2556 .cmd_startswith = 1,
2557 .schema = "l?L?L0"
2558 };
2559 cmd_parser = &remove_bp_cmd_desc;
2560 }
2561 break;
2562 case 'H':
2563 {
2564 static const GdbCmdParseEntry set_thread_cmd_desc = {
2565 .handler = handle_set_thread,
2566 .cmd = "H",
2567 .cmd_startswith = 1,
2568 .schema = "o.t0"
2569 };
2570 cmd_parser = &set_thread_cmd_desc;
2571 }
2572 break;
2573 case 'T':
2574 {
2575 static const GdbCmdParseEntry thread_alive_cmd_desc = {
2576 .handler = handle_thread_alive,
2577 .cmd = "T",
2578 .cmd_startswith = 1,
2579 .schema = "t0"
2580 };
2581 cmd_parser = &thread_alive_cmd_desc;
2582 }
2583 break;
2584 case 'q':
2585 {
2586 static const GdbCmdParseEntry gen_query_cmd_desc = {
2587 .handler = handle_gen_query,
2588 .cmd = "q",
2589 .cmd_startswith = 1,
2590 .schema = "s0"
2591 };
2592 cmd_parser = &gen_query_cmd_desc;
2593 }
2594 break;
2595 case 'Q':
2596 {
2597 static const GdbCmdParseEntry gen_set_cmd_desc = {
2598 .handler = handle_gen_set,
2599 .cmd = "Q",
2600 .cmd_startswith = 1,
2601 .schema = "s0"
2602 };
2603 cmd_parser = &gen_set_cmd_desc;
2604 }
2605 break;
2606 default:
2607 /* put empty packet */
2608 put_packet("");
2609 break;
2610 }
2611
2612 if (cmd_parser) {
2613 run_cmd_parser(line_buf, cmd_parser);
2614 }
2615
2616 return RS_IDLE;
2617 }
2618
2619 void gdb_set_stop_cpu(CPUState *cpu)
2620 {
2621 GDBProcess *p = gdb_get_cpu_process(cpu);
2622
2623 if (!p->attached) {
2624 /*
2625 * Having a stop CPU corresponding to a process that is not attached
2626 * confuses GDB. So we ignore the request.
2627 */
2628 return;
2629 }
2630
2631 gdbserver_state.c_cpu = cpu;
2632 gdbserver_state.g_cpu = cpu;
2633 }
2634
2635 #ifndef CONFIG_USER_ONLY
2636 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2637 {
2638 CPUState *cpu = gdbserver_state.c_cpu;
2639 g_autoptr(GString) buf = g_string_new(NULL);
2640 g_autoptr(GString) tid = g_string_new(NULL);
2641 const char *type;
2642 int ret;
2643
2644 if (running || gdbserver_state.state == RS_INACTIVE) {
2645 return;
2646 }
2647 /* Is there a GDB syscall waiting to be sent? */
2648 if (gdbserver_state.current_syscall_cb) {
2649 put_packet(gdbserver_state.syscall_buf);
2650 return;
2651 }
2652
2653 if (cpu == NULL) {
2654 /* No process attached */
2655 return;
2656 }
2657
2658 gdb_append_thread_id(cpu, tid);
2659
2660 switch (state) {
2661 case RUN_STATE_DEBUG:
2662 if (cpu->watchpoint_hit) {
2663 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2664 case BP_MEM_READ:
2665 type = "r";
2666 break;
2667 case BP_MEM_ACCESS:
2668 type = "a";
2669 break;
2670 default:
2671 type = "";
2672 break;
2673 }
2674 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2675 (target_ulong)cpu->watchpoint_hit->vaddr);
2676 g_string_printf(buf, "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2677 GDB_SIGNAL_TRAP, tid->str, type,
2678 (target_ulong)cpu->watchpoint_hit->vaddr);
2679 cpu->watchpoint_hit = NULL;
2680 goto send_packet;
2681 } else {
2682 trace_gdbstub_hit_break();
2683 }
2684 tb_flush(cpu);
2685 ret = GDB_SIGNAL_TRAP;
2686 break;
2687 case RUN_STATE_PAUSED:
2688 trace_gdbstub_hit_paused();
2689 ret = GDB_SIGNAL_INT;
2690 break;
2691 case RUN_STATE_SHUTDOWN:
2692 trace_gdbstub_hit_shutdown();
2693 ret = GDB_SIGNAL_QUIT;
2694 break;
2695 case RUN_STATE_IO_ERROR:
2696 trace_gdbstub_hit_io_error();
2697 ret = GDB_SIGNAL_IO;
2698 break;
2699 case RUN_STATE_WATCHDOG:
2700 trace_gdbstub_hit_watchdog();
2701 ret = GDB_SIGNAL_ALRM;
2702 break;
2703 case RUN_STATE_INTERNAL_ERROR:
2704 trace_gdbstub_hit_internal_error();
2705 ret = GDB_SIGNAL_ABRT;
2706 break;
2707 case RUN_STATE_SAVE_VM:
2708 case RUN_STATE_RESTORE_VM:
2709 return;
2710 case RUN_STATE_FINISH_MIGRATE:
2711 ret = GDB_SIGNAL_XCPU;
2712 break;
2713 default:
2714 trace_gdbstub_hit_unknown(state);
2715 ret = GDB_SIGNAL_UNKNOWN;
2716 break;
2717 }
2718 gdb_set_stop_cpu(cpu);
2719 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
2720
2721 send_packet:
2722 put_packet(buf->str);
2723
2724 /* disable single step if it was enabled */
2725 cpu_single_step(cpu, 0);
2726 }
2727 #endif
2728
2729 /* Send a gdb syscall request.
2730 This accepts limited printf-style format specifiers, specifically:
2731 %x - target_ulong argument printed in hex.
2732 %lx - 64-bit argument printed in hex.
2733 %s - string pointer (target_ulong) and length (int) pair. */
2734 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2735 {
2736 char *p;
2737 char *p_end;
2738 target_ulong addr;
2739 uint64_t i64;
2740
2741 if (!gdbserver_state.init) {
2742 return;
2743 }
2744
2745 gdbserver_state.current_syscall_cb = cb;
2746 #ifndef CONFIG_USER_ONLY
2747 vm_stop(RUN_STATE_DEBUG);
2748 #endif
2749 p = &gdbserver_state.syscall_buf[0];
2750 p_end = &gdbserver_state.syscall_buf[sizeof(gdbserver_state.syscall_buf)];
2751 *(p++) = 'F';
2752 while (*fmt) {
2753 if (*fmt == '%') {
2754 fmt++;
2755 switch (*fmt++) {
2756 case 'x':
2757 addr = va_arg(va, target_ulong);
2758 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2759 break;
2760 case 'l':
2761 if (*(fmt++) != 'x')
2762 goto bad_format;
2763 i64 = va_arg(va, uint64_t);
2764 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2765 break;
2766 case 's':
2767 addr = va_arg(va, target_ulong);
2768 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2769 addr, va_arg(va, int));
2770 break;
2771 default:
2772 bad_format:
2773 error_report("gdbstub: Bad syscall format string '%s'",
2774 fmt - 1);
2775 break;
2776 }
2777 } else {
2778 *(p++) = *(fmt++);
2779 }
2780 }
2781 *p = 0;
2782 #ifdef CONFIG_USER_ONLY
2783 put_packet(gdbserver_state.syscall_buf);
2784 /* Return control to gdb for it to process the syscall request.
2785 * Since the protocol requires that gdb hands control back to us
2786 * using a "here are the results" F packet, we don't need to check
2787 * gdb_handlesig's return value (which is the signal to deliver if
2788 * execution was resumed via a continue packet).
2789 */
2790 gdb_handlesig(gdbserver_state.c_cpu, 0);
2791 #else
2792 /* In this case wait to send the syscall packet until notification that
2793 the CPU has stopped. This must be done because if the packet is sent
2794 now the reply from the syscall request could be received while the CPU
2795 is still in the running state, which can cause packets to be dropped
2796 and state transition 'T' packets to be sent while the syscall is still
2797 being processed. */
2798 qemu_cpu_kick(gdbserver_state.c_cpu);
2799 #endif
2800 }
2801
2802 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2803 {
2804 va_list va;
2805
2806 va_start(va, fmt);
2807 gdb_do_syscallv(cb, fmt, va);
2808 va_end(va);
2809 }
2810
2811 static void gdb_read_byte(uint8_t ch)
2812 {
2813 uint8_t reply;
2814
2815 #ifndef CONFIG_USER_ONLY
2816 if (gdbserver_state.last_packet->len) {
2817 /* Waiting for a response to the last packet. If we see the start
2818 of a new command then abandon the previous response. */
2819 if (ch == '-') {
2820 trace_gdbstub_err_got_nack();
2821 put_buffer(gdbserver_state.last_packet->data,
2822 gdbserver_state.last_packet->len);
2823 } else if (ch == '+') {
2824 trace_gdbstub_io_got_ack();
2825 } else {
2826 trace_gdbstub_io_got_unexpected(ch);
2827 }
2828
2829 if (ch == '+' || ch == '$') {
2830 g_byte_array_set_size(gdbserver_state.last_packet, 0);
2831 }
2832 if (ch != '$')
2833 return;
2834 }
2835 if (runstate_is_running()) {
2836 /* when the CPU is running, we cannot do anything except stop
2837 it when receiving a char */
2838 vm_stop(RUN_STATE_PAUSED);
2839 } else
2840 #endif
2841 {
2842 switch(gdbserver_state.state) {
2843 case RS_IDLE:
2844 if (ch == '$') {
2845 /* start of command packet */
2846 gdbserver_state.line_buf_index = 0;
2847 gdbserver_state.line_sum = 0;
2848 gdbserver_state.state = RS_GETLINE;
2849 } else {
2850 trace_gdbstub_err_garbage(ch);
2851 }
2852 break;
2853 case RS_GETLINE:
2854 if (ch == '}') {
2855 /* start escape sequence */
2856 gdbserver_state.state = RS_GETLINE_ESC;
2857 gdbserver_state.line_sum += ch;
2858 } else if (ch == '*') {
2859 /* start run length encoding sequence */
2860 gdbserver_state.state = RS_GETLINE_RLE;
2861 gdbserver_state.line_sum += ch;
2862 } else if (ch == '#') {
2863 /* end of command, start of checksum*/
2864 gdbserver_state.state = RS_CHKSUM1;
2865 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2866 trace_gdbstub_err_overrun();
2867 gdbserver_state.state = RS_IDLE;
2868 } else {
2869 /* unescaped command character */
2870 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2871 gdbserver_state.line_sum += ch;
2872 }
2873 break;
2874 case RS_GETLINE_ESC:
2875 if (ch == '#') {
2876 /* unexpected end of command in escape sequence */
2877 gdbserver_state.state = RS_CHKSUM1;
2878 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2879 /* command buffer overrun */
2880 trace_gdbstub_err_overrun();
2881 gdbserver_state.state = RS_IDLE;
2882 } else {
2883 /* parse escaped character and leave escape state */
2884 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2885 gdbserver_state.line_sum += ch;
2886 gdbserver_state.state = RS_GETLINE;
2887 }
2888 break;
2889 case RS_GETLINE_RLE:
2890 /*
2891 * Run-length encoding is explained in "Debugging with GDB /
2892 * Appendix E GDB Remote Serial Protocol / Overview".
2893 */
2894 if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2895 /* invalid RLE count encoding */
2896 trace_gdbstub_err_invalid_repeat(ch);
2897 gdbserver_state.state = RS_GETLINE;
2898 } else {
2899 /* decode repeat length */
2900 int repeat = ch - ' ' + 3;
2901 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2902 /* that many repeats would overrun the command buffer */
2903 trace_gdbstub_err_overrun();
2904 gdbserver_state.state = RS_IDLE;
2905 } else if (gdbserver_state.line_buf_index < 1) {
2906 /* got a repeat but we have nothing to repeat */
2907 trace_gdbstub_err_invalid_rle();
2908 gdbserver_state.state = RS_GETLINE;
2909 } else {
2910 /* repeat the last character */
2911 memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2912 gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2913 gdbserver_state.line_buf_index += repeat;
2914 gdbserver_state.line_sum += ch;
2915 gdbserver_state.state = RS_GETLINE;
2916 }
2917 }
2918 break;
2919 case RS_CHKSUM1:
2920 /* get high hex digit of checksum */
2921 if (!isxdigit(ch)) {
2922 trace_gdbstub_err_checksum_invalid(ch);
2923 gdbserver_state.state = RS_GETLINE;
2924 break;
2925 }
2926 gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2927 gdbserver_state.line_csum = fromhex(ch) << 4;
2928 gdbserver_state.state = RS_CHKSUM2;
2929 break;
2930 case RS_CHKSUM2:
2931 /* get low hex digit of checksum */
2932 if (!isxdigit(ch)) {
2933 trace_gdbstub_err_checksum_invalid(ch);
2934 gdbserver_state.state = RS_GETLINE;
2935 break;
2936 }
2937 gdbserver_state.line_csum |= fromhex(ch);
2938
2939 if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2940 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2941 /* send NAK reply */
2942 reply = '-';
2943 put_buffer(&reply, 1);
2944 gdbserver_state.state = RS_IDLE;
2945 } else {
2946 /* send ACK reply */
2947 reply = '+';
2948 put_buffer(&reply, 1);
2949 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2950 }
2951 break;
2952 default:
2953 abort();
2954 }
2955 }
2956 }
2957
2958 /* Tell the remote gdb that the process has exited. */
2959 void gdb_exit(CPUArchState *env, int code)
2960 {
2961 char buf[4];
2962
2963 if (!gdbserver_state.init) {
2964 return;
2965 }
2966 #ifdef CONFIG_USER_ONLY
2967 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
2968 return;
2969 }
2970 #endif
2971
2972 trace_gdbstub_op_exiting((uint8_t)code);
2973
2974 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2975 put_packet(buf);
2976
2977 #ifndef CONFIG_USER_ONLY
2978 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
2979 #endif
2980 }
2981
2982 /*
2983 * Create the process that will contain all the "orphan" CPUs (that are not
2984 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2985 * be attachable and thus will be invisible to the user.
2986 */
2987 static void create_default_process(GDBState *s)
2988 {
2989 GDBProcess *process;
2990 int max_pid = 0;
2991
2992 if (gdbserver_state.process_num) {
2993 max_pid = s->processes[s->process_num - 1].pid;
2994 }
2995
2996 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2997 process = &s->processes[s->process_num - 1];
2998
2999 /* We need an available PID slot for this process */
3000 assert(max_pid < UINT32_MAX);
3001
3002 process->pid = max_pid + 1;
3003 process->attached = false;
3004 process->target_xml[0] = '\0';
3005 }
3006
3007 #ifdef CONFIG_USER_ONLY
3008 int
3009 gdb_handlesig(CPUState *cpu, int sig)
3010 {
3011 char buf[256];
3012 int n;
3013
3014 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3015 return sig;
3016 }
3017
3018 /* disable single step if it was enabled */
3019 cpu_single_step(cpu, 0);
3020 tb_flush(cpu);
3021
3022 if (sig != 0) {
3023 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
3024 put_packet(buf);
3025 }
3026 /* put_packet() might have detected that the peer terminated the
3027 connection. */
3028 if (gdbserver_state.fd < 0) {
3029 return sig;
3030 }
3031
3032 sig = 0;
3033 gdbserver_state.state = RS_IDLE;
3034 gdbserver_state.running_state = 0;
3035 while (gdbserver_state.running_state == 0) {
3036 n = read(gdbserver_state.fd, buf, 256);
3037 if (n > 0) {
3038 int i;
3039
3040 for (i = 0; i < n; i++) {
3041 gdb_read_byte(buf[i]);
3042 }
3043 } else {
3044 /* XXX: Connection closed. Should probably wait for another
3045 connection before continuing. */
3046 if (n == 0) {
3047 close(gdbserver_state.fd);
3048 }
3049 gdbserver_state.fd = -1;
3050 return sig;
3051 }
3052 }
3053 sig = gdbserver_state.signal;
3054 gdbserver_state.signal = 0;
3055 return sig;
3056 }
3057
3058 /* Tell the remote gdb that the process has exited due to SIG. */
3059 void gdb_signalled(CPUArchState *env, int sig)
3060 {
3061 char buf[4];
3062
3063 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3064 return;
3065 }
3066
3067 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3068 put_packet(buf);
3069 }
3070
3071 static bool gdb_accept(void)
3072 {
3073 struct sockaddr_in sockaddr;
3074 socklen_t len;
3075 int fd;
3076
3077 for(;;) {
3078 len = sizeof(sockaddr);
3079 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
3080 if (fd < 0 && errno != EINTR) {
3081 perror("accept");
3082 return false;
3083 } else if (fd >= 0) {
3084 qemu_set_cloexec(fd);
3085 break;
3086 }
3087 }
3088
3089 /* set short latency */
3090 if (socket_set_nodelay(fd)) {
3091 perror("setsockopt");
3092 close(fd);
3093 return false;
3094 }
3095
3096 init_gdbserver_state();
3097 create_default_process(&gdbserver_state);
3098 gdbserver_state.processes[0].attached = true;
3099 gdbserver_state.c_cpu = gdb_first_attached_cpu();
3100 gdbserver_state.g_cpu = gdbserver_state.c_cpu;
3101 gdbserver_state.fd = fd;
3102 gdb_has_xml = false;
3103 return true;
3104 }
3105
3106 static int gdbserver_open(int port)
3107 {
3108 struct sockaddr_in sockaddr;
3109 int fd, ret;
3110
3111 fd = socket(PF_INET, SOCK_STREAM, 0);
3112 if (fd < 0) {
3113 perror("socket");
3114 return -1;
3115 }
3116 qemu_set_cloexec(fd);
3117
3118 socket_set_fast_reuse(fd);
3119
3120 sockaddr.sin_family = AF_INET;
3121 sockaddr.sin_port = htons(port);
3122 sockaddr.sin_addr.s_addr = 0;
3123 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3124 if (ret < 0) {
3125 perror("bind");
3126 close(fd);
3127 return -1;
3128 }
3129 ret = listen(fd, 1);
3130 if (ret < 0) {
3131 perror("listen");
3132 close(fd);
3133 return -1;
3134 }
3135 return fd;
3136 }
3137
3138 int gdbserver_start(int port)
3139 {
3140 gdbserver_fd = gdbserver_open(port);
3141 if (gdbserver_fd < 0)
3142 return -1;
3143 /* accept connections */
3144 if (!gdb_accept()) {
3145 close(gdbserver_fd);
3146 gdbserver_fd = -1;
3147 return -1;
3148 }
3149 return 0;
3150 }
3151
3152 /* Disable gdb stub for child processes. */
3153 void gdbserver_fork(CPUState *cpu)
3154 {
3155 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3156 return;
3157 }
3158 close(gdbserver_state.fd);
3159 gdbserver_state.fd = -1;
3160 cpu_breakpoint_remove_all(cpu, BP_GDB);
3161 cpu_watchpoint_remove_all(cpu, BP_GDB);
3162 }
3163 #else
3164 static int gdb_chr_can_receive(void *opaque)
3165 {
3166 /* We can handle an arbitrarily large amount of data.
3167 Pick the maximum packet size, which is as good as anything. */
3168 return MAX_PACKET_LENGTH;
3169 }
3170
3171 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3172 {
3173 int i;
3174
3175 for (i = 0; i < size; i++) {
3176 gdb_read_byte(buf[i]);
3177 }
3178 }
3179
3180 static void gdb_chr_event(void *opaque, QEMUChrEvent event)
3181 {
3182 int i;
3183 GDBState *s = (GDBState *) opaque;
3184
3185 switch (event) {
3186 case CHR_EVENT_OPENED:
3187 /* Start with first process attached, others detached */
3188 for (i = 0; i < s->process_num; i++) {
3189 s->processes[i].attached = !i;
3190 }
3191
3192 s->c_cpu = gdb_first_attached_cpu();
3193 s->g_cpu = s->c_cpu;
3194
3195 vm_stop(RUN_STATE_PAUSED);
3196 gdb_has_xml = false;
3197 break;
3198 default:
3199 break;
3200 }
3201 }
3202
3203 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3204 {
3205 g_autoptr(GString) hex_buf = g_string_new("O");
3206 memtohex(hex_buf, buf, len);
3207 put_packet(hex_buf->str);
3208 return len;
3209 }
3210
3211 #ifndef _WIN32
3212 static void gdb_sigterm_handler(int signal)
3213 {
3214 if (runstate_is_running()) {
3215 vm_stop(RUN_STATE_PAUSED);
3216 }
3217 }
3218 #endif
3219
3220 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3221 bool *be_opened, Error **errp)
3222 {
3223 *be_opened = false;
3224 }
3225
3226 static void char_gdb_class_init(ObjectClass *oc, void *data)
3227 {
3228 ChardevClass *cc = CHARDEV_CLASS(oc);
3229
3230 cc->internal = true;
3231 cc->open = gdb_monitor_open;
3232 cc->chr_write = gdb_monitor_write;
3233 }
3234
3235 #define TYPE_CHARDEV_GDB "chardev-gdb"
3236
3237 static const TypeInfo char_gdb_type_info = {
3238 .name = TYPE_CHARDEV_GDB,
3239 .parent = TYPE_CHARDEV,
3240 .class_init = char_gdb_class_init,
3241 };
3242
3243 static int find_cpu_clusters(Object *child, void *opaque)
3244 {
3245 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3246 GDBState *s = (GDBState *) opaque;
3247 CPUClusterState *cluster = CPU_CLUSTER(child);
3248 GDBProcess *process;
3249
3250 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3251
3252 process = &s->processes[s->process_num - 1];
3253
3254 /*
3255 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3256 * runtime, we enforce here that the machine does not use a cluster ID
3257 * that would lead to PID 0.
3258 */
3259 assert(cluster->cluster_id != UINT32_MAX);
3260 process->pid = cluster->cluster_id + 1;
3261 process->attached = false;
3262 process->target_xml[0] = '\0';
3263
3264 return 0;
3265 }
3266
3267 return object_child_foreach(child, find_cpu_clusters, opaque);
3268 }
3269
3270 static int pid_order(const void *a, const void *b)
3271 {
3272 GDBProcess *pa = (GDBProcess *) a;
3273 GDBProcess *pb = (GDBProcess *) b;
3274
3275 if (pa->pid < pb->pid) {
3276 return -1;
3277 } else if (pa->pid > pb->pid) {
3278 return 1;
3279 } else {
3280 return 0;
3281 }
3282 }
3283
3284 static void create_processes(GDBState *s)
3285 {
3286 object_child_foreach(object_get_root(), find_cpu_clusters, s);
3287
3288 if (gdbserver_state.processes) {
3289 /* Sort by PID */
3290 qsort(gdbserver_state.processes, gdbserver_state.process_num, sizeof(gdbserver_state.processes[0]), pid_order);
3291 }
3292
3293 create_default_process(s);
3294 }
3295
3296 int gdbserver_start(const char *device)
3297 {
3298 trace_gdbstub_op_start(device);
3299
3300 char gdbstub_device_name[128];
3301 Chardev *chr = NULL;
3302 Chardev *mon_chr;
3303
3304 if (!first_cpu) {
3305 error_report("gdbstub: meaningless to attach gdb to a "
3306 "machine without any CPU.");
3307 return -1;
3308 }
3309
3310 if (!device)
3311 return -1;
3312 if (strcmp(device, "none") != 0) {
3313 if (strstart(device, "tcp:", NULL)) {
3314 /* enforce required TCP attributes */
3315 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3316 "%s,nowait,nodelay,server", device);
3317 device = gdbstub_device_name;
3318 }
3319 #ifndef _WIN32
3320 else if (strcmp(device, "stdio") == 0) {
3321 struct sigaction act;
3322
3323 memset(&act, 0, sizeof(act));
3324 act.sa_handler = gdb_sigterm_handler;
3325 sigaction(SIGINT, &act, NULL);
3326 }
3327 #endif
3328 /*
3329 * FIXME: it's a bit weird to allow using a mux chardev here
3330 * and implicitly setup a monitor. We may want to break this.
3331 */
3332 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3333 if (!chr)
3334 return -1;
3335 }
3336
3337 if (!gdbserver_state.init) {
3338 init_gdbserver_state();
3339
3340 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3341
3342 /* Initialize a monitor terminal for gdb */
3343 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3344 NULL, NULL, &error_abort);
3345 monitor_init_hmp(mon_chr, false, &error_abort);
3346 } else {
3347 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3348 mon_chr = gdbserver_state.mon_chr;
3349 reset_gdbserver_state();
3350 }
3351
3352 create_processes(&gdbserver_state);
3353
3354 if (chr) {
3355 qemu_chr_fe_init(&gdbserver_state.chr, chr, &error_abort);
3356 qemu_chr_fe_set_handlers(&gdbserver_state.chr, gdb_chr_can_receive,
3357 gdb_chr_receive, gdb_chr_event,
3358 NULL, &gdbserver_state, NULL, true);
3359 }
3360 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
3361 gdbserver_state.mon_chr = mon_chr;
3362 gdbserver_state.current_syscall_cb = NULL;
3363
3364 return 0;
3365 }
3366
3367 void gdbserver_cleanup(void)
3368 {
3369 if (gdbserver_state.init) {
3370 put_packet("W00");
3371 }
3372 }
3373
3374 static void register_types(void)
3375 {
3376 type_register_static(&char_gdb_type_info);
3377 }
3378
3379 type_init(register_types);
3380 #endif
QEmu