1 /*
2 * gdb server stub
3 *
4 * This implements a subset of the remote protocol as described in:
5 *
6 * https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7 *
8 * Copyright (c) 2003-2005 Fabrice Bellard
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 *
23 * SPDX-License-Identifier: LGPL-2.0+
24 */
25
26 #include "qemu/osdep.h"
27 #include "qemu-common.h"
28 #include "qapi/error.h"
29 #include "qemu/error-report.h"
30 #include "qemu/ctype.h"
31 #include "qemu/cutils.h"
32 #include "qemu/module.h"
33 #include "trace-root.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "qemu.h"
36 #else
37 #include "monitor/monitor.h"
38 #include "chardev/char.h"
39 #include "chardev/char-fe.h"
40 #include "sysemu/sysemu.h"
41 #include "exec/gdbstub.h"
42 #include "hw/cpu/cluster.h"
43 #include "hw/boards.h"
44 #endif
45
46 #define MAX_PACKET_LENGTH 4096
47
48 #include "qemu/sockets.h"
49 #include "sysemu/hw_accel.h"
50 #include "sysemu/kvm.h"
51 #include "sysemu/runstate.h"
52 #include "hw/semihosting/semihost.h"
53 #include "exec/exec-all.h"
54
55 #ifdef CONFIG_USER_ONLY
56 #define GDB_ATTACHED "0"
57 #else
58 #define GDB_ATTACHED "1"
59 #endif
60
61 #ifndef CONFIG_USER_ONLY
62 static int phy_memory_mode;
63 #endif
64
target_memory_rw_debug(CPUState * cpu,target_ulong addr,uint8_t * buf,int len,bool is_write)65 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
66 uint8_t *buf, int len, bool is_write)
67 {
68 CPUClass *cc;
69
70 #ifndef CONFIG_USER_ONLY
71 if (phy_memory_mode) {
72 if (is_write) {
73 cpu_physical_memory_write(addr, buf, len);
74 } else {
75 cpu_physical_memory_read(addr, buf, len);
76 }
77 return 0;
78 }
79 #endif
80
81 cc = CPU_GET_CLASS(cpu);
82 if (cc->memory_rw_debug) {
83 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
84 }
85 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
86 }
87
88 /* Return the GDB index for a given vCPU state.
89 *
90 * For user mode this is simply the thread id. In system mode GDB
91 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
92 */
cpu_gdb_index(CPUState * cpu)93 static inline int cpu_gdb_index(CPUState *cpu)
94 {
95 #if defined(CONFIG_USER_ONLY)
96 TaskState *ts = (TaskState *) cpu->opaque;
97 return ts->ts_tid;
98 #else
99 return cpu->cpu_index + 1;
100 #endif
101 }
102
103 enum {
104 GDB_SIGNAL_0 = 0,
105 GDB_SIGNAL_INT = 2,
106 GDB_SIGNAL_QUIT = 3,
107 GDB_SIGNAL_TRAP = 5,
108 GDB_SIGNAL_ABRT = 6,
109 GDB_SIGNAL_ALRM = 14,
110 GDB_SIGNAL_IO = 23,
111 GDB_SIGNAL_XCPU = 24,
112 GDB_SIGNAL_UNKNOWN = 143
113 };
114
115 #ifdef CONFIG_USER_ONLY
116
117 /* Map target signal numbers to GDB protocol signal numbers and vice
118 * versa. For user emulation's currently supported systems, we can
119 * assume most signals are defined.
120 */
121
122 static int gdb_signal_table[] = {
123 0,
124 TARGET_SIGHUP,
125 TARGET_SIGINT,
126 TARGET_SIGQUIT,
127 TARGET_SIGILL,
128 TARGET_SIGTRAP,
129 TARGET_SIGABRT,
130 -1, /* SIGEMT */
131 TARGET_SIGFPE,
132 TARGET_SIGKILL,
133 TARGET_SIGBUS,
134 TARGET_SIGSEGV,
135 TARGET_SIGSYS,
136 TARGET_SIGPIPE,
137 TARGET_SIGALRM,
138 TARGET_SIGTERM,
139 TARGET_SIGURG,
140 TARGET_SIGSTOP,
141 TARGET_SIGTSTP,
142 TARGET_SIGCONT,
143 TARGET_SIGCHLD,
144 TARGET_SIGTTIN,
145 TARGET_SIGTTOU,
146 TARGET_SIGIO,
147 TARGET_SIGXCPU,
148 TARGET_SIGXFSZ,
149 TARGET_SIGVTALRM,
150 TARGET_SIGPROF,
151 TARGET_SIGWINCH,
152 -1, /* SIGLOST */
153 TARGET_SIGUSR1,
154 TARGET_SIGUSR2,
155 #ifdef TARGET_SIGPWR
156 TARGET_SIGPWR,
157 #else
158 -1,
159 #endif
160 -1, /* SIGPOLL */
161 -1,
162 -1,
163 -1,
164 -1,
165 -1,
166 -1,
167 -1,
168 -1,
169 -1,
170 -1,
171 -1,
172 #ifdef __SIGRTMIN
173 __SIGRTMIN + 1,
174 __SIGRTMIN + 2,
175 __SIGRTMIN + 3,
176 __SIGRTMIN + 4,
177 __SIGRTMIN + 5,
178 __SIGRTMIN + 6,
179 __SIGRTMIN + 7,
180 __SIGRTMIN + 8,
181 __SIGRTMIN + 9,
182 __SIGRTMIN + 10,
183 __SIGRTMIN + 11,
184 __SIGRTMIN + 12,
185 __SIGRTMIN + 13,
186 __SIGRTMIN + 14,
187 __SIGRTMIN + 15,
188 __SIGRTMIN + 16,
189 __SIGRTMIN + 17,
190 __SIGRTMIN + 18,
191 __SIGRTMIN + 19,
192 __SIGRTMIN + 20,
193 __SIGRTMIN + 21,
194 __SIGRTMIN + 22,
195 __SIGRTMIN + 23,
196 __SIGRTMIN + 24,
197 __SIGRTMIN + 25,
198 __SIGRTMIN + 26,
199 __SIGRTMIN + 27,
200 __SIGRTMIN + 28,
201 __SIGRTMIN + 29,
202 __SIGRTMIN + 30,
203 __SIGRTMIN + 31,
204 -1, /* SIGCANCEL */
205 __SIGRTMIN,
206 __SIGRTMIN + 32,
207 __SIGRTMIN + 33,
208 __SIGRTMIN + 34,
209 __SIGRTMIN + 35,
210 __SIGRTMIN + 36,
211 __SIGRTMIN + 37,
212 __SIGRTMIN + 38,
213 __SIGRTMIN + 39,
214 __SIGRTMIN + 40,
215 __SIGRTMIN + 41,
216 __SIGRTMIN + 42,
217 __SIGRTMIN + 43,
218 __SIGRTMIN + 44,
219 __SIGRTMIN + 45,
220 __SIGRTMIN + 46,
221 __SIGRTMIN + 47,
222 __SIGRTMIN + 48,
223 __SIGRTMIN + 49,
224 __SIGRTMIN + 50,
225 __SIGRTMIN + 51,
226 __SIGRTMIN + 52,
227 __SIGRTMIN + 53,
228 __SIGRTMIN + 54,
229 __SIGRTMIN + 55,
230 __SIGRTMIN + 56,
231 __SIGRTMIN + 57,
232 __SIGRTMIN + 58,
233 __SIGRTMIN + 59,
234 __SIGRTMIN + 60,
235 __SIGRTMIN + 61,
236 __SIGRTMIN + 62,
237 __SIGRTMIN + 63,
238 __SIGRTMIN + 64,
239 __SIGRTMIN + 65,
240 __SIGRTMIN + 66,
241 __SIGRTMIN + 67,
242 __SIGRTMIN + 68,
243 __SIGRTMIN + 69,
244 __SIGRTMIN + 70,
245 __SIGRTMIN + 71,
246 __SIGRTMIN + 72,
247 __SIGRTMIN + 73,
248 __SIGRTMIN + 74,
249 __SIGRTMIN + 75,
250 __SIGRTMIN + 76,
251 __SIGRTMIN + 77,
252 __SIGRTMIN + 78,
253 __SIGRTMIN + 79,
254 __SIGRTMIN + 80,
255 __SIGRTMIN + 81,
256 __SIGRTMIN + 82,
257 __SIGRTMIN + 83,
258 __SIGRTMIN + 84,
259 __SIGRTMIN + 85,
260 __SIGRTMIN + 86,
261 __SIGRTMIN + 87,
262 __SIGRTMIN + 88,
263 __SIGRTMIN + 89,
264 __SIGRTMIN + 90,
265 __SIGRTMIN + 91,
266 __SIGRTMIN + 92,
267 __SIGRTMIN + 93,
268 __SIGRTMIN + 94,
269 __SIGRTMIN + 95,
270 -1, /* SIGINFO */
271 -1, /* UNKNOWN */
272 -1, /* DEFAULT */
273 -1,
274 -1,
275 -1,
276 -1,
277 -1,
278 -1
279 #endif
280 };
281 #else
282 /* In system mode we only need SIGINT and SIGTRAP; other signals
283 are not yet supported. */
284
285 enum {
286 TARGET_SIGINT = 2,
287 TARGET_SIGTRAP = 5
288 };
289
290 static int gdb_signal_table[] = {
291 -1,
292 -1,
293 TARGET_SIGINT,
294 -1,
295 -1,
296 TARGET_SIGTRAP
297 };
298 #endif
299
300 #ifdef CONFIG_USER_ONLY
target_signal_to_gdb(int sig)301 static int target_signal_to_gdb (int sig)
302 {
303 int i;
304 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
305 if (gdb_signal_table[i] == sig)
306 return i;
307 return GDB_SIGNAL_UNKNOWN;
308 }
309 #endif
310
gdb_signal_to_target(int sig)311 static int gdb_signal_to_target (int sig)
312 {
313 if (sig < ARRAY_SIZE (gdb_signal_table))
314 return gdb_signal_table[sig];
315 else
316 return -1;
317 }
318
319 typedef struct GDBRegisterState {
320 int base_reg;
321 int num_regs;
322 gdb_get_reg_cb get_reg;
323 gdb_set_reg_cb set_reg;
324 const char *xml;
325 struct GDBRegisterState *next;
326 } GDBRegisterState;
327
328 typedef struct GDBProcess {
329 uint32_t pid;
330 bool attached;
331
332 char target_xml[1024];
333 } GDBProcess;
334
335 enum RSState {
336 RS_INACTIVE,
337 RS_IDLE,
338 RS_GETLINE,
339 RS_GETLINE_ESC,
340 RS_GETLINE_RLE,
341 RS_CHKSUM1,
342 RS_CHKSUM2,
343 };
344 typedef struct GDBState {
345 bool init; /* have we been initialised? */
346 CPUState *c_cpu; /* current CPU for step/continue ops */
347 CPUState *g_cpu; /* current CPU for other ops */
348 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
349 enum RSState state; /* parsing state */
350 char line_buf[MAX_PACKET_LENGTH];
351 int line_buf_index;
352 int line_sum; /* running checksum */
353 int line_csum; /* checksum at the end of the packet */
354 GByteArray *last_packet;
355 int signal;
356 #ifdef CONFIG_USER_ONLY
357 int fd;
358 int running_state;
359 #else
360 CharBackend chr;
361 Chardev *mon_chr;
362 #endif
363 bool multiprocess;
364 GDBProcess *processes;
365 int process_num;
366 char syscall_buf[256];
367 gdb_syscall_complete_cb current_syscall_cb;
368 GString *str_buf;
369 GByteArray *mem_buf;
370 } GDBState;
371
372 /* By default use no IRQs and no timers while single stepping so as to
373 * make single stepping like an ICE HW step.
374 */
375 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
376
377 static GDBState gdbserver_state;
378
init_gdbserver_state(void)379 static void init_gdbserver_state(void)
380 {
381 g_assert(!gdbserver_state.init);
382 memset(&gdbserver_state, 0, sizeof(GDBState));
383 gdbserver_state.init = true;
384 gdbserver_state.str_buf = g_string_new(NULL);
385 gdbserver_state.mem_buf = g_byte_array_sized_new(MAX_PACKET_LENGTH);
386 gdbserver_state.last_packet = g_byte_array_sized_new(MAX_PACKET_LENGTH + 4);
387 }
388
389 #ifndef CONFIG_USER_ONLY
reset_gdbserver_state(void)390 static void reset_gdbserver_state(void)
391 {
392 g_free(gdbserver_state.processes);
393 gdbserver_state.processes = NULL;
394 gdbserver_state.process_num = 0;
395 }
396 #endif
397
398 bool gdb_has_xml;
399
400 #ifdef CONFIG_USER_ONLY
401 /* XXX: This is not thread safe. Do we care? */
402 static int gdbserver_fd = -1;
403
get_char(void)404 static int get_char(void)
405 {
406 uint8_t ch;
407 int ret;
408
409 for(;;) {
410 ret = qemu_recv(gdbserver_state.fd, &ch, 1, 0);
411 if (ret < 0) {
412 if (errno == ECONNRESET)
413 gdbserver_state.fd = -1;
414 if (errno != EINTR)
415 return -1;
416 } else if (ret == 0) {
417 close(gdbserver_state.fd);
418 gdbserver_state.fd = -1;
419 return -1;
420 } else {
421 break;
422 }
423 }
424 return ch;
425 }
426 #endif
427
428 static enum {
429 GDB_SYS_UNKNOWN,
430 GDB_SYS_ENABLED,
431 GDB_SYS_DISABLED,
432 } gdb_syscall_mode;
433
434 /* Decide if either remote gdb syscalls or native file IO should be used. */
use_gdb_syscalls(void)435 int use_gdb_syscalls(void)
436 {
437 SemihostingTarget target = semihosting_get_target();
438 if (target == SEMIHOSTING_TARGET_NATIVE) {
439 /* -semihosting-config target=native */
440 return false;
441 } else if (target == SEMIHOSTING_TARGET_GDB) {
442 /* -semihosting-config target=gdb */
443 return true;
444 }
445
446 /* -semihosting-config target=auto */
447 /* On the first call check if gdb is connected and remember. */
448 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
449 gdb_syscall_mode = gdbserver_state.init ?
450 GDB_SYS_ENABLED : GDB_SYS_DISABLED;
451 }
452 return gdb_syscall_mode == GDB_SYS_ENABLED;
453 }
454
455 /* Resume execution. */
gdb_continue(void)456 static inline void gdb_continue(void)
457 {
458
459 #ifdef CONFIG_USER_ONLY
460 gdbserver_state.running_state = 1;
461 trace_gdbstub_op_continue();
462 #else
463 if (!runstate_needs_reset()) {
464 trace_gdbstub_op_continue();
465 vm_start();
466 }
467 #endif
468 }
469
470 /*
471 * Resume execution, per CPU actions. For user-mode emulation it's
472 * equivalent to gdb_continue.
473 */
gdb_continue_partial(char * newstates)474 static int gdb_continue_partial(char *newstates)
475 {
476 CPUState *cpu;
477 int res = 0;
478 #ifdef CONFIG_USER_ONLY
479 /*
480 * This is not exactly accurate, but it's an improvement compared to the
481 * previous situation, where only one CPU would be single-stepped.
482 */
483 CPU_FOREACH(cpu) {
484 if (newstates[cpu->cpu_index] == 's') {
485 trace_gdbstub_op_stepping(cpu->cpu_index);
486 cpu_single_step(cpu, sstep_flags);
487 }
488 }
489 gdbserver_state.running_state = 1;
490 #else
491 int flag = 0;
492
493 if (!runstate_needs_reset()) {
494 if (vm_prepare_start()) {
495 return 0;
496 }
497
498 CPU_FOREACH(cpu) {
499 switch (newstates[cpu->cpu_index]) {
500 case 0:
501 case 1:
502 break; /* nothing to do here */
503 case 's':
504 trace_gdbstub_op_stepping(cpu->cpu_index);
505 cpu_single_step(cpu, sstep_flags);
506 cpu_resume(cpu);
507 flag = 1;
508 break;
509 case 'c':
510 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
511 cpu_resume(cpu);
512 flag = 1;
513 break;
514 default:
515 res = -1;
516 break;
517 }
518 }
519 }
520 if (flag) {
521 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
522 }
523 #endif
524 return res;
525 }
526
put_buffer(const uint8_t * buf,int len)527 static void put_buffer(const uint8_t *buf, int len)
528 {
529 #ifdef CONFIG_USER_ONLY
530 int ret;
531
532 while (len > 0) {
533 ret = send(gdbserver_state.fd, buf, len, 0);
534 if (ret < 0) {
535 if (errno != EINTR)
536 return;
537 } else {
538 buf += ret;
539 len -= ret;
540 }
541 }
542 #else
543 /* XXX this blocks entire thread. Rewrite to use
544 * qemu_chr_fe_write and background I/O callbacks */
545 qemu_chr_fe_write_all(&gdbserver_state.chr, buf, len);
546 #endif
547 }
548
fromhex(int v)549 static inline int fromhex(int v)
550 {
551 if (v >= '0' && v <= '9')
552 return v - '0';
553 else if (v >= 'A' && v <= 'F')
554 return v - 'A' + 10;
555 else if (v >= 'a' && v <= 'f')
556 return v - 'a' + 10;
557 else
558 return 0;
559 }
560
tohex(int v)561 static inline int tohex(int v)
562 {
563 if (v < 10)
564 return v + '0';
565 else
566 return v - 10 + 'a';
567 }
568
569 /* writes 2*len+1 bytes in buf */
memtohex(GString * buf,const uint8_t * mem,int len)570 static void memtohex(GString *buf, const uint8_t *mem, int len)
571 {
572 int i, c;
573 for(i = 0; i < len; i++) {
574 c = mem[i];
575 g_string_append_c(buf, tohex(c >> 4));
576 g_string_append_c(buf, tohex(c & 0xf));
577 }
578 g_string_append_c(buf, '\0');
579 }
580
hextomem(GByteArray * mem,const char * buf,int len)581 static void hextomem(GByteArray *mem, const char *buf, int len)
582 {
583 int i;
584
585 for(i = 0; i < len; i++) {
586 guint8 byte = fromhex(buf[0]) << 4 | fromhex(buf[1]);
587 g_byte_array_append(mem, &byte, 1);
588 buf += 2;
589 }
590 }
591
hexdump(const char * buf,int len,void (* trace_fn)(size_t ofs,char const * text))592 static void hexdump(const char *buf, int len,
593 void (*trace_fn)(size_t ofs, char const *text))
594 {
595 char line_buffer[3 * 16 + 4 + 16 + 1];
596
597 size_t i;
598 for (i = 0; i < len || (i & 0xF); ++i) {
599 size_t byte_ofs = i & 15;
600
601 if (byte_ofs == 0) {
602 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
603 line_buffer[3 * 16 + 4 + 16] = 0;
604 }
605
606 size_t col_group = (i >> 2) & 3;
607 size_t hex_col = byte_ofs * 3 + col_group;
608 size_t txt_col = 3 * 16 + 4 + byte_ofs;
609
610 if (i < len) {
611 char value = buf[i];
612
613 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
614 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
615 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
616 ? value
617 : '.';
618 }
619
620 if (byte_ofs == 0xF)
621 trace_fn(i & -16, line_buffer);
622 }
623 }
624
625 /* return -1 if error, 0 if OK */
put_packet_binary(const char * buf,int len,bool dump)626 static int put_packet_binary(const char *buf, int len, bool dump)
627 {
628 int csum, i;
629 uint8_t footer[3];
630
631 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
632 hexdump(buf, len, trace_gdbstub_io_binaryreply);
633 }
634
635 for(;;) {
636 g_byte_array_set_size(gdbserver_state.last_packet, 0);
637 g_byte_array_append(gdbserver_state.last_packet,
638 (const uint8_t *) "$", 1);
639 g_byte_array_append(gdbserver_state.last_packet,
640 (const uint8_t *) buf, len);
641 csum = 0;
642 for(i = 0; i < len; i++) {
643 csum += buf[i];
644 }
645 footer[0] = '#';
646 footer[1] = tohex((csum >> 4) & 0xf);
647 footer[2] = tohex((csum) & 0xf);
648 g_byte_array_append(gdbserver_state.last_packet, footer, 3);
649
650 put_buffer(gdbserver_state.last_packet->data,
651 gdbserver_state.last_packet->len);
652
653 #ifdef CONFIG_USER_ONLY
654 i = get_char();
655 if (i < 0)
656 return -1;
657 if (i == '+')
658 break;
659 #else
660 break;
661 #endif
662 }
663 return 0;
664 }
665
666 /* return -1 if error, 0 if OK */
put_packet(const char * buf)667 static int put_packet(const char *buf)
668 {
669 trace_gdbstub_io_reply(buf);
670
671 return put_packet_binary(buf, strlen(buf), false);
672 }
673
put_strbuf(void)674 static void put_strbuf(void)
675 {
676 put_packet(gdbserver_state.str_buf->str);
677 }
678
679 /* Encode data using the encoding for 'x' packets. */
memtox(GString * buf,const char * mem,int len)680 static void memtox(GString *buf, const char *mem, int len)
681 {
682 char c;
683
684 while (len--) {
685 c = *(mem++);
686 switch (c) {
687 case '#': case '$': case '*': case '}':
688 g_string_append_c(buf, '}');
689 g_string_append_c(buf, c ^ 0x20);
690 break;
691 default:
692 g_string_append_c(buf, c);
693 break;
694 }
695 }
696 }
697
gdb_get_cpu_pid(CPUState * cpu)698 static uint32_t gdb_get_cpu_pid(CPUState *cpu)
699 {
700 /* TODO: In user mode, we should use the task state PID */
701 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
702 /* Return the default process' PID */
703 int index = gdbserver_state.process_num - 1;
704 return gdbserver_state.processes[index].pid;
705 }
706 return cpu->cluster_index + 1;
707 }
708
gdb_get_process(uint32_t pid)709 static GDBProcess *gdb_get_process(uint32_t pid)
710 {
711 int i;
712
713 if (!pid) {
714 /* 0 means any process, we take the first one */
715 return &gdbserver_state.processes[0];
716 }
717
718 for (i = 0; i < gdbserver_state.process_num; i++) {
719 if (gdbserver_state.processes[i].pid == pid) {
720 return &gdbserver_state.processes[i];
721 }
722 }
723
724 return NULL;
725 }
726
gdb_get_cpu_process(CPUState * cpu)727 static GDBProcess *gdb_get_cpu_process(CPUState *cpu)
728 {
729 return gdb_get_process(gdb_get_cpu_pid(cpu));
730 }
731
find_cpu(uint32_t thread_id)732 static CPUState *find_cpu(uint32_t thread_id)
733 {
734 CPUState *cpu;
735
736 CPU_FOREACH(cpu) {
737 if (cpu_gdb_index(cpu) == thread_id) {
738 return cpu;
739 }
740 }
741
742 return NULL;
743 }
744
get_first_cpu_in_process(GDBProcess * process)745 static CPUState *get_first_cpu_in_process(GDBProcess *process)
746 {
747 CPUState *cpu;
748
749 CPU_FOREACH(cpu) {
750 if (gdb_get_cpu_pid(cpu) == process->pid) {
751 return cpu;
752 }
753 }
754
755 return NULL;
756 }
757
gdb_next_cpu_in_process(CPUState * cpu)758 static CPUState *gdb_next_cpu_in_process(CPUState *cpu)
759 {
760 uint32_t pid = gdb_get_cpu_pid(cpu);
761 cpu = CPU_NEXT(cpu);
762
763 while (cpu) {
764 if (gdb_get_cpu_pid(cpu) == pid) {
765 break;
766 }
767
768 cpu = CPU_NEXT(cpu);
769 }
770
771 return cpu;
772 }
773
774 /* Return the cpu following @cpu, while ignoring unattached processes. */
gdb_next_attached_cpu(CPUState * cpu)775 static CPUState *gdb_next_attached_cpu(CPUState *cpu)
776 {
777 cpu = CPU_NEXT(cpu);
778
779 while (cpu) {
780 if (gdb_get_cpu_process(cpu)->attached) {
781 break;
782 }
783
784 cpu = CPU_NEXT(cpu);
785 }
786
787 return cpu;
788 }
789
790 /* Return the first attached cpu */
gdb_first_attached_cpu(void)791 static CPUState *gdb_first_attached_cpu(void)
792 {
793 CPUState *cpu = first_cpu;
794 GDBProcess *process = gdb_get_cpu_process(cpu);
795
796 if (!process->attached) {
797 return gdb_next_attached_cpu(cpu);
798 }
799
800 return cpu;
801 }
802
gdb_get_cpu(uint32_t pid,uint32_t tid)803 static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
804 {
805 GDBProcess *process;
806 CPUState *cpu;
807
808 if (!pid && !tid) {
809 /* 0 means any process/thread, we take the first attached one */
810 return gdb_first_attached_cpu();
811 } else if (pid && !tid) {
812 /* any thread in a specific process */
813 process = gdb_get_process(pid);
814
815 if (process == NULL) {
816 return NULL;
817 }
818
819 if (!process->attached) {
820 return NULL;
821 }
822
823 return get_first_cpu_in_process(process);
824 } else {
825 /* a specific thread */
826 cpu = find_cpu(tid);
827
828 if (cpu == NULL) {
829 return NULL;
830 }
831
832 process = gdb_get_cpu_process(cpu);
833
834 if (pid && process->pid != pid) {
835 return NULL;
836 }
837
838 if (!process->attached) {
839 return NULL;
840 }
841
842 return cpu;
843 }
844 }
845
get_feature_xml(const char * p,const char ** newp,GDBProcess * process)846 static const char *get_feature_xml(const char *p, const char **newp,
847 GDBProcess *process)
848 {
849 size_t len;
850 int i;
851 const char *name;
852 CPUState *cpu = get_first_cpu_in_process(process);
853 CPUClass *cc = CPU_GET_CLASS(cpu);
854
855 len = 0;
856 while (p[len] && p[len] != ':')
857 len++;
858 *newp = p + len;
859
860 name = NULL;
861 if (strncmp(p, "target.xml", len) == 0) {
862 char *buf = process->target_xml;
863 const size_t buf_sz = sizeof(process->target_xml);
864
865 /* Generate the XML description for this CPU. */
866 if (!buf[0]) {
867 GDBRegisterState *r;
868
869 pstrcat(buf, buf_sz,
870 "<?xml version=\"1.0\"?>"
871 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
872 "<target>");
873 if (cc->gdb_arch_name) {
874 gchar *arch = cc->gdb_arch_name(cpu);
875 pstrcat(buf, buf_sz, "<architecture>");
876 pstrcat(buf, buf_sz, arch);
877 pstrcat(buf, buf_sz, "</architecture>");
878 g_free(arch);
879 }
880 pstrcat(buf, buf_sz, "<xi:include href=\"");
881 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
882 pstrcat(buf, buf_sz, "\"/>");
883 for (r = cpu->gdb_regs; r; r = r->next) {
884 pstrcat(buf, buf_sz, "<xi:include href=\"");
885 pstrcat(buf, buf_sz, r->xml);
886 pstrcat(buf, buf_sz, "\"/>");
887 }
888 pstrcat(buf, buf_sz, "</target>");
889 }
890 return buf;
891 }
892 if (cc->gdb_get_dynamic_xml) {
893 char *xmlname = g_strndup(p, len);
894 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
895
896 g_free(xmlname);
897 if (xml) {
898 return xml;
899 }
900 }
901 for (i = 0; ; i++) {
902 name = xml_builtin[i][0];
903 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
904 break;
905 }
906 return name ? xml_builtin[i][1] : NULL;
907 }
908
gdb_read_register(CPUState * cpu,GByteArray * buf,int reg)909 static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
910 {
911 CPUClass *cc = CPU_GET_CLASS(cpu);
912 CPUArchState *env = cpu->env_ptr;
913 GDBRegisterState *r;
914
915 if (reg < cc->gdb_num_core_regs) {
916 return cc->gdb_read_register(cpu, buf, reg);
917 }
918
919 for (r = cpu->gdb_regs; r; r = r->next) {
920 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
921 return r->get_reg(env, buf, reg - r->base_reg);
922 }
923 }
924 return 0;
925 }
926
gdb_write_register(CPUState * cpu,uint8_t * mem_buf,int reg)927 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
928 {
929 CPUClass *cc = CPU_GET_CLASS(cpu);
930 CPUArchState *env = cpu->env_ptr;
931 GDBRegisterState *r;
932
933 if (reg < cc->gdb_num_core_regs) {
934 return cc->gdb_write_register(cpu, mem_buf, reg);
935 }
936
937 for (r = cpu->gdb_regs; r; r = r->next) {
938 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
939 return r->set_reg(env, mem_buf, reg - r->base_reg);
940 }
941 }
942 return 0;
943 }
944
945 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
946 specifies the first register number and these registers are included in
947 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
948 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
949 */
950
gdb_register_coprocessor(CPUState * cpu,gdb_get_reg_cb get_reg,gdb_set_reg_cb set_reg,int num_regs,const char * xml,int g_pos)951 void gdb_register_coprocessor(CPUState *cpu,
952 gdb_get_reg_cb get_reg, gdb_set_reg_cb set_reg,
953 int num_regs, const char *xml, int g_pos)
954 {
955 GDBRegisterState *s;
956 GDBRegisterState **p;
957
958 p = &cpu->gdb_regs;
959 while (*p) {
960 /* Check for duplicates. */
961 if (strcmp((*p)->xml, xml) == 0)
962 return;
963 p = &(*p)->next;
964 }
965
966 s = g_new0(GDBRegisterState, 1);
967 s->base_reg = cpu->gdb_num_regs;
968 s->num_regs = num_regs;
969 s->get_reg = get_reg;
970 s->set_reg = set_reg;
971 s->xml = xml;
972
973 /* Add to end of list. */
974 cpu->gdb_num_regs += num_regs;
975 *p = s;
976 if (g_pos) {
977 if (g_pos != s->base_reg) {
978 error_report("Error: Bad gdb register numbering for '%s', "
979 "expected %d got %d", xml, g_pos, s->base_reg);
980 } else {
981 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
982 }
983 }
984 }
985
986 #ifndef CONFIG_USER_ONLY
987 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
xlat_gdb_type(CPUState * cpu,int gdbtype)988 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
989 {
990 static const int xlat[] = {
991 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
992 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
993 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
994 };
995
996 CPUClass *cc = CPU_GET_CLASS(cpu);
997 int cputype = xlat[gdbtype];
998
999 if (cc->gdb_stop_before_watchpoint) {
1000 cputype |= BP_STOP_BEFORE_ACCESS;
1001 }
1002 return cputype;
1003 }
1004 #endif
1005
gdb_breakpoint_insert(int type,target_ulong addr,target_ulong len)1006 static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
1007 {
1008 CPUState *cpu;
1009 int err = 0;
1010
1011 if (kvm_enabled()) {
1012 return kvm_insert_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1013 }
1014
1015 switch (type) {
1016 case GDB_BREAKPOINT_SW:
1017 case GDB_BREAKPOINT_HW:
1018 CPU_FOREACH(cpu) {
1019 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
1020 if (err) {
1021 break;
1022 }
1023 }
1024 return err;
1025 #ifndef CONFIG_USER_ONLY
1026 case GDB_WATCHPOINT_WRITE:
1027 case GDB_WATCHPOINT_READ:
1028 case GDB_WATCHPOINT_ACCESS:
1029 CPU_FOREACH(cpu) {
1030 err = cpu_watchpoint_insert(cpu, addr, len,
1031 xlat_gdb_type(cpu, type), NULL);
1032 if (err) {
1033 break;
1034 }
1035 }
1036 return err;
1037 #endif
1038 default:
1039 return -ENOSYS;
1040 }
1041 }
1042
gdb_breakpoint_remove(int type,target_ulong addr,target_ulong len)1043 static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
1044 {
1045 CPUState *cpu;
1046 int err = 0;
1047
1048 if (kvm_enabled()) {
1049 return kvm_remove_breakpoint(gdbserver_state.c_cpu, addr, len, type);
1050 }
1051
1052 switch (type) {
1053 case GDB_BREAKPOINT_SW:
1054 case GDB_BREAKPOINT_HW:
1055 CPU_FOREACH(cpu) {
1056 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1057 if (err) {
1058 break;
1059 }
1060 }
1061 return err;
1062 #ifndef CONFIG_USER_ONLY
1063 case GDB_WATCHPOINT_WRITE:
1064 case GDB_WATCHPOINT_READ:
1065 case GDB_WATCHPOINT_ACCESS:
1066 CPU_FOREACH(cpu) {
1067 err = cpu_watchpoint_remove(cpu, addr, len,
1068 xlat_gdb_type(cpu, type));
1069 if (err)
1070 break;
1071 }
1072 return err;
1073 #endif
1074 default:
1075 return -ENOSYS;
1076 }
1077 }
1078
gdb_cpu_breakpoint_remove_all(CPUState * cpu)1079 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1080 {
1081 cpu_breakpoint_remove_all(cpu, BP_GDB);
1082 #ifndef CONFIG_USER_ONLY
1083 cpu_watchpoint_remove_all(cpu, BP_GDB);
1084 #endif
1085 }
1086
gdb_process_breakpoint_remove_all(GDBProcess * p)1087 static void gdb_process_breakpoint_remove_all(GDBProcess *p)
1088 {
1089 CPUState *cpu = get_first_cpu_in_process(p);
1090
1091 while (cpu) {
1092 gdb_cpu_breakpoint_remove_all(cpu);
1093 cpu = gdb_next_cpu_in_process(cpu);
1094 }
1095 }
1096
gdb_breakpoint_remove_all(void)1097 static void gdb_breakpoint_remove_all(void)
1098 {
1099 CPUState *cpu;
1100
1101 if (kvm_enabled()) {
1102 kvm_remove_all_breakpoints(gdbserver_state.c_cpu);
1103 return;
1104 }
1105
1106 CPU_FOREACH(cpu) {
1107 gdb_cpu_breakpoint_remove_all(cpu);
1108 }
1109 }
1110
gdb_set_cpu_pc(target_ulong pc)1111 static void gdb_set_cpu_pc(target_ulong pc)
1112 {
1113 CPUState *cpu = gdbserver_state.c_cpu;
1114
1115 cpu_synchronize_state(cpu);
1116 cpu_set_pc(cpu, pc);
1117 }
1118
gdb_append_thread_id(CPUState * cpu,GString * buf)1119 static void gdb_append_thread_id(CPUState *cpu, GString *buf)
1120 {
1121 if (gdbserver_state.multiprocess) {
1122 g_string_append_printf(buf, "p%02x.%02x",
1123 gdb_get_cpu_pid(cpu), cpu_gdb_index(cpu));
1124 } else {
1125 g_string_append_printf(buf, "%02x", cpu_gdb_index(cpu));
1126 }
1127 }
1128
1129 typedef enum GDBThreadIdKind {
1130 GDB_ONE_THREAD = 0,
1131 GDB_ALL_THREADS, /* One process, all threads */
1132 GDB_ALL_PROCESSES,
1133 GDB_READ_THREAD_ERR
1134 } GDBThreadIdKind;
1135
read_thread_id(const char * buf,const char ** end_buf,uint32_t * pid,uint32_t * tid)1136 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1137 uint32_t *pid, uint32_t *tid)
1138 {
1139 unsigned long p, t;
1140 int ret;
1141
1142 if (*buf == 'p') {
1143 buf++;
1144 ret = qemu_strtoul(buf, &buf, 16, &p);
1145
1146 if (ret) {
1147 return GDB_READ_THREAD_ERR;
1148 }
1149
1150 /* Skip '.' */
1151 buf++;
1152 } else {
1153 p = 1;
1154 }
1155
1156 ret = qemu_strtoul(buf, &buf, 16, &t);
1157
1158 if (ret) {
1159 return GDB_READ_THREAD_ERR;
1160 }
1161
1162 *end_buf = buf;
1163
1164 if (p == -1) {
1165 return GDB_ALL_PROCESSES;
1166 }
1167
1168 if (pid) {
1169 *pid = p;
1170 }
1171
1172 if (t == -1) {
1173 return GDB_ALL_THREADS;
1174 }
1175
1176 if (tid) {
1177 *tid = t;
1178 }
1179
1180 return GDB_ONE_THREAD;
1181 }
1182
1183 /**
1184 * gdb_handle_vcont - Parses and handles a vCont packet.
1185 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1186 * a format error, 0 on success.
1187 */
gdb_handle_vcont(const char * p)1188 static int gdb_handle_vcont(const char *p)
1189 {
1190 int res, signal = 0;
1191 char cur_action;
1192 char *newstates;
1193 unsigned long tmp;
1194 uint32_t pid, tid;
1195 GDBProcess *process;
1196 CPUState *cpu;
1197 GDBThreadIdKind kind;
1198 #ifdef CONFIG_USER_ONLY
1199 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1200
1201 CPU_FOREACH(cpu) {
1202 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1203 }
1204 #else
1205 MachineState *ms = MACHINE(qdev_get_machine());
1206 unsigned int max_cpus = ms->smp.max_cpus;
1207 #endif
1208 /* uninitialised CPUs stay 0 */
1209 newstates = g_new0(char, max_cpus);
1210
1211 /* mark valid CPUs with 1 */
1212 CPU_FOREACH(cpu) {
1213 newstates[cpu->cpu_index] = 1;
1214 }
1215
1216 /*
1217 * res keeps track of what error we are returning, with -ENOTSUP meaning
1218 * that the command is unknown or unsupported, thus returning an empty
1219 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1220 * or incorrect parameters passed.
1221 */
1222 res = 0;
1223 while (*p) {
1224 if (*p++ != ';') {
1225 res = -ENOTSUP;
1226 goto out;
1227 }
1228
1229 cur_action = *p++;
1230 if (cur_action == 'C' || cur_action == 'S') {
1231 cur_action = qemu_tolower(cur_action);
1232 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1233 if (res) {
1234 goto out;
1235 }
1236 signal = gdb_signal_to_target(tmp);
1237 } else if (cur_action != 'c' && cur_action != 's') {
1238 /* unknown/invalid/unsupported command */
1239 res = -ENOTSUP;
1240 goto out;
1241 }
1242
1243 if (*p == '\0' || *p == ';') {
1244 /*
1245 * No thread specifier, action is on "all threads". The
1246 * specification is unclear regarding the process to act on. We
1247 * choose all processes.
1248 */
1249 kind = GDB_ALL_PROCESSES;
1250 } else if (*p++ == ':') {
1251 kind = read_thread_id(p, &p, &pid, &tid);
1252 } else {
1253 res = -ENOTSUP;
1254 goto out;
1255 }
1256
1257 switch (kind) {
1258 case GDB_READ_THREAD_ERR:
1259 res = -EINVAL;
1260 goto out;
1261
1262 case GDB_ALL_PROCESSES:
1263 cpu = gdb_first_attached_cpu();
1264 while (cpu) {
1265 if (newstates[cpu->cpu_index] == 1) {
1266 newstates[cpu->cpu_index] = cur_action;
1267 }
1268
1269 cpu = gdb_next_attached_cpu(cpu);
1270 }
1271 break;
1272
1273 case GDB_ALL_THREADS:
1274 process = gdb_get_process(pid);
1275
1276 if (!process->attached) {
1277 res = -EINVAL;
1278 goto out;
1279 }
1280
1281 cpu = get_first_cpu_in_process(process);
1282 while (cpu) {
1283 if (newstates[cpu->cpu_index] == 1) {
1284 newstates[cpu->cpu_index] = cur_action;
1285 }
1286
1287 cpu = gdb_next_cpu_in_process(cpu);
1288 }
1289 break;
1290
1291 case GDB_ONE_THREAD:
1292 cpu = gdb_get_cpu(pid, tid);
1293
1294 /* invalid CPU/thread specified */
1295 if (!cpu) {
1296 res = -EINVAL;
1297 goto out;
1298 }
1299
1300 /* only use if no previous match occourred */
1301 if (newstates[cpu->cpu_index] == 1) {
1302 newstates[cpu->cpu_index] = cur_action;
1303 }
1304 break;
1305 }
1306 }
1307 gdbserver_state.signal = signal;
1308 gdb_continue_partial(newstates);
1309
1310 out:
1311 g_free(newstates);
1312
1313 return res;
1314 }
1315
1316 typedef union GdbCmdVariant {
1317 const char *data;
1318 uint8_t opcode;
1319 unsigned long val_ul;
1320 unsigned long long val_ull;
1321 struct {
1322 GDBThreadIdKind kind;
1323 uint32_t pid;
1324 uint32_t tid;
1325 } thread_id;
1326 } GdbCmdVariant;
1327
cmd_next_param(const char * param,const char delimiter)1328 static const char *cmd_next_param(const char *param, const char delimiter)
1329 {
1330 static const char all_delimiters[] = ",;:=";
1331 char curr_delimiters[2] = {0};
1332 const char *delimiters;
1333
1334 if (delimiter == '?') {
1335 delimiters = all_delimiters;
1336 } else if (delimiter == '0') {
1337 return strchr(param, '\0');
1338 } else if (delimiter == '.' && *param) {
1339 return param + 1;
1340 } else {
1341 curr_delimiters[0] = delimiter;
1342 delimiters = curr_delimiters;
1343 }
1344
1345 param += strcspn(param, delimiters);
1346 if (*param) {
1347 param++;
1348 }
1349 return param;
1350 }
1351
cmd_parse_params(const char * data,const char * schema,GdbCmdVariant * params,int * num_params)1352 static int cmd_parse_params(const char *data, const char *schema,
1353 GdbCmdVariant *params, int *num_params)
1354 {
1355 int curr_param;
1356 const char *curr_schema, *curr_data;
1357
1358 *num_params = 0;
1359
1360 if (!schema) {
1361 return 0;
1362 }
1363
1364 curr_schema = schema;
1365 curr_param = 0;
1366 curr_data = data;
1367 while (curr_schema[0] && curr_schema[1] && *curr_data) {
1368 switch (curr_schema[0]) {
1369 case 'l':
1370 if (qemu_strtoul(curr_data, &curr_data, 16,
1371 ¶ms[curr_param].val_ul)) {
1372 return -EINVAL;
1373 }
1374 curr_param++;
1375 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1376 break;
1377 case 'L':
1378 if (qemu_strtou64(curr_data, &curr_data, 16,
1379 (uint64_t *)¶ms[curr_param].val_ull)) {
1380 return -EINVAL;
1381 }
1382 curr_param++;
1383 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1384 break;
1385 case 's':
1386 params[curr_param].data = curr_data;
1387 curr_param++;
1388 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1389 break;
1390 case 'o':
1391 params[curr_param].opcode = *(uint8_t *)curr_data;
1392 curr_param++;
1393 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1394 break;
1395 case 't':
1396 params[curr_param].thread_id.kind =
1397 read_thread_id(curr_data, &curr_data,
1398 ¶ms[curr_param].thread_id.pid,
1399 ¶ms[curr_param].thread_id.tid);
1400 curr_param++;
1401 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1402 break;
1403 case '?':
1404 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1405 break;
1406 default:
1407 return -EINVAL;
1408 }
1409 curr_schema += 2;
1410 }
1411
1412 *num_params = curr_param;
1413 return 0;
1414 }
1415
1416 typedef struct GdbCmdContext {
1417 GdbCmdVariant *params;
1418 int num_params;
1419 } GdbCmdContext;
1420
1421 typedef void (*GdbCmdHandler)(GdbCmdContext *gdb_ctx, void *user_ctx);
1422
1423 /*
1424 * cmd_startswith -> cmd is compared using startswith
1425 *
1426 *
1427 * schema definitions:
1428 * Each schema parameter entry consists of 2 chars,
1429 * the first char represents the parameter type handling
1430 * the second char represents the delimiter for the next parameter
1431 *
1432 * Currently supported schema types:
1433 * 'l' -> unsigned long (stored in .val_ul)
1434 * 'L' -> unsigned long long (stored in .val_ull)
1435 * 's' -> string (stored in .data)
1436 * 'o' -> single char (stored in .opcode)
1437 * 't' -> thread id (stored in .thread_id)
1438 * '?' -> skip according to delimiter
1439 *
1440 * Currently supported delimiters:
1441 * '?' -> Stop at any delimiter (",;:=\0")
1442 * '0' -> Stop at "\0"
1443 * '.' -> Skip 1 char unless reached "\0"
1444 * Any other value is treated as the delimiter value itself
1445 */
1446 typedef struct GdbCmdParseEntry {
1447 GdbCmdHandler handler;
1448 const char *cmd;
1449 bool cmd_startswith;
1450 const char *schema;
1451 } GdbCmdParseEntry;
1452
startswith(const char * string,const char * pattern)1453 static inline int startswith(const char *string, const char *pattern)
1454 {
1455 return !strncmp(string, pattern, strlen(pattern));
1456 }
1457
process_string_cmd(void * user_ctx,const char * data,const GdbCmdParseEntry * cmds,int num_cmds)1458 static int process_string_cmd(void *user_ctx, const char *data,
1459 const GdbCmdParseEntry *cmds, int num_cmds)
1460 {
1461 int i, schema_len, max_num_params = 0;
1462 GdbCmdContext gdb_ctx;
1463
1464 if (!cmds) {
1465 return -1;
1466 }
1467
1468 for (i = 0; i < num_cmds; i++) {
1469 const GdbCmdParseEntry *cmd = &cmds[i];
1470 g_assert(cmd->handler && cmd->cmd);
1471
1472 if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1473 (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1474 continue;
1475 }
1476
1477 if (cmd->schema) {
1478 schema_len = strlen(cmd->schema);
1479 if (schema_len % 2) {
1480 return -2;
1481 }
1482
1483 max_num_params = schema_len / 2;
1484 }
1485
1486 gdb_ctx.params =
1487 (GdbCmdVariant *)alloca(sizeof(*gdb_ctx.params) * max_num_params);
1488 memset(gdb_ctx.params, 0, sizeof(*gdb_ctx.params) * max_num_params);
1489
1490 if (cmd_parse_params(&data[strlen(cmd->cmd)], cmd->schema,
1491 gdb_ctx.params, &gdb_ctx.num_params)) {
1492 return -1;
1493 }
1494
1495 cmd->handler(&gdb_ctx, user_ctx);
1496 return 0;
1497 }
1498
1499 return -1;
1500 }
1501
run_cmd_parser(const char * data,const GdbCmdParseEntry * cmd)1502 static void run_cmd_parser(const char *data, const GdbCmdParseEntry *cmd)
1503 {
1504 if (!data) {
1505 return;
1506 }
1507
1508 g_string_set_size(gdbserver_state.str_buf, 0);
1509 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1510
1511 /* In case there was an error during the command parsing we must
1512 * send a NULL packet to indicate the command is not supported */
1513 if (process_string_cmd(NULL, data, cmd, 1)) {
1514 put_packet("");
1515 }
1516 }
1517
handle_detach(GdbCmdContext * gdb_ctx,void * user_ctx)1518 static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
1519 {
1520 GDBProcess *process;
1521 uint32_t pid = 1;
1522
1523 if (gdbserver_state.multiprocess) {
1524 if (!gdb_ctx->num_params) {
1525 put_packet("E22");
1526 return;
1527 }
1528
1529 pid = gdb_ctx->params[0].val_ul;
1530 }
1531
1532 process = gdb_get_process(pid);
1533 gdb_process_breakpoint_remove_all(process);
1534 process->attached = false;
1535
1536 if (pid == gdb_get_cpu_pid(gdbserver_state.c_cpu)) {
1537 gdbserver_state.c_cpu = gdb_first_attached_cpu();
1538 }
1539
1540 if (pid == gdb_get_cpu_pid(gdbserver_state.g_cpu)) {
1541 gdbserver_state.g_cpu = gdb_first_attached_cpu();
1542 }
1543
1544 if (!gdbserver_state.c_cpu) {
1545 /* No more process attached */
1546 gdb_syscall_mode = GDB_SYS_DISABLED;
1547 gdb_continue();
1548 }
1549 put_packet("OK");
1550 }
1551
handle_thread_alive(GdbCmdContext * gdb_ctx,void * user_ctx)1552 static void handle_thread_alive(GdbCmdContext *gdb_ctx, void *user_ctx)
1553 {
1554 CPUState *cpu;
1555
1556 if (!gdb_ctx->num_params) {
1557 put_packet("E22");
1558 return;
1559 }
1560
1561 if (gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
1562 put_packet("E22");
1563 return;
1564 }
1565
1566 cpu = gdb_get_cpu(gdb_ctx->params[0].thread_id.pid,
1567 gdb_ctx->params[0].thread_id.tid);
1568 if (!cpu) {
1569 put_packet("E22");
1570 return;
1571 }
1572
1573 put_packet("OK");
1574 }
1575
handle_continue(GdbCmdContext * gdb_ctx,void * user_ctx)1576 static void handle_continue(GdbCmdContext *gdb_ctx, void *user_ctx)
1577 {
1578 if (gdb_ctx->num_params) {
1579 gdb_set_cpu_pc(gdb_ctx->params[0].val_ull);
1580 }
1581
1582 gdbserver_state.signal = 0;
1583 gdb_continue();
1584 }
1585
handle_cont_with_sig(GdbCmdContext * gdb_ctx,void * user_ctx)1586 static void handle_cont_with_sig(GdbCmdContext *gdb_ctx, void *user_ctx)
1587 {
1588 unsigned long signal = 0;
1589
1590 /*
1591 * Note: C sig;[addr] is currently unsupported and we simply
1592 * omit the addr parameter
1593 */
1594 if (gdb_ctx->num_params) {
1595 signal = gdb_ctx->params[0].val_ul;
1596 }
1597
1598 gdbserver_state.signal = gdb_signal_to_target(signal);
1599 if (gdbserver_state.signal == -1) {
1600 gdbserver_state.signal = 0;
1601 }
1602 gdb_continue();
1603 }
1604
handle_set_thread(GdbCmdContext * gdb_ctx,void * user_ctx)1605 static void handle_set_thread(GdbCmdContext *gdb_ctx, void *user_ctx)
1606 {
1607 CPUState *cpu;
1608
1609 if (gdb_ctx->num_params != 2) {
1610 put_packet("E22");
1611 return;
1612 }
1613
1614 if (gdb_ctx->params[1].thread_id.kind == GDB_READ_THREAD_ERR) {
1615 put_packet("E22");
1616 return;
1617 }
1618
1619 if (gdb_ctx->params[1].thread_id.kind != GDB_ONE_THREAD) {
1620 put_packet("OK");
1621 return;
1622 }
1623
1624 cpu = gdb_get_cpu(gdb_ctx->params[1].thread_id.pid,
1625 gdb_ctx->params[1].thread_id.tid);
1626 if (!cpu) {
1627 put_packet("E22");
1628 return;
1629 }
1630
1631 /*
1632 * Note: This command is deprecated and modern gdb's will be using the
1633 * vCont command instead.
1634 */
1635 switch (gdb_ctx->params[0].opcode) {
1636 case 'c':
1637 gdbserver_state.c_cpu = cpu;
1638 put_packet("OK");
1639 break;
1640 case 'g':
1641 gdbserver_state.g_cpu = cpu;
1642 put_packet("OK");
1643 break;
1644 default:
1645 put_packet("E22");
1646 break;
1647 }
1648 }
1649
handle_insert_bp(GdbCmdContext * gdb_ctx,void * user_ctx)1650 static void handle_insert_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1651 {
1652 int res;
1653
1654 if (gdb_ctx->num_params != 3) {
1655 put_packet("E22");
1656 return;
1657 }
1658
1659 res = gdb_breakpoint_insert(gdb_ctx->params[0].val_ul,
1660 gdb_ctx->params[1].val_ull,
1661 gdb_ctx->params[2].val_ull);
1662 if (res >= 0) {
1663 put_packet("OK");
1664 return;
1665 } else if (res == -ENOSYS) {
1666 put_packet("");
1667 return;
1668 }
1669
1670 put_packet("E22");
1671 }
1672
handle_remove_bp(GdbCmdContext * gdb_ctx,void * user_ctx)1673 static void handle_remove_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1674 {
1675 int res;
1676
1677 if (gdb_ctx->num_params != 3) {
1678 put_packet("E22");
1679 return;
1680 }
1681
1682 res = gdb_breakpoint_remove(gdb_ctx->params[0].val_ul,
1683 gdb_ctx->params[1].val_ull,
1684 gdb_ctx->params[2].val_ull);
1685 if (res >= 0) {
1686 put_packet("OK");
1687 return;
1688 } else if (res == -ENOSYS) {
1689 put_packet("");
1690 return;
1691 }
1692
1693 put_packet("E22");
1694 }
1695
1696 /*
1697 * handle_set/get_reg
1698 *
1699 * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1700 * This works, but can be very slow. Anything new enough to understand
1701 * XML also knows how to use this properly. However to use this we
1702 * need to define a local XML file as well as be talking to a
1703 * reasonably modern gdb. Responding with an empty packet will cause
1704 * the remote gdb to fallback to older methods.
1705 */
1706
handle_set_reg(GdbCmdContext * gdb_ctx,void * user_ctx)1707 static void handle_set_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1708 {
1709 int reg_size;
1710
1711 if (!gdb_has_xml) {
1712 put_packet("");
1713 return;
1714 }
1715
1716 if (gdb_ctx->num_params != 2) {
1717 put_packet("E22");
1718 return;
1719 }
1720
1721 reg_size = strlen(gdb_ctx->params[1].data) / 2;
1722 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[1].data, reg_size);
1723 gdb_write_register(gdbserver_state.g_cpu, gdbserver_state.mem_buf->data,
1724 gdb_ctx->params[0].val_ull);
1725 put_packet("OK");
1726 }
1727
handle_get_reg(GdbCmdContext * gdb_ctx,void * user_ctx)1728 static void handle_get_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1729 {
1730 int reg_size;
1731
1732 if (!gdb_has_xml) {
1733 put_packet("");
1734 return;
1735 }
1736
1737 if (!gdb_ctx->num_params) {
1738 put_packet("E14");
1739 return;
1740 }
1741
1742 reg_size = gdb_read_register(gdbserver_state.g_cpu,
1743 gdbserver_state.mem_buf,
1744 gdb_ctx->params[0].val_ull);
1745 if (!reg_size) {
1746 put_packet("E14");
1747 return;
1748 } else {
1749 g_byte_array_set_size(gdbserver_state.mem_buf, reg_size);
1750 }
1751
1752 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, reg_size);
1753 put_strbuf();
1754 }
1755
handle_write_mem(GdbCmdContext * gdb_ctx,void * user_ctx)1756 static void handle_write_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1757 {
1758 if (gdb_ctx->num_params != 3) {
1759 put_packet("E22");
1760 return;
1761 }
1762
1763 /* hextomem() reads 2*len bytes */
1764 if (gdb_ctx->params[1].val_ull > strlen(gdb_ctx->params[2].data) / 2) {
1765 put_packet("E22");
1766 return;
1767 }
1768
1769 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[2].data,
1770 gdb_ctx->params[1].val_ull);
1771 if (target_memory_rw_debug(gdbserver_state.g_cpu, gdb_ctx->params[0].val_ull,
1772 gdbserver_state.mem_buf->data,
1773 gdbserver_state.mem_buf->len, true)) {
1774 put_packet("E14");
1775 return;
1776 }
1777
1778 put_packet("OK");
1779 }
1780
handle_read_mem(GdbCmdContext * gdb_ctx,void * user_ctx)1781 static void handle_read_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1782 {
1783 if (gdb_ctx->num_params != 2) {
1784 put_packet("E22");
1785 return;
1786 }
1787
1788 /* memtohex() doubles the required space */
1789 if (gdb_ctx->params[1].val_ull > MAX_PACKET_LENGTH / 2) {
1790 put_packet("E22");
1791 return;
1792 }
1793
1794 g_byte_array_set_size(gdbserver_state.mem_buf, gdb_ctx->params[1].val_ull);
1795
1796 if (target_memory_rw_debug(gdbserver_state.g_cpu, gdb_ctx->params[0].val_ull,
1797 gdbserver_state.mem_buf->data,
1798 gdbserver_state.mem_buf->len, false)) {
1799 put_packet("E14");
1800 return;
1801 }
1802
1803 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data,
1804 gdbserver_state.mem_buf->len);
1805 put_strbuf();
1806 }
1807
handle_write_all_regs(GdbCmdContext * gdb_ctx,void * user_ctx)1808 static void handle_write_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1809 {
1810 target_ulong addr, len;
1811 uint8_t *registers;
1812 int reg_size;
1813
1814 if (!gdb_ctx->num_params) {
1815 return;
1816 }
1817
1818 cpu_synchronize_state(gdbserver_state.g_cpu);
1819 len = strlen(gdb_ctx->params[0].data) / 2;
1820 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[0].data, len);
1821 registers = gdbserver_state.mem_buf->data;
1822 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs && len > 0;
1823 addr++) {
1824 reg_size = gdb_write_register(gdbserver_state.g_cpu, registers, addr);
1825 len -= reg_size;
1826 registers += reg_size;
1827 }
1828 put_packet("OK");
1829 }
1830
handle_read_all_regs(GdbCmdContext * gdb_ctx,void * user_ctx)1831 static void handle_read_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1832 {
1833 target_ulong addr, len;
1834
1835 cpu_synchronize_state(gdbserver_state.g_cpu);
1836 g_byte_array_set_size(gdbserver_state.mem_buf, 0);
1837 len = 0;
1838 for (addr = 0; addr < gdbserver_state.g_cpu->gdb_num_g_regs; addr++) {
1839 len += gdb_read_register(gdbserver_state.g_cpu,
1840 gdbserver_state.mem_buf,
1841 addr);
1842 }
1843 g_assert(len == gdbserver_state.mem_buf->len);
1844
1845 memtohex(gdbserver_state.str_buf, gdbserver_state.mem_buf->data, len);
1846 put_strbuf();
1847 }
1848
handle_file_io(GdbCmdContext * gdb_ctx,void * user_ctx)1849 static void handle_file_io(GdbCmdContext *gdb_ctx, void *user_ctx)
1850 {
1851 if (gdb_ctx->num_params >= 1 && gdbserver_state.current_syscall_cb) {
1852 target_ulong ret, err;
1853
1854 ret = (target_ulong)gdb_ctx->params[0].val_ull;
1855 if (gdb_ctx->num_params >= 2) {
1856 err = (target_ulong)gdb_ctx->params[1].val_ull;
1857 } else {
1858 err = 0;
1859 }
1860 gdbserver_state.current_syscall_cb(gdbserver_state.c_cpu, ret, err);
1861 gdbserver_state.current_syscall_cb = NULL;
1862 }
1863
1864 if (gdb_ctx->num_params >= 3 && gdb_ctx->params[2].opcode == (uint8_t)'C') {
1865 put_packet("T02");
1866 return;
1867 }
1868
1869 gdb_continue();
1870 }
1871
handle_step(GdbCmdContext * gdb_ctx,void * user_ctx)1872 static void handle_step(GdbCmdContext *gdb_ctx, void *user_ctx)
1873 {
1874 if (gdb_ctx->num_params) {
1875 gdb_set_cpu_pc((target_ulong)gdb_ctx->params[0].val_ull);
1876 }
1877
1878 cpu_single_step(gdbserver_state.c_cpu, sstep_flags);
1879 gdb_continue();
1880 }
1881
handle_v_cont_query(GdbCmdContext * gdb_ctx,void * user_ctx)1882 static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
1883 {
1884 put_packet("vCont;c;C;s;S");
1885 }
1886
handle_v_cont(GdbCmdContext * gdb_ctx,void * user_ctx)1887 static void handle_v_cont(GdbCmdContext *gdb_ctx, void *user_ctx)
1888 {
1889 int res;
1890
1891 if (!gdb_ctx->num_params) {
1892 return;
1893 }
1894
1895 res = gdb_handle_vcont(gdb_ctx->params[0].data);
1896 if ((res == -EINVAL) || (res == -ERANGE)) {
1897 put_packet("E22");
1898 } else if (res) {
1899 put_packet("");
1900 }
1901 }
1902
handle_v_attach(GdbCmdContext * gdb_ctx,void * user_ctx)1903 static void handle_v_attach(GdbCmdContext *gdb_ctx, void *user_ctx)
1904 {
1905 GDBProcess *process;
1906 CPUState *cpu;
1907
1908 g_string_assign(gdbserver_state.str_buf, "E22");
1909 if (!gdb_ctx->num_params) {
1910 goto cleanup;
1911 }
1912
1913 process = gdb_get_process(gdb_ctx->params[0].val_ul);
1914 if (!process) {
1915 goto cleanup;
1916 }
1917
1918 cpu = get_first_cpu_in_process(process);
1919 if (!cpu) {
1920 goto cleanup;
1921 }
1922
1923 process->attached = true;
1924 gdbserver_state.g_cpu = cpu;
1925 gdbserver_state.c_cpu = cpu;
1926
1927 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
1928 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
1929 g_string_append_c(gdbserver_state.str_buf, ';');
1930 cleanup:
1931 put_strbuf();
1932 }
1933
handle_v_kill(GdbCmdContext * gdb_ctx,void * user_ctx)1934 static void handle_v_kill(GdbCmdContext *gdb_ctx, void *user_ctx)
1935 {
1936 /* Kill the target */
1937 put_packet("OK");
1938 error_report("QEMU: Terminated via GDBstub");
1939 exit(0);
1940 }
1941
1942 static GdbCmdParseEntry gdb_v_commands_table[] = {
1943 /* Order is important if has same prefix */
1944 {
1945 .handler = handle_v_cont_query,
1946 .cmd = "Cont?",
1947 .cmd_startswith = 1
1948 },
1949 {
1950 .handler = handle_v_cont,
1951 .cmd = "Cont",
1952 .cmd_startswith = 1,
1953 .schema = "s0"
1954 },
1955 {
1956 .handler = handle_v_attach,
1957 .cmd = "Attach;",
1958 .cmd_startswith = 1,
1959 .schema = "l0"
1960 },
1961 {
1962 .handler = handle_v_kill,
1963 .cmd = "Kill;",
1964 .cmd_startswith = 1
1965 },
1966 };
1967
handle_v_commands(GdbCmdContext * gdb_ctx,void * user_ctx)1968 static void handle_v_commands(GdbCmdContext *gdb_ctx, void *user_ctx)
1969 {
1970 if (!gdb_ctx->num_params) {
1971 return;
1972 }
1973
1974 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
1975 gdb_v_commands_table,
1976 ARRAY_SIZE(gdb_v_commands_table))) {
1977 put_packet("");
1978 }
1979 }
1980
handle_query_qemu_sstepbits(GdbCmdContext * gdb_ctx,void * user_ctx)1981 static void handle_query_qemu_sstepbits(GdbCmdContext *gdb_ctx, void *user_ctx)
1982 {
1983 g_string_printf(gdbserver_state.str_buf, "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1984 SSTEP_ENABLE, SSTEP_NOIRQ, SSTEP_NOTIMER);
1985 put_strbuf();
1986 }
1987
handle_set_qemu_sstep(GdbCmdContext * gdb_ctx,void * user_ctx)1988 static void handle_set_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1989 {
1990 if (!gdb_ctx->num_params) {
1991 return;
1992 }
1993
1994 sstep_flags = gdb_ctx->params[0].val_ul;
1995 put_packet("OK");
1996 }
1997
handle_query_qemu_sstep(GdbCmdContext * gdb_ctx,void * user_ctx)1998 static void handle_query_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1999 {
2000 g_string_printf(gdbserver_state.str_buf, "0x%x", sstep_flags);
2001 put_strbuf();
2002 }
2003
handle_query_curr_tid(GdbCmdContext * gdb_ctx,void * user_ctx)2004 static void handle_query_curr_tid(GdbCmdContext *gdb_ctx, void *user_ctx)
2005 {
2006 CPUState *cpu;
2007 GDBProcess *process;
2008
2009 /*
2010 * "Current thread" remains vague in the spec, so always return
2011 * the first thread of the current process (gdb returns the
2012 * first thread).
2013 */
2014 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2015 cpu = get_first_cpu_in_process(process);
2016 g_string_assign(gdbserver_state.str_buf, "QC");
2017 gdb_append_thread_id(cpu, gdbserver_state.str_buf);
2018 put_strbuf();
2019 }
2020
handle_query_threads(GdbCmdContext * gdb_ctx,void * user_ctx)2021 static void handle_query_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
2022 {
2023 if (!gdbserver_state.query_cpu) {
2024 put_packet("l");
2025 return;
2026 }
2027
2028 g_string_assign(gdbserver_state.str_buf, "m");
2029 gdb_append_thread_id(gdbserver_state.query_cpu, gdbserver_state.str_buf);
2030 put_strbuf();
2031 gdbserver_state.query_cpu = gdb_next_attached_cpu(gdbserver_state.query_cpu);
2032 }
2033
handle_query_first_threads(GdbCmdContext * gdb_ctx,void * user_ctx)2034 static void handle_query_first_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
2035 {
2036 gdbserver_state.query_cpu = gdb_first_attached_cpu();
2037 handle_query_threads(gdb_ctx, user_ctx);
2038 }
2039
handle_query_thread_extra(GdbCmdContext * gdb_ctx,void * user_ctx)2040 static void handle_query_thread_extra(GdbCmdContext *gdb_ctx, void *user_ctx)
2041 {
2042 g_autoptr(GString) rs = g_string_new(NULL);
2043 CPUState *cpu;
2044
2045 if (!gdb_ctx->num_params ||
2046 gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
2047 put_packet("E22");
2048 return;
2049 }
2050
2051 cpu = gdb_get_cpu(gdb_ctx->params[0].thread_id.pid,
2052 gdb_ctx->params[0].thread_id.tid);
2053 if (!cpu) {
2054 return;
2055 }
2056
2057 cpu_synchronize_state(cpu);
2058
2059 if (gdbserver_state.multiprocess && (gdbserver_state.process_num > 1)) {
2060 /* Print the CPU model and name in multiprocess mode */
2061 ObjectClass *oc = object_get_class(OBJECT(cpu));
2062 const char *cpu_model = object_class_get_name(oc);
2063 g_autofree char *cpu_name;
2064 cpu_name = object_get_canonical_path_component(OBJECT(cpu));
2065 g_string_printf(rs, "%s %s [%s]", cpu_model, cpu_name,
2066 cpu->halted ? "halted " : "running");
2067 } else {
2068 g_string_printf(rs, "CPU#%d [%s]", cpu->cpu_index,
2069 cpu->halted ? "halted " : "running");
2070 }
2071 trace_gdbstub_op_extra_info(rs->str);
2072 memtohex(gdbserver_state.str_buf, (uint8_t *)rs->str, rs->len);
2073 put_strbuf();
2074 }
2075
2076 #ifdef CONFIG_USER_ONLY
handle_query_offsets(GdbCmdContext * gdb_ctx,void * user_ctx)2077 static void handle_query_offsets(GdbCmdContext *gdb_ctx, void *user_ctx)
2078 {
2079 TaskState *ts;
2080
2081 ts = gdbserver_state.c_cpu->opaque;
2082 g_string_printf(gdbserver_state.str_buf,
2083 "Text=" TARGET_ABI_FMT_lx
2084 ";Data=" TARGET_ABI_FMT_lx
2085 ";Bss=" TARGET_ABI_FMT_lx,
2086 ts->info->code_offset,
2087 ts->info->data_offset,
2088 ts->info->data_offset);
2089 put_strbuf();
2090 }
2091 #else
handle_query_rcmd(GdbCmdContext * gdb_ctx,void * user_ctx)2092 static void handle_query_rcmd(GdbCmdContext *gdb_ctx, void *user_ctx)
2093 {
2094 const guint8 zero = 0;
2095 int len;
2096
2097 if (!gdb_ctx->num_params) {
2098 put_packet("E22");
2099 return;
2100 }
2101
2102 len = strlen(gdb_ctx->params[0].data);
2103 if (len % 2) {
2104 put_packet("E01");
2105 return;
2106 }
2107
2108 g_assert(gdbserver_state.mem_buf->len == 0);
2109 len = len / 2;
2110 hextomem(gdbserver_state.mem_buf, gdb_ctx->params[0].data, len);
2111 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
2112 qemu_chr_be_write(gdbserver_state.mon_chr, gdbserver_state.mem_buf->data,
2113 gdbserver_state.mem_buf->len);
2114 put_packet("OK");
2115 }
2116 #endif
2117
handle_query_supported(GdbCmdContext * gdb_ctx,void * user_ctx)2118 static void handle_query_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2119 {
2120 CPUClass *cc;
2121
2122 g_string_printf(gdbserver_state.str_buf, "PacketSize=%x", MAX_PACKET_LENGTH);
2123 cc = CPU_GET_CLASS(first_cpu);
2124 if (cc->gdb_core_xml_file) {
2125 g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
2126 }
2127
2128 if (gdb_ctx->num_params &&
2129 strstr(gdb_ctx->params[0].data, "multiprocess+")) {
2130 gdbserver_state.multiprocess = true;
2131 }
2132
2133 g_string_append(gdbserver_state.str_buf, ";vContSupported+;multiprocess+");
2134 put_strbuf();
2135 }
2136
handle_query_xfer_features(GdbCmdContext * gdb_ctx,void * user_ctx)2137 static void handle_query_xfer_features(GdbCmdContext *gdb_ctx, void *user_ctx)
2138 {
2139 GDBProcess *process;
2140 CPUClass *cc;
2141 unsigned long len, total_len, addr;
2142 const char *xml;
2143 const char *p;
2144
2145 if (gdb_ctx->num_params < 3) {
2146 put_packet("E22");
2147 return;
2148 }
2149
2150 process = gdb_get_cpu_process(gdbserver_state.g_cpu);
2151 cc = CPU_GET_CLASS(gdbserver_state.g_cpu);
2152 if (!cc->gdb_core_xml_file) {
2153 put_packet("");
2154 return;
2155 }
2156
2157 gdb_has_xml = true;
2158 p = gdb_ctx->params[0].data;
2159 xml = get_feature_xml(p, &p, process);
2160 if (!xml) {
2161 put_packet("E00");
2162 return;
2163 }
2164
2165 addr = gdb_ctx->params[1].val_ul;
2166 len = gdb_ctx->params[2].val_ul;
2167 total_len = strlen(xml);
2168 if (addr > total_len) {
2169 put_packet("E00");
2170 return;
2171 }
2172
2173 if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2174 len = (MAX_PACKET_LENGTH - 5) / 2;
2175 }
2176
2177 if (len < total_len - addr) {
2178 g_string_assign(gdbserver_state.str_buf, "m");
2179 memtox(gdbserver_state.str_buf, xml + addr, len);
2180 } else {
2181 g_string_assign(gdbserver_state.str_buf, "l");
2182 memtox(gdbserver_state.str_buf, xml + addr, total_len - addr);
2183 }
2184
2185 put_packet_binary(gdbserver_state.str_buf->str,
2186 gdbserver_state.str_buf->len, true);
2187 }
2188
handle_query_attached(GdbCmdContext * gdb_ctx,void * user_ctx)2189 static void handle_query_attached(GdbCmdContext *gdb_ctx, void *user_ctx)
2190 {
2191 put_packet(GDB_ATTACHED);
2192 }
2193
handle_query_qemu_supported(GdbCmdContext * gdb_ctx,void * user_ctx)2194 static void handle_query_qemu_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2195 {
2196 g_string_printf(gdbserver_state.str_buf, "sstepbits;sstep");
2197 #ifndef CONFIG_USER_ONLY
2198 g_string_append(gdbserver_state.str_buf, ";PhyMemMode");
2199 #endif
2200 put_strbuf();
2201 }
2202
2203 #ifndef CONFIG_USER_ONLY
handle_query_qemu_phy_mem_mode(GdbCmdContext * gdb_ctx,void * user_ctx)2204 static void handle_query_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx,
2205 void *user_ctx)
2206 {
2207 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
2208 put_strbuf();
2209 }
2210
handle_set_qemu_phy_mem_mode(GdbCmdContext * gdb_ctx,void * user_ctx)2211 static void handle_set_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx, void *user_ctx)
2212 {
2213 if (!gdb_ctx->num_params) {
2214 put_packet("E22");
2215 return;
2216 }
2217
2218 if (!gdb_ctx->params[0].val_ul) {
2219 phy_memory_mode = 0;
2220 } else {
2221 phy_memory_mode = 1;
2222 }
2223 put_packet("OK");
2224 }
2225 #endif
2226
2227 static GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2228 /* Order is important if has same prefix */
2229 {
2230 .handler = handle_query_qemu_sstepbits,
2231 .cmd = "qemu.sstepbits",
2232 },
2233 {
2234 .handler = handle_query_qemu_sstep,
2235 .cmd = "qemu.sstep",
2236 },
2237 {
2238 .handler = handle_set_qemu_sstep,
2239 .cmd = "qemu.sstep=",
2240 .cmd_startswith = 1,
2241 .schema = "l0"
2242 },
2243 };
2244
2245 static GdbCmdParseEntry gdb_gen_query_table[] = {
2246 {
2247 .handler = handle_query_curr_tid,
2248 .cmd = "C",
2249 },
2250 {
2251 .handler = handle_query_threads,
2252 .cmd = "sThreadInfo",
2253 },
2254 {
2255 .handler = handle_query_first_threads,
2256 .cmd = "fThreadInfo",
2257 },
2258 {
2259 .handler = handle_query_thread_extra,
2260 .cmd = "ThreadExtraInfo,",
2261 .cmd_startswith = 1,
2262 .schema = "t0"
2263 },
2264 #ifdef CONFIG_USER_ONLY
2265 {
2266 .handler = handle_query_offsets,
2267 .cmd = "Offsets",
2268 },
2269 #else
2270 {
2271 .handler = handle_query_rcmd,
2272 .cmd = "Rcmd,",
2273 .cmd_startswith = 1,
2274 .schema = "s0"
2275 },
2276 #endif
2277 {
2278 .handler = handle_query_supported,
2279 .cmd = "Supported:",
2280 .cmd_startswith = 1,
2281 .schema = "s0"
2282 },
2283 {
2284 .handler = handle_query_supported,
2285 .cmd = "Supported",
2286 .schema = "s0"
2287 },
2288 {
2289 .handler = handle_query_xfer_features,
2290 .cmd = "Xfer:features:read:",
2291 .cmd_startswith = 1,
2292 .schema = "s:l,l0"
2293 },
2294 {
2295 .handler = handle_query_attached,
2296 .cmd = "Attached:",
2297 .cmd_startswith = 1
2298 },
2299 {
2300 .handler = handle_query_attached,
2301 .cmd = "Attached",
2302 },
2303 {
2304 .handler = handle_query_qemu_supported,
2305 .cmd = "qemu.Supported",
2306 },
2307 #ifndef CONFIG_USER_ONLY
2308 {
2309 .handler = handle_query_qemu_phy_mem_mode,
2310 .cmd = "qemu.PhyMemMode",
2311 },
2312 #endif
2313 };
2314
2315 static GdbCmdParseEntry gdb_gen_set_table[] = {
2316 /* Order is important if has same prefix */
2317 {
2318 .handler = handle_set_qemu_sstep,
2319 .cmd = "qemu.sstep:",
2320 .cmd_startswith = 1,
2321 .schema = "l0"
2322 },
2323 #ifndef CONFIG_USER_ONLY
2324 {
2325 .handler = handle_set_qemu_phy_mem_mode,
2326 .cmd = "qemu.PhyMemMode:",
2327 .cmd_startswith = 1,
2328 .schema = "l0"
2329 },
2330 #endif
2331 };
2332
handle_gen_query(GdbCmdContext * gdb_ctx,void * user_ctx)2333 static void handle_gen_query(GdbCmdContext *gdb_ctx, void *user_ctx)
2334 {
2335 if (!gdb_ctx->num_params) {
2336 return;
2337 }
2338
2339 if (!process_string_cmd(NULL, gdb_ctx->params[0].data,
2340 gdb_gen_query_set_common_table,
2341 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2342 return;
2343 }
2344
2345 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
2346 gdb_gen_query_table,
2347 ARRAY_SIZE(gdb_gen_query_table))) {
2348 put_packet("");
2349 }
2350 }
2351
handle_gen_set(GdbCmdContext * gdb_ctx,void * user_ctx)2352 static void handle_gen_set(GdbCmdContext *gdb_ctx, void *user_ctx)
2353 {
2354 if (!gdb_ctx->num_params) {
2355 return;
2356 }
2357
2358 if (!process_string_cmd(NULL, gdb_ctx->params[0].data,
2359 gdb_gen_query_set_common_table,
2360 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2361 return;
2362 }
2363
2364 if (process_string_cmd(NULL, gdb_ctx->params[0].data,
2365 gdb_gen_set_table,
2366 ARRAY_SIZE(gdb_gen_set_table))) {
2367 put_packet("");
2368 }
2369 }
2370
handle_target_halt(GdbCmdContext * gdb_ctx,void * user_ctx)2371 static void handle_target_halt(GdbCmdContext *gdb_ctx, void *user_ctx)
2372 {
2373 g_string_printf(gdbserver_state.str_buf, "T%02xthread:", GDB_SIGNAL_TRAP);
2374 gdb_append_thread_id(gdbserver_state.c_cpu, gdbserver_state.str_buf);
2375 g_string_append_c(gdbserver_state.str_buf, ';');
2376 put_strbuf();
2377 /*
2378 * Remove all the breakpoints when this query is issued,
2379 * because gdb is doing an initial connect and the state
2380 * should be cleaned up.
2381 */
2382 gdb_breakpoint_remove_all();
2383 }
2384
gdb_handle_packet(const char * line_buf)2385 static int gdb_handle_packet(const char *line_buf)
2386 {
2387 const GdbCmdParseEntry *cmd_parser = NULL;
2388
2389 trace_gdbstub_io_command(line_buf);
2390
2391 switch (line_buf[0]) {
2392 case '!':
2393 put_packet("OK");
2394 break;
2395 case '?':
2396 {
2397 static const GdbCmdParseEntry target_halted_cmd_desc = {
2398 .handler = handle_target_halt,
2399 .cmd = "?",
2400 .cmd_startswith = 1
2401 };
2402 cmd_parser = &target_halted_cmd_desc;
2403 }
2404 break;
2405 case 'c':
2406 {
2407 static const GdbCmdParseEntry continue_cmd_desc = {
2408 .handler = handle_continue,
2409 .cmd = "c",
2410 .cmd_startswith = 1,
2411 .schema = "L0"
2412 };
2413 cmd_parser = &continue_cmd_desc;
2414 }
2415 break;
2416 case 'C':
2417 {
2418 static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2419 .handler = handle_cont_with_sig,
2420 .cmd = "C",
2421 .cmd_startswith = 1,
2422 .schema = "l0"
2423 };
2424 cmd_parser = &cont_with_sig_cmd_desc;
2425 }
2426 break;
2427 case 'v':
2428 {
2429 static const GdbCmdParseEntry v_cmd_desc = {
2430 .handler = handle_v_commands,
2431 .cmd = "v",
2432 .cmd_startswith = 1,
2433 .schema = "s0"
2434 };
2435 cmd_parser = &v_cmd_desc;
2436 }
2437 break;
2438 case 'k':
2439 /* Kill the target */
2440 error_report("QEMU: Terminated via GDBstub");
2441 exit(0);
2442 case 'D':
2443 {
2444 static const GdbCmdParseEntry detach_cmd_desc = {
2445 .handler = handle_detach,
2446 .cmd = "D",
2447 .cmd_startswith = 1,
2448 .schema = "?.l0"
2449 };
2450 cmd_parser = &detach_cmd_desc;
2451 }
2452 break;
2453 case 's':
2454 {
2455 static const GdbCmdParseEntry step_cmd_desc = {
2456 .handler = handle_step,
2457 .cmd = "s",
2458 .cmd_startswith = 1,
2459 .schema = "L0"
2460 };
2461 cmd_parser = &step_cmd_desc;
2462 }
2463 break;
2464 case 'F':
2465 {
2466 static const GdbCmdParseEntry file_io_cmd_desc = {
2467 .handler = handle_file_io,
2468 .cmd = "F",
2469 .cmd_startswith = 1,
2470 .schema = "L,L,o0"
2471 };
2472 cmd_parser = &file_io_cmd_desc;
2473 }
2474 break;
2475 case 'g':
2476 {
2477 static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2478 .handler = handle_read_all_regs,
2479 .cmd = "g",
2480 .cmd_startswith = 1
2481 };
2482 cmd_parser = &read_all_regs_cmd_desc;
2483 }
2484 break;
2485 case 'G':
2486 {
2487 static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2488 .handler = handle_write_all_regs,
2489 .cmd = "G",
2490 .cmd_startswith = 1,
2491 .schema = "s0"
2492 };
2493 cmd_parser = &write_all_regs_cmd_desc;
2494 }
2495 break;
2496 case 'm':
2497 {
2498 static const GdbCmdParseEntry read_mem_cmd_desc = {
2499 .handler = handle_read_mem,
2500 .cmd = "m",
2501 .cmd_startswith = 1,
2502 .schema = "L,L0"
2503 };
2504 cmd_parser = &read_mem_cmd_desc;
2505 }
2506 break;
2507 case 'M':
2508 {
2509 static const GdbCmdParseEntry write_mem_cmd_desc = {
2510 .handler = handle_write_mem,
2511 .cmd = "M",
2512 .cmd_startswith = 1,
2513 .schema = "L,L:s0"
2514 };
2515 cmd_parser = &write_mem_cmd_desc;
2516 }
2517 break;
2518 case 'p':
2519 {
2520 static const GdbCmdParseEntry get_reg_cmd_desc = {
2521 .handler = handle_get_reg,
2522 .cmd = "p",
2523 .cmd_startswith = 1,
2524 .schema = "L0"
2525 };
2526 cmd_parser = &get_reg_cmd_desc;
2527 }
2528 break;
2529 case 'P':
2530 {
2531 static const GdbCmdParseEntry set_reg_cmd_desc = {
2532 .handler = handle_set_reg,
2533 .cmd = "P",
2534 .cmd_startswith = 1,
2535 .schema = "L?s0"
2536 };
2537 cmd_parser = &set_reg_cmd_desc;
2538 }
2539 break;
2540 case 'Z':
2541 {
2542 static const GdbCmdParseEntry insert_bp_cmd_desc = {
2543 .handler = handle_insert_bp,
2544 .cmd = "Z",
2545 .cmd_startswith = 1,
2546 .schema = "l?L?L0"
2547 };
2548 cmd_parser = &insert_bp_cmd_desc;
2549 }
2550 break;
2551 case 'z':
2552 {
2553 static const GdbCmdParseEntry remove_bp_cmd_desc = {
2554 .handler = handle_remove_bp,
2555 .cmd = "z",
2556 .cmd_startswith = 1,
2557 .schema = "l?L?L0"
2558 };
2559 cmd_parser = &remove_bp_cmd_desc;
2560 }
2561 break;
2562 case 'H':
2563 {
2564 static const GdbCmdParseEntry set_thread_cmd_desc = {
2565 .handler = handle_set_thread,
2566 .cmd = "H",
2567 .cmd_startswith = 1,
2568 .schema = "o.t0"
2569 };
2570 cmd_parser = &set_thread_cmd_desc;
2571 }
2572 break;
2573 case 'T':
2574 {
2575 static const GdbCmdParseEntry thread_alive_cmd_desc = {
2576 .handler = handle_thread_alive,
2577 .cmd = "T",
2578 .cmd_startswith = 1,
2579 .schema = "t0"
2580 };
2581 cmd_parser = &thread_alive_cmd_desc;
2582 }
2583 break;
2584 case 'q':
2585 {
2586 static const GdbCmdParseEntry gen_query_cmd_desc = {
2587 .handler = handle_gen_query,
2588 .cmd = "q",
2589 .cmd_startswith = 1,
2590 .schema = "s0"
2591 };
2592 cmd_parser = &gen_query_cmd_desc;
2593 }
2594 break;
2595 case 'Q':
2596 {
2597 static const GdbCmdParseEntry gen_set_cmd_desc = {
2598 .handler = handle_gen_set,
2599 .cmd = "Q",
2600 .cmd_startswith = 1,
2601 .schema = "s0"
2602 };
2603 cmd_parser = &gen_set_cmd_desc;
2604 }
2605 break;
2606 default:
2607 /* put empty packet */
2608 put_packet("");
2609 break;
2610 }
2611
2612 if (cmd_parser) {
2613 run_cmd_parser(line_buf, cmd_parser);
2614 }
2615
2616 return RS_IDLE;
2617 }
2618
gdb_set_stop_cpu(CPUState * cpu)2619 void gdb_set_stop_cpu(CPUState *cpu)
2620 {
2621 if (!gdbserver_state.init) {
2622 qemu_log_mask(CPU_LOG_INSTR | CPU_LOG_INT | CPU_LOG_EXEC, "Reached breakpoint!\n");
2623 error_report("No debugger is attached"); /* XXX should drop into
2624 monitor? */
2625 qemu_log_flush();
2626 exit(-1);
2627 }
2628 GDBProcess *p = gdb_get_cpu_process(cpu);
2629
2630 if (!p->attached) {
2631 /*
2632 * Having a stop CPU corresponding to a process that is not attached
2633 * confuses GDB. So we ignore the request.
2634 */
2635 return;
2636 }
2637
2638 gdbserver_state.c_cpu = cpu;
2639 gdbserver_state.g_cpu = cpu;
2640 }
2641
2642 #ifndef CONFIG_USER_ONLY
gdb_vm_state_change(void * opaque,int running,RunState state)2643 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2644 {
2645 CPUState *cpu = gdbserver_state.c_cpu;
2646 g_autoptr(GString) buf = g_string_new(NULL);
2647 g_autoptr(GString) tid = g_string_new(NULL);
2648 const char *type;
2649 int ret;
2650
2651 if (running || gdbserver_state.state == RS_INACTIVE) {
2652 return;
2653 }
2654 /* Is there a GDB syscall waiting to be sent? */
2655 if (gdbserver_state.current_syscall_cb) {
2656 put_packet(gdbserver_state.syscall_buf);
2657 return;
2658 }
2659
2660 if (cpu == NULL) {
2661 /* No process attached */
2662 return;
2663 }
2664
2665 gdb_append_thread_id(cpu, tid);
2666
2667 switch (state) {
2668 case RUN_STATE_DEBUG:
2669 if (cpu->watchpoint_hit) {
2670 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2671 case BP_MEM_READ:
2672 type = "r";
2673 break;
2674 case BP_MEM_ACCESS:
2675 type = "a";
2676 break;
2677 default:
2678 type = "";
2679 break;
2680 }
2681 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2682 (target_ulong)cpu->watchpoint_hit->vaddr);
2683 g_string_printf(buf, "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2684 GDB_SIGNAL_TRAP, tid->str, type,
2685 (target_ulong)cpu->watchpoint_hit->vaddr);
2686 cpu->watchpoint_hit = NULL;
2687 goto send_packet;
2688 } else {
2689 trace_gdbstub_hit_break();
2690 }
2691 tb_flush(cpu);
2692 ret = GDB_SIGNAL_TRAP;
2693 break;
2694 case RUN_STATE_PAUSED:
2695 trace_gdbstub_hit_paused();
2696 ret = GDB_SIGNAL_INT;
2697 break;
2698 case RUN_STATE_SHUTDOWN:
2699 trace_gdbstub_hit_shutdown();
2700 ret = GDB_SIGNAL_QUIT;
2701 break;
2702 case RUN_STATE_IO_ERROR:
2703 trace_gdbstub_hit_io_error();
2704 ret = GDB_SIGNAL_IO;
2705 break;
2706 case RUN_STATE_WATCHDOG:
2707 trace_gdbstub_hit_watchdog();
2708 ret = GDB_SIGNAL_ALRM;
2709 break;
2710 case RUN_STATE_INTERNAL_ERROR:
2711 trace_gdbstub_hit_internal_error();
2712 ret = GDB_SIGNAL_ABRT;
2713 break;
2714 case RUN_STATE_SAVE_VM:
2715 case RUN_STATE_RESTORE_VM:
2716 return;
2717 case RUN_STATE_FINISH_MIGRATE:
2718 ret = GDB_SIGNAL_XCPU;
2719 break;
2720 default:
2721 trace_gdbstub_hit_unknown(state);
2722 ret = GDB_SIGNAL_UNKNOWN;
2723 break;
2724 }
2725 gdb_set_stop_cpu(cpu);
2726 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
2727
2728 send_packet:
2729 put_packet(buf->str);
2730
2731 /* disable single step if it was enabled */
2732 cpu_single_step(cpu, 0);
2733 }
2734 #endif
2735
2736 /* Send a gdb syscall request.
2737 This accepts limited printf-style format specifiers, specifically:
2738 %x - target_ulong argument printed in hex.
2739 %lx - 64-bit argument printed in hex.
2740 %s - string pointer (target_ulong) and length (int) pair. */
gdb_do_syscallv(gdb_syscall_complete_cb cb,const char * fmt,va_list va)2741 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2742 {
2743 char *p;
2744 char *p_end;
2745 target_ulong addr;
2746 uint64_t i64;
2747
2748 if (!gdbserver_state.init) {
2749 return;
2750 }
2751
2752 gdbserver_state.current_syscall_cb = cb;
2753 #ifndef CONFIG_USER_ONLY
2754 vm_stop(RUN_STATE_DEBUG);
2755 #endif
2756 p = &gdbserver_state.syscall_buf[0];
2757 p_end = &gdbserver_state.syscall_buf[sizeof(gdbserver_state.syscall_buf)];
2758 *(p++) = 'F';
2759 while (*fmt) {
2760 if (*fmt == '%') {
2761 fmt++;
2762 switch (*fmt++) {
2763 case 'x':
2764 addr = va_arg(va, target_ulong);
2765 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2766 break;
2767 case 'l':
2768 if (*(fmt++) != 'x')
2769 goto bad_format;
2770 i64 = va_arg(va, uint64_t);
2771 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2772 break;
2773 case 's':
2774 addr = va_arg(va, target_ulong);
2775 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2776 addr, va_arg(va, int));
2777 break;
2778 default:
2779 bad_format:
2780 error_report("gdbstub: Bad syscall format string '%s'",
2781 fmt - 1);
2782 break;
2783 }
2784 } else {
2785 *(p++) = *(fmt++);
2786 }
2787 }
2788 *p = 0;
2789 #ifdef CONFIG_USER_ONLY
2790 put_packet(gdbserver_state.syscall_buf);
2791 /* Return control to gdb for it to process the syscall request.
2792 * Since the protocol requires that gdb hands control back to us
2793 * using a "here are the results" F packet, we don't need to check
2794 * gdb_handlesig's return value (which is the signal to deliver if
2795 * execution was resumed via a continue packet).
2796 */
2797 gdb_handlesig(gdbserver_state.c_cpu, 0);
2798 #else
2799 /* In this case wait to send the syscall packet until notification that
2800 the CPU has stopped. This must be done because if the packet is sent
2801 now the reply from the syscall request could be received while the CPU
2802 is still in the running state, which can cause packets to be dropped
2803 and state transition 'T' packets to be sent while the syscall is still
2804 being processed. */
2805 qemu_cpu_kick(gdbserver_state.c_cpu);
2806 #endif
2807 }
2808
gdb_do_syscall(gdb_syscall_complete_cb cb,const char * fmt,...)2809 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2810 {
2811 va_list va;
2812
2813 va_start(va, fmt);
2814 gdb_do_syscallv(cb, fmt, va);
2815 va_end(va);
2816 }
2817
gdb_read_byte(uint8_t ch)2818 static void gdb_read_byte(uint8_t ch)
2819 {
2820 uint8_t reply;
2821
2822 #ifndef CONFIG_USER_ONLY
2823 if (gdbserver_state.last_packet->len) {
2824 /* Waiting for a response to the last packet. If we see the start
2825 of a new command then abandon the previous response. */
2826 if (ch == '-') {
2827 trace_gdbstub_err_got_nack();
2828 put_buffer(gdbserver_state.last_packet->data,
2829 gdbserver_state.last_packet->len);
2830 } else if (ch == '+') {
2831 trace_gdbstub_io_got_ack();
2832 } else {
2833 trace_gdbstub_io_got_unexpected(ch);
2834 }
2835
2836 if (ch == '+' || ch == '$') {
2837 g_byte_array_set_size(gdbserver_state.last_packet, 0);
2838 }
2839 if (ch != '$')
2840 return;
2841 }
2842 if (runstate_is_running()) {
2843 /* when the CPU is running, we cannot do anything except stop
2844 it when receiving a char */
2845 vm_stop(RUN_STATE_PAUSED);
2846 } else
2847 #endif
2848 {
2849 switch(gdbserver_state.state) {
2850 case RS_IDLE:
2851 if (ch == '$') {
2852 /* start of command packet */
2853 gdbserver_state.line_buf_index = 0;
2854 gdbserver_state.line_sum = 0;
2855 gdbserver_state.state = RS_GETLINE;
2856 } else {
2857 trace_gdbstub_err_garbage(ch);
2858 }
2859 break;
2860 case RS_GETLINE:
2861 if (ch == '}') {
2862 /* start escape sequence */
2863 gdbserver_state.state = RS_GETLINE_ESC;
2864 gdbserver_state.line_sum += ch;
2865 } else if (ch == '*') {
2866 /* start run length encoding sequence */
2867 gdbserver_state.state = RS_GETLINE_RLE;
2868 gdbserver_state.line_sum += ch;
2869 } else if (ch == '#') {
2870 /* end of command, start of checksum*/
2871 gdbserver_state.state = RS_CHKSUM1;
2872 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2873 trace_gdbstub_err_overrun();
2874 gdbserver_state.state = RS_IDLE;
2875 } else {
2876 /* unescaped command character */
2877 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch;
2878 gdbserver_state.line_sum += ch;
2879 }
2880 break;
2881 case RS_GETLINE_ESC:
2882 if (ch == '#') {
2883 /* unexpected end of command in escape sequence */
2884 gdbserver_state.state = RS_CHKSUM1;
2885 } else if (gdbserver_state.line_buf_index >= sizeof(gdbserver_state.line_buf) - 1) {
2886 /* command buffer overrun */
2887 trace_gdbstub_err_overrun();
2888 gdbserver_state.state = RS_IDLE;
2889 } else {
2890 /* parse escaped character and leave escape state */
2891 gdbserver_state.line_buf[gdbserver_state.line_buf_index++] = ch ^ 0x20;
2892 gdbserver_state.line_sum += ch;
2893 gdbserver_state.state = RS_GETLINE;
2894 }
2895 break;
2896 case RS_GETLINE_RLE:
2897 /*
2898 * Run-length encoding is explained in "Debugging with GDB /
2899 * Appendix E GDB Remote Serial Protocol / Overview".
2900 */
2901 if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2902 /* invalid RLE count encoding */
2903 trace_gdbstub_err_invalid_repeat(ch);
2904 gdbserver_state.state = RS_GETLINE;
2905 } else {
2906 /* decode repeat length */
2907 int repeat = ch - ' ' + 3;
2908 if (gdbserver_state.line_buf_index + repeat >= sizeof(gdbserver_state.line_buf) - 1) {
2909 /* that many repeats would overrun the command buffer */
2910 trace_gdbstub_err_overrun();
2911 gdbserver_state.state = RS_IDLE;
2912 } else if (gdbserver_state.line_buf_index < 1) {
2913 /* got a repeat but we have nothing to repeat */
2914 trace_gdbstub_err_invalid_rle();
2915 gdbserver_state.state = RS_GETLINE;
2916 } else {
2917 /* repeat the last character */
2918 memset(gdbserver_state.line_buf + gdbserver_state.line_buf_index,
2919 gdbserver_state.line_buf[gdbserver_state.line_buf_index - 1], repeat);
2920 gdbserver_state.line_buf_index += repeat;
2921 gdbserver_state.line_sum += ch;
2922 gdbserver_state.state = RS_GETLINE;
2923 }
2924 }
2925 break;
2926 case RS_CHKSUM1:
2927 /* get high hex digit of checksum */
2928 if (!isxdigit(ch)) {
2929 trace_gdbstub_err_checksum_invalid(ch);
2930 gdbserver_state.state = RS_GETLINE;
2931 break;
2932 }
2933 gdbserver_state.line_buf[gdbserver_state.line_buf_index] = '\0';
2934 gdbserver_state.line_csum = fromhex(ch) << 4;
2935 gdbserver_state.state = RS_CHKSUM2;
2936 break;
2937 case RS_CHKSUM2:
2938 /* get low hex digit of checksum */
2939 if (!isxdigit(ch)) {
2940 trace_gdbstub_err_checksum_invalid(ch);
2941 gdbserver_state.state = RS_GETLINE;
2942 break;
2943 }
2944 gdbserver_state.line_csum |= fromhex(ch);
2945
2946 if (gdbserver_state.line_csum != (gdbserver_state.line_sum & 0xff)) {
2947 trace_gdbstub_err_checksum_incorrect(gdbserver_state.line_sum, gdbserver_state.line_csum);
2948 /* send NAK reply */
2949 reply = '-';
2950 put_buffer(&reply, 1);
2951 gdbserver_state.state = RS_IDLE;
2952 } else {
2953 /* send ACK reply */
2954 reply = '+';
2955 put_buffer(&reply, 1);
2956 gdbserver_state.state = gdb_handle_packet(gdbserver_state.line_buf);
2957 }
2958 break;
2959 default:
2960 abort();
2961 }
2962 }
2963 }
2964
2965 /* Tell the remote gdb that the process has exited. */
gdb_exit(CPUArchState * env,int code)2966 void gdb_exit(CPUArchState *env, int code)
2967 {
2968 char buf[4];
2969
2970 if (!gdbserver_state.init) {
2971 return;
2972 }
2973 #ifdef CONFIG_USER_ONLY
2974 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
2975 return;
2976 }
2977 #endif
2978
2979 trace_gdbstub_op_exiting((uint8_t)code);
2980
2981 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2982 put_packet(buf);
2983
2984 #ifndef CONFIG_USER_ONLY
2985 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
2986 #endif
2987 }
2988
2989 /*
2990 * Create the process that will contain all the "orphan" CPUs (that are not
2991 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2992 * be attachable and thus will be invisible to the user.
2993 */
create_default_process(GDBState * s)2994 static void create_default_process(GDBState *s)
2995 {
2996 GDBProcess *process;
2997 int max_pid = 0;
2998
2999 if (gdbserver_state.process_num) {
3000 max_pid = s->processes[s->process_num - 1].pid;
3001 }
3002
3003 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3004 process = &s->processes[s->process_num - 1];
3005
3006 /* We need an available PID slot for this process */
3007 assert(max_pid < UINT32_MAX);
3008
3009 process->pid = max_pid + 1;
3010 process->attached = false;
3011 process->target_xml[0] = '\0';
3012 }
3013
3014 #ifdef CONFIG_USER_ONLY
3015 int
gdb_handlesig(CPUState * cpu,int sig)3016 gdb_handlesig(CPUState *cpu, int sig)
3017 {
3018 char buf[256];
3019 int n;
3020
3021 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3022 return sig;
3023 }
3024
3025 /* disable single step if it was enabled */
3026 cpu_single_step(cpu, 0);
3027 tb_flush(cpu);
3028
3029 if (sig != 0) {
3030 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
3031 put_packet(buf);
3032 }
3033 /* put_packet() might have detected that the peer terminated the
3034 connection. */
3035 if (gdbserver_state.fd < 0) {
3036 return sig;
3037 }
3038
3039 sig = 0;
3040 gdbserver_state.state = RS_IDLE;
3041 gdbserver_state.running_state = 0;
3042 while (gdbserver_state.running_state == 0) {
3043 n = read(gdbserver_state.fd, buf, 256);
3044 if (n > 0) {
3045 int i;
3046
3047 for (i = 0; i < n; i++) {
3048 gdb_read_byte(buf[i]);
3049 }
3050 } else {
3051 /* XXX: Connection closed. Should probably wait for another
3052 connection before continuing. */
3053 if (n == 0) {
3054 close(gdbserver_state.fd);
3055 }
3056 gdbserver_state.fd = -1;
3057 return sig;
3058 }
3059 }
3060 sig = gdbserver_state.signal;
3061 gdbserver_state.signal = 0;
3062 return sig;
3063 }
3064
3065 /* Tell the remote gdb that the process has exited due to SIG. */
gdb_signalled(CPUArchState * env,int sig)3066 void gdb_signalled(CPUArchState *env, int sig)
3067 {
3068 char buf[4];
3069
3070 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3071 return;
3072 }
3073
3074 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3075 put_packet(buf);
3076 }
3077
gdb_accept(void)3078 static bool gdb_accept(void)
3079 {
3080 struct sockaddr_in sockaddr;
3081 socklen_t len;
3082 int fd;
3083
3084 for(;;) {
3085 len = sizeof(sockaddr);
3086 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
3087 if (fd < 0 && errno != EINTR) {
3088 perror("accept");
3089 return false;
3090 } else if (fd >= 0) {
3091 qemu_set_cloexec(fd);
3092 break;
3093 }
3094 }
3095
3096 /* set short latency */
3097 if (socket_set_nodelay(fd)) {
3098 perror("setsockopt");
3099 close(fd);
3100 return false;
3101 }
3102
3103 init_gdbserver_state();
3104 create_default_process(&gdbserver_state);
3105 gdbserver_state.processes[0].attached = true;
3106 gdbserver_state.c_cpu = gdb_first_attached_cpu();
3107 gdbserver_state.g_cpu = gdbserver_state.c_cpu;
3108 gdbserver_state.fd = fd;
3109 gdb_has_xml = false;
3110 return true;
3111 }
3112
gdbserver_open(int port)3113 static int gdbserver_open(int port)
3114 {
3115 struct sockaddr_in sockaddr;
3116 int fd, ret;
3117
3118 fd = socket(PF_INET, SOCK_STREAM, 0);
3119 if (fd < 0) {
3120 perror("socket");
3121 return -1;
3122 }
3123 qemu_set_cloexec(fd);
3124
3125 socket_set_fast_reuse(fd);
3126
3127 sockaddr.sin_family = AF_INET;
3128 sockaddr.sin_port = htons(port);
3129 sockaddr.sin_addr.s_addr = 0;
3130 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3131 if (ret < 0) {
3132 perror("bind");
3133 close(fd);
3134 return -1;
3135 }
3136 ret = listen(fd, 1);
3137 if (ret < 0) {
3138 perror("listen");
3139 close(fd);
3140 return -1;
3141 }
3142 return fd;
3143 }
3144
gdbserver_start(int port)3145 int gdbserver_start(int port)
3146 {
3147 gdbserver_fd = gdbserver_open(port);
3148 if (gdbserver_fd < 0)
3149 return -1;
3150 /* accept connections */
3151 if (!gdb_accept()) {
3152 close(gdbserver_fd);
3153 gdbserver_fd = -1;
3154 return -1;
3155 }
3156 return 0;
3157 }
3158
3159 /* Disable gdb stub for child processes. */
gdbserver_fork(CPUState * cpu)3160 void gdbserver_fork(CPUState *cpu)
3161 {
3162 if (gdbserver_fd < 0 || gdbserver_state.fd < 0) {
3163 return;
3164 }
3165 close(gdbserver_state.fd);
3166 gdbserver_state.fd = -1;
3167 cpu_breakpoint_remove_all(cpu, BP_GDB);
3168 cpu_watchpoint_remove_all(cpu, BP_GDB);
3169 }
3170 #else
gdb_chr_can_receive(void * opaque)3171 static int gdb_chr_can_receive(void *opaque)
3172 {
3173 /* We can handle an arbitrarily large amount of data.
3174 Pick the maximum packet size, which is as good as anything. */
3175 return MAX_PACKET_LENGTH;
3176 }
3177
gdb_chr_receive(void * opaque,const uint8_t * buf,int size)3178 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3179 {
3180 int i;
3181
3182 for (i = 0; i < size; i++) {
3183 gdb_read_byte(buf[i]);
3184 }
3185 }
3186
gdb_chr_event(void * opaque,QEMUChrEvent event)3187 static void gdb_chr_event(void *opaque, QEMUChrEvent event)
3188 {
3189 int i;
3190 GDBState *s = (GDBState *) opaque;
3191
3192 switch (event) {
3193 case CHR_EVENT_OPENED:
3194 /* Start with first process attached, others detached */
3195 for (i = 0; i < s->process_num; i++) {
3196 s->processes[i].attached = !i;
3197 }
3198
3199 s->c_cpu = gdb_first_attached_cpu();
3200 s->g_cpu = s->c_cpu;
3201
3202 vm_stop(RUN_STATE_PAUSED);
3203 gdb_has_xml = false;
3204 break;
3205 default:
3206 break;
3207 }
3208 }
3209
gdb_monitor_write(Chardev * chr,const uint8_t * buf,int len)3210 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3211 {
3212 g_autoptr(GString) hex_buf = g_string_new("O");
3213 memtohex(hex_buf, buf, len);
3214 put_packet(hex_buf->str);
3215 return len;
3216 }
3217
3218 #ifndef _WIN32
gdb_sigterm_handler(int signal)3219 static void gdb_sigterm_handler(int signal)
3220 {
3221 if (runstate_is_running()) {
3222 vm_stop(RUN_STATE_PAUSED);
3223 }
3224 }
3225 #endif
3226
gdb_monitor_open(Chardev * chr,ChardevBackend * backend,bool * be_opened,Error ** errp)3227 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3228 bool *be_opened, Error **errp)
3229 {
3230 *be_opened = false;
3231 }
3232
char_gdb_class_init(ObjectClass * oc,void * data)3233 static void char_gdb_class_init(ObjectClass *oc, void *data)
3234 {
3235 ChardevClass *cc = CHARDEV_CLASS(oc);
3236
3237 cc->internal = true;
3238 cc->open = gdb_monitor_open;
3239 cc->chr_write = gdb_monitor_write;
3240 }
3241
3242 #define TYPE_CHARDEV_GDB "chardev-gdb"
3243
3244 static const TypeInfo char_gdb_type_info = {
3245 .name = TYPE_CHARDEV_GDB,
3246 .parent = TYPE_CHARDEV,
3247 .class_init = char_gdb_class_init,
3248 };
3249
find_cpu_clusters(Object * child,void * opaque)3250 static int find_cpu_clusters(Object *child, void *opaque)
3251 {
3252 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3253 GDBState *s = (GDBState *) opaque;
3254 CPUClusterState *cluster = CPU_CLUSTER(child);
3255 GDBProcess *process;
3256
3257 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3258
3259 process = &s->processes[s->process_num - 1];
3260
3261 /*
3262 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3263 * runtime, we enforce here that the machine does not use a cluster ID
3264 * that would lead to PID 0.
3265 */
3266 assert(cluster->cluster_id != UINT32_MAX);
3267 process->pid = cluster->cluster_id + 1;
3268 process->attached = false;
3269 process->target_xml[0] = '\0';
3270
3271 return 0;
3272 }
3273
3274 return object_child_foreach(child, find_cpu_clusters, opaque);
3275 }
3276
pid_order(const void * a,const void * b)3277 static int pid_order(const void *a, const void *b)
3278 {
3279 GDBProcess *pa = (GDBProcess *) a;
3280 GDBProcess *pb = (GDBProcess *) b;
3281
3282 if (pa->pid < pb->pid) {
3283 return -1;
3284 } else if (pa->pid > pb->pid) {
3285 return 1;
3286 } else {
3287 return 0;
3288 }
3289 }
3290
create_processes(GDBState * s)3291 static void create_processes(GDBState *s)
3292 {
3293 object_child_foreach(object_get_root(), find_cpu_clusters, s);
3294
3295 if (gdbserver_state.processes) {
3296 /* Sort by PID */
3297 qsort(gdbserver_state.processes, gdbserver_state.process_num, sizeof(gdbserver_state.processes[0]), pid_order);
3298 }
3299
3300 create_default_process(s);
3301 }
3302
gdbserver_start(const char * device)3303 int gdbserver_start(const char *device)
3304 {
3305 trace_gdbstub_op_start(device);
3306
3307 char gdbstub_device_name[128];
3308 Chardev *chr = NULL;
3309 Chardev *mon_chr;
3310
3311 if (!first_cpu) {
3312 error_report("gdbstub: meaningless to attach gdb to a "
3313 "machine without any CPU.");
3314 return -1;
3315 }
3316
3317 if (!device)
3318 return -1;
3319 if (strcmp(device, "none") != 0) {
3320 if (strstart(device, "tcp:", NULL)) {
3321 /* enforce required TCP attributes */
3322 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3323 "%s,nowait,nodelay,server", device);
3324 device = gdbstub_device_name;
3325 }
3326 #ifndef _WIN32
3327 else if (strcmp(device, "stdio") == 0) {
3328 struct sigaction act;
3329
3330 memset(&act, 0, sizeof(act));
3331 act.sa_handler = gdb_sigterm_handler;
3332 sigaction(SIGINT, &act, NULL);
3333 }
3334 #endif
3335 /*
3336 * FIXME: it's a bit weird to allow using a mux chardev here
3337 * and implicitly setup a monitor. We may want to break this.
3338 */
3339 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3340 if (!chr)
3341 return -1;
3342 }
3343
3344 if (!gdbserver_state.init) {
3345 init_gdbserver_state();
3346
3347 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3348
3349 /* Initialize a monitor terminal for gdb */
3350 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3351 NULL, NULL, &error_abort);
3352 monitor_init_hmp(mon_chr, false, &error_abort);
3353 } else {
3354 qemu_chr_fe_deinit(&gdbserver_state.chr, true);
3355 mon_chr = gdbserver_state.mon_chr;
3356 reset_gdbserver_state();
3357 }
3358
3359 create_processes(&gdbserver_state);
3360
3361 if (chr) {
3362 qemu_chr_fe_init(&gdbserver_state.chr, chr, &error_abort);
3363 qemu_chr_fe_set_handlers(&gdbserver_state.chr, gdb_chr_can_receive,
3364 gdb_chr_receive, gdb_chr_event,
3365 NULL, &gdbserver_state, NULL, true);
3366 }
3367 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
3368 gdbserver_state.mon_chr = mon_chr;
3369 gdbserver_state.current_syscall_cb = NULL;
3370
3371 return 0;
3372 }
3373
gdbserver_cleanup(void)3374 void gdbserver_cleanup(void)
3375 {
3376 if (gdbserver_state.init) {
3377 put_packet("W00");
3378 }
3379 }
3380
register_types(void)3381 static void register_types(void)
3382 {
3383 type_register_static(&char_gdb_type_info);
3384 }
3385
3386 type_init(register_types);
3387 #endif
3388