1 /*
2 * gdb server stub
3 *
4 * This implements a subset of the remote protocol as described in:
5 *
6 * https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
7 *
8 * Copyright (c) 2003-2005 Fabrice Bellard
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 *
23 * SPDX-License-Identifier: LGPL-2.0+
24 */
25
26 #include "qemu/osdep.h"
27 #include "qemu-common.h"
28 #include "qapi/error.h"
29 #include "qemu/error-report.h"
30 #include "qemu/ctype.h"
31 #include "qemu/cutils.h"
32 #include "qemu/module.h"
33 #include "trace-root.h"
34 #ifdef CONFIG_USER_ONLY
35 #include "qemu.h"
36 #else
37 #include "monitor/monitor.h"
38 #include "chardev/char.h"
39 #include "chardev/char-fe.h"
40 #include "sysemu/sysemu.h"
41 #include "exec/gdbstub.h"
42 #include "hw/cpu/cluster.h"
43 #include "hw/boards.h"
44 #endif
45
46 #define MAX_PACKET_LENGTH 4096
47
48 #include "qemu/sockets.h"
49 #include "sysemu/hw_accel.h"
50 #include "sysemu/kvm.h"
51 #include "sysemu/runstate.h"
52 #include "hw/semihosting/semihost.h"
53 #include "exec/exec-all.h"
54
55 #ifdef CONFIG_USER_ONLY
56 #define GDB_ATTACHED "0"
57 #else
58 #define GDB_ATTACHED "1"
59 #endif
60
61 #ifndef CONFIG_USER_ONLY
62 static int phy_memory_mode;
63 #endif
64
target_memory_rw_debug(CPUState * cpu,target_ulong addr,uint8_t * buf,int len,bool is_write)65 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
66 uint8_t *buf, int len, bool is_write)
67 {
68 CPUClass *cc;
69
70 #ifndef CONFIG_USER_ONLY
71 if (phy_memory_mode) {
72 if (is_write) {
73 cpu_physical_memory_write(addr, buf, len);
74 } else {
75 cpu_physical_memory_read(addr, buf, len);
76 }
77 return 0;
78 }
79 #endif
80
81 cc = CPU_GET_CLASS(cpu);
82 if (cc->memory_rw_debug) {
83 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
84 }
85 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
86 }
87
88 /* Return the GDB index for a given vCPU state.
89 *
90 * For user mode this is simply the thread id. In system mode GDB
91 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
92 */
cpu_gdb_index(CPUState * cpu)93 static inline int cpu_gdb_index(CPUState *cpu)
94 {
95 #if defined(CONFIG_USER_ONLY)
96 TaskState *ts = (TaskState *) cpu->opaque;
97 return ts->ts_tid;
98 #else
99 return cpu->cpu_index + 1;
100 #endif
101 }
102
103 enum {
104 GDB_SIGNAL_0 = 0,
105 GDB_SIGNAL_INT = 2,
106 GDB_SIGNAL_QUIT = 3,
107 GDB_SIGNAL_TRAP = 5,
108 GDB_SIGNAL_ABRT = 6,
109 GDB_SIGNAL_ALRM = 14,
110 GDB_SIGNAL_IO = 23,
111 GDB_SIGNAL_XCPU = 24,
112 GDB_SIGNAL_UNKNOWN = 143
113 };
114
115 #ifdef CONFIG_USER_ONLY
116
117 /* Map target signal numbers to GDB protocol signal numbers and vice
118 * versa. For user emulation's currently supported systems, we can
119 * assume most signals are defined.
120 */
121
122 static int gdb_signal_table[] = {
123 0,
124 TARGET_SIGHUP,
125 TARGET_SIGINT,
126 TARGET_SIGQUIT,
127 TARGET_SIGILL,
128 TARGET_SIGTRAP,
129 TARGET_SIGABRT,
130 -1, /* SIGEMT */
131 TARGET_SIGFPE,
132 TARGET_SIGKILL,
133 TARGET_SIGBUS,
134 TARGET_SIGSEGV,
135 TARGET_SIGSYS,
136 TARGET_SIGPIPE,
137 TARGET_SIGALRM,
138 TARGET_SIGTERM,
139 TARGET_SIGURG,
140 TARGET_SIGSTOP,
141 TARGET_SIGTSTP,
142 TARGET_SIGCONT,
143 TARGET_SIGCHLD,
144 TARGET_SIGTTIN,
145 TARGET_SIGTTOU,
146 TARGET_SIGIO,
147 TARGET_SIGXCPU,
148 TARGET_SIGXFSZ,
149 TARGET_SIGVTALRM,
150 TARGET_SIGPROF,
151 TARGET_SIGWINCH,
152 -1, /* SIGLOST */
153 TARGET_SIGUSR1,
154 TARGET_SIGUSR2,
155 #ifdef TARGET_SIGPWR
156 TARGET_SIGPWR,
157 #else
158 -1,
159 #endif
160 -1, /* SIGPOLL */
161 -1,
162 -1,
163 -1,
164 -1,
165 -1,
166 -1,
167 -1,
168 -1,
169 -1,
170 -1,
171 -1,
172 #ifdef __SIGRTMIN
173 __SIGRTMIN + 1,
174 __SIGRTMIN + 2,
175 __SIGRTMIN + 3,
176 __SIGRTMIN + 4,
177 __SIGRTMIN + 5,
178 __SIGRTMIN + 6,
179 __SIGRTMIN + 7,
180 __SIGRTMIN + 8,
181 __SIGRTMIN + 9,
182 __SIGRTMIN + 10,
183 __SIGRTMIN + 11,
184 __SIGRTMIN + 12,
185 __SIGRTMIN + 13,
186 __SIGRTMIN + 14,
187 __SIGRTMIN + 15,
188 __SIGRTMIN + 16,
189 __SIGRTMIN + 17,
190 __SIGRTMIN + 18,
191 __SIGRTMIN + 19,
192 __SIGRTMIN + 20,
193 __SIGRTMIN + 21,
194 __SIGRTMIN + 22,
195 __SIGRTMIN + 23,
196 __SIGRTMIN + 24,
197 __SIGRTMIN + 25,
198 __SIGRTMIN + 26,
199 __SIGRTMIN + 27,
200 __SIGRTMIN + 28,
201 __SIGRTMIN + 29,
202 __SIGRTMIN + 30,
203 __SIGRTMIN + 31,
204 -1, /* SIGCANCEL */
205 __SIGRTMIN,
206 __SIGRTMIN + 32,
207 __SIGRTMIN + 33,
208 __SIGRTMIN + 34,
209 __SIGRTMIN + 35,
210 __SIGRTMIN + 36,
211 __SIGRTMIN + 37,
212 __SIGRTMIN + 38,
213 __SIGRTMIN + 39,
214 __SIGRTMIN + 40,
215 __SIGRTMIN + 41,
216 __SIGRTMIN + 42,
217 __SIGRTMIN + 43,
218 __SIGRTMIN + 44,
219 __SIGRTMIN + 45,
220 __SIGRTMIN + 46,
221 __SIGRTMIN + 47,
222 __SIGRTMIN + 48,
223 __SIGRTMIN + 49,
224 __SIGRTMIN + 50,
225 __SIGRTMIN + 51,
226 __SIGRTMIN + 52,
227 __SIGRTMIN + 53,
228 __SIGRTMIN + 54,
229 __SIGRTMIN + 55,
230 __SIGRTMIN + 56,
231 __SIGRTMIN + 57,
232 __SIGRTMIN + 58,
233 __SIGRTMIN + 59,
234 __SIGRTMIN + 60,
235 __SIGRTMIN + 61,
236 __SIGRTMIN + 62,
237 __SIGRTMIN + 63,
238 __SIGRTMIN + 64,
239 __SIGRTMIN + 65,
240 __SIGRTMIN + 66,
241 __SIGRTMIN + 67,
242 __SIGRTMIN + 68,
243 __SIGRTMIN + 69,
244 __SIGRTMIN + 70,
245 __SIGRTMIN + 71,
246 __SIGRTMIN + 72,
247 __SIGRTMIN + 73,
248 __SIGRTMIN + 74,
249 __SIGRTMIN + 75,
250 __SIGRTMIN + 76,
251 __SIGRTMIN + 77,
252 __SIGRTMIN + 78,
253 __SIGRTMIN + 79,
254 __SIGRTMIN + 80,
255 __SIGRTMIN + 81,
256 __SIGRTMIN + 82,
257 __SIGRTMIN + 83,
258 __SIGRTMIN + 84,
259 __SIGRTMIN + 85,
260 __SIGRTMIN + 86,
261 __SIGRTMIN + 87,
262 __SIGRTMIN + 88,
263 __SIGRTMIN + 89,
264 __SIGRTMIN + 90,
265 __SIGRTMIN + 91,
266 __SIGRTMIN + 92,
267 __SIGRTMIN + 93,
268 __SIGRTMIN + 94,
269 __SIGRTMIN + 95,
270 -1, /* SIGINFO */
271 -1, /* UNKNOWN */
272 -1, /* DEFAULT */
273 -1,
274 -1,
275 -1,
276 -1,
277 -1,
278 -1
279 #endif
280 };
281 #else
282 /* In system mode we only need SIGINT and SIGTRAP; other signals
283 are not yet supported. */
284
285 enum {
286 TARGET_SIGINT = 2,
287 TARGET_SIGTRAP = 5
288 };
289
290 static int gdb_signal_table[] = {
291 -1,
292 -1,
293 TARGET_SIGINT,
294 -1,
295 -1,
296 TARGET_SIGTRAP
297 };
298 #endif
299
300 #ifdef CONFIG_USER_ONLY
target_signal_to_gdb(int sig)301 static int target_signal_to_gdb (int sig)
302 {
303 int i;
304 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
305 if (gdb_signal_table[i] == sig)
306 return i;
307 return GDB_SIGNAL_UNKNOWN;
308 }
309 #endif
310
gdb_signal_to_target(int sig)311 static int gdb_signal_to_target (int sig)
312 {
313 if (sig < ARRAY_SIZE (gdb_signal_table))
314 return gdb_signal_table[sig];
315 else
316 return -1;
317 }
318
319 typedef struct GDBRegisterState {
320 int base_reg;
321 int num_regs;
322 gdb_reg_cb get_reg;
323 gdb_reg_cb set_reg;
324 const char *xml;
325 struct GDBRegisterState *next;
326 } GDBRegisterState;
327
328 typedef struct GDBProcess {
329 uint32_t pid;
330 bool attached;
331
332 char target_xml[1024];
333 } GDBProcess;
334
335 enum RSState {
336 RS_INACTIVE,
337 RS_IDLE,
338 RS_GETLINE,
339 RS_GETLINE_ESC,
340 RS_GETLINE_RLE,
341 RS_CHKSUM1,
342 RS_CHKSUM2,
343 };
344 typedef struct GDBState {
345 CPUState *c_cpu; /* current CPU for step/continue ops */
346 CPUState *g_cpu; /* current CPU for other ops */
347 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
348 enum RSState state; /* parsing state */
349 char line_buf[MAX_PACKET_LENGTH];
350 int line_buf_index;
351 int line_sum; /* running checksum */
352 int line_csum; /* checksum at the end of the packet */
353 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
354 int last_packet_len;
355 int signal;
356 #ifdef CONFIG_USER_ONLY
357 int fd;
358 int running_state;
359 #else
360 CharBackend chr;
361 Chardev *mon_chr;
362 #endif
363 bool multiprocess;
364 GDBProcess *processes;
365 int process_num;
366 char syscall_buf[256];
367 gdb_syscall_complete_cb current_syscall_cb;
368 } GDBState;
369
370 /* By default use no IRQs and no timers while single stepping so as to
371 * make single stepping like an ICE HW step.
372 */
373 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
374
375 static GDBState *gdbserver_state;
376
377 bool gdb_has_xml;
378
379 #ifdef CONFIG_USER_ONLY
380 /* XXX: This is not thread safe. Do we care? */
381 static int gdbserver_fd = -1;
382
get_char(GDBState * s)383 static int get_char(GDBState *s)
384 {
385 uint8_t ch;
386 int ret;
387
388 for(;;) {
389 ret = qemu_recv(s->fd, &ch, 1, 0);
390 if (ret < 0) {
391 if (errno == ECONNRESET)
392 s->fd = -1;
393 if (errno != EINTR)
394 return -1;
395 } else if (ret == 0) {
396 close(s->fd);
397 s->fd = -1;
398 return -1;
399 } else {
400 break;
401 }
402 }
403 return ch;
404 }
405 #endif
406
407 static enum {
408 GDB_SYS_UNKNOWN,
409 GDB_SYS_ENABLED,
410 GDB_SYS_DISABLED,
411 } gdb_syscall_mode;
412
413 /* Decide if either remote gdb syscalls or native file IO should be used. */
use_gdb_syscalls(void)414 int use_gdb_syscalls(void)
415 {
416 SemihostingTarget target = semihosting_get_target();
417 if (target == SEMIHOSTING_TARGET_NATIVE) {
418 /* -semihosting-config target=native */
419 return false;
420 } else if (target == SEMIHOSTING_TARGET_GDB) {
421 /* -semihosting-config target=gdb */
422 return true;
423 }
424
425 /* -semihosting-config target=auto */
426 /* On the first call check if gdb is connected and remember. */
427 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
428 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
429 : GDB_SYS_DISABLED);
430 }
431 return gdb_syscall_mode == GDB_SYS_ENABLED;
432 }
433
434 /* Resume execution. */
gdb_continue(GDBState * s)435 static inline void gdb_continue(GDBState *s)
436 {
437
438 #ifdef CONFIG_USER_ONLY
439 s->running_state = 1;
440 trace_gdbstub_op_continue();
441 #else
442 if (!runstate_needs_reset()) {
443 trace_gdbstub_op_continue();
444 vm_start();
445 }
446 #endif
447 }
448
449 /*
450 * Resume execution, per CPU actions. For user-mode emulation it's
451 * equivalent to gdb_continue.
452 */
gdb_continue_partial(GDBState * s,char * newstates)453 static int gdb_continue_partial(GDBState *s, char *newstates)
454 {
455 CPUState *cpu;
456 int res = 0;
457 #ifdef CONFIG_USER_ONLY
458 /*
459 * This is not exactly accurate, but it's an improvement compared to the
460 * previous situation, where only one CPU would be single-stepped.
461 */
462 CPU_FOREACH(cpu) {
463 if (newstates[cpu->cpu_index] == 's') {
464 trace_gdbstub_op_stepping(cpu->cpu_index);
465 cpu_single_step(cpu, sstep_flags);
466 }
467 }
468 s->running_state = 1;
469 #else
470 int flag = 0;
471
472 if (!runstate_needs_reset()) {
473 if (vm_prepare_start()) {
474 return 0;
475 }
476
477 CPU_FOREACH(cpu) {
478 switch (newstates[cpu->cpu_index]) {
479 case 0:
480 case 1:
481 break; /* nothing to do here */
482 case 's':
483 trace_gdbstub_op_stepping(cpu->cpu_index);
484 cpu_single_step(cpu, sstep_flags);
485 cpu_resume(cpu);
486 flag = 1;
487 break;
488 case 'c':
489 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
490 cpu_resume(cpu);
491 flag = 1;
492 break;
493 default:
494 res = -1;
495 break;
496 }
497 }
498 }
499 if (flag) {
500 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
501 }
502 #endif
503 return res;
504 }
505
put_buffer(GDBState * s,const uint8_t * buf,int len)506 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
507 {
508 #ifdef CONFIG_USER_ONLY
509 int ret;
510
511 while (len > 0) {
512 ret = send(s->fd, buf, len, 0);
513 if (ret < 0) {
514 if (errno != EINTR)
515 return;
516 } else {
517 buf += ret;
518 len -= ret;
519 }
520 }
521 #else
522 /* XXX this blocks entire thread. Rewrite to use
523 * qemu_chr_fe_write and background I/O callbacks */
524 qemu_chr_fe_write_all(&s->chr, buf, len);
525 #endif
526 }
527
fromhex(int v)528 static inline int fromhex(int v)
529 {
530 if (v >= '0' && v <= '9')
531 return v - '0';
532 else if (v >= 'A' && v <= 'F')
533 return v - 'A' + 10;
534 else if (v >= 'a' && v <= 'f')
535 return v - 'a' + 10;
536 else
537 return 0;
538 }
539
tohex(int v)540 static inline int tohex(int v)
541 {
542 if (v < 10)
543 return v + '0';
544 else
545 return v - 10 + 'a';
546 }
547
548 /* writes 2*len+1 bytes in buf */
memtohex(char * buf,const uint8_t * mem,int len)549 static void memtohex(char *buf, const uint8_t *mem, int len)
550 {
551 int i, c;
552 char *q;
553 q = buf;
554 for(i = 0; i < len; i++) {
555 c = mem[i];
556 *q++ = tohex(c >> 4);
557 *q++ = tohex(c & 0xf);
558 }
559 *q = '\0';
560 }
561
hextomem(uint8_t * mem,const char * buf,int len)562 static void hextomem(uint8_t *mem, const char *buf, int len)
563 {
564 int i;
565
566 for(i = 0; i < len; i++) {
567 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
568 buf += 2;
569 }
570 }
571
hexdump(const char * buf,int len,void (* trace_fn)(size_t ofs,char const * text))572 static void hexdump(const char *buf, int len,
573 void (*trace_fn)(size_t ofs, char const *text))
574 {
575 char line_buffer[3 * 16 + 4 + 16 + 1];
576
577 size_t i;
578 for (i = 0; i < len || (i & 0xF); ++i) {
579 size_t byte_ofs = i & 15;
580
581 if (byte_ofs == 0) {
582 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
583 line_buffer[3 * 16 + 4 + 16] = 0;
584 }
585
586 size_t col_group = (i >> 2) & 3;
587 size_t hex_col = byte_ofs * 3 + col_group;
588 size_t txt_col = 3 * 16 + 4 + byte_ofs;
589
590 if (i < len) {
591 char value = buf[i];
592
593 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
594 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
595 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
596 ? value
597 : '.';
598 }
599
600 if (byte_ofs == 0xF)
601 trace_fn(i & -16, line_buffer);
602 }
603 }
604
605 /* return -1 if error, 0 if OK */
put_packet_binary(GDBState * s,const char * buf,int len,bool dump)606 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
607 {
608 int csum, i;
609 uint8_t *p;
610
611 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
612 hexdump(buf, len, trace_gdbstub_io_binaryreply);
613 }
614
615 for(;;) {
616 p = s->last_packet;
617 *(p++) = '$';
618 memcpy(p, buf, len);
619 p += len;
620 csum = 0;
621 for(i = 0; i < len; i++) {
622 csum += buf[i];
623 }
624 *(p++) = '#';
625 *(p++) = tohex((csum >> 4) & 0xf);
626 *(p++) = tohex((csum) & 0xf);
627
628 s->last_packet_len = p - s->last_packet;
629 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
630
631 #ifdef CONFIG_USER_ONLY
632 i = get_char(s);
633 if (i < 0)
634 return -1;
635 if (i == '+')
636 break;
637 #else
638 break;
639 #endif
640 }
641 return 0;
642 }
643
644 /* return -1 if error, 0 if OK */
put_packet(GDBState * s,const char * buf)645 static int put_packet(GDBState *s, const char *buf)
646 {
647 trace_gdbstub_io_reply(buf);
648
649 return put_packet_binary(s, buf, strlen(buf), false);
650 }
651
652 /* Encode data using the encoding for 'x' packets. */
memtox(char * buf,const char * mem,int len)653 static int memtox(char *buf, const char *mem, int len)
654 {
655 char *p = buf;
656 char c;
657
658 while (len--) {
659 c = *(mem++);
660 switch (c) {
661 case '#': case '$': case '*': case '}':
662 *(p++) = '}';
663 *(p++) = c ^ 0x20;
664 break;
665 default:
666 *(p++) = c;
667 break;
668 }
669 }
670 return p - buf;
671 }
672
gdb_get_cpu_pid(const GDBState * s,CPUState * cpu)673 static uint32_t gdb_get_cpu_pid(const GDBState *s, CPUState *cpu)
674 {
675 /* TODO: In user mode, we should use the task state PID */
676 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
677 /* Return the default process' PID */
678 return s->processes[s->process_num - 1].pid;
679 }
680 return cpu->cluster_index + 1;
681 }
682
gdb_get_process(const GDBState * s,uint32_t pid)683 static GDBProcess *gdb_get_process(const GDBState *s, uint32_t pid)
684 {
685 int i;
686
687 if (!pid) {
688 /* 0 means any process, we take the first one */
689 return &s->processes[0];
690 }
691
692 for (i = 0; i < s->process_num; i++) {
693 if (s->processes[i].pid == pid) {
694 return &s->processes[i];
695 }
696 }
697
698 return NULL;
699 }
700
gdb_get_cpu_process(const GDBState * s,CPUState * cpu)701 static GDBProcess *gdb_get_cpu_process(const GDBState *s, CPUState *cpu)
702 {
703 return gdb_get_process(s, gdb_get_cpu_pid(s, cpu));
704 }
705
find_cpu(uint32_t thread_id)706 static CPUState *find_cpu(uint32_t thread_id)
707 {
708 CPUState *cpu;
709
710 CPU_FOREACH(cpu) {
711 if (cpu_gdb_index(cpu) == thread_id) {
712 return cpu;
713 }
714 }
715
716 return NULL;
717 }
718
get_first_cpu_in_process(const GDBState * s,GDBProcess * process)719 static CPUState *get_first_cpu_in_process(const GDBState *s,
720 GDBProcess *process)
721 {
722 CPUState *cpu;
723
724 CPU_FOREACH(cpu) {
725 if (gdb_get_cpu_pid(s, cpu) == process->pid) {
726 return cpu;
727 }
728 }
729
730 return NULL;
731 }
732
gdb_next_cpu_in_process(const GDBState * s,CPUState * cpu)733 static CPUState *gdb_next_cpu_in_process(const GDBState *s, CPUState *cpu)
734 {
735 uint32_t pid = gdb_get_cpu_pid(s, cpu);
736 cpu = CPU_NEXT(cpu);
737
738 while (cpu) {
739 if (gdb_get_cpu_pid(s, cpu) == pid) {
740 break;
741 }
742
743 cpu = CPU_NEXT(cpu);
744 }
745
746 return cpu;
747 }
748
749 /* Return the cpu following @cpu, while ignoring unattached processes. */
gdb_next_attached_cpu(const GDBState * s,CPUState * cpu)750 static CPUState *gdb_next_attached_cpu(const GDBState *s, CPUState *cpu)
751 {
752 cpu = CPU_NEXT(cpu);
753
754 while (cpu) {
755 if (gdb_get_cpu_process(s, cpu)->attached) {
756 break;
757 }
758
759 cpu = CPU_NEXT(cpu);
760 }
761
762 return cpu;
763 }
764
765 /* Return the first attached cpu */
gdb_first_attached_cpu(const GDBState * s)766 static CPUState *gdb_first_attached_cpu(const GDBState *s)
767 {
768 CPUState *cpu = first_cpu;
769 GDBProcess *process = gdb_get_cpu_process(s, cpu);
770
771 if (!process->attached) {
772 return gdb_next_attached_cpu(s, cpu);
773 }
774
775 return cpu;
776 }
777
gdb_get_cpu(const GDBState * s,uint32_t pid,uint32_t tid)778 static CPUState *gdb_get_cpu(const GDBState *s, uint32_t pid, uint32_t tid)
779 {
780 GDBProcess *process;
781 CPUState *cpu;
782
783 if (!pid && !tid) {
784 /* 0 means any process/thread, we take the first attached one */
785 return gdb_first_attached_cpu(s);
786 } else if (pid && !tid) {
787 /* any thread in a specific process */
788 process = gdb_get_process(s, pid);
789
790 if (process == NULL) {
791 return NULL;
792 }
793
794 if (!process->attached) {
795 return NULL;
796 }
797
798 return get_first_cpu_in_process(s, process);
799 } else {
800 /* a specific thread */
801 cpu = find_cpu(tid);
802
803 if (cpu == NULL) {
804 return NULL;
805 }
806
807 process = gdb_get_cpu_process(s, cpu);
808
809 if (pid && process->pid != pid) {
810 return NULL;
811 }
812
813 if (!process->attached) {
814 return NULL;
815 }
816
817 return cpu;
818 }
819 }
820
get_feature_xml(const GDBState * s,const char * p,const char ** newp,GDBProcess * process)821 static const char *get_feature_xml(const GDBState *s, const char *p,
822 const char **newp, GDBProcess *process)
823 {
824 size_t len;
825 int i;
826 const char *name;
827 CPUState *cpu = get_first_cpu_in_process(s, process);
828 CPUClass *cc = CPU_GET_CLASS(cpu);
829
830 len = 0;
831 while (p[len] && p[len] != ':')
832 len++;
833 *newp = p + len;
834
835 name = NULL;
836 if (strncmp(p, "target.xml", len) == 0) {
837 char *buf = process->target_xml;
838 const size_t buf_sz = sizeof(process->target_xml);
839
840 /* Generate the XML description for this CPU. */
841 if (!buf[0]) {
842 GDBRegisterState *r;
843
844 pstrcat(buf, buf_sz,
845 "<?xml version=\"1.0\"?>"
846 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
847 "<target>");
848 if (cc->gdb_arch_name) {
849 gchar *arch = cc->gdb_arch_name(cpu);
850 pstrcat(buf, buf_sz, "<architecture>");
851 pstrcat(buf, buf_sz, arch);
852 pstrcat(buf, buf_sz, "</architecture>");
853 g_free(arch);
854 }
855 pstrcat(buf, buf_sz, "<xi:include href=\"");
856 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
857 pstrcat(buf, buf_sz, "\"/>");
858 for (r = cpu->gdb_regs; r; r = r->next) {
859 pstrcat(buf, buf_sz, "<xi:include href=\"");
860 pstrcat(buf, buf_sz, r->xml);
861 pstrcat(buf, buf_sz, "\"/>");
862 }
863 pstrcat(buf, buf_sz, "</target>");
864 }
865 return buf;
866 }
867 if (cc->gdb_get_dynamic_xml) {
868 char *xmlname = g_strndup(p, len);
869 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
870
871 g_free(xmlname);
872 if (xml) {
873 return xml;
874 }
875 }
876 for (i = 0; ; i++) {
877 name = xml_builtin[i][0];
878 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
879 break;
880 }
881 return name ? xml_builtin[i][1] : NULL;
882 }
883
gdb_read_register(CPUState * cpu,uint8_t * mem_buf,int reg)884 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
885 {
886 CPUClass *cc = CPU_GET_CLASS(cpu);
887 CPUArchState *env = cpu->env_ptr;
888 GDBRegisterState *r;
889
890 if (reg < cc->gdb_num_core_regs) {
891 return cc->gdb_read_register(cpu, mem_buf, reg);
892 }
893
894 for (r = cpu->gdb_regs; r; r = r->next) {
895 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
896 return r->get_reg(env, mem_buf, reg - r->base_reg);
897 }
898 }
899 return 0;
900 }
901
gdb_write_register(CPUState * cpu,uint8_t * mem_buf,int reg)902 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
903 {
904 CPUClass *cc = CPU_GET_CLASS(cpu);
905 CPUArchState *env = cpu->env_ptr;
906 GDBRegisterState *r;
907
908 if (reg < cc->gdb_num_core_regs) {
909 return cc->gdb_write_register(cpu, mem_buf, reg);
910 }
911
912 for (r = cpu->gdb_regs; r; r = r->next) {
913 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
914 return r->set_reg(env, mem_buf, reg - r->base_reg);
915 }
916 }
917 return 0;
918 }
919
920 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
921 specifies the first register number and these registers are included in
922 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
923 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
924 */
925
gdb_register_coprocessor(CPUState * cpu,gdb_reg_cb get_reg,gdb_reg_cb set_reg,int num_regs,const char * xml,int g_pos)926 void gdb_register_coprocessor(CPUState *cpu,
927 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
928 int num_regs, const char *xml, int g_pos)
929 {
930 GDBRegisterState *s;
931 GDBRegisterState **p;
932
933 p = &cpu->gdb_regs;
934 while (*p) {
935 /* Check for duplicates. */
936 if (strcmp((*p)->xml, xml) == 0)
937 return;
938 p = &(*p)->next;
939 }
940
941 s = g_new0(GDBRegisterState, 1);
942 s->base_reg = cpu->gdb_num_regs;
943 s->num_regs = num_regs;
944 s->get_reg = get_reg;
945 s->set_reg = set_reg;
946 s->xml = xml;
947
948 /* Add to end of list. */
949 cpu->gdb_num_regs += num_regs;
950 *p = s;
951 if (g_pos) {
952 if (g_pos != s->base_reg) {
953 error_report("Error: Bad gdb register numbering for '%s', "
954 "expected %d got %d", xml, g_pos, s->base_reg);
955 } else {
956 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
957 }
958 }
959 }
960
961 #ifndef CONFIG_USER_ONLY
962 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
xlat_gdb_type(CPUState * cpu,int gdbtype)963 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
964 {
965 static const int xlat[] = {
966 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
967 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
968 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
969 };
970
971 CPUClass *cc = CPU_GET_CLASS(cpu);
972 int cputype = xlat[gdbtype];
973
974 if (cc->gdb_stop_before_watchpoint) {
975 cputype |= BP_STOP_BEFORE_ACCESS;
976 }
977 return cputype;
978 }
979 #endif
980
gdb_breakpoint_insert(int type,target_ulong addr,target_ulong len)981 static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
982 {
983 CPUState *cpu;
984 int err = 0;
985
986 if (kvm_enabled()) {
987 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
988 }
989
990 switch (type) {
991 case GDB_BREAKPOINT_SW:
992 case GDB_BREAKPOINT_HW:
993 CPU_FOREACH(cpu) {
994 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
995 if (err) {
996 break;
997 }
998 }
999 return err;
1000 #ifndef CONFIG_USER_ONLY
1001 case GDB_WATCHPOINT_WRITE:
1002 case GDB_WATCHPOINT_READ:
1003 case GDB_WATCHPOINT_ACCESS:
1004 CPU_FOREACH(cpu) {
1005 err = cpu_watchpoint_insert(cpu, addr, len,
1006 xlat_gdb_type(cpu, type), NULL);
1007 if (err) {
1008 break;
1009 }
1010 }
1011 return err;
1012 #endif
1013 default:
1014 return -ENOSYS;
1015 }
1016 }
1017
gdb_breakpoint_remove(int type,target_ulong addr,target_ulong len)1018 static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
1019 {
1020 CPUState *cpu;
1021 int err = 0;
1022
1023 if (kvm_enabled()) {
1024 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1025 }
1026
1027 switch (type) {
1028 case GDB_BREAKPOINT_SW:
1029 case GDB_BREAKPOINT_HW:
1030 CPU_FOREACH(cpu) {
1031 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1032 if (err) {
1033 break;
1034 }
1035 }
1036 return err;
1037 #ifndef CONFIG_USER_ONLY
1038 case GDB_WATCHPOINT_WRITE:
1039 case GDB_WATCHPOINT_READ:
1040 case GDB_WATCHPOINT_ACCESS:
1041 CPU_FOREACH(cpu) {
1042 err = cpu_watchpoint_remove(cpu, addr, len,
1043 xlat_gdb_type(cpu, type));
1044 if (err)
1045 break;
1046 }
1047 return err;
1048 #endif
1049 default:
1050 return -ENOSYS;
1051 }
1052 }
1053
gdb_cpu_breakpoint_remove_all(CPUState * cpu)1054 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1055 {
1056 cpu_breakpoint_remove_all(cpu, BP_GDB);
1057 #ifndef CONFIG_USER_ONLY
1058 cpu_watchpoint_remove_all(cpu, BP_GDB);
1059 #endif
1060 }
1061
gdb_process_breakpoint_remove_all(const GDBState * s,GDBProcess * p)1062 static void gdb_process_breakpoint_remove_all(const GDBState *s, GDBProcess *p)
1063 {
1064 CPUState *cpu = get_first_cpu_in_process(s, p);
1065
1066 while (cpu) {
1067 gdb_cpu_breakpoint_remove_all(cpu);
1068 cpu = gdb_next_cpu_in_process(s, cpu);
1069 }
1070 }
1071
gdb_breakpoint_remove_all(void)1072 static void gdb_breakpoint_remove_all(void)
1073 {
1074 CPUState *cpu;
1075
1076 if (kvm_enabled()) {
1077 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1078 return;
1079 }
1080
1081 CPU_FOREACH(cpu) {
1082 gdb_cpu_breakpoint_remove_all(cpu);
1083 }
1084 }
1085
gdb_set_cpu_pc(GDBState * s,target_ulong pc)1086 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1087 {
1088 CPUState *cpu = s->c_cpu;
1089
1090 cpu_synchronize_state(cpu);
1091 cpu_set_pc(cpu, pc);
1092 }
1093
gdb_fmt_thread_id(const GDBState * s,CPUState * cpu,char * buf,size_t buf_size)1094 static char *gdb_fmt_thread_id(const GDBState *s, CPUState *cpu,
1095 char *buf, size_t buf_size)
1096 {
1097 if (s->multiprocess) {
1098 snprintf(buf, buf_size, "p%02x.%02x",
1099 gdb_get_cpu_pid(s, cpu), cpu_gdb_index(cpu));
1100 } else {
1101 snprintf(buf, buf_size, "%02x", cpu_gdb_index(cpu));
1102 }
1103
1104 return buf;
1105 }
1106
1107 typedef enum GDBThreadIdKind {
1108 GDB_ONE_THREAD = 0,
1109 GDB_ALL_THREADS, /* One process, all threads */
1110 GDB_ALL_PROCESSES,
1111 GDB_READ_THREAD_ERR
1112 } GDBThreadIdKind;
1113
read_thread_id(const char * buf,const char ** end_buf,uint32_t * pid,uint32_t * tid)1114 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1115 uint32_t *pid, uint32_t *tid)
1116 {
1117 unsigned long p, t;
1118 int ret;
1119
1120 if (*buf == 'p') {
1121 buf++;
1122 ret = qemu_strtoul(buf, &buf, 16, &p);
1123
1124 if (ret) {
1125 return GDB_READ_THREAD_ERR;
1126 }
1127
1128 /* Skip '.' */
1129 buf++;
1130 } else {
1131 p = 1;
1132 }
1133
1134 ret = qemu_strtoul(buf, &buf, 16, &t);
1135
1136 if (ret) {
1137 return GDB_READ_THREAD_ERR;
1138 }
1139
1140 *end_buf = buf;
1141
1142 if (p == -1) {
1143 return GDB_ALL_PROCESSES;
1144 }
1145
1146 if (pid) {
1147 *pid = p;
1148 }
1149
1150 if (t == -1) {
1151 return GDB_ALL_THREADS;
1152 }
1153
1154 if (tid) {
1155 *tid = t;
1156 }
1157
1158 return GDB_ONE_THREAD;
1159 }
1160
1161 /**
1162 * gdb_handle_vcont - Parses and handles a vCont packet.
1163 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1164 * a format error, 0 on success.
1165 */
gdb_handle_vcont(GDBState * s,const char * p)1166 static int gdb_handle_vcont(GDBState *s, const char *p)
1167 {
1168 int res, signal = 0;
1169 char cur_action;
1170 char *newstates;
1171 unsigned long tmp;
1172 uint32_t pid, tid;
1173 GDBProcess *process;
1174 CPUState *cpu;
1175 GDBThreadIdKind kind;
1176 #ifdef CONFIG_USER_ONLY
1177 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1178
1179 CPU_FOREACH(cpu) {
1180 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1181 }
1182 #else
1183 MachineState *ms = MACHINE(qdev_get_machine());
1184 unsigned int max_cpus = ms->smp.max_cpus;
1185 #endif
1186 /* uninitialised CPUs stay 0 */
1187 newstates = g_new0(char, max_cpus);
1188
1189 /* mark valid CPUs with 1 */
1190 CPU_FOREACH(cpu) {
1191 newstates[cpu->cpu_index] = 1;
1192 }
1193
1194 /*
1195 * res keeps track of what error we are returning, with -ENOTSUP meaning
1196 * that the command is unknown or unsupported, thus returning an empty
1197 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1198 * or incorrect parameters passed.
1199 */
1200 res = 0;
1201 while (*p) {
1202 if (*p++ != ';') {
1203 res = -ENOTSUP;
1204 goto out;
1205 }
1206
1207 cur_action = *p++;
1208 if (cur_action == 'C' || cur_action == 'S') {
1209 cur_action = qemu_tolower(cur_action);
1210 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1211 if (res) {
1212 goto out;
1213 }
1214 signal = gdb_signal_to_target(tmp);
1215 } else if (cur_action != 'c' && cur_action != 's') {
1216 /* unknown/invalid/unsupported command */
1217 res = -ENOTSUP;
1218 goto out;
1219 }
1220
1221 if (*p == '\0' || *p == ';') {
1222 /*
1223 * No thread specifier, action is on "all threads". The
1224 * specification is unclear regarding the process to act on. We
1225 * choose all processes.
1226 */
1227 kind = GDB_ALL_PROCESSES;
1228 } else if (*p++ == ':') {
1229 kind = read_thread_id(p, &p, &pid, &tid);
1230 } else {
1231 res = -ENOTSUP;
1232 goto out;
1233 }
1234
1235 switch (kind) {
1236 case GDB_READ_THREAD_ERR:
1237 res = -EINVAL;
1238 goto out;
1239
1240 case GDB_ALL_PROCESSES:
1241 cpu = gdb_first_attached_cpu(s);
1242 while (cpu) {
1243 if (newstates[cpu->cpu_index] == 1) {
1244 newstates[cpu->cpu_index] = cur_action;
1245 }
1246
1247 cpu = gdb_next_attached_cpu(s, cpu);
1248 }
1249 break;
1250
1251 case GDB_ALL_THREADS:
1252 process = gdb_get_process(s, pid);
1253
1254 if (!process->attached) {
1255 res = -EINVAL;
1256 goto out;
1257 }
1258
1259 cpu = get_first_cpu_in_process(s, process);
1260 while (cpu) {
1261 if (newstates[cpu->cpu_index] == 1) {
1262 newstates[cpu->cpu_index] = cur_action;
1263 }
1264
1265 cpu = gdb_next_cpu_in_process(s, cpu);
1266 }
1267 break;
1268
1269 case GDB_ONE_THREAD:
1270 cpu = gdb_get_cpu(s, pid, tid);
1271
1272 /* invalid CPU/thread specified */
1273 if (!cpu) {
1274 res = -EINVAL;
1275 goto out;
1276 }
1277
1278 /* only use if no previous match occourred */
1279 if (newstates[cpu->cpu_index] == 1) {
1280 newstates[cpu->cpu_index] = cur_action;
1281 }
1282 break;
1283 }
1284 }
1285 s->signal = signal;
1286 gdb_continue_partial(s, newstates);
1287
1288 out:
1289 g_free(newstates);
1290
1291 return res;
1292 }
1293
1294 typedef union GdbCmdVariant {
1295 const char *data;
1296 uint8_t opcode;
1297 unsigned long val_ul;
1298 unsigned long long val_ull;
1299 struct {
1300 GDBThreadIdKind kind;
1301 uint32_t pid;
1302 uint32_t tid;
1303 } thread_id;
1304 } GdbCmdVariant;
1305
cmd_next_param(const char * param,const char delimiter)1306 static const char *cmd_next_param(const char *param, const char delimiter)
1307 {
1308 static const char all_delimiters[] = ",;:=";
1309 char curr_delimiters[2] = {0};
1310 const char *delimiters;
1311
1312 if (delimiter == '?') {
1313 delimiters = all_delimiters;
1314 } else if (delimiter == '0') {
1315 return strchr(param, '\0');
1316 } else if (delimiter == '.' && *param) {
1317 return param + 1;
1318 } else {
1319 curr_delimiters[0] = delimiter;
1320 delimiters = curr_delimiters;
1321 }
1322
1323 param += strcspn(param, delimiters);
1324 if (*param) {
1325 param++;
1326 }
1327 return param;
1328 }
1329
cmd_parse_params(const char * data,const char * schema,GdbCmdVariant * params,int * num_params)1330 static int cmd_parse_params(const char *data, const char *schema,
1331 GdbCmdVariant *params, int *num_params)
1332 {
1333 int curr_param;
1334 const char *curr_schema, *curr_data;
1335
1336 *num_params = 0;
1337
1338 if (!schema) {
1339 return 0;
1340 }
1341
1342 curr_schema = schema;
1343 curr_param = 0;
1344 curr_data = data;
1345 while (curr_schema[0] && curr_schema[1] && *curr_data) {
1346 switch (curr_schema[0]) {
1347 case 'l':
1348 if (qemu_strtoul(curr_data, &curr_data, 16,
1349 ¶ms[curr_param].val_ul)) {
1350 return -EINVAL;
1351 }
1352 curr_param++;
1353 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1354 break;
1355 case 'L':
1356 if (qemu_strtou64(curr_data, &curr_data, 16,
1357 (uint64_t *)¶ms[curr_param].val_ull)) {
1358 return -EINVAL;
1359 }
1360 curr_param++;
1361 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1362 break;
1363 case 's':
1364 params[curr_param].data = curr_data;
1365 curr_param++;
1366 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1367 break;
1368 case 'o':
1369 params[curr_param].opcode = *(uint8_t *)curr_data;
1370 curr_param++;
1371 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1372 break;
1373 case 't':
1374 params[curr_param].thread_id.kind =
1375 read_thread_id(curr_data, &curr_data,
1376 ¶ms[curr_param].thread_id.pid,
1377 ¶ms[curr_param].thread_id.tid);
1378 curr_param++;
1379 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1380 break;
1381 case '?':
1382 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1383 break;
1384 default:
1385 return -EINVAL;
1386 }
1387 curr_schema += 2;
1388 }
1389
1390 *num_params = curr_param;
1391 return 0;
1392 }
1393
1394 typedef struct GdbCmdContext {
1395 GDBState *s;
1396 GdbCmdVariant *params;
1397 int num_params;
1398 uint8_t mem_buf[MAX_PACKET_LENGTH];
1399 char str_buf[MAX_PACKET_LENGTH + 1];
1400 } GdbCmdContext;
1401
1402 typedef void (*GdbCmdHandler)(GdbCmdContext *gdb_ctx, void *user_ctx);
1403
1404 /*
1405 * cmd_startswith -> cmd is compared using startswith
1406 *
1407 *
1408 * schema definitions:
1409 * Each schema parameter entry consists of 2 chars,
1410 * the first char represents the parameter type handling
1411 * the second char represents the delimiter for the next parameter
1412 *
1413 * Currently supported schema types:
1414 * 'l' -> unsigned long (stored in .val_ul)
1415 * 'L' -> unsigned long long (stored in .val_ull)
1416 * 's' -> string (stored in .data)
1417 * 'o' -> single char (stored in .opcode)
1418 * 't' -> thread id (stored in .thread_id)
1419 * '?' -> skip according to delimiter
1420 *
1421 * Currently supported delimiters:
1422 * '?' -> Stop at any delimiter (",;:=\0")
1423 * '0' -> Stop at "\0"
1424 * '.' -> Skip 1 char unless reached "\0"
1425 * Any other value is treated as the delimiter value itself
1426 */
1427 typedef struct GdbCmdParseEntry {
1428 GdbCmdHandler handler;
1429 const char *cmd;
1430 bool cmd_startswith;
1431 const char *schema;
1432 } GdbCmdParseEntry;
1433
startswith(const char * string,const char * pattern)1434 static inline int startswith(const char *string, const char *pattern)
1435 {
1436 return !strncmp(string, pattern, strlen(pattern));
1437 }
1438
process_string_cmd(GDBState * s,void * user_ctx,const char * data,const GdbCmdParseEntry * cmds,int num_cmds)1439 static int process_string_cmd(GDBState *s, void *user_ctx, const char *data,
1440 const GdbCmdParseEntry *cmds, int num_cmds)
1441 {
1442 int i, schema_len, max_num_params = 0;
1443 GdbCmdContext gdb_ctx;
1444
1445 if (!cmds) {
1446 return -1;
1447 }
1448
1449 for (i = 0; i < num_cmds; i++) {
1450 const GdbCmdParseEntry *cmd = &cmds[i];
1451 g_assert(cmd->handler && cmd->cmd);
1452
1453 if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1454 (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1455 continue;
1456 }
1457
1458 if (cmd->schema) {
1459 schema_len = strlen(cmd->schema);
1460 if (schema_len % 2) {
1461 return -2;
1462 }
1463
1464 max_num_params = schema_len / 2;
1465 }
1466
1467 gdb_ctx.params =
1468 (GdbCmdVariant *)alloca(sizeof(*gdb_ctx.params) * max_num_params);
1469 memset(gdb_ctx.params, 0, sizeof(*gdb_ctx.params) * max_num_params);
1470
1471 if (cmd_parse_params(&data[strlen(cmd->cmd)], cmd->schema,
1472 gdb_ctx.params, &gdb_ctx.num_params)) {
1473 return -1;
1474 }
1475
1476 gdb_ctx.s = s;
1477 cmd->handler(&gdb_ctx, user_ctx);
1478 return 0;
1479 }
1480
1481 return -1;
1482 }
1483
run_cmd_parser(GDBState * s,const char * data,const GdbCmdParseEntry * cmd)1484 static void run_cmd_parser(GDBState *s, const char *data,
1485 const GdbCmdParseEntry *cmd)
1486 {
1487 if (!data) {
1488 return;
1489 }
1490
1491 /* In case there was an error during the command parsing we must
1492 * send a NULL packet to indicate the command is not supported */
1493 if (process_string_cmd(s, NULL, data, cmd, 1)) {
1494 put_packet(s, "");
1495 }
1496 }
1497
handle_detach(GdbCmdContext * gdb_ctx,void * user_ctx)1498 static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
1499 {
1500 GDBProcess *process;
1501 GDBState *s = gdb_ctx->s;
1502 uint32_t pid = 1;
1503
1504 if (s->multiprocess) {
1505 if (!gdb_ctx->num_params) {
1506 put_packet(s, "E22");
1507 return;
1508 }
1509
1510 pid = gdb_ctx->params[0].val_ul;
1511 }
1512
1513 process = gdb_get_process(s, pid);
1514 gdb_process_breakpoint_remove_all(s, process);
1515 process->attached = false;
1516
1517 if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
1518 s->c_cpu = gdb_first_attached_cpu(s);
1519 }
1520
1521 if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
1522 s->g_cpu = gdb_first_attached_cpu(s);
1523 }
1524
1525 if (!s->c_cpu) {
1526 /* No more process attached */
1527 gdb_syscall_mode = GDB_SYS_DISABLED;
1528 gdb_continue(s);
1529 }
1530 put_packet(s, "OK");
1531 }
1532
handle_thread_alive(GdbCmdContext * gdb_ctx,void * user_ctx)1533 static void handle_thread_alive(GdbCmdContext *gdb_ctx, void *user_ctx)
1534 {
1535 CPUState *cpu;
1536
1537 if (!gdb_ctx->num_params) {
1538 put_packet(gdb_ctx->s, "E22");
1539 return;
1540 }
1541
1542 if (gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
1543 put_packet(gdb_ctx->s, "E22");
1544 return;
1545 }
1546
1547 cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
1548 gdb_ctx->params[0].thread_id.tid);
1549 if (!cpu) {
1550 put_packet(gdb_ctx->s, "E22");
1551 return;
1552 }
1553
1554 put_packet(gdb_ctx->s, "OK");
1555 }
1556
handle_continue(GdbCmdContext * gdb_ctx,void * user_ctx)1557 static void handle_continue(GdbCmdContext *gdb_ctx, void *user_ctx)
1558 {
1559 if (gdb_ctx->num_params) {
1560 gdb_set_cpu_pc(gdb_ctx->s, gdb_ctx->params[0].val_ull);
1561 }
1562
1563 gdb_ctx->s->signal = 0;
1564 gdb_continue(gdb_ctx->s);
1565 }
1566
handle_cont_with_sig(GdbCmdContext * gdb_ctx,void * user_ctx)1567 static void handle_cont_with_sig(GdbCmdContext *gdb_ctx, void *user_ctx)
1568 {
1569 unsigned long signal = 0;
1570
1571 /*
1572 * Note: C sig;[addr] is currently unsupported and we simply
1573 * omit the addr parameter
1574 */
1575 if (gdb_ctx->num_params) {
1576 signal = gdb_ctx->params[0].val_ul;
1577 }
1578
1579 gdb_ctx->s->signal = gdb_signal_to_target(signal);
1580 if (gdb_ctx->s->signal == -1) {
1581 gdb_ctx->s->signal = 0;
1582 }
1583 gdb_continue(gdb_ctx->s);
1584 }
1585
handle_set_thread(GdbCmdContext * gdb_ctx,void * user_ctx)1586 static void handle_set_thread(GdbCmdContext *gdb_ctx, void *user_ctx)
1587 {
1588 CPUState *cpu;
1589
1590 if (gdb_ctx->num_params != 2) {
1591 put_packet(gdb_ctx->s, "E22");
1592 return;
1593 }
1594
1595 if (gdb_ctx->params[1].thread_id.kind == GDB_READ_THREAD_ERR) {
1596 put_packet(gdb_ctx->s, "E22");
1597 return;
1598 }
1599
1600 if (gdb_ctx->params[1].thread_id.kind != GDB_ONE_THREAD) {
1601 put_packet(gdb_ctx->s, "OK");
1602 return;
1603 }
1604
1605 cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[1].thread_id.pid,
1606 gdb_ctx->params[1].thread_id.tid);
1607 if (!cpu) {
1608 put_packet(gdb_ctx->s, "E22");
1609 return;
1610 }
1611
1612 /*
1613 * Note: This command is deprecated and modern gdb's will be using the
1614 * vCont command instead.
1615 */
1616 switch (gdb_ctx->params[0].opcode) {
1617 case 'c':
1618 gdb_ctx->s->c_cpu = cpu;
1619 put_packet(gdb_ctx->s, "OK");
1620 break;
1621 case 'g':
1622 gdb_ctx->s->g_cpu = cpu;
1623 put_packet(gdb_ctx->s, "OK");
1624 break;
1625 default:
1626 put_packet(gdb_ctx->s, "E22");
1627 break;
1628 }
1629 }
1630
handle_insert_bp(GdbCmdContext * gdb_ctx,void * user_ctx)1631 static void handle_insert_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1632 {
1633 int res;
1634
1635 if (gdb_ctx->num_params != 3) {
1636 put_packet(gdb_ctx->s, "E22");
1637 return;
1638 }
1639
1640 res = gdb_breakpoint_insert(gdb_ctx->params[0].val_ul,
1641 gdb_ctx->params[1].val_ull,
1642 gdb_ctx->params[2].val_ull);
1643 if (res >= 0) {
1644 put_packet(gdb_ctx->s, "OK");
1645 return;
1646 } else if (res == -ENOSYS) {
1647 put_packet(gdb_ctx->s, "");
1648 return;
1649 }
1650
1651 put_packet(gdb_ctx->s, "E22");
1652 }
1653
handle_remove_bp(GdbCmdContext * gdb_ctx,void * user_ctx)1654 static void handle_remove_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
1655 {
1656 int res;
1657
1658 if (gdb_ctx->num_params != 3) {
1659 put_packet(gdb_ctx->s, "E22");
1660 return;
1661 }
1662
1663 res = gdb_breakpoint_remove(gdb_ctx->params[0].val_ul,
1664 gdb_ctx->params[1].val_ull,
1665 gdb_ctx->params[2].val_ull);
1666 if (res >= 0) {
1667 put_packet(gdb_ctx->s, "OK");
1668 return;
1669 } else if (res == -ENOSYS) {
1670 put_packet(gdb_ctx->s, "");
1671 return;
1672 }
1673
1674 put_packet(gdb_ctx->s, "E22");
1675 }
1676
1677 /*
1678 * handle_set/get_reg
1679 *
1680 * Older gdb are really dumb, and don't use 'G/g' if 'P/p' is available.
1681 * This works, but can be very slow. Anything new enough to understand
1682 * XML also knows how to use this properly. However to use this we
1683 * need to define a local XML file as well as be talking to a
1684 * reasonably modern gdb. Responding with an empty packet will cause
1685 * the remote gdb to fallback to older methods.
1686 */
1687
handle_set_reg(GdbCmdContext * gdb_ctx,void * user_ctx)1688 static void handle_set_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1689 {
1690 int reg_size;
1691
1692 if (!gdb_has_xml) {
1693 put_packet(gdb_ctx->s, "");
1694 return;
1695 }
1696
1697 if (gdb_ctx->num_params != 2) {
1698 put_packet(gdb_ctx->s, "E22");
1699 return;
1700 }
1701
1702 reg_size = strlen(gdb_ctx->params[1].data) / 2;
1703 hextomem(gdb_ctx->mem_buf, gdb_ctx->params[1].data, reg_size);
1704 gdb_write_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf,
1705 gdb_ctx->params[0].val_ull);
1706 put_packet(gdb_ctx->s, "OK");
1707 }
1708
handle_get_reg(GdbCmdContext * gdb_ctx,void * user_ctx)1709 static void handle_get_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
1710 {
1711 int reg_size;
1712
1713 if (!gdb_has_xml) {
1714 put_packet(gdb_ctx->s, "");
1715 return;
1716 }
1717
1718 if (!gdb_ctx->num_params) {
1719 put_packet(gdb_ctx->s, "E14");
1720 return;
1721 }
1722
1723 reg_size = gdb_read_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf,
1724 gdb_ctx->params[0].val_ull);
1725 if (!reg_size) {
1726 put_packet(gdb_ctx->s, "E14");
1727 return;
1728 }
1729
1730 memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, reg_size);
1731 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1732 }
1733
handle_write_mem(GdbCmdContext * gdb_ctx,void * user_ctx)1734 static void handle_write_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1735 {
1736 if (gdb_ctx->num_params != 3) {
1737 put_packet(gdb_ctx->s, "E22");
1738 return;
1739 }
1740
1741 /* hextomem() reads 2*len bytes */
1742 if (gdb_ctx->params[1].val_ull > strlen(gdb_ctx->params[2].data) / 2) {
1743 put_packet(gdb_ctx->s, "E22");
1744 return;
1745 }
1746
1747 hextomem(gdb_ctx->mem_buf, gdb_ctx->params[2].data,
1748 gdb_ctx->params[1].val_ull);
1749 if (target_memory_rw_debug(gdb_ctx->s->g_cpu, gdb_ctx->params[0].val_ull,
1750 gdb_ctx->mem_buf,
1751 gdb_ctx->params[1].val_ull, true)) {
1752 put_packet(gdb_ctx->s, "E14");
1753 return;
1754 }
1755
1756 put_packet(gdb_ctx->s, "OK");
1757 }
1758
handle_read_mem(GdbCmdContext * gdb_ctx,void * user_ctx)1759 static void handle_read_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
1760 {
1761 if (gdb_ctx->num_params != 2) {
1762 put_packet(gdb_ctx->s, "E22");
1763 return;
1764 }
1765
1766 /* memtohex() doubles the required space */
1767 if (gdb_ctx->params[1].val_ull > MAX_PACKET_LENGTH / 2) {
1768 put_packet(gdb_ctx->s, "E22");
1769 return;
1770 }
1771
1772 if (target_memory_rw_debug(gdb_ctx->s->g_cpu, gdb_ctx->params[0].val_ull,
1773 gdb_ctx->mem_buf,
1774 gdb_ctx->params[1].val_ull, false)) {
1775 put_packet(gdb_ctx->s, "E14");
1776 return;
1777 }
1778
1779 memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, gdb_ctx->params[1].val_ull);
1780 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1781 }
1782
handle_write_all_regs(GdbCmdContext * gdb_ctx,void * user_ctx)1783 static void handle_write_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1784 {
1785 target_ulong addr, len;
1786 uint8_t *registers;
1787 int reg_size;
1788
1789 if (!gdb_ctx->num_params) {
1790 return;
1791 }
1792
1793 cpu_synchronize_state(gdb_ctx->s->g_cpu);
1794 registers = gdb_ctx->mem_buf;
1795 len = strlen(gdb_ctx->params[0].data) / 2;
1796 hextomem(registers, gdb_ctx->params[0].data, len);
1797 for (addr = 0; addr < gdb_ctx->s->g_cpu->gdb_num_g_regs && len > 0;
1798 addr++) {
1799 reg_size = gdb_write_register(gdb_ctx->s->g_cpu, registers, addr);
1800 len -= reg_size;
1801 registers += reg_size;
1802 }
1803 put_packet(gdb_ctx->s, "OK");
1804 }
1805
handle_read_all_regs(GdbCmdContext * gdb_ctx,void * user_ctx)1806 static void handle_read_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
1807 {
1808 target_ulong addr, len;
1809
1810 cpu_synchronize_state(gdb_ctx->s->g_cpu);
1811 len = 0;
1812 for (addr = 0; addr < gdb_ctx->s->g_cpu->gdb_num_g_regs; addr++) {
1813 len += gdb_read_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf + len,
1814 addr);
1815 }
1816
1817 memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, len);
1818 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1819 }
1820
handle_file_io(GdbCmdContext * gdb_ctx,void * user_ctx)1821 static void handle_file_io(GdbCmdContext *gdb_ctx, void *user_ctx)
1822 {
1823 if (gdb_ctx->num_params >= 1 && gdb_ctx->s->current_syscall_cb) {
1824 target_ulong ret, err;
1825
1826 ret = (target_ulong)gdb_ctx->params[0].val_ull;
1827 if (gdb_ctx->num_params >= 2) {
1828 err = (target_ulong)gdb_ctx->params[1].val_ull;
1829 } else {
1830 err = 0;
1831 }
1832 gdb_ctx->s->current_syscall_cb(gdb_ctx->s->c_cpu, ret, err);
1833 gdb_ctx->s->current_syscall_cb = NULL;
1834 }
1835
1836 if (gdb_ctx->num_params >= 3 && gdb_ctx->params[2].opcode == (uint8_t)'C') {
1837 put_packet(gdb_ctx->s, "T02");
1838 return;
1839 }
1840
1841 gdb_continue(gdb_ctx->s);
1842 }
1843
handle_step(GdbCmdContext * gdb_ctx,void * user_ctx)1844 static void handle_step(GdbCmdContext *gdb_ctx, void *user_ctx)
1845 {
1846 if (gdb_ctx->num_params) {
1847 gdb_set_cpu_pc(gdb_ctx->s, (target_ulong)gdb_ctx->params[0].val_ull);
1848 }
1849
1850 cpu_single_step(gdb_ctx->s->c_cpu, sstep_flags);
1851 gdb_continue(gdb_ctx->s);
1852 }
1853
handle_v_cont_query(GdbCmdContext * gdb_ctx,void * user_ctx)1854 static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
1855 {
1856 put_packet(gdb_ctx->s, "vCont;c;C;s;S");
1857 }
1858
handle_v_cont(GdbCmdContext * gdb_ctx,void * user_ctx)1859 static void handle_v_cont(GdbCmdContext *gdb_ctx, void *user_ctx)
1860 {
1861 int res;
1862
1863 if (!gdb_ctx->num_params) {
1864 return;
1865 }
1866
1867 res = gdb_handle_vcont(gdb_ctx->s, gdb_ctx->params[0].data);
1868 if ((res == -EINVAL) || (res == -ERANGE)) {
1869 put_packet(gdb_ctx->s, "E22");
1870 } else if (res) {
1871 put_packet(gdb_ctx->s, "");
1872 }
1873 }
1874
handle_v_attach(GdbCmdContext * gdb_ctx,void * user_ctx)1875 static void handle_v_attach(GdbCmdContext *gdb_ctx, void *user_ctx)
1876 {
1877 GDBProcess *process;
1878 CPUState *cpu;
1879 char thread_id[16];
1880
1881 pstrcpy(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "E22");
1882 if (!gdb_ctx->num_params) {
1883 goto cleanup;
1884 }
1885
1886 process = gdb_get_process(gdb_ctx->s, gdb_ctx->params[0].val_ul);
1887 if (!process) {
1888 goto cleanup;
1889 }
1890
1891 cpu = get_first_cpu_in_process(gdb_ctx->s, process);
1892 if (!cpu) {
1893 goto cleanup;
1894 }
1895
1896 process->attached = true;
1897 gdb_ctx->s->g_cpu = cpu;
1898 gdb_ctx->s->c_cpu = cpu;
1899
1900 gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
1901 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
1902 GDB_SIGNAL_TRAP, thread_id);
1903 cleanup:
1904 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1905 }
1906
handle_v_kill(GdbCmdContext * gdb_ctx,void * user_ctx)1907 static void handle_v_kill(GdbCmdContext *gdb_ctx, void *user_ctx)
1908 {
1909 /* Kill the target */
1910 put_packet(gdb_ctx->s, "OK");
1911 error_report("QEMU: Terminated via GDBstub");
1912 exit(0);
1913 }
1914
1915 static GdbCmdParseEntry gdb_v_commands_table[] = {
1916 /* Order is important if has same prefix */
1917 {
1918 .handler = handle_v_cont_query,
1919 .cmd = "Cont?",
1920 .cmd_startswith = 1
1921 },
1922 {
1923 .handler = handle_v_cont,
1924 .cmd = "Cont",
1925 .cmd_startswith = 1,
1926 .schema = "s0"
1927 },
1928 {
1929 .handler = handle_v_attach,
1930 .cmd = "Attach;",
1931 .cmd_startswith = 1,
1932 .schema = "l0"
1933 },
1934 {
1935 .handler = handle_v_kill,
1936 .cmd = "Kill;",
1937 .cmd_startswith = 1
1938 },
1939 };
1940
handle_v_commands(GdbCmdContext * gdb_ctx,void * user_ctx)1941 static void handle_v_commands(GdbCmdContext *gdb_ctx, void *user_ctx)
1942 {
1943 if (!gdb_ctx->num_params) {
1944 return;
1945 }
1946
1947 if (process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
1948 gdb_v_commands_table,
1949 ARRAY_SIZE(gdb_v_commands_table))) {
1950 put_packet(gdb_ctx->s, "");
1951 }
1952 }
1953
handle_query_qemu_sstepbits(GdbCmdContext * gdb_ctx,void * user_ctx)1954 static void handle_query_qemu_sstepbits(GdbCmdContext *gdb_ctx, void *user_ctx)
1955 {
1956 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
1957 "ENABLE=%x,NOIRQ=%x,NOTIMER=%x", SSTEP_ENABLE,
1958 SSTEP_NOIRQ, SSTEP_NOTIMER);
1959 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1960 }
1961
handle_set_qemu_sstep(GdbCmdContext * gdb_ctx,void * user_ctx)1962 static void handle_set_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1963 {
1964 if (!gdb_ctx->num_params) {
1965 return;
1966 }
1967
1968 sstep_flags = gdb_ctx->params[0].val_ul;
1969 put_packet(gdb_ctx->s, "OK");
1970 }
1971
handle_query_qemu_sstep(GdbCmdContext * gdb_ctx,void * user_ctx)1972 static void handle_query_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
1973 {
1974 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "0x%x", sstep_flags);
1975 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1976 }
1977
handle_query_curr_tid(GdbCmdContext * gdb_ctx,void * user_ctx)1978 static void handle_query_curr_tid(GdbCmdContext *gdb_ctx, void *user_ctx)
1979 {
1980 CPUState *cpu;
1981 GDBProcess *process;
1982 char thread_id[16];
1983
1984 /*
1985 * "Current thread" remains vague in the spec, so always return
1986 * the first thread of the current process (gdb returns the
1987 * first thread).
1988 */
1989 process = gdb_get_cpu_process(gdb_ctx->s, gdb_ctx->s->g_cpu);
1990 cpu = get_first_cpu_in_process(gdb_ctx->s, process);
1991 gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
1992 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "QC%s", thread_id);
1993 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
1994 }
1995
handle_query_threads(GdbCmdContext * gdb_ctx,void * user_ctx)1996 static void handle_query_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
1997 {
1998 char thread_id[16];
1999
2000 if (!gdb_ctx->s->query_cpu) {
2001 put_packet(gdb_ctx->s, "l");
2002 return;
2003 }
2004
2005 gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->query_cpu, thread_id,
2006 sizeof(thread_id));
2007 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "m%s", thread_id);
2008 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2009 gdb_ctx->s->query_cpu =
2010 gdb_next_attached_cpu(gdb_ctx->s, gdb_ctx->s->query_cpu);
2011 }
2012
handle_query_first_threads(GdbCmdContext * gdb_ctx,void * user_ctx)2013 static void handle_query_first_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
2014 {
2015 gdb_ctx->s->query_cpu = gdb_first_attached_cpu(gdb_ctx->s);
2016 handle_query_threads(gdb_ctx, user_ctx);
2017 }
2018
handle_query_thread_extra(GdbCmdContext * gdb_ctx,void * user_ctx)2019 static void handle_query_thread_extra(GdbCmdContext *gdb_ctx, void *user_ctx)
2020 {
2021 CPUState *cpu;
2022 int len;
2023
2024 if (!gdb_ctx->num_params ||
2025 gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
2026 put_packet(gdb_ctx->s, "E22");
2027 return;
2028 }
2029
2030 cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
2031 gdb_ctx->params[0].thread_id.tid);
2032 if (!cpu) {
2033 return;
2034 }
2035
2036 cpu_synchronize_state(cpu);
2037
2038 if (gdb_ctx->s->multiprocess && (gdb_ctx->s->process_num > 1)) {
2039 /* Print the CPU model and name in multiprocess mode */
2040 ObjectClass *oc = object_get_class(OBJECT(cpu));
2041 const char *cpu_model = object_class_get_name(oc);
2042 char *cpu_name = object_get_canonical_path_component(OBJECT(cpu));
2043 len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 2,
2044 "%s %s [%s]", cpu_model, cpu_name,
2045 cpu->halted ? "halted " : "running");
2046 g_free(cpu_name);
2047 } else {
2048 /* memtohex() doubles the required space */
2049 len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 2,
2050 "CPU#%d [%s]", cpu->cpu_index,
2051 cpu->halted ? "halted " : "running");
2052 }
2053 trace_gdbstub_op_extra_info((char *)gdb_ctx->mem_buf);
2054 memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, len);
2055 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2056 }
2057
2058 #ifdef CONFIG_USER_ONLY
handle_query_offsets(GdbCmdContext * gdb_ctx,void * user_ctx)2059 static void handle_query_offsets(GdbCmdContext *gdb_ctx, void *user_ctx)
2060 {
2061 TaskState *ts;
2062
2063 ts = gdb_ctx->s->c_cpu->opaque;
2064 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
2065 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
2066 ";Bss=" TARGET_ABI_FMT_lx,
2067 ts->info->code_offset,
2068 ts->info->data_offset,
2069 ts->info->data_offset);
2070 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2071 }
2072 #else
handle_query_rcmd(GdbCmdContext * gdb_ctx,void * user_ctx)2073 static void handle_query_rcmd(GdbCmdContext *gdb_ctx, void *user_ctx)
2074 {
2075 int len;
2076
2077 if (!gdb_ctx->num_params) {
2078 put_packet(gdb_ctx->s, "E22");
2079 return;
2080 }
2081
2082 len = strlen(gdb_ctx->params[0].data);
2083 if (len % 2) {
2084 put_packet(gdb_ctx->s, "E01");
2085 return;
2086 }
2087
2088 len = len / 2;
2089 hextomem(gdb_ctx->mem_buf, gdb_ctx->params[0].data, len);
2090 gdb_ctx->mem_buf[len++] = 0;
2091 qemu_chr_be_write(gdb_ctx->s->mon_chr, gdb_ctx->mem_buf, len);
2092 put_packet(gdb_ctx->s, "OK");
2093
2094 }
2095 #endif
2096
handle_query_supported(GdbCmdContext * gdb_ctx,void * user_ctx)2097 static void handle_query_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2098 {
2099 CPUClass *cc;
2100
2101 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "PacketSize=%x",
2102 MAX_PACKET_LENGTH);
2103 cc = CPU_GET_CLASS(first_cpu);
2104 if (cc->gdb_core_xml_file) {
2105 pstrcat(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
2106 ";qXfer:features:read+");
2107 }
2108
2109 if (gdb_ctx->num_params &&
2110 strstr(gdb_ctx->params[0].data, "multiprocess+")) {
2111 gdb_ctx->s->multiprocess = true;
2112 }
2113
2114 pstrcat(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), ";multiprocess+");
2115 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2116 }
2117
handle_query_xfer_features(GdbCmdContext * gdb_ctx,void * user_ctx)2118 static void handle_query_xfer_features(GdbCmdContext *gdb_ctx, void *user_ctx)
2119 {
2120 GDBProcess *process;
2121 CPUClass *cc;
2122 unsigned long len, total_len, addr;
2123 const char *xml;
2124 const char *p;
2125
2126 if (gdb_ctx->num_params < 3) {
2127 put_packet(gdb_ctx->s, "E22");
2128 return;
2129 }
2130
2131 process = gdb_get_cpu_process(gdb_ctx->s, gdb_ctx->s->g_cpu);
2132 cc = CPU_GET_CLASS(gdb_ctx->s->g_cpu);
2133 if (!cc->gdb_core_xml_file) {
2134 put_packet(gdb_ctx->s, "");
2135 return;
2136 }
2137
2138 gdb_has_xml = true;
2139 p = gdb_ctx->params[0].data;
2140 xml = get_feature_xml(gdb_ctx->s, p, &p, process);
2141 if (!xml) {
2142 put_packet(gdb_ctx->s, "E00");
2143 return;
2144 }
2145
2146 addr = gdb_ctx->params[1].val_ul;
2147 len = gdb_ctx->params[2].val_ul;
2148 total_len = strlen(xml);
2149 if (addr > total_len) {
2150 put_packet(gdb_ctx->s, "E00");
2151 return;
2152 }
2153
2154 if (len > (MAX_PACKET_LENGTH - 5) / 2) {
2155 len = (MAX_PACKET_LENGTH - 5) / 2;
2156 }
2157
2158 if (len < total_len - addr) {
2159 gdb_ctx->str_buf[0] = 'm';
2160 len = memtox(gdb_ctx->str_buf + 1, xml + addr, len);
2161 } else {
2162 gdb_ctx->str_buf[0] = 'l';
2163 len = memtox(gdb_ctx->str_buf + 1, xml + addr, total_len - addr);
2164 }
2165
2166 put_packet_binary(gdb_ctx->s, gdb_ctx->str_buf, len + 1, true);
2167 }
2168
handle_query_attached(GdbCmdContext * gdb_ctx,void * user_ctx)2169 static void handle_query_attached(GdbCmdContext *gdb_ctx, void *user_ctx)
2170 {
2171 put_packet(gdb_ctx->s, GDB_ATTACHED);
2172 }
2173
handle_query_qemu_supported(GdbCmdContext * gdb_ctx,void * user_ctx)2174 static void handle_query_qemu_supported(GdbCmdContext *gdb_ctx, void *user_ctx)
2175 {
2176 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "sstepbits;sstep");
2177 #ifndef CONFIG_USER_ONLY
2178 pstrcat(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), ";PhyMemMode");
2179 #endif
2180 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2181 }
2182
2183 #ifndef CONFIG_USER_ONLY
handle_query_qemu_phy_mem_mode(GdbCmdContext * gdb_ctx,void * user_ctx)2184 static void handle_query_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx,
2185 void *user_ctx)
2186 {
2187 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "%d", phy_memory_mode);
2188 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2189 }
2190
handle_set_qemu_phy_mem_mode(GdbCmdContext * gdb_ctx,void * user_ctx)2191 static void handle_set_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx, void *user_ctx)
2192 {
2193 if (!gdb_ctx->num_params) {
2194 put_packet(gdb_ctx->s, "E22");
2195 return;
2196 }
2197
2198 if (!gdb_ctx->params[0].val_ul) {
2199 phy_memory_mode = 0;
2200 } else {
2201 phy_memory_mode = 1;
2202 }
2203 put_packet(gdb_ctx->s, "OK");
2204 }
2205 #endif
2206
2207 static GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
2208 /* Order is important if has same prefix */
2209 {
2210 .handler = handle_query_qemu_sstepbits,
2211 .cmd = "qemu.sstepbits",
2212 },
2213 {
2214 .handler = handle_query_qemu_sstep,
2215 .cmd = "qemu.sstep",
2216 },
2217 {
2218 .handler = handle_set_qemu_sstep,
2219 .cmd = "qemu.sstep=",
2220 .cmd_startswith = 1,
2221 .schema = "l0"
2222 },
2223 };
2224
2225 static GdbCmdParseEntry gdb_gen_query_table[] = {
2226 {
2227 .handler = handle_query_curr_tid,
2228 .cmd = "C",
2229 },
2230 {
2231 .handler = handle_query_threads,
2232 .cmd = "sThreadInfo",
2233 },
2234 {
2235 .handler = handle_query_first_threads,
2236 .cmd = "fThreadInfo",
2237 },
2238 {
2239 .handler = handle_query_thread_extra,
2240 .cmd = "ThreadExtraInfo,",
2241 .cmd_startswith = 1,
2242 .schema = "t0"
2243 },
2244 #ifdef CONFIG_USER_ONLY
2245 {
2246 .handler = handle_query_offsets,
2247 .cmd = "Offsets",
2248 },
2249 #else
2250 {
2251 .handler = handle_query_rcmd,
2252 .cmd = "Rcmd,",
2253 .cmd_startswith = 1,
2254 .schema = "s0"
2255 },
2256 #endif
2257 {
2258 .handler = handle_query_supported,
2259 .cmd = "Supported:",
2260 .cmd_startswith = 1,
2261 .schema = "s0"
2262 },
2263 {
2264 .handler = handle_query_supported,
2265 .cmd = "Supported",
2266 .schema = "s0"
2267 },
2268 {
2269 .handler = handle_query_xfer_features,
2270 .cmd = "Xfer:features:read:",
2271 .cmd_startswith = 1,
2272 .schema = "s:l,l0"
2273 },
2274 {
2275 .handler = handle_query_attached,
2276 .cmd = "Attached:",
2277 .cmd_startswith = 1
2278 },
2279 {
2280 .handler = handle_query_attached,
2281 .cmd = "Attached",
2282 },
2283 {
2284 .handler = handle_query_qemu_supported,
2285 .cmd = "qemu.Supported",
2286 },
2287 #ifndef CONFIG_USER_ONLY
2288 {
2289 .handler = handle_query_qemu_phy_mem_mode,
2290 .cmd = "qemu.PhyMemMode",
2291 },
2292 #endif
2293 };
2294
2295 static GdbCmdParseEntry gdb_gen_set_table[] = {
2296 /* Order is important if has same prefix */
2297 {
2298 .handler = handle_set_qemu_sstep,
2299 .cmd = "qemu.sstep:",
2300 .cmd_startswith = 1,
2301 .schema = "l0"
2302 },
2303 #ifndef CONFIG_USER_ONLY
2304 {
2305 .handler = handle_set_qemu_phy_mem_mode,
2306 .cmd = "qemu.PhyMemMode:",
2307 .cmd_startswith = 1,
2308 .schema = "l0"
2309 },
2310 #endif
2311 };
2312
handle_gen_query(GdbCmdContext * gdb_ctx,void * user_ctx)2313 static void handle_gen_query(GdbCmdContext *gdb_ctx, void *user_ctx)
2314 {
2315 if (!gdb_ctx->num_params) {
2316 return;
2317 }
2318
2319 if (!process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
2320 gdb_gen_query_set_common_table,
2321 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2322 return;
2323 }
2324
2325 if (process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
2326 gdb_gen_query_table,
2327 ARRAY_SIZE(gdb_gen_query_table))) {
2328 put_packet(gdb_ctx->s, "");
2329 }
2330 }
2331
handle_gen_set(GdbCmdContext * gdb_ctx,void * user_ctx)2332 static void handle_gen_set(GdbCmdContext *gdb_ctx, void *user_ctx)
2333 {
2334 if (!gdb_ctx->num_params) {
2335 return;
2336 }
2337
2338 if (!process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
2339 gdb_gen_query_set_common_table,
2340 ARRAY_SIZE(gdb_gen_query_set_common_table))) {
2341 return;
2342 }
2343
2344 if (process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
2345 gdb_gen_set_table,
2346 ARRAY_SIZE(gdb_gen_set_table))) {
2347 put_packet(gdb_ctx->s, "");
2348 }
2349 }
2350
handle_target_halt(GdbCmdContext * gdb_ctx,void * user_ctx)2351 static void handle_target_halt(GdbCmdContext *gdb_ctx, void *user_ctx)
2352 {
2353 char thread_id[16];
2354
2355 gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->c_cpu, thread_id,
2356 sizeof(thread_id));
2357 snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
2358 GDB_SIGNAL_TRAP, thread_id);
2359 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
2360 /*
2361 * Remove all the breakpoints when this query is issued,
2362 * because gdb is doing an initial connect and the state
2363 * should be cleaned up.
2364 */
2365 gdb_breakpoint_remove_all();
2366 }
2367
gdb_handle_packet(GDBState * s,const char * line_buf)2368 static int gdb_handle_packet(GDBState *s, const char *line_buf)
2369 {
2370 const GdbCmdParseEntry *cmd_parser = NULL;
2371
2372 trace_gdbstub_io_command(line_buf);
2373
2374 switch (line_buf[0]) {
2375 case '!':
2376 put_packet(s, "OK");
2377 break;
2378 case '?':
2379 {
2380 static const GdbCmdParseEntry target_halted_cmd_desc = {
2381 .handler = handle_target_halt,
2382 .cmd = "?",
2383 .cmd_startswith = 1
2384 };
2385 cmd_parser = &target_halted_cmd_desc;
2386 }
2387 break;
2388 case 'c':
2389 {
2390 static const GdbCmdParseEntry continue_cmd_desc = {
2391 .handler = handle_continue,
2392 .cmd = "c",
2393 .cmd_startswith = 1,
2394 .schema = "L0"
2395 };
2396 cmd_parser = &continue_cmd_desc;
2397 }
2398 break;
2399 case 'C':
2400 {
2401 static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
2402 .handler = handle_cont_with_sig,
2403 .cmd = "C",
2404 .cmd_startswith = 1,
2405 .schema = "l0"
2406 };
2407 cmd_parser = &cont_with_sig_cmd_desc;
2408 }
2409 break;
2410 case 'v':
2411 {
2412 static const GdbCmdParseEntry v_cmd_desc = {
2413 .handler = handle_v_commands,
2414 .cmd = "v",
2415 .cmd_startswith = 1,
2416 .schema = "s0"
2417 };
2418 cmd_parser = &v_cmd_desc;
2419 }
2420 break;
2421 case 'k':
2422 /* Kill the target */
2423 error_report("QEMU: Terminated via GDBstub");
2424 exit(0);
2425 case 'D':
2426 {
2427 static const GdbCmdParseEntry detach_cmd_desc = {
2428 .handler = handle_detach,
2429 .cmd = "D",
2430 .cmd_startswith = 1,
2431 .schema = "?.l0"
2432 };
2433 cmd_parser = &detach_cmd_desc;
2434 }
2435 break;
2436 case 's':
2437 {
2438 static const GdbCmdParseEntry step_cmd_desc = {
2439 .handler = handle_step,
2440 .cmd = "s",
2441 .cmd_startswith = 1,
2442 .schema = "L0"
2443 };
2444 cmd_parser = &step_cmd_desc;
2445 }
2446 break;
2447 case 'F':
2448 {
2449 static const GdbCmdParseEntry file_io_cmd_desc = {
2450 .handler = handle_file_io,
2451 .cmd = "F",
2452 .cmd_startswith = 1,
2453 .schema = "L,L,o0"
2454 };
2455 cmd_parser = &file_io_cmd_desc;
2456 }
2457 break;
2458 case 'g':
2459 {
2460 static const GdbCmdParseEntry read_all_regs_cmd_desc = {
2461 .handler = handle_read_all_regs,
2462 .cmd = "g",
2463 .cmd_startswith = 1
2464 };
2465 cmd_parser = &read_all_regs_cmd_desc;
2466 }
2467 break;
2468 case 'G':
2469 {
2470 static const GdbCmdParseEntry write_all_regs_cmd_desc = {
2471 .handler = handle_write_all_regs,
2472 .cmd = "G",
2473 .cmd_startswith = 1,
2474 .schema = "s0"
2475 };
2476 cmd_parser = &write_all_regs_cmd_desc;
2477 }
2478 break;
2479 case 'm':
2480 {
2481 static const GdbCmdParseEntry read_mem_cmd_desc = {
2482 .handler = handle_read_mem,
2483 .cmd = "m",
2484 .cmd_startswith = 1,
2485 .schema = "L,L0"
2486 };
2487 cmd_parser = &read_mem_cmd_desc;
2488 }
2489 break;
2490 case 'M':
2491 {
2492 static const GdbCmdParseEntry write_mem_cmd_desc = {
2493 .handler = handle_write_mem,
2494 .cmd = "M",
2495 .cmd_startswith = 1,
2496 .schema = "L,L:s0"
2497 };
2498 cmd_parser = &write_mem_cmd_desc;
2499 }
2500 break;
2501 case 'p':
2502 {
2503 static const GdbCmdParseEntry get_reg_cmd_desc = {
2504 .handler = handle_get_reg,
2505 .cmd = "p",
2506 .cmd_startswith = 1,
2507 .schema = "L0"
2508 };
2509 cmd_parser = &get_reg_cmd_desc;
2510 }
2511 break;
2512 case 'P':
2513 {
2514 static const GdbCmdParseEntry set_reg_cmd_desc = {
2515 .handler = handle_set_reg,
2516 .cmd = "P",
2517 .cmd_startswith = 1,
2518 .schema = "L?s0"
2519 };
2520 cmd_parser = &set_reg_cmd_desc;
2521 }
2522 break;
2523 case 'Z':
2524 {
2525 static const GdbCmdParseEntry insert_bp_cmd_desc = {
2526 .handler = handle_insert_bp,
2527 .cmd = "Z",
2528 .cmd_startswith = 1,
2529 .schema = "l?L?L0"
2530 };
2531 cmd_parser = &insert_bp_cmd_desc;
2532 }
2533 break;
2534 case 'z':
2535 {
2536 static const GdbCmdParseEntry remove_bp_cmd_desc = {
2537 .handler = handle_remove_bp,
2538 .cmd = "z",
2539 .cmd_startswith = 1,
2540 .schema = "l?L?L0"
2541 };
2542 cmd_parser = &remove_bp_cmd_desc;
2543 }
2544 break;
2545 case 'H':
2546 {
2547 static const GdbCmdParseEntry set_thread_cmd_desc = {
2548 .handler = handle_set_thread,
2549 .cmd = "H",
2550 .cmd_startswith = 1,
2551 .schema = "o.t0"
2552 };
2553 cmd_parser = &set_thread_cmd_desc;
2554 }
2555 break;
2556 case 'T':
2557 {
2558 static const GdbCmdParseEntry thread_alive_cmd_desc = {
2559 .handler = handle_thread_alive,
2560 .cmd = "T",
2561 .cmd_startswith = 1,
2562 .schema = "t0"
2563 };
2564 cmd_parser = &thread_alive_cmd_desc;
2565 }
2566 break;
2567 case 'q':
2568 {
2569 static const GdbCmdParseEntry gen_query_cmd_desc = {
2570 .handler = handle_gen_query,
2571 .cmd = "q",
2572 .cmd_startswith = 1,
2573 .schema = "s0"
2574 };
2575 cmd_parser = &gen_query_cmd_desc;
2576 }
2577 break;
2578 case 'Q':
2579 {
2580 static const GdbCmdParseEntry gen_set_cmd_desc = {
2581 .handler = handle_gen_set,
2582 .cmd = "Q",
2583 .cmd_startswith = 1,
2584 .schema = "s0"
2585 };
2586 cmd_parser = &gen_set_cmd_desc;
2587 }
2588 break;
2589 default:
2590 /* put empty packet */
2591 put_packet(s, "");
2592 break;
2593 }
2594
2595 if (cmd_parser) {
2596 run_cmd_parser(s, line_buf, cmd_parser);
2597 }
2598
2599 return RS_IDLE;
2600 }
2601
gdb_set_stop_cpu(CPUState * cpu)2602 void gdb_set_stop_cpu(CPUState *cpu)
2603 {
2604 GDBProcess *p = gdb_get_cpu_process(gdbserver_state, cpu);
2605
2606 if (!p->attached) {
2607 /*
2608 * Having a stop CPU corresponding to a process that is not attached
2609 * confuses GDB. So we ignore the request.
2610 */
2611 return;
2612 }
2613
2614 gdbserver_state->c_cpu = cpu;
2615 gdbserver_state->g_cpu = cpu;
2616 }
2617
2618 #ifndef CONFIG_USER_ONLY
gdb_vm_state_change(void * opaque,int running,RunState state)2619 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2620 {
2621 GDBState *s = gdbserver_state;
2622 CPUState *cpu = s->c_cpu;
2623 char buf[256];
2624 char thread_id[16];
2625 const char *type;
2626 int ret;
2627
2628 if (running || s->state == RS_INACTIVE) {
2629 return;
2630 }
2631 /* Is there a GDB syscall waiting to be sent? */
2632 if (s->current_syscall_cb) {
2633 put_packet(s, s->syscall_buf);
2634 return;
2635 }
2636
2637 if (cpu == NULL) {
2638 /* No process attached */
2639 return;
2640 }
2641
2642 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id));
2643
2644 switch (state) {
2645 case RUN_STATE_DEBUG:
2646 if (cpu->watchpoint_hit) {
2647 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2648 case BP_MEM_READ:
2649 type = "r";
2650 break;
2651 case BP_MEM_ACCESS:
2652 type = "a";
2653 break;
2654 default:
2655 type = "";
2656 break;
2657 }
2658 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2659 (target_ulong)cpu->watchpoint_hit->vaddr);
2660 snprintf(buf, sizeof(buf),
2661 "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2662 GDB_SIGNAL_TRAP, thread_id, type,
2663 (target_ulong)cpu->watchpoint_hit->vaddr);
2664 cpu->watchpoint_hit = NULL;
2665 goto send_packet;
2666 } else {
2667 trace_gdbstub_hit_break();
2668 }
2669 tb_flush(cpu);
2670 ret = GDB_SIGNAL_TRAP;
2671 break;
2672 case RUN_STATE_PAUSED:
2673 trace_gdbstub_hit_paused();
2674 ret = GDB_SIGNAL_INT;
2675 break;
2676 case RUN_STATE_SHUTDOWN:
2677 trace_gdbstub_hit_shutdown();
2678 ret = GDB_SIGNAL_QUIT;
2679 break;
2680 case RUN_STATE_IO_ERROR:
2681 trace_gdbstub_hit_io_error();
2682 ret = GDB_SIGNAL_IO;
2683 break;
2684 case RUN_STATE_WATCHDOG:
2685 trace_gdbstub_hit_watchdog();
2686 ret = GDB_SIGNAL_ALRM;
2687 break;
2688 case RUN_STATE_INTERNAL_ERROR:
2689 trace_gdbstub_hit_internal_error();
2690 ret = GDB_SIGNAL_ABRT;
2691 break;
2692 case RUN_STATE_SAVE_VM:
2693 case RUN_STATE_RESTORE_VM:
2694 return;
2695 case RUN_STATE_FINISH_MIGRATE:
2696 ret = GDB_SIGNAL_XCPU;
2697 break;
2698 default:
2699 trace_gdbstub_hit_unknown(state);
2700 ret = GDB_SIGNAL_UNKNOWN;
2701 break;
2702 }
2703 gdb_set_stop_cpu(cpu);
2704 snprintf(buf, sizeof(buf), "T%02xthread:%s;", ret, thread_id);
2705
2706 send_packet:
2707 put_packet(s, buf);
2708
2709 /* disable single step if it was enabled */
2710 cpu_single_step(cpu, 0);
2711 }
2712 #endif
2713
2714 /* Send a gdb syscall request.
2715 This accepts limited printf-style format specifiers, specifically:
2716 %x - target_ulong argument printed in hex.
2717 %lx - 64-bit argument printed in hex.
2718 %s - string pointer (target_ulong) and length (int) pair. */
gdb_do_syscallv(gdb_syscall_complete_cb cb,const char * fmt,va_list va)2719 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2720 {
2721 char *p;
2722 char *p_end;
2723 target_ulong addr;
2724 uint64_t i64;
2725 GDBState *s;
2726
2727 s = gdbserver_state;
2728 if (!s)
2729 return;
2730 s->current_syscall_cb = cb;
2731 #ifndef CONFIG_USER_ONLY
2732 vm_stop(RUN_STATE_DEBUG);
2733 #endif
2734 p = s->syscall_buf;
2735 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
2736 *(p++) = 'F';
2737 while (*fmt) {
2738 if (*fmt == '%') {
2739 fmt++;
2740 switch (*fmt++) {
2741 case 'x':
2742 addr = va_arg(va, target_ulong);
2743 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2744 break;
2745 case 'l':
2746 if (*(fmt++) != 'x')
2747 goto bad_format;
2748 i64 = va_arg(va, uint64_t);
2749 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2750 break;
2751 case 's':
2752 addr = va_arg(va, target_ulong);
2753 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2754 addr, va_arg(va, int));
2755 break;
2756 default:
2757 bad_format:
2758 error_report("gdbstub: Bad syscall format string '%s'",
2759 fmt - 1);
2760 break;
2761 }
2762 } else {
2763 *(p++) = *(fmt++);
2764 }
2765 }
2766 *p = 0;
2767 #ifdef CONFIG_USER_ONLY
2768 put_packet(s, s->syscall_buf);
2769 /* Return control to gdb for it to process the syscall request.
2770 * Since the protocol requires that gdb hands control back to us
2771 * using a "here are the results" F packet, we don't need to check
2772 * gdb_handlesig's return value (which is the signal to deliver if
2773 * execution was resumed via a continue packet).
2774 */
2775 gdb_handlesig(s->c_cpu, 0);
2776 #else
2777 /* In this case wait to send the syscall packet until notification that
2778 the CPU has stopped. This must be done because if the packet is sent
2779 now the reply from the syscall request could be received while the CPU
2780 is still in the running state, which can cause packets to be dropped
2781 and state transition 'T' packets to be sent while the syscall is still
2782 being processed. */
2783 qemu_cpu_kick(s->c_cpu);
2784 #endif
2785 }
2786
gdb_do_syscall(gdb_syscall_complete_cb cb,const char * fmt,...)2787 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2788 {
2789 va_list va;
2790
2791 va_start(va, fmt);
2792 gdb_do_syscallv(cb, fmt, va);
2793 va_end(va);
2794 }
2795
gdb_read_byte(GDBState * s,uint8_t ch)2796 static void gdb_read_byte(GDBState *s, uint8_t ch)
2797 {
2798 uint8_t reply;
2799
2800 #ifndef CONFIG_USER_ONLY
2801 if (s->last_packet_len) {
2802 /* Waiting for a response to the last packet. If we see the start
2803 of a new command then abandon the previous response. */
2804 if (ch == '-') {
2805 trace_gdbstub_err_got_nack();
2806 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2807 } else if (ch == '+') {
2808 trace_gdbstub_io_got_ack();
2809 } else {
2810 trace_gdbstub_io_got_unexpected(ch);
2811 }
2812
2813 if (ch == '+' || ch == '$')
2814 s->last_packet_len = 0;
2815 if (ch != '$')
2816 return;
2817 }
2818 if (runstate_is_running()) {
2819 /* when the CPU is running, we cannot do anything except stop
2820 it when receiving a char */
2821 vm_stop(RUN_STATE_PAUSED);
2822 } else
2823 #endif
2824 {
2825 switch(s->state) {
2826 case RS_IDLE:
2827 if (ch == '$') {
2828 /* start of command packet */
2829 s->line_buf_index = 0;
2830 s->line_sum = 0;
2831 s->state = RS_GETLINE;
2832 } else {
2833 trace_gdbstub_err_garbage(ch);
2834 }
2835 break;
2836 case RS_GETLINE:
2837 if (ch == '}') {
2838 /* start escape sequence */
2839 s->state = RS_GETLINE_ESC;
2840 s->line_sum += ch;
2841 } else if (ch == '*') {
2842 /* start run length encoding sequence */
2843 s->state = RS_GETLINE_RLE;
2844 s->line_sum += ch;
2845 } else if (ch == '#') {
2846 /* end of command, start of checksum*/
2847 s->state = RS_CHKSUM1;
2848 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2849 trace_gdbstub_err_overrun();
2850 s->state = RS_IDLE;
2851 } else {
2852 /* unescaped command character */
2853 s->line_buf[s->line_buf_index++] = ch;
2854 s->line_sum += ch;
2855 }
2856 break;
2857 case RS_GETLINE_ESC:
2858 if (ch == '#') {
2859 /* unexpected end of command in escape sequence */
2860 s->state = RS_CHKSUM1;
2861 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2862 /* command buffer overrun */
2863 trace_gdbstub_err_overrun();
2864 s->state = RS_IDLE;
2865 } else {
2866 /* parse escaped character and leave escape state */
2867 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
2868 s->line_sum += ch;
2869 s->state = RS_GETLINE;
2870 }
2871 break;
2872 case RS_GETLINE_RLE:
2873 /*
2874 * Run-length encoding is explained in "Debugging with GDB /
2875 * Appendix E GDB Remote Serial Protocol / Overview".
2876 */
2877 if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2878 /* invalid RLE count encoding */
2879 trace_gdbstub_err_invalid_repeat(ch);
2880 s->state = RS_GETLINE;
2881 } else {
2882 /* decode repeat length */
2883 int repeat = ch - ' ' + 3;
2884 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
2885 /* that many repeats would overrun the command buffer */
2886 trace_gdbstub_err_overrun();
2887 s->state = RS_IDLE;
2888 } else if (s->line_buf_index < 1) {
2889 /* got a repeat but we have nothing to repeat */
2890 trace_gdbstub_err_invalid_rle();
2891 s->state = RS_GETLINE;
2892 } else {
2893 /* repeat the last character */
2894 memset(s->line_buf + s->line_buf_index,
2895 s->line_buf[s->line_buf_index - 1], repeat);
2896 s->line_buf_index += repeat;
2897 s->line_sum += ch;
2898 s->state = RS_GETLINE;
2899 }
2900 }
2901 break;
2902 case RS_CHKSUM1:
2903 /* get high hex digit of checksum */
2904 if (!isxdigit(ch)) {
2905 trace_gdbstub_err_checksum_invalid(ch);
2906 s->state = RS_GETLINE;
2907 break;
2908 }
2909 s->line_buf[s->line_buf_index] = '\0';
2910 s->line_csum = fromhex(ch) << 4;
2911 s->state = RS_CHKSUM2;
2912 break;
2913 case RS_CHKSUM2:
2914 /* get low hex digit of checksum */
2915 if (!isxdigit(ch)) {
2916 trace_gdbstub_err_checksum_invalid(ch);
2917 s->state = RS_GETLINE;
2918 break;
2919 }
2920 s->line_csum |= fromhex(ch);
2921
2922 if (s->line_csum != (s->line_sum & 0xff)) {
2923 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
2924 /* send NAK reply */
2925 reply = '-';
2926 put_buffer(s, &reply, 1);
2927 s->state = RS_IDLE;
2928 } else {
2929 /* send ACK reply */
2930 reply = '+';
2931 put_buffer(s, &reply, 1);
2932 s->state = gdb_handle_packet(s, s->line_buf);
2933 }
2934 break;
2935 default:
2936 abort();
2937 }
2938 }
2939 }
2940
2941 /* Tell the remote gdb that the process has exited. */
gdb_exit(CPUArchState * env,int code)2942 void gdb_exit(CPUArchState *env, int code)
2943 {
2944 GDBState *s;
2945 char buf[4];
2946
2947 s = gdbserver_state;
2948 if (!s) {
2949 return;
2950 }
2951 #ifdef CONFIG_USER_ONLY
2952 if (gdbserver_fd < 0 || s->fd < 0) {
2953 return;
2954 }
2955 #endif
2956
2957 trace_gdbstub_op_exiting((uint8_t)code);
2958
2959 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2960 put_packet(s, buf);
2961
2962 #ifndef CONFIG_USER_ONLY
2963 qemu_chr_fe_deinit(&s->chr, true);
2964 #endif
2965 }
2966
2967 /*
2968 * Create the process that will contain all the "orphan" CPUs (that are not
2969 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2970 * be attachable and thus will be invisible to the user.
2971 */
create_default_process(GDBState * s)2972 static void create_default_process(GDBState *s)
2973 {
2974 GDBProcess *process;
2975 int max_pid = 0;
2976
2977 if (s->process_num) {
2978 max_pid = s->processes[s->process_num - 1].pid;
2979 }
2980
2981 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2982 process = &s->processes[s->process_num - 1];
2983
2984 /* We need an available PID slot for this process */
2985 assert(max_pid < UINT32_MAX);
2986
2987 process->pid = max_pid + 1;
2988 process->attached = false;
2989 process->target_xml[0] = '\0';
2990 }
2991
2992 #ifdef CONFIG_USER_ONLY
2993 int
gdb_handlesig(CPUState * cpu,int sig)2994 gdb_handlesig(CPUState *cpu, int sig)
2995 {
2996 GDBState *s;
2997 char buf[256];
2998 int n;
2999
3000 s = gdbserver_state;
3001 if (gdbserver_fd < 0 || s->fd < 0) {
3002 return sig;
3003 }
3004
3005 /* disable single step if it was enabled */
3006 cpu_single_step(cpu, 0);
3007 tb_flush(cpu);
3008
3009 if (sig != 0) {
3010 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
3011 put_packet(s, buf);
3012 }
3013 /* put_packet() might have detected that the peer terminated the
3014 connection. */
3015 if (s->fd < 0) {
3016 return sig;
3017 }
3018
3019 sig = 0;
3020 s->state = RS_IDLE;
3021 s->running_state = 0;
3022 while (s->running_state == 0) {
3023 n = read(s->fd, buf, 256);
3024 if (n > 0) {
3025 int i;
3026
3027 for (i = 0; i < n; i++) {
3028 gdb_read_byte(s, buf[i]);
3029 }
3030 } else {
3031 /* XXX: Connection closed. Should probably wait for another
3032 connection before continuing. */
3033 if (n == 0) {
3034 close(s->fd);
3035 }
3036 s->fd = -1;
3037 return sig;
3038 }
3039 }
3040 sig = s->signal;
3041 s->signal = 0;
3042 return sig;
3043 }
3044
3045 /* Tell the remote gdb that the process has exited due to SIG. */
gdb_signalled(CPUArchState * env,int sig)3046 void gdb_signalled(CPUArchState *env, int sig)
3047 {
3048 GDBState *s;
3049 char buf[4];
3050
3051 s = gdbserver_state;
3052 if (gdbserver_fd < 0 || s->fd < 0) {
3053 return;
3054 }
3055
3056 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
3057 put_packet(s, buf);
3058 }
3059
gdb_accept(void)3060 static bool gdb_accept(void)
3061 {
3062 GDBState *s;
3063 struct sockaddr_in sockaddr;
3064 socklen_t len;
3065 int fd;
3066
3067 for(;;) {
3068 len = sizeof(sockaddr);
3069 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
3070 if (fd < 0 && errno != EINTR) {
3071 perror("accept");
3072 return false;
3073 } else if (fd >= 0) {
3074 qemu_set_cloexec(fd);
3075 break;
3076 }
3077 }
3078
3079 /* set short latency */
3080 if (socket_set_nodelay(fd)) {
3081 perror("setsockopt");
3082 close(fd);
3083 return false;
3084 }
3085
3086 s = g_malloc0(sizeof(GDBState));
3087 create_default_process(s);
3088 s->processes[0].attached = true;
3089 s->c_cpu = gdb_first_attached_cpu(s);
3090 s->g_cpu = s->c_cpu;
3091 s->fd = fd;
3092 gdb_has_xml = false;
3093
3094 gdbserver_state = s;
3095 return true;
3096 }
3097
gdbserver_open(int port)3098 static int gdbserver_open(int port)
3099 {
3100 struct sockaddr_in sockaddr;
3101 int fd, ret;
3102
3103 fd = socket(PF_INET, SOCK_STREAM, 0);
3104 if (fd < 0) {
3105 perror("socket");
3106 return -1;
3107 }
3108 qemu_set_cloexec(fd);
3109
3110 socket_set_fast_reuse(fd);
3111
3112 sockaddr.sin_family = AF_INET;
3113 sockaddr.sin_port = htons(port);
3114 sockaddr.sin_addr.s_addr = 0;
3115 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
3116 if (ret < 0) {
3117 perror("bind");
3118 close(fd);
3119 return -1;
3120 }
3121 ret = listen(fd, 1);
3122 if (ret < 0) {
3123 perror("listen");
3124 close(fd);
3125 return -1;
3126 }
3127 return fd;
3128 }
3129
gdbserver_start(int port)3130 int gdbserver_start(int port)
3131 {
3132 gdbserver_fd = gdbserver_open(port);
3133 if (gdbserver_fd < 0)
3134 return -1;
3135 /* accept connections */
3136 if (!gdb_accept()) {
3137 close(gdbserver_fd);
3138 gdbserver_fd = -1;
3139 return -1;
3140 }
3141 return 0;
3142 }
3143
3144 /* Disable gdb stub for child processes. */
gdbserver_fork(CPUState * cpu)3145 void gdbserver_fork(CPUState *cpu)
3146 {
3147 GDBState *s = gdbserver_state;
3148
3149 if (gdbserver_fd < 0 || s->fd < 0) {
3150 return;
3151 }
3152 close(s->fd);
3153 s->fd = -1;
3154 cpu_breakpoint_remove_all(cpu, BP_GDB);
3155 cpu_watchpoint_remove_all(cpu, BP_GDB);
3156 }
3157 #else
gdb_chr_can_receive(void * opaque)3158 static int gdb_chr_can_receive(void *opaque)
3159 {
3160 /* We can handle an arbitrarily large amount of data.
3161 Pick the maximum packet size, which is as good as anything. */
3162 return MAX_PACKET_LENGTH;
3163 }
3164
gdb_chr_receive(void * opaque,const uint8_t * buf,int size)3165 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
3166 {
3167 int i;
3168
3169 for (i = 0; i < size; i++) {
3170 gdb_read_byte(gdbserver_state, buf[i]);
3171 }
3172 }
3173
gdb_chr_event(void * opaque,int event)3174 static void gdb_chr_event(void *opaque, int event)
3175 {
3176 int i;
3177 GDBState *s = (GDBState *) opaque;
3178
3179 switch (event) {
3180 case CHR_EVENT_OPENED:
3181 /* Start with first process attached, others detached */
3182 for (i = 0; i < s->process_num; i++) {
3183 s->processes[i].attached = !i;
3184 }
3185
3186 s->c_cpu = gdb_first_attached_cpu(s);
3187 s->g_cpu = s->c_cpu;
3188
3189 vm_stop(RUN_STATE_PAUSED);
3190 gdb_has_xml = false;
3191 break;
3192 default:
3193 break;
3194 }
3195 }
3196
gdb_monitor_output(GDBState * s,const char * msg,int len)3197 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
3198 {
3199 char buf[MAX_PACKET_LENGTH];
3200
3201 buf[0] = 'O';
3202 if (len > (MAX_PACKET_LENGTH/2) - 1)
3203 len = (MAX_PACKET_LENGTH/2) - 1;
3204 memtohex(buf + 1, (uint8_t *)msg, len);
3205 put_packet(s, buf);
3206 }
3207
gdb_monitor_write(Chardev * chr,const uint8_t * buf,int len)3208 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
3209 {
3210 const char *p = (const char *)buf;
3211 int max_sz;
3212
3213 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
3214 for (;;) {
3215 if (len <= max_sz) {
3216 gdb_monitor_output(gdbserver_state, p, len);
3217 break;
3218 }
3219 gdb_monitor_output(gdbserver_state, p, max_sz);
3220 p += max_sz;
3221 len -= max_sz;
3222 }
3223 return len;
3224 }
3225
3226 #ifndef _WIN32
gdb_sigterm_handler(int signal)3227 static void gdb_sigterm_handler(int signal)
3228 {
3229 if (runstate_is_running()) {
3230 vm_stop(RUN_STATE_PAUSED);
3231 }
3232 }
3233 #endif
3234
gdb_monitor_open(Chardev * chr,ChardevBackend * backend,bool * be_opened,Error ** errp)3235 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
3236 bool *be_opened, Error **errp)
3237 {
3238 *be_opened = false;
3239 }
3240
char_gdb_class_init(ObjectClass * oc,void * data)3241 static void char_gdb_class_init(ObjectClass *oc, void *data)
3242 {
3243 ChardevClass *cc = CHARDEV_CLASS(oc);
3244
3245 cc->internal = true;
3246 cc->open = gdb_monitor_open;
3247 cc->chr_write = gdb_monitor_write;
3248 }
3249
3250 #define TYPE_CHARDEV_GDB "chardev-gdb"
3251
3252 static const TypeInfo char_gdb_type_info = {
3253 .name = TYPE_CHARDEV_GDB,
3254 .parent = TYPE_CHARDEV,
3255 .class_init = char_gdb_class_init,
3256 };
3257
find_cpu_clusters(Object * child,void * opaque)3258 static int find_cpu_clusters(Object *child, void *opaque)
3259 {
3260 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
3261 GDBState *s = (GDBState *) opaque;
3262 CPUClusterState *cluster = CPU_CLUSTER(child);
3263 GDBProcess *process;
3264
3265 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
3266
3267 process = &s->processes[s->process_num - 1];
3268
3269 /*
3270 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
3271 * runtime, we enforce here that the machine does not use a cluster ID
3272 * that would lead to PID 0.
3273 */
3274 assert(cluster->cluster_id != UINT32_MAX);
3275 process->pid = cluster->cluster_id + 1;
3276 process->attached = false;
3277 process->target_xml[0] = '\0';
3278
3279 return 0;
3280 }
3281
3282 return object_child_foreach(child, find_cpu_clusters, opaque);
3283 }
3284
pid_order(const void * a,const void * b)3285 static int pid_order(const void *a, const void *b)
3286 {
3287 GDBProcess *pa = (GDBProcess *) a;
3288 GDBProcess *pb = (GDBProcess *) b;
3289
3290 if (pa->pid < pb->pid) {
3291 return -1;
3292 } else if (pa->pid > pb->pid) {
3293 return 1;
3294 } else {
3295 return 0;
3296 }
3297 }
3298
create_processes(GDBState * s)3299 static void create_processes(GDBState *s)
3300 {
3301 object_child_foreach(object_get_root(), find_cpu_clusters, s);
3302
3303 if (s->processes) {
3304 /* Sort by PID */
3305 qsort(s->processes, s->process_num, sizeof(s->processes[0]), pid_order);
3306 }
3307
3308 create_default_process(s);
3309 }
3310
cleanup_processes(GDBState * s)3311 static void cleanup_processes(GDBState *s)
3312 {
3313 g_free(s->processes);
3314 s->process_num = 0;
3315 s->processes = NULL;
3316 }
3317
gdbserver_start(const char * device)3318 int gdbserver_start(const char *device)
3319 {
3320 trace_gdbstub_op_start(device);
3321
3322 GDBState *s;
3323 char gdbstub_device_name[128];
3324 Chardev *chr = NULL;
3325 Chardev *mon_chr;
3326
3327 if (!first_cpu) {
3328 error_report("gdbstub: meaningless to attach gdb to a "
3329 "machine without any CPU.");
3330 return -1;
3331 }
3332
3333 if (!device)
3334 return -1;
3335 if (strcmp(device, "none") != 0) {
3336 if (strstart(device, "tcp:", NULL)) {
3337 /* enforce required TCP attributes */
3338 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3339 "%s,nowait,nodelay,server", device);
3340 device = gdbstub_device_name;
3341 }
3342 #ifndef _WIN32
3343 else if (strcmp(device, "stdio") == 0) {
3344 struct sigaction act;
3345
3346 memset(&act, 0, sizeof(act));
3347 act.sa_handler = gdb_sigterm_handler;
3348 sigaction(SIGINT, &act, NULL);
3349 }
3350 #endif
3351 /*
3352 * FIXME: it's a bit weird to allow using a mux chardev here
3353 * and implicitly setup a monitor. We may want to break this.
3354 */
3355 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
3356 if (!chr)
3357 return -1;
3358 }
3359
3360 s = gdbserver_state;
3361 if (!s) {
3362 s = g_malloc0(sizeof(GDBState));
3363 gdbserver_state = s;
3364
3365 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3366
3367 /* Initialize a monitor terminal for gdb */
3368 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
3369 NULL, NULL, &error_abort);
3370 monitor_init_hmp(mon_chr, false);
3371 } else {
3372 qemu_chr_fe_deinit(&s->chr, true);
3373 mon_chr = s->mon_chr;
3374 cleanup_processes(s);
3375 memset(s, 0, sizeof(GDBState));
3376 s->mon_chr = mon_chr;
3377 }
3378
3379 create_processes(s);
3380
3381 if (chr) {
3382 qemu_chr_fe_init(&s->chr, chr, &error_abort);
3383 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
3384 gdb_chr_event, NULL, s, NULL, true);
3385 }
3386 s->state = chr ? RS_IDLE : RS_INACTIVE;
3387 s->mon_chr = mon_chr;
3388 s->current_syscall_cb = NULL;
3389
3390 return 0;
3391 }
3392
gdbserver_cleanup(void)3393 void gdbserver_cleanup(void)
3394 {
3395 if (gdbserver_state) {
3396 put_packet(gdbserver_state, "W00");
3397 }
3398 }
3399
register_types(void)3400 static void register_types(void)
3401 {
3402 type_register_static(&char_gdb_type_info);
3403 }
3404
3405 type_init(register_types);
3406 #endif
3407