1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Kernel Debug Core 4 * 5 * Maintainer: Jason Wessel <jason.wessel@windriver.com> 6 * 7 * Copyright (C) 2000-2001 VERITAS Software Corporation. 8 * Copyright (C) 2002-2004 Timesys Corporation 9 * Copyright (C) 2003-2004 Amit S. Kale <amitkale@linsyssoft.com> 10 * Copyright (C) 2004 Pavel Machek <pavel@ucw.cz> 11 * Copyright (C) 2004-2006 Tom Rini <trini@kernel.crashing.org> 12 * Copyright (C) 2004-2006 LinSysSoft Technologies Pvt. Ltd. 13 * Copyright (C) 2005-2009 Wind River Systems, Inc. 14 * Copyright (C) 2007 MontaVista Software, Inc. 15 * Copyright (C) 2008 Red Hat, Inc., Ingo Molnar <mingo@redhat.com> 16 * 17 * Contributors at various stages not listed above: 18 * Jason Wessel ( jason.wessel@windriver.com ) 19 * George Anzinger <george@mvista.com> 20 * Anurekh Saxena (anurekh.saxena@timesys.com) 21 * Lake Stevens Instrument Division (Glenn Engel) 22 * Jim Kingdon, Cygnus Support. 23 * 24 * Original KGDB stub: David Grothe <dave@gcom.com>, 25 * Tigran Aivazian <tigran@sco.com> 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched/signal.h> 30 #include <linux/kgdb.h> 31 #include <linux/kdb.h> 32 #include <linux/serial_core.h> 33 #include <linux/string.h> 34 #include <linux/reboot.h> 35 #include <linux/uaccess.h> 36 #include <asm/cacheflush.h> 37 #include <linux/unaligned.h> 38 #include "debug_core.h" 39 40 #define KGDB_MAX_THREAD_QUERY 17 41 42 /* Our I/O buffers. */ 43 static char remcom_in_buffer[BUFMAX]; 44 static char remcom_out_buffer[BUFMAX]; 45 static int gdbstub_use_prev_in_buf; 46 static int gdbstub_prev_in_buf_pos; 47 48 /* Storage for the registers, in GDB format. */ 49 static unsigned long gdb_regs[(NUMREGBYTES + 50 sizeof(unsigned long) - 1) / 51 sizeof(unsigned long)]; 52 53 /* 54 * GDB remote protocol parser: 55 */ 56 57 #ifdef CONFIG_KGDB_KDB 58 static int gdbstub_read_wait(void) 59 { 60 int ret = -1; 61 int i; 62 63 if (unlikely(gdbstub_use_prev_in_buf)) { 64 if (gdbstub_prev_in_buf_pos < gdbstub_use_prev_in_buf) 65 return remcom_in_buffer[gdbstub_prev_in_buf_pos++]; 66 else 67 gdbstub_use_prev_in_buf = 0; 68 } 69 70 /* poll any additional I/O interfaces that are defined */ 71 while (ret < 0) 72 for (i = 0; kdb_poll_funcs[i] != NULL; i++) { 73 ret = kdb_poll_funcs[i](); 74 if (ret > 0) 75 break; 76 } 77 return ret; 78 } 79 #else 80 static int gdbstub_read_wait(void) 81 { 82 int ret = dbg_io_ops->read_char(); 83 while (ret == NO_POLL_CHAR) 84 ret = dbg_io_ops->read_char(); 85 return ret; 86 } 87 #endif 88 /* scan for the sequence $<data>#<checksum> */ 89 static void get_packet(char *buffer) 90 { 91 unsigned char checksum; 92 unsigned char xmitcsum; 93 int count; 94 char ch; 95 96 do { 97 /* 98 * Spin and wait around for the start character, ignore all 99 * other characters: 100 */ 101 while ((ch = (gdbstub_read_wait())) != '$') 102 /* nothing */; 103 104 kgdb_connected = 1; 105 checksum = 0; 106 xmitcsum = -1; 107 108 count = 0; 109 110 /* 111 * now, read until a # or end of buffer is found: 112 */ 113 while (count < (BUFMAX - 1)) { 114 ch = gdbstub_read_wait(); 115 if (ch == '#') 116 break; 117 checksum = checksum + ch; 118 buffer[count] = ch; 119 count = count + 1; 120 } 121 122 if (ch == '#') { 123 xmitcsum = hex_to_bin(gdbstub_read_wait()) << 4; 124 xmitcsum += hex_to_bin(gdbstub_read_wait()); 125 126 if (checksum != xmitcsum) 127 /* failed checksum */ 128 dbg_io_ops->write_char('-'); 129 else 130 /* successful transfer */ 131 dbg_io_ops->write_char('+'); 132 if (dbg_io_ops->flush) 133 dbg_io_ops->flush(); 134 } 135 buffer[count] = 0; 136 } while (checksum != xmitcsum); 137 } 138 139 /* 140 * Send the packet in buffer. 141 * Check for gdb connection if asked for. 142 */ 143 static void put_packet(char *buffer) 144 { 145 unsigned char checksum; 146 int count; 147 char ch; 148 149 /* 150 * $<packet info>#<checksum>. 151 */ 152 while (1) { 153 dbg_io_ops->write_char('$'); 154 checksum = 0; 155 count = 0; 156 157 while ((ch = buffer[count])) { 158 dbg_io_ops->write_char(ch); 159 checksum += ch; 160 count++; 161 } 162 163 dbg_io_ops->write_char('#'); 164 dbg_io_ops->write_char(hex_asc_hi(checksum)); 165 dbg_io_ops->write_char(hex_asc_lo(checksum)); 166 if (dbg_io_ops->flush) 167 dbg_io_ops->flush(); 168 169 /* Now see what we get in reply. */ 170 ch = gdbstub_read_wait(); 171 172 if (ch == 3) 173 ch = gdbstub_read_wait(); 174 175 /* If we get an ACK, we are done. */ 176 if (ch == '+') 177 return; 178 179 /* 180 * If we get the start of another packet, this means 181 * that GDB is attempting to reconnect. We will NAK 182 * the packet being sent, and stop trying to send this 183 * packet. 184 */ 185 if (ch == '$') { 186 dbg_io_ops->write_char('-'); 187 if (dbg_io_ops->flush) 188 dbg_io_ops->flush(); 189 return; 190 } 191 } 192 } 193 194 static char gdbmsgbuf[BUFMAX + 1]; 195 196 void gdbstub_msg_write(const char *s, int len) 197 { 198 char *bufptr; 199 int wcount; 200 int i; 201 202 if (len == 0) 203 len = strlen(s); 204 205 /* 'O'utput */ 206 gdbmsgbuf[0] = 'O'; 207 208 /* Fill and send buffers... */ 209 while (len > 0) { 210 bufptr = gdbmsgbuf + 1; 211 212 /* Calculate how many this time */ 213 if ((len << 1) > (BUFMAX - 2)) 214 wcount = (BUFMAX - 2) >> 1; 215 else 216 wcount = len; 217 218 /* Pack in hex chars */ 219 for (i = 0; i < wcount; i++) 220 bufptr = hex_byte_pack(bufptr, s[i]); 221 *bufptr = '\0'; 222 223 /* Move up */ 224 s += wcount; 225 len -= wcount; 226 227 /* Write packet */ 228 put_packet(gdbmsgbuf); 229 } 230 } 231 232 /* 233 * Convert the memory pointed to by mem into hex, placing result in 234 * buf. Return a pointer to the last char put in buf (null). May 235 * return an error. 236 */ 237 char *kgdb_mem2hex(char *mem, char *buf, int count) 238 { 239 char *tmp; 240 int err; 241 242 /* 243 * We use the upper half of buf as an intermediate buffer for the 244 * raw memory copy. Hex conversion will work against this one. 245 */ 246 tmp = buf + count; 247 248 err = copy_from_kernel_nofault(tmp, mem, count); 249 if (err) 250 return NULL; 251 while (count > 0) { 252 buf = hex_byte_pack(buf, *tmp); 253 tmp++; 254 count--; 255 } 256 *buf = 0; 257 258 return buf; 259 } 260 261 /* 262 * Convert the hex array pointed to by buf into binary to be placed in 263 * mem. Return a pointer to the character AFTER the last byte 264 * written. May return an error. 265 */ 266 int kgdb_hex2mem(char *buf, char *mem, int count) 267 { 268 char *tmp_raw; 269 char *tmp_hex; 270 271 /* 272 * We use the upper half of buf as an intermediate buffer for the 273 * raw memory that is converted from hex. 274 */ 275 tmp_raw = buf + count * 2; 276 277 tmp_hex = tmp_raw - 1; 278 while (tmp_hex >= buf) { 279 tmp_raw--; 280 *tmp_raw = hex_to_bin(*tmp_hex--); 281 *tmp_raw |= hex_to_bin(*tmp_hex--) << 4; 282 } 283 284 return copy_to_kernel_nofault(mem, tmp_raw, count); 285 } 286 287 /* 288 * While we find nice hex chars, build a long_val. 289 * Return number of chars processed. 290 */ 291 int kgdb_hex2long(char **ptr, unsigned long *long_val) 292 { 293 int hex_val; 294 int num = 0; 295 int negate = 0; 296 297 *long_val = 0; 298 299 if (**ptr == '-') { 300 negate = 1; 301 (*ptr)++; 302 } 303 while (**ptr) { 304 hex_val = hex_to_bin(**ptr); 305 if (hex_val < 0) 306 break; 307 308 *long_val = (*long_val << 4) | hex_val; 309 num++; 310 (*ptr)++; 311 } 312 313 if (negate) 314 *long_val = -*long_val; 315 316 return num; 317 } 318 319 /* 320 * Copy the binary array pointed to by buf into mem. Fix $, #, and 321 * 0x7d escaped with 0x7d. Return -EFAULT on failure or 0 on success. 322 * The input buf is overwritten with the result to write to mem. 323 */ 324 static int kgdb_ebin2mem(char *buf, char *mem, int count) 325 { 326 int size = 0; 327 char *c = buf; 328 329 while (count-- > 0) { 330 c[size] = *buf++; 331 if (c[size] == 0x7d) 332 c[size] = *buf++ ^ 0x20; 333 size++; 334 } 335 336 return copy_to_kernel_nofault(mem, c, size); 337 } 338 339 #if DBG_MAX_REG_NUM > 0 340 void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs) 341 { 342 int i; 343 int idx = 0; 344 char *ptr = (char *)gdb_regs; 345 346 for (i = 0; i < DBG_MAX_REG_NUM; i++) { 347 dbg_get_reg(i, ptr + idx, regs); 348 idx += dbg_reg_def[i].size; 349 } 350 } 351 352 void gdb_regs_to_pt_regs(unsigned long *gdb_regs, struct pt_regs *regs) 353 { 354 int i; 355 int idx = 0; 356 char *ptr = (char *)gdb_regs; 357 358 for (i = 0; i < DBG_MAX_REG_NUM; i++) { 359 dbg_set_reg(i, ptr + idx, regs); 360 idx += dbg_reg_def[i].size; 361 } 362 } 363 #endif /* DBG_MAX_REG_NUM > 0 */ 364 365 /* Write memory due to an 'M' or 'X' packet. */ 366 static int write_mem_msg(int binary) 367 { 368 char *ptr = &remcom_in_buffer[1]; 369 unsigned long addr; 370 unsigned long length; 371 int err; 372 373 if (kgdb_hex2long(&ptr, &addr) > 0 && *(ptr++) == ',' && 374 kgdb_hex2long(&ptr, &length) > 0 && *(ptr++) == ':') { 375 if (binary) 376 err = kgdb_ebin2mem(ptr, (char *)addr, length); 377 else 378 err = kgdb_hex2mem(ptr, (char *)addr, length); 379 if (err) 380 return err; 381 if (CACHE_FLUSH_IS_SAFE) 382 flush_icache_range(addr, addr + length); 383 return 0; 384 } 385 386 return -EINVAL; 387 } 388 389 static void error_packet(char *pkt, int error) 390 { 391 error = -error; 392 pkt[0] = 'E'; 393 pkt[1] = hex_asc[(error / 10)]; 394 pkt[2] = hex_asc[(error % 10)]; 395 pkt[3] = '\0'; 396 } 397 398 /* 399 * Thread ID accessors. We represent a flat TID space to GDB, where 400 * the per CPU idle threads (which under Linux all have PID 0) are 401 * remapped to negative TIDs. 402 */ 403 404 #define BUF_THREAD_ID_SIZE 8 405 406 static char *pack_threadid(char *pkt, unsigned char *id) 407 { 408 unsigned char *limit; 409 int lzero = 1; 410 411 limit = id + (BUF_THREAD_ID_SIZE / 2); 412 while (id < limit) { 413 if (!lzero || *id != 0) { 414 pkt = hex_byte_pack(pkt, *id); 415 lzero = 0; 416 } 417 id++; 418 } 419 420 if (lzero) 421 pkt = hex_byte_pack(pkt, 0); 422 423 return pkt; 424 } 425 426 static void int_to_threadref(unsigned char *id, int value) 427 { 428 put_unaligned_be32(value, id); 429 } 430 431 static struct task_struct *getthread(struct pt_regs *regs, int tid) 432 { 433 /* 434 * Non-positive TIDs are remapped to the cpu shadow information 435 */ 436 if (tid == 0 || tid == -1) 437 tid = -atomic_read(&kgdb_active) - 2; 438 if (tid < -1 && tid > -NR_CPUS - 2) { 439 if (kgdb_info[-tid - 2].task) 440 return kgdb_info[-tid - 2].task; 441 else 442 return idle_task(-tid - 2); 443 } 444 if (tid <= 0) { 445 printk(KERN_ERR "KGDB: Internal thread select error\n"); 446 dump_stack(); 447 return NULL; 448 } 449 450 /* 451 * find_task_by_pid_ns() does not take the tasklist lock anymore 452 * but is nicely RCU locked - hence is a pretty resilient 453 * thing to use: 454 */ 455 return find_task_by_pid_ns(tid, &init_pid_ns); 456 } 457 458 459 /* 460 * Remap normal tasks to their real PID, 461 * CPU shadow threads are mapped to -CPU - 2 462 */ 463 static inline int shadow_pid(int realpid) 464 { 465 if (realpid) 466 return realpid; 467 468 return -raw_smp_processor_id() - 2; 469 } 470 471 /* 472 * All the functions that start with gdb_cmd are the various 473 * operations to implement the handlers for the gdbserial protocol 474 * where KGDB is communicating with an external debugger 475 */ 476 477 /* Handle the '?' status packets */ 478 static void gdb_cmd_status(struct kgdb_state *ks) 479 { 480 /* 481 * We know that this packet is only sent 482 * during initial connect. So to be safe, 483 * we clear out our breakpoints now in case 484 * GDB is reconnecting. 485 */ 486 dbg_remove_all_break(); 487 488 remcom_out_buffer[0] = 'S'; 489 hex_byte_pack(&remcom_out_buffer[1], ks->signo); 490 } 491 492 static void gdb_get_regs_helper(struct kgdb_state *ks) 493 { 494 struct task_struct *thread; 495 void *local_debuggerinfo; 496 int i; 497 498 thread = kgdb_usethread; 499 if (!thread) { 500 thread = kgdb_info[ks->cpu].task; 501 local_debuggerinfo = kgdb_info[ks->cpu].debuggerinfo; 502 } else { 503 local_debuggerinfo = NULL; 504 for_each_online_cpu(i) { 505 /* 506 * Try to find the task on some other 507 * or possibly this node if we do not 508 * find the matching task then we try 509 * to approximate the results. 510 */ 511 if (thread == kgdb_info[i].task) 512 local_debuggerinfo = kgdb_info[i].debuggerinfo; 513 } 514 } 515 516 /* 517 * All threads that don't have debuggerinfo should be 518 * in schedule() sleeping, since all other CPUs 519 * are in kgdb_wait, and thus have debuggerinfo. 520 */ 521 if (local_debuggerinfo) { 522 pt_regs_to_gdb_regs(gdb_regs, local_debuggerinfo); 523 } else { 524 /* 525 * Pull stuff saved during switch_to; nothing 526 * else is accessible (or even particularly 527 * relevant). 528 * 529 * This should be enough for a stack trace. 530 */ 531 sleeping_thread_to_gdb_regs(gdb_regs, thread); 532 } 533 } 534 535 /* Handle the 'g' get registers request */ 536 static void gdb_cmd_getregs(struct kgdb_state *ks) 537 { 538 gdb_get_regs_helper(ks); 539 kgdb_mem2hex((char *)gdb_regs, remcom_out_buffer, NUMREGBYTES); 540 } 541 542 /* Handle the 'G' set registers request */ 543 static void gdb_cmd_setregs(struct kgdb_state *ks) 544 { 545 kgdb_hex2mem(&remcom_in_buffer[1], (char *)gdb_regs, NUMREGBYTES); 546 547 if (kgdb_usethread && kgdb_usethread != current) { 548 error_packet(remcom_out_buffer, -EINVAL); 549 } else { 550 gdb_regs_to_pt_regs(gdb_regs, ks->linux_regs); 551 strscpy(remcom_out_buffer, "OK"); 552 } 553 } 554 555 /* Handle the 'm' memory read bytes */ 556 static void gdb_cmd_memread(struct kgdb_state *ks) 557 { 558 char *ptr = &remcom_in_buffer[1]; 559 unsigned long length; 560 unsigned long addr; 561 char *err; 562 563 if (kgdb_hex2long(&ptr, &addr) > 0 && *ptr++ == ',' && 564 kgdb_hex2long(&ptr, &length) > 0) { 565 err = kgdb_mem2hex((char *)addr, remcom_out_buffer, length); 566 if (!err) 567 error_packet(remcom_out_buffer, -EINVAL); 568 } else { 569 error_packet(remcom_out_buffer, -EINVAL); 570 } 571 } 572 573 /* Handle the 'M' memory write bytes */ 574 static void gdb_cmd_memwrite(struct kgdb_state *ks) 575 { 576 int err = write_mem_msg(0); 577 578 if (err) 579 error_packet(remcom_out_buffer, err); 580 else 581 strscpy(remcom_out_buffer, "OK"); 582 } 583 584 #if DBG_MAX_REG_NUM > 0 585 static char *gdb_hex_reg_helper(int regnum, char *out) 586 { 587 int i; 588 int offset = 0; 589 590 for (i = 0; i < regnum; i++) 591 offset += dbg_reg_def[i].size; 592 return kgdb_mem2hex((char *)gdb_regs + offset, out, 593 dbg_reg_def[i].size); 594 } 595 596 /* Handle the 'p' individual register get */ 597 static void gdb_cmd_reg_get(struct kgdb_state *ks) 598 { 599 unsigned long regnum; 600 char *ptr = &remcom_in_buffer[1]; 601 602 kgdb_hex2long(&ptr, ®num); 603 if (regnum >= DBG_MAX_REG_NUM) { 604 error_packet(remcom_out_buffer, -EINVAL); 605 return; 606 } 607 gdb_get_regs_helper(ks); 608 gdb_hex_reg_helper(regnum, remcom_out_buffer); 609 } 610 611 /* Handle the 'P' individual register set */ 612 static void gdb_cmd_reg_set(struct kgdb_state *ks) 613 { 614 unsigned long regnum; 615 char *ptr = &remcom_in_buffer[1]; 616 int i = 0; 617 618 kgdb_hex2long(&ptr, ®num); 619 if (*ptr++ != '=' || 620 !(!kgdb_usethread || kgdb_usethread == current) || 621 !dbg_get_reg(regnum, gdb_regs, ks->linux_regs)) { 622 error_packet(remcom_out_buffer, -EINVAL); 623 return; 624 } 625 memset(gdb_regs, 0, sizeof(gdb_regs)); 626 while (i < sizeof(gdb_regs) * 2) 627 if (hex_to_bin(ptr[i]) >= 0) 628 i++; 629 else 630 break; 631 i = i / 2; 632 kgdb_hex2mem(ptr, (char *)gdb_regs, i); 633 dbg_set_reg(regnum, gdb_regs, ks->linux_regs); 634 strscpy(remcom_out_buffer, "OK"); 635 } 636 #endif /* DBG_MAX_REG_NUM > 0 */ 637 638 /* Handle the 'X' memory binary write bytes */ 639 static void gdb_cmd_binwrite(struct kgdb_state *ks) 640 { 641 int err = write_mem_msg(1); 642 643 if (err) 644 error_packet(remcom_out_buffer, err); 645 else 646 strscpy(remcom_out_buffer, "OK"); 647 } 648 649 /* Handle the 'D' or 'k', detach or kill packets */ 650 static void gdb_cmd_detachkill(struct kgdb_state *ks) 651 { 652 int error; 653 654 /* The detach case */ 655 if (remcom_in_buffer[0] == 'D') { 656 error = dbg_remove_all_break(); 657 if (error < 0) { 658 error_packet(remcom_out_buffer, error); 659 } else { 660 strscpy(remcom_out_buffer, "OK"); 661 kgdb_connected = 0; 662 } 663 put_packet(remcom_out_buffer); 664 } else { 665 /* 666 * Assume the kill case, with no exit code checking, 667 * trying to force detach the debugger: 668 */ 669 dbg_remove_all_break(); 670 kgdb_connected = 0; 671 } 672 } 673 674 /* Handle the 'R' reboot packets */ 675 static int gdb_cmd_reboot(struct kgdb_state *ks) 676 { 677 /* For now, only honor R0 */ 678 if (strcmp(remcom_in_buffer, "R0") == 0) { 679 printk(KERN_CRIT "Executing emergency reboot\n"); 680 strscpy(remcom_out_buffer, "OK"); 681 put_packet(remcom_out_buffer); 682 683 /* 684 * Execution should not return from 685 * machine_emergency_restart() 686 */ 687 machine_emergency_restart(); 688 kgdb_connected = 0; 689 690 return 1; 691 } 692 return 0; 693 } 694 695 /* Handle the 'q' query packets */ 696 static void gdb_cmd_query(struct kgdb_state *ks) 697 { 698 struct task_struct *g; 699 struct task_struct *p; 700 unsigned char thref[BUF_THREAD_ID_SIZE]; 701 char *ptr; 702 int i; 703 int cpu; 704 int finished = 0; 705 706 switch (remcom_in_buffer[1]) { 707 case 's': 708 case 'f': 709 if (memcmp(remcom_in_buffer + 2, "ThreadInfo", 10)) 710 break; 711 712 i = 0; 713 remcom_out_buffer[0] = 'm'; 714 ptr = remcom_out_buffer + 1; 715 if (remcom_in_buffer[1] == 'f') { 716 /* Each cpu is a shadow thread */ 717 for_each_online_cpu(cpu) { 718 ks->thr_query = 0; 719 int_to_threadref(thref, -cpu - 2); 720 ptr = pack_threadid(ptr, thref); 721 *(ptr++) = ','; 722 i++; 723 } 724 } 725 726 for_each_process_thread(g, p) { 727 if (i >= ks->thr_query && !finished) { 728 int_to_threadref(thref, p->pid); 729 ptr = pack_threadid(ptr, thref); 730 *(ptr++) = ','; 731 ks->thr_query++; 732 if (ks->thr_query % KGDB_MAX_THREAD_QUERY == 0) 733 finished = 1; 734 } 735 i++; 736 } 737 738 *(--ptr) = '\0'; 739 break; 740 741 case 'C': 742 /* Current thread id */ 743 strscpy(remcom_out_buffer, "QC"); 744 ks->threadid = shadow_pid(current->pid); 745 int_to_threadref(thref, ks->threadid); 746 pack_threadid(remcom_out_buffer + 2, thref); 747 break; 748 case 'T': 749 if (memcmp(remcom_in_buffer + 1, "ThreadExtraInfo,", 16)) 750 break; 751 752 ks->threadid = 0; 753 ptr = remcom_in_buffer + 17; 754 kgdb_hex2long(&ptr, &ks->threadid); 755 if (!getthread(ks->linux_regs, ks->threadid)) { 756 error_packet(remcom_out_buffer, -EINVAL); 757 break; 758 } 759 if ((int)ks->threadid > 0) { 760 kgdb_mem2hex(getthread(ks->linux_regs, 761 ks->threadid)->comm, 762 remcom_out_buffer, 16); 763 } else { 764 static char tmpstr[23 + BUF_THREAD_ID_SIZE]; 765 766 sprintf(tmpstr, "shadowCPU%d", 767 (int)(-ks->threadid - 2)); 768 kgdb_mem2hex(tmpstr, remcom_out_buffer, strlen(tmpstr)); 769 } 770 break; 771 #ifdef CONFIG_KGDB_KDB 772 case 'R': 773 if (strncmp(remcom_in_buffer, "qRcmd,", 6) == 0) { 774 int len = strlen(remcom_in_buffer + 6); 775 776 if ((len % 2) != 0) { 777 strscpy(remcom_out_buffer, "E01"); 778 break; 779 } 780 kgdb_hex2mem(remcom_in_buffer + 6, 781 remcom_out_buffer, len); 782 len = len / 2; 783 remcom_out_buffer[len++] = 0; 784 785 kdb_common_init_state(ks); 786 kdb_parse(remcom_out_buffer); 787 kdb_common_deinit_state(); 788 789 strscpy(remcom_out_buffer, "OK"); 790 } 791 break; 792 #endif 793 #ifdef CONFIG_HAVE_ARCH_KGDB_QXFER_PKT 794 case 'S': 795 if (!strncmp(remcom_in_buffer, "qSupported:", 11)) 796 strscpy(remcom_out_buffer, kgdb_arch_gdb_stub_feature); 797 break; 798 case 'X': 799 if (!strncmp(remcom_in_buffer, "qXfer:", 6)) 800 kgdb_arch_handle_qxfer_pkt(remcom_in_buffer, 801 remcom_out_buffer); 802 break; 803 #endif 804 default: 805 break; 806 } 807 } 808 809 /* Handle the 'H' task query packets */ 810 static void gdb_cmd_task(struct kgdb_state *ks) 811 { 812 struct task_struct *thread; 813 char *ptr; 814 815 switch (remcom_in_buffer[1]) { 816 case 'g': 817 ptr = &remcom_in_buffer[2]; 818 kgdb_hex2long(&ptr, &ks->threadid); 819 thread = getthread(ks->linux_regs, ks->threadid); 820 if (!thread && ks->threadid > 0) { 821 error_packet(remcom_out_buffer, -EINVAL); 822 break; 823 } 824 kgdb_usethread = thread; 825 ks->kgdb_usethreadid = ks->threadid; 826 strscpy(remcom_out_buffer, "OK"); 827 break; 828 case 'c': 829 ptr = &remcom_in_buffer[2]; 830 kgdb_hex2long(&ptr, &ks->threadid); 831 if (!ks->threadid) { 832 kgdb_contthread = NULL; 833 } else { 834 thread = getthread(ks->linux_regs, ks->threadid); 835 if (!thread && ks->threadid > 0) { 836 error_packet(remcom_out_buffer, -EINVAL); 837 break; 838 } 839 kgdb_contthread = thread; 840 } 841 strscpy(remcom_out_buffer, "OK"); 842 break; 843 } 844 } 845 846 /* Handle the 'T' thread query packets */ 847 static void gdb_cmd_thread(struct kgdb_state *ks) 848 { 849 char *ptr = &remcom_in_buffer[1]; 850 struct task_struct *thread; 851 852 kgdb_hex2long(&ptr, &ks->threadid); 853 thread = getthread(ks->linux_regs, ks->threadid); 854 if (thread) 855 strscpy(remcom_out_buffer, "OK"); 856 else 857 error_packet(remcom_out_buffer, -EINVAL); 858 } 859 860 /* Handle the 'z' or 'Z' breakpoint remove or set packets */ 861 static void gdb_cmd_break(struct kgdb_state *ks) 862 { 863 /* 864 * Since GDB-5.3, it's been drafted that '0' is a software 865 * breakpoint, '1' is a hardware breakpoint, so let's do that. 866 */ 867 char *bpt_type = &remcom_in_buffer[1]; 868 char *ptr = &remcom_in_buffer[2]; 869 unsigned long addr; 870 unsigned long length; 871 int error = 0; 872 873 if (arch_kgdb_ops.set_hw_breakpoint && *bpt_type >= '1') { 874 /* Unsupported */ 875 if (*bpt_type > '4') 876 return; 877 } else { 878 if (*bpt_type != '0' && *bpt_type != '1') 879 /* Unsupported. */ 880 return; 881 } 882 883 /* 884 * Test if this is a hardware breakpoint, and 885 * if we support it: 886 */ 887 if (*bpt_type == '1' && !(arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT)) 888 /* Unsupported. */ 889 return; 890 891 if (*(ptr++) != ',') { 892 error_packet(remcom_out_buffer, -EINVAL); 893 return; 894 } 895 if (!kgdb_hex2long(&ptr, &addr)) { 896 error_packet(remcom_out_buffer, -EINVAL); 897 return; 898 } 899 if (*(ptr++) != ',' || 900 !kgdb_hex2long(&ptr, &length)) { 901 error_packet(remcom_out_buffer, -EINVAL); 902 return; 903 } 904 905 if (remcom_in_buffer[0] == 'Z' && *bpt_type == '0') 906 error = dbg_set_sw_break(addr); 907 else if (remcom_in_buffer[0] == 'z' && *bpt_type == '0') 908 error = dbg_remove_sw_break(addr); 909 else if (remcom_in_buffer[0] == 'Z') 910 error = arch_kgdb_ops.set_hw_breakpoint(addr, 911 (int)length, *bpt_type - '0'); 912 else if (remcom_in_buffer[0] == 'z') 913 error = arch_kgdb_ops.remove_hw_breakpoint(addr, 914 (int) length, *bpt_type - '0'); 915 916 if (error == 0) 917 strscpy(remcom_out_buffer, "OK"); 918 else 919 error_packet(remcom_out_buffer, error); 920 } 921 922 /* Handle the 'C' signal / exception passing packets */ 923 static int gdb_cmd_exception_pass(struct kgdb_state *ks) 924 { 925 /* C09 == pass exception 926 * C15 == detach kgdb, pass exception 927 */ 928 if (remcom_in_buffer[1] == '0' && remcom_in_buffer[2] == '9') { 929 930 ks->pass_exception = 1; 931 remcom_in_buffer[0] = 'c'; 932 933 } else if (remcom_in_buffer[1] == '1' && remcom_in_buffer[2] == '5') { 934 935 ks->pass_exception = 1; 936 remcom_in_buffer[0] = 'D'; 937 dbg_remove_all_break(); 938 kgdb_connected = 0; 939 return 1; 940 941 } else { 942 gdbstub_msg_write("KGDB only knows signal 9 (pass)" 943 " and 15 (pass and disconnect)\n" 944 "Executing a continue without signal passing\n", 0); 945 remcom_in_buffer[0] = 'c'; 946 } 947 948 /* Indicate fall through */ 949 return -1; 950 } 951 952 /* 953 * This function performs all gdbserial command processing 954 */ 955 int gdb_serial_stub(struct kgdb_state *ks) 956 { 957 int error = 0; 958 int tmp; 959 960 /* Initialize comm buffer and globals. */ 961 memset(remcom_out_buffer, 0, sizeof(remcom_out_buffer)); 962 kgdb_usethread = kgdb_info[ks->cpu].task; 963 ks->kgdb_usethreadid = shadow_pid(kgdb_info[ks->cpu].task->pid); 964 ks->pass_exception = 0; 965 966 if (kgdb_connected) { 967 unsigned char thref[BUF_THREAD_ID_SIZE]; 968 char *ptr; 969 970 /* Reply to host that an exception has occurred */ 971 ptr = remcom_out_buffer; 972 *ptr++ = 'T'; 973 ptr = hex_byte_pack(ptr, ks->signo); 974 ptr += strlen(strcpy(ptr, "thread:")); 975 int_to_threadref(thref, shadow_pid(current->pid)); 976 ptr = pack_threadid(ptr, thref); 977 *ptr++ = ';'; 978 put_packet(remcom_out_buffer); 979 } 980 981 while (1) { 982 error = 0; 983 984 /* Clear the out buffer. */ 985 memset(remcom_out_buffer, 0, sizeof(remcom_out_buffer)); 986 987 get_packet(remcom_in_buffer); 988 989 switch (remcom_in_buffer[0]) { 990 case '?': /* gdbserial status */ 991 gdb_cmd_status(ks); 992 break; 993 case 'g': /* return the value of the CPU registers */ 994 gdb_cmd_getregs(ks); 995 break; 996 case 'G': /* set the value of the CPU registers - return OK */ 997 gdb_cmd_setregs(ks); 998 break; 999 case 'm': /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */ 1000 gdb_cmd_memread(ks); 1001 break; 1002 case 'M': /* MAA..AA,LLLL: Write LLLL bytes at address AA..AA */ 1003 gdb_cmd_memwrite(ks); 1004 break; 1005 #if DBG_MAX_REG_NUM > 0 1006 case 'p': /* pXX Return gdb register XX (in hex) */ 1007 gdb_cmd_reg_get(ks); 1008 break; 1009 case 'P': /* PXX=aaaa Set gdb register XX to aaaa (in hex) */ 1010 gdb_cmd_reg_set(ks); 1011 break; 1012 #endif /* DBG_MAX_REG_NUM > 0 */ 1013 case 'X': /* XAA..AA,LLLL: Write LLLL bytes at address AA..AA */ 1014 gdb_cmd_binwrite(ks); 1015 break; 1016 /* kill or detach. KGDB should treat this like a 1017 * continue. 1018 */ 1019 case 'D': /* Debugger detach */ 1020 case 'k': /* Debugger detach via kill */ 1021 gdb_cmd_detachkill(ks); 1022 goto default_handle; 1023 case 'R': /* Reboot */ 1024 if (gdb_cmd_reboot(ks)) 1025 goto default_handle; 1026 break; 1027 case 'q': /* query command */ 1028 gdb_cmd_query(ks); 1029 break; 1030 case 'H': /* task related */ 1031 gdb_cmd_task(ks); 1032 break; 1033 case 'T': /* Query thread status */ 1034 gdb_cmd_thread(ks); 1035 break; 1036 case 'z': /* Break point remove */ 1037 case 'Z': /* Break point set */ 1038 gdb_cmd_break(ks); 1039 break; 1040 #ifdef CONFIG_KGDB_KDB 1041 case '3': /* Escape into back into kdb */ 1042 if (remcom_in_buffer[1] == '\0') { 1043 gdb_cmd_detachkill(ks); 1044 return DBG_PASS_EVENT; 1045 } 1046 fallthrough; 1047 #endif 1048 case 'C': /* Exception passing */ 1049 tmp = gdb_cmd_exception_pass(ks); 1050 if (tmp > 0) 1051 goto default_handle; 1052 if (tmp == 0) 1053 break; 1054 fallthrough; /* on tmp < 0 */ 1055 case 'c': /* Continue packet */ 1056 case 's': /* Single step packet */ 1057 if (kgdb_contthread && kgdb_contthread != current) { 1058 /* Can't switch threads in kgdb */ 1059 error_packet(remcom_out_buffer, -EINVAL); 1060 break; 1061 } 1062 fallthrough; /* to default processing */ 1063 default: 1064 default_handle: 1065 error = kgdb_arch_handle_exception(ks->ex_vector, 1066 ks->signo, 1067 ks->err_code, 1068 remcom_in_buffer, 1069 remcom_out_buffer, 1070 ks->linux_regs); 1071 /* 1072 * Leave cmd processing on error, detach, 1073 * kill, continue, or single step. 1074 */ 1075 if (error >= 0 || remcom_in_buffer[0] == 'D' || 1076 remcom_in_buffer[0] == 'k') { 1077 error = 0; 1078 goto kgdb_exit; 1079 } 1080 1081 } 1082 1083 /* reply to the request */ 1084 put_packet(remcom_out_buffer); 1085 } 1086 1087 kgdb_exit: 1088 if (ks->pass_exception) 1089 error = 1; 1090 return error; 1091 } 1092 1093 int gdbstub_state(struct kgdb_state *ks, char *cmd) 1094 { 1095 int error; 1096 1097 switch (cmd[0]) { 1098 case 'e': 1099 error = kgdb_arch_handle_exception(ks->ex_vector, 1100 ks->signo, 1101 ks->err_code, 1102 remcom_in_buffer, 1103 remcom_out_buffer, 1104 ks->linux_regs); 1105 return error; 1106 case 's': 1107 case 'c': 1108 strscpy(remcom_in_buffer, cmd, sizeof(remcom_in_buffer)); 1109 return 0; 1110 case '$': 1111 strscpy(remcom_in_buffer, cmd, sizeof(remcom_in_buffer)); 1112 gdbstub_use_prev_in_buf = strlen(remcom_in_buffer); 1113 gdbstub_prev_in_buf_pos = 0; 1114 return 0; 1115 } 1116 dbg_io_ops->write_char('+'); 1117 put_packet(remcom_out_buffer); 1118 return 0; 1119 } 1120 1121 /** 1122 * gdbstub_exit - Send an exit message to GDB 1123 * @status: The exit code to report. 1124 */ 1125 void gdbstub_exit(int status) 1126 { 1127 unsigned char checksum, ch, buffer[3]; 1128 int loop; 1129 1130 if (!kgdb_connected) 1131 return; 1132 kgdb_connected = 0; 1133 1134 if (!dbg_io_ops || dbg_kdb_mode) 1135 return; 1136 1137 buffer[0] = 'W'; 1138 buffer[1] = hex_asc_hi(status); 1139 buffer[2] = hex_asc_lo(status); 1140 1141 dbg_io_ops->write_char('$'); 1142 checksum = 0; 1143 1144 for (loop = 0; loop < 3; loop++) { 1145 ch = buffer[loop]; 1146 checksum += ch; 1147 dbg_io_ops->write_char(ch); 1148 } 1149 1150 dbg_io_ops->write_char('#'); 1151 dbg_io_ops->write_char(hex_asc_hi(checksum)); 1152 dbg_io_ops->write_char(hex_asc_lo(checksum)); 1153 1154 /* make sure the output is flushed, lest the bootloader clobber it */ 1155 if (dbg_io_ops->flush) 1156 dbg_io_ops->flush(); 1157 } 1158