1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "usb.h"
18
19 #include "sysdeps.h"
20
21 #include <stdint.h>
22 #include <stdlib.h>
23
24 #include <atomic>
25 #include <chrono>
26 #include <condition_variable>
27 #include <memory>
28 #include <mutex>
29 #include <string>
30 #include <thread>
31 #include <unordered_map>
32
33 #include <libusb/libusb.h>
34
35 #include <android-base/file.h>
36 #include <android-base/logging.h>
37 #include <android-base/stringprintf.h>
38 #include <android-base/strings.h>
39
40 #include "adb.h"
41 #include "adb_utils.h"
42 #include "transport.h"
43 #include "usb.h"
44
45 using android::base::StringPrintf;
46
47 // RAII wrappers for libusb.
48 struct ConfigDescriptorDeleter {
operator ()ConfigDescriptorDeleter49 void operator()(libusb_config_descriptor* desc) {
50 libusb_free_config_descriptor(desc);
51 }
52 };
53
54 using unique_config_descriptor = std::unique_ptr<libusb_config_descriptor, ConfigDescriptorDeleter>;
55
56 struct DeviceHandleDeleter {
operator ()DeviceHandleDeleter57 void operator()(libusb_device_handle* h) {
58 libusb_close(h);
59 }
60 };
61
62 using unique_device_handle = std::unique_ptr<libusb_device_handle, DeviceHandleDeleter>;
63
64 struct transfer_info {
transfer_infotransfer_info65 transfer_info(const char* name, uint16_t zero_mask, bool is_bulk_out)
66 : name(name),
67 transfer(libusb_alloc_transfer(0)),
68 is_bulk_out(is_bulk_out),
69 zero_mask(zero_mask) {}
70
~transfer_infotransfer_info71 ~transfer_info() {
72 libusb_free_transfer(transfer);
73 }
74
75 const char* name;
76 libusb_transfer* transfer;
77 bool is_bulk_out;
78 bool transfer_complete;
79 std::condition_variable cv;
80 std::mutex mutex;
81 uint16_t zero_mask;
82
Notifytransfer_info83 void Notify() {
84 LOG(DEBUG) << "notifying " << name << " transfer complete";
85 transfer_complete = true;
86 cv.notify_one();
87 }
88 };
89
90 namespace libusb {
91 struct usb_handle : public ::usb_handle {
usb_handlelibusb::usb_handle92 usb_handle(const std::string& device_address, const std::string& serial,
93 unique_device_handle&& device_handle, uint8_t interface, uint8_t bulk_in,
94 uint8_t bulk_out, size_t zero_mask, size_t max_packet_size)
95 : device_address(device_address),
96 serial(serial),
97 closing(false),
98 device_handle(device_handle.release()),
99 read("read", zero_mask, false),
100 write("write", zero_mask, true),
101 interface(interface),
102 bulk_in(bulk_in),
103 bulk_out(bulk_out),
104 max_packet_size(max_packet_size) {}
105
~usb_handlelibusb::usb_handle106 ~usb_handle() {
107 Close();
108 }
109
Closelibusb::usb_handle110 void Close() {
111 std::unique_lock<std::mutex> lock(device_handle_mutex);
112 // Cancelling transfers will trigger more Closes, so make sure this only happens once.
113 if (closing) {
114 return;
115 }
116 closing = true;
117
118 // Make sure that no new transfers come in.
119 libusb_device_handle* handle = device_handle;
120 if (!handle) {
121 return;
122 }
123
124 device_handle = nullptr;
125
126 // Cancel already dispatched transfers.
127 libusb_cancel_transfer(read.transfer);
128 libusb_cancel_transfer(write.transfer);
129
130 libusb_release_interface(handle, interface);
131 libusb_close(handle);
132 }
133
134 std::string device_address;
135 std::string serial;
136
137 std::atomic<bool> closing;
138 std::mutex device_handle_mutex;
139 libusb_device_handle* device_handle;
140
141 transfer_info read;
142 transfer_info write;
143
144 uint8_t interface;
145 uint8_t bulk_in;
146 uint8_t bulk_out;
147
148 size_t max_packet_size;
149 };
150
151 static auto& usb_handles = *new std::unordered_map<std::string, std::unique_ptr<usb_handle>>();
152 static auto& usb_handles_mutex = *new std::mutex();
153
154 static libusb_hotplug_callback_handle hotplug_handle;
155
get_device_address(libusb_device * device)156 static std::string get_device_address(libusb_device* device) {
157 return StringPrintf("usb:%d:%d", libusb_get_bus_number(device),
158 libusb_get_device_address(device));
159 }
160
161 #if defined(__linux__)
get_device_serial_path(libusb_device * device)162 static std::string get_device_serial_path(libusb_device* device) {
163 uint8_t ports[7];
164 int port_count = libusb_get_port_numbers(device, ports, 7);
165 if (port_count < 0) return "";
166
167 std::string path =
168 StringPrintf("/sys/bus/usb/devices/%d-%d", libusb_get_bus_number(device), ports[0]);
169 for (int port = 1; port < port_count; ++port) {
170 path += StringPrintf(".%d", ports[port]);
171 }
172 path += "/serial";
173 return path;
174 }
175
get_device_dev_path(libusb_device * device)176 static std::string get_device_dev_path(libusb_device* device) {
177 uint8_t ports[7];
178 int port_count = libusb_get_port_numbers(device, ports, 7);
179 if (port_count < 0) return "";
180 return StringPrintf("/dev/bus/usb/%03u/%03u", libusb_get_bus_number(device), ports[0]);
181 }
182 #endif
183
endpoint_is_output(uint8_t endpoint)184 static bool endpoint_is_output(uint8_t endpoint) {
185 return (endpoint & LIBUSB_ENDPOINT_DIR_MASK) == LIBUSB_ENDPOINT_OUT;
186 }
187
should_perform_zero_transfer(uint8_t endpoint,size_t write_length,uint16_t zero_mask)188 static bool should_perform_zero_transfer(uint8_t endpoint, size_t write_length, uint16_t zero_mask) {
189 return endpoint_is_output(endpoint) && write_length != 0 && zero_mask != 0 &&
190 (write_length & zero_mask) == 0;
191 }
192
process_device(libusb_device * device)193 static void process_device(libusb_device* device) {
194 std::string device_address = get_device_address(device);
195 std::string device_serial;
196
197 // Figure out if we want to open the device.
198 libusb_device_descriptor device_desc;
199 int rc = libusb_get_device_descriptor(device, &device_desc);
200 if (rc != 0) {
201 LOG(WARNING) << "failed to get device descriptor for device at " << device_address << ": "
202 << libusb_error_name(rc);
203 return;
204 }
205
206 if (device_desc.bDeviceClass != LIBUSB_CLASS_PER_INTERFACE) {
207 // Assume that all Android devices have the device class set to per interface.
208 // TODO: Is this assumption valid?
209 LOG(VERBOSE) << "skipping device with incorrect class at " << device_address;
210 return;
211 }
212
213 libusb_config_descriptor* config_raw;
214 rc = libusb_get_active_config_descriptor(device, &config_raw);
215 if (rc != 0) {
216 LOG(WARNING) << "failed to get active config descriptor for device at " << device_address
217 << ": " << libusb_error_name(rc);
218 return;
219 }
220 const unique_config_descriptor config(config_raw);
221
222 // Use size_t for interface_num so <iostream>s don't mangle it.
223 size_t interface_num;
224 uint16_t zero_mask = 0;
225 uint8_t bulk_in = 0, bulk_out = 0;
226 size_t packet_size = 0;
227 bool found_adb = false;
228
229 for (interface_num = 0; interface_num < config->bNumInterfaces; ++interface_num) {
230 const libusb_interface& interface = config->interface[interface_num];
231 if (interface.num_altsetting != 1) {
232 // Assume that interfaces with alternate settings aren't adb interfaces.
233 // TODO: Is this assumption valid?
234 LOG(VERBOSE) << "skipping interface with incorrect num_altsetting at " << device_address
235 << " (interface " << interface_num << ")";
236 continue;
237 }
238
239 const libusb_interface_descriptor& interface_desc = interface.altsetting[0];
240 if (!is_adb_interface(interface_desc.bInterfaceClass, interface_desc.bInterfaceSubClass,
241 interface_desc.bInterfaceProtocol)) {
242 LOG(VERBOSE) << "skipping non-adb interface at " << device_address << " (interface "
243 << interface_num << ")";
244 continue;
245 }
246
247 LOG(VERBOSE) << "found potential adb interface at " << device_address << " (interface "
248 << interface_num << ")";
249
250 bool found_in = false;
251 bool found_out = false;
252 for (size_t endpoint_num = 0; endpoint_num < interface_desc.bNumEndpoints; ++endpoint_num) {
253 const auto& endpoint_desc = interface_desc.endpoint[endpoint_num];
254 const uint8_t endpoint_addr = endpoint_desc.bEndpointAddress;
255 const uint8_t endpoint_attr = endpoint_desc.bmAttributes;
256
257 const uint8_t transfer_type = endpoint_attr & LIBUSB_TRANSFER_TYPE_MASK;
258
259 if (transfer_type != LIBUSB_TRANSFER_TYPE_BULK) {
260 continue;
261 }
262
263 if (endpoint_is_output(endpoint_addr) && !found_out) {
264 found_out = true;
265 bulk_out = endpoint_addr;
266 zero_mask = endpoint_desc.wMaxPacketSize - 1;
267 } else if (!endpoint_is_output(endpoint_addr) && !found_in) {
268 found_in = true;
269 bulk_in = endpoint_addr;
270 }
271
272 size_t endpoint_packet_size = endpoint_desc.wMaxPacketSize;
273 CHECK(endpoint_packet_size != 0);
274 if (packet_size == 0) {
275 packet_size = endpoint_packet_size;
276 } else {
277 CHECK(packet_size == endpoint_packet_size);
278 }
279 }
280
281 if (found_in && found_out) {
282 found_adb = true;
283 break;
284 } else {
285 LOG(VERBOSE) << "rejecting potential adb interface at " << device_address
286 << "(interface " << interface_num << "): missing bulk endpoints "
287 << "(found_in = " << found_in << ", found_out = " << found_out << ")";
288 }
289 }
290
291 if (!found_adb) {
292 LOG(VERBOSE) << "skipping device with no adb interfaces at " << device_address;
293 return;
294 }
295
296 {
297 std::unique_lock<std::mutex> lock(usb_handles_mutex);
298 if (usb_handles.find(device_address) != usb_handles.end()) {
299 LOG(VERBOSE) << "device at " << device_address
300 << " has already been registered, skipping";
301 return;
302 }
303 }
304
305 bool writable = true;
306 libusb_device_handle* handle_raw = nullptr;
307 rc = libusb_open(device, &handle_raw);
308 unique_device_handle handle(handle_raw);
309 if (rc == 0) {
310 LOG(DEBUG) << "successfully opened adb device at " << device_address << ", "
311 << StringPrintf("bulk_in = %#x, bulk_out = %#x", bulk_in, bulk_out);
312
313 device_serial.resize(255);
314 rc = libusb_get_string_descriptor_ascii(handle_raw, device_desc.iSerialNumber,
315 reinterpret_cast<unsigned char*>(&device_serial[0]),
316 device_serial.length());
317 if (rc == 0) {
318 LOG(WARNING) << "received empty serial from device at " << device_address;
319 return;
320 } else if (rc < 0) {
321 LOG(WARNING) << "failed to get serial from device at " << device_address
322 << libusb_error_name(rc);
323 return;
324 }
325 device_serial.resize(rc);
326
327 // WARNING: this isn't released via RAII.
328 rc = libusb_claim_interface(handle.get(), interface_num);
329 if (rc != 0) {
330 LOG(WARNING) << "failed to claim adb interface for device '" << device_serial << "'"
331 << libusb_error_name(rc);
332 return;
333 }
334
335 for (uint8_t endpoint : {bulk_in, bulk_out}) {
336 rc = libusb_clear_halt(handle.get(), endpoint);
337 if (rc != 0) {
338 LOG(WARNING) << "failed to clear halt on device '" << device_serial
339 << "' endpoint 0x" << std::hex << endpoint << ": "
340 << libusb_error_name(rc);
341 libusb_release_interface(handle.get(), interface_num);
342 return;
343 }
344 }
345 } else {
346 LOG(WARNING) << "failed to open usb device at " << device_address << ": "
347 << libusb_error_name(rc);
348 writable = false;
349
350 #if defined(__linux__)
351 // libusb doesn't think we should be messing around with devices we don't have
352 // write access to, but Linux at least lets us get the serial number anyway.
353 if (!android::base::ReadFileToString(get_device_serial_path(device), &device_serial)) {
354 // We don't actually want to treat an unknown serial as an error because
355 // devices aren't able to communicate a serial number in early bringup.
356 // http://b/20883914
357 device_serial = "unknown";
358 }
359 device_serial = android::base::Trim(device_serial);
360 #else
361 // On Mac OS and Windows, we're screwed. But I don't think this situation actually
362 // happens on those OSes.
363 return;
364 #endif
365 }
366
367 std::unique_ptr<usb_handle> result(new usb_handle(device_address, device_serial,
368 std::move(handle), interface_num, bulk_in,
369 bulk_out, zero_mask, packet_size));
370 usb_handle* usb_handle_raw = result.get();
371
372 {
373 std::unique_lock<std::mutex> lock(usb_handles_mutex);
374 usb_handles[device_address] = std::move(result);
375
376 register_usb_transport(usb_handle_raw, device_serial.c_str(), device_address.c_str(),
377 writable);
378 }
379 LOG(INFO) << "registered new usb device '" << device_serial << "'";
380 }
381
382 static std::atomic<int> connecting_devices(0);
383
device_connected(libusb_device * device)384 static void device_connected(libusb_device* device) {
385 #if defined(__linux__)
386 // Android's host linux libusb uses netlink instead of udev for device hotplug notification,
387 // which means we can get hotplug notifications before udev has updated ownership/perms on the
388 // device. Since we're not going to be able to link against the system's libudev any time soon,
389 // hack around this by inserting a sleep.
390 auto thread = std::thread([device]() {
391 std::string device_path = get_device_dev_path(device);
392 std::this_thread::sleep_for(std::chrono::seconds(1));
393
394 process_device(device);
395 if (--connecting_devices == 0) {
396 adb_notify_device_scan_complete();
397 }
398 });
399 thread.detach();
400 #else
401 process_device(device);
402 #endif
403 }
404
device_disconnected(libusb_device * device)405 static void device_disconnected(libusb_device* device) {
406 std::string device_address = get_device_address(device);
407
408 LOG(INFO) << "device disconnected: " << device_address;
409 std::unique_lock<std::mutex> lock(usb_handles_mutex);
410 auto it = usb_handles.find(device_address);
411 if (it != usb_handles.end()) {
412 if (!it->second->device_handle) {
413 // If the handle is null, we were never able to open the device.
414
415 // Temporarily release the usb handles mutex to avoid deadlock.
416 std::unique_ptr<usb_handle> handle = std::move(it->second);
417 usb_handles.erase(it);
418 lock.unlock();
419 unregister_usb_transport(handle.get());
420 lock.lock();
421 } else {
422 // Closure of the transport will erase the usb_handle.
423 }
424 }
425 }
426
427 static auto& hotplug_queue = *new BlockingQueue<std::pair<libusb_hotplug_event, libusb_device*>>();
hotplug_thread()428 static void hotplug_thread() {
429 adb_thread_setname("libusb hotplug");
430 while (true) {
431 hotplug_queue.PopAll([](std::pair<libusb_hotplug_event, libusb_device*> pair) {
432 libusb_hotplug_event event = pair.first;
433 libusb_device* device = pair.second;
434 if (event == LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED) {
435 device_connected(device);
436 } else if (event == LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT) {
437 device_disconnected(device);
438 }
439 });
440 }
441 }
442
hotplug_callback(libusb_context *,libusb_device * device,libusb_hotplug_event event,void *)443 static LIBUSB_CALL int hotplug_callback(libusb_context*, libusb_device* device,
444 libusb_hotplug_event event, void*) {
445 // We're called with the libusb lock taken. Call these on a separate thread outside of this
446 // function so that the usb_handle mutex is always taken before the libusb mutex.
447 static std::once_flag once;
448 std::call_once(once, []() { std::thread(hotplug_thread).detach(); });
449
450 if (event == LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED) {
451 ++connecting_devices;
452 }
453 hotplug_queue.Push({event, device});
454 return 0;
455 }
456
usb_init()457 void usb_init() {
458 LOG(DEBUG) << "initializing libusb...";
459 int rc = libusb_init(nullptr);
460 if (rc != 0) {
461 LOG(FATAL) << "failed to initialize libusb: " << libusb_error_name(rc);
462 }
463
464 // Register the hotplug callback.
465 rc = libusb_hotplug_register_callback(
466 nullptr, static_cast<libusb_hotplug_event>(LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED |
467 LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT),
468 LIBUSB_HOTPLUG_ENUMERATE, LIBUSB_HOTPLUG_MATCH_ANY, LIBUSB_HOTPLUG_MATCH_ANY,
469 LIBUSB_CLASS_PER_INTERFACE, hotplug_callback, nullptr, &hotplug_handle);
470
471 if (rc != LIBUSB_SUCCESS) {
472 LOG(FATAL) << "failed to register libusb hotplug callback";
473 }
474
475 // Spawn a thread for libusb_handle_events.
476 std::thread([]() {
477 adb_thread_setname("libusb");
478 while (true) {
479 libusb_handle_events(nullptr);
480 }
481 }).detach();
482 }
483
usb_cleanup()484 void usb_cleanup() {
485 libusb_hotplug_deregister_callback(nullptr, hotplug_handle);
486 }
487
transfer_callback(libusb_transfer * transfer)488 static LIBUSB_CALL void transfer_callback(libusb_transfer* transfer) {
489 transfer_info* info = static_cast<transfer_info*>(transfer->user_data);
490
491 LOG(DEBUG) << info->name << " transfer callback entered";
492
493 // Make sure that the original submitter has made it to the condition_variable wait.
494 std::unique_lock<std::mutex> lock(info->mutex);
495
496 LOG(DEBUG) << info->name << " callback successfully acquired lock";
497
498 if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
499 LOG(WARNING) << info->name << " transfer failed: " << libusb_error_name(transfer->status);
500 info->Notify();
501 return;
502 }
503
504 // usb_read() can return when receiving some data.
505 if (info->is_bulk_out && transfer->actual_length != transfer->length) {
506 LOG(DEBUG) << info->name << " transfer incomplete, resubmitting";
507 transfer->length -= transfer->actual_length;
508 transfer->buffer += transfer->actual_length;
509 int rc = libusb_submit_transfer(transfer);
510 if (rc != 0) {
511 LOG(WARNING) << "failed to submit " << info->name
512 << " transfer: " << libusb_error_name(rc);
513 transfer->status = LIBUSB_TRANSFER_ERROR;
514 info->Notify();
515 }
516 return;
517 }
518
519 if (should_perform_zero_transfer(transfer->endpoint, transfer->length, info->zero_mask)) {
520 LOG(DEBUG) << "submitting zero-length write";
521 transfer->length = 0;
522 int rc = libusb_submit_transfer(transfer);
523 if (rc != 0) {
524 LOG(WARNING) << "failed to submit zero-length write: " << libusb_error_name(rc);
525 transfer->status = LIBUSB_TRANSFER_ERROR;
526 info->Notify();
527 }
528 return;
529 }
530
531 LOG(VERBOSE) << info->name << "transfer fully complete";
532 info->Notify();
533 }
534
535 // Dispatch a libusb transfer, unlock |device_lock|, and then wait for the result.
perform_usb_transfer(usb_handle * h,transfer_info * info,std::unique_lock<std::mutex> device_lock)536 static int perform_usb_transfer(usb_handle* h, transfer_info* info,
537 std::unique_lock<std::mutex> device_lock) {
538 libusb_transfer* transfer = info->transfer;
539
540 transfer->user_data = info;
541 transfer->callback = transfer_callback;
542
543 LOG(DEBUG) << "locking " << info->name << " transfer_info mutex";
544 std::unique_lock<std::mutex> lock(info->mutex);
545 info->transfer_complete = false;
546 LOG(DEBUG) << "submitting " << info->name << " transfer";
547 int rc = libusb_submit_transfer(transfer);
548 if (rc != 0) {
549 LOG(WARNING) << "failed to submit " << info->name << " transfer: " << libusb_error_name(rc);
550 errno = EIO;
551 return -1;
552 }
553
554 LOG(DEBUG) << info->name << " transfer successfully submitted";
555 device_lock.unlock();
556 info->cv.wait(lock, [info]() { return info->transfer_complete; });
557 if (transfer->status != 0) {
558 errno = EIO;
559 return -1;
560 }
561
562 return 0;
563 }
564
usb_write(usb_handle * h,const void * d,int len)565 int usb_write(usb_handle* h, const void* d, int len) {
566 LOG(DEBUG) << "usb_write of length " << len;
567
568 std::unique_lock<std::mutex> lock(h->device_handle_mutex);
569 if (!h->device_handle) {
570 errno = EIO;
571 return -1;
572 }
573
574 transfer_info* info = &h->write;
575 info->transfer->dev_handle = h->device_handle;
576 info->transfer->flags = 0;
577 info->transfer->endpoint = h->bulk_out;
578 info->transfer->type = LIBUSB_TRANSFER_TYPE_BULK;
579 info->transfer->length = len;
580 info->transfer->buffer = reinterpret_cast<unsigned char*>(const_cast<void*>(d));
581 info->transfer->num_iso_packets = 0;
582
583 int rc = perform_usb_transfer(h, info, std::move(lock));
584 LOG(DEBUG) << "usb_write(" << len << ") = " << rc;
585 return info->transfer->actual_length;
586 }
587
usb_read(usb_handle * h,void * d,int len)588 int usb_read(usb_handle* h, void* d, int len) {
589 LOG(DEBUG) << "usb_read of length " << len;
590
591 std::unique_lock<std::mutex> lock(h->device_handle_mutex);
592 if (!h->device_handle) {
593 errno = EIO;
594 return -1;
595 }
596
597 transfer_info* info = &h->read;
598 info->transfer->dev_handle = h->device_handle;
599 info->transfer->flags = 0;
600 info->transfer->endpoint = h->bulk_in;
601 info->transfer->type = LIBUSB_TRANSFER_TYPE_BULK;
602 info->transfer->length = len;
603 info->transfer->buffer = reinterpret_cast<unsigned char*>(d);
604 info->transfer->num_iso_packets = 0;
605
606 int rc = perform_usb_transfer(h, info, std::move(lock));
607 LOG(DEBUG) << "usb_read(" << len << ") = " << rc << ", actual_length "
608 << info->transfer->actual_length;
609 if (rc < 0) {
610 return rc;
611 }
612 return info->transfer->actual_length;
613 }
614
usb_close(usb_handle * h)615 int usb_close(usb_handle* h) {
616 std::unique_lock<std::mutex> lock(usb_handles_mutex);
617 auto it = usb_handles.find(h->device_address);
618 if (it == usb_handles.end()) {
619 LOG(FATAL) << "attempted to close unregistered usb_handle for '" << h->serial << "'";
620 }
621 usb_handles.erase(h->device_address);
622 return 0;
623 }
624
usb_reset(usb_handle * h)625 void usb_reset(usb_handle* h) {
626 libusb_reset_device(h->device_handle);
627 usb_kick(h);
628 }
629
usb_kick(usb_handle * h)630 void usb_kick(usb_handle* h) {
631 h->Close();
632 }
633
usb_get_max_packet_size(usb_handle * h)634 size_t usb_get_max_packet_size(usb_handle* h) {
635 CHECK(h->max_packet_size != 0);
636 return h->max_packet_size;
637 }
638
639 } // namespace libusb
640