1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <ctype.h>
30 #include <dirent.h>
31 #include <errno.h>
32 #include <fcntl.h>
33 #include <pthread.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/ioctl.h>
38 #include <sys/stat.h>
39 #include <sys/types.h>
40 #include <unistd.h>
41
42 #include <linux/usbdevice_fs.h>
43 #include <linux/version.h>
44 #include <linux/usb/ch9.h>
45
46 #include <android-base/file.h>
47 #include <android-base/stringprintf.h>
48 #include <chrono>
49 #include <memory>
50 #include <thread>
51
52 #include "usb.h"
53 #include "util.h"
54
55 using namespace std::chrono_literals;
56
57 #define MAX_RETRIES 2
58
59 /* Timeout in seconds for usb_wait_for_disconnect.
60 * It doesn't usually take long for a device to disconnect (almost always
61 * under 2 seconds) but we'll time out after 3 seconds just in case.
62 */
63 #define WAIT_FOR_DISCONNECT_TIMEOUT 3
64
65 #ifdef TRACE_USB
66 #define DBG1(x...) fprintf(stderr, x)
67 #define DBG(x...) fprintf(stderr, x)
68 #else
69 #define DBG(x...)
70 #define DBG1(x...)
71 #endif
72
73 // Kernels before 3.3 have a 16KiB transfer limit. That limit was replaced
74 // with a 16MiB global limit in 3.3, but each URB submitted required a
75 // contiguous kernel allocation, so you would get ENOMEM if you tried to
76 // send something larger than the biggest available contiguous kernel
77 // memory region. 256KiB contiguous allocations are generally not reliable
78 // on a device kernel that has been running for a while fragmenting its
79 // memory, but that shouldn't be a problem for fastboot on the host.
80 // In 3.6, the contiguous buffer limit was removed by allocating multiple
81 // 16KiB chunks and having the USB driver stitch them back together while
82 // transmitting using a scatter-gather list, so 256KiB bulk transfers should
83 // be reliable.
84 // 256KiB seems to work, but 1MiB bulk transfers lock up my z620 with a 3.13
85 // kernel.
86 #define MAX_USBFS_BULK_SIZE (16 * 1024)
87
88 struct usb_handle
89 {
90 char fname[64];
91 int desc;
92 unsigned char ep_in;
93 unsigned char ep_out;
94 };
95
96 class LinuxUsbTransport : public UsbTransport {
97 public:
LinuxUsbTransport(std::unique_ptr<usb_handle> handle,uint32_t ms_timeout=0)98 explicit LinuxUsbTransport(std::unique_ptr<usb_handle> handle, uint32_t ms_timeout = 0)
99 : handle_(std::move(handle)), ms_timeout_(ms_timeout) {}
100 ~LinuxUsbTransport() override;
101
102 ssize_t Read(void* data, size_t len) override;
103 ssize_t Write(const void* data, size_t len) override;
104 int Close() override;
105 int Reset() override;
106 int WaitForDisconnect() override;
107
108 private:
109 std::unique_ptr<usb_handle> handle_;
110 const uint32_t ms_timeout_;
111
112 DISALLOW_COPY_AND_ASSIGN(LinuxUsbTransport);
113 };
114
115 /* True if name isn't a valid name for a USB device in /sys/bus/usb/devices.
116 * Device names are made up of numbers, dots, and dashes, e.g., '7-1.5'.
117 * We reject interfaces (e.g., '7-1.5:1.0') and host controllers (e.g. 'usb1').
118 * The name must also start with a digit, to disallow '.' and '..'
119 */
badname(const char * name)120 static inline int badname(const char *name)
121 {
122 if (!isdigit(*name))
123 return 1;
124 while(*++name) {
125 if(!isdigit(*name) && *name != '.' && *name != '-')
126 return 1;
127 }
128 return 0;
129 }
130
check(void * _desc,int len,unsigned type,int size)131 static int check(void *_desc, int len, unsigned type, int size)
132 {
133 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)_desc;
134
135 if(len < size) return -1;
136 if(hdr->bLength < size) return -1;
137 if(hdr->bLength > len) return -1;
138 if(hdr->bDescriptorType != type) return -1;
139
140 return 0;
141 }
142
filter_usb_device(char * sysfs_name,char * ptr,int len,int writable,ifc_match_func callback,int * ept_in_id,int * ept_out_id,int * ifc_id)143 static int filter_usb_device(char* sysfs_name,
144 char *ptr, int len, int writable,
145 ifc_match_func callback,
146 int *ept_in_id, int *ept_out_id, int *ifc_id)
147 {
148 struct usb_device_descriptor *dev;
149 struct usb_config_descriptor *cfg;
150 struct usb_interface_descriptor *ifc;
151 struct usb_endpoint_descriptor *ept;
152 struct usb_ifc_info info;
153
154 int in, out;
155 unsigned i;
156 unsigned e;
157
158 if (check(ptr, len, USB_DT_DEVICE, USB_DT_DEVICE_SIZE))
159 return -1;
160 dev = (struct usb_device_descriptor *)ptr;
161 len -= dev->bLength;
162 ptr += dev->bLength;
163
164 if (check(ptr, len, USB_DT_CONFIG, USB_DT_CONFIG_SIZE))
165 return -1;
166 cfg = (struct usb_config_descriptor *)ptr;
167 len -= cfg->bLength;
168 ptr += cfg->bLength;
169
170 info.dev_vendor = dev->idVendor;
171 info.dev_product = dev->idProduct;
172 info.dev_class = dev->bDeviceClass;
173 info.dev_subclass = dev->bDeviceSubClass;
174 info.dev_protocol = dev->bDeviceProtocol;
175 info.writable = writable;
176
177 snprintf(info.device_path, sizeof(info.device_path), "usb:%s", sysfs_name);
178
179 /* Read device serial number (if there is one).
180 * We read the serial number from sysfs, since it's faster and more
181 * reliable than issuing a control pipe read, and also won't
182 * cause problems for devices which don't like getting descriptor
183 * requests while they're in the middle of flashing.
184 */
185 info.serial_number[0] = '\0';
186 if (dev->iSerialNumber) {
187 char path[80];
188 int fd;
189
190 snprintf(path, sizeof(path),
191 "/sys/bus/usb/devices/%s/serial", sysfs_name);
192 path[sizeof(path) - 1] = '\0';
193
194 fd = open(path, O_RDONLY);
195 if (fd >= 0) {
196 int chars_read = read(fd, info.serial_number,
197 sizeof(info.serial_number) - 1);
198 close(fd);
199
200 if (chars_read <= 0)
201 info.serial_number[0] = '\0';
202 else if (info.serial_number[chars_read - 1] == '\n') {
203 // strip trailing newline
204 info.serial_number[chars_read - 1] = '\0';
205 }
206 }
207 }
208
209 for(i = 0; i < cfg->bNumInterfaces; i++) {
210
211 while (len > 0) {
212 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr;
213 if (check(hdr, len, USB_DT_INTERFACE, USB_DT_INTERFACE_SIZE) == 0)
214 break;
215 len -= hdr->bLength;
216 ptr += hdr->bLength;
217 }
218
219 if (len <= 0)
220 return -1;
221
222 ifc = (struct usb_interface_descriptor *)ptr;
223 len -= ifc->bLength;
224 ptr += ifc->bLength;
225
226 in = -1;
227 out = -1;
228 info.ifc_class = ifc->bInterfaceClass;
229 info.ifc_subclass = ifc->bInterfaceSubClass;
230 info.ifc_protocol = ifc->bInterfaceProtocol;
231
232 for(e = 0; e < ifc->bNumEndpoints; e++) {
233 while (len > 0) {
234 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr;
235 if (check(hdr, len, USB_DT_ENDPOINT, USB_DT_ENDPOINT_SIZE) == 0)
236 break;
237 len -= hdr->bLength;
238 ptr += hdr->bLength;
239 }
240 if (len < 0) {
241 break;
242 }
243
244 ept = (struct usb_endpoint_descriptor *)ptr;
245 len -= ept->bLength;
246 ptr += ept->bLength;
247
248 if((ept->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) != USB_ENDPOINT_XFER_BULK)
249 continue;
250
251 if(ept->bEndpointAddress & USB_ENDPOINT_DIR_MASK) {
252 in = ept->bEndpointAddress;
253 } else {
254 out = ept->bEndpointAddress;
255 }
256
257 // For USB 3.0 devices skip the SS Endpoint Companion descriptor
258 if (check((struct usb_descriptor_hdr *)ptr, len,
259 USB_DT_SS_ENDPOINT_COMP, USB_DT_SS_EP_COMP_SIZE) == 0) {
260 len -= USB_DT_SS_EP_COMP_SIZE;
261 ptr += USB_DT_SS_EP_COMP_SIZE;
262 }
263 }
264
265 info.has_bulk_in = (in != -1);
266 info.has_bulk_out = (out != -1);
267
268 std::string interface;
269 auto path = android::base::StringPrintf("/sys/bus/usb/devices/%s/%s:1.%d/interface",
270 sysfs_name, sysfs_name, ifc->bInterfaceNumber);
271 if (android::base::ReadFileToString(path, &interface)) {
272 snprintf(info.interface, sizeof(info.interface), "%s", interface.c_str());
273 }
274
275 if(callback(&info) == 0) {
276 *ept_in_id = in;
277 *ept_out_id = out;
278 *ifc_id = ifc->bInterfaceNumber;
279 return 0;
280 }
281 }
282
283 return -1;
284 }
285
read_sysfs_string(const char * sysfs_name,const char * sysfs_node,char * buf,int bufsize)286 static int read_sysfs_string(const char *sysfs_name, const char *sysfs_node,
287 char* buf, int bufsize)
288 {
289 char path[80];
290 int fd, n;
291
292 snprintf(path, sizeof(path),
293 "/sys/bus/usb/devices/%s/%s", sysfs_name, sysfs_node);
294 path[sizeof(path) - 1] = '\0';
295
296 fd = open(path, O_RDONLY);
297 if (fd < 0)
298 return -1;
299
300 n = read(fd, buf, bufsize - 1);
301 close(fd);
302
303 if (n < 0)
304 return -1;
305
306 buf[n] = '\0';
307
308 return n;
309 }
310
read_sysfs_number(const char * sysfs_name,const char * sysfs_node)311 static int read_sysfs_number(const char *sysfs_name, const char *sysfs_node)
312 {
313 char buf[16];
314 int value;
315
316 if (read_sysfs_string(sysfs_name, sysfs_node, buf, sizeof(buf)) < 0)
317 return -1;
318
319 if (sscanf(buf, "%d", &value) != 1)
320 return -1;
321
322 return value;
323 }
324
325 /* Given the name of a USB device in sysfs, get the name for the same
326 * device in devfs. Returns 0 for success, -1 for failure.
327 */
convert_to_devfs_name(const char * sysfs_name,char * devname,int devname_size)328 static int convert_to_devfs_name(const char* sysfs_name,
329 char* devname, int devname_size)
330 {
331 int busnum, devnum;
332
333 busnum = read_sysfs_number(sysfs_name, "busnum");
334 if (busnum < 0)
335 return -1;
336
337 devnum = read_sysfs_number(sysfs_name, "devnum");
338 if (devnum < 0)
339 return -1;
340
341 snprintf(devname, devname_size, "/dev/bus/usb/%03d/%03d", busnum, devnum);
342 return 0;
343 }
344
find_usb_device(const char * base,ifc_match_func callback)345 static std::unique_ptr<usb_handle> find_usb_device(const char* base, ifc_match_func callback)
346 {
347 std::unique_ptr<usb_handle> usb;
348 char devname[64];
349 char desc[1024];
350 int n, in, out, ifc;
351
352 struct dirent *de;
353 int fd;
354 int writable;
355
356 std::unique_ptr<DIR, decltype(&closedir)> busdir(opendir(base), closedir);
357 if (busdir == 0) return 0;
358
359 while ((de = readdir(busdir.get())) && (usb == nullptr)) {
360 if (badname(de->d_name)) continue;
361
362 if (!convert_to_devfs_name(de->d_name, devname, sizeof(devname))) {
363
364 // DBG("[ scanning %s ]\n", devname);
365 writable = 1;
366 if ((fd = open(devname, O_RDWR)) < 0) {
367 // Check if we have read-only access, so we can give a helpful
368 // diagnostic like "adb devices" does.
369 writable = 0;
370 if ((fd = open(devname, O_RDONLY)) < 0) {
371 continue;
372 }
373 }
374
375 n = read(fd, desc, sizeof(desc));
376
377 if (filter_usb_device(de->d_name, desc, n, writable, callback, &in, &out, &ifc) == 0) {
378 usb.reset(new usb_handle());
379 strcpy(usb->fname, devname);
380 usb->ep_in = in;
381 usb->ep_out = out;
382 usb->desc = fd;
383
384 n = ioctl(fd, USBDEVFS_CLAIMINTERFACE, &ifc);
385 if (n != 0) {
386 close(fd);
387 usb.reset();
388 continue;
389 }
390 } else {
391 close(fd);
392 }
393 }
394 }
395
396 return usb;
397 }
398
~LinuxUsbTransport()399 LinuxUsbTransport::~LinuxUsbTransport() {
400 Close();
401 }
402
Write(const void * _data,size_t len)403 ssize_t LinuxUsbTransport::Write(const void* _data, size_t len)
404 {
405 unsigned char *data = (unsigned char*) _data;
406 unsigned count = 0;
407 struct usbdevfs_bulktransfer bulk;
408 int n;
409
410 if (handle_->ep_out == 0 || handle_->desc == -1) {
411 return -1;
412 }
413
414 do {
415 int xfer;
416 xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
417
418 bulk.ep = handle_->ep_out;
419 bulk.len = xfer;
420 bulk.data = data;
421 bulk.timeout = ms_timeout_;
422
423 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk);
424 if(n != xfer) {
425 DBG("ERROR: n = %d, errno = %d (%s)\n",
426 n, errno, strerror(errno));
427 return -1;
428 }
429
430 count += xfer;
431 len -= xfer;
432 data += xfer;
433 } while(len > 0);
434
435 return count;
436 }
437
Read(void * _data,size_t len)438 ssize_t LinuxUsbTransport::Read(void* _data, size_t len)
439 {
440 unsigned char *data = (unsigned char*) _data;
441 unsigned count = 0;
442 struct usbdevfs_bulktransfer bulk;
443 int n, retry;
444
445 if (handle_->ep_in == 0 || handle_->desc == -1) {
446 return -1;
447 }
448
449 while (len > 0) {
450 int xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
451
452 bulk.ep = handle_->ep_in;
453 bulk.len = xfer;
454 bulk.data = data;
455 bulk.timeout = ms_timeout_;
456 retry = 0;
457
458 do {
459 DBG("[ usb read %d fd = %d], fname=%s\n", xfer, handle_->desc, handle_->fname);
460 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk);
461 DBG("[ usb read %d ] = %d, fname=%s, Retry %d \n", xfer, n, handle_->fname, retry);
462
463 if (n < 0) {
464 DBG1("ERROR: n = %d, errno = %d (%s)\n",n, errno, strerror(errno));
465 if (++retry > MAX_RETRIES) return -1;
466 std::this_thread::sleep_for(100ms);
467 }
468 } while (n < 0);
469
470 count += n;
471 len -= n;
472 data += n;
473
474 if(n < xfer) {
475 break;
476 }
477 }
478
479 return count;
480 }
481
Close()482 int LinuxUsbTransport::Close()
483 {
484 int fd;
485
486 fd = handle_->desc;
487 handle_->desc = -1;
488 if(fd >= 0) {
489 close(fd);
490 DBG("[ usb closed %d ]\n", fd);
491 }
492
493 return 0;
494 }
495
Reset()496 int LinuxUsbTransport::Reset() {
497 int ret = 0;
498 // We reset the USB connection
499 if ((ret = ioctl(handle_->desc, USBDEVFS_RESET, 0))) {
500 return ret;
501 }
502
503 return 0;
504 }
505
usb_open(ifc_match_func callback,uint32_t timeout_ms)506 UsbTransport* usb_open(ifc_match_func callback, uint32_t timeout_ms) {
507 std::unique_ptr<usb_handle> handle = find_usb_device("/sys/bus/usb/devices", callback);
508 return handle ? new LinuxUsbTransport(std::move(handle), timeout_ms) : nullptr;
509 }
510
511 /* Wait for the system to notice the device is gone, so that a subsequent
512 * fastboot command won't try to access the device before it's rebooted.
513 * Returns 0 for success, -1 for timeout.
514 */
WaitForDisconnect()515 int LinuxUsbTransport::WaitForDisconnect()
516 {
517 double deadline = now() + WAIT_FOR_DISCONNECT_TIMEOUT;
518 while (now() < deadline) {
519 if (access(handle_->fname, F_OK)) return 0;
520 std::this_thread::sleep_for(50ms);
521 }
522 return -1;
523 }
524