1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include "jdwp/JdwpPriv.h"
17 #include "jdwp/JdwpHandler.h"
18 #include <sys/socket.h>
19 #include <sys/un.h>
20 #include <errno.h>
21 #include <unistd.h>
22
23 /* the JDWP <-> ADB transport protocol is explained in details
24 * in //device/tools/adb/jdwp_service.c, here's a summary.
25 *
26 * 1/ when the JDWP thread starts, it tries to connect to a Unix
27 * domain stream socket (@jdwp-control) that is opened by the
28 * ADB daemon.
29 *
30 * 2/ it then sends the current process PID as a string of 4 hexadecimal
31 * chars (no terminating zero)
32 *
33 * 3/ then, it uses recvmsg to receive file descriptors from the
34 * daemon. each incoming file descriptor is a pass-through to
35 * a given JDWP debugger, that can be used to read the usual
36 * JDWP-handshake, etc...
37 *
38 */
39
40 #define kInputBufferSize 8192
41
42 #define kMagicHandshake "JDWP-Handshake"
43 #define kMagicHandshakeLen (sizeof(kMagicHandshake)-1)
44
45 #define kJdwpControlName "\0jdwp-control"
46 #define kJdwpControlNameLen (sizeof(kJdwpControlName)-1)
47
48 struct JdwpNetState {
49 int controlSock;
50 int clientSock;
51 bool awaitingHandshake;
52 bool shuttingDown;
53 int wakeFds[2];
54
55 int inputCount;
56 unsigned char inputBuffer[kInputBufferSize];
57
58 socklen_t controlAddrLen;
59 union {
60 struct sockaddr_un controlAddrUn;
61 struct sockaddr controlAddrPlain;
62 } controlAddr;
63 };
64
65 static void
adbStateFree(JdwpNetState * netState)66 adbStateFree( JdwpNetState* netState )
67 {
68 if (netState == NULL)
69 return;
70
71 if (netState->clientSock >= 0) {
72 shutdown(netState->clientSock, SHUT_RDWR);
73 close(netState->clientSock);
74 }
75 if (netState->controlSock >= 0) {
76 shutdown(netState->controlSock, SHUT_RDWR);
77 close(netState->controlSock);
78 }
79 if (netState->wakeFds[0] >= 0) {
80 close(netState->wakeFds[0]);
81 netState->wakeFds[0] = -1;
82 }
83 if (netState->wakeFds[1] >= 0) {
84 close(netState->wakeFds[1]);
85 netState->wakeFds[1] = -1;
86 }
87
88 free(netState);
89 }
90
91
92 static JdwpNetState*
adbStateAlloc(void)93 adbStateAlloc(void)
94 {
95 JdwpNetState* netState = calloc(sizeof(*netState),1);
96
97 netState->controlSock = -1;
98 netState->clientSock = -1;
99
100 netState->controlAddr.controlAddrUn.sun_family = AF_UNIX;
101 netState->controlAddrLen =
102 sizeof(netState->controlAddr.controlAddrUn.sun_family) +
103 kJdwpControlNameLen;
104
105 memcpy(netState->controlAddr.controlAddrUn.sun_path,
106 kJdwpControlName, kJdwpControlNameLen);
107
108 netState->wakeFds[0] = -1;
109 netState->wakeFds[1] = -1;
110
111 return netState;
112 }
113
114
115 /*
116 * Do initial prep work, e.g. binding to ports and opening files. This
117 * runs in the main thread, before the JDWP thread starts, so it shouldn't
118 * do anything that might block forever.
119 */
startup(struct JdwpState * state,const JdwpStartupParams * pParams)120 static bool startup(struct JdwpState* state, const JdwpStartupParams* pParams)
121 {
122 JdwpNetState* netState;
123
124 LOGV("ADB transport startup\n");
125
126 state->netState = netState = adbStateAlloc();
127 if (netState == NULL)
128 return false;
129
130 return true;
131 }
132
133 /*
134 * Receive a file descriptor from ADB. The fd can be used to communicate
135 * directly with a debugger or DDMS.
136 *
137 * Returns the file descriptor on success. On failure, returns -1 and
138 * closes netState->controlSock.
139 */
receiveClientFd(JdwpNetState * netState)140 static int receiveClientFd(JdwpNetState* netState)
141 {
142 struct msghdr msg;
143 struct cmsghdr* cmsg;
144 struct iovec iov;
145 char dummy = '!';
146 union {
147 struct cmsghdr cm;
148 char buffer[CMSG_SPACE(sizeof(int))];
149 } cm_un;
150 int ret;
151
152 iov.iov_base = &dummy;
153 iov.iov_len = 1;
154 msg.msg_name = NULL;
155 msg.msg_namelen = 0;
156 msg.msg_iov = &iov;
157 msg.msg_iovlen = 1;
158 msg.msg_flags = 0;
159 msg.msg_control = cm_un.buffer;
160 msg.msg_controllen = sizeof(cm_un.buffer);
161
162 cmsg = CMSG_FIRSTHDR(&msg);
163 cmsg->cmsg_len = msg.msg_controllen;
164 cmsg->cmsg_level = SOL_SOCKET;
165 cmsg->cmsg_type = SCM_RIGHTS;
166 ((int*)CMSG_DATA(cmsg))[0] = -1;
167
168 do {
169 ret = recvmsg(netState->controlSock, &msg, 0);
170 } while (ret < 0 && errno == EINTR);
171
172 if (ret <= 0) {
173 if (ret < 0) {
174 LOGW("receiving file descriptor from ADB failed (socket %d): %s\n",
175 netState->controlSock, strerror(errno));
176 } else {
177 LOGD("adbd disconnected\n");
178 }
179 close(netState->controlSock);
180 netState->controlSock = -1;
181 return -1;
182 }
183
184 return ((int*)CMSG_DATA(cmsg))[0];
185 }
186
187 /*
188 * Block forever, waiting for a debugger to connect to us. Called from the
189 * JDWP thread.
190 *
191 * This needs to un-block and return "false" if the VM is shutting down. It
192 * should return "true" when it successfully accepts a connection.
193 */
acceptConnection(struct JdwpState * state)194 static bool acceptConnection(struct JdwpState* state)
195 {
196 JdwpNetState* netState = state->netState;
197 int retryCount = 0;
198
199 /* first, ensure that we get a connection to the ADB daemon */
200
201 retry:
202 if (netState->shuttingDown)
203 return false;
204
205 if (netState->controlSock < 0) {
206 int sleep_ms = 500;
207 const int sleep_max_ms = 2*1000;
208 char buff[5];
209
210 netState->controlSock = socket(PF_UNIX, SOCK_STREAM, 0);
211 if (netState->controlSock < 0) {
212 LOGE("Could not create ADB control socket:%s\n",
213 strerror(errno));
214 return false;
215 }
216
217 if (pipe(netState->wakeFds) < 0) {
218 LOGE("pipe failed");
219 return false;
220 }
221
222 snprintf(buff, sizeof(buff), "%04x", getpid());
223 buff[4] = 0;
224
225 for (;;) {
226 /*
227 * If adbd isn't running, because USB debugging was disabled or
228 * perhaps the system is restarting it for "adb root", the
229 * connect() will fail. We loop here forever waiting for it
230 * to come back.
231 *
232 * Waking up and polling every couple of seconds is generally a
233 * bad thing to do, but we only do this if the application is
234 * debuggable *and* adbd isn't running. Still, for the sake
235 * of battery life, we should consider timing out and giving
236 * up after a few minutes in case somebody ships an app with
237 * the debuggable flag set.
238 */
239 int ret = connect(netState->controlSock,
240 &netState->controlAddr.controlAddrPlain,
241 netState->controlAddrLen);
242 if (!ret) {
243 /* now try to send our pid to the ADB daemon */
244 do {
245 ret = send( netState->controlSock, buff, 4, 0 );
246 } while (ret < 0 && errno == EINTR);
247
248 if (ret >= 0) {
249 LOGV("PID sent as '%.*s' to ADB\n", 4, buff);
250 break;
251 }
252
253 LOGE("Weird, can't send JDWP process pid to ADB: %s\n",
254 strerror(errno));
255 return false;
256 }
257 LOGV("Can't connect to ADB control socket:%s\n",
258 strerror(errno));
259
260 usleep( sleep_ms*1000 );
261
262 sleep_ms += (sleep_ms >> 1);
263 if (sleep_ms > sleep_max_ms)
264 sleep_ms = sleep_max_ms;
265 }
266 }
267
268 LOGV("trying to receive file descriptor from ADB\n");
269 /* now we can receive a client file descriptor */
270 netState->clientSock = receiveClientFd(netState);
271 if (netState->shuttingDown)
272 return false; // suppress logs and additional activity
273
274 if (netState->clientSock < 0) {
275 if (++retryCount > 5) {
276 LOGE("adb connection max retries exceeded\n");
277 return false;
278 }
279 goto retry;
280 } else {
281 LOGV("received file descriptor %d from ADB\n", netState->clientSock);
282 netState->awaitingHandshake = 1;
283 netState->inputCount = 0;
284 return true;
285 }
286 }
287
288 /*
289 * Connect out to a debugger (for server=n). Not required.
290 */
establishConnection(struct JdwpState * state)291 static bool establishConnection(struct JdwpState* state)
292 {
293 return false;
294 }
295
296 /*
297 * Close a connection from a debugger (which may have already dropped us).
298 * Only called from the JDWP thread.
299 */
closeConnection(struct JdwpState * state)300 static void closeConnection(struct JdwpState* state)
301 {
302 JdwpNetState* netState;
303
304 assert(state != NULL && state->netState != NULL);
305
306 netState = state->netState;
307 if (netState->clientSock < 0)
308 return;
309
310 LOGV("+++ closed JDWP <-> ADB connection\n");
311
312 close(netState->clientSock);
313 netState->clientSock = -1;
314 }
315
316 /*
317 * Close all network stuff, including the socket we use to listen for
318 * new connections.
319 *
320 * May be called from a non-JDWP thread, e.g. when the VM is shutting down.
321 */
adbStateShutdown(struct JdwpNetState * netState)322 static void adbStateShutdown(struct JdwpNetState* netState)
323 {
324 int controlSock;
325 int clientSock;
326
327 if (netState == NULL)
328 return;
329
330 netState->shuttingDown = true;
331
332 clientSock = netState->clientSock;
333 if (clientSock >= 0) {
334 shutdown(clientSock, SHUT_RDWR);
335 netState->clientSock = -1;
336 }
337
338 controlSock = netState->controlSock;
339 if (controlSock >= 0) {
340 shutdown(controlSock, SHUT_RDWR);
341 netState->controlSock = -1;
342 }
343
344 if (netState->wakeFds[1] >= 0) {
345 LOGV("+++ writing to wakePipe\n");
346 (void) write(netState->wakeFds[1], "", 1);
347 }
348 }
349
netShutdown(JdwpState * state)350 static void netShutdown(JdwpState* state)
351 {
352 adbStateShutdown(state->netState);
353 }
354
355 /*
356 * Free up anything we put in state->netState. This is called after
357 * "netShutdown", after the JDWP thread has stopped.
358 */
netFree(struct JdwpState * state)359 static void netFree(struct JdwpState* state)
360 {
361 JdwpNetState* netState = state->netState;
362
363 adbStateFree(netState);
364 }
365
366 /*
367 * Is a debugger connected to us?
368 */
isConnected(struct JdwpState * state)369 static bool isConnected(struct JdwpState* state)
370 {
371 return (state->netState != NULL &&
372 state->netState->clientSock >= 0);
373 }
374
375 /*
376 * Are we still waiting for the JDWP handshake?
377 */
awaitingHandshake(struct JdwpState * state)378 static bool awaitingHandshake(struct JdwpState* state)
379 {
380 return state->netState->awaitingHandshake;
381 }
382
383 /*
384 * Figure out if we have a full packet in the buffer.
385 */
haveFullPacket(JdwpNetState * netState)386 static bool haveFullPacket(JdwpNetState* netState)
387 {
388 long length;
389
390 if (netState->awaitingHandshake)
391 return (netState->inputCount >= (int) kMagicHandshakeLen);
392
393 if (netState->inputCount < 4)
394 return false;
395
396 length = get4BE(netState->inputBuffer);
397 return (netState->inputCount >= length);
398 }
399
400 /*
401 * Consume bytes from the buffer.
402 *
403 * This would be more efficient with a circular buffer. However, we're
404 * usually only going to find one packet, which is trivial to handle.
405 */
consumeBytes(JdwpNetState * netState,int count)406 static void consumeBytes(JdwpNetState* netState, int count)
407 {
408 assert(count > 0);
409 assert(count <= netState->inputCount);
410
411 if (count == netState->inputCount) {
412 netState->inputCount = 0;
413 return;
414 }
415
416 memmove(netState->inputBuffer, netState->inputBuffer + count,
417 netState->inputCount - count);
418 netState->inputCount -= count;
419 }
420
421 /*
422 * Handle a packet. Returns "false" if we encounter a connection-fatal error.
423 */
handlePacket(JdwpState * state)424 static bool handlePacket(JdwpState* state)
425 {
426 JdwpNetState* netState = state->netState;
427 const unsigned char* buf = netState->inputBuffer;
428 JdwpReqHeader hdr;
429 u4 length, id;
430 u1 flags, cmdSet, cmd;
431 u2 error;
432 bool reply;
433 int dataLen;
434
435 cmd = cmdSet = 0; // shut up gcc
436
437 length = read4BE(&buf);
438 id = read4BE(&buf);
439 flags = read1(&buf);
440 if ((flags & kJDWPFlagReply) != 0) {
441 reply = true;
442 error = read2BE(&buf);
443 } else {
444 reply = false;
445 cmdSet = read1(&buf);
446 cmd = read1(&buf);
447 }
448
449 assert((int) length <= netState->inputCount);
450 dataLen = length - (buf - netState->inputBuffer);
451
452 if (!reply) {
453 ExpandBuf* pReply = expandBufAlloc();
454
455 hdr.length = length;
456 hdr.id = id;
457 hdr.cmdSet = cmdSet;
458 hdr.cmd = cmd;
459 dvmJdwpProcessRequest(state, &hdr, buf, dataLen, pReply);
460 if (expandBufGetLength(pReply) > 0) {
461 int cc;
462
463 /*
464 * TODO: we currently assume the write() will complete in one
465 * go, which may not be safe for a network socket. We may need
466 * to mutex this against sendRequest().
467 */
468 cc = write(netState->clientSock, expandBufGetBuffer(pReply),
469 expandBufGetLength(pReply));
470 if (cc != (int) expandBufGetLength(pReply)) {
471 LOGE("Failed sending reply to debugger: %s\n", strerror(errno));
472 expandBufFree(pReply);
473 return false;
474 }
475 } else {
476 LOGW("No reply created for set=%d cmd=%d\n", cmdSet, cmd);
477 }
478 expandBufFree(pReply);
479 } else {
480 LOGV("reply?!\n");
481 assert(false);
482 }
483
484 LOGV("----------\n");
485
486 consumeBytes(netState, length);
487 return true;
488 }
489
490 /*
491 * Process incoming data. If no data is available, this will block until
492 * some arrives.
493 *
494 * If we get a full packet, handle it.
495 *
496 * To take some of the mystery out of life, we want to reject incoming
497 * connections if we already have a debugger attached. If we don't, the
498 * debugger will just mysteriously hang until it times out. We could just
499 * close the listen socket, but there's a good chance we won't be able to
500 * bind to the same port again, which would confuse utilities.
501 *
502 * Returns "false" on error (indicating that the connection has been severed),
503 * "true" if things are still okay.
504 */
processIncoming(JdwpState * state)505 static bool processIncoming(JdwpState* state)
506 {
507 JdwpNetState* netState = state->netState;
508 int readCount;
509
510 assert(netState->clientSock >= 0);
511
512 if (!haveFullPacket(netState)) {
513 /* read some more, looping until we have data */
514 errno = 0;
515 while (1) {
516 int selCount;
517 fd_set readfds;
518 int maxfd = -1;
519 int fd;
520
521 FD_ZERO(&readfds);
522
523 /* configure fds; note these may get zapped by another thread */
524 fd = netState->controlSock;
525 if (fd >= 0) {
526 FD_SET(fd, &readfds);
527 if (maxfd < fd)
528 maxfd = fd;
529 }
530 fd = netState->clientSock;
531 if (fd >= 0) {
532 FD_SET(fd, &readfds);
533 if (maxfd < fd)
534 maxfd = fd;
535 }
536 fd = netState->wakeFds[0];
537 if (fd >= 0) {
538 FD_SET(fd, &readfds);
539 if (maxfd < fd)
540 maxfd = fd;
541 } else {
542 LOGI("NOTE: entering select w/o wakepipe\n");
543 }
544
545 if (maxfd < 0) {
546 LOGV("+++ all fds are closed\n");
547 return false;
548 }
549
550 /*
551 * Select blocks until it sees activity on the file descriptors.
552 * Closing the local file descriptor does not count as activity,
553 * so we can't rely on that to wake us up (it works for read()
554 * and accept(), but not select()).
555 *
556 * We can do one of three things: (1) send a signal and catch
557 * EINTR, (2) open an additional fd ("wakePipe") and write to
558 * it when it's time to exit, or (3) time out periodically and
559 * re-issue the select. We're currently using #2, as it's more
560 * reliable than #1 and generally better than #3. Wastes two fds.
561 */
562 selCount = select(maxfd+1, &readfds, NULL, NULL, NULL);
563 if (selCount < 0) {
564 if (errno == EINTR)
565 continue;
566 LOGE("select failed: %s\n", strerror(errno));
567 goto fail;
568 }
569
570 if (netState->wakeFds[0] >= 0 &&
571 FD_ISSET(netState->wakeFds[0], &readfds))
572 {
573 LOGD("Got wake-up signal, bailing out of select\n");
574 goto fail;
575 }
576 if (netState->controlSock >= 0 &&
577 FD_ISSET(netState->controlSock, &readfds))
578 {
579 int sock = receiveClientFd(netState);
580 if (sock >= 0) {
581 LOGI("Ignoring second debugger -- accepting and dropping\n");
582 close(sock);
583 } else {
584 assert(netState->controlSock < 0);
585 /*
586 * Remote side most likely went away, so our next read
587 * on netState->clientSock will fail and throw us out
588 * of the loop.
589 */
590 }
591 }
592 if (netState->clientSock >= 0 &&
593 FD_ISSET(netState->clientSock, &readfds))
594 {
595 readCount = read(netState->clientSock,
596 netState->inputBuffer + netState->inputCount,
597 sizeof(netState->inputBuffer) - netState->inputCount);
598 if (readCount < 0) {
599 /* read failed */
600 if (errno != EINTR)
601 goto fail;
602 LOGD("+++ EINTR hit\n");
603 return true;
604 } else if (readCount == 0) {
605 /* EOF hit -- far end went away */
606 LOGV("+++ peer disconnected\n");
607 goto fail;
608 } else
609 break;
610 }
611 }
612
613 netState->inputCount += readCount;
614 if (!haveFullPacket(netState))
615 return true; /* still not there yet */
616 }
617
618 /*
619 * Special-case the initial handshake. For some bizarre reason we're
620 * expected to emulate bad tty settings by echoing the request back
621 * exactly as it was sent. Note the handshake is always initiated by
622 * the debugger, no matter who connects to whom.
623 *
624 * Other than this one case, the protocol [claims to be] stateless.
625 */
626 if (netState->awaitingHandshake) {
627 int cc;
628
629 if (memcmp(netState->inputBuffer,
630 kMagicHandshake, kMagicHandshakeLen) != 0)
631 {
632 LOGE("ERROR: bad handshake '%.14s'\n", netState->inputBuffer);
633 goto fail;
634 }
635
636 errno = 0;
637 cc = write(netState->clientSock, netState->inputBuffer,
638 kMagicHandshakeLen);
639 if (cc != kMagicHandshakeLen) {
640 LOGE("Failed writing handshake bytes: %s (%d of %d)\n",
641 strerror(errno), cc, (int) kMagicHandshakeLen);
642 goto fail;
643 }
644
645 consumeBytes(netState, kMagicHandshakeLen);
646 netState->awaitingHandshake = false;
647 LOGV("+++ handshake complete\n");
648 return true;
649 }
650
651 /*
652 * Handle this packet.
653 */
654 return handlePacket(state);
655
656 fail:
657 closeConnection(state);
658 return false;
659 }
660
661 /*
662 * Send a request.
663 *
664 * The entire packet must be sent with a single write() call to avoid
665 * threading issues.
666 *
667 * Returns "true" if it was sent successfully.
668 */
sendRequest(JdwpState * state,ExpandBuf * pReq)669 static bool sendRequest(JdwpState* state, ExpandBuf* pReq)
670 {
671 JdwpNetState* netState = state->netState;
672 int cc;
673
674 if (netState->clientSock < 0) {
675 /* can happen with some DDMS events */
676 LOGV("NOT sending request -- no debugger is attached\n");
677 return false;
678 }
679
680 /*
681 * TODO: we currently assume the write() will complete in one
682 * go, which may not be safe for a network socket. We may need
683 * to mutex this against handlePacket().
684 */
685 errno = 0;
686 cc = write(netState->clientSock, expandBufGetBuffer(pReq),
687 expandBufGetLength(pReq));
688 if (cc != (int) expandBufGetLength(pReq)) {
689 LOGE("Failed sending req to debugger: %s (%d of %d)\n",
690 strerror(errno), cc, (int) expandBufGetLength(pReq));
691 return false;
692 }
693
694 return true;
695 }
696
697 /*
698 * Send a request that was split into multiple buffers.
699 *
700 * The entire packet must be sent with a single writev() call to avoid
701 * threading issues.
702 *
703 * Returns "true" if it was sent successfully.
704 */
sendBufferedRequest(JdwpState * state,const struct iovec * iov,int iovcnt)705 static bool sendBufferedRequest(JdwpState* state, const struct iovec* iov,
706 int iovcnt)
707 {
708 JdwpNetState* netState = state->netState;
709
710 if (netState->clientSock < 0) {
711 /* can happen with some DDMS events */
712 LOGV("NOT sending request -- no debugger is attached\n");
713 return false;
714 }
715
716 size_t expected = 0;
717 int i;
718 for (i = 0; i < iovcnt; i++)
719 expected += iov[i].iov_len;
720
721 /*
722 * TODO: we currently assume the writev() will complete in one
723 * go, which may not be safe for a network socket. We may need
724 * to mutex this against handlePacket().
725 */
726 ssize_t actual;
727 actual = writev(netState->clientSock, iov, iovcnt);
728 if ((size_t)actual != expected) {
729 LOGE("Failed sending b-req to debugger: %s (%d of %zu)\n",
730 strerror(errno), (int) actual, expected);
731 return false;
732 }
733
734 return true;
735 }
736
737
738 /*
739 * Our functions.
740 */
741 static const JdwpTransport socketTransport = {
742 startup,
743 acceptConnection,
744 establishConnection,
745 closeConnection,
746 netShutdown,
747 netFree,
748 isConnected,
749 awaitingHandshake,
750 processIncoming,
751 sendRequest,
752 sendBufferedRequest
753 };
754
755 /*
756 * Return our set.
757 */
dvmJdwpAndroidAdbTransport(void)758 const JdwpTransport* dvmJdwpAndroidAdbTransport(void)
759 {
760 return &socketTransport;
761 }
762