1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "jdwp/JdwpPriv.h"
18 #include "jdwp/JdwpHandler.h"
19 #include <sys/socket.h>
20 #include <sys/un.h>
21 #include <errno.h>
22 #include <unistd.h>
23 #include <cutils/sockets.h>
24
25 /*
26 * The JDWP <-> ADB transport protocol is explained in detail
27 * in system/core/adb/jdwp_service.c. Here's a summary.
28 *
29 * 1/ when the JDWP thread starts, it tries to connect to a Unix
30 * domain stream socket (@jdwp-control) that is opened by the
31 * ADB daemon.
32 *
33 * 2/ it then sends the current process PID as a string of 4 hexadecimal
34 * chars (no terminating zero)
35 *
36 * 3/ then, it uses recvmsg to receive file descriptors from the
37 * daemon. each incoming file descriptor is a pass-through to
38 * a given JDWP debugger, that can be used to read the usual
39 * JDWP-handshake, etc...
40 */
41
42 #define kInputBufferSize 8192
43
44 #define kMagicHandshake "JDWP-Handshake"
45 #define kMagicHandshakeLen (sizeof(kMagicHandshake)-1)
46
47 #define kJdwpControlName "\0jdwp-control"
48 #define kJdwpControlNameLen (sizeof(kJdwpControlName)-1)
49
50 struct JdwpNetState : public JdwpNetStateBase {
51 int controlSock;
52 bool awaitingHandshake;
53 bool shuttingDown;
54 int wakeFds[2];
55
56 int inputCount;
57 unsigned char inputBuffer[kInputBufferSize];
58
59 socklen_t controlAddrLen;
60 union {
61 struct sockaddr_un controlAddrUn;
62 struct sockaddr controlAddrPlain;
63 } controlAddr;
64
JdwpNetStateJdwpNetState65 JdwpNetState()
66 {
67 controlSock = -1;
68 awaitingHandshake = false;
69 shuttingDown = false;
70 wakeFds[0] = -1;
71 wakeFds[1] = -1;
72
73 inputCount = 0;
74
75 controlAddr.controlAddrUn.sun_family = AF_UNIX;
76 controlAddrLen = sizeof(controlAddr.controlAddrUn.sun_family) +
77 kJdwpControlNameLen;
78 memcpy(controlAddr.controlAddrUn.sun_path, kJdwpControlName,
79 kJdwpControlNameLen);
80 }
81 };
82
83 static void
adbStateFree(JdwpNetState * netState)84 adbStateFree( JdwpNetState* netState )
85 {
86 if (netState == NULL)
87 return;
88
89 if (netState->clientSock >= 0) {
90 shutdown(netState->clientSock, SHUT_RDWR);
91 close(netState->clientSock);
92 }
93 if (netState->controlSock >= 0) {
94 shutdown(netState->controlSock, SHUT_RDWR);
95 close(netState->controlSock);
96 }
97 if (netState->wakeFds[0] >= 0) {
98 close(netState->wakeFds[0]);
99 netState->wakeFds[0] = -1;
100 }
101 if (netState->wakeFds[1] >= 0) {
102 close(netState->wakeFds[1]);
103 netState->wakeFds[1] = -1;
104 }
105
106 delete netState;
107 }
108
109 /*
110 * Do initial prep work, e.g. binding to ports and opening files. This
111 * runs in the main thread, before the JDWP thread starts, so it shouldn't
112 * do anything that might block forever.
113 */
startup(struct JdwpState * state,const JdwpStartupParams * pParams)114 static bool startup(struct JdwpState* state, const JdwpStartupParams* pParams)
115 {
116 JdwpNetState* netState;
117
118 ALOGV("ADB transport startup");
119
120 state->netState = netState = new JdwpNetState;
121 if (netState == NULL)
122 return false;
123
124 return true;
125 }
126
127 /*
128 * Receive a file descriptor from ADB. The fd can be used to communicate
129 * directly with a debugger or DDMS.
130 *
131 * Returns the file descriptor on success. On failure, returns -1 and
132 * closes netState->controlSock.
133 */
receiveClientFd(JdwpNetState * netState)134 static int receiveClientFd(JdwpNetState* netState)
135 {
136 struct msghdr msg;
137 struct cmsghdr* cmsg;
138 struct iovec iov;
139 char dummy = '!';
140 union {
141 struct cmsghdr cm;
142 char buffer[CMSG_SPACE(sizeof(int))];
143 } cm_un;
144 int ret;
145
146 iov.iov_base = &dummy;
147 iov.iov_len = 1;
148 msg.msg_name = NULL;
149 msg.msg_namelen = 0;
150 msg.msg_iov = &iov;
151 msg.msg_iovlen = 1;
152 msg.msg_flags = 0;
153 msg.msg_control = cm_un.buffer;
154 msg.msg_controllen = sizeof(cm_un.buffer);
155
156 cmsg = CMSG_FIRSTHDR(&msg);
157 cmsg->cmsg_len = msg.msg_controllen;
158 cmsg->cmsg_level = SOL_SOCKET;
159 cmsg->cmsg_type = SCM_RIGHTS;
160 ((int*)(void*)CMSG_DATA(cmsg))[0] = -1;
161
162 do {
163 ret = recvmsg(netState->controlSock, &msg, 0);
164 } while (ret < 0 && errno == EINTR);
165
166 if (ret <= 0) {
167 if (ret < 0) {
168 ALOGW("receiving file descriptor from ADB failed (socket %d): %s",
169 netState->controlSock, strerror(errno));
170 }
171 close(netState->controlSock);
172 netState->controlSock = -1;
173 return -1;
174 }
175
176 return ((int*)(void*)CMSG_DATA(cmsg))[0];
177 }
178
179 /*
180 * Block forever, waiting for a debugger to connect to us. Called from the
181 * JDWP thread.
182 *
183 * This needs to un-block and return "false" if the VM is shutting down. It
184 * should return "true" when it successfully accepts a connection.
185 */
acceptConnection(struct JdwpState * state)186 static bool acceptConnection(struct JdwpState* state)
187 {
188 JdwpNetState* netState = state->netState;
189 int retryCount = 0;
190
191 /* first, ensure that we get a connection to the ADB daemon */
192
193 retry:
194 if (netState->shuttingDown)
195 return false;
196
197 if (netState->controlSock < 0) {
198 int sleep_ms = 500;
199 const int sleep_max_ms = 2*1000;
200 char buff[5];
201
202 netState->controlSock = socket(PF_UNIX, SOCK_STREAM, 0);
203 if (netState->controlSock < 0) {
204 ALOGE("Could not create ADB control socket:%s",
205 strerror(errno));
206 return false;
207 }
208
209 if (pipe(netState->wakeFds) < 0) {
210 ALOGE("pipe failed");
211 return false;
212 }
213
214 snprintf(buff, sizeof(buff), "%04x", getpid());
215 buff[4] = 0;
216
217 for (;;) {
218 /*
219 * If adbd isn't running, because USB debugging was disabled or
220 * perhaps the system is restarting it for "adb root", the
221 * connect() will fail. We loop here forever waiting for it
222 * to come back.
223 *
224 * Waking up and polling every couple of seconds is generally a
225 * bad thing to do, but we only do this if the application is
226 * debuggable *and* adbd isn't running. Still, for the sake
227 * of battery life, we should consider timing out and giving
228 * up after a few minutes in case somebody ships an app with
229 * the debuggable flag set.
230 */
231 int ret = connect(netState->controlSock,
232 &netState->controlAddr.controlAddrPlain,
233 netState->controlAddrLen);
234 if (!ret) {
235 if (!socket_peer_is_trusted(netState->controlSock)) {
236 if (shutdown(netState->controlSock, SHUT_RDWR)) {
237 ALOGE("trouble shutting down socket: %s", strerror(errno));
238 }
239 return false;
240 }
241
242 /* now try to send our pid to the ADB daemon */
243 do {
244 ret = send( netState->controlSock, buff, 4, 0 );
245 } while (ret < 0 && errno == EINTR);
246
247 if (ret >= 0) {
248 ALOGV("PID sent as '%.*s' to ADB", 4, buff);
249 break;
250 }
251
252 ALOGE("Weird, can't send JDWP process pid to ADB: %s",
253 strerror(errno));
254 return false;
255 }
256 ALOGV("Can't connect to ADB control socket:%s",
257 strerror(errno));
258
259 usleep( sleep_ms*1000 );
260
261 sleep_ms += (sleep_ms >> 1);
262 if (sleep_ms > sleep_max_ms)
263 sleep_ms = sleep_max_ms;
264
265 if (netState->shuttingDown)
266 return false;
267 }
268 }
269
270 ALOGV("trying to receive file descriptor from ADB");
271 /* now we can receive a client file descriptor */
272 netState->clientSock = receiveClientFd(netState);
273 if (netState->shuttingDown)
274 return false; // suppress logs and additional activity
275
276 if (netState->clientSock < 0) {
277 if (++retryCount > 5) {
278 ALOGE("adb connection max retries exceeded");
279 return false;
280 }
281 goto retry;
282 } else {
283 ALOGV("received file descriptor %d from ADB", netState->clientSock);
284 netState->awaitingHandshake = 1;
285 netState->inputCount = 0;
286 return true;
287 }
288 }
289
290 /*
291 * Connect out to a debugger (for server=n). Not required.
292 */
establishConnection(struct JdwpState * state)293 static bool establishConnection(struct JdwpState* state)
294 {
295 return false;
296 }
297
298 /*
299 * Close a connection from a debugger (which may have already dropped us).
300 * Only called from the JDWP thread.
301 */
closeConnection(struct JdwpState * state)302 static void closeConnection(struct JdwpState* state)
303 {
304 JdwpNetState* netState;
305
306 assert(state != NULL && state->netState != NULL);
307
308 netState = state->netState;
309 if (netState->clientSock < 0)
310 return;
311
312 ALOGV("+++ closed JDWP <-> ADB connection");
313
314 close(netState->clientSock);
315 netState->clientSock = -1;
316 }
317
318 /*
319 * Close all network stuff, including the socket we use to listen for
320 * new connections.
321 *
322 * May be called from a non-JDWP thread, e.g. when the VM is shutting down.
323 */
adbStateShutdown(struct JdwpNetState * netState)324 static void adbStateShutdown(struct JdwpNetState* netState)
325 {
326 int controlSock;
327 int clientSock;
328
329 if (netState == NULL)
330 return;
331
332 netState->shuttingDown = true;
333
334 clientSock = netState->clientSock;
335 if (clientSock >= 0) {
336 shutdown(clientSock, SHUT_RDWR);
337 netState->clientSock = -1;
338 }
339
340 controlSock = netState->controlSock;
341 if (controlSock >= 0) {
342 shutdown(controlSock, SHUT_RDWR);
343 netState->controlSock = -1;
344 }
345
346 if (netState->wakeFds[1] >= 0) {
347 ALOGV("+++ writing to wakePipe");
348 TEMP_FAILURE_RETRY(write(netState->wakeFds[1], "", 1));
349 }
350 }
351
netShutdown(JdwpState * state)352 static void netShutdown(JdwpState* state)
353 {
354 adbStateShutdown(state->netState);
355 }
356
357 /*
358 * Free up anything we put in state->netState. This is called after
359 * "netShutdown", after the JDWP thread has stopped.
360 */
netFree(struct JdwpState * state)361 static void netFree(struct JdwpState* state)
362 {
363 JdwpNetState* netState = state->netState;
364
365 adbStateFree(netState);
366 }
367
368 /*
369 * Is a debugger connected to us?
370 */
isConnected(struct JdwpState * state)371 static bool isConnected(struct JdwpState* state)
372 {
373 return (state->netState != NULL &&
374 state->netState->clientSock >= 0);
375 }
376
377 /*
378 * Are we still waiting for the JDWP handshake?
379 */
awaitingHandshake(struct JdwpState * state)380 static bool awaitingHandshake(struct JdwpState* state)
381 {
382 return state->netState->awaitingHandshake;
383 }
384
385 /*
386 * Figure out if we have a full packet in the buffer.
387 */
haveFullPacket(JdwpNetState * netState)388 static bool haveFullPacket(JdwpNetState* netState)
389 {
390 long length;
391
392 if (netState->awaitingHandshake)
393 return (netState->inputCount >= (int) kMagicHandshakeLen);
394
395 if (netState->inputCount < 4)
396 return false;
397
398 length = get4BE(netState->inputBuffer);
399 return (netState->inputCount >= length);
400 }
401
402 /*
403 * Consume bytes from the buffer.
404 *
405 * This would be more efficient with a circular buffer. However, we're
406 * usually only going to find one packet, which is trivial to handle.
407 */
consumeBytes(JdwpNetState * netState,int count)408 static void consumeBytes(JdwpNetState* netState, int count)
409 {
410 assert(count > 0);
411 assert(count <= netState->inputCount);
412
413 if (count == netState->inputCount) {
414 netState->inputCount = 0;
415 return;
416 }
417
418 memmove(netState->inputBuffer, netState->inputBuffer + count,
419 netState->inputCount - count);
420 netState->inputCount -= count;
421 }
422
423 /*
424 * Handle a packet. Returns "false" if we encounter a connection-fatal error.
425 */
handlePacket(JdwpState * state)426 static bool handlePacket(JdwpState* state)
427 {
428 JdwpNetState* netState = state->netState;
429 const unsigned char* buf = netState->inputBuffer;
430 JdwpReqHeader hdr;
431 u4 length, id;
432 u1 flags, cmdSet, cmd;
433 u2 error;
434 bool reply;
435 int dataLen;
436
437 cmd = cmdSet = 0; // shut up gcc
438
439 length = read4BE(&buf);
440 id = read4BE(&buf);
441 flags = read1(&buf);
442 if ((flags & kJDWPFlagReply) != 0) {
443 reply = true;
444 error = read2BE(&buf);
445 } else {
446 reply = false;
447 cmdSet = read1(&buf);
448 cmd = read1(&buf);
449 }
450
451 assert((int) length <= netState->inputCount);
452 dataLen = length - (buf - netState->inputBuffer);
453
454 if (!reply) {
455 ExpandBuf* pReply = expandBufAlloc();
456
457 hdr.length = length;
458 hdr.id = id;
459 hdr.cmdSet = cmdSet;
460 hdr.cmd = cmd;
461 dvmJdwpProcessRequest(state, &hdr, buf, dataLen, pReply);
462 if (expandBufGetLength(pReply) > 0) {
463 ssize_t cc = netState->writePacket(pReply);
464
465 if (cc != (ssize_t) expandBufGetLength(pReply)) {
466 ALOGE("Failed sending reply to debugger: %s", strerror(errno));
467 expandBufFree(pReply);
468 return false;
469 }
470 } else {
471 ALOGW("No reply created for set=%d cmd=%d", cmdSet, cmd);
472 }
473 expandBufFree(pReply);
474 } else {
475 ALOGV("reply?!");
476 assert(false);
477 }
478
479 ALOGV("----------");
480
481 consumeBytes(netState, length);
482 return true;
483 }
484
485 /*
486 * Process incoming data. If no data is available, this will block until
487 * some arrives.
488 *
489 * If we get a full packet, handle it.
490 *
491 * To take some of the mystery out of life, we want to reject incoming
492 * connections if we already have a debugger attached. If we don't, the
493 * debugger will just mysteriously hang until it times out. We could just
494 * close the listen socket, but there's a good chance we won't be able to
495 * bind to the same port again, which would confuse utilities.
496 *
497 * Returns "false" on error (indicating that the connection has been severed),
498 * "true" if things are still okay.
499 */
processIncoming(JdwpState * state)500 static bool processIncoming(JdwpState* state)
501 {
502 JdwpNetState* netState = state->netState;
503 int readCount;
504
505 assert(netState->clientSock >= 0);
506
507 if (!haveFullPacket(netState)) {
508 /* read some more, looping until we have data */
509 errno = 0;
510 while (1) {
511 int selCount;
512 fd_set readfds;
513 int maxfd = -1;
514 int fd;
515
516 FD_ZERO(&readfds);
517
518 /* configure fds; note these may get zapped by another thread */
519 fd = netState->controlSock;
520 if (fd >= 0) {
521 FD_SET(fd, &readfds);
522 if (maxfd < fd)
523 maxfd = fd;
524 }
525 fd = netState->clientSock;
526 if (fd >= 0) {
527 FD_SET(fd, &readfds);
528 if (maxfd < fd)
529 maxfd = fd;
530 }
531 fd = netState->wakeFds[0];
532 if (fd >= 0) {
533 FD_SET(fd, &readfds);
534 if (maxfd < fd)
535 maxfd = fd;
536 } else {
537 ALOGI("NOTE: entering select w/o wakepipe");
538 }
539
540 if (maxfd < 0) {
541 ALOGV("+++ all fds are closed");
542 return false;
543 }
544
545 /*
546 * Select blocks until it sees activity on the file descriptors.
547 * Closing the local file descriptor does not count as activity,
548 * so we can't rely on that to wake us up (it works for read()
549 * and accept(), but not select()).
550 *
551 * We can do one of three things: (1) send a signal and catch
552 * EINTR, (2) open an additional fd ("wakePipe") and write to
553 * it when it's time to exit, or (3) time out periodically and
554 * re-issue the select. We're currently using #2, as it's more
555 * reliable than #1 and generally better than #3. Wastes two fds.
556 */
557 selCount = select(maxfd+1, &readfds, NULL, NULL, NULL);
558 if (selCount < 0) {
559 if (errno == EINTR)
560 continue;
561 ALOGE("select failed: %s", strerror(errno));
562 goto fail;
563 }
564
565 if (netState->wakeFds[0] >= 0 &&
566 FD_ISSET(netState->wakeFds[0], &readfds))
567 {
568 ALOGD("Got wake-up signal, bailing out of select");
569 goto fail;
570 }
571 if (netState->controlSock >= 0 &&
572 FD_ISSET(netState->controlSock, &readfds))
573 {
574 int sock = receiveClientFd(netState);
575 if (sock >= 0) {
576 ALOGI("Ignoring second debugger -- accepting and dropping");
577 close(sock);
578 } else {
579 assert(netState->controlSock < 0);
580 /*
581 * Remote side most likely went away, so our next read
582 * on netState->clientSock will fail and throw us out
583 * of the loop.
584 */
585 }
586 }
587 if (netState->clientSock >= 0 &&
588 FD_ISSET(netState->clientSock, &readfds))
589 {
590 readCount = read(netState->clientSock,
591 netState->inputBuffer + netState->inputCount,
592 sizeof(netState->inputBuffer) - netState->inputCount);
593 if (readCount < 0) {
594 /* read failed */
595 if (errno != EINTR)
596 goto fail;
597 ALOGD("+++ EINTR hit");
598 return true;
599 } else if (readCount == 0) {
600 /* EOF hit -- far end went away */
601 ALOGV("+++ peer disconnected");
602 goto fail;
603 } else
604 break;
605 }
606 }
607
608 netState->inputCount += readCount;
609 if (!haveFullPacket(netState))
610 return true; /* still not there yet */
611 }
612
613 /*
614 * Special-case the initial handshake. For some bizarre reason we're
615 * expected to emulate bad tty settings by echoing the request back
616 * exactly as it was sent. Note the handshake is always initiated by
617 * the debugger, no matter who connects to whom.
618 *
619 * Other than this one case, the protocol [claims to be] stateless.
620 */
621 if (netState->awaitingHandshake) {
622 int cc;
623
624 if (memcmp(netState->inputBuffer,
625 kMagicHandshake, kMagicHandshakeLen) != 0)
626 {
627 ALOGE("ERROR: bad handshake '%.14s'", netState->inputBuffer);
628 goto fail;
629 }
630
631 errno = 0;
632 cc = TEMP_FAILURE_RETRY(write(netState->clientSock, netState->inputBuffer,
633 kMagicHandshakeLen));
634 if (cc != kMagicHandshakeLen) {
635 ALOGE("Failed writing handshake bytes: %s (%d of %d)",
636 strerror(errno), cc, (int) kMagicHandshakeLen);
637 goto fail;
638 }
639
640 consumeBytes(netState, kMagicHandshakeLen);
641 netState->awaitingHandshake = false;
642 ALOGV("+++ handshake complete");
643 return true;
644 }
645
646 /*
647 * Handle this packet.
648 */
649 return handlePacket(state);
650
651 fail:
652 closeConnection(state);
653 return false;
654 }
655
656 /*
657 * Send a request.
658 *
659 * The entire packet must be sent with a single write() call to avoid
660 * threading issues.
661 *
662 * Returns "true" if it was sent successfully.
663 */
sendRequest(JdwpState * state,ExpandBuf * pReq)664 static bool sendRequest(JdwpState* state, ExpandBuf* pReq)
665 {
666 JdwpNetState* netState = state->netState;
667
668 if (netState->clientSock < 0) {
669 /* can happen with some DDMS events */
670 ALOGV("NOT sending request -- no debugger is attached");
671 return false;
672 }
673
674 errno = 0;
675
676 ssize_t cc = netState->writePacket(pReq);
677
678 if (cc != (ssize_t) expandBufGetLength(pReq)) {
679 ALOGE("Failed sending req to debugger: %s (%d of %d)",
680 strerror(errno), (int) cc, (int) expandBufGetLength(pReq));
681 return false;
682 }
683
684 return true;
685 }
686
687 /*
688 * Send a request that was split into multiple buffers.
689 *
690 * The entire packet must be sent with a single writev() call to avoid
691 * threading issues.
692 *
693 * Returns "true" if it was sent successfully.
694 */
sendBufferedRequest(JdwpState * state,const struct iovec * iov,int iovcnt)695 static bool sendBufferedRequest(JdwpState* state, const struct iovec* iov,
696 int iovcnt)
697 {
698 JdwpNetState* netState = state->netState;
699
700 if (netState->clientSock < 0) {
701 /* can happen with some DDMS events */
702 ALOGV("NOT sending request -- no debugger is attached");
703 return false;
704 }
705
706 size_t expected = 0;
707 int i;
708 for (i = 0; i < iovcnt; i++)
709 expected += iov[i].iov_len;
710
711 ssize_t actual = netState->writeBufferedPacket(iov, iovcnt);
712
713 if ((size_t)actual != expected) {
714 ALOGE("Failed sending b-req to debugger: %s (%d of %zu)",
715 strerror(errno), (int) actual, expected);
716 return false;
717 }
718
719 return true;
720 }
721
722
723 /*
724 * Our functions.
725 */
726 static const JdwpTransport socketTransport = {
727 startup,
728 acceptConnection,
729 establishConnection,
730 closeConnection,
731 netShutdown,
732 netFree,
733 isConnected,
734 awaitingHandshake,
735 processIncoming,
736 sendRequest,
737 sendBufferedRequest
738 };
739
740 /*
741 * Return our set.
742 */
dvmJdwpAndroidAdbTransport()743 const JdwpTransport* dvmJdwpAndroidAdbTransport()
744 {
745 return &socketTransport;
746 }
747