1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG TRACE_USB
18
19 #include "sysdeps.h"
20
21 #include <ctype.h>
22 #include <dirent.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <linux/usbdevice_fs.h>
26 #include <linux/version.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/ioctl.h>
31 #include <sys/time.h>
32 #include <sys/types.h>
33 #include <unistd.h>
34 #include <linux/usb/ch9.h>
35
36 #include <base/file.h>
37 #include <base/stringprintf.h>
38 #include <base/strings.h>
39
40 #include "adb.h"
41 #include "transport.h"
42
43 /* usb scan debugging is waaaay too verbose */
44 #define DBGX(x...)
45
46 ADB_MUTEX_DEFINE( usb_lock );
47
48 struct usb_handle
49 {
50 usb_handle *prev;
51 usb_handle *next;
52
53 char fname[64];
54 int desc;
55 unsigned char ep_in;
56 unsigned char ep_out;
57
58 unsigned zero_mask;
59 unsigned writeable;
60
61 struct usbdevfs_urb urb_in;
62 struct usbdevfs_urb urb_out;
63
64 int urb_in_busy;
65 int urb_out_busy;
66 int dead;
67
68 adb_cond_t notify;
69 adb_mutex_t lock;
70
71 // for garbage collecting disconnected devices
72 int mark;
73
74 // ID of thread currently in REAPURB
75 pthread_t reaper_thread;
76 };
77
78 static usb_handle handle_list = {
79 .prev = &handle_list,
80 .next = &handle_list,
81 };
82
known_device(const char * dev_name)83 static int known_device(const char *dev_name)
84 {
85 usb_handle *usb;
86
87 adb_mutex_lock(&usb_lock);
88 for(usb = handle_list.next; usb != &handle_list; usb = usb->next){
89 if(!strcmp(usb->fname, dev_name)) {
90 // set mark flag to indicate this device is still alive
91 usb->mark = 1;
92 adb_mutex_unlock(&usb_lock);
93 return 1;
94 }
95 }
96 adb_mutex_unlock(&usb_lock);
97 return 0;
98 }
99
kick_disconnected_devices()100 static void kick_disconnected_devices()
101 {
102 usb_handle *usb;
103
104 adb_mutex_lock(&usb_lock);
105 // kick any devices in the device list that were not found in the device scan
106 for(usb = handle_list.next; usb != &handle_list; usb = usb->next){
107 if (usb->mark == 0) {
108 usb_kick(usb);
109 } else {
110 usb->mark = 0;
111 }
112 }
113 adb_mutex_unlock(&usb_lock);
114
115 }
116
badname(const char * name)117 static inline int badname(const char *name)
118 {
119 while(*name) {
120 if(!isdigit(*name++)) return 1;
121 }
122 return 0;
123 }
124
find_usb_device(const char * base,void (* register_device_callback)(const char *,const char *,unsigned char,unsigned char,int,int,unsigned))125 static void find_usb_device(const char *base,
126 void (*register_device_callback)
127 (const char *, const char *, unsigned char, unsigned char, int, int, unsigned))
128 {
129 char busname[32], devname[32];
130 unsigned char local_ep_in, local_ep_out;
131 DIR *busdir , *devdir ;
132 struct dirent *de;
133 int fd ;
134
135 busdir = opendir(base);
136 if(busdir == 0) return;
137
138 while((de = readdir(busdir)) != 0) {
139 if(badname(de->d_name)) continue;
140
141 snprintf(busname, sizeof busname, "%s/%s", base, de->d_name);
142 devdir = opendir(busname);
143 if(devdir == 0) continue;
144
145 // DBGX("[ scanning %s ]\n", busname);
146 while((de = readdir(devdir))) {
147 unsigned char devdesc[4096];
148 unsigned char* bufptr = devdesc;
149 unsigned char* bufend;
150 struct usb_device_descriptor* device;
151 struct usb_config_descriptor* config;
152 struct usb_interface_descriptor* interface;
153 struct usb_endpoint_descriptor *ep1, *ep2;
154 unsigned zero_mask = 0;
155 unsigned vid, pid;
156 size_t desclength;
157
158 if(badname(de->d_name)) continue;
159 snprintf(devname, sizeof devname, "%s/%s", busname, de->d_name);
160
161 if(known_device(devname)) {
162 DBGX("skipping %s\n", devname);
163 continue;
164 }
165
166 // DBGX("[ scanning %s ]\n", devname);
167 if((fd = unix_open(devname, O_RDONLY | O_CLOEXEC)) < 0) {
168 continue;
169 }
170
171 desclength = adb_read(fd, devdesc, sizeof(devdesc));
172 bufend = bufptr + desclength;
173
174 // should have device and configuration descriptors, and atleast two endpoints
175 if (desclength < USB_DT_DEVICE_SIZE + USB_DT_CONFIG_SIZE) {
176 D("desclength %zu is too small\n", desclength);
177 adb_close(fd);
178 continue;
179 }
180
181 device = (struct usb_device_descriptor*)bufptr;
182 bufptr += USB_DT_DEVICE_SIZE;
183
184 if((device->bLength != USB_DT_DEVICE_SIZE) || (device->bDescriptorType != USB_DT_DEVICE)) {
185 adb_close(fd);
186 continue;
187 }
188
189 vid = device->idVendor;
190 pid = device->idProduct;
191 DBGX("[ %s is V:%04x P:%04x ]\n", devname, vid, pid);
192
193 // should have config descriptor next
194 config = (struct usb_config_descriptor *)bufptr;
195 bufptr += USB_DT_CONFIG_SIZE;
196 if (config->bLength != USB_DT_CONFIG_SIZE || config->bDescriptorType != USB_DT_CONFIG) {
197 D("usb_config_descriptor not found\n");
198 adb_close(fd);
199 continue;
200 }
201
202 // loop through all the descriptors and look for the ADB interface
203 while (bufptr < bufend) {
204 unsigned char length = bufptr[0];
205 unsigned char type = bufptr[1];
206
207 if (type == USB_DT_INTERFACE) {
208 interface = (struct usb_interface_descriptor *)bufptr;
209 bufptr += length;
210
211 if (length != USB_DT_INTERFACE_SIZE) {
212 D("interface descriptor has wrong size\n");
213 break;
214 }
215
216 DBGX("bInterfaceClass: %d, bInterfaceSubClass: %d,"
217 "bInterfaceProtocol: %d, bNumEndpoints: %d\n",
218 interface->bInterfaceClass, interface->bInterfaceSubClass,
219 interface->bInterfaceProtocol, interface->bNumEndpoints);
220
221 if (interface->bNumEndpoints == 2 &&
222 is_adb_interface(vid, pid, interface->bInterfaceClass,
223 interface->bInterfaceSubClass, interface->bInterfaceProtocol)) {
224
225 struct stat st;
226 char pathbuf[128];
227 char link[256];
228 char *devpath = NULL;
229
230 DBGX("looking for bulk endpoints\n");
231 // looks like ADB...
232 ep1 = (struct usb_endpoint_descriptor *)bufptr;
233 bufptr += USB_DT_ENDPOINT_SIZE;
234 // For USB 3.0 SuperSpeed devices, skip potential
235 // USB 3.0 SuperSpeed Endpoint Companion descriptor
236 if (bufptr+2 <= devdesc + desclength &&
237 bufptr[0] == USB_DT_SS_EP_COMP_SIZE &&
238 bufptr[1] == USB_DT_SS_ENDPOINT_COMP) {
239 bufptr += USB_DT_SS_EP_COMP_SIZE;
240 }
241 ep2 = (struct usb_endpoint_descriptor *)bufptr;
242 bufptr += USB_DT_ENDPOINT_SIZE;
243 if (bufptr+2 <= devdesc + desclength &&
244 bufptr[0] == USB_DT_SS_EP_COMP_SIZE &&
245 bufptr[1] == USB_DT_SS_ENDPOINT_COMP) {
246 bufptr += USB_DT_SS_EP_COMP_SIZE;
247 }
248
249 if (bufptr > devdesc + desclength ||
250 ep1->bLength != USB_DT_ENDPOINT_SIZE ||
251 ep1->bDescriptorType != USB_DT_ENDPOINT ||
252 ep2->bLength != USB_DT_ENDPOINT_SIZE ||
253 ep2->bDescriptorType != USB_DT_ENDPOINT) {
254 D("endpoints not found\n");
255 break;
256 }
257
258 // both endpoints should be bulk
259 if (ep1->bmAttributes != USB_ENDPOINT_XFER_BULK ||
260 ep2->bmAttributes != USB_ENDPOINT_XFER_BULK) {
261 D("bulk endpoints not found\n");
262 continue;
263 }
264 /* aproto 01 needs 0 termination */
265 if(interface->bInterfaceProtocol == 0x01) {
266 zero_mask = ep1->wMaxPacketSize - 1;
267 }
268
269 // we have a match. now we just need to figure out which is in and which is out.
270 if (ep1->bEndpointAddress & USB_ENDPOINT_DIR_MASK) {
271 local_ep_in = ep1->bEndpointAddress;
272 local_ep_out = ep2->bEndpointAddress;
273 } else {
274 local_ep_in = ep2->bEndpointAddress;
275 local_ep_out = ep1->bEndpointAddress;
276 }
277
278 // Determine the device path
279 if (!fstat(fd, &st) && S_ISCHR(st.st_mode)) {
280 char *slash;
281 ssize_t link_len;
282 snprintf(pathbuf, sizeof(pathbuf), "/sys/dev/char/%d:%d",
283 major(st.st_rdev), minor(st.st_rdev));
284 link_len = readlink(pathbuf, link, sizeof(link) - 1);
285 if (link_len > 0) {
286 link[link_len] = '\0';
287 slash = strrchr(link, '/');
288 if (slash) {
289 snprintf(pathbuf, sizeof(pathbuf),
290 "usb:%s", slash + 1);
291 devpath = pathbuf;
292 }
293 }
294 }
295
296 register_device_callback(devname, devpath,
297 local_ep_in, local_ep_out,
298 interface->bInterfaceNumber, device->iSerialNumber, zero_mask);
299 break;
300 }
301 } else {
302 bufptr += length;
303 }
304 } // end of while
305
306 adb_close(fd);
307 } // end of devdir while
308 closedir(devdir);
309 } //end of busdir while
310 closedir(busdir);
311 }
312
usb_cleanup()313 void usb_cleanup()
314 {
315 }
316
usb_bulk_write(usb_handle * h,const void * data,int len)317 static int usb_bulk_write(usb_handle *h, const void *data, int len)
318 {
319 struct usbdevfs_urb *urb = &h->urb_out;
320 int res;
321 struct timeval tv;
322 struct timespec ts;
323
324 memset(urb, 0, sizeof(*urb));
325 urb->type = USBDEVFS_URB_TYPE_BULK;
326 urb->endpoint = h->ep_out;
327 urb->status = -1;
328 urb->buffer = (void*) data;
329 urb->buffer_length = len;
330
331 D("++ write ++\n");
332
333 adb_mutex_lock(&h->lock);
334 if(h->dead) {
335 res = -1;
336 goto fail;
337 }
338 do {
339 res = ioctl(h->desc, USBDEVFS_SUBMITURB, urb);
340 } while((res < 0) && (errno == EINTR));
341
342 if(res < 0) {
343 goto fail;
344 }
345
346 res = -1;
347 h->urb_out_busy = 1;
348 for(;;) {
349 /* time out after five seconds */
350 gettimeofday(&tv, NULL);
351 ts.tv_sec = tv.tv_sec + 5;
352 ts.tv_nsec = tv.tv_usec * 1000L;
353 res = pthread_cond_timedwait(&h->notify, &h->lock, &ts);
354 if(res < 0 || h->dead) {
355 break;
356 }
357 if(h->urb_out_busy == 0) {
358 if(urb->status == 0) {
359 res = urb->actual_length;
360 }
361 break;
362 }
363 }
364 fail:
365 adb_mutex_unlock(&h->lock);
366 D("-- write --\n");
367 return res;
368 }
369
usb_bulk_read(usb_handle * h,void * data,int len)370 static int usb_bulk_read(usb_handle *h, void *data, int len)
371 {
372 struct usbdevfs_urb *urb = &h->urb_in;
373 struct usbdevfs_urb *out = NULL;
374 int res;
375
376 D("++ usb_bulk_read ++\n");
377 memset(urb, 0, sizeof(*urb));
378 urb->type = USBDEVFS_URB_TYPE_BULK;
379 urb->endpoint = h->ep_in;
380 urb->status = -1;
381 urb->buffer = data;
382 urb->buffer_length = len;
383
384
385 adb_mutex_lock(&h->lock);
386 if(h->dead) {
387 res = -1;
388 goto fail;
389 }
390 do {
391 res = ioctl(h->desc, USBDEVFS_SUBMITURB, urb);
392 } while((res < 0) && (errno == EINTR));
393
394 if(res < 0) {
395 goto fail;
396 }
397
398 h->urb_in_busy = 1;
399 for(;;) {
400 D("[ reap urb - wait ]\n");
401 h->reaper_thread = pthread_self();
402 adb_mutex_unlock(&h->lock);
403 res = ioctl(h->desc, USBDEVFS_REAPURB, &out);
404 int saved_errno = errno;
405 adb_mutex_lock(&h->lock);
406 h->reaper_thread = 0;
407 if(h->dead) {
408 res = -1;
409 break;
410 }
411 if(res < 0) {
412 if(saved_errno == EINTR) {
413 continue;
414 }
415 D("[ reap urb - error ]\n");
416 break;
417 }
418 D("[ urb @%p status = %d, actual = %d ]\n",
419 out, out->status, out->actual_length);
420
421 if(out == &h->urb_in) {
422 D("[ reap urb - IN complete ]\n");
423 h->urb_in_busy = 0;
424 if(urb->status == 0) {
425 res = urb->actual_length;
426 } else {
427 res = -1;
428 }
429 break;
430 }
431 if(out == &h->urb_out) {
432 D("[ reap urb - OUT compelete ]\n");
433 h->urb_out_busy = 0;
434 adb_cond_broadcast(&h->notify);
435 }
436 }
437 fail:
438 adb_mutex_unlock(&h->lock);
439 D("-- usb_bulk_read --\n");
440 return res;
441 }
442
443
usb_write(usb_handle * h,const void * _data,int len)444 int usb_write(usb_handle *h, const void *_data, int len)
445 {
446 unsigned char *data = (unsigned char*) _data;
447 int n;
448 int need_zero = 0;
449
450 D("++ usb_write ++\n");
451 if(h->zero_mask) {
452 /* if we need 0-markers and our transfer
453 ** is an even multiple of the packet size,
454 ** we make note of it
455 */
456 if(!(len & h->zero_mask)) {
457 need_zero = 1;
458 }
459 }
460
461 while(len > 0) {
462 int xfer = (len > 4096) ? 4096 : len;
463
464 n = usb_bulk_write(h, data, xfer);
465 if(n != xfer) {
466 D("ERROR: n = %d, errno = %d (%s)\n",
467 n, errno, strerror(errno));
468 return -1;
469 }
470
471 len -= xfer;
472 data += xfer;
473 }
474
475 if(need_zero){
476 n = usb_bulk_write(h, _data, 0);
477 return n;
478 }
479
480 D("-- usb_write --\n");
481 return 0;
482 }
483
usb_read(usb_handle * h,void * _data,int len)484 int usb_read(usb_handle *h, void *_data, int len)
485 {
486 unsigned char *data = (unsigned char*) _data;
487 int n;
488
489 D("++ usb_read ++\n");
490 while(len > 0) {
491 int xfer = (len > 4096) ? 4096 : len;
492
493 D("[ usb read %d fd = %d], fname=%s\n", xfer, h->desc, h->fname);
494 n = usb_bulk_read(h, data, xfer);
495 D("[ usb read %d ] = %d, fname=%s\n", xfer, n, h->fname);
496 if(n != xfer) {
497 if((errno == ETIMEDOUT) && (h->desc != -1)) {
498 D("[ timeout ]\n");
499 if(n > 0){
500 data += n;
501 len -= n;
502 }
503 continue;
504 }
505 D("ERROR: n = %d, errno = %d (%s)\n",
506 n, errno, strerror(errno));
507 return -1;
508 }
509
510 len -= xfer;
511 data += xfer;
512 }
513
514 D("-- usb_read --\n");
515 return 0;
516 }
517
usb_kick(usb_handle * h)518 void usb_kick(usb_handle *h)
519 {
520 D("[ kicking %p (fd = %d) ]\n", h, h->desc);
521 adb_mutex_lock(&h->lock);
522 if(h->dead == 0) {
523 h->dead = 1;
524
525 if (h->writeable) {
526 /* HACK ALERT!
527 ** Sometimes we get stuck in ioctl(USBDEVFS_REAPURB).
528 ** This is a workaround for that problem.
529 */
530 if (h->reaper_thread) {
531 pthread_kill(h->reaper_thread, SIGALRM);
532 }
533
534 /* cancel any pending transactions
535 ** these will quietly fail if the txns are not active,
536 ** but this ensures that a reader blocked on REAPURB
537 ** will get unblocked
538 */
539 ioctl(h->desc, USBDEVFS_DISCARDURB, &h->urb_in);
540 ioctl(h->desc, USBDEVFS_DISCARDURB, &h->urb_out);
541 h->urb_in.status = -ENODEV;
542 h->urb_out.status = -ENODEV;
543 h->urb_in_busy = 0;
544 h->urb_out_busy = 0;
545 adb_cond_broadcast(&h->notify);
546 } else {
547 unregister_usb_transport(h);
548 }
549 }
550 adb_mutex_unlock(&h->lock);
551 }
552
usb_close(usb_handle * h)553 int usb_close(usb_handle *h)
554 {
555 D("++ usb close ++\n");
556 adb_mutex_lock(&usb_lock);
557 h->next->prev = h->prev;
558 h->prev->next = h->next;
559 h->prev = 0;
560 h->next = 0;
561
562 adb_close(h->desc);
563 D("-- usb closed %p (fd = %d) --\n", h, h->desc);
564 adb_mutex_unlock(&usb_lock);
565
566 free(h);
567 return 0;
568 }
569
register_device(const char * dev_name,const char * dev_path,unsigned char ep_in,unsigned char ep_out,int interface,int serial_index,unsigned zero_mask)570 static void register_device(const char* dev_name, const char* dev_path,
571 unsigned char ep_in, unsigned char ep_out,
572 int interface, int serial_index,
573 unsigned zero_mask) {
574 // Since Linux will not reassign the device ID (and dev_name) as long as the
575 // device is open, we can add to the list here once we open it and remove
576 // from the list when we're finally closed and everything will work out
577 // fine.
578 //
579 // If we have a usb_handle on the list 'o handles with a matching name, we
580 // have no further work to do.
581 adb_mutex_lock(&usb_lock);
582 for (usb_handle* usb = handle_list.next; usb != &handle_list; usb = usb->next) {
583 if (!strcmp(usb->fname, dev_name)) {
584 adb_mutex_unlock(&usb_lock);
585 return;
586 }
587 }
588 adb_mutex_unlock(&usb_lock);
589
590 D("[ usb located new device %s (%d/%d/%d) ]\n", dev_name, ep_in, ep_out, interface);
591 usb_handle* usb = reinterpret_cast<usb_handle*>(calloc(1, sizeof(usb_handle)));
592 if (usb == nullptr) fatal("couldn't allocate usb_handle");
593 strcpy(usb->fname, dev_name);
594 usb->ep_in = ep_in;
595 usb->ep_out = ep_out;
596 usb->zero_mask = zero_mask;
597 usb->writeable = 1;
598
599 adb_cond_init(&usb->notify, 0);
600 adb_mutex_init(&usb->lock, 0);
601 // Initialize mark to 1 so we don't get garbage collected after the device
602 // scan.
603 usb->mark = 1;
604 usb->reaper_thread = 0;
605
606 usb->desc = unix_open(usb->fname, O_RDWR | O_CLOEXEC);
607 if (usb->desc == -1) {
608 // Opening RW failed, so see if we have RO access.
609 usb->desc = unix_open(usb->fname, O_RDONLY | O_CLOEXEC);
610 if (usb->desc == -1) {
611 D("[ usb open %s failed: %s]\n", usb->fname, strerror(errno));
612 free(usb);
613 return;
614 }
615 usb->writeable = 0;
616 }
617
618 D("[ usb opened %s%s, fd=%d]\n", usb->fname,
619 (usb->writeable ? "" : " (read-only)"), usb->desc);
620
621 if (usb->writeable) {
622 if (ioctl(usb->desc, USBDEVFS_CLAIMINTERFACE, &interface) != 0) {
623 D("[ usb ioctl(%d, USBDEVFS_CLAIMINTERFACE) failed: %s]\n",
624 usb->desc, strerror(errno));
625 adb_close(usb->desc);
626 free(usb);
627 return;
628 }
629 }
630
631 // Read the device's serial number.
632 std::string serial_path = android::base::StringPrintf(
633 "/sys/bus/usb/devices/%s/serial", dev_path + 4);
634 std::string serial;
635 if (!android::base::ReadFileToString(serial_path, &serial)) {
636 D("[ usb read %s failed: %s ]\n", serial_path.c_str(), strerror(errno));
637 // We don't actually want to treat an unknown serial as an error because
638 // devices aren't able to communicate a serial number in early bringup.
639 // http://b/20883914
640 serial = "";
641 }
642 serial = android::base::Trim(serial);
643
644 // Add to the end of the active handles.
645 adb_mutex_lock(&usb_lock);
646 usb->next = &handle_list;
647 usb->prev = handle_list.prev;
648 usb->prev->next = usb;
649 usb->next->prev = usb;
650 adb_mutex_unlock(&usb_lock);
651
652 register_usb_transport(usb, serial.c_str(), dev_path, usb->writeable);
653 }
654
device_poll_thread(void * unused)655 static void* device_poll_thread(void* unused) {
656 D("Created device thread\n");
657 while (true) {
658 // TODO: Use inotify.
659 find_usb_device("/dev/bus/usb", register_device);
660 kick_disconnected_devices();
661 sleep(1);
662 }
663 return nullptr;
664 }
665
sigalrm_handler(int signo)666 static void sigalrm_handler(int signo) {
667 // don't need to do anything here
668 }
669
usb_init()670 void usb_init()
671 {
672 adb_thread_t tid;
673 struct sigaction actions;
674
675 memset(&actions, 0, sizeof(actions));
676 sigemptyset(&actions.sa_mask);
677 actions.sa_flags = 0;
678 actions.sa_handler = sigalrm_handler;
679 sigaction(SIGALRM,& actions, NULL);
680
681 if(adb_thread_create(&tid, device_poll_thread, NULL)){
682 fatal_errno("cannot create input thread");
683 }
684 }
685