1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG USB
18
19 #include "sysdeps.h"
20
21 #include <dirent.h>
22 #include <errno.h>
23 #include <linux/usb/ch9.h>
24 #include <linux/usb/functionfs.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/ioctl.h>
29 #include <sys/types.h>
30 #include <unistd.h>
31
32 #include <algorithm>
33 #include <atomic>
34 #include <chrono>
35 #include <condition_variable>
36 #include <mutex>
37 #include <thread>
38
39 #include <android-base/logging.h>
40 #include <android-base/properties.h>
41
42 #include "adb.h"
43 #include "daemon/usb.h"
44 #include "transport.h"
45
46 using namespace std::chrono_literals;
47
48 #define MAX_PACKET_SIZE_FS 64
49 #define MAX_PACKET_SIZE_HS 512
50 #define MAX_PACKET_SIZE_SS 1024
51
52 // Kernels before 3.3 have a 16KiB transfer limit That limit was replaced
53 // with a 16MiB global limit in 3.3, but each URB submitted required a
54 // contiguous kernel allocation, so you would get ENOMEM if you tried to
55 // send something larger than the biggest available contiguous kernel
56 // memory region. Large contiguous allocations could be unreliable
57 // on a device kernel that has been running for a while fragmenting its
58 // memory so we start with a larger allocation, and shrink the amount if
59 // necessary.
60 #define USB_FFS_BULK_SIZE 16384
61
62 #define cpu_to_le16(x) htole16(x)
63 #define cpu_to_le32(x) htole32(x)
64
65 #define FUNCTIONFS_ENDPOINT_ALLOC _IOR('g', 231, __u32)
66
67 static constexpr size_t ENDPOINT_ALLOC_RETRIES = 2;
68
69 static int dummy_fd = -1;
70
71 struct func_desc {
72 struct usb_interface_descriptor intf;
73 struct usb_endpoint_descriptor_no_audio source;
74 struct usb_endpoint_descriptor_no_audio sink;
75 } __attribute__((packed));
76
77 struct ss_func_desc {
78 struct usb_interface_descriptor intf;
79 struct usb_endpoint_descriptor_no_audio source;
80 struct usb_ss_ep_comp_descriptor source_comp;
81 struct usb_endpoint_descriptor_no_audio sink;
82 struct usb_ss_ep_comp_descriptor sink_comp;
83 } __attribute__((packed));
84
85 struct desc_v1 {
86 struct usb_functionfs_descs_head_v1 {
87 __le32 magic;
88 __le32 length;
89 __le32 fs_count;
90 __le32 hs_count;
91 } __attribute__((packed)) header;
92 struct func_desc fs_descs, hs_descs;
93 } __attribute__((packed));
94
95 struct desc_v2 {
96 struct usb_functionfs_descs_head_v2 header;
97 // The rest of the structure depends on the flags in the header.
98 __le32 fs_count;
99 __le32 hs_count;
100 __le32 ss_count;
101 __le32 os_count;
102 struct func_desc fs_descs, hs_descs;
103 struct ss_func_desc ss_descs;
104 struct usb_os_desc_header os_header;
105 struct usb_ext_compat_desc os_desc;
106 } __attribute__((packed));
107
108 static struct func_desc fs_descriptors = {
109 .intf = {
110 .bLength = sizeof(fs_descriptors.intf),
111 .bDescriptorType = USB_DT_INTERFACE,
112 .bInterfaceNumber = 0,
113 .bNumEndpoints = 2,
114 .bInterfaceClass = ADB_CLASS,
115 .bInterfaceSubClass = ADB_SUBCLASS,
116 .bInterfaceProtocol = ADB_PROTOCOL,
117 .iInterface = 1, /* first string from the provided table */
118 },
119 .source = {
120 .bLength = sizeof(fs_descriptors.source),
121 .bDescriptorType = USB_DT_ENDPOINT,
122 .bEndpointAddress = 1 | USB_DIR_OUT,
123 .bmAttributes = USB_ENDPOINT_XFER_BULK,
124 .wMaxPacketSize = MAX_PACKET_SIZE_FS,
125 },
126 .sink = {
127 .bLength = sizeof(fs_descriptors.sink),
128 .bDescriptorType = USB_DT_ENDPOINT,
129 .bEndpointAddress = 2 | USB_DIR_IN,
130 .bmAttributes = USB_ENDPOINT_XFER_BULK,
131 .wMaxPacketSize = MAX_PACKET_SIZE_FS,
132 },
133 };
134
135 static struct func_desc hs_descriptors = {
136 .intf = {
137 .bLength = sizeof(hs_descriptors.intf),
138 .bDescriptorType = USB_DT_INTERFACE,
139 .bInterfaceNumber = 0,
140 .bNumEndpoints = 2,
141 .bInterfaceClass = ADB_CLASS,
142 .bInterfaceSubClass = ADB_SUBCLASS,
143 .bInterfaceProtocol = ADB_PROTOCOL,
144 .iInterface = 1, /* first string from the provided table */
145 },
146 .source = {
147 .bLength = sizeof(hs_descriptors.source),
148 .bDescriptorType = USB_DT_ENDPOINT,
149 .bEndpointAddress = 1 | USB_DIR_OUT,
150 .bmAttributes = USB_ENDPOINT_XFER_BULK,
151 .wMaxPacketSize = MAX_PACKET_SIZE_HS,
152 },
153 .sink = {
154 .bLength = sizeof(hs_descriptors.sink),
155 .bDescriptorType = USB_DT_ENDPOINT,
156 .bEndpointAddress = 2 | USB_DIR_IN,
157 .bmAttributes = USB_ENDPOINT_XFER_BULK,
158 .wMaxPacketSize = MAX_PACKET_SIZE_HS,
159 },
160 };
161
162 static struct ss_func_desc ss_descriptors = {
163 .intf = {
164 .bLength = sizeof(ss_descriptors.intf),
165 .bDescriptorType = USB_DT_INTERFACE,
166 .bInterfaceNumber = 0,
167 .bNumEndpoints = 2,
168 .bInterfaceClass = ADB_CLASS,
169 .bInterfaceSubClass = ADB_SUBCLASS,
170 .bInterfaceProtocol = ADB_PROTOCOL,
171 .iInterface = 1, /* first string from the provided table */
172 },
173 .source = {
174 .bLength = sizeof(ss_descriptors.source),
175 .bDescriptorType = USB_DT_ENDPOINT,
176 .bEndpointAddress = 1 | USB_DIR_OUT,
177 .bmAttributes = USB_ENDPOINT_XFER_BULK,
178 .wMaxPacketSize = MAX_PACKET_SIZE_SS,
179 },
180 .source_comp = {
181 .bLength = sizeof(ss_descriptors.source_comp),
182 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
183 .bMaxBurst = 4,
184 },
185 .sink = {
186 .bLength = sizeof(ss_descriptors.sink),
187 .bDescriptorType = USB_DT_ENDPOINT,
188 .bEndpointAddress = 2 | USB_DIR_IN,
189 .bmAttributes = USB_ENDPOINT_XFER_BULK,
190 .wMaxPacketSize = MAX_PACKET_SIZE_SS,
191 },
192 .sink_comp = {
193 .bLength = sizeof(ss_descriptors.sink_comp),
194 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
195 .bMaxBurst = 4,
196 },
197 };
198
199 struct usb_ext_compat_desc os_desc_compat = {
200 .bFirstInterfaceNumber = 0,
201 .Reserved1 = cpu_to_le32(1),
202 .CompatibleID = {0},
203 .SubCompatibleID = {0},
204 .Reserved2 = {0},
205 };
206
207 static struct usb_os_desc_header os_desc_header = {
208 .interface = cpu_to_le32(1),
209 .dwLength = cpu_to_le32(sizeof(os_desc_header) + sizeof(os_desc_compat)),
210 .bcdVersion = cpu_to_le32(1),
211 .wIndex = cpu_to_le32(4),
212 .bCount = cpu_to_le32(1),
213 .Reserved = cpu_to_le32(0),
214 };
215
216 #define STR_INTERFACE_ "ADB Interface"
217
218 static const struct {
219 struct usb_functionfs_strings_head header;
220 struct {
221 __le16 code;
222 const char str1[sizeof(STR_INTERFACE_)];
223 } __attribute__((packed)) lang0;
224 } __attribute__((packed)) strings = {
225 .header = {
226 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC),
227 .length = cpu_to_le32(sizeof(strings)),
228 .str_count = cpu_to_le32(1),
229 .lang_count = cpu_to_le32(1),
230 },
231 .lang0 = {
232 cpu_to_le16(0x0409), /* en-us */
233 STR_INTERFACE_,
234 },
235 };
236
init_functionfs(struct usb_handle * h)237 bool init_functionfs(struct usb_handle* h) {
238 ssize_t ret;
239 struct desc_v1 v1_descriptor;
240 struct desc_v2 v2_descriptor;
241 size_t retries = 0;
242
243 v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2);
244 v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor));
245 v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC |
246 FUNCTIONFS_HAS_SS_DESC | FUNCTIONFS_HAS_MS_OS_DESC;
247 v2_descriptor.fs_count = 3;
248 v2_descriptor.hs_count = 3;
249 v2_descriptor.ss_count = 5;
250 v2_descriptor.os_count = 1;
251 v2_descriptor.fs_descs = fs_descriptors;
252 v2_descriptor.hs_descs = hs_descriptors;
253 v2_descriptor.ss_descs = ss_descriptors;
254 v2_descriptor.os_header = os_desc_header;
255 v2_descriptor.os_desc = os_desc_compat;
256
257 if (h->control < 0) { // might have already done this before
258 D("OPENING %s", USB_FFS_ADB_EP0);
259 h->control = adb_open(USB_FFS_ADB_EP0, O_RDWR);
260 if (h->control < 0) {
261 D("[ %s: cannot open control endpoint: errno=%d]", USB_FFS_ADB_EP0, errno);
262 goto err;
263 }
264
265 ret = adb_write(h->control, &v2_descriptor, sizeof(v2_descriptor));
266 if (ret < 0) {
267 v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC);
268 v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor));
269 v1_descriptor.header.fs_count = 3;
270 v1_descriptor.header.hs_count = 3;
271 v1_descriptor.fs_descs = fs_descriptors;
272 v1_descriptor.hs_descs = hs_descriptors;
273 D("[ %s: Switching to V1_descriptor format errno=%d ]", USB_FFS_ADB_EP0, errno);
274 ret = adb_write(h->control, &v1_descriptor, sizeof(v1_descriptor));
275 if (ret < 0) {
276 D("[ %s: write descriptors failed: errno=%d ]", USB_FFS_ADB_EP0, errno);
277 goto err;
278 }
279 }
280
281 ret = adb_write(h->control, &strings, sizeof(strings));
282 if (ret < 0) {
283 D("[ %s: writing strings failed: errno=%d]", USB_FFS_ADB_EP0, errno);
284 goto err;
285 }
286 //Signal only when writing the descriptors to ffs
287 android::base::SetProperty("sys.usb.ffs.ready", "1");
288 }
289
290 h->bulk_out = adb_open(USB_FFS_ADB_OUT, O_RDWR);
291 if (h->bulk_out < 0) {
292 D("[ %s: cannot open bulk-out ep: errno=%d ]", USB_FFS_ADB_OUT, errno);
293 goto err;
294 }
295
296 h->bulk_in = adb_open(USB_FFS_ADB_IN, O_RDWR);
297 if (h->bulk_in < 0) {
298 D("[ %s: cannot open bulk-in ep: errno=%d ]", USB_FFS_ADB_IN, errno);
299 goto err;
300 }
301
302 h->max_rw = MAX_PAYLOAD;
303 while (h->max_rw >= USB_FFS_BULK_SIZE && retries < ENDPOINT_ALLOC_RETRIES) {
304 int ret_in = ioctl(h->bulk_in, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw));
305 int errno_in = errno;
306 int ret_out = ioctl(h->bulk_out, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw));
307 int errno_out = errno;
308
309 if (ret_in || ret_out) {
310 if (errno_in == ENODEV || errno_out == ENODEV) {
311 std::this_thread::sleep_for(100ms);
312 retries += 1;
313 continue;
314 }
315 h->max_rw /= 2;
316 } else {
317 return true;
318 }
319 }
320
321 D("[ adb: cannot call endpoint alloc: errno=%d ]", errno);
322 // Kernel pre-allocation could have failed for recoverable reasons.
323 // Continue running with a safe max rw size.
324 h->max_rw = USB_FFS_BULK_SIZE;
325 return true;
326
327 err:
328 if (h->bulk_in > 0) {
329 adb_close(h->bulk_in);
330 h->bulk_in = -1;
331 }
332 if (h->bulk_out > 0) {
333 adb_close(h->bulk_out);
334 h->bulk_out = -1;
335 }
336 if (h->control > 0) {
337 adb_close(h->control);
338 h->control = -1;
339 }
340 return false;
341 }
342
usb_ffs_open_thread(void * x)343 static void usb_ffs_open_thread(void* x) {
344 struct usb_handle* usb = (struct usb_handle*)x;
345
346 adb_thread_setname("usb ffs open");
347
348 while (true) {
349 // wait until the USB device needs opening
350 std::unique_lock<std::mutex> lock(usb->lock);
351 while (!usb->open_new_connection) {
352 usb->notify.wait(lock);
353 }
354 usb->open_new_connection = false;
355 lock.unlock();
356
357 while (true) {
358 if (init_functionfs(usb)) {
359 break;
360 }
361 std::this_thread::sleep_for(1s);
362 }
363
364 D("[ usb_thread - registering device ]");
365 register_usb_transport(usb, 0, 0, 1);
366 }
367
368 // never gets here
369 abort();
370 }
371
usb_ffs_write(usb_handle * h,const void * data,int len)372 static int usb_ffs_write(usb_handle* h, const void* data, int len) {
373 D("about to write (fd=%d, len=%d)", h->bulk_in, len);
374
375 const char* buf = static_cast<const char*>(data);
376 while (len > 0) {
377 int write_len = std::min(h->max_rw, len);
378 int n = adb_write(h->bulk_in, buf, write_len);
379 if (n < 0) {
380 D("ERROR: fd = %d, n = %d: %s", h->bulk_in, n, strerror(errno));
381 return -1;
382 }
383 buf += n;
384 len -= n;
385 }
386
387 D("[ done fd=%d ]", h->bulk_in);
388 return 0;
389 }
390
usb_ffs_read(usb_handle * h,void * data,int len)391 static int usb_ffs_read(usb_handle* h, void* data, int len) {
392 D("about to read (fd=%d, len=%d)", h->bulk_out, len);
393
394 char* buf = static_cast<char*>(data);
395 while (len > 0) {
396 int read_len = std::min(h->max_rw, len);
397 int n = adb_read(h->bulk_out, buf, read_len);
398 if (n < 0) {
399 D("ERROR: fd = %d, n = %d: %s", h->bulk_out, n, strerror(errno));
400 return -1;
401 }
402 buf += n;
403 len -= n;
404 }
405
406 D("[ done fd=%d ]", h->bulk_out);
407 return 0;
408 }
409
usb_ffs_kick(usb_handle * h)410 static void usb_ffs_kick(usb_handle* h) {
411 int err;
412
413 err = ioctl(h->bulk_in, FUNCTIONFS_CLEAR_HALT);
414 if (err < 0) {
415 D("[ kick: source (fd=%d) clear halt failed (%d) ]", h->bulk_in, errno);
416 }
417
418 err = ioctl(h->bulk_out, FUNCTIONFS_CLEAR_HALT);
419 if (err < 0) {
420 D("[ kick: sink (fd=%d) clear halt failed (%d) ]", h->bulk_out, errno);
421 }
422
423 // don't close ep0 here, since we may not need to reinitialize it with
424 // the same descriptors again. if however ep1/ep2 fail to re-open in
425 // init_functionfs, only then would we close and open ep0 again.
426 // Ditto the comment in usb_adb_kick.
427 h->kicked = true;
428 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_out));
429 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_in));
430 }
431
usb_ffs_close(usb_handle * h)432 static void usb_ffs_close(usb_handle* h) {
433 h->kicked = false;
434 adb_close(h->bulk_out);
435 adb_close(h->bulk_in);
436 // Notify usb_adb_open_thread to open a new connection.
437 h->lock.lock();
438 h->open_new_connection = true;
439 h->lock.unlock();
440 h->notify.notify_one();
441 }
442
usb_ffs_init()443 static void usb_ffs_init() {
444 D("[ usb_init - using FunctionFS ]");
445
446 usb_handle* h = new usb_handle();
447
448 h->write = usb_ffs_write;
449 h->read = usb_ffs_read;
450 h->kick = usb_ffs_kick;
451 h->close = usb_ffs_close;
452
453 D("[ usb_init - starting thread ]");
454 if (!adb_thread_create(usb_ffs_open_thread, h)) {
455 fatal_errno("[ cannot create usb thread ]\n");
456 }
457 }
458
usb_init()459 void usb_init() {
460 dummy_fd = adb_open("/dev/null", O_WRONLY);
461 CHECK_NE(dummy_fd, -1);
462 usb_ffs_init();
463 }
464
usb_write(usb_handle * h,const void * data,int len)465 int usb_write(usb_handle* h, const void* data, int len) {
466 return h->write(h, data, len);
467 }
468
usb_read(usb_handle * h,void * data,int len)469 int usb_read(usb_handle* h, void* data, int len) {
470 return h->read(h, data, len);
471 }
472
usb_close(usb_handle * h)473 int usb_close(usb_handle* h) {
474 h->close(h);
475 return 0;
476 }
477
usb_kick(usb_handle * h)478 void usb_kick(usb_handle* h) {
479 h->kick(h);
480 }
481