1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <ctype.h>
30 #include <dirent.h>
31 #include <errno.h>
32 #include <fcntl.h>
33 #include <pthread.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/ioctl.h>
38 #include <sys/stat.h>
39 #include <sys/types.h>
40 #include <unistd.h>
41
42 #include <linux/usbdevice_fs.h>
43 #include <linux/version.h>
44 #include <linux/usb/ch9.h>
45
46 #include <chrono>
47 #include <memory>
48 #include <thread>
49
50 #include "fastboot.h"
51 #include "usb.h"
52
53 using namespace std::chrono_literals;
54
55 #define MAX_RETRIES 5
56
57 /* Timeout in seconds for usb_wait_for_disconnect.
58 * It doesn't usually take long for a device to disconnect (almost always
59 * under 2 seconds) but we'll time out after 3 seconds just in case.
60 */
61 #define WAIT_FOR_DISCONNECT_TIMEOUT 3
62
63 #ifdef TRACE_USB
64 #define DBG1(x...) fprintf(stderr, x)
65 #define DBG(x...) fprintf(stderr, x)
66 #else
67 #define DBG(x...)
68 #define DBG1(x...)
69 #endif
70
71 // Kernels before 3.3 have a 16KiB transfer limit. That limit was replaced
72 // with a 16MiB global limit in 3.3, but each URB submitted required a
73 // contiguous kernel allocation, so you would get ENOMEM if you tried to
74 // send something larger than the biggest available contiguous kernel
75 // memory region. 256KiB contiguous allocations are generally not reliable
76 // on a device kernel that has been running for a while fragmenting its
77 // memory, but that shouldn't be a problem for fastboot on the host.
78 // In 3.6, the contiguous buffer limit was removed by allocating multiple
79 // 16KiB chunks and having the USB driver stitch them back together while
80 // transmitting using a scatter-gather list, so 256KiB bulk transfers should
81 // be reliable.
82 // 256KiB seems to work, but 1MiB bulk transfers lock up my z620 with a 3.13
83 // kernel.
84 #define MAX_USBFS_BULK_SIZE (16 * 1024)
85
86 struct usb_handle
87 {
88 char fname[64];
89 int desc;
90 unsigned char ep_in;
91 unsigned char ep_out;
92 };
93
94 class LinuxUsbTransport : public Transport {
95 public:
LinuxUsbTransport(std::unique_ptr<usb_handle> handle)96 explicit LinuxUsbTransport(std::unique_ptr<usb_handle> handle) : handle_(std::move(handle)) {}
97 ~LinuxUsbTransport() override = default;
98
99 ssize_t Read(void* data, size_t len) override;
100 ssize_t Write(const void* data, size_t len) override;
101 int Close() override;
102 int WaitForDisconnect() override;
103
104 private:
105 std::unique_ptr<usb_handle> handle_;
106
107 DISALLOW_COPY_AND_ASSIGN(LinuxUsbTransport);
108 };
109
110 /* True if name isn't a valid name for a USB device in /sys/bus/usb/devices.
111 * Device names are made up of numbers, dots, and dashes, e.g., '7-1.5'.
112 * We reject interfaces (e.g., '7-1.5:1.0') and host controllers (e.g. 'usb1').
113 * The name must also start with a digit, to disallow '.' and '..'
114 */
badname(const char * name)115 static inline int badname(const char *name)
116 {
117 if (!isdigit(*name))
118 return 1;
119 while(*++name) {
120 if(!isdigit(*name) && *name != '.' && *name != '-')
121 return 1;
122 }
123 return 0;
124 }
125
check(void * _desc,int len,unsigned type,int size)126 static int check(void *_desc, int len, unsigned type, int size)
127 {
128 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)_desc;
129
130 if(len < size) return -1;
131 if(hdr->bLength < size) return -1;
132 if(hdr->bLength > len) return -1;
133 if(hdr->bDescriptorType != type) return -1;
134
135 return 0;
136 }
137
filter_usb_device(char * sysfs_name,char * ptr,int len,int writable,ifc_match_func callback,int * ept_in_id,int * ept_out_id,int * ifc_id)138 static int filter_usb_device(char* sysfs_name,
139 char *ptr, int len, int writable,
140 ifc_match_func callback,
141 int *ept_in_id, int *ept_out_id, int *ifc_id)
142 {
143 struct usb_device_descriptor *dev;
144 struct usb_config_descriptor *cfg;
145 struct usb_interface_descriptor *ifc;
146 struct usb_endpoint_descriptor *ept;
147 struct usb_ifc_info info;
148
149 int in, out;
150 unsigned i;
151 unsigned e;
152
153 if (check(ptr, len, USB_DT_DEVICE, USB_DT_DEVICE_SIZE))
154 return -1;
155 dev = (struct usb_device_descriptor *)ptr;
156 len -= dev->bLength;
157 ptr += dev->bLength;
158
159 if (check(ptr, len, USB_DT_CONFIG, USB_DT_CONFIG_SIZE))
160 return -1;
161 cfg = (struct usb_config_descriptor *)ptr;
162 len -= cfg->bLength;
163 ptr += cfg->bLength;
164
165 info.dev_vendor = dev->idVendor;
166 info.dev_product = dev->idProduct;
167 info.dev_class = dev->bDeviceClass;
168 info.dev_subclass = dev->bDeviceSubClass;
169 info.dev_protocol = dev->bDeviceProtocol;
170 info.writable = writable;
171
172 snprintf(info.device_path, sizeof(info.device_path), "usb:%s", sysfs_name);
173
174 /* Read device serial number (if there is one).
175 * We read the serial number from sysfs, since it's faster and more
176 * reliable than issuing a control pipe read, and also won't
177 * cause problems for devices which don't like getting descriptor
178 * requests while they're in the middle of flashing.
179 */
180 info.serial_number[0] = '\0';
181 if (dev->iSerialNumber) {
182 char path[80];
183 int fd;
184
185 snprintf(path, sizeof(path),
186 "/sys/bus/usb/devices/%s/serial", sysfs_name);
187 path[sizeof(path) - 1] = '\0';
188
189 fd = open(path, O_RDONLY);
190 if (fd >= 0) {
191 int chars_read = read(fd, info.serial_number,
192 sizeof(info.serial_number) - 1);
193 close(fd);
194
195 if (chars_read <= 0)
196 info.serial_number[0] = '\0';
197 else if (info.serial_number[chars_read - 1] == '\n') {
198 // strip trailing newline
199 info.serial_number[chars_read - 1] = '\0';
200 }
201 }
202 }
203
204 for(i = 0; i < cfg->bNumInterfaces; i++) {
205
206 while (len > 0) {
207 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr;
208 if (check(hdr, len, USB_DT_INTERFACE, USB_DT_INTERFACE_SIZE) == 0)
209 break;
210 len -= hdr->bLength;
211 ptr += hdr->bLength;
212 }
213
214 if (len <= 0)
215 return -1;
216
217 ifc = (struct usb_interface_descriptor *)ptr;
218 len -= ifc->bLength;
219 ptr += ifc->bLength;
220
221 in = -1;
222 out = -1;
223 info.ifc_class = ifc->bInterfaceClass;
224 info.ifc_subclass = ifc->bInterfaceSubClass;
225 info.ifc_protocol = ifc->bInterfaceProtocol;
226
227 for(e = 0; e < ifc->bNumEndpoints; e++) {
228 while (len > 0) {
229 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr;
230 if (check(hdr, len, USB_DT_ENDPOINT, USB_DT_ENDPOINT_SIZE) == 0)
231 break;
232 len -= hdr->bLength;
233 ptr += hdr->bLength;
234 }
235 if (len < 0) {
236 break;
237 }
238
239 ept = (struct usb_endpoint_descriptor *)ptr;
240 len -= ept->bLength;
241 ptr += ept->bLength;
242
243 if((ept->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) != USB_ENDPOINT_XFER_BULK)
244 continue;
245
246 if(ept->bEndpointAddress & USB_ENDPOINT_DIR_MASK) {
247 in = ept->bEndpointAddress;
248 } else {
249 out = ept->bEndpointAddress;
250 }
251
252 // For USB 3.0 devices skip the SS Endpoint Companion descriptor
253 if (check((struct usb_descriptor_hdr *)ptr, len,
254 USB_DT_SS_ENDPOINT_COMP, USB_DT_SS_EP_COMP_SIZE) == 0) {
255 len -= USB_DT_SS_EP_COMP_SIZE;
256 ptr += USB_DT_SS_EP_COMP_SIZE;
257 }
258 }
259
260 info.has_bulk_in = (in != -1);
261 info.has_bulk_out = (out != -1);
262
263 if(callback(&info) == 0) {
264 *ept_in_id = in;
265 *ept_out_id = out;
266 *ifc_id = ifc->bInterfaceNumber;
267 return 0;
268 }
269 }
270
271 return -1;
272 }
273
read_sysfs_string(const char * sysfs_name,const char * sysfs_node,char * buf,int bufsize)274 static int read_sysfs_string(const char *sysfs_name, const char *sysfs_node,
275 char* buf, int bufsize)
276 {
277 char path[80];
278 int fd, n;
279
280 snprintf(path, sizeof(path),
281 "/sys/bus/usb/devices/%s/%s", sysfs_name, sysfs_node);
282 path[sizeof(path) - 1] = '\0';
283
284 fd = open(path, O_RDONLY);
285 if (fd < 0)
286 return -1;
287
288 n = read(fd, buf, bufsize - 1);
289 close(fd);
290
291 if (n < 0)
292 return -1;
293
294 buf[n] = '\0';
295
296 return n;
297 }
298
read_sysfs_number(const char * sysfs_name,const char * sysfs_node)299 static int read_sysfs_number(const char *sysfs_name, const char *sysfs_node)
300 {
301 char buf[16];
302 int value;
303
304 if (read_sysfs_string(sysfs_name, sysfs_node, buf, sizeof(buf)) < 0)
305 return -1;
306
307 if (sscanf(buf, "%d", &value) != 1)
308 return -1;
309
310 return value;
311 }
312
313 /* Given the name of a USB device in sysfs, get the name for the same
314 * device in devfs. Returns 0 for success, -1 for failure.
315 */
convert_to_devfs_name(const char * sysfs_name,char * devname,int devname_size)316 static int convert_to_devfs_name(const char* sysfs_name,
317 char* devname, int devname_size)
318 {
319 int busnum, devnum;
320
321 busnum = read_sysfs_number(sysfs_name, "busnum");
322 if (busnum < 0)
323 return -1;
324
325 devnum = read_sysfs_number(sysfs_name, "devnum");
326 if (devnum < 0)
327 return -1;
328
329 snprintf(devname, devname_size, "/dev/bus/usb/%03d/%03d", busnum, devnum);
330 return 0;
331 }
332
find_usb_device(const char * base,ifc_match_func callback)333 static std::unique_ptr<usb_handle> find_usb_device(const char* base, ifc_match_func callback)
334 {
335 std::unique_ptr<usb_handle> usb;
336 char devname[64];
337 char desc[1024];
338 int n, in, out, ifc;
339
340 struct dirent *de;
341 int fd;
342 int writable;
343
344 std::unique_ptr<DIR, decltype(&closedir)> busdir(opendir(base), closedir);
345 if (busdir == 0) return 0;
346
347 while ((de = readdir(busdir.get())) && (usb == nullptr)) {
348 if (badname(de->d_name)) continue;
349
350 if (!convert_to_devfs_name(de->d_name, devname, sizeof(devname))) {
351
352 // DBG("[ scanning %s ]\n", devname);
353 writable = 1;
354 if ((fd = open(devname, O_RDWR)) < 0) {
355 // Check if we have read-only access, so we can give a helpful
356 // diagnostic like "adb devices" does.
357 writable = 0;
358 if ((fd = open(devname, O_RDONLY)) < 0) {
359 continue;
360 }
361 }
362
363 n = read(fd, desc, sizeof(desc));
364
365 if (filter_usb_device(de->d_name, desc, n, writable, callback, &in, &out, &ifc) == 0) {
366 usb.reset(new usb_handle());
367 strcpy(usb->fname, devname);
368 usb->ep_in = in;
369 usb->ep_out = out;
370 usb->desc = fd;
371
372 n = ioctl(fd, USBDEVFS_CLAIMINTERFACE, &ifc);
373 if (n != 0) {
374 close(fd);
375 usb.reset();
376 continue;
377 }
378 } else {
379 close(fd);
380 }
381 }
382 }
383
384 return usb;
385 }
386
Write(const void * _data,size_t len)387 ssize_t LinuxUsbTransport::Write(const void* _data, size_t len)
388 {
389 unsigned char *data = (unsigned char*) _data;
390 unsigned count = 0;
391 struct usbdevfs_bulktransfer bulk;
392 int n;
393
394 if (handle_->ep_out == 0 || handle_->desc == -1) {
395 return -1;
396 }
397
398 do {
399 int xfer;
400 xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
401
402 bulk.ep = handle_->ep_out;
403 bulk.len = xfer;
404 bulk.data = data;
405 bulk.timeout = 0;
406
407 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk);
408 if(n != xfer) {
409 DBG("ERROR: n = %d, errno = %d (%s)\n",
410 n, errno, strerror(errno));
411 return -1;
412 }
413
414 count += xfer;
415 len -= xfer;
416 data += xfer;
417 } while(len > 0);
418
419 return count;
420 }
421
Read(void * _data,size_t len)422 ssize_t LinuxUsbTransport::Read(void* _data, size_t len)
423 {
424 unsigned char *data = (unsigned char*) _data;
425 unsigned count = 0;
426 struct usbdevfs_bulktransfer bulk;
427 int n, retry;
428
429 if (handle_->ep_in == 0 || handle_->desc == -1) {
430 return -1;
431 }
432
433 while (len > 0) {
434 int xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
435
436 bulk.ep = handle_->ep_in;
437 bulk.len = xfer;
438 bulk.data = data;
439 bulk.timeout = 0;
440 retry = 0;
441
442 do {
443 DBG("[ usb read %d fd = %d], fname=%s\n", xfer, handle_->desc, handle_->fname);
444 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk);
445 DBG("[ usb read %d ] = %d, fname=%s, Retry %d \n", xfer, n, handle_->fname, retry);
446
447 if (n < 0) {
448 DBG1("ERROR: n = %d, errno = %d (%s)\n",n, errno, strerror(errno));
449 if (++retry > MAX_RETRIES) return -1;
450 std::this_thread::sleep_for(1s);
451 }
452 } while (n < 0);
453
454 count += n;
455 len -= n;
456 data += n;
457
458 if(n < xfer) {
459 break;
460 }
461 }
462
463 return count;
464 }
465
Close()466 int LinuxUsbTransport::Close()
467 {
468 int fd;
469
470 fd = handle_->desc;
471 handle_->desc = -1;
472 if(fd >= 0) {
473 close(fd);
474 DBG("[ usb closed %d ]\n", fd);
475 }
476
477 return 0;
478 }
479
usb_open(ifc_match_func callback)480 Transport* usb_open(ifc_match_func callback)
481 {
482 std::unique_ptr<usb_handle> handle = find_usb_device("/sys/bus/usb/devices", callback);
483 return handle ? new LinuxUsbTransport(std::move(handle)) : nullptr;
484 }
485
486 /* Wait for the system to notice the device is gone, so that a subsequent
487 * fastboot command won't try to access the device before it's rebooted.
488 * Returns 0 for success, -1 for timeout.
489 */
WaitForDisconnect()490 int LinuxUsbTransport::WaitForDisconnect()
491 {
492 double deadline = now() + WAIT_FOR_DISCONNECT_TIMEOUT;
493 while (now() < deadline) {
494 if (access(handle_->fname, F_OK)) return 0;
495 std::this_thread::sleep_for(50ms);
496 }
497 return -1;
498 }
499