1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG USB
18
19 #include "sysdeps.h"
20
21 #include <dirent.h>
22 #include <errno.h>
23 #include <linux/usb/ch9.h>
24 #include <linux/usb/functionfs.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/ioctl.h>
29 #include <sys/types.h>
30 #include <unistd.h>
31
32 #include <algorithm>
33 #include <atomic>
34 #include <chrono>
35 #include <condition_variable>
36 #include <mutex>
37 #include <thread>
38
39 #include <android-base/logging.h>
40 #include <android-base/properties.h>
41
42 #include "adb.h"
43 #include "daemon/usb.h"
44 #include "transport.h"
45
46 using namespace std::chrono_literals;
47
48 #define MAX_PACKET_SIZE_FS 64
49 #define MAX_PACKET_SIZE_HS 512
50 #define MAX_PACKET_SIZE_SS 1024
51
52 // Kernels before 3.3 have a 16KiB transfer limit That limit was replaced
53 // with a 16MiB global limit in 3.3, but each URB submitted required a
54 // contiguous kernel allocation, so you would get ENOMEM if you tried to
55 // send something larger than the biggest available contiguous kernel
56 // memory region. Large contiguous allocations could be unreliable
57 // on a device kernel that has been running for a while fragmenting its
58 // memory so we start with a larger allocation, and shrink the amount if
59 // necessary.
60 #define USB_FFS_BULK_SIZE 16384
61
62 #define cpu_to_le16(x) htole16(x)
63 #define cpu_to_le32(x) htole32(x)
64
65 #define FUNCTIONFS_ENDPOINT_ALLOC _IOR('g', 231, __u32)
66
67 static constexpr size_t ENDPOINT_ALLOC_RETRIES = 10;
68
69 static int dummy_fd = -1;
70
71 struct func_desc {
72 struct usb_interface_descriptor intf;
73 struct usb_endpoint_descriptor_no_audio source;
74 struct usb_endpoint_descriptor_no_audio sink;
75 } __attribute__((packed));
76
77 struct ss_func_desc {
78 struct usb_interface_descriptor intf;
79 struct usb_endpoint_descriptor_no_audio source;
80 struct usb_ss_ep_comp_descriptor source_comp;
81 struct usb_endpoint_descriptor_no_audio sink;
82 struct usb_ss_ep_comp_descriptor sink_comp;
83 } __attribute__((packed));
84
85 struct desc_v1 {
86 struct usb_functionfs_descs_head_v1 {
87 __le32 magic;
88 __le32 length;
89 __le32 fs_count;
90 __le32 hs_count;
91 } __attribute__((packed)) header;
92 struct func_desc fs_descs, hs_descs;
93 } __attribute__((packed));
94
95 struct desc_v2 {
96 struct usb_functionfs_descs_head_v2 header;
97 // The rest of the structure depends on the flags in the header.
98 __le32 fs_count;
99 __le32 hs_count;
100 __le32 ss_count;
101 __le32 os_count;
102 struct func_desc fs_descs, hs_descs;
103 struct ss_func_desc ss_descs;
104 struct usb_os_desc_header os_header;
105 struct usb_ext_compat_desc os_desc;
106 } __attribute__((packed));
107
108 static struct func_desc fs_descriptors = {
109 .intf = {
110 .bLength = sizeof(fs_descriptors.intf),
111 .bDescriptorType = USB_DT_INTERFACE,
112 .bInterfaceNumber = 0,
113 .bNumEndpoints = 2,
114 .bInterfaceClass = ADB_CLASS,
115 .bInterfaceSubClass = ADB_SUBCLASS,
116 .bInterfaceProtocol = ADB_PROTOCOL,
117 .iInterface = 1, /* first string from the provided table */
118 },
119 .source = {
120 .bLength = sizeof(fs_descriptors.source),
121 .bDescriptorType = USB_DT_ENDPOINT,
122 .bEndpointAddress = 1 | USB_DIR_OUT,
123 .bmAttributes = USB_ENDPOINT_XFER_BULK,
124 .wMaxPacketSize = MAX_PACKET_SIZE_FS,
125 },
126 .sink = {
127 .bLength = sizeof(fs_descriptors.sink),
128 .bDescriptorType = USB_DT_ENDPOINT,
129 .bEndpointAddress = 2 | USB_DIR_IN,
130 .bmAttributes = USB_ENDPOINT_XFER_BULK,
131 .wMaxPacketSize = MAX_PACKET_SIZE_FS,
132 },
133 };
134
135 static struct func_desc hs_descriptors = {
136 .intf = {
137 .bLength = sizeof(hs_descriptors.intf),
138 .bDescriptorType = USB_DT_INTERFACE,
139 .bInterfaceNumber = 0,
140 .bNumEndpoints = 2,
141 .bInterfaceClass = ADB_CLASS,
142 .bInterfaceSubClass = ADB_SUBCLASS,
143 .bInterfaceProtocol = ADB_PROTOCOL,
144 .iInterface = 1, /* first string from the provided table */
145 },
146 .source = {
147 .bLength = sizeof(hs_descriptors.source),
148 .bDescriptorType = USB_DT_ENDPOINT,
149 .bEndpointAddress = 1 | USB_DIR_OUT,
150 .bmAttributes = USB_ENDPOINT_XFER_BULK,
151 .wMaxPacketSize = MAX_PACKET_SIZE_HS,
152 },
153 .sink = {
154 .bLength = sizeof(hs_descriptors.sink),
155 .bDescriptorType = USB_DT_ENDPOINT,
156 .bEndpointAddress = 2 | USB_DIR_IN,
157 .bmAttributes = USB_ENDPOINT_XFER_BULK,
158 .wMaxPacketSize = MAX_PACKET_SIZE_HS,
159 },
160 };
161
162 static struct ss_func_desc ss_descriptors = {
163 .intf = {
164 .bLength = sizeof(ss_descriptors.intf),
165 .bDescriptorType = USB_DT_INTERFACE,
166 .bInterfaceNumber = 0,
167 .bNumEndpoints = 2,
168 .bInterfaceClass = ADB_CLASS,
169 .bInterfaceSubClass = ADB_SUBCLASS,
170 .bInterfaceProtocol = ADB_PROTOCOL,
171 .iInterface = 1, /* first string from the provided table */
172 },
173 .source = {
174 .bLength = sizeof(ss_descriptors.source),
175 .bDescriptorType = USB_DT_ENDPOINT,
176 .bEndpointAddress = 1 | USB_DIR_OUT,
177 .bmAttributes = USB_ENDPOINT_XFER_BULK,
178 .wMaxPacketSize = MAX_PACKET_SIZE_SS,
179 },
180 .source_comp = {
181 .bLength = sizeof(ss_descriptors.source_comp),
182 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
183 .bMaxBurst = 4,
184 },
185 .sink = {
186 .bLength = sizeof(ss_descriptors.sink),
187 .bDescriptorType = USB_DT_ENDPOINT,
188 .bEndpointAddress = 2 | USB_DIR_IN,
189 .bmAttributes = USB_ENDPOINT_XFER_BULK,
190 .wMaxPacketSize = MAX_PACKET_SIZE_SS,
191 },
192 .sink_comp = {
193 .bLength = sizeof(ss_descriptors.sink_comp),
194 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
195 .bMaxBurst = 4,
196 },
197 };
198
199 struct usb_ext_compat_desc os_desc_compat = {
200 .bFirstInterfaceNumber = 0,
201 .Reserved1 = cpu_to_le32(1),
202 .CompatibleID = {0},
203 .SubCompatibleID = {0},
204 .Reserved2 = {0},
205 };
206
207 static struct usb_os_desc_header os_desc_header = {
208 .interface = cpu_to_le32(1),
209 .dwLength = cpu_to_le32(sizeof(os_desc_header) + sizeof(os_desc_compat)),
210 .bcdVersion = cpu_to_le32(1),
211 .wIndex = cpu_to_le32(4),
212 .bCount = cpu_to_le32(1),
213 .Reserved = cpu_to_le32(0),
214 };
215
216 #define STR_INTERFACE_ "ADB Interface"
217
218 static const struct {
219 struct usb_functionfs_strings_head header;
220 struct {
221 __le16 code;
222 const char str1[sizeof(STR_INTERFACE_)];
223 } __attribute__((packed)) lang0;
224 } __attribute__((packed)) strings = {
225 .header = {
226 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC),
227 .length = cpu_to_le32(sizeof(strings)),
228 .str_count = cpu_to_le32(1),
229 .lang_count = cpu_to_le32(1),
230 },
231 .lang0 = {
232 cpu_to_le16(0x0409), /* en-us */
233 STR_INTERFACE_,
234 },
235 };
236
init_functionfs(struct usb_handle * h)237 bool init_functionfs(struct usb_handle* h) {
238 LOG(INFO) << "initializing functionfs";
239
240 ssize_t ret;
241 struct desc_v1 v1_descriptor;
242 struct desc_v2 v2_descriptor;
243 size_t retries = 0;
244
245 v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2);
246 v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor));
247 v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC |
248 FUNCTIONFS_HAS_SS_DESC | FUNCTIONFS_HAS_MS_OS_DESC;
249 v2_descriptor.fs_count = 3;
250 v2_descriptor.hs_count = 3;
251 v2_descriptor.ss_count = 5;
252 v2_descriptor.os_count = 1;
253 v2_descriptor.fs_descs = fs_descriptors;
254 v2_descriptor.hs_descs = hs_descriptors;
255 v2_descriptor.ss_descs = ss_descriptors;
256 v2_descriptor.os_header = os_desc_header;
257 v2_descriptor.os_desc = os_desc_compat;
258
259 if (h->control < 0) { // might have already done this before
260 LOG(INFO) << "opening control endpoint " << USB_FFS_ADB_EP0;
261 h->control = adb_open(USB_FFS_ADB_EP0, O_RDWR);
262 if (h->control < 0) {
263 PLOG(ERROR) << "cannot open control endpoint " << USB_FFS_ADB_EP0;
264 goto err;
265 }
266
267 ret = adb_write(h->control, &v2_descriptor, sizeof(v2_descriptor));
268 if (ret < 0) {
269 v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC);
270 v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor));
271 v1_descriptor.header.fs_count = 3;
272 v1_descriptor.header.hs_count = 3;
273 v1_descriptor.fs_descs = fs_descriptors;
274 v1_descriptor.hs_descs = hs_descriptors;
275 D("[ %s: Switching to V1_descriptor format errno=%d ]", USB_FFS_ADB_EP0, errno);
276 ret = adb_write(h->control, &v1_descriptor, sizeof(v1_descriptor));
277 if (ret < 0) {
278 D("[ %s: write descriptors failed: errno=%d ]", USB_FFS_ADB_EP0, errno);
279 goto err;
280 }
281 }
282
283 ret = adb_write(h->control, &strings, sizeof(strings));
284 if (ret < 0) {
285 D("[ %s: writing strings failed: errno=%d]", USB_FFS_ADB_EP0, errno);
286 goto err;
287 }
288 //Signal only when writing the descriptors to ffs
289 android::base::SetProperty("sys.usb.ffs.ready", "1");
290 }
291
292 h->bulk_out = adb_open(USB_FFS_ADB_OUT, O_RDWR);
293 if (h->bulk_out < 0) {
294 PLOG(ERROR) << "cannot open bulk-out endpoint " << USB_FFS_ADB_OUT;
295 goto err;
296 }
297
298 h->bulk_in = adb_open(USB_FFS_ADB_IN, O_RDWR);
299 if (h->bulk_in < 0) {
300 PLOG(ERROR) << "cannot open bulk-in endpoint " << USB_FFS_ADB_IN;
301 goto err;
302 }
303
304 h->max_rw = MAX_PAYLOAD;
305 while (h->max_rw >= USB_FFS_BULK_SIZE && retries < ENDPOINT_ALLOC_RETRIES) {
306 int ret_in = ioctl(h->bulk_in, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw));
307 int errno_in = errno;
308 int ret_out = ioctl(h->bulk_out, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw));
309 int errno_out = errno;
310
311 if (ret_in || ret_out) {
312 if (errno_in == ENODEV || errno_out == ENODEV) {
313 std::this_thread::sleep_for(100ms);
314 retries += 1;
315 continue;
316 }
317 h->max_rw /= 2;
318 } else {
319 return true;
320 }
321 }
322
323 D("[ adb: cannot call endpoint alloc: errno=%d ]", errno);
324 // Kernel pre-allocation could have failed for recoverable reasons.
325 // Continue running with a safe max rw size.
326 h->max_rw = USB_FFS_BULK_SIZE;
327 return true;
328
329 err:
330 if (h->bulk_in > 0) {
331 adb_close(h->bulk_in);
332 h->bulk_in = -1;
333 }
334 if (h->bulk_out > 0) {
335 adb_close(h->bulk_out);
336 h->bulk_out = -1;
337 }
338 if (h->control > 0) {
339 adb_close(h->control);
340 h->control = -1;
341 }
342 return false;
343 }
344
usb_ffs_open_thread(void * x)345 static void usb_ffs_open_thread(void* x) {
346 struct usb_handle* usb = (struct usb_handle*)x;
347
348 adb_thread_setname("usb ffs open");
349
350 while (true) {
351 // wait until the USB device needs opening
352 std::unique_lock<std::mutex> lock(usb->lock);
353 while (!usb->open_new_connection) {
354 usb->notify.wait(lock);
355 }
356 usb->open_new_connection = false;
357 lock.unlock();
358
359 while (true) {
360 if (init_functionfs(usb)) {
361 LOG(INFO) << "functionfs successfully initialized";
362 break;
363 }
364 std::this_thread::sleep_for(1s);
365 }
366
367 LOG(INFO) << "registering usb transport";
368 register_usb_transport(usb, 0, 0, 1);
369 }
370
371 // never gets here
372 abort();
373 }
374
usb_ffs_write(usb_handle * h,const void * data,int len)375 static int usb_ffs_write(usb_handle* h, const void* data, int len) {
376 D("about to write (fd=%d, len=%d)", h->bulk_in, len);
377
378 const char* buf = static_cast<const char*>(data);
379 while (len > 0) {
380 int write_len = std::min(h->max_rw, len);
381 int n = adb_write(h->bulk_in, buf, write_len);
382 if (n < 0) {
383 D("ERROR: fd = %d, n = %d: %s", h->bulk_in, n, strerror(errno));
384 return -1;
385 }
386 buf += n;
387 len -= n;
388 }
389
390 D("[ done fd=%d ]", h->bulk_in);
391 return 0;
392 }
393
usb_ffs_read(usb_handle * h,void * data,int len)394 static int usb_ffs_read(usb_handle* h, void* data, int len) {
395 D("about to read (fd=%d, len=%d)", h->bulk_out, len);
396
397 char* buf = static_cast<char*>(data);
398 while (len > 0) {
399 int read_len = std::min(h->max_rw, len);
400 int n = adb_read(h->bulk_out, buf, read_len);
401 if (n < 0) {
402 D("ERROR: fd = %d, n = %d: %s", h->bulk_out, n, strerror(errno));
403 return -1;
404 }
405 buf += n;
406 len -= n;
407 }
408
409 D("[ done fd=%d ]", h->bulk_out);
410 return 0;
411 }
412
usb_ffs_kick(usb_handle * h)413 static void usb_ffs_kick(usb_handle* h) {
414 int err;
415
416 err = ioctl(h->bulk_in, FUNCTIONFS_CLEAR_HALT);
417 if (err < 0) {
418 D("[ kick: source (fd=%d) clear halt failed (%d) ]", h->bulk_in, errno);
419 }
420
421 err = ioctl(h->bulk_out, FUNCTIONFS_CLEAR_HALT);
422 if (err < 0) {
423 D("[ kick: sink (fd=%d) clear halt failed (%d) ]", h->bulk_out, errno);
424 }
425
426 // don't close ep0 here, since we may not need to reinitialize it with
427 // the same descriptors again. if however ep1/ep2 fail to re-open in
428 // init_functionfs, only then would we close and open ep0 again.
429 // Ditto the comment in usb_adb_kick.
430 h->kicked = true;
431 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_out));
432 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_in));
433 }
434
usb_ffs_close(usb_handle * h)435 static void usb_ffs_close(usb_handle* h) {
436 LOG(INFO) << "closing functionfs transport";
437
438 h->kicked = false;
439 adb_close(h->bulk_out);
440 adb_close(h->bulk_in);
441 // Notify usb_adb_open_thread to open a new connection.
442 h->lock.lock();
443 h->open_new_connection = true;
444 h->lock.unlock();
445 h->notify.notify_one();
446 }
447
usb_ffs_init()448 static void usb_ffs_init() {
449 D("[ usb_init - using FunctionFS ]");
450
451 usb_handle* h = new usb_handle();
452
453 h->write = usb_ffs_write;
454 h->read = usb_ffs_read;
455 h->kick = usb_ffs_kick;
456 h->close = usb_ffs_close;
457
458 D("[ usb_init - starting thread ]");
459 std::thread(usb_ffs_open_thread, h).detach();
460 }
461
usb_init()462 void usb_init() {
463 dummy_fd = adb_open("/dev/null", O_WRONLY);
464 CHECK_NE(dummy_fd, -1);
465 usb_ffs_init();
466 }
467
usb_write(usb_handle * h,const void * data,int len)468 int usb_write(usb_handle* h, const void* data, int len) {
469 return h->write(h, data, len);
470 }
471
usb_read(usb_handle * h,void * data,int len)472 int usb_read(usb_handle* h, void* data, int len) {
473 return h->read(h, data, len);
474 }
475
usb_close(usb_handle * h)476 int usb_close(usb_handle* h) {
477 h->close(h);
478 return 0;
479 }
480
usb_kick(usb_handle * h)481 void usb_kick(usb_handle* h) {
482 h->kick(h);
483 }
484