1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <android-base/logging.h> 18 #include <android-base/properties.h> 19 #include <dirent.h> 20 #include <errno.h> 21 #include <fcntl.h> 22 #include <linux/usb/ch9.h> 23 #include <linux/usb/functionfs.h> 24 #include <mutex> 25 #include <stdio.h> 26 #include <stdlib.h> 27 #include <string.h> 28 #include <sys/endian.h> 29 #include <sys/ioctl.h> 30 #include <sys/mman.h> 31 #include <sys/stat.h> 32 #include <sys/types.h> 33 #include <unistd.h> 34 #include <vector> 35 36 #include "AsyncIO.h" 37 #include "MtpFfsHandle.h" 38 #include "mtp.h" 39 40 #define cpu_to_le16(x) htole16(x) 41 #define cpu_to_le32(x) htole32(x) 42 43 #define FUNCTIONFS_ENDPOINT_ALLOC _IOR('g', 231, __u32) 44 45 namespace { 46 47 constexpr char FFS_MTP_EP_IN[] = "/dev/usb-ffs/mtp/ep1"; 48 constexpr char FFS_MTP_EP_OUT[] = "/dev/usb-ffs/mtp/ep2"; 49 constexpr char FFS_MTP_EP_INTR[] = "/dev/usb-ffs/mtp/ep3"; 50 51 constexpr int MAX_PACKET_SIZE_FS = 64; 52 constexpr int MAX_PACKET_SIZE_HS = 512; 53 constexpr int MAX_PACKET_SIZE_SS = 1024; 54 55 // Must be divisible by all max packet size values 56 constexpr int MAX_FILE_CHUNK_SIZE = 3145728; 57 58 // Safe values since some devices cannot handle large DMAs 59 // To get good performance, override these with 60 // higher values per device using the properties 61 // sys.usb.ffs.max_read and sys.usb.ffs.max_write 62 constexpr int USB_FFS_MAX_WRITE = MTP_BUFFER_SIZE; 63 constexpr int USB_FFS_MAX_READ = MTP_BUFFER_SIZE; 64 65 constexpr unsigned FFS_NUM_EVENTS = 5; 66 67 static_assert(USB_FFS_MAX_WRITE > 0, "Max r/w values must be > 0!"); 68 static_assert(USB_FFS_MAX_READ > 0, "Max r/w values must be > 0!"); 69 70 constexpr unsigned int MAX_MTP_FILE_SIZE = 0xFFFFFFFF; 71 72 constexpr size_t ENDPOINT_ALLOC_RETRIES = 10; 73 74 struct func_desc { 75 struct usb_interface_descriptor intf; 76 struct usb_endpoint_descriptor_no_audio sink; 77 struct usb_endpoint_descriptor_no_audio source; 78 struct usb_endpoint_descriptor_no_audio intr; 79 } __attribute__((packed)); 80 81 struct ss_func_desc { 82 struct usb_interface_descriptor intf; 83 struct usb_endpoint_descriptor_no_audio sink; 84 struct usb_ss_ep_comp_descriptor sink_comp; 85 struct usb_endpoint_descriptor_no_audio source; 86 struct usb_ss_ep_comp_descriptor source_comp; 87 struct usb_endpoint_descriptor_no_audio intr; 88 struct usb_ss_ep_comp_descriptor intr_comp; 89 } __attribute__((packed)); 90 91 struct desc_v1 { 92 struct usb_functionfs_descs_head_v1 { 93 __le32 magic; 94 __le32 length; 95 __le32 fs_count; 96 __le32 hs_count; 97 } __attribute__((packed)) header; 98 struct func_desc fs_descs, hs_descs; 99 } __attribute__((packed)); 100 101 struct desc_v2 { 102 struct usb_functionfs_descs_head_v2 header; 103 // The rest of the structure depends on the flags in the header. 104 __le32 fs_count; 105 __le32 hs_count; 106 __le32 ss_count; 107 __le32 os_count; 108 struct func_desc fs_descs, hs_descs; 109 struct ss_func_desc ss_descs; 110 struct usb_os_desc_header os_header; 111 struct usb_ext_compat_desc os_desc; 112 } __attribute__((packed)); 113 114 const struct usb_interface_descriptor mtp_interface_desc = { 115 .bLength = USB_DT_INTERFACE_SIZE, 116 .bDescriptorType = USB_DT_INTERFACE, 117 .bInterfaceNumber = 0, 118 .bNumEndpoints = 3, 119 .bInterfaceClass = USB_CLASS_STILL_IMAGE, 120 .bInterfaceSubClass = 1, 121 .bInterfaceProtocol = 1, 122 .iInterface = 1, 123 }; 124 125 const struct usb_interface_descriptor ptp_interface_desc = { 126 .bLength = USB_DT_INTERFACE_SIZE, 127 .bDescriptorType = USB_DT_INTERFACE, 128 .bInterfaceNumber = 0, 129 .bNumEndpoints = 3, 130 .bInterfaceClass = USB_CLASS_STILL_IMAGE, 131 .bInterfaceSubClass = 1, 132 .bInterfaceProtocol = 1, 133 }; 134 135 const struct usb_endpoint_descriptor_no_audio fs_sink = { 136 .bLength = USB_DT_ENDPOINT_SIZE, 137 .bDescriptorType = USB_DT_ENDPOINT, 138 .bEndpointAddress = 1 | USB_DIR_IN, 139 .bmAttributes = USB_ENDPOINT_XFER_BULK, 140 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 141 }; 142 143 const struct usb_endpoint_descriptor_no_audio fs_source = { 144 .bLength = USB_DT_ENDPOINT_SIZE, 145 .bDescriptorType = USB_DT_ENDPOINT, 146 .bEndpointAddress = 2 | USB_DIR_OUT, 147 .bmAttributes = USB_ENDPOINT_XFER_BULK, 148 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 149 }; 150 151 const struct usb_endpoint_descriptor_no_audio fs_intr = { 152 .bLength = USB_DT_ENDPOINT_SIZE, 153 .bDescriptorType = USB_DT_ENDPOINT, 154 .bEndpointAddress = 3 | USB_DIR_IN, 155 .bmAttributes = USB_ENDPOINT_XFER_INT, 156 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 157 .bInterval = 6, 158 }; 159 160 const struct usb_endpoint_descriptor_no_audio hs_sink = { 161 .bLength = USB_DT_ENDPOINT_SIZE, 162 .bDescriptorType = USB_DT_ENDPOINT, 163 .bEndpointAddress = 1 | USB_DIR_IN, 164 .bmAttributes = USB_ENDPOINT_XFER_BULK, 165 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 166 }; 167 168 const struct usb_endpoint_descriptor_no_audio hs_source = { 169 .bLength = USB_DT_ENDPOINT_SIZE, 170 .bDescriptorType = USB_DT_ENDPOINT, 171 .bEndpointAddress = 2 | USB_DIR_OUT, 172 .bmAttributes = USB_ENDPOINT_XFER_BULK, 173 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 174 }; 175 176 const struct usb_endpoint_descriptor_no_audio hs_intr = { 177 .bLength = USB_DT_ENDPOINT_SIZE, 178 .bDescriptorType = USB_DT_ENDPOINT, 179 .bEndpointAddress = 3 | USB_DIR_IN, 180 .bmAttributes = USB_ENDPOINT_XFER_INT, 181 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 182 .bInterval = 6, 183 }; 184 185 const struct usb_endpoint_descriptor_no_audio ss_sink = { 186 .bLength = USB_DT_ENDPOINT_SIZE, 187 .bDescriptorType = USB_DT_ENDPOINT, 188 .bEndpointAddress = 1 | USB_DIR_IN, 189 .bmAttributes = USB_ENDPOINT_XFER_BULK, 190 .wMaxPacketSize = MAX_PACKET_SIZE_SS, 191 }; 192 193 const struct usb_endpoint_descriptor_no_audio ss_source = { 194 .bLength = USB_DT_ENDPOINT_SIZE, 195 .bDescriptorType = USB_DT_ENDPOINT, 196 .bEndpointAddress = 2 | USB_DIR_OUT, 197 .bmAttributes = USB_ENDPOINT_XFER_BULK, 198 .wMaxPacketSize = MAX_PACKET_SIZE_SS, 199 }; 200 201 const struct usb_endpoint_descriptor_no_audio ss_intr = { 202 .bLength = USB_DT_ENDPOINT_SIZE, 203 .bDescriptorType = USB_DT_ENDPOINT, 204 .bEndpointAddress = 3 | USB_DIR_IN, 205 .bmAttributes = USB_ENDPOINT_XFER_INT, 206 .wMaxPacketSize = MAX_PACKET_SIZE_SS, 207 .bInterval = 6, 208 }; 209 210 const struct usb_ss_ep_comp_descriptor ss_sink_comp = { 211 .bLength = sizeof(ss_sink_comp), 212 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 213 .bMaxBurst = 6, 214 }; 215 216 const struct usb_ss_ep_comp_descriptor ss_source_comp = { 217 .bLength = sizeof(ss_source_comp), 218 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 219 .bMaxBurst = 6, 220 }; 221 222 const struct usb_ss_ep_comp_descriptor ss_intr_comp = { 223 .bLength = sizeof(ss_intr_comp), 224 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 225 }; 226 227 const struct func_desc mtp_fs_descriptors = { 228 .intf = mtp_interface_desc, 229 .sink = fs_sink, 230 .source = fs_source, 231 .intr = fs_intr, 232 }; 233 234 const struct func_desc mtp_hs_descriptors = { 235 .intf = mtp_interface_desc, 236 .sink = hs_sink, 237 .source = hs_source, 238 .intr = hs_intr, 239 }; 240 241 const struct ss_func_desc mtp_ss_descriptors = { 242 .intf = mtp_interface_desc, 243 .sink = ss_sink, 244 .sink_comp = ss_sink_comp, 245 .source = ss_source, 246 .source_comp = ss_source_comp, 247 .intr = ss_intr, 248 .intr_comp = ss_intr_comp, 249 }; 250 251 const struct func_desc ptp_fs_descriptors = { 252 .intf = ptp_interface_desc, 253 .sink = fs_sink, 254 .source = fs_source, 255 .intr = fs_intr, 256 }; 257 258 const struct func_desc ptp_hs_descriptors = { 259 .intf = ptp_interface_desc, 260 .sink = hs_sink, 261 .source = hs_source, 262 .intr = hs_intr, 263 }; 264 265 const struct ss_func_desc ptp_ss_descriptors = { 266 .intf = ptp_interface_desc, 267 .sink = ss_sink, 268 .sink_comp = ss_sink_comp, 269 .source = ss_source, 270 .source_comp = ss_source_comp, 271 .intr = ss_intr, 272 .intr_comp = ss_intr_comp, 273 }; 274 275 #define STR_INTERFACE "MTP" 276 const struct { 277 struct usb_functionfs_strings_head header; 278 struct { 279 __le16 code; 280 const char str1[sizeof(STR_INTERFACE)]; 281 } __attribute__((packed)) lang0; 282 } __attribute__((packed)) strings = { 283 .header = { 284 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC), 285 .length = cpu_to_le32(sizeof(strings)), 286 .str_count = cpu_to_le32(1), 287 .lang_count = cpu_to_le32(1), 288 }, 289 .lang0 = { 290 .code = cpu_to_le16(0x0409), 291 .str1 = STR_INTERFACE, 292 }, 293 }; 294 295 struct usb_os_desc_header mtp_os_desc_header = { 296 .interface = htole32(1), 297 .dwLength = htole32(sizeof(usb_os_desc_header) + sizeof(usb_ext_compat_desc)), 298 .bcdVersion = htole16(1), 299 .wIndex = htole16(4), 300 .bCount = htole16(1), 301 .Reserved = htole16(0), 302 }; 303 304 struct usb_ext_compat_desc mtp_os_desc_compat = { 305 .bFirstInterfaceNumber = 0, 306 .Reserved1 = htole32(1), 307 .CompatibleID = { 'M', 'T', 'P' }, 308 .SubCompatibleID = {0}, 309 .Reserved2 = {0}, 310 }; 311 312 struct usb_ext_compat_desc ptp_os_desc_compat = { 313 .bFirstInterfaceNumber = 0, 314 .Reserved1 = htole32(1), 315 .CompatibleID = { 'P', 'T', 'P' }, 316 .SubCompatibleID = {0}, 317 .Reserved2 = {0}, 318 }; 319 320 struct mtp_device_status { 321 uint16_t wLength; 322 uint16_t wCode; 323 }; 324 325 } // anonymous namespace 326 327 namespace android { 328 329 MtpFfsHandle::MtpFfsHandle() : 330 mMaxWrite(USB_FFS_MAX_WRITE), 331 mMaxRead(USB_FFS_MAX_READ) {} 332 333 MtpFfsHandle::~MtpFfsHandle() {} 334 335 void MtpFfsHandle::closeEndpoints() { 336 mIntr.reset(); 337 mBulkIn.reset(); 338 mBulkOut.reset(); 339 } 340 341 bool MtpFfsHandle::initFunctionfs() { 342 ssize_t ret; 343 struct desc_v1 v1_descriptor; 344 struct desc_v2 v2_descriptor; 345 346 v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2); 347 v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor)); 348 v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC | 349 FUNCTIONFS_HAS_SS_DESC | FUNCTIONFS_HAS_MS_OS_DESC; 350 v2_descriptor.fs_count = 4; 351 v2_descriptor.hs_count = 4; 352 v2_descriptor.ss_count = 7; 353 v2_descriptor.os_count = 1; 354 v2_descriptor.fs_descs = mPtp ? ptp_fs_descriptors : mtp_fs_descriptors; 355 v2_descriptor.hs_descs = mPtp ? ptp_hs_descriptors : mtp_hs_descriptors; 356 v2_descriptor.ss_descs = mPtp ? ptp_ss_descriptors : mtp_ss_descriptors; 357 v2_descriptor.os_header = mtp_os_desc_header; 358 v2_descriptor.os_desc = mPtp ? ptp_os_desc_compat : mtp_os_desc_compat; 359 360 if (mControl < 0) { // might have already done this before 361 mControl.reset(TEMP_FAILURE_RETRY(open(FFS_MTP_EP0, O_RDWR))); 362 if (mControl < 0) { 363 PLOG(ERROR) << FFS_MTP_EP0 << ": cannot open control endpoint"; 364 goto err; 365 } 366 367 ret = TEMP_FAILURE_RETRY(::write(mControl, &v2_descriptor, sizeof(v2_descriptor))); 368 if (ret < 0) { 369 v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC); 370 v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor)); 371 v1_descriptor.header.fs_count = 4; 372 v1_descriptor.header.hs_count = 4; 373 v1_descriptor.fs_descs = mPtp ? ptp_fs_descriptors : mtp_fs_descriptors; 374 v1_descriptor.hs_descs = mPtp ? ptp_hs_descriptors : mtp_hs_descriptors; 375 PLOG(ERROR) << FFS_MTP_EP0 << "Switching to V1 descriptor format"; 376 ret = TEMP_FAILURE_RETRY(::write(mControl, &v1_descriptor, sizeof(v1_descriptor))); 377 if (ret < 0) { 378 PLOG(ERROR) << FFS_MTP_EP0 << "Writing descriptors failed"; 379 goto err; 380 } 381 } 382 ret = TEMP_FAILURE_RETRY(::write(mControl, &strings, sizeof(strings))); 383 if (ret < 0) { 384 PLOG(ERROR) << FFS_MTP_EP0 << "Writing strings failed"; 385 goto err; 386 } 387 } 388 if (mBulkIn > -1 || mBulkOut > -1 || mIntr > -1) 389 LOG(WARNING) << "Endpoints were not closed before configure!"; 390 391 return true; 392 393 err: 394 closeConfig(); 395 return false; 396 } 397 398 void MtpFfsHandle::closeConfig() { 399 mControl.reset(); 400 } 401 402 void MtpFfsHandle::controlLoop() { 403 while (!handleEvent()) {} 404 LOG(DEBUG) << "Mtp server shutting down"; 405 } 406 407 int MtpFfsHandle::handleEvent() { 408 std::vector<usb_functionfs_event> events(FFS_NUM_EVENTS); 409 usb_functionfs_event *event = events.data(); 410 int nbytes = TEMP_FAILURE_RETRY(::read(mControl, event, 411 events.size() * sizeof(usb_functionfs_event))); 412 if (nbytes == -1) { 413 return -1; 414 } 415 int ret = 0; 416 for (size_t n = nbytes / sizeof *event; n; --n, ++event) { 417 switch (event->type) { 418 case FUNCTIONFS_BIND: 419 case FUNCTIONFS_ENABLE: 420 case FUNCTIONFS_RESUME: 421 ret = 0; 422 errno = 0; 423 break; 424 case FUNCTIONFS_SUSPEND: 425 case FUNCTIONFS_UNBIND: 426 case FUNCTIONFS_DISABLE: 427 errno = ESHUTDOWN; 428 ret = -1; 429 break; 430 case FUNCTIONFS_SETUP: 431 if (handleControlRequest(&event->u.setup) == -1) 432 ret = -1; 433 break; 434 default: 435 LOG(DEBUG) << "Mtp Event " << event->type << " (unknown)"; 436 } 437 } 438 return ret; 439 } 440 441 int MtpFfsHandle::handleControlRequest(const struct usb_ctrlrequest *setup) { 442 uint8_t type = setup->bRequestType; 443 uint8_t code = setup->bRequest; 444 uint16_t length = setup->wLength; 445 uint16_t index = setup->wIndex; 446 uint16_t value = setup->wValue; 447 std::vector<char> buf; 448 buf.resize(length); 449 450 if (!(type & USB_DIR_IN)) { 451 if (::read(mControl, buf.data(), length) != length) { 452 PLOG(DEBUG) << "Mtp error ctrlreq read data"; 453 } 454 } 455 456 if ((type & USB_TYPE_MASK) == USB_TYPE_CLASS && index == 0 && value == 0) { 457 switch(code) { 458 case MTP_REQ_GET_DEVICE_STATUS: 459 { 460 if (length < sizeof(struct mtp_device_status)) { 461 return -1; 462 } 463 struct mtp_device_status *st = reinterpret_cast<struct mtp_device_status*>(buf.data()); 464 st->wLength = htole16(sizeof(st)); 465 st->wCode = MTP_RESPONSE_OK; 466 length = st->wLength; 467 break; 468 } 469 default: 470 LOG(DEBUG) << "Unrecognized Mtp class request! " << code; 471 } 472 } else { 473 LOG(DEBUG) << "Unrecognized request type " << type; 474 } 475 476 if (type & USB_DIR_IN) { 477 if (::write(mControl, buf.data(), length) != length) { 478 PLOG(DEBUG) << "Mtp error ctrlreq write data"; 479 } 480 } 481 return 0; 482 } 483 484 int MtpFfsHandle::writeHandle(int fd, const void* data, int len) { 485 LOG(VERBOSE) << "MTP about to write fd = " << fd << ", len=" << len; 486 int ret = 0; 487 const char* buf = static_cast<const char*>(data); 488 while (len > 0) { 489 int write_len = std::min(mMaxWrite, len); 490 int n = TEMP_FAILURE_RETRY(::write(fd, buf, write_len)); 491 492 if (n < 0) { 493 PLOG(ERROR) << "write ERROR: fd = " << fd << ", n = " << n; 494 return -1; 495 } else if (n < write_len) { 496 errno = EIO; 497 PLOG(ERROR) << "less written than expected"; 498 return -1; 499 } 500 buf += n; 501 len -= n; 502 ret += n; 503 } 504 return ret; 505 } 506 507 int MtpFfsHandle::readHandle(int fd, void* data, int len) { 508 LOG(VERBOSE) << "MTP about to read fd = " << fd << ", len=" << len; 509 int ret = 0; 510 char* buf = static_cast<char*>(data); 511 while (len > 0) { 512 int read_len = std::min(mMaxRead, len); 513 int n = TEMP_FAILURE_RETRY(::read(fd, buf, read_len)); 514 if (n < 0) { 515 PLOG(ERROR) << "read ERROR: fd = " << fd << ", n = " << n; 516 return -1; 517 } 518 ret += n; 519 if (n < read_len) // done reading early 520 break; 521 buf += n; 522 len -= n; 523 } 524 return ret; 525 } 526 527 int MtpFfsHandle::spliceReadHandle(int fd, int pipe_out, int len) { 528 LOG(VERBOSE) << "MTP about to splice read fd = " << fd << ", len=" << len; 529 int ret = 0; 530 loff_t dummyoff; 531 while (len > 0) { 532 int read_len = std::min(mMaxRead, len); 533 dummyoff = 0; 534 int n = TEMP_FAILURE_RETRY(splice(fd, &dummyoff, pipe_out, nullptr, read_len, 0)); 535 if (n < 0) { 536 PLOG(ERROR) << "splice read ERROR: fd = " << fd << ", n = " << n; 537 return -1; 538 } 539 ret += n; 540 if (n < read_len) // done reading early 541 break; 542 len -= n; 543 } 544 return ret; 545 } 546 547 int MtpFfsHandle::read(void* data, int len) { 548 return readHandle(mBulkOut, data, len); 549 } 550 551 int MtpFfsHandle::write(const void* data, int len) { 552 return writeHandle(mBulkIn, data, len); 553 } 554 555 int MtpFfsHandle::start() { 556 mLock.lock(); 557 558 mBulkIn.reset(TEMP_FAILURE_RETRY(open(FFS_MTP_EP_IN, O_RDWR))); 559 if (mBulkIn < 0) { 560 PLOG(ERROR) << FFS_MTP_EP_IN << ": cannot open bulk in ep"; 561 return -1; 562 } 563 564 mBulkOut.reset(TEMP_FAILURE_RETRY(open(FFS_MTP_EP_OUT, O_RDWR))); 565 if (mBulkOut < 0) { 566 PLOG(ERROR) << FFS_MTP_EP_OUT << ": cannot open bulk out ep"; 567 return -1; 568 } 569 570 mIntr.reset(TEMP_FAILURE_RETRY(open(FFS_MTP_EP_INTR, O_RDWR))); 571 if (mIntr < 0) { 572 PLOG(ERROR) << FFS_MTP_EP0 << ": cannot open intr ep"; 573 return -1; 574 } 575 576 mBuffer1.resize(MAX_FILE_CHUNK_SIZE); 577 mBuffer2.resize(MAX_FILE_CHUNK_SIZE); 578 posix_madvise(mBuffer1.data(), MAX_FILE_CHUNK_SIZE, 579 POSIX_MADV_SEQUENTIAL | POSIX_MADV_WILLNEED); 580 posix_madvise(mBuffer2.data(), MAX_FILE_CHUNK_SIZE, 581 POSIX_MADV_SEQUENTIAL | POSIX_MADV_WILLNEED); 582 583 // Handle control requests. 584 std::thread t([this]() { this->controlLoop(); }); 585 t.detach(); 586 587 // Get device specific r/w size 588 mMaxWrite = android::base::GetIntProperty("sys.usb.ffs.max_write", USB_FFS_MAX_WRITE); 589 mMaxRead = android::base::GetIntProperty("sys.usb.ffs.max_read", USB_FFS_MAX_READ); 590 591 size_t attempts = 0; 592 while (mMaxWrite >= USB_FFS_MAX_WRITE && mMaxRead >= USB_FFS_MAX_READ && 593 attempts < ENDPOINT_ALLOC_RETRIES) { 594 // If larger contiguous chunks of memory aren't available, attempt to try 595 // smaller allocations. 596 if (ioctl(mBulkIn, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(mMaxWrite)) || 597 ioctl(mBulkOut, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(mMaxRead))) { 598 if (errno == ENODEV) { 599 // Driver hasn't enabled endpoints yet. 600 std::this_thread::sleep_for(std::chrono::milliseconds(100)); 601 attempts += 1; 602 continue; 603 } 604 mMaxWrite /= 2; 605 mMaxRead /=2; 606 } else { 607 return 0; 608 } 609 } 610 // Try to start MtpServer anyway, with the smallest max r/w values 611 PLOG(ERROR) << "Functionfs could not allocate any memory!"; 612 return 0; 613 } 614 615 int MtpFfsHandle::configure(bool usePtp) { 616 // Wait till previous server invocation has closed 617 if (!mLock.try_lock_for(std::chrono::milliseconds(1000))) { 618 LOG(ERROR) << "MtpServer was unable to get configure lock"; 619 return -1; 620 } 621 int ret = 0; 622 623 // If ptp is changed, the configuration must be rewritten 624 if (mPtp != usePtp) { 625 closeEndpoints(); 626 closeConfig(); 627 } 628 mPtp = usePtp; 629 630 if (!initFunctionfs()) { 631 ret = -1; 632 } 633 mLock.unlock(); 634 return ret; 635 } 636 637 void MtpFfsHandle::close() { 638 closeEndpoints(); 639 mLock.unlock(); 640 } 641 642 /* Read from USB and write to a local file. */ 643 int MtpFfsHandle::receiveFile(mtp_file_range mfr, bool zero_packet) { 644 // When receiving files, the incoming length is given in 32 bits. 645 // A >4G file is given as 0xFFFFFFFF 646 uint32_t file_length = mfr.length; 647 uint64_t offset = mfr.offset; 648 struct usb_endpoint_descriptor mBulkOut_desc; 649 int packet_size; 650 651 if (ioctl(mBulkOut, FUNCTIONFS_ENDPOINT_DESC, reinterpret_cast<unsigned long>(&mBulkOut_desc))) { 652 PLOG(ERROR) << "Could not get FFS bulk-out descriptor"; 653 packet_size = MAX_PACKET_SIZE_HS; 654 } else { 655 packet_size = mBulkOut_desc.wMaxPacketSize; 656 } 657 658 char *data = mBuffer1.data(); 659 char *data2 = mBuffer2.data(); 660 661 struct aiocb aio; 662 aio.aio_fildes = mfr.fd; 663 aio.aio_buf = nullptr; 664 struct aiocb *aiol[] = {&aio}; 665 int ret = -1; 666 size_t length; 667 bool read = false; 668 bool write = false; 669 bool short_packet = false; 670 671 posix_fadvise(mfr.fd, 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE); 672 673 // Break down the file into pieces that fit in buffers 674 while (file_length > 0 || write) { 675 if (file_length > 0) { 676 length = std::min(static_cast<uint32_t>(MAX_FILE_CHUNK_SIZE), file_length); 677 678 // Read data from USB, handle errors after waiting for write thread. 679 ret = readHandle(mBulkOut, data, length); 680 681 if (file_length != MAX_MTP_FILE_SIZE && ret < static_cast<int>(length)) { 682 ret = -1; 683 errno = EIO; 684 } 685 read = true; 686 } 687 688 if (write) { 689 // get the return status of the last write request 690 aio_suspend(aiol, 1, nullptr); 691 692 int written = aio_return(&aio); 693 if (written == -1) { 694 errno = aio_error(&aio); 695 return -1; 696 } 697 if (static_cast<size_t>(written) < aio.aio_nbytes) { 698 errno = EIO; 699 return -1; 700 } 701 write = false; 702 } 703 704 // If there was an error reading above 705 if (ret == -1) { 706 return -1; 707 } 708 709 if (read) { 710 if (file_length == MAX_MTP_FILE_SIZE) { 711 // For larger files, receive until a short packet is received. 712 if (static_cast<size_t>(ret) < length) { 713 file_length = 0; 714 short_packet = true; 715 } 716 } else { 717 // Receive an empty packet if size is a multiple of the endpoint size. 718 file_length -= ret; 719 } 720 // Enqueue a new write request 721 aio.aio_buf = data; 722 aio.aio_sink = mfr.fd; 723 aio.aio_offset = offset; 724 aio.aio_nbytes = ret; 725 aio_write(&aio); 726 727 offset += ret; 728 std::swap(data, data2); 729 730 write = true; 731 read = false; 732 } 733 } 734 if ((ret % packet_size == 0 && !short_packet) || zero_packet) { 735 if (TEMP_FAILURE_RETRY(::read(mBulkOut, data, packet_size)) != 0) { 736 return -1; 737 } 738 } 739 return 0; 740 } 741 742 /* Read from a local file and send over USB. */ 743 int MtpFfsHandle::sendFile(mtp_file_range mfr) { 744 uint64_t file_length = mfr.length; 745 uint32_t given_length = std::min(static_cast<uint64_t>(MAX_MTP_FILE_SIZE), 746 file_length + sizeof(mtp_data_header)); 747 uint64_t offset = mfr.offset; 748 struct usb_endpoint_descriptor mBulkIn_desc; 749 int packet_size; 750 751 if (ioctl(mBulkIn, FUNCTIONFS_ENDPOINT_DESC, reinterpret_cast<unsigned long>(&mBulkIn_desc))) { 752 PLOG(ERROR) << "Could not get FFS bulk-in descriptor"; 753 packet_size = MAX_PACKET_SIZE_HS; 754 } else { 755 packet_size = mBulkIn_desc.wMaxPacketSize; 756 } 757 758 // If file_length is larger than a size_t, truncating would produce the wrong comparison. 759 // Instead, promote the left side to 64 bits, then truncate the small result. 760 int init_read_len = std::min( 761 static_cast<uint64_t>(packet_size - sizeof(mtp_data_header)), file_length); 762 763 char *data = mBuffer1.data(); 764 char *data2 = mBuffer2.data(); 765 766 posix_fadvise(mfr.fd, 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE); 767 768 struct aiocb aio; 769 aio.aio_fildes = mfr.fd; 770 struct aiocb *aiol[] = {&aio}; 771 int ret, length; 772 int error = 0; 773 bool read = false; 774 bool write = false; 775 776 // Send the header data 777 mtp_data_header *header = reinterpret_cast<mtp_data_header*>(data); 778 header->length = __cpu_to_le32(given_length); 779 header->type = __cpu_to_le16(2); /* data packet */ 780 header->command = __cpu_to_le16(mfr.command); 781 header->transaction_id = __cpu_to_le32(mfr.transaction_id); 782 783 // Some hosts don't support header/data separation even though MTP allows it 784 // Handle by filling first packet with initial file data 785 if (TEMP_FAILURE_RETRY(pread(mfr.fd, reinterpret_cast<char*>(data) + 786 sizeof(mtp_data_header), init_read_len, offset)) 787 != init_read_len) return -1; 788 if (writeHandle(mBulkIn, data, sizeof(mtp_data_header) + init_read_len) == -1) return -1; 789 file_length -= init_read_len; 790 offset += init_read_len; 791 ret = init_read_len + sizeof(mtp_data_header); 792 793 // Break down the file into pieces that fit in buffers 794 while(file_length > 0) { 795 if (read) { 796 // Wait for the previous read to finish 797 aio_suspend(aiol, 1, nullptr); 798 ret = aio_return(&aio); 799 if (ret == -1) { 800 errno = aio_error(&aio); 801 return -1; 802 } 803 if (static_cast<size_t>(ret) < aio.aio_nbytes) { 804 errno = EIO; 805 return -1; 806 } 807 808 file_length -= ret; 809 offset += ret; 810 std::swap(data, data2); 811 read = false; 812 write = true; 813 } 814 815 if (error == -1) { 816 return -1; 817 } 818 819 if (file_length > 0) { 820 length = std::min(static_cast<uint64_t>(MAX_FILE_CHUNK_SIZE), file_length); 821 // Queue up another read 822 aio.aio_buf = data; 823 aio.aio_offset = offset; 824 aio.aio_nbytes = length; 825 aio_read(&aio); 826 read = true; 827 } 828 829 if (write) { 830 if (writeHandle(mBulkIn, data2, ret) == -1) { 831 error = -1; 832 } 833 write = false; 834 } 835 } 836 837 if (ret % packet_size == 0) { 838 // If the last packet wasn't short, send a final empty packet 839 if (TEMP_FAILURE_RETRY(::write(mBulkIn, data, 0)) != 0) { 840 return -1; 841 } 842 } 843 844 return 0; 845 } 846 847 int MtpFfsHandle::sendEvent(mtp_event me) { 848 // Mimic the behavior of f_mtp by sending the event async. 849 // Events aren't critical to the connection, so we don't need to check the return value. 850 char *temp = new char[me.length]; 851 memcpy(temp, me.data, me.length); 852 me.data = temp; 853 std::thread t([this, me]() { return this->doSendEvent(me); }); 854 t.detach(); 855 return 0; 856 } 857 858 void MtpFfsHandle::doSendEvent(mtp_event me) { 859 unsigned length = me.length; 860 int ret = ::write(mIntr, me.data, length); 861 if (static_cast<unsigned>(ret) != length) 862 PLOG(ERROR) << "Mtp error sending event thread!"; 863 delete[] reinterpret_cast<char*>(me.data); 864 } 865 866 } // namespace android 867 868 IMtpHandle *get_ffs_handle() { 869 return new android::MtpFfsHandle(); 870 } 871 872