1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define TRACE_TAG USB 18 19 #include "sysdeps.h" 20 21 #include <dirent.h> 22 #include <errno.h> 23 #include <linux/usb/ch9.h> 24 #include <linux/usb/functionfs.h> 25 #include <stdio.h> 26 #include <stdlib.h> 27 #include <string.h> 28 #include <sys/ioctl.h> 29 #include <sys/types.h> 30 #include <unistd.h> 31 32 #include <algorithm> 33 #include <atomic> 34 #include <chrono> 35 #include <condition_variable> 36 #include <mutex> 37 #include <thread> 38 39 #include <android-base/logging.h> 40 #include <android-base/properties.h> 41 42 #include "adb.h" 43 #include "daemon/usb.h" 44 #include "transport.h" 45 46 using namespace std::chrono_literals; 47 48 #define MAX_PACKET_SIZE_FS 64 49 #define MAX_PACKET_SIZE_HS 512 50 #define MAX_PACKET_SIZE_SS 1024 51 52 // Kernels before 3.3 have a 16KiB transfer limit That limit was replaced 53 // with a 16MiB global limit in 3.3, but each URB submitted required a 54 // contiguous kernel allocation, so you would get ENOMEM if you tried to 55 // send something larger than the biggest available contiguous kernel 56 // memory region. Large contiguous allocations could be unreliable 57 // on a device kernel that has been running for a while fragmenting its 58 // memory so we start with a larger allocation, and shrink the amount if 59 // necessary. 60 #define USB_FFS_BULK_SIZE 16384 61 62 #define cpu_to_le16(x) htole16(x) 63 #define cpu_to_le32(x) htole32(x) 64 65 #define FUNCTIONFS_ENDPOINT_ALLOC _IOR('g', 231, __u32) 66 67 static constexpr size_t ENDPOINT_ALLOC_RETRIES = 10; 68 69 static int dummy_fd = -1; 70 71 struct func_desc { 72 struct usb_interface_descriptor intf; 73 struct usb_endpoint_descriptor_no_audio source; 74 struct usb_endpoint_descriptor_no_audio sink; 75 } __attribute__((packed)); 76 77 struct ss_func_desc { 78 struct usb_interface_descriptor intf; 79 struct usb_endpoint_descriptor_no_audio source; 80 struct usb_ss_ep_comp_descriptor source_comp; 81 struct usb_endpoint_descriptor_no_audio sink; 82 struct usb_ss_ep_comp_descriptor sink_comp; 83 } __attribute__((packed)); 84 85 struct desc_v1 { 86 struct usb_functionfs_descs_head_v1 { 87 __le32 magic; 88 __le32 length; 89 __le32 fs_count; 90 __le32 hs_count; 91 } __attribute__((packed)) header; 92 struct func_desc fs_descs, hs_descs; 93 } __attribute__((packed)); 94 95 struct desc_v2 { 96 struct usb_functionfs_descs_head_v2 header; 97 // The rest of the structure depends on the flags in the header. 98 __le32 fs_count; 99 __le32 hs_count; 100 __le32 ss_count; 101 __le32 os_count; 102 struct func_desc fs_descs, hs_descs; 103 struct ss_func_desc ss_descs; 104 struct usb_os_desc_header os_header; 105 struct usb_ext_compat_desc os_desc; 106 } __attribute__((packed)); 107 108 static struct func_desc fs_descriptors = { 109 .intf = { 110 .bLength = sizeof(fs_descriptors.intf), 111 .bDescriptorType = USB_DT_INTERFACE, 112 .bInterfaceNumber = 0, 113 .bNumEndpoints = 2, 114 .bInterfaceClass = ADB_CLASS, 115 .bInterfaceSubClass = ADB_SUBCLASS, 116 .bInterfaceProtocol = ADB_PROTOCOL, 117 .iInterface = 1, /* first string from the provided table */ 118 }, 119 .source = { 120 .bLength = sizeof(fs_descriptors.source), 121 .bDescriptorType = USB_DT_ENDPOINT, 122 .bEndpointAddress = 1 | USB_DIR_OUT, 123 .bmAttributes = USB_ENDPOINT_XFER_BULK, 124 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 125 }, 126 .sink = { 127 .bLength = sizeof(fs_descriptors.sink), 128 .bDescriptorType = USB_DT_ENDPOINT, 129 .bEndpointAddress = 2 | USB_DIR_IN, 130 .bmAttributes = USB_ENDPOINT_XFER_BULK, 131 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 132 }, 133 }; 134 135 static struct func_desc hs_descriptors = { 136 .intf = { 137 .bLength = sizeof(hs_descriptors.intf), 138 .bDescriptorType = USB_DT_INTERFACE, 139 .bInterfaceNumber = 0, 140 .bNumEndpoints = 2, 141 .bInterfaceClass = ADB_CLASS, 142 .bInterfaceSubClass = ADB_SUBCLASS, 143 .bInterfaceProtocol = ADB_PROTOCOL, 144 .iInterface = 1, /* first string from the provided table */ 145 }, 146 .source = { 147 .bLength = sizeof(hs_descriptors.source), 148 .bDescriptorType = USB_DT_ENDPOINT, 149 .bEndpointAddress = 1 | USB_DIR_OUT, 150 .bmAttributes = USB_ENDPOINT_XFER_BULK, 151 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 152 }, 153 .sink = { 154 .bLength = sizeof(hs_descriptors.sink), 155 .bDescriptorType = USB_DT_ENDPOINT, 156 .bEndpointAddress = 2 | USB_DIR_IN, 157 .bmAttributes = USB_ENDPOINT_XFER_BULK, 158 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 159 }, 160 }; 161 162 static struct ss_func_desc ss_descriptors = { 163 .intf = { 164 .bLength = sizeof(ss_descriptors.intf), 165 .bDescriptorType = USB_DT_INTERFACE, 166 .bInterfaceNumber = 0, 167 .bNumEndpoints = 2, 168 .bInterfaceClass = ADB_CLASS, 169 .bInterfaceSubClass = ADB_SUBCLASS, 170 .bInterfaceProtocol = ADB_PROTOCOL, 171 .iInterface = 1, /* first string from the provided table */ 172 }, 173 .source = { 174 .bLength = sizeof(ss_descriptors.source), 175 .bDescriptorType = USB_DT_ENDPOINT, 176 .bEndpointAddress = 1 | USB_DIR_OUT, 177 .bmAttributes = USB_ENDPOINT_XFER_BULK, 178 .wMaxPacketSize = MAX_PACKET_SIZE_SS, 179 }, 180 .source_comp = { 181 .bLength = sizeof(ss_descriptors.source_comp), 182 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 183 .bMaxBurst = 4, 184 }, 185 .sink = { 186 .bLength = sizeof(ss_descriptors.sink), 187 .bDescriptorType = USB_DT_ENDPOINT, 188 .bEndpointAddress = 2 | USB_DIR_IN, 189 .bmAttributes = USB_ENDPOINT_XFER_BULK, 190 .wMaxPacketSize = MAX_PACKET_SIZE_SS, 191 }, 192 .sink_comp = { 193 .bLength = sizeof(ss_descriptors.sink_comp), 194 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 195 .bMaxBurst = 4, 196 }, 197 }; 198 199 struct usb_ext_compat_desc os_desc_compat = { 200 .bFirstInterfaceNumber = 0, 201 .Reserved1 = cpu_to_le32(1), 202 .CompatibleID = {0}, 203 .SubCompatibleID = {0}, 204 .Reserved2 = {0}, 205 }; 206 207 static struct usb_os_desc_header os_desc_header = { 208 .interface = cpu_to_le32(1), 209 .dwLength = cpu_to_le32(sizeof(os_desc_header) + sizeof(os_desc_compat)), 210 .bcdVersion = cpu_to_le32(1), 211 .wIndex = cpu_to_le32(4), 212 .bCount = cpu_to_le32(1), 213 .Reserved = cpu_to_le32(0), 214 }; 215 216 #define STR_INTERFACE_ "ADB Interface" 217 218 static const struct { 219 struct usb_functionfs_strings_head header; 220 struct { 221 __le16 code; 222 const char str1[sizeof(STR_INTERFACE_)]; 223 } __attribute__((packed)) lang0; 224 } __attribute__((packed)) strings = { 225 .header = { 226 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC), 227 .length = cpu_to_le32(sizeof(strings)), 228 .str_count = cpu_to_le32(1), 229 .lang_count = cpu_to_le32(1), 230 }, 231 .lang0 = { 232 cpu_to_le16(0x0409), /* en-us */ 233 STR_INTERFACE_, 234 }, 235 }; 236 237 bool init_functionfs(struct usb_handle* h) { 238 LOG(INFO) << "initializing functionfs"; 239 240 ssize_t ret; 241 struct desc_v1 v1_descriptor; 242 struct desc_v2 v2_descriptor; 243 size_t retries = 0; 244 245 v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2); 246 v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor)); 247 v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC | 248 FUNCTIONFS_HAS_SS_DESC | FUNCTIONFS_HAS_MS_OS_DESC; 249 v2_descriptor.fs_count = 3; 250 v2_descriptor.hs_count = 3; 251 v2_descriptor.ss_count = 5; 252 v2_descriptor.os_count = 1; 253 v2_descriptor.fs_descs = fs_descriptors; 254 v2_descriptor.hs_descs = hs_descriptors; 255 v2_descriptor.ss_descs = ss_descriptors; 256 v2_descriptor.os_header = os_desc_header; 257 v2_descriptor.os_desc = os_desc_compat; 258 259 if (h->control < 0) { // might have already done this before 260 LOG(INFO) << "opening control endpoint " << USB_FFS_ADB_EP0; 261 h->control = adb_open(USB_FFS_ADB_EP0, O_RDWR); 262 if (h->control < 0) { 263 PLOG(ERROR) << "cannot open control endpoint " << USB_FFS_ADB_EP0; 264 goto err; 265 } 266 267 ret = adb_write(h->control, &v2_descriptor, sizeof(v2_descriptor)); 268 if (ret < 0) { 269 v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC); 270 v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor)); 271 v1_descriptor.header.fs_count = 3; 272 v1_descriptor.header.hs_count = 3; 273 v1_descriptor.fs_descs = fs_descriptors; 274 v1_descriptor.hs_descs = hs_descriptors; 275 D("[ %s: Switching to V1_descriptor format errno=%d ]", USB_FFS_ADB_EP0, errno); 276 ret = adb_write(h->control, &v1_descriptor, sizeof(v1_descriptor)); 277 if (ret < 0) { 278 D("[ %s: write descriptors failed: errno=%d ]", USB_FFS_ADB_EP0, errno); 279 goto err; 280 } 281 } 282 283 ret = adb_write(h->control, &strings, sizeof(strings)); 284 if (ret < 0) { 285 D("[ %s: writing strings failed: errno=%d]", USB_FFS_ADB_EP0, errno); 286 goto err; 287 } 288 //Signal only when writing the descriptors to ffs 289 android::base::SetProperty("sys.usb.ffs.ready", "1"); 290 } 291 292 h->bulk_out = adb_open(USB_FFS_ADB_OUT, O_RDWR); 293 if (h->bulk_out < 0) { 294 PLOG(ERROR) << "cannot open bulk-out endpoint " << USB_FFS_ADB_OUT; 295 goto err; 296 } 297 298 h->bulk_in = adb_open(USB_FFS_ADB_IN, O_RDWR); 299 if (h->bulk_in < 0) { 300 PLOG(ERROR) << "cannot open bulk-in endpoint " << USB_FFS_ADB_IN; 301 goto err; 302 } 303 304 h->max_rw = MAX_PAYLOAD; 305 while (h->max_rw >= USB_FFS_BULK_SIZE && retries < ENDPOINT_ALLOC_RETRIES) { 306 int ret_in = ioctl(h->bulk_in, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw)); 307 int errno_in = errno; 308 int ret_out = ioctl(h->bulk_out, FUNCTIONFS_ENDPOINT_ALLOC, static_cast<__u32>(h->max_rw)); 309 int errno_out = errno; 310 311 if (ret_in || ret_out) { 312 if (errno_in == ENODEV || errno_out == ENODEV) { 313 std::this_thread::sleep_for(100ms); 314 retries += 1; 315 continue; 316 } 317 h->max_rw /= 2; 318 } else { 319 return true; 320 } 321 } 322 323 D("[ adb: cannot call endpoint alloc: errno=%d ]", errno); 324 // Kernel pre-allocation could have failed for recoverable reasons. 325 // Continue running with a safe max rw size. 326 h->max_rw = USB_FFS_BULK_SIZE; 327 return true; 328 329 err: 330 if (h->bulk_in > 0) { 331 adb_close(h->bulk_in); 332 h->bulk_in = -1; 333 } 334 if (h->bulk_out > 0) { 335 adb_close(h->bulk_out); 336 h->bulk_out = -1; 337 } 338 if (h->control > 0) { 339 adb_close(h->control); 340 h->control = -1; 341 } 342 return false; 343 } 344 345 static void usb_ffs_open_thread(void* x) { 346 struct usb_handle* usb = (struct usb_handle*)x; 347 348 adb_thread_setname("usb ffs open"); 349 350 while (true) { 351 // wait until the USB device needs opening 352 std::unique_lock<std::mutex> lock(usb->lock); 353 while (!usb->open_new_connection) { 354 usb->notify.wait(lock); 355 } 356 usb->open_new_connection = false; 357 lock.unlock(); 358 359 while (true) { 360 if (init_functionfs(usb)) { 361 LOG(INFO) << "functionfs successfully initialized"; 362 break; 363 } 364 std::this_thread::sleep_for(1s); 365 } 366 367 LOG(INFO) << "registering usb transport"; 368 register_usb_transport(usb, 0, 0, 1); 369 } 370 371 // never gets here 372 abort(); 373 } 374 375 static int usb_ffs_write(usb_handle* h, const void* data, int len) { 376 D("about to write (fd=%d, len=%d)", h->bulk_in, len); 377 378 const char* buf = static_cast<const char*>(data); 379 while (len > 0) { 380 int write_len = std::min(h->max_rw, len); 381 int n = adb_write(h->bulk_in, buf, write_len); 382 if (n < 0) { 383 D("ERROR: fd = %d, n = %d: %s", h->bulk_in, n, strerror(errno)); 384 return -1; 385 } 386 buf += n; 387 len -= n; 388 } 389 390 D("[ done fd=%d ]", h->bulk_in); 391 return 0; 392 } 393 394 static int usb_ffs_read(usb_handle* h, void* data, int len) { 395 D("about to read (fd=%d, len=%d)", h->bulk_out, len); 396 397 char* buf = static_cast<char*>(data); 398 while (len > 0) { 399 int read_len = std::min(h->max_rw, len); 400 int n = adb_read(h->bulk_out, buf, read_len); 401 if (n < 0) { 402 D("ERROR: fd = %d, n = %d: %s", h->bulk_out, n, strerror(errno)); 403 return -1; 404 } 405 buf += n; 406 len -= n; 407 } 408 409 D("[ done fd=%d ]", h->bulk_out); 410 return 0; 411 } 412 413 static void usb_ffs_kick(usb_handle* h) { 414 int err; 415 416 err = ioctl(h->bulk_in, FUNCTIONFS_CLEAR_HALT); 417 if (err < 0) { 418 D("[ kick: source (fd=%d) clear halt failed (%d) ]", h->bulk_in, errno); 419 } 420 421 err = ioctl(h->bulk_out, FUNCTIONFS_CLEAR_HALT); 422 if (err < 0) { 423 D("[ kick: sink (fd=%d) clear halt failed (%d) ]", h->bulk_out, errno); 424 } 425 426 // don't close ep0 here, since we may not need to reinitialize it with 427 // the same descriptors again. if however ep1/ep2 fail to re-open in 428 // init_functionfs, only then would we close and open ep0 again. 429 // Ditto the comment in usb_adb_kick. 430 h->kicked = true; 431 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_out)); 432 TEMP_FAILURE_RETRY(dup2(dummy_fd, h->bulk_in)); 433 } 434 435 static void usb_ffs_close(usb_handle* h) { 436 LOG(INFO) << "closing functionfs transport"; 437 438 h->kicked = false; 439 adb_close(h->bulk_out); 440 adb_close(h->bulk_in); 441 // Notify usb_adb_open_thread to open a new connection. 442 h->lock.lock(); 443 h->open_new_connection = true; 444 h->lock.unlock(); 445 h->notify.notify_one(); 446 } 447 448 static void usb_ffs_init() { 449 D("[ usb_init - using FunctionFS ]"); 450 451 usb_handle* h = new usb_handle(); 452 453 h->write = usb_ffs_write; 454 h->read = usb_ffs_read; 455 h->kick = usb_ffs_kick; 456 h->close = usb_ffs_close; 457 458 D("[ usb_init - starting thread ]"); 459 std::thread(usb_ffs_open_thread, h).detach(); 460 } 461 462 void usb_init() { 463 dummy_fd = adb_open("/dev/null", O_WRONLY); 464 CHECK_NE(dummy_fd, -1); 465 usb_ffs_init(); 466 } 467 468 int usb_write(usb_handle* h, const void* data, int len) { 469 return h->write(h, data, len); 470 } 471 472 int usb_read(usb_handle* h, void* data, int len) { 473 return h->read(h, data, len); 474 } 475 476 int usb_close(usb_handle* h) { 477 h->close(h); 478 return 0; 479 } 480 481 void usb_kick(usb_handle* h) { 482 h->kick(h); 483 } 484
