1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <ctype.h> 30 #include <dirent.h> 31 #include <errno.h> 32 #include <fcntl.h> 33 #include <pthread.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <sys/ioctl.h> 38 #include <sys/stat.h> 39 #include <sys/types.h> 40 #include <unistd.h> 41 42 #include <linux/usbdevice_fs.h> 43 #include <linux/version.h> 44 #include <linux/usb/ch9.h> 45 46 #include <chrono> 47 #include <memory> 48 #include <thread> 49 50 #include "fastboot.h" 51 #include "usb.h" 52 53 using namespace std::chrono_literals; 54 55 #define MAX_RETRIES 5 56 57 /* Timeout in seconds for usb_wait_for_disconnect. 58 * It doesn't usually take long for a device to disconnect (almost always 59 * under 2 seconds) but we'll time out after 3 seconds just in case. 60 */ 61 #define WAIT_FOR_DISCONNECT_TIMEOUT 3 62 63 #ifdef TRACE_USB 64 #define DBG1(x...) fprintf(stderr, x) 65 #define DBG(x...) fprintf(stderr, x) 66 #else 67 #define DBG(x...) 68 #define DBG1(x...) 69 #endif 70 71 // Kernels before 3.3 have a 16KiB transfer limit. That limit was replaced 72 // with a 16MiB global limit in 3.3, but each URB submitted required a 73 // contiguous kernel allocation, so you would get ENOMEM if you tried to 74 // send something larger than the biggest available contiguous kernel 75 // memory region. 256KiB contiguous allocations are generally not reliable 76 // on a device kernel that has been running for a while fragmenting its 77 // memory, but that shouldn't be a problem for fastboot on the host. 78 // In 3.6, the contiguous buffer limit was removed by allocating multiple 79 // 16KiB chunks and having the USB driver stitch them back together while 80 // transmitting using a scatter-gather list, so 256KiB bulk transfers should 81 // be reliable. 82 // 256KiB seems to work, but 1MiB bulk transfers lock up my z620 with a 3.13 83 // kernel. 84 #define MAX_USBFS_BULK_SIZE (16 * 1024) 85 86 struct usb_handle 87 { 88 char fname[64]; 89 int desc; 90 unsigned char ep_in; 91 unsigned char ep_out; 92 }; 93 94 class LinuxUsbTransport : public Transport { 95 public: 96 explicit LinuxUsbTransport(std::unique_ptr<usb_handle> handle) : handle_(std::move(handle)) {} 97 ~LinuxUsbTransport() override = default; 98 99 ssize_t Read(void* data, size_t len) override; 100 ssize_t Write(const void* data, size_t len) override; 101 int Close() override; 102 int WaitForDisconnect() override; 103 104 private: 105 std::unique_ptr<usb_handle> handle_; 106 107 DISALLOW_COPY_AND_ASSIGN(LinuxUsbTransport); 108 }; 109 110 /* True if name isn't a valid name for a USB device in /sys/bus/usb/devices. 111 * Device names are made up of numbers, dots, and dashes, e.g., '7-1.5'. 112 * We reject interfaces (e.g., '7-1.5:1.0') and host controllers (e.g. 'usb1'). 113 * The name must also start with a digit, to disallow '.' and '..' 114 */ 115 static inline int badname(const char *name) 116 { 117 if (!isdigit(*name)) 118 return 1; 119 while(*++name) { 120 if(!isdigit(*name) && *name != '.' && *name != '-') 121 return 1; 122 } 123 return 0; 124 } 125 126 static int check(void *_desc, int len, unsigned type, int size) 127 { 128 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)_desc; 129 130 if(len < size) return -1; 131 if(hdr->bLength < size) return -1; 132 if(hdr->bLength > len) return -1; 133 if(hdr->bDescriptorType != type) return -1; 134 135 return 0; 136 } 137 138 static int filter_usb_device(char* sysfs_name, 139 char *ptr, int len, int writable, 140 ifc_match_func callback, 141 int *ept_in_id, int *ept_out_id, int *ifc_id) 142 { 143 struct usb_device_descriptor *dev; 144 struct usb_config_descriptor *cfg; 145 struct usb_interface_descriptor *ifc; 146 struct usb_endpoint_descriptor *ept; 147 struct usb_ifc_info info; 148 149 int in, out; 150 unsigned i; 151 unsigned e; 152 153 if (check(ptr, len, USB_DT_DEVICE, USB_DT_DEVICE_SIZE)) 154 return -1; 155 dev = (struct usb_device_descriptor *)ptr; 156 len -= dev->bLength; 157 ptr += dev->bLength; 158 159 if (check(ptr, len, USB_DT_CONFIG, USB_DT_CONFIG_SIZE)) 160 return -1; 161 cfg = (struct usb_config_descriptor *)ptr; 162 len -= cfg->bLength; 163 ptr += cfg->bLength; 164 165 info.dev_vendor = dev->idVendor; 166 info.dev_product = dev->idProduct; 167 info.dev_class = dev->bDeviceClass; 168 info.dev_subclass = dev->bDeviceSubClass; 169 info.dev_protocol = dev->bDeviceProtocol; 170 info.writable = writable; 171 172 snprintf(info.device_path, sizeof(info.device_path), "usb:%s", sysfs_name); 173 174 /* Read device serial number (if there is one). 175 * We read the serial number from sysfs, since it's faster and more 176 * reliable than issuing a control pipe read, and also won't 177 * cause problems for devices which don't like getting descriptor 178 * requests while they're in the middle of flashing. 179 */ 180 info.serial_number[0] = '\0'; 181 if (dev->iSerialNumber) { 182 char path[80]; 183 int fd; 184 185 snprintf(path, sizeof(path), 186 "/sys/bus/usb/devices/%s/serial", sysfs_name); 187 path[sizeof(path) - 1] = '\0'; 188 189 fd = open(path, O_RDONLY); 190 if (fd >= 0) { 191 int chars_read = read(fd, info.serial_number, 192 sizeof(info.serial_number) - 1); 193 close(fd); 194 195 if (chars_read <= 0) 196 info.serial_number[0] = '\0'; 197 else if (info.serial_number[chars_read - 1] == '\n') { 198 // strip trailing newline 199 info.serial_number[chars_read - 1] = '\0'; 200 } 201 } 202 } 203 204 for(i = 0; i < cfg->bNumInterfaces; i++) { 205 206 while (len > 0) { 207 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr; 208 if (check(hdr, len, USB_DT_INTERFACE, USB_DT_INTERFACE_SIZE) == 0) 209 break; 210 len -= hdr->bLength; 211 ptr += hdr->bLength; 212 } 213 214 if (len <= 0) 215 return -1; 216 217 ifc = (struct usb_interface_descriptor *)ptr; 218 len -= ifc->bLength; 219 ptr += ifc->bLength; 220 221 in = -1; 222 out = -1; 223 info.ifc_class = ifc->bInterfaceClass; 224 info.ifc_subclass = ifc->bInterfaceSubClass; 225 info.ifc_protocol = ifc->bInterfaceProtocol; 226 227 for(e = 0; e < ifc->bNumEndpoints; e++) { 228 while (len > 0) { 229 struct usb_descriptor_header *hdr = (struct usb_descriptor_header *)ptr; 230 if (check(hdr, len, USB_DT_ENDPOINT, USB_DT_ENDPOINT_SIZE) == 0) 231 break; 232 len -= hdr->bLength; 233 ptr += hdr->bLength; 234 } 235 if (len < 0) { 236 break; 237 } 238 239 ept = (struct usb_endpoint_descriptor *)ptr; 240 len -= ept->bLength; 241 ptr += ept->bLength; 242 243 if((ept->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) != USB_ENDPOINT_XFER_BULK) 244 continue; 245 246 if(ept->bEndpointAddress & USB_ENDPOINT_DIR_MASK) { 247 in = ept->bEndpointAddress; 248 } else { 249 out = ept->bEndpointAddress; 250 } 251 252 // For USB 3.0 devices skip the SS Endpoint Companion descriptor 253 if (check((struct usb_descriptor_hdr *)ptr, len, 254 USB_DT_SS_ENDPOINT_COMP, USB_DT_SS_EP_COMP_SIZE) == 0) { 255 len -= USB_DT_SS_EP_COMP_SIZE; 256 ptr += USB_DT_SS_EP_COMP_SIZE; 257 } 258 } 259 260 info.has_bulk_in = (in != -1); 261 info.has_bulk_out = (out != -1); 262 263 if(callback(&info) == 0) { 264 *ept_in_id = in; 265 *ept_out_id = out; 266 *ifc_id = ifc->bInterfaceNumber; 267 return 0; 268 } 269 } 270 271 return -1; 272 } 273 274 static int read_sysfs_string(const char *sysfs_name, const char *sysfs_node, 275 char* buf, int bufsize) 276 { 277 char path[80]; 278 int fd, n; 279 280 snprintf(path, sizeof(path), 281 "/sys/bus/usb/devices/%s/%s", sysfs_name, sysfs_node); 282 path[sizeof(path) - 1] = '\0'; 283 284 fd = open(path, O_RDONLY); 285 if (fd < 0) 286 return -1; 287 288 n = read(fd, buf, bufsize - 1); 289 close(fd); 290 291 if (n < 0) 292 return -1; 293 294 buf[n] = '\0'; 295 296 return n; 297 } 298 299 static int read_sysfs_number(const char *sysfs_name, const char *sysfs_node) 300 { 301 char buf[16]; 302 int value; 303 304 if (read_sysfs_string(sysfs_name, sysfs_node, buf, sizeof(buf)) < 0) 305 return -1; 306 307 if (sscanf(buf, "%d", &value) != 1) 308 return -1; 309 310 return value; 311 } 312 313 /* Given the name of a USB device in sysfs, get the name for the same 314 * device in devfs. Returns 0 for success, -1 for failure. 315 */ 316 static int convert_to_devfs_name(const char* sysfs_name, 317 char* devname, int devname_size) 318 { 319 int busnum, devnum; 320 321 busnum = read_sysfs_number(sysfs_name, "busnum"); 322 if (busnum < 0) 323 return -1; 324 325 devnum = read_sysfs_number(sysfs_name, "devnum"); 326 if (devnum < 0) 327 return -1; 328 329 snprintf(devname, devname_size, "/dev/bus/usb/%03d/%03d", busnum, devnum); 330 return 0; 331 } 332 333 static std::unique_ptr<usb_handle> find_usb_device(const char* base, ifc_match_func callback) 334 { 335 std::unique_ptr<usb_handle> usb; 336 char devname[64]; 337 char desc[1024]; 338 int n, in, out, ifc; 339 340 struct dirent *de; 341 int fd; 342 int writable; 343 344 std::unique_ptr<DIR, decltype(&closedir)> busdir(opendir(base), closedir); 345 if (busdir == 0) return 0; 346 347 while ((de = readdir(busdir.get())) && (usb == nullptr)) { 348 if (badname(de->d_name)) continue; 349 350 if (!convert_to_devfs_name(de->d_name, devname, sizeof(devname))) { 351 352 // DBG("[ scanning %s ]\n", devname); 353 writable = 1; 354 if ((fd = open(devname, O_RDWR)) < 0) { 355 // Check if we have read-only access, so we can give a helpful 356 // diagnostic like "adb devices" does. 357 writable = 0; 358 if ((fd = open(devname, O_RDONLY)) < 0) { 359 continue; 360 } 361 } 362 363 n = read(fd, desc, sizeof(desc)); 364 365 if (filter_usb_device(de->d_name, desc, n, writable, callback, &in, &out, &ifc) == 0) { 366 usb.reset(new usb_handle()); 367 strcpy(usb->fname, devname); 368 usb->ep_in = in; 369 usb->ep_out = out; 370 usb->desc = fd; 371 372 n = ioctl(fd, USBDEVFS_CLAIMINTERFACE, &ifc); 373 if (n != 0) { 374 close(fd); 375 usb.reset(); 376 continue; 377 } 378 } else { 379 close(fd); 380 } 381 } 382 } 383 384 return usb; 385 } 386 387 ssize_t LinuxUsbTransport::Write(const void* _data, size_t len) 388 { 389 unsigned char *data = (unsigned char*) _data; 390 unsigned count = 0; 391 struct usbdevfs_bulktransfer bulk; 392 int n; 393 394 if (handle_->ep_out == 0 || handle_->desc == -1) { 395 return -1; 396 } 397 398 do { 399 int xfer; 400 xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len; 401 402 bulk.ep = handle_->ep_out; 403 bulk.len = xfer; 404 bulk.data = data; 405 bulk.timeout = 0; 406 407 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk); 408 if(n != xfer) { 409 DBG("ERROR: n = %d, errno = %d (%s)\n", 410 n, errno, strerror(errno)); 411 return -1; 412 } 413 414 count += xfer; 415 len -= xfer; 416 data += xfer; 417 } while(len > 0); 418 419 return count; 420 } 421 422 ssize_t LinuxUsbTransport::Read(void* _data, size_t len) 423 { 424 unsigned char *data = (unsigned char*) _data; 425 unsigned count = 0; 426 struct usbdevfs_bulktransfer bulk; 427 int n, retry; 428 429 if (handle_->ep_in == 0 || handle_->desc == -1) { 430 return -1; 431 } 432 433 while (len > 0) { 434 int xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len; 435 436 bulk.ep = handle_->ep_in; 437 bulk.len = xfer; 438 bulk.data = data; 439 bulk.timeout = 0; 440 retry = 0; 441 442 do { 443 DBG("[ usb read %d fd = %d], fname=%s\n", xfer, handle_->desc, handle_->fname); 444 n = ioctl(handle_->desc, USBDEVFS_BULK, &bulk); 445 DBG("[ usb read %d ] = %d, fname=%s, Retry %d \n", xfer, n, handle_->fname, retry); 446 447 if (n < 0) { 448 DBG1("ERROR: n = %d, errno = %d (%s)\n",n, errno, strerror(errno)); 449 if (++retry > MAX_RETRIES) return -1; 450 std::this_thread::sleep_for(1s); 451 } 452 } while (n < 0); 453 454 count += n; 455 len -= n; 456 data += n; 457 458 if(n < xfer) { 459 break; 460 } 461 } 462 463 return count; 464 } 465 466 int LinuxUsbTransport::Close() 467 { 468 int fd; 469 470 fd = handle_->desc; 471 handle_->desc = -1; 472 if(fd >= 0) { 473 close(fd); 474 DBG("[ usb closed %d ]\n", fd); 475 } 476 477 return 0; 478 } 479 480 Transport* usb_open(ifc_match_func callback) 481 { 482 std::unique_ptr<usb_handle> handle = find_usb_device("/sys/bus/usb/devices", callback); 483 return handle ? new LinuxUsbTransport(std::move(handle)) : nullptr; 484 } 485 486 /* Wait for the system to notice the device is gone, so that a subsequent 487 * fastboot command won't try to access the device before it's rebooted. 488 * Returns 0 for success, -1 for timeout. 489 */ 490 int LinuxUsbTransport::WaitForDisconnect() 491 { 492 double deadline = now() + WAIT_FOR_DISCONNECT_TIMEOUT; 493 while (now() < deadline) { 494 if (access(handle_->fname, F_OK)) return 0; 495 std::this_thread::sleep_for(50ms); 496 } 497 return -1; 498 } 499