JdwpAdb.cpp revision 60fc806b679a3655c228b4093058c59941a49cfe
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include "jdwp/JdwpPriv.h" 18#include "jdwp/JdwpHandler.h" 19#include <sys/socket.h> 20#include <sys/un.h> 21#include <errno.h> 22#include <unistd.h> 23#include <cutils/sockets.h> 24 25/* 26 * The JDWP <-> ADB transport protocol is explained in detail 27 * in system/core/adb/jdwp_service.c. Here's a summary. 28 * 29 * 1/ when the JDWP thread starts, it tries to connect to a Unix 30 * domain stream socket (@jdwp-control) that is opened by the 31 * ADB daemon. 32 * 33 * 2/ it then sends the current process PID as a string of 4 hexadecimal 34 * chars (no terminating zero) 35 * 36 * 3/ then, it uses recvmsg to receive file descriptors from the 37 * daemon. each incoming file descriptor is a pass-through to 38 * a given JDWP debugger, that can be used to read the usual 39 * JDWP-handshake, etc... 40 */ 41 42#define kInputBufferSize 8192 43 44#define kMagicHandshake "JDWP-Handshake" 45#define kMagicHandshakeLen (sizeof(kMagicHandshake)-1) 46 47#define kJdwpControlName "\0jdwp-control" 48#define kJdwpControlNameLen (sizeof(kJdwpControlName)-1) 49 50struct JdwpNetState { 51 int controlSock; 52 int clientSock; 53 bool awaitingHandshake; 54 bool shuttingDown; 55 int wakeFds[2]; 56 57 int inputCount; 58 unsigned char inputBuffer[kInputBufferSize]; 59 60 socklen_t controlAddrLen; 61 union { 62 struct sockaddr_un controlAddrUn; 63 struct sockaddr controlAddrPlain; 64 } controlAddr; 65}; 66 67static void 68adbStateFree( JdwpNetState* netState ) 69{ 70 if (netState == NULL) 71 return; 72 73 if (netState->clientSock >= 0) { 74 shutdown(netState->clientSock, SHUT_RDWR); 75 close(netState->clientSock); 76 } 77 if (netState->controlSock >= 0) { 78 shutdown(netState->controlSock, SHUT_RDWR); 79 close(netState->controlSock); 80 } 81 if (netState->wakeFds[0] >= 0) { 82 close(netState->wakeFds[0]); 83 netState->wakeFds[0] = -1; 84 } 85 if (netState->wakeFds[1] >= 0) { 86 close(netState->wakeFds[1]); 87 netState->wakeFds[1] = -1; 88 } 89 90 free(netState); 91} 92 93 94static JdwpNetState* adbStateAlloc() 95{ 96 JdwpNetState* netState = (JdwpNetState*) calloc(sizeof(*netState),1); 97 98 netState->controlSock = -1; 99 netState->clientSock = -1; 100 101 netState->controlAddr.controlAddrUn.sun_family = AF_UNIX; 102 netState->controlAddrLen = 103 sizeof(netState->controlAddr.controlAddrUn.sun_family) + 104 kJdwpControlNameLen; 105 106 memcpy(netState->controlAddr.controlAddrUn.sun_path, 107 kJdwpControlName, kJdwpControlNameLen); 108 109 netState->wakeFds[0] = -1; 110 netState->wakeFds[1] = -1; 111 112 return netState; 113} 114 115 116/* 117 * Do initial prep work, e.g. binding to ports and opening files. This 118 * runs in the main thread, before the JDWP thread starts, so it shouldn't 119 * do anything that might block forever. 120 */ 121static bool startup(struct JdwpState* state, const JdwpStartupParams* pParams) 122{ 123 JdwpNetState* netState; 124 125 LOGV("ADB transport startup"); 126 127 state->netState = netState = adbStateAlloc(); 128 if (netState == NULL) 129 return false; 130 131 return true; 132} 133 134/* 135 * Receive a file descriptor from ADB. The fd can be used to communicate 136 * directly with a debugger or DDMS. 137 * 138 * Returns the file descriptor on success. On failure, returns -1 and 139 * closes netState->controlSock. 140 */ 141static int receiveClientFd(JdwpNetState* netState) 142{ 143 struct msghdr msg; 144 struct cmsghdr* cmsg; 145 struct iovec iov; 146 char dummy = '!'; 147 union { 148 struct cmsghdr cm; 149 char buffer[CMSG_SPACE(sizeof(int))]; 150 } cm_un; 151 int ret; 152 153 iov.iov_base = &dummy; 154 iov.iov_len = 1; 155 msg.msg_name = NULL; 156 msg.msg_namelen = 0; 157 msg.msg_iov = &iov; 158 msg.msg_iovlen = 1; 159 msg.msg_flags = 0; 160 msg.msg_control = cm_un.buffer; 161 msg.msg_controllen = sizeof(cm_un.buffer); 162 163 cmsg = CMSG_FIRSTHDR(&msg); 164 cmsg->cmsg_len = msg.msg_controllen; 165 cmsg->cmsg_level = SOL_SOCKET; 166 cmsg->cmsg_type = SCM_RIGHTS; 167 ((int*)(void*)CMSG_DATA(cmsg))[0] = -1; 168 169 do { 170 ret = recvmsg(netState->controlSock, &msg, 0); 171 } while (ret < 0 && errno == EINTR); 172 173 if (ret <= 0) { 174 if (ret < 0) { 175 LOGW("receiving file descriptor from ADB failed (socket %d): %s", 176 netState->controlSock, strerror(errno)); 177 } else { 178 LOGD("adbd disconnected"); 179 } 180 close(netState->controlSock); 181 netState->controlSock = -1; 182 return -1; 183 } 184 185 return ((int*)(void*)CMSG_DATA(cmsg))[0]; 186} 187 188/* 189 * Block forever, waiting for a debugger to connect to us. Called from the 190 * JDWP thread. 191 * 192 * This needs to un-block and return "false" if the VM is shutting down. It 193 * should return "true" when it successfully accepts a connection. 194 */ 195static bool acceptConnection(struct JdwpState* state) 196{ 197 JdwpNetState* netState = state->netState; 198 int retryCount = 0; 199 200 /* first, ensure that we get a connection to the ADB daemon */ 201 202retry: 203 if (netState->shuttingDown) 204 return false; 205 206 if (netState->controlSock < 0) { 207 int sleep_ms = 500; 208 const int sleep_max_ms = 2*1000; 209 char buff[5]; 210 211 netState->controlSock = socket(PF_UNIX, SOCK_STREAM, 0); 212 if (netState->controlSock < 0) { 213 LOGE("Could not create ADB control socket:%s", 214 strerror(errno)); 215 return false; 216 } 217 218 if (pipe(netState->wakeFds) < 0) { 219 LOGE("pipe failed"); 220 return false; 221 } 222 223 snprintf(buff, sizeof(buff), "%04x", getpid()); 224 buff[4] = 0; 225 226 for (;;) { 227 /* 228 * If adbd isn't running, because USB debugging was disabled or 229 * perhaps the system is restarting it for "adb root", the 230 * connect() will fail. We loop here forever waiting for it 231 * to come back. 232 * 233 * Waking up and polling every couple of seconds is generally a 234 * bad thing to do, but we only do this if the application is 235 * debuggable *and* adbd isn't running. Still, for the sake 236 * of battery life, we should consider timing out and giving 237 * up after a few minutes in case somebody ships an app with 238 * the debuggable flag set. 239 */ 240 int ret = connect(netState->controlSock, 241 &netState->controlAddr.controlAddrPlain, 242 netState->controlAddrLen); 243 if (!ret) { 244 if (!socket_peer_is_trusted(netState->controlSock)) { 245 if (shutdown(netState->controlSock, SHUT_RDWR)) { 246 LOGE("trouble shutting down socket: %s", strerror(errno)); 247 } 248 return false; 249 } 250 251 /* now try to send our pid to the ADB daemon */ 252 do { 253 ret = send( netState->controlSock, buff, 4, 0 ); 254 } while (ret < 0 && errno == EINTR); 255 256 if (ret >= 0) { 257 LOGV("PID sent as '%.*s' to ADB", 4, buff); 258 break; 259 } 260 261 LOGE("Weird, can't send JDWP process pid to ADB: %s", 262 strerror(errno)); 263 return false; 264 } 265 LOGV("Can't connect to ADB control socket:%s", 266 strerror(errno)); 267 268 usleep( sleep_ms*1000 ); 269 270 sleep_ms += (sleep_ms >> 1); 271 if (sleep_ms > sleep_max_ms) 272 sleep_ms = sleep_max_ms; 273 } 274 } 275 276 LOGV("trying to receive file descriptor from ADB"); 277 /* now we can receive a client file descriptor */ 278 netState->clientSock = receiveClientFd(netState); 279 if (netState->shuttingDown) 280 return false; // suppress logs and additional activity 281 282 if (netState->clientSock < 0) { 283 if (++retryCount > 5) { 284 LOGE("adb connection max retries exceeded"); 285 return false; 286 } 287 goto retry; 288 } else { 289 LOGV("received file descriptor %d from ADB", netState->clientSock); 290 netState->awaitingHandshake = 1; 291 netState->inputCount = 0; 292 return true; 293 } 294} 295 296/* 297 * Connect out to a debugger (for server=n). Not required. 298 */ 299static bool establishConnection(struct JdwpState* state) 300{ 301 return false; 302} 303 304/* 305 * Close a connection from a debugger (which may have already dropped us). 306 * Only called from the JDWP thread. 307 */ 308static void closeConnection(struct JdwpState* state) 309{ 310 JdwpNetState* netState; 311 312 assert(state != NULL && state->netState != NULL); 313 314 netState = state->netState; 315 if (netState->clientSock < 0) 316 return; 317 318 LOGV("+++ closed JDWP <-> ADB connection"); 319 320 close(netState->clientSock); 321 netState->clientSock = -1; 322} 323 324/* 325 * Close all network stuff, including the socket we use to listen for 326 * new connections. 327 * 328 * May be called from a non-JDWP thread, e.g. when the VM is shutting down. 329 */ 330static void adbStateShutdown(struct JdwpNetState* netState) 331{ 332 int controlSock; 333 int clientSock; 334 335 if (netState == NULL) 336 return; 337 338 netState->shuttingDown = true; 339 340 clientSock = netState->clientSock; 341 if (clientSock >= 0) { 342 shutdown(clientSock, SHUT_RDWR); 343 netState->clientSock = -1; 344 } 345 346 controlSock = netState->controlSock; 347 if (controlSock >= 0) { 348 shutdown(controlSock, SHUT_RDWR); 349 netState->controlSock = -1; 350 } 351 352 if (netState->wakeFds[1] >= 0) { 353 LOGV("+++ writing to wakePipe"); 354 write(netState->wakeFds[1], "", 1); 355 } 356} 357 358static void netShutdown(JdwpState* state) 359{ 360 adbStateShutdown(state->netState); 361} 362 363/* 364 * Free up anything we put in state->netState. This is called after 365 * "netShutdown", after the JDWP thread has stopped. 366 */ 367static void netFree(struct JdwpState* state) 368{ 369 JdwpNetState* netState = state->netState; 370 371 adbStateFree(netState); 372} 373 374/* 375 * Is a debugger connected to us? 376 */ 377static bool isConnected(struct JdwpState* state) 378{ 379 return (state->netState != NULL && 380 state->netState->clientSock >= 0); 381} 382 383/* 384 * Are we still waiting for the JDWP handshake? 385 */ 386static bool awaitingHandshake(struct JdwpState* state) 387{ 388 return state->netState->awaitingHandshake; 389} 390 391/* 392 * Figure out if we have a full packet in the buffer. 393 */ 394static bool haveFullPacket(JdwpNetState* netState) 395{ 396 long length; 397 398 if (netState->awaitingHandshake) 399 return (netState->inputCount >= (int) kMagicHandshakeLen); 400 401 if (netState->inputCount < 4) 402 return false; 403 404 length = get4BE(netState->inputBuffer); 405 return (netState->inputCount >= length); 406} 407 408/* 409 * Consume bytes from the buffer. 410 * 411 * This would be more efficient with a circular buffer. However, we're 412 * usually only going to find one packet, which is trivial to handle. 413 */ 414static void consumeBytes(JdwpNetState* netState, int count) 415{ 416 assert(count > 0); 417 assert(count <= netState->inputCount); 418 419 if (count == netState->inputCount) { 420 netState->inputCount = 0; 421 return; 422 } 423 424 memmove(netState->inputBuffer, netState->inputBuffer + count, 425 netState->inputCount - count); 426 netState->inputCount -= count; 427} 428 429/* 430 * Handle a packet. Returns "false" if we encounter a connection-fatal error. 431 */ 432static bool handlePacket(JdwpState* state) 433{ 434 JdwpNetState* netState = state->netState; 435 const unsigned char* buf = netState->inputBuffer; 436 JdwpReqHeader hdr; 437 u4 length, id; 438 u1 flags, cmdSet, cmd; 439 u2 error; 440 bool reply; 441 int dataLen; 442 443 cmd = cmdSet = 0; // shut up gcc 444 445 length = read4BE(&buf); 446 id = read4BE(&buf); 447 flags = read1(&buf); 448 if ((flags & kJDWPFlagReply) != 0) { 449 reply = true; 450 error = read2BE(&buf); 451 } else { 452 reply = false; 453 cmdSet = read1(&buf); 454 cmd = read1(&buf); 455 } 456 457 assert((int) length <= netState->inputCount); 458 dataLen = length - (buf - netState->inputBuffer); 459 460 if (!reply) { 461 ExpandBuf* pReply = expandBufAlloc(); 462 463 hdr.length = length; 464 hdr.id = id; 465 hdr.cmdSet = cmdSet; 466 hdr.cmd = cmd; 467 dvmJdwpProcessRequest(state, &hdr, buf, dataLen, pReply); 468 if (expandBufGetLength(pReply) > 0) { 469 int cc; 470 471 /* 472 * TODO: we currently assume the write() will complete in one 473 * go, which may not be safe for a network socket. We may need 474 * to mutex this against sendRequest(). 475 */ 476 cc = write(netState->clientSock, expandBufGetBuffer(pReply), 477 expandBufGetLength(pReply)); 478 if (cc != (int) expandBufGetLength(pReply)) { 479 LOGE("Failed sending reply to debugger: %s", strerror(errno)); 480 expandBufFree(pReply); 481 return false; 482 } 483 } else { 484 LOGW("No reply created for set=%d cmd=%d", cmdSet, cmd); 485 } 486 expandBufFree(pReply); 487 } else { 488 LOGV("reply?!"); 489 assert(false); 490 } 491 492 LOGV("----------"); 493 494 consumeBytes(netState, length); 495 return true; 496} 497 498/* 499 * Process incoming data. If no data is available, this will block until 500 * some arrives. 501 * 502 * If we get a full packet, handle it. 503 * 504 * To take some of the mystery out of life, we want to reject incoming 505 * connections if we already have a debugger attached. If we don't, the 506 * debugger will just mysteriously hang until it times out. We could just 507 * close the listen socket, but there's a good chance we won't be able to 508 * bind to the same port again, which would confuse utilities. 509 * 510 * Returns "false" on error (indicating that the connection has been severed), 511 * "true" if things are still okay. 512 */ 513static bool processIncoming(JdwpState* state) 514{ 515 JdwpNetState* netState = state->netState; 516 int readCount; 517 518 assert(netState->clientSock >= 0); 519 520 if (!haveFullPacket(netState)) { 521 /* read some more, looping until we have data */ 522 errno = 0; 523 while (1) { 524 int selCount; 525 fd_set readfds; 526 int maxfd = -1; 527 int fd; 528 529 FD_ZERO(&readfds); 530 531 /* configure fds; note these may get zapped by another thread */ 532 fd = netState->controlSock; 533 if (fd >= 0) { 534 FD_SET(fd, &readfds); 535 if (maxfd < fd) 536 maxfd = fd; 537 } 538 fd = netState->clientSock; 539 if (fd >= 0) { 540 FD_SET(fd, &readfds); 541 if (maxfd < fd) 542 maxfd = fd; 543 } 544 fd = netState->wakeFds[0]; 545 if (fd >= 0) { 546 FD_SET(fd, &readfds); 547 if (maxfd < fd) 548 maxfd = fd; 549 } else { 550 LOGI("NOTE: entering select w/o wakepipe"); 551 } 552 553 if (maxfd < 0) { 554 LOGV("+++ all fds are closed"); 555 return false; 556 } 557 558 /* 559 * Select blocks until it sees activity on the file descriptors. 560 * Closing the local file descriptor does not count as activity, 561 * so we can't rely on that to wake us up (it works for read() 562 * and accept(), but not select()). 563 * 564 * We can do one of three things: (1) send a signal and catch 565 * EINTR, (2) open an additional fd ("wakePipe") and write to 566 * it when it's time to exit, or (3) time out periodically and 567 * re-issue the select. We're currently using #2, as it's more 568 * reliable than #1 and generally better than #3. Wastes two fds. 569 */ 570 selCount = select(maxfd+1, &readfds, NULL, NULL, NULL); 571 if (selCount < 0) { 572 if (errno == EINTR) 573 continue; 574 LOGE("select failed: %s", strerror(errno)); 575 goto fail; 576 } 577 578 if (netState->wakeFds[0] >= 0 && 579 FD_ISSET(netState->wakeFds[0], &readfds)) 580 { 581 LOGD("Got wake-up signal, bailing out of select"); 582 goto fail; 583 } 584 if (netState->controlSock >= 0 && 585 FD_ISSET(netState->controlSock, &readfds)) 586 { 587 int sock = receiveClientFd(netState); 588 if (sock >= 0) { 589 LOGI("Ignoring second debugger -- accepting and dropping"); 590 close(sock); 591 } else { 592 assert(netState->controlSock < 0); 593 /* 594 * Remote side most likely went away, so our next read 595 * on netState->clientSock will fail and throw us out 596 * of the loop. 597 */ 598 } 599 } 600 if (netState->clientSock >= 0 && 601 FD_ISSET(netState->clientSock, &readfds)) 602 { 603 readCount = read(netState->clientSock, 604 netState->inputBuffer + netState->inputCount, 605 sizeof(netState->inputBuffer) - netState->inputCount); 606 if (readCount < 0) { 607 /* read failed */ 608 if (errno != EINTR) 609 goto fail; 610 LOGD("+++ EINTR hit"); 611 return true; 612 } else if (readCount == 0) { 613 /* EOF hit -- far end went away */ 614 LOGV("+++ peer disconnected"); 615 goto fail; 616 } else 617 break; 618 } 619 } 620 621 netState->inputCount += readCount; 622 if (!haveFullPacket(netState)) 623 return true; /* still not there yet */ 624 } 625 626 /* 627 * Special-case the initial handshake. For some bizarre reason we're 628 * expected to emulate bad tty settings by echoing the request back 629 * exactly as it was sent. Note the handshake is always initiated by 630 * the debugger, no matter who connects to whom. 631 * 632 * Other than this one case, the protocol [claims to be] stateless. 633 */ 634 if (netState->awaitingHandshake) { 635 int cc; 636 637 if (memcmp(netState->inputBuffer, 638 kMagicHandshake, kMagicHandshakeLen) != 0) 639 { 640 LOGE("ERROR: bad handshake '%.14s'", netState->inputBuffer); 641 goto fail; 642 } 643 644 errno = 0; 645 cc = write(netState->clientSock, netState->inputBuffer, 646 kMagicHandshakeLen); 647 if (cc != kMagicHandshakeLen) { 648 LOGE("Failed writing handshake bytes: %s (%d of %d)", 649 strerror(errno), cc, (int) kMagicHandshakeLen); 650 goto fail; 651 } 652 653 consumeBytes(netState, kMagicHandshakeLen); 654 netState->awaitingHandshake = false; 655 LOGV("+++ handshake complete"); 656 return true; 657 } 658 659 /* 660 * Handle this packet. 661 */ 662 return handlePacket(state); 663 664fail: 665 closeConnection(state); 666 return false; 667} 668 669/* 670 * Send a request. 671 * 672 * The entire packet must be sent with a single write() call to avoid 673 * threading issues. 674 * 675 * Returns "true" if it was sent successfully. 676 */ 677static bool sendRequest(JdwpState* state, ExpandBuf* pReq) 678{ 679 JdwpNetState* netState = state->netState; 680 int cc; 681 682 if (netState->clientSock < 0) { 683 /* can happen with some DDMS events */ 684 LOGV("NOT sending request -- no debugger is attached"); 685 return false; 686 } 687 688 /* 689 * TODO: we currently assume the write() will complete in one 690 * go, which may not be safe for a network socket. We may need 691 * to mutex this against handlePacket(). 692 */ 693 errno = 0; 694 cc = write(netState->clientSock, expandBufGetBuffer(pReq), 695 expandBufGetLength(pReq)); 696 if (cc != (int) expandBufGetLength(pReq)) { 697 LOGE("Failed sending req to debugger: %s (%d of %d)", 698 strerror(errno), cc, (int) expandBufGetLength(pReq)); 699 return false; 700 } 701 702 return true; 703} 704 705/* 706 * Send a request that was split into multiple buffers. 707 * 708 * The entire packet must be sent with a single writev() call to avoid 709 * threading issues. 710 * 711 * Returns "true" if it was sent successfully. 712 */ 713static bool sendBufferedRequest(JdwpState* state, const struct iovec* iov, 714 int iovcnt) 715{ 716 JdwpNetState* netState = state->netState; 717 718 if (netState->clientSock < 0) { 719 /* can happen with some DDMS events */ 720 LOGV("NOT sending request -- no debugger is attached"); 721 return false; 722 } 723 724 size_t expected = 0; 725 int i; 726 for (i = 0; i < iovcnt; i++) 727 expected += iov[i].iov_len; 728 729 /* 730 * TODO: we currently assume the writev() will complete in one 731 * go, which may not be safe for a network socket. We may need 732 * to mutex this against handlePacket(). 733 */ 734 ssize_t actual; 735 actual = writev(netState->clientSock, iov, iovcnt); 736 if ((size_t)actual != expected) { 737 LOGE("Failed sending b-req to debugger: %s (%d of %zu)", 738 strerror(errno), (int) actual, expected); 739 return false; 740 } 741 742 return true; 743} 744 745 746/* 747 * Our functions. 748 */ 749static const JdwpTransport socketTransport = { 750 startup, 751 acceptConnection, 752 establishConnection, 753 closeConnection, 754 netShutdown, 755 netFree, 756 isConnected, 757 awaitingHandshake, 758 processIncoming, 759 sendRequest, 760 sendBufferedRequest 761}; 762 763/* 764 * Return our set. 765 */ 766const JdwpTransport* dvmJdwpAndroidAdbTransport() 767{ 768 return &socketTransport; 769} 770