1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define TRACE_TAG TRACE_USB 18 19#include "sysdeps.h" 20 21#include <cutils/properties.h> 22#include <dirent.h> 23#include <errno.h> 24#include <linux/usb/ch9.h> 25#include <linux/usb/functionfs.h> 26#include <stdio.h> 27#include <stdlib.h> 28#include <string.h> 29#include <sys/ioctl.h> 30#include <sys/types.h> 31#include <unistd.h> 32 33#include "adb.h" 34#include "transport.h" 35 36#define MAX_PACKET_SIZE_FS 64 37#define MAX_PACKET_SIZE_HS 512 38#define MAX_PACKET_SIZE_SS 1024 39 40#define cpu_to_le16(x) htole16(x) 41#define cpu_to_le32(x) htole32(x) 42 43struct usb_handle 44{ 45 adb_cond_t notify; 46 adb_mutex_t lock; 47 48 int (*write)(usb_handle *h, const void *data, int len); 49 int (*read)(usb_handle *h, void *data, int len); 50 void (*kick)(usb_handle *h); 51 52 // Legacy f_adb 53 int fd; 54 55 // FunctionFS 56 int control; 57 int bulk_out; /* "out" from the host's perspective => source for adbd */ 58 int bulk_in; /* "in" from the host's perspective => sink for adbd */ 59}; 60 61struct func_desc { 62 struct usb_interface_descriptor intf; 63 struct usb_endpoint_descriptor_no_audio source; 64 struct usb_endpoint_descriptor_no_audio sink; 65} __attribute__((packed)); 66 67struct desc_v1 { 68 struct usb_functionfs_descs_head_v1 { 69 __le32 magic; 70 __le32 length; 71 __le32 fs_count; 72 __le32 hs_count; 73 } __attribute__((packed)) header; 74 struct func_desc fs_descs, hs_descs; 75} __attribute__((packed)); 76 77struct desc_v2 { 78 struct usb_functionfs_descs_head_v2 header; 79 // The rest of the structure depends on the flags in the header. 80 __le32 fs_count; 81 __le32 hs_count; 82 struct func_desc fs_descs, hs_descs; 83} __attribute__((packed)); 84 85struct func_desc fs_descriptors = { 86 .intf = { 87 .bLength = sizeof(fs_descriptors.intf), 88 .bDescriptorType = USB_DT_INTERFACE, 89 .bInterfaceNumber = 0, 90 .bNumEndpoints = 2, 91 .bInterfaceClass = ADB_CLASS, 92 .bInterfaceSubClass = ADB_SUBCLASS, 93 .bInterfaceProtocol = ADB_PROTOCOL, 94 .iInterface = 1, /* first string from the provided table */ 95 }, 96 .source = { 97 .bLength = sizeof(fs_descriptors.source), 98 .bDescriptorType = USB_DT_ENDPOINT, 99 .bEndpointAddress = 1 | USB_DIR_OUT, 100 .bmAttributes = USB_ENDPOINT_XFER_BULK, 101 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 102 }, 103 .sink = { 104 .bLength = sizeof(fs_descriptors.sink), 105 .bDescriptorType = USB_DT_ENDPOINT, 106 .bEndpointAddress = 2 | USB_DIR_IN, 107 .bmAttributes = USB_ENDPOINT_XFER_BULK, 108 .wMaxPacketSize = MAX_PACKET_SIZE_FS, 109 }, 110}; 111 112struct func_desc hs_descriptors = { 113 .intf = { 114 .bLength = sizeof(hs_descriptors.intf), 115 .bDescriptorType = USB_DT_INTERFACE, 116 .bInterfaceNumber = 0, 117 .bNumEndpoints = 2, 118 .bInterfaceClass = ADB_CLASS, 119 .bInterfaceSubClass = ADB_SUBCLASS, 120 .bInterfaceProtocol = ADB_PROTOCOL, 121 .iInterface = 1, /* first string from the provided table */ 122 }, 123 .source = { 124 .bLength = sizeof(hs_descriptors.source), 125 .bDescriptorType = USB_DT_ENDPOINT, 126 .bEndpointAddress = 1 | USB_DIR_OUT, 127 .bmAttributes = USB_ENDPOINT_XFER_BULK, 128 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 129 }, 130 .sink = { 131 .bLength = sizeof(hs_descriptors.sink), 132 .bDescriptorType = USB_DT_ENDPOINT, 133 .bEndpointAddress = 2 | USB_DIR_IN, 134 .bmAttributes = USB_ENDPOINT_XFER_BULK, 135 .wMaxPacketSize = MAX_PACKET_SIZE_HS, 136 }, 137}; 138 139#define STR_INTERFACE_ "ADB Interface" 140 141static const struct { 142 struct usb_functionfs_strings_head header; 143 struct { 144 __le16 code; 145 const char str1[sizeof(STR_INTERFACE_)]; 146 } __attribute__((packed)) lang0; 147} __attribute__((packed)) strings = { 148 .header = { 149 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC), 150 .length = cpu_to_le32(sizeof(strings)), 151 .str_count = cpu_to_le32(1), 152 .lang_count = cpu_to_le32(1), 153 }, 154 .lang0 = { 155 cpu_to_le16(0x0409), /* en-us */ 156 STR_INTERFACE_, 157 }, 158}; 159 160 161 162static void *usb_adb_open_thread(void *x) 163{ 164 struct usb_handle *usb = (struct usb_handle *)x; 165 int fd; 166 167 while (true) { 168 // wait until the USB device needs opening 169 adb_mutex_lock(&usb->lock); 170 while (usb->fd != -1) 171 adb_cond_wait(&usb->notify, &usb->lock); 172 adb_mutex_unlock(&usb->lock); 173 174 D("[ usb_thread - opening device ]\n"); 175 do { 176 /* XXX use inotify? */ 177 fd = unix_open("/dev/android_adb", O_RDWR); 178 if (fd < 0) { 179 // to support older kernels 180 fd = unix_open("/dev/android", O_RDWR); 181 } 182 if (fd < 0) { 183 adb_sleep_ms(1000); 184 } 185 } while (fd < 0); 186 D("[ opening device succeeded ]\n"); 187 188 close_on_exec(fd); 189 usb->fd = fd; 190 191 D("[ usb_thread - registering device ]\n"); 192 register_usb_transport(usb, 0, 0, 1); 193 } 194 195 // never gets here 196 return 0; 197} 198 199static int usb_adb_write(usb_handle *h, const void *data, int len) 200{ 201 int n; 202 203 D("about to write (fd=%d, len=%d)\n", h->fd, len); 204 n = adb_write(h->fd, data, len); 205 if(n != len) { 206 D("ERROR: fd = %d, n = %d, errno = %d (%s)\n", 207 h->fd, n, errno, strerror(errno)); 208 return -1; 209 } 210 D("[ done fd=%d ]\n", h->fd); 211 return 0; 212} 213 214static int usb_adb_read(usb_handle *h, void *data, int len) 215{ 216 int n; 217 218 D("about to read (fd=%d, len=%d)\n", h->fd, len); 219 n = adb_read(h->fd, data, len); 220 if(n != len) { 221 D("ERROR: fd = %d, n = %d, errno = %d (%s)\n", 222 h->fd, n, errno, strerror(errno)); 223 return -1; 224 } 225 D("[ done fd=%d ]\n", h->fd); 226 return 0; 227} 228 229static void usb_adb_kick(usb_handle *h) 230{ 231 D("usb_kick\n"); 232 adb_mutex_lock(&h->lock); 233 adb_close(h->fd); 234 h->fd = -1; 235 236 // notify usb_adb_open_thread that we are disconnected 237 adb_cond_signal(&h->notify); 238 adb_mutex_unlock(&h->lock); 239} 240 241static void usb_adb_init() 242{ 243 usb_handle* h = reinterpret_cast<usb_handle*>(calloc(1, sizeof(usb_handle))); 244 if (h == nullptr) fatal("couldn't allocate usb_handle"); 245 246 h->write = usb_adb_write; 247 h->read = usb_adb_read; 248 h->kick = usb_adb_kick; 249 h->fd = -1; 250 251 adb_cond_init(&h->notify, 0); 252 adb_mutex_init(&h->lock, 0); 253 254 // Open the file /dev/android_adb_enable to trigger 255 // the enabling of the adb USB function in the kernel. 256 // We never touch this file again - just leave it open 257 // indefinitely so the kernel will know when we are running 258 // and when we are not. 259 int fd = unix_open("/dev/android_adb_enable", O_RDWR); 260 if (fd < 0) { 261 D("failed to open /dev/android_adb_enable\n"); 262 } else { 263 close_on_exec(fd); 264 } 265 266 D("[ usb_init - starting thread ]\n"); 267 adb_thread_t tid; 268 if(adb_thread_create(&tid, usb_adb_open_thread, h)){ 269 fatal_errno("cannot create usb thread"); 270 } 271} 272 273 274static void init_functionfs(struct usb_handle *h) 275{ 276 ssize_t ret; 277 struct desc_v1 v1_descriptor; 278 struct desc_v2 v2_descriptor; 279 280 v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2); 281 v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor)); 282 v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC; 283 v2_descriptor.fs_count = 3; 284 v2_descriptor.hs_count = 3; 285 v2_descriptor.fs_descs = fs_descriptors; 286 v2_descriptor.hs_descs = hs_descriptors; 287 288 if (h->control < 0) { // might have already done this before 289 D("OPENING %s\n", USB_FFS_ADB_EP0); 290 h->control = adb_open(USB_FFS_ADB_EP0, O_RDWR); 291 if (h->control < 0) { 292 D("[ %s: cannot open control endpoint: errno=%d]\n", USB_FFS_ADB_EP0, errno); 293 goto err; 294 } 295 296 ret = adb_write(h->control, &v2_descriptor, sizeof(v2_descriptor)); 297 if (ret < 0) { 298 v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC); 299 v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor)); 300 v1_descriptor.header.fs_count = 3; 301 v1_descriptor.header.hs_count = 3; 302 v1_descriptor.fs_descs = fs_descriptors; 303 v1_descriptor.hs_descs = hs_descriptors; 304 D("[ %s: Switching to V1_descriptor format errno=%d ]\n", USB_FFS_ADB_EP0, errno); 305 ret = adb_write(h->control, &v1_descriptor, sizeof(v1_descriptor)); 306 if (ret < 0) { 307 D("[ %s: write descriptors failed: errno=%d ]\n", USB_FFS_ADB_EP0, errno); 308 goto err; 309 } 310 } 311 312 ret = adb_write(h->control, &strings, sizeof(strings)); 313 if (ret < 0) { 314 D("[ %s: writing strings failed: errno=%d]\n", USB_FFS_ADB_EP0, errno); 315 goto err; 316 } 317 } 318 319 h->bulk_out = adb_open(USB_FFS_ADB_OUT, O_RDWR); 320 if (h->bulk_out < 0) { 321 D("[ %s: cannot open bulk-out ep: errno=%d ]\n", USB_FFS_ADB_OUT, errno); 322 goto err; 323 } 324 325 h->bulk_in = adb_open(USB_FFS_ADB_IN, O_RDWR); 326 if (h->bulk_in < 0) { 327 D("[ %s: cannot open bulk-in ep: errno=%d ]\n", USB_FFS_ADB_IN, errno); 328 goto err; 329 } 330 331 return; 332 333err: 334 if (h->bulk_in > 0) { 335 adb_close(h->bulk_in); 336 h->bulk_in = -1; 337 } 338 if (h->bulk_out > 0) { 339 adb_close(h->bulk_out); 340 h->bulk_out = -1; 341 } 342 if (h->control > 0) { 343 adb_close(h->control); 344 h->control = -1; 345 } 346 return; 347} 348 349static void *usb_ffs_open_thread(void *x) 350{ 351 struct usb_handle *usb = (struct usb_handle *)x; 352 353 while (true) { 354 // wait until the USB device needs opening 355 adb_mutex_lock(&usb->lock); 356 while (usb->control != -1 && usb->bulk_in != -1 && usb->bulk_out != -1) 357 adb_cond_wait(&usb->notify, &usb->lock); 358 adb_mutex_unlock(&usb->lock); 359 360 while (true) { 361 init_functionfs(usb); 362 363 if (usb->control >= 0 && usb->bulk_in >= 0 && usb->bulk_out >= 0) 364 break; 365 366 adb_sleep_ms(1000); 367 } 368 property_set("sys.usb.ffs.ready", "1"); 369 370 D("[ usb_thread - registering device ]\n"); 371 register_usb_transport(usb, 0, 0, 1); 372 } 373 374 // never gets here 375 return 0; 376} 377 378static int bulk_write(int bulk_in, const uint8_t* buf, size_t length) 379{ 380 size_t count = 0; 381 int ret; 382 383 do { 384 ret = adb_write(bulk_in, buf + count, length - count); 385 if (ret < 0) { 386 if (errno != EINTR) 387 return ret; 388 } else { 389 count += ret; 390 } 391 } while (count < length); 392 393 D("[ bulk_write done fd=%d ]\n", bulk_in); 394 return count; 395} 396 397static int usb_ffs_write(usb_handle* h, const void* data, int len) 398{ 399 D("about to write (fd=%d, len=%d)\n", h->bulk_in, len); 400 int n = bulk_write(h->bulk_in, reinterpret_cast<const uint8_t*>(data), len); 401 if (n != len) { 402 D("ERROR: fd = %d, n = %d: %s\n", h->bulk_in, n, strerror(errno)); 403 return -1; 404 } 405 D("[ done fd=%d ]\n", h->bulk_in); 406 return 0; 407} 408 409static int bulk_read(int bulk_out, uint8_t* buf, size_t length) 410{ 411 size_t count = 0; 412 int ret; 413 414 do { 415 ret = adb_read(bulk_out, buf + count, length - count); 416 if (ret < 0) { 417 if (errno != EINTR) { 418 D("[ bulk_read failed fd=%d length=%zu count=%zu ]\n", 419 bulk_out, length, count); 420 return ret; 421 } 422 } else { 423 count += ret; 424 } 425 } while (count < length); 426 427 return count; 428} 429 430static int usb_ffs_read(usb_handle* h, void* data, int len) 431{ 432 D("about to read (fd=%d, len=%d)\n", h->bulk_out, len); 433 int n = bulk_read(h->bulk_out, reinterpret_cast<uint8_t*>(data), len); 434 if (n != len) { 435 D("ERROR: fd = %d, n = %d: %s\n", h->bulk_out, n, strerror(errno)); 436 return -1; 437 } 438 D("[ done fd=%d ]\n", h->bulk_out); 439 return 0; 440} 441 442static void usb_ffs_kick(usb_handle *h) 443{ 444 int err; 445 446 err = ioctl(h->bulk_in, FUNCTIONFS_CLEAR_HALT); 447 if (err < 0) 448 D("[ kick: source (fd=%d) clear halt failed (%d) ]", h->bulk_in, errno); 449 450 err = ioctl(h->bulk_out, FUNCTIONFS_CLEAR_HALT); 451 if (err < 0) 452 D("[ kick: sink (fd=%d) clear halt failed (%d) ]", h->bulk_out, errno); 453 454 adb_mutex_lock(&h->lock); 455 456 // don't close ep0 here, since we may not need to reinitialize it with 457 // the same descriptors again. if however ep1/ep2 fail to re-open in 458 // init_functionfs, only then would we close and open ep0 again. 459 adb_close(h->bulk_out); 460 adb_close(h->bulk_in); 461 h->bulk_out = h->bulk_in = -1; 462 463 // notify usb_ffs_open_thread that we are disconnected 464 adb_cond_signal(&h->notify); 465 adb_mutex_unlock(&h->lock); 466} 467 468static void usb_ffs_init() 469{ 470 D("[ usb_init - using FunctionFS ]\n"); 471 472 usb_handle* h = reinterpret_cast<usb_handle*>(calloc(1, sizeof(usb_handle))); 473 if (h == nullptr) fatal("couldn't allocate usb_handle"); 474 475 h->write = usb_ffs_write; 476 h->read = usb_ffs_read; 477 h->kick = usb_ffs_kick; 478 h->control = -1; 479 h->bulk_out = -1; 480 h->bulk_out = -1; 481 482 adb_cond_init(&h->notify, 0); 483 adb_mutex_init(&h->lock, 0); 484 485 D("[ usb_init - starting thread ]\n"); 486 adb_thread_t tid; 487 if (adb_thread_create(&tid, usb_ffs_open_thread, h)){ 488 fatal_errno("[ cannot create usb thread ]\n"); 489 } 490} 491 492void usb_init() 493{ 494 if (access(USB_FFS_ADB_EP0, F_OK) == 0) 495 usb_ffs_init(); 496 else 497 usb_adb_init(); 498} 499 500void usb_cleanup() 501{ 502} 503 504int usb_write(usb_handle *h, const void *data, int len) 505{ 506 return h->write(h, data, len); 507} 508 509int usb_read(usb_handle *h, void *data, int len) 510{ 511 return h->read(h, data, len); 512} 513int usb_close(usb_handle *h) 514{ 515 return 0; 516} 517 518void usb_kick(usb_handle *h) 519{ 520 h->kick(h); 521} 522