1 /*
2  * Copyright (C) 2007 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "usb.h"
18 #include "usb_iouring.h"
19 
20 #include <dirent.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <sys/ioctl.h>
26 #include <sys/mman.h>
27 #include <sys/types.h>
28 #include <unistd.h>
29 
30 #include <linux/usb/ch9.h>
31 #include <linux/usb/functionfs.h>
32 #include <sys/utsname.h>
33 
34 #include <algorithm>
35 #include <atomic>
36 #include <chrono>
37 #include <condition_variable>
38 #include <mutex>
39 #include <thread>
40 
41 #include <android-base/logging.h>
42 #include <android-base/properties.h>
43 #include <liburing.h>
44 
45 using namespace std::chrono_literals;
46 
47 #define D(...)
48 #define MAX_PACKET_SIZE_FS 64
49 #define MAX_PACKET_SIZE_HS 512
50 #define MAX_PACKET_SIZE_SS 1024
51 
52 #define USB_FFS_BULK_SIZE 16384
53 
54 // Number of buffers needed to fit MAX_PAYLOAD, with an extra for ZLPs.
55 #define USB_FFS_NUM_BUFS ((4 * MAX_PAYLOAD / USB_FFS_BULK_SIZE) + 1)
56 
aio_block_init(aio_block * aiob,unsigned num_bufs)57 static void aio_block_init(aio_block* aiob, unsigned num_bufs) {
58     aiob->iocb.resize(num_bufs);
59     aiob->iocbs.resize(num_bufs);
60     aiob->events.resize(num_bufs);
61     aiob->num_submitted = 0;
62     for (unsigned i = 0; i < num_bufs; i++) {
63         aiob->iocbs[i] = &aiob->iocb[i];
64     }
65     memset(&aiob->ctx, 0, sizeof(aiob->ctx));
66     if (io_setup(num_bufs, &aiob->ctx)) {
67         D("[ aio: got error on io_setup (%d) ]", errno);
68     }
69 }
70 
getMaxPacketSize(int ffs_fd)71 int getMaxPacketSize(int ffs_fd) {
72     usb_endpoint_descriptor desc{};
73     if (ioctl(ffs_fd, FUNCTIONFS_ENDPOINT_DESC, reinterpret_cast<unsigned long>(&desc))) {
74         D("[ could not get endpoint descriptor! (%d) ]", errno);
75         return MAX_PACKET_SIZE_HS;
76     } else {
77         return desc.wMaxPacketSize;
78     }
79 }
80 
usb_ffs_write(usb_handle * h,const void * data,int len)81 static int usb_ffs_write(usb_handle* h, const void* data, int len) {
82     D("about to write (fd=%d, len=%d)", h->bulk_in.get(), len);
83 
84     const char* buf = static_cast<const char*>(data);
85     int orig_len = len;
86     while (len > 0) {
87         int write_len = std::min(USB_FFS_BULK_SIZE, len);
88         int n = write(h->bulk_in.get(), buf, write_len);
89         if (n < 0) {
90             D("ERROR: fd = %d, n = %d: %s", h->bulk_in.get(), n, strerror(errno));
91             return -1;
92         }
93         buf += n;
94         len -= n;
95     }
96 
97     D("[ done fd=%d ]", h->bulk_in.get());
98     return orig_len;
99 }
100 
usb_ffs_read(usb_handle * h,void * data,int len,bool allow_partial)101 static int usb_ffs_read(usb_handle* h, void* data, int len, bool allow_partial) {
102     D("about to read (fd=%d, len=%d)", h->bulk_out.get(), len);
103 
104     char* buf = static_cast<char*>(data);
105     int orig_len = len;
106     unsigned count = 0;
107     while (len > 0) {
108         int read_len = std::min(USB_FFS_BULK_SIZE, len);
109         int n = read(h->bulk_out.get(), buf, read_len);
110         if (n < 0) {
111             D("ERROR: fd = %d, n = %d: %s", h->bulk_out.get(), n, strerror(errno));
112             return -1;
113         }
114         buf += n;
115         len -= n;
116         count += n;
117 
118         // For fastbootd command such as "getvar all", len parameter is always set 64.
119         // But what we read is actually less than 64.
120         // For example, length 10 for "getvar all" command.
121         // If we get less data than expected, this means there should be no more data.
122         if (allow_partial && n < read_len) {
123             orig_len = count;
124             break;
125         }
126     }
127 
128     D("[ done fd=%d ]", h->bulk_out.get());
129     return orig_len;
130 }
131 
usb_ffs_do_aio(usb_handle * h,const void * data,int len,bool read)132 static int usb_ffs_do_aio(usb_handle* h, const void* data, int len, bool read) {
133     aio_block* aiob = read ? &h->read_aiob : &h->write_aiob;
134 
135     int num_bufs = len / h->io_size + (len % h->io_size == 0 ? 0 : 1);
136     const char* cur_data = reinterpret_cast<const char*>(data);
137 
138     if (posix_madvise(const_cast<void*>(data), len, POSIX_MADV_SEQUENTIAL | POSIX_MADV_WILLNEED) <
139         0) {
140         D("[ Failed to madvise: %d ]", errno);
141     }
142 
143     for (int i = 0; i < num_bufs; i++) {
144         int buf_len = std::min(len, static_cast<int>(h->io_size));
145         io_prep(&aiob->iocb[i], aiob->fd, cur_data, buf_len, 0, read);
146 
147         len -= buf_len;
148         cur_data += buf_len;
149     }
150 
151     while (true) {
152         if (TEMP_FAILURE_RETRY(io_submit(aiob->ctx, num_bufs, aiob->iocbs.data())) < num_bufs) {
153             PLOG(ERROR) << "aio: got error submitting " << (read ? "read" : "write");
154             return -1;
155         }
156         if (TEMP_FAILURE_RETRY(io_getevents(aiob->ctx, num_bufs, num_bufs, aiob->events.data(),
157                                             nullptr)) < num_bufs) {
158             PLOG(ERROR) << "aio: got error waiting " << (read ? "read" : "write");
159             return -1;
160         }
161         if (num_bufs == 1 && aiob->events[0].res == -EINTR) {
162             continue;
163         }
164         if (read && aiob->events[0].res == -EPIPE) {
165             // On initial connection, some clients will send a ClearFeature(HALT) to
166             // attempt to resynchronize host and device after the fastboot server is killed.
167             // On newer device kernels, the reads we've already dispatched will be cancelled.
168             // Instead of treating this as a failure, which will tear down the interface and
169             // lead to the client doing the same thing again, just resubmit if this happens
170             // before we've actually read anything.
171             PLOG(ERROR) << "aio: got -EPIPE on first read attempt. Re-submitting read... ";
172             continue;
173         }
174         int ret = 0;
175         for (int i = 0; i < num_bufs; i++) {
176             if (aiob->events[i].res < 0) {
177                 errno = -aiob->events[i].res;
178                 PLOG(ERROR) << "aio: got error event on " << (read ? "read" : "write")
179                             << " total bufs " << num_bufs;
180                 return -1;
181             }
182             ret += aiob->events[i].res;
183         }
184         return ret;
185     }
186 }
187 
usb_ffs_aio_read(usb_handle * h,void * data,int len,bool)188 static int usb_ffs_aio_read(usb_handle* h, void* data, int len, bool /* allow_partial */) {
189     return usb_ffs_do_aio(h, data, len, true);
190 }
191 
usb_ffs_aio_write(usb_handle * h,const void * data,int len)192 static int usb_ffs_aio_write(usb_handle* h, const void* data, int len) {
193     return usb_ffs_do_aio(h, data, len, false);
194 }
195 
usb_ffs_close(usb_handle * h)196 static void usb_ffs_close(usb_handle* h) {
197     LOG(INFO) << "closing functionfs transport";
198 
199     h->bulk_out.reset();
200     h->bulk_in.reset();
201 
202     // Notify usb_adb_open_thread to open a new connection.
203     h->lock.lock();
204     h->open_new_connection = true;
205     h->lock.unlock();
206     h->notify.notify_one();
207     if (h->aio_type == AIOType::IO_URING) {
208         exit_io_uring_ffs(h);
209     }
210 }
211 
DoesKernelSupportIouring()212 bool DoesKernelSupportIouring() {
213     struct utsname uts {};
214     unsigned int major = 0, minor = 0;
215     if ((uname(&uts) != 0) || (sscanf(uts.release, "%u.%u", &major, &minor) != 2)) {
216         return false;
217     }
218     if (major > 5) {
219         return true;
220     }
221     // We will only support kernels from 5.6 onwards as IOSQE_ASYNC flag and
222     // IO_URING_OP_READ/WRITE opcodes were introduced only on 5.6 kernel
223     return minor >= 6;
224 }
225 
create_usb_handle(unsigned num_bufs,unsigned io_size)226 std::unique_ptr<usb_handle> create_usb_handle(unsigned num_bufs, unsigned io_size) {
227     auto h = std::make_unique<usb_handle>();
228     if (DoesKernelSupportIouring() &&
229         android::base::GetBoolProperty("sys.usb.ffs.io_uring_enabled", false)) {
230         init_io_uring_ffs(h.get(), num_bufs);
231         h->aio_type = AIOType::IO_URING;
232         LOG(INFO) << "Using io_uring for usb ffs";
233     } else if (android::base::GetBoolProperty("sys.usb.ffs.aio_compat", false)) {
234         // Devices on older kernels (< 3.18) will not have aio support for ffs
235         // unless backported. Fall back on the non-aio functions instead.
236         h->write = usb_ffs_write;
237         h->read = usb_ffs_read;
238         h->aio_type = AIOType::SYNC_IO;
239         LOG(INFO) << "Using sync io for usb ffs";
240     } else {
241         h->write = usb_ffs_aio_write;
242         h->read = usb_ffs_aio_read;
243         aio_block_init(&h->read_aiob, num_bufs);
244         aio_block_init(&h->write_aiob, num_bufs);
245         h->aio_type = AIOType::AIO;
246         LOG(INFO) << "Using aio for usb ffs";
247     }
248     h->io_size = io_size;
249     h->close = usb_ffs_close;
250     return h;
251 }
252