Read until we receive FUNCTIONFS_BIND after every USB descriptor setup,
instead of only after initial creation of the control fd, so we properly
handle a rebind caused by a change of the USB configuration.
This reverts commit 55b31933f41b1c550b788fa2054010c51f56111b.
Bug: http://b/133132986
Bug: http://b/135155652
Test: manually enabled/disabled MTP with nonblocking_ffs enabled and disabled
Change-Id: Ibb3f46b8f84854ede47a669a85e07e16a5dd6008
Merged-In: Ibb3f46b8f84854ede47a669a85e07e16a5dd6008
(cherry picked from commit b00e66f754)
These CHECKs are expected to happen if the client does the wrong thing,
so we probably shouldn't be aborting in adbd.
Bug: http://b/133872605
Bug: http://b/134695864
Test: treehugger
Change-Id: I875b87a06ba9d399db26f8af1ad47ccf34e9445a
Merged-In: I875b87a06ba9d399db26f8af1ad47ccf34e9445a
(cherry picked from commit fc0f80ae49)
Read until we receive FUNCTIONFS_BIND after every USB descriptor setup,
instead of only after initial creation of the control fd, so we properly
handle a rebind caused by a change of the USB configuration.
This reverts commit 55b31933f41b1c550b788fa2054010c51f56111b.
Bug: http://b/133132986
Bug: http://b/135155652
Test: manually enabled/disabled MTP with nonblocking_ffs enabled and disabled
Change-Id: Ibb3f46b8f84854ede47a669a85e07e16a5dd6008
We're only reading FUNCTIONFS_BIND on creation upon the first creation
of the control fd, which results in an abort when rebind happens (e.g.
when MTP is enabled) and we unexpectedly read FUNCTIONFS_BIND in the
second instantiation of the connection.
This reverts commit 2b668d3906.
Bug: http://b/135155652
Test: manually enabled MTP
These CHECKs are expected to happen if the client does the wrong thing,
so we probably shouldn't be aborting in adbd.
Bug: http://b/133872605
Bug: http://b/134695864
Test: treehugger
Change-Id: I875b87a06ba9d399db26f8af1ad47ccf34e9445a
Rework the functionfs logic to avoid rebinding the USB interface
repeatedly.
Bug: http://b/133132986
Test: treehugger
Change-Id: I7f75874efd197764d40b66800a117ff4726d793b
We assign string literals directly to argv[0], which leads to fun
explosions when we attempt to free when the runtime can detect that
a bad free happened, which seems to happen reliably with lld.
Bug: http://b/110800681
Test: `adb shell true` on windows
Change-Id: Ica81e472c31686d80b58c41ff6d2b825baef06fb
Which will dump all the allowed properties, similar to `adb shell
getprop`.
Bug: 134027350
Test: Run the command under rescue mode.
Change-Id: Id668224098006d71ee192c8c2bea5d791d2423c1
* changes:
adb: daemon: Assign valid fd to usb_handle ep0 file descriptor
adbd: respond to device-to-host control transfers.
adbd: read, print, and ignore USB control transfers.
non-aio USB read function was stuck in a loop waiting for more data
because data length parameter is always set 64 for fastbootd commands.
It should be a normal case to get less data than expected
since lengths of these commands are usually less than 64.
Add logic to check this and one more parameter to distinguish
fastbootd from general adbd case.
Bug: 133189029
Test: try various fastbootd commands
Change-Id: I6690324840d78f3f1e04235040301520329976db
Merged-In: I6690324840d78f3f1e04235040301520329976db
non-aio USB read function was stuck in a loop waiting for more data
because data length parameter is always set 64 for fastbootd commands.
It should be a normal case to get less data than expected
since lengths of these commands are usually less than 64.
Add logic to check this and one more parameter to distinguish
fastbootd from general adbd case.
Bug: 133189029
Test: try various fastbootd commands
Change-Id: I6690324840d78f3f1e04235040301520329976db
Failing to write to the endpoint results in subsequent reads on ep0 to
fail with EL2HLT, so do an empty write to fulfill the transfer.
Bug: http://b/131867920
Test: manually tested with modified auto client
Change-Id: If2eec162ca4b31a9974c7bd5802be51cee9e2708
Merged-In: If2eec162ca4b31a9974c7bd5802be51cee9e2708
(cherry-picked from internal commit af086e9a95)
It seems like we're blowing up when receiving a control transfer that's
intended for Android Auto, because we're not expecting to get the data
for the control transfer in a subsequent read.
Bug: http://b/131867920
Test: none
Change-Id: Icfd642e6dfc02d2ccbdd60c39f89e534298c944d
Merged-In: Icfd642e6dfc02d2ccbdd60c39f89e534298c944d
(cherry-picked from internal commit 12807c7012)
Add Microsoft OS Descriptors so that on Windows, we get automatically
registered with the WinUSB driver instead of requiring a different INF
to be used with device with a different vendor ID.
Bug: http://b/68993980
Test: manually changed the vendor ID on a blueline and connected it to a Windows VM
Change-Id: Id78bae270df9805573a90a86019267b53a3c8252
Failing to write to the endpoint results in subsequent reads on ep0 to
fail with EL2HLT, so do an empty write to fulfill the transfer.
Bug: http://b/131867920
Test: manually tested with modified auto client
Change-Id: If2eec162ca4b31a9974c7bd5802be51cee9e2708
It seems like we're blowing up when receiving a control transfer that's
intended for Android Auto, because we're not expecting to get the data
for the control transfer in a subsequent read.
Bug: http://b/131867920
Test: none
Change-Id: Icfd642e6dfc02d2ccbdd60c39f89e534298c944d
Kernel does not accept non-zero value of iocb->aio_reserved2.
Bug: 132803232
Test: initialize malloc() memory to non-zero pattern and see what breaks
Change-Id: I65a7e89e3a2c1ba79df1dc2d011d6c76c41afb81
(cherry picked from commit fe7eca7b8f)
Kernel does not accept non-zero value of iocb->aio_reserved2.
Bug: 132803232
Test: initialize malloc() memory to non-zero pattern and see what breaks
Change-Id: I65a7e89e3a2c1ba79df1dc2d011d6c76c41afb81
Also, improve the logging in the cases where we do abort.
Bug: http://b/131867920
Test: treehugger
Change-Id: If8ec9f4614ce146e6dbd21cc77587ea81658199b
(cherry picked from commit 2916e148d9)
Also, improve the logging in the cases where we do abort.
Bug: http://b/131867920
Test: treehugger
Change-Id: If8ec9f4614ce146e6dbd21cc77587ea81658199b
The original commit broke aosp-master-with-phones, because of
vendor libraries the depended on the int versions of libbase functions.
This patch reverts the revert, and also adds ABI-compatibility shims for
the replaced functions.
This reverts commit 2c58e1924a.
Bug: http://b/131312539
Test: treehugger
Test: forrest run of aosp-master-with-phones
Change-Id: I75cc84ec8d963e20862f7662e8e2f409471f41cc
Expect EBUSY for overlayfs teardown, and ENOENT for setup.
Test: adb-remount-test.sh
Bug: 131614849
Change-Id: I0fb351d6d5fe758021c9e9043f57863c7a194c12
adb was already using ConsumePrefix, and now we have another would-be
user in cutils. (There appears to be one place in adb that should use
ConsumeSuffix, so I'm assuming we'll want that sooner or later.)
I've kept these inline because adb and google3's versions both were, and
I'm easily led.
Test: treehugger
Change-Id: I29d99032f6f6ccbfaefece59725db8afb02a4c87
A previous patch intended to make receiving multiple FUNCTIONFS_ENABLEs
non-fatal, but failed to do so because we would try to spawn another
worker thread and hit a different assertion.
Bug: http://b/130638368
Test: echo mem | adb shell "su 0 sh -c 'cat > /sys/power/state'"
Change-Id: I53456112244d8b4f7d26df6ec6961389fca70498
(cherry picked from commit 910ce0ff08)
A previous patch intended to make receiving multiple FUNCTIONFS_ENABLEs
non-fatal, but failed to do so because we would try to spawn another
worker thread and hit a different assertion.
Bug: http://b/130638368
Test: echo mem | adb shell "su 0 sh -c 'cat > /sys/power/state'"
Change-Id: I53456112244d8b4f7d26df6ec6961389fca70498
Support `adb rescue wipe` command on the host side. This command runs
under the rescue mode and wipes data (and cache/metadata).
Bug: 131037235
Test: run adb rescue wipe
Change-Id: Ib3a3f2d564cc19d0446540d616cc21489ba558c2
(cherry picked from commit c2265c5343)
We don't need the public key to be generated at ~/.android/adbkey.pub,
but it's still useful to be able to generate the public key for use with
ADB_VENDOR_KEYS.
Bug: http://b/119634232
Test: manual
Change-Id: Iecd6ff1bba4af4ba142456034f3faf52bb9e017d
This CL adds client support to recognize the rescue mode (which will be
served by recovery image). It also allows waiting for a device to enter
rescue mode. The support for the actual rescue commands will be added in
follow-up CLs.
Bug: 128415917
Test: `adb devices` recognizes devices under rescue mode.
Test: `adb wait-for-rescue` waits for device to be in rescue mode.
Change-Id: I367d7339fe68006aba09a1e3db6370d472296676
Merged-In: I367d7339fe68006aba09a1e3db6370d472296676
(cherry picked from commit 55d407ec4a)
Support `adb rescue wipe` command on the host side. This command runs
under the rescue mode and wipes data (and cache/metadata).
Bug: 131037235
Test: run adb rescue wipe
Change-Id: Ib3a3f2d564cc19d0446540d616cc21489ba558c2
This reverts commit 93d63c010a.
Reason for revert: b/131312539 - All aosp-master-with-phones phones failing boot / health check.
Change-Id: Id4239f93484b7d6b8d9bcd355a59cbd40d9766e2
Each operation we submit results in a contiguous allocation in the
kernel which can trigger OOM-killing. Tune the queue depths to reduce
the chances of this happening, with a minimal impact on performance.
Bug: http://b/126582877
Test: ./benchmark_device.py with blueline
Change-Id: I4b0f83d54a9a9a69f0ab48322d78fb137c94dd35
(cherry picked from commit 28293f16a8)
Each operation we submit results in a contiguous allocation in the
kernel which can trigger OOM-killing. Tune the queue depths to reduce
the chances of this happening, with a minimal impact on performance.
Bug: http://b/126582877
Test: ./benchmark_device.py with blueline
Change-Id: I4b0f83d54a9a9a69f0ab48322d78fb137c94dd35
unique_fd's implicit conversion to int has led to tons of problems (see
all of the overloads for close, fdopen, fdopendir, etc.). Add a switch
that can turn it off, and reduce the ridiculous amount of work to fix up
callers by introducing a borrowed_fd type that can be constructed from
either int or unique_fd.
Test: treehugger
Change-Id: If77cf5cbcaddacdaec5919a15b3520fb68f51a62
unique_fd's implicit conversion to int allows the following code to
compile without error, leading to a double close:
std::function<void(unique_fd)> func = [](int x) { close(x); };
func(unique_fd(42));
Test: treehugger
Change-Id: I948ecda3a12738b3af6444fe2902d2f7b80e1b4c
Some USB controllers only support 16k writes, so drop down to that.
Bug: http://b/130622010
Test: treehugger
Change-Id: I836d5b2d0d6fcae05f290af11a6a19c6e8d7c1ba
(cherry picked from commit 770a6a4d46)
This CL adds client support to recognize the rescue mode (which will be
served by recovery image). It also allows waiting for a device to enter
rescue mode. The support for the actual rescue commands will be added in
follow-up CLs.
Bug: 128415917
Test: `adb devices` recognizes devices under rescue mode.
Test: `adb wait-for-rescue` waits for device to be in rescue mode.
Change-Id: I367d7339fe68006aba09a1e3db6370d472296676
Some USB controllers only support 16k writes, so drop down to that.
Bug: http://b/130622010
Test: treehugger
Change-Id: I836d5b2d0d6fcae05f290af11a6a19c6e8d7c1ba
As raw protocol does not allow for splitting err - it has to be redirected to inout.
Before this change it was not done for in-process and all err data was lost.
Bug: 130086616
Test: manual + atest adbd_test
Change-Id: I6cd11c940673d73e2993a6eb23c46d31bd8bf504
(cherry picked from commit 704c97d6c2)
As raw protocol does not allow for splitting err - it has to be redirected to inout.
Before this change it was not done for in-process and all err data was lost.
Bug: 130086616
Test: manual + atest adbd_test
Change-Id: I6cd11c940673d73e2993a6eb23c46d31bd8bf504
It seems like we don't actually always get these events in order, so
demote them to a log and restart the connection instead of aborting.
Bug: http://b/129464137
Test: mma
Change-Id: I7dffbf62f9dea665cf9f9f9e1bd18d444b6905ec
Occasionally, after we open the functionfs endpoint and write our
descriptors to it, we end up in a state where we never receive any
events from ep0, presumably due to a race against some other part of
the system, since adding sleeps reduces the likelihood. Add an
(arbitrarily chosen) timeout for the initial FUNCTIONFS_BIND we read,
and retry on failure.
Bug: http://b/128679787
Test: unplug and replug a blueline 14,000 times with a usb switch board
Change-Id: I4b3d5d552179ee7f3fefcc15f9575f793926f784
Monitor for FUNCTIONFS_UNBIND as well, so that in the case where we get
FUNCTIONFS_BIND, FUNCTIONFS_UNBIND, FUNCTIONFS_BIND, we don't trigger an
assertion failure from seeing two FUNCTIONFS_BINDs.
Bug: http://b/129134256
Test: manual
Change-Id: I80af5f4b833513e932262638b9f8d76bbcb35504
If we fail to submit writes for some reason (e.g. the USB cable was
unplugged), another thread that's waiting on the write mutex can enter
SubmitWrites and attempt to resubmit the writes that we already failed
to submit, leading to a failed assertion of !IoBlock::pending.
Increment writes_submitted_ before actually calling io_submit, so we
skip over these writes and fall through to exit.
Bug: http://b/129134256
Test: manually unplugged a blueline
Change-Id: I2fd0034e45db22c8f637c81039ce686b7aa6a03b
When a function argument takes a std::string, it's inefficient to
pass std::string::c_str(), since that creates an additional copy.
So we change these calling sites.
Test: TreeHugger
Change-Id: I1c0fde7275eb3ebd3baf05ec62581b0243655608
Allow disabling ro.adb.nonblocking_ffs via an ro system property, which
gets overridden by the currently supported persist.adb.nonblocking_ffs.
Bug: http://b/128679787
Test: mma
Change-Id: I28891d2da129e9654bf63ab8a4c330c4d2f5b336
Previously, we were initializing IoBlock::pending when submitting a read,
but leaving it uninitialized when doing a write, which would sometimes
result in an assertion firing when we received a previously allocated
block of memory that happened to have a nonzero value in pending.
Test: treehugger
Change-Id: I434c65f554ceed313fea9cfcc98788908f3ca8bc
When we introduced __adb_check_server_version() as a function
returning a 'bool', we missed missed converting once instance
of "return -1;" to "return false;". Thus, we're returning 'true'
in this case as our non-zero value gets implicitly converted to
'true'.
We fix this case as well with this CL.
Test: TreeHugger
Change-Id: I90b01567d927f36d2d963561b676b3bfabfcee49
Windows has int32_t return codes, which results in return codes 128-255
being sign extended into a negative number. Manually truncate the return
codes we get to preserve their values.
Test: test_device.py on windows
Change-Id: If41d6d469350301704f6ecff72ad17b412db3e04
As there is no security guarantee when the device is unlocked,
allowing adb root gives us more rooms to debug a USER build images.
Also, this makes it possible to run VTS on a USER build GSI, with
setting ro.debuggable=1 and unlocking the device.
This basically re-lands a reverted change:
https://android-review.googlesource.com/c/platform/system/core/+/437815
Which isn't needed after we moved /sbin/adbd to /system/bin/adbd in
USERDEBUG GSI. But it's still needed for USER build GSI.
Bug: 126493225
Test: unlock a USER build device, check 'adb root' can work
Change-Id: I93f12c8a3fe65c96c947e4602795eadfe591c521
If a device is unplugged, a BIND will happen without an ENABLE until the
device is plugged in, which would previously result in adbd crashing
every 5 seconds due to an attempt to join a thread that hadn't been
started.
Bug: http://b/128255355
Test: manually observed adbd via serial cable while unplugged
Change-Id: I90d6384e7e829df1ffaf73a95f2418a2ff97fb03
Our servers can comfortably run more than 16 emulators, and this is
much easier than messing with hypervisors or docker port allocation.
Assumes you know how to avoid clashes with Google Wear's default port.
Test: manual - still registers emulators.
Change-Id: I47cfd28725a550de0bd77fd11fcd94cdd11d2cc2
1. Don't clear O_CLOEXEC on an fd we're duping to stdin/out/err: dup2
does that for us if oldfd != newfd, and we know the fd can't be
stdin/out/err.
2. Use unique_fd.
3. Remove gotos by breaking the remount logic into its own function.
Test: mma
Change-Id: If9929e7f20de445322fd498e1379a2d4e572cb52
Replace direct logic in support for 'adb remount' with an exec out to
/system/bin/remount to do the heavy lifting. Remount success and
failure strings are reported by the adb remount service in response
to the various reported errors, freeing up the remount command itself
from the legacy of script expectations.
Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I686fa465f463b881bbb38f709d780a95e463be80
Reduce the operation sizes to sizes that are small enough that the
kernel will run the OOM killer to try to make them succeed. Compensate
for the smaller operation sizes by increasing the queue depth.
Bug: http://b/126582877
Test: benchmark_device.py
Change-Id: I4d351f56c8f83fea882614238cc3fec8ba1e9bf9
The kernel does a kmalloc of the write size for each write during
io_submit, which can lead to failure if the kernel's heap is fragmented
such that it can't allocate a contiguous 1MB chunk. Partition writes
into 16 page chunks which are much more likely to succeed.
Bug: http://b/126582877
Test: test_device.py
Change-Id: Ib2d48561594e1d81f1a2f62e34eaa40265ac47c4
* changes:
adb: switch sockets.cpp to ConsumePrefix.
adbd: switch abb to ConsumePrefix.
adb: increment server version.
adb: wait for device to disconnect upon `adb root`.
adb: implement wait-for-disconnect.
adb: tell the client what transport it received.
adbd: switch daemon/services to ConsumePrefix.
adb: switch host_service_to_socket to string_view.
adb: switch handle_host_request to string_view.
adb: switch adb_io.h to string_view.
adb: add helper to consume a prefix on a string_view.
adb: make ParseUint reject garbage at the end by default.
Increment the server version for adb_connect with transport id, and
wait-for-disconnect.
Bug: http://b/124244488
Test: none
Change-Id: Ib50d289b68fce4befbf1f5d9507d7e6f9cc1f4f5
Previously, there was a race where if adb root took longer than 3
seconds to take effect, we'd return early and allow subsequent commands
to be targeted at the still-not-dead transport, and spuriously fail.
Bug: http://b/124244488
Test: test_device.py
Change-Id: I791a4f82946eb28e4d37729ab0ed3b7fc05b42a2
Prerequisite for making `adb root` wait for the device that it told to
restart to disappear: the client needs to know which transport to wait
on.
Bug: http://b/124244488
Test: manual
Change-Id: I474559838ad7c0e961e9d2a98c902bca3b60d6c8
Dan Albert