libadbd_auth might report authentication success for a transport that's
already been destroyed. Fix this by storing a weak pointer to the
atransport that gets cleared upon destruction instead of a raw pointer.
Bug: http://b/144704376
Test: ./test_adb.py
Test: ./test_device.py
Change-Id: Idffe027381e6b2e37f06aa0166e97cafc98eaf3b
This patch introduce "service.adb.listen_addrs", a new
string type property, while keeping the old properties.
The new property added in this patch is used to listen
on UNIX domain socket "localfilesystem".
"service.adb.listen_addrs" can be used to listen on
multiple addresses, such as tcp:5555 and tcp:5556.
It is separated by ',' (comma) character.
In the process of introducing the new socket type, the
method tcp_connect is removed and combined into
socket_spec_connect.
Without specifying using the new property, adb will
try to listen on both tcp and vsock (following the
previous implementation).
Some examples of the new property value are:
- "tcp:5555"
- "vsock:5555"
- "localfilesystem:/tmp/test"
- "tcp:5555,vsock:5555"
Bug: 133378083
Test: On master-arc-dev:
adb root;
setprop service.adb.listen_addrs localfilesystem:
<path_to_socket>;
adb connect localfilesystem:<path_to_socket>;
adb -s localfilesystem:<path_to_socket> shell;
inside Chrome OS.
Test: On aosp_bluefin:
setprop service.adb.listen_addr tcp:5555;
adb connect <IP>:5555; adb shell;
Test: On aosp_bluefin:
setprop service.adb.tcp.port 5555;
adb connect <IP>:5555; adb shell;
Test: On aosp_bluefin:
setprop service.adb.listen_addrs tcp:5555,tcp:6666;
adb connect <IP>:5555; adb shell;
adb connect <IP>:6666; adb shell;
Test: On aosp_bluefin:
./adb_test;
Test: On cuttlefish:
launch_cvd;
adb -s 127.0.0.1:6520 shell;
Test: Ran host tests:
./adb_test;
./adb_integration_test_adb;
./adb_integration_test_device;
Change-Id: I8289bf0ab3305cf23ce5695ffba46845d58ef6bb
The switch to socket_spec_listen broke adbd over TCP, because
socket_spec_listen only listens on localhost.
Bug: http://b/123592649
Test: manual
Change-Id: Id1943ebd7f0059db05ad756fe96189c60ebde337
vsock is a socket address family for communicating into and out of
virtual machines. Addresses have a port and CID. The CID is unique to
each virtual machine on the computer. The VM host always has CID 2.
http://man7.org/linux/man-pages/man7/vsock.7.html
Inside the android guest, the adb daemon hosts a vsock server with
VMADDR_CID_ANY, automatically using the guest CID. The adb server
can now connect to addresses of the form vsock:cid:port, where the CID
must be specified and the port defaults to 5555.
This is a significant speed improvement for ADB connections in
Cuttlefish, with 150-200 MB/s for `adb push` and 100-150 MB/s for
`adb pull`. It also allows removing some proxying steps from Cuttlefish,
simplifying the full connection path, and removes a dependency on the
unstable ivshmem protocol.
Commands tested against a Cuttlefish VM with CID 3:
adb connect vsock:3:5555
adb -s vsock:3:5555 shell
adb disconnect vsock:3:5555
Supporting "adb disconnect" and "adb -s" required modifying some of the
parts that parse addresses / serials.
push/pull trials with native adb vsock support in cuttlefish:
100m: 1 file pushed. 297.6 MB/s (104857600 bytes in 0.336s)
100m: 1 file pushed. 270.3 MB/s (104857600 bytes in 0.370s)
100m: 1 file pushed. 271.7 MB/s (104857600 bytes in 0.368s)
100m: 1 file pushed. 250.5 MB/s (104857600 bytes in 0.399s)
100m: 1 file pushed. 277.1 MB/s (104857600 bytes in 0.361s)
100m: 1 file pushed. 263.5 MB/s (104857600 bytes in 0.379s)
100m: 1 file pushed. 242.6 MB/s (104857600 bytes in 0.412s)
100m: 1 file pushed. 271.8 MB/s (104857600 bytes in 0.368s)
100m: 1 file pushed. 267.1 MB/s (104857600 bytes in 0.374s)
/data/local/tmp/100m: 1 file pulled. 212.8 MB/s (104857600 bytes in 0.470s)
/data/local/tmp/100m: 1 file pulled. 236.7 MB/s (104857600 bytes in 0.423s)
/data/local/tmp/100m: 1 file pulled. 201.2 MB/s (104857600 bytes in 0.497s)
/data/local/tmp/100m: 1 file pulled. 255.6 MB/s (104857600 bytes in 0.391s)
/data/local/tmp/100m: 1 file pulled. 199.6 MB/s (104857600 bytes in 0.501s)
/data/local/tmp/100m: 1 file pulled. 214.6 MB/s (104857600 bytes in 0.466s)
/data/local/tmp/100m: 1 file pulled. 254.2 MB/s (104857600 bytes in 0.393s)
/data/local/tmp/100m: 1 file pulled. 212.5 MB/s (104857600 bytes in 0.471s)
/data/local/tmp/100m: 1 file pulled. 218.9 MB/s (104857600 bytes in 0.457s)
/data/local/tmp/100m: 1 file pulled. 223.6 MB/s (104857600 bytes in 0.447s)
Bug: 121166534
Change-Id: I50f21fb5c9acafb8daa789df4e28c9e1bbbbf2ef
Test: adb connect/shell/disconnect
Preparatory step for testing adb on GCE on non-linux hosts: instead of
pointing them at a device (emulated or otherwise), point them at adbd
running on a linux host instead.
Test: adbd & adb connect localhost:5555; adb -e wait-for-device shell
Change-Id: Ib22d51a4fc9e6e68f71bf1b3b9b2e1b0bd844760
We were dynamic_casting to UsbConnection to check for USB connections,
but the actual type was a BlockingConnectionAdapter wrapping a
UsbConnection, with the result that unplugging an inaccessible (due to
permissions) device on Linux wouldn't make the device go away.
Test: manual
Change-Id: Icb4acea5fd3c3baa9691698686213e122e898e4a
If we have multiple keys available for authentication (ADB_VENDOR_KEYS
+ the one in ~/.android), we will still have keys in our list of
avilable keys after we've successfully connected. A subsequent
reconnection will start authorizing using the list of keys after the
key that actually worked, resulting in that session being unauthorized
until another reconnection happens. Clear the key list before
reconnecting to fix this. (We could do this after successfully
connecting, but we need to do this before reconnecting anyway, because
our connection could have died during authorization.)
Bug: http://b/117267347
Test: `adb connect foo; adb -s foo reconnect device` with ADB_VENDOR_KEYS
Change-Id: Ieb7dcc28e333c89ae0d75f97e89bcd1b571cb299
Implement a Connection that implements a nonblocking interface to
functionfs, to replace the existing implementation that uses two
threads that loop and call read and write respectively. The existing
implementation is vulnerable to a race condition that can occur when a
connection is terminated, where one thread can notice failure and
complete reinitialization of the USB endpoints before the other thread
noticed anything went wrong, resulting in either the first packet
coming from the other end disappearing in to the void, or the other end
getting a packet of garbage.
As a side benefit, this improves performance on walleye from:
push 100MiB: 10 runs: median 49.48 MiB/s, mean 50.00 MiB/s, stddev: 2.77 MiB/s
pull 100MiB: 10 runs: median 75.82 MiB/s, mean 76.18 MiB/s, stddev: 6.60 MiB/s
to:
push 100MiB: 10 runs: median 73.90 MiB/s, mean 73.51 MiB/s, stddev: 5.26 MiB/s
pull 100MiB: 10 runs: median 105.90 MiB/s, mean 107.19 MiB/s, stddev: 6.10 MiB/s
Test: python test_device.py
Change-Id: I9b77c1057965edfef739ed9736e5d76613adf60a
Previously, connecting to devices that end up as unauthorized would
wait 10 seconds before reporting failure to the user. After this
change, notification happens as soon as the adb server realizes.
Test: manual
Change-Id: If7c8d38f22da3d98b952eee6a334abc8566bb751
This code was unreachable, since all of the callers were calling
register_socket_transport with foo.c_str() as the serial. Lift this
assumption into the type system by switching from char* to std::string
for the argument type.
Bug: http://b/112147760
Bug: https://www.viva64.com/en/b/0579/
Test: mma
Change-Id: I5a6ee265feee6b83bc933a64d895eed39fce68e7
Multiple codepaths were closing the fd they passed into
register_socket_transport on failure, which would close the fd itself.
Switch things over to unique_fd to make it clear that we don't actually
have to close on failure.
Test: mma
Change-Id: I2d9bdcb1142c24931d970f99ebdf9a8051daf05c
This change gets rid of most malloc/calloc/free calls. The future is
now!
Bug: None
Test: test_device.py
Change-Id: Iccfe3bd4fe45a0319bd9f23b8cbff4c7070c9f4d
Implement a nonblocking version of FdConnection. The initial
implementation will be somewhat slower than the blocking one for large
packet sizes, due to an extra copy when coalescing an IOVector into an
apacket, but is still substantially faster for small packets.
Test: adb_benchmark
Change-Id: I4900c9ddf685d3bd557b8cb43958452ecb23db53
This change adds a reconnect handler that tracks all TCP transports that
were connected at some point, but became disconnected. It does so by
attempting to reconnect every 10s for up to a minute.
Bug: 74411879
Test: system/core/adb/test_adb.py
Test: adb connect chromebook:22 # This runs with sslh
Test: CtsBootStatsTestCases
Test: emulator -show-kernel ; adb -s emulator-5554 shell
Change-Id: I7b9f6d181b71ccf5c26ff96c45d36aaf6409b992
Add two states: connecting and authorizing, to disambiguate the offline
and unauthorized states, respectively.
Previously, devices would transition as follows:
offline -> unauthorized -> offline -> online
offline -> unauthorized (when actually unauthorized)
With this patch:
connecting -> authorizing -> online
connecting -> authorizing -> unauthorized (when actually unauthorized)
This allows test automation and the like to distinguish between offline
devices, unauthorized devices, and working devices without having to
do retry loops with arbitrary sleeps on their end.
Bug: http://b/79257434
Test: adb_test
Test: adbd_test
Test: manually plugging in a device with `while true; do adb shell echo foo; done`
Change-Id: I036d9b593b51a27a59ac3fc57da966fd52658567
This change is in preparation to allow the TCP-based transports to be
able to reconnect. This is needed because multiple threads can access
the Connection object. It used to be safe to do because one instance of
atransport would have the same Connection instance throughout its
lifetime, but now it is possible to replace the Connection instance,
which could cause threads that were attempting to Write to an
atransport* to use-after-free the Connection instance.
Bug: 74411879
Test: system/core/adb/test_adb.py
Change-Id: I4f092be11b2095088a9a9de2c0386086814d37ce
This change adds a callback that is invoked exactly once, either when
the connection is fully established (i.e. CNXN packets have been sent
and received) or the atransport object is deleted before that (because
the connection failed).
This helps in distinguishing between successful and failing connections
for TCP. Especially when there is some kind of port
forwarding/multiplexing in between (like an SSH tunnel or SSLH proxy).
Bug: 74411879
Test: adb connect chromebook:22 (which runs an sslh tunnel to adbd).
either succeeds or fails, but not fake-succeeds.
Change-Id: I7e826c6f5d4c30338a03b2d376a857ac5d05672a
When connecting to an address, we construct a transport first, and then
check whether we've already connected to that address. The consequent
destruction of the BlockingConnectionAdapter attempts to join threads
that haven't been started, which aborts.
Make it safe to destruct a BlockingConnectionAdapter without calling
Start on it first, to solve this.
Bug: http://b/69137547
Test: nc -l 12345 & (adb connect localhost:12345; adb connect localhost:12345)
Test: python test_adb.py
Change-Id: I6cb968a62dbac6332907e06575893d764905ee62
Rename the existing Connection to BlockingConnection, add a nonblocking
Connection, and add an adapter between the two, to enable future work
to reduce the impedance mismatch from implementing a blocking interface
on top of nonblocking primitives.
While we're here, delete A_SYNC, and remove one layer of pipes when
sending a packet (replacing it with a condition variable when using
BlockingConnectionAdapter).
Test: python test_device.py, manually plugging/unplugging devices
Change-Id: Ieac2bf937471d9d494075575f07e53b589aba20a
As step one of refactoring atransport to separate out protocol handling
from its underlying connection, extract atransport's existing
hand-rolled connection vtable out to its own abstract interface.
This should not change behavior except in one case: emulators are
now treated as TCP devices for the purposes of `adb disconnect`.
Test: python test_device.py, with walleye over USB + TCP
Test: manually connecting and disconnecting devices/emulators
Change-Id: I877b8027e567cc6a7461749432b49f6cb2c2f0d7
The checksum is unnecessary. Improves adb performance by 40% on USB2.
Test: new adb works with new + old adbd, old adb works with new adbd
bug 67327728
Change-Id: I761d8a5a62deaea9bbb092ea9926b2d6d312f00d
This logic appears to be racy, and it shouldn't actually be needed, if
our devices follow the USB spec. Use libusb_set_interface_alt_setting
on device initialization as well, to add one more thing that should
reset the data toggles.
Bug: http://b/32952319
Test: python test_device.py
Change-Id: I392198af3d72c524b893e5056afa2b4617cea49c
Revert the write_msg_lock part of commit b5e11415. A write which hangs
will hold onto the mutex, preventing the device kick from ever
happening, which also causes lots of other stuff to hang, due to Kick
being called with the transport lock taken.
Test: python test_devices.py
Change-Id: Ie7c958799c93cad287c32d6bbef30c07f40c2d51
This reverts commit 7e197ef833.
The mutex lock in transport_unref hides a race that seems otherwise
hard to fix. Specifically, there's no synchronization between acquiring
a transport and attaching it to an asocket*, leading to badness if the
transport is closed in between the two operations.
Fix the original problem the reverted patch addressed by manually
unlocking before calling unregister_usb_transport.
Bug: http://b/65419665
Test: python test_device.py
Change-Id: I0ed0044129b1671b2c5dd1b9fa2e70a9b4475dc5
Extend device selection to allow selecting a specific transport via
monotonically increasing identifier (visible in devices -l).
This is useful when using multiple devices (like hikey960...) that
have identical bogus serial numbers like 0123456789ABCDEF.
Bug: http://b/37043226
Test: adb -t {1, 2, 9999999} {get-serialno, shell, features}
Change-Id: I55e5dc5a406a4eeee0012e39b52e8cd232e608a6
Fix a deadlock that happened when a reader/writer thread released a
transport while the hotplug thread attempted to handle a device
disconnection. Decrementing a transport refcount to zero would hold the
global transport mutex and attempt to take the usb handles mutex, while
the hotplug thread would hold the usb handles mutex and try to call
unregister_usb_transport, which would attempt to take the global
transport mutex.
Resolve this by making transport_unref not take the global transport
mutex.
Bug: http://b/62423753
Test: python test_device.py
Change-Id: Ib48b80a2091a254527f3a7d945b6a11fae61f937
We want to explicitly define the order in which we teardown adb, so
move all of the at_quick_exits sprinkled throughout into one function
containing all of the cleanup functions.
Bug: http://b/37104408
Test: adb kill-server; adb start-server
Change-Id: I394f5782eb147e394d4b87df1ba364c061de4b90
Replace a hard-coded 3 second sleep with logic to wait until we've
scanned USB devices once and they've all come online.
Before:
adb shell true 0.00s user 0.00s system 0% cpu 3.047 total
After:
adb shell true 0.00s user 0.00s system 9% cpu 0.041 total
Bug: http://b/37869663
Test: `time adb shell true` after adb kill-server
Change-Id: I251d42afb885908ed9d03167287594ea16650d3f
When device goes offline, user usually has to manually replug the
usb device. This patch tries to solve two offline situations, all
because when adb on host is killed, the adbd on device is not notified.
1. When adb server is killed while pushing a large file to device,
the device is still reading the unfinished large message. So the
device thinks of the CNXN message as part of the previous unfinished
message, so it doesn't reply and the device is in offline state.
The solution is to add a write_msg_lock in atransport struct. And it
kicks the transport only after sending a whole message. By kicking
all transports before exit, we ensure that we don't write part of
a message to any device. So next time we start adb server, the device
should be waiting for a new message.
2. When adb server is killed while pulling a large file from device,
the device is still trying to send the unfinished large message. So
adb on host usually reads data with EOVERFLOW error. This is because
adb on host is reading less than one packet sent from device.
The solution is to use buffered read on host. The max packet size
of bulk transactions in USB 3.0 is 1024 bytes. By preparing an at least
1024 bytes buffer when reading, EOVERFLOW no longer occurs. And teach
adb host to ignore wrong messages.
To be safe, this patch doesn't change any logic on device.
Bug: http://b/32952319
Test: run python -m unittest -q test_device.DeviceOfflineTest
Test: on linux/mac/windows with bullhead, ryu.
Change-Id: Ib149d30028a62a6f03857b8a95ab5a1d6e9b9c4e
Test: Was able to discover a raspberry pi.
Bug: 28074466
(cherry picked from e292cd16760321fccc99c8c261cb92fa4b6462ab)
Change-Id: Id9571576457a4a0a078e48a274a4e8eac78bfe2b
Treehugger Robot