blob: 5570b53c1ef6b5920545b43d9ab5dafecb21540e [file] [log] [blame]
/*
* Copyright (C) 2008 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "logging.h"
#include "jdwp/jdwp_priv.h"
#include "jdwp/jdwp_handler.h"
#include "stringprintf.h"
#include <errno.h>
#include <stdio.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
#ifdef HAVE_ANDROID_OS
#include "cutils/sockets.h"
#endif
/*
* The JDWP <-> ADB transport protocol is explained in detail
* in system/core/adb/jdwp_service.c. Here's a summary.
*
* 1/ when the JDWP thread starts, it tries to connect to a Unix
* domain stream socket (@jdwp-control) that is opened by the
* ADB daemon.
*
* 2/ it then sends the current process PID as a string of 4 hexadecimal
* chars (no terminating zero)
*
* 3/ then, it uses recvmsg to receive file descriptors from the
* daemon. each incoming file descriptor is a pass-through to
* a given JDWP debugger, that can be used to read the usual
* JDWP-handshake, etc...
*/
#define kInputBufferSize 8192
#define kMagicHandshake "JDWP-Handshake"
#define kMagicHandshakeLen (sizeof(kMagicHandshake)-1)
#define kJdwpControlName "\0jdwp-control"
#define kJdwpControlNameLen (sizeof(kJdwpControlName)-1)
namespace art {
namespace JDWP {
struct JdwpNetState : public JdwpNetStateBase {
int controlSock;
bool awaitingHandshake;
bool shuttingDown;
int wakeFds[2];
int inputCount;
unsigned char inputBuffer[kInputBufferSize];
socklen_t controlAddrLen;
union {
struct sockaddr_un controlAddrUn;
struct sockaddr controlAddrPlain;
} controlAddr;
JdwpNetState() {
controlSock = -1;
awaitingHandshake = false;
shuttingDown = false;
wakeFds[0] = -1;
wakeFds[1] = -1;
inputCount = 0;
controlAddr.controlAddrUn.sun_family = AF_UNIX;
controlAddrLen = sizeof(controlAddr.controlAddrUn.sun_family) + kJdwpControlNameLen;
memcpy(controlAddr.controlAddrUn.sun_path, kJdwpControlName, kJdwpControlNameLen);
}
};
static void adbStateFree(JdwpNetState* netState) {
if (netState == NULL) {
return;
}
if (netState->clientSock >= 0) {
shutdown(netState->clientSock, SHUT_RDWR);
close(netState->clientSock);
}
if (netState->controlSock >= 0) {
shutdown(netState->controlSock, SHUT_RDWR);
close(netState->controlSock);
}
if (netState->wakeFds[0] >= 0) {
close(netState->wakeFds[0]);
netState->wakeFds[0] = -1;
}
if (netState->wakeFds[1] >= 0) {
close(netState->wakeFds[1]);
netState->wakeFds[1] = -1;
}
delete netState;
}
/*
* Do initial prep work, e.g. binding to ports and opening files. This
* runs in the main thread, before the JDWP thread starts, so it shouldn't
* do anything that might block forever.
*/
static bool startup(JdwpState* state, const JdwpOptions*) {
JdwpNetState* netState;
LOG(VERBOSE) << "ADB transport startup";
state->netState = netState = new JdwpNetState;
if (netState == NULL) {
return false;
}
return true;
}
/*
* Receive a file descriptor from ADB. The fd can be used to communicate
* directly with a debugger or DDMS.
*
* Returns the file descriptor on success. On failure, returns -1 and
* closes netState->controlSock.
*/
static int receiveClientFd(JdwpNetState* netState) {
struct msghdr msg;
struct cmsghdr* cmsg;
iovec iov;
char dummy = '!';
union {
struct cmsghdr cm;
char buffer[CMSG_SPACE(sizeof(int))];
} cm_un;
int ret;
iov.iov_base = &dummy;
iov.iov_len = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_flags = 0;
msg.msg_control = cm_un.buffer;
msg.msg_controllen = sizeof(cm_un.buffer);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = msg.msg_controllen;
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
((int*)(void*)CMSG_DATA(cmsg))[0] = -1;
do {
ret = recvmsg(netState->controlSock, &msg, 0);
} while (ret < 0 && errno == EINTR);
if (ret <= 0) {
if (ret < 0) {
PLOG(WARNING) << "receiving file descriptor from ADB failed (socket " << netState->controlSock << ")";
}
close(netState->controlSock);
netState->controlSock = -1;
return -1;
}
return ((int*)(void*)CMSG_DATA(cmsg))[0];
}
/*
* Block forever, waiting for a debugger to connect to us. Called from the
* JDWP thread.
*
* This needs to un-block and return "false" if the VM is shutting down. It
* should return "true" when it successfully accepts a connection.
*/
static bool acceptConnection(JdwpState* state) {
JdwpNetState* netState = state->netState;
int retryCount = 0;
/* first, ensure that we get a connection to the ADB daemon */
retry:
if (netState->shuttingDown) {
return false;
}
if (netState->controlSock < 0) {
int sleep_ms = 500;
const int sleep_max_ms = 2*1000;
char buff[5];
netState->controlSock = socket(PF_UNIX, SOCK_STREAM, 0);
if (netState->controlSock < 0) {
PLOG(ERROR) << "Could not create ADB control socket";
return false;
}
if (pipe(netState->wakeFds) < 0) {
PLOG(ERROR) << "pipe failed";
return false;
}
snprintf(buff, sizeof(buff), "%04x", getpid());
buff[4] = 0;
for (;;) {
/*
* If adbd isn't running, because USB debugging was disabled or
* perhaps the system is restarting it for "adb root", the
* connect() will fail. We loop here forever waiting for it
* to come back.
*
* Waking up and polling every couple of seconds is generally a
* bad thing to do, but we only do this if the application is
* debuggable *and* adbd isn't running. Still, for the sake
* of battery life, we should consider timing out and giving
* up after a few minutes in case somebody ships an app with
* the debuggable flag set.
*/
int ret = connect(netState->controlSock, &netState->controlAddr.controlAddrPlain, netState->controlAddrLen);
if (!ret) {
#ifdef HAVE_ANDROID_OS
if (!socket_peer_is_trusted(netState->controlSock)) {
if (shutdown(netState->controlSock, SHUT_RDWR)) {
PLOG(ERROR) << "trouble shutting down socket";
}
return false;
}
#endif
/* now try to send our pid to the ADB daemon */
do {
ret = send( netState->controlSock, buff, 4, 0 );
} while (ret < 0 && errno == EINTR);
if (ret >= 0) {
LOG(VERBOSE) << StringPrintf("PID sent as '%.*s' to ADB", 4, buff);
break;
}
PLOG(ERROR) << "Weird, can't send JDWP process pid to ADB";
return false;
}
PLOG(VERBOSE) << "Can't connect to ADB control socket";
usleep( sleep_ms*1000 );
sleep_ms += (sleep_ms >> 1);
if (sleep_ms > sleep_max_ms) {
sleep_ms = sleep_max_ms;
}
if (netState->shuttingDown) {
return false;
}
}
}
LOG(VERBOSE) << "trying to receive file descriptor from ADB";
/* now we can receive a client file descriptor */
netState->clientSock = receiveClientFd(netState);
if (netState->shuttingDown) {
return false; // suppress logs and additional activity
}
if (netState->clientSock < 0) {
if (++retryCount > 5) {
LOG(ERROR) << "adb connection max retries exceeded";
return false;
}
goto retry;
} else {
LOG(VERBOSE) << "received file descriptor " << netState->clientSock << " from ADB";
netState->awaitingHandshake = 1;
netState->inputCount = 0;
return true;
}
}
/*
* Connect out to a debugger (for server=n). Not required.
*/
static bool establishConnection(JdwpState* state) {
return false;
}
/*
* Close a connection from a debugger (which may have already dropped us).
* Only called from the JDWP thread.
*/
static void closeConnection(JdwpState* state) {
CHECK(state != NULL && state->netState != NULL);
JdwpNetState* netState = state->netState;
if (netState->clientSock < 0) {
return;
}
LOG(VERBOSE) << "+++ closed JDWP <-> ADB connection";
close(netState->clientSock);
netState->clientSock = -1;
}
/*
* Close all network stuff, including the socket we use to listen for
* new connections.
*
* May be called from a non-JDWP thread, e.g. when the VM is shutting down.
*/
static void adbStateShutdown(JdwpNetState* netState) {
int controlSock;
int clientSock;
if (netState == NULL) {
return;
}
netState->shuttingDown = true;
clientSock = netState->clientSock;
if (clientSock >= 0) {
shutdown(clientSock, SHUT_RDWR);
netState->clientSock = -1;
}
controlSock = netState->controlSock;
if (controlSock >= 0) {
shutdown(controlSock, SHUT_RDWR);
netState->controlSock = -1;
}
if (netState->wakeFds[1] >= 0) {
LOG(VERBOSE) << "+++ writing to wakePipe";
write(netState->wakeFds[1], "", 1);
}
}
static void netShutdown(JdwpState* state) {
adbStateShutdown(state->netState);
}
/*
* Free up anything we put in state->netState. This is called after
* "netShutdown", after the JDWP thread has stopped.
*/
static void netFree(JdwpState* state) {
JdwpNetState* netState = state->netState;
adbStateFree(netState);
}
/*
* Is a debugger connected to us?
*/
static bool isConnected(JdwpState* state) {
return (state->netState != NULL && state->netState->clientSock >= 0);
}
/*
* Are we still waiting for the JDWP handshake?
*/
static bool awaitingHandshake(JdwpState* state) {
return state->netState->awaitingHandshake;
}
/*
* Figure out if we have a full packet in the buffer.
*/
static bool haveFullPacket(JdwpNetState* netState) {
if (netState->awaitingHandshake) {
return (netState->inputCount >= (int) kMagicHandshakeLen);
}
if (netState->inputCount < 4) {
return false;
}
long length = Get4BE(netState->inputBuffer);
return (netState->inputCount >= length);
}
/*
* Consume bytes from the buffer.
*
* This would be more efficient with a circular buffer. However, we're
* usually only going to find one packet, which is trivial to handle.
*/
static void consumeBytes(JdwpNetState* netState, int count) {
CHECK_GT(count, 0);
CHECK_LE(count, netState->inputCount);
if (count == netState->inputCount) {
netState->inputCount = 0;
return;
}
memmove(netState->inputBuffer, netState->inputBuffer + count, netState->inputCount - count);
netState->inputCount -= count;
}
/*
* Handle a packet. Returns "false" if we encounter a connection-fatal error.
*/
static bool handlePacket(JdwpState* state) {
JdwpNetState* netState = state->netState;
const unsigned char* buf = netState->inputBuffer;
JdwpReqHeader hdr;
uint32_t length, id;
uint8_t flags, cmdSet, cmd;
uint16_t error;
bool reply;
int dataLen;
cmd = cmdSet = 0; // shut up gcc
length = Read4BE(&buf);
id = Read4BE(&buf);
flags = Read1(&buf);
if ((flags & kJDWPFlagReply) != 0) {
reply = true;
error = Read2BE(&buf);
} else {
reply = false;
cmdSet = Read1(&buf);
cmd = Read1(&buf);
}
CHECK_LE((int) length, netState->inputCount);
dataLen = length - (buf - netState->inputBuffer);
if (!reply) {
ExpandBuf* pReply = expandBufAlloc();
hdr.length = length;
hdr.id = id;
hdr.cmdSet = cmdSet;
hdr.cmd = cmd;
state->ProcessRequest(&hdr, buf, dataLen, pReply);
if (expandBufGetLength(pReply) > 0) {
ssize_t cc = netState->writePacket(pReply);
if (cc != (ssize_t) expandBufGetLength(pReply)) {
PLOG(ERROR) << "Failed sending reply to debugger";
expandBufFree(pReply);
return false;
}
} else {
LOG(WARNING) << "No reply created for set=" << cmdSet << " cmd=" << cmd;
}
expandBufFree(pReply);
} else {
LOG(FATAL) << "reply?!";
}
LOG(VERBOSE) << "----------";
consumeBytes(netState, length);
return true;
}
/*
* Process incoming data. If no data is available, this will block until
* some arrives.
*
* If we get a full packet, handle it.
*
* To take some of the mystery out of life, we want to reject incoming
* connections if we already have a debugger attached. If we don't, the
* debugger will just mysteriously hang until it times out. We could just
* close the listen socket, but there's a good chance we won't be able to
* bind to the same port again, which would confuse utilities.
*
* Returns "false" on error (indicating that the connection has been severed),
* "true" if things are still okay.
*/
static bool processIncoming(JdwpState* state) {
JdwpNetState* netState = state->netState;
int readCount;
CHECK_GE(netState->clientSock, 0);
if (!haveFullPacket(netState)) {
/* read some more, looping until we have data */
errno = 0;
while (1) {
int selCount;
fd_set readfds;
int maxfd = -1;
int fd;
FD_ZERO(&readfds);
/* configure fds; note these may get zapped by another thread */
fd = netState->controlSock;
if (fd >= 0) {
FD_SET(fd, &readfds);
if (maxfd < fd) {
maxfd = fd;
}
}
fd = netState->clientSock;
if (fd >= 0) {
FD_SET(fd, &readfds);
if (maxfd < fd) {
maxfd = fd;
}
}
fd = netState->wakeFds[0];
if (fd >= 0) {
FD_SET(fd, &readfds);
if (maxfd < fd) {
maxfd = fd;
}
} else {
LOG(INFO) << "NOTE: entering select w/o wakepipe";
}
if (maxfd < 0) {
LOG(VERBOSE) << "+++ all fds are closed";
return false;
}
/*
* Select blocks until it sees activity on the file descriptors.
* Closing the local file descriptor does not count as activity,
* so we can't rely on that to wake us up (it works for read()
* and accept(), but not select()).
*
* We can do one of three things: (1) send a signal and catch
* EINTR, (2) open an additional fd ("wakePipe") and write to
* it when it's time to exit, or (3) time out periodically and
* re-issue the select. We're currently using #2, as it's more
* reliable than #1 and generally better than #3. Wastes two fds.
*/
selCount = select(maxfd+1, &readfds, NULL, NULL, NULL);
if (selCount < 0) {
if (errno == EINTR) {
continue;
}
PLOG(ERROR) << "select failed";
goto fail;
}
if (netState->wakeFds[0] >= 0 && FD_ISSET(netState->wakeFds[0], &readfds)) {
LOG(DEBUG) << "Got wake-up signal, bailing out of select";
goto fail;
}
if (netState->controlSock >= 0 && FD_ISSET(netState->controlSock, &readfds)) {
int sock = receiveClientFd(netState);
if (sock >= 0) {
LOG(INFO) << "Ignoring second debugger -- accepting and dropping";
close(sock);
} else {
CHECK_LT(netState->controlSock, 0);
/*
* Remote side most likely went away, so our next read
* on netState->clientSock will fail and throw us out
* of the loop.
*/
}
}
if (netState->clientSock >= 0 && FD_ISSET(netState->clientSock, &readfds)) {
readCount = read(netState->clientSock, netState->inputBuffer + netState->inputCount, sizeof(netState->inputBuffer) - netState->inputCount);
if (readCount < 0) {
/* read failed */
if (errno != EINTR) {
goto fail;
}
LOG(DEBUG) << "+++ EINTR hit";
return true;
} else if (readCount == 0) {
/* EOF hit -- far end went away */
LOG(VERBOSE) << "+++ peer disconnected";
goto fail;
} else {
break;
}
}
}
netState->inputCount += readCount;
if (!haveFullPacket(netState)) {
return true; /* still not there yet */
}
}
/*
* Special-case the initial handshake. For some bizarre reason we're
* expected to emulate bad tty settings by echoing the request back
* exactly as it was sent. Note the handshake is always initiated by
* the debugger, no matter who connects to whom.
*
* Other than this one case, the protocol [claims to be] stateless.
*/
if (netState->awaitingHandshake) {
int cc;
if (memcmp(netState->inputBuffer, kMagicHandshake, kMagicHandshakeLen) != 0) {
LOG(ERROR) << StringPrintf("ERROR: bad handshake '%.14s'", netState->inputBuffer);
goto fail;
}
errno = 0;
cc = write(netState->clientSock, netState->inputBuffer, kMagicHandshakeLen);
if (cc != kMagicHandshakeLen) {
PLOG(ERROR) << "Failed writing handshake bytes (" << cc << " of " << kMagicHandshakeLen << ")";
goto fail;
}
consumeBytes(netState, kMagicHandshakeLen);
netState->awaitingHandshake = false;
LOG(VERBOSE) << "+++ handshake complete";
return true;
}
/*
* Handle this packet.
*/
return handlePacket(state);
fail:
closeConnection(state);
return false;
}
/*
* Send a request.
*
* The entire packet must be sent with a single write() call to avoid
* threading issues.
*
* Returns "true" if it was sent successfully.
*/
static bool sendRequest(JdwpState* state, ExpandBuf* pReq) {
JdwpNetState* netState = state->netState;
if (netState->clientSock < 0) {
/* can happen with some DDMS events */
LOG(VERBOSE) << "NOT sending request -- no debugger is attached";
return false;
}
errno = 0;
ssize_t cc = netState->writePacket(pReq);
if (cc != (ssize_t) expandBufGetLength(pReq)) {
PLOG(ERROR) << "Failed sending req to debugger (" << cc << " of " << expandBufGetLength(pReq) << ")";
return false;
}
return true;
}
/*
* Send a request that was split into multiple buffers.
*
* The entire packet must be sent with a single writev() call to avoid
* threading issues.
*
* Returns "true" if it was sent successfully.
*/
static bool sendBufferedRequest(JdwpState* state, const iovec* iov, int iovcnt) {
JdwpNetState* netState = state->netState;
if (netState->clientSock < 0) {
/* can happen with some DDMS events */
LOG(VERBOSE) << "NOT sending request -- no debugger is attached";
return false;
}
size_t expected = 0;
int i;
for (i = 0; i < iovcnt; i++) {
expected += iov[i].iov_len;
}
ssize_t actual = netState->writeBufferedPacket(iov, iovcnt);
if ((size_t)actual != expected) {
PLOG(ERROR) << "Failed sending b-req to debugger (" << actual << " of " << expected << ")";
return false;
}
return true;
}
/*
* Our functions.
*/
static const JdwpTransport adbTransport = {
startup,
acceptConnection,
establishConnection,
closeConnection,
netShutdown,
netFree,
isConnected,
awaitingHandshake,
processIncoming,
sendRequest,
sendBufferedRequest
};
/*
* Return our set.
*/
const JdwpTransport* AndroidAdbTransport() {
return &adbTransport;
}
} // namespace JDWP
} // namespace art