1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <stdio.h>
19 #include <sys/socket.h>
20 #include <sys/un.h>
21 #include <unistd.h>
22
23 #include "base/logging.h"
24 #include "base/stringprintf.h"
25 #include "jdwp/jdwp_priv.h"
26
27 #ifdef __ANDROID__
28 #include "cutils/sockets.h"
29 #endif
30
31 /*
32 * The JDWP <-> ADB transport protocol is explained in detail
33 * in system/core/adb/jdwp_service.c. Here's a summary.
34 *
35 * 1/ when the JDWP thread starts, it tries to connect to a Unix
36 * domain stream socket (@jdwp-control) that is opened by the
37 * ADB daemon.
38 *
39 * 2/ it then sends the current process PID as a string of 4 hexadecimal
40 * chars (no terminating zero)
41 *
42 * 3/ then, it uses recvmsg to receive file descriptors from the
43 * daemon. each incoming file descriptor is a pass-through to
44 * a given JDWP debugger, that can be used to read the usual
45 * JDWP-handshake, etc...
46 */
47
48 #define kJdwpControlName "\0jdwp-control"
49 #define kJdwpControlNameLen (sizeof(kJdwpControlName)-1)
50
51 namespace art {
52
53 namespace JDWP {
54
55 struct JdwpAdbState : public JdwpNetStateBase {
56 public:
JdwpAdbStateart::JDWP::JdwpAdbState57 explicit JdwpAdbState(JdwpState* state) : JdwpNetStateBase(state) {
58 control_sock_ = -1;
59 shutting_down_ = false;
60
61 control_addr_.controlAddrUn.sun_family = AF_UNIX;
62 control_addr_len_ = sizeof(control_addr_.controlAddrUn.sun_family) + kJdwpControlNameLen;
63 memcpy(control_addr_.controlAddrUn.sun_path, kJdwpControlName, kJdwpControlNameLen);
64 }
65
~JdwpAdbStateart::JDWP::JdwpAdbState66 ~JdwpAdbState() {
67 if (clientSock != -1) {
68 shutdown(clientSock, SHUT_RDWR);
69 close(clientSock);
70 }
71 if (control_sock_ != -1) {
72 shutdown(control_sock_, SHUT_RDWR);
73 close(control_sock_);
74 }
75 }
76
77 virtual bool Accept();
78
Establishart::JDWP::JdwpAdbState79 virtual bool Establish(const JdwpOptions*) {
80 return false;
81 }
82
Shutdownart::JDWP::JdwpAdbState83 virtual void Shutdown() {
84 shutting_down_ = true;
85
86 int control_sock = this->control_sock_;
87 int local_clientSock = this->clientSock;
88
89 /* clear these out so it doesn't wake up and try to reuse them */
90 this->control_sock_ = this->clientSock = -1;
91
92 if (local_clientSock != -1) {
93 shutdown(local_clientSock, SHUT_RDWR);
94 }
95
96 if (control_sock != -1) {
97 shutdown(control_sock, SHUT_RDWR);
98 }
99
100 WakePipe();
101 }
102
103 virtual bool ProcessIncoming();
104
105 private:
106 int ReceiveClientFd();
107
108 int control_sock_;
109 bool shutting_down_;
110
111 socklen_t control_addr_len_;
112 union {
113 sockaddr_un controlAddrUn;
114 sockaddr controlAddrPlain;
115 } control_addr_;
116 };
117
118 /*
119 * Do initial prep work, e.g. binding to ports and opening files. This
120 * runs in the main thread, before the JDWP thread starts, so it shouldn't
121 * do anything that might block forever.
122 */
InitAdbTransport(JdwpState * state,const JdwpOptions *)123 bool InitAdbTransport(JdwpState* state, const JdwpOptions*) {
124 VLOG(jdwp) << "ADB transport startup";
125 state->netState = new JdwpAdbState(state);
126 return (state->netState != nullptr);
127 }
128
129 /*
130 * Receive a file descriptor from ADB. The fd can be used to communicate
131 * directly with a debugger or DDMS.
132 *
133 * Returns the file descriptor on success. On failure, returns -1 and
134 * closes netState->control_sock_.
135 */
ReceiveClientFd()136 int JdwpAdbState::ReceiveClientFd() {
137 char dummy = '!';
138 union {
139 cmsghdr cm;
140 char buffer[CMSG_SPACE(sizeof(int))];
141 } cm_un;
142
143 iovec iov;
144 iov.iov_base = &dummy;
145 iov.iov_len = 1;
146
147 msghdr msg;
148 msg.msg_name = nullptr;
149 msg.msg_namelen = 0;
150 msg.msg_iov = &iov;
151 msg.msg_iovlen = 1;
152 msg.msg_flags = 0;
153 msg.msg_control = cm_un.buffer;
154 msg.msg_controllen = sizeof(cm_un.buffer);
155
156 cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
157 cmsg->cmsg_len = msg.msg_controllen;
158 cmsg->cmsg_level = SOL_SOCKET;
159 cmsg->cmsg_type = SCM_RIGHTS;
160 (reinterpret_cast<int*>(CMSG_DATA(cmsg)))[0] = -1;
161
162 int rc = TEMP_FAILURE_RETRY(recvmsg(control_sock_, &msg, 0));
163
164 if (rc <= 0) {
165 if (rc == -1) {
166 PLOG(WARNING) << "Receiving file descriptor from ADB failed (socket " << control_sock_ << ")";
167 }
168 close(control_sock_);
169 control_sock_ = -1;
170 return -1;
171 }
172
173 return (reinterpret_cast<int*>(CMSG_DATA(cmsg)))[0];
174 }
175
176 /*
177 * Block forever, waiting for a debugger to connect to us. Called from the
178 * JDWP thread.
179 *
180 * This needs to un-block and return "false" if the VM is shutting down. It
181 * should return "true" when it successfully accepts a connection.
182 */
Accept()183 bool JdwpAdbState::Accept() {
184 int retryCount = 0;
185
186 /* first, ensure that we get a connection to the ADB daemon */
187
188 retry:
189 if (shutting_down_) {
190 return false;
191 }
192
193 if (control_sock_ == -1) {
194 int sleep_ms = 500;
195 const int sleep_max_ms = 2*1000;
196 char buff[5];
197
198 control_sock_ = socket(PF_UNIX, SOCK_STREAM, 0);
199 if (control_sock_ < 0) {
200 PLOG(ERROR) << "Could not create ADB control socket";
201 return false;
202 }
203
204 if (!MakePipe()) {
205 return false;
206 }
207
208 snprintf(buff, sizeof(buff), "%04x", getpid());
209 buff[4] = 0;
210
211 for (;;) {
212 /*
213 * If adbd isn't running, because USB debugging was disabled or
214 * perhaps the system is restarting it for "adb root", the
215 * connect() will fail. We loop here forever waiting for it
216 * to come back.
217 *
218 * Waking up and polling every couple of seconds is generally a
219 * bad thing to do, but we only do this if the application is
220 * debuggable *and* adbd isn't running. Still, for the sake
221 * of battery life, we should consider timing out and giving
222 * up after a few minutes in case somebody ships an app with
223 * the debuggable flag set.
224 */
225 int ret = connect(control_sock_, &control_addr_.controlAddrPlain, control_addr_len_);
226 if (!ret) {
227 #ifdef __ANDROID__
228 if (!socket_peer_is_trusted(control_sock_)) {
229 if (shutdown(control_sock_, SHUT_RDWR)) {
230 PLOG(ERROR) << "trouble shutting down socket";
231 }
232 return false;
233 }
234 #endif
235
236 /* now try to send our pid to the ADB daemon */
237 ret = TEMP_FAILURE_RETRY(send(control_sock_, buff, 4, 0));
238 if (ret >= 0) {
239 VLOG(jdwp) << StringPrintf("PID sent as '%.*s' to ADB", 4, buff);
240 break;
241 }
242
243 PLOG(ERROR) << "Weird, can't send JDWP process pid to ADB";
244 return false;
245 }
246 if (VLOG_IS_ON(jdwp)) {
247 PLOG(ERROR) << "Can't connect to ADB control socket";
248 }
249
250 usleep(sleep_ms * 1000);
251
252 sleep_ms += (sleep_ms >> 1);
253 if (sleep_ms > sleep_max_ms) {
254 sleep_ms = sleep_max_ms;
255 }
256 if (shutting_down_) {
257 return false;
258 }
259 }
260 }
261
262 VLOG(jdwp) << "trying to receive file descriptor from ADB";
263 /* now we can receive a client file descriptor */
264 clientSock = ReceiveClientFd();
265 if (shutting_down_) {
266 return false; // suppress logs and additional activity
267 }
268 if (clientSock == -1) {
269 if (++retryCount > 5) {
270 LOG(ERROR) << "adb connection max retries exceeded";
271 return false;
272 }
273 goto retry;
274 } else {
275 VLOG(jdwp) << "received file descriptor " << clientSock << " from ADB";
276 SetAwaitingHandshake(true);
277 input_count_ = 0;
278 return true;
279 }
280 }
281
282 /*
283 * Process incoming data. If no data is available, this will block until
284 * some arrives.
285 *
286 * If we get a full packet, handle it.
287 *
288 * To take some of the mystery out of life, we want to reject incoming
289 * connections if we already have a debugger attached. If we don't, the
290 * debugger will just mysteriously hang until it times out. We could just
291 * close the listen socket, but there's a good chance we won't be able to
292 * bind to the same port again, which would confuse utilities.
293 *
294 * Returns "false" on error (indicating that the connection has been severed),
295 * "true" if things are still okay.
296 */
ProcessIncoming()297 bool JdwpAdbState::ProcessIncoming() {
298 int readCount;
299
300 CHECK_NE(clientSock, -1);
301
302 if (!HaveFullPacket()) {
303 /* read some more, looping until we have data */
304 errno = 0;
305 while (1) {
306 int selCount;
307 fd_set readfds;
308 int maxfd = -1;
309 int fd;
310
311 FD_ZERO(&readfds);
312
313 /* configure fds; note these may get zapped by another thread */
314 fd = control_sock_;
315 if (fd >= 0) {
316 FD_SET(fd, &readfds);
317 if (maxfd < fd) {
318 maxfd = fd;
319 }
320 }
321 fd = clientSock;
322 if (fd >= 0) {
323 FD_SET(fd, &readfds);
324 if (maxfd < fd) {
325 maxfd = fd;
326 }
327 }
328 fd = wake_pipe_[0];
329 if (fd >= 0) {
330 FD_SET(fd, &readfds);
331 if (maxfd < fd) {
332 maxfd = fd;
333 }
334 } else {
335 LOG(INFO) << "NOTE: entering select w/o wakepipe";
336 }
337
338 if (maxfd < 0) {
339 VLOG(jdwp) << "+++ all fds are closed";
340 return false;
341 }
342
343 /*
344 * Select blocks until it sees activity on the file descriptors.
345 * Closing the local file descriptor does not count as activity,
346 * so we can't rely on that to wake us up (it works for read()
347 * and accept(), but not select()).
348 *
349 * We can do one of three things: (1) send a signal and catch
350 * EINTR, (2) open an additional fd ("wake pipe") and write to
351 * it when it's time to exit, or (3) time out periodically and
352 * re-issue the select. We're currently using #2, as it's more
353 * reliable than #1 and generally better than #3. Wastes two fds.
354 */
355 selCount = select(maxfd + 1, &readfds, nullptr, nullptr, nullptr);
356 if (selCount < 0) {
357 if (errno == EINTR) {
358 continue;
359 }
360 PLOG(ERROR) << "select failed";
361 goto fail;
362 }
363
364 if (wake_pipe_[0] >= 0 && FD_ISSET(wake_pipe_[0], &readfds)) {
365 VLOG(jdwp) << "Got wake-up signal, bailing out of select";
366 goto fail;
367 }
368 if (control_sock_ >= 0 && FD_ISSET(control_sock_, &readfds)) {
369 int sock = ReceiveClientFd();
370 if (sock >= 0) {
371 LOG(INFO) << "Ignoring second debugger -- accepting and dropping";
372 close(sock);
373 } else {
374 CHECK_EQ(control_sock_, -1);
375 /*
376 * Remote side most likely went away, so our next read
377 * on clientSock will fail and throw us out of the loop.
378 */
379 }
380 }
381 if (clientSock >= 0 && FD_ISSET(clientSock, &readfds)) {
382 readCount = read(clientSock, input_buffer_ + input_count_, sizeof(input_buffer_) - input_count_);
383 if (readCount < 0) {
384 /* read failed */
385 if (errno != EINTR) {
386 goto fail;
387 }
388 VLOG(jdwp) << "+++ EINTR hit";
389 return true;
390 } else if (readCount == 0) {
391 /* EOF hit -- far end went away */
392 VLOG(jdwp) << "+++ peer disconnected";
393 goto fail;
394 } else {
395 break;
396 }
397 }
398 }
399
400 input_count_ += readCount;
401 if (!HaveFullPacket()) {
402 return true; /* still not there yet */
403 }
404 }
405
406 /*
407 * Special-case the initial handshake. For some bizarre reason we're
408 * expected to emulate bad tty settings by echoing the request back
409 * exactly as it was sent. Note the handshake is always initiated by
410 * the debugger, no matter who connects to whom.
411 *
412 * Other than this one case, the protocol [claims to be] stateless.
413 */
414 if (IsAwaitingHandshake()) {
415 if (memcmp(input_buffer_, kMagicHandshake, kMagicHandshakeLen) != 0) {
416 LOG(ERROR) << StringPrintf("ERROR: bad handshake '%.14s'", input_buffer_);
417 goto fail;
418 }
419
420 errno = 0;
421 int cc = TEMP_FAILURE_RETRY(write(clientSock, input_buffer_, kMagicHandshakeLen));
422 if (cc != kMagicHandshakeLen) {
423 PLOG(ERROR) << "Failed writing handshake bytes (" << cc << " of " << kMagicHandshakeLen << ")";
424 goto fail;
425 }
426
427 ConsumeBytes(kMagicHandshakeLen);
428 SetAwaitingHandshake(false);
429 VLOG(jdwp) << "+++ handshake complete";
430 return true;
431 }
432
433 /*
434 * Handle this packet.
435 */
436 return state_->HandlePacket();
437
438 fail:
439 Close();
440 return false;
441 }
442
443 } // namespace JDWP
444
445 } // namespace art
446