From bfe3dac36d43208bb23aac56b0f156b8892d9d13 Mon Sep 17 00:00:00 2001 From: Josh Gao Date: Fri, 28 Feb 2020 14:31:27 -0800 Subject: [PATCH 1/2] Reland "adb: daemon: Assign valid fd to usb_handle ep0 file descriptor" This reverts commit ba4684c2b2bc952748ebbe176b292a6d263e4dc8. Bug: http://b/129283234 Test: manually unplugged/replugged Change-Id: I9c8cfebe09b2855cab986068273a835a13247b77 --- adb/daemon/usb_ffs.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adb/daemon/usb_ffs.cpp b/adb/daemon/usb_ffs.cpp index b19fa5d58..cb7e2fb88 100644 --- a/adb/daemon/usb_ffs.cpp +++ b/adb/daemon/usb_ffs.cpp @@ -299,6 +299,7 @@ bool open_functionfs(android::base::unique_fd* out_control, android::base::uniqu } // Signal only when writing the descriptors to ffs android::base::SetProperty("sys.usb.ffs.ready", "1"); + *out_control = std::move(control); } bulk_out.reset(adb_open(USB_FFS_ADB_OUT, O_RDONLY)); @@ -313,7 +314,6 @@ bool open_functionfs(android::base::unique_fd* out_control, android::base::uniqu return false; } - *out_control = std::move(control); *out_bulk_in = std::move(bulk_in); *out_bulk_out = std::move(bulk_out); return true; From 7b3048446da533eee295930002c82eae6511512f Mon Sep 17 00:00:00 2001 From: Josh Gao Date: Fri, 28 Feb 2020 14:53:56 -0800 Subject: [PATCH 2/2] Reland "adb: turn CHECKs into an error + transport restart." This reverts commit 2547f740ea132d8fcf26dd02ae5cc58e13c50a33. Bug: http://b/134695864 Bug: http://b/133872605 Test: manually unplugged/replugged Change-Id: Ic2af40b81354138a7842eb93aacc303885ac952e --- adb/daemon/usb.cpp | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/adb/daemon/usb.cpp b/adb/daemon/usb.cpp index 092819807..2c44032a8 100644 --- a/adb/daemon/usb.cpp +++ b/adb/daemon/usb.cpp @@ -525,14 +525,16 @@ struct UsbFfsConnection : public Connection { } if (id.direction == TransferDirection::READ) { - HandleRead(id, event.res); + if (!HandleRead(id, event.res)) { + return; + } } else { HandleWrite(id); } } } - void HandleRead(TransferId id, int64_t size) { + bool HandleRead(TransferId id, int64_t size) { uint64_t read_idx = id.id % kUsbReadQueueDepth; IoReadBlock* block = &read_requests_[read_idx]; block->pending = false; @@ -542,7 +544,7 @@ struct UsbFfsConnection : public Connection { if (block->id().id != needed_read_id_) { LOG(VERBOSE) << "read " << block->id().id << " completed while waiting for " << needed_read_id_; - return; + return true; } for (uint64_t id = needed_read_id_;; ++id) { @@ -551,15 +553,22 @@ struct UsbFfsConnection : public Connection { if (current_block->pending) { break; } - ProcessRead(current_block); + if (!ProcessRead(current_block)) { + return false; + } ++needed_read_id_; } + + return true; } - void ProcessRead(IoReadBlock* block) { + bool ProcessRead(IoReadBlock* block) { if (!block->payload.empty()) { if (!incoming_header_.has_value()) { - CHECK_EQ(sizeof(amessage), block->payload.size()); + if (block->payload.size() != sizeof(amessage)) { + HandleError("received packet of unexpected length while reading header"); + return false; + } amessage& msg = incoming_header_.emplace(); memcpy(&msg, block->payload.data(), sizeof(msg)); LOG(DEBUG) << "USB read:" << dump_header(&msg); @@ -567,7 +576,10 @@ struct UsbFfsConnection : public Connection { } else { size_t bytes_left = incoming_header_->data_length - incoming_payload_.size(); Block payload = std::move(block->payload); - CHECK_LE(payload.size(), bytes_left); + if (block->payload.size() > bytes_left) { + HandleError("received too many bytes while waiting for payload"); + return false; + } incoming_payload_.append(std::move(payload)); } @@ -590,6 +602,7 @@ struct UsbFfsConnection : public Connection { PrepareReadBlock(block, block->id().id + kUsbReadQueueDepth); SubmitRead(block); + return true; } bool SubmitRead(IoReadBlock* block) {