Failing to write to the endpoint results in subsequent reads on ep0 to
fail with EL2HLT, so do an empty write to fulfill the transfer.
Bug: http://b/131867920
Test: manually tested with modified auto client
Change-Id: If2eec162ca4b31a9974c7bd5802be51cee9e2708
It seems like we're blowing up when receiving a control transfer that's
intended for Android Auto, because we're not expecting to get the data
for the control transfer in a subsequent read.
Bug: http://b/131867920
Test: none
Change-Id: Icfd642e6dfc02d2ccbdd60c39f89e534298c944d
Kernel does not accept non-zero value of iocb->aio_reserved2.
Bug: 132803232
Test: initialize malloc() memory to non-zero pattern and see what breaks
Change-Id: I65a7e89e3a2c1ba79df1dc2d011d6c76c41afb81
(cherry picked from commit fe7eca7b8f)
Also, improve the logging in the cases where we do abort.
Bug: http://b/131867920
Test: treehugger
Change-Id: If8ec9f4614ce146e6dbd21cc77587ea81658199b
(cherry picked from commit 2916e148d9)
A previous patch intended to make receiving multiple FUNCTIONFS_ENABLEs
non-fatal, but failed to do so because we would try to spawn another
worker thread and hit a different assertion.
Bug: http://b/130638368
Test: echo mem | adb shell "su 0 sh -c 'cat > /sys/power/state'"
Change-Id: I53456112244d8b4f7d26df6ec6961389fca70498
(cherry picked from commit 910ce0ff08)
Each operation we submit results in a contiguous allocation in the
kernel which can trigger OOM-killing. Tune the queue depths to reduce
the chances of this happening, with a minimal impact on performance.
Bug: http://b/126582877
Test: ./benchmark_device.py with blueline
Change-Id: I4b0f83d54a9a9a69f0ab48322d78fb137c94dd35
(cherry picked from commit 28293f16a8)
Some USB controllers only support 16k writes, so drop down to that.
Bug: http://b/130622010
Test: treehugger
Change-Id: I836d5b2d0d6fcae05f290af11a6a19c6e8d7c1ba
(cherry picked from commit 770a6a4d46)
As raw protocol does not allow for splitting err - it has to be redirected to inout.
Before this change it was not done for in-process and all err data was lost.
Bug: 130086616
Test: manual + atest adbd_test
Change-Id: I6cd11c940673d73e2993a6eb23c46d31bd8bf504
(cherry picked from commit 704c97d6c2)
It seems like we don't actually always get these events in order, so
demote them to a log and restart the connection instead of aborting.
Bug: http://b/129464137
Test: mma
Change-Id: I7dffbf62f9dea665cf9f9f9e1bd18d444b6905ec
Occasionally, after we open the functionfs endpoint and write our
descriptors to it, we end up in a state where we never receive any
events from ep0, presumably due to a race against some other part of
the system, since adding sleeps reduces the likelihood. Add an
(arbitrarily chosen) timeout for the initial FUNCTIONFS_BIND we read,
and retry on failure.
Bug: http://b/128679787
Test: unplug and replug a blueline 14,000 times with a usb switch board
Change-Id: I4b3d5d552179ee7f3fefcc15f9575f793926f784
Monitor for FUNCTIONFS_UNBIND as well, so that in the case where we get
FUNCTIONFS_BIND, FUNCTIONFS_UNBIND, FUNCTIONFS_BIND, we don't trigger an
assertion failure from seeing two FUNCTIONFS_BINDs.
Bug: http://b/129134256
Test: manual
Change-Id: I80af5f4b833513e932262638b9f8d76bbcb35504
If we fail to submit writes for some reason (e.g. the USB cable was
unplugged), another thread that's waiting on the write mutex can enter
SubmitWrites and attempt to resubmit the writes that we already failed
to submit, leading to a failed assertion of !IoBlock::pending.
Increment writes_submitted_ before actually calling io_submit, so we
skip over these writes and fall through to exit.
Bug: http://b/129134256
Test: manually unplugged a blueline
Change-Id: I2fd0034e45db22c8f637c81039ce686b7aa6a03b
When a function argument takes a std::string, it's inefficient to
pass std::string::c_str(), since that creates an additional copy.
So we change these calling sites.
Test: TreeHugger
Change-Id: I1c0fde7275eb3ebd3baf05ec62581b0243655608
Allow disabling ro.adb.nonblocking_ffs via an ro system property, which
gets overridden by the currently supported persist.adb.nonblocking_ffs.
Bug: http://b/128679787
Test: mma
Change-Id: I28891d2da129e9654bf63ab8a4c330c4d2f5b336
Previously, we were initializing IoBlock::pending when submitting a read,
but leaving it uninitialized when doing a write, which would sometimes
result in an assertion firing when we received a previously allocated
block of memory that happened to have a nonzero value in pending.
Test: treehugger
Change-Id: I434c65f554ceed313fea9cfcc98788908f3ca8bc
As there is no security guarantee when the device is unlocked,
allowing adb root gives us more rooms to debug a USER build images.
Also, this makes it possible to run VTS on a USER build GSI, with
setting ro.debuggable=1 and unlocking the device.
This basically re-lands a reverted change:
https://android-review.googlesource.com/c/platform/system/core/+/437815
Which isn't needed after we moved /sbin/adbd to /system/bin/adbd in
USERDEBUG GSI. But it's still needed for USER build GSI.
Bug: 126493225
Test: unlock a USER build device, check 'adb root' can work
Change-Id: I93f12c8a3fe65c96c947e4602795eadfe591c521
If a device is unplugged, a BIND will happen without an ENABLE until the
device is plugged in, which would previously result in adbd crashing
every 5 seconds due to an attempt to join a thread that hadn't been
started.
Bug: http://b/128255355
Test: manually observed adbd via serial cable while unplugged
Change-Id: I90d6384e7e829df1ffaf73a95f2418a2ff97fb03
1. Don't clear O_CLOEXEC on an fd we're duping to stdin/out/err: dup2
does that for us if oldfd != newfd, and we know the fd can't be
stdin/out/err.
2. Use unique_fd.
3. Remove gotos by breaking the remount logic into its own function.
Test: mma
Change-Id: If9929e7f20de445322fd498e1379a2d4e572cb52
Replace direct logic in support for 'adb remount' with an exec out to
/system/bin/remount to do the heavy lifting. Remount success and
failure strings are reported by the adb remount service in response
to the various reported errors, freeing up the remount command itself
from the legacy of script expectations.
Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I686fa465f463b881bbb38f709d780a95e463be80
Reduce the operation sizes to sizes that are small enough that the
kernel will run the OOM killer to try to make them succeed. Compensate
for the smaller operation sizes by increasing the queue depth.
Bug: http://b/126582877
Test: benchmark_device.py
Change-Id: I4d351f56c8f83fea882614238cc3fec8ba1e9bf9
