diff options
| author | Josh Gao <jmgao@google.com> | 2020-03-04 00:07:46 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-03-04 00:07:46 +0000 |
| commit | 2da5520aaba3d02ae73c0f86b7a2f81a574d8fb2 (patch) | |
| tree | 7b8408a4004038593e62865ac1b501acc4edfb85 | |
| parent | 6c889bb9cb9f5146da4c323de0368f3f1609dea0 (diff) | |
| parent | 1e18ac38da160313e9bca640045299f59be68c5d (diff) | |
Merge changes Ic2af40b8,I9c8cfebe into rvc-dev
* changes:
Reland "adb: turn CHECKs into an error + transport restart."
Reland "adb: daemon: Assign valid fd to usb_handle ep0 file descriptor"
| -rw-r--r-- | adb/daemon/usb.cpp | 27 | ||||
| -rw-r--r-- | adb/daemon/usb_ffs.cpp | 2 |
2 files changed, 21 insertions, 8 deletions
diff --git a/adb/daemon/usb.cpp b/adb/daemon/usb.cpp index ff97a6f05..87937fb6a 100644 --- a/adb/daemon/usb.cpp +++ b/adb/daemon/usb.cpp @@ -528,14 +528,16 @@ struct UsbFfsConnection : public Connection { } if (id.direction == TransferDirection::READ) { - HandleRead(id, event.res); + if (!HandleRead(id, event.res)) { + return; + } } else { HandleWrite(id); } } } - void HandleRead(TransferId id, int64_t size) { + bool HandleRead(TransferId id, int64_t size) { uint64_t read_idx = id.id % kUsbReadQueueDepth; IoReadBlock* block = &read_requests_[read_idx]; block->pending = false; @@ -545,7 +547,7 @@ struct UsbFfsConnection : public Connection { if (block->id().id != needed_read_id_) { LOG(VERBOSE) << "read " << block->id().id << " completed while waiting for " << needed_read_id_; - return; + return true; } for (uint64_t id = needed_read_id_;; ++id) { @@ -554,15 +556,22 @@ struct UsbFfsConnection : public Connection { if (current_block->pending) { break; } - ProcessRead(current_block); + if (!ProcessRead(current_block)) { + return false; + } ++needed_read_id_; } + + return true; } - void ProcessRead(IoReadBlock* block) { + bool ProcessRead(IoReadBlock* block) { if (!block->payload.empty()) { if (!incoming_header_.has_value()) { - CHECK_EQ(sizeof(amessage), block->payload.size()); + if (block->payload.size() != sizeof(amessage)) { + HandleError("received packet of unexpected length while reading header"); + return false; + } amessage& msg = incoming_header_.emplace(); memcpy(&msg, block->payload.data(), sizeof(msg)); LOG(DEBUG) << "USB read:" << dump_header(&msg); @@ -570,7 +579,10 @@ struct UsbFfsConnection : public Connection { } else { size_t bytes_left = incoming_header_->data_length - incoming_payload_.size(); Block payload = std::move(block->payload); - CHECK_LE(payload.size(), bytes_left); + if (block->payload.size() > bytes_left) { + HandleError("received too many bytes while waiting for payload"); + return false; + } incoming_payload_.append(std::move(payload)); } @@ -593,6 +605,7 @@ struct UsbFfsConnection : public Connection { PrepareReadBlock(block, block->id().id + kUsbReadQueueDepth); SubmitRead(block); + return true; } bool SubmitRead(IoReadBlock* block) { diff --git a/adb/daemon/usb_ffs.cpp b/adb/daemon/usb_ffs.cpp index b19fa5d58..cb7e2fb88 100644 --- a/adb/daemon/usb_ffs.cpp +++ b/adb/daemon/usb_ffs.cpp @@ -299,6 +299,7 @@ bool open_functionfs(android::base::unique_fd* out_control, android::base::uniqu } // Signal only when writing the descriptors to ffs android::base::SetProperty("sys.usb.ffs.ready", "1"); + *out_control = std::move(control); } bulk_out.reset(adb_open(USB_FFS_ADB_OUT, O_RDONLY)); @@ -313,7 +314,6 @@ bool open_functionfs(android::base::unique_fd* out_control, android::base::uniqu return false; } - *out_control = std::move(control); *out_bulk_in = std::move(bulk_in); *out_bulk_out = std::move(bulk_out); return true; |