android emulator虚拟设备分析第三篇之pipe上的qemud service
一、概述 本篇和第二篇是强相关的,需要结合第二篇一起看。 以boot-properties为例,注意不需要看ANDROID-QEMUD.TXT,这个是和guest os中的qemud进行相关的,已废弃。 启动emulator时,有一个参数-prop <key>=<value>,用于向guest os中添加属性。 二、guest os中使用qemud service的方法 实现代码是:http://androidxref.com/5.1.0_r1/xref/device/generic/goldfish/qemu-props/qemu-props.c,用到了头文件:http://androidxref.com/5.1.0_r1/xref/hardware/libhardware/include/hardware/qemud.h guest os中程序名为qemu-props,由/system/etc/init.goldfish.rc启动。 启动后循环几次,尝试打开boot-properties服务(qemud_fd = qemud_channel_open( "boot-properties" ))。 如果打开成功,发送list命令(qemud_channel_send(qemud_fd, "list", -1))给boot-properties。 然后在循环中读取启动emulator时通过-prop指定的属性(qemud_channel_recv(qemud_fd, temp, sizeof temp - 1))。 并设置guest os中的属性(property_set(temp, q))。 qemud_channel_open,先尝试打开/dev/qemu_pipe,写入pipe:qemud:boot-properties。 如果pipe方式失败,才会去通过socket和qemud进程通信,写入boot-properties,期待返回OK。 static __inline__ int qemud_channel_open(const char* name) { int fd; int namelen = strlen(name); char answer[2]; char pipe_name[256]; /* First, try to connect to the pipe. */ snprintf(pipe_name, sizeof(pipe_name), "qemud:%s", name); fd = qemu_pipe_open(pipe_name); if (fd < 0) { D("QEMUD pipe is not available for %s: %s", name, strerror(errno)); /* If pipe is not available, connect to qemud control socket */ fd = socket_local_client( "qemud", ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_STREAM ); if (fd < 0) { D("no qemud control socket: %s", strerror(errno)); return -1; } /* send service name to connect */ if (qemud_fd_write(fd, name, namelen) != namelen) { D("can't send service name to qemud: %s", strerror(errno)); close(fd); return -1; } /* read answer from daemon */ if (qemud_fd_read(fd, answer, 2) != 2 || answer[0] != 'O' || answer[1] != 'K') { D("cant' connect to %s service through qemud", name); close(fd); return -1; } } return fd; } qemud_channel_send和qemud_channel_recv是qemu-pipe和qemud所通用的,直接对fd进行读写,先读写4个字节,为size,然后读取具体的内容。 static __inline__ int qemud_channel_send(int fd, const void* msg, int msglen) { char header[5]; if (msglen < 0) msglen = strlen((const char*)msg); if (msglen == 0) return 0; snprintf(header, sizeof header, "%04x", msglen); if (qemud_fd_write(fd, header, 4) != 4) { D("can't write qemud frame header: %s", strerror(errno)); return -1; } if (qemud_fd_write(fd, msg, msglen) != msglen) { D("can4t write qemud frame payload: %s", strerror(errno)); return -1; } return 0; } static __inline__ int qemud_channel_recv(int fd, void* msg, int msgsize) { char header[5]; int size, avail; if (qemud_fd_read(fd, header, 4) != 4) { D("can't read qemud frame header: %s", strerror(errno)); return -1; } header[4] = 0; if (sscanf(header, "%04x", &size) != 1) { D("malformed qemud frame header: '%.*s'", 4, header); return -1; } if (size > msgsize) return -1; if (qemud_fd_read(fd, msg, size) != size) { D("can't read qemud frame payload: %s", strerror(errno)); return -1; } return size; } 三、注册新的qemud service 所有的qemud service都使用pipe:qemud这个pipe service,是它的子服务。如何去实现这种子服务呢? emulator里面有两中结构体QemudService, QemudClient分别表示子服务,以及子服务的client。 QemudPipe和之前说的pipe类似,每次打开/dev/qemu_pipe时,kernel和emulator中都会产生一个pipe,对应一个CHANNEL,在guest os第一次通过/dev/qemu_pipe发送数据时,会创建一个QemudPipe,也就是peer,作为pipe:qemud funcs中的opaque。 pipeConnector_sendBuffers函数代码片段: Pipe* pipe = pcon->pipe; void* peer = svc->funcs.init(pipe->hwpipe, svc->opaque, pipeArgs); if (peer == NULL) { D("%s: Initialization failed for pipe %s!", __FUNCTION__, pipeName); return PIPE_ERROR_INVAL; } /* Do the evil switch now */ pipe->opaque = peer; pipe->service = svc; pipe->funcs = &svc->funcs; pipe->args = ASTRDUP(pipeArgs); AFREE(pcon); 3.1、pipe:qemud服务 代码为external/qemu/android/emulation/android_qemud.cpp,我在android源码中没有找到,在另一个模拟器的repo中找到了。注意代码中夹杂着一些guest os中qemud相关的东西,关键词serial,不需要看。 初始化代码如下,_qemudPipe_funcs就是第二篇中所说的svc->funcs,从第二次通信开始,qemu_pipe都使用这些funcs去读写。 /* QEMUD pipe functions. */ static const AndroidPipeFuncs _qemudPipe_funcs = { _qemudPipe_init, _qemudPipe_closeFromGuest, _qemudPipe_sendBuffers, _qemudPipe_recvBuffers, _qemudPipe_poll, _qemudPipe_wakeOn, _qemudPipe_save, _qemudPipe_load, }; /* Initializes QEMUD pipe interface. */ static void _android_qemud_pipe_init(void) { static bool _qemud_pipe_initialized = false; if (!_qemud_pipe_initialized) { android_pipe_add_type("qemud", looper_getForThread(), &_qemudPipe_funcs); _qemud_pipe_initialized = true; } } static bool isInited = false; void android_qemud_init(CSerialLine* sl) { D("%s", __FUNCTION__); /* We don't know in advance whether the guest system supports qemud pipes, * so we will initialize both qemud machineries, the legacy (over serial * port), and the new one (over qemu pipe). Then we let the guest to connect * via one, or the other. */ _android_qemud_serial_init(sl); _android_qemud_pipe_init(); isInited = true; } _qemudPipe_init是建立连接后,初始化QemudPipe的代码。 QemudMultiplexer中只有两个链表有用。 先根据service name查找子服务QemudService,然后调用子服务的qemud_service_connect_client去创建QemudClient,然后去创建QemudPipe /* This is a callback that gets invoked when guest is connecting to the service. * * Here we will create a new client as well as pipe descriptor representing new * connection. */ static void* _qemudPipe_init(void* hwpipe, void* _looper, const char* args) { QemudMultiplexer* m = qemud_multiplexer; QemudService* sv = m->services; QemudClient* client; QemudPipe* pipe = NULL; char service_name[512]; const char* client_args; size_t srv_name_len; /* 'args' passed in this callback represents name of the service the guest is * connecting to. It can't be NULL. */ if (args == NULL) { D("%s: Missing address!", __FUNCTION__); return NULL; } /* 'args' contain service name, and optional parameters for the client that * is about to be created in this call. The parameters are separated from the * service name wit ':'. Separate service name from the client param. */ client_args = strchr(args, ':'); if (client_args != NULL) { srv_name_len = min(client_args - args, (intptr_t) sizeof(service_name) - 1); client_args++; // Past the ':' if (*client_args == '\0') { /* No actual parameters. */ client_args = NULL; } } else { srv_name_len = min(strlen(args), sizeof(service_name) - 1); } memcpy(service_name, args, srv_name_len); service_name[srv_name_len] = '\0'; /* Lookup registered service by its name. */ while (sv != NULL && strcmp(sv->name, service_name)) { sv = sv->next; } if (sv == NULL) { D("%s: Service '%s' has not been registered!", __FUNCTION__, service_name); return NULL; } /* Create a client for this connection. -1 as a channel ID signals that this * is a pipe client. */ client = qemud_service_connect_client(sv, -1, client_args); if (client != NULL) { pipe = static_cast<QemudPipe*>(android_alloc0(sizeof(*pipe))); pipe->hwpipe = hwpipe; pipe->looper = _looper; pipe->service = sv; pipe->client = client; client->ProtocolSelector.Pipe.qemud_pipe = pipe; } return pipe; } _qemudPipe_sendBuffers是guest通过/dev/qemu_pipe写数据时,将被调用的函数,也就是QemudClient接收到数据的函数,注意不要把send/recv的概念搞错了。 代码就是把guest发送的buffers拼起来,然后调用QemudClient的接收函数qemud_client_recv去处理。 /* Called when the guest has sent some data to the client. */ static int _qemudPipe_sendBuffers(void* opaque, const AndroidPipeBuffer* buffers, int numBuffers) { QemudPipe* pipe = static_cast<QemudPipe*>(opaque); QemudClient* client = pipe->client; size_t transferred = 0; if (client == NULL) { D("%s: Unexpected NULL client", __FUNCTION__); return -1; } if (numBuffers == 1) { /* Simple case: all data are in one buffer. */ D("%s: %s", __FUNCTION__, quote_bytes((char*) buffers->data, buffers->size)); qemud_client_recv(client, buffers->data, buffers->size); transferred = buffers->size; } else { /* If there are multiple buffers involved, collect all data in one buffer * before calling the high level client. */ uint8_t* msg, * wrk; int n; for (n = 0; n < numBuffers; n++) { transferred += buffers[n].size; } msg = static_cast<uint8_t*>(malloc(transferred)); wrk = msg; for (n = 0; n < numBuffers; n++) { memcpy(wrk, buffers[n].data, buffers[n].size); wrk += buffers[n].size; } D("%s: %s", __FUNCTION__, quote_bytes((char*) msg, transferred)); qemud_client_recv(client, msg, transferred); free(msg); } return transferred; } _qemudPipe_recvBuffers是guest想从/dev/qemu_pipe读取数据时被调用的。 QemudClient写数据时是写到自己的ProtocolSelector.Pipe.messages中的,在这个函数中把QemudClient中的ProtocolSelector.Pipe.messages倒腾到buffers中。 /* Called when the guest is reading data from the client. */ static int _qemudPipe_recvBuffers(void* opaque, AndroidPipeBuffer* buffers, int numBuffers) { QemudPipe* pipe = static_cast<QemudPipe*>(opaque); QemudClient* client = pipe->client; QemudPipeMessage** msg_list; AndroidPipeBuffer* buff = buffers; AndroidPipeBuffer* endbuff = buffers + numBuffers; size_t sent_bytes = 0; size_t off_in_buff = 0; if (client == NULL) { D("%s: Unexpected NULL client", __FUNCTION__); return -1; } msg_list = &client->ProtocolSelector.Pipe.messages; if (*msg_list == NULL) { /* No data to send. Let it block until we wake it up with * PIPE_WAKE_READ when service sends data to the client. */ return PIPE_ERROR_AGAIN; } /* Fill in goldfish buffers while they are still available, and there are * messages in the client's message list. */ while (buff != endbuff && *msg_list != NULL) { QemudPipeMessage* msg = *msg_list; /* Message data fiting the current pipe's buffer. */ size_t to_copy = min(msg->size - msg->offset, buff->size - off_in_buff); memcpy(buff->data + off_in_buff, msg->message + msg->offset, to_copy); /* Update offsets. */ off_in_buff += to_copy; msg->offset += to_copy; sent_bytes += to_copy; if (msg->size == msg->offset) { /* We're done with the current message. Go to the next one. */ *msg_list = msg->next; free(msg); } if (off_in_buff == buff->size) { /* Current pipe buffer is full. Continue with the next one. */ buff++; off_in_buff = 0; } } D("%s: -> %u (of %u)", __FUNCTION__, sent_bytes, buffers->size); return sent_bytes; } _qemudPipe_poll,PIPE_POLL_OUT总是有效,PIPE_POLL_IN需要看QemudClient的ProtocolSelector.Pipe.messages中是否有数据 static unsigned _qemudPipe_poll(void* opaque) { QemudPipe* pipe = static_cast<QemudPipe*>(opaque); QemudClient* client = pipe->client; unsigned ret = 0; if (client != NULL) { ret |= PIPE_POLL_OUT; if (client->ProtocolSelector.Pipe.messages != NULL) { ret |= PIPE_POLL_IN; } } else { D("%s: Unexpected NULL client", __FUNCTION__); } return ret; } _qemudPipe_wakeOn,发现ProtocolSelector.Pipe.messages中有数据时,会调用android_pipe_wake,把pipe添加到dev->signaled链表中。 static void _qemudPipe_wakeOn(void* opaque, int flags) { QemudPipe* qemud_pipe = (QemudPipe*) opaque; QemudClient* c = qemud_pipe->client; D("%s: -> %X", __FUNCTION__, flags); if (flags & PIPE_WAKE_READ) { if (c->ProtocolSelector.Pipe.messages != NULL) { android_pipe_wake(c->ProtocolSelector.Pipe.qemud_pipe->hwpipe, PIPE_WAKE_READ); } } } 3.2、qemud service 代码是external/qemu/android/boot-properties.c,也是在模拟器repo中的 boot_property_init_service去注册一个QemudService,主要函数就一个boot_property_service_connect,用于创建新的QemudClient void boot_property_init_service( void ) { if (!_inited) { QemudService* serv = qemud_service_register( SERVICE_NAME, 1, NULL, boot_property_service_connect, boot_property_save, boot_property_load); if (serv == NULL) { derror("could not register '%s' service", SERVICE_NAME); return; } D("registered '%s' qemud service", SERVICE_NAME); _inited = 1; } } boot_property_service_connect创建新的QemudClient,channel一般都是-1,表示是pipe方式,而不是serial方式(使用guest qemud进程) static QemudClient* boot_property_service_connect( void* opaque, QemudService* serv, int channel, const char* client_param ) { QemudClient* client; client = qemud_client_new( serv, channel, client_param, NULL, boot_property_client_recv, NULL, NULL, NULL ); qemud_client_set_framing(client, 1); return client; } qemud_client_new会绑定QemudClient的读写函数,读函数boot_property_client_recv(也就是qemud_client_recv)是在_qemudPipe_sendBuffers中调用的 循环执行qemud_client_send将数据(-prop指定的属性值的列表)写到QemudClient的ProtocolSelector.Pipe.messages中,当_qemudPipe_recvBuffers函数执行时,从QemudClient的ProtocolSelector.Pipe.messages中倒腾数据返回给guest void boot_property_client_recv( void* opaque, uint8_t* msg, int msglen, QemudClient* client ) { /* the 'list' command shall send all boot properties * to the client, then close the connection. */ if (msglen == 4 && !memcmp(msg, "list", 4)) { BootProperty* prop; for (prop = _boot_properties; prop != NULL; prop = prop->next) { qemud_client_send(client, (uint8_t*)prop->property, prop->length); } /* Send a NUL to signal the end of the list. */ qemud_client_send(client, (uint8_t*)"", 1); return; } /* unknown command ? */ D("%s: ignoring unknown command: %.*s", __FUNCTION__, msglen, msg); } boot-properties服务的入口函数是boot_property_parse_option,emulator在解析-prop参数时,会调用这个函数。 获得name和value后,调用boot_property_add2(name, namelen, value, valuelen)去添加属性到属性列表(_boot_properties)中 void boot_property_parse_option( const char* param ) { char* q = strchr(param,'='); const char* name; const char* value; int namelen, valuelen, ret; if (q == NULL) { dwarning("boot property missing (=) separator: %s", param); return; } name = param; namelen = q - param; value = q+1; valuelen = strlen(name) - (namelen+1); ret = boot_property_add2(name, namelen, value, valuelen); if (ret < 0) { boot_property_raise_warning(ret, name, namelen, value, valuelen); } } boot_property_add2会检查服务是否已初始化,如果没有,将调用boot_property_init_service。如果属性名和值没有非法字符,将申请新的属性:prop = boot_property_alloc(name, namelen, value, valuelen)并添加到属性列表中 /* Appends a new boot property to the end of the internal list. */ int boot_property_add2( const char* name, int namelen, const char* value, int valuelen ) { BootProperty* prop; /* check the lengths */ if (namelen > PROPERTY_MAX_NAME) return -1; if (valuelen > PROPERTY_MAX_VALUE) return -2; /* check that there are not invalid characters in the * property name */ const char* reject = " =$*?'\""; int nn; for (nn = 0; nn < namelen; nn++) { if (strchr(reject, name[nn]) != NULL) return -3; } /* init the service */ boot_property_init_service(); /* add to the end of the internal list */ prop = boot_property_alloc(name, namelen, value, valuelen); *_boot_properties_tail = prop; _boot_properties_tail = &prop->next; return 0; } boot_property_init_service先检查是否已初始化,如果没有,将进行初始化 QemudService* serv = qemud_service_register( SERVICE_NAME, 1, NULL, boot_property_service_connect, boot_property_save, boot_property_load); 第二个参数是max_clients,最大客户数量 第三个参数是serv_opaque,将传递给注册的serv_connect函数的第一个参数 第四个参数是注册的serv_connect函数 第五、第六是保存和恢复属性链表的函数 void boot_property_init_service( void ) { if (!_inited) { QemudService* serv = qemud_service_register( SERVICE_NAME, 1, NULL, boot_property_service_connect, boot_property_save, boot_property_load); if (serv == NULL) { derror("could not register '%s' service", SERVICE_NAME); return; } D("registered '%s' qemud service", SERVICE_NAME); _inited = 1; } }
