Commit graph

172 commits

Author SHA1 Message Date
Sayanna Chandula
5754b5ab10 init: Support reboot reason with thermal warmreset
Thermal shutdown could be due to tskin temperature or
battery temperature. Pass reason while rebooting the
system to reflect properly in boot.reason

Bug: 238464124
Test: Build and boot on device. Check reboot reason
for thermal shutdown and battery thermal shutdown with
thermal warmreset enabled.

Change-Id: I192562fed48ae7da7843e383362cd22a76ce479f
2022-10-07 14:11:25 -07:00
Jiyong Park
a5dfe700b8 Merge "init: remove unnecessary semicolon" 2022-09-02 11:39:05 +00:00
Jooyung Han
badb7de1a2 APEX configs support 'on' as well
APEX configs have supported only 'service' definitions. For those
services relying on 'on' trigger actions, we had to have separate config
files installed in read-only partitions (e.g. /system/etc/init).

This was suboptimal because even though APEXes are updatable, read-only
partitions are not.

Now, 'on' is supported in APEX configs. Putting 'on' trigger actions
near to service definitions makes APEX more self-contained.

'on' trigger actions loaded from APEX configs are not sticky. So, events
happens before loading APEX configs can't trigger actions. For example,
'post-fs-data' is where APEX configs are loaded for now, so 'on
post-fs-data' in APEX configs can't be triggerd.

Bug: 202731768
Test: atest CtsInitTestCases
Change-Id: I5a01d9c7c57b07955b829d6cc157e7f0c91166f9
2022-05-12 13:37:13 +09:00
Jaegeuk Kim
3e595d5e67 Shutdown f2fs to avoid fsck
Bug: 229406072
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Id3b27219ab2a4655f1740829b0f03f027e66349d
2022-04-22 12:48:09 -07:00
JeongHyeon Lee
170855dd2c init: remove unnecessary semicolon
Test: N/A
Change-Id: Ifae3188cabd523d67a5a934e8406eb9984c2cbbd
Signed-off-by: JeongHyeon Lee <jhs2.lee@samsung.com>
2022-04-14 18:08:17 +09:00
David Anderson
5392f87b72 Merge "Fix shutdown animation cannot be shown" am: 95983cbbb6
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1795394

Change-Id: I5bf7c171fb96642943f9b550d87302e4147e7813
2021-08-18 17:45:58 +00:00
David Anderson
95983cbbb6 Merge "Fix shutdown animation cannot be shown" 2021-08-18 17:26:50 +00:00
Xin Li
b0356efd79 Merge "Merge sc-dev-plus-aosp-without-vendor@7634622" into stage-aosp-master 2021-08-17 18:14:27 +00:00
zengshuchuan
21c97a5780 Fix shutdown animation cannot be shown
Don't start shutdown critical service or turn off
backlight, when ro.init.shutdown_animation=true

Bug: 196511757
Test: config ro.init.shutdown_animation=true and build
      shutdownanimation.zip to /system/media/
Signed-off-by: zengshuchuan <zengshuchuan@allwinnertech.com>
Change-Id: I5932b7281af630e80247048a70fe1b24f536d1d9
2021-08-13 17:34:39 +08:00
Chenfu.Liao
d672e47b32 Add Quiescent Reboot Target
[Description]
In the Quiescent Reboot process,
the android init process will pass the reboot target name "quiescent"
to the kernel through reboot syscall.

Kernel will write the boot-quiescent flag
to the misc partition to notify the bootloader.

When rebooting, bootloader will be added to
bootargs androidboot.quiescent=1 to notify android .

In the new version of GKI,
the filp_open function is not allowed
so that it is impossible to write the quiescent flag
in the Kernel to the misc partition.

https://android-review.googlesource.com/c/kernel/common/+/1705108
/1..29/android/abi_gki_aarch64_mtk#b641

Bug: 192634025

Test:
adb reboot quiescent
adb shell setprop sys.powerctl reboot,quiescent

Change-Id: I5ac982a1f16df39fa6bf567729a18ca8225f21f2
2021-07-02 09:38:17 +00:00
David Anderson
26e1ad4fb7 Merge "KillZramBackingDevice: Return immediately if backing_dev is none." am: 7e2d32bc06 am: 4c21150d8d
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1710548

Change-Id: Ifd8db64e5d1cd829d2271a917e4bdadff73083e0
2021-05-26 04:24:15 +00:00
shisiyuan
423c4f1994 KillZramBackingDevice: Return immediately if backing_dev is none.
It's possible that CONFIG_ZRAM_WRITEBACK is y,
but userspace doesn't set the /sys/block/zram0/backing_dev,
so its value is 'none'.
It's the same with "CONFIG_ZRAM_WRITEBACK is not set".

Change-Id: I2df89ceee68e4685deef5113bada21be96779e9b
Signed-off-by: shisiyuan <shisiyuan@xiaomi.com>
2021-05-18 14:47:47 +08:00
Treehugger Robot
a4c2d51c27 Merge "[Bugfix]Fix userspace-reboot failure when backing_dev exists but zram not swapped on" am: 23a50b3860 am: bce0c15f3f am: 11f3ed6133
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1674154

Change-Id: I1574031bb51c6a0c668be14654ee0ced824ae5ee
2021-04-23 01:09:45 +00:00
luwei9
8a3653cfe2 [Bugfix]Fix userspace-reboot failure when backing_dev exists but zram not swapped on
'/sys/block/zram0/backing_dev' will exist even if zram is not swapped on in some devices. And there is no reason to ensure that zram is swapped on if '/sys/block/zram0/backing_dev' exists. So, if we want to kill backing_dev during userspace reboot, we should check if zram is swapped on first.

TEST: as follow
 - adb root
 - adb shell swapoff /dev/block/zram0
 - adb shell echo 1 > /sys/block/zram0/reset
 - adb shell setprop test.userspace.reboot.flag 1
 - adb reboot userspace
 - (wait reboot ending) adb shell getprop test.userspace.reboot.flag (1 will be show if successful)

Signed-off-by: luwei9 <luwei9@xiaomi.com>
Change-Id: Icca569cf8d64bc024b867dae2ab789fc9e76445a
2021-04-15 08:08:20 +00:00
Xin Li
493484d39e Merge ab/7061308 into stage.
Bug: 180401296
Merged-In: I90ee4644f921d6bde03dbaef3f3e86fc080affaa
Change-Id: I0eff7d54656f2b4da44644429a35bdc5ba954fbc
2021-02-21 09:25:21 -08:00
Nicolas Geoffray
a782a5c8d6 Merge "Add boot animation progress system property." am: 5266e041ef am: 6d2e6e246c am: 69fab4410c
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1530810

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ifde01593e054ae005cb58d7d4d58380da4103629
2021-01-07 10:18:08 +00:00
Nicolas Geoffray
69fab4410c Merge "Add boot animation progress system property." am: 5266e041ef am: 6d2e6e246c
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1530810

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ib39e27f457e40ca98b79250a3a51626147b2ea68
2021-01-07 10:02:53 +00:00
Nicolas Geoffray
5266e041ef Merge "Add boot animation progress system property." 2021-01-07 09:23:35 +00:00
Bernie Innocenti
5e5916375f Merge "Add explicit Result::ok() checks where needed" am: bc053268cf am: 0b0c5424a8 am: d2a4c1f841
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1229625

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I2c670a3776c37b7d60e89469e13ec32c3172fee2
2020-12-22 07:02:53 +00:00
Bernie Innocenti
d2a4c1f841 Merge "Add explicit Result::ok() checks where needed" am: bc053268cf am: 0b0c5424a8
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1229625

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I66dafc280da0421afccadcd6c1c24e74dc306bf2
2020-12-21 19:20:02 +00:00
Bernie Innocenti
062ef5356d Add explicit Result::ok() checks where needed
Test: m checkbuild continuous_instrumentation_tests continuous_instrumentation_tests_api_coverage continuous_native_tests device-tests platform_tests
Exempt-From-Owner-Approval: mechanical mass refactoring
Change-Id: I8d40b1e3cb5d2f76baf77b8a190df4366909f7b6
2020-12-20 17:06:17 +00:00
Nicolas Geoffray
e106f0aaeb Add boot animation progress system property.
Test: m
Bug: 175686819
Change-Id: Ic2757054b908e2c7ff51e256e8683616df74fb33
2020-12-15 18:34:47 +00:00
Nikita Ioffe
660ffde3dc Add reboot_test
This test spawns several services backed by /system/bin/yes executable,
and then stops them either while SIGTERM or SIGKILL.

Ideally we want to unit test more of reboot logic, but that requires a
bigger refactoring.

Test: atest CtsInitTestCases
Bug: 170315126
Bug: 174335499
Change-Id: Ife48b1636c6ca2d0aac73f4eb6f4737343a88e7a
2020-12-11 16:37:10 +00:00
Nikita Ioffe
7ba5030dcc Fix potential use-after-free bug in reboot
Instead of operating on raw pointers, init now uses name of the
services as it's primary identifier. Only place that still uses
vector<Service*> is StopServices.

In addition, ServiceList::services() function is removed, which should
help avoiding similar bugs in the future.

Bug: 170315126
Bug: 174335499
Test: adb reboot
Test: atest CtsInitTestCases
Change-Id: I73ecd7a8c58c2ec3732934c595b7f7db814b7034
Merged-In: I73ecd7a8c58c2ec3732934c595b7f7db814b7034
Ignore-AOSP-First: fixing security vulnerability
(cherry picked from commit 8d6ae2dd8a)
2020-12-02 16:11:22 +00:00
Nikita Ioffe
8d6ae2dd8a Fix potential use-after-free bug in reboot
Instead of operating on raw pointers, init now uses name of the
services as it's primary identifier. Only place that still uses
vector<Service*> is StopServices.

In addition, ServiceList::services() function is removed, which should
help avoiding similar bugs in the future.

Bug: 170315126
Bug: 174335499
Test: adb reboot
Test: atest CtsInitTestCases
Change-Id: I73ecd7a8c58c2ec3732934c595b7f7db814b7034
Ignore-AOSP-First: fixing security vulnerability
2020-12-02 11:14:07 +00:00
Xin Li
0a112d52f8 Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: Id18cb0e2d2f3e776a42b566c4a1af2e250890896
Change-Id: Iba7cab32ab3aa6f47952c840ff6dc8492e8d0704
2020-08-29 01:42:13 -07:00
Gavin Corkery
71849ead53 Merge "Store userspace reboot info in /metadata" am: c0d11aa73a am: 41aa2489ec
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1308213

Change-Id: Iff7420678f552ffde23b175f698a2117107d38f1
2020-08-26 22:28:36 +00:00
Gavin Corkery
c0d11aa73a Merge "Store userspace reboot info in /metadata" 2020-08-26 21:47:19 +00:00
Gavin Corkery
8c92256df5 Store userspace reboot info in /metadata
Store pertinent information about userspace reboot events in the case
of failure. This information is any services which failed to stop
cleanly, the output of the default fstab and /proc/mounts, and
a list of mounts which failed to unmount. This information is only
stored as necessary (i.e. mount information will not be stored if
everything unmounted, even if some services failed to stop).

Added new /metadata/userspacereboot directory to persist this
information. Information older than 3 days will be deleted.

Test: adb reboot userspace with sigterm/sigkill timeouts set to
      very low values
Test: Manual test of storing all other information
Bug: 151820675
Change-Id: I6cfbfae92a7fc6f6c984475cad2c50c559924866
2020-08-21 17:32:34 +01:00
Nikita Ioffe
64697dcd89 Merge "Reboot sequence: Unmount active apexes before unmounting /data" am: b255195375 am: d60f0708c9
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1327913

Change-Id: Ie64a60f5a104ad22326e2d632b5cf30b2f489f42
2020-06-13 21:14:03 +00:00
Nikita Ioffe
91a9848775 Reboot sequence: Unmount active apexes before unmounting /data
Having mounted apexes with loop back devices backing files on /data
partition will prevent clean unmount of it. Unmounting them and tearing
down loop devices should minimize the risk of that.

Note that it won't fix the issue completely, as there are a few (~2-3)
processes that keep restarting even after SIGKILL is sent. Which means
that they can still hold references to apexes on /data partition. But
in practice probability of this is quite low.

Test: adb reboot
Test: put tzdata apex in /data/apex/active && adb reboot
Bug: 158152940
Change-Id: I4624567b3d0f304dba4c6e37b77abd89e57411de
2020-06-13 00:13:11 +01:00
Jooyung Han
971add2022 Merge "init: start ueventd in the default mount namespace" am: 7cc98e212b am: 9b07c52de0
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1325695

Change-Id: I8e29d81747b871f3e92c32c43d74f4fc6bdf8b85
2020-06-12 02:26:52 +00:00
Jooyung Han
4f23d5a236 init: start ueventd in the default mount namespace
Init starts ueventd in the default mount namespace to support loading
firmware from APEXes.

Bug: 155023652
Test: devices boots
      adb$ nsenter -t (pid of ueventd) -m ls /apex
      => shows all APEXes
Change-Id: Ibb8b33a07eb014752275e3bca4541b8b694dc64b
2020-06-11 15:10:40 +09:00
Martijn Coenen
860ba64393 Abort FUSE filesystems during shutdown.
To ensure we can shutdown cleanly, and don't hang an outstanding
requests to a FUSE host daemon that has already exited.

Bug: 153411204
Test: inspect logs during shutdown
Change-Id: I8e6479bd54dbc1fc85b087617aa6b16be9f15a3b
2020-05-28 19:11:07 +02:00
Woody Lin
8fb6e3fdaf InitFatalReboot: Trigger panic explicitly for init_fatal_panic
The exit of init panics the system *after* process context (mm, stack,
...etc.) are recycled, according to Linux kernel's 'do_exit'
implementation. To preserve most init process context for debugging,
triggers the panic via proc-sysrq explicitly.

Note: after this change, there will be no "Attempt to kill init" panic
when androidboot.init_fatal_panic is set.

Test: Insert data abort fault in init, the full process context is
      preserved in memory dump captured after panic.
Bug: 155940351
Change-Id: I3393bd00f99b8cb432cfa19a105b7d636b411764
(cherry picked from commit be1cf9006a)
2020-05-11 14:50:27 +00:00
Woody Lin
be1cf9006a InitFatalReboot: Trigger panic explicitly for init_fatal_panic
The exit of init panics the system *after* process context (mm, stack,
...etc.) are recycled, according to Linux kernel's 'do_exit'
implementation. To preserve most init process context for debugging,
triggers the panic via proc-sysrq explicitly.

Note: after this change, there will be no "Attempt to kill init" panic
when androidboot.init_fatal_panic is set.

Test: Insert data abort fault in init, the full process context is
      preserved in memory dump captured after panic.
Bug: 155940351
Change-Id: I3393bd00f99b8cb432cfa19a105b7d636b411764
2020-05-09 01:30:32 +08:00
Nikita Ioffe
39d4553fee Add reason why userspace reboot shutdown sequence failed
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 154772075
Merged-In: I7e4674c474189b0185c020e3e066aea5678d7428
Change-Id: I7e4674c474189b0185c020e3e066aea5678d7428
(cherry picked from commit a4e83ad3d7)
2020-05-01 13:27:14 +01:00
Nikita Ioffe
a4e83ad3d7 Add reason why userspace reboot shutdown sequence failed
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 154772075
Change-Id: I7e4674c474189b0185c020e3e066aea5678d7428
2020-04-30 22:37:15 +01:00
Nikita Ioffe
a3be996673 Cleanup logic in KillZramBackingDevice
Since this function is used in userspace reboot, we need to be more
diligent with error handling, e.g.:

* If init fails to read /sys/block/zram0/backing_dev, then fail and
fallback to hard reboot.
* Always call swapoff.
* Always reset zram.
* Tear down loop device only if zram is backed by a loop device.

Test: adb reboot userspace
Bug: 153917129
Change-Id: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
Merged-In: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
(cherry picked from commit a840d405eb)
2020-04-17 12:28:25 +01:00
Nikita Ioffe
a840d405eb Cleanup logic in KillZramBackingDevice
Since this function is used in userspace reboot, we need to be more
diligent with error handling, e.g.:

* If init fails to read /sys/block/zram0/backing_dev, then fail and
fallback to hard reboot.
* Always call swapoff.
* Always reset zram.
* Tear down loop device only if zram is backed by a loop device.

Test: adb reboot userspace
Bug: 153917129
Change-Id: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
2020-04-16 21:37:03 +01:00
Nikita Ioffe
6236af3d0c Fallback to hard reboot if userspace reboot hasn't started in time
Similarly to other recovery mechanisms, timeout is controlled by a
read-only property that can be configured per-device.

Test: adb root
Test: adb shell setprop init.userspace_reboot.started.timeoutmillis 2
Test: adb reboot userspace
Bug: 152803929
Change-Id: Id70710b46da798945ac5422ef7d69265911ea5ef
Merged-In: Id70710b46da798945ac5422ef7d69265911ea5ef
(cherry picked from commit d05535485f)
2020-04-14 00:21:41 +01:00
Nikita Ioffe
d05535485f Fallback to hard reboot if userspace reboot hasn't started in time
Similarly to other recovery mechanisms, timeout is controlled by a
read-only property that can be configured per-device.

Test: adb root
Test: adb shell setprop init.userspace_reboot.started.timeoutmillis 2
Test: adb reboot userspace
Bug: 152803929
Change-Id: Id70710b46da798945ac5422ef7d69265911ea5ef
2020-04-11 01:59:17 +01:00
Tom Cherry
6288212ac3 init: don't sync() before shutting down services
Devices in the lab are hitting an issue where they're getting stuck
likely in the sync() call in DoReboot() before we start the reboot
monitor thread and before we shut down services.

It's possible that concurrent writing to RW file systems is causing
this sync() call to take essentially forever.  To protect against
this, we need to remove this sync().  Note that we will still call
sync() after shutting down services.

Note that the service shutdown code has a timeout and there is a
reboot monitor thread that will shutdown the device if more than 30
seconds pass above that timeout.  This change increases that timeout
to 300 seconds to give the final sync() calls explicitly more time to
finish.

Bug: 150863651
Test: reboot functions normally
Test: put an infinite loop in DoReboot and the the reboot monitor thread
      triggers and shuts down the device appropriately
Merged-In: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
Change-Id: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
(cherry picked from commit 10615eb397)
2020-04-02 12:51:36 -07:00
Tom Cherry
10615eb397 init: don't sync() before shutting down services
Devices in the lab are hitting an issue where they're getting stuck
likely in the sync() call in DoReboot() before we start the reboot
monitor thread and before we shut down services.

It's possible that concurrent writing to RW file systems is causing
this sync() call to take essentially forever.  To protect against
this, we need to remove this sync().  Note that we will still call
sync() after shutting down services.

Note that the service shutdown code has a timeout and there is a
reboot monitor thread that will shutdown the device if more than 30
seconds pass above that timeout.  This change increases that timeout
to 300 seconds to give the final sync() calls explicitly more time to
finish.

Bug: 150863651
Test: reboot functions normally
Test: put an infinite loop in DoReboot and the the reboot monitor thread
      triggers and shuts down the device appropriately
Change-Id: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
2020-03-31 18:59:23 -07:00
Nikita Ioffe
f0ab5b17f6 Use properties for various userspace reboot timeouts
Test: adb reboot userspace
Bug: 146560409
Change-Id: I435e4f93a8769ff7d30cf781e0b48fa3e96121ef
Merged-In: I435e4f93a8769ff7d30cf781e0b48fa3e96121ef
(cherry picked from commit 7b41a1558d)
2020-03-25 21:40:45 +00:00
Nikita Ioffe
7b41a1558d Use properties for various userspace reboot timeouts
Test: adb reboot userspace
Bug: 146560409
Change-Id: I435e4f93a8769ff7d30cf781e0b48fa3e96121ef
2020-03-25 17:46:13 +00:00
Tom Cherry
0c19d6c99f init: handle property messages asynchronously #2
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property.  This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.

This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties

A previous version of this change was reverted and added locks around
all service operations and allowed the property thread to spawn
services directly.  This was complex due to the fact that this code
was not designed to be multi-threaded.  It was reverted due to
apparent issues during reboot.  This change keeps a queue of processes
pending control messages, which it will then handle in the future.  It
is less flexible but safer.

Bug: 146877356
Bug: 148236233
Bug: 150863651
Bug: 151251827
Test: multiple reboot tests, safely restarting hwservicemanager
Merged-In: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
Change-Id: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
(cherry picked from commit 802864c782)
2020-03-16 09:21:18 -07:00
Tom Cherry
0188274148 Revert "init: handle property service callbacks asynchronously"
This is apparently causing problems with reboot.

This reverts commit d2dab830d3.

Bug: 150863651
Test: build
Merged-In: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
Change-Id: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
2020-03-16 09:20:22 -07:00
Tom Cherry
802864c782 init: handle property messages asynchronously #2
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property.  This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.

This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties

A previous version of this change was reverted and added locks around
all service operations and allowed the property thread to spawn
services directly.  This was complex due to the fact that this code
was not designed to be multi-threaded.  It was reverted due to
apparent issues during reboot.  This change keeps a queue of processes
pending control messages, which it will then handle in the future.  It
is less flexible but safer.

Bug: 146877356
Bug: 148236233
Bug: 150863651
Bug: 151251827
Test: multiple reboot tests, safely restarting hwservicemanager
Change-Id: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
2020-03-12 17:15:07 -07:00
Tom Cherry
832f9f1dbd Revert "init: handle property service callbacks asynchronously"
This is apparently causing problems with reboot.

This reverts commit 7205c62933.

Bug: 150863651
Test: build
Change-Id: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
2020-03-10 11:53:11 -07:00