Always create ramdisk/first_stage_ramdisk directory at build time.
Generic boot image always need this directory to work on devices
w/ and w/o a dedicated recovery partition. By default, the ramdisk is
mounted as readonly, unless on x86 platforms. If the ramdisk is mounted as
readonly, the directory cannot be created at runtime.
Note that devices with a dedicated recovery partition will never
switch root into the first_stage_ramdisk directory in first stage init.
Bug: 156098440
Test: manual by disabling init to mkdir first_stage_ramdisk
Change-Id: Ie272f4eedccc0b008fb538c1e0f3985ff70696cf
When a device-mapper table contains a "user" entry, a corresponding
dm-user misc control device is created. The devices are put into a
separate folder by default, which currently confuses ueventd, and we
wind up with paths like:
/dev/dm-user!blah
Special case these devices so they wind up as:
/dev/dm-user/blah
Test: dmctl create blah user 0 100 test-device
/dev/dm-user/test-device exists
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I313db07c3400f14f3ed0ffa20fdac2ac3e34b6d3
This change does the following:
- Create /second_stage_resources empty dir at root.
- At runtime:
- At first stage init:
- mount tmpfs to /second_stage_resources.
- Copy /system/etc/ramdisk/build.prop to
/second_stage_resources/system/etc/ramdisk/build.prop
- At second stage init:
- Load prop from the above path
- umount /second_stage_resources
Test: getprop -Z
Test: getprop
Bug: 169169031
Change-Id: I18b16aa5fd42fa44686c858982a17791b2d43489
This is a re-landing of the original CL, with a few changes:
- The correct device is now returned in MapUpdateSnapshot.
- The old API is used for tests, and the new API is only tested when
used on a VABC device.
- A sync() call has been added to ensure that writes to the base and
target snapshot devices have been fully flushed. This makes
IsPartitionUnchanged detect the MapUpdateSnapshot bug.
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Test: full OTA with update_device.py
Test: incremental OTA with update_device.py
Change-Id: I90364a58902a4406a37cb14a816642c57a72bec2
The ro.build.version.release property was changed from being the
codename or final name of the current release to be the final name
of the most recent release. Use ro.build.version.release_or_codename
to reconstruct the fingerprint to match what the build system does.
Bug: 158483506
Test: adb shell getprop | grep fingerprint
Change-Id: I3bd992b6f06ff90bb6024253339a2654afa069ee
So DSU system don't use a hard-coded metadata key dir.
Bug: 168571434
Test: Install and boot a DSU system.
Change-Id: I096ef46a6f7b2d9fc42882288519fc5b93df1f41
Revert "Link to libsnapshot_cow everywhere libsnapshot is linked."
Revert submission 1433573-vab-libsnapshot-linkage
Reason for revert: b/169981170, update crash for droidfooders.
Reverted Changes:
Ie75bba98c:Link to libsnapshot_cow where libsnapshot is linke...
Ieedfadc55:libsnapshot: Partially implement OpenSnapshotWrite...
I28a5d4a88:Link to libsnapshot_cow everywhere libsnapshot is ...
Exempt-From-Owner-Approval: Revert to unblock dogfood
Change-Id: I0677df77672aca9fd54d94e009ac0be7c88a1a9d
The README.md states that this ordering is not guaranteed to give
flexibility for the future, however it's time to state that this
ordering is guaranteed, especially since:
1) We have a tests, EventTriggerOrder and
EventTriggerOrderMultipleFiles, which have guaranteed this ordering
since 2017.
2) We have users requesting and depending on this order
Also update some slightly out of date parts of the documentation:
1) We import /system/etc/init/hw/init.rc instead of /init.rc as the
first import
2) We additionally import /system_ext/etc/init and /product/etc/init
Test: n/a
Change-Id: I6d7b8d9e52f0d52bee320d5074ebb74a537f9150
Implement OpenSnapshotWriter for non-compressed Virtual A/B. This is
done by adding an OnlineKernelSnapshotWriter class, which forwards all
writes to a dm-snapshot block device.
This also introduces a new ISnapshotWriter class which extends
ICowWriter, and adds features specific to libsnapshot (versus ICowWriter
which is intended only for the new COW format). The OpenSnapshotReader
call has been moved here since the writer retains all the information
needed to create the reader.
To test the new call, vts_libsnapshot_test has been modified to use
OpenSnapshotWriter.
As part of this change, all consumers of libsnapshot must now link to
libsnapshot_cow.
Bug: 168554689
Test: vts_libsnapshot_test
Change-Id: Ieedfadc557833c1e0540922aabc6e95c80266a64
To be consistent with other prebuilt modules within APEXes, the location
for firmware files is switched from /apex/*/firmware to
/apex/*/etc/firmware.
Bug: 167942098
Test: loading vibrator firmware from vibrator apex(sunfish)
Change-Id: Ia05735bf5a54482fded26525fa4a8f795dcfc029
In addition to "firmware_directories", ueventd scans /apex/*/firmware/
directory as well to find firmware files.
Bug: 167942098
Test: loading firmware from vibrator apex successfully.
(sunfish)
Change-Id: I90fc8f9ad843a08b1ca98a2be1b5d22c0c5954a3
"init subcontext" is responsible to handle a few commands in vendor
context. To support Vendor APEX, "init subcontext" is now started in
"default" mount namespace so that those commands can access /apex/*.
For example, insmod should see the contents of /apex to install kernel
modules in apexes.
Bug: 162701747
Test: adb shell ps -ef | grep init
=> check pid of <init subcontext>
adb shell readlink /proc/<pid: init>/ns/mnt
adb shell readlink /proc/<pid: init subcontext>/ns/mnt
=> check if these are equal
Change-Id: Icd5e862e52d78635e83824b267b6d32d8f3e9eea
dev.mnt. properties are primarily intended for tuning parameters for
mounts such as /system and /data but don't have much use for emulated
mounts.
There are additional emulated mounts created for each user on a
device, so if too many users are created, init would otherwise create
too many dev.mnt. properties, filling the property file that backs
these properties, and preventing more properties from being
generated.
Therefore, this change stops init from creating dev.mnt. properties
for emulated mounts.
Bug: 156721033
Test: user creation stress test doesn't create large numbers of
properties
Change-Id: I6475956719b7c938b8289189abfef661140d526d
During boot sequence there can be multiple calls to mount_all. For the
userspace reboot to correctly remount userdata, we need to store the
return code of the one that was responsible in mounting userdata.
Test: adb root
Test: adb shell setprop init.userspace_reboot.is_supported 1
Test: adb reboot userspace
Test: checked dmsg
Bug: 166353152
Change-Id: Id0ae15f3bcf65fa54e4e72b76f64716c053af7fb
Store pertinent information about userspace reboot events in the case
of failure. This information is any services which failed to stop
cleanly, the output of the default fstab and /proc/mounts, and
a list of mounts which failed to unmount. This information is only
stored as necessary (i.e. mount information will not be stored if
everything unmounted, even if some services failed to stop).
Added new /metadata/userspacereboot directory to persist this
information. Information older than 3 days will be deleted.
Test: adb reboot userspace with sigterm/sigkill timeouts set to
very low values
Test: Manual test of storing all other information
Bug: 151820675
Change-Id: I6cfbfae92a7fc6f6c984475cad2c50c559924866
Move responsibility for setting ro.crypto.type into fs_mgr_mount_all,
so that even if setting up the filesystem fails, the type is set
correctly and so errors are appropriately handled.
Bug: 162289984
Test: simulate a failure and check that it's set.
Change-Id: Ib061a454e7e21d7206c3c1fa8e88e16618099581
To support "override" services, we need to scan partitions from least
speicific to most specific.
Bug: 163021585
Test: m
Change-Id: I26a6de4f7fb571c60038e803137a4b1c237792fd
The set of linked binaries was making it difficult to run
the test over a native bridge. Since init won't usually
run over a native bridge, the test can be skipped.
Bug: 161081809, 142324733, 162288553
Test: Arm build of CtsInitTestCases skips rammus-arc-r Chromebook.
Change-Id: Icdd8b03111d0f3fd6658ee6d9a97fca27181db45
(cherry picked from commit 9cecf8422a)
This is correct significant figures/units based on the precision of our
measurements, but it does not reflect our actual certainty re the output
data, since in reality, confidence is diminished by temperature, device,
hardware revision, time of day/month/year, spurious activity, data
connectivity, app install list, inherent randomness of multiprogramming,
sensor activity, user interaction, /data caches, build-by-build
differences, charging state, data fragmentation, race-driven sleeps,
cosmic radiation, factory defects, local magnetic or gravitational field
differences, changes in device momentum, or other known and unknown
causes.
Bug: N/A
Test: run perfboot.py, and output has:
mean: 10801 ms
median: 10801 ms
standard deviation: 18 ms
Change-Id: I796396acc203b29e9a14e4d6dffa58db7b8cd9fb
* changes:
init: Initiate other misc devices from BlockDevInitializer.
Allow snapuserd to be included in the initial ramdisk.
Add experimental daemon for handling dm-user requests.
If the system partition has been updated and _PATH_DEFPATH has a new
value, then we must set $PATH in second stage init to take on the new
value, as well as having set it in first stage init.
Bug: 160210288
Test: build
Change-Id: I18765709dc9bff9379b0ae39272199cf74a79d2f
Presently, within ReadUevent(), true is returned for a successful case
as well as for the case where we read an invalid uevent (overflowed
buffer)where the Uevent object is not cleared, and the caller calls the
callback (with the earlier stored uevent object),leading to duplicate
firmware loading.
Uevent uevent;
while (ReadUevent(&uevent)) {
if (callback(uevent) == ListenerAction::kStop) return;
}
Scenario:
1. Proper Uevent received and callback is called (firmware loading
is triggered).
2. Overflowed uevent is received as part of the same ReadUevent session,
ReadUevent() returns true, but the uevent object is not cleared and
still has earlier event values.
3. Callback is called again, leading to duplicate firmware load.
Handle it by adding explicit return codes to let the caller know if the
uevent read is invalid, and the caller can ignore it and read
further pending uevents.
Bug: 161580785
Change-Id: I09e80052337fd1495b968dc02ecff5ceb683da18
The previous size, 2048, is only the size of the 'environment' for the
uevent message, but doesn't include the <action>@<dev path> portion.
The <action> portion has a max length < 10, but the <dev path> portion
is unbounded.
8192 should be plenty to capture all of these parameters.
Bug: 161580785
Test: ueventd still works
Change-Id: I6de6fd3a444ac91b3b4df154097abde3696e21b3
Load sysprops from /odm_dlkm/etc/build.prop. Note that no
property contexts are loaded from odm_dlkm.
Test: getprop | grep odm_dlkm
Bug: 156020364
Change-Id: I90c3a54a110462736d9888101d4281100d586632
There is documentation for how AIDL works with ctl commands or
interface_start commands, however it seems we were missing documentation
on declaration of interfaces.
Bug: N/A
Test: N/A
Change-Id: I0e5d2350b6b847a870eafbc69828e75f1f6ca4f0
Load sysprops from /vendor_dlkm/build.prop. Note that
no property contexts are loaded from vendor_dlkm.
Test: getprop | grep vendor_dlkm
Bug: 156020364
Change-Id: Ib0e8ba1791e1d2c11d055ef496208993e11d9b0f
This restriction is only added for devices launching with R or later.
Bug: 160663765
Test: this test runs when appropriate
Change-Id: I2353bfa7f598bd19ba57498cc5bbad7a3ed34707
This allows init to easily ensure misc devices other than device-mapper
are present.
Bug: 154536437
Test: manual test
Change-Id: I49495684edee322f9787ce7ab7f79d0e8060171d
Now we have more things e.g. loading kernel modules, initialize
selinux. And before all these, system cannot make further progress. It
should be beneficial to boost this critical peroid in init.
Benchmark on a Pixel device shows this saves 100+ms on early boot
ToT release + This CL (P15538587)
D/BaseBootTest: init_stage_second_START_TIME_avg : 1563.4
D/BaseBootTest: ueventd_Coldboot_avg : 219.0
D/BaseBootTest: action_init_/system/etc/init/hw/init.rc:114_START_TIME_avg : 2103.7
ToT release (6654154)
D/BaseBootTest: init_stage_second_START_TIME_avg : 1639.0
D/BaseBootTest: ueventd_Coldboot_avg : 238.2
D/BaseBootTest: action_init_/system/etc/init/hw/init.rc:114_START_TIME_avg : 2226.0
Bug: 143857500
Bug: 147997403
Bug: 160271169
Bug: 160696502
Test: Boottime
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I21c9e051f4ae3e953d991c031f151b2779702548
build.prop files under system_ext, product, and odm partitions are moved
to the ./etc subdirectory. This is to be in-line with the established
practice of having all configuration files under ./etc subdir.
build.prop doesn't need to be an exception.
However, system/build.prop and vendor/build.prop were not moved because
there are a lot of apps and tools that depend on the path.
Bug: 158735147
Test: device has build.prop under ./etc and is bootable
Change-Id: I26300574c23c78cc4e5bc20f98fc9702838465e1
If a device doesn't support unflattened APEXes, init activates flattened
APEXes instead of apexd.
Because apexd dumps apex-info-list.xml after it activates all APEXes,
init should do the same thing.
Bug: 159585065
Test: lunch aosp_cf_x86_phone_noapex & m & boot
adb more /apex/apex-info-list.xml
adb shell ls -lZ /apex/apex-info-list.xml
-> -rw-rw-rw- 1 root root u:object_r:apex_info_file:s0 ..
Change-Id: I74a4d0ee363761564225097c5949e5ce335ac6dc
AMBA specification from Arm is a freely available open
standard for the connection and management of functional
blocks in a system-on-chip.
AMBA devices create a device kernel object in /sys/devices/platform
and a kernel object of the bus for the respective device in
/sys/bus/amba. For e.g. for pl180 mmc:
device: /sys/devices/platform/1c050000.mmci
bus: /sys/bus/amba/devices/1c050000.mmci
In first stage init, android creates a symlink from /sys/devices/platform/...
to /dev/block/platform/... for all partitions and then to
/dev/block/by-name for the boot_device used. However this is only done
for devices that "attach" to bus/platform. This patch adds support for
platform devices that attach to bus/amba.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I9da7456407c4f62335c959502d8b2d16026fddfc
Having mounted apexes with loop back devices backing files on /data
partition will prevent clean unmount of it. Unmounting them and tearing
down loop devices should minimize the risk of that.
Note that it won't fix the issue completely, as there are a few (~2-3)
processes that keep restarting even after SIGKILL is sent. Which means
that they can still hold references to apexes on /data partition. But
in practice probability of this is quite low.
Test: adb reboot
Test: put tzdata apex in /data/apex/active && adb reboot
Bug: 158152940
Change-Id: I4624567b3d0f304dba4c6e37b77abd89e57411de
Regardless of whether a system property is "ro." or not, it can be
overridden by build.prop from the more specific partition. i.e.
foo.bar=true in system/build.prop can be overridden by
foo.bar=false in vendor/build.prop. However, the warning message
was referring the overridden property as "ro." causing confusion
when reading the log. Fix it by not mentioning "ro.".
Bug: 117892318
Test: N/A
Change-Id: I13014522d0c6b507b30c8754e2087fd71cc39971
Init starts ueventd in the default mount namespace to support loading
firmware from APEXes.
Bug: 155023652
Test: devices boots
adb$ nsenter -t (pid of ueventd) -m ls /apex
=> shows all APEXes
Change-Id: Ibb8b33a07eb014752275e3bca4541b8b694dc64b
While mount_all and umount_all were updated to use ro.boot.fstab_suffix,
I neglected to update swapon_all. Trivially copied from umount_all.
Bug: 142424832
Change-Id: Icd706fe7a1fe16c687cd2811b0a3158d7d2e224e
Merged-In: Icd706fe7a1fe16c687cd2811b0a3158d7d2e224e
While mount_all and umount_all were updated to use ro.boot.fstab_suffix,
I neglected to update swapon_all. Trivially copied from umount_all.
Bug: 142424832
Change-Id: Icd706fe7a1fe16c687cd2811b0a3158d7d2e224e
The mount_all and swapon_all commands are documented, but umount_all
is not. Add some documentation.
Bug: 142424832
Change-Id: I7e4dcb4d222b787350a79c9e312062cac9eeb4d8
The mount_all and swapon_all commands are documented, but umount_all
is not. Add some documentation.
Bug: 142424832
Change-Id: I7e4dcb4d222b787350a79c9e312062cac9eeb4d8
Kernel modules may be located within directories in /lib/modules.
Attempt to load kernel modules from each directory that has a name starting with
the major and minor version of the currently running kernel. If a single
kernel module is successfully loaded from a directory, that directory is
treated as the correct kernel module directory for the system. No other
kernel module directories are searched and any kernel module load errors
in that directory are fatal. If the attempt to load the first kernel
module from a directory fails, or if there are no kernel modules in a
directory, then the search proceeds to the next directory.
If no kernel module is successfully loaded from any directory as above,
an attempt is made to load kernel modules from the top level at
/lib/modules/.
Bug: 157645635
Change-Id: I92eadd8617f03a645da460ccb776bc04fa541f00
Merged-In: I92eadd8617f03a645da460ccb776bc04fa541f00
Kernel modules may be located within directories in /lib/modules.
Attempt to load kernel modules from each directory that has a name starting with
the major and minor version of the currently running kernel. If a single
kernel module is successfully loaded from a directory, that directory is
treated as the correct kernel module directory for the system. No other
kernel module directories are searched and any kernel module load errors
in that directory are fatal. If the attempt to load the first kernel
module from a directory fails, or if there are no kernel modules in a
directory, then the search proceeds to the next directory.
If no kernel module is successfully loaded from any directory as above,
an attempt is made to load kernel modules from the top level at
/lib/modules/.
Bug: 157645635
Change-Id: I92eadd8617f03a645da460ccb776bc04fa541f00
To ensure we can shutdown cleanly, and don't hang an outstanding
requests to a FUSE host daemon that has already exited.
Bug: 153411204
Test: inspect logs during shutdown
Change-Id: I8e6479bd54dbc1fc85b087617aa6b16be9f15a3b
Currently the ReadDefaultFstab function, which calls GetFstabPath,
makes some assumptions about what the fstab will be called and where
it is located. This is being used by vold to set up userdata encryption
and for gsid, and is even used in the default boot control HAL, so it
has become quite baked.
The original way for a board to specify things to mount was to use the
"mount_all /path/to/fstab" command in init.rc. However, due to the
above functionality, the path after mount_all is no longer very useful,
as it cannot differ from the inferred path, or userdata encryption and
other features will be broken.
On Cuttlefish, we have an interest in being able to test alternative
userdata configurations (ext4 vs f2fs, encryption on/off, etc.) and
currently the only way to achieve this is to either a) modify the
ro.hardware or ro.hardware.platform properties, which breaks a bunch
of things like default HAL filenames, or regenerate our odm.img or
vendor.img filesystems. We can't simply install another fstab and
point to it with "mount_all".
This change allows the fstab path to be omitted from "mount_all", and
adds another property which overrides the existing checks for
fstab.${ro.hardware} and fstab.${ro.hardware.platform}. Specifying
${ro.boot.fstab_suffix} will cause fstab.${ro.boot.fstab_suffix}
to be checked first.
Bug: 142424832
Test: booted cuttlefish with 'mount_all ${ro.hardware} --late'
Test: booted cuttlefish with 'mount_all --late'
Test: booted cuttlefish with 'mount_all --late' and fstab_suffix=f2fs
Test: partially booted cuttlefish with 'mount_all ${ro.hardware}'
Test: partially booted cuttlefish with 'mount_all'
Change-Id: I3e10f66aecfcd48bdb9ebf1d304b7aae745cbd3c
Merged-In: I3e10f66aecfcd48bdb9ebf1d304b7aae745cbd3c
Currently the ReadDefaultFstab function, which calls GetFstabPath,
makes some assumptions about what the fstab will be called and where
it is located. This is being used by vold to set up userdata encryption
and for gsid, and is even used in the default boot control HAL, so it
has become quite baked.
The original way for a board to specify things to mount was to use the
"mount_all /path/to/fstab" command in init.rc. However, due to the
above functionality, the path after mount_all is no longer very useful,
as it cannot differ from the inferred path, or userdata encryption and
other features will be broken.
On Cuttlefish, we have an interest in being able to test alternative
userdata configurations (ext4 vs f2fs, encryption on/off, etc.) and
currently the only way to achieve this is to either a) modify the
ro.hardware or ro.hardware.platform properties, which breaks a bunch
of things like default HAL filenames, or regenerate our odm.img or
vendor.img filesystems. We can't simply install another fstab and
point to it with "mount_all".
This change allows the fstab path to be omitted from "mount_all", and
adds another property which overrides the existing checks for
fstab.${ro.hardware} and fstab.${ro.hardware.platform}. Specifying
${ro.boot.fstab_suffix} will cause fstab.${ro.boot.fstab_suffix}
to be checked first.
Bug: 142424832
Test: booted cuttlefish with 'mount_all ${ro.hardware} --late'
Test: booted cuttlefish with 'mount_all --late'
Test: booted cuttlefish with 'mount_all --late' and fstab_suffix=f2fs
Test: partially booted cuttlefish with 'mount_all ${ro.hardware}'
Test: partially booted cuttlefish with 'mount_all'
Change-Id: I3e10f66aecfcd48bdb9ebf1d304b7aae745cbd3c
A one second timeout is so coarse and can affect boot time when
the possibility that the file does not exist. Switch to accepting
a floating point number for seconds for the wait for file command.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: wait_for_file sleep 0.05 reports an appropriate delay
Change-Id: I8d8ed386519ab54270b05ce91663d0add30f12e7
A one second timeout is so coarse and can affect boot time when
the possibility that the file does not exist. Switch to accepting
a floating point number for seconds for the wait for file command.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: wait_for_file sleep 0.05 reports an appropriate delay
Change-Id: I8d8ed386519ab54270b05ce91663d0add30f12e7
See details in comment inside. This is to increase stability of the
device. There are some thing we might not detect (yet) but which cause
the test to fail.
Bug: 156380383
Test: run on walleye
Change-Id: Ic0189af7e818916665a2b709d440c517a04c587f
With GKI we find in certain situations the timing of the drivers
loading is delayed as compared to a monolithic kernel. This
introduces a race where during second stage init, the attributes
inside /sys/class/udc/ might not be set by the time
SetUsbController() is called.
To address this, we also call SetUsbController() until the property
sys.usb.controller is set at the bottom of the event loop.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: make sure user space fastbootd comes up reliably for a GKI kernel
Change-Id: Iececd8ffa3e6641554d215d622d8dab72d85d34d
The file is removed. init no longer needs to read it.
Bug: 117892318
Test: TH passes on non-Treble devices.
Change-Id: Idc4127bad66db24c7033b47c41b9eb85a5e0a5cd
Contents that were in /system/etc/prop.default are now in
/system/build.prop.
The content is placed at the top of build.prop to keep the existing
order between the two files.
Caveat #1: /prop.default still remains for non-Treble devices.
Caveat #2: ReadFileSymbolicLink test was changed to read /system/bin/ps
because /prop.default is no longer guaranteed to exist.
Bug: 117892318
Test: TH passes
Test: inspect /system/build.prop and check if it has contents from
the old /system/etc/prop.default file
Change-Id: I0d3f96c1656dfe02bfa0e801680f7fa887afd1d9
It is merged to /vendor/build.prop. However, for backwards
compatibility, the old file is read on devices running R or earlier.
Bug: 117892318
Test: TH passes
Test: inspect /vendor/build.prop and check if it has contents from
the old /vendor/default.prop file
Change-Id: I994cc85fc0765bc9233e9799bcb670a23180f068
With GKI we find in certain situations the timing of the drivers
loading is delayed as compared to a monolithic kernel. This
introduces a race where during second stage init, the attributes
inside /sys/class/udc/ might not be set by the time
SetUsbController() is called.
To address this, we also call SetUsbController() until the property
sys.usb.controller is set at the bottom of the event loop.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: make sure user space fastbootd comes up reliably for a GKI kernel
Change-Id: Iececd8ffa3e6641554d215d622d8dab72d85d34d
The exit of init panics the system *after* process context (mm, stack,
...etc.) are recycled, according to Linux kernel's 'do_exit'
implementation. To preserve most init process context for debugging,
triggers the panic via proc-sysrq explicitly.
Note: after this change, there will be no "Attempt to kill init" panic
when androidboot.init_fatal_panic is set.
Test: Insert data abort fault in init, the full process context is
preserved in memory dump captured after panic.
Bug: 155940351
Change-Id: I3393bd00f99b8cb432cfa19a105b7d636b411764
(cherry picked from commit be1cf9006a)
The exit of init panics the system *after* process context (mm, stack,
...etc.) are recycled, according to Linux kernel's 'do_exit'
implementation. To preserve most init process context for debugging,
triggers the panic via proc-sysrq explicitly.
Note: after this change, there will be no "Attempt to kill init" panic
when androidboot.init_fatal_panic is set.
Test: Insert data abort fault in init, the full process context is
preserved in memory dump captured after panic.
Bug: 155940351
Change-Id: I3393bd00f99b8cb432cfa19a105b7d636b411764
Extend androidboot.first_stage_console cmdline property to enable
skipping module load failures without stopping at a serial console. This
is useful for GKI development.
Set androidboot.first_stage_console=2 for this behavior.
Bug: 155296582
Test: verify behavior for values 0, 1, and 2
Merged-In: I068c631a22c848e45a421b297b1acae1b3deb3c1
Change-Id: I068c631a22c848e45a421b297b1acae1b3deb3c1
(cherry picked from commit 6c5f82642b)
Extend androidboot.first_stage_console cmdline property to enable
skipping module load failures without stopping at a serial console. This
is useful for GKI development.
Set androidboot.first_stage_console=2 for this behavior.
Bug: 155296582
Test: verify behavior for values 0, 1, and 2
Change-Id: I068c631a22c848e45a421b297b1acae1b3deb3c1
Introduce new command to allow setting task profiles from inside .rc
script. This is to replace usage of writepid when a service is trying
to join a cgroup. Usage example from a .rc file:
service surfaceflinger /system/bin/surfaceflinger
task_profiles HighPerformance
Bug: 155419956
Test: change .rc file and confirm task profile is applied
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I0add9c3b363a7cb1ea89778780896cae1c8a303c
Merged-In: I0add9c3b363a7cb1ea89778780896cae1c8a303c
Introduce new command to allow setting task profiles from inside .rc
script. This is to replace usage of writepid when a service is trying
to join a cgroup. Usage example from a .rc file:
service surfaceflinger /system/bin/surfaceflinger
task_profiles HighPerformance
Bug: 155419956
Test: change .rc file and confirm task profile is applied
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I0add9c3b363a7cb1ea89778780896cae1c8a303c
There are devices stuck waiting for vendor_init to finish a command,
without giving much more information. Instead of setting aside the
last run command, it's more valuable to store and dump the last 30
logs seen.
Bug: 155203339
Test: these logs appear during hung reboots
Test: normal reboots have no difference.
Change-Id: I99cae248eb81eaf34ef66b910fa653a9fa135f68
When the subcontext code was redone to allow only one subcontext
(vendor_init), the code for restarting it and for terminating it
during shutdown was not updated, resulting in it not working.
Bug: 155203339
Test: kill subcontext init and notice it restart
Test: subcontext init stops during shutdown
Merged-In: Ib77f59d1e7be0ffcfd3f31c8450dc022c20bb322
Change-Id: Ib77f59d1e7be0ffcfd3f31c8450dc022c20bb322
(cherry picked from commit e3e77d382f)
When the subcontext code was redone to allow only one subcontext
(vendor_init), the code for restarting it and for terminating it
during shutdown was not updated, resulting in it not working.
Bug: 155203339
Test: kill subcontext init and notice it restart
Test: subcontext init stops during shutdown
Change-Id: Ib77f59d1e7be0ffcfd3f31c8450dc022c20bb322
Bug: 153540919
Test: Able to boot without errors
Change-Id: If206e5e3d76a7919b7468bc2d9666b3aff296b3b
Merged-In: If206e5e3d76a7919b7468bc2d9666b3aff296b3b
Since this function is used in userspace reboot, we need to be more
diligent with error handling, e.g.:
* If init fails to read /sys/block/zram0/backing_dev, then fail and
fallback to hard reboot.
* Always call swapoff.
* Always reset zram.
* Tear down loop device only if zram is backed by a loop device.
Test: adb reboot userspace
Bug: 153917129
Change-Id: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
Merged-In: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
(cherry picked from commit a840d405eb)
Since this function is used in userspace reboot, we need to be more
diligent with error handling, e.g.:
* If init fails to read /sys/block/zram0/backing_dev, then fail and
fallback to hard reboot.
* Always call swapoff.
* Always reset zram.
* Tear down loop device only if zram is backed by a loop device.
Test: adb reboot userspace
Bug: 153917129
Change-Id: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
libsnapshot* uses update_metadata-protos. This
used to be optimized out, but now that SnapshotManager is
virtual, CreateUpdateSnapshots can no longer be optimized out.
Bug: 148956645
Test: compiles
Change-Id: Ib67cafd156308bf5a477996ec32eb786f8e896db
If the first stage console is being used, attempt to run /first_stage.sh
immediately before the console is created.
Bug: 154126020
Change-Id: I8b7431e7b8219afea295b120d7ea91751804bda6
Merged-In: I8b7431e7b8219afea295b120d7ea91751804bda6
If the first stage console is being used, attempt to run /first_stage.sh
immediately before the console is created.
Bug: 154126020
Change-Id: I8b7431e7b8219afea295b120d7ea91751804bda6
tl,dr;
Increase the attempts to 50 to reduce the chances of failing
to load the serial console. This will only happen if the cmdline
parameter "androidboot.first_stage_console=1" is enabled.
Details:
10 attempts only amounts to about 1 second of trying to open the serial
console. I tested booting an ACK GKI image 5x with 20 vendor modules and
found the serial console loaded on attempt 17 for all five boot
tests.
Bug: 153354917
Test: boot ACK image 5x and verify serial console comes up
Change-Id: I161a4176b2c6cf7b0bc1eefe072ff38b894add5d
Merged-In: I161a4176b2c6cf7b0bc1eefe072ff38b894add5d
Some of the test cases in CtsInitTestCases and CtsFsMgrTestCases require
root. This CL makes it possible to run such tests cases on userdebug
builds, which in turn means that they will be run on presubmit.
New option was implemented in
https://android-review.googlesource.com/c/platform/tools/tradefederation/+/1283834
Test: atest CtsInitTestCases
Test: atest CtsFsMgrTestCases
Change-Id: I3d29789ddd7ac549e40ac193c58d986670c49285
Similarly to other recovery mechanisms, timeout is controlled by a
read-only property that can be configured per-device.
Test: adb root
Test: adb shell setprop init.userspace_reboot.started.timeoutmillis 2
Test: adb reboot userspace
Bug: 152803929
Change-Id: Id70710b46da798945ac5422ef7d69265911ea5ef
Merged-In: Id70710b46da798945ac5422ef7d69265911ea5ef
(cherry picked from commit d05535485f)
Similarly to other recovery mechanisms, timeout is controlled by a
read-only property that can be configured per-device.
Test: adb root
Test: adb shell setprop init.userspace_reboot.started.timeoutmillis 2
Test: adb reboot userspace
Bug: 152803929
Change-Id: Id70710b46da798945ac5422ef7d69265911ea5ef
1) There's no reason or way to support boot_clock for waiting for
property changes, since the underlying futex_wait uses
CLOCK_MONOTONIC. We probably wouldn't want boot_clock even if it
did, since it doesn't make sense to consider the time a device was
suspending in the timeout for waiting for a property to change.
2) The init tokenizer has been essentially unchanged for a decade,
there's no motivation to 'fix' it to not require a trailing
newline.
3) The ueventd TODO regarding moving vendor specific ueventd.rc
entries out of rootdir has been fixed.
Test: n/a
Change-Id: I3b68e3d2f25cbd539f9f8ff526669b8af04d833d
Structured bindings with templated containers work now, so no need for
the workaround or TODO.
Test: init unit tests
Change-Id: I6a286de9859d8a97df480a7ac2862a3a10bd9fb3
There was an email thread about this recently, and I've been asked many
times.
For instance, if this error wasn't attributed, denials a service is
hitting would be attributed to init, and that's a recipe for disaster.
Secondarily, thinking about SELinux whenever you write a new service is
good.
Bug: N/A
Test: N/A
Change-Id: Ib9d2c5d8947375a0d4c33ecf3d075caef6b41f70
This test is killing critical device services, and if it runs
repeatedly or some of the critical services have already died, it'll
force the device to reboot again and potentially consider the test a
failure.
This forces the test to reboot first, so that it is in a fresh state and
we can avoid this type of flake on the device.
Bug: 153444614
Test: atest init_kill_services_test
Change-Id: Ia81a319af1d209f58e70f824bb8eb7f11973637c
In recovery mode, load modules from modules.load.recovery if it
exists. Otherwise load from modules.load as usual.
Bug: 150825361
Change-Id: I7636bb5958ed10ae9a66015f04f168129618272f
Merged-In: I7636bb5958ed10ae9a66015f04f168129618272f
The tests are only needed in vts10 suite, as they are part of CTS
package and no longer needed in vts 11.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL removes vts10 tests from vts suite.
It won't change test logic or behavior.
Change-Id: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
Merged-In: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
tl,dr;
Increase the attempts to 50 to reduce the chances of failing
to load the serial console. This will only happen if the cmdline
parameter "androidboot.first_stage_console=1" is enabled.
Details:
10 attempts only amounts to about 1 second of trying to open the serial
console. I tested booting an ACK GKI image 5x with 20 vendor modules and
found the serial console loaded on attempt 17 for all five boot
tests.
Bug: 153354917
Test: boot ACK image 5x and verify serial console comes up
Change-Id: I161a4176b2c6cf7b0bc1eefe072ff38b894add5d
In recovery mode, load modules from modules.load.recovery if it
exists. Otherwise load from modules.load as usual.
Change-Id: I7636bb5958ed10ae9a66015f04f168129618272f
Devices in the lab are hitting an issue where they're getting stuck
likely in the sync() call in DoReboot() before we start the reboot
monitor thread and before we shut down services.
It's possible that concurrent writing to RW file systems is causing
this sync() call to take essentially forever. To protect against
this, we need to remove this sync(). Note that we will still call
sync() after shutting down services.
Note that the service shutdown code has a timeout and there is a
reboot monitor thread that will shutdown the device if more than 30
seconds pass above that timeout. This change increases that timeout
to 300 seconds to give the final sync() calls explicitly more time to
finish.
Bug: 150863651
Test: reboot functions normally
Test: put an infinite loop in DoReboot and the the reboot monitor thread
triggers and shuts down the device appropriately
Merged-In: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
Change-Id: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
(cherry picked from commit 10615eb397)
Previously, after `adb reboot userspace` is called on a device that
doesn't suppor it, init would've logged an error and quietly exit the
shutdown sequence. This was leaving adb handing forever.
With this approach, init will fail setprop
"sys.powerctl=reboot,userspace" in case userspace reboot is not
supported.
Test: adb root
Test: adb setprop init.userspace_reboot.is_supported 0
Test: adb reboot userspace
Test: atest CtsInitTestCases
Bug: 146639622
Change-Id: I1264078f53ed3ff54638c7f3b6846b7437f98ee5
Merged-In: I1264078f53ed3ff54638c7f3b6846b7437f98ee5
(cherry picked from commit 92116e4129)
General recommendation is to avoid read-only properties, and instead control
"read-onlines" by only allowing init/vendor_init to set the property.
Since ro.init.userspace_reboot.is_supported was added in this release, and
nobody outside of the platform is querying it directly, it should be fine to
simply rename it.
Test: adb shell getprop init.userspace_reboot.is_supported
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 152803929
Change-Id: I7552d5ccc6e9b750a6081947eef8fcb027be13e1
Merged-In: I7552d5ccc6e9b750a6081947eef8fcb027be13e1
(cherry picked from commit 663cd35030)
Previously, after `adb reboot userspace` is called on a device that
doesn't suppor it, init would've logged an error and quietly exit the
shutdown sequence. This was leaving adb handing forever.
With this approach, init will fail setprop
"sys.powerctl=reboot,userspace" in case userspace reboot is not
supported.
Test: adb root
Test: adb setprop init.userspace_reboot.is_supported 0
Test: adb reboot userspace
Test: atest CtsInitTestCases
Bug: 146639622
Change-Id: I1264078f53ed3ff54638c7f3b6846b7437f98ee5
Devices in the lab are hitting an issue where they're getting stuck
likely in the sync() call in DoReboot() before we start the reboot
monitor thread and before we shut down services.
It's possible that concurrent writing to RW file systems is causing
this sync() call to take essentially forever. To protect against
this, we need to remove this sync(). Note that we will still call
sync() after shutting down services.
Note that the service shutdown code has a timeout and there is a
reboot monitor thread that will shutdown the device if more than 30
seconds pass above that timeout. This change increases that timeout
to 300 seconds to give the final sync() calls explicitly more time to
finish.
Bug: 150863651
Test: reboot functions normally
Test: put an infinite loop in DoReboot and the the reboot monitor thread
triggers and shuts down the device appropriately
Change-Id: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
Userspace reboot resets sys.powerctl to an empty string once it
starts, which was inadvertently triggering the backtrace of the main
init thread.
Test: no more unexpected backtraces
Change-Id: I35d6f1b37aa31a46ae9266647f41a709f28b6099
Bug: 152630580
Bug: 152637928
Bug: 152662041
Bug: 152662652
Test: this test is skipped when run as non-root
Merged-In: I7118025cc20081a200000bf484a08c9ed0b0d3ec
Change-Id: I7118025cc20081a200000bf484a08c9ed0b0d3ec
(cherry picked from commit 14f4afd2f2)
General recommendation is to avoid read-only properties, and instead control
"read-onlines" by only allowing init/vendor_init to set the property.
Since ro.init.userspace_reboot.is_supported was added in this release, and
nobody outside of the platform is querying it directly, it should be fine to
simply rename it.
Test: adb shell getprop init.userspace_reboot.is_supported
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 152803929
Change-Id: I7552d5ccc6e9b750a6081947eef8fcb027be13e1
This reverts commit d30c51157e.
This test wasn't flaky, it was failing when not run as root, but that
has been fixed.
Bug: 152630580
Bug: 152637928
Test: this test is okay now
Change-Id: I3b20be2839dae90ffc6a8eeea68f36e532060af1
Bug: 152630580
Bug: 152637928
Bug: 152662041
Bug: 152662652
Test: this test is skipped when run as non-root
Change-Id: I7118025cc20081a200000bf484a08c9ed0b0d3ec
We already stop queue'ing new control messages, but we forgot to stop
handling those control messages that are already queued. This CL
fixes that.
Bug: 150863651
Test: CF reboots appropriately
Merged-In: Ifea07a30b868de23eb735db10d8bae410e1b98bb
Change-Id: Ifea07a30b868de23eb735db10d8bae410e1b98bb
(cherry picked from commit 22d6348845)
A typo made this function a no-op.
Bug: 150863651
Test: CF responds to messages appropriately
Merged-In: Iaae0264fae3f2b899ceb5ba0364a4773df1f7ca3
Change-Id: Iaae0264fae3f2b899ceb5ba0364a4773df1f7ca3
(cherry picked from commit 68855276a1)
Bug: 150863651
Test: add delays during critical parts of shutdown and see the
expected debug information
Change-Id: Ida586903fd3eefc32ca9ee34ea2db037896ed9f4
We already stop queue'ing new control messages, but we forgot to stop
handling those control messages that are already queued. This CL
fixes that.
Bug: 150863651
Test: CF reboots appropriately
Change-Id: Ifea07a30b868de23eb735db10d8bae410e1b98bb
Apparently relying on bootanim to restart or not is too flaky.
Bug: 152630580
Bug: 152637928
Test: this test no longer runs
Change-Id: If61b31bad276560a9f0db9811724bbc9efc51d28
The tests are only needed in vts10 suite.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL removes vts10 tests from vts suite.
It won't change test logic or behavior.
Change-Id: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
This will make it possible to re-use in second-stage init.
Bug: 150315914
Test: first-stage init boots
Change-Id: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Merged-In: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Rather than special-casing super in the uevent listener, call Realpath()
after we've generated its symlink. This allows us to generalize the
uevent listener code.
Also, rename "metadata partition" to "super partition" in a few places,
as this terminology is a bit dated.
Bug: 150315914
Test: first-stage init boots
Change-Id: I2bf3bebf3360f097582df7fba95f3c1753feb2e2
Merged-In: I2bf3bebf3360f097582df7fba95f3c1753feb2e2
Particularly in the case of the device failing to reboot. Some test
devices are showing that they've received the reboot message but
without rebooting.
Bug: 150863651
Test: prevent init from handling reboot and see a stacktrace
Test: reboot works normally
Change-Id: Ide001dadbb9e9cd235ea509066e6ae6664bb429b
- Create a static library libunwindstack_no_dex without DEX support.
- Use it in libdebuggerd_handler_fallback, whose only use is in the
linker, which shouldn't need that support.
- Use it in init_first_stage, which doesn't need DEX support either.
- Also need a libbacktrace_no_dex since it's in the dependency chain
from init_first_stage to libunwindstack_no_dex.
Also restrict the *_no_dex libs and libdebuggerd_handler_fallback as
much as possible to avoid inadvertent use of these reduced
functionality libs.
Test: m init_first_stage on Cuttlefish
where BOARD_BUILD_SYSTEM_ROOT_IMAGE=false
Test: m system_image com.android.runtime
Test: Build & boot
Test: atest linker-unit-tests libunwindstack_unit_test debuggerd_test
Bug: 142944931
Bug: 151466650
Change-Id: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
Merged-In: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
This is to prepare renaming vts to vts10.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL adds all tests in vts to a new
suite vts10. vts10 will be the new name of existing vts suite. This CL
won't change test logic or behavior.
Change-Id: I3c7ccef142de30f02a59046cecba121480f6e436
This will make it possible to re-use in second-stage init.
Bug: 150315914
Test: first-stage init boots
Change-Id: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Some services are lazy HALs on some platforms and not lazy HALs on
others; this is known at runtime by hwservicemanager, so this change
adds these properties to allow hwservicemanager to turn one oneshot
(for lazy HALs). It may also be required to make a lazy HAL not lazy
anymore, and oneshot_off is provided for this.
Bug: 147841742
Test: new unit test that turn on and off oneshot on a service (bootanim)
and observes that it follows the expected behavior
Merged-In: I79524e2c9a5008f90c8d3bc40920fde00602a439
Change-Id: I79524e2c9a5008f90c8d3bc40920fde00602a439
(cherry picked from commit bdbf5047c9)
Rather than special-casing super in the uevent listener, call Realpath()
after we've generated its symlink. This allows us to generalize the
uevent listener code.
Also, rename "metadata partition" to "super partition" in a few places,
as this terminology is a bit dated.
Bug: 150315914
Test: first-stage init boots
Change-Id: I2bf3bebf3360f097582df7fba95f3c1753feb2e2
- Create a static library libunwindstack_no_dex without DEX support.
- Use it in libdebuggerd_handler_fallback, whose only use is in the
linker, which shouldn't need that support.
- Use it in init_first_stage, which doesn't need DEX support either.
- Also need a libbacktrace_no_dex since it's in the dependency chain
from init_first_stage to libunwindstack_no_dex.
Also restrict the *_no_dex libs and libdebuggerd_handler_fallback as
much as possible to avoid inadvertent use of these reduced
functionality libs.
Test: m init_first_stage on Cuttlefish
where BOARD_BUILD_SYSTEM_ROOT_IMAGE=false
Test: m system_image com.android.runtime
Test: Build & boot
Test: atest linker-unit-tests libunwindstack_unit_test debuggerd_test
Bug: 142944931
Bug: 151466650
Change-Id: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
Some services are lazy HALs on some platforms and not lazy HALs on
others; this is known at runtime by hwservicemanager, so this change
adds these properties to allow hwservicemanager to turn one oneshot
(for lazy HALs). It may also be required to make a lazy HAL not lazy
anymore, and oneshot_off is provided for this.
Bug: 147841742
Test: new unit test that turn on and off oneshot on a service (bootanim)
and observes that it follows the expected behavior
Change-Id: I79524e2c9a5008f90c8d3bc40920fde00602a439
We want to ignore SIGPIPE within init, but if we use SIG_IGN, that
would be inherited by child processes through exec(), which we do not
want to have happen. We instead set up a real signal handler with a
no-op handler function, that will ignore SIGPIPE within init, but will
not be inherited across exec().
This fixes c29c2baa69 ("init: Add support for native service
registration with lmkd"), when SIG_IGN was introduced.
Note that we caught this issue before shipping a release with that
change, so the major motivation here is to not cause a behavior change
in init.
Bug: 151581751
Test: children of init that don't explicitly block SIGPIPE exit when
sent SIGPIPE
Test: children of init that do explicitly block SIGPIPE do not exit
when sent SIGPIPE
Test: init does not exit when sent SIGPIPE
Test: init exits when sent SIGABRT
Merged-In: Ieda8555fd03836bcd672a422fe673a8369ad9beb
Change-Id: Ieda8555fd03836bcd672a422fe673a8369ad9beb
(cherry picked from commit fd470e87cc)
