Vendor blobs on ryu mprotect heap pages, causing a single chunk mapping
to appear as multiple mappings. The heap iterator has to expand the
requested range to cover the beginning of the chunk to find the chunk
metadata, which will lead to duplicate identical allocations being
reported from iterating over each of the split mappings. Silently
ignore identical allocations, and only warn on non-identical allocations
that overlap.
Bug: 28269332
Change-Id: Ied2ab9270f65d00a887c7ce1a93fbf0617d69be0
Vendor blobs on ryu mprotect heap pages, causing segfaults when dumping
unreachable memory. Handle segfaults within HeapWalker by mapping a
zero page over any unreadable pages. HeapWalker runs in the forked
process, so the mapping will not affect the original process.
Bug: 28269332
Change-Id: I16245af722123f2ad467cbc6f245a70666c55544
There is a race in ueventd's coldboot procedure that permits creation
of device block nodes before platform devices are registered. This happens
when the kernel sends events for adding block devices during ueventd's
coldboot /sys walk.
In this case the device node links used to compute the SELinux context
are not known and the node is created under the generic context:
u:object_r:block_device:s0.
A second add event for block device nodes is triggered after the platform
devices are handled by ueventd and the SELinux context is correctly computed
but the mknod call fails because the node already exists. This patch handles
this error case and updates the node's security context.
The race is introduced by the uevent sent from the sdcard device probe
function. The issue appears when this uevent is triggered during ueventd's
coldboot procedure but before the /sys/devices recursive walk reached the
corresponding sdcard platform device path.
The backtrace looks something like:
1. ueventd_main()
2. device_init()
3. coldboot("/sys/devices");
4. do_coldboot()
5. handle_device_fd()
6. handle_device_event()
6.1 handle_block_device_event()
6.2 handle_platform_device_event()
Because handle_device_fd() reads all events from the netlink socket it may
handle the add events for the sdcard partition nodes send occasionally by the
kernel during coldboot /sys walk procedure.
If handle_device_event() continues with handle_block_device_event()
before handle_platform_device_event() registers the sdcard platform device then
handle_block_device_event() will create device nodes without knowing all block
device symlinks (get_block_device_symlinks()):
1. handle_device(path=/dev/block/mmcblk0p3, links = NULL)
2. make_device(path=/dev/block/mmcblk0p3, links = NULL)
3. selabel_lookup_best_match(path=/dev/block/mmcblk0p3, links = NULL)
returns the default context (u:object_r:block_device:s0) for
/dev/block/mmcblk0p3 instead of more specific context like:
u:object_r:boot_block_device:s0
4. setfscreatecon(u:object_r:block_device:s0)
5. mknod(/dev/block/mmcblk0p3)
So the node is create with the wrong context. Afterwards the coldboot /sys walk
continues and make_device() will be called with correct path and links.
But even if the secontext is computed correctly this time it will not be
applied to the device node because mknod() fails.
I see this issue randomly appearing (one time in 10 reboots) on a Minnoboard
Turbot with external sdcard as the boot device.
BUG=28388946
Signed-off-by: Mihai Serban <mihai.serban@intel.com>
(cherry picked from commit 24a3cbfa73)
Change-Id: I2d217f1c8d48553eb4a37457dbf27fff54051cf9
We previously relied on the fact that target sdk version 0
implies system_server, which is not true, target sdk version
may be set to 0 for other apps and it means 1 - the earliest
version of android. This change enables namespaces for
apps targeting all sdk version and for system_server.
Bug: http://b/27702070
Change-Id: I16fbdeb6868c7035aec71132c80c150c08ea2cc3
(cherry picked from commit 213676b880)
Problem: For devices using /dev/usb-ffs/adb, Run
`while true; do adb reconnect device; sleep 1; done`. And the
device soon becomes offline. The adbd log shows that calling
adb_read(h->bulk_out) in usb_ffs_read() gets EOVERFLOW error.
Reason: When kicking a transport using usb-ffs, /dev/usb-ffs/adb/ep0
is not closed, and the device will not notify a usb connection reset
to host. So the host will continue to send unfinished packets even
if a new transport is started on device. The unfinished packets may
not have the same size as what is expected on device, so adbd on
device gets EOVERFLOW error. At the worst case, adbd has to create new
transports for each unfinished packet.
Fixes:
The direct fix is to make the usb connection reset when kicking transports,
as in https://android-review.googlesource.com/#/c/211267/1. And I think
we can make following improvements beside that.
1. Close a file that is used in other threads isn't safe. Because the file
descriptor may be reused to open other files, and other threads may operate
on the wrong file. So use dup2(dummy_fd) to replace close() in kick function,
and really close the file descriptor after the read/write threads exit.
2. Open new usb connection after usb_close() instead of after
usb_kick(). After usb_kick(), the transport may still exist and
reader/writer for the transport may be still running. But after
usb_close(), the previous transport is guaranteed to be destroyed.
Bug: 25935458
Change-Id: I1eff99662d1bf1cba66af7e7142f4c0c4d82c01b
(cherry picked from commit 005bf1e05b)
On mac, if the adb server kicks a transport on some error, mac usb driver
will not report a new usb device. So instead of relying on mac usb driver
to report new usb devices, this CL uses a loop to search for usb devices
not exist before. Note that this is also the behavior on windows and linux
host.
`adb reconnect` can be used to verity this CL.
Bug: 25935458
Change-Id: I890e0eb1fae173f2e7a0c962ededa294d821e015
(cherry picked from commit 48d4c0c42a)
This allows inotify requests on FUSE to be alerted when any
other stacked filesystem would trigger an inotify for the
same file.
Bug: 23904372
Change-Id: I4289b38230c314432eaf2c0d20d4ccefc058f59e
Fix broken kick_transport test, and make it not access atransport
internal variables.
Bug: 25935458
Change-Id: I91b4d32a222b2f369f801bbe3903acac9c8ea4f7
(cherry picked from commit 7f27490e7f)
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.
Bug: 28210681
Change-Id: Ie266031910519fa2aa6835644a95c1fc56e24d8d
(cherry pick from commit efe8ecc1d9)
- periodic failures in apct, dropped second serial test
in refresh_cache, trusting check_cache or global.
- The retry loop to see if is_loggable recovers of 1000
was hiding subsequent tests, drop to 10 retries.
- On the whole, the average performance remains the same.
Bug: 25792367
Change-Id: I4110440ef46671d7a1c128689bde623808bed04f
128 maximum FDs is a pretty low limit, which can easily be exhausted by
port forwarding. Bump the maximum up to 2048, and add a test that checks
whether we can actually use a few hundred sockets.
Bug: https://code.google.com/p/android/issues/detail?id=12141
Bug: http://b/28246942
Change-Id: Ia4a2ff776e8e58ec13378756f19d80392679ece9
(cherry picked from commit b31e17107c)
The recent `adb root` changes are incompatible with older versions of
the server. Bump the version number to force the server to restart.
Bug: http://b/28194507
Change-Id: I970806e3b68c1f8e3273a4b1f0ecc4aca5086be9
(cherry picked from commit 057095d207)
Add reconnect command for debugging. `reconnect` kicks a transport
from the host side, `reconnect device` kicks a transport from
the device side. They can be used to produce transport errors.
Bug: 25935458
Change-Id: I47daa338796b561941e7aba44a51a6dd117d1e98
(cherry picked from commit 1f4ec19e49)
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I48c844836f551673d0dbfed6c33bd8ee1e035f40
We create per-user directories under this location, so it should
only be created once by init, similar to all the other user-specific
directories.
Bug: 27896918
Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
As device may not have libbacktrace_offline shared library, simpleperf
no longer rely on it. So there is no reason to keep libbacktrace_offline
shared library.
Bug: 28152982
Change-Id: If8e31b1434646dbbfed60264eb25f034bc5d6946
(cherry picked from commit 51e607056d)
Otherwise, `adb root` while the device is in recovery will hang.
Bug: http://b/28168212
Change-Id: Ibc8038b1745139fb505e466c74c605b9df474c8c
(cherry picked from commit 48a348183f)
Allow waiting for a device in any state.
Bug: http://b/28168212
Change-Id: I1876ecd70089ca88f2da5de4182e13724ec50501
(cherry picked from commit 86441c31fe)
The help for wait-for-* documents this as working, but we only had a
special case for 'wait-for-device'. Make the others work as well.
Bug: http://b/28170823
Change-Id: I57d70f8b9a383947c4f761919bfbd8515a013520
(cherry picked from commit 08881e72f4)
Dumpstate now supports zipped bugreport, whose output is more complete
than the flat-file bugreports provided prior to N. As such, adb now has
a 'adb bugreport <ZIP_FILE>' name whose implementation:
- Calls the new bugreportz binary.
- Parses its output, which in case of success is the path of the .zip
file.
- Pulls the device file and renames it according to the command-line
argument.
BUG: 27653204
Change-Id: I7169fe157c77bbef1684d0cb4e43095d95ddf2b8
