The max_processes calculation is incorrect for KillProcessGroup because
the set of processes in cgroup.procs can differ between the multiple
reads in the implementation. Luckily the exact value isn't very
important because it's just logged. Remove max_processes from the API
and remove the warning about the new behavior in Android 11.
Note that we still always LOG(INFO) that any cgroup is being killed.
Bug: 301871933
Change-Id: I8e449f5089d4a48dbc1797b6d979539e87026f43
Instead of having the user to retry the `remount` command until success
(manual poll). Just block the remount command until checkpoint is
complete, and then continue.
Bug: 252989722
Test: adb remount on a cold device, remount command would block for a
few dozens of seconds and then continue.
Test: adb remount on a warm device, remount command would process
immediately. Do not show "force end checkpointing" instructions.
Change-Id: I65f3a5ade4c9538a55892345c75b45ac3a1755fd
When aborting from fs_mgr_overlayfs_mount, we should remove any temp dir
we created under /dev before aborting the program.
Bug: 306124139
Test: adb-remount-test
Change-Id: I6debf84935e39d884f2f5b3e9720fdfd4332465c
The move mount motions logic are built on top of heuristics and allow
non-fatal failures.
If the overlay was setup and mounted without reboot (this could happen
if AVB is disabled), the mount state (especially the MS_SHARED and
MS_PRIVATE flags) can still get skewed somehow, due to unforeseen errors
or resource race.
It is always advised to reboot after initial overlay setup, as the
overlay mount logic is less likely to require moving submounts when
executed by `init`, this provides the greatest chance of success.
Below is an example of the expected outcome of remounting submounts:
[precondition]
* AVB is already disabled, so overlay is setup and mounted w/o reboot
* No existing overlay; is initial overlay setup
0. /proc/self/mountinfo would contain something like:
<id> <parent id> <mountpoint> <shared/private> <filesystem>
2 1 /product shared:2 erofs
3 2 /product/app shared:3 erofs
1. adb remount /product/app
(note how the mount flag of <3> changes to private so <30> can be
MS_MOVE later)
2 1 /product shared:2 erofs
3 2 /product/app private erofs
30 3 /product/app shared:30 overlay
2. adb remount /product
(note how the parent of <30> changes to <40> as the result of MS_MOVE)
(note that <3> is _not_ moved)
2 1 /product private erofs
3 2 /product/app private erofs
30 40 /product/app shared:30 overlay
40 2 /product shared:40 overlay
Bug: 306124139
Test: adb-remount-test
Test: Verified with a remount submount scenario by editing the fstab.
Test: remount /system/bin then /system and verify the submount overlay
(/system/bin) is moved under the parent mount overlay (/system).
Change-Id: I6cdbe8c52d826a6f03fd363c909ebb0005446b96
Trying to move the AVB footer on a sparse file will corrupt the sparse
format. Rather than implement this properly, for now, have the
copy_avb_footer() function gracefully fail by skipping the operation.
Bug: 304574023
Test: fastboot flash sparse image with avb footer
Change-Id: Ia6f0711789a04897ec266ad604a3d243c7184082
This fixes a bug introduced by I81b6bd984aad8f7ddec93ce74f4543e4f71be508
In the original CL, setting a sysprop `next_boot.<name>` and then
rebooting the device could remove all the persistent properties stored
in /data/property/persistent_properties. It happened because the
function `WritePersistentProperty` is called with a properties set which
is initialized as an empty set and then added with the properties which
had the next_boot prefix.
As a result...
Before the boot:
* persist.a = 1
* next_boot.b = 2
* next_boot.persist.c = 3
After the reboot:
* b = 2
* persist.c = 3
persist.a gets lost.
This change fixes the issue by populating properties set from the memory
and then save it to the file.
Bug: 306062513
Bug: 300111812
Test: do the following.
$ adb root
$ adb shell setprop persist.a 1
$ adb shell setprop next_boot.b 1
$ adb shell setprop next_boot.persist.c 1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
1
$ adb shell getprop persist.c
1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
// (none) because b isn't persisted. WAI.
$ adb shell getprop persist.c
1
Change-Id: I85d3777f9b32523b010e49b8ca53f4319dd2ce05
add more bootreasons for new design.
Bug: 296637681
Test: trigger apc watchdog then "adb root; adb shell bootstat -p"
Change-Id: Ia78146ba9299eea45e7d89376179e01cbd37cca8
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
While doing this, refactor the intercept code to be easier to understand.
The primary use case for this is to perform a parallel stack dump (both Java and native) for specific ANRs.
Add tests for all of the different intercept conditions.
Modify the tests to display the error message from the intercept
response if there is an error.
Bug: 254634348
Test: All unit tests pass.
Test: Ran debuggerd on native and java processes.
Test: Created a bugreport without error.
Change-Id: Ic531ccee05b9a470748b815cf109e0076150a0b6
This SELinux option has been deprecated in the kernel since v5.7. In
v6.4, commit a7e4676e made any write to this file a no-op.
Since v4.4, the default value of 0 is set by the kernel. Skip the
setting of this value since we only support kernel >= 4.14.
Test: presubmit
Change-Id: Ied5945532e10b156dc0d9996b2a41a99d04e750b
Instead of using the basename(mounpoint) as partition scratch dir name,
which could lead to name collision, use the normalized and encoded
mountpoint as scratch dir name.
Bug: 243503963
Bug: 306124139
Test: adb-remount-test
Change-Id: I5a64f17bc3b88f0ce42bd0c5779c8dd23a07917f
Cow reader will store header v3 in memory. ReadCowHeader can remain
mostly unchanged since the cow prefix is the same.
header->prefix.header_size will then tell us if we're reading a v3 or v2
header. v3 header is strictly a superset of v2 header so we can read a
v2 header into a v3 struct.
Added a test case to test_v3 where we write a header using v2_writer and
ensure CowReader is able to read it.
Test: cow_api_test
Change-Id: I142f18d871322930b7dc341c342c8b63a481341c
V3 writer set up header. Anything related to cluster ops can be set to
zero, as V3 cow format will no longer support this. All footer related
code can also be dropped as the footer isn't being used.
Test: cow_api_test
Change-Id: I39ece8eaa0813c5991d53b5e0ff9271f27e0662a
Removing lseek call as writefully() should be sufficient in ensuring our
fd is moved to the correct spot
Test: cow_api_test
Change-Id: I404b192335ab1672ed61de426e17e63ab9d51ece
Adding gflags + some basic functionality to this binary. We should be
able to use this to write v2 or v3 cow, and then use inspect_cow to
inspect the contents
Test: write_cow
Change-Id: I44bf5a8c807c4c4759e54624c51e966f2ea18ce9
Gonna add to this binary options to write v2 + v3 cow, + some additional
configurations (for testing purposes). I think this binary can serve as
something to use in parallel with inspect_cow
Test: m write_cow
Change-Id: I93c703b246baa5b400044436a94b33a32e03ea68
Also, why are we accepting the completely made-up "RLIM_AS" but not the
real "RLIMIT_AS" in .rc files?
Bug: http://b/293894041
Test: treehugger
Change-Id: I18b10b6dd77265a9a14b88bfdf1cc0b474800a94
Rather than split this into two binaries as we did for libsnapshot, this
uses test parameterization. I went this route because even for async
builds, the sync path must always work as a fallback.
Bug: N/A
Test: snapuserd_test
Change-Id: Ib68c8fd831c345f41a4e14a99fd0a0b8b1d47b6d
Merge thread will mark merge-completion after msync on header is
complete. This should be definitive enough to track the completion
status.
Bug: 305187301
Test: OTA on Pixel
Change-Id: I366dc5052fa91a6eacf394a1970200cdebc0e135
Signed-off-by: Akilesh Kailash <akailash@google.com>
We have seen multiple OTA failures with invalid geometry magic
signature. Make partition metadata write atomic by writing to a tmpfile
first and then do a rename.
Test: th
Bug: 303770065
Bug: 298149189
Change-Id: Id1d565de73439b95b665144c2f02fc97273d341c
