Failing to write to the endpoint results in subsequent reads on ep0 to
fail with EL2HLT, so do an empty write to fulfill the transfer.
Bug: http://b/131867920
Test: manually tested with modified auto client
Change-Id: If2eec162ca4b31a9974c7bd5802be51cee9e2708
It seems like we're blowing up when receiving a control transfer that's
intended for Android Auto, because we're not expecting to get the data
for the control transfer in a subsequent read.
Bug: http://b/131867920
Test: none
Change-Id: Icfd642e6dfc02d2ccbdd60c39f89e534298c944d
Kernel does not accept non-zero value of iocb->aio_reserved2.
Bug: 132803232
Test: initialize malloc() memory to non-zero pattern and see what breaks
Change-Id: I65a7e89e3a2c1ba79df1dc2d011d6c76c41afb81
(cherry picked from commit fe7eca7b8f)
This keyword was introduced to support restarting services on devices
using APEX and FDE. The current implementation is not a restart, but
rather a 'reset' followed by a 'start', because the real /data must be
mounted in-between those two actions. But we effectively want this to be
a restart, which means that we also want to start 'disabled' services
that were running at the time we called 'class_reset_post_data'.
To implement this, keep track of whether a service was running when its
class was reset at post-data, and start all those services.
Bug: 132592548
Test: manual testing on FDE Taimen
Change-Id: I1e81e2c8e0ab2782150073d74e50e4cd734af7b9
Permitted paths were empty for ASAN builds with the media namespace.
Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
Also, improve the logging in the cases where we do abort.
Bug: http://b/131867920
Test: treehugger
Change-Id: If8ec9f4614ce146e6dbd21cc77587ea81658199b
(cherry picked from commit 2916e148d9)
(cherry picked from commit 98a0128e44)
Regression from commit 77c28476f1
("Remove the mount points defined in skip_mount.cfg from
ReadDefaultFstab()") resulted in ReadFstabFromFile to report
errno ENOENT even upon success, preventing clear error propagation
for real failures (ReadFstabFromFile would _always_ report ENOENT).
The bad error propagation resulted in an adb remount failure.
Added immunization against future adjustments that may also
result in a similar regression in adb remount behaviors.
Test: adb-remount-test.sh
Bug: 132594161
Bug: 128961335
Change-Id: Icf5d48bbfc6d938d4b9657ca8004a6a6ddaab5a6
Replacing "ro.boot.vbmeta.devices_state" with
"ro.boot.vbmeta.device_state" to check if the device is locked.
Bug: 132224452
Test: tree hugger
Change-Id: If4f312730cc82ad5a5d5104a7aca8b9691cf6600
(cherry picked from commit 2badf73b99)
Children of processes that use SocketListener should not be able
to stop the SocketListener.
Test: builds, boots
Test: atest libsysutils_tests
Test: atest --test-mapping system/netd
Bug: 131268436
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I64898d9966f62004468b8e8a43b59be4a81a8cc4
Merged-In: I64898d9966f62004468b8e8a43b59be4a81a8cc4
(cherry picked from commit dae0195380)
The majority of libjsoncpp use is due to libprocessgroup. Static
linking reduces relocations required at runtime as well as compacts the
pages dirtied by relocations. On a 32-bit system, where this matters
the most, this reduces 8KB of dirty pages per libprocessgroup load.
Overall, the dirty page reduction on 32-bit cuttlefish is ~500KB.
Bug: 132275636
Test: Boot on cuttlefish. Calculate total amount of dirty memory used
for libprocessgroup and libjsoncpp.
Change-Id: I1135bb45a3764f96a4a3a47c98fbcdee3913c988
boot-debug.img is introduced to allow 'adb root' if the device is
unlocked, and it cannot be release signed. If /boot partition is chained
in AVB signing and boot-debug.img is used, avb_slot_verify() in
userspace will return AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED
and fs_mgr will refuse to boot. This CL treats the public key rejection
as non-fatal for chained vbmeta to continue booting, if the device is
unlocked.
Bug: 129508966
Test: can root with user load which /boot chained in AVB signing
Change-Id: Idfa8caffbb96f33702b1749afd2e2a59616ddba7
Merged-In: Idfa8caffbb96f33702b1749afd2e2a59616ddba7
(cherry picked from commit 705fd7f52c)
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.
This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata. Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.
Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
In ART, some of the maps are /memfd:/jit-cache and it triggers the warning
about unreadable elf files. Do not set the elf from memory not file
flag in this case.
Bug: 131909548
Test: New unit tests pass.
Test: No warnings dumping stacks with this change done.
Change-Id: Ifba5e65da609525ded75430da173c614f6e4801e
(cherry picked from commit 98aaf4cf08)
A previous patch intended to make receiving multiple FUNCTIONFS_ENABLEs
non-fatal, but failed to do so because we would try to spawn another
worker thread and hit a different assertion.
Bug: http://b/130638368
Test: echo mem | adb shell "su 0 sh -c 'cat > /sys/power/state'"
Change-Id: I53456112244d8b4f7d26df6ec6961389fca70498
(cherry picked from commit 910ce0ff08)
For bringup devices that do not have right-sized partition, and if
/system is now root, check / to be sure.
Consider unshare blocks for ext4 as dead code, provide a strong
message to caller to provide all the dependencies to overlayfs.
Test: adb-remount-test.sh
Bug: 130327601
Change-Id: Iffa7c5f24d8f409e71f89fe9ece274d8c476f6fc
Merged-In: Iffa7c5f24d8f409e71f89fe9ece274d8c476f6fc
If the matching string contains a [, \ or *, then it is also checked
with a regex match. Exact match is always tried firsts. If we do
not find an exact string match, switch to iterate through the entire
list for regex strings to find a match.
This allows us to scale with details without consuming a large
number of enums, permitting details that we do not necessarily want
resolution on to propagate to TRON. The hierarchical nature of the
boot reason <reason>,<subreason>,<detail>... can cause scenarios
where the <detail> does not matter to TRON, but does matter to
bugreport collection.
Add a bootstat --boot_reason_enum function to expose and test the
kBootReasonMap matchihg algorithm.
Add a kBootReasonMap test that exhaustively tests all built-in
entries, and an example of one regex entry. New regex entries added
to bootstat.cpp will need a series of exact match examples added into
filter_kBootReasonMap() function.
Test: boot_reason_test.sh kBootReasonMap (or all tests)
Bug: 116838876
Bug: 128929506
Change-Id: I3f7b5de22f99195b7ce99672a212174365960b3f
Merged-In: I3f7b5de22f99195b7ce99672a212174365960b3f
After this change, all the noise from mkfs is suppressed:
$ adb remount
[libfs_mgr]superblock s_max_mnt_count:65535,/dev/block/by-name/system_b
[libfs_mgr]__mount(source=/dev/block/by-name/system_b,target=/mnt/scratch,type=ext4)=-1: Invalid argument
[libfs_mgr]__mount(source=/dev/block/by-name/system_b,target=/mnt/scratch,type=f2fs)=0: Success
Using overlayfs for /system
Using overlayfs for /vendor
Using overlayfs for /product
[libfs_mgr]__mount(source=overlay,target=/system,type=overlay,upperdir=/mnt/scratch/overlay/system/upper)=0
[libfs_mgr]__mount(source=overlay,target=/vendor,type=overlay,upperdir=/mnt/scratch/overlay/vendor/upper)=0
[libfs_mgr]__mount(source=overlay,target=/product,type=overlay,upperdir=/mnt/scratch/overlay/product/upper)=0
remount succeeded
Test: manual as above
Bug: 130739326
Change-Id: I7ed8842e42b74b6a487ce6324b28baf78f1f63bf
Merged-In: I7ed8842e42b74b6a487ce6324b28baf78f1f63bf
Before, if updatable processes crash 4 times in 4mins, a native
rollback will be attempted. This behavior does not detect
system_server early boot deadlocks because the system server requires
at least a min to detect a deadlock, and crash itself. The crashes
don't happen frequently enough for init to detect.
After, this cl, the old behavior exists and additionally, init detects
*any* 4 crashes of updatable processes before boot completed,
regardless of if they happen within 4mins or not.
Test: Manually tested by adding artificial sleep in system_server so
deadlock is triggered before boot. system_server crashes 4 times in
over 4mins and the ro.init.updatable_crashing prop is set to 1.
Bug: 129597207
Merged-In: Ie6fb5693ff4be105bcbe139c22850fb076e40260
Change-Id: Ie6fb5693ff4be105bcbe139c22850fb076e40260
