While mount_all and umount_all were updated to use ro.boot.fstab_suffix,
I neglected to update swapon_all. Trivially copied from umount_all.
Bug: 142424832
Change-Id: Icd706fe7a1fe16c687cd2811b0a3158d7d2e224e
The mount_all and swapon_all commands are documented, but umount_all
is not. Add some documentation.
Bug: 142424832
Change-Id: I7e4dcb4d222b787350a79c9e312062cac9eeb4d8
Kernel modules may be located within directories in /lib/modules.
Attempt to load kernel modules from each directory that has a name starting with
the major and minor version of the currently running kernel. If a single
kernel module is successfully loaded from a directory, that directory is
treated as the correct kernel module directory for the system. No other
kernel module directories are searched and any kernel module load errors
in that directory are fatal. If the attempt to load the first kernel
module from a directory fails, or if there are no kernel modules in a
directory, then the search proceeds to the next directory.
If no kernel module is successfully loaded from any directory as above,
an attempt is made to load kernel modules from the top level at
/lib/modules/.
Bug: 157645635
Change-Id: I92eadd8617f03a645da460ccb776bc04fa541f00
Merged-In: I92eadd8617f03a645da460ccb776bc04fa541f00
To ensure we can shutdown cleanly, and don't hang an outstanding
requests to a FUSE host daemon that has already exited.
Bug: 153411204
Test: inspect logs during shutdown
Change-Id: I8e6479bd54dbc1fc85b087617aa6b16be9f15a3b
Currently the ReadDefaultFstab function, which calls GetFstabPath,
makes some assumptions about what the fstab will be called and where
it is located. This is being used by vold to set up userdata encryption
and for gsid, and is even used in the default boot control HAL, so it
has become quite baked.
The original way for a board to specify things to mount was to use the
"mount_all /path/to/fstab" command in init.rc. However, due to the
above functionality, the path after mount_all is no longer very useful,
as it cannot differ from the inferred path, or userdata encryption and
other features will be broken.
On Cuttlefish, we have an interest in being able to test alternative
userdata configurations (ext4 vs f2fs, encryption on/off, etc.) and
currently the only way to achieve this is to either a) modify the
ro.hardware or ro.hardware.platform properties, which breaks a bunch
of things like default HAL filenames, or regenerate our odm.img or
vendor.img filesystems. We can't simply install another fstab and
point to it with "mount_all".
This change allows the fstab path to be omitted from "mount_all", and
adds another property which overrides the existing checks for
fstab.${ro.hardware} and fstab.${ro.hardware.platform}. Specifying
${ro.boot.fstab_suffix} will cause fstab.${ro.boot.fstab_suffix}
to be checked first.
Bug: 142424832
Test: booted cuttlefish with 'mount_all ${ro.hardware} --late'
Test: booted cuttlefish with 'mount_all --late'
Test: booted cuttlefish with 'mount_all --late' and fstab_suffix=f2fs
Test: partially booted cuttlefish with 'mount_all ${ro.hardware}'
Test: partially booted cuttlefish with 'mount_all'
Change-Id: I3e10f66aecfcd48bdb9ebf1d304b7aae745cbd3c
Merged-In: I3e10f66aecfcd48bdb9ebf1d304b7aae745cbd3c
A one second timeout is so coarse and can affect boot time when
the possibility that the file does not exist. Switch to accepting
a floating point number for seconds for the wait for file command.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: wait_for_file sleep 0.05 reports an appropriate delay
Change-Id: I8d8ed386519ab54270b05ce91663d0add30f12e7
With GKI we find in certain situations the timing of the drivers
loading is delayed as compared to a monolithic kernel. This
introduces a race where during second stage init, the attributes
inside /sys/class/udc/ might not be set by the time
SetUsbController() is called.
To address this, we also call SetUsbController() until the property
sys.usb.controller is set at the bottom of the event loop.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 151950334
Test: make sure user space fastbootd comes up reliably for a GKI kernel
Change-Id: Iececd8ffa3e6641554d215d622d8dab72d85d34d
The exit of init panics the system *after* process context (mm, stack,
...etc.) are recycled, according to Linux kernel's 'do_exit'
implementation. To preserve most init process context for debugging,
triggers the panic via proc-sysrq explicitly.
Note: after this change, there will be no "Attempt to kill init" panic
when androidboot.init_fatal_panic is set.
Test: Insert data abort fault in init, the full process context is
preserved in memory dump captured after panic.
Bug: 155940351
Change-Id: I3393bd00f99b8cb432cfa19a105b7d636b411764
(cherry picked from commit be1cf9006a)
Extend androidboot.first_stage_console cmdline property to enable
skipping module load failures without stopping at a serial console. This
is useful for GKI development.
Set androidboot.first_stage_console=2 for this behavior.
Bug: 155296582
Test: verify behavior for values 0, 1, and 2
Merged-In: I068c631a22c848e45a421b297b1acae1b3deb3c1
Change-Id: I068c631a22c848e45a421b297b1acae1b3deb3c1
(cherry picked from commit 6c5f82642b)
Introduce new command to allow setting task profiles from inside .rc
script. This is to replace usage of writepid when a service is trying
to join a cgroup. Usage example from a .rc file:
service surfaceflinger /system/bin/surfaceflinger
task_profiles HighPerformance
Bug: 155419956
Test: change .rc file and confirm task profile is applied
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I0add9c3b363a7cb1ea89778780896cae1c8a303c
Merged-In: I0add9c3b363a7cb1ea89778780896cae1c8a303c
When the subcontext code was redone to allow only one subcontext
(vendor_init), the code for restarting it and for terminating it
during shutdown was not updated, resulting in it not working.
Bug: 155203339
Test: kill subcontext init and notice it restart
Test: subcontext init stops during shutdown
Merged-In: Ib77f59d1e7be0ffcfd3f31c8450dc022c20bb322
Change-Id: Ib77f59d1e7be0ffcfd3f31c8450dc022c20bb322
(cherry picked from commit e3e77d382f)
Since this function is used in userspace reboot, we need to be more
diligent with error handling, e.g.:
* If init fails to read /sys/block/zram0/backing_dev, then fail and
fallback to hard reboot.
* Always call swapoff.
* Always reset zram.
* Tear down loop device only if zram is backed by a loop device.
Test: adb reboot userspace
Bug: 153917129
Change-Id: I4709da1d08cf427ad9c898cfb2506b6a29f1d680
If the first stage console is being used, attempt to run /first_stage.sh
immediately before the console is created.
Bug: 154126020
Change-Id: I8b7431e7b8219afea295b120d7ea91751804bda6
Merged-In: I8b7431e7b8219afea295b120d7ea91751804bda6
Similarly to other recovery mechanisms, timeout is controlled by a
read-only property that can be configured per-device.
Test: adb root
Test: adb shell setprop init.userspace_reboot.started.timeoutmillis 2
Test: adb reboot userspace
Bug: 152803929
Change-Id: Id70710b46da798945ac5422ef7d69265911ea5ef
Merged-In: Id70710b46da798945ac5422ef7d69265911ea5ef
(cherry picked from commit d05535485f)
In recovery mode, load modules from modules.load.recovery if it
exists. Otherwise load from modules.load as usual.
Bug: 150825361
Change-Id: I7636bb5958ed10ae9a66015f04f168129618272f
Merged-In: I7636bb5958ed10ae9a66015f04f168129618272f
The tests are only needed in vts10 suite, as they are part of CTS
package and no longer needed in vts 11.
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL removes vts10 tests from vts suite.
It won't change test logic or behavior.
Change-Id: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
Merged-In: I4d468be075b54213b56c7e1aa94af94f2bdce9ff
tl,dr;
Increase the attempts to 50 to reduce the chances of failing
to load the serial console. This will only happen if the cmdline
parameter "androidboot.first_stage_console=1" is enabled.
Details:
10 attempts only amounts to about 1 second of trying to open the serial
console. I tested booting an ACK GKI image 5x with 20 vendor modules and
found the serial console loaded on attempt 17 for all five boot
tests.
Bug: 153354917
Test: boot ACK image 5x and verify serial console comes up
Change-Id: I161a4176b2c6cf7b0bc1eefe072ff38b894add5d
Devices in the lab are hitting an issue where they're getting stuck
likely in the sync() call in DoReboot() before we start the reboot
monitor thread and before we shut down services.
It's possible that concurrent writing to RW file systems is causing
this sync() call to take essentially forever. To protect against
this, we need to remove this sync(). Note that we will still call
sync() after shutting down services.
Note that the service shutdown code has a timeout and there is a
reboot monitor thread that will shutdown the device if more than 30
seconds pass above that timeout. This change increases that timeout
to 300 seconds to give the final sync() calls explicitly more time to
finish.
Bug: 150863651
Test: reboot functions normally
Test: put an infinite loop in DoReboot and the the reboot monitor thread
triggers and shuts down the device appropriately
Merged-In: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
Change-Id: I6fd7d3a25d3225081388e39a14c9fdab21b592ba
(cherry picked from commit 10615eb397)
Previously, after `adb reboot userspace` is called on a device that
doesn't suppor it, init would've logged an error and quietly exit the
shutdown sequence. This was leaving adb handing forever.
With this approach, init will fail setprop
"sys.powerctl=reboot,userspace" in case userspace reboot is not
supported.
Test: adb root
Test: adb setprop init.userspace_reboot.is_supported 0
Test: adb reboot userspace
Test: atest CtsInitTestCases
Bug: 146639622
Change-Id: I1264078f53ed3ff54638c7f3b6846b7437f98ee5
Merged-In: I1264078f53ed3ff54638c7f3b6846b7437f98ee5
(cherry picked from commit 92116e4129)
General recommendation is to avoid read-only properties, and instead control
"read-onlines" by only allowing init/vendor_init to set the property.
Since ro.init.userspace_reboot.is_supported was added in this release, and
nobody outside of the platform is querying it directly, it should be fine to
simply rename it.
Test: adb shell getprop init.userspace_reboot.is_supported
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 152803929
Change-Id: I7552d5ccc6e9b750a6081947eef8fcb027be13e1
Merged-In: I7552d5ccc6e9b750a6081947eef8fcb027be13e1
(cherry picked from commit 663cd35030)
Bug: 152630580
Bug: 152637928
Bug: 152662041
Bug: 152662652
Test: this test is skipped when run as non-root
Merged-In: I7118025cc20081a200000bf484a08c9ed0b0d3ec
Change-Id: I7118025cc20081a200000bf484a08c9ed0b0d3ec
(cherry picked from commit 14f4afd2f2)
We already stop queue'ing new control messages, but we forgot to stop
handling those control messages that are already queued. This CL
fixes that.
Bug: 150863651
Test: CF reboots appropriately
Merged-In: Ifea07a30b868de23eb735db10d8bae410e1b98bb
Change-Id: Ifea07a30b868de23eb735db10d8bae410e1b98bb
(cherry picked from commit 22d6348845)
A typo made this function a no-op.
Bug: 150863651
Test: CF responds to messages appropriately
Merged-In: Iaae0264fae3f2b899ceb5ba0364a4773df1f7ca3
Change-Id: Iaae0264fae3f2b899ceb5ba0364a4773df1f7ca3
(cherry picked from commit 68855276a1)
This will make it possible to re-use in second-stage init.
Bug: 150315914
Test: first-stage init boots
Change-Id: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Merged-In: I6a0f13d5c71ab5529a76751f68ac0f15834323d1
Rather than special-casing super in the uevent listener, call Realpath()
after we've generated its symlink. This allows us to generalize the
uevent listener code.
Also, rename "metadata partition" to "super partition" in a few places,
as this terminology is a bit dated.
Bug: 150315914
Test: first-stage init boots
Change-Id: I2bf3bebf3360f097582df7fba95f3c1753feb2e2
Merged-In: I2bf3bebf3360f097582df7fba95f3c1753feb2e2
- Create a static library libunwindstack_no_dex without DEX support.
- Use it in libdebuggerd_handler_fallback, whose only use is in the
linker, which shouldn't need that support.
- Use it in init_first_stage, which doesn't need DEX support either.
- Also need a libbacktrace_no_dex since it's in the dependency chain
from init_first_stage to libunwindstack_no_dex.
Also restrict the *_no_dex libs and libdebuggerd_handler_fallback as
much as possible to avoid inadvertent use of these reduced
functionality libs.
Test: m init_first_stage on Cuttlefish
where BOARD_BUILD_SYSTEM_ROOT_IMAGE=false
Test: m system_image com.android.runtime
Test: Build & boot
Test: atest linker-unit-tests libunwindstack_unit_test debuggerd_test
Bug: 142944931
Bug: 151466650
Change-Id: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
Merged-In: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
Some services are lazy HALs on some platforms and not lazy HALs on
others; this is known at runtime by hwservicemanager, so this change
adds these properties to allow hwservicemanager to turn one oneshot
(for lazy HALs). It may also be required to make a lazy HAL not lazy
anymore, and oneshot_off is provided for this.
Bug: 147841742
Test: new unit test that turn on and off oneshot on a service (bootanim)
and observes that it follows the expected behavior
Merged-In: I79524e2c9a5008f90c8d3bc40920fde00602a439
Change-Id: I79524e2c9a5008f90c8d3bc40920fde00602a439
(cherry picked from commit bdbf5047c9)
We want to ignore SIGPIPE within init, but if we use SIG_IGN, that
would be inherited by child processes through exec(), which we do not
want to have happen. We instead set up a real signal handler with a
no-op handler function, that will ignore SIGPIPE within init, but will
not be inherited across exec().
This fixes c29c2baa69 ("init: Add support for native service
registration with lmkd"), when SIG_IGN was introduced.
Note that we caught this issue before shipping a release with that
change, so the major motivation here is to not cause a behavior change
in init.
Bug: 151581751
Test: children of init that don't explicitly block SIGPIPE exit when
sent SIGPIPE
Test: children of init that do explicitly block SIGPIPE do not exit
when sent SIGPIPE
Test: init does not exit when sent SIGPIPE
Test: init exits when sent SIGABRT
Merged-In: Ieda8555fd03836bcd672a422fe673a8369ad9beb
Change-Id: Ieda8555fd03836bcd672a422fe673a8369ad9beb
(cherry picked from commit fd470e87cc)
Since new files can be introduced to /metadata after the initial
restorecon, we need to skip hashing.
Bug: 150907679
Test: rollback, ls -lZ /metadata/ota
Change-Id: I1f928f519ae2c75aeedb74b70d513743e86bcf2b
Merged-In: I1f928f519ae2c75aeedb74b70d513743e86bcf2b
A previous change moved property_service into its own thread, since
there was otherwise a deadlock whenever a process called by init would
try to set a property. This new thread, however, would send a message
via a blocking socket to init for each property that it received,
since init may need to take action depending on which property it is.
Unfortunately, this means that the deadlock is still possible, the
only difference is the socket's buffer must be filled before init deadlocks.
This change, therefore, adds the following:
1) A lock for instructing init to reboot
2) A lock for waiting on properties
3) A lock for queueing new properties
A previous version of this change was reverted and added locks around
all service operations and allowed the property thread to spawn
services directly. This was complex due to the fact that this code
was not designed to be multi-threaded. It was reverted due to
apparent issues during reboot. This change keeps a queue of processes
pending control messages, which it will then handle in the future. It
is less flexible but safer.
Bug: 146877356
Bug: 148236233
Bug: 150863651
Bug: 151251827
Test: multiple reboot tests, safely restarting hwservicemanager
Merged-In: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
Change-Id: Ice773436e85d3bf636bb0a892f3f6002bdf996b6
(cherry picked from commit 802864c782)
This is apparently causing problems with reboot.
This reverts commit d2dab830d3.
Bug: 150863651
Test: build
Merged-In: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
Change-Id: Ib8a4835cdc8358a54c7acdebc5c95038963a0419
The rollback indicator is created during first stage init and
is unlabeled. Need to restorecon it properly so that it can
be properly deleted by update_engine later.
Bug: 149956852
Bug: 150907679
Test: apply OTA, reboot, look at serial console
Change-Id: Ie954023b557865691fec2ae378145596bf1973a9
adb remount and snapshot-based updates use ImageManager in first-stage
init. This creates status files, which need to be labelled.
Bug: 148834619
Test: manual test
Change-Id: I72949fca2889f9e5612049844a78bf9355b48797
Merged-In: I72949fca2889f9e5612049844a78bf9355b48797
