Critical processes currently cause the device to reboot into recovery when they
crash 4 times in 4mins.
We extend this feature to a new 'updatable' class of init services.
If these services crash 4 times in 4mins, instead of rebooting into bootloader,
we set ro.init.updatable_crashing to '1'. apexd and update_verifier will
listen to that property and try to abort and rollback updates, staged apex
modules and new slots respectively.
Test: Tested manually by marking zygote as updatable and killing zygote
frequently, verified that property is set.
Bug: 120598832
Change-Id: I7d47ea1223f7792a834981c729694242ab3f28c9
For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.
Test: m
Change-Id: I8795b26b9a40ba7126c2a548fbec82ff322a1453
This adds the tests and SmapsRollup() parsing function in
ProcMemInfo. Adds tests to check the return value as well as
the correctness.
Bug: 111694435
Test: libmeminfo_test 1 --gtest_filter=TestProcMemInfo.*
Test: libmeminfo_benchmark --benchmark_filter=BM_SmapsRollup_
Result:
----------------------------------------------------------
Benchmark Time CPU Iterations
----------------------------------------------------------
BM_SmapsRollup_old 4751 ns 4730 ns 149458
BM_SmapsRollup_new 4858 ns 4837 ns 144636
----------------------------------------------------------
Change-Id: Ia051fe53a7622e3091502ff7166efafae35e7935
Signed-off-by: Sandeep Patil <sspatil@google.com>
This is to replace occurrences of get_allocated_vmalloc_memory().
Splitting into libmeminfo already found a bug with current code which
failed to account for memory allocated by modules due to addition of
the extra [%module_name%] in __builtin_return_address().
See: https://elixir.bootlin.com/linux/latest/source/kernel/kallsyms.c#L373
Also improves the performance a bit in the process.
Bug: 119639955
Bug: 111694435
Test: libmeminfo_test 1 --gtest_filter=SysMemInfoParser.TestVmallocInfo
Test: libmeminfo_benchmark --benchmark_filter=BM_VmallocInfo_*
Result:
----------------------------------------------------------------
Benchmark Time CPU Iterations
----------------------------------------------------------------
BM_VmallocInfo_old_fixed 459239 ns 457268 ns 1532
BM_VmallocInfo_new 386032 ns 384353 ns 1821
----------------------------------------------------------------
Change-Id: I1b6606ac73b5cc2dac31d24487b462ec9abfb2ef
Signed-off-by: Sandeep Patil <sspatil@google.com>
Once launched, abb will listen for incoming Binder cli requests.
Executing in-process provides 6x latency improvement (125ms vs 25ms on
PixelXL) for commands like 'package path'
Intended usage by Android Studio for fast deployment and patching of APKs.
Test: manual
BUG: 111621042
Change-Id: Ica84eb2ec9628efa441ecd627b119f3361feaf9f
This commit removes the soname filter from the namespace fallback link
from `runtime` to `system` in the vendor process. This fixes the
problem that vendor process might fail to load `libnetd_client.so`,
`libc_malloc_debug.so`, `libc_malloc_debug_leak.so`, and other libc
dependencies.
This commit also removes the namespace fallback link from `runtime` to
`default` in the vendor process. According to the comments in [1], the
original intention was to allow the access to `/system/${LIB}` not
`/vendor/${LIB}`. Furthermore, `com.android.runtime` suppose to work
without libraries from `/vendor/${LIB}`.
[1] https://android-review.googlesource.com/c/858456
Bug: 119867084
Bug: 122025516 # Motivation of this commit
Test: Executables under vendor partition are not blocked by
`libnetd_client.so` not found error.
Change-Id: I682baada9d755910832474bb3d8307cd49c21ece
... instead of using the block size from the underlying block device.
Bug: 121211685
Test: fiemap_writer_test /dev/block/sda21 (on blueline)
Change-Id: I6038d3f06505a397280b0482e33814b4883be9a2
Signed-off-by: Sandeep Patil <sspatil@google.com>
The IsFilePinned() function is still not being called because I am still
seeing # blocks moved when I run following test on
aosp_blueline-userdebug.
$ fiemap_writer_test /dev/block/sda21 \
--gtest_filter=FiemapWriterTest.CheckWriteError
Bug: 122138114
Test: fiemap_writer_test /dev/block/sda21
Change-Id: I08d74093a082674d621772d202143d2f32e7c665
Signed-off-by: Sandeep Patil <sspatil@google.com>
A zombie setsid process occurs when adb shell setsid <command> is
issued, however llkd can only detect if it is a result of a kernel
livelock by killing the associated parent, which would be adbd;
resulting in the adb connection(s) being terminated. Will special
case this condition in order to preserve adbd for debugging purposes.
We parse <parent>&<child> in ro.llk.blacklist.parent as this
association, thus adbd&[setsid] covers this special case.
Ampersand was selected because it is never part of a process name,
however a setprop in the shell requires it to be escaped or quoted;
init rc file where this is normally specified does not have issue.
getComm() is effectively pure, so hold on to the return value for
sake of efficiency.
This also reverts commit 599958d114
which granted adbd blanket parent immunity from monitoring on
userdebug builds. The new logic is a more refined means of
preserving the live lock checking associated with adbd and allows
the operation to be performed on user builds.
POC: date ; adb shell setsid sleep 900 ; date
Positive for bug, reports less than 15 minutes, otherwise solved.
Test: llkd_unit_test
Bug: 120983740
Change-Id: I6442463a48499d925a3a074423a24a1622905559
It is designed to connect to user specified port and
implements unittest logging protocol supported by
typical unittest ap running on Trusty side.
Test: manual
Change-Id: I6e37ccee9b9e4dde563ef0e4f531b42091cc2bd8
Because of the limited length of properties, and to ease the
complexity of product and vendor adjustments, the comma separated
list properties will use a leading comma to preserve the defaults
and add or subtract entries with + and - prefixes respectively.
Without the leading comma, the list is explicitly specified as before.
Cleanup:
- use empty() instead of space() == 0 (or converse if != 0)
- if (unlikely) pprocp can not be allocated, to a to_string(ppid) check
For testing, observe before and after llkd_unit_test below to
confirm leading comma effects for example:
livelock: ro.llk.stack=wait_on_page_bit_killable,bit_wait_io,\
__get_user_pages,cma_alloc
livelock: ro.llk.stack=...,SyS_openat,...
Test: llkd_unit_test
Bug: 120983740
Change-Id: Ia3d164c2fdac5295a474c6c1294a34e4ae9d0b61
User process in S state blocked by deadlock in I/O system
wait_on_page_bit is covered by regular D state tracking.
Bug: 120776455
Test: long term stability on multiple devices
Change-Id: Icdb99b8095f384cb440f0f2bdeba86c5991b9ef4
Adjusted debugging messaging to add clarity. Report _which_ stack
signature matched that triggered the kernel panic. Reduce the noise
associated with missing /stack to VERBOSE as that is for development
debugging only.
Test: observe during unit test we see something like following logs:
livelock: Found SyS_openat in stack for pid XXX
livelock: S 120.000s XXX->YYY port-bridge [kill]
livelock: Killing '/vendor/bin/port-bridge' (XXX) to check forward\
scheduling progress in S state for\
'/vendor/bin/port-bridge' (YYY)
. . .
livelock: Found SyS_openat in stack for pid XXXXX
livelock: S 120.000s XXXXX->XXXXX llkd_unit_test [kill]
livelock: Killing '/data/nativetest64/llkd_unit_test/llkd_unit_test\
(XXXXX) to check forward scheduling progress in S state
Test: llkd_unit_test
Bug: 33808187
Change-Id: Ifac7dd9a656208563bb20e28739abb741358d964
This is to measure an application's behavior with respect to being LMKed
(the longer an app lives before being LMKed, the better).
Bug: 119854389
Test: Manual
Change-Id: I4ef6433391c8758626334731d2b5de038e4468ae
Merged-In: I4ef6433391c8758626334731d2b5de038e4468ae
(cherry picked from I4ef6433391c8758626334731d2b5de038e4468ae)
platform/interfaces/health/2.0/default/healthd_common.cpp wants to use
timerfd_create() to register a wakealarm.
To use the timerfd_create() syscall with CLOCK_BOOTTIME_ALARM,
CAP_WAKE_ALARM is needed.
Since the .rc file for android.hardware.health@2.0 is shipped here in
system/core, update it here.
Signed-off-by: Felix <google@ix5.org>
Change-Id: I6cd5701b6e5cac37eb021d894251a3a9dc590b95
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported encryption modes.
Bug: 112010205
Test: Tested on a device
Change-Id: I14a400164803a1e217d378ad9bd8b67a61b8b7d0
Merged-In: I14a400164803a1e217d378ad9bd8b67a61b8b7d0
(cherry picked from commit 1b3082642af6f846eb9bcd4fb5c001eed2cfd8a4)
Currently vbmeta images are stored in AvbSlotVerifyData defined in
libavb, which contains some fields that isn't needed by fs_mgr.
e.g., loaded_partition, rollback_indexes. Adding a new class VBMetaData
to replace it.
Bug: 112103720
Bug: 117960205
Test: boot crosshatch
Change-Id: I480461dad3c6aca7e028097662a3b06c3aa6646d
This commit adds the fundamental test framework for the upcoming
changes in libfs_avb. It replies on 'avbtool' to append AVB
metadata and then extracts the vbmeta content into an internal
|vbmeta_images_| variable for comparison later.
Bug: 117960205
Test: m libfs_avb_host_unittest
Test: ./out/host/linux-x86/nativetest/libfs_avb_host_unittest/libfs_avb_host_unittest
Test: atest --rebuild-module-info
Test: atest libfs_avb_host_unittest
Change-Id: I0cb8e8f04bc4b8628576565e7ff1920d7c81ecac
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Bug: b/122073006
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: If6f13ba9dc249d019b820a7c37cf6d4cdd8d0a7d
