From fb486660ca92af35abb55021520a0017a85c21de Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 22 Mar 2022 00:33:52 +0000 Subject: [PATCH] Increase early boot logging to kernel log Make vold log warnings and errors to the kernel log until both init_user0 has run and /data is mounted. Previously it only logged errors, and not warnings, to the kernel log until /data is mounted. This is helpful to diagnose failures of init_user0, since adb still isn't started by that point. Also, error messages can be misleading without seeing related warning messages, e.g. the following which is expected on many devices: E vold : keystore2 Keystore generateKey returned service specific error: -67 W vold : Failed to generate rollback-resistant key. This is expected if keystore doesn't support rollback resistance. Falling back to non-rollback-resistant key. Therefore, increase the log level to WARNING and above. Test: Intentionally broke fscrypt_init_user0(), then verified that the error and warning messages appear in the kernel log on Cuttlefish. Bug: 205314634 Bug: 222540970 Change-Id: Ia751f7c88cbf28caf81e891a518953cc0cee911e --- FsCrypt.cpp | 3 +++ FsCrypt.h | 1 + main.cpp | 27 +++++++++++++++++---------- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 49e7bd0..42df78b 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -470,6 +470,8 @@ bool fscrypt_initialize_systemwide_keys() { return true; } +bool fscrypt_init_user0_done; + bool fscrypt_init_user0() { LOG(DEBUG) << "fscrypt_init_user0"; if (fscrypt_is_native()) { @@ -504,6 +506,7 @@ bool fscrypt_init_user0() { if (!try_reload_ce_keys()) return false; } + fscrypt_init_user0_done = true; return true; } diff --git a/FsCrypt.h b/FsCrypt.h index 2946be5..e5af487 100644 --- a/FsCrypt.h +++ b/FsCrypt.h @@ -22,6 +22,7 @@ bool fscrypt_initialize_systemwide_keys(); bool fscrypt_init_user0(); +extern bool fscrypt_init_user0_done; bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); bool fscrypt_destroy_user_key(userid_t user_id); bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret); diff --git a/main.cpp b/main.cpp index 42789c9..b07ee68 100644 --- a/main.cpp +++ b/main.cpp @@ -16,6 +16,7 @@ #define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER +#include "FsCrypt.h" #include "MetadataCrypt.h" #include "NetlinkManager.h" #include "VoldNativeService.h" @@ -286,18 +287,24 @@ static void VoldLogger(android::base::LogId log_buffer_id, android::base::LogSev const char* tag, const char* file, unsigned int line, const char* message) { logd_logger(log_buffer_id, severity, tag, file, line, message); - if (severity >= android::base::ERROR) { - static bool is_data_mounted = false; + if (severity >= android::base::WARNING) { + static bool early_boot_done = false; - // When /data fails to mount, we don't have adb to get logcat. So until /data is - // mounted we log errors to the kernel. This allows us to get failures via serial logs - // and via last dmesg/"fastboot oem dmesg" on devices that support it. + // If metadata encryption setup (fscrypt_mount_metadata_encrypted) or + // basic FBE setup (fscrypt_init_user0) fails, then the boot will fail + // before adb can be started, so logcat won't be available. To allow + // debugging these early boot failures, log early errors and warnings to + // the kernel log. This allows diagnosing failures via the serial log, + // or via last dmesg/"fastboot oem dmesg" on devices that support it. // - // As a very quick-and-dirty test for /data, we check whether /data/misc/vold exists. - if (is_data_mounted || access("/data/misc/vold", F_OK) == 0) { - is_data_mounted = true; - return; + // As a very quick-and-dirty test for whether /data has been mounted, + // check whether /data/misc/vold exists. + if (!early_boot_done) { + if (access("/data/misc/vold", F_OK) == 0 && fscrypt_init_user0_done) { + early_boot_done = true; + return; + } + android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message); } - android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message); } }