Merge "Split out common part of linker script."
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 84eb0f4..40643b8 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -65,3 +65,32 @@
         "testdata/input.4m.fsv_meta.bad_merkle",
     ],
 }
+
+java_genrule {
+    name: "authfs_test_apk_assets",
+    out: ["authfs_test_apk_assets.jar"],
+    tools: [
+        "fsverity_manifest_generator",
+        "fsverity",
+    ],
+    srcs: [
+        "testdata/input.4k",
+        "testdata/input.4k1",
+        "testdata/input.4m",
+    ],
+    /*
+     * Create a JAR file with an assets directory that can merge into the
+     * assets of an APK that depends on it in static_libs. Use this mechanism
+     * to load a generated fsverity manifest for the test input files into the
+     * test VM.
+     */
+    cmd: "out_dir=$$(dirname $(out))" +
+        "&& assets_dir=\"assets\" " +
+        "&& mkdir -p $$out_dir/$$assets_dir" +
+        "&& $(location fsverity_manifest_generator) " +
+        "    --fsverity-path $(location fsverity) " +
+        "    --base-dir $$(dirname $(in) | head -1) " +
+        "    --output $$out_dir/$$assets_dir/input_manifest.pb " +
+        "    $(in) " +
+        "&& jar cf $(out) -C $$out_dir $$assets_dir",
+}
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index 749f3c1..f5254bc 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -76,7 +76,7 @@
     private static final String TEST_APK_NAME = "MicrodroidTestApp.apk";
 
     /** VM config entry path in the test APK */
-    private static final String VM_CONFIG_PATH_IN_APK = "assets/vm_config_extra_apk.json";
+    private static final String VM_CONFIG_PATH_IN_APK = "assets/vm_config.json";
 
     /** Path to open_then_run on Android */
     private static final String OPEN_THEN_RUN_BIN = "/data/local/tmp/open_then_run";
@@ -90,11 +90,8 @@
     /** Path to authfs on Microdroid */
     private static final String AUTHFS_BIN = "/system/bin/authfs";
 
-    /** Idsig paths to be created for each APK in the "extra_apks" of vm_config_extra_apk.json. */
-    private static final String EXTRA_IDSIG_PATH = TEST_DIR + "BuildManifest.apk.idsig";
-
-    /** Build manifest path in the VM. 0 is the index of extra_apks in vm_config_extra_apk.json. */
-    private static final String BUILD_MANIFEST_PATH = "/mnt/extra-apk/0/assets/build_manifest.pb";
+    /** Input manifest path in the VM. */
+    private static final String INPUT_MANIFEST_PATH = "/mnt/apk/assets/input_manifest.pb";
 
     /** Plenty of time for authfs to get ready */
     private static final int AUTHFS_INIT_TIMEOUT_MS = 3000;
@@ -145,7 +142,6 @@
                 MicrodroidBuilder
                         .fromFile(findTestApk(testInfo.getBuildInfo()), VM_CONFIG_PATH_IN_APK)
                         .debugLevel("full")
-                        .addExtraIdsigPath(EXTRA_IDSIG_PATH)
                         .build((TestDevice) androidDevice);
 
         // From this point on, we need to tear down the Microdroid instance
@@ -588,16 +584,15 @@
     public void testInputDirectory_CanReadFile() throws Exception {
         // Setup
         String authfsInputDir = MOUNT_DIR + "/3";
-        runFdServerOnAndroid("--open-dir 3:/system", "--ro-dirs 3");
-        runAuthFsOnMicrodroid("--remote-ro-dir 3:" + BUILD_MANIFEST_PATH + ":system/ --cid "
+        runFdServerOnAndroid("--open-dir 3:" + TEST_DIR, "--ro-dirs 3");
+        runAuthFsOnMicrodroid("--remote-ro-dir 3:" + INPUT_MANIFEST_PATH + ": --cid "
                 + VMADDR_CID_HOST);
 
         // Action
-        String actualHash =
-                computeFileHash(sMicrodroid, authfsInputDir + "/system/framework/framework.jar");
+        String actualHash = computeFileHash(sMicrodroid, authfsInputDir + "/input.4m");
 
         // Verify
-        String expectedHash = computeFileHash(sAndroid, "/system/framework/framework.jar");
+        String expectedHash = computeFileHash(sAndroid, TEST_DIR + "/input.4m");
         assertEquals("Expect consistent hash through /authfs/3: ", expectedHash, actualHash);
     }
 
@@ -605,13 +600,13 @@
     public void testInputDirectory_OnlyAllowlistedFilesExist() throws Exception {
         // Setup
         String authfsInputDir = MOUNT_DIR + "/3";
-        runFdServerOnAndroid("--open-dir 3:/system", "--ro-dirs 3");
-        runAuthFsOnMicrodroid("--remote-ro-dir 3:" + BUILD_MANIFEST_PATH + ":system/ --cid "
+        runFdServerOnAndroid("--open-dir 3:" + TEST_DIR, "--ro-dirs 3");
+        runAuthFsOnMicrodroid("--remote-ro-dir 3:" + INPUT_MANIFEST_PATH + ": --cid "
                 + VMADDR_CID_HOST);
 
         // Verify
-        sMicrodroid.run("test -f " + authfsInputDir + "/system/framework/services.jar");
-        assertThat(sMicrodroid.runForResult("test -f " + authfsInputDir + "/system/bin/sh"))
+        sMicrodroid.run("test -f " + authfsInputDir + "/input.4k");
+        assertThat(sMicrodroid.runForResult("test -f " + authfsInputDir + "/input.4k.fsv_meta"))
                 .isFailed();
     }
 
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index ba3da08..3bbab13 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -102,6 +102,7 @@
 
                 "microdroid_plat_sepolicy.cil",
                 "microdroid_plat_mapping_file",
+                "microdroid_crashdump_initrd",
             ],
         },
         lib64: {
@@ -109,6 +110,8 @@
                 "apkdmverity",
                 "authfs",
                 "authfs_service",
+                "microdroid_crashdump_kernel",
+                "microdroid_kexec",
                 "microdroid_manager",
                 "zipfuse",
             ],
@@ -239,6 +242,8 @@
     "panic=-1",
     "bootconfig",
     "ioremap_guard",
+    // TODO(b/237381762) do this only when ramdump is enabled. (bootloader shall append this)
+    "crashkernel=17M",
 ]
 
 bootimg {
diff --git a/microdroid/kdump/Android.bp b/microdroid/kdump/Android.bp
new file mode 100644
index 0000000..390886b
--- /dev/null
+++ b/microdroid/kdump/Android.bp
@@ -0,0 +1,34 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "microdroid_kexec",
+    stem: "kexec",
+    srcs: ["kexec.c"],
+    installable: false,
+    compile_multilib: "64",
+}
+
+cc_binary {
+    name: "microdroid_crashdump",
+    stem: "crashdump",
+    srcs: ["crashdump.c"],
+    static_executable: true,
+    installable: false,
+    compile_multilib: "64",
+}
+
+android_filesystem {
+    name: "microdroid_crashdump_initrd",
+    multilib: {
+        lib64: {
+            deps: ["microdroid_crashdump"],
+        },
+    },
+    dirs: [
+        "dev",
+        "proc",
+    ],
+    type: "cpio",
+}
diff --git a/microdroid/kdump/crashdump.c b/microdroid/kdump/crashdump.c
new file mode 100644
index 0000000..a606d43
--- /dev/null
+++ b/microdroid/kdump/crashdump.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This program runs as init in the crash kernel.
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/reboot.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <termios.h>
+#include <unistd.h>
+
+#define DUMP_SOURCE "/proc/vmcore"
+#define DUMP_TARGET "/dev/hvc3" // See virtualizationserice/crosvm.rs
+#define BUF_SIZE 4096
+
+#define FAIL(format, ...)                                                \
+    {                                                                    \
+        fprintf(stderr, format ":%s\n", ##__VA_ARGS__, strerror(errno)); \
+        goto fail;                                                       \
+    }
+
+// Why declare? __reboot() is the Bionic's system call stub for the reboot syscall. It is
+// automatically generated (and is part of API), but Bionic doesn't export this in its headers.
+extern int __reboot(int, int, int, void*);
+
+int main() {
+    printf("Crashdump started\n");
+
+    if (mount("proc", "/proc", "proc", 0, NULL) == -1) {
+        FAIL("Failed to mount /proc");
+    }
+
+    if (mount("devtmpfs", "/dev", "devtmpfs", 0, NULL) == -1) {
+        FAIL("Failed to mount /dev");
+    }
+
+    int vmcore = open(DUMP_SOURCE, O_RDONLY);
+    if (vmcore == -1) {
+        FAIL("Failed to open %s", DUMP_SOURCE);
+    }
+
+    int dest = open(DUMP_TARGET, O_WRONLY);
+    if (dest == -1) {
+        FAIL("Failed to open %s", DUMP_TARGET);
+    }
+
+    // We need to turn the line discipline off, otherwise the virtio-console will automatically
+    // append more data than what we have written because some will be recognized as a control
+    // sequence.
+    struct termios term;
+    if (tcgetattr(dest, &term) != 0) {
+        FAIL("Failed to get termios for %s", DUMP_TARGET);
+    }
+
+    cfmakeraw(&term); // Always successful. Returns void.
+
+    if (tcsetattr(dest, TCSAFLUSH, &term) != 0) {
+        FAIL("Failed to set terminal to the raw mode for %s", DUMP_TARGET);
+    }
+
+    struct stat statbuf;
+    if (fstat(vmcore, &statbuf) == -1) {
+        FAIL("Failed to stat %s", DUMP_SOURCE);
+    }
+    printf("Size is %ld bytes\n", statbuf.st_size);
+
+    // sendfile(2) is faster, can't be used because /proc/vmcore doesn't support splice_read
+    size_t dumped = 0;
+    char buf[BUF_SIZE];
+    int progress = 0; // percentage
+
+    // Disable buffering for better display of the progress
+    if (setvbuf(stdout, NULL, _IONBF, 0) != 0) {
+        fprintf(stderr, "Failed to disable buffering for stdout: %s\n", strerror(errno));
+        // This isn't a critical error. Continue.
+    }
+
+    while (dumped < statbuf.st_size) {
+        ssize_t read_bytes = read(vmcore, buf, BUF_SIZE);
+        if (read_bytes == -1) {
+            FAIL("Failed to read from %s", DUMP_SOURCE);
+        }
+        ssize_t written_bytes = write(dest, buf, read_bytes);
+        if (written_bytes == -1) {
+            FAIL("Failed to write to %s", DUMP_TARGET);
+        }
+        dumped += written_bytes;
+        int new_progress = dumped * 100 / statbuf.st_size;
+        if (new_progress > progress) {
+            progress = new_progress;
+            printf(".");
+        }
+    }
+    printf("done\n");
+
+    __reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, "kernel panic");
+    // Never reach here
+
+fail:
+    printf("Crashdump failed\n");
+    return 1;
+}
diff --git a/microdroid/kdump/kernel/Android.bp b/microdroid/kdump/kernel/Android.bp
new file mode 100644
index 0000000..0705875
--- /dev/null
+++ b/microdroid/kdump/kernel/Android.bp
@@ -0,0 +1,25 @@
+package {
+    default_applicable_licenses: ["microdroid_crashdump_kernel_license"],
+}
+
+license {
+    name: "microdroid_crashdump_kernel_license",
+    visibility: [":__subpackages__"],
+    license_kinds: [
+        "SPDX-license-identifier-GPL-2.0-only",
+    ],
+}
+
+prebuilt_etc {
+    name: "microdroid_crashdump_kernel",
+    compile_multilib: "64",
+    arch: {
+        arm64: {
+            src: "arm64/kernel-5.15",
+        },
+        x86_64: {
+            src: "x86_64/kernel-5.15",
+        },
+    },
+    installable: false,
+}
diff --git a/microdroid/kdump/kernel/arm64/kernel-5.15 b/microdroid/kdump/kernel/arm64/kernel-5.15
new file mode 100644
index 0000000..0f2172b
--- /dev/null
+++ b/microdroid/kdump/kernel/arm64/kernel-5.15
Binary files differ
diff --git a/microdroid/kdump/kernel/empty b/microdroid/kdump/kernel/empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/microdroid/kdump/kernel/empty
diff --git a/microdroid/kdump/kernel/x86_64/kernel-5.15 b/microdroid/kdump/kernel/x86_64/kernel-5.15
new file mode 100644
index 0000000..98088e9
--- /dev/null
+++ b/microdroid/kdump/kernel/x86_64/kernel-5.15
Binary files differ
diff --git a/microdroid/kdump/kexec.c b/microdroid/kdump/kexec.c
new file mode 100644
index 0000000..65ea0ea
--- /dev/null
+++ b/microdroid/kdump/kexec.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This program loads kernel and initrd which the system will boot into when
+// panic occurs.
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/kexec.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+static int open_checked(const char* path) {
+    int fd = open(path, O_RDONLY);
+    if (fd == -1) {
+        fprintf(stderr, "Failed to open %s: %s\n", path, strerror(errno));
+        exit(1);
+    }
+    return fd;
+}
+
+int main(int argc, const char* argv[]) {
+    if (argc != 4) {
+        fprintf(stderr, "Usage: %s <kernel> <initrd> <commandline>\n", argv[0]);
+        return 1;
+    }
+
+    // TODO(b/238272206): consider harding these
+    const char* kernel = argv[1];
+    const char* initrd = argv[2];
+    const char* cmdline = argv[3];
+    unsigned long cmdline_len = strlen(cmdline) + 1; // include null terminator, otherwise EINVAL
+
+    if (syscall(SYS_kexec_file_load, open_checked(kernel), open_checked(initrd), cmdline_len,
+                cmdline, KEXEC_FILE_ON_CRASH) == -1) {
+        fprintf(stderr, "Failed to load panic kernel: %s\n", strerror(errno));
+        return 1;
+    }
+    return 0;
+}
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 818c05a..b3b0808 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -12,6 +12,7 @@
     static_libs: [
         "androidx.test.runner",
         "androidx.test.ext.junit",
+        "authfs_test_apk_assets",
         "cbor-java",
         "com.android.microdroid.testservice-java",
         "truth-prebuilt",