Merge "libcutils: clean up the ashmem code a bit." into main
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index a30d9c0..204e690 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -2023,6 +2023,84 @@
return InstallZramDevice(loop_device);
}
+// Check whether it is in recovery mode or not.
+//
+// This is a copy from util.h in libinit.
+//
+// You need to check ALL relevant executables calling this function has access to
+// "/system/bin/recovery" (including SELinux permissions and UNIX permissions).
+static bool IsRecovery() {
+ return access("/system/bin/recovery", F_OK) == 0;
+}
+
+// Decides whether swapon_all should skip setting up zram.
+//
+// swapon_all is deprecated to setup zram after mmd is launched. swapon_all command should skip
+// setting up zram if mmd is enabled by AConfig flag and mmd is configured to set up zram.
+static bool ShouldSkipZramSetup() {
+ if (IsRecovery()) {
+ // swapon_all continue to support zram setup in recovery mode after mmd launch.
+ return false;
+ }
+
+ // Since AConfig does not support to load the status from init, we use the system property
+ // "mmd.enabled_aconfig" copied from AConfig by `mmd --set-property` command to check whether
+ // mmd is enabled or not.
+ //
+ // aconfig_prop can have either of:
+ //
+ // * "true": mmd is enabled by AConfig
+ // * "false": mmd is disabled by AConfig
+ // * "": swapon_all is executed before `mmd --set-property`
+ //
+ // During mmd being launched, we request OEMs, who decided to use mmd to set up zram, to execute
+ // swapon_all after "mmd.enabled_aconfig" system property is initialized. Init can wait the
+ // "mmd.enabled_aconfig" initialization by `property:mmd.enabled_aconfig=*` trigger.
+ //
+ // After mmd is launched, we deprecate swapon_all command for setting up zram but recommend to
+ // use `mmd --setup-zram`. It means that the system should call swapon_all with fstab with no
+ // zram entry or the system should never call swapon_all.
+ //
+ // As a transition, OEMs can use the deprecated swapon_all to set up zram for several versions
+ // after mmd is launched. swapon_all command will show warning logs during the transition
+ // period.
+ const std::string aconfig_prop = android::base::GetProperty("mmd.enabled_aconfig", "");
+ const bool is_zram_managed_by_mmd = android::base::GetBoolProperty("mmd.zram.enabled", false);
+ if (aconfig_prop == "true" && is_zram_managed_by_mmd) {
+ // Skip zram setup since zram is managed by mmd.
+ //
+ // We expect swapon_all is not called when mmd is enabled by AConfig flag.
+ // TODO: b/394484720 - Make this log as warning after mmd is launched.
+ LINFO << "Skip setting up zram because mmd sets up zram instead.";
+ return true;
+ }
+
+ if (aconfig_prop == "false") {
+ // It is expected to swapon_all command to set up zram before mmd is launched.
+ LOG(DEBUG) << "mmd is not launched yet. swapon_all setup zram.";
+ } else if (is_zram_managed_by_mmd) {
+ // This branch is for aconfig_prop == ""
+
+ // On the system which uses mmd to setup zram, swapon_all must be executed after
+ // mmd.enabled_aconfig is initialized.
+ LERROR << "swapon_all must be called after mmd.enabled_aconfig system "
+ "property is initialized";
+ // Since we don't know whether mmd is enabled on the system or not, we fall back to enable
+ // zram from swapon_all conservatively. Both swapon_all and `mmd --setup-zram` command
+ // trying to set up zram does not break the system but just either ends up failing.
+ } else {
+ // We show the warning log for swapon_all deprecation on both aconfig_prop is "true" and ""
+ // cases.
+ // If mmd is enabled, swapon_all is already deprecated.
+ // If aconfig_prop is "", we don't know whether mmd is launched or not. But we show the
+ // deprecation warning log conservatively.
+ LWARNING << "mmd is recommended to set up zram over swapon_all command with "
+ "fstab entry.";
+ }
+
+ return false;
+}
+
bool fs_mgr_swapon_all(const Fstab& fstab) {
bool ret = true;
for (const auto& entry : fstab) {
@@ -2032,6 +2110,10 @@
}
if (entry.zram_size > 0) {
+ if (ShouldSkipZramSetup()) {
+ continue;
+ }
+
if (!PrepareZramBackingDevice(entry.zram_backingdev_size)) {
LERROR << "Failure of zram backing device file for '" << entry.blk_device << "'";
}
diff --git a/gatekeeperd/OWNERS b/gatekeeperd/OWNERS
index 04cd19e..7d822e6 100644
--- a/gatekeeperd/OWNERS
+++ b/gatekeeperd/OWNERS
@@ -1,5 +1,4 @@
# Bug component: 1124862
drysdale@google.com
oarbildo@google.com
-subrahmanyaman@google.com
swillden@google.com
diff --git a/init/README.md b/init/README.md
index 89e20a4..c9742ad 100644
--- a/init/README.md
+++ b/init/README.md
@@ -785,6 +785,16 @@
fstab.${ro.hardware} or fstab.${ro.hardware.platform} will be scanned for
under /odm/etc, /vendor/etc, or / at runtime, in that order.
+> swapon_all is deprecated and will do nothing if `mmd_enabled` AConfig flag
+ in `system_performance` namespace and `mmd.zram.enabled` sysprop are enabled.
+ OEMs, who decided to use mmd to manage zram, must remove zram entry from fstab
+ or remove swapon_all call from their init script.
+
+> swapon_all continues to support setting up non-zram swap devices.
+
+> swapon_all on recovery mode continues to support setting up zram because mmd
+ does not support the recovery mode.
+
`swapoff <path>`
> Stops swapping to the file or block device specified by path.
diff --git a/init/init.cpp b/init/init.cpp
index b6ba6a8..920b926 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -100,6 +100,8 @@
using android::base::boot_clock;
using android::base::ConsumePrefix;
using android::base::GetProperty;
+using android::base::GetIntProperty;
+using android::base::GetBoolProperty;
using android::base::ReadFileToString;
using android::base::SetProperty;
using android::base::StringPrintf;
@@ -108,6 +110,8 @@
using android::base::unique_fd;
using android::fs_mgr::AvbHandle;
using android::snapshot::SnapshotManager;
+using android::base::WaitForProperty;
+using android::base::WriteStringToFile;
namespace android {
namespace init {
@@ -919,6 +923,34 @@
return {};
}
+static void SecondStageBootMonitor(int timeout_sec) {
+ auto cur_time = boot_clock::now().time_since_epoch();
+ int cur_sec = std::chrono::duration_cast<std::chrono::seconds>(cur_time).count();
+ int extra_sec = timeout_sec <= cur_sec? 0 : timeout_sec - cur_sec;
+ auto boot_timeout = std::chrono::seconds(extra_sec);
+
+ LOG(INFO) << "Started BootMonitorThread, expiring in "
+ << timeout_sec
+ << " seconds from boot-up";
+
+ if (!WaitForProperty("sys.boot_completed", "1", boot_timeout)) {
+ LOG(ERROR) << "BootMonitorThread: boot didn't complete in "
+ << timeout_sec
+ << " seconds. Trigger a panic!";
+
+ // add a short delay for logs to be flushed out.
+ std::this_thread::sleep_for(200ms);
+
+ // trigger a kernel panic
+ WriteStringToFile("c", PROC_SYSRQ);
+ }
+}
+
+static void StartSecondStageBootMonitor(int timeout_sec) {
+ std::thread monitor_thread(&SecondStageBootMonitor, timeout_sec);
+ monitor_thread.detach();
+}
+
int SecondStageMain(int argc, char** argv) {
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
@@ -1010,6 +1042,14 @@
InstallInitNotifier(&epoll);
StartPropertyService(&property_fd);
+ // If boot_timeout property has been set in a debug build, start the boot monitor
+ if (GetBoolProperty("ro.debuggable", false)) {
+ int timeout = GetIntProperty("ro.boot.boot_timeout", 0);
+ if (timeout > 0) {
+ StartSecondStageBootMonitor(timeout);
+ }
+ }
+
// Make the time that init stages started available for bootstat to log.
RecordStageBoottimes(start_time);
diff --git a/init/reboot.cpp b/init/reboot.cpp
index d7ad861..a26149f 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -268,6 +268,19 @@
}
static UmountStat UmountPartitions(std::chrono::milliseconds timeout) {
+ // Terminate (SIGTERM) the services before unmounting partitions.
+ // If the processes block the signal, then partitions will eventually fail
+ // to unmount and then we fallback to SIGKILL the services.
+ //
+ // Hence, give the services a chance for a graceful shutdown before sending SIGKILL.
+ for (const auto& s : ServiceList::GetInstance()) {
+ if (s->IsShutdownCritical()) {
+ LOG(INFO) << "Shutdown service: " << s->name();
+ s->Terminate();
+ }
+ }
+ ReapAnyOutstandingChildren();
+
Timer t;
/* data partition needs all pending writes to be completed and all emulated partitions
* umounted.If the current waiting is not good enough, give
@@ -815,6 +828,7 @@
if (IsDataMounted("f2fs")) {
uint32_t flag = F2FS_GOING_DOWN_FULLSYNC;
unique_fd fd(TEMP_FAILURE_RETRY(open("/data", O_RDONLY)));
+ LOG(INFO) << "Invoking F2FS_IOC_SHUTDOWN during shutdown";
int ret = ioctl(fd.get(), F2FS_IOC_SHUTDOWN, &flag);
if (ret) {
PLOG(ERROR) << "Shutdown /data: ";
diff --git a/libsparse/Android.bp b/libsparse/Android.bp
index 44907a1..1d67cbe 100644
--- a/libsparse/Android.bp
+++ b/libsparse/Android.bp
@@ -89,11 +89,6 @@
name: "simg_dump",
main: "simg_dump.py",
srcs: ["simg_dump.py"],
- version: {
- py3: {
- embedded_launcher: true,
- },
- },
}
cc_fuzz {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 734197b..54493d5 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -727,7 +727,6 @@
mkdir /data/apex/active 0755 root system
mkdir /data/apex/backup 0700 root system
mkdir /data/apex/decompressed 0755 root system encryption=Require
- mkdir /data/apex/sessions 0700 root system
mkdir /data/app-staging 0751 system system encryption=DeleteIfNecessary
mkdir /data/apex/ota_reserved 0700 root system encryption=Require
setprop apexd.status ""
diff --git a/trusty/libtrusty/include/trusty/ipc.h b/trusty/libtrusty/include/trusty/ipc.h
index 04e84c6..4a19692 100644
--- a/trusty/libtrusty/include/trusty/ipc.h
+++ b/trusty/libtrusty/include/trusty/ipc.h
@@ -23,19 +23,21 @@
/**
* enum transfer_kind - How to send an fd to Trusty
- * @TRUSTY_SHARE: Memory will be accessible by Linux and Trusty. On ARM it
- * will be mapped as nonsecure. Suitable for shared memory.
- * The paired fd must be a "dma_buf".
- * @TRUSTY_LEND: Memory will be accessible only to Trusty. On ARM it will
- * be transitioned to "Secure" memory if Trusty is in
- * TrustZone. This transfer kind is suitable for donating
- * video buffers or other similar resources. The paired fd
- * may need to come from a platform-specific allocator for
- * memory that may be transitioned to "Secure".
- * @TRUSTY_SEND_SECURE: Send memory that is already "Secure". Memory will be
- * accessible only to Trusty. The paired fd may need to
- * come from a platform-specific allocator that returns
- * "Secure" buffers.
+ * @TRUSTY_SHARE: Memory will be accessible by Linux and Trusty. On ARM it
+ * will be mapped as nonsecure. Suitable for shared memory.
+ * The paired fd must be a "dma_buf".
+ * @TRUSTY_LEND: Memory will be accessible only to Trusty. On ARM it will
+ * be transitioned to "Secure" memory if Trusty is in
+ * TrustZone. This transfer kind is suitable for donating
+ * video buffers or other similar resources. The paired fd
+ * may need to come from a platform-specific allocator for
+ * memory that may be transitioned to "Secure".
+ * @TRUSTY_SEND_SECURE: Send memory that is already "Secure". Memory will be
+ * accessible only to Trusty. The paired fd may need to
+ * come from a platform-specific allocator that returns
+ * "Secure" buffers.
+ * @TRUSTY_SEND_SECURE_OR_SHARE: Acts as TRUSTY_SEND_SECURE if the memory is already
+ * "Secure" and as TRUSTY_SHARE otherwise.
*
* Describes how the user would like the resource in question to be sent to
* Trusty. Options may be valid only for certain kinds of fds.
@@ -44,6 +46,7 @@
TRUSTY_SHARE = 0,
TRUSTY_LEND = 1,
TRUSTY_SEND_SECURE = 2,
+ TRUSTY_SEND_SECURE_OR_SHARE = 3,
};
/**
diff --git a/trusty/libtrusty/tipc-test/tipc_test.c b/trusty/libtrusty/tipc-test/tipc_test.c
index 121837d..9910aee 100644
--- a/trusty/libtrusty/tipc-test/tipc_test.c
+++ b/trusty/libtrusty/tipc-test/tipc_test.c
@@ -55,6 +55,8 @@
"}"
/* clang-format on */
+#define countof(arr) (sizeof(arr) / sizeof(arr[0]))
+
static const char *uuid_name = "com.android.ipc-unittest.srv.uuid";
static const char *echo_name = "com.android.ipc-unittest.srv.echo";
static const char *ta_only_name = "com.android.ipc-unittest.srv.ta_only";
@@ -904,12 +906,14 @@
static int send_fd_test(const struct tipc_test_params* params) {
int ret;
- int dma_buf = -1;
+ int dma_buf[] = {-1, -1, -1};
int fd = -1;
- volatile char* buf = MAP_FAILED;
+ volatile char* buf[countof(dma_buf)] = {MAP_FAILED, MAP_FAILED, MAP_FAILED};
BufferAllocator* allocator = NULL;
+ uint i;
const size_t num_chunks = 10;
+ const size_t buf_size = memref_chunk_size * num_chunks;
fd = tipc_connect(params->dev_name, receiver_name);
if (fd < 0) {
@@ -925,56 +929,86 @@
goto cleanup;
}
- size_t buf_size = memref_chunk_size * num_chunks;
- dma_buf = DmabufHeapAlloc(allocator, "system", buf_size, 0, 0 /* legacy align */);
- if (dma_buf < 0) {
- ret = dma_buf;
- fprintf(stderr, "Failed to create dma-buf fd of size %zu err (%d)\n", buf_size, ret);
- goto cleanup;
+ for (i = 0; i < countof(dma_buf); i++) {
+ ret = DmabufHeapAlloc(allocator, "system", buf_size, 0, 0 /* legacy align */);
+ if (ret < 0) {
+ fprintf(stderr, "Failed to create dma-buf fd of size %zu err (%d)\n", buf_size, ret);
+ goto cleanup;
+ }
+ dma_buf[i] = ret;
}
- buf = mmap(0, buf_size, PROT_READ | PROT_WRITE, MAP_SHARED, dma_buf, 0);
- if (buf == MAP_FAILED) {
- fprintf(stderr, "Failed to map dma-buf: %s\n", strerror(errno));
- ret = -1;
- goto cleanup;
+ for (i = 0; i < countof(dma_buf); i++) {
+ buf[i] = mmap(0, buf_size, PROT_READ | PROT_WRITE, MAP_SHARED, dma_buf[i], 0);
+ if (buf[i] == MAP_FAILED) {
+ fprintf(stderr, "Failed to map dma-buf: %s\n", strerror(errno));
+ ret = -1;
+ goto cleanup;
+ }
+
+ strcpy((char*)buf[i], "From NS");
}
- strcpy((char*)buf, "From NS");
-
- struct trusty_shm shm = {
- .fd = dma_buf,
- .transfer = TRUSTY_SHARE,
+ struct trusty_shm shm[] = {
+ {
+ .fd = dma_buf[0],
+ .transfer = TRUSTY_SHARE,
+ },
+ {
+ .fd = dma_buf[0],
+ .transfer = TRUSTY_SEND_SECURE_OR_SHARE,
+ },
+ {
+ .fd = dma_buf[1],
+ .transfer = TRUSTY_LEND,
+ },
+ {
+ .fd = dma_buf[1],
+ .transfer = TRUSTY_SEND_SECURE_OR_SHARE,
+ },
+ {
+ .fd = dma_buf[2],
+ .transfer = TRUSTY_SEND_SECURE_OR_SHARE,
+ },
};
- ssize_t rc = tipc_send(fd, NULL, 0, &shm, 1);
- if (rc < 0) {
- fprintf(stderr, "tipc_send failed: %zd\n", rc);
- ret = rc;
- goto cleanup;
+ for (i = 0; i < countof(shm); i++) {
+ ssize_t rc = tipc_send(fd, NULL, 0, &shm[i], 1);
+ if (rc < 0) {
+ fprintf(stderr, "tipc_send failed: %zd\n", rc);
+ ret = rc;
+ goto cleanup;
+ }
+ char c;
+ read(fd, &c, 1);
}
- char c;
- read(fd, &c, 1);
- tipc_close(fd);
ret = 0;
- for (size_t skip = 0; skip < num_chunks; skip++) {
- int cmp = strcmp("Hello from Trusty!",
- (const char*)&buf[skip * memref_chunk_size]) ? (-1) : 0;
- if (cmp)
- fprintf(stderr, "Failed: Unexpected content at page %zu in dmabuf\n", skip);
- ret |= cmp;
+ for (i = 0; i < countof(buf); i++) {
+ for (size_t skip = 0; skip < num_chunks; skip++) {
+ int cmp = strcmp("Hello from Trusty!", (const char*)&buf[i][skip * memref_chunk_size])
+ ? (-1)
+ : 0;
+ if (cmp) fprintf(stderr, "Failed: Unexpected content at page %zu in dmabuf\n", skip);
+ ret |= cmp;
+ }
}
cleanup:
- if (buf != MAP_FAILED) {
- munmap((char*)buf, buf_size);
+ for (i = 0; i < countof(dma_buf); i++) {
+ if (buf[i] != MAP_FAILED) {
+ munmap((char*)buf[i], buf_size);
+ }
+ if (dma_buf[i] >= 0) {
+ close(dma_buf[i]);
+ }
}
- close(dma_buf);
if (allocator) {
FreeDmabufHeapBufferAllocator(allocator);
}
- tipc_close(fd);
+ if (fd >= 0) {
+ tipc_close(fd);
+ }
return ret;
}
diff --git a/trusty/test/driver/Android.bp b/trusty/test/driver/Android.bp
index b813a04..3faa878 100644
--- a/trusty/test/driver/Android.bp
+++ b/trusty/test/driver/Android.bp
@@ -23,10 +23,4 @@
"**/*.py",
],
test_suites: ["general-tests"],
- version: {
- py3: {
- embedded_launcher: true,
- enabled: true,
- },
- },
}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
index 2127798..c85dd12 100644
--- a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
+++ b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
@@ -1,11 +1,15 @@
-service trusty_test_vm /apex/com.android.virt/bin/vm run \
- /data/local/tmp/TrustyTestVM_UnitTests/trusty-test_vm-config.json
+service storageproxyd_test_vm /system_ext/bin/storageproxyd.system \
+ -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+ -r /dev/socket/rpmb_mock_test_system \
+ -p /data/secure_storage_test_system \
+ -t sock
disabled
+ class hal
user system
group system
-service storageproxyd_test_system /system_ext/bin/storageproxyd.system \
- -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+service storageproxyd_test_vm_os /system_ext/bin/storageproxyd.system \
+ -d VSOCK:${trusty.test_vm_os.vm_cid}:1 \
-r /dev/socket/rpmb_mock_test_system \
-p /data/secure_storage_test_system \
-t sock
diff --git a/trusty/utils/trusty-ut-ctrl/Android.bp b/trusty/utils/trusty-ut-ctrl/Android.bp
index c255614..dbd8016 100644
--- a/trusty/utils/trusty-ut-ctrl/Android.bp
+++ b/trusty/utils/trusty-ut-ctrl/Android.bp
@@ -39,8 +39,8 @@
vendor: true,
}
-cc_binary {
+cc_test {
name: "trusty-ut-ctrl.system",
defaults: ["trusty-ut-ctrl.defaults"],
- system_ext_specific: true,
+ gtest: false,
}