Force assignment to read the old pointer value twice, and check
that it didn't change in the interim. Previous experience with
Skia suggests that this has a high probability of correctly detecting
a data race when it occurs, instead of potentially letting the
count associated with the old pointer value get decremented twice,
and corrupting the heap.
This does increase the size of sp assignments, which seem to
commonly get inlined. For the general case, we add a third
comparison and function call.
Some code reformatting to make this consistent with modern conventions
and pass automated checks.
Test: Booted aosp build. Ran libutils tests. Looked at generated code.
Bug: 31227650
Change-Id: Id93a05c6bf10f01ee15ff1bb409611f2058f988f
Move last reboot reason file to new directory data/misc/reboot/ to
require only SELinux permissions specific to this new file.
Bug: 30994946
Test: manual: reboot command, setprop sys.powerctl
Change-Id: I1e067235aa4b06391cff8ab0741a9d317ba5b7da
Save a string identifying the reason for last Android reboot or power
off in file /data/misc/recovery/last_reboot_reason . This file may
be used for informing users of reboot or shutdown reasons at next
boot, and for other diagnostic purposes.
Bug: 30994946
Test: Manual: reboot, setprop sys.powerctl
Change-Id: I01e44473fdd21b33e9e4dced77aba9a66b6d3755
A recent change to the is_first_stage conditionals created a unneeded
else { } block as both the code in the else { } block and any code
that runs after it are both in the second stage of init. A first step
to clean this up is to remove this else block.
Secondly, given the above confusion, it makes sense to simplify the two
if (is_first_stage) conditions into one, which only now requires
duplicating one line to initialize logging and the actual "init
first/second stage started!" logs.
Lastly, there are a few commands ran at the beginning of both init
stages that do not need to be,
* boot_clock::time_point start_time = boot_clock::now();
This is only used in the first stage so keep it there
* umask(0);
umasks are preserved across execve() so it only needs to be set in the
first stage
* chmod("/proc/cmdline", 0440);
This needs to be moved until after /proc is mounted in the first
stage, but otherwise only needs to be done once
Test: Boot bullhead, check umask, check cmdline permissions, check
boot time property
Change-Id: Idb7df1d4330960ce282d9609f5c62281ee2638b9
The qtaguid_tagSocket() function tags a network socket by passing a
reference to the given socket to the qtaguid kernel module. The module
will keep the socket alive even if the process calls close() on said
socket. In this scenario, the socket object would not be destroyed
even if all the file descriptor.
While this is at least a memory leak, it plays bad with epoll(7)
if you also didn't remove the socket from the epoll fd before closing
since epoll will not notice that the socket was closed and there is no
way to remove the socket from epoll after it was closed.
This patch updates the documentation to explicitly mention that the
socket must be untag before closing or bad things happen.
Bug: 36264049
Test: None.
Change-Id: I564a9b6d11d22b43a6c12312524386c0338b42ed
We would experience failures as test runs interfere with each other.
Create a unique tag for each test run signature. Switch from using
TEST_PREFIX to TEST_LOGGER to identify the logger transport being
inspected and make that part of the signature. Make sure 32 bit and
64 bit tests do not interfere.
Test: gTest liblog-unit-tests
cts-tradefed run cts -m CtsLiblogTestCases
Bug: 36232924
Change-Id: I4d58242e5ef8e68e2d4b27cecf538938e17acf3f
Upon opening, qemu pipe (a.k.a. goldfish pipe) requires a purpose
string so that emulator can route the content to the right channel
on the host.
This CL will ask emulator to send the content to pipe based 'logcat'
service on the host.
Change-Id: Icc71f81d5b95b64ea315fe10da82ff704416e449
- __security test to allow 20ms resting time after setting ro.device_owner
- enoent test resort to using "su" command if we are not root to start
and stop the logger.
- Add some instrumentation to guide us in the future if issues.
Test: gTest liblog-unit-tests
cts-tradefed run cts -m CtsLiblogTestCases
Bug: 36232924
Change-Id: I6b926a1913497f7e6204493fc744ee6c454a5ce4
--wrap flag in logcat translates directly to the mTimeout inside logd,
the value set is ANDROID_LOG_WRAP_DEFAULT_TIMEOUT defined in
<log/log_read.h> as 7200 or 2 hours. For a non blocking read with
a selected timeout, the logger waits until either the log buffer is
about to 'wrap' and prune the log entry, or at the specified timeout.
Non blocking in the logger context means that when there are no more
log entries, the socket is closed.
clock_gettime(CLOCK_REALTIME) is UTC 1970 epoch *NIX time. Is only
affected for time updates, not timezone or daylight savings time.
If there is a large user initiated time change, both the log entries
and the timeout mentioned above really get called into question, so we
trigger a release of the logs for clarity. This is so that the log
reader can handle the disruptively updated time, and can immediately
check the local time if necessary.
The logger has a 5 second window for entries to land in time sorted
order into the logging list. This should offer the log reader some
differentiation between logging order sequence for monotonically
increasing time, and sequence order in the face of user initiated time
adjustments that break monotonicity.
This change is about major time adjustments that can cause Fear,
Uncertainty or Doubt about log entries. By returning, immediate action
can be taken, rather than having to comb through the logs with less
details about the time disruptions in hand. The least it can do is
record what we have, and restart the call with a new tail time and
timeout.
Test: gTest liblog-unit-tests logcat-unit-test logd-unit-tests
Bug: 35373582
Change-Id: I92cac83be99d68634ffd4ebd2f3a3067cfd0e942
Add some deterministic behavior should the user change the hour
backwards when altering the device time, prevent sort-in-place
and cause the logger to land the new entries at the end.
Do not limit how far kernel logs can be sorted.
Test: gTest liblog-unit-tests logd-unit-tests logcat-unit-tests
Bug: 35373582
Change-Id: Ie897c40b97adf1e3996687a0e28c1199c41e0d0c
Regression from commit 8e8e8db549
For liblogcat reader -t or -T <timestamp> tail requests, continue
search for pertinent out-of-order entries for an additional 30 seconds
back into logging history to find a more inclusive starting point.
For example, if you have an out of order landing like
[..., 3, 6, 1, 8, 2, 5] and ask for 3 you used to get only 5, and now
you get 3, 6, 8, 5 as 'expected'
Test: gTest liblog-unit-tests logd-unit-tests logcat-unit-tests
Bug: 35373582
Change-Id: I2a0732933fa371aed383d49c8d48d01f33db2a79
Use getRealTime() instead and leverage private liblog log_time
comparison and math functions. This saves 8 bytes off each
element in the logging database.
Test: gTest liblog-unit-tests logd-unit-tests logcat-unit-tests
Bug: 35373582
Change-Id: Ia55ef8b95cbb2a841ccb1dae9a24f314735b076a
- Improves accuracy of -t/-T '<timestamp>' behavior when out of order
arrival of entries messes with mSequence as the list will now have
monotonic sequence numbers enforced.
- Out of order time entries still remain because of reader requiring
the ability to receive newly arrived old entries.
- -t/-T '<timestamp>' can still quit backward search prematurely
because an old entry lands later in the list.
- Adjust insert in place algorithm from two loops of scan placement
and then limit against watermark, into one that does all of that
plus iteratively swap update the sequence numbers to set
monotonicity. Side effect will be that the read lock (which is
actually the LogTimes lock) will be held longer while we search
for a placement above the youngest LogTimes watermark. We need
to hold the read (LogTimes) lock because we may be altering the
sequence numbers affecting -t/-T '<timestamp>' search.
Test: gTest logd-unit-tests liblog-unit-tests logcat-unit-tests
Bug: 35373582
Change-Id: I79a385fc149bac2179128b53d4c8f71e429181ae
This is used by components that communicate with the embedded secure
element.
Test: Boot system with a daemon and device using this AID.
Bug: 35628284
Change-Id: I1fd1a300c69fefbd19fda69add5d3b098be873c2
Processes that don't have dumpable set to 1 cannot have their
process/thread names read by processes that don't have all of their
capabilities. Fetch these names in crash_dump before dropping
privileges.
Bug: http://b/36237221
Test: debuggerd_test
Test: debuggerd -b `pidof android.hardware.bluetooth@1.0-service`
Change-Id: I174769e7b3c1ea9f11f9c8cbdff83028a4225783
Devices having no early mount enabled won't have fstab in device tree.
Lower the log level to INFO when fstab is absent there.
Bug: 35811655
Test: boot into recovery mode in a device without fstab in dt
Change-Id: I4b1e0e6554f50b8118770d00aa8f54be86aca858
Not sure how this code got missed when we moved everything else off
C string handling...
$ adb reboot bootloader
$ fastboot oem `perl -e 'print "x"x1024;'`
Before:
<crashes>
After:
error: Command length (1028) exceeds maximum size (64)
(The error says 1028 instead of 1024 because it includes the "oem ".)
Bug: http://b/36232671
Test: fastboot oem `perl -e 'print "x"x1024;'`
Change-Id: Ib4664e49222bd2b71be5aa3fe81f386d6073414f
Motivation:
1. Reduce skew between userdebug and user builds.
2. Make the decision to mount debugfs on debug builds on a
per-device basis.
3. Prepare to not mount it at all to reduce the attack surface
of the kernel, reduce boot time, and free up memory.
4. Remove the selinux denial on devices that mount twice, i.e.
unconditionally in the device specific .rc file and in the
init-debug.rc file.
avc: denied { mounton } for path="/sys/kernel/debug" dev="debugfs"
ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0
tclass=dir permissive=0
If desired, debugfs may be mounted in device specific rc files
instead.
Bug: 31856701
Bug: 35197529
Test: Build and boot Marlin. Selinux denial no longer observed.
Change-Id: Ie0d954f77f7cf70ed2b94f67a57a6c9eba45ba8e
Better keep the right order, or ASAN will complain when you read
out of bounds.
Bug: 36234128
Test: m
Test: m && m SANITIZE_TARGET=address
Test: Sanitized device boots without ASAN crashes
Change-Id: Ifc09cb0ece6835d2b636a3ad2128e09ca9aa45c9
Add ANDROID_RB_THERMOFF command to android_reboot(), denoting a power
off due to thermal limits exceeded. When this command is used, Android
may provide notification to the user about the potentially unexpected
power off at next boot.
Bug: 30994946
Test: Manual: setprop sys.powerctl thermal-shutdown
Change-Id: If2cde1b6a3c281a5750b50295412a4801ed5b2f2
Bug: 34949125
Bug: 34606909
Test: Make sure Android boots when built with SANITIZE_TARGET='address'
Change-Id: I9c004e806f2025098aa72228284b05affd2c2802
The .clang-format files in the base, debuggerd, adb, libprocinfo, and
fastboot subdirectories each differ slightly from the top level
.clang-format-2 and .clang-format-4, but not in a substantially
meaningful way, as the source files in those directories have not been
re-formatted with clang-format. Therefore, let's reduce the
differences and use only the two top level clang-format files.
Secondly perform some small clean-up of the top level .clang-format
files. AllowShortBlocksOnASingleLine is already false in the Google
style, so it can be removed. AllowShortFunctionsOnASingleLine should
not change between the -2 and -4 versions, so leave it at the Google
default style in both, which is 'All'.
The diff stats for these changes are:
./base/
Old:
640 insertions(+), 531 deletions(-)
New:
563 insertions(+), 808 deletions(-)
./debuggerd/
Old:
910 insertions(+), 886 deletions(-)
New:
991 insertions(+), 1023 deletions(-)
./adb/
Old:
2623 insertions(+), 2886 deletions(-)
New:
2655 insertions(+), 3103 deletions(-)
./libprocinfo/
Old:
2 insertions(+), 1 deletion(-)
New:
4 insertions(+), 18 deletions(-)
./fastboot/
Old:
618 insertions(+), 743 deletions(-)
New:
726 insertions(+), 882 deletions(-)
./init/
Old:
1755 insertions(+), 1866 deletions(-)
New:
1715 insertions(+), 1952 deletions(-)
Test: Above clang-format stats
Change-Id: I3f7b8ab0660c8394c5008ba95ea15e70dd22b55b
Hans Boehm