diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-21 12:38:43 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-21 12:38:43 +0000 |
commit | 1267a75d32f872abd7288cf87cf6f4472ce587f8 (patch) | |
tree | efd56598481148623e25ea4f4d2c7c5e6517d78e | |
parent | e5edac7ca55192070e2575177e9a70dfa6248f46 (diff) | |
parent | d36a68183cb306c6abc233928689fdfc657e521a (diff) | |
download | core-1267a75d32f872abd7288cf87cf6f4472ce587f8.tar.gz |
Snap for 8626064 from d36a68183cb306c6abc233928689fdfc657e521a to mainline-go-adservices-release
Change-Id: I963fb7a144c9669e1d4dcbb163a4e57585d03467
-rw-r--r-- | fs_mgr/libsnapshot/include/libsnapshot/cow_reader.h | 8 | ||||
-rw-r--r-- | init/bootchart.cpp | 14 | ||||
-rw-r--r-- | init/reboot.cpp | 17 | ||||
-rw-r--r-- | init/service.cpp | 4 | ||||
-rw-r--r-- | libprocessgroup/include/processgroup/processgroup.h | 1 | ||||
-rw-r--r-- | libprocessgroup/processgroup.cpp | 33 | ||||
-rw-r--r-- | libprocessgroup/profiles/task_profiles.json | 17 | ||||
-rw-r--r-- | libutils/VectorImpl.cpp | 14 | ||||
-rw-r--r-- | libutils/Vector_test.cpp | 9 | ||||
-rw-r--r-- | rootdir/etc/linker.config.json | 4 | ||||
-rw-r--r-- | rootdir/init.rc | 19 | ||||
-rw-r--r-- | trusty/keymaster/keymint/TrustyKeyMintOperation.cpp | 6 |
12 files changed, 102 insertions, 44 deletions
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/cow_reader.h b/fs_mgr/libsnapshot/include/libsnapshot/cow_reader.h index 8e6bbd9b6..f4d5c72f3 100644 --- a/fs_mgr/libsnapshot/include/libsnapshot/cow_reader.h +++ b/fs_mgr/libsnapshot/include/libsnapshot/cow_reader.h @@ -171,11 +171,11 @@ class CowReader final : public ICowReader { std::optional<uint64_t> last_label_; std::shared_ptr<std::vector<CowOperation>> ops_; std::shared_ptr<std::vector<uint32_t>> merge_op_blocks_; - uint64_t merge_op_start_; + uint64_t merge_op_start_{}; std::shared_ptr<std::unordered_map<uint32_t, int>> block_map_; - uint64_t num_total_data_ops_; - uint64_t num_ordered_ops_to_merge_; - bool has_seq_ops_; + uint64_t num_total_data_ops_{}; + uint64_t num_ordered_ops_to_merge_{}; + bool has_seq_ops_{}; std::shared_ptr<std::unordered_map<uint64_t, uint64_t>> data_loc_; ReaderFlags reader_flag_; }; diff --git a/init/bootchart.cpp b/init/bootchart.cpp index b7db9b6d6..f46fb0993 100644 --- a/init/bootchart.cpp +++ b/init/bootchart.cpp @@ -140,6 +140,20 @@ static void log_processes(FILE* log) { static void bootchart_thread_main() { LOG(INFO) << "Bootcharting started"; + // Unshare the mount namespace of this thread so that the init process itself can switch + // the mount namespace later while this thread is still running. + // Otherwise, setns() call invoked as part of `enter_default_mount_ns` fails with EINVAL. + // + // Note that after unshare()'ing the mount namespace from the main thread, this thread won't + // receive mount/unmount events from the other mount namespace unless the events are happening + // from under a sharable mount. + // + // The bootchart thread is safe to unshare the mount namespace because it only reads from /proc + // and write to /data which are not private mounts. + if (unshare(CLONE_NEWNS) == -1) { + PLOG(ERROR) << "Cannot create mount namespace"; + return; + } // Open log files. auto stat_log = fopen_unique("/data/bootchart/proc_stat.log", "we"); if (!stat_log) return; diff --git a/init/reboot.cpp b/init/reboot.cpp index 6aa9912e1..41cf748d8 100644 --- a/init/reboot.cpp +++ b/init/reboot.cpp @@ -18,6 +18,7 @@ #include <dirent.h> #include <fcntl.h> +#include <linux/f2fs.h> #include <linux/fs.h> #include <linux/loop.h> #include <mntent.h> @@ -218,7 +219,7 @@ static void LogShutdownTime(UmountStat stat, Timer* t) { << stat; } -static bool IsDataMounted() { +static bool IsDataMounted(const std::string& fstype) { std::unique_ptr<std::FILE, int (*)(std::FILE*)> fp(setmntent("/proc/mounts", "re"), endmntent); if (fp == nullptr) { PLOG(ERROR) << "Failed to open /proc/mounts"; @@ -227,7 +228,7 @@ static bool IsDataMounted() { mntent* mentry; while ((mentry = getmntent(fp.get())) != nullptr) { if (mentry->mnt_dir == "/data"s) { - return true; + return fstype == "*" || mentry->mnt_type == fstype; } } return false; @@ -633,7 +634,7 @@ static void DoReboot(unsigned int cmd, const std::string& reason, const std::str // If /data isn't mounted then we can skip the extra reboot steps below, since we don't need to // worry about unmounting it. - if (!IsDataMounted()) { + if (!IsDataMounted("*")) { sync(); RebootSystem(cmd, reboot_target); abort(); @@ -758,6 +759,16 @@ static void DoReboot(unsigned int cmd, const std::string& reason, const std::str sem_post(&reboot_semaphore); // Reboot regardless of umount status. If umount fails, fsck after reboot will fix it. + if (IsDataMounted("f2fs")) { + uint32_t flag = F2FS_GOING_DOWN_FULLSYNC; + unique_fd fd(TEMP_FAILURE_RETRY(open("/data", O_RDONLY))); + int ret = ioctl(fd, F2FS_IOC_SHUTDOWN, &flag); + if (ret) { + PLOG(ERROR) << "Shutdown /data: "; + } else { + LOG(INFO) << "Shutdown /data"; + } + } RebootSystem(cmd, reboot_target); abort(); } diff --git a/init/service.cpp b/init/service.cpp index 0f2443741..3fa935fdd 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -289,6 +289,10 @@ void Service::Reap(const siginfo_t& siginfo) { if (flags_ & SVC_EXEC) UnSetExec(); + if (name_ == "zygote" || name_ == "zygote64") { + removeAllEmptyProcessGroups(); + } + if (flags_ & SVC_TEMPORARY) return; pid_ = 0; diff --git a/libprocessgroup/include/processgroup/processgroup.h b/libprocessgroup/include/processgroup/processgroup.h index c5badc941..39b9f3fc0 100644 --- a/libprocessgroup/include/processgroup/processgroup.h +++ b/libprocessgroup/include/processgroup/processgroup.h @@ -67,6 +67,7 @@ bool setProcessGroupSoftLimit(uid_t uid, int initialPid, int64_t softLimitInByte bool setProcessGroupLimit(uid_t uid, int initialPid, int64_t limitInBytes); void removeAllProcessGroups(void); +void removeAllEmptyProcessGroups(void); // Provides the path for an attribute in a specific process group // Returns false in case of error, true in case of success diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp index e3a80e97b..267e62c67 100644 --- a/libprocessgroup/processgroup.cpp +++ b/libprocessgroup/processgroup.cpp @@ -200,7 +200,7 @@ static int RemoveProcessGroup(const char* cgroup, uid_t uid, int pid, unsigned i return ret; } -static bool RemoveUidProcessGroups(const std::string& uid_path) { +static bool RemoveUidProcessGroups(const std::string& uid_path, bool empty_only) { std::unique_ptr<DIR, decltype(&closedir)> uid(opendir(uid_path.c_str()), closedir); bool empty = true; if (uid != NULL) { @@ -215,6 +215,21 @@ static bool RemoveUidProcessGroups(const std::string& uid_path) { } auto path = StringPrintf("%s/%s", uid_path.c_str(), dir->d_name); + if (empty_only) { + struct stat st; + auto procs_file = StringPrintf("%s/%s", path.c_str(), + PROCESSGROUP_CGROUP_PROCS_FILE); + if (stat(procs_file.c_str(), &st) == -1) { + PLOG(ERROR) << "Failed to get stats for " << procs_file; + continue; + } + if (st.st_size > 0) { + // skip non-empty groups + LOG(VERBOSE) << "Skipping non-empty group " << path; + empty = false; + continue; + } + } LOG(VERBOSE) << "Removing " << path; if (rmdir(path.c_str()) == -1) { if (errno != EBUSY) { @@ -227,9 +242,7 @@ static bool RemoveUidProcessGroups(const std::string& uid_path) { return empty; } -void removeAllProcessGroups() { - LOG(VERBOSE) << "removeAllProcessGroups()"; - +void removeAllProcessGroupsInternal(bool empty_only) { std::vector<std::string> cgroups; std::string path, memcg_apps_path; @@ -256,7 +269,7 @@ void removeAllProcessGroups() { } auto path = StringPrintf("%s/%s", cgroup_root_path.c_str(), dir->d_name); - if (!RemoveUidProcessGroups(path)) { + if (!RemoveUidProcessGroups(path, empty_only)) { LOG(VERBOSE) << "Skip removing " << path; continue; } @@ -269,6 +282,16 @@ void removeAllProcessGroups() { } } +void removeAllProcessGroups() { + LOG(VERBOSE) << "removeAllProcessGroups()"; + removeAllProcessGroupsInternal(false); +} + +void removeAllEmptyProcessGroups() { + LOG(VERBOSE) << "removeAllEmptyProcessGroups()"; + removeAllProcessGroupsInternal(true); +} + /** * Process groups are primarily created by the Zygote, meaning that uid/pid groups are created by * the user root. Ownership for the newly created cgroup and all of its files must thus be diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json index f5533c262..4092c1a37 100644 --- a/libprocessgroup/profiles/task_profiles.json +++ b/libprocessgroup/profiles/task_profiles.json @@ -224,19 +224,6 @@ ] }, { - "Name": "VMCompilationPerformance", - "Actions": [ - { - "Name": "JoinCgroup", - "Params": - { - "Controller": "cpu", - "Path": "system" - } - } - ] - }, - { "Name": "CpuPolicySpread", "Actions": [ { @@ -660,6 +647,10 @@ "Profiles": [ "ServicePerformance", "LowIoPriority", "TimerSlackNormal" ] }, { + "Name": "VMCompilationPerformance", + "Profiles": [ "HighPerformance", "ProcessCapacityHigh", "LowIoPriority", "TimerSlackNormal" ] + }, + { "Name": "SCHED_SP_RT_APP", "Profiles": [ "RealtimePerformance", "MaxIoPriority", "TimerSlackNormal" ] }, diff --git a/libutils/VectorImpl.cpp b/libutils/VectorImpl.cpp index c97a19bc6..d951b8bbb 100644 --- a/libutils/VectorImpl.cpp +++ b/libutils/VectorImpl.cpp @@ -279,14 +279,12 @@ ssize_t VectorImpl::replaceAt(const void* prototype, size_t index) ssize_t VectorImpl::removeItemsAt(size_t index, size_t count) { - ALOG_ASSERT((index+count)<=size(), - "[%p] remove: index=%d, count=%d, size=%d", - this, (int)index, (int)count, (int)size()); - - if ((index+count) > size()) - return BAD_VALUE; - _shrink(index, count); - return index; + size_t end; + LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(index, count, &end), "overflow: index=%zu count=%zu", + index, count); + if (end > size()) return BAD_VALUE; + _shrink(index, count); + return index; } void VectorImpl::finish_vector() diff --git a/libutils/Vector_test.cpp b/libutils/Vector_test.cpp index 5336c40c3..6d90eaa9e 100644 --- a/libutils/Vector_test.cpp +++ b/libutils/Vector_test.cpp @@ -136,4 +136,13 @@ TEST_F(VectorTest, editArray_Shared) { } } +TEST_F(VectorTest, removeItemsAt_overflow) { + android::Vector<int> v; + for (int i = 0; i < 666; i++) v.add(i); + + ASSERT_DEATH(v.removeItemsAt(SIZE_MAX, 666), "overflow"); + ASSERT_DEATH(v.removeItemsAt(666, SIZE_MAX), "overflow"); + ASSERT_DEATH(v.removeItemsAt(SIZE_MAX, SIZE_MAX), "overflow"); +} + } // namespace android diff --git a/rootdir/etc/linker.config.json b/rootdir/etc/linker.config.json index 780ace58a..c88c7ff1e 100644 --- a/rootdir/etc/linker.config.json +++ b/rootdir/etc/linker.config.json @@ -31,5 +31,9 @@ "libadb_pairing_auth.so", "libadb_pairing_connection.so", "libadb_pairing_server.so" + ], + "provideLibs": [ + "libaptX_encoder.so", + "libaptXHD_encoder.so" ] } diff --git a/rootdir/init.rc b/rootdir/init.rc index aae28dc21..cd71aa8aa 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -97,22 +97,18 @@ on property:apexd.status=ready && property:ro.product.cpu.abilist64=* exec_start boringssl_self_test_apex64 service boringssl_self_test32 /system/bin/boringssl_self_test32 - setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,boringssl-self-check-failed stdio_to_kmsg service boringssl_self_test64 /system/bin/boringssl_self_test64 - setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,boringssl-self-check-failed stdio_to_kmsg service boringssl_self_test_apex32 /apex/com.android.conscrypt/bin/boringssl_self_test32 - setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,boringssl-self-check-failed stdio_to_kmsg service boringssl_self_test_apex64 /apex/com.android.conscrypt/bin/boringssl_self_test64 - setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true reboot_on_failure reboot,boringssl-self-check-failed stdio_to_kmsg @@ -828,11 +824,11 @@ on post-fs-data # directory used for odsign metrics mkdir /data/misc/odsign/metrics 0770 root system - # Directory for VirtualizationService temporary image files. Always create - # a fresh new empty directory to remove any stale files from the previous - # boot. - rmdir /data/misc/virtualizationservice - mkdir /data/misc/virtualizationservice 0700 system system + # Directory for VirtualizationService temporary image files. + # Delete any stale files owned by the old virtualizationservice uid (b/230056726). + chmod 0770 /data/misc/virtualizationservice + exec - virtualizationservice system -- /bin/rm -rf /data/misc/virtualizationservice + mkdir /data/misc/virtualizationservice 0770 system system mkdir /data/preloads 0775 system system encryption=None @@ -973,7 +969,7 @@ on post-fs-data mkdir /data/media/obb 0770 media_rw media_rw encryption=Attempt # Create directories for boot animation. - mkdir /data/bootanim 0755 system system encryption=None + mkdir /data/bootanim 0755 system system encryption=DeleteIfNecessary exec_start derive_sdk @@ -1099,6 +1095,9 @@ on boot write /dev/sys/fs/by-name/userdata/gc_urgent_sleep_time 50 write /dev/sys/fs/by-name/userdata/iostat_enable 1 + # set readahead multiplier for POSIX_FADV_SEQUENTIAL files + write /dev/sys/fs/by-name/userdata/seq_file_ra_mul 16 + # limit discard size to 128MB in order to avoid long IO latency # for filesystem tuning first (dm or sda) # this requires enabling selinux entry for sda/mmcblk0 in vendor side diff --git a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp index 9440724da..78e765e9c 100644 --- a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp +++ b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp @@ -52,11 +52,15 @@ TrustyKeyMintOperation::~TrustyKeyMintOperation() { } ScopedAStatus TrustyKeyMintOperation::updateAad( - const vector<uint8_t>& input, const optional<HardwareAuthToken>& /* authToken */, + const vector<uint8_t>& input, const optional<HardwareAuthToken>& authToken, const optional<TimeStampToken>& /* timestampToken */) { UpdateOperationRequest request(impl_->message_version()); request.op_handle = opHandle_; request.additional_params.push_back(TAG_ASSOCIATED_DATA, input.data(), input.size()); + if (authToken) { + auto tokenAsVec(authToken2AidlVec(*authToken)); + request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size()); + } UpdateOperationResponse response(impl_->message_version()); impl_->UpdateOperation(request, &response); |