Loading init/service.cpp +22 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,8 @@ #include <processgroup/processgroup.h> #include <selinux/selinux.h> #include <string> #include "lmkd_service.h" #include "service_list.h" #include "util.h" Loading @@ -53,6 +55,7 @@ using android::base::boot_clock; using android::base::GetBoolProperty; using android::base::GetIntProperty; using android::base::GetProperty; using android::base::Join; using android::base::make_scope_guard; Loading Loading @@ -320,6 +323,20 @@ void Service::Reap(const siginfo_t& siginfo) { mount_namespace_.has_value() && *mount_namespace_ == NS_DEFAULT; const bool is_process_updatable = use_default_mount_ns && is_apex_updatable; #ifdef SEGV_MTEAERR // As a precaution, we only upgrade a service once per reboot, to limit // the potential impact. // TODO(b/244471804): Once we have a kernel API to get sicode, compare it to MTEAERR here. bool should_upgrade_mte = siginfo.si_code != CLD_EXITED && siginfo.si_status == SIGSEGV && !upgraded_mte_; if (should_upgrade_mte) { LOG(INFO) << "Upgrading service " << name_ << " to sync MTE"; once_environment_vars_.emplace_back("BIONIC_MEMTAG_UPGRADE_SECS", "60"); upgraded_mte_ = true; } #endif // If we crash > 4 times in 'fatal_crash_window_' minutes or before boot_completed, // reboot into bootloader or set crashing property boot_clock::time_point now = boot_clock::now(); Loading Loading @@ -484,6 +501,9 @@ void Service::RunService(const std::vector<Descriptor>& descriptors, LOG(FATAL) << "Service '" << name_ << "' failed to set up namespaces: " << result.error(); } for (const auto& [key, value] : once_environment_vars_) { setenv(key.c_str(), value.c_str(), 1); } for (const auto& [key, value] : environment_vars_) { setenv(key.c_str(), value.c_str(), 1); } Loading Loading @@ -628,6 +648,8 @@ Result<void> Service::Start() { return ErrnoError() << "Failed to fork"; } once_environment_vars_.clear(); if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) { std::string oom_str = std::to_string(oom_score_adjust_); std::string oom_file = StringPrintf("/proc/%d/oom_score_adj", pid); Loading init/service.h +3 −0 Original line number Diff line number Diff line Loading @@ -171,6 +171,7 @@ class Service { android::base::boot_clock::time_point time_started_; // time of last start android::base::boot_clock::time_point time_crashed_; // first crash within inspection window int crash_count_; // number of times crashed within window bool upgraded_mte_ = false; // whether we upgraded async MTE -> sync MTE before std::chrono::minutes fatal_crash_window_ = 4min; // fatal() when more than 4 crashes in it std::optional<std::string> fatal_reboot_target_; // reboot target of fatal handler Loading @@ -183,6 +184,8 @@ class Service { std::vector<SocketDescriptor> sockets_; std::vector<FileDescriptor> files_; std::vector<std::pair<std::string, std::string>> environment_vars_; // Environment variables that only get applied to the next run. std::vector<std::pair<std::string, std::string>> once_environment_vars_; Subcontext* subcontext_; Action onrestart_; // Commands to execute on restart. Loading init/test_upgrade_mte/Android.bp 0 → 100644 +37 −0 Original line number Diff line number Diff line // Copyright (C) 2022 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. cc_binary { name: "mte_upgrade_test_helper", srcs: ["mte_upgrade_test_helper.cpp"], sanitize: { memtag_heap: true, diag: { memtag_heap: false, }, }, init_rc: [ "mte_upgrade_test.rc", ], } java_test_host { name: "mte_upgrade_test", libs: ["tradefed"], static_libs: ["frameworks-base-hostutils", "cts-install-lib-host"], srcs: ["src/**/MteUpgradeTest.java", ":libtombstone_proto-src"], data: [":mte_upgrade_test_helper", "mte_upgrade_test.rc" ], test_config: "AndroidTest.xml", test_suites: ["general-tests"], } init/test_upgrade_mte/AndroidTest.xml 0 → 100644 +30 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2022 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <configuration description="Runs the MTE upgrade tests"> <option name="test-suite-tag" value="init_test_upgrade_mte" /> <option name="test-suite-tag" value="apct" /> <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/> <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer"> <option name="cleanup" value="true" /> <option name="remount-system" value="true" /> <option name="push" value="mte_upgrade_test.rc->/system/etc/init/mte_upgrade_test.rc" /> <option name="push" value="mte_upgrade_test_helper->/system/bin/mte_upgrade_test_helper" /> <option name="push" value="mte_upgrade_test_helper->/data/local/tmp/app_process64" /> </target_preparer> <test class="com.android.tradefed.testtype.HostTest" > <option name="jar" value="mte_upgrade_test.jar" /> </test> </configuration> No newline at end of file init/test_upgrade_mte/mte_upgrade_test.rc 0 → 100644 +24 −0 Original line number Diff line number Diff line # Copyright (C) 2022 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. service mte_upgrade_test_helper /system/bin/mte_upgrade_test_helper ${sys.mte_crash_test_uuid} class late_start disabled seclabel u:r:su:s0 service mte_upgrade_test_helper_overridden /system/bin/mte_upgrade_test_helper ${sys.mte_crash_test_uuid} class late_start disabled seclabel u:r:su:s0 setenv BIONIC_MEMTAG_UPGRADE_SECS 0 Loading
init/service.cpp +22 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,8 @@ #include <processgroup/processgroup.h> #include <selinux/selinux.h> #include <string> #include "lmkd_service.h" #include "service_list.h" #include "util.h" Loading @@ -53,6 +55,7 @@ using android::base::boot_clock; using android::base::GetBoolProperty; using android::base::GetIntProperty; using android::base::GetProperty; using android::base::Join; using android::base::make_scope_guard; Loading Loading @@ -320,6 +323,20 @@ void Service::Reap(const siginfo_t& siginfo) { mount_namespace_.has_value() && *mount_namespace_ == NS_DEFAULT; const bool is_process_updatable = use_default_mount_ns && is_apex_updatable; #ifdef SEGV_MTEAERR // As a precaution, we only upgrade a service once per reboot, to limit // the potential impact. // TODO(b/244471804): Once we have a kernel API to get sicode, compare it to MTEAERR here. bool should_upgrade_mte = siginfo.si_code != CLD_EXITED && siginfo.si_status == SIGSEGV && !upgraded_mte_; if (should_upgrade_mte) { LOG(INFO) << "Upgrading service " << name_ << " to sync MTE"; once_environment_vars_.emplace_back("BIONIC_MEMTAG_UPGRADE_SECS", "60"); upgraded_mte_ = true; } #endif // If we crash > 4 times in 'fatal_crash_window_' minutes or before boot_completed, // reboot into bootloader or set crashing property boot_clock::time_point now = boot_clock::now(); Loading Loading @@ -484,6 +501,9 @@ void Service::RunService(const std::vector<Descriptor>& descriptors, LOG(FATAL) << "Service '" << name_ << "' failed to set up namespaces: " << result.error(); } for (const auto& [key, value] : once_environment_vars_) { setenv(key.c_str(), value.c_str(), 1); } for (const auto& [key, value] : environment_vars_) { setenv(key.c_str(), value.c_str(), 1); } Loading Loading @@ -628,6 +648,8 @@ Result<void> Service::Start() { return ErrnoError() << "Failed to fork"; } once_environment_vars_.clear(); if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) { std::string oom_str = std::to_string(oom_score_adjust_); std::string oom_file = StringPrintf("/proc/%d/oom_score_adj", pid); Loading
init/service.h +3 −0 Original line number Diff line number Diff line Loading @@ -171,6 +171,7 @@ class Service { android::base::boot_clock::time_point time_started_; // time of last start android::base::boot_clock::time_point time_crashed_; // first crash within inspection window int crash_count_; // number of times crashed within window bool upgraded_mte_ = false; // whether we upgraded async MTE -> sync MTE before std::chrono::minutes fatal_crash_window_ = 4min; // fatal() when more than 4 crashes in it std::optional<std::string> fatal_reboot_target_; // reboot target of fatal handler Loading @@ -183,6 +184,8 @@ class Service { std::vector<SocketDescriptor> sockets_; std::vector<FileDescriptor> files_; std::vector<std::pair<std::string, std::string>> environment_vars_; // Environment variables that only get applied to the next run. std::vector<std::pair<std::string, std::string>> once_environment_vars_; Subcontext* subcontext_; Action onrestart_; // Commands to execute on restart. Loading
init/test_upgrade_mte/Android.bp 0 → 100644 +37 −0 Original line number Diff line number Diff line // Copyright (C) 2022 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. cc_binary { name: "mte_upgrade_test_helper", srcs: ["mte_upgrade_test_helper.cpp"], sanitize: { memtag_heap: true, diag: { memtag_heap: false, }, }, init_rc: [ "mte_upgrade_test.rc", ], } java_test_host { name: "mte_upgrade_test", libs: ["tradefed"], static_libs: ["frameworks-base-hostutils", "cts-install-lib-host"], srcs: ["src/**/MteUpgradeTest.java", ":libtombstone_proto-src"], data: [":mte_upgrade_test_helper", "mte_upgrade_test.rc" ], test_config: "AndroidTest.xml", test_suites: ["general-tests"], }
init/test_upgrade_mte/AndroidTest.xml 0 → 100644 +30 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2022 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <configuration description="Runs the MTE upgrade tests"> <option name="test-suite-tag" value="init_test_upgrade_mte" /> <option name="test-suite-tag" value="apct" /> <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/> <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer"> <option name="cleanup" value="true" /> <option name="remount-system" value="true" /> <option name="push" value="mte_upgrade_test.rc->/system/etc/init/mte_upgrade_test.rc" /> <option name="push" value="mte_upgrade_test_helper->/system/bin/mte_upgrade_test_helper" /> <option name="push" value="mte_upgrade_test_helper->/data/local/tmp/app_process64" /> </target_preparer> <test class="com.android.tradefed.testtype.HostTest" > <option name="jar" value="mte_upgrade_test.jar" /> </test> </configuration> No newline at end of file
init/test_upgrade_mte/mte_upgrade_test.rc 0 → 100644 +24 −0 Original line number Diff line number Diff line # Copyright (C) 2022 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. service mte_upgrade_test_helper /system/bin/mte_upgrade_test_helper ${sys.mte_crash_test_uuid} class late_start disabled seclabel u:r:su:s0 service mte_upgrade_test_helper_overridden /system/bin/mte_upgrade_test_helper ${sys.mte_crash_test_uuid} class late_start disabled seclabel u:r:su:s0 setenv BIONIC_MEMTAG_UPGRADE_SECS 0
