1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "reboot.h" 18 19 #include <dirent.h> 20 #include <fcntl.h> 21 #include <linux/fs.h> 22 #include <mntent.h> 23 #include <sys/capability.h> 24 #include <sys/cdefs.h> 25 #include <sys/ioctl.h> 26 #include <sys/mount.h> 27 #include <sys/reboot.h> 28 #include <sys/stat.h> 29 #include <sys/syscall.h> 30 #include <sys/types.h> 31 #include <sys/wait.h> 32 33 #include <memory> 34 #include <set> 35 #include <thread> 36 #include <vector> 37 38 #include <android-base/chrono_utils.h> 39 #include <android-base/file.h> 40 #include <android-base/logging.h> 41 #include <android-base/macros.h> 42 #include <android-base/properties.h> 43 #include <android-base/stringprintf.h> 44 #include <android-base/strings.h> 45 #include <android-base/unique_fd.h> 46 #include <bootloader_message/bootloader_message.h> 47 #include <cutils/android_reboot.h> 48 #include <fs_mgr.h> 49 #include <logwrap/logwrap.h> 50 #include <private/android_filesystem_config.h> 51 52 #include "capabilities.h" 53 #include "init.h" 54 #include "property_service.h" 55 #include "service.h" 56 57 using android::base::StringPrintf; 58 using android::base::Timer; 59 60 namespace android { 61 namespace init { 62 63 // represents umount status during reboot / shutdown. 64 enum UmountStat { 65 /* umount succeeded. */ 66 UMOUNT_STAT_SUCCESS = 0, 67 /* umount was not run. */ 68 UMOUNT_STAT_SKIPPED = 1, 69 /* umount failed with timeout. */ 70 UMOUNT_STAT_TIMEOUT = 2, 71 /* could not run due to error */ 72 UMOUNT_STAT_ERROR = 3, 73 /* not used by init but reserved for other part to use this to represent the 74 the state where umount status before reboot is not found / available. */ 75 UMOUNT_STAT_NOT_AVAILABLE = 4, 76 }; 77 78 // Utility for struct mntent 79 class MountEntry { 80 public: 81 explicit MountEntry(const mntent& entry) 82 : mnt_fsname_(entry.mnt_fsname), 83 mnt_dir_(entry.mnt_dir), 84 mnt_type_(entry.mnt_type), 85 mnt_opts_(entry.mnt_opts) {} 86 87 bool Umount(bool force) { 88 int r = umount2(mnt_dir_.c_str(), force ? MNT_FORCE : 0); 89 if (r == 0) { 90 LOG(INFO) << "umounted " << mnt_fsname_ << ":" << mnt_dir_ << " opts " << mnt_opts_; 91 return true; 92 } else { 93 PLOG(WARNING) << "cannot umount " << mnt_fsname_ << ":" << mnt_dir_ << " opts " 94 << mnt_opts_; 95 return false; 96 } 97 } 98 99 void DoFsck() { 100 int st; 101 if (IsF2Fs()) { 102 const char* f2fs_argv[] = { 103 "/system/bin/fsck.f2fs", "-f", mnt_fsname_.c_str(), 104 }; 105 android_fork_execvp_ext(arraysize(f2fs_argv), (char**)f2fs_argv, &st, true, LOG_KLOG, 106 true, nullptr, nullptr, 0); 107 } else if (IsExt4()) { 108 const char* ext4_argv[] = { 109 "/system/bin/e2fsck", "-f", "-y", mnt_fsname_.c_str(), 110 }; 111 android_fork_execvp_ext(arraysize(ext4_argv), (char**)ext4_argv, &st, true, LOG_KLOG, 112 true, nullptr, nullptr, 0); 113 } 114 } 115 116 static bool IsBlockDevice(const struct mntent& mntent) { 117 return android::base::StartsWith(mntent.mnt_fsname, "/dev/block"); 118 } 119 120 static bool IsEmulatedDevice(const struct mntent& mntent) { 121 return android::base::StartsWith(mntent.mnt_fsname, "/data/"); 122 } 123 124 private: 125 bool IsF2Fs() const { return mnt_type_ == "f2fs"; } 126 127 bool IsExt4() const { return mnt_type_ == "ext4"; } 128 129 std::string mnt_fsname_; 130 std::string mnt_dir_; 131 std::string mnt_type_; 132 std::string mnt_opts_; 133 }; 134 135 // Turn off backlight while we are performing power down cleanup activities. 136 static void TurnOffBacklight() { 137 static constexpr char OFF[] = "0"; 138 139 android::base::WriteStringToFile(OFF, "/sys/class/leds/lcd-backlight/brightness"); 140 141 static const char backlightDir[] = "/sys/class/backlight"; 142 std::unique_ptr<DIR, int (*)(DIR*)> dir(opendir(backlightDir), closedir); 143 if (!dir) { 144 return; 145 } 146 147 struct dirent* dp; 148 while ((dp = readdir(dir.get())) != nullptr) { 149 if (((dp->d_type != DT_DIR) && (dp->d_type != DT_LNK)) || (dp->d_name[0] == '.')) { 150 continue; 151 } 152 153 std::string fileName = StringPrintf("%s/%s/brightness", backlightDir, dp->d_name); 154 android::base::WriteStringToFile(OFF, fileName); 155 } 156 } 157 158 static void ShutdownVold() { 159 const char* vdc_argv[] = {"/system/bin/vdc", "volume", "shutdown"}; 160 int status; 161 android_fork_execvp_ext(arraysize(vdc_argv), (char**)vdc_argv, &status, true, LOG_KLOG, true, 162 nullptr, nullptr, 0); 163 } 164 165 static void LogShutdownTime(UmountStat stat, Timer* t) { 166 LOG(WARNING) << "powerctl_shutdown_time_ms:" << std::to_string(t->duration().count()) << ":" 167 << stat; 168 } 169 170 // Determines whether the system is capable of rebooting. This is conservative, 171 // so if any of the attempts to determine this fail, it will still return true. 172 static bool IsRebootCapable() { 173 if (!CAP_IS_SUPPORTED(CAP_SYS_BOOT)) { 174 PLOG(WARNING) << "CAP_SYS_BOOT is not supported"; 175 return true; 176 } 177 178 ScopedCaps caps(cap_get_proc()); 179 if (!caps) { 180 PLOG(WARNING) << "cap_get_proc() failed"; 181 return true; 182 } 183 184 cap_flag_value_t value = CAP_SET; 185 if (cap_get_flag(caps.get(), CAP_SYS_BOOT, CAP_EFFECTIVE, &value) != 0) { 186 PLOG(WARNING) << "cap_get_flag(CAP_SYS_BOOT, EFFECTIVE) failed"; 187 return true; 188 } 189 return value == CAP_SET; 190 } 191 192 static void __attribute__((noreturn)) 193 RebootSystem(unsigned int cmd, const std::string& rebootTarget) { 194 LOG(INFO) << "Reboot ending, jumping to kernel"; 195 196 if (!IsRebootCapable()) { 197 // On systems where init does not have the capability of rebooting the 198 // device, just exit cleanly. 199 exit(0); 200 } 201 202 switch (cmd) { 203 case ANDROID_RB_POWEROFF: 204 reboot(RB_POWER_OFF); 205 break; 206 207 case ANDROID_RB_RESTART2: 208 syscall(__NR_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, 209 LINUX_REBOOT_CMD_RESTART2, rebootTarget.c_str()); 210 break; 211 212 case ANDROID_RB_THERMOFF: 213 reboot(RB_POWER_OFF); 214 break; 215 } 216 // In normal case, reboot should not return. 217 PLOG(FATAL) << "reboot call returned"; 218 abort(); 219 } 220 221 /* Find all read+write block devices and emulated devices in /proc/mounts 222 * and add them to correpsponding list. 223 */ 224 static bool FindPartitionsToUmount(std::vector<MountEntry>* blockDevPartitions, 225 std::vector<MountEntry>* emulatedPartitions, bool dump) { 226 std::unique_ptr<std::FILE, int (*)(std::FILE*)> fp(setmntent("/proc/mounts", "r"), endmntent); 227 if (fp == nullptr) { 228 PLOG(ERROR) << "Failed to open /proc/mounts"; 229 return false; 230 } 231 mntent* mentry; 232 while ((mentry = getmntent(fp.get())) != nullptr) { 233 if (dump) { 234 LOG(INFO) << "mount entry " << mentry->mnt_fsname << ":" << mentry->mnt_dir << " opts " 235 << mentry->mnt_opts << " type " << mentry->mnt_type; 236 } else if (MountEntry::IsBlockDevice(*mentry) && hasmntopt(mentry, "rw")) { 237 std::string mount_dir(mentry->mnt_dir); 238 // These are R/O partitions changed to R/W after adb remount. 239 // Do not umount them as shutdown critical services may rely on them. 240 if (mount_dir != "/" && mount_dir != "/system" && mount_dir != "/vendor" && 241 mount_dir != "/oem") { 242 blockDevPartitions->emplace(blockDevPartitions->begin(), *mentry); 243 } 244 } else if (MountEntry::IsEmulatedDevice(*mentry)) { 245 emulatedPartitions->emplace(emulatedPartitions->begin(), *mentry); 246 } 247 } 248 return true; 249 } 250 251 static void DumpUmountDebuggingInfo(bool dump_all) { 252 int status; 253 if (!security_getenforce()) { 254 LOG(INFO) << "Run lsof"; 255 const char* lsof_argv[] = {"/system/bin/lsof"}; 256 android_fork_execvp_ext(arraysize(lsof_argv), (char**)lsof_argv, &status, true, LOG_KLOG, 257 true, nullptr, nullptr, 0); 258 } 259 FindPartitionsToUmount(nullptr, nullptr, true); 260 if (dump_all) { 261 // dump current tasks, this log can be lengthy, so only dump with dump_all 262 android::base::WriteStringToFile("t", "/proc/sysrq-trigger"); 263 } 264 } 265 266 static UmountStat UmountPartitions(std::chrono::milliseconds timeout) { 267 Timer t; 268 UmountStat stat = UMOUNT_STAT_TIMEOUT; 269 int retry = 0; 270 /* data partition needs all pending writes to be completed and all emulated partitions 271 * umounted.If the current waiting is not good enough, give 272 * up and leave it to e2fsck after reboot to fix it. 273 */ 274 while (true) { 275 std::vector<MountEntry> block_devices; 276 std::vector<MountEntry> emulated_devices; 277 if (!FindPartitionsToUmount(&block_devices, &emulated_devices, false)) { 278 return UMOUNT_STAT_ERROR; 279 } 280 if (block_devices.size() == 0) { 281 stat = UMOUNT_STAT_SUCCESS; 282 break; 283 } 284 if ((timeout < t.duration()) && retry > 0) { // try umount at least once 285 stat = UMOUNT_STAT_TIMEOUT; 286 break; 287 } 288 if (emulated_devices.size() > 0 && 289 std::all_of(emulated_devices.begin(), emulated_devices.end(), 290 [](auto& entry) { return entry.Umount(false); })) { 291 sync(); 292 } 293 for (auto& entry : block_devices) { 294 entry.Umount(timeout == 0ms); 295 } 296 retry++; 297 std::this_thread::sleep_for(100ms); 298 } 299 return stat; 300 } 301 302 static void KillAllProcesses() { android::base::WriteStringToFile("i", "/proc/sysrq-trigger"); } 303 304 /* Try umounting all emulated file systems R/W block device cfile systems. 305 * This will just try umount and give it up if it fails. 306 * For fs like ext4, this is ok as file system will be marked as unclean shutdown 307 * and necessary check can be done at the next reboot. 308 * For safer shutdown, caller needs to make sure that 309 * all processes / emulated partition for the target fs are all cleaned-up. 310 * 311 * return true when umount was successful. false when timed out. 312 */ 313 static UmountStat TryUmountAndFsck(bool runFsck, std::chrono::milliseconds timeout) { 314 Timer t; 315 std::vector<MountEntry> block_devices; 316 std::vector<MountEntry> emulated_devices; 317 318 TurnOffBacklight(); // this part can take time. save power. 319 320 if (runFsck && !FindPartitionsToUmount(&block_devices, &emulated_devices, false)) { 321 return UMOUNT_STAT_ERROR; 322 } 323 324 UmountStat stat = UmountPartitions(timeout - t.duration()); 325 if (stat != UMOUNT_STAT_SUCCESS) { 326 LOG(INFO) << "umount timeout, last resort, kill all and try"; 327 if (DUMP_ON_UMOUNT_FAILURE) DumpUmountDebuggingInfo(true); 328 KillAllProcesses(); 329 // even if it succeeds, still it is timeout and do not run fsck with all processes killed 330 UmountStat st = UmountPartitions(0ms); 331 if ((st != UMOUNT_STAT_SUCCESS) && DUMP_ON_UMOUNT_FAILURE) DumpUmountDebuggingInfo(false); 332 } 333 334 if (stat == UMOUNT_STAT_SUCCESS && runFsck) { 335 // fsck part is excluded from timeout check. It only runs for user initiated shutdown 336 // and should not affect reboot time. 337 for (auto& entry : block_devices) { 338 entry.DoFsck(); 339 } 340 } 341 return stat; 342 } 343 344 void DoReboot(unsigned int cmd, const std::string& reason, const std::string& rebootTarget, 345 bool runFsck) { 346 Timer t; 347 LOG(INFO) << "Reboot start, reason: " << reason << ", rebootTarget: " << rebootTarget; 348 349 android::base::WriteStringToFile(StringPrintf("%s\n", reason.c_str()), LAST_REBOOT_REASON_FILE, 350 S_IRUSR | S_IWUSR, AID_SYSTEM, AID_SYSTEM); 351 352 bool is_thermal_shutdown = false; 353 if (cmd == ANDROID_RB_THERMOFF) { 354 is_thermal_shutdown = true; 355 runFsck = false; 356 } 357 358 auto shutdown_timeout = 0ms; 359 if (!SHUTDOWN_ZERO_TIMEOUT) { 360 if (is_thermal_shutdown) { 361 constexpr unsigned int thermal_shutdown_timeout = 1; 362 shutdown_timeout = std::chrono::seconds(thermal_shutdown_timeout); 363 } else { 364 constexpr unsigned int shutdown_timeout_default = 6; 365 auto shutdown_timeout_property = android::base::GetUintProperty( 366 "ro.build.shutdown_timeout", shutdown_timeout_default); 367 shutdown_timeout = std::chrono::seconds(shutdown_timeout_property); 368 } 369 } 370 LOG(INFO) << "Shutdown timeout: " << shutdown_timeout.count() << " ms"; 371 372 // keep debugging tools until non critical ones are all gone. 373 const std::set<std::string> kill_after_apps{"tombstoned", "logd", "adbd"}; 374 // watchdogd is a vendor specific component but should be alive to complete shutdown safely. 375 const std::set<std::string> to_starts{"watchdogd"}; 376 ServiceManager::GetInstance().ForEachService([&kill_after_apps, &to_starts](Service* s) { 377 if (kill_after_apps.count(s->name())) { 378 s->SetShutdownCritical(); 379 } else if (to_starts.count(s->name())) { 380 s->Start(); 381 s->SetShutdownCritical(); 382 } else if (s->IsShutdownCritical()) { 383 s->Start(); // start shutdown critical service if not started 384 } 385 }); 386 387 Service* bootAnim = ServiceManager::GetInstance().FindServiceByName("bootanim"); 388 Service* surfaceFlinger = ServiceManager::GetInstance().FindServiceByName("surfaceflinger"); 389 if (bootAnim != nullptr && surfaceFlinger != nullptr && surfaceFlinger->IsRunning()) { 390 ServiceManager::GetInstance().ForEachServiceInClass("animation", [](Service* s) { 391 s->SetShutdownCritical(); // will not check animation class separately 392 }); 393 } 394 395 // optional shutdown step 396 // 1. terminate all services except shutdown critical ones. wait for delay to finish 397 if (shutdown_timeout > 0ms) { 398 LOG(INFO) << "terminating init services"; 399 400 // Ask all services to terminate except shutdown critical ones. 401 ServiceManager::GetInstance().ForEachService([](Service* s) { 402 if (!s->IsShutdownCritical()) s->Terminate(); 403 }); 404 405 int service_count = 0; 406 // Only wait up to half of timeout here 407 auto termination_wait_timeout = shutdown_timeout / 2; 408 while (t.duration() < termination_wait_timeout) { 409 ServiceManager::GetInstance().ReapAnyOutstandingChildren(); 410 411 service_count = 0; 412 ServiceManager::GetInstance().ForEachService([&service_count](Service* s) { 413 // Count the number of services running except shutdown critical. 414 // Exclude the console as it will ignore the SIGTERM signal 415 // and not exit. 416 // Note: SVC_CONSOLE actually means "requires console" but 417 // it is only used by the shell. 418 if (!s->IsShutdownCritical() && s->pid() != 0 && (s->flags() & SVC_CONSOLE) == 0) { 419 service_count++; 420 } 421 }); 422 423 if (service_count == 0) { 424 // All terminable services terminated. We can exit early. 425 break; 426 } 427 428 // Wait a bit before recounting the number or running services. 429 std::this_thread::sleep_for(50ms); 430 } 431 LOG(INFO) << "Terminating running services took " << t 432 << " with remaining services:" << service_count; 433 } 434 435 // minimum safety steps before restarting 436 // 2. kill all services except ones that are necessary for the shutdown sequence. 437 ServiceManager::GetInstance().ForEachService([](Service* s) { 438 if (!s->IsShutdownCritical()) s->Stop(); 439 }); 440 ServiceManager::GetInstance().ReapAnyOutstandingChildren(); 441 442 // 3. send volume shutdown to vold 443 Service* voldService = ServiceManager::GetInstance().FindServiceByName("vold"); 444 if (voldService != nullptr && voldService->IsRunning()) { 445 ShutdownVold(); 446 voldService->Stop(); 447 } else { 448 LOG(INFO) << "vold not running, skipping vold shutdown"; 449 } 450 // logcat stopped here 451 ServiceManager::GetInstance().ForEachService([&kill_after_apps](Service* s) { 452 if (kill_after_apps.count(s->name())) s->Stop(); 453 }); 454 // 4. sync, try umount, and optionally run fsck for user shutdown 455 sync(); 456 UmountStat stat = TryUmountAndFsck(runFsck, shutdown_timeout - t.duration()); 457 // Follow what linux shutdown is doing: one more sync with little bit delay 458 sync(); 459 if (!is_thermal_shutdown) std::this_thread::sleep_for(100ms); 460 LogShutdownTime(stat, &t); 461 // Reboot regardless of umount status. If umount fails, fsck after reboot will fix it. 462 RebootSystem(cmd, rebootTarget); 463 abort(); 464 } 465 466 bool HandlePowerctlMessage(const std::string& command) { 467 unsigned int cmd = 0; 468 std::vector<std::string> cmd_params = android::base::Split(command, ","); 469 std::string reboot_target = ""; 470 bool run_fsck = false; 471 bool command_invalid = false; 472 473 if (cmd_params.size() > 3) { 474 command_invalid = true; 475 } else if (cmd_params[0] == "shutdown") { 476 cmd = ANDROID_RB_POWEROFF; 477 if (cmd_params.size() == 2 && cmd_params[1] == "userrequested") { 478 // The shutdown reason is PowerManager.SHUTDOWN_USER_REQUESTED. 479 // Run fsck once the file system is remounted in read-only mode. 480 run_fsck = true; 481 } 482 } else if (cmd_params[0] == "reboot") { 483 cmd = ANDROID_RB_RESTART2; 484 if (cmd_params.size() >= 2) { 485 reboot_target = cmd_params[1]; 486 // When rebooting to the bootloader notify the bootloader writing 487 // also the BCB. 488 if (reboot_target == "bootloader") { 489 std::string err; 490 if (!write_reboot_bootloader(&err)) { 491 LOG(ERROR) << "reboot-bootloader: Error writing " 492 "bootloader_message: " 493 << err; 494 } 495 } 496 // If there is an additional bootloader parameter, pass it along 497 if (cmd_params.size() == 3) { 498 reboot_target += "," + cmd_params[2]; 499 } 500 } 501 } else if (command == "thermal-shutdown") { // no additional parameter allowed 502 // run_fsck is false to avoid delay 503 cmd = ANDROID_RB_THERMOFF; 504 } else { 505 command_invalid = true; 506 } 507 if (command_invalid) { 508 LOG(ERROR) << "powerctl: unrecognized command '" << command << "'"; 509 return false; 510 } 511 512 LOG(INFO) << "Clear action queue and start shutdown trigger"; 513 ActionManager::GetInstance().ClearQueue(); 514 // Queue shutdown trigger first 515 ActionManager::GetInstance().QueueEventTrigger("shutdown"); 516 // Queue built-in shutdown_done 517 auto shutdown_handler = [cmd, command, reboot_target, 518 run_fsck](const std::vector<std::string>&) { 519 DoReboot(cmd, command, reboot_target, run_fsck); 520 return 0; 521 }; 522 ActionManager::GetInstance().QueueBuiltinAction(shutdown_handler, "shutdown_done"); 523 524 // Skip wait for prop if it is in progress 525 ResetWaitForProp(); 526 527 // Skip wait for exec if it is in progress 528 if (ServiceManager::GetInstance().IsWaitingForExec()) { 529 ServiceManager::GetInstance().ClearExecWait(); 530 } 531 532 return true; 533 } 534 535 } // namespace init 536 } // namespace android 537