Develop Bugs

Kernel scheduler tweaks (non-BFS)

First, let me say I am deeply sorry to open yet another thread on this subject. But I have made some investigations of my own and would like to make some clarifications which I think should not be buried on page 6 of some long thread....
This thread continues the discussion started by these threads:
http://forum.xda-developers.com/showthread.php?t=689829
http://forum.xda-developers.com/showthread.php?t=785988
From what I gather there about 5 different parameters which are purposed for tweaking:
- NEW_FAIR_SLEEPERS (default ON) - This is about the only parameter which I do feel some difference when disabling it (on Floyo 0.8) and for the worse. Hence currently I intend to leave it on.
- NORMALIZED_SLEEPER (default ON) - I found various recommendations to turn this off. I don't feel much difference but maybe there is a slight improvement. Currently I intend to turn it off.
- sched_latency_ns:
* Targeted preemption latency for CPU-bound tasks:
* (default: 20ms * (1 + ilog(ncpus)), units: nanoseconds)
*
* NOTE: this latency value is not the same as the concept of
* 'timeslice length' - timeslices in CFS are of variable length
* and have no persistent notion like in traditional, time-slice
* based scheduling concepts.
*
* (to see the precise effective timeslice length of your workload,
* run vmstat and monitor the context-switches (cs) field)
- sched_min_granularity_ns -
* Minimal preemption granularity for CPU-bound tasks:
* (default: 4 msec * (1 + ilog(ncpus)), units: nanoseconds)
- sched_wakeup_granularity_ns (not sure if this one was mentioned in previous threads but also related)
* SCHED_OTHER wake-up granularity.
* (default: 5 msec * (1 + ilog(ncpus)), units: nanoseconds)
*
* This option delays the preemption effects of decoupled workloads
* and reduces their over-scheduling. Synchronous workloads will still
* have immediate wakeup/sleep latencies.
Note the descriptions are from the kernel sources and default values are a bit different and also dependent on the init.rc in the ramdisk which is dependent on the ROM.
I tryed to play with the last 3 parameters in a very wide range and did not feel much difference. Based on my experience and searches over these forums and such I currently have these values:
sched_latency_ns 5000000
sched_wakeup_granularity_ns 1000000
sched_min_granularity_ns 1000000
They are somewhat arbitrary and if someone can bring up a scenario where the difference is noticeable I will happy to hear it.
Some technical notes:
- I have seen this "numerical" tweak in multiple places:
kernel.sched_features = 24188
This is not smart using a numerical value, as there are some new backports which I would like to incorporate into my kernel and they actually change the "correct" numerical value here.
The preferred way to tweak these settings was brought by androcheck here. Just a reminder:
Code:
# Step 1: Mount debugfs (which is a virtual filesystem like /proc/ or /sys/)
mount -t debugfs none /sys/kernel/debug
# Step 2 (optional): Display the current scheduler flags
cat /sys/kernel/debug/sched_features
# Step 3: Set the flag NO_NEW_FAIR_SLEEPERS
echo "NO_NEW_FAIR_SLEEPERS" > /sys/kernel/debug/sched_features
# Step 4: Unmount debugfs again
umount /sys/kernel/debug
I would actually skip the unmounting step since it doesn't bother to have it there and then you can play with the different parameters at /sys/kernel/debug directly.
I would like to emphasize my point about the kernel features tweaking, using an example with my current settings (only NORMALIZED_SLEEPER disabled):
Code:
# mount -t debugfs none /sys/kernel/debug
# echo NO_NORMALIZED_SLEEPER > /sys/kernel/debug/sched_features
# cat /sys/kernel/debug/sched_features | sed "s/ /\n/g"
NEW_FAIR_SLEEPERS
NO_NORMALIZED_SLEEPER
WAKEUP_PREEMPT
START_DEBIT
AFFINE_WAKEUPS
CACHE_HOT_BUDDY
SYNC_WAKEUPS
NO_HRTICK
NO_DOUBLE_TICK
ASYM_GRAN
LB_BIAS
LB_WAKEUP_UPDATE
ASYM_EFF_LOAD
NO_WAKEUP_OVERLAP
LAST_BUDDY
# cat /proc/sys/kernel/sched_features
24189
So I would highly recommend tweaking the sched_features only through the /sys/kernel/debug/sched_features where you actually know what you are doing.
Then to make it permanent you can grab the numerical value from /proc/sys/kernel/sched_features and write it, for example, to the sysctl.conf.
- One final technical note: f_padia in his post here detailed nicely how to make the changes permanent using sysctl.conf.
I find sysctl also very useful for temporary tweaking of the values, for example:
Code:
sysctl -w kernel.sched_latency_ns=5000000
sysctl -w kernel.sched_min_granularity_ns=1000000
sysctl -w kernel.sched_wakeup_granularity_ns=1000000
Alternatively you could also write them to the appropriate "file" at /proc/sys/kernel. Both these methods do not require the mount of the debug_fs but neither gives you the literal interface to the kernel features (which the debug_fs does - see above).

Removed the part about the OWNER_SPIN, apparently was using an experimental version of my kernel which has an additional OWNER_SPIN sched_feature which makes the numerical value of 24188 incorrect.
Most likely you have no idea what I am talking this was just one epic fail on my side - you can ignore it. Just read the first post it is now updated.

looks nice.. will give it a go

Thanks for your research and additional information to this topic!

this IS excellent work.. on my 2.1 dext these hacks, included in one .sh in init.d then chmod +x, improved a lot speed and I can even think there's a faster boot
you all rule man!

[Driver] Asix AX88772 kernel module (USB Ethernet)

Hello, this is my first dev posting, so let me know if there is anything missing...
I have a Samsung Galaxy SIII S3 SGH-I747M (Bell) with Jelly Bean 4.1.1 kernel 3.0.31 (stock rooted, root66_BMC_I747MVLDLK4.7z). I also have an Asix USB LAN adapter (from monoprice) + USB OTG cable which did not work out of the box... but i am a software engineer... so I made it work. The process below should work for other carriers / modules if you find the proper kernel source. Compiling latest drivers directly from Asix is the best method... Read that part first!
Read the README that comes with your kernel source, you may need a different compiler! https://github.com/AdiPat/Android_Toolchains is where I got mine...
Details about the Asix AX88772 USB lan RJ45 adapter chipset can be found here:
http://www.asix.com.tw/products.php?op=pItemdetail&PItemID=86;71;101
You can skip to "Usage instructions" section and download pre-compiled modules, if you have identical kernel + phone
built from SGH-I747M_BMC_JB_Opensource.zip (I747MVLDLK4, my phone) + latest Asix driver, works great!!!
https://www.dropbox.com/sh/3lrhwdf2vxe5z90/Hr3-nYX4Ff​
built from SGH-I747M_BMC_JB_Opensource.zip (I747MVLDLK4, my phone) stock kernel driver, 'insmod's, but 'ping' is flaky?
https://www.dropbox.com/sh/u068760ytpsn0k1/3di6Wg44ja​
built from GT-I930_JB_Opensource_Update7.zip (I9300XXELLA, requested by gingerneil), stock kernel driver, works great!!!
https://www.dropbox.com/sh/5emvafthv061fp6/BKcakiOie8​
built from GT-I930_JB_Opensource_Update8.zip (EMR2, requested by gingerneil), stock kernel driver, untested
https://www.dropbox.com/sh/rmc1n4yxckg01zy/a2V5hvIp20​
built from Cyanogenmod 10 for i9300, git commit 43aaedbcde478c8e032771d62a1956133b29b1d4, untested
https://www.dropbox.com/sh/n1tdiap4pi2vzm8/TKAj_lChXA​
built from Android 4.1.1 for Galaxy Tab 2 (GT-P5110) kernel 3.0.31-523998, contact 'patelkes' if you have questions.
https://www.dropbox.com/sh/r0zkg5do2n3lyg3/fWWyhsz2qy​
built from Android 4.? for Xperia Tablet Z ROM (10.3.1.C.0.136), contact 'kristouf666' if you have questions.
https://www.dropbox.com/sh/nxqo1ipkbojakls/eDLHXJzl5s​
built from Cyanogenmod 10.1.3 for SGH-i747m, git commit ?
Work in progress​
Build environment setup:
-Get root access on a Ubuntu Natty (11.04) or similar linux build machine / virtual machine
-Install standard unix compiler tools
apt-get install build-essential​-Install library for menuconfig
apt-get install libncurses5-dev​-Install lzop (android compression util)
apt-get install lzop​-Install git
apt-get install git​-Download Android toolchains using git
cd /root
git clone https://github.com/AdiPat/Android_Toolchains.git​-Download samsung kernel SGH-I747M_BMC_JB_Opensource.zip (international model, etc, also available)... Or download your 3rd party Cyanogenmod,etc kernel SOURCE instead.
-Extract to /root/kernel
mkdir /root/kernel
cd /root/kernel
unzip SGH-I747M_BMC_JB_Opensource.zip​-Set path so Android compiler can be found
export CROSS_COMPILE=/root/Android_Toolchains/arm-eabi-4.4.3/bin/arm-eabi-​**EDIT: newer kernels, such as Cyanogenmod 10.2.1, use this
export CROSS_COMPILE=/root/Android_Toolchains/arm-eabi-4.6/bin/arm-eabi-​
Compiling built-in kernel modules: (left for documentation sake, the better method is "Compiling latest drivers directly from Asix")
-Generate '.config' file in kernel folder (replace 'm2_att_defconfig' with name of file in 'arch\arm\configs\')
make arch=arm m2_att_defconfig​-Modify kernel config to include Asix module and usbnet module
make menuconfig
[Navigate using arrow keys and enter]
Device Drivers ->
Network device support ->
USB Network Adapters ->
Multi-Purpose USB Networking Framework ->
[PRESS SPACEBAR until an M appears on the left]
[M] Multi-purpose USB Networking Framework
[M] ASIX AX88xxx Based USB 2.0 Ethernet Adapters​
For reference here is the help info for the 2 options that are now set to 'M'
-Compile modules, where 2 is the number of CPU cores you have (speeds it up)
make -j2 && make -j2 modules​-Once finished, grab your modules
/root/kernel/drivers/net/usb/usbnet.ko
/root/kernel/drivers/net/usb/asix.ko​
Usage instructions:
-Use a root explorer such as ES File manager
Mount /system as rw in ES File manager root settings
copy asix.ko and usbnet.ko to /system/lib/modules/​-Use a terminal emulator / adb shell to load modules (asix depends on usbnet, so load usbnet first)
su
cd /system/lib/modules
insmod usbnet.ko
insmod asix.ko​-If there are errors, run 'dmesg' and see section called "Insmod errors"
-If there are no errors, you should see 'eth0' in 'netcfg'
-'lsmod' lists modules loaded
-Connect your USB ethernet adapter to an ethernet network
-netcfg should show eth0 as connected
-Setup ethernet settings, if you want static address, for typical internet router at 192.168.1.1
ifconfig eth0 192.168.1.100 netmask 255.255.255.0
route add default gw 192.168.1.1 dev eth0
setprop net.dns1 192.168.1.1
ip addr show
ip route show​-Setup ethernet settings, if you want automatic dhcp address
dhcpcd eth0​-If you want one-click enable of your USB, see section "usbnet widget"
Insmod errors:
exec format error : wrong compiler / wrong kernel source / wrong phone
init_module failed usbnet.ko (file exists) : module already loaded or built into kernel
no such file or directory : run dmesg immediately after attempt... you are missing module dependency
can't open usbnet.ko : are you root?​
usbnet widget
Install Smanager
Download my usbnet script http://pastebin.com/zQRQ6Kdj
Use a quality notepad editor such as notepad ++ to edit, ensure line endings are "Unix"
Place in /system/lib/modules/usbnet *cannot be on sdcard, as sdcard is a windows filesystem*
In terminal emulator / adb: "chmod 777 /system/lib/modules/usbnet"
Open Smanager
-Menu -> Scripts
-Menu -> Browser -> /system/lib/modules/usbnet
-Ensure "Fav", "SU" and "is executable" are checked and give it a name 'usbnet', press save.
On homescreen, add widget, Smanager, pick your script 'usbnet'
You now have 1 click access to loading the modules, setting IP address, and testing connectivity to your router.​
GT-9300 differences (thanks gingerneil)
Kernel source
GT-I930_JB_Opensource_Update7.zip​
While building the kernel, the make config step is different
make arch=arm m0_00_defconfig​
There is a third module built,
/root/kernel/drivers/net/mii.ko​
Usage instructions, new order of operations
insmod mii.ko
insmod usbnet.ko
insmod asix.ko​
/system/lib/modules is not persistent on this phone, instead store modules + usbnet script
/system/media​
Compiling latest drivers directly from Asix
For some reason on my phone the stock kernel asix module did not work 100%.
I could insmod both modules, and using Wireshark, I verified my computer was receiving 'ping' packets, but the phone wasn't getting any 'ping reply' packets. This latest Asix driver works perfectly for me.
UPDATE:: http://www.asix.com.tw/FrootAttach/...0_772_178_LINUX_DRIVER_v4.13.0_Source.tar.bz2 is available, but I have not tried it!
Follow "Environment setup" above
Code:
cd kernel_src_folder
Generate kernel '.config' file (replace 'm2_att_defconfig' with name of file in 'arch\arm\configs\')
Code:
make arch=arm m2_att_defconfig
Code:
mkdir /root/asix && cd /root/asix
Code:
wget http://www.asix.com.tw/FrootAttach/driver/AX88772B_772A_760_772_178_LINUX_Driver_v4.4.1_Source.zip
Code:
unzip AX88772B_772A_760_772_178_LINUX_Driver_v4.4.1_Source.zip
Code:
rm -rf Makefile
# we are replacing the Makefile with a new one.... if you edit, ensure indents = TABS
Code:
wget [url]http://pastebin.com/raw.php?i=4xLxksX3[/url] -O Makefile
Code:
CROSS_COMPILE=/root/Android_Toolchains/arm-eabi-4.4.3/bin/arm-eabi- make
**EDIT: newer kernels, such as Cyanogenmod 10.2.1, use this
Code:
CROSS_COMPILE=/root/Android_Toolchains/arm-eabi-4.6/bin/arm-eabi- make
Follow the "usage instructions" above, but since this is an "all-in-one" module, remove references to 'usbnet' ​
Other informational Links
Thanks to viulian for his inspirational post here in regards to compiling external module.
If you want to compare your phone's kernel configuration to the one in the download source from Samsung, read this post:
To see the list of loadable and built-in modules, see this.
More information about compiling kernel modules / asix / other usb chipsets / other devices
Did you know that Asix now manages Moschip products? Looking for MCS7830 drivers?
Thanks to zhlvf for pointing this , there is a way to hack android to think Wifi is connected when an USB ethernet is plugged in... (solves issues in some apps, like google play / market, which ignore USB ethernet as a valid connection).
Make errors documentation
Model number and version code explanation (how to tell which samsung.opensource.com zip file to download)
https://www.kernel.org/doc/Documentation/kbuild/modules.txt
To get the active .config from a Cyanogen mod android,
Code:
adb pull /proc/config.gz

kevinf28 said:
Usage instructions:
-Use a root explorer such as ES File manager
Mount /system as rw in ES File manager root settings
copy asix.ko and usbnet.ko to /system/lib/modules/​-Use a terminal emulator / adb shell to load modules (asix depends on usbnet, so load usbnet first)
su
cd /system/lib/modules
insmod usbnet.ko
insmod asix.ko​-If there are errors, run 'dmesg'
-If there are no errors, you should see 'eth0' in 'netcfg'
-Connect your USB ethernet adapter to an ethernet network
-netcfg should show eth0 as connected
-Setup ethernet settings, if you want static address, for typical internet router at 192.168.1.1
ifconfig eth0 192.168.1.100 netmask 255.255.255.0
route add default gw 192.168.1.1 dev eth0
setprop net.dns1 192.168.1.1​-Setup ethernet settings, if you want automatic dhcp address
dhcpd eth0​
Click to expand...
Click to collapse
Hi,
I have tried to insert your modules (I have the 3.0.31 kernel on the international S3) - but I get "exec format error". This is after placing your files in right place, and running under root through terminal emulator. Any idea why I am getting this error, and how to get around it ?

gingerneil said:
Hi,
I have tried to insert your modules (I have the 3.0.31 kernel on the international S3) - but I get "exec format error". This is after placing your files in right place, and running under root through terminal emulator. Any idea why I am getting this error, and how to get around it ?
Click to expand...
Click to collapse
Unfortunately, you are not running an "identical" kernel. Linux is particularly fussy with kernel modules, it has to be a perfect match.
Android takes a generic 3.0.31 linux kernel and applies device specific patches. So my i747 3.0.31 kernel is not identical to your i9300 3.0.31.
I can build the modules for you, since I already have the environment setup. Please visit http://opensource.samsung.com/reception/receptionSub.do?method=search&searchValue=i9300 and let me know which one sounds correct..

kevinf28 said:
I can build the modules for you, since I already have the environment setup. Please visit http://opensource.samsung.com/reception/receptionSub.do?method=search&searchValue=i9300 and let me know which one sounds correct..
Click to expand...
Click to collapse
That would be fantastic - thanks. I am running the internation i9300 - so I would go with the top one -
GT-I9300_JB_Opensource_Update7.zip
But I'm not sure what may be different across the updates.
I assume that is doesnt matter which ROM I am running, and that a full Rom Manager backup would also backup my stock kernel ?

gingerneil said:
That would be fantastic - thanks. I am running the internation i9300 - so I would go with the top one -
GT-I9300_JB_Opensource_Update7.zip
But I'm not sure what may be different across the updates.
I assume that is doesnt matter which ROM I am running, and that a full Rom Manager backup would also backup my stock kernel ?
Click to expand...
Click to collapse
Kernel loadable modules are completely inert by themselves, so there is no need to worry about your phone bricking [but a backup never hurts].
If you build modules into the kernel itself on the other hand, its possible for the kernel to fail / panic / etc, so I don't plan on building any kernel packages.
Please see the OP for the 9300 modules. Hope they work! What is your full kernel version string and baseband version from "About Device" page?

kevinf28 said:
Kernel loadable modules are completely inert by themselves, so there is no need to worry about your phone bricking [but a backup never hurts].
If you build modules into the kernel itself on the other hand, its possible for the kernel to fail / panic / etc, so I don't plan on building any kernel packages.
Please see the OP for the 9300 modules. Hope they work! What is your full kernel version string and baseband version from "About Device" page?
Click to expand...
Click to collapse
It's giving a ' no such file or directory' error - even though the files are there and I'm running insmod from the dir as su. See terminal screen shot. thanks for the help!

Re: [Driver] Asix AX88772 kernel module
I updated the OP with insmod errors
It does look like GT-I9300_JB_Opensource_Update7.zip JB 4.1.2 matches your I9300XXELLA baseband version.
http://www.androidgalaxys.net/news-...gente-samsung-per-galaxy-s3-di-android-4-1-2/
http://www.androidgalaxys.net/appro...punto-esclamativo-rosso-come-nuovo-controllo/

kevinf28 said:
I updated the OP with insmod errors
It does look like GT-I9300_JB_Opensource_Update7.zip JB 4.1.2 matches your I9300XXELLA baseband version.
http://www.androidgalaxys.net/news-...gente-samsung-per-galaxy-s3-di-android-4-1-2/
http://www.androidgalaxys.net/appro...punto-esclamativo-rosso-come-nuovo-controllo/
Click to expand...
Click to collapse
Thanks - so it looks like I have some module dependancy issues. I'll take a look at dmesg and see whats going on. Seems strange though, if the zip does match everything...
Maybe I should go back to a stock ROM as I am currently running a de-odexed stock.

gingerneil said:
Thanks - so it looks like I have some module dependancy issues. I'll take a look at dmesg and see whats going on. Seems strange though, if the zip does match everything...
Maybe I should go back to a stock ROM as I am currently running a de-odexed stock.
Click to expand...
Click to collapse
It may be something trival, perhaps there is a third module you need for the international version.. I can't load your modules to test them, I get the exec format error . In regular linux, ldd is an amazing tool to list all the module deps, but unfortunately, it doesn't work for ARM, and arm-eabi-ldd does not exist in my toolchain.
[Edit: I have edited the OP, I rebuilt the modules and they do have some binary differences... give them a try as well]

Just curious... what are you using the USB-LAN adapter for with the USB-OTG?

CZ Eddie said:
Just curious... what are you using the USB-LAN adapter for with the USB-OTG?
Click to expand...
Click to collapse
Work does not allow wifi. I want to be able to download stuff without using data.

kevinf28 said:
It may be something trival, perhaps there is a third module you need for the international version.. I can't load your modules to test them, I get the exec format error . In regular linux, ldd is an amazing tool to list all the module deps, but unfortunately, it doesn't work for ARM, and arm-eabi-ldd does not exist in my toolchain.
[Edit: I have edited the OP, I rebuilt the modules and they do have some binary differences... give them a try as well]
Click to expand...
Click to collapse
Thanks - I'll give them a go. I went back to stock LLA ROM and it still didnt work.
---------- Post added at 03:24 PM ---------- Previous post was at 03:22 PM ----------
CZ Eddie said:
Just curious... what are you using the USB-LAN adapter for with the USB-OTG?
Click to expand...
Click to collapse
I'd like to use it for syncing files from my server without having to dig out my laptop to piggy back of its ethernet. Films can take an age to copy over wifi compared to LAN.

Having another go at getting the modules in. I am setting up the environment with the aim of compiling with the modules in and flashing the full kernel rather than adding via insmod....

gingerneil said:
Having another go at getting the modules in. I am setting up the environment with the aim of compiling with the modules in and flashing the full kernel rather than adding via insmod....
Click to expand...
Click to collapse
Cool. README_Kernel.txt is important, the make configure step is slightly different.

kevinf28 said:
Cool. README_Kernel.txt is important, the make configure step is slightly different.
Click to expand...
Click to collapse
OK - will see how I get on. Any tips would be great, as this will be my first attempt at compiling! The only linux based system I have it a raspberry pi connected to my TV running raspbmc. Currently seems to be running through the steps ok though.

Dmesg log attached - couldnt see how to attach on a pm!

gingerneil said:
Dmesg log attached - couldnt see how to attach on a pm!
Click to expand...
Click to collapse
Easy one, you are missing the 'mii' module,
<4>[ 3929.962119] c1 usbnet: Unknown symbol mii_nway_restart (err 0)
<4>[ 3929.962173] c1 usbnet: Unknown symbol mii_link_ok (err 0)
<4>[ 3929.962225] c1 usbnet: Unknown symbol mii_ethtool_sset (err 0)
<4>[ 3929.962270] c1 usbnet: Unknown symbol mii_ethtool_gset (err 0)
The pastebin link http://pastebin.com/wNaBWvZG references "Selects: MII [=m]"
On my phone, it didn't complain about mii, so i didn't think it was needed
https://www.dropbox.com/sh/5emvafthv061fp6/BKcakiOie8 has mii.ko, so load that first, then usbnet, then asix.
I also updated the OP to include a usbnet widget for one click module loading... that script would have to be modified to include insmod mii.ko

kevinf28 said:
Easy one, you are missing the 'mii' module,
<4>[ 3929.962119] c1 usbnet: Unknown symbol mii_nway_restart (err 0)
<4>[ 3929.962173] c1 usbnet: Unknown symbol mii_link_ok (err 0)
<4>[ 3929.962225] c1 usbnet: Unknown symbol mii_ethtool_sset (err 0)
<4>[ 3929.962270] c1 usbnet: Unknown symbol mii_ethtool_gset (err 0)
The pastebin link http://pastebin.com/wNaBWvZG references "Selects: MII [=m]"
On my phone, it didn't complain about mii, so i didn't think it was needed
https://www.dropbox.com/sh/5emvafthv061fp6/BKcakiOie8 has mii.ko, so load that first, then usbnet, then asix.
I also updated the OP to include a usbnet widget for one click module loading... that script would have to be modified to include insmod mii.ko
Click to expand...
Click to collapse
Fantastic - mods loaded, will test when I get home. Thanks too for the widget script!

Mods loaded and ethernet up and running - brilliant!
Only one issue now - I can't get the script to persist after a reboot unless it's somewhere like /sdcard0/download or on the extsdcard. It just gets deleted. I then can't get it to execute from there as I can't change the permission. Need to keep fiddling to find something that works. Minor issue tho!

Do the mods persist in /system/lib/modules ?
What about /data? That is your sdcard as ext4.
If all else fails...have you tried remounting /system as read only to force writes to disk? (Cache issue)
Sent from my SGH-I747M using xda app-developers app

[dev][kernel][kexec]

Last Update : August, 19, 2014
Hi,
I'm still try to bypass the MMU protection.
I have fixe a lot of bug, like memory misalignment, bad adresses allocation, dtb correction, etc...
Last sources and binaries here :
kexec-tools V11.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2902912&stc=1&d=1408401794
kexec-tools binaries V11.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2902913&stc=1&d=1408401794
Sorry, i have always 13 sec reboot after new kernel boot.
"cpu_proc_fin" use a "mcr p15" to init cache and proc that cause freeze.
I try to find solution for that.
Last Update : June, 22, 2014
Hi,
My sources are horrible... but i give something new.
This kexec is for stock kernel only (tested on .757). I thinks theses sources work on other kernel too.
In "kexec-tools V10.zip", you have all my sources. It's highly recommended to mod them to have something OK.
In "kexec binaries.zip", you have binaries to install
=> "kexec_load.ko" and "procfs_rw.ko" must be placed in "/system/lib/modules" folder with "chmod 777"
=> "kexec" must be placed in /system/bin" folder with "chmod 777"
=> cd /system/lib/modules
=> insmod kexec_load.ko
For sources :
Mod and adapt all you want, it's free.
You have 2 scripts in Zip : "./compil-kexec" in "kexec-tools" folder to rebuild and send in device directly (install Adbtcp on device and send by tcp with : adb connect xxx.xxx.xxx.xxx) = work perfectly with me.
"scriptZ1" is for compil stock kernel or another kernel (doomlord kernel for eg)
You must rename "custom_final_files" folder after compil to "final_file" manually ; You can have guest kernel in "custom_final_files" and stock kernel in "final_files" for "kexec-tools" path ... Don't mix a guest and host kernel please ^^
I am tired... i let you test and say if it's ok for you...
Thank a lot to munjeni for his help.
kexec-tools V10.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2811994&stc=1&d=1403456181
kexec binaries.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2811995&stc=1&d=1403456181
Last Update : November, 23, 2013
Hi,
For few days now, i haven't no more kernel panic with my kexec.
I have fixed few stuffs into sources, and add a lot.
These adds are, to include a "dt.img" image file into kexec load process.
This image file is a "device_tree" image to match hardware to software.
So, i assume to don't include atags into boot process, but pass bootloader informations by this DT.
I have programmed a little scan memory to found dynamicly all magic tags, because i found 3 device_tree into memory (magic is "0xd00dfeed").
These 2 device_tree are echo from first and nice structure.
The boot process need to have informations from this DT, and need all informations to initialize hardware (no HDW initialisation by the kernel)
I must first fix issues ; Regroup zImage and dt.img into memory to load a solid bloc to kexec_load module to boot into, and second, fix an offset i can't explain, 0x800 in memory causing misalignment memory
Keep tuned..
Last Update : November, 17, 2013
Hi everybody,
My kexec-tools work for Sony Xperia Z1 stock kernel "3.4.0-perf"
This tools can work on all locked bootloader for all locked device, not only Sony or Z1 models.
This kexec-tools add a kexec_load kernel module (LKM) and use a driver to grant a communication between "kexec" user program and kexec_load.ko module
what is for ?
"kexec" user program load in memory a custom kernel in zImage format, but can load ".tar" image too
This user tool load ramdisk in memory if necessary
This tool is for this purpose only, and don't keep in memory the custom kernel at device reboot.
It is a "user" program, not a "kernel" extension... So, to really do the magic, we need the host kernel (stock sony locked kernel) have a kexec_load capability to reboot in a new gest kernel (custom kernel).
Infortuntly, stock kernel don't have kexec_load capability.
Sony have compiled his stock kernel without this option, and "standard" kexec-tools "need" this option to work.
To see all system call capability of kernel, you can run theses command :
Code:
echo 0 > /proc/sys/kernel/dmesg_restrict
echo 0 > /proc/sys/kernel/kptr_restrict
cat /proc/kallsyms
Do all grep you want here.
The "echo 0" "restrict" is here to unmask logical adresses to "system calls"
Like you can see, "__NR_kexec_load" capability isn't here.
To add kexec_load capability in stock locked kernel, we need to add manualy a kernel module wich add this function into the kernel.
Why ? Because the way to keep in memory a custom kernel need to know a lot of parameters, and keep a specific memory range alive at reboot.
Only kernel can do this.
All user program will be terminated at reboot.
"Standard" kexec_load.ko module use a method to implement the "__NR_kexec_load" function in system call table.
Since 2.6.0 kernel, linux for security reason, have locked in memory the "system_call_table" ; No more add or modification is authorized.
If kexec tool try to add a value, "kexec_load" for us, we causes a kernel panic, and reboot device.
For this reason, i have modify kexec user program and kexec_load module to implement a driver to talk to each other.
this driver replace syscall method, and we no more need to use a system call table.
For this reason, this tool is now compatible with modern kernel like our "3.4.0"
For this reason, this tool must work for other device (Xperia X, P, S, etc...) and another brand
For this reason, if kernel is locked, we can bootstrap to run a new kernel.
Installation
First, you can compil your own kexec tool
Here, sources : http://forum.xda-developers.com/attachment.php?attachmentid=2397299&stc=1&d=1384689174
And here, the binaries : http://forum.xda-developers.com/attachment.php?attachmentid=2397305&stc=1&d=1384689406
(it's not a cwm zip, i have no time to create an installer for now ; use "./compil-kexec" if you want an automatic install)
Install *.ko in /system/lib/modules
Install kexec and kdump in /system/bin
Grant with "chmod 777"
Unzip in kexec-tools folder
Install a toolchain (sudo apt-get install gcc-arm-linux-gnueabi)
launch => ./compil-kexec
what's all
This script can do everythinks for you
- Compilation of tools
- Compilation of modules
- installation in device
This script can compil for every brand you have.
Except you must remove or adapt the patch (see below why)
Patch ??
This patch is because a module must be compiled in the same time the kernel himself.
For this reason a "vermagic", an identifier, is used by system to block every module not compil with kernel
Some custom kernel bypass this to authorize every modules.
But for stock kernel, it is not allowed.
You can easely strapp this by busybox.
"busybox modprobe" for help
"-f" to force load without vermagic
To see this vermagic :
Code:
# uname -r
This "uname -r" must be the same that
Code:
# strings kexec_load.ko | grep vermagic
vermagic=3.4.0-perf-g66807d4-02450-g9a218f1 SMP preempt mod_unload modversions ARMv7
If you want use automaticaly this vermagic, you can modify into the custom kernel this file :
Code:
"include/config/kernel.release" and add :
"3.4.0-perf-g66807d4-02450-g9a218f1"
This file will be use at module compil to match the vermagic.
Infortunatly, it is not enought. :silly:
The infamous "no symbol version for module_layout"
When a module compil is created, it use symbols link to system call function, translate by adresses
Theses symbols are not at same physical adresses in stock kernel and modules (compiled from DooMLoRD kernel).
So, theses adresses must be convert into modules itself to match with stock symbols adress.
A patch is needed.
If you use my script, modules are automatically patched.
Here patches :
Code:
sed -i 's/\x32\x76\x86\x29/\x72\xFF\x5E\x20/' procfs_rw.ko
sed -i 's/\x32\x76\x86\x29/\x72\xFF\x5E\x20/' kexec_load.ko
sed -i 's/\xBB\xD0\xF8\x4D/\x0E\x1C\x63\x77/' kexec_load.ko
sed -i 's/\xA6\x26\x81\x1A/\xD4\x56\x02\x7E/' kexec_load.ko
sed -i 's/\xA3\xD1\xEC\x96/\xEC\x43\x28\x1A/' kexec_load.ko
sed -i 's/\x8C\xE6\x6A\x5F/\x3D\xDF\x02\xF2/' kexec_load.ko
sed -i 's/\x3E\xF3\xEF\xE9/\x18\x7F\xA6\x8A/' kexec_load.ko
sed -i 's/\x8B\xD2\x92\x10/\xC8\x19\x08\x9C/' kexec_load.ko
sed -i 's/\x1C\xE8\x18\xE1/\x7C\x71\x9E\xEF/' kexec_load.ko
sed -i 's/\xAB\x2C\x2F\x8B/\x8E\xD7\x63\xC0/' kexec_load.ko
sed -i 's/\xF5\x62\xAA\x4B/\x34\x80\x1B\x74/' kexec_load.ko
sed -i 's/\x00\x52\xD6\xD7/\x6F\x80\x91\x20/' kexec_load.ko
sed -i 's/\x4F\x77\x57\x6A/\x0C\x57\xC7\x63/' kexec_load.ko
sed -i 's/\xCA\x2F\x65\x71/\x92\xB8\x7F\x53/' kexec_load.ko
sed -i 's/\x0F\xD0\xA0\x91/\xFA\x80\x15\xB4/' kexec_load.ko
sed -i 's/\x29\xA0\x6D\x48/\x6C\x6B\x96\x54/' kexec_load.ko
sed -i 's/\x6D\x1F\x1F\x37/\xCC\x5E\x79\x8B/' kexec_load.ko
sed -i 's/\xFD\x23\xD0\xFB/\xE3\xE3\x68\x52/' kexec_load.ko
You can use hexedit or hexdump to see these adresses :
Code:
hexdump kexec_load.ko | grep ff72
0003d50 b0b0 80ac ff72 205e 6f6d 7564 656c 6c5f
how does it work ?
# kexec --help
For kexec help... nothing more to say.
# lsmod
List loaded modules... You must see
kexec_load 31369 0 - Live 0x00000000 (O)
# rmmod kexec_load.ko
Remove kexec_load module from memory.
# grep kexec /proc/device
To see installed driver.
You must see :
100 kexec_driver
First number is "major" number to identify your driver in system.
# mknod /dev/kexec_driver c 100 0
Install driver.
Major number (here 100), is important for module.
This Major must be the same between module and driver.
By default, 100 is used.
# insmod kexec_load.ko
To install "LKM", kexec_load kernel module.
If another Major is needed, you can use "insmod kexec_load.ko 101" for Major 101
You can use "modprob" if you want, but you must configure the module folder.
How kexec and module exchange informations ?
By the driver.
Normal output for a kernel module is to write in "dmsg" file.
To see kernel output, launch this command :
Code:
# dmesg
To see last kernel log, see in :
Code:
# cat /proc/last_kmsg
For kexec module, this normal way still exist, and give a lot of informations, but to speak with, you must use the driver.
/dev/kexec_driver
You can yourself test communication:
Code:
# cat /dev/kexec_driver
You can send kernel by this communication channel.
Type following commands for help
=> echo help >/dev/kexec_driver
=> dmesg | grep Kexec
Code:
# echo help >/dev/kexec_driver
# cat /dev/kexec_driver
Last command : 'help'
Please type following command :
=> dmesg|grep Kexec
Every command send into driver is receive by kexec_load.ko module and running into the kernel.
The answer can by read thru the driver
Here, you can see that normal way to see messages is allway dmesg.
Code:
# dmesg|grep Kexec
<4>[15050.521628] Kexec: Starting kexec_module...
<6>[15050.521656] Kexec: kexec_driver_contener allocation
<6>[15050.521673] Kexec: kexec_memory_buffer allocation
<4>[15050.521691] Kexec:----------------------------------------------------
<4>[15050.521710] Kexec: kexec_driver created with major : '100'
<4>[15050.521728] Kexec: Please, prepare by typing the following commands :
<4>[15050.521746] Kexec: => mknod /dev/kexec_driver c 100 0
<4>[15050.521761] Kexec: => cat /dev/kexec_driver
<4>[15050.521775] Kexec:-----------------------------------------------------
<4>[15050.521791] Kexec: For help
<4>[15050.521803] Kexec: => echo help >/dev/kexec_driver
(...)
I have add a lot of informations to help to configure kexec.
rdtags, atags ??
Not sure for this part of kernel.
"atags" is the most used method to bootloader to parse commands and informations to kernel at boot.
"atags" is a form of structure in memory to organise informations.
At boot, a address chain is created and can be compulse in /proc/atags file.
This file is read only system.
"rdtags" is another way to bootloader to parse information to kernel.
"rdtags" is not stocked in "/proc"
But, as i see, stock kernel can use "atags" from bootloader.
kexec can substitute bootloader function to create fromscratch a atags chain, and parse to new kernel.
I have change this part to stock atags in "/data/atags", and reuse or change if need.
If this don't work, i must create a rdtags chain to replace atags ; It's not a hard work.
Status
For the moment, kexec tools works.
=> Phase one OK.
I can start Phase Two : new kernel patch.
If you want to help me...
Actually, load a custom kernel and boot into with kexec tools work.
But at boot into, a kernel panic occurs.
It seems, a part of kexec patch is missing in custom kernel.

Hi new thread created for kernel kexec development.
Status: not working: wrong values for mem defines under the kernel is giving segmentation fault as its attempting to write to memory areas that are currently being used byyyyy the system
Instructions:
Make kernel compatible?:
1. Download kernel diff patch from below
2. Terminal - diff patch > diff.txt
How to use:
1. Download kexec-tools (kexec binary) from below
2. Copy into system/bin directory and give it executable permission
3. Download compatible kernel
4. Terminal - kexec --load-hardboot zImage --initrd=initrd.img --mem-min=0x20000000 --command-line="$(cat /proc/cmdline)"
kexec -e
Download links:
Kexec tool- https://db.tt/8DZXQ9eV
Ramdisk firmware 1.548 : https://db.tt/8DZXQ9eV
zImage (kernel):
Source code:
Kernel diff patch: https://db.tt/Xi2htT7Q (currently contains wrong values for mem defines)
Kexec-tools: https://db.tt/I22ofr3b
Special thanks: @delewer @krabappel2548

Reserved

Please move this thread to Xda Devdb, then I can also edit first post etc if I find new stuff
Sent from my C6903 using xda app-developers app

krabappel2548 said:
Please move this thread to Xda Devdb, then I can also edit first post etc if I find new stuff
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
Devdb?
Pm me i dont know what Devdb is lol

Recieved segmentation fault with delewers calculated mem values too
We need to write to memory where we have write access to, maybe lockedbootloader is not allowing us to write? Orrr we are just writing to wrong area of memory

If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.

Shaky156 said:
Devdb?
Pm me i dont know what Devdb is lol
Click to expand...
Click to collapse
Shaky156 said:
Recieved segmentation fault with delewers calculated mem values too
We need to write to memory where we have write access to, maybe lockedbootloader is not allowing us to write? Orrr we are just writing to wrong area of memory
Click to expand...
Click to collapse
I'll discuss with Kali- today if he's available.
Knucklessg1 said:
If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.
Click to expand...
Click to collapse
Doesn't need to be same processor, can be ported
Sent from my C6903 using xda app-developers app

Knucklessg1 said:
If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.
Click to expand...
Click to collapse
Yes it wont matter much, since its not s800 it should be easier for you guys , take the kexec-tool use that, implement the patch write to the correct mem addresses which is free, it should boot if you guys have issues let me know,
I need to calculate the correct addresses.
Ive noticed s800 uses a dt.img, might need to modify kexec-tool to support dt.img, not sure what dt.img does yet, only know it holds values

Shaky156 said:
I need to calculate the correct addresses.
Ive noticed s800 uses a dt.img, might need to modify kexec-tool to support dt.img, not sure what dt.img does yet, only know it holds values
Click to expand...
Click to collapse
the dt.img is needed by the kernel to boot, so I guess we need to load that too in kexec.
EDIT: people that wanna try add kexec patch to their kernel, check github: android_kernel_sony_msm8974/commits/kexec

krabappel2548, i have compil your kernel by my script (fromscratch)
My script (instruction in "DoomLord Build kernel thread" : scriptZ1 http://forum.xda-developers.com/attachment.php?attachmentid=2346163&d=1382568778
(for thoses who want to help us...)
You have a little mod to do here (bad compil) :
In "sound/soc/msm/qdsp6v2/rtac.c"
you must change
#include <q6voice.h>
by
#include "q6voice.h"
btw : no more ideas to load kexec for the moment ...

delewer said:
krabappel2548, i have compil your kernel by my script (fromscratch)
My script (instruction in "DoomLord Build kernel thread" : scriptZ1 http://forum.xda-developers.com/attachment.php?attachmentid=2346163&d=1382568778
(for thoses who want to help us...)
You have a little mod to do here (bad compil) :
In "sound/soc/msm/qdsp6v2/rtac.c"
you must change
#include <q6voice.h>
by
#include "q6voice.h"
btw : no more ideas to load kexec for the moment ...
Click to expand...
Click to collapse
Sorry, I'm trying to get caught up on the forum, but what seems to be the current standing issue to get kexec working?

Knucklessg1 said:
Sorry, I'm trying to get caught up on the forum, but what seems to be the current standing issue to get kexec working?
Click to expand...
Click to collapse
Read the OP
Status paragraph

Memory regions
00000000-07afffff : System RAM
00008000-00b79383 : Kernel code
00d04000-00f0cddb : Kernel data
0ff00000-779fffff : System RAM
7ff00000-7ff3ffff : rdtags_mem
7ff80000-7ffa0fff : last_kmsg
7ffa1000-7ffa5fff : last_amsslog
System RAM MEM = 00000000
So --min-mem=0x20000000
Now need to find a free memory area thatll allow us to write and hopefully the mmu/pmu on locked bootloader wont cancel it
@delewer? @DooMLoRD @kali @Bin4ry

I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app

king960 said:
I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app
Click to expand...
Click to collapse
These devices are not 2013 devices, they arent s800 socs, so they are much easier to do, simply take the kexec-tools from op, implement the patch in your kernel, write the correct memory values for your specific device and execute in terminal via the command in op, minmem depends on your device too, good luck

I think some1 tried it already, but it works only for unlocked devices... Anyway, thanks for help.
Sent from my LT22i using xda app-developers app

king960 said:
I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app
Click to expand...
Click to collapse
Does doing this require having an Unlocked Boot loader prior to implementation?
Sent from my C6603 using xda app-developers app

A few informations about kexec-tools debug
in kexec.c
Fonction :
if (file_type.load(argc, argv, kernel_buf,
kernel_size, &info) < 0) {
fprintf(stderr, "Cannot load %s\n", kernel);
return -1;
}
With a forced execution of kexec (bypass error to see...)
--mem-min=0x90000000
kernel: 0xb6b9d008 kernel_size: 3e9340
debug: 1 - after get memory range
debug: 2 - after type test
debug: 3 - after type test
debug: 4 - after info.kexec
debug: Focus 1 - argc '5' ; argv 'be856774' ; kernel_buf 'b6b9d008' ; kernel_size '3e9340' ; info 'be856548' ; i '1' ; file_type.name 'zImage'
Could not find a free area of memory of 3f1340 bytes...
Cannot load zImage
debug: 10 - before trampoline
debug: 11 - after trampoline
debug: 12 - before segment load
debug: 13 - after segment load
debug: 8 - before sort_segment
debug: 9 - after sort_segment
debug: 6 - before purgatory
debug: 7 - after purgatory
kexec_load: entry = (nil) flags = 280004
nr_segments = 0
kexec_load failed: Function not implemented
entry = (nil) flags = 280004
nr_segments = 0
debug: 5 - return result : ffffffff
With a forced bypass on file_type.load , we have this :
--mem-min=0x20000000
debug: Focus 1 - argc '5' ; argv 'bef18774' ; kernel_buf 'b6bc7008' ; kernel_size '3e9340' ; info 'bef18548' ; i '1' ; file_type.name 'zImage'
Segmentation fault

delewer said:
A few informations about kexec-tools debug
in kexec.c
Fonction :
if (file_type.load(argc, argv, kernel_buf,
kernel_size, &info) < 0) {
fprintf(stderr, "Cannot load %s\n", kernel);
return -1;
}
With a forced execution of kexec (bypass error to see...)
--mem-min=0x90000000
kernel: 0xb6b9d008 kernel_size: 3e9340
debug: 1 - after get memory range
debug: 2 - after type test
debug: 3 - after type test
debug: 4 - after info.kexec
debug: Focus 1 - argc '5' ; argv 'be856774' ; kernel_buf 'b6b9d008' ; kernel_size '3e9340' ; info 'be856548' ; i '1' ; file_type.name 'zImage'
Could not find a free area of memory of 3f1340 bytes...
Cannot load zImage
debug: 10 - before trampoline
debug: 11 - after trampoline
debug: 12 - before segment load
debug: 13 - after segment load
debug: 8 - before sort_segment
debug: 9 - after sort_segment
debug: 6 - before purgatory
debug: 7 - after purgatory
kexec_load: entry = (nil) flags = 280004
nr_segments = 0
kexec_load failed: Function not implemented
entry = (nil) flags = 280004
nr_segments = 0
debug: 5 - return result : ffffffff
With a forced bypass on file_type.load , we have this :
--mem-min=0x20000000
debug: Focus 1 - argc '5' ; argv 'bef18774' ; kernel_buf 'b6bc7008' ; kernel_size '3e9340' ; info 'bef18548' ; i '1' ; file_type.name 'zImage'
Segmentation fault
Click to expand...
Click to collapse
Did you compile this kexec yourself? Or did you get this from krapabbel? I issued krapabbel to compile a new debug version have gave him the code but never heard back from him :/
Anywayz so cannot find free memory is the issue

[DEV] Building a custom kernel and kernel modules for stock kernel

Since fire phone doesn't have a bootloader unlock at the moment. There is no point in building a custom kernel. But By building a kernel we can build kernel modules which work on the stock kernel. And yes you can load unsigned kernel modules without a problem since fire phone doesn't use tz apps to verify kernel modules like Samsung does.
Setup
Source
Download the fire phone sources for firmware 4.6.1 from here. And extract the platfrom.tar inside the archive to somewhere(KERNEL_DIR).
toolchain
You can use the android ndk from google, But it requires some setup. I'm using linaro toolchain from here. You can use compiler version 4.7, 4.8 or 4.9. Kernel I'm using (Firmware 4.6.3 - Linux 3.4-perf-g280c96c) is built with gcc-4.7. But I'm using this gcc-4.9. Download it, extract is somewhere(TOOLCHAIN_DIR) and add the $TOOLCHAIN_DIR/bin to your PATH. Theoretically you would be able to build the kernel on windows using Cygwin or MSYS tools but using Linux is better.
config
Connect your phone trough adb and run
Code:
adb pull /proc/config.gz
zcat config.gz > $KERNEL_DIR/kernel/qcom/3.4/.config
With this config you will run into some problems because of a missing "trapz_generated_kernel.h". I don't know if this is an auto generated file when they build android as a whole or amazon removed this explicitly(can they do that without violating GPL?). Anyway It looks trapz is some low level kernel debugging function(comment here if you know more about it). We can safely disable it. Open $KERNEL_DIR/kernel/qcom/3.4/.config in a text editor and change the lines
Code:
CONFIG_TRAPZ=y
CONFIG_TRAPZ_TP=y
CONFIG_TRAPZ_TRIGGER=y
CONFIG_HAVOK=y
to
Code:
#CONFIG_TRAPZ=y
#CONFIG_TRAPZ_TP=y
#CONFIG_TRAPZ_TRIGGER=y
#CONFIG_HAVOK=y
building
Now edit the $KERNEL_DIR/kernel/qcom/3.4/Makefile and add this changes
Code:
EXTRAVERSION = -perf-g280c96c
This is at the top of the makefile. If we don't add this, vermagic for the modules will differ from stock kernel and they won't load.
ARCH=arm
CROSS_COMPILE=arm-linux-gnueabihf-
Click to expand...
Click to collapse
Here arm-linux-gnueabihf- is my cross compiler frefix. Look in $TOOLCHAIN_DIR/bin/ to find it.
Now cd into $KERNEL_DIR/kernel/qcom/3.4/ and do
Code:
make
The build will fail a few times complaining about missing headers. Most of the time it's just
Code:
#include <myheader.h>
instead of
Code:
#include "myheader.h"
Edit the source file where the build fails and change <>s to ""s. (maybe android ndk ignores the difference and include the headers anyway)
After kernel compiles, we are good to go. We can use this kernel sources to build kernel modules for stock kernel.
Kernel modules
To build the kernel modules, we basically need two things. An approximate kernel source and the Module.symvers file from the original kernel. We can get the Module.symvers file by building the complete kernel as explained above or Just extract it from our stock kernel.
To extract the Module.symvers from the stock kernel, extract the boot.img file from firmware update image. Get mkbootimg tools from here compile it and run
Code:
unmkbootimg --kernel zImage ---ramdisk ramdisk.cpio.gz -i boot.img
After you get the zImage. Download extract-symvers script from here and run
Code:
python2 extract-symvers.py -B 0xc0008000 zImage > Module.symvers
place this file in $KERNEL_DIR/kernel/qcom/3.4/ (You still have to do the changes mentioned above in kernel config and building section run make in the $KERNEL_DIR/kernel/qcom/3.4 and intrupt it after few seconds)
Now you can build loadable modules against this source. Here is a hello world kernel module.
Code:
//hello.c
#include<linux/module.h>
#include<linux/kernel.h>
#include<linux/init.h>
static int __init hello_start(void)
{
printk("hello to the world from module");
return 0;
}
static void __exit hello_end(void)
{
printk("heloo exit");
}
module_init(hello_start);
module_exit(hello_end);
Code:
#Makefile
KERNEL_DIR=<your kernel dir>/kernel/qcom/3.4
obj-m := hello.o
PWD := $(shell pwd)
default:
$(MAKE) ARCH=arm CROSS_COMPILE=armeb-linux-gnueabi- -C $(KERNEL_DIR) SUBDIRS=$(PWD) modules
Put this files in a folder and run make in it. Change the paths and cross compiler prefix according to your setup. and run make.
After the build push the hello.ko to the phone.
Code:
adb push hello.ko /sdcard/
adb shell
su
cd sdcard
insmod hello.ko
run dmesg and you'll see the message.
I'm currently trying to build kexec module from hashcode's sources and USB OTG modules.
I'm attaching a few thing helped me do this.

since they have released this version of the fire os they have to provide the source code
see
http://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic
you have just shown that the source code they releases for the kernel does not match the one used to build the kernel. This means it is a clear violation of the gpl and amazon is in breach and can be sued.
on another note.
are the drivers for the nfc and camera compiled as a module or into the kernel?

They have yet to provide 4.6.3 and 4.6.4 kernel sources too.
I don't know exactly but in order for NFC and camera to work drivers are required and they are in fact compiled into the kernel.
The problem we currently have with NFC and camera is proprietary hal (hardware abstraction libraries) They are a part of Android and does not subject to GPL. Amazon changed the original android way how hal works and didn't release the sources!
by looking at the kernel drivers maybe we would be able to implement hal from scratch. But I don't see that intense dev support for fire phone. If you are up for it camera sources are at $KERNEL_DIR/kernel/qcom/3.4/drivers/media/platform/msm/camera_v2/

Major MAJOR respect for all of you making the Fire Phone even better!

@madushan1000
Could we do something like this to install a custom boot.img?
http://forum.xda-developers.com/optimus-l9/general/guide-install-custom-roms-locked-t3249828

I don't own this device but has anyone tried to see if kexec works?

spudowiar said:
I don't own this device but has anyone tried to see if kexec works?
Click to expand...
Click to collapse
Nope, I was working on it. But then I got a job. It will be sometime before I can start working on it again.

Could someone please provide the config extracted from /proc/config.gz?
I can't find this on CM11 rom for some reason.

Building the kernel now.
Some bugs are in the code and -Wall and gcc-wrapper.py escalate the warnings.
I wonder if those errors are there on purpose XD
helloworld.ko loaded successfully
I was able to execute kexec without anything. Just the binary.
Will keep you posted - this hacking might take a while to figure it all out.
I already have 3.4 kernel from the amazon sources.
I have the kexec userland program.
What is left is a loadable kexec kernel module (if that is possible at all).

removed

Okarin said:
Are we even sure those Amazon Kernel Sources are correct?
Those errors caught by the wrapper scripts are giving me the creeps.
Git the kexec_load.ko build.
Currently hands on insmod.
Phone doesn't do a reboot any longer:
insmod kexec_load.ko
init_module(0xb6e6c008, 408241, "") = -1 ENOENT (No such file or directory)
write(2, "insmod: init_module '/sdcard/kex"..., 79insmod: init_module '/sdcard/kexec_load.ko' failed (No such file or directory)
) = 79
munmap(0xb6e6c000, 409600) = 0
mprotect(0xb6f8c000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0xb6f8c000, 4096, PROT_READ) = 0
close(0) = 0
close(1) = 0
close(2) = 0
futex(0xb6f6cd74, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0xb6f8c000, 4096) = 0
exit_group(-1) = ?
First goal is to get module loaded.
Goal reached:
kexec_load 27813 0 - Live 0x00000000 (O)
procfs_rw 12770 0 - Live 0x00000000 (O)
wlan 3793980 0 - Live 0x00000000 (O)
Shouldn't be functional at all..
I disabled some function calls just to get the module loaded.
The missing symbols are:
soft_restart
arch_kexec
machine_shutdown
And the version I use does some insane function hooking ..
More rework is needed.
[email protected]:/data/local # ./kexec /sdcard/vmlinux
kernel: 0xaf12d008 kernel_size: 7e1354c
unrecoverable error: could not scan "/proc/device-tree/": No such file or directory
<6>[ 97.681256] Kexec_load: Replacement... :
<6>[ 97.681344] kexec_load : my_syscall_table : c0106244
<6>[ 97.681405] kexec_load : kexec_load before replacement : c01b346c
<6>[ 97.681480] kexec_load : kexec_load after replacement : bf3a5650
<6>[ 97.681546] kexec_load : reboot before replacement : c01a83f0
<6>[ 97.681616] kexec_load : reboot after replacement : bf3a6348
<6>[ 97.681675] Kexec_load: End replacement... :
<6>[ 202.694691] Kexec: - Starting kexec_load...
<6>[ 202.694849] Kexec: - ---- kexec_load - result : '0'
It gets better:
255|[email protected]:/data/local # ./kexec --dtb=/sdcard/zImage-dtb /sdcard/vmlinux
kernel: 0xaf1b1008 kernel_size: 7e1354c
kexec-zImage-arm : dtb.img BEFORE CUT : Start : '0xae66f008' - Length : '0xb411e9' - End : '0xaf1b01f1'
Segmentation fault
More tomorrow.
Click to expand...
Click to collapse
Where are you getting your kexec module sources from? BTW try using the original amazon kernal binary the phone is shipped with (we are sure it works). Don't use the custom kernel for the kexec tests (We don't know the custom kernel actually works)

madushan1000 said:
Where are you getting your kexec module sources from? BTW try using the original amazon kernal binary the phone is shipped with (we are sure it works). Don't use the custom kernel for the kexec tests (We don't know the custom kernel actually works)
Click to expand...
Click to collapse
Here is the thread I used as a starting point.
I will put up my "fork" on github after I get permission to do that
The userland part build like a charm once I took the compiler you recommended.
The kernel-module was tricky because the whole thing is modded like hell.
To be able to load I had to comment out some hard coded addresses and the calls to unresolvable symbols.

removed

Okay the kernel gets loaded.
But
kexec -e shuts off the device.
strace doesn't help.
On the plus side:
Devices are shutdown
Look promising
I need a way to tail dmesg ...
Okay a lot of digging around and I found out that the reboot syscall doesn't work properly..
It doesn't look like it hits the kexec_module it looks more like it hits the actualy sys_reboot
Okay reboot syscall hits my reboot-hook.
But the softreboot doesn't work now.
Okay there is some kind of watchdog runnig which doesn't like my kexec.
I need to kill it - that should happen tomorrow.

removed

I hit the same wall when I tried to isolate the kexec code from the kernel itself to a module. I stopped working on it because I lacked the time. BTW the error you are facing now
<3>[ 80.580644] BUG: scheduling while atomic: kexec/4067/0x00000002
Click to expand...
Click to collapse
is because memory allocator is trying to switch threads while you are in a syscall. it's because of lines like this
image = kzalloc(sizeof(*image), GFP_KERNEL);
Click to expand...
Click to collapse
Try changing GFP_KERNEL to GFP_ATOMIC. Other than that, I have another suggestion. Try to get the kernel to run in a single core mode before running kexec code. This might simplify things. I don't know how to do this though.

madushan1000 said:
I hit the same wall when I tried to isolate the kexec code from the kernel itself to a module. I stopped working on it because I lacked the time. BTW the error you are facing now
is because memory allocator is trying to switch threads while you are in a syscall. it's because of lines like this
Try changing GFP_KERNEL to GFP_ATOMIC. Other than that, I have another suggestion. Try to get the kernel to run in a single core mode before running kexec code. This might simplify things. I don't know how to do this though.
Click to expand...
Click to collapse
The atmic error is gone now. It went away after I disabled the watchtog.
smp_disable() is what you are looking for - but this causes the system to hard_reboot ATM XD

what happens if you kill every userlevel program before smp_disable()?

removed

#define tomorrow
Okay .. I worked out the preemption thing.
At least it does something.
Still a black screen and the MSM_WATCHDOG is a ***** again.
It needs to be suspended .. at least that what I get from the code I read here.
If I remove the driver too early the output in /proc/kmsg stops ..
If I try to remove it too late ... well it causes a resched while atomic.

Help to deactivate Bluetooth in NAC, I offer 🍺🍺 BEERS!! 🍺🍺

Hi all.
I need to deactivate the Bluetooth connection in my Citroën C4. It uses a NAC infotainment system (same as Peugeot) but there is no option in the menu to do it.
I founded in previous infotainment there were some cheats codes (like BTSTARTER;0) to do it, but they don't work in NAC. There we have the hidden menu but it only shows information and is not possible to modify anything there.
Spoiler: Explanation
To access the hidden menu in NAC is necessary to press at least 6 seconds the multimedia button and then enter first the list (for example 1130) and then the code 1122.
Here is the list of available codes
1111 Spy log generation
1122 Master mask
1130 Information about amplifier, battery etc
1133 Information about radio / received / freq
1134 Information on satellites and services
1135 TomTom version
1136 Information about WiFi devices
1137 current user status, temp.
1138 Linux, USB, processor utilization
1139 GPU memory load
1140 connection status WiFi, tethering, Bluetooth, rndis, ipadreesen and macadressen and much more.
1141 Connected USB devices
1142 ATB connection
1143 no information without serial connection
1144 tone becomes quieter
1145 Provider status, SMS status
1146 Download status
But under the NAC there is a Linux system, so for sure it is possible to create a script or something similar that would be read from the USB.
In this thread they found the way to create a file that will be read by the system to perform some actions, so I guess it could be a starting point
Spoiler: Explanation
Here is explained how to create a file to be read by the car:
Crunchy_Nuts said:
So the complete content of the usb file is
Code:
#USB Demo file
[general]
id=9cfd0bf57a94a3beb6c990e9c9c78247a8bc78fd3310aa6f58a247f8dabe3b7f
# Activate engineering mode
# engineering_mode=0 (Absent) engineering_mode=1 (Present)
engineering_mode=1
# Create one spy
# create_spy=0 (don't create spy) create_spy=1 (create spy)
create_spy=1
# Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
sync_spies_with_usb=1
Create a file and rename it to ID (without any file extension!) and copy the code above into the file.
Copy the file in the root directory of the usb stick and plug it in to the nac.
After you insert it in the nac, it will copy the spylogs to usb.
And maybe you can do other things with the engineering mode.
Click to expand...
Click to collapse
The id comes from rootfs\usr\bin\sem_dm_server, but I would need help to find my own ID if necessary
I don't know if it would be possible to do it based on some of the previous ideas or somebody has another way to do it. I would really appreciate any ideas.
It is something very important for me, so I would be happy to invite some drinks (or a dinner!) if somebody could help me with it.
Cheers!