Related
Memory Tweak - get more free RAM to use for apps and less lag.
// This was first intended for other ROM chefs, so they can include this tweak in their ROMs. I'm aware that there are apps which can do this. But it's the idea to have it included automatically, so you don't have to annoy your users
However, this is also for normal users. Those just flash the CWM Package thunderteaser made here. Thanks for this.
I made a script which boosts the RAM Management significantly.
You can use this in any ROM - those values have been created from my mind and were being tested for several days in heavy use.
IMHO, it's the perfect combination of RAM Management.
HOW TO IMPLEMENT IT INTO YOUR ROM
Just make a new bash script and place the following code into it.
NOTE: bash files created on Windows don't work. Create them with a UNIX like Linux (Ubuntu, Fedora, whatever) or Mac OS X.
Place the script in /system/etc/init.d so it gets automatically executed at every startup. You have to make this because init.rc (in root dir /) gets executed first and will also set the RAM Management (minfree) on his own.
UPDATE - 20.03.2011
Supercurio said, there is support for init.d in his Voodoo injected kernel for JV1 Gingerbread.
This means, the script is fully working and the Gingerbread JV1 memory leaks are fixed when using those values.
This also means, my current ROM v10.0 Beta 3 already has the Memory Hack integrated.
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# The values in MB: 10, 16, 24, 68, 76, 92
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
Permissions
You may want to adjust the permissions of the script when it's on your phone.
You can do it with ADB.
First, connect to your phone.
Code:
adb shell
Get root access.
Code:
su
Set the permissions.
Code:
chmod 777 /system/etc/init.d/ramtweak
Code:
chown root:root /system/etc/init.d/ramtweak
When you're a ROM chef, you can include those permissions either with update(r)-script or with a bash file.
Thanks to zacharias.maladroit for the hint with the permissions.
- darkyy.
Darkyy said:
Ignore the # You're not allowed to use this script without giving proper credits. - EVERYONE IS WELCOME TO IMPLEMENT THIS INTO HIS / HER ROM - I don't need credits.
Click to expand...
Click to collapse
If you don't mean it, take it out
Ok this looks awesome but for the most part of the members can u make a proper tutorial ? I really don't understand how to implement your hack, how to create a bash script init.d ?
sorry for my noobiness
And when you say in every ROM, did you also mean every custom kernel ?
chambo622 said:
If you don't mean it, take it out
Click to expand...
Click to collapse
I will, sorry for this crap
I'm a bit too tired...
touness69 said:
Ok this looks awesome but for the most part of the members can u make a proper tutorial ? I really don't understand how to implement your hack, how to create a bash script init.d ?
sorry for my noobiness
And when you say in every ROM, did you also mean every custom kernel ?
Click to expand...
Click to collapse
You just make a new file on your COMPUTER.
Or it would even work on your SGS (but I'm writing now for the Computer).
Example:
Let's say, you're on Windows - create a NEW text file and remove the .txt extension (you need to have this option activated in the explorer settings).
You can leave it to no extension or just make it end on .sh
You got a file called randomname.sh now.
Now to make it easy, just copy this file to the C: drive in NO subfolder.
Now just ADB push this file to your SGS into:
Code:
adb push /randomname.sh /system/etc/init.d
Or just copy the .sh file to your SGS via USB Storage mount and copy it to the directory with Root Explorer or Super Manager.
Yes, this should work with every kernel (Android 2.2.1) here.
Thanks for doing this testing to find good settings. Forgive me if I'm misinformed, but is there anything particularly innovative about new minfree settings? I do appreciate your testing and finding ones that work well for you.
have a good rest, Darkyy !
thanks for this script
so you noticed improved interactivity with "apps and less lag" ?
gotta try this with CM7
FYI:
the defaults of the CM7 kernel are:
Code:
cat /sys/module/lowmemorykiller/parameters/minfree
2048,3072,4096,6144,7168,8192
edit2:
make sure that you get the right permissions for the file on the phone afterwards
say:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
thanks for explanation ! I have done what you say and rebooted my phone after that. I renamed the file to init.d after placing it into the /system/etc/ directory and setted the défault permissions for this file rwxrwxrwx (or something like that)
But how I find if I have the hack succesfuly installed ?
chambo622 said:
Thanks for doing this testing to find good settings. Forgive me if I'm misinformed, but is there anything particularly innovative about new minfree settings? I do appreciate your testing and finding ones that work well for you.
Click to expand...
Click to collapse
Not innovative - this is nothing new.
It's just that many ROM devs aren't aware of this and I thought I could share my script.
zacharias.maladroit said:
have a good rest, Darkyy !
thanks for this script
so you noticed improved interactivity with "apps and less lag" ?
gotta try this with CM7
FYI:
the defaults of the CM7 kernel are:
Code:
cat /sys/module/lowmemorykiller/parameters/minfree
2048,3072,4096,6144,7168,8192
edit2:
make sure that you get the right permissions for the file on the phone afterwards
say:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
Click to expand...
Click to collapse
Strange permissions...
This would be rwx r-x --- [Owner, Group, Other]
EDIT:
Ouch, CM7 really has 2048,3072,4096,6144,7168,8192?
That's really not the best value... looks close like JV1 RAM Management at first glance...
I'm gonna check that later.
Darkyy said:
Not innovative - this is nothing new.
It's just that many ROM devs aren't aware of this and I thought I could share my script.
Strange permissions...
This would be rwx r-x --- [Owner, Group, Other]
EDIT:
Ouch, CM7 really has 2048,3072,4096,6144,7168,8192?
That's really not the best value... looks close like JV1 RAM Management at first glance...
I'm gonna check that later.
Click to expand...
Click to collapse
yes,
and those are really the permissions
ls -l
-rwxr-x--- 1 root shell 365 Aug 1 2008 00banner
-rwxr-x--- 1 root shell 27 Aug 1 2008 01sysctl
-rwxr-x--- 1 root shell 229 Aug 1 2008 03firstboot
-rwxr-x--- 1 root shell 201 Aug 1 2008 04modules
-rwxr-x--- 1 root shell 1452 Aug 1 2008 05mountsd
-rwxr-x--- 1 root shell 272 Aug 1 2008 06mountdl
-rwxr-x--- 1 root shell 925 Aug 1 2008 20userinit
-rwxr-x--- 1 root shell 2533 Mar 19 02:20 89system_tweak
-rwxr-x--- 1 root shell 2848 Aug 1 2008 90screenstate_scaling
Click to expand...
Click to collapse
good thing you came up with these improved values,
I'm gonna include these in the next revision of my script / kernel
thanks again
Thanks Darkyy! Once again, you kicketh ass!
I am gonna give this a try.
Nice, some info on min free settings:
http://www.androidcentral.com/fine-tuning-minfree-settings-improving-androids-multi-tasking
while we're at it:
you could include lots of stuff from the
tweak script for the Galaxy Spica
in your next revision of ROM
I'm using some of those
and planning to continually add more after having tested them
DocRambone said:
Nice, some info on min free settings:
http://www.androidcentral.com/fine-tuning-minfree-settings-improving-androids-multi-tasking
Click to expand...
Click to collapse
Thanks Doc, will add it tomorrow in the OP.
zacharias.maladroit said:
while we're at it:
you could include lots of stuff from the
tweak script for the Galaxy Spica
in your next revision of ROM
I'm using some of those
and planning to continually add more after having tested them
Click to expand...
Click to collapse
Nice, but most things are specially for the low-end device Spica.
I'll sure look into it
Thank you
Gah this is such a retarded suggestion. Darky your SGS ROM is really nice and I'm currently running it, but please think about things like this before you post them.
The SGS has, comparatively, RAM out the wazoo. Why do we want more of it sitting idle and unused? RAM is there to be used, not sit there looking unused and pretty like a virgin at an eastern european slave auction in a free -m command. Twatting about with this setting on behalf of the Android Low Memory Killer is essentially like telling the ROM you have less RAM than you actually do since it will always endeavour to keep that much RAM -free- as in -unused- by the GUI itself as well as Android apps.
Darkyy said:
Memory Tweak - get more free RAM to use for apps and less lag.
I made a script which boosts the RAM Management significantly.
You can use this in any ROM - those values have been created from my mind and were being tested for several days in heavy use.
IMHO, it's the perfect combination of RAM Management.
HOW TO IMPLEMENT IT INTO YOUR ROM
Just make a new bash script and place the following code into it.
Place the script in /system/etc/init.d so it gets automatically executed at every startup. You have to make this because init.rc (in root dir /) gets executed first and will also set the RAM Management (minfree) on his own.
This doesn't work on JV1 now because we don't have the kernel sources to implement init.d support.
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# Old Hack (you can ignore this, it's just another method of doing it)
#if [ -e /sdcard/darky_tweak/init.rc ]; then
# echo "Copying init.rc to /"
# cp /sdcard/darky_tweak/init.rc /
# else
# echo "No init.rc found"
#fi
# New Method [15.03.2011]
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
- darkyy.
Click to expand...
Click to collapse
How to do it. any video to show us. ??
touness69 said:
thanks for explanation ! I have done what you say and rebooted my phone after that. I renamed the file to init.d after placing it into the /system/etc/ directory and setted the défault permissions for this file rwxrwxrwx (or something like that)
But how I find if I have the hack succesfuly installed ?
Click to expand...
Click to collapse
He said to place it inside init.d not call it init.d. Are you honestly this illiterate?
shaldi said:
How to do it. any video to show us. ??
Click to expand...
Click to collapse
How to create a text file and place it where he says to place it? Are you honestly this illiterate?
Darkyy said:
You just make a new file on your COMPUTER.
Or it would even work on your SGS (but I'm writing now for the Computer).
Example:
Let's say, you're on Windows - create a NEW text file and remove the .txt extension (you need to have this option activated in the explorer settings).
You can leave it to no extension or just make it end on .sh
You got a file called randomname.sh now.
Now to make it easy, just copy this file to the C: drive in NO subfolder.
Now just ADB push this file to your SGS into:
Code:
adb push /randomname.sh /system/etc/init.d
Or just copy the .sh file to your SGS via USB Storage mount and copy it to the directory with Root Explorer or Super Manager.
Yes, this should work with every kernel (Android 2.2.1) here.
Click to expand...
Click to collapse
Darkyy, so I just copy the codes, paste in notepad then save as [anygivenname.sh] then paste into system/ect/init.d using root explorer and reboot my galaxy s?
Darky is this included in your rom? if not is it going to be?
bernard134 said:
Darkyy, so I just copy the codes, paste in notepad then save as [anygivenname.sh] then paste into system/ect/init.d using root explorer and reboot my galaxy s?
Click to expand...
Click to collapse
guys
seriously: read what comes after the 1st ,2nd and 3rd post - or the first 1-3 (or 5 sites) if it's a larger topic
you'll see that you need to change the permissions & owner
you do that via logging in via adb, becoming root (su)
and navigating to /system/etc/init.d/
or do it explicitly from the folder where you are - like I posted
0) prepare file on windows / linux / mac
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# Old Hack (you can ignore this, it's just another method of doing it)
#if [ -e /sdcard/darky_tweak/init.rc ]; then
# echo "Copying init.rc to /"
# cp /sdcard/darky_tweak/init.rc /
# else
# echo "No init.rc found"
#fi
# New Method [15.03.2011]
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
e.g. save as:
99rambooster
1) dl & install Android SDK
http://www.talkandroid.com/android-sdk-install-guide/
2) connect phone
navigate to tools folder (or from Linux: launch from terminal via command)
3) put it on the phone
Code:
adb push 99rambooster /sdcard/
4) log in to phone & become root
Code:
adb shell
(now in phone)
Code:
su
5) copy it to init.d folder [you eventually need to remount /system rw]
Code:
cp /sdcard/99rambooster /system/etc/init.d/
6) adjust permissions:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
Hi fellows,
I have made a patch to enable the use of Tiny-SHMEM instead the full SHMEM filesystem in android kernels. I think we can gain some performance here. It seems to be working, but I have some thoughts to share with you.
1) It seems that android uses /dev/ashmem rather than /dev/shm, and the only two functions of mm/shmem.c needed by mm/ashmem.c is available on tiny-shmem.
2) Android also needs to mount filesystem as tmpfs. If we use tiny-shmem, than tmpfs will use ramfs code. So, we will support online growing, but we can not limit sizes. I have just one partition (/app-cache) that has size limits. The question is: we actually need size limits?
If anyone like, I can release the patch after some testing I'm doing.
Thanks,
Ronan
I can help u test on, well you know!
Hi diz!
So, I'm attaching a patch for GT-P1000 kernels. It should be fine on every version.
It just modify the Init/Kconfig file since the tiny-shmem is already on source code and you just need to adjust the configuration to define CONFIG_TINY_SHMEM.
If you want to test, apply this patch into your kernel tree, execute 'make menuconfig', go to section:
General Setup -> Configure standard kernel features (for small systems) -> Default shmem filesystem implementation -> Tiny shmem filesystem
and then compile.
Any updates in this project??
Sent from my GT-P1000 using XDA App
jadmask3rlm said:
Any updates in this project??
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
Still need people to test it... RAMFS could induce some problems...
My latest unstable kernel version has this patch applied and tiny-shmem is selected. If anyone wants to test: http://forum.xda-developers.com/showthread.php?t=1274855
But, it is just for LATIN models!
Ronis_BR said:
Hi diz!
So, I'm attaching a patch for GT-P1000 kernels. It should be fine on every version.
It just modify the Init/Kconfig file since the tiny-shmem is already on source code and you just need to adjust the configuration to define CONFIG_TINY_SHMEM.
If you want to test, apply this patch into your kernel tree, execute 'make menuconfig', go to section:
General Setup -> Configure standard kernel features (for small systems) -> Default shmem filesystem implementation -> Tiny shmem filesystem
and then compile.
Click to expand...
Click to collapse
Hello
I have, and then someone else (just to make sure) applied the patch, but the "default shmem filesystem implementation" option is not available in general setup, after running 'make menuconfig'
dizgustipated said:
Hello
I have, and then someone else (just to make sure) applied the patch, but the "default shmem filesystem implementation" option is not available in general setup, after running 'make menuconfig'
Click to expand...
Click to collapse
yea the same happened with me too(on another device too)
so what i did
in .config
add this:
CONFIG_TINY_SHMEM=y (it should be 'is not set')
Hi diz,
This option is under Configure kernel features (for small systems). It is the last option in the menu and you can select two values. Yesterday I applied the patch in my kernel tree and it works properly.
Sent from my GT-P1000L using xda premium
AH! Btw, you must enable:
CONFIG_MMU (System type)
CONFIG_EMBEDDED (General setup)
to see the option. So, if you haven't enabled CONFIG_SWAP, than you can choose CONFIG_TINY_SHMEM, otherwise just CONFIG_SHMEM will be available.
FYI, I'm using this with tiny-shmem for 8h and nothing weird happened yet
Thanks,
Ronan
working on it now,
up to the compile part,
its a little different working with my source, than stock
quick q
how do we show users this is working or even added in their kernels?
Well, you can execute:
busybox zcat /proc/config.gz | grep SHMEM
If you see:
CONFIG_TINY_SHMEM=y
Then tiny shmem was selected and is activated.
I'll wait your results! Thanks for the help!!!!
Ronan
Sent from my GT-P1000L using xda premium
Now, when trying to compile (mine and teks way)
It says, kernel tree not clean, please run make mrproper in kernel directory.
So I do, and it erases the tiny shmem, and goes back to default p1cm7 configuration.
Lol, kernel work makes porting a rom from basecode a walk in the park!
When typing make, or make zimage, in same directory as make menuconfig, it errors and says /opt/toolchains/arm-2009q3/bin/arm-none-linux-gnueabi-gcc: Command not found
and
make
make: /opt/toolchains/arm-2009q3/bin/arm-none-linux-gnueabi-gcc: Command not found
scripts/kconfig/conf -s arch/arm/Kconfig
init/Kconfig:957:warning: choice value used outside its choice group
init/Kconfig:958:warning: defaults for choice values not supported
make: /opt/toolchains/arm-2009q3/bin/arm-none-linux-gnueabi-gcc: Command not found
CHK include/linux/version.h
UPD include/linux/version.h
CHK include/generated/utsrelease.h
UPD include/generated/utsrelease.h
Generating include/generated/mach-types.h
CC kernel/bounds.s
/bin/sh: /opt/toolchains/arm-2009q3/bin/arm-none-linux-gnueabi-gcc: not found
make[1]: *** [kernel/bounds.s] Error 127
make: *** [prepare0] Error 2
below is my .config file, zipped because xda cant load hidden files
Hi diz,
First,
kernel tree not clean, please run make mrproper in kernel directory.
It is because the kernel directory has a git repo and it is not clean. When you use 'make mrproper' it will remove the patch because it probably wasn't commited yet.
The easiest way to solve it is:
mv .git .gitold
<Compile the kernel>
mv .gitold .git
If you do this, this problem should be gone.
The second error seems that you are pointing the gcc cross-compiler to a wrong path in Makefile. Check where you installed the compiler and set it accordingly in Makefile by changing the value of this variable:
CROSS_COMPILE ?=
Hope it helps!
Thanks,
Ronan
By the way, your config file seems to be ok!
Change the tool chain prefix to arm-none-eabi- and compile (after doing the steps ron told)
SUCCESS!!!!!!!!
I've posted it here,
http://forum.xda-developers.com/showpost.php?p=19128294&postcount=2205
Good! Let's see what will happen now
Thanks!
Cyanogen 7 tiny_shmem kernel
I have decided to move the kernel here.
So as not to "invade" another's thread
This is only for unofficial beta cm7 port
* FILE SYSTEM
TINY_SHMEM enabled
* LCD Voltage
down to 260000 from 300000
* I/O scheduler default
"no-op"
type: busybox zcat /proc/config.gz | grep SHMEM
in your terminal emulator
you will see:
CONFIG_TINY_SHMEM=y
(means tiny shmem is activated."
dizgustipated said:
I have decided to move the kernel here.
So as not to "invade" another's thread
* FILE SYSTEM
TINY_SHMEM enabled
* LCD Voltage
down to 260000 from 300000
* I/O scheduler default
"no-op"
type: busybox zcat /proc/config.gz | grep SHMEM
in your terminal emulator
you will see:
CONFIG_TINY_SHMEM=y
(means tiny shmem is activated."
Click to expand...
Click to collapse
THIS KERNEL IS Making my WIFI Hotspot activate on MIUI for SGT
- I just have issue with the Mobile Network being broken?
- The touchscreen also broken but i'ved fixed that one
- usb tethering error = ive'd fixed it too
Can you do something on the mobile data being broken on the kernel side?
Because if i use angel666 zimage , cm modded, mobile data work but hotspot broken
If i use this its the other way around. Lol
Last Update : August, 19, 2014
Hi,
I'm still try to bypass the MMU protection.
I have fixe a lot of bug, like memory misalignment, bad adresses allocation, dtb correction, etc...
Last sources and binaries here :
kexec-tools V11.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2902912&stc=1&d=1408401794
kexec-tools binaries V11.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2902913&stc=1&d=1408401794
Sorry, i have always 13 sec reboot after new kernel boot.
"cpu_proc_fin" use a "mcr p15" to init cache and proc that cause freeze.
I try to find solution for that.
Last Update : June, 22, 2014
Hi,
My sources are horrible... but i give something new.
This kexec is for stock kernel only (tested on .757). I thinks theses sources work on other kernel too.
In "kexec-tools V10.zip", you have all my sources. It's highly recommended to mod them to have something OK.
In "kexec binaries.zip", you have binaries to install
=> "kexec_load.ko" and "procfs_rw.ko" must be placed in "/system/lib/modules" folder with "chmod 777"
=> "kexec" must be placed in /system/bin" folder with "chmod 777"
=> cd /system/lib/modules
=> insmod kexec_load.ko
For sources :
Mod and adapt all you want, it's free.
You have 2 scripts in Zip : "./compil-kexec" in "kexec-tools" folder to rebuild and send in device directly (install Adbtcp on device and send by tcp with : adb connect xxx.xxx.xxx.xxx) = work perfectly with me.
"scriptZ1" is for compil stock kernel or another kernel (doomlord kernel for eg)
You must rename "custom_final_files" folder after compil to "final_file" manually ; You can have guest kernel in "custom_final_files" and stock kernel in "final_files" for "kexec-tools" path ... Don't mix a guest and host kernel please ^^
I am tired... i let you test and say if it's ok for you...
Thank a lot to munjeni for his help.
kexec-tools V10.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2811994&stc=1&d=1403456181
kexec binaries.zip : http://forum.xda-developers.com/attachment.php?attachmentid=2811995&stc=1&d=1403456181
Last Update : November, 23, 2013
Hi,
For few days now, i haven't no more kernel panic with my kexec.
I have fixed few stuffs into sources, and add a lot.
These adds are, to include a "dt.img" image file into kexec load process.
This image file is a "device_tree" image to match hardware to software.
So, i assume to don't include atags into boot process, but pass bootloader informations by this DT.
I have programmed a little scan memory to found dynamicly all magic tags, because i found 3 device_tree into memory (magic is "0xd00dfeed").
These 2 device_tree are echo from first and nice structure.
The boot process need to have informations from this DT, and need all informations to initialize hardware (no HDW initialisation by the kernel)
I must first fix issues ; Regroup zImage and dt.img into memory to load a solid bloc to kexec_load module to boot into, and second, fix an offset i can't explain, 0x800 in memory causing misalignment memory
Keep tuned..
Last Update : November, 17, 2013
Hi everybody,
My kexec-tools work for Sony Xperia Z1 stock kernel "3.4.0-perf"
This tools can work on all locked bootloader for all locked device, not only Sony or Z1 models.
This kexec-tools add a kexec_load kernel module (LKM) and use a driver to grant a communication between "kexec" user program and kexec_load.ko module
what is for ?
"kexec" user program load in memory a custom kernel in zImage format, but can load ".tar" image too
This user tool load ramdisk in memory if necessary
This tool is for this purpose only, and don't keep in memory the custom kernel at device reboot.
It is a "user" program, not a "kernel" extension... So, to really do the magic, we need the host kernel (stock sony locked kernel) have a kexec_load capability to reboot in a new gest kernel (custom kernel).
Infortuntly, stock kernel don't have kexec_load capability.
Sony have compiled his stock kernel without this option, and "standard" kexec-tools "need" this option to work.
To see all system call capability of kernel, you can run theses command :
Code:
echo 0 > /proc/sys/kernel/dmesg_restrict
echo 0 > /proc/sys/kernel/kptr_restrict
cat /proc/kallsyms
Do all grep you want here.
The "echo 0" "restrict" is here to unmask logical adresses to "system calls"
Like you can see, "__NR_kexec_load" capability isn't here.
To add kexec_load capability in stock locked kernel, we need to add manualy a kernel module wich add this function into the kernel.
Why ? Because the way to keep in memory a custom kernel need to know a lot of parameters, and keep a specific memory range alive at reboot.
Only kernel can do this.
All user program will be terminated at reboot.
"Standard" kexec_load.ko module use a method to implement the "__NR_kexec_load" function in system call table.
Since 2.6.0 kernel, linux for security reason, have locked in memory the "system_call_table" ; No more add or modification is authorized.
If kexec tool try to add a value, "kexec_load" for us, we causes a kernel panic, and reboot device.
For this reason, i have modify kexec user program and kexec_load module to implement a driver to talk to each other.
this driver replace syscall method, and we no more need to use a system call table.
For this reason, this tool is now compatible with modern kernel like our "3.4.0"
For this reason, this tool must work for other device (Xperia X, P, S, etc...) and another brand
For this reason, if kernel is locked, we can bootstrap to run a new kernel.
Installation
First, you can compil your own kexec tool
Here, sources : http://forum.xda-developers.com/attachment.php?attachmentid=2397299&stc=1&d=1384689174
And here, the binaries : http://forum.xda-developers.com/attachment.php?attachmentid=2397305&stc=1&d=1384689406
(it's not a cwm zip, i have no time to create an installer for now ; use "./compil-kexec" if you want an automatic install)
Install *.ko in /system/lib/modules
Install kexec and kdump in /system/bin
Grant with "chmod 777"
Unzip in kexec-tools folder
Install a toolchain (sudo apt-get install gcc-arm-linux-gnueabi)
launch => ./compil-kexec
what's all
This script can do everythinks for you
- Compilation of tools
- Compilation of modules
- installation in device
This script can compil for every brand you have.
Except you must remove or adapt the patch (see below why)
Patch ??
This patch is because a module must be compiled in the same time the kernel himself.
For this reason a "vermagic", an identifier, is used by system to block every module not compil with kernel
Some custom kernel bypass this to authorize every modules.
But for stock kernel, it is not allowed.
You can easely strapp this by busybox.
"busybox modprobe" for help
"-f" to force load without vermagic
To see this vermagic :
Code:
# uname -r
This "uname -r" must be the same that
Code:
# strings kexec_load.ko | grep vermagic
vermagic=3.4.0-perf-g66807d4-02450-g9a218f1 SMP preempt mod_unload modversions ARMv7
If you want use automaticaly this vermagic, you can modify into the custom kernel this file :
Code:
"include/config/kernel.release" and add :
"3.4.0-perf-g66807d4-02450-g9a218f1"
This file will be use at module compil to match the vermagic.
Infortunatly, it is not enought. :silly:
The infamous "no symbol version for module_layout"
When a module compil is created, it use symbols link to system call function, translate by adresses
Theses symbols are not at same physical adresses in stock kernel and modules (compiled from DooMLoRD kernel).
So, theses adresses must be convert into modules itself to match with stock symbols adress.
A patch is needed.
If you use my script, modules are automatically patched.
Here patches :
Code:
sed -i 's/\x32\x76\x86\x29/\x72\xFF\x5E\x20/' procfs_rw.ko
sed -i 's/\x32\x76\x86\x29/\x72\xFF\x5E\x20/' kexec_load.ko
sed -i 's/\xBB\xD0\xF8\x4D/\x0E\x1C\x63\x77/' kexec_load.ko
sed -i 's/\xA6\x26\x81\x1A/\xD4\x56\x02\x7E/' kexec_load.ko
sed -i 's/\xA3\xD1\xEC\x96/\xEC\x43\x28\x1A/' kexec_load.ko
sed -i 's/\x8C\xE6\x6A\x5F/\x3D\xDF\x02\xF2/' kexec_load.ko
sed -i 's/\x3E\xF3\xEF\xE9/\x18\x7F\xA6\x8A/' kexec_load.ko
sed -i 's/\x8B\xD2\x92\x10/\xC8\x19\x08\x9C/' kexec_load.ko
sed -i 's/\x1C\xE8\x18\xE1/\x7C\x71\x9E\xEF/' kexec_load.ko
sed -i 's/\xAB\x2C\x2F\x8B/\x8E\xD7\x63\xC0/' kexec_load.ko
sed -i 's/\xF5\x62\xAA\x4B/\x34\x80\x1B\x74/' kexec_load.ko
sed -i 's/\x00\x52\xD6\xD7/\x6F\x80\x91\x20/' kexec_load.ko
sed -i 's/\x4F\x77\x57\x6A/\x0C\x57\xC7\x63/' kexec_load.ko
sed -i 's/\xCA\x2F\x65\x71/\x92\xB8\x7F\x53/' kexec_load.ko
sed -i 's/\x0F\xD0\xA0\x91/\xFA\x80\x15\xB4/' kexec_load.ko
sed -i 's/\x29\xA0\x6D\x48/\x6C\x6B\x96\x54/' kexec_load.ko
sed -i 's/\x6D\x1F\x1F\x37/\xCC\x5E\x79\x8B/' kexec_load.ko
sed -i 's/\xFD\x23\xD0\xFB/\xE3\xE3\x68\x52/' kexec_load.ko
You can use hexedit or hexdump to see these adresses :
Code:
hexdump kexec_load.ko | grep ff72
0003d50 b0b0 80ac ff72 205e 6f6d 7564 656c 6c5f
how does it work ?
# kexec --help
For kexec help... nothing more to say.
# lsmod
List loaded modules... You must see
kexec_load 31369 0 - Live 0x00000000 (O)
# rmmod kexec_load.ko
Remove kexec_load module from memory.
# grep kexec /proc/device
To see installed driver.
You must see :
100 kexec_driver
First number is "major" number to identify your driver in system.
# mknod /dev/kexec_driver c 100 0
Install driver.
Major number (here 100), is important for module.
This Major must be the same between module and driver.
By default, 100 is used.
# insmod kexec_load.ko
To install "LKM", kexec_load kernel module.
If another Major is needed, you can use "insmod kexec_load.ko 101" for Major 101
You can use "modprob" if you want, but you must configure the module folder.
How kexec and module exchange informations ?
By the driver.
Normal output for a kernel module is to write in "dmsg" file.
To see kernel output, launch this command :
Code:
# dmesg
To see last kernel log, see in :
Code:
# cat /proc/last_kmsg
For kexec module, this normal way still exist, and give a lot of informations, but to speak with, you must use the driver.
/dev/kexec_driver
You can yourself test communication:
Code:
# cat /dev/kexec_driver
You can send kernel by this communication channel.
Type following commands for help
=> echo help >/dev/kexec_driver
=> dmesg | grep Kexec
Code:
# echo help >/dev/kexec_driver
# cat /dev/kexec_driver
Last command : 'help'
Please type following command :
=> dmesg|grep Kexec
Every command send into driver is receive by kexec_load.ko module and running into the kernel.
The answer can by read thru the driver
Here, you can see that normal way to see messages is allway dmesg.
Code:
# dmesg|grep Kexec
<4>[15050.521628] Kexec: Starting kexec_module...
<6>[15050.521656] Kexec: kexec_driver_contener allocation
<6>[15050.521673] Kexec: kexec_memory_buffer allocation
<4>[15050.521691] Kexec:----------------------------------------------------
<4>[15050.521710] Kexec: kexec_driver created with major : '100'
<4>[15050.521728] Kexec: Please, prepare by typing the following commands :
<4>[15050.521746] Kexec: => mknod /dev/kexec_driver c 100 0
<4>[15050.521761] Kexec: => cat /dev/kexec_driver
<4>[15050.521775] Kexec:-----------------------------------------------------
<4>[15050.521791] Kexec: For help
<4>[15050.521803] Kexec: => echo help >/dev/kexec_driver
(...)
I have add a lot of informations to help to configure kexec.
rdtags, atags ??
Not sure for this part of kernel.
"atags" is the most used method to bootloader to parse commands and informations to kernel at boot.
"atags" is a form of structure in memory to organise informations.
At boot, a address chain is created and can be compulse in /proc/atags file.
This file is read only system.
"rdtags" is another way to bootloader to parse information to kernel.
"rdtags" is not stocked in "/proc"
But, as i see, stock kernel can use "atags" from bootloader.
kexec can substitute bootloader function to create fromscratch a atags chain, and parse to new kernel.
I have change this part to stock atags in "/data/atags", and reuse or change if need.
If this don't work, i must create a rdtags chain to replace atags ; It's not a hard work.
Status
For the moment, kexec tools works.
=> Phase one OK.
I can start Phase Two : new kernel patch.
If you want to help me...
Actually, load a custom kernel and boot into with kexec tools work.
But at boot into, a kernel panic occurs.
It seems, a part of kexec patch is missing in custom kernel.
Hi new thread created for kernel kexec development.
Status: not working: wrong values for mem defines under the kernel is giving segmentation fault as its attempting to write to memory areas that are currently being used byyyyy the system
Instructions:
Make kernel compatible?:
1. Download kernel diff patch from below
2. Terminal - diff patch > diff.txt
How to use:
1. Download kexec-tools (kexec binary) from below
2. Copy into system/bin directory and give it executable permission
3. Download compatible kernel
4. Terminal - kexec --load-hardboot zImage --initrd=initrd.img --mem-min=0x20000000 --command-line="$(cat /proc/cmdline)"
kexec -e
Download links:
Kexec tool- https://db.tt/8DZXQ9eV
Ramdisk firmware 1.548 : https://db.tt/8DZXQ9eV
zImage (kernel):
Source code:
Kernel diff patch: https://db.tt/Xi2htT7Q (currently contains wrong values for mem defines)
Kexec-tools: https://db.tt/I22ofr3b
Special thanks: @delewer @krabappel2548
Reserved
Please move this thread to Xda Devdb, then I can also edit first post etc if I find new stuff
Sent from my C6903 using xda app-developers app
krabappel2548 said:
Please move this thread to Xda Devdb, then I can also edit first post etc if I find new stuff
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
Devdb?
Pm me i dont know what Devdb is lol
Recieved segmentation fault with delewers calculated mem values too
We need to write to memory where we have write access to, maybe lockedbootloader is not allowing us to write? Orrr we are just writing to wrong area of memory
If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.
Shaky156 said:
Devdb?
Pm me i dont know what Devdb is lol
Click to expand...
Click to collapse
Shaky156 said:
Recieved segmentation fault with delewers calculated mem values too
We need to write to memory where we have write access to, maybe lockedbootloader is not allowing us to write? Orrr we are just writing to wrong area of memory
Click to expand...
Click to collapse
I'll discuss with Kali- today if he's available.
Knucklessg1 said:
If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.
Click to expand...
Click to collapse
Doesn't need to be same processor, can be ported
Sent from my C6903 using xda app-developers app
Knucklessg1 said:
If kexec works on the Z1, can it be ported over to Xperia Z/ZL/T/Ultra? I believe they don't all share the same processor.
Click to expand...
Click to collapse
Yes it wont matter much, since its not s800 it should be easier for you guys , take the kexec-tool use that, implement the patch write to the correct mem addresses which is free, it should boot if you guys have issues let me know,
I need to calculate the correct addresses.
Ive noticed s800 uses a dt.img, might need to modify kexec-tool to support dt.img, not sure what dt.img does yet, only know it holds values
Shaky156 said:
I need to calculate the correct addresses.
Ive noticed s800 uses a dt.img, might need to modify kexec-tool to support dt.img, not sure what dt.img does yet, only know it holds values
Click to expand...
Click to collapse
the dt.img is needed by the kernel to boot, so I guess we need to load that too in kexec.
EDIT: people that wanna try add kexec patch to their kernel, check github: android_kernel_sony_msm8974/commits/kexec
krabappel2548, i have compil your kernel by my script (fromscratch)
My script (instruction in "DoomLord Build kernel thread" : scriptZ1 http://forum.xda-developers.com/attachment.php?attachmentid=2346163&d=1382568778
(for thoses who want to help us...)
You have a little mod to do here (bad compil) :
In "sound/soc/msm/qdsp6v2/rtac.c"
you must change
#include <q6voice.h>
by
#include "q6voice.h"
btw : no more ideas to load kexec for the moment ...
delewer said:
krabappel2548, i have compil your kernel by my script (fromscratch)
My script (instruction in "DoomLord Build kernel thread" : scriptZ1 http://forum.xda-developers.com/attachment.php?attachmentid=2346163&d=1382568778
(for thoses who want to help us...)
You have a little mod to do here (bad compil) :
In "sound/soc/msm/qdsp6v2/rtac.c"
you must change
#include <q6voice.h>
by
#include "q6voice.h"
btw : no more ideas to load kexec for the moment ...
Click to expand...
Click to collapse
Sorry, I'm trying to get caught up on the forum, but what seems to be the current standing issue to get kexec working?
Knucklessg1 said:
Sorry, I'm trying to get caught up on the forum, but what seems to be the current standing issue to get kexec working?
Click to expand...
Click to collapse
Read the OP
Status paragraph
Memory regions
00000000-07afffff : System RAM
00008000-00b79383 : Kernel code
00d04000-00f0cddb : Kernel data
0ff00000-779fffff : System RAM
7ff00000-7ff3ffff : rdtags_mem
7ff80000-7ffa0fff : last_kmsg
7ffa1000-7ffa5fff : last_amsslog
System RAM MEM = 00000000
So --min-mem=0x20000000
Now need to find a free memory area thatll allow us to write and hopefully the mmu/pmu on locked bootloader wont cancel it
@delewer? @DooMLoRD @kali @Bin4ry
I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app
king960 said:
I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app
Click to expand...
Click to collapse
These devices are not 2013 devices, they arent s800 socs, so they are much easier to do, simply take the kexec-tools from op, implement the patch in your kernel, write the correct memory values for your specific device and execute in terminal via the command in op, minmem depends on your device too, good luck
I think some1 tried it already, but it works only for unlocked devices... Anyway, thanks for help.
Sent from my LT22i using xda app-developers app
king960 said:
I know I shouldn't disturb, but i must ask: if You achieve Your goal, would it be possible to port it to devices like Xperia P, S, T, U and other NXT? It would be great, many ppl are ready to give a prize for it. Thanks in advance, good luck and sorry again.
Sent from my LT22i using xda app-developers app
Click to expand...
Click to collapse
Does doing this require having an Unlocked Boot loader prior to implementation?
Sent from my C6603 using xda app-developers app
A few informations about kexec-tools debug
in kexec.c
Fonction :
if (file_type.load(argc, argv, kernel_buf,
kernel_size, &info) < 0) {
fprintf(stderr, "Cannot load %s\n", kernel);
return -1;
}
With a forced execution of kexec (bypass error to see...)
--mem-min=0x90000000
kernel: 0xb6b9d008 kernel_size: 3e9340
debug: 1 - after get memory range
debug: 2 - after type test
debug: 3 - after type test
debug: 4 - after info.kexec
debug: Focus 1 - argc '5' ; argv 'be856774' ; kernel_buf 'b6b9d008' ; kernel_size '3e9340' ; info 'be856548' ; i '1' ; file_type.name 'zImage'
Could not find a free area of memory of 3f1340 bytes...
Cannot load zImage
debug: 10 - before trampoline
debug: 11 - after trampoline
debug: 12 - before segment load
debug: 13 - after segment load
debug: 8 - before sort_segment
debug: 9 - after sort_segment
debug: 6 - before purgatory
debug: 7 - after purgatory
kexec_load: entry = (nil) flags = 280004
nr_segments = 0
kexec_load failed: Function not implemented
entry = (nil) flags = 280004
nr_segments = 0
debug: 5 - return result : ffffffff
With a forced bypass on file_type.load , we have this :
--mem-min=0x20000000
debug: Focus 1 - argc '5' ; argv 'bef18774' ; kernel_buf 'b6bc7008' ; kernel_size '3e9340' ; info 'bef18548' ; i '1' ; file_type.name 'zImage'
Segmentation fault
delewer said:
A few informations about kexec-tools debug
in kexec.c
Fonction :
if (file_type.load(argc, argv, kernel_buf,
kernel_size, &info) < 0) {
fprintf(stderr, "Cannot load %s\n", kernel);
return -1;
}
With a forced execution of kexec (bypass error to see...)
--mem-min=0x90000000
kernel: 0xb6b9d008 kernel_size: 3e9340
debug: 1 - after get memory range
debug: 2 - after type test
debug: 3 - after type test
debug: 4 - after info.kexec
debug: Focus 1 - argc '5' ; argv 'be856774' ; kernel_buf 'b6b9d008' ; kernel_size '3e9340' ; info 'be856548' ; i '1' ; file_type.name 'zImage'
Could not find a free area of memory of 3f1340 bytes...
Cannot load zImage
debug: 10 - before trampoline
debug: 11 - after trampoline
debug: 12 - before segment load
debug: 13 - after segment load
debug: 8 - before sort_segment
debug: 9 - after sort_segment
debug: 6 - before purgatory
debug: 7 - after purgatory
kexec_load: entry = (nil) flags = 280004
nr_segments = 0
kexec_load failed: Function not implemented
entry = (nil) flags = 280004
nr_segments = 0
debug: 5 - return result : ffffffff
With a forced bypass on file_type.load , we have this :
--mem-min=0x20000000
debug: Focus 1 - argc '5' ; argv 'bef18774' ; kernel_buf 'b6bc7008' ; kernel_size '3e9340' ; info 'bef18548' ; i '1' ; file_type.name 'zImage'
Segmentation fault
Click to expand...
Click to collapse
Did you compile this kexec yourself? Or did you get this from krapabbel? I issued krapabbel to compile a new debug version have gave him the code but never heard back from him :/
Anywayz so cannot find free memory is the issue
Since fire phone doesn't have a bootloader unlock at the moment. There is no point in building a custom kernel. But By building a kernel we can build kernel modules which work on the stock kernel. And yes you can load unsigned kernel modules without a problem since fire phone doesn't use tz apps to verify kernel modules like Samsung does.
Setup
Source
Download the fire phone sources for firmware 4.6.1 from here. And extract the platfrom.tar inside the archive to somewhere(KERNEL_DIR).
toolchain
You can use the android ndk from google, But it requires some setup. I'm using linaro toolchain from here. You can use compiler version 4.7, 4.8 or 4.9. Kernel I'm using (Firmware 4.6.3 - Linux 3.4-perf-g280c96c) is built with gcc-4.7. But I'm using this gcc-4.9. Download it, extract is somewhere(TOOLCHAIN_DIR) and add the $TOOLCHAIN_DIR/bin to your PATH. Theoretically you would be able to build the kernel on windows using Cygwin or MSYS tools but using Linux is better.
config
Connect your phone trough adb and run
Code:
adb pull /proc/config.gz
zcat config.gz > $KERNEL_DIR/kernel/qcom/3.4/.config
With this config you will run into some problems because of a missing "trapz_generated_kernel.h". I don't know if this is an auto generated file when they build android as a whole or amazon removed this explicitly(can they do that without violating GPL?). Anyway It looks trapz is some low level kernel debugging function(comment here if you know more about it). We can safely disable it. Open $KERNEL_DIR/kernel/qcom/3.4/.config in a text editor and change the lines
Code:
CONFIG_TRAPZ=y
CONFIG_TRAPZ_TP=y
CONFIG_TRAPZ_TRIGGER=y
CONFIG_HAVOK=y
to
Code:
#CONFIG_TRAPZ=y
#CONFIG_TRAPZ_TP=y
#CONFIG_TRAPZ_TRIGGER=y
#CONFIG_HAVOK=y
building
Now edit the $KERNEL_DIR/kernel/qcom/3.4/Makefile and add this changes
Code:
EXTRAVERSION = -perf-g280c96c
This is at the top of the makefile. If we don't add this, vermagic for the modules will differ from stock kernel and they won't load.
ARCH=arm
CROSS_COMPILE=arm-linux-gnueabihf-
Click to expand...
Click to collapse
Here arm-linux-gnueabihf- is my cross compiler frefix. Look in $TOOLCHAIN_DIR/bin/ to find it.
Now cd into $KERNEL_DIR/kernel/qcom/3.4/ and do
Code:
make
The build will fail a few times complaining about missing headers. Most of the time it's just
Code:
#include <myheader.h>
instead of
Code:
#include "myheader.h"
Edit the source file where the build fails and change <>s to ""s. (maybe android ndk ignores the difference and include the headers anyway)
After kernel compiles, we are good to go. We can use this kernel sources to build kernel modules for stock kernel.
Kernel modules
To build the kernel modules, we basically need two things. An approximate kernel source and the Module.symvers file from the original kernel. We can get the Module.symvers file by building the complete kernel as explained above or Just extract it from our stock kernel.
To extract the Module.symvers from the stock kernel, extract the boot.img file from firmware update image. Get mkbootimg tools from here compile it and run
Code:
unmkbootimg --kernel zImage ---ramdisk ramdisk.cpio.gz -i boot.img
After you get the zImage. Download extract-symvers script from here and run
Code:
python2 extract-symvers.py -B 0xc0008000 zImage > Module.symvers
place this file in $KERNEL_DIR/kernel/qcom/3.4/ (You still have to do the changes mentioned above in kernel config and building section run make in the $KERNEL_DIR/kernel/qcom/3.4 and intrupt it after few seconds)
Now you can build loadable modules against this source. Here is a hello world kernel module.
Code:
//hello.c
#include<linux/module.h>
#include<linux/kernel.h>
#include<linux/init.h>
static int __init hello_start(void)
{
printk("hello to the world from module");
return 0;
}
static void __exit hello_end(void)
{
printk("heloo exit");
}
module_init(hello_start);
module_exit(hello_end);
Code:
#Makefile
KERNEL_DIR=<your kernel dir>/kernel/qcom/3.4
obj-m := hello.o
PWD := $(shell pwd)
default:
$(MAKE) ARCH=arm CROSS_COMPILE=armeb-linux-gnueabi- -C $(KERNEL_DIR) SUBDIRS=$(PWD) modules
Put this files in a folder and run make in it. Change the paths and cross compiler prefix according to your setup. and run make.
After the build push the hello.ko to the phone.
Code:
adb push hello.ko /sdcard/
adb shell
su
cd sdcard
insmod hello.ko
run dmesg and you'll see the message.
I'm currently trying to build kexec module from hashcode's sources and USB OTG modules.
I'm attaching a few thing helped me do this.
since they have released this version of the fire os they have to provide the source code
see
http://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic
you have just shown that the source code they releases for the kernel does not match the one used to build the kernel. This means it is a clear violation of the gpl and amazon is in breach and can be sued.
on another note.
are the drivers for the nfc and camera compiled as a module or into the kernel?
They have yet to provide 4.6.3 and 4.6.4 kernel sources too.
I don't know exactly but in order for NFC and camera to work drivers are required and they are in fact compiled into the kernel.
The problem we currently have with NFC and camera is proprietary hal (hardware abstraction libraries) They are a part of Android and does not subject to GPL. Amazon changed the original android way how hal works and didn't release the sources!
by looking at the kernel drivers maybe we would be able to implement hal from scratch. But I don't see that intense dev support for fire phone. If you are up for it camera sources are at $KERNEL_DIR/kernel/qcom/3.4/drivers/media/platform/msm/camera_v2/
Major MAJOR respect for all of you making the Fire Phone even better!
@madushan1000
Could we do something like this to install a custom boot.img?
http://forum.xda-developers.com/optimus-l9/general/guide-install-custom-roms-locked-t3249828
I don't own this device but has anyone tried to see if kexec works?
spudowiar said:
I don't own this device but has anyone tried to see if kexec works?
Click to expand...
Click to collapse
Nope, I was working on it. But then I got a job. It will be sometime before I can start working on it again.
Could someone please provide the config extracted from /proc/config.gz?
I can't find this on CM11 rom for some reason.
Building the kernel now.
Some bugs are in the code and -Wall and gcc-wrapper.py escalate the warnings.
I wonder if those errors are there on purpose XD
helloworld.ko loaded successfully
I was able to execute kexec without anything. Just the binary.
Will keep you posted - this hacking might take a while to figure it all out.
I already have 3.4 kernel from the amazon sources.
I have the kexec userland program.
What is left is a loadable kexec kernel module (if that is possible at all).
removed
Okarin said:
Are we even sure those Amazon Kernel Sources are correct?
Those errors caught by the wrapper scripts are giving me the creeps.
Git the kexec_load.ko build.
Currently hands on insmod.
Phone doesn't do a reboot any longer:
insmod kexec_load.ko
init_module(0xb6e6c008, 408241, "") = -1 ENOENT (No such file or directory)
write(2, "insmod: init_module '/sdcard/kex"..., 79insmod: init_module '/sdcard/kexec_load.ko' failed (No such file or directory)
) = 79
munmap(0xb6e6c000, 409600) = 0
mprotect(0xb6f8c000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0xb6f8c000, 4096, PROT_READ) = 0
close(0) = 0
close(1) = 0
close(2) = 0
futex(0xb6f6cd74, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0xb6f8c000, 4096) = 0
exit_group(-1) = ?
First goal is to get module loaded.
Goal reached:
kexec_load 27813 0 - Live 0x00000000 (O)
procfs_rw 12770 0 - Live 0x00000000 (O)
wlan 3793980 0 - Live 0x00000000 (O)
Shouldn't be functional at all..
I disabled some function calls just to get the module loaded.
The missing symbols are:
soft_restart
arch_kexec
machine_shutdown
And the version I use does some insane function hooking ..
More rework is needed.
[email protected]:/data/local # ./kexec /sdcard/vmlinux
kernel: 0xaf12d008 kernel_size: 7e1354c
unrecoverable error: could not scan "/proc/device-tree/": No such file or directory
<6>[ 97.681256] Kexec_load: Replacement... :
<6>[ 97.681344] kexec_load : my_syscall_table : c0106244
<6>[ 97.681405] kexec_load : kexec_load before replacement : c01b346c
<6>[ 97.681480] kexec_load : kexec_load after replacement : bf3a5650
<6>[ 97.681546] kexec_load : reboot before replacement : c01a83f0
<6>[ 97.681616] kexec_load : reboot after replacement : bf3a6348
<6>[ 97.681675] Kexec_load: End replacement... :
<6>[ 202.694691] Kexec: - Starting kexec_load...
<6>[ 202.694849] Kexec: - ---- kexec_load - result : '0'
It gets better:
255|[email protected]:/data/local # ./kexec --dtb=/sdcard/zImage-dtb /sdcard/vmlinux
kernel: 0xaf1b1008 kernel_size: 7e1354c
kexec-zImage-arm : dtb.img BEFORE CUT : Start : '0xae66f008' - Length : '0xb411e9' - End : '0xaf1b01f1'
Segmentation fault
More tomorrow.
Click to expand...
Click to collapse
Where are you getting your kexec module sources from? BTW try using the original amazon kernal binary the phone is shipped with (we are sure it works). Don't use the custom kernel for the kexec tests (We don't know the custom kernel actually works)
madushan1000 said:
Where are you getting your kexec module sources from? BTW try using the original amazon kernal binary the phone is shipped with (we are sure it works). Don't use the custom kernel for the kexec tests (We don't know the custom kernel actually works)
Click to expand...
Click to collapse
Here is the thread I used as a starting point.
I will put up my "fork" on github after I get permission to do that
The userland part build like a charm once I took the compiler you recommended.
The kernel-module was tricky because the whole thing is modded like hell.
To be able to load I had to comment out some hard coded addresses and the calls to unresolvable symbols.
removed
Okay the kernel gets loaded.
But
kexec -e shuts off the device.
strace doesn't help.
On the plus side:
Devices are shutdown
Look promising
I need a way to tail dmesg ...
Okay a lot of digging around and I found out that the reboot syscall doesn't work properly..
It doesn't look like it hits the kexec_module it looks more like it hits the actualy sys_reboot
Okay reboot syscall hits my reboot-hook.
But the softreboot doesn't work now.
Okay there is some kind of watchdog runnig which doesn't like my kexec.
I need to kill it - that should happen tomorrow.
removed
I hit the same wall when I tried to isolate the kexec code from the kernel itself to a module. I stopped working on it because I lacked the time. BTW the error you are facing now
<3>[ 80.580644] BUG: scheduling while atomic: kexec/4067/0x00000002
Click to expand...
Click to collapse
is because memory allocator is trying to switch threads while you are in a syscall. it's because of lines like this
image = kzalloc(sizeof(*image), GFP_KERNEL);
Click to expand...
Click to collapse
Try changing GFP_KERNEL to GFP_ATOMIC. Other than that, I have another suggestion. Try to get the kernel to run in a single core mode before running kexec code. This might simplify things. I don't know how to do this though.
madushan1000 said:
I hit the same wall when I tried to isolate the kexec code from the kernel itself to a module. I stopped working on it because I lacked the time. BTW the error you are facing now
is because memory allocator is trying to switch threads while you are in a syscall. it's because of lines like this
Try changing GFP_KERNEL to GFP_ATOMIC. Other than that, I have another suggestion. Try to get the kernel to run in a single core mode before running kexec code. This might simplify things. I don't know how to do this though.
Click to expand...
Click to collapse
The atmic error is gone now. It went away after I disabled the watchtog.
smp_disable() is what you are looking for - but this causes the system to hard_reboot ATM XD
what happens if you kill every userlevel program before smp_disable()?
removed
#define tomorrow
Okay .. I worked out the preemption thing.
At least it does something.
Still a black screen and the MSM_WATCHDOG is a ***** again.
It needs to be suspended .. at least that what I get from the code I read here.
If I remove the driver too early the output in /proc/kmsg stops ..
If I try to remove it too late ... well it causes a resched while atomic.
Sorry if this is posted in the wrong forum. XDA's brain-damaged posting policy doesn't allow me to post in the development section.
Moderator Edit: Definitely in the wrong Forum, you're right. Should have been in Q and A... which it now is. This Post will help you understand the XDA stance on posting in Development
I've been scratching my head trying to figure out the location and purpose of a mysterious file introduced in recent Cyanogenmod builds for the Samsung Galaxy Tab S 8.4 (klimtwifi).
The file is sswap. The file is referenced in at least two files within the Cyanogenmod build directory, i.e.:
Code:
device/samsung/klimtwifi/proprietary-files.txt
device/samsung/klimtwifi/rootdir/etc/init.universal5420.rc
In proprietary-files.txt we see the following lines:
Code:
# Samsung SSWAP
root/sbin/sswap
Basically, proprietary-files.txt is the list of files that the extract-files.sh script uses to download the prebuilt binary-only vendor files (without source code) from a working Cyanogenmod installation. This appears to place the file within the /system directory. At least this is my understanding of how the extract-files.sh script works, i.e. it takes the relative paths found in proprietary-files.txt and appends the base path /system.
Code:
if [ "$SRC" = "adb" ]; then
adb pull /system/$FILE $BASE/$DEST
# if file dot not exist try destination
if [ "$?" != "0" ]
then
adb pull /system/$DEST $BASE/$DEST
fi
However the reference to sswap in init.universal5420.rc puts it in a different location:
Code:
service sswap /sbin/sswap -s
class core
user root
group root
oneshot
seclabel u:r:sswap:s0
I can only assume that sswap is hardlinked or softlinked to or from the /system directory. However, this kind of defeats the
purpose of /sbin being assigned root-only read permissions.
Finally, I've not been able to find any documentation with regard to sswap, particularly what its advantages or disadvantages are when compared to the standard Linux swapon/swapoff utility.
DisposableName said:
Sorry if this is posted in the wrong forum. XDA's brain-damaged posting policy doesn't allow me to post in the development section.
Moderator Edit: Definitely in the wrong Forum, you're right. Should have been in Q and A... which it now is. This Post will help you understand the XDA stance on posting in Development
I've been scratching my head trying to figure out the location and purpose of a mysterious file introduced in recent Cyanogenmod builds for the Samsung Galaxy Tab S 8.4 (klimtwifi).
The file is sswap. The file is referenced in at least two files within the Cyanogenmod build directory, i.e.:
Code:
device/samsung/klimtwifi/proprietary-files.txt
device/samsung/klimtwifi/rootdir/etc/init.universal5420.rc
In proprietary-files.txt we see the following lines:
Code:
# Samsung SSWAP
root/sbin/sswap
Basically, proprietary-files.txt is the list of files that the extract-files.sh script uses to download the prebuilt binary-only vendor files (without source code) from a working Cyanogenmod installation. This appears to place the file within the /system directory. At least this is my understanding of how the extract-files.sh script works, i.e. it takes the relative paths found in proprietary-files.txt and appends the base path /system.
Code:
if [ "$SRC" = "adb" ]; then
adb pull /system/$FILE $BASE/$DEST
# if file dot not exist try destination
if [ "$?" != "0" ]
then
adb pull /system/$DEST $BASE/$DEST
fi
However the reference to sswap in init.universal5420.rc puts it in a different location:
Code:
service sswap /sbin/sswap -s
class core
user root
group root
oneshot
seclabel u:r:sswap:s0
I can only assume that sswap is hardlinked or softlinked to or from the /system directory. However, this kind of defeats the
purpose of /sbin being assigned root-only read permissions.
Finally, I've not been able to find any documentation with regard to sswap, particularly what its advantages or disadvantages are when compared to the standard Linux swapon/swapoff utility.
Click to expand...
Click to collapse
When I put together the prop* there was no option to get files from the roms ramdisk (extract-files.sh assumes all needed files reside in /system/. sswap lives in /sbin/ and should be in /sbin for the source build rom, too. If you look here:
https://github.com/TheMuppets/propr...-common/exynos5420-common-vendor-blobs.mk#L25
...you'll see that sswap is copied to /root/sbin. In /root the android build environment assambles the ramdisk.
You can use mkswap on the swap partition and go ahead with swapon and swapoff. This will work. But since I havn't found any documentation of samsungs sswap partition format, I decided to use samsungs sswap instead of standard linux kernel swap interface: I have no idea hpw to "mkswap" for sswap. If you use mkswap and swapon be prepared to have a hard time to get back to sammy tw.