[Guide]Enable Adopted Sdcard In any CM based roms - Moto E General

Want adopted sd enabled in the latest cm based custom rom for our dear moto e
Here is a temporary workaround
Firstly this was done by making use of a guide found in ashwin007's thread called
[ROM][OFFICIAL][condor] CyanogenMod 13 for Moto E 2014
Page 134 by millerscout.
In that guide youll find 11 steps to follow.
Now you'll just have to make small changes to two of the steps
Step 2. Change to whatever MM CM based rom you want and
Step 10. to the MM CM based rom you have chosen.
Now I usually keep these things to myself but for some time now I've noticed a lot of persons keep asking in the threads if adopted sd card is working. C'mon guys Its annoying. Despite the answers being yes at times its only after I've wiped my phone and install the latest rom I find out that adopted sd card is not working and corrupts my sd card. The guide by millerscout is a simple workaround I found for this small problem and with my added input it could work with other cm based marshmallow roms. Ive never tried it with AOSP or any other marshmallow based roms only CM.
That's it now enjoy the latest mm cm based roms with adopted sd until it as been officially fixed by ashwin007 :highfive:
Disclaimer: The instructions are pretty straightforward. Read and follow the instructions to reap your reward. With that said I will not be responsible for any fumes leaking from your phone

I could testify it
Just done it yesterday, using cm13 20160113 instead of temasek unoficial build
1. Factory reset using twrp
2. Clean flash cm13 20160113 and gapps
3. Wipe cache n dalvik cache, don't know if it is necessary, it just habits
4. Reboot system, finish setup wizard, set up sdcard as internal
5. Reboot to twrp
6. Flash newest cm13 build, i use 20160224 yesterday
7. Wipa cache n dalvik cache
8. Reboot system, sdcard as internal still working fine
I heard that aospb n orionos has sdcard as internal worked too
Thanks to @ehrans and @millerscout for the tricks

didnt worked for me with ressurection
any other way i can use..??really frustrated with the storage running out msg

I've Successfully formatted my sd card as internal but having a serious problem..when i connect my phone to the computer, it doesn't show my sd card for transfering the backup files to my phone.. what to do now ?? Any help Guyss ??
Edit : I've restarted my phone also but still doesn't helped..

Hello everyone. I've been hearing a lot of users reporting issues with adopted SD on condor. It worls fine on otus, so it is evidently a condor specific issue. I don't yet have the device, so I can't test and debug the issue myself at the moment. However, if someone coulld share logs of trying to format the SD card as internal on the latest nightly, that would be helpful. In particular, I want to see the logcat and dmesg output during the SD card formatting process.
A few word of advice on capturing logs: It's usually more helpful to capture a log of just doing the action of interest rather than providing a log from bootup till an hour after reproducing the issue. The way I usually do this on Linux or Mac is to start adb logcat on a shell, let it spew out everything, then clear the terminal, do the action of interest, let it complete, then hit Ctrl-C to stop logcat. Then copy paste the terminal contents into a file. For dmesg, just copy paste the last n secomds showing the relevant operation.

squid2 said:
Hello everyone. I've been hearing a lot of users reporting issues with adopted SD on condor. It worls fine on otus, so it is evidently a condor specific issue. I don't yet have the device, so I can't test and debug the issue myself at the moment. However, if someone coulld share logs of trying to format the SD card as internal on the latest nightly, that would be helpful. In particular, I want to see the logcat and dmesg output during the SD card formatting process.
A few word of advice on capturing logs: It's usually more helpful to capture a log of just doing the action of interest rather than providing a log from bootup till an hour after reproducing the issue. The way I usually do this on Linux or Mac is to start adb logcat on a shell, let it spew out everything, then clear the terminal, do the action of interest, let it complete, then hit Ctrl-C to stop logcat. Then copy paste the terminal contents into a file. For dmesg, just copy paste the last n secomds showing the relevant operation.
Click to expand...
Click to collapse
please find attached dmesg.txt

Ansh2000 said:
please find attached dmesg.txt
Click to expand...
Click to collapse
Thanks for the log. The associated logcat would also be helpful, but from what I see in the dmesg, a couple things jumped out to me.
It looks like the f2fs formatting utility (mkfs.f2fs) crashes, and subsequent attempts crash further:
Code:
[ 2413.240089,0] mmcblk1: p1
[ 2414.518112,1] mmcblk1: p1 p2
[ 2414.969437,1] Core dump to |/system/bin/coredump mkfs.f2fs 8800 1457156718 pipe failed
...
[ 2462.808252,1] mmcblk1: unknown partition table
[ 2464.031938,0] mmcblk1: p1 p2
[ 2464.556586,0] Core dump to |/system/bin/coredump mkfs.f2fs 8996 1457156767 pipe failed
The big question would be why it crashes. The logcat may give more hints as to this. One thing I did notice is that there are an awful lot of untrusted_app selinux denials. One should usually not grant additional permission to untrusted_app. However, I'm curious if SELinux is causing issues for you. One thing worth trying would be to make selinux permissive (run "setenforce 0" as root) before trying to format the card. If that makes formatting work, then we'd know for sure that it's an SELinux related issue. However, this is just a wild guess, and the issue may be something completely unrelated.

squid2 said:
Thanks for the log. The associated logcat would also be helpful, but from what I see in the dmesg, a couple things jumped out to me.
It looks like the f2fs formatting utility (mkfs.f2fs) crashes, and subsequent attempts crash further:
Code:
[ 2413.240089,0] mmcblk1: p1
[ 2414.518112,1] mmcblk1: p1 p2
[ 2414.969437,1] Core dump to |/system/bin/coredump mkfs.f2fs 8800 1457156718 pipe failed
...
[ 2462.808252,1] mmcblk1: unknown partition table
[ 2464.031938,0] mmcblk1: p1 p2
[ 2464.556586,0] Core dump to |/system/bin/coredump mkfs.f2fs 8996 1457156767 pipe failed
The big question would be why it crashes. The logcat may give more hints as to this. One thing I did notice is that there are an awful lot of untrusted_app selinux denials. One should usually not grant additional permission to untrusted_app. However, I'm curious if SELinux is causing issues for you. One thing worth trying would be to make selinux permissive (run "setenforce 0" as root) before trying to format the card. If that makes formatting work, then we'd know for sure that it's an SELinux related issue. However, this is just a wild guess, and the issue may be something completely unrelated.
Click to expand...
Click to collapse
logcat

@squid2 http://forum.cyanogenmod.org/topic/...-sd-as-internal-storage-then-says-sd-corrupt/
does this seems legit? and if it would works (it works acc. to users in cm12.1 forum) how to execute it?
see the post made by socram8888
can anyone confirm at all if running the command "mkfs.f2fs /dev/block/dm-0" in terminal emulator would do the job? without having to format card using january nightly

booo159159 said:
@squid2 http://forum.cyanogenmod.org/topic/...-sd-as-internal-storage-then-says-sd-corrupt/
does this seems legit? and if it would works (it works acc. to users in cm12.1 forum) how to execute it?
see the post made by socram8888
can anyone confirm at all if running the command "mkfs.f2fs /dev/block/dm-0" in terminal emulator would do the job? without having to format card using january nightly
Click to expand...
Click to collapse
The mkfs.f2fs /dev/block/dm-0 is the command that is failing when trying to format through the wizard. Maybe it works properly when invoked manually. It's worth a try. Let me know what happens when you try it. Be sure to run it as root.
@Ansh2000 Thanks for the logcat. The relevant problem that repeats in the logcat is this crash in mkfs.f2fs:
Code:
03-05 12:09:15.017 192 200 D vold : Resolved auto to f2fs
03-05 12:09:15.017 192 200 V vold : /system/bin/mkfs.f2fs
03-05 12:09:15.017 192 200 V vold : /dev/block/dm-0
--------- beginning of crash
03-05 12:09:15.121 6320 6320 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x6 in tid 6320 (mkfs.f2fs)
03-05 12:09:15.122 231 231 I DEBUG : property debug.db.uid not set; NOT waiting for gdb.
03-05 12:09:15.122 231 231 I DEBUG : HINT: adb shell setprop debug.db.uid 100000
03-05 12:09:15.122 231 231 I DEBUG : HINT: adb forward tcp:5039 tcp:5039
03-05 12:09:15.206 231 231 I SELinux : SELinux: Loaded file_contexts contexts from /file_contexts.
03-05 12:09:15.209 706 1108 W NativeCrashListener: Couldn't find ProcessRecord for pid 6320
03-05 12:09:15.210 231 231 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-05 12:09:15.210 231 231 E DEBUG : AM write failed: Broken pipe
03-05 12:09:15.210 231 231 F DEBUG : Build fingerprint: 'motorola/condor_retaildsds/condor_umtsds:5.1/LPC23.13-34.8/12:user/release-keys'
03-05 12:09:15.210 231 231 F DEBUG : Revision: '0'
03-05 12:09:15.210 231 231 F DEBUG : ABI: 'arm'
03-05 12:09:15.210 231 231 F DEBUG : pid: 6320, tid: 6320, name: mkfs.f2fs >>> /system/bin/mkfs.f2fs <<<
03-05 12:09:15.210 231 231 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x6
03-05 12:09:15.221 231 231 F DEBUG : r0 b6d2e1c0 r1 00000006 r2 b7b770c8 r3 b7b770d8
03-05 12:09:15.222 231 231 F DEBUG : r4 b6d2e1c0 r5 b6d2e1c0 r6 b7b770c8 r7 00000000
03-05 12:09:15.222 231 231 F DEBUG : r8 00000036 r9 b6f4fff4 sl b6f001a4 fp 00000006
03-05 12:09:15.222 231 231 F DEBUG : ip 00000000 sp bea446c0 lr 000007c0 pc b6ef3368 cpsr 60070030
03-05 12:09:15.236 231 231 F DEBUG :
03-05 12:09:15.236 231 231 F DEBUG : backtrace:
03-05 12:09:15.237 231 231 F DEBUG : #00 pc 00001368 /system/lib/libf2fs.so (utf8_to_utf16+31)
03-05 12:09:15.237 231 231 F DEBUG : #01 pc 0000f843 /system/lib/libutils.so
03-05 12:09:15.237 231 231 F DEBUG : #02 pc 0000f897 /system/lib/libutils.so (android::String16::String16(char const*)+22)
03-05 12:09:15.237 231 231 F DEBUG : #03 pc 0001fa41 /system/lib/libbinder.so
03-05 12:09:15.341 231 231 F DEBUG :
03-05 12:09:15.341 231 231 F DEBUG : Tombstone written to: /data/tombstones/tombstone_00
03-05 12:09:15.344 192 200 I mkfs.f2fs: mkfs.f2fs terminated by signal 11
03-05 12:09:15.344 706 733 I BootReceiver: Copying /data/tombstones/tombstone_00 to DropBox (SYSTEM_TOMBSTONE)
03-05 12:09:15.344 192 200 E vold : private:179_66 failed to format: No such device or address
You can see that the crash is happening in some string conversion code (invokations via utf8_to_utf16). I'm not yet sure why this crash is happening, but at least we now know what the crash is. One wild and probably incorrect guess is that it has something to do with differences between the condor fstab and otus fstab (such as the dual f2fs and ext4 userdata support, different mount flags).
BTW: Just to be sure, @Ansh2000, your internal storage userdata partition is formatted as f2fs and not ext4?

@squid2 formatted with f2fs.

Thanks @squid2 for taking your time out and looking at this condor specific issue. Thanks a bunch

@squid2 the partition formats successfully but still in the setting, it shows the sd card as corrupted even after a reboot. again trying to format through wizard and still unable to use.
FYI I had permissive selinux, and yes i ran it as root
and I use ext4 only, I never migrated to f2fs
EDIT: i made a mistake, this command would only work through the stock kernel, while i was using custom kernel. And flashing the kernel after making the sd card internal wont work either.
I mean the sd card would format. But only will be usable as internal through stock kernel
So i guess we'll have to wait until @rainforce279 brings some updates

squid2 said:
The mkfs.f2fs /dev/block/dm-0 is the command that is failing when trying to format through the wizard. Maybe it works properly when invoked manually. It's worth a try. Let me know what happens when you try it. Be sure to run it as root.
It is not working says mkfs.f2fs not found.
Click to expand...
Click to collapse

cm13 20160113
from where i can get cm13 20160113 build. bcoz it's not available on official site...
can u plz provide the link...

rajeev20 said:
from where i can get cm13 20160113 build. bcoz it's not available on official site...
can u plz provide the link...
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=65406771&postcount=1338
:laugh::laugh:

squid2 said:
Thanks for the log. The associated logcat would also be helpful, but from what I see in the dmesg, a couple things jumped out to me.
It looks like the f2fs formatting utility (mkfs.f2fs) crashes, and subsequent attempts crash further:
Code:
[ 2413.240089,0] mmcblk1: p1
[ 2414.518112,1] mmcblk1: p1 p2
[ 2414.969437,1] Core dump to |/system/bin/coredump mkfs.f2fs 8800 1457156718 pipe failed
...
[ 2462.808252,1] mmcblk1: unknown partition table
[ 2464.031938,0] mmcblk1: p1 p2
[ 2464.556586,0] Core dump to |/system/bin/coredump mkfs.f2fs 8996 1457156767 pipe failed
The big question would be why it crashes. The logcat may give more hints as to this. One thing I did notice is that there are an awful lot of untrusted_app selinux denials. One should usually not grant additional permission to untrusted_app. However, I'm curious if SELinux is causing issues for you. One thing worth trying would be to make selinux permissive (run "setenforce 0" as root) before trying to format the card. If that makes formatting work, then we'd know for sure that it's an SELinux related issue. However, this is just a wild guess, and the issue may be something completely unrelated.
Click to expand...
Click to collapse
even if we somehow get adopted working on the roms which gives corrupted sd card error ....another error arises that is when we update apps that is on sd card the updated app comes on internal and when we try to move that app to sd card again ,phone soft reboots and app still remains on internal.

I'm on bliss 6.0 tried all the methods get error 255 I like m but if can't get SD fixed I'm going back to 5.1.1

Related

[Android] TouchPad Android kernel mini howto

It seems there is little information on the internet regarding how to compile the kernel and how to convert to the correct image format so the boot loader will recognise and how to transfer it over to the touchpad. I ended up spent a few hours and finally figured out. I hope this will be useful for someone. I will try to make it concise as this is mainly aimed for developers.
What you will need
A linux development machine with uboot mkimage tool installed.
Sourcery G++ Lite 2010q1-188 for ARM EABI cross compile tool chain
https://sourcery.mentor.com/sgpp/lite/arm/portal/release1294
Touchpad kernel source
https://github.com/CyanogenMod/hp-kernel-tenderloin
CM7 Alpha 3 image (zip file)
http://goo-inside.me/roms/cmtouchpad/alpha3/update-cm-7.1.0-tenderloin-a3-fullofbugs-signed.zip
Prepare
Download CM7 Alpha 3 image and extract the boot.img to a temporary place.
Download Sourcery G++ Lite and install it. Add the G++ Lite tool chain binaray path to the PATH env variable. Get the kernel source from git hub and extract to local disk and change directory to the kernel source.
Compile the kernel
Still in the kernel source directory run
Code:
make ARCH=arm CROSS_COMPILE=arm-none-eabi- tenderloin_android_defconfig
make ARCH=arm CROSS_COMPILE=arm-none-eabi- uImage
Prepare the initramfs U-boot image
Extract the initramfs from the boot.img saved in temporary folder and convert it to uboot-image format
Code:
dd if=boot.img bs=1 skip=3577748 of=img.gz
mkimage -A arm -O linux -T ramdisk -C none -a 0x60000000 -e 0x60000000 -n "Image" -d ./img.gz arch/arm/boot/uRamdisk
(The dd offset for alpha 2.1 image is 3561152)
Combine the kernel and initramfs into a single U-boot image
Create a combined U-boot image (kernel and initramfs)
Code:
mkimage -A arm -O linux -T multi -a 0x40208000 -e 0x40208000 -C none -n "multi image" -d arch/arm/boot/uImage:arch/arm/boot/uRamdisk uImage.CyanogenMod.new
Transfer it to the device
Boot your touchpad into recovery mode and run
Code:
adb shell mount /dev/block/mmcblk0p13 /boot
adb push uImage.CyanogenMod.new /boot/uImage.CyanogenMod.new
adb shell umount /boot
adb shell reboot
After it reboot you should be able to see a new CyanogenMod.new item from the boot menu.
That's it!
Optimisation
For those who wants to experiment with GCC build options you can update the entry "arch-$(CONFIG_CPU_32v7" in file arch/arm/Makefile and I set mine to
Code:
arch-$(CONFIG_CPU_32v7) :=-D__LINUX_ARM_ARCH__=7 -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -mfloat-abi=softfp -O2 $(call cc-option,-march=armv7-a,-march=armv5t -Wa$(comma)-march=armv7-a)
Warning
Please be aware you are working on the bleeding edge kernel for touchpad and there is no guarantee that the latest git version will work for you. Please try an earlier version if that's the case.
As of 2011-11-23 you will need the latest kernel source to build kernel for alpha 3. Please do not mix the kernel with an initramfs from a different version, i.e. don't use initramfs extracted from alpha 2.1 and use it with alpha3.
Thanks for this. Last weekend spent a while trying to figure this out.
Sent from my HP Touchpad using Tapatalk
x2. Huge thanks
Thank you soooooo much for this guide. Quick question if you don't mind though.. I am using an mkimage that goes back to my nook kernel days. Is there anything newer out, or would this still be ok,?
Divine_Madcat said:
Thank you soooooo much for this guide. Quick question if you don't mind though.. I am using an mkimage that goes back to my nook kernel days. Is there anything newer out, or would this still be ok,?
Click to expand...
Click to collapse
As long as the mkimage can generate a standard U-boot image it should be fine.
You can always try it yourself. In worst case you have to hard reboot the touchpad by pressing the power button and home button at the same time for more than 10 minutes. As long as you keep the original image files (UImage.*) untouched I don't think you can brick it even if you want to.
S7
I have been trying to compile the kernel for some time now, and was hopeful reading your guide (and this last post) However, still following the steps to merge the ramdisk, i cannot make a booting kernel. I can get it flashed, as i am using the update.zip method, but moboot always gives me a crc error when booting it.
Though, before i totally go nuts, i think i need to try the source forgery toolchain, as i am using the Android ndk r6b...
Divine_Madcat said:
S7
I have been trying to compile the kernel for some time now, and was hopeful reading your guide (and this last post) However, still following the steps to merge the ramdisk, i cannot make a booting kernel. I can get it flashed, as i am using the update.zip method, but moboot always gives me a crc error when booting it.
Though, before i totally go nuts, i think i need to try the source forgery toolchain, as i am using the Android ndk r6b...
Click to expand...
Click to collapse
Could you check the md5sum of the u-boot image crated on disk and the one installed by update.zip file? Do they match? If they do then you probably will need to upgrade your mkimage tool.
s7mx1 said:
Could you check the md5sum of the u-boot image crated on disk and the one installed by update.zip file? Do they match? If they do then you probably will need to upgrade your mkimage tool.
Click to expand...
Click to collapse
I will give it a check; just in case, know where to get a newer mkimage?
Thanks so much for this guide
s7mx1 said:
You can always try it yourself. In worst case you have to hard reboot the touchpad by pressing the power button and home button at the same time for more than 10 minutes.
Click to expand...
Click to collapse
It feels like 10 mins.. doesn't it
WEll, i checked the MD5 sums, and it looks good. So, i guess it is time to try again with the toolchain listed here, and perhaps a new mkimage (if there is a "modern" one i should using, please point me to it...)
edit: Never mind.. in all my looking, i never saw that ubuntu had a nice one waiting for me.... doh
edit2: Woo! After getting the probably correct mkimage, and the CS toolchain, looks like i finally got it to pass the crc check. Now, lets see if it finishes booting. Thanks again for the guide!
Nope.. no boot. I get a dmesg with this:
<3>[ 69.978716] init: untracked pid 224 exited
<6>[ 70.086076] android_usb gadget: high speed config #1: android
<6>[ 70.086209] gadget_event: schedule host_connected
<6>[ 70.096953] max8903b_current_setup: CURRENT_500MA
<6>[ 70.097040] gadget_event: source=bus mA=500 (no change)
<4>[ 70.910953] UDC-CHG (2-2-2): usb_multi_chg_detect (591) : USB host Adaptor
(500mA)!
<6>[ 70.912805] gadget_event: schedule host_disconnected
<6>[ 70.925482] max8903b_current_setup: CURRENT_ZERO
<6>[ 71.164066] android_usb gadget: high speed config #1: android
<6>[ 71.164220] gadget_event: schedule host_connected
<6>[ 71.173640] max8903b_current_setup: CURRENT_500MA
<6>[ 71.178212] gadget_event: source=bus mA=500 (no change)
<6>[ 72.160955] gadget_event: host_connected=1 (no change)
<6>[ 74.142224] request_suspend_state: wakeup (0->0) at 74121495501 (2011-11-1
1 22:49:33.378031648 UTC)
<3>[ 74.143675] init: untracked pid 266 exited
<3>[ 74.155217] init: untracked pid 273 exited
<6>[ 79.285016] request_suspend_state: wakeup (0->0) at 79264287462 (2011-11-1
1 22:49:38.520824942 UTC)
The last three lines repeat alot, with different pid's .
Alrighty.. figured this one out - You cannot use the latest repository commits with the 2.1 alpha build. However, i was able to build commit fd70bb7aae, and it builds and actually boots. Now, i can actually play around and tweak it. Thank you again for the guide, and sorry for the edit spamming.. heh.
myn said:
x2. Huge thanks
Click to expand...
Click to collapse
Myn, do you have a touchpad???!!!? God I hope so!
vinscuzzy said:
Myn, do you have a touchpad???!!!? God I hope so!
Click to expand...
Click to collapse
He does
Sent from my PG86100 using Tapatalk
Divine_Madcat said:
WEll, i checked the MD5 sums, and it looks good. So, i guess it is time to try again with the toolchain listed here, and perhaps a new mkimage (if there is a "modern" one i should using, please point me to it...)
edit: Never mind.. in all my looking, i never saw that ubuntu had a nice one waiting for me.... doh
edit2: Woo! After getting the probably correct mkimage, and the CS toolchain, looks like i finally got it to pass the crc check. Now, lets see if it finishes booting. Thanks again for the guide!
Nope.. no boot. I get a dmesg with this:
<3>[ 69.978716] init: untracked pid 224 exited
<6>[ 70.086076] android_usb gadget: high speed config #1: android
<6>[ 70.086209] gadget_event: schedule host_connected
<6>[ 70.096953] max8903b_current_setup: CURRENT_500MA
<6>[ 70.097040] gadget_event: source=bus mA=500 (no change)
<4>[ 70.910953] UDC-CHG (2-2-2): usb_multi_chg_detect (591) : USB host Adaptor
(500mA)!
<6>[ 70.912805] gadget_event: schedule host_disconnected
<6>[ 70.925482] max8903b_current_setup: CURRENT_ZERO
<6>[ 71.164066] android_usb gadget: high speed config #1: android
<6>[ 71.164220] gadget_event: schedule host_connected
<6>[ 71.173640] max8903b_current_setup: CURRENT_500MA
<6>[ 71.178212] gadget_event: source=bus mA=500 (no change)
<6>[ 72.160955] gadget_event: host_connected=1 (no change)
<6>[ 74.142224] request_suspend_state: wakeup (0->0) at 74121495501 (2011-11-1
1 22:49:33.378031648 UTC)
<3>[ 74.143675] init: untracked pid 266 exited
<3>[ 74.155217] init: untracked pid 273 exited
<6>[ 79.285016] request_suspend_state: wakeup (0->0) at 79264287462 (2011-11-1
1 22:49:38.520824942 UTC)
The last three lines repeat alot, with different pid's .
Alrighty.. figured this one out - You cannot use the latest repository commits with the 2.1 alpha build. However, i was able to build commit fd70bb7aae, and it builds and actually boots. Now, i can actually play around and tweak it. Thank you again for the guide, and sorry for the edit spamming.. heh.
Click to expand...
Click to collapse
That's because dalingrin has updated the default configuration to use the HIGHMEM which seems to kill all the apps. The latest git actually works if you disable all the HIGHMEM related stuff.
decalex said:
Thanks so much for this guide
It feels like 10 mins.. doesn't it
Click to expand...
Click to collapse
Absolutely
I just hope there is a rest button as the touchscreen occasionally will not respond at all after wake up and I have to reboot to webos and then reboot back to get the touchscreen back.
Great guide and I got the kernel all built, but how do you change the kernel arguments for booting? e.g. where does moboot get its whole root=/dev/ram0 ro fb...stuff, and how does the CyanogenMod kernel know where to look for the rootfs partition?
crimsonredmk said:
Great guide and I got the kernel all built, but how do you change the kernel arguments for booting? e.g. where does moboot get its whole root=/dev/ram0 ro fb...stuff, and how does the CyanogenMod kernel know where to look for the rootfs partition?
Click to expand...
Click to collapse
The root parameter (root=/dev/ram0) that passed to kernel is not useful to you. The root / is mere extracted initramfs in memory. I assume you are looking for system, data partitions etc. With TP we have LVM partitions which you can do really fancy stuff with. The actual mount device and mount point is defined (hard coded) in file init.tenderloin.rc which you can find in the initramfs (i.e. the img.gz which is a gzipped cpio file). You can extract all the contents out from img.gz and modify init.tenderloin.rc to suit your need and then create an updated initramfs file to go with the kernel.
Since Android (at least CM7 on TP) does not use pivot_root any changes made to the initramfs will appear automatically when you boot up the device.
You can google if you are not sure how to work with initramfs file.

[Q] [L7] [DEV] V20a Kernel Build problems

So, i tried to compile V20a kernel and i get this errors:
Code:
CC drivers/power/lge_pm_sysfs.o
drivers/power/lge_pm_sysfs.c:25:38: fatal error: ../../kernel/power/power.h: No such file or directory
compilation terminated.
make[2]: *** [drivers/power/lge_pm_sysfs.o] Error 1
make[1]: *** [drivers/power] Error 2
make[1]: *** Waiting for unfinished jobs....
Code:
LD drivers/net/built-in.o
make: *** [drivers] Error 2
make: *** Waiting for unfinished jobs....
CC net/netfilter/xt_length.o
Anyone tried to compile? How can i solve this error?
i managed to compile it but it doesn't boot . logcat not available.
Please, can you give me some ideea as i am not a developer. I will flash now my original boot img
hmmm is bad
Hint
Hello,
I also discovered that the way the kernel should be compiled according to the readme file is impossible. It does mention a defconfig file that is not available.
However, it is possible to get the config file of an existing kernel, because it is compiled in in the kernel:
Use the following steps, when your PC is connected to your phone with an working v20a kernel:
$adb pull /proc/config.gz
$gunzip config.gz
$mv config YOURKERNELROOT/arch/arm/configs/u2_my_defconfig
$cd YOURKERNELROOT
$make youroptions u2_my_defconfig
de-wolff said:
Hello,
I also discovered that the way the kernel should be compiled according to the readme file is impossible. It does mention a defconfig file that is not available.
However, it is possible to get the config file of an existing kernel, because it is compiled in in the kernel:
Use the following steps, when your PC is connected to your phone with an working v20a kernel:
$adb pull /proc/config.gz
$gunzip config.gz
$mv config YOURKERNELROOT/arch/arm/configs/u2_my_defconfig
$cd YOURKERNELROOT
$make youroptions u2_my_defconfig
Click to expand...
Click to collapse
I built it using my phones defconfig and removed this from makefile "drivers/power/lge_pm_sysfs.o". The build was successful but it doesn't boot. I will start working on it today.
Update: IT BOOTS!
I wasn't packing it correctly:
These are the lines to pack it:
./mkbootimg --kernel zImage --ramdisk boot.img-ramdisk.gz --cmdline androidboot.hardware=u0 --base 0x00200000 --pagesize 4096 -o boot.img
Click to expand...
Click to collapse
kernel version is:
Linux version 3.4.0-perf ([email protected]) (gcc version 4.6.2 20111004 (prerelease) (Linaro GCC 4.6-2011.10) ) #2 PREEMPT Wed Apr 17 23:22:22 EEST 2013
Click to expand...
Click to collapse
i will start patching tomorrow or later because i have to figure out how to OC and how to git
tudorsirb said:
So, i tried to compile V20a kernel and i get this errors:
Code:
CC drivers/power/lge_pm_sysfs.o
drivers/power/lge_pm_sysfs.c:25:38: fatal error: ../../kernel/power/power.h: No such file or directory
compilation terminated.
make[2]: *** [drivers/power/lge_pm_sysfs.o] Error 1
make[1]: *** [drivers/power] Error 2
make[1]: *** Waiting for unfinished jobs....
Code:
LD drivers/net/built-in.o
make: *** [drivers] Error 2
make: *** Waiting for unfinished jobs....
CC net/netfilter/xt_length.o
Anyone tried to compile? How can i solve this error?
Click to expand...
Click to collapse
open lge_pm_sysfs.c and set power.h file to the correct path.
moon61 said:
open lge_pm_sysfs.c and set power.h file to the correct path.
Click to expand...
Click to collapse
i fixed that error, the kernel build and boots from stock sources. Now i'm trying to figure out what to do with the modules as wireless doesn't work, how to apply patches and how to overclock because i can't find freqs in acpuclock. Any sugestions?
How to modify kernel
Once you are able to make a working kerrnel, it is quite easy to modify it.
After you did make a working kernel, you can do from the commandline in the kernel root:
Make [crosscompile options] menuconfig.
Now you can change all kernel options, using a menu.
You have to install ncurses-dev, before you can do a make menuconfig
Once you are ready using the menuconfig, a new config file is created, with the name ,config ([dot]config). Beware that this is a hidden file in linux!. You can rename it and move it to your config dir.
Of course, most of the options are hardware related, and you do not want to change them, but the options you want to change, you can find all in the menu, together with a brief explanation of their usage,
(Excuses for my bad english, it is not my primary language)
de-wolff said:
Once you are able to make a working kerrnel, it is quite easy to modify it.
After you did make a working kernel, you can do from the commandline in the kernel root:
Make [crosscompile options] menuconfig.
Now you can change all kernel options, using a menu.
You have to install ncurses-dev, before you can do a make menuconfig
Once you are ready using the menuconfig, a new config file is created, with the name ,config ([dot]config). Beware that this is a hidden file in linux!. You can rename it and move it to your config dir.
Of course, most of the options are hardware related, and you do not want to change them, but the options you want to change, you can find all in the menu, together with a brief explanation of their usage,
(Excuses for my bad english, it is not my primary language)
Click to expand...
Click to collapse
Thanks, this will be useful after i apply some upstream changes. I know about menuconfig but i haven't got the tine to check it out. Right now i'm trying to overclock this kernel and i keep getting compile errors (took some code from l5). Will come back with info. If you can help me these days PM me with a gtalk ID.
tudorsirb said:
i fixed that error, the kernel build and boots from stock sources. Now i'm trying to figure out what to do with the modules as wireless doesn't work, how to apply patches and how to overclock because i can't find freqs in acpuclock. Any sugestions?
Click to expand...
Click to collapse
Yes I have a problem with wifi too, even I used new compiled modules. Did you fix it?
Sent from my LG-P705 using Tapatalk 2
moon61 said:
Yes I have a problem with wifi too, even I used new compiled modules. Did you fix it?
Sent from my LG-P705 using Tapatalk 2
Click to expand...
Click to collapse
I didn't fix it. I will look into it later (i'm at work ATM).
Logcat is:
Code:
need to unregister
04-22 11:28:19.010 E/WifiStateMachine( 449): Couldn't get getWiFiOffloadingIfaceIface :
04-22 11:28:19.010 E/WifiStateMachine( 449): useWiFiOffloading() : false
04-22 11:28:19.010 E/WifiStateMachine( 449): CONFIG_LGE_WLAN_PATH : true
04-22 11:28:19.010 D/WifiStateMachine( 449): setWifiState: enabling
04-22 11:28:19.010 I/WifiServiceExt( 449): WIFI_STATE_CHANGED_ACTION [2]
04-22 11:28:19.020 D/QuickSettingsReceiverStation( 514): Received: android.net.wifi.WIFI_STATE_CHANGED
04-22 11:28:19.030 E/WifiHW ( 449): nv_cmd_remote status 0
04-22 11:28:19.030 E/WifiHW ( 449): nv_cmd_remote status 0
04-22 11:28:19.030 E/WifiHW ( 449): Modem MAC address: a8 16 b2 93 c8 f6
04-22 11:28:19.030 E/WifiHW ( 449): Set wifi mac address a8 16 b2 93 c8 f6
04-22 11:28:19.030 E/WifiUtil( 449): U0 : CONFIG_LGE_WLAN_U0_JB_PATCH
04-22 11:28:19.030 I/ONCRPC ( 449): Setup RPC Call for task 4049f920
04-22 11:28:19.030 I/ONCRPC ( 449): oncrpc_xdr_call_msg_start: Prog: 3000000e, Ver: 00090001, Proc: 00000009
04-22 11:28:19.030 I/ONCRPC ( 449): xdr_std_msg_send_call: Sent Xid: a68, Prog: 3000000e, Ver: 00090001, Proc: 00000009
04-22 11:28:19.030 I/ONCRPC ( 449): xdr_std_msg_send_call: Received Reply Xid: a68, Prog: 3000000e, Ver: 00090001, Proc: 00000009
04-22 11:28:19.090 E/WifiStateMachine( 449): Failed to load driver!
04-22 11:28:19.090 E/WifiStateMachine( 449): Couldn't get getWiFiOffloadingIfaceIface :
04-22 11:28:19.090 E/WifiStateMachine( 449): useWiFiOffloading() : false
04-22 11:28:19.090 E/WifiStateMachine( 449): CONFIG_LGE_WLAN_PATH : true
04-22 11:28:19.090 D/WifiStateMachine( 449): setWifiState: unknown state
04-22 11:28:19.090 I/WifiServiceExt( 449): WIFI_STATE_CHANGED_ACTION [4]
04-22 11:28:19.090 E/WifiServiceExt( 449): WifiManager.WIFI_STATE_UNKNOWN
04-22 11:28:19.090 D/QuickSettingsReceiverStation( 514): Received: android.net.wifi.WIFI_STATE_CHANGED
Any news about how to fix wifi problem?
Sent from my LG-P705 using Tapatalk 2
any news??
Ok, i think i had find where the problem is. I change the cfg80211 value in the config file to "m". And know wifi work fine.
This is the kernel link
http://db.tt/lfJeyFeY
The kernel also o/c able too
Thanx to @tudorsirb :thumbup: and sorry for my bad english.
Sent from my LG-P705 using Tapatalk 2
moon61 said:
Ok, i think i had find where the problem is. I change the cfg80211 value in the config file to "m". And know wifi work fine.
This is the kernel link
http://db.tt/lfJeyFeY
The kernel also o/c able too
Thanx to @tudorsirb :thumbup: and sorry for my bad english.
Sent from my LG-P705 using Tapatalk 2
Click to expand...
Click to collapse
Did you use pll2 or pll4 for oc? If you use pll4 there's no difference in performance when using the phone becuase our phone does not OC that way.
Your OC code hould look like this:
Code:
{ 1, 1200000, [B]ACPU_PLL_2, 2, 0, [/B]150000, 3, 7, 200000 },
I learned it the hard way . Check out github for more references.

Possibly new exploit to root devices with recent firmware versions

Hi,
I stumbled upon this a few days back:
http://bloggingthemonkey.blogspot.de/2014/06/fire-in-root-hole.html
This describes a CVE that Rob Clark discovered earlier this year. He did not create a root method using this as Towelroot was still working back then. He published some proof of concept code though:
https://github.com/robclark/kilroy
Now, Qualcomm created patches to fix this and published them here:
https://www.codeaurora.org/projects...can-change-the-iommu-page-table-cve-2014-0972
It also has been fixed in the official Android source:
https://android.googlesource.com/kernel/msm/+/android-4.4w_r8/drivers/gpu/msm/adreno.c (see Log)
I downloaded the latest source that Amazon provided for the FireTV:
https://kindle-src.s3.amazonaws.com/firetv_src_51.1.3.0_user_513011820.tar.bz2
The Linux kernel sources in there all have a timestamp from June 2014, I assume this is when they created this source bundle.
However, as example adreno.c has still a Copyright notice from only 2013. It looks like Amazon is working with older source code here. I also searched for the added lines of the patch and can not find them in there.
Please note that the latest FireTV firmwares source is not yet published, so there is a possibility that this is fixed in the latest versions. I'm hopeful however, that it might very well not be fixed, as they seem to use some old kernel branch even in mid of 2014.
My FireTV did not arrive yet unfortunately, but I hope this can help to root mine and many others!
Could someone please compile the proof-of-concept code and check it out on a FireTV running a recent version?
Ask geohot maybe he can
Wish I could be more helpfull but I tried to compile it and somehow it doesn't work out.
I've built it, pushed it over to /data/local/tmp, chmod 755 but all I get is "not executable: magic 7F45". There seems to be something wrong with my toolchain. Maybe it's because I'm using Windows... Tried to use the NDK and followed the last post over there: http://stackoverflow.com/questions/6745064/how-to-run-arm-binary-on-android-platform
At least there is something I can provide to you, the CONFIG_KGSL_PER_PROCESS_PAGE_TABLE parameter is set to y in the kernel config for version 51.1.3.0_user_513011820.
And I attached the files that are needed to compile kilroy for version 51.1.3.0_user_513011820. Note I have modified the msm_ion.h from #include <ion.h> to #include "ion.h" so it finds the file in the same directory.
Hopefully someone with a bit more knowledge (and the right operating system ) could check this out!
g4rb4g3 said:
Wish I could be more helpfull but I tried to compile it and somehow it doesn't work out.
I've built it, pushed it over to /data/local/tmp, chmod 755 but all I get is "not executable: magic 7F45". There seems to be something wrong with my toolchain. Maybe it's because I'm using Windows... Tried to use the NDK and followed the last post over there: http://stackoverflow.com/questions/6745064/how-to-run-arm-binary-on-android-platform
At least there is something I can provide to you, the CONFIG_KGSL_PER_PROCESS_PAGE_TABLE parameter is set to y in the kernel config for version 51.1.3.0_user_513011820.
And I attached the files that are needed to compile kilroy for version 51.1.3.0_user_513011820. Note I have modified the msm_ion.h from #include <ion.h> to #include "ion.h" so it finds the file in the same directory.
Hopefully someone with a bit more knowledge (and the right operating system ) could check this out!
Click to expand...
Click to collapse
Cool, thanks.
Are you running v5.1.1.3.0 on your FireTV? If yours is newer I could imagine that you need to compile the binary statically. This way it should no longer depend on the library versions currently installed.
freezer2k said:
Cool, thanks.
Are you running v5.1.1.3.0 on your FireTV? If yours is newer I could imagine that you need to compile the binary statically. This way it should no longer depend on the library versions currently installed.
Click to expand...
Click to collapse
Yes my FTV is running on this version. I compiled it static already but it doesn't work...
Finaly I was able to compile it, I used the Terminal IDE and compiled it on the FTV.
But I don't know if it works the right way... when I execute it suddenly every connection breaks down and the FTV restarts after a few seconds. I don't know how to proof that it worked out the way we want it to...
I had to make the following changes to the source files to compile it:
kilroy.h:
change line 24 from
Code:
#include <sys/unistd.h>
to
Code:
#include <unistd.h>
add
Code:
#define NEW_ION
kilroy.c
change line 350 from
Code:
CHK((ion_fd = open("/dev/ion", O_RDONLY|O_DSYNC, 0)) < 0);
to
Code:
CHK((ion_fd = open("/dev/ion", O_RDONLY|O_SYNC, 0)) < 0);
commands used to compile it (start Terminal IDE app and launch telnetd to connect from your pc):
Code:
terminal-gcc -c ./ion.c -o ./ion.o
terminal-gcc -c ./kgsl.c -o ./kgsl.o
terminal-gcc -c ./kilroy.c -o ./kilroy.o
terminal-gcc -o ./kilroy ./ion.o ./kgsl.o ./kilroy.o
I have attachted the compiled file, extract it push it to /data/local/tmp, chmod 755 it and start it.
Maybe someone can find out if this is helpfull for us or not.
g4rb4g3 said:
Finaly I was able to compile it, I used the Terminal IDE and compiled it on the FTV.
But I don't know if it works the right way... when I execute it suddenly every connection breaks down and the FTV restarts after a few seconds. I don't know how to proof that it worked out the way we want it to...
Click to expand...
Click to collapse
Did you had adb debug output running during execution? Anything you can see there?
I couldn't resist and just picked up a FireTV @ MediaMarkt in Berlin.
Successfully blocked any updates during the inital setup and my version is now 51.1.3.0_user_513010720 -- so looks like it's even older than 51.1.3.0_user_513011820.
Okay,
just tried running the kilroy binary you provided.
Exactly the same thing happens, the FireTV reboots immediatly.
I had adb logcat running in a second window, but no output there.
On a 2nd try I had another shell open writing dmesg to /data/local/tmp/dmesg in a loop every 200ms, but it did not capture anything.
In another local shell window, i ran ping -i 0.1 <FireTV> to ping it every 100ms, the FireTV stopped responding immediatly after ./kilroy was started.
Not sure what it is doing, but it seems to manage to crash the box hard Not sure what this means exactly, should a faulty binary cause a reboot like this? Maybe it did manage to corrupt the memory in some way, causing a system crash?
Will try to compile this on my own, though I'm not an expert on Android. Maybe someone else could give this a shot!
I've written a comment on Robs blog, maybe he can held us.
http://bloggingthemonkey.blogspot.c...omment=1414359782492&m=1#c4713581984059861436
freezer2k said:
I couldn't resist and just picked up a FireTV @ MediaMarkt in Berlin.
Successfully blocked any updates during the inital setup and my version is now 51.1.3.0_user_513010720 -- so looks like it's even older than 51.1.3.0_user_513011820.
Click to expand...
Click to collapse
Try rooting it with one of the apps on that FW just for kicks... Since is not on the list of FW's. You never know..
Y314K said:
Try rooting it with one of the apps on that FW just for kicks... Since is not on the list of FW's. You never know..
Click to expand...
Click to collapse
I just installed Towelroot v3 and it just says 'This phone isn't currently supported' when i click on the 'make it ra1n' button.
freezer2k said:
I just installed Towelroot v3 and it just says 'This phone isn't currently supported' when i click on the 'make it ra1n' button.
Click to expand...
Click to collapse
Ahh.. Was worth a shot. Guess any 51.1.3.0 FW is out of reach. Thanks for trying.
Y314K said:
Ahh.. Was worth a shot. Guess any 51.1.3.0 FW is out of reach. Thanks for trying.
Click to expand...
Click to collapse
I tried to use the default modstring, this is the ADB output:
I/towelroot( 7479): ************************
I/towelroot( 7479): native towelroot running with pid 7479 params 1337 0 1 0 4 0
I/towelroot( 7479): CPU affinity was 1
I/towelroot( 7479): set CPU affinity 0
I/towelroot( 7479): parsing modstring
I/towelroot( 7479): modstring is valid 0 1 0 4 0
I/towelroot( 7479): i have a client like hookers
But it seems to hang after that, root button stays greyed out and after clicking a bit the app just closes.
SuperSU 2.4.0 won't open at all and 1.9.4 says it can't install the su binary.
freezer2k said:
Okay,
just tried running the kilroy binary you provided.
Exactly the same thing happens, the FireTV reboots immediatly.
I had adb logcat running in a second window, but no output there.
On a 2nd try I had another shell open writing dmesg to /data/local/tmp/dmesg in a loop every 200ms, but it did not capture anything.
In another local shell window, i ran ping -i 0.1 <FireTV> to ping it every 100ms, the FireTV stopped responding immediatly after ./kilroy was started.
Not sure what it is doing, but it seems to manage to crash the box hard Not sure what this means exactly, should a faulty binary cause a reboot like this? Maybe it did manage to corrupt the memory in some way, causing a system crash?
Will try to compile this on my own, though I'm not an expert on Android. Maybe someone else could give this a shot!
Click to expand...
Click to collapse
What do you want to see in the logcat? The program accesses memory and writes a string into it.
As it crashes and reboots the device, i assume that it did not got there and crashed the gpu/cpu before that and so there is no system log as the cpu resets and not the system. Even if it worked, you wont have seen anything in the logcat - that would be the point where somebody would need to inject proper shellcode into the exploit to use it.
sammy98 said:
What do you want to see in the logcat? The program accesses memory and writes a string into it.
As it crashes and reboots the device, i assume that it did not got there and crashed the gpu/cpu before that and so there is no system log as the cpu resets and not the system. Even if it worked, you wont have seen anything in the logcat - that would be the point where somebody would need to inject proper shellcode into the exploit to use it.
Click to expand...
Click to collapse
Thats what we want to see, so we can be sure that it worked out the way we want it to.
Code:
Before:
[ 11.974607] ###### victim=c11ac000 (813ac000): ""
After:
[ 33.401709] ###### victim=c11ac000 (813ac000): "Kilroy was here"
g4rb4g3 said:
Thats what we want to see, so we can be sure that it worked out the way we want it to.
Code:
Before:
[ 11.974607] ###### victim=c11ac000 (813ac000): ""
After:
[ 33.401709] ###### victim=c11ac000 (813ac000): "Kilroy was here"
Click to expand...
Click to collapse
Yeah but it crashed before that and resets the cpu. So no cookies here
sammy98 said:
Yeah but it crashed before that and resets the cpu. So no cookies here
Click to expand...
Click to collapse
since no exploit was ever really made from his findings, its very possible that it could still be used. its not known if the fix was patched by amazon.
I catched this yesterday doing a 'while true; do dmesg; done' via ADB and then running ./kilroy:
<6>[ 699.556243] binder: release 5006:5006 transaction 124685 out, still active
<6>[ 699.559326] binder: 639:951 transaction failed 29189, size 4-0
<6>[ 699.559326] binder: send failed reply for transaction 124685, target dead
Also, while streaming a video, kilroy does not kill the box, and this shows up in dmesg:
<3>[ 144.678894] ion_mmap: failure mapping buffer to userspace
Only seems to happen when streaming video, box does crash immediately while the screensaver is running, a game is running etc.
I had a chat with Rob, summing up:
<robclark> ... but basically what you want to do is figure out some kernel fxn to overwrite w/ your own code to give you root.. or maybe some data structure to overwrite... find it's virtual address.. find the offset between some lowmem virtual address and phys address so you can convert the virtual address you want to smash to a phys address to smash..
<robclark> I guess the interrupt vector table is always at a well defined virtual address.. that might be something to attack.. although that might be more tricky because your shell code would have to somehow restore it again at the end..
We tried to check out the physical addresses from /proc/kallsyms ; but as non-root all addresses are 0x0, could someone with a similar kernel and root do this and paste it here? Dmesg prints the virtual memory layout, so we have that.
At least on my non-rooted box there is no /proc/last_kmsg, so a dmesg from the previous boot that could contain the dmesg of the crash. Anyone knows how to enable this or something similar?
Hopefully Rob will have some time to help us with this
I will proceed now and set up my own Android build environment.
Okay, I set up the latest Android NDK on Ubuntu 14.04 and made the changes suggested by you, g4rb4g3!
Interestingly enough, the resulting bytesize is different from yours, i used the howto from here:
http://stackoverflow.com/questions/6745064/how-to-run-arm-binary-on-android-platform
And then:
$CC -c ./ion.c -o ./ion.o
$CC -c ./kgsl.c -o kgsl.o
$CC -c ./kilroy.c -o kilroy.o
$CC -o ./kilroy ./ion.o ./kgsl.o kilroy.o
Some interesting output:
<2>[51518.474853] kgsl kgsl-3d0: |a3xx_err_callback| CP | Protected mode error| WRITE | addr=1ec
<3>[51518.628448] kgsl kgsl-3d0: |adreno_ft_detect| Proc kilroy2, ctxt_id 4 ts 1 triggered fault tolerance on global ts 1225504
<3>[51518.628601] kgsl kgsl-3d0: RBBM STATUS 80004001 | IB1:10009000/00000000 | IB2: C000B000/00000033 | RPTR: 1D20 | WPTR: 1EB6
<3>[51518.629791] kgsl kgsl-3d0: |push_object| snapshot: Can't find GPU address for 10009000
<3>[51518.629882] kgsl kgsl-3d0: |kgsl_snapshot_get_object| Unable to find GPU buffer C000B500
<3>[51518.639801] kgsl kgsl-3d0: |kgsl_device_snapshot| snapshot created at pa adf00000 size 136036
<3>[51518.639984] kgsl kgsl-3d0: |kgsl_iommu_clk_disable_event| IOMMU disable clock event being cancelled, iommu_last_cmd_ts: 12b322, retired ts: 12b31f
<2>[51518.646911] kgsl kgsl-3d0: |a3xx_err_callback| CP | Protected mode error| WRITE | addr=1ec
<3>[51518.807830] kgsl kgsl-3d0: |adreno_ft_detect| Proc kilroy2, ctxt_id 4 ts 1 triggered fault tolerance on global ts 1225504
<3>[51518.807983] kgsl kgsl-3d0: |adreno_idle| spun too long waiting for RB to idle
<3>[51518.807983] kgsl kgsl-3d0: |_adreno_ft| Replay unsuccessful
<3>[51518.828369] kgsl kgsl-3d0: |adreno_ft| policy 0x6 status 0x0
<3>[51550.911590] init: untracked pid 29017 exited
[email protected]:/data/local/tmp $ ./kilroy2
main:362: ttbr0=a000006a
add_large_mapping:232: pa=a0000000, va=10000000, len=1000000, cached=0
add_large_mapping:232: pa=81000000, va=81000000, len=1000000, cached=1
add_small_mapping:271: pa=07c00000, va=c000c000, len=1000, cached=0
add_small_mapping:271: pa=07d00000, va=c010c000, len=1000, cached=0
add_small_mapping:271: pa=a0008000, va=c000b000, len=1000, cached=0
main:403: cs[0]: 10008000/c000b000 (115 dwords) (limit: c000b1cc)
main:444: buf: 0x40515000 / 10000000
main:448: ibaddrs[0]: 0x4051e000 / 10009000 (152 dwords)
00000000: c0733d00 c000b000 000001ec 00000020 c0002600 00000000 c0001300 00000000
00000020: c0013d00 c000b500 000000a0 c0002600 00000000 c0043c00 00000013 c000b500
00000040: 000000a0 ffffffff ffffffff c0023d00 c000c010 a000006a a000006a c0013d00
00000060: c000b500 000000a7 c0002600 00000000 c0043c00 00000013 c000b500 000000a7
00000080: ffffffff ffffffff c0023d00 c010c010 a000006a a000006a c0013d00 c000b500
000000A0: 000000ae c0002600 00000000 c0043c00 00000013 c000b500 000000ae ffffffff
000000C0: ffffffff c0013d00 c000c000 00000003 c0002600 00000000 c0043c00 00000013
000000E0: c000c000 00000003 ffffffff ffffffff c0013d00 c010c000 00000003 c0002600
00000100: 00000000 c0043c00 00000013 c010c000 00000003 ffffffff ffffffff c0013d00
00000120: c000c800 00000001 c0002600 00000000 c0013d00 c010c800 00000001 c0002600
00000140: 00000000 c0013d00 c000b500 000000b9 c0002600 00000000 c0043c00 00000013
00000160: c000b500 000000b9 ffffffff ffffffff c0002600 00000000 c0001300 00000000
00000180: 000001ec 00000000 c0002600 00000000 c0001300 00000000 c0013d00 c000b500
000001A0: 000000cb c0002600 00000000 c0043c00 00000013 c000b500 000000cb ffffffff
000001C0: ffffffff c0002600 00000000 c0001300 00000000 c0002600 00000000 c0013700
000001E0: c000b000 00000073 c0002600 00000000 c0013700 c000b000 00000073 c0002600
00000200: 00000000 c0002600 00000000 c0004600 00000006 c0043d00 813ac000 726c694b
00000220: 7720796f 68207361 00657265 c0002600 00000000 c0013d00 c000b500 cafebabe
00000240: c0002600 00000000 c0043c00 00000013 c000b500 deadbeef ffffffff ffffffff
[email protected]:/data/local/tmp $
It does not crash my box anymore. Not sure if this was compiled correctly, as i only took the 3 header files from the Amazon package and the rest is from the NDK.
@g4rb4g3
Could you try to run this binary on your box as well, as I'm running a different kernel/firmware, that does not match exactly https://kindle-src.s3.amazonaws.com/firetv_src_51.1.3.0_user_513011820.tar.bz2.
Wonder if that could also be related to changing DSYNC to SYNC in kilroy.c?

[Q] Phone randomly vibrates

Hi!
I have a problem with my phone that it randomly vibrates with no notification what so ever, even after doing a full wipe and flashing new ROM.
Lets start with some info:
GT-i9505
Danvdh Google Play ROM 4.4.4 (Pure nexus version)
GoogyMax3_GE 1.1.6 Kernel
I have Xposed Framwork installed
I have "Show all app that don't respond" in Developer options, still no errors have popped up.
No app which i've seen send vibration without notification when an update occurs.
I've tried to trace the source with logcat but havent really gotten any far.
Using the app aLogcat ROOT i often get the message:
Code:
E/AndroidRuntime(xxxxx): cannot open customer xml file
E/memtrack(same numbers): couldn't load memtrack module (no such file or directory)
E/Android.os.Debug(same numbers): failed to load memtrack module: -2
If i have the logging up and running in the app and then press Home button (Which takes me to Apex Launcher) i often get 2 quick vibrations
If i then start aLogcat ROOT again, i sometimes get another vibration followed by either
Code:
I/DEBUG (26414): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys
or
Code:
E/LightSensor ( 1010): Light old sensor_state 1, new sensor_state : 1 en : 0
However, it seems most often related to I/DEBUG (26414): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys
It's kinda getting frustrating and nothing i've Googled have seem to have provided the answer, most answers are something in line of Facebook messenger, repeat notification functions (For example vibration every 5 mins for sms, etc).
It happened more often before i wiped phone, which i then had Danvdh GPE rom, but 4.4.2 version instead, and ktoonez kernel. Apps were mostly same.
Following caused 2 vibrations 2 times:
Code:
I/DEBUG (26830): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys'
I/DEBUG (26830): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys'
E/LocSvc_eng( 1010): D/void loc_eng_deferred_action_thread(void*):1627] received msg_id = LOC_ENG_MSG_INJECT_LOCATION context = 0x8012add0
E/LocSvc_adapter( 1010): I/<--- void globalRespCb(locClientHandleType, uint32_t, locClientRespIndUnionType, void*) line 115 QMI_LOC_INJECT_POSITION_REQ_V02
E/LocSvc_api_v02( 1010): D/loc_free_slot:298]: freeing slot 0
E/Watchdog( 1010): [email protected] 194
E/AndroidRuntime(27295): cannot open customer xml file
E/memtrack(27295): Couldn't load memtrack module (No such file or directory)
E/android.os.Debug(27295): failed to load memtrack module: -2
I/DEBUG (26830): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys'
I/DEBUG (26830): Build fingerprint: 'samsung/jgedlteue/jgedlte:4.4.4/KTU84P.S001/140602:user/release-keys'
E/AndroidRuntime(27396): cannot open customer xml file
E/memtrack(27396): Couldn't load memtrack module (No such file or directory)
E/android.os.Debug(27396): failed to load memtrack module: -2
Does anyone have ANY clue on how to fix this, or what might be causing it.
Anyone have any similar findings?
Thanks in advance
I have same problem!
If I remove Xposed Framework the random vibrations no longer appear, but it is very useful for me!
I opened a thread in Xposed Framework General -> here
Hi, ive got the same problem, random vibration 1 to 3 time, im running on the same
Rom with xposed installed. Anyone know any fix for that? Thank you

[Q] NFC problems in CM12-based mods with klte/g900f

Hi,
the mod threads for the various cm12 builds claim that NFC is working, and there are also several user replies with reports that it works fine. Yet it doesn't work correctly for me, and at least some others: The device reports that NFC is working, I can activate and deactivate it, but accessing cards only works partially or not at all. The funny thing is that after flashing cm12, restoring an old cm11 nandroid backup does not restore NFC functionality. It doesn't matter if I do a clean install/full wipe. With Lollipop TW roms (I've tried XtreStoLite), NFC works fine.
I'll try to keep this top post up to date. Last update: 2015/03/15
We've found the issue that caused the major part of the problems. A configuration file must be adapted to the latest firmware. (update.zip version) This fix has been accepted upstream and is included in nightlies starting from 20150316.
There are cards/tags that still don't work, but do with stock, though. I've tested:
German eID (works)
Mifare Ultralight (works)
Beam (works)
EMV (works)
Mifare Classic (e.g. German "Mensacard", membership card from gym / McFit, ..) does not work. See below for debug output of libncf-nci.
Hi there,
I have exactly the same problem. NFC doesn't work for me neither. My device is a G900F from Germany, bought via Amazon using Euphoria OS which is based on CM12.
Ah, and just to get that straight, european G900F is klte without any other letters, right?
This post is obsolete: The problem is very likely not kernel-driver related.
I investigated a bit if the Kernel could be the problem. For this, I took the amplitude_rw kernel (based on Samsung's, but available from github) and Ktoonsez's version of the CM12 kernel . Both use the same version of the pn547 driver. The nfc-nci driver differs, but it doesn't make any difference if I copy the files over from the Samsung-based version and recompile. (The driver is disabled in the CM kernel by default anyway, I tried to enable it, of course. If I additionaly copy the related .so files from the Samsung rom that doesn't change anything either.) Continuing to investigate the differences, I noticed that the other difference is that the CM kernel has a hack that prevents the bcm2079x from being loaded on non-900P/I variants. I removed that line and noticed that the probe function of the driver did not complain that the device was missing, though from the looks of the code it would if it wasn't there. With that in mind, I tried to copy the bcm2079x firmware, configuration and .so files from a CM12 sprint build, but that didn't resolve the problem either.
More info: I've also compiled Ktoonsez's kernel with NFC_DEBUG set, and enabled the dynamic debug output for the driver. Doesn't look helpful to me, but for the sake of completeness:
Code:
<7>[ 967.651230] pn547_dev_open : 10,60
<6>[ 967.662071] pn547_dev_ioctl power on, irq=1
<6>[ 967.762268] pn547_dev_ioctl power off, irq=0
<6>[ 967.884563] pn547_dev_ioctl power on, irq=1
<6>[ 967.887970] pn547 : + w
<7>[ 967.888021] pn547_dev_write : writing 4 bytes.
<6>[ 967.889048] pn547 : - w
<7>[ 967.889159] pn547_dev_read : reading 3 bytes. irq=0
<6>[ 967.889218] pn547 : + r
<6>[ 967.889264] pn547: wait_event_interruptible : in
<6>[ 967.918905] pn547 : call
<6>[ 967.919127] pn547 : h
<6>[ 967.919655] pn547: i2c_master_recv
<7>[ 967.919741] pn547_dev_read : reading 3 bytes. irq=1
<6>[ 967.919793] pn547 : + r
<6>[ 967.920168] pn547: i2c_master_recv
<6>[ 967.921893] pn547 : + w
<7>[ 967.921938] pn547_dev_write : writing 3 bytes.
<6>[ 967.922314] pn547 : - w
<6>[ 967.922474] pn547 : call
<7>[ 967.922664] pn547_dev_read : reading 3 bytes. irq=1
<6>[ 967.922709] pn547 : + r
<6>[ 967.923138] pn547: i2c_master_recv
.. etc ..
<6>[ 998.860380] pn547: i2c_master_recv
<6>[ 998.873274] pn547_dev_ioctl power off, irq=0
During the log, I've had an NFC test application open and an NFC tag close to the device.
Last, I tried to check what's the problem with copying Samsung's files. If I use their NfcNci.adb, logcat throws
Code:
E/AndroidRuntime( 2655): FATAL EXCEPTION: main
E/AndroidRuntime( 2655): Process: com.android.nfc, PID: 2655
E/AndroidRuntime( 2655): java.lang.NoSuchMethodError: No static method isProductShip()I in class Landroid/os/Debug; or its super classes (declaration of 'android.os.Debug' appears in /system/framework/framework.jar)
E/AndroidRuntime( 2655): at com.android.nfc.NfcService.<clinit>(NfcService.java:164)
E/AndroidRuntime( 2655): at com.android.nfc.NfcApplication.onCreate(NfcApplication.java:61)
E/AndroidRuntime( 2655): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1011)
E/AndroidRuntime( 2655): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4553)
E/AndroidRuntime( 2655): at android.app.ActivityThread.access$1600(ActivityThread.java:147)
E/AndroidRuntime( 2655): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1357)
E/AndroidRuntime( 2655): at android.os.Handler.dispatchMessage(Handler.java:102)
E/AndroidRuntime( 2655): at android.os.Looper.loop(Looper.java:135)
E/AndroidRuntime( 2655): at android.app.ActivityThread.main(ActivityThread.java:5256)
E/AndroidRuntime( 2655): at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime( 2655): at java.lang.reflect.Method.invoke(Method.java:372)
E/AndroidRuntime( 2655): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:898)
E/AndroidRuntime( 2655): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:693)
After doing some more digging, I discovered that running
Code:
setprop nfc.nxp_log_level_global 3
as root enables tons of debug messages.
Maybe it's the firmware
Obsolete: This is unlikely. Its only Mifare cards that don't work, and the protocols are, as far as I can see, implemented in the userland library.
I noticed that after enabling NFC, one of the logcat outputs is
Code:
D/NxpHal ( 1081): FW version for FW file = 0x118
D/NxpHal ( 1081): FW version from device = 0x8011f
D/NxpHal ( 1081): FW image older than device's, skip update
Maybe this helps. (Could anyone with working NFC check which FW their device has? Should work the same way: Run setprop.. as root, enable NFC, search logcat output for the FW info, then reset the log level to 0.)
Mifare cards
I further noticed that holding a Mifare card near the antenna does trigger a reaction:
Code:
D/NxpTml ( 2317): PN547 - I2C Read successful.....
D/NxpNciR ( 2317): len = 23 > 61051401808000FF010904000454566739010800000000
D/NxpTml ( 2317): PN547 - Posting read message.....
D/NxpHal ( 2317): read successful status = 0x0
D/NxpHal ( 2317): NxpNci: RF Interface = MIFARE
D/NxpHal ( 2317): NxpNci: Protocol = MIFARE
D/NxpHal ( 2317): NxpNci: Mode = A Passive Poll
D/NxpExtns( 2317): const CNfcParam* CNfcConfig::find(const char*) const found MIFARE_READER_ENABLE=(0x1)
D/NxpTml ( 2317): PN547 - Write requested.....
D/NxpTml ( 2317): PN547 - Invoking I2C Write.....
D/NxpTml ( 2317): PN547 - Read requested.....
D/NxpTml ( 2317): PN547 - Invoking I2C Read.....
D/NxpNciX ( 2317): len = 7 > 20020401800100
D/NxpTml ( 2317): PN547 - I2C Write successful.....
D/NxpTml ( 2317): PN547 - Posting Fresh Write message.....
D/NxpTml ( 2317): PN547 - Tml Writer Thread Running................
D/NxpHal ( 2317): write successful status = 0x0
D/NxpTml ( 2317): PN547 - I2C Read successful.....
D/NxpNciR ( 2317): len = 4 > 40020106
D/NxpTml ( 2317): PN547 - Posting read message.....
D/NxpHal ( 2317): read successful status = 0x0
D/NxpHal ( 2317): > Deinit workaround for LLCP set_config 0x0 0x0 0xa
D/NxpHal ( 2317): phNxpNciHal_print_res_status: response status =STATUS_OK
D/NxpTml ( 2317): PN547 - Read requested.....
D/NxpTml ( 2317): PN547 - Invoking I2C Read.....
But nothing ever shows up in an NFC test app and I have to deactivate and reactivate NFC at this point to scan any of the working smartcards. So likely something in the mifare reader code does not work.
No NFC for me either
Running yesterday's nightly 20150310 on klte, no NFC either.
Any news? I have a SM-G900F and am unable to read NFC tags since updating to CM12 (now using 20150313).
My NFC was gone too after I updated to the latest nightly yesterday. It appears that copying the firmware file and configuration from XtreStoLite fixed that, and that I'm back to the situation I described in the top post again now. I'll attach both files (in one archive). They should be placed in the according directories in the /system partition, i.e.
etc/libnfc-nxp.conf -> /system/etc/libnfc-nxp.conf
system/vendor/firmware/libpn547_fw.so -> system/vendor/firmware/libpn547_fw.so
Could you test if copying them & rebooting (partially) restores NFC for you, too? (This should be possible with a file manager like X-Plore) If you don't want to use my archive, download XtreStoLite and extract the same files from their zip. Flashing CM should restore the original files in any case.
FirebirdDE said:
My NFC was gone too after I updated to the latest nightly yesterday. It appears that copying the firmware file and configuration from XtreStoLite fixed that, and that I'm back to the situation I described in the top post again now. I'll attach both files (in one archive). They should be placed in the according directories in the /system partition, i.e.
etc/libnfc-nxp.conf -> /system/etc/libnfc-nxp.conf
system/vendor/firmware/libpn547_fw.so -> system/vendor/firmware/libpn547_fw.so
Could you test if copying them & rebooting (partially) restores NFC for you, too? (This should be possible with a file manager like X-Plore) If you don't want to use my archive, download XtreStoLite and extract the same files from their zip. Flashing CM should restore the original files in any case.
Click to expand...
Click to collapse
Hey, that actually worked! I tried with an NFC reader app, and my nfc tag popped up right away.
So now we're missing only flashable zip
I will try this one and if it will work, I will try my scripting luck
And here it is, enjoy
I believe that it might suffice to update the configuration file. According to the logs, at least on my phone, the firmware file isn't used anyway.
FirebirdDE said:
My NFC was gone too after I updated to the latest nightly yesterday. It appears that copying the firmware file and configuration from XtreStoLite fixed that, and that I'm back to the situation I described in the top post again now. I'll attach both files (in one archive). They should be placed in the according directories in the /system partition, i.e.
etc/libnfc-nxp.conf -> /system/etc/libnfc-nxp.conf
system/vendor/firmware/libpn547_fw.so -> system/vendor/firmware/libpn547_fw.so
Could you test if copying them & rebooting (partially) restores NFC for you, too? (This should be possible with a file manager like X-Plore) If you don't want to use my archive, download XtreStoLite and extract the same files from their zip. Flashing CM should restore the original files in any case.
Click to expand...
Click to collapse
WOHOOOO! Thank you very much. My klte's NFC stopped working after flashing some alpha CM12. Some days ago I flashed cm-12-20150310-NIGHTLY-klte and the NFC problem remained. Now I replaced /etc/libnfc-nxp.conf with the config file you attached and NFC is working again.
Great! I've submitted this upstream, hopefully they'll accept this. It would be good to get feedback from someone who didn't experience any NFC issues in the first place, though, to make sure that this does not break NFC for anyone.
How awesome. NFC is really stable too and I think we have found the fix. I belive that many galaxy s5 CM12 users will be happy
Seems like the fix will be in the next nightly, too.
Still some Problems
Hello,
first at all thanks for your research!
I installed your fix for the NFC (tried both zip and "self" copy) but NFC is not working correct:
* sometimes when enable/disable NFC i get a sound (not allways)
* When i scan a tag (the first time after enabling nfc) i get a sound for scanning, but NFC TagInfo and Tagstand Writer did not recognize the tag.
* Sometimes NFC TagInfo by NXP is working but one one time... (hard to explain, often the scanning works when i open the settings?)
* The Scanning works only once till i deaktivate/active NFC
I used the the fix with cyanogenmod nightly 14-03-2015 and now with the Unofficial build [ROM] CyanogenMod 12.0 | Android 5.0 Lollipop | [03/13/2015]
Also installed the latest Xposed framwork and SELinux "Permissive" ...
Any ideas?
Thanks in advance
Which variant do you have? (I, and afaik all others that reported here, have a g900f)
What kind of NFC tag do you try to scan? (As I've already written in the top post, Mifare Classic does not work.)
The relevant logcat (see a few posts up, I've posted a setprop-command that enables debug output) would also be interesting.
Btw., the only sound I get is for the recognition of a NFC chip and its removal. Enabling/disabling makes no sound whatsoever.
FirebirdDE said:
Which variant do you have? (I, and afaik all others that reported here, have a g900f)
What kind of NFC tag do you try to scan? (As I've already written in the top post, Mifare Classic does not work.)
The relevant logcat (see a few posts up, I've posted a setprop-command that enables debug output) would also be interesting.
Btw., the only sound I get is for the recognition of a NFC chip and its removal. Enabling/disabling makes no sound whatsoever.
Click to expand...
Click to collapse
What i forgot i have G900F
Sometimes i really got sound for enable/disable!?!
Hard to tell you what type of NFC tag i use, bacuse i cannot read them at all.
I tried
* a writable tag from androidbands.com
* a company card
* a skiing card
I will try to logcat later this day....
FirebirdDE said:
Which variant do you have? (I, and afaik all others that reported here, have a g900f)
What kind of NFC tag do you try to scan? (As I've already written in the top post, Mifare Classic does not work.)
The relevant logcat (see a few posts up, I've posted a setprop-command that enables debug output) would also be interesting.
Btw., the only sound I get is for the recognition of a NFC chip and its removal. Enabling/disabling makes no sound whatsoever.
Click to expand...
Click to collapse
Here is a loccat (created with logcat extrem app - currently no adb available for me)
Actions:
Activate NFC // Scann androidbrands.com Tag // Deactivate NFC
Looks like problems with the "libpn547_fw":
Code:
Line 191: D/NxpFwDnld( 447): @@@/system/vendor/firmware/libpn547_fw.so
Line 193: E/NxpFwDnld( 447): NULL handler : unable to load the library file, specify correct path
Line 199: E/NxpFwDnld( 447): Image extraction Failed - invalid imginfo or imginfolen!!
Line 201: E/NxpFwDnld( 447): Error loading libpn547_fw !!
Line 209: E/NxpHal ( 447): Wrong FW Version >>> Firmware download not allowed
The file exists in "/system/vendor/firmware/libpn547_fw.so" with "rw-rw----"
ostauss said:
Here is a loccat (created with logcat extrem app - currently no adb available for me)
Actions:
Activate NFC // Scann androidbrands.com Tag // Deactivate NFC
Looks like problems with the "libpn547_fw":
Code:
Line 191: D/NxpFwDnld( 447): @@@/system/vendor/firmware/libpn547_fw.so
Line 193: E/NxpFwDnld( 447): NULL handler : unable to load the library file, specify correct path
Line 199: E/NxpFwDnld( 447): Image extraction Failed - invalid imginfo or imginfolen!!
Line 201: E/NxpFwDnld( 447): Error loading libpn547_fw !!
Line 209: E/NxpHal ( 447): Wrong FW Version >>> Firmware download not allowed
The file exists in "/system/vendor/firmware/libpn547_fw.so" with "rw-rw----"
Click to expand...
Click to collapse
changed permissions to "rw-rw-r--" looks like lib is correctly loaded, but scanned androidbands.com Tag still not recognized by TagInfo...

Categories

Resources