add GosCompatWebViewUaStartupTests and GosCompatDmaBufReleaseTests#355
Open
inthewaves wants to merge 2 commits into
Open
add GosCompatWebViewUaStartupTests and GosCompatDmaBufReleaseTests#355inthewaves wants to merge 2 commits into
inthewaves wants to merge 2 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Kernel patch for the panic in the DmaBufRelease tests is at https://gitlab.com/grapheneos/kernel_pixel_muzel/-/merge_requests/8
GosCompatWebViewUaStartupTests
See GrapheneOS/os-issue-tracker#7829 (comment)
GosCompatWebViewUaStartupTestscovers WebView default user agent startup when an app worker thread holds an app lock and the app UI thread is blocked trying to acquire the same lock on the Androidmain looper. It relaunches the helper app process for each attempt so
WebSettings.getDefaultUserAgent()is exercised from a fresh app start.This is especially evident with apps not following recommended practices for Google Mobile Ads SDK.
For example, an app can call this on the main thread:
Google recommends to only call AdLoader.Builder from a worker thread 1. However, not all apps
follow these recommendations. The nuance is that
loadAdcan only be called on the main thread, butthe creation of the AdLoader should be done on a worker thread.
During app startup, a worker thread in the Mobile Ads SDK holds a singleton lock and calls
WebSettings.getDefaultUserAgent(). When theWebViewFasterGetDefaultUserAgentfeature for WebViewis disabled, this blocks the worker thread until its task posted to the main thread to initialize
WebView finishes.
Meanwhile, the main thread of the app enters Mobile Ads SDK by the function calls above. Inside of
AdLoader.Builder#build, if the Dynamite ads module is not available, the library has a localfallback path which attempts to acquires the singleton lock that the worker thread is holding. The
result is that the main thread gets blocked on a lock held by the worker thread which is waiting for
main thread to process its task.
Dynamite ads module can be unavailable if Play services + Play Store are not installed (or have some
other issue). This would block users from using any app with SDK used in this way.
By enabling
WebViewFasterGetDefaultUserAgent, the worker thread no longer waits on theinitialization task posted to main thread to finish and gets a user agent immediately. This works
around this deadlock.
GosCompatDmaBufReleaseTests
See GrapheneOS/os-issue-tracker#7347
This module is a targeted regression test for a 10th-gen Pixel kernel memory error in the Samsung
DMA-BUF secure chunk heap release path.
The tests will panic on a kernel without the patch for the memory error. Note that these tests are
designed to be non-priv apps.
Access rules
The helper app intentionally opens the heap devices directly. This is allowed by the device policy
and file modes:
vendor/etc/ueventd.rcsets both heap devices to mode0444.dmabuf_system_secure_heap_device.system/sepolicy/private/app.teallows non-isolated app domains to read and opendmabuf_system_secure_heap_devicecharacter devices.The native helper only accepts the allowlisted heap names above. It does not use the intent extra as
an arbitrary file path.
Relationship to existing AOSP tests
The native helper follows the same basic allocation and release pattern as the existing DMA-BUF heap
unit tests:
system/memory/libdmabufheap/tests/dmabuf_heap_test.cpp:DmaBufHeapTest.AllocateallocatesDMA-BUF fds and closes them to release the buffers.
system/memory/libdmabufheap/tests/dmabuf_heap_test.cpp:DmaBufHeapTest.RepeatedAllocaterepeats the same allocate and close path.
system/memory/libdmabufheap/tests/dmabuf_heap_test.c:libdmabufheaptest()exercises the Cwrapper around the same libdmabufheap allocation flow.
Note that these tests did not panic. In general, CTS tests in AOSP don't exercise these
Pixel-specific paths or they don't test process teardown.
This helper intentionally does not link
libdmabufheap, because it is built inside the SDK-builthelper APK and needs to target Pixel secure heap device names directly. Instead, it opens
/dev/dma_heap/vframe-secureor/dev/dma_heap/vstream-secureand issuesDMA_HEAP_IOCTL_ALLOC,then either closes the returned fd during manual release or leaves it open until process teardown
closes it.
The protected EGL tests uses the public EGL/GLES shape that is closest to the PowerVR usage:
EGL_EXT_protected_contenton a protected context and pbuffer surface, plusGL_EXT_protected_texturesfor protected texture storage. It then keeps the helper process aliveuntil the instrumentation test force stops it.
Footnotes
https://developers.google.com/admob/android/native#build ↩