[ROM][7.1.2][i9305]Unofficial LineageOS 14.1 by Exynos4 Team
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*/
What is Exynos4 Team?
The Exynos4 team is composed of the current maintainers for T0LTE/T0LTEKOR for both LineageOS and Resurrection Remix.
(@Option58, @kozmo21 and @PoisonNinja)
Difference between this and official Lineage 14.1
This is more like a bleeding edge build. Upcoming changes/fixes will show up here first, and eventually make it into Lineage official. So, if you want the latest and greatest changes for the Note 2 and than ported to the i9305, if possible, flash this instead of official.
Due to LineageOS rules, if you are switching between official and unofficial builds you will have to clean flash.
Exynos4 Team like to say thanks to:
The great developer community out there. We've had a lot of help from other people.
- the LineageOS team
- the Galaxy S3 LineageOS maintainer github.com/fourkbomb.
- the NamelessROM project github.com/namelessrom.
- xda users for testing and bug reports.
And I want to say thanks to:
PoisonNinja and Option58, who helped me a lot to set up the device tree and vendor blobs for that Exynos4 rom,
which is mainly created or grown out of the hwc idea.
and credits to @p.a.n for his work and providing his changes and patches.
Working
Graphics
Wifi
Data
RIL
Bluetooth (?!?)
Sensors
Vibration
Camera
NFC
Audio
Video Playback
Not working/Bugs/Unknown
[*]GPS is not working currently Fix is in second post!!
Bluetooth audio (may or may not work for you), please check and report back
MTP crashes when uninstalling an app
Installation
Read the FAQ to familiarize yourself with any issues that may come up
Make sure you're using the latest TWRP version
Download and copy latest rom version to the phone, preferably on internal storage
Factory reset in TWRP (Very important! Do not skip)
Format system, cache, dalvik, data
Flash unofficial LineageOS 14.1
Flash Gapps
Optional: Flash root package
Reboot
Be patient. The first boot will take between 5 - 15 minutes.
See the FAQ to avoid common issues
For updates, it's OK to dirty flash. If you experience any issues however, it is recommended that you clean flash.
Download
lineage-14.1-20170618-UNOFFICIAL-i9305-HWC.zip: June 18, 2017
6/18/2017 (i9305)
Sync with the latest Lineage sources
Hardware composer fixes
[*] Switch back to proprietary RIL 4.4 blobs
Properly fixed screencast
Lots of security patches in the kernel
Temporarily switched SELinux to permissive
XDA:DevDB Information
LineageOS 14.1 by Exynos4 Team, ROM for the Samsung SIII LTE (i9305)
Contributors
PoisonNinja, Option58, kozmo21, LineageOS team
Source Code: https://github.com/Exynos4
ROM OS Version: 7.x Nougat
Based On: LineageOS
Version Information
Status: Beta
Created 2017-06-18
Last Updated 2017-06-18
Just a few info
Root
LineageOS removed builtin root, so you need to flash the root package linked above.
Please test especially calls, incoming and outgoing, mobile data and bluetooth.
The rom/build is based on pans vendor proprietary (ril) blobs and should improve our ril and hopefully fix our reboot problem.
Kernel is set to permissive at the moment. Stickt version also ok.
Please also test bluetooth (audio transfer), because I am not sure, whether it works correct.
GPS is currently not working. Will try to fix that with one of the next builds.
Edit: previous GPS fix is working and solve the problem. Changes will be added in next update.
You can also find it here attached fixed in version: 0702
Other than the HWC and blob changes, the rom is based on pure lineageos sources/repos.
if I need another one
I'm getting bootloops with that build (it doesn't reach far enough for adb to pull the logs). I tried building a build with older blobs yesterday. My build was getting SIGSEGV caused by ks. I'll try building a non hwc version using your blobs and i9305 repository.
I also noticed some reboots, but none anymore during the last night. So I assume that the reboots could not be solved with changing the blobs and also not with that different ril sources/blobs. I doubt that the reboots will be gone with a non hwc version, but we will see. Beside of that are the other things working? Calls, mobile data etc?
Non hwc version booted ok. at_distributor is having problems :
Code:
06-19 03:06:25.941 2812 2812 F libc : CANNOT LINK EXECUTABLE "/system/bin/at_distributor": cannot locate symbol "supportExpandedNV" referenced by "/system/bin/at_distributor"...
06-19 03:06:25.941 2812 2812 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 2812 (at_distributor)
but RIL works anyway (at least SMS). I'll try replacing it with stock i9305 at_distributor. I've got one reboot but I didn't launch logcat/kmsg before and had only short last_kmsg. We should try replacing the blobs with the stock i9305 ones because for now they are mixed. We could give a shot to persist.radio.apm_sim_not_pwdn=1 in system.prop too. I haven't tested anything beside RIL reboots (I'm testing it during night and hoping it will manage to reboot before next day because for daily usage I'm going back to the last stable rom).
Many thanks and when you managed to solve the mix up and your tests are ok, it would be good, if you can upload your changes to github. Think it doesn't make sense that we do all the work twice
Edit: seems to be again or still:
Code:
Kernel panic - not syncing: Fatal exception
and I think caused because of:
Code:
<6>[ 184.685341] c0 mdm_hsic_pm_notify_event: unblock request
<6>[ 184.685375] c0 notify_modem_fatal or shutdown
<6>[ 184.685403] c0 ap2mdm_status is high
<6>[ 184.685425] c0 ap2mdm_errfatal is high
<6>[ 184.685449] c0 mdm2ap_status is low
<6>[ 184.685471] c0 mdm2ap_errfatal is low
<6>[ 184.685492] c0 During shutdown, return notify_modem_fatal
rodman01 said:
Many thanks and when you managed to solve the mix up and your tests are ok, it would be good, if you can upload your changes to github. Think it doesn't make sense that we do all the work twice
Edit: seems to be again or still:
Code:
Kernel panic - not syncing: Fatal exception
and I think caused because of:
Code:
<6>[ 184.685341] c0 mdm_hsic_pm_notify_event: unblock request
<6>[ 184.685375] c0 notify_modem_fatal or shutdown
<6>[ 184.685403] c0 ap2mdm_status is high
<6>[ 184.685425] c0 ap2mdm_errfatal is high
<6>[ 184.685449] c0 mdm2ap_status is low
<6>[ 184.685471] c0 mdm2ap_errfatal is low
<6>[ 184.685492] c0 During shutdown, return notify_modem_fatal
Click to expand...
Click to collapse
Don't worry, I'll upload when I have something that's worth uploading. If you got
Code:
<6>[ 184.685425] c0 ap2mdm_errfatal is high
then the issue is still there.
Update
at_distributor from stock references the same function (supportExpandedNV) so the problem rather doesn't lie in the at_distributor itself but in a missing file that contains the missing function.
Update 2
Replacing ks blob with i9305 stock one alone won't work. That leads to the problem that @p.a.n had (https://forum.xda-developers.com/showpost.php?p=64395738&postcount=218) (https://forum.xda-developers.com/showpost.php?p=64448961&postcount=269)
mtr_ said:
Update 2
Replacing ks blob with i9305 stock one alone won't work. That leads to the problem that @p.a.n had (https://forum.xda-developers.com/showpost.php?p=64395738&postcount=218) (https://forum.xda-developers.com/showpost.php?p=64448961&postcount=269)
Click to expand...
Click to collapse
There is a simple solution (or hack to be more precise) to this and I believe I`ve also described it somewhere here - open the ks binary with some binary editor, find the connect string (it should be there twice) and replace it something else with the same length (I used xonnect).
This is a linker related problem, ks contains symbol connect, which replaces connect from libc (I hope it is there, if not it is some other system library), but with a totally different functionality, which causes a crash. Don`t ask me why this is happening in one environment and in other (the old one), I don`t know.
Maybe this last_kmsg looks better now?
Code:
Samsung S-Boot 4.0 for GT-I9305 (Sep 12 2014 - 13:40:58)
EXYNOS4412(EVT 1.1) / 2044MB / 0MB / Rev 2 / I9305XXUFNI3 /(PKG_ID 0xb070018)
BOOTLOADER VERSION : I9305XXUFNI3
PMIC rev = PASS2(4)
BUCK1OUT(vdd_mif) = 0x05
BUCK3DVS1(vdd_int) = 0x20
cardtype: 0x00000007
SB_MMC_HS_52MHZ_1_8V_3V_IO
mmc->card_caps: 0x00000311
mmc->host_caps: 0x00000311
[mmc] capacity = 30777344
MODEL_NAME:{{GT-I9305}}
eMMC_SERIAL_NUMBER:{{1501004D4147344642F74A00ABD19F03}}
- read_bl1
pit_check_signature (PIT) valid.
initialize_ddi_data: usable! (4:0xe)
[RPMB] emmc_rpmb_open:
Get DATA success.
[RPMB] emmc_rpmb_close:
initialize_rpmb_data: usable! (GT-I9305:VERSION_-+A3)
PARAM ENV VERSION: v1.0..
set_charger_current: chg curr(3f), in curr(17)
set_charger_state: buck(1), chg(1), reg(0x05)
microusb_get_attached_device: STATUS1:0x3f, 2:0x00
set_auto_current: ta_state(0), curr(700)
init_fuelgauge: fuelgauge power ok
init_fuelgauge: POR status
fuelgauge_por: POR start: vcell(3975), vfocv(4026), soc(79)
fuelgauge_por: update SDI M0 parameter
fuelgauge_por: RCOMP(0x0063), TEMPCO(0x0930)
fuelgauge_por: POR finish: vcell(3977), vfocv(4085), soc(73)
get_table_soc: vcell(3976) is caculated to t-soc(75.735)
init_fuelgauge: start: vcell(3976), vfocv(4081), soc(73), table soc(75)
init_fuelgauge: finish: vcell(3976), vfocv(4081), soc(73), table soc(75)
init_microusb_ic: before MUIC: CDETCTRL:0x2d
init_microusb_ic: after MUIC: CDETCTRL:0x2d
init_microusb_ic: MUIC: CONTROL1:0x00
init_microusb_ic: MUIC: CONTROL1:0x00
init_microusb_ic: MUIC: CONTROL2:0x3b
init_microusb_ic: MUIC: CONTROL2:0x3b
PMIC_ID = 0x02
PMIC_IRQSRC = 0x00
PMIC_IRQ1 = 0x02
PMIC_IRQ2 = 0x00
PMIC_IRQ1M = 0xff
PMIC_IRQ2M = 0xff
PMIC_STATUS1 = 0x13
PMIC_STATUS2 = 0x00
PMIC_PWRON = 0x01
PMIC_RTCINT = 0x11
PMIC_RTCINTM = 0x3f
s5p_check_keypad: 0x100000
s5p_check_reboot_mode: INFORM3 = 0 ... skip
s5p_check_upload: MAGIC(0xc1d0c0d6), RST_STAT(0x10000)
microusb_get_attached_device: STATUS1:0x3f, 2:0x00
s5p_check_download: 0
microusb_get_attached_device: STATUS1:0x3f, 2:0x00
check_pm_status: charger is not detected
check_pm_status: voltage(3978) is ok
cmu_div:1, div:7, src_clk:800000000, pixel_clk:38102400
s5p_dsim_display_config: VIDEO MODE
a2, 60, 90,
<start_checksum:481>CHECKSUM_HEADER_SECTOR :4096
<start_checksum:483>offset:50, size:6296
<start_checksum:485>CHECKSUM_HEADER_INFO : NeedChecksum:0 PartNo:20
Not Need Movinand Checksum
Movinand Checksum Confirmation Pass
[mobi_drv] add: 0x43e52500, size: 3933
MobiCore INIT response = 0
MobiCore RTM has initialized!
MobiCore IDLE flag = 0
MobiCore driver address 43e52500, size = 3933
MobiCore RTM Notified back!
MobiCore Driver loaded and RTM IDLE!
MobiCore RTM has been uninitialized!
load_kernel: loading boot image from 106496..
Verify_Binary_Signature: failed.
pit_check_signature (BOOT) invalid.
Set invalid sign flag
No need to update kernel type.
SMC Num = 0x83000001
mobismc success!!! [ret = 0]
[s5p_check_sboot_version_rpmb]cur_version:VERSION_-+A3, rpmb_version:VERSION_-+A3
rpmb_version:51, cur_version:51
ATAG_CORE: 5 54410001 0 0 0
ATAG_MEM: 4 54410002 20000000 40000000
ATAG_MEM: 4 54410002 20000000 60000000
ATAG_MEM: 4 54410002 20000000 80000000
ATAG_MEM: 4 54410002 1FC00000 A0000000
ATAG_SERIAL: 4 54410006 42f74a00 abd19f03
ATAG_INITRD2: 4 54420005 42000000 17b548
ATAG_REVISION: 3 54410007 2
check_rustproof [0]
ATAG_CMDLINE: b1 54410009 'console=ram loglevel=4 androidboot.baseband=mdm sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.debug_level=0x4f4c [email protected] [email protected] [email protected] s3cfb.bootloaderfb=0x5ec00000 lcdtype=96 consoleblank=0 lpj=3981312 vmalloc=176m oops=panic pmic_info=67 cordon=471c411f44a4d1cb9c99510ec7e578a1 connie=GT-I9305_OPEN_EUR_10e569b8255514f00b8793d908e78a26 androidboot.emmc_checksum=3 androidboot.boot_salescode= androidboot.odin_download=1 androidboot.bootloader=I9305XXUFNI3 androidboot.selinux=enforcing androidboot.warranty_bit=1 androidboot.sec_atd.tty=/dev/ttySAC2 androidboot.serialno=42f74a00abd19f03 snd_soc_core.pmdown_time=1000'
ATAG_NONE: 0 0
Starting kernel at 0x40008000...
SWITCH_SEL(3)
p.a.n said:
There is a simple solution (or hack to be more precise) to this and I believe I`ve also described it somewhere here - open the ks binary with some binary editor, find the connect string (it should be there twice) and replace it something else with the same length (I used xonnect).
This is a linker related problem, ks contains symbol connect, which replaces connect from libc (I hope it is there, if not it is some other system library), but with a totally different functionality, which causes a crash. Don`t ask me why this is happening in one environment and in other (the old one), I don`t know.
Click to expand...
Click to collapse
Thanks for hint, I know that you don't work on i9305 anymore. Isn't that connect that comes internally in ks used somewhere ? After all they had to have a reason to place an internal function like that. After you left the development, it seems that the current ks that is being used in LineageOS based roms seems to be taken from other device. The current situation is as follows: the modem crashes from time to time, ks during that crash is having issues during SAHARA protocol file transfer. I don't know whether it is the modem that causes the ks crash, or ks that causes modem crash.
rodman01 said:
Maybe this last_kmsg looks better now?
Click to expand...
Click to collapse
The pasted log contains only what happened after reboot. It shows the next boot. If you wanted to show a crash, it isn't saved. It could be truncated, because last_kmsg has limited buffer (for most of the modem issues it was just too small to show everything). You can use the methods to capture logs I posted somewhere else.
yes I noticed this too after pulling another one.
But with my current used blobs I do not have that:
Code:
<6>[ 184.685425] c0 ap2mdm_errfatal is high
anymore, but still reboots and:
Code:
<6>[ 1581.571051] c0 mdm_subsys_powerup: mdm modem restart timed out.
<0>[ 1581.571210] c0 Kernel panic - not syncing: subsystem_restart_wq_func[eac9d720]: Failed to powerup external_modem!
rodman01 said:
yes I noticed this too after pulling another one.
But with my current used blobs I do not have that:
Code:
<6>[ 184.685425] c0 ap2mdm_errfatal is high
anymore, but still reboots and:
Code:
<6>[ 1581.571051] c0 mdm_subsys_powerup: mdm modem restart timed out.
<0>[ 1581.571210] c0 Kernel panic - not syncing: subsystem_restart_wq_func[eac9d720]: Failed to powerup external_modem!
Click to expand...
Click to collapse
Still not good. Have you tried modyfing the stock ks as @p.a.n wrote ? I think that the blobs can be swapped on already installed Android, without recompiling everything. Doing adb push should work too. Something like: adb root, adb remount, adb push, reboot.
I know that this is not good.
No I haven't, I have no such editor and haven't searched for it. Have you tried that already?
rodman01 said:
I know that this is not good.
No I haven't, I have no such editor and haven't searched for it. Have you tried that already?
Click to expand...
Click to collapse
Any hex editor should be enough (for Windows you could try https://mh-nexus.de/en/hxd/ ). I haven't tried yet, I returned to stock rom.
mtr_ said:
Thanks for hint, I know that you don't work on i9305 anymore. Isn't that connect that comes internally in ks used somewhere ? After all they had to have a reason to place an internal function like that. After you left the development, it seems that the current ks that is being used in LineageOS based roms seems to be taken from other device. The current situation is as follows: the modem crashes from time to time, ks during that crash is having issues during SAHARA protocol file transfer. I don't know whether it is the modem that causes the ks crash, or ks that causes modem crash.
Click to expand...
Click to collapse
I actually do work on it, just don`t publish, since I was under impression that the official version is fine and the problem you are describing here is caused by old version of modem. I didn`t want to change it, so I solved the problem by using the KitKat RIL with the modification I mentioned.
As far as I know the connect symbol in the ks binary is used only internaly (and shouldn`t be exported at all). It seems like a simple name colision, which was handled differently in KitKat. I`ve been using the modified ks for a long time and it doesn`t seem to have any negative side effect.
I`ll try to put together all the changes against the official code I have and publish again some of my builds. LineageOS 14.1 is quite stable on my device, so I hope this will help you. I just cannnot promise, when this will be, since I am pretty bussy now (more I`ve ever been).
I am uploading at the moment a new test build, where in my logcat no at distributor error and no SIGABRT error or message is to be seen at the moment. Maybe someone is around who is willing to test it....?!?
New test build is uploaded now.
Its based on todays leos sources and nameless/crazyweasel 3.0 vendor/blobs.
Download
lineage-14.1-20170621-UNOFFICIAL-i9305-hwc.zip: https://www.androidfilehost.com/?fid=673368273298966239
Please report back about reboots and or any other error or bug.
GPS is fixed and should work now.
p.a.n said:
I actually do work on it, just don`t publish, since I was under impression that the official version is fine and the problem you are describing here is caused by old version of modem. I didn`t want to change it, so I solved the problem by using the KitKat RIL with the modification I mentioned.
Click to expand...
Click to collapse
Lucky. It seems that by doing that you avoided the RIL problems (and thus saved time ). The thing worth mentioning is that there are quite new stock releases available (I9305XXSFQ series).
rodman01 said:
New test build is uploaded now.
Its based on todays leos sources and nameless/crazyweasel 3.0 vendor/blobs.
Please report back about bootloops and or any other error or bug.
GPS is fixed and should work now.
Click to expand...
Click to collapse
Tested, unfortunately bootloops. Did you try it after a dirty flash or a clean one ?
I made a non hwc build with https://github.com/CrazyWeasel/proprietary_vendor_samsung/tree/n-3.0/i9305 and modified ks from https://github.com/p-an/android_device_samsung_i9305/blob/cm-14.1/proprietary/system/bin/ks . ks works, at_distributor doesn't whine about missing symbol, but that it can't connect to ATD.
Code:
06-22 04:24:28.916 5290 5290 V AT_Distributor_diag: can't connect to atd socket
06-22 04:24:29.046 5293 5293 V AT_Distributor_diag: ConnectToATD
I was running the build for an hour, so not long enough to tell whether the modem issue appears. 4:50 AM, time to get back to stock
I had a reboot during the night too. And now, since the last half an hour, several reboots again. So I would say, this test version is almost unusable at the moment. Did a clean flash after changing to crazyweasel blobs.
Related
Github:
I now consider this Release Candidate quality. Please do report issues (with logcats and dmesgs). Check the known bugs, etc, etc.
https://github.com/s0be/cm-kernel
the -amonra zip is for recoveries that don't take the FS type as the first argument of mount(...) If the regular zip fails complaining about missing files, try the -amonra version.
Latest official version:
no debug
http://heroc.s0be.com/HERC-2.6.35-AP-5.zip
http://heroc.s0be.com/HERC-2.6.35-AP-5-amonra.zip
Headset detection less broken. Now it always thinks there's a mic connected to anything plugged in.
http://heroc.s0be.com/HERC-2.6.35-AP-4.zip
http://heroc.s0be.com/HERC-2.6.35-AP-4-amonra.zip
If that download doesn't work for you, your OS likely has a broken ipv6 stack. Please check that you have ipv6 disabled if you don't actually have an ipv6 connection.
What works:
Ram console
Keypad
Screen
Touchscreen
GPS
Compass
G-Sensor
nand
Early Suspend
Bluetooth
Headset Detection
Camera
What Doesn't work or hasn't been tested:
Thanks to:
Elemag for the initial Hero 2.6.35 port, with Erasmux as a major contributor, Decadence for the 2.6.34/35 heroc board files, and riemervdzee for his pointers at fixes needed to get it working and his continued drive to get this kernel full featured and stable, and everyone they pulled from (Darch, Toast, Cyanogen, etc, etc). If I've forgotten anyone, please let me know the names to add.
See first post for current. This is just historic releases.
Headset detection fixed. Mic detection not working yet.
Weird audio program related crashes fixed
http://heroc.s0be.com/HERC-2.6.35-AP-3.zip
http://heroc.s0be.com/HERC-2.6.35-AP-3-amonra.zip
Rebased on Pershoot's G1 2.6.35.11 Kernel Tree
New base .config
BFS Disabled
Headset detection re-broken. Will be reviewing this currently.
http://heroc.s0be.com/HERC-2.6.35-AP-2.zip
http://heroc.s0be.com/HERC-2.6.35-AP-2-amonra.zip
Camera fix from JayBob via decad3nce
http://heroc.s0be.com/HERC-2.6.35-AP-1.zip
http://heroc.s0be.com/HERC-2.6.35-AP-1-amonra.zip
Pulls some changes from Decad3nce for the camera (still doesn't work) and some i2c speedups from riemervdzee
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-114.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-114-amonra.zip
Fixes most of what I broke in 106
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-109.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-109-amonra.zip
Disabled some ****
Changed some ****
This is an attempt to fix the power issues through voodoo
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-106.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-106-amonra.zip
Fixed headset detection. Haven't figured out if the button works.
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-101.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-101-amonra.zip
Went back to #55(never released) config
Disabled Debug
All updates from #56 still apply
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-57.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-57-amonra.zip
Merged with upstream
Updated msm-camera
Updated msm-i2c
Ripped out a bunch of stuff, disabled debugging
This probably isn't going to be completely happy
This is definitely not happy...
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-56.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-56-amonra.zip
Restored device mapper with crypt support. This may fix missing app issues
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-47.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-47-amonra.zip
tun.ko Enabled - NOT TESTED AT ALL, PLEASE REPORT IF I GOT IT RIGHT
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-45.zip
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-45-amonra.zip
Enabled > 6912000 CPU speeds. Boots capped at 691 though
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-44.zip
Fix ramzswap/compcache
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-42-2.zip
h2w still broken
Camera almost works
Bluetooth is fixed
Touchscreen may not be problematic now.
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-42.zip
Merged MDP changes from upstream
Fixed h2w (I think) someone with a headset, try plugging it
Camera almost works on occasion. Can catch a preview frame now and then.
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-30.zip
Re-enabled netfilter modules
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-23.zip
changed the early_suspend.level value of the synaptics_i2c_rmi driver to match 2.6.29.
Last attempt til next week
still capped at 691200
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-18.zip
Clamped to 691200 max freq
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-17.zip
Maybe solved TS issues??? Testing now.
Fixed USB Mass Storage
Enabled PerfLock
CURRENT MAX IS AT 768000, throwing together a #14 with a 691200 cap.
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-13.zip
First alpha
http://heroc.s0be.com/HERC-2.6.35-sl0ppy_s0be-5.zip
what kind of performance increase will this bring? and will it be nice to have when we get a fully working GB rom?
Unfortunally the current .35 build for the Hero GSM version is slower than any .29 kernel.
But yeah, seems we have to reimplement a lot of optimalisations.
It is nice that we actually get something out of the HeroC though
riemervdzee said:
Unfortunally the current .35 build for the Hero GSM version is slower than any .29 kernel.
But yeah, seems we have to reimplement a lot of optimalisations.
It is nice that we actually get something out of the HeroC though
Click to expand...
Click to collapse
There are other advantages of course, we have to remember. Performance is king, but features are definitely queen. Getting to a recent kernel (2.6.29 is coming up on 2 years old), makes future updates to Heroc a lot easier. Going to up-to-date drivers may allow us to eliminate some of the binary cruft from the Heroc tree, etc, etc.
Two things I've tried:
1. In the xda "hero" dev forum, there was a post that there was a problem with the newer (>.34) yaffs2 code, and you needed to boot and wipe using a 1.7 RA recovery. So, I copied the yaffs2 code from deca's .29 kernel. It then oopsed at 1017 in msm_fb, which was the ifdef'd line for HERO.
2. So, I added "&& !defined(CONFIG_MACH_HEROC)" to line 1016. It then still rebooted, but last_kmsg was different after "vsync on gpio 97 now 0":
[ 3.626831] vsync on gpio 97 now 0
[ 3.632263] msmfb_probe() installing 320 x 480 panel
[ 3.640106] Registered led device: lcd-backlight
[ 3.650085] msm_serial: driver initialized
[ 3.654052] msm_serial_hs module loaded
[ 3.697570] loop: module loaded
[ 3.698760] pmem: 1 init
[ 3.702514] pmem_adsp: 0 init
[ 3.706420] pmem_camera: 0 init
[ 3.711578] Android kernel panic handler initialized (bind=kpanic)
[ 3.712524] AKM8973 compass driver: init
[ 3.718566] input: compass as /devices/virtual/input/input0
[ 3.731079] msm_nand: allocated dma buffer at ffa0a000, dma_addr 256fb000
[ 3.732696] msm_nand: read CFG0 = aa5400c0 CFG1 = 8744a
[ 3.733245] msm_nand: CFG0 cw/page=3 ud_sz=512 ecc_sz=10 spare_sz=4
[ 3.734069] msm_nand: NAND_READ_ID = 5501bcec
[ 3.735229] msn_nand: nandid 5501bcec status c03120
[ 3.735595] msm_nand: manuf Samsung (0xec) device 0xbc blocksz 20000 pagesz 800 size 20000000
[ 3.736114] msm_nand: save CFG0 = e85408c0 CFG1 = 4745e
[ 3.736419] msm_nand: CFG0: cw/page=3 ud_sz=516 ecc_sz=10 spare_sz=0 num_addr_cycles=5
[ 3.737121] msm_nand: DEV_CMD1: f00f3000
[ 3.737609] msm_nand: NAND_EBI2_ECC_BUF_CFG: 1ff
[ 3.738372] 6 cmdlinepart partitions found on MTD device msm_nand
[ 3.738708] Creating 6 MTD partitions on "msm_nand":
[ 3.739257] 0x00001ff60000-0x000020000000 : "misc"
[ 3.753509] 0x000002c60000-0x000003160000 : "recovery"
[ 3.776397] 0x000003160000-0x0000033e0000 : "boot"
[ 3.794219] 0x0000033e0000-0x000009be0000 : "system"
[ 4.070312] 0x000009be0000-0x000009fe0000 : "cache"
[ 4.098876] 0x000009fe0000-0x000020000000 : "userdata"
No errors detected
Don't know if this helps or not. BTW, I'm using Firerats's custom MTD partitions, so I modified the boot parameters.
dbayub said:
Two things I've tried:
1. In the xda "hero" dev forum, there was a post that there was a problem with the newer (>.34) yaffs2 code, and you needed to boot and wipe using a 1.7 RA recovery. So, I copied the yaffs2 code from deca's .29 kernel. It then oopsed at 1017 in msm_fb, which was the ifdef'd line for HERO.
2. So, I added "&& !defined(CONFIG_MACH_HEROC)" to line 1016. It then still rebooted, but last_kmsg was different after "vsync on gpio 97 now 0":
<SNIP>
Don't know if this helps or not. BTW, I'm using Firerats's custom MTD partitions, so I modified the boot parameters.
Click to expand...
Click to collapse
yeah, I had that fixed in my tree, forgot to commit the || -> && change I didn't do that yaffs2 change, but I just tested it with identical results.
Sweet. I'll spend more time on it this weekend. Swamped with homework atm.
Hopefully we'll have something super stable!
Decad3nce said:
Sweet. I'll spend more time on it this weekend. Swamped with homework atm.
Hopefully we'll have something super stable!
Click to expand...
Click to collapse
Made some more progress:
http://android.pastebin.com/AWysQDNk
s0be, i think you're going to blow up the hero scene again. with deca and you working together there's been a lot of progress recently and i want to thank both of you. i really love my hero and you guys keep it feeling young.
AND HOW!!!!!
Sent from my HERO200 using XDA App
jmkarnai01 said:
AND HOW!!!!!
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
More commits
More Progress
http://android.pastebin.com/rqm0Vn1p
You guys are pure AWESOME!
S0be, i was wondering your opinion, once this kernel is completed and we get GB running smoothly, will the supposed 2.4 GB update break everything that is already working or just maybe the new stuff will have to be worked in properly?
Pocker09 said:
S0be, i was wondering your opinion, once this kernel is completed and we get GB running smoothly, will the supposed 2.4 GB update break everything that is already working or just maybe the new stuff will have to be worked in properly?
Click to expand...
Click to collapse
no clue
http://android.pastebin.com/SSRM5MKB
Dang sobe making progress good work man. Thanks!!!!!!!!!!!"!
Sent from my HTC Hero CDMA using XDA App
oostah said:
Dang sobe making progress good work man. Thanks!!!!!!!!!!!"!
Sent from my HTC Hero CDMA using XDA App
Click to expand...
Click to collapse
http://android.pastebin.com/qKr6wEtY
Some more progress, looks like just the smd and i2c errors are left to fix
Looking forward to this. And wow you work like super man lol but thank for the time and hard work.
Root-Hack-Mod-Always™
Just curious, will you guys be running AOSP's GB or will this kernel allow for a less tweaked version of GB? Thanks! Great Job!
The smd stuff is because it used to call both v1 and v2 alloc, and as long as one succeeded, it was OK. Now it's ifdef'd to use different code depending on if CONFIG_MSM_SMD_PKG3 is set or not. Looks like the package 4 code is what works on heroc. With that change, the smd code works.
[ 3.684967] smd_alloc_channel() cid=01 size=08192 'SMD_DIAG'
[ 3.686340] smd_alloc_channel() cid=02 size=08192 'SMD_RPCCALL'
etc. Then it's the i2c failures:
[ 3.841674] msm_i2c msm_i2c.0: Error during data xfer 1e (-5)
[ 3.852203] msm_i2c msm_i2c.0: error, status 63c8
and oops:
[ 4.861785] Internal error: Oops: 80000005 [#1] PREEMPT
[ 4.863433] last sysfs file:
[ 4.864318] Modules linked in:
[ 4.866058] CPU: 0 Not tainted (2.6.35.10-cyanogenmod #11)
[ 4.867706] PC is at 0x0
[ 4.868682] LR is at microp_i2c_probe+0xb70/0x1438
[ 4.869598] pc : [<00000000>] lr : [<c0217e64>] psr: 60000013
[ 4.869659] sp : cc219e10 ip : cc219d10 fp : cc219e74
[ 4.872100] r10: c040eef4 r9 : 00000000 r8 : 00000005
[ 4.873748] r7 : cc255da0 r6 : c040ea10 r5 : cc255d80 r4 : cc48a760
[ 4.874694] r3 : c040ea2c r2 : 00000002 r1 : cc219ce0 r0 : cc219e3c
[ 4.876342] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
This thread to collaborate all efforts towards porting kernel 3.x on to the Galaxy SL. If any developers wish to help then please let me know and I will add you to the repo on Github.
Do not ask for an ETA. If you do or try to cleverly disguise it by asking how long it takes on average or anything along these lines, your post will be reported to a moderator.
Changelog
https://github.com/hillbeast/android_kernel_samsung_latona/commits/ics-latona-3.0
I chose the Github commit system to be the changelog as there are so many things going on at once it would be impossible to keep up with, and I cannot be assed explaining it. If you don't understand then ask, but please don't ask EVERYTHING. Most of the answers will be 'It just does'.
Discussion Thread
This thread is for DEVELOPMENT ONLY. I know you all wish to praise the developers and give your support, but it really clutters things up when there is like 20 posts of 'thanks' and then one post of an update in progress for the project. So let's keep this thread for development, discussion on fixing bugs and such and you can discuss it all over at this thread kindly made over here:
http://forum.xda-developers.com/showthread.php?t=1712224
Source Code
Source: https://github.com/hillbeast/android_kernel_samsung_latona
Members
hillbeast
dhiru1602
crackerizer
If anyone else who has a keen knowledge of the Linux kernel can help, then let me know. Fork the repository, make some changes and send me a pull request. If you don't know how to do that or can't figure out how to do it then you won't be able to help me.
Why Do We Need Kernel 3.
Easier updating the kernel to add security and performance boosts from mainline Linux kernels
More support for new versions of Android
Android 4.0 was built upon Linux Kernel 3.0.x and therefore expects kernel 3.0s APIs
Faster, more secure system
NO SAMSUNG MORONIC CODE
Because it's just better
Please let me know if you are interested (able to) in helping this cause. Please don't put your hand up if you can't dedicate your phone to this. This will result in your phone being out of action quite a lot while we are testing, and if you need your phone 24/7 then you're going to need to keep flashing back. You will also NEED ODIN. Flashing from CWM is not an option.
Status
UART dump:
Code:
Uncompressing Linux... done, booting the kernel.
<6>Initializing cgroup subsys cpu
<5>Linux version 3.0.8+ ([email protected]) (gcc version 4.4.3 (GCC) ) #Test PREEMPT Mon Sep 24 11:09:01 NZST 2012
CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c53c7f
CPU: VIPT nonaliasing data cache, VIPT aliasing instruction cache
Machine: LGE Hub board
<6>Reserving 4194304 bytes SDRAM for VRAM
Memory policy: ECC disabled, Data cache writeback
<6>OMAP3630 ES1.2 (l2cache iva sgx neon isp 192mhz_clk )
<6>SRAM: Mapped pa 0x40208000 to va 0xfe408000 size: 0x7000
<7>On node 0 totalpages: 62976
<7>free_area_init_node: node 0, pgdat c06cbb8c, node_mem_map c083f000
<7> Normal zone: 512 pages used for memmap
<7> Normal zone: 0 pages reserved
<7> Normal zone: 62464 pages, LIFO batch:15
<6>Clocking rate (Crystal/Core/MPU): 26.0/400/800 MHz
<6>Reprogramming SDRC clock to 400000000 Hz
<7>pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
<7>pcpu-alloc: [0] 0
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 62464
<5>Kernel command line: console=ttyS2,115200 videoout=omap_vout omap_vout.video1_numbuffers=6 omap_vout.vid1_static_vrfb_alloc=y omapfb.vram="0:4M" version=Sbl(1.0.0) 2011-03-21 10:46:47 androidboot.mode=jig bootmode=0 androidboot.current_panel=0
<6>PID hash table entries: 1024 (order: 0, 4096 bytes)
<6>Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
<6>Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
<6>Memory: 246MB = 246MB total
<5>Memory: 238620k/238620k available, 23524k reserved, 0K highmem
<5>Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
DMA : 0xffc00000 - 0xffe00000 ( 2 MB)
vmalloc : 0xd0800000 - 0xf8000000 ( 632 MB)
lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
.init : 0xc0008000 - 0xc003d000 ( 212 kB)
.text : 0xc003d000 - 0xc0674d5c (6368 kB)
.data : 0xc0676000 - 0xc06cc500 ( 346 kB)
.bss : 0xc06cc524 - 0xc083ed88 (1483 kB)
<6>Preemptible hierarchical RCU implementation.
<6>NR_IRQS:410
<6>IRQ: Found an INTC at 0xfa200000 (revision 4.0) with 96 interrupts
<6>Total of 96 interrupts on 1 active controller
<6>OMAP clockevent source: GPTIMER1 at 32768 Hz
<6>sched_clock: 32 bits at 32kHz, resolution 30517ns, wraps every 131071999ms
<6>Console: colour dummy device 80x30
<6>Calibrating delay loop... <c>798.24 BogoMIPS (lpj=3117056)
<6>pid_max: default: 32768 minimum: 301
<6>Mount-cache hash table entries: 512
<6>Initializing cgroup subsys debug
<6>Initializing cgroup subsys cpuacct
<6>Initializing cgroup subsys freezer
<6>CPU: Testing write buffer coherency: ok
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_core
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_per
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_wkup
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for usbhs_ohci
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for usbhs_ehci
<4>omap_hwmod: gpt12_fck: missing clockdomain for gpt12_fck.
What needs to be done
Everything
mach code (board-latona)
plat code
drivers
How To Build
git clone git://github.com/hillbeast/android_kernel_samsung_latona -b android-latona-3.0
cd android_kernel_latona
make latona_defconfig ARCH=arm
./build.sh config
./build.sh
Things to be aware of
I feel these things should be mentioned as they are important changes that may disrupt peoples user experience on the phone.
Odin will not work anymore for flashing ROMs. It's as simple as that. We will no longer be using STL/BML/TFSR for interfacing with the NAND, and that is what ODIN expects to be working with: partitions in STL format. We simply will not support STL when this kernel is complete as it is closed source and will not function on kernel 3.x. We will be moving over to MTD which is mainline, and regularly gets updates to improve performance, reliability and in general to make it better.
Kernels will however be flashable from ODIN. This WILL NOT change. Kernels, modems and bootloaders will all still work from Odin. Data, system and cache will not.
I know this will annoy a few people, as it will disrupt me too as a developer and a Windows user, it's nice to be able to flash a ROM this way, but we're going to have to move towards distributing ROMs in update.zips only.
There will be no support for Samsung Froyo/Gingerbread ROMs in kernel 3.x. The reasoning behind this is because Samsung ROMs want Samsung drivers and we won't be using any of them. We will be aiming to support CM7 and CM9, or generally any AOSP ROM, but not Samsungs proprietary ROM. You may think 'well why not make the drivers work for both', but the problem is not with making the drivers work, the problem is with the fact that a lot of these drivers were written for a kernel almost 10 major versions out of date by now, and will not function on the new kernels APIs. If we try to make them work, it will make the kernel unstable and it's going to degrade the experience for the end user. As well as that, we don't know how half these drivers actually work because they are either coded so badly it's impossible to make heads or tails of it, or it's closed source and we can't find sources for it.
Kernel 3.x will not allow us to work magic with the phone. Having a newer kernel won't allow us to make the CPU itself faster, we can't give it more RAM (or find more RAM in there). We won't be able to unlock more performance from x part. This is not a magical rebirth of the phone, this is just a major fix up of all the current issues we face with AOSP based ROMs on the phone. It will most likely make the phone faster, but we can't magically make it into a dual core or something like that. It just isn't possible.
Did you see it? Could have been anyone. Could you spot him in a crowd? Probably not. It's just a reserved post.
And I think this should do it for reserved posts. You may now post.
i will be glad to help
sachin sharma said:
u using lenaro toolchain? wow
that will make the kernel go zoooom
Click to expand...
Click to collapse
For the Galaxy 3 I use Codesourcery 4.5.2 as Linaro doesn't work on it. I will see what works best for this phone. I have to learn the whole device.
Sent from my GT-I9100 using XDA
hillbeast said:
For the Galaxy 3 I use Codesourcery 4.5.2 as Linaro doesn't work on it. I will see what works best for this phone. I have to learn the whole device.
Sent from my GT-I9100 using XDA
Click to expand...
Click to collapse
m connfused??????
in ur build.sh u have used
TOOLCHAIN=/usr/linaro/bin/arm-linux-gnueabi-?????
y is this lenaro toolchain for?
r u going to edit it n use sum other toolchain???
---------- Post added at 12:18 PM ---------- Previous post was at 12:03 PM ----------
hillbeast said:
For the Galaxy 3 I use Codesourcery 4.5.2 as Linaro doesn't work on it. I will see what works best for this phone. I have to learn the whole device.
Sent from my GT-I9100 using XDA
Click to expand...
Click to collapse
i m going to fork ur repostory!!!
downloading vmware now as i dont have linux environment due to hard disk issues
sachin sharma said:
m connfused??????
in ur build.sh u have used
TOOLCHAIN=/usr/linaro/bin/arm-linux-gnueabi-?????
y is this lenaro toolchain for?
r u going to edit it n use sum other toolchain???
---------- Post added at 12:18 PM ---------- Previous post was at 12:03 PM ----------
i m going to fork ur repostory!!!
downloading vmware now as i dont have linux environment due to hard disk issues
Click to expand...
Click to collapse
Oh perhaps I am using Linaro. I was at work when I wrote that so I wasn't really thinking.
I have a build server that I use for my development, but I used to use VMware for my Linux devving so that will work fine for you too.
Also update on the USB issue I was having, it must have been the condensation because it's working fine now after leaving it to dry out while I was at work. I'm flashing Gingerbread on it so I have a stable platform while I learn the device.
Right so first priority is to get UART output. My current UART cable with a 612K resistor (I think it was 612K) doesn't give me any output. I'd say that is the wrong resistor for this device, so I need to find out which one it is. However the cable does JIG the phone to start up.
hillbeast said:
Right so first priority is to get UART output. My current UART cable with a 612K resistor (I think it was 612K) doesn't give me any output. I'd say that is the wrong resistor for this device, so I need to find out which one it is. However the cable does JIG the phone to start up.
Click to expand...
Click to collapse
Update to this: got this output:
Code:
AST_POWERON
BOOTING COMPLETED
That's the modem speaking to me over UART. Gotta change the UART mode to PDA instead of MODEM. Will do that once I root the phone.
hillbeast said:
Update to this: got this output:
Code:
AST_POWERON
BOOTING COMPLETED
That's the modem speaking to me over UART. Gotta change the UART mode to PDA instead of MODEM. Will do that once I root the phone.
Click to expand...
Click to collapse
Another update, I did this in adb shell:
Code:
echo PDA > /sys/devices/platform/switch-sio/uart_sel
Then rebooted the phone with my UART cable attached and now I get this:
Code:
Uncompressing Linux... done, booting the kernel.
So it's giving me output up until the kernel boots which told me the console attribute in the cmdline isn't set. I looked and that confirmed it that it wasn't. I will get the sourcecode for a kernel and compile it with the console attribute.
So yes, this phone will do UART. I just have to do it a bit weirdly.
I made a discussion thread here, post only developement related things in here, and everything else goes there
loneagl said:
@hillbeast
Sorry to interrupt dude
Linux is Greek to many of us......
so does this mean kernel 3.x is possible???
Sent from my GT-I9003 using XDA
Click to expand...
Click to collapse
It means I will be able to debug the kernel while I am developing it.
Skander1998 said:
I made a discussion thread here, post only developement related things in here, and everything else goes there
Click to expand...
Click to collapse
Thanks. I will subscribe to it.
Sent from my GT-I9100 using XDA
Right so I just had to figure out how to compile kernels on this phone. It's completely different to doing it on the Galaxy 3. On the G3, we just use zImages, whereas here it's using boot.imgs which is quite different. I've updated my build.sh to account for this. I'm still not actually working on Kernel 3.x. I'm still learning the device and getting it set up so I can develop on it.
hillbeast said:
Right so I just had to figure out how to compile kernels on this phone. It's completely different to doing it on the Galaxy 3. On the G3, we just use zImages, whereas here it's using boot.imgs which is quite different. I've updated my build.sh to account for this. I'm still not actually working on Kernel 3.x. I'm still learning the device and getting it set up so I can develop on it.
Click to expand...
Click to collapse
Maybe this help
hillbeast said:
Right so I just had to figure out how to compile kernels on this phone. It's completely different to doing it on the Galaxy 3. On the G3, we just use zImages, whereas here it's using boot.imgs which is quite different. I've updated my build.sh to account for this. I'm still not actually working on Kernel 3.x. I'm still learning the device and getting it set up so I can develop on it.
Click to expand...
Click to collapse
Yup.... the boot.img contains both the zImage and ramdisk ...
Sent from my GT-I9003 using XDA
TheFrankenstain said:
Maybe this help
Click to expand...
Click to collapse
Already figured it out, but thanks anyway.
arindammanidas said:
Yup.... the boot.img contains both the zImage and ramdisk ...
Sent from my GT-I9003 using XDA
Click to expand...
Click to collapse
zImages can contain ramdisks too. Been using it like that on the G3 for long time. We used LZMA compression and managed to cram a hell of a lot into the boot partition.
hillbeast said:
Right so I just had to figure out how to compile kernels on this phone. It's completely different to doing it on the Galaxy 3. On the G3, we just use zImages, whereas here it's using boot.imgs which is quite different. I've updated my build.sh to account for this. I'm still not actually working on Kernel 3.x. I'm still learning the device and getting it set up so I can develop on it.
Click to expand...
Click to collapse
i can make boot.img for u
if u want
Kernel 3.x is now having progress again, updating the thread!
Hey guys, i noticed that the new thread for Kernel 3.x developement is getting spammed a little, so please post anything not related to development here.
I will also include latest updates including a small faq (i will add more when you guys ask questions).
Current members working on the project:
hillbeast
dhiru1602
crackerizer
Latest News: (First is newest)
Current issue: Kernel is booting but crashing, still in stage 1.
hillbeast said:
Isn't patience a virtue...?
Code:
Uncompressing Linux... done, booting the kernel.
<6>Initializing cgroup subsys cpu
<5>Linux version 3.0.8+ ([email protected]) (gcc version 4.4.3 (GCC) ) #Test PREEMPT Mon Sep 24 11:09:01 NZST 2012
CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c53c7f
CPU: VIPT nonaliasing data cache, VIPT aliasing instruction cache
Machine: LGE Hub board
<6>Reserving 4194304 bytes SDRAM for VRAM
Memory policy: ECC disabled, Data cache writeback
<6>OMAP3630 ES1.2 (l2cache iva sgx neon isp 192mhz_clk )
<6>SRAM: Mapped pa 0x40208000 to va 0xfe408000 size: 0x7000
<7>On node 0 totalpages: 62976
<7>free_area_init_node: node 0, pgdat c06cbb8c, node_mem_map c083f000
<7> *Normal zone: 512 pages used for memmap
<7> *Normal zone: 0 pages reserved
<7> *Normal zone: 62464 pages, LIFO batch:15
<6>Clocking rate (Crystal/Core/MPU): 26.0/400/800 MHz
<6>Reprogramming SDRC clock to 400000000 Hz
<7>pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
<7>pcpu-alloc: [0] 0
Built 1 zonelists in Zone order, mobility grouping on. *Total pages: 62464
<5>Kernel command line: console=ttyS2,115200 videoout=omap_vout omap_vout.video1_numbuffers=6 omap_vout.vid1_static_vrfb_alloc=y omapfb.vram="0:4M" version=Sbl(1.0.0) 2011-03-21 10:46:47 androidboot.mode=jig bootmode=0 androidboot.current_panel=0
<6>PID hash table entries: 1024 (order: 0, 4096 bytes)
<6>Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
<6>Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
<6>Memory: 246MB = 246MB total
<5>Memory: 238620k/238620k available, 23524k reserved, 0K highmem
<5>Virtual kernel memory layout:
* * vector *: 0xffff0000 - 0xffff1000 * ( * 4 kB)
* * fixmap *: 0xfff00000 - 0xfffe0000 * ( 896 kB)
* * DMA * * : 0xffc00000 - 0xffe00000 * ( * 2 MB)
* * vmalloc : 0xd0800000 - 0xf8000000 * ( 632 MB)
* * lowmem *: 0xc0000000 - 0xd0000000 * ( 256 MB)
* * pkmap * : 0xbfe00000 - 0xc0000000 * ( * 2 MB)
* * modules : 0xbf000000 - 0xbfe00000 * ( *14 MB)
* * * .init : 0xc0008000 - 0xc003d000 * ( 212 kB)
* * * .text : 0xc003d000 - 0xc0674d5c * (6368 kB)
* * * .data : 0xc0676000 - 0xc06cc500 * ( 346 kB)
* * * *.bss : 0xc06cc524 - 0xc083ed88 * (1483 kB)
<6>Preemptible hierarchical RCU implementation.
<6>NR_IRQS:410
<6>IRQ: Found an INTC at 0xfa200000 (revision 4.0) with 96 interrupts
<6>Total of 96 interrupts on 1 active controller
<6>OMAP clockevent source: GPTIMER1 at 32768 Hz
<6>sched_clock: 32 bits at 32kHz, resolution 30517ns, wraps every 131071999ms
<6>Console: colour dummy device 80x30
<6>Calibrating delay loop... <c>798.24 BogoMIPS (lpj=3117056)
<6>pid_max: default: 32768 minimum: 301
<6>Mount-cache hash table entries: 512
<6>Initializing cgroup subsys debug
<6>Initializing cgroup subsys cpuacct
<6>Initializing cgroup subsys freezer
<6>CPU: Testing write buffer coherency: ok
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_core
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_per
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for l4_wkup
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for usbhs_ohci
<4>omap_hwmod: _populate_mpu_rt_base found no _mpu_rt_va for usbhs_ehci
<4>omap_hwmod: gpt12_fck: missing clockdomain for gpt12_fck.
Click to expand...
Click to collapse
hillbeast said:
Further Information About 'Blind SBL'
As I can't see the SBL, it does limit things until I figure out why it won't display anything, however I won't let Samsung beat me like that, and I progressed by hex viewing the SBL partition on the OneNAND, and I found something interesting:
Code:
andr_load_normal..Load Android Normal-boot image from the flash device..andr_load_recovery..Load Android Recovery-boot image from the flash device..andr_load_kernel..Load Android Kernel and Ramdisk using the current boot-up reason
hillbeast said:
Oh wow I didn't expect it to be that easy. I just took another kernel (I used BCK seeing it works on GB), renamed normalboot.img to recovery.img, put it back in a tar and flashed it with Odin, then went into the blind Sbl, typed andr_load_recovery [enter] boot [enter] and away it went. Obviously I had no UART apart from decompression seeing BCK doesn't support UART, but going into Settings > About Phone > and seeing XDA_BAM in there when I hadn't touched the normal kernel was quite cool. So that's how you dual-boot on a GSL.
Click to expand...
Click to collapse
Trying to decipher it, this seems to be the output of the help command, and these three commands seem interesting, as they seem to allow booting the normal kernel (.img), or the recovery kernel. I'll try flashing something different in the recovery partition and see what it does. I'll try flashing something like the CM9 kernel. If I can get this figured out then perhaps if someone is daring enough to mod the SBL, we could get a working recovery partition. The functionality appears to be there, so I can't see why not.
Click to expand...
Click to collapse
hillbeast said:
Okay so I backported the new CMDLINE functions from kernel 3.x and it works sweet. Great to FINALLY see a proper UART output on this device. I need to make a few touch-ups, namely to giving UART console root access. And I need to charge the phone up... I haven't charged it all weekend and the battery is really flat.
Click to expand...
Click to collapse
hillbeast said:
YES! SUCCESS! By forcing the boot command line to 'console=ttyS2,115200' I managed to get to the UART console. This is much more useful than just like 20 lines of output then nothing. However, there is a problem with this: with this change, I don't have the normal commands coming through and they are important. They set stuff like the framebuffer RAM, what bootmode to be using, etc. Without that, the phone is kind of a rock.
I will see if I can backport the function from newer kernels that allows you to combine the provided commands from the bootloader with your own commands.
Click to expand...
Click to collapse
hillbeast said:
Right so after a bit of poking around, I've been trying to figure out what the exact device is that external UART uses. It's really frustrating not knowing this because it means I can't figure out why there is no output (or at least legible output after the UART drivers start), so I tried sending 'hi' to ttyS0, S1 and S2, and nothing came up, so I assumed that they must be locked or something. I then noticed after doing that, nothing was coming up on the UART at all. Before, I would get all sorts of garbage, but after that, I got nothing. I then tried one by one to see which device did this, and I found it was ttyS2: after sending 'hi' to ttyS2, it would stop showing stuff on the UART. This told me that external UART must be connected to ttyS2.
Now I then tan stty -F /dev/ttyS2 (to find the tty settings for this port), and got this output:
Code:
speed 9600 baud;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
flush = ^O; min = 1; time = 0;
-brkint -imaxbel
That first line, speed 9600 baud is a problem for me, as it should be 115200. I'm going to do more testing and see if it is outputting at 9600.
EDIT: Nope. Changing PuTTY to baud 9600 still shows garbage:
Code:
¨Ôþ°üýxÍùøXýñ±¥õÔþýMþ屡ÈÙÑ°ÑéÀÙi
ÐuÑÕ´üÔôÐÜ´ÀôÜ©Ñ ùªô(üÌù,Äü ÜÅuðÜå
øà°ù¡ùý ùåñ¤@è*EÐiáÅüÑôÐ&ôåå¤Ì ÝðØ*ñÿÄÿÁÀÐÀøüù
-Å©E*ÅùÔqÄÿYÕÀÁý±ÿ±ØôÀôÑôÑðÀôÑüÀøÑøÀøÑüÀøÀøÑøµÐø©ð¹ÌùÝôåþé°ÀñÜÑø½è*ÐÅ
ÿùøýõÈðýñÑØá*µÙñð´¦ÑÐØá°aÕáÑýÉØÐuÁÑ_´)Ôô
Üù¬üýÑØåýáÁØñ*¡Éññ¡_ÑÐÑÉÍÐ
ؾàyÐõ
Ø
ùµþ(,¨ý`
Click to expand...
Click to collapse
hillbeast said:
Another update, I did this in adb shell:
Code:
echo PDA > /sys/devices/platform/switch-sio/uart_sel
Then rebooted the phone with my UART cable attached and now I get this:
Code:
Uncompressing Linux... done, booting the kernel.
So it's giving me output up until the kernel boots which told me the console attribute in the cmdline isn't set. I looked and that confirmed it that it wasn't. I will get the sourcecode for a kernel and compile it with the console attribute.
So yes, this phone will do UART. I just have to do it a bit weirdly.
Click to expand...
Click to collapse
hillbeast said:
Update to this: got this output:
Code:
AST_POWERON
BOOTING COMPLETED
That's the modem speaking to me over UART. Gotta change the UART mode to PDA instead of MODEM. Will do that once I root the phone.
Click to expand...
Click to collapse
What needs to be done: (Updated 6/19/2012)
Everything
mach code (board-latona)
plat code
drivers
FAQ:
(Please read this before asking questions, if you ask an already answered question your post will be reported, and you won't get an answer.. because it's already here!)
*Is This using Linaro? (?)
-Yes(?)
*What's this Linaro thing all about? (?)
-It (could) make your android device twice as fast, no one is sure if it will really make a difference. (?)
*What's UART?
-This will basically allow hillbeast to debug the kernel while he is developing it.
*I heard about some changes to using ODIN..
With kernel 3.x you can still flash new kernels on ODIN.
With kernel 3.x you will not be able to use ODIN to flash a ROM which is designed for kernel 3.x (these will be highlighted when they are released) as these ROMs will be in a filesystem/block device structure that is compatible with ODIN (technical mumbo jumbo that I intentionally used to say that it's not going to work)
With kernel 3.x you can still flash an old 2.6.35 kernel back onto the phone.
With kernel 3.x you can still flash an old ROM that uses kernel 2.6.25 back onto the phone (Gingerbread/Froyo) to go back to stock versions, you just have to install the stock kernel as well at the same time
*When the 3.x kernel is released, can i use it with Samsung stock ROMs?
-No, this kernel will not include any samsung code, samsung ROMs expect samsung drivers.
Quote of the year from hillbeast : "NO SAMSUNG MORONIC CODE "
*When is da kenral gowin to beh released you no god man why no relse any tim me wunt kernal 3.x?!?!!!11!!1
-No ETA's!
*The LG optimus black has same board and configuration. will this help with the development of any ROM/kernel for the i9003?
-Looking at the board of the optimus, no its certainly not the same. Not even close. Where we have a OneNAND and an eMMC, the Black has a NAND, perhaps an eMMC. The layout of the board may not even be the same. Sure the components may be similar, but so are the specs of a Toyota Celica and a Lotus Exige.
*Can you add X and X feature in the new kernel ?
-Don't request new feature additions yet, devs are focusing on getting the kernel booting first.
*I think i can help!
-Go to the development thread here and apply to help!
Note, quote from hillbeast: Please don't put your hand up if you can't dedicate your phone to this. This will result in your phone being out of action quite a lot while we are testing, and if you need your phone 24/7 then you're going to need to keep flashing back. You will also NEED ODIN. Flashing from CWM is not an option.
Hello, I am actually not new around xda but never join any discussion and conversation. Got so many phone from Moto Milestone, HTC HD2, and latest was SGSII. Unfortunately got robbed by someone who broke my house and stole my SGSII, Galaxy Tab 10.1, and iPad2. So now just support my girlfriend phone to be more awesome and fast. hehe
So from what I understand is that UART is a debug tools that constantly tells us what happen when we are try to running any kernel? It will tells us whats wrong that the kernel cannot start?
It seems awesome. I cannot wait to see it in our mobile phones, it will be terrific. I believe you are doing great job with our phone an I think that Dhiru, and you now are the great developers of our mobile Phone; the unwanted brother of the SGS.
ajis90 said:
Hello, I am actually not new around xda but never join any discussion and conversation. Got so many phone from Moto Milestone, HTC HD2, and latest was SGSII. Unfortunately got robbed by someone who broke my house and stole my SGSII, Galaxy Tab 10.1, and iPad2. So now just support my girlfriend phone to be more awesome and fast. hehe
So from what I understand is that UART is a debug tools that constantly tells us what happen when we are try to running any kernel? It will tells us whats wrong that the kernel cannot start?
Click to expand...
Click to collapse
It will basically let him debug the kernel when he is developing it
juanfpo96 said:
It seems awesome. I cannot wait to see it in our mobile phones, it will be terrific. I believe you are doing great job with our phone an I think that Dhiru, and you now are the great developers of our mobile Phone; the unwanted brother of the SGS.
Click to expand...
Click to collapse
All thanks go to hillbeast and dhiru, i just made this discussion thread
Very nice work!
FAQ:
*Is This using Linaro?
-Yes.
Click to expand...
Click to collapse
Wow, I am pretty sure this kernel will make our phone fly!
can someone tell what is linaro ??
m hoping kernel 3.0 will finally make the gpu overclock work ! after that we wont have any lags at all n like hillbeast said no samsung moronic code i couldnt agree more with him
anuraagkochar said:
can someone tell what is linaro ??
Click to expand...
Click to collapse
Basically, it improves the state of Linux on the ARM platform, and also it optimizes up a stock Android twice as fast as stock Android.
http://arstechnica.com/gadgets/2012...e-boosted-30-100-percent-by-linaro-toolchain/
will kernel 3 ever improve our battery life in our dearest cm9?
marshygeek said:
will kernel 3 ever improve our battery life in our dearest cm9?
Click to expand...
Click to collapse
Not sure about that, but the current battery performance on the CM9 is awesome already, lasts 2 days with moderate use, if you get less there are different factors:
-You use your phone too much.
-You are overclocking.
-You have an app preventing the phone from deep sleeping.
-You didn't do full charge cycles yet so the battery is not calibrated..
Mine lasts bout 18 hours.. So also theres a factor on how old the device is.. My battery backup is 1/2 of original so if ppl are experiencing this they should change their batteries .. U can find oit by display usage tym.. My battery dies after the display usage goes above 2 hours while on a normal battrery phone its 4 hours
Sent from my GT-I9003 using xda premium
shriomman said:
Mine lasts bout 18 hours.. So also theres a factor on how old the device is.. My battery backup is 1/2 of original so if ppl are experiencing this they should change their batteries .. U can find oit by display usage tym.. My battery dies after the display usage goes above 2 hours while on a normal battrery phone its 4 hours
Sent from my GT-I9003 using xda premium
Click to expand...
Click to collapse
That's true, just like laptop batteries, they degrade with time.
Also, i noticed that you need to recalibrate the battery by doing at least 2/3 full cycles without using the phone (Charge it 100%, let it drain until it shutdowns by itself 'don't use it for the best results', and do that 2 times, should calibrate perfectly now)..
Skander1998 said:
That's true, just like laptop batteries, they degrade with time.
Also, i noticed that you need to recalibrate the battery by doing at least 2/3 full cycles without using the phone (Charge it 100%, let it drain until it shutdowns by itself 'don't use it for the best results', and do that 2 times, should calibrate perfectly now)..
Click to expand...
Click to collapse
Calibrating shouldnt b done to much ill say.. Just do it once a new rom is installes thats irt to much of charging and drainin to 100-0 is nt gud for l-ion batteries . Its actually bad.. I read.. So since then i charge my battery after its at 20%
Sent from my GT-I9003 using xda premium
i have trouble using Battery calibrator. After doing the cycle i cant get the charging up to 100% only 99%.
shriomman said:
Calibrating shouldnt b done to much ill say.. Just do it once a new rom is installes thats irt to much of charging and drainin to 100-0 is nt gud for l-ion batteries . Its actually bad.. I read.. So since then i charge my battery after its at 20%
Sent from my GT-I9003 using xda premium
Click to expand...
Click to collapse
But you'll do it two times only, so it shouldn't harm the battery.
marshygeek said:
i have trouble using Battery calibrator. After doing the cycle i cant get the charging up to 100% only 99%.
Click to expand...
Click to collapse
Don't use apps, do it yourself, after calibrating start recharging as usual from the 10%-20% and not 0%.
Let's keep this related to kernel 3.x
Really nice news!
Enviado desde mi GT-I9003 usando Tapatalk 2
cant wait to see the result, hope they can make it soon
Look at this good news. Hillbeast compiled a kernel based on BCK. Check it out... I think it has linaro compiled if i am not wrong...
crazbanditz said:
Look at this good news. Hillbeast compiled a kernel based on BCK. Check it out... I think it has linaro compiled if i am not wrong...
Click to expand...
Click to collapse
Yes it is using Linaro.
Also what are peoples AnTuTu scores on this phone? I just ran it with my compiled BCK and it got 2312 (CPU: 496, GPU: 1007, RAM: 214, IO: 595). Good or bad? I don't have anything I can compare it against (at least not fairly...)
Its pretty bad cos cant use odin anymore...? For kernel 3.x
EDIT: For general discussion about this topic, please post in the following location (and not here): http://forum.xda-developers.com/showthread.php?t=2057818
Now find a one-click root application at http://forum.xda-developers.com/showthread.php?t=2130276. More exploits coming.
Hi,
Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem.
This device is R/W by all users and give access to all physical memory ... what's wrong with Samsung ?
Its like /dev/mem but for all.
Three libraries seems to use /dev/exynos-mem:
/system/lib/hw/camera.smdk4x12.so
/system/lib/hw/gralloc.smdk4x12.so
/system/lib/libhdmi.so
Many devices are concerned :
Samsung Galaxy S2
Samsung Galxy Note 2
MEIZU MX
potentialy all devices who embed exynos processor (4210 and 4412) which use Samsung kernel sources.
The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways
to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps.
Exploitation with native C and JNI could be easily feasible.
Edited
Some details :
/dev/exynos-mem seems to be used for graphic usage like camera, graphic memory allocation, hdmi.
By activating pid display in kmsg, surfaceflinger do mmap on the device (via one of the three shared libraries above ?? I have not see reference in binary to these libraires)
The operations allowed on the device are (from linux/drivers/char/mem.c) :
Code:
static const struct file_operations exynos_mem_fops = {
.open = exynos_mem_open,
.release = exynos_mem_release,
.unlocked_ioctl = exynos_mem_ioctl,
.mmap = exynos_mem_mmap,
}
and the default permissions (from linux/drivers/char/mem.c) :
Code:
#ifdef CONFIG_EXYNOS_MEM
[14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
| S_IWOTH, &exynos_mem_fops},
#endif
ioctl request on /dev/exynos-mem permit to clean / flush L1 and L2 cache, set non cacheable page memory and set physical memory address for use with mmap.
Now the interesting part : mmap operation.
The only limit is to restrict access to lowmem (from linux/drivers/char/exynos-mem.c) :
Code:
/* TODO: currently lowmem is only avaiable */
if ((phys_to_virt(start) < (void *)PAGE_OFFSET) ||
(phys_to_virt(start) >= high_memory)) {
pr_err("[%s] invalid paddr(0x%08x)\n", __func__, start);
return -EINVAL;
}
The comment in above code could be frightening.
And an eye in Documentation/arm/memory.txt say :
Code:
Start End Use
--------------------------------------------------------------------------
PAGE_OFFSET high_memory-1 Kernel direct-mapped RAM region.
This maps the platforms RAM, and typically
maps all platform RAM in a 1:1 relationship.
In other words, this device only permit to own the physical memory including kernel code.
The question is why permissions are set to read/write for all in kernel AND in ueventd.smdk4x12.rc:
samsung developper in charge of this would lose his job
some samsung apps with basic rights need to access it (I doubt it)
a huge mistake
A simple patch could be to set permissions to 0660 or 0600 in ueventd.smdk4x12.rc, but I don't know how it would affect samsung applications/services.
In attachment, binary and source to obtain for root shell.
Removing either read or write permissions will kill the camera. I didn't see any other deterioration in anything else.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My guess the best fix would be to limit the access to the DMA memory spaces which this thing actually needs, the definition of the different CMA areas are in /arch/arm/mach-exynos/mach-midas.c for the S3 and N2.
Front camera for example:
Code:
#ifndef CONFIG_USE_FIMC_CMA
{
.name = "fimc1",
.size = CONFIG_VIDEO_SAMSUNG_MEMSIZE_FIMC1 * SZ_1K,
#if defined(CONFIG_MACH_GC1)
.start = 0x5ec00000,
#else
.start = 0x65c00000,
#endif
},
#endif
Generally all memory areas allocated through s5p_cma_region_reserve in /arch/arm/plat-s5p/reserve_mem.c would be treated as exceptions and everything else needs to be blocked.
Update: Low-level kernel fix for developers posted here.
A kernel based fix as I posted above is the only method to fix the security hole while also not breaking the camera. In all other cases if you are not able or willing to flash a kernel, use Chainfire's application.
Very interesting. Thanks for bringing that up. (Have also flagged some Samsung engineers to read this)
Also, I'm building an APK for this to make it easy.
EDIT: APK posted here: http://forum.xda-developers.com/showthread.php?t=2050297, download, install, run, and your device is rooted with SuperSU.
EDIT#2: This app now also lets you disable the exploit
@alephzain thanks for sharing the source code of the exploit: short, elegant, efficient, to me that's art
Your short documentation and clean writing style even made easier to learn from it.
Hey curio,
No need, here is a very quickly put together app in 5 mins that lets you toggle on/off world writability to /dev/exynos-mem
So you can toggle the fix off if you want to use the camera, then toggle it back on afterwards.
Github source: https://github.com/Ryan-ZA/exynosfix
APK Download: https://github.com/Ryan-ZA/exynosfix/raw/master/exynosfix.apk
Ryan
MOD EDIT: Removed attached download, as it is out of date compared to the linked download
jcase said:
Please explain how this is a remote exploit? This looks entirely local to me. Vulns happen, every vendor gets hit with them. Google does, Apple does Motorola does, HTC does, LG does, Samsung does, ASUS does, Nvidia, Qualcomm etc etc, it is all part of the game. Hell go look at the recent qualcomm disclosures, almost every qualcomm since 2009, wide open! Sh*t happens. Any device with root on it, be it exploit or whatever is open to permanent damage from malicious, want to nuke an htc with root? dd if=/dev/zero of=/dev/block/mmcblk0p4. Pantech/LG/Mostqualcoms hit all the bootloaders. Hell system user is enough on LG phones, and most other brands to brick them.
I'm not sure about rewards, but I have reported vulns and bugs to every major vendor, and the only three who ever respond to me are Google, Samsung and Motorola. All three respond promptly and polite, and occasionally follow up if requested. Vendor not getting back to you? [email protected] is quite good at getting them to respond, just tell them the vendor is not responding. More than once they have gotten a dialog with a vendor opened with me.
Understanding update timelines is another issue, vendor updates generally have to go through development, QA at the vendor (sent back if major issues found), then in the case of Sprint and other carriers, sent to carrier QA (returned to OEM if major issues found) . Major changes to the radio? Yep off to the FCC as well! Updates can take considerable time. Not excusing the "superbrick" bug, just pointing out a few weeks (or in the case of sprint or Vernon a few months) can be expected. Want faster updates? Buy an international device, and get a GSM carrier.
Click to expand...
Click to collapse
OK, we're getting into technicalities here, but I consider anything that can be exploited by a Market app without explicit user intervention beyond installing an app (reboot cycles, ADB, etc.) to be "remote". Adam covered how easy it is to bypass Bouncer at BABBQ, so relying on that is a bad idea.
Prior to this, all exploits (restoreRoot, mempodroid, etc) for ICS on Exynos4 devices required ADB to be involved. This doesn't.
And no, you can't cause permanent damage to an HTC with root. The example you provided isn't permanent damage, it can be repaired via JTAG at a service center. Superbrick is *permanent unrecoverable damage that requires a motherboard replacement - JTAG cannot bring a device that has been damaged back to operation*. That's a difference between 0 material costs and maybe 30 minutes of labor to repair at a service center and $200-300+ in material costs and significantly more labor.
And your "updates take considerable time" is bull****. Sprint FI27 was built on September 27 (check the kernel build date), 3 weeks after Samsung had the final version of their protection patch, and was deployed on Kies a matter of *days* later. They had an update scheduled, a patch ready to go for three weeks before the update was built, and they shipped without the patch. There's no excuse for that. At that time, it was an "open source problem" because it only affected custom firmwares, and any root exploits known required ADB. Their approach was dependent on an assumption that *an exploit like this would never happen* - which is a horrible assumption.
This exploit changes things - there is no a root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.
As to the negative effects of 600 permissions on operation (such as killing camera) - as an interim, setting things to 660 instead of 666 makes things somewhat better protected but not as protected as they should be. I will run some tests later today to confirm that at least any old APK can't get privilege elevation if things are set so only the graphics group can diddle with the memory regions.
RyanZA said:
Hey curio,
No need, here is a very quickly put together app in 5 mins that lets you toggle on/off world writability to /dev/exynos-mem
So you can toggle the fix off if you want to use the camera, then toggle it back on afterwards. Will update this post shortly with github source.
Ryan
Click to expand...
Click to collapse
Yes what I also started writing allows to restore permissions on /dev/exynos-mem in case you need to use camera, I agree its useful!
fards said:
Camera is insisting on 666 on some builds.
Curious how some devices using same base code are using camera with diff permissions.
Neither my N7000 or N 8010 will play nicely with 600 or 660..
Click to expand...
Click to collapse
The assumption of similar base code isn't a good one... You'd be shocked how many deltas there are between I9100/I777/N7000 stock firmware codebases that shouldn't be there given how similar the devices are.
In the region of the system we're dealing with here (graphics memory allocation), there are significant differences in operation between Exynos 4210 and 4412. There are also significant deltas between the implementations in all of Samsung Mobile's devices and the official public reference source, and frequently deltas between Samsung's implementations for various handsets/tablets that shouldn't be there as you've discovered.
For example, the official reference source does allocations from FIMC1 memory regions in gralloc to support various graphics items. Nearly all of Mobile's implementations allocate ION memory instead of FIMC1 memory even when FIMC1 memory is requested (and yes, this change affects camera operation more than anything else.)
Thanks for the headsup on N80xx, I'll def. have to do a rebuild on N8013. It's pretty frequent for us to have brokenness that doesn't exist on I9300 and vice versa.
Hmm, odd... even when chmodded 660 system.graphics, the exploit appears to succeed on CM10.1 from within an ADB shell...
I need to look more closely at this.
Seems like the shell user is a member of the graphics group...
I think AndreiLux's approach he's working on may be the best.
Has anyone tested to see what the effect of 0600 is on hwaccel video playback? (Seems to be none on CM10.1).
Looks like it's anything that wants FIMC memory that needs exynos-mem, I'll double check ION, that should have failed...
Edit: Yeah, gralloc only accesses exynos-mem when attempting to access FIMC1 memory. I think camera is the main other place where FIMC is used. Actually, in any shipped handset, gralloc should never actually access exynos-mem - gralloc will give ION memory when you ask it for FIMC1 memory, and ION memory allocation doesn't use exynos-mem (hmm, unless libsecion does... I need to check that...)
Entropy512 said:
Hmm, odd... even when chmodded 660 system.graphics, the exploit appears to succeed on CM10.1 from within an ADB shell...
I need to look more closely at this.
Seems like the shell user is a member of the graphics group...
I think AndreiLux's approach he's working on may be the best.
Click to expand...
Click to collapse
Because your shell is in graphics group.
supercurio said:
Because your shell is in graphics group.
Click to expand...
Click to collapse
I was beginning to suspect that, thanks for confirming.
dennis.l said:
if this is a Samsung kernel issue would any of the custom kernel have the same flaws? otherwise would I be able to workaround the problem by installing a CM10 ROM instead of stock?
Click to expand...
Click to collapse
Right now older custom kernels will. CM's codebase was just patched earlier today to restrict that node to system.graphics 0660
It was done in the 10.1 branch, so it won't immediately affect all devices. We're working on transitioning all exynos4 devices over to 10.1 this week - it's about halfway done.
@alephzain, when running the exploit in an adb shell, sometimes the privilege escalation fails with:
Code:
[*] s_show->seq_printf format string found at: 0xC07A70A8
[*] sys_setresuid found at 0xC00945A0
[*] patching sys_setresuid at 0xC00945E4
[!] set user root failed: Operation not permitted
And it typically succeed after 1 or 2 more attempts.
Does it ring a bell?
ExynosAbuse APK updated to v1.10
I've just updated the ExynosAbuse APK to v1.10 !
This version allows you to disable the exploit (which may break camera), re-enable the exploit (if you need the camera) and to disable the exploit at boot (before any Android app runs). These options do require root (SuperSU or Superuser) to be installed as well. This is for people who actually *want* root. If you don't want root, you should use Supercurio's solution as it doesn't depend on being rooted it for dis/reenabling the exploit.
http://forum.xda-developers.com/showthread.php?t=2050297
Voodoo Instant fix for Exynos Mem Abuse vulnerability released.
I'm glad I have a blog, because things tend to disappear here ^^
Edit: Please use the following thread to discuss this specific solution: http://forum.xda-developers.com/showthread.php?t=2051290
RyanZA said:
Hey curio,
No need, here is a very quickly put together app in 5 mins that lets you toggle on/off world writability to /dev/exynos-mem
So you can toggle the fix off if you want to use the camera, then toggle it back on afterwards.
Github source: https://github.com/Ryan-ZA/exynosfix
APK Download: https://github.com/Ryan-ZA/exynosfix/raw/master/exynosfix.apk
Ryan
Click to expand...
Click to collapse
As per requests, I added in 'fix vulnerability on boot' functionality for those who like an open source fix.
Nice work on that app, curio.
Sooooo....
Here's a low-level fix for the kernel.
Source @ https://github.com/AndreiLux/Perseus-S3/commit/fb36195dab87e002721c7d1a8294a400c6b40a71
Edit: Follow-up commit for Note 2 (Possibly N8000 too) users @ https://github.com/AndreiLux/Perseus-S3/commit/81c95f6046880be48ef377ebae4e42c791f0813e
I did what I said in the first post. The mmap function checks the given memory addresses against all of the current CMA memory spaces on the device and denies access if the space it out of bound of any of the defined blocks. Furthermore on my S3 I, for now, couldn't find anything breaking beyond the main camera. So I added an additional condition that checks that the accessed memory block is "s3c-fimc" (The camera DMA block) and ignores the other blocks. The whole thing is totally neutered if CONFIG_CMA_DMA isn't used in the device configuration (Note 2 / Exynos 4412 devices with 2GB RAM). Edit: Fix works now the same for all devices.
Defined memory spaces:
Code:
[ 0.000000] c0 cma: CMA: reserved 16 MiB at 65800000
[ 0.000000] c0 [cma_region_descriptor_add] adding [s3c-fimc] (0x65800000)-(0x00f00000)
[ 0.000000] c0 cma: CMA: reserved 40 MiB at 5c800000
[ 0.000000] c0 [cma_region_descriptor_add] adding [s3c-mfc] (0x5c800000)-(0x02800000)
....
....
[ 0.000000] c0 S5P/CMA: Reserved 0x70000000/0x00a00000 for 'fimc_is'
[ 0.000000] c0 [cma_region_descriptor_add] adding [fimc_is] (0x70000000)-(0x00a00000)
[ 0.000000] c0 S5P/CMA: Reserved 0x71700000/0x00800000 for 'fimd'
[ 0.000000] c0 [cma_region_descriptor_add] adding [fimd] (0x71700000)-(0x00800000)
[ 0.000000] c0 S5P/CMA: Reserved 0x6c300000/0x03d00000 for 'fimc0'
[ 0.000000] c0 [cma_region_descriptor_add] adding [fimc0] (0x6c300000)-(0x03d00000)
[ 0.000000] c0 S5P/CMA: Reserved 0x71600000/0x00100000 for 'srp'
[ 0.000000] c0 [cma_region_descriptor_add] adding [srp] (0x71600000)-(0x00100000)
[ 0.000000] c0 [cma_region_descriptor_add] adding [mfc-normal] (0x64000000)-(0x00400000)
[ 0.000000] c0 S5P/CMA: Reserved 0x64000000/0x00400000 for 'mfc-normal'
[ 0.000000] c0 [cma_region_descriptor_add] adding [mfc-normal] (0x64000000)-(0x00400000)
[ 0.000000] c0 S5P/CMA: Reserving 0x6800000 for secure region aligned by 0x4000000.
[ 0.000000] c0 S5P/CMA: Reserved 0x5c000000/0x06800000 for 'secure_region'
[ 0.000000] c0 S5P/CMA: Reserved 0x5c000000/0x00800000 for 'sectbl'
[ 0.000000] c0 [cma_region_descriptor_add] adding [sectbl] (0x5c000000)-(0x00800000)
[ 0.000000] c0 S5P/CMA: Reserved 0x5c100000/0x03100000 for 'mfc-secure'
[ 0.000000] c0 [cma_region_descriptor_add] adding [mfc-secure] (0x5c100000)-(0x03100000)
[ 0.000000] c0 S5P/CMA: Reserved 0x5f200000/0x02f00000 for 'ion'
[ 0.000000] c0 [cma_region_descriptor_add] adding [ion] (0x5f200000)-(0x02f00000)
Running the exploit:
Code:
[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ ./exynos-abuse
[!] Error mmap: Invalid argument|00000004
Behind the scenes during that:
Code:
[ 119.290791] c1 [exynos_mem_open:50] private_data(0xd0340b80)
[ 119.290889] c1 [exynos_mem_mmap] requesting access to (0x40000000)-(0x41000000)
[ 119.290960] c1 [exynos_mem_mmap] Checking space paddr(0x65800000)-(0x66700000) from 's3c-fimc'
[ 119.291046] c1 [exynos_mem_mmap] Checking space paddr(0x5c800000)-(0x5f000000) from 's3c-mfc'
[ 119.291299] c1 [exynos_mem_mmap] Checking space paddr(0x70000000)-(0x70a00000) from 'fimc_is'
[ 119.291386] c1 [exynos_mem_mmap] Checking space paddr(0x71700000)-(0x71f00000) from 'fimd'
[ 119.291465] c1 [exynos_mem_mmap] Checking space paddr(0x6c300000)-(0x70000000) from 'fimc0'
[ 119.291545] c1 [exynos_mem_mmap] Checking space paddr(0x71600000)-(0x71700000) from 'srp'
[ 119.291631] c1 [exynos_mem_mmap] Checking space paddr(0x64000000)-(0x64400000) from 'mfc-normal'
[ 119.291711] c1 [exynos_mem_mmap] Checking space paddr(0x64000000)-(0x64400000) from 'mfc-normal'
[ 119.291801] c1 [exynos_mem_mmap] Checking space paddr(0x5c000000)-(0x5c800000) from 'sectbl'
[ 119.291888] c1 [exynos_mem_mmap] Checking space paddr(0x5c100000)-(0x5f200000) from 'mfc-secure'
[ 119.291967] c1 [exynos_mem_mmap] Checking space paddr(0x5f200000)-(0x62100000) from 'ion'
[ 119.292034] c1 [exynos_mem_mmap] invalid paddr(0x40000000)-(0x41000000), accessing outside of DMA spaces
[ 119.292798] c1 [exynos_mem_release:58] private_data(0xd0340b80)
I didn't care about the permissions set to the sysfs interface as they don't matter anymore.
I'll be deploying the fix tomorrow throughout my kernels.
The only things that needs to be checked by then is if something else breaks, as HDMI or so. I can't test any of that since I don't have a dongle. In that case anyway the kernel log will tell you what other memory space is accessed and I can open that one up too if needed.
Note: Galaxy S2 / 4210 developers may have to add cma_region_descriptor_add calls to from wherever the memory blocks are defined (Machine file definition or arch/arm/plat-s5p/reserve_mem.c). My commit will work as is on S3 and N2 sources.
I'm off to bed.
Chainfire said:
and to disable the exploit at boot (before any Android app runs).
Click to expand...
Click to collapse
supercurio said:
Cannot protect efficiently against some potential attacks (typically, on boot).
Click to expand...
Click to collapse
First, thank you both for the hard work and quick release.
The main question here is, how efficient is the current implementation in both applications, regarding the protection at start up?
As long as I understand Chainfire somehow ensures that the fix will be applied before running any other (normal) application. Is it possible to install a new application, which to put itself on top of execution chain and exploit the hole, before your application is able to do a 0600 chmod?
If I understand correctly the supercurio's app doesn't promise anything on that matter?! If that is the case, then I guess the recommended app (for rooted phones) will be the Chainfire's solution, right?
julandroid said:
First, thank you both for the hard work and quick release.
The main question here is, how efficient is the current implementation in both applications, regarding the protection at start up?
As long as I understand Chainfire somehow ensures that the fix will be applied before running any other (normal) application. Is it possible to install a new application, which to put itself on top of execution chain and exploit the hole, before your application is able to do a 0600 chmod?
If I understand correctly the supercurio's app doesn't promise anything on that matter?! If that is the case, then I guess the recommended app (for rooted phones) will be the Chainfire's solution, right?
Click to expand...
Click to collapse
Correct.
At the moment, Supercurio's method relies on Android starting it at boot, using the same method any Android app uses to launch at boot. There is no guaranteed order of these apps being launched, and as such, a malicious app could be executing malicious code before the exploit is disabled.
RyanZA's method relies on the same mechanism as well and as such is still vulnerable. Furthermore, unlike Supercurio's and my own patch, RyanZA's patch chmod's to 0600 while ours chmod to 0400 or 0000. With 0600, system user can still run the exploit, so chaining a half-exploit that only gives system user followed by ExynosAbuse may still grant an attacker root access.
My method requires proper root and modifies /system, and disabling the exploit is done before any normal Android app (like those installed from the Play store) have a chance to execute their code. As long as you tell my app to disable the exploit at boot before you install a malicious app, and providing you do not grant a malicious app root (through SuperSU), this should protect against any exploit. Also note that after enabling applying the patch at boot, you can unroot in SuperSU again (SuperSU --> Settings --> Full Unroot) and the patch will keep working, but you'll be unrooted again (if you don't want root). On some devices it takes a reboot for SuperSU to truly disappear after that, by the way.
With my patch, I do advise testing the exploit was disabled after a reboot by running ExynosAbuse again, and verifying both checkboxes next to "Disable exploit" and "Disable exploit on boot" are enabled. These auto-detect the current state, and if the patch on boot was succesful both will be checked.
Chainfire said:
Correct.
At the moment, Supercurio's method relies on Android starting it at boot, using the same method any Android app uses to launch at boot. There is no guaranteed order of these apps being launched, and as such, a malicious app could be executing malicious code before the exploit is disabled.
RyanZA's method relies on the same mechanism as well and as such is still vulnerable. Furthermore, unlike Supercurio's and my own patch, RyanZA's patch chmod's to 0600 while ours chmod to 0400. With 0600, system user can still run the exploit, so chaining a half-exploit that only gives system user followed by ExynosAbuse may still grant an attacker root access.
My method requires proper root and modifies /system, and disabling the exploit is done before any normal Android app (like those installed from the Play store) have a chance to execute their code. As long as you tell my app to disable the exploit at boot before you install a malicious app, and providing you do not grant a malicious app root (through SuperSU), this should protect against any exploit. Also note that after enabling applying the patch at boot, you can unroot in SuperSU again (SuperSU --> Settings --> Full Unroot) and the patch will keep working, but you'll be unrooted again (if you don't want root). On some devices it takes a reboot for SuperSU to truly disappear after that, by the way.
With my patch, I do advise testing the exploit was disabled after a reboot by running ExynosAbuse again, and verifying both checkboxes next to "Disable exploit" and "Disable exploit on boot" are enabled. These auto-detect the current state, and if the patch on boot was succesful both will be checked.
Click to expand...
Click to collapse
As a preliminary quick-fix the chmod could also be handled in ramfs to ensure it's applied as soon as possible in the boot process.
By the way chmodding to 600 didn't brake any of both cameras on a Samsung 4.1.2 based ROM using the old libs with an update 6 kernel on my dev. S3. Will check if it's also behaving like this on 4.1.1 later today.
JP.
Sent from my custom Paranoid Android 2.54 / Yank555.lu CM10 kernel v1.3b Aroma (Linux 3.0.56) powered Galaxy S3 i9300 using Tapatalk 2
Yank555 said:
As a preliminary quick-fix the chmod could also be handled in ramfs to ensure it's applied as soon as possible in the boot process.
By the way chmodding to 600 didn't brake any of both cameras on a Samsung 4.1.2 based ROM using the old libs with an update 6 kernel on my dev. S3. Will check if it's also behaving like this on 4.1.1 later today.
Click to expand...
Click to collapse
Correct. Modifying it in initramfs would be even quicker, but a generic app can't do that. Also chmod to 0400, not 0600.
Code:
[I]DISCLAIMER[/I]
All information and files — both in source and compiled form — are provided on an as is basis. No guarantees or warranties are given or implied. The user assumes all risks of any damages that may occur, including but not limited to loss of data, damages to hardware, or loss of business profits. Please use at your own risk. Note that unless explicitly allowed by the warranty covering your device, it should be assumed that any warranty accompanying your device will be voided if you tamper with either the system software or the hardware.
Introduction
This is my unofficial build of LineageOS 14.1 for the ZTE Blade S6 aka P839f30.
This is a beta release, so just some basic functions will be given.
I have tested this version with my AS variant device. Other variants have to be tested.
Click to expand...
Click to collapse
Features
working:
ril: calls, sms, data.
wifi: good.
sensors
gps
sound: clear and loud.
camera: rear and front.
torch
headphone detection
flash is working in new test builds.
not working:
We have to test to find more.
Click to expand...
Click to collapse
Installation instructions
It is best to have installed the latest stock rom beforehand, so modem and all other vendor stuff is up to date.
If you like you can use this mod to have a unified data partition, please proceed with caution.
You will need TWRP or any other custom recovery.
Reboot into recovery and do a nand backup.
Do a factory format.
Download Rom and put it on your phone or use adb sideload.
Install the rom and then clear cache and dalvik cache.
optional: install su and/or gapps.
optional: install your favourite kernel tool and set the cpu governor to interactive for example - do not use performance it will drain your battery, while you are using your device - not for the new test builds.
Click to expand...
Click to collapse
Changelog:
11.10.2018 - test build:
update los sources, security patch level 05.09.
04.03.2018:
make flashlight work.
integrate headphone detection.
update los sources, security patch level 05.02.
14.06.2018 - test build:
flashlight works also in stock camera.
governor are set by the system, no need to set them.
cores are managed by the system, shuting down and launching them one by one. This should save energy.
back and menu button can be toggled in the settings -> additional buttons.
Using stock venus files, video recording is working also hd playback should be fine.
Update sensor hub firmware to version 2.8.
update los sources, security patch level 05.06.
13.02.2018:
rebasing lots of things like kernel and device tree and using different vendor blobs.
Thus wifi signal is great and the microphone is better.
update los sources, security patch level 05.01.
22.11.2017:
reboot to recovery, download mode and power off should work fine now.
update los sources, security patch level 06.11.
19.10.2017:
device reboot fixed, no reboot if the device attempts to suspend.
wifi signal strength is better now.
5GHz wifi support is activated - to be tested.
remove nfc things.
Click to expand...
Click to collapse
Downloads
test build - 11.10.2018:
Google Drive
beta version - 04.03.2018:
Google Drive
If you want root use the lineage addon package found here - download arm version.
Install it after flashing the rom or download your favourite root package and install it.
Sources
device
vendor
kernel
Click to expand...
Click to collapse
FAQ
Here you will find some answers to common question which could arise.
Q: How to give root access to an app or adb?
A: First install the su extra package from Lineage OS or any other su tool you like. Then go into settings and about device, click there multiple times on the build number until you unlocked the developer options. Go to developer options and look for root access.
Q: I thing I found an issue, what to do now?
A: Do a logcat or grab a dmesg while having the issue, otherwise we can't say what is happening. Report as much info as possible. Quote your stock rom your device shipped with or which device variant you possess.
Click to expand...
Click to collapse
XDA:DevDB Information
Unofficial LineageOS 14.1 [NJH47F] P839F30, ROM for all devices (see above for details)
Contributors
lightwars
ROM OS Version: 7.x Nougat
ROM Kernel: Linux 3.10.x
Based On: LineageOS 14.1
Version Information
Status: Beta
Current Beta Version: NJH47F
Beta Release Date: 2018-10-11
Created 2017-09-21
Last Updated 2018-10-11
Awesome, lightwars. Thank you for this Rom and the work you put into it.
I installed it on my EU Blade S6 and can confirm your points on working / non-working.
A couple additional points I discovered so far:
- phone reboots regulary after a couple of minutes (I did a couple of tests cycles with phone going to standby after 1 m inute and switching the phone "off"):
- reboots after 1.5, 2 and 3 minutes with phone going to standby after 1 minute
- reboots after 8.5 and 9 minutes if phone is switched off (standby)
- not able to turn phone off, shutdown and reboot both trigger reboot (with shutdown phone seems to stay "off" a little bit longer than with reboot)
- Wifi has weak signal, but works.
- Wifi only available for 2.4 Ghz, I haven't used the phone for a while, but believe it Supports 5 Ghz as well. Maybe that is connected to the weak 2.4 Ghz signal as well.
- could not get any GPS lock, even location using WLAN and mobile broadcast did not work.
- Screen Mirroring not working, I believe connected to the Wifi issues as well.
- NFC is shown in Settings, but not possible to activate (does the S6 even has NFC?)
Apart from that everything it working great. The phone feels way faster than in stock Rom, videos play smoothly in 720p, 3d performance seemed ok (only tried Google earth, that was way better than in stock rom).
Only issue preventing me from using the phone are the reboots.
Again thank you very much for your great work. Please let me know, if I can help with anything.
xris99 said:
I installed it on my EU Blade S6 and can confirm your points on working / non-working.
A couple additional points I discovered so far:
- phone reboots regulary after a couple of minutes (I did a couple of tests cycles with phone going to standby after 1 m inute and switching the phone "off"):
- reboots after 1.5, 2 and 3 minutes with phone going to standby after 1 minute
- reboots after 8.5 and 9 minutes if phone is switched off (standby)
- not able to turn phone off, shutdown and reboot both trigger reboot (with shutdown phone seems to stay "off" a little bit longer than with reboot)
- Wifi has weak signal, but works.
- Wifi only available for 2.4 Ghz, I haven't used the phone for a while, but believe it Supports 5 Ghz as well. Maybe that is connected to the weak 2.4 Ghz signal as well.
- could not get any GPS lock, even location using WLAN and mobile broadcast did not work.
- Screen Mirroring not working, I believe connected to the Wifi issues as well.
- NFC is shown in Settings, but not possible to activate (does the S6 even has NFC?)
Click to expand...
Click to collapse
It's good to hear, that this rom also work for the EU variant. Before,we have used different kernels...
Sadly I had discovered the reboots also. Thanks for doing some more testing.:good:
Will get some logs to see,if we could do something easily about it. Thought that it coul be related to just some kernel config mismatches, but it don't have to...
NFC is just left over from the starting point... It will be removed, but a little bit curious, that some variants have NFC support activated in the kernel config...
Out of curiousity, have you checked the GPS.conf? I've always had trouble with GPS on this phone but have got it mostly working after lots of fiddling, so I could post if that would be helpful.
xris99 said:
Awesome, lightwars. Thank you for this Rom and the work you put into it.
I installed it on my EU Blade S6 and can confirm your points on working / non-working.
A couple additional points I discovered so far:
- phone reboots regulary after a couple of minutes (I did a couple of tests cycles with phone going to standby after 1 m inute and switching the phone "off"):
- reboots after 1.5, 2 and 3 minutes with phone going to standby after 1 minute
- reboots after 8.5 and 9 minutes if phone is switched off (standby)
- not able to turn phone off, shutdown and reboot both trigger reboot (with shutdown phone seems to stay "off" a little bit longer than with reboot)
- Wifi has weak signal, but works.
- Wifi only available for 2.4 Ghz, I haven't used the phone for a while, but believe it Supports 5 Ghz as well. Maybe that is connected to the weak 2.4 Ghz signal as well.
- could not get any GPS lock, even location using WLAN and mobile broadcast did not work.
- Screen Mirroring not working, I believe connected to the Wifi issues as well.
- NFC is shown in Settings, but not possible to activate (does the S6 even has NFC?)
Apart from that everything it working great. The phone feels way faster than in stock Rom, videos play smoothly in 720p, 3d performance seemed ok (only tried Google earth, that was way better than in stock rom).
Only issue preventing me from using the phone are the reboots.
Again thank you very much for your great work. Please let me know, if I can help with anything.
Click to expand...
Click to collapse
Willing you on for success with this.
I have an EU model which I'd like to install this on once it's functional enough (my regular daily phone).
I also have an old AS model that I may be able to revive for testing purposes (backlight failing intermittently after I dropped it, possibly a loose connection).
Thank you for trying lightwars. You are the only one who work for zte blade s6. I hope you build a stable version soon.
; Wow, many thanks @lightwars !!!
Hopefully soon you'll be have a stable on, that's my hope from ID version...
Regards,
Killermonk
Ok guys i want to install this rom but i cant. I cant find a tutorial here how to root the device. I try to install the recovery [RECOVERY][p839f30 / ZTE Blade S6] UNOFFICIAL TWRP [3.1.0-0] first but i failed too. There is a full guide how to do this? And if I install this there is a way back to the stock rom. Thanks.
@lagos911, rooting is easy. Just use Mobilego like in this video https://www.youtube.com/watch?v=dPDbAdm7B1c
Installing recovery isn't hard either. http://konstakang.com/devices/blades6/TWRP/
It is possible that the adress of the sdcard is different. (For example: sdcard0 in stead of sdcard), use the correct adress.
i install the rom at my phone (eu version) I get black screen after the install for 3 minites and then the device is shuting down.
What I do wrong? I wipe the device and I install the rom from my external sdcard.
lagos911 said:
i install the rom at my phone (eu version) I get black screen after the install for 3 minites and then the device is shuting down.
What I do wrong? I wipe the device and I install the rom from my external sdcard.
Click to expand...
Click to collapse
After installing the rom and you push reboot system, if the black screen (download mode probably) appears, hold the power button until the phone vibrates and reboots.
Now the ZTE splash screen should come up and the phone should boot hopefully.
lightwars said:
After installing the rom and you push reboot system, if the black screen (download mode probably) appears, hold the power button until the phone vibrates and reboots.
Now the ZTE splash screen should come up and the phone should boot hopefully.
Click to expand...
Click to collapse
Yes I do that some times from the second time and after because i didnt want to wait. But black screen continues to appear.
I rewipe (all king of wipes) and reinstall the rom 5 times but nothing happend.
I install the old rom because i was needed the phone. Phone start to loop reboot when I found out the bootfix and now its OK.
Maybe I try lineageOS 14.1 again at the weekend.
So I try to install the rom yesterday. I keep get the black screen after the I reboot the phone. This time I install the fix boot EU from the cyanogen rom. I reboot the phone and I saw the animation boot logo. I think I did it but the animation never go away. I let the phone for 30 minites but i never saw the menu of the new android.
lagos911 said:
So I try to install the rom yesterday. I keep get the black screen after the I reboot the phone. This time I install the fix boot EU from the cyanogen rom. I reboot the phone and I saw the animation boot logo. I think I did it but the animation never go away. I let the phone for 30 minites but i never saw the menu of the new android.
Click to expand...
Click to collapse
Ok, so we've got some problems with EU devices... maybe there are more variants, I'm think of EU, DE, UK, ES, PT and who knows... Could be small differences have an impact here...
To say it clearly to install the boot EU fix from the CM-12.1 thread has installed an other boot image for your phone which have kernel which will not work with nougat.
But anyway I believe I know why the device reboots itself, cause it can't suspend itself in the right manner. Let me show you a kernel log, how it should be:
Code:
<6>[ 189.766084] PM: suspend entry 2017-10-13 04:49:15.725432575 UTC
<6>[ 189.767479] mmc1: Starting deferred resume
<6>[ 189.767983] mmc0: Starting deferred resume
<6>[ 189.861591] mmc0: Deferred resume completed
<6>[ 189.907006] mmc1: Deferred resume completed
<6>[ 189.766118] PM: Syncing filesystems ... done.
<3>[ 189.999154] Error: returning -512 value
<6>[ 189.998043] Freezing user space processes ... (elapsed 0.008 seconds) done.
<6>[ 190.006568] Freezing remaining freezable tasks ... (elapsed 0.005 seconds) done.
<6>[ 190.011790] Suspending console(s) (use no_console_suspend to debug)
<6>[ 190.018262] [AK4375] ak4375_suspend(1402)
<6>[ 190.025845] [TP:CORE]Enter fb_notifier_callback.
<6>[ 190.025845]
<6>[ 190.025892] [TP:CORE]Enter fb_notifier_callback.
<6>[ 190.025892]
<7>[ 190.034218] --CWMCU--CWMCU_suspend
<6>[ 190.046580] PM: suspend of devices complete after 33.038 msecs
<6>[ 190.048343] PM: late suspend of devices complete after 1.737 msecs
<6>[ 190.053764] PM: noirq suspend of devices complete after 5.409 msecs
<6>[ 190.053774] Disabling non-boot CPUs ...
<6>[ 190.081114] CPU0:msm_cpu_pm_enter_sleep mode:3 during suspend
...
<6>[ 400.663545] Enabling non-boot CPUs ...
<6>[ 400.664692] CPU1 is up
<6>[ 400.665735] CPU2 is up
<6>[ 400.666779] CPU3 is up
<6>[ 400.668230] CPU4 is up
<6>[ 400.669120] CPU5 is up
<6>[ 400.670027] CPU6 is up
<6>[ 400.670974] CPU7 is up
<6>[ 400.671561] PM: noirq resume of devices complete after 0.570 msecs
<6>[ 400.672983] PM: early resume of devices complete after 0.796 msecs
<7>[ 400.679137] --CWMCU--CWMCU_resume
<6>[ 400.689515] PM: resume of devices complete after 16.510 msecs
<6>[ 400.690769] runin_work:BatteryTestStatus_enable = 0 chip->usb_present = 0
<6>[ 400.690573] Restarting tasks ... done.
<6>[ 400.696613] PM: suspend exit 2017-10-13 05:59:11.279104088 UTC
But at the moment the device hangs up while trying to freeze the user space processes and fails.
I found that there is a problem with the device tree image of the kernel, so using the stock one everything is well.
I will make changes and a new version will appear soon.
In the meantime please try out flashing this bootimages after installing LOS-14.1:
Boot - LOS-14.1 standard image(AS)
Boot EU -LOS-14.1
Hopefully one of these works and the reboot issue shouldn't happen also.
lightwars said:
Ok, so we've got some problems with EU devices... maybe there are more variants, I'm think of EU, DE, UK, ES, PT and who knows... Could be small differences have an impact here...
To say it clearly to install the boot EU fix from the CM-12.1 thread has installed an other boot image for your phone which have kernel which will not work with nougat.
But anyway I believe I know why the device reboots itself, cause it can't suspend itself in the right manner. Let me show you a kernel log, how it should be:
Code:
<6>[ 189.766084] PM: suspend entry 2017-10-13 04:49:15.725432575 UTC
<6>[ 189.767479] mmc1: Starting deferred resume
<6>[ 189.767983] mmc0: Starting deferred resume
<6>[ 189.861591] mmc0: Deferred resume completed
<6>[ 189.907006] mmc1: Deferred resume completed
<6>[ 189.766118] PM: Syncing filesystems ... done.
<3>[ 189.999154] Error: returning -512 value
<6>[ 189.998043] Freezing user space processes ... (elapsed 0.008 seconds) done.
<6>[ 190.006568] Freezing remaining freezable tasks ... (elapsed 0.005 seconds) done.
<6>[ 190.011790] Suspending console(s) (use no_console_suspend to debug)
<6>[ 190.018262] [AK4375] ak4375_suspend(1402)
<6>[ 190.025845] [TP:CORE]Enter fb_notifier_callback.
<6>[ 190.025845]
<6>[ 190.025892] [TP:CORE]Enter fb_notifier_callback.
<6>[ 190.025892]
<7>[ 190.034218] --CWMCU--CWMCU_suspend
<6>[ 190.046580] PM: suspend of devices complete after 33.038 msecs
<6>[ 190.048343] PM: late suspend of devices complete after 1.737 msecs
<6>[ 190.053764] PM: noirq suspend of devices complete after 5.409 msecs
<6>[ 190.053774] Disabling non-boot CPUs ...
<6>[ 190.081114] CPU0:msm_cpu_pm_enter_sleep mode:3 during suspend
...
<6>[ 400.663545] Enabling non-boot CPUs ...
<6>[ 400.664692] CPU1 is up
<6>[ 400.665735] CPU2 is up
<6>[ 400.666779] CPU3 is up
<6>[ 400.668230] CPU4 is up
<6>[ 400.669120] CPU5 is up
<6>[ 400.670027] CPU6 is up
<6>[ 400.670974] CPU7 is up
<6>[ 400.671561] PM: noirq resume of devices complete after 0.570 msecs
<6>[ 400.672983] PM: early resume of devices complete after 0.796 msecs
<7>[ 400.679137] --CWMCU--CWMCU_resume
<6>[ 400.689515] PM: resume of devices complete after 16.510 msecs
<6>[ 400.690769] runin_work:BatteryTestStatus_enable = 0 chip->usb_present = 0
<6>[ 400.690573] Restarting tasks ... done.
<6>[ 400.696613] PM: suspend exit 2017-10-13 05:59:11.279104088 UTC
But at the moment the device hangs up while trying to freeze the user space processes and fails.
I found that there is a problem with the device tree image of the kernel, so using the stock one everything is well.
I will make changes and a new version will appear soon.
In the meantime please try out flashing this bootimages after installing LOS-14.1:
Boot - LOS-14.1 standard image(AS)
Boot EU -LOS-14.1
Hopefully one of these works and the reboot issue shouldn't happen also.
Click to expand...
Click to collapse
I try to install the boot but file is corrupted
lagos911 said:
I try to install the boot but file is corrupted
Click to expand...
Click to collapse
I downloaded both files and they install just fine.
You have to switch from ZIP installing to image installing at the install dialog from twrp the button at the bottom right.
lightwars said:
I downloaded both files and they install just fine.
You have to switch from ZIP installing to image installing at the install dialog from twrp the button at the bottom right.
Click to expand...
Click to collapse
Yea i didnt know that with the image flashing. Thanks.
Actually I did it and I install the rom with your boot EU fix. No big diffrents at the interface from the 12.1 cm.
I dont working a lot with lineageOS but many thinks dont work. I enable wifi and disable automatic. Flashlight and some other thinks.
I hope you build a stable rom.
P.S. Now i have install the CM12.1 and when I try to enter the bootloader the device stuck.
Also I try to delete some system apps with ES explorer PRO and I get that my device its not rooted.
I have done something wrong with the rooting?
lagos911 said:
P.S. Now i have install the CM12.1 and when I try to enter the bootloader the device stuck.
Also I try to delete some system apps with ES explorer PRO and I get that my device its not rooted.
I have done something wrong with the rooting?
Click to expand...
Click to collapse
I am not sure I can follow your description... What means stuck? bootloader displays just a black screen.
Normally you can activate root in the developer settings, which are displayed after clicking serveral times on the build number. There you will find an option to enable/disable root for apps and adb.
Or if you prefer other tools like supersu install it first, then try again.
Remember to ask question for CM12.1 inside the appropriate thread.
Sorry for the wrong topic. I didint know that the bootloader appearing a black screen. Usually they have a menu.
I forgot to mention that the option for root explorer at ES explorer PRO you can activated from here.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Please help :/
I've installed this onto my zte blade s6 but my internet doesn't turn on on the phone and I flashed the eu fix by lightwars on my recovery so now i don't have a recovery and my phone isn't rooted. PLEASE HELP.