v57: Make offset for the JIT reset flag configurable

Some ROMs seem to be compiled with different settings or have been modified by the vendors, resulting in a different offset for the codeCacheFull flag than 0x78 = 120 as in AOSP. This can lead to boot loops: rovo89#6 Manual configuration is only a workaround, however it's better than compiling different variants. Automated detection would be best, however it's very complicated. Not only does it require intelligent algorithms to guess the offset from other, more significant fields, it would also have to be done at the right time. The structure in question isn't initialized in Zygote, and only after some delay when starting apps. The only thing we can do now is a quick sanity check. Booleans can only be 0 or 1, so if the current value is something else, then we were probably about to overwrite a pointer or something else.
jackey-han · May 10, 2014 · 842ba2e · 842ba2e
1 parent e8c68d8
commit 842ba2e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/xposed.cpp b/xposed.cpp
@@ -118,6 +118,17 @@ bool xposedDisableSafemode() {
         return false;
 }
 
+static int xposedReadIntConfig(const char* fileName, int defaultValue) {
+    FILE *fp = fopen(fileName, "r");
+    if (fp == NULL)
+        return defaultValue;
+
+    int result;
+    int success = fscanf(fp, "%i", &result);
+    fclose(fp);
+
+    return (success >= 1) ? result : defaultValue;
+}
 
 // ignore the broadcasts by various Superuser implementations to avoid spamming the Xposed log
 bool xposedShouldIgnoreCommand(const char* className, int argc, const char* const argv[]) {
@@ -246,6 +257,12 @@ static bool xposedInitMemberOffsets(JNIEnv* env) {
 
     MEMBER_OFFSET_COPY(DvmJitGlobals, codeCacheFull);
 
+    int overrideCodeCacheFull = xposedReadIntConfig(XPOSED_OVERRIDE_JIT_RESET_OFFSET, -1);
+    if (overrideCodeCacheFull > 0 && overrideCodeCacheFull < 0x400) {
+        ALOGI("Offset for DvmJitGlobals.codeCacheFull is overridden, new value is 0x%x", overrideCodeCacheFull);
+        MEMBER_OFFSET_VAR(DvmJitGlobals, codeCacheFull) = overrideCodeCacheFull;
+    }
+
     // detect offset of ArrayObject->contents
     jintArray dummyArray = env->NewIntArray(1);
     if (dummyArray == NULL) {
@@ -489,7 +506,12 @@ static void de_robv_android_xposed_XposedBridge_hookMethodNative(JNIEnv* env, jc
 
     if (PTR_gDvmJit != NULL) {
         // reset JIT cache
-        MEMBER_VAL(PTR_gDvmJit, DvmJitGlobals, codeCacheFull) = true;
+        char currentValue = *((char*)PTR_gDvmJit + MEMBER_OFFSET_VAR(DvmJitGlobals,codeCacheFull));
+        if (currentValue == 0 || currentValue == 1) {
+            MEMBER_VAL(PTR_gDvmJit, DvmJitGlobals, codeCacheFull) = true;
+        } else {
+            ALOGE("Unexpected current value for codeCacheFull: %d", currentValue);
+        }
     }
 }
 

diff --git a/xposed.h b/xposed.h
@@ -14,14 +14,15 @@ namespace android {
 #define XPOSED_ENABLE_FOR_TOOLS XPOSED_DIR "conf/enable_for_tools"
 #define XPOSED_SAFEMODE_NODELAY XPOSED_DIR "conf/safemode_nodelay"
 #define XPOSED_SAFEMODE_DISABLE XPOSED_DIR "conf/safemode_disable"
+#define XPOSED_OVERRIDE_JIT_RESET_OFFSET XPOSED_DIR "conf/jit_reset_offset"
 
 #define XPOSED_CLASS "de/robv/android/xposed/XposedBridge"
 #define XPOSED_CLASS_DOTS "de.robv.android.xposed.XposedBridge"
 #define XRESOURCES_CLASS "android/content/res/XResources"
 #define MIUI_RESOURCES_CLASS "android/content/res/MiuiResources"
 #define XTYPEDARRAY_CLASS "android/content/res/XResources$XTypedArray"
 
-#define XPOSED_VERSION "56"
+#define XPOSED_VERSION "57"
 
 #ifndef ALOGD
 #define ALOGD LOGD
@@ -51,6 +52,7 @@ void disableXposed();
 bool isXposedDisabled();
 bool xposedSkipSafemodeDelay();
 bool xposedDisableSafemode();
+static int xposedReadIntConfig(const char* fileName, int defaultValue);
 bool xposedShouldIgnoreCommand(const char* className, int argc, const char* const argv[]);
 bool addXposedToClasspath(bool zygote);
 static void xposedPrepareSubclassReplacement(jclass clazz);