I am posting here because I do not have permission to post in the android dev forum. Thanks to j00m who helped post my ROM earlier in the dev forum, but I thought I should build up my posts to be able to post stuff myself too Here is another smaller system.img file that should work with stock hboot or blackrose (not tested) and has the home button working. The ROM should be considered alpha quality at best as is with other CM9 ROMs.
(system.img)
http://www.mediafire.com/?9lcz59qq8s1qgvb
boot.img (if you have one from drewis' alphas, you do not need to flash this.)
http://www.mediafire.com/?kilz59rjc8kug1m
Be sure to wipe data/cache before reboot. You should be able to use the google apps from userdata.img from one of drewis's alphas.
The ROM is built from CM9, with my changes to make use of the adreno GL drivers. Credits are due to the CM team and all whose code is included in CM9. There should be many to name and I do not want to miss out anyone who deserves credit.
Will post code changes soon. Need to clean it up. Hence the delay.
I hope that when I have enough posts to be privileged, this thread can be moved into the dev forum.
Enjoy!!
Here is the source patch.
diff --git a/frameworks/base/libs/gui/SurfaceTexture.cpp b/frameworks/base/libs/gui/SurfaceTexture.cpp
index c72a45b..9e425e3 100644
--- a/libs/gui/SurfaceTexture.cpp
+++ b/libs/gui/SurfaceTexture.cpp
@@ -246,6 +246,8 @@ status_t SurfaceTexture::requestBuffer(int slot, sp<GraphicBuffer>* buf) {
return NO_ERROR;
}
+#define MAX_SLEEPTIMEOUTS (5)
+
status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
uint32_t format, uint32_t usage) {
ST_LOGV("SurfaceTexture::dequeueBuffer");
@@ -262,6 +264,9 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
int found, foundSync;
int dequeuedCount = 0;
bool tryAgain = true;
+ int sleepTimeouts = 0;
+ bool eglWorkAround = true;
+
while (tryAgain) {
if (mAbandoned) {
ST_LOGE("dequeueBuffer: SurfaceTexture has been abandoned!");
@@ -342,6 +347,21 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
// clients are not allowed to dequeue more than one buffer
// if they didn't set a buffer count.
if (!mClientBufferCount && dequeuedCount) {
+ LOGV("SurfaceTexture::dequeue: Not allowed to dequeue more than a "
+ "buffer\n");
+ if (eglWorkAround) {
+ if (sleepTimeouts++ < MAX_SLEEPTIMEOUTS) {
+ LOGD("SurfaceTexture::dequeue: Not allowed to dequeue more "
+ "than a buffer SLEEPING\n");
+ usleep(100000);
+ } else {
+ mClientBufferCount = mServerBufferCount;
+ LOGD("SurfaceTexture::dequeue: Not allowed to dequeue more "
+ "than a buffer RETRY mBufferCount:%d mServerBufferCount:%d\n",
+ mBufferCount, mServerBufferCount);
+ }
+ continue;
+ }
return -EINVAL;
}
@@ -353,6 +373,13 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
// than allowed.
const int avail = mBufferCount - (dequeuedCount+1);
if (avail < (MIN_UNDEQUEUED_BUFFERS-int(mSynchronousMode))) {
+ if (eglWorkAround && mClientBufferCount != 0) {
+ mBufferCount++;
+ mClientBufferCount = mServerBufferCount = mBufferCount;
+ LOGD("SurfaceTexture::dequeuebuffer: MIN EXCEEDED "
+ "mBuffer:%d bumped\n", mBufferCount);
+ continue;
+ }
ST_LOGE("dequeueBuffer: MIN_UNDEQUEUED_BUFFERS=%d exceeded "
"(dequeued=%d)",
MIN_UNDEQUEUED_BUFFERS-int(mSynchronousMode),
@@ -700,8 +727,8 @@ status_t SurfaceTexture::updateTexImage() {
ST_LOGW("updateTexImage: clearing GL error: %#04x", error);
}
- glBindTexture(mTexTarget, mTexName);
- glEGLImageTargetTexture2DOES(mTexTarget, (GLeglImageOES)image);
+ glBindTexture(getCurrentTextureTarget(), mTexName);
+ glEGLImageTargetTexture2DOES(getCurrentTextureTarget(), (GLeglImageOES)image);
bool failed = false;
while ((error = glGetError()) != GL_NO_ERROR) {
@@ -736,7 +763,7 @@ status_t SurfaceTexture::updateTexImage() {
mDequeueCondition.signal();
} else {
// We always bind the texture even if we don't update its contents.
- glBindTexture(mTexTarget, mTexName);
+ glBindTexture(getCurrentTextureTarget(), mTexName);
}
return OK;
@@ -762,6 +789,9 @@ bool SurfaceTexture::isExternalFormat(uint32_t format)
}
GLenum SurfaceTexture::getCurrentTextureTarget() const {
+ if (mTexTarget == GL_TEXTURE_EXTERNAL_OES) {
+ return GL_TEXTURE_2D;
+ }
return mTexTarget;
}
diff --git a/frameworks/base/services/surfaceflinger/Layer.cpp b/frameworks/base/services/surfaceflinger/Layer.cpp
index 317cc3b..9e92e81 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -40,6 +40,8 @@
#include "SurfaceTextureLayer.h"
#define DEBUG_RESIZE 0
+#define GL_TEXTURE_EXTERNAL_OES GL_TEXTURE_2D
+
namespace android {
diff --git a/device/htc/passion-common/BoardConfigCommon.mk b/device/htc/passion-common/BoardConfigCommon.mk
index b86c580..e17da36 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -73,7 +73,7 @@ BOARD_VENDOR_USE_AKMD := akm8973
## Hardware rendering
## doesn't actually work until we have hwcomposer
-USE_OPENGL_RENDERER := true
+USE_OPENGL_RENDERER := false
BOARD_EGL_CFG := device/htc/passion-common/egl.cfg
## for rmcc egl hack
COMMON_GLOBAL_CFLAGS += \
On Media fire:
http://www.mediafire.com/?dxzyyfzzp9m6fu8
It works with OPENGL_RENDERER := true as well, but is quite slow and crashes often, with OPENGL_RENDERER := false things are much more stable and usable as is the ROM posted above.
Thanks.
Good job guy.Keep it up ,waiting for next version
mori90 said:
Good job guy.Keep it up ,waiting for next version
Click to expand...
Click to collapse
+1 Agreed. Cant wait to see what you and texasice does next.
Confirm it is working with blackrose. But what i noticed:
-Superuser crashes when trying to update the su binary.
-My USM App is corrupted. Filesize is 12 kb, instead of 38. When trying to use it (activate UMS) it prompts a toast saying "Superuser permission denied", but it doesn't even promt the request popup before; though there is no entry in the Superuser App list.
EDIT: After rm Superuser.apk and flashing the signed Superuser zip via recovery, using su works now.
That made it possible to use the UMS App again and also to use Titanium to restore all Gapps (incl. Account Setup).
Could you check the permissions on the actual su binary itself?
rapmv78 said:
Could you check the permissions on the actual su binary itself?
Click to expand...
Click to collapse
not any longer. :/ (see edited post above) btw: did you made any changes to my ums app? noticed the smaller file size and seems like some notifications are not there any longer!?
Most likely that the permission got fixed when you flashed the Superuser zip file. Good to know it is resolved. Have you seen any other issues pertaining to graphics? I am just curious to know how GL works for others
rapmv78 said:
Have you seen any other issues pertaining to graphics? I am just curious to know how GL works for others
Click to expand...
Click to collapse
So far not. Everything is fine. Played a few videos with diefferent formats without any issues amd now i'm populating the system with apps and restoring settings.. One thing (not gl related) i'm struggeling with, is to get the market running. for whatever reason every version i installed opens fine, let me connect to my google account but then says network error (in wifi and also mobile data mode). Same error with Maps.. I'll post updates as soon as i have some. But beside this, everything looks really good. Meanwhile i can offer a system report if that helps you to get any information: http://www.nahklick.de/user/stephan/android_report.html
Bexton said:
So far not. Everything is fine. Played a few videos with diefferent formats without any issues amd now i'm populating the system with apps and restoring settings.. One thing (not gl related) i'm struggeling with, is to get the market running. for whatever reason every version i installed opens fine, let me connect to my google account but then says network error (in wifi and also mobile data mode). Same error with Maps.. I'll post updates as soon as i have some. But beside this, everything looks really good. Meanwhile i can offer a system report if that helps you to get any information: http://www.nahklick.de/user/stephan/android_report.html
Click to expand...
Click to collapse
Regarding the market, did you try clearing the cache for the app and reboot (the usual method iirc) ? System report looks fine. Thanks.
rapmv78 said:
Regarding the market, did you try clearing the cache for the app and reboot (the usual method iirc) ?
Click to expand...
Click to collapse
yep, didn't solved it!? but stopped trying now.
at the moment i'm watching spiderman 3 in 720p x264 mkv format. trailer worked fine. full movie judderes a bit from time to time but it is running for 15 minutes now without hanging up or whatever.
edit: 1080p also works but is really slow and the judder effect is much bigger.
Thread moved to dev section and link to mediafire ok
What's working and what's not?
imfloflo said:
Thread moved to dev section and link to mediafire ok
Click to expand...
Click to collapse
second post, the link to media fire is not ok!
@j00m Fix
Thread moved in General Section to allow OP to respond for the moment
This ROM enables hardware acceleration for most of the tasks as used to be in gingerbread. Am interested in knowing the experience of others using this mod.
Thanks.
Trackball wakeup will have next next... version,right ???
Why this ver. is working perfect on wifi(Static IP) but texasice version is not ??
I am not sure about the difference with static IP working in this ROM v/s texas ice's. Also since I posted the source code and is in CM9, you should just be able to get more features out of the other ROMs than you would from me This ROM was more of a proof of concept to see if openGL acceleration patch was usable and looks like it does. Thanks for your help in testing it. I do not have any plans to release new ROMs, as all I would be doing is pull the code and compiling it, without any value add from my side (now that the code has already been merged).
The mod can actually close this thread if need be.
Thanks.
what's working and what's not?
New to the forums, short introduction? Hi. Next on the agenda I'd like to apologize for this not being in the development forum, but as I'm a new user I was unable to post there.
As for my issue I'm working on a game, it's very basic right now and I'm working on an editor.
(Terribly sorry about this part. Turns out I don't have privileges for image links quite yet. Hope I get there soon! )
So far for rectangles I use the Menu button -> Objects -> Rectangles; Drag and drop to create a shape, press Ok. Drawing multiple rectangles from the map array works perfectly fine, but collision is another story. The most recent object I create HAS collision, if I create a new object, the previous object loses it. e.g. I create 100 rectangles, 1st - 99th don't collide. I have coding experience, asked multiple people. All have been stumped on something that seems like it'd be simple.
The saving:
Code:
if (confirmMode && touchX > (startX + endX) / 2
&& touchX < (startX + endX) / 2 + tileSize * 20
&& touchY < (startY + endY) / 2
&& touchY > (startY + endY) / 2 - tileSize * 10) {
map.add(key, startX);
map.add(key + 1, startY);
map.add(key + 2, endX);
map.add(key + 3, endY);
key += 4;
confirmMode = rectMode = circleMode = false;
}
The reading:
Code:
while (i < key) {
canvas.drawRect(map.get(i), map.get(i + 1), map.get(i + 2),
map.get(i + 3), red);
if (playerX > map.get(i) && playerX < map.get(i + 2)
&& playerY > map.get(i + 1) && playerY < map.get(i + 3))
allowed = 0;
else
allowed = 1;
i += 4;
}
i = 0;
Love, a stranger.
I've made some modifications to drivers/usb/otg/msm_otg.c in order to support usb host mode for the Nexus 4: http://forum.xda-developers.com/showthread.php?t=2181820
So far, I've been building off Franco's sources, since I was using his kernel anyway. But this has its problems. I'm not looking to have to constantly keep up with Franco's nightlies. A good amount of posts from people are asking if I could compile a different kernel with the otg modifications, or if they could flash a different kernel on top. Franco's been getting requests to implement the modifications, and I didn't mean to put any onus on him.
I've been trying to do some research on creating a kernel module that could somehow hijack/hook/wrap the static functions I've made changes to in msm_otg.c. This is all way, way over my head though, and I could really use some help here. I've done some reading so far, but it hasn't gotten me anywhere. I got some good help on IRC, but am stuck again.
To get things rolling, I've manually found the address from /proc/kallsyms of static function msm_chg_detect_work to be 0xc03b4950. I'm trying to make a jump from here to my own function. I was provided make_jump_op for this purpose, although I have no understanding of how it works. Here is more or less what I've got so far (relevant bits..):
Code:
// max distance: 0x02000000
unsigned int make_jump_op(unsigned int src, unsigned int dst) {
unsigned int o;
int distance;
distance = (int)( ((long long)dst) - (((long long)src) + 8) );
if (distance > 32*1024*1024 || distance < -32*1024*1024) {
printk(KERN_ERR "distance too big!\n");
return 0; // crash, BOOOOM!
}
distance = distance / 4; // read: ">>2"
o = *((unsigned int *)(&distance)); // is there a proper way to do this, too?
o = (o & 0x00ffffff) + 0xea000000;
return o;
}
static void msm_chg_detect_work_MOD(struct work_struct *w) {
printk(KERN_INFO "TEST\n");
}
static int ziddey_otg_init(void) {
unsigned int *origcall;
printk(KERN_INFO "Loading kernel module '%s'\n", MODULE_NAME);
// 0xc03b4950: msm_chg_detect_work
origcall = (unsigned int *) 0xc03b4950;
preempt_disable();
*origcall = make_jump_op(0xc03b4950, (unsigned int)(void*)msm_chg_detect_work_MOD);
preempt_enable();
printk(KERN_INFO "Loaded kernel module '%s'\n", MODULE_NAME);
return 0;
}
Can anyone make sense of this? I get an Oops error and kernel panic.
Thank you
Code:
$ grep msm_chg_detect_work /proc/kallsyms
c03b4950 t msm_chg_detect_work
Hi,
I have a problem with 2G (edge, I didn`t try GPRS) networks on my i9305 in Android 5.1. I can connect to 3G and 4G without problem, but for 2G I get only an exclamation mark on the side of the signal icon and no connection. I tried several ROMs, which I found here and my own cm12.1 build (I actually started with that one) - all with the same result:
AOSP-5.1.1-20150605-i9305-rodman01.zip
BlissPop-v4.0.3-i9305-UNOFFICIAL-20151011-2232.zip
LS-LP-v4.1-2015-10-23-liquid_i9305.zip
Sammy_Resurrection-Remix-LP-v5.5.9-20151122-i9305.zip
cm-12.1-20151201-UNOFFICIAL-i9305.zip (from winxuser)
I did some debugging and discovered that the problem is in wrong data coming from rild. I described it with more details here: forum.cyanogenmod.org/topic/118467-how-to-debug-non-working-2g-network I even found on the web some logs with the same wrong value and posts describing similar or the same behavior. I also found some posts saying, that it is fixed, but I can`t find any ROM, where it is working.
As you can see in my post on cyanogenmod forum, I have a solution, but not a nice one. It is a hack. So I want to ask – is there someone who had the same problem and fixed it? Or some who has the same phone and not this problem? If yes, how did you fix it? Exactly which ROM, prorietary files did you use?
Thank you
Pavel
OK, I am giving up. I tried several more ROMs:
Slim-i9305-5.1.1.beta.0.9-UNOFFICIAL-20151024-2015.zip
aicp_i9305_lp-10.0-NIGHTLY-20151128.zip
cm-12.1-20151202-UNOFFICIAL-i9305.zip
nameless-5.1.1-20151019-i9305-NIGHTLY.zip
The result is still the same. Maybe it has something to do with carrier operator (but I don`t have this problem in cm 11). I found fix similar to mine, which I described in cyanogenmod forum, so I`ll use that. See here github.com/CyanogenMod/android_device_samsung_jf-common/blob/cm-12.1/ril/telephony/java/com/android/internal/telephony/jflteRIL.java if you are interested. Specifically method responseVoiceDataRegistrationState. It replaces the wrong rild data in the same way.
I have the same problem @p.a.n.
Please tell me how I fix it, even if it´s a hack... Thanks
Hi,
here is the final diff I use:
Code:
project device/samsung/smdk4412-qcom-common/
diff --git a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
index 0e8d798..619be34 100644
--- a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
+++ b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
@@ -409,8 +409,8 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
case RIL_REQUEST_UDUB: ret = responseVoid(p); break;
case RIL_REQUEST_LAST_CALL_FAIL_CAUSE: ret = responseInts(p); break;
case RIL_REQUEST_SIGNAL_STRENGTH: ret = responseSignalStrength(p); break;
- case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
- case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
+ case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,false); break;
+ case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,true); break;
case RIL_REQUEST_OPERATOR: ret = operatorCheck(p); break;
case RIL_REQUEST_RADIO_POWER: ret = responseVoid(p); break;
case RIL_REQUEST_DTMF: ret = responseVoid(p); break;
@@ -580,9 +580,16 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
}
private Object
- responseVoiceDataRegistrationState(Parcel p) {
+ responseVoiceDataRegistrationState(Parcel p, boolean data) {
String response[] = (String[])responseStrings(p);
if (isGSM){
+ if(data &&
+ response.length > 4 &&
+ response[0] != null && response[0].equals("1") &&
+ response[3] != null && response[3].equals("102")){
+ riljLog("responseVoiceDataRegistrationState overriding 102 -> 2");
+ response[3]="2";
+ }
return response;
}
if (response.length>=10){
Or you can try replace /system/framework/telephony-common.jar with attached telephony-common.jar, but be careful with that (make backup), I can`t guarantee that it will work with the rest of your system.
Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0 problem but rather how the EHCI performs, as certain USB 2.0 phones actually have the xHCI controller and can run the exploit just fine. What happens is that although it can detect the connected Switch in Tegra Recovery Mode, it just doesn't do anything and gives an error in the logs, "SUMBITURB failed".
On Linux desktop systems it is similar, but the exploit can still work with a kernel patch provided by a hacking group that discovered the exploit in the first place:
Code:
--- linux-4.14.27/drivers/usb/host/ehci-hcd.c.old 2018-04-17 18:00:00.000000000 +0000
+++ linux-4.14.27/drivers/usb/host/ehci-hcd.c 2018-04-17 18:00:00.000000000 +0000
@@ -873,14 +873,6 @@
INIT_LIST_HEAD (&qtd_list);
switch (usb_pipetype (urb->pipe)) {
- case PIPE_CONTROL:
- /* qh_completions() code doesn't handle all the fault cases
- * in multi-TD control transfers. Even 1KB is rare anyway.
- */
- if (urb->transfer_buffer_length > (16 * 1024))
- return -EMSGSIZE;
- /* FALLTHROUGH */
- /* case PIPE_BULK: */
default:
if (!qh_urb_transaction (ehci, urb, &qtd_list, mem_flags))
return -ENOMEM;
The author of the Android port had also written a Python "hotpatch" script for desktop Linux systems:
Code:
#!/usr/bin/env python3
import os
"""
Cursed Code.
This code literally patches your kernel memory, proceed at your own risk.
Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!
Run fusee-launcher.py with the "--override-checks" argument.
If you'd rather patch your drivers properly:
https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch
"""
ksyms = {
line[2]: int(line[0], 16)
for line in
map(lambda l: l.strip().split(),
open("/proc/kallsyms", "r").readlines())}
print(hex(ksyms["ehci_urb_enqueue"]))
patch_c = """
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/pgtable.h>
static u32 ORIG_MAX = 16*1024;
static u32 NEW_MAX = 0x1000000;
/* borrowed from MUSL because I'm lazy AF */
static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
if (hw == nw) return (char *)h-3;
return 0;
}
static pte_t* (*lookup_addr)(unsigned long, unsigned int*) = (void *) PLACE2;
static void set_addr_rw(unsigned long addr) {
unsigned int level;
pte_t *pte = lookup_addr(addr, &level);
set_pte_atomic(pte, pte_mkwrite(*pte));
}
int init_module(void) {
void * ehci_urb_enqueue_start = (void *) PLACEHOLDER;
u32 * patch_addr;
printk(KERN_INFO "Patch module loaded\\n");
patch_addr = (u32 *) fourbyte_memmem(ehci_urb_enqueue_start, 0x400, (void *)&ORIG_MAX);
if (patch_addr == NULL) {
printk(KERN_INFO "Failed to find patch site :(\\n");
return -1;
}
printk(KERN_INFO "patch_addr: 0x%px\\n", patch_addr);
set_addr_rw((unsigned long)patch_addr);
*patch_addr = NEW_MAX;
printk(KERN_INFO "Patching done!\\n");
return -1;
}
""".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2", hex(ksyms["lookup_address"]))
makefile = """
obj-m += patch.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
"""
with open("patch.c", "w") as patchfile:
patchfile.write(patch_c)
with open("Makefile", "w") as mf:
mf.write(makefile)
os.system("make")
print("About to insert patch module, 'Operation not permitted' means it probably worked, check dmesg output.")
os.system("insmod patch.ko")
I tried to see if running it in Termux would do anything but I got the following error:
Code:
0x0
Traceback (most recent call last):
File "ehci_patch.py", line 70, in <module>
" " ".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2" hex(ksyms["lookup_address"]))
KeyError: 'lookup_address'
I know that script isn't meant for use on Android anyway but maybe it can lead to a solution. The author of it does not know how to go about it at this time either, but believes an entire recompile of the kernel would be necessary. I am hoping that something like a systemless Magisk module would be the easiest solution for users but do not know if that is possible. I am only guessing it might be possible to create a Magisk module because of audio drivers like VIPER4Android. If indeed a custom kernel is needed, does anyone know how to go about it? It could be difficult to implement for everyone because not everyone has a device where the source to the kernel is available, etc. I am willing, however, to test anything on my tablet which is USB 2.0 and gives the error in the app. Any advice for how to go about this will be greatly appreciated.
I feel ya man, i need this stuff too. NXLoader doesn't work on my Galaxy Grand Prime (G530T) and i really need it to Dx