In rootfs context, the verity mode must be supplied by the bootloader
to the kernel. This patch creates a new verity_corrupted field in the
slot metadata structure to remind that this slot is corrupted from a
dm-verity point of view.
If the bootloader receives the "dm-verity device corrupted" reboot
target, it should set this bit to 1. If this bit value is 1, the
bootloader should set the veritymode to "eio".
Change-Id: I9335a39d7d009200318c58c53a3139d542788a9b
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Remove O_SYNC from mzExtractRecursive() and PackageExtractFileFn().
These functions deal with extracting whole files from the update
package onto a filesystem. If run on ext4 on a rotating disk, for
example, the O_SYNC flag will cause serious performance problems
and the extraction proecss can take over 30 minutes, with no
obvious benefits.
This API function already calls fsync(fd) after each file is
extracted to ensure data and metadata is written to the underlying
block device, so the O_SYNC calls should be superfluous and safely
removable.
This change does not affect the OTA patch paths or any modification
of the bootloader partition or writes to other 'emmc' partitions.
Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com>
Change-Id: I9cbb98a98e6278bf5c0d7efaae340773d1fbfcd2
Some ADF drivers do some amount of state cleanup when the ADF device
node is closed, making and attempts to draw using it fail.
This changes the minui ADF backend to keep the adf_device open until it
is exited, fixing issues on such devices.
external/bsdiff uses divsufsort which is much faster, and also include
some bug fixes.
Bug: 26982501
Test: ./imgdiff_test.sh
Change-Id: I089a301c291ee55d79938c7a3ca6d509895440d1
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
(cherry picked from commit 5687001895)
[1] switched a few things to android::base::unique_fd including
CommandParameters.fd. However, we were using memset(3) to zero out the
struct, which effectively assigned unique_fd(0) to fd. When it called
fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was
later reassigned via open(2), it led to lseek(2) errors: "Bad file
descriptor".
This CL switches to using braced-init (i.e. '= {}') instead, so that the
default constructor unique_fd(-1) would be called.
[1]: commit bcabd09293
Bug: 28391985
Change-Id: If1f99932b15552714c399e65c8b80550344b758a
This fixes build errors with BoringSSL master. (The cpp file uses functions
from bn.h and neither it nor the header includes it.)
Change-Id: If7f38aa0b931aa7940079bc006c7283b31f3b774
Define the A/B structure for implementation using the misc partition
as storage. The bootloader_control structure is designed to be put in
the bootloader_message slot_suffix field.
Change-Id: I158bdf3e69b3f327a1dde4c6eb1f907dbaf8939c
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
- Volantis console-ramoops-0 (upstream correct)
- Angler console-ramoops
- Bullhead console-ramoops
- Shamu console-ramoops
NB: Shamu also has kernel crashes in other pstore files,
not merging them in.
Bug: 27176738
Change-Id: Ib6eef3e25475935b89252f51c960719c7860511a
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
(cherry picked from commit 0188935d55)
