From bd0231c96bf651918894c8afe4593e2efecf5da6 Mon Sep 17 00:00:00 2001
From: David Zeuthen <zeuthen@google.com>
Date: Wed, 9 Sep 2015 18:15:11 -0400
Subject: [PATCH] fs_mgr: Error out if unable to determine slot_suffix

Instead of falling back to suffix _a, we now error out if neither the
kernel commandline nor the misc partition specifies the suffix. It's
cleaner this way.

Change-Id: I3f58928a664433504ebdf8d0ee05a319be5097cf
---
 fs_mgr/fs_mgr_slotselect.c | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/fs_mgr/fs_mgr_slotselect.c b/fs_mgr/fs_mgr_slotselect.c
index 99dcd0e53..ca07b189b 100644
--- a/fs_mgr/fs_mgr_slotselect.c
+++ b/fs_mgr/fs_mgr_slotselect.c
@@ -78,10 +78,11 @@ static int get_active_slot_suffix_from_misc(struct fstab *fstab,
     return 0;
 }
 
-// Gets slot_suffix from either the kernel cmdline / firmware, the
-// misc partition or built-in fallback.
-static void get_active_slot_suffix(struct fstab *fstab, char *out_suffix,
-                                   size_t suffix_len)
+// Gets slot_suffix from either the kernel cmdline / firmware or the
+// misc partition. Sets |out_suffix| on success and returns 0. Returns
+// -1 if slot_suffix could not be determined.
+static int get_active_slot_suffix(struct fstab *fstab, char *out_suffix,
+                                  size_t suffix_len)
 {
     char propbuf[PROPERTY_VALUE_MAX];
 
@@ -91,30 +92,19 @@ static void get_active_slot_suffix(struct fstab *fstab, char *out_suffix,
     property_get("ro.boot.slot_suffix", propbuf, "");
     if (propbuf[0] != '\0') {
         strncpy(out_suffix, propbuf, suffix_len);
-        return;
+        return 0;
     }
 
     // If we couldn't get the suffix from the kernel cmdline, try the
     // the misc partition.
     if (get_active_slot_suffix_from_misc(fstab, out_suffix, suffix_len) == 0) {
         INFO("Using slot suffix \"%s\" from misc\n", out_suffix);
-        return;
+        return 0;
     }
 
-    // If that didn't work, fall back to _a. The reasoning here is
-    // that since the fstab has the slotselect option set (otherwise
-    // we wouldn't end up here) we must assume that partitions are
-    // indeed set up for A/B. This corner-case is important because we
-    // may be on this codepath on newly provisioned A/B devices where
-    // misc isn't set up properly (it's just zeroes) and the
-    // bootloader does not (yet) natively support A/B.
-    //
-    // Why '_a'? Because that's what system/extras/boot_control_copy
-    // is using and since the bootloader isn't A/B aware we assume
-    // slots are set up this way.
-    WARNING("Could not determine slot suffix, falling back to \"_a\"\n");
-    strncpy(out_suffix, "_a", suffix_len);
-    return;
+    ERROR("Error determining slot_suffix\n");
+
+    return -1;
 }
 
 // Updates |fstab| for slot_suffix. Returns 0 on success, -1 on error.
@@ -130,7 +120,10 @@ int fs_mgr_update_for_slotselect(struct fstab *fstab)
 
             if (!got_suffix) {
                 memset(suffix, '\0', sizeof(suffix));
-                get_active_slot_suffix(fstab, suffix, sizeof(suffix) - 1);
+                if (get_active_slot_suffix(fstab, suffix,
+                                           sizeof(suffix) - 1) != 0) {
+                  return -1;
+                }
                 got_suffix = 1;
             }