Set callstack logs as 0644 so that they are readable
by dumpstate.
Test: take OTA, cancel, delete /data/misc/update_engine/prefs/*
manually, retrigger OTA (so that callstack is logged), then re-take bug report
Bug: 148818798
Change-Id: I598e484b57dcd3ce6ed7bb483aee57ce2ba881e7
Set persistent logs for snapshotctl to 0644
so that they are readable by dumpstate.
Not using mode field in open() because it is masked
by umask. Directly use fchmod instead.
Test: reboot and take bugreport
Bug: 148818798
Change-Id: I515f8fd1345fcfb82aa2a1ec0c95da4b6921c039
This library is empty, and its functionality has moved
into libbinder/libhwbinder.
Bug: 148692216
Test: N/A
Change-Id: I306a2c18ec7770cfb6c3939b5e3d42a55c3165fb
Add libsnapshot test to the TEST_MAPPING's presubmit of fs_mgr to run
the test on TH whenever changes are applied to the fs_mgr contents.
Some of the tests are temporarily disabled due to a WIP bug.
Test: TH
Bug: 142513589
Change-Id: I2a283645b433ed1fd2b08d1c4919cac26d19cf16
Signed-off-by: Alessio Balsini <balsini@google.com>
Do not delete snapshots for any reason other than merge-complete or a
cancel request from update_engine. Additionally, create a rollback
indicator file if booting into the source slot, so update_engine can
attempt to cancel the update.
Bug: 147819418
Bug: 147347110
Test: libsnapshot_test gtest
Change-Id: Id357a91cec467a60246c7c3d133f6c54ccb3fc93
Bug: 148818798
Test: apply OTA but cancel it in the middle, then
delete /data/misc/update_engine/prefs/*, then
reapply it again (to trigger CancelUpdate()).
Stack is dumped.
Change-Id: I2dfb6b7f15b9d5854d0b81ed8ad260538d21c922
snapshotctl merge --logcat --log-to-file
- If --logcat, log to logcat
- If --log-to-file, log to /data/misc/snapshotctl_log/
- If both, log to both
- If none, log to stdout
Test: manually test these 4 cases
Bug: 148818798
Change-Id: I44b52936c0d095867acc6ee781c6bec04f6ebd6b
In tests CreateLogicalAndSnapshotPartitions may give flaky results
because not synchronous.
Add a bounded delay that prevents this behavior defined by a single
constexpr.
Bug: none
Test: libsnapshot_test
Change-Id: Iad3c24b1d3e82e3bd695d6dbbc8af8eab75bee32
Signed-off-by: Alessio Balsini <balsini@google.com>
In a device with malformed metadata, the MetadataBuilder returns a
nullptr that may cause segmentation faults when using the builder.
Fix by handling the nullptr exception in CreateUpdateSnapshot and
propagating the error to its caller.
Bug: n/a
Test: libsnapshot_test
Change-Id: Ie9148a552cf4bb223ab8d54b1d30d2b13d92bb22
Signed-off-by: Alessio Balsini <balsini@google.com>
The libsnapshot features are currently not used anywhere else than the
update system with Virtual A/B.
Ignore libsnapshot tests for devices that are not implementing this
feature.
Test: m, snapshot_test, OTA
Bug: 142513589
Change-Id: I4580bae5ed315f21501556eea062e6af1f982ab3
Signed-off-by: Alessio Balsini <balsini@google.com>
CreateLogicalAndSnapshotPartition is used in first-stage init and by
default never blocks (thanks to a timeout set to 0). This causes some
libsnapshot tests to fail, because snapshot devices may be accessed
before there actual creation is complete.
Fix by introducing a timeout_ms argument, set to 0 if unspecified.
Test: libsnapshot_test
Bug: 142513589
Change-Id: I5e23adaaf6df8603df501b9a25fdd1e9d8c15252
Signed-off-by: Alessio Balsini <balsini@google.com>
Reorder, remove and fix some of the dependencies in the Android.bp for
snapshot.
Test: m, snapshot_test, OTA
Bug: 142513589
Change-Id: Id214a8d6453a5675e60cda4352094dc3987292ec
Signed-off-by: Alessio Balsini <balsini@google.com>
Add flag in Android.bp to force the execution of libsnapshot_test as
root.
Test: m
Bug: 142513589
Change-Id: I9d047a9e1f9ea6d6e5540fa66fb42603ea136641
Signed-off-by: Alessio Balsini <balsini@google.com>
It now returns Ok() if successful, NeedsReboot() if merge
it should be checked again after reboot, and Error() for
other errors.
This wraps UpdateState to help clients interpret the UpdateState value.
Also separate SnapshotManager::Return from FiemapStatus since they are
for different libraries and have (potentially) different set of error codes.
Test: libsnapshot_test
Bug: 138808328
Change-Id: I8c95417c2b0b7b2a362beb12585f861453a79278
Now that the class becomes more complicated, move it out
of SnapshotManager.
Also, make it independent of FiemapStatus. libsnapshot and
libfiemap has different return classes.
Test: libsnapshot_test
Change-Id: If340959ba60bcd51c36e2b48f4d11c149ead907a
Instead of just mentioning that something wrong has been found when
parsing UpdateState, also log the value of the erroneous status.
Bug: none
Test: m
Change-Id: I487a115a9347199059a684ef682bec79fa5f26a9
Signed-off-by: Alessio Balsini <balsini@google.com>
Compute and print the progress percentage of the dm-snapshot devices
merging after an update is marked as successful.
All the snapshot devices are queried for their update states and all
their allocated, metadata and total sectors are summed as if the system
consists of a single big snapshot device, as well as the initial
allocated sectors to keep trace of the absolute progress. Then the merge
percentage is computed on the numbers for this fake snapshot device.
Bug: 139088917
Test: manual OTA
Change-Id: Ia9a51742105c90b7fd043f3cbf4249877def7f08
Signed-off-by: Alessio Balsini <balsini@google.com>
Convert UpdateState and introduce SnapshotUpdateStatus to protobuf to
simplify its access.
In addition, SnapshotUpdateStatus also stores the sum of all the
snapshot sector information. This additional data is used to improve the
merge progress progress.
Bug: 139088917
Test: manual OTA
Change-Id: Ic777d50244c1afa1cdd75fe9b2ffc6dd9ba19ade
Signed-off-by: Alessio Balsini <balsini@google.com>
When there is not enough space on /userdata, CreateUpdateSnapshot
returns SnapshotManager::Return with ErrorCode::NO_SPACE.
Test: libsnapshot_test
Bug: 138808058
Change-Id: If2effe63f6a4324eff8d05d4db4ce98be8190262
IImageManager::CreateBackingImage and ZeroFillNewImage now returns
FiemapStatus, which is an error code and provides more information
about the reason of error.
In particular, the error code is NO_SPACE if disk space is full during
allocation / writing.
Bug: 138808058
Test: libsnapshot_test
Change-Id: I500a3d9f55a2d7e60438b5b4ae70f8b5fed162fa
This eliminates libfiemap as a standalone library and instead bundles it
into libfs_mgr. All consumers of libfiemap need libfs_mgr, and having
them tightly coupled reduces linkage complexity.
When to use libfs_mgr: In recovery, first-stage-init, or when libfiemap
or overlayfs is not used.
When to use libfs_mgr_binder: When not in recovery/first-stage init, and
overlayfs or libfiemap is needed. In this case, IImageManager will proxy
over binder to gsid.
Bug: 134949511
Test: builds, fiemap_writer/image_test passes.
Change-Id: I4c1a5698afdbf9b3bf87accec98254c1fb6f4e0e
In recovery the user has the option to mount /system, but when a device
is updating with Virtual A/B, the _b partition may be a snapshot.
This patch introduces a helper function that satisfies the dependency of
setting up the snapshot devices required to mount /system.
Bug: 139157327
Test: manual /system partition mount on VAB device during OTA
Change-Id: I7337bdd38d7016d12d3ee42be1c7893b10e9116d
Signed-off-by: Alessio Balsini <balsini@google.com>
Add an API that does not initiate the merge, but only waits for it to
finish. It is different from ProcessUpdateState API in that it also
blocks when state == UNVERIFIED and booting from the new slot.
(ProcessUpdateState immediately returns in this case).
This is useful for android.os.UpdateEngine.CleanupSuccessfulUpdate().
Bug: 138808328
Test: libsnapshot_test
Change-Id: I7cc59fcaf69616e7ec7ebe6101991b5106845b65
Factor out obscure logic that reads boot indicator path.
GetCurrentSlot() returns three states:
- None (read failure)
- Old (before reboot)
- New (after reboot)
Use these "logical" slot values for simpler code.
Test: libsnapshot_test
Change-Id: I1fa2ce4916c5a1652d25682ec1f11e101c858822
Make sure CoW device doesn't overflow. Otherwise, data previously
written to snapshot device may be overwritten.
This check acts as a safety guard to bug like b/145180464, where
the computed CoW device size is less than required, but cannot be
caught by FilesystemVerifierAction in update_engine.
Note that this is a sanity check. It doesn't prevent the following:
(1) write a snapshot until it overflows
(2) unmap and re-map the snapshot
(3) Call FinishedSnapshotWrites()
When a snapshot is re-mapped, DeviceMapper::GetTableStatus() won't
return "Overflow".
However, update_engine always writes the full hashtree / FEC / etc.
data (outside of |PartitionUpdate.operations|), calls
FinishedSnapshotWrites(), and then writes the checkpoint. If the process
is interrupted, update_engine does the full FilesystemVerifierAction
from the beginning. Snapshots aren't remapped during the process. Hence,
the hypothetical case above won't happen in reality (at time of writing)
until FilesystemVerifierAction is broken down into steps with
checkpoints.
Still, given the above hypothetical case, this function is only served
as a sanity check.
FinishedSnapshotWrites() now requires all snapshots to be mapped before
calling. Hence, tests needs to be fixed:
- For SnapshotTest (that tests SnapshotManager private APIs), map
snapshot before calling FinishedSnapshotWrites().
- Factor out common code in SnapshotTest (PrepareOneSnapshot and
SimulateReboot)
- For SnapshotUpdateTest and children, add MapUpdateSnapshots() helper
and map all snapshots before calling FinishedSnapshotWrites().
Test: libsnapshot_test
Bug: 145180464
Change-Id: I3558dd1615059ba27f369c27af22e3c686e392f7
Add libsnapshot_test_helpers for update engine tests
to properly set up depended modules.
Test: update_engine_unittests
Test: libsnapshot_test
Change-Id: Idd90a74cd6fb489f6ae14f44493b2288205c4a94
... by writing to a temporary file then rename()'ing it
back.
Test: libsnapshot_test
Bug: 144549076
Change-Id: Ide400aff8d67d56d422d0adea3a4f1673ebc9994
We used to flock() on /metadata/ota/state to ensure
atomic access. However, writing the file itself is
not necessary atomic and may lead to inconsistent
states.
This change redirects flock() to the outer directory, /metadata/ota,
which is very likely to exist (see exception below).
flock() is called on this directory instead of /state. This allows
a follow-up change to turn all writes to the /metadata partition
atomic.
Note: /metadata/ota may not exist during first boot after a flash
with wipe. However, first_stage_init always checks existence of
boot indicator before even trying to flock() (via
IsSnapshotManagerNeeded() and NeedSnapshotsInFirstStageMount()). If
the boot indicator exists, /metadata/ota must exist as well.
Also add tests to ensure LockExclusive() and LockShared() works as
expected.
Test: libsnapshot_test
Test: apply OTA from older build to this, then reboot
Bug: 144549076
Change-Id: Ib4dd9e9be1a43013c328e181b9398ac0b514dbce
