SnapshotManager::New() is now preferred in recovery. Previously we used
NewForFirstStageMount(), which is technically incorrect as that enables
code paths specifically for first-stage init.
We also explicitly label the snapuserd context, since rootfs in recovery
has unlabelled files.
Finally, we add a timeout to internal calls to
CreateSnapshotsAndLogicalPartitions. Without this, WaitForDevice() calls
will terminate immediately, which breaks VABC given the more complex
device stacking that is created.
Bug: 168258606
Test: fastboot snapshot-update merge
Change-Id: I3a663b95c0b1eabaf14e6fde409c6902653c3c5e
I'm getting this error:
[ FAILED ] /cache/overlay wipe
If /cache is not mounted, in which case it would be RO and empty, then
don't try to do `rm -rf /cache/overlay` as it would fail.
If /cache is RO and /cache/overlay doesn't exist, then `rm -f` would
fail, albeit the "-f" flag, this is a toybox bug.
Check file path existence before `rm`-ing so we don't trigger this error.
Change `ls <type> <path>` to `test <type> <path>` for robust checking.
Bug: 178683776
Bug: 165925766
Bug: 178771232
Test: adb-remount-test.sh on GSI + Pixel
Change-Id: Ie95de690d96146892127ab11a461d80cb6cb56fa
By accident, this was mounting partitions as well, which caused
conflicts in partial updates where some partitions don't have snapshots.
Test: update_device.py with partial OTA
Change-Id: I2db0e6269f0a02cbe8164fa2a72b887c352f56d8
There more output lines of `avbtool` now, adjusts the expected
output of `avbtool info_image --image test.img` in the test
cases.
Bug: 178215452
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Change-Id: I924d6d97ef0a4c19c93017c2491bf251dfc51cae
Simulate merge interruption and merge restart and
validate the data once entire merge is completed.
Bug: 167409187
Test: cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ia940d5fbd2426bdf13347ffb6637d753b2228de6
If executing `adb remount -R` and DSU is running but disabled, then
enable the DSU (one-shot mode) so that the reboot afterwards would stay
within the DSU guest system.
Normally reboot within a DSU guest system would bring the device back to
the host system. However when doing adb remount -R, we actually doesn't
want to exit DSU, but wish to reboot back into DSU guest system again
with remount machinery (overlayfs) properly set up.
Also sort the header include order.
Bug: 165925766
Test: Within a DSU guest system, DSU disabled, adb remount -R
=> After reboot, system is DSU and overlayfs is mounted
Test: adb-remount-test.sh within DSU guest system
Change-Id: I72a7a568e985b183d357ae6e1a7d0113e9921200
securityfs /sys/kernel/security securityfs rw,relatime 0 0
is causing the noatime check in adb-remount-test.sh to fail.
Bug: 165925766
Test: Create an aosp_cf_x86_phone-userdebug AVD && adb-remount-test.sh
Test: Use DSU to install GSI on the AVD && adb-remount-test.sh
Change-Id: Ibae0d4bbbbc78fb74f4ad82f2313251598c77f72
Snapuserd daemon parses the merge completion request based on
how the dm-snapshot merge is done. dm-snapshot marks the merge as
complete by zeroing out the metadata viz old-chunk and new-chunk id's.
If we have a sector 0 operation such as copy/replace op,
then old-chunk id will be 0 and new-chunk id will be a non-zero
pseudo number. Once the merge is complete, then old-chunk and new-chunk will be 0.
The problem is that daemon used to track the merge completion just by checking
if old-chunk was non-zero. This check is not sufficient and ends up
tripping the assert in the daemon.
Bug: 178061207
Test: Modify cow_snapuserd_test to test this case and validate the
IO path.
Reported-by: Kelvin Zhang <zhangkelvin@google.com>
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I6603af1c7b55e487dc3aec0c30c0a9dea0fedb56
This is used in cts tests to verify that algorithms in blocklist aren't
used to build the hashtree. The system properties are required to perform
the check on unrooted devices.
Bug: 175236047
Test: flash, getprop; atest CtsNativeVerifiedBootTestCases
Change-Id: I2dcfdb06f85dbe92cde45e836dd68e7bd835020f
If a partition shrinks in an update, it must be merged before any other
partitions. Otherwise, a copy operation may source from the tail of the
shrunk partition, which could be overwritten by a merge operation in
another partition.
This patch adds a "MergePhase" indicator to the update status that is
valid only when the state is MERGING. Partitions that shrink are merged
first, and the phase will be FIRST_PHASE. Once ProcessUpdateState() has
determined that all first-phase snapshots are merged, it will switch to
SECOND_PHASE and remaining snapshots can start merging.
Otherwise, there is no change to the merge algorithm. The phase split is
an implementation detail and not exposed to update_engine.
Bug: 177935716
Test: vts_libsnapshot_test
Change-Id: I06043f8e3b81bdecefb6a4b5944a97b7086eeb49
When a partition shrinks, it is not correct to use the base device as
the "source" device for the new COW format, because we may need to read
blocks that do not exist in the new partition.
To resolve this, we store a copy of the old partition layout in /metadata,
and use it to create a "source" view of the old partition. The new
stacking looks as follows:
partition_b (dm-snapshot):
- partition_b-base (partition_b dm-linear)
- partition_b-cow-user (dm-user + snapuserd):
- partition_b-cow (COW image)
- partition_b-src (partition_a dm-linear)
Bug: 177935716
Test: vts_libsnapshot_test
Change-Id: I872f271cc1f25cc796b94188fdde247cdc4050b4
VAB has an unused optimization that allows bypassing snapshots for the
area of a partition that grows during an OTA. The code for this is
entirely unused since the optimization was never enabled. The benefits
are marginal, and making it safe is quite complicated. The "new" region
cannot overlap with any region being relinquished by a shrink operation,
without snapshotting the region that would be overwritten. This would be
burdensome to implement and would minimize space savings.
Let's remove the code related to this optimization until we are
confident we can implement it safely in VABC.
Bug: 177935716
Test: vts_libsnapshot_test
Change-Id: I7d6a68dce57c8a4389ea6bff9f31971276a20db4
The test uses 'external/avb/test/data/testkey_rsa2048.pem' from the
source tree, which is not available when running the test. Copy
the test key with the test case in Android.bp to fix the issue.
Bug: 177906739
Test: atest libvbmeta_test
Change-Id: I528dcdc5b48ed4af36ddd360380eb39631ff4317
This fix is to keep the dm line in the status file and let the
UnmapImageDevice to clean up correctly.
Bug: 171861574
Test: execute following command on a device with a SD card inserted
adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 4294967296
Change-Id: Ia56f8f724f04e7e20586e088c89b62a1068766e4
The sector count can decrease as the merge progresses, so we only care
that the sector count is less than or equal to the device size.
Bug: N/A
Test: reboot during VABC merge
Change-Id: I1da956456ea28ca0fdfbf9373848987c9f71ff68
This bit was getting lost because InitiateMerge() did not save the
compression bit when overwriting the update state.
Bug: N/A
Test: vts_libsnapshot_test
Test: reboot during merge phase of VABC OTA
Change-Id: I1a2219b501088de352a9c31d4b8b1a3f72d0e159
WaitForDelete is supposed to block until close() has been called on the
COW image. However, it could race with the destructor for Snapuserd
since nothing guaranteed it was freed within the global lock.
This patch fixes the bug and refactors the surrounding code to make the
responsibilities of each thread clearer.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Icfc264e6dff378db585c81cde381cc24269f4800
Grouping metadata into clusters decreases the overhead occured by extra
reads. Assuming a constant added cost with reads, we currently measure
this to be around 1.2 microseconds. For an entire OTA, this can add up
to several seconds of time. Setting the cluster size to 200 removes
99.5% of that extra time, while adding 20 bytes per 200 ops, as well as
up to 200*20 byes (4kb) unused space near the end of the file, although
it would be half of that on average. We save 99.5% of the overhead of
separate reads for a 0.5% space increase.
We've opted for a change to the default so that tools that estimate cow
size and any others will automatically be kept up to date, without
needing to update the value everywhere.
Bug: 172026020
Test: cow_api_test
Change-Id: Id4525cf2abfecf4691b46588823cb3cb4f6234d9
* changes:
libsnapshot: Fix tests that depend on PrepareOneSnapshot().
libsnapshot: Ensure dm-user devices are destroyed after a merge.
libsnapshot: Fix tests for mapping snapshots in first-stage init.
init: Add an selinux transition for snapuserd.
PrepareOneSnapshot was hardcoded in a way that only worked with
pre-compression devices. This patch makes it use the public API and
supported update flow.
One test, SnapshotTest.Merge, now uses OpenSnapshotWriter instead of
MapUpdateSnapshot. There are still other tests using the old API call.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Iec4bf6efe6a82e1f90b81fa4211201845ebabe62
Also, make sure snapuserd has closed its references. This is preventing
the merge from completing until a reboot.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Iba18f887bdb262c630ec44461871e19fe64dbf3c
