Rather than using some implicit naming scheme, we've decided to just let
userspace pick whatever control device naming scheme it wants. This requires
an additional argument to be passed to the kernel.
Test: cow_snapuserd_test
Bug: 168259959
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: Ibf7f378b67abb6ca7457a9fdc9b8739e3d31bee3
Signed-off-by: Akilesh Kailash <akailash@google.com>
Add basic support for daemon creation and handle signals
Test: Add test case to test system and product COW partitions
Bug: 162790322
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Icf8dbe49d2237cec6f7dbcdd84256eb6c5afa1cd
This makes looking up device UUIDs a bit easier, as rather than depending on
the device mapper's sysfs layout we can depend on dmctl. There's some
associated libdm plumbing, but the UUID was already pretty much availiable.
Test: I just ran this by hand.
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I7028eec6ab04601308047b67057e51a0ff44c0a7
Right now this is open-coded. As the API stabilizes it will be
integrated into libdm.
Bug: 154536437
Test: manual test
Change-Id: I07bb811b6fb80d85d55e218d788023634c8158b7
dm-user is very much a WIP and while this may change (we need to figure out how
to get credentials to the dm-user daemon, for example) it seems like a somewhat
safe bet to assume that the behavior will at least include a start/end range.
Test: I just ran "dmctl create palmer user 0 1024", which created the device.
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: Ic5f84de6a4f09bf906246035d450edd637cc38ed
Fix block-level checkpointing to work correctly when used in combination with
512 byte hardware sectors and metadata encryption with dm-default-key v2.
Bug: 153512828
Test: Parameter is passed to dm-bow based on first_api_level
Change-Id: Ic0a071221559271db20b06b2f17459b5b041e02d
When delivering single-stage, non-AB OTAs, the updater binary is built
on a newer OS than recovery is compiled with. libdm relies on newer ueventd
behavior which therefore breaks this model. As a workaround, we allow
libdm to fallback to the old ueventd logic if the following conditions
hold true: (1) we're in recovery, (2) the device is not an AB device,
and (3) the release is <= 10.
Since the old ueventd behavior can lead to races in libdm, this fallback
should stay as narrow as possible.
Bug: 156536673
Bug: 155202260
Test: manual test
Change-Id: I7f9da49e4ba8dfe165e0923d9918827d51d090cd
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL moves all tests in vts-core to vts.
It won't change test logic or behavior.
Change-Id: I24779951257ce37fc18929f214d3cf5f76c23a19
Merged-In: I24779951257ce37fc18929f214d3cf5f76c23a19
To make it easier to support disk formats created using old versions
of dm-default-key with new kernels, stop checking the kernel module
version; instead, the caller decides whether to use the old or new
options format.
Bug: 150761030
Test: crosshatch and cuttlefish boot normally; cuttlefish
fails with "default-key: Not enough arguments" as expected when
option is set to 1
Change-Id: I810bb7e085b9b8648858de1a02165162d1fd163e
WaitForFile/WaitForDeletedFile both early return true if an error like
EPERM occurs. This was intentional because the code was modeled off
earlier fs_mgr code, but it makes libdm inherently racy if sepolicy is
not configured correctly. It's better to have these result in explicit
and consistent failures.
Bug: 148103327
Test: fastboot flashall
Change-Id: I0c78818962e1db91b556e523c418db28f7d78fae
Merged-In: I0c78818962e1db91b556e523c418db28f7d78fae
Change metadata_cipher fstab option to metadata_encryption
that includes encryption flags in addition to the cipher.
wrappedkey_v0 encryption flag is used to denote that the
inline encryption hardware supports wrapped keys. dm-default-key
device is created and a wrappedkey is provided along with the
optional wrappedkey_v0 argument.
Bug: 147733587
Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel and metadata encryption with wrapped key.
Change-Id: Id1a18db175680dd6b0adb4594d06566eb1285785
Also add libdm_test to the TEST_MAPPING's presubmit of fs_mgr to run the
test on TH whenever changes are applied to the fs_mgr contents.
Test: TH
Bug: none
Change-Id: Icc6adeeacaefbcfeb494f37fc776eb5a886a5183
Signed-off-by: Alessio Balsini <balsini@google.com>
Due to some recent code updates that introduced some additional
extra_argv, the DmTargetDefaultKey::GetParameterString() test was
failing.
Update the string accordingly.
Bug: none
Test: libdm_test
Change-Id: I63fab27e32a08211a43d4804d90a6f19ea4edc06
Signed-off-by: Alessio Balsini <balsini@google.com>
Version 2 of dm-default-key has an extra parameter and always sets the
DUN.
Bug: 147814592
Test: Cuttlefish boots with keydirectory flag
Test: Crosshatch formatted before this change boots after it
Change-Id: I309bcc3f907a6df745f5c073b0017a7dd5b5354b
Make sure CoW device doesn't overflow. Otherwise, data previously
written to snapshot device may be overwritten.
This check acts as a safety guard to bug like b/145180464, where
the computed CoW device size is less than required, but cannot be
caught by FilesystemVerifierAction in update_engine.
Note that this is a sanity check. It doesn't prevent the following:
(1) write a snapshot until it overflows
(2) unmap and re-map the snapshot
(3) Call FinishedSnapshotWrites()
When a snapshot is re-mapped, DeviceMapper::GetTableStatus() won't
return "Overflow".
However, update_engine always writes the full hashtree / FEC / etc.
data (outside of |PartitionUpdate.operations|), calls
FinishedSnapshotWrites(), and then writes the checkpoint. If the process
is interrupted, update_engine does the full FilesystemVerifierAction
from the beginning. Snapshots aren't remapped during the process. Hence,
the hypothetical case above won't happen in reality (at time of writing)
until FilesystemVerifierAction is broken down into steps with
checkpoints.
Still, given the above hypothetical case, this function is only served
as a sanity check.
FinishedSnapshotWrites() now requires all snapshots to be mapped before
calling. Hence, tests needs to be fixed:
- For SnapshotTest (that tests SnapshotManager private APIs), map
snapshot before calling FinishedSnapshotWrites().
- Factor out common code in SnapshotTest (PrepareOneSnapshot and
SimulateReboot)
- For SnapshotUpdateTest and children, add MapUpdateSnapshots() helper
and map all snapshots before calling FinishedSnapshotWrites().
Test: libsnapshot_test
Bug: 145180464
Change-Id: I3558dd1615059ba27f369c27af22e3c686e392f7
This API is an attempt to consolidate dm-stack unwinding logic
re-implemented in several different places (libfsmgr, libfstab,
libfiemap, etc.).
Test: libdm_test
Bug: 135984674
Change-Id: I9672d4c1e882824ef980667818d4c3aabcb82e1f
In some scenarios (e.g. apexd or userspace reboot), dm-devices are
getting deleted and re-created. Since this operation can be racy (newly
created device can get the same path as the previously deleted one,
resulting in the unexpected ENOENT errors on a system call to the path),
it will be nice to have an API that blocks until ueventd processes
corresponding udev events.
Test: libdm_test
Bug: 143970043
Bug: 122059364
Change-Id: I31a19afd9e245bf5e3554011bdde1c3cc4878f1c
The fuzzer name "dm_table_fuzzer" was too generic. Looking forward to an
extension to host tests where each fuzzer name should be considered a
unique identifier, change the fuzzer name to, "dm_linear_table_fuzzer".
Fix also the syntax of sizeof(array) declaration.
Bug: none
Test: dm_linear_table_fuzzer
Change-Id: Iaa0ee9a0eb1352f0c5269b07198d0a34d8fb3254
Signed-off-by: Alessio Balsini <balsini@google.com>
Create a fuzzer that fuzzes the parameters used for the creation
of dm-linear tables through libdm.
This fuzzer is based on libdm::DmLinear.
Bug: none
Test: dm_linear_fuzzer
Change-Id: I052144c6eb0db4fa6a37b5e54fbcb8193e5dc88f
Signed-off-by: Alessio Balsini <balsini@google.com>
TempDevice is useful class for tests, move it to test_util.h to improve
its visibility and make it usable by other tests.
Bug: none
Test: none
Change-Id: Idad5667844b10559b24f8f5e657e47d99e14209e
Signed-off-by: Alessio Balsini <balsini@google.com>
Remove the extra folder of vts_core for vts_core_liblp_test and
vts_libdm_test since we have a better auto-gen option of auto_gen_config.
Bug: 141684102
Test: 1. m -j vts_core_liblp_test
2. m -j vts_libdm_test
3. check out/.../vts_core_liblp_test.config
and
out/.../vts_libdm_test.config
Change-Id: Ibcdf96104205b50b3da522364199330ad0190c70
Add libdm_test to vts-core suite and skip the test if the
first-api-level < 29.
Bug: 132702215
Test: atest vts_libdm_test
Change-Id: Ic805a4c08e5bf9f6c69019d4ea01825ae888e1fe
This implements InitiateMerge() and WaitForMerge(). InitiateMerge() is
meant to be called after an update has been marked successful.
WaitForMerge() is designed to be called either: immediately after
InitiateMerge, or during each subsequent boot where merging has not
completed.
InitiateMerge converts each snapshot device to a snapshot-merge device.
WaitForMerge polls each snapshot-merge device until no device reports a
"merging" state. One of the following states can result from this:
- MergeFailed. This will happen if any device failed to merge, or we
were unable to poll, or any other system-level failure occurred.
- MergeNeedsReboot. This will happen if a snapshot-merge device has
completed merging, but we were unable to clean it up due to something
holding a resource open.
- MergeCompleted. This indicates that all snapshots completed merging
and were cleaned up.
If WaitForMerge() returns MergeCompleted, then all snapshots have been
removed and a new update can begin. GetUpdateState() will return None.
MergeFailed and MergeNeedsReboot, on the other hand, are "sticky". They
indicate a merge is still pending. When called again, WaitForMerge()
will poll again to attempt to make more progress in the merge. For
NeedsReboot, a single reboot will ensure all resources are released and
the next WaitForMerge() will successfully finish cleanup. In the failure
case, it is unlikely the next WaitForMerge will succeed, but we always
retry anyway (there is no harm in doing so, and if we get lucky, the
device can take more OTAs).
Bug: 136678799
Test: libsnapshot_test gtests
Change-Id: I5e93fcbffee1973da5ff76363df12d6317a7a7c7
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
Computes the merge completion percentage from the sector information.
Provided test for the function.
Change-Id: I64d83baa0478f9e6969636ee067174910d9b8e03
Bug: N/A
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Simplify the argument parsing of DmTargetSnapshot::ParseStatusText() and
improve its robustness when dealing with wrong imputs.
Add test for DmTargetSnapshot::ParseStatusText().
Change-Id: I7f078c9ecacb402e71db49e3e7072e37cffbc234
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Fetch detailed information for devices through its flags and store in
helper Info class, i.e.:
- active
- access
- activeTable
- inactiveTable
- bufferFull
Change-Id: I3241c5bca00e038d19f99390f40710ca7cff8456
Bug: 137759376
Test: manual test
Signed-off-by: Alessio Balsini <balsini@google.com>
In some cases it would be required to suspend the device to succesfully
complete some operations. An example is the suspension of the origin
device that is necessary to avoid data corruption when merging a
snapshot.
Introduce suspend and resume ioctls in libdm.
Bug: 137759376
Test: libdm_test
Change-Id: Id2ff34e930a8b32e570cb9f49da9cc3f65cb499c
Signed-off-by: Alessio Balsini <balsini@google.com>
This fixes two race conditions in LoopControl::Attach(). The first is
that after LOOP_CTL_GET_FREE, the path is not be available until it has
been processed by ueventd. This can be fixed by adding a timeout
parameter and a call to WaitForFile().
Second, it is possible (albeit unlikely), given that loop devices are
now being used more aggressively, that two processes race when
attempting LOOP_SET_FD. In this case, one process will win, and the
other will fail with EBUSY. We can handle this case by retrying the
operation while respecting the same timeout parameter.
Bug: 135771280
Test: libdm_test gtest
Change-Id: Icf9facc3ca28fdb6ff5c78612d3dc183fa47b1f3
This fixes a race condition where WaitForFile() after
GetDmDevicePathByName appears to succeed, but a subsequent operation on
the path fails. This can happen when CreateDevice() is called
immediately after a call to DeleteDevice (from any process), and the
path is re-used, enqueuing udev events to remove and re-add the block
device.
The fix for this is to introduce a new variant of CreateDevice() that
has a timeout parameter. When the timeout is positive, CreateDevice()
will wait for a /dev/block/mapper/by-uuid symlink to be created, which
signals that ueventd has finished processing the operation.
ueventd will now create these by-uuid symlinks for device-mapper nodes.
Unfortunately, the uuid is only available during "change" events, so we
have to special case device-mapper symlink creation. And since the uuid
is not available during "remove" events, we simply find matching links
to remove them.
This ensures that callers of CreateDevice() can use the device path
knowing that no asynchronous removals are pending. Code that uses the
old CreateDevice+WaitForFile pattern will be transitioned to the new
method.
Note that it is safe to ignore the timeout, or to use the "unsafe"
CreateDevice, if the caller ensures the path by other means. For example
first-stage init has no device removal, and regenerates uevents until
it has acquired all the paths it needs.
Finally, since libdm now inspects sysfs unconditionally, libdm consumers
need r_dir_file perms for sysfs_dm in their sepolicy. Additionally
linking to libdm now requires linking to libext2_uuid.
Bug: 135771280
Test: libdm_test
device flashes, boots
Change-Id: If5a7383ea38f32a7fbbcf24842dce6a668050a70
android-base:
* Add NOLINT for expanding namespace std for std::string* ostream
overload
libdm:
* Fix missing parentesis around macro parameters
init:
* Fix missing CLOEXEC usage and add NOLINT for the intended
usages.
* Fix missing parentesis around macro parameters
* Fix erase() / remove_if() idiom
* Correctly specific unsigned char when intended
* 'namespace flags' should be signed, since 'flags' it signed for
clone()
* Add clear to property restore vector<string> to empty after move
* Explicit comparison against 0 for strcmp
Test: build
Change-Id: I8c31dafda2c43ebc5aa50124cbbd6e23ed2c4101
Normally we reject complex dm targets that would invalidate or shift the
block mappings returned via FIEMAP/FIBMAP. Currently the only targets
allowed are crypt, default-key, and bow. This patch adds support for
"linear" as long as there is only one linear target and it targets
sector 0 of the underlying block device.
This is useful for testing gsid, so we can simulate how a
metadata-encrypted device works without having to create a dm-crypt or
dm-default-key node.
Bug: 134536978
Test: manual test
Change-Id: I7c12bc20d95ff4c90402e66bafb4cf2fce7818e2
device-mapper will accept a "major:minor" string in place of a path for
any target parameter that specifies another block devie. This is useful
to have a helper for, since it lets us avoid a call to WaitForFile().
Bug: 134536978
Test: manual test
Change-Id: I13fd6699dd5d405bfa676830825b006b7810aa0f
