prepare_fs_for_mount() attempts to mount() the block device at the
mount_point, so it must be created beforehand, as opposed to later in
__mount() where it is done now.
Also fix slight bugs with using fstab.mount_point instead of an
alternative specified mount_point.
Test: boot
Change-Id: I758b6a6efe2dd99433fc1974b69cb6f7ce3bc0c2
Handle flush operations by dm-snap post merge and
the ABI changes from dm-user. This
is now in sync with the latest dm-user patch (patch 25).
In case of any failures observed in daemon in the IO
path, return error code back to dm-user which
will eventually fail the IO.
Bug: 168311203
Test: vts_libsnapshot_test, cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I4af63845f8c3e1c445f6c55374ea58b6f3454795
This provides a block device via dm-user, with all accesses backed by
in-memory storage. It's essentially the same as what I have in
selftests, with the kselftests stuff removed so it'll build in Android.
Test: mkfs.f2fs, dd, fsck.f2fs
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I68515d6e9001c2f6d199d394e67ebe528b382406
* changes:
init: Always create and restorecon /dev/dm-user.
libsnapshot: Get DaemonTransition test passing again.
libsnapshot: Move first-stage pid var constant into IDeviceInfo.
Add the matadata directory for the non-VAB device to eliminate the
following init error logs:
[ 1.891172] init: [libfs_mgr]check_fs():
mount(/dev/block/by-name/metadata,/metadata,ext4)=-1: No such
file or directory
Test: dmesg | grep metadata | grep "No such file or directory"
Change-Id: Ie4db10bd3cbc194d05e64ffb954f1956db2321c6
Signed-off-by: lijiazi <lijiazi@xiaomi.com>
If device specifies moving AVB keys to vendor ramdisk, but
doesn't have a dedicated recovery partition, install to
vendor-ramdisk/first_stage_ramdisk.
Test: manual
Bug: 156098440
Change-Id: I05a8731236996dda0d1ab3c09828f7dac46f4ac7
The discussion on LKML is converging on v16 of the fault address tag
bits patch [1]. In this version of the patch the presence of the tag
bits in si_addr is controlled by a sa_flags bit, and a protocol is
introduced to allow userspace to detect kernel support for sa_flags
bits. Update the tombstone signal handler to use this API to read
the tag bits, update the interceptors in libsigchain to implement
the flag support detection protocol and hide the tag bits in si_addr
from chained signal handlers that did not request them to match the
kernel behavior.
[1] https://lore.kernel.org/linux-arm-kernel/cover.1605235762.git.pcc@google.com/
Change-Id: I57f24c07c01ceb3e5b81cfc15edf559ef7dfc740
Dynamically creating /dev/dm-user makes it difficult to set an inotify
watch for child devices to appear. It requires having an additional
watch on /dev, and more complicated sepolicy as a result.
Bug: 168554689
Test: full OTA with VABC enabled
Change-Id: I0cdef3d5a953a372446ff4e539a25a7b5314500d
/data/rollback-history is used to store deleted rollbacks
for debugging purpose.
Bug: 172644981
Test: Boot device without this, then try to boot with it without wiping.
Change-Id: I79da5190aad455448ccd73fe42abdc79b3649e86
This fixes a number of small bugs in libsnapshot. It also refactors the
handler list a bit. Previously, it was a list of unique_ptrs. Now it is
a list of shared_ptrs to simplify ownership.
Additionally, Snapuserd is now keyed solely on the misc device name.
This allows two identical snapshots to run in the same daemon, with
different control names (a scenario that comes up in the
DaemonTransition test). As part of this change, the two-stage
initialization process has been refactored slightly. The "init" message
sets all the device paths, and the "start" message needs only the misc
name.
Both the init and start messages now validate that no duplicate handlers
exist, and that we're not overwriting any previous thread.
This cleanup also fixes a bug in DmUserHandler cleanup - if a control
device shut down raced with WaitForDelete(), the std::thread object
would delete without a call to detach() or join(). In the new
RemoveHandler(), we now correctly detach() in this scenario.
This also fixes a bug where, if a COW had no partition component (it
only resided on /data), the second-stage transition would fail because
it used the wrong device-mapper name.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Ib4a281a3b5fe665c727c7077672e3c6b0b3abdba
This will fail in vts_libsnapshot_test because the pid isn't set (and
even if it was, we don't want to kill any running snapuserd instances).
Rather than start an instance just for the sake of killing it, use
dependency injection instead.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: I1569f927e018319cf4008673a32d5526573d8d57
To make sure it's always called after apexd has run.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: Iaff175dea6a658523cdedb8b6894ca23af62bcbf
This simplifies the footer and label resume system for COW files.
Previously, a footer could be missing, and we'd try to recover the file.
Any ops we could recover were handed off to the CowWriter, which then
searched up to the correct resume label.
In the new model, a reader is opened with an optional label (resume
mode), or without a label.
When resuming to a label, a footer is optional. The read is terminated
by EOF, discovery of the requested label, or the presence of a footer.
However the requested label must be found, and parsing fails if it is
not found.
When opening a COW without a label, the footer must be present, as this
signals the file was successfully flushed. Parsing fails if no footer is
found.
Bug: N/A
Test: cow_api_test
full OTA with VABC
Change-Id: Ie79ab5259f532dd16c72f0e42da7568c5c5c4623
When we're writing to a block device, we can't truncate. Ignore those
commands. Truncate mostly just saves time in the read phase by chopping
off unused data in the event finalize wasn't called.
Bug: 172026020
Test: cow_api_test
Change-Id: I3befc71fa9597edf8243d0f9e17440db91409aea
Reduces disk space usage for commonly used libraries by merging coverage
data across processes.
Bug: 171338125
Test: Forrest run of coverage tests
Change-Id: I2b9e94871fc5d66971c5b7e725b296bcd721ccf2
dm-user device requires sector information which is retrieved
from snapuserd daemon once the metadata read is completed.
Split up the initialization of daemon into two APIs. Once
the metadata read is completed, send the sector information
back to libsnapshot to create the dm-user device.
On a sidenote, remove unused code from snapuserd_client
Bug: 168311203
Test: vts_libsnapshot_test, cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I0647ebbeea3a4705599966974bfec2318a3e1e4e
Clang's static analyzer flagged the following potential null pointer
dereferences. Looks like a transitive caller of this function has
```
if (change) *change = foo;
```
...and no nullness checks between that and these unconditional
assignments to `*change`.
> system/core/fs_mgr/fs_mgr_overlayfs.cpp:1100:13: warning: Dereference
of null pointer (loaded from variable 'change')
[clang-analyzer-core.NullDereference] >
system/core/fs_mgr/fs_mgr_overlayfs.cpp:1167:17: warning: Dereference of
null pointer (loaded from variable 'change')
[clang-analyzer-core.NullDereference]
Bug: None
Test: TreeHugger
Change-Id: I656e3b0f56b18ec3ca3d1db773feb81adf163122
Handle write IO during snapshot merge. When merge
is completed, dm-snapshot-merge issues WRITE IO
to indicate the completion of merge for a specific
operation. Snapuserd daemon tracks the merge completion
process in the COW header; this is required to handle
resuming merge operation gracefully if there is a crash
during merge.
Bug: 168311203
Test: vts_libsnapshot_test, cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I4fc8cc23a6ec5b26b7ae3339212efdd3b9a367e8
This is required for merge IO path. During merge process,
kernel scans the metadata page from backwards when merge
is initiated. Since, merge ordering should follow our internal
COW format, read the COW operations from backwards and populate the metadata.
Additionally, Kernel can merge successive operations if the two chunk IDs
are contiguous. This can be problematic when there is a crash
during merge; specifically when the merge operation has dependency.
These dependencies can only happen during copy operations of the
overlapping regions. To avoid this problem, we make sure that
copy operations are merged individually.
Test: cow_snapuserd_test
Bug: 168311203
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ic9c52b323ce58af897cfa343bf9277c8f1f022e3
If host system is Android Q and guest system is S, then reenable DSU in
the guest system (`adb shell gsi_tool enable -s`) would create an empty
DSU active indicator file.
In this case, use the default slot name "DSU" if DSU active indicator
file is non-existent or empty.
Bug: 172541102
Bug: 168571434
Test: Boot GSI S on Pixel Q with DSU
Test: Verify reenable DSU works
Test: adb shell gsi_tool enable -s && adb reboot
Change-Id: Ie59e4378d1aa4dca085c399a75abd4e662340030
