Const version of GetEntryForMountPoint() accepts a pointer to const
Fstab and returns a pointer to const FstabEntry.
In order to refrain from adding more boilderplate, simplify the
implementation of GetEntryForMountPoint() to "return first entry of
GetEntriesForMountPoint()". The added overhead should be negligible as
fstab is usually small (around dozens of entries max), so iterating the
whole list is not computationally expensive.
Also templatize the implementation of GetEntriesByPred() to reduce the
amount of boilerplate.
Bug: 243501054
Test: Presubmit
Change-Id: I046d61d68385825656bb7bc7177c0d1d3e8b36e1
COW operations are written in cluster. All the COW ops
and the COW data in this cluster are contiguous. Hence,
batch these writes and write them in one syscall.
Writes are done when the cluster is full or when
label ops are written.
OTA install time (without post-install) on Pixel 6 Pro:
Without-this-patch With-this-patch
Full OTA: 17 Minutes 13 Minutes
Following are the OTA install times with both the optimization.
viz - batch writes + 2 threads for compression.
OTA install (without post-install) on Pixel 6 Pro.
All numbers are in minutes.
Full ota - 2.2G
Compression Without-this-patch With-this-patch
=========================================================
gz 23 13
lz4 13 7
none 13 7
Incremental OTA - 376M
Compression Without-this-patch With-this-patch
=========================================================
gz 22 16
lz4 14 11
none 15 11
Bug: 254188450
Test: Full / Incremental OTA on Pixel
Change-Id: Ie3aba1ff28a6569d25a766377efab6cbe78d9277
Signed-off-by: Akilesh Kailash <akailash@google.com>
Compression is a hot function in the install path. Use
two threads for compression.
By default, number of thread is set to 1. If the property,
"ro.virtual_ab.compression.threads" is true, the number
of threads is increased to 2.
OTA install time (without post-install) on Pixel 6 Pro with 2 threads:
Without-this-patch With-this-patch
Full OTA: 23 Minutes 17 Minutes
Bug: 254188450
Test: Full/Incremental OTA on Pixel
Change-Id: I4a11dca3a5ebfe11dcc7f0d882332d491f2d7933
Signed-off-by: Akilesh Kailash <akailash@google.com>
DM_DEV_CREATE no longer creates sysfs nodes. Note this in ueventd and
add some helper APIs to libdm, so devices can be created with a
placeholder table.
This also fixes a bug in dmctl where the detailed info on suspended
devices was wrong.
Bug: 259328366
Test: dmctl with "uevents" tool
Change-Id: I822f8010e48d32841aa0ee508822f76d03a3dd85
If device doesn't enable AVB altogether, then it might not have a vbmeta
partition at all. In this case, we shall ignore disable-verity errors.
We still disable verity unconditionally to keep the logic simple, but we
ignore any disable-verity error if AVB is not enabled in the first
place.
Bug: 241688845
Test: adb-remount-test on emulator
Test: Test remount on yukawa
Change-Id: Ifc763b3f0ca6989550c139a8c3a2308c9c2a7c3e
No matter verity is enabled or disabled, androidboot.veritymode is
always "enforcing" on emulator kernel cmdline.
This is a violation of the AVB contract:
https://cs.android.com/android/platform/superproject/+/master:external/avb/README.md#handling-dm-verity-errors
Before emulator can fix this, workaround this by checking the device
mapper table to see if verity is disabled or not.
If no "<partition>-verity" device is present, than assume verity is
already disabled.
Also log mountpoints that are successfully remounted.
Bug: 241688845
Bug: 259207493
Test: adb-remount-test
Test: Run adb remount on emulator
Change-Id: Id5767b05cbfb48adf2a8c372dfdad4d15b98e091
All errors are already logged and the exit code is not used anywhere by
anyone.
Functions should instead return (true/false) or
(EXIT_SUCCESS/EXIT_FAILURE) to indicate error state, and log error
reasons to logd and stderr.
Bug: 241688845
Test: adb-remount-test
Change-Id: Iba86a814a75f81ed0f6e43659d1aca72813824bc
ro.boot.vbmeta.* properties could be missing if device is verification
disabled.
Instead use ro.boot.verifiedbootstate to check device locked state.
No need to check ro.boot.vbmeta.digest, as we no longer support VB1.0.
In other words, all device running this piece of code must be using AVB.
Bug: 241688845
Test: adb-remount-test
Change-Id: If5d702ab3a6f12deef8204dba698e6c62eaae46f
We are calling avb_user_verity_set() _for each_ fstab entry in order to
disable verity. This is an artifact from back when each partition has
its own verity flag (VB1.0). Since AVB, the verity flag in vbmeta
affects all dm-verity device, thus we only need to call
avb_user_verity_set() once.
Bug: 241688845
Test: adb-remount-test
Change-Id: Ie5b788e2d34f83152228db62f84d26a32e2b26e0
On a device that don't use overlayfs remount (e.g. no EXT4 dup blocks;
this can be simulated by patching fs_mgr_wants_overlayfs()), if we run
disable-verity or enable-verity twice in a row then the second
invocation would not suggest a reboot:
adb disable-verity
> Successfully disabled verity
> Reboot to take effect...
adb disable-verity
> Verity is already disabled
^^^ this is WRONG! verity is disabled only after a reboot
It behaves like this because it suggest a reboot only if the vbmeta
verity (HASHTREE) flag is changed.
Read the ro.boot.veritymode property instead to determine the current
dm-verity state and suggest a reboot by comparing current and future
verity state:
* If AVB verification is disabled, then ro.boot.veritymode is undefined
(probably empty), don't suggest reboot in this case as it's pointless.
* Otherwise suggest a reboot if the new state (which would take effect
after reboot) differs from the current verity state.
* Reference:
https://android.googlesource.com/platform/external/avb/+/master/README.md#handling-dm_verity-errors
Bug: 241688845
Test: adb-remount-test
Test: Run "adb enable-verity" & "adb disable-verity" multiple times
Change-Id: If1df5bee6e5dcbda580b3dff6c32da93d08bbb46
This will change cow size estimation. But since we haven't put lz4 on
SAC website yet, we can still change it.
Bug: 228478555
Test: th
Change-Id: Ifba7107954622ea04cbd25115700dfba50cec9c6
rename() isn't necessarily atomic, call fsync() on the directory to
ensure that changes in fs structure hit the disk.
Test: th
Bug: 254211456
Change-Id: I2de842f03766a1108e0f54581738fb964989658a
Dedup fs_mgr_remount.cpp and set-verity-state.cpp by merging them
together and make '/system/bin/set-verity-state' a symlink to
'/system/bin/remount'.
Bug: 241688845
Test: adb-remount-test
Change-Id: I42a2344b9bdac112bf8767d428a99cb020267546
* Use the MyLogger class from set-verity-state.cpp and eliminate the
|verbose| global variable.
* Support specifying reboot() reason. Log error if reboot() failed to
reboot.
* Move precondition checks after all |argv| are processed. This way (-h)
help message can be shown w/o root user.
* Log "remount [succeeded|failed]" message before auto-reboot. Give
users a clear succeeded/failed message.
Bug: 241688845
Test: adb-remount-test
Change-Id: If45de2eba0d532632de43b19c797ffdeea90cd6d
This gives a more detailed message when we run out of cow space.
Also, previously, it's possible that the COW op metadata writes
successfully but op data fails due to out of space, resulting in a
broken COW image. After this change, we won't write anything unless
there's sufficient space for both OP metadata and block data. This makes
COW operations more atomic and easier to debug/inspect.
Test: th
Change-Id: I6c1347e91b4ec2d7e434b47a0f47b290e288e600
In non-A/B configurations system partitions often
have layout with not so much free space left, while having
large /cache partition.
In a dynamic partitions configuration 'remount' for backing
storage will user either:
-- /data partition, which is not guaranteed to have
enough space due to applications disk usage;
-- or super partition, which is tied to system images size
having a little room for growing.
At the same time, /cache is guaranteed to be free,
so non-A/B platform can force it to be used as
backing storage.
Test: remount
Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Change-Id: I68e621b884b2fe21a5c464b3deaf679186232eb3
These tests don't work because 32-bit dependencies are not normally
packaged on a 64-bit system.
Bug: N/A
Test: builds
Change-Id: I68859a9e9c029a528ee12c02569a3693261c7251
In CreateScratchOnData(), if backing image is allocated but failed to
map, then remove the backing image. Otherwise the unusable (unmappable)
image would waste a lot of space.
Bug: 255593675
Test: On device that don't support mapping gsid scratch,
run `adb remount` and then check that gsid scratch is removed and
scratch is allocated on super.
Test: TH run g3-app-compat-main
Change-Id: I0c01c2fd93a30ac0e46f4350c900403337530406
Allow us to check if check_at_most_once is set for any partitions.
This property should be false for any device with a reasonable amount of
RAM and a modern CPU. Enabling check_at_most_once violates AVB best
practices, it should only be allowed on performance limited devices.
Bug: 253033920
Test: Ensure that avbHashtreeNotUsingSha1 CTS test still passes
and that partition.system.verified.check_at_most_once is set.
Change-Id: I8174adf81111cc0df547ea01f81b0dfaca32631f
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
b/255593675 showed that gsid can fail to allocate scratch on /data on
some device configurations. Before we can locate the root cause,
gracefully fallback to previous "scratch-on-super" logic in case of
error.
Bug: 255593675
Test: Presubmit
Test: manual test
Change-Id: I229ab51f11fa354a6f231c4d083dd6329d6a9579
The only use case of storing COW operations in memory
was to calculate SHA256 sum during Finalize() - However,
we haven't been doing that since day one of libsnapshot_cow library.
This consumes peak memory ~14mb on an incremental OTA which has 700k+
COW operations writes on one partition.
We can rather use this memory for Async operations where we will have
to cache the buffers.
Bug: 254188450
Test: Incremental OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I2165ed95ff26a9dfb465dc3120df61bb02eee27b
The test-blank-ota command is for iterating on changes to snapuserd or
the Virtual A/B boot flow, which is normally very time consuming to
test.
It works by creating a partial OTA outside of update_engine, purely
through SnapshotManager calls. Every partition except system is
preserved. system is "updated" entirely with copy operations. The entire
"OTA" takes about ten seconds.
Tested on cuttlefish, but a physical device should work as long as
physical partitions are flashed to both slots beforehand.
The big limitation is that since update_engine does not run, there is no
merge action on reboot. This can be done manually with "snapshotctl
merge" however.
This type of tool could be easily used in the future for quickly testing
specific bugs or performance ideas in snapuserd.
Bug: N/A
Test: launch_cvd
adb wait-for-device root
adb shell snapshotctl test-blank-ota
adb reboot
adb wait-for-device root
adb shell snapshotctl dump
Change-Id: I5911440cbe14ee909905a0b0fc17da95ba4c5d68
These functions contain complex logic and parse user input. It shall be
valuable to fuzz these functions to prevent regression.
Bug: 254832225
Test: Build and run the fuzzer
Change-Id: I21099c3fc1c226f95a0f8f996bb751030e0c59bc
If the copy blocks are contiguous, add a third
argument which takes the number of blocks
which are contiguous. With this, update engine
can call the API in one shot for all the
contiguous COPY operations.
This is required for batching the I/O
for async writes.
This should still continue to support the existing
API where we pass one COPY block at a time.
Bug: 254188450
Test: Incremental OTA from A->B with new API changes in A
Incremental OTA from A->B with plain VAB
cow_api_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I7edc52a152e02de28a44ef1dc2c88b76a28c4109
Move compress() function to a dedicated file.
This is in preparation for variable block size
compression and async writes.
No change in functional logic.
Bug: 254188450
Test: Full OTA Pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I7681e9a4d884eac1ccbf8adeb1fc6bd1a9fedfa6
Move all files related to libsnapshot_cow library to
a seperate directory. Libsnapshot directory is getting
crowded and we will be adding more files to this library
with async writes.
No changes to any logic.
Bug: 254188450
Test: Full OTA on Pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: If84ff730d477c85a8ef57864d2185f2f897cf8e0
This reverts commit c540ab9bf8.
Reason for revert: root cause is fixed
Bug: 253207748
Test: TH run g3-app-compat-main
Change-Id: I44c2535508a5718a823cdd61ad1938bba739c2a0
Similar reasoning as aosp/2255456. ro.product.device could be overridden
by GSI if system.img was replaced with GSI.
Use ro.product.vendor.device, which comes from the vendor.img, to
determine the "device" type.
Bug: 243116800
Test: adb-remount-test on cuttlefish
Change-Id: Ib4a956047ef46d8e4837b27334f8d58162d4fa2a
F2FS doesn't allow remount,rw for RO partition, so that it caused adb remount.
Fix it.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ia4410d08e8be344d79292c16a335a7e5be7a48bb
According to https://www.slideshare.net/nan1nan1/eat-my-data ,
rename() without an fsync() is not safe, and cannot guarantee data
integrity in case of powerloss of OS failure.
Test: partner verification, th
Bug: 238702018
Change-Id: I5809770062ed7bfa47df81de418a2d8f7cbc6620
check whether the scratch partition is writable.
Delate fs_mgr_dir_is_writable, as it may cause remount to fail.
Steps to reproduce:
1.adb root
2.adb remount
3.adb reboot
4.adb remount
5.push files to the system partition until the scratch partition is full
6.check that the Available of /mnt/scratch is zero through the df command
7.reboot
8.adb root
9.adb remount
Now, overlayfs failed to mount.
But I want to continue to view the files that were previously pushed to
the system partition.
Mounting of overlayfs should not be blocked when there is not enough space.
It seems reasonable to use fs_mgr_rw_access(work) to check whether
the partition is writable.
We should allow mount even if scratch is full, because this allows
the user to delete previously pushed files to free up space.
Bug: 240635368
Change-Id: I726ccd064cfabfab29789e7c690ea8cb574a6344
Signed-off-by: yi.sun <yi.sun@unisoc.com>
