We have seen multiple OTA failures with invalid geometry magic
signature. Make partition metadata write atomic by writing to a tmpfile
first and then do a rename.
Test: th
Bug: 303770065
Bug: 298149189
Change-Id: Id1d565de73439b95b665144c2f02fc97273d341c
* This results in a metric ton of denials on some devices and
eats up valuable resources on boot, plus there's 0 need for it,
so kill it.
Change-Id: Ic52d5b3f06724430e9505345024cf0041b37ca49
v2 writer and v3 writer will write different versions of the header.
It's better to have each writer hold it's own header.
Test: th
Change-Id: Ibe310d58b830950ad556aabcd0c1009483fc8d86
Adding Version 3 of CowHeader. This will inherit from original
CowHeader and add a compression field. We are no longer supporting
different compressions per operation so having this one field is enough.
Test: cow_api_test
Change-Id: If88dceda139807cc5e647b706ddeb2b3e83c024f
We can shove type into source info to save 8 bits in per cow operation.
We only need 4 bits inside of source_info to enumerate all the types of
Cow Operation:
static constexpr uint8_t kCowCopyOp = 1;
static constexpr uint8_t kCowReplaceOp = 2;
static constexpr uint8_t kCowZeroOp = 3;
static constexpr uint8_t kCowLabelOp = 4;
static constexpr uint8_t kCowClusterOp = 5;
static constexpr uint8_t kCowXorOp = 6;
static constexpr uint8_t kCowSequenceOp = 7;
static constexpr uint8_t kCowFooterOp = -1;
Test: critical ota paths on pixel
Change-Id: I22049db0b39a55bd8f863339f3751d3146d5c1e9
Moving this function to cow reader first we have to read the version of
cow from the header before deciding which parser to use. This is a more
logical place for this code to be in
Test: th
Change-Id: Ie5ba53439b4fc3c4c409426b818a2d53c0cbc3e5
replacing any instance of op->source_info with GetCowSourceinfoData as
that's what we're really looking for. This function will return the 48
bits associated with the source and not the extra bits that will store
type + other information. We should never be making a reference to
op->source_info directly as that has no real meaning, we should be
masking for the data that we really need
Test: cow_api_test
Change-Id: I259c790efdd13c61a4599e9edfc75cf0ba000c61
This function will be called in header write for both v3 and v2 writer.
Seems okay to move to base class as theres no unique functionality to
the v2 writer.
Test: cow_api_test
Change-Id: I70c1b08ce67127c9dcbd0f54b574d2cd5ad1d0b5
We don't need the compression bit in v3 op since all operations will
have the same compression per COW Device and it will be stored within the COW header.
We can check to see if an operation contains compressioned data by
checking data_length and see if it's less than BLOCK_SZ
Test: 4 critical OTA paths
Change-Id: I3f86756d83bf54bf6efd15d9cb7ac064eefdd949
Adding v3 writer that works off of Cow Operation v3. Adding test file
that will test this new writer. Adding in stub implementations to v3 writer. None of these functions
have to work yet, we just need the implementations here to compile.
Test: m libsnapshot
Change-Id: If86437d5ceb2c33520d4ca26dea5193984f86546
This fixes the case when all the following conditions are true:
1: Incremental OTA
2: When there are sequence of overlapping COPY operations within one merge-window
(510 blocks)
3: Device is rebooted when snapshot-merge is in-progress of this
merge-window. When device reboots, the state of merge-window (of 510 blocks) was
merge-in-progress (aka - only partial set of blocks were merged in
this window thereby the state of the base device is in-complete for
this window)
4: During the next boot, if there any I/O request from the filesystem
which maps to the merge-window in (3):
a: The data has to be retrieved from the scratch space of the
COW until the snapshot-merge for that window is completed.
b: Once the snapshot-merge is complete for that window, data
has to be retrieved from base device.
The bug was in step 4(a) wherein I/O request was getting routed to base
device.
This patch addresses the above flow by fixing step 4(a).
A new vts test has been added to explicitly track this issue.
Additionally, there is no need to re-scan the partition if partition is in merge resume path. This should cut down the overhead of the scan.
Bug: 275296365
Test: 1: 100 iterations of ./vts_snapuserd_test --gtest_filter=SnapuserdTest.Snapshot_COPY_Overlap_Merge_Resume_IO_Validate_TEST
2: Incremental OTA on Pixel 6 Pro with multiple iterations of device
reboot when merge is in progress
Change-Id: Ib53be7f07ff192a84ec7f7049b2c6be01dad1041
Signed-off-by: Akilesh Kailash <akailash@google.com>
Refactor writer, reader + parser to work off v2 version of
CowOperations.
Test: m libsnapshot. ota on cuttlefish
Change-Id: Iec59be91e5f54782272b37702d645942df38c771
Reader + Parser v3 should be able to read V2 cow format written to disk.
This test reads in a small cow file written by basic_v2_cow_writer and
parses it to ensure this compatibility checks out.
Test: cow_api_test
Change-Id: I46ebf4e3f12cdb3e4716ca5b624aab5836086733
This is similar to inspect_cow --extract-to, except it uses snapuserd.
It is a diagnostic host tool and uses the tooling added for host
testing.
Usage: snapuserd_extractor -cow COW_FILE -base BASE_FILE -out OUT_FILE
-num_sectors NUM_SECTORS
Unlike inspect_cow, this supports xor/copy operations.
The extractor code is separated into a utility file so we can use it for
additional tests later on.
Bug: N/A
Test: manual test
Change-Id: Ib7509508cba45e6c3a0db8c75454e33c2a503e03
This adds an --extract-to argument to inspect_cow to verify that full
OTA snapshots contain correct data. It does not yet work for ordered
ops.
Test: inspect_cow
Bug: N/A
Change-Id: I9014da3e83fd4fb5ea54ac1d36e527b3e3e6c9d5
Change-Id: I7e256e8ddec626980cdcf8680bbeac3c2e9d8de1
Adding small binary to write a simple COW for version 2. We will then
use updated reader to make sure we can read this version 2 cow. Think it
would be a good idea to keep the binary here to see how exactly we
generated the cow (useful for debugging and if we ever need to recreate
this cow)
Test: m basic_v2_cow_writer
Change-Id: I28435025b7a8280fc5c4574876cc9110b391cb0e
Target block hash was in-correctly getting added to map thereby
overriding the source-hash.
Bug: 299011882
Test: Flash Pixel 6 Pro from A->B and from B->A
Change-Id: Ib3887c29cd6b8f2abd50e932273a5cfc2a096bd5
Signed-off-by: Akilesh Kailash <akailash@google.com>
std::async returns a std::future whose destructor blocks until the
async function has completed, which defeats the purpose of using
std::async. The future needs to be kept alive to allow the function to
run concurrently.
Starting in C++20, std::async marked [[nodiscard]] to help catch this
misuse. Upgrading libc++ adds the [[nodiscard]] attribute to
std::async, so fixing this bug is necessary to keep the code compiling
after libc++ is updated.
Bug: 175635923
Test: treehugger
Test: m && m snapuserd_test
Change-Id: Id2e820248c2b6111aa843fb709e08a2c19677066