This implements InitiateMerge() and WaitForMerge(). InitiateMerge() is
meant to be called after an update has been marked successful.
WaitForMerge() is designed to be called either: immediately after
InitiateMerge, or during each subsequent boot where merging has not
completed.
InitiateMerge converts each snapshot device to a snapshot-merge device.
WaitForMerge polls each snapshot-merge device until no device reports a
"merging" state. One of the following states can result from this:
- MergeFailed. This will happen if any device failed to merge, or we
were unable to poll, or any other system-level failure occurred.
- MergeNeedsReboot. This will happen if a snapshot-merge device has
completed merging, but we were unable to clean it up due to something
holding a resource open.
- MergeCompleted. This indicates that all snapshots completed merging
and were cleaned up.
If WaitForMerge() returns MergeCompleted, then all snapshots have been
removed and a new update can begin. GetUpdateState() will return None.
MergeFailed and MergeNeedsReboot, on the other hand, are "sticky". They
indicate a merge is still pending. When called again, WaitForMerge()
will poll again to attempt to make more progress in the merge. For
NeedsReboot, a single reboot will ensure all resources are released and
the next WaitForMerge() will successfully finish cleanup. In the failure
case, it is unlikely the next WaitForMerge will succeed, but we always
retry anyway (there is no harm in doing so, and if we get lucky, the
device can take more OTAs).
Bug: 136678799
Test: libsnapshot_test gtests
Change-Id: I5e93fcbffee1973da5ff76363df12d6317a7a7c7
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
Computes the merge completion percentage from the sector information.
Provided test for the function.
Change-Id: I64d83baa0478f9e6969636ee067174910d9b8e03
Bug: N/A
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Simplify the argument parsing of DmTargetSnapshot::ParseStatusText() and
improve its robustness when dealing with wrong imputs.
Add test for DmTargetSnapshot::ParseStatusText().
Change-Id: I7f078c9ecacb402e71db49e3e7072e37cffbc234
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Fetch detailed information for devices through its flags and store in
helper Info class, i.e.:
- active
- access
- activeTable
- inactiveTable
- bufferFull
Change-Id: I3241c5bca00e038d19f99390f40710ca7cff8456
Bug: 137759376
Test: manual test
Signed-off-by: Alessio Balsini <balsini@google.com>
In some cases it would be required to suspend the device to succesfully
complete some operations. An example is the suspension of the origin
device that is necessary to avoid data corruption when merging a
snapshot.
Introduce suspend and resume ioctls in libdm.
Bug: 137759376
Test: libdm_test
Change-Id: Id2ff34e930a8b32e570cb9f49da9cc3f65cb499c
Signed-off-by: Alessio Balsini <balsini@google.com>
This fixes two race conditions in LoopControl::Attach(). The first is
that after LOOP_CTL_GET_FREE, the path is not be available until it has
been processed by ueventd. This can be fixed by adding a timeout
parameter and a call to WaitForFile().
Second, it is possible (albeit unlikely), given that loop devices are
now being used more aggressively, that two processes race when
attempting LOOP_SET_FD. In this case, one process will win, and the
other will fail with EBUSY. We can handle this case by retrying the
operation while respecting the same timeout parameter.
Bug: 135771280
Test: libdm_test gtest
Change-Id: Icf9facc3ca28fdb6ff5c78612d3dc183fa47b1f3
This fixes a race condition where WaitForFile() after
GetDmDevicePathByName appears to succeed, but a subsequent operation on
the path fails. This can happen when CreateDevice() is called
immediately after a call to DeleteDevice (from any process), and the
path is re-used, enqueuing udev events to remove and re-add the block
device.
The fix for this is to introduce a new variant of CreateDevice() that
has a timeout parameter. When the timeout is positive, CreateDevice()
will wait for a /dev/block/mapper/by-uuid symlink to be created, which
signals that ueventd has finished processing the operation.
ueventd will now create these by-uuid symlinks for device-mapper nodes.
Unfortunately, the uuid is only available during "change" events, so we
have to special case device-mapper symlink creation. And since the uuid
is not available during "remove" events, we simply find matching links
to remove them.
This ensures that callers of CreateDevice() can use the device path
knowing that no asynchronous removals are pending. Code that uses the
old CreateDevice+WaitForFile pattern will be transitioned to the new
method.
Note that it is safe to ignore the timeout, or to use the "unsafe"
CreateDevice, if the caller ensures the path by other means. For example
first-stage init has no device removal, and regenerates uevents until
it has acquired all the paths it needs.
Finally, since libdm now inspects sysfs unconditionally, libdm consumers
need r_dir_file perms for sysfs_dm in their sepolicy. Additionally
linking to libdm now requires linking to libext2_uuid.
Bug: 135771280
Test: libdm_test
device flashes, boots
Change-Id: If5a7383ea38f32a7fbbcf24842dce6a668050a70
android-base:
* Add NOLINT for expanding namespace std for std::string* ostream
overload
libdm:
* Fix missing parentesis around macro parameters
init:
* Fix missing CLOEXEC usage and add NOLINT for the intended
usages.
* Fix missing parentesis around macro parameters
* Fix erase() / remove_if() idiom
* Correctly specific unsigned char when intended
* 'namespace flags' should be signed, since 'flags' it signed for
clone()
* Add clear to property restore vector<string> to empty after move
* Explicit comparison against 0 for strcmp
Test: build
Change-Id: I8c31dafda2c43ebc5aa50124cbbd6e23ed2c4101
Normally we reject complex dm targets that would invalidate or shift the
block mappings returned via FIEMAP/FIBMAP. Currently the only targets
allowed are crypt, default-key, and bow. This patch adds support for
"linear" as long as there is only one linear target and it targets
sector 0 of the underlying block device.
This is useful for testing gsid, so we can simulate how a
metadata-encrypted device works without having to create a dm-crypt or
dm-default-key node.
Bug: 134536978
Test: manual test
Change-Id: I7c12bc20d95ff4c90402e66bafb4cf2fce7818e2
device-mapper will accept a "major:minor" string in place of a path for
any target parameter that specifies another block devie. This is useful
to have a helper for, since it lets us avoid a call to WaitForFile().
Bug: 134536978
Test: manual test
Change-Id: I13fd6699dd5d405bfa676830825b006b7810aa0f
Also, add an Emplace() method to DmTable to make target construction
easier. For example,
table.AddTarget(std::make_unique<DmTargetLinear>(...));
Becomes:
table.Emplace<DmTargetLinear>(...);
Bug: 132206403
Test: libdm_test gtest
Change-Id: Iac62c74546ebaa660cb32d6894a019bdac24a305
Enables performance testing with very large numbers of dm-linear devices
Test: Can create device with 16384 extents, and can get its table
Bug: 123261135
Change-Id: I0e78a659eb7616e4db6a8276031e25a0d84f52ba
The host builds for both libs are needed for libfs_avb host unit test.
Also replaces strlcat()/strlcpy() with snprintf() because the former
doesn't have a glibc version. Or switch char* to std::string*.
Bug: 112103720
Bug: 117960205
Test: m libdm ARCH=x86_64
Test: m libfstab ARCH=x86_64
Test: atest libdm_test
Test: atest fs_mgr_unit_test
Test: boot a device
Change-Id: Id9b92b5286b8ed9ab0d80f18ab5802dcfeb83dfa
This adds an option to list device mapper devices including their
current target table. Useful to be included in bugreport to
map the logical partitions metadata with actual device mapper setup.
Bug: 120916687
Test: dmctl list devices -v
Change-Id: I091666506d24372d1e111ffa1c0256c8bbff0c5e
Signed-off-by: Sandeep Patil <sspatil@google.com>
Decrease severity so that GetDmDevicePathByName can be used
as an API to check if |name| is mounted in device mapper.
Test: mount devices during OTA
Bug: 110717529
Change-Id: I6b28b6f8efe48f28819004490a037aba47b41ee1
With verity disabled, fs_mgr_update_verity_state spews some confusing
error messages from device-mapper. This change checks whether a device
exists and logs an explicit error.
Bug: N/A
Test: AVB properties are set correctly on AVB device
Messages are logged correctly with AVB disabled
Change-Id: If490c18cfec2d63ad784972c13ceef63d9aa3e4c
The support for android-verity makes it possible for us to test
raw verified filesystem images to be attached to android-verity
target and have it verified by the kernel.
This makes the testing of android-verity device mapper target
much easier as it doesn't _have_ to be used for root mount.
Bug: 72722987
Test:
$ losetup /dev/block/loop0 /data/local/tmp/verity_fs.img
$ dmctl create verity-fs android-verity 0 4200 \
Android:7e4333f9bba00adfe0ede979e28ed1920492b40f 7:0
Change-Id: Ica6bf5c6e1fd758fdb4005fc8a09755f369a8a0f
Signed-off-by: Sandeep Patil <sspatil@google.com>
This change introduces a new GetTableStatus method on DeviceMapper,
which returns a vector of information about each target in a device's
table. Some target types (such as verity) can also return additional
information as a string.
Support for this call has also been added to the "dmctl" tool via a
"table" command. Examples:
$ dmctl create blah zero 0 8000 linear 8000 1000 /dev/block/sdd1 0
$ dmctl table blah
Targets in the device-mapper table for blah:
0-8000: zero
8000-9000: linear
For verity:
sailfish:/ # dmctl table system
Targets in the device-mapper table for system:
0-4128792: android-verity, V
Bug: 110035986
Test: libdm_test gtest; AVB1 device still boots
Change-Id: Iaf13450d3b32e2264c7c399a8af8d6bade260592
This change uses libdm to replace the hand-coded ioctl code in fs_mgr_verity.
Since AVB2 is now preferred to AVB1, this is a surgical change to allow
us to remove fs_mgr_dm_ioctl. Rather than refactor the target string
construction code, we instead provide a DmTargetVerityString class which
passes a raw parameter string directly to DmTable.
Bug: 110035986
Test: AVB1 device still boots
Change-Id: Iad88993a98abb388a12cec9e6d4543dfb4157414
This change adds a DmTargetVerity class and replaces the existing verity
table builder in fs_mgr_avb.cpp. DmTargetVerity must be constructed with
all the required parameters for dm-verity. Additional arguments can be
appended via helper methods.
Bug: 110035986
Test: libdm_test gtest; boots with verity on AVB devices
Change-Id: I4fc2f7ef122c841e8b4ec4156177a6224ffbac30
This removes the custom ioctl code in fs_mgr_dm_linear.cpp in favor of
using libdm.
Bug: 110035986
Test: logical partitions are still created in first-stage init
Change-Id: I941a27ce865aa1bc712b91d8d4c874462e0d11df
This change adds a LoopControl class for interacting with the loop
control device. In addition it provides a LoopDevice class for creating
temporary loop devices. This is aimed at being a building block for libdm
tests, so the current functionality is limited to attaching and
detaching file descriptors and finding free loop devices.
Bug: 110035986
Test: libdm_test gtest
Change-Id: Ice2891e3a44a037aff7b81c63ac793815640d582
This change implements the ability to get the path of a block device
given a device-mapper device name. In addition, dmctl now has a
"getpath" command to perform this query, as a shortcut for searching
through /sys/block/*/dm/name.
Bug: 110035986
Test: N/A
Change-Id: I9ebd824fa800004f591fc02fc1b1950e0c7fba65
This change implements DmTargetZero and DmTargetLinear, and integrates
them into dmctl. It also implements DmTarget and DmTable serialization.
Example dmctl invocation:
dmctl create my-device -ro \
linear 0 800 /dev/block/by-name/system 0 \
zero 800 1200 \
linear 1200 1500 /dev/block/by-name/system 1200
Bug: 110035986
Test: libdm_test gtest
Change-Id: I7f945c1d9e23cfb78239c23a1aad88e8aef4972b
This change refactors DmTarget. It was satisfying two separate use cases
that have no overlap: (1) as a container for informational queries, and
(2) for specifying table targets.
The kernel's nomenclature for the former is a "target type," so the new
class is named DmTargetTypeInfo.
In addition, this change adds a unit test for
DeviceMapper::GetAvailableTargets that ensures the device has at least a
linear target type (with more TBD).
Bug: 110035986
Test: libdm_test gtest
Change-Id: Icb87976801e8a1e6ec79e48b1d58c308d36279e5
This change implements DeviceMapper::LoadTableAndActivate by serializing
the given DmTable and issuing DM_TABLE_LOAD and DM_DEV_SUSPEND ioctls.
In addition, this makes the CreateDevice() method private, and
introduces a separate method for creating a device and loading a table
as a single operation. This will obviate the need for separate inactive
device cleanup logic later.
Note that this change does not yet implement DmTable::Serialize().
Bug: 110035986
Test: N/A
Change-Id: Ic8affe591db4930ce672b00db989978b57ca8cbf
This places libdm includes into a libdm folder, to match how many other
library includes are organized.
Bug: 110035986
Test: N/A
Change-Id: I430b0cf749c8d16265481864f1f33927fd740a53
This change removes unnecessary malloc() calls for dm_ioctls. It also
simplifies and fixes line endings on some error messages.
Bug: 110035986
Test: N/A
Change-Id: I2f56e5dab7f25cd9b2f80896f80101db56228981
Test: dmctl create system; dmctl delete system
Test: verify that ueventd creates /dev/block/dm-X and verify the dm
device name from /sys/block/dm-X/dm/name
Bug: 110035986
Change-Id: I2a08e2ea7007c0c13fe64d444f0d6618784edae7
Signed-off-by: Sandeep Patil <sspatil@google.com>
libdm is small static library that is intended to be the one source to
control device mapper. It is intended to have APIs to create, control
and destroy device mapper targets. Eventually, all fs_mgr implementation
that talks to device mapper will be moved to using libdm APIs.
Added 'dmctl', a command line tool that lists the registered device
mapper targets and their corresponding version. The tool will continue
to get new features to exemplify new APIs implemented in libdm.
The library is intentionally static and folds into libfs_mgr. All
clients must link to libfs_mgr as a result.
Test: dmctl list
Bug: 110035986
Change-Id: I71e7146073a74e7523524bf3b20d0be6d06f9fad
Signed-off-by: Sandeep Patil <sspatil@google.com>
