Changing the type of kDefaultGroup from std::string to std::string_view
allows us to make it a constexpr object. Since kDefaultGroup is the
only dirty object in liblp .bss at runtime, this change turns the .bss
page clean and thus saves 4KB per library load.
Bug: 138856262
Test: Boot cuttlefish and check liblp bss is clean for all 5 processes
that are using it.
Change-Id: I7d7c0992e0ab769f070807f24e1275ffed424b5b
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
The replace command is used to substitute the current table of a
device-mapper with the provided one.
The new table will be available as soon as the command returns
successfully.
Bug: 137759376
Test: manual
Change-Id: Iaf258d9043fab3a8770702f4e1c8c0e583c81519
Signed-off-by: Alessio Balsini <balsini@google.com>
Computes the merge completion percentage from the sector information.
Provided test for the function.
Change-Id: I64d83baa0478f9e6969636ee067174910d9b8e03
Bug: N/A
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Simplify the argument parsing of DmTargetSnapshot::ParseStatusText() and
improve its robustness when dealing with wrong imputs.
Add test for DmTargetSnapshot::ParseStatusText().
Change-Id: I7f078c9ecacb402e71db49e3e7072e37cffbc234
Test: dm_test
Signed-off-by: Alessio Balsini <balsini@google.com>
* changes:
adb-remount-test: add /system/priv-app
adb-remount-test: support devices that do not have verity
adb-remount-test add --no-wait-screen option
This reverts commit 588fe9e8af.
Reason for revert: definite cause for test failure
Test: adb-remount-test.sh
Bug: 138407617
Fixes: 138622072
Change-Id: If2fee8873dd7d4360e7ff5572a0481247beffbca
Fetch detailed information for devices through its flags and store in
helper Info class, i.e.:
- active
- access
- activeTable
- inactiveTable
- bufferFull
Change-Id: I3241c5bca00e038d19f99390f40710ca7cff8456
Bug: 137759376
Test: manual test
Signed-off-by: Alessio Balsini <balsini@google.com>
In 4.19+ kernels not yet patched, /system/priv-app/<file> can
cause EPERM on fstat of the directory, resulting in failure to
access content.
Test: adb-remount-test.sh
Bug: 138649540
Change-Id: I96d1acb3cdb80824c9d2ebce415ea6e1253f9c5b
If the device screen drivers or frameworks are compromised, permit
remount testing without waiting for full boot complete to occur with
the --no-wait-screen option. In the same vein to support development,
add --wait-adb and --wait-fastboot options to adjust the timeout.
For TreeHugger testing where other (previous) tests demonstrate
framework or screen regressions, it _may_ be advised to switch to the
--no-wait-screen option so that we do not register a false signal.
It should be noted that some of the past issues with overlayfs and
adb remount could introduce boot up, framework or screen regressions,
so it is advised to not use the option if that interlocking logic can
not be set up.
Test: adb-remount-test.sh
Bug: 138649540
Change-Id: Idf8f4a0eb6d7c9139bd4f2c600d14a70dc71902f
Export suspend and resume functionalities of libdm to command line
through dmctl.
Change-Id: I8e1dd7d67d8814631e4174d3ba169e705efc1df6
Bug: 137759376
Test: manual
Signed-off-by: Alessio Balsini <balsini@google.com>
In some cases it would be required to suspend the device to succesfully
complete some operations. An example is the suspension of the origin
device that is necessary to avoid data corruption when merging a
snapshot.
Introduce suspend and resume ioctls in libdm.
Bug: 137759376
Test: libdm_test
Change-Id: Id2ff34e930a8b32e570cb9f49da9cc3f65cb499c
Signed-off-by: Alessio Balsini <balsini@google.com>
$ adb remount
W DM_DEV_STATUS failed for scratch: No such device or address
E Can not mount overlayfs for partitions: No such file or directory
/system/bin/remount exited with status 8
remount failed
Bug: 138407617
Test: $ adb remount
Change-Id: I0f359071234b57324ad2324905b5239dbfa44d01
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
From gtest doc:
Note that googletest takes ownership of the registered environment objects. Therefore do not delete them by yourself.
Test: run it
Change-Id: I275884ddd63a17097c3ea4d9d6bb2b5291dc8c90
Check the value of ro.boot.dynamic_partitions_retrofit instead of
checking the name of the super partition being 'super' is a more
reliable way of determining retrofit DAP devices.
Some devices launch with DAP (e.g. cuttlefish) doesn't have "super"
as the super partition name. When Virtual A/B is implemented on
cuttlefish, update_engine calls NewForUpdate for the current super
partition metadata. Hence, this code needs to check the retrofit
sysprop instead.
Also, renamed IsRetrofitDevice to IsRetrofitMetadata to avoid the
confusion.
Test: OTA on retrofit DAP device
Test: OTA on launch DAP device
Test: liblp_test_static
Change-Id: I4636de854734df1bb61779d9a955217e89fdb2fd
This is a skeleton API so we can begin implementing both libsnapshot and
the relevant changes in update_engine.
Bug: 136678799
Test: builds
Change-Id: I5dc0fc1f401e94da2b5996cd69ab4076847282a4
gsid is the only consumer for this library, and it's unlikely to grow
beyond gsid.
Bug: 134536978
Test: gsid builds
Change-Id: Ib632b1dd8de3e29c02d1fe443a1e409af5f1257d
This fixes two race conditions in LoopControl::Attach(). The first is
that after LOOP_CTL_GET_FREE, the path is not be available until it has
been processed by ueventd. This can be fixed by adding a timeout
parameter and a call to WaitForFile().
Second, it is possible (albeit unlikely), given that loop devices are
now being used more aggressively, that two processes race when
attempting LOOP_SET_FD. In this case, one process will win, and the
other will fail with EBUSY. We can handle this case by retrying the
operation while respecting the same timeout parameter.
Bug: 135771280
Test: libdm_test gtest
Change-Id: Icf9facc3ca28fdb6ff5c78612d3dc183fa47b1f3
This is no longer needed as CreateLogicalPartition() ensures the
obtained path will not race with device deletion.
Bug: 135771280
Test: device builds, flashes
Change-Id: I821290aa08fede99d5c51cd68681c351a1ea97bc
This fixes a race condition where WaitForFile() after
GetDmDevicePathByName appears to succeed, but a subsequent operation on
the path fails. This can happen when CreateDevice() is called
immediately after a call to DeleteDevice (from any process), and the
path is re-used, enqueuing udev events to remove and re-add the block
device.
The fix for this is to introduce a new variant of CreateDevice() that
has a timeout parameter. When the timeout is positive, CreateDevice()
will wait for a /dev/block/mapper/by-uuid symlink to be created, which
signals that ueventd has finished processing the operation.
ueventd will now create these by-uuid symlinks for device-mapper nodes.
Unfortunately, the uuid is only available during "change" events, so we
have to special case device-mapper symlink creation. And since the uuid
is not available during "remove" events, we simply find matching links
to remove them.
This ensures that callers of CreateDevice() can use the device path
knowing that no asynchronous removals are pending. Code that uses the
old CreateDevice+WaitForFile pattern will be transitioned to the new
method.
Note that it is safe to ignore the timeout, or to use the "unsafe"
CreateDevice, if the caller ensures the path by other means. For example
first-stage init has no device removal, and regenerates uevents until
it has acquired all the paths it needs.
Finally, since libdm now inspects sysfs unconditionally, libdm consumers
need r_dir_file perms for sysfs_dm in their sepolicy. Additionally
linking to libdm now requires linking to libext2_uuid.
Bug: 135771280
Test: libdm_test
device flashes, boots
Change-Id: If5a7383ea38f32a7fbbcf24842dce6a668050a70
Prevent sub-mounts from being candidates for overlayfs overrides.
We move them temporarily to hold the references, then move them back
after overlayfs mount.
There is a race condition that can not be solved where the content
of the sub-mount is temporarily unavailable. This operation occurs
in first stage init (no problem) and during the first adb remount or
adb disable-verity that causes the backing storage to be setup.
Workaround will be to time the adb remount/disable-verity so that the
device-specific problems do not surface.
Test: adb-remount-test.sh and manual device configs
Bug: 130131892
Bug: 135647457
Change-Id: I8782d09b7b389d899aed07b3e6c528280af2d6c8
android-base:
* Add NOLINT for expanding namespace std for std::string* ostream
overload
libdm:
* Fix missing parentesis around macro parameters
init:
* Fix missing CLOEXEC usage and add NOLINT for the intended
usages.
* Fix missing parentesis around macro parameters
* Fix erase() / remove_if() idiom
* Correctly specific unsigned char when intended
* 'namespace flags' should be signed, since 'flags' it signed for
clone()
* Add clear to property restore vector<string> to empty after move
* Explicit comparison against 0 for strcmp
Test: build
Change-Id: I8c31dafda2c43ebc5aa50124cbbd6e23ed2c4101
writer->size() is block size aligned and could be bigger than remaining_bytes
If remaining_bytes is bigger, set remaining_bytes to 0 to avoid sub overflow error.
Bug: 136727859
Test: Successfully install a DSU
Change-Id: If493b0f206561239caec2ee234f7cfd70bf927a7
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.
Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
Unfortunately metadata is not wiped by fastboot -w, so it is
necessary to rm metadata/vold -rf whenever you wipe data.
fastboot flashall -w works
fastboot reboot -w works
A normal boot works
Disable checkpoint commits with
setprop persist.vold.dont_commit_checkpoint 1
vdc checkpoint startCheckpoint 10
adb reboot
wait for device to fully boot then
adb reboot
Wait for device to fully boot then
adb logcat -d | grep Checkpoint shows the rollback in the logs
This tests encryption on top of checkpoints with commit, encryption
without checkpoints, and rollback, which seems to be the key cases.
Bug: 135905679
Change-Id: I24387a2943dce28b918c34894f24911b20429be7
Normally we reject complex dm targets that would invalidate or shift the
block mappings returned via FIEMAP/FIBMAP. Currently the only targets
allowed are crypt, default-key, and bow. This patch adds support for
"linear" as long as there is only one linear target and it targets
sector 0 of the underlying block device.
This is useful for testing gsid, so we can simulate how a
metadata-encrypted device works without having to create a dm-crypt or
dm-default-key node.
Bug: 134536978
Test: manual test
Change-Id: I7c12bc20d95ff4c90402e66bafb4cf2fce7818e2
