Make sure CoW device doesn't overflow. Otherwise, data previously
written to snapshot device may be overwritten.
This check acts as a safety guard to bug like b/145180464, where
the computed CoW device size is less than required, but cannot be
caught by FilesystemVerifierAction in update_engine.
Note that this is a sanity check. It doesn't prevent the following:
(1) write a snapshot until it overflows
(2) unmap and re-map the snapshot
(3) Call FinishedSnapshotWrites()
When a snapshot is re-mapped, DeviceMapper::GetTableStatus() won't
return "Overflow".
However, update_engine always writes the full hashtree / FEC / etc.
data (outside of |PartitionUpdate.operations|), calls
FinishedSnapshotWrites(), and then writes the checkpoint. If the process
is interrupted, update_engine does the full FilesystemVerifierAction
from the beginning. Snapshots aren't remapped during the process. Hence,
the hypothetical case above won't happen in reality (at time of writing)
until FilesystemVerifierAction is broken down into steps with
checkpoints.
Still, given the above hypothetical case, this function is only served
as a sanity check.
FinishedSnapshotWrites() now requires all snapshots to be mapped before
calling. Hence, tests needs to be fixed:
- For SnapshotTest (that tests SnapshotManager private APIs), map
snapshot before calling FinishedSnapshotWrites().
- Factor out common code in SnapshotTest (PrepareOneSnapshot and
SimulateReboot)
- For SnapshotUpdateTest and children, add MapUpdateSnapshots() helper
and map all snapshots before calling FinishedSnapshotWrites().
Test: libsnapshot_test
Bug: 145180464
Change-Id: I3558dd1615059ba27f369c27af22e3c686e392f7
a16f2c81a8