IImageManager::CreateBackingImage and ZeroFillNewImage now returns
FiemapStatus, which is an error code and provides more information
about the reason of error.
In particular, the error code is NO_SPACE if disk space is full during
allocation / writing.
Bug: 138808058
Test: libsnapshot_test
Change-Id: I500a3d9f55a2d7e60438b5b4ae70f8b5fed162fa
Add variants to SplitFiemap::Create and FiemapWriter::Open that
returns a FiemapStatus and take a unique_ptr<T>* out parameter to
get more information on the reason of the failure.
Test: fiemap_writer_test
Test: fiemap_image_test
Bug: 138808058
Change-Id: Iea77ac9810f98c2202e038b7aede15dd2d137b2b
Marks this CTS test module as supporting secondary_user, meaning that
the tests are eligible to be run from a regular Android user other
than the system user (i.e. other than user 0).
Note that 'user' here refers to the concept of users in Android
Multiuser; it is NOT the same as a uid.
Bug: 141773058
Test: module passed with secondary_user params
(--enable-optional-parameterization --module-parameter secondary_user)
Change-Id: I1829a4297a49cd38b4b8a2558c92941acab8ab9a
Just let fallocate fails. It also doesn't check for the delta between
the old file and the new file.
Test: unit tests
Change-Id: I05e12b097a973d9fe7fe696cc472bd7ec2d180c7
The previous refactoring did not uncover the full breadth of issues that
arise when trying to use /data for adb remount. In fact, there are a few
distinct use cases for the scratch device, and one function cannot
sensibly provide them all.
(1) First-stage init needs to know if there are dependent devices. This
would be userdata, super_<other>, or system_<other>. This knowledge
is dependent on the state in /metadata, fstab, and the kernel
command-line.
(2) First-stage init and fastbootd need to know where the scratch
partition is. If it's not in super_<other> or system_<other>, and
there is no indicator on /metadata, then it might be in a dynamic
partition.
(3) "adb remount" needs to find a place to put scratch, which
effectively amounts to the first writable space it can find.
However, for Virtual A/B, devices, scratch wants to be stored in
/data, which requires more complex checks and binder calls.
Trying to encapsulate all of this into one function is too difficult, so
instead, this patch breaks GetScratchStrategy into separate functions:
one to return a physical location if a candidate exists, and another to
deduce the "boot" scratch device.
"adb remount" no longer calls GetScratchDevice, since it only needs to
know whether or not a physical candidate was possible.
fs_mgr_overlayfs_teardown calls GetBootScratchDevice, but now only
attempts to make a dynamic "scratch" partition if one definitely exists.
This makes the functionality clearer and reduces fastbootd uart spam.
Bug: 134949511
Test: adb_remount_test.sh on coral
adb_remount_test.sh on crosshatch
adb_remount_test.sh on walleye
Change-Id: I5f6a3677bc6adcaaf54c8ab3594643e4f285c04e
This adds a helper for first-stage init to easily map partitions backed
by /data. This can be used for the scratch partition as well as DSU
partitions.
Bug: 134949511
Test: fiemap_image_test
Change-Id: I46246b41ce19442d1476b9959e34df0e1bff58c3
We were doing "return -1" in an error case from a function that
returns bool. Since it's non-zero, this gets implicitly cast to
'true', which almost certainly isn't what we wanted here.
Test: TreeHugger
Change-Id: I76c188c22d907fc425cf4d5b0b1575f640a78ee3
This is needed for adb remount, to find the scratch device if it is
already mapped. Note that on devices without metadata encryption, this
cannot be done by querying device-mapper, since scratch will be a loop
device.
Bug: 134949511
Test: fiemap_image_test
Change-Id: Ia25d279c6f8a4838be32a8c01aefc67b5ec1e002
ImageManager can map images in recovery, but not delete them, because
/data is not mounted. libsnapshot handles this by storing extra state
files, but this is complex to manage and inconvenient for
fs_mgr_overlayfs.
Instead, this patch introduces two new calls:
- DisableImage(), which indicates the image should not be used. This is
implemented by adding a new DISABLED attribute to
LpPartitionMetadata. CreateLogicalPartitions ignores this flag, and
thus recovery/fastbootd can disable the scratch partition and
communicate that it can be deleted. This cannot be called from binder
since it is intended for recovery/first-stage init only.
- RemoveDisabledImages(), which walks the images for a given folder on
/metadata and deletes any that are disabled. This can be called from
binder.
Note that there is no metadata version bump for this flag. It's
considered to be included in the flag list for minor version 1, and
currently is not used for the actual super partition.
Bug: 134949511
Test: adb remount, fastboot flash system
Test: fiemap_image_test
Change-Id: Iaeca2d1eddb5637dd9a20202cafd11ae60b4d0e3
This eliminates libfiemap as a standalone library and instead bundles it
into libfs_mgr. All consumers of libfiemap need libfs_mgr, and having
them tightly coupled reduces linkage complexity.
When to use libfs_mgr: In recovery, first-stage-init, or when libfiemap
or overlayfs is not used.
When to use libfs_mgr_binder: When not in recovery/first-stage init, and
overlayfs or libfiemap is needed. In this case, IImageManager will proxy
over binder to gsid.
Bug: 134949511
Test: builds, fiemap_writer/image_test passes.
Change-Id: I4c1a5698afdbf9b3bf87accec98254c1fb6f4e0e
Approach in
https://android-review.googlesource.com/c/platform/system/core/+/1191457
depended on ordering of entries. Instead fs_mgr now tries to unmount
everything with the same block device as /data until timeout is reached.
This is very similar to what is done in UmountPartitions in reboot.cpp,
but I'm a little bit reluctant to merge them together, since the later
unmount all read-write partitions, while here we are only interested in
/data.
Test: on both coral and blueline:
Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1
Test: adb reboot userspace
Test: verified that userdata was remounted
Bug: 135984674
Change-Id: I929a058fa2f9639f0a2b73e9ea269cf1e07db889
This fixes two bugs in how we use fallocate(). First, using ZERO_RANGE
is a mechanism to allocate holes, not blocks. Instead we should be
passing no flags.
The reason this code worked is because of our explicit writes to the
file, which is intended to defeat lazy block allocation. This is not
necessary for F2FS with proper file pinning support, so we now skip this
when possible.
Together, these fixes improve the speed of "adb remount" when backed
by libfiemap.
Bug: 134949511
Test: adb remount when backed by /data
Change-Id: I746053d183e0c83d56979d9c3fa6d96b40b5e478
In recovery the user has the option to mount /system, but when a device
is updating with Virtual A/B, the _b partition may be a snapshot.
This patch introduces a helper function that satisfies the dependency of
setting up the snapshot devices required to mount /system.
Bug: 139157327
Test: manual /system partition mount on VAB device during OTA
Change-Id: I7337bdd38d7016d12d3ee42be1c7893b10e9116d
Signed-off-by: Alessio Balsini <balsini@google.com>
Add an API that does not initiate the merge, but only waits for it to
finish. It is different from ProcessUpdateState API in that it also
blocks when state == UNVERIFIED and booting from the new slot.
(ProcessUpdateState immediately returns in this case).
This is useful for android.os.UpdateEngine.CleanupSuccessfulUpdate().
Bug: 138808328
Test: libsnapshot_test
Change-Id: I7cc59fcaf69616e7ec7ebe6101991b5106845b65
Factor out obscure logic that reads boot indicator path.
GetCurrentSlot() returns three states:
- None (read failure)
- Old (before reboot)
- New (after reboot)
Use these "logical" slot values for simpler code.
Test: libsnapshot_test
Change-Id: I1fa2ce4916c5a1652d25682ec1f11e101c858822
A few times we have wanted to stash small bits of information in the
super header, but we haven't had any bits to do so. This patch addresses
future needs in two ways:
1. A "flags" field has been added for miscellanious bits that do not
need a version bump.
2. The header struct has been padded to 256 bytes to allow for future
expansion without complicating the struct-parsing code.
This is the first time we've materially changed the format, so this
patch needs some extra explanation.
In all the places we rely on sizeof(LpMetadataHeader), we now need to
use the |header_size| field instead. To make newer versions of liblp
compatible with older headers, we read the minimum required header size
and fill in the extra bytes as needed. To make the validation and
reading logic more clear, it is now combined into a single function,
ReadMetdataHeader.
MetadataBuilder will still emit 1.0-compatible headers, to avoid
changing the on-disk format of existing devices. The new header will
only be emitted as-needed.
Bug: 134949511
Test: liblp_test gtest
retrofit DAP device boots
launch DAP device boots
Change-Id: I6221123768ff0057a73967ecb2ff9b006c17af88
This is no longer needed now that GetScratchDevice exists. The cache can
go away too, since it only existed to avoid libdm spam. The spam is
avoided by checking GetState before calling GetDmDevicePathByName.
Bug: 134949511
Test: adb remount and adb_remount_test.sh
Change-Id: I9d94e2523af9de394a811d0b398fe20415708a6b
This pulls code for mapping the scratch device into a separate function.
It also avoids implicitly failing by passing an empty device string.
Finally, it calls GetScratchDevice, to remove a caller of the deprecated
method fs_mgr_overlayfs_scratch_device().
Bug: 134949511
Test: adb remount and adb_remount_test.sh
Change-Id: If4a543d3fa26af3f8578ec8b236859c8e4d9bfd8
The prologue of fs_mgr_overlayfs_create_scratch() will implicitly
succeed on physical block devices, and implicitly fail if for some
reason they can't be accessed.
This patch makes the success and failure cases explicit. The logic
specific to DAP has been moved to CreateDynamicScratch.
fs_mgr_overlayfs_create_scratch now calls GetScratchStrategy, and only
calls CreateDynamicScratch for DAP-launch devices. In the case a
physical block device can be used, no action is taken.
Bug: 134949511
Test: adb remount and adb_remount_test.sh
Change-Id: I0af7cda9bc551416c9e2ffca5a36305f89d3bf46
This splits fs_mgr_overlayfs_scratch_device into two new methods. The
first, GetScratchStrategy, returns an enum detailing exactly how the
device will find space for scratch:
- via system_<other>,
- via super_<other>, or
- via a dynamic partition.
The second method, GetScratchDevice, uses the strategy to either return
the underlying block device, or look up a dynamic partition.
fs_mgr_overlayfs_scratch_device will be removed completely in a separate
patch.
Bug: 134949511
Test: adb remount and adb_remount_test.sh
Change-Id: Ic7e3815ada4adaf5fd7c19b84dc22249f3dcc881
To ease on the indentation, this factors the innermost code of
overlayfs_mountall() into a new TryMountScratch() function.
Bug: 134949511
Test: adb remount
Change-Id: I894cbcd17bb6bd64751f235a074fa5ba7ce5157c
Previously the AVB public keys for DSU is hard coded for each key path.
This adds the burden for maintaining the codebase, e.g., need to change
avb_keys each time when any new key is added or some old key is deleted.
With commit Ie74845d8c8e4aa45e8a9e3b862424cec641f8090, it's possible to
load avb keys from a directory. Let's use "/avb" for DSU AVB keys.
Also removing fstab entries that specifying vbmeta_partition. The AVB
keys used in DSU flow should be a separate set from the original
vbmeta.img (or vbmeta_system.img).
The following link has more info about DSU:
https://developer.android.com/topic/dsu
Bug: 141284191
Bug: 144399552
Test: boot a GSI via DSU
Change-Id: I6bc1e068368e64cb0bbf6ef63805444b35a1fdfb
This enables unmounting + remounting of metadata encrypted ext4
userdata. Also added a sysprop to force unmount+remount logic even for
f2fs userdata which comes handy for testing, since we don't have
metadata encrypted ext4 devices to test on.
Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1
Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb reboot userspace
Test: adb shell dumpsys activity
Bug: 135984674
Bug: 143970043
Change-Id: Icc30f5c99f4d9ee374352610ae17b5d9814f815b
Make sure CoW device doesn't overflow. Otherwise, data previously
written to snapshot device may be overwritten.
This check acts as a safety guard to bug like b/145180464, where
the computed CoW device size is less than required, but cannot be
caught by FilesystemVerifierAction in update_engine.
Note that this is a sanity check. It doesn't prevent the following:
(1) write a snapshot until it overflows
(2) unmap and re-map the snapshot
(3) Call FinishedSnapshotWrites()
When a snapshot is re-mapped, DeviceMapper::GetTableStatus() won't
return "Overflow".
However, update_engine always writes the full hashtree / FEC / etc.
data (outside of |PartitionUpdate.operations|), calls
FinishedSnapshotWrites(), and then writes the checkpoint. If the process
is interrupted, update_engine does the full FilesystemVerifierAction
from the beginning. Snapshots aren't remapped during the process. Hence,
the hypothetical case above won't happen in reality (at time of writing)
until FilesystemVerifierAction is broken down into steps with
checkpoints.
Still, given the above hypothetical case, this function is only served
as a sanity check.
FinishedSnapshotWrites() now requires all snapshots to be mapped before
calling. Hence, tests needs to be fixed:
- For SnapshotTest (that tests SnapshotManager private APIs), map
snapshot before calling FinishedSnapshotWrites().
- Factor out common code in SnapshotTest (PrepareOneSnapshot and
SimulateReboot)
- For SnapshotUpdateTest and children, add MapUpdateSnapshots() helper
and map all snapshots before calling FinishedSnapshotWrites().
Test: libsnapshot_test
Bug: 145180464
Change-Id: I3558dd1615059ba27f369c27af22e3c686e392f7
Hard coding multiple keys in the avb_keys flag isn't flexible and
causes some pains when upgrading an Android codebase.
e.g., from Android 10 to Android 11.
This CL supports specifying a directory for the avb_keys
for fs_mgr to list then use the avb keys under the directory.
Bug: 144399552
Test: config a fstab using avb_keys as a dir to boot
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Change-Id: Ie74845d8c8e4aa45e8a9e3b862424cec641f8090
Add libsnapshot_test_helpers for update engine tests
to properly set up depended modules.
Test: update_engine_unittests
Test: libsnapshot_test
Change-Id: Idd90a74cd6fb489f6ae14f44493b2288205c4a94
This API is an attempt to consolidate dm-stack unwinding logic
re-implemented in several different places (libfsmgr, libfstab,
libfiemap, etc.).
Test: libdm_test
Bug: 135984674
Change-Id: I9672d4c1e882824ef980667818d4c3aabcb82e1f
Yifan Hong