Use sorted std:vector instead of std:map to store
the mapping between chunk-id to COW operation.
Addtionally, use shrink_to_fit to cut down vector
capacity when COW operations are stored.
On a full OTA of 1.8G, Anon RSS usage is
reduced from 120MB to 68MB. No variance observed
when merge was in progress.
Bug: 182960300
Test: Full and Incremental OTA - verified memory usage
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I50cacbe0d03837a830dedcf9bd0ac9663fc68fa7
Instead of allocating the buffer for the whole
upload (which can be arbitrary number of bytes as
the device determines), read 1 MiB at a time.
Test: pass
Bug: 173654501
Change-Id: Ib601b0341b10b7dccbb429cd21aad86a2d3bfda8
Add worker threads per partition to serve the IO request.
Remove memset of buffer in IO path which was impacting
4k IO performance.
update_verifier performance:
1: ~10-12 seconds with this change (both on full OTA and incremental
OTA); ~70 seconds observed without this changeset
2: ~8 seconds without the daemon once merge is completed
and snapshot devices are removed.
Bug: 181293939
Test: update_verifier, full OTA, incremental OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Id90887f3f4a664ee5d39433715d1c166acbd6c60
The parameter "androidboot.hardware" has been removed from bootconfig
and replaced by "hardware" parameter.
Test: launch_cvd with 4.19 and 5.10 kernels
Test: atest CtsFsMgrTestCases
Bug: 173815685
Change-Id: I627426ae1bd0a165b70b8f2584ec184abfb4236f
As parameters are moved from kernel cmdline to bootconfig,
fs_mgr needs to be updated to handle the new location.
/proc/bootconfig should be checked first, if not present, then check
/proc/cmdline.
Test: atest CtsFsMgrTestCases
Test: launch_cvd
Test: launch_cvd with 4.19 kernel artifacts that do not support
bootconfig
Test: Both of the above configurations with --num_instances 0 or 4
Test: Both configurations with androidboot.boot_devices or
androidboot.boot_device set
Bug: 173815685
Change-Id: I23fb07a17c25c9459833cb931ced79d5ccc3e42a
update_engine and libsnapshot must agree on CowOptions parameters,
otherwise the COW size estimation may be incorrect.
Bug: N/A
Test: vts_libsnapshot_test
apply OTA, snapshotctl dump
Change-Id: I219ae458dfa19e4b3c96360d3b847edb2a01ebc8
alignment_offset restrictions were removed in R and are no longer
needed.
Bug: 180571070
Test: liblp_test
Change-Id: I43fa4a929c20cc8c6ec2fece71d5400351c13dbe
I828ce999be6d786bf46dd5655dfda81d046906ab made a slight behaviral change
that fstab is searched and read before /first_stage_ramdisk is mounted
as root. Without this change, the attempt to read fstab from / fails at
the moment, leaving an empty fstab object. But as a side effect of the
attempt, DoCreateDevices() is not called again even after
/first_stage_ramdisk is mounted as root and the fstab is found under /.
This change fixes the problem by adding /first_stage_ramdisk to the list
of places to find the fstab file.
Bug: N/A
Test: Watch TH
Change-Id: I9826610cce436ba706aaea14c9a991822d2bae96
This addresses bugs where unexpected edge cases in the snapshot state
could prevent a merge or data wipe from completing in recovery.
Invalid snapshots (eg on the wrong slot) are now ignored in
CheckMergeState(). This prevents those snapshots from being detected as
"cancelled" and thus falling into RemoveAllUpdateState.
ProcessUpdateState will no longer call RemoveAllUpdateState in recovery.
Furthermore, when RemoveAllUpdateState fails, we will no longer return
the "old" state. If this state is Merging, ProcessUpdateState can
infinite loop.
Finally, HandleImminentDataWipe now guarantees the final state will be
either MergeFailed or None. For testing purposes, the old mechanism was
too susceptible to state machinery changes. And for practical purposes,
either we're going to wipe data (which removes the OTA), or a merge
failed and we can't. So the effective outcome is always no update or a
failed update.
Bug: 179006671
Test: vts_libsnapshot_test
Change-Id: Idcb30151e4d35cbeccf14369f09707ae94a57c66
QuerySnapshotStatus assumes IsSnapshotDevice() would return true.
Additionally, recovery does not have access to /dev/loop-control, which
cannot be used by libfiemap anyway. Access it on-demand instead of
preemptively.
Bug: N/A
Test: manual test
Change-Id: I0f746870d7a8ec6d666f0bdd2fef3464b214928b
Androidboot parameters are being moved from the kernel commandline to
bootconfig.
fs_mgr looks for these parameters in properties and falls back to
reading directly from /proc/cmdline. So both of these sources are
updated for bootconfig.
The androidboot parameters from /proc/bootconfig
are added as ro.boot properties, and fs_mgr will fall back to searching
/proc/bootconfig if it is too early.
Test: boot cuttlefish with androidboot.fstab_suffix and
androidboot.hardware in bootconfig and not in cmdline.
Test: atest CtsFsMgrTestCases
Bug: 173815685
Change-Id: Iea36a0da94c26e1aa37d97c576725e0ad77cd3ad
If we don't mount a certain partition intentionally, should be okay to bypass
remounting the partition.
Bug: 180435772
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I7e4d420693f8ba35ec7881d39d0ca682688743c5
`header` is only initialized in the `if` block of this condition. Hence,
its use in the `else` portion isn't correct. Refactor the code a bit to
make this kind of bug a bit harder to write in the future.
Caught by the static analyzer:
> system/core/fs_mgr/libsnapshot/snapuserd.cpp:457:9: warning: 1st
function call argument is an uninitialized value
[clang-analyzer-core.CallAndMessage]
Bug: None
Test: TreeHugger
Change-Id: Ie56578520acf3cc972efa3336e40698feed20200
Remove kOverlayMountPoints; add OverlayMountPoints().
Fix a regression where if host system didn't install a scratch_gsi
partition and physical /cache partition is mounted, then DSU guest
system could use /cache as its overlayfs backing storage. This is
generally unwanted as the /cache partition could be shared between host
and guest.
Dynamically return the list of overlayfs backing storage candidates, so
we don't accidentally fall back to use /cache storage within a DSU
system.
Bug: 165925766
Bug: 179980369
Test: 1. Prepare a DUT that have a physical cache partition, such as
cuttlefish.
2. Install a DSU system, and unsure that scratch_gsi is not installed.
3. Reboot into DSU, verify that adb remount fails and overlayfs
scratch is not created under /cache.
Change-Id: I1815ac5367c0aac8614aeaabebe0e2cb91cbe161
The exception size was hardcoded and its explanation hidden in one of
the comments.
Move it to a separate constant e better explain why that is 64 * 2 / 8.
Bug: 176972301
Test: m
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: Ifcb527540882222916ada07dacf3f76f87609539
F2FS starts to give a hint, FIEMAP_EXTENT_MERGED, in fiemap, so please allow it.
Bug: 180137825
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ic4e3f573e385d248627da1a2ad64fbbd4a74e679
Once the daemon is terminated, print merge completion
ops and the total ops present in the COW file. This
will help to know if the merge operation was interrupted
and how many pending operations were done during
each reboot until merge is completed
Bug: 167409187
Test: Incremental and full OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ie33c840e80aaeca86f51adc8085cb4e306dca110
Enforce the checking of what chunk/sector/byte is written to the COW
size calculator to avoid possible overflows in the container.
If an undesired behavior occurs, the COW computation is aborted and,
the class user will be notified with an empty returned value.
Bug: 176972301
Test: vts_libsnapshot_test
Change-Id: I29f7909780853434a09032c27c943f505c6d0d19
Allow batch merge of copy operations during merge.
When metadata is read from COW device, assign
the chunk-id by validating there is no overlap
of copy operations. Furthermore, detect the blocks
which are contiguous and batch merge them.
No regression in merge time for full OTA (~35-40 seconds)
Merge time for incremental OTA of ~200M takes about 2 minutes
as compared to 15-20+ minutes without this change.
Add unit test to test ReadMetadata() functionality.
Multiple incremental OTA and full OTA test done on pixel.
adb reboot during merge and validate the merge resume operations.
Bug: 179629624
Test: incremental OTA and full OTA on pixel,
cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I4cd84e4923e42afacc796b8cec01738b1bb1f420
When there is a transition of daemon from selinux stage, we observe
intermittent hangs during OTA. This is a workaround wherein
we don't do the transition and allow the daemon to continue which
was spawned during selinux stage.
Bug: 179331261
Test: Incremental OTA, full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I622a0ed8afcd404bac4919b1de00728de2c12eaf
As we are just using it to generate gibberish, we might as well just
hardcode the gibberish in the script.
Also fix unhandled `grep` failure.
Bug: 179752308
Test: Forrest
Change-Id: I534c7cacdb12a104f26d380fe3a571332091490e
We should check FLAGS_VERIFICATION_DISABLED is set or not
after verifying the vbmeta digest against `androidboot.vbmeta.digest`
from bootloader. This is to ensure the /vbmeta content is not
changed since the bootloader has verified it.
We still allow vbmeta digest verification error if the device is
unlocked. Note that this change will introduce a limitation that
the device will not boot if:
1. The image is signed with FLAGS_VERIFICATION_DISABLED is set
2. The device state is locked
However, it should not be a concern as we shouldn't boot a locked
device without verification.
Bug: 179452884
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2,
boot the device, then `adb shell touch /metadata/gsi/dsu/avb_enforce`.
Reboot the device, checks the device does not boot because
`androidboot.vbmeta.digest` is empty but AVB is enforced.
Change-Id: Id15a25403d16b36d528dc3b8998910807e801ad2
SnapshotManager::New() is now preferred in recovery. Previously we used
NewForFirstStageMount(), which is technically incorrect as that enables
code paths specifically for first-stage init.
We also explicitly label the snapuserd context, since rootfs in recovery
has unlabelled files.
Finally, we add a timeout to internal calls to
CreateSnapshotsAndLogicalPartitions. Without this, WaitForDevice() calls
will terminate immediately, which breaks VABC given the more complex
device stacking that is created.
Bug: 168258606
Test: fastboot snapshot-update merge
Change-Id: I3a663b95c0b1eabaf14e6fde409c6902653c3c5e
Akilesh Kailash