| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the partition is f2fs and the OS is 32bit, the data.f_bavail and
data.f_frsize are 32 bits in size. The product of them is also 32 bits
in size. If the available size of storage is greater than 4G, the
product may be greater than the unsigned long max value. If the product
is overflow and less than 100M. The UDC feature will be disabled.
There is also an overflow for std::strtoul when the variable content
is a very big number(more the unsigned long max value).
To avoid the overflow:
1. convert the variable data.f_bavvail to uint64_t and then compute the
multiplication.
2. use std::strtoull replace to std::strtoul.
Bug: 147118861
Change-Id: I60172ae4cb7c997e2ad4a36583be74736c25e565
(cherry picked from 5d0aaaf8e0b111e751bc5de8b70f0996927ddcac)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current behavior:
Assume not checkpointing
cp_startCheckpoint creates the file in metadata
cp_needsCheckpoint will now set isCheckpointing to true
cp_commitCheckpoint will now think there is a checkpoint, and try to
commit it. This will fail on ext4 and it will return false, leading to
bad things.
cp_startCheckpoint is called when staging an apex module for update.
After this point, several things could go wrong:
If a keystore key is deleted, it calls cp_needsCheckpoint to see if the
delete should be deferred until cp_commitCheckpoint. The delete will now
be deferred, meaning that this key will never be deleted, using up the
key sots in trustzone
If a trim is scheduled through idle maintenance, this also calls
cp_needsCheckpoint, so the trims will not occur.
If either of these happens before a system crash, the device will not
recover since the system calls commitCheckpoint which will now crash.
When the system then goes on to reboot, the checkpoint will not be
triggered, since the commitCheckpoint call will have deleted the
checkpoint flag file before crashing.
Bug: 138952436
Test: vdc checkpoint startCheckpoint 5
vdc checkpoint needsCheckpoint
vdc checkpoint commitChanges
stop;start
commitChanges fails, then device loops
After applying this test, commitChanges succeeds and device does
not loop
Change-Id: I135099625f77344d1f8d2e8688735871c44ef2f5
Merged-In: I135099625f77344d1f8d2e8688735871c44ef2f5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.
Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
Unfortunately metadata is not wiped by fastboot -w, so it is
necessary to rm metadata/vold -rf whenever you wipe data.
fastboot flashall -w works
fastboot reboot -w works
A normal boot works
Disable checkpoint commits with
setprop persist.vold.dont_commit_checkpoint 1
vdc checkpoint startCheckpoint 10
adb reboot
wait for device to fully boot then
adb reboot
Wait for device to fully boot then
adb logcat -d | grep Checkpoint shows the rollback in the logs
This tests encryption on top of checkpoints with commit, encryption
without checkpoints, and rollback, which seems to be the key cases.
Also ran same tests on unmodified Taimen and Blueline
Bug: 135905679
Merged-In: I8365a40298b752af4bb10d00d9ff58ce04beab1f
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f
|
| |
|
|
|
|
|
|
|
|
| |
Old approach (do not start class main) does not work because when
testings userdebug GSI on user system, adb does not start until the
framework starts.
Bug: 134126407
Test: Test passes with userdebug GSI on user Taimen
Change-Id: I20441964dbc7b6ad5b445fa17a1374c1282bbbd8
|
| |
|
|
|
|
|
|
|
| |
Bug: 120095226
Test: Tested by forcing /data/system/last-fstrim last modified time back
2 years & manually trigger checkpoint using 'vdc checkpoint startCheckpoint 1'
Change-Id: I0cb8b6a85ae787e1ba2cdd7998a46942ca69760f
Signed-off-by: Sandeep Patil <sspatil@google.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Bug: 129350825
Test: compiles and boots
Change-Id: I83a484ca15df1b757b670008f15af5504bc94df1
|
| |/
|
|
|
|
| |
Bug: 129494872
Test: VtsKernelCheckpointTest runs and passes
Change-Id: Ib2de866db7c847d569789d1aa6cdbad7c3ee7ff4
|
| |
|
|
|
|
|
|
|
| |
The expression "!fd" calls the implicit conversion to int, but comparing
the raw fd against 0 does not work, since open() and other POSIX calls
returning a file descriptor use -1 to signal an error.
Test: m vold
Change-Id: I0847c276f39cb9dd09c7ffb96951276113418fc8
|
| |
|
|
|
|
|
|
|
| |
This changes the property from microsecond to milliseconds, as we don't
need that sort of precision here. Also switches from using ulseep, which
has been removed from POSIX, to nanosleep.
Test: Builds, Boots, Times
Change-Id: Iefbaf8489ba05d8d688542fd7d4305efb980e701
|
| |
|
|
|
|
|
| |
Test: check build
Bug: 129299864
Change-Id: Iab6a01d15185dd19604cd8d3d7ea4efc2b020e34
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Take action if we are running out of checkpoint space.
Configurable via ro.sys properties.
ro.sys.cp_usleeptime = Time to sleep between checks
ro.sys.cp_min_free_bytes = Min free space to act on
ro.sys.cp_commit_on_full = action to take. Either commits or reboots to
continue attempt without checkpoint, or retry
and eventually abort OTA
Test: Trigger a checkpoint and fill the disk.
Bug: 119769392
Change-Id: I977cc03b7aef9320d661c8a0d716f8a1ef0be347
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
abortChanges will attempt to pass a reboot message, and will only reboot
if the device is currently checkpointing. Additionally, it can opt to
attempt to prevent future attempts. This only works for non-bootloader
controlled updates. Failures are ignored, as it will always reboot the
device. In the unlikely event of such a failure, the device will
continue to retry as though you did not ask to prevent future attempts.
Test: vdc checkpoint abortChanges abort_retry_test 1
vdc checkpoint abortChanges abort_noretry_test 0
Change-Id: I7b6214765a1faaf4fd193c73331696b53ae572d2
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This makes needCheckpoint return true when the device will or is using
checkpointing.
Test: vdc checkpoint startCheckpoint 1
reboot
vdc checkpoint needsCheckpoint
should return 1 before and after data mounts, and 0 once the
checkpoint has been committed
Change-Id: Ib57f4461d837f41a8110ed318168165a684d913a
|
| |
|
|
|
|
|
|
|
|
| |
Also add vdc checkpoint supportsFileCheckpoint
This is to allow tests to be specific to supported checkpoint mode.
Test: Built on Taimen and Crosshatch, made sure both new functions work
as expected
Change-Id: I0eab7453b13c0a2e31840ef9ad24a692cec55b00
|
| |
|
|
|
|
|
|
|
|
| |
This allows us to resume rolling back in the event of an unexpected
shutdown during the restore process. We save progress after we process
each log sector, and whenever restarting the current log sector would
result in invalid data.
Test: Run restore, interrupt it, and attempt to resume
Change-Id: I91cf0defb0d22fc5afdb9debc2963c956e9e171c
|
| |
|
|
|
|
|
|
| |
Restores the first n entries of a checkpoint. Allows automated testing
of interrupted restores.
Test: vdc checkpoint restoreCheckpoint [device] [n]
Change-Id: I47570e8eba0bc3c6549a04a33600df05d393990b
|
| |
|
|
|
|
|
|
| |
In preparation for restore code, we need to guarantee fsync happens.
Switch over to fd based operations to prepare for that.
Test: Successfully restores device over reboots
Change-Id: Ic9901779e8a4258bf8090d6a62fa9829e343fd39
|
| |
|
|
|
| |
Test: Successfully restores device over reboots
Change-Id: I4f1c5bbe6c07697a925a1a4efb92aefd15b61332
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I'm not convinced this explains the full regression, but it's a
worthwhile fix anyway.
Bug: 124774357
Test: Booted in checkpoint mode and non checkpoint mode
Change-Id: I6e0e1e59e27bd127feac218fff7d88bb3570b530
|
| | |
| |
| |
| |
| | |
Test: Make sure still boots, restores
Change-Id: I903f58cb22472dbbbbb4c27ed1d88ed1f7c7dc5d
|
| |/
|
|
|
| |
Test: Test that restore still works
Change-Id: I7259e3efd1cd0ee13c74336a7e53158b6bceed57
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This marks the slot as successful within commitChanges, increasing the
available roll back window significantly.
Test: When taking an update on a checkpoint enabled device, it
marks the slot as successful just before committing the
checkpoint. Visible in logs as call to vdc commitChanges,
followed by "Marked slot as booted succesfully."
Bug: 123260515
Change-Id: If71fcde57b3bdee2cfaabb590f123a2d00da3228
|
| |
|
|
|
|
|
| |
VoldUtils already has a pre-parsed fstab. Use it instead.
Test: Checkpoint functions continue to work
Change-Id: I96cbab467a7b809c92c4f6cdf7a06abca8c5aa5e
|
| |
|
|
|
| |
Test: build and boot
Change-Id: Id3850c9c133f6644073a2439368501253a2a94a9
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Copy the existing mount options when remounting f2fs for checkpointing
mode.
Bug: 123376509
Test: Boot with checkpointing, and ensure entries match fstab
Change-Id: If022d9872a44657b550ab892259230805716dc77
|
| |/
|
|
|
|
|
|
|
|
|
| |
This returns true if any entries in the fstab have checkpoint=
set.
Test: Call vdc checkpoint supportsCheckpoint. Should return 1
iff an fstab entry has checkpoint=fs or checkpoint=block set
Bug: 111020314
Change-Id: Ic79bc96ded4da6605f73992dcff542e7cb50d705
|
| |
|
|
|
| |
Test: Rolls backward, and if you hexedit a BOW page, rolls forward
Change-Id: If99a6c3a3bc3f615bd1445f5af14ea490a58e053
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a char buffer on the stack, which we then cast to a
struct, and then proceed to access elements in the struct.
This is not safe across all platforms, as some platforms
may require a certain alignment for members of the struct.
We fix this by assuring an appropriate alignment for our
char buffer.
We also use C++ casting, and rename our buffer to differenciate
it from the other 'buffer' variable in this function.
Test: TreeHugger
Change-Id: I8254cb6b8124e394bd805afd1ccca0faedb27ffa
|
| |
|
|
|
|
|
|
|
| |
We set a property when we commit a chackpoint to signal
to anyone who wants to do post commit cleanup.
Test: Boot to homescreen and check getprop for vold.checkpoint_committed
Bug: 111020314
Change-Id: Idf35e3abf9d24eb40c6926a30a8403064c05e10a
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Only trys to commit if necessary, and reports errors
if commiting fails. RemoveFileIfExists returns true on
success.
Test: vdc checkpoint startCheckpoint, reboot, and then
vdc checkpoint commitChanges
Bug: 111020314
Change-Id: Ie1b3e49beb3ca04f2881fcc595882c607368b477
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This switches the checkpoint calls that don't need to return a value
to return 0 on success, and an error on failure. This will be transalted
to exceptions for java binder users. needsCheckpoint and needsRollback
still return a boolean value.
Test: vdc setCheckpoint 2 then reboot 3 times checking state
Bug: 112901762
Change-Id: Idd3b5e6036631562a86d5123f533b86cf3bd6032
Merged-In: Idd3b5e6036631562a86d5123f533b86cf3bd6032
|
| |
|
|
|
|
| |
Test: vdc setCheckpoint 2 then reboot 3 times checking state
Bug: 112901762
Change-Id: I85a71d059bca27b76175b9bd8465cc453f0ddb8d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds implicit rollback support during A/B style updates.
If you explicitly start a checkpoint with -1, needsRollback will
trigger if the update fails, and should be used if any additional
cleanup is needed that is not covered by A/B itself.
Test: All Checkpoint tests pass
Bug: 111020314
Change-Id: I88b4a1098c6bac4dc1438a54c8a8f59577a6c17b
|
| |/
|
|
|
| |
Test: Checkpoint test script runs and passes
Change-Id: I13005da22aef5fda3d1e0941949db02ff0ff0870
|
| |
|
|
|
| |
Test: All tests pass
Change-Id: I2a6cdf1edfe752f4633e1931e75d18659653938c
|
|
|
Checkpointing uses a combination of files on the meta partition
and the checkpoint= fs_mgr flag. Checkpointed partitions will
revert to their starting state on reboot unless checkpoint commit
is called.
Test: Run vdc commands, check file on metadata
Merged-In: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6
Change-Id: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6
|
