Writes on file descriptors opened with O_DIRECT will fail if the buffer
is not page aligned. This CL will reset the file descriptor without the
O_DIRECT flag for such instances.
Bug: 225108941
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I841c84f5d2c0b9435b394c48b1bfcc2d51d771bb
There are cases such as non 4KB aligned buffers which break writes on
file descriptors opened with O_DIRECT. Flashing functions need more
control over the file descriptor, which is not achievable easily by
having only a file descriptor passed. This CL modifies the logic to pass
the PartitionHandle in place of the file descriptor during flashing.
Bug: 225108941
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I049d0ffb183c9de1267b7e442488c8ba5002186a
This ensures that the dynamic "scratch" partition is removed when doing
a flashall operation.
If "scratch" is on /data, disable the partition. Add IsImageDisabled to
ImageManager so EnsureScratchMapped can skip mapping it. Also, fix
"scratch" not getting unmapped if on /data.
Bug: 205987817
Test: adb remount
adb sync
adb reboot fastboot
fastboot flashall --skip-reboot # no errors
Test: adb-remount-test.sh
Change-Id: I4b9702e1dac15fb663635506fb50a8274e1e10d1
Sparse file can come from an untrusted source.
Need more checking to ensure that it is not a malformed
file and would not cause any OOB read access.
Update fuzz test for decoding also.
Test: adb reboot fastboot
fuzzy_fastboot --gtest_filter=Fuzz.Sparse*
fuzzy_fastboot --gtest_filter=Conformance.Sparse*
sparse_fuzzer
Bug: 212705418
Change-Id: I7622df307bb00e59faaba8bb2c67cb474cffed8e
Similar to GKI boot.img, init_boot.img is released as a specific size
and should be able to be flashed into partitions that have different
sizes. So the AVB footer is moved from the end of the init_boot.img to
the end of the partition in the case that the partition is larger than
the image.
Bug: 203698939
Test: m
Change-Id: Ib5a63a7bf1b4be4eba4941972750f12e3edb3a17
Direct writes for partition flashing significantly increase performance.
Use O_DIRECT flag when opening partition for flashing. Additionally use
a 4096b aligned buffer which is required for O_DIRECT.
Switch from using 8MB write buffer to 1MB write buffer, as the extra
allocation has no performance impact.
Test: flash locally and reach home screen
Bug: 205151372
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I060f438cf698d0fda1e59e35338bb5dc1cd05b51
With VAB we encourage a smaller super partition, so make sure we delete
"other" slot partitions during flashing. Otherwise, we may not have
enough space in super.
Bug: 195930130
Test: set_active, flashall, ensure other slot is deleted
Change-Id: Ic6a4f60e8f4c7abb8af7b38228753ad8ed85eedf
for GSI XTS self-test, we need to mount filesystem(/metadata) in fastbootd mode. so we add a qualification since there is no overlayfs on user build anyway.
bug: 181097763
Change-Id: Ie36bd2f5b3981e6774dc4a2123c33180cddb99d1
Right now fs_mgr_overlayfs_teardown() does slightly different things
when called from the userspace or recovery. This is accomplished by many
runtime checks, runtime assumptions and conditional execution of code.
This makes the control flow of the function very hard to follow, and
assumptions becomes more fragile as the function becomes more complex.
This CL forks fs_mgr_overlayfs_teardown() and removes "recovery" bits
from it. A new entry point TeardownAllOverlayForMountPoint() is added
for recovery.
Recovery (fastbootd) should call TeardownAllOverlayForMountPoint() to
teardown overlays of all sources (cache dir, scratch device or DSU).
While fs_mgr_overlayfs_teardown() should only be called from the
userspace.
Also apply some linter suggestions.
Bug: 165925766
Test: adb-remount-test.sh
Change-Id: I7ff7e3409c910782e1ec207fcd02b967a9762bc1
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 156036850
Change-Id: I11f0c7d32d1b6c74edd4f84f815d175605280cb8
There is a chance that devices are failing to reboot in the lab due to
sync() taking explicitly long during reboot. Let's add the sync()'s
here to ensure they get accounted for in the flashing process.
A side benefit is it's likely safer to sync immediately after
flashing than to hope init does it during reboot.
Bug: 150863651
Test: flash local devices successfully
Change-Id: I4c4b0114f3cde8af4b8b2cb283ec21f869ef9f6f
fs_mgr_overlayfs needs access to /metadata to tell whether or not the
scratch partition exists on /data.
Bug: 134949511
Test: adb remount, fastboot flash system
Change-Id: I3a09aae495d691e9c1a1e25a8fb3514e355ecd05
Skip importing COW group because they are dynamically
created by OTA clients and will never show up in built
images.
Test: flash
Change-Id: I44e7693cfb4c15e64455b56212a02f9abde88d61
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
When the update-super command is issued, we want overlayfs overrides
to disappear without a doubt, which includes non-A/B utilizing
/cache/overlay/ tree. Call fs_mgr_overlayfs_teardown() on successful
return.
Test: adb-remount-test.sh
Bug: 120034852
Change-Id: Ia5cdb797f7e8350b5591a51fc8ae5f323901aee4
Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The purpose of this code was to support preserving partitions across a
flashall operation. Since we are not supporting persistent read-write
partitions, this merging code is effectively useless - it is preserving
only partitions that will be deleted.
Additionally, this code does not merge partition group changes, since
doing so accurately is difficult. Partition size changes aren't sent
until after update-super resolves, so a valid re-grouping could be
rejected during update-super if the existing partitions are too big.
This patch removes the update-super merging code until a use case comes
along and we can properly evaluate how it should work.
Bug: N/A
Test: fastboot flashall
Change-Id: I1d622b23dabdf031897be9de49f59fc8cf3caf3b
Bug: 78793464
Test: fastboot flashall
Sparse images with CRC are not supported by the Android build
system and hence the calculated CRC is unused.
Change-Id: Ia48b2f7e29f2adea26d185c5a8f2337c4cbe6dcb
This change introduces an "update-super" command to the fastboot
protocol. Unlike the "flash" command, which copies raw or sparse data to
a partition, the "update-super" command requires the data to be a super
image generated by lpmake.
If the super partition is not yet formatted (or is corrupt), then it
will be formatted using the given image. Otherwise, "update-super" will
preserve the existing partition layout, and only ensure that logical
partition entries exist for all the new partitions in the given image.
All new partitions added this way will have a zero size, and it is the
host's responsibility to size them as needed afterwards with the
"resize-logical-partition" command.
In addition, the "update-super" command supports a "wipe" argument,
which will force the super partition to be reformatted with the given
image, overwriting any existing partition tables.
Bug: 78793464
Test: fastboot flashall with a super partition
Change-Id: If37d839a03e396e11b6c08a9c32984106613d1dc
When flashing logical partitions, we read the "super" partition metadata
corresponding to the current slot. We then temporarily create a
device-mapper device for that partition, and immediately destroy the
device after all operations are complete. We do not mount partitions
ahead of time, or keep them mounted, because a fastboot operation may
change the layout of the logical partition table (or change which slot
is current).
Bug: 78793464
Test: fastboot flash a logical partition under "super"
Change-Id: Id2a61d3592decabeebfd283c4fd6e6cbe576a18c
