Make XOM related crashes a little less mysterious by adding an abort
cause explaining the crash.
Bug: 77958880
Test: Abort cause in tombstone for a XOM-related crash.
Change-Id: I7af1bc251d9823bc755ad98d8b3b87c12bbaecba
This method was designed for a single-super model, and now needs to
change to accomodate two super partitions (system_a and system_b, for
retrofitting).
NewForUpdate is supposed to transition metadata from one block device
to the next for updates. For normal devices this is a no-op, since
metadata only exists on one partition (super). For retrofit devices,
metadata exists on system_a and system_b. This has two implications.
First, any references to the source slot must be rewritten. For example
"vendor_b" must become "vendor_a". However this is not true of partition
names. Partitions/extents are cleared in the updated metadata since they
no longer have any meaning (the block device list has been
rewritten). We also clear groups since they are re-added during OTA.
The reason we have to do this rewriting is that slot suffixes are
automatically applied in ReadMetadata. We do not have access to the
original unsuffixed metadata that was written by the initial OTA.
This was a conscious design decision, since it localizes retrofitting
idiosyncracies to just a few places (ReadMetadata, NewForUpdate, and
fastbootd), minimizing the number of external callers that have to
understand auto-slot-suffixing.
It would be arguably cleaner if retrofit metadata was always serialized
*without* slot suffixes, thereby making NewForUpdate a no-op. However
this would necessitate changes to the API elsewhere. The functions that
read partition names would have to take a slot suffix, and this would
further complicate MetadataBuilder and fastbootd. Another solution would
be to augment LpMetadata to retain unsuffixed information, but this is
probably not worthwhile given that retrofitting is intended to be
surgical, and will have a shorter lifespan than the non-retrofit case.
Bug: 116802789
Test: liblp_test gtest
Change-Id: I33596d92b38c47bc70bc0aa37ed04f6f0b9d4b6f
Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
On retrofit devices, it is easy to accidentally overwrite
system/vendor/product by flashing system in the bootloader. The reason
is that GPT system_a is really the super partition, and the bootloader
doesn't know it.
Addressing this in bootloaders would require two separate commands: one
that rejects flashing system/vendor/product, and another for
expert/factory use that would allow direct flashing.
This patch introduces protection into the host fastboot tool instead.
It's not mutually exclusive with bootloader changes; having protection
in the host tool affords us better and consistent UI. However it does
rely on users having newer builds.
With this change, the following will not work in the bootloader:
fastboot flash system # or vendor, product, etc
The message is the same whether or not the device is a retrofit. To
continue anyway, you can do:
fastboot flash --force system
If we decide on bootloader protection as well, the --force flag can be
re-used.
Bug: 119689480
Test: fastboot flash system # disallowed in bootloader, allowed in fastbootd
fastboot flash --force system # allowed in bootloader
Change-Id: I0861e3f28a15be925886d5c30c7ebd4b20c477cf
If recent_perf contains existing content, overwrite in method
load_perf_history_proto. If proto of recent_perf contains a lot of
history, the content would have grown with system_server crashes.
Test: setprop ro.storaged.flush_proto.interval 60
while true;do sleep 5;stop;sleep 1;start;ps -A|grep storaged;done
and look at value for rss should remain about 4MB over long term.
Bug: 119798824
Change-Id: I50aae7d61eb791a8fcddbbd829254baf8f708186
Removes a few more Android.mk files.
Test: check for adb, mkbootfs, and fastboot in the build artifacts
Change-Id: Ie4e50a363a734d0b9207f0d0098c54719f038e76
Today, assume llkd is not hardened enough to 100% guarantee that
lack of progress in inspection loops is a direct result of a
livelock condition affecting llkd itself. Log a fatal alarm to
make init restart llkd instead for the time being.
ToDo: develop trust in llkd regarding sigalarm causes.
Test: compile
Bug: 119781757
Change-Id: I668dc1773898da6c95aad7221724b16f1684b067
This is needed for update_engine to properly clean old partitions on
retrofit devices.
Bug: 119687874
Test: liblp_test gtest
Change-Id: Ida9483ad3c127e357f45789540ebbedc9d3d3883
This change adds a command to init.rc to write cpu variant information to a file under dev/
Test: sync to device and make sure corresponding files are created.
Change-Id: Ibf90967f13f72af925c82ff79bd973ef4cdc4068
There can be no match when there is no APEX installed or no APEX is
providing *.rc file. Don't fail in that case.
Bug: 117403679
Test: m apex.test; m; device is is bootable
Change-Id: Ib1c607ee2c156dc236da1df7df0c6663e8d899b2
Add a test report df before overlay applied to make it clearer what
the device looked like before applying for remount. Check error
code from adb disable-verity and use that to terminate test if bad.
Collect a sliced logcat for failures to help diagnose problems.
If the device does not come back after flashing, timeout and fail
when waiting. Fix some issues that result when running script under
set -x when diagnosing the tests logistics.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: Iffbd6261703393417cb6ec3a12042d59523c348d
Strip out /dev/block/loop* devices to filter out apex mounts. Deal
with scale of skip_administrative_mounts function to make for easier
maintenance.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 112455435
Change-Id: Ic7382a613db8f3ac7cdc10721194042378d136b9
Remove unit test that is not needed any more.
Slightly reorganize the code around the changed check.
Bug: 77958880
Test: Ran backtrace tests with new linker options.
Test: Ran libunwindstack unit tests.
Change-Id: Ie95707323fb51616a093cafb83e0343fa24e7e61
Recursively delete all contents in a temporary directory in the
destructor. If the caller wants the contents preserved, then
call DoNotRemove().
Test: compile
Bug: 119313545
Change-Id: I3601c06334920055a60dd3074b249824f4d6f510
Recursively delete all contents in a temporary directory in the
destructor.
Test: compile
Bug: 119313545
Change-Id: I9570a8591f4e51f8f4f1157e75ccc1b781f8a19d
lpmake should be using the intermediates directory for temporary work
rather than /tmp. Add ability to respect TMPDIR environment as
inherited from TemporaryFile.
Bug: 119313545
Test: manual test
Change-Id: I1a0317538875ee37fb4066602ff7a75e4658d74b
