summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-14Snap for 7360053 from 422e893875d4d1c8cf73db5d39a0eac19bce3065 to sc-releaseandroid-build-team Robot
Change-Id: I9d292ff0b5cbdc3e0ab778bcb3f9eca70d8a0277
2021-05-14Snap for 7360053 from 422e893875d4d1c8cf73db5d39a0eac19bce3065 to sc-d1-releaseandroid-build-team Robot
Change-Id: I3870b45eb7d6ef9ff040d576104a2c205e883fa4
2021-05-13Fix some lint/style error am: 1d99ae1932 am: d9ff8385fe am: 0a3e95fc03Kelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1706025 Change-Id: I6863bafcb02dd5940c15debb640bda1cdeb8ed67
2021-05-13ResetStatus if update_engine boot in different slot but same build am: ↵Kelvin Zhang
8660347589 am: 5d4aeec7ed am: d121fd12e1 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1704505 Change-Id: Ie9f24b576b5ef3e20b8c8f107a44a3687f5cc622
2021-05-13Write verity first, then do fs verification am: 8704c83dbe am: e7dee6860b ↵Kelvin Zhang
am: 5dd1de1828 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696829 Change-Id: I9844ed5f37225a8f5e21673a26558b36947210c0
2021-05-13Refactor get partition path and IsVABC into separate function am: e012f65a1b ↵Kelvin Zhang
am: 5ac9a7d20d am: 3c9703d23d Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1701825 Change-Id: Ia4548f8c8d98943f4b58efea5c8f0f9b6317cfd4
2021-05-13Add a case to cover repeatedelly running fs verification am: 81eb075609 am: ↵Kelvin Zhang
e75db4f226 am: 022e20e284 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696828 Change-Id: I120354816e0edb759f98b3ea160a99cba41cc2a8
2021-05-13Fix some lint/style error am: 1d99ae1932 am: d9ff8385feKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1706025 Change-Id: I76acacf4ab3ab9c6645e4e02c6c13dd864d91591
2021-05-13ResetStatus if update_engine boot in different slot but same build am: ↵Kelvin Zhang
8660347589 am: 5d4aeec7ed Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1704505 Change-Id: I57f4bb81f8e36c2aeb3fffed78e8fbd0e766d658
2021-05-13Write verity first, then do fs verification am: 8704c83dbe am: e7dee6860bKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696829 Change-Id: I094ddc43779fcf30784ab3f25f2e773bc593f1bb
2021-05-13Refactor get partition path and IsVABC into separate function am: e012f65a1b ↵Kelvin Zhang
am: 5ac9a7d20d Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1701825 Change-Id: I84994a0b514153386b1e47e5da957b18bff9ee73
2021-05-13Add a case to cover repeatedelly running fs verification am: 81eb075609 am: ↵Kelvin Zhang
e75db4f226 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696828 Change-Id: Ie2571255ff81aced6ef728695e34d44824931d85
2021-05-13Fix some lint/style error am: 1d99ae1932Kelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1706025 Change-Id: Ia9f5b7e89a9a27c6c4447aeae21fdb3a172a5eb2
2021-05-13ResetStatus if update_engine boot in different slot but same build am: ↵Kelvin Zhang
8660347589 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1704505 Change-Id: I754c40ad6e5bfc49d285c44505007b8add94c020
2021-05-13Fix some lint/style errorKelvin Zhang
Test: th Change-Id: I57a36f8f6254d3e57a4787f1a7d3cc3368bbd7a7
2021-05-13ResetStatus if update_engine boot in different slot but same buildKelvin Zhang
Old behavior: When update_engine starts up after device take OTA and reboot, if device booted into a different build(check build fingerprint), ResetStatus(). When we apply a self-ota, device will boot into the same build, so ResetStatus() is never called. If we apply the same OTA at this point, this OTA will be treated as a "resume", and will fail to install because we never call libsnapshot's API to allocate snapshot for new update. Changed to ResetStatus() if boot slot changed, or build fingerprint changed. Bug: 185019674 Test: apply self-full OTA, reboot, repeat 2 times. Change-Id: Idcc29dc1c02f3b9b2c84ed1978abedb651a3875a
2021-05-13Add more unittest for fs verification VABC behavior am: 30486bdb67 am: ↵Kelvin Zhang
358b7f1b7f am: a083a4a7c7 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1692745 Change-Id: Ia6d6935185e4139ba9e961f0725a5d4f7e2b0b98
2021-05-12Write verity first, then do fs verification am: 8704c83dbeKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696829 Change-Id: I5f4251c5009bf0c4ccc6770b34a064cee3b6977f
2021-05-12Refactor get partition path and IsVABC into separate function am: e012f65a1bKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1701825 Change-Id: I187be7eb0967e878e66fc7da231d443ea12b97fc
2021-05-12Add a case to cover repeatedelly running fs verification am: 81eb075609Kelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696828 Change-Id: I13a7409b9f6bf5976a91bca25d70d0f77267196a
2021-05-12Write verity first, then do fs verificationKelvin Zhang
Old behavior: Read partition, for each block: Update hasher Update verity writer before reading hashtree/verity: write hashtree/verity to disk Read the last verity blocks. Finalize hasher, verity hashes. The old bahvior tries to minimize fs read by only read once and feed data to hasher and verity writer. However, in VABC, reading/writing are handled very differently. Read can be done via regular fd, but writes must go through special COW API. As we have seen in b/186196758, using COW API in filesystem hashing can lead to inconsistent read and boot failure. Therefore, we've decided to write verity first using COW API, then read/hash partition using regular fd. This does mean that we need to read everything twice, but we think this is a worth while tradeoff. As verity writes can take 5 minutes, but reading the entire partition again only takes <10 seconds. New behavior: Read partition, for each block: Update verity writer Finalize verity writer, write verity to disk launch snapuserd, open a regular fd. Read partition, for each block: Update hasher Finaliaze hasher, verity hashes. Test: th Test: Manual testing on pixel of the following scenario: 1. Verity enabled, VABC enabled, pause/resume multiple times 2. Verity disabled, VABC enabled, pause/resume multiple times 3. Verity Enabled, VABC enabled, pause/resume multiple times Bug: 186196758 Change-Id: I2477c2dc4da5b921e84b48a54d0d8a877c1a52ef
2021-05-12Add more unittest for fs verification VABC behavior am: 30486bdb67 am: ↵Kelvin Zhang
358b7f1b7f Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1692745 Change-Id: I4fa3e7d390c7838173d007fff4f5574217e90ee8
2021-05-12Add more unittest for fs verification VABC behavior am: 30486bdb67Kelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1692745 Change-Id: I21390655efd0014f71e25c2dd67c85b2e8147ad1
2021-05-11Refactor get partition path and IsVABC into separate functionKelvin Zhang
Test: th Change-Id: Ifb6efa1e63f5d5a047d18ac0876a1ecd860ba869
2021-05-11Add a case to cover repeatedelly running fs verificationKelvin Zhang
b/186196758 could be detected by keep running fs verification. The 2nd attempt will cause verity data to be discarded, but since data is still visible during the 2nd attempt, bug is only visible after device reboot, or running fs verification for the 3rd time. Bug: 186196758 Test: th Change-Id: I7415665fa030b68acc3903499750702d8df5626e
2021-05-11Add more unittest for fs verification VABC behaviorKelvin Zhang
Test: th Change-Id: I7db1874cffdacf93bbee8243dc45bb1bcc8b04ee
2021-05-10Merge SP1A.210510.001Brian Orr
Change-Id: If7498b293041f2ae00fd93563417d60a0c13e7c9
2021-05-08Snap for 7347062 from 0f042c79b9e00aa56882fc40aed789e86cc0b562 to sc-releaseandroid-build-team Robot
Change-Id: I7ac7b512d9d94e4cba77ef0f58f9e5432edd1327
2021-05-08Snap for 7347062 from 0f042c79b9e00aa56882fc40aed789e86cc0b562 to sc-d1-releaseandroid-build-team Robot
Change-Id: I0ee60ea101e23774f1360bd7a51be090d0461bfe
2021-05-07Snap for 7346365 from d650df1d306a5a828e7b13a8cc954196fea44992 to ↵Android Build Role Account android-build-prod
s-keystone-qcom-release Change-Id: Ic0b124818789b5ce06620b8f4d8c42af717ab5b7
2021-05-07Create a minimal testcase to reproduce silent verity corruption am: ↵Kelvin Zhang
46d6c4987f am: c852a64987 am: 74f3aef492 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1687165 Change-Id: I145d399df1586e6d69c86b7905171acc04900760
2021-05-07Fix verity discarded bug am: 9105f4baeb am: 15242fd179 am: 5465b60e7bKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1686865 Change-Id: I3012b932910d78275c91559a3b3ddcb1032746e3
2021-05-07Create a minimal testcase to reproduce silent verity corruption am: ↵Kelvin Zhang
46d6c4987f am: c852a64987 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1687165 Change-Id: Icf03f28c286174acc3db163f3ccb804cb75641f7
2021-05-07Fix verity discarded bug am: 9105f4baeb am: 15242fd179Kelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1686865 Change-Id: I763dabc5c8e66f2116a9e5630372a3488e1ceb03
2021-05-07Create a minimal testcase to reproduce silent verity corruption am: 46d6c4987fKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1687165 Change-Id: I79e6f06b62e2854259d2a3d765bb0492dbcdcaaa
2021-05-07Fix verity discarded bug am: 9105f4baebKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1686865 Change-Id: I1fddd2c732e2e8c95c6b1142a85dae8d587101bf
2021-05-06Rename postinstall_mount_device to readonly_target_path am: a9b5d8c8ee am: ↵Kelvin Zhang
6180c7600f am: e0042ab207 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696827 Change-Id: I12b69e04373607aa62057503a71def4a07afe1dc
2021-05-06Rename postinstall_mount_device to readonly_target_path am: a9b5d8c8ee am: ↵Kelvin Zhang
6180c7600f Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696827 Change-Id: I9ceacfa5bea6c6d2f3d11798b2621ce6ea3853e3
2021-05-06Rename postinstall_mount_device to readonly_target_path am: a9b5d8c8eeKelvin Zhang
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1696827 Change-Id: If7cdc7d1cd98a5763cab7dc612641514491557d6
2021-05-06Create a minimal testcase to reproduce silent verity corruptionKelvin Zhang
b/186196758 is triggered by the following sequence of events: 1. update_engine finish writing all install ops, emits kEndOfInstall label 2. update_engine opens cow in append mode, invokes InitialiazeAppend(kEndOfInstall) 3. update_engine writes verity data, invokes SnapshotWriter::Finalize() 4. update_engine repeats step 2, but does not write any data after opening SnapshotWriter. Instead, it reads verity and make sure the hash matches what's specified in OTA payload. 5. Reboot device, verity data corrupted, device rollback to slot _a. This is because, during step 4, when calling InitializeAppend(kEndOfInstall), the SnapshotWriter only reads up to the given label. But OpenReader() completely disregards the resume label and reads all ops. Therefore, update_engine sees the verity data, and determines that everything is fine. However, when calling SnapshotWriter::Finalize(), data after resume label are discarded, therefore verity data is gone. Test: th Bug: 186196758 Change-Id: I0166271b64eb7b574434d617ce730f345ca93ff1
2021-05-06Fix verity discarded bugKelvin Zhang
If update_engine opens CowWriterFileDescriptor w/o writing anything, data past the resume label is readable while fd is open, but will be discarded once the fd is closed. Such "phantom read" causes inconsistency. This CL contains two changes to address the above bug: 1. When device reboots after update, all I/O are served by snapuserd. update_engine should use snapuserd for verification to emulate bahvior of device after reboot. 2. When a CowWriterFd is opened, don't call Finalize() if no verity is written. Since past-the-end data is discarded when we call Finalize() Test: th Bug: 186196758 Change-Id: Ia1d31b671c16fded7319677fe0397f1288457201
2021-05-05Rename postinstall_mount_device to readonly_target_pathKelvin Zhang
When postinstall_mount_device is initially introduced, it's only intended to be used by postinstall action, hence the name. Now we plan to use it for fs verification purpose as well, rename for better clarity. Test: th Change-Id: Iff996f2f513bb44694e39d758a69851793b9a565
2021-05-01Snap for 7328689 from ed7c2726044e333f5341765f5ebfcd05e475fbdc to sc-releaseandroid-build-team Robot
Change-Id: I89e3d6b1e02b3f3f3d815152320c16056436fffa
2021-05-01Snap for 7328689 from ed7c2726044e333f5341765f5ebfcd05e475fbdc to sc-d1-releaseandroid-build-team Robot
Change-Id: I7070eb7722e5c46b814e51df80150a65668f5509
2021-04-30Add COW version to the update_metadata.proto am: 3632df977f am: 2b10c92256 ↵Akilesh Kailash
am: 41b934b719 Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1675042 Change-Id: I6e9c12ec66295e0a502367c39430b5e0225df50a
2021-04-30Add COW version to the update_metadata.proto am: 3632df977f am: 2b10c92256Akilesh Kailash
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1675042 Change-Id: Iaf1f77f7ff78ee775d4f21dd6a6343b637b012ce
2021-04-30Add COW version to the update_metadata.proto am: 3632df977fAkilesh Kailash
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/1675042 Change-Id: I67f9d382724a0c9f21fe6f04453ec6f117689d73
2021-04-30Add COW version to the update_metadata.protoAkilesh Kailash
COW versioning will be used to detect if the COW library version matches with the version in the proto file. If not, VABC is disabled. Bug: 183863613 Test: Apply OTA and verifiy if VABC is disabled if the versioning doesn't match Signed-off-by: Akilesh Kailash <akailash@google.com> Change-Id: I2d8690bd30d3436c6eb281d3e8d6545cb4888a75
2021-04-30Snap for 7325096 from 7297ac0b8116ceb8b83c37de2b5f28a9d2d1cc92 to sc-d1-releaseandroid-build-team Robot
Change-Id: I34b60e1edefb71dd43996b200a5c0834bd8bafa2
2021-04-30Snap for 7325276 from 7297ac0b8116ceb8b83c37de2b5f28a9d2d1cc92 to sc-releaseandroid-build-team Robot
Change-Id: I055c998198506d05dc51bab219b19e73a1a4c1d9
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 08:20:43 +0000