From 9105f4baeb254e45117ab91c396f0d45a4c8b9ca Mon Sep 17 00:00:00 2001 From: Kelvin Zhang Date: Mon, 26 Apr 2021 13:44:49 -0400 Subject: Fix verity discarded bug If update_engine opens CowWriterFileDescriptor w/o writing anything, data past the resume label is readable while fd is open, but will be discarded once the fd is closed. Such "phantom read" causes inconsistency. This CL contains two changes to address the above bug: 1. When device reboots after update, all I/O are served by snapuserd. update_engine should use snapuserd for verification to emulate bahvior of device after reboot. 2. When a CowWriterFd is opened, don't call Finalize() if no verity is written. Since past-the-end data is discarded when we call Finalize() Test: th Bug: 186196758 Change-Id: Ia1d31b671c16fded7319677fe0397f1288457201 --- common/utils.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'common/utils.h') diff --git a/common/utils.h b/common/utils.h index 5f6e4757..59f236ef 100644 --- a/common/utils.h +++ b/common/utils.h @@ -399,13 +399,19 @@ class ScopedTempFile { // If |open_fd| is true, a writable file descriptor will be opened for this // file. - explicit ScopedTempFile(const std::string& pattern, bool open_fd = false) { + // If |truncate_size| is non-zero, truncate file to that size on creation. + explicit ScopedTempFile(const std::string& pattern, + bool open_fd = false, + size_t truncate_size = 0) { CHECK(utils::MakeTempFile(pattern, &path_, open_fd ? &fd_ : nullptr)); unlinker_.reset(new ScopedPathUnlinker(path_)); if (open_fd) { CHECK_GE(fd_, 0); fd_closer_.reset(new ScopedFdCloser(&fd_)); } + if (truncate_size > 0) { + CHECK_EQ(0, truncate(path_.c_str(), truncate_size)); + } } virtual ~ScopedTempFile() = default; -- cgit v1.2.3