summaryrefslogtreecommitdiffstats
path: root/updater/blockimg.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix potential size overflow in blockimg.cppxunchang2019-01-171-3/+5
| | | | | | | | | | | | | | Switch to 64 bit integers since the size of the entire src/tgt images may not fit in size_t of ILP32. There are other theoretical overflow cases in memory allocation and I/O functions. However, they reside within a single transfer command and are less likely to happen. I will evaluate and address them in separate cls. Test: unit tests pass Bug: 122461124 Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
* updater: add functions to modify dynamic partition metadataYifan Hong2019-01-141-9/+52
| | | | | | | | | | | | Test: sideload full OTA on cuttlefish Test: sideload incremental OTA on cuttlefish (that grows system, shrinks vendor, and move vendor to group foo) Test: verify that /cache/recovery/cc46ebfd04058569d0c6c1431c6af6c1328458e4 exists (sha1sum of "system") Bug: 111801737 Change-Id: Ibdf6565bc1b60f3665c01739b4c95a85f0261ae5
* Create stash dir recursively.Yifan Hong2019-01-121-1/+2
| | | | | | | | | | When applying an OTA package onto the device in OTA mode, if the recovery logs haven't been viewed, there is a chance that /cache/recovery does not exist. Then, stash creation will fail. Create stash directories recursively to avoid this error. Test: without /cache/recovery, sideload the OTA on cuttlefish Change-Id: I5cc01a067d866476a3594e795dcb5b15649e817b
* updater: erase ignores EOPNOTSUPP for BLKDISCARDYifan Hong2019-01-051-11/+10
| | | | | | Test: sideload on cuttlefish Bug: 111801737 Change-Id: I784a2142049054f38d6b70c7af7e88a451996d83
* updater: Error out on underrun during patching.Tao Bao2018-11-051-1/+4
| | | | | Test: Run recovery_component_test on marlin. Change-Id: If23baf42aeacb48500edabc2eadd2e7119a848da
* Use only signed/unsigned numbers with ParseInt/ParseUint respectivelyTom Cherry2018-10-051-1/+1
| | | | | Test: build Change-Id: If56b33c9c420237ff441779ba1dbebffd9dae8e3
* Enable c++17 in recovery_defaults.Tao Bao2018-08-281-23/+23
| | | | | | | And add the first few users. Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: Ifdf093d011478b6a1dd0405b0ba48c145b509cc8
* Remove otafaultTianjie Xu2018-08-281-70/+46
| | | | | | | | | | Now it's less beneficial to inject I/O faults since we don't see many of them. Remove the library that mocks I/O failures. And switch to android::base I/O when possible. Bug: 113032079 Test: unit tests pass Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
* Add an updater function to compute hash treeTianjie Xu2018-08-061-18/+123
| | | | | | | | | | | | | | | | The new command is part of the transfer.list and allows us to compute the hash tree on non-ab devices. The required arguments for the hash_tree computation are: hash_tree_ranges source_ranges hash_algorithm salt_hex root_hash Bug: 25170618 Test: unit tests pass; run simulator with compute_hash_tree Change-Id: I8ff0d582cc8adabb8a060db7845f38b35b28e62c
* applypatch: Consolidate CacheSizeCheck() and MakeFreeSpaceOnCache().Tao Bao2018-07-131-3/+3
| | | | | | | | | | | | | | | | | | They are doing exactly the same thing, except for the slightly different error return value (1 vs -1). int CacheSizeCheck(size_t bytes); int MakeFreeSpaceOnCache(size_t bytes_needed); This CL consolidates the two functions and uses bool as its return type. // Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately // if so. Otherwise, it will try to free some space by removing older logs, checks again and // returns the checking result. bool CheckAndFreeSpaceOnCache(size_t bytes); Test: Run recovery_unit_test and recovery_component_test on marlin. Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
* edify: Remove VAL_INVALID and move ValueType into Value class.Tao Bao2018-07-101-10/+11
| | | | | | Test: mmma -j bootable/recovery Test: Run recovery_component_test and recovery_unit_test on marlin. Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
* updater: Add ABORT command.Tao Bao2018-07-071-0/+7
| | | | | | | | | | | This will be used for testing purpose only, replacing the previously used "fail", to intentionally abort an update. As we're separating the logic between commands parsing and execution, "abort" needs to be considered as a valid command during the parsing. Test: recovery_unit_test and recovery_component_test on marlin. Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
* No longer print hash for stashed blocks during verification of retryTianjie Xu2018-07-031-1/+3
| | | | | | | | | | | | | | During block verification, load stash reads from the source blocks on the device instead of the stashed files. And for interrupted update, it's pretty common that the source blocks has already been overwritten by subsequent commands. In that case the hash printing is mostly useless. Moreover we should have already printed the hash when the first update failed. Bug: 80241799 Test: Unit tests pass. No longer prints mismatching stashed source blocks on retry. Change-Id: I4effe684280b0325199f6cc4b2cc26e91295c2d7
* updater: Defer the creation of the new data writer.Tao Bao2018-06-181-24/+24
| | | | | | | | | | | | This avoids leaving the created new data writer thread unjoined, in the presence of transfer list parsing errors, or the early exit case on `total_blocks == 0`. Also fix a minor issue when dumping the errno on pthread_create error (pthread_create returns the error number, as opposed to setting errno). Test: Run recovery_component_test on marlin. Change-Id: Icfac27fef0c64736eb8c76264da73c223b4960cb
* updater: Drop the 'overlap' parameter in LoadSrcTgtVersion3().Tao Bao2018-06-081-12/+10
| | | | | Test: Run recovery_component_test on marlin. Change-Id: I93afca891c5c9c1a351c907b023cd20c4704a66a
* updater: Remove the redundant check on line count.Tao Bao2018-06-071-9/+3
| | | | | Test: recovery_component_test on marlin. Change-Id: I2ac2bd47469d1aec8a97a8c4ed0fe80ffd65c95b
* updater: Replace the reference arguments with pointers.Tao Bao2018-06-051-102/+101
| | | | | | | | | | | | | As suggested by the style guide (https://google.github.io/styleguide/cppguide.html#Reference_Arguments), all parameters passed by reference must be labeled const. This CL moves most of the non-const references in blockimg.cpp to pointers, except for the CommandParameters& parameter in PerformCommand* functions, which will be handled in separate CLs. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Change-Id: I84299208e9a1699f5381fb2228d4120f0c8dacb3
* tests: Add ResumableUpdaterTest.Tao Bao2018-06-041-0/+1
| | | | | | | | | | | | | | | | | | | | | This is a stress test that instantiates multiple testcases that interrupt a BBOTA update at every transfer command. Each testcase asserts the last_command_file after the interruption, verifies the update resumability, then resumes the update and asserts the updated image. The transfer list in the testcase covers most of the transfer commands (stash/free/move/bsdiff/zero/new), as well as some special pattern like having duplicate stash ids. This CL also addresses one issue in the updater code, by resetting the stash_map before each run. The stash map should be valid only per block_image_verify/block_image_update run. Having leftover may cause issue in subsequent runs, in particular when calling block_image_verify after a previous run of block_image_{update,verify}. Test: Run recovery_component_test on marlin. Change-Id: I6f9a0368d194a754ce41a9c9819c6d5be2657248
* updater: Drop the 'blocks' parameter in LoadStash().Tao Bao2018-05-311-15/+8
| | | | | | | | | | None of the callers actually uses the value. (Even in the earlier versions, e.g. the one in M, the value wasn't used either.) Test: Run recovery_component_test on marlin. Change-Id: I53e61a1afa211f71a200889ed3aa4046763b46ea
* updater: Add Commmand class to manage BBOTA commands.Tao Bao2018-05-261-63/+54
| | | | | | | | | | | | Move the commands map parsing out of PerformBlockImageUpdate(), as this can be done more easily by the caller. The goal (not done in this CL) is to decouple command parsing logic from the performers. This allows (a) focusing on the command logic in the performer; and (b) extending BBOTA commands syntax separately. Test: Run recovery_unit_test and recovery_component_test. Change-Id: Ife202398a7660b152d84a3ba17b90f93d19c55f2
* updater: Use a bool to indicate if allowed to skip a command.Tao Bao2018-05-221-22/+17
| | | | | | | | This avoids the signedness issue, and makes the code more readable. Test: mmma bootable/recovery Test: Run recovery_component_test. Change-Id: I01c3a0357887cfd7c9d4aba4239ef650cfa18388
* updater: Clean up the header lines computation.Tao Bao2018-05-211-6/+4
| | | | | | | | It no longer needs to be conditional, as we've removed the support for BBOTA v1/v2. Test: mmma bootable/recovery Change-Id: I881de8afa38cc5b41b48e6d48d85170699ea5eb4
* Last command file should be updated after a command finishesTianjie Xu2018-05-161-11/+7
| | | | | | | | | | The last command file has the last executed stash command by convention. So we should update the file after we actually finishes executing the command; instead of after loading src/tgt. Bug: 79756267 Test: unit tests pass Change-Id: I4535b5836e7eb13b3abe3d02f9f362ec5e9ec969
* Merge "updater: Skip an updated partition on retry."Tao Bao2018-05-081-39/+77
|\
| * updater: Skip an updated partition on retry.Tao Bao2018-05-081-39/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to the change, the BBOTA updater would try to re-run all the commands for a given partition on retry, including creating stashes according to the list of commands. This could fail a retry when the previous update had moved on to next stage, with leftovers in /cache. This CL creates a marker on /cache upon successfully updating a partition. The update commands will be skipped when trying to apply updates on an updated partition. Note that the marker is expected to be removed while doing a normal boot (in particular, handled by RecoverySystem#handleAftermath). If that didn't happen, the updater would also remove the marker before starting next fresh update. Alternatively, we can achieve the same goal by changing the OTA script, which needs to additionally compare the checksum against the target build. For example, range_sha1("/system", "ranges") == SHA1_of_updated_system || block_image_update("/system"); The downside is that we need to pay that cost on each install, as the edify script doesn't support caching the result in a variable. Bug: 79165963 Test: Simulate the process on device (by triggering a reboot while updating /vendor). Check the update log and result. Change-Id: I731031fa336133e1221b33edfc469969706e8091
* | updater: Fix an issue when resuming an update.Tao Bao2018-05-081-3/+6
|/ | | | | | | | | | We cannot skip "new" commands while resuming an update with last_command_file, because they read in the data sequentially from the package. Bug: 69858743 Test: Interrupt an update that has new commands. Check the update log. Change-Id: I05fb67246f5ea3ba2a0f78f10255c0d9b0bc2f5a
* Rename CacheLocation to Paths.Tao Bao2018-04-261-16/+12
| | | | | | | | | | We have a general need for overriding more paths (e.g. "/tmp"), mostly for testing purpose. Rename CacheLocation to Paths, and use that to manage TEMPORARY_{INSTALL,LOG}_FILE. Test: mmma -j bootable/recovery Test: recovery_component_test Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
* updater: Remove an unneeded strdup().Tao Bao2018-04-251-1/+1
| | | | | | | StringValue() makes a copy of the arg. Test: mmma bootable/recovery Change-Id: I1002994e7496c840aa05c785019bdeca281f467e
* applypatch: Drop the SHA_CTX parameter in Apply{BSDiff,Image}Patch.Tao Bao2018-04-201-3/+2
| | | | | | | | | | As they're accepting the SinkFn callback, it makes more sense to leave the work to their callers. Test: mmma -j bootable/recovery Test: Run recovery_component_test on marlin. Test: No other active user of the two functions. Change-Id: I8d67b38ce037925442296f136b483e0c71983777
* Add a singleton CacheLocation to replace the hard coded locationsTianjie Xu2018-02-281-4/+5
| | | | | | | | | | | | This class allows us to set the following locations dynamically: cache_temp_source, last_command_file, stash_directory_base. In the updater's main function, we reset the values of these variables to their default locations in /cache; while we can set them to temp files in unit tests or host simulation. Test: unit tests pass Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
* Fix the behavior of undefined commands in BlockImageVerifyTianjie Xu2018-02-281-2/+4
| | | | | | | | | | | | | | | | | | | | | In BlockImageVerify some commands are undefined, e.g. "erase", "new", "zero". And we should not error out if the corresponding function pointer of these commands is null; otherwise we will fail the verification. The old code is: if (cmd->f != nullptr && cmd->f(params) == -1) return false; In the last_command_file change the logic was wrongly modified to if (cmd->f == nullptr) return false; ... if (cmd->f(params) == -1) return false; Test: sideload an incremental OTA twice on bullhead Change-Id: I2561c365badb850da0e416629ccd61f0df7da5d7
* Log the last command to cacheTianjie Xu2018-02-071-9/+172
| | | | | | | | | | | | | | | | | | | | | | | | When performing an update, save the index and cmdline of the current command into the last command file if this command writes to the stash either explicitly of implicitly. This mitigates the overhead to update the last command file for every command. I ran a simple test on angler and the time to update 1000 times is ~2.3 seconds. Upon resuming an update, read the saved index first; then 1. In verification mode, check if all commands before the saved index have already produced the expected target blocks. If not, delete the last command file so that we will later resume the update from the start of the transfer list. 2. In update mode, skip all commands before the saved index. Therefore, we can avoid deleting stashes with duplicate id unintentionally; and also speed up the update. If an update succeeds or is unresumable, delete the last command file. Bug: 69858743 Test: Unittest passed, apply a failed update with invalid cmd on angler and check the last_command content, apply a failed update with invalid source hash and last_command is deleted. Change-Id: Ib60ba1e3c6d111d9f33097759b17dbcef97a37bf
* Avoid overwrite of the error message in AbortFnTianjie Xu2018-01-291-9/+9
| | | | | | | | | | | | | The AbortFn() used to overwrite the error message, hiding the real failure reported in ErrorAbort(). And we will miss the failure in the script patterns like 'blockimageupdate() || abort()' We will ensure there's one line break at the end of ErrorAbort's error message; and append to the existing error message when calling abort(). Test: Message from ErrorAbort shows up in the log Change-Id: I3aebd06629c5129330250c7fe5e8cdead2ae85bc
* applypatch: Change the patch parameter to const Value& in Apply{BSDiff,Image}Patch.Tao Bao2017-11-101-2/+2
| | | | | | | It used to be "const Value*", but nullptr won't be a valid input. Test: recovery_host_test; recovery_component_test Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
* otautil: Remove the aborts in RangeSet::Parse().Tao Bao2017-11-071-1/+19
| | | | | | | | | | | | | | | | | | | We used to CHECK and abort on parsing errors. While it works fine for the updater use case (because recovery starts updater in a forked process and collects the process exit code), it's difficult for other clients to use RangeSet as a library (e.g. update_verifier). This CL switches the aborts to returning empty RangeSet instead. Callers need to check the parsing results explicitly. The CL also separates RangeSet::PushBack() into a function, and moves SortedRangeSet::Clear() into RangeSet. Test: recovery_unit_test Test: Sideload an OTA package with the new updater on angler. Test: Sideload an OTA package with injected range string errors. The updater aborts from the explicit checks. Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
* Finish the new data receiver when update failsTianjie Xu2017-10-201-16/+41
| | | | | | | | | | | The thread to receive new data may still be alive after we exit PerformBlockImageUpdate() upon failures. This caused memory corruption when we run the unittest repeatedly. Set the receiver_available flag to false and make sure the receiver exits when the update fails. Bug: 65430057 Test: unittests passed with tsan Change-Id: Icb232d13fb96c78262249ffbd29cdbe5b77f1fce
* Move rangeset.h and print_sha1.h into otautil.Tao Bao2017-10-111-2/+2
| | | | | | | | | Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
* Revert "Revert "Move error_code.h into otautil.""Tao Bao2017-10-091-1/+1
| | | | | | | | | | | | | | | | This reverts commit 26436d6d6010d5323349af7e119ff8f34f85c40c to re-land "Move error_code.h into otautil.". This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". This CL needs to land with device-specific module changes (e.g. adding the dependency on libotautil). Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug; mmma bootable/recovery Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
* Revert "Move error_code.h into otautil."Tao Bao2017-10-051-1/+1
| | | | | | | | This reverts commit 623fe7e701d5d0fb17082d1ced14498af1b44e5b. Reason for revert: Need to address device-specific modules. Change-Id: Ib7a4191e7f193dfff49b02d3de76dda856800251
* Move error_code.h into otautil.Tao Bao2017-10-041-1/+1
| | | | | | | | | This way it stops requiring relative path ".." in LOCAL_C_INCLUDES (uncrypt and edify). Soong doesn't accept non-local ".." in "local_include_dirs". Test: mmma bootable/recovery Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
* otafault: Move headers under otafault/.Tao Bao2017-09-291-1/+1
| | | | | Test: mmma bootable/recovery Change-Id: I3ceb72f703c7c2857d656c137d71baa1fccd8238
* Move Image/ImageChunk/PatchChunk declaration into header filesTianjie Xu2017-08-191-1/+1
| | | | | | | | | 1. Move the declaration of the Image classes to the header file to make testing easier. 2. Also move rangeset.h to bootable/recovery to allow access in imgdiff. Test: recovery component test Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
* Fix a case when brotli writer fails to write last few blocks of dataTianjie Xu2017-07-211-94/+81
| | | | | | | | | | | | | | | | | receive_new_data may exit too early if the zip processor has sent all the raw data. As a result, the last few 'new' commands will fail even though the brotli decoder has more output in its buffer. Restruct the code so that 'NewThreadInfo' owns the decoder state solely; and receive_brotli_new_data is responsible for the decompression. Also reduce the test data size to 100 blocks to avoid the test timeout. Bug: 63802629 Test: recovery_component_test. on bullhead, apply full updates with and w/o brotli compressed entries, apply an incremental update. Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
* Add support to decompress brotli compressed new dataTianjie Xu2017-07-081-32/+143
| | | | | | | | | | | | | | | | | | | | | | Add a new writer that can decode the brotli-compressed system/vendor new data stored in the OTA zip. Brotli generally gives better compression rate at the cost of slightly increased time consumption. The patch.dat is already compressed by BZ; so there's no point to further compress it. For the given 1.9G bullhead system image: Size: 875M -> 787M; ~10% reduction of package size. Time: 147s -> 153s; ~4% increase of the block_image_update execution time. (I guess I/O takes much longer time than decompression.) Also it takes 4 minutes to compress the system image on my local machine, 3 more minutes than zip. Test: recovery tests pass && apply a full OTA with brotli compressed system/vendor.new.dat on bullhead Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
* Retry the update if ApplyBSDiffPatch | ApplyImagePatch failsTianjie Xu2017-05-241-0/+2
| | | | | | | | | | | | | | | We have seen one case when bspatch failed likely due to patch corruption. Since the package has passed verification before, we want to reboot and retry the patch command again since there's no alternative for users. We won't delete the stash before reboot, and the src has passed SHA1 check. If there's an error on the patch, it will fail the package verification during retry. Bug: 37855643 Test: angler reboots and retries the update when bspatch fails. Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
* Abort the update if there's not enough new dataTianjie Xu2017-04-081-4/+26
| | | | | | | | | | Right now the update stuck in a deadlock if there's less new data than expection. Add some checkers and abort the update if such case happens. Also add a corresponding test. Bug: 36787146 Test: update aborts correctly on bullhead && recovery_component_test passes Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
* Change the internal representation in RangeSet.Tao Bao2017-04-031-205/+187
| | | | | | | | | | | | | | This CL makes the following changes to RangeSet: - Uses std::pair<size_t, size_t> to represent a Range; - Uses std::vector<Range> to represent a RangeSet; - Provides const iterators (forward and reverse); - Provides const accessor; - 'blocks()' returns the number of blocks (formerly 'size'); - 'size()' returns the number of Range's (formerly 'count'). Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
* updater: Keep the parsed parameters in std::unique_ptr.Tao Bao2017-03-311-160/+157
| | | | | | | | We don't need to take raw pointers out of the parsed arguments. std::unique_ptr handles the dereferencing automatically. Test: mmma bootable/recovery Change-Id: I1beabf6e04dc350bdad7b36cee5fb345c82b28f2
* Move parse_range() and range_overlaps() into RangeSet.Tao Bao2017-03-311-110/+18
| | | | | | | | | | | | | | | Also move RangeSet into a header file to make it testable, and add unit tests. In RangeSet::Parse() (the former parse_range()), use libbase logging to do assertions. This has the same effect as the previous exit(EXIT_FAILURE) to terminate the updater process and abort an update. The difference lies in the exit status code (i.e. WEXITSTATUS(status) in install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0. Test: recovery_unit_test Test: Apply an incremental update with the new updater. Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
* Merge "updater: Move RangeSinkWrite into RangeSinkState."Tao Bao2017-03-311-164/+146
|\
| * updater: Move RangeSinkWrite into RangeSinkState.Tao Bao2017-03-291-164/+146
| | | | | | | | | | | | | | | | Then rename RangeSinkState to RangeSinkWriter. RangeSinkWriter reads data from the given FD, and writes them to the desination RangeSet. Test: Apply an incremental with the new updater. Change-Id: I5e3ab6fc082efa1726562c55b56e2d418fe4acaf
* | updater: Don't append newline when calling uiPrint().Tao Bao2017-03-301-1/+2
|/ | | | | | | | LOG(INFO) already appends a newline. Don't print redundant newline. Test: No extra blank lines when calling ui_print(). And on-screen UI shows the same. Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
* applypatch: Let Apply{BSDiff,Image}Patch accept std::function.Tao Bao2017-03-281-75/+76
| | | | | | Test: mmma bootable/recovery system/update_engine Test: recovery_component_test Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
* applypatch: Change the ssize_t length parameters to size_t.Tao Bao2017-03-281-41/+40
| | | | | | | | | | | | | | | | | Mostly for applypatch family APIs like ApplyBSDiffPatch() and ApplyImagePatch(). Changing to size_t doesn't indicate they would necessarily work with very large size_t (e.g. > ssize_t), just similar to write(2). But otherwise accepting negative length doesn't make much sense. Also change the return type of SinkFn from ssize_t to size_t. Callers tell a successful sink by comparing the number of written bytes against the desired value. Negative return values like -1 are not needed. This also makes it consistent with bsdiff::bspatch interface. Test: recovery_component_test Test: Apply an incremental with the new updater. Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
* updater: Clean up LoadSrcTgtVersion2().Tao Bao2017-03-281-146/+143
| | | | | | | | | | | | | | | Rename to LoadSourceBlocks() by moving the target blocks parsing part into the caller. This allows detecting whether the target blocks have already had the expected data before loading the source blocks. It doesn't affect anything when applying an update package for the first time, but it skips loading the unneeded source blocks when resuming an update. It additionally avoids unnecessarily dumping the "corrupt" source/stash blocks when resuming an update. Bug: 33694730 Test: Apply an incremental update with the new updater. Test: Resume an incremental update with the new updater. Change-Id: I794fd0d1045be7b3b7f8619285dc0dade01398d0
* Merge "updater: Remove some redundant arguments."Tao Bao2017-03-261-78/+65
|\
| * updater: Remove some redundant arguments.Tao Bao2017-03-241-78/+65
| | | | | | | | | | | | | | | | | | | | Clean up a few functions that take CommandParameters& as the first parameter. We don't need to take duplicate arguments if they always come from CommandParameters. This redundancy came from the point we replaced strtok()s (commit baad2d454dc07ce916442987a2908a93fe6ae298). Test: Apply an incremental update with the new updater. Change-Id: I2912b8ce6bc7580bf7f566e125f12270e679e155
* | Merge "updater: Drop the support for BBOTA v1 and v2."Tao Bao2017-03-251-398/+330
|\|
| * updater: Drop the support for BBOTA v1 and v2.Tao Bao2017-03-241-398/+330
| | | | | | | | | | | | | | | | | | | | The script support for BBOTA v1 and v2 has been dropped in commit 8fad03e7712082eb880ffaaffb69eb13252ce220 (platform/build). Bug: 33694730 Test: Apply an incremental with the new updater. Test: recovery_component_test Change-Id: I038b1bf8d10f030cab8ec0aa6ee565c5a9545dfd
* | Merge "Removed C-style casts"Tao Bao2017-03-241-1/+1
|\ \ | |/ |/|
| * Removed C-style castsMikhail Lappo2017-03-231-1/+1
| | | | | | | | | | | | | | | | In c++ code would be cleaner to use c++ retinterpret cast instead of old c-style notation Change-Id: Ibeef5e0c374addf108c0a8876a6be45063d8e396
* | Redundant checking of STL container elementMikhail Lappo2017-03-231-3/+1
|/ | | | | | | | As of C++ specification size_type erase( const key_type& key ); removes the element (if one exists). There is no need to perform the check twice. Change-Id: I4b057c08526abc7c2a483a60f9e166e4d8f56a74
* Remove malloc in edify functionsTianjie Xu2017-03-221-13/+41
| | | | | | | | And switch them to std::vector & std::unique_ptr Bug: 32117870 Test: recovery tests passed on sailfish Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
* Fix the permission of stashed blocks created by updaterTianjie Xu2017-03-221-0/+12
| | | | | | | | | | | Our updater created the stashes with root permission. This causes an access denial when the RecoverySystem service tries to clean up these blocks after a failing update. As a result, the subsequent OTA updates may fail due to insufficient cache space. Bug: 36457133 Test: stashed blocks cleaned successfully after reboot Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
* Revert "Revert "Print SHA-1 in hex for corrupted blocks""Tianjie Xu2017-03-171-6/+140
| | | | | | | | | This reverts commit 90eff6a340f9983792d700df3b1ea0203aced207. Also fix the bug where stashed blocks are not freed. Bug: 21124445 Test: Previous failed update succeeded on bullhead Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
* updater: Minor clean up to EnumerateStash().Tao Bao2017-03-161-73/+50
| | | | | | Test: Apply an incremental BBOTA package with the new updater. Test: Resume an interrupted BBOTA (so it cleans up the partial stash). Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
* Revert "Print SHA-1 in hex for corrupted blocks"Tao Bao2017-03-151-140/+3
| | | | | | | | | | This reverts commit bb0cd75a0e1f6760bdf96bd141f3a546ffa45fbc. Broke the 'free' command that deletes a stash. Bug: 36242722 Test: The previously failed incremental applies successfully. Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
* Print SHA-1 in hex for corrupted blocksTianjie Xu2017-03-131-3/+140
| | | | | | | | | | | It will be helpful for debug if we know which blocks are corrupted after a verification failure. This CL prints the SHA-1 for each source block in a transfer command if these blocks don't have an expected hash. And along with the correct SHA-1, we will catch the corrupted blocks. Bug: 21124445 Test: Printed the mismatched SHA-1 for bullhead during an update. Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
* Replace _exit(-1) with _exit(EXIT_FAILURE).Tao Bao2017-02-031-1/+1
| | | | | | | | | -1 is not a valid exit status. Also replace a few exit(1) with exit(EXIT_FAILURE). Test: mmma bootable/recovery Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
* Merge "updater: Clean up CreateStash()."Tao Bao2017-01-051-83/+84
|\
| * updater: Clean up CreateStash().Tao Bao2016-12-291-84/+85
| | | | | | | | | | | | | | Change the stash size computation from int to size_t. Test: Apply an incremental BBOTA with the new updater. Change-Id: Ib45b71b826fec6aa0ffafc67c17735825634eae0
* | updater: Refactor parse_range().Tao Bao2017-01-041-74/+63
|/ | | | | | | | Returning the parsed RangeSet directly (as opposed to using some pointer parameter) to make the code cleaner. Test: Apply an incremental with the new updater. Change-Id: I8c99e701f189eb6a3eacc0d647e5a3a85fbeb3eb
* updater: Fix the operator order.Tao Bao2016-12-141-1/+1
| | | | | | | | | | Shift operator ("<<") has a higher precedence level than ternary operator ("?"). Test: BBOTA update log says "performing update" as opposed to "performing 0". Change-Id: I0cf60cbfc11415e94f1f9f6effe75f14d13a1874
* updater: Switch to libbase logging.Tao Bao2016-12-011-99/+95
| | | | | Test: Build an updater into a package and apply it on device. Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
* Cleanup ReadArgs & ReadValueArgs usageTianjie Xu2016-11-011-30/+24
| | | | | | | | ReadArgs will switch to using std::string and std::unique_ptr. Also cleanup the callers. Test: mma & component test passed. Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
* Replace minzip with libziparchiveTianjie Xu2016-10-181-47/+26
| | | | | | | | | | | Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
* Change StringValue to use std::stringTianjie Xu2016-10-151-81/+73
| | | | | | | | | | | Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
* Refactor libupdater into a seperate module.Tao Bao2016-10-111-2/+2
| | | | | | | | | So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
* Check an edge case when read(2) returns 0Tianjie Xu2016-09-011-0/+4
| | | | | | | | | | We might end up in an infinite loop if read(2) reached EOF unexpectedly. The problematic code in uncrypt mentioned in the bug has been fixed by switching to libbase ReadFully(). So I grepped through the recovery code and fixed some other occurences of the issue. Bug: 31073201 Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
* Check the results from applypatchTianjie Xu2016-06-161-4/+10
|\ | | | | | | | | | | am: 31f8cc84cf Change-Id: I2ea241fb3e688f5f8b0558d638dd3ed502223f97
| * Check the results from applypatchTianjie Xu2016-06-161-4/+10
| | | | | | | | | | | | | | | | Check the results from applypatch in PerformCommandDiff; and abort the update on failure. Bug:29339536 Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
* | resolve merge conflicts of 7ce287d to nyc-dev-plus-aospTianjie Xu2016-06-041-7/+52
|\| | | | | | | Change-Id: I2194d1170281f58eb508f2ef63b39c8729125f76
| * Call ioctl before each write on retryTianjie Xu2016-06-031-7/+52
| | | | | | | | | | | | | | | | If the update is a retry, ioctl(BLKDISCARD) the destination blocks before writing to these blocks. Bug: 28990135 Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
* | resolve merge conflicts of 50f6417 to nyc-dev-plus-aospTianjie Xu2016-05-231-28/+56
|\| | | | | | | Change-Id: I42c127f7946e678acf6596f6352f090abc0ca019
| * Allow recovery to return error codesTianjie Xu2016-05-201-27/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
* | Add time and I/O info to last_installTianjie Xu2016-05-181-0/+12
|\| | | | | | | | | | | | | | | | | am: dd874b1c87 * commit 'dd874b1c87eb04f28db0db2629df0adde568a74c': Add time and I/O info to last_install Change-Id: I02aa858d5ce488d3acbf5400811e2565cf7d9c75
| * Add time and I/O info to last_installTianjie Xu2016-05-161-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One example of last_install is: /sideload/package.zip 1 time_total: 101 bytes_written_system: 14574000 bytes_stashed_system: 100 bytes_written_vendor: 5107400 bytes_stashed_vendor: 0 Bug: 28658632 Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
| * Skip stashing source blocks in verify modeTianjie Xu2016-03-231-8/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
| * DO NOT MERGE Control fault injection with config files instead of build flagsJed Estep2016-03-161-1/+1
| | | | | | | | | | Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
| * resolve merge conflicts of 7b6027dde4 to master.Tao Bao2016-02-041-10/+9
| |\ | | | | | | | | | Change-Id: I1d5232f61744bb18ca5de3a16a340bc3afd110bb
| * \ Merge "IO fault injection for OTA packages"Jed Estep2016-01-091-6/+7
| |\ \
| | * | IO fault injection for OTA packagesJed Estep2016-01-061-6/+7
| | | | | | | | | | | | | | | | | | | | Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
| * | | updater: Add a function to check first blockTianjie Xu2015-12-181-0/+55
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
| * | Merge "updater: Output msg when recovery is called"Tianjie Xu2015-12-111-1/+4
| |\ \
| | * | updater: Output msg when recovery is calledTianjie Xu2015-12-101-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
* | | | Merge "Fix google-explicit-constructor warnings."Chih-hung Hsieh2016-04-301-1/+1
|\ \ \ \
| * | | | Fix google-explicit-constructor warnings.Chih-Hung Hsieh2016-04-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Bug: 28341362 Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
* | | | | updater: Don't zero out CommandParameters with memset(3).Tao Bao2016-04-271-2/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [1] switched a few things to android::base::unique_fd including CommandParameters.fd. However, we were using memset(3) to zero out the struct, which effectively assigned unique_fd(0) to fd. When it called fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was later reassigned via open(2), it led to lseek(2) errors: "Bad file descriptor". This CL switches to using braced-init (i.e. '= {}') instead, so that the default constructor unique_fd(-1) would be called. [1]: commit bcabd0929316fdd022ea102cc86396547ad9f070 Bug: 28391985 Change-Id: If1f99932b15552714c399e65c8b80550344b758a
* | | | Switch to <android-base/unique_fd.h>.Elliott Hughes2016-03-291-25/+17
| | | | | | | | | | | | | | | | Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
* | | | Skip stashing source blocks in verify modeTianjie Xu2016-03-251-8/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996 (cherry picked from commit 0188935d55206e8c2becb29e995f166cb7040355)
* | | | Control fault injection with config files instead of build flagsJed Estep2016-02-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
* | | | IO fault injection for OTA packagesJed Estep2016-02-101-12/+13
| |_|/ |/| | | | | | | | | | | | | | Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
* | | Switch from mincrypt to BoringSSL in applypatch and updater.Sen Jiang2016-02-041-10/+9
| | | | | | | | | | | | | | | Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
* | | updater: Add a function to check first blockTianjie Xu2016-01-071-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f (cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf)
* | | updater: Output msg when recovery is calledTianjie Xu2015-12-111-1/+4
|/ / | | | | | | | | | | | | | | Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda (cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185)
* / updater: Replace strtok() with android::base::Split().Tao Bao2015-12-071-133/+144
|/ | | | Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
* Track rename from base/ to android-base/.Elliott Hughes2015-12-051-2/+2
| | | | Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
* updater: Bump up the BBOTA version to 4.Tao Bao2015-10-231-1/+1
| | | | | | | | | To accommodate new changes in N release, such as error correction [1] and other potential changes to the updater. [1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
* Error correction: Use libfec in blockimg.cpp for recoverySami Tolvanen2015-10-191-0/+76
| | | | | | | | | | | | Add block_image_recover function to rewrite corrupted blocks on the partition. This can be attempted if block_image_verify fails. Note that we cannot use libfec during block_image_update as it may overwrite blocks required for error correction. A separate recovery pass in case the image is corrupted is the only viable option. Bug: 21893453 Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
* updater: Skip empty lines in the transfer list file.Tao Bao2015-09-261-0/+4
| | | | | | | | | We have the last line being empty as a result of android::base::Split("a\nb\n"), which leads to "missing command" warnings in the update. Just skip all the empty lines. Bug: 24373789 Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
* updater: Use android::base::ParseInt() to parse integers.Tao Bao2015-09-241-40/+25
| | | | Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
* updater: Manage buffers with std::vector.Tao Bao2015-09-101-228/+168
| | | | Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
* updater: Replace the pointers in LoadSrcTgtVersion[1-3]() parameter.Tao Bao2015-09-081-29/+26
| | | | | | And inline the call to LoadSrcTgtVersion1() into SaveStash(). Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
* updater: Clean up C codes.Tao Bao2015-09-011-602/+429
| | | | | | | Replace C-string with std::string, pointers with references, and variable-size arrays in struct with std::vector. Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
* updater: Remove the unused isunresumable in SaveStash().Tao Bao2015-08-261-3/+3
| | | | Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
* GOOGLEGMS-749 Fix integer overflow while applying block based OTA packageShrinivas Sahukar2015-08-221-46/+48
| | | | | | | There is an integer overflow when the size of system goes beyond the signed int limits. Hence changing pos to size_t. Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
* updater: Clean up char* with std::string.Tao Bao2015-08-061-261/+141
| | | | | | | So we can remove a few free()s. And also replace a few pointers with references. Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
* udpater: Call fsync() after rename().Tao Bao2015-08-041-0/+20
| | | | | | | We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
* updater: Hoist fsync() to outer loop.Tao Bao2015-07-271-6/+5
| | | | | | | | | | Currently the fsync() inside write_all() may be called multiple times when performing a command. Move that to the outer loop and call it only after completing the command. Also remove the O_SYNC flag when writing a stash. Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
* recovery: Switch applypatch/ and updater/ to cpp.Tao Bao2015-07-141-0/+1991
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270