1 // Copyright (C) 2018 The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <libsnapshot/cow_format.h>
16 #include <libsnapshot/snapshot.h>
17
18 #include <fcntl.h>
19 #include <signal.h>
20 #include <sys/file.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23
24 #include <chrono>
25 #include <deque>
26 #include <future>
27 #include <iostream>
28
29 #include <android-base/file.h>
30 #include <android-base/logging.h>
31 #include <android-base/properties.h>
32 #include <android-base/strings.h>
33 #include <android-base/unique_fd.h>
34 #include <fs_mgr/file_wait.h>
35 #include <fs_mgr/roots.h>
36 #include <fs_mgr_dm_linear.h>
37 #include <gtest/gtest.h>
38 #include <libdm/dm.h>
39 #include <libfiemap/image_manager.h>
40 #include <liblp/builder.h>
41 #include <storage_literals/storage_literals.h>
42
43 #include <android/snapshot/snapshot.pb.h>
44 #include <libsnapshot/test_helpers.h>
45 #include "partition_cow_creator.h"
46 #include "utility.h"
47
48 // Mock classes are not used. Header included to ensure mocked class definition aligns with the
49 // class itself.
50 #include <libsnapshot/mock_device_info.h>
51 #include <libsnapshot/mock_snapshot.h>
52
53 namespace android {
54 namespace snapshot {
55
56 using android::base::unique_fd;
57 using android::dm::DeviceMapper;
58 using android::dm::DmDeviceState;
59 using android::fiemap::FiemapStatus;
60 using android::fiemap::IImageManager;
61 using android::fs_mgr::BlockDeviceInfo;
62 using android::fs_mgr::CreateLogicalPartitionParams;
63 using android::fs_mgr::DestroyLogicalPartition;
64 using android::fs_mgr::EnsurePathMounted;
65 using android::fs_mgr::EnsurePathUnmounted;
66 using android::fs_mgr::Extent;
67 using android::fs_mgr::Fstab;
68 using android::fs_mgr::GetPartitionGroupName;
69 using android::fs_mgr::GetPartitionName;
70 using android::fs_mgr::Interval;
71 using android::fs_mgr::MetadataBuilder;
72 using android::fs_mgr::SlotSuffixForSlotNumber;
73 using chromeos_update_engine::DeltaArchiveManifest;
74 using chromeos_update_engine::DynamicPartitionGroup;
75 using chromeos_update_engine::PartitionUpdate;
76 using namespace ::testing;
77 using namespace android::storage_literals;
78 using namespace std::chrono_literals;
79 using namespace std::string_literals;
80
81 // Global states. See test_helpers.h.
82 std::unique_ptr<SnapshotManager> sm;
83 TestDeviceInfo* test_device = nullptr;
84 std::string fake_super;
85
86 void MountMetadata();
87
88 class SnapshotTest : public ::testing::Test {
89 public:
SnapshotTest()90 SnapshotTest() : dm_(DeviceMapper::Instance()) {}
91
92 // This is exposed for main.
Cleanup()93 void Cleanup() {
94 InitializeState();
95 CleanupTestArtifacts();
96 }
97
98 protected:
SetUp()99 void SetUp() override {
100 SKIP_IF_NON_VIRTUAL_AB();
101
102 SnapshotTestPropertyFetcher::SetUp();
103 InitializeState();
104 CleanupTestArtifacts();
105 FormatFakeSuper();
106 MountMetadata();
107 ASSERT_TRUE(sm->BeginUpdate());
108 }
109
TearDown()110 void TearDown() override {
111 RETURN_IF_NON_VIRTUAL_AB();
112
113 lock_ = nullptr;
114
115 CleanupTestArtifacts();
116 SnapshotTestPropertyFetcher::TearDown();
117 }
118
InitializeState()119 void InitializeState() {
120 ASSERT_TRUE(sm->EnsureImageManager());
121 image_manager_ = sm->image_manager();
122
123 test_device->set_slot_suffix("_a");
124
125 sm->set_use_first_stage_snapuserd(false);
126 }
127
CleanupTestArtifacts()128 void CleanupTestArtifacts() {
129 // Normally cancelling inside a merge is not allowed. Since these
130 // are tests, we don't care, destroy everything that might exist.
131 // Note we hardcode this list because of an annoying quirk: when
132 // completing a merge, the snapshot stops existing, so we can't
133 // get an accurate list to remove.
134 lock_ = nullptr;
135
136 std::vector<std::string> snapshots = {"test-snapshot", "test_partition_a",
137 "test_partition_b"};
138 for (const auto& snapshot : snapshots) {
139 ASSERT_TRUE(DeleteSnapshotDevice(snapshot));
140 DeleteBackingImage(image_manager_, snapshot + "-cow-img");
141
142 auto status_file = sm->GetSnapshotStatusFilePath(snapshot);
143 android::base::RemoveFileIfExists(status_file);
144 }
145
146 // Remove stale partitions in fake super.
147 std::vector<std::string> partitions = {
148 "base-device",
149 "test_partition_b",
150 "test_partition_b-base",
151 "test_partition_b-base",
152 };
153 for (const auto& partition : partitions) {
154 DeleteDevice(partition);
155 }
156
157 if (sm->GetUpdateState() != UpdateState::None) {
158 auto state_file = sm->GetStateFilePath();
159 unlink(state_file.c_str());
160 }
161 }
162
AcquireLock()163 bool AcquireLock() {
164 lock_ = sm->LockExclusive();
165 return !!lock_;
166 }
167
168 // This is so main() can instantiate this to invoke Cleanup.
TestBody()169 virtual void TestBody() override {}
170
FormatFakeSuper()171 void FormatFakeSuper() {
172 BlockDeviceInfo super_device("super", kSuperSize, 0, 0, 4096);
173 std::vector<BlockDeviceInfo> devices = {super_device};
174
175 auto builder = MetadataBuilder::New(devices, "super", 65536, 2);
176 ASSERT_NE(builder, nullptr);
177
178 auto metadata = builder->Export();
179 ASSERT_NE(metadata, nullptr);
180
181 TestPartitionOpener opener(fake_super);
182 ASSERT_TRUE(FlashPartitionTable(opener, fake_super, *metadata.get()));
183 }
184
185 // If |path| is non-null, the partition will be mapped after creation.
CreatePartition(const std::string & name,uint64_t size,std::string * path=nullptr,const std::optional<std::string> group={})186 bool CreatePartition(const std::string& name, uint64_t size, std::string* path = nullptr,
187 const std::optional<std::string> group = {}) {
188 TestPartitionOpener opener(fake_super);
189 auto builder = MetadataBuilder::New(opener, "super", 0);
190 if (!builder) return false;
191
192 std::string partition_group = std::string(android::fs_mgr::kDefaultGroup);
193 if (group) {
194 partition_group = *group;
195 }
196 return CreatePartition(builder.get(), name, size, path, partition_group);
197 }
198
CreatePartition(MetadataBuilder * builder,const std::string & name,uint64_t size,std::string * path,const std::string & group)199 bool CreatePartition(MetadataBuilder* builder, const std::string& name, uint64_t size,
200 std::string* path, const std::string& group) {
201 auto partition = builder->AddPartition(name, group, 0);
202 if (!partition) return false;
203 if (!builder->ResizePartition(partition, size)) {
204 return false;
205 }
206
207 // Update the source slot.
208 auto metadata = builder->Export();
209 if (!metadata) return false;
210
211 TestPartitionOpener opener(fake_super);
212 if (!UpdatePartitionTable(opener, "super", *metadata.get(), 0)) {
213 return false;
214 }
215
216 if (!path) return true;
217
218 CreateLogicalPartitionParams params = {
219 .block_device = fake_super,
220 .metadata = metadata.get(),
221 .partition_name = name,
222 .force_writable = true,
223 .timeout_ms = 10s,
224 };
225 return CreateLogicalPartition(params, path);
226 }
227
MapUpdateSnapshot(const std::string & name,std::unique_ptr<ISnapshotWriter> * writer)228 AssertionResult MapUpdateSnapshot(const std::string& name,
229 std::unique_ptr<ISnapshotWriter>* writer) {
230 TestPartitionOpener opener(fake_super);
231 CreateLogicalPartitionParams params{
232 .block_device = fake_super,
233 .metadata_slot = 1,
234 .partition_name = name,
235 .timeout_ms = 10s,
236 .partition_opener = &opener,
237 };
238
239 auto old_partition = "/dev/block/mapper/" + GetOtherPartitionName(name);
240 auto result = sm->OpenSnapshotWriter(params, {old_partition});
241 if (!result) {
242 return AssertionFailure() << "Cannot open snapshot for writing: " << name;
243 }
244 if (!result->Initialize()) {
245 return AssertionFailure() << "Cannot initialize snapshot for writing: " << name;
246 }
247
248 if (writer) {
249 *writer = std::move(result);
250 }
251 return AssertionSuccess();
252 }
253
MapUpdateSnapshot(const std::string & name,std::string * path)254 AssertionResult MapUpdateSnapshot(const std::string& name, std::string* path) {
255 TestPartitionOpener opener(fake_super);
256 CreateLogicalPartitionParams params{
257 .block_device = fake_super,
258 .metadata_slot = 1,
259 .partition_name = name,
260 .timeout_ms = 10s,
261 .partition_opener = &opener,
262 };
263
264 auto result = sm->MapUpdateSnapshot(params, path);
265 if (!result) {
266 return AssertionFailure() << "Cannot open snapshot for writing: " << name;
267 }
268 return AssertionSuccess();
269 }
270
DeleteSnapshotDevice(const std::string & snapshot)271 AssertionResult DeleteSnapshotDevice(const std::string& snapshot) {
272 AssertionResult res = AssertionSuccess();
273 if (!(res = DeleteDevice(snapshot))) return res;
274 if (!sm->UnmapDmUserDevice(snapshot)) {
275 return AssertionFailure() << "Cannot delete dm-user device for " << snapshot;
276 }
277 if (!(res = DeleteDevice(snapshot + "-inner"))) return res;
278 if (!(res = DeleteDevice(snapshot + "-cow"))) return res;
279 if (!image_manager_->UnmapImageIfExists(snapshot + "-cow-img")) {
280 return AssertionFailure() << "Cannot unmap image " << snapshot << "-cow-img";
281 }
282 if (!(res = DeleteDevice(snapshot + "-base"))) return res;
283 if (!(res = DeleteDevice(snapshot + "-src"))) return res;
284 return AssertionSuccess();
285 }
286
DeleteDevice(const std::string & device)287 AssertionResult DeleteDevice(const std::string& device) {
288 if (!dm_.DeleteDeviceIfExists(device)) {
289 return AssertionFailure() << "Can't delete " << device;
290 }
291 return AssertionSuccess();
292 }
293
CreateCowImage(const std::string & name)294 AssertionResult CreateCowImage(const std::string& name) {
295 if (!sm->CreateCowImage(lock_.get(), name)) {
296 return AssertionFailure() << "Cannot create COW image " << name;
297 }
298 std::string cow_device;
299 auto map_res = MapCowImage(name, 10s, &cow_device);
300 if (!map_res) {
301 return map_res;
302 }
303 if (!InitializeKernelCow(cow_device)) {
304 return AssertionFailure() << "Cannot zero fill " << cow_device;
305 }
306 if (!sm->UnmapCowImage(name)) {
307 return AssertionFailure() << "Cannot unmap " << name << " after zero filling it";
308 }
309 return AssertionSuccess();
310 }
311
MapCowImage(const std::string & name,const std::chrono::milliseconds & timeout_ms,std::string * path)312 AssertionResult MapCowImage(const std::string& name,
313 const std::chrono::milliseconds& timeout_ms, std::string* path) {
314 auto cow_image_path = sm->MapCowImage(name, timeout_ms);
315 if (!cow_image_path.has_value()) {
316 return AssertionFailure() << "Cannot map cow image " << name;
317 }
318 *path = *cow_image_path;
319 return AssertionSuccess();
320 }
321
322 // Prepare A/B slot for a partition named "test_partition".
PrepareOneSnapshot(uint64_t device_size,std::unique_ptr<ISnapshotWriter> * writer=nullptr)323 AssertionResult PrepareOneSnapshot(uint64_t device_size,
324 std::unique_ptr<ISnapshotWriter>* writer = nullptr) {
325 lock_ = nullptr;
326
327 DeltaArchiveManifest manifest;
328
329 auto dynamic_partition_metadata = manifest.mutable_dynamic_partition_metadata();
330 dynamic_partition_metadata->set_vabc_enabled(IsCompressionEnabled());
331 dynamic_partition_metadata->set_cow_version(android::snapshot::kCowVersionMajor);
332
333 auto group = dynamic_partition_metadata->add_groups();
334 group->set_name("group");
335 group->set_size(device_size * 2);
336 group->add_partition_names("test_partition");
337
338 auto pu = manifest.add_partitions();
339 pu->set_partition_name("test_partition");
340 pu->set_estimate_cow_size(device_size);
341 SetSize(pu, device_size);
342
343 auto extent = pu->add_operations()->add_dst_extents();
344 extent->set_start_block(0);
345 if (device_size) {
346 extent->set_num_blocks(device_size / manifest.block_size());
347 }
348
349 TestPartitionOpener opener(fake_super);
350 auto builder = MetadataBuilder::New(opener, "super", 0);
351 if (!builder) {
352 return AssertionFailure() << "Failed to open MetadataBuilder";
353 }
354 builder->AddGroup("group_a", 16_GiB);
355 builder->AddGroup("group_b", 16_GiB);
356 if (!CreatePartition(builder.get(), "test_partition_a", device_size, nullptr, "group_a")) {
357 return AssertionFailure() << "Failed create test_partition_a";
358 }
359
360 if (!sm->CreateUpdateSnapshots(manifest)) {
361 return AssertionFailure() << "Failed to create update snapshots";
362 }
363
364 if (writer) {
365 auto res = MapUpdateSnapshot("test_partition_b", writer);
366 if (!res) {
367 return res;
368 }
369 } else if (!IsCompressionEnabled()) {
370 std::string ignore;
371 if (!MapUpdateSnapshot("test_partition_b", &ignore)) {
372 return AssertionFailure() << "Failed to map test_partition_b";
373 }
374 }
375 if (!AcquireLock()) {
376 return AssertionFailure() << "Failed to acquire lock";
377 }
378 return AssertionSuccess();
379 }
380
381 // Simulate a reboot into the new slot.
SimulateReboot()382 AssertionResult SimulateReboot() {
383 lock_ = nullptr;
384 if (!sm->FinishedSnapshotWrites(false)) {
385 return AssertionFailure() << "Failed to finish snapshot writes";
386 }
387 if (!sm->UnmapUpdateSnapshot("test_partition_b")) {
388 return AssertionFailure() << "Failed to unmap COW for test_partition_b";
389 }
390 if (!dm_.DeleteDeviceIfExists("test_partition_b")) {
391 return AssertionFailure() << "Failed to delete test_partition_b";
392 }
393 if (!dm_.DeleteDeviceIfExists("test_partition_b-base")) {
394 return AssertionFailure() << "Failed to destroy test_partition_b-base";
395 }
396 return AssertionSuccess();
397 }
398
NewManagerForFirstStageMount(const std::string & slot_suffix="_a")399 std::unique_ptr<SnapshotManager> NewManagerForFirstStageMount(
400 const std::string& slot_suffix = "_a") {
401 auto info = new TestDeviceInfo(fake_super, slot_suffix);
402 return NewManagerForFirstStageMount(info);
403 }
404
NewManagerForFirstStageMount(TestDeviceInfo * info)405 std::unique_ptr<SnapshotManager> NewManagerForFirstStageMount(TestDeviceInfo* info) {
406 info->set_first_stage_init(true);
407 auto init = SnapshotManager::NewForFirstStageMount(info);
408 if (!init) {
409 return nullptr;
410 }
411 init->SetUeventRegenCallback([](const std::string& device) -> bool {
412 return android::fs_mgr::WaitForFile(device, snapshot_timeout_);
413 });
414 return init;
415 }
416
417 static constexpr std::chrono::milliseconds snapshot_timeout_ = 5s;
418 DeviceMapper& dm_;
419 std::unique_ptr<SnapshotManager::LockedFile> lock_;
420 android::fiemap::IImageManager* image_manager_ = nullptr;
421 std::string fake_super_;
422 };
423
TEST_F(SnapshotTest,CreateSnapshot)424 TEST_F(SnapshotTest, CreateSnapshot) {
425 ASSERT_TRUE(AcquireLock());
426
427 PartitionCowCreator cow_creator;
428 cow_creator.compression_enabled = IsCompressionEnabled();
429 if (cow_creator.compression_enabled) {
430 cow_creator.compression_algorithm = "gz";
431 } else {
432 cow_creator.compression_algorithm = "none";
433 }
434
435 static const uint64_t kDeviceSize = 1024 * 1024;
436 SnapshotStatus status;
437 status.set_name("test-snapshot");
438 status.set_device_size(kDeviceSize);
439 status.set_snapshot_size(kDeviceSize);
440 status.set_cow_file_size(kDeviceSize);
441 ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
442 ASSERT_TRUE(CreateCowImage("test-snapshot"));
443
444 std::vector<std::string> snapshots;
445 ASSERT_TRUE(sm->ListSnapshots(lock_.get(), &snapshots));
446 ASSERT_EQ(snapshots.size(), 1);
447 ASSERT_EQ(snapshots[0], "test-snapshot");
448
449 // Scope so delete can re-acquire the snapshot file lock.
450 {
451 SnapshotStatus status;
452 ASSERT_TRUE(sm->ReadSnapshotStatus(lock_.get(), "test-snapshot", &status));
453 ASSERT_EQ(status.state(), SnapshotState::CREATED);
454 ASSERT_EQ(status.device_size(), kDeviceSize);
455 ASSERT_EQ(status.snapshot_size(), kDeviceSize);
456 ASSERT_EQ(status.compression_enabled(), cow_creator.compression_enabled);
457 ASSERT_EQ(status.compression_algorithm(), cow_creator.compression_algorithm);
458 }
459
460 ASSERT_TRUE(sm->UnmapSnapshot(lock_.get(), "test-snapshot"));
461 ASSERT_TRUE(sm->UnmapCowImage("test-snapshot"));
462 ASSERT_TRUE(sm->DeleteSnapshot(lock_.get(), "test-snapshot"));
463 }
464
TEST_F(SnapshotTest,MapSnapshot)465 TEST_F(SnapshotTest, MapSnapshot) {
466 ASSERT_TRUE(AcquireLock());
467
468 PartitionCowCreator cow_creator;
469 cow_creator.compression_enabled = IsCompressionEnabled();
470
471 static const uint64_t kDeviceSize = 1024 * 1024;
472 SnapshotStatus status;
473 status.set_name("test-snapshot");
474 status.set_device_size(kDeviceSize);
475 status.set_snapshot_size(kDeviceSize);
476 status.set_cow_file_size(kDeviceSize);
477 ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
478 ASSERT_TRUE(CreateCowImage("test-snapshot"));
479
480 std::string base_device;
481 ASSERT_TRUE(CreatePartition("base-device", kDeviceSize, &base_device));
482
483 std::string cow_device;
484 ASSERT_TRUE(MapCowImage("test-snapshot", 10s, &cow_device));
485
486 std::string snap_device;
487 ASSERT_TRUE(sm->MapSnapshot(lock_.get(), "test-snapshot", base_device, cow_device, 10s,
488 &snap_device));
489 ASSERT_TRUE(android::base::StartsWith(snap_device, "/dev/block/dm-"));
490 }
491
TEST_F(SnapshotTest,NoMergeBeforeReboot)492 TEST_F(SnapshotTest, NoMergeBeforeReboot) {
493 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
494
495 // Merge should fail, since the slot hasn't changed.
496 ASSERT_FALSE(sm->InitiateMerge());
497 }
498
TEST_F(SnapshotTest,CleanFirstStageMount)499 TEST_F(SnapshotTest, CleanFirstStageMount) {
500 // If there's no update in progress, there should be no first-stage mount
501 // needed.
502 auto sm = NewManagerForFirstStageMount();
503 ASSERT_NE(sm, nullptr);
504 ASSERT_FALSE(sm->NeedSnapshotsInFirstStageMount());
505 }
506
TEST_F(SnapshotTest,FirstStageMountAfterRollback)507 TEST_F(SnapshotTest, FirstStageMountAfterRollback) {
508 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
509
510 // We didn't change the slot, so we shouldn't need snapshots.
511 auto sm = NewManagerForFirstStageMount();
512 ASSERT_NE(sm, nullptr);
513 ASSERT_FALSE(sm->NeedSnapshotsInFirstStageMount());
514
515 auto indicator = sm->GetRollbackIndicatorPath();
516 ASSERT_EQ(access(indicator.c_str(), R_OK), 0);
517 }
518
TEST_F(SnapshotTest,Merge)519 TEST_F(SnapshotTest, Merge) {
520 ASSERT_TRUE(AcquireLock());
521
522 static const uint64_t kDeviceSize = 1024 * 1024;
523
524 std::unique_ptr<ISnapshotWriter> writer;
525 ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize, &writer));
526
527 // Release the lock.
528 lock_ = nullptr;
529
530 std::string test_string = "This is a test string.";
531 test_string.resize(writer->options().block_size);
532 ASSERT_TRUE(writer->AddRawBlocks(0, test_string.data(), test_string.size()));
533 ASSERT_TRUE(writer->Finalize());
534 writer = nullptr;
535
536 // Done updating.
537 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
538
539 ASSERT_TRUE(sm->UnmapUpdateSnapshot("test_partition_b"));
540
541 test_device->set_slot_suffix("_b");
542 ASSERT_TRUE(sm->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
543 ASSERT_TRUE(sm->InitiateMerge());
544
545 // The device should have been switched to a snapshot-merge target.
546 DeviceMapper::TargetInfo target;
547 ASSERT_TRUE(sm->IsSnapshotDevice("test_partition_b", &target));
548 ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot-merge");
549
550 // We should not be able to cancel an update now.
551 ASSERT_FALSE(sm->CancelUpdate());
552
553 ASSERT_EQ(sm->ProcessUpdateState(), UpdateState::MergeCompleted);
554 ASSERT_EQ(sm->GetUpdateState(), UpdateState::None);
555
556 // The device should no longer be a snapshot or snapshot-merge.
557 ASSERT_FALSE(sm->IsSnapshotDevice("test_partition_b"));
558
559 // Test that we can read back the string we wrote to the snapshot. Note
560 // that the base device is gone now. |snap_device| contains the correct
561 // partition.
562 unique_fd fd(open("/dev/block/mapper/test_partition_b", O_RDONLY | O_CLOEXEC));
563 ASSERT_GE(fd, 0);
564
565 std::string buffer(test_string.size(), '\0');
566 ASSERT_TRUE(android::base::ReadFully(fd, buffer.data(), buffer.size()));
567 ASSERT_EQ(test_string, buffer);
568 }
569
TEST_F(SnapshotTest,FirstStageMountAndMerge)570 TEST_F(SnapshotTest, FirstStageMountAndMerge) {
571 ASSERT_TRUE(AcquireLock());
572
573 static const uint64_t kDeviceSize = 1024 * 1024;
574 ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
575 ASSERT_TRUE(SimulateReboot());
576
577 auto init = NewManagerForFirstStageMount("_b");
578 ASSERT_NE(init, nullptr);
579 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
580 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
581
582 ASSERT_TRUE(AcquireLock());
583
584 // Validate that we have a snapshot device.
585 SnapshotStatus status;
586 ASSERT_TRUE(init->ReadSnapshotStatus(lock_.get(), "test_partition_b", &status));
587 ASSERT_EQ(status.state(), SnapshotState::CREATED);
588 if (IsCompressionEnabled()) {
589 ASSERT_EQ(status.compression_algorithm(), "gz");
590 } else {
591 ASSERT_EQ(status.compression_algorithm(), "none");
592 }
593
594 DeviceMapper::TargetInfo target;
595 ASSERT_TRUE(init->IsSnapshotDevice("test_partition_b", &target));
596 ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
597 }
598
TEST_F(SnapshotTest,FlashSuperDuringUpdate)599 TEST_F(SnapshotTest, FlashSuperDuringUpdate) {
600 ASSERT_TRUE(AcquireLock());
601
602 static const uint64_t kDeviceSize = 1024 * 1024;
603 ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
604 ASSERT_TRUE(SimulateReboot());
605
606 // Reflash the super partition.
607 FormatFakeSuper();
608 ASSERT_TRUE(CreatePartition("test_partition_b", kDeviceSize));
609
610 auto init = NewManagerForFirstStageMount("_b");
611 ASSERT_NE(init, nullptr);
612 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
613 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
614
615 ASSERT_TRUE(AcquireLock());
616
617 SnapshotStatus status;
618 ASSERT_TRUE(init->ReadSnapshotStatus(lock_.get(), "test_partition_b", &status));
619
620 // We should not get a snapshot device now.
621 DeviceMapper::TargetInfo target;
622 ASSERT_FALSE(init->IsSnapshotDevice("test_partition_b", &target));
623
624 // We should see a cancelled update as well.
625 lock_ = nullptr;
626 ASSERT_EQ(sm->ProcessUpdateState(), UpdateState::Cancelled);
627 }
628
TEST_F(SnapshotTest,FlashSuperDuringMerge)629 TEST_F(SnapshotTest, FlashSuperDuringMerge) {
630 ASSERT_TRUE(AcquireLock());
631
632 static const uint64_t kDeviceSize = 1024 * 1024;
633 ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
634 ASSERT_TRUE(SimulateReboot());
635
636 auto init = NewManagerForFirstStageMount("_b");
637 ASSERT_NE(init, nullptr);
638 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
639 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
640 ASSERT_TRUE(init->InitiateMerge());
641
642 // Now, reflash super. Note that we haven't called ProcessUpdateState, so the
643 // status is still Merging.
644 ASSERT_TRUE(DeleteSnapshotDevice("test_partition_b"));
645 ASSERT_TRUE(init->image_manager()->UnmapImageIfExists("test_partition_b-cow-img"));
646 FormatFakeSuper();
647 ASSERT_TRUE(CreatePartition("test_partition_b", kDeviceSize));
648 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
649 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
650
651 // Because the status is Merging, we must call ProcessUpdateState, which should
652 // detect a cancelled update.
653 ASSERT_EQ(init->ProcessUpdateState(), UpdateState::Cancelled);
654 ASSERT_EQ(init->GetUpdateState(), UpdateState::None);
655 }
656
TEST_F(SnapshotTest,UpdateBootControlHal)657 TEST_F(SnapshotTest, UpdateBootControlHal) {
658 ASSERT_TRUE(AcquireLock());
659
660 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::None));
661 ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
662
663 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Initiated));
664 ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
665
666 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Unverified));
667 ASSERT_EQ(test_device->merge_status(), MergeStatus::SNAPSHOTTED);
668
669 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Merging));
670 ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
671
672 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeNeedsReboot));
673 ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
674
675 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeCompleted));
676 ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
677
678 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeFailed));
679 ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
680 }
681
TEST_F(SnapshotTest,MergeFailureCode)682 TEST_F(SnapshotTest, MergeFailureCode) {
683 ASSERT_TRUE(AcquireLock());
684
685 ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeFailed,
686 MergeFailureCode::ListSnapshots));
687 ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
688
689 SnapshotUpdateStatus status = sm->ReadSnapshotUpdateStatus(lock_.get());
690 ASSERT_EQ(status.state(), UpdateState::MergeFailed);
691 ASSERT_EQ(status.merge_failure_code(), MergeFailureCode::ListSnapshots);
692 }
693
694 enum class Request { UNKNOWN, LOCK_SHARED, LOCK_EXCLUSIVE, UNLOCK, EXIT };
operator <<(std::ostream & os,Request request)695 std::ostream& operator<<(std::ostream& os, Request request) {
696 switch (request) {
697 case Request::LOCK_SHARED:
698 return os << "Shared";
699 case Request::LOCK_EXCLUSIVE:
700 return os << "Exclusive";
701 case Request::UNLOCK:
702 return os << "Unlock";
703 case Request::EXIT:
704 return os << "Exit";
705 case Request::UNKNOWN:
706 [[fallthrough]];
707 default:
708 return os << "Unknown";
709 }
710 }
711
712 class LockTestConsumer {
713 public:
MakeRequest(Request new_request)714 AssertionResult MakeRequest(Request new_request) {
715 {
716 std::unique_lock<std::mutex> ulock(mutex_);
717 requests_.push_back(new_request);
718 }
719 cv_.notify_all();
720 return AssertionSuccess() << "Request " << new_request << " successful";
721 }
722
723 template <typename R, typename P>
WaitFulfill(std::chrono::duration<R,P> timeout)724 AssertionResult WaitFulfill(std::chrono::duration<R, P> timeout) {
725 std::unique_lock<std::mutex> ulock(mutex_);
726 if (cv_.wait_for(ulock, timeout, [this] { return requests_.empty(); })) {
727 return AssertionSuccess() << "All requests_ fulfilled.";
728 }
729 return AssertionFailure() << "Timeout waiting for fulfilling " << requests_.size()
730 << " request(s), first one is "
731 << (requests_.empty() ? Request::UNKNOWN : requests_.front());
732 }
733
StartHandleRequestsInBackground()734 void StartHandleRequestsInBackground() {
735 future_ = std::async(std::launch::async, &LockTestConsumer::HandleRequests, this);
736 }
737
738 private:
HandleRequests()739 void HandleRequests() {
740 static constexpr auto consumer_timeout = 3s;
741
742 auto next_request = Request::UNKNOWN;
743 do {
744 // Peek next request.
745 {
746 std::unique_lock<std::mutex> ulock(mutex_);
747 if (cv_.wait_for(ulock, consumer_timeout, [this] { return !requests_.empty(); })) {
748 next_request = requests_.front();
749 } else {
750 next_request = Request::EXIT;
751 }
752 }
753
754 // Handle next request.
755 switch (next_request) {
756 case Request::LOCK_SHARED: {
757 lock_ = sm->LockShared();
758 } break;
759 case Request::LOCK_EXCLUSIVE: {
760 lock_ = sm->LockExclusive();
761 } break;
762 case Request::EXIT:
763 [[fallthrough]];
764 case Request::UNLOCK: {
765 lock_.reset();
766 } break;
767 case Request::UNKNOWN:
768 [[fallthrough]];
769 default:
770 break;
771 }
772
773 // Pop next request. This thread is the only thread that
774 // pops from the front of the requests_ deque.
775 {
776 std::unique_lock<std::mutex> ulock(mutex_);
777 if (next_request == Request::EXIT) {
778 requests_.clear();
779 } else {
780 requests_.pop_front();
781 }
782 }
783 cv_.notify_all();
784 } while (next_request != Request::EXIT);
785 }
786
787 std::mutex mutex_;
788 std::condition_variable cv_;
789 std::deque<Request> requests_;
790 std::unique_ptr<SnapshotManager::LockedFile> lock_;
791 std::future<void> future_;
792 };
793
794 class LockTest : public ::testing::Test {
795 public:
SetUp()796 void SetUp() {
797 SKIP_IF_NON_VIRTUAL_AB();
798 first_consumer.StartHandleRequestsInBackground();
799 second_consumer.StartHandleRequestsInBackground();
800 }
801
TearDown()802 void TearDown() {
803 RETURN_IF_NON_VIRTUAL_AB();
804 EXPECT_TRUE(first_consumer.MakeRequest(Request::EXIT));
805 EXPECT_TRUE(second_consumer.MakeRequest(Request::EXIT));
806 }
807
808 static constexpr auto request_timeout = 500ms;
809 LockTestConsumer first_consumer;
810 LockTestConsumer second_consumer;
811 };
812
TEST_F(LockTest,SharedShared)813 TEST_F(LockTest, SharedShared) {
814 ASSERT_TRUE(first_consumer.MakeRequest(Request::LOCK_SHARED));
815 ASSERT_TRUE(first_consumer.WaitFulfill(request_timeout));
816 ASSERT_TRUE(second_consumer.MakeRequest(Request::LOCK_SHARED));
817 ASSERT_TRUE(second_consumer.WaitFulfill(request_timeout));
818 }
819
820 using LockTestParam = std::pair<Request, Request>;
821 class LockTestP : public LockTest, public ::testing::WithParamInterface<LockTestParam> {};
TEST_P(LockTestP,Test)822 TEST_P(LockTestP, Test) {
823 ASSERT_TRUE(first_consumer.MakeRequest(GetParam().first));
824 ASSERT_TRUE(first_consumer.WaitFulfill(request_timeout));
825 ASSERT_TRUE(second_consumer.MakeRequest(GetParam().second));
826 ASSERT_FALSE(second_consumer.WaitFulfill(request_timeout))
827 << "Should not be able to " << GetParam().second << " while separate thread "
828 << GetParam().first;
829 ASSERT_TRUE(first_consumer.MakeRequest(Request::UNLOCK));
830 ASSERT_TRUE(second_consumer.WaitFulfill(request_timeout))
831 << "Should be able to hold lock that is released by separate thread";
832 }
833 INSTANTIATE_TEST_SUITE_P(
834 LockTest, LockTestP,
835 testing::Values(LockTestParam{Request::LOCK_EXCLUSIVE, Request::LOCK_EXCLUSIVE},
836 LockTestParam{Request::LOCK_EXCLUSIVE, Request::LOCK_SHARED},
837 LockTestParam{Request::LOCK_SHARED, Request::LOCK_EXCLUSIVE}),
__anon4de4482e0402(const testing::TestParamInfo<LockTestP::ParamType>& info) 838 [](const testing::TestParamInfo<LockTestP::ParamType>& info) {
839 std::stringstream ss;
840 ss << info.param.first << info.param.second;
841 return ss.str();
842 });
843
844 class SnapshotUpdateTest : public SnapshotTest {
845 public:
SetUp()846 void SetUp() override {
847 SKIP_IF_NON_VIRTUAL_AB();
848
849 SnapshotTest::SetUp();
850 Cleanup();
851
852 // Cleanup() changes slot suffix, so initialize it again.
853 test_device->set_slot_suffix("_a");
854
855 opener_ = std::make_unique<TestPartitionOpener>(fake_super);
856
857 auto dynamic_partition_metadata = manifest_.mutable_dynamic_partition_metadata();
858 dynamic_partition_metadata->set_vabc_enabled(IsCompressionEnabled());
859 dynamic_partition_metadata->set_cow_version(android::snapshot::kCowVersionMajor);
860
861 // Create a fake update package metadata.
862 // Not using full name "system", "vendor", "product" because these names collide with the
863 // mapped partitions on the running device.
864 // Each test modifies manifest_ slightly to indicate changes to the partition layout.
865 group_ = dynamic_partition_metadata->add_groups();
866 group_->set_name("group");
867 group_->set_size(kGroupSize);
868 group_->add_partition_names("sys");
869 group_->add_partition_names("vnd");
870 group_->add_partition_names("prd");
871 sys_ = manifest_.add_partitions();
872 sys_->set_partition_name("sys");
873 sys_->set_estimate_cow_size(2_MiB);
874 SetSize(sys_, 3_MiB);
875 vnd_ = manifest_.add_partitions();
876 vnd_->set_partition_name("vnd");
877 vnd_->set_estimate_cow_size(2_MiB);
878 SetSize(vnd_, 3_MiB);
879 prd_ = manifest_.add_partitions();
880 prd_->set_partition_name("prd");
881 prd_->set_estimate_cow_size(2_MiB);
882 SetSize(prd_, 3_MiB);
883
884 // Initialize source partition metadata using |manifest_|.
885 src_ = MetadataBuilder::New(*opener_, "super", 0);
886 ASSERT_NE(src_, nullptr);
887 ASSERT_TRUE(FillFakeMetadata(src_.get(), manifest_, "_a"));
888 // Add sys_b which is like system_other.
889 ASSERT_TRUE(src_->AddGroup("group_b", kGroupSize));
890 auto partition = src_->AddPartition("sys_b", "group_b", 0);
891 ASSERT_NE(nullptr, partition);
892 ASSERT_TRUE(src_->ResizePartition(partition, 1_MiB));
893 auto metadata = src_->Export();
894 ASSERT_NE(nullptr, metadata);
895 ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
896
897 // Map source partitions. Additionally, map sys_b to simulate system_other after flashing.
898 std::string path;
899 for (const auto& name : {"sys_a", "vnd_a", "prd_a", "sys_b"}) {
900 ASSERT_TRUE(CreateLogicalPartition(
901 CreateLogicalPartitionParams{
902 .block_device = fake_super,
903 .metadata_slot = 0,
904 .partition_name = name,
905 .timeout_ms = 1s,
906 .partition_opener = opener_.get(),
907 },
908 &path));
909 ASSERT_TRUE(WriteRandomData(path));
910 auto hash = GetHash(path);
911 ASSERT_TRUE(hash.has_value());
912 hashes_[name] = *hash;
913 }
914 }
TearDown()915 void TearDown() override {
916 RETURN_IF_NON_VIRTUAL_AB();
917
918 Cleanup();
919 SnapshotTest::TearDown();
920 }
Cleanup()921 void Cleanup() {
922 if (!image_manager_) {
923 InitializeState();
924 }
925 MountMetadata();
926 for (const auto& suffix : {"_a", "_b"}) {
927 test_device->set_slot_suffix(suffix);
928 EXPECT_TRUE(sm->CancelUpdate()) << suffix;
929 }
930 EXPECT_TRUE(UnmapAll());
931 }
932
IsPartitionUnchanged(const std::string & name)933 AssertionResult IsPartitionUnchanged(const std::string& name) {
934 std::string path;
935 if (!dm_.GetDmDevicePathByName(name, &path)) {
936 return AssertionFailure() << "Path of " << name << " cannot be determined";
937 }
938 auto hash = GetHash(path);
939 if (!hash.has_value()) {
940 return AssertionFailure() << "Cannot read partition " << name << ": " << path;
941 }
942 auto it = hashes_.find(name);
943 if (it == hashes_.end()) {
944 return AssertionFailure() << "No existing hash for " << name << ". Bad test code?";
945 }
946 if (it->second != *hash) {
947 return AssertionFailure() << "Content of " << name << " has changed";
948 }
949 return AssertionSuccess();
950 }
951
GetSnapshotSize(const std::string & name)952 std::optional<uint64_t> GetSnapshotSize(const std::string& name) {
953 if (!AcquireLock()) {
954 return std::nullopt;
955 }
956 auto local_lock = std::move(lock_);
957
958 SnapshotStatus status;
959 if (!sm->ReadSnapshotStatus(local_lock.get(), name, &status)) {
960 return std::nullopt;
961 }
962 return status.snapshot_size();
963 }
964
UnmapAll()965 AssertionResult UnmapAll() {
966 for (const auto& name : {"sys", "vnd", "prd"}) {
967 if (!dm_.DeleteDeviceIfExists(name + "_a"s)) {
968 return AssertionFailure() << "Cannot unmap " << name << "_a";
969 }
970 if (!DeleteSnapshotDevice(name + "_b"s)) {
971 return AssertionFailure() << "Cannot delete snapshot " << name << "_b";
972 }
973 }
974 return AssertionSuccess();
975 }
976
MapOneUpdateSnapshot(const std::string & name)977 AssertionResult MapOneUpdateSnapshot(const std::string& name) {
978 if (IsCompressionEnabled()) {
979 std::unique_ptr<ISnapshotWriter> writer;
980 return MapUpdateSnapshot(name, &writer);
981 } else {
982 std::string path;
983 return MapUpdateSnapshot(name, &path);
984 }
985 }
986
WriteSnapshotAndHash(const std::string & name)987 AssertionResult WriteSnapshotAndHash(const std::string& name) {
988 if (IsCompressionEnabled()) {
989 std::unique_ptr<ISnapshotWriter> writer;
990 auto res = MapUpdateSnapshot(name, &writer);
991 if (!res) {
992 return res;
993 }
994 if (!WriteRandomData(writer.get(), &hashes_[name])) {
995 return AssertionFailure() << "Unable to write random data to snapshot " << name;
996 }
997 if (!writer->Finalize()) {
998 return AssertionFailure() << "Unable to finalize COW for " << name;
999 }
1000 } else {
1001 std::string path;
1002 auto res = MapUpdateSnapshot(name, &path);
1003 if (!res) {
1004 return res;
1005 }
1006 if (!WriteRandomData(path, std::nullopt, &hashes_[name])) {
1007 return AssertionFailure() << "Unable to write random data to snapshot " << name;
1008 }
1009 }
1010
1011 // Make sure updates to one device are seen by all devices.
1012 sync();
1013
1014 return AssertionSuccess() << "Written random data to snapshot " << name
1015 << ", hash: " << hashes_[name];
1016 }
1017
1018 // Generate a snapshot that moves all the upper blocks down to the start.
1019 // It doesn't really matter the order, we just want copies that reference
1020 // blocks that won't exist if the partition shrinks.
ShiftAllSnapshotBlocks(const std::string & name,uint64_t old_size)1021 AssertionResult ShiftAllSnapshotBlocks(const std::string& name, uint64_t old_size) {
1022 std::unique_ptr<ISnapshotWriter> writer;
1023 if (auto res = MapUpdateSnapshot(name, &writer); !res) {
1024 return res;
1025 }
1026 if (!writer->options().max_blocks || !*writer->options().max_blocks) {
1027 return AssertionFailure() << "No max blocks set for " << name << " writer";
1028 }
1029
1030 uint64_t src_block = (old_size / writer->options().block_size) - 1;
1031 uint64_t dst_block = 0;
1032 uint64_t max_blocks = *writer->options().max_blocks;
1033 while (dst_block < max_blocks && dst_block < src_block) {
1034 if (!writer->AddCopy(dst_block, src_block)) {
1035 return AssertionFailure() << "Unable to add copy for " << name << " for blocks "
1036 << src_block << ", " << dst_block;
1037 }
1038 dst_block++;
1039 src_block--;
1040 }
1041 if (!writer->Finalize()) {
1042 return AssertionFailure() << "Unable to finalize writer for " << name;
1043 }
1044
1045 auto hash = HashSnapshot(writer.get());
1046 if (hash.empty()) {
1047 return AssertionFailure() << "Unable to hash snapshot writer for " << name;
1048 }
1049 hashes_[name] = hash;
1050
1051 return AssertionSuccess();
1052 }
1053
MapUpdateSnapshots(const std::vector<std::string> & names={"sys_b", "vnd_b", "prd_b"})1054 AssertionResult MapUpdateSnapshots(const std::vector<std::string>& names = {"sys_b", "vnd_b",
1055 "prd_b"}) {
1056 for (const auto& name : names) {
1057 auto res = MapOneUpdateSnapshot(name);
1058 if (!res) {
1059 return res;
1060 }
1061 }
1062 return AssertionSuccess();
1063 }
1064
1065 // Create fake install operations to grow the COW device size.
AddOperation(PartitionUpdate * partition_update,uint64_t size_bytes=0)1066 void AddOperation(PartitionUpdate* partition_update, uint64_t size_bytes = 0) {
1067 auto e = partition_update->add_operations()->add_dst_extents();
1068 e->set_start_block(0);
1069 if (size_bytes == 0) {
1070 size_bytes = GetSize(partition_update);
1071 }
1072 e->set_num_blocks(size_bytes / manifest_.block_size());
1073 }
1074
AddOperationForPartitions(std::vector<PartitionUpdate * > partitions={})1075 void AddOperationForPartitions(std::vector<PartitionUpdate*> partitions = {}) {
1076 if (partitions.empty()) {
1077 partitions = {sys_, vnd_, prd_};
1078 }
1079 for (auto* partition : partitions) {
1080 AddOperation(partition);
1081 }
1082 }
1083
1084 std::unique_ptr<TestPartitionOpener> opener_;
1085 DeltaArchiveManifest manifest_;
1086 std::unique_ptr<MetadataBuilder> src_;
1087 std::map<std::string, std::string> hashes_;
1088
1089 PartitionUpdate* sys_ = nullptr;
1090 PartitionUpdate* vnd_ = nullptr;
1091 PartitionUpdate* prd_ = nullptr;
1092 DynamicPartitionGroup* group_ = nullptr;
1093 };
1094
1095 // Test full update flow executed by update_engine. Some partitions uses super empty space,
1096 // some uses images, and some uses both.
1097 // Also test UnmapUpdateSnapshot unmaps everything.
1098 // Also test first stage mount and merge after this.
TEST_F(SnapshotUpdateTest,FullUpdateFlow)1099 TEST_F(SnapshotUpdateTest, FullUpdateFlow) {
1100 // OTA client blindly unmaps all partitions that are possibly mapped.
1101 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1102 ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1103 }
1104
1105 // Grow all partitions. Set |prd| large enough that |sys| and |vnd|'s COWs
1106 // fit in super, but not |prd|.
1107 constexpr uint64_t partition_size = 3788_KiB;
1108 SetSize(sys_, partition_size);
1109 SetSize(vnd_, partition_size);
1110 SetSize(prd_, 18_MiB);
1111
1112 // Make sure |prd| does not fit in super at all. On VABC, this means we
1113 // fake an extra large COW for |vnd| to fill up super.
1114 vnd_->set_estimate_cow_size(30_MiB);
1115 prd_->set_estimate_cow_size(30_MiB);
1116
1117 AddOperationForPartitions();
1118
1119 // Execute the update.
1120 ASSERT_TRUE(sm->BeginUpdate());
1121 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1122
1123 // Test that partitions prioritize using space in super.
1124 auto tgt = MetadataBuilder::New(*opener_, "super", 1);
1125 ASSERT_NE(tgt, nullptr);
1126 ASSERT_NE(nullptr, tgt->FindPartition("sys_b-cow"));
1127 ASSERT_NE(nullptr, tgt->FindPartition("vnd_b-cow"));
1128 ASSERT_EQ(nullptr, tgt->FindPartition("prd_b-cow"));
1129
1130 // Write some data to target partitions.
1131 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1132 ASSERT_TRUE(WriteSnapshotAndHash(name));
1133 }
1134
1135 // Assert that source partitions aren't affected.
1136 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1137 ASSERT_TRUE(IsPartitionUnchanged(name));
1138 }
1139
1140 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1141
1142 // Simulate shutting down the device.
1143 ASSERT_TRUE(UnmapAll());
1144
1145 // After reboot, init does first stage mount.
1146 auto init = NewManagerForFirstStageMount("_b");
1147 ASSERT_NE(init, nullptr);
1148 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1149 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1150
1151 auto indicator = sm->GetRollbackIndicatorPath();
1152 ASSERT_NE(access(indicator.c_str(), R_OK), 0);
1153
1154 // Check that the target partitions have the same content.
1155 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1156 ASSERT_TRUE(IsPartitionUnchanged(name));
1157 }
1158
1159 // Initiate the merge and wait for it to be completed.
1160 ASSERT_TRUE(init->InitiateMerge());
1161 ASSERT_EQ(init->IsSnapuserdRequired(), IsCompressionEnabled());
1162 {
1163 // We should have started in SECOND_PHASE since nothing shrinks.
1164 ASSERT_TRUE(AcquireLock());
1165 auto local_lock = std::move(lock_);
1166 auto status = init->ReadSnapshotUpdateStatus(local_lock.get());
1167 ASSERT_EQ(status.merge_phase(), MergePhase::SECOND_PHASE);
1168 }
1169 ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1170
1171 // Make sure the second phase ran and deleted snapshots.
1172 {
1173 ASSERT_TRUE(AcquireLock());
1174 auto local_lock = std::move(lock_);
1175 std::vector<std::string> snapshots;
1176 ASSERT_TRUE(init->ListSnapshots(local_lock.get(), &snapshots));
1177 ASSERT_TRUE(snapshots.empty());
1178 }
1179
1180 // Check that the target partitions have the same content after the merge.
1181 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1182 ASSERT_TRUE(IsPartitionUnchanged(name))
1183 << "Content of " << name << " changes after the merge";
1184 }
1185 }
1186
1187 // Test that shrinking and growing partitions at the same time is handled
1188 // correctly in VABC.
TEST_F(SnapshotUpdateTest,SpaceSwapUpdate)1189 TEST_F(SnapshotUpdateTest, SpaceSwapUpdate) {
1190 if (!IsCompressionEnabled()) {
1191 // b/179111359
1192 GTEST_SKIP() << "Skipping Virtual A/B Compression test";
1193 }
1194
1195 // OTA client blindly unmaps all partitions that are possibly mapped.
1196 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1197 ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1198 }
1199
1200 auto old_sys_size = GetSize(sys_);
1201 auto old_prd_size = GetSize(prd_);
1202
1203 // Grow |sys| but shrink |prd|.
1204 SetSize(sys_, old_sys_size * 2);
1205 sys_->set_estimate_cow_size(8_MiB);
1206 SetSize(prd_, old_prd_size / 2);
1207 prd_->set_estimate_cow_size(1_MiB);
1208
1209 AddOperationForPartitions();
1210
1211 ASSERT_TRUE(sm->BeginUpdate());
1212 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1213
1214 // Check that the old partition sizes were saved correctly.
1215 {
1216 ASSERT_TRUE(AcquireLock());
1217 auto local_lock = std::move(lock_);
1218
1219 SnapshotStatus status;
1220 ASSERT_TRUE(sm->ReadSnapshotStatus(local_lock.get(), "prd_b", &status));
1221 ASSERT_EQ(status.old_partition_size(), 3145728);
1222 ASSERT_TRUE(sm->ReadSnapshotStatus(local_lock.get(), "sys_b", &status));
1223 ASSERT_EQ(status.old_partition_size(), 3145728);
1224 }
1225
1226 ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1227 ASSERT_TRUE(WriteSnapshotAndHash("vnd_b"));
1228 ASSERT_TRUE(ShiftAllSnapshotBlocks("prd_b", old_prd_size));
1229
1230 sync();
1231
1232 // Assert that source partitions aren't affected.
1233 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1234 ASSERT_TRUE(IsPartitionUnchanged(name));
1235 }
1236
1237 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1238
1239 // Simulate shutting down the device.
1240 ASSERT_TRUE(UnmapAll());
1241
1242 // After reboot, init does first stage mount.
1243 auto init = NewManagerForFirstStageMount("_b");
1244 ASSERT_NE(init, nullptr);
1245 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1246 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1247
1248 auto indicator = sm->GetRollbackIndicatorPath();
1249 ASSERT_NE(access(indicator.c_str(), R_OK), 0);
1250
1251 // Check that the target partitions have the same content.
1252 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1253 ASSERT_TRUE(IsPartitionUnchanged(name));
1254 }
1255
1256 // Initiate the merge and wait for it to be completed.
1257 ASSERT_TRUE(init->InitiateMerge());
1258 ASSERT_EQ(init->IsSnapuserdRequired(), IsCompressionEnabled());
1259 {
1260 // Check that the merge phase is FIRST_PHASE until at least one call
1261 // to ProcessUpdateState() occurs.
1262 ASSERT_TRUE(AcquireLock());
1263 auto local_lock = std::move(lock_);
1264 auto status = init->ReadSnapshotUpdateStatus(local_lock.get());
1265 ASSERT_EQ(status.merge_phase(), MergePhase::FIRST_PHASE);
1266 }
1267
1268 // Simulate shutting down the device and creating partitions again.
1269 ASSERT_TRUE(UnmapAll());
1270 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1271
1272 // Check that we used the correct types after rebooting mid-merge.
1273 DeviceMapper::TargetInfo target;
1274 ASSERT_TRUE(init->IsSnapshotDevice("prd_b", &target));
1275 ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot-merge");
1276 ASSERT_TRUE(init->IsSnapshotDevice("sys_b", &target));
1277 ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
1278 ASSERT_TRUE(init->IsSnapshotDevice("vnd_b", &target));
1279 ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
1280
1281 // Complete the merge.
1282 ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1283
1284 // Make sure the second phase ran and deleted snapshots.
1285 {
1286 ASSERT_TRUE(AcquireLock());
1287 auto local_lock = std::move(lock_);
1288 std::vector<std::string> snapshots;
1289 ASSERT_TRUE(init->ListSnapshots(local_lock.get(), &snapshots));
1290 ASSERT_TRUE(snapshots.empty());
1291 }
1292
1293 // Check that the target partitions have the same content after the merge.
1294 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1295 ASSERT_TRUE(IsPartitionUnchanged(name))
1296 << "Content of " << name << " changes after the merge";
1297 }
1298 }
1299
1300 // Test that if new system partitions uses empty space in super, that region is not snapshotted.
TEST_F(SnapshotUpdateTest,DirectWriteEmptySpace)1301 TEST_F(SnapshotUpdateTest, DirectWriteEmptySpace) {
1302 GTEST_SKIP() << "b/141889746";
1303 SetSize(sys_, 4_MiB);
1304 // vnd_b and prd_b are unchanged.
1305 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1306 ASSERT_EQ(3_MiB, GetSnapshotSize("sys_b").value_or(0));
1307 }
1308
1309 // Test that if new system partitions uses space of old vendor partition, that region is
1310 // snapshotted.
TEST_F(SnapshotUpdateTest,SnapshotOldPartitions)1311 TEST_F(SnapshotUpdateTest, SnapshotOldPartitions) {
1312 SetSize(sys_, 4_MiB); // grows
1313 SetSize(vnd_, 2_MiB); // shrinks
1314 // prd_b is unchanged
1315 ASSERT_TRUE(sm->BeginUpdate());
1316 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1317 ASSERT_EQ(4_MiB, GetSnapshotSize("sys_b").value_or(0));
1318 }
1319
1320 // Test that even if there seem to be empty space in target metadata, COW partition won't take
1321 // it because they are used by old partitions.
TEST_F(SnapshotUpdateTest,CowPartitionDoNotTakeOldPartitions)1322 TEST_F(SnapshotUpdateTest, CowPartitionDoNotTakeOldPartitions) {
1323 SetSize(sys_, 2_MiB); // shrinks
1324 // vnd_b and prd_b are unchanged.
1325 ASSERT_TRUE(sm->BeginUpdate());
1326 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1327
1328 auto tgt = MetadataBuilder::New(*opener_, "super", 1);
1329 ASSERT_NE(nullptr, tgt);
1330 auto metadata = tgt->Export();
1331 ASSERT_NE(nullptr, metadata);
1332 std::vector<std::string> written;
1333 // Write random data to all COW partitions in super
1334 for (auto p : metadata->partitions) {
1335 if (GetPartitionGroupName(metadata->groups[p.group_index]) != kCowGroupName) {
1336 continue;
1337 }
1338 std::string path;
1339 ASSERT_TRUE(CreateLogicalPartition(
1340 CreateLogicalPartitionParams{
1341 .block_device = fake_super,
1342 .metadata = metadata.get(),
1343 .partition = &p,
1344 .timeout_ms = 1s,
1345 .partition_opener = opener_.get(),
1346 },
1347 &path));
1348 ASSERT_TRUE(WriteRandomData(path));
1349 written.push_back(GetPartitionName(p));
1350 }
1351 ASSERT_FALSE(written.empty())
1352 << "No COW partitions are created even if there are empty space in super partition";
1353
1354 // Make sure source partitions aren't affected.
1355 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1356 ASSERT_TRUE(IsPartitionUnchanged(name));
1357 }
1358 }
1359
1360 // Test that it crashes after creating snapshot status file but before creating COW image, then
1361 // calling CreateUpdateSnapshots again works.
TEST_F(SnapshotUpdateTest,SnapshotStatusFileWithoutCow)1362 TEST_F(SnapshotUpdateTest, SnapshotStatusFileWithoutCow) {
1363 // Write some trash snapshot files to simulate leftovers from previous runs.
1364 {
1365 ASSERT_TRUE(AcquireLock());
1366 auto local_lock = std::move(lock_);
1367 SnapshotStatus status;
1368 status.set_name("sys_b");
1369 ASSERT_TRUE(sm->WriteSnapshotStatus(local_lock.get(), status));
1370 ASSERT_TRUE(image_manager_->CreateBackingImage("sys_b-cow-img", 1_MiB,
1371 IImageManager::CREATE_IMAGE_DEFAULT));
1372 }
1373
1374 // Redo the update.
1375 ASSERT_TRUE(sm->BeginUpdate());
1376 ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
1377
1378 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1379
1380 // Check that target partitions can be mapped.
1381 EXPECT_TRUE(MapUpdateSnapshots());
1382 }
1383
1384 // Test that the old partitions are not modified.
TEST_F(SnapshotUpdateTest,TestRollback)1385 TEST_F(SnapshotUpdateTest, TestRollback) {
1386 // Execute the update.
1387 ASSERT_TRUE(sm->BeginUpdate());
1388 ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
1389
1390 AddOperationForPartitions();
1391
1392 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1393
1394 // Write some data to target partitions.
1395 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1396 ASSERT_TRUE(WriteSnapshotAndHash(name));
1397 }
1398
1399 // Assert that source partitions aren't affected.
1400 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1401 ASSERT_TRUE(IsPartitionUnchanged(name));
1402 }
1403
1404 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1405
1406 // Simulate shutting down the device.
1407 ASSERT_TRUE(UnmapAll());
1408
1409 // After reboot, init does first stage mount.
1410 auto init = NewManagerForFirstStageMount("_b");
1411 ASSERT_NE(init, nullptr);
1412 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1413 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1414
1415 // Check that the target partitions have the same content.
1416 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1417 ASSERT_TRUE(IsPartitionUnchanged(name));
1418 }
1419
1420 // Simulate shutting down the device again.
1421 ASSERT_TRUE(UnmapAll());
1422 init = NewManagerForFirstStageMount("_a");
1423 ASSERT_NE(init, nullptr);
1424 ASSERT_FALSE(init->NeedSnapshotsInFirstStageMount());
1425 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1426
1427 // Assert that the source partitions aren't affected.
1428 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1429 ASSERT_TRUE(IsPartitionUnchanged(name));
1430 }
1431 }
1432
1433 // Test that if an update is applied but not booted into, it can be canceled.
TEST_F(SnapshotUpdateTest,CancelAfterApply)1434 TEST_F(SnapshotUpdateTest, CancelAfterApply) {
1435 ASSERT_TRUE(sm->BeginUpdate());
1436 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1437 ASSERT_TRUE(sm->CancelUpdate());
1438 }
1439
ToIntervals(const std::vector<std::unique_ptr<Extent>> & extents)1440 static std::vector<Interval> ToIntervals(const std::vector<std::unique_ptr<Extent>>& extents) {
1441 std::vector<Interval> ret;
1442 std::transform(extents.begin(), extents.end(), std::back_inserter(ret),
1443 [](const auto& extent) { return extent->AsLinearExtent()->AsInterval(); });
1444 return ret;
1445 }
1446
1447 // Test that at the second update, old COW partition spaces are reclaimed.
TEST_F(SnapshotUpdateTest,ReclaimCow)1448 TEST_F(SnapshotUpdateTest, ReclaimCow) {
1449 // Make sure VABC cows are small enough that they fit in fake_super.
1450 sys_->set_estimate_cow_size(64_KiB);
1451 vnd_->set_estimate_cow_size(64_KiB);
1452 prd_->set_estimate_cow_size(64_KiB);
1453
1454 // Execute the first update.
1455 ASSERT_TRUE(sm->BeginUpdate());
1456 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1457 ASSERT_TRUE(MapUpdateSnapshots());
1458 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1459
1460 // Simulate shutting down the device.
1461 ASSERT_TRUE(UnmapAll());
1462
1463 // After reboot, init does first stage mount.
1464 auto init = NewManagerForFirstStageMount("_b");
1465 ASSERT_NE(init, nullptr);
1466 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1467 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1468 init = nullptr;
1469
1470 // Initiate the merge and wait for it to be completed.
1471 auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1472 ASSERT_TRUE(new_sm->InitiateMerge());
1473 ASSERT_EQ(UpdateState::MergeCompleted, new_sm->ProcessUpdateState());
1474
1475 // Execute the second update.
1476 ASSERT_TRUE(new_sm->BeginUpdate());
1477 ASSERT_TRUE(new_sm->CreateUpdateSnapshots(manifest_));
1478
1479 // Check that the old COW space is reclaimed and does not occupy space of mapped partitions.
1480 auto src = MetadataBuilder::New(*opener_, "super", 1);
1481 ASSERT_NE(src, nullptr);
1482 auto tgt = MetadataBuilder::New(*opener_, "super", 0);
1483 ASSERT_NE(tgt, nullptr);
1484 for (const auto& cow_part_name : {"sys_a-cow", "vnd_a-cow", "prd_a-cow"}) {
1485 auto* cow_part = tgt->FindPartition(cow_part_name);
1486 ASSERT_NE(nullptr, cow_part) << cow_part_name << " does not exist in target metadata";
1487 auto cow_intervals = ToIntervals(cow_part->extents());
1488 for (const auto& old_part_name : {"sys_b", "vnd_b", "prd_b"}) {
1489 auto* old_part = src->FindPartition(old_part_name);
1490 ASSERT_NE(nullptr, old_part) << old_part_name << " does not exist in source metadata";
1491 auto old_intervals = ToIntervals(old_part->extents());
1492
1493 auto intersect = Interval::Intersect(cow_intervals, old_intervals);
1494 ASSERT_TRUE(intersect.empty()) << "COW uses space of source partitions";
1495 }
1496 }
1497 }
1498
TEST_F(SnapshotUpdateTest,RetrofitAfterRegularAb)1499 TEST_F(SnapshotUpdateTest, RetrofitAfterRegularAb) {
1500 constexpr auto kRetrofitGroupSize = kGroupSize / 2;
1501
1502 // Initialize device-mapper / disk
1503 ASSERT_TRUE(UnmapAll());
1504 FormatFakeSuper();
1505
1506 // Setup source partition metadata to have both _a and _b partitions.
1507 src_ = MetadataBuilder::New(*opener_, "super", 0);
1508 ASSERT_NE(nullptr, src_);
1509 for (const auto& suffix : {"_a"s, "_b"s}) {
1510 ASSERT_TRUE(src_->AddGroup(group_->name() + suffix, kRetrofitGroupSize));
1511 for (const auto& name : {"sys"s, "vnd"s, "prd"s}) {
1512 auto partition = src_->AddPartition(name + suffix, group_->name() + suffix, 0);
1513 ASSERT_NE(nullptr, partition);
1514 ASSERT_TRUE(src_->ResizePartition(partition, 2_MiB));
1515 }
1516 }
1517 auto metadata = src_->Export();
1518 ASSERT_NE(nullptr, metadata);
1519 ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
1520
1521 // Flash source partitions
1522 std::string path;
1523 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1524 ASSERT_TRUE(CreateLogicalPartition(
1525 CreateLogicalPartitionParams{
1526 .block_device = fake_super,
1527 .metadata_slot = 0,
1528 .partition_name = name,
1529 .timeout_ms = 1s,
1530 .partition_opener = opener_.get(),
1531 },
1532 &path));
1533 ASSERT_TRUE(WriteRandomData(path));
1534 auto hash = GetHash(path);
1535 ASSERT_TRUE(hash.has_value());
1536 hashes_[name] = *hash;
1537 }
1538
1539 // Setup manifest.
1540 group_->set_size(kRetrofitGroupSize);
1541 for (auto* partition : {sys_, vnd_, prd_}) {
1542 SetSize(partition, 2_MiB);
1543 }
1544 AddOperationForPartitions();
1545
1546 ASSERT_TRUE(sm->BeginUpdate());
1547 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1548
1549 // Test that COW image should not be created for retrofit devices; super
1550 // should be big enough.
1551 ASSERT_FALSE(image_manager_->BackingImageExists("sys_b-cow-img"));
1552 ASSERT_FALSE(image_manager_->BackingImageExists("vnd_b-cow-img"));
1553 ASSERT_FALSE(image_manager_->BackingImageExists("prd_b-cow-img"));
1554
1555 // Write some data to target partitions.
1556 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1557 ASSERT_TRUE(WriteSnapshotAndHash(name));
1558 }
1559
1560 // Assert that source partitions aren't affected.
1561 for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1562 ASSERT_TRUE(IsPartitionUnchanged(name));
1563 }
1564
1565 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1566 }
1567
TEST_F(SnapshotUpdateTest,MergeCannotRemoveCow)1568 TEST_F(SnapshotUpdateTest, MergeCannotRemoveCow) {
1569 // Make source partitions as big as possible to force COW image to be created.
1570 SetSize(sys_, 10_MiB);
1571 SetSize(vnd_, 10_MiB);
1572 SetSize(prd_, 10_MiB);
1573 sys_->set_estimate_cow_size(12_MiB);
1574 vnd_->set_estimate_cow_size(12_MiB);
1575 prd_->set_estimate_cow_size(12_MiB);
1576
1577 src_ = MetadataBuilder::New(*opener_, "super", 0);
1578 ASSERT_NE(src_, nullptr);
1579 src_->RemoveGroupAndPartitions(group_->name() + "_a");
1580 src_->RemoveGroupAndPartitions(group_->name() + "_b");
1581 ASSERT_TRUE(FillFakeMetadata(src_.get(), manifest_, "_a"));
1582 auto metadata = src_->Export();
1583 ASSERT_NE(nullptr, metadata);
1584 ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
1585
1586 // OTA client blindly unmaps all partitions that are possibly mapped.
1587 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1588 ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1589 }
1590
1591 // Add operations for sys. The whole device is written.
1592 AddOperation(sys_);
1593
1594 // Execute the update.
1595 ASSERT_TRUE(sm->BeginUpdate());
1596 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1597 ASSERT_TRUE(MapUpdateSnapshots());
1598 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1599
1600 // Simulate shutting down the device.
1601 ASSERT_TRUE(UnmapAll());
1602
1603 // After reboot, init does first stage mount.
1604 // Normally we should use NewManagerForFirstStageMount, but if so,
1605 // "gsid.mapped_image.sys_b-cow-img" won't be set.
1606 auto init = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1607 ASSERT_NE(init, nullptr);
1608 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1609
1610 // Keep an open handle to the cow device. This should cause the merge to
1611 // be incomplete.
1612 auto cow_path = android::base::GetProperty("gsid.mapped_image.sys_b-cow-img", "");
1613 unique_fd fd(open(cow_path.c_str(), O_RDONLY | O_CLOEXEC));
1614 ASSERT_GE(fd, 0);
1615
1616 // COW cannot be removed due to open fd, so expect a soft failure.
1617 ASSERT_TRUE(init->InitiateMerge());
1618 ASSERT_EQ(UpdateState::MergeNeedsReboot, init->ProcessUpdateState());
1619
1620 // Simulate shutting down the device.
1621 fd.reset();
1622 ASSERT_TRUE(UnmapAll());
1623
1624 // init does first stage mount again.
1625 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1626
1627 // sys_b should be mapped as a dm-linear device directly.
1628 ASSERT_FALSE(sm->IsSnapshotDevice("sys_b", nullptr));
1629
1630 // Merge should be able to complete now.
1631 ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1632 }
1633
1634 class MetadataMountedTest : public ::testing::Test {
1635 public:
1636 // This is so main() can instantiate this to invoke Cleanup.
TestBody()1637 virtual void TestBody() override {}
SetUp()1638 void SetUp() override {
1639 SKIP_IF_NON_VIRTUAL_AB();
1640 metadata_dir_ = test_device->GetMetadataDir();
1641 ASSERT_TRUE(ReadDefaultFstab(&fstab_));
1642 }
TearDown()1643 void TearDown() override {
1644 RETURN_IF_NON_VIRTUAL_AB();
1645 SetUp();
1646 // Remount /metadata
1647 test_device->set_recovery(false);
1648 EXPECT_TRUE(android::fs_mgr::EnsurePathMounted(&fstab_, metadata_dir_));
1649 }
IsMetadataMounted()1650 AssertionResult IsMetadataMounted() {
1651 Fstab mounted_fstab;
1652 if (!ReadFstabFromFile("/proc/mounts", &mounted_fstab)) {
1653 ADD_FAILURE() << "Failed to scan mounted volumes";
1654 return AssertionFailure() << "Failed to scan mounted volumes";
1655 }
1656
1657 auto entry = GetEntryForPath(&fstab_, metadata_dir_);
1658 if (entry == nullptr) {
1659 return AssertionFailure() << "No mount point found in fstab for path " << metadata_dir_;
1660 }
1661
1662 auto mv = GetEntryForMountPoint(&mounted_fstab, entry->mount_point);
1663 if (mv == nullptr) {
1664 return AssertionFailure() << metadata_dir_ << " is not mounted";
1665 }
1666 return AssertionSuccess() << metadata_dir_ << " is mounted";
1667 }
1668 std::string metadata_dir_;
1669 Fstab fstab_;
1670 };
1671
MountMetadata()1672 void MountMetadata() {
1673 MetadataMountedTest().TearDown();
1674 }
1675
TEST_F(MetadataMountedTest,Android)1676 TEST_F(MetadataMountedTest, Android) {
1677 auto device = sm->EnsureMetadataMounted();
1678 EXPECT_NE(nullptr, device);
1679 device.reset();
1680
1681 EXPECT_TRUE(IsMetadataMounted());
1682 EXPECT_TRUE(sm->CancelUpdate()) << "Metadata dir should never be unmounted in Android mode";
1683 }
1684
TEST_F(MetadataMountedTest,Recovery)1685 TEST_F(MetadataMountedTest, Recovery) {
1686 test_device->set_recovery(true);
1687 metadata_dir_ = test_device->GetMetadataDir();
1688
1689 EXPECT_TRUE(android::fs_mgr::EnsurePathUnmounted(&fstab_, metadata_dir_));
1690 EXPECT_FALSE(IsMetadataMounted());
1691
1692 auto device = sm->EnsureMetadataMounted();
1693 EXPECT_NE(nullptr, device);
1694 EXPECT_TRUE(IsMetadataMounted());
1695
1696 device.reset();
1697 EXPECT_FALSE(IsMetadataMounted());
1698 }
1699
1700 // Test that during a merge, we can wipe data in recovery.
TEST_F(SnapshotUpdateTest,MergeInRecovery)1701 TEST_F(SnapshotUpdateTest, MergeInRecovery) {
1702 // Execute the first update.
1703 ASSERT_TRUE(sm->BeginUpdate());
1704 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1705 ASSERT_TRUE(MapUpdateSnapshots());
1706 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1707
1708 // Simulate shutting down the device.
1709 ASSERT_TRUE(UnmapAll());
1710
1711 // After reboot, init does first stage mount.
1712 auto init = NewManagerForFirstStageMount("_b");
1713 ASSERT_NE(init, nullptr);
1714 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1715 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1716 init = nullptr;
1717
1718 // Initiate the merge and then immediately stop it to simulate a reboot.
1719 auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1720 ASSERT_TRUE(new_sm->InitiateMerge());
1721 ASSERT_TRUE(UnmapAll());
1722
1723 // Simulate a reboot into recovery.
1724 auto test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1725 test_device->set_recovery(true);
1726 new_sm = NewManagerForFirstStageMount(test_device.release());
1727
1728 ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1729 ASSERT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1730 }
1731
1732 // Test that a merge does not clear the snapshot state in fastboot.
TEST_F(SnapshotUpdateTest,MergeInFastboot)1733 TEST_F(SnapshotUpdateTest, MergeInFastboot) {
1734 // Execute the first update.
1735 ASSERT_TRUE(sm->BeginUpdate());
1736 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1737 ASSERT_TRUE(MapUpdateSnapshots());
1738 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1739
1740 // Simulate shutting down the device.
1741 ASSERT_TRUE(UnmapAll());
1742
1743 // After reboot, init does first stage mount.
1744 auto init = NewManagerForFirstStageMount("_b");
1745 ASSERT_NE(init, nullptr);
1746 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1747 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1748 init = nullptr;
1749
1750 // Initiate the merge and then immediately stop it to simulate a reboot.
1751 auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1752 ASSERT_TRUE(new_sm->InitiateMerge());
1753 ASSERT_TRUE(UnmapAll());
1754
1755 // Simulate a reboot into recovery.
1756 auto test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1757 test_device->set_recovery(true);
1758 new_sm = NewManagerForFirstStageMount(test_device.release());
1759
1760 ASSERT_TRUE(new_sm->FinishMergeInRecovery());
1761
1762 auto mount = new_sm->EnsureMetadataMounted();
1763 ASSERT_TRUE(mount && mount->HasDevice());
1764 ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::MergeCompleted);
1765
1766 // Finish the merge in a normal boot.
1767 test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1768 init = NewManagerForFirstStageMount(test_device.release());
1769 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1770 init = nullptr;
1771
1772 test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1773 new_sm = NewManagerForFirstStageMount(test_device.release());
1774 ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::MergeCompleted);
1775 ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::None);
1776 }
1777
1778 // Test that after an OTA, before a merge, we can wipe data in recovery.
TEST_F(SnapshotUpdateTest,DataWipeRollbackInRecovery)1779 TEST_F(SnapshotUpdateTest, DataWipeRollbackInRecovery) {
1780 // Execute the first update.
1781 ASSERT_TRUE(sm->BeginUpdate());
1782 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1783 ASSERT_TRUE(MapUpdateSnapshots());
1784 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1785
1786 // Simulate shutting down the device.
1787 ASSERT_TRUE(UnmapAll());
1788
1789 // Simulate a reboot into recovery.
1790 auto test_device = new TestDeviceInfo(fake_super, "_b");
1791 test_device->set_recovery(true);
1792 auto new_sm = NewManagerForFirstStageMount(test_device);
1793
1794 ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1795 // Manually mount metadata so that we can call GetUpdateState() below.
1796 MountMetadata();
1797 EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1798 EXPECT_TRUE(test_device->IsSlotUnbootable(1));
1799 EXPECT_FALSE(test_device->IsSlotUnbootable(0));
1800 }
1801
1802 // Test that after an OTA and a bootloader rollback with no merge, we can wipe
1803 // data in recovery.
TEST_F(SnapshotUpdateTest,DataWipeAfterRollback)1804 TEST_F(SnapshotUpdateTest, DataWipeAfterRollback) {
1805 // Execute the first update.
1806 ASSERT_TRUE(sm->BeginUpdate());
1807 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1808 ASSERT_TRUE(MapUpdateSnapshots());
1809 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1810
1811 // Simulate shutting down the device.
1812 ASSERT_TRUE(UnmapAll());
1813
1814 // Simulate a rollback, with reboot into recovery.
1815 auto test_device = new TestDeviceInfo(fake_super, "_a");
1816 test_device->set_recovery(true);
1817 auto new_sm = NewManagerForFirstStageMount(test_device);
1818
1819 ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1820 EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1821 EXPECT_FALSE(test_device->IsSlotUnbootable(0));
1822 EXPECT_FALSE(test_device->IsSlotUnbootable(1));
1823 }
1824
1825 // Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest,DataWipeRequiredInPackage)1826 TEST_F(SnapshotUpdateTest, DataWipeRequiredInPackage) {
1827 AddOperationForPartitions();
1828 // Execute the update.
1829 ASSERT_TRUE(sm->BeginUpdate());
1830 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1831
1832 // Write some data to target partitions.
1833 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1834 ASSERT_TRUE(WriteSnapshotAndHash(name)) << name;
1835 }
1836
1837 ASSERT_TRUE(sm->FinishedSnapshotWrites(true /* wipe */));
1838
1839 // Simulate shutting down the device.
1840 ASSERT_TRUE(UnmapAll());
1841
1842 // Simulate a reboot into recovery.
1843 auto test_device = new TestDeviceInfo(fake_super, "_b");
1844 test_device->set_recovery(true);
1845 auto new_sm = NewManagerForFirstStageMount(test_device);
1846
1847 ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1848 // Manually mount metadata so that we can call GetUpdateState() below.
1849 MountMetadata();
1850 EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1851 ASSERT_FALSE(test_device->IsSlotUnbootable(1));
1852 ASSERT_FALSE(test_device->IsSlotUnbootable(0));
1853
1854 // Now reboot into new slot.
1855 test_device = new TestDeviceInfo(fake_super, "_b");
1856 auto init = NewManagerForFirstStageMount(test_device);
1857 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1858 // Verify that we are on the downgraded build.
1859 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1860 ASSERT_TRUE(IsPartitionUnchanged(name)) << name;
1861 }
1862 }
1863
1864 // Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest,DataWipeWithStaleSnapshots)1865 TEST_F(SnapshotUpdateTest, DataWipeWithStaleSnapshots) {
1866 AddOperationForPartitions();
1867
1868 // Execute the update.
1869 ASSERT_TRUE(sm->BeginUpdate());
1870 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1871
1872 // Write some data to target partitions.
1873 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1874 ASSERT_TRUE(WriteSnapshotAndHash(name)) << name;
1875 }
1876
1877 // Create a stale snapshot that should not exist.
1878 {
1879 ASSERT_TRUE(AcquireLock());
1880
1881 PartitionCowCreator cow_creator = {
1882 .compression_enabled = IsCompressionEnabled(),
1883 .compression_algorithm = IsCompressionEnabled() ? "gz" : "none",
1884 };
1885 SnapshotStatus status;
1886 status.set_name("sys_a");
1887 status.set_device_size(1_MiB);
1888 status.set_snapshot_size(2_MiB);
1889 status.set_cow_partition_size(2_MiB);
1890
1891 ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
1892 lock_ = nullptr;
1893
1894 ASSERT_TRUE(sm->EnsureImageManager());
1895 ASSERT_TRUE(sm->image_manager()->CreateBackingImage("sys_a", 1_MiB, 0));
1896 }
1897
1898 ASSERT_TRUE(sm->FinishedSnapshotWrites(true /* wipe */));
1899
1900 // Simulate shutting down the device.
1901 ASSERT_TRUE(UnmapAll());
1902
1903 // Simulate a reboot into recovery.
1904 auto test_device = new TestDeviceInfo(fake_super, "_b");
1905 test_device->set_recovery(true);
1906 auto new_sm = NewManagerForFirstStageMount(test_device);
1907
1908 ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1909 // Manually mount metadata so that we can call GetUpdateState() below.
1910 MountMetadata();
1911 EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1912 ASSERT_FALSE(test_device->IsSlotUnbootable(1));
1913 ASSERT_FALSE(test_device->IsSlotUnbootable(0));
1914
1915 // Now reboot into new slot.
1916 test_device = new TestDeviceInfo(fake_super, "_b");
1917 auto init = NewManagerForFirstStageMount(test_device);
1918 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1919 // Verify that we are on the downgraded build.
1920 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1921 ASSERT_TRUE(IsPartitionUnchanged(name)) << name;
1922 }
1923 }
1924
TEST_F(SnapshotUpdateTest,Hashtree)1925 TEST_F(SnapshotUpdateTest, Hashtree) {
1926 constexpr auto partition_size = 4_MiB;
1927 constexpr auto data_size = 3_MiB;
1928 constexpr auto hashtree_size = 512_KiB;
1929 constexpr auto fec_size = partition_size - data_size - hashtree_size;
1930
1931 const auto block_size = manifest_.block_size();
1932 SetSize(sys_, partition_size);
1933 AddOperation(sys_, data_size);
1934
1935 sys_->set_estimate_cow_size(partition_size + data_size);
1936
1937 // Set hastree extents.
1938 sys_->mutable_hash_tree_data_extent()->set_start_block(0);
1939 sys_->mutable_hash_tree_data_extent()->set_num_blocks(data_size / block_size);
1940
1941 sys_->mutable_hash_tree_extent()->set_start_block(data_size / block_size);
1942 sys_->mutable_hash_tree_extent()->set_num_blocks(hashtree_size / block_size);
1943
1944 // Set FEC extents.
1945 sys_->mutable_fec_data_extent()->set_start_block(0);
1946 sys_->mutable_fec_data_extent()->set_num_blocks((data_size + hashtree_size) / block_size);
1947
1948 sys_->mutable_fec_extent()->set_start_block((data_size + hashtree_size) / block_size);
1949 sys_->mutable_fec_extent()->set_num_blocks(fec_size / block_size);
1950
1951 ASSERT_TRUE(sm->BeginUpdate());
1952 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1953
1954 // Map and write some data to target partition.
1955 ASSERT_TRUE(MapUpdateSnapshots({"vnd_b", "prd_b"}));
1956 ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1957
1958 // Finish update.
1959 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1960
1961 // Simulate shutting down the device.
1962 ASSERT_TRUE(UnmapAll());
1963
1964 // After reboot, init does first stage mount.
1965 auto init = NewManagerForFirstStageMount("_b");
1966 ASSERT_NE(init, nullptr);
1967 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1968 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1969
1970 // Check that the target partition have the same content. Hashtree and FEC extents
1971 // should be accounted for.
1972 ASSERT_TRUE(IsPartitionUnchanged("sys_b"));
1973 }
1974
1975 // Test for overflow bit after update
TEST_F(SnapshotUpdateTest,Overflow)1976 TEST_F(SnapshotUpdateTest, Overflow) {
1977 if (IsCompressionEnabled()) {
1978 GTEST_SKIP() << "No overflow bit set for userspace COWs";
1979 }
1980
1981 const auto actual_write_size = GetSize(sys_);
1982 const auto declared_write_size = actual_write_size - 1_MiB;
1983
1984 AddOperation(sys_, declared_write_size);
1985
1986 // Execute the update.
1987 ASSERT_TRUE(sm->BeginUpdate());
1988 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1989
1990 // Map and write some data to target partitions.
1991 ASSERT_TRUE(MapUpdateSnapshots({"vnd_b", "prd_b"}));
1992 ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1993
1994 std::vector<android::dm::DeviceMapper::TargetInfo> table;
1995 ASSERT_TRUE(DeviceMapper::Instance().GetTableStatus("sys_b", &table));
1996 ASSERT_EQ(1u, table.size());
1997 EXPECT_TRUE(table[0].IsOverflowSnapshot());
1998
1999 ASSERT_FALSE(sm->FinishedSnapshotWrites(false))
2000 << "FinishedSnapshotWrites should detect overflow of CoW device.";
2001 }
2002
TEST_F(SnapshotUpdateTest,LowSpace)2003 TEST_F(SnapshotUpdateTest, LowSpace) {
2004 static constexpr auto kMaxFree = 10_MiB;
2005 auto userdata = std::make_unique<LowSpaceUserdata>();
2006 ASSERT_TRUE(userdata->Init(kMaxFree));
2007
2008 // Grow all partitions to 10_MiB, total 30_MiB. This requires 30 MiB of CoW space. After
2009 // using the empty space in super (< 1 MiB), it uses 30 MiB of /userdata space.
2010 constexpr uint64_t partition_size = 10_MiB;
2011 SetSize(sys_, partition_size);
2012 SetSize(vnd_, partition_size);
2013 SetSize(prd_, partition_size);
2014 sys_->set_estimate_cow_size(partition_size);
2015 vnd_->set_estimate_cow_size(partition_size);
2016 prd_->set_estimate_cow_size(partition_size);
2017
2018 AddOperationForPartitions();
2019
2020 // Execute the update.
2021 ASSERT_TRUE(sm->BeginUpdate());
2022 auto res = sm->CreateUpdateSnapshots(manifest_);
2023 ASSERT_FALSE(res);
2024 ASSERT_EQ(Return::ErrorCode::NO_SPACE, res.error_code());
2025 ASSERT_GE(res.required_size(), 14_MiB);
2026 ASSERT_LT(res.required_size(), 40_MiB);
2027 }
2028
2029 class AutoKill final {
2030 public:
AutoKill(pid_t pid)2031 explicit AutoKill(pid_t pid) : pid_(pid) {}
~AutoKill()2032 ~AutoKill() {
2033 if (pid_ > 0) kill(pid_, SIGKILL);
2034 }
2035
valid() const2036 bool valid() const { return pid_ > 0; }
2037
2038 private:
2039 pid_t pid_;
2040 };
2041
TEST_F(SnapshotUpdateTest,DaemonTransition)2042 TEST_F(SnapshotUpdateTest, DaemonTransition) {
2043 if (!IsCompressionEnabled()) {
2044 GTEST_SKIP() << "Skipping Virtual A/B Compression test";
2045 }
2046
2047 // Ensure a connection to the second-stage daemon, but use the first-stage
2048 // code paths thereafter.
2049 ASSERT_TRUE(sm->EnsureSnapuserdConnected());
2050 sm->set_use_first_stage_snapuserd(true);
2051
2052 AddOperationForPartitions();
2053 // Execute the update.
2054 ASSERT_TRUE(sm->BeginUpdate());
2055 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2056 ASSERT_TRUE(MapUpdateSnapshots());
2057 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2058 ASSERT_TRUE(UnmapAll());
2059
2060 auto init = NewManagerForFirstStageMount("_b");
2061 ASSERT_NE(init, nullptr);
2062
2063 ASSERT_TRUE(init->EnsureSnapuserdConnected());
2064 init->set_use_first_stage_snapuserd(true);
2065
2066 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
2067 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
2068
2069 ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow-init", F_OK), 0);
2070 ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), -1);
2071
2072 ASSERT_TRUE(init->PerformInitTransition(SnapshotManager::InitTransition::SECOND_STAGE));
2073
2074 // :TODO: this is a workaround to ensure the handler list stays empty. We
2075 // should make this test more like actual init, and spawn two copies of
2076 // snapuserd, given how many other tests we now have for normal snapuserd.
2077 ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("sys_b-user-cow-init"));
2078 ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("vnd_b-user-cow-init"));
2079 ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("prd_b-user-cow-init"));
2080
2081 // The control device should have been renamed.
2082 ASSERT_TRUE(android::fs_mgr::WaitForFileDeleted("/dev/dm-user/sys_b-user-cow-init", 10s));
2083 ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), 0);
2084 }
2085
TEST_F(SnapshotUpdateTest,MapAllSnapshots)2086 TEST_F(SnapshotUpdateTest, MapAllSnapshots) {
2087 AddOperationForPartitions();
2088 // Execute the update.
2089 ASSERT_TRUE(sm->BeginUpdate());
2090 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2091 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
2092 ASSERT_TRUE(WriteSnapshotAndHash(name));
2093 }
2094 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2095 ASSERT_TRUE(sm->MapAllSnapshots(10s));
2096
2097 // Read bytes back and verify they match the cache.
2098 ASSERT_TRUE(IsPartitionUnchanged("sys_b"));
2099
2100 ASSERT_TRUE(sm->UnmapAllSnapshots());
2101 }
2102
TEST_F(SnapshotUpdateTest,CancelOnTargetSlot)2103 TEST_F(SnapshotUpdateTest, CancelOnTargetSlot) {
2104 AddOperationForPartitions();
2105
2106 // Execute the update from B->A.
2107 test_device->set_slot_suffix("_b");
2108 ASSERT_TRUE(sm->BeginUpdate());
2109 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2110
2111 std::string path;
2112 ASSERT_TRUE(CreateLogicalPartition(
2113 CreateLogicalPartitionParams{
2114 .block_device = fake_super,
2115 .metadata_slot = 0,
2116 .partition_name = "sys_a",
2117 .timeout_ms = 1s,
2118 .partition_opener = opener_.get(),
2119 },
2120 &path));
2121
2122 // Hold sys_a open so it can't be unmapped.
2123 unique_fd fd(open(path.c_str(), O_RDONLY));
2124
2125 // Switch back to "A", make sure we can cancel. Instead of unmapping sys_a
2126 // we should simply delete the old snapshots.
2127 test_device->set_slot_suffix("_a");
2128 ASSERT_TRUE(sm->BeginUpdate());
2129 }
2130
2131 class FlashAfterUpdateTest : public SnapshotUpdateTest,
2132 public WithParamInterface<std::tuple<uint32_t, bool>> {
2133 public:
InitiateMerge(const std::string & slot_suffix)2134 AssertionResult InitiateMerge(const std::string& slot_suffix) {
2135 auto sm = SnapshotManager::New(new TestDeviceInfo(fake_super, slot_suffix));
2136 if (!sm->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_)) {
2137 return AssertionFailure() << "Cannot CreateLogicalAndSnapshotPartitions";
2138 }
2139 if (!sm->InitiateMerge()) {
2140 return AssertionFailure() << "Cannot initiate merge";
2141 }
2142 return AssertionSuccess();
2143 }
2144 };
2145
TEST_P(FlashAfterUpdateTest,FlashSlotAfterUpdate)2146 TEST_P(FlashAfterUpdateTest, FlashSlotAfterUpdate) {
2147 // OTA client blindly unmaps all partitions that are possibly mapped.
2148 for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
2149 ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
2150 }
2151
2152 // Execute the update.
2153 ASSERT_TRUE(sm->BeginUpdate());
2154 ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2155 ASSERT_TRUE(MapUpdateSnapshots());
2156 ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2157
2158 // Simulate shutting down the device.
2159 ASSERT_TRUE(UnmapAll());
2160
2161 bool after_merge = std::get<1>(GetParam());
2162 if (after_merge) {
2163 ASSERT_TRUE(InitiateMerge("_b"));
2164 // Simulate shutting down the device after merge has initiated.
2165 ASSERT_TRUE(UnmapAll());
2166 }
2167
2168 auto flashed_slot = std::get<0>(GetParam());
2169 auto flashed_slot_suffix = SlotSuffixForSlotNumber(flashed_slot);
2170
2171 // Simulate flashing |flashed_slot|. This clears the UPDATED flag.
2172 auto flashed_builder = MetadataBuilder::New(*opener_, "super", flashed_slot);
2173 ASSERT_NE(flashed_builder, nullptr);
2174 flashed_builder->RemoveGroupAndPartitions(group_->name() + flashed_slot_suffix);
2175 flashed_builder->RemoveGroupAndPartitions(kCowGroupName);
2176 ASSERT_TRUE(FillFakeMetadata(flashed_builder.get(), manifest_, flashed_slot_suffix));
2177
2178 // Deliberately remove a partition from this build so that
2179 // InitiateMerge do not switch state to "merging". This is possible in
2180 // practice because the list of dynamic partitions may change.
2181 ASSERT_NE(nullptr, flashed_builder->FindPartition("prd" + flashed_slot_suffix));
2182 flashed_builder->RemovePartition("prd" + flashed_slot_suffix);
2183
2184 // Note that fastbootd always updates the partition table of both slots.
2185 auto flashed_metadata = flashed_builder->Export();
2186 ASSERT_NE(nullptr, flashed_metadata);
2187 ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *flashed_metadata, 0));
2188 ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *flashed_metadata, 1));
2189
2190 std::string path;
2191 for (const auto& name : {"sys", "vnd"}) {
2192 ASSERT_TRUE(CreateLogicalPartition(
2193 CreateLogicalPartitionParams{
2194 .block_device = fake_super,
2195 .metadata_slot = flashed_slot,
2196 .partition_name = name + flashed_slot_suffix,
2197 .timeout_ms = 1s,
2198 .partition_opener = opener_.get(),
2199 },
2200 &path));
2201 ASSERT_TRUE(WriteRandomData(path));
2202 auto hash = GetHash(path);
2203 ASSERT_TRUE(hash.has_value());
2204 hashes_[name + flashed_slot_suffix] = *hash;
2205 }
2206
2207 // Simulate shutting down the device after flash.
2208 ASSERT_TRUE(UnmapAll());
2209
2210 // Simulate reboot. After reboot, init does first stage mount.
2211 auto init = NewManagerForFirstStageMount(flashed_slot_suffix);
2212 ASSERT_NE(init, nullptr);
2213
2214 if (flashed_slot && after_merge) {
2215 ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
2216 }
2217 ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
2218
2219 // Check that the target partitions have the same content.
2220 for (const auto& name : {"sys", "vnd"}) {
2221 ASSERT_TRUE(IsPartitionUnchanged(name + flashed_slot_suffix));
2222 }
2223
2224 // There should be no snapshot to merge.
2225 auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, flashed_slot_suffix));
2226 if (flashed_slot == 0 && after_merge) {
2227 ASSERT_EQ(UpdateState::MergeCompleted, new_sm->ProcessUpdateState());
2228 } else {
2229 // update_engine calls ProcessUpdateState first -- should see Cancelled.
2230 ASSERT_EQ(UpdateState::Cancelled, new_sm->ProcessUpdateState());
2231 }
2232
2233 // Next OTA calls CancelUpdate no matter what.
2234 ASSERT_TRUE(new_sm->CancelUpdate());
2235 }
2236
2237 INSTANTIATE_TEST_SUITE_P(Snapshot, FlashAfterUpdateTest, Combine(Values(0, 1), Bool()),
__anon4de4482e0602(const TestParamInfo<FlashAfterUpdateTest::ParamType>& info) 2238 [](const TestParamInfo<FlashAfterUpdateTest::ParamType>& info) {
2239 return "Flash"s + (std::get<0>(info.param) ? "New"s : "Old"s) +
2240 "Slot"s + (std::get<1>(info.param) ? "After"s : "Before"s) +
2241 "Merge"s;
2242 });
2243
2244 // Test behavior of ImageManager::Create on low space scenario. These tests assumes image manager
2245 // uses /data as backup device.
2246 class ImageManagerTest : public SnapshotTest, public WithParamInterface<uint64_t> {
2247 protected:
SetUp()2248 void SetUp() override {
2249 SKIP_IF_NON_VIRTUAL_AB();
2250 SnapshotTest::SetUp();
2251 userdata_ = std::make_unique<LowSpaceUserdata>();
2252 ASSERT_TRUE(userdata_->Init(GetParam()));
2253 }
TearDown()2254 void TearDown() override {
2255 RETURN_IF_NON_VIRTUAL_AB();
2256 return; // BUG(149738928)
2257
2258 EXPECT_TRUE(!image_manager_->BackingImageExists(kImageName) ||
2259 image_manager_->DeleteBackingImage(kImageName));
2260 }
2261 static constexpr const char* kImageName = "my_image";
2262 std::unique_ptr<LowSpaceUserdata> userdata_;
2263 };
2264
TEST_P(ImageManagerTest,CreateImageEnoughAvailSpace)2265 TEST_P(ImageManagerTest, CreateImageEnoughAvailSpace) {
2266 if (userdata_->available_space() == 0) {
2267 GTEST_SKIP() << "/data is full (" << userdata_->available_space()
2268 << " bytes available), skipping";
2269 }
2270 ASSERT_TRUE(image_manager_->CreateBackingImage(kImageName, userdata_->available_space(),
2271 IImageManager::CREATE_IMAGE_DEFAULT))
2272 << "Should be able to create image with size = " << userdata_->available_space()
2273 << " bytes";
2274 ASSERT_TRUE(image_manager_->DeleteBackingImage(kImageName))
2275 << "Should be able to delete created image";
2276 }
2277
TEST_P(ImageManagerTest,CreateImageNoSpace)2278 TEST_P(ImageManagerTest, CreateImageNoSpace) {
2279 uint64_t to_allocate = userdata_->free_space() + userdata_->bsize();
2280 auto res = image_manager_->CreateBackingImage(kImageName, to_allocate,
2281 IImageManager::CREATE_IMAGE_DEFAULT);
2282 ASSERT_FALSE(res) << "Should not be able to create image with size = " << to_allocate
2283 << " bytes because only " << userdata_->free_space() << " bytes are free";
2284 ASSERT_EQ(FiemapStatus::ErrorCode::NO_SPACE, res.error_code()) << res.string();
2285 }
2286
ImageManagerTestParams()2287 std::vector<uint64_t> ImageManagerTestParams() {
2288 std::vector<uint64_t> ret;
2289 for (uint64_t size = 1_MiB; size <= 512_MiB; size *= 2) {
2290 ret.push_back(size);
2291 }
2292 return ret;
2293 }
2294
2295 INSTANTIATE_TEST_SUITE_P(ImageManagerTest, ImageManagerTest, ValuesIn(ImageManagerTestParams()));
2296
Mkdir(const std::string & path)2297 bool Mkdir(const std::string& path) {
2298 if (mkdir(path.c_str(), 0700) && errno != EEXIST) {
2299 std::cerr << "Could not mkdir " << path << ": " << strerror(errno) << std::endl;
2300 return false;
2301 }
2302 return true;
2303 }
2304
2305 class SnapshotTestEnvironment : public ::testing::Environment {
2306 public:
~SnapshotTestEnvironment()2307 ~SnapshotTestEnvironment() override {}
2308 void SetUp() override;
2309 void TearDown() override;
2310
2311 private:
2312 bool CreateFakeSuper();
2313
2314 std::unique_ptr<IImageManager> super_images_;
2315 };
2316
CreateFakeSuper()2317 bool SnapshotTestEnvironment::CreateFakeSuper() {
2318 // Create and map the fake super partition.
2319 static constexpr int kImageFlags =
2320 IImageManager::CREATE_IMAGE_DEFAULT | IImageManager::CREATE_IMAGE_ZERO_FILL;
2321 if (!super_images_->CreateBackingImage("fake-super", kSuperSize, kImageFlags)) {
2322 LOG(ERROR) << "Could not create fake super partition";
2323 return false;
2324 }
2325 if (!super_images_->MapImageDevice("fake-super", 10s, &fake_super)) {
2326 LOG(ERROR) << "Could not map fake super partition";
2327 return false;
2328 }
2329 test_device->set_fake_super(fake_super);
2330 return true;
2331 }
2332
SetUp()2333 void SnapshotTestEnvironment::SetUp() {
2334 // b/163082876: GTEST_SKIP in Environment will make atest report incorrect results. Until
2335 // that is fixed, don't call GTEST_SKIP here, but instead call GTEST_SKIP in individual test
2336 // suites.
2337 RETURN_IF_NON_VIRTUAL_AB_MSG("Virtual A/B is not enabled, skipping global setup.\n");
2338
2339 std::vector<std::string> paths = {
2340 // clang-format off
2341 "/data/gsi/ota/test",
2342 "/data/gsi/ota/test/super",
2343 "/metadata/gsi/ota/test",
2344 "/metadata/gsi/ota/test/super",
2345 "/metadata/ota/test",
2346 "/metadata/ota/test/snapshots",
2347 // clang-format on
2348 };
2349 for (const auto& path : paths) {
2350 ASSERT_TRUE(Mkdir(path));
2351 }
2352
2353 // Create this once, otherwise, gsid will start/stop between each test.
2354 test_device = new TestDeviceInfo();
2355 sm = SnapshotManager::New(test_device);
2356 ASSERT_NE(nullptr, sm) << "Could not create snapshot manager";
2357
2358 // Use a separate image manager for our fake super partition.
2359 super_images_ = IImageManager::Open("ota/test/super", 10s);
2360 ASSERT_NE(nullptr, super_images_) << "Could not create image manager";
2361
2362 // Map the old image if one exists so we can safely unmap everything that
2363 // depends on it.
2364 bool recreate_fake_super;
2365 if (super_images_->BackingImageExists("fake-super")) {
2366 if (super_images_->IsImageMapped("fake-super")) {
2367 ASSERT_TRUE(super_images_->GetMappedImageDevice("fake-super", &fake_super));
2368 } else {
2369 ASSERT_TRUE(super_images_->MapImageDevice("fake-super", 10s, &fake_super));
2370 }
2371 test_device->set_fake_super(fake_super);
2372 recreate_fake_super = true;
2373 } else {
2374 ASSERT_TRUE(CreateFakeSuper());
2375 recreate_fake_super = false;
2376 }
2377
2378 // Clean up previous run.
2379 MetadataMountedTest().TearDown();
2380 SnapshotUpdateTest().Cleanup();
2381 SnapshotTest().Cleanup();
2382
2383 if (recreate_fake_super) {
2384 // Clean up any old copy.
2385 DeleteBackingImage(super_images_.get(), "fake-super");
2386 ASSERT_TRUE(CreateFakeSuper());
2387 }
2388 }
2389
TearDown()2390 void SnapshotTestEnvironment::TearDown() {
2391 RETURN_IF_NON_VIRTUAL_AB();
2392 if (super_images_ != nullptr) {
2393 DeleteBackingImage(super_images_.get(), "fake-super");
2394 }
2395 }
2396
2397 } // namespace snapshot
2398 } // namespace android
2399
main(int argc,char ** argv)2400 int main(int argc, char** argv) {
2401 ::testing::InitGoogleTest(&argc, argv);
2402 ::testing::AddGlobalTestEnvironment(new ::android::snapshot::SnapshotTestEnvironment());
2403 return RUN_ALL_TESTS();
2404 }
2405