1 // Copyright (C) 2018 The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <libsnapshot/cow_format.h>
16 #include <libsnapshot/snapshot.h>
17 
18 #include <fcntl.h>
19 #include <signal.h>
20 #include <sys/file.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23 
24 #include <chrono>
25 #include <deque>
26 #include <future>
27 #include <iostream>
28 
29 #include <android-base/file.h>
30 #include <android-base/logging.h>
31 #include <android-base/properties.h>
32 #include <android-base/strings.h>
33 #include <android-base/unique_fd.h>
34 #include <fs_mgr/file_wait.h>
35 #include <fs_mgr/roots.h>
36 #include <fs_mgr_dm_linear.h>
37 #include <gtest/gtest.h>
38 #include <libdm/dm.h>
39 #include <libfiemap/image_manager.h>
40 #include <liblp/builder.h>
41 #include <storage_literals/storage_literals.h>
42 
43 #include <android/snapshot/snapshot.pb.h>
44 #include <libsnapshot/test_helpers.h>
45 #include "partition_cow_creator.h"
46 #include "utility.h"
47 
48 // Mock classes are not used. Header included to ensure mocked class definition aligns with the
49 // class itself.
50 #include <libsnapshot/mock_device_info.h>
51 #include <libsnapshot/mock_snapshot.h>
52 
53 namespace android {
54 namespace snapshot {
55 
56 using android::base::unique_fd;
57 using android::dm::DeviceMapper;
58 using android::dm::DmDeviceState;
59 using android::fiemap::FiemapStatus;
60 using android::fiemap::IImageManager;
61 using android::fs_mgr::BlockDeviceInfo;
62 using android::fs_mgr::CreateLogicalPartitionParams;
63 using android::fs_mgr::DestroyLogicalPartition;
64 using android::fs_mgr::EnsurePathMounted;
65 using android::fs_mgr::EnsurePathUnmounted;
66 using android::fs_mgr::Extent;
67 using android::fs_mgr::Fstab;
68 using android::fs_mgr::GetPartitionGroupName;
69 using android::fs_mgr::GetPartitionName;
70 using android::fs_mgr::Interval;
71 using android::fs_mgr::MetadataBuilder;
72 using android::fs_mgr::SlotSuffixForSlotNumber;
73 using chromeos_update_engine::DeltaArchiveManifest;
74 using chromeos_update_engine::DynamicPartitionGroup;
75 using chromeos_update_engine::PartitionUpdate;
76 using namespace ::testing;
77 using namespace android::storage_literals;
78 using namespace std::chrono_literals;
79 using namespace std::string_literals;
80 
81 // Global states. See test_helpers.h.
82 std::unique_ptr<SnapshotManager> sm;
83 TestDeviceInfo* test_device = nullptr;
84 std::string fake_super;
85 
86 void MountMetadata();
87 
88 class SnapshotTest : public ::testing::Test {
89   public:
SnapshotTest()90     SnapshotTest() : dm_(DeviceMapper::Instance()) {}
91 
92     // This is exposed for main.
Cleanup()93     void Cleanup() {
94         InitializeState();
95         CleanupTestArtifacts();
96     }
97 
98   protected:
SetUp()99     void SetUp() override {
100         SKIP_IF_NON_VIRTUAL_AB();
101 
102         SnapshotTestPropertyFetcher::SetUp();
103         InitializeState();
104         CleanupTestArtifacts();
105         FormatFakeSuper();
106         MountMetadata();
107         ASSERT_TRUE(sm->BeginUpdate());
108     }
109 
TearDown()110     void TearDown() override {
111         RETURN_IF_NON_VIRTUAL_AB();
112 
113         lock_ = nullptr;
114 
115         CleanupTestArtifacts();
116         SnapshotTestPropertyFetcher::TearDown();
117     }
118 
InitializeState()119     void InitializeState() {
120         ASSERT_TRUE(sm->EnsureImageManager());
121         image_manager_ = sm->image_manager();
122 
123         test_device->set_slot_suffix("_a");
124 
125         sm->set_use_first_stage_snapuserd(false);
126     }
127 
CleanupTestArtifacts()128     void CleanupTestArtifacts() {
129         // Normally cancelling inside a merge is not allowed. Since these
130         // are tests, we don't care, destroy everything that might exist.
131         // Note we hardcode this list because of an annoying quirk: when
132         // completing a merge, the snapshot stops existing, so we can't
133         // get an accurate list to remove.
134         lock_ = nullptr;
135 
136         std::vector<std::string> snapshots = {"test-snapshot", "test_partition_a",
137                                               "test_partition_b"};
138         for (const auto& snapshot : snapshots) {
139             ASSERT_TRUE(DeleteSnapshotDevice(snapshot));
140             DeleteBackingImage(image_manager_, snapshot + "-cow-img");
141 
142             auto status_file = sm->GetSnapshotStatusFilePath(snapshot);
143             android::base::RemoveFileIfExists(status_file);
144         }
145 
146         // Remove stale partitions in fake super.
147         std::vector<std::string> partitions = {
148                 "base-device",
149                 "test_partition_b",
150                 "test_partition_b-base",
151                 "test_partition_b-base",
152         };
153         for (const auto& partition : partitions) {
154             DeleteDevice(partition);
155         }
156 
157         if (sm->GetUpdateState() != UpdateState::None) {
158             auto state_file = sm->GetStateFilePath();
159             unlink(state_file.c_str());
160         }
161     }
162 
AcquireLock()163     bool AcquireLock() {
164         lock_ = sm->LockExclusive();
165         return !!lock_;
166     }
167 
168     // This is so main() can instantiate this to invoke Cleanup.
TestBody()169     virtual void TestBody() override {}
170 
FormatFakeSuper()171     void FormatFakeSuper() {
172         BlockDeviceInfo super_device("super", kSuperSize, 0, 0, 4096);
173         std::vector<BlockDeviceInfo> devices = {super_device};
174 
175         auto builder = MetadataBuilder::New(devices, "super", 65536, 2);
176         ASSERT_NE(builder, nullptr);
177 
178         auto metadata = builder->Export();
179         ASSERT_NE(metadata, nullptr);
180 
181         TestPartitionOpener opener(fake_super);
182         ASSERT_TRUE(FlashPartitionTable(opener, fake_super, *metadata.get()));
183     }
184 
185     // If |path| is non-null, the partition will be mapped after creation.
CreatePartition(const std::string & name,uint64_t size,std::string * path=nullptr,const std::optional<std::string> group={})186     bool CreatePartition(const std::string& name, uint64_t size, std::string* path = nullptr,
187                          const std::optional<std::string> group = {}) {
188         TestPartitionOpener opener(fake_super);
189         auto builder = MetadataBuilder::New(opener, "super", 0);
190         if (!builder) return false;
191 
192         std::string partition_group = std::string(android::fs_mgr::kDefaultGroup);
193         if (group) {
194             partition_group = *group;
195         }
196         return CreatePartition(builder.get(), name, size, path, partition_group);
197     }
198 
CreatePartition(MetadataBuilder * builder,const std::string & name,uint64_t size,std::string * path,const std::string & group)199     bool CreatePartition(MetadataBuilder* builder, const std::string& name, uint64_t size,
200                          std::string* path, const std::string& group) {
201         auto partition = builder->AddPartition(name, group, 0);
202         if (!partition) return false;
203         if (!builder->ResizePartition(partition, size)) {
204             return false;
205         }
206 
207         // Update the source slot.
208         auto metadata = builder->Export();
209         if (!metadata) return false;
210 
211         TestPartitionOpener opener(fake_super);
212         if (!UpdatePartitionTable(opener, "super", *metadata.get(), 0)) {
213             return false;
214         }
215 
216         if (!path) return true;
217 
218         CreateLogicalPartitionParams params = {
219                 .block_device = fake_super,
220                 .metadata = metadata.get(),
221                 .partition_name = name,
222                 .force_writable = true,
223                 .timeout_ms = 10s,
224         };
225         return CreateLogicalPartition(params, path);
226     }
227 
MapUpdateSnapshot(const std::string & name,std::unique_ptr<ISnapshotWriter> * writer)228     AssertionResult MapUpdateSnapshot(const std::string& name,
229                                       std::unique_ptr<ISnapshotWriter>* writer) {
230         TestPartitionOpener opener(fake_super);
231         CreateLogicalPartitionParams params{
232                 .block_device = fake_super,
233                 .metadata_slot = 1,
234                 .partition_name = name,
235                 .timeout_ms = 10s,
236                 .partition_opener = &opener,
237         };
238 
239         auto old_partition = "/dev/block/mapper/" + GetOtherPartitionName(name);
240         auto result = sm->OpenSnapshotWriter(params, {old_partition});
241         if (!result) {
242             return AssertionFailure() << "Cannot open snapshot for writing: " << name;
243         }
244         if (!result->Initialize()) {
245             return AssertionFailure() << "Cannot initialize snapshot for writing: " << name;
246         }
247 
248         if (writer) {
249             *writer = std::move(result);
250         }
251         return AssertionSuccess();
252     }
253 
MapUpdateSnapshot(const std::string & name,std::string * path)254     AssertionResult MapUpdateSnapshot(const std::string& name, std::string* path) {
255         TestPartitionOpener opener(fake_super);
256         CreateLogicalPartitionParams params{
257                 .block_device = fake_super,
258                 .metadata_slot = 1,
259                 .partition_name = name,
260                 .timeout_ms = 10s,
261                 .partition_opener = &opener,
262         };
263 
264         auto result = sm->MapUpdateSnapshot(params, path);
265         if (!result) {
266             return AssertionFailure() << "Cannot open snapshot for writing: " << name;
267         }
268         return AssertionSuccess();
269     }
270 
DeleteSnapshotDevice(const std::string & snapshot)271     AssertionResult DeleteSnapshotDevice(const std::string& snapshot) {
272         AssertionResult res = AssertionSuccess();
273         if (!(res = DeleteDevice(snapshot))) return res;
274         if (!sm->UnmapDmUserDevice(snapshot)) {
275             return AssertionFailure() << "Cannot delete dm-user device for " << snapshot;
276         }
277         if (!(res = DeleteDevice(snapshot + "-inner"))) return res;
278         if (!(res = DeleteDevice(snapshot + "-cow"))) return res;
279         if (!image_manager_->UnmapImageIfExists(snapshot + "-cow-img")) {
280             return AssertionFailure() << "Cannot unmap image " << snapshot << "-cow-img";
281         }
282         if (!(res = DeleteDevice(snapshot + "-base"))) return res;
283         if (!(res = DeleteDevice(snapshot + "-src"))) return res;
284         return AssertionSuccess();
285     }
286 
DeleteDevice(const std::string & device)287     AssertionResult DeleteDevice(const std::string& device) {
288         if (!dm_.DeleteDeviceIfExists(device)) {
289             return AssertionFailure() << "Can't delete " << device;
290         }
291         return AssertionSuccess();
292     }
293 
CreateCowImage(const std::string & name)294     AssertionResult CreateCowImage(const std::string& name) {
295         if (!sm->CreateCowImage(lock_.get(), name)) {
296             return AssertionFailure() << "Cannot create COW image " << name;
297         }
298         std::string cow_device;
299         auto map_res = MapCowImage(name, 10s, &cow_device);
300         if (!map_res) {
301             return map_res;
302         }
303         if (!InitializeKernelCow(cow_device)) {
304             return AssertionFailure() << "Cannot zero fill " << cow_device;
305         }
306         if (!sm->UnmapCowImage(name)) {
307             return AssertionFailure() << "Cannot unmap " << name << " after zero filling it";
308         }
309         return AssertionSuccess();
310     }
311 
MapCowImage(const std::string & name,const std::chrono::milliseconds & timeout_ms,std::string * path)312     AssertionResult MapCowImage(const std::string& name,
313                                 const std::chrono::milliseconds& timeout_ms, std::string* path) {
314         auto cow_image_path = sm->MapCowImage(name, timeout_ms);
315         if (!cow_image_path.has_value()) {
316             return AssertionFailure() << "Cannot map cow image " << name;
317         }
318         *path = *cow_image_path;
319         return AssertionSuccess();
320     }
321 
322     // Prepare A/B slot for a partition named "test_partition".
PrepareOneSnapshot(uint64_t device_size,std::unique_ptr<ISnapshotWriter> * writer=nullptr)323     AssertionResult PrepareOneSnapshot(uint64_t device_size,
324                                        std::unique_ptr<ISnapshotWriter>* writer = nullptr) {
325         lock_ = nullptr;
326 
327         DeltaArchiveManifest manifest;
328 
329         auto dynamic_partition_metadata = manifest.mutable_dynamic_partition_metadata();
330         dynamic_partition_metadata->set_vabc_enabled(IsCompressionEnabled());
331         dynamic_partition_metadata->set_cow_version(android::snapshot::kCowVersionMajor);
332 
333         auto group = dynamic_partition_metadata->add_groups();
334         group->set_name("group");
335         group->set_size(device_size * 2);
336         group->add_partition_names("test_partition");
337 
338         auto pu = manifest.add_partitions();
339         pu->set_partition_name("test_partition");
340         pu->set_estimate_cow_size(device_size);
341         SetSize(pu, device_size);
342 
343         auto extent = pu->add_operations()->add_dst_extents();
344         extent->set_start_block(0);
345         if (device_size) {
346             extent->set_num_blocks(device_size / manifest.block_size());
347         }
348 
349         TestPartitionOpener opener(fake_super);
350         auto builder = MetadataBuilder::New(opener, "super", 0);
351         if (!builder) {
352             return AssertionFailure() << "Failed to open MetadataBuilder";
353         }
354         builder->AddGroup("group_a", 16_GiB);
355         builder->AddGroup("group_b", 16_GiB);
356         if (!CreatePartition(builder.get(), "test_partition_a", device_size, nullptr, "group_a")) {
357             return AssertionFailure() << "Failed create test_partition_a";
358         }
359 
360         if (!sm->CreateUpdateSnapshots(manifest)) {
361             return AssertionFailure() << "Failed to create update snapshots";
362         }
363 
364         if (writer) {
365             auto res = MapUpdateSnapshot("test_partition_b", writer);
366             if (!res) {
367                 return res;
368             }
369         } else if (!IsCompressionEnabled()) {
370             std::string ignore;
371             if (!MapUpdateSnapshot("test_partition_b", &ignore)) {
372                 return AssertionFailure() << "Failed to map test_partition_b";
373             }
374         }
375         if (!AcquireLock()) {
376             return AssertionFailure() << "Failed to acquire lock";
377         }
378         return AssertionSuccess();
379     }
380 
381     // Simulate a reboot into the new slot.
SimulateReboot()382     AssertionResult SimulateReboot() {
383         lock_ = nullptr;
384         if (!sm->FinishedSnapshotWrites(false)) {
385             return AssertionFailure() << "Failed to finish snapshot writes";
386         }
387         if (!sm->UnmapUpdateSnapshot("test_partition_b")) {
388             return AssertionFailure() << "Failed to unmap COW for test_partition_b";
389         }
390         if (!dm_.DeleteDeviceIfExists("test_partition_b")) {
391             return AssertionFailure() << "Failed to delete test_partition_b";
392         }
393         if (!dm_.DeleteDeviceIfExists("test_partition_b-base")) {
394             return AssertionFailure() << "Failed to destroy test_partition_b-base";
395         }
396         return AssertionSuccess();
397     }
398 
NewManagerForFirstStageMount(const std::string & slot_suffix="_a")399     std::unique_ptr<SnapshotManager> NewManagerForFirstStageMount(
400             const std::string& slot_suffix = "_a") {
401         auto info = new TestDeviceInfo(fake_super, slot_suffix);
402         return NewManagerForFirstStageMount(info);
403     }
404 
NewManagerForFirstStageMount(TestDeviceInfo * info)405     std::unique_ptr<SnapshotManager> NewManagerForFirstStageMount(TestDeviceInfo* info) {
406         info->set_first_stage_init(true);
407         auto init = SnapshotManager::NewForFirstStageMount(info);
408         if (!init) {
409             return nullptr;
410         }
411         init->SetUeventRegenCallback([](const std::string& device) -> bool {
412             return android::fs_mgr::WaitForFile(device, snapshot_timeout_);
413         });
414         return init;
415     }
416 
417     static constexpr std::chrono::milliseconds snapshot_timeout_ = 5s;
418     DeviceMapper& dm_;
419     std::unique_ptr<SnapshotManager::LockedFile> lock_;
420     android::fiemap::IImageManager* image_manager_ = nullptr;
421     std::string fake_super_;
422 };
423 
TEST_F(SnapshotTest,CreateSnapshot)424 TEST_F(SnapshotTest, CreateSnapshot) {
425     ASSERT_TRUE(AcquireLock());
426 
427     PartitionCowCreator cow_creator;
428     cow_creator.compression_enabled = IsCompressionEnabled();
429     if (cow_creator.compression_enabled) {
430         cow_creator.compression_algorithm = "gz";
431     } else {
432         cow_creator.compression_algorithm = "none";
433     }
434 
435     static const uint64_t kDeviceSize = 1024 * 1024;
436     SnapshotStatus status;
437     status.set_name("test-snapshot");
438     status.set_device_size(kDeviceSize);
439     status.set_snapshot_size(kDeviceSize);
440     status.set_cow_file_size(kDeviceSize);
441     ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
442     ASSERT_TRUE(CreateCowImage("test-snapshot"));
443 
444     std::vector<std::string> snapshots;
445     ASSERT_TRUE(sm->ListSnapshots(lock_.get(), &snapshots));
446     ASSERT_EQ(snapshots.size(), 1);
447     ASSERT_EQ(snapshots[0], "test-snapshot");
448 
449     // Scope so delete can re-acquire the snapshot file lock.
450     {
451         SnapshotStatus status;
452         ASSERT_TRUE(sm->ReadSnapshotStatus(lock_.get(), "test-snapshot", &status));
453         ASSERT_EQ(status.state(), SnapshotState::CREATED);
454         ASSERT_EQ(status.device_size(), kDeviceSize);
455         ASSERT_EQ(status.snapshot_size(), kDeviceSize);
456         ASSERT_EQ(status.compression_enabled(), cow_creator.compression_enabled);
457         ASSERT_EQ(status.compression_algorithm(), cow_creator.compression_algorithm);
458     }
459 
460     ASSERT_TRUE(sm->UnmapSnapshot(lock_.get(), "test-snapshot"));
461     ASSERT_TRUE(sm->UnmapCowImage("test-snapshot"));
462     ASSERT_TRUE(sm->DeleteSnapshot(lock_.get(), "test-snapshot"));
463 }
464 
TEST_F(SnapshotTest,MapSnapshot)465 TEST_F(SnapshotTest, MapSnapshot) {
466     ASSERT_TRUE(AcquireLock());
467 
468     PartitionCowCreator cow_creator;
469     cow_creator.compression_enabled = IsCompressionEnabled();
470 
471     static const uint64_t kDeviceSize = 1024 * 1024;
472     SnapshotStatus status;
473     status.set_name("test-snapshot");
474     status.set_device_size(kDeviceSize);
475     status.set_snapshot_size(kDeviceSize);
476     status.set_cow_file_size(kDeviceSize);
477     ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
478     ASSERT_TRUE(CreateCowImage("test-snapshot"));
479 
480     std::string base_device;
481     ASSERT_TRUE(CreatePartition("base-device", kDeviceSize, &base_device));
482 
483     std::string cow_device;
484     ASSERT_TRUE(MapCowImage("test-snapshot", 10s, &cow_device));
485 
486     std::string snap_device;
487     ASSERT_TRUE(sm->MapSnapshot(lock_.get(), "test-snapshot", base_device, cow_device, 10s,
488                                 &snap_device));
489     ASSERT_TRUE(android::base::StartsWith(snap_device, "/dev/block/dm-"));
490 }
491 
TEST_F(SnapshotTest,NoMergeBeforeReboot)492 TEST_F(SnapshotTest, NoMergeBeforeReboot) {
493     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
494 
495     // Merge should fail, since the slot hasn't changed.
496     ASSERT_FALSE(sm->InitiateMerge());
497 }
498 
TEST_F(SnapshotTest,CleanFirstStageMount)499 TEST_F(SnapshotTest, CleanFirstStageMount) {
500     // If there's no update in progress, there should be no first-stage mount
501     // needed.
502     auto sm = NewManagerForFirstStageMount();
503     ASSERT_NE(sm, nullptr);
504     ASSERT_FALSE(sm->NeedSnapshotsInFirstStageMount());
505 }
506 
TEST_F(SnapshotTest,FirstStageMountAfterRollback)507 TEST_F(SnapshotTest, FirstStageMountAfterRollback) {
508     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
509 
510     // We didn't change the slot, so we shouldn't need snapshots.
511     auto sm = NewManagerForFirstStageMount();
512     ASSERT_NE(sm, nullptr);
513     ASSERT_FALSE(sm->NeedSnapshotsInFirstStageMount());
514 
515     auto indicator = sm->GetRollbackIndicatorPath();
516     ASSERT_EQ(access(indicator.c_str(), R_OK), 0);
517 }
518 
TEST_F(SnapshotTest,Merge)519 TEST_F(SnapshotTest, Merge) {
520     ASSERT_TRUE(AcquireLock());
521 
522     static const uint64_t kDeviceSize = 1024 * 1024;
523 
524     std::unique_ptr<ISnapshotWriter> writer;
525     ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize, &writer));
526 
527     // Release the lock.
528     lock_ = nullptr;
529 
530     std::string test_string = "This is a test string.";
531     test_string.resize(writer->options().block_size);
532     ASSERT_TRUE(writer->AddRawBlocks(0, test_string.data(), test_string.size()));
533     ASSERT_TRUE(writer->Finalize());
534     writer = nullptr;
535 
536     // Done updating.
537     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
538 
539     ASSERT_TRUE(sm->UnmapUpdateSnapshot("test_partition_b"));
540 
541     test_device->set_slot_suffix("_b");
542     ASSERT_TRUE(sm->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
543     ASSERT_TRUE(sm->InitiateMerge());
544 
545     // The device should have been switched to a snapshot-merge target.
546     DeviceMapper::TargetInfo target;
547     ASSERT_TRUE(sm->IsSnapshotDevice("test_partition_b", &target));
548     ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot-merge");
549 
550     // We should not be able to cancel an update now.
551     ASSERT_FALSE(sm->CancelUpdate());
552 
553     ASSERT_EQ(sm->ProcessUpdateState(), UpdateState::MergeCompleted);
554     ASSERT_EQ(sm->GetUpdateState(), UpdateState::None);
555 
556     // The device should no longer be a snapshot or snapshot-merge.
557     ASSERT_FALSE(sm->IsSnapshotDevice("test_partition_b"));
558 
559     // Test that we can read back the string we wrote to the snapshot. Note
560     // that the base device is gone now. |snap_device| contains the correct
561     // partition.
562     unique_fd fd(open("/dev/block/mapper/test_partition_b", O_RDONLY | O_CLOEXEC));
563     ASSERT_GE(fd, 0);
564 
565     std::string buffer(test_string.size(), '\0');
566     ASSERT_TRUE(android::base::ReadFully(fd, buffer.data(), buffer.size()));
567     ASSERT_EQ(test_string, buffer);
568 }
569 
TEST_F(SnapshotTest,FirstStageMountAndMerge)570 TEST_F(SnapshotTest, FirstStageMountAndMerge) {
571     ASSERT_TRUE(AcquireLock());
572 
573     static const uint64_t kDeviceSize = 1024 * 1024;
574     ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
575     ASSERT_TRUE(SimulateReboot());
576 
577     auto init = NewManagerForFirstStageMount("_b");
578     ASSERT_NE(init, nullptr);
579     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
580     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
581 
582     ASSERT_TRUE(AcquireLock());
583 
584     // Validate that we have a snapshot device.
585     SnapshotStatus status;
586     ASSERT_TRUE(init->ReadSnapshotStatus(lock_.get(), "test_partition_b", &status));
587     ASSERT_EQ(status.state(), SnapshotState::CREATED);
588     if (IsCompressionEnabled()) {
589         ASSERT_EQ(status.compression_algorithm(), "gz");
590     } else {
591         ASSERT_EQ(status.compression_algorithm(), "none");
592     }
593 
594     DeviceMapper::TargetInfo target;
595     ASSERT_TRUE(init->IsSnapshotDevice("test_partition_b", &target));
596     ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
597 }
598 
TEST_F(SnapshotTest,FlashSuperDuringUpdate)599 TEST_F(SnapshotTest, FlashSuperDuringUpdate) {
600     ASSERT_TRUE(AcquireLock());
601 
602     static const uint64_t kDeviceSize = 1024 * 1024;
603     ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
604     ASSERT_TRUE(SimulateReboot());
605 
606     // Reflash the super partition.
607     FormatFakeSuper();
608     ASSERT_TRUE(CreatePartition("test_partition_b", kDeviceSize));
609 
610     auto init = NewManagerForFirstStageMount("_b");
611     ASSERT_NE(init, nullptr);
612     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
613     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
614 
615     ASSERT_TRUE(AcquireLock());
616 
617     SnapshotStatus status;
618     ASSERT_TRUE(init->ReadSnapshotStatus(lock_.get(), "test_partition_b", &status));
619 
620     // We should not get a snapshot device now.
621     DeviceMapper::TargetInfo target;
622     ASSERT_FALSE(init->IsSnapshotDevice("test_partition_b", &target));
623 
624     // We should see a cancelled update as well.
625     lock_ = nullptr;
626     ASSERT_EQ(sm->ProcessUpdateState(), UpdateState::Cancelled);
627 }
628 
TEST_F(SnapshotTest,FlashSuperDuringMerge)629 TEST_F(SnapshotTest, FlashSuperDuringMerge) {
630     ASSERT_TRUE(AcquireLock());
631 
632     static const uint64_t kDeviceSize = 1024 * 1024;
633     ASSERT_TRUE(PrepareOneSnapshot(kDeviceSize));
634     ASSERT_TRUE(SimulateReboot());
635 
636     auto init = NewManagerForFirstStageMount("_b");
637     ASSERT_NE(init, nullptr);
638     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
639     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
640     ASSERT_TRUE(init->InitiateMerge());
641 
642     // Now, reflash super. Note that we haven't called ProcessUpdateState, so the
643     // status is still Merging.
644     ASSERT_TRUE(DeleteSnapshotDevice("test_partition_b"));
645     ASSERT_TRUE(init->image_manager()->UnmapImageIfExists("test_partition_b-cow-img"));
646     FormatFakeSuper();
647     ASSERT_TRUE(CreatePartition("test_partition_b", kDeviceSize));
648     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
649     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
650 
651     // Because the status is Merging, we must call ProcessUpdateState, which should
652     // detect a cancelled update.
653     ASSERT_EQ(init->ProcessUpdateState(), UpdateState::Cancelled);
654     ASSERT_EQ(init->GetUpdateState(), UpdateState::None);
655 }
656 
TEST_F(SnapshotTest,UpdateBootControlHal)657 TEST_F(SnapshotTest, UpdateBootControlHal) {
658     ASSERT_TRUE(AcquireLock());
659 
660     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::None));
661     ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
662 
663     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Initiated));
664     ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
665 
666     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Unverified));
667     ASSERT_EQ(test_device->merge_status(), MergeStatus::SNAPSHOTTED);
668 
669     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::Merging));
670     ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
671 
672     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeNeedsReboot));
673     ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
674 
675     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeCompleted));
676     ASSERT_EQ(test_device->merge_status(), MergeStatus::NONE);
677 
678     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeFailed));
679     ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
680 }
681 
TEST_F(SnapshotTest,MergeFailureCode)682 TEST_F(SnapshotTest, MergeFailureCode) {
683     ASSERT_TRUE(AcquireLock());
684 
685     ASSERT_TRUE(sm->WriteUpdateState(lock_.get(), UpdateState::MergeFailed,
686                                      MergeFailureCode::ListSnapshots));
687     ASSERT_EQ(test_device->merge_status(), MergeStatus::MERGING);
688 
689     SnapshotUpdateStatus status = sm->ReadSnapshotUpdateStatus(lock_.get());
690     ASSERT_EQ(status.state(), UpdateState::MergeFailed);
691     ASSERT_EQ(status.merge_failure_code(), MergeFailureCode::ListSnapshots);
692 }
693 
694 enum class Request { UNKNOWN, LOCK_SHARED, LOCK_EXCLUSIVE, UNLOCK, EXIT };
operator <<(std::ostream & os,Request request)695 std::ostream& operator<<(std::ostream& os, Request request) {
696     switch (request) {
697         case Request::LOCK_SHARED:
698             return os << "Shared";
699         case Request::LOCK_EXCLUSIVE:
700             return os << "Exclusive";
701         case Request::UNLOCK:
702             return os << "Unlock";
703         case Request::EXIT:
704             return os << "Exit";
705         case Request::UNKNOWN:
706             [[fallthrough]];
707         default:
708             return os << "Unknown";
709     }
710 }
711 
712 class LockTestConsumer {
713   public:
MakeRequest(Request new_request)714     AssertionResult MakeRequest(Request new_request) {
715         {
716             std::unique_lock<std::mutex> ulock(mutex_);
717             requests_.push_back(new_request);
718         }
719         cv_.notify_all();
720         return AssertionSuccess() << "Request " << new_request << " successful";
721     }
722 
723     template <typename R, typename P>
WaitFulfill(std::chrono::duration<R,P> timeout)724     AssertionResult WaitFulfill(std::chrono::duration<R, P> timeout) {
725         std::unique_lock<std::mutex> ulock(mutex_);
726         if (cv_.wait_for(ulock, timeout, [this] { return requests_.empty(); })) {
727             return AssertionSuccess() << "All requests_ fulfilled.";
728         }
729         return AssertionFailure() << "Timeout waiting for fulfilling " << requests_.size()
730                                   << " request(s), first one is "
731                                   << (requests_.empty() ? Request::UNKNOWN : requests_.front());
732     }
733 
StartHandleRequestsInBackground()734     void StartHandleRequestsInBackground() {
735         future_ = std::async(std::launch::async, &LockTestConsumer::HandleRequests, this);
736     }
737 
738   private:
HandleRequests()739     void HandleRequests() {
740         static constexpr auto consumer_timeout = 3s;
741 
742         auto next_request = Request::UNKNOWN;
743         do {
744             // Peek next request.
745             {
746                 std::unique_lock<std::mutex> ulock(mutex_);
747                 if (cv_.wait_for(ulock, consumer_timeout, [this] { return !requests_.empty(); })) {
748                     next_request = requests_.front();
749                 } else {
750                     next_request = Request::EXIT;
751                 }
752             }
753 
754             // Handle next request.
755             switch (next_request) {
756                 case Request::LOCK_SHARED: {
757                     lock_ = sm->LockShared();
758                 } break;
759                 case Request::LOCK_EXCLUSIVE: {
760                     lock_ = sm->LockExclusive();
761                 } break;
762                 case Request::EXIT:
763                     [[fallthrough]];
764                 case Request::UNLOCK: {
765                     lock_.reset();
766                 } break;
767                 case Request::UNKNOWN:
768                     [[fallthrough]];
769                 default:
770                     break;
771             }
772 
773             // Pop next request. This thread is the only thread that
774             // pops from the front of the requests_ deque.
775             {
776                 std::unique_lock<std::mutex> ulock(mutex_);
777                 if (next_request == Request::EXIT) {
778                     requests_.clear();
779                 } else {
780                     requests_.pop_front();
781                 }
782             }
783             cv_.notify_all();
784         } while (next_request != Request::EXIT);
785     }
786 
787     std::mutex mutex_;
788     std::condition_variable cv_;
789     std::deque<Request> requests_;
790     std::unique_ptr<SnapshotManager::LockedFile> lock_;
791     std::future<void> future_;
792 };
793 
794 class LockTest : public ::testing::Test {
795   public:
SetUp()796     void SetUp() {
797         SKIP_IF_NON_VIRTUAL_AB();
798         first_consumer.StartHandleRequestsInBackground();
799         second_consumer.StartHandleRequestsInBackground();
800     }
801 
TearDown()802     void TearDown() {
803         RETURN_IF_NON_VIRTUAL_AB();
804         EXPECT_TRUE(first_consumer.MakeRequest(Request::EXIT));
805         EXPECT_TRUE(second_consumer.MakeRequest(Request::EXIT));
806     }
807 
808     static constexpr auto request_timeout = 500ms;
809     LockTestConsumer first_consumer;
810     LockTestConsumer second_consumer;
811 };
812 
TEST_F(LockTest,SharedShared)813 TEST_F(LockTest, SharedShared) {
814     ASSERT_TRUE(first_consumer.MakeRequest(Request::LOCK_SHARED));
815     ASSERT_TRUE(first_consumer.WaitFulfill(request_timeout));
816     ASSERT_TRUE(second_consumer.MakeRequest(Request::LOCK_SHARED));
817     ASSERT_TRUE(second_consumer.WaitFulfill(request_timeout));
818 }
819 
820 using LockTestParam = std::pair<Request, Request>;
821 class LockTestP : public LockTest, public ::testing::WithParamInterface<LockTestParam> {};
TEST_P(LockTestP,Test)822 TEST_P(LockTestP, Test) {
823     ASSERT_TRUE(first_consumer.MakeRequest(GetParam().first));
824     ASSERT_TRUE(first_consumer.WaitFulfill(request_timeout));
825     ASSERT_TRUE(second_consumer.MakeRequest(GetParam().second));
826     ASSERT_FALSE(second_consumer.WaitFulfill(request_timeout))
827             << "Should not be able to " << GetParam().second << " while separate thread "
828             << GetParam().first;
829     ASSERT_TRUE(first_consumer.MakeRequest(Request::UNLOCK));
830     ASSERT_TRUE(second_consumer.WaitFulfill(request_timeout))
831             << "Should be able to hold lock that is released by separate thread";
832 }
833 INSTANTIATE_TEST_SUITE_P(
834         LockTest, LockTestP,
835         testing::Values(LockTestParam{Request::LOCK_EXCLUSIVE, Request::LOCK_EXCLUSIVE},
836                         LockTestParam{Request::LOCK_EXCLUSIVE, Request::LOCK_SHARED},
837                         LockTestParam{Request::LOCK_SHARED, Request::LOCK_EXCLUSIVE}),
__anon4de4482e0402(const testing::TestParamInfo<LockTestP::ParamType>& info) 838         [](const testing::TestParamInfo<LockTestP::ParamType>& info) {
839             std::stringstream ss;
840             ss << info.param.first << info.param.second;
841             return ss.str();
842         });
843 
844 class SnapshotUpdateTest : public SnapshotTest {
845   public:
SetUp()846     void SetUp() override {
847         SKIP_IF_NON_VIRTUAL_AB();
848 
849         SnapshotTest::SetUp();
850         Cleanup();
851 
852         // Cleanup() changes slot suffix, so initialize it again.
853         test_device->set_slot_suffix("_a");
854 
855         opener_ = std::make_unique<TestPartitionOpener>(fake_super);
856 
857         auto dynamic_partition_metadata = manifest_.mutable_dynamic_partition_metadata();
858         dynamic_partition_metadata->set_vabc_enabled(IsCompressionEnabled());
859         dynamic_partition_metadata->set_cow_version(android::snapshot::kCowVersionMajor);
860 
861         // Create a fake update package metadata.
862         // Not using full name "system", "vendor", "product" because these names collide with the
863         // mapped partitions on the running device.
864         // Each test modifies manifest_ slightly to indicate changes to the partition layout.
865         group_ = dynamic_partition_metadata->add_groups();
866         group_->set_name("group");
867         group_->set_size(kGroupSize);
868         group_->add_partition_names("sys");
869         group_->add_partition_names("vnd");
870         group_->add_partition_names("prd");
871         sys_ = manifest_.add_partitions();
872         sys_->set_partition_name("sys");
873         sys_->set_estimate_cow_size(2_MiB);
874         SetSize(sys_, 3_MiB);
875         vnd_ = manifest_.add_partitions();
876         vnd_->set_partition_name("vnd");
877         vnd_->set_estimate_cow_size(2_MiB);
878         SetSize(vnd_, 3_MiB);
879         prd_ = manifest_.add_partitions();
880         prd_->set_partition_name("prd");
881         prd_->set_estimate_cow_size(2_MiB);
882         SetSize(prd_, 3_MiB);
883 
884         // Initialize source partition metadata using |manifest_|.
885         src_ = MetadataBuilder::New(*opener_, "super", 0);
886         ASSERT_NE(src_, nullptr);
887         ASSERT_TRUE(FillFakeMetadata(src_.get(), manifest_, "_a"));
888         // Add sys_b which is like system_other.
889         ASSERT_TRUE(src_->AddGroup("group_b", kGroupSize));
890         auto partition = src_->AddPartition("sys_b", "group_b", 0);
891         ASSERT_NE(nullptr, partition);
892         ASSERT_TRUE(src_->ResizePartition(partition, 1_MiB));
893         auto metadata = src_->Export();
894         ASSERT_NE(nullptr, metadata);
895         ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
896 
897         // Map source partitions. Additionally, map sys_b to simulate system_other after flashing.
898         std::string path;
899         for (const auto& name : {"sys_a", "vnd_a", "prd_a", "sys_b"}) {
900             ASSERT_TRUE(CreateLogicalPartition(
901                     CreateLogicalPartitionParams{
902                             .block_device = fake_super,
903                             .metadata_slot = 0,
904                             .partition_name = name,
905                             .timeout_ms = 1s,
906                             .partition_opener = opener_.get(),
907                     },
908                     &path));
909             ASSERT_TRUE(WriteRandomData(path));
910             auto hash = GetHash(path);
911             ASSERT_TRUE(hash.has_value());
912             hashes_[name] = *hash;
913         }
914     }
TearDown()915     void TearDown() override {
916         RETURN_IF_NON_VIRTUAL_AB();
917 
918         Cleanup();
919         SnapshotTest::TearDown();
920     }
Cleanup()921     void Cleanup() {
922         if (!image_manager_) {
923             InitializeState();
924         }
925         MountMetadata();
926         for (const auto& suffix : {"_a", "_b"}) {
927             test_device->set_slot_suffix(suffix);
928             EXPECT_TRUE(sm->CancelUpdate()) << suffix;
929         }
930         EXPECT_TRUE(UnmapAll());
931     }
932 
IsPartitionUnchanged(const std::string & name)933     AssertionResult IsPartitionUnchanged(const std::string& name) {
934         std::string path;
935         if (!dm_.GetDmDevicePathByName(name, &path)) {
936             return AssertionFailure() << "Path of " << name << " cannot be determined";
937         }
938         auto hash = GetHash(path);
939         if (!hash.has_value()) {
940             return AssertionFailure() << "Cannot read partition " << name << ": " << path;
941         }
942         auto it = hashes_.find(name);
943         if (it == hashes_.end()) {
944             return AssertionFailure() << "No existing hash for " << name << ". Bad test code?";
945         }
946         if (it->second != *hash) {
947             return AssertionFailure() << "Content of " << name << " has changed";
948         }
949         return AssertionSuccess();
950     }
951 
GetSnapshotSize(const std::string & name)952     std::optional<uint64_t> GetSnapshotSize(const std::string& name) {
953         if (!AcquireLock()) {
954             return std::nullopt;
955         }
956         auto local_lock = std::move(lock_);
957 
958         SnapshotStatus status;
959         if (!sm->ReadSnapshotStatus(local_lock.get(), name, &status)) {
960             return std::nullopt;
961         }
962         return status.snapshot_size();
963     }
964 
UnmapAll()965     AssertionResult UnmapAll() {
966         for (const auto& name : {"sys", "vnd", "prd"}) {
967             if (!dm_.DeleteDeviceIfExists(name + "_a"s)) {
968                 return AssertionFailure() << "Cannot unmap " << name << "_a";
969             }
970             if (!DeleteSnapshotDevice(name + "_b"s)) {
971                 return AssertionFailure() << "Cannot delete snapshot " << name << "_b";
972             }
973         }
974         return AssertionSuccess();
975     }
976 
MapOneUpdateSnapshot(const std::string & name)977     AssertionResult MapOneUpdateSnapshot(const std::string& name) {
978         if (IsCompressionEnabled()) {
979             std::unique_ptr<ISnapshotWriter> writer;
980             return MapUpdateSnapshot(name, &writer);
981         } else {
982             std::string path;
983             return MapUpdateSnapshot(name, &path);
984         }
985     }
986 
WriteSnapshotAndHash(const std::string & name)987     AssertionResult WriteSnapshotAndHash(const std::string& name) {
988         if (IsCompressionEnabled()) {
989             std::unique_ptr<ISnapshotWriter> writer;
990             auto res = MapUpdateSnapshot(name, &writer);
991             if (!res) {
992                 return res;
993             }
994             if (!WriteRandomData(writer.get(), &hashes_[name])) {
995                 return AssertionFailure() << "Unable to write random data to snapshot " << name;
996             }
997             if (!writer->Finalize()) {
998                 return AssertionFailure() << "Unable to finalize COW for " << name;
999             }
1000         } else {
1001             std::string path;
1002             auto res = MapUpdateSnapshot(name, &path);
1003             if (!res) {
1004                 return res;
1005             }
1006             if (!WriteRandomData(path, std::nullopt, &hashes_[name])) {
1007                 return AssertionFailure() << "Unable to write random data to snapshot " << name;
1008             }
1009         }
1010 
1011         // Make sure updates to one device are seen by all devices.
1012         sync();
1013 
1014         return AssertionSuccess() << "Written random data to snapshot " << name
1015                                   << ", hash: " << hashes_[name];
1016     }
1017 
1018     // Generate a snapshot that moves all the upper blocks down to the start.
1019     // It doesn't really matter the order, we just want copies that reference
1020     // blocks that won't exist if the partition shrinks.
ShiftAllSnapshotBlocks(const std::string & name,uint64_t old_size)1021     AssertionResult ShiftAllSnapshotBlocks(const std::string& name, uint64_t old_size) {
1022         std::unique_ptr<ISnapshotWriter> writer;
1023         if (auto res = MapUpdateSnapshot(name, &writer); !res) {
1024             return res;
1025         }
1026         if (!writer->options().max_blocks || !*writer->options().max_blocks) {
1027             return AssertionFailure() << "No max blocks set for " << name << " writer";
1028         }
1029 
1030         uint64_t src_block = (old_size / writer->options().block_size) - 1;
1031         uint64_t dst_block = 0;
1032         uint64_t max_blocks = *writer->options().max_blocks;
1033         while (dst_block < max_blocks && dst_block < src_block) {
1034             if (!writer->AddCopy(dst_block, src_block)) {
1035                 return AssertionFailure() << "Unable to add copy for " << name << " for blocks "
1036                                           << src_block << ", " << dst_block;
1037             }
1038             dst_block++;
1039             src_block--;
1040         }
1041         if (!writer->Finalize()) {
1042             return AssertionFailure() << "Unable to finalize writer for " << name;
1043         }
1044 
1045         auto hash = HashSnapshot(writer.get());
1046         if (hash.empty()) {
1047             return AssertionFailure() << "Unable to hash snapshot writer for " << name;
1048         }
1049         hashes_[name] = hash;
1050 
1051         return AssertionSuccess();
1052     }
1053 
MapUpdateSnapshots(const std::vector<std::string> & names={"sys_b", "vnd_b", "prd_b"})1054     AssertionResult MapUpdateSnapshots(const std::vector<std::string>& names = {"sys_b", "vnd_b",
1055                                                                                 "prd_b"}) {
1056         for (const auto& name : names) {
1057             auto res = MapOneUpdateSnapshot(name);
1058             if (!res) {
1059                 return res;
1060             }
1061         }
1062         return AssertionSuccess();
1063     }
1064 
1065     // Create fake install operations to grow the COW device size.
AddOperation(PartitionUpdate * partition_update,uint64_t size_bytes=0)1066     void AddOperation(PartitionUpdate* partition_update, uint64_t size_bytes = 0) {
1067         auto e = partition_update->add_operations()->add_dst_extents();
1068         e->set_start_block(0);
1069         if (size_bytes == 0) {
1070             size_bytes = GetSize(partition_update);
1071         }
1072         e->set_num_blocks(size_bytes / manifest_.block_size());
1073     }
1074 
AddOperationForPartitions(std::vector<PartitionUpdate * > partitions={})1075     void AddOperationForPartitions(std::vector<PartitionUpdate*> partitions = {}) {
1076         if (partitions.empty()) {
1077             partitions = {sys_, vnd_, prd_};
1078         }
1079         for (auto* partition : partitions) {
1080             AddOperation(partition);
1081         }
1082     }
1083 
1084     std::unique_ptr<TestPartitionOpener> opener_;
1085     DeltaArchiveManifest manifest_;
1086     std::unique_ptr<MetadataBuilder> src_;
1087     std::map<std::string, std::string> hashes_;
1088 
1089     PartitionUpdate* sys_ = nullptr;
1090     PartitionUpdate* vnd_ = nullptr;
1091     PartitionUpdate* prd_ = nullptr;
1092     DynamicPartitionGroup* group_ = nullptr;
1093 };
1094 
1095 // Test full update flow executed by update_engine. Some partitions uses super empty space,
1096 // some uses images, and some uses both.
1097 // Also test UnmapUpdateSnapshot unmaps everything.
1098 // Also test first stage mount and merge after this.
TEST_F(SnapshotUpdateTest,FullUpdateFlow)1099 TEST_F(SnapshotUpdateTest, FullUpdateFlow) {
1100     // OTA client blindly unmaps all partitions that are possibly mapped.
1101     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1102         ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1103     }
1104 
1105     // Grow all partitions. Set |prd| large enough that |sys| and |vnd|'s COWs
1106     // fit in super, but not |prd|.
1107     constexpr uint64_t partition_size = 3788_KiB;
1108     SetSize(sys_, partition_size);
1109     SetSize(vnd_, partition_size);
1110     SetSize(prd_, 18_MiB);
1111 
1112     // Make sure |prd| does not fit in super at all. On VABC, this means we
1113     // fake an extra large COW for |vnd| to fill up super.
1114     vnd_->set_estimate_cow_size(30_MiB);
1115     prd_->set_estimate_cow_size(30_MiB);
1116 
1117     AddOperationForPartitions();
1118 
1119     // Execute the update.
1120     ASSERT_TRUE(sm->BeginUpdate());
1121     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1122 
1123     // Test that partitions prioritize using space in super.
1124     auto tgt = MetadataBuilder::New(*opener_, "super", 1);
1125     ASSERT_NE(tgt, nullptr);
1126     ASSERT_NE(nullptr, tgt->FindPartition("sys_b-cow"));
1127     ASSERT_NE(nullptr, tgt->FindPartition("vnd_b-cow"));
1128     ASSERT_EQ(nullptr, tgt->FindPartition("prd_b-cow"));
1129 
1130     // Write some data to target partitions.
1131     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1132         ASSERT_TRUE(WriteSnapshotAndHash(name));
1133     }
1134 
1135     // Assert that source partitions aren't affected.
1136     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1137         ASSERT_TRUE(IsPartitionUnchanged(name));
1138     }
1139 
1140     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1141 
1142     // Simulate shutting down the device.
1143     ASSERT_TRUE(UnmapAll());
1144 
1145     // After reboot, init does first stage mount.
1146     auto init = NewManagerForFirstStageMount("_b");
1147     ASSERT_NE(init, nullptr);
1148     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1149     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1150 
1151     auto indicator = sm->GetRollbackIndicatorPath();
1152     ASSERT_NE(access(indicator.c_str(), R_OK), 0);
1153 
1154     // Check that the target partitions have the same content.
1155     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1156         ASSERT_TRUE(IsPartitionUnchanged(name));
1157     }
1158 
1159     // Initiate the merge and wait for it to be completed.
1160     ASSERT_TRUE(init->InitiateMerge());
1161     ASSERT_EQ(init->IsSnapuserdRequired(), IsCompressionEnabled());
1162     {
1163         // We should have started in SECOND_PHASE since nothing shrinks.
1164         ASSERT_TRUE(AcquireLock());
1165         auto local_lock = std::move(lock_);
1166         auto status = init->ReadSnapshotUpdateStatus(local_lock.get());
1167         ASSERT_EQ(status.merge_phase(), MergePhase::SECOND_PHASE);
1168     }
1169     ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1170 
1171     // Make sure the second phase ran and deleted snapshots.
1172     {
1173         ASSERT_TRUE(AcquireLock());
1174         auto local_lock = std::move(lock_);
1175         std::vector<std::string> snapshots;
1176         ASSERT_TRUE(init->ListSnapshots(local_lock.get(), &snapshots));
1177         ASSERT_TRUE(snapshots.empty());
1178     }
1179 
1180     // Check that the target partitions have the same content after the merge.
1181     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1182         ASSERT_TRUE(IsPartitionUnchanged(name))
1183                 << "Content of " << name << " changes after the merge";
1184     }
1185 }
1186 
1187 // Test that shrinking and growing partitions at the same time is handled
1188 // correctly in VABC.
TEST_F(SnapshotUpdateTest,SpaceSwapUpdate)1189 TEST_F(SnapshotUpdateTest, SpaceSwapUpdate) {
1190     if (!IsCompressionEnabled()) {
1191         // b/179111359
1192         GTEST_SKIP() << "Skipping Virtual A/B Compression test";
1193     }
1194 
1195     // OTA client blindly unmaps all partitions that are possibly mapped.
1196     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1197         ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1198     }
1199 
1200     auto old_sys_size = GetSize(sys_);
1201     auto old_prd_size = GetSize(prd_);
1202 
1203     // Grow |sys| but shrink |prd|.
1204     SetSize(sys_, old_sys_size * 2);
1205     sys_->set_estimate_cow_size(8_MiB);
1206     SetSize(prd_, old_prd_size / 2);
1207     prd_->set_estimate_cow_size(1_MiB);
1208 
1209     AddOperationForPartitions();
1210 
1211     ASSERT_TRUE(sm->BeginUpdate());
1212     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1213 
1214     // Check that the old partition sizes were saved correctly.
1215     {
1216         ASSERT_TRUE(AcquireLock());
1217         auto local_lock = std::move(lock_);
1218 
1219         SnapshotStatus status;
1220         ASSERT_TRUE(sm->ReadSnapshotStatus(local_lock.get(), "prd_b", &status));
1221         ASSERT_EQ(status.old_partition_size(), 3145728);
1222         ASSERT_TRUE(sm->ReadSnapshotStatus(local_lock.get(), "sys_b", &status));
1223         ASSERT_EQ(status.old_partition_size(), 3145728);
1224     }
1225 
1226     ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1227     ASSERT_TRUE(WriteSnapshotAndHash("vnd_b"));
1228     ASSERT_TRUE(ShiftAllSnapshotBlocks("prd_b", old_prd_size));
1229 
1230     sync();
1231 
1232     // Assert that source partitions aren't affected.
1233     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1234         ASSERT_TRUE(IsPartitionUnchanged(name));
1235     }
1236 
1237     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1238 
1239     // Simulate shutting down the device.
1240     ASSERT_TRUE(UnmapAll());
1241 
1242     // After reboot, init does first stage mount.
1243     auto init = NewManagerForFirstStageMount("_b");
1244     ASSERT_NE(init, nullptr);
1245     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1246     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1247 
1248     auto indicator = sm->GetRollbackIndicatorPath();
1249     ASSERT_NE(access(indicator.c_str(), R_OK), 0);
1250 
1251     // Check that the target partitions have the same content.
1252     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1253         ASSERT_TRUE(IsPartitionUnchanged(name));
1254     }
1255 
1256     // Initiate the merge and wait for it to be completed.
1257     ASSERT_TRUE(init->InitiateMerge());
1258     ASSERT_EQ(init->IsSnapuserdRequired(), IsCompressionEnabled());
1259     {
1260         // Check that the merge phase is FIRST_PHASE until at least one call
1261         // to ProcessUpdateState() occurs.
1262         ASSERT_TRUE(AcquireLock());
1263         auto local_lock = std::move(lock_);
1264         auto status = init->ReadSnapshotUpdateStatus(local_lock.get());
1265         ASSERT_EQ(status.merge_phase(), MergePhase::FIRST_PHASE);
1266     }
1267 
1268     // Simulate shutting down the device and creating partitions again.
1269     ASSERT_TRUE(UnmapAll());
1270     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1271 
1272     // Check that we used the correct types after rebooting mid-merge.
1273     DeviceMapper::TargetInfo target;
1274     ASSERT_TRUE(init->IsSnapshotDevice("prd_b", &target));
1275     ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot-merge");
1276     ASSERT_TRUE(init->IsSnapshotDevice("sys_b", &target));
1277     ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
1278     ASSERT_TRUE(init->IsSnapshotDevice("vnd_b", &target));
1279     ASSERT_EQ(DeviceMapper::GetTargetType(target.spec), "snapshot");
1280 
1281     // Complete the merge.
1282     ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1283 
1284     // Make sure the second phase ran and deleted snapshots.
1285     {
1286         ASSERT_TRUE(AcquireLock());
1287         auto local_lock = std::move(lock_);
1288         std::vector<std::string> snapshots;
1289         ASSERT_TRUE(init->ListSnapshots(local_lock.get(), &snapshots));
1290         ASSERT_TRUE(snapshots.empty());
1291     }
1292 
1293     // Check that the target partitions have the same content after the merge.
1294     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1295         ASSERT_TRUE(IsPartitionUnchanged(name))
1296                 << "Content of " << name << " changes after the merge";
1297     }
1298 }
1299 
1300 // Test that if new system partitions uses empty space in super, that region is not snapshotted.
TEST_F(SnapshotUpdateTest,DirectWriteEmptySpace)1301 TEST_F(SnapshotUpdateTest, DirectWriteEmptySpace) {
1302     GTEST_SKIP() << "b/141889746";
1303     SetSize(sys_, 4_MiB);
1304     // vnd_b and prd_b are unchanged.
1305     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1306     ASSERT_EQ(3_MiB, GetSnapshotSize("sys_b").value_or(0));
1307 }
1308 
1309 // Test that if new system partitions uses space of old vendor partition, that region is
1310 // snapshotted.
TEST_F(SnapshotUpdateTest,SnapshotOldPartitions)1311 TEST_F(SnapshotUpdateTest, SnapshotOldPartitions) {
1312     SetSize(sys_, 4_MiB);  // grows
1313     SetSize(vnd_, 2_MiB);  // shrinks
1314     // prd_b is unchanged
1315     ASSERT_TRUE(sm->BeginUpdate());
1316     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1317     ASSERT_EQ(4_MiB, GetSnapshotSize("sys_b").value_or(0));
1318 }
1319 
1320 // Test that even if there seem to be empty space in target metadata, COW partition won't take
1321 // it because they are used by old partitions.
TEST_F(SnapshotUpdateTest,CowPartitionDoNotTakeOldPartitions)1322 TEST_F(SnapshotUpdateTest, CowPartitionDoNotTakeOldPartitions) {
1323     SetSize(sys_, 2_MiB);  // shrinks
1324     // vnd_b and prd_b are unchanged.
1325     ASSERT_TRUE(sm->BeginUpdate());
1326     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1327 
1328     auto tgt = MetadataBuilder::New(*opener_, "super", 1);
1329     ASSERT_NE(nullptr, tgt);
1330     auto metadata = tgt->Export();
1331     ASSERT_NE(nullptr, metadata);
1332     std::vector<std::string> written;
1333     // Write random data to all COW partitions in super
1334     for (auto p : metadata->partitions) {
1335         if (GetPartitionGroupName(metadata->groups[p.group_index]) != kCowGroupName) {
1336             continue;
1337         }
1338         std::string path;
1339         ASSERT_TRUE(CreateLogicalPartition(
1340                 CreateLogicalPartitionParams{
1341                         .block_device = fake_super,
1342                         .metadata = metadata.get(),
1343                         .partition = &p,
1344                         .timeout_ms = 1s,
1345                         .partition_opener = opener_.get(),
1346                 },
1347                 &path));
1348         ASSERT_TRUE(WriteRandomData(path));
1349         written.push_back(GetPartitionName(p));
1350     }
1351     ASSERT_FALSE(written.empty())
1352             << "No COW partitions are created even if there are empty space in super partition";
1353 
1354     // Make sure source partitions aren't affected.
1355     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1356         ASSERT_TRUE(IsPartitionUnchanged(name));
1357     }
1358 }
1359 
1360 // Test that it crashes after creating snapshot status file but before creating COW image, then
1361 // calling CreateUpdateSnapshots again works.
TEST_F(SnapshotUpdateTest,SnapshotStatusFileWithoutCow)1362 TEST_F(SnapshotUpdateTest, SnapshotStatusFileWithoutCow) {
1363     // Write some trash snapshot files to simulate leftovers from previous runs.
1364     {
1365         ASSERT_TRUE(AcquireLock());
1366         auto local_lock = std::move(lock_);
1367         SnapshotStatus status;
1368         status.set_name("sys_b");
1369         ASSERT_TRUE(sm->WriteSnapshotStatus(local_lock.get(), status));
1370         ASSERT_TRUE(image_manager_->CreateBackingImage("sys_b-cow-img", 1_MiB,
1371                                                        IImageManager::CREATE_IMAGE_DEFAULT));
1372     }
1373 
1374     // Redo the update.
1375     ASSERT_TRUE(sm->BeginUpdate());
1376     ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
1377 
1378     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1379 
1380     // Check that target partitions can be mapped.
1381     EXPECT_TRUE(MapUpdateSnapshots());
1382 }
1383 
1384 // Test that the old partitions are not modified.
TEST_F(SnapshotUpdateTest,TestRollback)1385 TEST_F(SnapshotUpdateTest, TestRollback) {
1386     // Execute the update.
1387     ASSERT_TRUE(sm->BeginUpdate());
1388     ASSERT_TRUE(sm->UnmapUpdateSnapshot("sys_b"));
1389 
1390     AddOperationForPartitions();
1391 
1392     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1393 
1394     // Write some data to target partitions.
1395     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1396         ASSERT_TRUE(WriteSnapshotAndHash(name));
1397     }
1398 
1399     // Assert that source partitions aren't affected.
1400     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1401         ASSERT_TRUE(IsPartitionUnchanged(name));
1402     }
1403 
1404     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1405 
1406     // Simulate shutting down the device.
1407     ASSERT_TRUE(UnmapAll());
1408 
1409     // After reboot, init does first stage mount.
1410     auto init = NewManagerForFirstStageMount("_b");
1411     ASSERT_NE(init, nullptr);
1412     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1413     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1414 
1415     // Check that the target partitions have the same content.
1416     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1417         ASSERT_TRUE(IsPartitionUnchanged(name));
1418     }
1419 
1420     // Simulate shutting down the device again.
1421     ASSERT_TRUE(UnmapAll());
1422     init = NewManagerForFirstStageMount("_a");
1423     ASSERT_NE(init, nullptr);
1424     ASSERT_FALSE(init->NeedSnapshotsInFirstStageMount());
1425     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1426 
1427     // Assert that the source partitions aren't affected.
1428     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1429         ASSERT_TRUE(IsPartitionUnchanged(name));
1430     }
1431 }
1432 
1433 // Test that if an update is applied but not booted into, it can be canceled.
TEST_F(SnapshotUpdateTest,CancelAfterApply)1434 TEST_F(SnapshotUpdateTest, CancelAfterApply) {
1435     ASSERT_TRUE(sm->BeginUpdate());
1436     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1437     ASSERT_TRUE(sm->CancelUpdate());
1438 }
1439 
ToIntervals(const std::vector<std::unique_ptr<Extent>> & extents)1440 static std::vector<Interval> ToIntervals(const std::vector<std::unique_ptr<Extent>>& extents) {
1441     std::vector<Interval> ret;
1442     std::transform(extents.begin(), extents.end(), std::back_inserter(ret),
1443                    [](const auto& extent) { return extent->AsLinearExtent()->AsInterval(); });
1444     return ret;
1445 }
1446 
1447 // Test that at the second update, old COW partition spaces are reclaimed.
TEST_F(SnapshotUpdateTest,ReclaimCow)1448 TEST_F(SnapshotUpdateTest, ReclaimCow) {
1449     // Make sure VABC cows are small enough that they fit in fake_super.
1450     sys_->set_estimate_cow_size(64_KiB);
1451     vnd_->set_estimate_cow_size(64_KiB);
1452     prd_->set_estimate_cow_size(64_KiB);
1453 
1454     // Execute the first update.
1455     ASSERT_TRUE(sm->BeginUpdate());
1456     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1457     ASSERT_TRUE(MapUpdateSnapshots());
1458     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1459 
1460     // Simulate shutting down the device.
1461     ASSERT_TRUE(UnmapAll());
1462 
1463     // After reboot, init does first stage mount.
1464     auto init = NewManagerForFirstStageMount("_b");
1465     ASSERT_NE(init, nullptr);
1466     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1467     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1468     init = nullptr;
1469 
1470     // Initiate the merge and wait for it to be completed.
1471     auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1472     ASSERT_TRUE(new_sm->InitiateMerge());
1473     ASSERT_EQ(UpdateState::MergeCompleted, new_sm->ProcessUpdateState());
1474 
1475     // Execute the second update.
1476     ASSERT_TRUE(new_sm->BeginUpdate());
1477     ASSERT_TRUE(new_sm->CreateUpdateSnapshots(manifest_));
1478 
1479     // Check that the old COW space is reclaimed and does not occupy space of mapped partitions.
1480     auto src = MetadataBuilder::New(*opener_, "super", 1);
1481     ASSERT_NE(src, nullptr);
1482     auto tgt = MetadataBuilder::New(*opener_, "super", 0);
1483     ASSERT_NE(tgt, nullptr);
1484     for (const auto& cow_part_name : {"sys_a-cow", "vnd_a-cow", "prd_a-cow"}) {
1485         auto* cow_part = tgt->FindPartition(cow_part_name);
1486         ASSERT_NE(nullptr, cow_part) << cow_part_name << " does not exist in target metadata";
1487         auto cow_intervals = ToIntervals(cow_part->extents());
1488         for (const auto& old_part_name : {"sys_b", "vnd_b", "prd_b"}) {
1489             auto* old_part = src->FindPartition(old_part_name);
1490             ASSERT_NE(nullptr, old_part) << old_part_name << " does not exist in source metadata";
1491             auto old_intervals = ToIntervals(old_part->extents());
1492 
1493             auto intersect = Interval::Intersect(cow_intervals, old_intervals);
1494             ASSERT_TRUE(intersect.empty()) << "COW uses space of source partitions";
1495         }
1496     }
1497 }
1498 
TEST_F(SnapshotUpdateTest,RetrofitAfterRegularAb)1499 TEST_F(SnapshotUpdateTest, RetrofitAfterRegularAb) {
1500     constexpr auto kRetrofitGroupSize = kGroupSize / 2;
1501 
1502     // Initialize device-mapper / disk
1503     ASSERT_TRUE(UnmapAll());
1504     FormatFakeSuper();
1505 
1506     // Setup source partition metadata to have both _a and _b partitions.
1507     src_ = MetadataBuilder::New(*opener_, "super", 0);
1508     ASSERT_NE(nullptr, src_);
1509     for (const auto& suffix : {"_a"s, "_b"s}) {
1510         ASSERT_TRUE(src_->AddGroup(group_->name() + suffix, kRetrofitGroupSize));
1511         for (const auto& name : {"sys"s, "vnd"s, "prd"s}) {
1512             auto partition = src_->AddPartition(name + suffix, group_->name() + suffix, 0);
1513             ASSERT_NE(nullptr, partition);
1514             ASSERT_TRUE(src_->ResizePartition(partition, 2_MiB));
1515         }
1516     }
1517     auto metadata = src_->Export();
1518     ASSERT_NE(nullptr, metadata);
1519     ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
1520 
1521     // Flash source partitions
1522     std::string path;
1523     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1524         ASSERT_TRUE(CreateLogicalPartition(
1525                 CreateLogicalPartitionParams{
1526                         .block_device = fake_super,
1527                         .metadata_slot = 0,
1528                         .partition_name = name,
1529                         .timeout_ms = 1s,
1530                         .partition_opener = opener_.get(),
1531                 },
1532                 &path));
1533         ASSERT_TRUE(WriteRandomData(path));
1534         auto hash = GetHash(path);
1535         ASSERT_TRUE(hash.has_value());
1536         hashes_[name] = *hash;
1537     }
1538 
1539     // Setup manifest.
1540     group_->set_size(kRetrofitGroupSize);
1541     for (auto* partition : {sys_, vnd_, prd_}) {
1542         SetSize(partition, 2_MiB);
1543     }
1544     AddOperationForPartitions();
1545 
1546     ASSERT_TRUE(sm->BeginUpdate());
1547     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1548 
1549     // Test that COW image should not be created for retrofit devices; super
1550     // should be big enough.
1551     ASSERT_FALSE(image_manager_->BackingImageExists("sys_b-cow-img"));
1552     ASSERT_FALSE(image_manager_->BackingImageExists("vnd_b-cow-img"));
1553     ASSERT_FALSE(image_manager_->BackingImageExists("prd_b-cow-img"));
1554 
1555     // Write some data to target partitions.
1556     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1557         ASSERT_TRUE(WriteSnapshotAndHash(name));
1558     }
1559 
1560     // Assert that source partitions aren't affected.
1561     for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
1562         ASSERT_TRUE(IsPartitionUnchanged(name));
1563     }
1564 
1565     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1566 }
1567 
TEST_F(SnapshotUpdateTest,MergeCannotRemoveCow)1568 TEST_F(SnapshotUpdateTest, MergeCannotRemoveCow) {
1569     // Make source partitions as big as possible to force COW image to be created.
1570     SetSize(sys_, 10_MiB);
1571     SetSize(vnd_, 10_MiB);
1572     SetSize(prd_, 10_MiB);
1573     sys_->set_estimate_cow_size(12_MiB);
1574     vnd_->set_estimate_cow_size(12_MiB);
1575     prd_->set_estimate_cow_size(12_MiB);
1576 
1577     src_ = MetadataBuilder::New(*opener_, "super", 0);
1578     ASSERT_NE(src_, nullptr);
1579     src_->RemoveGroupAndPartitions(group_->name() + "_a");
1580     src_->RemoveGroupAndPartitions(group_->name() + "_b");
1581     ASSERT_TRUE(FillFakeMetadata(src_.get(), manifest_, "_a"));
1582     auto metadata = src_->Export();
1583     ASSERT_NE(nullptr, metadata);
1584     ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *metadata.get(), 0));
1585 
1586     // OTA client blindly unmaps all partitions that are possibly mapped.
1587     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1588         ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
1589     }
1590 
1591     // Add operations for sys. The whole device is written.
1592     AddOperation(sys_);
1593 
1594     // Execute the update.
1595     ASSERT_TRUE(sm->BeginUpdate());
1596     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1597     ASSERT_TRUE(MapUpdateSnapshots());
1598     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1599 
1600     // Simulate shutting down the device.
1601     ASSERT_TRUE(UnmapAll());
1602 
1603     // After reboot, init does first stage mount.
1604     // Normally we should use NewManagerForFirstStageMount, but if so,
1605     // "gsid.mapped_image.sys_b-cow-img" won't be set.
1606     auto init = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1607     ASSERT_NE(init, nullptr);
1608     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1609 
1610     // Keep an open handle to the cow device. This should cause the merge to
1611     // be incomplete.
1612     auto cow_path = android::base::GetProperty("gsid.mapped_image.sys_b-cow-img", "");
1613     unique_fd fd(open(cow_path.c_str(), O_RDONLY | O_CLOEXEC));
1614     ASSERT_GE(fd, 0);
1615 
1616     // COW cannot be removed due to open fd, so expect a soft failure.
1617     ASSERT_TRUE(init->InitiateMerge());
1618     ASSERT_EQ(UpdateState::MergeNeedsReboot, init->ProcessUpdateState());
1619 
1620     // Simulate shutting down the device.
1621     fd.reset();
1622     ASSERT_TRUE(UnmapAll());
1623 
1624     // init does first stage mount again.
1625     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1626 
1627     // sys_b should be mapped as a dm-linear device directly.
1628     ASSERT_FALSE(sm->IsSnapshotDevice("sys_b", nullptr));
1629 
1630     // Merge should be able to complete now.
1631     ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState());
1632 }
1633 
1634 class MetadataMountedTest : public ::testing::Test {
1635   public:
1636     // This is so main() can instantiate this to invoke Cleanup.
TestBody()1637     virtual void TestBody() override {}
SetUp()1638     void SetUp() override {
1639         SKIP_IF_NON_VIRTUAL_AB();
1640         metadata_dir_ = test_device->GetMetadataDir();
1641         ASSERT_TRUE(ReadDefaultFstab(&fstab_));
1642     }
TearDown()1643     void TearDown() override {
1644         RETURN_IF_NON_VIRTUAL_AB();
1645         SetUp();
1646         // Remount /metadata
1647         test_device->set_recovery(false);
1648         EXPECT_TRUE(android::fs_mgr::EnsurePathMounted(&fstab_, metadata_dir_));
1649     }
IsMetadataMounted()1650     AssertionResult IsMetadataMounted() {
1651         Fstab mounted_fstab;
1652         if (!ReadFstabFromFile("/proc/mounts", &mounted_fstab)) {
1653             ADD_FAILURE() << "Failed to scan mounted volumes";
1654             return AssertionFailure() << "Failed to scan mounted volumes";
1655         }
1656 
1657         auto entry = GetEntryForPath(&fstab_, metadata_dir_);
1658         if (entry == nullptr) {
1659             return AssertionFailure() << "No mount point found in fstab for path " << metadata_dir_;
1660         }
1661 
1662         auto mv = GetEntryForMountPoint(&mounted_fstab, entry->mount_point);
1663         if (mv == nullptr) {
1664             return AssertionFailure() << metadata_dir_ << " is not mounted";
1665         }
1666         return AssertionSuccess() << metadata_dir_ << " is mounted";
1667     }
1668     std::string metadata_dir_;
1669     Fstab fstab_;
1670 };
1671 
MountMetadata()1672 void MountMetadata() {
1673     MetadataMountedTest().TearDown();
1674 }
1675 
TEST_F(MetadataMountedTest,Android)1676 TEST_F(MetadataMountedTest, Android) {
1677     auto device = sm->EnsureMetadataMounted();
1678     EXPECT_NE(nullptr, device);
1679     device.reset();
1680 
1681     EXPECT_TRUE(IsMetadataMounted());
1682     EXPECT_TRUE(sm->CancelUpdate()) << "Metadata dir should never be unmounted in Android mode";
1683 }
1684 
TEST_F(MetadataMountedTest,Recovery)1685 TEST_F(MetadataMountedTest, Recovery) {
1686     test_device->set_recovery(true);
1687     metadata_dir_ = test_device->GetMetadataDir();
1688 
1689     EXPECT_TRUE(android::fs_mgr::EnsurePathUnmounted(&fstab_, metadata_dir_));
1690     EXPECT_FALSE(IsMetadataMounted());
1691 
1692     auto device = sm->EnsureMetadataMounted();
1693     EXPECT_NE(nullptr, device);
1694     EXPECT_TRUE(IsMetadataMounted());
1695 
1696     device.reset();
1697     EXPECT_FALSE(IsMetadataMounted());
1698 }
1699 
1700 // Test that during a merge, we can wipe data in recovery.
TEST_F(SnapshotUpdateTest,MergeInRecovery)1701 TEST_F(SnapshotUpdateTest, MergeInRecovery) {
1702     // Execute the first update.
1703     ASSERT_TRUE(sm->BeginUpdate());
1704     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1705     ASSERT_TRUE(MapUpdateSnapshots());
1706     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1707 
1708     // Simulate shutting down the device.
1709     ASSERT_TRUE(UnmapAll());
1710 
1711     // After reboot, init does first stage mount.
1712     auto init = NewManagerForFirstStageMount("_b");
1713     ASSERT_NE(init, nullptr);
1714     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1715     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1716     init = nullptr;
1717 
1718     // Initiate the merge and then immediately stop it to simulate a reboot.
1719     auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1720     ASSERT_TRUE(new_sm->InitiateMerge());
1721     ASSERT_TRUE(UnmapAll());
1722 
1723     // Simulate a reboot into recovery.
1724     auto test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1725     test_device->set_recovery(true);
1726     new_sm = NewManagerForFirstStageMount(test_device.release());
1727 
1728     ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1729     ASSERT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1730 }
1731 
1732 // Test that a merge does not clear the snapshot state in fastboot.
TEST_F(SnapshotUpdateTest,MergeInFastboot)1733 TEST_F(SnapshotUpdateTest, MergeInFastboot) {
1734     // Execute the first update.
1735     ASSERT_TRUE(sm->BeginUpdate());
1736     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1737     ASSERT_TRUE(MapUpdateSnapshots());
1738     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1739 
1740     // Simulate shutting down the device.
1741     ASSERT_TRUE(UnmapAll());
1742 
1743     // After reboot, init does first stage mount.
1744     auto init = NewManagerForFirstStageMount("_b");
1745     ASSERT_NE(init, nullptr);
1746     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1747     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1748     init = nullptr;
1749 
1750     // Initiate the merge and then immediately stop it to simulate a reboot.
1751     auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, "_b"));
1752     ASSERT_TRUE(new_sm->InitiateMerge());
1753     ASSERT_TRUE(UnmapAll());
1754 
1755     // Simulate a reboot into recovery.
1756     auto test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1757     test_device->set_recovery(true);
1758     new_sm = NewManagerForFirstStageMount(test_device.release());
1759 
1760     ASSERT_TRUE(new_sm->FinishMergeInRecovery());
1761 
1762     auto mount = new_sm->EnsureMetadataMounted();
1763     ASSERT_TRUE(mount && mount->HasDevice());
1764     ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::MergeCompleted);
1765 
1766     // Finish the merge in a normal boot.
1767     test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1768     init = NewManagerForFirstStageMount(test_device.release());
1769     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1770     init = nullptr;
1771 
1772     test_device = std::make_unique<TestDeviceInfo>(fake_super, "_b");
1773     new_sm = NewManagerForFirstStageMount(test_device.release());
1774     ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::MergeCompleted);
1775     ASSERT_EQ(new_sm->ProcessUpdateState(), UpdateState::None);
1776 }
1777 
1778 // Test that after an OTA, before a merge, we can wipe data in recovery.
TEST_F(SnapshotUpdateTest,DataWipeRollbackInRecovery)1779 TEST_F(SnapshotUpdateTest, DataWipeRollbackInRecovery) {
1780     // Execute the first update.
1781     ASSERT_TRUE(sm->BeginUpdate());
1782     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1783     ASSERT_TRUE(MapUpdateSnapshots());
1784     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1785 
1786     // Simulate shutting down the device.
1787     ASSERT_TRUE(UnmapAll());
1788 
1789     // Simulate a reboot into recovery.
1790     auto test_device = new TestDeviceInfo(fake_super, "_b");
1791     test_device->set_recovery(true);
1792     auto new_sm = NewManagerForFirstStageMount(test_device);
1793 
1794     ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1795     // Manually mount metadata so that we can call GetUpdateState() below.
1796     MountMetadata();
1797     EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1798     EXPECT_TRUE(test_device->IsSlotUnbootable(1));
1799     EXPECT_FALSE(test_device->IsSlotUnbootable(0));
1800 }
1801 
1802 // Test that after an OTA and a bootloader rollback with no merge, we can wipe
1803 // data in recovery.
TEST_F(SnapshotUpdateTest,DataWipeAfterRollback)1804 TEST_F(SnapshotUpdateTest, DataWipeAfterRollback) {
1805     // Execute the first update.
1806     ASSERT_TRUE(sm->BeginUpdate());
1807     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1808     ASSERT_TRUE(MapUpdateSnapshots());
1809     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1810 
1811     // Simulate shutting down the device.
1812     ASSERT_TRUE(UnmapAll());
1813 
1814     // Simulate a rollback, with reboot into recovery.
1815     auto test_device = new TestDeviceInfo(fake_super, "_a");
1816     test_device->set_recovery(true);
1817     auto new_sm = NewManagerForFirstStageMount(test_device);
1818 
1819     ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1820     EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1821     EXPECT_FALSE(test_device->IsSlotUnbootable(0));
1822     EXPECT_FALSE(test_device->IsSlotUnbootable(1));
1823 }
1824 
1825 // Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest,DataWipeRequiredInPackage)1826 TEST_F(SnapshotUpdateTest, DataWipeRequiredInPackage) {
1827     AddOperationForPartitions();
1828     // Execute the update.
1829     ASSERT_TRUE(sm->BeginUpdate());
1830     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1831 
1832     // Write some data to target partitions.
1833     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1834         ASSERT_TRUE(WriteSnapshotAndHash(name)) << name;
1835     }
1836 
1837     ASSERT_TRUE(sm->FinishedSnapshotWrites(true /* wipe */));
1838 
1839     // Simulate shutting down the device.
1840     ASSERT_TRUE(UnmapAll());
1841 
1842     // Simulate a reboot into recovery.
1843     auto test_device = new TestDeviceInfo(fake_super, "_b");
1844     test_device->set_recovery(true);
1845     auto new_sm = NewManagerForFirstStageMount(test_device);
1846 
1847     ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1848     // Manually mount metadata so that we can call GetUpdateState() below.
1849     MountMetadata();
1850     EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1851     ASSERT_FALSE(test_device->IsSlotUnbootable(1));
1852     ASSERT_FALSE(test_device->IsSlotUnbootable(0));
1853 
1854     // Now reboot into new slot.
1855     test_device = new TestDeviceInfo(fake_super, "_b");
1856     auto init = NewManagerForFirstStageMount(test_device);
1857     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1858     // Verify that we are on the downgraded build.
1859     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1860         ASSERT_TRUE(IsPartitionUnchanged(name)) << name;
1861     }
1862 }
1863 
1864 // Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest,DataWipeWithStaleSnapshots)1865 TEST_F(SnapshotUpdateTest, DataWipeWithStaleSnapshots) {
1866     AddOperationForPartitions();
1867 
1868     // Execute the update.
1869     ASSERT_TRUE(sm->BeginUpdate());
1870     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1871 
1872     // Write some data to target partitions.
1873     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1874         ASSERT_TRUE(WriteSnapshotAndHash(name)) << name;
1875     }
1876 
1877     // Create a stale snapshot that should not exist.
1878     {
1879         ASSERT_TRUE(AcquireLock());
1880 
1881         PartitionCowCreator cow_creator = {
1882                 .compression_enabled = IsCompressionEnabled(),
1883                 .compression_algorithm = IsCompressionEnabled() ? "gz" : "none",
1884         };
1885         SnapshotStatus status;
1886         status.set_name("sys_a");
1887         status.set_device_size(1_MiB);
1888         status.set_snapshot_size(2_MiB);
1889         status.set_cow_partition_size(2_MiB);
1890 
1891         ASSERT_TRUE(sm->CreateSnapshot(lock_.get(), &cow_creator, &status));
1892         lock_ = nullptr;
1893 
1894         ASSERT_TRUE(sm->EnsureImageManager());
1895         ASSERT_TRUE(sm->image_manager()->CreateBackingImage("sys_a", 1_MiB, 0));
1896     }
1897 
1898     ASSERT_TRUE(sm->FinishedSnapshotWrites(true /* wipe */));
1899 
1900     // Simulate shutting down the device.
1901     ASSERT_TRUE(UnmapAll());
1902 
1903     // Simulate a reboot into recovery.
1904     auto test_device = new TestDeviceInfo(fake_super, "_b");
1905     test_device->set_recovery(true);
1906     auto new_sm = NewManagerForFirstStageMount(test_device);
1907 
1908     ASSERT_TRUE(new_sm->HandleImminentDataWipe());
1909     // Manually mount metadata so that we can call GetUpdateState() below.
1910     MountMetadata();
1911     EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
1912     ASSERT_FALSE(test_device->IsSlotUnbootable(1));
1913     ASSERT_FALSE(test_device->IsSlotUnbootable(0));
1914 
1915     // Now reboot into new slot.
1916     test_device = new TestDeviceInfo(fake_super, "_b");
1917     auto init = NewManagerForFirstStageMount(test_device);
1918     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1919     // Verify that we are on the downgraded build.
1920     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
1921         ASSERT_TRUE(IsPartitionUnchanged(name)) << name;
1922     }
1923 }
1924 
TEST_F(SnapshotUpdateTest,Hashtree)1925 TEST_F(SnapshotUpdateTest, Hashtree) {
1926     constexpr auto partition_size = 4_MiB;
1927     constexpr auto data_size = 3_MiB;
1928     constexpr auto hashtree_size = 512_KiB;
1929     constexpr auto fec_size = partition_size - data_size - hashtree_size;
1930 
1931     const auto block_size = manifest_.block_size();
1932     SetSize(sys_, partition_size);
1933     AddOperation(sys_, data_size);
1934 
1935     sys_->set_estimate_cow_size(partition_size + data_size);
1936 
1937     // Set hastree extents.
1938     sys_->mutable_hash_tree_data_extent()->set_start_block(0);
1939     sys_->mutable_hash_tree_data_extent()->set_num_blocks(data_size / block_size);
1940 
1941     sys_->mutable_hash_tree_extent()->set_start_block(data_size / block_size);
1942     sys_->mutable_hash_tree_extent()->set_num_blocks(hashtree_size / block_size);
1943 
1944     // Set FEC extents.
1945     sys_->mutable_fec_data_extent()->set_start_block(0);
1946     sys_->mutable_fec_data_extent()->set_num_blocks((data_size + hashtree_size) / block_size);
1947 
1948     sys_->mutable_fec_extent()->set_start_block((data_size + hashtree_size) / block_size);
1949     sys_->mutable_fec_extent()->set_num_blocks(fec_size / block_size);
1950 
1951     ASSERT_TRUE(sm->BeginUpdate());
1952     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1953 
1954     // Map and write some data to target partition.
1955     ASSERT_TRUE(MapUpdateSnapshots({"vnd_b", "prd_b"}));
1956     ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1957 
1958     // Finish update.
1959     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
1960 
1961     // Simulate shutting down the device.
1962     ASSERT_TRUE(UnmapAll());
1963 
1964     // After reboot, init does first stage mount.
1965     auto init = NewManagerForFirstStageMount("_b");
1966     ASSERT_NE(init, nullptr);
1967     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
1968     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
1969 
1970     // Check that the target partition have the same content. Hashtree and FEC extents
1971     // should be accounted for.
1972     ASSERT_TRUE(IsPartitionUnchanged("sys_b"));
1973 }
1974 
1975 // Test for overflow bit after update
TEST_F(SnapshotUpdateTest,Overflow)1976 TEST_F(SnapshotUpdateTest, Overflow) {
1977     if (IsCompressionEnabled()) {
1978         GTEST_SKIP() << "No overflow bit set for userspace COWs";
1979     }
1980 
1981     const auto actual_write_size = GetSize(sys_);
1982     const auto declared_write_size = actual_write_size - 1_MiB;
1983 
1984     AddOperation(sys_, declared_write_size);
1985 
1986     // Execute the update.
1987     ASSERT_TRUE(sm->BeginUpdate());
1988     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
1989 
1990     // Map and write some data to target partitions.
1991     ASSERT_TRUE(MapUpdateSnapshots({"vnd_b", "prd_b"}));
1992     ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
1993 
1994     std::vector<android::dm::DeviceMapper::TargetInfo> table;
1995     ASSERT_TRUE(DeviceMapper::Instance().GetTableStatus("sys_b", &table));
1996     ASSERT_EQ(1u, table.size());
1997     EXPECT_TRUE(table[0].IsOverflowSnapshot());
1998 
1999     ASSERT_FALSE(sm->FinishedSnapshotWrites(false))
2000             << "FinishedSnapshotWrites should detect overflow of CoW device.";
2001 }
2002 
TEST_F(SnapshotUpdateTest,LowSpace)2003 TEST_F(SnapshotUpdateTest, LowSpace) {
2004     static constexpr auto kMaxFree = 10_MiB;
2005     auto userdata = std::make_unique<LowSpaceUserdata>();
2006     ASSERT_TRUE(userdata->Init(kMaxFree));
2007 
2008     // Grow all partitions to 10_MiB, total 30_MiB. This requires 30 MiB of CoW space. After
2009     // using the empty space in super (< 1 MiB), it uses 30 MiB of /userdata space.
2010     constexpr uint64_t partition_size = 10_MiB;
2011     SetSize(sys_, partition_size);
2012     SetSize(vnd_, partition_size);
2013     SetSize(prd_, partition_size);
2014     sys_->set_estimate_cow_size(partition_size);
2015     vnd_->set_estimate_cow_size(partition_size);
2016     prd_->set_estimate_cow_size(partition_size);
2017 
2018     AddOperationForPartitions();
2019 
2020     // Execute the update.
2021     ASSERT_TRUE(sm->BeginUpdate());
2022     auto res = sm->CreateUpdateSnapshots(manifest_);
2023     ASSERT_FALSE(res);
2024     ASSERT_EQ(Return::ErrorCode::NO_SPACE, res.error_code());
2025     ASSERT_GE(res.required_size(), 14_MiB);
2026     ASSERT_LT(res.required_size(), 40_MiB);
2027 }
2028 
2029 class AutoKill final {
2030   public:
AutoKill(pid_t pid)2031     explicit AutoKill(pid_t pid) : pid_(pid) {}
~AutoKill()2032     ~AutoKill() {
2033         if (pid_ > 0) kill(pid_, SIGKILL);
2034     }
2035 
valid() const2036     bool valid() const { return pid_ > 0; }
2037 
2038   private:
2039     pid_t pid_;
2040 };
2041 
TEST_F(SnapshotUpdateTest,DaemonTransition)2042 TEST_F(SnapshotUpdateTest, DaemonTransition) {
2043     if (!IsCompressionEnabled()) {
2044         GTEST_SKIP() << "Skipping Virtual A/B Compression test";
2045     }
2046 
2047     // Ensure a connection to the second-stage daemon, but use the first-stage
2048     // code paths thereafter.
2049     ASSERT_TRUE(sm->EnsureSnapuserdConnected());
2050     sm->set_use_first_stage_snapuserd(true);
2051 
2052     AddOperationForPartitions();
2053     // Execute the update.
2054     ASSERT_TRUE(sm->BeginUpdate());
2055     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2056     ASSERT_TRUE(MapUpdateSnapshots());
2057     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2058     ASSERT_TRUE(UnmapAll());
2059 
2060     auto init = NewManagerForFirstStageMount("_b");
2061     ASSERT_NE(init, nullptr);
2062 
2063     ASSERT_TRUE(init->EnsureSnapuserdConnected());
2064     init->set_use_first_stage_snapuserd(true);
2065 
2066     ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
2067     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
2068 
2069     ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow-init", F_OK), 0);
2070     ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), -1);
2071 
2072     ASSERT_TRUE(init->PerformInitTransition(SnapshotManager::InitTransition::SECOND_STAGE));
2073 
2074     // :TODO: this is a workaround to ensure the handler list stays empty. We
2075     // should make this test more like actual init, and spawn two copies of
2076     // snapuserd, given how many other tests we now have for normal snapuserd.
2077     ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("sys_b-user-cow-init"));
2078     ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("vnd_b-user-cow-init"));
2079     ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete("prd_b-user-cow-init"));
2080 
2081     // The control device should have been renamed.
2082     ASSERT_TRUE(android::fs_mgr::WaitForFileDeleted("/dev/dm-user/sys_b-user-cow-init", 10s));
2083     ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), 0);
2084 }
2085 
TEST_F(SnapshotUpdateTest,MapAllSnapshots)2086 TEST_F(SnapshotUpdateTest, MapAllSnapshots) {
2087     AddOperationForPartitions();
2088     // Execute the update.
2089     ASSERT_TRUE(sm->BeginUpdate());
2090     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2091     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
2092         ASSERT_TRUE(WriteSnapshotAndHash(name));
2093     }
2094     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2095     ASSERT_TRUE(sm->MapAllSnapshots(10s));
2096 
2097     // Read bytes back and verify they match the cache.
2098     ASSERT_TRUE(IsPartitionUnchanged("sys_b"));
2099 
2100     ASSERT_TRUE(sm->UnmapAllSnapshots());
2101 }
2102 
TEST_F(SnapshotUpdateTest,CancelOnTargetSlot)2103 TEST_F(SnapshotUpdateTest, CancelOnTargetSlot) {
2104     AddOperationForPartitions();
2105 
2106     // Execute the update from B->A.
2107     test_device->set_slot_suffix("_b");
2108     ASSERT_TRUE(sm->BeginUpdate());
2109     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2110 
2111     std::string path;
2112     ASSERT_TRUE(CreateLogicalPartition(
2113             CreateLogicalPartitionParams{
2114                     .block_device = fake_super,
2115                     .metadata_slot = 0,
2116                     .partition_name = "sys_a",
2117                     .timeout_ms = 1s,
2118                     .partition_opener = opener_.get(),
2119             },
2120             &path));
2121 
2122     // Hold sys_a open so it can't be unmapped.
2123     unique_fd fd(open(path.c_str(), O_RDONLY));
2124 
2125     // Switch back to "A", make sure we can cancel. Instead of unmapping sys_a
2126     // we should simply delete the old snapshots.
2127     test_device->set_slot_suffix("_a");
2128     ASSERT_TRUE(sm->BeginUpdate());
2129 }
2130 
2131 class FlashAfterUpdateTest : public SnapshotUpdateTest,
2132                              public WithParamInterface<std::tuple<uint32_t, bool>> {
2133   public:
InitiateMerge(const std::string & slot_suffix)2134     AssertionResult InitiateMerge(const std::string& slot_suffix) {
2135         auto sm = SnapshotManager::New(new TestDeviceInfo(fake_super, slot_suffix));
2136         if (!sm->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_)) {
2137             return AssertionFailure() << "Cannot CreateLogicalAndSnapshotPartitions";
2138         }
2139         if (!sm->InitiateMerge()) {
2140             return AssertionFailure() << "Cannot initiate merge";
2141         }
2142         return AssertionSuccess();
2143     }
2144 };
2145 
TEST_P(FlashAfterUpdateTest,FlashSlotAfterUpdate)2146 TEST_P(FlashAfterUpdateTest, FlashSlotAfterUpdate) {
2147     // OTA client blindly unmaps all partitions that are possibly mapped.
2148     for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
2149         ASSERT_TRUE(sm->UnmapUpdateSnapshot(name));
2150     }
2151 
2152     // Execute the update.
2153     ASSERT_TRUE(sm->BeginUpdate());
2154     ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
2155     ASSERT_TRUE(MapUpdateSnapshots());
2156     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
2157 
2158     // Simulate shutting down the device.
2159     ASSERT_TRUE(UnmapAll());
2160 
2161     bool after_merge = std::get<1>(GetParam());
2162     if (after_merge) {
2163         ASSERT_TRUE(InitiateMerge("_b"));
2164         // Simulate shutting down the device after merge has initiated.
2165         ASSERT_TRUE(UnmapAll());
2166     }
2167 
2168     auto flashed_slot = std::get<0>(GetParam());
2169     auto flashed_slot_suffix = SlotSuffixForSlotNumber(flashed_slot);
2170 
2171     // Simulate flashing |flashed_slot|. This clears the UPDATED flag.
2172     auto flashed_builder = MetadataBuilder::New(*opener_, "super", flashed_slot);
2173     ASSERT_NE(flashed_builder, nullptr);
2174     flashed_builder->RemoveGroupAndPartitions(group_->name() + flashed_slot_suffix);
2175     flashed_builder->RemoveGroupAndPartitions(kCowGroupName);
2176     ASSERT_TRUE(FillFakeMetadata(flashed_builder.get(), manifest_, flashed_slot_suffix));
2177 
2178     // Deliberately remove a partition from this build so that
2179     // InitiateMerge do not switch state to "merging". This is possible in
2180     // practice because the list of dynamic partitions may change.
2181     ASSERT_NE(nullptr, flashed_builder->FindPartition("prd" + flashed_slot_suffix));
2182     flashed_builder->RemovePartition("prd" + flashed_slot_suffix);
2183 
2184     // Note that fastbootd always updates the partition table of both slots.
2185     auto flashed_metadata = flashed_builder->Export();
2186     ASSERT_NE(nullptr, flashed_metadata);
2187     ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *flashed_metadata, 0));
2188     ASSERT_TRUE(UpdatePartitionTable(*opener_, "super", *flashed_metadata, 1));
2189 
2190     std::string path;
2191     for (const auto& name : {"sys", "vnd"}) {
2192         ASSERT_TRUE(CreateLogicalPartition(
2193                 CreateLogicalPartitionParams{
2194                         .block_device = fake_super,
2195                         .metadata_slot = flashed_slot,
2196                         .partition_name = name + flashed_slot_suffix,
2197                         .timeout_ms = 1s,
2198                         .partition_opener = opener_.get(),
2199                 },
2200                 &path));
2201         ASSERT_TRUE(WriteRandomData(path));
2202         auto hash = GetHash(path);
2203         ASSERT_TRUE(hash.has_value());
2204         hashes_[name + flashed_slot_suffix] = *hash;
2205     }
2206 
2207     // Simulate shutting down the device after flash.
2208     ASSERT_TRUE(UnmapAll());
2209 
2210     // Simulate reboot. After reboot, init does first stage mount.
2211     auto init = NewManagerForFirstStageMount(flashed_slot_suffix);
2212     ASSERT_NE(init, nullptr);
2213 
2214     if (flashed_slot && after_merge) {
2215         ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
2216     }
2217     ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
2218 
2219     // Check that the target partitions have the same content.
2220     for (const auto& name : {"sys", "vnd"}) {
2221         ASSERT_TRUE(IsPartitionUnchanged(name + flashed_slot_suffix));
2222     }
2223 
2224     // There should be no snapshot to merge.
2225     auto new_sm = SnapshotManager::New(new TestDeviceInfo(fake_super, flashed_slot_suffix));
2226     if (flashed_slot == 0 && after_merge) {
2227         ASSERT_EQ(UpdateState::MergeCompleted, new_sm->ProcessUpdateState());
2228     } else {
2229         // update_engine calls ProcessUpdateState first -- should see Cancelled.
2230         ASSERT_EQ(UpdateState::Cancelled, new_sm->ProcessUpdateState());
2231     }
2232 
2233     // Next OTA calls CancelUpdate no matter what.
2234     ASSERT_TRUE(new_sm->CancelUpdate());
2235 }
2236 
2237 INSTANTIATE_TEST_SUITE_P(Snapshot, FlashAfterUpdateTest, Combine(Values(0, 1), Bool()),
__anon4de4482e0602(const TestParamInfo<FlashAfterUpdateTest::ParamType>& info) 2238                          [](const TestParamInfo<FlashAfterUpdateTest::ParamType>& info) {
2239                              return "Flash"s + (std::get<0>(info.param) ? "New"s : "Old"s) +
2240                                     "Slot"s + (std::get<1>(info.param) ? "After"s : "Before"s) +
2241                                     "Merge"s;
2242                          });
2243 
2244 // Test behavior of ImageManager::Create on low space scenario. These tests assumes image manager
2245 // uses /data as backup device.
2246 class ImageManagerTest : public SnapshotTest, public WithParamInterface<uint64_t> {
2247   protected:
SetUp()2248     void SetUp() override {
2249         SKIP_IF_NON_VIRTUAL_AB();
2250         SnapshotTest::SetUp();
2251         userdata_ = std::make_unique<LowSpaceUserdata>();
2252         ASSERT_TRUE(userdata_->Init(GetParam()));
2253     }
TearDown()2254     void TearDown() override {
2255         RETURN_IF_NON_VIRTUAL_AB();
2256         return;  // BUG(149738928)
2257 
2258         EXPECT_TRUE(!image_manager_->BackingImageExists(kImageName) ||
2259                     image_manager_->DeleteBackingImage(kImageName));
2260     }
2261     static constexpr const char* kImageName = "my_image";
2262     std::unique_ptr<LowSpaceUserdata> userdata_;
2263 };
2264 
TEST_P(ImageManagerTest,CreateImageEnoughAvailSpace)2265 TEST_P(ImageManagerTest, CreateImageEnoughAvailSpace) {
2266     if (userdata_->available_space() == 0) {
2267         GTEST_SKIP() << "/data is full (" << userdata_->available_space()
2268                      << " bytes available), skipping";
2269     }
2270     ASSERT_TRUE(image_manager_->CreateBackingImage(kImageName, userdata_->available_space(),
2271                                                    IImageManager::CREATE_IMAGE_DEFAULT))
2272             << "Should be able to create image with size = " << userdata_->available_space()
2273             << " bytes";
2274     ASSERT_TRUE(image_manager_->DeleteBackingImage(kImageName))
2275             << "Should be able to delete created image";
2276 }
2277 
TEST_P(ImageManagerTest,CreateImageNoSpace)2278 TEST_P(ImageManagerTest, CreateImageNoSpace) {
2279     uint64_t to_allocate = userdata_->free_space() + userdata_->bsize();
2280     auto res = image_manager_->CreateBackingImage(kImageName, to_allocate,
2281                                                   IImageManager::CREATE_IMAGE_DEFAULT);
2282     ASSERT_FALSE(res) << "Should not be able to create image with size = " << to_allocate
2283                       << " bytes because only " << userdata_->free_space() << " bytes are free";
2284     ASSERT_EQ(FiemapStatus::ErrorCode::NO_SPACE, res.error_code()) << res.string();
2285 }
2286 
ImageManagerTestParams()2287 std::vector<uint64_t> ImageManagerTestParams() {
2288     std::vector<uint64_t> ret;
2289     for (uint64_t size = 1_MiB; size <= 512_MiB; size *= 2) {
2290         ret.push_back(size);
2291     }
2292     return ret;
2293 }
2294 
2295 INSTANTIATE_TEST_SUITE_P(ImageManagerTest, ImageManagerTest, ValuesIn(ImageManagerTestParams()));
2296 
Mkdir(const std::string & path)2297 bool Mkdir(const std::string& path) {
2298     if (mkdir(path.c_str(), 0700) && errno != EEXIST) {
2299         std::cerr << "Could not mkdir " << path << ": " << strerror(errno) << std::endl;
2300         return false;
2301     }
2302     return true;
2303 }
2304 
2305 class SnapshotTestEnvironment : public ::testing::Environment {
2306   public:
~SnapshotTestEnvironment()2307     ~SnapshotTestEnvironment() override {}
2308     void SetUp() override;
2309     void TearDown() override;
2310 
2311   private:
2312     bool CreateFakeSuper();
2313 
2314     std::unique_ptr<IImageManager> super_images_;
2315 };
2316 
CreateFakeSuper()2317 bool SnapshotTestEnvironment::CreateFakeSuper() {
2318     // Create and map the fake super partition.
2319     static constexpr int kImageFlags =
2320             IImageManager::CREATE_IMAGE_DEFAULT | IImageManager::CREATE_IMAGE_ZERO_FILL;
2321     if (!super_images_->CreateBackingImage("fake-super", kSuperSize, kImageFlags)) {
2322         LOG(ERROR) << "Could not create fake super partition";
2323         return false;
2324     }
2325     if (!super_images_->MapImageDevice("fake-super", 10s, &fake_super)) {
2326         LOG(ERROR) << "Could not map fake super partition";
2327         return false;
2328     }
2329     test_device->set_fake_super(fake_super);
2330     return true;
2331 }
2332 
SetUp()2333 void SnapshotTestEnvironment::SetUp() {
2334     // b/163082876: GTEST_SKIP in Environment will make atest report incorrect results. Until
2335     // that is fixed, don't call GTEST_SKIP here, but instead call GTEST_SKIP in individual test
2336     // suites.
2337     RETURN_IF_NON_VIRTUAL_AB_MSG("Virtual A/B is not enabled, skipping global setup.\n");
2338 
2339     std::vector<std::string> paths = {
2340             // clang-format off
2341             "/data/gsi/ota/test",
2342             "/data/gsi/ota/test/super",
2343             "/metadata/gsi/ota/test",
2344             "/metadata/gsi/ota/test/super",
2345             "/metadata/ota/test",
2346             "/metadata/ota/test/snapshots",
2347             // clang-format on
2348     };
2349     for (const auto& path : paths) {
2350         ASSERT_TRUE(Mkdir(path));
2351     }
2352 
2353     // Create this once, otherwise, gsid will start/stop between each test.
2354     test_device = new TestDeviceInfo();
2355     sm = SnapshotManager::New(test_device);
2356     ASSERT_NE(nullptr, sm) << "Could not create snapshot manager";
2357 
2358     // Use a separate image manager for our fake super partition.
2359     super_images_ = IImageManager::Open("ota/test/super", 10s);
2360     ASSERT_NE(nullptr, super_images_) << "Could not create image manager";
2361 
2362     // Map the old image if one exists so we can safely unmap everything that
2363     // depends on it.
2364     bool recreate_fake_super;
2365     if (super_images_->BackingImageExists("fake-super")) {
2366         if (super_images_->IsImageMapped("fake-super")) {
2367             ASSERT_TRUE(super_images_->GetMappedImageDevice("fake-super", &fake_super));
2368         } else {
2369             ASSERT_TRUE(super_images_->MapImageDevice("fake-super", 10s, &fake_super));
2370         }
2371         test_device->set_fake_super(fake_super);
2372         recreate_fake_super = true;
2373     } else {
2374         ASSERT_TRUE(CreateFakeSuper());
2375         recreate_fake_super = false;
2376     }
2377 
2378     // Clean up previous run.
2379     MetadataMountedTest().TearDown();
2380     SnapshotUpdateTest().Cleanup();
2381     SnapshotTest().Cleanup();
2382 
2383     if (recreate_fake_super) {
2384         // Clean up any old copy.
2385         DeleteBackingImage(super_images_.get(), "fake-super");
2386         ASSERT_TRUE(CreateFakeSuper());
2387     }
2388 }
2389 
TearDown()2390 void SnapshotTestEnvironment::TearDown() {
2391     RETURN_IF_NON_VIRTUAL_AB();
2392     if (super_images_ != nullptr) {
2393         DeleteBackingImage(super_images_.get(), "fake-super");
2394     }
2395 }
2396 
2397 }  // namespace snapshot
2398 }  // namespace android
2399 
main(int argc,char ** argv)2400 int main(int argc, char** argv) {
2401     ::testing::InitGoogleTest(&argc, argv);
2402     ::testing::AddGlobalTestEnvironment(new ::android::snapshot::SnapshotTestEnvironment());
2403     return RUN_ALL_TESTS();
2404 }
2405