summaryrefslogtreecommitdiffstats
path: root/updater/blockimg.cpp (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-11-01Cleanup ReadArgs & ReadValueArgs usageTianjie Xu1-30/+24
ReadArgs will switch to using std::string and std::unique_ptr. Also cleanup the callers. Test: mma & component test passed. Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
2016-10-18Replace minzip with libziparchiveTianjie Xu1-47/+26
Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-15Change StringValue to use std::stringTianjie Xu1-81/+73
Changing the field of 'Value' in edify to std::string from char*. Meanwhile cleaning up the users of 'Value' and switching them to cpp style. Test: compontent tests passed. Bug: 31713288 Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
2016-10-11Refactor libupdater into a seperate module.Tao Bao1-2/+2
So that we can write native tests for updater functions. This CL adds a testcase for getprop() function. Test: mmma bootable/recovery; Run recovery_component_test on device. Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
2016-09-01Check an edge case when read(2) returns 0Tianjie Xu1-0/+4
We might end up in an infinite loop if read(2) reached EOF unexpectedly. The problematic code in uncrypt mentioned in the bug has been fixed by switching to libbase ReadFully(). So I grepped through the recovery code and fixed some other occurences of the issue. Bug: 31073201 Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
2016-06-16Check the results from applypatchTianjie Xu1-4/+10
Check the results from applypatch in PerformCommandDiff; and abort the update on failure. Bug:29339536 Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
2016-06-03Call ioctl before each write on retryTianjie Xu1-7/+52
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before writing to these blocks. Bug: 28990135 Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
2016-05-20Allow recovery to return error codesTianjie Xu1-27/+54
Write error code, cause code, and retry count into last_install. So we can have more information about the reason of a failed OTA. Example of new last_install: @/cache/recovery/block.map package name 0 install result retry: 1 retry count (new) error: 30 error code (new) cause: 12 error cause (new) Details in: go/android-ota-errorcode Bug: 28471955 Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
2016-05-16Add time and I/O info to last_installTianjie Xu1-0/+12
One example of last_install is: /sideload/package.zip 1 time_total: 101 bytes_written_system: 14574000 bytes_stashed_system: 100 bytes_written_vendor: 5107400 bytes_stashed_vendor: 0 Bug: 28658632 Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
2016-04-29Fix google-explicit-constructor warnings.Chih-Hung Hsieh1-1/+1
Bug: 28341362 Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
2016-04-27updater: Don't zero out CommandParameters with memset(3).Tao Bao1-2/+1
[1] switched a few things to android::base::unique_fd including CommandParameters.fd. However, we were using memset(3) to zero out the struct, which effectively assigned unique_fd(0) to fd. When it called fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was later reassigned via open(2), it led to lseek(2) errors: "Bad file descriptor". This CL switches to using braced-init (i.e. '= {}') instead, so that the default constructor unique_fd(-1) would be called. [1]: commit bcabd0929316fdd022ea102cc86396547ad9f070 Bug: 28391985 Change-Id: If1f99932b15552714c399e65c8b80550344b758a
2016-03-29Switch to <android-base/unique_fd.h>.Elliott Hughes1-25/+17
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
2016-03-25Skip stashing source blocks in verify modeTianjie Xu1-8/+46
Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996 (cherry picked from commit 0188935d55206e8c2becb29e995f166cb7040355)
2016-03-23Skip stashing source blocks in verify modeTianjie Xu1-8/+46
Currently block_image_verify() stashes source blocks to /cache and in some case triggers I/O errors. To avoid this risk, We create a map from the hash value to the source blocks' range_set. When executing stash command in verify mode, source range is saved but block contents aren't stashed. And load_stash could get its value from either the stashed file from the previous update, or the contents on the source partition specified by the saved range. Bug: 27584487 Bug: 25633753 Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
2016-03-19Control fault injection with config files instead of build flagsJed Estep1-1/+1
Bug: 27724259 Change-Id: I65bdefed10b3fb85fcb9e1147eaf0687d7d438f4
2016-03-17Revert "DO NOT MERGE Control fault injection with config files instead of build flags"Tao Bao1-1/+1
This reverts commit f73abf36bcfd433a3fdd1664a77e8e531346c1b1. Bug: 27724259 Change-Id: I1301fdad15650837d0b1febd0c3239134e2b94fb
2016-03-16DO NOT MERGE Control fault injection with config files instead of build flagsJed Estep1-1/+1
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-02-23Control fault injection with config files instead of build flagsJed Estep1-1/+1
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c (cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
2016-02-20Control fault injection with config files instead of build flagsJed Estep1-1/+1
Bug: 26570379 Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
2016-02-10IO fault injection for OTA packagesJed Estep1-12/+13
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c (cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
2016-02-04Switch from mincrypt to BoringSSL in applypatch and updater.Sen Jiang1-10/+9
Bug: 18790686 Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
2016-01-07updater: Add a function to check first blockTianjie Xu1-0/+55
Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f (cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf)
2016-01-06IO fault injection for OTA packagesJed Estep1-6/+7
Bug: 25951086 Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
2015-12-18updater: Add a function to check first blockTianjie Xu1-0/+55
Add and register a function to check if the device has been remounted since last update during incremental OTA. This function reads block 0 and executes before partition recovery for version >= 4. Bug: 21124327 Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
2015-12-11updater: Output msg when recovery is calledTianjie Xu1-1/+4
Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda (cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185)
2015-12-10updater: Output msg when recovery is calledTianjie Xu1-1/+4
Output messages in log when recovery is attempted or succeeded during incremental OTA update. Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
2015-12-07updater: Replace strtok() with android::base::Split().Tao Bao1-133/+144
Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
2015-12-05Track rename from base/ to android-base/.Elliott Hughes1-2/+2
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
2015-11-16DO NOT MERGE recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-17/+14
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270 (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-11-16Add error and range checks to parse_rangeSami Tolvanen1-10/+71
Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: I1e266de3de15c99ee596ebdb034419fdfe7eba1f (cherry picked from commit f2bac04e1ba0a5b79f8adbc35b493923b776f8b2)
2015-08-04udpater: Call fsync() after rename().Tao Bao1-0/+20
We need to ensure the renamed filename reaches the underlying storage. Bug: 22840552 Change-Id: I824b6e9d8a9c5966035be7b42a73678d07376342 (cherry picked from commit dc3922622a94af4f6412fd68e8f075f839ab2348)
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-1994/+0
Mostly trivial changes to make cpp compiler happy. Change-Id: I1b0481465c67c3bbca35a839d0764190d84ff34e (cherry picked from commit ba9a42aa7e10686de186636fe9fecbf8c4cc7c19)
2015-07-14recovery: Switch applypatch/ and updater/ to cpp.Tao Bao1-1994/+0
Mostly trivial changes to make cpp compiler happy. Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
2015-07-11Revert "Zero blocks before BLKDISCARD"Tao Bao1-17/+1
This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I016e3b47313e3113f01bb4f8eb3c14856bdc35e5 (cherry picked from commit 7125f9594db027ce4313d940ce2cafac67ae8c31)
2015-07-01Revert "Zero blocks before BLKDISCARD"Tao Bao1-17/+1
This reverts commit b65f0272c860771f2105668accd175be1ed95ae9. It slows down the update too much on some devices (e.g. increased from 8 mins to 40 mins to take a full OTA update). Bug: 22129621 Change-Id: I4e8d4f6734967caf4f0d19c734027f7b6c107370
2015-06-26More accurate checking for overlapped ranges.Tao Bao1-1/+1
A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I362d259f8b5d62478858ad0422b635bc5068698d (cherry picked from commit c0f56ad76680df555689d4a2397487ef8c16b1a6)
2015-06-26More accurate checking for overlapped ranges.Tao Bao1-1/+1
A RangeSet has half-closed half-open bounds. For example, "3,5" contains blocks 3 and 4. So "3,5" and "5,7" are actually not overlapped. Bug: 22098085 Change-Id: I75e54a6506f2a20255d782ee710e889fad2eaf29
2015-06-10Zero blocks before BLKDISCARDSami Tolvanen1-1/+17
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f (cherry picked from commit a3c75e3ea60d61df93461f5c356befe825c429d2)
2015-06-10Zero blocks before BLKDISCARDSami Tolvanen1-1/+17
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I4f6f2db39db990879ff10468c9db41606497bd6f
2015-06-10Revert "Zero blocks before BLKDISCARD"Sami Tolvanen1-5/+9
This reverts commit 96392b97f6bf1670d478494fb6df89a3410e53fa. Change-Id: I77acc27158bad3cd8948390a3955197646a43a31
2015-06-10Revert "Zero blocks before BLKDISCARD"Sami Tolvanen1-5/+9
This reverts commit 604c583c9dd3d47906b1a57c14a7e9650df7471e. Change-Id: I2b0b283dc3f44bae55c5e9f7231d7c712630c2b5
2015-06-09Zero blocks before BLKDISCARDSami Tolvanen1-9/+5
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3 (cherry picked from commit 96392b97f6bf1670d478494fb6df89a3410e53fa)
2015-06-09Zero blocks before BLKDISCARDSami Tolvanen1-9/+5
Due to observed BLKDISCARD flakiness, overwrite blocks that we want to discard with zeros first to avoid later issues with dm-verity if BLKDISCARD is not successful. Bug: 20614277 Bug: 20881595 Change-Id: I0280fe115b020dcab35f49041fb55b7f8e793da3
2015-05-29Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes1-1/+1
I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56 (cherry picked from commit b3ac676192a093c561b7f15064cbd67733407b12)
2015-05-29Handle BLKDISCARD failuresSami Tolvanen1-2/+1
In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067 (cherry picked from commit cc2428c8181d18c9a88db908fa4eabd2db5601ad)
2015-05-29Really don't use TEMP_FAILURE_RETRY with close in recovery.Elliott Hughes1-1/+1
I missed one last time. Bug: http://b/20501816 Change-Id: I9896ee2704237d61ee169f898680761e946e0a56
2015-05-28Handle BLKDISCARD failuresSami Tolvanen1-2/+1
In the block updater, if BLKDISCARD fails, the error is silently ignored and some of the blocks may not be erased. This means the target partition will have inconsistent contents. If the ioctl fails, return an error and abort the update. Bug: 20614277 Change-Id: I33867ba9337c514de8ffae59f28584b285324067
2015-05-16Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes1-2/+2
Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f (cherry picked from commit b47afedb42866e85b76822736d915afd371ef5f0)
2015-05-16Don't use TEMP_FAILURE_RETRY on close in recovery.Elliott Hughes1-2/+2
Bug: http://b/20501816 Change-Id: I35efcd8dcec7a6492ba70602d380d9980cdda31f
2015-05-15Add error and range checks to parse_rangeSami Tolvanen1-10/+71
Only trusted input is passed to parse_range, but check for invalid input to catch possible problems in transfer lists. Bug: 21033983 Bug: 21034030 Bug: 21034172 Bug: 21034406 Change-Id: Ia17537a2d23d5f701522fbc42ed38924e1ee3366
2015-04-30Check all lseek calls succeed.Elliott Hughes1-28/+20
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b (cherry picked from commit 7bad7c4646ee8fd8d6e6ed0ffd3ddbb0c1b41a2f)
2015-04-30Check all lseek calls succeed.Elliott Hughes1-28/+20
Also add missing TEMP_FAILURE_RETRYs on read, write, and lseek. Bug: http://b/20625546 Change-Id: I03b198e11c1921b35518ee2dd005a7cfcf4fd94b
2015-04-17Don't remove existing explicitly stashed blocksSami Tolvanen1-10/+28
When automatically stashing overlapping blocks, should the stash file already exist due to an explicit stash command, it's not safe to remove the stash file after the command has completed. Note that it is safe to assume that the stash file will remain in place during the execution of the next command, so we don't have take other measures to preserve overlapping blocks. The stash file itself will be removed by a free command when it's no longer needed. Bug: 20297065 Change-Id: I8ff1a798b94086adff183c5aac03260eb947ae2c
2015-03-23Always use strerror to report errno in recovery.Elliott Hughes1-19/+20
Change-Id: I7009959043150fabf5853a43ee2448c7fbea176e
2015-03-11updater: Check the return value from ApplyImagePatch / ApplyBSDiffPatchTao Bao1-14/+28
Return NULL to abort the update process. Note that returning "" won't stop the script. Change-Id: Ifd108c1356f7c92a905c8776247a8842c6445319
2015-02-23Fix a printf format warning.Narayan Kamath1-1/+1
warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat] sizeof(RangeSet) + num * sizeof(int)); Change-Id: I4a3c6fc8d40c08ea84f8f5ee13f39350e4264027
2015-02-18Initialize stashbase even stash_max_blocks = 0Jesse Zhao1-1/+1
Change-Id: I480c02ffedd811f4dda9940ef979a05ff54f1435 Bug: 19410117
2015-01-30Support resuming block based OTAsSami Tolvanen1-346/+1460
Add support for transfer list version 3, which allows us to verify the status of each command and resume an interrupted block based OTA update. Notes on the changes: - Move the previous BlockImageUpdateFn to a shorter and reusable PerformBlockImageUpdate, which can be used also in BlockImageVerifyFn for verification. - Split individual transfer list commands into separate functions with unified parameters for clarity, and use a hash table to locate them during execution. - Move common block reading and writing to ReadBlocks and WriteBlocks to reduce code duplication, and rename the readblock and writeblock to less confusing read_all and write_all. The coding style of the new functions follows the existing style in the updater/edify code. Needs matching changes from Ia5c56379f570047f10f0aa7373a1025439495c98 Bug: 18262110 Change-Id: I1e752464134aeb2d396946348e6041acabe13942
2014-09-26support for version 2 of block image diffsDoug Zongker1-45/+209
In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I4559bfd76d5403859637aeac832f3a5e9e13b63a
2014-09-08support for version 2 of block image diffsDoug Zongker1-45/+209
In version 2 of block image diffs, we support a new command to load data from the image and store it in the "stash table" and then subsequently use entries in the stash table to fill in missing bits of source data we're not allowed to read when doing move/bsdiff/imgdiff commands. This leads to smaller update packages because we can break cycles in the ordering of how pieces are updated by storing data away and using it later, rather than not using the data as input to the patch system at all. This comes at the cost of the RAM or scratch disk needed to store the data. The implementation is backwards compatible; it can still handle the existing version 1 of the transfer file format. Change-Id: I7fafe741d86b92d82d46feb2939ecf5a3890dc64
2014-09-04fix comment in blockimg updater codeDoug Zongker1-3/+3
The comment for the DEBUG_ERASE setting is exactly backwards. Change-Id: I98ab5828365894217fc78976817a131e7d22d5c1
2014-09-04use lseek64 instead of lseekAndrew Boie1-11/+11
Otherwise, overflow problems can occur with images larger than 2G since the offsets will overflow a 32-bit off_t. Change-Id: I05951a38ebeae83ad2cb938594e8d8adb323e2aa Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2014-08-21fix two bugs in block image updaterDoug Zongker1-18/+32
The computation of file offsets was overflowing for partitions larger than 2 GB. The parsing of the transfer file could fail at the end if the data happened to not be properly null-terminated. Bug: 16984795 Change-Id: I3ce6eb3e54ab7b55aa9bbed252da5a7eacd3317a
2014-08-20installer for new block OTA systemDoug Zongker1-0/+631
(Cherry-pick back from master.) Bug: 16984795 Change-Id: Ifa3d8345c5e2a0be86fb28faa080ca82592a96b4
2014-08-19installer for new block OTA systemDoug Zongker1-0/+631
Bug: 16984795 Change-Id: I90f958446baed83dec658de2430c8fc5e9c3047e