1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "update_engine/payload_consumer/vabc_partition_writer.h"
18
19 #include <algorithm>
20 #include <map>
21 #include <memory>
22 #include <string>
23 #include <utility>
24 #include <vector>
25
26 #include <android-base/properties.h>
27 #include <brillo/secure_blob.h>
28 #include <libsnapshot/cow_writer.h>
29
30 #include "update_engine/common/cow_operation_convert.h"
31 #include "update_engine/common/utils.h"
32 #include "update_engine/payload_consumer/extent_map.h"
33 #include "update_engine/payload_consumer/file_descriptor.h"
34 #include "update_engine/payload_consumer/install_plan.h"
35 #include "update_engine/payload_consumer/snapshot_extent_writer.h"
36 #include "update_engine/payload_consumer/xor_extent_writer.h"
37 #include "update_engine/payload_generator/extent_ranges.h"
38 #include "update_engine/payload_generator/extent_utils.h"
39 #include "update_engine/update_metadata.pb.h"
40
41 namespace chromeos_update_engine {
42 // Expected layout of COW file:
43 // === Beginning of Cow Image ===
44 // All Source Copy Operations
45 // ========== Label 0 ==========
46 // Operation 0 in PartitionUpdate
47 // ========== Label 1 ==========
48 // Operation 1 in PartitionUpdate
49 // ========== label 2 ==========
50 // Operation 2 in PartitionUpdate
51 // ========== label 3 ==========
52 // .
53 // .
54 // .
55
56 // When resuming, pass |next_op_index_| as label to
57 // |InitializeWithAppend|.
58 // For example, suppose we finished writing SOURCE_COPY, and we finished writing
59 // operation 2 completely. Update is suspended when we are half way through
60 // operation 3.
61 // |cnext_op_index_| would be 3, so we pass 3 as
62 // label to |InitializeWithAppend|. The CowWriter will retain all data before
63 // label 3, Which contains all operation 2's data, but none of operation 3's
64 // data.
65
66 using android::snapshot::ICowWriter;
67 using ::google::protobuf::RepeatedPtrField;
68
69 // Compute XOR map, a map from dst extent to corresponding merge operation
ComputeXorMap(const RepeatedPtrField<CowMergeOperation> & merge_ops)70 static ExtentMap<const CowMergeOperation*, ExtentLess> ComputeXorMap(
71 const RepeatedPtrField<CowMergeOperation>& merge_ops) {
72 ExtentMap<const CowMergeOperation*, ExtentLess> xor_map;
73 for (const auto& merge_op : merge_ops) {
74 if (merge_op.type() == CowMergeOperation::COW_XOR) {
75 xor_map.AddExtent(merge_op.dst_extent(), &merge_op);
76 }
77 }
78 return xor_map;
79 }
80
VABCPartitionWriter(const PartitionUpdate & partition_update,const InstallPlan::Partition & install_part,DynamicPartitionControlInterface * dynamic_control,size_t block_size)81 VABCPartitionWriter::VABCPartitionWriter(
82 const PartitionUpdate& partition_update,
83 const InstallPlan::Partition& install_part,
84 DynamicPartitionControlInterface* dynamic_control,
85 size_t block_size)
86 : partition_update_(partition_update),
87 install_part_(install_part),
88 dynamic_control_(dynamic_control),
89 block_size_(block_size),
90 executor_(block_size),
91 verified_source_fd_(block_size, install_part.source_path) {
92 for (const auto& cow_op : partition_update_.merge_operations()) {
93 if (cow_op.type() != CowMergeOperation::COW_COPY) {
94 continue;
95 }
96 copy_blocks_.AddExtent(cow_op.dst_extent());
97 }
98 LOG(INFO) << "Partition `" << partition_update.partition_name() << " has "
99 << copy_blocks_.blocks() << " copy blocks";
100 }
101
DoesDeviceSupportsXor()102 bool VABCPartitionWriter::DoesDeviceSupportsXor() {
103 return dynamic_control_->GetVirtualAbCompressionXorFeatureFlag().IsEnabled();
104 }
105
WriteAllCopyOps()106 bool VABCPartitionWriter::WriteAllCopyOps() {
107 const bool userSnapshots = android::base::GetBoolProperty(
108 "ro.virtual_ab.userspace.snapshots.enabled", false);
109 for (const auto& cow_op : partition_update_.merge_operations()) {
110 if (cow_op.type() != CowMergeOperation::COW_COPY) {
111 continue;
112 }
113 if (cow_op.dst_extent() == cow_op.src_extent()) {
114 continue;
115 }
116 if (userSnapshots) {
117 TEST_AND_RETURN_FALSE(cow_op.src_extent().num_blocks() != 0);
118 TEST_AND_RETURN_FALSE(
119 cow_writer_->AddCopy(cow_op.dst_extent().start_block(),
120 cow_op.src_extent().start_block(),
121 cow_op.src_extent().num_blocks()));
122 } else {
123 // Add blocks in reverse order, because snapused specifically prefers
124 // this ordering. Since we already eliminated all self-overlapping
125 // SOURCE_COPY during delta generation, this should be safe to do.
126 for (size_t i = cow_op.src_extent().num_blocks(); i > 0; i--) {
127 TEST_AND_RETURN_FALSE(
128 cow_writer_->AddCopy(cow_op.dst_extent().start_block() + i - 1,
129 cow_op.src_extent().start_block() + i - 1));
130 }
131 }
132 }
133 return true;
134 }
135
Init(const InstallPlan * install_plan,bool source_may_exist,size_t next_op_index)136 bool VABCPartitionWriter::Init(const InstallPlan* install_plan,
137 bool source_may_exist,
138 size_t next_op_index) {
139 if (dynamic_control_->GetVirtualAbCompressionXorFeatureFlag().IsEnabled()) {
140 xor_map_ = ComputeXorMap(partition_update_.merge_operations());
141 if (xor_map_.size() > 0) {
142 LOG(INFO) << "Virtual AB Compression with XOR is enabled";
143 } else {
144 LOG(INFO) << "Device supports Virtual AB compression with XOR, but OTA "
145 "package does not.";
146 }
147 } else {
148 LOG(INFO) << "Virtual AB Compression with XOR is disabled.";
149 }
150 TEST_AND_RETURN_FALSE(install_plan != nullptr);
151 if (source_may_exist && install_part_.source_size > 0) {
152 TEST_AND_RETURN_FALSE(!install_part_.source_path.empty());
153 TEST_AND_RETURN_FALSE(verified_source_fd_.Open());
154 }
155 std::optional<std::string> source_path;
156 if (!install_part_.source_path.empty()) {
157 // TODO(zhangkelvin) Make |source_path| a std::optional<std::string>
158 source_path = install_part_.source_path;
159 }
160 cow_writer_ = dynamic_control_->OpenCowWriter(
161 install_part_.name, source_path, install_plan->is_resume);
162 TEST_AND_RETURN_FALSE(cow_writer_ != nullptr);
163
164 // ===== Resume case handling code goes here ====
165 // It is possible that the SOURCE_COPY are already written but
166 // |next_op_index_| is still 0. In this case we discard previously written
167 // SOURCE_COPY, and start over.
168 if (install_plan->is_resume && next_op_index > 0) {
169 LOG(INFO) << "Resuming update on partition `"
170 << partition_update_.partition_name() << "` op index "
171 << next_op_index;
172 TEST_AND_RETURN_FALSE(cow_writer_->InitializeAppend(next_op_index));
173 return true;
174 } else {
175 TEST_AND_RETURN_FALSE(cow_writer_->Initialize());
176 }
177
178 // ==============================================
179 if (!partition_update_.merge_operations().empty()) {
180 if (IsXorEnabled()) {
181 LOG(INFO) << "VABC XOR enabled for partition "
182 << partition_update_.partition_name();
183 }
184 // When merge sequence is present in COW, snapuserd will merge blocks in
185 // order specified by the merge seuqnece op. Hence we have the freedom of
186 // writing COPY operations out of order. Delay processing of copy ops so
187 // that update_engine can be more responsive in progress updates.
188 if (DoesDeviceSupportsXor()) {
189 LOG(INFO) << "Snapuserd supports XOR and merge sequence, writing merge "
190 "sequence and delay writing COPY operations";
191 TEST_AND_RETURN_FALSE(WriteMergeSequence(
192 partition_update_.merge_operations(), cow_writer_.get()));
193 } else {
194 LOG(INFO) << "Snapuserd does not support merge sequence, writing all "
195 "COPY operations up front, this may take few "
196 "minutes.";
197 TEST_AND_RETURN_FALSE(WriteAllCopyOps());
198 }
199 cow_writer_->AddLabel(0);
200 }
201 return true;
202 }
203
WriteMergeSequence(const RepeatedPtrField<CowMergeOperation> & merge_sequence,ICowWriter * cow_writer)204 bool VABCPartitionWriter::WriteMergeSequence(
205 const RepeatedPtrField<CowMergeOperation>& merge_sequence,
206 ICowWriter* cow_writer) {
207 std::vector<uint32_t> blocks_merge_order;
208 for (const auto& merge_op : merge_sequence) {
209 const auto& dst_extent = merge_op.dst_extent();
210 const auto& src_extent = merge_op.src_extent();
211 // In place copy are basically noops, they do not need to be "merged" at
212 // all, don't include them in merge sequence.
213 if (merge_op.type() == CowMergeOperation::COW_COPY &&
214 merge_op.src_extent() == merge_op.dst_extent()) {
215 continue;
216 }
217
218 const bool extent_overlap =
219 ExtentRanges::ExtentsOverlap(src_extent, dst_extent);
220 // TODO(193863443) Remove this check once this feature
221 // lands on all pixel devices.
222 const bool is_ascending = android::base::GetBoolProperty(
223 "ro.virtual_ab.userspace.snapshots.enabled", false);
224
225 // If this is a self-overlapping op and |dst_extent| comes after
226 // |src_extent|, we must write in reverse order for correctness.
227 //
228 // If this is self-overlapping op and |dst_extent| comes before
229 // |src_extent|, we must write in ascending order for correctness.
230 //
231 // If this isn't a self overlapping op, write block in ascending order
232 // if userspace snapshots are enabled
233 if (extent_overlap) {
234 if (dst_extent.start_block() <= src_extent.start_block()) {
235 for (size_t i = 0; i < dst_extent.num_blocks(); i++) {
236 blocks_merge_order.push_back(dst_extent.start_block() + i);
237 }
238 } else {
239 for (int i = dst_extent.num_blocks() - 1; i >= 0; i--) {
240 blocks_merge_order.push_back(dst_extent.start_block() + i);
241 }
242 }
243 } else {
244 if (is_ascending) {
245 for (size_t i = 0; i < dst_extent.num_blocks(); i++) {
246 blocks_merge_order.push_back(dst_extent.start_block() + i);
247 }
248 } else {
249 for (int i = dst_extent.num_blocks() - 1; i >= 0; i--) {
250 blocks_merge_order.push_back(dst_extent.start_block() + i);
251 }
252 }
253 }
254 }
255 return cow_writer->AddSequenceData(blocks_merge_order.size(),
256 blocks_merge_order.data());
257 }
258
CreateBaseExtentWriter()259 std::unique_ptr<ExtentWriter> VABCPartitionWriter::CreateBaseExtentWriter() {
260 return std::make_unique<SnapshotExtentWriter>(cow_writer_.get());
261 }
262
PerformZeroOrDiscardOperation(const InstallOperation & operation)263 [[nodiscard]] bool VABCPartitionWriter::PerformZeroOrDiscardOperation(
264 const InstallOperation& operation) {
265 for (const auto& extent : operation.dst_extents()) {
266 TEST_AND_RETURN_FALSE(
267 cow_writer_->AddZeroBlocks(extent.start_block(), extent.num_blocks()));
268 }
269 return true;
270 }
271
PerformSourceCopyOperation(const InstallOperation & operation,ErrorCode * error)272 [[nodiscard]] bool VABCPartitionWriter::PerformSourceCopyOperation(
273 const InstallOperation& operation, ErrorCode* error) {
274 // COPY ops are already handled during Init(), no need to do actual work, but
275 // we still want to verify that all blocks contain expected data.
276 auto source_fd = verified_source_fd_.ChooseSourceFD(operation, error);
277 TEST_AND_RETURN_FALSE(source_fd != nullptr);
278 std::vector<CowOperation> converted;
279
280 const auto& src_extents = operation.src_extents();
281 const auto& dst_extents = operation.dst_extents();
282 BlockIterator it1{src_extents};
283 BlockIterator it2{dst_extents};
284 const bool userSnapshots = android::base::GetBoolProperty(
285 "ro.virtual_ab.userspace.snapshots.enabled", false);
286 // For devices not supporting XOR, sequence op is not supported, so all COPY
287 // operations are written up front in strict merge order.
288 const auto sequence_op_supported = DoesDeviceSupportsXor();
289 while (!it1.is_end() && !it2.is_end()) {
290 const auto src_block = *it1;
291 const auto dst_block = *it2;
292 ++it1;
293 ++it2;
294 if (src_block == dst_block) {
295 continue;
296 }
297 if (copy_blocks_.ContainsBlock(dst_block)) {
298 if (sequence_op_supported) {
299 push_back(&converted, {CowOperation::CowCopy, src_block, dst_block, 1});
300 }
301 } else {
302 push_back(&converted,
303 {CowOperation::CowReplace, src_block, dst_block, 1});
304 }
305 }
306 std::vector<uint8_t> buffer;
307 for (const auto& cow_op : converted) {
308 if (cow_op.op == CowOperation::CowCopy) {
309 if (userSnapshots) {
310 cow_writer_->AddCopy(
311 cow_op.dst_block, cow_op.src_block, cow_op.block_count);
312 } else {
313 // Add blocks in reverse order, because snapused specifically prefers
314 // this ordering. Since we already eliminated all self-overlapping
315 // SOURCE_COPY during delta generation, this should be safe to do.
316 for (size_t i = cow_op.block_count; i > 0; i--) {
317 TEST_AND_RETURN_FALSE(cow_writer_->AddCopy(cow_op.dst_block + i - 1,
318 cow_op.src_block + i - 1));
319 }
320 }
321 continue;
322 }
323 buffer.resize(block_size_ * cow_op.block_count);
324 ssize_t bytes_read = 0;
325 TEST_AND_RETURN_FALSE(utils::ReadAll(source_fd,
326 buffer.data(),
327 block_size_ * cow_op.block_count,
328 cow_op.src_block * block_size_,
329 &bytes_read));
330 if (bytes_read <= 0 || static_cast<size_t>(bytes_read) != buffer.size()) {
331 LOG(ERROR) << "source_fd->Read failed: " << bytes_read;
332 return false;
333 }
334 TEST_AND_RETURN_FALSE(cow_writer_->AddRawBlocks(
335 cow_op.dst_block, buffer.data(), buffer.size()));
336 }
337 return true;
338 }
339
PerformReplaceOperation(const InstallOperation & op,const void * data,size_t count)340 bool VABCPartitionWriter::PerformReplaceOperation(const InstallOperation& op,
341 const void* data,
342 size_t count) {
343 // Setup the ExtentWriter stack based on the operation type.
344 std::unique_ptr<ExtentWriter> writer = CreateBaseExtentWriter();
345
346 return executor_.ExecuteReplaceOperation(op, std::move(writer), data, count);
347 }
348
PerformDiffOperation(const InstallOperation & operation,ErrorCode * error,const void * data,size_t count)349 bool VABCPartitionWriter::PerformDiffOperation(
350 const InstallOperation& operation,
351 ErrorCode* error,
352 const void* data,
353 size_t count) {
354 FileDescriptorPtr source_fd =
355 verified_source_fd_.ChooseSourceFD(operation, error);
356 TEST_AND_RETURN_FALSE(source_fd != nullptr);
357 TEST_AND_RETURN_FALSE(source_fd->IsOpen());
358
359 std::unique_ptr<ExtentWriter> writer =
360 IsXorEnabled() ? std::make_unique<XORExtentWriter>(
361 operation,
362 source_fd,
363 cow_writer_.get(),
364 xor_map_,
365 partition_update_.old_partition_info().size())
366 : CreateBaseExtentWriter();
367 return executor_.ExecuteDiffOperation(
368 operation, std::move(writer), source_fd, data, count);
369 }
370
CheckpointUpdateProgress(size_t next_op_index)371 void VABCPartitionWriter::CheckpointUpdateProgress(size_t next_op_index) {
372 // No need to call fsync/sync, as CowWriter flushes after a label is added
373 // added.
374 // if cow_writer_ failed, that means Init() failed. This function shouldn't be
375 // called if Init() fails.
376 TEST_AND_RETURN(cow_writer_ != nullptr);
377 cow_writer_->AddLabel(next_op_index);
378 }
379
FinishedInstallOps()380 [[nodiscard]] bool VABCPartitionWriter::FinishedInstallOps() {
381 // Add a hardcoded magic label to indicate end of all install ops. This label
382 // is needed by filesystem verification, don't remove.
383 TEST_AND_RETURN_FALSE(cow_writer_ != nullptr);
384 TEST_AND_RETURN_FALSE(cow_writer_->AddLabel(kEndOfInstallLabel));
385 TEST_AND_RETURN_FALSE(cow_writer_->Finalize());
386 TEST_AND_RETURN_FALSE(cow_writer_->VerifyMergeOps());
387 return true;
388 }
389
~VABCPartitionWriter()390 VABCPartitionWriter::~VABCPartitionWriter() {
391 Close();
392 }
393
Close()394 int VABCPartitionWriter::Close() {
395 if (cow_writer_) {
396 LOG(INFO) << "Finalizing " << partition_update_.partition_name()
397 << " COW image";
398 cow_writer_->Finalize();
399 cow_writer_ = nullptr;
400 }
401 return 0;
402 }
403
404 } // namespace chromeos_update_engine
405