diff options
Diffstat (limited to 'updater/blockimg.cpp')
-rw-r--r-- | updater/blockimg.cpp | 1790 |
1 files changed, 1790 insertions, 0 deletions
diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp new file mode 100644 index 000000000..e9c8ddbc0 --- /dev/null +++ b/updater/blockimg.cpp @@ -0,0 +1,1790 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <ctype.h> +#include <errno.h> +#include <dirent.h> +#include <fcntl.h> +#include <inttypes.h> +#include <linux/fs.h> +#include <pthread.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/ioctl.h> +#include <time.h> +#include <unistd.h> +#include <fec/io.h> + +#include <memory> +#include <string> +#include <vector> + +#include <android-base/parseint.h> +#include <android-base/strings.h> + +#include "applypatch/applypatch.h" +#include "edify/expr.h" +#include "install.h" +#include "openssl/sha.h" +#include "minzip/Hash.h" +#include "otafault/ota_io.h" +#include "print_sha1.h" +#include "unique_fd.h" +#include "updater.h" + +#define BLOCKSIZE 4096 + +// Set this to 0 to interpret 'erase' transfers to mean do a +// BLKDISCARD ioctl (the normal behavior). Set to 1 to interpret +// erase to mean fill the region with zeroes. +#define DEBUG_ERASE 0 + +#define STASH_DIRECTORY_BASE "/cache/recovery" +#define STASH_DIRECTORY_MODE 0700 +#define STASH_FILE_MODE 0600 + +struct RangeSet { + size_t count; // Limit is INT_MAX. + size_t size; + std::vector<size_t> pos; // Actual limit is INT_MAX. +}; + +static void parse_range(const std::string& range_text, RangeSet& rs) { + + std::vector<std::string> pieces = android::base::Split(range_text, ","); + if (pieces.size() < 3) { + goto err; + } + + size_t num; + if (!android::base::ParseUint(pieces[0].c_str(), &num, static_cast<size_t>(INT_MAX))) { + goto err; + } + + if (num == 0 || num % 2) { + goto err; // must be even + } else if (num != pieces.size() - 1) { + goto err; + } + + rs.pos.resize(num); + rs.count = num / 2; + rs.size = 0; + + for (size_t i = 0; i < num; i += 2) { + if (!android::base::ParseUint(pieces[i+1].c_str(), &rs.pos[i], + static_cast<size_t>(INT_MAX))) { + goto err; + } + + if (!android::base::ParseUint(pieces[i+2].c_str(), &rs.pos[i+1], + static_cast<size_t>(INT_MAX))) { + goto err; + } + + if (rs.pos[i] >= rs.pos[i+1]) { + goto err; // empty or negative range + } + + size_t sz = rs.pos[i+1] - rs.pos[i]; + if (rs.size > SIZE_MAX - sz) { + goto err; // overflow + } + + rs.size += sz; + } + + return; + +err: + fprintf(stderr, "failed to parse range '%s'\n", range_text.c_str()); + exit(1); +} + +static bool range_overlaps(const RangeSet& r1, const RangeSet& r2) { + for (size_t i = 0; i < r1.count; ++i) { + size_t r1_0 = r1.pos[i * 2]; + size_t r1_1 = r1.pos[i * 2 + 1]; + + for (size_t j = 0; j < r2.count; ++j) { + size_t r2_0 = r2.pos[j * 2]; + size_t r2_1 = r2.pos[j * 2 + 1]; + + if (!(r2_0 >= r1_1 || r1_0 >= r2_1)) { + return true; + } + } + } + + return false; +} + +static int read_all(int fd, uint8_t* data, size_t size) { + size_t so_far = 0; + while (so_far < size) { + ssize_t r = TEMP_FAILURE_RETRY(ota_read(fd, data+so_far, size-so_far)); + if (r == -1) { + fprintf(stderr, "read failed: %s\n", strerror(errno)); + return -1; + } + so_far += r; + } + return 0; +} + +static int read_all(int fd, std::vector<uint8_t>& buffer, size_t size) { + return read_all(fd, buffer.data(), size); +} + +static int write_all(int fd, const uint8_t* data, size_t size) { + size_t written = 0; + while (written < size) { + ssize_t w = TEMP_FAILURE_RETRY(ota_write(fd, data+written, size-written)); + if (w == -1) { + fprintf(stderr, "write failed: %s\n", strerror(errno)); + return -1; + } + written += w; + } + + return 0; +} + +static int write_all(int fd, const std::vector<uint8_t>& buffer, size_t size) { + return write_all(fd, buffer.data(), size); +} + +static bool check_lseek(int fd, off64_t offset, int whence) { + off64_t rc = TEMP_FAILURE_RETRY(lseek64(fd, offset, whence)); + if (rc == -1) { + fprintf(stderr, "lseek64 failed: %s\n", strerror(errno)); + return false; + } + return true; +} + +static void allocate(size_t size, std::vector<uint8_t>& buffer) { + // if the buffer's big enough, reuse it. + if (size <= buffer.size()) return; + + buffer.resize(size); +} + +struct RangeSinkState { + RangeSinkState(RangeSet& rs) : tgt(rs) { }; + + int fd; + const RangeSet& tgt; + size_t p_block; + size_t p_remain; +}; + +static ssize_t RangeSinkWrite(const uint8_t* data, ssize_t size, void* token) { + RangeSinkState* rss = reinterpret_cast<RangeSinkState*>(token); + + if (rss->p_remain == 0) { + fprintf(stderr, "range sink write overrun"); + return 0; + } + + ssize_t written = 0; + while (size > 0) { + size_t write_now = size; + + if (rss->p_remain < write_now) { + write_now = rss->p_remain; + } + + if (write_all(rss->fd, data, write_now) == -1) { + break; + } + + data += write_now; + size -= write_now; + + rss->p_remain -= write_now; + written += write_now; + + if (rss->p_remain == 0) { + // move to the next block + ++rss->p_block; + if (rss->p_block < rss->tgt.count) { + rss->p_remain = (rss->tgt.pos[rss->p_block * 2 + 1] - + rss->tgt.pos[rss->p_block * 2]) * BLOCKSIZE; + + if (!check_lseek(rss->fd, (off64_t)rss->tgt.pos[rss->p_block*2] * BLOCKSIZE, + SEEK_SET)) { + break; + } + } else { + // we can't write any more; return how many bytes have + // been written so far. + break; + } + } + } + + return written; +} + +// All of the data for all the 'new' transfers is contained in one +// file in the update package, concatenated together in the order in +// which transfers.list will need it. We want to stream it out of the +// archive (it's compressed) without writing it to a temp file, but we +// can't write each section until it's that transfer's turn to go. +// +// To achieve this, we expand the new data from the archive in a +// background thread, and block that threads 'receive uncompressed +// data' function until the main thread has reached a point where we +// want some new data to be written. We signal the background thread +// with the destination for the data and block the main thread, +// waiting for the background thread to complete writing that section. +// Then it signals the main thread to wake up and goes back to +// blocking waiting for a transfer. +// +// NewThreadInfo is the struct used to pass information back and forth +// between the two threads. When the main thread wants some data +// written, it sets rss to the destination location and signals the +// condition. When the background thread is done writing, it clears +// rss and signals the condition again. + +struct NewThreadInfo { + ZipArchive* za; + const ZipEntry* entry; + + RangeSinkState* rss; + + pthread_mutex_t mu; + pthread_cond_t cv; +}; + +static bool receive_new_data(const unsigned char* data, int size, void* cookie) { + NewThreadInfo* nti = reinterpret_cast<NewThreadInfo*>(cookie); + + while (size > 0) { + // Wait for nti->rss to be non-null, indicating some of this + // data is wanted. + pthread_mutex_lock(&nti->mu); + while (nti->rss == nullptr) { + pthread_cond_wait(&nti->cv, &nti->mu); + } + pthread_mutex_unlock(&nti->mu); + + // At this point nti->rss is set, and we own it. The main + // thread is waiting for it to disappear from nti. + ssize_t written = RangeSinkWrite(data, size, nti->rss); + data += written; + size -= written; + + if (nti->rss->p_block == nti->rss->tgt.count) { + // we have written all the bytes desired by this rss. + + pthread_mutex_lock(&nti->mu); + nti->rss = nullptr; + pthread_cond_broadcast(&nti->cv); + pthread_mutex_unlock(&nti->mu); + } + } + + return true; +} + +static void* unzip_new_data(void* cookie) { + NewThreadInfo* nti = (NewThreadInfo*) cookie; + mzProcessZipEntryContents(nti->za, nti->entry, receive_new_data, nti); + return nullptr; +} + +static int ReadBlocks(const RangeSet& src, std::vector<uint8_t>& buffer, int fd) { + size_t p = 0; + uint8_t* data = buffer.data(); + + for (size_t i = 0; i < src.count; ++i) { + if (!check_lseek(fd, (off64_t) src.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size_t size = (src.pos[i * 2 + 1] - src.pos[i * 2]) * BLOCKSIZE; + + if (read_all(fd, data + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +static int WriteBlocks(const RangeSet& tgt, const std::vector<uint8_t>& buffer, int fd) { + const uint8_t* data = buffer.data(); + + size_t p = 0; + for (size_t i = 0; i < tgt.count; ++i) { + if (!check_lseek(fd, (off64_t) tgt.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + size_t size = (tgt.pos[i * 2 + 1] - tgt.pos[i * 2]) * BLOCKSIZE; + + if (write_all(fd, data + p, size) == -1) { + return -1; + } + + p += size; + } + + return 0; +} + +// Parameters for transfer list command functions +struct CommandParameters { + std::vector<std::string> tokens; + size_t cpos; + const char* cmdname; + const char* cmdline; + std::string freestash; + std::string stashbase; + bool canwrite; + int createdstash; + int fd; + bool foundwrites; + bool isunresumable; + int version; + size_t written; + NewThreadInfo nti; + pthread_t thread; + std::vector<uint8_t> buffer; + uint8_t* patch_start; +}; + +// Do a source/target load for move/bsdiff/imgdiff in version 1. +// We expect to parse the remainder of the parameter tokens as: +// +// <src_range> <tgt_range> +// +// The source range is loaded into the provided buffer, reallocating +// it to make it larger if necessary. + +static int LoadSrcTgtVersion1(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, + std::vector<uint8_t>& buffer, int fd) { + + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "invalid parameters\n"); + return -1; + } + + // <src_range> + RangeSet src; + parse_range(params.tokens[params.cpos++], src); + + // <tgt_range> + parse_range(params.tokens[params.cpos++], tgt); + + allocate(src.size * BLOCKSIZE, buffer); + int rc = ReadBlocks(src, buffer, fd); + src_blocks = src.size; + + return rc; +} + +static int VerifyBlocks(const std::string& expected, const std::vector<uint8_t>& buffer, + const size_t blocks, bool printerror) { + uint8_t digest[SHA_DIGEST_LENGTH]; + const uint8_t* data = buffer.data(); + + SHA1(data, blocks * BLOCKSIZE, digest); + + std::string hexdigest = print_sha1(digest); + + if (hexdigest != expected) { + if (printerror) { + fprintf(stderr, "failed to verify blocks (expected %s, read %s)\n", + expected.c_str(), hexdigest.c_str()); + } + return -1; + } + + return 0; +} + +static std::string GetStashFileName(const std::string& base, const std::string& id, + const std::string& postfix) { + if (base.empty()) { + return ""; + } + + std::string fn(STASH_DIRECTORY_BASE); + fn += "/" + base + "/" + id + postfix; + + return fn; +} + +typedef void (*StashCallback)(const std::string&, void*); + +// Does a best effort enumeration of stash files. Ignores possible non-file +// items in the stash directory and continues despite of errors. Calls the +// 'callback' function for each file and passes 'data' to the function as a +// parameter. + +static void EnumerateStash(const std::string& dirname, StashCallback callback, void* data) { + if (dirname.empty() || callback == nullptr) { + return; + } + + std::unique_ptr<DIR, int(*)(DIR*)> directory(opendir(dirname.c_str()), closedir); + + if (directory == nullptr) { + if (errno != ENOENT) { + fprintf(stderr, "opendir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + } + return; + } + + struct dirent* item; + while ((item = readdir(directory.get())) != nullptr) { + if (item->d_type != DT_REG) { + continue; + } + + std::string fn = dirname + "/" + std::string(item->d_name); + callback(fn, data); + } +} + +static void UpdateFileSize(const std::string& fn, void* data) { + if (fn.empty() || !data) { + return; + } + + struct stat sb; + if (stat(fn.c_str(), &sb) == -1) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); + return; + } + + int* size = reinterpret_cast<int*>(data); + *size += sb.st_size; +} + +// Deletes the stash directory and all files in it. Assumes that it only +// contains files. There is nothing we can do about unlikely, but possible +// errors, so they are merely logged. + +static void DeleteFile(const std::string& fn, void* /* data */) { + if (!fn.empty()) { + fprintf(stderr, "deleting %s\n", fn.c_str()); + + if (unlink(fn.c_str()) == -1 && errno != ENOENT) { + fprintf(stderr, "unlink \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); + } + } +} + +static void DeletePartial(const std::string& fn, void* data) { + if (android::base::EndsWith(fn, ".partial")) { + DeleteFile(fn, data); + } +} + +static void DeleteStash(const std::string& base) { + if (base.empty()) { + return; + } + + fprintf(stderr, "deleting stash %s\n", base.c_str()); + + std::string dirname = GetStashFileName(base, "", ""); + EnumerateStash(dirname, DeleteFile, nullptr); + + if (rmdir(dirname.c_str()) == -1) { + if (errno != ENOENT && errno != ENOTDIR) { + fprintf(stderr, "rmdir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + } + } +} + +static int LoadStash(const std::string& base, const std::string& id, bool verify, size_t* blocks, + std::vector<uint8_t>& buffer, bool printnoent) { + if (base.empty()) { + return -1; + } + + size_t blockcount = 0; + + if (!blocks) { + blocks = &blockcount; + } + + std::string fn = GetStashFileName(base, id, ""); + + struct stat sb; + int res = stat(fn.c_str(), &sb); + + if (res == -1) { + if (errno != ENOENT || printnoent) { + fprintf(stderr, "stat \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); + } + return -1; + } + + fprintf(stderr, " loading %s\n", fn.c_str()); + + if ((sb.st_size % BLOCKSIZE) != 0) { + fprintf(stderr, "%s size %" PRId64 " not multiple of block size %d", + fn.c_str(), static_cast<int64_t>(sb.st_size), BLOCKSIZE); + return -1; + } + + int fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_RDONLY)); + unique_fd fd_holder(fd); + + if (fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); + return -1; + } + + allocate(sb.st_size, buffer); + + if (read_all(fd, buffer, sb.st_size) == -1) { + return -1; + } + + *blocks = sb.st_size / BLOCKSIZE; + + if (verify && VerifyBlocks(id, buffer, *blocks, true) != 0) { + fprintf(stderr, "unexpected contents in %s\n", fn.c_str()); + DeleteFile(fn, nullptr); + return -1; + } + + return 0; +} + +static int WriteStash(const std::string& base, const std::string& id, int blocks, + std::vector<uint8_t>& buffer, bool checkspace, bool *exists) { + if (base.empty()) { + return -1; + } + + if (checkspace && CacheSizeCheck(blocks * BLOCKSIZE) != 0) { + fprintf(stderr, "not enough space to write stash\n"); + return -1; + } + + std::string fn = GetStashFileName(base, id, ".partial"); + std::string cn = GetStashFileName(base, id, ""); + + if (exists) { + struct stat sb; + int res = stat(cn.c_str(), &sb); + + if (res == 0) { + // The file already exists and since the name is the hash of the contents, + // it's safe to assume the contents are identical (accidental hash collisions + // are unlikely) + fprintf(stderr, " skipping %d existing blocks in %s\n", blocks, cn.c_str()); + *exists = true; + return 0; + } + + *exists = false; + } + + fprintf(stderr, " writing %d blocks to %s\n", blocks, cn.c_str()); + + int fd = TEMP_FAILURE_RETRY(open(fn.c_str(), O_WRONLY | O_CREAT | O_TRUNC, STASH_FILE_MODE)); + unique_fd fd_holder(fd); + + if (fd == -1) { + fprintf(stderr, "failed to create \"%s\": %s\n", fn.c_str(), strerror(errno)); + return -1; + } + + if (write_all(fd, buffer, blocks * BLOCKSIZE) == -1) { + return -1; + } + + if (ota_fsync(fd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", fn.c_str(), strerror(errno)); + return -1; + } + + if (rename(fn.c_str(), cn.c_str()) == -1) { + fprintf(stderr, "rename(\"%s\", \"%s\") failed: %s\n", fn.c_str(), cn.c_str(), + strerror(errno)); + return -1; + } + + std::string dname = GetStashFileName(base, "", ""); + int dfd = TEMP_FAILURE_RETRY(open(dname.c_str(), O_RDONLY | O_DIRECTORY)); + unique_fd dfd_holder(dfd); + + if (dfd == -1) { + fprintf(stderr, "failed to open \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); + return -1; + } + + if (ota_fsync(dfd) == -1) { + fprintf(stderr, "fsync \"%s\" failed: %s\n", dname.c_str(), strerror(errno)); + return -1; + } + + return 0; +} + +// Creates a directory for storing stash files and checks if the /cache partition +// hash enough space for the expected amount of blocks we need to store. Returns +// >0 if we created the directory, zero if it existed already, and <0 of failure. + +static int CreateStash(State* state, int maxblocks, const char* blockdev, std::string& base) { + if (blockdev == nullptr) { + return -1; + } + + // Stash directory should be different for each partition to avoid conflicts + // when updating multiple partitions at the same time, so we use the hash of + // the block device name as the base directory + uint8_t digest[SHA_DIGEST_LENGTH]; + SHA1(reinterpret_cast<const uint8_t*>(blockdev), strlen(blockdev), digest); + base = print_sha1(digest); + + std::string dirname = GetStashFileName(base, "", ""); + struct stat sb; + int res = stat(dirname.c_str(), &sb); + + if (res == -1 && errno != ENOENT) { + ErrorAbort(state, "stat \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + return -1; + } else if (res != 0) { + fprintf(stderr, "creating stash %s\n", dirname.c_str()); + res = mkdir(dirname.c_str(), STASH_DIRECTORY_MODE); + + if (res != 0) { + ErrorAbort(state, "mkdir \"%s\" failed: %s\n", dirname.c_str(), strerror(errno)); + return -1; + } + + if (CacheSizeCheck(maxblocks * BLOCKSIZE) != 0) { + ErrorAbort(state, "not enough space for stash\n"); + return -1; + } + + return 1; // Created directory + } + + fprintf(stderr, "using existing stash %s\n", dirname.c_str()); + + // If the directory already exists, calculate the space already allocated to + // stash files and check if there's enough for all required blocks. Delete any + // partially completed stash files first. + + EnumerateStash(dirname, DeletePartial, nullptr); + int size = 0; + EnumerateStash(dirname, UpdateFileSize, &size); + + size = maxblocks * BLOCKSIZE - size; + + if (size > 0 && CacheSizeCheck(size) != 0) { + ErrorAbort(state, "not enough space for stash (%d more needed)\n", size); + return -1; + } + + return 0; // Using existing directory +} + +static int SaveStash(CommandParameters& params, const std::string& base, + std::vector<uint8_t>& buffer, int fd, bool usehash) { + + // <stash_id> <src_range> + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "missing id and/or src range fields in stash command\n"); + return -1; + } + const std::string& id = params.tokens[params.cpos++]; + + size_t blocks = 0; + if (usehash && LoadStash(base, id, true, &blocks, buffer, false) == 0) { + // Stash file already exists and has expected contents. Do not + // read from source again, as the source may have been already + // overwritten during a previous attempt. + return 0; + } + + RangeSet src; + parse_range(params.tokens[params.cpos++], src); + + allocate(src.size * BLOCKSIZE, buffer); + if (ReadBlocks(src, buffer, fd) == -1) { + return -1; + } + blocks = src.size; + + if (usehash && VerifyBlocks(id, buffer, blocks, true) != 0) { + // Source blocks have unexpected contents. If we actually need this + // data later, this is an unrecoverable error. However, the command + // that uses the data may have already completed previously, so the + // possible failure will occur during source block verification. + fprintf(stderr, "failed to load source blocks for stash %s\n", id.c_str()); + return 0; + } + + fprintf(stderr, "stashing %zu blocks to %s\n", blocks, id.c_str()); + return WriteStash(base, id, blocks, buffer, false, nullptr); +} + +static int FreeStash(const std::string& base, const std::string& id) { + if (base.empty() || id.empty()) { + return -1; + } + + std::string fn = GetStashFileName(base, id, ""); + DeleteFile(fn, nullptr); + + return 0; +} + +static void MoveRange(std::vector<uint8_t>& dest, const RangeSet& locs, + const std::vector<uint8_t>& source) { + // source contains packed data, which we want to move to the + // locations given in locs in the dest buffer. source and dest + // may be the same buffer. + + const uint8_t* from = source.data(); + uint8_t* to = dest.data(); + size_t start = locs.size; + for (int i = locs.count-1; i >= 0; --i) { + size_t blocks = locs.pos[i*2+1] - locs.pos[i*2]; + start -= blocks; + memmove(to + (locs.pos[i*2] * BLOCKSIZE), from + (start * BLOCKSIZE), + blocks * BLOCKSIZE); + } +} + +// Do a source/target load for move/bsdiff/imgdiff in version 2. +// We expect to parse the remainder of the parameter tokens as one of: +// +// <tgt_range> <src_block_count> <src_range> +// (loads data from source image only) +// +// <tgt_range> <src_block_count> - <[stash_id:stash_range] ...> +// (loads data from stashes only) +// +// <tgt_range> <src_block_count> <src_range> <src_loc> <[stash_id:stash_range] ...> +// (loads data from both source image and stashes) +// +// On return, buffer is filled with the loaded source data (rearranged +// and combined with stashed data as necessary). buffer may be +// reallocated if needed to accommodate the source data. *tgt is the +// target RangeSet. Any stashes required are loaded using LoadStash. + +static int LoadSrcTgtVersion2(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, + std::vector<uint8_t>& buffer, int fd, const std::string& stashbase, bool* overlap) { + + // At least it needs to provide three parameters: <tgt_range>, + // <src_block_count> and "-"/<src_range>. + if (params.cpos + 2 >= params.tokens.size()) { + fprintf(stderr, "invalid parameters\n"); + return -1; + } + + // <tgt_range> + parse_range(params.tokens[params.cpos++], tgt); + + // <src_block_count> + const std::string& token = params.tokens[params.cpos++]; + if (!android::base::ParseUint(token.c_str(), &src_blocks)) { + fprintf(stderr, "invalid src_block_count \"%s\"\n", token.c_str()); + return -1; + } + + allocate(src_blocks * BLOCKSIZE, buffer); + + // "-" or <src_range> [<src_loc>] + if (params.tokens[params.cpos] == "-") { + // no source ranges, only stashes + params.cpos++; + } else { + RangeSet src; + parse_range(params.tokens[params.cpos++], src); + int res = ReadBlocks(src, buffer, fd); + + if (overlap) { + *overlap = range_overlaps(src, tgt); + } + + if (res == -1) { + return -1; + } + + if (params.cpos >= params.tokens.size()) { + // no stashes, only source range + return 0; + } + + RangeSet locs; + parse_range(params.tokens[params.cpos++], locs); + MoveRange(buffer, locs, buffer); + } + + // <[stash_id:stash_range]> + while (params.cpos < params.tokens.size()) { + // Each word is a an index into the stash table, a colon, and + // then a rangeset describing where in the source block that + // stashed data should go. + std::vector<std::string> tokens = android::base::Split(params.tokens[params.cpos++], ":"); + if (tokens.size() != 2) { + fprintf(stderr, "invalid parameter\n"); + return -1; + } + + std::vector<uint8_t> stash; + int res = LoadStash(stashbase, tokens[0], false, nullptr, stash, true); + + if (res == -1) { + // These source blocks will fail verification if used later, but we + // will let the caller decide if this is a fatal failure + fprintf(stderr, "failed to load stash %s\n", tokens[0].c_str()); + continue; + } + + RangeSet locs; + parse_range(tokens[1], locs); + + MoveRange(buffer, locs, stash); + } + + return 0; +} + +// Do a source/target load for move/bsdiff/imgdiff in version 3. +// +// Parameters are the same as for LoadSrcTgtVersion2, except for 'onehash', which +// tells the function whether to expect separate source and targe block hashes, or +// if they are both the same and only one hash should be expected, and +// 'isunresumable', which receives a non-zero value if block verification fails in +// a way that the update cannot be resumed anymore. +// +// If the function is unable to load the necessary blocks or their contents don't +// match the hashes, the return value is -1 and the command should be aborted. +// +// If the return value is 1, the command has already been completed according to +// the contents of the target blocks, and should not be performed again. +// +// If the return value is 0, source blocks have expected content and the command +// can be performed. + +static int LoadSrcTgtVersion3(CommandParameters& params, RangeSet& tgt, size_t& src_blocks, + bool onehash, bool& overlap) { + + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing source hash\n"); + return -1; + } + + std::string srchash = params.tokens[params.cpos++]; + std::string tgthash; + + if (onehash) { + tgthash = srchash; + } else { + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing target hash\n"); + return -1; + } + tgthash = params.tokens[params.cpos++]; + } + + if (LoadSrcTgtVersion2(params, tgt, src_blocks, params.buffer, params.fd, params.stashbase, + &overlap) == -1) { + return -1; + } + + std::vector<uint8_t> tgtbuffer(tgt.size * BLOCKSIZE); + + if (ReadBlocks(tgt, tgtbuffer, params.fd) == -1) { + return -1; + } + + if (VerifyBlocks(tgthash, tgtbuffer, tgt.size, false) == 0) { + // Target blocks already have expected content, command should be skipped + return 1; + } + + if (VerifyBlocks(srchash, params.buffer, src_blocks, true) == 0) { + // If source and target blocks overlap, stash the source blocks so we can + // resume from possible write errors + if (overlap) { + fprintf(stderr, "stashing %zu overlapping blocks to %s\n", src_blocks, + srchash.c_str()); + + bool stash_exists = false; + if (WriteStash(params.stashbase, srchash, src_blocks, params.buffer, true, + &stash_exists) != 0) { + fprintf(stderr, "failed to stash overlapping source blocks\n"); + return -1; + } + + // Can be deleted when the write has completed + if (!stash_exists) { + params.freestash = srchash; + } + } + + // Source blocks have expected content, command can proceed + return 0; + } + + if (overlap && LoadStash(params.stashbase, srchash, true, nullptr, params.buffer, true) == 0) { + // Overlapping source blocks were previously stashed, command can proceed. + // We are recovering from an interrupted command, so we don't know if the + // stash can safely be deleted after this command. + return 0; + } + + // Valid source data not available, update cannot be resumed + fprintf(stderr, "partition has unexpected contents\n"); + params.isunresumable = true; + + return -1; +} + +static int PerformCommandMove(CommandParameters& params) { + size_t blocks = 0; + bool overlap = false; + int status = 0; + RangeSet tgt; + + if (params.version == 1) { + status = LoadSrcTgtVersion1(params, tgt, blocks, params.buffer, params.fd); + } else if (params.version == 2) { + status = LoadSrcTgtVersion2(params, tgt, blocks, params.buffer, params.fd, + params.stashbase, nullptr); + } else if (params.version >= 3) { + status = LoadSrcTgtVersion3(params, tgt, blocks, true, overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for move\n"); + return -1; + } + + if (status == 0) { + params.foundwrites = true; + } else if (params.foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params.cmdname); + } + + if (params.canwrite) { + if (status == 0) { + fprintf(stderr, " moving %zu blocks\n", blocks); + + if (WriteBlocks(tgt, params.buffer, params.fd) == -1) { + return -1; + } + } else { + fprintf(stderr, "skipping %zu already moved blocks\n", blocks); + } + + } + + if (!params.freestash.empty()) { + FreeStash(params.stashbase, params.freestash); + params.freestash.clear(); + } + + params.written += tgt.size; + + return 0; +} + +static int PerformCommandStash(CommandParameters& params) { + return SaveStash(params, params.stashbase, params.buffer, params.fd, + (params.version >= 3)); +} + +static int PerformCommandFree(CommandParameters& params) { + // <stash_id> + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing stash id in free command\n"); + return -1; + } + + if (params.createdstash || params.canwrite) { + return FreeStash(params.stashbase, params.tokens[params.cpos++]); + } + + return 0; +} + +static int PerformCommandZero(CommandParameters& params) { + + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing target blocks for zero\n"); + return -1; + } + + RangeSet tgt; + parse_range(params.tokens[params.cpos++], tgt); + + fprintf(stderr, " zeroing %zu blocks\n", tgt.size); + + allocate(BLOCKSIZE, params.buffer); + memset(params.buffer.data(), 0, BLOCKSIZE); + + if (params.canwrite) { + for (size_t i = 0; i < tgt.count; ++i) { + if (!check_lseek(params.fd, (off64_t) tgt.pos[i * 2] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + for (size_t j = tgt.pos[i * 2]; j < tgt.pos[i * 2 + 1]; ++j) { + if (write_all(params.fd, params.buffer, BLOCKSIZE) == -1) { + return -1; + } + } + } + } + + if (params.cmdname[0] == 'z') { + // Update only for the zero command, as the erase command will call + // this if DEBUG_ERASE is defined. + params.written += tgt.size; + } + + return 0; +} + +static int PerformCommandNew(CommandParameters& params) { + + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing target blocks for new\n"); + return -1; + } + + RangeSet tgt; + parse_range(params.tokens[params.cpos++], tgt); + + if (params.canwrite) { + fprintf(stderr, " writing %zu blocks of new data\n", tgt.size); + + RangeSinkState rss(tgt); + rss.fd = params.fd; + rss.p_block = 0; + rss.p_remain = (tgt.pos[1] - tgt.pos[0]) * BLOCKSIZE; + + if (!check_lseek(params.fd, (off64_t) tgt.pos[0] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + pthread_mutex_lock(¶ms.nti.mu); + params.nti.rss = &rss; + pthread_cond_broadcast(¶ms.nti.cv); + + while (params.nti.rss) { + pthread_cond_wait(¶ms.nti.cv, ¶ms.nti.mu); + } + + pthread_mutex_unlock(¶ms.nti.mu); + } + + params.written += tgt.size; + + return 0; +} + +static int PerformCommandDiff(CommandParameters& params) { + + // <offset> <length> + if (params.cpos + 1 >= params.tokens.size()) { + fprintf(stderr, "missing patch offset or length for %s\n", params.cmdname); + return -1; + } + + size_t offset; + if (!android::base::ParseUint(params.tokens[params.cpos++].c_str(), &offset)) { + fprintf(stderr, "invalid patch offset\n"); + return -1; + } + + size_t len; + if (!android::base::ParseUint(params.tokens[params.cpos++].c_str(), &len)) { + fprintf(stderr, "invalid patch offset\n"); + return -1; + } + + RangeSet tgt; + size_t blocks = 0; + bool overlap = false; + int status = 0; + if (params.version == 1) { + status = LoadSrcTgtVersion1(params, tgt, blocks, params.buffer, params.fd); + } else if (params.version == 2) { + status = LoadSrcTgtVersion2(params, tgt, blocks, params.buffer, params.fd, + params.stashbase, nullptr); + } else if (params.version >= 3) { + status = LoadSrcTgtVersion3(params, tgt, blocks, false, overlap); + } + + if (status == -1) { + fprintf(stderr, "failed to read blocks for diff\n"); + return -1; + } + + if (status == 0) { + params.foundwrites = true; + } else if (params.foundwrites) { + fprintf(stderr, "warning: commands executed out of order [%s]\n", params.cmdname); + } + + if (params.canwrite) { + if (status == 0) { + fprintf(stderr, "patching %zu blocks to %zu\n", blocks, tgt.size); + + Value patch_value; + patch_value.type = VAL_BLOB; + patch_value.size = len; + patch_value.data = (char*) (params.patch_start + offset); + + RangeSinkState rss(tgt); + rss.fd = params.fd; + rss.p_block = 0; + rss.p_remain = (tgt.pos[1] - tgt.pos[0]) * BLOCKSIZE; + + if (!check_lseek(params.fd, (off64_t) tgt.pos[0] * BLOCKSIZE, SEEK_SET)) { + return -1; + } + + if (params.cmdname[0] == 'i') { // imgdiff + ApplyImagePatch(params.buffer.data(), blocks * BLOCKSIZE, &patch_value, + &RangeSinkWrite, &rss, nullptr, nullptr); + } else { + ApplyBSDiffPatch(params.buffer.data(), blocks * BLOCKSIZE, &patch_value, 0, + &RangeSinkWrite, &rss, nullptr); + } + + // We expect the output of the patcher to fill the tgt ranges exactly. + if (rss.p_block != tgt.count || rss.p_remain != 0) { + fprintf(stderr, "range sink underrun?\n"); + } + } else { + fprintf(stderr, "skipping %zu blocks already patched to %zu [%s]\n", + blocks, tgt.size, params.cmdline); + } + } + + if (!params.freestash.empty()) { + FreeStash(params.stashbase, params.freestash); + params.freestash.clear(); + } + + params.written += tgt.size; + + return 0; +} + +static int PerformCommandErase(CommandParameters& params) { + if (DEBUG_ERASE) { + return PerformCommandZero(params); + } + + struct stat sb; + if (fstat(params.fd, &sb) == -1) { + fprintf(stderr, "failed to fstat device to erase: %s\n", strerror(errno)); + return -1; + } + + if (!S_ISBLK(sb.st_mode)) { + fprintf(stderr, "not a block device; skipping erase\n"); + return -1; + } + + if (params.cpos >= params.tokens.size()) { + fprintf(stderr, "missing target blocks for erase\n"); + return -1; + } + + RangeSet tgt; + parse_range(params.tokens[params.cpos++], tgt); + + if (params.canwrite) { + fprintf(stderr, " erasing %zu blocks\n", tgt.size); + + for (size_t i = 0; i < tgt.count; ++i) { + uint64_t blocks[2]; + // offset in bytes + blocks[0] = tgt.pos[i * 2] * (uint64_t) BLOCKSIZE; + // length in bytes + blocks[1] = (tgt.pos[i * 2 + 1] - tgt.pos[i * 2]) * (uint64_t) BLOCKSIZE; + + if (ioctl(params.fd, BLKDISCARD, &blocks) == -1) { + fprintf(stderr, "BLKDISCARD ioctl failed: %s\n", strerror(errno)); + return -1; + } + } + } + + return 0; +} + +// Definitions for transfer list command functions +typedef int (*CommandFunction)(CommandParameters&); + +struct Command { + const char* name; + CommandFunction f; +}; + +// CompareCommands and CompareCommandNames are for the hash table + +static int CompareCommands(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, ((const Command*) c2)->name); +} + +static int CompareCommandNames(const void* c1, const void* c2) { + return strcmp(((const Command*) c1)->name, (const char*) c2); +} + +// HashString is used to hash command names for the hash table + +static unsigned int HashString(const char *s) { + unsigned int hash = 0; + if (s) { + while (*s) { + hash = hash * 33 + *s++; + } + } + return hash; +} + +// args: +// - block device (or file) to modify in-place +// - transfer list (blob) +// - new data stream (filename within package.zip) +// - patch stream (filename within package.zip, must be uncompressed) + +static Value* PerformBlockImageUpdate(const char* name, State* state, int /* argc */, Expr* argv[], + const Command* commands, size_t cmdcount, bool dryrun) { + CommandParameters params; + memset(¶ms, 0, sizeof(params)); + params.canwrite = !dryrun; + + fprintf(stderr, "performing %s\n", dryrun ? "verification" : "update"); + + Value* blockdev_filename = nullptr; + Value* transfer_list_value = nullptr; + Value* new_data_fn = nullptr; + Value* patch_data_fn = nullptr; + if (ReadValueArgs(state, argv, 4, &blockdev_filename, &transfer_list_value, + &new_data_fn, &patch_data_fn) < 0) { + return StringValue(strdup("")); + } + std::unique_ptr<Value, decltype(&FreeValue)> blockdev_filename_holder(blockdev_filename, + FreeValue); + std::unique_ptr<Value, decltype(&FreeValue)> transfer_list_value_holder(transfer_list_value, + FreeValue); + std::unique_ptr<Value, decltype(&FreeValue)> new_data_fn_holder(new_data_fn, FreeValue); + std::unique_ptr<Value, decltype(&FreeValue)> patch_data_fn_holder(patch_data_fn, FreeValue); + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + return StringValue(strdup("")); + } + if (transfer_list_value->type != VAL_BLOB) { + ErrorAbort(state, "transfer_list argument to %s must be blob", name); + return StringValue(strdup("")); + } + if (new_data_fn->type != VAL_STRING) { + ErrorAbort(state, "new_data_fn argument to %s must be string", name); + return StringValue(strdup("")); + } + if (patch_data_fn->type != VAL_STRING) { + ErrorAbort(state, "patch_data_fn argument to %s must be string", name); + return StringValue(strdup("")); + } + + UpdaterInfo* ui = reinterpret_cast<UpdaterInfo*>(state->cookie); + + if (ui == nullptr) { + return StringValue(strdup("")); + } + + FILE* cmd_pipe = ui->cmd_pipe; + ZipArchive* za = ui->package_zip; + + if (cmd_pipe == nullptr || za == nullptr) { + return StringValue(strdup("")); + } + + const ZipEntry* patch_entry = mzFindZipEntry(za, patch_data_fn->data); + if (patch_entry == nullptr) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, patch_data_fn->data); + return StringValue(strdup("")); + } + + params.patch_start = ui->package_zip_addr + mzGetZipEntryOffset(patch_entry); + const ZipEntry* new_entry = mzFindZipEntry(za, new_data_fn->data); + if (new_entry == nullptr) { + fprintf(stderr, "%s(): no file \"%s\" in package", name, new_data_fn->data); + return StringValue(strdup("")); + } + + params.fd = TEMP_FAILURE_RETRY(open(blockdev_filename->data, O_RDWR)); + unique_fd fd_holder(params.fd); + + if (params.fd == -1) { + fprintf(stderr, "open \"%s\" failed: %s\n", blockdev_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + if (params.canwrite) { + params.nti.za = za; + params.nti.entry = new_entry; + + pthread_mutex_init(¶ms.nti.mu, nullptr); + pthread_cond_init(¶ms.nti.cv, nullptr); + pthread_attr_t attr; + pthread_attr_init(&attr); + pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); + + int error = pthread_create(¶ms.thread, &attr, unzip_new_data, ¶ms.nti); + if (error != 0) { + fprintf(stderr, "pthread_create failed: %s\n", strerror(error)); + return StringValue(strdup("")); + } + } + + // Copy all the lines in transfer_list_value into std::string for + // processing. + const std::string transfer_list(transfer_list_value->data, transfer_list_value->size); + std::vector<std::string> lines = android::base::Split(transfer_list, "\n"); + if (lines.size() < 2) { + ErrorAbort(state, "too few lines in the transfer list [%zd]\n", lines.size()); + return StringValue(strdup("")); + } + + // First line in transfer list is the version number + if (!android::base::ParseInt(lines[0].c_str(), ¶ms.version, 1, 4)) { + fprintf(stderr, "unexpected transfer list version [%s]\n", lines[0].c_str()); + return StringValue(strdup("")); + } + + fprintf(stderr, "blockimg version is %d\n", params.version); + + // Second line in transfer list is the total number of blocks we expect to write + int total_blocks; + if (!android::base::ParseInt(lines[1].c_str(), &total_blocks, 0)) { + ErrorAbort(state, "unexpected block count [%s]\n", lines[1].c_str()); + return StringValue(strdup("")); + } + + if (total_blocks == 0) { + return StringValue(strdup("t")); + } + + size_t start = 2; + if (params.version >= 2) { + if (lines.size() < 4) { + ErrorAbort(state, "too few lines in the transfer list [%zu]\n", lines.size()); + return StringValue(strdup("")); + } + + // Third line is how many stash entries are needed simultaneously + fprintf(stderr, "maximum stash entries %s\n", lines[2].c_str()); + + // Fourth line is the maximum number of blocks that will be stashed simultaneously + int stash_max_blocks; + if (!android::base::ParseInt(lines[3].c_str(), &stash_max_blocks, 0)) { + ErrorAbort(state, "unexpected maximum stash blocks [%s]\n", lines[3].c_str()); + return StringValue(strdup("")); + } + + int res = CreateStash(state, stash_max_blocks, blockdev_filename->data, params.stashbase); + if (res == -1) { + return StringValue(strdup("")); + } + + params.createdstash = res; + + start += 2; + } + + // Build a hash table of the available commands + HashTable* cmdht = mzHashTableCreate(cmdcount, nullptr); + std::unique_ptr<HashTable, decltype(&mzHashTableFree)> cmdht_holder(cmdht, mzHashTableFree); + + for (size_t i = 0; i < cmdcount; ++i) { + unsigned int cmdhash = HashString(commands[i].name); + mzHashTableLookup(cmdht, cmdhash, (void*) &commands[i], CompareCommands, true); + } + + int rc = -1; + + // Subsequent lines are all individual transfer commands + for (auto it = lines.cbegin() + start; it != lines.cend(); it++) { + const std::string& line_str(*it); + if (line_str.empty()) { + continue; + } + + params.tokens = android::base::Split(line_str, " "); + params.cpos = 0; + params.cmdname = params.tokens[params.cpos++].c_str(); + params.cmdline = line_str.c_str(); + + unsigned int cmdhash = HashString(params.cmdname); + const Command* cmd = reinterpret_cast<const Command*>(mzHashTableLookup(cmdht, cmdhash, + const_cast<char*>(params.cmdname), CompareCommandNames, + false)); + + if (cmd == nullptr) { + fprintf(stderr, "unexpected command [%s]\n", params.cmdname); + goto pbiudone; + } + + if (cmd->f != nullptr && cmd->f(params) == -1) { + fprintf(stderr, "failed to execute command [%s]\n", line_str.c_str()); + goto pbiudone; + } + + if (params.canwrite) { + if (ota_fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + goto pbiudone; + } + fprintf(cmd_pipe, "set_progress %.4f\n", (double) params.written / total_blocks); + fflush(cmd_pipe); + } + } + + if (params.canwrite) { + pthread_join(params.thread, nullptr); + + fprintf(stderr, "wrote %zu blocks; expected %d\n", params.written, total_blocks); + fprintf(stderr, "max alloc needed was %zu\n", params.buffer.size()); + + // Delete stash only after successfully completing the update, as it + // may contain blocks needed to complete the update later. + DeleteStash(params.stashbase); + } else { + fprintf(stderr, "verified partition contents; update may be resumed\n"); + } + + rc = 0; + +pbiudone: + if (ota_fsync(params.fd) == -1) { + fprintf(stderr, "fsync failed: %s\n", strerror(errno)); + } + // params.fd will be automatically closed because of the fd_holder above. + + // Only delete the stash if the update cannot be resumed, or it's + // a verification run and we created the stash. + if (params.isunresumable || (!params.canwrite && params.createdstash)) { + DeleteStash(params.stashbase); + } + + return StringValue(rc == 0 ? strdup("t") : strdup("")); +} + +// The transfer list is a text file containing commands to +// transfer data from one place to another on the target +// partition. We parse it and execute the commands in order: +// +// zero [rangeset] +// - fill the indicated blocks with zeros +// +// new [rangeset] +// - fill the blocks with data read from the new_data file +// +// erase [rangeset] +// - mark the given blocks as empty +// +// move <...> +// bsdiff <patchstart> <patchlen> <...> +// imgdiff <patchstart> <patchlen> <...> +// - read the source blocks, apply a patch (or not in the +// case of move), write result to target blocks. bsdiff or +// imgdiff specifies the type of patch; move means no patch +// at all. +// +// The format of <...> differs between versions 1 and 2; +// see the LoadSrcTgtVersion{1,2}() functions for a +// description of what's expected. +// +// stash <stash_id> <src_range> +// - (version 2+ only) load the given source range and stash +// the data in the given slot of the stash table. +// +// free <stash_id> +// - (version 3+ only) free the given stash data. +// +// The creator of the transfer list will guarantee that no block +// is read (ie, used as the source for a patch or move) after it +// has been written. +// +// In version 2, the creator will guarantee that a given stash is +// loaded (with a stash command) before it's used in a +// move/bsdiff/imgdiff command. +// +// Within one command the source and target ranges may overlap so +// in general we need to read the entire source into memory before +// writing anything to the target blocks. +// +// All the patch data is concatenated into one patch_data file in +// the update package. It must be stored uncompressed because we +// memory-map it in directly from the archive. (Since patches are +// already compressed, we lose very little by not compressing +// their concatenation.) +// +// In version 3, commands that read data from the partition (i.e. +// move/bsdiff/imgdiff/stash) have one or more additional hashes +// before the range parameters, which are used to check if the +// command has already been completed and verify the integrity of +// the source data. + +Value* BlockImageVerifyFn(const char* name, State* state, int argc, Expr* argv[]) { + // Commands which are not tested are set to nullptr to skip them completely + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", nullptr }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", nullptr }, + { "stash", PerformCommandStash }, + { "zero", nullptr } + }; + + // Perform a dry run without writing to test if an update can proceed + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), true); +} + +Value* BlockImageUpdateFn(const char* name, State* state, int argc, Expr* argv[]) { + const Command commands[] = { + { "bsdiff", PerformCommandDiff }, + { "erase", PerformCommandErase }, + { "free", PerformCommandFree }, + { "imgdiff", PerformCommandDiff }, + { "move", PerformCommandMove }, + { "new", PerformCommandNew }, + { "stash", PerformCommandStash }, + { "zero", PerformCommandZero } + }; + + return PerformBlockImageUpdate(name, state, argc, argv, commands, + sizeof(commands) / sizeof(commands[0]), false); +} + +Value* RangeSha1Fn(const char* name, State* state, int /* argc */, Expr* argv[]) { + Value* blockdev_filename; + Value* ranges; + + if (ReadValueArgs(state, argv, 2, &blockdev_filename, &ranges) < 0) { + return StringValue(strdup("")); + } + std::unique_ptr<Value, decltype(&FreeValue)> ranges_holder(ranges, FreeValue); + std::unique_ptr<Value, decltype(&FreeValue)> blockdev_filename_holder(blockdev_filename, + FreeValue); + + if (blockdev_filename->type != VAL_STRING) { + ErrorAbort(state, "blockdev_filename argument to %s must be string", name); + return StringValue(strdup("")); + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + return StringValue(strdup("")); + } + + int fd = open(blockdev_filename->data, O_RDWR); + unique_fd fd_holder(fd); + if (fd < 0) { + ErrorAbort(state, "open \"%s\" failed: %s", blockdev_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + RangeSet rs; + parse_range(ranges->data, rs); + + SHA_CTX ctx; + SHA1_Init(&ctx); + + std::vector<uint8_t> buffer(BLOCKSIZE); + for (size_t i = 0; i < rs.count; ++i) { + if (!check_lseek(fd, (off64_t)rs.pos[i*2] * BLOCKSIZE, SEEK_SET)) { + ErrorAbort(state, "failed to seek %s: %s", blockdev_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + for (size_t j = rs.pos[i*2]; j < rs.pos[i*2+1]; ++j) { + if (read_all(fd, buffer, BLOCKSIZE) == -1) { + ErrorAbort(state, "failed to read %s: %s", blockdev_filename->data, + strerror(errno)); + return StringValue(strdup("")); + } + + SHA1_Update(&ctx, buffer.data(), BLOCKSIZE); + } + } + uint8_t digest[SHA_DIGEST_LENGTH]; + SHA1_Final(digest, &ctx); + + return StringValue(strdup(print_sha1(digest).c_str())); +} + +// This function checks if a device has been remounted R/W prior to an incremental +// OTA update. This is an common cause of update abortion. The function reads the +// 1st block of each partition and check for mounting time/count. It return string "t" +// if executes successfully and an empty string otherwise. + +Value* CheckFirstBlockFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* arg_filename; + + if (ReadValueArgs(state, argv, 1, &arg_filename) < 0) { + return nullptr; + } + std::unique_ptr<Value, decltype(&FreeValue)> filename(arg_filename, FreeValue); + + if (filename->type != VAL_STRING) { + ErrorAbort(state, "filename argument to %s must be string", name); + return StringValue(strdup("")); + } + + int fd = open(arg_filename->data, O_RDONLY); + unique_fd fd_holder(fd); + if (fd == -1) { + ErrorAbort(state, "open \"%s\" failed: %s", arg_filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + RangeSet blk0 {1 /*count*/, 1/*size*/, std::vector<size_t> {0, 1}/*position*/}; + std::vector<uint8_t> block0_buffer(BLOCKSIZE); + + if (ReadBlocks(blk0, block0_buffer, fd) == -1) { + ErrorAbort(state, "failed to read %s: %s", arg_filename->data, + strerror(errno)); + return StringValue(strdup("")); + } + + // https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout + // Super block starts from block 0, offset 0x400 + // 0x2C: len32 Mount time + // 0x30: len32 Write time + // 0x34: len16 Number of mounts since the last fsck + // 0x38: len16 Magic signature 0xEF53 + + time_t mount_time = *reinterpret_cast<uint32_t*>(&block0_buffer[0x400+0x2C]); + uint16_t mount_count = *reinterpret_cast<uint16_t*>(&block0_buffer[0x400+0x34]); + + if (mount_count > 0) { + uiPrintf(state, "Device was remounted R/W %d times\n", mount_count); + uiPrintf(state, "Last remount happened on %s", ctime(&mount_time)); + } + + return StringValue(strdup("t")); +} + + +Value* BlockImageRecoverFn(const char* name, State* state, int argc, Expr* argv[]) { + Value* arg_filename; + Value* arg_ranges; + + if (ReadValueArgs(state, argv, 2, &arg_filename, &arg_ranges) < 0) { + return NULL; + } + + std::unique_ptr<Value, decltype(&FreeValue)> filename(arg_filename, FreeValue); + std::unique_ptr<Value, decltype(&FreeValue)> ranges(arg_ranges, FreeValue); + + if (filename->type != VAL_STRING) { + ErrorAbort(state, "filename argument to %s must be string", name); + return StringValue(strdup("")); + } + if (ranges->type != VAL_STRING) { + ErrorAbort(state, "ranges argument to %s must be string", name); + return StringValue(strdup("")); + } + + // Output notice to log when recover is attempted + fprintf(stderr, "%s image corrupted, attempting to recover...\n", filename->data); + + // When opened with O_RDWR, libfec rewrites corrupted blocks when they are read + fec::io fh(filename->data, O_RDWR); + + if (!fh) { + ErrorAbort(state, "fec_open \"%s\" failed: %s", filename->data, strerror(errno)); + return StringValue(strdup("")); + } + + if (!fh.has_ecc() || !fh.has_verity()) { + ErrorAbort(state, "unable to use metadata to correct errors"); + return StringValue(strdup("")); + } + + fec_status status; + + if (!fh.get_status(status)) { + ErrorAbort(state, "failed to read FEC status"); + return StringValue(strdup("")); + } + + RangeSet rs; + parse_range(ranges->data, rs); + + uint8_t buffer[BLOCKSIZE]; + + for (size_t i = 0; i < rs.count; ++i) { + for (size_t j = rs.pos[i * 2]; j < rs.pos[i * 2 + 1]; ++j) { + // Stay within the data area, libfec validates and corrects metadata + if (status.data_size <= (uint64_t)j * BLOCKSIZE) { + continue; + } + + if (fh.pread(buffer, BLOCKSIZE, (off64_t)j * BLOCKSIZE) != BLOCKSIZE) { + ErrorAbort(state, "failed to recover %s (block %zu): %s", filename->data, + j, strerror(errno)); + return StringValue(strdup("")); + } + + // If we want to be able to recover from a situation where rewriting a corrected + // block doesn't guarantee the same data will be returned when re-read later, we + // can save a copy of corrected blocks to /cache. Note: + // + // 1. Maximum space required from /cache is the same as the maximum number of + // corrupted blocks we can correct. For RS(255, 253) and a 2 GiB partition, + // this would be ~16 MiB, for example. + // + // 2. To find out if this block was corrupted, call fec_get_status after each + // read and check if the errors field value has increased. + } + } + fprintf(stderr, "...%s image recovered successfully.\n", filename->data); + return StringValue(strdup("t")); +} + +void RegisterBlockImageFunctions() { + RegisterFunction("block_image_verify", BlockImageVerifyFn); + RegisterFunction("block_image_update", BlockImageUpdateFn); + RegisterFunction("block_image_recover", BlockImageRecoverFn); + RegisterFunction("check_first_block", CheckFirstBlockFn); + RegisterFunction("range_sha1", RangeSha1Fn); +} |