commit 336368067860005cf0d508a7e22ae6293ca0e95b
author Zimuzo Ezeozue <zezeozue@google.com> Wed Aug 28 16:27:02 2019 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Aug 28 16:27:02 2019 +0000
tree b756776daa88154563673dc4059dd854bcaf5ffd
parent bb01c051151a01d6cb4f819a3ced1c029dc3be07
parent 3623a212e305f022a2fe279a4c13ec2a6513d6e7

Merge "Mount /dev/fuse on /mnt/user/<userid>/<volumeid>"

Checkpoint.cpp

diff --git a/Checkpoint.cpp b/Checkpoint.cpp
index 362c823..e5ef4a2 100644
--- a/Checkpoint.cpp
+++ b/Checkpoint.cpp
@@ -144,9 +144,15 @@
 namespace {
 
 volatile bool isCheckpointing = false;
+
+// Protects isCheckpointing and code that makes decisions based on status of
+// isCheckpointing
+std::mutex isCheckpointingLock;
 }
 
 Status cp_commitChanges() {
+    std::lock_guard<std::mutex> lock(isCheckpointingLock);
+
     if (!isCheckpointing) {
         return Status::ok();
     }
@@ -257,10 +263,16 @@
 }
 
 bool cp_needsCheckpoint() {
+    // Make sure we only return true during boot. See b/138952436 for discussion
+    static bool called_once = false;
+    if (called_once) return isCheckpointing;
+    called_once = true;
+
     bool ret;
     std::string content;
     sp<IBootControl> module = IBootControl::getService();
 
+    std::lock_guard<std::mutex> lock(isCheckpointingLock);
     if (isCheckpointing) return isCheckpointing;
 
     if (module && module->isSlotMarkedSuccessful(module->getCurrentSlot()) == BoolResult::FALSE) {
@@ -330,6 +342,7 @@
 }  // namespace
 
 Status cp_prepareCheckpoint() {
+    std::lock_guard<std::mutex> lock(isCheckpointingLock);
     if (!isCheckpointing) {
         return Status::ok();
     }

MetadataCrypt.cpp

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index bff38b2..abcf6db 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -153,7 +153,7 @@
 
 static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
                                   const std::string& real_blkdev, const KeyBuffer& key,
-                                  std::string* crypto_blkdev) {
+                                  std::string* crypto_blkdev, bool set_dun) {
     auto& dm = DeviceMapper::Instance();
 
     KeyBuffer hex_key_buffer;
@@ -164,7 +164,7 @@
     std::string hex_key(hex_key_buffer.data(), hex_key_buffer.size());
 
     DmTable table;
-    table.Emplace<DmTargetDefaultKey>(0, nr_sec, "AES-256-XTS", hex_key, real_blkdev, 0);
+    table.Emplace<DmTargetDefaultKey>(0, nr_sec, "AES-256-XTS", hex_key, real_blkdev, 0, set_dun);
 
     for (int i = 0;; i++) {
         if (dm.CreateDevice(dm_name, table)) {
@@ -203,8 +203,14 @@
     if (!read_key(*data_rec, needs_encrypt, &key)) return false;
     uint64_t nr_sec;
     if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
+    bool set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
+    if (!set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
+        LOG(ERROR) << "Block checkpoints and metadata encryption require setdun option!";
+        return false;
+    }
+
     std::string crypto_blkdev;
-    if (!create_crypto_blk_dev(kDmNameUserdata, nr_sec, blk_device, key, &crypto_blkdev))
+    if (!create_crypto_blk_dev(kDmNameUserdata, nr_sec, blk_device, key, &crypto_blkdev, set_dun))
         return false;
 
     // FIXME handle the corrupt case

secdiscard.cpp

diff --git a/secdiscard.cpp b/secdiscard.cpp
index 0ff05d6..4659eed 100644
--- a/secdiscard.cpp
+++ b/secdiscard.cpp
@@ -147,6 +147,10 @@
             if (!overwrite_with_zeros(fs_fd.get(), range[0], range[1])) return false;
         }
     }
+    // Should wait for overwrites completion. Otherwise after unlink(),
+    // filesystem can allocate these blocks and IO can be reordered, resulting
+    // in making zero blocks to filesystem blocks.
+    fsync(fs_fd.get());
     return true;
 }