From 05aa93d251c2b5947d6e9e435561f753c039e09a Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Fri, 3 Dec 2021 12:01:03 +0800 Subject: [PATCH 01/93] ANDROID: vendor_hooks: Add hooks for binder proc transaction When binder transaction happened, We want to know it's transaction code and it is oneway or not. Bug: 208910215 Signed-off-by: Liujie Xie Change-Id: Ic03e5481e96e120a1953a101895714db04ca2bdf --- drivers/android/binder.c | 3 +++ drivers/android/vendor_hooks.c | 1 + include/trace/hooks/binder.h | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index c845c1f8a695..dabfb68c66e2 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2529,6 +2529,9 @@ static int binder_proc_transaction(struct binder_transaction *t, binder_enqueue_work_ilocked(&t->work, &node->async_todo); } + trace_android_vh_binder_proc_transaction_end(current, proc->tsk, + thread ? thread->task : NULL, t->code, pending_async, !oneway); + if (!pending_async) binder_wakeup_thread_ilocked(proc, thread, !oneway /* sync */); diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 17f42e726b55..3f6157a125c4 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -293,6 +293,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_trans); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_binder_transaction); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_preset); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_proc_transaction); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_proc_transaction_end); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_new_ref); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_del_ref); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_post_init_entity_util_avg); diff --git a/include/trace/hooks/binder.h b/include/trace/hooks/binder.h index 36a70248f5cf..16dd0a2a6514 100644 --- a/include/trace/hooks/binder.h +++ b/include/trace/hooks/binder.h @@ -64,6 +64,11 @@ DECLARE_HOOK(android_vh_binder_proc_transaction, struct task_struct *binder_th_task, int node_debug_id, unsigned int code, bool pending_async), TP_ARGS(caller_task, binder_proc_task, binder_th_task, node_debug_id, code, pending_async)); +DECLARE_HOOK(android_vh_binder_proc_transaction_end, + TP_PROTO(struct task_struct *caller_task, struct task_struct *binder_proc_task, + struct task_struct *binder_th_task, unsigned int code, + bool pending_async, bool sync), + TP_ARGS(caller_task, binder_proc_task, binder_th_task, code, pending_async, sync)); DECLARE_HOOK(android_vh_binder_new_ref, TP_PROTO(struct task_struct *proc, uint32_t ref_desc, int node_debug_id), TP_ARGS(proc, ref_desc, node_debug_id)); From 71f00d64c165bd8ff9f927be94a805d2cf6e5344 Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Mon, 6 Dec 2021 09:15:07 +0800 Subject: [PATCH 02/93] ANDROID: GKI: Update symbols to symbol list Update symbols to symbol list externed by oem modules. Leaf changes summary: 2 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable 1 Added function: [A] 'function int __traceiter_android_vh_binder_proc_transaction_end(void*, task_struct*, task_struct*, task_struct*, unsigned int, bool, bool)' 1 Added variable: [A] 'tracepoint __tracepoint_android_vh_binder_proc_transaction_end' Bug: 193384408 Signed-off-by: Liujie Xie Change-Id: Ifa86e945c159203f321f6bec22f7c6b75e1ed8cb --- android/abi_gki_aarch64.xml | 49 ++++++++++++++++++++++------------- android/abi_gki_aarch64_oplus | 2 ++ 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 37986a0c2b77..e1b6fe8384a7 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -370,6 +370,7 @@ + @@ -5813,6 +5814,7 @@ + @@ -115246,17 +115248,17 @@ - - - - + + + + - - - - - + + + + + @@ -115265,12 +115267,12 @@ - - - - - - + + + + + + @@ -115289,6 +115291,16 @@ + + + + + + + + + + @@ -116804,12 +116816,13 @@ - - + + - + + diff --git a/android/abi_gki_aarch64_oplus b/android/abi_gki_aarch64_oplus index 9afce39e651c..d1b0509ddd52 100644 --- a/android/abi_gki_aarch64_oplus +++ b/android/abi_gki_aarch64_oplus @@ -2590,6 +2590,7 @@ __traceiter_android_vh_binder_proc_transaction __traceiter_android_vh_binder_preset __traceiter_android_vh_binder_priority_skip + __traceiter_android_vh_binder_proc_transaction_end __traceiter_android_vh_binder_reply __traceiter_android_vh_binder_restore_priority __traceiter_android_vh_binder_set_priority @@ -2784,6 +2785,7 @@ __tracepoint_android_vh_binder_proc_transaction __tracepoint_android_vh_binder_preset __tracepoint_android_vh_binder_priority_skip + __tracepoint_android_vh_binder_proc_transaction_end __tracepoint_android_vh_binder_reply __tracepoint_android_vh_binder_restore_priority __tracepoint_android_vh_binder_set_priority From 28de74186185e339123c86984729818d0d2d7f43 Mon Sep 17 00:00:00 2001 From: zhengding chen Date: Wed, 1 Dec 2021 11:03:40 +0800 Subject: [PATCH 03/93] ANDROID: workqueue: export symbol of the function wq_worker_comm() Export symbol of the function wq_worker_comm() in kernel/workqueue.c for dlkm to get the description of the kworker process. Bug: 208394207 Signed-off-by: zhengding chen Change-Id: I2e7ddd52a15e22e99e6596f16be08243af1bb473 --- kernel/workqueue.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 6e15757cc073..4d09cece5cb9 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -4898,6 +4898,7 @@ void wq_worker_comm(char *buf, size_t size, struct task_struct *task) mutex_unlock(&wq_pool_attach_mutex); } +EXPORT_SYMBOL_GPL(wq_worker_comm); #ifdef CONFIG_SMP From 9e5446d7de8624a98069c6042daa3720d7387354 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Mon, 29 Nov 2021 10:36:12 -0800 Subject: [PATCH 04/93] FROMGIT: f2fs: show number of pending discard commands This information can be used to check how much time we need to give to issue all the discard commands. Bug: 206863097 Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim (cherry picked from commit fc4ae5492ca4afd7a8a9d261f4908b09f221d314 git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev) Change-Id: Ibd2f1d6c171f584ec9ca3817d9ea561db98f4693 --- Documentation/ABI/testing/sysfs-fs-f2fs | 5 +++++ fs/f2fs/sysfs.c | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-fs-f2fs b/Documentation/ABI/testing/sysfs-fs-f2fs index 3d1f853c6681..759a8291ff4a 100644 --- a/Documentation/ABI/testing/sysfs-fs-f2fs +++ b/Documentation/ABI/testing/sysfs-fs-f2fs @@ -113,6 +113,11 @@ Contact: "Jaegeuk Kim" Description: Set timeout to issue discard commands during umount. Default: 5 secs +What: /sys/fs/f2fs//pending_discard +Date: November 2021 +Contact: "Jaegeuk Kim" +Description: Shows the number of pending discard commands in the queue. + What: /sys/fs/f2fs//max_victim_search Date: January 2014 Contact: "Jaegeuk Kim" diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index 15fe30d3aeb5..78c6c67b43d7 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -117,6 +117,15 @@ static ssize_t sb_status_show(struct f2fs_attr *a, return sprintf(buf, "%lx\n", sbi->s_flag); } +static ssize_t pending_discard_show(struct f2fs_attr *a, + struct f2fs_sb_info *sbi, char *buf) +{ + if (!SM_I(sbi)->dcc_info) + return -EINVAL; + return sprintf(buf, "%llu\n", (unsigned long long)atomic_read( + &SM_I(sbi)->dcc_info->discard_cmd_cnt)); +} + static ssize_t features_show(struct f2fs_attr *a, struct f2fs_sb_info *sbi, char *buf) { @@ -713,6 +722,7 @@ F2FS_GENERAL_RO_ATTR(unusable); F2FS_GENERAL_RO_ATTR(encoding); F2FS_GENERAL_RO_ATTR(mounted_time_sec); F2FS_GENERAL_RO_ATTR(main_blkaddr); +F2FS_GENERAL_RO_ATTR(pending_discard); #ifdef CONFIG_F2FS_STAT_FS F2FS_STAT_ATTR(STAT_INFO, f2fs_stat_info, cp_foreground_calls, cp_count); F2FS_STAT_ATTR(STAT_INFO, f2fs_stat_info, cp_background_calls, bg_cp_count); @@ -778,6 +788,7 @@ static struct attribute *f2fs_attrs[] = { ATTR_LIST(main_blkaddr), ATTR_LIST(max_small_discards), ATTR_LIST(discard_granularity), + ATTR_LIST(pending_discard), ATTR_LIST(batched_trim_sections), ATTR_LIST(ipu_policy), ATTR_LIST(min_ipu_util), From 84881c68b172533d3b92ce4d323106db310f1c5e Mon Sep 17 00:00:00 2001 From: Jindong Yue Date: Tue, 30 Nov 2021 13:41:27 +0800 Subject: [PATCH 05/93] ANDROID: GKI: Export sched_clock_register clocksource driver may use sched_clock_register to resigter itself as a sched_clock source. Export it to support building such driver as module, like timer-imx-tpm.c Bug: 194108974 Signed-off-by: Jindong Yue Change-Id: Id23f3da624a1e70fc1a44daf6f827c03dc1d053d --- kernel/time/sched_clock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/time/sched_clock.c b/kernel/time/sched_clock.c index d5ab3fbc191c..6740dd02a402 100644 --- a/kernel/time/sched_clock.c +++ b/kernel/time/sched_clock.c @@ -150,8 +150,7 @@ static enum hrtimer_restart sched_clock_poll(struct hrtimer *hrt) return HRTIMER_RESTART; } -void __init -sched_clock_register(u64 (*read)(void), int bits, unsigned long rate) +void sched_clock_register(u64 (*read)(void), int bits, unsigned long rate) { u64 res, wrap, new_mask, new_epoch, cyc, ns; u32 new_mult, new_shift; @@ -225,6 +224,7 @@ sched_clock_register(u64 (*read)(void), int bits, unsigned long rate) pr_debug("Registered %pS as sched_clock source\n", read); } +EXPORT_SYMBOL_GPL(sched_clock_register); void __init generic_sched_clock_init(void) { From 80c1cef2d15078ea1edccba6e9320da7c4dbf6e5 Mon Sep 17 00:00:00 2001 From: Jindong Yue Date: Tue, 30 Nov 2021 13:42:25 +0800 Subject: [PATCH 06/93] ANDROID: GKI: Export clocksource_mmio_init Export clocksource_mmio_init and clocksource_mmio_readl_up to support building clocksource driver as module. Bug: 194108974 Signed-off-by: Jindong Yue Change-Id: I63bab35efa6ca2c8b0c6283f6d42c13db66568af --- drivers/clocksource/mmio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/clocksource/mmio.c b/drivers/clocksource/mmio.c index 9de751531831..826dcc42629c 100644 --- a/drivers/clocksource/mmio.c +++ b/drivers/clocksource/mmio.c @@ -21,6 +21,7 @@ u64 clocksource_mmio_readl_up(struct clocksource *c) { return (u64)readl_relaxed(to_mmio_clksrc(c)->reg); } +EXPORT_SYMBOL_GPL(clocksource_mmio_readl_up); u64 clocksource_mmio_readl_down(struct clocksource *c) { @@ -46,7 +47,7 @@ u64 clocksource_mmio_readw_down(struct clocksource *c) * @bits: Number of valid bits * @read: One of clocksource_mmio_read*() above */ -int __init clocksource_mmio_init(void __iomem *base, const char *name, +int clocksource_mmio_init(void __iomem *base, const char *name, unsigned long hz, int rating, unsigned bits, u64 (*read)(struct clocksource *)) { @@ -68,3 +69,4 @@ int __init clocksource_mmio_init(void __iomem *base, const char *name, return clocksource_register_hz(&cs->clksrc, hz); } +EXPORT_SYMBOL_GPL(clocksource_mmio_init); From 686cd3b2d83f17703d40013b5980c5f86788a74e Mon Sep 17 00:00:00 2001 From: Jindong Yue Date: Tue, 30 Nov 2021 10:52:01 +0800 Subject: [PATCH 07/93] ANDROID: ABI: Add symbols used by clocksource driver Export three symbols required by timer-imx-tpm.ko Leaf changes summary: 3 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 3 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 3 Added functions: [A] 'function int clocksource_mmio_init(void*, const char*, unsigned long int, int, unsigned int, long long unsigned int (clocksource*)*)' [A] 'function u64 clocksource_mmio_readl_up(clocksource*)' [A] 'function void sched_clock_register(long long unsigned int ()*, int, unsigned long int)' Bug: 194108974 Signed-off-by: Jindong Yue Change-Id: I123996fc08740d3e4bf242a1913b22ca83b2e2b9 --- android/abi_gki_aarch64.xml | 48 +++++++++++++++++++++++++++---------- android/abi_gki_aarch64_imx | 11 +++++---- 2 files changed, 43 insertions(+), 16 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index e1b6fe8384a7..05df1e0ec177 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -1050,6 +1050,8 @@ + + @@ -4223,6 +4225,7 @@ + @@ -6907,6 +6910,7 @@ + @@ -23291,7 +23295,7 @@ - + @@ -24514,6 +24518,7 @@ + @@ -30885,6 +30890,9 @@ + + + @@ -33566,7 +33574,7 @@ - + @@ -35808,6 +35816,10 @@ + + + + @@ -57831,7 +57843,7 @@ - + @@ -64894,9 +64906,6 @@ - - - @@ -75240,11 +75249,7 @@ - - - - - + @@ -112207,7 +112212,7 @@ - + @@ -119540,6 +119545,19 @@ + + + + + + + + + + + + + @@ -135874,6 +135892,12 @@ + + + + + + diff --git a/android/abi_gki_aarch64_imx b/android/abi_gki_aarch64_imx index d9b45b8fc993..fdff2573a2fc 100644 --- a/android/abi_gki_aarch64_imx +++ b/android/abi_gki_aarch64_imx @@ -67,6 +67,7 @@ clk_set_parent clk_set_rate clk_unprepare + clockevents_config_and_register complete complete_all completion_done @@ -590,6 +591,7 @@ of_alias_get_id of_clk_add_hw_provider of_clk_get + of_clk_get_by_name of_clk_hw_onecell_get of_count_phandle_with_args of_device_get_match_data @@ -911,6 +913,7 @@ tasklet_init tasklet_kill __tasklet_schedule + timer_of_init trace_event_buffer_commit trace_event_buffer_reserve trace_event_ignore_this_pid @@ -1822,7 +1825,6 @@ clk_unregister divider_get_val divider_recalc_rate - of_clk_get_by_name of_clk_get_from_provider # required by mxc-jpeg-encdec.ko @@ -2236,9 +2238,10 @@ dmabuf_page_pool_destroy dmabuf_page_pool_free -# required by timer-imx-sysctr.ko - clockevents_config_and_register - timer_of_init +# required by timer-imx-tpm.ko + clocksource_mmio_init + clocksource_mmio_readl_up + sched_clock_register # required by trusty-ipc.ko _copy_from_iter From 672d51b2a7fa01a15c9d55f33884808a115db18d Mon Sep 17 00:00:00 2001 From: Shuming Fan Date: Mon, 8 Feb 2021 17:40:42 -0600 Subject: [PATCH 08/93] UPSTREAM: ASoC: dapm: use component prefix when checking widget names commit ae4fc532244b3bb4d86c397418d980b0c6be1dfd upstream. On a TigerLake SoundWire platform, we see these warnings: [ 27.360086] rt5682 sdw:0:25d:5682:0: ASoC: DAPM unknown pin MICBIAS [ 27.360092] rt5682 sdw:0:25d:5682:0: ASoC: DAPM unknown pin Vref2 This is root-caused to the addition of a component prefix in the machine driver. The tests in soc-dapm should account for a prefix instead of reporting an invalid issue. Reported-by: Pierre-Louis Bossart Reviewed-by: Rander Wang Signed-off-by: Shuming Fan Signed-off-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20210208234043.59750-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown Signed-off-by: Robert Lee Signed-off-by: Greg Kroah-Hartman Change-Id: I058fc8542e520d99dfa93fb47f49b43228ef43c6 Signed-off-by: Robert Lee --- sound/soc/soc-dapm.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index 148c095df27b..f4b380d6aecf 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -2528,9 +2528,20 @@ static struct snd_soc_dapm_widget *dapm_find_widget( { struct snd_soc_dapm_widget *w; struct snd_soc_dapm_widget *fallback = NULL; + char prefixed_pin[80]; + const char *pin_name; + const char *prefix = soc_dapm_prefix(dapm); + + if (prefix) { + snprintf(prefixed_pin, sizeof(prefixed_pin), "%s %s", + prefix, pin); + pin_name = prefixed_pin; + } else { + pin_name = pin; + } for_each_card_widgets(dapm->card, w) { - if (!strcmp(w->name, pin)) { + if (!strcmp(w->name, pin_name)) { if (w->dapm == dapm) return w; else From f803f248dde6a9cbf9f077b5b2aa52bd51054644 Mon Sep 17 00:00:00 2001 From: zhengding chen Date: Tue, 7 Dec 2021 15:39:22 +0800 Subject: [PATCH 09/93] ANDROID: GKI: Update symbols to symbol list Update symbols to symbol list externed by oem modules. Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function void wq_worker_comm(char*, size_t, task_struct*)' Bug: 193384408 Signed-off-by: zhengding chen Change-Id: Ia1055f1b1df18a95cd40e5d5b45c5fe63a510e04 --- android/abi_gki_aarch64.xml | 69 +++++++++++++++++++---------------- android/abi_gki_aarch64_oplus | 1 + 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 05df1e0ec177..860642bcf517 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -5627,6 +5627,7 @@ + @@ -6910,7 +6911,6 @@ - @@ -23295,7 +23295,7 @@ - + @@ -24518,7 +24518,6 @@ - @@ -30890,9 +30889,6 @@ - - - @@ -33574,7 +33570,7 @@ - + @@ -35816,10 +35812,6 @@ - - - - @@ -57843,7 +57835,7 @@ - + @@ -64906,6 +64898,9 @@ + + + @@ -73814,12 +73809,12 @@ - + - + - + @@ -75249,7 +75244,11 @@ - + + + + + @@ -112212,7 +112211,7 @@ - + @@ -119545,13 +119544,13 @@ - - - - - - - + + + + + + + @@ -135892,10 +135891,10 @@ - - - - + + + + @@ -143140,12 +143139,18 @@ - - - - + + + + + + + + + + diff --git a/android/abi_gki_aarch64_oplus b/android/abi_gki_aarch64_oplus index d1b0509ddd52..ed7628dfcd28 100644 --- a/android/abi_gki_aarch64_oplus +++ b/android/abi_gki_aarch64_oplus @@ -3327,6 +3327,7 @@ woken_wake_function work_busy work_on_cpu + wq_worker_comm ww_mutex_lock ww_mutex_unlock __xa_alloc From ea4a92c6af783fb2111b57ed980cdbdc6e16e7a0 Mon Sep 17 00:00:00 2001 From: Pavankumar Kondeti Date: Mon, 6 Dec 2021 16:18:16 +0530 Subject: [PATCH 10/93] ANDROID: ABI: Add iio_write_channel_raw symbol Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function int iio_write_channel_raw(iio_channel*, int)' Bug: 209409867 Change-Id: I90c360591ce3a93f1de0b8a3cfa90839705f6680 Signed-off-by: Pavankumar Kondeti --- android/abi_gki_aarch64.xml | 6 ++++++ android/abi_gki_aarch64_qcom | 1 + 2 files changed, 7 insertions(+) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 860642bcf517..0d30dcf5aa73 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -2686,6 +2686,7 @@ + @@ -128077,6 +128078,11 @@ + + + + + diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index 9680a3058076..4edc8dfd52f7 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -1104,6 +1104,7 @@ idr_replace iio_channel_get_all iio_read_channel_processed + iio_write_channel_raw import_iovec in4_pton in6_pton From 709fde7c612f1d10676ce6b05f954ee4270f1532 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Mon, 29 Nov 2021 16:18:25 -0800 Subject: [PATCH 11/93] BACKPORT: usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect [Upstream commit fbcd13df1e78eb2ba83a3c160eefe2d6f574beaf] Stub from the spec: "4.5.2.2.4.2 Exiting from AttachWait.SNK State A Sink shall transition to Unattached.SNK when the state of both the CC1 and CC2 pins is SNK.Open for at least tPDDebounce. A DRP shall transition to Unattached.SRC when the state of both the CC1 and CC2 pins is SNK.Open for at least tPDDebounce." This change makes TCPM to wait in SNK_DEBOUNCED state until CC1 and CC2 pins is SNK.Open for at least tPDDebounce. Previously, TCPM resets the port if vbus is not present in PD_T_PS_SOURCE_ON. This causes TCPM to loop continuously when connected to a faulty power source that does not present vbus. Waiting in SNK_DEBOUNCED also ensures that TCPM is adherant to "4.5.2.2.4.2 Exiting from AttachWait.SNK State" requirements. [ 6169.280751] CC1: 0 -> 0, CC2: 0 -> 5 [state TOGGLING, polarity 0, connected] [ 6169.280759] state change TOGGLING -> SNK_ATTACH_WAIT [rev2 NONE_AMS] [ 6169.280771] pending state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED @ 170 ms [rev2 NONE_AMS] [ 6169.282427] CC1: 0 -> 0, CC2: 5 -> 5 [state SNK_ATTACH_WAIT, polarity 0, connected] [ 6169.450825] state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED [delayed 170 ms] [ 6169.450834] pending state change SNK_DEBOUNCED -> PORT_RESET @ 480 ms [rev2 NONE_AMS] [ 6169.930892] state change SNK_DEBOUNCED -> PORT_RESET [delayed 480 ms] [ 6169.931296] disable vbus discharge ret:0 [ 6169.931301] Setting usb_comm capable false [ 6169.932783] Setting voltage/current limit 0 mV 0 mA [ 6169.932802] polarity 0 [ 6169.933706] Requesting mux state 0, usb-role 0, orientation 0 [ 6169.936689] cc:=0 [ 6169.936812] pending state change PORT_RESET -> PORT_RESET_WAIT_OFF @ 100 ms [rev2 NONE_AMS] [ 6169.937157] CC1: 0 -> 0, CC2: 5 -> 0 [state PORT_RESET, polarity 0, disconnected] [ 6170.036880] state change PORT_RESET -> PORT_RESET_WAIT_OFF [delayed 100 ms] [ 6170.036890] state change PORT_RESET_WAIT_OFF -> SNK_UNATTACHED [rev2 NONE_AMS] [ 6170.036896] Start toggling [ 6170.041412] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected] [ 6170.042973] CC1: 0 -> 0, CC2: 0 -> 5 [state TOGGLING, polarity 0, connected] [ 6170.042976] state change TOGGLING -> SNK_ATTACH_WAIT [rev2 NONE_AMS] [ 6170.042981] pending state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED @ 170 ms [rev2 NONE_AMS] [ 6170.213014] state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED [delayed 170 ms] [ 6170.213019] pending state change SNK_DEBOUNCED -> PORT_RESET @ 480 ms [rev2 NONE_AMS] [ 6170.693068] state change SNK_DEBOUNCED -> PORT_RESET [delayed 480 ms] [ 6170.693304] disable vbus discharge ret:0 [ 6170.693308] Setting usb_comm capable false [ 6170.695193] Setting voltage/current limit 0 mV 0 mA [ 6170.695210] polarity 0 [ 6170.695990] Requesting mux state 0, usb-role 0, orientation 0 [ 6170.701896] cc:=0 [ 6170.702181] pending state change PORT_RESET -> PORT_RESET_WAIT_OFF @ 100 ms [rev2 NONE_AMS] [ 6170.703343] CC1: 0 -> 0, CC2: 5 -> 0 [state PORT_RESET, polarity 0, disconnected] Bug: 207285852 [badhri: Resolved minor conflict in drivers/usb/typec/tcpm/tcpm.c ] Fixes: f0690a25a140b8 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable@vger.kernel.org Acked-by: Heikki Krogerus Signed-off-by: Badhri Jagan Sridharan Link: https://lore.kernel.org/r/20211130001825.3142830-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman Change-Id: I6ed8e61bfc265a515e14efee67d035d8677eccda --- drivers/usb/typec/tcpm/tcpm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c2d6ae1fbed0..487e0c8b3e0f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4157,12 +4157,9 @@ static void run_state_machine(struct tcpm_port *port) 0); port->debouncing = false; } else { - /* Wait for VBUS, but not forever */ - tcpm_set_state(port, PORT_RESET, PD_T_PS_SOURCE_ON); port->debouncing = false; } break; - case SRC_TRY: port->try_src_count++; tcpm_set_cc(port, tcpm_rp_cc(port)); From 78ea29e5703b8d155a33bb7229d703a1ed50fab4 Mon Sep 17 00:00:00 2001 From: Jason Gunthorpe Date: Mon, 14 Dec 2020 19:05:48 -0800 Subject: [PATCH 12/93] UPSTREAM: mm/gup: remove the vma allocation from gup_longterm_locked() Long ago there wasn't a FOLL_LONGTERM flag so this DAX check was done by post-processing the VMA list. These days it is trivial to just check each VMA to see if it is DAX before processing it inside __get_user_pages() and return failure if a DAX VMA is encountered with FOLL_LONGTERM. Removing the allocation of the VMA list is a significant speed up for many call sites. Add an IS_ENABLED to vma_is_fsdax so that code generation is unchanged when DAX is compiled out. Remove the dummy version of __gup_longterm_locked() as !CONFIG_CMA already makes memalloc_nocma_save(), check_and_migrate_cma_pages(), and memalloc_nocma_restore() into a NOP. Bug: 209719897 Link: https://lkml.kernel.org/r/0-v1-5551df3ed12e+b8-gup_dax_speedup_jgg@nvidia.com Signed-off-by: Jason Gunthorpe Reviewed-by: Ira Weiny Cc: Dan Williams Cc: John Hubbard Cc: Pavel Tatashin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Minchan Kim (cherry picked from commit 52650c8b466bac399aec213c61d74bfe6f7af1a4) Change-Id: I8be099dc7b617916254c2650ff8a55a6b926a32e --- include/linux/fs.h | 2 +- mm/gup.c | 83 +++++++++------------------------------------- 2 files changed, 16 insertions(+), 69 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index b3b3d95eac2f..1da2b7cb35cc 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3285,7 +3285,7 @@ static inline bool vma_is_fsdax(struct vm_area_struct *vma) { struct inode *inode; - if (!vma->vm_file) + if (!IS_ENABLED(CONFIG_FS_DAX) || !vma->vm_file) return false; if (!vma_is_dax(vma)) return false; diff --git a/mm/gup.c b/mm/gup.c index b56d9748a102..54b0a694712e 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -948,6 +948,9 @@ static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags) if (gup_flags & FOLL_ANON && !vma_is_anonymous(vma)) return -EFAULT; + if ((gup_flags & FOLL_LONGTERM) && vma_is_fsdax(vma)) + return -EOPNOTSUPP; + if (write) { if (!(vm_flags & VM_WRITE)) { if (!(gup_flags & FOLL_FORCE)) @@ -1085,10 +1088,14 @@ static long __get_user_pages(struct mm_struct *mm, goto next_page; } - if (!vma || check_vma_flags(vma, gup_flags)) { + if (!vma) { ret = -EFAULT; goto out; } + ret = check_vma_flags(vma, gup_flags); + if (ret) + goto out; + if (is_vm_hugetlb_page(vma)) { i = follow_hugetlb_page(mm, vma, pages, vmas, &start, &nr_pages, i, @@ -1592,26 +1599,6 @@ struct page *get_dump_page(unsigned long addr) } #endif /* CONFIG_ELF_CORE */ -#if defined(CONFIG_FS_DAX) || defined (CONFIG_CMA) -static bool check_dax_vmas(struct vm_area_struct **vmas, long nr_pages) -{ - long i; - struct vm_area_struct *vma_prev = NULL; - - for (i = 0; i < nr_pages; i++) { - struct vm_area_struct *vma = vmas[i]; - - if (vma == vma_prev) - continue; - - vma_prev = vma; - - if (vma_is_fsdax(vma)) - return true; - } - return false; -} - #ifdef CONFIG_CMA static long check_and_migrate_cma_pages(struct mm_struct *mm, unsigned long start, @@ -1730,63 +1717,23 @@ static long __gup_longterm_locked(struct mm_struct *mm, struct vm_area_struct **vmas, unsigned int gup_flags) { - struct vm_area_struct **vmas_tmp = vmas; unsigned long flags = 0; - long rc, i; + long rc; - if (gup_flags & FOLL_LONGTERM) { - if (!pages) - return -EINVAL; - - if (!vmas_tmp) { - vmas_tmp = kcalloc(nr_pages, - sizeof(struct vm_area_struct *), - GFP_KERNEL); - if (!vmas_tmp) - return -ENOMEM; - } + if (gup_flags & FOLL_LONGTERM) flags = memalloc_nocma_save(); - } - rc = __get_user_pages_locked(mm, start, nr_pages, pages, - vmas_tmp, NULL, gup_flags); + rc = __get_user_pages_locked(mm, start, nr_pages, pages, vmas, NULL, + gup_flags); if (gup_flags & FOLL_LONGTERM) { - if (rc < 0) - goto out; - - if (check_dax_vmas(vmas_tmp, rc)) { - if (gup_flags & FOLL_PIN) - unpin_user_pages(pages, rc); - else - for (i = 0; i < rc; i++) - put_page(pages[i]); - rc = -EOPNOTSUPP; - goto out; - } - - rc = check_and_migrate_cma_pages(mm, start, rc, pages, - vmas_tmp, gup_flags); -out: + if (rc > 0) + rc = check_and_migrate_cma_pages(mm, start, rc, pages, + vmas, gup_flags); memalloc_nocma_restore(flags); } - - if (vmas_tmp != vmas) - kfree(vmas_tmp); return rc; } -#else /* !CONFIG_FS_DAX && !CONFIG_CMA */ -static __always_inline long __gup_longterm_locked(struct mm_struct *mm, - unsigned long start, - unsigned long nr_pages, - struct page **pages, - struct vm_area_struct **vmas, - unsigned int flags) -{ - return __get_user_pages_locked(mm, start, nr_pages, pages, vmas, - NULL, flags); -} -#endif /* CONFIG_FS_DAX || CONFIG_CMA */ static bool is_valid_gup_flags(unsigned int gup_flags) { From 81b6ea435ee856098765df50c308f8b8cbda4d30 Mon Sep 17 00:00:00 2001 From: Mike Tipton Date: Mon, 8 Nov 2021 20:34:38 -0800 Subject: [PATCH 13/93] FROMGIT: clk: Don't parent clks until the parent is fully registered Before commit fc0c209c147f ("clk: Allow parents to be specified without string names") child clks couldn't find their parent until the parent clk was added to a list in __clk_core_init(). After that commit, child clks can reference their parent clks directly via a clk_hw pointer, or they can lookup that clk_hw pointer via DT if the parent clk is registered with an OF clk provider. The common clk framework treats hw->core being non-NULL as "the clk is registered" per the logic within clk_core_fill_parent_index(): parent = entry->hw->core; /* * We have a direct reference but it isn't registered yet? * Orphan it and let clk_reparent() update the orphan status * when the parent is registered. */ if (!parent) Therefore we need to be extra careful to not set hw->core until the clk is fully registered with the clk framework. Otherwise we can get into a situation where a child finds a parent clk and we move the child clk off the orphan list when the parent isn't actually registered, wrecking our enable accounting and breaking critical clks. Consider the following scenario: CPU0 CPU1 ---- ---- struct clk_hw clkBad; struct clk_hw clkA; clkA.init.parent_hws = { &clkBad }; clk_hw_register(&clkA) clk_hw_register(&clkBad) ... __clk_register() hw->core = core ... __clk_register() __clk_core_init() clk_prepare_lock() __clk_init_parent() clk_core_get_parent_by_index() clk_core_fill_parent_index() if (entry->hw) { parent = entry->hw->core; At this point, 'parent' points to clkBad even though clkBad hasn't been fully registered yet. Ouch! A similar problem can happen if a clk controller registers orphan clks that are referenced in the DT node of another clk controller. Let's fix all this by only setting the hw->core pointer underneath the clk prepare lock in __clk_core_init(). This way we know that clk_core_fill_parent_index() can't see hw->core be non-NULL until the clk is fully registered. Fixes: fc0c209c147f ("clk: Allow parents to be specified without string names") Signed-off-by: Mike Tipton Link: https://lore.kernel.org/r/20211109043438.4639-1-quic_mdtipton@quicinc.com [sboyd@kernel.org: Reword commit text, update comment] Signed-off-by: Stephen Boyd Bug: 208605820 (cherry picked from commit 54baf56eaa40aa5cdcd02b3c20d593e4e1211220 https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git clk-next) Change-Id: Iee7ea8a1ba3a95a4985c2e689bcc4484c33153f1 Signed-off-by: Mike Tipton --- drivers/clk/clk.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index f047d33d765c..411ca7a1c088 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -3469,6 +3469,14 @@ static int __clk_core_init(struct clk_core *core) clk_prepare_lock(); + /* + * Set hw->core after grabbing the prepare_lock to synchronize with + * callers of clk_core_fill_parent_index() where we treat hw->core + * being NULL as the clk not being registered yet. This is crucial so + * that clks aren't parented until their parent is fully registered. + */ + core->hw->core = core; + ret = clk_pm_runtime_get(core); if (ret) goto unlock; @@ -3640,8 +3648,10 @@ static int __clk_core_init(struct clk_core *core) out: clk_pm_runtime_put(core); unlock: - if (ret) + if (ret) { hlist_del_init(&core->child_node); + core->hw->core = NULL; + } clk_prepare_unlock(); @@ -3905,7 +3915,6 @@ __clk_register(struct device *dev, struct device_node *np, struct clk_hw *hw) core->num_parents = init->num_parents; core->min_rate = 0; core->max_rate = ULONG_MAX; - hw->core = core; ret = clk_core_populate_parent_map(core, init); if (ret) @@ -3923,7 +3932,7 @@ __clk_register(struct device *dev, struct device_node *np, struct clk_hw *hw) goto fail_create_clk; } - clk_core_link_consumer(hw->core, hw->clk); + clk_core_link_consumer(core, hw->clk); ret = __clk_core_init(core); if (!ret) From ddea17081f80af8ec1c9247f9b88579530e873ea Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 1 Dec 2021 19:35:01 +0100 Subject: [PATCH 14/93] UPSTREAM: HID: add hid_is_usb() function to make it simpler for USB detection A number of HID drivers already call hid_is_using_ll_driver() but only for the detection of if this is a USB device or not. Make this more obvious by creating hid_is_usb() and calling the function that way. Also converts the existing hid_is_using_ll_driver() functions to use the new call. Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: linux-input@vger.kernel.org Cc: stable@vger.kernel.org Tested-by: Benjamin Tissoires Signed-off-by: Greg Kroah-Hartman Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211201183503.2373082-1-gregkh@linuxfoundation.org (cherry picked from commit f83baa0cb6cfc92ebaf7f9d3a99d7e34f2e77a8a) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: Ibfa4252d4b6501a09a997bb9efbab46fae3fd1dc --- drivers/hid/hid-asus.c | 6 ++---- drivers/hid/hid-logitech-dj.c | 2 +- drivers/hid/hid-u2fzero.c | 2 +- drivers/hid/hid-uclogic-params.c | 3 +-- drivers/hid/wacom_sys.c | 2 +- include/linux/hid.h | 5 +++++ 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index c183caf89d49..f85c6e3309a0 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -918,8 +918,7 @@ static int asus_probe(struct hid_device *hdev, const struct hid_device_id *id) if (drvdata->quirks & QUIRK_IS_MULTITOUCH) drvdata->tp = &asus_i2c_tp; - if ((drvdata->quirks & QUIRK_T100_KEYBOARD) && - hid_is_using_ll_driver(hdev, &usb_hid_driver)) { + if ((drvdata->quirks & QUIRK_T100_KEYBOARD) && hid_is_usb(hdev)) { struct usb_interface *intf = to_usb_interface(hdev->dev.parent); if (intf->altsetting->desc.bInterfaceNumber == T100_TPAD_INTF) { @@ -947,8 +946,7 @@ static int asus_probe(struct hid_device *hdev, const struct hid_device_id *id) drvdata->tp = &asus_t100chi_tp; } - if ((drvdata->quirks & QUIRK_MEDION_E1239T) && - hid_is_using_ll_driver(hdev, &usb_hid_driver)) { + if ((drvdata->quirks & QUIRK_MEDION_E1239T) && hid_is_usb(hdev)) { struct usb_host_interface *alt = to_usb_interface(hdev->dev.parent)->altsetting; diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c index 271bd8d24339..a311b0a33eba 100644 --- a/drivers/hid/hid-logitech-dj.c +++ b/drivers/hid/hid-logitech-dj.c @@ -1693,7 +1693,7 @@ static int logi_dj_probe(struct hid_device *hdev, case recvr_type_27mhz: no_dj_interfaces = 2; break; case recvr_type_bluetooth: no_dj_interfaces = 2; break; } - if (hid_is_using_ll_driver(hdev, &usb_hid_driver)) { + if (hid_is_usb(hdev)) { intf = to_usb_interface(hdev->dev.parent); if (intf && intf->altsetting->desc.bInterfaceNumber >= no_dj_interfaces) { diff --git a/drivers/hid/hid-u2fzero.c b/drivers/hid/hid-u2fzero.c index 95e0807878c7..6f107e35d8a4 100644 --- a/drivers/hid/hid-u2fzero.c +++ b/drivers/hid/hid-u2fzero.c @@ -286,7 +286,7 @@ static int u2fzero_probe(struct hid_device *hdev, unsigned int minor; int ret; - if (!hid_is_using_ll_driver(hdev, &usb_hid_driver)) + if (!hid_is_usb(hdev)) return -EINVAL; dev = devm_kzalloc(&hdev->dev, sizeof(*dev), GFP_KERNEL); diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c index d26d8cd98efc..dd05bed4ca53 100644 --- a/drivers/hid/hid-uclogic-params.c +++ b/drivers/hid/hid-uclogic-params.c @@ -841,8 +841,7 @@ int uclogic_params_init(struct uclogic_params *params, struct uclogic_params p = {0, }; /* Check arguments */ - if (params == NULL || hdev == NULL || - !hid_is_using_ll_driver(hdev, &usb_hid_driver)) { + if (params == NULL || hdev == NULL || !hid_is_usb(hdev)) { rc = -EINVAL; goto cleanup; } diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index 73dafa60080f..e94ec84aec6a 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -2217,7 +2217,7 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix) if ((features->type == HID_GENERIC) && !strcmp("Wacom HID", features->name)) { char *product_name = wacom->hdev->name; - if (hid_is_using_ll_driver(wacom->hdev, &usb_hid_driver)) { + if (hid_is_usb(wacom->hdev)) { struct usb_interface *intf = to_usb_interface(wacom->hdev->dev.parent); struct usb_device *dev = interface_to_usbdev(intf); product_name = dev->product; diff --git a/include/linux/hid.h b/include/linux/hid.h index 6ed2a97eb55f..fc56d53cc68b 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -833,6 +833,11 @@ static inline bool hid_is_using_ll_driver(struct hid_device *hdev, return hdev->ll_driver == driver; } +static inline bool hid_is_usb(struct hid_device *hdev) +{ + return hid_is_using_ll_driver(hdev, &usb_hid_driver); +} + #define PM_HINT_FULLON 1<<5 #define PM_HINT_NORMAL 1<<1 From a4909c90b75df36c04c3ec0f3081e6609ead4730 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 3 Dec 2021 09:12:31 +0100 Subject: [PATCH 15/93] UPSTREAM: HID: add USB_HID dependancy to hid-prodikeys The prodikeys HID driver only controls USB devices, yet did not have a dependancy on USB_HID. This causes build errors on some configurations like nios2 when building due to new changes to the prodikeys driver. Reported-by: kernel test robot Cc: stable@vger.kernel.org Cc: Jiri Kosina Cc: Benjamin Tissoires Signed-off-by: Greg Kroah-Hartman Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211203081231.2856936-1-gregkh@linuxfoundation.org (cherry picked from commit 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: Ifbff6c7522a684fab6974565570a92e61651ae0a --- drivers/hid/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig index a347368ecaef..bc3b56d14aa3 100644 --- a/drivers/hid/Kconfig +++ b/drivers/hid/Kconfig @@ -245,7 +245,7 @@ config HID_MACALLY config HID_PRODIKEYS tristate "Prodikeys PC-MIDI Keyboard support" - depends on HID && SND + depends on USB_HID && SND select SND_RAWMIDI help Support for Prodikeys PC-MIDI Keyboard device support. From 8219b106a380a282d6c6cdbd01d7eda8187e89b9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 3 Dec 2021 08:59:27 +0100 Subject: [PATCH 16/93] UPSTREAM: HID: add USB_HID dependancy to hid-chicony The chicony HID driver only controls USB devices, yet did not have a dependancy on USB_HID. This causes build errors on some configurations like sparc when building due to new changes to the chicony driver. Reported-by: Stephen Rothwell Cc: stable@vger.kernel.org Cc: Jiri Kosina Cc: Benjamin Tissoires Signed-off-by: Greg Kroah-Hartman Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211203075927.2829218-1-gregkh@linuxfoundation.org (cherry picked from commit d080811f27936f712f619f847389f403ac873b8f) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: Ic65d7879192eb876683d13eb18628dd0f4594e98 --- drivers/hid/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig index bc3b56d14aa3..f5b5078b0531 100644 --- a/drivers/hid/Kconfig +++ b/drivers/hid/Kconfig @@ -207,7 +207,7 @@ config HID_CHERRY config HID_CHICONY tristate "Chicony devices" - depends on HID + depends on USB_HID default !EXPERT help Support for Chicony Tactical pad and special keys on Chicony keyboards. From 7b8a19b91787b8e30d50e4e9e2d7b50a950003a9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 2 Dec 2021 12:48:19 +0100 Subject: [PATCH 17/93] UPSTREAM: HID: add USB_HID dependancy on some USB HID drivers Some HID drivers are only for USB drivers, yet did not depend on CONFIG_USB_HID. This was hidden by the fact that the USB functions were stubbed out in the past, but now that drivers are checking for USB devices properly, build errors can occur with some random configurations. Reported-by: kernel test robot Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211202114819.2511954-1-gregkh@linuxfoundation.org (cherry picked from commit f237d9028f844a86955fc9da59d7ac4a5c55d7d5) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: Ia755dc2803f1111c33d1c4b06b02913eebdf34c0 --- drivers/hid/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig index f5b5078b0531..f5dc693a6403 100644 --- a/drivers/hid/Kconfig +++ b/drivers/hid/Kconfig @@ -214,7 +214,7 @@ config HID_CHICONY config HID_CORSAIR tristate "Corsair devices" - depends on HID && USB && LEDS_CLASS + depends on USB_HID && LEDS_CLASS help Support for Corsair devices that are not fully compliant with the HID standard. @@ -541,7 +541,7 @@ config HID_LENOVO config HID_LOGITECH tristate "Logitech devices" - depends on HID + depends on USB_HID depends on LEDS_CLASS default !EXPERT help @@ -918,7 +918,7 @@ config HID_SAITEK config HID_SAMSUNG tristate "Samsung InfraRed remote control or keyboards" - depends on HID + depends on USB_HID help Support for Samsung InfraRed remote control or keyboards. From 5a72ef56c876d5f0dadd8eb3b682814ec32422e4 Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires Date: Thu, 2 Dec 2021 10:53:32 +0100 Subject: [PATCH 18/93] UPSTREAM: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null. Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires Reviewed-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20211202095334.14399-3-benjamin.tissoires@redhat.com (cherry picked from commit 918aa1ef104d286d16b9e7ef139a463ac7a296f0) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: Ia6fb77a7bd9426ce055e090fb2c1f3a21a2011cc --- drivers/hid/hid-bigbenff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c index db6da21ade06..74ad8bf98bfd 100644 --- a/drivers/hid/hid-bigbenff.c +++ b/drivers/hid/hid-bigbenff.c @@ -191,7 +191,7 @@ static void bigben_worker(struct work_struct *work) struct bigben_device, worker); struct hid_field *report_field = bigben->report->field[0]; - if (bigben->removed) + if (bigben->removed || !report_field) return; if (bigben->work_led) { From e98c96b8b8a5a7a97a0c1ae75638b362b16f0187 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 1 Dec 2021 19:35:02 +0100 Subject: [PATCH 19/93] UPSTREAM: HID: wacom: fix problems when device is not a valid USB device The wacom driver accepts devices of more than just USB types, but some code paths can cause problems if the device being controlled is not a USB device due to a lack of checking. Add the needed checks to ensure that the USB device accesses are only happening on a "real" USB device, and not one on some other bus. Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: linux-input@vger.kernel.org Cc: stable@vger.kernel.org Tested-by: Benjamin Tissoires Signed-off-by: Greg Kroah-Hartman Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211201183503.2373082-2-gregkh@linuxfoundation.org (cherry picked from commit 720ac467204a70308bd687927ed475afb904e11b) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: I605a7a3598b54693ce2104d4afdbdf879bb7fb2e --- drivers/hid/wacom_sys.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index e94ec84aec6a..329bb1a46f90 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -726,7 +726,7 @@ static void wacom_retrieve_hid_descriptor(struct hid_device *hdev, * Skip the query for this type and modify defaults based on * interface number. */ - if (features->type == WIRELESS) { + if (features->type == WIRELESS && intf) { if (intf->cur_altsetting->desc.bInterfaceNumber == 0) features->device_type = WACOM_DEVICETYPE_WL_MONITOR; else @@ -2448,6 +2448,9 @@ static void wacom_wireless_work(struct work_struct *work) wacom_destroy_battery(wacom); + if (!usbdev) + return; + /* Stylus interface */ hdev1 = usb_get_intfdata(usbdev->config->interface[1]); wacom1 = hid_get_drvdata(hdev1); @@ -2727,8 +2730,6 @@ static void wacom_mode_change_work(struct work_struct *work) static int wacom_probe(struct hid_device *hdev, const struct hid_device_id *id) { - struct usb_interface *intf = to_usb_interface(hdev->dev.parent); - struct usb_device *dev = interface_to_usbdev(intf); struct wacom *wacom; struct wacom_wac *wacom_wac; struct wacom_features *features; @@ -2763,8 +2764,14 @@ static int wacom_probe(struct hid_device *hdev, wacom_wac->hid_data.inputmode = -1; wacom_wac->mode_report = -1; - wacom->usbdev = dev; - wacom->intf = intf; + if (hid_is_usb(hdev)) { + struct usb_interface *intf = to_usb_interface(hdev->dev.parent); + struct usb_device *dev = interface_to_usbdev(intf); + + wacom->usbdev = dev; + wacom->intf = intf; + } + mutex_init(&wacom->lock); INIT_DELAYED_WORK(&wacom->init_work, wacom_init_work); INIT_WORK(&wacom->wireless_work, wacom_wireless_work); From 7320fb1abd44b68bbeeb6ad6eb828899ab6b617e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 1 Dec 2021 19:35:03 +0100 Subject: [PATCH 20/93] UPSTREAM: HID: check for valid USB device for many HID drivers Many HID drivers assume that the HID device assigned to them is a USB device as that was the only way HID devices used to be able to be created in Linux. However, with the additional ways that HID devices can be created for many different bus types, that is no longer true, so properly check that we have a USB device associated with the HID device before allowing a driver that makes this assumption to claim it. Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: Michael Zaidman Cc: Stefan Achatz Cc: Maxime Coquelin Cc: Alexandre Torgue Cc: linux-input@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Tested-by: Benjamin Tissoires [bentiss: amended for thrustmater.c hunk to apply] Signed-off-by: Benjamin Tissoires Link: https://lore.kernel.org/r/20211201183503.2373082-3-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 93020953d0fa7035fd036ad87a47ae2b7aa4ae33) Bug: 188677105 Signed-off-by: Greg Kroah-Hartman Change-Id: I7908d6af9e70865a6db17fac75624064165449ad --- drivers/hid/hid-chicony.c | 8 ++++++-- drivers/hid/hid-corsair.c | 7 ++++++- drivers/hid/hid-elan.c | 2 +- drivers/hid/hid-elo.c | 3 +++ drivers/hid/hid-holtek-kbd.c | 9 +++++++-- drivers/hid/hid-holtek-mouse.c | 9 +++++++++ drivers/hid/hid-lg.c | 10 ++++++++-- drivers/hid/hid-prodikeys.c | 10 ++++++++-- drivers/hid/hid-roccat-arvo.c | 3 +++ drivers/hid/hid-roccat-isku.c | 3 +++ drivers/hid/hid-roccat-kone.c | 3 +++ drivers/hid/hid-roccat-koneplus.c | 3 +++ drivers/hid/hid-roccat-konepure.c | 3 +++ drivers/hid/hid-roccat-kovaplus.c | 3 +++ drivers/hid/hid-roccat-lua.c | 3 +++ drivers/hid/hid-roccat-pyra.c | 3 +++ drivers/hid/hid-roccat-ryos.c | 3 +++ drivers/hid/hid-roccat-savu.c | 3 +++ drivers/hid/hid-samsung.c | 3 +++ drivers/hid/hid-uclogic-core.c | 3 +++ 20 files changed, 84 insertions(+), 10 deletions(-) diff --git a/drivers/hid/hid-chicony.c b/drivers/hid/hid-chicony.c index 3f0ed6a95223..e19e2b597339 100644 --- a/drivers/hid/hid-chicony.c +++ b/drivers/hid/hid-chicony.c @@ -58,8 +58,12 @@ static int ch_input_mapping(struct hid_device *hdev, struct hid_input *hi, static __u8 *ch_switch12_report_fixup(struct hid_device *hdev, __u8 *rdesc, unsigned int *rsize) { - struct usb_interface *intf = to_usb_interface(hdev->dev.parent); - + struct usb_interface *intf; + + if (!hid_is_usb(hdev)) + return rdesc; + + intf = to_usb_interface(hdev->dev.parent); if (intf->cur_altsetting->desc.bInterfaceNumber == 1) { /* Change usage maximum and logical maximum from 0x7fff to * 0x2fff, so they don't exceed HID_MAX_USAGES */ diff --git a/drivers/hid/hid-corsair.c b/drivers/hid/hid-corsair.c index 902a60e249ed..8c895c820b67 100644 --- a/drivers/hid/hid-corsair.c +++ b/drivers/hid/hid-corsair.c @@ -553,7 +553,12 @@ static int corsair_probe(struct hid_device *dev, const struct hid_device_id *id) int ret; unsigned long quirks = id->driver_data; struct corsair_drvdata *drvdata; - struct usb_interface *usbif = to_usb_interface(dev->dev.parent); + struct usb_interface *usbif; + + if (!hid_is_usb(dev)) + return -EINVAL; + + usbif = to_usb_interface(dev->dev.parent); drvdata = devm_kzalloc(&dev->dev, sizeof(struct corsair_drvdata), GFP_KERNEL); diff --git a/drivers/hid/hid-elan.c b/drivers/hid/hid-elan.c index dae193749d44..0e8f424025fe 100644 --- a/drivers/hid/hid-elan.c +++ b/drivers/hid/hid-elan.c @@ -50,7 +50,7 @@ struct elan_drvdata { static int is_not_elan_touchpad(struct hid_device *hdev) { - if (hdev->bus == BUS_USB) { + if (hid_is_usb(hdev)) { struct usb_interface *intf = to_usb_interface(hdev->dev.parent); return (intf->altsetting->desc.bInterfaceNumber != diff --git a/drivers/hid/hid-elo.c b/drivers/hid/hid-elo.c index 0d22713a3874..2876cb6a7dca 100644 --- a/drivers/hid/hid-elo.c +++ b/drivers/hid/hid-elo.c @@ -229,6 +229,9 @@ static int elo_probe(struct hid_device *hdev, const struct hid_device_id *id) struct elo_priv *priv; int ret; + if (!hid_is_usb(hdev)) + return -EINVAL; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; diff --git a/drivers/hid/hid-holtek-kbd.c b/drivers/hid/hid-holtek-kbd.c index 0a38e8e9bc78..403506b9697e 100644 --- a/drivers/hid/hid-holtek-kbd.c +++ b/drivers/hid/hid-holtek-kbd.c @@ -140,12 +140,17 @@ static int holtek_kbd_input_event(struct input_dev *dev, unsigned int type, static int holtek_kbd_probe(struct hid_device *hdev, const struct hid_device_id *id) { - struct usb_interface *intf = to_usb_interface(hdev->dev.parent); - int ret = hid_parse(hdev); + struct usb_interface *intf; + int ret; + if (!hid_is_usb(hdev)) + return -EINVAL; + + ret = hid_parse(hdev); if (!ret) ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT); + intf = to_usb_interface(hdev->dev.parent); if (!ret && intf->cur_altsetting->desc.bInterfaceNumber == 1) { struct hid_input *hidinput; list_for_each_entry(hidinput, &hdev->inputs, list) { diff --git a/drivers/hid/hid-holtek-mouse.c b/drivers/hid/hid-holtek-mouse.c index 195b735b001d..b7172c48ef9f 100644 --- a/drivers/hid/hid-holtek-mouse.c +++ b/drivers/hid/hid-holtek-mouse.c @@ -62,6 +62,14 @@ static __u8 *holtek_mouse_report_fixup(struct hid_device *hdev, __u8 *rdesc, return rdesc; } +static int holtek_mouse_probe(struct hid_device *hdev, + const struct hid_device_id *id) +{ + if (!hid_is_usb(hdev)) + return -EINVAL; + return 0; +} + static const struct hid_device_id holtek_mouse_devices[] = { { HID_USB_DEVICE(USB_VENDOR_ID_HOLTEK_ALT, USB_DEVICE_ID_HOLTEK_ALT_MOUSE_A067) }, @@ -83,6 +91,7 @@ static struct hid_driver holtek_mouse_driver = { .name = "holtek_mouse", .id_table = holtek_mouse_devices, .report_fixup = holtek_mouse_report_fixup, + .probe = holtek_mouse_probe, }; module_hid_driver(holtek_mouse_driver); diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c index 0dc7cdfc56f7..2c7e7c089bf9 100644 --- a/drivers/hid/hid-lg.c +++ b/drivers/hid/hid-lg.c @@ -769,12 +769,18 @@ static int lg_raw_event(struct hid_device *hdev, struct hid_report *report, static int lg_probe(struct hid_device *hdev, const struct hid_device_id *id) { - struct usb_interface *iface = to_usb_interface(hdev->dev.parent); - __u8 iface_num = iface->cur_altsetting->desc.bInterfaceNumber; + struct usb_interface *iface; + __u8 iface_num; unsigned int connect_mask = HID_CONNECT_DEFAULT; struct lg_drv_data *drv_data; int ret; + if (!hid_is_usb(hdev)) + return -EINVAL; + + iface = to_usb_interface(hdev->dev.parent); + iface_num = iface->cur_altsetting->desc.bInterfaceNumber; + /* G29 only work with the 1st interface */ if ((hdev->product == USB_DEVICE_ID_LOGITECH_G29_WHEEL) && (iface_num != 0)) { diff --git a/drivers/hid/hid-prodikeys.c b/drivers/hid/hid-prodikeys.c index 2666af02d5c1..e4e9471d0f1e 100644 --- a/drivers/hid/hid-prodikeys.c +++ b/drivers/hid/hid-prodikeys.c @@ -798,12 +798,18 @@ static int pk_raw_event(struct hid_device *hdev, struct hid_report *report, static int pk_probe(struct hid_device *hdev, const struct hid_device_id *id) { int ret; - struct usb_interface *intf = to_usb_interface(hdev->dev.parent); - unsigned short ifnum = intf->cur_altsetting->desc.bInterfaceNumber; + struct usb_interface *intf; + unsigned short ifnum; unsigned long quirks = id->driver_data; struct pk_device *pk; struct pcmidi_snd *pm = NULL; + if (!hid_is_usb(hdev)) + return -EINVAL; + + intf = to_usb_interface(hdev->dev.parent); + ifnum = intf->cur_altsetting->desc.bInterfaceNumber; + pk = kzalloc(sizeof(*pk), GFP_KERNEL); if (pk == NULL) { hid_err(hdev, "can't alloc descriptor\n"); diff --git a/drivers/hid/hid-roccat-arvo.c b/drivers/hid/hid-roccat-arvo.c index ffcd444ae2ba..4b18e1a4fc7a 100644 --- a/drivers/hid/hid-roccat-arvo.c +++ b/drivers/hid/hid-roccat-arvo.c @@ -344,6 +344,9 @@ static int arvo_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-isku.c b/drivers/hid/hid-roccat-isku.c index ce5f22519956..e95d59cd8d07 100644 --- a/drivers/hid/hid-roccat-isku.c +++ b/drivers/hid/hid-roccat-isku.c @@ -324,6 +324,9 @@ static int isku_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-kone.c b/drivers/hid/hid-roccat-kone.c index 1ca64481145e..e8522eacf797 100644 --- a/drivers/hid/hid-roccat-kone.c +++ b/drivers/hid/hid-roccat-kone.c @@ -749,6 +749,9 @@ static int kone_probe(struct hid_device *hdev, const struct hid_device_id *id) { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-koneplus.c b/drivers/hid/hid-roccat-koneplus.c index 0316edf8c5bb..1896c69ea512 100644 --- a/drivers/hid/hid-roccat-koneplus.c +++ b/drivers/hid/hid-roccat-koneplus.c @@ -431,6 +431,9 @@ static int koneplus_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-konepure.c b/drivers/hid/hid-roccat-konepure.c index 5248b3c7cf78..cf8eeb33a125 100644 --- a/drivers/hid/hid-roccat-konepure.c +++ b/drivers/hid/hid-roccat-konepure.c @@ -133,6 +133,9 @@ static int konepure_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-kovaplus.c b/drivers/hid/hid-roccat-kovaplus.c index 960012881570..6fb9b9563769 100644 --- a/drivers/hid/hid-roccat-kovaplus.c +++ b/drivers/hid/hid-roccat-kovaplus.c @@ -501,6 +501,9 @@ static int kovaplus_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-lua.c b/drivers/hid/hid-roccat-lua.c index 4a88a76d5c62..d5ddf0d68346 100644 --- a/drivers/hid/hid-roccat-lua.c +++ b/drivers/hid/hid-roccat-lua.c @@ -160,6 +160,9 @@ static int lua_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-pyra.c b/drivers/hid/hid-roccat-pyra.c index 989927defe8d..4fcc8e7d276f 100644 --- a/drivers/hid/hid-roccat-pyra.c +++ b/drivers/hid/hid-roccat-pyra.c @@ -449,6 +449,9 @@ static int pyra_probe(struct hid_device *hdev, const struct hid_device_id *id) { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-ryos.c b/drivers/hid/hid-roccat-ryos.c index 3956a6c9c521..5bf1971a2b14 100644 --- a/drivers/hid/hid-roccat-ryos.c +++ b/drivers/hid/hid-roccat-ryos.c @@ -141,6 +141,9 @@ static int ryos_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-roccat-savu.c b/drivers/hid/hid-roccat-savu.c index 818701f7a028..a784bb4ee651 100644 --- a/drivers/hid/hid-roccat-savu.c +++ b/drivers/hid/hid-roccat-savu.c @@ -113,6 +113,9 @@ static int savu_probe(struct hid_device *hdev, { int retval; + if (!hid_is_usb(hdev)) + return -EINVAL; + retval = hid_parse(hdev); if (retval) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-samsung.c b/drivers/hid/hid-samsung.c index 2e1c31156eca..cf5992e97094 100644 --- a/drivers/hid/hid-samsung.c +++ b/drivers/hid/hid-samsung.c @@ -152,6 +152,9 @@ static int samsung_probe(struct hid_device *hdev, int ret; unsigned int cmask = HID_CONNECT_DEFAULT; + if (!hid_is_usb(hdev)) + return -EINVAL; + ret = hid_parse(hdev); if (ret) { hid_err(hdev, "parse failed\n"); diff --git a/drivers/hid/hid-uclogic-core.c b/drivers/hid/hid-uclogic-core.c index 8e9c9e646cb7..4edb24195704 100644 --- a/drivers/hid/hid-uclogic-core.c +++ b/drivers/hid/hid-uclogic-core.c @@ -164,6 +164,9 @@ static int uclogic_probe(struct hid_device *hdev, struct uclogic_drvdata *drvdata = NULL; bool params_initialized = false; + if (!hid_is_usb(hdev)) + return -EINVAL; + /* * libinput requires the pad interface to be on a different node * than the pen, so use QUIRK_MULTI_INPUT for all tablets. From c23b0e7c47f50a6a5f13491fcb699db57f324fb4 Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Fri, 20 Aug 2021 15:35:00 +0300 Subject: [PATCH 21/93] UPSTREAM: xhci: Fix failure to give back some cached cancelled URBs. (upstream commit 94f339147fc3eb9edef7ee4ef6e39c569c073753) Only TDs with status TD_CLEARING_CACHE will be given back after cache is cleared with a set TR deq command. xhci_invalidate_cached_td() failed to set the TD_CLEARING_CACHE status for some cancelled TDs as it assumed an endpoint only needs to clear the TD it stopped on. This isn't always true. For example with streams enabled an endpoint may have several stream rings, each stopping on a different TDs. Note that if an endpoint has several stream rings, the current code will still only clear the cache of the stream pointed to by the last cancelled TD in the cancel list. This patch only focus on making sure all canceled TDs are given back, avoiding hung task after device removal. Another fix to solve clearing the caches of all stream rings with cancelled TDs is needed, but not as urgent. This issue was simultanously discovered and debugged by by Tao Wang, with a slightly different fix proposal. Fixes: 674f8438c121 ("xhci: split handling halted endpoints into two steps") Cc: #5.12 Reported-by: Tao Wang Signed-off-by: Mathias Nyman Bug: 202901721 Signed-off-by: Puma Hsu Change-Id: I0ceff10453a99183d27bc53e64c2c193e0ac429a --- drivers/usb/host/xhci-ring.c | 40 ++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ee8a0232e731..84fa2d5da515 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -944,17 +944,21 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) td->urb->stream_id); hw_deq &= ~0xf; - if (td->cancel_status == TD_HALTED) { - cached_td = td; - } else if (trb_in_td(xhci, td->start_seg, td->first_trb, - td->last_trb, hw_deq, false)) { + if (td->cancel_status == TD_HALTED || + trb_in_td(xhci, td->start_seg, td->first_trb, td->last_trb, hw_deq, false)) { switch (td->cancel_status) { case TD_CLEARED: /* TD is already no-op */ case TD_CLEARING_CACHE: /* set TR deq command already queued */ break; case TD_DIRTY: /* TD is cached, clear it */ case TD_HALTED: - /* FIXME stream case, several stopped rings */ + td->cancel_status = TD_CLEARING_CACHE; + if (cached_td) + /* FIXME stream case, several stopped rings */ + xhci_dbg(xhci, + "Move dq past stream %u URB %p instead of stream %u URB %p\n", + td->urb->stream_id, td->urb, + cached_td->urb->stream_id, cached_td->urb); cached_td = td; break; } @@ -963,18 +967,24 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) td->cancel_status = TD_CLEARED; } } - if (cached_td) { - cached_td->cancel_status = TD_CLEARING_CACHE; - err = xhci_move_dequeue_past_td(xhci, slot_id, ep->ep_index, - cached_td->urb->stream_id, - cached_td); - /* Failed to move past cached td, try just setting it noop */ - if (err) { - td_to_noop(xhci, ring, cached_td, false); - cached_td->cancel_status = TD_CLEARED; + /* If there's no need to move the dequeue pointer then we're done */ + if (!cached_td) + return 0; + + err = xhci_move_dequeue_past_td(xhci, slot_id, ep->ep_index, + cached_td->urb->stream_id, + cached_td); + if (err) { + /* Failed to move past cached td, just set cached TDs to no-op */ + list_for_each_entry_safe(td, tmp_td, &ep->cancelled_td_list, cancelled_td_list) { + if (td->cancel_status != TD_CLEARING_CACHE) + continue; + xhci_dbg(xhci, "Failed to clear cancelled cached URB %p, mark clear anyway\n", + td->urb); + td_to_noop(xhci, ring, td, false); + td->cancel_status = TD_CLEARED; } - cached_td = NULL; } return 0; } From f4cbe349566c38bfd9ae3152acc9b00b7a0931f5 Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Fri, 20 Aug 2021 15:35:01 +0300 Subject: [PATCH 22/93] UPSTREAM: Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" (upstream commit 2847c46c61486fd8bca9136a6e27177212e78c69) This reverts commit 5d5323a6f3625f101dbfa94ba3ef7706cce38760. That commit effectively disabled Intel host initiated U1/U2 lpm for devices with periodic endpoints. Before that commit we disabled host initiated U1/U2 lpm if the exit latency was larger than any periodic endpoint service interval, this is according to xhci spec xhci 1.1 specification section 4.23.5.2 After that commit we incorrectly checked that service interval was smaller than U1/U2 inactivity timeout. This is not relevant, and can't happen for Intel hosts as previously set U1/U2 timeout = 105% * service interval. Patch claimed it solved cases where devices can't be enumerated because of bandwidth issues. This might be true but it's a side effect of accidentally turning off lpm. exit latency calculations have been revised since then Signed-off-by: Mathias Nyman Bug: 202901721 Signed-off-by: Puma Hsu Change-Id: I5d77ab7e34805730c94da9d2a0052fb6096a0b69 --- drivers/usb/host/xhci.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index cd2d7caf248a..2b844d18612f 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -4661,19 +4661,19 @@ static u16 xhci_calculate_u1_timeout(struct xhci_hcd *xhci, { unsigned long long timeout_ns; - if (xhci->quirks & XHCI_INTEL_HOST) - timeout_ns = xhci_calculate_intel_u1_timeout(udev, desc); - else - timeout_ns = udev->u1_params.sel; - /* Prevent U1 if service interval is shorter than U1 exit latency */ if (usb_endpoint_xfer_int(desc) || usb_endpoint_xfer_isoc(desc)) { - if (xhci_service_interval_to_ns(desc) <= timeout_ns) { + if (xhci_service_interval_to_ns(desc) <= udev->u1_params.mel) { dev_dbg(&udev->dev, "Disable U1, ESIT shorter than exit latency\n"); return USB3_LPM_DISABLED; } } + if (xhci->quirks & XHCI_INTEL_HOST) + timeout_ns = xhci_calculate_intel_u1_timeout(udev, desc); + else + timeout_ns = udev->u1_params.sel; + /* The U1 timeout is encoded in 1us intervals. * Don't return a timeout of zero, because that's USB3_LPM_DISABLED. */ @@ -4725,19 +4725,19 @@ static u16 xhci_calculate_u2_timeout(struct xhci_hcd *xhci, { unsigned long long timeout_ns; - if (xhci->quirks & XHCI_INTEL_HOST) - timeout_ns = xhci_calculate_intel_u2_timeout(udev, desc); - else - timeout_ns = udev->u2_params.sel; - /* Prevent U2 if service interval is shorter than U2 exit latency */ if (usb_endpoint_xfer_int(desc) || usb_endpoint_xfer_isoc(desc)) { - if (xhci_service_interval_to_ns(desc) <= timeout_ns) { + if (xhci_service_interval_to_ns(desc) <= udev->u2_params.mel) { dev_dbg(&udev->dev, "Disable U2, ESIT shorter than exit latency\n"); return USB3_LPM_DISABLED; } } + if (xhci->quirks & XHCI_INTEL_HOST) + timeout_ns = xhci_calculate_intel_u2_timeout(udev, desc); + else + timeout_ns = udev->u2_params.sel; + /* The U2 timeout is encoded in 256us intervals */ timeout_ns = DIV_ROUND_UP_ULL(timeout_ns, 256 * 1000); /* If the necessary timeout value is bigger than what we can set in the From 5b15c955a64d779b79fd79f3956aa5bb4240f838 Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Fri, 20 Aug 2021 15:35:02 +0300 Subject: [PATCH 23/93] UPSTREAM: xhci: Add additional dynamic debug to follow URBs in cancel and error cases. (upstream commit 0d9b9f533bf1aa555fcd28fa459332b7731316b3) Add more debugging messages to follow what happends to a URB internally in special cases like URB cancel, halted endpoints and endpoint reset. Helps tracking issues like URB never given back by host. Signed-off-by: Mathias Nyman Bug: 202901721 Signed-off-by: Puma Hsu Change-Id: Ief6507db231a115f138c78f288929736a631a385 --- drivers/usb/host/xhci-ring.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 84fa2d5da515..a2bef00e9f98 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -832,9 +832,14 @@ static void xhci_giveback_invalidated_tds(struct xhci_virt_ep *ep) ring = xhci_urb_to_transfer_ring(ep->xhci, td->urb); - if (td->cancel_status == TD_CLEARED) + if (td->cancel_status == TD_CLEARED) { + xhci_dbg(ep->xhci, "%s: Giveback cancelled URB %p TD\n", + __func__, td->urb); xhci_td_cleanup(ep->xhci, td, ring, td->status); - + } else { + xhci_dbg(ep->xhci, "%s: Keep cancelled URB %p TD as cancel_status is %d\n", + __func__, td->urb, td->cancel_status); + } if (ep->xhci->xhc_state & XHCI_STATE_DYING) return; } @@ -852,6 +857,10 @@ static int xhci_reset_halted_ep(struct xhci_hcd *xhci, unsigned int slot_id, goto done; } + xhci_dbg(xhci, "%s-reset ep %u, slot %u\n", + (reset_type == EP_HARD_RESET) ? "Hard" : "Soft", + ep_index, slot_id); + ret = xhci_queue_reset_ep(xhci, command, slot_id, ep_index, reset_type); done: if (ret) @@ -885,7 +894,8 @@ static int xhci_handle_halted_endpoint(struct xhci_hcd *xhci, } if (ep->ep_state & EP_HALTED) { - xhci_dbg(xhci, "Reset ep command already pending\n"); + xhci_dbg(xhci, "Reset ep command for ep_index %d already pending\n", + ep->ep_index); return 0; } @@ -924,9 +934,10 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) list_for_each_entry_safe(td, tmp_td, &ep->cancelled_td_list, cancelled_td_list) { xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, - "Removing canceled TD starting at 0x%llx (dma).", - (unsigned long long)xhci_trb_virt_to_dma( - td->start_seg, td->first_trb)); + "Removing canceled TD starting at 0x%llx (dma) in stream %u URB %p", + (unsigned long long)xhci_trb_virt_to_dma( + td->start_seg, td->first_trb), + td->urb->stream_id, td->urb); list_del_init(&td->td_list); ring = xhci_urb_to_transfer_ring(xhci, td->urb); if (!ring) { @@ -1081,6 +1092,8 @@ static void xhci_handle_cmd_stop_ep(struct xhci_hcd *xhci, int slot_id, return; case EP_STATE_RUNNING: /* Race, HW handled stop ep cmd before ep was running */ + xhci_dbg(xhci, "Stop ep completion ctx error, ep is running\n"); + command = xhci_alloc_command(xhci, false, GFP_ATOMIC); if (!command) xhci_stop_watchdog_timer_in_irq(xhci, ep); @@ -1402,7 +1415,12 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, ep_ring = xhci_urb_to_transfer_ring(ep->xhci, td->urb); if (td->cancel_status == TD_CLEARING_CACHE) { td->cancel_status = TD_CLEARED; + xhci_dbg(ep->xhci, "%s: Giveback cancelled URB %p TD\n", + __func__, td->urb); xhci_td_cleanup(ep->xhci, td, ep_ring, td->status); + } else { + xhci_dbg(ep->xhci, "%s: Keep cancelled URB %p TD as cancel_status is %d\n", + __func__, td->urb, td->cancel_status); } } cleanup: From 183905923f627b2381f70e6b1da73f88fc1a6da0 Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Fri, 20 Aug 2021 15:35:03 +0300 Subject: [PATCH 24/93] UPSTREAM: xhci: Add bus number to some debug messages (upstream commit 669bc5a188b40a4edc9c2a42e5b32f19182767d9) As we register two usb buses for each xHC, and systems with several hosts are more and more common it is getting hard to follow the flow of debug messages without knowing which bus they belong to Signed-off-by: Mathias Nyman Bug: 202901721 Signed-off-by: Puma Hsu Change-Id: I55428c864c57e5e10c71ae2e539ca086db31a52d --- drivers/usb/host/xhci-hub.c | 6 ++++-- drivers/usb/host/xhci-ring.c | 3 ++- drivers/usb/host/xhci.c | 6 ++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 15d543f1d93d..f1b95ed3fda8 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1586,7 +1586,8 @@ int xhci_hub_status_data(struct usb_hcd *hcd, char *buf) status = 1; } if (!status && !reset_change) { - xhci_dbg(xhci, "%s: stopping port polling.\n", __func__); + xhci_dbg(xhci, "%s: stopping usb%d port polling\n", + __func__, hcd->self.busnum); clear_bit(HCD_FLAG_POLL_RH, &hcd->flags); } spin_unlock_irqrestore(&xhci->lock, flags); @@ -1618,7 +1619,8 @@ int xhci_bus_suspend(struct usb_hcd *hcd) if (bus_state->resuming_ports || /* USB2 */ bus_state->port_remote_wakeup) { /* USB3 */ spin_unlock_irqrestore(&xhci->lock, flags); - xhci_dbg(xhci, "suspend failed because a port is resuming\n"); + xhci_dbg(xhci, "usb%d bus suspend to fail because a port is resuming\n", + hcd->self.busnum); return -EBUSY; } } diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index a2bef00e9f98..4be3a11e9ba4 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -2033,7 +2033,8 @@ cleanup: * bits are still set. When an event occurs, switch over to * polling to avoid losing status changes. */ - xhci_dbg(xhci, "%s: starting port polling.\n", __func__); + xhci_dbg(xhci, "%s: starting usb%d port polling.\n", + __func__, hcd->self.busnum); set_bit(HCD_FLAG_POLL_RH, &hcd->flags); spin_unlock(&xhci->lock); /* Pass this up to the core */ diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 2b844d18612f..8786b38be976 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -993,7 +993,8 @@ int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup) xhci_dbc_suspend(xhci); /* Don't poll the roothubs on bus suspend. */ - xhci_dbg(xhci, "%s: stopping port polling.\n", __func__); + xhci_dbg(xhci, "%s: stopping usb%d port polling.\n", + __func__, hcd->self.busnum); clear_bit(HCD_FLAG_POLL_RH, &hcd->flags); del_timer_sync(&hcd->rh_timer); clear_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); @@ -1257,7 +1258,8 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) usb_asmedia_modifyflowcontrol(to_pci_dev(hcd->self.controller)); /* Re-enable port polling. */ - xhci_dbg(xhci, "%s: starting port polling.\n", __func__); + xhci_dbg(xhci, "%s: starting usb%d port polling.\n", + __func__, hcd->self.busnum); set_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); usb_hcd_poll_rh_status(xhci->shared_hcd); set_bit(HCD_FLAG_POLL_RH, &hcd->flags); From 2d6a43c0364d3bb0c5c00b0a32b27f4c7740e004 Mon Sep 17 00:00:00 2001 From: Jindong Yue Date: Tue, 7 Dec 2021 17:21:39 +0800 Subject: [PATCH 25/93] ANDROID: ABI: Add symbols used by frame buffer driver fb_get_options - required by mxc_epdc_v2_fb.ko file_update_time, file_write_and_wait_range, page_mkclean - required by frame buffer fb.ko Leaf changes summary: 4 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 4 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 4 Added functions: [A] 'function int fb_get_options(const char*, char**)' [A] 'function int file_update_time(file*)' [A] 'function int file_write_and_wait_range(file*, loff_t, loff_t)' [A] 'function int page_mkclean(page*)' Bug: 194108974 Signed-off-by: Jindong Yue Change-Id: I09ecf9d50776b07b42420e9d0c62fdcd58d816f9 --- android/abi_gki_aarch64.xml | 207 +++++------------------------------- android/abi_gki_aarch64_imx | 82 +++++++++----- 2 files changed, 81 insertions(+), 208 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 0d30dcf5aa73..59dfaf4f3fa0 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -2284,10 +2284,13 @@ + + + @@ -3513,6 +3516,7 @@ + @@ -12252,7 +12256,6 @@ - @@ -14464,7 +14467,6 @@ - @@ -21308,11 +21310,6 @@ - - - - - @@ -23271,17 +23268,6 @@ - - - - - - - - - - - @@ -24707,7 +24693,6 @@ - @@ -32574,32 +32559,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -34992,9 +34952,6 @@ - - - @@ -43504,11 +43461,7 @@ - - - - - + @@ -44952,9 +44905,6 @@ - - - @@ -47201,32 +47151,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -48719,7 +48643,6 @@ - @@ -52115,11 +52038,6 @@ - - - - - @@ -63881,14 +63799,6 @@ - - - - - - - - @@ -66233,11 +66143,6 @@ - - - - - @@ -70250,7 +70155,6 @@ - @@ -70914,11 +70818,7 @@ - - - - - + @@ -75605,11 +75505,6 @@ - - - - - @@ -79465,7 +79360,6 @@ - @@ -80032,7 +79926,6 @@ - @@ -81873,12 +81766,6 @@ - - - - - - @@ -83685,7 +83572,6 @@ - @@ -86214,53 +86100,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -87745,7 +87584,6 @@ - @@ -88932,7 +88770,6 @@ - @@ -92814,17 +92651,6 @@ - - - - - - - - - - - @@ -126035,6 +125861,11 @@ + + + + + @@ -126055,6 +125886,16 @@ + + + + + + + + + + @@ -132310,6 +132151,10 @@ + + + + diff --git a/android/abi_gki_aarch64_imx b/android/abi_gki_aarch64_imx index fdff2573a2fc..3218ed541784 100644 --- a/android/abi_gki_aarch64_imx +++ b/android/abi_gki_aarch64_imx @@ -20,6 +20,9 @@ bcmp bdput __bitmap_and + blocking_notifier_call_chain + blocking_notifier_chain_register + blocking_notifier_chain_unregister bpf_trace_run1 bpf_trace_run2 bpf_trace_run3 @@ -103,6 +106,7 @@ debugfs_create_dir debugfs_create_file debugfs_remove + default_llseek deferred_free delayed_work_timer_fn del_timer @@ -161,6 +165,7 @@ devm_phy_create devm_phy_get devm_pinctrl_get + devm_pinctrl_put devm_platform_ioremap_resource __devm_regmap_init __devm_regmap_init_i2c @@ -202,6 +207,12 @@ dma_buf_map_attachment dma_buf_put dma_buf_unmap_attachment + dma_fence_context_alloc + dma_fence_default_wait + dma_fence_init + dma_fence_release + dma_fence_signal_locked + dma_fence_wait_timeout dma_free_attrs dma_heap_add dma_heap_get_dev @@ -369,6 +380,7 @@ event_triggers_call extcon_set_state_sync failure_tracking + fd_install find_next_bit finish_wait flush_work @@ -399,6 +411,7 @@ get_cpu_device get_device get_random_bytes + get_unused_fd_flags gic_nonsecure_priorities gpiochip_generic_free gpiochip_generic_request @@ -431,6 +444,7 @@ i2c_recover_bus i2c_register_driver i2c_smbus_read_byte_data + i2c_smbus_write_byte_data i2c_transfer i2c_transfer_buffer_flags i2c_unregister_device @@ -511,6 +525,7 @@ __list_add_valid __list_del_entry_valid __local_bh_enable_ip + __lock_page __log_post_read_mmio __log_read_mmio __log_write_mmio @@ -532,6 +547,7 @@ __memcpy_fromio memdup_user memmove + memparse memset __memset_io memstart_addr @@ -616,6 +632,7 @@ of_get_next_child of_get_parent of_get_property + of_get_regulator_init_data of_graph_get_next_endpoint of_graph_get_port_by_id of_graph_get_remote_node @@ -883,6 +900,7 @@ __stack_chk_fail __stack_chk_guard strcasecmp + strcat strcmp strcpy strlcpy @@ -891,11 +909,14 @@ strncpy strrchr strscpy + strsep strstr __sw_hweight16 __sw_hweight32 __sw_hweight64 __sw_hweight8 + sync_file_create + sync_file_get_fence synchronize_irq synchronize_net synchronize_rcu @@ -948,6 +969,7 @@ uart_update_timeout uart_write_wakeup __udelay + unlock_page __unregister_chrdev unregister_chrdev_region unregister_inet6addr_notifier @@ -1061,6 +1083,7 @@ vmap vsnprintf vunmap + wait_for_completion wait_for_completion_interruptible wait_for_completion_interruptible_timeout wait_for_completion_timeout @@ -1252,9 +1275,6 @@ mmc_cqe_request_done # required by device_cooling.ko - blocking_notifier_call_chain - blocking_notifier_chain_register - blocking_notifier_chain_unregister thermal_cooling_device_unregister thermal_of_cooling_device_register @@ -1286,6 +1306,29 @@ devm_phy_optional_get drm_of_encoder_active_endpoint +# required by fb.ko + __arch_copy_in_user + compat_alloc_user_space + console_lock + console_unlock + fb_mode_option + file_update_time + file_write_and_wait_range + ignore_console_lock_warning + int_sqrt + is_console_locked + __memcpy_toio + of_get_videomode + page_mkclean + proc_create_seq_private + simple_strtol + vm_get_page_prot + vm_iomap_memory + +# required by fb_fence.ko + put_unused_fd + system_unbound_wq + # required by fec.ko ethtool_op_get_ts_info mdiobus_alloc_size @@ -1332,6 +1375,12 @@ tso_count_descs tso_start +# required by fp9931-core.ko + devm_mfd_add_devices + +# required by fp9931-regulator.ko + gpiod_get_raw_value + # required by fsl-edma-v3.ko dma_get_slave_channel of_dma_controller_free @@ -1358,13 +1407,7 @@ dev_pm_opp_add dev_pm_opp_remove dma_fence_array_ops - dma_fence_context_alloc - dma_fence_default_wait - dma_fence_init - dma_fence_release dma_fence_signal - dma_fence_signal_locked - dma_fence_wait_timeout down driver_create_file driver_remove_file @@ -1372,10 +1415,8 @@ drm_gem_object_lookup drm_gem_object_release drm_gem_private_object_init - fd_install find_vma find_vpid - get_unused_fd_flags get_user_pages hrtimer_resolution iommu_attach_device @@ -1392,24 +1433,18 @@ platform_bus_type reset_control_reset schedule_hrtimeout - sync_file_create - sync_file_get_fence __task_pid_nr_ns _totalram_pages vm_mmap vm_munmap vm_zone_stat -# required by gmsl-max9286.ko - i2c_smbus_write_byte_data - # required by goodix.ko gpiod_direction_input input_alloc_absinfo input_mt_sync_frame touchscreen_parse_properties touchscreen_report_pos - wait_for_completion # required by gpio-imx-rpmsg.ko __irq_alloc_descs @@ -1444,7 +1479,6 @@ # required by gpio-regulator.ko devm_kstrdup gpiod_count - of_get_regulator_init_data # required by gpio-reset.ko reset_controller_register @@ -1762,11 +1796,9 @@ sdio_writeb sdio_writesb skb_realloc_headroom - strcat strchr strim strncasecmp - strsep vprintk wakeup_source_add wakeup_source_remove @@ -1831,6 +1863,9 @@ v4l2_m2m_dqbuf v4l2_m2m_qbuf +# required by mxc_epdc_v2_fb.ko + fb_get_options + # required by mxs-dma.ko dmaenginem_async_device_register tasklet_setup @@ -1868,9 +1903,6 @@ v4l2_event_subdev_unsubscribe __v4l2_find_nearest_size -# required by ov5640_camera_mipi_v2.ko - devm_pinctrl_put - # required by panel-raydium-rm67191.ko devm_backlight_device_register mipi_dsi_dcs_get_display_brightness @@ -2125,7 +2157,6 @@ snd_interval_refine # required by snd-soc-imx-audmux.ko - default_llseek simple_open simple_read_from_buffer @@ -2339,7 +2370,6 @@ fsync_bdev __get_free_pages __init_rwsem - memparse memset64 __num_online_cpus page_endio @@ -2362,7 +2392,6 @@ kern_mount kern_unmount kill_anon_super - __lock_page page_mapping _raw_read_lock _raw_read_unlock @@ -2370,5 +2399,4 @@ _raw_write_unlock register_shrinker __SetPageMovable - unlock_page unregister_shrinker From b4604acd52a691c2fd33ad0a0fafb7cc19dee5de Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 9 Dec 2021 18:59:27 +0100 Subject: [PATCH 26/93] UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Sometimes USB hosts can ask for buffers that are too large from endpoint 0, which should not be allowed. If this happens for OUT requests, stall the endpoint, but for IN requests, trim the request size to the endpoint buffer size. Co-developed-by: Szymon Heidrich Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 153a2d7e3350cc89d406ba2d35be8793a64c2038) Bug: 210292367 Signed-off-by: Greg Kroah-Hartman Change-Id: I9bbd6154177d7a1fb6c2e3a3dffa96634d85bb7f --- drivers/usb/gadget/composite.c | 12 ++++++++++++ drivers/usb/gadget/legacy/dbgp.c | 13 +++++++++++++ drivers/usb/gadget/legacy/inode.c | 16 +++++++++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index 504c1cbc255d..1ef7922b57b6 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1679,6 +1679,18 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) struct usb_function *f = NULL; u8 endp; + if (w_length > USB_COMP_EP0_BUFSIZ) { + if (ctrl->bRequestType == USB_DIR_OUT) { + goto done; + } else { + /* Cast away the const, we are going to overwrite on purpose. */ + __le16 *temp = (__le16 *)&ctrl->wLength; + + *temp = cpu_to_le16(USB_COMP_EP0_BUFSIZ); + w_length = USB_COMP_EP0_BUFSIZ; + } + } + /* partial re-init of the response message; the function or the * gadget might need to intercept e.g. a control-OUT completion * when we delegate to it. diff --git a/drivers/usb/gadget/legacy/dbgp.c b/drivers/usb/gadget/legacy/dbgp.c index e1d566c9918a..e567afcb2794 100644 --- a/drivers/usb/gadget/legacy/dbgp.c +++ b/drivers/usb/gadget/legacy/dbgp.c @@ -345,6 +345,19 @@ static int dbgp_setup(struct usb_gadget *gadget, void *data = NULL; u16 len = 0; + if (length > DBGP_REQ_LEN) { + if (ctrl->bRequestType == USB_DIR_OUT) { + return err; + } else { + /* Cast away the const, we are going to overwrite on purpose. */ + __le16 *temp = (__le16 *)&ctrl->wLength; + + *temp = cpu_to_le16(DBGP_REQ_LEN); + length = DBGP_REQ_LEN; + } + } + + if (request == USB_REQ_GET_DESCRIPTOR) { switch (value>>8) { case USB_DT_DEVICE: diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index 71e7d10dd76b..04b9c4f5f129 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb/gadget/legacy/inode.c @@ -110,6 +110,8 @@ enum ep0_state { /* enough for the whole queue: most events invalidate others */ #define N_EVENT 5 +#define RBUF_SIZE 256 + struct dev_data { spinlock_t lock; refcount_t count; @@ -144,7 +146,7 @@ struct dev_data { struct dentry *dentry; /* except this scratch i/o buffer for ep0 */ - u8 rbuf [256]; + u8 rbuf[RBUF_SIZE]; }; static inline void get_dev (struct dev_data *data) @@ -1333,6 +1335,18 @@ gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) u16 w_value = le16_to_cpu(ctrl->wValue); u16 w_length = le16_to_cpu(ctrl->wLength); + if (w_length > RBUF_SIZE) { + if (ctrl->bRequestType == USB_DIR_OUT) { + return value; + } else { + /* Cast away the const, we are going to overwrite on purpose. */ + __le16 *temp = (__le16 *)&ctrl->wLength; + + *temp = cpu_to_le16(RBUF_SIZE); + w_length = RBUF_SIZE; + } + } + spin_lock (&dev->lock); dev->setup_abort = 0; if (dev->state == STATE_DEV_UNCONNECTED) { From dab2a8a2884253433c257c4e82101070adf282cc Mon Sep 17 00:00:00 2001 From: Huang Yiwei Date: Mon, 13 Dec 2021 11:14:12 +0800 Subject: [PATCH 27/93] ANDROID: qcom: Add android_rvh_do_ptrauth_fault to ABI Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable 1 Added variable: [A] 'tracepoint __tracepoint_android_rvh_do_ptrauth_fault' Bug: 210412487 Signed-off-by: Huang Yiwei Change-Id: I32964186696be16b56ad78cf9d706c8a62561d58 --- android/abi_gki_aarch64.xml | 648 ++++++++++++++++++++++------------- android/abi_gki_aarch64_qcom | 1 + 2 files changed, 415 insertions(+), 234 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 59dfaf4f3fa0..0ab86c9ebfd3 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -5726,6 +5726,7 @@ + @@ -12256,6 +12257,7 @@ + @@ -14467,6 +14469,7 @@ + @@ -21310,6 +21313,11 @@ + + + + + @@ -23268,6 +23276,17 @@ + + + + + + + + + + + @@ -24693,6 +24712,7 @@ + @@ -32559,7 +32579,32 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -34952,6 +34997,9 @@ + + + @@ -43461,7 +43509,11 @@ - + + + + + @@ -44905,6 +44957,9 @@ + + + @@ -47151,6 +47206,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -48643,6 +48724,7 @@ + @@ -52038,6 +52120,11 @@ + + + + + @@ -63799,6 +63886,14 @@ + + + + + + + + @@ -66143,6 +66238,11 @@ + + + + + @@ -70155,6 +70255,7 @@ + @@ -70818,7 +70919,11 @@ - + + + + + @@ -75505,6 +75610,11 @@ + + + + + @@ -79360,6 +79470,7 @@ + @@ -79926,6 +80037,7 @@ + @@ -81766,6 +81878,12 @@ + + + + + + @@ -83572,6 +83690,7 @@ + @@ -86100,6 +86219,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -87584,6 +87750,7 @@ + @@ -88770,6 +88937,7 @@ + @@ -92651,6 +92819,17 @@ + + + + + + + + + + + @@ -116556,6 +116735,7 @@ + @@ -119154,9 +119334,9 @@ - - - + + + @@ -119193,8 +119373,8 @@ - - + + @@ -119226,14 +119406,14 @@ - - - + + + - - - + + + @@ -119244,9 +119424,9 @@ - - - + + + @@ -119352,8 +119532,8 @@ - - + + @@ -121556,9 +121736,9 @@ - - - + + + @@ -121573,9 +121753,9 @@ - - - + + + @@ -121956,10 +122136,10 @@ - - - - + + + + @@ -126661,29 +126841,29 @@ - - - - - - + + + + + + - - - - - + + + + + - - - - - - - - + + + + + + + + @@ -131332,53 +131512,53 @@ - - - - + + + + - - - - + + + + - - + + - - - + + + - - - + + + - - + + - - + + - - - + + + - - - + + + - - - + + + @@ -131386,14 +131566,14 @@ - - - + + + - - - + + + @@ -133302,29 +133482,29 @@ - - - - - - + + + + + + - - - - - + + + + + - - - - - - - - + + + + + + + + @@ -137849,71 +138029,71 @@ - - - - + + + + - - - - + + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + @@ -137939,48 +138119,48 @@ - - - + + + - - - - + + + + - - + + - - - + + + - - - + + + - - - + + + - - + + - - + + - - - - + + + + @@ -139166,16 +139346,16 @@ - - + + - - + + @@ -139188,32 +139368,32 @@ - - - + + + - - + + - - + + - - + + - - - - - + + + + + - - + + @@ -143125,15 +143305,15 @@ - - - - + + + + - - - + + + @@ -143149,27 +143329,27 @@ - - + + - - + + - - - + + + - - - - + + + + @@ -143182,13 +143362,13 @@ - - - + + + - - + + @@ -143202,13 +143382,13 @@ - - + + - - - + + + @@ -143223,22 +143403,22 @@ - - - - - - + + + + + + - - - + + + - - - + + + @@ -143278,13 +143458,13 @@ - - - + + + - - + + diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index 4edc8dfd52f7..f686e734fbb6 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -2614,6 +2614,7 @@ __tracepoint_android_rvh_cpu_cgroup_online __tracepoint_android_rvh_cpufreq_transition __tracepoint_android_rvh_dequeue_task + __tracepoint_android_rvh_do_ptrauth_fault __tracepoint_android_rvh_do_sched_yield __tracepoint_android_rvh_enqueue_task __tracepoint_android_rvh_find_busiest_queue From 76760a995c2699f3288f9d793f8b5716fda99b43 Mon Sep 17 00:00:00 2001 From: Adrian Hunter Date: Mon, 8 Nov 2021 08:48:14 +0200 Subject: [PATCH 28/93] BACKPORT: scsi: ufs: core: Fix task management completion timeout race __ufshcd_issue_tm_cmd() clears req->end_io_data after timing out, which races with the completion function ufshcd_tmc_handler() which expects req->end_io_data to have a value. Note __ufshcd_issue_tm_cmd() and ufshcd_tmc_handler() are already synchronized using hba->tmf_rqs and hba->outstanding_tasks under the host_lock spinlock. It is also not necessary (nor typical) to clear req->end_io_data because the block layer does it before allocating out requests e.g. via blk_get_request(). So fix by not clearing it. Bug: 210094292 (cherry picked from commit 886fe2915cce6658b0fc19e64b82879325de61ea) Change-Id: I2c6f8b81f2aed10a85c167aa97dcbe9496677de5 [Stanley: Resolved minor conflict in drivers/scsi/ufshcd.c] Link: https://lore.kernel.org/r/20211108064815.569494-2-adrian.hunter@intel.com Fixes: f5ef336fd2e4 ("scsi: ufs: core: Fix task management completion") Reviewed-by: Bart Van Assche Signed-off-by: Adrian Hunter Signed-off-by: Martin K. Petersen Signed-off-by: Stanley Chu --- drivers/scsi/ufs/ufshcd.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index d2fdd9f9097d..90a45c793315 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -6530,11 +6530,6 @@ static int __ufshcd_issue_tm_cmd(struct ufs_hba *hba, err = wait_for_completion_io_timeout(&wait, msecs_to_jiffies(TM_CMD_TIMEOUT)); if (!err) { - /* - * Make sure that ufshcd_compl_tm() does not trigger a - * use-after-free. - */ - req->end_io_data = NULL; ufshcd_add_tm_upiu_trace(hba, task_tag, "tm_complete_err"); dev_err(hba->dev, "%s: task management cmd 0x%.2x timed-out\n", __func__, tm_function); From 5f9614157c2dcbe2eaa89c47acc4fa9a623b34fe Mon Sep 17 00:00:00 2001 From: Adrian Hunter Date: Mon, 8 Nov 2021 08:48:15 +0200 Subject: [PATCH 29/93] UPSTREAM: scsi: ufs: core: Fix another task management completion race hba->outstanding_tasks, which is read under host_lock spinlock, tells the interrupt handler what task management tags are in use by the driver. The doorbell register bits indicate which tags are in use by the hardware. A doorbell bit that is 0 is because the bit has yet to be set by the driver, or because the task is complete. It is only possible to disambiguate the 2 cases, if reading/writing the doorbell register is synchronized with reading/writing hba->outstanding_tasks. For that reason, reading REG_UTP_TASK_REQ_DOOR_BELL must be done under spinlock. Bug: 210094292 (cherry picked from commit 5cb37a26355d79ab290220677b1b57d28e99a895) Change-Id: I9a83393fe97682a271ec67834dc2d2888d3fbb60 Link: https://lore.kernel.org/r/20211108064815.569494-3-adrian.hunter@intel.com Fixes: f5ef336fd2e4 ("scsi: ufs: core: Fix task management completion") Reviewed-by: Bart Van Assche Signed-off-by: Adrian Hunter Signed-off-by: Martin K. Petersen Signed-off-by: Stanley Chu --- drivers/scsi/ufs/ufshcd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 90a45c793315..a447a1fdb4be 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -6367,9 +6367,8 @@ static irqreturn_t ufshcd_tmc_handler(struct ufs_hba *hba) irqreturn_t ret = IRQ_NONE; int tag; - pending = ufshcd_readl(hba, REG_UTP_TASK_REQ_DOOR_BELL); - spin_lock_irqsave(hba->host->host_lock, flags); + pending = ufshcd_readl(hba, REG_UTP_TASK_REQ_DOOR_BELL); issued = hba->outstanding_tasks & ~pending; for_each_set_bit(tag, &issued, hba->nutmrs) { struct request *req = tmf_rqs[tag]; From d600bdedac4c61cc185278d909d93b85b1689d85 Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Fri, 3 Dec 2021 15:19:44 -0800 Subject: [PATCH 30/93] FROMGIT: scsi: ufs: Remove the 'update_scaling' local variable This patch does not change any functionality but makes the next patch in this series easier to read. Link: https://lore.kernel.org/r/20211203231950.193369-12-bvanassche@acm.org Tested-by: Bean Huo Reviewed-by: Bean Huo Signed-off-by: Bart Van Assche Signed-off-by: Martin K. Petersen (cherry picked from commit 3eb9dcc027e2b2bbd8f377d3ef9271b7abfe103d git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next) Bug: 204438323 Change-Id: I5a420ba06517e65aa2cbabf08c2fc78de2490def Signed-off-by: Bart Van Assche Signed-off-by: Stanley Chu --- drivers/scsi/ufs/ufshcd.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index a447a1fdb4be..f41d6517cfcc 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -5193,7 +5193,6 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba, struct scsi_cmnd *cmd; int result; int index; - bool update_scaling = false; for_each_set_bit(index, &completed_reqs, hba->nutrs) { if (!test_and_clear_bit(index, &hba->outstanding_reqs)) @@ -5215,7 +5214,7 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba, /* Do not touch lrbp after scsi done */ cmd->scsi_done(cmd); ufshcd_release(hba); - update_scaling = true; + ufshcd_clk_scaling_update_busy(hba); } else if (lrbp->command_type == UTP_CMD_TYPE_DEV_MANAGE || lrbp->command_type == UTP_CMD_TYPE_UFS_STORAGE) { if (hba->dev_cmd.complete) { @@ -5223,11 +5222,9 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba, ufshcd_add_command_trace(hba, index, "dev_complete"); complete(hba->dev_cmd.complete); - update_scaling = true; + ufshcd_clk_scaling_update_busy(hba); } } - if (update_scaling) - ufshcd_clk_scaling_update_busy(hba); } } From 21949c429ab2a74fb81a43cda95bb84071510038 Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Fri, 3 Dec 2021 15:19:45 -0800 Subject: [PATCH 31/93] FROMGIT: scsi: ufs: Introduce ufshcd_release_scsi_cmd() The only functional change in this patch is that scsi_done() is now called after ufshcd_release() and ufshcd_clk_scaling_update_busy() instead of before. The next patch in this series will introduce a call to ufshcd_release_scsi_cmd() in the abort handler. Link: https://lore.kernel.org/r/20211203231950.193369-13-bvanassche@acm.org Tested-by: Bean Huo Reviewed-by: Adrian Hunter Reviewed-by: Bean Huo Signed-off-by: Bart Van Assche Signed-off-by: Martin K. Petersen (cherry picked from commit 6f8dafdee6ae836763e753a9df288d10b35e9679 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next) Bug: 204438323 Change-Id: Ie9e3ef49aa10d3dc9ce43625893809b232d87d5f Signed-off-by: Bart Van Assche Signed-off-by: Stanley Chu --- drivers/scsi/ufs/ufshcd.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index f41d6517cfcc..cc49a39d15f3 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -5181,6 +5181,19 @@ static irqreturn_t ufshcd_uic_cmd_compl(struct ufs_hba *hba, u32 intr_status) return retval; } +/* Release the resources allocated for processing a SCSI command. */ +static void ufshcd_release_scsi_cmd(struct ufs_hba *hba, + struct ufshcd_lrb *lrbp) +{ + struct scsi_cmnd *cmd = lrbp->cmd; + + scsi_dma_unmap(cmd); + ufshcd_crypto_clear_prdt(hba, lrbp); + lrbp->cmd = NULL; /* Mark the command as completed. */ + ufshcd_release(hba); + ufshcd_clk_scaling_update_busy(hba); +} + /** * __ufshcd_transfer_req_compl - handle SCSI and query command completion * @hba: per adapter instance @@ -5191,7 +5204,6 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba, { struct ufshcd_lrb *lrbp; struct scsi_cmnd *cmd; - int result; int index; for_each_set_bit(index, &completed_reqs, hba->nutrs) { @@ -5205,16 +5217,10 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba, ufshcd_update_monitor(hba, lrbp); trace_android_vh_ufs_compl_command(hba, lrbp); ufshcd_add_command_trace(hba, index, "complete"); - result = ufshcd_transfer_rsp_status(hba, lrbp); - scsi_dma_unmap(cmd); - cmd->result = result; - ufshcd_crypto_clear_prdt(hba, lrbp); - /* Mark completed command as NULL in LRB */ - lrbp->cmd = NULL; + cmd->result = ufshcd_transfer_rsp_status(hba, lrbp); + ufshcd_release_scsi_cmd(hba, lrbp); /* Do not touch lrbp after scsi done */ cmd->scsi_done(cmd); - ufshcd_release(hba); - ufshcd_clk_scaling_update_busy(hba); } else if (lrbp->command_type == UTP_CMD_TYPE_DEV_MANAGE || lrbp->command_type == UTP_CMD_TYPE_UFS_STORAGE) { if (hba->dev_cmd.complete) { From 593309a377815ddf7d97d0bead5bfd94e1edaaaf Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Fri, 3 Dec 2021 15:19:46 -0800 Subject: [PATCH 32/93] BACKPORT: scsi: ufs: Improve SCSI abort handling further Release resources when aborting a command. Make sure that aborted commands are completed once by clearing the corresponding tag bit from hba->outstanding_reqs. This patch is an improved version of commit 3ff1f6b6ba6f ("scsi: ufs: core: Improve SCSI abort handling"). Link: https://lore.kernel.org/r/20211203231950.193369-14-bvanassche@acm.org Fixes: 7a3e97b0dc4b ("[SCSI] ufshcd: UFS Host controller driver") Tested-by: Bean Huo Reviewed-by: Adrian Hunter Reviewed-by: Bean Huo Signed-off-by: Bart Van Assche Signed-off-by: Martin K. Petersen (cherry picked from commit 1fbaa02dfd05229312404aaef8bc9317b4ff8750 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next) [Stanley: Resolved minor conflict in drivers/scsi/ufshcd.c] Bug: 204438323 Change-Id: Ifdf7f016c0d1986fe905f13be8abbeb54af4bce5 Signed-off-by: Bart Van Assche Signed-off-by: Stanley Chu --- drivers/scsi/ufs/ufshcd.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index cc49a39d15f3..3fa07e64b375 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -6942,6 +6942,7 @@ static int ufshcd_abort(struct scsi_cmnd *cmd) unsigned long flags; unsigned int tag; int err = FAILED, res; + bool outstanding; struct ufshcd_lrb *lrbp; u32 reg; @@ -7028,6 +7029,17 @@ static int ufshcd_abort(struct scsi_cmnd *cmd) goto release; } + /* + * Clear the corresponding bit from outstanding_reqs since the command + * has been aborted successfully. + */ + spin_lock_irqsave(host->host_lock, flags); + outstanding = __test_and_clear_bit(tag, &hba->outstanding_reqs); + spin_unlock_irqrestore(host->host_lock, flags); + + if (outstanding) + ufshcd_release_scsi_cmd(hba, lrbp); + err = SUCCESS; release: From 53afb231f54a69d827b882fa282b30bb10cb08a5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 9 Dec 2021 19:02:15 +0100 Subject: [PATCH 33/93] UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers Under some conditions, USB gadget devices can show allocated buffer contents to a host. Fix this up by zero-allocating them so that any extra data will all just be zeros. Reported-by: Szymon Heidrich Tested-by: Szymon Heidrich Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 86ebbc11bb3f60908a51f3e41a17e3f477c2eaa3) Bug: 210292367 Signed-off-by: Greg Kroah-Hartman Change-Id: I72b4376cd4296a8b8af0ade2d702cd420146f3aa --- drivers/usb/gadget/composite.c | 2 +- drivers/usb/gadget/legacy/dbgp.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index 1ef7922b57b6..284eea9f6e4d 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -2221,7 +2221,7 @@ int composite_dev_prepare(struct usb_composite_driver *composite, if (!cdev->req) return -ENOMEM; - cdev->req->buf = kmalloc(USB_COMP_EP0_BUFSIZ, GFP_KERNEL); + cdev->req->buf = kzalloc(USB_COMP_EP0_BUFSIZ, GFP_KERNEL); if (!cdev->req->buf) goto fail; diff --git a/drivers/usb/gadget/legacy/dbgp.c b/drivers/usb/gadget/legacy/dbgp.c index e567afcb2794..355bc7dab9d5 100644 --- a/drivers/usb/gadget/legacy/dbgp.c +++ b/drivers/usb/gadget/legacy/dbgp.c @@ -137,7 +137,7 @@ static int dbgp_enable_ep_req(struct usb_ep *ep) goto fail_1; } - req->buf = kmalloc(DBGP_REQ_LEN, GFP_KERNEL); + req->buf = kzalloc(DBGP_REQ_LEN, GFP_KERNEL); if (!req->buf) { err = -ENOMEM; stp = 2; From e50fe1de2f33fa1e87a2276c6d633cdf9960b058 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 8 Dec 2021 17:04:51 -0800 Subject: [PATCH 34/93] UPSTREAM: wait: add wake_up_pollfree() commit 42288cb44c4b5fff7653bc392b583a2b8bd6a8c0 upstream. Several ->poll() implementations are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay for blocking polls, since a blocking poll occurs within one task; however, non-blocking polls require another solution. This solution is for the queue to be cleared before it is freed, using 'wake_up_poll(wq, EPOLLHUP | POLLFREE);'. However, that has a bug: wake_up_poll() calls __wake_up() with nr_exclusive=1. Therefore, if there are multiple "exclusive" waiters, and the wakeup function for the first one returns a positive value, only that one will be called. That's *not* what's needed for POLLFREE; POLLFREE is special in that it really needs to wake up everyone. Considering the three non-blocking poll systems: - io_uring poll doesn't handle POLLFREE at all, so it is broken anyway. - aio poll is unaffected, since it doesn't support exclusive waits. However, that's fragile, as someone could add this feature later. - epoll doesn't appear to be broken by this, since its wakeup function returns 0 when it sees POLLFREE. But this is fragile. Although there is a workaround (see epoll), it's better to define a function which always sends POLLFREE to all waiters. Add such a function. Also make it verify that the queue really becomes empty after all waiters have been woken up. Reported-by: Linus Torvalds Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211209010455.42744-2-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman Bug: 185125206 Signed-off-by: Greg Kroah-Hartman Change-Id: I4f69da5bbbad53975024d027fa1bbe22522c6efe --- include/linux/wait.h | 26 ++++++++++++++++++++++++++ kernel/sched/wait.c | 7 +++++++ 2 files changed, 33 insertions(+) diff --git a/include/linux/wait.h b/include/linux/wait.h index f8b0704968a1..9b8b0833100a 100644 --- a/include/linux/wait.h +++ b/include/linux/wait.h @@ -207,6 +207,7 @@ void __wake_up_sync_key(struct wait_queue_head *wq_head, unsigned int mode, void void __wake_up_locked_sync_key(struct wait_queue_head *wq_head, unsigned int mode, void *key); void __wake_up_locked(struct wait_queue_head *wq_head, unsigned int mode, int nr); void __wake_up_sync(struct wait_queue_head *wq_head, unsigned int mode); +void __wake_up_pollfree(struct wait_queue_head *wq_head); #define wake_up(x) __wake_up(x, TASK_NORMAL, 1, NULL) #define wake_up_nr(x, nr) __wake_up(x, TASK_NORMAL, nr, NULL) @@ -235,6 +236,31 @@ void __wake_up_sync(struct wait_queue_head *wq_head, unsigned int mode); #define wake_up_interruptible_sync_poll_locked(x, m) \ __wake_up_locked_sync_key((x), TASK_INTERRUPTIBLE, poll_to_key(m)) +/** + * wake_up_pollfree - signal that a polled waitqueue is going away + * @wq_head: the wait queue head + * + * In the very rare cases where a ->poll() implementation uses a waitqueue whose + * lifetime is tied to a task rather than to the 'struct file' being polled, + * this function must be called before the waitqueue is freed so that + * non-blocking polls (e.g. epoll) are notified that the queue is going away. + * + * The caller must also RCU-delay the freeing of the wait_queue_head, e.g. via + * an explicit synchronize_rcu() or call_rcu(), or via SLAB_TYPESAFE_BY_RCU. + */ +static inline void wake_up_pollfree(struct wait_queue_head *wq_head) +{ + /* + * For performance reasons, we don't always take the queue lock here. + * Therefore, we might race with someone removing the last entry from + * the queue, and proceed while they still hold the queue lock. + * However, rcu_read_lock() is required to be held in such cases, so we + * can safely proceed with an RCU-delayed free. + */ + if (waitqueue_active(wq_head)) + __wake_up_pollfree(wq_head); +} + #define ___wait_cond_timeout(condition) \ ({ \ bool __cond = (condition); \ diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c index bc694780a6ba..c4f324ad035c 100644 --- a/kernel/sched/wait.c +++ b/kernel/sched/wait.c @@ -227,6 +227,13 @@ void __wake_up_sync(struct wait_queue_head *wq_head, unsigned int mode) } EXPORT_SYMBOL_GPL(__wake_up_sync); /* For internal use only */ +void __wake_up_pollfree(struct wait_queue_head *wq_head) +{ + __wake_up(wq_head, TASK_NORMAL, 0, poll_to_key(EPOLLHUP | POLLFREE)); + /* POLLFREE must have cleared the queue. */ + WARN_ON_ONCE(waitqueue_active(wq_head)); +} + /* * Note: we use "set_current_state()" _after_ the wait-queue add, * because we need a memory barrier there on SMP, so that any From 49744a390d5172ee3a64be5e195b356b47fd4a06 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 8 Dec 2021 17:04:52 -0800 Subject: [PATCH 35/93] UPSTREAM: binder: use wake_up_pollfree() commit a880b28a71e39013e357fd3adccd1d8a31bc69a8 upstream. wake_up_poll() uses nr_exclusive=1, so it's not guaranteed to wake up all exclusive waiters. Yet, POLLFREE *must* wake up all waiters. epoll and aio poll are fortunately not affected by this, but it's very fragile. Thus, the new function wake_up_pollfree() has been introduced. Convert binder to use wake_up_pollfree(). Reported-by: Linus Torvalds Fixes: f5cb779ba163 ("ANDROID: binder: remove waitqueue when thread exits.") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211209010455.42744-3-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman Bug: 185125206 Signed-off-by: Greg Kroah-Hartman Change-Id: I8354c40ed73a7d88132a74a388704f0eb307a618 --- drivers/android/binder.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index dabfb68c66e2..78f8cf0d6626 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -4587,23 +4587,20 @@ static int binder_thread_release(struct binder_proc *proc, __release(&t->lock); /* - * If this thread used poll, make sure we remove the waitqueue - * from any epoll data structures holding it with POLLFREE. - * waitqueue_active() is safe to use here because we're holding - * the inner lock. + * If this thread used poll, make sure we remove the waitqueue from any + * poll data structures holding it. */ - if ((thread->looper & BINDER_LOOPER_STATE_POLL) && - waitqueue_active(&thread->wait)) { - wake_up_poll(&thread->wait, EPOLLHUP | POLLFREE); - } + if (thread->looper & BINDER_LOOPER_STATE_POLL) + wake_up_pollfree(&thread->wait); binder_inner_proc_unlock(thread->proc); /* - * This is needed to avoid races between wake_up_poll() above and - * and ep_remove_waitqueue() called for other reasons (eg the epoll file - * descriptor being closed); ep_remove_waitqueue() holds an RCU read - * lock, so we can be sure it's done after calling synchronize_rcu(). + * This is needed to avoid races between wake_up_pollfree() above and + * someone else removing the last entry from the queue for other reasons + * (e.g. ep_remove_wait_queue() being called due to an epoll file + * descriptor being closed). Such other users hold an RCU read lock, so + * we can be sure they're done after we call synchronize_rcu(). */ if (thread->looper & BINDER_LOOPER_STATE_POLL) synchronize_rcu(); From f9651768846abacb803bbb6a17071f4dcb9e0e93 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 8 Dec 2021 17:04:53 -0800 Subject: [PATCH 36/93] UPSTREAM: signalfd: use wake_up_pollfree() commit 9537bae0da1f8d1e2361ab6d0479e8af7824e160 upstream. wake_up_poll() uses nr_exclusive=1, so it's not guaranteed to wake up all exclusive waiters. Yet, POLLFREE *must* wake up all waiters. epoll and aio poll are fortunately not affected by this, but it's very fragile. Thus, the new function wake_up_pollfree() has been introduced. Convert signalfd to use wake_up_pollfree(). Reported-by: Linus Torvalds Fixes: d80e731ecab4 ("epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree()") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211209010455.42744-4-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman Bug: 185125206 Signed-off-by: Greg Kroah-Hartman Change-Id: I1d97ac9c9fbb28c164bd4b51deeefbbb139205e7 --- fs/signalfd.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/fs/signalfd.c b/fs/signalfd.c index 456046e15873..b94fb5f81797 100644 --- a/fs/signalfd.c +++ b/fs/signalfd.c @@ -35,17 +35,7 @@ void signalfd_cleanup(struct sighand_struct *sighand) { - wait_queue_head_t *wqh = &sighand->signalfd_wqh; - /* - * The lockless check can race with remove_wait_queue() in progress, - * but in this case its caller should run under rcu_read_lock() and - * sighand_cachep is SLAB_TYPESAFE_BY_RCU, we can safely return. - */ - if (likely(!waitqueue_active(wqh))) - return; - - /* wait_queue_entry_t->func(POLLFREE) should do remove_wait_queue() */ - wake_up_poll(wqh, EPOLLHUP | POLLFREE); + wake_up_pollfree(&sighand->signalfd_wqh); } struct signalfd_ctx { From b9c8788830ab0878b84b45d8330aea48bfba2f38 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 10 Dec 2021 15:48:04 -0800 Subject: [PATCH 37/93] UPSTREAM: aio: keep poll requests on waitqueue until completed commit 363bee27e25804d8981dd1c025b4ad49dc39c530 upstream. Currently, aio_poll_wake() will always remove the poll request from the waitqueue. Then, if aio_poll_complete_work() sees that none of the polled events are ready and the request isn't cancelled, it re-adds the request to the waitqueue. (This can easily happen when polling a file that doesn't pass an event mask when waking up its waitqueue.) This is fundamentally broken for two reasons: 1. If a wakeup occurs between vfs_poll() and the request being re-added to the waitqueue, it will be missed because the request wasn't on the waitqueue at the time. Therefore, IOCB_CMD_POLL might never complete even if the polled file is ready. 2. When the request isn't on the waitqueue, there is no way to be notified that the waitqueue is being freed (which happens when its lifetime is shorter than the struct file's). This is supposed to happen via the waitqueue entries being woken up with POLLFREE. Therefore, leave the requests on the waitqueue until they are actually completed (or cancelled). To keep track of when aio_poll_complete_work needs to be scheduled, use new fields in struct poll_iocb. Remove the 'done' field which is now redundant. Note that this is consistent with how sys_poll() and eventpoll work; their wakeup functions do *not* remove the waitqueue entries. Fixes: 2c14fa838cbe ("aio: implement IOCB_CMD_POLL") Cc: # v4.18+ Link: https://lore.kernel.org/r/20211209010455.42744-5-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman Bug: 185125206 Signed-off-by: Greg Kroah-Hartman Change-Id: Ic85396773d98ef3ccf48559462557e4faa3289c3 --- fs/aio.c | 83 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 63 insertions(+), 20 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 6a21d8919409..37c5f450d159 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -182,8 +182,9 @@ struct poll_iocb { struct file *file; struct wait_queue_head *head; __poll_t events; - bool done; bool cancelled; + bool work_scheduled; + bool work_need_resched; struct wait_queue_entry wait; struct work_struct work; }; @@ -1640,14 +1641,26 @@ static void aio_poll_complete_work(struct work_struct *work) * avoid further branches in the fast path. */ spin_lock_irq(&ctx->ctx_lock); + spin_lock(&req->head->lock); if (!mask && !READ_ONCE(req->cancelled)) { - add_wait_queue(req->head, &req->wait); + /* + * The request isn't actually ready to be completed yet. + * Reschedule completion if another wakeup came in. + */ + if (req->work_need_resched) { + schedule_work(&req->work); + req->work_need_resched = false; + } else { + req->work_scheduled = false; + } + spin_unlock(&req->head->lock); spin_unlock_irq(&ctx->ctx_lock); return; } + list_del_init(&req->wait.entry); + spin_unlock(&req->head->lock); list_del_init(&iocb->ki_list); iocb->ki_res.res = mangle_poll(mask); - req->done = true; spin_unlock_irq(&ctx->ctx_lock); iocb_put(iocb); @@ -1661,9 +1674,9 @@ static int aio_poll_cancel(struct kiocb *iocb) spin_lock(&req->head->lock); WRITE_ONCE(req->cancelled, true); - if (!list_empty(&req->wait.entry)) { - list_del_init(&req->wait.entry); + if (!req->work_scheduled) { schedule_work(&aiocb->poll.work); + req->work_scheduled = true; } spin_unlock(&req->head->lock); @@ -1682,20 +1695,26 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, if (mask && !(mask & req->events)) return 0; - list_del_init(&req->wait.entry); - - if (mask && spin_trylock_irqsave(&iocb->ki_ctx->ctx_lock, flags)) { + /* + * Complete the request inline if possible. This requires that three + * conditions be met: + * 1. An event mask must have been passed. If a plain wakeup was done + * instead, then mask == 0 and we have to call vfs_poll() to get + * the events, so inline completion isn't possible. + * 2. The completion work must not have already been scheduled. + * 3. ctx_lock must not be busy. We have to use trylock because we + * already hold the waitqueue lock, so this inverts the normal + * locking order. Use irqsave/irqrestore because not all + * filesystems (e.g. fuse) call this function with IRQs disabled, + * yet IRQs have to be disabled before ctx_lock is obtained. + */ + if (mask && !req->work_scheduled && + spin_trylock_irqsave(&iocb->ki_ctx->ctx_lock, flags)) { struct kioctx *ctx = iocb->ki_ctx; - /* - * Try to complete the iocb inline if we can. Use - * irqsave/irqrestore because not all filesystems (e.g. fuse) - * call this function with IRQs disabled and because IRQs - * have to be disabled before ctx_lock is obtained. - */ + list_del_init(&req->wait.entry); list_del(&iocb->ki_list); iocb->ki_res.res = mangle_poll(mask); - req->done = true; if (iocb->ki_eventfd && eventfd_signal_count()) { iocb = NULL; INIT_WORK(&req->work, aio_poll_put_work); @@ -1705,7 +1724,20 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, if (iocb) iocb_put(iocb); } else { - schedule_work(&req->work); + /* + * Schedule the completion work if needed. If it was already + * scheduled, record that another wakeup came in. + * + * Don't remove the request from the waitqueue here, as it might + * not actually be complete yet (we won't know until vfs_poll() + * is called), and we must not miss any wakeups. + */ + if (req->work_scheduled) { + req->work_need_resched = true; + } else { + schedule_work(&req->work); + req->work_scheduled = true; + } } return 1; } @@ -1752,8 +1784,9 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) req->events = demangle_poll(iocb->aio_buf) | EPOLLERR | EPOLLHUP; req->head = NULL; - req->done = false; req->cancelled = false; + req->work_scheduled = false; + req->work_need_resched = false; apt.pt._qproc = aio_poll_queue_proc; apt.pt._key = req->events; @@ -1768,17 +1801,27 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) spin_lock_irq(&ctx->ctx_lock); if (likely(req->head)) { spin_lock(&req->head->lock); - if (unlikely(list_empty(&req->wait.entry))) { - if (apt.error) + if (list_empty(&req->wait.entry) || req->work_scheduled) { + /* + * aio_poll_wake() already either scheduled the async + * completion work, or completed the request inline. + */ + if (apt.error) /* unsupported case: multiple queues */ cancel = true; apt.error = 0; mask = 0; } if (mask || apt.error) { + /* Steal to complete synchronously. */ list_del_init(&req->wait.entry); } else if (cancel) { + /* Cancel if possible (may be too late though). */ WRITE_ONCE(req->cancelled, true); - } else if (!req->done) { /* actually waiting for an event */ + } else if (!list_empty(&req->wait.entry)) { + /* + * Actually waiting for an event, so add the request to + * active_reqs so that it can be cancelled if needed. + */ list_add_tail(&aiocb->ki_list, &ctx->active_reqs); aiocb->ki_cancel = aio_poll_cancel; } From ae22ebebbbf077199dbe0d17eb0af1d775b78918 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 10 Dec 2021 15:48:05 -0800 Subject: [PATCH 38/93] UPSTREAM: aio: fix use-after-free due to missing POLLFREE handling commit 50252e4b5e989ce64555c7aef7516bdefc2fea72 upstream. signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay for blocking polls, since a blocking poll occurs within one task; however, non-blocking polls require another solution. This solution is for the queue to be cleared before it is freed, by sending a POLLFREE notification to all waiters. Unfortunately, only eventpoll handles POLLFREE. A second type of non-blocking poll, aio poll, was added in kernel v4.18, and it doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with aio poll, and the waitqueue gets freed. Fix this by making aio poll handle POLLFREE. A patch by Ramji Jiyani (https://lore.kernel.org/r/20211027011834.2497484-1-ramjiyani@google.com) tried to do this by making aio_poll_wake() always complete the request inline if POLLFREE is seen. However, that solution had two bugs. First, it introduced a deadlock, as it unconditionally locked the aio context while holding the waitqueue lock, which inverts the normal locking order. Second, it didn't consider that POLLFREE notifications are missed while the request has been temporarily de-queued. The second problem was solved by my previous patch. This patch then properly fixes the use-after-free by handling POLLFREE in a deadlock-free way. It does this by taking advantage of the fact that freeing of the waitqueue is RCU-delayed, similar to what eventpoll does. Fixes: 2c14fa838cbe ("aio: implement IOCB_CMD_POLL") Cc: # v4.18+ Link: https://lore.kernel.org/r/20211209010455.42744-6-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman Bug: 185125206 Signed-off-by: Greg Kroah-Hartman Change-Id: I748544276cf2fe214097751507d9c0ee4e3d3475 --- fs/aio.c | 137 ++++++++++++++++++++++++-------- include/uapi/asm-generic/poll.h | 2 +- 2 files changed, 107 insertions(+), 32 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 37c5f450d159..2a9dfa58ec3a 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1622,6 +1622,51 @@ static void aio_poll_put_work(struct work_struct *work) iocb_put(iocb); } +/* + * Safely lock the waitqueue which the request is on, synchronizing with the + * case where the ->poll() provider decides to free its waitqueue early. + * + * Returns true on success, meaning that req->head->lock was locked, req->wait + * is on req->head, and an RCU read lock was taken. Returns false if the + * request was already removed from its waitqueue (which might no longer exist). + */ +static bool poll_iocb_lock_wq(struct poll_iocb *req) +{ + wait_queue_head_t *head; + + /* + * While we hold the waitqueue lock and the waitqueue is nonempty, + * wake_up_pollfree() will wait for us. However, taking the waitqueue + * lock in the first place can race with the waitqueue being freed. + * + * We solve this as eventpoll does: by taking advantage of the fact that + * all users of wake_up_pollfree() will RCU-delay the actual free. If + * we enter rcu_read_lock() and see that the pointer to the queue is + * non-NULL, we can then lock it without the memory being freed out from + * under us, then check whether the request is still on the queue. + * + * Keep holding rcu_read_lock() as long as we hold the queue lock, in + * case the caller deletes the entry from the queue, leaving it empty. + * In that case, only RCU prevents the queue memory from being freed. + */ + rcu_read_lock(); + head = smp_load_acquire(&req->head); + if (head) { + spin_lock(&head->lock); + if (!list_empty(&req->wait.entry)) + return true; + spin_unlock(&head->lock); + } + rcu_read_unlock(); + return false; +} + +static void poll_iocb_unlock_wq(struct poll_iocb *req) +{ + spin_unlock(&req->head->lock); + rcu_read_unlock(); +} + static void aio_poll_complete_work(struct work_struct *work) { struct poll_iocb *req = container_of(work, struct poll_iocb, work); @@ -1641,24 +1686,25 @@ static void aio_poll_complete_work(struct work_struct *work) * avoid further branches in the fast path. */ spin_lock_irq(&ctx->ctx_lock); - spin_lock(&req->head->lock); - if (!mask && !READ_ONCE(req->cancelled)) { - /* - * The request isn't actually ready to be completed yet. - * Reschedule completion if another wakeup came in. - */ - if (req->work_need_resched) { - schedule_work(&req->work); - req->work_need_resched = false; - } else { - req->work_scheduled = false; + if (poll_iocb_lock_wq(req)) { + if (!mask && !READ_ONCE(req->cancelled)) { + /* + * The request isn't actually ready to be completed yet. + * Reschedule completion if another wakeup came in. + */ + if (req->work_need_resched) { + schedule_work(&req->work); + req->work_need_resched = false; + } else { + req->work_scheduled = false; + } + poll_iocb_unlock_wq(req); + spin_unlock_irq(&ctx->ctx_lock); + return; } - spin_unlock(&req->head->lock); - spin_unlock_irq(&ctx->ctx_lock); - return; - } - list_del_init(&req->wait.entry); - spin_unlock(&req->head->lock); + list_del_init(&req->wait.entry); + poll_iocb_unlock_wq(req); + } /* else, POLLFREE has freed the waitqueue, so we must complete */ list_del_init(&iocb->ki_list); iocb->ki_res.res = mangle_poll(mask); spin_unlock_irq(&ctx->ctx_lock); @@ -1672,13 +1718,14 @@ static int aio_poll_cancel(struct kiocb *iocb) struct aio_kiocb *aiocb = container_of(iocb, struct aio_kiocb, rw); struct poll_iocb *req = &aiocb->poll; - spin_lock(&req->head->lock); - WRITE_ONCE(req->cancelled, true); - if (!req->work_scheduled) { - schedule_work(&aiocb->poll.work); - req->work_scheduled = true; - } - spin_unlock(&req->head->lock); + if (poll_iocb_lock_wq(req)) { + WRITE_ONCE(req->cancelled, true); + if (!req->work_scheduled) { + schedule_work(&aiocb->poll.work); + req->work_scheduled = true; + } + poll_iocb_unlock_wq(req); + } /* else, the request was force-cancelled by POLLFREE already */ return 0; } @@ -1730,7 +1777,8 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, * * Don't remove the request from the waitqueue here, as it might * not actually be complete yet (we won't know until vfs_poll() - * is called), and we must not miss any wakeups. + * is called), and we must not miss any wakeups. POLLFREE is an + * exception to this; see below. */ if (req->work_scheduled) { req->work_need_resched = true; @@ -1738,6 +1786,28 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, schedule_work(&req->work); req->work_scheduled = true; } + + /* + * If the waitqueue is being freed early but we can't complete + * the request inline, we have to tear down the request as best + * we can. That means immediately removing the request from its + * waitqueue and preventing all further accesses to the + * waitqueue via the request. We also need to schedule the + * completion work (done above). Also mark the request as + * cancelled, to potentially skip an unneeded call to ->poll(). + */ + if (mask & POLLFREE) { + WRITE_ONCE(req->cancelled, true); + list_del_init(&req->wait.entry); + + /* + * Careful: this *must* be the last step, since as soon + * as req->head is NULL'ed out, the request can be + * completed and freed, since aio_poll_complete_work() + * will no longer need to take the waitqueue lock. + */ + smp_store_release(&req->head, NULL); + } } return 1; } @@ -1745,6 +1815,7 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, struct aio_poll_table { struct poll_table_struct pt; struct aio_kiocb *iocb; + bool queued; int error; }; @@ -1755,11 +1826,12 @@ aio_poll_queue_proc(struct file *file, struct wait_queue_head *head, struct aio_poll_table *pt = container_of(p, struct aio_poll_table, pt); /* multiple wait queues per file are not supported */ - if (unlikely(pt->iocb->poll.head)) { + if (unlikely(pt->queued)) { pt->error = -EINVAL; return; } + pt->queued = true; pt->error = 0; pt->iocb->poll.head = head; add_wait_queue(head, &pt->iocb->poll.wait); @@ -1791,6 +1863,7 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) apt.pt._qproc = aio_poll_queue_proc; apt.pt._key = req->events; apt.iocb = aiocb; + apt.queued = false; apt.error = -EINVAL; /* same as no support for IOCB_CMD_POLL */ /* initialized the list so that we can do list_empty checks */ @@ -1799,9 +1872,10 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) mask = vfs_poll(req->file, &apt.pt) & req->events; spin_lock_irq(&ctx->ctx_lock); - if (likely(req->head)) { - spin_lock(&req->head->lock); - if (list_empty(&req->wait.entry) || req->work_scheduled) { + if (likely(apt.queued)) { + bool on_queue = poll_iocb_lock_wq(req); + + if (!on_queue || req->work_scheduled) { /* * aio_poll_wake() already either scheduled the async * completion work, or completed the request inline. @@ -1817,7 +1891,7 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) } else if (cancel) { /* Cancel if possible (may be too late though). */ WRITE_ONCE(req->cancelled, true); - } else if (!list_empty(&req->wait.entry)) { + } else if (on_queue) { /* * Actually waiting for an event, so add the request to * active_reqs so that it can be cancelled if needed. @@ -1825,7 +1899,8 @@ static int aio_poll(struct aio_kiocb *aiocb, const struct iocb *iocb) list_add_tail(&aiocb->ki_list, &ctx->active_reqs); aiocb->ki_cancel = aio_poll_cancel; } - spin_unlock(&req->head->lock); + if (on_queue) + poll_iocb_unlock_wq(req); } if (mask) { /* no async, we'd stolen it */ aiocb->ki_res.res = mangle_poll(mask); diff --git a/include/uapi/asm-generic/poll.h b/include/uapi/asm-generic/poll.h index 41b509f410bf..f9c520ce4bf4 100644 --- a/include/uapi/asm-generic/poll.h +++ b/include/uapi/asm-generic/poll.h @@ -29,7 +29,7 @@ #define POLLRDHUP 0x2000 #endif -#define POLLFREE (__force __poll_t)0x4000 /* currently only for epoll */ +#define POLLFREE (__force __poll_t)0x4000 #define POLL_BUSY_LOOP (__force __poll_t)0x8000 From 8b7ffd60a56f29e59a5dc013ed93a21125f67ff9 Mon Sep 17 00:00:00 2001 From: Thomas Haemmerle Date: Sun, 3 Oct 2021 22:13:55 +0200 Subject: [PATCH 39/93] UPSTREAM: usb: gadget: uvc: fix multiple opens Currently, the UVC function is activated when open on the corresponding v4l2 device is called. On another open the activation of the function fails since the deactivation counter in `usb_function_activate` equals 0. However the error is not returned to userspace since the open of the v4l2 device is successful. On a close the function is deactivated (since deactivation counter still equals 0) and the video is disabled in `uvc_v4l2_release`, although the UVC application potentially is streaming. Move activation of UVC function to subscription on UVC_EVENT_SETUP because there we can guarantee for a userspace application utilizing UVC. Block subscription on UVC_EVENT_SETUP while another application already is subscribed to it, indicated by `bool func_connected` in `struct uvc_device`. Extend the `struct uvc_file_handle` with member `bool is_uvc_app_handle` to tag it as the handle used by the userspace UVC application. With this a process is able to check capabilities of the v4l2 device without deactivating the function for the actual UVC application. Reviewed-By: Michael Tretter Reviewed-by: Laurent Pinchart Signed-off-by: Thomas Haemmerle Signed-off-by: Michael Tretter Signed-off-by: Michael Grzeschik Acked-by: Felipe Balbi Link: https://lore.kernel.org/r/20211003201355.24081-1-m.grzeschik@pengutronix.de Signed-off-by: Greg Kroah-Hartman Bug: 209496225 Change-Id: I17944b520d6cc29f86dd6b64b257c0d3185cb69a (cherry picked from commit 72ee48ee8925446eaeda8e4ef3f2eb16b4a93d2a) Signed-off-by: Dan Vacura --- drivers/usb/gadget/function/uvc.h | 2 ++ drivers/usb/gadget/function/uvc_v4l2.c | 49 ++++++++++++++++++++++---- 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/function/uvc.h b/drivers/usb/gadget/function/uvc.h index 23ee25383c1f..893aaa70f81a 100644 --- a/drivers/usb/gadget/function/uvc.h +++ b/drivers/usb/gadget/function/uvc.h @@ -117,6 +117,7 @@ struct uvc_device { enum uvc_state state; struct usb_function func; struct uvc_video video; + bool func_connected; /* Descriptors */ struct { @@ -147,6 +148,7 @@ static inline struct uvc_device *to_uvc(struct usb_function *f) struct uvc_file_handle { struct v4l2_fh vfh; struct uvc_video *device; + bool is_uvc_app_handle; }; #define to_uvc_file_handle(handle) \ diff --git a/drivers/usb/gadget/function/uvc_v4l2.c b/drivers/usb/gadget/function/uvc_v4l2.c index 4ca89eab6159..197c26f7aec6 100644 --- a/drivers/usb/gadget/function/uvc_v4l2.c +++ b/drivers/usb/gadget/function/uvc_v4l2.c @@ -227,17 +227,55 @@ static int uvc_v4l2_subscribe_event(struct v4l2_fh *fh, const struct v4l2_event_subscription *sub) { + struct uvc_device *uvc = video_get_drvdata(fh->vdev); + struct uvc_file_handle *handle = to_uvc_file_handle(fh); + int ret; + if (sub->type < UVC_EVENT_FIRST || sub->type > UVC_EVENT_LAST) return -EINVAL; - return v4l2_event_subscribe(fh, sub, 2, NULL); + if (sub->type == UVC_EVENT_SETUP && uvc->func_connected) + return -EBUSY; + + ret = v4l2_event_subscribe(fh, sub, 2, NULL); + if (ret < 0) + return ret; + + if (sub->type == UVC_EVENT_SETUP) { + uvc->func_connected = true; + handle->is_uvc_app_handle = true; + uvc_function_connect(uvc); + } + + return 0; +} + +static void uvc_v4l2_disable(struct uvc_device *uvc) +{ + uvc->func_connected = false; + uvc_function_disconnect(uvc); + uvcg_video_enable(&uvc->video, 0); + uvcg_free_buffers(&uvc->video.queue); } static int uvc_v4l2_unsubscribe_event(struct v4l2_fh *fh, const struct v4l2_event_subscription *sub) { - return v4l2_event_unsubscribe(fh, sub); + struct uvc_device *uvc = video_get_drvdata(fh->vdev); + struct uvc_file_handle *handle = to_uvc_file_handle(fh); + int ret; + + ret = v4l2_event_unsubscribe(fh, sub); + if (ret < 0) + return ret; + + if (sub->type == UVC_EVENT_SETUP && handle->is_uvc_app_handle) { + uvc_v4l2_disable(uvc); + handle->is_uvc_app_handle = false; + } + + return 0; } static long @@ -292,7 +330,6 @@ uvc_v4l2_open(struct file *file) handle->device = &uvc->video; file->private_data = &handle->vfh; - uvc_function_connect(uvc); return 0; } @@ -304,11 +341,9 @@ uvc_v4l2_release(struct file *file) struct uvc_file_handle *handle = to_uvc_file_handle(file->private_data); struct uvc_video *video = handle->device; - uvc_function_disconnect(uvc); - mutex_lock(&video->mutex); - uvcg_video_enable(video, 0); - uvcg_free_buffers(&video->queue); + if (handle->is_uvc_app_handle) + uvc_v4l2_disable(uvc); mutex_unlock(&video->mutex); file->private_data = NULL; From f37b6d79f8d8c221b5da3724f300b089d1c00e60 Mon Sep 17 00:00:00 2001 From: Patrick Daly Date: Wed, 8 Dec 2021 21:29:03 -0800 Subject: [PATCH 40/93] ANDROID: mm/memory_hotplug: Don't special case memory_block_size_bytes If add_memory_subsection() is called with a size of memory_block_size_bytes, it calls into add_memory(), which declares the region as system ram, and adds it to the buddy allocator. This is inconsistent with the behavior of add_memory_subsection() for other sizes, for which it does not add the memory to buddy and instead reserves it for the caller's private use. Bug: 210008865 Fixes: 417ac617ea5e ("ANDROID: mm/memory_hotplug: implement {add/remove}_memory_subsection") Change-Id: Iefb69b0b4e96af670d0e65c325a9538d14b460e3 Signed-off-by: Patrick Daly --- mm/memory_hotplug.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 41ac69bc0299..21066576ee45 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1136,9 +1136,6 @@ int add_memory_subsection(int nid, u64 start, u64 size) struct resource *res; int ret; - if (size == memory_block_size_bytes()) - return add_memory(nid, start, size, MHP_NONE); - if (!IS_ALIGNED(start, SUBSECTION_SIZE) || !IS_ALIGNED(size, SUBSECTION_SIZE)) { pr_err("%s: start 0x%llx size 0x%llx not aligned to subsection size\n", @@ -1837,9 +1834,6 @@ EXPORT_SYMBOL_GPL(remove_memory); int remove_memory_subsection(int nid, u64 start, u64 size) { - if (size == memory_block_size_bytes()) - return remove_memory(nid, start, size); - if (!IS_ALIGNED(start, SUBSECTION_SIZE) || !IS_ALIGNED(size, SUBSECTION_SIZE)) { pr_err("%s: start 0x%llx size 0x%llx not aligned to subsection size\n", From 89137e0047fe366bcba18ff1b20eeefaca908fee Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Fri, 20 Aug 2021 15:35:00 +0300 Subject: [PATCH 41/93] UPSTREAM: xhci: Fix failure to give back some cached cancelled URBs. Only TDs with status TD_CLEARING_CACHE will be given back after cache is cleared with a set TR deq command. xhci_invalidate_cached_td() failed to set the TD_CLEARING_CACHE status for some cancelled TDs as it assumed an endpoint only needs to clear the TD it stopped on. This isn't always true. For example with streams enabled an endpoint may have several stream rings, each stopping on a different TDs. Note that if an endpoint has several stream rings, the current code will still only clear the cache of the stream pointed to by the last cancelled TD in the cancel list. This patch only focus on making sure all canceled TDs are given back, avoiding hung task after device removal. Another fix to solve clearing the caches of all stream rings with cancelled TDs is needed, but not as urgent. This issue was simultanously discovered and debugged by by Tao Wang, with a slightly different fix proposal. Fixes: 674f8438c121 ("xhci: split handling halted endpoints into two steps") Cc: #5.12 Reported-by: Tao Wang Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20210820123503.2605901-4-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman Bug: 209501020 (cherry picked from commit 94f339147fc3eb9edef7ee4ef6e39c569c073753) Change-Id: Ie7d39365e00b54154be2fd9ca05b5600bd18850d Signed-off-by: Wesley Cheng From e80be54e4b6055d1565e6e18c9ffd94956883ac5 Mon Sep 17 00:00:00 2001 From: Li Jun Date: Wed, 8 Sep 2021 10:28:19 +0800 Subject: [PATCH 42/93] UPSTREAM: usb: dwc3: core: balance phy init and exit After we start to do core soft reset while usb role switch, the phy init is invoked at every switch to device mode, but its counter part de-init is missing, this causes the actual phy init can not be done when we really want to re-init phy like system resume, because the counter maintained by phy core is not 0. considering phy init is actually redundant for role switch, so move out the phy init from core soft reset to dwc3 core init where is the only place required. Fixes: f88359e1588b ("usb: dwc3: core: Do core softreset when switch mode") Cc: Tested-by: faqiang.zhu Tested-by: John Stultz #HiKey960 Acked-by: Felipe Balbi Signed-off-by: Li Jun Link: https://lore.kernel.org/r/1631068099-13559-1-git-send-email-jun.li@nxp.com Signed-off-by: Greg Kroah-Hartman Bug: 194108974 (cherry picked from commit 8cfac9a6744fcb143cb3e94ce002f09fd17fadbb) Change-Id: I47b3de1b3d56aecc235b89b1d8b9f34961068636 Signed-off-by: Jindong Yue --- drivers/usb/dwc3/core.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 34a08815bf18..cb514a3bd449 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -264,19 +264,6 @@ static int dwc3_core_soft_reset(struct dwc3 *dwc) { u32 reg; int retries = 1000; - int ret; - - usb_phy_init(dwc->usb2_phy); - usb_phy_init(dwc->usb3_phy); - ret = phy_init(dwc->usb2_generic_phy); - if (ret < 0) - return ret; - - ret = phy_init(dwc->usb3_generic_phy); - if (ret < 0) { - phy_exit(dwc->usb2_generic_phy); - return ret; - } /* * We're resetting only the device side because, if we're in host mode, @@ -310,9 +297,6 @@ static int dwc3_core_soft_reset(struct dwc3 *dwc) udelay(1); } while (--retries); - phy_exit(dwc->usb3_generic_phy); - phy_exit(dwc->usb2_generic_phy); - return -ETIMEDOUT; done: @@ -982,9 +966,21 @@ static int dwc3_core_init(struct dwc3 *dwc) dwc->phys_ready = true; } + usb_phy_init(dwc->usb2_phy); + usb_phy_init(dwc->usb3_phy); + ret = phy_init(dwc->usb2_generic_phy); + if (ret < 0) + goto err0a; + + ret = phy_init(dwc->usb3_generic_phy); + if (ret < 0) { + phy_exit(dwc->usb2_generic_phy); + goto err0a; + } + ret = dwc3_core_soft_reset(dwc); if (ret) - goto err0a; + goto err1; if (hw_mode == DWC3_GHWPARAMS0_MODE_DRD && !DWC3_VER_IS_WITHIN(DWC3, ANY, 194A)) { From 1260b47d4fbb9f79065d357808b191d8285e21b2 Mon Sep 17 00:00:00 2001 From: Yunfei Wang Date: Sun, 14 Nov 2021 16:49:00 +0800 Subject: [PATCH 43/93] FROMGIT: dma-buf: remove restriction of IOCTL:DMA_BUF_SET_NAME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In this patch(https://patchwork.freedesktop.org/patch/310349), it add a new IOCTL to support dma-buf user to set debug name. But it also added a limitation of this IOCTL, it needs the attachments of dmabuf should be empty, otherwise it will fail. For the original series, the idea was that allowing name change mid-use could confuse the users about the dma-buf. However, the rest of the series also makes sure each dma-buf have a unique inode(https://patchwork.freedesktop.org/patch/310387/), and any accounting should probably use that, without relying on the name as much. So, removing this restriction will let dma-buf userspace users to use it more comfortably and without any side effect. Signed-off-by: Guangming Cao Reviewed-by: Christian König Signed-off-by: Christian König Link: https://lore.kernel.org/lkml/20211009024733.65676-1-guangming.cao@mediatek.com/T/ Bug: 209090315 (cherry picked from commit e73c317efbf9a6ab2d1c18eff8343958ab6df73a https://anongit.freedesktop.org/git/drm/drm-misc.git drm-misc) Change-Id: Ic163a92d002608c72a0c96854922ad16e0c14b06 Signed-off-by: Yunfei Wang --- drivers/dma-buf/dma-buf.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index e4fdefbfe107..d2d83d0cd647 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -350,29 +350,18 @@ out: static long _dma_buf_set_name(struct dma_buf *dmabuf, const char *name) { - long ret = 0; - - dma_resv_lock(dmabuf->resv, NULL); - if (!list_empty(&dmabuf->attachments)) { - ret = -EBUSY; - goto out_unlock; - } spin_lock(&dmabuf->name_lock); kfree(dmabuf->name); dmabuf->name = name; spin_unlock(&dmabuf->name_lock); -out_unlock: - dma_resv_unlock(dmabuf->resv); - return ret; + return 0; } /** * dma_buf_set_name - Set a name to a specific dma_buf to track the usage. - * The name of the dma-buf buffer can only be set when the dma-buf is not - * attached to any devices. It could theoritically support changing the - * name of the dma-buf if the same piece of memory is used for multiple - * purpose between different devices. + * It could support changing the name of the dma-buf if the same piece of + * memory is used for multiple purpose between different devices. * * @dmabuf: [in] dmabuf buffer that will be renamed. * @buf: [in] A piece of userspace memory that contains the name of From 791f85d16ddd615ca250ed171a663bce113baaa9 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka Date: Sun, 23 May 2021 01:28:37 +0200 Subject: [PATCH 44/93] UPSTREAM: mm, slub: allocate private object map for debugfs listings Slub has a static spinlock protected bitmap for marking which objects are on freelist when it wants to list them, for situations where dynamically allocating such map can lead to recursion or locking issues, and on-stack bitmap would be too large. The handlers of debugfs files alloc_traces and free_traces also currently use this shared bitmap, but their syscall context makes it straightforward to allocate a private map before entering locked sections, so switch these processing paths to use a private bitmap. Signed-off-by: Vlastimil Babka Acked-by: Christoph Lameter Acked-by: Mel Gorman Bug: 209932470 (cherry picked from commit b3fd64e1451b5efd94aa0ebc755e02558e6f3ca1) Change-Id: I5fbf34e0d828d1c8b5e81e3679f81b70ce1fc8bc Signed-off-by: Yee Lee --- mm/slub.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 6cdd8f0b3da7..7a41a91d2433 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -433,6 +433,18 @@ static inline bool cmpxchg_double_slab(struct kmem_cache *s, struct page *page, static unsigned long object_map[BITS_TO_LONGS(MAX_OBJS_PER_PAGE)]; static DEFINE_SPINLOCK(object_map_lock); +static void __fill_map(unsigned long *obj_map, struct kmem_cache *s, + struct page *page) +{ + void *addr = page_address(page); + void *p; + + bitmap_zero(obj_map, page->objects); + + for (p = page->freelist; p; p = get_freepointer(s, p)) + set_bit(__obj_to_index(s, addr, p), obj_map); +} + /* * Determine a map of object in use on a page. * @@ -442,17 +454,11 @@ static DEFINE_SPINLOCK(object_map_lock); static unsigned long *get_map(struct kmem_cache *s, struct page *page) __acquires(&object_map_lock) { - void *p; - void *addr = page_address(page); - VM_BUG_ON(!irqs_disabled()); spin_lock(&object_map_lock); - bitmap_zero(object_map, page->objects); - - for (p = page->freelist; p; p = get_freepointer(s, p)) - set_bit(__obj_to_index(s, addr, p), object_map); + __fill_map(object_map, s, page); return object_map; } @@ -4778,17 +4784,17 @@ static int add_location(struct loc_track *t, struct kmem_cache *s, } static void process_slab(struct loc_track *t, struct kmem_cache *s, - struct page *page, enum track_item alloc) + struct page *page, enum track_item alloc, + unsigned long *obj_map) { void *addr = page_address(page); void *p; - unsigned long *map; - map = get_map(s, page); + __fill_map(obj_map, s, page); + for_each_object(p, s, addr, page->objects) - if (!test_bit(__obj_to_index(s, addr, p), map)) + if (!test_bit(__obj_to_index(s, addr, p), obj_map)) add_location(t, s, get_track(s, p, alloc)); - put_map(map); } #endif /* CONFIG_DEBUG_FS */ #endif /* CONFIG_SLUB_DEBUG */ @@ -5783,14 +5789,21 @@ static int slab_debug_trace_open(struct inode *inode, struct file *filep) struct loc_track *t = __seq_open_private(filep, &slab_debugfs_sops, sizeof(struct loc_track)); struct kmem_cache *s = file_inode(filep)->i_private; + unsigned long *obj_map; + + obj_map = bitmap_alloc(oo_objects(s->oo), GFP_KERNEL); + if (!obj_map) + return -ENOMEM; if (strcmp(filep->f_path.dentry->d_name.name, "alloc_traces") == 0) alloc = TRACK_ALLOC; else alloc = TRACK_FREE; - if (!alloc_loc_track(t, PAGE_SIZE / sizeof(struct location), GFP_KERNEL)) + if (!alloc_loc_track(t, PAGE_SIZE / sizeof(struct location), GFP_KERNEL)) { + bitmap_free(obj_map); return -ENOMEM; + } /* Push back cpu slabs */ flush_all(s); @@ -5804,12 +5817,13 @@ static int slab_debug_trace_open(struct inode *inode, struct file *filep) spin_lock_irqsave(&n->list_lock, flags); list_for_each_entry(page, &n->partial, slab_list) - process_slab(t, s, page, alloc); + process_slab(t, s, page, alloc, obj_map); list_for_each_entry(page, &n->full, slab_list) - process_slab(t, s, page, alloc); + process_slab(t, s, page, alloc, obj_map); spin_unlock_irqrestore(&n->list_lock, flags); } + bitmap_free(obj_map); return 0; } From 6b6725f77d50d98478495150a52564bcac449e40 Mon Sep 17 00:00:00 2001 From: Miaohe Lin Date: Mon, 18 Oct 2021 15:15:52 -0700 Subject: [PATCH 45/93] UPSTREAM: mm, slub: fix two bugs in slab_debug_trace_open() Patch series "Fixups for slub". This series contains various bug fixes for slub. We fix memoryleak, use-afer-free, NULL pointer dereferencing and so on in slub. More details can be found in the respective changelogs. This patch (of 5): It's possible that __seq_open_private() will return NULL. So we should check it before using lest dereferencing NULL pointer. And in error paths, we forgot to release private buffer via seq_release_private(). Memory will leak in these paths. Link: https://lkml.kernel.org/r/20210916123920.48704-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20210916123920.48704-2-linmiaohe@huawei.com Fixes: 64dd68497be7 ("mm: slub: move sysfs slab alloc/free interfaces to debugfs") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Greg Kroah-Hartman Cc: Faiyaz Mohammed Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Kees Cook Cc: Bharata B Rao Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Bug: 209932470 (cherry picked from commit 2127d22509aec3a83dffb2a3c736df7ba747a7ce) Signed-off-by: Yee Lee Change-Id: Id9cec52a846a7e05e1495033ff4b9a1a6bc615b0 --- mm/slub.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 7a41a91d2433..236465d3d7f5 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -5791,10 +5791,15 @@ static int slab_debug_trace_open(struct inode *inode, struct file *filep) struct kmem_cache *s = file_inode(filep)->i_private; unsigned long *obj_map; - obj_map = bitmap_alloc(oo_objects(s->oo), GFP_KERNEL); - if (!obj_map) + if (!t) return -ENOMEM; + obj_map = bitmap_alloc(oo_objects(s->oo), GFP_KERNEL); + if (!obj_map) { + seq_release_private(inode, filep); + return -ENOMEM; + } + if (strcmp(filep->f_path.dentry->d_name.name, "alloc_traces") == 0) alloc = TRACK_ALLOC; else @@ -5802,6 +5807,7 @@ static int slab_debug_trace_open(struct inode *inode, struct file *filep) if (!alloc_loc_track(t, PAGE_SIZE / sizeof(struct location), GFP_KERNEL)) { bitmap_free(obj_map); + seq_release_private(inode, filep); return -ENOMEM; } From cd02f347abe7ecd4a3d0c97703ac8af547a8d379 Mon Sep 17 00:00:00 2001 From: Miaohe Lin Date: Mon, 18 Oct 2021 15:15:55 -0700 Subject: [PATCH 46/93] UPSTREAM: mm, slub: fix mismatch between reconstructed freelist depth and cnt If object's reuse is delayed, it will be excluded from the reconstructed freelist. But we forgot to adjust the cnt accordingly. So there will be a mismatch between reconstructed freelist depth and cnt. This will lead to free_debug_processing() complaining about freelist count or a incorrect slub inuse count. Link: https://lkml.kernel.org/r/20210916123920.48704-3-linmiaohe@huawei.com Fixes: c3895391df38 ("kasan, slub: fix handling of kasan_slab_free hook") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Bharata B Rao Cc: Christoph Lameter Cc: David Rientjes Cc: Faiyaz Mohammed Cc: Greg Kroah-Hartman Cc: Joonsoo Kim Cc: Kees Cook Cc: Pekka Enberg Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Bug: 209932470 (cherry picked from commit 899447f669da76cc3605665e1a95ee877bc464cc) Signed-off-by: Yee Lee Change-Id: I6811ce42332472baca8d3fddb3662609125fb1e2 --- mm/slub.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 236465d3d7f5..a729e07f2e6d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1603,7 +1603,8 @@ static __always_inline bool slab_free_hook(struct kmem_cache *s, } static inline bool slab_free_freelist_hook(struct kmem_cache *s, - void **head, void **tail) + void **head, void **tail, + int *cnt) { void *object; @@ -1630,6 +1631,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, *head = object; if (!*tail) *tail = object; + } else { + /* + * Adjust the reconstructed freelist depth + * accordingly if object's reuse is delayed. + */ + --(*cnt); } } while (object != old_tail); @@ -3198,7 +3205,7 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page, * With KASAN enabled slab_free_freelist_hook modifies the freelist * to remove objects, whose reuse must be delayed. */ - if (slab_free_freelist_hook(s, &head, &tail)) + if (slab_free_freelist_hook(s, &head, &tail, &cnt)) do_slab_free(s, page, head, tail, cnt, addr); } From e07a663f5db2ec9db80407cff29147262003d69b Mon Sep 17 00:00:00 2001 From: Miaohe Lin Date: Mon, 18 Oct 2021 15:15:59 -0700 Subject: [PATCH 47/93] UPSTREAM: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. Link: https://lkml.kernel.org/r/20210916123920.48704-4-linmiaohe@huawei.com Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Bharata B Rao Cc: Christoph Lameter Cc: David Rientjes Cc: Faiyaz Mohammed Cc: Greg Kroah-Hartman Cc: Joonsoo Kim Cc: Kees Cook Cc: Pekka Enberg Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Bug: 209932470 (cherry picked from commit 9037c57681d25e4dcc442d940d6dbe24dd31f461) Signed-off-by: Yee Lee Change-Id: Ie54a97bb47104315b995c52a47791ca30b21e6a5 --- mm/slub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index a729e07f2e6d..a9fa06927860 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3901,8 +3901,8 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) if (alloc_kmem_cache_cpus(s)) return 0; - free_kmem_cache_nodes(s); error: + __kmem_cache_release(s); return -EINVAL; } From 82ac5b0b1da4a413c4630f4d703b1de71d3a5a76 Mon Sep 17 00:00:00 2001 From: Miaohe Lin Date: Mon, 18 Oct 2021 15:16:02 -0700 Subject: [PATCH 48/93] UPSTREAM: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a use-after-free. Link: https://lkml.kernel.org/r/20210916123920.48704-5-linmiaohe@huawei.com Fixes: 64dd68497be7 ("mm: slub: move sysfs slab alloc/free interfaces to debugfs") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Bharata B Rao Cc: Christoph Lameter Cc: David Rientjes Cc: Faiyaz Mohammed Cc: Greg Kroah-Hartman Cc: Joonsoo Kim Cc: Kees Cook Cc: Pekka Enberg Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Bug: 209932470 (cherry picked from commit 67823a544414def2a36c212abadb55b23bcda00c) Signed-off-by: Yee Lee Change-Id: I0287b3c9d9ee919f9404143f9b7d8b9c27bafe87 --- mm/slub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index a9fa06927860..d26c986b7660 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -4514,13 +4514,15 @@ int __kmem_cache_create(struct kmem_cache *s, slab_flags_t flags) return 0; err = sysfs_slab_add(s); - if (err) + if (err) { __kmem_cache_release(s); + return err; + } if (s->flags & SLAB_STORE_USER) debugfs_slab_add(s); - return err; + return 0; } void *__kmalloc_track_caller(size_t size, gfp_t gfpflags, unsigned long caller) From ddd9e015045302bef22e89334d6b8fc22d63dca3 Mon Sep 17 00:00:00 2001 From: Miaohe Lin Date: Mon, 18 Oct 2021 15:16:06 -0700 Subject: [PATCH 49/93] UPSTREAM: mm, slub: fix incorrect memcg slab count for bulk free kmem_cache_free_bulk() will call memcg_slab_free_hook() for all objects when doing bulk free. So we shouldn't call memcg_slab_free_hook() again for bulk free to avoid incorrect memcg slab count. Link: https://lkml.kernel.org/r/20210916123920.48704-6-linmiaohe@huawei.com Fixes: d1b2cf6cb84a ("mm: memcg/slab: uncharge during kmem_cache_free_bulk()") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Bharata B Rao Cc: Christoph Lameter Cc: David Rientjes Cc: Faiyaz Mohammed Cc: Greg Kroah-Hartman Cc: Joonsoo Kim Cc: Kees Cook Cc: Pekka Enberg Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Bug: 209932470 (cherry picked from commit 3ddd60268c24bcac9d744404cc277e9dc52fe6b6) Signed-off-by: Yee Lee Change-Id: I072d03da1cae71c6e4ceed08e85ff034a71e7037 --- mm/slub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index d26c986b7660..3cc7184af092 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3161,7 +3161,9 @@ static __always_inline void do_slab_free(struct kmem_cache *s, struct kmem_cache_cpu *c; unsigned long tid; - memcg_slab_free_hook(s, &head, 1); + /* memcg_slab_free_hook() is already called for bulk free. */ + if (!tail) + memcg_slab_free_hook(s, &head, 1); redo: /* * Determine the currently cpus per cpu slab. From 392cb940f6a9338981fb9df1382ab48e939b5131 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Thu, 9 Dec 2021 10:25:43 -0800 Subject: [PATCH 50/93] FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file Android OTA failed due to SBI_NEED_FSCK flag when pinning the file. Let's avoid it since we can do in-place-updates. Bug: 210593661 Signed-off-by: Jaegeuk Kim (cherry picked from commit 70da2736a4138b86a12873d33fefbb495e22e6f8 git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev) Signed-off-by: Huang Jianan Change-Id: I3fd33c984417c10b38e23de6cec017b03d588945 --- fs/f2fs/data.c | 7 +++++-- fs/f2fs/file.c | 10 +++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 9fb150cca9d7..0be74710aadc 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2515,6 +2515,11 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) { struct f2fs_sb_info *sbi = F2FS_I_SB(inode); + /* The below cases were checked when setting it. */ + if (f2fs_is_pinned_file(inode)) + return false; + if (fio && is_sbi_flag_set(sbi, SBI_NEED_FSCK)) + return true; if (f2fs_lfs_mode(sbi)) return true; if (S_ISDIR(inode->i_mode)) @@ -2523,8 +2528,6 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (f2fs_is_atomic_file(inode)) return true; - if (is_sbi_flag_set(sbi, SBI_NEED_FSCK)) - return true; /* swap file is migrating in aligned write mode */ if (is_inode_flag_set(inode, FI_ALIGNED_WRITE)) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 750a27c473d8..2fb1263788c8 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -3250,17 +3250,17 @@ static int f2fs_ioc_set_pin_file(struct file *filp, unsigned long arg) inode_lock(inode); - if (f2fs_should_update_outplace(inode, NULL)) { - ret = -EINVAL; - goto out; - } - if (!pin) { clear_inode_flag(inode, FI_PIN_FILE); f2fs_i_gc_failures_write(inode, 0); goto done; } + if (f2fs_should_update_outplace(inode, NULL)) { + ret = -EINVAL; + goto out; + } + if (f2fs_pin_file_control(inode, false)) { ret = -EAGAIN; goto out; From 9180348b91c09eadf5807c8d815ab13d50d2a4d8 Mon Sep 17 00:00:00 2001 From: Anton Yakovlev Date: Tue, 15 Sep 2020 13:04:55 +0200 Subject: [PATCH 51/93] FROMLIST: virtio: do not reset stateful devices on resume We assume that stateful devices can maintain their state while suspended. And for this reason they don't have a freeze callback. If such a device is reset during resume, the device state/context will be lost on the device side. And the virtual device will stop working. Signed-off-by: Anton Yakovlev Signed-off-by: Mikhail Golubev Bug: 180046477 Link: https://lore.kernel.org/all/20211214163249.GA253555@opensynergy.com/ Change-Id: I20410a5af8f73eebba1986965c347288ee07c0ab Signed-off-by: Mikhail Golubev --- drivers/virtio/virtio.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index 42e09cc1b8ac..b384bbcc9ad3 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -408,6 +408,13 @@ int virtio_device_restore(struct virtio_device *dev) struct virtio_driver *drv = drv_to_virtio(dev->dev.driver); int ret; + /* Short path for stateful devices. Here we assume that if the device + * does not have a freeze callback, its state was not changed when + * suspended. + */ + if (drv && !drv->freeze) + goto on_config_enable; + /* We always start by resetting the device, in case a previous * driver messed it up. */ dev->config->reset(dev); @@ -439,6 +446,7 @@ int virtio_device_restore(struct virtio_device *dev) /* Finally, tell the device we're all set */ virtio_add_status(dev, VIRTIO_CONFIG_S_DRIVER_OK); +on_config_enable: virtio_config_enable(dev); return 0; From f3f87608d8d4502826a720f14cf5215cfdf6eb32 Mon Sep 17 00:00:00 2001 From: Yurii Danilovskyi Date: Tue, 14 Dec 2021 17:11:31 +0100 Subject: [PATCH 52/93] FROMLIST: virtio_mmio: pm: Add notification handlers for restore and freeze Handle restore and freeze notifications from the PM core. Expose these to individual virtio drivers that can quiesce and resume vq operations. Signed-off-by: Yurii Danilovskyi Signed-off-by: Mikhail Golubev Bug: 141626390 Link: https://lore.kernel.org/all/20211214161124.GA202691@opensynergy.com/ Change-Id: Ie53a16991b10c02ac125a55c4bbf04d89f0a365e Signed-off-by: Mikhail Golubev --- drivers/virtio/virtio_mmio.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c index 238383ff1064..de73bd63f6b6 100644 --- a/drivers/virtio/virtio_mmio.c +++ b/drivers/virtio/virtio_mmio.c @@ -763,6 +763,26 @@ static void vm_unregister_cmdline_devices(void) #endif +#ifdef CONFIG_PM_SLEEP +static int virtio_mmio_freeze(struct device *dev) +{ + struct platform_device *pdev = to_platform_device(dev); + struct virtio_mmio_device *vm_dev = platform_get_drvdata(pdev); + + return virtio_device_freeze(&vm_dev->vdev); +} + +static int virtio_mmio_restore(struct device *dev) +{ + struct platform_device *pdev = to_platform_device(dev); + struct virtio_mmio_device *vm_dev = platform_get_drvdata(pdev); + + return virtio_device_restore(&vm_dev->vdev); +} +#endif + +static SIMPLE_DEV_PM_OPS(virtio_mmio_pm_ops, virtio_mmio_freeze, virtio_mmio_restore); + /* Platform driver */ static const struct of_device_id virtio_mmio_match[] = { @@ -786,6 +806,7 @@ static struct platform_driver virtio_mmio_driver = { .name = "virtio-mmio", .of_match_table = virtio_mmio_match, .acpi_match_table = ACPI_PTR(virtio_mmio_acpi_match), + .pm = &virtio_mmio_pm_ops, }, }; From 2fc2c66b9ce4bfcd40d67437a10d71af83b5b280 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 4 Nov 2021 13:42:56 -0700 Subject: [PATCH 53/93] ANDROID: percpu-rwsem: enable percpu_sem destruction in atomic context Calling percpu_free_rwsem in atomic context results in "scheduling while atomic" bug being triggered: BUG: scheduling while atomic: klogd/158/0x00000002 ... __schedule_bug+0x191/0x290 schedule_debug+0x97/0x180 __schedule+0xdc/0xba0 schedule+0xda/0x250 schedule_timeout+0x92/0x2d0 __wait_for_common+0x25b/0x430 wait_for_completion+0x1f/0x30 rcu_barrier+0x440/0x4f0 rcu_sync_dtor+0xaa/0x190 percpu_free_rwsem+0x41/0x80 Introduce percpu_rwsem_destroy function to perform semaphore destruction in a worker thread. Bug: 161210518 Signed-off-by: Suren Baghdasaryan Change-Id: I74ac65c2a9962492cd5002d7a019d2aa13a21a8c --- include/linux/percpu-rwsem.h | 13 ++++++++++++- kernel/locking/percpu-rwsem.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/include/linux/percpu-rwsem.h b/include/linux/percpu-rwsem.h index 5fda40f97fe9..bf1668fc9c5e 100644 --- a/include/linux/percpu-rwsem.h +++ b/include/linux/percpu-rwsem.h @@ -13,7 +13,14 @@ struct percpu_rw_semaphore { struct rcu_sync rss; unsigned int __percpu *read_count; struct rcuwait writer; - wait_queue_head_t waiters; + /* + * destroy_list_entry is used during object destruction when waiters + * can't be used, therefore reusing the same space. + */ + union { + wait_queue_head_t waiters; + struct list_head destroy_list_entry; + }; atomic_t block; #ifdef CONFIG_DEBUG_LOCK_ALLOC struct lockdep_map dep_map; @@ -127,8 +134,12 @@ extern void percpu_up_write(struct percpu_rw_semaphore *); extern int __percpu_init_rwsem(struct percpu_rw_semaphore *, const char *, struct lock_class_key *); +/* Can't be called in atomic context. */ extern void percpu_free_rwsem(struct percpu_rw_semaphore *); +/* Invokes percpu_free_rwsem and frees the semaphore from a worker thread. */ +extern void percpu_rwsem_async_destroy(struct percpu_rw_semaphore *sem); + #define percpu_init_rwsem(sem) \ ({ \ static struct lock_class_key rwsem_key; \ diff --git a/kernel/locking/percpu-rwsem.c b/kernel/locking/percpu-rwsem.c index 70a32a576f3f..a3d37bf83c60 100644 --- a/kernel/locking/percpu-rwsem.c +++ b/kernel/locking/percpu-rwsem.c @@ -7,6 +7,7 @@ #include #include #include +#include #include int __percpu_init_rwsem(struct percpu_rw_semaphore *sem, @@ -268,3 +269,34 @@ void percpu_up_write(struct percpu_rw_semaphore *sem) rcu_sync_exit(&sem->rss); } EXPORT_SYMBOL_GPL(percpu_up_write); + +static LIST_HEAD(destroy_list); +static DEFINE_SPINLOCK(destroy_list_lock); + +static void destroy_list_workfn(struct work_struct *work) +{ + struct percpu_rw_semaphore *sem, *sem2; + LIST_HEAD(to_destroy); + + spin_lock(&destroy_list_lock); + list_splice_init(&destroy_list, &to_destroy); + spin_unlock(&destroy_list_lock); + + if (list_empty(&to_destroy)) + return; + + list_for_each_entry_safe(sem, sem2, &to_destroy, destroy_list_entry) { + percpu_free_rwsem(sem); + kfree(sem); + } +} + +static DECLARE_WORK(destroy_list_work, destroy_list_workfn); + +void percpu_rwsem_async_destroy(struct percpu_rw_semaphore *sem) +{ + spin_lock(&destroy_list_lock); + list_add_tail(&sem->destroy_list_entry, &destroy_list); + spin_unlock(&destroy_list_lock); + schedule_work(&destroy_list_work); +} From 6971350406a366f4565bdc6b17c08ddd577f27f3 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 4 Nov 2021 13:42:56 -0700 Subject: [PATCH 54/93] ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPF When pagefaults are handled speculatively,the pair of mmu_notifier_invalidate_range_start/mmu_notifier_invalidate_range_end calls happen without mmap_lock being taken. This enables the following race: mmu_notifier_invalidate_range_start mmap_write_lock mmu_notifier_register mmap_write_unlock mmu_notifier_invalidate_range_end In this case mmu_notifier_invalidate_range_end will see a new subscriber not seen at the time of mmu_notifier_invalidate_range_start and will call ops->invalidate_range_end for that subscriber without the matching ops->invalidate_range_start, creating imbalance. Fix this by introducing a new mm->mmu_notifier_lock percpu_rw_semaphore to synchronize mmu_notifier_invalidate_range_start/ mmu_notifier_invalidate_range_end with mmu_notifier_register when handling pagefaults speculatively without holding mmap_lock. percpu_rw_semaphore is used instead of rw_semaphore to prevent cache line bouncing in the pagefault path. Fixes: 86ee4a531ea0 ("FROMLIST: x86/mm: add speculative pagefault handling") Bug: 161210518 Signed-off-by: Suren Baghdasaryan Change-Id: I9c363b2348efcad19818f93b010abf956870ab55 --- include/linux/mm_types.h | 4 +++ include/linux/mmu_notifier.h | 66 ++++++++++++++++++++++++++++++++++-- kernel/fork.c | 3 +- mm/memory.c | 15 ++++++-- mm/mmu_notifier.c | 26 +++++++++++++- 5 files changed, 108 insertions(+), 6 deletions(-) diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index c853f612a815..e7bab1c7a452 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -404,6 +404,7 @@ struct core_state { }; struct kioctx_table; +struct percpu_rw_semaphore; struct mm_struct { struct { struct vm_area_struct *mmap; /* list of VMAs */ @@ -561,6 +562,9 @@ struct mm_struct { struct file __rcu *exe_file; #ifdef CONFIG_MMU_NOTIFIER struct mmu_notifier_subscriptions *notifier_subscriptions; +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + struct percpu_rw_semaphore *mmu_notifier_lock; +#endif #endif #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS pgtable_t pmd_huge_pte; /* protected by page_table_lock */ diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h index a7255f582d7c..de5e37f95d99 100644 --- a/include/linux/mmu_notifier.h +++ b/include/linux/mmu_notifier.h @@ -6,6 +6,8 @@ #include #include #include +#include +#include #include #include #include @@ -502,9 +504,50 @@ static inline void mmu_notifier_invalidate_range(struct mm_struct *mm, __mmu_notifier_invalidate_range(mm, start, end); } -static inline void mmu_notifier_subscriptions_init(struct mm_struct *mm) +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + +static inline bool mmu_notifier_subscriptions_init(struct mm_struct *mm) +{ + mm->mmu_notifier_lock = kzalloc(sizeof(struct percpu_rw_semaphore), GFP_KERNEL); + if (!mm->mmu_notifier_lock) + return false; + + percpu_init_rwsem(mm->mmu_notifier_lock); + mm->notifier_subscriptions = NULL; + + return true; +} + +static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) +{ + if (mm_has_notifiers(mm)) + __mmu_notifier_subscriptions_destroy(mm); + + if (in_atomic()) { + percpu_rwsem_async_destroy(mm->mmu_notifier_lock); + } else { + percpu_free_rwsem(mm->mmu_notifier_lock); + kfree(mm->mmu_notifier_lock); + } + mm->mmu_notifier_lock = NULL; +} + +static inline bool mmu_notifier_trylock(struct mm_struct *mm) +{ + return percpu_down_read_trylock(mm->mmu_notifier_lock); +} + +static inline void mmu_notifier_unlock(struct mm_struct *mm) +{ + percpu_up_read(mm->mmu_notifier_lock); +} + +#else /* CONFIG_SPECULATIVE_PAGE_FAULT */ + +static inline bool mmu_notifier_subscriptions_init(struct mm_struct *mm) { mm->notifier_subscriptions = NULL; + return true; } static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) @@ -513,6 +556,16 @@ static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) __mmu_notifier_subscriptions_destroy(mm); } +static inline bool mmu_notifier_trylock(struct mm_struct *mm) +{ + return true; +} + +static inline void mmu_notifier_unlock(struct mm_struct *mm) +{ +} + +#endif /* CONFIG_SPECULATIVE_PAGE_FAULT */ static inline void mmu_notifier_range_init(struct mmu_notifier_range *range, enum mmu_notifier_event event, @@ -727,14 +780,23 @@ static inline void mmu_notifier_invalidate_range(struct mm_struct *mm, { } -static inline void mmu_notifier_subscriptions_init(struct mm_struct *mm) +static inline bool mmu_notifier_subscriptions_init(struct mm_struct *mm) { + return true; } static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) { } +static inline void mmu_notifier_lock(struct mm_struct *mm) +{ +} + +static inline void mmu_notifier_unlock(struct mm_struct *mm) +{ +} + #define mmu_notifier_range_update_to_read_only(r) false #define ptep_clear_flush_young_notify ptep_clear_flush_young diff --git a/kernel/fork.c b/kernel/fork.c index 45f79721ebd5..c4252e61e313 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1072,7 +1072,8 @@ static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p, mm_init_owner(mm, p); mm_init_pasid(mm); RCU_INIT_POINTER(mm->exe_file, NULL); - mmu_notifier_subscriptions_init(mm); + if (!mmu_notifier_subscriptions_init(mm)) + goto fail_nopgd; init_tlb_flush_pending(mm); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS mm->pmd_huge_pte = NULL; diff --git a/mm/memory.c b/mm/memory.c index 5db2a3ed395b..dfe88223c483 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4717,8 +4717,19 @@ static vm_fault_t handle_pte_fault(struct vm_fault *vmf) goto unlock; } if (vmf->flags & FAULT_FLAG_WRITE) { - if (!pte_write(entry)) - return do_wp_page(vmf); + if (!pte_write(entry)) { + if (!(vmf->flags & FAULT_FLAG_SPECULATIVE)) + return do_wp_page(vmf); + + if (!mmu_notifier_trylock(vmf->vma->vm_mm)) { + ret = VM_FAULT_RETRY; + goto unlock; + } + + ret = do_wp_page(vmf); + mmu_notifier_unlock(vmf->vma->vm_mm); + return ret; + } entry = pte_mkdirty(entry); } entry = pte_mkyoung(entry); diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c index 07f42a7a6065..ce161cd0c8a1 100644 --- a/mm/mmu_notifier.c +++ b/mm/mmu_notifier.c @@ -621,6 +621,25 @@ void __mmu_notifier_invalidate_range(struct mm_struct *mm, srcu_read_unlock(&srcu, id); } +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + +static inline void mmu_notifier_write_lock(struct mm_struct *mm) +{ + percpu_down_write(mm->mmu_notifier_lock); +} + +static inline void mmu_notifier_write_unlock(struct mm_struct *mm) +{ + percpu_up_write(mm->mmu_notifier_lock); +} + +#else /* CONFIG_SPECULATIVE_PAGE_FAULT */ + +static inline void mmu_notifier_write_lock(struct mm_struct *mm) {} +static inline void mmu_notifier_write_unlock(struct mm_struct *mm) {} + +#endif /* CONFIG_SPECULATIVE_PAGE_FAULT */ + /* * Same as mmu_notifier_register but here the caller must hold the mmap_lock in * write mode. A NULL mn signals the notifier is being registered for itree @@ -661,9 +680,13 @@ int __mmu_notifier_register(struct mmu_notifier *subscription, INIT_HLIST_HEAD(&subscriptions->deferred_list); } + mmu_notifier_write_lock(mm); + ret = mm_take_all_locks(mm); - if (unlikely(ret)) + if (unlikely(ret)) { + mmu_notifier_write_unlock(mm); goto out_clean; + } /* * Serialize the update against mmu_notifier_unregister. A @@ -698,6 +721,7 @@ int __mmu_notifier_register(struct mmu_notifier *subscription, mm->notifier_subscriptions->has_itree = true; mm_drop_all_locks(mm); + mmu_notifier_write_unlock(mm); BUG_ON(atomic_read(&mm->mm_users) <= 0); return 0; From a4d26b9a4b5787ff825bf98967e4931fee100129 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Wed, 24 Nov 2021 07:43:12 -0800 Subject: [PATCH 55/93] ANDROID: fix ABI breakage caused by percpu_rw_semaphore changes percpu_rw_semaphore changes to allow calling percpu_free_rwsem in atomic context cause ABI breakage. Introduce percpu_free_rwsem_atomic wrapper and change percpu_rwsem_destroy to use it in order to keep percpu_rw_semaphore struct intact and fix ABI breakage. Bug: 161210518 Signed-off-by: Suren Baghdasaryan Change-Id: I198a6381fb48059f2aaa2ec38b8c1e5e5e936bb0 --- include/linux/mm_types.h | 4 ++-- include/linux/mmu_notifier.h | 11 ++++++----- include/linux/percpu-rwsem.h | 16 +++++++--------- kernel/locking/percpu-rwsem.c | 6 +++--- mm/mmu_notifier.c | 4 ++-- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index e7bab1c7a452..a769ef105e6a 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -404,7 +404,7 @@ struct core_state { }; struct kioctx_table; -struct percpu_rw_semaphore; +struct percpu_rw_semaphore_atomic; struct mm_struct { struct { struct vm_area_struct *mmap; /* list of VMAs */ @@ -563,7 +563,7 @@ struct mm_struct { #ifdef CONFIG_MMU_NOTIFIER struct mmu_notifier_subscriptions *notifier_subscriptions; #ifdef CONFIG_SPECULATIVE_PAGE_FAULT - struct percpu_rw_semaphore *mmu_notifier_lock; + struct percpu_rw_semaphore_atomic *mmu_notifier_lock; #endif #endif #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h index de5e37f95d99..986ed43eeafc 100644 --- a/include/linux/mmu_notifier.h +++ b/include/linux/mmu_notifier.h @@ -508,11 +508,12 @@ static inline void mmu_notifier_invalidate_range(struct mm_struct *mm, static inline bool mmu_notifier_subscriptions_init(struct mm_struct *mm) { - mm->mmu_notifier_lock = kzalloc(sizeof(struct percpu_rw_semaphore), GFP_KERNEL); + mm->mmu_notifier_lock = kzalloc( + sizeof(struct percpu_rw_semaphore_atomic), GFP_KERNEL); if (!mm->mmu_notifier_lock) return false; - percpu_init_rwsem(mm->mmu_notifier_lock); + percpu_init_rwsem(&mm->mmu_notifier_lock->rw_sem); mm->notifier_subscriptions = NULL; return true; @@ -526,7 +527,7 @@ static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) if (in_atomic()) { percpu_rwsem_async_destroy(mm->mmu_notifier_lock); } else { - percpu_free_rwsem(mm->mmu_notifier_lock); + percpu_free_rwsem(&mm->mmu_notifier_lock->rw_sem); kfree(mm->mmu_notifier_lock); } mm->mmu_notifier_lock = NULL; @@ -534,12 +535,12 @@ static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) static inline bool mmu_notifier_trylock(struct mm_struct *mm) { - return percpu_down_read_trylock(mm->mmu_notifier_lock); + return percpu_down_read_trylock(&mm->mmu_notifier_lock->rw_sem); } static inline void mmu_notifier_unlock(struct mm_struct *mm) { - percpu_up_read(mm->mmu_notifier_lock); + percpu_up_read(&mm->mmu_notifier_lock->rw_sem); } #else /* CONFIG_SPECULATIVE_PAGE_FAULT */ diff --git a/include/linux/percpu-rwsem.h b/include/linux/percpu-rwsem.h index bf1668fc9c5e..536976636c58 100644 --- a/include/linux/percpu-rwsem.h +++ b/include/linux/percpu-rwsem.h @@ -13,20 +13,18 @@ struct percpu_rw_semaphore { struct rcu_sync rss; unsigned int __percpu *read_count; struct rcuwait writer; - /* - * destroy_list_entry is used during object destruction when waiters - * can't be used, therefore reusing the same space. - */ - union { - wait_queue_head_t waiters; - struct list_head destroy_list_entry; - }; + wait_queue_head_t waiters; atomic_t block; #ifdef CONFIG_DEBUG_LOCK_ALLOC struct lockdep_map dep_map; #endif }; +struct percpu_rw_semaphore_atomic { + struct percpu_rw_semaphore rw_sem; + struct list_head destroy_list_entry; +}; + #ifdef CONFIG_DEBUG_LOCK_ALLOC #define __PERCPU_RWSEM_DEP_MAP_INIT(lockname) .dep_map = { .name = #lockname }, #else @@ -138,7 +136,7 @@ extern int __percpu_init_rwsem(struct percpu_rw_semaphore *, extern void percpu_free_rwsem(struct percpu_rw_semaphore *); /* Invokes percpu_free_rwsem and frees the semaphore from a worker thread. */ -extern void percpu_rwsem_async_destroy(struct percpu_rw_semaphore *sem); +extern void percpu_rwsem_async_destroy(struct percpu_rw_semaphore_atomic *sem); #define percpu_init_rwsem(sem) \ ({ \ diff --git a/kernel/locking/percpu-rwsem.c b/kernel/locking/percpu-rwsem.c index a3d37bf83c60..b88eda4eb624 100644 --- a/kernel/locking/percpu-rwsem.c +++ b/kernel/locking/percpu-rwsem.c @@ -275,7 +275,7 @@ static DEFINE_SPINLOCK(destroy_list_lock); static void destroy_list_workfn(struct work_struct *work) { - struct percpu_rw_semaphore *sem, *sem2; + struct percpu_rw_semaphore_atomic *sem, *sem2; LIST_HEAD(to_destroy); spin_lock(&destroy_list_lock); @@ -286,14 +286,14 @@ static void destroy_list_workfn(struct work_struct *work) return; list_for_each_entry_safe(sem, sem2, &to_destroy, destroy_list_entry) { - percpu_free_rwsem(sem); + percpu_free_rwsem(&sem->rw_sem); kfree(sem); } } static DECLARE_WORK(destroy_list_work, destroy_list_workfn); -void percpu_rwsem_async_destroy(struct percpu_rw_semaphore *sem) +void percpu_rwsem_async_destroy(struct percpu_rw_semaphore_atomic *sem) { spin_lock(&destroy_list_lock); list_add_tail(&sem->destroy_list_entry, &destroy_list); diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c index ce161cd0c8a1..7f01fa75d351 100644 --- a/mm/mmu_notifier.c +++ b/mm/mmu_notifier.c @@ -625,12 +625,12 @@ void __mmu_notifier_invalidate_range(struct mm_struct *mm, static inline void mmu_notifier_write_lock(struct mm_struct *mm) { - percpu_down_write(mm->mmu_notifier_lock); + percpu_down_write(&mm->mmu_notifier_lock->rw_sem); } static inline void mmu_notifier_write_unlock(struct mm_struct *mm) { - percpu_up_write(mm->mmu_notifier_lock); + percpu_up_write(&mm->mmu_notifier_lock->rw_sem); } #else /* CONFIG_SPECULATIVE_PAGE_FAULT */ From 5d8520b5572a79257ea18410a0eca98000f872a7 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Wed, 24 Nov 2021 07:56:04 -0800 Subject: [PATCH 56/93] ANDROID: fix ABI breakage caused by mm_struct->mmu_notifier_lock addition To prevent ABI breakage, move mm->mmu_notifier_lock into mm->notifier_subscriptions and allocate mm->notifier_subscriptions during mm creation in mmu_notifier_subscriptions_init. This results in additional 176 bytes allocated for each mm, but prevents ABI breakage. mmu_notifier_subscriptions_hdr structure is introduced at the beginning of mmu_notifier_subscriptions to keep mmu_notifier_subscriptions hidden and prevent its type CRC from changing when used in other structures. Bug: 161210518 Signed-off-by: Suren Baghdasaryan Change-Id: I6f435708d642b70b22e0243c8b33108c208ce5bb --- include/linux/mm_types.h | 4 --- include/linux/mmu_notifier.h | 62 +++++++++++++++++--------------- mm/mmu_notifier.c | 68 +++++++++++++++++++++++++++++++----- 3 files changed, 94 insertions(+), 40 deletions(-) diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index a769ef105e6a..c853f612a815 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -404,7 +404,6 @@ struct core_state { }; struct kioctx_table; -struct percpu_rw_semaphore_atomic; struct mm_struct { struct { struct vm_area_struct *mmap; /* list of VMAs */ @@ -562,9 +561,6 @@ struct mm_struct { struct file __rcu *exe_file; #ifdef CONFIG_MMU_NOTIFIER struct mmu_notifier_subscriptions *notifier_subscriptions; -#ifdef CONFIG_SPECULATIVE_PAGE_FAULT - struct percpu_rw_semaphore_atomic *mmu_notifier_lock; -#endif #endif #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS pgtable_t pmd_huge_pte; /* protected by page_table_lock */ diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h index 986ed43eeafc..15c77675ca33 100644 --- a/include/linux/mmu_notifier.h +++ b/include/linux/mmu_notifier.h @@ -17,6 +17,13 @@ struct mmu_notifier; struct mmu_notifier_range; struct mmu_interval_notifier; +struct mmu_notifier_subscriptions_hdr { + bool valid; +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + struct percpu_rw_semaphore_atomic *mmu_notifier_lock; +#endif +}; + /** * enum mmu_notifier_event - reason for the mmu notifier callback * @MMU_NOTIFY_UNMAP: either munmap() that unmap the range or a mremap() that @@ -283,9 +290,30 @@ struct mmu_notifier_range { void *migrate_pgmap_owner; }; +static inline +struct mmu_notifier_subscriptions_hdr *get_notifier_subscriptions_hdr( + struct mm_struct *mm) +{ + /* + * container_of() can't be used here because mmu_notifier_subscriptions + * struct should be kept invisible to mm_struct, otherwise it + * introduces KMI CRC breakage. Therefore the callers don't know what + * members struct mmu_notifier_subscriptions contains and can't call + * container_of(), which requires a member name. + * + * WARNING: For this typecasting to work, mmu_notifier_subscriptions_hdr + * should be the first member of struct mmu_notifier_subscriptions. + */ + return (struct mmu_notifier_subscriptions_hdr *)mm->notifier_subscriptions; +} + static inline int mm_has_notifiers(struct mm_struct *mm) { +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + return unlikely(get_notifier_subscriptions_hdr(mm)->valid); +#else return unlikely(mm->notifier_subscriptions); +#endif } struct mmu_notifier *mmu_notifier_get_locked(const struct mmu_notifier_ops *ops, @@ -506,41 +534,19 @@ static inline void mmu_notifier_invalidate_range(struct mm_struct *mm, #ifdef CONFIG_SPECULATIVE_PAGE_FAULT -static inline bool mmu_notifier_subscriptions_init(struct mm_struct *mm) -{ - mm->mmu_notifier_lock = kzalloc( - sizeof(struct percpu_rw_semaphore_atomic), GFP_KERNEL); - if (!mm->mmu_notifier_lock) - return false; - - percpu_init_rwsem(&mm->mmu_notifier_lock->rw_sem); - mm->notifier_subscriptions = NULL; - - return true; -} - -static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) -{ - if (mm_has_notifiers(mm)) - __mmu_notifier_subscriptions_destroy(mm); - - if (in_atomic()) { - percpu_rwsem_async_destroy(mm->mmu_notifier_lock); - } else { - percpu_free_rwsem(&mm->mmu_notifier_lock->rw_sem); - kfree(mm->mmu_notifier_lock); - } - mm->mmu_notifier_lock = NULL; -} +extern bool mmu_notifier_subscriptions_init(struct mm_struct *mm); +extern void mmu_notifier_subscriptions_destroy(struct mm_struct *mm); static inline bool mmu_notifier_trylock(struct mm_struct *mm) { - return percpu_down_read_trylock(&mm->mmu_notifier_lock->rw_sem); + return percpu_down_read_trylock( + &get_notifier_subscriptions_hdr(mm)->mmu_notifier_lock->rw_sem); } static inline void mmu_notifier_unlock(struct mm_struct *mm) { - percpu_up_read(&mm->mmu_notifier_lock->rw_sem); + percpu_up_read( + &get_notifier_subscriptions_hdr(mm)->mmu_notifier_lock->rw_sem); } #else /* CONFIG_SPECULATIVE_PAGE_FAULT */ diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c index 7f01fa75d351..cee61bab214b 100644 --- a/mm/mmu_notifier.c +++ b/mm/mmu_notifier.c @@ -35,6 +35,12 @@ struct lockdep_map __mmu_notifier_invalidate_range_start_map = { * in mmdrop(). */ struct mmu_notifier_subscriptions { + /* + * WARNING: hdr should be the first member of this structure + * so that it can be typecasted into mmu_notifier_subscriptions_hdr. + * This is required to avoid KMI CRC breakage. + */ + struct mmu_notifier_subscriptions_hdr hdr; /* all mmu notifiers registered in this mm are queued in this list */ struct hlist_head list; bool has_itree; @@ -625,12 +631,14 @@ void __mmu_notifier_invalidate_range(struct mm_struct *mm, static inline void mmu_notifier_write_lock(struct mm_struct *mm) { - percpu_down_write(&mm->mmu_notifier_lock->rw_sem); + percpu_down_write( + &mm->notifier_subscriptions->hdr.mmu_notifier_lock->rw_sem); } static inline void mmu_notifier_write_unlock(struct mm_struct *mm) { - percpu_up_write(&mm->mmu_notifier_lock->rw_sem); + percpu_up_write( + &mm->notifier_subscriptions->hdr.mmu_notifier_lock->rw_sem); } #else /* CONFIG_SPECULATIVE_PAGE_FAULT */ @@ -640,6 +648,16 @@ static inline void mmu_notifier_write_unlock(struct mm_struct *mm) {} #endif /* CONFIG_SPECULATIVE_PAGE_FAULT */ +static void init_subscriptions(struct mmu_notifier_subscriptions *subscriptions) +{ + INIT_HLIST_HEAD(&subscriptions->list); + spin_lock_init(&subscriptions->lock); + subscriptions->invalidate_seq = 2; + subscriptions->itree = RB_ROOT_CACHED; + init_waitqueue_head(&subscriptions->wq); + INIT_HLIST_HEAD(&subscriptions->deferred_list); +} + /* * Same as mmu_notifier_register but here the caller must hold the mmap_lock in * write mode. A NULL mn signals the notifier is being registered for itree @@ -672,12 +690,7 @@ int __mmu_notifier_register(struct mmu_notifier *subscription, if (!subscriptions) return -ENOMEM; - INIT_HLIST_HEAD(&subscriptions->list); - spin_lock_init(&subscriptions->lock); - subscriptions->invalidate_seq = 2; - subscriptions->itree = RB_ROOT_CACHED; - init_waitqueue_head(&subscriptions->wq); - INIT_HLIST_HEAD(&subscriptions->deferred_list); + init_subscriptions(subscriptions); } mmu_notifier_write_lock(mm); @@ -706,6 +719,7 @@ int __mmu_notifier_register(struct mmu_notifier *subscription, */ if (subscriptions) smp_store_release(&mm->notifier_subscriptions, subscriptions); + mm->notifier_subscriptions->hdr.valid = true; if (subscription) { /* Pairs with the mmdrop in mmu_notifier_unregister_* */ @@ -1149,3 +1163,41 @@ mmu_notifier_range_update_to_read_only(const struct mmu_notifier_range *range) return range->vma->vm_flags & VM_READ; } EXPORT_SYMBOL_GPL(mmu_notifier_range_update_to_read_only); + +#ifdef CONFIG_SPECULATIVE_PAGE_FAULT + +bool mmu_notifier_subscriptions_init(struct mm_struct *mm) +{ + struct mmu_notifier_subscriptions *subscriptions; + struct percpu_rw_semaphore_atomic *sem; + + subscriptions = kzalloc( + sizeof(struct mmu_notifier_subscriptions), GFP_KERNEL); + if (!subscriptions) + return false; + + sem = kzalloc(sizeof(struct percpu_rw_semaphore_atomic), GFP_KERNEL); + if (!sem) { + kfree(subscriptions); + return false; + } + percpu_init_rwsem(&sem->rw_sem); + + init_subscriptions(subscriptions); + subscriptions->has_itree = true; + subscriptions->hdr.valid = false; + subscriptions->hdr.mmu_notifier_lock = sem; + mm->notifier_subscriptions = subscriptions; + + return true; +} + +void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) +{ + percpu_rwsem_async_destroy( + mm->notifier_subscriptions->hdr.mmu_notifier_lock); + kfree(mm->notifier_subscriptions); + mm->notifier_subscriptions = NULL; +} + +#endif /* CONFIG_SPECULATIVE_PAGE_FAULT */ From 70c9301d9c4be76630901189cc7376eb22115a3b Mon Sep 17 00:00:00 2001 From: Patrick Daly Date: Mon, 13 Dec 2021 22:54:29 -0800 Subject: [PATCH 57/93] ANDROID: qcom: Add flush_delayed_fput to ABI When a kernel thread calls dma_buf_put() to release the last reference to a dma-buf, fput_many() defers calling the release callback to a workqueue. This means that if the same kernel thread later calls dma_heap_buffer_alloc(), it has no guarantee that the memory from the prior free is available, leading to random failures. As a short-term workaround, call flush_delayed_fput() to ensure the free completes synchronously. Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function void flush_delayed_fput()' Bug: 210598057 Change-Id: Id936aa0bcd410b23b12f4b922b676aa61a358b4c Signed-off-by: Patrick Daly --- android/abi_gki_aarch64.xml | 4 ++++ android/abi_gki_aarch64_qcom | 1 + 2 files changed, 5 insertions(+) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 0ab86c9ebfd3..8c60f8291116 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -2308,6 +2308,7 @@ + @@ -126166,6 +126167,9 @@ + + + diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index f686e734fbb6..e01b646d5bf7 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -899,6 +899,7 @@ finish_wait firmware_request_nowarn flush_dcache_page + flush_delayed_fput flush_delayed_work __flush_icache_range flush_work From 7531e636614de39b704a0f0a882985ec74e6ce88 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 14 Dec 2021 19:46:21 +0100 Subject: [PATCH 58/93] FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum Szymon rightly pointed out that the previous check for the endpoint direction in bRequestType was not looking at only the bit involved, but rather the whole value. Normally this is ok, but for some request types, bits other than bit 8 could be set and the check for the endpoint length could not stall correctly. Fix that up by only checking the single bit. Fixes: 153a2d7e3350 ("USB: gadget: detect too-big endpoint 0 requests") Cc: Felipe Balbi Reported-by: Szymon Heidrich Link: https://lore.kernel.org/r/20211214184621.385828-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman (cherry picked from commit f08adf5add9a071160c68bb2a61d697f39ab0758 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-linus) Bug: 210292376 Signed-off-by: Greg Kroah-Hartman Change-Id: I7e708b2b94433009c87f697346e0515d93454f48 --- drivers/usb/gadget/composite.c | 6 +++--- drivers/usb/gadget/legacy/dbgp.c | 6 +++--- drivers/usb/gadget/legacy/inode.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index 284eea9f6e4d..3789c329183c 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1680,14 +1680,14 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) u8 endp; if (w_length > USB_COMP_EP0_BUFSIZ) { - if (ctrl->bRequestType == USB_DIR_OUT) { - goto done; - } else { + if (ctrl->bRequestType & USB_DIR_IN) { /* Cast away the const, we are going to overwrite on purpose. */ __le16 *temp = (__le16 *)&ctrl->wLength; *temp = cpu_to_le16(USB_COMP_EP0_BUFSIZ); w_length = USB_COMP_EP0_BUFSIZ; + } else { + goto done; } } diff --git a/drivers/usb/gadget/legacy/dbgp.c b/drivers/usb/gadget/legacy/dbgp.c index 355bc7dab9d5..6bcbad382580 100644 --- a/drivers/usb/gadget/legacy/dbgp.c +++ b/drivers/usb/gadget/legacy/dbgp.c @@ -346,14 +346,14 @@ static int dbgp_setup(struct usb_gadget *gadget, u16 len = 0; if (length > DBGP_REQ_LEN) { - if (ctrl->bRequestType == USB_DIR_OUT) { - return err; - } else { + if (ctrl->bRequestType & USB_DIR_IN) { /* Cast away the const, we are going to overwrite on purpose. */ __le16 *temp = (__le16 *)&ctrl->wLength; *temp = cpu_to_le16(DBGP_REQ_LEN); length = DBGP_REQ_LEN; + } else { + return err; } } diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index 04b9c4f5f129..217d2b66fa51 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb/gadget/legacy/inode.c @@ -1336,14 +1336,14 @@ gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) u16 w_length = le16_to_cpu(ctrl->wLength); if (w_length > RBUF_SIZE) { - if (ctrl->bRequestType == USB_DIR_OUT) { - return value; - } else { + if (ctrl->bRequestType & USB_DIR_IN) { /* Cast away the const, we are going to overwrite on purpose. */ __le16 *temp = (__le16 *)&ctrl->wLength; *temp = cpu_to_le16(RBUF_SIZE); w_length = RBUF_SIZE; + } else { + return value; } } From 75617df5b35d4f47663d57605d4a0922837c7708 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 16 Dec 2021 09:05:43 -0800 Subject: [PATCH 59/93] ANDROID: Fix mmu_notifier_trylock definition for !CONFIG_MMU_NOTIFIER config mmu_notifier_trylock definition for CONFIG_MMU_NOTIFIER=n configuration has not been modified from the older version. Correct that mistake. Fixes: 6971350406a3 ("ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPF") Bug: 161210518 Signed-off-by: Suren Baghdasaryan Change-Id: I71b8644bd2864b6ed98a7ff9c15a99fbd4c5a6c5 --- include/linux/mmu_notifier.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h index 15c77675ca33..2c6567b60198 100644 --- a/include/linux/mmu_notifier.h +++ b/include/linux/mmu_notifier.h @@ -796,8 +796,9 @@ static inline void mmu_notifier_subscriptions_destroy(struct mm_struct *mm) { } -static inline void mmu_notifier_lock(struct mm_struct *mm) +static inline bool mmu_notifier_trylock(struct mm_struct *mm) { + return true; } static inline void mmu_notifier_unlock(struct mm_struct *mm) From 414c32d38e90f67a855d73d1ec0100eda3db57c3 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 18 Dec 2020 15:56:24 +0100 Subject: [PATCH 60/93] UPSTREAM: ALSA: memalloc: Align buffer allocations in page size Currently the standard memory allocator (snd_dma_malloc_pages*()) passes the byte size to allocate as is. Most of the backends allocates real pages, hence the actual allocations are aligned in page size. However, the genalloc doesn't seem assuring the size alignment, hence it may result in the access outside the buffer when the whole memory pages are exposed via mmap. For avoiding such inconsistencies, this patch makes the allocation size always to be aligned in page size. Note that, after this change, snd_dma_buffer.bytes field contains the aligned size, not the originally requested size. This value is also used for releasing the pages in return. BUG: 209931573 cherry picked from commit 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e Change-Id: Ib65f0e29b87d55e13006c7416793a4539d376cc8 Reviewed-by: Lars-Peter Clausen Link: https://lore.kernel.org/r/20201218145625.2045-2-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Denis Hsu --- sound/core/memalloc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c index 0f335162f87c..966bef5acc75 100644 --- a/sound/core/memalloc.c +++ b/sound/core/memalloc.c @@ -133,6 +133,7 @@ int snd_dma_alloc_pages(int type, struct device *device, size_t size, if (WARN_ON(!dmab)) return -ENXIO; + size = PAGE_ALIGN(size); dmab->dev.type = type; dmab->dev.dev = device; dmab->bytes = 0; From d94655c43e7ca47ed5a9aa24432f462ee37cccf2 Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Wed, 15 Dec 2021 12:18:46 -0800 Subject: [PATCH 61/93] ANDROID: Update the ABI xml and symbol list Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function blk_plug_cb* blk_check_plugged(blk_plug_cb_fn, void*, int)' Bug: 208435530 Signed-off-by: Will McVicker Change-Id: I6aaff3a916a986b2ba5ec894e7c67d778d0149bf --- android/abi_gki_aarch64.xml | 332 +++++++++++++++++--------------- android/abi_gki_aarch64_generic | 6 + 2 files changed, 185 insertions(+), 153 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 8c60f8291116..4a9a2e80e72c 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -789,6 +789,7 @@ + @@ -11641,6 +11642,7 @@ + @@ -27481,6 +27483,7 @@ + @@ -101452,6 +101455,17 @@ + + + + + + + + + + + @@ -107902,6 +107916,7 @@ + @@ -112997,6 +113012,11 @@ + + + + + @@ -113901,9 +113921,9 @@ - - - + + + @@ -117795,11 +117815,11 @@ - - - - - + + + + + @@ -118115,6 +118135,12 @@ + + + + + + @@ -122587,105 +122613,105 @@ - - - + + + - - - + + + - - - - - + + + + + - - - + + + - - - - - + + + + + - - - + + + - - - - - + + + + + - - + + - - - + + + - - + + - - - + + + - - - + + + - - - - + + + + - - + + - - + + - - + + - - - - + + + + - - + + - - + + - - - + + + @@ -123109,14 +123135,14 @@ - - - + + + - - - + + + @@ -126144,9 +126170,9 @@ - - - + + + @@ -126720,12 +126746,12 @@ - - - - - - + + + + + + @@ -126801,9 +126827,9 @@ - - - + + + @@ -128200,9 +128226,9 @@ - - - + + + @@ -129050,8 +129076,8 @@ - - + + @@ -129279,8 +129305,8 @@ - - + + @@ -129323,9 +129349,9 @@ - - - + + + @@ -129341,15 +129367,15 @@ - - - + + + - - - - + + + + @@ -129374,9 +129400,9 @@ - - - + + + @@ -134090,16 +134116,16 @@ - - - - + + + + - - - - + + + + @@ -135241,10 +135267,10 @@ - - - - + + + + @@ -140386,9 +140412,9 @@ - - - + + + @@ -140396,9 +140422,9 @@ - - - + + + @@ -140406,8 +140432,8 @@ - - + + @@ -140437,9 +140463,9 @@ - - - + + + @@ -140565,20 +140591,20 @@ - - + + - - + + - - + + - - + + @@ -140896,16 +140922,16 @@ - - + + - - + + - - + + @@ -143090,10 +143116,10 @@ - - - - + + + + @@ -143163,11 +143189,11 @@ - - - - - + + + + + diff --git a/android/abi_gki_aarch64_generic b/android/abi_gki_aarch64_generic index f19b3266a8cf..cc8edfd0d35e 100644 --- a/android/abi_gki_aarch64_generic +++ b/android/abi_gki_aarch64_generic @@ -63,6 +63,7 @@ bitmap_to_arr32 __bitmap_weight blk_alloc_queue + blk_check_plugged blk_cleanup_queue blkdev_get_by_dev blkdev_put @@ -686,6 +687,7 @@ drm_property_create_range drm_property_lookup_blob drm_property_replace_blob + drm_puts __drm_puts_seq_file drm_read drm_rect_clip_scaled @@ -1012,6 +1014,7 @@ __kfifo_in __kfifo_init __kfifo_out + __kfifo_out_peek kfree kfree_sensitive kfree_skb @@ -1032,6 +1035,7 @@ kobject_add kobject_create_and_add kobject_del + kobject_get kobject_init kobject_init_and_add kobject_put @@ -1079,6 +1083,7 @@ ktime_get_real_seconds ktime_get_real_ts64 ktime_get_seconds + ktime_get_snapshot ktime_get_ts64 ktime_get_with_offset kvfree @@ -1590,6 +1595,7 @@ rtc_valid_tm __rt_mutex_init rt_mutex_lock + rt_mutex_trylock rt_mutex_unlock rtnl_is_locked rtnl_lock From 84fc3abca0aef15ad555dc20bd4c28503af1f766 Mon Sep 17 00:00:00 2001 From: Chris Goldsworthy Date: Thu, 9 Dec 2021 14:47:35 -0800 Subject: [PATCH 62/93] ANDROID: dma-contiguous: Add tracehook to allow subpage allocations in dma_alloc_contiguous Add a tracehook to allow callers into dma_alloc_contiguous() to make use of the built-in CMA area if the caller has addressing limitations; this provides a means of allocating from memory whose bounds are restricted to the lower 4 GB of memory, without having to enable DMA32 (assuming the default CMA area has been restricted to the appropriate address ranges). Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable 1 Added variable: [A] 'tracepoint __tracepoint_android_vh_subpage_dma_contig_alloc' Bug: 199917449 Change-Id: Ia86fb416376bca231405b06ab27b0674c8fe3e14 Signed-off-by: Chris Goldsworthy --- android/abi_gki_aarch64.xml | 118 +++++++++++++++++---------------- android/abi_gki_aarch64_qcom | 1 + drivers/android/vendor_hooks.c | 1 + include/trace/hooks/mm.h | 4 ++ kernel/dma/contiguous.c | 10 ++- 5 files changed, 74 insertions(+), 60 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 4a9a2e80e72c..b5f86b200c48 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -5974,6 +5974,7 @@ + @@ -35503,27 +35504,27 @@ - + - + - + - + - + - + - + - + @@ -41420,9 +41421,9 @@ - + - + @@ -64672,7 +64673,7 @@ - + @@ -78408,21 +78409,21 @@ - + - + - + - + - + - + @@ -114167,15 +114168,15 @@ - - - + + + - - - - + + + + @@ -117002,6 +117003,7 @@ + @@ -117493,12 +117495,12 @@ - - - - - - + + + + + + @@ -122714,7 +122716,7 @@ - + @@ -126212,10 +126214,10 @@ - - - - + + + + @@ -126835,12 +126837,12 @@ - - + + - - + + @@ -130947,27 +130949,27 @@ - - + + - - - - - - + + + + + + - - + + - - + + - + @@ -133016,8 +133018,8 @@ - - + + @@ -133048,8 +133050,8 @@ - - + + @@ -137550,8 +137552,8 @@ - - + + diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index e01b646d5bf7..ad6dea578253 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -2699,6 +2699,7 @@ __tracepoint_android_vh_show_max_freq __tracepoint_android_vh_show_resume_epoch_val __tracepoint_android_vh_show_suspend_epoch_val + __tracepoint_android_vh_subpage_dma_contig_alloc __tracepoint_android_vh_timer_calc_index __tracepoint_android_vh_ufs_check_int_errors __tracepoint_android_vh_ufs_clock_scaling diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 3f6157a125c4..d0f5d357a8b7 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -400,3 +400,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_css_offline); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_css_online); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_free); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_alloc); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_subpage_dma_contig_alloc); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 4b299fd6e613..5821f6d74a07 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -126,6 +126,10 @@ DECLARE_HOOK(android_vh_mmap_region, DECLARE_HOOK(android_vh_try_to_unmap_one, TP_PROTO(struct vm_area_struct *vma, struct page *page, unsigned long addr, bool ret), TP_ARGS(vma, page, addr, ret)); +struct device; +DECLARE_HOOK(android_vh_subpage_dma_contig_alloc, + TP_PROTO(bool *allow_subpage_alloc, struct device *dev, size_t *size), + TP_ARGS(allow_subpage_alloc, dev, size)); /* macro versions of hooks are no longer required */ #endif /* _TRACE_HOOK_MM_H */ diff --git a/kernel/dma/contiguous.c b/kernel/dma/contiguous.c index 2e0763463b59..e678bf688f6d 100644 --- a/kernel/dma/contiguous.c +++ b/kernel/dma/contiguous.c @@ -50,6 +50,7 @@ #include #include #include +#include #ifdef CONFIG_CMA_SIZE_MBYTES #define CMA_SIZE_MBYTES CONFIG_CMA_SIZE_MBYTES @@ -309,14 +310,19 @@ struct page *dma_alloc_contiguous(struct device *dev, size_t size, gfp_t gfp) #ifdef CONFIG_DMA_PERNUMA_CMA int nid = dev_to_node(dev); #endif + bool allow_subpage_alloc = false; /* CMA can be used only in the context which permits sleeping */ if (!gfpflags_allow_blocking(gfp)) return NULL; if (dev->cma_area) return cma_alloc_aligned(dev->cma_area, size, gfp); - if (size <= PAGE_SIZE) - return NULL; + + if (size <= PAGE_SIZE) { + trace_android_vh_subpage_dma_contig_alloc(&allow_subpage_alloc, dev, &size); + if (!allow_subpage_alloc) + return NULL; + } #ifdef CONFIG_DMA_PERNUMA_CMA if (nid != NUMA_NO_NODE && !(gfp & (GFP_DMA | GFP_DMA32))) { From a7ab784f601a93a78c1c22cd0aacc2af64d8e3c8 Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Thu, 16 Dec 2021 17:07:54 +0800 Subject: [PATCH 63/93] ANDROID: vendor_hooks: Add hooks for futex We want to use this hook to record the sleeping time due to Futex Bug: 210947226 Signed-off-by: Liujie Xie Change-Id: I637f889dce42937116d10979e0c40fddf96cd1a2 --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/futex.h | 4 ++++ kernel/futex.c | 4 +++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index d0f5d357a8b7..b667f6919da0 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -110,6 +110,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_wake); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_write_finished); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_alter_rwsem_list_add); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_alter_futex_plist_add); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_futex_sleep_start); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mutex_wait_start); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mutex_wait_finish); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rtmutex_wait_start); diff --git a/include/trace/hooks/futex.h b/include/trace/hooks/futex.h index 0692dd68d93c..f8bf394ea013 100644 --- a/include/trace/hooks/futex.h +++ b/include/trace/hooks/futex.h @@ -18,6 +18,10 @@ DECLARE_HOOK(android_vh_alter_futex_plist_add, bool *already_on_hb), TP_ARGS(node, head, already_on_hb)); +DECLARE_HOOK(android_vh_futex_sleep_start, + TP_PROTO(struct task_struct *p), + TP_ARGS(p)); + /* macro versions of hooks are no longer required */ #endif /* _TRACE_HOOK_FUTEX_H */ diff --git a/kernel/futex.c b/kernel/futex.c index 3cd0ae850fde..29bd9cd92468 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2607,8 +2607,10 @@ static void futex_wait_queue_me(struct futex_hash_bucket *hb, struct futex_q *q, * flagged for rescheduling. Only call schedule if there * is no timeout, or if it has yet to expire. */ - if (!timeout || timeout->task) + if (!timeout || timeout->task) { + trace_android_vh_futex_sleep_start(current); freezable_schedule(); + } } __set_current_state(TASK_RUNNING); } From cef0df2218717a5f0b0536e913998bbaa0599db2 Mon Sep 17 00:00:00 2001 From: Woogeun Lee Date: Tue, 21 Dec 2021 17:23:11 +0900 Subject: [PATCH 64/93] ANDROID: ABI: update allowed list for galaxy Leaf changes summary: 2 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 2 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 2 Added functions: [A] 'function void usbnet_cdc_unbind(usbnet*, usb_interface*)' [A] 'function int usbnet_generic_cdc_bind(usbnet*, usb_interface*)' Bug: 211557881 Signed-off-by: Woogeun Lee Change-Id: Ied606874c2135d514a20831d20642de5c105986a --- android/abi_gki_aarch64.xml | 20 ++++++++++++++++---- android/abi_gki_aarch64_galaxy | 2 ++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index b5f86b200c48..4d45d46b190a 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -5320,9 +5320,11 @@ + + @@ -16980,8 +16982,8 @@ - - + + @@ -37790,8 +37792,8 @@ - - + + @@ -141543,6 +141545,11 @@ + + + + + @@ -141557,6 +141564,11 @@ + + + + + diff --git a/android/abi_gki_aarch64_galaxy b/android/abi_gki_aarch64_galaxy index 343a40594e66..f8d07776abc9 100644 --- a/android/abi_gki_aarch64_galaxy +++ b/android/abi_gki_aarch64_galaxy @@ -4317,9 +4317,11 @@ usb_unpoison_urb usb_unregister_notify usb_wakeup_notification + usbnet_cdc_unbind usbnet_change_mtu usbnet_defer_kevent usbnet_disconnect + usbnet_generic_cdc_bind usbnet_get_drvinfo usbnet_get_endpoints usbnet_get_link From 893425f54561abc4fe438c0c68b717983bf5bbaa Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Tue, 21 Dec 2021 16:00:33 +0800 Subject: [PATCH 65/93] ANDROID: GKI: Update symbol list Update the list of symbols exported in the patch below: https://android-review.googlesource.com/c/kernel/common/+/1925906 Leaf changes summary: 2 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable 1 Added function: [A] 'function int __traceiter_android_vh_futex_sleep_start(void*, task_struct*)' 1 Added variable: [A] 'tracepoint __tracepoint_android_vh_futex_sleep_start' Bug: 211555290 Signed-off-by: Liujie Xie Change-Id: I2afdb9239fb4ae2d3015b8ebdb76ec53bb27091c --- android/abi_gki_aarch64.xml | 8 ++++++++ android/abi_gki_aarch64_oplus | 10 ++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 4d45d46b190a..47f9459d49fb 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -425,6 +425,7 @@ + @@ -5884,6 +5885,7 @@ + @@ -115680,6 +115682,11 @@ + + + + + @@ -116913,6 +116920,7 @@ + diff --git a/android/abi_gki_aarch64_oplus b/android/abi_gki_aarch64_oplus index ed7628dfcd28..b00a84bde5dd 100644 --- a/android/abi_gki_aarch64_oplus +++ b/android/abi_gki_aarch64_oplus @@ -2585,11 +2585,11 @@ __traceiter_android_vh_alter_rwsem_list_add __traceiter_android_vh_arch_set_freq_scale __traceiter_android_vh_binder_alloc_new_buf_locked - __traceiter_android_vh_binder_new_ref __traceiter_android_vh_binder_del_ref - __traceiter_android_vh_binder_proc_transaction + __traceiter_android_vh_binder_new_ref __traceiter_android_vh_binder_preset __traceiter_android_vh_binder_priority_skip + __traceiter_android_vh_binder_proc_transaction __traceiter_android_vh_binder_proc_transaction_end __traceiter_android_vh_binder_reply __traceiter_android_vh_binder_restore_priority @@ -2627,6 +2627,7 @@ __traceiter_android_vh_ftrace_oops_enter __traceiter_android_vh_ftrace_oops_exit __traceiter_android_vh_ftrace_size_check + __traceiter_android_vh_futex_sleep_start __traceiter_android_vh_get_from_fragment_pool __traceiter_android_vh_gpio_block_read __traceiter_android_vh_include_reserved_zone @@ -2780,11 +2781,11 @@ __tracepoint_android_vh_alter_rwsem_list_add __tracepoint_android_vh_arch_set_freq_scale __tracepoint_android_vh_binder_alloc_new_buf_locked - __tracepoint_android_vh_binder_new_ref __tracepoint_android_vh_binder_del_ref - __tracepoint_android_vh_binder_proc_transaction + __tracepoint_android_vh_binder_new_ref __tracepoint_android_vh_binder_preset __tracepoint_android_vh_binder_priority_skip + __tracepoint_android_vh_binder_proc_transaction __tracepoint_android_vh_binder_proc_transaction_end __tracepoint_android_vh_binder_reply __tracepoint_android_vh_binder_restore_priority @@ -2822,6 +2823,7 @@ __tracepoint_android_vh_ftrace_oops_enter __tracepoint_android_vh_ftrace_oops_exit __tracepoint_android_vh_ftrace_size_check + __tracepoint_android_vh_futex_sleep_start __tracepoint_android_vh_get_from_fragment_pool __tracepoint_android_vh_gpio_block_read __tracepoint_android_vh_include_reserved_zone From fef7dba3a7034788e30a4cd41dc35f3d213ed611 Mon Sep 17 00:00:00 2001 From: Tatsuhiko Yasumatsu Date: Thu, 30 Sep 2021 22:55:45 +0900 Subject: [PATCH 66/93] UPSTREAM: bpf: Fix integer overflow in prealloc_elems_and_freelist() [ Upstream commit 30e29a9a2bc6a4888335a6ede968b75cd329657a ] In prealloc_elems_and_freelist(), the multiplication to calculate the size passed to bpf_map_area_alloc() could lead to an integer overflow. As a result, out-of-bounds write could occur in pcpu_freelist_populate() as reported by KASAN: [...] [ 16.968613] BUG: KASAN: slab-out-of-bounds in pcpu_freelist_populate+0xd9/0x100 [ 16.969408] Write of size 8 at addr ffff888104fc6ea0 by task crash/78 [ 16.970038] [ 16.970195] CPU: 0 PID: 78 Comm: crash Not tainted 5.15.0-rc2+ #1 [ 16.970878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 16.972026] Call Trace: [ 16.972306] dump_stack_lvl+0x34/0x44 [ 16.972687] print_address_description.constprop.0+0x21/0x140 [ 16.973297] ? pcpu_freelist_populate+0xd9/0x100 [ 16.973777] ? pcpu_freelist_populate+0xd9/0x100 [ 16.974257] kasan_report.cold+0x7f/0x11b [ 16.974681] ? pcpu_freelist_populate+0xd9/0x100 [ 16.975190] pcpu_freelist_populate+0xd9/0x100 [ 16.975669] stack_map_alloc+0x209/0x2a0 [ 16.976106] __sys_bpf+0xd83/0x2ce0 [...] The possibility of this overflow was originally discussed in [0], but was overlooked. Fix the integer overflow by changing elem_size to u64 from u32. [0] https://lore.kernel.org/bpf/728b238e-a481-eb50-98e9-b0f430ab01e7@gmail.com/ Bug: 202511260 Fixes: 557c0c6e7df8 ("bpf: convert stackmap to pre-allocation") Signed-off-by: Tatsuhiko Yasumatsu Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20210930135545.173698-1-th.yasumatsu@gmail.com Signed-off-by: Sasha Levin Signed-off-by: Aaron Ding Change-Id: I45de17135336ce329b539d3e9e95fdcddafb2b00 --- kernel/bpf/stackmap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c index ebf60848d5eb..4477873ac3a0 100644 --- a/kernel/bpf/stackmap.c +++ b/kernel/bpf/stackmap.c @@ -64,7 +64,8 @@ static inline int stack_map_data_size(struct bpf_map *map) static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) { - u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; + u64 elem_size = sizeof(struct stack_map_bucket) + + (u64)smap->map.value_size; int err; smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, From 282a4de8f00fd3b37f69d9e65086937771fdf8aa Mon Sep 17 00:00:00 2001 From: Marcelo Ricardo Leitner Date: Mon, 28 Jun 2021 16:13:43 -0300 Subject: [PATCH 67/93] UPSTREAM: sctp: validate chunk size in __rcv_asconf_lookup commit b6ffe7671b24689c09faa5675dd58f93758a97ae upstream. In one of the fallbacks that SCTP has for identifying an association for an incoming packet, it looks for AddIp chunk (from ASCONF) and take a peek. Thing is, at this stage nothing was validating that the chunk actually had enough content for that, allowing the peek to happen over uninitialized memory. Similar check already exists in actual asconf handling in sctp_verify_asconf(). Bug: 197154735 Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Signed-off-by: Aaron Ding Change-Id: Ibfe53fc724143423353ed6b2984d2508ee4fc457 --- net/sctp/input.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sctp/input.c b/net/sctp/input.c index ddb5b5c2550e..49c49a4d203f 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -1168,6 +1168,9 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( union sctp_addr_param *param; union sctp_addr paddr; + if (ntohs(ch->length) < sizeof(*asconf) + sizeof(struct sctp_paramhdr)) + return NULL; + /* Skip over the ADDIP header and find the Address parameter */ param = (union sctp_addr_param *)(asconf + 1); From 99ad26127317bd194268b6a26a5e1dd65fa7da32 Mon Sep 17 00:00:00 2001 From: Marcelo Ricardo Leitner Date: Mon, 28 Jun 2021 16:13:44 -0300 Subject: [PATCH 68/93] UPSTREAM: sctp: add param size validation for SCTP_PARAM_SET_PRIMARY commit ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9 upstream. When SCTP handles an INIT chunk, it calls for example: sctp_sf_do_5_1B_init sctp_verify_init sctp_verify_param sctp_process_init sctp_process_param handling of SCTP_PARAM_SET_PRIMARY sctp_verify_init() wasn't doing proper size validation and neither the later handling, allowing it to work over the chunk itself, possibly being uninitialized memory. Bug: 197154735 Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Signed-off-by: Aaron Ding Change-Id: I032230924ead7a03dfb3101e9cd4d48e36bfc616 --- net/sctp/sm_make_chunk.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 7411fa442821..fa0d96320baa 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2150,9 +2150,16 @@ static enum sctp_ierror sctp_verify_param(struct net *net, break; case SCTP_PARAM_SET_PRIMARY: - if (ep->asconf_enable) - break; - goto unhandled; + if (!ep->asconf_enable) + goto unhandled; + + if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + + sizeof(struct sctp_paramhdr)) { + sctp_process_inv_paramlength(asoc, param.p, + chunk, err_chunk); + retval = SCTP_IERROR_ABORT; + } + break; case SCTP_PARAM_HOST_NAME_ADDRESS: /* Tell the peer, we won't support this param. */ From 28d62c68d1de2858489eab21cc41973ad8aa295f Mon Sep 17 00:00:00 2001 From: Yunfei Wang Date: Thu, 16 Dec 2021 19:23:02 +0800 Subject: [PATCH 69/93] FROMGIT: iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure In __arm_v7s_alloc_table function: iommu call kmem_cache_alloc to allocate page table, this function allocate memory may fail, when kmem_cache_alloc fails to allocate table, call virt_to_phys will be abnomal and return unexpected phys and goto out_free, then call kmem_cache_free to release table will trigger KE, __get_free_pages and free_pages have similar problem, so add error handle for page table allocation failure. Fixes: 29859aeb8a6e ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE") Signed-off-by: Yunfei Wang Cc: # 5.10.* Acked-by: Robin Murphy Link: https://lore.kernel.org/r/20211207113315.29109-1-yf.wang@mediatek.com Signed-off-by: Will Deacon Bug: 210958369 (cherry picked from commit a556cfe4cabc6d79cbb7733f118bbb420b376fe6 https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git for-joerg/arm-smmu/updates) Signed-off-by: Yunfei Wang Change-Id: I6435903336d1e15b5a57d08c284b3d3d66ea985d --- drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c index 6ed8f98ece57..b07695805c6c 100644 --- a/drivers/iommu/io-pgtable-arm-v7s.c +++ b/drivers/iommu/io-pgtable-arm-v7s.c @@ -246,13 +246,17 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp, __GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size)); else if (lvl == 2) table = kmem_cache_zalloc(data->l2_tables, gfp); + + if (!table) + return NULL; + phys = virt_to_phys(table); if (phys != (arm_v7s_iopte)phys) { /* Doesn't fit in PTE */ dev_err(dev, "Page table does not fit in PTE: %pa", &phys); goto out_free; } - if (table && !cfg->coherent_walk) { + if (!cfg->coherent_walk) { dma = dma_map_single(dev, table, size, DMA_TO_DEVICE); if (dma_mapping_error(dev, dma)) goto out_free; From c41767a8ec8c5a09f997c34e24eb586e7c7d8f9d Mon Sep 17 00:00:00 2001 From: Suman Anna Date: Fri, 3 Dec 2021 14:20:04 +0530 Subject: [PATCH 70/93] UPSTREAM: remoteproc: Add a rproc_set_firmware() API A new API, rproc_set_firmware() is added to allow the remoteproc platform drivers and remoteproc client drivers to be able to configure a custom firmware name that is different from the default name used during remoteproc registration. This function is being introduced to provide a kernel-level equivalent of the current sysfs interface to remoteproc client drivers, and can only change firmwares when the remoteproc is offline. This allows some remoteproc drivers to choose different firmwares at runtime based on the functionality the remote processor is providing. The TI PRU Ethernet driver will be an example of such usage as it requires to use different firmwares for different supported protocols. Also, update the firmware_store() function used by the sysfs interface to reuse this function to avoid code duplication. Bug: 213024513 Change-Id: Ie365179ac296c43c7c5c54b46f9f9f7587d5d263 Reviewed-by: Rishabh Bhatnagar Signed-off-by: Suman Anna Link: https://lore.kernel.org/r/20201121032042.6195-1-s-anna@ti.com Signed-off-by: Bjorn Andersson (cherry picked from commit 4c1ad562d303526b5d9b49f5e0d72da13ef78dec git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master) Signed-off-by: Mukesh Ojha --- drivers/remoteproc/remoteproc_core.c | 63 +++++++++++++++++++++++++++ drivers/remoteproc/remoteproc_sysfs.c | 33 +------------- include/linux/remoteproc.h | 1 + 3 files changed, 66 insertions(+), 31 deletions(-) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index 3cbb67494c44..17e77b0012a8 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1942,6 +1942,69 @@ struct rproc *rproc_get_by_phandle(phandle phandle) #endif EXPORT_SYMBOL(rproc_get_by_phandle); +/** + * rproc_set_firmware() - assign a new firmware + * @rproc: rproc handle to which the new firmware is being assigned + * @fw_name: new firmware name to be assigned + * + * This function allows remoteproc drivers or clients to configure a custom + * firmware name that is different from the default name used during remoteproc + * registration. The function does not trigger a remote processor boot, + * only sets the firmware name used for a subsequent boot. This function + * should also be called only when the remote processor is offline. + * + * This allows either the userspace to configure a different name through + * sysfs or a kernel-level remoteproc or a remoteproc client driver to set + * a specific firmware when it is controlling the boot and shutdown of the + * remote processor. + * + * Return: 0 on success or a negative value upon failure + */ +int rproc_set_firmware(struct rproc *rproc, const char *fw_name) +{ + struct device *dev; + int ret, len; + char *p; + + if (!rproc || !fw_name) + return -EINVAL; + + dev = rproc->dev.parent; + + ret = mutex_lock_interruptible(&rproc->lock); + if (ret) { + dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); + return -EINVAL; + } + + if (rproc->state != RPROC_OFFLINE) { + dev_err(dev, "can't change firmware while running\n"); + ret = -EBUSY; + goto out; + } + + len = strcspn(fw_name, "\n"); + if (!len) { + dev_err(dev, "can't provide empty string for firmware name\n"); + ret = -EINVAL; + goto out; + } + + p = kstrndup(fw_name, len, GFP_KERNEL); + if (!p) { + ret = -ENOMEM; + goto out; + } + + kfree(rproc->firmware); + rproc->firmware = p; + +out: + mutex_unlock(&rproc->lock); + return ret; +} +EXPORT_SYMBOL(rproc_set_firmware); + static int rproc_validate(struct rproc *rproc) { switch (rproc->state) { diff --git a/drivers/remoteproc/remoteproc_sysfs.c b/drivers/remoteproc/remoteproc_sysfs.c index e3dc6ee27e58..60e2be0a4e30 100644 --- a/drivers/remoteproc/remoteproc_sysfs.c +++ b/drivers/remoteproc/remoteproc_sysfs.c @@ -157,38 +157,9 @@ static ssize_t firmware_store(struct device *dev, const char *buf, size_t count) { struct rproc *rproc = to_rproc(dev); - char *p; - int err, len = count; + int err; - err = mutex_lock_interruptible(&rproc->lock); - if (err) { - dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, err); - return -EINVAL; - } - - if (rproc->state != RPROC_OFFLINE) { - dev_err(dev, "can't change firmware while running\n"); - err = -EBUSY; - goto out; - } - - len = strcspn(buf, "\n"); - if (!len) { - dev_err(dev, "can't provide a NULL firmware\n"); - err = -EINVAL; - goto out; - } - - p = kstrndup(buf, len, GFP_KERNEL); - if (!p) { - err = -ENOMEM; - goto out; - } - - kfree(rproc->firmware); - rproc->firmware = p; -out: - mutex_unlock(&rproc->lock); + err = rproc_set_firmware(rproc, buf); return err ? err : count; } diff --git a/include/linux/remoteproc.h b/include/linux/remoteproc.h index 25621ffdb99b..fa1e7f6ec7bc 100644 --- a/include/linux/remoteproc.h +++ b/include/linux/remoteproc.h @@ -657,6 +657,7 @@ rproc_of_resm_mem_entry_init(struct device *dev, u32 of_resm_idx, size_t len, int rproc_boot(struct rproc *rproc); void rproc_shutdown(struct rproc *rproc); +int rproc_set_firmware(struct rproc *rproc, const char *fw_name); void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type); /* from remoteproc_coredump.c */ From 47874cc690dc05182eefd0688cc627ffca746b8f Mon Sep 17 00:00:00 2001 From: Yogesh Lal Date: Tue, 4 Jan 2022 20:44:59 +0530 Subject: [PATCH 71/93] ANDROID: abi_gki_aarch64_qcom: Add rproc_set_firmware rproc_set_firmware() is helpful in changing firmware name. Add it to the symbol list. Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function int rproc_set_firmware(rproc*, const char*)' Bug: 213024513 Change-Id: I509ecc2bb6834c904fb19b006babb16855109f58 Signed-off-by: Mukesh Ojha Signed-off-by: Yogesh Lal --- android/abi_gki_aarch64.xml | 74 +++++++++++++++++++----------------- android/abi_gki_aarch64_qcom | 1 + 2 files changed, 41 insertions(+), 34 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 47f9459d49fb..466b1edbdaea 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -4191,6 +4191,7 @@ + @@ -122413,17 +122414,17 @@ - - - + + + - - - - - - + + + + + + @@ -135619,8 +135620,8 @@ - - + + @@ -135628,17 +135629,17 @@ - - - + + + - - - - - - + + + + + + @@ -135684,8 +135685,8 @@ - - + + @@ -135713,12 +135714,12 @@ - - + + - - + + @@ -135743,20 +135744,25 @@ - - + + - - - + + + - - - + + + + + + + + diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index ad6dea578253..01c5fe8eea68 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -2091,6 +2091,7 @@ rproc_put rproc_remove_subdev rproc_report_crash + rproc_set_firmware rproc_shutdown rtc_ktime_to_tm __rtc_register_device From d4b5ca56b54f5babf61729949e87a00ad06018e7 Mon Sep 17 00:00:00 2001 From: zhiyong tian Date: Mon, 20 Dec 2021 21:13:25 +0800 Subject: [PATCH 72/93] ANDROID: GKI: add lenovo symbol list Leaf changes summary: 7 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 6 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable 6 Added functions: [A] 'function int __traceiter_block_bio_remap(void*, request_queue*, bio*, dev_t, sector_t)' [A] 'function bio* bio_split(bio*, int, gfp_t, bio_set*)' [A] 'function void blk_queue_max_write_same_sectors(request_queue*, unsigned int)' [A] 'function int clk_set_duty_cycle(clk*, unsigned int, unsigned int)' [A] 'function void disk_stack_limits(gendisk*, block_device*, sector_t)' [A] 'function blk_qc_t submit_bio_noacct(bio*)' 1 Added variable: [A] 'tracepoint __tracepoint_block_bio_remap' Bug: 209325946 Signed-off-by: zhiyong tian Change-Id: Ie8ea02148ce780274ab4ca72ec260ffc738db0b4 --- android/abi_gki_aarch64.xml | 44 ++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_lenovo | 10 ++++++++ build.config.gki.aarch64 | 1 + 3 files changed, 55 insertions(+) create mode 100644 android/abi_gki_aarch64_lenovo diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 466b1edbdaea..a7770db55463 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -539,6 +539,7 @@ + @@ -772,6 +773,7 @@ + @@ -860,6 +862,7 @@ + @@ -1044,6 +1047,7 @@ + @@ -1614,6 +1618,7 @@ + @@ -4823,6 +4828,7 @@ + @@ -6018,6 +6024,7 @@ + @@ -116391,6 +116398,14 @@ + + + + + + + + @@ -117053,6 +117068,7 @@ + @@ -118041,6 +118057,13 @@ + + + + + + + @@ -118488,6 +118511,11 @@ + + + + + @@ -119549,6 +119577,12 @@ + + + + + + @@ -122557,6 +122591,12 @@ + + + + + + @@ -139084,6 +139124,10 @@ + + + + diff --git a/android/abi_gki_aarch64_lenovo b/android/abi_gki_aarch64_lenovo new file mode 100644 index 000000000000..0049535a4a1f --- /dev/null +++ b/android/abi_gki_aarch64_lenovo @@ -0,0 +1,10 @@ +[abi_symbol_list] +# required by raid0.ko + __tracepoint_block_bio_remap + disk_stack_limits + blk_queue_max_write_same_sectors + __traceiter_block_bio_remap + submit_bio_noacct + bio_split +# required by lenovo-fan.ko + clk_set_duty_cycle diff --git a/build.config.gki.aarch64 b/build.config.gki.aarch64 index 690b6ec805f4..cd473bc6e7ef 100644 --- a/build.config.gki.aarch64 +++ b/build.config.gki.aarch64 @@ -19,6 +19,7 @@ android/abi_gki_aarch64_galaxy android/abi_gki_aarch64_generic android/abi_gki_aarch64_hikey960 android/abi_gki_aarch64_imx +android/abi_gki_aarch64_lenovo android/abi_gki_aarch64_mtk android/abi_gki_aarch64_oplus android/abi_gki_aarch64_qcom From a481d4352121186bd27ee807953b14006d32efe2 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 15 Dec 2021 11:27:34 -0800 Subject: [PATCH 73/93] ANDROID: fips140: refactor and rename fips140_lab_test fips140_lab_test doesn't really do any tests per se, but rather is a utility program that dumps some output. The actual "test" is when the lab checks the output; we aren't allowed to check it ourselves. We also need to add some new functionality, which would work well as sub-commands. Also, the original idea was that this was just sample code which the lab would modify, but that's not actually happening. Therefore, rename fips140_lab_test to fips140_lab_util, and refactor its functionality into sub-commands 'show_module_version' and 'show_service_indicators'. This fits better with what is needed. Bug: 188620248 Change-Id: I7da84a139283f185f79b8d866547151169f26415 Signed-off-by: Eric Biggers (cherry picked from commit 6ed33b82eaf8352574ba9ac7cff351a678fbe8e6) --- samples/crypto/fips140_lab_test.c | 187 --------------------- samples/crypto/fips140_lab_util.c | 265 ++++++++++++++++++++++++++++++ 2 files changed, 265 insertions(+), 187 deletions(-) delete mode 100644 samples/crypto/fips140_lab_test.c create mode 100644 samples/crypto/fips140_lab_util.c diff --git a/samples/crypto/fips140_lab_test.c b/samples/crypto/fips140_lab_test.c deleted file mode 100644 index dd2324b8f84a..000000000000 --- a/samples/crypto/fips140_lab_test.c +++ /dev/null @@ -1,187 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* - * Copyright 2021 Google LLC - * - * This is a sample program which calls some ioctls on /dev/fips140 and prints - * the results. The purpose of this program is to allow the FIPS certification - * lab to test some services of fips140.ko, which they are required to do. This - * is a sample program only, and it can be modified by the lab as needed. This - * program must be run as root, and it only works if the system has loaded a - * build of fips140.ko with evaluation testing support enabled. - * - * This program can be compiled and run on an Android device as follows: - * - * NDK_DIR=$HOME/android-ndk-r23b # adjust directory path as needed - * $NDK_DIR/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android31-clang \ - * fips140_lab_test.c -O2 -Wall -o fips140_lab_test - * adb push fips140_lab_test /data/local/tmp/ - * adb root - * adb shell /data/local/tmp/fips140_lab_test - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../../crypto/fips140-eval-testing-uapi.h" - -static int fips140_dev_fd = -1; - -#define ARRAY_SIZE(A) (sizeof(A) / sizeof((A)[0])) - -static const char *booltostr(bool b) -{ - return b ? "true" : "false"; -} - -static void __attribute__((noreturn)) -do_die(const char *format, va_list va, int err) -{ - fputs("ERROR: ", stderr); - vfprintf(stderr, format, va); - if (err) - fprintf(stderr, ": %s", strerror(err)); - putc('\n', stderr); - exit(1); -} - -static void __attribute__((noreturn, format(printf, 1, 2))) -die_errno(const char *format, ...) -{ - va_list va; - - va_start(va, format); - do_die(format, va, errno); - va_end(va); -} - -static void __attribute__((noreturn, format(printf, 1, 2))) -die(const char *format, ...) -{ - va_list va; - - va_start(va, format); - do_die(format, va, 0); - va_end(va); -} - -static int get_fips140_device_number(void) -{ - FILE *f; - char line[128]; - int number; - char name[32]; - - f = fopen("/proc/devices", "r"); - if (!f) - die_errno("failed to open /proc/devices"); - while (fgets(line, sizeof(line), f)) { - if (sscanf(line, "%d %31s", &number, name) == 2 && - strcmp(name, "fips140") == 0) - return number; - } - fclose(f); - die("fips140 device node is unavailable.\n" -"The fips140 device node is only available when the fips140 module is loaded\n" -"and has been built with evaluation testing support."); -} - -static void create_fips140_node_if_needed(void) -{ - struct stat stbuf; - int major; - - if (stat("/dev/fips140", &stbuf) == 0) - return; - - major = get_fips140_device_number(); - if (mknod("/dev/fips140", S_IFCHR | 0600, makedev(major, 1)) != 0) - die_errno("failed to create fips140 device node"); -} - -static bool fips140_is_approved_service(const char *name) -{ - int ret = ioctl(fips140_dev_fd, FIPS140_IOCTL_IS_APPROVED_SERVICE, name); - - if (ret < 0) - die_errno("FIPS140_IOCTL_IS_APPROVED_SERVICE unexpectedly failed"); - if (ret == 1) - return true; - if (ret == 0) - return false; - die("FIPS140_IOCTL_IS_APPROVED_SERVICE returned unexpected value %d", - ret); -} - -static const char *fips140_module_version(void) -{ - char buf[256]; - char *str; - int ret = ioctl(fips140_dev_fd, FIPS140_IOCTL_MODULE_VERSION, buf); - - if (ret < 0) - die_errno("FIPS140_IOCTL_MODULE_VERSION unexpectedly failed"); - if (ret != 0) - die("FIPS140_IOCTL_MODULE_VERSION returned unexpected value %d", ret); - str = strdup(buf); - if (!str) - die("out of memory"); - return str; -} - -static const char * const services_to_check[] = { - "aes", - "cbc(aes)", - "cbcmac(aes)", - "cmac(aes)", - "ctr(aes)", - "cts(cbc(aes))", - "ecb(aes)", - "essiv(cbc(aes),sha256)", - "gcm(aes)", - "hmac(sha1)", - "hmac(sha224)", - "hmac(sha256)", - "hmac(sha384)", - "hmac(sha512)", - "jitterentropy_rng", - "sha1", - "sha224", - "sha256", - "sha384", - "sha512", - "stdrng", - "xcbc(aes)", - "xts(aes)", -}; - -int main(void) -{ - size_t i; - - if (getuid() != 0) - die("This program requires root. Run 'adb root' first."); - - create_fips140_node_if_needed(); - - fips140_dev_fd = open("/dev/fips140", O_RDONLY); - if (fips140_dev_fd < 0) - die_errno("failed to open /dev/fips140"); - - printf("fips140_module_version() => \"%s\"\n", fips140_module_version()); - for (i = 0; i < ARRAY_SIZE(services_to_check); i++) { - const char *service = services_to_check[i]; - - printf("fips140_is_approved_service(\"%s\") => %s\n", service, - booltostr(fips140_is_approved_service(service))); - } - return 0; -} diff --git a/samples/crypto/fips140_lab_util.c b/samples/crypto/fips140_lab_util.c new file mode 100644 index 000000000000..5ce2092bac8a --- /dev/null +++ b/samples/crypto/fips140_lab_util.c @@ -0,0 +1,265 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright 2021 Google LLC + * + * This program provides commands that dump certain types of output from the + * fips140 kernel module, as required by the FIPS lab for evaluation purposes. + * + * While the fips140 kernel module can only be accessed directly by other kernel + * code, an easy-to-use userspace utility program was desired for lab testing. + * For this, a custom device node /dev/fips140 is used; this requires that the + * fips140 module is loaded and has evaluation testing support compiled in. + * + * This program can be compiled and run on an Android device as follows: + * + * NDK_DIR=$HOME/android-ndk-r23b # adjust directory path as needed + * $NDK_DIR/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android31-clang \ + * fips140_lab_util.c -O2 -Wall -o fips140_lab_util + * adb push fips140_lab_util /data/local/tmp/ + * adb root + * adb shell /data/local/tmp/fips140_lab_util + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../crypto/fips140-eval-testing-uapi.h" + +/* --------------------------------------------------------------------------- + * Utility functions + * ---------------------------------------------------------------------------*/ + +#define ARRAY_SIZE(A) (sizeof(A) / sizeof((A)[0])) + +static void __attribute__((noreturn)) +do_die(const char *format, va_list va, int err) +{ + fputs("ERROR: ", stderr); + vfprintf(stderr, format, va); + if (err) + fprintf(stderr, ": %s", strerror(err)); + putc('\n', stderr); + exit(1); +} + +static void __attribute__((noreturn, format(printf, 1, 2))) +die_errno(const char *format, ...) +{ + va_list va; + + va_start(va, format); + do_die(format, va, errno); + va_end(va); +} + +static void __attribute__((noreturn, format(printf, 1, 2))) +die(const char *format, ...) +{ + va_list va; + + va_start(va, format); + do_die(format, va, 0); + va_end(va); +} + +static const char *booltostr(bool b) +{ + return b ? "true" : "false"; +} + +static void usage(void); + +/* --------------------------------------------------------------------------- + * /dev/fips140 ioctls + * ---------------------------------------------------------------------------*/ + +static int get_fips140_device_number(void) +{ + FILE *f; + char line[128]; + int number; + char name[32]; + + f = fopen("/proc/devices", "r"); + if (!f) + die_errno("Failed to open /proc/devices"); + while (fgets(line, sizeof(line), f)) { + if (sscanf(line, "%d %31s", &number, name) == 2 && + strcmp(name, "fips140") == 0) + return number; + } + fclose(f); + die("fips140 device node is unavailable.\n" +"The fips140 device node is only available when the fips140 module is loaded\n" +"and has been built with evaluation testing support."); +} + +static void create_fips140_node_if_needed(void) +{ + struct stat stbuf; + int major; + + if (stat("/dev/fips140", &stbuf) == 0) + return; + + major = get_fips140_device_number(); + if (mknod("/dev/fips140", S_IFCHR | 0600, makedev(major, 1)) != 0) + die_errno("Failed to create fips140 device node"); +} + +static int fips140_dev_fd = -1; + +static int fips140_ioctl(int cmd, const void *arg) +{ + if (fips140_dev_fd < 0) { + create_fips140_node_if_needed(); + fips140_dev_fd = open("/dev/fips140", O_RDONLY); + if (fips140_dev_fd < 0) + die_errno("Failed to open /dev/fips140"); + } + return ioctl(fips140_dev_fd, cmd, arg); +} + +static bool fips140_is_approved_service(const char *name) +{ + int ret = fips140_ioctl(FIPS140_IOCTL_IS_APPROVED_SERVICE, name); + + if (ret < 0) + die_errno("FIPS140_IOCTL_IS_APPROVED_SERVICE unexpectedly failed"); + if (ret == 1) + return true; + if (ret == 0) + return false; + die("FIPS140_IOCTL_IS_APPROVED_SERVICE returned unexpected value %d", + ret); +} + +static const char *fips140_module_version(void) +{ + static char buf[256]; + int ret; + + memset(buf, 0, sizeof(buf)); + ret = fips140_ioctl(FIPS140_IOCTL_MODULE_VERSION, buf); + if (ret < 0) + die_errno("FIPS140_IOCTL_MODULE_VERSION unexpectedly failed"); + if (ret != 0) + die("FIPS140_IOCTL_MODULE_VERSION returned unexpected value %d", + ret); + return buf; +} + +/* --------------------------------------------------------------------------- + * show_module_version command + * ---------------------------------------------------------------------------*/ + +static int cmd_show_module_version(int argc, char *argv[]) +{ + printf("fips140_module_version() => \"%s\"\n", + fips140_module_version()); + return 0; +} + +/* --------------------------------------------------------------------------- + * show_service_indicators command + * ---------------------------------------------------------------------------*/ + +static const char * const default_services_to_show[] = { + "aes", + "cbc(aes)", + "cbcmac(aes)", + "cmac(aes)", + "ctr(aes)", + "cts(cbc(aes))", + "ecb(aes)", + "essiv(cbc(aes),sha256)", + "gcm(aes)", + "hmac(sha1)", + "hmac(sha224)", + "hmac(sha256)", + "hmac(sha384)", + "hmac(sha512)", + "jitterentropy_rng", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "stdrng", + "xcbc(aes)", + "xts(aes)", +}; + +static int cmd_show_service_indicators(int argc, char *argv[]) +{ + const char * const *services = default_services_to_show; + int count = ARRAY_SIZE(default_services_to_show); + int i; + + if (argc > 1) { + services = (const char **)(argv + 1); + count = argc - 1; + } + for (i = 0; i < count; i++) { + printf("fips140_is_approved_service(\"%s\") => %s\n", + services[i], + booltostr(fips140_is_approved_service(services[i]))); + } + return 0; +} + +/* --------------------------------------------------------------------------- + * main() + * ---------------------------------------------------------------------------*/ + +static const struct command { + const char *name; + int (*func)(int argc, char *argv[]); +} commands[] = { + { "show_module_version", cmd_show_module_version }, + { "show_service_indicators", cmd_show_service_indicators }, +}; + +static void usage(void) +{ + fprintf(stderr, +"Usage:\n" +" fips140_lab_util show_module_version\n" +" fips140_lab_util show_service_indicators [SERVICE]...\n" + ); +} + +int main(int argc, char *argv[]) +{ + int i; + + if (argc < 2) { + usage(); + return 2; + } + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "--help") == 0) { + usage(); + return 2; + } + } + + for (i = 0; i < ARRAY_SIZE(commands); i++) { + if (strcmp(commands[i].name, argv[1]) == 0) + return commands[i].func(argc - 1, argv + 1); + } + fprintf(stderr, "Unknown command: %s\n\n", argv[1]); + usage(); + return 2; +} From 3a624c9ccdd7aeefe500915a07fdc54a7143a728 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 15 Dec 2021 11:27:34 -0800 Subject: [PATCH 74/93] ANDROID: fips140: add show_invalid_inputs command to fips140_lab_util Add a new fips140_lab_util command 'show_invalid_inputs' which uses AF_ALG to call some crypto algorithms with invalid parameters to show that they fail. This is needed to meet a new requirement we've received from the lab. This requirement is vague, but a representative sample of algorithms and inputs appears to be acceptable. For this to work, AF_ALG needs to be enabled in the kernel. This makes fips140_lab_util start depending on a custom kernel build, not just on a custom fips140 module build as was the case before. However, the lab testing was going to need custom boot images anyway once fips140.ko is included in the normal builds, since the production build of fips140.ko won't have CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y. AF_ALG is also needed to do the Jitter RNG entropy analysis properly, and the AF_ALG-enabled kernel can also be reused for ACVP testing. Bug: 188620248 Change-Id: I69054eab5005fc3ca0ea081760877f73ea229f5b Signed-off-by: Eric Biggers (cherry picked from commit 04e49b41be57bbc668e39a2bb65fa6022a22deba) --- samples/crypto/fips140_lab_util.c | 287 +++++++++++++++++++++++++++++- 1 file changed, 286 insertions(+), 1 deletion(-) diff --git a/samples/crypto/fips140_lab_util.c b/samples/crypto/fips140_lab_util.c index 5ce2092bac8a..996839dbd2e3 100644 --- a/samples/crypto/fips140_lab_util.c +++ b/samples/crypto/fips140_lab_util.c @@ -7,7 +7,9 @@ * * While the fips140 kernel module can only be accessed directly by other kernel * code, an easy-to-use userspace utility program was desired for lab testing. - * For this, a custom device node /dev/fips140 is used; this requires that the + * When possible, this program uses AF_ALG to access the crypto algorithms; this + * requires that the kernel has AF_ALG enabled. Where AF_ALG isn't sufficient, + * a custom device node /dev/fips140 is used instead; this requires that the * fips140 module is loaded and has evaluation testing support compiled in. * * This program can be compiled and run on an Android device as follows: @@ -23,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -30,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -73,11 +77,38 @@ die(const char *format, ...) va_end(va); } +static void __attribute__((noreturn)) +assertion_failed(const char *expr, const char *file, int line) +{ + die("Assertion failed: %s at %s:%d", expr, file, line); +} + +#define ASSERT(e) ({ if (!(e)) assertion_failed(#e, __FILE__, __LINE__); }) + +static void rand_bytes(uint8_t *bytes, size_t count) +{ + size_t i; + + for (i = 0; i < count; i++) + bytes[i] = rand(); +} + static const char *booltostr(bool b) { return b ? "true" : "false"; } +static const char *bytes_to_hex(const uint8_t *bytes, size_t count) +{ + static char hex[1025]; + size_t i; + + ASSERT(count <= 512); + for (i = 0; i < count; i++) + sprintf(&hex[2*i], "%02x", bytes[i]); + return hex; +} + static void usage(void); /* --------------------------------------------------------------------------- @@ -160,6 +191,258 @@ static const char *fips140_module_version(void) return buf; } +/* --------------------------------------------------------------------------- + * AF_ALG utilities + * ---------------------------------------------------------------------------*/ + +#define AF_ALG_MAX_RNG_REQUEST_SIZE 128 + +static int get_alg_fd(const char *alg_type, const char *alg_name) +{ + struct sockaddr_alg addr = {}; + int alg_fd; + + alg_fd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (alg_fd < 0) + die("Failed to create AF_ALG socket.\n" +"AF_ALG is only available when it has been enabled in the kernel.\n"); + + strncpy((char *)addr.salg_type, alg_type, sizeof(addr.salg_type) - 1); + strncpy((char *)addr.salg_name, alg_name, sizeof(addr.salg_name) - 1); + + if (bind(alg_fd, (void *)&addr, sizeof(addr)) != 0) + die_errno("Failed to bind AF_ALG socket to %s %s", + alg_type, alg_name); + return alg_fd; +} + +static int get_req_fd(int alg_fd, const char *alg_name) +{ + int req_fd = accept(alg_fd, NULL, NULL); + + if (req_fd < 0) + die_errno("Failed to get request file descriptor for %s", + alg_name); + return req_fd; +} + +/* --------------------------------------------------------------------------- + * show_invalid_inputs command + * ---------------------------------------------------------------------------*/ + +enum direction { + UNSPECIFIED, + DECRYPT, + ENCRYPT, +}; + +static const struct invalid_input_test { + const char *alg_type; + const char *alg_name; + const char *key; + size_t key_size; + const char *msg; + size_t msg_size; + const char *iv; + size_t iv_size; + enum direction direction; + int setkey_error; + int crypt_error; +} invalid_input_tests[] = { + { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 16, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 17, + .setkey_error = EINVAL, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 24, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 32, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 33, + .setkey_error = EINVAL, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 16, + .msg_size = 1, + .direction = DECRYPT, + .crypt_error = EINVAL, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 16, + .msg_size = 16, + .direction = ENCRYPT, + }, { + .alg_type = "skcipher", + .alg_name = "cbc(aes)", + .key_size = 16, + .msg_size = 17, + .direction = ENCRYPT, + .crypt_error = EINVAL, + }, { + .alg_type = "hash", + .alg_name = "cmac(aes)", + .key_size = 29, + .setkey_error = EINVAL, + }, { + .alg_type = "skcipher", + .alg_name = "xts(aes)", + .key_size = 32, + }, { + .alg_type = "skcipher", + .alg_name = "xts(aes)", + .key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", + .key_size = 32, + .setkey_error = EINVAL, + } +}; + +static const char *describe_crypt_op(const struct invalid_input_test *t) +{ + if (t->direction == ENCRYPT) + return "encryption"; + if (t->direction == DECRYPT) + return "decryption"; + if (strcmp(t->alg_type, "hash") == 0) + return "hashing"; + ASSERT(0); +} + +static bool af_alg_setkey(const struct invalid_input_test *t, int alg_fd) +{ + const uint8_t *key = (const uint8_t *)t->key; + uint8_t _key[t->key_size]; + + if (t->key_size == 0) + return true; + + if (t->key == NULL) { + rand_bytes(_key, t->key_size); + key = _key; + } + if (setsockopt(alg_fd, SOL_ALG, ALG_SET_KEY, key, t->key_size) != 0) { + printf("%s: setting %zu-byte key failed with error '%s'\n", + t->alg_name, t->key_size, strerror(errno)); + printf("\tkey was %s\n\n", bytes_to_hex(key, t->key_size)); + ASSERT(t->setkey_error == errno); + return false; + } + printf("%s: setting %zu-byte key succeeded\n", + t->alg_name, t->key_size); + printf("\tkey was %s\n\n", bytes_to_hex(key, t->key_size)); + ASSERT(t->setkey_error == 0); + return true; +} + +static void af_alg_process_msg(const struct invalid_input_test *t, int alg_fd) +{ + struct iovec iov; + struct msghdr hdr = { + .msg_iov = &iov, + .msg_iovlen = 1, + }; + const uint8_t *msg = (const uint8_t *)t->msg; + uint8_t *_msg = NULL; + uint8_t *output = NULL; + uint8_t *control = NULL; + size_t controllen = 0; + struct cmsghdr *cmsg; + int req_fd; + + if (t->msg_size == 0) + return; + + req_fd = get_req_fd(alg_fd, t->alg_name); + + if (t->msg == NULL) { + _msg = malloc(t->msg_size); + rand_bytes(_msg, t->msg_size); + msg = _msg; + } + output = malloc(t->msg_size); + iov.iov_base = (void *)msg; + iov.iov_len = t->msg_size; + + if (t->direction != UNSPECIFIED) + controllen += CMSG_SPACE(sizeof(uint32_t)); + if (t->iv_size) + controllen += CMSG_SPACE(sizeof(struct af_alg_iv) + t->iv_size); + control = calloc(1, controllen); + hdr.msg_control = control; + hdr.msg_controllen = controllen; + cmsg = CMSG_FIRSTHDR(&hdr); + if (t->direction != UNSPECIFIED) { + cmsg->cmsg_level = SOL_ALG; + cmsg->cmsg_type = ALG_SET_OP; + cmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t)); + *(uint32_t *)CMSG_DATA(cmsg) = t->direction == DECRYPT ? + ALG_OP_DECRYPT : ALG_OP_ENCRYPT; + cmsg = CMSG_NXTHDR(&hdr, cmsg); + } + if (t->iv_size) { + struct af_alg_iv *alg_iv; + + cmsg->cmsg_level = SOL_ALG; + cmsg->cmsg_type = ALG_SET_IV; + cmsg->cmsg_len = CMSG_LEN(sizeof(*alg_iv) + t->iv_size); + alg_iv = (struct af_alg_iv *)CMSG_DATA(cmsg); + alg_iv->ivlen = t->iv_size; + memcpy(alg_iv->iv, t->iv, t->iv_size); + } + + if (sendmsg(req_fd, &hdr, 0) != t->msg_size) + die_errno("sendmsg failed"); + + if (read(req_fd, output, t->msg_size) != t->msg_size) { + printf("%s: %s of %zu-byte message failed with error '%s'\n", + t->alg_name, describe_crypt_op(t), t->msg_size, + strerror(errno)); + printf("\tmessage was %s\n\n", bytes_to_hex(msg, t->msg_size)); + ASSERT(t->crypt_error == errno); + } else { + printf("%s: %s of %zu-byte message succeeded\n", + t->alg_name, describe_crypt_op(t), t->msg_size); + printf("\tmessage was %s\n\n", bytes_to_hex(msg, t->msg_size)); + ASSERT(t->crypt_error == 0); + } + free(_msg); + free(output); + free(control); + close(req_fd); +} + +static void test_invalid_input(const struct invalid_input_test *t) +{ + int alg_fd = get_alg_fd(t->alg_type, t->alg_name); + + if (af_alg_setkey(t, alg_fd)) + af_alg_process_msg(t, alg_fd); + + close(alg_fd); +} + +static int cmd_show_invalid_inputs(int argc, char *argv[]) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(invalid_input_tests); i++) + test_invalid_input(&invalid_input_tests[i]); + return 0; +} + /* --------------------------------------------------------------------------- * show_module_version command * ---------------------------------------------------------------------------*/ @@ -227,6 +510,7 @@ static const struct command { const char *name; int (*func)(int argc, char *argv[]); } commands[] = { + { "show_invalid_inputs", cmd_show_invalid_inputs }, { "show_module_version", cmd_show_module_version }, { "show_service_indicators", cmd_show_service_indicators }, }; @@ -235,6 +519,7 @@ static void usage(void) { fprintf(stderr, "Usage:\n" +" fips140_lab_util show_invalid_inputs\n" " fips140_lab_util show_module_version\n" " fips140_lab_util show_service_indicators [SERVICE]...\n" ); From ac4488815518c236e60c0048833c51a76404b1b6 Mon Sep 17 00:00:00 2001 From: Peter Collingbourne Date: Wed, 5 Jan 2022 10:58:25 -0800 Subject: [PATCH 75/93] Revert "FROMGIT: mm: improve mprotect(R|W) efficiency on pages referenced once" This reverts commit b44e46bb047d136bc8977497b6fc2a9f08740321. Reason for revert: The patch has not yet landed upstream, following feedback from Linus: https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t Bug: 213339151 Signed-off-by: Peter Collingbourne Change-Id: I81c2cef4076487df1dd0ee75449dcb2371ac1dbc --- mm/mprotect.c | 52 ++++++--------------------------------------------- 1 file changed, 6 insertions(+), 46 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index 05073d7abff4..d95115a57283 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -35,51 +35,6 @@ #include "internal.h" -/* Determine whether we can avoid taking write faults for known dirty pages. */ -static bool may_avoid_write_fault(pte_t pte, struct vm_area_struct *vma, - unsigned long cp_flags) -{ - /* - * The dirty accountable bit indicates that we can always make the page - * writable regardless of the number of references. - */ - if (!(cp_flags & MM_CP_DIRTY_ACCT)) { - /* Otherwise, we must have exclusive access to the page. */ - if (!(vma_is_anonymous(vma) && (vma->vm_flags & VM_WRITE))) - return false; - - if (page_count(pte_page(pte)) != 1) - return false; - } - - /* - * Don't do this optimization for clean pages as we need to be notified - * of the transition from clean to dirty. - */ - if (!pte_dirty(pte)) - return false; - - /* Same for softdirty. */ - if (!pte_soft_dirty(pte) && (vma->vm_flags & VM_SOFTDIRTY)) - return false; - - /* - * For userfaultfd the user program needs to monitor write faults so we - * can't do this optimization. - */ - if (pte_uffd_wp(pte)) - return false; - - /* - * It is unclear whether this optimization can be done safely for NUMA - * pages. - */ - if (cp_flags & MM_CP_PROT_NUMA) - return false; - - return true; -} - static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd, unsigned long addr, unsigned long end, pgprot_t newprot, unsigned long cp_flags) @@ -88,6 +43,7 @@ static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd, spinlock_t *ptl; unsigned long pages = 0; int target_node = NUMA_NO_NODE; + bool dirty_accountable = cp_flags & MM_CP_DIRTY_ACCT; bool prot_numa = cp_flags & MM_CP_PROT_NUMA; bool uffd_wp = cp_flags & MM_CP_UFFD_WP; bool uffd_wp_resolve = cp_flags & MM_CP_UFFD_WP_RESOLVE; @@ -175,8 +131,12 @@ static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd, ptent = pte_clear_uffd_wp(ptent); } - if (may_avoid_write_fault(ptent, vma, cp_flags)) + /* Avoid taking write faults for known dirty pages */ + if (dirty_accountable && pte_dirty(ptent) && + (pte_soft_dirty(ptent) || + !(vma->vm_flags & VM_SOFTDIRTY))) { ptent = pte_mkwrite(ptent); + } ptep_modify_prot_commit(vma, addr, pte, oldpte, ptent); pages++; } else if (is_swap_pte(oldpte)) { From 7fc3ac49686bc918c45b765e949f9ed2d5870f5e Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 2 Sep 2021 15:00:29 -0700 Subject: [PATCH 76/93] UPSTREAM: mm: introduce process_mrelease system call In modern systems it's not unusual to have a system component monitoring memory conditions of the system and tasked with keeping system memory pressure under control. One way to accomplish that is to kill non-essential processes to free up memory for more important ones. Examples of this are Facebook's OOM killer daemon called oomd and Android's low memory killer daemon called lmkd. For such system component it's important to be able to free memory quickly and efficiently. Unfortunately the time process takes to free up its memory after receiving a SIGKILL might vary based on the state of the process (uninterruptible sleep), size and OPP level of the core the process is running. A mechanism to free resources of the target process in a more predictable way would improve system's ability to control its memory pressure. Introduce process_mrelease system call that releases memory of a dying process from the context of the caller. This way the memory is freed in a more controllable way with CPU affinity and priority of the caller. The workload of freeing the memory will also be charged to the caller. The operation is allowed only on a dying process. After previous discussions [1, 2, 3] the decision was made [4] to introduce a dedicated system call to cover this use case. The API is as follows, int process_mrelease(int pidfd, unsigned int flags); DESCRIPTION The process_mrelease() system call is used to free the memory of an exiting process. The pidfd selects the process referred to by the PID file descriptor. (See pidfd_open(2) for further information) The flags argument is reserved for future use; currently, this argument must be specified as 0. RETURN VALUE On success, process_mrelease() returns 0. On error, -1 is returned and errno is set to indicate the error. ERRORS EBADF pidfd is not a valid PID file descriptor. EAGAIN Failed to release part of the address space. EINTR The call was interrupted by a signal; see signal(7). EINVAL flags is not 0. EINVAL The memory of the task cannot be released because the process is not exiting, the address space is shared with another live process or there is a core dump in progress. ENOSYS This system call is not supported, for example, without MMU support built into Linux. ESRCH The target process does not exist (i.e., it has terminated and been waited on). [1] https://lore.kernel.org/lkml/20190411014353.113252-3-surenb@google.com/ [2] https://lore.kernel.org/linux-api/20201113173448.1863419-1-surenb@google.com/ [3] https://lore.kernel.org/linux-api/20201124053943.1684874-3-surenb@google.com/ [4] https://lore.kernel.org/linux-api/20201223075712.GA4719@lst.de/ Link: https://lkml.kernel.org/r/20210809185259.405936-1-surenb@google.com Signed-off-by: Suren Baghdasaryan Reviewed-by: Shakeel Butt Acked-by: David Hildenbrand Acked-by: Michal Hocko Acked-by: Christian Brauner Cc: David Rientjes Cc: Matthew Wilcox (Oracle) Cc: Johannes Weiner Cc: Roman Gushchin Cc: Rik van Riel Cc: Minchan Kim Cc: Christoph Hellwig Cc: Oleg Nesterov Cc: Jann Horn Cc: Geert Uytterhoeven Cc: Andy Lutomirski Cc: Christian Brauner Cc: Florian Weimer Cc: Jan Engelhardt Cc: Tim Murray Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (cherry picked from commit 884a7e5964e06ed93c7771c0d7cf19c09a8946f1) Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: I60d37051acaeff1b7eb7d10aeca23dfa1f2469a3 --- mm/oom_kill.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/mm/oom_kill.c b/mm/oom_kill.c index acf064f3fc4e..f1123b934f4c 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -1195,6 +1196,75 @@ void pagefault_out_of_memory(void) mutex_unlock(&oom_lock); } +SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) +{ +#ifdef CONFIG_MMU + struct mm_struct *mm = NULL; + struct task_struct *task; + struct task_struct *p; + unsigned int f_flags; + bool reap = true; + struct pid *pid; + long ret = 0; + + if (flags) + return -EINVAL; + + pid = pidfd_get_pid(pidfd, &f_flags); + if (IS_ERR(pid)) + return PTR_ERR(pid); + + task = get_pid_task(pid, PIDTYPE_TGID); + if (!task) { + ret = -ESRCH; + goto put_pid; + } + + /* + * Make sure to choose a thread which still has a reference to mm + * during the group exit + */ + p = find_lock_task_mm(task); + if (!p) { + ret = -ESRCH; + goto put_task; + } + + mm = p->mm; + mmgrab(mm); + + /* If the work has been done already, just exit with success */ + if (test_bit(MMF_OOM_SKIP, &mm->flags)) + reap = false; + else if (!task_will_free_mem(p)) { + reap = false; + ret = -EINVAL; + } + task_unlock(p); + + if (!reap) + goto drop_mm; + + if (mmap_read_lock_killable(mm)) { + ret = -EINTR; + goto drop_mm; + } + if (!__oom_reap_task_mm(mm)) + ret = -EAGAIN; + mmap_read_unlock(mm); + +drop_mm: + mmdrop(mm); +put_task: + put_task_struct(task); +put_pid: + put_pid(pid); + return ret; +#else + return -ENOSYS; +#endif /* CONFIG_MMU */ +} + void add_to_oom_reaper(struct task_struct *p) { p = find_lock_task_mm(p); From fe50dcab7ae21c88bdde199e04978903b3ebff4d Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 2 Sep 2021 15:00:33 -0700 Subject: [PATCH 77/93] UPSTREAM: mm: wire up syscall process_mrelease Split off from prev patch in the series that implements the syscall. Link: https://lkml.kernel.org/r/20210809185259.405936-2-surenb@google.com Signed-off-by: Suren Baghdasaryan Acked-by: Geert Uytterhoeven Cc: Andy Lutomirski Cc: Christian Brauner Cc: Christoph Hellwig Cc: David Hildenbrand Cc: David Rientjes Cc: Florian Weimer Cc: Jan Engelhardt Cc: Jann Horn Cc: Johannes Weiner Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: Minchan Kim Cc: Oleg Nesterov Cc: Rik van Riel Cc: Roman Gushchin Cc: Shakeel Butt Cc: Tim Murray Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (cherry picked from commit dce49103962840dd61423d7627748d6c558d58c5) Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: I6f02c1ec136a7e102f133ee46a7070a151781345 --- arch/alpha/kernel/syscalls/syscall.tbl | 2 ++ arch/arm/tools/syscall.tbl | 2 ++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 ++ arch/ia64/kernel/syscalls/syscall.tbl | 2 ++ arch/m68k/kernel/syscalls/syscall.tbl | 2 ++ arch/microblaze/kernel/syscalls/syscall.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_n32.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_n64.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_o32.tbl | 2 ++ arch/parisc/kernel/syscalls/syscall.tbl | 2 ++ arch/powerpc/kernel/syscalls/syscall.tbl | 2 ++ arch/s390/kernel/syscalls/syscall.tbl | 2 ++ arch/sh/kernel/syscalls/syscall.tbl | 2 ++ arch/sparc/kernel/syscalls/syscall.tbl | 2 ++ arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 2 ++ include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 4 +++- kernel/sys_ni.c | 1 + 21 files changed, 38 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index ee7b01bb7346..95b996b6c4f1 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -480,3 +480,5 @@ 548 common pidfd_getfd sys_pidfd_getfd 549 common faccessat2 sys_faccessat2 550 common process_madvise sys_process_madvise +# 557 reserved for memfd_secret +558 common process_mrelease sys_process_mrelease diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index d056a548358e..ee8207e943fa 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -454,3 +454,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index b3b2019f8d16..3cb206aea3db 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -38,7 +38,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 441 +#define __NR_compat_syscalls 449 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 107f08e03b9f..7ae50cc6cd1c 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -889,6 +889,8 @@ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd) __SYSCALL(__NR_faccessat2, sys_faccessat2) #define __NR_process_madvise 440 __SYSCALL(__NR_process_madvise, sys_process_madvise) +#define __NR_process_mrelease 448 +__SYSCALL(__NR_process_mrelease, sys_process_mrelease) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index b96ed8b8a508..f2b90e45c9c2 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -361,3 +361,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index 625fb6d32842..a2715bc6d409 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -440,3 +440,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index aae729c95cf9..5b9f1166dfff 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -446,3 +446,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 32817c954435..2ee36d91dbf0 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -379,3 +379,5 @@ 438 n32 pidfd_getfd sys_pidfd_getfd 439 n32 faccessat2 sys_faccessat2 440 n32 process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 n32 process_mrelease sys_process_mrelease diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 9e4ea3c31b1c..d7ee167969e7 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -355,3 +355,5 @@ 438 n64 pidfd_getfd sys_pidfd_getfd 439 n64 faccessat2 sys_faccessat2 440 n64 process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 n64 process_mrelease sys_process_mrelease diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 29f5f28cf5ce..03f0ff8f841c 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -428,3 +428,5 @@ 438 o32 pidfd_getfd sys_pidfd_getfd 439 o32 faccessat2 sys_faccessat2 440 o32 process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 o32 process_mrelease sys_process_mrelease diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index f375ea528e59..084e3ddba434 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -438,3 +438,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index 1275daec7fec..1249444185b7 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -530,3 +530,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 28c168000483..9f0ff9fb01b2 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -443,3 +443,5 @@ 438 common pidfd_getfd sys_pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease sys_process_mrelease diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 783738448ff5..8db35413732c 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -443,3 +443,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 78160260991b..e451795515c8 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -486,3 +486,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 0d0667a9fbd7..5a6c85f13d99 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -445,3 +445,4 @@ 438 i386 pidfd_getfd sys_pidfd_getfd 439 i386 faccessat2 sys_faccessat2 440 i386 process_madvise sys_process_madvise +448 i386 process_mrelease sys_process_mrelease diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 379819244b91..d31c21e3408d 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -362,6 +362,7 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +448 common process_mrelease sys_process_mrelease # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index b070f272995d..4fd1365f6aa2 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -411,3 +411,5 @@ 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 440 common process_madvise sys_process_madvise +# 447 reserved for memfd_secret +448 common process_mrelease sys_process_mrelease diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index aea0ce9f3b74..112ff24ea927 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -905,6 +905,7 @@ asmlinkage long sys_mincore(unsigned long start, size_t len, asmlinkage long sys_madvise(unsigned long start, size_t len, int behavior); asmlinkage long sys_process_madvise(int pidfd, const struct iovec __user *vec, size_t vlen, int behavior, unsigned int flags); +asmlinkage long sys_process_mrelease(int pidfd, unsigned int flags); asmlinkage long sys_remap_file_pages(unsigned long start, unsigned long size, unsigned long prot, unsigned long pgoff, unsigned long flags); diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 2056318988f7..f7b735dabf35 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -859,9 +859,11 @@ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd) __SYSCALL(__NR_faccessat2, sys_faccessat2) #define __NR_process_madvise 440 __SYSCALL(__NR_process_madvise, sys_process_madvise) +#define __NR_process_mrelease 448 +__SYSCALL(__NR_process_mrelease, sys_process_mrelease) #undef __NR_syscalls -#define __NR_syscalls 441 +#define __NR_syscalls 449 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index f27ac94d5fa7..6b8203edf531 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -281,6 +281,7 @@ COND_SYSCALL(munlockall); COND_SYSCALL(mincore); COND_SYSCALL(madvise); COND_SYSCALL(process_madvise); +COND_SYSCALL(process_mrelease); COND_SYSCALL(remap_file_pages); COND_SYSCALL(mbind); COND_SYSCALL_COMPAT(mbind); From fd7af95538ebd4eb7ba5bbf1688f6975558f7a63 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 28 Oct 2021 14:36:14 -0700 Subject: [PATCH 78/93] UPSTREAM: mm/oom_kill.c: prevent a race between process_mrelease and exit_mmap Race between process_mrelease and exit_mmap, where free_pgtables is called while __oom_reap_task_mm is in progress, leads to kernel crash during pte_offset_map_lock call. oom-reaper avoids this race by setting MMF_OOM_VICTIM flag and causing exit_mmap to take and release mmap_write_lock, blocking it until oom-reaper releases mmap_read_lock. Reusing MMF_OOM_VICTIM for process_mrelease would be the simplest way to fix this race, however that would be considered a hack. Fix this race by elevating mm->mm_users and preventing exit_mmap from executing until process_mrelease is finished. Patch slightly refactors the code to adapt for a possible mmget_not_zero failure. This fix has considerable negative impact on process_mrelease performance and will likely need later optimization. Link: https://lkml.kernel.org/r/20211022014658.263508-1-surenb@google.com Fixes: 884a7e5964e0 ("mm: introduce process_mrelease system call") Signed-off-by: Suren Baghdasaryan Acked-by: Michal Hocko Cc: David Rientjes Cc: Matthew Wilcox (Oracle) Cc: Johannes Weiner Cc: Roman Gushchin Cc: Rik van Riel Cc: Minchan Kim Cc: Christian Brauner Cc: Christoph Hellwig Cc: Oleg Nesterov Cc: David Hildenbrand Cc: Jann Horn Cc: Shakeel Butt Cc: Andy Lutomirski Cc: Christian Brauner Cc: Florian Weimer Cc: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (cherry picked from commit 337546e83fc7e50917f44846beee936abb9c9f1f) Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: I7cf9c869faa7b746995a94ea93f6a617104385aa --- mm/oom_kill.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/mm/oom_kill.c b/mm/oom_kill.c index f1123b934f4c..764a3a2aad6b 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -1203,7 +1203,7 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) struct task_struct *task; struct task_struct *p; unsigned int f_flags; - bool reap = true; + bool reap = false; struct pid *pid; long ret = 0; @@ -1230,15 +1230,15 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) goto put_task; } - mm = p->mm; - mmgrab(mm); - - /* If the work has been done already, just exit with success */ - if (test_bit(MMF_OOM_SKIP, &mm->flags)) - reap = false; - else if (!task_will_free_mem(p)) { - reap = false; - ret = -EINVAL; + if (mmget_not_zero(p->mm)) { + mm = p->mm; + if (task_will_free_mem(p)) + reap = true; + else { + /* Error only if the work has not been done already */ + if (!test_bit(MMF_OOM_SKIP, &mm->flags)) + ret = -EINVAL; + } } task_unlock(p); @@ -1254,7 +1254,8 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) mmap_read_unlock(mm); drop_mm: - mmdrop(mm); + if (mm) + mmput(mm); put_task: put_task_struct(task); put_pid: From 2452622293ff5e2505a5d3745c00e6252a4eda04 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Wed, 24 Nov 2021 15:59:05 -0800 Subject: [PATCH 79/93] FROMLIST: mm: protect free_pgtables with mmap_lock write lock in exit_mmap oom-reaper and process_mrelease system call should protect against races with exit_mmap which can destroy page tables while they walk the VMA tree. oom-reaper protects from that race by setting MMF_OOM_VICTIM and by relying on exit_mmap to set MMF_OOM_SKIP before taking and releasing mmap_write_lock. process_mrelease has to elevate mm->mm_users to prevent such race. Both oom-reaper and process_mrelease hold mmap_read_lock when walking the VMA tree. The locking rules and mechanisms could be simpler if exit_mmap takes mmap_write_lock while executing destructive operations such as free_pgtables. Change exit_mmap to hold the mmap_write_lock when calling free_pgtables. Operations like unmap_vmas() and unlock_range() are not destructive and could run under mmap_read_lock but for simplicity we take one mmap_write_lock during almost the entire operation. Note also that because oom-reaper checks VM_LOCKED flag, unlock_range() should not be allowed to race with it. In most cases this lock should be uncontended. Previously, Kirill reported ~4% regression caused by a similar change [1]. We reran the same test and although the individual results are quite noisy, the percentiles show lower regression with 1.6% being the worst case [2]. The change allows oom-reaper and process_mrelease to execute safely under mmap_read_lock without worries that exit_mmap might destroy page tables from under them. [1] https://lore.kernel.org/all/20170725141723.ivukwhddk2voyhuc@node.shutemov.name/ [2] https://lore.kernel.org/all/CAJuCfpGC9-c9P40x7oy=jy5SphMcd0o0G_6U1-+JAziGKG6dGA@mail.gmail.com/ Signed-off-by: Suren Baghdasaryan Link: https://lore.kernel.org/all/20211124235906.14437-1-surenb@google.com/ Bug: 130172058 Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: Ic87272d09a0b68a1b0e968e8f1a1510fd6fc776a --- mm/mmap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 9a4f09216130..d3ecf5917c63 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3297,10 +3297,9 @@ void exit_mmap(struct mm_struct *mm) (void)__oom_reap_task_mm(mm); set_bit(MMF_OOM_SKIP, &mm->flags); - mmap_write_lock(mm); - mmap_write_unlock(mm); } + mmap_write_lock(mm); if (mm->locked_vm) { vma = mm->mmap; while (vma) { @@ -3313,8 +3312,11 @@ void exit_mmap(struct mm_struct *mm) arch_exit_mmap(mm); vma = mm->mmap; - if (!vma) /* Can happen if dup_mmap() received an OOM */ + if (!vma) { + /* Can happen if dup_mmap() received an OOM */ + mmap_write_unlock(mm); return; + } lru_add_drain(); flush_cache_mm(mm); @@ -3325,16 +3327,14 @@ void exit_mmap(struct mm_struct *mm) free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); tlb_finish_mmu(&tlb, 0, -1); - /* - * Walk the list again, actually closing and freeing it, - * with preemption enabled, without holding any MM locks. - */ + /* Walk the list again, actually closing and freeing it. */ while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); vma = remove_vma(vma); cond_resched(); } + mmap_write_unlock(mm); vm_unacct_memory(nr_accounted); } From f4f2c619d5fda58b96c6a9eeb790f56969d64f16 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Fri, 19 Nov 2021 14:51:26 -0800 Subject: [PATCH 80/93] FROMLIST: mm/oom_kill: allow process_mrelease to run under mmap_lock protection With exit_mmap holding mmap_write_lock during free_pgtables call, process_mrelease does not need to elevate mm->mm_users in order to prevent exit_mmap from destrying pagetables while __oom_reap_task_mm is walking the VMA tree. The change prevents process_mrelease from calling the last mmput, which can lead to waiting for IO completion in exit_aio. Fixes: 337546e83fc7 ("mm/oom_kill.c: prevent a race between process_mrelease and exit_mmap") Signed-off-by: Suren Baghdasaryan Link: https://lore.kernel.org/all/20211124235906.14437-2-surenb@google.com/ Bug: 130172058 Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: I1e2728e0c477af9cc20e9e0b715ee67dee760618 --- mm/oom_kill.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 764a3a2aad6b..226940116bd5 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -1230,15 +1230,15 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) goto put_task; } - if (mmget_not_zero(p->mm)) { - mm = p->mm; - if (task_will_free_mem(p)) - reap = true; - else { - /* Error only if the work has not been done already */ - if (!test_bit(MMF_OOM_SKIP, &mm->flags)) - ret = -EINVAL; - } + mm = p->mm; + mmgrab(mm); + + if (task_will_free_mem(p)) + reap = true; + else { + /* Error only if the work has not been done already */ + if (!test_bit(MMF_OOM_SKIP, &mm->flags)) + ret = -EINVAL; } task_unlock(p); @@ -1249,13 +1249,16 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) ret = -EINTR; goto drop_mm; } - if (!__oom_reap_task_mm(mm)) + /* + * Check MMF_OOM_SKIP again under mmap_read_lock protection to ensure + * possible change in exit_mmap is seen + */ + if (!test_bit(MMF_OOM_SKIP, &mm->flags) && !__oom_reap_task_mm(mm)) ret = -EAGAIN; mmap_read_unlock(mm); drop_mm: - if (mm) - mmput(mm); + mmdrop(mm); put_task: put_task_struct(task); put_pid: From e99926fdfa9537d7e5132219332c54538c52de56 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Mon, 15 Nov 2021 15:39:21 -0800 Subject: [PATCH 81/93] ANDROID: mm/oom_kill: allow process_mrelease reclaim memory in parallel with exit_mmap To allow process_mrelease to reap targeted mm in parallel with exit_mmap mark the victim with MMF_OOM_VICTIM flag. Bug: 189803002 Signed-off-by: Suren Baghdasaryan Change-Id: I89cf5f8fbeeb18b93a340b9ebe7f200837ebe846 --- mm/oom_kill.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 226940116bd5..69d583ea1a1b 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -1233,6 +1233,12 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags) mm = p->mm; mmgrab(mm); + /* + * If we are too late and exit_mmap already checked mm_is_oom_victim + * then will block on mmap_read_lock until exit_mmap releases mmap_lock + */ + set_bit(MMF_OOM_VICTIM, &mm->flags); + if (task_will_free_mem(p)) reap = true; else { From 05c23b7a503851e3be7e68453899e0ed922016f7 Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Wed, 29 Dec 2021 10:16:50 +0800 Subject: [PATCH 82/93] ANDROID: vendor_hooks: Add hooks for binder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We want to add some hooks in the binder module so that we can reduce block time until binder thread is available Here are what new hooks do for: 1、android_vh_binder_looper_state_registered: choose a binder thread(do proc work) as a low-level thread.Only this thread has power to excute background binder transaction. 2、android_vh_binder_thread_read: let binder thread do works which come from our list. 3、android_vh_binder_free_proc: free some pointers and variable. 4、android_vh_binder_thread_release: free the list that we create before. 5、android_vh_binder_has_work_ilocked: to check if our list has work. 6、android_vh_binder_read_done: because of we add hook in binder_has_work_ilocked, binder_has_work_ilocked may return true, so we try to wake up low-level thread immediately. Bug: 212483521 Change-Id: Ic40f452cc4dcf8fc85422e23e6f1a7ad77547309 Signed-off-by: Liujie Xie --- drivers/android/binder.c | 10 ++++++++++ drivers/android/vendor_hooks.c | 6 ++++++ include/trace/hooks/binder.h | 20 +++++++++++++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 78f8cf0d6626..dcbcadadaa4d 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -491,6 +491,11 @@ static void binder_inc_node_tmpref_ilocked(struct binder_node *node); static bool binder_has_work_ilocked(struct binder_thread *thread, bool do_proc_work) { + int ret = 0; + + trace_android_vh_binder_has_work_ilocked(thread, do_proc_work, &ret); + if (ret) + return true; return thread->process_todo || thread->looper_need_return || (do_proc_work && @@ -3620,6 +3625,7 @@ static int binder_thread_write(struct binder_proc *proc, } thread->looper |= BINDER_LOOPER_STATE_REGISTERED; binder_inner_proc_unlock(proc); + trace_android_vh_binder_looper_state_registered(thread, proc); break; case BC_ENTER_LOOPER: binder_debug(BINDER_DEBUG_THREADS, @@ -4044,6 +4050,7 @@ retry: binder_inner_proc_unlock(proc); break; } + trace_android_vh_binder_thread_read(&list, proc, thread); w = binder_dequeue_work_head_ilocked(list); if (binder_worklist_empty_ilocked(&thread->todo)) thread->process_todo = false; @@ -4510,6 +4517,7 @@ static void binder_free_proc(struct binder_proc *proc) put_task_struct(proc->tsk); put_cred(eproc->cred); binder_stats_deleted(BINDER_STAT_PROC); + trace_android_vh_binder_free_proc(proc); kfree(eproc); } @@ -4608,6 +4616,7 @@ static int binder_thread_release(struct binder_proc *proc, if (send_reply) binder_send_failed_reply(send_reply, BR_DEAD_REPLY); binder_release_work(proc, &thread->todo); + trace_android_vh_binder_thread_release(proc, thread); binder_thread_dec_tmpref(thread); return active_transactions; } @@ -4684,6 +4693,7 @@ static int binder_ioctl_write_read(struct file *filp, if (!binder_worklist_empty_ilocked(&proc->todo)) binder_wakeup_proc_ilocked(proc); binder_inner_proc_unlock(proc); + trace_android_vh_binder_read_done(proc, thread); if (ret < 0) { if (copy_to_user(ubuf, &bwr, sizeof(bwr))) ret = -EFAULT; diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index b667f6919da0..f1e530388bd0 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -402,3 +402,9 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_css_online); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_free); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_alloc); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_subpage_dma_contig_alloc); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_looper_state_registered); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_thread_read); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_free_proc); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_thread_release); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_has_work_ilocked); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_read_done); diff --git a/include/trace/hooks/binder.h b/include/trace/hooks/binder.h index 16dd0a2a6514..42d974f76573 100644 --- a/include/trace/hooks/binder.h +++ b/include/trace/hooks/binder.h @@ -79,7 +79,25 @@ DECLARE_HOOK(android_vh_binder_print_transaction_info, TP_PROTO(struct seq_file *m, struct binder_proc *proc, const char *prefix, struct binder_transaction *t), TP_ARGS(m, proc, prefix, t)); - +DECLARE_HOOK(android_vh_binder_looper_state_registered, + TP_PROTO(struct binder_thread *thread, struct binder_proc *proc), + TP_ARGS(thread, proc)); +DECLARE_HOOK(android_vh_binder_thread_read, + TP_PROTO(struct list_head **list, struct binder_proc *proc, + struct binder_thread *thread), + TP_ARGS(list, proc, thread)); +DECLARE_HOOK(android_vh_binder_free_proc, + TP_PROTO(struct binder_proc *proc), + TP_ARGS(proc)); +DECLARE_HOOK(android_vh_binder_thread_release, + TP_PROTO(struct binder_proc *proc, struct binder_thread *thread), + TP_ARGS(proc, thread)); +DECLARE_HOOK(android_vh_binder_read_done, + TP_PROTO(struct binder_proc *proc, struct binder_thread *thread), + TP_ARGS(proc, thread)); +DECLARE_HOOK(android_vh_binder_has_work_ilocked, + TP_PROTO(struct binder_thread *thread, bool do_proc_work, int *ret), + TP_ARGS(thread, do_proc_work, ret)); /* macro versions of hooks are no longer required */ #endif /* _TRACE_HOOK_BINDER_H */ From eb171b4cbe4eef26164732f6775a41a54308197c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 8 Jan 2022 14:27:51 +0100 Subject: [PATCH 83/93] FROMLIST: export: fix string handling of namespace in EXPORT_SYMBOL_NS Commit c3a6cf19e695 ("export: avoid code duplication in include/linux/export.h") broke the ability for a defined string to be used as a namespace value. Fix this up by adding another layer of indirection to preserve the previous functionality. Fixes: c3a6cf19e695 ("export: avoid code duplication in include/linux/export.h") Cc: Miroslav Benes Cc: Emil Velikov Cc: Jessica Yu Cc: Quentin Perret Cc: Masahiro Yamada Cc: Matthias Maennich Signed-off-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20220108140415.3360088-1-gregkh@linuxfoundation.org Bug: 210074446 Signed-off-by: Greg Kroah-Hartman Change-Id: Ie43aa24f64b55cd1d70161c906b0ef32610430aa --- include/linux/export.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/linux/export.h b/include/linux/export.h index 888980992415..3b25f680180f 100644 --- a/include/linux/export.h +++ b/include/linux/export.h @@ -190,8 +190,10 @@ struct kernel_symbol { #define EXPORT_SYMBOL(sym) _EXPORT_SYMBOL(sym, "") #define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl") #define EXPORT_SYMBOL_GPL_FUTURE(sym) _EXPORT_SYMBOL(sym, "_gpl_future") -#define EXPORT_SYMBOL_NS(sym, ns) __EXPORT_SYMBOL(sym, "", #ns) -#define EXPORT_SYMBOL_NS_GPL(sym, ns) __EXPORT_SYMBOL(sym, "_gpl", #ns) +#define _EXPORT_SYMBOL_NS(sym, ns) __EXPORT_SYMBOL(sym, "", #ns) +#define _EXPORT_SYMBOL_NS_GPL(sym, ns) __EXPORT_SYMBOL(sym, "_gpl", #ns) +#define EXPORT_SYMBOL_NS(sym, ns) _EXPORT_SYMBOL_NS(sym, ns) +#define EXPORT_SYMBOL_NS_GPL(sym, ns) _EXPORT_SYMBOL_NS_GPL(sym, ns) #ifdef CONFIG_UNUSED_SYMBOLS #define EXPORT_UNUSED_SYMBOL(sym) _EXPORT_SYMBOL(sym, "_unused") From a593acdae897383e2577c3c8e62707f9be82cb8f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 8 Jan 2022 14:42:15 +0100 Subject: [PATCH 84/93] FROMLIST: module.h: allow #define strings to work with MODULE_IMPORT_NS The MODULE_IMPORT_NS() macro does not allow defined strings to work properly with it, so add a layer of indirection to allow this to happen. Cc: Luis Chamberlain Cc: Jessica Yu Cc: Matthias Maennich Signed-off-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20220108140657.3361237-1-gregkh@linuxfoundation.org Bug: 210074446 Signed-off-by: Greg Kroah-Hartman Change-Id: Ibd64ba139912ea10e81ac22490831129b23a31e1 --- include/linux/module.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/module.h b/include/linux/module.h index 4fa2f7de56e6..c5c3ce08f646 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -293,7 +293,8 @@ extern typeof(name) __mod_##type##__##name##_device_table \ * files require multiple MODULE_FIRMWARE() specifiers */ #define MODULE_FIRMWARE(_firmware) MODULE_INFO(firmware, _firmware) -#define MODULE_IMPORT_NS(ns) MODULE_INFO(import_ns, #ns) +#define _MODULE_IMPORT_NS(ns) MODULE_INFO(import_ns, #ns) +#define MODULE_IMPORT_NS(ns) _MODULE_IMPORT_NS(ns) struct notifier_block; From f70ea63f3be134227b694fbf1dc4c09de3362662 Mon Sep 17 00:00:00 2001 From: Liujie Xie Date: Mon, 10 Jan 2022 01:59:07 +0800 Subject: [PATCH 85/93] ANDROID: GKI: Update symbols to symbol list Update symbols to symbol list externed by oem modules. Leaf changes summary: 12 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 6 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 6 Added variables 6 Added functions: [A] 'function int __traceiter_android_vh_binder_free_proc(void*, binder_proc*)' [A] 'function int __traceiter_android_vh_binder_has_work_ilocked(void*, binder_thread*, bool, int*)' [A] 'function int __traceiter_android_vh_binder_looper_state_registered(void*, binder_thread*, binder_proc*)' [A] 'function int __traceiter_android_vh_binder_read_done(void*, binder_proc*, binder_thread*)' [A] 'function int __traceiter_android_vh_binder_thread_read(void*, list_head**, binder_proc*, binder_thread*)' [A] 'function int __traceiter_android_vh_binder_thread_release(void*, binder_proc*, binder_thread*)' 6 Added variables: [A] 'tracepoint __tracepoint_android_vh_binder_free_proc' [A] 'tracepoint __tracepoint_android_vh_binder_has_work_ilocked' [A] 'tracepoint __tracepoint_android_vh_binder_looper_state_registered' [A] 'tracepoint __tracepoint_android_vh_binder_read_done' [A] 'tracepoint __tracepoint_android_vh_binder_thread_read' [A] 'tracepoint __tracepoint_android_vh_binder_thread_release' Bug: 193384408 Change-Id: Ic2ad0d3bd86eaa1ebb37b478ad4b8806fa0f63f4 Signed-off-by: Liujie Xie --- android/abi_gki_aarch64.xml | 64 ++++++++++++++++++++++++++++++++--- android/abi_gki_aarch64_oplus | 12 +++++++ 2 files changed, 72 insertions(+), 4 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index a7770db55463..bcd027c68344 100644 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -365,15 +365,21 @@ + + + + + + @@ -5831,15 +5837,21 @@ + + + + + + @@ -98349,6 +98361,7 @@ + @@ -115298,6 +115311,24 @@ + + + + + + + + + + + + + + + + + + @@ -115345,6 +115376,12 @@ + + + + + + @@ -115365,6 +115402,19 @@ + + + + + + + + + + + + + @@ -116875,15 +116925,21 @@ + + + + + + @@ -134854,8 +134910,8 @@ - - + + @@ -140786,8 +140842,8 @@ - - + + diff --git a/android/abi_gki_aarch64_oplus b/android/abi_gki_aarch64_oplus index b00a84bde5dd..88af68ba6ccf 100644 --- a/android/abi_gki_aarch64_oplus +++ b/android/abi_gki_aarch64_oplus @@ -2586,16 +2586,22 @@ __traceiter_android_vh_arch_set_freq_scale __traceiter_android_vh_binder_alloc_new_buf_locked __traceiter_android_vh_binder_del_ref + __traceiter_android_vh_binder_free_proc + __traceiter_android_vh_binder_has_work_ilocked + __traceiter_android_vh_binder_looper_state_registered __traceiter_android_vh_binder_new_ref __traceiter_android_vh_binder_preset __traceiter_android_vh_binder_priority_skip __traceiter_android_vh_binder_proc_transaction __traceiter_android_vh_binder_proc_transaction_end + __traceiter_android_vh_binder_read_done __traceiter_android_vh_binder_reply __traceiter_android_vh_binder_restore_priority __traceiter_android_vh_binder_set_priority __traceiter_android_vh_binder_trans __traceiter_android_vh_binder_transaction_init + __traceiter_android_vh_binder_thread_read + __traceiter_android_vh_binder_thread_release __traceiter_android_vh_binder_wait_for_work __traceiter_android_vh_binder_wakeup_ilocked __traceiter_android_vh_build_sched_domains @@ -2782,14 +2788,20 @@ __tracepoint_android_vh_arch_set_freq_scale __tracepoint_android_vh_binder_alloc_new_buf_locked __tracepoint_android_vh_binder_del_ref + __tracepoint_android_vh_binder_free_proc + __tracepoint_android_vh_binder_has_work_ilocked + __tracepoint_android_vh_binder_looper_state_registered __tracepoint_android_vh_binder_new_ref __tracepoint_android_vh_binder_preset __tracepoint_android_vh_binder_priority_skip __tracepoint_android_vh_binder_proc_transaction __tracepoint_android_vh_binder_proc_transaction_end + __tracepoint_android_vh_binder_read_done __tracepoint_android_vh_binder_reply __tracepoint_android_vh_binder_restore_priority __tracepoint_android_vh_binder_set_priority + __tracepoint_android_vh_binder_thread_read + __tracepoint_android_vh_binder_thread_release __tracepoint_android_vh_binder_trans __tracepoint_android_vh_binder_transaction_init __tracepoint_android_vh_binder_wait_for_work From 27fc5a7c6972bd73ac0cc0cf811ec2ecb989014f Mon Sep 17 00:00:00 2001 From: Willem de Bruijn Date: Wed, 15 Dec 2021 09:39:37 -0500 Subject: [PATCH 86/93] UPSTREAM: net/packet: rx_owner_map depends on pg_vec [ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ] Packet sockets may switch ring versions. Avoid misinterpreting state between versions, whose fields share a union. rx_owner_map is only allocated with a packet ring (pg_vec) and both are swapped together. If pg_vec is NULL, meaning no packet ring was allocated, then neither was rx_owner_map. And the field may be old state from a tpacket_v3. Bug: 213464034 Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition") Reported-by: Syzbot Signed-off-by: Willem de Bruijn Reviewed-by: Eric Dumazet Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Signed-off-by: Aaron Ding Change-Id: Ifd09717336bafe2a3e20389f7f7eb7b95d19e8cd --- net/packet/af_packet.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 08144559eed5..f78097aa403a 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -4461,9 +4461,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, } out_free_pg_vec: - bitmap_free(rx_owner_map); - if (pg_vec) + if (pg_vec) { + bitmap_free(rx_owner_map); free_pg_vec(pg_vec, order, req->tp_block_nr); + } out: return err; } From d483eed85ffb9879b103cd8d6b3fae367fa6193e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 2 Jul 2020 12:51:03 +0200 Subject: [PATCH 87/93] ANDROID: GKI: set vfs-only exports into their own namespace We have namespaces, so use them for all vfs-exported namespaces so that filesystems can use them, but not anything else. Some in-kernel drivers that do direct filesystem accesses (because they serve up files) are also allowed access to these symbols to keep 'make allmodconfig' builds working properly, but it is not needed for Android kernel images. Bug: 157965270 Bug: 210074446 Cc: Matthias Maennich Signed-off-by: Greg Kroah-Hartman Change-Id: Iaf6140baf3a18a516ab2d5c3966235c42f3f70de --- drivers/mtd/nand/raw/nandsim.c | 1 + drivers/mtd/ubi/build.c | 1 + drivers/nvme/target/core.c | 1 + drivers/target/target_core_configfs.c | 1 + drivers/target/target_core_file.c | 1 + drivers/usb/gadget/function/f_mass_storage.c | 1 + drivers/usb/gadget/function/f_uac1_legacy.c | 1 + drivers/usb/gadget/function/storage_common.c | 1 + fs/9p/v9fs.c | 1 + fs/Makefile | 2 ++ fs/adfs/super.c | 1 + fs/affs/super.c | 1 + fs/afs/main.c | 1 + fs/attr.c | 6 ++-- fs/autofs/init.c | 1 + fs/bad_inode.c | 4 +-- fs/befs/linuxvfs.c | 1 + fs/bfs/inode.c | 1 + fs/binfmt_misc.c | 1 + fs/block_dev.c | 4 +-- fs/btrfs/super.c | 1 + fs/buffer.c | 34 +++++++++--------- fs/cachefiles/main.c | 1 + fs/ceph/super.c | 1 + fs/cifs/cifsfs.c | 1 + fs/coda/psdev.c | 1 + fs/cramfs/inode.c | 1 + fs/dcache.c | 6 ++-- fs/direct-io.c | 2 +- fs/ecryptfs/main.c | 1 + fs/efivarfs/super.c | 1 + fs/efs/inode.c | 1 + fs/erofs/super.c | 1 + fs/exfat/super.c | 1 + fs/ext2/super.c | 1 + fs/ext4/super.c | 1 + fs/f2fs/super.c | 1 + fs/fat/inode.c | 1 + fs/fat/namei_msdos.c | 1 + fs/fat/namei_vfat.c | 1 + fs/freevxfs/vxfs_super.c | 1 + fs/fs-writeback.c | 8 ++--- fs/fuse/inode.c | 1 + fs/gfs2/main.c | 1 + fs/hfs/super.c | 1 + fs/hfsplus/super.c | 1 + fs/hpfs/super.c | 1 + fs/incfs/main.c | 1 + fs/inode.c | 36 ++++++++++---------- fs/ioctl.c | 4 +-- fs/isofs/inode.c | 1 + fs/jbd2/journal.c | 1 + fs/jffs2/super.c | 1 + fs/jfs/super.c | 1 + fs/libfs.c | 2 +- fs/minix/inode.c | 1 + fs/mpage.c | 4 +-- fs/namei.c | 14 ++++---- fs/namespace.c | 4 +-- fs/nfs/inode.c | 1 + fs/nfs/nfs4super.c | 1 + fs/nfsd/nfsctl.c | 1 + fs/nilfs2/super.c | 1 + fs/nls/nls_base.c | 6 ++-- fs/nls/nls_euc-jp.c | 1 + fs/nls/nls_koi8-ru.c | 1 + fs/ntfs/super.c | 1 + fs/ocfs2/dlmfs/dlmfs.c | 1 + fs/ocfs2/super.c | 1 + fs/omfs/inode.c | 1 + fs/open.c | 4 +-- fs/orangefs/orangefs-mod.c | 1 + fs/overlayfs/super.c | 1 + fs/qnx4/inode.c | 1 + fs/qnx6/inode.c | 1 + fs/read_write.c | 4 +-- fs/reiserfs/super.c | 1 + fs/romfs/super.c | 1 + fs/splice.c | 4 +-- fs/squashfs/super.c | 1 + fs/stat.c | 2 +- fs/super.c | 4 +-- fs/sync.c | 2 +- fs/sysv/super.c | 1 + fs/ubifs/super.c | 1 + fs/udf/super.c | 1 + fs/ufs/super.c | 1 + fs/vboxsf/super.c | 1 + fs/xattr.c | 6 ++-- fs/xfs/xfs_super.c | 1 + fs/zonefs/super.c | 1 + lib/test_lockup.c | 1 + net/9p/mod.c | 1 + net/bpfilter/bpfilter_kern.c | 1 + net/sunrpc/sunrpc_syms.c | 1 + net/unix/af_unix.c | 1 + 96 files changed, 156 insertions(+), 80 deletions(-) diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c index 9a9f1c24d832..9e7cf9f36057 100644 --- a/drivers/mtd/nand/raw/nandsim.c +++ b/drivers/mtd/nand/raw/nandsim.c @@ -2453,5 +2453,6 @@ static void __exit ns_cleanup_module(void) module_exit(ns_cleanup_module); MODULE_LICENSE ("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_AUTHOR ("Artem B. Bityuckiy"); MODULE_DESCRIPTION ("The NAND flash simulator"); diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index e85b04e9716b..0597478129ff 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -1476,3 +1476,4 @@ MODULE_VERSION(__stringify(UBI_VERSION)); MODULE_DESCRIPTION("UBI - Unsorted Block Images"); MODULE_AUTHOR("Artem Bityutskiy"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c index 9a8fa2e582d5..f0f9d9007d49 100644 --- a/drivers/nvme/target/core.c +++ b/drivers/nvme/target/core.c @@ -1602,3 +1602,4 @@ module_init(nvmet_init); module_exit(nvmet_exit); MODULE_LICENSE("GPL v2"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index f04352285155..4d07d3f5fe29 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3644,6 +3644,7 @@ static void __exit target_core_exit_configfs(void) MODULE_DESCRIPTION("Target_Core_Mod/ConfigFS"); MODULE_AUTHOR("nab@Linux-iSCSI.org"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); module_init(target_core_init_configfs); module_exit(target_core_exit_configfs); diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c index 7143d03f0e02..cfa1bbef32e2 100644 --- a/drivers/target/target_core_file.c +++ b/drivers/target/target_core_file.c @@ -956,6 +956,7 @@ static void __exit fileio_module_exit(void) MODULE_DESCRIPTION("TCM FILEIO subsystem plugin"); MODULE_AUTHOR("nab@Linux-iSCSI.org"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); module_init(fileio_module_init); module_exit(fileio_module_exit); diff --git a/drivers/usb/gadget/function/f_mass_storage.c b/drivers/usb/gadget/function/f_mass_storage.c index 73a28f8a38a7..03db2d6b2dba 100644 --- a/drivers/usb/gadget/function/f_mass_storage.c +++ b/drivers/usb/gadget/function/f_mass_storage.c @@ -3446,6 +3446,7 @@ static struct usb_function *fsg_alloc(struct usb_function_instance *fi) DECLARE_USB_FUNCTION_INIT(mass_storage, fsg_alloc_inst, fsg_alloc); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_AUTHOR("Michal Nazarewicz"); /************************* Module parameters *************************/ diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c index e2d7f69128a0..8ffd477e79e1 100644 --- a/drivers/usb/gadget/function/f_uac1_legacy.c +++ b/drivers/usb/gadget/function/f_uac1_legacy.c @@ -1015,4 +1015,5 @@ static struct usb_function *f_audio_alloc(struct usb_function_instance *fi) DECLARE_USB_FUNCTION_INIT(uac1_legacy, f_audio_alloc_inst, f_audio_alloc); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_AUTHOR("Bryan Wu"); diff --git a/drivers/usb/gadget/function/storage_common.c b/drivers/usb/gadget/function/storage_common.c index f7e6c42558eb..2451e45ada6e 100644 --- a/drivers/usb/gadget/function/storage_common.c +++ b/drivers/usb/gadget/function/storage_common.c @@ -520,3 +520,4 @@ ssize_t fsg_store_inquiry_string(struct fsg_lun *curlun, const char *buf, EXPORT_SYMBOL_GPL(fsg_store_inquiry_string); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c index 39def020a074..6e3e65deb0b9 100644 --- a/fs/9p/v9fs.c +++ b/fs/9p/v9fs.c @@ -738,3 +738,4 @@ MODULE_AUTHOR("Latchesar Ionkov "); MODULE_AUTHOR("Eric Van Hensbergen "); MODULE_AUTHOR("Ron Minnich "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/Makefile b/fs/Makefile index 5dca3480ee83..359c63fefa1b 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -6,6 +6,8 @@ # Rewritten to use lists instead of if-statements. # +subdir-ccflags-y += -DANDROID_GKI_VFS_EXPORT_ONLY=VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver + obj-y := open.o read_write.o file_table.o super.o \ char_dev.o stat.o exec.o pipe.o namei.o fcntl.o \ ioctl.o readdir.o select.o dcache.o inode.o \ diff --git a/fs/adfs/super.c b/fs/adfs/super.c index bdbd26e571ed..57044e537290 100644 --- a/fs/adfs/super.c +++ b/fs/adfs/super.c @@ -492,3 +492,4 @@ static void __exit exit_adfs_fs(void) module_init(init_adfs_fs) module_exit(exit_adfs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/affs/super.c b/fs/affs/super.c index c6c2a513ec92..2d2797ef7cfa 100644 --- a/fs/affs/super.c +++ b/fs/affs/super.c @@ -676,6 +676,7 @@ static void __exit exit_affs_fs(void) MODULE_DESCRIPTION("Amiga filesystem support for Linux"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_affs_fs) module_exit(exit_affs_fs) diff --git a/fs/afs/main.c b/fs/afs/main.c index 179004b15566..c6bd95645499 100644 --- a/fs/afs/main.c +++ b/fs/afs/main.c @@ -18,6 +18,7 @@ MODULE_DESCRIPTION("AFS Client File System"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); unsigned afs_debug; module_param_named(debug, afs_debug, uint, S_IWUSR | S_IRUGO); diff --git a/fs/attr.c b/fs/attr.c index b4bbdbd4c8ca..d8c1f796d0e9 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -114,7 +114,7 @@ kill_priv: return 0; } -EXPORT_SYMBOL(setattr_prepare); +EXPORT_SYMBOL_NS(setattr_prepare, ANDROID_GKI_VFS_EXPORT_ONLY); /** * inode_newsize_ok - may this inode be truncated to a given size @@ -158,7 +158,7 @@ out_sig: out_big: return -EFBIG; } -EXPORT_SYMBOL(inode_newsize_ok); +EXPORT_SYMBOL_NS(inode_newsize_ok, ANDROID_GKI_VFS_EXPORT_ONLY); /** * setattr_copy - copy simple metadata updates into the generic inode @@ -345,4 +345,4 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de return error; } -EXPORT_SYMBOL(notify_change); +EXPORT_SYMBOL_NS(notify_change, ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/autofs/init.c b/fs/autofs/init.c index d3f55e874338..ba08261f4faa 100644 --- a/fs/autofs/init.c +++ b/fs/autofs/init.c @@ -44,3 +44,4 @@ static void __exit exit_autofs_fs(void) module_init(init_autofs_fs) module_exit(exit_autofs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/bad_inode.c b/fs/bad_inode.c index 54f0ce444272..b292859f5f85 100644 --- a/fs/bad_inode.c +++ b/fs/bad_inode.c @@ -207,7 +207,7 @@ void make_bad_inode(struct inode *inode) inode->i_opflags &= ~IOP_XATTR; inode->i_fop = &bad_file_ops; } -EXPORT_SYMBOL(make_bad_inode); +EXPORT_SYMBOL_NS(make_bad_inode, ANDROID_GKI_VFS_EXPORT_ONLY); /* * This tests whether an inode has been flagged as bad. The test uses @@ -227,7 +227,7 @@ bool is_bad_inode(struct inode *inode) return (inode->i_op == &bad_inode_ops); } -EXPORT_SYMBOL(is_bad_inode); +EXPORT_SYMBOL_NS(is_bad_inode, ANDROID_GKI_VFS_EXPORT_ONLY); /** * iget_failed - Mark an under-construction inode as dead and release it diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c index c1ba13d19024..abb8f6bb7e39 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c @@ -34,6 +34,7 @@ MODULE_DESCRIPTION("BeOS File System (BeFS) driver"); MODULE_AUTHOR("Will Dyson"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); /* The units the vfs expects inode->i_blocks to be in */ #define VFS_BLOCK_SIZE 512 diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c index fd691e4815c5..293223cd4b37 100644 --- a/fs/bfs/inode.c +++ b/fs/bfs/inode.c @@ -22,6 +22,7 @@ MODULE_AUTHOR("Tigran Aivazian "); MODULE_DESCRIPTION("SCO UnixWare BFS filesystem for Linux"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); #undef DEBUG diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 11b5bf241955..3e4791efdf77 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -832,3 +832,4 @@ static void __exit exit_misc_binfmt(void) core_initcall(init_misc_binfmt); module_exit(exit_misc_binfmt); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/block_dev.c b/fs/block_dev.c index c7bb901f947e..f250a9866c6b 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -186,7 +186,7 @@ int sb_set_blocksize(struct super_block *sb, int size) return sb->s_blocksize; } -EXPORT_SYMBOL(sb_set_blocksize); +EXPORT_SYMBOL_NS(sb_set_blocksize, ANDROID_GKI_VFS_EXPORT_ONLY); int sb_min_blocksize(struct super_block *sb, int size) { @@ -196,7 +196,7 @@ int sb_min_blocksize(struct super_block *sb, int size) return sb_set_blocksize(sb, size); } -EXPORT_SYMBOL(sb_min_blocksize); +EXPORT_SYMBOL_NS(sb_min_blocksize, ANDROID_GKI_VFS_EXPORT_ONLY); static int blkdev_get_block(struct inode *inode, sector_t iblock, diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 2663485c17cb..b5d2005d3415 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2597,6 +2597,7 @@ late_initcall(init_btrfs_fs); module_exit(exit_btrfs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_SOFTDEP("pre: crc32c"); MODULE_SOFTDEP("pre: xxhash64"); MODULE_SOFTDEP("pre: sha256"); diff --git a/fs/buffer.c b/fs/buffer.c index 7b096c90ae53..d3916df01380 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -173,7 +173,7 @@ void end_buffer_write_sync(struct buffer_head *bh, int uptodate) unlock_buffer(bh); put_bh(bh); } -EXPORT_SYMBOL(end_buffer_write_sync); +EXPORT_SYMBOL_NS(end_buffer_write_sync, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Various filesystems appear to want __find_get_block to be non-blocking. @@ -419,7 +419,7 @@ void mark_buffer_async_write(struct buffer_head *bh) { mark_buffer_async_write_endio(bh, end_buffer_async_write); } -EXPORT_SYMBOL(mark_buffer_async_write); +EXPORT_SYMBOL_NS(mark_buffer_async_write, ANDROID_GKI_VFS_EXPORT_ONLY); /* @@ -674,7 +674,7 @@ int __set_page_dirty_buffers(struct page *page) return newly_dirty; } -EXPORT_SYMBOL(__set_page_dirty_buffers); +EXPORT_SYMBOL_NS(__set_page_dirty_buffers, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Write out and wait upon a list of buffers. @@ -1141,7 +1141,7 @@ void mark_buffer_dirty(struct buffer_head *bh) __mark_inode_dirty(mapping->host, I_DIRTY_PAGES); } } -EXPORT_SYMBOL(mark_buffer_dirty); +EXPORT_SYMBOL_NS(mark_buffer_dirty, ANDROID_GKI_VFS_EXPORT_ONLY); void mark_buffer_write_io_error(struct buffer_head *bh) { @@ -1159,7 +1159,7 @@ void mark_buffer_write_io_error(struct buffer_head *bh) errseq_set(&sb->s_wb_err, -EIO); rcu_read_unlock(); } -EXPORT_SYMBOL(mark_buffer_write_io_error); +EXPORT_SYMBOL_NS(mark_buffer_write_io_error, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Decrement a buffer_head's reference count. If all buffers against a page @@ -1176,7 +1176,7 @@ void __brelse(struct buffer_head * buf) } WARN(1, KERN_ERR "VFS: brelse: Trying to free free buffer\n"); } -EXPORT_SYMBOL(__brelse); +EXPORT_SYMBOL_NS(__brelse, ANDROID_GKI_VFS_EXPORT_ONLY); /* * bforget() is like brelse(), except it discards any @@ -1195,7 +1195,7 @@ void __bforget(struct buffer_head *bh) } __brelse(bh); } -EXPORT_SYMBOL(__bforget); +EXPORT_SYMBOL_NS(__bforget, ANDROID_GKI_VFS_EXPORT_ONLY); static struct buffer_head *__bread_slow(struct buffer_head *bh) { @@ -1376,7 +1376,7 @@ void __breadahead(struct block_device *bdev, sector_t block, unsigned size) brelse(bh); } } -EXPORT_SYMBOL(__breadahead); +EXPORT_SYMBOL_NS(__breadahead, ANDROID_GKI_VFS_EXPORT_ONLY); void __breadahead_gfp(struct block_device *bdev, sector_t block, unsigned size, gfp_t gfp) @@ -1411,7 +1411,7 @@ __bread_gfp(struct block_device *bdev, sector_t block, bh = __bread_slow(bh); return bh; } -EXPORT_SYMBOL(__bread_gfp); +EXPORT_SYMBOL_NS(__bread_gfp, ANDROID_GKI_VFS_EXPORT_ONLY); static void __invalidate_bh_lrus(struct bh_lru *b) { @@ -1573,7 +1573,7 @@ void block_invalidatepage(struct page *page, unsigned int offset, out: return; } -EXPORT_SYMBOL(block_invalidatepage); +EXPORT_SYMBOL_NS(block_invalidatepage, ANDROID_GKI_VFS_EXPORT_ONLY); /* @@ -1609,7 +1609,7 @@ void create_empty_buffers(struct page *page, attach_page_private(page, head); spin_unlock(&page->mapping->private_lock); } -EXPORT_SYMBOL(create_empty_buffers); +EXPORT_SYMBOL_NS(create_empty_buffers, ANDROID_GKI_VFS_EXPORT_ONLY); /** * clean_bdev_aliases: clean a range of buffers in block device @@ -1683,7 +1683,7 @@ unlock_page: break; } } -EXPORT_SYMBOL(clean_bdev_aliases); +EXPORT_SYMBOL_NS(clean_bdev_aliases, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Size is a power-of-two in the range 512..PAGE_SIZE, @@ -1941,7 +1941,7 @@ void page_zero_new_buffers(struct page *page, unsigned from, unsigned to) bh = bh->b_this_page; } while (bh != head); } -EXPORT_SYMBOL(page_zero_new_buffers); +EXPORT_SYMBOL_NS(page_zero_new_buffers, ANDROID_GKI_VFS_EXPORT_ONLY); static void iomap_to_bh(struct inode *inode, sector_t block, struct buffer_head *bh, @@ -2275,7 +2275,7 @@ int block_is_partially_uptodate(struct page *page, unsigned long from, return ret; } -EXPORT_SYMBOL(block_is_partially_uptodate); +EXPORT_SYMBOL_NS(block_is_partially_uptodate, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Generic "read page" function for block devices that have the normal @@ -3142,7 +3142,7 @@ void ll_rw_block(int op, int op_flags, int nr, struct buffer_head *bhs[]) unlock_buffer(bh); } } -EXPORT_SYMBOL(ll_rw_block); +EXPORT_SYMBOL_NS(ll_rw_block, ANDROID_GKI_VFS_EXPORT_ONLY); void write_dirty_buffer(struct buffer_head *bh, int op_flags) { @@ -3189,13 +3189,13 @@ int __sync_dirty_buffer(struct buffer_head *bh, int op_flags) } return ret; } -EXPORT_SYMBOL(__sync_dirty_buffer); +EXPORT_SYMBOL_NS(__sync_dirty_buffer, ANDROID_GKI_VFS_EXPORT_ONLY); int sync_dirty_buffer(struct buffer_head *bh) { return __sync_dirty_buffer(bh, REQ_SYNC); } -EXPORT_SYMBOL(sync_dirty_buffer); +EXPORT_SYMBOL_NS(sync_dirty_buffer, ANDROID_GKI_VFS_EXPORT_ONLY); /* * try_to_free_buffers() checks if all the buffers on this particular page diff --git a/fs/cachefiles/main.c b/fs/cachefiles/main.c index ddf0cd58d60c..0649e7e60134 100644 --- a/fs/cachefiles/main.c +++ b/fs/cachefiles/main.c @@ -28,6 +28,7 @@ MODULE_PARM_DESC(cachefiles_debug, "CacheFiles debugging mask"); MODULE_DESCRIPTION("Mounted-filesystem based cache"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); struct kmem_cache *cachefiles_object_jar; diff --git a/fs/ceph/super.c b/fs/ceph/super.c index 33ba6f0aa55c..baf01cf794ea 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c @@ -1323,3 +1323,4 @@ MODULE_AUTHOR("Yehuda Sadeh "); MODULE_AUTHOR("Patience Warnick "); MODULE_DESCRIPTION("Ceph filesystem for Linux"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index f0ed29a9a6f1..090d1e08b97f 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1692,6 +1692,7 @@ exit_cifs(void) MODULE_AUTHOR("Steve French"); MODULE_LICENSE("GPL"); /* combination of LGPL + GPL source behaves as GPL */ +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_DESCRIPTION ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " "also older servers complying with the SNIA CIFS Specification)"); diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c index 240669f51eac..897c7cb93f47 100644 --- a/fs/coda/psdev.c +++ b/fs/coda/psdev.c @@ -388,6 +388,7 @@ MODULE_AUTHOR("Jan Harkes, Peter J. Braam"); MODULE_DESCRIPTION("Coda Distributed File System VFS interface"); MODULE_ALIAS_CHARDEV_MAJOR(CODA_PSDEV_MAJOR); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_VERSION("7.0"); static int __init init_coda(void) diff --git a/fs/cramfs/inode.c b/fs/cramfs/inode.c index 4b90cfd1ec36..6245470112a1 100644 --- a/fs/cramfs/inode.c +++ b/fs/cramfs/inode.c @@ -1010,3 +1010,4 @@ static void __exit exit_cramfs_fs(void) module_init(init_cramfs_fs) module_exit(exit_cramfs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/dcache.c b/fs/dcache.c index ea0485861d93..cb588cee9669 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2110,7 +2110,7 @@ struct dentry *d_obtain_alias(struct inode *inode) { return __d_obtain_alias(inode, true); } -EXPORT_SYMBOL(d_obtain_alias); +EXPORT_SYMBOL_NS(d_obtain_alias, ANDROID_GKI_VFS_EXPORT_ONLY); /** * d_obtain_root - find or allocate a dentry for a given inode @@ -2184,7 +2184,7 @@ struct dentry *d_add_ci(struct dentry *dentry, struct inode *inode, } return found; } -EXPORT_SYMBOL(d_add_ci); +EXPORT_SYMBOL_NS(d_add_ci, ANDROID_GKI_VFS_EXPORT_ONLY); static inline bool d_same_name(const struct dentry *dentry, @@ -3065,7 +3065,7 @@ out: __d_add(dentry, inode); return NULL; } -EXPORT_SYMBOL(d_splice_alias); +EXPORT_SYMBOL_NS(d_splice_alias, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Test whether new_dentry is a subdirectory of old_dentry. diff --git a/fs/direct-io.c b/fs/direct-io.c index a70fc3267dad..b4bf6bb10dd8 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -1380,7 +1380,7 @@ ssize_t __blockdev_direct_IO(struct kiocb *iocb, struct inode *inode, end_io, submit_io, flags); } -EXPORT_SYMBOL(__blockdev_direct_IO); +EXPORT_SYMBOL_NS(__blockdev_direct_IO, ANDROID_GKI_VFS_EXPORT_ONLY); static __init int dio_init(void) { diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index b2f6a1937d23..eb12d38d000d 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -891,6 +891,7 @@ MODULE_AUTHOR("Michael A. Halcrow "); MODULE_DESCRIPTION("eCryptfs"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(ecryptfs_init) module_exit(ecryptfs_exit) diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 15880a68faad..b62aefe3b4b8 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -272,6 +272,7 @@ static __exit void efivarfs_exit(void) MODULE_AUTHOR("Matthew Garrett, Jeremy Kerr"); MODULE_DESCRIPTION("EFI Variable Filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_ALIAS_FS("efivarfs"); module_init(efivarfs_init); diff --git a/fs/efs/inode.c b/fs/efs/inode.c index 89e73a6f0d36..8c0ecaa62de2 100644 --- a/fs/efs/inode.c +++ b/fs/efs/inode.c @@ -311,3 +311,4 @@ efs_block_t efs_map_block(struct inode *inode, efs_block_t block) { } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/erofs/super.c b/fs/erofs/super.c index 22991d22af5a..92d9a4a9fc81 100644 --- a/fs/erofs/super.c +++ b/fs/erofs/super.c @@ -752,4 +752,5 @@ module_exit(erofs_module_exit); MODULE_DESCRIPTION("Enhanced ROM File System"); MODULE_AUTHOR("Gao Xiang, Chao Yu, Miao Xie, CONSUMER BG, HUAWEI Inc."); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/exfat/super.c b/fs/exfat/super.c index c6d8d2e53486..86bfdabd5cc6 100644 --- a/fs/exfat/super.c +++ b/fs/exfat/super.c @@ -836,5 +836,6 @@ module_exit(exit_exfat_fs); MODULE_ALIAS_FS("exfat"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_DESCRIPTION("exFAT filesystem support"); MODULE_AUTHOR("Samsung Electronics Co., Ltd."); diff --git a/fs/ext2/super.c b/fs/ext2/super.c index 09f1fe676972..3b772568cccc 100644 --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -1650,5 +1650,6 @@ static void __exit exit_ext2_fs(void) MODULE_AUTHOR("Remy Card and others"); MODULE_DESCRIPTION("Second Extended Filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_ext2_fs) module_exit(exit_ext2_fs) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index f486648c6292..a9a9ef974ebf 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -6735,6 +6735,7 @@ static void __exit ext4_exit_fs(void) MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); MODULE_DESCRIPTION("Fourth Extended Filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_SOFTDEP("pre: crc32c"); module_init(ext4_init_fs) module_exit(ext4_exit_fs) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 5dc856b66714..4ec97dd505a9 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4415,5 +4415,6 @@ module_exit(exit_f2fs_fs) MODULE_AUTHOR("Samsung Electronics's Praesto Team"); MODULE_DESCRIPTION("Flash Friendly File System"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_SOFTDEP("pre: crc32"); diff --git a/fs/fat/inode.c b/fs/fat/inode.c index bab9b202b496..577c73a55c68 100644 --- a/fs/fat/inode.c +++ b/fs/fat/inode.c @@ -1979,3 +1979,4 @@ module_init(init_fat_fs) module_exit(exit_fat_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c index 9d062886fbc1..8376577ba014 100644 --- a/fs/fat/namei_msdos.c +++ b/fs/fat/namei_msdos.c @@ -680,6 +680,7 @@ static void __exit exit_msdos_fs(void) } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_AUTHOR("Werner Almesberger"); MODULE_DESCRIPTION("MS-DOS filesystem support"); diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c index 0cdd0fb9f742..01fab05dc7a1 100644 --- a/fs/fat/namei_vfat.c +++ b/fs/fat/namei_vfat.c @@ -1077,6 +1077,7 @@ static void __exit exit_vfat_fs(void) } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_DESCRIPTION("VFAT filesystem support"); MODULE_AUTHOR("Gordon Chaffee"); diff --git a/fs/freevxfs/vxfs_super.c b/fs/freevxfs/vxfs_super.c index 578a5062706e..88fe3f470409 100644 --- a/fs/freevxfs/vxfs_super.c +++ b/fs/freevxfs/vxfs_super.c @@ -52,6 +52,7 @@ MODULE_AUTHOR("Christoph Hellwig, Krzysztof Blaszkowski"); MODULE_DESCRIPTION("Veritas Filesystem (VxFS) driver"); MODULE_LICENSE("Dual BSD/GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static struct kmem_cache *vxfs_inode_cachep; diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index a0869194ab73..d51354221fe7 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -2338,7 +2338,7 @@ void __mark_inode_dirty(struct inode *inode, int flags) out_unlock_inode: spin_unlock(&inode->i_lock); } -EXPORT_SYMBOL(__mark_inode_dirty); +EXPORT_SYMBOL_NS(__mark_inode_dirty, ANDROID_GKI_VFS_EXPORT_ONLY); /* * The @s_sync_lock is used to serialise concurrent sync operations @@ -2504,7 +2504,7 @@ void try_to_writeback_inodes_sb(struct super_block *sb, enum wb_reason reason) __writeback_inodes_sb_nr(sb, get_nr_dirty_pages(), reason, true); up_read(&sb->s_umount); } -EXPORT_SYMBOL(try_to_writeback_inodes_sb); +EXPORT_SYMBOL_NS(try_to_writeback_inodes_sb, ANDROID_GKI_VFS_EXPORT_ONLY); /** * sync_inodes_sb - sync sb inode pages @@ -2571,7 +2571,7 @@ int write_inode_now(struct inode *inode, int sync) might_sleep(); return writeback_single_inode(inode, &wbc); } -EXPORT_SYMBOL(write_inode_now); +EXPORT_SYMBOL_NS(write_inode_now, ANDROID_GKI_VFS_EXPORT_ONLY); /** * sync_inode - write an inode and its pages to disk. @@ -2608,4 +2608,4 @@ int sync_inode_metadata(struct inode *inode, int wait) return sync_inode(inode, &wbc); } -EXPORT_SYMBOL(sync_inode_metadata); +EXPORT_SYMBOL_NS(sync_inode_metadata, ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index b740088b1abb..e2f67cd1c43f 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -27,6 +27,7 @@ MODULE_AUTHOR("Miklos Szeredi "); MODULE_DESCRIPTION("Filesystem in Userspace"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static struct kmem_cache *fuse_inode_cachep; struct list_head fuse_conn_list; diff --git a/fs/gfs2/main.c b/fs/gfs2/main.c index c7393ee9cf68..81925fd2985f 100644 --- a/fs/gfs2/main.c +++ b/fs/gfs2/main.c @@ -260,6 +260,7 @@ static void __exit exit_gfs2_fs(void) MODULE_DESCRIPTION("Global File System"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_gfs2_fs); module_exit(exit_gfs2_fs); diff --git a/fs/hfs/super.c b/fs/hfs/super.c index 12d9bae39363..6432d65a0872 100644 --- a/fs/hfs/super.c +++ b/fs/hfs/super.c @@ -29,6 +29,7 @@ static struct kmem_cache *hfs_inode_cachep; MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static int hfs_sync_fs(struct super_block *sb, int wait) { diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c index 807119ae5adf..2b0031c6daea 100644 --- a/fs/hfsplus/super.c +++ b/fs/hfsplus/super.c @@ -617,6 +617,7 @@ out: MODULE_AUTHOR("Brad Boyer"); MODULE_DESCRIPTION("Extended Macintosh Filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static struct kmem_cache *hfsplus_inode_cachep; diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c index a7dbfc892022..d7598d70f329 100644 --- a/fs/hpfs/super.c +++ b/fs/hpfs/super.c @@ -791,3 +791,4 @@ static void __exit exit_hpfs_fs(void) module_init(init_hpfs_fs) module_exit(exit_hpfs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/incfs/main.c b/fs/incfs/main.c index 23347acac8bf..213faa5e9117 100644 --- a/fs/incfs/main.c +++ b/fs/incfs/main.c @@ -44,5 +44,6 @@ module_init(init_incfs_module); module_exit(cleanup_incfs_module); MODULE_LICENSE("GPL v2"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_AUTHOR("Eugene Zemtsov "); MODULE_DESCRIPTION("Incremental File System"); diff --git a/fs/inode.c b/fs/inode.c index 5eea9912a0b9..e19d291ccd71 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -307,7 +307,7 @@ void drop_nlink(struct inode *inode) if (!inode->i_nlink) atomic_long_inc(&inode->i_sb->s_remove_count); } -EXPORT_SYMBOL(drop_nlink); +EXPORT_SYMBOL_NS(drop_nlink, ANDROID_GKI_VFS_EXPORT_ONLY); /** * clear_nlink - directly zero an inode's link count @@ -346,7 +346,7 @@ void set_nlink(struct inode *inode, unsigned int nlink) inode->__i_nlink = nlink; } } -EXPORT_SYMBOL(set_nlink); +EXPORT_SYMBOL_NS(set_nlink, ANDROID_GKI_VFS_EXPORT_ONLY); /** * inc_nlink - directly increment an inode's link count @@ -399,7 +399,7 @@ void inode_init_once(struct inode *inode) __address_space_init_once(&inode->i_data); i_size_ordered_init(inode); } -EXPORT_SYMBOL(inode_init_once); +EXPORT_SYMBOL_NS(inode_init_once, ANDROID_GKI_VFS_EXPORT_ONLY); static void init_once(void *foo) { @@ -423,7 +423,7 @@ void ihold(struct inode *inode) { WARN_ON(atomic_inc_return(&inode->i_count) < 2); } -EXPORT_SYMBOL(ihold); +EXPORT_SYMBOL_NS(ihold, ANDROID_GKI_VFS_EXPORT_ONLY); static void inode_lru_list_add(struct inode *inode) { @@ -503,7 +503,7 @@ void __insert_inode_hash(struct inode *inode, unsigned long hashval) spin_unlock(&inode->i_lock); spin_unlock(&inode_hash_lock); } -EXPORT_SYMBOL(__insert_inode_hash); +EXPORT_SYMBOL_NS(__insert_inode_hash, ANDROID_GKI_VFS_EXPORT_ONLY); /** * __remove_inode_hash - remove an inode from the hash @@ -519,7 +519,7 @@ void __remove_inode_hash(struct inode *inode) spin_unlock(&inode->i_lock); spin_unlock(&inode_hash_lock); } -EXPORT_SYMBOL(__remove_inode_hash); +EXPORT_SYMBOL_NS(__remove_inode_hash, ANDROID_GKI_VFS_EXPORT_ONLY); void clear_inode(struct inode *inode) { @@ -539,7 +539,7 @@ void clear_inode(struct inode *inode) /* don't need i_lock here, no concurrent mods to i_state */ inode->i_state = I_FREEING | I_CLEAR; } -EXPORT_SYMBOL(clear_inode); +EXPORT_SYMBOL_NS(clear_inode, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Free the inode passed in, removing it from the lists it is still connected @@ -1001,7 +1001,7 @@ void unlock_new_inode(struct inode *inode) wake_up_bit(&inode->i_state, __I_NEW); spin_unlock(&inode->i_lock); } -EXPORT_SYMBOL(unlock_new_inode); +EXPORT_SYMBOL_NS(unlock_new_inode, ANDROID_GKI_VFS_EXPORT_ONLY); void discard_new_inode(struct inode *inode) { @@ -1158,7 +1158,7 @@ struct inode *iget5_locked(struct super_block *sb, unsigned long hashval, } return inode; } -EXPORT_SYMBOL(iget5_locked); +EXPORT_SYMBOL_NS(iget5_locked, ANDROID_GKI_VFS_EXPORT_ONLY); /** * iget_locked - obtain an inode from a mounted file system @@ -1290,7 +1290,7 @@ ino_t iunique(struct super_block *sb, ino_t max_reserved) return res; } -EXPORT_SYMBOL(iunique); +EXPORT_SYMBOL_NS(iunique, ANDROID_GKI_VFS_EXPORT_ONLY); struct inode *igrab(struct inode *inode) { @@ -1373,7 +1373,7 @@ again: } return inode; } -EXPORT_SYMBOL(ilookup5); +EXPORT_SYMBOL_NS(ilookup5, ANDROID_GKI_VFS_EXPORT_ONLY); /** * ilookup - search for an inode in the inode cache @@ -1852,7 +1852,7 @@ void touch_atime(const struct path *path) skip_update: sb_end_write(inode->i_sb); } -EXPORT_SYMBOL(touch_atime); +EXPORT_SYMBOL_NS(touch_atime, ANDROID_GKI_VFS_EXPORT_ONLY); /* * The logic we want is @@ -1948,7 +1948,7 @@ int file_remove_privs(struct file *file) return error; } -EXPORT_SYMBOL(file_remove_privs); +EXPORT_SYMBOL_NS(file_remove_privs, ANDROID_GKI_VFS_EXPORT_ONLY); /** * file_update_time - update mtime and ctime time @@ -2129,7 +2129,7 @@ void init_special_inode(struct inode *inode, umode_t mode, dev_t rdev) " inode %s:%lu\n", mode, inode->i_sb->s_id, inode->i_ino); } -EXPORT_SYMBOL(init_special_inode); +EXPORT_SYMBOL_NS(init_special_inode, ANDROID_GKI_VFS_EXPORT_ONLY); /** * inode_init_owner - Init uid,gid,mode for new inode according to posix standards @@ -2155,7 +2155,7 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, inode->i_gid = current_fsgid(); inode->i_mode = mode; } -EXPORT_SYMBOL(inode_init_owner); +EXPORT_SYMBOL_NS(inode_init_owner, ANDROID_GKI_VFS_EXPORT_ONLY); /** * inode_owner_or_capable - check current task permissions to inode @@ -2209,7 +2209,7 @@ void inode_dio_wait(struct inode *inode) if (atomic_read(&inode->i_dio_count)) __inode_dio_wait(inode); } -EXPORT_SYMBOL(inode_dio_wait); +EXPORT_SYMBOL_NS(inode_dio_wait, ANDROID_GKI_VFS_EXPORT_ONLY); /* * inode_set_flags - atomically set some inode flags @@ -2233,7 +2233,7 @@ void inode_set_flags(struct inode *inode, unsigned int flags, WARN_ON_ONCE(flags & ~mask); set_mask_bits(&inode->i_flags, mask, flags); } -EXPORT_SYMBOL(inode_set_flags); +EXPORT_SYMBOL_NS(inode_set_flags, ANDROID_GKI_VFS_EXPORT_ONLY); void inode_nohighmem(struct inode *inode) { @@ -2270,7 +2270,7 @@ struct timespec64 timestamp_truncate(struct timespec64 t, struct inode *inode) WARN(1, "invalid file time granularity: %u", gran); return t; } -EXPORT_SYMBOL(timestamp_truncate); +EXPORT_SYMBOL_NS(timestamp_truncate, ANDROID_GKI_VFS_EXPORT_ONLY); /** * current_time - Return FS time diff --git a/fs/ioctl.c b/fs/ioctl.c index 4e6cc0a7d69c..32d8bd3f958b 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -146,7 +146,7 @@ int fiemap_fill_next_extent(struct fiemap_extent_info *fieinfo, u64 logical, return 1; return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; } -EXPORT_SYMBOL(fiemap_fill_next_extent); +EXPORT_SYMBOL_NS(fiemap_fill_next_extent, ANDROID_GKI_VFS_EXPORT_ONLY); /** * fiemap_prep - check validity of requested flags for fiemap @@ -191,7 +191,7 @@ int fiemap_prep(struct inode *inode, struct fiemap_extent_info *fieinfo, ret = filemap_write_and_wait(inode->i_mapping); return ret; } -EXPORT_SYMBOL(fiemap_prep); +EXPORT_SYMBOL_NS(fiemap_prep, ANDROID_GKI_VFS_EXPORT_ONLY); static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) { diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c index 35675a1065be..b80f40c31a0f 100644 --- a/fs/isofs/inode.c +++ b/fs/isofs/inode.c @@ -1610,3 +1610,4 @@ static void __exit exit_iso9660_fs(void) module_init(init_iso9660_fs) module_exit(exit_iso9660_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 188f79d76988..7232d7cee8f4 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -3012,6 +3012,7 @@ static void __exit journal_exit(void) } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(journal_init); module_exit(journal_exit); diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 81ca58c10b72..16dcc359fd35 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -439,3 +439,4 @@ MODULE_DESCRIPTION("The Journalling Flash File System, v2"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); // Actually dual-licensed, but it doesn't matter for // the sake of this tag. It's Free Software. +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/jfs/super.c b/fs/jfs/super.c index b2dc4d1f9dcc..8a02b9bdea19 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c @@ -37,6 +37,7 @@ MODULE_DESCRIPTION("The Journaled Filesystem (JFS)"); MODULE_AUTHOR("Steve Best/Dave Kleikamp/Barry Arndt, IBM"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static struct kmem_cache *jfs_inode_cachep; diff --git a/fs/libfs.c b/fs/libfs.c index 1b4a215f7b74..40359a0b57e1 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -225,7 +225,7 @@ ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t { return -EISDIR; } -EXPORT_SYMBOL(generic_read_dir); +EXPORT_SYMBOL_NS(generic_read_dir, ANDROID_GKI_VFS_EXPORT_ONLY); const struct file_operations simple_dir_operations = { .open = dcache_dir_open, diff --git a/fs/minix/inode.c b/fs/minix/inode.c index 34f546404aa1..8a9d4a28290d 100644 --- a/fs/minix/inode.c +++ b/fs/minix/inode.c @@ -719,4 +719,5 @@ static void __exit exit_minix_fs(void) module_init(init_minix_fs) module_exit(exit_minix_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/mpage.c b/fs/mpage.c index 6bdb8dc021cc..ebbaf31cdea7 100644 --- a/fs/mpage.c +++ b/fs/mpage.c @@ -430,7 +430,7 @@ void mpage_readahead(struct readahead_control *rac, get_block_t get_block) if (args.bio) mpage_bio_submit(REQ_OP_READ, REQ_RAHEAD, args.bio); } -EXPORT_SYMBOL(mpage_readahead); +EXPORT_SYMBOL_NS(mpage_readahead, ANDROID_GKI_VFS_EXPORT_ONLY); /* * This isn't called much at all @@ -448,7 +448,7 @@ int mpage_readpage(struct page *page, get_block_t get_block) mpage_bio_submit(REQ_OP_READ, 0, args.bio); return 0; } -EXPORT_SYMBOL(mpage_readpage); +EXPORT_SYMBOL_NS(mpage_readpage, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Writing is not so simple. diff --git a/fs/namei.c b/fs/namei.c index 6d8635536485..297b2a774eaf 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2533,7 +2533,7 @@ int kern_path(const char *name, unsigned int flags, struct path *path) return filename_lookup(AT_FDCWD, getname_kernel(name), flags, path, NULL); } -EXPORT_SYMBOL(kern_path); +EXPORT_SYMBOL_NS(kern_path, ANDROID_GKI_VFS_EXPORT_ONLY); /** * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair @@ -2887,7 +2887,7 @@ int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, fsnotify_create(dir, dentry); return error; } -EXPORT_SYMBOL(vfs_create); +EXPORT_SYMBOL_NS(vfs_create, ANDROID_GKI_VFS_EXPORT_ONLY); int vfs_mkobj(struct dentry *dentry, umode_t mode, int (*f)(struct dentry *, umode_t, void *), @@ -3727,7 +3727,7 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) fsnotify_mkdir(dir, dentry); return error; } -EXPORT_SYMBOL(vfs_mkdir); +EXPORT_SYMBOL_NS(vfs_mkdir, ANDROID_GKI_VFS_EXPORT_ONLY); static long do_mkdirat(int dfd, const char __user *pathname, umode_t mode) { @@ -3802,7 +3802,7 @@ out: d_delete(dentry); return error; } -EXPORT_SYMBOL(vfs_rmdir); +EXPORT_SYMBOL_NS(vfs_rmdir, ANDROID_GKI_VFS_EXPORT_ONLY); long do_rmdir(int dfd, struct filename *name) { @@ -3924,7 +3924,7 @@ out: return error; } -EXPORT_SYMBOL(vfs_unlink); +EXPORT_SYMBOL_NS(vfs_unlink, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Make sure that the actual truncation of the file will occur outside its @@ -4159,7 +4159,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de fsnotify_link(dir, inode, new_dentry); return error; } -EXPORT_SYMBOL(vfs_link); +EXPORT_SYMBOL_NS(vfs_link, ANDROID_GKI_VFS_EXPORT_ONLY); /* * Hardlinks are often used in delicate situations. We avoid @@ -4419,7 +4419,7 @@ out: return error; } -EXPORT_SYMBOL(vfs_rename); +EXPORT_SYMBOL_NS(vfs_rename, ANDROID_GKI_VFS_EXPORT_ONLY); static int do_renameat2(int olddfd, const char __user *oldname, int newdfd, const char __user *newname, unsigned int flags) diff --git a/fs/namespace.c b/fs/namespace.c index 046b084136c5..6d1f11a6b290 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -415,7 +415,7 @@ int mnt_want_write_file(struct file *file) sb_end_write(file_inode(file)->i_sb); return ret; } -EXPORT_SYMBOL_GPL(mnt_want_write_file); +EXPORT_SYMBOL_NS_GPL(mnt_want_write_file, ANDROID_GKI_VFS_EXPORT_ONLY); /** * __mnt_drop_write - give up write access to a mount @@ -457,7 +457,7 @@ void mnt_drop_write_file(struct file *file) __mnt_drop_write_file(file); sb_end_write(file_inode(file)->i_sb); } -EXPORT_SYMBOL(mnt_drop_write_file); +EXPORT_SYMBOL_NS(mnt_drop_write_file, ANDROID_GKI_VFS_EXPORT_ONLY); static int mnt_make_readonly(struct mount *mnt) { diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 21addb78523d..6fe263d2657e 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -2326,6 +2326,7 @@ static void __exit exit_nfs_fs(void) /* Not quite true; I just maintain it */ MODULE_AUTHOR("Olaf Kirch "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_param(enable_ino64, bool, 0644); module_init(init_nfs_fs) diff --git a/fs/nfs/nfs4super.c b/fs/nfs/nfs4super.c index d09bcfd7db89..b422e8a09d25 100644 --- a/fs/nfs/nfs4super.c +++ b/fs/nfs/nfs4super.c @@ -309,6 +309,7 @@ static void __exit exit_nfs_v4(void) } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_nfs_v4); module_exit(exit_nfs_v4); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 0759e589ab52..45f2327735f3 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1580,5 +1580,6 @@ static void __exit exit_nfsd(void) MODULE_AUTHOR("Olaf Kirch "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_nfsd) module_exit(exit_nfsd) diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c index 4abd928b0bc8..ab1a5e8467f2 100644 --- a/fs/nilfs2/super.c +++ b/fs/nilfs2/super.c @@ -53,6 +53,7 @@ MODULE_AUTHOR("NTT Corp."); MODULE_DESCRIPTION("A New Implementation of the Log-structured Filesystem " "(NILFS)"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); static struct kmem_cache *nilfs_inode_cachep; struct kmem_cache *nilfs_transaction_cachep; diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c index 52ccd34b1e79..06c368ce3aa2 100644 --- a/fs/nls/nls_base.c +++ b/fs/nls/nls_base.c @@ -541,8 +541,8 @@ struct nls_table *load_nls_default(void) } EXPORT_SYMBOL(unregister_nls); -EXPORT_SYMBOL(unload_nls); -EXPORT_SYMBOL(load_nls); -EXPORT_SYMBOL(load_nls_default); +EXPORT_SYMBOL_NS(unload_nls, ANDROID_GKI_VFS_EXPORT_ONLY); +EXPORT_SYMBOL_NS(load_nls, ANDROID_GKI_VFS_EXPORT_ONLY); +EXPORT_SYMBOL_NS(load_nls_default, ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_LICENSE("Dual BSD/GPL"); diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c index 162b3f160353..498b8a435d7e 100644 --- a/fs/nls/nls_euc-jp.c +++ b/fs/nls/nls_euc-jp.c @@ -578,3 +578,4 @@ module_init(init_nls_euc_jp) module_exit(exit_nls_euc_jp) MODULE_LICENSE("Dual BSD/GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c index a80a741a8676..99ceec9085ec 100644 --- a/fs/nls/nls_koi8-ru.c +++ b/fs/nls/nls_koi8-ru.c @@ -80,3 +80,4 @@ module_init(init_nls_koi8_ru) module_exit(exit_nls_koi8_ru) MODULE_LICENSE("Dual BSD/GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c index 0d7e948cb29c..56edd625cf4d 100644 --- a/fs/ntfs/super.c +++ b/fs/ntfs/super.c @@ -3186,6 +3186,7 @@ MODULE_AUTHOR("Anton Altaparmakov "); MODULE_DESCRIPTION("NTFS 1.2/3.x driver - Copyright (c) 2001-2014 Anton Altaparmakov and Tuxera Inc."); MODULE_VERSION(NTFS_VERSION); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); #ifdef DEBUG module_param(debug_msgs, bint, 0); MODULE_PARM_DESC(debug_msgs, "Enable debug messages."); diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c index 583820ec63e2..5b3a8681f87e 100644 --- a/fs/ocfs2/dlmfs/dlmfs.c +++ b/fs/ocfs2/dlmfs/dlmfs.c @@ -615,6 +615,7 @@ static void __exit exit_dlmfs_fs(void) MODULE_AUTHOR("Oracle"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_DESCRIPTION("OCFS2 DLM-Filesystem"); module_init(init_dlmfs_fs) diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c index 2febc76e9de7..fae788ea1141 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -71,6 +71,7 @@ static struct dentry *ocfs2_debugfs_root; MODULE_AUTHOR("Oracle"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_DESCRIPTION("OCFS2 cluster file system"); struct mount_options diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index ce93ccca8639..27143a2cd962 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -20,6 +20,7 @@ MODULE_AUTHOR("Bob Copeland "); MODULE_DESCRIPTION("OMFS (ReplayTV/Karma) Filesystem for Linux"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); struct buffer_head *omfs_bread(struct super_block *sb, sector_t block) { diff --git a/fs/open.c b/fs/open.c index 78f32d483aef..b9d55ca3763b 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1158,7 +1158,7 @@ struct file *filp_open(const char *filename, int flags, umode_t mode) } return file; } -EXPORT_SYMBOL(filp_open); +EXPORT_SYMBOL_NS(filp_open, ANDROID_GKI_VFS_EXPORT_ONLY); /* ANDROID: Allow drivers to open only block files from kernel mode */ struct file *filp_open_block(const char *filename, int flags, umode_t mode) @@ -1390,7 +1390,7 @@ int generic_file_open(struct inode * inode, struct file * filp) return 0; } -EXPORT_SYMBOL(generic_file_open); +EXPORT_SYMBOL_NS(generic_file_open, ANDROID_GKI_VFS_EXPORT_ONLY); /* * This is used by subsystems that don't want seekable diff --git a/fs/orangefs/orangefs-mod.c b/fs/orangefs/orangefs-mod.c index 74a3d6337ef4..a76a6ba8b355 100644 --- a/fs/orangefs/orangefs-mod.c +++ b/fs/orangefs/orangefs-mod.c @@ -36,6 +36,7 @@ int orangefs_dcache_timeout_msecs = 50; int orangefs_getattr_timeout_msecs = 50; MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_AUTHOR("ORANGEFS Development Team"); MODULE_DESCRIPTION("The Linux Kernel VFS interface to ORANGEFS"); MODULE_PARM_DESC(module_parm_debug_mask, "debugging level (see orangefs-debug.h for values)"); diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index b66dc11476c1..88ebe0d54d6a 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -20,6 +20,7 @@ MODULE_AUTHOR("Miklos Szeredi "); MODULE_DESCRIPTION("Overlay filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); struct ovl_dir_cache; diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c index 3fb7fc819b4f..704fb7d09f0e 100644 --- a/fs/qnx4/inode.c +++ b/fs/qnx4/inode.c @@ -420,4 +420,5 @@ static void __exit exit_qnx4_fs(void) module_init(init_qnx4_fs) module_exit(exit_qnx4_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/qnx6/inode.c b/fs/qnx6/inode.c index 61191f7bdf62..ac771f0e0238 100644 --- a/fs/qnx6/inode.c +++ b/fs/qnx6/inode.c @@ -679,3 +679,4 @@ static void __exit exit_qnx6_fs(void) module_init(init_qnx6_fs) module_exit(exit_qnx6_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/read_write.c b/fs/read_write.c index 75f764b43418..ae703cb90599 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -471,7 +471,7 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) return ret; return __kernel_read(file, buf, count, pos); } -EXPORT_SYMBOL(kernel_read); +EXPORT_SYMBOL_NS(kernel_read, ANDROID_GKI_VFS_EXPORT_ONLY); ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { @@ -580,7 +580,7 @@ ssize_t kernel_write(struct file *file, const void *buf, size_t count, file_end_write(file); return ret; } -EXPORT_SYMBOL(kernel_write); +EXPORT_SYMBOL_NS(kernel_write, ANDROID_GKI_VFS_EXPORT_ONLY); ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos) { diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c index 913f5af9bf24..d84c2f2df0b7 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c @@ -2655,6 +2655,7 @@ MODULE_ALIAS_FS("reiserfs"); MODULE_DESCRIPTION("ReiserFS journaled filesystem"); MODULE_AUTHOR("Hans Reiser "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_reiserfs_fs); module_exit(exit_reiserfs_fs); diff --git a/fs/romfs/super.c b/fs/romfs/super.c index 259f684d9236..c335658c2e0f 100644 --- a/fs/romfs/super.c +++ b/fs/romfs/super.c @@ -666,3 +666,4 @@ module_exit(exit_romfs_fs); MODULE_DESCRIPTION("Direct-MTD Capable RomFS"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); /* Actually dual-licensed, but it doesn't matter for */ +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/splice.c b/fs/splice.c index 866d5c2367b2..036a47937c18 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -326,7 +326,7 @@ ssize_t generic_file_splice_read(struct file *in, loff_t *ppos, return ret; } -EXPORT_SYMBOL(generic_file_splice_read); +EXPORT_SYMBOL_NS(generic_file_splice_read, ANDROID_GKI_VFS_EXPORT_ONLY); const struct pipe_buf_operations default_pipe_buf_ops = { .release = generic_pipe_buf_release, @@ -722,7 +722,7 @@ done: return ret; } -EXPORT_SYMBOL(iter_file_splice_write); +EXPORT_SYMBOL_NS(iter_file_splice_write, ANDROID_GKI_VFS_EXPORT_ONLY); /** * generic_splice_sendpage - splice data from a pipe to a socket diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c index 88cc94be1076..83c48769f414 100644 --- a/fs/squashfs/super.c +++ b/fs/squashfs/super.c @@ -498,3 +498,4 @@ module_exit(exit_squashfs_fs); MODULE_DESCRIPTION("squashfs 4.0, a compressed read-only filesystem"); MODULE_AUTHOR("Phillip Lougher "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/stat.c b/fs/stat.c index 1196af4d1ea0..c8a078f3acf8 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -49,7 +49,7 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) stat->blksize = i_blocksize(inode); stat->blocks = inode->i_blocks; } -EXPORT_SYMBOL(generic_fillattr); +EXPORT_SYMBOL_NS(generic_fillattr, ANDROID_GKI_VFS_EXPORT_ONLY); /** * vfs_getattr_nosec - getattr without security checks diff --git a/fs/super.c b/fs/super.c index 98bb0629ee10..5df72b0b35d7 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1435,7 +1435,7 @@ error_bdev: error: return ERR_PTR(error); } -EXPORT_SYMBOL(mount_bdev); +EXPORT_SYMBOL_NS(mount_bdev, ANDROID_GKI_VFS_EXPORT_ONLY); void kill_block_super(struct super_block *sb) { @@ -1449,7 +1449,7 @@ void kill_block_super(struct super_block *sb) blkdev_put(bdev, mode | FMODE_EXCL); } -EXPORT_SYMBOL(kill_block_super); +EXPORT_SYMBOL_NS(kill_block_super, ANDROID_GKI_VFS_EXPORT_ONLY); #endif struct dentry *mount_nodev(struct file_system_type *fs_type, diff --git a/fs/sync.c b/fs/sync.c index 8e1c2272470f..9bbaa61994fc 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -66,7 +66,7 @@ int sync_filesystem(struct super_block *sb) return ret; return __sync_filesystem(sb, 1); } -EXPORT_SYMBOL(sync_filesystem); +EXPORT_SYMBOL_NS(sync_filesystem, ANDROID_GKI_VFS_EXPORT_ONLY); static void sync_inodes_one_sb(struct super_block *sb, void *arg) { diff --git a/fs/sysv/super.c b/fs/sysv/super.c index cc8e2ed155c8..e5383bff5dad 100644 --- a/fs/sysv/super.c +++ b/fs/sysv/super.c @@ -592,3 +592,4 @@ static void __exit exit_sysv_fs(void) module_init(init_sysv_fs) module_exit(exit_sysv_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index cfd46753a685..79de5f9dca17 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -2476,6 +2476,7 @@ static void __exit ubifs_exit(void) module_exit(ubifs_exit); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_VERSION(__stringify(UBIFS_VERSION)); MODULE_AUTHOR("Artem Bityutskiy, Adrian Hunter"); MODULE_DESCRIPTION("UBIFS - UBI File System"); diff --git a/fs/udf/super.c b/fs/udf/super.c index 5d2b820ef303..c8e08402ae92 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -2543,5 +2543,6 @@ static unsigned int udf_count_free(struct super_block *sb) MODULE_AUTHOR("Ben Fennema"); MODULE_DESCRIPTION("Universal Disk Format Filesystem"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(init_udf_fs) module_exit(exit_udf_fs) diff --git a/fs/ufs/super.c b/fs/ufs/super.c index 983558b572c7..e0d7149f76ca 100644 --- a/fs/ufs/super.c +++ b/fs/ufs/super.c @@ -1542,3 +1542,4 @@ static void __exit exit_ufs_fs(void) module_init(init_ufs_fs) module_exit(exit_ufs_fs) MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/vboxsf/super.c b/fs/vboxsf/super.c index d7816c01a4f6..12b1e4ffb5b9 100644 --- a/fs/vboxsf/super.c +++ b/fs/vboxsf/super.c @@ -490,4 +490,5 @@ module_exit(vboxsf_fini); MODULE_DESCRIPTION("Oracle VM VirtualBox Module for Host File System Access"); MODULE_AUTHOR("Oracle Corporation"); MODULE_LICENSE("GPL v2"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); MODULE_ALIAS_FS("vboxsf"); diff --git a/fs/xattr.c b/fs/xattr.c index d6bf5a7e2420..f157f0b1bdfc 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -291,7 +291,7 @@ retry_deleg: } return error; } -EXPORT_SYMBOL_GPL(vfs_setxattr); +EXPORT_SYMBOL_NS_GPL(vfs_setxattr, ANDROID_GKI_VFS_EXPORT_ONLY); static ssize_t xattr_getsecurity(struct inode *inode, const char *name, void *value, @@ -405,7 +405,7 @@ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) { return __vfs_getxattr(dentry, dentry->d_inode, name, value, size, 0); } -EXPORT_SYMBOL_GPL(vfs_getxattr); +EXPORT_SYMBOL_NS_GPL(vfs_getxattr, ANDROID_GKI_VFS_EXPORT_ONLY); ssize_t vfs_listxattr(struct dentry *dentry, char *list, size_t size) @@ -425,7 +425,7 @@ vfs_listxattr(struct dentry *dentry, char *list, size_t size) } return error; } -EXPORT_SYMBOL_GPL(vfs_listxattr); +EXPORT_SYMBOL_NS_GPL(vfs_listxattr, ANDROID_GKI_VFS_EXPORT_ONLY); int __vfs_removexattr(struct dentry *dentry, const char *name) diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index e3e229e52512..6a7724a3560a 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -2224,3 +2224,4 @@ module_exit(exit_xfs_fs); MODULE_AUTHOR("Silicon Graphics, Inc."); MODULE_DESCRIPTION(XFS_VERSION_STRING " with " XFS_BUILD_OPTIONS " enabled"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c index 2243dc1fb48f..96c93d1b3f75 100644 --- a/fs/zonefs/super.c +++ b/fs/zonefs/super.c @@ -1799,5 +1799,6 @@ static void __exit zonefs_exit(void) MODULE_AUTHOR("Damien Le Moal"); MODULE_DESCRIPTION("Zone file system for zoned block devices"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(ANDROID_GKI_VFS_EXPORT_ONLY); module_init(zonefs_init); module_exit(zonefs_exit); diff --git a/lib/test_lockup.c b/lib/test_lockup.c index f1a020bcc763..5359e2d1a2f2 100644 --- a/lib/test_lockup.c +++ b/lib/test_lockup.c @@ -595,5 +595,6 @@ static int __init test_lockup_init(void) module_init(test_lockup_init); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_AUTHOR("Konstantin Khlebnikov "); MODULE_DESCRIPTION("Test module to generate lockups"); diff --git a/net/9p/mod.c b/net/9p/mod.c index 5126566850bd..94cd2d132fd7 100644 --- a/net/9p/mod.c +++ b/net/9p/mod.c @@ -189,4 +189,5 @@ MODULE_AUTHOR("Latchesar Ionkov "); MODULE_AUTHOR("Eric Van Hensbergen "); MODULE_AUTHOR("Ron Minnich "); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_DESCRIPTION("Plan 9 Resource Sharing Support (9P2000)"); diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index 51a941b56ec3..4dfcd0d7ff3f 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -134,3 +134,4 @@ static void __exit fini_umh(void) module_init(load_umh); module_exit(fini_umh); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c index 236fadc4a439..6c320623cdcd 100644 --- a/net/sunrpc/sunrpc_syms.c +++ b/net/sunrpc/sunrpc_syms.c @@ -139,5 +139,6 @@ cleanup_sunrpc(void) rcu_barrier(); /* Wait for completion of call_rcu()'s */ } MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); fs_initcall(init_sunrpc); /* Ensure we're initialised before nfs */ module_exit(cleanup_sunrpc); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 37ffa7725cee..959487db38fc 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2986,4 +2986,5 @@ fs_initcall(af_unix_init); module_exit(af_unix_exit); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_ALIAS_NETPROTO(PF_UNIX); From bdc772adbd2de9384a869e06d2a72f31a5a6d1cb Mon Sep 17 00:00:00 2001 From: "chunhui.li" Date: Tue, 4 Jan 2022 15:16:58 +0800 Subject: [PATCH 88/93] ANDROID: kernel: fix debug_kinfo set twice crash issue If write string to /sys/module/debug_kinfo/parameters/build_info twice, kernel will crash. fix by removing vunmap in build_info_set. Bug: 213120696 Signed-off-by: Chunhui Li Change-Id: I683859067a31068de0006be8490efa4b0107044f --- drivers/staging/android/debug_kinfo.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/staging/android/debug_kinfo.c b/drivers/staging/android/debug_kinfo.c index 8e67fb3a205f..6a162325911e 100644 --- a/drivers/staging/android/debug_kinfo.c +++ b/drivers/staging/android/debug_kinfo.c @@ -81,7 +81,6 @@ static int build_info_set(const char *str, const struct kernel_param *kp) } Exit: - vunmap(all_info_addr); return ret; } From b7a6c15a6f06cc7e324c8d63b87cdd06b5597851 Mon Sep 17 00:00:00 2001 From: Qingqing Zhou Date: Tue, 30 Nov 2021 10:20:40 +0800 Subject: [PATCH 89/93] ANDROID: Configure out the macros in android_kabi and android_vendor Add one CONFIG to control removing the macros or not. On some platform, configureing out the macros removes the associated members from the structs, this reduces the object size of the slabs related with the structs, therefore reduces the total slab memory consumption of system. Besides, this also reduces vmlinux size a bit, therefore the total kernel memory size increses a bit. The macros are ANDROID_KABI_RESERVE, ANDROID_VENDOR_DATA, ANDROID_VENDOR_DATA_ARRAY, ANDROID_OEM_DATA, ANDROID_OEM_DATA_ARRAY. Bug: 206561931 Signed-off-by: Qingqing Zhou Change-Id: I0868d299ccce3c4b39f42af17916828500be6cc4 --- drivers/android/Kconfig | 17 +++++++++++++++++ include/linux/android_kabi.h | 4 ++++ include/linux/android_vendor.h | 15 +++++++++++++++ init/init_task.c | 2 ++ kernel/fork.c | 6 ++++-- 5 files changed, 42 insertions(+), 2 deletions(-) diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig index a99ff854a2ed..c9636c3c6dbd 100644 --- a/drivers/android/Kconfig +++ b/drivers/android/Kconfig @@ -74,6 +74,23 @@ config ANDROID_VENDOR_HOOKS Allow vendor modules to attach to tracepoint "hooks" defined via DECLARE_HOOK or DECLARE_RESTRICTED_HOOK. +config ANDROID_STRUCT_PADDING + bool "Android Struct Padding" + default y + help + This option enables the padding that the Android GKI kernel adds + to many different kernel structures to support an in-kernel stable ABI + over the lifespan of support for the kernel as well as OEM additional + fields that are needed by some of the Android kernel tracepoints. + + Only disable this option if you have a system that needs the Android + kernel drivers, but is NOT an Android GKI kernel image and you do NOT + use the Android kernel tracepoints. If disabled it has the possibility + to make the kernel static and runtime image slightly smaller but will + NOT be supported by the Google Android kernel team. + + If even slightly unsure, say Y. + endif # if ANDROID endmenu diff --git a/include/linux/android_kabi.h b/include/linux/android_kabi.h index 9c7b6c035ad3..dc0da1ab45d6 100644 --- a/include/linux/android_kabi.h +++ b/include/linux/android_kabi.h @@ -83,7 +83,11 @@ * number: the "number" of the padding variable in the structure. Start with * 1 and go up. */ +#ifdef CONFIG_ANDROID_STRUCT_PADDING #define ANDROID_KABI_RESERVE(number) _ANDROID_KABI_RESERVE(number) +#else +#define ANDROID_KABI_RESERVE(number) +#endif /* diff --git a/include/linux/android_vendor.h b/include/linux/android_vendor.h index 59fc5734bca2..ab3dca23966a 100644 --- a/include/linux/android_vendor.h +++ b/include/linux/android_vendor.h @@ -26,10 +26,25 @@ * Same as ANDROID_VENDOR_DATA but allocates an array of u64 with * the specified size */ +#ifdef CONFIG_ANDROID_STRUCT_PADDING #define ANDROID_VENDOR_DATA(n) u64 android_vendor_data##n #define ANDROID_VENDOR_DATA_ARRAY(n, s) u64 android_vendor_data##n[s] #define ANDROID_OEM_DATA(n) u64 android_oem_data##n #define ANDROID_OEM_DATA_ARRAY(n, s) u64 android_oem_data##n[s] +#define android_init_vendor_data(p, n) \ + memset(&p->android_vendor_data##n, 0, sizeof(p->android_vendor_data##n)) +#define android_init_oem_data(p, n) \ + memset(&p->android_oem_data##n, 0, sizeof(p->android_oem_data##n)) +#else +#define ANDROID_VENDOR_DATA(n) +#define ANDROID_VENDOR_DATA_ARRAY(n, s) +#define ANDROID_OEM_DATA(n) +#define ANDROID_OEM_DATA_ARRAY(n, s) + +#define android_init_vendor_data(p, n) +#define android_init_oem_data(p, n) +#endif + #endif /* _ANDROID_VENDOR_H */ diff --git a/init/init_task.c b/init/init_task.c index fba7fbed71dc..26e018fbbf78 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -213,8 +213,10 @@ struct task_struct init_task #ifdef CONFIG_SECCOMP_FILTER .seccomp = { .filter_count = ATOMIC_INIT(0) }, #endif +#ifdef CONFIG_ANDROID_STRUCT_PADDING .android_vendor_data1 = {0, }, .android_oem_data1 = {0, }, +#endif }; EXPORT_SYMBOL(init_task); diff --git a/kernel/fork.c b/kernel/fork.c index c4252e61e313..79f8221d286b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -978,8 +978,10 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) #ifdef CONFIG_MEMCG tsk->active_memcg = NULL; #endif - memset(&tsk->android_vendor_data1, 0, sizeof(tsk->android_vendor_data1)); - memset(&tsk->android_oem_data1, 0, sizeof(tsk->android_oem_data1)); + + android_init_vendor_data(tsk, 1); + android_init_oem_data(tsk, 1); + trace_android_vh_dup_task_struct(tsk, orig); return tsk; From 87a74496ed4a51378b6b01606639d71113b040e5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 12 Jan 2022 11:54:00 +0100 Subject: [PATCH 90/93] ANDROID: configfs: add proper module namespace marking Commit d483eed85ffb ("ANDROID: GKI: set vfs-only exports into their own namespace") added a namespace for vfs functions. For some kernelci build targets, configfs is built as a module, so add the proper namespace marking for configfs as well to fix the reported build problems. Fixes: d483eed85ffb ("ANDROID: GKI: set vfs-only exports into their own namespace") Signed-off-by: Greg Kroah-Hartman Change-Id: I1abc2f17d9a8f90f1fe060b314eb69cb1e6cfc5d --- fs/configfs/mount.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/configfs/mount.c b/fs/configfs/mount.c index 0c6e8cf61953..2ac2d0ea7777 100644 --- a/fs/configfs/mount.c +++ b/fs/configfs/mount.c @@ -173,6 +173,7 @@ static void __exit configfs_exit(void) MODULE_AUTHOR("Oracle"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); MODULE_VERSION("0.0.2"); MODULE_DESCRIPTION("Simple RAM filesystem for user driven kernel subsystem configuration."); From 428d0bb762073c679461c42066defe16f6bff748 Mon Sep 17 00:00:00 2001 From: Hammer_Tsao Date: Fri, 10 Dec 2021 12:55:13 +0800 Subject: [PATCH 91/93] ANDROID: Add initial ASUS symbol list for texfat/tntfs requirement Leaf changes summary: 125 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 125 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 125 Added functions: [A] 'function void __bforget(buffer_head*)' [A] 'function ssize_t __blockdev_direct_IO(kiocb*, inode*, block_device*, iov_iter*, get_block_t*, dio_iodone_t*, dio_submit_t*, int)' [A] 'function buffer_head* __bread_gfp(block_device*, sector_t, unsigned int, gfp_t)' [A] 'function void __breadahead(block_device*, sector_t, unsigned int)' [A] 'function void __brelse(buffer_head*)' [A] 'function void __cancel_dirty_page(page*)' [A] 'function void __cleancache_invalidate_inode(address_space*)' [A] 'function void __filemap_set_wb_err(address_space*, int)' [A] 'function void __insert_inode_hash(inode*, unsigned long int)' [A] 'function void __mark_inode_dirty(inode*, int)' [A] 'function void __pagevec_release(pagevec*)' [A] 'function void __remove_inode_hash(inode*)' [A] 'function int __set_page_dirty_buffers(page*)' [A] 'function int __set_page_dirty_nobuffers(page*)' [A] 'function int __test_set_page_writeback(page*, bool)' [A] 'function int add_to_page_cache_locked(page*, address_space*, unsigned long int, gfp_t)' [A] 'function wait_queue_head* bit_waitqueue(void*, int)' [A] 'function int blkdev_issue_discard(block_device*, sector_t, sector_t, gfp_t, unsigned long int)' [A] 'function void block_invalidatepage(page*, unsigned int, unsigned int)' [A] 'function int block_is_partially_uptodate(page*, unsigned long int, unsigned long int)' [A] 'function int buffer_migrate_page(address_space*, page*, page*, migrate_mode)' [A] 'function bool capable_wrt_inode_uidgid(const inode*, int)' [A] 'function void clean_bdev_aliases(block_device*, sector_t, sector_t)' [A] 'function void clear_inode(inode*)' [A] 'function int clear_page_dirty_for_io(page*)' [A] 'function void create_empty_buffers(page*, unsigned long int, unsigned long int)' [A] 'function int current_umask()' [A] 'function dentry* d_add_ci(dentry*, inode*, qstr*)' [A] 'function void d_instantiate(dentry*, inode*)' [A] 'function dentry* d_obtain_alias(inode*)' [A] 'function dentry* d_splice_alias(inode*, dentry*)' [A] 'function void delete_from_page_cache(page*)' [A] 'function void drop_nlink(inode*)' [A] 'function void end_buffer_write_sync(buffer_head*, int)' [A] 'function void end_page_writeback(page*)' [A] 'function errseq_t errseq_set(errseq_t*, int)' [A] 'function int fiemap_fill_next_extent(fiemap_extent_info*, u64, u64, u64, u32)' [A] 'function int fiemap_prep(inode*, fiemap_extent_info*, u64, u64*, u32)' [A] 'function int file_remove_privs(file*)' [A] 'function vm_fault_t filemap_fault(vm_fault*)' [A] 'function int filemap_fdatawait_range(address_space*, loff_t, loff_t)' [A] 'function int filemap_fdatawrite(address_space*)' [A] 'function int filemap_flush(address_space*)' [A] 'function int filemap_write_and_wait_range(address_space*, loff_t, loff_t)' [A] 'function file* filp_open(const char*, int, umode_t)' [A] 'function int generic_error_remove_page(address_space*, page*)' [A] 'function ssize_t generic_file_direct_write(kiocb*, iov_iter*)' [A] 'function int generic_file_mmap(file*, vm_area_struct*)' [A] 'function int generic_file_open(inode*, file*)' [A] 'function ssize_t generic_file_splice_read(file*, loff_t*, pipe_inode_info*, size_t, unsigned int)' [A] 'function void generic_fillattr(inode*, kstat*)' [A] 'function ssize_t generic_read_dir(file*, char*, size_t, loff_t*)' [A] 'function page* grab_cache_page_write_begin(address_space*, unsigned long int, unsigned int)' [A] 'function inode* iget5_locked(super_block*, unsigned long int, int (inode*, void*)*, int (inode*, void*)*, void*)' [A] 'function inode* igrab(inode*)' [A] 'function void ihold(inode*)' [A] 'function inode* ilookup5(super_block*, unsigned long int, int (inode*, void*)*, void*)' [A] 'function int in_group_p(kgid_t)' [A] 'function void inc_nlink(inode*)' [A] 'function void init_special_inode(inode*, umode_t, dev_t)' [A] 'function void inode_dio_wait(inode*)' [A] 'function void inode_init_once(inode*)' [A] 'function void inode_init_owner(inode*, const inode*, umode_t)' [A] 'function int inode_newsize_ok(const inode*, loff_t)' [A] 'function void inode_set_flags(inode*, unsigned int, unsigned int)' [A] 'function void io_schedule()' [A] 'function void iov_iter_advance(iov_iter*, size_t)' [A] 'function unsigned long int iov_iter_alignment(const iov_iter*)' [A] 'function size_t iov_iter_copy_from_user_atomic(page*, iov_iter*, unsigned long int, size_t)' [A] 'function int iov_iter_fault_in_readable(iov_iter*, size_t)' [A] 'function ssize_t iov_iter_get_pages(iov_iter*, page**, size_t, unsigned int, size_t*)' [A] 'function size_t iov_iter_single_seg_count(const iov_iter*)' [A] 'function bool is_bad_inode(inode*)' [A] 'function ssize_t iter_file_splice_write(pipe_inode_info*, file*, loff_t*, size_t, unsigned int)' [A] 'function ino_t iunique(super_block*, ino_t)' [A] 'function void kill_block_super(super_block*)' [A] 'function void ll_rw_block(int, int, int, buffer_head**)' [A] 'function nls_table* load_nls(char*)' [A] 'function nls_table* load_nls_default()' [A] 'function void lru_cache_add(page*)' [A] 'function void make_bad_inode(inode*)' [A] 'function void mark_buffer_async_write(buffer_head*)' [A] 'function void mark_buffer_dirty(buffer_head*)' [A] 'function void mark_buffer_write_io_error(buffer_head*)' [A] 'function void mark_page_accessed(page*)' [A] 'function void mnt_drop_write_file(file*)' [A] 'function int mnt_want_write_file(file*)' [A] 'function dentry* mount_bdev(file_system_type*, int, const char*, void*, int (super_block*, void*, int)*)' [A] 'function void mpage_readahead(readahead_control*, get_block_t*)' [A] 'function int mpage_readpage(page*, get_block_t*)' [A] 'function int notify_change(dentry*, iattr*, inode**)' [A] 'function unsigned long int page_cache_next_miss(address_space*, unsigned long int, unsigned long int)' [A] 'function unsigned long int page_cache_prev_miss(address_space*, unsigned long int, unsigned long int)' [A] 'function bool page_mapped(page*)' [A] 'function void page_zero_new_buffers(page*, unsigned int, unsigned int)' [A] 'function page* pagecache_get_page(address_space*, unsigned long int, int, gfp_t)' [A] 'function unsigned int pagevec_lookup_range(pagevec*, address_space*, unsigned long int*, unsigned long int)' [A] 'function unsigned int pagevec_lookup_range_tag(pagevec*, address_space*, unsigned long int*, unsigned long int, xa_mark_t)' [A] 'function void put_pages_list(list_head*)' [A] 'function gfp_t readahead_gfp_mask(address_space*)' [A] 'function int redirty_page_for_writepage(writeback_control*, page*)' [A] 'function int sb_min_blocksize(super_block*, int)' [A] 'function int sb_set_blocksize(super_block*, int)' [A] 'function int security_inode_init_security(inode*, inode*, const qstr*, const initxattrs, void*)' [A] 'function void set_nlink(inode*, unsigned int)' [A] 'function int setattr_prepare(dentry*, iattr*)' [A] 'function int sync_dirty_buffer(buffer_head*)' [A] 'function int sync_filesystem(super_block*)' [A] 'function int sync_inode_metadata(inode*, int)' [A] 'function void tag_pages_for_writeback(address_space*, unsigned long int, unsigned long int)' [A] 'function timespec64 timestamp_truncate(timespec64, inode*)' [A] 'function void touch_atime(const path*)' [A] 'function void truncate_inode_pages(address_space*, loff_t)' [A] 'function void truncate_inode_pages_final(address_space*)' [A] 'function void truncate_pagecache(inode*, loff_t)' [A] 'function void truncate_setsize(inode*, loff_t)' [A] 'function int try_to_release_page(page*, gfp_t)' [A] 'function void try_to_writeback_inodes_sb(super_block*, wb_reason)' [A] 'function void unload_nls(nls_table*)' [A] 'function void unlock_buffer(buffer_head*)' [A] 'function void unlock_new_inode(inode*)' [A] 'function void wait_on_page_bit(page*, int)' [A] 'function int wake_bit_function(wait_queue_entry*, unsigned int, int, void*)' [A] 'function int write_inode_now(inode*, int)' [A] 'function int write_one_page(page*)' Bug: 210074446 Change-Id: I597bf48aecce6c2cd90b79d08d153002d55a4e5f Signed-off-by: Hammer_Tsao --- android/abi_gki_aarch64.xml | 1016 +++++++++++++++++++++++++++++++++- android/abi_gki_aarch64_asus | 280 ++++++++++ build.config.gki.aarch64 | 1 + 3 files changed, 1294 insertions(+), 3 deletions(-) mode change 100644 => 100755 android/abi_gki_aarch64.xml create mode 100755 android/abi_gki_aarch64_asus diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml old mode 100644 new mode 100755 index bcd027c68344..66d35560d259 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -17,6 +17,7 @@ + @@ -32,10 +33,16 @@ + + + + + + @@ -101,6 +108,7 @@ + @@ -125,6 +133,7 @@ + @@ -151,6 +160,7 @@ + @@ -183,6 +193,7 @@ + @@ -214,6 +225,7 @@ + @@ -230,6 +242,8 @@ + + @@ -257,6 +271,7 @@ + @@ -691,6 +706,7 @@ + @@ -783,6 +799,7 @@ + @@ -899,9 +916,12 @@ + + + @@ -934,6 +954,7 @@ + @@ -957,6 +978,7 @@ + @@ -1003,9 +1025,12 @@ + + + @@ -1172,6 +1197,7 @@ + @@ -1263,12 +1289,17 @@ + + + + + @@ -1313,6 +1344,7 @@ + @@ -2207,6 +2239,7 @@ + @@ -2261,6 +2294,9 @@ + + + @@ -2300,11 +2336,20 @@ + + + + + + + + + @@ -2395,12 +2440,19 @@ + + + + + + + @@ -2512,6 +2564,7 @@ + @@ -2677,6 +2730,9 @@ + + + @@ -2704,12 +2760,15 @@ + + + @@ -2717,11 +2776,17 @@ + + + + + + @@ -2758,6 +2823,7 @@ + @@ -2807,8 +2873,14 @@ + + + + + + @@ -2881,12 +2953,15 @@ + + + @@ -2929,6 +3004,7 @@ + @@ -3049,8 +3125,11 @@ + + + @@ -3060,13 +3139,19 @@ + + + + + + @@ -3261,12 +3346,17 @@ + + + + + @@ -3350,6 +3440,7 @@ + @@ -3528,11 +3619,18 @@ + + + + + + + @@ -3918,6 +4016,7 @@ + @@ -3987,8 +4086,10 @@ + + @@ -4233,6 +4334,8 @@ + + @@ -4356,6 +4459,7 @@ + @@ -4413,11 +4517,13 @@ + + @@ -4840,8 +4946,11 @@ + + + @@ -4880,6 +4989,7 @@ + @@ -4935,8 +5045,10 @@ + + @@ -4964,9 +5076,15 @@ + + + + + + @@ -5137,6 +5255,9 @@ + + + @@ -5631,7 +5752,9 @@ + + @@ -5651,6 +5774,8 @@ + + @@ -7978,6 +8103,7 @@ + @@ -12304,6 +12430,7 @@ + @@ -13323,6 +13450,7 @@ + @@ -16655,6 +16783,7 @@ + @@ -21228,6 +21357,17 @@ + + + + + + + + + + + @@ -21375,6 +21515,7 @@ + @@ -25235,6 +25376,7 @@ + @@ -28155,6 +28297,12 @@ + + + + + + @@ -31037,6 +31185,7 @@ + @@ -31522,6 +31671,7 @@ + @@ -32114,6 +32264,13 @@ + + + + + + + @@ -33498,6 +33655,7 @@ + @@ -35597,6 +35755,12 @@ + + + + + + @@ -37320,6 +37484,7 @@ + @@ -40518,6 +40683,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -45322,6 +45513,7 @@ + @@ -46184,6 +46376,7 @@ + @@ -48913,6 +49106,12 @@ + + + + + + @@ -49784,7 +49983,71 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -52478,6 +52741,13 @@ + + + + + + + @@ -56432,6 +56702,11 @@ + + + + + @@ -62875,6 +63150,7 @@ + @@ -63071,7 +63347,20 @@ - + + + + + + + + + + + + + + @@ -69926,6 +70215,7 @@ + @@ -71646,6 +71936,7 @@ + @@ -77205,6 +77496,7 @@ + @@ -77848,6 +78140,9 @@ + + + @@ -87956,6 +88251,7 @@ + @@ -88647,7 +88943,23 @@ - + + + + + + + + + + + + + + + + + @@ -89779,6 +90091,12 @@ + + + + + + @@ -91520,6 +91838,11 @@ + + + + + @@ -95488,6 +95811,7 @@ + @@ -99763,6 +100087,7 @@ + @@ -100119,6 +100444,7 @@ + @@ -104190,6 +104516,26 @@ + + + + + + + + + + + + + + + + + + + + @@ -105268,6 +105614,12 @@ + + + + + + @@ -106918,6 +107270,7 @@ + @@ -109561,6 +109914,7 @@ + @@ -112875,6 +113229,17 @@ + + + + + + + + + + + @@ -113161,6 +113526,10 @@ + + + + @@ -113261,6 +113630,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -113284,6 +113685,10 @@ + + + + @@ -113699,6 +114104,11 @@ + + + + + @@ -113842,6 +114252,11 @@ + + + + + @@ -113998,6 +114413,11 @@ + + + + + @@ -114186,6 +114606,10 @@ + + + + @@ -114353,6 +114777,10 @@ + + + + @@ -114456,6 +114884,14 @@ + + + + + + + + @@ -114597,6 +115033,11 @@ + + + + + @@ -117636,6 +118077,13 @@ + + + + + + + @@ -118136,6 +118584,11 @@ + + + + + @@ -118733,6 +119186,14 @@ + + + + + + + + @@ -118749,6 +119210,18 @@ + + + + + + + + + + + + @@ -118979,6 +119452,13 @@ + + + + + + + @@ -119094,6 +119574,11 @@ + + + + + @@ -119345,6 +119830,12 @@ + + + + + + @@ -119353,6 +119844,14 @@ + + + + + + + + @@ -120195,6 +120694,12 @@ + + + + + + @@ -120680,6 +121185,9 @@ + + + @@ -120688,6 +121196,12 @@ + + + + + + @@ -120697,16 +121211,30 @@ + + + + + + + + + + + + + + @@ -120967,6 +121495,10 @@ + + + + @@ -125695,6 +126227,10 @@ + + + + @@ -125982,6 +126518,20 @@ + + + + + + + + + + + + + + @@ -126191,6 +126741,22 @@ + + + + + + + + + + + + + + + + @@ -126202,6 +126768,10 @@ + + + + @@ -126212,11 +126782,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -126695,17 +127295,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -126728,6 +127361,13 @@ + + + + + + + @@ -127280,6 +127920,12 @@ + + + + + + @@ -128106,7 +128752,23 @@ + + + + + + + + + + + + + + + + @@ -128243,6 +128905,13 @@ + + + + + + + @@ -128280,6 +128949,14 @@ + + + + + + + + @@ -128321,6 +128998,12 @@ + + + + + + @@ -128340,6 +129023,25 @@ + + + + + + + + + + + + + + + + + + + @@ -128349,6 +129051,12 @@ + + + + + + @@ -128527,6 +129235,9 @@ + + + @@ -128772,6 +129483,15 @@ + + + + + + + + + @@ -128780,6 +129500,26 @@ + + + + + + + + + + + + + + + + + + + + @@ -128788,6 +129528,10 @@ + + + + @@ -129182,6 +129926,10 @@ + + + + @@ -129202,6 +129950,14 @@ + + + + + + + + @@ -129209,6 +129965,11 @@ + + + + + @@ -129441,6 +130202,10 @@ + + + + @@ -130051,6 +130816,13 @@ + + + + + + + @@ -130061,6 +130833,13 @@ + + + + + + + @@ -130103,6 +130882,10 @@ + + + + @@ -130137,6 +130920,10 @@ + + + + @@ -130144,6 +130931,22 @@ + + + + + + + + + + + + + + + + @@ -131079,6 +131882,14 @@ + + + + + + + + @@ -131114,6 +131925,24 @@ + + + + + + + + + + + + + + + + + + @@ -131539,6 +132368,12 @@ + + + + + + @@ -132460,12 +133295,28 @@ + + + + + + + + + + + + + + + + @@ -132482,6 +133333,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -134461,6 +135340,10 @@ + + + + @@ -134767,6 +135650,10 @@ + + + + @@ -134776,6 +135663,11 @@ + + + + + @@ -135997,6 +136889,16 @@ + + + + + + + + + + @@ -136615,6 +137517,14 @@ + + + + + + + + @@ -136907,6 +137817,11 @@ + + + + + @@ -136931,6 +137846,11 @@ + + + + + @@ -139204,6 +140124,10 @@ + + + + @@ -139212,6 +140136,15 @@ + + + + + + + + + @@ -139407,6 +140340,12 @@ + + + + + + @@ -139682,6 +140621,11 @@ + + + + + @@ -139690,6 +140634,10 @@ + + + + @@ -139841,6 +140789,25 @@ + + + + + + + + + + + + + + + + + + + @@ -139856,6 +140823,16 @@ + + + + + + + + + + @@ -140743,6 +141720,18 @@ + + + + + + + + + + + + @@ -143244,12 +144233,24 @@ + + + + + + + + + + + + @@ -143340,6 +144341,15 @@ + + + + + + + + + diff --git a/android/abi_gki_aarch64_asus b/android/abi_gki_aarch64_asus new file mode 100755 index 000000000000..a44e7e67e0e4 --- /dev/null +++ b/android/abi_gki_aarch64_asus @@ -0,0 +1,280 @@ +[abi_symbol_list] +add_to_page_cache_locked +__alloc_pages_nodemask +__arch_copy_from_user +__arch_copy_to_user +arm64_const_caps_ready +autoremove_wake_function +balance_dirty_pages_ratelimited +bcmp +bdev_read_only +__bforget +bio_add_page +bio_alloc_bioset +bio_associate_blkg +bio_put +__bitmap_weight +bit_waitqueue +blkdev_issue_discard +blkdev_issue_flush +blk_finish_plug +blk_start_plug +__blockdev_direct_IO +block_invalidatepage +block_is_partially_uptodate +__breadahead +__bread_gfp +__brelse +buffer_migrate_page +__cancel_dirty_page +capable +capable_wrt_inode_uidgid +__cfi_slowpath +__check_object_size +clean_bdev_aliases +__cleancache_invalidate_inode +clear_inode +clear_page +clear_page_dirty_for_io +complete_and_exit +cpu_hwcap_keys +cpu_hwcaps +create_empty_buffers +current_umask +d_add +d_add_ci +delete_from_page_cache +d_instantiate +d_make_root +d_obtain_alias +down_read +down_write +down_write_trylock +dput +drop_nlink +d_splice_alias +dump_stack +end_buffer_read_sync +end_buffer_write_sync +end_page_writeback +errseq_set +failure_tracking +fget +fiemap_fill_next_extent +fiemap_prep +filemap_fault +filemap_fdatawait_range +filemap_fdatawrite +filemap_flush +__filemap_set_wb_err +filemap_write_and_wait_range +file_remove_privs +file_update_time +file_write_and_wait_range +filp_close +filp_open +finish_wait +flush_dcache_page +fput +freezing_slow_path +fs_bio_set +generic_error_remove_page +generic_file_direct_write +generic_file_llseek +generic_file_mmap +generic_file_open +generic_file_read_iter +generic_file_splice_read +generic_fillattr +generic_perform_write +generic_read_dir +generic_write_checks +__getblk_gfp +gic_nonsecure_priorities +grab_cache_page_write_begin +iget5_locked +igrab +ihold +ilookup5 +inc_nlink +in_group_p +__init_rwsem +init_special_inode +init_wait_entry +__init_waitqueue_head +inode_dio_wait +inode_init_once +inode_init_owner +inode_newsize_ok +inode_set_flags +__insert_inode_hash +invalidate_bdev +invalidate_mapping_pages +io_schedule +iov_iter_advance +iov_iter_alignment +iov_iter_copy_from_user_atomic +iov_iter_fault_in_readable +iov_iter_get_pages +iov_iter_single_seg_count +iput +is_bad_inode +iter_file_splice_write +iunique +jiffies +kasan_flag_enabled +kfree +kill_block_super +__kmalloc +kmalloc_caches +kmem_cache_alloc +kmem_cache_alloc_trace +kmem_cache_create +kmem_cache_create_usercopy +kmem_cache_destroy +kmem_cache_free +kthread_create_on_node +kthread_should_stop +kthread_stop +ktime_get_coarse_real_ts64 +kvfree +__list_add_valid +__list_del_entry_valid +ll_rw_block +load_nls +load_nls_default +__lock_buffer +__lock_page +lru_cache_add +make_bad_inode +mark_buffer_async_write +mark_buffer_dirty +mark_buffer_write_io_error +__mark_inode_dirty +mark_page_accessed +memcmp +memcpy +memmove +memset +mktime64 +mnt_drop_write_file +mnt_want_write_file +module_layout +mount_bdev +mpage_readahead +mpage_readpage +__mutex_init +mutex_lock +mutex_trylock +mutex_unlock +new_inode +notify_change +pagecache_get_page +page_cache_next_miss +page_cache_prev_miss +page_mapped +__page_pinner_migration_failed +pagevec_lookup_range +pagevec_lookup_range_tag +__pagevec_release +page_zero_new_buffers +__percpu_down_read +preempt_schedule +preempt_schedule_notrace +prepare_to_wait +prepare_to_wait_event +printk +__printk_ratelimit +__put_page +put_pages_list +___ratelimit +_raw_read_lock +_raw_read_lock_irqsave +_raw_read_unlock +_raw_read_unlock_irqrestore +_raw_spin_lock +_raw_spin_lock_irqsave +_raw_spin_unlock +_raw_spin_unlock_irqrestore +_raw_write_lock +_raw_write_lock_irqsave +_raw_write_unlock +_raw_write_unlock_irqrestore +rcuwait_wake_up +readahead_gfp_mask +read_cache_page +redirty_page_for_writepage +__refrigerator +register_filesystem +__remove_inode_hash +sb_min_blocksize +sb_set_blocksize +schedule +schedule_timeout_interruptible +security_inode_init_security +seq_printf +setattr_prepare +set_freezable +set_nlink +set_page_dirty +__set_page_dirty_buffers +__set_page_dirty_nobuffers +set_user_nice +simple_strtol +simple_strtoul +simple_strtoull +snprintf +sprintf +sscanf +__stack_chk_fail +__stack_chk_guard +strchr +strcmp +strlen +strncasecmp +strncmp +strsep +strstr +submit_bh +submit_bio +sync_blockdev +__sync_dirty_buffer +sync_dirty_buffer +sync_filesystem +sync_inode_metadata +system_freezing_cnt +sys_tz +tag_pages_for_writeback +__test_set_page_writeback +time64_to_tm +timestamp_truncate +touch_atime +truncate_inode_pages +truncate_inode_pages_final +truncate_pagecache +truncate_setsize +try_to_release_page +try_to_writeback_inodes_sb +unload_nls +unlock_buffer +unlock_new_inode +unlock_page +unmap_mapping_range +unregister_filesystem +up_read +up_write +vfree +vfs_fsync_range +vmalloc +__vmalloc +vsnprintf +vzalloc +__wait_on_buffer +wait_on_page_bit +wake_bit_function +__wake_up +wake_up_process +__warn_printk +write_inode_now +write_one_page +xa_load diff --git a/build.config.gki.aarch64 b/build.config.gki.aarch64 index cd473bc6e7ef..37a8271fd178 100644 --- a/build.config.gki.aarch64 +++ b/build.config.gki.aarch64 @@ -28,6 +28,7 @@ android/abi_gki_aarch64_unisoc android/abi_gki_aarch64_virtual_device android/abi_gki_aarch64_vivo android/abi_gki_aarch64_xiaomi +android/abi_gki_aarch64_asus " FILES="${FILES} From c29dd368efc6830924dd5f894fd96851c1ceae51 Mon Sep 17 00:00:00 2001 From: gaolong Date: Fri, 14 Jan 2022 11:13:09 +0800 Subject: [PATCH 92/93] ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus Update symbols to symbol list externed by oem modules. Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function int freq_qos_remove_notifier(freq_constraints*, freq_qos_req_type, notifier_block*)' Bug: 193384408 Signed-off-by: gaolong Change-Id: I50eac29ee78a0ee963602a8a00d94ad4af2ced03 --- android/abi_gki_aarch64.xml | 214 ++++++++++++++++++---------------- android/abi_gki_aarch64_oplus | 1 + 2 files changed, 115 insertions(+), 100 deletions(-) diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml index 66d35560d259..3b5a81f48074 100755 --- a/android/abi_gki_aarch64.xml +++ b/android/abi_gki_aarch64.xml @@ -2391,6 +2391,7 @@ + @@ -21904,222 +21905,222 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -25482,7 +25483,7 @@ - + @@ -25788,12 +25789,12 @@ - + - + - + @@ -47469,24 +47470,24 @@ - + - + - + - + - + - + - + @@ -47957,18 +47958,18 @@ - + - + - + - + - + @@ -71114,7 +71115,14 @@ - + + + + + + + + @@ -127016,6 +127024,12 @@ + + + + + + @@ -127049,10 +127063,10 @@ - - - - + + + + @@ -127584,12 +127598,12 @@ - - + + - - + + @@ -131859,8 +131873,8 @@ - - + + diff --git a/android/abi_gki_aarch64_oplus b/android/abi_gki_aarch64_oplus index 88af68ba6ccf..2c5078428d3e 100644 --- a/android/abi_gki_aarch64_oplus +++ b/android/abi_gki_aarch64_oplus @@ -893,6 +893,7 @@ freezing_slow_path freq_qos_add_notifier freq_qos_add_request + freq_qos_remove_notifier freq_qos_remove_request freq_qos_update_request freq_scale From 2c152aa3294204d893708aac1a15c9da2957b553 Mon Sep 17 00:00:00 2001 From: Yangtao Li Date: Wed, 4 Aug 2021 11:29:46 +0800 Subject: [PATCH 93/93] UPSTREAM: f2fs: reduce the scope of setting fsck tag when de->name_len is zero I recently found a case where de->name_len is 0 in f2fs_fill_dentries() easily reproduced, and finally set the fsck flag. Thread A Thread B - f2fs_readdir - f2fs_read_inline_dir - ctx->pos = d.max - f2fs_add_dentry - f2fs_add_inline_entry - do_convert_inline_dir - f2fs_add_regular_entry - f2fs_readdir - f2fs_fill_dentries - set_sbi_flag(sbi, SBI_NEED_FSCK) Process A opens the folder, and has been reading without closing it. During this period, Process B created a file under the folder (occupying multiple f2fs_dir_entry, exceeding the d.max of the inline dir). After creation, process A uses the d.max of inline dir to read it again, and it will read that de->name_len is 0. And Chao pointed out that w/o inline conversion, the race condition still can happen as below: dir_entry1: A dir_entry2: B dir_entry3: C free slot: _ ctx->pos: ^ Thread A is traversing directory, ctx-pos moves to below position after readdir() by thread A: AAAABBBB___ ^ Then thread B delete dir_entry2, and create dir_entry3. Thread A calls readdir() to lookup dirents starting from middle of new dirent slots as below: AAAACCCCCC_ ^ In these scenarios, the file system is not damaged, and it's hard to avoid it. But we can bypass tagging FSCK flag if: a) bit_pos (:= ctx->pos % d->max) is non-zero and b) before bit_pos moves to first valid dir_entry. Fixes: ddf06b753a85 ("f2fs: fix to trigger fsck if dirent.name_len is zero") Signed-off-by: Yangtao Li [Chao: clean up description] Reviewed-by: Chao Yu (cherry picked from commit 7b9b92ff1bf07300628e05d966d28318f32b3ecc) Signed-off-by: Jaegeuk Kim Change-Id: Iffb4f0e92a6c98cfafb9dcc7d7a0f5e5b1b3a1ef Change-Id: Ic7bd8a5bb10f2770fee913f4b5faad4f2b177efb Signed-off-by: haojianhua1 --- fs/f2fs/dir.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index 2d93dc257ea1..032ae4535ed7 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -1002,6 +1002,7 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, struct f2fs_sb_info *sbi = F2FS_I_SB(d->inode); struct blk_plug plug; bool readdir_ra = sbi->readdir_ra == 1; + bool found_valid_dirent = false; int err = 0; bit_pos = ((unsigned long)ctx->pos % d->max); @@ -1016,13 +1017,15 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, de = &d->dentry[bit_pos]; if (de->name_len == 0) { + if (found_valid_dirent || !bit_pos) { + printk_ratelimited( + "%sF2FS-fs (%s): invalid namelen(0), ino:%u, run fsck to fix.", + KERN_WARNING, sbi->sb->s_id, + le32_to_cpu(de->ino)); + set_sbi_flag(sbi, SBI_NEED_FSCK); + } bit_pos++; ctx->pos = start_pos + bit_pos; - printk_ratelimited( - "%sF2FS-fs (%s): invalid namelen(0), ino:%u, run fsck to fix.", - KERN_WARNING, sbi->sb->s_id, - le32_to_cpu(de->ino)); - set_sbi_flag(sbi, SBI_NEED_FSCK); continue; } @@ -1065,6 +1068,7 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, f2fs_ra_node_page(sbi, le32_to_cpu(de->ino)); ctx->pos = start_pos + bit_pos; + found_valid_dirent = true; } out: if (readdir_ra)