Update target dependencies for the vendor symbol list to
generate gki_module_unprotected.h with an extra _ for
the wildcard. This makes sure that all abi_gki_aarch64_<vendor>
files are being depend on but not abi_gki_aarch64.xml
Bug: 261722616
Bug: 232430739
Test: TH
Fixes: 0a903fe828 ("ANDROID: GKI: Header generation fix and
improvements")
Change-Id: Ic414492b1fcae14d41df234e73d0fd4601e33523
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
We currently have 3 different ways that __iommu_probe_device() may be
called, but no real guarantee that multiple callers can't tread on each
other, especially once asynchronous driver probe gets involved. It would
likely have taken a fair bit of luck to hit this previously, but commit
57365a04c921 ("iommu: Move bus setup to IOMMU device registration") ups
the odds since now it's not just omap-iommu that may trigger multiple
bus_iommu_probe() calls in parallel if probing asynchronously.
Add a lock to ensure we can't try to double-probe a device, and also
close some possible race windows to make sure we're truly robust against
trying to double-initialise a group via two different member devices.
Reported-by: Brian Norris <briannorris@chromium.org>
Tested-by: Brian Norris <briannorris@chromium.org>
Fixes: 57365a04c921 ("iommu: Move bus setup to IOMMU device registration")
Link: https://lore.kernel.org/r/1946ef9f774851732eed78760a78ec40dbc6d178.1667591503.git.robin.murphy@arm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Bug: 264326526
(cherry picked from commit 01657bc14a3990c665375f77978631fee77b1fce)
Change-Id: I51dbcdc5dc536b0e69c6187b2d7ac6a2031a305b
Signed-off-by: Luke Chang <lukechang@google.com>
(cherry picked from commit 81c28fd752ba26d03c93640c74a5d41e2920462b)
Do not defer softirq processing when RT throttling.
Otherwise softirq process would be deferred indefinitely.
Bug: 234597245
Test: Trigger RT Throttling and check RT & softirq behavior
Fixes: "ANDROID: softirq: defer softirq processing to ksoftirqd if CPU is busy with RT"
Signed-off-by: Luke Chang <lukechang@google.com>
Change-Id: I76df270c39ce8c0633b914c3354a27d6e559ec94
(cherry picked from commit e913814ab623277ce87528d2957709f2ad748641)
To bring some visibility to what is causing the hypervisor to wakeup,
bring 3 new hypervisor events:
* host issued HVC64 (host_hcall)
* host issued SMC (host_smc)
* host mem abort (host_mem_abort)
Bug: 229972309
Change-Id: I920ff7efa59b12b63bea4637ddd91b7cba614854
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
This format files is a copy paste of the one generated by host events in
order to keep the compatibility for userspace trace tools.
Bug: 229972309
Change-Id: I209e4b2780c104d64af6442bd7968c86b54819ae
Co-authored-By: Nikita Ioffe <ioffe@google.com>
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Nikita Ioffe <ioffe@google.com>
Set hyp_event="event1,event2" in the commandline to start tracing as
soon as possible the nVHE hypervisor.
Bug: 229972309
Change-Id: I878e342a8758a78a01d6ddf26355020945b2df33
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
This interface intends to be used by userspace tools to store raw
version of events. In such case, the kernel does not decode anything.
Bug: 229972309
Change-Id: Ib1fca21a34a308ad1361240ef598033ecab3b4ad
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Following the introduction of tracing buffers for the nVHE hypervisor,
add the support to declare in-hypervisor events.
Hypervisor events are declared into kvm_hypevents.h and can be called
with trace_<event_name>().
hyp_enter and hyp_exit events are provided as an example.
Bug: 229972309
Co-authored-By: Nikita Ioffe <ioffe@google.com>
Change-Id: I42d110fece793112d30530154aab49049b7fa520
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Nikita Ioffe <ioffe@google.com>
Now the nVHE hypervisor can write into a ring buffer. Add some support
to start the tracing and stop it.
This comes with a simple userspace interface tracing_on and per-CPU:
- trace.X: non-consuming read of the ring buffer.
- trace_pipe.X: consuming read of the ring buffer.
The hypervisor support to declare and decode hyp events will be
introduced later.
Bug: 229972309
Change-Id: I803b1fae8aaa5920d24adc547a9b5cc1c83d77f1
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Running at EL2, the host has very close to no way to know what's
happening in the hypervisor, which is great from a security point of
view, a bit less when it turns to debug it. With the introduction of the
protected mode, this piece of code is getting more responsibilities,
which we would like to debug and profile, hence the need to trace
"things" that are happening in the hypervisor.
There's no way the hypervisor could log things directly into the host
tracing interface. So instead let's use a separated per-CPU ring buffer
compliant with the host so the latter can decode the events.
The tracing interface is composed of 4 HVCs:
__pkvm_start_tracing: Gets a hyp_trace_pack describing the ring
buffers, the backing storage that'll support the internal structures and
some clock init values.
__pkvm_stop_tracing: Disable writing to the ring buffers and teardown.
__pkvm_rb_swap_reader_page: Request the writer to swap the head with
the reader page. This enables consuming read of the read buffer. See
kernel/ring_buffer.c (*ext_writer_swap_reader)() callback.
__pkvm_rb_update_footers: Request the writer to update the pages
footers. Those informations are then used to update the reader view on
the ring buffer. See kernel/ring_buffer.c (*ext_writer_update_footers)()
callback.
Bug: 229972309
Change-Id: I0e32223795de435aee8546af368672f0e67637b3
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
By default, the arm64 host kernel is using the arch timer as a source
for sched_clock. Conveniently, EL2 has access to that same counter,
allowing to generate clock values that are synchronized.
The clock needs nonetheless to be setup with the same slope values as
the kernel. Introducing at the same time trace_clock() which is expected
to be later configured by the hypervisor tracing.
Bug: 229972309
Change-Id: Icc560124e6b0879c8085b2eeb0b6123da907a7ae
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
The boot clock is interesting for tracing purpose as it doesn't stop on
device suspend. Exporting it intends to let the nVHE hypervisor for the
arm64 architecture to "replicate" that clock and allow event
synchronization with the host. Replicating implies to know the current
slope.
Bug: 229972309
Change-Id: Iefb6ffc433dac82297401f9acdff9758cc1b6a89
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
The ring buffer is convenient: it has a page granularity and its format
is already supported by userspace tools such as trace-cmd. It is a
natural solution to store events that would come from outside the kernel
such as a hypervisor.
In that case, where a writer is external to the kernel, the latter would
only be responsible for the allocation and to read back the ring buffer.
The allocation is done with the newly introduced function which just
needs a size and a set of callbacks (notice only the overwrite mode is
supported at the moment):
ring_buffer_alloc_ext(unsigned long size,
struct ring_buffer_ext_cb *cb)
The callbacks given to this allocator enables communication with the
external writer:
(*swap_reader)(int cpu): Ask the writer to swap the current reader
page with the head.
(*update_footers)(int cpu): Ask the writer to update material in the
page footers.
Each page from the ring buffer has indeed a footer in which statistics
and page status can be retrieved. This allows the kernel to update its
view on the ring buffer, following a reader page swap or a footers
update.
After the trace_buffer is allocated, a helper serializes the relevant
information into a structure that can be easily sent to the external
writer:
trace_buffer_pack(struct trace_buffer *trace_buffer,
struct trace_buffer_pack *pack)
The footer and pack description can be found in the newly introduced
header file include/linux/ring_buffer_ext.h.
When the kernel is writing to the ring buffer, it can wake up quite
easily the reader. That's not the case when the writer is external. A
new function allows polling for reading the ring buffer:
ring_buffer_poke(struct trace_buffer *buffer, int cpu)
A ring-buffer allocated for an external writer will forbid any writing
(the whole design of the ring buffer mandates a single writer) and will
also prevent extending or extracting pages.
When I presented this work to the tracingsummit, rosted@ told me he saw
some overlapping with an idea he had to enable him to map the tracing
buffers in userspace. We designed together a solution that would enable
both features. Problem now, if on one hand, the development of the new
design has started already... it would nonetheless impose a significant
revamp of this patchset, which wouldn't make it to Android14. Nothing
technically wrong with anything here, but sending it to LKML wouldn't
make sense, as I know already this isn't as "reusable" as the version
agreed upon.
Bug: 229972309
Change-Id: Iafcc1e2683a7460c94de3db116878c303601df64
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
In preparation for allowing the write of ring-buffer compliant pages
outside of ring_buffer.c move to the header, struct buffer_data_page and
timestamp encoding functions.
When I presented this work to the tracingsummit, rosted@ told me he saw
some overlapping with an idea he had to enable him to map the tracing
buffers in userspace. We designed together a solution that would enable
both features. Problem now, if on one hand, the development of the new
design has started already... it would nonetheless impose a significant
revamp of this patchset, which wouldn't make it to Android14. Nothing
technically wrong with anything here, but sending it to LKML wouldn't
make sense, as I know already this isn't as "reusable" as the version
agreed upon.
Bug: 229972309
Change-Id: Icf3329bd899a3dd91279d1bbadaf2dc4e243455c
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Nothing currently prevents a CPU suspend/resume cycle (for example)
while a vCPU is loaded under pKVM. The resume path will disable FP/SVE
traps, which may corrupt the guest FP state if it was in use when
suspend was issued.
To fix this issue and all related problems, proactively restore the host
FP state prior to handling SMCs form the host.
Bug: 266405428
Bug: 265901597
Change-Id: I75f7d18f81f17dfa323d3128d2c66769ef19c591
Signed-off-by: Quentin Perret <qperret@google.com>
In the config_ep_by_speed_and_alt function, select the corresponding
descriptor through g->speed. But some legacy or not well designed
function drivers may not support the corresponding speed. So, we can
directly display warnings instead of causing kernel panic. At the
same time, it indicates the reasons in warning message.
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Qihang Hu <huqihang@oppo.com>
Link: https://lore.kernel.org/r/20211110101129.462357-1-huqihang@oppo.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 16d42759207fc3d1bff7cfd330a08a225e470ba0)
Bug: 259171206
Change-Id: I5ceff4871e1e7693c7a2c68264e994f39194090b
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 045868f836b8f8a7f555f1d3a38f63c630dda216)
Currently, PKVM_PAGE_RESTRICTED_PROT == __PKVM_PAGE_RESERVED + 2, i.e.
BIT(55) | BIT(56) | BIT(1). IOW, It is not possible to distinguish
RESTRICTED from ownership.
Make PKVM_PAGE_RESTRICTED_PROT the second bit of pkvm_page_state so it
can be combined with the ownership status.
Bug: 244543039
Bug: 244373730
Change-Id: Iee9b84d4f07fca323b35e2d7da54f3657ae2cff9
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
(cherry picked from commit 39176c9df038a14bc114a0dda74c1cb49f2e3db0)
In the specification documents for the Uncompressed and MJPEG USB
Video Payloads, the field name is bmInterlaceFlags - it has been
misnamed within the kernel.
Although renaming the field does break the kernel's interface to
userspace it should be low-risk in this instance. The field is read
only and hardcoded to 0, so there was never any value in anyone
reading it. A search of the uvc-gadget application and all the
forks that I could find for it did not reveal any users either.
Fixes: cdda479f15 ("USB gadget: video class function driver")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Daniel Scally <dan.scally@ideasonboard.com>
Link: https://lore.kernel.org/r/20221206161203.1562827-1-dan.scally@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 81c25247a2a03a0f97e4805d7aff7541ccff6baa)
Bug: 259171206
Change-Id: I95ad86d0c0ab097b215e1ef655beea80c2cdb570
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 4d8c2d84cbd51aa0ef6e1ec096a760ab8124092d)
Since e219a712bc06 (usb: gadget: uvc: add v4l2 try_format api call) the
try_format function is available. With this function includes checks for
valid configurations programmed in the configfs. We use this function to
ensure to return valid values on the set_format callback.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Fixes: e219a712bc06 ("usb: gadget: uvc: add v4l2 try_format api call")
Link: https://lore.kernel.org/r/20221026182240.363055-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 181babf7b4e5050b7a23cb47eb06277405cf132f)
Bug: 259171206
Change-Id: I404c8d01dc53dcf3b400c0f9e1888992d9f65db8
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit f64a2b78d7143fe929dce47f76cfb15afbb35eaf)
For the userspace it is needed to distinguish between requests for the
control or streaming interface. The userspace would have to parse the
configfs to know which interface index it has to compare the ctrl
requests against. Since the interface numbers are not fixed, e.g. for
composite gadgets, the interface offset depends on the setup.
The kernel has this information when handing over the ctrl request to
the userspace. This patch removes the offset from the interface numbers
and expose the default interface defines in the uapi g_uvc.h.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20221011075348.1786897-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit d182bf156c4cb8b08ce4a75e82b3357b14a4382d)
Bug: 259171206
Change-Id: Ie5978ef268731e67ca72940ce6fbc7f980cb4419
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 044c3865c6cdd5ae9e10e7c39ceea726e568a884)
With the re-use of the previous completion status in 0d1c407b1a
("usb: dwc3: gadget: Return proper request status") it could be possible
that the next frame would also get dropped if the current frame has a
missed isoc error. Ensure that an interrupt is requested for the start
of a new frame.
Fixes: fc78941d81 ("usb: gadget: uvc: decrease the interrupt load to a quarter")
Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Vacura <w36195@motorola.com>
Link: https://lore.kernel.org/r/20221018215044.765044-2-w36195@motorola.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 8e8e923a49967b798e7d69f1ce9eff1dd2533547)
Bug: 259171206
Change-Id: I7d1b9243b788d2fb3593c52f4fb49ba195720af6
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit b6ebfbf5a143146b931a5e36206876e58cb7fb8a)
With the patch "588b9e85609b (usb: gadget: uvc: add v4l2 enumeration api
calls)" the driver is keeping a list of configfs entries currently
configured. The list is used in uvc_v4l2 on runtime.
The driver now is giving back the list item just after it was referenced
with config_item_put. It also calls config_item_put on uvc_free, which
is the only and right place to give back the reference. This patch fixes
the issue by removing the extra config_item_put in uvc_alloc.
Fixes: 588b9e85609b (usb: gadget: uvc: add v4l2 enumeration api calls)
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220930122839.1747279-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3180d827c807d8d6e5d6ba4f2e08eed9efa083af)
Bug: 259171206
Change-Id: Idf19d732cc5b90f09311a94d5d07c6e1805043f5
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit ed87044a7876666e144840fc8eb7276e70e82342)
When building s390 allmodconfig after commit 9b91a6523078 ("usb: gadget:
uvc: increase worker prio to WQ_HIGHPRI"), the following error occurs:
In file included from ../include/linux/string.h:253,
from ../include/linux/bitmap.h:11,
from ../include/linux/cpumask.h:12,
from ../include/linux/smp.h:13,
from ../include/linux/lockdep.h:14,
from ../include/linux/rcupdate.h:29,
from ../include/linux/rculist.h:11,
from ../include/linux/pid.h:5,
from ../include/linux/sched.h:14,
from ../include/linux/ratelimit.h:6,
from ../include/linux/dev_printk.h:16,
from ../include/linux/device.h:15,
from ../drivers/usb/gadget/function/f_uvc.c:9:
In function ‘fortify_memset_chk’,
inlined from ‘uvc_register_video’ at ../drivers/usb/gadget/function/f_uvc.c:424:2:
../include/linux/fortify-string.h:301:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
301 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This points to the memset() in uvc_register_video(). It is clear that
the argument to sizeof() is incorrect, as uvc->vdev (a 'struct
video_device') is being zeroed out but the size of uvc->video (a 'struct
uvc_video') is being used as the third arugment to memset().
pahole shows that prior to commit 9b91a6523078 ("usb: gadget: uvc:
increase worker prio to WQ_HIGHPRI"), 'struct video_device' and
'struct ucv_video' had the same size, meaning that the argument to
sizeof() is incorrect semantically but there is no visible issue:
$ pahole -s build/drivers/usb/gadget/function/f_uvc.o | grep -E "(uvc_video|video_device)\s+"
video_device 1400 4
uvc_video 1400 3
After that change, uvc_video becomes slightly larger, meaning that the
memset() will overwrite by 8 bytes:
$ pahole -s build/drivers/usb/gadget/function/f_uvc.o | grep -E "(uvc_video|video_device)\s+"
video_device 1400 4
uvc_video 1408 3
Fix the arugment to sizeof() so that there is no overwrite.
Cc: stable@vger.kernel.org
Fixes: e4ce9ed835bc ("usb: gadget: uvc: ensure the vdev is unset")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220928201921.3152163-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a15e17acce5aaae54243f55a7349c2225450b9bc)
Bug: 259171206
Change-Id: Id48717e01c36fa2ace9570b97553f371e5743fc3
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 2f15312ac45b4624b5a3892b4621ca628c1354eb)
This patch adds the uvc_v4l2_try_format api call to validate
the setting of v4l2_format. It will fallback to the nearest
allowed framesize.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220909221335.15033-5-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e219a712bc06dc68ecccb3085cb91438bee2466a)
Bug: 259171206
Change-Id: Ic83d90252ec07372470906d7f6259bde131d1a8a
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 794186691883217f752392b0d991efd305f7caf0)
This patch adds support to the v4l2 VIDIOCs for enum_format,
enum_framesizes and enum_frameintervals. This way, the userspace
application can use these VIDIOCS to query the via configfs exported
frame capabilities. With thes callbacks the userspace doesn't have to
bring its own configfs parser.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220909221335.15033-4-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 588b9e85609bcb2f84a2be83591480aa943943b6)
Bug: 259171206
Change-Id: I26bf3a509158da6f521c2e62076ef014cf0235b8
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 55c758d518b810a1f9d7026372f3965c1a75db24)
The uvc_format_desc, GUID defines and the uvc_format_by_guid helper is
also useful for the uvc gadget stack. This patch moves them to a common
header.
Tested-by: Daniel Scally <dan.scally@ideasonboard.com>
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220909221335.15033-3-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 6b028df7d466a5f7c0263a46256c9bdc42debd9f)
arakesh: resolved minor conflicts in drivers/media/usb/uvc/uvc_driver.c
and drivers/media/usb/uvc/uvcvideo.h
Bug: 259171206
Change-Id: I37b839850896fff279159fca93a50f4788184354
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 73879990ebc86148bef3a4aaa48770abb1afa00c)
The functions uvc_simplify_fraction and uvc_fraction_to_interval are
generic helpers which are also useful for other v4l2 drivers. This patch
moves them to v4l2-common.
Tested-by: Daniel Scally <dan.scally@ideasonboard.com>
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220909221335.15033-2-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 6ba8b8d45335180523df8f1b6cd1c995a3dbf560)
arakesh: resolved minor conflicts in include/media/v4l2-common.h and
drivers/media/v4l2-core/v4l2-common.c
Bug: 259171206
Change-Id: I17eea1ef6788ba98599b1d8a12499147ebef7d60
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 38131c2b2feb8611d27a07aefa97b6948f086a4f)
This patch is changing the simple workqueue in the gadget driver to be
allocated as async_wq with a higher priority. The pump worker, that is
filling the usb requests, will have a higher priority and will not be
scheduled away so often while the video stream is handled. This will
lead to fewer streaming underruns.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220907215818.2670097-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9b91a65230784a9ef644b8bdbb82a79ba4ae9456)
Bug: 242344221
Change-Id: I91ffbc93e8769c3b2674134679d5f9d48b566dbd
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 7b529581b92f406755d5dd2a7fcc907586b81049)
When setting the function name, it is always truncated by one char since
snprintf is always including the null-termination in the len parameter.
We use strscpy and fix the size setting to use len + 1 instead.
Fixes: 324e4f85070f ("usb: gadget: uvc: allow changing interface name via configfs")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220707115612.2760569-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3d0dc539029b09fbd125444c16b11a8ed10b9d0f)
Bug: 242344221
Change-Id: I9a138af30c0628b1ec127f7986ace12df77b2d00
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit a43fb0346221b9ff5ceece658f01dfb3d65b21b4)
A panic can occur if the endpoint becomes disabled and the
uvcg_video_pump adds the request back to the req_free list after it has
already been queued to the endpoint. The endpoint complete will add the
request back to the req_free list. Invalidate the local request handle
once it's been queued.
<6>[ 246.796704][T13726] configfs-gadget gadget: uvc: uvc_function_set_alt(1, 0)
<3>[ 246.797078][ T26] list_add double add: new=ffffff878bee5c40, prev=ffffff878bee5c40, next=ffffff878b0f0a90.
<6>[ 246.797213][ T26] ------------[ cut here ]------------
<2>[ 246.797224][ T26] kernel BUG at lib/list_debug.c:31!
<6>[ 246.807073][ T26] Call trace:
<6>[ 246.807180][ T26] uvcg_video_pump+0x364/0x38c
<6>[ 246.807366][ T26] process_one_work+0x2a4/0x544
<6>[ 246.807394][ T26] worker_thread+0x350/0x784
<6>[ 246.807442][ T26] kthread+0x2ac/0x320
Fixes: f9897ec0f6d3 ("usb: gadget: uvc: only pump video data if necessary")
Cc: stable@vger.kernel.org
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Dan Vacura <w36195@motorola.com>
Link: https://lore.kernel.org/r/20220617163154.16621-1-w36195@motorola.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 96163f835e65f8c9897487fac965819f0651d671)
Bug: 242344221
Change-Id: Ib3181d5965281318619c7b78da2c334701750e14
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 121bf203f8d4ea4d0d77a2b18f1d50d08d328d0e)
The UVC gadget driver historically uses the
/* Comment
* style
*/
for multi-line block comments, which is frowned upon. Patches for the
driver are required to use the more standard
/*
* Comment
* style
*/
style. This result in inconsistencies. Fix it by converting all
remaining instances of the old style.
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20220608174918.14656-1-laurent.pinchart@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c5d337a358b3e41bb4f7abd99a79b68a28eafaa2)
Bug: 242344221
Change-Id: I7bf64ebabf9f5d9ad4434cba36200d6edd925e73
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 6a2b46f5cc405639083d31648da70df69a497d28)
Just like the header is tracking the formats in a linked list, in this
patch we track the frames in a linked list of the formats. It
simplifies the parsing of the configfs structure.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220421211427.3400834-6-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a2673d570bd648851e00ac531bdf695f4ebb4f78)
Bug: 242344221
Change-Id: I8d3e4ba5b13cad2f195400ef4de5c8e196e25a8a
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit f58be91ef2c9ec0e286b9dce3c0b3f5f5fd8e4f6)
Some configfs variables like bDefaultFrameIndex are always starting by
1. This patch adds a check to prevent setting those variables to 0.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220421211427.3400834-4-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a350cfb6537f94be8a6423bc68a7a7883263c306)
Bug: 242344221
Change-Id: Ieb800223fe0071c7a3650b146a1d0c6f5f7ad8a2
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit fc33d1de5c0afbee9355448e4e634c0bdea558e6)
The pause flag doesn't appear to serve a purpose as it is possible for
the pump worker thread to not be running when new buffers are queued.
Before the following change was introduced: "43cd0023872e usb: gadget:
uvc_video: add worker to handle the frame pumping", the pause flag
status was discarded and never returned. This masked a current issues of
the userspace receiving non-zero values (considered unsuccessful) and
prevents trace_v4l2_qbuf() from being called.
Signed-off-by: Dan Vacura <w36195@motorola.com>
Link: https://lore.kernel.org/r/20220413192402.26063-1-w36195@motorola.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit be30e3502771ac0b5080ec61223d915354cde1cc)
Bug: 242344221
Change-Id: I5c2a67641d8a0af7a11ac43ad57b76b69bba26fc
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 08898958265824418edf6f3d56017af9452e3f0d)
Add a configfs entry, "function_name", to change the iInterface field
for VideoControl. This name is used on host devices for user selection,
useful when multiple cameras are present. The default will remain "UVC
Camera".
Signed-off-by: Dan Vacura <w36195@motorola.com>
Link: https://lore.kernel.org/r/20220401160447.5919-1-w36195@motorola.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 324e4f85070f89b58c5f9926370ad19dea907dc7)
Bug: 242344221
Change-Id: I5b4666156ce2300ae902bca2ff380560d19d3f0a
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit be901883514c2a53d532949bb7f8f1d9af93d698)
This patch adds the fields UVC_STREAM_PTS and UVC_STREAM_SCR to the uvc
header, in case this data is available. It also enables the copy of the
timestamp to the vb2_v4l2_buffer by setting V4L2_BUF_FLAG_TIMESTAMP_COPY
in the queue.timestamp_flags.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20211022093223.26493-2-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit fd03af27c3dfbff4f6b3905c5fceedebeca70e5e)
Bug: 242344221
Change-Id: Icccbf2d453f58e05984d995c572524ec3d9f577b
Signed-off-by: Avichal Rakesh <arakesh@google.com>
(cherry picked from commit 88ffebe89172100ec2b190512a1bd755c1d19cda)
In the process of converting cfg80211 and mac80211 to GKI modules, the
following bool configs were dropped:
CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEFAULT_PS is not set
# CONFIG_CFG80211_CRDA_SUPPORT is not set
These were dropped in commit b519faae30 ("ANDROID: ABI: gki_defconfig:
disable cfg80211 and mac80211"), but not re-added in commit 5659cc62f1
("ANDROID: GKI: Convert cfg/mac80211 as modules"). If you take a look at
android-mainline, you'll see that these configs were kept during the
transition.
This patch restores the original functionality. If vendors would like to
change these configs, then please file a bug.
Fixes: 5659cc62f1 ("ANDROID: GKI: Convert cfg/mac80211 as modules")
Bug: 266113567
Change-Id: Id59626677127704d9d2149dd6046a255a7dac96a
Signed-off-by: Will McVicker <willmcvicker@google.com>
Changes in 5.15.90
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
pNFS/filelayout: Fix coalescing test for single DS
selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID
tools/virtio: initialize spinlocks in vring_test.c
virtio_pci: modify ENOENT to EINVAL
vduse: Validate vq_num in vduse_validate_config()
net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down()
RDMA/srp: Move large values to a new enum for gcc13
btrfs: always report error in run_one_delayed_ref()
x86/asm: Fix an assembler warning with current binutils
f2fs: let's avoid panic if extent_tree is not created
perf/x86/rapl: Treat Tigerlake like Icelake
fbdev: omapfb: avoid stack overflow warning
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
wifi: mac80211: sdata can be NULL during AMPDU start
Add exception protection processing for vd in axi_chan_handle_err function
zonefs: Detect append writes at invalid locations
nilfs2: fix general protection fault in nilfs_btree_insert()
efi: fix userspace infinite retry read efivars after EFI runtime services page fault
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform
drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2)
drm/amd: Delay removal of the firmware framebuffer
hugetlb: unshare some PMDs when splitting VMAs
io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL
eventpoll: add EPOLL_URING_WAKE poll wakeup flag
eventfd: provide a eventfd_signal_mask() helper
io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups
io_uring: improve send/recv error handling
io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly
io_uring: add flag for disabling provided buffer recycling
io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG)
io_uring: allow re-poll if we made progress
io_uring: fix async accept on O_NONBLOCK sockets
io_uring: ensure that cached task references are always put on exit
io_uring: remove duplicated calls to io_kiocb_ppos
io_uring: update kiocb->ki_pos at execution time
io_uring: do not recalculate ppos unnecessarily
io_uring/rw: defer fsnotify calls to task context
xhci-pci: set the dma max_seg_size
usb: xhci: Check endpoint is valid before dereferencing it
xhci: Fix null pointer dereference when host dies
xhci: Add update_hub_device override for PCI xHCI hosts
xhci: Add a flag to disable USB3 lpm on a xhci root port level.
usb: acpi: add helper to check port lpm capability using acpi _DSM
xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
prlimit: do_prlimit needs to have a speculation check
USB: serial: option: add Quectel EM05-G (GR) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EM05CN modem
staging: vchiq_arm: fix enum vchiq_status return types
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
misc: fastrpc: Don't remove map on creater_process and device_release
misc: fastrpc: Fix use-after-free race condition for maps
usb: core: hub: disable autosuspend for TI TUSB8041
comedi: adv_pci1760: Fix PWM instruction handling
ACPI: PRM: Check whether EFI runtime is available
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
btrfs: do not abort transaction on failure to write log tree when syncing log
btrfs: fix race between quota rescan and disable leading to NULL pointer deref
cifs: do not include page data when checking signature
thunderbolt: Use correct function to calculate maximum USB3 link rate
riscv: dts: sifive: fu740: fix size of pcie 32bit memory
bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD
staging: mt7621-dts: change some node hex addresses to lower case
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
tty: fix possible null-ptr-defer in spk_ttyio_release
USB: gadgetfs: Fix race between mounting and unmounting
USB: serial: cp210x: add SCALANCE LPE-9000 device id
usb: cdns3: remove fetched trb from cache before dequeuing
usb: host: ehci-fsl: Fix module alias
usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail
usb: typec: altmodes/displayport: Add pin assignment helper
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation
dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
serial: pch_uart: Pass correct sg to dma_unmap_sg()
dmaengine: lgm: Move DT parsing after initialization
dmaengine: tegra210-adma: fix global intr clear
dmaengine: idxd: Let probe fail when workqueue cannot be enabled
serial: amba-pl011: fix high priority character transmission in rs486 mode
serial: atmel: fix incorrect baudrate setup
gsmi: fix null-deref in gsmi_get_variable
mei: me: add meteor lake point M DID
drm/i915: re-disable RC6p on Sandy Bridge
drm/i915/display: Check source height is > 0
drm/amd/display: Fix set scaling doesn's work
drm/amd/display: Calculate output_color_space after pixel encoding adjustment
drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
drm/amdgpu: drop experimental flag on aldebaran
fs/ntfs3: Fix attr_punch_hole() null pointer derenference
arm64: efi: Execute runtime services from a dedicated stack
efi: rt-wrapper: Add missing include
Revert "drm/amdgpu: make display pinning more flexible (v2)"
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
tracing: Use alignof__(struct {type b;}) instead of offsetof()
io_uring: io_kiocb_update_pos() should not touch file for non -1 offset
io_uring/net: fix fast_iov assignment in io_setup_async_msg()
net/ulp: use consistent error code when blocking ULP
net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work()
block: mq-deadline: Rename deadline_is_seq_writes()
Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
soc: qcom: apr: Make qcom,protection-domain optional again
mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
io_uring: Clean up a false-positive warning from GCC 9.3.0
io_uring: fix double poll leak on repolling
io_uring/rw: ensure kiocb_end_write() is always called
io_uring/rw: remove leftover debug statement
Linux 5.15.90
Change-Id: I5abc2e695f7183a1d3be9d8f62633bb1df8e8a48
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Reason for revert:
MMIO guard is initialised too late for earlycon, so the fixup is
a waste of time.
Signed-off-by: Keir Fraser <keirf@google.com>
Bug: 259645922
Change-Id: Iace214f7140baf073cfa5cef1ee65fca9e4a76d0
Add kasan.page_alloc.sample=10 to CONFIG_CMDLINE in gki_defconfig to make
Hardware Tag-Based (MTE) KASAN tag only one out of every 10 page_alloc
allocations with the order equal or larger than 3, which the omitted
default value for the kasan.page_alloc.sample.order parameter.
As Hardware Tag-Based KASAN is intended to be used in production, its
performance impact is crucial. As page_alloc allocations tend to be big,
tagging and checking all such allocations can introduce a significant
slowdown.
When running a local loopback test on a testing MTE-enabled device in sync
mode, enabling Hardware Tag-Based KASAN introduces a ~50% slowdown.
Setting kasan.page_alloc.sampling to a value higher than 1 allows to lower
the slowdown. The performance improvement saturates around the sampling
interval value of 10 with the default sampling page order of 3, see
b/238286329. This lowers the slowdown to ~20%. The slowdown in real
scenarios involving the network will likely be better.
Enabling page_alloc sampling has a downside: KASAN misses bad accesses to
a page_alloc allocation that has not been tagged. This lowers the value
of KASAN as a security mitigation.
However, based on measuring the number of page_alloc allocations of
different orders during boot in a test build, sampling with the default
kasan.page_alloc.sample.order value affects only ~7% of allocations. The
rest ~93% of allocations are still checked deterministically.
Bug: 238286329
Bug: 264310057
Change-Id: Id361822b8bbf929378cabbe0350b658d6120e840
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
[The patch is in the mm-unstable tree.]
The implementation of page_alloc poisoning sampling assumed that
tag_clear_highpage resets page tags for __GFP_ZEROTAGS allocations.
However, this is no longer the case since commit 70c248aca9e7
("mm: kasan: Skip unpoisoning of user pages").
This leads to kernel crashes when MTE-enabled userspace mappings are
used with Hardware Tag-Based KASAN enabled.
Reset page tags for __GFP_ZEROTAGS allocations in post_alloc_hook().
Also clarify and fix related comments.
Fixes: 44383cef54c0 ("kasan: allow sampling page_alloc allocations for HW_TAGS")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reported-by: Peter Collingbourne <pcc@google.com>
Tested-by: Peter Collingbourne <pcc@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 238286329
Bug: 264310057
Link: https://lore.kernel.org/all/5dbd866714b4839069e2d8469ac45b60953db290.1674592780.git.andreyknvl@google.com/
Change-Id: Iea4234bcf7e35337c8063827b07039583bca9c66
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
[The patch is in mm-stable tree.]
As Hardware Tag-Based KASAN is intended to be used in production, its
performance impact is crucial. As page_alloc allocations tend to be big,
tagging and checking all such allocations can introduce a significant
slowdown.
Add two new boot parameters that allow to alleviate that slowdown:
- kasan.page_alloc.sample, which makes Hardware Tag-Based KASAN tag only
every Nth page_alloc allocation with the order configured by the second
added parameter (default: tag every such allocation).
- kasan.page_alloc.sample.order, which makes sampling enabled by the first
parameter only affect page_alloc allocations with the order equal or
greater than the specified value (default: 3, see below).
The exact performance improvement caused by using the new parameters
depends on their values and the applied workload.
The chosen default value for kasan.page_alloc.sample.order is 3, which
matches both PAGE_ALLOC_COSTLY_ORDER and SKB_FRAG_PAGE_ORDER. This is
done for two reasons:
1. PAGE_ALLOC_COSTLY_ORDER is "the order at which allocations are deemed
costly to service", which corresponds to the idea that only large and
thus costly allocations are supposed to sampled.
2. One of the workloads targeted by this patch is a benchmark that sends
a large amount of data over a local loopback connection. Most multi-page
data allocations in the networking subsystem have the order of
SKB_FRAG_PAGE_ORDER (or PAGE_ALLOC_COSTLY_ORDER).
When running a local loopback test on a testing MTE-enabled device in sync
mode, enabling Hardware Tag-Based KASAN introduces a ~50% slowdown.
Applying this patch and setting kasan.page_alloc.sampling to a value
higher than 1 allows to lower the slowdown. The performance improvement
saturates around the sampling interval value of 10 with the default
sampling page order of 3. This lowers the slowdown to ~20%. The slowdown
in real scenarios involving the network will likely be better.
Enabling page_alloc sampling has a downside: KASAN misses bad accesses to
a page_alloc allocation that has not been tagged. This lowers the value
of KASAN as a security mitigation.
However, based on measuring the number of page_alloc allocations of
different orders during boot in a test build, sampling with the default
kasan.page_alloc.sample.order value affects only ~7% of allocations. The
rest ~93% of allocations are still checked deterministically.
Link: https://lkml.kernel.org/r/129da0614123bb85ed4dd61ae30842b2dd7c903f.1671471846.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Brand <markbrand@google.com>
Cc: Peter Collingbourne <pcc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 238286329
Bug: 264310057
(cherry picked from commit 44383cef54c0ce1201f884d83cc2b367bc5aa4f7 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-stable)
Change-Id: I85f9eb4e93eeddff8f8d06238f433226affca177
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
* This is the initial symbol list for
rockpi4 target.
Bug: 261782070
Change-Id: I76f8924f5e40c6ecfb91a5291b86a9d4fd9badb0
Signed-off-by: Ulises Mendez Martinez <umendez@google.com>
