From 77ae3e7bb8cef4b25cc0d8a9e75905001b55407f Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Fri, 30 Jun 2023 14:19:52 -0700 Subject: [PATCH 01/21] FROMGIT: swap: remove remnants of polling from read_swap_cache_async Patch series "Per-VMA lock support for swap and userfaults", v7. When per-VMA locks were introduced in [1] several types of page faults would still fall back to mmap_lock to keep the patchset simple. Among them are swap and userfault pages. The main reason for skipping those cases was the fact that mmap_lock could be dropped while handling these faults and that required additional logic to be implemented. Implement the mechanism to allow per-VMA locks to be dropped for these cases. First, change handle_mm_fault to drop per-VMA locks when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED to be consistent with the way mmap_lock is handled. Then change folio_lock_or_retry to accept vm_fault and return vm_fault_t which simplifies later patches. Finally allow swap and uffd page faults to be handled under per-VMA locks by dropping per-VMA and retrying, the same way it's done under mmap_lock. Naturally, once VMA lock is dropped that VMA should be assumed unstable and can't be used. This patch (of 6): Commit [1] introduced IO polling support duding swapin to reduce swap read latency for block devices that can be polled. However later commit [2] removed polling support. Therefore it seems safe to remove do_poll parameter in read_swap_cache_async and always call swap_readpage with synchronous=false waiting for IO completion in folio_lock_or_retry. [1] commit 23955622ff8d ("swap: add block io poll in swapin path") [2] commit 9650b453a3d4 ("block: ignore RWF_HIPRI hint for sync dio") Link: https://lkml.kernel.org/r/20230630211957.1341547-1-surenb@google.com Link: https://lkml.kernel.org/r/20230630211957.1341547-2-surenb@google.com Signed-off-by: Suren Baghdasaryan Suggested-by: "Huang, Ying" Reviewed-by: "Huang, Ying" Reviewed-by: Christoph Hellwig Cc: Alistair Popple Cc: Al Viro Cc: Christian Brauner Cc: David Hildenbrand Cc: David Howells Cc: Davidlohr Bueso Cc: Hillf Danton Cc: Hugh Dickins Cc: Jan Kara Cc: Johannes Weiner Cc: Josef Bacik Cc: Laurent Dufour Cc: Liam R. Howlett Cc: Lorenzo Stoakes Cc: Matthew Wilcox Cc: Michal Hocko Cc: Michel Lespinasse Cc: Minchan Kim Cc: Pavel Tatashin Cc: Peter Xu Cc: Punit Agrawal Cc: Vlastimil Babka Cc: Yu Zhao Signed-off-by: Andrew Morton (cherry picked from commit 4296c6a817b421061d6e0b9c654c7d4d5a038a5b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I3d647ba4d6093f4e3db2c4ff759e5ce59b45b0e1 Signed-off-by: Suren Baghdasaryan --- mm/madvise.c | 4 ++-- mm/swap.h | 1 - mm/swap_state.c | 12 +++++------- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/mm/madvise.c b/mm/madvise.c index f49a62a35827..42c5a65e1c2d 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -223,7 +223,7 @@ static int swapin_walk_pmd_entry(pmd_t *pmd, unsigned long start, trace_android_vh_madvise_swapin_walk_pmd_entry(entry); page = read_swap_cache_async(entry, GFP_HIGHUSER_MOVABLE, - vma, index, false, &splug); + vma, index, &splug); if (page) put_page(page); } @@ -259,7 +259,7 @@ static void force_shm_swapin_readahead(struct vm_area_struct *vma, rcu_read_unlock(); page = read_swap_cache_async(swap, GFP_HIGHUSER_MOVABLE, - NULL, 0, false, &splug); + NULL, 0, &splug); if (page) put_page(page); diff --git a/mm/swap.h b/mm/swap.h index cc08c459c619..9ad061576192 100644 --- a/mm/swap.h +++ b/mm/swap.h @@ -46,7 +46,6 @@ struct page *find_get_incore_page(struct address_space *mapping, pgoff_t index); struct page *read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask, struct vm_area_struct *vma, unsigned long addr, - bool do_poll, struct swap_iocb **plug); struct page *__read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask, struct vm_area_struct *vma, diff --git a/mm/swap_state.c b/mm/swap_state.c index 438d0676c5be..3e7db8ea40f3 100644 --- a/mm/swap_state.c +++ b/mm/swap_state.c @@ -515,15 +515,14 @@ fail_unlock: */ struct page *read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask, struct vm_area_struct *vma, - unsigned long addr, bool do_poll, - struct swap_iocb **plug) + unsigned long addr, struct swap_iocb **plug) { bool page_was_allocated; struct page *retpage = __read_swap_cache_async(entry, gfp_mask, vma, addr, &page_was_allocated); if (page_was_allocated) - swap_readpage(retpage, do_poll, plug); + swap_readpage(retpage, false, plug); return retpage; } @@ -618,7 +617,7 @@ struct page *swap_cluster_readahead(swp_entry_t entry, gfp_t gfp_mask, struct swap_info_struct *si = swp_swap_info(entry); struct blk_plug plug; struct swap_iocb *splug = NULL; - bool do_poll = true, page_allocated; + bool page_allocated; struct vm_area_struct *vma = vmf->vma; unsigned long addr = vmf->address; @@ -626,7 +625,6 @@ struct page *swap_cluster_readahead(swp_entry_t entry, gfp_t gfp_mask, if (!mask) goto skip; - do_poll = false; /* Read a page_cluster sized and aligned cluster around offset. */ start_offset = offset & ~mask; end_offset = offset | mask; @@ -658,7 +656,7 @@ struct page *swap_cluster_readahead(swp_entry_t entry, gfp_t gfp_mask, lru_add_drain(); /* Push any new pages onto the LRU now */ skip: /* The page was likely read above, so no need for plugging here */ - return read_swap_cache_async(entry, gfp_mask, vma, addr, do_poll, NULL); + return read_swap_cache_async(entry, gfp_mask, vma, addr, NULL); } int init_swap_address_space(unsigned int type, unsigned long nr_pages) @@ -832,7 +830,7 @@ static struct page *swap_vma_readahead(swp_entry_t fentry, gfp_t gfp_mask, skip: /* The page was likely read above, so no need for plugging here */ return read_swap_cache_async(fentry, gfp_mask, vma, vmf->address, - ra_info.win == 1, NULL); + NULL); } /** From 4a207efbe0b5b01cee3aabd804916e1968eabafb Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Fri, 30 Jun 2023 14:19:53 -0700 Subject: [PATCH 02/21] FROMGIT: mm: add missing VM_FAULT_RESULT_TRACE name for VM_FAULT_COMPLETED VM_FAULT_RESULT_TRACE should contain an element for every vm_fault_reason to be used as flag_array inside trace_print_flags_seq(). The element for VM_FAULT_COMPLETED is missing, add it. Link: https://lkml.kernel.org/r/20230630211957.1341547-3-surenb@google.com Signed-off-by: Suren Baghdasaryan Reviewed-by: Peter Xu Cc: Alistair Popple Cc: Al Viro Cc: Christian Brauner Cc: Christoph Hellwig Cc: David Hildenbrand Cc: David Howells Cc: Davidlohr Bueso Cc: Hillf Danton Cc: "Huang, Ying" Cc: Hugh Dickins Cc: Jan Kara Cc: Johannes Weiner Cc: Josef Bacik Cc: Laurent Dufour Cc: Liam R. Howlett Cc: Lorenzo Stoakes Cc: Matthew Wilcox Cc: Michal Hocko Cc: Michel Lespinasse Cc: Minchan Kim Cc: Pavel Tatashin Cc: Punit Agrawal Cc: Vlastimil Babka Cc: Yu Zhao Signed-off-by: Andrew Morton (cherry picked from commit 4669552b64a6cf9ba2b48cf719879867efadcd8b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: Icef851c27ab1ea8e85c7fccc26b26480b9c42443 Signed-off-by: Suren Baghdasaryan --- include/linux/mm_types.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index 248151aa6be9..00f5715a28c7 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -942,7 +942,8 @@ enum vm_fault_reason { { VM_FAULT_RETRY, "RETRY" }, \ { VM_FAULT_FALLBACK, "FALLBACK" }, \ { VM_FAULT_DONE_COW, "DONE_COW" }, \ - { VM_FAULT_NEEDDSYNC, "NEEDDSYNC" } + { VM_FAULT_NEEDDSYNC, "NEEDDSYNC" }, \ + { VM_FAULT_COMPLETED, "COMPLETED" } struct vm_special_mapping { const char *name; /* The name, e.g. "[vdso]". */ From 7bfd71d29806aec1473bfb1ece0e35780251dd79 Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Wed, 19 Jul 2023 11:39:13 -0700 Subject: [PATCH 03/21] ANDROID: GKI: Update protected exports Run `bazel run @//common:kernel_aarch64_abi_update_protected_exports` on latest kernel to clean up the protected exports list. This is blocking updating the ABI since this list needs to be accurate before updating the ABI. Bug: 287170531 Change-Id: I8173060087cad060314ae0e494e30b71052e1d8f Signed-off-by: Will McVicker --- android/abi_gki_protected_exports_aarch64 | 2 -- android/abi_gki_protected_exports_x86_64 | 2 -- 2 files changed, 4 deletions(-) diff --git a/android/abi_gki_protected_exports_aarch64 b/android/abi_gki_protected_exports_aarch64 index e4792af0a0ef..7d97572e6175 100644 --- a/android/abi_gki_protected_exports_aarch64 +++ b/android/abi_gki_protected_exports_aarch64 @@ -336,12 +336,10 @@ wpan_phy_new wpan_phy_register wpan_phy_unregister wwan_create_port -wwan_get_debugfs_dir wwan_port_get_drvdata wwan_port_rx wwan_port_txoff wwan_port_txon -wwan_put_debugfs_dir wwan_register_ops wwan_remove_port wwan_unregister_ops \ No newline at end of file diff --git a/android/abi_gki_protected_exports_x86_64 b/android/abi_gki_protected_exports_x86_64 index e4792af0a0ef..7d97572e6175 100644 --- a/android/abi_gki_protected_exports_x86_64 +++ b/android/abi_gki_protected_exports_x86_64 @@ -336,12 +336,10 @@ wpan_phy_new wpan_phy_register wpan_phy_unregister wwan_create_port -wwan_get_debugfs_dir wwan_port_get_drvdata wwan_port_rx wwan_port_txoff wwan_port_txon -wwan_put_debugfs_dir wwan_register_ops wwan_remove_port wwan_unregister_ops \ No newline at end of file From 62ef90de0d67c6f068671850108dc98aa7238bdb Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Wed, 19 Jul 2023 11:30:33 -0700 Subject: [PATCH 04/21] ANDROID: GKI: Update the pixel symbol list These symbols are part of supporting Pixel devices on GKI kernels. 1 function symbol(s) added 'struct gpio_desc* devm_gpiod_get_index_optional(struct device*, const char*, unsigned int, enum gpiod_flags)' Bug: 279090118 Change-Id: I1bb36d65f928fac53e0a3dbdc2c0559349d5fc42 Signed-off-by: Will McVicker --- android/abi_gki_aarch64.stg | 10 ++++++++++ android/abi_gki_aarch64_pixel | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 41f0eecb2f04..0dcb7d98a33a 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -334772,6 +334772,15 @@ elf_symbol { type_id: 0x5f3cfa16 full_name: "devm_gpiod_get_index" } +elf_symbol { + id: 0x241e9d4d + name: "devm_gpiod_get_index_optional" + is_defined: true + symbol_type: FUNCTION + crc: 0xf71fb74b + type_id: 0x5f3cfa16 + full_name: "devm_gpiod_get_index_optional" +} elf_symbol { id: 0xf6b9516e name: "devm_gpiod_get_optional" @@ -379092,6 +379101,7 @@ interface { symbol_id: 0x097ab520 symbol_id: 0xccb2ecff symbol_id: 0xd0f2d980 + symbol_id: 0x241e9d4d symbol_id: 0xf6b9516e symbol_id: 0xa2b20c15 symbol_id: 0x0ea63f59 diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index 73ea56df4c25..ec1294998154 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -369,15 +369,19 @@ devm_clk_put devm_device_add_group devm_device_add_groups + devm_device_remove_group __devm_drm_dev_alloc devm_drm_panel_bridge_add_typed devm_extcon_dev_allocate devm_extcon_dev_register devm_free_irq + devm_fwnode_gpiod_get_index + devm_fwnode_pwm_get devm_gen_pool_create devm_gpiochip_add_data_with_key devm_gpiod_get devm_gpiod_get_array + devm_gpiod_get_index_optional devm_gpiod_get_optional devm_gpiod_put_array devm_gpio_request @@ -396,6 +400,7 @@ devm_kmemdup devm_kstrdup devm_kstrdup_const + devm_led_classdev_register_ext devm_mfd_add_devices devm_nvmem_register __devm_of_phy_provider_register @@ -410,6 +415,7 @@ devm_platform_ioremap_resource devm_platform_ioremap_resource_byname devm_power_supply_register + devm_pwm_get devm_regmap_add_irq_chip __devm_regmap_init __devm_regmap_init_i2c @@ -962,6 +968,7 @@ int_to_scsilun iomem_resource iommu_alloc_resv_region + iommu_attach_device iommu_attach_device_pasid iommu_attach_group iommu_detach_device_pasid @@ -1124,6 +1131,7 @@ kvmalloc_node led_classdev_register_ext led_classdev_unregister + led_init_default_state_get __list_add_valid __list_del_entry_valid list_sort @@ -1505,6 +1513,7 @@ __put_task_struct put_unused_fd put_vaddr_frames + pwm_apply_state queue_delayed_work_on queue_work_on radix_tree_delete_item @@ -1607,6 +1616,7 @@ regulator_map_voltage_linear regulator_notifier_call_chain regulator_put + regulator_set_active_discharge_regmap regulator_set_voltage regulator_set_voltage_sel_regmap regulator_unregister @@ -1997,10 +2007,17 @@ __traceiter_device_pm_callback_end __traceiter_device_pm_callback_start __traceiter_gpu_mem_total + __traceiter_hrtimer_expire_entry + __traceiter_hrtimer_expire_exit + __traceiter_irq_handler_entry + __traceiter_irq_handler_exit __traceiter_mmap_lock_acquire_returned __traceiter_mmap_lock_released __traceiter_mmap_lock_start_locking + __traceiter_sched_switch __traceiter_suspend_resume + __traceiter_workqueue_execute_end + __traceiter_workqueue_execute_start trace_output_call __tracepoint_android_rvh_typec_tcpci_get_vbus __tracepoint_android_vh_cpu_idle_enter @@ -2025,12 +2042,19 @@ __tracepoint_device_pm_callback_end __tracepoint_device_pm_callback_start __tracepoint_gpu_mem_total + __tracepoint_hrtimer_expire_entry + __tracepoint_hrtimer_expire_exit + __tracepoint_irq_handler_entry + __tracepoint_irq_handler_exit __tracepoint_mmap_lock_acquire_returned __tracepoint_mmap_lock_released __tracepoint_mmap_lock_start_locking tracepoint_probe_register tracepoint_probe_unregister + __tracepoint_sched_switch __tracepoint_suspend_resume + __tracepoint_workqueue_execute_end + __tracepoint_workqueue_execute_start trace_print_array_seq trace_print_bitmask_seq trace_print_flags_seq From 6ca2ff04a1b85c0145c965ab8562cd8072b4f3f5 Mon Sep 17 00:00:00 2001 From: davidchao Date: Mon, 1 Feb 2021 16:46:13 +0800 Subject: [PATCH 05/21] ANDROID: thermal: Add vendor thermal genl check Add vendor enable_thermal_genl_check logic. Filter on-die tz genl event. To avoid thermal-hal being woken up all the time by thermal genl events, only the selected thermal_zone and cooling_device can send events from kernel. Bug: 170682696 Bug: 291846209 Test: boot and thermal-hal can receive thermal genl events from kernel Change-Id: Idb3f4b07a2a2740c01d8785910878bfe6edc832d Signed-off-by: davidchao Signed-off-by: Will McVicker --- drivers/android/vendor_hooks.c | 1 + drivers/thermal/thermal_netlink.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 482830505f1b..0a30c8cbe7bd 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -312,3 +312,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_madvise_cold_pageout_skip); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rmqueue_smallest_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_free_one_page_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_regmap_update); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_enable_thermal_genl_check); diff --git a/drivers/thermal/thermal_netlink.c b/drivers/thermal/thermal_netlink.c index e2d78a996b5f..468eaae5ca82 100644 --- a/drivers/thermal/thermal_netlink.c +++ b/drivers/thermal/thermal_netlink.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include "thermal_core.h" @@ -274,6 +275,11 @@ static int thermal_genl_send_event(enum thermal_genl_event event, struct sk_buff *msg; int ret = -EMSGSIZE; void *hdr; + int enable_thermal_genl = 1; + + trace_android_vh_enable_thermal_genl_check(event, p->tz_id, &enable_thermal_genl); + if (!enable_thermal_genl) + return 0; msg = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); if (!msg) From 3a8999c6830ef79a8d00301b633ae06899fc9b96 Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Wed, 19 Jul 2023 15:22:06 -0700 Subject: [PATCH 06/21] ANDROID: GKI: Update pixel symbol list for thermal Add the following symbol to allow vendor module to filter on-die tz genl event. This helps avoid thermal-hal being woken up all the time by thermal genl events, only the selected thermal_zone and cooling_device can send events from kernel. 1 function symbol(s) added 'int __traceiter_android_vh_enable_thermal_genl_check(void*, int, int, int*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_enable_thermal_genl_check' Bug: 291846209 Change-Id: I763595ff1366196c6a16ff57d608042743fbe9fd Signed-off-by: Will McVicker --- android/abi_gki_aarch64.stg | 28 ++++++++++++++++++++++++++++ android/abi_gki_aarch64_pixel | 2 ++ 2 files changed, 30 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 0dcb7d98a33a..2d8406a00dcd 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -301904,6 +301904,14 @@ function { parameter_id: 0x6720d32f parameter_id: 0x3c2755a3 } +function { + id: 0x9a2abc7b + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x6720d32f + parameter_id: 0x6720d32f + parameter_id: 0x13580d6c +} function { id: 0x9a2af11b return_type_id: 0x6720d32f @@ -321219,6 +321227,15 @@ elf_symbol { type_id: 0x9bdc9aae full_name: "__traceiter_android_vh_dup_task_struct" } +elf_symbol { + id: 0xdcaa59a3 + name: "__traceiter_android_vh_enable_thermal_genl_check" + is_defined: true + symbol_type: FUNCTION + crc: 0xc39a1e16 + type_id: 0x9a2abc7b + full_name: "__traceiter_android_vh_enable_thermal_genl_check" +} elf_symbol { id: 0x7ebac47a name: "__traceiter_android_vh_enable_thermal_power_throttle" @@ -324369,6 +324386,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_dup_task_struct" } +elf_symbol { + id: 0x54b2cd01 + name: "__tracepoint_android_vh_enable_thermal_genl_check" + is_defined: true + symbol_type: OBJECT + crc: 0x29cc54bf + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_enable_thermal_genl_check" +} elf_symbol { id: 0x188eab44 name: "__tracepoint_android_vh_enable_thermal_power_throttle" @@ -377594,6 +377620,7 @@ interface { symbol_id: 0x9dbd7b92 symbol_id: 0x42312ccc symbol_id: 0xf432d1c9 + symbol_id: 0xdcaa59a3 symbol_id: 0x7ebac47a symbol_id: 0xf586d5b6 symbol_id: 0x1f554c2a @@ -377944,6 +377971,7 @@ interface { symbol_id: 0xe2d7542c symbol_id: 0x988719fa symbol_id: 0x732a182b + symbol_id: 0x54b2cd01 symbol_id: 0x188eab44 symbol_id: 0xe7584e1c symbol_id: 0x0d418d38 diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index ec1294998154..dbd893b4d26b 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -1987,6 +1987,7 @@ __traceiter_android_rvh_typec_tcpci_get_vbus __traceiter_android_vh_cpu_idle_enter __traceiter_android_vh_cpu_idle_exit + __traceiter_android_vh_enable_thermal_genl_check __traceiter_android_vh_ipi_stop __traceiter_android_vh_scheduler_tick __traceiter_android_vh_sysrq_crash @@ -2022,6 +2023,7 @@ __tracepoint_android_rvh_typec_tcpci_get_vbus __tracepoint_android_vh_cpu_idle_enter __tracepoint_android_vh_cpu_idle_exit + __tracepoint_android_vh_enable_thermal_genl_check __tracepoint_android_vh_ipi_stop __tracepoint_android_vh_scheduler_tick __tracepoint_android_vh_sysrq_crash From f930b82d1651fbd9e00d0a96d56c4ba3555b7b41 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Tue, 18 Jul 2023 11:17:20 -0700 Subject: [PATCH 07/21] FROMLIST: fuse: revalidate: don't invalidate if interrupted If the LOOKUP request triggered from fuse_dentry_revalidate() is interrupted, then the dentry will be invalidated, possibly resulting in submounts being unmounted. Reported-by: Xu Rongbo Fixes: 9e6268db496a ("[PATCH] FUSE - read-write operations") Cc: Signed-off-by: Miklos Szeredi Bug: 282905757 Link: https://lore.kernel.org/all/CAJfpegswN_CJJ6C3RZiaK6rpFmNyWmXfaEpnQUJ42KCwNF5tWw@mail.gmail.com/ Signed-off-by: Paul Lawrence (cherry picked from https://android-review.googlesource.com/q/commit:ae5b9259d42efa1bbd42d807fd3b3a991ddb51be) Merged-In: I8c62f5aeeb450de78c6a38a6f8728c900a0fc9bd Change-Id: I8c62f5aeeb450de78c6a38a6f8728c900a0fc9bd --- fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 933e4a727505..076a0bddef8f 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -321,7 +321,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags) spin_unlock(&fi->lock); } kfree(forget); - if (ret == -ENOMEM) + if (ret == -ENOMEM || ret == -EINTR) goto out; if (ret || fuse_invalid_attr(&outarg.attr) || fuse_stale_inode(inode, outarg.generation, &outarg.attr)) From 7dd60ce8046d1e791519c4128eff3018e3507ec6 Mon Sep 17 00:00:00 2001 From: lijun14 Date: Tue, 18 Jul 2023 20:09:31 +0800 Subject: [PATCH 08/21] ANDROID: vendor_hooks: add vendor hook to support SAGT Add vendor hook of android_rvh_before_do_sched_yield Bug: 291726037 Change-Id: I1f2d65739a297812f279b83085e3680e40d4cb6e Signed-off-by: lijun14 --- include/trace/hooks/sched.h | 4 ++++ kernel/sched/core.c | 5 +++++ kernel/sched/vendor_hooks.c | 1 + 3 files changed, 10 insertions(+) diff --git a/include/trace/hooks/sched.h b/include/trace/hooks/sched.h index 7b5ab104d7fe..811f07f7be61 100644 --- a/include/trace/hooks/sched.h +++ b/include/trace/hooks/sched.h @@ -255,6 +255,10 @@ DECLARE_RESTRICTED_HOOK(android_rvh_do_sched_yield, TP_PROTO(struct rq *rq), TP_ARGS(rq), 1); +DECLARE_RESTRICTED_HOOK(android_rvh_before_do_sched_yield, + TP_PROTO(long *unused), + TP_ARGS(unused), 1); + DECLARE_HOOK(android_vh_free_task, TP_PROTO(struct task_struct *p), TP_ARGS(p)); diff --git a/kernel/sched/core.c b/kernel/sched/core.c index c9d59630444a..53faabdb3950 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -8446,6 +8446,11 @@ static void do_sched_yield(void) { struct rq_flags rf; struct rq *rq; + long skip = 0; + + trace_android_rvh_before_do_sched_yield(&skip); + if (skip) + return; rq = this_rq_lock_irq(&rf); diff --git a/kernel/sched/vendor_hooks.c b/kernel/sched/vendor_hooks.c index e1e2601fd84f..d8d945fc20e3 100644 --- a/kernel/sched/vendor_hooks.c +++ b/kernel/sched/vendor_hooks.c @@ -75,6 +75,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_is_cpu_allowed); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_get_nohz_timer_target); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_sched_getaffinity); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_do_sched_yield); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_before_do_sched_yield); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_sched_fork_init); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_ttwu_cond); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_schedule_bug); From 25a11995fb3795bb2b4a559216a4336952ff7f4d Mon Sep 17 00:00:00 2001 From: lijun14 Date: Tue, 18 Jul 2023 20:02:25 +0800 Subject: [PATCH 09/21] ANDROID: GKI: add ABI symbol for xiaomi abi symbol(s) added : __traceiter_android_rvh_before_do_sched_yield __tracepoint_android_rvh_before_do_sched_yield Bug: 291726037 Change-Id: I16278b0ca8eac03976543e27f21d82c3cec92af8 Signed-off-by: lijun14 --- android/abi_gki_aarch64.stg | 26 ++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 4 ++++ 2 files changed, 30 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 2d8406a00dcd..2f172f835e4e 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -304498,6 +304498,12 @@ function { parameter_id: 0x2e029f76 parameter_id: 0x13580d6c } +function { + id: 0x9b79f498 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x3593bec8 +} function { id: 0x9b79f513 return_type_id: 0x6720d32f @@ -319751,6 +319757,15 @@ elf_symbol { type_id: 0x9b2ba01c full_name: "__traceiter_android_rvh_audio_usb_offload_disconnect" } +elf_symbol { + id: 0x144db0a1 + name: "__traceiter_android_rvh_before_do_sched_yield" + is_defined: true + symbol_type: FUNCTION + crc: 0xce266c8e + type_id: 0x9b79f498 + full_name: "__traceiter_android_rvh_before_do_sched_yield" +} elf_symbol { id: 0x192bbbd5 name: "__traceiter_android_rvh_build_perf_domains" @@ -322910,6 +322925,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_rvh_audio_usb_offload_disconnect" } +elf_symbol { + id: 0xd7757253 + name: "__tracepoint_android_rvh_before_do_sched_yield" + is_defined: true + symbol_type: OBJECT + crc: 0x94abc138 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_rvh_before_do_sched_yield" +} elf_symbol { id: 0x1e8a7e23 name: "__tracepoint_android_rvh_build_perf_domains" @@ -377456,6 +377480,7 @@ interface { symbol_id: 0xb3d70eab symbol_id: 0x0b48afa1 symbol_id: 0x48420da9 + symbol_id: 0x144db0a1 symbol_id: 0x192bbbd5 symbol_id: 0xadc13d20 symbol_id: 0xc93c7d6d @@ -377807,6 +377832,7 @@ interface { symbol_id: 0xcd36f539 symbol_id: 0x748c1fd7 symbol_id: 0xaf461bff + symbol_id: 0xd7757253 symbol_id: 0x1e8a7e23 symbol_id: 0xfe3875f6 symbol_id: 0x60b5a917 diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index b0e34e78b178..8209fb5955f2 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -306,3 +306,7 @@ __tracepoint_android_vh_rmqueue_smallest_bypass __traceiter_android_vh_free_one_page_bypass __tracepoint_android_vh_free_one_page_bypass + +# required by SAGT module + __traceiter_android_rvh_before_do_sched_yield + __tracepoint_android_rvh_before_do_sched_yield From d51e21b3941585c584f81edad7cd9818f6f86d5f Mon Sep 17 00:00:00 2001 From: John Scheible Date: Thu, 20 Jul 2023 12:24:34 -0700 Subject: [PATCH 10/21] ANDROID: ABI: Update pixel symbol list 1 function symbol(s) added 'void iommu_detach_device(struct iommu_domain *, struct device *)' Bug: 292121811 Change-Id: I7087f815af2a57d538484c66e0a4ab97e137c586 Signed-off-by: John Scheible --- android/abi_gki_aarch64_pixel | 1 + 1 file changed, 1 insertion(+) diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index dbd893b4d26b..b50236e61182 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -971,6 +971,7 @@ iommu_attach_device iommu_attach_device_pasid iommu_attach_group + iommu_detach_device iommu_detach_device_pasid iommu_device_register iommu_device_sysfs_add From 701f85c2a19d776f84469d34b4ade2ff95f34612 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Thu, 20 Jul 2023 08:49:13 +0800 Subject: [PATCH 11/21] ANDROID: abi_gki_aarch64_qcom: Update QCOM symbol list Update QCOM symbol list for walt vendor hook. Symbols added: __traceiter_android_rvh_before_do_sched_yield __tracepoint_android_rvh_before_do_sched_yield Bug: 291683326 Signed-off-by: Lu Wang Change-Id: I3fe2fb40f3da4ff6079e64d7badb4e9e63ee6248 --- android/abi_gki_aarch64_qcom | 2 ++ 1 file changed, 2 insertions(+) diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index df8f0db3cc5c..ec0a9c3f3bb3 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -3262,6 +3262,7 @@ __traceiter_android_rvh_after_dequeue_task __traceiter_android_rvh_after_enqueue_task __traceiter_android_rvh_audio_usb_offload_disconnect + __traceiter_android_rvh_before_do_sched_yield __traceiter_android_rvh_build_perf_domains __traceiter_android_rvh_can_migrate_task __traceiter_android_rvh_check_preempt_tick @@ -3405,6 +3406,7 @@ __tracepoint_android_rvh_after_dequeue_task __tracepoint_android_rvh_after_enqueue_task __tracepoint_android_rvh_audio_usb_offload_disconnect + __tracepoint_android_rvh_before_do_sched_yield __tracepoint_android_rvh_build_perf_domains __tracepoint_android_rvh_can_migrate_task __tracepoint_android_rvh_check_preempt_tick From 8bb470d6377f77b1b47ea1b130cee8a30755cfa8 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 12 May 2023 16:18:00 +0100 Subject: [PATCH 12/21] UPSTREAM: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() [ Upstream commit b8c75e4a1b325ea0a9433fa8834be97b5836b946 ] Using a semaphore in the wait_event*() condition is no good idea. It hits a kernel WARN_ON() at prepare_to_wait_event() like: do not call blocking ops when !TASK_RUNNING; state=1 set at prepare_to_wait_event+0x6d/0x690 For avoiding the potential deadlock, rewrite to an open-coded loop instead. Unlike the loop in wait_event*(), this uses wait_woken() after the condition check, hence the task state stays consistent. CVE-2023-31084 was assigned to this bug. Link: https://lore.kernel.org/r/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/ Bug: 290204413 Link: https://lore.kernel.org/linux-media/20230512151800.1874-1-tiwai@suse.de Reported-by: Yu Hao Closes: https://nvd.nist.gov/vuln/detail/CVE-2023-31084 Signed-off-by: Takashi Iwai Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin (cherry picked from commit d0088ea444e676a0c75551efe183bee4a3d2cfc8) Signed-off-by: Lee Jones Change-Id: Id7cefa46b7d4189a0311e7e763b1c9be7ba9bdbd --- drivers/media/dvb-core/dvb_frontend.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c index c41a7e5c2b92..fce0e2094078 100644 --- a/drivers/media/dvb-core/dvb_frontend.c +++ b/drivers/media/dvb-core/dvb_frontend.c @@ -293,14 +293,22 @@ static int dvb_frontend_get_event(struct dvb_frontend *fe, } if (events->eventw == events->eventr) { - int ret; + struct wait_queue_entry wait; + int ret = 0; if (flags & O_NONBLOCK) return -EWOULDBLOCK; - ret = wait_event_interruptible(events->wait_queue, - dvb_frontend_test_event(fepriv, events)); - + init_waitqueue_entry(&wait, current); + add_wait_queue(&events->wait_queue, &wait); + while (!dvb_frontend_test_event(fepriv, events)) { + wait_woken(&wait, TASK_INTERRUPTIBLE, 0); + if (signal_pending(current)) { + ret = -ERESTARTSYS; + break; + } + } + remove_wait_queue(&events->wait_queue, &wait); if (ret < 0) return ret; } From ca372ba9e750c31045f366e262db01ef8663c7aa Mon Sep 17 00:00:00 2001 From: lambert wang Date: Fri, 21 Jul 2023 08:24:24 +0800 Subject: [PATCH 13/21] ANDROID: GKI: Update mtk ABI symbol list 6 function symbol(s) added 'struct device* device_find_child_by_name(struct device*, const char*)' 'void pci_free_irq(struct pci_dev*, unsigned int, void*)' 'int pci_request_irq(struct pci_dev*, unsigned int, irq_handler_t, irq_handler_t, void*, const char*, ...)' 'int pm_schedule_suspend(struct device*, unsigned int)' 'int rtnl_configure_link(struct net_device*, const struct ifinfomsg*)' 'struct net_device* rtnl_create_link(struct net*, const char*, unsigned char, const struct rtnl_link_ops*, struct nlattr**, struct netlink_ext_ack*)' in which: * device_find_child_by_name/rtnl_configure_link/rtnl_create_link are needed by wwan.ko. Bug: 291865296 Change-Id: I38b8a69313667318944387e1a19287b9c01cafee Signed-off-by: zhaoping shu Signed-off-by: xiayu zhang Signed-off-by: ivan yang Signed-off-by: lambert wang --- android/abi_gki_aarch64.stg | 153 ++++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_mtk | 24 ++++++ 2 files changed, 177 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 2f172f835e4e..291c26e645b8 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -27431,6 +27431,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xd06de2a9 } +pointer_reference { + id: 0x3e8d7c9a + kind: POINTER + pointee_type_id: 0xd07514f5 +} pointer_reference { id: 0x3e8e572f kind: POINTER @@ -30856,6 +30861,11 @@ qualified { qualifier: CONST qualified_type_id: 0x30a49fb4 } +qualified { + id: 0xd07514f5 + qualifier: CONST + qualified_type_id: 0x3193e55d +} qualified { id: 0xd08a0c68 qualifier: CONST @@ -39256,6 +39266,12 @@ member { name: "__i_nlink" type_id: 0x4585663f } +member { + id: 0xed0c7bc2 + name: "__ifi_pad" + type_id: 0x5d8155a5 + offset: 8 +} member { id: 0x1d90045d name: "__iter_idx" @@ -100711,6 +100727,35 @@ member { type_id: 0x0fa767da offset: 448 } +member { + id: 0x49aaa6b3 + name: "ifi_change" + type_id: 0x4585663f + offset: 96 +} +member { + id: 0xccfc5cc3 + name: "ifi_family" + type_id: 0x5d8155a5 +} +member { + id: 0xe5765ac4 + name: "ifi_flags" + type_id: 0x4585663f + offset: 64 +} +member { + id: 0x95c94564 + name: "ifi_index" + type_id: 0x6720d32f + offset: 32 +} +member { + id: 0x58fe8d2e + name: "ifi_type" + type_id: 0xc93e017b + offset: 16 +} member { id: 0x9056806a name: "ifindex" @@ -224281,6 +224326,20 @@ struct_union { member_id: 0x95dac005 } } +struct_union { + id: 0x3193e55d + kind: STRUCT + name: "ifinfomsg" + definition { + bytesize: 16 + member_id: 0xccfc5cc3 + member_id: 0xed0c7bc2 + member_id: 0x58fe8d2e + member_id: 0x95c94564 + member_id: 0xe5765ac4 + member_id: 0x49aaa6b3 + } +} struct_union { id: 0x41f1df67 kind: STRUCT @@ -280106,6 +280165,13 @@ function { return_type_id: 0x48b5725f parameter_id: 0x15a30023 } +function { + id: 0x15f1cac1 + return_type_id: 0x48b5725f + parameter_id: 0x11e6864c + parameter_id: 0x4585663f + parameter_id: 0x18bd6530 +} function { id: 0x15f330e3 return_type_id: 0x48b5725f @@ -294238,6 +294304,12 @@ function { parameter_id: 0x32a623d7 parameter_id: 0x3e10b518 } +function { + id: 0x91d35e28 + return_type_id: 0x6720d32f + parameter_id: 0x32a623d7 + parameter_id: 0x3e8d7c9a +} function { id: 0x91d5541c return_type_id: 0x6720d32f @@ -300498,6 +300570,17 @@ function { return_type_id: 0x6720d32f parameter_id: 0x156a41de } +function { + id: 0x98da7fb1 + return_type_id: 0x6720d32f + parameter_id: 0x11e6864c + parameter_id: 0x4585663f + parameter_id: 0xd92b1d75 + parameter_id: 0xd92b1d75 + parameter_id: 0x18bd6530 + parameter_id: 0x3e10b518 + parameter_id: 0xa52a0930 +} function { id: 0x98de7695 return_type_id: 0x6720d32f @@ -316675,6 +316758,16 @@ function { return_type_id: 0x6d7f5ff6 parameter_id: 0x040d1b01 } +function { + id: 0xffb4ff33 + return_type_id: 0x32a623d7 + parameter_id: 0x0ca27481 + parameter_id: 0x3e10b518 + parameter_id: 0x5d8155a5 + parameter_id: 0x337b7b81 + parameter_id: 0x0277bf8a + parameter_id: 0x07dcdbe1 +} function { id: 0xffbaa126 return_type_id: 0x32a623d7 @@ -334048,6 +334141,15 @@ elf_symbol { type_id: 0xadd088bd full_name: "device_find_child" } +elf_symbol { + id: 0x01805ccc + name: "device_find_child_by_name" + is_defined: true + symbol_type: FUNCTION + crc: 0xfe92284a + type_id: 0xad414cb1 + full_name: "device_find_child_by_name" +} elf_symbol { id: 0xd81e7ab3 name: "device_for_each_child" @@ -355516,6 +355618,15 @@ elf_symbol { type_id: 0x578fa618 full_name: "pci_find_next_capability" } +elf_symbol { + id: 0x08190210 + name: "pci_free_irq" + is_defined: true + symbol_type: FUNCTION + crc: 0xdaf171ab + type_id: 0x15f1cac1 + full_name: "pci_free_irq" +} elf_symbol { id: 0x8ffabaa9 name: "pci_free_irq_vectors" @@ -355813,6 +355924,15 @@ elf_symbol { type_id: 0x185a3adc full_name: "pci_remove_root_bus" } +elf_symbol { + id: 0xf6896e34 + name: "pci_request_irq" + is_defined: true + symbol_type: FUNCTION + crc: 0x17161b4b + type_id: 0x98da7fb1 + full_name: "pci_request_irq" +} elf_symbol { id: 0x324ff23b name: "pci_request_region" @@ -358108,6 +358228,15 @@ elf_symbol { type_id: 0x1192ec84 full_name: "pm_runtime_set_autosuspend_delay" } +elf_symbol { + id: 0xe263dcb4 + name: "pm_schedule_suspend" + is_defined: true + symbol_type: FUNCTION + crc: 0xe5c44150 + type_id: 0x9c00c8ec + full_name: "pm_schedule_suspend" +} elf_symbol { id: 0x59caaeac name: "pm_stay_awake" @@ -362014,6 +362143,24 @@ elf_symbol { type_id: 0x90657259 full_name: "rtc_valid_tm" } +elf_symbol { + id: 0x19b7aeab + name: "rtnl_configure_link" + is_defined: true + symbol_type: FUNCTION + crc: 0x85c289df + type_id: 0x91d35e28 + full_name: "rtnl_configure_link" +} +elf_symbol { + id: 0xfccc22f4 + name: "rtnl_create_link" + is_defined: true + symbol_type: FUNCTION + crc: 0x817f3567 + type_id: 0xffb4ff33 + full_name: "rtnl_create_link" +} elf_symbol { id: 0x50b92bc4 name: "rtnl_is_locked" @@ -379069,6 +379216,7 @@ interface { symbol_id: 0xe85fa1f1 symbol_id: 0xe6df6df5 symbol_id: 0x0b165427 + symbol_id: 0x01805ccc symbol_id: 0xd81e7ab3 symbol_id: 0x3b013a69 symbol_id: 0x0576df29 @@ -381452,6 +381600,7 @@ interface { symbol_id: 0x27f20808 symbol_id: 0x63876663 symbol_id: 0xdea420f5 + symbol_id: 0x08190210 symbol_id: 0x8ffabaa9 symbol_id: 0x50bce06e symbol_id: 0x133a7a3e @@ -381485,6 +381634,7 @@ interface { symbol_id: 0x5b0002a1 symbol_id: 0x2c8694e0 symbol_id: 0xa21a61f0 + symbol_id: 0xf6896e34 symbol_id: 0x324ff23b symbol_id: 0xde0961b5 symbol_id: 0x93ed1ac4 @@ -381740,6 +381890,7 @@ interface { symbol_id: 0x878b97bb symbol_id: 0x1f3f17bd symbol_id: 0x53f4166f + symbol_id: 0xe263dcb4 symbol_id: 0x59caaeac symbol_id: 0x64f92138 symbol_id: 0x2e13b831 @@ -382174,6 +382325,8 @@ interface { symbol_id: 0xa4ad8391 symbol_id: 0x5c1197ba symbol_id: 0x22e1072c + symbol_id: 0x19b7aeab + symbol_id: 0xfccc22f4 symbol_id: 0x50b92bc4 symbol_id: 0x8c0dd14a symbol_id: 0x3480e8df diff --git a/android/abi_gki_aarch64_mtk b/android/abi_gki_aarch64_mtk index e3872c033f45..9a933b3f74c6 100644 --- a/android/abi_gki_aarch64_mtk +++ b/android/abi_gki_aarch64_mtk @@ -395,6 +395,7 @@ device_del device_destroy device_find_child + device_find_child_by_name device_for_each_child device_get_child_node_count device_get_match_data @@ -1200,6 +1201,7 @@ ip_send_check __ipv6_addr_type ipv6_dev_find + ipv6_ext_hdr ipv6_skip_exthdr ipv6_stub __irq_apply_affinity_hint @@ -1337,10 +1339,14 @@ kthread_flush_work kthread_flush_worker __kthread_init_worker + kthread_park + kthread_parkme kthread_queue_delayed_work kthread_queue_work + kthread_should_park kthread_should_stop kthread_stop + kthread_unpark kthread_worker_fn ktime_get ktime_get_coarse_with_offset @@ -1692,6 +1698,7 @@ out_of_line_wait_on_bit_timeout overflowuid page_endio + page_frag_free page_pinner_inited __page_pinner_put_page page_pool_alloc_pages @@ -1715,6 +1722,7 @@ param_ops_uint param_ops_ullong param_ops_ulong + param_ops_ushort param_set_bool param_set_charp param_set_uint @@ -1722,18 +1730,25 @@ pci_alloc_irq_vectors_affinity pci_ats_supported pci_bus_type + pci_clear_master pci_device_group + pci_device_is_present pci_dev_put pci_disable_ats pci_disable_device + pcie_capability_clear_and_set_word + pcie_capability_read_word pci_enable_ats pci_find_ext_capability + pci_free_irq pci_free_irq_vectors pci_generic_config_read32 pci_generic_config_write32 pci_get_slot pci_host_probe pci_irq_vector + pci_load_and_free_saved_state + pci_load_saved_state pci_lock_rescan_remove pcim_enable_device pcim_iomap_regions @@ -1747,10 +1762,12 @@ pci_read_config_word __pci_register_driver pci_remove_root_bus + pci_request_irq pci_restore_state pci_save_state pci_set_master pci_stop_root_bus + pci_store_saved_state pci_unlock_rescan_remove pci_unregister_driver pci_write_config_dword @@ -1869,6 +1886,7 @@ __pm_runtime_set_status __pm_runtime_suspend __pm_runtime_use_autosuspend + pm_schedule_suspend __pm_stay_awake pm_stay_awake pm_suspend_default_s2idle @@ -1933,9 +1951,11 @@ queue_delayed_work_on queue_work_on radix_tree_delete + radix_tree_gang_lookup radix_tree_insert radix_tree_lookup radix_tree_maybe_preload + radix_tree_next_chunk radix_tree_tagged ___ratelimit raw_notifier_call_chain @@ -2123,6 +2143,8 @@ rtc_tm_to_time64 rtc_update_irq rtc_valid_tm + rtnl_configure_link + rtnl_create_link rtnl_is_locked rtnl_link_register rtnl_link_unregister @@ -2526,6 +2548,7 @@ timecounter_init timecounter_read timer_of_init + timer_reduce timer_unstable_counter_workaround topology_clear_scale_freq_source topology_update_thermal_pressure @@ -2733,6 +2756,7 @@ __tracepoint_task_newtask trace_print_array_seq trace_print_flags_seq + trace_print_hex_seq trace_print_symbols_seq __trace_puts trace_raw_output_prep From 13e8071ce0cf668209c94953c0148cf8f7d41d2a Mon Sep 17 00:00:00 2001 From: Xiaopeng Bai Date: Thu, 20 Jul 2023 17:15:11 +0800 Subject: [PATCH 14/21] ANDROID: update symbol list for unisoc regmap vendor hook 1 function symbol(s) added 'int __traceiter_android_vh_regmap_update(void*, const struct regmap_config*, struct regmap*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_regmap_update' Bug: 232965613 Change-Id: I9b184315493eacc433b85cd36c3d1c34992b188b Signed-off-by: Xiaopeng Bai --- android/abi_gki_aarch64.stg | 27 +++++++++++++++++++++++++++ android/abi_gki_aarch64_unisoc | 2 ++ 2 files changed, 29 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 291c26e645b8..24f524b3e4c2 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -304086,6 +304086,13 @@ function { parameter_id: 0x188b9e81 parameter_id: 0x3ea31487 } +function { + id: 0x9b5a0fe0 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x3df7e337 + parameter_id: 0x09a83f1c +} function { id: 0x9b5aa874 return_type_id: 0x6720d32f @@ -321965,6 +321972,15 @@ elf_symbol { type_id: 0x9bd7019d full_name: "__traceiter_android_vh_record_rwsem_lock_starttime" } +elf_symbol { + id: 0xe2d75052 + name: "__traceiter_android_vh_regmap_update" + is_defined: true + symbol_type: FUNCTION + crc: 0x70e6bb0c + type_id: 0x9b5a0fe0 + full_name: "__traceiter_android_vh_regmap_update" +} elf_symbol { id: 0x8d62858f name: "__traceiter_android_vh_rmqueue_smallest_bypass" @@ -325133,6 +325149,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_record_rwsem_lock_starttime" } +elf_symbol { + id: 0x13b2fb38 + name: "__tracepoint_android_vh_regmap_update" + is_defined: true + symbol_type: OBJECT + crc: 0xcf37e88a + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_regmap_update" +} elf_symbol { id: 0x04365139 name: "__tracepoint_android_vh_rmqueue_smallest_bypass" @@ -377862,6 +377887,7 @@ interface { symbol_id: 0x0fa39b81 symbol_id: 0x92518ec5 symbol_id: 0x9792c22e + symbol_id: 0xe2d75052 symbol_id: 0x8d62858f symbol_id: 0xcef5d79f symbol_id: 0x91384eff @@ -378214,6 +378240,7 @@ interface { symbol_id: 0xef7ad117 symbol_id: 0x4568ff8f symbol_id: 0xe918e2ec + symbol_id: 0x13b2fb38 symbol_id: 0x04365139 symbol_id: 0xd94bc301 symbol_id: 0x3fc5ffc9 diff --git a/android/abi_gki_aarch64_unisoc b/android/abi_gki_aarch64_unisoc index bb8ad74d357d..867436314590 100644 --- a/android/abi_gki_aarch64_unisoc +++ b/android/abi_gki_aarch64_unisoc @@ -714,6 +714,7 @@ __traceiter_android_vh_get_thermal_zone_device __traceiter_android_vh_modify_thermal_request_freq __traceiter_android_vh_modify_thermal_target_freq + __traceiter_android_vh_regmap_update __traceiter_android_vh_scheduler_tick __traceiter_android_vh_thermal_power_cap __traceiter_android_vh_thermal_register @@ -792,6 +793,7 @@ __tracepoint_android_vh_get_thermal_zone_device __tracepoint_android_vh_modify_thermal_request_freq __tracepoint_android_vh_modify_thermal_target_freq + __tracepoint_android_vh_regmap_update __tracepoint_android_vh_scheduler_tick __tracepoint_android_vh_thermal_power_cap __tracepoint_android_vh_thermal_register From 7ed895f6b7924f1afebe4bf78f66342e694f8f6e Mon Sep 17 00:00:00 2001 From: Ramji Jiyani Date: Sun, 23 Jul 2023 08:28:40 +0000 Subject: [PATCH 15/21] ANDROID: GKI: Add Android ABI padding to wwan_ops Try to mitigate potential future api changes by adding a padding to struct wwan_ops. Fixes: 214e6f268b6a ("ANDROID: GKI: Add WWAN as GKI protected module") Bug: 287170531 Test: bazel run //common:kernel_aarch64_dist & TH Change-Id: I0a6f8a801503228af11dc227ce703b886a74f288 Signed-off-by: Ramji Jiyani --- include/linux/wwan.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/wwan.h b/include/linux/wwan.h index 5ce2acf444fb..7c2d5db089a1 100644 --- a/include/linux/wwan.h +++ b/include/linux/wwan.h @@ -7,6 +7,7 @@ #include #include #include +#include /** * enum wwan_port_type - WWAN port types @@ -165,6 +166,9 @@ struct wwan_ops { u32 if_id, struct netlink_ext_ack *extack); void (*dellink)(void *ctxt, struct net_device *dev, struct list_head *head); + + ANDROID_KABI_RESERVE(1); + ANDROID_KABI_RESERVE(2); }; int wwan_register_ops(struct device *parent, const struct wwan_ops *ops, From dd567c60ff3525ce38d45b0f2c612c82a010a114 Mon Sep 17 00:00:00 2001 From: Ramji Jiyani Date: Mon, 24 Jul 2023 07:15:49 +0000 Subject: [PATCH 16/21] ANDROID: GKI: Add Android ABI padding to wwan_port_ops Try to mitigate potential future api changes by adding a padding to struct wwan_port_ops. Fixes: 214e6f268b6a ("ANDROID: GKI: Add WWAN as GKI protected module") Bug: 287170531 Test: bazel run //common:kernel_aarch64_dist & TH Change-Id: I5589d9739ee547a3eb66ded432284691cf962023 Signed-off-by: Ramji Jiyani --- include/linux/wwan.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/wwan.h b/include/linux/wwan.h index 7c2d5db089a1..e3ea3c12c588 100644 --- a/include/linux/wwan.h +++ b/include/linux/wwan.h @@ -61,6 +61,9 @@ struct wwan_port_ops { int (*tx_blocking)(struct wwan_port *port, struct sk_buff *skb); __poll_t (*tx_poll)(struct wwan_port *port, struct file *filp, poll_table *wait); + + ANDROID_KABI_RESERVE(1); + ANDROID_KABI_RESERVE(2); }; /** From 15a4b0d726c4ccd7c8b09cb97a54e4bce59c7f1d Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Thu, 20 Jul 2023 16:50:01 -0700 Subject: [PATCH 17/21] ANDROID: set kmi_symbol_list_add_only for Kleaf builds. On KMI frozen branches, symbols may no longer be removed from KMI symbol lists. This change sets kmi_symbol_list_add_only=true for Kleaf builds. Test: Treehugger Bug: 292106238 Change-Id: I74cf98ebad2705b92468c996e9b3b472447e8203 Signed-off-by: Yifan Hong --- BUILD.bazel | 2 ++ 1 file changed, 2 insertions(+) diff --git a/BUILD.bazel b/BUILD.bazel index b148c002b107..2a95ec15d4d2 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -76,6 +76,7 @@ define_common_kernels(target_configs = { "kmi_symbol_list_strict_mode": True, "module_implicit_outs": COMMON_GKI_MODULES_LIST, "kmi_symbol_list": "android/abi_gki_aarch64", + "kmi_symbol_list_add_only": True, "additional_kmi_symbol_lists": [":aarch64_additional_kmi_symbol_lists"], "protected_exports_list": "android/abi_gki_protected_exports_aarch64", "protected_modules_list": "android/gki_aarch64_protected_modules", @@ -90,6 +91,7 @@ define_common_kernels(target_configs = { "kmi_symbol_list_strict_mode": False, "module_implicit_outs": COMMON_GKI_MODULES_LIST, "kmi_symbol_list": "android/abi_gki_aarch64", + "kmi_symbol_list_add_only": True, "additional_kmi_symbol_lists": [":aarch64_additional_kmi_symbol_lists"], "protected_exports_list": "android/abi_gki_protected_exports_aarch64", "protected_modules_list": "android/gki_aarch64_protected_modules", From 0abc74db1acf858c4baeeb648335ba2f3b8a231b Mon Sep 17 00:00:00 2001 From: Ramji Jiyani Date: Thu, 20 Jul 2023 18:15:27 -0700 Subject: [PATCH 18/21] ANDROID: GKI: Move GKI module headers to generated includes Change build time generated GKI module headers location From :- kernel/module/gki_module_*.h To :- include/generated/gki_module_*.h This prevents the kernel source from being contaminated. By placing the header files in a generated directory, the default filters that ignore certain files will work without any special handling required. Bug: 286529877 Test: Manual verification & TH Change-Id: Ie247d1c132ddae54906de2e2850e95d7ae9edd50 Signed-off-by: Ramji Jiyani (cherry picked from commit e9cba885543fc50a5b59ff7234d02b74a380573c) --- kernel/module/Makefile | 8 ++++---- kernel/module/gki_module.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/module/Makefile b/kernel/module/Makefile index a23e93c6ef10..458cb6e44e85 100644 --- a/kernel/module/Makefile +++ b/kernel/module/Makefile @@ -25,12 +25,12 @@ obj-$(CONFIG_MODULE_UNLOAD_TAINT_TRACKING) += tracking.o # ANDROID: GKI: Generate headerfiles required for gki_module.o # # Dependencies on generated files need to be listed explicitly -$(obj)/gki_module.o: $(obj)/gki_module_protected_exports.h \ - $(obj)/gki_module_unprotected.h +$(obj)/gki_module.o: include/generated/gki_module_protected_exports.h \ + include/generated/gki_module_unprotected.h ALL_KMI_SYMBOLS := all_kmi_symbols -$(obj)/gki_module_unprotected.h: $(ALL_KMI_SYMBOLS) \ +include/generated/gki_module_unprotected.h: $(ALL_KMI_SYMBOLS) \ $(srctree)/scripts/gen_gki_modules_headers.sh $(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \ "$(srctree)" \ @@ -48,7 +48,7 @@ else ABI_PROTECTED_EXPORTS_FILE := $(wildcard $(srctree)/android/abi_gki_protected_exports_$(ARCH)) endif -$(obj)/gki_module_protected_exports.h: $(ABI_PROTECTED_EXPORTS_FILE) \ +include/generated/gki_module_protected_exports.h: $(ABI_PROTECTED_EXPORTS_FILE) \ $(srctree)/scripts/gen_gki_modules_headers.sh $(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \ "$(srctree)" \ diff --git a/kernel/module/gki_module.c b/kernel/module/gki_module.c index 4f124f9a14ec..65a2883b539e 100644 --- a/kernel/module/gki_module.c +++ b/kernel/module/gki_module.c @@ -16,8 +16,8 @@ * gki_module_protected_exports.h -- Symbols protected from _export_ by unsigned modules * gki_module_unprotected.h -- Symbols allowed to _access_ by unsigned modules */ -#include "gki_module_protected_exports.h" -#include "gki_module_unprotected.h" +#include +#include #define MAX_STRCMP_LEN (max(MAX_UNPROTECTED_NAME_LEN, MAX_PROTECTED_EXPORTS_NAME_LEN)) From 17a080d04ef4475fc1cbac904aac942ee808dbb3 Mon Sep 17 00:00:00 2001 From: Samuel Gosselin Date: Sat, 22 Jul 2023 20:05:10 +0000 Subject: [PATCH 19/21] ANDROID: ABI: Update pixel symbol list 1 function symbol(s) added 'int extcon_set_property_sync(struct extcon_dev *, unsigned int, unsigned int, union extcon_property_value)' Bug: 289529571 Change-Id: I93a0a0e10540147fa2f626c6b1e8aa62800f58cb Signed-off-by: Samuel Gosselin --- android/abi_gki_aarch64.stg | 10 ++++++++++ android/abi_gki_aarch64_pixel | 1 + 2 files changed, 11 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 24f524b3e4c2..6922b6bf54ba 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -341753,6 +341753,15 @@ elf_symbol { type_id: 0x98851295 full_name: "extcon_set_property_capability" } +elf_symbol { + id: 0xb1dfbb02 + name: "extcon_set_property_sync" + is_defined: true + symbol_type: FUNCTION + crc: 0x710595c3 + type_id: 0x98850898 + full_name: "extcon_set_property_sync" +} elf_symbol { id: 0xacc42253 name: "extcon_set_state" @@ -380084,6 +380093,7 @@ interface { symbol_id: 0x3f648037 symbol_id: 0xc75616d8 symbol_id: 0x467358e5 + symbol_id: 0xb1dfbb02 symbol_id: 0xacc42253 symbol_id: 0x0a446897 symbol_id: 0xb107d2cd diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index b50236e61182..4ae71b6faf29 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -748,6 +748,7 @@ extcon_register_notifier extcon_set_property extcon_set_property_capability + extcon_set_property_sync extcon_set_state_sync extcon_unregister_notifier fasync_helper From 6eb48b89a513f80885fee2bffda0780aba392b23 Mon Sep 17 00:00:00 2001 From: kamasali Satyanarayan Date: Wed, 19 Jul 2023 14:57:13 +0530 Subject: [PATCH 20/21] ANDROID: GKI: Update abi_gki_aarch64_qcom Update abi_gki_aarch64_qcom with symbols needed for GCM_AES feature. Leaf changes summary: 3 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 2 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variables 2 Added functions: [A] 'function void crypto_inc(u8*, unsigned int)' [A] 'function void gf128mul_lle(be128*, const be128*)' 1 Added function symbol not referenced by debug info: [A] copy_page Bug: 279879797 Change-Id: I4b735b3517a4cd41c94731577a2b5ba6febaceed Signed-off-by: kamasali Satyanarayan --- android/abi_gki_aarch64.stg | 80 ++++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_qcom | 3 ++ 2 files changed, 83 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 6922b6bf54ba..44579ad07a54 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -12896,6 +12896,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x83286178 } +pointer_reference { + id: 0x2a5e3596 + kind: POINTER + pointee_type_id: 0x833830c5 +} pointer_reference { id: 0x2a5ed1c1 kind: POINTER @@ -23786,6 +23791,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xfcc23ab7 } +pointer_reference { + id: 0x35a7c1c3 + kind: POINTER + pointee_type_id: 0xfcdfe193 +} pointer_reference { id: 0x35ab6b03 kind: POINTER @@ -28341,6 +28351,11 @@ typedef { name: "bdaddr_t" referred_type_id: 0x0b690cd3 } +typedef { + id: 0x833830c5 + name: "be128" + referred_type_id: 0x3857842d +} typedef { id: 0x117ba19a name: "bh_end_io_t" @@ -33166,6 +33181,11 @@ qualified { qualifier: CONST qualified_type_id: 0x834f5c57 } +qualified { + id: 0xfcdfe193 + qualifier: CONST + qualified_type_id: 0x833830c5 +} qualified { id: 0xfd03f127 qualifier: CONST @@ -40221,6 +40241,11 @@ member { name: "a" type_id: 0xb02b353a } +member { + id: 0x80a3e3d3 + name: "a" + type_id: 0x7877cd32 +} member { id: 0x80f2085f name: "a" @@ -49151,6 +49176,12 @@ member { name: "b" type_id: 0x38df449f } +member { + id: 0x4ce00bb0 + name: "b" + type_id: 0x7877cd32 + offset: 64 +} member { id: 0x4cf8b2b0 name: "b" @@ -202748,6 +202779,15 @@ struct_union { member_id: 0x80f2085f } } +struct_union { + id: 0x3857842d + kind: STRUCT + definition { + bytesize: 16 + member_id: 0x80a3e3d3 + member_id: 0x4ce00bb0 + } +} struct_union { id: 0x3876ab11 kind: STRUCT @@ -277470,6 +277510,12 @@ function { return_type_id: 0x48b5725f parameter_id: 0x049d4e97 } +function { + id: 0x11bf8d42 + return_type_id: 0x48b5725f + parameter_id: 0x00c72527 + parameter_id: 0x4585663f +} function { id: 0x11c013b1 return_type_id: 0x48b5725f @@ -282808,6 +282854,12 @@ function { return_type_id: 0x48b5725f parameter_id: 0x2936263d } +function { + id: 0x1ad943f1 + return_type_id: 0x48b5725f + parameter_id: 0x2a5e3596 + parameter_id: 0x35a7c1c3 +} function { id: 0x1ad9d0a2 return_type_id: 0x48b5725f @@ -331299,6 +331351,13 @@ elf_symbol { type_id: 0x11228b4e full_name: "copy_highpage" } +elf_symbol { + id: 0xc1167624 + name: "copy_page" + is_defined: true + symbol_type: FUNCTION + crc: 0x4d0d163d +} elf_symbol { id: 0xd89255c2 name: "cpu_all_bits" @@ -332240,6 +332299,15 @@ elf_symbol { type_id: 0x9112accf full_name: "crypto_has_alg" } +elf_symbol { + id: 0x80e1f666 + name: "crypto_inc" + is_defined: true + symbol_type: FUNCTION + crc: 0x3ef051c8 + type_id: 0x11bf8d42 + full_name: "crypto_inc" +} elf_symbol { id: 0x62173925 name: "crypto_init_queue" @@ -343601,6 +343669,15 @@ elf_symbol { type_id: 0x11a59ba3 full_name: "getboottime64" } +elf_symbol { + id: 0x112db471 + name: "gf128mul_lle" + is_defined: true + symbol_type: FUNCTION + crc: 0x9e13f6f6 + type_id: 0x1ad943f1 + full_name: "gf128mul_lle" +} elf_symbol { id: 0xfe79963a name: "gfn_to_pfn_memslot" @@ -378933,6 +379010,7 @@ interface { symbol_id: 0x9e7d8d76 symbol_id: 0x610edc84 symbol_id: 0xd71898b4 + symbol_id: 0xc1167624 symbol_id: 0xd89255c2 symbol_id: 0x962b6a68 symbol_id: 0x33bbeca6 @@ -379038,6 +379116,7 @@ interface { symbol_id: 0xbf39e9a5 symbol_id: 0x4d4a15b0 symbol_id: 0xfc625698 + symbol_id: 0x80e1f666 symbol_id: 0x62173925 symbol_id: 0x053cd2eb symbol_id: 0xd1471c13 @@ -380298,6 +380377,7 @@ interface { symbol_id: 0x4ba4e06f symbol_id: 0xbac82e84 symbol_id: 0xa8319a8c + symbol_id: 0x112db471 symbol_id: 0xfe79963a symbol_id: 0xbc19d975 symbol_id: 0x6dc59ee7 diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index ec0a9c3f3bb3..f1155a5fb2b8 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -340,6 +340,7 @@ contig_page_data _copy_from_iter copy_from_kernel_nofault + copy_page __copy_overflow _copy_to_iter __cpu_active_mask @@ -429,6 +430,7 @@ crypto_get_default_rng crypto_has_ahash crypto_has_alg + crypto_inc crypto_init_queue __crypto_memneq crypto_put_default_rng @@ -1232,6 +1234,7 @@ get_user_ifreq get_user_pages get_zeroed_page + gf128mul_lle gh_rm_call gh_rm_notifier_register gh_rm_notifier_unregister From 0ee75a672ca5043d1465ac017c2d70879fbbf8f0 Mon Sep 17 00:00:00 2001 From: Konstantin Komarov Date: Mon, 10 Oct 2022 13:15:33 +0300 Subject: [PATCH 21/21] UPSTREAM: fs/ntfs3: Check fields while reading commit 0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b upstream. Added new functions index_hdr_check and index_buf_check. Now we check all stuff for correctness while reading from disk. Also fixed bug with stale nfs data. Bug: 286390611 Reported-by: van fantasy Signed-off-by: Konstantin Komarov Fixes: 82cae269cfa95 ("fs/ntfs3: Add initialization of super block") Signed-off-by: Lee Jones Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 000a9a72efa4a9df289bab9c9e8ba1639c72e0d6) Signed-off-by: Lee Jones Change-Id: I2b17511acdef8617aea3fecb45d2f11e49145097 --- fs/ntfs3/index.c | 84 ++++++++++++++++++++++++++++++---- fs/ntfs3/inode.c | 18 ++++---- fs/ntfs3/ntfs_fs.h | 4 +- fs/ntfs3/run.c | 7 ++- fs/ntfs3/xattr.c | 109 +++++++++++++++++++++++++++++---------------- 5 files changed, 164 insertions(+), 58 deletions(-) diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index c27b4fe57513..24a26744a691 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -605,11 +605,58 @@ static const struct NTFS_DE *hdr_insert_head(struct INDEX_HDR *hdr, return e; } +/* + * index_hdr_check + * + * return true if INDEX_HDR is valid + */ +static bool index_hdr_check(const struct INDEX_HDR *hdr, u32 bytes) +{ + u32 end = le32_to_cpu(hdr->used); + u32 tot = le32_to_cpu(hdr->total); + u32 off = le32_to_cpu(hdr->de_off); + + if (!IS_ALIGNED(off, 8) || tot > bytes || end > tot || + off + sizeof(struct NTFS_DE) > end) { + /* incorrect index buffer. */ + return false; + } + + return true; +} + +/* + * index_buf_check + * + * return true if INDEX_BUFFER seems is valid + */ +static bool index_buf_check(const struct INDEX_BUFFER *ib, u32 bytes, + const CLST *vbn) +{ + const struct NTFS_RECORD_HEADER *rhdr = &ib->rhdr; + u16 fo = le16_to_cpu(rhdr->fix_off); + u16 fn = le16_to_cpu(rhdr->fix_num); + + if (bytes <= offsetof(struct INDEX_BUFFER, ihdr) || + rhdr->sign != NTFS_INDX_SIGNATURE || + fo < sizeof(struct INDEX_BUFFER) + /* Check index buffer vbn. */ + || (vbn && *vbn != le64_to_cpu(ib->vbn)) || (fo % sizeof(short)) || + fo + fn * sizeof(short) >= bytes || + fn != ((bytes >> SECTOR_SHIFT) + 1)) { + /* incorrect index buffer. */ + return false; + } + + return index_hdr_check(&ib->ihdr, + bytes - offsetof(struct INDEX_BUFFER, ihdr)); +} + void fnd_clear(struct ntfs_fnd *fnd) { int i; - for (i = 0; i < fnd->level; i++) { + for (i = fnd->level - 1; i >= 0; i--) { struct indx_node *n = fnd->nodes[i]; if (!n) @@ -820,9 +867,16 @@ int indx_init(struct ntfs_index *indx, struct ntfs_sb_info *sbi, u32 t32; const struct INDEX_ROOT *root = resident_data(attr); + t32 = le32_to_cpu(attr->res.data_size); + if (t32 <= offsetof(struct INDEX_ROOT, ihdr) || + !index_hdr_check(&root->ihdr, + t32 - offsetof(struct INDEX_ROOT, ihdr))) { + goto out; + } + /* Check root fields. */ if (!root->index_block_clst) - return -EINVAL; + goto out; indx->type = type; indx->idx2vbn_bits = __ffs(root->index_block_clst); @@ -834,19 +888,19 @@ int indx_init(struct ntfs_index *indx, struct ntfs_sb_info *sbi, if (t32 < sbi->cluster_size) { /* Index record is smaller than a cluster, use 512 blocks. */ if (t32 != root->index_block_clst * SECTOR_SIZE) - return -EINVAL; + goto out; /* Check alignment to a cluster. */ if ((sbi->cluster_size >> SECTOR_SHIFT) & (root->index_block_clst - 1)) { - return -EINVAL; + goto out; } indx->vbn2vbo_bits = SECTOR_SHIFT; } else { /* Index record must be a multiple of cluster size. */ if (t32 != root->index_block_clst << sbi->cluster_bits) - return -EINVAL; + goto out; indx->vbn2vbo_bits = sbi->cluster_bits; } @@ -854,7 +908,14 @@ int indx_init(struct ntfs_index *indx, struct ntfs_sb_info *sbi, init_rwsem(&indx->run_lock); indx->cmp = get_cmp_func(root); - return indx->cmp ? 0 : -EINVAL; + if (!indx->cmp) + goto out; + + return 0; + +out: + ntfs_set_state(sbi, NTFS_DIRTY_DIRTY); + return -EINVAL; } static struct indx_node *indx_new(struct ntfs_index *indx, @@ -1012,6 +1073,13 @@ int indx_read(struct ntfs_index *indx, struct ntfs_inode *ni, CLST vbn, goto out; ok: + if (!index_buf_check(ib, bytes, &vbn)) { + ntfs_inode_err(&ni->vfs_inode, "directory corrupted"); + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; + goto out; + } + if (err == -E_NTFS_FIXUP) { ntfs_write_bh(ni->mi.sbi, &ib->rhdr, &in->nb, 0); err = 0; @@ -1599,9 +1667,9 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, if (err) { /* Restore root. */ - if (mi_resize_attr(mi, attr, -ds_root)) + if (mi_resize_attr(mi, attr, -ds_root)) { memcpy(attr, a_root, asize); - else { + } else { /* Bug? */ ntfs_set_state(sbi, NTFS_DIRTY_ERROR); } diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index 22152300e60c..ece7daa2266a 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -81,7 +81,7 @@ static struct inode *ntfs_read_mft(struct inode *inode, le16_to_cpu(ref->seq), le16_to_cpu(rec->seq)); goto out; } else if (!is_rec_inuse(rec)) { - err = -EINVAL; + err = -ESTALE; ntfs_err(sb, "Inode r=%x is not in use!", (u32)ino); goto out; } @@ -92,8 +92,10 @@ static struct inode *ntfs_read_mft(struct inode *inode, goto out; } - if (!is_rec_base(rec)) - goto Ok; + if (!is_rec_base(rec)) { + err = -EINVAL; + goto out; + } /* Record should contain $I30 root. */ is_dir = rec->flags & RECORD_FLAG_DIR; @@ -466,7 +468,6 @@ end_enum: inode->i_flags |= S_NOSEC; } -Ok: if (ino == MFT_REC_MFT && !sb->s_root) sbi->mft.ni = NULL; @@ -520,6 +521,9 @@ struct inode *ntfs_iget5(struct super_block *sb, const struct MFT_REF *ref, _ntfs_bad_inode(inode); } + if (IS_ERR(inode) && name) + ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR); + return inode; } @@ -1635,10 +1639,8 @@ out6: ntfs_remove_reparse(sbi, IO_REPARSE_TAG_SYMLINK, &new_de->ref); out5: - if (S_ISDIR(mode) || run_is_empty(&ni->file.run)) - goto out4; - - run_deallocate(sbi, &ni->file.run, false); + if (!S_ISDIR(mode)) + run_deallocate(sbi, &ni->file.run, false); out4: clear_rec_inuse(rec); diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index ca8b4d273feb..60c944d2811d 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -794,12 +794,12 @@ int run_pack(const struct runs_tree *run, CLST svcn, CLST len, u8 *run_buf, u32 run_buf_size, CLST *packed_vcns); int run_unpack(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, CLST svcn, CLST evcn, CLST vcn, const u8 *run_buf, - u32 run_buf_size); + int run_buf_size); #ifdef NTFS3_CHECK_FREE_CLST int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, CLST svcn, CLST evcn, CLST vcn, const u8 *run_buf, - u32 run_buf_size); + int run_buf_size); #else #define run_unpack_ex run_unpack #endif diff --git a/fs/ntfs3/run.c b/fs/ntfs3/run.c index aaaa0d3d35a2..12d8682f33b5 100644 --- a/fs/ntfs3/run.c +++ b/fs/ntfs3/run.c @@ -919,12 +919,15 @@ out: */ int run_unpack(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, CLST svcn, CLST evcn, CLST vcn, const u8 *run_buf, - u32 run_buf_size) + int run_buf_size) { u64 prev_lcn, vcn64, lcn, next_vcn; const u8 *run_last, *run_0; bool is_mft = ino == MFT_REC_MFT; + if (run_buf_size < 0) + return -EINVAL; + /* Check for empty. */ if (evcn + 1 == svcn) return 0; @@ -1046,7 +1049,7 @@ int run_unpack(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, */ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, CLST svcn, CLST evcn, CLST vcn, const u8 *run_buf, - u32 run_buf_size) + int run_buf_size) { int ret, err; CLST next_vcn, lcn, len; diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index ea582b4fe1d9..884781e423e1 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -42,28 +42,26 @@ static inline size_t packed_ea_size(const struct EA_FULL *ea) * Assume there is at least one xattr in the list. */ static inline bool find_ea(const struct EA_FULL *ea_all, u32 bytes, - const char *name, u8 name_len, u32 *off) + const char *name, u8 name_len, u32 *off, u32 *ea_sz) { - *off = 0; + u32 ea_size; - if (!ea_all || !bytes) + *off = 0; + if (!ea_all) return false; - for (;;) { + for (; *off < bytes; *off += ea_size) { const struct EA_FULL *ea = Add2Ptr(ea_all, *off); - u32 next_off = *off + unpacked_ea_size(ea); - - if (next_off > bytes) - return false; - + ea_size = unpacked_ea_size(ea); if (ea->name_len == name_len && - !memcmp(ea->name, name, name_len)) + !memcmp(ea->name, name, name_len)) { + if (ea_sz) + *ea_sz = ea_size; return true; - - *off = next_off; - if (next_off >= bytes) - return false; + } } + + return false; } /* @@ -74,12 +72,12 @@ static inline bool find_ea(const struct EA_FULL *ea_all, u32 bytes, static int ntfs_read_ea(struct ntfs_inode *ni, struct EA_FULL **ea, size_t add_bytes, const struct EA_INFO **info) { - int err; + int err = -EINVAL; struct ntfs_sb_info *sbi = ni->mi.sbi; struct ATTR_LIST_ENTRY *le = NULL; struct ATTRIB *attr_info, *attr_ea; void *ea_p; - u32 size; + u32 size, off, ea_size; static_assert(le32_to_cpu(ATTR_EA_INFO) < le32_to_cpu(ATTR_EA)); @@ -96,24 +94,31 @@ static int ntfs_read_ea(struct ntfs_inode *ni, struct EA_FULL **ea, *info = resident_data_ex(attr_info, sizeof(struct EA_INFO)); if (!*info) - return -EINVAL; + goto out; /* Check Ea limit. */ size = le32_to_cpu((*info)->size); - if (size > sbi->ea_max_size) - return -EFBIG; + if (size > sbi->ea_max_size) { + err = -EFBIG; + goto out; + } - if (attr_size(attr_ea) > sbi->ea_max_size) - return -EFBIG; + if (attr_size(attr_ea) > sbi->ea_max_size) { + err = -EFBIG; + goto out; + } + + if (!size) { + /* EA info persists, but xattr is empty. Looks like EA problem. */ + goto out; + } /* Allocate memory for packed Ea. */ ea_p = kmalloc(size_add(size, add_bytes), GFP_NOFS); if (!ea_p) return -ENOMEM; - if (!size) { - /* EA info persists, but xattr is empty. Looks like EA problem. */ - } else if (attr_ea->non_res) { + if (attr_ea->non_res) { struct runs_tree run; run_init(&run); @@ -124,24 +129,52 @@ static int ntfs_read_ea(struct ntfs_inode *ni, struct EA_FULL **ea, run_close(&run); if (err) - goto out; + goto out1; } else { void *p = resident_data_ex(attr_ea, size); - if (!p) { - err = -EINVAL; - goto out; - } + if (!p) + goto out1; memcpy(ea_p, p, size); } memset(Add2Ptr(ea_p, size), 0, add_bytes); + + /* Check all attributes for consistency. */ + for (off = 0; off < size; off += ea_size) { + const struct EA_FULL *ef = Add2Ptr(ea_p, off); + u32 bytes = size - off; + + /* Check if we can use field ea->size. */ + if (bytes < sizeof(ef->size)) + goto out1; + + if (ef->size) { + ea_size = le32_to_cpu(ef->size); + if (ea_size > bytes) + goto out1; + continue; + } + + /* Check if we can use fields ef->name_len and ef->elength. */ + if (bytes < offsetof(struct EA_FULL, name)) + goto out1; + + ea_size = ALIGN(struct_size(ef, name, + 1 + ef->name_len + + le16_to_cpu(ef->elength)), + 4); + if (ea_size > bytes) + goto out1; + } + *ea = ea_p; return 0; -out: +out1: kfree(ea_p); - *ea = NULL; +out: + ntfs_set_state(sbi, NTFS_DIRTY_DIRTY); return err; } @@ -163,6 +196,7 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, const struct EA_FULL *ea; u32 off, size; int err; + int ea_size; size_t ret; err = ntfs_read_ea(ni, &ea_all, 0, &info); @@ -175,8 +209,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, size = le32_to_cpu(info->size); /* Enumerate all xattrs. */ - for (ret = 0, off = 0; off < size; off += unpacked_ea_size(ea)) { + for (ret = 0, off = 0; off < size; off += ea_size) { ea = Add2Ptr(ea_all, off); + ea_size = unpacked_ea_size(ea); if (buffer) { if (ret + ea->name_len + 1 > bytes_per_buffer) { @@ -227,7 +262,8 @@ static int ntfs_get_ea(struct inode *inode, const char *name, size_t name_len, goto out; /* Enumerate all xattrs. */ - if (!find_ea(ea_all, le32_to_cpu(info->size), name, name_len, &off)) { + if (!find_ea(ea_all, le32_to_cpu(info->size), name, name_len, &off, + NULL)) { err = -ENODATA; goto out; } @@ -269,7 +305,7 @@ static noinline int ntfs_set_ea(struct inode *inode, const char *name, struct EA_FULL *new_ea; struct EA_FULL *ea_all = NULL; size_t add, new_pack; - u32 off, size; + u32 off, size, ea_sz; __le16 size_pack; struct ATTRIB *attr; struct ATTR_LIST_ENTRY *le; @@ -304,9 +340,8 @@ static noinline int ntfs_set_ea(struct inode *inode, const char *name, size_pack = ea_info.size_pack; } - if (info && find_ea(ea_all, size, name, name_len, &off)) { + if (info && find_ea(ea_all, size, name, name_len, &off, &ea_sz)) { struct EA_FULL *ea; - size_t ea_sz; if (flags & XATTR_CREATE) { err = -EEXIST; @@ -329,8 +364,6 @@ static noinline int ntfs_set_ea(struct inode *inode, const char *name, if (ea->flags & FILE_NEED_EA) le16_add_cpu(&ea_info.count, -1); - ea_sz = unpacked_ea_size(ea); - le16_add_cpu(&ea_info.size_pack, 0 - packed_ea_size(ea)); memmove(ea, Add2Ptr(ea, ea_sz), size - off - ea_sz);