From e1ab072bcf60c1df3a2b94732a3c172a4597adb6 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Tue, 4 Feb 2025 23:36:42 +0000 Subject: [PATCH 01/28] UPSTREAM: usb: gadget: core: flush gadget workqueue after device removal [ Upstream commit 399a45e5237ca14037120b1b895bd38a3b4492ea ] device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the workqueue is cleaned up. Fixes: 5702f75375aa9 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue") Cc: stable Bug: 406664478 Bug: 400301689 Change-Id: Icf64956f8a17b1876388546b679cfd203d9701dc Signed-off-by: Roy Luo Reviewed-by: Alan Stern Reviewed-by: Thinh Nguyen Link: https://lore.kernel.org/r/20250204233642.666991-1-royluo@google.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin (cherry picked from commit 859cb45aefa6de823b2fa7f229fe6d9562c9f3b7) Signed-off-by: wei li (cherry picked from commit de3fe45104b53290db95363d89fa763b8724e22c) Signed-off-by: Lianqin Hu --- drivers/usb/gadget/udc/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 06bfad727d90..e096c9da5a0d 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1511,8 +1511,8 @@ void usb_del_gadget(struct usb_gadget *gadget) kobject_uevent(&udc->dev.kobj, KOBJ_REMOVE); sysfs_remove_link(&udc->dev.kobj, "gadget"); - flush_work(&gadget->work); device_del(&gadget->dev); + flush_work(&gadget->work); ida_free(&gadget_id_numbers, gadget->id_number); cancel_work_sync(&udc->vbus_work); device_unregister(&udc->dev); From c1fd50266bd60d4a18caab3768b3a8337c05d115 Mon Sep 17 00:00:00 2001 From: Bosser Ye Date: Thu, 27 Mar 2025 10:37:52 +0800 Subject: [PATCH 02/28] ANDROID: GKI: Update symbol list for mtk 1 function symbol(s) added 'struct device* device_find_any_child(struct device*)' Bug: 406580420 Change-Id: I6a95c44e60b5299cac1f4a6acdc098941494a448 Signed-off-by: Bosser Ye --- android/abi_gki_aarch64.stg | 10 ++++++++++ android/abi_gki_aarch64_mtk | 1 + 2 files changed, 11 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 2a333ca339c1..25d418af29c6 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -365626,6 +365626,15 @@ elf_symbol { type_id: 0x19a776c5 full_name: "device_destroy" } +elf_symbol { + id: 0x3cb87444 + name: "device_find_any_child" + is_defined: true + symbol_type: FUNCTION + crc: 0x4f7a1913 + type_id: 0xadb90e65 + full_name: "device_find_any_child" +} elf_symbol { id: 0x0b165427 name: "device_find_child" @@ -420534,6 +420543,7 @@ interface { symbol_id: 0x83a82ebe symbol_id: 0xe85fa1f1 symbol_id: 0xe6df6df5 + symbol_id: 0x3cb87444 symbol_id: 0x0b165427 symbol_id: 0x01805ccc symbol_id: 0xd81e7ab3 diff --git a/android/abi_gki_aarch64_mtk b/android/abi_gki_aarch64_mtk index 46313f2a6297..7927daf45cdd 100644 --- a/android/abi_gki_aarch64_mtk +++ b/android/abi_gki_aarch64_mtk @@ -415,6 +415,7 @@ device_create_with_groups device_del device_destroy + device_find_any_child device_find_child device_find_child_by_name device_for_each_child From 4fc6483e90c557c879e304ed0f1efe7da9f74975 Mon Sep 17 00:00:00 2001 From: pengzhongcui Date: Sun, 30 Mar 2025 16:32:27 +0800 Subject: [PATCH 03/28] ANDROID: vendor_hook: Add hook is to optimize the time consumption of shrink slab. one Vendor hook add: android_vh_do_shrink_slab_ex Add vendor hook point in do_shrink_slab to optimize for user experience related threads and time-consuming shrinkers. Bug: 407420219 Change-Id: I5ee29988eebb53da503f729564946b12deb1d981 Signed-off-by: pengzhongcui --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/vmscan.h | 4 ++++ mm/vmscan.c | 1 + 3 files changed, 6 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 7ceecabcaa38..c73fb1679f93 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -310,6 +310,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mmap_region); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_try_to_unmap_one); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_shrink_slab_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_shrink_slab); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_shrink_slab_ex); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_get_page_wmark); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_page_add_new_anon_rmap); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_psci_tos_resident_on); diff --git a/include/trace/hooks/vmscan.h b/include/trace/hooks/vmscan.h index 94303994f6d6..991d3365408f 100644 --- a/include/trace/hooks/vmscan.h +++ b/include/trace/hooks/vmscan.h @@ -21,6 +21,10 @@ DECLARE_HOOK(android_vh_shrink_slab_bypass, DECLARE_HOOK(android_vh_do_shrink_slab, TP_PROTO(struct shrinker *shrinker, long *freeable), TP_ARGS(shrinker, freeable)); +DECLARE_HOOK(android_vh_do_shrink_slab_ex, + TP_PROTO(struct shrink_control *shrinkctl, struct shrinker *shrinker, + long *freeable, int priority), + TP_ARGS(shrinkctl, shrinker, freeable, priority)); DECLARE_HOOK(android_vh_shrink_node_memcgs, TP_PROTO(struct mem_cgroup *memcg, bool *skip), TP_ARGS(memcg, skip)); diff --git a/mm/vmscan.c b/mm/vmscan.c index 9dbd8b1ae7a6..4caf03d5ecaa 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -816,6 +816,7 @@ static unsigned long do_shrink_slab(struct shrink_control *shrinkctl, freeable = shrinker->count_objects(shrinker, shrinkctl); trace_android_vh_do_shrink_slab(shrinker, &freeable); + trace_android_vh_do_shrink_slab_ex(shrinkctl, shrinker, &freeable, priority); if (freeable == 0 || freeable == SHRINK_EMPTY) return freeable; From df2dac406f15798c002d9e5f04dd7cf70bf3f510 Mon Sep 17 00:00:00 2001 From: pengzhongcui Date: Sun, 30 Mar 2025 17:34:50 +0800 Subject: [PATCH 04/28] ANDROID: GKI: Update symbol list for xiaomi 3 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_tune_swappiness' 'struct tracepoint __tracepoint_android_vh_do_shrink_slab_ex' 'struct tracepoint __tracepoint_android_vh_shrink_slab_bypass' Bug: 407420219 Change-Id: I95326ce626fa279db21dcd4ba2b7b1441c5c7d23 Signed-off-by: pengzhongcui --- android/abi_gki_aarch64.stg | 29 +++++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 8 ++++++++ 2 files changed, 37 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 25d418af29c6..d9f400a34803 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -328854,6 +328854,15 @@ function { parameter_id: 0x11cfee5a parameter_id: 0x11cfee5a } +function { + id: 0x9bb59830 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x04c02b90 + parameter_id: 0x27b5ed37 + parameter_id: 0x3593bec8 + parameter_id: 0x6720d32f +} function { id: 0x9bb5b719 return_type_id: 0x6720d32f @@ -348094,6 +348103,15 @@ elf_symbol { type_id: 0x9b3c0938 full_name: "__traceiter_android_vh_do_shrink_slab" } +elf_symbol { + id: 0x20f34a30 + name: "__traceiter_android_vh_do_shrink_slab_ex" + is_defined: true + symbol_type: FUNCTION + crc: 0x31c005bf + type_id: 0x9bb59830 + full_name: "__traceiter_android_vh_do_shrink_slab_ex" +} elf_symbol { id: 0x54bc5972 name: "__traceiter_android_vh_do_swap_page" @@ -353152,6 +353170,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_do_shrink_slab" } +elf_symbol { + id: 0xe66acad6 + name: "__tracepoint_android_vh_do_shrink_slab_ex" + is_defined: true + symbol_type: OBJECT + crc: 0xc2d711ec + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_do_shrink_slab_ex" +} elf_symbol { id: 0xeb9f1c78 name: "__tracepoint_android_vh_do_swap_page" @@ -418594,6 +418621,7 @@ interface { symbol_id: 0xea6452e1 symbol_id: 0x1cc3aec5 symbol_id: 0xb12728da + symbol_id: 0x20f34a30 symbol_id: 0x54bc5972 symbol_id: 0x9dbd7b92 symbol_id: 0x2576f1c7 @@ -419156,6 +419184,7 @@ interface { symbol_id: 0xff7bbbff symbol_id: 0x82ce823f symbol_id: 0x474d211c + symbol_id: 0xe66acad6 symbol_id: 0xeb9f1c78 symbol_id: 0xe2d7542c symbol_id: 0x15374b6d diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index 29dfbb4f0036..ddf633e5e894 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -380,6 +380,14 @@ # required by shrink memory module shrink_slab +# required by mi_mem_engine.ko + __traceiter_android_vh_tune_swappiness + __tracepoint_android_vh_tune_swappiness + __traceiter_android_vh_do_shrink_slab_ex + __tracepoint_android_vh_do_shrink_slab_ex + __traceiter_android_vh_shrink_slab_bypass + __tracepoint_android_vh_shrink_slab_bypass + #required by cifs.ko add_swap_extent asn1_ber_decoder From 3e6e324f5b472ff8460615f1403f380e05cf2b67 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Wed, 15 Jan 2025 17:37:13 -0800 Subject: [PATCH 05/28] UPSTREAM: net: sched: Disallow replacing of child qdisc from one parent to another [ Upstream commit bc50835e83f60f56e9bec2b392fb5544f250fb6f ] Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc class add dev lo classid 1:3 drr step5. tc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024 step6. tc qdisc add dev lo parent 1:2 handle 3:0 drr step7. tc class add dev lo classid 3:1 drr step 8. tc qdisc add dev lo parent 3:1 handle 4:0 pfifo step 9. Display the class/qdisc layout tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 limit 1000p qdisc drr 3: dev lo parent 1:2 step10. trigger the bug <=== prevented by this patch tc qdisc replace dev lo parent 1:3 handle 4:0 step 11. Redisplay again the qdiscs/classes tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 1:3 root leaf 4: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p qdisc drr 3: dev lo parent 1:2 Observe that a) parent for 4:0 does not change despite the replace request. There can only be one parent. b) refcount has gone up by two for 4:0 and c) both class 1:3 and 3:1 are pointing to it. Step 12. send one packet to plug echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001)) step13. send one packet to the grafted fifo echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003)) step14. lets trigger the uaf tc class delete dev lo classid 1:3 tc class delete dev lo classid 1:1 The semantics of "replace" is for a del/add _on the same node_ and not a delete from one node(3:1) and add to another node (1:3) as in step10. While we could "fix" with a more complex approach there could be consequences to expectations so the patch takes the preventive approach of "disallow such config". Bug: 393266309 Joint work with Lion Ackermann Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jamal Hadi Salim Reviewed-by: Simon Horman Link: https://patch.msgid.link/20250116013713.900000-1-kuba@kernel.org Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin (cherry picked from commit deda09c0543a66fa51554abc5ffd723d99b191bf) Signed-off-by: Lee Jones Change-Id: Id94e8dfb543643e489e33f79af990f23580b9121 From ca24c52e3c25966dfb7d4f0784910cd661b44d43 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Wed, 2 Apr 2025 20:13:04 +0000 Subject: [PATCH 06/28] Revert "ANDROID: usb: Optimization the transfer rate of accessory mode in USB3.2 mode" This reverts commit 1fe91f863a7f6adfb5a0670df464283a7a0647f6 as it breaks Desktop Head Unit of AA on macbooks when connected with Superspeed or faster cables. Test: Run DHU on mac with Superspeed cables. Bug: 401274795 Signed-off-by: Badhri Jagan Sridharan Change-Id: Ibdf6d9360aa65480831127bee1cc6554f4a5beb9 --- drivers/usb/gadget/function/f_accessory.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/f_accessory.c b/drivers/usb/gadget/function/f_accessory.c index a8e1babb23a2..9a4aec8dbaf0 100644 --- a/drivers/usb/gadget/function/f_accessory.c +++ b/drivers/usb/gadget/function/f_accessory.c @@ -172,7 +172,7 @@ static struct usb_ss_ep_comp_descriptor acc_superspeedplus_comp_desc = { /* the following 2 values can be tweaked if necessary */ .bMaxBurst = 6, - .bmAttributes = 16, + /* .bmAttributes = 0, */ }; static struct usb_endpoint_descriptor acc_superspeed_in_desc = { @@ -197,7 +197,7 @@ static struct usb_ss_ep_comp_descriptor acc_superspeed_comp_desc = { /* the following 2 values can be tweaked if necessary */ .bMaxBurst = 6, - .bmAttributes = 16, + /* .bmAttributes = 0, */ }; static struct usb_endpoint_descriptor acc_highspeed_in_desc = { From 6bd3b482a8f12750b4297426b502b735e140d8c8 Mon Sep 17 00:00:00 2001 From: John Stultz Date: Tue, 8 Apr 2025 11:35:03 -0700 Subject: [PATCH 07/28] ANDROID: sched: Reapply reverted portions of "sched/core: Prevent race condition between cpuset and __sched_setscheduler()" This reverts commit 44ee678655a096a418e1fdabd0c972749017b5ec The original change, commit 710da3c8ea7d ("sched/core: Prevent race condition between cpuset and __sched_setscheduler()") added potential rwsem locking inside __sched_setscheduler() and moved the call to __sched_setscheduler() out of the rcu read lock section in do_sched_setschduler(). However, there was a complication with binder calling sched_setscheduler_nocheck() while holding the node spin lock as well as potentially the thread->prio_lock. So in commit 44ee678655a0 this was reverted in the Android tree, undoing the rwsem additions and moving __sched_setscheduler() back under the rcu read lock. Later, upstream in commit 111cd11bbc548 ("sched/cpuset: Bring back cpuset_mutex") and backported via 6.1-stable in commit 9bcfe1527882d, the change reverted the original rwsem locking in __sched_setscheduler() replacing them with mutexes, used only in the SCHED_DEADLINE case. This resulted in the android tree having do_sched_setscheduler() code paths take an rcu_read_lock() and then eventually call into a mutex_lock(), triggering the following warning: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:293 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 13352, name: preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 Call trace: dump_backtrace+0xf8/0x148 show_stack+0x18/0x24 dump_stack_lvl+0x60/0x7c dump_stack+0x18/0x38 __might_resched+0x1f0/0x2e8 __might_sleep+0x48/0x7c mutex_lock+0x24/0xfc cpuset_lock+0x18/0x28 __sched_setscheduler+0x2ec/0xb38 do_sched_setscheduler+0x180/0x1fc __arm64_sys_sched_setscheduler+0x20/0x3c invoke_syscall+0x58/0x118 el0_svc_common+0xb4/0xf4 do_el0_svc+0x24/0x80 el0_svc+0x2c/0x90 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 In the android-mainline tree, it was noted that the origial issue with binder had been resolved in 6.5-rc1, so the original the revert was undone by commit 4fb867eea029 ("Revert "Revert "sched/core: Prevent race condition between cpuset and __sched_setscheduler()""). However, binder is still calling sched_setscheduler_nocheck() potentially holding spinlocks (see: b/275379975), but as we don't see major issues (as __sched_setscheduler already may *currently* sleep), it seems there may be logical restrictions that prevent it from actually occuring (seemingly due to binder not running as deadline). The binder call path however does not use do_sched_setscheduler(), so revert the remaining portion of commit 44ee678655a0 ("Revert "sched/core: Prevent race condition between cpuset and __sched_setscheduler()""), moving the call to __sched_setscheduler() outside the rcu critical section. This will address the reported issue above, while not changing the current situation with binder calling __sched_setscheduler(). Bug: 408888661 Fixes: 44ee678655a0 ("Revert "sched/core: Prevent race condition between cpuset and __sched_setscheduler()"") Change-Id: Ibebf364586cc3dda3993e7d685b5fee3566ec806 Signed-off-by: John Stultz --- kernel/sched/core.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index cdde2922e564..f85b5afebe38 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -8041,10 +8041,15 @@ do_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) rcu_read_lock(); retval = -ESRCH; p = find_process_by_pid(pid); - if (p != NULL) - retval = sched_setscheduler(p, policy, &lparam); + if (likely(p)) + get_task_struct(p); rcu_read_unlock(); + if (likely(p)) { + retval = sched_setscheduler(p, policy, &lparam); + put_task_struct(p); + } + return retval; } From 777d8313618b1294734456e5146c288b279006e4 Mon Sep 17 00:00:00 2001 From: Douglas Anderson Date: Mon, 5 Feb 2024 09:26:30 -0800 Subject: [PATCH 08/28] UPSTREAM: regset: use kvzalloc() for regset_get_alloc() While browsing through ChromeOS crash reports, I found one with an allocation failure that looked like this: chrome: page allocation failure: order:7, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=urgent,mems_allowed=0 CPU: 7 PID: 3295 Comm: chrome Not tainted 5.15.133-20574-g8044615ac35c #1 (HASH:1162 1) Hardware name: Google Lazor (rev3 - 8) with KB Backlight (DT) Call trace: ... warn_alloc+0x104/0x174 __alloc_pages+0x5f0/0x6e4 kmalloc_order+0x44/0x98 kmalloc_order_trace+0x34/0x124 __kmalloc+0x228/0x36c __regset_get+0x68/0xcc regset_get_alloc+0x1c/0x28 elf_core_dump+0x3d8/0xd8c do_coredump+0xeb8/0x1378 get_signal+0x14c/0x804 ... An order 7 allocation is (1 << 7) contiguous pages, or 512K. It's not a surprise that this allocation failed on a system that's been running for a while. More digging showed that it was fairly easy to see the order 7 allocation by just sending a SIGQUIT to chrome (or other processes) to generate a core dump. The actual amount being allocated was 279,584 bytes and it was for "core_note_type" NT_ARM_SVE. There was quite a bit of discussion [1] on the mailing lists in response to my v1 patch attempting to switch to vmalloc. The overall conclusion was that we could likely reduce the 279,584 byte allocation by quite a bit and Mark Brown has sent a patch to that effect [2]. However even with the 279,584 byte allocation gone there are still 65,552 byte allocations. These are just barely more than the 65,536 bytes and thus would require an order 5 allocation. An order 5 allocation is still something to avoid unless necessary and nothing needs the memory here to be contiguous. Change the allocation to kvzalloc() which should still be efficient for small allocations but doesn't force the memory subsystem to work hard (and maybe fail) at getting a large contiguous chunk. [1] https://lore.kernel.org/r/20240201171159.1.Id9ad163b60d21c9e56c2d686b0cc9083a8ba7924@changeid [2] https://lore.kernel.org/r/20240203-arm64-sve-ptrace-regset-size-v1-1-2c3ba1386b9e@kernel.org Link: https://lkml.kernel.org/r/20240205092626.v2.1.Id9ad163b60d21c9e56c2d686b0cc9083a8ba7924@changeid Signed-off-by: Douglas Anderson Reviewed-by: Catalin Marinas Cc: Al Viro Cc: Christian Brauner Cc: Dave Martin Cc: Eric Biederman Cc: Jan Kara Cc: Kees Cook Cc: Mark Brown Cc: Matthew Wilcox (Oracle) Cc: Oleg Nesterov Cc: Will Deacon Signed-off-by: Andrew Morton Bug: 409708978 (cherry picked from commit 6b839b3b76cf17296ebd4a893841f32cae08229c) Signed-off-by: Seiya Wang (cherry picked from https://android-review.googlesource.com/q/commit:4f551093f53b449c590bbd44e97bc2cdf528e8d3) Merged-In: I42c9bcb78bde782b0b52432086c6b3e9e95ab6d3 Change-Id: I42c9bcb78bde782b0b52432086c6b3e9e95ab6d3 --- fs/binfmt_elf.c | 2 +- kernel/regset.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 89e7e4826efc..dffce67fd288 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1973,7 +1973,7 @@ static void free_note_info(struct elf_note_info *info) threads = t->next; WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus); for (i = 1; i < info->thread_notes; ++i) - kfree(t->notes[i].data); + kvfree(t->notes[i].data); kfree(t); } kfree(info->psinfo.data); diff --git a/kernel/regset.c b/kernel/regset.c index 586823786f39..b2871fa68b2a 100644 --- a/kernel/regset.c +++ b/kernel/regset.c @@ -16,14 +16,14 @@ static int __regset_get(struct task_struct *target, if (size > regset->n * regset->size) size = regset->n * regset->size; if (!p) { - to_free = p = kzalloc(size, GFP_KERNEL); + to_free = p = kvzalloc(size, GFP_KERNEL); if (!p) return -ENOMEM; } res = regset->regset_get(target, regset, (struct membuf){.p = p, .left = size}); if (res < 0) { - kfree(to_free); + kvfree(to_free); return res; } *data = p; @@ -71,6 +71,6 @@ int copy_regset_to_user(struct task_struct *target, ret = regset_get_alloc(target, regset, size, &buf); if (ret > 0) ret = copy_to_user(data, buf, ret) ? -EFAULT : 0; - kfree(buf); + kvfree(buf); return ret; } From 44009cb85e6ead90c0b3c795b65b88ad8573804e Mon Sep 17 00:00:00 2001 From: Seiya Wang Date: Wed, 9 Apr 2025 09:09:40 +0800 Subject: [PATCH 09/28] ANDROID: GKI: Update symbol list for mtk 2 function symbol(s) added 'struct sock* nf_sk_lookup_slow_v4(struct net*, const struct sk_buff*, const struct net_device*)' 'struct sock* nf_sk_lookup_slow_v6(struct net*, const struct sk_buff*, const struct net_device*)' Bug: 409358930 Change-Id: Id2cf12b854c696f824683157a39d3677638e4d19 Signed-off-by: Seiya Wang --- android/abi_gki_aarch64.stg | 27 +++++++++++++++++++++++++++ android/abi_gki_aarch64_mtk | 2 ++ 2 files changed, 29 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index d9f400a34803..a243c62047b0 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -311317,6 +311317,13 @@ function { parameter_id: 0x32caaf24 parameter_id: 0x1bf16028 } +function { + id: 0x6f9910f4 + return_type_id: 0x1d44326e + parameter_id: 0x0ca27481 + parameter_id: 0x3e6396e0 + parameter_id: 0x3399c453 +} function { id: 0x6f9cf068 return_type_id: 0x1d44326e @@ -388560,6 +388567,24 @@ elf_symbol { type_id: 0x92045331 full_name: "nf_register_sockopt" } +elf_symbol { + id: 0x7d136425 + name: "nf_sk_lookup_slow_v4" + is_defined: true + symbol_type: FUNCTION + crc: 0x5c995b47 + type_id: 0x6f9910f4 + full_name: "nf_sk_lookup_slow_v4" +} +elf_symbol { + id: 0xfe90bb40 + name: "nf_sk_lookup_slow_v6" + is_defined: true + symbol_type: FUNCTION + crc: 0xdbfefa2e + type_id: 0x6f9910f4 + full_name: "nf_sk_lookup_slow_v6" +} elf_symbol { id: 0x840dad92 name: "nf_unregister_net_hook" @@ -423115,6 +423140,8 @@ interface { symbol_id: 0x8b1dfb41 symbol_id: 0x43078d96 symbol_id: 0xaf6b3cf1 + symbol_id: 0x7d136425 + symbol_id: 0xfe90bb40 symbol_id: 0x840dad92 symbol_id: 0x619db28f symbol_id: 0x21972142 diff --git a/android/abi_gki_aarch64_mtk b/android/abi_gki_aarch64_mtk index 7927daf45cdd..609cb1fa7d34 100644 --- a/android/abi_gki_aarch64_mtk +++ b/android/abi_gki_aarch64_mtk @@ -1727,6 +1727,8 @@ nfnl_lock nfnl_unlock nf_register_net_hooks + nf_sk_lookup_slow_v4 + nf_sk_lookup_slow_v6 nf_unregister_net_hooks nla_find nla_memcpy From 37c227e873b793847d6f2e2326001baadbe1e70f Mon Sep 17 00:00:00 2001 From: Willem de Bruijn Date: Tue, 8 Apr 2025 09:27:48 -0400 Subject: [PATCH 10/28] UPSTREAM: bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Classic BPF socket filters with SKB_NET_OFF and SKB_LL_OFF fail to read when these offsets extend into frags. This has been observed with iwlwifi and reproduced with tun with IFF_NAPI_FRAGS. The below straightforward socket filter on UDP port, applied to a RAW socket, will silently miss matching packets. const int offset_proto = offsetof(struct ip6_hdr, ip6_nxt); const int offset_dport = sizeof(struct ip6_hdr) + offsetof(struct udphdr, dest); struct sock_filter filter_code[] = { BPF_STMT(BPF_LD + BPF_B + BPF_ABS, SKF_AD_OFF + SKF_AD_PKTTYPE), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, PACKET_HOST, 0, 4), BPF_STMT(BPF_LD + BPF_B + BPF_ABS, SKF_NET_OFF + offset_proto), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 2), BPF_STMT(BPF_LD + BPF_H + BPF_ABS, SKF_NET_OFF + offset_dport), This is unexpected behavior. Socket filter programs should be consistent regardless of environment. Silent misses are particularly concerning as hard to detect. Use skb_copy_bits for offsets outside linear, same as done for non-SKF_(LL|NET) offsets. Offset is always positive after subtracting the reference threshold SKB_(LL|NET)_OFF, so is always >= skb_(mac|network)_offset. The sum of the two is an offset against skb->data, and may be negative, but it cannot point before skb->head, as skb_(mac|network)_offset would too. This appears to go back to when frag support was introduced to sk_run_filter in linux-2.4.4, before the introduction of git. The amount of code change and 8/16/32 bit duplication are unfortunate. But any attempt I made to be smarter saved very few LoC while complicating the code. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Link: https://lore.kernel.org/netdev/20250122200402.3461154-1-maze@google.com/ Link: https://elixir.bootlin.com/linux/2.4.4/source/net/core/filter.c#L244 Reported-by: Matt Moeller Co-developed-by: Maciej Żenczykowski Signed-off-by: Maciej Żenczykowski Signed-off-by: Willem de Bruijn Acked-by: Stanislav Fomichev Link: https://lore.kernel.org/r/20250408132833.195491-2-willemdebruijn.kernel@gmail.com Signed-off-by: Alexei Starovoitov (cherry picked from commit d4bac0288a2b444e468e6df9cb4ed69479ddf14a) See: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=d4bac0288a2b444e468e6df9cb4ed69479ddf14a Bug: 384636719 Signed-off-by: Maciej Żenczykowski Change-Id: I44e2572232f3a3459c49626f0fc5089e3e47d451 --- net/core/filter.c | 80 ++++++++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 38a5f43e7ab3..8d2e0694b93f 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -212,24 +212,36 @@ BPF_CALL_3(bpf_skb_get_nlattr_nest, struct sk_buff *, skb, u32, a, u32, x) return 0; } +static int bpf_skb_load_helper_convert_offset(const struct sk_buff *skb, int offset) +{ + if (likely(offset >= 0)) + return offset; + + if (offset >= SKF_NET_OFF) + return offset - SKF_NET_OFF + skb_network_offset(skb); + + if (offset >= SKF_LL_OFF && skb_mac_header_was_set(skb)) + return offset - SKF_LL_OFF + skb_mac_offset(skb); + + return INT_MIN; +} + BPF_CALL_4(bpf_skb_load_helper_8, const struct sk_buff *, skb, const void *, data, int, headlen, int, offset) { - u8 tmp, *ptr; + u8 tmp; const int len = sizeof(tmp); - if (offset >= 0) { - if (headlen - offset >= len) - return *(u8 *)(data + offset); - if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) - return tmp; - } else { - ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len); - if (likely(ptr)) - return *(u8 *)ptr; - } + offset = bpf_skb_load_helper_convert_offset(skb, offset); + if (offset == INT_MIN) + return -EFAULT; - return -EFAULT; + if (headlen - offset >= len) + return *(u8 *)(data + offset); + if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) + return tmp; + else + return -EFAULT; } BPF_CALL_2(bpf_skb_load_helper_8_no_cache, const struct sk_buff *, skb, @@ -242,21 +254,19 @@ BPF_CALL_2(bpf_skb_load_helper_8_no_cache, const struct sk_buff *, skb, BPF_CALL_4(bpf_skb_load_helper_16, const struct sk_buff *, skb, const void *, data, int, headlen, int, offset) { - __be16 tmp, *ptr; + __be16 tmp; const int len = sizeof(tmp); - if (offset >= 0) { - if (headlen - offset >= len) - return get_unaligned_be16(data + offset); - if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) - return be16_to_cpu(tmp); - } else { - ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len); - if (likely(ptr)) - return get_unaligned_be16(ptr); - } + offset = bpf_skb_load_helper_convert_offset(skb, offset); + if (offset == INT_MIN) + return -EFAULT; - return -EFAULT; + if (headlen - offset >= len) + return get_unaligned_be16(data + offset); + if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) + return be16_to_cpu(tmp); + else + return -EFAULT; } BPF_CALL_2(bpf_skb_load_helper_16_no_cache, const struct sk_buff *, skb, @@ -269,21 +279,19 @@ BPF_CALL_2(bpf_skb_load_helper_16_no_cache, const struct sk_buff *, skb, BPF_CALL_4(bpf_skb_load_helper_32, const struct sk_buff *, skb, const void *, data, int, headlen, int, offset) { - __be32 tmp, *ptr; + __be32 tmp; const int len = sizeof(tmp); - if (likely(offset >= 0)) { - if (headlen - offset >= len) - return get_unaligned_be32(data + offset); - if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) - return be32_to_cpu(tmp); - } else { - ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len); - if (likely(ptr)) - return get_unaligned_be32(ptr); - } + offset = bpf_skb_load_helper_convert_offset(skb, offset); + if (offset == INT_MIN) + return -EFAULT; - return -EFAULT; + if (headlen - offset >= len) + return get_unaligned_be32(data + offset); + if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp))) + return be32_to_cpu(tmp); + else + return -EFAULT; } BPF_CALL_2(bpf_skb_load_helper_32_no_cache, const struct sk_buff *, skb, From 19a0fb1d3513b4a19652a0082eadf9e4e7d3e4de Mon Sep 17 00:00:00 2001 From: Mahadevan Date: Wed, 9 Apr 2025 12:02:22 +0530 Subject: [PATCH 11/28] ANDROID: abi_gki_aarch64_qcom: Update symbol list for display HFI driver The symbol list has been updated to the QCOM ABI symbol list for the display HFI driver to facilitate communication with the Display CoProcessor (DCP Firmware). 1 function symbol added virtqueue_get_vring Bug: 409461670 Change-Id: I5ad34386609d3dc0a72a2600edc202fcecf0d999 Signed-off-by: Mahadevan --- android/abi_gki_aarch64.stg | 55 ++++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_qcom | 1 + 2 files changed, 56 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index a243c62047b0..52293012a1a9 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -23438,6 +23438,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xefdda716 } +pointer_reference { + id: 0x316c7444 + kind: POINTER + pointee_type_id: 0xeff1378d +} pointer_reference { id: 0x316cc8eb kind: POINTER @@ -35378,6 +35383,11 @@ qualified { qualifier: CONST qualified_type_id: 0xcf6aab90 } +qualified { + id: 0xeff1378d + qualifier: CONST + qualified_type_id: 0xcf8368bd +} qualified { id: 0xeff3c532 qualifier: CONST @@ -52445,6 +52455,12 @@ member { type_id: 0x14fb0ab0 offset: 576 } +member { + id: 0xe1383385 + name: "avail" + type_id: 0x14fb0ab0 + offset: 128 +} member { id: 0xe19ce3ba name: "avail" @@ -75133,6 +75149,12 @@ member { name: "desc" type_id: 0x1c4f6f14 } +member { + id: 0x87ca6452 + name: "desc" + type_id: 0x104d72c1 + offset: 64 +} member { id: 0x87ca6bab name: "desc" @@ -204652,6 +204674,12 @@ member { type_id: 0x399f63b7 offset: 640 } +member { + id: 0x8b87889f + name: "used" + type_id: 0x399f63b7 + offset: 192 +} member { id: 0x8b8d6727 name: "used" @@ -274219,6 +274247,18 @@ struct_union { member_id: 0xd6e6640d } } +struct_union { + id: 0xcf8368bd + kind: STRUCT + name: "vring" + definition { + bytesize: 32 + member_id: 0x1c73cad3 + member_id: 0x87ca6452 + member_id: 0xe1383385 + member_id: 0x8b87889f + } +} struct_union { id: 0xdf09be6b kind: STRUCT @@ -338465,6 +338505,11 @@ function { parameter_id: 0x06835e9c parameter_id: 0x33756485 } +function { + id: 0xbd098825 + return_type_id: 0x316c7444 + parameter_id: 0x31fa879c +} function { id: 0xbd324cd3 return_type_id: 0x29c600bb @@ -415916,6 +415961,15 @@ elf_symbol { type_id: 0xb0635f1b full_name: "virtqueue_get_used_addr" } +elf_symbol { + id: 0xa3699271 + name: "virtqueue_get_vring" + is_defined: true + symbol_type: FUNCTION + crc: 0x89e54a5c + type_id: 0xbd098825 + full_name: "virtqueue_get_vring" +} elf_symbol { id: 0x40994c4b name: "virtqueue_get_vring_size" @@ -426179,6 +426233,7 @@ interface { symbol_id: 0x97472a76 symbol_id: 0x18b1b4af symbol_id: 0x6baf8fe0 + symbol_id: 0xa3699271 symbol_id: 0x40994c4b symbol_id: 0xc310fa7c symbol_id: 0xbadb7e4b diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index b037e1bc50e9..fd92c270e73f 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -4083,6 +4083,7 @@ virtqueue_get_buf_ctx virtqueue_get_desc_addr virtqueue_get_used_addr + virtqueue_get_vring virtqueue_get_vring_size virtqueue_is_broken virtqueue_kick From efda22f3484c75674a2c4f22e4540e8289ead901 Mon Sep 17 00:00:00 2001 From: Dongdong zhang Date: Mon, 14 Apr 2025 16:51:48 +0800 Subject: [PATCH 12/28] ANDROID: GKI: update symbol list for xiaomi INFO: 4 function symbol(s) added 'void bio_crypt_set_ctx(struct bio*, const struct blk_crypto_key*, const u64*, gfp_t)' 'void blk_crypto_evict_key(struct block_device*, const struct blk_crypto_key*)' 'int blk_crypto_init_key(struct blk_crypto_key*, const u8*, size_t, enum blk_crypto_key_type, enum blk_crypto_mode_num, unsigned int, unsigned int)' 'int blk_crypto_start_using_key(struct block_device*, const struct blk_crypto_key*)' Bug: 410012026 Change-Id: I74021d561087ea73c2c8896ff05a504a4eba87b7 Signed-off-by: Dongdong zhang --- android/abi_gki_aarch64.stg | 76 ++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 4 ++ 2 files changed, 80 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 52293012a1a9..0085cb3eb741 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -25038,6 +25038,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xf8f87438 } +pointer_reference { + id: 0x34b671f6 + kind: POINTER + pointee_type_id: 0xf8992146 +} pointer_reference { id: 0x34bb6aad kind: POINTER @@ -297877,6 +297882,12 @@ function { return_type_id: 0x48b5725f parameter_id: 0x0f88e7f2 } +function { + id: 0x137c4474 + return_type_id: 0x48b5725f + parameter_id: 0x0c2e195c + parameter_id: 0x3be4ec15 +} function { id: 0x137d1ffc return_type_id: 0x48b5725f @@ -299028,6 +299039,14 @@ function { return_type_id: 0x48b5725f parameter_id: 0x1625e208 } +function { + id: 0x1511e92c + return_type_id: 0x48b5725f + parameter_id: 0x15a30023 + parameter_id: 0x3be4ec15 + parameter_id: 0x34b671f6 + parameter_id: 0xf1a6dfed +} function { id: 0x151457b1 return_type_id: 0xd5cc9c9a @@ -323970,6 +323989,17 @@ function { parameter_id: 0x18bd6530 parameter_id: 0x33756485 } +function { + id: 0x99968d2f + return_type_id: 0x6720d32f + parameter_id: 0x135282ce + parameter_id: 0x3f0185ef + parameter_id: 0xf435685e + parameter_id: 0xf91e7e64 + parameter_id: 0x82011f33 + parameter_id: 0x4585663f + parameter_id: 0x4585663f +} function { id: 0x9997c326 return_type_id: 0x6720d32f @@ -334913,6 +334943,12 @@ function { parameter_id: 0x18bd6530 parameter_id: 0x07dcdbe1 } +function { + id: 0x9e64f6c8 + return_type_id: 0x6720d32f + parameter_id: 0x0c2e195c + parameter_id: 0x3be4ec15 +} function { id: 0x9e65fffe return_type_id: 0x6720d32f @@ -358081,6 +358117,15 @@ elf_symbol { type_id: 0x15a61d9b full_name: "bio_clone_blkg_association" } +elf_symbol { + id: 0x5dacbb8b + name: "bio_crypt_set_ctx" + is_defined: true + symbol_type: FUNCTION + crc: 0xc73f174a + type_id: 0x1511e92c + full_name: "bio_crypt_set_ctx" +} elf_symbol { id: 0x3a8604de name: "bio_end_io_acct_remapped" @@ -358333,6 +358378,24 @@ elf_symbol { type_id: 0x66cc4765 full_name: "blk_check_plugged" } +elf_symbol { + id: 0x59a87a04 + name: "blk_crypto_evict_key" + is_defined: true + symbol_type: FUNCTION + crc: 0x7aa61f98 + type_id: 0x137c4474 + full_name: "blk_crypto_evict_key" +} +elf_symbol { + id: 0xc255c6cd + name: "blk_crypto_init_key" + is_defined: true + symbol_type: FUNCTION + crc: 0xf001a432 + type_id: 0x99968d2f + full_name: "blk_crypto_init_key" +} elf_symbol { id: 0x4ffac461 name: "blk_crypto_keyslot_index" @@ -358360,6 +358423,15 @@ elf_symbol { type_id: 0x12bd0b6f full_name: "blk_crypto_reprogram_all_keys" } +elf_symbol { + id: 0xd24babf0 + name: "blk_crypto_start_using_key" + is_defined: true + symbol_type: FUNCTION + crc: 0x2385fdf5 + type_id: 0x9e64f6c8 + full_name: "blk_crypto_start_using_key" +} elf_symbol { id: 0x90bf9007 name: "blk_execute_rq" @@ -419803,6 +419875,7 @@ interface { symbol_id: 0xaa6c907e symbol_id: 0xb2553250 symbol_id: 0xb389e6a5 + symbol_id: 0x5dacbb8b symbol_id: 0x3a8604de symbol_id: 0x61a552c6 symbol_id: 0x5a9da856 @@ -419831,9 +419904,12 @@ interface { symbol_id: 0x0b5d5f1c symbol_id: 0x1516f6b7 symbol_id: 0x650319ec + symbol_id: 0x59a87a04 + symbol_id: 0xc255c6cd symbol_id: 0x4ffac461 symbol_id: 0xad8bab96 symbol_id: 0x528ef002 + symbol_id: 0xd24babf0 symbol_id: 0x90bf9007 symbol_id: 0xd76a9123 symbol_id: 0x9eda4f26 diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index ddf633e5e894..b690c0c51976 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -348,6 +348,10 @@ #required by zram.ko bioset_init bioset_exit + bio_crypt_set_ctx + blk_crypto_evict_key + blk_crypto_init_key + blk_crypto_start_using_key #required by mi_asap.ko __traceiter_android_vh_read_pages From e63d8c3188dbc76c573635164d39afad65306615 Mon Sep 17 00:00:00 2001 From: Sandeep Dhavale Date: Tue, 15 Apr 2025 13:29:08 -0700 Subject: [PATCH 13/28] ANDROID: f2fs: fix incorrect merge resolution in f2fs_trace_rw_file_path() The merge included commit bbedc64de04f ("f2fs: factor the read/write tracing logic into a helper") During merge we accidentally undid a part of the change from commit fae611f4f0a2 ("f2fs: allocate trace path buffer from names_cache") This patch fixes it by using f2fs_getname() to match with f2fs_putname() at the end. Bug: 409714766 Fixes: bfad6b019cf1 ("Merge tag 'android14-6.1.115_r00' into android14-6.1") Change-Id: I56f78e560c0847939773c9773064bc60561effcb Signed-off-by: Sandeep Dhavale --- fs/f2fs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 34d85514e225..d9728163ae6c 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -4571,7 +4571,7 @@ static void f2fs_trace_rw_file_path(struct kiocb *iocb, size_t count, int rw) struct inode *inode = file_inode(iocb->ki_filp); char *buf, *path; - buf = f2fs_kmalloc(F2FS_I_SB(inode), PATH_MAX, GFP_KERNEL); + buf = f2fs_getname(F2FS_I_SB(inode)); if (!buf) return; path = dentry_path_raw(file_dentry(iocb->ki_filp), buf, PATH_MAX); From f2a18f1865797cb396ba90f89ddb3df8065b29e2 Mon Sep 17 00:00:00 2001 From: Jianan Huang Date: Tue, 15 Oct 2024 14:32:06 +0800 Subject: [PATCH 14/28] ANDROID: mm: add vendor hook to add folio to specific memcg Add vendor hook when folio charges memcg. This is to manage some specific folios in separate memcg for more accurate memory reclamation. Bug: 373540729 Change-Id: I11b1fca279ea9e9e8be1f789bdf1f9d7c1bf001f Signed-off-by: Jianan Huang (cherry picked from commit 6e2565c513127c425ddfb84e473dba8161154036) --- drivers/android/vendor_hooks.c | 2 ++ include/trace/hooks/mm.h | 7 +++++++ mm/filemap.c | 1 + mm/memcontrol.c | 1 + 4 files changed, 11 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index c73fb1679f93..bb305ea7fa30 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -297,6 +297,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_read_done); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_preset); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_alloc_uid); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_free_user); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_charge); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_id_remove); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_css_offline); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_css_online); @@ -451,6 +452,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_record_rwsem_reader_owned); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_clear_rwsem_reader_owned); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_record_rwsem_writer_owned); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_clear_rwsem_writer_owned); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_filemap_add_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_pr_set_vma_name_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_folio_trylock); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_get_folio_trylock_result); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 013b85d2c9a7..5696142eb51a 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -221,6 +221,9 @@ DECLARE_HOOK(android_vh_look_around, DECLARE_HOOK(android_vh_mm_alloc_pages_direct_reclaim_enter, TP_PROTO(unsigned int order), TP_ARGS(order)); +DECLARE_HOOK(android_vh_mem_cgroup_charge, + TP_PROTO(struct folio *folio, struct mem_cgroup **memcg), + TP_ARGS(folio, memcg)); DECLARE_HOOK(android_vh_should_fault_around, TP_PROTO(struct vm_fault *vmf, bool *should_around), TP_ARGS(vmf, should_around)); @@ -282,6 +285,10 @@ DECLARE_HOOK(android_vh_oom_swapmem_gather_init, DECLARE_HOOK(android_vh_oom_swapmem_gather_finish, TP_PROTO(struct mm_struct *mm), TP_ARGS(mm)); +DECLARE_HOOK(android_vh_filemap_add_folio, + TP_PROTO(struct address_space *mapping, struct folio *folio, + pgoff_t index), + TP_ARGS(mapping, folio, index)); DECLARE_HOOK(android_vh_do_read_fault, TP_PROTO(struct vm_fault *vmf, unsigned long fault_around_bytes), TP_ARGS(vmf, fault_around_bytes)); diff --git a/mm/filemap.c b/mm/filemap.c index 2c7ee688aa20..5a04eee34ba8 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -870,6 +870,7 @@ noinline int __filemap_add_folio(struct address_space *mapping, VM_BUG_ON_FOLIO(folio_test_swapbacked(folio), folio); mapping_set_update(&xas, mapping); + trace_android_vh_filemap_add_folio(mapping, folio, index); if (!huge) { int error = mem_cgroup_charge(folio, NULL, gfp); VM_BUG_ON_FOLIO(index & (folio_nr_pages(folio) - 1), folio); diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 904ba1e381b8..ee5e370de64f 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -6978,6 +6978,7 @@ int __mem_cgroup_charge(struct folio *folio, struct mm_struct *mm, gfp_t gfp) int ret; memcg = get_mem_cgroup_from_mm(mm); + trace_android_vh_mem_cgroup_charge(folio, &memcg); ret = charge_memcg(folio, memcg, gfp); css_put(&memcg->css); From ff55f3e7ea69a22fdba2e415532d7bce00d15561 Mon Sep 17 00:00:00 2001 From: Jianan Huang Date: Tue, 15 Oct 2024 14:47:56 +0800 Subject: [PATCH 15/28] ANDROID: mm: add vendor hook to trace shrink_node This is to adjust parameters between different memcgs to achieve more accurate memory reclamation. Bug: 373540729 Change-Id: Ifb97a144c057555c5f9181f357fa146f9509be3e Signed-off-by: Jianan Huang (cherry picked from commit 9d6f981a89e6e289f114270e2f1738b2b6fdd2ab) --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/vmscan.h | 3 +++ mm/vmscan.c | 1 + 3 files changed, 5 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index bb305ea7fa30..4d120996dbc7 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -440,6 +440,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_queue_request_and_unlock); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_fuse_request_end); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_read_trylock_failed); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_should_memcg_bypass); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_shrink_node); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_shmem_swapin_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_wp_page); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_swap_page); diff --git a/include/trace/hooks/vmscan.h b/include/trace/hooks/vmscan.h index 991d3365408f..e318c2d51c1f 100644 --- a/include/trace/hooks/vmscan.h +++ b/include/trace/hooks/vmscan.h @@ -86,6 +86,9 @@ DECLARE_HOOK(android_vh_page_referenced_check_bypass, DECLARE_HOOK(android_vh_folio_referenced_check_bypass, TP_PROTO(struct folio *folio, s8 priority, unsigned long nr_to_scan, int lru, bool *bypass), TP_ARGS(folio, priority, nr_to_scan, lru, bypass)); +DECLARE_HOOK(android_vh_shrink_node, + TP_PROTO(pg_data_t *pgdat, struct mem_cgroup *memcg), + TP_ARGS(pgdat, memcg)); DECLARE_HOOK(android_vh_should_memcg_bypass, TP_PROTO(struct mem_cgroup *memcg, int priority, bool *bypass), TP_ARGS(memcg, priority, bypass)); diff --git a/mm/vmscan.c b/mm/vmscan.c index 4caf03d5ecaa..c14a16044515 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -6606,6 +6606,7 @@ static void shrink_node(pg_data_t *pgdat, struct scan_control *sc) struct lruvec *target_lruvec; bool reclaimable = false; + trace_android_vh_shrink_node(pgdat, sc->target_mem_cgroup); if (lru_gen_enabled() && global_reclaim(sc)) { lru_gen_shrink_node(pgdat, sc); return; From c0b27cdcc74fbd4b9809d0d9dfcbf46014eb6af8 Mon Sep 17 00:00:00 2001 From: Jianan Huang Date: Tue, 15 Oct 2024 15:13:31 +0800 Subject: [PATCH 16/28] ANDROID: mm: export mem_cgroup_move_account Export mem_cgroup_move_account to migrate folios between different memcgs. This is to achieve more accurate memory reclamation. Bug: 373540729 Change-Id: I77ac12fdc25bae90f37f725be1a168da52f02abd Signed-off-by: Jianan Huang (cherry picked from commit c031476ae982c66d0f0674eb0a5c1ee03e825fd7) --- include/linux/memcontrol.h | 13 +++++++++++++ mm/memcontrol.c | 3 ++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index a0e507337acc..67c055298914 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -357,6 +357,11 @@ enum page_memcg_data_flags { static inline bool folio_memcg_kmem(struct folio *folio); +int mem_cgroup_move_account(struct page *page, + bool compound, + struct mem_cgroup *from, + struct mem_cgroup *to); + /* * After the initialization objcg->memcg is always pointing at * a valid memcg, but can be atomically swapped to the parent memcg. @@ -1188,6 +1193,14 @@ static inline bool PageMemcgKmem(struct page *page) return false; } +static inline int mem_cgroup_move_account(struct page *page, + bool compound, + struct mem_cgroup *from, + struct mem_cgroup *to) +{ + return 0; +} + static inline bool mem_cgroup_is_root(struct mem_cgroup *memcg) { return true; diff --git a/mm/memcontrol.c b/mm/memcontrol.c index ee5e370de64f..f07b1e135fd2 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -5750,7 +5750,7 @@ static struct page *mc_handle_file_pte(struct vm_area_struct *vma, * This function doesn't do "charge" to new cgroup and doesn't do "uncharge" * from old cgroup. */ -static int mem_cgroup_move_account(struct page *page, +int mem_cgroup_move_account(struct page *page, bool compound, struct mem_cgroup *from, struct mem_cgroup *to) @@ -5861,6 +5861,7 @@ out_unlock: out: return ret; } +EXPORT_SYMBOL_GPL(mem_cgroup_move_account); /** * get_mctgt_type - get target type of moving charge From 821206640c0109074308f03ef19ac21340a3c9a3 Mon Sep 17 00:00:00 2001 From: Jianan Huang Date: Tue, 14 May 2024 10:31:47 +0800 Subject: [PATCH 17/28] ANDROID: Export cgroup function to allow module to remove control files Export cgroup_rm_cftypes to allow module to remove cgroup control files when exit, otherwise undefined behavior may occur. Bug: 340297716 Change-Id: Ieda8a8ab155aeb71e0f20fdfb5068ac24465061f Signed-off-by: Jianan Huang (cherry picked from commit 800f7297b5d0b17f00ad09e345513c4ba30d77d2) --- kernel/cgroup/cgroup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index af7dfdf9efc9..10541aea5447 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -4408,6 +4408,7 @@ int cgroup_rm_cftypes(struct cftype *cfts) cgroup_unlock(); return ret; } +EXPORT_SYMBOL_GPL(cgroup_rm_cftypes); /** * cgroup_add_cftypes - add an array of cftypes to a subsystem From 05899bf3890092376388a30563c115d3a87b7e7e Mon Sep 17 00:00:00 2001 From: sunshijie Date: Mon, 17 Mar 2025 14:52:22 +0800 Subject: [PATCH 18/28] ANDROID: GKI: Update symbol list for xiaomi 5 function symbol(s) added 'int __traceiter_android_vh_filemap_add_folio(void*, struct address_space*, struct folio*, unsigned long)' 'int __traceiter_android_vh_mem_cgroup_charge(void*, struct folio*, struct mem_cgroup**)' 'int __traceiter_android_vh_shrink_node(void*, pg_data_t*, struct mem_cgroup*)' 'int cgroup_rm_cftypes(struct cftype*)' 'int mem_cgroup_move_account(struct page*, bool, struct mem_cgroup*, struct mem_cgroup*)' 3 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_filemap_add_folio' 'struct tracepoint __tracepoint_android_vh_mem_cgroup_charge' 'struct tracepoint __tracepoint_android_vh_shrink_node' Bug: 403826791 Change-Id: I954a5127703e7d6854835fbb4208a8c832949faf Signed-off-by: sunshijie --- android/abi_gki_aarch64.stg | 120 +++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 8 +++ 2 files changed, 128 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 0085cb3eb741..ae820e585a33 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -5418,6 +5418,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x1d520d5f } +pointer_reference { + id: 0x0dc6d22d + kind: POINTER + pointee_type_id: 0x1d5bae2a +} pointer_reference { id: 0x0dc70534 kind: POINTER @@ -326550,6 +326555,13 @@ function { parameter_id: 0x1aee9939 parameter_id: 0x04f728c1 } +function { + id: 0x9b290896 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x2170d06d + parameter_id: 0x0dc6d22d +} function { id: 0x9b299206 return_type_id: 0x6720d32f @@ -327644,6 +327656,11 @@ function { parameter_id: 0xe02e14d6 parameter_id: 0xf435685e } +function { + id: 0x9b6aa399 + return_type_id: 0x6720d32f + parameter_id: 0x1ba902d8 +} function { id: 0x9b6acfa5 return_type_id: 0x6720d32f @@ -328773,6 +328790,13 @@ function { parameter_id: 0x6720d32f parameter_id: 0x6720d32f } +function { + id: 0x9baa4352 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x00abf683 + parameter_id: 0x1d5bae2a +} function { id: 0x9baa8508 return_type_id: 0x6720d32f @@ -330501,6 +330525,14 @@ function { parameter_id: 0x18bd6530 parameter_id: 0x1013df15 } +function { + id: 0x9bf1212e + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x1582ab06 + parameter_id: 0x2170d06d + parameter_id: 0x33756485 +} function { id: 0x9bf1e232 return_type_id: 0x6720d32f @@ -333352,6 +333384,14 @@ function { parameter_id: 0x18bd6530 parameter_id: 0x6d7f5ff6 } +function { + id: 0x9d92ea72 + return_type_id: 0x6720d32f + parameter_id: 0x06835e9c + parameter_id: 0x6d7f5ff6 + parameter_id: 0x1d5bae2a + parameter_id: 0x1d5bae2a +} function { id: 0x9d93897e return_type_id: 0x6720d32f @@ -348335,6 +348375,15 @@ elf_symbol { type_id: 0x9a1e34e7 full_name: "__traceiter_android_vh_file_is_tiny_bypass" } +elf_symbol { + id: 0x6091a763 + name: "__traceiter_android_vh_filemap_add_folio" + is_defined: true + symbol_type: FUNCTION + crc: 0xf557b3f5 + type_id: 0x9bf1212e + full_name: "__traceiter_android_vh_filemap_add_folio" +} elf_symbol { id: 0x49c69e22 name: "__traceiter_android_vh_filemap_get_folio" @@ -348857,6 +348906,15 @@ elf_symbol { type_id: 0x9bdad4db full_name: "__traceiter_android_vh_mem_cgroup_alloc" } +elf_symbol { + id: 0x44892f77 + name: "__traceiter_android_vh_mem_cgroup_charge" + is_defined: true + symbol_type: FUNCTION + crc: 0x5837f7b9 + type_id: 0x9b290896 + full_name: "__traceiter_android_vh_mem_cgroup_charge" +} elf_symbol { id: 0x27757c9a name: "__traceiter_android_vh_mem_cgroup_css_offline" @@ -349820,6 +349878,15 @@ elf_symbol { type_id: 0x99c3be61 full_name: "__traceiter_android_vh_show_suspend_epoch_val" } +elf_symbol { + id: 0x6f5e0f48 + name: "__traceiter_android_vh_shrink_node" + is_defined: true + symbol_type: FUNCTION + crc: 0xedb9c8bc + type_id: 0x9baa4352 + full_name: "__traceiter_android_vh_shrink_node" +} elf_symbol { id: 0x709279fd name: "__traceiter_android_vh_shrink_node_memcgs" @@ -353402,6 +353469,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_file_is_tiny_bypass" } +elf_symbol { + id: 0x0c03d499 + name: "__tracepoint_android_vh_filemap_add_folio" + is_defined: true + symbol_type: OBJECT + crc: 0x0f1c26ed + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_filemap_add_folio" +} elf_symbol { id: 0x6d970e8c name: "__tracepoint_android_vh_filemap_get_folio" @@ -353924,6 +354000,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_mem_cgroup_alloc" } +elf_symbol { + id: 0x013b5969 + name: "__tracepoint_android_vh_mem_cgroup_charge" + is_defined: true + symbol_type: OBJECT + crc: 0x44608ada + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_mem_cgroup_charge" +} elf_symbol { id: 0xe160b6f0 name: "__tracepoint_android_vh_mem_cgroup_css_offline" @@ -354887,6 +354972,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_show_suspend_epoch_val" } +elf_symbol { + id: 0x1f2d6f1e + name: "__tracepoint_android_vh_shrink_node" + is_defined: true + symbol_type: OBJECT + crc: 0x37d2569f + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_shrink_node" +} elf_symbol { id: 0x87db1583 name: "__tracepoint_android_vh_shrink_node_memcgs" @@ -360761,6 +360855,15 @@ elf_symbol { type_id: 0x9b87e6ee full_name: "cgroup_path_ns" } +elf_symbol { + id: 0xd7e100b7 + name: "cgroup_rm_cftypes" + is_defined: true + symbol_type: FUNCTION + crc: 0xca8ed728 + type_id: 0x9b6aa399 + full_name: "cgroup_rm_cftypes" +} elf_symbol { id: 0x6d77f512 name: "cgroup_taskset_first" @@ -386258,6 +386361,15 @@ elf_symbol { type_id: 0x59f18b0b full_name: "mem_cgroup_from_id" } +elf_symbol { + id: 0xa9fabdf2 + name: "mem_cgroup_move_account" + is_defined: true + symbol_type: FUNCTION + crc: 0x39369a57 + type_id: 0x9d92ea72 + full_name: "mem_cgroup_move_account" +} elf_symbol { id: 0x6da682ae name: "mem_cgroup_update_lru_size" @@ -418788,6 +418900,7 @@ interface { symbol_id: 0x1f554c2a symbol_id: 0x343adff1 symbol_id: 0x93a4717b + symbol_id: 0x6091a763 symbol_id: 0x49c69e22 symbol_id: 0xb7d91f76 symbol_id: 0x4eda1196 @@ -418846,6 +418959,7 @@ interface { symbol_id: 0x0e1f9e23 symbol_id: 0x61ea12b8 symbol_id: 0x1bfed9f9 + symbol_id: 0x44892f77 symbol_id: 0x27757c9a symbol_id: 0xb832c560 symbol_id: 0x96b60e0b @@ -418953,6 +419067,7 @@ interface { symbol_id: 0xe7f6f975 symbol_id: 0x78accdce symbol_id: 0x6d9f8b13 + symbol_id: 0x6f5e0f48 symbol_id: 0x709279fd symbol_id: 0xdfd06b97 symbol_id: 0x69c3749b @@ -419351,6 +419466,7 @@ interface { symbol_id: 0x0d418d38 symbol_id: 0x2121385f symbol_id: 0x50a83025 + symbol_id: 0x0c03d499 symbol_id: 0x6d970e8c symbol_id: 0xb34d9200 symbol_id: 0x223c9b64 @@ -419409,6 +419525,7 @@ interface { symbol_id: 0xc34a5545 symbol_id: 0x00a5fe5e symbol_id: 0x6377ba8b + symbol_id: 0x013b5969 symbol_id: 0xe160b6f0 symbol_id: 0x37c5c41a symbol_id: 0x78341cfd @@ -419516,6 +419633,7 @@ interface { symbol_id: 0x42ad45a3 symbol_id: 0x0a5014f0 symbol_id: 0x8712dd01 + symbol_id: 0x1f2d6f1e symbol_id: 0x87db1583 symbol_id: 0x3e70324d symbol_id: 0xc8a7ac69 @@ -420169,6 +420287,7 @@ interface { symbol_id: 0x4d06ba53 symbol_id: 0x3c85cae0 symbol_id: 0x4ce62869 + symbol_id: 0xd7e100b7 symbol_id: 0x6d77f512 symbol_id: 0xb3cbf3c8 symbol_id: 0xb7533de5 @@ -423000,6 +423119,7 @@ interface { symbol_id: 0xa848deda symbol_id: 0x8eadb5fd symbol_id: 0x140f40dd + symbol_id: 0xa9fabdf2 symbol_id: 0x6da682ae symbol_id: 0x7f797603 symbol_id: 0x01e78001 diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index b690c0c51976..14bd73999eae 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -352,6 +352,14 @@ blk_crypto_evict_key blk_crypto_init_key blk_crypto_start_using_key + mem_cgroup_move_account + cgroup_rm_cftypes + __traceiter_android_vh_mem_cgroup_charge + __traceiter_android_vh_filemap_add_folio + __traceiter_android_vh_shrink_node + __tracepoint_android_vh_mem_cgroup_charge + __tracepoint_android_vh_filemap_add_folio + __tracepoint_android_vh_shrink_node #required by mi_asap.ko __traceiter_android_vh_read_pages From 6684cdb34eaee2d20fd2bc9b427d0f65881c09d5 Mon Sep 17 00:00:00 2001 From: WeiQing Liu Date: Wed, 16 Apr 2025 19:55:16 +0800 Subject: [PATCH 19/28] ANDROID: GKI: update symbol list file for xiaomi 1 function symbol(s) added 'void netdev_stats_to_stats64(struct rtnl_link_stats64 *, const struct net_device_stats *)' Bug: 411034968 Change-Id: I77cb8e7817fae851175c8773ab5c7938b774f58a Signed-off-by: WeiQing Liu --- android/abi_gki_aarch64.stg | 26 ++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 4 ++++ 2 files changed, 30 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index ae820e585a33..1a7bb4d829cf 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -27848,6 +27848,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xc3d9368e } +pointer_reference { + id: 0x3a6990ff + kind: POINTER + pointee_type_id: 0xc3e6a560 +} pointer_reference { id: 0x3a6a6a5b kind: POINTER @@ -32778,6 +32783,11 @@ qualified { qualifier: CONST qualified_type_id: 0x7f136064 } +qualified { + id: 0xc3e6a560 + qualifier: CONST + qualified_type_id: 0x7fdd230a +} qualified { id: 0xc407b8af qualifier: CONST @@ -294917,6 +294927,12 @@ function { parameter_id: 0x18bd6530 parameter_id: 0xe02e14d6 } +function { + id: 0x1014b61a + return_type_id: 0x48b5725f + parameter_id: 0x01950729 + parameter_id: 0x3a6990ff +} function { id: 0x1014c641 return_type_id: 0x48b5725f @@ -388301,6 +388317,15 @@ elf_symbol { type_id: 0x1c31d966 full_name: "netdev_state_change" } +elf_symbol { + id: 0xbd1de982 + name: "netdev_stats_to_stats64" + is_defined: true + symbol_type: FUNCTION + crc: 0xcf3b69b3 + type_id: 0x1014b61a + full_name: "netdev_stats_to_stats64" +} elf_symbol { id: 0x64f1f9ef name: "netdev_txq_to_tc" @@ -423335,6 +423360,7 @@ interface { symbol_id: 0xd0f388bf symbol_id: 0xc32be078 symbol_id: 0x13d32ab6 + symbol_id: 0xbd1de982 symbol_id: 0x64f1f9ef symbol_id: 0x88a6525c symbol_id: 0xa9b870ab diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index 14bd73999eae..5070d6512b2e 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -517,3 +517,7 @@ __traceiter_android_vh_filemap_read __tracepoint_android_vh_filemap_read __traceiter_android_vh_filemap_map_pages_range __tracepoint_android_vh_filemap_map_pages_range + +#required by rtase.ko +proc_get_parent_data +netdev_stats_to_stats64 From bc3d1d352ab6d8c00b9d6e030386b45c5a63dac7 Mon Sep 17 00:00:00 2001 From: Dongdong zhang Date: Thu, 17 Apr 2025 14:01:48 +0800 Subject: [PATCH 20/28] ANDROID: GKI: update symbol list for xiaomi INFO: 2 function symbol(s) added 'void* __xa_cmpxchg(struct xarray*, unsigned long, void*, void*, gfp_t)' 'key_ref_t lookup_user_key(key_serial_t, unsigned long, enum key_need_perm)' Bug: 410709465 Change-Id: I87d766b434bc48ec58064456f5f8980f8855c2f9 Signed-off-by: Dongdong zhang --- android/abi_gki_aarch64.stg | 86 ++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 3 ++ 2 files changed, 89 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 1a7bb4d829cf..76622b41d5b1 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -286225,6 +286225,56 @@ enumeration { } } } +enumeration { + id: 0xd59c9b2e + name: "key_need_perm" + definition { + underlying_type_id: 0x4585663f + enumerator { + name: "KEY_NEED_UNSPECIFIED" + } + enumerator { + name: "KEY_NEED_VIEW" + value: 1 + } + enumerator { + name: "KEY_NEED_READ" + value: 2 + } + enumerator { + name: "KEY_NEED_WRITE" + value: 3 + } + enumerator { + name: "KEY_NEED_SEARCH" + value: 4 + } + enumerator { + name: "KEY_NEED_LINK" + value: 5 + } + enumerator { + name: "KEY_NEED_SETATTR" + value: 6 + } + enumerator { + name: "KEY_NEED_UNLINK" + value: 7 + } + enumerator { + name: "KEY_SYSADMIN_OVERRIDE" + value: 8 + } + enumerator { + name: "KEY_AUTHTOKEN_OVERRIDE" + value: 9 + } + enumerator { + name: "KEY_DEFER_PERM_CHECK" + value: 10 + } + } +} enumeration { id: 0x4e0bad92 name: "kmsg_dump_reason" @@ -310433,6 +310483,15 @@ function { parameter_id: 0x2aa0b9bb parameter_id: 0x33756485 } +function { + id: 0x5cf53bc8 + return_type_id: 0x18bd6530 + parameter_id: 0x2aa0b9bb + parameter_id: 0x33756485 + parameter_id: 0x18bd6530 + parameter_id: 0x18bd6530 + parameter_id: 0xf1a6dfed +} function { id: 0x5cf56554 return_type_id: 0x18bd6530 @@ -339099,6 +339158,13 @@ function { return_type_id: 0x3f37d9d5 parameter_id: 0x30d9f406 } +function { + id: 0xc59b3a62 + return_type_id: 0x3a800090 + parameter_id: 0xe2836f7f + parameter_id: 0x33756485 + parameter_id: 0xd59c9b2e +} function { id: 0xc61915b4 return_type_id: 0x4585663f @@ -356491,6 +356557,15 @@ elf_symbol { type_id: 0x97ce5a08 full_name: "__xa_alloc_cyclic" } +elf_symbol { + id: 0x1820daaf + name: "__xa_cmpxchg" + is_defined: true + symbol_type: FUNCTION + crc: 0x0a0ebc08 + type_id: 0x5cf53bc8 + full_name: "__xa_cmpxchg" +} elf_symbol { id: 0x4b52e164 name: "__xa_erase" @@ -385666,6 +385741,15 @@ elf_symbol { type_id: 0x83a40349 full_name: "lookup_positive_unlocked" } +elf_symbol { + id: 0x7d6628ba + name: "lookup_user_key" + is_defined: true + symbol_type: FUNCTION + crc: 0x1dc6c93b + type_id: 0xc59b3a62 + full_name: "lookup_user_key" +} elf_symbol { id: 0x493ce9fc name: "loops_per_jiffy" @@ -419825,6 +419909,7 @@ interface { symbol_id: 0xcf1808d5 symbol_id: 0x01b711f3 symbol_id: 0xb0e141a3 + symbol_id: 0x1820daaf symbol_id: 0x4b52e164 symbol_id: 0xd6e3f912 symbol_id: 0x52069d2d @@ -423065,6 +423150,7 @@ interface { symbol_id: 0xcda3f19d symbol_id: 0xad10cf0f symbol_id: 0x3c2ed3a0 + symbol_id: 0x7d6628ba symbol_id: 0x493ce9fc symbol_id: 0x1440b3fe symbol_id: 0xf625170a diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index 5070d6512b2e..da618470dc5f 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -360,6 +360,9 @@ __tracepoint_android_vh_mem_cgroup_charge __tracepoint_android_vh_filemap_add_folio __tracepoint_android_vh_shrink_node + __alloc_pages_bulk + __xa_cmpxchg + lookup_user_key #required by mi_asap.ko __traceiter_android_vh_read_pages From 9a57b389502a7e7c618c50b3207179251a9b2cab Mon Sep 17 00:00:00 2001 From: "T.J. Mercier" Date: Wed, 16 Apr 2025 21:17:51 +0000 Subject: [PATCH 21/28] FROMGIT: cgroup/cpuset-v1: Add missing support for cpuset_v2_mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Android has mounted the v1 cpuset controller using filesystem type "cpuset" (not "cgroup") since 2015 [1], and depends on the resulting behavior where the controller name is not added as a prefix for cgroupfs files. [2] Later, a problem was discovered where cpu hotplug onlining did not affect the cpuset/cpus files, which Android carried an out-of-tree patch to address for a while. An attempt was made to upstream this patch, but the recommendation was to use the "cpuset_v2_mode" mount option instead. [3] An effort was made to do so, but this fails with "cgroup: Unknown parameter 'cpuset_v2_mode'" because commit e1cba4b85daa ("cgroup: Add mount flag to enable cpuset to use v2 behavior in v1 cgroup") did not update the special cased cpuset_mount(), and only the cgroup (v1) filesystem type was updated. Add parameter parsing to the cpuset filesystem type so that cpuset_v2_mode works like the cgroup filesystem type: $ mkdir /dev/cpuset $ mount -t cpuset -ocpuset_v2_mode none /dev/cpuset $ mount|grep cpuset none on /dev/cpuset type cgroup (rw,relatime,cpuset,noprefix,cpuset_v2_mode,release_agent=/sbin/cpuset_release_agent) [1] https://cs.android.com/android/_/android/platform/system/core/+/b769c8d24fd7be96f8968aa4c80b669525b930d3 [2] https://cs.android.com/android/platform/superproject/main/+/main:system/core/libprocessgroup/setup/cgroup_map_write.cpp;drc=2dac5d89a0f024a2d0cc46a80ba4ee13472f1681;l=192 [3] https://lore.kernel.org/lkml/f795f8be-a184-408a-0b5a-553d26061385@redhat.com/T/ Fixes: e1cba4b85daa ("cgroup: Add mount flag to enable cpuset to use v2 behavior in v1 cgroup") Signed-off-by: T.J. Mercier Acked-by: Waiman Long Reviewed-by: Kamalesh Babulal Acked-by: Michal Koutný Signed-off-by: Tejun Heo (cherry picked from commit 1bf67c8fdbda21fadd564a12dbe2b13c1ea5eda7 https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git for-6.15-fixes) Bug: 409240872 Change-Id: I24726766d247e2638c719b56bd7d2d536085f6e4 Signed-off-by: T.J. Mercier --- kernel/cgroup/cgroup.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 10541aea5447..550f49a1e492 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -2313,9 +2313,37 @@ static struct file_system_type cgroup2_fs_type = { }; #ifdef CONFIG_CPUSETS +enum cpuset_param { + Opt_cpuset_v2_mode, +}; + +static const struct fs_parameter_spec cpuset_fs_parameters[] = { + fsparam_flag ("cpuset_v2_mode", Opt_cpuset_v2_mode), + {} +}; + +static int cpuset_parse_param(struct fs_context *fc, struct fs_parameter *param) +{ + struct cgroup_fs_context *ctx = cgroup_fc2context(fc); + struct fs_parse_result result; + int opt; + + opt = fs_parse(fc, cpuset_fs_parameters, param, &result); + if (opt < 0) + return opt; + + switch (opt) { + case Opt_cpuset_v2_mode: + ctx->flags |= CGRP_ROOT_CPUSET_V2_MODE; + return 0; + } + return -EINVAL; +} + static const struct fs_context_operations cpuset_fs_context_ops = { .get_tree = cgroup1_get_tree, .free = cgroup_fs_context_free, + .parse_param = cpuset_parse_param, }; /* @@ -2352,6 +2380,7 @@ static int cpuset_init_fs_context(struct fs_context *fc) static struct file_system_type cpuset_fs_type = { .name = "cpuset", .init_fs_context = cpuset_init_fs_context, + .parameters = cpuset_fs_parameters, .fs_flags = FS_USERNS_MOUNT, }; #endif From 40610f49d4b610e76c25edae79fc08f82e950d20 Mon Sep 17 00:00:00 2001 From: Lei Liu Date: Wed, 22 May 2024 15:46:42 +0800 Subject: [PATCH 22/28] ANDROID: vendor hooks: add hook record workingset refault count By recording the workingset refault count of important processes and passing it to the userspace policy, optimizations can be made to improve system performance. Bug: 340146803 Change-Id: Ibf9791d9645e392b49c24480ca0be5e7fe99bebe Signed-off-by: Lei Liu (cherry picked from commit c196e17dffdb946434b92410507395a586407be4) Signed-off-by: DANGJian --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/mm.h | 3 +++ mm/workingset.c | 3 +++ 3 files changed, 7 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 4d120996dbc7..77dd1eb1b1f3 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -463,6 +463,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_handle_trylock_failed_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_hibernate_state); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_page_should_be_protected); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_page_referenced_check_bypass); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_count_workingset_refault); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_init); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_add_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_finish); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 5696142eb51a..fdbdd8080370 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -270,6 +270,9 @@ DECLARE_HOOK(android_vh_page_should_be_protected, s8 priority, u64 *ext, int *should_protect), TP_ARGS(folio, nr_scanned, priority, ext, should_protect)); +DECLARE_HOOK(android_vh_count_workingset_refault, + TP_PROTO(struct folio *folio), + TP_ARGS(folio)); DECLARE_HOOK(android_vh_swapmem_gather_init, TP_PROTO(struct mm_struct *mm), TP_ARGS(mm)); diff --git a/mm/workingset.c b/mm/workingset.c index 4379f109f204..333640fc7deb 100644 --- a/mm/workingset.c +++ b/mm/workingset.c @@ -16,6 +16,7 @@ #include #include #include +#include /* * Double CLOCK lists @@ -401,6 +402,8 @@ void workingset_refault(struct folio *folio, void *shadow) int memcgid; long nr; + trace_android_vh_count_workingset_refault(folio); + if (lru_gen_enabled()) { lru_gen_refault(folio, shadow); return; From 642656a3679169a2157ea569389d8af27e4d3511 Mon Sep 17 00:00:00 2001 From: DANGJian Date: Mon, 21 Apr 2025 17:17:07 +0800 Subject: [PATCH 23/28] ANDROID: GKI: Honor add symbols to symbol list 1 function symbol(s) added 'int __traceiter_android_vh_count_workingset_refault(void*, struct folio*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_count_workingset_refault' Bug: 340146803 Change-Id: I050a87563905e333f8d34a5e3d0d0ef3e1fb0537 Signed-off-by: DANGJian --- android/abi_gki_aarch64.stg | 20 ++++++++++++++++++++ android/abi_gki_aarch64_honor | 2 ++ 2 files changed, 22 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 76622b41d5b1..d62cfc98dcc7 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -348025,6 +348025,15 @@ elf_symbol { type_id: 0x9bc38873 full_name: "__traceiter_android_vh_copy_process" } +elf_symbol { + id: 0x21cae9c7 + name: "__traceiter_android_vh_count_workingset_refault" + is_defined: true + symbol_type: FUNCTION + crc: 0x7a9b5b02 + type_id: 0x9b2a7922 + full_name: "__traceiter_android_vh_count_workingset_refault" +} elf_symbol { id: 0x9247dcb1 name: "__traceiter_android_vh_cpu_idle_enter" @@ -353119,6 +353128,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_copy_process" } +elf_symbol { + id: 0xbe784d1d + name: "__tracepoint_android_vh_count_workingset_refault" + is_defined: true + symbol_type: OBJECT + crc: 0xb5598d13 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_count_workingset_refault" +} elf_symbol { id: 0x26324a1f name: "__tracepoint_android_vh_cpu_idle_enter" @@ -418961,6 +418979,7 @@ interface { symbol_id: 0xa4527895 symbol_id: 0x3644fdcd symbol_id: 0x63b166c2 + symbol_id: 0x21cae9c7 symbol_id: 0x9247dcb1 symbol_id: 0xfd04e27a symbol_id: 0xa124d3e0 @@ -419527,6 +419546,7 @@ interface { symbol_id: 0x9d49459f symbol_id: 0x759240ef symbol_id: 0xe054bfe0 + symbol_id: 0xbe784d1d symbol_id: 0x26324a1f symbol_id: 0x4ade2774 symbol_id: 0x704b9aae diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index c0bb4f2b0064..3d64640bbeef 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -37,6 +37,8 @@ __tracepoint_rpm_resume __traceiter_rpm_return_int __tracepoint_rpm_return_int + __traceiter_android_vh_count_workingset_refault + __tracepoint_android_vh_count_workingset_refault binder_alloc_copy_from_buffer kfree __kmalloc From 6a8cf1324d0012351aa64156b4ab607be4a7314d Mon Sep 17 00:00:00 2001 From: Pierre Couillaud Date: Thu, 17 Apr 2025 15:18:05 -0700 Subject: [PATCH 24/28] ANDROID: GKI: Update symbol list for bcmstb INFO: 1 function symbol(s) added 'int rt_mutex_lock_interruptible(struct rt_mutex*)' Bug: 413081238 Change-Id: Ia54c8580030a17ac1d755087f97a7d59713db9fb Signed-off-by: Pierre Couillaud Signed-off-by: Danesh Petigara --- android/abi_gki_aarch64.stg | 10 ++++++++++ android/abi_gki_aarch64_bcmstb | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index d62cfc98dcc7..8e4ac7e6365b 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -399744,6 +399744,15 @@ elf_symbol { type_id: 0x1d45c70c full_name: "rt_mutex_lock" } +elf_symbol { + id: 0x556f3b4a + name: "rt_mutex_lock_interruptible" + is_defined: true + symbol_type: FUNCTION + crc: 0xc30ea2a1 + type_id: 0x905d75b0 + full_name: "rt_mutex_lock_interruptible" +} elf_symbol { id: 0x205145e9 name: "rt_mutex_trylock" @@ -424724,6 +424733,7 @@ interface { symbol_id: 0x6a82e2a4 symbol_id: 0xec5e9065 symbol_id: 0x264c5308 + symbol_id: 0x556f3b4a symbol_id: 0x205145e9 symbol_id: 0x0eff96d9 symbol_id: 0xc7dca9cd diff --git a/android/abi_gki_aarch64_bcmstb b/android/abi_gki_aarch64_bcmstb index dfabff0dc590..e41670aeff26 100644 --- a/android/abi_gki_aarch64_bcmstb +++ b/android/abi_gki_aarch64_bcmstb @@ -1767,6 +1767,11 @@ # required by nexusmem.ko restore_online_page_callback __alloc_pages_bulk + __rt_mutex_init + rt_mutex_lock + rt_mutex_trylock + rt_mutex_unlock + rt_mutex_lock_interruptible # required by nexus.ko recalc_sigpending From d8a28dde36068f94dee7c2ee7e92d556661d4eca Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Mon, 2 Oct 2023 16:29:47 +0200 Subject: [PATCH 25/28] BACKPORT: mm/rmap: move SetPageAnonExclusive() out of page_move_anon_rmap() Patch series "mm/rmap: convert page_move_anon_rmap() to folio_move_anon_rmap()". Convert page_move_anon_rmap() to folio_move_anon_rmap(), letting the callers handle PageAnonExclusive. I'm including cleanup patch #3 because it fits into the picture and can be done cleaner by the conversion. This patch (of 3): Let's move it into the caller: there is a difference between whether an anon folio can only be mapped by one process (e.g., into one VMA), and whether it is truly exclusive (e.g., no references -- including GUP -- from other processes). Further, for large folios the page might not actually be pointing at the head page of the folio, so it better be handled in the caller. This is a preparation for converting page_move_anon_rmap() to consume a folio. Link: https://lkml.kernel.org/r/20231002142949.235104-1-david@redhat.com Link: https://lkml.kernel.org/r/20231002142949.235104-2-david@redhat.com Signed-off-by: David Hildenbrand Reviewed-by: Suren Baghdasaryan Reviewed-by: Vishal Moola (Oracle) Cc: Mike Kravetz Cc: Muchun Song Cc: Matthew Wilcox Signed-off-by: Andrew Morton Conflicts: 1. mm/hugetlb.c [Due to page_mapcount() instead of folio_mapcount() and folio_test_anon() instead of PageAnon()] (cherry picked from commit 5ca432896a4ce6d69fffc3298b24c0dd9bdb871f) Bug: 413428616 Bug: 313807618 Change-Id: Ibd29fec4d2a521d5ffc0782effd855cde9687a78 Signed-off-by: Suren Baghdasaryan Signed-off-by: Lokesh Gidra --- mm/huge_memory.c | 1 + mm/hugetlb.c | 4 +++- mm/memory.c | 1 + mm/rmap.c | 1 - 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 90a9052b8384..531e47b6eed3 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1372,6 +1372,7 @@ vm_fault_t do_huge_pmd_wp_page(struct vm_fault *vmf) pmd_t entry; page_move_anon_rmap(page, vma); + SetPageAnonExclusive(page); folio_unlock(folio); reuse: if (unlikely(unshare)) { diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 4b517a75f8fe..011effee5f62 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5581,8 +5581,10 @@ retry_avoidcopy: * owner and can reuse this page. */ if (page_mapcount(old_page) == 1 && PageAnon(old_page)) { - if (!PageAnonExclusive(old_page)) + if (!PageAnonExclusive(old_page)) { page_move_anon_rmap(old_page, vma); + SetPageAnonExclusive(old_page); + } if (likely(!unshare)) set_huge_ptep_writable(vma, haddr, ptep); diff --git a/mm/memory.c b/mm/memory.c index ee80a70947f8..921de73f5b21 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3561,6 +3561,7 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf) * sunglasses. Hit it. */ page_move_anon_rmap(vmf->page, vma); + SetPageAnonExclusive(vmf->page); folio_unlock(folio); reuse: if (unlikely(unshare)) { diff --git a/mm/rmap.c b/mm/rmap.c index 992502845a7d..c80af87c3376 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1140,7 +1140,6 @@ void page_move_anon_rmap(struct page *page, struct vm_area_struct *vma) * folio_test_anon()) will not see one without the other. */ WRITE_ONCE(folio->mapping, anon_vma); - SetPageAnonExclusive(page); } /** From 70d648657b1e26cf030406c6afd33c72f442a45d Mon Sep 17 00:00:00 2001 From: Lokesh Gidra Date: Thu, 24 Apr 2025 21:12:50 +0000 Subject: [PATCH 26/28] ANDROID: userfaultfd: adjust MOVE ioctl mode to confirm bug-fix Kernel panic was observed in do_swap_page() when invoked on a previously moved (via MOVE ioctl) page from swap-cache. This was because [1] was not backported previously and therefore calling page_move_anon_rmap() would set PG_anon_exclusive flag in the source folio, which shouldn't be done for a swap-cache folio. [1] https://lore.kernel.org/all/20231002142949.235104-3-david@redhat.com/T/#ma99279cb1eb9d5f8f23540f68ea1244de7294ca0 Bug: 413428616 Change-Id: I867aa9c85fdba111bdecb303614438312038d2fe Signed-off-by: Lokesh Gidra --- include/uapi/linux/userfaultfd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/userfaultfd.h b/include/uapi/linux/userfaultfd.h index ffdbefb3c5d5..dfac99ea1b08 100644 --- a/include/uapi/linux/userfaultfd.h +++ b/include/uapi/linux/userfaultfd.h @@ -331,7 +331,7 @@ struct uffdio_move { * to move same src folio. It's a KMI workaround and cannot be relied * upon by userspace. */ -#define UFFDIO_MOVE_MODE_CONFIRM_FIXED ((__u64)1<<63) +#define UFFDIO_MOVE_MODE_CONFIRM_FIXED ((__u64)1<<62) __u64 mode; /* * "move" is written by the ioctl and must be at the end: the From f26d229ec8372e6907591e0c7eaf8bc2f71683bd Mon Sep 17 00:00:00 2001 From: Patrick Rohr Date: Fri, 25 Apr 2025 14:45:28 -0700 Subject: [PATCH 27/28] ANDROID: Repurpose a reserved slot in ipv6_devconf for backports This patch repurposes a ANDROID_KABI_RESERVE slot used for LTS backports for feature backports. Slot 4 is repurposed as parts of slot 1 are already used for accept_ra_min_lft on some branches. Bug: 315069348 Signed-off-by: Patrick Rohr Change-Id: I19b9dfc16d891fb6fe48ec4379c6fa3dcb6adf89 --- include/linux/ipv6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index f9f84a4e4204..125014d3ce55 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -90,7 +90,7 @@ struct ipv6_devconf { ANDROID_KABI_RESERVE(2); ANDROID_KABI_RESERVE(3); - ANDROID_KABI_RESERVE(4); + ANDROID_KABI_BACKPORT_OK(4); }; struct ipv6_params { From 25fc41bbde8eb7f9912cfdb0109e1cec95fe9fb1 Mon Sep 17 00:00:00 2001 From: Seiya Wang Date: Thu, 24 Apr 2025 16:57:58 +0800 Subject: [PATCH 28/28] ANDROID: GKI: Update symbol list for mtk 3 function symbol(s) added 'void devm_nvmem_cell_put(struct device*, struct nvmem_cell*)' 'void fw_devlink_purge_absent_suppliers(struct fwnode_handle*)' 'void typec_port_register_altmodes(struct typec_port*, const struct typec_altmode_ops*, void*, struct typec_altmode**, size_t)' Bug: 413254661 Change-Id: I8a87faa27b69088467e2a09060157a0871ad0d71 Signed-off-by: Seiya Wang --- android/abi_gki_aarch64.stg | 45 +++++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_mtk | 3 +++ 2 files changed, 48 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 8e4ac7e6365b..daa0146e24dd 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -295920,6 +295920,12 @@ function { parameter_id: 0x0258f96e parameter_id: 0x391f15ea } +function { + id: 0x10ebd1f0 + return_type_id: 0x48b5725f + parameter_id: 0x0258f96e + parameter_id: 0x396f8e0f +} function { id: 0x10ee407c return_type_id: 0x48b5725f @@ -304663,6 +304669,15 @@ function { parameter_id: 0x92233392 parameter_id: 0x92233392 } +function { + id: 0x1d8bbf50 + return_type_id: 0x48b5725f + parameter_id: 0x3760766d + parameter_id: 0x337f6d5e + parameter_id: 0x18bd6530 + parameter_id: 0x072e5f93 + parameter_id: 0xf435685e +} function { id: 0x1d8c491d return_type_id: 0x1b8590a8 @@ -367393,6 +367408,15 @@ elf_symbol { type_id: 0xbbe36438 full_name: "devm_nvmem_cell_get" } +elf_symbol { + id: 0x6841cd31 + name: "devm_nvmem_cell_put" + is_defined: true + symbol_type: FUNCTION + crc: 0x2459791b + type_id: 0x10ebd1f0 + full_name: "devm_nvmem_cell_put" +} elf_symbol { id: 0xa8b058e5 name: "devm_nvmem_device_get" @@ -375954,6 +375978,15 @@ elf_symbol { type_id: 0xc075980c full_name: "full_name_hash" } +elf_symbol { + id: 0x16ccff22 + name: "fw_devlink_purge_absent_suppliers" + is_defined: true + symbol_type: FUNCTION + crc: 0x0c65c0aa + type_id: 0x11bc7f41 + full_name: "fw_devlink_purge_absent_suppliers" +} elf_symbol { id: 0xc35e482b name: "fwnode_create_software_node" @@ -410206,6 +410239,15 @@ elf_symbol { type_id: 0xdf267053 full_name: "typec_port_register_altmode" } +elf_symbol { + id: 0xfe0397d1 + name: "typec_port_register_altmodes" + is_defined: true + symbol_type: FUNCTION + crc: 0xe10772e7 + type_id: 0x1d8bbf50 + full_name: "typec_port_register_altmodes" +} elf_symbol { id: 0x22d09ebb name: "typec_register_partner" @@ -421141,6 +421183,7 @@ interface { symbol_id: 0x6e37c2ad symbol_id: 0x91f58d29 symbol_id: 0x7abe395b + symbol_id: 0x6841cd31 symbol_id: 0xa8b058e5 symbol_id: 0x47264dbb symbol_id: 0x35094803 @@ -422090,6 +422133,7 @@ interface { symbol_id: 0xee139066 symbol_id: 0x613adcb1 symbol_id: 0x370e6f08 + symbol_id: 0x16ccff22 symbol_id: 0xc35e482b symbol_id: 0x53816b02 symbol_id: 0xc9ddb79e @@ -425896,6 +425940,7 @@ interface { symbol_id: 0x0df14bce symbol_id: 0xd6fc8732 symbol_id: 0x4fe4e1e0 + symbol_id: 0xfe0397d1 symbol_id: 0x22d09ebb symbol_id: 0xad69345e symbol_id: 0x381c401c diff --git a/android/abi_gki_aarch64_mtk b/android/abi_gki_aarch64_mtk index 609cb1fa7d34..26727ae17c50 100644 --- a/android/abi_gki_aarch64_mtk +++ b/android/abi_gki_aarch64_mtk @@ -531,6 +531,7 @@ devm_memremap_pages devm_mfd_add_devices devm_nvmem_cell_get + devm_nvmem_cell_put devm_nvmem_device_get devm_nvmem_register devm_of_icc_get @@ -1030,6 +1031,7 @@ fsg_common_set_inquiry_string fsg_common_set_sysfs fsg_config_from_params + fw_devlink_purge_absent_suppliers fwnode_device_is_available fwnode_get_name fwnode_get_named_child_node @@ -3118,6 +3120,7 @@ typec_partner_set_identity typec_partner_set_pd_revision typec_partner_set_svdm_version + typec_port_register_altmodes typec_register_partner typec_register_port typec_set_data_role