From 4d735ca7bb745faca9cfa440c28533cdcab8f183 Mon Sep 17 00:00:00 2001 From: Peter Wang Date: Wed, 31 Jul 2024 09:33:15 +0800 Subject: [PATCH 01/87] BACKPORT: scsi: ufs: core: Fix ufshcd_clear_cmd racing issue When ufshcd_clear_cmd is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NULL by the ISR. And ufshcd_clear_cmd's call to ufshcd_mcq_req_to_hwq will get NULL pointer KE. Return success when the request is completed by ISR because sq does not need cleanup. The racing flow is: Thread A ufshcd_err_handler step 1 ufshcd_try_to_abort_task ufshcd_cmd_inflight(true) step 3 ufshcd_clear_cmd ... ufshcd_mcq_req_to_hwq blk_mq_unique_tag rq->mq_hctx->queue_num step 5 Thread B ufs_mtk_mcq_intr(cq complete ISR) step 2 scsi_done ... __blk_mq_free_request rq->mq_hctx = NULL; step 4 Below is KE back trace: ufshcd_try_to_abort_task: cmd pending in the device. tag = 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194 pc : [0xffffffd589679bf8] blk_mq_unique_tag+0x8/0x14 lr : [0xffffffd5862f95b4] ufshcd_mcq_sq_cleanup+0x6c/0x1cc [ufs_mediatek_mod_ise] Workqueue: ufs_eh_wq_0 ufshcd_err_handler [ufs_mediatek_mod_ise] Call trace: dump_backtrace+0xf8/0x148 show_stack+0x18/0x24 dump_stack_lvl+0x60/0x7c dump_stack+0x18/0x3c mrdump_common_die+0x24c/0x398 [mrdump] ipanic_die+0x20/0x34 [mrdump] notify_die+0x80/0xd8 die+0x94/0x2b8 __do_kernel_fault+0x264/0x298 do_page_fault+0xa4/0x4b8 do_translation_fault+0x38/0x54 do_mem_abort+0x58/0x118 el1_abort+0x3c/0x5c el1h_64_sync_handler+0x54/0x90 el1h_64_sync+0x68/0x6c blk_mq_unique_tag+0x8/0x14 ufshcd_clear_cmd+0x34/0x118 [ufs_mediatek_mod_ise] ufshcd_try_to_abort_task+0x2c8/0x5b4 [ufs_mediatek_mod_ise] ufshcd_err_handler+0xa7c/0xfa8 [ufs_mediatek_mod_ise] process_one_work+0x208/0x4fc worker_thread+0x228/0x438 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 Bug: 361140026 Fixes: 8d7290348992 ("scsi: ufs: mcq: Add supporting functions for MCQ abort") Suggested-by: Bart Van Assche Change-Id: I59fc0a8246d2fc2421e38c42b619b2393d2b22e6 Signed-off-by: Peter Wang Link: https://lore.kernel.org/r/20240628070030.30929-2-peter.wang@mediatek.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen (cherry picked from commit 9307a998cb9846a2557fdca286997430bee36a2a) [ Resolved minor conflict in drivers/ufs/core/ufshcd.c ] --- drivers/ufs/core/ufs-mcq.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 7ed17949febe..ad4e8d63c676 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -105,16 +105,15 @@ EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); * @hba: per adapter instance * @req: pointer to the request to be issued * - * Returns the hardware queue instance on which the request would - * be queued. + * Return: the hardware queue instance on which the request will be or has + * been queued. %NULL if the request has already been freed. */ struct ufs_hw_queue *ufshcd_mcq_req_to_hwq(struct ufs_hba *hba, struct request *req) { - u32 utag = blk_mq_unique_tag(req); - u32 hwq = blk_mq_unique_tag_to_hwq(utag); + struct blk_mq_hw_ctx *hctx = READ_ONCE(req->mq_hctx); - return &hba->uhq[hwq]; + return hctx ? &hba->uhq[hctx->queue_num] : NULL; } /** @@ -521,6 +520,8 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) if (!cmd) return -EINVAL; hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(cmd)); + if (!hwq) + return 0; } else { hwq = hba->dev_cmd_queue; } From faf32723dc540c8c233e0ef0842e7895a9fffd49 Mon Sep 17 00:00:00 2001 From: Peter Wang Date: Wed, 31 Jul 2024 10:01:40 +0800 Subject: [PATCH 02/87] BACKPORT: scsi: ufs: core: Fix ufshcd_abort_one racing issue When ufshcd_abort_one is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NULL by ISR. Return success when request is completed by ISR because ufshcd_abort_one does not need to do anything. The racing flow is: Thread A ufshcd_err_handler step 1 ... ufshcd_abort_one ufshcd_try_to_abort_task ufshcd_cmd_inflight(true) step 3 ufshcd_mcq_req_to_hwq blk_mq_unique_tag rq->mq_hctx->queue_num step 5 Thread B ufs_mtk_mcq_intr(cq complete ISR) step 2 scsi_done ... __blk_mq_free_request rq->mq_hctx = NULL; step 4 Below is KE back trace. ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device. ufshcd_try_to_abort_task: cmd at tag=41 is cleared. Aborting tag 41 / CDB 0x28 succeeded Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194 pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14 lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise] do_mem_abort+0x58/0x118 el1_abort+0x3c/0x5c el1h_64_sync_handler+0x54/0x90 el1h_64_sync+0x68/0x6c blk_mq_unique_tag+0x8/0x14 ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise] process_one_work+0x208/0x4fc worker_thread+0x228/0x438 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 Bug: 361140026 Fixes: 93e6c0e19d5b ("scsi: ufs: core: Clear cmd if abort succeeds in MCQ mode") Suggested-by: Bart Van Assche Change-Id: I42f9b93dae33eac8cf41ac3085858b6adf0ee9ee Signed-off-by: Peter Wang Link: https://lore.kernel.org/r/20240628070030.30929-3-peter.wang@mediatek.com Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen (cherry picked from commit 74736103fb4123c71bf11fb7a6abe7c884c5269e) [ Resolved minor conflict in drivers/ufs/core/ufshcd.c ] --- drivers/ufs/core/ufshcd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 2779cded8141..dab5cfd6c028 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -6489,6 +6489,8 @@ static bool ufshcd_abort_all(struct ufs_hba *hba) goto out; } hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(lrbp->cmd)); + if (!hwq) + return 0; spin_lock_irqsave(&hwq->cq_lock, flags); if (ufshcd_cmd_inflight(lrbp->cmd)) ufshcd_release_scsi_cmd(hba, lrbp); From 514bdc80b9d2cda5201730045cad6e65c4153f67 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra Date: Tue, 24 Oct 2023 11:42:21 +0200 Subject: [PATCH 03/87] UPSTREAM: perf/core: Fix potential NULL deref MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Smatch is awesome. BUG: 361274701 (cherry picked from commit a71ef31485bb51b846e8db8b3a35e432cc15afb5) Fixes: 32671e3799ca ("perf: Disallow mis-matched inherited group reads") Reported-by: Dan Carpenter Change-Id: I7691e0aaaee70f1d0db3d1e33983d7236f72ed0c Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Signed-off-by: 杨辉 --- kernel/events/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index c488c778b9f0..88fc24a2dbf8 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -13318,7 +13318,8 @@ static int inherit_group(struct perf_event *parent_event, !perf_get_aux_event(child_ctr, leader)) return -EINVAL; } - leader->group_generation = parent_event->group_generation; + if (leader) + leader->group_generation = parent_event->group_generation; return 0; } From c5f1e68340a61ba4d8f1d03914ec03043ebf0037 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Wed, 12 Jun 2024 04:25:13 +0000 Subject: [PATCH 04/87] BACKPORT: binder: use bitmap for faster descriptor lookup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When creating new binder references, the driver assigns a descriptor id that is shared with userspace. Regrettably, the driver needs to keep the descriptors small enough to accommodate userspace potentially using them as Vector indexes. Currently, the driver performs a linear search on the rb-tree of references to find the smallest available descriptor id. This approach, however, scales poorly as the number of references grows. This patch introduces the usage of bitmaps to boost the performance of descriptor assignments. This optimization results in notable performance gains, particularly in processes with a large number of references. The following benchmark with 100,000 references showcases the difference in latency between the dbitmap implementation and the legacy approach: [ 587.145098] get_ref_desc_olocked: 15us (dbitmap on) [ 602.788623] get_ref_desc_olocked: 47343us (dbitmap off) Note the bitmap size is dynamically adjusted in line with the number of references, ensuring efficient memory usage. In cases where growing the bitmap is not possible, the driver falls back to the slow legacy method. A previous attempt to solve this issue was proposed in [1]. However, such method involved adding new ioctls which isn't great, plus older userspace code would not have benefited from the optimizations either. Link: https://lore.kernel.org/all/20240417191418.1341988-1-cmllamas@google.com/ [1] Cc: Tim Murray Cc: Arve Hjønnevåg Cc: Alice Ryhl Cc: Martijn Coenen Cc: Todd Kjos Cc: John Stultz Cc: Steven Moreland Suggested-by: Nick Chen Reviewed-by: Alice Ryhl Signed-off-by: Carlos Llamas Link: https://lore.kernel.org/r/20240612042535.1556708-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman Bug: 298520209 Change-Id: Iaf32794ab7786c603706f6806cabec9d031559a2 (cherry picked from commit 15d9da3f818cae676f822a04407d3c17b53357d2) [cmllamas: fixed trivial conflicts with KMI work-around] Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 111 ++++++++++++++++--- drivers/android/binder_internal.h | 5 +- drivers/android/dbitmap.h | 176 ++++++++++++++++++++++++++++++ 3 files changed, 278 insertions(+), 14 deletions(-) create mode 100644 drivers/android/dbitmap.h diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b620c590bed6..f4157f98e211 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1238,6 +1238,66 @@ static struct binder_ref *binder_get_ref_olocked(struct binder_proc *proc, return NULL; } +/* Find the smallest unused descriptor the "slow way" */ +static u32 slow_desc_lookup_olocked(struct binder_proc *proc) +{ + struct binder_ref *ref; + struct rb_node *n; + u32 desc; + + desc = 1; + for (n = rb_first(&proc->refs_by_desc); n; n = rb_next(n)) { + ref = rb_entry(n, struct binder_ref, rb_node_desc); + if (ref->data.desc > desc) + break; + desc = ref->data.desc + 1; + } + + return desc; +} + +/* + * Find an available reference descriptor ID. The proc->outer_lock might + * be released in the process, in which case -EAGAIN is returned and the + * @desc should be considered invalid. + */ +static int get_ref_desc_olocked(struct binder_proc *proc, + struct binder_node *node, + u32 *desc) +{ + struct dbitmap *dmap = &proc->dmap; + unsigned long *new, bit; + unsigned int nbits; + + /* 0 is reserved for the context manager */ + if (node == proc->context->binder_context_mgr_node) { + *desc = 0; + return 0; + } + + if (!dbitmap_enabled(dmap)) { + *desc = slow_desc_lookup_olocked(proc); + return 0; + } + + if (dbitmap_acquire_first_zero_bit(dmap, &bit) == 0) { + *desc = bit; + return 0; + } + + /* + * The dbitmap is full and needs to grow. The proc->outer_lock + * is briefly released to allocate the new bitmap safely. + */ + nbits = dbitmap_grow_nbits(dmap); + binder_proc_unlock(proc); + new = bitmap_zalloc(nbits, GFP_KERNEL); + binder_proc_lock(proc); + dbitmap_grow(dmap, new, nbits); + + return -EAGAIN; +} + /** * binder_get_ref_for_node_olocked() - get the ref associated with given node * @proc: binder_proc that owns the ref @@ -1261,12 +1321,14 @@ static struct binder_ref *binder_get_ref_for_node_olocked( struct binder_node *node, struct binder_ref *new_ref) { - struct binder_context *context = proc->context; - struct rb_node **p = &proc->refs_by_node.rb_node; - struct rb_node *parent = NULL; struct binder_ref *ref; - struct rb_node *n; + struct rb_node *parent; + struct rb_node **p; + u32 desc; +retry: + p = &proc->refs_by_node.rb_node; + parent = NULL; while (*p) { parent = *p; ref = rb_entry(parent, struct binder_ref, rb_node_node); @@ -1281,6 +1343,10 @@ static struct binder_ref *binder_get_ref_for_node_olocked( if (!new_ref) return NULL; + /* might release the proc->outer_lock */ + if (get_ref_desc_olocked(proc, node, &desc) == -EAGAIN) + goto retry; + binder_stats_created(BINDER_STAT_REF); new_ref->data.debug_id = atomic_inc_return(&binder_last_id); new_ref->proc = proc; @@ -1288,14 +1354,7 @@ static struct binder_ref *binder_get_ref_for_node_olocked( rb_link_node(&new_ref->rb_node_node, parent, p); rb_insert_color(&new_ref->rb_node_node, &proc->refs_by_node); - new_ref->data.desc = (node == context->binder_context_mgr_node) ? 0 : 1; - for (n = rb_first(&proc->refs_by_desc); n != NULL; n = rb_next(n)) { - ref = rb_entry(n, struct binder_ref, rb_node_desc); - if (ref->data.desc > new_ref->data.desc) - break; - new_ref->data.desc = ref->data.desc + 1; - } - + new_ref->data.desc = desc; p = &proc->refs_by_desc.rb_node; while (*p) { parent = *p; @@ -1325,6 +1384,7 @@ static struct binder_ref *binder_get_ref_for_node_olocked( static void binder_cleanup_ref_olocked(struct binder_ref *ref) { + struct dbitmap *dmap = &ref->proc->dmap; bool delete_node = false; binder_debug(BINDER_DEBUG_INTERNAL_REFS, @@ -1332,6 +1392,8 @@ static void binder_cleanup_ref_olocked(struct binder_ref *ref) ref->proc->pid, ref->data.debug_id, ref->data.desc, ref->node->debug_id); + if (dbitmap_enabled(dmap)) + dbitmap_clear_bit(dmap, ref->data.desc); rb_erase(&ref->rb_node_desc, &ref->proc->refs_by_desc); rb_erase(&ref->rb_node_node, &ref->proc->refs_by_node); @@ -1494,6 +1556,25 @@ static void binder_free_ref(struct binder_ref *ref) kfree(ref); } +/* shrink descriptor bitmap if needed */ +static void try_shrink_dmap(struct binder_proc *proc) +{ + unsigned long *new; + int nbits; + + binder_proc_lock(proc); + nbits = dbitmap_shrink_nbits(&proc->dmap); + binder_proc_unlock(proc); + + if (!nbits) + return; + + new = bitmap_zalloc(nbits, GFP_KERNEL); + binder_proc_lock(proc); + dbitmap_shrink(&proc->dmap, new, nbits); + binder_proc_unlock(proc); +} + /** * binder_update_ref_for_handle() - inc/dec the ref for given handle * @proc: proc containing the ref @@ -1530,8 +1611,10 @@ static int binder_update_ref_for_handle(struct binder_proc *proc, *rdata = ref->data; binder_proc_unlock(proc); - if (delete_ref) + if (delete_ref) { binder_free_ref(ref); + try_shrink_dmap(proc); + } return ret; err_no_ref: @@ -5182,6 +5265,7 @@ static void binder_free_proc(struct binder_proc *proc) put_task_struct(proc->tsk); put_cred(proc->cred); binder_stats_deleted(BINDER_STAT_PROC); + dbitmap_free(&proc->dmap); trace_android_vh_binder_free_proc(proc); proc_wrap = binder_proc_wrap_entry(proc); kfree(proc_wrap); @@ -5905,6 +5989,7 @@ static int binder_open(struct inode *nodp, struct file *filp) return -ENOMEM; proc = &proc_wrap->proc; + dbitmap_init(&proc->dmap); spin_lock_init(&proc->inner_lock); spin_lock_init(&proc->outer_lock); get_task_struct(current->group_leader); diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 4164c346b301..e9fc1288e7b7 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -14,6 +14,7 @@ #include #include #include "binder_alloc.h" +#include "dbitmap.h" struct binder_context { struct binder_node *binder_context_mgr_node; @@ -394,6 +395,8 @@ enum binder_prio_state { * @freeze_wait: waitqueue of processes waiting for all outstanding * transactions to be processed * (protected by @inner_lock) + * @dmap dbitmap to manage available reference descriptors + * (protected by @outer_lock) * @todo: list of work for this process * (protected by @inner_lock) * @stats: per-process binder statistics @@ -443,7 +446,7 @@ struct binder_proc { bool sync_recv; bool async_recv; wait_queue_head_t freeze_wait; - + struct dbitmap dmap; struct list_head todo; struct binder_stats stats; struct list_head delivered_death; diff --git a/drivers/android/dbitmap.h b/drivers/android/dbitmap.h new file mode 100644 index 000000000000..b8ac7b4764fd --- /dev/null +++ b/drivers/android/dbitmap.h @@ -0,0 +1,176 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright 2024 Google LLC + * + * dbitmap - dynamically sized bitmap library. + * + * Used by the binder driver to optimize the allocation of the smallest + * available descriptor ID. Each bit in the bitmap represents the state + * of an ID, with the exception of BIT(0) which is used exclusively to + * reference binder's context manager. + * + * A dbitmap can grow or shrink as needed. This part has been designed + * considering that users might need to briefly release their locks in + * order to allocate memory for the new bitmap. These operations then, + * are verified to determine if the grow or shrink is sill valid. + * + * This library does not provide protection against concurrent access + * by itself. Binder uses the proc->outer_lock for this purpose. + */ + +#ifndef _LINUX_DBITMAP_H +#define _LINUX_DBITMAP_H +#include + +#define NBITS_MIN BITS_PER_TYPE(unsigned long) + +struct dbitmap { + unsigned int nbits; + unsigned long *map; +}; + +static inline int dbitmap_enabled(struct dbitmap *dmap) +{ + return !!dmap->nbits; +} + +static inline void dbitmap_free(struct dbitmap *dmap) +{ + dmap->nbits = 0; + kfree(dmap->map); +} + +/* Returns the nbits that a dbitmap can shrink to, 0 if not possible. */ +static inline unsigned int dbitmap_shrink_nbits(struct dbitmap *dmap) +{ + unsigned int bit; + + if (dmap->nbits <= NBITS_MIN) + return 0; + + /* + * Determine if the bitmap can shrink based on the position of + * its last set bit. If the bit is within the first quarter of + * the bitmap then shrinking is possible. In this case, the + * bitmap should shrink to half its current size. + */ + bit = find_last_bit(dmap->map, dmap->nbits); + if (bit < (dmap->nbits >> 2)) + return dmap->nbits >> 1; + + /* + * Note that find_last_bit() returns dmap->nbits when no bits + * are set. While this is technically not possible here since + * BIT(0) is always set, this check is left for extra safety. + */ + if (bit == dmap->nbits) + return NBITS_MIN; + + return 0; +} + +/* Replace the internal bitmap with a new one of different size */ +static inline void +dbitmap_replace(struct dbitmap *dmap, unsigned long *new, unsigned int nbits) +{ + bitmap_copy(new, dmap->map, min(dmap->nbits, nbits)); + kfree(dmap->map); + dmap->map = new; + dmap->nbits = nbits; +} + +static inline void +dbitmap_shrink(struct dbitmap *dmap, unsigned long *new, unsigned int nbits) +{ + if (!new) + return; + + /* + * Verify that shrinking to @nbits is still possible. The @new + * bitmap might have been allocated without locks, so this call + * could now be outdated. In this case, free @new and move on. + */ + if (!dbitmap_enabled(dmap) || dbitmap_shrink_nbits(dmap) != nbits) { + kfree(new); + return; + } + + dbitmap_replace(dmap, new, nbits); +} + +/* Returns the nbits that a dbitmap can grow to. */ +static inline unsigned int dbitmap_grow_nbits(struct dbitmap *dmap) +{ + return dmap->nbits << 1; +} + +static inline void +dbitmap_grow(struct dbitmap *dmap, unsigned long *new, unsigned int nbits) +{ + /* + * Verify that growing to @nbits is still possible. The @new + * bitmap might have been allocated without locks, so this call + * could now be outdated. In this case, free @new and move on. + */ + if (!dbitmap_enabled(dmap) || nbits <= dmap->nbits) { + kfree(new); + return; + } + + /* + * Check for ENOMEM after confirming the grow operation is still + * required. This ensures we only disable the dbitmap when it's + * necessary. Once the dbitmap is disabled, binder will fallback + * to slow_desc_lookup_olocked(). + */ + if (!new) { + dbitmap_free(dmap); + return; + } + + dbitmap_replace(dmap, new, nbits); +} + +/* + * Finds and sets the first zero bit in the bitmap. Upon success @bit + * is populated with the index and 0 is returned. Otherwise, -ENOSPC + * is returned to indicate that a dbitmap_grow() is needed. + */ +static inline int +dbitmap_acquire_first_zero_bit(struct dbitmap *dmap, unsigned long *bit) +{ + unsigned long n; + + n = find_first_zero_bit(dmap->map, dmap->nbits); + if (n == dmap->nbits) + return -ENOSPC; + + *bit = n; + set_bit(n, dmap->map); + + return 0; +} + +static inline void +dbitmap_clear_bit(struct dbitmap *dmap, unsigned long bit) +{ + /* BIT(0) should always set for the context manager */ + if (bit) + clear_bit(bit, dmap->map); +} + +static inline int dbitmap_init(struct dbitmap *dmap) +{ + dmap->map = bitmap_zalloc(NBITS_MIN, GFP_KERNEL); + if (!dmap->map) { + dmap->nbits = 0; + return -ENOMEM; + } + + dmap->nbits = NBITS_MIN; + /* BIT(0) is reserved for the context manager */ + set_bit(0, dmap->map); + + return 0; +} +#endif From a55053f3a86b9e79f26e45acc9f3a440e515f127 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Mon, 22 Jul 2024 15:05:11 +0000 Subject: [PATCH 05/87] UPSTREAM: binder: fix descriptor lookup for context manager In commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup"), it was incorrectly assumed that references to the context manager node should always get descriptor zero assigned to them. However, if the context manager dies and a new process takes its place, then assigning descriptor zero to the new context manager might lead to collisions, as there could still be references to the older node. This issue was reported by syzbot with the following trace: kernel BUG at drivers/android/binder.c:1173! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 447 Comm: binder-util Not tainted 6.10.0-rc6-00348-g31643d84b8c3 #10 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : binder_inc_ref_for_node+0x500/0x544 lr : binder_inc_ref_for_node+0x1e4/0x544 sp : ffff80008112b940 x29: ffff80008112b940 x28: ffff0e0e40310780 x27: 0000000000000000 x26: 0000000000000001 x25: ffff0e0e40310738 x24: ffff0e0e4089ba34 x23: ffff0e0e40310b00 x22: ffff80008112bb50 x21: ffffaf7b8f246970 x20: ffffaf7b8f773f08 x19: ffff0e0e4089b800 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 000000002de4aa60 x14: 0000000000000000 x13: 2de4acf000000000 x12: 0000000000000020 x11: 0000000000000018 x10: 0000000000000020 x9 : ffffaf7b90601000 x8 : ffff0e0e48739140 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffff0e0e40310b28 x4 : 0000000000000000 x3 : ffff0e0e40310720 x2 : ffff0e0e40310728 x1 : 0000000000000000 x0 : ffff0e0e40310710 Call trace: binder_inc_ref_for_node+0x500/0x544 binder_transaction+0xf68/0x2620 binder_thread_write+0x5bc/0x139c binder_ioctl+0xef4/0x10c8 [...] This patch adds back the previous behavior of assigning the next non-zero descriptor if references to previous context managers still exist. It amends both strategies, the newer dbitmap code and also the legacy slow_desc_lookup_olocked(), by allowing them to start looking for available descriptors at a given offset. Fixes: 15d9da3f818c ("binder: use bitmap for faster descriptor lookup") Cc: stable@vger.kernel.org Reported-and-tested-by: syzbot+3dae065ca76952a67257@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000c1c0a0061d1e6979@google.com/ Reviewed-by: Alice Ryhl Signed-off-by: Carlos Llamas Link: https://lore.kernel.org/r/20240722150512.4192473-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman Bug: 298520209 Change-Id: I5b888c138163eff263239ebcc85c59cd7f26d64f (cherry picked from commit 11512c197d387b59569d3a93af93de204d3bdaa6) Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 15 ++++++--------- drivers/android/dbitmap.h | 22 +++++++--------------- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f4157f98e211..2e9310f98012 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1239,13 +1239,13 @@ static struct binder_ref *binder_get_ref_olocked(struct binder_proc *proc, } /* Find the smallest unused descriptor the "slow way" */ -static u32 slow_desc_lookup_olocked(struct binder_proc *proc) +static u32 slow_desc_lookup_olocked(struct binder_proc *proc, u32 offset) { struct binder_ref *ref; struct rb_node *n; u32 desc; - desc = 1; + desc = offset; for (n = rb_first(&proc->refs_by_desc); n; n = rb_next(n)) { ref = rb_entry(n, struct binder_ref, rb_node_desc); if (ref->data.desc > desc) @@ -1266,21 +1266,18 @@ static int get_ref_desc_olocked(struct binder_proc *proc, u32 *desc) { struct dbitmap *dmap = &proc->dmap; + unsigned int nbits, offset; unsigned long *new, bit; - unsigned int nbits; /* 0 is reserved for the context manager */ - if (node == proc->context->binder_context_mgr_node) { - *desc = 0; - return 0; - } + offset = (node == proc->context->binder_context_mgr_node) ? 0 : 1; if (!dbitmap_enabled(dmap)) { - *desc = slow_desc_lookup_olocked(proc); + *desc = slow_desc_lookup_olocked(proc, offset); return 0; } - if (dbitmap_acquire_first_zero_bit(dmap, &bit) == 0) { + if (dbitmap_acquire_next_zero_bit(dmap, offset, &bit) == 0) { *desc = bit; return 0; } diff --git a/drivers/android/dbitmap.h b/drivers/android/dbitmap.h index b8ac7b4764fd..956f1bd087d1 100644 --- a/drivers/android/dbitmap.h +++ b/drivers/android/dbitmap.h @@ -6,8 +6,7 @@ * * Used by the binder driver to optimize the allocation of the smallest * available descriptor ID. Each bit in the bitmap represents the state - * of an ID, with the exception of BIT(0) which is used exclusively to - * reference binder's context manager. + * of an ID. * * A dbitmap can grow or shrink as needed. This part has been designed * considering that users might need to briefly release their locks in @@ -58,11 +57,7 @@ static inline unsigned int dbitmap_shrink_nbits(struct dbitmap *dmap) if (bit < (dmap->nbits >> 2)) return dmap->nbits >> 1; - /* - * Note that find_last_bit() returns dmap->nbits when no bits - * are set. While this is technically not possible here since - * BIT(0) is always set, this check is left for extra safety. - */ + /* find_last_bit() returns dmap->nbits when no bits are set. */ if (bit == dmap->nbits) return NBITS_MIN; @@ -132,16 +127,17 @@ dbitmap_grow(struct dbitmap *dmap, unsigned long *new, unsigned int nbits) } /* - * Finds and sets the first zero bit in the bitmap. Upon success @bit + * Finds and sets the next zero bit in the bitmap. Upon success @bit * is populated with the index and 0 is returned. Otherwise, -ENOSPC * is returned to indicate that a dbitmap_grow() is needed. */ static inline int -dbitmap_acquire_first_zero_bit(struct dbitmap *dmap, unsigned long *bit) +dbitmap_acquire_next_zero_bit(struct dbitmap *dmap, unsigned long offset, + unsigned long *bit) { unsigned long n; - n = find_first_zero_bit(dmap->map, dmap->nbits); + n = find_next_zero_bit(dmap->map, dmap->nbits, offset); if (n == dmap->nbits) return -ENOSPC; @@ -154,9 +150,7 @@ dbitmap_acquire_first_zero_bit(struct dbitmap *dmap, unsigned long *bit) static inline void dbitmap_clear_bit(struct dbitmap *dmap, unsigned long bit) { - /* BIT(0) should always set for the context manager */ - if (bit) - clear_bit(bit, dmap->map); + clear_bit(bit, dmap->map); } static inline int dbitmap_init(struct dbitmap *dmap) @@ -168,8 +162,6 @@ static inline int dbitmap_init(struct dbitmap *dmap) } dmap->nbits = NBITS_MIN; - /* BIT(0) is reserved for the context manager */ - set_bit(0, dmap->map); return 0; } From f8f9a197f4d4447424c3a85350a7cad21f8f43f0 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Thu, 25 Jul 2024 18:13:35 +0000 Subject: [PATCH 06/87] ANDROID: binder: fix KMI-break due to proc->dmap Add 'struct binder_proc_wrap' to support the addition of new members in 'struct binder_proc' without breaking the KMI. In this case, proc->dmap was backported from upstream and needs to be migrated into this wrapper. Avoids the following KMI issue: function symbol 'int __traceiter_binder_transaction_received(void*, struct binder_transaction*)' changed CRC changed from 0x74e9c98b to 0x7af6cf5a type 'struct binder_proc' changed byte size changed from 584 to 600 member 'struct dbitmap dmap' was added 16 members ('struct list_head todo' .. 'u64 android_oem_data1') changed offset changed by 128 Bug: 298520209 Change-Id: Icbbee14a8f16d0881faf8d5673582e785f98e8cf Signed-off-by: Carlos Llamas (cherry picked from commit af55892f201c8f709725d75d306b1cdd20984b97) [cmllamas: merge binder_proc_wrap_entry() with new proc_wrapper()] Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 17 ++++++++--------- drivers/android/binder_internal.h | 25 +++++++++++++++---------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 2e9310f98012..4228d8164b25 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1265,7 +1265,7 @@ static int get_ref_desc_olocked(struct binder_proc *proc, struct binder_node *node, u32 *desc) { - struct dbitmap *dmap = &proc->dmap; + struct dbitmap *dmap = &proc_wrapper(proc)->dmap; unsigned int nbits, offset; unsigned long *new, bit; @@ -1381,7 +1381,7 @@ retry: static void binder_cleanup_ref_olocked(struct binder_ref *ref) { - struct dbitmap *dmap = &ref->proc->dmap; + struct dbitmap *dmap = &proc_wrapper(ref->proc)->dmap; bool delete_node = false; binder_debug(BINDER_DEBUG_INTERNAL_REFS, @@ -1556,11 +1556,12 @@ static void binder_free_ref(struct binder_ref *ref) /* shrink descriptor bitmap if needed */ static void try_shrink_dmap(struct binder_proc *proc) { + struct dbitmap *dmap = &proc_wrapper(proc)->dmap; unsigned long *new; int nbits; binder_proc_lock(proc); - nbits = dbitmap_shrink_nbits(&proc->dmap); + nbits = dbitmap_shrink_nbits(dmap); binder_proc_unlock(proc); if (!nbits) @@ -1568,7 +1569,7 @@ static void try_shrink_dmap(struct binder_proc *proc) new = bitmap_zalloc(nbits, GFP_KERNEL); binder_proc_lock(proc); - dbitmap_shrink(&proc->dmap, new, nbits); + dbitmap_shrink(dmap, new, nbits); binder_proc_unlock(proc); } @@ -5245,7 +5246,6 @@ static struct binder_thread *binder_get_thread(struct binder_proc *proc) static void binder_free_proc(struct binder_proc *proc) { - struct binder_proc_wrap *proc_wrap; struct binder_device *device; BUG_ON(!list_empty(&proc->todo)); @@ -5262,10 +5262,9 @@ static void binder_free_proc(struct binder_proc *proc) put_task_struct(proc->tsk); put_cred(proc->cred); binder_stats_deleted(BINDER_STAT_PROC); - dbitmap_free(&proc->dmap); + dbitmap_free(&proc_wrapper(proc)->dmap); trace_android_vh_binder_free_proc(proc); - proc_wrap = binder_proc_wrap_entry(proc); - kfree(proc_wrap); + kfree(proc_wrapper(proc)); } static void binder_free_thread(struct binder_thread *thread) @@ -5986,7 +5985,7 @@ static int binder_open(struct inode *nodp, struct file *filp) return -ENOMEM; proc = &proc_wrap->proc; - dbitmap_init(&proc->dmap); + dbitmap_init(&proc_wrapper(proc)->dmap); spin_lock_init(&proc->inner_lock); spin_lock_init(&proc->outer_lock); get_task_struct(current->group_leader); diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index e9fc1288e7b7..2e0f6c13aeee 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -395,8 +395,6 @@ enum binder_prio_state { * @freeze_wait: waitqueue of processes waiting for all outstanding * transactions to be processed * (protected by @inner_lock) - * @dmap dbitmap to manage available reference descriptors - * (protected by @outer_lock) * @todo: list of work for this process * (protected by @inner_lock) * @stats: per-process binder statistics @@ -446,7 +444,6 @@ struct binder_proc { bool sync_recv; bool async_recv; wait_queue_head_t freeze_wait; - struct dbitmap dmap; struct list_head todo; struct binder_stats stats; struct list_head delivered_death; @@ -464,27 +461,35 @@ struct binder_proc { bool oneway_spam_detection_enabled; }; +/** + * struct binder_proc_wrap - wrapper to preserve KMI in binder_proc + * @proc: binder_proc being wrapped + * @dmap: dbitmap to manage available reference descriptors + * (protected by @proc.outer_lock) + * @lock: protects @proc->alloc fields + */ struct binder_proc_wrap { struct binder_proc proc; + struct dbitmap dmap; spinlock_t lock; }; +static inline +struct binder_proc_wrap *proc_wrapper(struct binder_proc *proc) +{ + return container_of(proc, struct binder_proc_wrap, proc); +} + static inline struct binder_proc * binder_proc_entry(struct binder_alloc *alloc) { return container_of(alloc, struct binder_proc, alloc); } -static inline struct binder_proc_wrap * -binder_proc_wrap_entry(struct binder_proc *proc) -{ - return container_of(proc, struct binder_proc_wrap, proc); -} - static inline struct binder_proc_wrap * binder_alloc_to_proc_wrap(struct binder_alloc *alloc) { - return binder_proc_wrap_entry(binder_proc_entry(alloc)); + return proc_wrapper(binder_proc_entry(alloc)); } static inline void binder_alloc_lock_init(struct binder_alloc *alloc) From 370ea8bc2e0b1c4880c41bbfc2b01bac973209b9 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Thu, 22 Aug 2024 18:23:52 +0000 Subject: [PATCH 07/87] FROMLIST: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites the offsets section. This eventually triggers an error that attempts to unwind the processed objects. However, at this point the offsets used to index these objects are now corrupted. Unwinding with corrupted offsets can result in decrements of arbitrary nodes and lead to their premature release. Other users of such nodes are left with a dangling pointer triggering a use-after-free. This issue is made evident by the following KASAN report (trimmed): ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff47fc91598f04 by task binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Allocated by task 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Freed by task 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ================================================================== To avoid this issue, let's check that the raw data copy is within the boundaries of the data section. Fixes: 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") Cc: Todd Kjos Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Bug: 352520660 Link: https://lore.kernel.org/all/20240822182353.2129600-1-cmllamas@google.com/ Change-Id: I1b2dd8403b63e5eeb58904558b7b542141c83fc2 Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 4228d8164b25..2ad57d5d98c1 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3647,6 +3647,7 @@ static void binder_transaction(struct binder_proc *proc, */ copy_size = object_offset - user_offset; if (copy_size && (user_offset > object_offset || + object_offset > tr->data_size || binder_alloc_copy_user_to_buffer( &target_proc->alloc, t->buffer, user_offset, From 0f23336b97a3aa37762228a67db915e99ea08f29 Mon Sep 17 00:00:00 2001 From: John Stultz Date: Mon, 17 Jun 2024 20:52:43 -0700 Subject: [PATCH 08/87] BACKPORT: UPSTREAM: sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath It was reported that in moving to 6.1, a larger then 10% regression was seen in the performance of clock_gettime(CLOCK_THREAD_CPUTIME_ID,...). Using a simple reproducer, I found: 5.10: 100000000 calls in 24345994193 ns => 243.460 ns per call 100000000 calls in 24288172050 ns => 242.882 ns per call 100000000 calls in 24289135225 ns => 242.891 ns per call 6.1: 100000000 calls in 28248646742 ns => 282.486 ns per call 100000000 calls in 28227055067 ns => 282.271 ns per call 100000000 calls in 28177471287 ns => 281.775 ns per call The cause of this was finally narrowed down to the addition of psi_account_irqtime() in update_rq_clock_task(), in commit 52b1364ba0b1 ("sched/psi: Add PSI_IRQ to track IRQ/SOFTIRQ pressure"). In my initial attempt to resolve this, I leaned towards moving all accounting work out of the clock_gettime() call path, but it wasn't very pretty, so it will have to wait for a later deeper rework. Instead, Peter shared this approach: Rework psi_account_irqtime() to use its own psi_irq_time base for accounting, and move it out of the hotpath, calling it instead from sched_tick() and __schedule(). In testing this, we found the importance of ensuring psi_account_irqtime() is run under the rq_lock, which Johannes Weiner helpfully explained, so also add some lockdep annotations to make that requirement clear. With this change the performance is back in-line with 5.10: 6.1+fix: 100000000 calls in 24297324597 ns => 242.973 ns per call 100000000 calls in 24318869234 ns => 243.189 ns per call 100000000 calls in 24291564588 ns => 242.916 ns per call Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Juri Lelli Cc: Vincent Guittot Cc: Dietmar Eggemann Cc: Steven Rostedt Cc: Ben Segall Cc: Mel Gorman Cc: Daniel Bristot de Oliveira Cc: Valentin Schneider Cc: Johannes Weiner Cc: Suren Baghdasaryan Cc: Chengming Zhou Cc: Thomas Gleixner Cc: Frederic Weisbecker Cc: Qais Yousef Cc: Joel Fernandes Cc: kernel-team@android.com Reported-by: Jimmy Shiu Originally-by: Peter Zijlstra Signed-off-by: John Stultz Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Chengming Zhou Reviewed-by: Qais Yousef Link: https://lore.kernel.org/r/20240618215909.4099720-1-jstultz@google.com Change-Id: I5c4f04d047ca0aa11fccaec9a034dfe60dbeb295 Bug: 343748421 (cherry picked from commit ddae0ca2a8fe12d0e24ab10ba759c3fbd755ada8) [jstultz: Backported and reworked to use per-cpu values instead of adding a field to the struct rq] Signed-off-by: John Stultz --- kernel/sched/core.c | 7 +++++-- kernel/sched/psi.c | 23 ++++++++++++++++++----- kernel/sched/stats.h | 11 ++++++++--- 3 files changed, 31 insertions(+), 10 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 6f1d576c28bd..c10e39007cef 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -721,7 +721,6 @@ static void update_rq_clock_task(struct rq *rq, s64 delta) rq->prev_irq_time += irq_delta; delta -= irq_delta; - psi_account_irqtime(rq->curr, irq_delta); #endif #ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING if (static_key_false((¶virt_steal_rq_enabled))) { @@ -5679,7 +5678,7 @@ void scheduler_tick(void) { int cpu = smp_processor_id(); struct rq *rq = cpu_rq(cpu); - struct task_struct *curr = rq->curr; + struct task_struct *curr; struct rq_flags rf; unsigned long thermal_pressure; u64 resched_latency; @@ -5691,6 +5690,9 @@ void scheduler_tick(void) rq_lock(rq, &rf); + curr = rq->curr; + psi_account_irqtime(rq, curr, NULL); + update_rq_clock(rq); trace_android_rvh_tick_entry(rq); @@ -6736,6 +6738,7 @@ static void __sched notrace __schedule(unsigned int sched_mode) ++*switch_count; migrate_disable_switch(rq, prev); + psi_account_irqtime(rq, prev, next); psi_sched_switch(prev, next, !task_on_rq_queued(prev)); trace_sched_switch(sched_mode & SM_MASK_PREEMPT, prev, next, prev_state); diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 55be195660a9..eb69db4b2d6f 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -737,6 +737,7 @@ static void psi_group_change(struct psi_group *group, int cpu, enum psi_states s; u32 state_mask; + lockdep_assert_rq_held(cpu_rq(cpu)); groupc = per_cpu_ptr(group->pcpu, cpu); /* @@ -955,19 +956,31 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, } #ifdef CONFIG_IRQ_TIME_ACCOUNTING -void psi_account_irqtime(struct task_struct *task, u32 delta) +static DEFINE_PER_CPU(u64, psi_irq_time); +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev) { - int cpu = task_cpu(task); + int cpu = task_cpu(curr); struct psi_group *group; struct psi_group_cpu *groupc; - u64 now; + u64 now, irq, *psi_time; + s64 delta; - if (!task->pid) + if (!curr->pid) + return; + + lockdep_assert_rq_held(rq); + group = task_psi_group(curr); + if (prev && task_psi_group(prev) == group) return; now = cpu_clock(cpu); + irq = irq_time_read(cpu); + psi_time = &per_cpu(psi_irq_time, cpu); + delta = (s64)(irq - *psi_time); + if (delta < 0) + return; + *psi_time = irq; - group = task_psi_group(task); do { if (!group->enabled) continue; diff --git a/kernel/sched/stats.h b/kernel/sched/stats.h index 84a188913cc9..b49a96fad1d2 100644 --- a/kernel/sched/stats.h +++ b/kernel/sched/stats.h @@ -110,8 +110,12 @@ __schedstats_from_se(struct sched_entity *se) void psi_task_change(struct task_struct *task, int clear, int set); void psi_task_switch(struct task_struct *prev, struct task_struct *next, bool sleep); -void psi_account_irqtime(struct task_struct *task, u32 delta); - +#ifdef CONFIG_IRQ_TIME_ACCOUNTING +void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_struct *prev); +#else +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} +#endif /*CONFIG_IRQ_TIME_ACCOUNTING */ /* * PSI tracks state that persists across sleeps, such as iowaits and * memory stalls. As a result, it has to distinguish between sleeps, @@ -206,7 +210,8 @@ static inline void psi_ttwu_dequeue(struct task_struct *p) {} static inline void psi_sched_switch(struct task_struct *prev, struct task_struct *next, bool sleep) {} -static inline void psi_account_irqtime(struct task_struct *task, u32 delta) {} +static inline void psi_account_irqtime(struct rq *rq, struct task_struct *curr, + struct task_struct *prev) {} #endif /* CONFIG_PSI */ #ifdef CONFIG_SCHED_INFO From 42515e9246a690e226e6dde38cf5a0b98100e031 Mon Sep 17 00:00:00 2001 From: Rick Yiu Date: Mon, 26 Aug 2024 03:13:22 +0000 Subject: [PATCH 09/87] ANDROID: sched: Add android_vh_set_task_comm Vendor may have specific actions after task renamed. Bug: 357956265 Change-Id: I78263dc023af6fd1ee2db03eee4ccb3ca3ebb278 Signed-off-by: Rick Yiu --- fs/exec.c | 2 ++ include/trace/hooks/sched.h | 4 ++++ kernel/sched/vendor_hooks.c | 1 + 3 files changed, 7 insertions(+) diff --git a/fs/exec.c b/fs/exec.c index e9fb363ec9a1..751c13fca83d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -73,6 +73,7 @@ #include "internal.h" #include +#include static int bprm_creds_from_file(struct linux_binprm *bprm); @@ -1238,6 +1239,7 @@ void __set_task_comm(struct task_struct *tsk, const char *buf, bool exec) task_lock(tsk); trace_task_rename(tsk, buf); strscpy_pad(tsk->comm, buf, sizeof(tsk->comm)); + trace_android_vh_set_task_comm(tsk); task_unlock(tsk); perf_event_comm(tsk, exec); } diff --git a/include/trace/hooks/sched.h b/include/trace/hooks/sched.h index 61af20b66740..ce26b58b9e3c 100644 --- a/include/trace/hooks/sched.h +++ b/include/trace/hooks/sched.h @@ -458,6 +458,10 @@ DECLARE_HOOK(android_vh_prio_restore, TP_PROTO(int saved_prio), TP_ARGS(saved_prio)); +DECLARE_HOOK(android_vh_set_task_comm, + TP_PROTO(struct task_struct *p), + TP_ARGS(p)); + #endif /* _TRACE_HOOK_SCHED_H */ /* This part must be outside protection */ #include diff --git a/kernel/sched/vendor_hooks.c b/kernel/sched/vendor_hooks.c index 8a3ce9f567f1..46a67d9b6344 100644 --- a/kernel/sched/vendor_hooks.c +++ b/kernel/sched/vendor_hooks.c @@ -115,3 +115,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_update_blocked_fair); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_update_rt_rq_load_avg); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_prio_inheritance); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_prio_restore); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_task_comm); From 1a48a88fcb0aae008b14ef1610dd3467ebfdb79a Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Wed, 27 Mar 2024 12:48:51 +0000 Subject: [PATCH 10/87] FROMGIT: BACKPORT: KVM: arm64: Don't pass a TLBI level hint when zapping table entries commit 36e008323926036650299cfbb2dca704c7aba849 upstream. The TLBI level hints are for leaf entries only, so take care not to pass them incorrectly after clearing a table entry. Cc: Gavin Shan Cc: Marc Zyngier Cc: Quentin Perret Fixes: 82bb02445de5 ("KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2") Fixes: 6d9d2115c480 ("KVM: arm64: Add support for stage-2 map()/unmap() in generic page-table") Reviewed-by: Shaoqin Huang Reviewed-by: Marc Zyngier Link: https://lore.kernel.org/r/20240327124853.11206-3-will@kernel.org Signed-off-by: Oliver Upton Cc: # 6.1.y only [will@: Use '0' instead of TLBI_TTL_UNKNOWN_to indicate "no level". Force level to 0 in stage2_put_pte() if we're clearing a table entry.] Signed-off-by: Will Deacon (cherry picked from commit 298e875b36613fe02d622b7ac16d0112f57707e1 stable/linux-6.1.y) Bug: 311571169 Signed-off-by: Will Deacon Change-Id: Icefe7099ccf03c4ba96e395dfc225f0015e3fccc --- arch/arm64/kvm/hyp/pgtable.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c index ea51f04be78f..52e17cfac0d7 100644 --- a/arch/arm64/kvm/hyp/pgtable.c +++ b/arch/arm64/kvm/hyp/pgtable.c @@ -420,7 +420,7 @@ static int hyp_unmap_walker(u64 addr, u64 end, u32 level, kvm_pte_t *ptep, kvm_clear_pte(ptep); dsb(ishst); - __tlbi_level(vae2is, __TLBI_VADDR(addr, 0), level); + __tlbi_level(vae2is, __TLBI_VADDR(addr, 0), 0); } else { if (end - addr < granule) return -EINVAL; @@ -661,10 +661,15 @@ static bool stage2_pte_needs_update(struct kvm_pgtable *pgt, static void stage2_clear_pte(kvm_pte_t *ptep, struct kvm_s2_mmu *mmu, u64 addr, u32 level) { - if (!kvm_pte_valid(*ptep)) + kvm_pte_t pte = *ptep; + + if (!kvm_pte_valid(pte)) return; kvm_clear_pte(ptep); + + if (kvm_pte_table(pte, level)) + level = 0; kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, mmu, addr, level); } From 9920d2584e668b9a7a186ff073b2c49aab4c83d2 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Wed, 14 Aug 2024 13:34:28 +0100 Subject: [PATCH 11/87] FROMGIT: KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init When initialising the nVHE hypervisor, we invalidate potentially stale TLB entries for the EL1&0 regime using a 'vmalls12e1' invalidation. However, this invalidation operation applies only to the active VMID and therefore we could proceed with stale TLB entries for other VMIDs. Replace the operation with an 'alle1' which applies to all entries for the EL1&0 regime, regardless of the VMID. Cc: Marc Zyngier Cc: Oliver Upton Fixes: 1025c8c0c6ac ("KVM: arm64: Wrap the host with a stage 2") Signed-off-by: Will Deacon Link: https://lore.kernel.org/r/20240814123429.20457-2-will@kernel.org Signed-off-by: Marc Zyngier (cherry picked from commit dc0dddb1d66de88c571cf1a5bc3b484521a578af kvmarm/next) Bug: 311571169 Signed-off-by: Will Deacon Change-Id: Ib116a4b3b08501e84340ce63ea6cded67824c7aa --- arch/arm64/kvm/hyp/nvhe/hyp-init.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-init.S b/arch/arm64/kvm/hyp/nvhe/hyp-init.S index 73ced9c646c4..c6f2e941c856 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-init.S +++ b/arch/arm64/kvm/hyp/nvhe/hyp-init.S @@ -126,7 +126,7 @@ alternative_else_nop_endif /* Invalidate the stale TLBs from Bootloader */ tlbi alle2 - tlbi vmalls12e1 + tlbi alle1 dsb sy mov_q x0, INIT_SCTLR_EL2_MMU_ON From 82b9eb64ebf6bda8398d23c9e949c80e92ab54ac Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Wed, 14 Aug 2024 13:34:29 +0100 Subject: [PATCH 12/87] FROMGIT: KVM: arm64: Ensure TLBI uses correct VMID after changing context When the target context passed to enter_vmid_context() matches the current running context, the function returns early without manipulating the registers of the stage-2 MMU. This can result in a stale VMID due to the lack of an ISB instruction in exit_vmid_context() after writing the VTTBR when ARM64_WORKAROUND_SPECULATIVE_AT is not enabled. For example, with pKVM enabled: // Initially running in host context enter_vmid_context(guest); -> __load_stage2(guest); isb // Writes VTCR & VTTBR exit_vmid_context(guest); -> __load_stage2(host); // Restores VTCR & VTTBR enter_vmid_context(host); -> Returns early as we're already in host context tlbi vmalls12e1is // !!! Can use the stale VMID as we // haven't performed context // synchronisation since restoring // VTTBR.VMID Add an unconditional ISB instruction to exit_vmid_context() after restoring the VTTBR. This already existed for the ARM64_WORKAROUND_SPECULATIVE_AT path, so we can simply hoist that onto the common path. Cc: Marc Zyngier Cc: Oliver Upton Cc: Fuad Tabba Fixes: 58f3b0fc3b87 ("KVM: arm64: Support TLB invalidation in guest context") Signed-off-by: Will Deacon Link: https://lore.kernel.org/r/20240814123429.20457-3-will@kernel.org Signed-off-by: Marc Zyngier (cherry picked from commit ed49fe5a6fb9c1a1bbbf4b5b648c7d34a756cb6d kvmarm/next) Bug: 311571169 Signed-off-by: Will Deacon Change-Id: I1612ebdc5625e44694897f2c5b26fe38cdaa3179 --- arch/arm64/kvm/hyp/nvhe/tlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/tlb.c b/arch/arm64/kvm/hyp/nvhe/tlb.c index 692bd7f881f1..e98d417c3487 100644 --- a/arch/arm64/kvm/hyp/nvhe/tlb.c +++ b/arch/arm64/kvm/hyp/nvhe/tlb.c @@ -106,10 +106,10 @@ static void exit_vmid_context(struct tlb_inv_context *cxt) else __load_host_stage2(); - if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { - /* Ensure write of the old VMID */ - isb(); + /* Ensure write of the old VMID */ + isb(); + if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { if (!(cxt->sctlr & SCTLR_ELx_M)) { write_sysreg_el1(cxt->sctlr, SYS_SCTLR); isb(); From 25641a61baec9f44dc9276483b791a4944a98593 Mon Sep 17 00:00:00 2001 From: Seiya Wang Date: Fri, 23 Aug 2024 13:50:42 +0800 Subject: [PATCH 13/87] ANDROID: GKI: Update symbol list for mtk 2 function symbol(s) added 'int devm_rproc_add(struct device*, struct rproc*)' 'struct rproc* devm_rproc_alloc(struct device*, const char*, const struct rproc_ops*, const char*, int)' Bug: 361691226 Change-Id: Ifc5f86d8443f0495dd576c654b9fd9936bd449f7 Signed-off-by: Seiya Wang --- android/abi_gki_aarch64.stg | 26 ++++++++++++++++++++++++++ android/abi_gki_aarch64_mtk | 2 ++ 2 files changed, 28 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 3d3a096761d5..20bea51b6b13 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -330889,6 +330889,12 @@ function { parameter_id: 0x2f99f236 parameter_id: 0x6720d32f } +function { + id: 0x9db1c576 + return_type_id: 0x6720d32f + parameter_id: 0x0258f96e + parameter_id: 0x29c600bb +} function { id: 0x9db28ca2 return_type_id: 0x6720d32f @@ -363356,6 +363362,24 @@ elf_symbol { type_id: 0x9d9d4b64 full_name: "devm_reset_controller_register" } +elf_symbol { + id: 0xbc1b7b65 + name: "devm_rproc_add" + is_defined: true + symbol_type: FUNCTION + crc: 0x6fe72a07 + type_id: 0x9db1c576 + full_name: "devm_rproc_add" +} +elf_symbol { + id: 0x2df89a54 + name: "devm_rproc_alloc" + is_defined: true + symbol_type: FUNCTION + crc: 0xd2a21170 + type_id: 0xbd324cd3 + full_name: "devm_rproc_alloc" +} elf_symbol { id: 0x752a2b5b name: "devm_rtc_allocate_device" @@ -414698,6 +414722,8 @@ interface { symbol_id: 0xb7d7707e symbol_id: 0xdb0692a6 symbol_id: 0xfafcdec5 + symbol_id: 0xbc1b7b65 + symbol_id: 0x2df89a54 symbol_id: 0x752a2b5b symbol_id: 0xca559b71 symbol_id: 0xa5b63f73 diff --git a/android/abi_gki_aarch64_mtk b/android/abi_gki_aarch64_mtk index b58300bbea2d..ec310139240c 100644 --- a/android/abi_gki_aarch64_mtk +++ b/android/abi_gki_aarch64_mtk @@ -554,6 +554,8 @@ devm_request_threaded_irq __devm_reset_control_get devm_reset_controller_register + devm_rproc_add + devm_rproc_alloc devm_rtc_allocate_device devm_rtc_nvmem_register __devm_rtc_register_device From 6cbdf0e2394af64d0975b244b119401dcbcc2397 Mon Sep 17 00:00:00 2001 From: Rick Yiu Date: Mon, 26 Aug 2024 04:57:41 +0000 Subject: [PATCH 14/87] ANDROID: Update the ABI symbol list Adding the following symbols: - thermal_cooling_device_register - __traceiter_android_vh_set_task_comm - __tracepoint_android_vh_set_task_comm Bug: 357956265 Change-Id: I05890339903e11e23743b94ab81c669e0774860a Signed-off-by: Rick Yiu --- android/abi_gki_aarch64.stg | 20 ++++++++++++++++++++ android/abi_gki_aarch64_pixel | 3 +++ 2 files changed, 23 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 20bea51b6b13..b0e818eed5a8 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -346389,6 +346389,15 @@ elf_symbol { type_id: 0x9ba62ef4 full_name: "__traceiter_android_vh_sd_update_bus_speed_mode" } +elf_symbol { + id: 0x0b48ad7a + name: "__traceiter_android_vh_set_task_comm" + is_defined: true + symbol_type: FUNCTION + crc: 0x41a08c95 + type_id: 0x9bdbdcc4 + full_name: "__traceiter_android_vh_set_task_comm" +} elf_symbol { id: 0x874fcdb2 name: "__traceiter_android_vh_set_tsk_need_resched_lazy" @@ -350943,6 +350952,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_sd_update_bus_speed_mode" } +elf_symbol { + id: 0x1f07c260 + name: "__tracepoint_android_vh_set_task_comm" + is_defined: true + symbol_type: OBJECT + crc: 0x344a08a8 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_set_task_comm" +} elf_symbol { id: 0xb6de2d88 name: "__tracepoint_android_vh_set_tsk_need_resched_lazy" @@ -412835,6 +412853,7 @@ interface { symbol_id: 0xedb34a44 symbol_id: 0xb841c45e symbol_id: 0xe4ec133d + symbol_id: 0x0b48ad7a symbol_id: 0x874fcdb2 symbol_id: 0xaa3f6a65 symbol_id: 0xa2fe718f @@ -413341,6 +413360,7 @@ interface { symbol_id: 0xaaf6a826 symbol_id: 0xff2bccb8 symbol_id: 0xcfab6e83 + symbol_id: 0x1f07c260 symbol_id: 0xb6de2d88 symbol_id: 0xd7ceb15f symbol_id: 0x923147c1 diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index 95d325b8f9d2..62a2eac1062e 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -2307,6 +2307,7 @@ teo_cpu_get_util_threshold teo_cpu_set_util_threshold thermal_cdev_update + thermal_cooling_device_register thermal_cooling_device_unregister thermal_of_cooling_device_register thermal_pressure @@ -2405,6 +2406,7 @@ __traceiter_android_vh_rmqueue __traceiter_android_vh_scheduler_tick __traceiter_android_vh_setscheduler_uclamp + __traceiter_android_vh_set_task_comm __traceiter_android_vh_si_meminfo_adjust __traceiter_android_vh_sound_usb_support_cpu_suspend __traceiter_android_vh_sysrq_crash @@ -2535,6 +2537,7 @@ __tracepoint_android_vh_rmqueue __tracepoint_android_vh_scheduler_tick __tracepoint_android_vh_setscheduler_uclamp + __tracepoint_android_vh_set_task_comm __tracepoint_android_vh_si_meminfo_adjust __tracepoint_android_vh_sound_usb_support_cpu_suspend __tracepoint_android_vh_sysrq_crash From 3bb5a64ae9b0173778a9a94bf063ceab88e7e9a3 Mon Sep 17 00:00:00 2001 From: Venkata Rao Kakani Date: Wed, 21 Aug 2024 22:56:19 +0530 Subject: [PATCH 15/87] ANDROID: Update the ABI symbol list Adding the following symbols: - arch_invalidate_pmem Bug: 361447064 Change-Id: Iaa479a803f695da5196b935c6ace261187d60816 Signed-off-by: Venkata Rao Kakani --- android/abi_gki_aarch64.stg | 10 ++++++++++ android/abi_gki_aarch64_qcom | 1 + 2 files changed, 11 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index b0e818eed5a8..8178ace608a0 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -353546,6 +353546,15 @@ elf_symbol { type_id: 0x33756485 full_name: "arch_freq_scale" } +elf_symbol { + id: 0x97ee5cc4 + name: "arch_invalidate_pmem" + is_defined: true + symbol_type: FUNCTION + crc: 0x2c635527 + type_id: 0x1567dd7e + full_name: "arch_invalidate_pmem" +} elf_symbol { id: 0xc447be59 name: "arch_timer_read_counter" @@ -413648,6 +413657,7 @@ interface { symbol_id: 0x520c1997 symbol_id: 0x2d3715da symbol_id: 0x7ff45ec2 + symbol_id: 0x97ee5cc4 symbol_id: 0xc447be59 symbol_id: 0xc6d0ad0a symbol_id: 0x9403cfad diff --git a/android/abi_gki_aarch64_qcom b/android/abi_gki_aarch64_qcom index bcba5106b9e8..b6826eaa123e 100644 --- a/android/abi_gki_aarch64_qcom +++ b/android/abi_gki_aarch64_qcom @@ -45,6 +45,7 @@ __arch_copy_from_user __arch_copy_to_user arch_freq_scale + arch_invalidate_pmem arch_timer_read_counter argv_free argv_split From 841cae881066f0dd38d15a90cfcf245b0db9fc73 Mon Sep 17 00:00:00 2001 From: Hangyu Hua Date: Mon, 3 Jun 2024 15:13:03 +0800 Subject: [PATCH 16/87] UPSTREAM: net: sched: sch_multiq: fix possible OOB write in multiq_tune() [ Upstream commit affc18fdc694190ca7575b9a86632a73b9fe043d ] q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur. Bug: 349777785 Fixes: c2999f7fb05b ("net: sched: multiq: don't call qdisc_put() while holding tree lock") Signed-off-by: Hangyu Hua Acked-by: Cong Wang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin (cherry picked from commit 0f208fad86631e005754606c3ec80c0d44a11882) Signed-off-by: Lee Jones Change-Id: Iec8413c39878596795420ae58bbe6974890cf2de --- net/sched/sch_multiq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/sch_multiq.c b/net/sched/sch_multiq.c index 75c9c860182b..0d6649d937c9 100644 --- a/net/sched/sch_multiq.c +++ b/net/sched/sch_multiq.c @@ -185,7 +185,7 @@ static int multiq_tune(struct Qdisc *sch, struct nlattr *opt, qopt->bands = qdisc_dev(sch)->real_num_tx_queues; - removed = kmalloc(sizeof(*removed) * (q->max_bands - q->bands), + removed = kmalloc(sizeof(*removed) * (q->max_bands - qopt->bands), GFP_KERNEL); if (!removed) return -ENOMEM; From b5e374dda921bb604bcff2c98460195b36b4c0dc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 30 Aug 2024 16:00:09 +0200 Subject: [PATCH 17/87] FROMLIST: usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" In commit cfcd544a9974 ("usb: typec: tcpm: unregister existing source caps before re-registration"), quilt, and git, applied the diff to the incorrect function, which would cause bad problems if exercised in a device with these capabilities. Fix this all up to be in the correct function. Fixes: cfcd544a9974 ("usb: typec: tcpm: unregister existing source caps before re-registration") Reported-by: Charles Yo Cc: Kyle Tso Cc: Amit Sunil Dhamne Cc: Ondrej Jirman Cc: Heikki Krogerus Cc: Dmitry Baryshkov Signed-off-by: Greg Kroah-Hartman Link: https://lore.kernel.org/linux-usb/2024083008-granddad-unmoving-828c@gregkh/ Bug: 363121994 [ note, only 1/3 of the upstream commit is needed here due to half already being present due to manual UPSTREAM changes made to the tree, and a second follow-up fix not being merged from LTS here yet - gregkh] Signed-off-by: Greg Kroah-Hartman Change-Id: I33b07fcb8d1e64e7f0424b9a7b7d056aa9e44b2f --- drivers/usb/typec/tcpm/tcpm.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 6648b0a7ad7e..a820e3e24d7a 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2453,7 +2453,7 @@ static int tcpm_register_sink_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap = port->partner_source_caps; + struct usb_power_delivery_capabilities *cap; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -2463,9 +2463,6 @@ static int tcpm_register_sink_caps(struct tcpm_port *port) memcpy(caps.pdo, port->sink_caps, sizeof(u32) * port->nr_sink_caps); caps.role = TYPEC_SINK; - if (cap) - usb_power_delivery_unregister_capabilities(cap); - cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); From a1895da8bd3b272fbb43efdb367620c4eca4af51 Mon Sep 17 00:00:00 2001 From: Aran Dalton Date: Sat, 31 Aug 2024 16:17:36 +0800 Subject: [PATCH 18/87] ANDROID: GKI: Add initial sunxi symbol list Add initial symbol list for sunxi. Bug: 363322588 Signed-off-by: Aran Dalton Change-Id: I1f9ab11c8d583b6905bf55420c6bc7d22be67346 --- BUILD.bazel | 1 + android/abi_gki_aarch64.stg | 1495 +++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_sunxi | 55 ++ 3 files changed, 1551 insertions(+) create mode 100644 android/abi_gki_aarch64_sunxi diff --git a/BUILD.bazel b/BUILD.bazel index 5b7a4f7675a7..ade572e71a69 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -120,6 +120,7 @@ filegroup( "android/abi_gki_aarch64_qcom", "android/abi_gki_aarch64_rockchip", "android/abi_gki_aarch64_sony", + "android/abi_gki_aarch64_sunxi", "android/abi_gki_aarch64_telechips", "android/abi_gki_aarch64_tuxera", "android/abi_gki_aarch64_type_visibility", diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 8178ace608a0..aeeffcb421f3 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -4073,6 +4073,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x18b875ee } +pointer_reference { + id: 0x0cbee0ae + kind: POINTER + pointee_type_id: 0x18bb6425 +} pointer_reference { id: 0x0cbf60eb kind: POINTER @@ -4228,6 +4233,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x19d93429 } +pointer_reference { + id: 0x0ce7b4bf + kind: POINTER + pointee_type_id: 0x19de3463 +} pointer_reference { id: 0x0ce80834 kind: POINTER @@ -8763,6 +8773,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x6594ecd4 } +pointer_reference { + id: 0x13f5e4dd + kind: POINTER + pointee_type_id: 0x659775eb +} pointer_reference { id: 0x13f8b706 kind: POINTER @@ -8888,6 +8903,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x78ef929d } +pointer_reference { + id: 0x14b3256c + kind: POINTER + pointee_type_id: 0x788c732d +} pointer_reference { id: 0x14b9453b kind: POINTER @@ -12213,6 +12233,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xa7c362b0 } +pointer_reference { + id: 0x236b9af0 + kind: POINTER + pointee_type_id: 0xa7ee8d5f +} pointer_reference { id: 0x236d6a86 kind: POINTER @@ -15048,6 +15073,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x9bd4393a } +pointer_reference { + id: 0x2c6539ca + kind: POINTER + pointee_type_id: 0x9bd401b6 +} pointer_reference { id: 0x2c654423 kind: POINTER @@ -22258,6 +22288,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x94a6b558 } +pointer_reference { + id: 0x2fbb2eca + kind: POINTER + pointee_type_id: 0x94ac5db4 +} pointer_reference { id: 0x2fbbbd2f kind: POINTER @@ -22363,6 +22398,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0x955ad750 } +pointer_reference { + id: 0x2fc6b8c3 + kind: POINTER + pointee_type_id: 0x955a0593 +} pointer_reference { id: 0x2fc7c937 kind: POINTER @@ -22813,6 +22853,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xeb2226c1 } +pointer_reference { + id: 0x305baabf + kind: POINTER + pointee_type_id: 0xeb2e4c63 +} pointer_reference { id: 0x30600191 kind: POINTER @@ -27488,6 +27533,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xcd921577 } +pointer_reference { + id: 0x39f78276 + kind: POINTER + pointee_type_id: 0xcd9eef44 +} pointer_reference { id: 0x3a056647 kind: POINTER @@ -27538,6 +27588,11 @@ pointer_reference { kind: POINTER pointee_type_id: 0xc344f897 } +pointer_reference { + id: 0x3a41ae05 + kind: POINTER + pointee_type_id: 0xc3465e88 +} pointer_reference { id: 0x3a42306c kind: POINTER @@ -32488,6 +32543,11 @@ qualified { qualifier: CONST qualified_type_id: 0x7d5454d7 } +qualified { + id: 0xc3465e88 + qualifier: CONST + qualified_type_id: 0x7d5ecca9 +} qualified { id: 0xc35261da qualifier: CONST @@ -37432,6 +37492,11 @@ array { number_of_elements: 2 element_type_id: 0x18bd6530 } +array { + id: 0x6af4b9bd + number_of_elements: 2 + element_type_id: 0x1977e57b +} array { id: 0x6afc5176 number_of_elements: 252 @@ -37467,6 +37532,11 @@ array { number_of_elements: 7 element_type_id: 0x126add1c } +array { + id: 0x6c9889aa + number_of_elements: 2 + element_type_id: 0x00c72527 +} array { id: 0x6cb6e3da number_of_elements: 2 @@ -44768,6 +44838,11 @@ member { name: "adapter_id" type_id: 0x6720d32f } +member { + id: 0x2a19ba6f + name: "adc_channel_label" + type_id: 0x3e10b518 +} member { id: 0xc71d7293 name: "add" @@ -46630,6 +46705,12 @@ member { type_id: 0x6d7f5ff6 offset: 384 } +member { + id: 0xff0417d8 + name: "allow_utime" + type_id: 0xc93e017b + offset: 304 +} member { id: 0x4fbe8fdc name: "allow_zero_bytesused" @@ -53345,6 +53426,11 @@ member { name: "base" type_id: 0x3b0d08ae } +member { + id: 0x85e2db57 + name: "base" + type_id: 0x3835dcc0 +} member { id: 0x85e99dbc name: "base" @@ -54251,6 +54337,12 @@ member { type_id: 0x4585663f offset: 448 } +member { + id: 0xd6c15754 + name: "bhs" + type_id: 0x6af4b9bd + offset: 256 +} member { id: 0xc6e979bd name: "bi_bdev" @@ -59593,6 +59685,12 @@ member { type_id: 0x92233392 offset: 448 } +member { + id: 0x8fa8cc5b + name: "cancelling" + type_id: 0x6720d32f + offset: 448 +} member { id: 0xe33ac34a name: "cant_recv_wakeups" @@ -63841,6 +63939,12 @@ member { type_id: 0x07944f4b offset: 320 } +member { + id: 0xc8fe58de + name: "cluster_bits" + type_id: 0xc93e017b + offset: 16 +} member { id: 0x86cfd07d name: "cluster_id" @@ -63877,6 +63981,12 @@ member { type_id: 0x1c04d361 offset: 256 } +member { + id: 0x2f117fb7 + name: "cluster_size" + type_id: 0x4585663f + offset: 32 +} member { id: 0x38bc9c37 name: "cma_area" @@ -64533,6 +64643,12 @@ member { type_id: 0x6d472730 offset: 192 } +member { + id: 0xf088c5b6 + name: "codepage" + type_id: 0xc93e017b + offset: 96 +} member { id: 0x0fc968c6 name: "coder_state" @@ -66743,6 +66859,24 @@ member { type_id: 0x0258f96e offset: 192 } +member { + id: 0xf324e62b + name: "consumer_channel" + type_id: 0x3e10b518 + offset: 128 +} +member { + id: 0x167995aa + name: "consumer_data" + type_id: 0x18bd6530 + offset: 192 +} +member { + id: 0x697ffea5 + name: "consumer_dev_name" + type_id: 0x3e10b518 + offset: 64 +} member { id: 0x6bcdf1bd name: "consumer_head" @@ -67816,6 +67950,12 @@ member { name: "count" type_id: 0x92233392 } +member { + id: 0x65b77d65 + name: "count" + type_id: 0x92233392 + offset: 384 +} member { id: 0x65c3717b name: "count" @@ -72360,6 +72500,12 @@ member { type_id: 0xad4e3ade offset: 256 } +member { + id: 0x92018cb8 + name: "data_start" + type_id: 0x33756485 + offset: 320 +} member { id: 0xf93a991e name: "data_state" @@ -77867,6 +78013,24 @@ member { type_id: 0x0abe9fd1 offset: 152 } +member { + id: 0x6b95bcb0 + name: "dir_entries" + type_id: 0xc93e017b + offset: 256 +} +member { + id: 0x8b011dd4 + name: "dir_hash_lock" + type_id: 0xf313e71a + offset: 19520 +} +member { + id: 0x4d0d727b + name: "dir_hashtable" + type_id: 0x6e464516 + offset: 19584 +} member { id: 0xe029b7a1 name: "dir_in" @@ -77880,6 +78044,12 @@ member { type_id: 0x1253769c offset: 1824 } +member { + id: 0x6bb2defa + name: "dir_ops" + type_id: 0x391f15ea + offset: 2368 +} member { id: 0x648b9613 name: "dir_out" @@ -77887,6 +78057,24 @@ member { offset: 5 bitsize: 1 } +member { + id: 0x07a98e4b + name: "dir_per_block" + type_id: 0x6720d32f + offset: 2432 +} +member { + id: 0x0d4697e1 + name: "dir_per_block_bits" + type_id: 0x6720d32f + offset: 2464 +} +member { + id: 0x6c643354 + name: "dir_start" + type_id: 0x33756485 + offset: 192 +} member { id: 0x2ed2245a name: "dir_uid" @@ -78062,6 +78250,12 @@ member { type_id: 0x2efa73f5 offset: 128 } +member { + id: 0xb5d697eb + name: "dirty" + type_id: 0x4585663f + offset: 35968 +} member { id: 0x050fb49d name: "dirty_bitmap" @@ -78534,6 +78728,13 @@ member { type_id: 0xb34a0d30 offset: 64 } +member { + id: 0xf9f1b2e7 + name: "discard" + type_id: 0x4585663f + offset: 333 + bitsize: 1 +} member { id: 0x99be6e27 name: "discard_alignment" @@ -80011,6 +80212,20 @@ member { type_id: 0x39d30e9a offset: 128 } +member { + id: 0x64ddbf40 + name: "dos1xfloppy" + type_id: 0x4585663f + offset: 334 + bitsize: 1 +} +member { + id: 0xae8ac049 + name: "dotsOK" + type_id: 0x4585663f + offset: 323 + bitsize: 1 +} member { id: 0x4fbdcb60 name: "double_poll" @@ -84514,12 +84729,62 @@ member { type_id: 0x2e47a18c offset: 67456 } +member { + id: 0x1b055adc + name: "ent12_p" + type_id: 0x6c9889aa +} +member { + id: 0x24bc43b1 + name: "ent16_p" + type_id: 0x2c6539ca +} +member { + id: 0xe7fc7569 + name: "ent32_p" + type_id: 0x087aa58e +} +member { + id: 0x80405633 + name: "ent_blocknr" + type_id: 0x0cbee0ae +} +member { + id: 0xed8fc47b + name: "ent_bread" + type_id: 0x2fbb2eca + offset: 128 +} member { id: 0x9fb41354 name: "ent_enum" type_id: 0xd7f1f384 offset: 2048 } +member { + id: 0x34416368 + name: "ent_get" + type_id: 0x2fc6b8c3 + offset: 192 +} +member { + id: 0x03ea0cb4 + name: "ent_next" + type_id: 0x2fc6b8c3 + offset: 320 +} +member { + id: 0x095c4eef + name: "ent_put" + type_id: 0x0ce7b4bf + offset: 256 +} +member { + id: 0xa5dc376a + name: "ent_set_ptr" + type_id: 0x0ce7b4bf + offset: 64 +} member { id: 0x94f37550 name: "ent_size" @@ -84732,6 +84997,11 @@ member { name: "entry" type_id: 0x49a73111 } +member { + id: 0x4d3368ee + name: "entry" + type_id: 0x6720d32f +} member { id: 0x4d4645b4 name: "entry" @@ -85516,6 +85786,12 @@ member { type_id: 0xf1159c31 offset: 256 } +member { + id: 0x63099e78 + name: "errors" + type_id: 0x5d8155a5 + offset: 280 +} member { id: 0x636e25c6 name: "errors" @@ -88292,6 +88568,60 @@ member { type_id: 0x25e44921 offset: 1280 } +member { + id: 0x23e9d196 + name: "fat_bits" + type_id: 0x5d8155a5 + offset: 72 +} +member { + id: 0x98f2925e + name: "fat_inode" + type_id: 0x1b8590a8 + offset: 384 +} +member { + id: 0x98f29a96 + name: "fat_inode" + type_id: 0x1b8590a8 + offset: 2624 +} +member { + id: 0x91b784ab + name: "fat_length" + type_id: 0x33756485 + offset: 128 +} +member { + id: 0xb554d263 + name: "fat_lock" + type_id: 0xa7c362b0 + offset: 576 +} +member { + id: 0xfca58804 + name: "fat_start" + type_id: 0xc93e017b + offset: 80 +} +member { + id: 0xcbb665d2 + name: "fatent_ops" + type_id: 0x3a41ae05 + offset: 2560 +} +member { + id: 0x77210b94 + name: "fatent_shift" + type_id: 0x6720d32f + offset: 2528 +} +member { + id: 0xc808bcf8 + name: "fats" + type_id: 0x5d8155a5 + offset: 64 +} member { id: 0x7bb750d9 name: "fault" @@ -93120,6 +93450,13 @@ member { type_id: 0x26e52db9 offset: 1856 } +member { + id: 0xb6c9efb1 + name: "flush" + type_id: 0x4585663f + offset: 328 + bitsize: 1 +} member { id: 0x8934961f name: "flush_buffer" @@ -94679,6 +95016,18 @@ member { type_id: 0x0fa358e7 offset: 192 } +member { + id: 0x096aa500 + name: "free_clus_valid" + type_id: 0x4585663f + offset: 1792 +} +member { + id: 0x5ad273b5 + name: "free_clusters" + type_id: 0x4585663f + offset: 1760 +} member { id: 0x5afe9f54 name: "free_clusters" @@ -95454,12 +95803,30 @@ member { type_id: 0x0b59f310 offset: 128 } +member { + id: 0x4ae6a3fc + name: "fs_dmask" + type_id: 0xc93e017b + offset: 80 +} member { id: 0x2ec9b506 name: "fs_flags" type_id: 0x6720d32f offset: 64 } +member { + id: 0xea1673b7 + name: "fs_fmask" + type_id: 0xc93e017b + offset: 64 +} +member { + id: 0xf1ca03d6 + name: "fs_gid" + type_id: 0xb0ddb211 + offset: 32 +} member { id: 0x4ef12ece name: "fs_private" @@ -95478,6 +95845,11 @@ member { type_id: 0x32ec08f2 offset: 448 } +member { + id: 0xf5875972 + name: "fs_uid" + type_id: 0xe90b32b7 +} member { id: 0x62129df4 name: "fsflags" @@ -95526,6 +95898,18 @@ member { type_id: 0x891aa0dd offset: 64 } +member { + id: 0x549fad46 + name: "fsinfo_inode" + type_id: 0x1b8590a8 + offset: 2688 +} +member { + id: 0x20f385ae + name: "fsinfo_sector" + type_id: 0x33756485 + offset: 512 +} member { id: 0x992e67b4 name: "fsn_fa" @@ -109619,6 +110003,18 @@ member { type_id: 0x39d1288c offset: 1984 } +member { + id: 0xf1bb53fc + name: "inode_hash_lock" + type_id: 0xf313e71a + offset: 3072 +} +member { + id: 0x6440518b + name: "inode_hashtable" + type_id: 0x6e464516 + offset: 3136 +} member { id: 0x8c1d6568 name: "inodes" @@ -111227,6 +111623,12 @@ member { name: "iocb" type_id: 0x08b52b5b } +member { + id: 0x3741eca7 + name: "iocharset" + type_id: 0x0483e6f8 + offset: 192 +} member { id: 0x4d466701 name: "ioctl" @@ -113950,6 +114352,13 @@ member { type_id: 0x92233392 offset: 768 } +member { + id: 0xe0d447a8 + name: "isvfat" + type_id: 0x4585663f + offset: 324 + bitsize: 1 +} member { id: 0xd015d2ba name: "it" @@ -122880,6 +123289,12 @@ member { type_id: 0x7abd5475 offset: 448 } +member { + id: 0x8d9e156c + name: "map" + type_id: 0x686d198e + offset: 128 +} member { id: 0x8dbdb056 name: "map" @@ -124830,6 +125245,12 @@ member { type_id: 0xe8034002 offset: 16 } +member { + id: 0x104f2462 + name: "max_cluster" + type_id: 0x33756485 + offset: 384 +} member { id: 0x131f15d8 name: "max_cmd_len" @@ -133620,6 +134041,12 @@ member { type_id: 0x6720d32f offset: 320 } +member { + id: 0x51298e0d + name: "name_check" + type_id: 0x5d8155a5 + offset: 272 +} member { id: 0xe827458d name: "name_count" @@ -136296,11 +136723,23 @@ member { type_id: 0x7584e7da offset: 224 } +member { + id: 0x9f1d838a + name: "nfs" + type_id: 0x5d8155a5 + offset: 288 +} member { id: 0x6c93fd20 name: "nfs4_fl" type_id: 0x5d26223d } +member { + id: 0xcd620354 + name: "nfs_build_inode_lock" + type_id: 0xa7c362b0 + offset: 960 +} member { id: 0xc5e6562f name: "nfs_fl" @@ -136743,6 +137182,18 @@ member { type_id: 0xe8034002 offset: 32 } +member { + id: 0xeccd6b75 + name: "nls_disk" + type_id: 0x00daeb4b + offset: 2240 +} +member { + id: 0xa83e7db6 + name: "nls_io" + type_id: 0x00daeb4b + offset: 2304 +} member { id: 0xc9b27f69 name: "nlsk" @@ -137131,6 +137582,13 @@ member { type_id: 0x6d7f5ff6 offset: 1200 } +member { + id: 0x1b8202a3 + name: "nocase" + type_id: 0x4585663f + offset: 329 + bitsize: 1 +} member { id: 0xb9c6c9cf name: "nocb_gp_wq" @@ -137376,6 +137834,12 @@ member { type_id: 0xd3c80119 offset: 8384 } +member { + id: 0x0fa6cdb7 + name: "node" + type_id: 0xd3c80119 + offset: 512 +} member { id: 0x0fa6ce01 name: "node" @@ -138344,6 +138808,12 @@ member { type_id: 0x4585663f offset: 672 } +member { + id: 0x102b1569 + name: "nr_bhs" + type_id: 0x6720d32f + offset: 192 +} member { id: 0x061e4265 name: "nr_blocks" @@ -141586,6 +142056,13 @@ member { name: "numid" type_id: 0x4585663f } +member { + id: 0x32337329 + name: "numtail" + type_id: 0x4585663f + offset: 327 + bitsize: 1 +} member { id: 0xdb8e60db name: "nups" @@ -144585,6 +145062,12 @@ member { type_id: 0xaad72634 offset: 352 } +member { + id: 0xd2ad520a + name: "options" + type_id: 0x9ec1fb17 + offset: 1856 +} member { id: 0xd2d5b653 name: "options" @@ -155118,6 +155601,12 @@ member { type_id: 0x97012809 offset: 33792 } +member { + id: 0xde434006 + name: "prev_free" + type_id: 0x4585663f + offset: 1728 +} member { id: 0x4ac13271 name: "prev_growth" @@ -159867,6 +160356,13 @@ member { type_id: 0x1d19a9d5 offset: 20032 } +member { + id: 0x5ed13f3f + name: "quiet" + type_id: 0x4585663f + offset: 320 + bitsize: 1 +} member { id: 0xce3dd3dc name: "quirk" @@ -160757,6 +161253,12 @@ member { type_id: 0xa3ac7ea1 offset: 768 } +member { + id: 0xb3d91b71 + name: "ratelimit" + type_id: 0xa3ac7ea1 + offset: 2752 +} member { id: 0x3f10377e name: "rates" @@ -161584,6 +162086,12 @@ member { type_id: 0xe3222f5b offset: 10816 } +member { + id: 0x95daca5e + name: "rcu" + type_id: 0xe3222f5b + offset: 36032 +} member { id: 0x95dacb4a name: "rcu" @@ -169788,6 +170296,13 @@ member { type_id: 0xf57b706b offset: 256 } +member { + id: 0xe9340715 + name: "rodir" + type_id: 0x4585663f + offset: 332 + bitsize: 1 +} member { id: 0xc0218791 name: "role" @@ -170023,6 +170538,12 @@ member { type_id: 0x03d5ac6b offset: 3648 } +member { + id: 0xe7f1f92c + name: "root_cluster" + type_id: 0x33756485 + offset: 448 +} member { id: 0x83c4175b name: "root_cset" @@ -173058,6 +173579,12 @@ member { name: "s_list" type_id: 0xd3c80119 } +member { + id: 0x9d14efb4 + name: "s_lock" + type_id: 0xa7c362b0 + offset: 1344 +} member { id: 0xdb1c4cf1 name: "s_lock_key" @@ -175415,6 +175942,11 @@ member { type_id: 0xb3e7bac9 offset: 752 } +member { + id: 0x4e3368f6 + name: "sec_per_clus" + type_id: 0xc93e017b +} member { id: 0x5f20510d name: "sec_trim_mult" @@ -179629,6 +180161,12 @@ member { type_id: 0x5adf57ae offset: 288 } +member { + id: 0x3fab78ab + name: "shortname" + type_id: 0xc93e017b + offset: 256 +} member { id: 0xa7bc78ff name: "shost_data" @@ -179845,6 +180383,13 @@ member { type_id: 0x2d845a47 offset: 1216 } +member { + id: 0xdb0d0e45 + name: "showexec" + type_id: 0x4585663f + offset: 321 + bitsize: 1 +} member { id: 0x731ffc29 name: "shpc_managed" @@ -190312,6 +190857,13 @@ member { type_id: 0x4585663f offset: 192 } +member { + id: 0x3f6243c6 + name: "sys_immutable" + type_id: 0x4585663f + offset: 322 + bitsize: 1 +} member { id: 0x5f2a979c name: "sys_monoraw" @@ -194132,6 +194684,12 @@ member { type_id: 0x22f6cb5b offset: 448 } +member { + id: 0xae425e2a + name: "time_offset" + type_id: 0x6720d32f + offset: 128 +} member { id: 0xaec8823b name: "time_offset" @@ -200348,6 +200906,13 @@ member { type_id: 0xd3c80119 offset: 1472 } +member { + id: 0x8c6d4f35 + name: "tz_set" + type_id: 0x4585663f + offset: 331 + bitsize: 1 +} member { id: 0xf0c0380f name: "tzd" @@ -200411,6 +200976,12 @@ member { name: "u" type_id: 0x559f10ea } +member { + id: 0xec2f6a11 + name: "u" + type_id: 0x50329d99 + offset: 64 +} member { id: 0xec2faca6 name: "u" @@ -201635,6 +202206,13 @@ member { type_id: 0x2d34349d offset: 128 } +member { + id: 0x1e9ce52d + name: "unicode_xlate" + type_id: 0x4585663f + offset: 326 + bitsize: 1 +} member { id: 0xb7a98fcb name: "uniq" @@ -203715,6 +204293,13 @@ member { type_id: 0xb02b353a offset: 64 } +member { + id: 0x0ae074f9 + name: "usefree" + type_id: 0x4585663f + offset: 330 + bitsize: 1 +} member { id: 0x042a2048 name: "user" @@ -204230,6 +204815,13 @@ member { type_id: 0x3b1e48cc offset: 23296 } +member { + id: 0x9da2095c + name: "utf8" + type_id: 0x4585663f + offset: 325 + bitsize: 1 +} member { id: 0x37ff5ef8 name: "utf8agetab" @@ -205257,6 +205849,12 @@ member { type_id: 0xf313e71a offset: 3104 } +member { + id: 0x2ab87e79 + name: "vblank" + type_id: 0x0610b875 + offset: 320 +} member { id: 0x2ab87fb6 name: "vblank" @@ -207446,6 +208044,12 @@ member { type_id: 0xe8034002 offset: 6048 } +member { + id: 0x21a48c71 + name: "vol_id" + type_id: 0x4585663f + offset: 2496 +} member { id: 0x762946d6 name: "volatile_reg" @@ -216991,6 +217595,16 @@ struct_union { member_id: 0x220cbd53 } } +struct_union { + id: 0x50329d99 + kind: UNION + definition { + bytesize: 16 + member_id: 0x1b055adc + member_id: 0x24bc43b1 + member_id: 0xe7fc7569 + } +} struct_union { id: 0x50893793 kind: UNION @@ -231174,6 +231788,19 @@ struct_union { member_id: 0xf00bd56d } } +struct_union { + id: 0xeb2e4c63 + kind: STRUCT + name: "drm_vblank_work" + definition { + bytesize: 80 + member_id: 0x85e2db57 + member_id: 0x2ab87e79 + member_id: 0x65b77d65 + member_id: 0x8fa8cc5b + member_id: 0x0fa6cdb7 + } +} struct_union { id: 0x5547943d kind: STRUCT @@ -233276,6 +233903,68 @@ struct_union { member_id: 0xb724a620 } } +struct_union { + id: 0xa7ee8d5f + kind: STRUCT + name: "fat_entry" + definition { + bytesize: 56 + member_id: 0x4d3368ee + member_id: 0xec2f6a11 + member_id: 0x102b1569 + member_id: 0xd6c15754 + member_id: 0x98f2925e + } +} +struct_union { + id: 0x9ec1fb17 + kind: STRUCT + name: "fat_mount_options" + definition { + bytesize: 48 + member_id: 0xf5875972 + member_id: 0xf1ca03d6 + member_id: 0xea1673b7 + member_id: 0x4ae6a3fc + member_id: 0xf088c5b6 + member_id: 0xae425e2a + member_id: 0x3741eca7 + member_id: 0x3fab78ab + member_id: 0x51298e0d + member_id: 0x63099e78 + member_id: 0x9f1d838a + member_id: 0xff0417d8 + member_id: 0x5ed13f3f + member_id: 0xdb0d0e45 + member_id: 0x3f6243c6 + member_id: 0xae8ac049 + member_id: 0xe0d447a8 + member_id: 0x9da2095c + member_id: 0x1e9ce52d + member_id: 0x32337329 + member_id: 0xb6c9efb1 + member_id: 0x1b8202a3 + member_id: 0x0ae074f9 + member_id: 0x8c6d4f35 + member_id: 0xe9340715 + member_id: 0xf9f1b2e7 + member_id: 0x64ddbf40 + } +} +struct_union { + id: 0x7d5ecca9 + kind: STRUCT + name: "fatent_operations" + definition { + bytesize: 48 + member_id: 0x80405633 + member_id: 0xa5dc376a + member_id: 0xed8fc47b + member_id: 0x34416368 + member_id: 0x095c4eef + member_id: 0x03ea0cb4 + } +} struct_union { id: 0xd529883e kind: STRUCT @@ -239162,6 +239851,18 @@ struct_union { member_id: 0x712b765b } } +struct_union { + id: 0x659775eb + kind: STRUCT + name: "iio_map" + definition { + bytesize: 32 + member_id: 0x2a19ba6f + member_id: 0x697ffea5 + member_id: 0xf324e62b + member_id: 0x167995aa + } +} struct_union { id: 0x133963d3 kind: STRUCT @@ -246427,6 +247128,51 @@ struct_union { member_id: 0x5ee63f2d } } +struct_union { + id: 0xcd9eef44 + kind: STRUCT + name: "msdos_sb_info" + definition { + bytesize: 4520 + member_id: 0x4e3368f6 + member_id: 0xc8fe58de + member_id: 0x2f117fb7 + member_id: 0xc808bcf8 + member_id: 0x23e9d196 + member_id: 0xfca58804 + member_id: 0x91b784ab + member_id: 0x6c643354 + member_id: 0x6b95bcb0 + member_id: 0x92018cb8 + member_id: 0x104f2462 + member_id: 0xe7f1f92c + member_id: 0x20f385ae + member_id: 0xb554d263 + member_id: 0xcd620354 + member_id: 0x9d14efb4 + member_id: 0xde434006 + member_id: 0x5ad273b5 + member_id: 0x096aa500 + member_id: 0xd2ad520a + member_id: 0xeccd6b75 + member_id: 0xa83e7db6 + member_id: 0x6bb2defa + member_id: 0x07a98e4b + member_id: 0x0d4697e1 + member_id: 0x21a48c71 + member_id: 0x77210b94 + member_id: 0xcbb665d2 + member_id: 0x98f29a96 + member_id: 0x549fad46 + member_id: 0xb3d91b71 + member_id: 0xf1bb53fc + member_id: 0x6440518b + member_id: 0x8b011dd4 + member_id: 0x4d0d727b + member_id: 0xb5d697eb + member_id: 0x95daca5e + } +} struct_union { id: 0x992e3b77 kind: STRUCT @@ -253871,6 +254617,16 @@ struct_union { member_id: 0x2d1fec2e } } +struct_union { + id: 0x788c732d + kind: STRUCT + name: "rc_map_list" + definition { + bytesize: 56 + member_id: 0x7c00ef52 + member_id: 0x8d9e156c + } +} struct_union { id: 0xed49aaad kind: STRUCT @@ -292598,6 +293354,12 @@ function { parameter_id: 0x4585663f parameter_id: 0x09427c40 } +function { + id: 0x01e75921 + return_type_id: 0x48b5725f + parameter_id: 0x4585663f + parameter_id: 0x07944f4b +} function { id: 0x01ecbbc0 return_type_id: 0x48b5725f @@ -293738,6 +294500,14 @@ function { parameter_id: 0x0258f96e parameter_id: 0x1fc34bc2 } +function { + id: 0x1075e2ed + return_type_id: 0x48b5725f + parameter_id: 0x060cf413 + parameter_id: 0x52a8f1d9 + parameter_id: 0x92233392 + parameter_id: 0x295c7202 +} function { id: 0x10776911 return_type_id: 0x48b5725f @@ -293789,6 +294559,14 @@ function { parameter_id: 0x92233392 parameter_id: 0x92233392 } +function { + id: 0x109358f6 + return_type_id: 0x244b9b37 + parameter_id: 0x0d458514 + parameter_id: 0xc9082b19 + parameter_id: 0xc9082b19 + parameter_id: 0xc9082b19 +} function { id: 0x1093c795 return_type_id: 0x48b5725f @@ -294959,6 +295737,13 @@ function { return_type_id: 0x48b5725f parameter_id: 0x05003835 } +function { + id: 0x11d96a86 + return_type_id: 0x48b5725f + parameter_id: 0x054f691a + parameter_id: 0x054f691a + parameter_id: 0x1f73dead +} function { id: 0x11ddd684 return_type_id: 0x48b5725f @@ -297731,6 +298516,11 @@ function { return_type_id: 0x48b5725f parameter_id: 0x14abdd00 } +function { + id: 0x15b498c8 + return_type_id: 0x48b5725f + parameter_id: 0x14b3256c +} function { id: 0x15b600dd return_type_id: 0x48b5725f @@ -299734,6 +300524,14 @@ function { parameter_id: 0xb3e7bac9 parameter_id: 0xb3e7bac9 } +function { + id: 0x18bb6425 + return_type_id: 0x48b5725f + parameter_id: 0x26ee682a + parameter_id: 0x6720d32f + parameter_id: 0x13580d6c + parameter_id: 0x3ebcd127 +} function { id: 0x18befa18 return_type_id: 0x48b5725f @@ -300262,6 +301060,12 @@ function { parameter_id: 0x0130219f parameter_id: 0x6720d32f } +function { + id: 0x19de3463 + return_type_id: 0x48b5725f + parameter_id: 0x236b9af0 + parameter_id: 0x6720d32f +} function { id: 0x19e2f0b6 return_type_id: 0x48b5725f @@ -301497,6 +302301,12 @@ function { parameter_id: 0x36194830 parameter_id: 0x4585663f } +function { + id: 0x1c082c20 + return_type_id: 0x48b5725f + parameter_id: 0x3176a085 + parameter_id: 0x33756485 +} function { id: 0x1c0ba928 return_type_id: 0xd5cc9c9a @@ -301712,6 +302522,13 @@ function { parameter_id: 0x31b5a66f parameter_id: 0x2c8e1aaa } +function { + id: 0x1c48693a + return_type_id: 0x48b5725f + parameter_id: 0x305baabf + parameter_id: 0x315b7e01 + parameter_id: 0x0efff92a +} function { id: 0x1c487847 return_type_id: 0x48b5725f @@ -301924,6 +302741,11 @@ function { parameter_id: 0x33756485 parameter_id: 0x33756485 } +function { + id: 0x1c8ebb3c + return_type_id: 0x48b5725f + parameter_id: 0x305baabf +} function { id: 0x1c93cad8 return_type_id: 0x48b5725f @@ -303834,6 +304656,15 @@ function { return_type_id: 0x48b5725f parameter_id: 0x395e9ae2 } +function { + id: 0x1ed2fdaa + return_type_id: 0x48b5725f + parameter_id: 0x39f78276 + parameter_id: 0x04f728c1 + parameter_id: 0x9bd401b6 + parameter_id: 0x9bd401b6 + parameter_id: 0x295c7202 +} function { id: 0x1ed8d47c return_type_id: 0x48b5725f @@ -304001,6 +304832,15 @@ function { parameter_id: 0x6d7f5ff6 parameter_id: 0x2eafb82c } +function { + id: 0x1efdc546 + return_type_id: 0x48b5725f + parameter_id: 0x39f78276 + parameter_id: 0x04f728c1 + parameter_id: 0x2c6539ca + parameter_id: 0x2c6539ca + parameter_id: 0x00c72527 +} function { id: 0x1f00dfeb return_type_id: 0x48b5725f @@ -308200,6 +309040,13 @@ function { parameter_id: 0x347303b4 parameter_id: 0x6720d32f } +function { + id: 0x5a19767d + return_type_id: 0x18bd6530 + parameter_id: 0x347303b4 + parameter_id: 0x6720d32f + parameter_id: 0x3e10b518 +} function { id: 0x5a4be8d0 return_type_id: 0x18bd6530 @@ -309471,6 +310318,18 @@ function { return_type_id: 0x1d19a9d5 parameter_id: 0x2e029f76 } +function { + id: 0x70f2e1e7 + return_type_id: 0x054f691a + parameter_id: 0x6720d32f + parameter_id: 0x6720d32f + parameter_id: 0xe276adef + parameter_id: 0x32a623d7 + parameter_id: 0xe276adef + parameter_id: 0x384c5795 + parameter_id: 0x384c5795 + parameter_id: 0x384c5795 +} function { id: 0x71086e18 return_type_id: 0x24e24923 @@ -310096,6 +310955,11 @@ function { parameter_id: 0x064d6086 parameter_id: 0xc9082b19 } +function { + id: 0x8233b356 + return_type_id: 0x3a583251 + parameter_id: 0x14b9453b +} function { id: 0x825faca7 return_type_id: 0x31fa879c @@ -310765,6 +311629,15 @@ function { return_type_id: 0x6720d32f parameter_id: 0x5d8155a5 } +function { + id: 0x8af54231 + return_type_id: 0x01c5a749 + parameter_id: 0x074f1a14 + parameter_id: 0x249959de + parameter_id: 0x3e10b518 + parameter_id: 0x295c7202 + parameter_id: 0x3107a2d8 +} function { id: 0x8b00bfc7 return_type_id: 0x2e0f9112 @@ -310820,6 +311693,12 @@ function { parameter_id: 0x4585663f parameter_id: 0x328870e8 } +function { + id: 0x8c2c6f32 + return_type_id: 0x6720d32f + parameter_id: 0x4585663f + parameter_id: 0x33756485 +} function { id: 0x8c2fe37e return_type_id: 0x6720d32f @@ -310929,6 +311808,11 @@ function { parameter_id: 0x1b44744f parameter_id: 0x3e10b518 } +function { + id: 0x8cec1055 + return_type_id: 0x3a583251 + parameter_id: 0x2fc7c937 +} function { id: 0x8d172d0a return_type_id: 0xd41e888f @@ -311925,6 +312809,12 @@ function { parameter_id: 0x32a623d7 parameter_id: 0x6720d32f } +function { + id: 0x90b7b149 + return_type_id: 0x6720d32f + parameter_id: 0x347303b4 + parameter_id: 0x0ae4a2c7 +} function { id: 0x90b7ea24 return_type_id: 0x6720d32f @@ -316419,6 +317309,13 @@ function { parameter_id: 0x3b04bead parameter_id: 0x21003da7 } +function { + id: 0x93c5da99 + return_type_id: 0x6720d32f + parameter_id: 0x305baabf + parameter_id: 0x92233392 + parameter_id: 0x6d7f5ff6 +} function { id: 0x93c6821c return_type_id: 0x6720d32f @@ -317104,6 +318001,12 @@ function { parameter_id: 0x323908e0 parameter_id: 0x6d7f5ff6 } +function { + id: 0x946e6c80 + return_type_id: 0x6720d32f + parameter_id: 0x244b9b37 + parameter_id: 0x3f1a5886 +} function { id: 0x946eaca9 return_type_id: 0x52658204 @@ -317245,6 +318148,14 @@ function { return_type_id: 0x0611572c parameter_id: 0x332d6166 } +function { + id: 0x94ac5db4 + return_type_id: 0x6720d32f + parameter_id: 0x26ee682a + parameter_id: 0x236b9af0 + parameter_id: 0x6720d32f + parameter_id: 0xd0b3a203 +} function { id: 0x94ae1223 return_type_id: 0x6720d32f @@ -317755,6 +318666,11 @@ function { parameter_id: 0x6720d32f parameter_id: 0x6d7f5ff6 } +function { + id: 0x955a0593 + return_type_id: 0x6720d32f + parameter_id: 0x236b9af0 +} function { id: 0x955ad750 return_type_id: 0x6720d32f @@ -319301,6 +320217,13 @@ function { parameter_id: 0x281af600 parameter_id: 0x391f15ea } +function { + id: 0x976483ee + return_type_id: 0x6720d32f + parameter_id: 0x2a670b41 + parameter_id: 0x1c898f28 + parameter_id: 0x3e10b518 +} function { id: 0x976590a4 return_type_id: 0x2e0f9112 @@ -320027,6 +320950,12 @@ function { parameter_id: 0x6720d32f parameter_id: 0x0acb01fe } +function { + id: 0x9847d2a8 + return_type_id: 0x6720d32f + parameter_id: 0x14b9453b + parameter_id: 0x3a583251 +} function { id: 0x984b1567 return_type_id: 0x6720d32f @@ -320656,6 +321585,11 @@ function { parameter_id: 0xc9082b19 parameter_id: 0xc9082b19 } +function { + id: 0x98ac2a74 + return_type_id: 0x6720d32f + parameter_id: 0x14b3256c +} function { id: 0x98aeb261 return_type_id: 0x6720d32f @@ -327901,6 +328835,12 @@ function { parameter_id: 0x02a8d0c9 parameter_id: 0x1f8dbf97 } +function { + id: 0x9bedd31c + return_type_id: 0x6720d32f + parameter_id: 0x188b9e81 + parameter_id: 0x13f5e4dd +} function { id: 0x9bee7944 return_type_id: 0x6720d32f @@ -329204,6 +330144,12 @@ function { return_type_id: 0x6720d32f parameter_id: 0x04f7a60d } +function { + id: 0x9cbe9fe5 + return_type_id: 0x6720d32f + parameter_id: 0x060cf413 + parameter_id: 0x2f5073a5 +} function { id: 0x9cc0eb8f return_type_id: 0x6720d32f @@ -331220,6 +332166,12 @@ function { parameter_id: 0x347303b4 parameter_id: 0x20054a7b } +function { + id: 0x9dcf11c9 + return_type_id: 0x6720d32f + parameter_id: 0x026c3dea + parameter_id: 0x353f6734 +} function { id: 0x9dcf64bf return_type_id: 0x6720d32f @@ -332321,6 +333273,11 @@ function { parameter_id: 0x0ca27481 parameter_id: 0x33e53462 } +function { + id: 0x9e68e60a + return_type_id: 0x6720d32f + parameter_id: 0x0fa01494 +} function { id: 0x9e68eb19 return_type_id: 0x6720d32f @@ -332373,6 +333330,15 @@ function { parameter_id: 0xe62ebf07 parameter_id: 0xc9082b19 } +function { + id: 0x9e6e3078 + return_type_id: 0x6720d32f + parameter_id: 0x0fa01494 + parameter_id: 0x0258f96e + parameter_id: 0x38c3714d + parameter_id: 0x6720d32f + parameter_id: 0x6720d32f +} function { id: 0x9e6e36b1 return_type_id: 0x6720d32f @@ -334921,6 +335887,14 @@ function { parameter_id: 0x12e6ffae parameter_id: 0x36d2de0e } +function { + id: 0xa80dee82 + return_type_id: 0x31c8b544 + parameter_id: 0x3b04bead + parameter_id: 0x12e6ffae + parameter_id: 0x36d2de0e + parameter_id: 0x3db894b0 +} function { id: 0xa80f38e4 return_type_id: 0x0a1edf98 @@ -338240,6 +339214,11 @@ function { parameter_id: 0x3176a085 parameter_id: 0x1d5935e7 } +function { + id: 0xf2b2b1ab + return_type_id: 0x6d7f5ff6 + parameter_id: 0x305baabf +} function { id: 0xf2bde902 return_type_id: 0x6d7f5ff6 @@ -338951,6 +339930,12 @@ function { parameter_id: 0x1e820193 parameter_id: 0x18bd6530 } +function { + id: 0xf98bdd41 + return_type_id: 0x6d7f5ff6 + parameter_id: 0x18e64f74 + parameter_id: 0x4585663f +} function { id: 0xf9d4ae0e return_type_id: 0x6d7f5ff6 @@ -341745,6 +342730,15 @@ elf_symbol { type_id: 0xddfd6c01 full_name: "__media_entity_next_link" } +elf_symbol { + id: 0xc50a781f + name: "__media_entity_setup_link" + is_defined: true + symbol_type: FUNCTION + crc: 0x3252a75e + type_id: 0x901c3c62 + full_name: "__media_entity_setup_link" +} elf_symbol { id: 0x47a4997d name: "__memcat_p" @@ -347145,6 +348139,15 @@ elf_symbol { type_id: 0x9bfc29dd full_name: "__traceiter_dwc3_readl" } +elf_symbol { + id: 0xa1c053cb + name: "__traceiter_dwc3_writel" + is_defined: true + symbol_type: FUNCTION + crc: 0xcff87172 + type_id: 0x9bfc29dd + full_name: "__traceiter_dwc3_writel" +} elf_symbol { id: 0x5e5d9a70 name: "__traceiter_error_report_end" @@ -351708,6 +352711,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_dwc3_readl" } +elf_symbol { + id: 0x66f49065 + name: "__tracepoint_dwc3_writel" + is_defined: true + symbol_type: OBJECT + crc: 0x7bad1f23 + type_id: 0x18ccbd2c + full_name: "__tracepoint_dwc3_writel" +} elf_symbol { id: 0x3b13741e name: "__tracepoint_error_report_end" @@ -353623,6 +354635,15 @@ elf_symbol { type_id: 0x45f82b62 full_name: "arm_smccc_get_version" } +elf_symbol { + id: 0x2d62fd75 + name: "arp_create" + is_defined: true + symbol_type: FUNCTION + crc: 0xa20ae461 + type_id: 0x70f2e1e7 + full_name: "arp_create" +} elf_symbol { id: 0x4f8a812a name: "arp_send" @@ -357462,6 +358483,15 @@ elf_symbol { type_id: 0x1febeb84 full_name: "clk_unregister" } +elf_symbol { + id: 0x68c84c24 + name: "clk_unregister_fixed_factor" + is_defined: true + symbol_type: FUNCTION + crc: 0x45558f56 + type_id: 0x1febeb84 + full_name: "clk_unregister_fixed_factor" +} elf_symbol { id: 0x40da6f1f name: "clk_unregister_fixed_rate" @@ -357471,6 +358501,15 @@ elf_symbol { type_id: 0x1febeb84 full_name: "clk_unregister_fixed_rate" } +elf_symbol { + id: 0x9d70bb80 + name: "clk_unregister_gate" + is_defined: true + symbol_type: FUNCTION + crc: 0x8506baa8 + type_id: 0x1febeb84 + full_name: "clk_unregister_gate" +} elf_symbol { id: 0xdf9b5d08 name: "clkdev_add" @@ -360518,6 +361557,24 @@ elf_symbol { type_id: 0x13488e67 full_name: "dev_load" } +elf_symbol { + id: 0x9a2dbfca + name: "dev_mc_add" + is_defined: true + symbol_type: FUNCTION + crc: 0x5720adeb + type_id: 0x91c85a84 + full_name: "dev_mc_add" +} +elf_symbol { + id: 0xafae816a + name: "dev_mc_del" + is_defined: true + symbol_type: FUNCTION + crc: 0x6518341f + type_id: 0x91c85a84 + full_name: "dev_mc_del" +} elf_symbol { id: 0x47c790a6 name: "dev_mc_sync" @@ -364426,6 +365483,15 @@ elf_symbol { type_id: 0x13dca967 full_name: "dma_free_pages" } +elf_symbol { + id: 0x451c2c07 + name: "dma_get_any_slave_channel" + is_defined: true + symbol_type: FUNCTION + crc: 0x49d18271 + type_id: 0x8cec1055 + full_name: "dma_get_any_slave_channel" +} elf_symbol { id: 0xd0e88c9a name: "dma_get_required_mask" @@ -364975,6 +366041,15 @@ elf_symbol { type_id: 0x13db1588 full_name: "dmam_free_coherent" } +elf_symbol { + id: 0xac16424d + name: "dmam_pool_create" + is_defined: true + symbol_type: FUNCTION + crc: 0xcab45a40 + type_id: 0x5f4c14dc + full_name: "dmam_pool_create" +} elf_symbol { id: 0x6bebb14a name: "do_SAK" @@ -366181,6 +367256,24 @@ elf_symbol { type_id: 0x1c18b1c5 full_name: "drm_calc_timestamping_constants" } +elf_symbol { + id: 0x005134ba + name: "drm_client_buffer_vmap" + is_defined: true + symbol_type: FUNCTION + crc: 0x2655e936 + type_id: 0x946e6c80 + full_name: "drm_client_buffer_vmap" +} +elf_symbol { + id: 0x877c985c + name: "drm_client_framebuffer_create" + is_defined: true + symbol_type: FUNCTION + crc: 0xffc28aa5 + type_id: 0x109358f6 + full_name: "drm_client_framebuffer_create" +} elf_symbol { id: 0x51df4337 name: "drm_client_init" @@ -367162,6 +368255,15 @@ elf_symbol { type_id: 0x91bfa9d8 full_name: "drm_gem_fb_create_handle" } +elf_symbol { + id: 0x3948069d + name: "drm_gem_fb_create_with_funcs" + is_defined: true + symbol_type: FUNCTION + crc: 0xfd2eb98d + type_id: 0xa80dee82 + full_name: "drm_gem_fb_create_with_funcs" +} elf_symbol { id: 0x128b55c8 name: "drm_gem_fb_destroy" @@ -368728,6 +369830,15 @@ elf_symbol { type_id: 0xf7820d73 full_name: "drm_probe_ddc" } +elf_symbol { + id: 0xe0832a10 + name: "drm_property_add_enum" + is_defined: true + symbol_type: FUNCTION + crc: 0x95d2dcc0 + type_id: 0x976483ee + full_name: "drm_property_add_enum" +} elf_symbol { id: 0x0768ccdb name: "drm_property_blob_get" @@ -369124,6 +370235,42 @@ elf_symbol { type_id: 0x9257d91c full_name: "drm_vblank_init" } +elf_symbol { + id: 0x67c8f92b + name: "drm_vblank_work_cancel_sync" + is_defined: true + symbol_type: FUNCTION + crc: 0x123b3e87 + type_id: 0xf2b2b1ab + full_name: "drm_vblank_work_cancel_sync" +} +elf_symbol { + id: 0xc2c5f476 + name: "drm_vblank_work_flush" + is_defined: true + symbol_type: FUNCTION + crc: 0x09f67abe + type_id: 0x1c8ebb3c + full_name: "drm_vblank_work_flush" +} +elf_symbol { + id: 0xf73ea9f7 + name: "drm_vblank_work_init" + is_defined: true + symbol_type: FUNCTION + crc: 0xe02a1488 + type_id: 0x1c48693a + full_name: "drm_vblank_work_init" +} +elf_symbol { + id: 0xdc9144c7 + name: "drm_vblank_work_schedule" + is_defined: true + symbol_type: FUNCTION + crc: 0x6d28d4ee + type_id: 0x93c5da99 + full_name: "drm_vblank_work_schedule" +} elf_symbol { id: 0x7993ff4e name: "drm_wait_one_vblank" @@ -369133,6 +370280,15 @@ elf_symbol { type_id: 0x1f4f6ba0 full_name: "drm_wait_one_vblank" } +elf_symbol { + id: 0xd8f127ed + name: "drm_warn_on_modeset_not_all_locked" + is_defined: true + symbol_type: FUNCTION + crc: 0x0a7b5985 + type_id: 0x1e597e38 + full_name: "drm_warn_on_modeset_not_all_locked" +} elf_symbol { id: 0x9a93a123 name: "drm_writeback_cleanup_job" @@ -370168,6 +371324,24 @@ elf_symbol { type_id: 0x8432b9df full_name: "fasync_helper" } +elf_symbol { + id: 0x69cfb246 + name: "fat_time_fat2unix" + is_defined: true + symbol_type: FUNCTION + crc: 0x21adac54 + type_id: 0x1ed2fdaa + full_name: "fat_time_fat2unix" +} +elf_symbol { + id: 0xcbfddb66 + name: "fat_time_unix2fat" + is_defined: true + symbol_type: FUNCTION + crc: 0x5d216602 + type_id: 0x1efdc546 + full_name: "fat_time_unix2fat" +} elf_symbol { id: 0xc56006c7 name: "fault_in_iov_iter_readable" @@ -373195,6 +374369,15 @@ elf_symbol { type_id: 0x9f5ff0f6 full_name: "gpiochip_irq_reqres" } +elf_symbol { + id: 0x6e6c9891 + name: "gpiochip_line_is_irq" + is_defined: true + symbol_type: FUNCTION + crc: 0xdaafae4f + type_id: 0xf98bdd41 + full_name: "gpiochip_line_is_irq" +} elf_symbol { id: 0x65492c23 name: "gpiochip_line_is_valid" @@ -374491,6 +375674,15 @@ elf_symbol { type_id: 0x9f2e9dbc full_name: "hwspin_lock_free" } +elf_symbol { + id: 0xf9b62266 + name: "hwspin_lock_register" + is_defined: true + symbol_type: FUNCTION + crc: 0x411c126b + type_id: 0x9e6e3078 + full_name: "hwspin_lock_register" +} elf_symbol { id: 0xaa95b979 name: "hwspin_lock_request_specific" @@ -374500,6 +375692,15 @@ elf_symbol { type_id: 0xd208e2cb full_name: "hwspin_lock_request_specific" } +elf_symbol { + id: 0xfad21763 + name: "hwspin_lock_unregister" + is_defined: true + symbol_type: FUNCTION + crc: 0x23fa971e + type_id: 0x9e68e60a + full_name: "hwspin_lock_unregister" +} elf_symbol { id: 0xe15d2559 name: "hypervisor_kobj" @@ -375760,6 +376961,24 @@ elf_symbol { type_id: 0x884063ea full_name: "iio_get_time_ns" } +elf_symbol { + id: 0x2c6f9f9a + name: "iio_map_array_register" + is_defined: true + symbol_type: FUNCTION + crc: 0x4e6fb213 + type_id: 0x9bedd31c + full_name: "iio_map_array_register" +} +elf_symbol { + id: 0xa4bca904 + name: "iio_map_array_unregister" + is_defined: true + symbol_type: FUNCTION + crc: 0xa720e467 + type_id: 0x9ba2048f + full_name: "iio_map_array_unregister" +} elf_symbol { id: 0x2dd4437a name: "iio_pollfunc_store_time" @@ -376210,6 +377429,15 @@ elf_symbol { type_id: 0x18c93498 full_name: "init_net" } +elf_symbol { + id: 0xb79bab94 + name: "init_on_alloc" + is_defined: true + symbol_type: OBJECT + crc: 0x954cef6f + type_id: 0xd2755d5f + full_name: "init_on_alloc" +} elf_symbol { id: 0x86c8a137 name: "init_on_free" @@ -377272,6 +378500,15 @@ elf_symbol { type_id: 0x9d16dd74 full_name: "iommu_unregister_device_fault_handler" } +elf_symbol { + id: 0x45ab591d + name: "ioport_resource" + is_defined: true + symbol_type: OBJECT + crc: 0x6bbf1b3e + type_id: 0xc7736674 + full_name: "ioport_resource" +} elf_symbol { id: 0xa0390871 name: "ioremap_prot" @@ -377623,6 +378860,24 @@ elf_symbol { type_id: 0x3d278a00 full_name: "ipv6_stub" } +elf_symbol { + id: 0x5ba96acf + name: "ir_raw_event_handle" + is_defined: true + symbol_type: FUNCTION + crc: 0x2954c918 + type_id: 0x111b6c97 + full_name: "ir_raw_event_handle" +} +elf_symbol { + id: 0xd15ab841 + name: "ir_raw_event_store" + is_defined: true + symbol_type: FUNCTION + crc: 0x886bccae + type_id: 0x9cbe9fe5 + full_name: "ir_raw_event_store" +} elf_symbol { id: 0x915bc321 name: "ir_raw_event_store_edge" @@ -378199,6 +379454,15 @@ elf_symbol { type_id: 0x85d454a8 full_name: "irq_set_parent" } +elf_symbol { + id: 0x83cf5af5 + name: "irq_setup_alt_chip" + is_defined: true + symbol_type: FUNCTION + crc: 0xd4588da0 + type_id: 0x9e49e56e + full_name: "irq_setup_alt_chip" +} elf_symbol { id: 0x3b8e2bac name: "irq_stat" @@ -384496,6 +385760,15 @@ elf_symbol { type_id: 0xdd32bce5 full_name: "of_clk_hw_onecell_get" } +elf_symbol { + id: 0x36058f3f + name: "of_clk_hw_register" + is_defined: true + symbol_type: FUNCTION + crc: 0x68222cc8 + type_id: 0x90b7b149 + full_name: "of_clk_hw_register" +} elf_symbol { id: 0xebf521c2 name: "of_clk_hw_simple_get" @@ -385261,6 +386534,15 @@ elf_symbol { type_id: 0xbce9e1eb full_name: "of_icc_xlate_onecell" } +elf_symbol { + id: 0x21b8efef + name: "of_io_request_and_map" + is_defined: true + symbol_type: FUNCTION + crc: 0x51499fb7 + type_id: 0x5a19767d + full_name: "of_io_request_and_map" +} elf_symbol { id: 0xb6e53400 name: "of_iomap" @@ -388297,6 +389579,15 @@ elf_symbol { type_id: 0x10219d88 full_name: "phy_put" } +elf_symbol { + id: 0x4cab5615 + name: "phy_queue_state_machine" + is_defined: true + symbol_type: FUNCTION + crc: 0x91f62051 + type_id: 0x1c082c20 + full_name: "phy_queue_state_machine" +} elf_symbol { id: 0x1a84af17 name: "phy_read_mmd" @@ -388468,6 +389759,15 @@ elf_symbol { type_id: 0x9109cd4f full_name: "phy_sfp_probe" } +elf_symbol { + id: 0x4d3be8fa + name: "phy_speed_to_str" + is_defined: true + symbol_type: FUNCTION + crc: 0xe4b818c3 + type_id: 0x8b8c2368 + full_name: "phy_speed_to_str" +} elf_symbol { id: 0x6e315775 name: "phy_start" @@ -389098,6 +390398,15 @@ elf_symbol { type_id: 0x8ce1baa0 full_name: "pinctrl_gpio_direction_output" } +elf_symbol { + id: 0x54a103db + name: "pinctrl_gpio_set_config" + is_defined: true + symbol_type: FUNCTION + crc: 0x9b92d16e + type_id: 0x8c2c6f32 + full_name: "pinctrl_gpio_set_config" +} elf_symbol { id: 0x173c6399 name: "pinctrl_lookup_state" @@ -391510,6 +392819,33 @@ elf_symbol { type_id: 0x11085c29 full_name: "rb_replace_node" } +elf_symbol { + id: 0x2f505fb1 + name: "rc_keydown" + is_defined: true + symbol_type: FUNCTION + crc: 0xce3ac2dc + type_id: 0x1075e2ed + full_name: "rc_keydown" +} +elf_symbol { + id: 0x44afa897 + name: "rc_map_register" + is_defined: true + symbol_type: FUNCTION + crc: 0xb960f15c + type_id: 0x98ac2a74 + full_name: "rc_map_register" +} +elf_symbol { + id: 0x449f96cf + name: "rc_map_unregister" + is_defined: true + symbol_type: FUNCTION + crc: 0x2ed90ced + type_id: 0x15b498c8 + full_name: "rc_map_unregister" +} elf_symbol { id: 0xdbf9c67a name: "rcu_barrier" @@ -393373,6 +394709,15 @@ elf_symbol { type_id: 0x978438bd full_name: "reset_control_reset" } +elf_symbol { + id: 0xb5e4cc08 + name: "reset_control_status" + is_defined: true + symbol_type: FUNCTION + crc: 0x8c743fb6 + type_id: 0x978438bd + full_name: "reset_control_status" +} elf_symbol { id: 0xd41c441b name: "reset_controller_register" @@ -397073,6 +398418,15 @@ elf_symbol { type_id: 0x10572c13 full_name: "skb_add_rx_frag" } +elf_symbol { + id: 0x34556105 + name: "skb_append" + is_defined: true + symbol_type: FUNCTION + crc: 0x58422e60 + type_id: 0x11d96a86 + full_name: "skb_append" +} elf_symbol { id: 0x736f4bcb name: "skb_append_pagefrags" @@ -397883,6 +399237,42 @@ elf_symbol { type_id: 0x1c27266a full_name: "snd_dma_free_pages" } +elf_symbol { + id: 0xa3379f89 + name: "snd_dmaengine_pcm_close_release_chan" + is_defined: true + symbol_type: FUNCTION + crc: 0xec0aad1e + type_id: 0x98aeb261 + full_name: "snd_dmaengine_pcm_close_release_chan" +} +elf_symbol { + id: 0x5604a4fb + name: "snd_dmaengine_pcm_get_chan" + is_defined: true + symbol_type: FUNCTION + crc: 0x84522a0f + type_id: 0x8233b356 + full_name: "snd_dmaengine_pcm_get_chan" +} +elf_symbol { + id: 0xa6fbd01c + name: "snd_dmaengine_pcm_open" + is_defined: true + symbol_type: FUNCTION + crc: 0xaf6cbb11 + type_id: 0x9847d2a8 + full_name: "snd_dmaengine_pcm_open" +} +elf_symbol { + id: 0x9c327127 + name: "snd_dmaengine_pcm_pointer" + is_defined: true + symbol_type: FUNCTION + crc: 0x25ffc596 + type_id: 0x2f31eea6 + full_name: "snd_dmaengine_pcm_pointer" +} elf_symbol { id: 0x2e657b50 name: "snd_dmaengine_pcm_prepare_slave_config" @@ -397910,6 +399300,15 @@ elf_symbol { type_id: 0x1ec5beaa full_name: "snd_dmaengine_pcm_set_config_from_dai_data" } +elf_symbol { + id: 0x800ec478 + name: "snd_dmaengine_pcm_trigger" + is_defined: true + symbol_type: FUNCTION + crc: 0x971271c8 + type_id: 0x9932312d + full_name: "snd_dmaengine_pcm_trigger" +} elf_symbol { id: 0xf8dd0a45 name: "snd_hwdep_new" @@ -400331,6 +401730,15 @@ elf_symbol { type_id: 0x10af3538 full_name: "spi_unregister_controller" } +elf_symbol { + id: 0x648ea3a7 + name: "spi_unregister_device" + is_defined: true + symbol_type: FUNCTION + crc: 0xaf0c6cf8 + type_id: 0x14287f03 + full_name: "spi_unregister_device" +} elf_symbol { id: 0xf74b4f61 name: "spi_write_then_read" @@ -407921,6 +409329,15 @@ elf_symbol { type_id: 0x01ecbbc0 full_name: "v4l2_ctrl_auto_cluster" } +elf_symbol { + id: 0xe41a5275 + name: "v4l2_ctrl_cluster" + is_defined: true + symbol_type: FUNCTION + crc: 0xc6c7e356 + type_id: 0x01e75921 + full_name: "v4l2_ctrl_cluster" +} elf_symbol { id: 0x218d39b6 name: "v4l2_ctrl_find" @@ -408353,6 +409770,15 @@ elf_symbol { type_id: 0x9cfc5a75 full_name: "v4l2_fwnode_endpoint_parse" } +elf_symbol { + id: 0x6eac099d + name: "v4l2_g_ctrl" + is_defined: true + symbol_type: FUNCTION + crc: 0xe37c2dcc + type_id: 0x9dcf11c9 + full_name: "v4l2_g_ctrl" +} elf_symbol { id: 0x58330374 name: "v4l2_g_parm_cap" @@ -408371,6 +409797,15 @@ elf_symbol { type_id: 0x8798b290 full_name: "v4l2_get_link_freq" } +elf_symbol { + id: 0xa8467fd4 + name: "v4l2_i2c_new_subdev" + is_defined: true + symbol_type: FUNCTION + crc: 0x7412770a + type_id: 0x8af54231 + full_name: "v4l2_i2c_new_subdev" +} elf_symbol { id: 0x5e36dba6 name: "v4l2_i2c_subdev_init" @@ -409001,6 +410436,15 @@ elf_symbol { type_id: 0xe32fa2b6 full_name: "vb2_dma_contig_memops" } +elf_symbol { + id: 0xd187d6a0 + name: "vb2_dma_contig_set_max_seg_size" + is_defined: true + symbol_type: FUNCTION + crc: 0x2dce21d6 + type_id: 0x9c00c8ec + full_name: "vb2_dma_contig_set_max_seg_size" +} elf_symbol { id: 0xde8f3957 name: "vb2_dma_sg_memops" @@ -412346,6 +413790,7 @@ interface { symbol_id: 0xc8acd38c symbol_id: 0x1dfbf9ac symbol_id: 0x91810af1 + symbol_id: 0xc50a781f symbol_id: 0x47a4997d symbol_id: 0x92f8c9de symbol_id: 0x3ac6d939 @@ -412946,6 +414391,7 @@ interface { symbol_id: 0x7b03aae7 symbol_id: 0x92373f85 symbol_id: 0xafc53276 + symbol_id: 0xa1c053cb symbol_id: 0x5e5d9a70 symbol_id: 0x104ffeec symbol_id: 0x6d4f31c4 @@ -413453,6 +414899,7 @@ interface { symbol_id: 0xef6e6795 symbol_id: 0xb2d6f207 symbol_id: 0x53afc62c + symbol_id: 0x66f49065 symbol_id: 0x3b13741e symbol_id: 0xd8f3ca82 symbol_id: 0xff315556 @@ -413666,6 +415113,7 @@ interface { symbol_id: 0xd634ca29 symbol_id: 0xd672b08d symbol_id: 0xb61718ed + symbol_id: 0x2d62fd75 symbol_id: 0x4f8a812a symbol_id: 0x1eee53db symbol_id: 0xac417394 @@ -414093,7 +415541,9 @@ interface { symbol_id: 0x7fbd0d58 symbol_id: 0x06f2ea68 symbol_id: 0xc8e117f2 + symbol_id: 0x68c84c24 symbol_id: 0x40da6f1f + symbol_id: 0x9d70bb80 symbol_id: 0xdf9b5d08 symbol_id: 0x56748a0b symbol_id: 0x430bfeda @@ -414433,6 +415883,8 @@ interface { symbol_id: 0x87df61b4 symbol_id: 0x8abf96ef symbol_id: 0x33035bf6 + symbol_id: 0x9a2dbfca + symbol_id: 0xafae816a symbol_id: 0x47c790a6 symbol_id: 0x63999db6 symbol_id: 0xf58cd5f2 @@ -414865,6 +416317,7 @@ interface { symbol_id: 0x3b69b427 symbol_id: 0x1d7e2299 symbol_id: 0x23e816b8 + symbol_id: 0x451c2c07 symbol_id: 0xd0e88c9a symbol_id: 0x28fa142c symbol_id: 0x425ac3ac @@ -414926,6 +416379,7 @@ interface { symbol_id: 0xbd678b0e symbol_id: 0x400fac71 symbol_id: 0xdae2cdaf + symbol_id: 0xac16424d symbol_id: 0x6bebb14a symbol_id: 0x9c1c9dfa symbol_id: 0xb50c088c @@ -415060,6 +416514,8 @@ interface { symbol_id: 0x69a31cde symbol_id: 0xfbc28ac3 symbol_id: 0xe2f527ca + symbol_id: 0x005134ba + symbol_id: 0x877c985c symbol_id: 0x51df4337 symbol_id: 0xa27d2f32 symbol_id: 0xa978b6c8 @@ -415169,6 +416625,7 @@ interface { symbol_id: 0xc7970f23 symbol_id: 0x5758ca8d symbol_id: 0x8f687080 + symbol_id: 0x3948069d symbol_id: 0x128b55c8 symbol_id: 0xd2191311 symbol_id: 0x585410d0 @@ -415343,6 +416800,7 @@ interface { symbol_id: 0xb3c9d206 symbol_id: 0xcd5d6af6 symbol_id: 0xac3356ce + symbol_id: 0xe0832a10 symbol_id: 0x0768ccdb symbol_id: 0x4310a9de symbol_id: 0x65aa6e41 @@ -415387,7 +416845,12 @@ interface { symbol_id: 0x1e7c4dd7 symbol_id: 0xb8f84f03 symbol_id: 0xad1fada2 + symbol_id: 0x67c8f92b + symbol_id: 0xc2c5f476 + symbol_id: 0xf73ea9f7 + symbol_id: 0xdc9144c7 symbol_id: 0x7993ff4e + symbol_id: 0xd8f127ed symbol_id: 0x9a93a123 symbol_id: 0x2f0e7bff symbol_id: 0x716e8cc6 @@ -415503,6 +416966,8 @@ interface { symbol_id: 0xad3eb214 symbol_id: 0xb107d2cd symbol_id: 0x8628f24d + symbol_id: 0x69cfb246 + symbol_id: 0xcbfddb66 symbol_id: 0xc56006c7 symbol_id: 0x639b2403 symbol_id: 0xbbfb394e @@ -415839,6 +417304,7 @@ interface { symbol_id: 0x04d3cd28 symbol_id: 0xf7c116d2 symbol_id: 0x6b47e2c7 + symbol_id: 0x6e6c9891 symbol_id: 0x65492c23 symbol_id: 0xa106a350 symbol_id: 0x59b3b64e @@ -415983,7 +417449,9 @@ interface { symbol_id: 0x5af755ee symbol_id: 0xecce2e76 symbol_id: 0x9a65c4be + symbol_id: 0xf9b62266 symbol_id: 0xaa95b979 + symbol_id: 0xfad21763 symbol_id: 0xe15d2559 symbol_id: 0x9cf659eb symbol_id: 0xeadbb948 @@ -416124,6 +417592,8 @@ interface { symbol_id: 0xef661661 symbol_id: 0x83815ff1 symbol_id: 0x01f28688 + symbol_id: 0x2c6f9f9a + symbol_id: 0xa4bca904 symbol_id: 0x2dd4437a symbol_id: 0x23b23c74 symbol_id: 0x88fdf87a @@ -416174,6 +417644,7 @@ interface { symbol_id: 0x7ded1ffe symbol_id: 0xe42479db symbol_id: 0xd8b14976 + symbol_id: 0xb79bab94 symbol_id: 0x86c8a137 symbol_id: 0x64e448f4 symbol_id: 0x4e874464 @@ -416292,6 +417763,7 @@ interface { symbol_id: 0x2d2eb8bc symbol_id: 0x08ecc90d symbol_id: 0x42137268 + symbol_id: 0x45ab591d symbol_id: 0xa0390871 symbol_id: 0xfb789e26 symbol_id: 0x382b3272 @@ -416331,6 +417803,8 @@ interface { symbol_id: 0xd70b3ff0 symbol_id: 0x1f294d29 symbol_id: 0xc610fcd6 + symbol_id: 0x5ba96acf + symbol_id: 0xd15ab841 symbol_id: 0x915bc321 symbol_id: 0xbf9d3356 symbol_id: 0xd8989bc0 @@ -416395,6 +417869,7 @@ interface { symbol_id: 0x5904d735 symbol_id: 0xcb7dc482 symbol_id: 0xaed00f8c + symbol_id: 0x83cf5af5 symbol_id: 0x3b8e2bac symbol_id: 0xc89a8e29 symbol_id: 0x92dfef70 @@ -417095,6 +418570,7 @@ interface { symbol_id: 0x26767170 symbol_id: 0x40d34b30 symbol_id: 0xeb805131 + symbol_id: 0x36058f3f symbol_id: 0xebf521c2 symbol_id: 0x0fa1166f symbol_id: 0x9dc7df03 @@ -417180,6 +418656,7 @@ interface { symbol_id: 0x453bec03 symbol_id: 0x08284f40 symbol_id: 0xbd1c7f26 + symbol_id: 0x21b8efef symbol_id: 0xb6e53400 symbol_id: 0xa6b53b87 symbol_id: 0xa66a671b @@ -417517,6 +418994,7 @@ interface { symbol_id: 0x67bb32d8 symbol_id: 0xccd5125f symbol_id: 0xc7d3f838 + symbol_id: 0x4cab5615 symbol_id: 0x1a84af17 symbol_id: 0x13b5133e symbol_id: 0x7944625a @@ -417536,6 +419014,7 @@ interface { symbol_id: 0x61d52d25 symbol_id: 0xac255df6 symbol_id: 0xe1cb7751 + symbol_id: 0x4d3be8fa symbol_id: 0x6e315775 symbol_id: 0x10d51eda symbol_id: 0x94a5496d @@ -417606,6 +419085,7 @@ interface { symbol_id: 0x761cec78 symbol_id: 0x0707a7ce symbol_id: 0x470ca027 + symbol_id: 0x54a103db symbol_id: 0x173c6399 symbol_id: 0xecd5c994 symbol_id: 0xf439020c @@ -417874,6 +419354,9 @@ interface { symbol_id: 0x829cc511 symbol_id: 0xd8d641e9 symbol_id: 0xf1e11c16 + symbol_id: 0x2f505fb1 + symbol_id: 0x44afa897 + symbol_id: 0x449f96cf symbol_id: 0xdbf9c67a symbol_id: 0xd1e79536 symbol_id: 0x2c564089 @@ -418081,6 +419564,7 @@ interface { symbol_id: 0x642147cd symbol_id: 0x9c7a2d6c symbol_id: 0x48fc2cb6 + symbol_id: 0xb5e4cc08 symbol_id: 0xd41c441b symbol_id: 0x8607d899 symbol_id: 0xaca7b406 @@ -418492,6 +419976,7 @@ interface { symbol_id: 0xa3febb65 symbol_id: 0x1bedb04f symbol_id: 0xd8114005 + symbol_id: 0x34556105 symbol_id: 0x736f4bcb symbol_id: 0x3ffd8828 symbol_id: 0x38f9f2a7 @@ -418582,9 +420067,14 @@ interface { symbol_id: 0x74d92df1 symbol_id: 0x7983b6b1 symbol_id: 0xafa6f89a + symbol_id: 0xa3379f89 + symbol_id: 0x5604a4fb + symbol_id: 0xa6fbd01c + symbol_id: 0x9c327127 symbol_id: 0x2e657b50 symbol_id: 0xf9680c5d symbol_id: 0x4b5d3ed2 + symbol_id: 0x800ec478 symbol_id: 0xf8dd0a45 symbol_id: 0x7d021e87 symbol_id: 0x8a143ba0 @@ -418854,6 +420344,7 @@ interface { symbol_id: 0xdaf3a27e symbol_id: 0xbe2a8422 symbol_id: 0x38ac4651 + symbol_id: 0x648ea3a7 symbol_id: 0xf74b4f61 symbol_id: 0xf76668be symbol_id: 0xc1ff3a0f @@ -419698,6 +421189,7 @@ interface { symbol_id: 0xf440f7f1 symbol_id: 0xf39bae65 symbol_id: 0xfd78bf45 + symbol_id: 0xe41a5275 symbol_id: 0x218d39b6 symbol_id: 0xd71b366d symbol_id: 0xe2254576 @@ -419746,8 +421238,10 @@ interface { symbol_id: 0x7ba36329 symbol_id: 0x2643c2c9 symbol_id: 0xcb8b4f14 + symbol_id: 0x6eac099d symbol_id: 0x58330374 symbol_id: 0xdb18c924 + symbol_id: 0xa8467fd4 symbol_id: 0x5e36dba6 symbol_id: 0xbca2a56b symbol_id: 0x31a465c5 @@ -419818,6 +421312,7 @@ interface { symbol_id: 0x7fb65c50 symbol_id: 0x61c086ce symbol_id: 0x03410164 + symbol_id: 0xd187d6a0 symbol_id: 0xde8f3957 symbol_id: 0x3997b003 symbol_id: 0xafcd1744 diff --git a/android/abi_gki_aarch64_sunxi b/android/abi_gki_aarch64_sunxi new file mode 100644 index 000000000000..39653df676c4 --- /dev/null +++ b/android/abi_gki_aarch64_sunxi @@ -0,0 +1,55 @@ +[abi_symbol_list] + arp_create + clk_unregister_gate + clk_unregister_fixed_factor + dev_mc_add + dev_mc_del + dma_get_any_slave_channel + dmam_pool_create + drm_client_buffer_vmap + drm_client_framebuffer_create + drm_gem_fb_create_with_funcs + drm_property_add_enum + drm_vblank_work_init + drm_vblank_work_schedule + drm_vblank_work_cancel_sync + drm_vblank_work_flush + drm_warn_on_modeset_not_all_locked + fat_time_fat2unix + fat_time_unix2fat + gpiochip_line_is_irq + hwspin_lock_register + hwspin_lock_unregister + init_on_alloc + iio_map_array_register + iio_map_array_unregister + ioport_resource + irq_setup_alt_chip + ir_raw_event_store + ir_raw_event_handle + of_io_request_and_map + of_clk_hw_register + pinctrl_gpio_set_config + phy_queue_state_machine + phy_speed_to_str + rc_map_register + rc_map_unregister + rc_keydown + reset_control_status + skb_append + snd_dmaengine_pcm_close_release_chan + snd_dmaengine_pcm_get_chan + snd_dmaengine_pcm_open + snd_dmaengine_pcm_pointer + snd_dmaengine_pcm_trigger + spi_unregister_device + v4l2_ctrl_cluster + v4l2_g_ctrl + v4l2_i2c_new_subdev + vb2_dma_contig_set_max_seg_size + __media_entity_setup_link + __traceiter_dwc3_readl + __traceiter_dwc3_writel + __tracepoint_dwc3_readl + __tracepoint_dwc3_writel + From 7c5c6b6397bb3e932614840ba007e26686779a49 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 4 Jun 2024 15:58:03 +0200 Subject: [PATCH 19/87] UPSTREAM: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type [ Upstream commit 4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10 ] Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free. The patch contains the following parts: - When destroying all sets, first remove the garbage collectors, then wait if needed and then destroy the sets. - Fix the badly ordered "wait then remove gc" for the destroy a single set case. - Fix the missing rcu locking in the list:set type in the userspace test case. - Use proper RCU list handlings in the list:set type. The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc). Bug: 347636817 Fixes: 97f7cf1cd80e (netfilter: ipset: fix performance regression in swap operation) Reported-by: Lion Ackermann Tested-by: Lion Ackermann Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin (cherry picked from commit 390b353d1a1da3e9c6c0fd14fe650d69063c95d6) Signed-off-by: Lee Jones Change-Id: I92a8681d8a0f475aa20c34c17daa222d02cf7935 --- net/netfilter/ipset/ip_set_core.c | 93 +++++++++++++++------------ net/netfilter/ipset/ip_set_list_set.c | 30 ++++----- 2 files changed, 66 insertions(+), 57 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index f645da82d826..649b8a5901e3 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1174,23 +1174,50 @@ ip_set_setname_policy[IPSET_ATTR_CMD_MAX + 1] = { .len = IPSET_MAXNAMELEN - 1 }, }; -static void -ip_set_destroy_set(struct ip_set *set) -{ - pr_debug("set: %s\n", set->name); - - /* Must call it without holding any lock */ - set->variant->destroy(set); - module_put(set->type->me); - kfree(set); -} +/* In order to return quickly when destroying a single set, it is split + * into two stages: + * - Cancel garbage collector + * - Destroy the set itself via call_rcu() + */ static void ip_set_destroy_set_rcu(struct rcu_head *head) { struct ip_set *set = container_of(head, struct ip_set, rcu); - ip_set_destroy_set(set); + set->variant->destroy(set); + module_put(set->type->me); + kfree(set); +} + +static void +_destroy_all_sets(struct ip_set_net *inst) +{ + struct ip_set *set; + ip_set_id_t i; + bool need_wait = false; + + /* First cancel gc's: set:list sets are flushed as well */ + for (i = 0; i < inst->ip_set_max; i++) { + set = ip_set(inst, i); + if (set) { + set->variant->cancel_gc(set); + if (set->type->features & IPSET_TYPE_NAME) + need_wait = true; + } + } + /* Must wait for flush to be really finished */ + if (need_wait) + rcu_barrier(); + for (i = 0; i < inst->ip_set_max; i++) { + set = ip_set(inst, i); + if (set) { + ip_set(inst, i) = NULL; + set->variant->destroy(set); + module_put(set->type->me); + kfree(set); + } + } } static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, @@ -1204,11 +1231,10 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, if (unlikely(protocol_min_failed(attr))) return -IPSET_ERR_PROTOCOL; - /* Commands are serialized and references are * protected by the ip_set_ref_lock. * External systems (i.e. xt_set) must call - * ip_set_put|get_nfnl_* functions, that way we + * ip_set_nfnl_get_* functions, that way we * can safely check references here. * * list:set timer can only decrement the reference @@ -1216,8 +1242,6 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, * without holding the lock. */ if (!attr[IPSET_ATTR_SETNAME]) { - /* Must wait for flush to be really finished in list:set */ - rcu_barrier(); read_lock_bh(&ip_set_ref_lock); for (i = 0; i < inst->ip_set_max; i++) { s = ip_set(inst, i); @@ -1228,15 +1252,7 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, } inst->is_destroyed = true; read_unlock_bh(&ip_set_ref_lock); - for (i = 0; i < inst->ip_set_max; i++) { - s = ip_set(inst, i); - if (s) { - ip_set(inst, i) = NULL; - /* Must cancel garbage collectors */ - s->variant->cancel_gc(s); - ip_set_destroy_set(s); - } - } + _destroy_all_sets(inst); /* Modified by ip_set_destroy() only, which is serialized */ inst->is_destroyed = false; } else { @@ -1257,12 +1273,12 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, features = s->type->features; ip_set(inst, i) = NULL; read_unlock_bh(&ip_set_ref_lock); + /* Must cancel garbage collectors */ + s->variant->cancel_gc(s); if (features & IPSET_TYPE_NAME) { /* Must wait for flush to be really finished */ rcu_barrier(); } - /* Must cancel garbage collectors */ - s->variant->cancel_gc(s); call_rcu(&s->rcu, ip_set_destroy_set_rcu); } return 0; @@ -2366,31 +2382,26 @@ ip_set_net_init(struct net *net) return 0; } +static void __net_exit +ip_set_net_pre_exit(struct net *net) +{ + struct ip_set_net *inst = ip_set_pernet(net); + + inst->is_deleted = true; /* flag for ip_set_nfnl_put */ +} + static void __net_exit ip_set_net_exit(struct net *net) { struct ip_set_net *inst = ip_set_pernet(net); - struct ip_set *set = NULL; - ip_set_id_t i; - - inst->is_deleted = true; /* flag for ip_set_nfnl_put */ - - nfnl_lock(NFNL_SUBSYS_IPSET); - for (i = 0; i < inst->ip_set_max; i++) { - set = ip_set(inst, i); - if (set) { - ip_set(inst, i) = NULL; - set->variant->cancel_gc(set); - ip_set_destroy_set(set); - } - } - nfnl_unlock(NFNL_SUBSYS_IPSET); + _destroy_all_sets(inst); kvfree(rcu_dereference_protected(inst->ip_set_list, 1)); } static struct pernet_operations ip_set_net_ops = { .init = ip_set_net_init, + .pre_exit = ip_set_net_pre_exit, .exit = ip_set_net_exit, .id = &ip_set_net_id, .size = sizeof(struct ip_set_net), diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index 6bc7019982b0..e839c356bcb5 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c @@ -79,7 +79,7 @@ list_set_kadd(struct ip_set *set, const struct sk_buff *skb, struct set_elem *e; int ret; - list_for_each_entry(e, &map->members, list) { + list_for_each_entry_rcu(e, &map->members, list) { if (SET_WITH_TIMEOUT(set) && ip_set_timeout_expired(ext_timeout(e, set))) continue; @@ -99,7 +99,7 @@ list_set_kdel(struct ip_set *set, const struct sk_buff *skb, struct set_elem *e; int ret; - list_for_each_entry(e, &map->members, list) { + list_for_each_entry_rcu(e, &map->members, list) { if (SET_WITH_TIMEOUT(set) && ip_set_timeout_expired(ext_timeout(e, set))) continue; @@ -188,9 +188,10 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, struct list_set *map = set->data; struct set_adt_elem *d = value; struct set_elem *e, *next, *prev = NULL; - int ret; + int ret = 0; - list_for_each_entry(e, &map->members, list) { + rcu_read_lock(); + list_for_each_entry_rcu(e, &map->members, list) { if (SET_WITH_TIMEOUT(set) && ip_set_timeout_expired(ext_timeout(e, set))) continue; @@ -201,6 +202,7 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, if (d->before == 0) { ret = 1; + goto out; } else if (d->before > 0) { next = list_next_entry(e, list); ret = !list_is_last(&e->list, &map->members) && @@ -208,9 +210,11 @@ list_set_utest(struct ip_set *set, void *value, const struct ip_set_ext *ext, } else { ret = prev && prev->id == d->refid; } - return ret; + goto out; } - return 0; +out: + rcu_read_unlock(); + return ret; } static void @@ -239,7 +243,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, /* Find where to add the new entry */ n = prev = next = NULL; - list_for_each_entry(e, &map->members, list) { + list_for_each_entry_rcu(e, &map->members, list) { if (SET_WITH_TIMEOUT(set) && ip_set_timeout_expired(ext_timeout(e, set))) continue; @@ -316,9 +320,9 @@ list_set_udel(struct ip_set *set, void *value, const struct ip_set_ext *ext, { struct list_set *map = set->data; struct set_adt_elem *d = value; - struct set_elem *e, *next, *prev = NULL; + struct set_elem *e, *n, *next, *prev = NULL; - list_for_each_entry(e, &map->members, list) { + list_for_each_entry_safe(e, n, &map->members, list) { if (SET_WITH_TIMEOUT(set) && ip_set_timeout_expired(ext_timeout(e, set))) continue; @@ -424,14 +428,8 @@ static void list_set_destroy(struct ip_set *set) { struct list_set *map = set->data; - struct set_elem *e, *n; - list_for_each_entry_safe(e, n, &map->members, list) { - list_del(&e->list); - ip_set_put_byindex(map->net, e->id); - ip_set_ext_destroy(set, e); - kfree(e); - } + WARN_ON_ONCE(!list_empty(&map->members)); kfree(map); set->data = NULL; From 8a0fa49a77f16ccbc350afdc6c2f56632125b1eb Mon Sep 17 00:00:00 2001 From: Gao Xiang Date: Tue, 20 Aug 2024 16:56:19 +0800 Subject: [PATCH 20/87] UPSTREAM: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. [1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com Bug: 361157912 Reported-by: syzbot+242ee56aaa9585553766@syzkaller.appspotmail.com Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()") Cc: # 6.10+ Reviewed-by: Chunhai Guo Reviewed-by: Sandeep Dhavale Change-Id: I5d6c8f63959db4a7e5bbf14da9b4c9ba04322c8c Signed-off-by: Gao Xiang Link: https://lore.kernel.org/r/20240820085619.1375963-1-hsiangkao@linux.alibaba.com (cherry picked from commit 0005e01e1e875c5e27130c5e2ed0189749d1e08a) Signed-off-by: Sandeep Dhavale --- fs/erofs/zutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index e8e901c839a7..1b3eeb27f21b 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -111,7 +111,8 @@ int z_erofs_gbuf_growsize(unsigned int nrpages) out: if (i < z_erofs_gbuf_count && tmp_pages) { for (j = 0; j < nrpages; ++j) - if (tmp_pages[j] && tmp_pages[j] != gbuf->pages[j]) + if (tmp_pages[j] && (j >= gbuf->nrpages || + tmp_pages[j] != gbuf->pages[j])) __free_page(tmp_pages[j]); kfree(tmp_pages); } From 09ab235661116880b7ea9b4deb705802f2c19ab4 Mon Sep 17 00:00:00 2001 From: huangshaobo1 Date: Wed, 28 Aug 2024 16:06:26 +0800 Subject: [PATCH 21/87] ANDROID: vendor_hooks: export shrink_slab Export shrink_slab to module for do shrink-memory action. Bug: 363907036 Change-Id: Ia96e6595186927c1fe31a6504675b8762154c0a6 Signed-off-by: huangshaobo1 --- mm/vmscan.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/vmscan.c b/mm/vmscan.c index d2912a1cd804..2308399473ad 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -994,7 +994,7 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid, * * Returns the number of reclaimed slab objects. */ -static unsigned long shrink_slab(gfp_t gfp_mask, int nid, +unsigned long shrink_slab(gfp_t gfp_mask, int nid, struct mem_cgroup *memcg, int priority) { @@ -1047,6 +1047,8 @@ out: return freed; } +EXPORT_SYMBOL_GPL(shrink_slab); + static void drop_slab_node(int nid) { unsigned long freed; From b99f37e4a6c0227285a9bbe056b8a41ecbf5224e Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:21 +0200 Subject: [PATCH 22/87] BACKPORT: firmware: arm_scmi: Extend perf protocol ops to get number of domains Similar to other protocol ops, it's useful for an scmi module driver to get the number of supported performance domains, hence let's make this available by adding a new perf protocol callback. Note that, a user is being added from subsequent changes. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230825112633.236607-2-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Idc17b94ead5ec08c58df9dcf2194d730b0eef175 (cherry picked from commit e9090e70e618cd62ab7bf2914511e5eea31a2535) [nikunj: Resolved minor conflict in drivers/firmware/arm_scmi/perf.c ] Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/firmware/arm_scmi/perf.c | 8 ++++++++ include/linux/scmi_protocol.h | 2 ++ 2 files changed, 10 insertions(+) diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index 2775bcafe40f..28752f6c96f0 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -333,6 +333,13 @@ scmi_perf_describe_levels_get(const struct scmi_protocol_handle *ph, u32 domain, return ret; } +static int scmi_perf_num_domains_get(const struct scmi_protocol_handle *ph) +{ + struct scmi_perf_info *pi = ph->get_priv(ph); + + return pi->num_domains; +} + static int scmi_perf_mb_limits_set(const struct scmi_protocol_handle *ph, u32 domain, u32 max_perf, u32 min_perf) { @@ -726,6 +733,7 @@ scmi_power_scale_get(const struct scmi_protocol_handle *ph) } static const struct scmi_perf_proto_ops perf_proto_ops = { + .num_domains_get = scmi_perf_num_domains_get, .limits_set = scmi_perf_limits_set, .limits_get = scmi_perf_limits_get, .level_set = scmi_perf_level_set, diff --git a/include/linux/scmi_protocol.h b/include/linux/scmi_protocol.h index a21d111cfbd4..70ec6a77a9b5 100644 --- a/include/linux/scmi_protocol.h +++ b/include/linux/scmi_protocol.h @@ -104,6 +104,7 @@ struct scmi_clk_proto_ops { * struct scmi_perf_proto_ops - represents the various operations provided * by SCMI Performance Protocol * + * @num_domains_get: gets the number of supported performance domains * @limits_set: sets limits on the performance level of a domain * @limits_get: gets limits on the performance level of a domain * @level_set: sets the performance level of a domain @@ -123,6 +124,7 @@ struct scmi_clk_proto_ops { * or in some other (abstract) scale */ struct scmi_perf_proto_ops { + int (*num_domains_get)(const struct scmi_protocol_handle *ph); int (*limits_set)(const struct scmi_protocol_handle *ph, u32 domain, u32 max_perf, u32 min_perf); int (*limits_get)(const struct scmi_protocol_handle *ph, u32 domain, From 742d32f206d82e0acf6b5bbea04f0db2ad984a8c Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:22 +0200 Subject: [PATCH 23/87] BACKPORT: firmware: arm_scmi: Extend perf protocol ops to get information of a domain Similar to other protocol ops, it's useful for an scmi module driver to get some generic information of a performance domain. Therefore, let's add a new callback to provide this information. The information is currently limited to the name of the performance domain and whether the set-level operation is supported, although this can easily be extended if we find the need for it. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230825112633.236607-3-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Ica11495c1ba40c646cf835418788795e6671e7db (cherry picked from commit 3d99ed60721bf2e108c8fc660775766057689a92) [nikunj: Resolved minor conflict in drivers/firmware/arm_scmi/perf.c ] [anantg: Resolved minor conflict in drivers/firmware/arm_scmi/perf.c ] Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/firmware/arm_scmi/perf.c | 48 +++++++++++++++++++++----------- include/linux/scmi_protocol.h | 8 ++++++ 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index 28752f6c96f0..bb79d58f0837 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -124,7 +124,6 @@ struct scmi_msg_resp_perf_describe_levels { struct perf_dom_info { bool set_limits; - bool set_perf; bool perf_limit_notify; bool perf_level_notify; bool perf_fastchannels; @@ -132,7 +131,7 @@ struct perf_dom_info { u32 sustained_freq_khz; u32 sustained_perf_level; unsigned long mult_factor; - char name[SCMI_MAX_STR_SIZE]; + struct scmi_perf_domain_info info; struct scmi_opp opp[MAX_OPPS]; struct scmi_fc_info *fc_info; }; @@ -209,7 +208,7 @@ scmi_perf_domain_attributes_get(const struct scmi_protocol_handle *ph, flags = le32_to_cpu(attr->flags); dom_info->set_limits = SUPPORTS_SET_LIMITS(flags); - dom_info->set_perf = SUPPORTS_SET_PERF_LVL(flags); + dom_info->info.set_perf = SUPPORTS_SET_PERF_LVL(flags); dom_info->perf_limit_notify = SUPPORTS_PERF_LIMIT_NOTIFY(flags); dom_info->perf_level_notify = SUPPORTS_PERF_LEVEL_NOTIFY(flags); dom_info->perf_fastchannels = SUPPORTS_PERF_FASTCHANNELS(flags); @@ -225,7 +224,8 @@ scmi_perf_domain_attributes_get(const struct scmi_protocol_handle *ph, dom_info->mult_factor = (dom_info->sustained_freq_khz * 1000UL) / dom_info->sustained_perf_level; - strscpy(dom_info->name, attr->name, SCMI_SHORT_NAME_MAX_SIZE); + strscpy(dom_info->info.name, attr->name, + SCMI_SHORT_NAME_MAX_SIZE); } ph->xops->xfer_put(ph, t); @@ -237,7 +237,7 @@ scmi_perf_domain_attributes_get(const struct scmi_protocol_handle *ph, if (!ret && PROTOCOL_REV_MAJOR(version) >= 0x3 && SUPPORTS_EXTENDED_NAMES(flags)) ph->hops->extended_name_get(ph, PERF_DOMAIN_NAME_GET, domain, - dom_info->name, SCMI_MAX_STR_SIZE); + dom_info->info.name, SCMI_MAX_STR_SIZE); return ret; } @@ -340,6 +340,29 @@ static int scmi_perf_num_domains_get(const struct scmi_protocol_handle *ph) return pi->num_domains; } +static inline struct perf_dom_info * +scmi_perf_domain_lookup(const struct scmi_protocol_handle *ph, u32 domain) +{ + struct scmi_perf_info *pi = ph->get_priv(ph); + + if (domain >= pi->num_domains) + return ERR_PTR(-EINVAL); + + return pi->dom_info + domain; +} + +static const struct scmi_perf_domain_info * +scmi_perf_info_get(const struct scmi_protocol_handle *ph, u32 domain) +{ + struct perf_dom_info *dom; + + dom = scmi_perf_domain_lookup(ph, domain); + if (IS_ERR(dom)) + return ERR_PTR(-EINVAL); + + return &dom->info; +} + static int scmi_perf_mb_limits_set(const struct scmi_protocol_handle *ph, u32 domain, u32 max_perf, u32 min_perf) { @@ -363,17 +386,6 @@ static int scmi_perf_mb_limits_set(const struct scmi_protocol_handle *ph, return ret; } -static inline struct perf_dom_info * -scmi_perf_domain_lookup(const struct scmi_protocol_handle *ph, u32 domain) -{ - struct scmi_perf_info *pi = ph->get_priv(ph); - - if (domain >= pi->num_domains) - return ERR_PTR(-EINVAL); - - return pi->dom_info + domain; -} - static int scmi_perf_limits_set(const struct scmi_protocol_handle *ph, u32 domain, u32 max_perf, u32 min_perf) { @@ -627,6 +639,9 @@ static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, } return ret; } + + dev_dbg(dev, "[%d][%s]:: Registered OPP[%d] %lu\n", + domain, dom->info.name, idx, freq); } return 0; } @@ -734,6 +749,7 @@ scmi_power_scale_get(const struct scmi_protocol_handle *ph) static const struct scmi_perf_proto_ops perf_proto_ops = { .num_domains_get = scmi_perf_num_domains_get, + .info_get = scmi_perf_info_get, .limits_set = scmi_perf_limits_set, .limits_get = scmi_perf_limits_get, .level_set = scmi_perf_level_set, diff --git a/include/linux/scmi_protocol.h b/include/linux/scmi_protocol.h index 70ec6a77a9b5..94a405913f8c 100644 --- a/include/linux/scmi_protocol.h +++ b/include/linux/scmi_protocol.h @@ -100,11 +100,17 @@ struct scmi_clk_proto_ops { ANDROID_KABI_RESERVE(1); }; +struct scmi_perf_domain_info { + char name[SCMI_MAX_STR_SIZE]; + bool set_perf; +}; + /** * struct scmi_perf_proto_ops - represents the various operations provided * by SCMI Performance Protocol * * @num_domains_get: gets the number of supported performance domains + * @info_get: get the information of a performance domain * @limits_set: sets limits on the performance level of a domain * @limits_get: gets limits on the performance level of a domain * @level_set: sets the performance level of a domain @@ -125,6 +131,8 @@ struct scmi_clk_proto_ops { */ struct scmi_perf_proto_ops { int (*num_domains_get)(const struct scmi_protocol_handle *ph); + const struct scmi_perf_domain_info __must_check *(*info_get) + (const struct scmi_protocol_handle *ph, u32 domain); int (*limits_set)(const struct scmi_protocol_handle *ph, u32 domain, u32 max_perf, u32 min_perf); int (*limits_get)(const struct scmi_protocol_handle *ph, u32 domain, From 49da9f2745853b7962dbc69a46df9d1c9ab7ab59 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:23 +0200 Subject: [PATCH 24/87] UPSTREAM: cpufreq: scmi: Prepare to move OF parsing of domain-id to cpufreq The OF parsing of the clock domain specifier seems to better belong in the scmi cpufreq driver, rather than being implemented behind the generic ->device_domain_id() perf protocol ops. To prepare to remove the ->device_domain_id() ops, let's implement the OF parsing in the scmi cpufreq driver instead. Signed-off-by: Ulf Hansson Acked-by: Viresh Kumar Link: https://lore.kernel.org/r/20230825112633.236607-4-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I7b777bc375373f5a716afd38ca23ece5e2750606 (cherry picked from commit e336baa4193ecc788a06c0c4659e400bb53689b4) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/cpufreq/scmi-cpufreq.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index 028df8a5f537..41395d1b9926 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -70,13 +70,24 @@ static unsigned int scmi_cpufreq_fast_switch(struct cpufreq_policy *policy, return 0; } +static int scmi_cpu_domain_id(struct device *cpu_dev) +{ + struct of_phandle_args clkspec; + + if (of_parse_phandle_with_args(cpu_dev->of_node, "clocks", + "#clock-cells", 0, &clkspec)) + return -EINVAL; + + return clkspec.args[0]; +} + static int scmi_get_sharing_cpus(struct device *cpu_dev, struct cpumask *cpumask) { int cpu, domain, tdomain; struct device *tcpu_dev; - domain = perf_ops->device_domain_id(cpu_dev); + domain = scmi_cpu_domain_id(cpu_dev); if (domain < 0) return domain; @@ -88,7 +99,7 @@ scmi_get_sharing_cpus(struct device *cpu_dev, struct cpumask *cpumask) if (!tcpu_dev) continue; - tdomain = perf_ops->device_domain_id(tcpu_dev); + tdomain = scmi_cpu_domain_id(tcpu_dev); if (tdomain == domain) cpumask_set_cpu(cpu, cpumask); } @@ -104,7 +115,7 @@ scmi_get_cpu_power(struct device *cpu_dev, unsigned long *power, unsigned long Hz; int ret, domain; - domain = perf_ops->device_domain_id(cpu_dev); + domain = scmi_cpu_domain_id(cpu_dev); if (domain < 0) return domain; @@ -209,7 +220,7 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) } priv->cpu_dev = cpu_dev; - priv->domain_id = perf_ops->device_domain_id(cpu_dev); + priv->domain_id = scmi_cpu_domain_id(cpu_dev); policy->driver_data = priv; policy->freq_table = freq_table; From 3aa5b5408fe029a9f8f6a50be23be2529ce78edd Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:24 +0200 Subject: [PATCH 25/87] UPSTREAM: firmware: arm_scmi: Align perf ops to use domain-id as in-parameter Most scmi_perf_proto_ops are already using an "u32 domain" as an in-parameter to indicate what performance domain we shall operate upon. However, some of the ops are using a "struct device *dev", which means that an additional OF parsing is needed each time the perf ops gets called, to find the corresponding domain-id. To avoid the above, but also to make the code more consistent, let's replace the in-parameter "struct device *dev" with an "u32 domain". Note that, this requires us to make some corresponding changes to the scmi cpufreq driver, so let's do that too. Signed-off-by: Ulf Hansson Acked-by: Viresh Kumar Link: https://lore.kernel.org/r/20230825112633.236607-5-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I524cfe6d5f28382d407b6323a1fce63620cc089b (cherry picked from commit 39dfa5b9e1f0fa63b811a0a87f1c2fb9c76a0456) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/cpufreq/scmi-cpufreq.c | 14 +++++++++----- drivers/firmware/arm_scmi/perf.c | 22 ++++------------------ include/linux/scmi_protocol.h | 6 +++--- 3 files changed, 16 insertions(+), 26 deletions(-) diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index 41395d1b9926..06e82bc9a10e 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -137,7 +137,7 @@ scmi_get_cpu_power(struct device *cpu_dev, unsigned long *power, static int scmi_cpufreq_init(struct cpufreq_policy *policy) { - int ret, nr_opp; + int ret, nr_opp, domain; unsigned int latency; struct device *cpu_dev; struct scmi_data *priv; @@ -149,6 +149,10 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) return -ENODEV; } + domain = scmi_cpu_domain_id(cpu_dev); + if (domain < 0) + return domain; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; @@ -187,7 +191,7 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) */ nr_opp = dev_pm_opp_get_opp_count(cpu_dev); if (nr_opp <= 0) { - ret = perf_ops->device_opps_add(ph, cpu_dev); + ret = perf_ops->device_opps_add(ph, cpu_dev, domain); if (ret) { dev_warn(cpu_dev, "failed to add opps to the device\n"); goto out_free_cpumask; @@ -220,7 +224,7 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) } priv->cpu_dev = cpu_dev; - priv->domain_id = scmi_cpu_domain_id(cpu_dev); + priv->domain_id = domain; policy->driver_data = priv; policy->freq_table = freq_table; @@ -228,14 +232,14 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) /* SCMI allows DVFS request for any domain from any CPU */ policy->dvfs_possible_from_any_cpu = true; - latency = perf_ops->transition_latency_get(ph, cpu_dev); + latency = perf_ops->transition_latency_get(ph, domain); if (!latency) latency = CPUFREQ_ETERNAL; policy->cpuinfo.transition_latency = latency; policy->fast_switch_possible = - perf_ops->fast_switch_possible(ph, cpu_dev); + perf_ops->fast_switch_possible(ph, domain); return 0; diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index bb79d58f0837..b4e6ecff5651 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -611,17 +611,13 @@ static int scmi_dev_domain_id(struct device *dev) } static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, - struct device *dev) + struct device *dev, u32 domain) { - int idx, ret, domain; + int idx, ret; unsigned long freq; struct scmi_opp *opp; struct perf_dom_info *dom; - domain = scmi_dev_domain_id(dev); - if (domain < 0) - return -EINVAL; - dom = scmi_perf_domain_lookup(ph, domain); if (IS_ERR(dom)) return PTR_ERR(dom); @@ -648,15 +644,10 @@ static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, static int scmi_dvfs_transition_latency_get(const struct scmi_protocol_handle *ph, - struct device *dev) + u32 domain) { - int domain; struct perf_dom_info *dom; - domain = scmi_dev_domain_id(dev); - if (domain < 0) - return -EINVAL; - dom = scmi_perf_domain_lookup(ph, domain); if (IS_ERR(dom)) return PTR_ERR(dom); @@ -723,15 +714,10 @@ static int scmi_dvfs_est_power_get(const struct scmi_protocol_handle *ph, } static bool scmi_fast_switch_possible(const struct scmi_protocol_handle *ph, - struct device *dev) + u32 domain) { - int domain; struct perf_dom_info *dom; - domain = scmi_dev_domain_id(dev); - if (domain < 0) - return false; - dom = scmi_perf_domain_lookup(ph, domain); if (IS_ERR(dom)) return false; diff --git a/include/linux/scmi_protocol.h b/include/linux/scmi_protocol.h index 94a405913f8c..02d1e72b8c5b 100644 --- a/include/linux/scmi_protocol.h +++ b/include/linux/scmi_protocol.h @@ -143,9 +143,9 @@ struct scmi_perf_proto_ops { u32 *level, bool poll); int (*device_domain_id)(struct device *dev); int (*transition_latency_get)(const struct scmi_protocol_handle *ph, - struct device *dev); + u32 domain); int (*device_opps_add)(const struct scmi_protocol_handle *ph, - struct device *dev); + struct device *dev, u32 domain); int (*freq_set)(const struct scmi_protocol_handle *ph, u32 domain, unsigned long rate, bool poll); int (*freq_get)(const struct scmi_protocol_handle *ph, u32 domain, @@ -153,7 +153,7 @@ struct scmi_perf_proto_ops { int (*est_power_get)(const struct scmi_protocol_handle *ph, u32 domain, unsigned long *rate, unsigned long *power); bool (*fast_switch_possible)(const struct scmi_protocol_handle *ph, - struct device *dev); + u32 domain); enum scmi_power_scale (*power_scale_get)(const struct scmi_protocol_handle *ph); ANDROID_KABI_RESERVE(1); From 1a6e883184dd5324f673f4e1d1a4cdc23f750b9e Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:25 +0200 Subject: [PATCH 26/87] UPSTREAM: firmware: arm_scmi: Drop redundant ->device_domain_id() from perf ops There are no longer any users of the ->device_domain_id() ops in the scmi_perf_proto_ops, therefore let's remove it. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230825112633.236607-6-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Id1140c276a7af6b0ebb07776870d72935bd2e414 (cherry picked from commit 9b578d83629e13f81a53d1695a4f700cdb10f772) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/firmware/arm_scmi/perf.c | 13 ------------- include/linux/scmi_protocol.h | 2 -- 2 files changed, 15 deletions(-) diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index b4e6ecff5651..8f607971cb05 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -598,18 +598,6 @@ static void scmi_perf_domain_init_fc(const struct scmi_protocol_handle *ph, *p_fc = fc; } -/* Device specific ops */ -static int scmi_dev_domain_id(struct device *dev) -{ - struct of_phandle_args clkspec; - - if (of_parse_phandle_with_args(dev->of_node, "clocks", "#clock-cells", - 0, &clkspec)) - return -EINVAL; - - return clkspec.args[0]; -} - static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, struct device *dev, u32 domain) { @@ -740,7 +728,6 @@ static const struct scmi_perf_proto_ops perf_proto_ops = { .limits_get = scmi_perf_limits_get, .level_set = scmi_perf_level_set, .level_get = scmi_perf_level_get, - .device_domain_id = scmi_dev_domain_id, .transition_latency_get = scmi_dvfs_transition_latency_get, .device_opps_add = scmi_dvfs_device_opps_add, .freq_set = scmi_dvfs_freq_set, diff --git a/include/linux/scmi_protocol.h b/include/linux/scmi_protocol.h index 02d1e72b8c5b..ae8ddaf33417 100644 --- a/include/linux/scmi_protocol.h +++ b/include/linux/scmi_protocol.h @@ -115,7 +115,6 @@ struct scmi_perf_domain_info { * @limits_get: gets limits on the performance level of a domain * @level_set: sets the performance level of a domain * @level_get: gets the performance level of a domain - * @device_domain_id: gets the scmi domain id for a given device * @transition_latency_get: gets the DVFS transition latency for a given device * @device_opps_add: adds all the OPPs for a given device * @freq_set: sets the frequency for a given device using sustained frequency @@ -141,7 +140,6 @@ struct scmi_perf_proto_ops { u32 level, bool poll); int (*level_get)(const struct scmi_protocol_handle *ph, u32 domain, u32 *level, bool poll); - int (*device_domain_id)(struct device *dev); int (*transition_latency_get)(const struct scmi_protocol_handle *ph, u32 domain); int (*device_opps_add)(const struct scmi_protocol_handle *ph, From 0ccb8d6efa1340e6b196001ae4326fd4466beb38 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:26 +0200 Subject: [PATCH 27/87] UPSTREAM: cpufreq: scmi: Avoid one OF parsing in scmi_get_sharing_cpus() The domain-id for the cpu_dev has already been parsed at the point when scmi_get_sharing_cpus() is getting called. Let's pass it as an in-parameter to avoid the unnecessary OF parsing. Signed-off-by: Ulf Hansson Acked-by: Viresh Kumar Link: https://lore.kernel.org/r/20230825112633.236607-7-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Ia587d34dc3b6ec1fcf9b705e60c1b98895487bb4 (cherry picked from commit 4f1f0bc8ed1647007ad4ad8d2b8ce0092bb22d43) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/cpufreq/scmi-cpufreq.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index 06e82bc9a10e..13408238012b 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -82,15 +82,12 @@ static int scmi_cpu_domain_id(struct device *cpu_dev) } static int -scmi_get_sharing_cpus(struct device *cpu_dev, struct cpumask *cpumask) +scmi_get_sharing_cpus(struct device *cpu_dev, int domain, + struct cpumask *cpumask) { - int cpu, domain, tdomain; + int cpu, tdomain; struct device *tcpu_dev; - domain = scmi_cpu_domain_id(cpu_dev); - if (domain < 0) - return domain; - for_each_possible_cpu(cpu) { if (cpu == cpu_dev->id) continue; @@ -163,7 +160,7 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) } /* Obtain CPUs that share SCMI performance controls */ - ret = scmi_get_sharing_cpus(cpu_dev, policy->cpus); + ret = scmi_get_sharing_cpus(cpu_dev, domain, policy->cpus); if (ret) { dev_warn(cpu_dev, "failed to get sharing cpumask\n"); goto out_free_cpumask; From c638aef4e9e776cb4cbbe12b4302dca3d9842f3f Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:31 +0200 Subject: [PATCH 28/87] UPSTREAM: cpufreq: scmi: Add support to parse domain-id using #power-domain-cells The performance domain-id can be described in DT using the power-domains property or the clock property. The latter is already supported, so let's add support for the power-domains too. Signed-off-by: Ulf Hansson Acked-by: Viresh Kumar Link: https://lore.kernel.org/r/20230825112633.236607-12-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Ie5acc6a7ca1528064779700aa71a6c6cef7f0139 (cherry picked from commit 92b2028b00ff987272a10fee980c7412ae7ebea6) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/cpufreq/scmi-cpufreq.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index 13408238012b..4ee23f4ebf4a 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -72,13 +72,25 @@ static unsigned int scmi_cpufreq_fast_switch(struct cpufreq_policy *policy, static int scmi_cpu_domain_id(struct device *cpu_dev) { - struct of_phandle_args clkspec; + struct device_node *np = cpu_dev->of_node; + struct of_phandle_args domain_id; + int index; - if (of_parse_phandle_with_args(cpu_dev->of_node, "clocks", - "#clock-cells", 0, &clkspec)) - return -EINVAL; + if (of_parse_phandle_with_args(np, "clocks", "#clock-cells", 0, + &domain_id)) { + /* Find the corresponding index for power-domain "perf". */ + index = of_property_match_string(np, "power-domain-names", + "perf"); + if (index < 0) + return -EINVAL; - return clkspec.args[0]; + if (of_parse_phandle_with_args(np, "power-domains", + "#power-domain-cells", index, + &domain_id)) + return -EINVAL; + } + + return domain_id.args[0]; } static int From 5c0092ff97bba6fce401d0dda8b1b0ba0edeadb9 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:32 +0200 Subject: [PATCH 29/87] UPSTREAM: PM: domains: Allow genpd providers to manage OPP tables directly by its FW In some cases the OPP tables aren't specified in device tree, but rather encoded in the FW. To allow a genpd provider to specify them dynamically instead, let's add a new genpd flag, GENPD_FLAG_OPP_TABLE_FW. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230825112633.236607-13-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I14f40b8cd4acce92ad5fd7a1769c513e7cbfa7ae (cherry picked from commit 3dd91515ef43dd43e32e2a84e4bd881b64fb33ae) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/base/power/domain.c | 11 ++++++----- include/linux/pm_domain.h | 5 +++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c index d238b47f74c3..f1b14574d53d 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -130,6 +130,7 @@ static const struct genpd_lock_ops genpd_spin_ops = { #define genpd_is_active_wakeup(genpd) (genpd->flags & GENPD_FLAG_ACTIVE_WAKEUP) #define genpd_is_cpu_domain(genpd) (genpd->flags & GENPD_FLAG_CPU_DOMAIN) #define genpd_is_rpm_always_on(genpd) (genpd->flags & GENPD_FLAG_RPM_ALWAYS_ON) +#define genpd_is_opp_table_fw(genpd) (genpd->flags & GENPD_FLAG_OPP_TABLE_FW) static inline bool irq_safe_dev_in_sleep_domain(struct device *dev, const struct generic_pm_domain *genpd) @@ -2319,7 +2320,7 @@ int of_genpd_add_provider_simple(struct device_node *np, genpd->dev.of_node = np; /* Parse genpd OPP table */ - if (genpd->set_performance_state) { + if (!genpd_is_opp_table_fw(genpd) && genpd->set_performance_state) { ret = dev_pm_opp_of_add_table(&genpd->dev); if (ret) return dev_err_probe(&genpd->dev, ret, "Failed to add OPP table\n"); @@ -2334,7 +2335,7 @@ int of_genpd_add_provider_simple(struct device_node *np, ret = genpd_add_provider(np, genpd_xlate_simple, genpd); if (ret) { - if (genpd->set_performance_state) { + if (!genpd_is_opp_table_fw(genpd) && genpd->set_performance_state) { dev_pm_opp_put_opp_table(genpd->opp_table); dev_pm_opp_of_remove_table(&genpd->dev); } @@ -2378,7 +2379,7 @@ int of_genpd_add_provider_onecell(struct device_node *np, genpd->dev.of_node = np; /* Parse genpd OPP table */ - if (genpd->set_performance_state) { + if (!genpd_is_opp_table_fw(genpd) && genpd->set_performance_state) { ret = dev_pm_opp_of_add_table_indexed(&genpd->dev, i); if (ret) { dev_err_probe(&genpd->dev, ret, @@ -2414,7 +2415,7 @@ error: genpd->provider = NULL; genpd->has_provider = false; - if (genpd->set_performance_state) { + if (!genpd_is_opp_table_fw(genpd) && genpd->set_performance_state) { dev_pm_opp_put_opp_table(genpd->opp_table); dev_pm_opp_of_remove_table(&genpd->dev); } @@ -2446,7 +2447,7 @@ void of_genpd_del_provider(struct device_node *np) if (gpd->provider == &np->fwnode) { gpd->has_provider = false; - if (!gpd->set_performance_state) + if (genpd_is_opp_table_fw(gpd) || !gpd->set_performance_state) continue; dev_pm_opp_put_opp_table(gpd->opp_table); diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h index ebc351698090..99626380687b 100644 --- a/include/linux/pm_domain.h +++ b/include/linux/pm_domain.h @@ -60,6 +60,10 @@ * GENPD_FLAG_MIN_RESIDENCY: Enable the genpd governor to consider its * components' next wakeup when determining the * optimal idle state. + * + * GENPD_FLAG_OPP_TABLE_FW: The genpd provider supports performance states, + * but its corresponding OPP tables are not + * described in DT, but are given directly by FW. */ #define GENPD_FLAG_PM_CLK (1U << 0) #define GENPD_FLAG_IRQ_SAFE (1U << 1) @@ -68,6 +72,7 @@ #define GENPD_FLAG_CPU_DOMAIN (1U << 4) #define GENPD_FLAG_RPM_ALWAYS_ON (1U << 5) #define GENPD_FLAG_MIN_RESIDENCY (1U << 6) +#define GENPD_FLAG_OPP_TABLE_FW (1U << 7) enum gpd_status { GENPD_STATE_ON = 0, /* PM domain is on */ From ff18572d05a4a61809e380b0c9b5a7355bbce63d Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:28 +0200 Subject: [PATCH 30/87] UPSTREAM: dt-bindings: arm: cpus: Add a power-domain-name for a performance-domain When an CPU's performance domain is managed through the SCMI firmware, let's enable us describe this as a consumer of a power-domain provider, which is the de-facto standard to use for performance domains. In this case, let's specify a corresponding power-domain-name, to point out the corresponding index for it. Cc: Rob Herring Cc: Krzysztof Kozlowski Cc: Conor Dooley Cc: devicetree@vger.kernel.org Cc: Lorenzo Pieralisi Signed-off-by: Ulf Hansson Reviewed-by: Rob Herring Link: https://lore.kernel.org/r/20230825112633.236607-9-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I4096359603b39d47425033ae554ce357370798f8 (cherry picked from commit 6e429adc60b1fa87b6e89d68cb9d1c0a8224d58a) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- Documentation/devicetree/bindings/arm/cpus.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/devicetree/bindings/arm/cpus.yaml b/Documentation/devicetree/bindings/arm/cpus.yaml index 5c13b73e4d57..e7847aa6ac01 100644 --- a/Documentation/devicetree/bindings/arm/cpus.yaml +++ b/Documentation/devicetree/bindings/arm/cpus.yaml @@ -296,7 +296,9 @@ properties: power-domains property. For PSCI based platforms, the name corresponding to the index of the PSCI - PM domain provider, must be "psci". + PM domain provider, must be "psci". For SCMI based platforms, the name + corresponding to the index of an SCMI performance domain provider, must be + "perf". qcom,saw: $ref: '/schemas/types.yaml#/definitions/phandle' From dda942f0100e6a26e1b74723f62d5dc55d48cc09 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:29 +0200 Subject: [PATCH 31/87] UPSTREAM: dt-bindings: firmware: arm,scmi: Extend bindings for protocol@13 The protocol@13 node is describing the performance scaling option for the ARM SCMI interface, as a clock provider. This is unnecessary limiting, as performance scaling is in many cases not limited to switching a clock's frequency. Therefore, let's extend the binding so the interface can be modelled as a generic performance domain too. The common way to describe this, is to use the power-domain DT bindings, so let's use that. Cc: Rob Herring Cc: Krzysztof Kozlowski Cc: Conor Dooley Cc: devicetree@vger.kernel.org Signed-off-by: Ulf Hansson Reviewed-by: Rob Herring Link: https://lore.kernel.org/r/20230825112633.236607-10-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Idbc74f40223b00946a2b14b5804cef2b6cdd38c9 (cherry picked from commit e11c480b6df1942b8f9a6958c2d881d8a9a9fb3b) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- .../devicetree/bindings/firmware/arm,scmi.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Documentation/devicetree/bindings/firmware/arm,scmi.yaml b/Documentation/devicetree/bindings/firmware/arm,scmi.yaml index 1c0388da6721..39a4df2be5df 100644 --- a/Documentation/devicetree/bindings/firmware/arm,scmi.yaml +++ b/Documentation/devicetree/bindings/firmware/arm,scmi.yaml @@ -120,8 +120,15 @@ properties: '#clock-cells': const: 1 - required: - - '#clock-cells' + '#power-domain-cells': + const: 1 + + oneOf: + - required: + - '#clock-cells' + + - required: + - '#power-domain-cells' protocol@14: type: object From 9c1597d2e45fd909bda63982db2049529a46091f Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 25 Aug 2023 13:26:30 +0200 Subject: [PATCH 32/87] UPSTREAM: dt-bindings: power: Clarify performance capabilities of power-domains The power-domains bindings has in many years been used to describe so called performance-domains too. Rather than using a separate binding it has been convenient to re-use the power-domain bindings, as in some cases it's in fact a combination of the both that would be the best description. Therefore, let's make it more clear that the power-domains bindings can be used to describe a performance-domain too. Cc: "Rafael J. Wysocki" Cc: Kevin Hilman Cc: Rob Herring Cc: Krzysztof Kozlowski Cc: Conor Dooley Cc: devicetree@vger.kernel.org Signed-off-by: Ulf Hansson Reviewed-by: Rob Herring Link: https://lore.kernel.org/r/20230825112633.236607-11-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I46cc27dec351160f20a76d29d419ba8e0f161c1b (cherry picked from commit 0ead1f3e158c44aa274f2d5c49be947fbfcdffe0) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- .../devicetree/bindings/power/power-domain.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Documentation/devicetree/bindings/power/power-domain.yaml b/Documentation/devicetree/bindings/power/power-domain.yaml index 889091b9814f..4a4af9405ec1 100644 --- a/Documentation/devicetree/bindings/power/power-domain.yaml +++ b/Documentation/devicetree/bindings/power/power-domain.yaml @@ -13,8 +13,9 @@ maintainers: description: |+ System on chip designs are often divided into multiple PM domains that can be - used for power gating of selected IP blocks for power saving by reduced leakage - current. + used for power gating of selected IP blocks for power saving by reduced + leakage current. Moreover, in some cases the similar PM domains may also be + capable of scaling performance for a group of IP blocks. This device tree binding can be used to bind PM domain consumer devices with their PM domains provided by PM domain providers. A PM domain provider can be @@ -25,7 +26,7 @@ description: |+ properties: $nodename: - pattern: "^(power-controller|power-domain)([@-].*)?$" + pattern: "^(power-controller|power-domain|performance-domain)([@-].*)?$" domain-idle-states: $ref: /schemas/types.yaml#/definitions/phandle-array @@ -47,11 +48,11 @@ properties: items: maxItems: 1 description: - Phandles to the OPP tables of power domains provided by a power domain - provider. If the provider provides a single power domain only or all - the power domains provided by the provider have identical OPP tables, - then this shall contain a single phandle. Refer to ../opp/opp-v2-base.yaml - for more information. + Phandles to the OPP tables of power domains that are capable of scaling + performance, provided by a power domain provider. If the provider provides + a single power domain only or all the power domains provided by the + provider have identical OPP tables, then this shall contain a single + phandle. Refer to ../opp/opp-v2-base.yaml for more information. "#power-domain-cells": description: From adf41f47375e07a1c8c96bc53945ae6e30d6615d Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Mon, 25 Sep 2023 15:17:09 +0200 Subject: [PATCH 33/87] BACKPORT: OPP: Add dev_pm_opp_add_dynamic() to allow more flexibility The dev_pm_opp_add() API is limited to add dynamic OPPs with a frequency and a voltage level. To enable more flexibility, let's add a new API, dev_pm_opp_add_dynamic() that's takes a struct dev_pm_opp_data* instead of a list of in-parameters. Signed-off-by: Ulf Hansson Signed-off-by: Viresh Kumar Bug: 323966425 Change-Id: I37e08f4b4c9f42e1f8c42a876d46d89447fda7a1 (cherry picked from commit 248a38d5cc3f3505e6cfbbc0514435c9f1ba00af) [anantg: Kept dev_pm_opp_add() as an exported API to maintain the ABI] Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/opp/core.c | 32 +++++++++++++++++++++----------- drivers/opp/of.c | 10 ++++++---- drivers/opp/opp.h | 2 +- include/linux/pm_opp.h | 25 +++++++++++++++++++++---- 4 files changed, 49 insertions(+), 20 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 71d3e3ba909a..c8c5abdf81c9 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1914,8 +1914,7 @@ int _opp_add(struct device *dev, struct dev_pm_opp *new_opp, * _opp_add_v1() - Allocate a OPP based on v1 bindings. * @opp_table: OPP table * @dev: device for which we do this operation - * @freq: Frequency in Hz for this OPP - * @u_volt: Voltage in uVolts for this OPP + * @data: The OPP data for the OPP to add * @dynamic: Dynamically added OPPs. * * This function adds an opp definition to the opp table and returns status. @@ -1933,10 +1932,10 @@ int _opp_add(struct device *dev, struct dev_pm_opp *new_opp, * -ENOMEM Memory allocation failure */ int _opp_add_v1(struct opp_table *opp_table, struct device *dev, - unsigned long freq, long u_volt, bool dynamic) + struct dev_pm_opp_data *data, bool dynamic) { struct dev_pm_opp *new_opp; - unsigned long tol; + unsigned long tol, u_volt = data->u_volt; int ret; if (!assert_single_clk(opp_table)) @@ -1947,7 +1946,7 @@ int _opp_add_v1(struct opp_table *opp_table, struct device *dev, return -ENOMEM; /* populate the opp table */ - new_opp->rates[0] = freq; + new_opp->rates[0] = data->freq; tol = u_volt * opp_table->voltage_tolerance_v1 / 100; new_opp->supplies[0].u_volt = u_volt; new_opp->supplies[0].u_volt_min = u_volt - tol; @@ -2731,10 +2730,9 @@ unlock: } /** - * dev_pm_opp_add() - Add an OPP table from a table definitions - * @dev: device for which we do this operation - * @freq: Frequency in Hz for this OPP - * @u_volt: Voltage in uVolts for this OPP + * dev_pm_opp_add_dynamic() - Add an OPP table from a table definitions + * @dev: The device for which we do this operation + * @data: The OPP data for the OPP to add * * This function adds an opp definition to the opp table and returns status. * The opp is made available by default and it can be controlled using @@ -2747,7 +2745,7 @@ unlock: * Duplicate OPPs (both freq and volt are same) and !opp->available * -ENOMEM Memory allocation failure */ -int dev_pm_opp_add(struct device *dev, unsigned long freq, unsigned long u_volt) +int dev_pm_opp_add_dynamic(struct device *dev, struct dev_pm_opp_data *data) { struct opp_table *opp_table; int ret; @@ -2759,12 +2757,24 @@ int dev_pm_opp_add(struct device *dev, unsigned long freq, unsigned long u_volt) /* Fix regulator count for dynamic OPPs */ opp_table->regulator_count = 1; - ret = _opp_add_v1(opp_table, dev, freq, u_volt, true); + ret = _opp_add_v1(opp_table, dev, data, true); if (ret) dev_pm_opp_put_opp_table(opp_table); return ret; } +EXPORT_SYMBOL_GPL(dev_pm_opp_add_dynamic); + +int dev_pm_opp_add(struct device *dev, unsigned long freq, + unsigned long u_volt) +{ + struct dev_pm_opp_data data = { + .freq = freq, + .u_volt = u_volt, + }; + + return dev_pm_opp_add_dynamic(dev, &data); +} EXPORT_SYMBOL_GPL(dev_pm_opp_add); /** diff --git a/drivers/opp/of.c b/drivers/opp/of.c index 605d68673f92..4d011e82cfe2 100644 --- a/drivers/opp/of.c +++ b/drivers/opp/of.c @@ -1106,13 +1106,15 @@ static int _of_add_opp_table_v1(struct device *dev, struct opp_table *opp_table) val = prop->value; while (nr) { - unsigned long freq = be32_to_cpup(val++) * 1000; - unsigned long volt = be32_to_cpup(val++); + struct dev_pm_opp_data data = { + .freq = be32_to_cpup(val++) * 1000, + .u_volt = be32_to_cpup(val++), + }; - ret = _opp_add_v1(opp_table, dev, freq, volt, false); + ret = _opp_add_v1(opp_table, dev, &data, false); if (ret) { dev_err(dev, "%s: Failed to add OPP %ld (%d)\n", - __func__, freq, ret); + __func__, data.freq, ret); goto remove_static_opp; } nr -= 2; diff --git a/drivers/opp/opp.h b/drivers/opp/opp.h index 3a6e077df386..cb3bc6056e44 100644 --- a/drivers/opp/opp.h +++ b/drivers/opp/opp.h @@ -252,7 +252,7 @@ struct dev_pm_opp *_opp_allocate(struct opp_table *opp_table); void _opp_free(struct dev_pm_opp *opp); int _opp_compare_key(struct opp_table *opp_table, struct dev_pm_opp *opp1, struct dev_pm_opp *opp2); int _opp_add(struct device *dev, struct dev_pm_opp *new_opp, struct opp_table *opp_table); -int _opp_add_v1(struct opp_table *opp_table, struct device *dev, unsigned long freq, long u_volt, bool dynamic); +int _opp_add_v1(struct opp_table *opp_table, struct device *dev, struct dev_pm_opp_data *data, bool dynamic); void _dev_pm_opp_cpumask_remove_table(const struct cpumask *cpumask, int last_cpu); struct opp_table *_add_opp_table_indexed(struct device *dev, int index, bool getclk); void _put_opp_list_kref(struct opp_table *opp_table); diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h index dc1fb5890792..2ac56bb6c813 100644 --- a/include/linux/pm_opp.h +++ b/include/linux/pm_opp.h @@ -92,6 +92,16 @@ struct dev_pm_opp_config { struct device ***virt_devs; }; +/** + * struct dev_pm_opp_data - The data to use to initialize an OPP. + * @freq: The clock rate in Hz for the OPP. + * @u_volt: The voltage in uV for the OPP. + */ +struct dev_pm_opp_data { + unsigned long freq; + unsigned long u_volt; +}; + #if defined(CONFIG_PM_OPP) struct opp_table *dev_pm_opp_get_opp_table(struct device *dev); @@ -140,8 +150,9 @@ struct dev_pm_opp *dev_pm_opp_find_bw_floor(struct device *dev, void dev_pm_opp_put(struct dev_pm_opp *opp); -int dev_pm_opp_add(struct device *dev, unsigned long freq, - unsigned long u_volt); +int dev_pm_opp_add_dynamic(struct device *dev, struct dev_pm_opp_data *opp); +int dev_pm_opp_add(struct device *dev, unsigned long freq, unsigned long u_volt); + void dev_pm_opp_remove(struct device *dev, unsigned long freq); void dev_pm_opp_remove_all_dynamic(struct device *dev); @@ -291,8 +302,14 @@ static inline struct dev_pm_opp *dev_pm_opp_find_bw_floor(struct device *dev, static inline void dev_pm_opp_put(struct dev_pm_opp *opp) {} -static inline int dev_pm_opp_add(struct device *dev, unsigned long freq, - unsigned long u_volt) +static inline int +dev_pm_opp_add_dynamic(struct device *dev, struct dev_pm_opp_data *opp) +{ + return -EOPNOTSUPP; +} + +static inline int +dev_pm_opp_add(struct device *dev, struct dev_pm_opp_data *opp, unsigned long u_volt) { return -EOPNOTSUPP; } From 9ba5e19e0d3bb4b5617fdc1a38d1894810e24e0f Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Mon, 25 Sep 2023 15:17:10 +0200 Subject: [PATCH 34/87] UPSTREAM: OPP: Extend dev_pm_opp_data with a level Let's extend the dev_pm_opp_data with a level variable, to allow users to specify a corresponding level (performance state) for a dynamically added OPP. Signed-off-by: Ulf Hansson Signed-off-by: Viresh Kumar Bug: 323966425 Change-Id: I1cc007355fd53f26d29b88ad0d9fa2d56a1e4e9d (cherry picked from commit 3166383da081461244918aeed7ad028ef11b17cc) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/opp/core.c | 1 + include/linux/pm_opp.h | 2 ++ 2 files changed, 3 insertions(+) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index c8c5abdf81c9..f5c410c4ee79 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1947,6 +1947,7 @@ int _opp_add_v1(struct opp_table *opp_table, struct device *dev, /* populate the opp table */ new_opp->rates[0] = data->freq; + new_opp->level = data->level; tol = u_volt * opp_table->voltage_tolerance_v1 / 100; new_opp->supplies[0].u_volt = u_volt; new_opp->supplies[0].u_volt_min = u_volt - tol; diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h index 2ac56bb6c813..38a0d7245fe2 100644 --- a/include/linux/pm_opp.h +++ b/include/linux/pm_opp.h @@ -94,10 +94,12 @@ struct dev_pm_opp_config { /** * struct dev_pm_opp_data - The data to use to initialize an OPP. + * @level: The performance level for the OPP. * @freq: The clock rate in Hz for the OPP. * @u_volt: The voltage in uV for the OPP. */ struct dev_pm_opp_data { + unsigned int level; unsigned long freq; unsigned long u_volt; }; From b50a013d3317322c2ea3fca1056b51c25c38a2a4 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Mon, 25 Sep 2023 15:17:12 +0200 Subject: [PATCH 35/87] BACKPORT: OPP: Extend support for the opp-level beyond required-opps At this point the level (performance state) for an OPP is currently limited to be requested for a device that is attached to a PM domain. Moreover, the device needs to have the so called required-opps assigned to it, which are based upon OPP tables being described in DT. To extend the support beyond required-opps and DT, let's enable the level to be set for all OPPs. More precisely, if the requested OPP has a valid level let's try to request it through the device's optional PM domain, via calling dev_pm_domain_set_performance_state(). Signed-off-by: Ulf Hansson [ Viresh: Handle NULL opp in _set_opp_level() ] Signed-off-by: Viresh Kumar Bug: 323966425 Change-Id: I6176127586d50324fbb96f099ddad60bb3c910e5 (cherry picked from commit 0025ff64ffcf6bd6ece5484e7818401f77bf115f) [nikunj: Resolved minor conflict in drivers/opp/core.c ] [anantg: Use dev_pm_genpd_set_performance_state in drivers/opp/core.c ] Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/opp/core.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index f5c410c4ee79..5dd9ae2f3489 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1011,6 +1011,28 @@ static int _set_required_opps(struct device *dev, return ret; } +static int _set_opp_level(struct device *dev, struct opp_table *opp_table, + struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (!opp->level) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_genpd_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); @@ -1058,8 +1080,13 @@ static int _disable_opp_table(struct device *dev, struct opp_table *opp_table) if (opp_table->regulators) regulator_disable(opp_table->regulators[0]); + ret = _set_opp_level(dev, opp_table, NULL); + if (ret) + goto out; + ret = _set_required_opps(dev, opp_table, NULL, false); +out: opp_table->enabled = false; return ret; } @@ -1102,6 +1129,10 @@ static int _set_opp(struct device *dev, struct opp_table *opp_table, return ret; } + ret = _set_opp_level(dev, opp_table, opp); + if (ret) + return ret; + ret = _set_opp_bw(opp_table, opp, dev); if (ret) { dev_err(dev, "Failed to set bw: %d\n", ret); @@ -1145,6 +1176,10 @@ static int _set_opp(struct device *dev, struct opp_table *opp_table, return ret; } + ret = _set_opp_level(dev, opp_table, opp); + if (ret) + return ret; + ret = _set_required_opps(dev, opp_table, opp, false); if (ret) { dev_err(dev, "Failed to set required opps: %d\n", ret); From 47933171f3e7a3880def7b21e958f38fe376223e Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Mon, 25 Sep 2023 15:17:13 +0200 Subject: [PATCH 36/87] BACKPORT: firmware: arm_scmi: Simplify error path in scmi_dvfs_device_opps_add() Let's simplify the code in scmi_dvfs_device_opps_add() by using dev_pm_opp_remove_all_dynamic() in the error path. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230925131715.138411-8-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: Ic2378e232588af5332cb7770287fec02342389eb (cherry picked from commit 033ca4de129646e9969a6838b44cca0fac38e219) [nikunj: Resolved minor conflict in drivers/firmware/arm_scmi/perf.c ] Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/firmware/arm_scmi/perf.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index 8f607971cb05..2af4b557070c 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -603,24 +603,19 @@ static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, { int idx, ret; unsigned long freq; - struct scmi_opp *opp; struct perf_dom_info *dom; dom = scmi_perf_domain_lookup(ph, domain); if (IS_ERR(dom)) return PTR_ERR(dom); - for (opp = dom->opp, idx = 0; idx < dom->opp_count; idx++, opp++) { - freq = opp->perf * dom->mult_factor; + for (idx = 0; idx < dom->opp_count; idx++) { + freq = dom->opp[idx].perf * dom->mult_factor; ret = dev_pm_opp_add(dev, freq, 0); if (ret) { dev_warn(dev, "failed to add opp %luHz\n", freq); - - while (idx-- > 0) { - freq = (--opp)->perf * dom->mult_factor; - dev_pm_opp_remove(dev, freq); - } + dev_pm_opp_remove_all_dynamic(dev); return ret; } From c33dbb3b87e8d04edc6de214c19af2456c1758d1 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Mon, 25 Sep 2023 15:17:14 +0200 Subject: [PATCH 37/87] UPSTREAM: firmware: arm_scmi: Specify the performance level when adding an OPP To enable the performance level to be used for OPPs, let's convert into using the dev_pm_opp_add_dynamic() API when creating them. This will be particularly useful for the SCMI performance domain, as shown through subsequent changes. Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20230925131715.138411-9-ulf.hansson@linaro.org Signed-off-by: Sudeep Holla Bug: 323966425 Change-Id: I0d831c1e923d64e3e88e42acf4f4f16587c21696 (cherry picked from commit 5a6a104193520dc3b66ad2c7d823e00b50734ab6) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/firmware/arm_scmi/perf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index 2af4b557070c..57e4f1cbdbd2 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -603,6 +603,7 @@ static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, { int idx, ret; unsigned long freq; + struct dev_pm_opp_data data = {}; struct perf_dom_info *dom; dom = scmi_perf_domain_lookup(ph, domain); @@ -612,7 +613,10 @@ static int scmi_dvfs_device_opps_add(const struct scmi_protocol_handle *ph, for (idx = 0; idx < dom->opp_count; idx++) { freq = dom->opp[idx].perf * dom->mult_factor; - ret = dev_pm_opp_add(dev, freq, 0); + data.level = dom->opp[idx].perf; + data.freq = freq; + + ret = dev_pm_opp_add_dynamic(dev, &data); if (ret) { dev_warn(dev, "failed to add opp %luHz\n", freq); dev_pm_opp_remove_all_dynamic(dev); From 7b1e2d9798f69cf0a8087853ae632befbc6c16c6 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Thu, 5 Oct 2023 10:25:27 -0700 Subject: [PATCH 38/87] UPSTREAM: OPP: Fix -Wunsequenced in _of_add_opp_table_v1() Clang warns (or errors with CONFIG_WERROR=y): drivers/opp/of.c:1081:28: error: multiple unsequenced modifications to 'val' [-Werror,-Wunsequenced] 1081 | .freq = be32_to_cpup(val++) * 1000, | ^ 1082 | .u_volt = be32_to_cpup(val++), | ~~ 1 error generated. There is no sequence point in a designated initializer. Move back to separate variables for the creation of the values, so that there are sequence points between each evaluation and increment of val. Fixes: 75bbc92c09d8 ("OPP: Add dev_pm_opp_add_dynamic() to allow more flexibility") Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Viresh Kumar Bug: 323966425 Change-Id: I870855263a0db8e35bcf8f150f5e05b2cfbdbc6b (cherry picked from commit 184ff4f721638e37a5a5907bf98962b6d9318ef6) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/opp/of.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/opp/of.c b/drivers/opp/of.c index 4d011e82cfe2..daad18d5928b 100644 --- a/drivers/opp/of.c +++ b/drivers/opp/of.c @@ -1106,9 +1106,11 @@ static int _of_add_opp_table_v1(struct device *dev, struct opp_table *opp_table) val = prop->value; while (nr) { + unsigned long freq = be32_to_cpup(val++) * 1000; + unsigned long volt = be32_to_cpup(val++); struct dev_pm_opp_data data = { - .freq = be32_to_cpup(val++) * 1000, - .u_volt = be32_to_cpup(val++), + .freq = freq, + .u_volt = volt, }; ret = _opp_add_v1(opp_table, dev, &data, false); From f88293625b3d040f1b55b1cac7dd85c043d08a46 Mon Sep 17 00:00:00 2001 From: Ulf Hansson Date: Fri, 26 Jan 2024 22:50:49 -0800 Subject: [PATCH 39/87] UPSTREAM: PM: domains: Add helper functions to attach/detach multiple PM domains Attaching/detaching of a device to multiple PM domains has started to become a common operation for many drivers, typically during ->probe() and ->remove(). In most cases, this has lead to lots of boilerplate code in the drivers. To fixup up the situation, let's introduce a pair of helper functions, dev_pm_domain_attach|detach_list(), that driver can use instead of the open-coding. Note that, it seems reasonable to limit the support for these helpers to DT based platforms, at it's the only valid use case for now. Suggested-by: Daniel Baluta Tested-by: Bryan O'Donoghue Tested-by: Iuliana Prodan Signed-off-by: Ulf Hansson Link: https://lore.kernel.org/r/20240130123951.236243-2-ulf.hansson@linaro.org Bug: 323966425 Change-Id: Ib0cc368d9eac3a9615b75ca5954d81ab6b14b4b2 (cherry picked from commit 161e16a5e50a82d219b3df3ce32286b0a2ae08bd) Signed-off-by: Nikunj Kela Signed-off-by: Anant Goel --- drivers/base/power/common.c | 134 ++++++++++++++++++++++++++++++++++++ include/linux/pm_domain.h | 38 ++++++++++ 2 files changed, 172 insertions(+) diff --git a/drivers/base/power/common.c b/drivers/base/power/common.c index 72115917e0bd..299496e1381d 100644 --- a/drivers/base/power/common.c +++ b/drivers/base/power/common.c @@ -167,6 +167,115 @@ struct device *dev_pm_domain_attach_by_name(struct device *dev, } EXPORT_SYMBOL_GPL(dev_pm_domain_attach_by_name); +/** + * dev_pm_domain_attach_list - Associate a device with its PM domains. + * @dev: The device used to lookup the PM domains for. + * @data: The data used for attaching to the PM domains. + * @list: An out-parameter with an allocated list of attached PM domains. + * + * This function helps to attach a device to its multiple PM domains. The + * caller, which is typically a driver's probe function, may provide a list of + * names for the PM domains that we should try to attach the device to, but it + * may also provide an empty list, in case the attach should be done for all of + * the available PM domains. + * + * Callers must ensure proper synchronization of this function with power + * management callbacks. + * + * Returns the number of attached PM domains or a negative error code in case of + * a failure. Note that, to detach the list of PM domains, the driver shall call + * dev_pm_domain_detach_list(), typically during the remove phase. + */ +int dev_pm_domain_attach_list(struct device *dev, + const struct dev_pm_domain_attach_data *data, + struct dev_pm_domain_list **list) +{ + struct device_node *np = dev->of_node; + struct dev_pm_domain_list *pds; + struct device *pd_dev = NULL; + int ret, i, num_pds = 0; + bool by_id = true; + u32 pd_flags = data ? data->pd_flags : 0; + u32 link_flags = pd_flags & PD_FLAG_NO_DEV_LINK ? 0 : + DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME; + + if (dev->pm_domain) + return -EEXIST; + + /* For now this is limited to OF based platforms. */ + if (!np) + return 0; + + if (data && data->pd_names) { + num_pds = data->num_pd_names; + by_id = false; + } else { + num_pds = of_count_phandle_with_args(np, "power-domains", + "#power-domain-cells"); + } + + if (num_pds <= 0) + return 0; + + pds = devm_kzalloc(dev, sizeof(*pds), GFP_KERNEL); + if (!pds) + return -ENOMEM; + + pds->pd_devs = devm_kcalloc(dev, num_pds, sizeof(*pds->pd_devs), + GFP_KERNEL); + if (!pds->pd_devs) + return -ENOMEM; + + pds->pd_links = devm_kcalloc(dev, num_pds, sizeof(*pds->pd_links), + GFP_KERNEL); + if (!pds->pd_links) + return -ENOMEM; + + if (link_flags && pd_flags & PD_FLAG_DEV_LINK_ON) + link_flags |= DL_FLAG_RPM_ACTIVE; + + for (i = 0; i < num_pds; i++) { + if (by_id) + pd_dev = dev_pm_domain_attach_by_id(dev, i); + else + pd_dev = dev_pm_domain_attach_by_name(dev, + data->pd_names[i]); + if (IS_ERR_OR_NULL(pd_dev)) { + ret = pd_dev ? PTR_ERR(pd_dev) : -ENODEV; + goto err_attach; + } + + if (link_flags) { + struct device_link *link; + + link = device_link_add(dev, pd_dev, link_flags); + if (!link) { + ret = -ENODEV; + goto err_link; + } + + pds->pd_links[i] = link; + } + + pds->pd_devs[i] = pd_dev; + } + + pds->num_pds = num_pds; + *list = pds; + return num_pds; + +err_link: + dev_pm_domain_detach(pd_dev, true); +err_attach: + while (--i >= 0) { + if (pds->pd_links[i]) + device_link_del(pds->pd_links[i]); + dev_pm_domain_detach(pds->pd_devs[i], true); + } + return ret; +} +EXPORT_SYMBOL_GPL(dev_pm_domain_attach_list); + /** * dev_pm_domain_detach - Detach a device from its PM domain. * @dev: Device to detach. @@ -187,6 +296,31 @@ void dev_pm_domain_detach(struct device *dev, bool power_off) } EXPORT_SYMBOL_GPL(dev_pm_domain_detach); +/** + * dev_pm_domain_detach_list - Detach a list of PM domains. + * @list: The list of PM domains to detach. + * + * This function reverse the actions from dev_pm_domain_attach_list(). + * Typically it should be invoked during the remove phase from drivers. + * + * Callers must ensure proper synchronization of this function with power + * management callbacks. + */ +void dev_pm_domain_detach_list(struct dev_pm_domain_list *list) +{ + int i; + + if (!list) + return; + + for (i = 0; i < list->num_pds; i++) { + if (list->pd_links[i]) + device_link_del(list->pd_links[i]); + dev_pm_domain_detach(list->pd_devs[i], true); + } +} +EXPORT_SYMBOL_GPL(dev_pm_domain_detach_list); + /** * dev_pm_domain_start - Start the device through its PM domain. * @dev: Device to start. diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h index 99626380687b..6649c5397697 100644 --- a/include/linux/pm_domain.h +++ b/include/linux/pm_domain.h @@ -18,6 +18,33 @@ #include #include +/* + * Flags to control the behaviour when attaching a device to its PM domains. + * + * PD_FLAG_NO_DEV_LINK: As the default behaviour creates a device-link + * for every PM domain that gets attached, this + * flag can be used to skip that. + * + * PD_FLAG_DEV_LINK_ON: Add the DL_FLAG_RPM_ACTIVE to power-on the + * supplier and its PM domain when creating the + * device-links. + * + */ +#define PD_FLAG_NO_DEV_LINK BIT(0) +#define PD_FLAG_DEV_LINK_ON BIT(1) + +struct dev_pm_domain_attach_data { + const char * const *pd_names; + const u32 num_pd_names; + const u32 pd_flags; +}; + +struct dev_pm_domain_list { + struct device **pd_devs; + struct device_link **pd_links; + u32 num_pds; +}; + /* * Flags to control the behaviour of a genpd. * @@ -420,7 +447,11 @@ struct device *dev_pm_domain_attach_by_id(struct device *dev, unsigned int index); struct device *dev_pm_domain_attach_by_name(struct device *dev, const char *name); +int dev_pm_domain_attach_list(struct device *dev, + const struct dev_pm_domain_attach_data *data, + struct dev_pm_domain_list **list); void dev_pm_domain_detach(struct device *dev, bool power_off); +void dev_pm_domain_detach_list(struct dev_pm_domain_list *list); int dev_pm_domain_start(struct device *dev); void dev_pm_domain_set(struct device *dev, struct dev_pm_domain *pd); #else @@ -438,7 +469,14 @@ static inline struct device *dev_pm_domain_attach_by_name(struct device *dev, { return NULL; } +static inline int dev_pm_domain_attach_list(struct device *dev, + const struct dev_pm_domain_attach_data *data, + struct dev_pm_domain_list **list) +{ + return 0; +} static inline void dev_pm_domain_detach(struct device *dev, bool power_off) {} +static inline void dev_pm_domain_detach_list(struct dev_pm_domain_list *list) {} static inline int dev_pm_domain_start(struct device *dev) { return 0; From eabf8327ed1cb83845d33a5510f23de3a94d48d2 Mon Sep 17 00:00:00 2001 From: John Scheible Date: Wed, 4 Sep 2024 09:13:38 -0700 Subject: [PATCH 40/87] ANDROID: Update the ABI symbol list Adding the following symbols: - dma_fence_allocate_private_stub 1 function symbol(s) added 'struct dma_fence* dma_fence_allocate_private_stub(ktime_t)' Bug: 364613453 Change-Id: Ib806915b6d2be0c23c304b86a15213d4d98c0b36 Signed-off-by: John Scheible --- android/abi_gki_aarch64.stg | 15 +++++++++++++++ android/abi_gki_aarch64_pixel | 1 + 2 files changed, 16 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index aeeffcb421f3..a9703aef7641 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -338041,6 +338041,11 @@ function { return_type_id: 0x6d7f5ff6 parameter_id: 0x914dbfdc } +function { + id: 0xdb365209 + return_type_id: 0x030b9acf + parameter_id: 0x11c404ba +} function { id: 0xdb53d61f return_type_id: 0x3f095459 @@ -365258,6 +365263,15 @@ elf_symbol { type_id: 0x9df2edfa full_name: "dma_fence_add_callback" } +elf_symbol { + id: 0x7ab07b7f + name: "dma_fence_allocate_private_stub" + is_defined: true + symbol_type: FUNCTION + crc: 0x297c8a7d + type_id: 0xdb365209 + full_name: "dma_fence_allocate_private_stub" +} elf_symbol { id: 0xe2ee283f name: "dma_fence_array_create" @@ -416292,6 +416306,7 @@ interface { symbol_id: 0x279bd3a7 symbol_id: 0x0e847130 symbol_id: 0xd13969dd + symbol_id: 0x7ab07b7f symbol_id: 0xe2ee283f symbol_id: 0xf5808a3e symbol_id: 0x2762abc3 diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index 62a2eac1062e..7f66d86c4968 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -576,6 +576,7 @@ dma_direct_free dmaengine_unmap_put dma_fence_add_callback + dma_fence_allocate_private_stub dma_fence_array_create dma_fence_array_ops dma_fence_context_alloc From ef0ea14d63e09ba6b4d6f777f28a235c0fc83a0a Mon Sep 17 00:00:00 2001 From: huangshaobo1 Date: Mon, 2 Sep 2024 16:00:32 +0800 Subject: [PATCH 41/87] ANDROID: ABI: Update xiaomi symbol list 1 function symbol(s) added 'unsigned long shrink_slab(gfp_t, int, struct mem_cgroup*, int)' Bug: 363907036 Change-Id: I295a42db5a2e2dbba99991a8c2ee557c603cd2c1 Signed-off-by: huangshaobo1 --- android/abi_gki_aarch64.stg | 18 ++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 3 +++ android/abi_gki_protected_exports_aarch64 | 1 + 3 files changed, 22 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index a9703aef7641..c783b1aa0119 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -293827,6 +293827,14 @@ function { parameter_id: 0x3e10b518 parameter_id: 0xf435685e } +function { + id: 0x0c5f338c + return_type_id: 0x33756485 + parameter_id: 0xf1a6dfed + parameter_id: 0x6720d32f + parameter_id: 0x1d5bae2a + parameter_id: 0x6720d32f +} function { id: 0x0cd36f30 return_type_id: 0x33756485 @@ -398152,6 +398160,15 @@ elf_symbol { type_id: 0x10d0da4c full_name: "show_regs" } +elf_symbol { + id: 0x59a21b13 + name: "shrink_slab" + is_defined: true + symbol_type: FUNCTION + crc: 0xbc86f3ec + type_id: 0x0c5f338c + full_name: "shrink_slab" +} elf_symbol { id: 0xaba9754d name: "si_mem_available" @@ -419960,6 +419977,7 @@ interface { symbol_id: 0x96bd64f2 symbol_id: 0x064eb0d1 symbol_id: 0xbf6056e5 + symbol_id: 0x59a21b13 symbol_id: 0xaba9754d symbol_id: 0x6a9fad39 symbol_id: 0x99c66454 diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index f7daca8d7907..14ecf1f87fbe 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -373,6 +373,9 @@ pci_sriov_set_totalvfs pci_num_vf +# required by shrink memory module + shrink_slab + #required by cifs.ko add_swap_extent asn1_ber_decoder diff --git a/android/abi_gki_protected_exports_aarch64 b/android/abi_gki_protected_exports_aarch64 index 1f9b851b3947..b6c36d7a9e7c 100644 --- a/android/abi_gki_protected_exports_aarch64 +++ b/android/abi_gki_protected_exports_aarch64 @@ -22,6 +22,7 @@ bt_err_ratelimited bt_info bt_procfs_cleanup bt_procfs_init +bt_sock_alloc bt_sock_ioctl bt_sock_link bt_sock_poll From 03a4ae5d99826731bd9a59702fcdd2b7fb24db3a Mon Sep 17 00:00:00 2001 From: Pierre Couillaud Date: Wed, 4 Sep 2024 08:17:58 -0700 Subject: [PATCH 42/87] ANDROID: gki_defconfig: Enable Broadcom SoCs Enable DMA_RESTRICTED_POOL required for Broadcom SoCs. Bug: 364564922 Change-Id: I4a07bdeb7f7c8bdaae09e4665238214d5eb37742 Signed-off-by: Pierre Couillaud --- arch/arm64/configs/gki_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index b216e097b27e..ce5859a552af 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -732,6 +732,7 @@ CONFIG_CRYPTO_AES_ARM64_CE_BLK=y CONFIG_TRACE_MMIO_ACCESS=y CONFIG_CRC_CCITT=y CONFIG_XZ_DEC=y +CONFIG_DMA_RESTRICTED_POOL=y CONFIG_DMA_CMA=y CONFIG_PRINTK_TIME=y CONFIG_PRINTK_CALLER=y From 9eca8763c168b8b239bf403b95fe387fea12e5d9 Mon Sep 17 00:00:00 2001 From: Justin Jiang Date: Wed, 4 Sep 2024 15:31:04 +0800 Subject: [PATCH 43/87] ANDROID: vendor_hooks: add hooks for exting task's swp_entrys The process exit time is mainly caused by freeing its swp_entrys. When low memory triggers to kill lots of processes exit simultaneously, there is a problem of CPU high load occupied by the exiting processes. This feature is used to asynchronously maintain and release the swp_entrys of the exiting process to accelerate the efficiency of the exiting process. Bug: 364480846 Bug: 340798358 Change-Id: I6fc0b813e7ac6a0796e08ce7a17d5ff3ab2b799b Signed-off-by: Justin Jiang --- drivers/android/vendor_hooks.c | 5 +++++ include/trace/hooks/mm.h | 15 +++++++++++++++ mm/memory.c | 5 +++++ mm/mmap.c | 2 ++ mm/oom_kill.c | 5 +++++ 5 files changed, 32 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 20a40e94757f..412d22b13a7c 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -442,3 +442,8 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_folio_trylock_clear); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_folio_trylock_set); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_handle_trylock_failed_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_hibernate_state); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_init); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_add_bypass); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_finish); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_oom_swapmem_gather_init); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_oom_swapmem_gather_finish); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index b8527123813f..194f5536c149 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -246,6 +246,21 @@ DECLARE_HOOK(android_vh_shmem_swapin_folio, DECLARE_HOOK(android_vh_madvise_cold_or_pageout_page, TP_PROTO(bool pageout, struct page *page), TP_ARGS(pageout, page)); +DECLARE_HOOK(android_vh_swapmem_gather_init, + TP_PROTO(struct mm_struct *mm), + TP_ARGS(mm)); +DECLARE_HOOK(android_vh_swapmem_gather_add_bypass, + TP_PROTO(struct mm_struct *mm, swp_entry_t entry, bool *bypass), + TP_ARGS(mm, entry, bypass)); +DECLARE_HOOK(android_vh_swapmem_gather_finish, + TP_PROTO(struct mm_struct *mm), + TP_ARGS(mm)); +DECLARE_HOOK(android_vh_oom_swapmem_gather_init, + TP_PROTO(struct mm_struct *mm), + TP_ARGS(mm)); +DECLARE_HOOK(android_vh_oom_swapmem_gather_finish, + TP_PROTO(struct mm_struct *mm), + TP_ARGS(mm)); #endif /* _TRACE_HOOK_MM_H */ /* This part must be outside protection */ diff --git a/mm/memory.c b/mm/memory.c index 3ee3360706ac..4c54877c04a0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1426,6 +1426,7 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb, pte_t *start_pte; pte_t *pte; swp_entry_t entry; + bool bypass = false; tlb_change_page_size(tlb, PAGE_SIZE); again: @@ -1498,6 +1499,9 @@ again: if (!should_zap_cows(details)) continue; rss[MM_SWAPENTS]--; + trace_android_vh_swapmem_gather_add_bypass(mm, entry, &bypass); + if (bypass) + goto skip; if (unlikely(!free_swap_and_cache(entry))) print_bad_pte(vma, addr, ptent, NULL); } else if (is_migration_entry(entry)) { @@ -1517,6 +1521,7 @@ again: /* We should have covered all the swap entry types */ WARN_ON_ONCE(1); } +skip: pte_clear_not_present_full(mm, addr, pte, tlb->fullmm); zap_install_uffd_wp_if_needed(vma, addr, pte, details, ptent); } while (pte++, addr += PAGE_SIZE, addr != end); diff --git a/mm/mmap.c b/mm/mmap.c index efe4859cd9e6..f38b3b610c72 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3329,9 +3329,11 @@ void exit_mmap(struct mm_struct *mm) lru_add_drain(); flush_cache_mm(mm); tlb_gather_mmu_fullmm(&tlb, mm); + trace_android_vh_swapmem_gather_init(mm); /* update_hiwater_rss(mm) here? but nobody should be looking */ /* Use ULONG_MAX here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, &mm->mm_mt, vma, 0, ULONG_MAX, vma->vm_end, ULONG_MAX, false); + trace_android_vh_swapmem_gather_finish(mm); mmap_read_unlock(mm); /* diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 7a9e1c7f636c..18f57ec75233 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -53,6 +53,9 @@ #define CREATE_TRACE_POINTS #include +#undef CREATE_TRACE_POINTS +#include + static int sysctl_panic_on_oom; static int sysctl_oom_kill_allocating_task; static int sysctl_oom_dump_tasks = 1; @@ -525,6 +528,7 @@ bool __oom_reap_task_mm(struct mm_struct *mm) */ set_bit(MMF_UNSTABLE, &mm->flags); + trace_android_vh_oom_swapmem_gather_init(mm); for_each_vma(vmi, vma) { if (vma->vm_flags & (VM_HUGETLB|VM_PFNMAP)) continue; @@ -557,6 +561,7 @@ bool __oom_reap_task_mm(struct mm_struct *mm) tlb_finish_mmu(&tlb); } } + trace_android_vh_oom_swapmem_gather_finish(mm); return ret; } From d1af8906d99e0c796643da5e58c53feb1a5e8ab4 Mon Sep 17 00:00:00 2001 From: Justin Jiang Date: Wed, 4 Sep 2024 15:35:19 +0800 Subject: [PATCH 44/87] ANDROID: GKI: Update symbol list for vivo update vivo symbol list for adding hooks for exting task's swp_entrys. 5 function symbol(s) added 'int __traceiter_android_vh_oom_swapmem_gather_finish(void*, struct mm_struct *)' 'int __traceiter_android_vh_oom_swapmem_gather_init(void*, struct mm_struct *)' 'int __traceiter_android_vh_swapmem_gather_add_bypass(void*, struct mm_struct *, swp_entry_t, bool *)' 'int __traceiter_android_vh_swapmem_gather_finish(void*, struct mm_struct *)' 'int __traceiter_android_vh_swapmem_gather_init(void*, struct mm_struct *)' 5 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_oom_swapmem_gather_finish' 'struct tracepoint __tracepoint_android_vh_oom_swapmem_gather_init' 'struct tracepoint __tracepoint_android_vh_swapmem_gather_add_bypass' 'struct tracepoint __tracepoint_android_vh_swapmem_gather_finish' 'struct tracepoint __tracepoint_android_vh_swapmem_gather_init' Bug: 364480846 Bug: 340798358 Change-Id: I54f29d5eee93c8e88cdc1f81e46507b2c8b5bb95 Signed-off-by: Justin Jiang --- android/abi_gki_aarch64.stg | 108 +++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_vivo | 10 ++++ 2 files changed, 118 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index c783b1aa0119..deccb40a118d 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -327889,6 +327889,14 @@ function { parameter_id: 0x1d19a9d5 parameter_id: 0x4585663f } +function { + id: 0x9bcae3c8 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x1b36c7a2 + parameter_id: 0x27162aac + parameter_id: 0x11cfee5a +} function { id: 0x9bcb2775 return_type_id: 0x6720d32f @@ -346883,6 +346891,24 @@ elf_symbol { type_id: 0x9b2239e7 full_name: "__traceiter_android_vh_mutex_wait_start" } +elf_symbol { + id: 0x724577f8 + name: "__traceiter_android_vh_oom_swapmem_gather_finish" + is_defined: true + symbol_type: FUNCTION + crc: 0x29fbc105 + type_id: 0x9bc3617d + full_name: "__traceiter_android_vh_oom_swapmem_gather_finish" +} +elf_symbol { + id: 0xac55c769 + name: "__traceiter_android_vh_oom_swapmem_gather_init" + is_defined: true + symbol_type: FUNCTION + crc: 0x1207cd48 + type_id: 0x9bc3617d + full_name: "__traceiter_android_vh_oom_swapmem_gather_init" +} elf_symbol { id: 0xacaadcc9 name: "__traceiter_android_vh_page_add_new_anon_rmap" @@ -347576,6 +347602,33 @@ elf_symbol { type_id: 0x9b83c6f7 full_name: "__traceiter_android_vh_sound_usb_support_cpu_suspend" } +elf_symbol { + id: 0x445e3749 + name: "__traceiter_android_vh_swapmem_gather_add_bypass" + is_defined: true + symbol_type: FUNCTION + crc: 0x47403b0c + type_id: 0x9bcae3c8 + full_name: "__traceiter_android_vh_swapmem_gather_add_bypass" +} +elf_symbol { + id: 0x3f14ea30 + name: "__traceiter_android_vh_swapmem_gather_finish" + is_defined: true + symbol_type: FUNCTION + crc: 0xa8f4914c + type_id: 0x9bc3617d + full_name: "__traceiter_android_vh_swapmem_gather_finish" +} +elf_symbol { + id: 0x64e397a9 + name: "__traceiter_android_vh_swapmem_gather_init" + is_defined: true + symbol_type: FUNCTION + crc: 0x5f6a3d73 + type_id: 0x9bc3617d + full_name: "__traceiter_android_vh_swapmem_gather_init" +} elf_symbol { id: 0x58e7556b name: "__traceiter_android_vh_sync_txn_recvd" @@ -351455,6 +351508,24 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_mutex_wait_start" } +elf_symbol { + id: 0xdfe6a3ee + name: "__tracepoint_android_vh_oom_swapmem_gather_finish" + is_defined: true + symbol_type: OBJECT + crc: 0xd5cc81a5 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_oom_swapmem_gather_finish" +} +elf_symbol { + id: 0x6bc613d3 + name: "__tracepoint_android_vh_oom_swapmem_gather_init" + is_defined: true + symbol_type: OBJECT + crc: 0x90f8e792 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_oom_swapmem_gather_init" +} elf_symbol { id: 0x20d2ceb3 name: "__tracepoint_android_vh_page_add_new_anon_rmap" @@ -352148,6 +352219,33 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_sound_usb_support_cpu_suspend" } +elf_symbol { + id: 0x052557d7 + name: "__tracepoint_android_vh_swapmem_gather_add_bypass" + is_defined: true + symbol_type: OBJECT + crc: 0x234c1355 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_swapmem_gather_add_bypass" +} +elf_symbol { + id: 0x6fb8113a + name: "__tracepoint_android_vh_swapmem_gather_finish" + is_defined: true + symbol_type: OBJECT + crc: 0x5a4a8817 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_swapmem_gather_finish" +} +elf_symbol { + id: 0xab09fdb7 + name: "__tracepoint_android_vh_swapmem_gather_init" + is_defined: true + symbol_type: OBJECT + crc: 0x64be291a + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_swapmem_gather_init" +} elf_symbol { id: 0x39e68fed name: "__tracepoint_android_vh_sync_txn_recvd" @@ -414281,6 +414379,8 @@ interface { symbol_id: 0x0b2ba11b symbol_id: 0xe17999f4 symbol_id: 0x721b87b7 + symbol_id: 0x724577f8 + symbol_id: 0xac55c769 symbol_id: 0xacaadcc9 symbol_id: 0x13b0736e symbol_id: 0xc72f2012 @@ -414358,6 +414458,9 @@ interface { symbol_id: 0x0562cb47 symbol_id: 0x08f4cbb0 symbol_id: 0xbc7bbb37 + symbol_id: 0x445e3749 + symbol_id: 0x3f14ea30 + symbol_id: 0x64e397a9 symbol_id: 0x58e7556b symbol_id: 0x2ecf85e9 symbol_id: 0x34a01a22 @@ -414789,6 +414892,8 @@ interface { symbol_id: 0x68d68809 symbol_id: 0x76e879b6 symbol_id: 0xae5bbde9 + symbol_id: 0xdfe6a3ee + symbol_id: 0x6bc613d3 symbol_id: 0x20d2ceb3 symbol_id: 0xa4c454d8 symbol_id: 0x7d42b7c8 @@ -414866,6 +414971,9 @@ interface { symbol_id: 0x4a999b29 symbol_id: 0x547e3912 symbol_id: 0x4ed55b15 + symbol_id: 0x052557d7 + symbol_id: 0x6fb8113a + symbol_id: 0xab09fdb7 symbol_id: 0x39e68fed symbol_id: 0xefb9e5a3 symbol_id: 0x3fe0157c diff --git a/android/abi_gki_aarch64_vivo b/android/abi_gki_aarch64_vivo index 52f18122bd06..f98284eb252c 100644 --- a/android/abi_gki_aarch64_vivo +++ b/android/abi_gki_aarch64_vivo @@ -408,6 +408,8 @@ __traceiter_android_vh_mmap_region __traceiter_android_vh_mutex_wait_finish __traceiter_android_vh_mutex_wait_start + __traceiter_android_vh_oom_swapmem_gather_finish + __traceiter_android_vh_oom_swapmem_gather_init __traceiter_android_vh_percpu_rwsem_down_read __traceiter_android_vh_percpu_rwsem_up_write __traceiter_android_vh_printk_hotplug @@ -428,6 +430,9 @@ __traceiter_android_vh_shmem_swapin_folio __traceiter_android_vh_show_resume_epoch_val __traceiter_android_vh_show_suspend_epoch_val + __traceiter_android_vh_swapmem_gather_add_bypass + __traceiter_android_vh_swapmem_gather_finish + __traceiter_android_vh_swapmem_gather_init __traceiter_android_vh_sysrq_crash __traceiter_android_vh_timer_calc_index __traceiter_android_vh_try_to_freeze_todo @@ -513,6 +518,8 @@ __tracepoint_android_rvh_is_cpu_allowed __tracepoint_android_rvh_migrate_queued_task __tracepoint_android_rvh_new_task_stats + __tracepoint_android_vh_oom_swapmem_gather_finish + __tracepoint_android_vh_oom_swapmem_gather_init __tracepoint_android_rvh_panic_unhandled __tracepoint_android_rvh_percpu_rwsem_wait_complete __tracepoint_android_rvh_pick_next_entity @@ -546,6 +553,9 @@ __tracepoint_android_rvh_setscheduler __tracepoint_android_rvh_shmem_get_folio __tracepoint_android_rvh_show_max_freq + __tracepoint_android_vh_swapmem_gather_add_bypass + __tracepoint_android_vh_swapmem_gather_finish + __tracepoint_android_vh_swapmem_gather_init __tracepoint_android_rvh_tick_entry __tracepoint_android_rvh_try_to_wake_up __tracepoint_android_rvh_try_to_wake_up_success From c7596f093d795cb92b77e57b87cb6c31868f275b Mon Sep 17 00:00:00 2001 From: Kriti Date: Wed, 4 Sep 2024 06:02:47 +0000 Subject: [PATCH 45/87] ANDROID: gki_defconfig: Enable CONFIG_RTC_HCTOSYS for x86 Required for virtio_pvclock.ko which relies on CONFIG_PM_SLEEP and CONFIG_RTC_HCTOSYS. Previous change where the config was disabled - https://android-review.git.corp.google.com/c/kernel/common/+/2402373 Bug: 355784260 Change-Id: I929f67d6659364f895fd041484544d39705a1004 Signed-off-by: Kriti Signed-off-by: Alistair Delva --- arch/x86/configs/gki_defconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index 696d631131ab..7d5f43284a02 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -512,7 +512,6 @@ CONFIG_LEDS_TRIGGER_TIMER=y CONFIG_LEDS_TRIGGER_TRANSIENT=y CONFIG_EDAC=y CONFIG_RTC_CLASS=y -# CONFIG_RTC_HCTOSYS is not set CONFIG_DMABUF_HEAPS=y CONFIG_DMABUF_SYSFS_STATS=y CONFIG_DMABUF_HEAPS_DEFERRED_FREE=y From 822682e75de0bf86538a3427be150e2973b25c9d Mon Sep 17 00:00:00 2001 From: Vincent Donnefort Date: Fri, 6 Sep 2024 18:06:51 +0100 Subject: [PATCH 46/87] ANDROID: KVM: arm64: Fix cpu type for tracing HVCs CPU being an int, we need to check if it is negative to ensure no out-of-bounds access. Make it unsigned. Bug: 229972309 Change-Id: I987a66d83c7bf3143a6ba287e929cd52de549850 Signed-off-by: Vincent Donnefort --- arch/arm64/kvm/hyp/include/nvhe/trace.h | 8 ++++---- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 4 ++-- arch/arm64/kvm/hyp/nvhe/trace.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/nvhe/trace.h b/arch/arm64/kvm/hyp/include/nvhe/trace.h index 2aec8f755f53..399147484f84 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/trace.h +++ b/arch/arm64/kvm/hyp/include/nvhe/trace.h @@ -58,8 +58,8 @@ void *rb_reserve_trace_entry(struct hyp_rb_per_cpu *cpu_buffer, unsigned long le int __pkvm_load_tracing(unsigned long pack_va, size_t pack_size); void __pkvm_teardown_tracing(void); int __pkvm_enable_tracing(bool enable); -int __pkvm_rb_swap_reader_page(int cpu); -int __pkvm_rb_update_footers(int cpu); +int __pkvm_rb_swap_reader_page(unsigned int cpu); +int __pkvm_rb_update_footers(unsigned int cpu); int __pkvm_enable_event(unsigned short id, bool enable); #define HYP_EVENT(__name, __proto, __struct, __assign, __printk) \ @@ -94,12 +94,12 @@ static inline void __pkvm_teardown_tracing(void) { } static inline int __pkvm_enable_tracing(bool enable) { return -ENODEV; } -static inline int __pkvm_rb_swap_reader_page(int cpu) +static inline int __pkvm_rb_swap_reader_page(unsigned int cpu) { return -ENODEV; } -static inline int __pkvm_rb_update_footers(int cpu) +static inline int __pkvm_rb_update_footers(unsigned int cpu) { return -ENODEV; } diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c index 87ca8cd735ea..eec014b1b4fa 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c @@ -1241,14 +1241,14 @@ static void handle___pkvm_enable_tracing(struct kvm_cpu_context *host_ctxt) static void handle___pkvm_rb_swap_reader_page(struct kvm_cpu_context *host_ctxt) { - DECLARE_REG(int, cpu, host_ctxt, 1); + DECLARE_REG(unsigned int, cpu, host_ctxt, 1); cpu_reg(host_ctxt, 1) = __pkvm_rb_swap_reader_page(cpu); } static void handle___pkvm_rb_update_footers(struct kvm_cpu_context *host_ctxt) { - DECLARE_REG(int, cpu, host_ctxt, 1); + DECLARE_REG(unsigned int, cpu, host_ctxt, 1); cpu_reg(host_ctxt, 1) = __pkvm_rb_update_footers(cpu); } diff --git a/arch/arm64/kvm/hyp/nvhe/trace.c b/arch/arm64/kvm/hyp/nvhe/trace.c index 6f796ec7b826..20e011a8785d 100644 --- a/arch/arm64/kvm/hyp/nvhe/trace.c +++ b/arch/arm64/kvm/hyp/nvhe/trace.c @@ -485,7 +485,7 @@ static void rb_teardown_bpage_backing(void) hyp_buffer_pages_backing.size = 0; } -int __pkvm_rb_update_footers(int cpu) +int __pkvm_rb_update_footers(unsigned int cpu) { struct hyp_rb_per_cpu *cpu_buffer; int ret = 0; @@ -508,9 +508,9 @@ int __pkvm_rb_update_footers(int cpu) return ret; } -int __pkvm_rb_swap_reader_page(int cpu) +int __pkvm_rb_swap_reader_page(unsigned int cpu) { - struct hyp_rb_per_cpu *cpu_buffer = per_cpu_ptr(&trace_rb, cpu); + struct hyp_rb_per_cpu *cpu_buffer; int ret = 0; if (cpu >= hyp_nr_cpus) From eda0570485604e287f75b9ffe9a95baaced776b8 Mon Sep 17 00:00:00 2001 From: Yu-Ting Tseng Date: Tue, 9 Jul 2024 00:00:47 -0700 Subject: [PATCH 47/87] BACKPORT: FROMGIT: binder: frozen notification Frozen processes present a significant challenge in binder transactions. When a process is frozen, it cannot, by design, accept and/or respond to binder transactions. As a result, the sender needs to adjust its behavior, such as postponing transactions until the peer process unfreezes. However, there is currently no way to subscribe to these state change events, making it impossible to implement frozen-aware behaviors efficiently. Introduce a binder API for subscribing to frozen state change events. This allows programs to react to changes in peer process state, mitigating issues related to binder transactions sent to frozen processes. Implementation details: For a given binder_ref, the state of frozen notification can be one of the followings: 1. Userspace doesn't want a notification. binder_ref->freeze is null. 2. Userspace wants a notification but none is in flight. list_empty(&binder_ref->freeze->work.entry) = true 3. A notification is in flight and waiting to be read by userspace. binder_ref_freeze.sent is false. 4. A notification was read by userspace and kernel is waiting for an ack. binder_ref_freeze.sent is true. When a notification is in flight, new state change events are coalesced into the existing binder_ref_freeze struct. If userspace hasn't picked up the notification yet, the driver simply rewrites the state. Otherwise, the notification is flagged as requiring a resend, which will be performed once userspace acks the original notification that's inflight. See https://r.android.com/3070045 for how userspace is going to use this feature. Signed-off-by: Yu-Ting Tseng Acked-by: Carlos Llamas Link: https://lore.kernel.org/r/20240709070047.4055369-4-yutingtseng@google.com Signed-off-by: Greg Kroah-Hartman Bug: 363013421 (cherry picked from commit d579b04a52a183db47dfcb7a44304d7747d551e1 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: I5dd32abba932ca7d03ae58660143e075ed778b81 [cmllamas: fix merge conflicts due to missing 0567461a7a6e] Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 283 +++++++++++++++++++++++++++- drivers/android/binder_internal.h | 21 ++- include/uapi/linux/android/binder.h | 36 ++++ 3 files changed, 337 insertions(+), 3 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 2ad57d5d98c1..eb803ae9462a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1550,6 +1550,7 @@ static void binder_free_ref(struct binder_ref *ref) if (ref->node) binder_free_node(ref->node); kfree(ref->death); + kfree(ref->freeze); kfree(ref); } @@ -4070,6 +4071,155 @@ err_invalid_target_handle: } } +static int +binder_request_freeze_notification(struct binder_proc *proc, + struct binder_thread *thread, + struct binder_handle_cookie *handle_cookie) +{ + struct binder_ref_freeze *freeze; + struct binder_ref *ref; + bool is_frozen; + + freeze = kzalloc(sizeof(*freeze), GFP_KERNEL); + if (!freeze) + return -ENOMEM; + binder_proc_lock(proc); + ref = binder_get_ref_olocked(proc, handle_cookie->handle, false); + if (!ref) { + binder_user_error("%d:%d BC_REQUEST_FREEZE_NOTIFICATION invalid ref %d\n", + proc->pid, thread->pid, handle_cookie->handle); + binder_proc_unlock(proc); + kfree(freeze); + return -EINVAL; + } + + binder_node_lock(ref->node); + + if (ref->freeze || !ref->node->proc) { + binder_user_error("%d:%d invalid BC_REQUEST_FREEZE_NOTIFICATION %s\n", + proc->pid, thread->pid, + ref->freeze ? "already set" : "dead node"); + binder_node_unlock(ref->node); + binder_proc_unlock(proc); + kfree(freeze); + return -EINVAL; + } + binder_inner_proc_lock(ref->node->proc); + is_frozen = ref->node->proc->is_frozen; + binder_inner_proc_unlock(ref->node->proc); + + binder_stats_created(BINDER_STAT_FREEZE); + INIT_LIST_HEAD(&freeze->work.entry); + freeze->cookie = handle_cookie->cookie; + freeze->work.type = BINDER_WORK_FROZEN_BINDER; + freeze->is_frozen = is_frozen; + + ref->freeze = freeze; + + binder_inner_proc_lock(proc); + binder_enqueue_work_ilocked(&ref->freeze->work, &proc->todo); + binder_wakeup_proc_ilocked(proc); + binder_inner_proc_unlock(proc); + + binder_node_unlock(ref->node); + binder_proc_unlock(proc); + return 0; +} + +static int +binder_clear_freeze_notification(struct binder_proc *proc, + struct binder_thread *thread, + struct binder_handle_cookie *handle_cookie) +{ + struct binder_ref_freeze *freeze; + struct binder_ref *ref; + + binder_proc_lock(proc); + ref = binder_get_ref_olocked(proc, handle_cookie->handle, false); + if (!ref) { + binder_user_error("%d:%d BC_CLEAR_FREEZE_NOTIFICATION invalid ref %d\n", + proc->pid, thread->pid, handle_cookie->handle); + binder_proc_unlock(proc); + return -EINVAL; + } + + binder_node_lock(ref->node); + + if (!ref->freeze) { + binder_user_error("%d:%d BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active\n", + proc->pid, thread->pid); + binder_node_unlock(ref->node); + binder_proc_unlock(proc); + return -EINVAL; + } + freeze = ref->freeze; + binder_inner_proc_lock(proc); + if (freeze->cookie != handle_cookie->cookie) { + binder_user_error("%d:%d BC_CLEAR_FREEZE_NOTIFICATION freeze notification cookie mismatch %016llx != %016llx\n", + proc->pid, thread->pid, (u64)freeze->cookie, + (u64)handle_cookie->cookie); + binder_inner_proc_unlock(proc); + binder_node_unlock(ref->node); + binder_proc_unlock(proc); + return -EINVAL; + } + ref->freeze = NULL; + /* + * Take the existing freeze object and overwrite its work type. There are three cases here: + * 1. No pending notification. In this case just add the work to the queue. + * 2. A notification was sent and is pending an ack from userspace. Once an ack arrives, we + * should resend with the new work type. + * 3. A notification is pending to be sent. Since the work is already in the queue, nothing + * needs to be done here. + */ + freeze->work.type = BINDER_WORK_CLEAR_FREEZE_NOTIFICATION; + if (list_empty(&freeze->work.entry)) { + binder_enqueue_work_ilocked(&freeze->work, &proc->todo); + binder_wakeup_proc_ilocked(proc); + } else if (freeze->sent) { + freeze->resend = true; + } + binder_inner_proc_unlock(proc); + binder_node_unlock(ref->node); + binder_proc_unlock(proc); + return 0; +} + +static int +binder_freeze_notification_done(struct binder_proc *proc, + struct binder_thread *thread, + binder_uintptr_t cookie) +{ + struct binder_ref_freeze *freeze = NULL; + struct binder_work *w; + + binder_inner_proc_lock(proc); + list_for_each_entry(w, &proc->delivered_freeze, entry) { + struct binder_ref_freeze *tmp_freeze = + container_of(w, struct binder_ref_freeze, work); + + if (tmp_freeze->cookie == cookie) { + freeze = tmp_freeze; + break; + } + } + if (!freeze) { + binder_user_error("%d:%d BC_FREEZE_NOTIFICATION_DONE %016llx not found\n", + proc->pid, thread->pid, (u64)cookie); + binder_inner_proc_unlock(proc); + return -EINVAL; + } + binder_dequeue_work_ilocked(&freeze->work); + freeze->sent = false; + if (freeze->resend) { + freeze->resend = false; + binder_enqueue_work_ilocked(&freeze->work, &proc->todo); + binder_wakeup_proc_ilocked(proc); + } + binder_inner_proc_unlock(proc); + return 0; +} + /** * binder_free_buf() - free the specified buffer * @proc: binder proc that owns buffer @@ -4564,6 +4714,44 @@ static int binder_thread_write(struct binder_proc *proc, binder_inner_proc_unlock(proc); } break; + case BC_REQUEST_FREEZE_NOTIFICATION: { + struct binder_handle_cookie handle_cookie; + int error; + + if (copy_from_user(&handle_cookie, ptr, sizeof(handle_cookie))) + return -EFAULT; + ptr += sizeof(handle_cookie); + error = binder_request_freeze_notification(proc, thread, + &handle_cookie); + if (error) + return error; + } break; + + case BC_CLEAR_FREEZE_NOTIFICATION: { + struct binder_handle_cookie handle_cookie; + int error; + + if (copy_from_user(&handle_cookie, ptr, sizeof(handle_cookie))) + return -EFAULT; + ptr += sizeof(handle_cookie); + error = binder_clear_freeze_notification(proc, thread, &handle_cookie); + if (error) + return error; + } break; + + case BC_FREEZE_NOTIFICATION_DONE: { + binder_uintptr_t cookie; + int error; + + if (get_user(cookie, (binder_uintptr_t __user *)ptr)) + return -EFAULT; + + ptr += sizeof(cookie); + error = binder_freeze_notification_done(proc, thread, cookie); + if (error) + return error; + } break; + default: pr_err("%d:%d unknown command %u\n", proc->pid, thread->pid, cmd); @@ -4965,6 +5153,46 @@ skip: if (cmd == BR_DEAD_BINDER) goto done; /* DEAD_BINDER notifications can cause transactions */ } break; + + case BINDER_WORK_FROZEN_BINDER: { + struct binder_ref_freeze *freeze; + struct binder_frozen_state_info info; + + memset(&info, 0, sizeof(info)); + freeze = container_of(w, struct binder_ref_freeze, work); + info.is_frozen = freeze->is_frozen; + info.cookie = freeze->cookie; + freeze->sent = true; + binder_enqueue_work_ilocked(w, &proc->delivered_freeze); + binder_inner_proc_unlock(proc); + + if (put_user(BR_FROZEN_BINDER, (uint32_t __user *)ptr)) + return -EFAULT; + ptr += sizeof(uint32_t); + if (copy_to_user(ptr, &info, sizeof(info))) + return -EFAULT; + ptr += sizeof(info); + binder_stat_br(proc, thread, BR_FROZEN_BINDER); + goto done; /* BR_FROZEN_BINDER notifications can cause transactions */ + } break; + + case BINDER_WORK_CLEAR_FREEZE_NOTIFICATION: { + struct binder_ref_freeze *freeze = + container_of(w, struct binder_ref_freeze, work); + binder_uintptr_t cookie = freeze->cookie; + + binder_inner_proc_unlock(proc); + kfree(freeze); + binder_stats_deleted(BINDER_STAT_FREEZE); + if (put_user(BR_CLEAR_FREEZE_NOTIFICATION_DONE, (uint32_t __user *)ptr)) + return -EFAULT; + ptr += sizeof(uint32_t); + if (put_user(cookie, (binder_uintptr_t __user *)ptr)) + return -EFAULT; + ptr += sizeof(binder_uintptr_t); + binder_stat_br(proc, thread, BR_CLEAR_FREEZE_NOTIFICATION_DONE); + } break; + default: binder_inner_proc_unlock(proc); pr_err("%d:%d: bad work type %d\n", @@ -5585,6 +5813,48 @@ static bool binder_txns_pending_ilocked(struct binder_proc *proc) return false; } +static void binder_add_freeze_work(struct binder_proc *proc, bool is_frozen) +{ + struct rb_node *n; + struct binder_ref *ref; + + binder_inner_proc_lock(proc); + for (n = rb_first(&proc->nodes); n; n = rb_next(n)) { + struct binder_node *node; + + node = rb_entry(n, struct binder_node, rb_node); + binder_inner_proc_unlock(proc); + binder_node_lock(node); + hlist_for_each_entry(ref, &node->refs, node_entry) { + /* + * Need the node lock to synchronize + * with new notification requests and the + * inner lock to synchronize with queued + * freeze notifications. + */ + binder_inner_proc_lock(ref->proc); + if (!ref->freeze) { + binder_inner_proc_unlock(ref->proc); + continue; + } + ref->freeze->work.type = BINDER_WORK_FROZEN_BINDER; + if (list_empty(&ref->freeze->work.entry)) { + ref->freeze->is_frozen = is_frozen; + binder_enqueue_work_ilocked(&ref->freeze->work, &ref->proc->todo); + binder_wakeup_proc_ilocked(ref->proc); + } else { + if (ref->freeze->sent && ref->freeze->is_frozen != is_frozen) + ref->freeze->resend = true; + ref->freeze->is_frozen = is_frozen; + } + binder_inner_proc_unlock(ref->proc); + } + binder_node_unlock(node); + binder_inner_proc_lock(proc); + } + binder_inner_proc_unlock(proc); +} + static int binder_ioctl_freeze(struct binder_freeze_info *info, struct binder_proc *target_proc) { @@ -5596,6 +5866,7 @@ static int binder_ioctl_freeze(struct binder_freeze_info *info, target_proc->async_recv = false; target_proc->is_frozen = false; binder_inner_proc_unlock(target_proc); + binder_add_freeze_work(target_proc, false); return 0; } @@ -5628,6 +5899,8 @@ static int binder_ioctl_freeze(struct binder_freeze_info *info, binder_inner_proc_lock(target_proc); target_proc->is_frozen = false; binder_inner_proc_unlock(target_proc); + } else { + binder_add_freeze_work(target_proc, true); } return ret; @@ -6018,6 +6291,7 @@ static int binder_open(struct inode *nodp, struct file *filp) binder_stats_created(BINDER_STAT_PROC); proc->pid = current->group_leader->pid; INIT_LIST_HEAD(&proc->delivered_death); + INIT_LIST_HEAD(&proc->delivered_freeze); INIT_LIST_HEAD(&proc->waiting_threads); filp->private_data = proc; @@ -6573,6 +6847,9 @@ static const char * const binder_return_strings[] = { "BR_FAILED_REPLY", "BR_FROZEN_REPLY", "BR_ONEWAY_SPAM_SUSPECT", + "UNSUPPORTED", + "BR_FROZEN_BINDER", + "BR_CLEAR_FREEZE_NOTIFICATION_DONE", }; static const char * const binder_command_strings[] = { @@ -6595,6 +6872,9 @@ static const char * const binder_command_strings[] = { "BC_DEAD_BINDER_DONE", "BC_TRANSACTION_SG", "BC_REPLY_SG", + "BC_REQUEST_FREEZE_NOTIFICATION", + "BC_CLEAR_FREEZE_NOTIFICATION", + "BC_FREEZE_NOTIFICATION_DONE", }; static const char * const binder_objstat_strings[] = { @@ -6604,7 +6884,8 @@ static const char * const binder_objstat_strings[] = { "ref", "death", "transaction", - "transaction_complete" + "transaction_complete", + "freeze", }; static void print_binder_stats(struct seq_file *m, const char *prefix, diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 2e0f6c13aeee..020fb279dcb5 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -130,12 +130,13 @@ enum binder_stat_types { BINDER_STAT_DEATH, BINDER_STAT_TRANSACTION, BINDER_STAT_TRANSACTION_COMPLETE, + BINDER_STAT_FREEZE, BINDER_STAT_COUNT }; struct binder_stats { - atomic_t br[_IOC_NR(BR_ONEWAY_SPAM_SUSPECT) + 1]; - atomic_t bc[_IOC_NR(BC_REPLY_SG) + 1]; + atomic_t br[_IOC_NR(BR_CLEAR_FREEZE_NOTIFICATION_DONE) + 1]; + atomic_t bc[_IOC_NR(BC_FREEZE_NOTIFICATION_DONE) + 1]; atomic_t obj_created[BINDER_STAT_COUNT]; atomic_t obj_deleted[BINDER_STAT_COUNT]; }; @@ -159,6 +160,8 @@ struct binder_work { BINDER_WORK_DEAD_BINDER, BINDER_WORK_DEAD_BINDER_AND_CLEAR, BINDER_WORK_CLEAR_DEATH_NOTIFICATION, + BINDER_WORK_FROZEN_BINDER, + BINDER_WORK_CLEAR_FREEZE_NOTIFICATION, } type; }; @@ -280,6 +283,14 @@ struct binder_ref_death { binder_uintptr_t cookie; }; +struct binder_ref_freeze { + struct binder_work work; + binder_uintptr_t cookie; + bool is_frozen:1; + bool sent:1; + bool resend:1; +}; + /** * struct binder_ref_data - binder_ref counts and id * @debug_id: unique ID for the ref @@ -312,6 +323,8 @@ struct binder_ref_data { * @node indicates the node must be freed * @death: pointer to death notification (ref_death) if requested * (protected by @node->lock) + * @freeze: pointer to freeze notification (ref_freeze) if requested + * (protected by @node->lock) * * Structure to track references from procA to target node (on procB). This * structure is unsafe to access without holding @proc->outer_lock. @@ -328,6 +341,7 @@ struct binder_ref { struct binder_proc *proc; struct binder_node *node; struct binder_ref_death *death; + struct binder_ref_freeze *freeze; }; /** @@ -401,6 +415,8 @@ enum binder_prio_state { * (atomics, no lock needed) * @delivered_death: list of delivered death notification * (protected by @inner_lock) + * @delivered_freeze: list of delivered freeze notification + * (protected by @inner_lock) * @max_threads: cap on number of binder threads * (protected by @inner_lock) * @requested_threads: number of binder threads requested but not @@ -447,6 +463,7 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; + struct list_head delivered_freeze; int max_threads; int requested_threads; int requested_threads_started; diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h index 7fa36a8ad30d..f9c33731af86 100644 --- a/include/uapi/linux/android/binder.h +++ b/include/uapi/linux/android/binder.h @@ -284,6 +284,12 @@ struct binder_frozen_status_info { __u32 async_recv; }; +struct binder_frozen_state_info { + binder_uintptr_t cookie; + __u32 is_frozen; + __u32 reserved; +}; + /* struct binder_extened_error - extended error information * @id: identifier for the failed operation * @command: command as defined by binder_driver_return_protocol @@ -508,6 +514,17 @@ enum binder_driver_return_protocol { * asynchronous transaction makes the allocated async buffer size exceed * detection threshold. No parameters. */ + + BR_FROZEN_BINDER = _IOR('r', 21, struct binder_frozen_state_info), + /* + * The cookie and a boolean (is_frozen) that indicates whether the process + * transitioned into a frozen or an unfrozen state. + */ + + BR_CLEAR_FREEZE_NOTIFICATION_DONE = _IOR('r', 22, binder_uintptr_t), + /* + * void *: cookie + */ }; enum binder_driver_command_protocol { @@ -591,6 +608,25 @@ enum binder_driver_command_protocol { /* * binder_transaction_data_sg: the sent command. */ + + BC_REQUEST_FREEZE_NOTIFICATION = + _IOW('c', 19, struct binder_handle_cookie), + /* + * int: handle + * void *: cookie + */ + + BC_CLEAR_FREEZE_NOTIFICATION = _IOW('c', 20, + struct binder_handle_cookie), + /* + * int: handle + * void *: cookie + */ + + BC_FREEZE_NOTIFICATION_DONE = _IOW('c', 21, binder_uintptr_t), + /* + * void *: cookie + */ }; #endif /* _UAPI_LINUX_BINDER_H */ From 2f43c68d05913871ada85cec87760bc1049cdfbb Mon Sep 17 00:00:00 2001 From: Yu-Ting Tseng Date: Tue, 9 Jul 2024 00:00:49 -0700 Subject: [PATCH 48/87] FROMGIT: binder: frozen notification binder_features flag Add a flag to binder_features to indicate that the freeze notification feature is available. Signed-off-by: Yu-Ting Tseng Acked-by: Carlos Llamas Link: https://lore.kernel.org/r/20240709070047.4055369-6-yutingtseng@google.com Signed-off-by: Greg Kroah-Hartman Bug: 363013421 (cherry picked from commit 30b968b002a92870325a5c9d1ce78eba0ce386e7 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: Ic26c8ae42d27c6fd8f5daed5eecabd1652e29502 Signed-off-by: Carlos Llamas --- drivers/android/binderfs.c | 8 ++++++++ .../selftests/filesystems/binderfs/binderfs_test.c | 1 + 2 files changed, 9 insertions(+) diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index 09b2ce7e4c34..aa5f37845501 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c @@ -60,6 +60,7 @@ enum binderfs_stats_mode { struct binder_features { bool oneway_spam_detection; bool extended_error; + bool freeze_notification; }; static const struct constant_table binderfs_param_stats[] = { @@ -76,6 +77,7 @@ static const struct fs_parameter_spec binderfs_fs_parameters[] = { static struct binder_features binder_features = { .oneway_spam_detection = true, .extended_error = true, + .freeze_notification = true, }; static inline struct binderfs_info *BINDERFS_SB(const struct super_block *sb) @@ -610,6 +612,12 @@ static int init_binder_features(struct super_block *sb) if (IS_ERR(dentry)) return PTR_ERR(dentry); + dentry = binderfs_create_file(dir, "freeze_notification", + &binder_features_fops, + &binder_features.freeze_notification); + if (IS_ERR(dentry)) + return PTR_ERR(dentry); + return 0; } diff --git a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c b/tools/testing/selftests/filesystems/binderfs/binderfs_test.c index 5f362c0fd890..319567f0fae1 100644 --- a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c +++ b/tools/testing/selftests/filesystems/binderfs/binderfs_test.c @@ -65,6 +65,7 @@ static int __do_binderfs_test(struct __test_metadata *_metadata) static const char * const binder_features[] = { "oneway_spam_detection", "extended_error", + "freeze_notification", }; change_mountns(_metadata); From 27310ed6b67751d0ef91f3a1d5b4fa1c211d4924 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Thu, 29 Aug 2024 18:18:15 +0000 Subject: [PATCH 49/87] ANDROID: binder: fix KMI issues due to frozen notification The patches to support binder's frozen notification feature break the KMI. This change fixes such issues by (1) moving proc->delivered_freeze into the existing proc_wrapper struction, (2) dropping the frozen stats support and (3) amending the STG due to a harmless enum binder_work_type addition. These are the reported KMI issues fixed by this patch: function symbol 'int __traceiter_binder_transaction_received(void*, struct binder_transaction*)' changed CRC changed from 0x74e9c98b to 0xfe0f8640 type 'struct binder_proc' changed byte size changed from 584 to 632 member 'struct list_head delivered_death' changed offset changed by 256 member 'struct list_head delivered_freeze' was added 13 members ('u32 max_threads' .. 'u64 android_oem_data1') changed offset changed by 384 type 'struct binder_thread' changed byte size changed from 464 to 496 2 members ('atomic_t tmp_ref' .. 'bool is_dead') changed offset changed by 224 4 members ('struct task_struct* task' .. 'enum binder_prio_state prio_state') changed offset changed by 256 type 'struct binder_stats' changed byte size changed from 216 to 244 member changed from 'atomic_t br[21]' to 'atomic_t br[23]' type changed from 'atomic_t[21]' to 'atomic_t[23]' number of elements changed from 21 to 23 member changed from 'atomic_t bc[19]' to 'atomic_t bc[22]' offset changed from 672 to 736 type changed from 'atomic_t[19]' to 'atomic_t[22]' number of elements changed from 19 to 22 member changed from 'atomic_t obj_created[7]' to 'atomic_t obj_created[8]' offset changed from 1280 to 1440 type changed from 'atomic_t[7]' to 'atomic_t[8]' number of elements changed from 7 to 8 member changed from 'atomic_t obj_deleted[7]' to 'atomic_t obj_deleted[8]' offset changed from 1504 to 1696 type changed from 'atomic_t[7]' to 'atomic_t[8]' number of elements changed from 7 to 8 type 'enum binder_work_type' changed enumerator 'BINDER_WORK_FROZEN_BINDER' (10) was added enumerator 'BINDER_WORK_CLEAR_FREEZE_NOTIFICATION' (11) was added Bug: 363013421 Change-Id: If9f1f14a2eda215a4c9cb0823c50c8e0e8079ef1 Signed-off-by: Carlos Llamas --- android/abi_gki_aarch64.stg | 8 ++++++++ drivers/android/binder.c | 15 +++------------ drivers/android/binder_internal.h | 13 +++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index deccb40a118d..a4ed9bafd5ae 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -277331,6 +277331,14 @@ enumeration { name: "BINDER_WORK_CLEAR_DEATH_NOTIFICATION" value: 8 } + enumerator { + name: "BINDER_WORK_FROZEN_BINDER" + value: 9 + } + enumerator { + name: "BINDER_WORK_CLEAR_FREEZE_NOTIFICATION" + value: 10 + } } } enumeration { diff --git a/drivers/android/binder.c b/drivers/android/binder.c index eb803ae9462a..5b2e9c8aa8fb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -4108,7 +4108,6 @@ binder_request_freeze_notification(struct binder_proc *proc, is_frozen = ref->node->proc->is_frozen; binder_inner_proc_unlock(ref->node->proc); - binder_stats_created(BINDER_STAT_FREEZE); INIT_LIST_HEAD(&freeze->work.entry); freeze->cookie = handle_cookie->cookie; freeze->work.type = BINDER_WORK_FROZEN_BINDER; @@ -4194,7 +4193,7 @@ binder_freeze_notification_done(struct binder_proc *proc, struct binder_work *w; binder_inner_proc_lock(proc); - list_for_each_entry(w, &proc->delivered_freeze, entry) { + list_for_each_entry(w, &proc_wrapper(proc)->delivered_freeze, entry) { struct binder_ref_freeze *tmp_freeze = container_of(w, struct binder_ref_freeze, work); @@ -5163,7 +5162,7 @@ skip: info.is_frozen = freeze->is_frozen; info.cookie = freeze->cookie; freeze->sent = true; - binder_enqueue_work_ilocked(w, &proc->delivered_freeze); + binder_enqueue_work_ilocked(w, &proc_wrapper(proc)->delivered_freeze); binder_inner_proc_unlock(proc); if (put_user(BR_FROZEN_BINDER, (uint32_t __user *)ptr)) @@ -5183,7 +5182,6 @@ skip: binder_inner_proc_unlock(proc); kfree(freeze); - binder_stats_deleted(BINDER_STAT_FREEZE); if (put_user(BR_CLEAR_FREEZE_NOTIFICATION_DONE, (uint32_t __user *)ptr)) return -EFAULT; ptr += sizeof(uint32_t); @@ -6291,7 +6289,7 @@ static int binder_open(struct inode *nodp, struct file *filp) binder_stats_created(BINDER_STAT_PROC); proc->pid = current->group_leader->pid; INIT_LIST_HEAD(&proc->delivered_death); - INIT_LIST_HEAD(&proc->delivered_freeze); + INIT_LIST_HEAD(&proc_wrapper(proc)->delivered_freeze); INIT_LIST_HEAD(&proc->waiting_threads); filp->private_data = proc; @@ -6847,9 +6845,6 @@ static const char * const binder_return_strings[] = { "BR_FAILED_REPLY", "BR_FROZEN_REPLY", "BR_ONEWAY_SPAM_SUSPECT", - "UNSUPPORTED", - "BR_FROZEN_BINDER", - "BR_CLEAR_FREEZE_NOTIFICATION_DONE", }; static const char * const binder_command_strings[] = { @@ -6872,9 +6867,6 @@ static const char * const binder_command_strings[] = { "BC_DEAD_BINDER_DONE", "BC_TRANSACTION_SG", "BC_REPLY_SG", - "BC_REQUEST_FREEZE_NOTIFICATION", - "BC_CLEAR_FREEZE_NOTIFICATION", - "BC_FREEZE_NOTIFICATION_DONE", }; static const char * const binder_objstat_strings[] = { @@ -6885,7 +6877,6 @@ static const char * const binder_objstat_strings[] = { "death", "transaction", "transaction_complete", - "freeze", }; static void print_binder_stats(struct seq_file *m, const char *prefix, diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 020fb279dcb5..06ac60a7c6dc 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -130,13 +130,12 @@ enum binder_stat_types { BINDER_STAT_DEATH, BINDER_STAT_TRANSACTION, BINDER_STAT_TRANSACTION_COMPLETE, - BINDER_STAT_FREEZE, BINDER_STAT_COUNT }; struct binder_stats { - atomic_t br[_IOC_NR(BR_CLEAR_FREEZE_NOTIFICATION_DONE) + 1]; - atomic_t bc[_IOC_NR(BC_FREEZE_NOTIFICATION_DONE) + 1]; + atomic_t br[_IOC_NR(BR_ONEWAY_SPAM_SUSPECT) + 1]; + atomic_t bc[_IOC_NR(BC_REPLY_SG) + 1]; atomic_t obj_created[BINDER_STAT_COUNT]; atomic_t obj_deleted[BINDER_STAT_COUNT]; }; @@ -160,8 +159,10 @@ struct binder_work { BINDER_WORK_DEAD_BINDER, BINDER_WORK_DEAD_BINDER_AND_CLEAR, BINDER_WORK_CLEAR_DEATH_NOTIFICATION, +#ifndef __GENKSYMS__ BINDER_WORK_FROZEN_BINDER, BINDER_WORK_CLEAR_FREEZE_NOTIFICATION, +#endif } type; }; @@ -415,8 +416,6 @@ enum binder_prio_state { * (atomics, no lock needed) * @delivered_death: list of delivered death notification * (protected by @inner_lock) - * @delivered_freeze: list of delivered freeze notification - * (protected by @inner_lock) * @max_threads: cap on number of binder threads * (protected by @inner_lock) * @requested_threads: number of binder threads requested but not @@ -463,7 +462,6 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; - struct list_head delivered_freeze; int max_threads; int requested_threads; int requested_threads_started; @@ -484,11 +482,14 @@ struct binder_proc { * @dmap: dbitmap to manage available reference descriptors * (protected by @proc.outer_lock) * @lock: protects @proc->alloc fields + * @delivered_freeze: list of delivered freeze notification + * (protected by @inner_lock) */ struct binder_proc_wrap { struct binder_proc proc; struct dbitmap dmap; spinlock_t lock; + struct list_head delivered_freeze; }; static inline From 04212acc42d4c69bf3dd93f5342b040d7a2eb741 Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Mon, 9 Sep 2024 16:32:18 +0800 Subject: [PATCH 50/87] ANDROID: GKI: Add initial symbol list for honor Add symbol list for unisoc in android/abi_gki_aarch64_honor Bug: 332656187 Change-Id: Idaac6034d436d888d1cd61adc926f7eaca2eb51e Signed-off-by: jiangxinpei (cherry picked from commit 8d957bd1cdfc8e9de23e15b0ba3ef4d431e99aeb) --- android/abi_gki_aarch64.stg | 75 +++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_honor | 13 ++++++ 2 files changed, 88 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index a4ed9bafd5ae..64a54cb63a1b 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -288395,6 +288395,20 @@ enumeration { } } } +enumeration { + id: 0x33865753 + name: "profile_type" + definition { + underlying_type_id: 0x4585663f + enumerator { + name: "PROFILE_TASK_EXIT" + } + enumerator { + name: "PROFILE_MUNMAP" + value: 1 + } + } +} enumeration { id: 0x504235bb name: "psi_states" @@ -305877,6 +305891,11 @@ function { parameter_id: 0x18ea6ae3 parameter_id: 0x2ed8b8f9 } +function { + id: 0x229f1818 + return_type_id: 0x106029c6 + parameter_id: 0x18ea6ae3 +} function { id: 0x22a7ae7f return_type_id: 0x2b8f13b3 @@ -313194,6 +313213,12 @@ function { parameter_id: 0xf435685e parameter_id: 0x0ab1f084 } +function { + id: 0x910fac6a + return_type_id: 0x6720d32f + parameter_id: 0x33865753 + parameter_id: 0x1bb6a471 +} function { id: 0x910fbd4c return_type_id: 0x6720d32f @@ -370498,6 +370523,15 @@ elf_symbol { type_id: 0x167935b9 full_name: "drop_nlink" } +elf_symbol { + id: 0x367672f6 + name: "drop_super" + is_defined: true + symbol_type: FUNCTION + crc: 0xa2b9262b + type_id: 0x1923cb99 + full_name: "drop_super" +} elf_symbol { id: 0xe2b96ffd name: "dst_cache_destroy" @@ -392047,6 +392081,24 @@ elf_symbol { type_id: 0x3962f9e8 full_name: "proc_symlink" } +elf_symbol { + id: 0x34a73ce1 + name: "profile_event_register" + is_defined: true + symbol_type: FUNCTION + crc: 0xa389a49a + type_id: 0x910fac6a + full_name: "profile_event_register" +} +elf_symbol { + id: 0xedc563f7 + name: "profile_event_unregister" + is_defined: true + symbol_type: FUNCTION + crc: 0xdd391eff + type_id: 0x910fac6a + full_name: "profile_event_unregister" +} elf_symbol { id: 0x2197c0b9 name: "proto_register" @@ -401318,6 +401370,15 @@ elf_symbol { type_id: 0x11cb8bd5 full_name: "sock_efree" } +elf_symbol { + id: 0xd661cceb + name: "sock_from_file" + is_defined: true + symbol_type: FUNCTION + crc: 0x541bec09 + type_id: 0x229f1818 + full_name: "sock_from_file" +} elf_symbol { id: 0x4ece0732 name: "sock_gen_put" @@ -403652,6 +403713,15 @@ elf_symbol { type_id: 0x17c95d08 full_name: "tcp_sock_set_nodelay" } +elf_symbol { + id: 0xef808179 + name: "tcp_sync_mss" + is_defined: true + symbol_type: FUNCTION + crc: 0xca5e7028 + type_id: 0xcaae52cc + full_name: "tcp_sync_mss" +} elf_symbol { id: 0xefab10bf name: "tcp_unregister_congestion_control" @@ -417008,6 +417078,7 @@ interface { symbol_id: 0x1f1ab070 symbol_id: 0x66dcfd31 symbol_id: 0x4dae13e9 + symbol_id: 0x367672f6 symbol_id: 0xe2b96ffd symbol_id: 0x126bb89f symbol_id: 0x2e0e7810 @@ -419402,6 +419473,8 @@ interface { symbol_id: 0x1561afad symbol_id: 0x7ba3baed symbol_id: 0xceb41cae + symbol_id: 0x34a73ce1 + symbol_id: 0xedc563f7 symbol_id: 0x2197c0b9 symbol_id: 0x830bfa0f symbol_id: 0x5a85390c @@ -420432,6 +420505,7 @@ interface { symbol_id: 0x5ca98337 symbol_id: 0xbcf8b9bf symbol_id: 0x83497546 + symbol_id: 0xd661cceb symbol_id: 0x4ece0732 symbol_id: 0x284bec0f symbol_id: 0xb2cef8e2 @@ -420692,6 +420766,7 @@ interface { symbol_id: 0xe6a46ba8 symbol_id: 0xb56d0844 symbol_id: 0x51ff5f80 + symbol_id: 0xef808179 symbol_id: 0xefab10bf symbol_id: 0x857e5dc9 symbol_id: 0x85459353 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index ffc84d30e5eb..b00814ae4bc7 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -17,3 +17,16 @@ __traceiter_android_vh_modify_scan_control __traceiter_android_vh_should_continue_reclaim __traceiter_android_vh_tune_fault_around_bytes + kfree + __kmalloc + mod_node_page_state + page_cache_sync_ra + proc_create + profile_event_register + profile_event_unregister + drop_super + si_swapinfo + single_open + sock_from_file + task_cputime_adjusted + tcp_sync_mss From a752cdd96f470f62fa0e8d8c2623ab6c146b2612 Mon Sep 17 00:00:00 2001 From: Justin Chen Date: Mon, 21 Aug 2023 11:52:51 -0700 Subject: [PATCH 51/87] BACKPORT: serial: 8250_bcm7271: improve bcm7271 8250 port The 8250 BCM7271 UART is not a direct match to PORT_16550A and other generic ports do not match its hardware capabilities. PORT_ALTR matches the rx trigger levels, but its vendor configurations are not compatible. Unfortunately this means we need to create another port to fully capture the hardware capabilities of the BCM7271 UART. To alleviate some latency pressures, we default the rx trigger level to 8. Bug: 365149220 Change-Id: I41005a210439a3a54a9af16a96583662dc8d786d Signed-off-by: Justin Chen Reviewed-by: Florian Fainelli Acked-by: Doug Berger Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/1692643978-16570-1-git-send-email-justin.chen@broadcom.com Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 42a569cd0d774fd575395a84481f87a1aaa530df) Signed-off-by: Danesh Petigara --- drivers/tty/serial/8250/8250_bcm7271.c | 4 +--- drivers/tty/serial/8250/8250_port.c | 8 ++++++++ include/uapi/linux/serial_core.h | 3 +++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/8250/8250_bcm7271.c b/drivers/tty/serial/8250/8250_bcm7271.c index a28f115f6194..e011510737d7 100644 --- a/drivers/tty/serial/8250/8250_bcm7271.c +++ b/drivers/tty/serial/8250/8250_bcm7271.c @@ -1059,7 +1059,7 @@ static int brcmuart_probe(struct platform_device *pdev) dev_dbg(dev, "DMA is %senabled\n", priv->dma_enabled ? "" : "not "); memset(&up, 0, sizeof(up)); - up.port.type = PORT_16550A; + up.port.type = PORT_BCM7271; up.port.uartclk = clk_rate; up.port.dev = dev; up.port.mapbase = mapbase; @@ -1073,8 +1073,6 @@ static int brcmuart_probe(struct platform_device *pdev) | UPF_FIXED_PORT | UPF_FIXED_TYPE; up.port.dev = dev; up.port.private_data = priv; - up.capabilities = UART_CAP_FIFO | UART_CAP_AFE; - up.port.fifosize = 32; /* Check for a fixed line number */ ret = of_alias_get_id(np, "serial"); diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 1dc64a3401cc..d4b962676308 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -314,6 +314,14 @@ static const struct serial8250_config uart_config[] = { .rxtrig_bytes = {1, 4, 8, 14}, .flags = UART_CAP_FIFO, }, + [PORT_BCM7271] = { + .name = "Broadcom BCM7271 UART", + .fifo_size = 32, + .tx_loadsz = 32, + .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_01, + .rxtrig_bytes = {1, 8, 16, 30}, + .flags = UART_CAP_FIFO | UART_CAP_AFE, + }, }; /* Uart divisor latch read */ diff --git a/include/uapi/linux/serial_core.h b/include/uapi/linux/serial_core.h index 3ba34d8378bd..1138d9bf7b18 100644 --- a/include/uapi/linux/serial_core.h +++ b/include/uapi/linux/serial_core.h @@ -144,6 +144,9 @@ /* Blackfin bf5xx */ #define PORT_BFIN 75 +/* Broadcom BCM7271 UART */ +#define PORT_BCM7271 76 + /* Broadcom SB1250, etc. SOC */ #define PORT_SB1250_DUART 77 From d02968a02321319acfe345526c87fdc723c865c4 Mon Sep 17 00:00:00 2001 From: Pierre Couillaud Date: Sat, 7 Sep 2024 17:11:19 -0700 Subject: [PATCH 52/87] ANDROID: gki_defconfig: Enable CONFIG_SERIAL_8250_BCM7271 Enable BCM UART driver for Broadcom Set Top Box SoCs. Bug: 365149220 Change-Id: I8784b1f5820dcdcecca8f71fc7d378dc0407f6a0 Signed-off-by: Pierre Couillaud Signed-off-by: Danesh Petigara --- arch/arm64/configs/gki_defconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index ce5859a552af..dbacd7179c04 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -402,7 +402,6 @@ CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_NR_UARTS=32 CONFIG_SERIAL_8250_RUNTIME_UARTS=0 CONFIG_SERIAL_8250_DW=y -# CONFIG_SERIAL_8250_BCM7271 is not set CONFIG_SERIAL_OF_PLATFORM=y CONFIG_SERIAL_AMBA_PL011=y CONFIG_SERIAL_AMBA_PL011_CONSOLE=y From fdec2610bffc4522ffbaae42b587e27a587daaff Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Tue, 15 Jun 2021 17:45:29 -0700 Subject: [PATCH 53/87] ANDROID: gki_config: Disable CONFIG_DEBUG_STACK_USAGE This config option was not requested by any partner and has non-zero overhead on process creation. Disable it. Bug: 191150949 Bug: 365466166 Signed-off-by: Suren Baghdasaryan Change-Id: Ia9547c989c22246c46ed9624a0707c6369ee4de0 --- arch/arm64/configs/gki_defconfig | 1 - arch/x86/configs/gki_defconfig | 1 - 2 files changed, 2 deletions(-) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index dbacd7179c04..1d6b7015c013 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -751,7 +751,6 @@ CONFIG_UBSAN_LOCAL_BOUNDS=y CONFIG_PAGE_OWNER=y CONFIG_PAGE_PINNER=y CONFIG_PER_VMA_LOCK_STATS=y -CONFIG_DEBUG_STACK_USAGE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_KASAN=y CONFIG_KASAN_HW_TAGS=y diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index 7d5f43284a02..1a95465a5468 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -664,7 +664,6 @@ CONFIG_UBSAN_LOCAL_BOUNDS=y # CONFIG_UBSAN_ENUM is not set CONFIG_PAGE_OWNER=y CONFIG_PER_VMA_LOCK_STATS=y -CONFIG_DEBUG_STACK_USAGE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_KFENCE=y CONFIG_KFENCE_SAMPLE_INTERVAL=500 From 75c9b1955b7e1f0a959b70f9d631a93634d742e5 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Fri, 21 Jun 2024 16:08:27 +0200 Subject: [PATCH 54/87] UPSTREAM: bpf: Fix overrunning reservations in ringbuf [ Upstream commit cfa1a2329a691ffd991fcf7248a57d752e712881 ] The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. Bug: 349976340 Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Bing-Jhong Billy Jheng Reported-by: Muhammad Ramdhan Co-developed-by: Bing-Jhong Billy Jheng Co-developed-by: Andrii Nakryiko Signed-off-by: Bing-Jhong Billy Jheng Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Signed-off-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20240621140828.18238-1-daniel@iogearbox.net Signed-off-by: Sasha Levin (cherry picked from commit d1b9df0435bc61e0b44f578846516df8ef476686) Signed-off-by: Lee Jones Change-Id: I57847858a13e15118ef18a00257e45f96597e938 --- kernel/bpf/ringbuf.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index 4cc6d1afced5..296cdfaebf47 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -59,7 +59,8 @@ struct bpf_ringbuf { * This prevents a user-space application from modifying the * position and ruining in-kernel tracking. The permissions of the * pages depend on who is producing samples: user-space or the - * kernel. + * kernel. Note that the pending counter is placed in the same + * page as the producer, so that it shares the same cache line. * * Kernel-producer * --------------- @@ -78,6 +79,7 @@ struct bpf_ringbuf { */ unsigned long consumer_pos __aligned(PAGE_SIZE); unsigned long producer_pos __aligned(PAGE_SIZE); + unsigned long pending_pos; char data[] __aligned(PAGE_SIZE); }; @@ -176,6 +178,7 @@ static struct bpf_ringbuf *bpf_ringbuf_alloc(size_t data_sz, int numa_node) rb->mask = data_sz - 1; rb->consumer_pos = 0; rb->producer_pos = 0; + rb->pending_pos = 0; return rb; } @@ -390,9 +393,9 @@ bpf_ringbuf_restore_from_rec(struct bpf_ringbuf_hdr *hdr) static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) { - unsigned long cons_pos, prod_pos, new_prod_pos, flags; - u32 len, pg_off; + unsigned long cons_pos, prod_pos, new_prod_pos, pend_pos, flags; struct bpf_ringbuf_hdr *hdr; + u32 len, pg_off, tmp_size, hdr_len; if (unlikely(size > RINGBUF_MAX_RECORD_SZ)) return NULL; @@ -410,13 +413,29 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) spin_lock_irqsave(&rb->spinlock, flags); } + pend_pos = rb->pending_pos; prod_pos = rb->producer_pos; new_prod_pos = prod_pos + len; - /* check for out of ringbuf space by ensuring producer position - * doesn't advance more than (ringbuf_size - 1) ahead + while (pend_pos < prod_pos) { + hdr = (void *)rb->data + (pend_pos & rb->mask); + hdr_len = READ_ONCE(hdr->len); + if (hdr_len & BPF_RINGBUF_BUSY_BIT) + break; + tmp_size = hdr_len & ~BPF_RINGBUF_DISCARD_BIT; + tmp_size = round_up(tmp_size + BPF_RINGBUF_HDR_SZ, 8); + pend_pos += tmp_size; + } + rb->pending_pos = pend_pos; + + /* check for out of ringbuf space: + * - by ensuring producer position doesn't advance more than + * (ringbuf_size - 1) ahead + * - by ensuring oldest not yet committed record until newest + * record does not span more than (ringbuf_size - 1) */ - if (new_prod_pos - cons_pos > rb->mask) { + if (new_prod_pos - cons_pos > rb->mask || + new_prod_pos - pend_pos > rb->mask) { spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } From ff7405244895d11028a0be1e376896155585aac3 Mon Sep 17 00:00:00 2001 From: Mukesh Ojha Date: Thu, 25 Jul 2024 11:55:10 +0530 Subject: [PATCH 55/87] BACKPORT: binder_alloc: Fix sleeping function called from invalid context 36c55ce8703c ("binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues") introduced schedule while atomic issue. [ 2689.152635][ T4275] BUG: sleeping function called from invalid context at mm/vmalloc.c:2847 [ 2689.161291][ T4275] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4275, name: kworker/1:140 [ 2689.170708][ T4275] preempt_count: 1, expected: 0 [ 2689.175572][ T4275] RCU nest depth: 0, expected: 0 [ 2689.180521][ T4275] INFO: lockdep is turned off. [ 2689.180523][ T4275] Preemption disabled at: [ 2689.180525][ T4275] [] binder_alloc_deferred_release+0x2c/0x388 .. .. [ 2689.213419][ T4275] __might_resched+0x174/0x178 [ 2689.213423][ T4275] __might_sleep+0x48/0x7c [ 2689.213426][ T4275] vfree+0x4c/0x15c [ 2689.213430][ T4275] kvfree+0x24/0x44 [ 2689.213433][ T4275] binder_alloc_deferred_release+0x2c0/0x388 [ 2689.213436][ T4275] binder_proc_dec_tmpref+0x15c/0x2a8 [ 2689.213440][ T4275] binder_deferred_func+0xa8/0x8ec [ 2689.213442][ T4275] process_one_work+0x254/0x59c [ 2689.213447][ T4275] worker_thread+0x274/0x3ec [ 2689.213450][ T4275] kthread+0x110/0x134 [ 2689.213453][ T4275] ret_from_fork+0x10/0x20 Fix it by moving the place of kvfree outside of spinlock context. Fixes: 36c55ce8703c ("binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues") Acked-by: Carlos Llamas Signed-off-by: Mukesh Ojha Link: https://lore.kernel.org/r/20240725062510.2856662-1-quic_mojha@quicinc.com Signed-off-by: Greg Kroah-Hartman Bug: 356093827 Change-Id: Ic1e342ba8eb843dc49a6c4a91c7ba0f99d5e54fd (cherry picked from commit 2c10a20f5e84ab777d29ed921d4c78d66de6d0fb) [cmllamas: fix merge issues due to missing 36c55ce8703c] Signed-off-by: Carlos Llamas --- drivers/android/binder_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 6ce5a0264946..02ec2c077b2c 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -955,9 +955,9 @@ void binder_alloc_deferred_release(struct binder_alloc *alloc) __free_page(alloc->pages[i].page_ptr); page_count++; } - kfree(alloc->pages); } binder_alloc_unlock(alloc); + kfree(alloc->pages); if (alloc->mm) mmdrop(alloc->mm); From b18f8bbc044f476aea4146be141bb9c5430b2a12 Mon Sep 17 00:00:00 2001 From: Pierre Couillaud Date: Wed, 11 Sep 2024 14:28:39 -0700 Subject: [PATCH 56/87] ANDROID: GKI: Update symbol list for BCMSTB Remove symbols obsoleted since including CONFIG_SERIAL_8250_BCM7271 Bug: 365149220 Change-Id: Id35a1c68e27359fa5e8a2d90cfa7be5346875ebf Signed-off-by: Pierre Couillaud --- android/abi_gki_aarch64_bcmstb | 16 ++-------------- android/abi_gki_aarch64_type_visibility | 3 +++ 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/android/abi_gki_aarch64_bcmstb b/android/abi_gki_aarch64_bcmstb index 0998f7d29e70..0376d93363c3 100644 --- a/android/abi_gki_aarch64_bcmstb +++ b/android/abi_gki_aarch64_bcmstb @@ -355,7 +355,6 @@ nr_cpu_ids ns_capable of_address_to_resource - of_alias_get_id of_clk_get_by_name of_count_phandle_with_args of_device_get_match_data @@ -422,7 +421,6 @@ __platform_driver_register platform_driver_unregister platform_get_irq - platform_get_irq_byname platform_get_irq_byname_optional platform_get_irq_optional platform_get_resource @@ -747,18 +745,6 @@ vlan_vid_add vlan_vid_del -# required by 8250_bcm7271.ko - serial8250_do_set_termios - serial8250_do_shutdown - serial8250_do_startup - serial8250_get_port - serial8250_handle_irq - serial8250_register_8250_port - serial8250_resume_port - serial8250_suspend_port - serial8250_unregister_port - uart_write_wakeup - # required by ahci_brcm.ko phy_calibrate @@ -797,6 +783,7 @@ dma_sync_single_for_cpu of_get_ethdev_address of_platform_populate + platform_get_irq_byname __skb_pad synchronize_irq @@ -1069,6 +1056,7 @@ netif_schedule_queue netif_set_real_num_rx_queues netif_set_real_num_tx_queues + of_alias_get_id of_get_compatible_child of_phy_find_device phy_attach diff --git a/android/abi_gki_aarch64_type_visibility b/android/abi_gki_aarch64_type_visibility index e700c6e36d0f..64b5ef1f548e 100644 --- a/android/abi_gki_aarch64_type_visibility +++ b/android/abi_gki_aarch64_type_visibility @@ -3,3 +3,6 @@ # for type visibility ANDROID_GKI_struct_dwc3 ANDROID_GKI_struct_kernel_all_info + +# symbol no longer needed + serial8250_handle_irq From 6e5b92a6a1511b6e888519d9f4360f044d2e90b8 Mon Sep 17 00:00:00 2001 From: iabdullah Date: Wed, 21 Aug 2024 12:43:30 +0530 Subject: [PATCH 57/87] ANDROID: GKI: Add symbol list for exynosauto These symbols are required to use custom driver for writing data into Serial device using common TTY drivers for basic data trasmit via UART/SPI. INFO: 2 function symbol(s) added 'int serdev_device_write(struct serdev_device*, const unsigned char*, size_t, long)' 'void serdev_device_write_wakeup(struct serdev_device*)' Bug: 356635235 Change-Id: Ia365485ad4b533e5e2826add9182bc98b5563f81 Signed-off-by: iabdullah --- android/abi_gki_aarch64.stg | 28 ++++++++++++++++++++++++++++ android/abi_gki_aarch64_exynosauto | 2 ++ 2 files changed, 30 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 64a54cb63a1b..cd807e5c41fe 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -317314,6 +317314,14 @@ function { parameter_id: 0x18ea6ae3 parameter_id: 0x4585663f } +function { + id: 0x93b7b77f + return_type_id: 0x6720d32f + parameter_id: 0x3ba261b0 + parameter_id: 0x384c5795 + parameter_id: 0xf435685e + parameter_id: 0xfc0e1dbd +} function { id: 0x93b941f7 return_type_id: 0x6720d32f @@ -397625,6 +397633,15 @@ elf_symbol { type_id: 0x1d80f189 full_name: "serdev_device_wait_until_sent" } +elf_symbol { + id: 0x3a629e14 + name: "serdev_device_write" + is_defined: true + symbol_type: FUNCTION + crc: 0x578962bc + type_id: 0x93b7b77f + full_name: "serdev_device_write" +} elf_symbol { id: 0x6e10178a name: "serdev_device_write_buf" @@ -397643,6 +397660,15 @@ elf_symbol { type_id: 0x1e70c9ff full_name: "serdev_device_write_flush" } +elf_symbol { + id: 0x826ffe72 + name: "serdev_device_write_wakeup" + is_defined: true + symbol_type: FUNCTION + crc: 0x0d49287e + type_id: 0x1e70c9ff + full_name: "serdev_device_write_wakeup" +} elf_symbol { id: 0x98b882af name: "serial8250_do_pm" @@ -420089,8 +420115,10 @@ interface { symbol_id: 0x39477e15 symbol_id: 0x05a66e98 symbol_id: 0x3c71822d + symbol_id: 0x3a629e14 symbol_id: 0x6e10178a symbol_id: 0x5d6a93ff + symbol_id: 0x826ffe72 symbol_id: 0x98b882af symbol_id: 0x2bb7ad6a symbol_id: 0x4bb58367 diff --git a/android/abi_gki_aarch64_exynosauto b/android/abi_gki_aarch64_exynosauto index 643e5949901f..8a9f0cc588b7 100644 --- a/android/abi_gki_aarch64_exynosauto +++ b/android/abi_gki_aarch64_exynosauto @@ -612,6 +612,8 @@ seq_putc seq_puts seq_read + serdev_device_write + serdev_device_write_wakeup set_cpus_allowed_ptr set_normalized_timespec64 sg_alloc_table From d1f3a046a65db6416f9db0df03c6c1ca5916ac21 Mon Sep 17 00:00:00 2001 From: Daeho Jeong Date: Wed, 4 Sep 2024 08:33:06 -0700 Subject: [PATCH 58/87] FROMGIT: f2fs: prevent atomic file from being dirtied before commit Keep atomic file clean while updating and make it dirtied during commit in order to avoid unnecessary and excessive inode updates in the previous fix. Fixes: 4bf78322346f ("f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag") Change-Id: I2a29d047fa4233632876c61cf909340d1f60c26d Signed-off-by: Daeho Jeong Signed-off-by: Jaegeuk Kim Bug: 352181300 (cherry picked from commit fccaa81de87e80b1809906f7e438e5766fbdc172 https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev) Change-Id: I5970e56a5318804cfebea340b5b19d6e0a66dc01 Signed-off-by: Daeho Jeong --- fs/f2fs/f2fs.h | 2 +- fs/f2fs/inode.c | 5 +++++ fs/f2fs/segment.c | 8 ++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index d76e8db779d5..2471494f90a0 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -798,6 +798,7 @@ enum { FI_ALIGNED_WRITE, /* enable aligned write */ FI_COW_FILE, /* indicate COW file */ FI_ATOMIC_COMMITTED, /* indicate atomic commit completed except disk sync */ + FI_ATOMIC_DIRTIED, /* indicate atomic file is dirtied */ FI_ATOMIC_REPLACE, /* indicate atomic replace */ FI_MAX, /* max flag, never be used */ }; @@ -3001,7 +3002,6 @@ static inline void __mark_inode_dirty_flag(struct inode *inode, case FI_INLINE_DOTS: case FI_PIN_FILE: case FI_COMPRESS_RELEASED: - case FI_ATOMIC_COMMITTED: f2fs_mark_inode_dirty_sync(inode, true); } } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index c18167cf14b2..6d5cf1409733 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -30,6 +30,11 @@ void f2fs_mark_inode_dirty_sync(struct inode *inode, bool sync) if (f2fs_inode_dirtied(inode, sync)) return; + if (f2fs_is_atomic_file(inode)) { + set_inode_flag(inode, FI_ATOMIC_DIRTIED); + return; + } + mark_inode_dirty_sync(inode); } diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index bb7a8b384547..a80d4281b5b2 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -199,6 +199,10 @@ void f2fs_abort_atomic_write(struct inode *inode, bool clean) clear_inode_flag(inode, FI_ATOMIC_COMMITTED); clear_inode_flag(inode, FI_ATOMIC_REPLACE); clear_inode_flag(inode, FI_ATOMIC_FILE); + if (is_inode_flag_set(inode, FI_ATOMIC_DIRTIED)) { + clear_inode_flag(inode, FI_ATOMIC_DIRTIED); + f2fs_mark_inode_dirty_sync(inode, true); + } stat_dec_atomic_inode(inode); F2FS_I(inode)->atomic_write_task = NULL; @@ -368,6 +372,10 @@ out: } else { sbi->committed_atomic_block += fi->atomic_write_cnt; set_inode_flag(inode, FI_ATOMIC_COMMITTED); + if (is_inode_flag_set(inode, FI_ATOMIC_DIRTIED)) { + clear_inode_flag(inode, FI_ATOMIC_DIRTIED); + f2fs_mark_inode_dirty_sync(inode, true); + } } __complete_revoke_list(inode, &revoke_list, ret ? true : false); From c7b8f95c210bc9573631dcb9774bec2b17a9c3f1 Mon Sep 17 00:00:00 2001 From: Dezhi Huang Date: Tue, 28 May 2024 17:40:06 +0800 Subject: [PATCH 59/87] ANDROID: Allow vendor modules perform more operations on binder transaction. Export binder_alloc_copy_from_buffer, allow vendor modules perform more operations on binder transaction and improve user operation fluency and timeliness experience. Bug: 365506454 Bug: 343139379 Change-Id: I4353763099d854a62d0b70b003fbaca00e2c76e4 Signed-off-by: Dezhi Huang (cherry picked from commit d8db83d94e14b48819bba18cb975943c237e33df) --- drivers/android/binder_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 02ec2c077b2c..4753911fcb96 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -1315,4 +1315,4 @@ int binder_alloc_copy_from_buffer(struct binder_alloc *alloc, return binder_alloc_do_buffer_copy(alloc, false, buffer, buffer_offset, dest, bytes); } - +EXPORT_SYMBOL_GPL(binder_alloc_copy_from_buffer); From 47871c381d5f211ce5a1567626e579562bba9b0f Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Wed, 18 Sep 2024 10:41:44 +0800 Subject: [PATCH 60/87] ANDROID: GKI: Update symbol list for honor Update symbol list for honor in android/abi_gki_aarch64_honor Bug: 365506454 Change-Id: I5d9a7a41da2a6f97998fadbbcb447db53b873bcc Signed-off-by: jiangxinpei --- android/abi_gki_aarch64.stg | 19 +++++++++++++++++++ android/abi_gki_aarch64_honor | 1 + 2 files changed, 20 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index cd807e5c41fe..46e2875e7ac7 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -315454,6 +315454,15 @@ function { parameter_id: 0x2b9b3aed parameter_id: 0x18bd6530 } +function { + id: 0x925fc6da + return_type_id: 0x6720d32f + parameter_id: 0x3ec65828 + parameter_id: 0x18bd6530 + parameter_id: 0x38b368bf + parameter_id: 0x95ef30d6 + parameter_id: 0xf435685e +} function { id: 0x925fddc4 return_type_id: 0xf435685e @@ -355219,6 +355228,15 @@ elf_symbol { type_id: 0x3fc78978 full_name: "bin2hex" } +elf_symbol { + id: 0x154309df + name: "binder_alloc_copy_from_buffer" + is_defined: true + symbol_type: FUNCTION + crc: 0x6ced1f12 + type_id: 0x925fc6da + full_name: "binder_alloc_copy_from_buffer" +} elf_symbol { id: 0x49201db3 name: "bio_add_page" @@ -415404,6 +415422,7 @@ interface { symbol_id: 0xcdba3a55 symbol_id: 0x7f80f1f5 symbol_id: 0x977cc973 + symbol_id: 0x154309df symbol_id: 0x49201db3 symbol_id: 0xacc709b0 symbol_id: 0x2b2698f0 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index b00814ae4bc7..360d315fe7ff 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -17,6 +17,7 @@ __traceiter_android_vh_modify_scan_control __traceiter_android_vh_should_continue_reclaim __traceiter_android_vh_tune_fault_around_bytes + binder_alloc_copy_from_buffer kfree __kmalloc mod_node_page_state From be07389110af7b6114425a45f4c2c665a421bda5 Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Mon, 9 Sep 2024 19:56:51 +0800 Subject: [PATCH 61/87] ANDROID: Allow vendor modules perform operationson on memleak detect When an LMK (Low Memory Killer) occurs, it is crucial for us to identify the underlying cause of low memory. Based on past experiences, memory leaks are often the root cause in such situations. The purpose of this function is to assist us in identifying which application or type of memory is experiencing memory leaks, thereby enabling us to effectively locate and address the memory leakage issue. Bug: 365506689 Bug: 346707562 Change-Id: I5d7d6bdbca30660f2a552211fd8aff40d3550df7 Signed-off-by: jiangxinpei (cherry picked from commit d61134668c2d37846a6cea3e1ab3c237f2c7bc99) --- lib/show_mem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/show_mem.c b/lib/show_mem.c index f62c5b38470c..8848039712c8 100644 --- a/lib/show_mem.c +++ b/lib/show_mem.c @@ -44,3 +44,4 @@ void __show_mem(unsigned int filter, nodemask_t *nodemask, int max_zone_idx) #endif trace_android_vh_show_mem(filter, nodemask); } +EXPORT_SYMBOL_GPL(__show_mem); From 8a268cb981a66ab0e7d4c1512cdf7e47af8a0dc4 Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Wed, 18 Sep 2024 11:13:47 +0800 Subject: [PATCH 62/87] ANDROID: GKI: Update symbol list for honor Update symbol list for honor in android/abi_gki_aarch64_honor Bug: 365506689 Change-Id: I604163b979660eaedbc13d3da5c9e3cdb8275e50 Signed-off-by: jiangxinpei --- android/abi_gki_aarch64.stg | 17 +++++++++++++++++ android/abi_gki_aarch64_honor | 1 + 2 files changed, 18 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 46e2875e7ac7..1662192c3757 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -293334,6 +293334,13 @@ function { parameter_id: 0x33756485 parameter_id: 0x33756485 } +function { + id: 0x015e0ae6 + return_type_id: 0x48b5725f + parameter_id: 0x4585663f + parameter_id: 0x2fb2b385 + parameter_id: 0x6720d32f +} function { id: 0x016f0c64 return_type_id: 0xa9403390 @@ -343782,6 +343789,15 @@ elf_symbol { type_id: 0x10189f78 full_name: "__sg_page_iter_start" } +elf_symbol { + id: 0xda0019b0 + name: "__show_mem" + is_defined: true + symbol_type: FUNCTION + crc: 0x59e928c1 + type_id: 0x015e0ae6 + full_name: "__show_mem" +} elf_symbol { id: 0x62009211 name: "__sk_receive_skb" @@ -414150,6 +414166,7 @@ interface { symbol_id: 0x29a11d8a symbol_id: 0x208b66fa symbol_id: 0x4a440f54 + symbol_id: 0xda0019b0 symbol_id: 0x62009211 symbol_id: 0x6a35982c symbol_id: 0xe0752d30 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index 360d315fe7ff..1be152abee2e 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -27,6 +27,7 @@ profile_event_unregister drop_super si_swapinfo + __show_mem single_open sock_from_file task_cputime_adjusted From 814dd5bfa8b16cbc16493ba5e393724fef54883a Mon Sep 17 00:00:00 2001 From: David Chiang Date: Thu, 19 Sep 2024 06:07:31 +0000 Subject: [PATCH 63/87] ANDROID: Update the ABI symbol list Adding the following symbols to abi_gki_aarch64_pixel: - mbox_request_channel_byname Bug: 368167673 Change-Id: I031522377372a25bf5f9e97eb4832173463de390 Signed-off-by: David Chiang --- android/abi_gki_aarch64_pixel | 1 + 1 file changed, 1 insertion(+) diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index 7f66d86c4968..d47fd505e95c 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -1360,6 +1360,7 @@ mbox_controller_unregister mbox_free_channel mbox_request_channel + mbox_request_channel_byname mbox_send_message memchr memchr_inv From eda4e9fa6424c86248d18889553a96fcd65904f3 Mon Sep 17 00:00:00 2001 From: Sooyong Suk Date: Thu, 18 Jul 2024 11:15:27 +0900 Subject: [PATCH 64/87] ANDROID: mm: add vendor hook in fault and read file Add a vendor hook to notify vendor module fault and read events. Bug: 362665923 Bug: 351175506 Change-Id: I4c46e9e00aa5f5555fd42a6b0815563497658b34 Signed-off-by: Sooyong Suk (cherry picked from commit a9867d872e24fbe658e05f32b770e4b36c6e3773) --- drivers/android/vendor_hooks.c | 3 +++ include/trace/hooks/mm.h | 10 ++++++++++ mm/filemap.c | 5 +++++ mm/memory.c | 2 ++ 4 files changed, 20 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 412d22b13a7c..923ca2b2f953 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -447,3 +447,6 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_add_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_finish); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_oom_swapmem_gather_init); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_oom_swapmem_gather_finish); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_do_read_fault); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_filemap_read); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_filemap_map_pages); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 194f5536c149..df7430211a09 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -261,6 +261,16 @@ DECLARE_HOOK(android_vh_oom_swapmem_gather_init, DECLARE_HOOK(android_vh_oom_swapmem_gather_finish, TP_PROTO(struct mm_struct *mm), TP_ARGS(mm)); +DECLARE_HOOK(android_vh_do_read_fault, + TP_PROTO(struct vm_fault *vmf, unsigned long fault_around_bytes), + TP_ARGS(vmf, fault_around_bytes)); +DECLARE_HOOK(android_vh_filemap_read, + TP_PROTO(struct file *file, loff_t pos, size_t size), + TP_ARGS(file, pos, size)); +DECLARE_HOOK(android_vh_filemap_map_pages, + TP_PROTO(struct file *file, pgoff_t first_pgoff, + pgoff_t last_pgoff, vm_fault_t ret), + TP_ARGS(file, first_pgoff, last_pgoff, ret)); #endif /* _TRACE_HOOK_MM_H */ /* This part must be outside protection */ diff --git a/mm/filemap.c b/mm/filemap.c index 373165ba8a1f..5edd973dbe5f 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2736,6 +2736,7 @@ ssize_t filemap_read(struct kiocb *iocb, struct iov_iter *iter, iov_iter_truncate(iter, inode->i_sb->s_maxbytes); folio_batch_init(&fbatch); + trace_android_vh_filemap_read(filp, iocb->ki_pos, iov_iter_count(iter)); do { cond_resched(); @@ -3438,11 +3439,13 @@ vm_fault_t filemap_map_pages(struct vm_fault *vmf, struct page *page; unsigned int mmap_miss = READ_ONCE(file->f_ra.mmap_miss); vm_fault_t ret = 0; + pgoff_t first_pgoff = 0; rcu_read_lock(); folio = first_map_page(mapping, &xas, end_pgoff); if (!folio) goto out; + first_pgoff = xas.xa_index; if (filemap_map_pmd(vmf, &folio->page)) { ret = VM_FAULT_NOPAGE; @@ -3498,6 +3501,8 @@ unlock: out: rcu_read_unlock(); WRITE_ONCE(file->f_ra.mmap_miss, mmap_miss); + trace_android_vh_filemap_map_pages(file, first_pgoff, last_pgoff, ret); + return ret; } EXPORT_SYMBOL(filemap_map_pages); diff --git a/mm/memory.c b/mm/memory.c index 4c54877c04a0..90c90066b59a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4690,6 +4690,8 @@ static vm_fault_t do_read_fault(struct vm_fault *vmf) ret = do_fault_around(vmf); if (ret) return ret; + } else { + trace_android_vh_do_read_fault(vmf, fault_around_bytes); } ret = vmf_can_call_fault(vmf); From c105083ac6f06b118944c6c33f157da6fbfd1226 Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Thu, 19 Sep 2024 14:58:40 +0800 Subject: [PATCH 65/87] ANDROID: ABI: update symbol list for honor 3 function symbol(s) added 'int __traceiter_android_vh_do_read_fault(void*, struct vm_fault*, unsigned long)' 'int __traceiter_android_vh_filemap_map_pages(void*, struct file*, unsigned long, unsigned long, vm_fault_t)' 'int __traceiter_android_vh_filemap_read(void*, struct file*, loff_t, size_t)' Bug: 362665923 Change-Id: I49fa40c65d7d24799c815de0c2c02c12d09e8fd8 Signed-off-by: jiangxinpei --- android/abi_gki_aarch64.stg | 84 +++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_honor | 6 +++ 2 files changed, 90 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 1662192c3757..a12b2c100a03 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -326308,6 +326308,13 @@ function { parameter_id: 0x33756485 parameter_id: 0x01222f7d } +function { + id: 0x9b6ee445 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x3360dff4 + parameter_id: 0x33756485 +} function { id: 0x9b6fe394 return_type_id: 0x6720d32f @@ -327706,6 +327713,15 @@ function { parameter_id: 0x0258f96e parameter_id: 0x6720d32f } +function { + id: 0x9bc01a31 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x18ea6ae3 + parameter_id: 0x33756485 + parameter_id: 0x33756485 + parameter_id: 0x65d74a06 +} function { id: 0x9bc0372a return_type_id: 0x6720d32f @@ -327879,6 +327895,14 @@ function { parameter_id: 0x18bd6530 parameter_id: 0x716d7970 } +function { + id: 0x9bc62aec + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x18ea6ae3 + parameter_id: 0x27a7c613 + parameter_id: 0xf435685e +} function { id: 0x9bc64292 return_type_id: 0x6720d32f @@ -346102,6 +346126,15 @@ elf_symbol { type_id: 0x9a35263f full_name: "__traceiter_android_vh_do_futex" } +elf_symbol { + id: 0xea6452e1 + name: "__traceiter_android_vh_do_read_fault" + is_defined: true + symbol_type: FUNCTION + crc: 0x324349a0 + type_id: 0x9b6ee445 + full_name: "__traceiter_android_vh_do_read_fault" +} elf_symbol { id: 0x1cc3aec5 name: "__traceiter_android_vh_do_send_sig_info" @@ -346255,6 +346288,24 @@ elf_symbol { type_id: 0x9bf4cdf9 full_name: "__traceiter_android_vh_filemap_get_folio" } +elf_symbol { + id: 0xb7d91f76 + name: "__traceiter_android_vh_filemap_map_pages" + is_defined: true + symbol_type: FUNCTION + crc: 0xbb9002c7 + type_id: 0x9bc01a31 + full_name: "__traceiter_android_vh_filemap_map_pages" +} +elf_symbol { + id: 0x158bf9d3 + name: "__traceiter_android_vh_filemap_read" + is_defined: true + symbol_type: FUNCTION + crc: 0x17256b24 + type_id: 0x9bc62aec + full_name: "__traceiter_android_vh_filemap_read" +} elf_symbol { id: 0x1fca37bf name: "__traceiter_android_vh_folio_trylock_clear" @@ -350719,6 +350770,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_do_futex" } +elf_symbol { + id: 0xff7bbbff + name: "__tracepoint_android_vh_do_read_fault" + is_defined: true + symbol_type: OBJECT + crc: 0xd18be4d5 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_do_read_fault" +} elf_symbol { id: 0x82ce823f name: "__tracepoint_android_vh_do_send_sig_info" @@ -350872,6 +350932,24 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_filemap_get_folio" } +elf_symbol { + id: 0xb34d9200 + name: "__tracepoint_android_vh_filemap_map_pages" + is_defined: true + symbol_type: OBJECT + crc: 0x6cc3b878 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_filemap_map_pages" +} +elf_symbol { + id: 0xf61927fd + name: "__tracepoint_android_vh_filemap_read" + is_defined: true + symbol_type: OBJECT + crc: 0xe0c6f67a + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_filemap_read" +} elf_symbol { id: 0xa3ede5d5 name: "__tracepoint_android_vh_folio_trylock_clear" @@ -414423,6 +414501,7 @@ interface { symbol_id: 0x5e9ed424 symbol_id: 0xada127d2 symbol_id: 0xd593b3ef + symbol_id: 0xea6452e1 symbol_id: 0x1cc3aec5 symbol_id: 0xb12728da symbol_id: 0x54bc5972 @@ -414440,6 +414519,8 @@ interface { symbol_id: 0x343adff1 symbol_id: 0x93a4717b symbol_id: 0x49c69e22 + symbol_id: 0xb7d91f76 + symbol_id: 0x158bf9d3 symbol_id: 0x1fca37bf symbol_id: 0xe6702595 symbol_id: 0x9e91661b @@ -414936,6 +415017,7 @@ interface { symbol_id: 0x325e746a symbol_id: 0x4db9ff7c symbol_id: 0x9fe99d05 + symbol_id: 0xff7bbbff symbol_id: 0x82ce823f symbol_id: 0x474d211c symbol_id: 0xeb9f1c78 @@ -414953,6 +415035,8 @@ interface { symbol_id: 0x2121385f symbol_id: 0x50a83025 symbol_id: 0x6d970e8c + symbol_id: 0xb34d9200 + symbol_id: 0xf61927fd symbol_id: 0xa3ede5d5 symbol_id: 0x539bf337 symbol_id: 0x901d0e89 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index 1be152abee2e..6d70adc4dc60 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -14,6 +14,12 @@ __traceiter_android_vh_shrink_slab_bypass __traceiter_android_vh_mutex_init __traceiter_android_vh_file_is_tiny_bypass + __tracepoint_android_vh_do_read_fault + __tracepoint_android_vh_filemap_read + __tracepoint_android_vh_filemap_map_pages + __traceiter_android_vh_do_read_fault + __traceiter_android_vh_filemap_read + __traceiter_android_vh_filemap_map_pages __traceiter_android_vh_modify_scan_control __traceiter_android_vh_should_continue_reclaim __traceiter_android_vh_tune_fault_around_bytes From 145b08312d3cb0ca3e4d21899422e4b5991bb40d Mon Sep 17 00:00:00 2001 From: Dezhi Huang Date: Sun, 28 Apr 2024 16:12:21 +0800 Subject: [PATCH 66/87] ANDROID: vendor_hooks: add hook to perform targeted memory management Add vendor_hook trace_android_vh_should_fault_around, allow vendor modules to skip the fault_around processing for less important processes. Bug: 362663044 Bug: 337547131 Change-Id: I792dca2038f5ad7cba1d212ef95407244958609d Signed-off-by: Dezhi Huang (cherry picked from commit 65ebb00fe7977348d5fcfa58985c29181f3ec173) --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/mm.h | 3 +++ mm/memory.c | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index 923ca2b2f953..a177b4fee436 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -276,6 +276,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_set_gfp_zone_flags); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_set_readahead_gfp_mask); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_alter_mutex_list_add); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mutex_unlock_slowpath); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_should_fault_around); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rwsem_wake_finish); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_tune_fault_around_bytes); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_adjust_alloc_flags); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index df7430211a09..90237954c83d 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -208,6 +208,9 @@ DECLARE_HOOK(android_vh_look_around, DECLARE_HOOK(android_vh_mm_alloc_pages_direct_reclaim_enter, TP_PROTO(unsigned int order), TP_ARGS(order)); +DECLARE_HOOK(android_vh_should_fault_around, + TP_PROTO(struct vm_fault *vmf, bool *should_around), + TP_ARGS(vmf, should_around)); DECLARE_HOOK(android_vh_mm_alloc_pages_direct_reclaim_exit, TP_PROTO(unsigned long did_some_progress, int retry_times), TP_ARGS(did_some_progress, retry_times)); diff --git a/mm/memory.c b/mm/memory.c index 90c90066b59a..551453be4b64 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -81,6 +81,7 @@ #include #include +#include #undef CREATE_TRACE_POINTS #include @@ -4663,6 +4664,7 @@ static vm_fault_t do_fault_around(struct vm_fault *vmf) /* Return true if we should do read fault-around, false otherwise */ static inline bool should_fault_around(struct vm_fault *vmf) { + bool should_around = true; /* No ->map_pages? No way to fault around... */ if (!vmf->vma->vm_ops->map_pages) return false; @@ -4670,6 +4672,10 @@ static inline bool should_fault_around(struct vm_fault *vmf) if (uffd_disable_fault_around(vmf->vma)) return false; + trace_android_vh_should_fault_around(vmf, &should_around); + if (!should_around) + return false; + return fault_around_bytes >> PAGE_SHIFT > 1; } From 532fad0092e50c6d92a616650db42f20bd61320e Mon Sep 17 00:00:00 2001 From: jiangxinpei Date: Thu, 19 Sep 2024 15:23:43 +0800 Subject: [PATCH 67/87] ANDROID: ABI: update symbol list for honor 1 function symbol(s) added 'int __traceiter_android_vh_should_fault_around(void*, struct vm_fault*, bool*)' Bug: 362663044 Change-Id: Ie7634bc746e40142455c7bd22d876d519a02e0d5 Signed-off-by: jiangxinpei --- android/abi_gki_aarch64.stg | 27 +++++++++++++++++++++++++++ android/abi_gki_aarch64_honor | 2 ++ 2 files changed, 29 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index a12b2c100a03..588f8724524c 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -326137,6 +326137,13 @@ function { return_type_id: 0xf435685e parameter_id: 0x31675062 } +function { + id: 0x9b664ae7 + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x3360dff4 + parameter_id: 0x11cfee5a +} function { id: 0x9b6740c7 return_type_id: 0x6720d32f @@ -347611,6 +347618,15 @@ elf_symbol { type_id: 0x9b1657a8 full_name: "__traceiter_android_vh_should_continue_reclaim" } +elf_symbol { + id: 0xda8424a2 + name: "__traceiter_android_vh_should_fault_around" + is_defined: true + symbol_type: FUNCTION + crc: 0xef8b5a7b + type_id: 0x9b664ae7 + full_name: "__traceiter_android_vh_should_fault_around" +} elf_symbol { id: 0x4d31a413 name: "__traceiter_android_vh_show_mem" @@ -352255,6 +352271,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_should_continue_reclaim" } +elf_symbol { + id: 0x88acddf0 + name: "__tracepoint_android_vh_should_fault_around" + is_defined: true + symbol_type: OBJECT + crc: 0x7af0e347 + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_should_fault_around" +} elf_symbol { id: 0x823654f5 name: "__tracepoint_android_vh_show_mem" @@ -414666,6 +414691,7 @@ interface { symbol_id: 0x70e34072 symbol_id: 0x53263f73 symbol_id: 0xe828d15b + symbol_id: 0xda8424a2 symbol_id: 0x4d31a413 symbol_id: 0xe7f6f975 symbol_id: 0x78accdce @@ -415182,6 +415208,7 @@ interface { symbol_id: 0x6ed615c4 symbol_id: 0xd860c719 symbol_id: 0x5b6bc3a9 + symbol_id: 0x88acddf0 symbol_id: 0x823654f5 symbol_id: 0x42ad45a3 symbol_id: 0x0a5014f0 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index 6d70adc4dc60..256775e0290f 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -2,6 +2,8 @@ __tracepoint_android_vh_get_page_wmark __tracepoint_android_vh_page_add_new_anon_rmap __tracepoint_android_vh_do_shrink_slab + __tracepoint_android_vh_should_fault_around + __traceiter_android_vh_should_fault_around __tracepoint_android_vh_shrink_slab_bypass __tracepoint_android_vh_mutex_init __tracepoint_android_vh_file_is_tiny_bypass From b3a2458fc6e6bf265ee52297f6478e4b43725fb2 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Wed, 18 Sep 2024 22:16:12 +0000 Subject: [PATCH 68/87] ANDROID: mm: add vh for kcompactd_cpu_online() kcompactd_cpu_online() changes kcompactd cpumask, potentially overwriting any vendor-specific cpumask that was there. This hook allows vendors to re-set the cpumask. Bug: 367400751 Change-Id: I45b92bcd16fbf2d5d76474287db659e32af64201 Signed-off-by: Dmitry Skiba --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/mm.h | 3 +++ mm/compaction.c | 1 + 3 files changed, 5 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index a177b4fee436..ebf5c1c0e7a1 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -378,6 +378,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mm_alloc_pages_may_oom_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_vmscan_kswapd_done); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mm_compaction_begin); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mm_compaction_end); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mm_kcompactd_cpu_online); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_bus_iommu_probe); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_rmqueue); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_resume_begin); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 90237954c83d..930fb08e91d5 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -145,6 +145,9 @@ DECLARE_HOOK(android_vh_mm_compaction_begin, DECLARE_HOOK(android_vh_mm_compaction_end, TP_PROTO(struct compact_control *cc, long vendor_ret), TP_ARGS(cc, vendor_ret)); +DECLARE_HOOK(android_vh_mm_kcompactd_cpu_online, + TP_PROTO(int cpu), + TP_ARGS(cpu)); DECLARE_HOOK(android_vh_free_unref_page_bypass, TP_PROTO(struct page *page, int order, int migratetype, bool *bypass), TP_ARGS(page, order, migratetype, bypass)); diff --git a/mm/compaction.c b/mm/compaction.c index 6dbb02de8b9d..1ff0bafa46d6 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -3070,6 +3070,7 @@ static int kcompactd_cpu_online(unsigned int cpu) if (pgdat->kcompactd) set_cpus_allowed_ptr(pgdat->kcompactd, mask); } + trace_android_vh_mm_kcompactd_cpu_online(cpu); return 0; } From 3b95e548676f4433803d644d77c38baf401e9f02 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Fri, 20 Sep 2024 10:08:42 +0000 Subject: [PATCH 69/87] ANDROID: Update the ABI symbol list Adding the following symbols: - __traceiter_android_rvh_try_to_wake_up_success - __traceiter_android_vh_mm_kcompactd_cpu_online - __traceiter_android_vh_vmscan_kswapd_done - __traceiter_mm_vmscan_kswapd_wake - __tracepoint_android_rvh_try_to_wake_up_success - __tracepoint_android_vh_mm_kcompactd_cpu_online - __tracepoint_android_vh_vmscan_kswapd_done - __tracepoint_mm_vmscan_kswapd_wake Bug: 367400751 Change-Id: I658b4961666d93238feaa8f166012b76a69994eb Signed-off-by: Dmitry Skiba --- android/abi_gki_aarch64.stg | 20 ++++++++++++++++++++ android/abi_gki_aarch64_pixel | 8 ++++++++ 2 files changed, 28 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 588f8724524c..fecf1749ffcb 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -346880,6 +346880,15 @@ elf_symbol { type_id: 0x9b883042 full_name: "__traceiter_android_vh_mm_compaction_end" } +elf_symbol { + id: 0x6f5c8275 + name: "__traceiter_android_vh_mm_kcompactd_cpu_online" + is_defined: true + symbol_type: FUNCTION + crc: 0x0e957ed4 + type_id: 0x9a33392f + full_name: "__traceiter_android_vh_mm_kcompactd_cpu_online" +} elf_symbol { id: 0xe44dacb1 name: "__traceiter_android_vh_mmap_region" @@ -351533,6 +351542,15 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_mm_compaction_end" } +elf_symbol { + id: 0x0f593caf + name: "__tracepoint_android_vh_mm_kcompactd_cpu_online" + is_defined: true + symbol_type: OBJECT + crc: 0x43ec1d5b + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_mm_kcompactd_cpu_online" +} elf_symbol { id: 0xb6da564f name: "__tracepoint_android_vh_mmap_region" @@ -414609,6 +414627,7 @@ interface { symbol_id: 0x49cebcae symbol_id: 0x22de652b symbol_id: 0xf928bf8a + symbol_id: 0x6f5c8275 symbol_id: 0xe44dacb1 symbol_id: 0x0c9da1aa symbol_id: 0xc168df93 @@ -415126,6 +415145,7 @@ interface { symbol_id: 0xf2890610 symbol_id: 0xa3d5f70d symbol_id: 0x72c79d80 + symbol_id: 0x0f593caf symbol_id: 0xb6da564f symbol_id: 0x1daf6454 symbol_id: 0x3c1c2029 diff --git a/android/abi_gki_aarch64_pixel b/android/abi_gki_aarch64_pixel index d47fd505e95c..3b32e905b1b2 100644 --- a/android/abi_gki_aarch64_pixel +++ b/android/abi_gki_aarch64_pixel @@ -2374,6 +2374,7 @@ __traceiter_android_rvh_set_user_nice __traceiter_android_rvh_set_user_nice_locked __traceiter_android_rvh_tick_entry + __traceiter_android_rvh_try_to_wake_up_success __traceiter_android_rvh_typec_tcpci_get_vbus __traceiter_android_rvh_uclamp_eff_get __traceiter_android_rvh_ufs_complete_init @@ -2402,6 +2403,7 @@ __traceiter_android_vh_meminfo_proc_show __traceiter_android_vh_mm_compaction_begin __traceiter_android_vh_mm_compaction_end + __traceiter_android_vh_mm_kcompactd_cpu_online __traceiter_android_vh_prio_inheritance __traceiter_android_vh_prio_restore __traceiter_android_vh_resume_end @@ -2430,6 +2432,7 @@ __traceiter_android_vh_ufs_update_sysfs __traceiter_android_vh_usb_dev_resume __traceiter_android_vh_use_amu_fie + __traceiter_android_vh_vmscan_kswapd_done __traceiter_clock_set_rate __traceiter_cma_alloc_finish __traceiter_cma_alloc_start @@ -2448,6 +2451,7 @@ __traceiter_mmap_lock_start_locking __traceiter_mm_vmscan_direct_reclaim_begin __traceiter_mm_vmscan_direct_reclaim_end + __traceiter_mm_vmscan_kswapd_wake __traceiter_pelt_cfs_tp __traceiter_pelt_dl_tp __traceiter_pelt_irq_tp @@ -2505,6 +2509,7 @@ __tracepoint_android_rvh_set_user_nice __tracepoint_android_rvh_set_user_nice_locked __tracepoint_android_rvh_tick_entry + __tracepoint_android_rvh_try_to_wake_up_success __tracepoint_android_rvh_typec_tcpci_get_vbus __tracepoint_android_rvh_uclamp_eff_get __tracepoint_android_rvh_ufs_complete_init @@ -2533,6 +2538,7 @@ __tracepoint_android_vh_meminfo_proc_show __tracepoint_android_vh_mm_compaction_begin __tracepoint_android_vh_mm_compaction_end + __tracepoint_android_vh_mm_kcompactd_cpu_online __tracepoint_android_vh_prio_inheritance __tracepoint_android_vh_prio_restore __tracepoint_android_vh_resume_end @@ -2561,6 +2567,7 @@ __tracepoint_android_vh_ufs_update_sysfs __tracepoint_android_vh_usb_dev_resume __tracepoint_android_vh_use_amu_fie + __tracepoint_android_vh_vmscan_kswapd_done __tracepoint_clock_set_rate __tracepoint_cma_alloc_finish __tracepoint_cma_alloc_start @@ -2579,6 +2586,7 @@ __tracepoint_mmap_lock_start_locking __tracepoint_mm_vmscan_direct_reclaim_begin __tracepoint_mm_vmscan_direct_reclaim_end + __tracepoint_mm_vmscan_kswapd_wake __tracepoint_pelt_cfs_tp __tracepoint_pelt_dl_tp __tracepoint_pelt_irq_tp From 530ff6a3e688d6361e043773ddd557e479fe5bb6 Mon Sep 17 00:00:00 2001 From: Yuxuan Yan Date: Thu, 20 Jun 2024 14:44:17 +0800 Subject: [PATCH 70/87] ANDROID: GKI: add vendor hooks android_vh_page_should_be_protected() and android_vh_modify_scan_control(). add two vendor hooks: android_vh_page_should_be_protected():protect pages from memory reclaim. android_vh_page_referenced_check_bypass():bypass rmap in active list shrink. The new vendor data field in scan_control are used to track how many pages are protected in current reclaim and the "protected / scanned" rate. These parameters are useful for understanding the impact of page protection operations on LRU and reclaim, helping us make better decsions. Bug: 348285765 Change-Id: I49567a4b1f978821a94da0a8339b2b8fdfd52daf Signed-off-by: Yuxuan Yan --- drivers/android/vendor_hooks.c | 2 ++ include/trace/hooks/mm.h | 5 +++++ include/trace/hooks/vmscan.h | 3 +++ mm/vmscan.c | 20 ++++++++++++++++++++ 4 files changed, 30 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index ebf5c1c0e7a1..7cb794211f29 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -444,6 +444,8 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_folio_trylock_clear); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_folio_trylock_set); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_handle_trylock_failed_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_hibernate_state); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_page_should_be_protected); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_page_referenced_check_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_init); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_add_bypass); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_swapmem_gather_finish); diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h index 930fb08e91d5..776ede13ae0c 100644 --- a/include/trace/hooks/mm.h +++ b/include/trace/hooks/mm.h @@ -252,6 +252,11 @@ DECLARE_HOOK(android_vh_shmem_swapin_folio, DECLARE_HOOK(android_vh_madvise_cold_or_pageout_page, TP_PROTO(bool pageout, struct page *page), TP_ARGS(pageout, page)); +DECLARE_HOOK(android_vh_page_should_be_protected, + TP_PROTO(struct folio *folio, unsigned long nr_scanned, + s8 priority, u64 *ext, int *should_protect), + TP_ARGS(folio, nr_scanned, priority, ext, should_protect)); + DECLARE_HOOK(android_vh_swapmem_gather_init, TP_PROTO(struct mm_struct *mm), TP_ARGS(mm)); diff --git a/include/trace/hooks/vmscan.h b/include/trace/hooks/vmscan.h index 0c5385bdb175..369a2c596376 100644 --- a/include/trace/hooks/vmscan.h +++ b/include/trace/hooks/vmscan.h @@ -69,6 +69,9 @@ DECLARE_HOOK(android_vh_do_folio_trylock, TP_PROTO(struct folio *folio, struct rw_semaphore *sem, bool *got_lock, bool *skip), TP_ARGS(folio, sem, got_lock, skip)); +DECLARE_HOOK(android_vh_page_referenced_check_bypass, + TP_PROTO(struct folio *folio, unsigned long nr_to_scan, int lru, bool *bypass), + TP_ARGS(folio, nr_to_scan, lru, bypass)); #endif /* _TRACE_HOOK_VMSCAN_H */ /* This part must be outside protection */ #include diff --git a/mm/vmscan.c b/mm/vmscan.c index 2308399473ad..777662967d99 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1480,6 +1480,10 @@ static enum folio_references folio_check_references(struct folio *folio, int ret = 0; bool trylock_failed = false; +#ifdef CONFIG_ANDROID_VENDOR_OEM_DATA + trace_android_vh_page_should_be_protected(folio, sc->nr_scanned, + sc->priority, &sc->android_vendor_data1, &ret); +#endif trace_android_vh_check_folio_look_around_ref(folio, &ret); if (ret) return ret; @@ -2649,6 +2653,8 @@ static void shrink_active_list(unsigned long nr_to_scan, unsigned nr_rotated = 0; int file = is_file_lru(lru); struct pglist_data *pgdat = lruvec_pgdat(lruvec); + int should_protect = 0; + bool bypass = false; lru_add_drain(); @@ -2685,6 +2691,19 @@ static void shrink_active_list(unsigned long nr_to_scan, } } +#ifdef CONFIG_ANDROID_VENDOR_OEM_DATA + trace_android_vh_page_should_be_protected(folio, sc->nr_scanned, + sc->priority, &sc->android_vendor_data1, &should_protect); +#endif + if (unlikely(should_protect)) { + nr_rotated += folio_nr_pages(folio); + list_add(&folio->lru, &l_active); + continue; + } + + trace_android_vh_page_referenced_check_bypass(folio, nr_to_scan, lru, &bypass); + if (bypass) + goto skip_folio_referenced; trace_android_vh_folio_trylock_set(folio); /* Referenced or rmap lock contention: rotate */ if (folio_referenced(folio, 0, sc->target_mem_cgroup, @@ -2706,6 +2725,7 @@ static void shrink_active_list(unsigned long nr_to_scan, } } trace_android_vh_folio_trylock_clear(folio); +skip_folio_referenced: folio_clear_active(folio); /* we are de-activating */ folio_set_workingset(folio); list_add(&folio->lru, &l_inactive); From e64a80a096a6d29de4f206fb433da206b58fac65 Mon Sep 17 00:00:00 2001 From: Yuxuan Yan Date: Mon, 24 Jun 2024 17:20:16 +0800 Subject: [PATCH 71/87] ANDROID: GKI: update symbol list file for xiaomi add 3 function: android_vh_page_should_be_protected() android_vh_page_referenced_check_bypass() __page_mapcount() Bug: 348285765 Change-Id: Idbcdf69693a3f4e83ada35aebf3f138648c73d10 Signed-off-by: Yuxuan Yan --- android/abi_gki_aarch64.stg | 59 ++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_xiaomi | 7 ++++ 2 files changed, 66 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index fecf1749ffcb..c47af0c92f89 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -325072,6 +325072,16 @@ function { parameter_id: 0x11cfee5a parameter_id: 0x13580d6c } +function { + id: 0x9b26096d + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x2170d06d + parameter_id: 0x33756485 + parameter_id: 0x29b77961 + parameter_id: 0x2e18f543 + parameter_id: 0x13580d6c +} function { id: 0x9b261113 return_type_id: 0x6720d32f @@ -325113,6 +325123,15 @@ function { parameter_id: 0x2360e10b parameter_id: 0x13580d6c } +function { + id: 0x9b273c8b + return_type_id: 0x6720d32f + parameter_id: 0x18bd6530 + parameter_id: 0x2170d06d + parameter_id: 0x33756485 + parameter_id: 0x6720d32f + parameter_id: 0x11cfee5a +} function { id: 0x9b2837bd return_type_id: 0x6720d32f @@ -347051,6 +347070,24 @@ elf_symbol { type_id: 0x9bb7fe1c full_name: "__traceiter_android_vh_page_add_new_anon_rmap" } +elf_symbol { + id: 0x3246acbb + name: "__traceiter_android_vh_page_referenced_check_bypass" + is_defined: true + symbol_type: FUNCTION + crc: 0xe720c887 + type_id: 0x9b273c8b + full_name: "__traceiter_android_vh_page_referenced_check_bypass" +} +elf_symbol { + id: 0xb4d5ffdc + name: "__traceiter_android_vh_page_should_be_protected" + is_defined: true + symbol_type: FUNCTION + crc: 0x77112e10 + type_id: 0x9b26096d + full_name: "__traceiter_android_vh_page_should_be_protected" +} elf_symbol { id: 0x13b0736e name: "__traceiter_android_vh_percpu_rwsem_down_read" @@ -351713,6 +351750,24 @@ elf_symbol { type_id: 0x18ccbd2c full_name: "__tracepoint_android_vh_page_add_new_anon_rmap" } +elf_symbol { + id: 0x4a5e6e41 + name: "__tracepoint_android_vh_page_referenced_check_bypass" + is_defined: true + symbol_type: OBJECT + crc: 0x6c78bb0e + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_page_referenced_check_bypass" +} +elf_symbol { + id: 0x352038ba + name: "__tracepoint_android_vh_page_should_be_protected" + is_defined: true + symbol_type: OBJECT + crc: 0x0ba3a10c + type_id: 0x18ccbd2c + full_name: "__tracepoint_android_vh_page_should_be_protected" +} elf_symbol { id: 0xa4c454d8 name: "__tracepoint_android_vh_percpu_rwsem_down_read" @@ -414646,6 +414701,8 @@ interface { symbol_id: 0x724577f8 symbol_id: 0xac55c769 symbol_id: 0xacaadcc9 + symbol_id: 0x3246acbb + symbol_id: 0xb4d5ffdc symbol_id: 0x13b0736e symbol_id: 0xc72f2012 symbol_id: 0xd14f3adb @@ -415164,6 +415221,8 @@ interface { symbol_id: 0xdfe6a3ee symbol_id: 0x6bc613d3 symbol_id: 0x20d2ceb3 + symbol_id: 0x4a5e6e41 + symbol_id: 0x352038ba symbol_id: 0xa4c454d8 symbol_id: 0x7d42b7c8 symbol_id: 0x3d63616d diff --git a/android/abi_gki_aarch64_xiaomi b/android/abi_gki_aarch64_xiaomi index 14ecf1f87fbe..9ead59c27520 100644 --- a/android/abi_gki_aarch64_xiaomi +++ b/android/abi_gki_aarch64_xiaomi @@ -462,6 +462,13 @@ __fs_parse __filemap_get_folio +#required by mem_reclaim_ctl.ko +__traceiter_android_vh_page_should_be_protected +__tracepoint_android_vh_page_should_be_protected +__traceiter_android_vh_page_referenced_check_bypass +__tracepoint_android_vh_page_referenced_check_bypass +__page_mapcount + #required by mi_async_reclaim.ko __traceiter_android_vh_handle_trylock_failed_folio __tracepoint_android_vh_handle_trylock_failed_folio From b5ee53c64e74c9ca210fb3029c9e8bc21c37179d Mon Sep 17 00:00:00 2001 From: Dezhi Huang Date: Sat, 13 Apr 2024 19:08:25 +0800 Subject: [PATCH 72/87] ANDROID: Allow vendor modules perform more operationson on sock. Export netdev_get_name, tcp_send_active_reset functions, allow vendor modules perform more operations on socks and improve users' online experience.When users browse websites or watch videos, we will sense the bad sock is on which device, so that the sock can be switched to another good device by us, so that the internet service will no longer be stuck. In a similar scenario, if the user downloads from multiple devices and the rate of one device is low,we can reset the TCP stream with a lower rate and establish it on the device with a higher rate. Bug: 334000512 Change-Id: I9ed90ea9fe6f3dc9f11ae1661ca9f2f5fdad5820 Signed-off-by: Dezhi Huang (cherry picked from commit 21614c79408f0342363db9874d315fbb3ff6553b) --- net/core/dev.c | 1 + net/ipv4/tcp_output.c | 1 + 2 files changed, 2 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 3c6d188148ba..809a8f3ac55f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -927,6 +927,7 @@ out: up_read(&devnet_rename_sem); return ret; } +EXPORT_SYMBOL_GPL(netdev_get_name); /** * dev_getbyhwaddr_rcu - find a device by its hardware address diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 0c2c1a4261a8..ad56e480eaff 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -3487,6 +3487,7 @@ void tcp_send_active_reset(struct sock *sk, gfp_t priority) */ trace_tcp_send_reset(sk, NULL); } +EXPORT_SYMBOL_GPL(tcp_send_active_reset); /* Send a crossed SYN-ACK during socket establishment. * WARNING: This routine must only be called when we have already sent From 2cd8ac816de58d72da2c4195ff24c6cfcc6967b9 Mon Sep 17 00:00:00 2001 From: Chenghao Zhao Date: Sat, 21 Sep 2024 18:11:58 +0800 Subject: [PATCH 73/87] ANDROID: ABI: update symbol list for honor 2 function symbol(s) added 'int netdev_get_name(struct net*, char*, int)' 'void tcp_send_active_reset(struct sock*, gfp_t)' Bug: 334000512 Change-Id: I83507ca33d4547088b61c6f83cfb48cc94474185 Signed-off-by: Chenghao Zhao --- android/abi_gki_aarch64.stg | 33 +++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_honor | 2 ++ 2 files changed, 35 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index c47af0c92f89..2c2cac56d12d 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -297362,6 +297362,12 @@ function { return_type_id: 0x48b5725f parameter_id: 0x1259e377 } +function { + id: 0x140fc677 + return_type_id: 0x48b5725f + parameter_id: 0x1d44326e + parameter_id: 0xf1a6dfed +} function { id: 0x141076c6 return_type_id: 0x48b5725f @@ -333732,6 +333738,13 @@ function { parameter_id: 0x02888010 parameter_id: 0x0e8833d6 } +function { + id: 0x9ea3b9a0 + return_type_id: 0x6720d32f + parameter_id: 0x0ca27481 + parameter_id: 0x0483e6f8 + parameter_id: 0x6720d32f +} function { id: 0x9ea548d2 return_type_id: 0x6720d32f @@ -384727,6 +384740,15 @@ elf_symbol { type_id: 0x1c31d966 full_name: "netdev_features_change" } +elf_symbol { + id: 0x980489ec + name: "netdev_get_name" + is_defined: true + symbol_type: FUNCTION + crc: 0x7069f1bc + type_id: 0x9ea3b9a0 + full_name: "netdev_get_name" +} elf_symbol { id: 0x1a34a34f name: "netdev_increment_features" @@ -403922,6 +403944,15 @@ elf_symbol { type_id: 0x42a927f9 full_name: "tcp_reno_undo_cwnd" } +elf_symbol { + id: 0x862e9de5 + name: "tcp_send_active_reset" + is_defined: true + symbol_type: FUNCTION + crc: 0xfedb3bc4 + type_id: 0x140fc677 + full_name: "tcp_send_active_reset" +} elf_symbol { id: 0xe6a46ba8 name: "tcp_slow_start" @@ -418884,6 +418915,7 @@ interface { symbol_id: 0x2ebee953 symbol_id: 0xfac0e8e6 symbol_id: 0xeb2d9bd2 + symbol_id: 0x980489ec symbol_id: 0x1a34a34f symbol_id: 0x06bf2dbd symbol_id: 0x5635039f @@ -421017,6 +421049,7 @@ interface { symbol_id: 0x34a062e9 symbol_id: 0x97edc1c5 symbol_id: 0xdb8e8104 + symbol_id: 0x862e9de5 symbol_id: 0xe6a46ba8 symbol_id: 0xb56d0844 symbol_id: 0x51ff5f80 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index 256775e0290f..bd8ab882b94a 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -40,3 +40,5 @@ sock_from_file task_cputime_adjusted tcp_sync_mss + netdev_get_name + tcp_send_active_reset From 5c7d0d4f4a388a17a5b2f312902215265500b52b Mon Sep 17 00:00:00 2001 From: Vilas Bhat Date: Fri, 20 Sep 2024 00:27:36 +0000 Subject: [PATCH 74/87] ANDROID: GKI: Update `kernel_aarch64_16k` build config to match `kernel_aarch64` Test: Built & Flashed 16k page size kernel to Pixel 8a. Bug: 361155105 Change-Id: Ibfaa96aeabe627f99effc1ae8dbaf3e86156425e Signed-off-by: Vilas Bhat --- BUILD.bazel | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/BUILD.bazel b/BUILD.bazel index ade572e71a69..11eea4ff5940 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -145,8 +145,14 @@ define_common_kernels(target_configs = { "make_goals": _GKI_AARCH64_MAKE_GOALS, }, "kernel_aarch64_16k": { - "kmi_symbol_list_strict_mode": False, + "kmi_symbol_list_strict_mode": True, "module_implicit_outs": get_gki_modules_list("arm64"), + "kmi_symbol_list": "android/abi_gki_aarch64", + "rewrite_absolute_paths_in_config": True, + "kmi_symbol_list_add_only": True, + "additional_kmi_symbol_lists": [":aarch64_additional_kmi_symbol_lists"], + "protected_exports_list": "android/abi_gki_protected_exports_aarch64", + "protected_modules_list": "android/gki_aarch64_protected_modules", "make_goals": _GKI_AARCH64_MAKE_GOALS, }, "kernel_aarch64_debug": { From 83e7e0486ef88177eac84ec7ad0a7ba125e15165 Mon Sep 17 00:00:00 2001 From: Chenghao Zhao Date: Tue, 24 Sep 2024 14:17:37 +0800 Subject: [PATCH 75/87] ANDROID: GKI: Update symbol list for honor Update symbol list for honor in android/abi_gki_aarch64_honor Bug: 369259421 Change-Id: I6954293467a50a758b27444bf51b7205d68dd34d Signed-off-by: Chenghao Zhao --- android/abi_gki_aarch64.stg | 50 +++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_honor | 3 +++ 2 files changed, 53 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 2c2cac56d12d..e81e1ee62d29 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -310121,6 +310121,16 @@ function { parameter_id: 0x0ac23bc5 parameter_id: 0x054f691a } +function { + id: 0x6cfb5677 + return_type_id: 0x1d44326e + parameter_id: 0x0ca27481 + parameter_id: 0xe276adef + parameter_id: 0x7584e7da + parameter_id: 0xe276adef + parameter_id: 0x7584e7da + parameter_id: 0x6720d32f +} function { id: 0x6d9955d1 return_type_id: 0x054f691a @@ -310284,6 +310294,16 @@ function { parameter_id: 0x0ac23bc5 parameter_id: 0x054f691a } +function { + id: 0x6f9cf071 + return_type_id: 0x1d44326e + parameter_id: 0x0ca27481 + parameter_id: 0x3b461cc8 + parameter_id: 0x7584e7da + parameter_id: 0x3b461cc8 + parameter_id: 0x7584e7da + parameter_id: 0x6720d32f +} function { id: 0x6fa775f5 return_type_id: 0x054f691a @@ -403899,6 +403919,15 @@ elf_symbol { type_id: 0x98511587 full_name: "tcf_unregister_action" } +elf_symbol { + id: 0xb4592621 + name: "tcp_done" + is_defined: true + symbol_type: FUNCTION + crc: 0x00b1358f + type_id: 0x17c95d08 + full_name: "tcp_done" +} elf_symbol { id: 0xeb0e3e9b name: "tcp_hashinfo" @@ -406473,6 +406502,24 @@ elf_symbol { type_id: 0x127accc9 full_name: "udp4_hwcsum" } +elf_symbol { + id: 0x7764a4dc + name: "udp4_lib_lookup" + is_defined: true + symbol_type: FUNCTION + crc: 0xafe8b903 + type_id: 0x6cfb5677 + full_name: "udp4_lib_lookup" +} +elf_symbol { + id: 0xec561477 + name: "udp6_lib_lookup" + is_defined: true + symbol_type: FUNCTION + crc: 0xabc1da1b + type_id: 0x6f9cf071 + full_name: "udp6_lib_lookup" +} elf_symbol { id: 0x93e3a105 name: "udp6_set_csum" @@ -421044,6 +421091,7 @@ interface { symbol_id: 0xcc386657 symbol_id: 0x529a9e72 symbol_id: 0x99d5bf98 + symbol_id: 0xb4592621 symbol_id: 0xeb0e3e9b symbol_id: 0x5f96413a symbol_id: 0x34a062e9 @@ -421330,6 +421378,8 @@ interface { symbol_id: 0xe750d0b7 symbol_id: 0x9cefccb0 symbol_id: 0xef1a96f5 + symbol_id: 0x7764a4dc + symbol_id: 0xec561477 symbol_id: 0x93e3a105 symbol_id: 0xf946dfdd symbol_id: 0xa7d65bf5 diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index bd8ab882b94a..a7a07f8a20b6 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -42,3 +42,6 @@ tcp_sync_mss netdev_get_name tcp_send_active_reset + tcp_done + udp4_lib_lookup + udp6_lib_lookup From b2a0a8f7094bcf24f2c6cd067a298e7471876279 Mon Sep 17 00:00:00 2001 From: Kever Yang Date: Tue, 24 Sep 2024 18:16:16 +0800 Subject: [PATCH 76/87] ANDROID: GKI: update rockchip symbols sync with kernel update INFO: 2 function symbol(s) added 'struct clk* devm_clk_get_enabled(struct device*, const char*)' 'int devm_regulator_bulk_get_enable(struct device*, int, const char* const*)' Bug: 300024866 Change-Id: Ib10dc7eb710fc09c185513ba8bf5789c2c7ef5d1 Signed-off-by: Kever Yang --- android/abi_gki_aarch64.stg | 27 +++++++++++++++++++++++++++ android/abi_gki_aarch64_rockchip | 3 +++ 2 files changed, 30 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index e81e1ee62d29..43b3fa82e87b 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -329919,6 +329919,13 @@ function { parameter_id: 0x04b193cc parameter_id: 0x0a134144 } +function { + id: 0x9c85c36a + return_type_id: 0x6720d32f + parameter_id: 0x0258f96e + parameter_id: 0x6720d32f + parameter_id: 0x3e75499e +} function { id: 0x9c85ef5b return_type_id: 0x6720d32f @@ -363644,6 +363651,15 @@ elf_symbol { type_id: 0xa671941e full_name: "devm_clk_get" } +elf_symbol { + id: 0x4cc1057f + name: "devm_clk_get_enabled" + is_defined: true + symbol_type: FUNCTION + crc: 0xcd3f21c7 + type_id: 0xa671941e + full_name: "devm_clk_get_enabled" +} elf_symbol { id: 0xf569682d name: "devm_clk_get_optional" @@ -364724,6 +364740,15 @@ elf_symbol { type_id: 0x9c86c8d2 full_name: "devm_regulator_bulk_get_const" } +elf_symbol { + id: 0x9f156785 + name: "devm_regulator_bulk_get_enable" + is_defined: true + symbol_type: FUNCTION + crc: 0xf83e0712 + type_id: 0x9c85c36a + full_name: "devm_regulator_bulk_get_enable" +} elf_symbol { id: 0xadafc9a7 name: "devm_regulator_get" @@ -416618,6 +416643,7 @@ interface { symbol_id: 0x70cc5ef2 symbol_id: 0xf770e060 symbol_id: 0xfe156c9a + symbol_id: 0x4cc1057f symbol_id: 0xf569682d symbol_id: 0x8837a38c symbol_id: 0x0d9ec99a @@ -416738,6 +416764,7 @@ interface { symbol_id: 0xc08bcc4a symbol_id: 0x09b1d689 symbol_id: 0x7c6f39ac + symbol_id: 0x9f156785 symbol_id: 0xadafc9a7 symbol_id: 0x502d0b80 symbol_id: 0x3c0cefc0 diff --git a/android/abi_gki_aarch64_rockchip b/android/abi_gki_aarch64_rockchip index 1702d5c65191..27d4fd3a623b 100644 --- a/android/abi_gki_aarch64_rockchip +++ b/android/abi_gki_aarch64_rockchip @@ -200,6 +200,7 @@ devm_clk_bulk_get devm_clk_bulk_get_all devm_clk_get + devm_clk_get_enabled devm_clk_get_optional devm_clk_hw_register devm_clk_register @@ -252,6 +253,7 @@ __devm_regmap_init_i2c __devm_regmap_init_mmio_clk devm_regulator_bulk_get + devm_regulator_bulk_get_enable devm_regulator_get devm_regulator_get_optional devm_regulator_register @@ -1975,6 +1977,7 @@ scsi_remove_device scsi_remove_host scsi_rescan_device + scsi_resume_device scsi_schedule_eh scsi_sense_desc_find scsi_set_sense_field_pointer From df571cd9f11fc716c799f626c8dacad200a61241 Mon Sep 17 00:00:00 2001 From: Philip Chen Date: Tue, 24 Sep 2024 01:52:59 +0000 Subject: [PATCH 77/87] FROMGIT: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated. Signed-off-by: Philip Chen Signed-off-by: Michael S. Tsirkin Acked-by: Pankaj Gupta --- drivers/nvdimm/nd_virtio.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/nvdimm/nd_virtio.c b/drivers/nvdimm/nd_virtio.c index c6a648fd8744..a78e17a43a9d 100644 --- a/drivers/nvdimm/nd_virtio.c +++ b/drivers/nvdimm/nd_virtio.c @@ -44,6 +44,15 @@ static int virtio_pmem_flush(struct nd_region *nd_region) unsigned long flags; int err, err1; + /* + * Don't bother to submit the request to the device if the device is + * not activated. + */ + if (vdev->config->get_status(vdev) & VIRTIO_CONFIG_S_NEEDS_RESET) { + dev_info(&vdev->dev, "virtio pmem device needs a reset\n"); + return -EIO; + } + might_sleep(); req_data = kmalloc(sizeof(*req_data), GFP_KERNEL); if (!req_data) From a26cde405528cdf890f94956d4f61a19e3cc315d Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Tue, 24 Sep 2024 18:43:53 +0000 Subject: [PATCH 78/87] FROMLIST: binder: fix node UAF in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped in order to acquire the node->lock first (lock nesting order). This can race with binder_node_release() and trigger a use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff53c04c29dd04 by task freeze/640 CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_add_freeze_work+0x148/0x478 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 Allocated by task 637: __kmalloc_cache_noprof+0x12c/0x27c binder_new_node+0x50/0x700 binder_transaction+0x35ac/0x6f74 binder_thread_write+0xfb8/0x42a0 binder_ioctl+0x18f0/0x25ac __arm64_sys_ioctl+0x124/0x190 Freed by task 637: kfree+0xf0/0x330 binder_thread_read+0x1e88/0x3a68 binder_ioctl+0x16d8/0x25ac __arm64_sys_ioctl+0x124/0x190 ================================================================== Fix the race by taking a temporary reference on the node before releasing the proc->inner lock. This ensures the node remains alive while in use. Fixes: d579b04a52a1 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Bug: 366003708 Link: https://lore.kernel.org/all/20240924184401.76043-2-cmllamas@google.com/ Change-Id: I47b053532dd4cd3424d35d6f254ca4d00c426411 Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 5b2e9c8aa8fb..99f36f49d708 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5813,6 +5813,7 @@ static bool binder_txns_pending_ilocked(struct binder_proc *proc) static void binder_add_freeze_work(struct binder_proc *proc, bool is_frozen) { + struct binder_node *prev = NULL; struct rb_node *n; struct binder_ref *ref; @@ -5821,7 +5822,10 @@ static void binder_add_freeze_work(struct binder_proc *proc, bool is_frozen) struct binder_node *node; node = rb_entry(n, struct binder_node, rb_node); + binder_inc_node_tmpref_ilocked(node); binder_inner_proc_unlock(proc); + if (prev) + binder_put_node(prev); binder_node_lock(node); hlist_for_each_entry(ref, &node->refs, node_entry) { /* @@ -5847,10 +5851,13 @@ static void binder_add_freeze_work(struct binder_proc *proc, bool is_frozen) } binder_inner_proc_unlock(ref->proc); } + prev = node; binder_node_unlock(node); binder_inner_proc_lock(proc); } binder_inner_proc_unlock(proc); + if (prev) + binder_put_node(prev); } static int binder_ioctl_freeze(struct binder_freeze_info *info, From 07a43515b0d9abd4a793965e4eb470190cb9edaf Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Tue, 24 Sep 2024 18:43:54 +0000 Subject: [PATCH 79/87] FROMLIST: binder: fix OOB in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped to acquire the node->lock first (lock nesting order). This can race with binder_deferred_release() which removes the nodes from the proc->nodes rbtree and adds them into binder_dead_nodes list. This leads to a broken iteration in binder_add_freeze_work() as rb_next() will use data from binder_dead_nodes, triggering an out-of-bounds access: ================================================================== BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124 Read of size 8 at addr ffffcb84285f7170 by task freeze/660 CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18 Hardware name: linux,dummy-virt (DT) Call trace: rb_next+0xfc/0x124 binder_add_freeze_work+0x344/0x534 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 The buggy address belongs to the variable: binder_dead_nodes+0x10/0x40 [...] ================================================================== This is possible because proc->nodes (rbtree) and binder_dead_nodes (list) share entries in binder_node through a union: struct binder_node { [...] union { struct rb_node rb_node; struct hlist_node dead_node; }; Fix the race by checking that the proc is still alive. If not, simply break out of the iteration. Fixes: d579b04a52a1 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Bug: 366003708 Link: https://lore.kernel.org/all/20240924184401.76043-3-cmllamas@google.com/ Change-Id: I5ec9d49277a23b864862665b52213460750c535e Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 99f36f49d708..91eec3d332aa 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5854,6 +5854,8 @@ static void binder_add_freeze_work(struct binder_proc *proc, bool is_frozen) prev = node; binder_node_unlock(node); binder_inner_proc_lock(proc); + if (proc->is_dead) + break; } binder_inner_proc_unlock(proc); if (prev) From 9c6fdb6bf86fd03e6c876db0607c37be1a373940 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Tue, 24 Sep 2024 18:43:55 +0000 Subject: [PATCH 80/87] BACKPORT: FROMLIST: binder: fix freeze UAF in binder_release_work() When a binder reference is cleaned up, any freeze work queued in the associated process should also be removed. Otherwise, the reference is freed while its ref->freeze.work is still queued in proc->work leading to a use-after-free issue as shown by the following KASAN report: ================================================================== BUG: KASAN: slab-use-after-free in binder_release_work+0x398/0x3d0 Read of size 8 at addr ffff31600ee91488 by task kworker/5:1/211 CPU: 5 UID: 0 PID: 211 Comm: kworker/5:1 Not tainted 6.11.0-rc7-00382-gfc6c92196396 #22 Hardware name: linux,dummy-virt (DT) Workqueue: events binder_deferred_func Call trace: binder_release_work+0x398/0x3d0 binder_deferred_func+0xb60/0x109c process_one_work+0x51c/0xbd4 worker_thread+0x608/0xee8 Allocated by task 703: __kmalloc_cache_noprof+0x130/0x280 binder_thread_write+0xdb4/0x42a0 binder_ioctl+0x18f0/0x25ac __arm64_sys_ioctl+0x124/0x190 invoke_syscall+0x6c/0x254 Freed by task 211: kfree+0xc4/0x230 binder_deferred_func+0xae8/0x109c process_one_work+0x51c/0xbd4 worker_thread+0x608/0xee8 ================================================================== This commit fixes the issue by ensuring any queued freeze work is removed when cleaning up a binder reference. Fixes: d579b04a52a1 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Bug: 366003708 Link: https://lore.kernel.org/all/20240924184401.76043-4-cmllamas@google.com/ Change-Id: Icc40e7dd6157981f4adbea7243e55be118552321 [cmllamas: drop BINDER_STAT_FREEZE as it's not supported here] Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 91eec3d332aa..b70cc8b388a9 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1421,6 +1421,10 @@ static void binder_cleanup_ref_olocked(struct binder_ref *ref) binder_dequeue_work(ref->proc, &ref->death->work); binder_stats_deleted(BINDER_STAT_DEATH); } + + if (ref->freeze) + binder_dequeue_work(ref->proc, &ref->freeze->work); + binder_stats_deleted(BINDER_STAT_REF); } From 03b93dc707ed9ffeff2aac734f578ba445b5f764 Mon Sep 17 00:00:00 2001 From: Carlos Llamas Date: Tue, 24 Sep 2024 18:43:56 +0000 Subject: [PATCH 81/87] FROMLIST: binder: fix BINDER_WORK_FROZEN_BINDER debug logs The BINDER_WORK_FROZEN_BINDER type is not handled in the binder_logs entries and it shows up as "unknown work" when logged: proc 649 context binder-test thread 649: l 00 need_return 0 tr 0 ref 13: desc 1 node 8 s 1 w 0 d 0000000053c4c0c3 unknown work: type 10 This patch add the freeze work type and is now logged as such: proc 637 context binder-test thread 637: l 00 need_return 0 tr 0 ref 8: desc 1 node 3 s 1 w 0 d 00000000dc39e9c6 has frozen binder Fixes: d579b04a52a1 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas Bug: 366003708 Link: https://lore.kernel.org/all/20240924184401.76043-5-cmllamas@google.com/ Change-Id: I06f888aa5218db19eeda79e315385506af09d9d5 Signed-off-by: Carlos Llamas --- drivers/android/binder.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b70cc8b388a9..3a57057852f7 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -6683,6 +6683,9 @@ static void print_binder_work_ilocked(struct seq_file *m, case BINDER_WORK_CLEAR_DEATH_NOTIFICATION: seq_printf(m, "%shas cleared death notification\n", prefix); break; + case BINDER_WORK_FROZEN_BINDER: + seq_printf(m, "%shas frozen binder\n", prefix); + break; default: seq_printf(m, "%sunknown work: type %d\n", prefix, w->type); break; From 9027204d5a7ef055af2e415ad58fd2774f343617 Mon Sep 17 00:00:00 2001 From: Kalesh Singh Date: Tue, 24 Sep 2024 23:28:56 +0000 Subject: [PATCH 82/87] ANDROID: 16K: Introduce pgsize_migration_inline.h Introduce inline header to avoid circular dependency. This will be used in a subsequent patch. Also take opportunity to do some small noop refactor in vma_pad_pages() and split_pad_vma() for more robust code. Bug: 357901498 Change-Id: Ia5f447758d0d07ed3e1429ca1e35dcc0741cc22a Signed-off-by: Kalesh Singh --- include/linux/pgsize_migration.h | 39 +------------- include/linux/pgsize_migration_inline.h | 67 +++++++++++++++++++++++++ mm/pgsize_migration.c | 18 ++----- 3 files changed, 72 insertions(+), 52 deletions(-) create mode 100644 include/linux/pgsize_migration_inline.h diff --git a/include/linux/pgsize_migration.h b/include/linux/pgsize_migration.h index e3dc1de19f83..48672dbc84e9 100644 --- a/include/linux/pgsize_migration.h +++ b/include/linux/pgsize_migration.h @@ -13,35 +13,9 @@ * page size in Android. */ -#include +#include #include -#include - -/* - * vm_flags representation of VMA padding pages. - * - * This allows the kernel to identify the portion of an ELF LOAD segment VMA - * that is padding. - * - * 4 high bits of vm_flags [63,60] are used to represent ELF segment padding - * up to 60kB, which is sufficient for ELFs of both 16kB and 64kB segment - * alignment (p_align). - * - * The representation is illustrated below. - * - * 63 62 61 60 - * _________ _________ _________ _________ - * | Bit 3 | Bit 2 | Bit 1 | Bit 0 | - * | of 4kB | of 4kB | of 4kB | of 4kB | - * | chunks | chunks | chunks | chunks | - * |_________|_________|_________|_________| - */ - -#define VM_PAD_WIDTH 4 -#define VM_PAD_SHIFT (BITS_PER_LONG - VM_PAD_WIDTH) -#define VM_TOTAL_PAD_PAGES ((1ULL << VM_PAD_WIDTH) - 1) -#define VM_PAD_MASK (VM_TOTAL_PAD_PAGES << VM_PAD_SHIFT) -#define VMA_PAD_START(vma) (vma->vm_end - (vma_pad_pages(vma) << PAGE_SHIFT)) +#include #if PAGE_SIZE == SZ_4K && defined(CONFIG_64BIT) extern void vma_set_pad_pages(struct vm_area_struct *vma, @@ -63,9 +37,6 @@ extern void show_map_pad_vma(struct vm_area_struct *vma, extern void split_pad_vma(struct vm_area_struct *vma, struct vm_area_struct *new, unsigned long addr, int new_below); -extern unsigned long vma_pad_fixup_flags(struct vm_area_struct *vma, - unsigned long newflags); - extern bool is_mergable_pad_vma(struct vm_area_struct *vma, unsigned long vm_flags); @@ -107,12 +78,6 @@ static inline void split_pad_vma(struct vm_area_struct *vma, struct vm_area_stru { } -static inline unsigned long vma_pad_fixup_flags(struct vm_area_struct *vma, - unsigned long newflags) -{ - return newflags; -} - static inline bool is_mergable_pad_vma(struct vm_area_struct *vma, unsigned long vm_flags) { diff --git a/include/linux/pgsize_migration_inline.h b/include/linux/pgsize_migration_inline.h new file mode 100644 index 000000000000..362eed4b7dcc --- /dev/null +++ b/include/linux/pgsize_migration_inline.h @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PAGE_SIZE_MIGRATION_INLINE_H +#define _LINUX_PAGE_SIZE_MIGRATION_INLINE_H + +/* + * Page Size Migration + * + * Copyright (c) 2024, Google LLC. + * Author: Kalesh Singh + * + * This file contains inline APIs for mitigations to ensure + * app compatibility during the transition from 4kB to 16kB + * page size in Android. + */ + +#include +#include + +#include + +/* + * vm_flags representation of VMA padding pages. + * + * This allows the kernel to identify the portion of an ELF LOAD segment VMA + * that is padding. + * + * 4 high bits of vm_flags [63,60] are used to represent ELF segment padding + * up to 60kB, which is sufficient for ELFs of both 16kB and 64kB segment + * alignment (p_align). + * + * The representation is illustrated below. + * + * 63 62 61 60 + * _________ _________ _________ _________ + * | Bit 3 | Bit 2 | Bit 1 | Bit 0 | + * | of 4kB | of 4kB | of 4kB | of 4kB | + * | chunks | chunks | chunks | chunks | + * |_________|_________|_________|_________| + */ + +#define VM_PAD_WIDTH 4 +#define VM_PAD_SHIFT (BITS_PER_LONG - VM_PAD_WIDTH) +#define VM_TOTAL_PAD_PAGES ((1ULL << VM_PAD_WIDTH) - 1) +#define VM_PAD_MASK (VM_TOTAL_PAD_PAGES << VM_PAD_SHIFT) +#define VMA_PAD_START(vma) (vma->vm_end - (vma_pad_pages(vma) << PAGE_SHIFT)) + +#if PAGE_SIZE == SZ_4K && defined(CONFIG_64BIT) +/* + * Sets the correct padding bits / flags for a VMA split. + */ +static inline unsigned long vma_pad_fixup_flags(struct vm_area_struct *vma, + unsigned long newflags) +{ + if (newflags & VM_PAD_MASK) + return (newflags & ~VM_PAD_MASK) | (vma->vm_flags & VM_PAD_MASK); + else + return newflags; +} +#else /* PAGE_SIZE != SZ_4K || !defined(CONFIG_64BIT) */ +static inline unsigned long vma_pad_fixup_flags(struct vm_area_struct *vma, + unsigned long newflags) +{ + return newflags; +} +#endif /* PAGE_SIZE == SZ_4K && defined(CONFIG_64BIT) */ + +#endif /* _LINUX_PAGE_SIZE_MIGRATION_INLINE_H */ diff --git a/mm/pgsize_migration.c b/mm/pgsize_migration.c index 3b89b6489159..623a50e965a8 100644 --- a/mm/pgsize_migration.c +++ b/mm/pgsize_migration.c @@ -140,7 +140,7 @@ unsigned long vma_pad_pages(struct vm_area_struct *vma) if (!is_pgsize_migration_enabled()) return 0; - return vma->vm_flags >> VM_PAD_SHIFT; + return (vma->vm_flags & VM_PAD_MASK) >> VM_PAD_SHIFT; } static __always_inline bool str_has_suffix(const char *str, const char *suffix) @@ -413,8 +413,8 @@ void split_pad_vma(struct vm_area_struct *vma, struct vm_area_struct *new, nr_vma2_pages = vma_pages(second); - if (nr_vma2_pages >= nr_pad_pages) { /* Case 1 & 3*/ - vm_flags_clear(first, VM_PAD_MASK); + if (nr_vma2_pages >= nr_pad_pages) { /* Case 1 & 3 */ + vma_set_pad_pages(first, 0); vma_set_pad_pages(second, nr_pad_pages); } else { /* Case 2 */ vma_set_pad_pages(first, nr_pad_pages - nr_vma2_pages); @@ -422,18 +422,6 @@ void split_pad_vma(struct vm_area_struct *vma, struct vm_area_struct *new, } } -/* - * Sets the correct padding bits / flags for a VMA split. - */ -unsigned long vma_pad_fixup_flags(struct vm_area_struct *vma, - unsigned long newflags) -{ - if (newflags & VM_PAD_MASK) - return (newflags & ~VM_PAD_MASK) | (vma->vm_flags & VM_PAD_MASK); - else - return newflags; -} - /* * Merging of padding VMAs is uncommon, as padding is only allowed * from the linker context. From f4bcd4ef0f7de263132d8c7c3b61e83eb7e9f8bd Mon Sep 17 00:00:00 2001 From: Kalesh Singh Date: Tue, 24 Sep 2024 23:34:05 +0000 Subject: [PATCH 83/87] ANDROID: 16K: Fixup padding vm_flags bits on VMA splits In some cases VMAs are split without the mmap write lock held; later the lock is taken to fixup vm_flags of the original VMA. Since some uppper bits of vm_flags are used to encode the ELF padding ranges, they need to be modified on splits. This is usually handled correctly by __split_vma(). However in the above case, the flags get over witten later under the write lock. Preserve vm_flag bits on reset to correctly represent padding. Bug: 357901498 Change-Id: I1cb75419e614791a47cbdb0341373f619daf0bf2 Signed-off-by: Kalesh Singh --- include/linux/mm.h | 5 +++++ mm/mlock.c | 2 +- mm/mprotect.c | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index a17bd3a6413f..3a031ad7ed28 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -834,6 +835,8 @@ static inline void vm_flags_reset(struct vm_area_struct *vma, vm_flags_t flags) { vma_assert_write_locked(vma); + /* Preserve padding flags */ + flags = vma_pad_fixup_flags(vma, flags); vm_flags_init(vma, flags); } @@ -841,6 +844,8 @@ static inline void vm_flags_reset_once(struct vm_area_struct *vma, vm_flags_t flags) { vma_assert_write_locked(vma); + /* Preserve padding flags */ + flags = vma_pad_fixup_flags(vma, flags); WRITE_ONCE(ACCESS_PRIVATE(vma, __vm_flags), flags); } diff --git a/mm/mlock.c b/mm/mlock.c index 4f029298b09e..4296d742014d 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -459,7 +459,7 @@ success: if ((newflags & VM_LOCKED) && (oldflags & VM_LOCKED)) { /* No work to do, and mlocking twice would be wrong */ vma_start_write(vma); - vm_flags_reset(vma, vma_pad_fixup_flags(vma, newflags)); + vm_flags_reset(vma, newflags); } else { mlock_vma_pages_range(vma, start, end, newflags); } diff --git a/mm/mprotect.c b/mm/mprotect.c index 044c17ffaecf..774ff1fd443c 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -633,7 +633,7 @@ success: * held in write mode. */ vma_start_write(vma); - vm_flags_reset(vma, vma_pad_fixup_flags(vma, newflags)); + vm_flags_reset(vma, newflags); /* * We want to check manually if we can change individual PTEs writable * if we can't do that automatically for all PTEs in a mapping. For From 4dcae85afd35a7a1ace74c6db3e237f60d13c254 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 19 Aug 2024 10:56:45 -0700 Subject: [PATCH 84/87] BACKPORT: netem: fix return value if duplicate enqueue fails [ Upstream commit c07ff8592d57ed258afee5a5e04991a48dbaf382 ] There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS. Bug: 362391455 Fixes: 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") Reported-by: Budimir Markovic Signed-off-by: Stephen Hemminger Reviewed-by: Simon Horman Link: https://patch.msgid.link/20240819175753.5151-1-stephen@networkplumber.org Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin (cherry picked from commit 0486d31dd8198e22b63a4730244b38fffce6d469) Signed-off-by: Lee Jones Change-Id: I390f02549c726e961f57daace468d5cd48468722 --- net/sched/sch_netem.c | 47 ++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c index d0e045116d4e..a18b24c125f4 100644 --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -437,12 +437,10 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, struct netem_sched_data *q = qdisc_priv(sch); /* We don't fill cb now as skb_unshare() may invalidate it */ struct netem_skb_cb *cb; - struct sk_buff *skb2; + struct sk_buff *skb2 = NULL; struct sk_buff *segs = NULL; unsigned int prev_len = qdisc_pkt_len(skb); int count = 1; - int rc = NET_XMIT_SUCCESS; - int rc_drop = NET_XMIT_DROP; /* Do not fool qdisc_drop_all() */ skb->prev = NULL; @@ -471,19 +469,11 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, skb_orphan_partial(skb); /* - * If we need to duplicate packet, then re-insert at top of the - * qdisc tree, since parent queuer expects that only one - * skb will be queued. + * If we need to duplicate packet, then clone it before + * original is modified. */ - if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) { - struct Qdisc *rootq = qdisc_root_bh(sch); - u32 dupsave = q->duplicate; /* prevent duplicating a dup... */ - - q->duplicate = 0; - rootq->enqueue(skb2, rootq, to_free); - q->duplicate = dupsave; - rc_drop = NET_XMIT_SUCCESS; - } + if (count > 1) + skb2 = skb_clone(skb, GFP_ATOMIC); /* * Randomized packet corruption. @@ -495,7 +485,8 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, if (skb_is_gso(skb)) { skb = netem_segment(skb, sch, to_free); if (!skb) - return rc_drop; + goto finish_segs; + segs = skb->next; skb_mark_not_on_list(skb); qdisc_skb_cb(skb)->pkt_len = skb->len; @@ -521,7 +512,24 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, /* re-link segs, so that qdisc_drop_all() frees them all */ skb->next = segs; qdisc_drop_all(skb, sch, to_free); - return rc_drop; + if (skb2) + __qdisc_drop(skb2, to_free); + return NET_XMIT_DROP; + } + + /* + * If doing duplication then re-insert at top of the + * qdisc tree, since parent queuer expects that only one + * skb will be queued. + */ + if (skb2) { + struct Qdisc *rootq = qdisc_root_bh(sch); + u32 dupsave = q->duplicate; /* prevent duplicating a dup... */ + + q->duplicate = 0; + rootq->enqueue(skb2, rootq, to_free); + q->duplicate = dupsave; + skb2 = NULL; } qdisc_qstats_backlog_inc(sch, skb); @@ -592,9 +600,12 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, } finish_segs: + if (skb2) + __qdisc_drop(skb2, to_free); + if (segs) { unsigned int len, last_len; - int nb; + int rc, nb; len = skb ? skb->len : 0; nb = skb ? 1 : 0; From 9e167c1c27c501f62f9acb5711e08761deb90eb1 Mon Sep 17 00:00:00 2001 From: yipeng xiang Date: Thu, 19 Sep 2024 22:07:52 +0800 Subject: [PATCH 85/87] =?UTF-8?q?ANDROID:=20GKI:=20Export=20a=20symbol=20?= =?UTF-8?q?=E2=80=9Cnext=5Farg=E2=80=9D=20for=20honor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Export a symbol “next_arg” in android/abi_gki_aarch64_honor Bug: 368221985 Change-Id: I0bd8fc321752f0fa3d103b56510b33eadcb6e39b Signed-off-by: yipeng xiang --- android/abi_gki_aarch64_honor | 1 + 1 file changed, 1 insertion(+) diff --git a/android/abi_gki_aarch64_honor b/android/abi_gki_aarch64_honor index a7a07f8a20b6..c39002d8fcf9 100644 --- a/android/abi_gki_aarch64_honor +++ b/android/abi_gki_aarch64_honor @@ -45,3 +45,4 @@ tcp_done udp4_lib_lookup udp6_lib_lookup + next_arg From bcc435d3749cf5e9ec25c80cdf7172317bc355d6 Mon Sep 17 00:00:00 2001 From: meitaogao Date: Thu, 26 Sep 2024 18:24:26 +0800 Subject: [PATCH 86/87] ANDROID: GKI: Update KMI symbol list for ASR INFO: 9 function symbol(s) added 'unsigned int kmem_cache_size(struct kmem_cache*)' 'void media_device_unregister_entity(struct media_entity*)' 'void* memset16(uint16_t*, uint16_t, size_t)' 'const char* const* v4l2_ctrl_get_menu(u32)' 'bool v4l2_ctrl_type_op_equal(const struct v4l2_ctrl*, union v4l2_ctrl_ptr, union v4l2_ctrl_ptr)' 'void v4l2_ctrl_type_op_init(const struct v4l2_ctrl*, u32, union v4l2_ctrl_ptr)' 'void v4l2_ctrl_type_op_log(const struct v4l2_ctrl*)' 'void v4l2_m2m_buf_done_and_job_finish(struct v4l2_m2m_dev*, struct v4l2_m2m_ctx*, enum vb2_buffer_state)' 'struct vb2_v4l2_buffer* v4l2_m2m_last_buf(struct v4l2_m2m_queue_ctx*)' Bug: 369670477 Change-Id: I5c3fa32e903685836b7812d33df8ddd6b2c65054 Signed-off-by: meitaogao --- android/abi_gki_aarch64.stg | 114 ++++++++++++++++++++++++++++++++++++ android/abi_gki_aarch64_asr | 14 +++++ 2 files changed, 128 insertions(+) diff --git a/android/abi_gki_aarch64.stg b/android/abi_gki_aarch64.stg index 43b3fa82e87b..de50c05259e2 100644 --- a/android/abi_gki_aarch64.stg +++ b/android/abi_gki_aarch64.stg @@ -296572,6 +296572,13 @@ function { parameter_id: 0x3e10b518 parameter_id: 0xa52a0930 } +function { + id: 0x12e1d579 + return_type_id: 0x48b5725f + parameter_id: 0x09483d5e + parameter_id: 0x0858434c + parameter_id: 0x2baac173 +} function { id: 0x12e4741f return_type_id: 0xd5cc9c9a @@ -309459,6 +309466,13 @@ function { parameter_id: 0x379d63b0 parameter_id: 0x379d63b0 } +function { + id: 0x5dfb031c + return_type_id: 0x18bd6530 + parameter_id: 0x2678c091 + parameter_id: 0xb3a3e4db + parameter_id: 0xf435685e +} function { id: 0x5e051163 return_type_id: 0x18bd6530 @@ -337401,6 +337415,11 @@ function { parameter_id: 0x2e029f76 parameter_id: 0x1d19a9d5 } +function { + id: 0xc5642af6 + return_type_id: 0x4585663f + parameter_id: 0x2efd5036 +} function { id: 0xc564dee2 return_type_id: 0x4585663f @@ -337560,6 +337579,11 @@ function { parameter_id: 0x4585663f parameter_id: 0x4585663f } +function { + id: 0xc9a5aa04 + return_type_id: 0x3e75499e + parameter_id: 0xc9082b19 +} function { id: 0xc9f4f8be return_type_id: 0x4585663f @@ -380748,6 +380772,15 @@ elf_symbol { type_id: 0x1b45f00a full_name: "kmem_cache_free" } +elf_symbol { + id: 0x7d2abcd7 + name: "kmem_cache_size" + is_defined: true + symbol_type: FUNCTION + crc: 0x26dcf5b6 + type_id: 0xc5642af6 + full_name: "kmem_cache_size" +} elf_symbol { id: 0xc5292cdd name: "kmemdup" @@ -382926,6 +382959,15 @@ elf_symbol { type_id: 0x1510b6d0 full_name: "media_device_unregister" } +elf_symbol { + id: 0x9217871e + name: "media_device_unregister_entity" + is_defined: true + symbol_type: FUNCTION + crc: 0x514e5de9 + type_id: 0x173d80e7 + full_name: "media_device_unregister_entity" +} elf_symbol { id: 0xf60a5d60 name: "media_devnode_create" @@ -383372,6 +383414,15 @@ elf_symbol { binding: WEAK crc: 0xdcb764ad } +elf_symbol { + id: 0x3e836f55 + name: "memset16" + is_defined: true + symbol_type: FUNCTION + crc: 0x654449c3 + type_id: 0x5dfb031c + full_name: "memset16" +} elf_symbol { id: 0x4742ac18 name: "memset32" @@ -409911,6 +409962,15 @@ elf_symbol { type_id: 0x8b00bfc7 full_name: "v4l2_ctrl_g_ctrl_int64" } +elf_symbol { + id: 0xcab5ad52 + name: "v4l2_ctrl_get_menu" + is_defined: true + symbol_type: FUNCTION + crc: 0x315de2cf + type_id: 0xc9a5aa04 + full_name: "v4l2_ctrl_get_menu" +} elf_symbol { id: 0x1b3bffbd name: "v4l2_ctrl_get_name" @@ -410073,6 +410133,33 @@ elf_symbol { type_id: 0x912c9057 full_name: "v4l2_ctrl_subscribe_event" } +elf_symbol { + id: 0xacd6c6a5 + name: "v4l2_ctrl_type_op_equal" + is_defined: true + symbol_type: FUNCTION + crc: 0xbc7ad599 + type_id: 0xf2f112a6 + full_name: "v4l2_ctrl_type_op_equal" +} +elf_symbol { + id: 0xcc09aff4 + name: "v4l2_ctrl_type_op_init" + is_defined: true + symbol_type: FUNCTION + crc: 0xdad08393 + type_id: 0x1f3c2ec8 + full_name: "v4l2_ctrl_type_op_init" +} +elf_symbol { + id: 0xc9069849 + name: "v4l2_ctrl_type_op_log" + is_defined: true + symbol_type: FUNCTION + crc: 0x2371f180 + type_id: 0x1c155f01 + full_name: "v4l2_ctrl_type_op_log" +} elf_symbol { id: 0x426bca09 name: "v4l2_device_register" @@ -410370,6 +410457,15 @@ elf_symbol { type_id: 0x1ce56ba2 full_name: "v4l2_m2m_buf_copy_metadata" } +elf_symbol { + id: 0x75d8eadc + name: "v4l2_m2m_buf_done_and_job_finish" + is_defined: true + symbol_type: FUNCTION + crc: 0xbc6ccb59 + type_id: 0x12e1d579 + full_name: "v4l2_m2m_buf_done_and_job_finish" +} elf_symbol { id: 0x31a465c5 name: "v4l2_m2m_buf_queue" @@ -410604,6 +410700,15 @@ elf_symbol { type_id: 0x12eb3fc9 full_name: "v4l2_m2m_job_finish" } +elf_symbol { + id: 0x2877aa0d + name: "v4l2_m2m_last_buf" + is_defined: true + symbol_type: FUNCTION + crc: 0x2d5f3b25 + type_id: 0x318cc368 + full_name: "v4l2_m2m_last_buf" +} elf_symbol { id: 0x1aa035d8 name: "v4l2_m2m_last_buffer_done" @@ -418540,6 +418645,7 @@ interface { symbol_id: 0xa5a4fafa symbol_id: 0xc37ba22c symbol_id: 0xbce770e6 + symbol_id: 0x7d2abcd7 symbol_id: 0xc5292cdd symbol_id: 0xdaa011df symbol_id: 0xeecf2614 @@ -418782,6 +418888,7 @@ interface { symbol_id: 0xa54f3ef4 symbol_id: 0xe245d69b symbol_id: 0x84271f20 + symbol_id: 0x9217871e symbol_id: 0xf60a5d60 symbol_id: 0xea64439d symbol_id: 0x53ff8fb5 @@ -418832,6 +418939,7 @@ interface { symbol_id: 0x56171277 symbol_id: 0x67a278cb symbol_id: 0xd1412061 + symbol_id: 0x3e836f55 symbol_id: 0x4742ac18 symbol_id: 0x343d8d9d symbol_id: 0xabdeef21 @@ -421781,6 +421889,7 @@ interface { symbol_id: 0x218d39b6 symbol_id: 0xd71b366d symbol_id: 0xe2254576 + symbol_id: 0xcab5ad52 symbol_id: 0x1b3bffbd symbol_id: 0xd811c59d symbol_id: 0xd669e74b @@ -421799,6 +421908,9 @@ interface { symbol_id: 0x5f83fb51 symbol_id: 0x06acb36e symbol_id: 0xc62e4949 + symbol_id: 0xacd6c6a5 + symbol_id: 0xcc09aff4 + symbol_id: 0xc9069849 symbol_id: 0x426bca09 symbol_id: 0xabdb2ade symbol_id: 0xdc3fca57 @@ -421832,6 +421944,7 @@ interface { symbol_id: 0xa8467fd4 symbol_id: 0x5e36dba6 symbol_id: 0xbca2a56b + symbol_id: 0x75d8eadc symbol_id: 0x31a465c5 symbol_id: 0x101dc375 symbol_id: 0xc60ea189 @@ -421858,6 +421971,7 @@ interface { symbol_id: 0xd34d4e91 symbol_id: 0x2e26a86b symbol_id: 0x143e338b + symbol_id: 0x2877aa0d symbol_id: 0x1aa035d8 symbol_id: 0xaf1caca5 symbol_id: 0xb4198f5a diff --git a/android/abi_gki_aarch64_asr b/android/abi_gki_aarch64_asr index c378a4b70c3f..c984ed96be74 100644 --- a/android/abi_gki_aarch64_asr +++ b/android/abi_gki_aarch64_asr @@ -41,3 +41,17 @@ # required by asr_drm.ko clk_set_rate_exclusive clk_rate_exclusive_put + +# required by mercury.ko + media_device_register_entity + media_device_unregister_entity + v4l2_ctrl_get_menu + v4l2_ctrl_type_op_equal + v4l2_ctrl_type_op_init + v4l2_ctrl_type_op_log + v4l2_m2m_buf_done_and_job_finish + v4l2_m2m_last_buf + +# required by jpu_heap.ko + kmem_cache_size + memset16 From 5a912daf87314fc60a095d886a37cf69e7b876af Mon Sep 17 00:00:00 2001 From: Anant Goel Date: Wed, 25 Sep 2024 14:28:13 -0700 Subject: [PATCH 87/87] ANDROID: OPP: fix function args mismatch for dev_pm_opp_add in pm_opp.h The function prototype for dev_pm_opp_add differs between a configuration when CONFIG_PM_OPP is set versus when CONFIG_PM_OPP is not set. Fix this mismatch by aligning the function arguments for the dummy dev_pm_opp_add with the non-dummy version. Bug: 369659366 Fixes: adf41f47375e ("BACKPORT: OPP: Add dev_pm_opp_add_dynamic() to allow more flexibility") Change-Id: If23af6ba28bb493d619f96846545cb86608b285d Signed-off-by: Anant Goel --- include/linux/pm_opp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/pm_opp.h b/include/linux/pm_opp.h index 38a0d7245fe2..a2900f3a85ab 100644 --- a/include/linux/pm_opp.h +++ b/include/linux/pm_opp.h @@ -311,7 +311,7 @@ dev_pm_opp_add_dynamic(struct device *dev, struct dev_pm_opp_data *opp) } static inline int -dev_pm_opp_add(struct device *dev, struct dev_pm_opp_data *opp, unsigned long u_volt) +dev_pm_opp_add(struct device *dev, unsigned long freq, unsigned long u_volt) { return -EOPNOTSUPP; }