As part of the host deprivilege process, memory regions advertised in
the "pkvm,protected-region" devicetree nodes are unmapped from the
host stage-2 page-table and annotated specially so that the memory can
be used exclusively by hypervisor modules.
Since the state of this memory in the host stage-2 may not be in the
"owned" state (for example, if it corresponds to a "no-map" region),
remove the initial check of the page state and allow unmapping of any
pages from the trusted host.
Bug: 280380533
Cc: Quentin Perret <qperret@google.com>
Fixes: e8cf4c06e1 ("ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback")
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ic28a2557d6d515b356645228fd41d3c921826489
Add ramjiyani@ as per-file owner for list of protected
modules for all current & future architectures.
android/gki_*_protected_modules
Bug: 151893768
Test: TH
Change-Id: I0048c99a28cfe24e1ba7c7d6189fd8c7dfdf6f0d
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Changes in 5.15.110
PCI/ASPM: Remove pcie_aspm_pm_state_change()
selftests/kselftest/runner/run_one(): allow running non-executable files
KVM: arm64: Retry fault if vma_lookup() results become invalid
KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
bluetooth: Perform careful capability checks in hci_sock_ioctl()
USB: serial: option: add UNISOC vendor and TOZED LT70C product
driver core: Don't require dynamic_debug for initcall_debug probe timing
selftests: mptcp: join: fix "invalid address, ADD_ADDR timeout"
riscv: Move early dtb mapping into the fixmap region
riscv: Do not set initial_boot_params to the linear address of the dtb
riscv: No need to relocate the dtb as it lies in the fixmap region
Linux 5.15.110
Change-Id: I1a4dab8ca13c176a9eda494532a8134a7ed15883
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
pKVM modules may need to enable fine grain traps. To allow this
use-case, expose a function allowing to manipulate HFGWTR_EL2 on the
current CPU. This configuration will be persistent across power
management cycles and such as it is propagated all the way to the
init params per-cpu struct.
Bug: 245034629
Change-Id: If9c29849df50847d3a796345927bd51c37c358bc
Signed-off-by: Quentin Perret <qperret@google.com>
pKVM modules may need to enable additional traps on top of what pKVM
already enables. To allow this use-case, expose a function allowing to
manipulate HCR_EL2 on the current CPU. This configuration will be
persistent across power management cycles and such as it is propagated
all the way to the init params per-cpu struct.
Bug: 245034629
Change-Id: I21d596bd1d01f4edc48a188cc3c2eb78dc9a4444
Signed-off-by: Quentin Perret <qperret@google.com>
Converting cfg80211.ko & mac80211.ko as vendor modules
made some symbols cited in the symbol lists for partners
but are no longer available in ksymtab as these features
are disabled in the gki_defconfit to convert them to vendor
modules.
Manually trimmed the symbol lists for builds to succeed.
Bug: 281137343
Test: TH
Change-Id: Ieb60c12ddb4f2b89aa387df2d69c31f8cfee54d8
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Convert cfg80211.ko and mac80211.ko as vendor modules to
pave a way for merging 802.11be Wi-Fi 7 functionalities
from upstream over the next year without affecting the KMI.
Bug: 281137343
Test: TH
Change-Id: Id1823924a3e5d8d03518599e6b3209e9cdd771d5
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
If an important task is going to sleep through do_futex(),
find out it's futex-owner by the pid comes from userspace,
and boost the owner by some means to shorten the sleep time.
How to boost? Depends on these hooks:
commit 53e8099784 ("ANDROID: vendor_hooks: Add hooks for scheduler")
Bug: 243110112
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I9a315cfb414fd34e0ef7a2cf9d57df50d4dd984f
(cherry picked from commit 548da5d23d)
This patch series adds a memory.reclaim proactive reclaim interface.
The rationale behind the interface and how it works are in the first
patch.
This patch (of 4):
Introduce a memcg interface to trigger memory reclaim on a memory cgroup.
Use case: Proactive Reclaim
---------------------------
A userspace proactive reclaimer can continuously probe the memcg to
reclaim a small amount of memory. This gives more accurate and up-to-date
workingset estimation as the LRUs are continuously sorted and can
potentially provide more deterministic memory overcommit behavior. The
memory overcommit controller can provide more proactive response to the
changing behavior of the running applications instead of being reactive.
A userspace reclaimer's purpose in this case is not a complete replacement
for kswapd or direct reclaim, it is to proactively identify memory savings
opportunities and reclaim some amount of cold pages set by the policy to
free up the memory for more demanding jobs or scheduling new jobs.
A user space proactive reclaimer is used in Google data centers.
Additionally, Meta's TMO paper recently referenced a very similar
interface used for user space proactive reclaim:
https://dl.acm.org/doi/pdf/10.1145/3503222.3507731
Benefits of a user space reclaimer:
-----------------------------------
1) More flexible on who should be charged for the cpu of the memory
reclaim. For proactive reclaim, it makes more sense to be centralized.
2) More flexible on dedicating the resources (like cpu). The memory
overcommit controller can balance the cost between the cpu usage and
the memory reclaimed.
3) Provides a way to the applications to keep their LRUs sorted, so,
under memory pressure better reclaim candidates are selected. This
also gives more accurate and uptodate notion of working set for an
application.
Why memory.high is not enough?
------------------------------
- memory.high can be used to trigger reclaim in a memcg and can
potentially be used for proactive reclaim. However there is a big
downside in using memory.high. It can potentially introduce high
reclaim stalls in the target application as the allocations from the
processes or the threads of the application can hit the temporary
memory.high limit.
- Userspace proactive reclaimers usually use feedback loops to decide
how much memory to proactively reclaim from a workload. The metrics
used for this are usually either refaults or PSI, and these metrics will
become messy if the application gets throttled by hitting the high
limit.
- memory.high is a stateful interface, if the userspace proactive
reclaimer crashes for any reason while triggering reclaim it can leave
the application in a bad state.
- If a workload is rapidly expanding, setting memory.high to proactively
reclaim memory can result in actually reclaiming more memory than
intended.
The benefits of such interface and shortcomings of existing interface were
further discussed in this RFC thread:
https://lore.kernel.org/linux-mm/5df21376-7dd1-bf81-8414-32a73cea45dd@google.com/
Interface:
----------
Introducing a very simple memcg interface 'echo 10M > memory.reclaim' to
trigger reclaim in the target memory cgroup.
The interface is introduced as a nested-keyed file to allow for future
optional arguments to be easily added to configure the behavior of
reclaim.
Possible Extensions:
--------------------
- This interface can be extended with an additional parameter or flags
to allow specifying one or more types of memory to reclaim from (e.g.
file, anon, ..).
- The interface can also be extended with a node mask to reclaim from
specific nodes. This has use cases for reclaim-based demotion in memory
tiering systens.
- A similar per-node interface can also be added to support proactive
reclaim and reclaim-based demotion in systems without memcg.
- Add a timeout parameter to make it easier for user space to call the
interface without worrying about being blocked for an undefined amount
of time.
For now, let's keep things simple by adding the basic functionality.
[yosryahmed@google.com: worked on versions v2 onwards, refreshed to
current master, updated commit message based on recent
discussions and use cases]
Link: https://lkml.kernel.org/r/20220425190040.2475377-1-yosryahmed@google.com
Link: https://lkml.kernel.org/r/20220425190040.2475377-2-yosryahmed@google.com
Change-Id: Idaaac964dd5169376fcceca35f0676f847069bce
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Co-developed-by: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Wei Xu <weixugc@google.com>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Zefan Li <lizefan.x@bytedance.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: Chen Wandun <chenwandun@huawei.com>
Cc: Vaibhav Jain <vaibhav@linux.ibm.com>
Cc: "Michal Koutn" <mkoutny@suse.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 94968384dd)
Bug: 280056627
Signed-off-by: T.J. Mercier <tjmercier@google.com>
This reverts commit 937164e07b8e56fa2e34bf05ee956ac4fe6a6b47.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Ie7aaed3a99ce91258f7eae8683ea27b4d807b7b4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit be0a0feb8e627f2f2f5324c65e5f91f921d4c1b8.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I8913de3e6e83876a2b2ed4460c935c3adb2a0721
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 16ed1a1dc35911c07b5978781cc4dd54d86a73b1.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: If9b195f46c800a362857e91a349ed3aad4606030
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 4c150ff0cc193b3b1fc6f0f68a4d79f9aac4f338.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Ibae2a63d0d9287f4cbcae1e34b467bdf5c82576b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit fcaf5d8a67.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I97c5ce73a4a6b6bcfc009547bb557141d21d4dd4
The pKVM hypervisor uses the module_ops struct as a way to expose
services to loadable modules. It doesn't however allow fine-grained
definition of the license for each export, and doesn't have a way to
check the license of the loaded module (yet). As such, the assumption
is that said module is proprietary, and must NOT be allowed to use GPL
symbols.
Even though symbols such as __pkvm_load_el2_module are currently
exported as GPL, these exports only apply to the kernel part of the
module, which is usually only a proxy to load the hyp module, which
may be built separately.
Given the lack of license enforcement at load time, let's seek GPL
compliance by preventing the accidental export of GPL symbols to hyp
modules via pKVM's module_ops struct. To do so, add a build time check
for the absence of such symbols from the KVM nvhe code entirely.
In the future (Android 15+ and upstream), we should consider expanding
the pKVM module loader to allow finer grained licensing of exports.
This would allow exposing internal pKVM functions as GPL only for e.g.
selftests and such w/o risking exports to proprietary modules.
Bug: 263340138
Bug: 267430896
Change-Id: I09b81bfe322c0d2746c0349c5f217a5a76b6e33d
Signed-off-by: Quentin Perret <qperret@google.com>
... so it can be read by Bazel @kernel_toolchain_info
later.
Test: TH
Bug: 272164611
Change-Id: I04648f8fb28537544287797673810946dedb58f3
Signed-off-by: Yifan Hong <elsk@google.com>
In one of the SMMU faults (NULL Pointer derefernce) the following
race condition was observed and func->interfaces_nums was being
accessed for f_fs interface after it was unbinded resulting in a
crash.
Thread-1 Thread-2
ffs_func_req_match+0x68/0xc8
drain_workqueue+0xac
gsi_unbind[usb_f_gsi]+0x64
purge_configs_funcs+0xb4
configfs_composite_unbind+0xac
usb_gadget_remove_driver+0xac
usb_gadget_unregister_driver+0xd8
gadget_dev_desc_UDC_store+0x114
android_setup+0x164/0x2a8
dwc3_ep0_inspect_setup+0x100/0x440
dwc3_ep0_interrupt+0xac/0x300
dwc3_process_event_entry+0x80/0x724
dwc3_process_event_buf+0x80/0x434
dwc3_thread_interrupt+0x60/0x124
irq_thread_fn+0x54/0xe4
irq_thread+0x3a4/0x6ec
kthread+0x188/0x1ec
ret_from_fork+0x10/0x20
The events happened in order are as follows:
We got a setup packet for ffs interface and was passed to android
setup callback from ep0.c. As part of the delegate request, the
dwc->lock is released.
At this instant a composition switch occurred and as per traces
and crash dumps:
1. UDC Stop was done successfully. So run stop is set to '0'
2. Composite disconnect was done and ep disable for all ep's is done
gadget->connected = FALSE
3. Async callbacks disabled
dwc->aysnc_callbacks = FALSE
4. composite unbind is going on and the ffs interface in question is
unbinded
udc->driver != NULL
(as per crash dump indicating that unbind is in progress)
5. Purge configs was ongoing because as per crash dumps:
otg_desc[0] = NULL;
cdev->os_desc_req->buf is not NULL
(configfs_composite_unbind is going on, but composite_dev_cleanup
not yet done)
As per the traces:
23.794712: dwc3_event event=49216 ep0state=1 str=
23.794909: dwc3_ctrl_req bRequestType=161 bRequest=1 wValue=0
wIndex=2 wLength=4096
23.799740: usb_gadget_disconnect speed=5 max_speed=6 state=7
mA=0 deactivated=0 connected=0 ret=0
This indicated that android setup came first followed by composite
disconnect. Since the dwc->lock was released by delegate_request,
soft disconnect gets unblocked and runs parallel to composite setup.
After this, there is no check in path of composite setup
indicating unbind happened and bail out is necessary instead of
executing any function ops.
Protect composite_setup (as part of android_setup) in a spinlock
to block composite_disconnect/unbind running in parallel.
Moreover, in the configfs counterpart of android_setup (configfs_
composite_stetup), the composite_setup call is done with spinlock
held.
It is only the android_setup missing this lock.
Bug: 280548269
Fixes: 7a160e2b96 ("ANDROID: usb: gadget: configfs: Add Uevent to notify userspace")
Change-Id: Id245e9f72801541689fcb185ba0459824bfb3904
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
(cherry picked from commit 9ad803f257a8eb50a52c19a4cf33690cf1b85575)
cfg80211 & mac80211 are being converted to vendor modules.
To be consistent for both arm64 & x86_64 remove them
from protected to unprotected; so they can be converted
to vendor modules for x86_64 as well.
This also helps keep things simpler for virtual_device;
so it doesn't have to maintain seperate list for these
architectures w.r.t. these modules.
Bug: 281137343
Test: TH
Change-Id: Ica028593f30528c361a6ab30da8cb5be5187d067
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add ramjiyani@ as per-file owner for:
android/abi_gki_protected_exports_*
android/gki_aarch64_protected_modules
android/gki_x86_64_protected_modules
Update required due to addition of multi arch support
caused renaming of these files with arch name in them.
Bug: 151893768
Test: TH
Change-Id: Ice5c054f90b3fc4f91bfe73f680082dc129c0310
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
In binder_transaction_buffer_release() the 'failed_at' offset indicates
the number of objects to clean up. However, this function was changed by
commit 44d8047f1d ("binder: use standard functions to allocate fds"),
to release all the objects in the buffer when 'failed_at' is zero.
This introduced an issue when a transaction buffer is released without
any objects having been processed so far. In this case, 'failed_at' is
indeed zero yet it is misinterpreted as releasing the entire buffer.
This leads to use-after-free errors where nodes are incorrectly freed
and subsequently accessed. Such is the case in the following KASAN
report:
==================================================================
BUG: KASAN: slab-use-after-free in binder_thread_read+0xc40/0x1f30
Read of size 8 at addr ffff4faf037cfc58 by task poc/474
CPU: 6 PID: 474 Comm: poc Not tainted 6.3.0-12570-g7df047b3f0aa #5
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x48/0x60
print_report+0xf8/0x5b8
kasan_report+0xb8/0xfc
__asan_load8+0x9c/0xb8
binder_thread_read+0xc40/0x1f30
binder_ioctl+0xd9c/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
Allocated by task 474:
kasan_save_stack+0x3c/0x64
kasan_set_track+0x2c/0x40
kasan_save_alloc_info+0x24/0x34
__kasan_kmalloc+0xb8/0xbc
kmalloc_trace+0x48/0x5c
binder_new_node+0x3c/0x3a4
binder_transaction+0x2b58/0x36f0
binder_thread_write+0x8e0/0x1b78
binder_ioctl+0x14a0/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
Freed by task 475:
kasan_save_stack+0x3c/0x64
kasan_set_track+0x2c/0x40
kasan_save_free_info+0x38/0x5c
__kasan_slab_free+0xe8/0x154
__kmem_cache_free+0x128/0x2bc
kfree+0x58/0x70
binder_dec_node_tmpref+0x178/0x1fc
binder_transaction_buffer_release+0x430/0x628
binder_transaction+0x1954/0x36f0
binder_thread_write+0x8e0/0x1b78
binder_ioctl+0x14a0/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
==================================================================
In order to avoid these issues, let's always calculate the intended
'failed_at' offset beforehand. This is renamed and wrapped in a helper
function to make it clear and convenient.
Fixes: 32e9f56a96 ("binder: don't detect sender/target during buffer cleanup")
Reported-by: Zi Fan Tan <zifantan@google.com>
Link: https://b.corp.google.com/issues/275041864
Cc: stable@vger.kernel.org
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Bug: 275041864
Link: https://lore.kernel.org/all/20230505203020.4101154-1-cmllamas@google.com
Change-Id: I4bcc8bde77a8118872237d100cccb5caf95d99a1
Signed-off-by: Carlos Llamas <cmllamas@google.com>
trace_android_vh_binder_proc_transaction_entry:
We need change binder thread so that this work can be added in
proc->todo, if we found the binder thread, skip native logic.
trace_android_vh_binder_select_worklist_ilocked:
we need this because we can't change list point in ”trace_android_vh_binder_thread_read“,
otherwise, If a work has beed added in our own defined list before,
current may goto retry and loop again and again.
Bug: 219898723
Change-Id: Ifdb3429c9ddac521bc75c1d21740ee7cc4b8f143
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit acefa91e51)
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit d26c0e1c409179ea74aaa89f748006bd76000cc3)
We want to add some hooks in the binder module so that we can reduce
block time until binder thread is available
Here are what new hooks do for:
1、android_vh_binder_looper_state_registered: choose a binder thread(do proc work) as a low-level thread.Only this thread has power to excute background binder transaction.
2、android_vh_binder_thread_read: let binder thread do works which come from
our list.
3、android_vh_binder_free_proc: free some pointers and variable.
4、android_vh_binder_thread_release: free the list that we create before.
5、android_vh_binder_has_work_ilocked: to check if our list has work.
6、android_vh_binder_read_done: because of we add hook in binder_has_work_ilocked,
7、android_vh_binder_preset: mark target proc's binder threads.
binder_has_work_ilocked may return true, so we try to wake up low-level thread immediately.
Bug: 212483521
Change-Id: Ic40f452cc4dcf8fc85422e23e6f1a7ad77547309
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit 8d6074509e4ec7e10acf6ee78277ff8cd19e49d0)
Add hooks to apply oem's optimization of rwsem and mutex
Bug: 182237112
Signed-off-by: xieliujie <xieliujie@oppo.com>
(cherry picked from commit 80b4341d05)
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I36895c432e5b6d6bff8781b4a7872badb693284c
Signed-off-by: Carlos Llamas <cmllamas@google.com>
[cmllamas: completes the cherry-pick of original commit 80b4341d05
since commit 0902cc73b793 was only partial]
(cherry picked from commit d4528a28cb5be0c322031f333a6230fa3042931f)
We need pointers to proc and t, the current hooks in binder_proc_transaction
are unable to use.
Bug: 208910215
Change-Id: I730964f965a015e5f5a3e237d9b3bd084b5bd0d0
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit cb7e10d31b)
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit 8968875ad63f4cda9f263e2a2a930524dd8fdbc7)
These hooks help us do the following things:
a) Record the number of mutex and rwsem optimistic spin.
b) Monitor the time of mutex and rwsem optimistic spin.
c) Make it possible if oems don't want mutex and rwsem to optimistic spin
for a long time.
Bug: 267565260
Change-Id: I2bee30fb17946be85e026213b481aeaeaee2459f
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit d01f7e1269)
(cherry picked from commit 05b5ff11ad98c5896b352b4c376a84b63684e06c)
Adding the following symbols:
- __drmm_crtc_alloc_with_planes
Bug: 275278929
Change-Id: I5f6e650aa850eb2639abcf5c033e1ed43814d30f
Signed-off-by: Adrian Salido <salidoa@google.com>
Add the hook that vendor can design and bypass the suspend/resume.
When the bypass is set, skip the orignal suspend/resume methods.
In mobile, a co-processor can be used with USB audio, and ACPU may
be able to sleep in such condition to improve power consumption.
We will need vendor hook to support this.
Bug: 192774581
Signed-off-by: Puma Hsu <pumahsu@google.com>
Change-Id: Ic62a8a1e662bbe3fb0aa17af7491daace0b9f18a
(cherry picked from commit 98085b5dd8)
Add vendor hook android_vh_sound_check_support_cpu_suspend
to allow ACPU to suspend during USB playback/capture,
if this is supported.
Bug: 192206510
Change-Id: Ia8d4c335db27de5fcefab13cab653fd1ae34f691
Signed-off-by: JJ Lee <leejj@google.com>
(cherry picked from commit e8516fd3af)
Sync to android13-5.10. This vendor hook is declared already.
Bug: 245675204
Change-Id: Ib081b52542380d22317f225a50b553cda5f2634c
Signed-off-by: Rick Yiu <rickyiu@google.com>
Providing vendor hooks to record the start time of holding the lock, which
protects rwsem/mutex locking-process from being preemptedfor a short time
in some cases.
- android_vh_record_mutex_lock_starttime
- android_vh_record_rtmutex_lock_starttime
- android_vh_record_rwsem_lock_starttime
- android_vh_record_pcpu_rwsem_starttime
Bug: 241191475
Signed-off-by: Peifeng Li <lipeifeng@oppo.com>
Change-Id: I0e967a1e8b77c32a1ad588acd54028fae2f90c4e
(cherry picked from commit f7294947672eb6b786f3c16b49e71e6a239101ad)
This file is no longer useful after build.sh is deprecated.
The functionality of the list has been moved to
//common:kernel_aarch64 module_implicit_outs in Kleaf.
Bug: 257119427
Test: TH
Change-Id: Id7e2c9b09d8b4eb96a4f055ce5e01964f8b6361c
Signed-off-by: Yifan Hong <elsk@google.com>
