mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-05 18:41:58 +09:00
084d22016ccabe60338ea69b0a1c4c264551bd4c
1074323 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Kalesh Singh
|
084d22016c |
ANDROID: 16K: Separate padding from ELF LOAD segment mappings
In has been found that some in-field apps depend on the output of
/proc/*/maps to determine the address ranges of other operations.
With the extension of LOAD segments VMAs to be contiguous in memory,
the apps may perform operations on an area that is not backed by the
underlying file, which results in a SIGBUS. Other apps have crashed
with yet unindentified reasons.
To avoid breaking in-field apps, maintain the output of /proc/*/[s]maps
with PROT_NONE VMAs for the padding pages of LOAD segmetns instead of
showing the segment extensions.
NOTE: This does not allocate actual backing VMAs for the shown
PROT_NONE mappings.
This approach maintains 2 possible assumptions that userspace (apps)
could be depending on:
1) That LOAD segment mappings are "contiguous" (not speparated by
unrelated mappings) in memory.
2) That no virtual address space is available between mappings of
consecutive LOAD segments for the same ELF.
For example the output of /proc/*/[s]maps before and after this change
is shown below. Segments maintain PROT_NONE gaps ("[page size compat]")
for app compatiblity but these are not backed by actual slab VMA memory.
Maps Before:
7fb03604d000-7fb036051000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so
7fb036051000-7fb036055000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so
7fb036055000-7fb036059000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so
7fb036059000-7fb03605a000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so
Maps After:
7fc707390000-7fc707393000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so
7fc707393000-7fc707394000 ---p 00000000 00:00 0 [page size compat]
7fc707394000-7fc707398000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so
7fc707398000-7fc707399000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so
7fc707399000-7fc70739c000 ---p 00000000 00:00 0 [page size compat]
7fc70739c000-7fc70739d000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so
Smaps Before:
7fb03604d000-7fb036051000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 16 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 16 kB
Pss: 0 kB
Pss_Dirty: 0 kB
Shared_Clean: 16 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 16 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd mr mw me
7fb036051000-7fb036055000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 16 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 16 kB
Pss: 0 kB
Pss_Dirty: 0 kB
Shared_Clean: 16 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 16 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd ex mr mw me
7fb036055000-7fb036059000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 16 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 4 kB
Pss: 4 kB
Pss_Dirty: 4 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 4 kB
Referenced: 4 kB
Anonymous: 4 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd mr mw me ac
7fb036059000-7fb03605a000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 4 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 4 kB
Pss: 4 kB
Pss_Dirty: 4 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 4 kB
Referenced: 4 kB
Anonymous: 4 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd wr mr mw me ac
Smaps After:
7fc707390000-7fc707393000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 12 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 12 kB
Pss: 0 kB
Shared_Clean: 12 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 12 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd mr mw me ??
7fc707393000-7fc707394000 ---p 00000000 00:00 0 [page size compat]
Size: 4 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 0 kB
Pss: 0 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 0 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: mr mw me
7fc707394000-7fc707398000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 16 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 16 kB
Pss: 0 kB
Shared_Clean: 16 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 16 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd ex mr mw me
7fc707398000-7fc707399000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 4 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 4 kB
Pss: 4 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 4 kB
Referenced: 4 kB
Anonymous: 4 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd mr mw me ac ?? ??
7fc707399000-7fc70739c000 ---p 00000000 00:00 0 [page size compat]
Size: 12 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 0 kB
Pss: 0 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 0 kB
Anonymous: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: mr mw me ac
7fc70739c000-7fc70739d000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so
Size: 4 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 4 kB
Pss: 4 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 4 kB
Referenced: 4 kB
Anonymous: 4 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd wr mr mw me ac
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: I12bf2c106fafc74a500d79155b81dde5db42661e
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
|
||
|
Kalesh Singh
|
37ea0e8485 |
ANDROID: 16K: Exclude ELF padding for fault around range
Userspace apps often analyze memory consumption by the use of mm rss_stat counters -- via the kmem/rss_stat trace event or from /proc/<pid>/statm. rss_stat counters are only updated when the PTEs are updated. What this means is that pages can be present in the page cache from readahead but not visible to userspace (not attributed to the app) as there is no corresponding VMA (PTEs) for the respective page cache pages. A side effect of the loader now extending ELF LOAD segments to be contiguously mapped in the virtual address space, means that the VMA is extended to cover the padding pages. When filesystems, such as f2fs and ext4, that implement vm_ops->map_pages() attempt to perform a do_fault_around() the extent of the fault around is restricted by the area of the enclosing VMA. Since the loader extends LOAD segment VMAs to be contiguously mapped, the extent of the fault around is also increased. The result of which, is that the PTEs corresponding to the padding pages are updated and reflected in the rss_stat counters. It is not common that userspace application developers be aware of this nuance in the kernel's memory accounting. To avoid apparent regressions in memory usage to userspace, restrict the fault around range to only valid data pages (i.e. exclude the padding pages at the end of the VMA). Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I2c7a39ec1b040be2b9fb47801f95042f5dbf869d Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Kalesh Singh
|
e7bff50b22 |
ANDROID: 16K: Use MADV_DONTNEED to save VMA padding pages.
When performing LOAD segment extension, the dynamic linker knows what portion of the VMA is padding. In order for the kernel to implement mitigations that ensure app compatibility, the extent of the padding must be made available to the kernel. To achieve this, reuse MADV_DONTNEED on single VMAs to hint the padding range to the kernel. This information is then stored in vm_flag bits. This allows userspace (dynamic linker) to set the padding pages on the VMA without a need for new out-of-tree UAPI. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I3421de32ab38ad3cb0fbce73ecbd8f7314287cde Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Kalesh Singh
|
38cccb9154 |
ANDROID: 16K: Introduce ELF padding representation for VMAs
The dynamic linker may extend ELF LOAD segment mappings to be contiguous in memory when loading a 16kB compatible ELF on a 4kB page-size system. This is done to reduce the use of unreclaimable VMA slab memory for the otherwise necessary "gap" VMAs. The extended portion of the mapping (VMA) can be viewed as "padding", meaning that the mapping in that range corresponds to an area of the file that does not contain contents of the respective segments (maybe zero's depending on how the ELF is built). For some compatibility mitigations, the region of a VMA corresponding to these padding sections need to be known. In order to represent such regions without adding addtional overhead or breaking ABI, some upper bits of vm_flags are used. Add the VMA padding pages representation and the necessary APIs to manipulate it. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: Ieb9fa98e30ec9b0bec62256624f14e3ed6062a75 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Kalesh Singh
|
9274c308d8 |
ANDROID: 16K: Introduce /sys/kernel/mm/pgsize_miration/enabled
Migrating from 4kB to 16kB page-size in Android requires first making
the platform page-agnostic, which involves increasing Android-ELFs'
max-page-size (p_align) from 4kB to 16kB.
Increasing the ELF max-page-size was found to cause compatibility issues
in apps that use obfuscation or depend on the ELF segments being mapped
based on 4kB-alignment.
Working around these compatibility issues involves both kernel and
userspace (dynamic linker) changes.
Introduce a knob for userspace (dynamic linker) to determine whether the
kernel supports the mitigations needed for page-size migration compatibility.
The knob also allows for userspace to turn on or off these mitigations
by writing 1 or 0 to /sys/kernel/mm/pgsize_miration/enabled:
echo 1 > /sys/kernel/mm//pgsize_miration/enabled # Enable
echo 0 > /sys/kernel/mm//pgsize_miration/enabled # Disable
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: I9ac1d15d397b8226b27827ecffa30502da91e10e
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
|
||
|
Pablo Neira Ayuso
|
ceb8c595f8 |
UPSTREAM: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
commit 0d459e2ffb541841714839e8228b845458ed3b27 upstream. The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Bug: 332996726 Cc: stable@vger.kernel.org Fixes: |
||
|
Pablo Neira Ayuso
|
ea419cda5c |
UPSTREAM: netfilter: nf_tables: release batch on table validation from abort path
commit a45e6889575c2067d3c0212b6bc1022891e65b91 upstream. Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore |
||
|
Pablo Neira Ayuso
|
6b883cdac2 |
UPSTREAM: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
commit 552705a3650bbf46a22b1adedc1b04181490fc36 upstream.
While the rhashtable set gc runs asynchronously, a race allows it to
collect elements from anonymous sets with timeouts while it is being
released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x
with a pipapo set with low timeouts which is not possible upstream since
7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
element timeout").
Fix this by setting on the dead flag for anonymous sets to skip async gc
in this case.
According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
transaction abort"), Florian plans to accelerate abort path by releasing
objects via workqueue, therefore, this sets on the dead flag for abort
path too.
Bug: 329205787
Cc: stable@vger.kernel.org
Fixes:
|
||
|
yenchia.chen
|
f395ea0980 |
ANDROID: GKI: update mtktv symbol
8 function symbol(s) added 'int tty_termios_hw_change(const struct ktermios*, const struct ktermios*)' 'void usb_serial_deregister_drivers(struct usb_serial_driver* const*)' 'void usb_serial_generic_close(struct usb_serial_port*)' 'int usb_serial_generic_get_icount(struct tty_struct*, struct serial_icounter_struct*)' 'int usb_serial_generic_open(struct tty_struct*, struct usb_serial_port*)' 'void usb_serial_generic_throttle(struct tty_struct*)' 'void usb_serial_generic_unthrottle(struct tty_struct*)' 'int usb_serial_register_drivers(struct usb_serial_driver* const*, const char*, const struct usb_device_id*)' Bug: 333350374 Change-Id: Ie1ea35a1c6795adef7d5fd65f9fc29f855d683bb Signed-off-by: yenchia.chen <yenchia.chen@mediatek.com> |
||
|
Pablo Neira Ayuso
|
a5d03f57d6 |
UPSTREAM: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
commit 01acb2e8666a6529697141a6017edbf206921913 upstream. Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list. Bug: 332803585 Fixes: |
||
|
Roderick Colenbrander
|
0cf6fdfb0a |
UPSTREAM: HID: playstation: support updated DualSense rumble mode.
Newer DualSense firmware supports a revised classic rumble mode,
which feels more similar to rumble as supported on previous PlayStation
controllers. It has been made the default on PlayStation and non-PlayStation
devices now (e.g. iOS and Windows). Default to this new mode when
supported.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20221010212313.78275-4-roderick.colenbrander@sony.com
Bug: 260685629
(cherry picked from commit
|
||
|
Roderick Colenbrander
|
e3da19b218 |
UPSTREAM: HID: playstation: stop DualSense output work on remove.
Ensure we don't schedule any new output work on removal and wait
for any existing work to complete. If we don't do this e.g. rumble
work can get queued during deletion and we trigger a kernel crash.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
CC: stable@vger.kernel.org
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20221010212313.78275-2-roderick.colenbrander@sony.com
Bug: 260685629
(cherry picked from commit
|
||
|
Greg Kroah-Hartman
|
62085a0e6d |
UPSTREAM: HID: playstation: convert to use dev_groups
There is no need for a driver to individually add/create device groups,
the driver core will do it automatically for you. Convert the
hid-playstation driver to use the dev_groups pointer instead of manually
calling the driver core to create the group and have it be cleaned up
later on by the devm core.
Cc: Roderick Colenbrander <roderick.colenbrander@sony.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-input@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bug: 260685629
(cherry picked from commit
|
||
|
Jiri Kosina
|
adce8aae67 |
UPSTREAM: HID: playstation: fix return from dualsense_player_led_set_brightness()
brightness_set_blocking() callback expects function returning int. This fixes
the follwoing build failure:
drivers/hid/hid-playstation.c: In function ‘dualsense_player_led_set_brightness’:
drivers/hid/hid-playstation.c:885:1: error: no return statement in function returning non-void [-Werror=return-type]
}
^
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bug: 260685629
(cherry picked from commit
|
||
|
Roderick Colenbrander
|
c996cb50e2 |
UPSTREAM: HID: playstation: expose DualSense player LEDs through LED class.
The DualSense player LEDs were so far not adjustable from user-space.
This patch exposes each LED individually through the LED class. Each
LED uses the new 'player' function resulting in a name like:
'inputX:white:player-1' for the first LED.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bug: 260685629
(cherry picked from commit
|
||
|
Roderick Colenbrander
|
f011142fea |
UPSTREAM: leds: add new LED_FUNCTION_PLAYER for player LEDs for game controllers.
Player LEDs are commonly found on game controllers from Nintendo and Sony
to indicate a player ID across a number of LEDs. For example, "Player 2"
might be indicated as "-x--" on a device with 4 LEDs where "x" means on.
This patch introduces LED_FUNCTION_PLAYER1-5 defines to properly indicate
player LEDs from the kernel. Until now there was no good standard, which
resulted in inconsistent behavior across xpad, hid-sony, hid-wiimote and
other drivers. Moving forward new drivers should use LED_FUNCTION_PLAYERx.
Note: management of Player IDs is left to user space, though a kernel
driver may pick a default value.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bug: 260685629
(cherry picked from commit
|
||
|
Roderick Colenbrander
|
19cbe31642 |
UPSTREAM: HID: playstation: expose DualSense lightbar through a multi-color LED.
The DualSense lightbar has so far been supported, but it was not yet
adjustable from user space. This patch exposes it through a multi-color
LED.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bug: 260685629
(cherry picked from commit
|
||
|
Carlos Galo
|
3507c287a6 |
UPSTREAM: mm: update mark_victim tracepoints fields
The current implementation of the mark_victim tracepoint provides only the
process ID (pid) of the victim process. This limitation poses challenges
for userspace tools requiring real-time OOM analysis and intervention.
Although this information is available from the kernel logs, it’s not
the appropriate format to provide OOM notifications. In Android, BPF
programs are used with the mark_victim trace events to notify userspace of
an OOM kill. For consistency, update the trace event to include the same
information about the OOMed victim as the kernel logs.
- UID
In Android each installed application has a unique UID. Including
the `uid` assists in correlating OOM events with specific apps.
- Process Name (comm)
Enables identification of the affected process.
- OOM Score
Will allow userspace to get additional insight of the relative kill
priority of the OOM victim. In Android, the oom_score_adj is used to
categorize app state (foreground, background, etc.), which aids in
analyzing user-perceptible impacts of OOM events [1].
- Total VM, RSS Stats, and pgtables
Amount of memory used by the victim that will, potentially, be freed up
by killing it.
[1]
|
||
|
Carlos Galo
|
cd4da4b748 |
Revert "FROMGIT: mm: update mark_victim tracepoints fields"
This reverts commit
|
||
|
Pablo Neira Ayuso
|
948f42ca2b |
UPSTREAM: netfilter: nft_set_pipapo: release elements in clone only from destroy path
[ Upstream commit b0e256f3dd2ba6532f37c5c22e07cb07a36031ee ] Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: |
||
|
qinglin.li
|
6a45518094 |
ANDROID: GKI: Update symbol list for Amlogic
1 function symbol(s) added 'int __traceiter_android_rvh_set_sugov_update(void*, struct sugov_policy*, unsigned int, bool*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_rvh_set_sugov_update' Bug: 332649159 Change-Id: Id8efeb5dd38638e2b08a5f2bad5db6744cc0fb15 Signed-off-by: Qinglin Li <qinglin.li@amlogic.com> |
||
|
erinwang
|
3de9177e81 |
ANDROID: GKI: Update symbol list for lenovo
2 function symbol(s) added 'unsigned long* devm_bitmap_zalloc(struct device*, unsigned int, gfp_t)' 'void tracing_on()' Bug: 331118893 Change-Id: I3baa632e1ebb7cb09d4651d656f0dcc6cda21cd3 Signed-off-by: erinwang <erinwang2@lenovo.com> |
||
|
Carlos Llamas
|
668dfb812d |
FROMLIST: binder: check offset alignment in binder_get_object()
Commit |
||
|
Ben Fennema
|
3b3c1c80e8 |
ANDROID: GKI: Update the ABI symbol list
Update the pixel_watch symbol list. Bug: 330275264 Change-Id: I843394f80d93a3f3d1a33846d1af4f189803b829 Signed-off-by: Ben Fennema <fennema@google.com> |
||
|
qinglin.li
|
f600c62d25 |
ANDROID: GKI: Update symbol list for Amlogic
12 function symbol(s) added 'struct backing_dev_info* bdi_alloc(int)' 'void bdi_put(struct backing_dev_info*)' 'int bdi_register(struct backing_dev_info*, const char*, ...)' 'void crypto_unregister_ahashes(struct ahash_alg*, int)' 'void deactivate_locked_super(struct super_block*)' 'loff_t fixed_size_llseek(struct file*, loff_t, int, loff_t)' 'void generic_shutdown_super(struct super_block*)' 'struct gpio_desc* gpiod_get_index_optional(struct device*, const char*, unsigned int, enum gpiod_flags)' 'int lookup_bdev(const char*, dev_t*)' 'struct nvmem_device* nvmem_register(const struct nvmem_config*)' 'void nvmem_unregister(struct nvmem_device*)' 'struct super_block* sget_fc(struct fs_context*, int(*)(struct super_block*, struct fs_context*), int(*)(struct super_block*, struct fs_context*))' Bug: 331874739 Change-Id: Icaa620cd09b0cccb3a1075c1f0429355d90103f4 Signed-off-by: Qinglin Li <qinglin.li@amlogic.com> |
||
|
Vilas Bhat
|
d154026d33 |
ANDROID: GKI: Update the ABI symbol list
Update the pixel_watch symbol list. 6 function symbol(s) added __module_get emergency_restart kernel_restart watchdog_init_timeout watchdog_register_device watchdog_unregister_device Bug: 329913683 Change-Id: I7bce78be9c642c7fea483aab25b1eb6ce15a232d Signed-off-by: Vilas Bhat <vilasbhat@google.com> |
||
|
Greg Kroah-Hartman
|
5f12c91ab0 |
Merge tag 'android14-5.15.148_r00' into android14-5.15
This merges up to the 5.15.148 LTS release into the android14-5.15 branch. Included in here are the following commits: * |
||
|
Will Deacon
|
ec86765bae |
ANDROID: KVM: arm64: Fix TLB invalidation when coalescing into a block
Wnen coalescing a table into a block, the break-before-make sequence
must invalidate the whole range of addresses translated by the entry in
order to avoid the possibility of a TLB conflict.
Fix the coalescing post-table walker so that the whole range of the old
table is invalidated, rather than just the first address, since a
refcount of 1 on the child page is not sufficient to ensure the absence
of any valid mappings.
Cc: Sebastian Ene <sebastianene@google.com>
Reported-by: Mostafa Saleh <smostafa@google.com>
Fixes:
|
||
|
Vincent Donnefort
|
5854f4c2af |
ANDROID: KVM: arm64: Fix missing trace event for nVHE dyn HVCs
The hyp event host_hcall was missing when a custom HVC runs. Bug: 278749606 Bug: 244543039 Bug: 244373730 Signed-off-by: Vincent Donnefort <vdonnefort@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:a1836ffbea9fcb70fa9d49af7382b9343285036f) Merged-In: I760cab4fbd36a13ad262842880d9ec484f23fd22 Change-Id: I760cab4fbd36a13ad262842880d9ec484f23fd22 |
||
|
Pablo Neira Ayuso
|
865e6d9df1 |
UPSTREAM: netfilter: nf_tables: disallow timeout for anonymous sets
commit |
||
|
Ard Biesheuvel
|
537e133918 |
UPSTREAM: arm64: Apply dynamic shadow call stack patching in two passes
Code patching for the dynamically enabled shadow call stack comes down
to finding PACIASP and AUTIASP instructions -which behave as NOPs on
cores that do not implement pointer authentication- and converting them
into shadow call stack pushes and pops, respectively.
Due to past bad experiences with the highly complex and overengineered
DWARF standard that describes the unwind metadata that we are using to
locate these instructions, let's make this patching logic a little bit
more robust so that any issues with the unwind metadata detected at boot
time can de dealt with gracefully.
The DWARF annotations that are used for this are emitted at function
granularity, and due to the fact that the instructions we are patching
will simply behave as NOPs if left unpatched, we can abort on errors as
long as we don't leave any functions in a half-patched state.
So do a dry run of each FDE frame (covering a single function) before
performing the actual patching, and give up if the DWARF metadata cannot
be understood.
Change-Id: Iea167b37a4d84e2b444189c7af939cf58d6dc9cf
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20221213142849.1629026-1-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit
|
||
|
Lokesh Gidra
|
96305e30e9 |
ANDROID: userfaultfd: abort uffdio ops if mmap_lock is contended
Check if the mmap_lock is contended when looping over the pages that are requested to be filled. When it is observed, we rely on the already existing mechanism to return bytes copied/filled and -EAGAIN as error. This helps by avoiding contention of mmap_lock for long running userfaultfd operations. The userspace can perform other tasks before retrying the operation for the remaining pages. Bug: 320478828 Change-Id: I6d485fd03c96a826956ee3962e58058be3cf81c1 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> |
||
|
Lokesh Gidra
|
3673533a09 |
ANDROID: userfaultfd: add MMAP_TRYLOCK mode for COPY/ZEROPAGE
In case mmap_lock is contended, it is possible that userspace can spend time performing other tasks rather than waiting in uninterruptible-sleep state for the lock to become available. Even if no other task is available, it is better to yield or sleep rather than adding contention to already contended lock. We introduce MMAP_TRYLOCK mode so that when possible, userspace can request to use mmap_read_trylock(), returning -EAGAIN if and when it fails. Bug: 320478828 Change-Id: I2d196fd317e054af03dbd35ac1b0c7634cb370dc Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> |
||
|
Suren Baghdasaryan
|
3fd32dc171 |
ANDROID: fix isolate_migratepages_range return value
When [1] was cherry-picked from 5.10 into 5.15 kernel, it modified the variable used to store isolate_migratepages_block() return value like it was done in 5.10. However in 5.15 the variable used to store the return value is different. As a result, failure to isolate a block is not reported back to the caller. Fix by restoring the original code and using the right variable to store the return value. [1] ANDROID: mm: do not allow file-backed pages from CMA Bug: 326556976 Change-Id: I06900eb43de356584ff63acfe6e994f11610b494 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Bart Van Assche
|
483395b445 |
Revert "ANDROID: Add CONFIG_BLK_DEV_NULL_BLK=m to gki_defconfig"
This reverts commit
|
||
|
Eric Biggers
|
7b301c7079 |
ANDROID: fips140 - fix integrity check by unapplying dynamic SCS
Since the kernel now has dynamic Shadow Call Stack (SCS) enabled, on CPUs that don't support Pointer Authentication Codes (PAC) the kernel runtime-patches paciasp and autiasp instructions into instructions that push and pop from the shadow call stack. This includes instructions in loaded modules. This broke the fips140 integrity check which needs to know how to undo all text changes made by the module loader in order to re-create the original text. Fix this by updating fips140.ko to undo the dynamic SCS patching. Bug: 188620248 Change-Id: I992bcd6c34b3340c6489b40a125715e1304cb445 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
b1f8c25026 |
ANDROID: fips140 - add option for debugging the integrity check
There now have been two times where I've had to debug the fips140 integrity check failing due to a new type of runtime code patching. Debugging such issues requires dumping the text and rodata actually used for the integrity check and comparing them with the originals. Add a kconfig option to make this easier. Similar to CRYPTO_FIPS140_MOD_EVAL_TESTING, the production build won't use this. Bug: 188620248 Change-Id: I392de466ff31f999d65997dbc610e23e9eeca49d Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Daniel Rosenberg
|
1225d7ed6c |
ANDROID: fuse-bpf: Fix readdir for getdents
If you call getdents with a buffer size less than a page, entries can be skipped. This correctly sets the point to continue from. Bug: 325550828 Test: getdents with low buffer size Change-Id: I324e7e815d31742bd4e2d70c5d07c2b09a67a7c2 Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
|
Jaegeuk Kim
|
37b83a89de |
BACKPORT: f2fs: split initial and dynamic conditions for extent_cache
Let's allocate the extent_cache tree without dynamic conditions to avoid a
missing condition causing a panic as below.
# create a file w/ a compressed flag
# disable the compression
# panic while updating extent_cache
F2FS-fs (dm-64): Swapfile: last extent is not aligned to section
F2FS-fs (dm-64): Swapfile (3) is not align to section: 1) creat(), 2) ioctl(F2FS_IOC_SET_PIN_FILE), 3) fallocate(2097152 * N)
Adding 124996k swap on ./swap-file. Priority:0 extents:2 across:17179494468k
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline]
BUG: KASAN: null-ptr-deref in atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline]
BUG: KASAN: null-ptr-deref in queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline]
BUG: KASAN: null-ptr-deref in __raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline]
BUG: KASAN: null-ptr-deref in _raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295
Write of size 4 at addr 0000000000000030 by task syz-executor154/3327
CPU: 0 PID: 3327 Comm: syz-executor154 Tainted: G O 5.10.185 #1
Hardware name: emulation qemu-x86/qemu-x86, BIOS 2023.01-21885-gb3cc1cd24d 01/01/2023
Call Trace:
__dump_stack out/common/lib/dump_stack.c:77 [inline]
dump_stack_lvl+0x17e/0x1c4 out/common/lib/dump_stack.c:118
__kasan_report+0x16c/0x260 out/common/mm/kasan/report.c:415
kasan_report+0x51/0x70 out/common/mm/kasan/report.c:428
kasan_check_range+0x2f3/0x340 out/common/mm/kasan/generic.c:186
__kasan_check_write+0x14/0x20 out/common/mm/kasan/shadow.c:37
instrument_atomic_read_write out/common/include/linux/instrumented.h:101 [inline]
atomic_try_cmpxchg_acquire out/common/include/asm-generic/atomic-instrumented.h:705 [inline]
queued_write_lock out/common/include/asm-generic/qrwlock.h:92 [inline]
__raw_write_lock out/common/include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock+0x5a/0x110 out/common/kernel/locking/spinlock.c:295
__drop_extent_tree+0xdf/0x2f0 out/common/fs/f2fs/extent_cache.c:1155
f2fs_drop_extent_tree+0x17/0x30 out/common/fs/f2fs/extent_cache.c:1172
f2fs_insert_range out/common/fs/f2fs/file.c:1600 [inline]
f2fs_fallocate+0x19fd/0x1f40 out/common/fs/f2fs/file.c:1764
vfs_fallocate+0x514/0x9b0 out/common/fs/open.c:310
ksys_fallocate out/common/fs/open.c:333 [inline]
__do_sys_fallocate out/common/fs/open.c:341 [inline]
__se_sys_fallocate out/common/fs/open.c:339 [inline]
__x64_sys_fallocate+0xb8/0x100 out/common/fs/open.c:339
do_syscall_64+0x35/0x50 out/common/arch/x86/entry/common.c:46
Bug: 323236756
Cc: stable@vger.kernel.org
Fixes:
|
||
|
RD Babiera
|
ac4797cea5 |
UPSTREAM: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
The DisplayPort driver's sysfs nodes may be present to the userspace before
typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
NULL in those cases.
Remove manual sysfs node creation in favor of adding attribute group as
default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is
not used here otherwise the path to the sysfs nodes is no longer compliant
with the ABI.
Fixes:
|
||
|
lipeifeng
|
5aed5c3435 |
ANDROID: uid_sys_stat: fix data-error of cputime and io
'commit b6115e14010 ("ANDROID: uid_sys_stat: split the global
lock uid_lock to the fine-grained locks for each hlist in hash_table.")'
The above patch split the global lock to per-uid lock to reduce lock
competition. But result in data-error from uid_cputime_show and uid_io_show in
some cases.
E.g, if thread1 and thread2 read /proc/uid_cputime/show_uid_stat at the same time,
thread2 maybe operate in partA and zero active_stime and active_utime of uid_entry
when thread1 is between partB and partC, which would cause thread1 show the error data.
static int uid_cputime_show(struct seq_file *m, void *v)
{
...
/*partA*/
for (bkt = 0, uid_entry = NULL; uid_entry == NULL &&
bkt < HASH_SIZE(hash_table); bkt++) {
lock_uid_by_bkt(bkt);
hlist_for_each_entry(uid_entry, &hash_table[bkt], hash) {
uid_entry->active_stime = 0;
uid_entry->active_utime = 0;
}
unlock_uid_by_bkt(bkt);
}
rcu_read_lock();
/* partB */
do_each_thread(temp, task) {
...
lock_uid(uid);
if (!(task->flags & PF_EXITING)) {
task_cputime_adjusted(task, &utime, &stime);
uid_entry->active_utime += utime;
uid_entry->active_stime += stime;
}
unlock_uid(uid);
} while_each_thread(temp, task);
rcu_read_unlock();
for (bkt = 0, uid_entry = NULL; uid_entry == NULL &&
bkt < HASH_SIZE(hash_table); bkt++) {
lock_uid_by_bkt(bkt);
hlist_for_each_entry(uid_entry, &hash_table[bkt], hash) {
u64 total_utime = uid_entry->utime +
uid_entry->active_utime;
u64 total_stime = uid_entry->stime +
uid_entry->active_stime;
/* partC */
seq_printf(m, "%d: %llu %llu\n", uid_entry->uid,
ktime_to_us(total_utime), ktime_to_us(total_stime));
}
unlock_uid_by_bkt(bkt);
}
The patch ensures that the calculation and seq_printf of each uid_entry is within
the uid_lock range, in order to accurate data.
Bug: 278138377
Change-Id: Iaa2ccd95c4b4b333f04b2ba18d7699d94017394e
Signed-off-by: lipeifeng <lipeifeng@oppo.com>
(cherry picked from commit ea35d2bd073214e84be242287a2e91741c6588ed)
|
||
|
RD Babiera
|
c3b70e94f1 |
UPSTREAM: usb: typec: class: fix typec_altmode_put_partner to put plugs
usb: typec: class: fix typec_altmode_put_partner to put plugs
When typec_altmode_put_partner is called by a plug altmode upon release,
the port altmode the plug belongs to will not remove its reference to the
plug. The check to see if the altmode being released is a plug evaluates
against the released altmode's partner instead of the calling altmode, so
change adev in typec_altmode_put_partner to properly refer to the altmode
being released.
Because typec_altmode_set_partner calls get_device() on the port altmode,
add partner_adev that points to the port altmode in typec_put_partner to
call put_device() on. typec_altmode_set_partner is not called for port
altmodes, so add a check in typec_altmode_release to prevent
typec_altmode_put_partner() calls on port altmode release.
Fixes:
|
||
|
RD Babiera
|
282bfc6c30 |
UPSTREAM: Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
This reverts commit b17b7fe6dd5c6ff74b38b0758ca799cdbb79e26e.
That commit messed up the reference counting, so it needs to
be rethought.
Fixes: b17b7fe6dd5c ("usb: typec: class: fix typec_altmode_put_partner to put plugs")
Cc: stable@vger.kernel.org
Cc: RD Babiera <rdbabiera@google.com>
Reported-by: Chris Bainbridge <chris.bainbridge@gmail.com>
Closes: https://lore.kernel.org/lkml/CAP-bSRb3SXpgo_BEdqZB-p1K5625fMegRZ17ZkPE1J8ZYgEHDg@mail.gmail.com/
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Bug: 324496488
(cherry picked from commit 9c6b789e954fae73c548f39332bcc56bdf0d4373)
Signed-off-by: RD Babiera <rdbabiera@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:27167a6e39a6894d905ea97aece1aa9f0120f452)
Merged-In: I2755a5e44dd1970d60e5d996dd7fc6d88f79684a
Change-Id: I2755a5e44dd1970d60e5d996dd7fc6d88f79684a
|
||
|
Ben Fennema
|
2390d58862 |
ANDROID: GKI: Update the ABI symbol list
Update the pixel_watch symbol list. 3 function symbol(s) added 'void gic_resume()' 'ssize_t mipi_dsi_dcs_write(struct mipi_dsi_device*, u8, const void*, size_t)' 'int snd_soc_get_dai_name(const struct of_phandle_args*, const char**)' Bug: 327650099 Change-Id: I7a7efaa91f1a37f44d3e950af4ec9947fb349acc Signed-off-by: Ben Fennema <fennema@google.com> |
||
|
Lokesh Gidra
|
0d0784d6b2 |
ANDROID: Update ABI for userfaultfd_ctx
The struct is not public so shouldn't cause real ABI breakage. Bug: 320478828 Bug: 324640390 Change-Id: I724ca4c00bae09bc311d6495383cfd3a77592d7a Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> |
||
|
Lokesh Gidra
|
ee9964b308 |
ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon
Currently we bail out of speculative page fault when we detect that the fault address is in a userfaultfd registered vma. However, if userfaultfd is being used with UFFD_FEATURE_SIGBUS feature, then handle_userfault() doesn't do much and is easiest to handle with SPF. This patch lets MISSING userfaultfs on private anonymous mappings be allowed with SPF if UFFD_FEATURE_SIGBUS is used. With this patch we get >99% success rate for userfaults caused during userfaultfd GC's compaction phase. This translates into eliminating uninterruptible sleep time in do_page_fault() due to userfaults. ABI breakage note: 'userfaultfd_ctx' struct, which has been modified in this CL, is private and hence cannot cause real breakage. Bug: 324640390 Bug: 320478828 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Change-Id: Ic7fde0fde03602b35179bc0cf891ddbbc434190f |
||
|
Eric Biggers
|
9cef46f39e |
ANDROID: remove LTO check from build.config.gki.aarch64.fips140
Don't check the "LTO" variable in build.config.gki.aarch64.fips140, since fips140.ko no longer depends on LTO. Also, Kleaf doesn't set the "LTO" variable anyway; it was specific to build.sh. Bug: 188620248 Change-Id: I213faa4c8c1a23898c08da121b0a5dc602b7218a Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Greg Kroah-Hartman
|
b74b4cbe62 |
Revert "interconnect: Fix locking for runpm vs reclaim"
This reverts commit |
||
|
Greg Kroah-Hartman
|
f115661832 |
Revert "interconnect: Teach lockdep about icc_bw_lock order"
This reverts commit |
||
|
Vilas Bhat
|
d96725ec1a |
BACKPORT: FROMGIT: PM: runtime: add tracepoint for runtime_status changes
Existing runtime PM ftrace events (`rpm_suspend`, `rpm_resume`, `rpm_return_int`) offer limited visibility into the exact timing of device runtime power state transitions, particularly when asynchronous operations are involved. When the `rpm_suspend` or `rpm_resume` functions are invoked with the `RPM_ASYNC` flag, a return value of 0 i.e., success merely indicates that the device power state request has been queued, not that the device has yet transitioned. A new ftrace event, `rpm_status`, is introduced. This event directly logs the `power.runtime_status` value of a device whenever it changes providing granular tracking of runtime power state transitions regardless of synchronous or asynchronous `rpm_suspend` / `rpm_resume` usage. Signed-off-by: Vilas Bhat <vilasbhat@google.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Bug: 325508361 (cherry picked from commit 015abee404760249a5c968b9ce29216b94b8ced1 https://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git linux-next) [vilasbhat: Removed reference to RPM_INVALID from patch as it does not exist in 5.15] Change-Id: Iad7cae74c41b23b430331379c180b5e59bc32c40 Signed-off-by: Vilas Bhat <vilasbhat@google.com> |