Add support to use a random local address in authentication and
deauthentication frames sent to unassociated peer when the driver
supports.
The driver needs to configure receive behavior to accept frames with
random transmit address specified in TX path authentication frames
during the time of the frame exchange is pending and such frames need to
be acknowledged similarly to frames sent to the local permanent address
when this random address functionality is used.
This capability allows use of randomized transmit address for PASN
authentication frames to improve privacy of WLAN clients.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Link: https://lore.kernel.org/r/20230112012415.167556-2-quic_vjakkam@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 280613325
Change-Id: Ife3ad20656cba20c1b971bb3a074cc27e21e2c5b
(cherry picked from commit 6933486133https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main)
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Add ANDROID_OEM_DATA_ARRAY to the struct user so that we can record the
necessary data to implement the OEM's scheduling policy.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I418293391bc62a68207eae51a79bd45a7f6cd2ed
(cherry picked from commit 77e791866b)
Add vendor hooks in add/update/remove frequency QoS request process to
ensure that we can access the OEM's "frequency watchdog" logic for
abnormal frequency monitoring. This is necessary for our power tuning
policy.
Bug: 187458531
Signed-off-by: heshuai1 <heshuai1@xiaomi.com>
Change-Id: I1fb8fd6134432ecfb44ad242c66ccd8280ab9b43
(cherry picked from commit c445fe4dc67ad74dacfa548bc78876a7ce057086)
INFO: ABI DIFFERENCES HAVE BEEN DETECTED!
INFO: 4 function symbol(s) added
'int __traceiter_android_vh_alloc_uid(void*, struct user_struct*)'
'int __traceiter_android_vh_free_user(void*, struct user_struct*)'
'struct user_struct* find_user(kuid_t)'
'void free_uid(struct user_struct*)'
2 variable symbol(s) added
'struct tracepoint __tracepoint_android_vh_alloc_uid'
'struct tracepoint __tracepoint_android_vh_free_user'
function symbol 'struct block_device* I_BDEV(struct inode*)' changed
CRC changed from 0xbf847796 to 0x9903391b
function symbol 'void __ClearPageMovable(struct page*)' changed
function symbol 'void __SetPageMovable(struct page*, const struct movable_operations*)' changed
CRC changed from 0x9c92af65 to 0xfd8bfc31
... 4297 omitted; 4300 symbols have only CRC changes
type 'struct user_struct' changed
byte size changed from 136 to 152
member 'u64 android_oem_data1[2]' was added
Bug: 277846574
Change-Id: Ifd44123eb32963e8e9f85de84c505a28cff12d14
Signed-off-by: wang qiankun <wangqiankun3@xiaomi.corp-partner.google.com>
Exporting the symbols find_user() & free_uid() to access user task
information in ko module for monitoring and optimization purposes. This
is a necessary component of our scheduling policy.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I12135c0af312904dd21b6f074beda086ad5ece98
(cherry picked from commit 16350016d8)
(cherry picked from commit eec2cd3df3aa2d92136658d3619dc5142155c7d4)
In order to implement our scheduling tuning policy in certain cases, we
need to initialize the variables that we have defined in the
user_struct. To achieve this, we will add a vendor hook to user.c at
alloc_uid, which will ensure that our own logic is executed during the
initialization of the user_struct.
Bug: 187458531
Signed-off-by: heshuai1 <heshuai1@xiaomi.com>
Change-Id: I078484aac2c3d396aba5971d6d0f491652f3781c
(cherry picked from commit c9b8fa644f)
(cherry picked from commit 9ac0923ef565e4de4e1f35edcba6fcb7e45948c9)
Add "cpufreq_policy" and "need_freq_update" parameters to the vendor
hook to enable frequency calculation in certain special cases related to
OEM's frequency tuning policy.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I232d2e1ae885d6736eca9e4709870f4272b4873d
usb_udc_connect_control does not check to see if the udc has already
been started. This causes gadget->ops->pullup to be called through
usb_gadget_connect when invoked from usb_udc_vbus_handler even before
usb_gadget_udc_start is called. Guard this by checking for udc->started
in usb_udc_connect_control before invoking usb_gadget_connect.
Guarding udc->vbus, udc->started, gadget->connect, gadget->deactivate
related functions with connect_lock. usb_gadget_connect_locked,
usb_gadget_disconnect_locked, usb_udc_connect_control_locked,
usb_gadget_udc_start_locked, usb_gadget_udc_stop_locked are called with
this lock held as they can be simulataneously invoked from different code
paths.
Adding an additional check to make sure udc is started(udc->started)
before pullup callback is invoked.
Bug: 279501392
Bug: 276227797
Fixes: 628ef0d273 ("usb: udc: add usb_udc_vbus_handler")
Cc: stable@vger.kernel.org
Change-Id: Iee7ac5fdf880be5565b9f178708240d619141237
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Link: https://lore.kernel.org/r/20230407030741.3163220-1-badhri@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a3afbf5cc8https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-next)
This reverts commit 067f7ca9fd.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Ie5c4e8b82bac1966ea56834f02ddcc83dccbd7d1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit a8fa816c4d.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I6ca9a9f70805782cdacd7fedc2a057405aae5774
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 7ddb50fff2.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Ie92c7e1fa270672698399600076ac9be1e0ac4f4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 9d29ba9c30.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Iae5f3a6a9025e17aa7b1a0fd805c13953bc0c554
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit af88eb49be.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Iaf8c7af434912fc219d411c8c9b17292f1605af5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 46e1414454.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I935958cfe8d7e01c7469818609534cfd0e9ba6de
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 301169bd8c.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I0ffa37b35a4abce29f9ddde7bebf0b8df159fa1e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit b8301c2638.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I4e97d4fb46ce6596880749b8486bbeafb3151d4a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 6996d13954.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I29bcae8b8b502b7c4a4b79650996d1ba2556f1c7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit a3a763fb37.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Ie5a36427c09a3cc7f89949e05c0bb6b013f9c591
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit cc7a00d2d6.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: I30a89a414afcc3db54c040afff3ab067b33170be
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 2039635543.
It was perserving the ABI, but that is not needed anymore at this point
in time.
Change-Id: Iaa9f70751453325f43d15bc6e4f6cf5bc68d6ec2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
The pKVM hypervisor uses the module_ops struct as a way to expose
services to loadable modules. It doesn't however allow fine-grained
definition of the license for each export, and doesn't have a way to
check the license of the loaded module (yet). As such, the assumption
is that said module is proprietary, and must NOT be allowed to use GPL
symbols.
Even though symbols such as __pkvm_load_el2_module are currently
exported as GPL, these exports only apply to the kernel part of the
module, which is usually only a proxy to load the hyp module, which
may be built separately.
Given the lack of license enforcement at load time, let's seek GPL
compliance by preventing the accidental export of GPL symbols to hyp
modules via pKVM's module_ops struct. To do so, add a build time check
for the absence of such symbols from the KVM nvhe code entirely.
In the future (Android 15+ and upstream), we should consider expanding
the pKVM module loader to allow finer grained licensing of exports.
This would allow exposing internal pKVM functions as GPL only for e.g.
selftests and such w/o risking exports to proprietary modules.
Bug: 263340138
Bug: 267430896
Change-Id: I09b81bfe322c0d2746c0349c5f217a5a76b6e33d
Signed-off-by: Quentin Perret <qperret@google.com>
... so it can be read by Bazel @kernel_toolchain_info
later.
Test: TH
Bug: 272164611
Change-Id: I04648f8fb28537544287797673810946dedb58f3
Signed-off-by: Yifan Hong <elsk@google.com>
This reverts commit 3a7f9f00f0.
Some module driver need to know current cpufreq change status
to profile cpu operation.
Bug: 280531400
Change-Id: Ibd7fa6c7e04695d2efc39775767b77b522ba6c06
Signed-off-by: Youngmin Nam <youngmin.nam@samsung.com>
In one of the SMMU faults (NULL Pointer derefernce) the following
race condition was observed and func->interfaces_nums was being
accessed for f_fs interface after it was unbinded resulting in a
crash.
Thread-1 Thread-2
ffs_func_req_match+0x68/0xc8
drain_workqueue+0xac
gsi_unbind[usb_f_gsi]+0x64
purge_configs_funcs+0xb4
configfs_composite_unbind+0xac
usb_gadget_remove_driver+0xac
usb_gadget_unregister_driver+0xd8
gadget_dev_desc_UDC_store+0x114
android_setup+0x164/0x2a8
dwc3_ep0_inspect_setup+0x100/0x440
dwc3_ep0_interrupt+0xac/0x300
dwc3_process_event_entry+0x80/0x724
dwc3_process_event_buf+0x80/0x434
dwc3_thread_interrupt+0x60/0x124
irq_thread_fn+0x54/0xe4
irq_thread+0x3a4/0x6ec
kthread+0x188/0x1ec
ret_from_fork+0x10/0x20
The events happened in order are as follows:
We got a setup packet for ffs interface and was passed to android
setup callback from ep0.c. As part of the delegate request, the
dwc->lock is released.
At this instant a composition switch occurred and as per traces
and crash dumps:
1. UDC Stop was done successfully. So run stop is set to '0'
2. Composite disconnect was done and ep disable for all ep's is done
gadget->connected = FALSE
3. Async callbacks disabled
dwc->aysnc_callbacks = FALSE
4. composite unbind is going on and the ffs interface in question is
unbinded
udc->driver != NULL
(as per crash dump indicating that unbind is in progress)
5. Purge configs was ongoing because as per crash dumps:
otg_desc[0] = NULL;
cdev->os_desc_req->buf is not NULL
(configfs_composite_unbind is going on, but composite_dev_cleanup
not yet done)
As per the traces:
23.794712: dwc3_event event=49216 ep0state=1 str=
23.794909: dwc3_ctrl_req bRequestType=161 bRequest=1 wValue=0
wIndex=2 wLength=4096
23.799740: usb_gadget_disconnect speed=5 max_speed=6 state=7
mA=0 deactivated=0 connected=0 ret=0
This indicated that android setup came first followed by composite
disconnect. Since the dwc->lock was released by delegate_request,
soft disconnect gets unblocked and runs parallel to composite setup.
After this, there is no check in path of composite setup
indicating unbind happened and bail out is necessary instead of
executing any function ops.
Protect composite_setup (as part of android_setup) in a spinlock
to block composite_disconnect/unbind running in parallel.
Moreover, in the configfs counterpart of android_setup (configfs_
composite_stetup), the composite_setup call is done with spinlock
held.
It is only the android_setup missing this lock.
Bug: 280548269
Fixes: 7a160e2b96 ("ANDROID: usb: gadget: configfs: Add Uevent to notify userspace")
Change-Id: Id245e9f72801541689fcb185ba0459824bfb3904
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
(cherry picked from commit 9ad803f257a8eb50a52c19a4cf33690cf1b85575)
cfg80211 & mac80211 are being converted to vendor modules.
To be consistent for both arm64 & x86_64 remove them
from protected to unprotected; so they can be converted
to vendor modules for x86_64 as well.
This also helps keep things simpler for virtual_device;
so it doesn't have to maintain seperate list for these
architectures w.r.t. these modules.
Bug: 281137343
Test: TH
Change-Id: Ica028593f30528c361a6ab30da8cb5be5187d067
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add ramjiyani@ as per-file owner for:
android/abi_gki_protected_exports_*
android/gki_aarch64_protected_modules
android/gki_x86_64_protected_modules
Update required due to addition of multi arch support
caused renaming of these files with arch name in them.
Bug: 151893768
Test: TH
Change-Id: Ice5c054f90b3fc4f91bfe73f680082dc129c0310
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
In binder_transaction_buffer_release() the 'failed_at' offset indicates
the number of objects to clean up. However, this function was changed by
commit 44d8047f1d ("binder: use standard functions to allocate fds"),
to release all the objects in the buffer when 'failed_at' is zero.
This introduced an issue when a transaction buffer is released without
any objects having been processed so far. In this case, 'failed_at' is
indeed zero yet it is misinterpreted as releasing the entire buffer.
This leads to use-after-free errors where nodes are incorrectly freed
and subsequently accessed. Such is the case in the following KASAN
report:
==================================================================
BUG: KASAN: slab-use-after-free in binder_thread_read+0xc40/0x1f30
Read of size 8 at addr ffff4faf037cfc58 by task poc/474
CPU: 6 PID: 474 Comm: poc Not tainted 6.3.0-12570-g7df047b3f0aa #5
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x48/0x60
print_report+0xf8/0x5b8
kasan_report+0xb8/0xfc
__asan_load8+0x9c/0xb8
binder_thread_read+0xc40/0x1f30
binder_ioctl+0xd9c/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
Allocated by task 474:
kasan_save_stack+0x3c/0x64
kasan_set_track+0x2c/0x40
kasan_save_alloc_info+0x24/0x34
__kasan_kmalloc+0xb8/0xbc
kmalloc_trace+0x48/0x5c
binder_new_node+0x3c/0x3a4
binder_transaction+0x2b58/0x36f0
binder_thread_write+0x8e0/0x1b78
binder_ioctl+0x14a0/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
Freed by task 475:
kasan_save_stack+0x3c/0x64
kasan_set_track+0x2c/0x40
kasan_save_free_info+0x38/0x5c
__kasan_slab_free+0xe8/0x154
__kmem_cache_free+0x128/0x2bc
kfree+0x58/0x70
binder_dec_node_tmpref+0x178/0x1fc
binder_transaction_buffer_release+0x430/0x628
binder_transaction+0x1954/0x36f0
binder_thread_write+0x8e0/0x1b78
binder_ioctl+0x14a0/0x1768
__arm64_sys_ioctl+0xd4/0x118
invoke_syscall+0x60/0x188
[...]
==================================================================
In order to avoid these issues, let's always calculate the intended
'failed_at' offset beforehand. This is renamed and wrapped in a helper
function to make it clear and convenient.
Fixes: 32e9f56a96 ("binder: don't detect sender/target during buffer cleanup")
Reported-by: Zi Fan Tan <zifantan@google.com>
Link: https://b.corp.google.com/issues/275041864
Cc: stable@vger.kernel.org
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Bug: 275041864
Link: https://lore.kernel.org/all/20230505203020.4101154-1-cmllamas@google.com
Change-Id: I4bcc8bde77a8118872237d100cccb5caf95d99a1
Signed-off-by: Carlos Llamas <cmllamas@google.com>
trace_android_vh_binder_proc_transaction_entry:
We need change binder thread so that this work can be added in
proc->todo, if we found the binder thread, skip native logic.
trace_android_vh_binder_select_worklist_ilocked:
we need this because we can't change list point in ”trace_android_vh_binder_thread_read“,
otherwise, If a work has beed added in our own defined list before,
current may goto retry and loop again and again.
Bug: 219898723
Change-Id: Ifdb3429c9ddac521bc75c1d21740ee7cc4b8f143
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit acefa91e51)
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit d26c0e1c409179ea74aaa89f748006bd76000cc3)
We want to add some hooks in the binder module so that we can reduce
block time until binder thread is available
Here are what new hooks do for:
1、android_vh_binder_looper_state_registered: choose a binder thread(do proc work) as a low-level thread.Only this thread has power to excute background binder transaction.
2、android_vh_binder_thread_read: let binder thread do works which come from
our list.
3、android_vh_binder_free_proc: free some pointers and variable.
4、android_vh_binder_thread_release: free the list that we create before.
5、android_vh_binder_has_work_ilocked: to check if our list has work.
6、android_vh_binder_read_done: because of we add hook in binder_has_work_ilocked,
7、android_vh_binder_preset: mark target proc's binder threads.
binder_has_work_ilocked may return true, so we try to wake up low-level thread immediately.
Bug: 212483521
Change-Id: Ic40f452cc4dcf8fc85422e23e6f1a7ad77547309
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit 8d6074509e4ec7e10acf6ee78277ff8cd19e49d0)
Add hooks to apply oem's optimization of rwsem and mutex
Bug: 182237112
Signed-off-by: xieliujie <xieliujie@oppo.com>
(cherry picked from commit 80b4341d05)
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I36895c432e5b6d6bff8781b4a7872badb693284c
Signed-off-by: Carlos Llamas <cmllamas@google.com>
[cmllamas: completes the cherry-pick of original commit 80b4341d05
since commit 0902cc73b793 was only partial]
(cherry picked from commit d4528a28cb5be0c322031f333a6230fa3042931f)
We need pointers to proc and t, the current hooks in binder_proc_transaction
are unable to use.
Bug: 208910215
Change-Id: I730964f965a015e5f5a3e237d9b3bd084b5bd0d0
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit cb7e10d31b)
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit 8968875ad63f4cda9f263e2a2a930524dd8fdbc7)
These hooks help us do the following things:
a) Record the number of mutex and rwsem optimistic spin.
b) Monitor the time of mutex and rwsem optimistic spin.
c) Make it possible if oems don't want mutex and rwsem to optimistic spin
for a long time.
Bug: 267565260
Change-Id: I2bee30fb17946be85e026213b481aeaeaee2459f
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit d01f7e1269)
(cherry picked from commit 05b5ff11ad98c5896b352b4c376a84b63684e06c)
