This change limits function inlining across translation unit
boundaries in order to reduce the binary size with LTO.
The -import-instr-limit flag defines a size limit, as the number
of LLVM IR instructions, for importing functions from other TUs.
The default value is 100, and decreasing it to 5 reduces the size
of a stripped arm64 defconfig vmlinux by 11%.
Bug: 145297228
Change-Id: Iaf366f843582972a5dfadc4695abb8f9c59882af
Suggested-by: George Burgess IV <gbiv@google.com>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
LLD always splits sections with LTO, which increases module sizes. This
change adds a linker script that merges the split sections in the final
module.
Bug: 145297228
Change-Id: I247e8bd029bd0f98a4fa1cd4db7f6398467b8e55
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Android relies on the "hidepid" mount option for /proc on
the 2nd mount, however the upstream kernel requires options
on the first mount and ignores options afterwards.
In prevous Android kernels, this was fixed by reverting
upstream commit e94591d0d9 ("proc: Convert proc_mount
to use mount_ns."). The upstream code has now been
refactored to the point that a new fix is needed. This
patch applies mount options during proc_get_tree() to
ensure the most recently parsed options are applied.
Bug: 145626724
Test: atest CtsOsTestCases:android.os.cts.EnvironmentTest#testHidePid2
Change-Id: I3d402f98e826e2f03ad366da7d05b3eeaaa90c26
Signed-off-by: Todd Kjos <tkjos@google.com>
Adding helper API to find usb substream context information
using card number, pcm device number and direction. This usb
substream is used to enable/disable by issuing SET_ALT
command to device. Also add disconnect call back to perform
any clean up required.
Bug: 140989596
Change-Id: I252f5171bd94b5ab096eb1a2f053f29a8c049c3b
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Jack Pham <jackp@codeaurora.org>
The mandatory tweaks to allmodconfig are manually enforced during
post_defconfig, so using gki_defconfig as a base for allmodconfig is not
strictly necessary. While this helped finding bugs in code paths that
are unexplored by the vanilla allmodconfig, this is also misalgigned
with KernelCI, and doesn't prevent breakages there, which is one of the
original point of allmodconfig as a presubmit test.
Remove the KCONFIG_ALLCONFIG parameter for allmodconfig, and remove a
stale comment in the same file while at it.
Bug: 140224784
Test: compiled-tested allmodconfig for arm64 and x86
Change-Id: Idd33e25ce62e2a6a37d650844d8ae3033070f825
Signed-off-by: Quentin Perret <qperret@google.com>
CONFIG_UNWINDER_ORC needs a libelf-dev which we unfortunately can't
afford to have in the CI yet.
Switch to different stack unwinder for allmodconfig to work around the
problem temporarily.
Bug: 140224784
Test: allmodconfig build for x86
Change-Id: Id35c222e76cca35aa5e520c1a3d5d88e5cc1da8a
Signed-off-by: Quentin Perret <qperret@google.com>
Set the default for CONFIG_IIO=y, a requirement for bandwidth,
latency and proper synchronization of the sensor hub with camera.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 145377190
Change-Id: If4d6b09cc4fc4807404311d793713557ee88f66b
Export 'arch_setup_dma_ops' to fix the dependency added
if CONFIG_SND_SOC=m:
ERROR: "arch_setup_dma_ops" [sound/soc/snd-soc-core.ko] undefined!
This should be followed up with a refactor that removes the dependency
(tracked in the cited bug).
Bug: 144369166
Fixes: 9cb7ec3e9b ("ANDROID: ASoC: core - add hostless DAI support")
Change-Id: Icf2daf1d92597e6dc9e723799ed7cea73e961227
Signed-off-by: Todd Kjos <tkjos@google.com>
'struct regulator at internal.h:34:1' changed:
type size hasn't changed
1 data member insertion:
'unsigned int regulator::device_link', at offset 29 (in bits) at internal.h:39:1
167 impacted interfaces
Fixes: 106dcff0ec ("UPSTREAM: regulator: core: Don't try to remove device links if add failed")
Change-Id: Id662fb57557b76c00de4da863c4a56fd2d3e576c
Signed-off-by: Matthias Maennich <maennich@google.com>
The instructions in the README should match what `git cherry-pick -x` is
producing to get a consistent format that we can later rely on.
Fixes: f8978f4f6a ("ANDROID: add README.md")
Change-Id: I7c9f06af65654ae141ef85b52a081641c7320348
Cc: Saravana Kannan <saravanak@google.com>
Signed-off-by: Matthias Maennich <maennich@google.com>
The of_is_ancestor_of() function was renamed from of_link_is_valid()
based on review feedback. The rename meant the semantics of the function
had to be inverted, but this was missed in the earlier patch.
So, fix the semantics of of_is_ancestor_of() and invert the conditional
expressions where it is used.
Fixes: a3e1d1a7f5 ("of: property: Add functional dependency link from DT bindings")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Link: https://lore.kernel.org/r/20191120080230.16007-1-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry-picked from 3883539140)
Change-Id: I6ba531820df33c6a555990e02c08d96820ed8a4f
device_link_add() might not always succeed depending on the type of
device link and the rest of the dependencies in the system. If
device_link_add() didn't succeed, then we shouldn't try to remove the
link later on as it might remove a link someone else created.
Signed-off-by: Saravana Kannan <saravanak@google.com>
Link: https://lore.kernel.org/r/20191115000438.45970-1-saravanak@google.com
Signed-off-by: Mark Brown <broonie@kernel.org>
(cherry-picked from b59b654478)
Change-Id: I6cffa3ca884b74122307931e8f6615f31c33ef55
These errors are harmless, suppress the output.
Fixes: 310afefe71 ("ANDROID: kbuild: add support for Clang LTO")
Change-Id: Ia78f2edb6aa3a93ffbca37d193f065a51f748679
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Makefile.modpost was split to Makefile.modfinal in 5.4. This file
doesn't include include/config/auto.conf, which breaks checking
for kernel configuration. This change adds the missing include and
cleans up the LTO build rule.
Bug: 145296861
Fixes: 310afefe71 ("ANDROID: kbuild: add support for Clang LTO")
Change-Id: I3e6f676e841eed730ce8cccdfbd312f63660c293
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Instead of casting pointers to callback functions, add C wrappers
to avoid type mismatch failures with Control-Flow Integrity (CFI)
checking.
Bug: 145210207
Change-Id: I78751148dc1d2cf5666dfdeeb8f6ffa602aefa5c
(am from https://lore.kernel.org/patchwork/patch/1156078/)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Disable CFI for code that runs at EL2 because __cfi_check only
understands EL1 addresses.
Bug: 145210207
Change-Id: I0053c4e42a0f40423ac94ab73077034e97e0ff31
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
__apply_alternatives makes indirect calls to functions whose address is
taken in assembly code using the alternative_cb macro. With CFI enabled
using non-canonical jump tables, the compiler isn't able to replace the
function reference with the jump table reference, which trips CFI.
Bug: 145210207
Change-Id: I6cdd164f9315c0aa16a1427ab1a67cfa8aad3ffd
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
We use non-canonical CFI jump tables with CONFIG_CFI_CLANG, which
means the compiler replaces function address references with the
address of the function's CFI jump table entry. This results in
__pa_symbol(function) returning the physical address of the jump
table entry, which can lead to address space confusion since the
jump table points to a virtual address.
This change adds a __pa_function macro, which uses inline assembly
to take the actual function address instead.
Bug: 145210207
Change-Id: I674e5ed386b282a7ed32eeb1f070fb39b5c4b19c
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Disable CFI checking for functions that switch to linear mapping and
make an indirect call to a physical address, since the compiler only
understands virtual addresses.
Bug: 145210207
Change-Id: Icce1a5b8ca521227b2fd6a3309189e738fe022b8
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Implement arch_bpf_jit_check_func to check that pointers to jited BPF
functions are correctly aligned and point to the BPF JIT region. This
narrows down the attack surface on the stored pointer.
Bug: 145210207
Change-Id: I1c2c9365662437f9a4178b873859576028468ea6
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With CONFIG_BPF_JIT, the kernel makes indirect calls to dynamically
generated code, which the compile-time Control-Flow Integrity (CFI)
checking cannot validate. This change adds basic sanity checking to
ensure we are jumping to a valid location, which narrows down the
attack surface on the stored pointer.
In addition, this change adds a weak arch_bpf_jit_check_func function,
which architectures that implement BPF JIT can override to perform
additional validation, such as verifying that the pointer points to
the correct memory region.
Bug: 145210207
Change-Id: I1a90c70cdcef25673a870d3c4f2586a829c0d32e
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This change adds the CONFIG_CFI_CLANG option, CFI error handling,
and a faster look-up table for cross module CFI checks.
Bug: 145210207
Change-Id: I118303de50114ca6f85d89a7d69c5cbc47e2f5c0
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Allow CONFIG_LTO_CLANG and CONFIG_THINLTO to be enabled.
Bug: 145210207
Change-Id: If0d2cf24eabd3720576489cc74410681ef722784
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
LLVM's integrated assembler fails with the following error when
building KVM:
<inline asm>:12:6: error: expected absolute expression
.if kvm_update_va_mask == 0
^
<inline asm>:21:6: error: expected absolute expression
.if kvm_update_va_mask == 0
^
<inline asm>:24:2: error: unrecognized instruction mnemonic
NOT_AN_INSTRUCTION
^
LLVM ERROR: Error parsing inline asm
These errors come from ALTERNATIVE_CB and __ALTERNATIVE_CFG,
which test for the existence of the callback parameter in inline
assembly using the following expression:
" .if " __stringify(cb) " == 0\n"
This works with GNU as, but isn't supported by LLVM. This change
splits __ALTERNATIVE_CFG and ALTINSTR_ENTRY into separate macros
to fix the LLVM build.
Bug: 145210207
Change-Id: I3f80fca8aafdac4e185f79ce5a4eee9ba367bb33
(am from https://lore.kernel.org/patchwork/patch/1146950/)
Link: https://github.com/ClangBuiltLinux/linux/issues/472
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Unlike gcc, clang considers each inline assembly block to be independent
and therefore, when using the integrated assembler for inline assembly,
any preambles that enable features must be repeated in each block.
This change defines __LSE_PREAMBLE and adds it to each inline assembly
block that has LSE instructions, which allows them to be compiled also
with clang's assembler.
Bug: 145210207
Change-Id: Ifdcb160ddb074bea62a52239fffb0590f409df46
(am from https://lore.kernel.org/patchwork/patch/1146951/)
Link: https://github.com/ClangBuiltLinux/linux/issues/671
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With LTO, the compiler doesn't necessarily obey link order for
initcalls, and the initcall variables need to be globally unique
to avoid naming collisions.
In order to preserve the intended order, this change moves each
initcall variable into its own section and generates a linker
script (in scripts/link-vmlinux.sh) to define the correct order
for these sections. We also add a __COUNTER__ prefix to the name,
so we can retain the order of initcalls within each compilation
unit, and __LINE__ to help ensure uniqueness.
Bug: 145210207
Change-Id: I602038783853497790c5a2941343c546e380c525
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Disable LTO for rodata.o to allow objcopy to be used to
manipulate sections.
Bug: 145210207
Change-Id: I387a37fd2dd13a877e9e66e9f99c9c4b10b0e963
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With CONFIG_LTO_CLANG, we produce LLVM IR instead of object files. Since LTO
is not really needed here and the Makefile assumes we produce an object file,
disable LTO for libstub.
Bug: 145210207
Change-Id: I7f1f9af7430164ebbcb0e85f66abae5cb9feee6a
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With CONFIG_LTO_CLANG, clang generates LLVM IR instead of ELF object
files. As empty.o is used for probing target properties, disable LTO
for it to produce an object file instead.
Bug: 145210207
Change-Id: I618d8b86ed88ad048abdee3c541ced19d12982c0
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With CONFIG_LTO_CLANG enabled, LLVM IR won't be compiled into object
files until modpost_link. This change postpones calls to recordmcount
until after this step.
In order to exclude ftrace_process_locs from inspection, we add a new
code section .text..ftrace, which we tell recordmcount to ignore, and
a __norecordmcount attribute for moving functions to this section.
Bug: 145210207
Change-Id: Ib77f7c431fce54243c46d584b55761ed2342965c
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This change adds the configuration option CONFIG_LTO_CLANG, and
build system support for Clang's Link Time Optimization (LTO). In
preparation for LTO support with other compilers, potentially common
parts of the changes are gated behind CONFIG_LTO instead.
With -flto, instead of object files, Clang produces LLVM bitcode,
which is compiled into a native object at link time, allowing the
final binary to be optimized globally. For more details, see:
https://llvm.org/docs/LinkTimeOptimization.html
While the kernel normally uses GNU ld for linking, LLVM supports LTO
only with LLD or GNU gold linkers. This change assumes LLD is used.
Bug: 145210207
Change-Id: If1164ff33d073358ee7d4bba84cbb06c349c4a88
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Similarly to the CC_IS_CLANG config, add LD_IS_LLD to simplify feature
selection based on the linker.
Bug: 145210207
Change-Id: I097c52899dcf9829eb0e1ea89211b17972301c1a
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
platform_find_device_by_driver calls bus_find_device and passes
platform_match as the callback function. Casting the function to a
mismatching type trips indirect call Control-Flow Integrity (CFI) checking.
This change adds a callback function with the correct type and instead
of casting the function, explicitly casts the second parameter to struct
device_driver* as expected by platform_match.
Bug: 145210207
Change-Id: Idef667974d3c54ebd79f0813531cf2523d651dfe
(cherry picked from commit 492c88720d
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git
driver-core-next)
Fixes: 36f3313d6b ("platform: Add platform_find_device_by_driver() helper")
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191112214156.3430-1-samitolvanen@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If we detect a corrupted x18 and SCS is enabled, restore the register
before jumping back to instrumented code. This is safe, because the
wrapper is called with preemption disabled and a separate shadow stack
is used for interrupt handling.
Bug: 145210207
Change-Id: Idb75117e38c895231a14f5573261861e722c1264
(am from https://lore.kernel.org/patchwork/patch/1149060/)
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
