* android-3.10: (60 commits)
kbuild: make it possible to specify the module output dir
xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
ipv6: clean up anycast when an interface is destroyed
usb: gadget: check for accessory device before disconnecting HIDs
staging: android: ashmem: add missing include
usb: gadget: android: Save/restore ep0 completion function
selinux: Remove obsolete selinux_audit_data initialization.
selinux: make the netif cache namespace aware
selinux: correctly label /proc inodes in use before the policy is loaded
selinux: fix inode security list corruption
selinux: put the mmap() DAC controls before the MAC controls
selinux: reduce the number of calls to synchronize_net() when flushing caches
[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs
SELinux: Update policy version to support constraints info
[PATCH v4 4/5] pstore: add pmsg
[PATCH 3/5] pstore: handle zero-sized prz in series
[PATCH v2 2/5] pstore: remove superfluous memory size check
[PATCH v4 1/5] pstore: use snprintf
pstore: clarify clearing of _read_cnt in ramoops_context
prctl: make PR_SET_TIMERSLACK_PID pid namespace aware
...
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Conflicts:
drivers/staging/android/Kconfig
commit 29187a9eea upstream.
A worker_pool's forward progress is guaranteed by the fact that the
last idle worker assumes the manager role to create more workers and
summon the rescuers if creating workers doesn't succeed in timely
manner before proceeding to execute work items.
This manager role is implemented in manage_workers(), which indicates
whether the worker may proceed to work item execution with its return
value. This is necessary because multiple workers may contend for the
manager role, and, if there already is a manager, others should
proceed to work item execution.
Unfortunately, the function also indicates that the worker may proceed
to work item execution if need_to_create_worker() is false at the head
of the function. need_to_create_worker() tests the following
conditions.
pending work items && !nr_running && !nr_idle
The first and third conditions are protected by pool->lock and thus
won't change while holding pool->lock; however, nr_running can change
asynchronously as other workers block and resume and while it's likely
to be zero, as someone woke this worker up in the first place, some
other workers could have become runnable inbetween making it non-zero.
If this happens, manage_worker() could return false even with zero
nr_idle making the worker, the last idle one, proceed to execute work
items. If then all workers of the pool end up blocking on a resource
which can only be released by a work item which is pending on that
pool, the whole pool can deadlock as there's no one to create more
workers or summon the rescuers.
This patch fixes the problem by removing the early exit condition from
maybe_create_worker() and making manage_workers() return false iff
there's already another manager, which ensures that the last worker
doesn't start executing work items.
We can leave the early exit condition alone and just ignore the return
value but the only reason it was put there is because the
manage_workers() used to perform both creations and destructions of
workers and thus the function may be invoked while the pool is trying
to reduce the number of workers. Now that manage_workers() is called
only when more workers are needed, the only case this early exit
condition is triggered is rare race conditions rendering it pointless.
Tested with simulated workload and modified workqueue code which
trigger the pool deadlock reliably without this patch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Eric Sandeen <sandeen@sandeen.net>
Link: http://lkml.kernel.org/g/54B019F4.8030009@sandeen.net
Cc: Dave Chinner <david@fromorbit.com>
Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5e5aeb4367 upstream.
Verify that the frequency value from userspace is valid and makes sense.
Unverified values can cause overflows later on.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jstultz: Fix up bug for negative values and drop redunent cap check]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6ada1fc0e1 upstream.
An unvalidated user input is multiplied by a constant, which can result in
an undefined behaviour for large values. While this is validated later,
we should avoid triggering undefined behaviour.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jstultz: include trivial milisecond->microsecond correction noticed
by Andy]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The hrtimer mode of broadcast is supported only when
GENERIC_CLOCKEVENTS_BROADCAST and TICK_ONESHOT config options
are enabled. Hence compile in the functions for hrtimer mode
of broadcast only when these options are selected.
Also fix max_delta_ticks value for the pseudo clock device.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Reported-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Preeti U Murthy <preeti@linux.vnet.ibm.com>
Link: http://lkml.kernel.org/r/52F719EE.9010304@linux.vnet.ibm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit 849401b66d)
Signed-off-by: Mark Brown <broonie@kernel.org>
Conflicts:
kernel/time/Makefile
On some architectures, in certain CPU deep idle states the local timers stop.
An external clock device is used to wakeup these CPUs. The kernel support for the
wakeup of these CPUs is provided by the tick broadcast framework by using the
external clock device as the wakeup source.
However not all implementations of architectures provide such an external
clock device. This patch includes support in the broadcast framework to handle
the wakeup of the CPUs in deep idle states on such systems by queuing a hrtimer
on one of the CPUs, which is meant to handle the wakeup of CPUs in deep idle states.
This patchset introduces a pseudo clock device which can be registered by the
archs as tick_broadcast_device in the absence of a real external clock
device. Once registered, the broadcast framework will work as is for these
architectures as long as the archs take care of the BROADCAST_ENTER
notification failing for one of the CPUs. This CPU is made the stand by CPU to
handle wakeup of the CPUs in deep idle and it *must not enter deep idle states*.
The CPU with the earliest wakeup is chosen to be this CPU. Hence this way the
stand by CPU dynamically moves around and so does the hrtimer which is queued
to trigger at the next earliest wakeup time. This is consistent with the case where
an external clock device is present. The smp affinity of this clock device is
set to the CPU with the earliest wakeup. This patchset handles the hotplug of
the stand by CPU as well by moving the hrtimer on to the CPU handling the CPU_DEAD
notification.
Originally-from: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Preeti U Murthy <preeti@linux.vnet.ibm.com>
Cc: deepthi@linux.vnet.ibm.com
Cc: paulmck@linux.vnet.ibm.com
Cc: fweisbec@gmail.com
Cc: paulus@samba.org
Cc: srivatsa.bhat@linux.vnet.ibm.com
Cc: svaidy@linux.vnet.ibm.com
Cc: peterz@infradead.org
Cc: benh@kernel.crashing.org
Cc: rafael.j.wysocki@intel.com
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20140207080632.17187.80532.stgit@preeti.in.ibm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit 5d1638acb9)
Signed-off-by: Mark Brown <broonie@kernel.org>
Conflicts:
kernel/time/Makefile
commit 9fc81d8742 upstream.
We allow PMU driver to change the cpu on which the event
should be installed to. This happened in patch:
e2d37cd213 ("perf: Allow the PMU driver to choose the CPU on which to install events")
This patch also forces all the group members to follow
the currently opened events cpu if the group happened
to be moved.
This and the change of event->cpu in perf_install_in_context()
function introduced in:
0cda4c0231 ("perf: Introduce perf_pmu_migrate_context()")
forces group members to change their event->cpu,
if the currently-opened-event's PMU changed the cpu
and there is a group move.
Above behaviour causes problem for breakpoint events,
which uses event->cpu to touch cpu specific data for
breakpoints accounting. By changing event->cpu, some
breakpoints slots were wrongly accounted for given
cpu.
Vinces's perf fuzzer hit this issue and caused following
WARN on my setup:
WARNING: CPU: 0 PID: 20214 at arch/x86/kernel/hw_breakpoint.c:119 arch_install_hw_breakpoint+0x142/0x150()
Can't find any breakpoint slot
[...]
This patch changes the group moving code to keep the event's
original cpu.
Reported-by: Vince Weaver <vince@deater.net>
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Vince Weaver <vince@deater.net>
Cc: Yan, Zheng <zheng.z.yan@intel.com>
Link: http://lkml.kernel.org/r/1418243031-20367-3-git-send-email-jolsa@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the
target pid in the caller's namespace. Otherwise, calls from pid
namespace other than init would fail or affect the wrong task.
Change-Id: I1da15196abc4096536713ce03714e99d2e63820a
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
The case clause for the PR_SET_TIMERSLACK_PID option was placed inside
the an internal switch statement for PR_MCE_KILL (see commits 37a591d4
and 8ae872f1) . This commit moves it to the right place.
Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
commit 66d2f338ee upstream.
Now that setgroups can be disabled and not reenabled, setting gid_map
without privielge can now be enabled when setgroups is disabled.
This restores most of the functionality that was lost when unprivileged
setting of gid_map was removed. Applications that use this functionality
will need to check to see if they use setgroups or init_groups, and if they
don't they can be fixed by simply disabling setgroups before writing to
gid_map.
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9cc46516dd upstream.
- Expose the knob to user space through a proc file /proc/<pid>/setgroups
A value of "deny" means the setgroups system call is disabled in the
current processes user namespace and can not be enabled in the
future in this user namespace.
A value of "allow" means the segtoups system call is enabled.
- Descendant user namespaces inherit the value of setgroups from
their parents.
- A proc file is used (instead of a sysctl) as sysctls currently do
not allow checking the permissions at open time.
- Writing to the proc file is restricted to before the gid_map
for the user namespace is set.
This ensures that disabling setgroups at a user namespace
level will never remove the ability to call setgroups
from a process that already has that ability.
A process may opt in to the setgroups disable for itself by
creating, entering and configuring a user namespace or by calling
setns on an existing user namespace with setgroups disabled.
Processes without privileges already can not call setgroups so this
is a noop. Prodcess with privilege become processes without
privilege when entering a user namespace and as with any other path
to dropping privilege they would not have the ability to call
setgroups. So this remains within the bounds of what is possible
without a knob to disable setgroups permanently in a user namespace.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f95d7918bd upstream.
If you did not create the user namespace and are allowed
to write to uid_map or gid_map you should already have the necessary
privilege in the parent user namespace to establish any mapping
you want so this will not affect userspace in practice.
Limiting unprivileged uid mapping establishment to the creator of the
user namespace makes it easier to verify all credentials obtained with
the uid mapping can be obtained without the uid mapping without
privilege.
Limiting unprivileged gid mapping establishment (which is temporarily
absent) to the creator of the user namespace also ensures that the
combination of uid and gid can already be obtained without privilege.
This is part of the fix for CVE-2014-8989.
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 80dd00a237 upstream.
setresuid allows the euid to be set to any of uid, euid, suid, and
fsuid. Therefor it is safe to allow an unprivileged user to map
their euid and use CAP_SETUID privileged with exactly that uid,
as no new credentials can be obtained.
I can not find a combination of existing system calls that allows setting
uid, euid, suid, and fsuid from the fsuid making the previous use
of fsuid for allowing unprivileged mappings a bug.
This is part of a fix for CVE-2014-8989.
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit be7c6dba23 upstream.
As any gid mapping will allow and must allow for backwards
compatibility dropping groups don't allow any gid mappings to be
established without CAP_SETGID in the parent user namespace.
For a small class of applications this change breaks userspace
and removes useful functionality. This small class of applications
includes tools/testing/selftests/mount/unprivilged-remount-test.c
Most of the removed functionality will be added back with the addition
of a one way knob to disable setgroups. Once setgroups is disabled
setting the gid_map becomes as safe as setting the uid_map.
For more common applications that set the uid_map and the gid_map
with privilege this change will have no affect.
This is part of a fix for CVE-2014-8989.
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 273d2c67c3 upstream.
setgroups is unique in not needing a valid mapping before it can be called,
in the case of setgroups(0, NULL) which drops all supplemental groups.
The design of the user namespace assumes that CAP_SETGID can not actually
be used until a gid mapping is established. Therefore add a helper function
to see if the user namespace gid mapping has been established and call
that function in the setgroups permission check.
This is part of the fix for CVE-2014-8989, being able to drop groups
without privilege using user namespaces.
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0542f17bf2 upstream.
The rule is simple. Don't allow anything that wouldn't be allowed
without unprivileged mappings.
It was previously overlooked that establishing gid mappings would
allow dropping groups and potentially gaining permission to files and
directories that had lesser permissions for a specific group than for
all other users.
This is the rule needed to fix CVE-2014-8989 and prevent any other
security issues with new_idmap_permitted.
The reason for this rule is that the unix permission model is old and
there are programs out there somewhere that take advantage of every
little corner of it. So allowing a uid or gid mapping to be
established without privielge that would allow anything that would not
be allowed without that mapping will result in expectations from some
code somewhere being violated. Violated expectations about the
behavior of the OS is a long way to say a security issue.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7ff4d90b4c upstream.
Today there are 3 instances of setgroups and due to an oversight their
permission checking has diverged. Add a common function so that
they may all share the same permission checking code.
This corrects the current oversight in the current permission checks
and adds a helper to avoid this in the future.
A user namespace security fix will update this new helper, shortly.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
<4>[ 4109.549723] [<c0013e24>] (unwind_backtrace+0x0/0xe0) from [<c001172c>] (show_stack+0x10/0x14)
<4>[ 4109.549737] [<c001172c>] (show_stack+0x10/0x14) from [<c0032408>] (warn_slowpath_common+0x4c/0x68)
<4>[ 4109.549750] [<c0032408>] (warn_slowpath_common+0x4c/0x68) from [<c00324a4>] (warn_slowpath_fmt+0x2c/0x3c)
<4>[ 4109.549762] [<c00324a4>] (warn_slowpath_fmt+0x2c/0x3c) from [<c009899c>] (watchdog_check_hardlockup_other_cpu+0xd0/0xf8)
<4>[ 4109.549778] [<c009899c>] (watchdog_check_hardlockup_other_cpu+0xd0/0xf8) from [<c00989fc>] (watchdog_timer_fn+0x38/0x168)
<4>[ 4109.549793] [<c00989fc>] (watchdog_timer_fn+0x38/0x168) from [<c0054c7c>] (__run_hrtimer+0x1a4/0x2b8)
<4>[ 4109.549807] [<c0054c7c>] (__run_hrtimer+0x1a4/0x2b8) from [<c005587c>] (hrtimer_interrupt+0x11c/0x278)
<4>[ 4109.549830] [<c005587c>] (hrtimer_interrupt+0x11c/0x278) from [<c056b65c>] (arch_timer_handler_phys+0x28/0x30)
<4>[ 4109.549846] [<c056b65c>] (arch_timer_handler_phys+0x28/0x30) from [<c009c3a4>] (handle_percpu_devid_irq+0xf8/0x1b4)
<4>[ 4109.549861] [<c009c3a4>] (handle_percpu_devid_irq+0xf8/0x1b4) from [<c0098fa4>] (generic_handle_irq+0x20/0x30)
<4>[ 4109.549872] [<c0098fa4>] (generic_handle_irq+0x20/0x30) from [<c000e3ac>] (handle_IRQ+0x64/0x8c)
<4>[ 4109.549883] [<c000e3ac>] (handle_IRQ+0x64/0x8c) from [<c0008538>] (gic_handle_irq+0x34/0x58)
<4>[ 4109.549893] [<c0008538>] (gic_handle_irq+0x34/0x58) from [<c000d600>] (__irq_svc+0x40/0x70)
<4>[ 4109.549901] Exception stack(0xed0addd8 to 0xed0ade20)
<4>[ 4109.549910] ddc0: 00000003 00000000
<4>[ 4109.549920] dde0: 00000003 c0c5bff3 c0c5bff0 c0c5bff0 547b152f 000003c8 00000000 c0b8446c
<4>[ 4109.549930] de00: ed0ade48 83126e97 00000003 ed0ade20 c0023638 c00235ec 600f0113 ffffffff
<4>[ 4109.549941] [<c000d600>] (__irq_svc+0x40/0x70) from [<c00235ec>] (call_with_single_cpu.isra.4+0x9c/0x154)
<4>[ 4109.549952] [<c00235ec>] (call_with_single_cpu.isra.4+0x9c/0x154) from [<c0023820>] (_ddr_change_freq+0x17c/0x1c0)
<4>[ 4109.549963] [<c0023820>] (_ddr_change_freq+0x17c/0x1c0) from [<c0025088>] (ddrfreq_scale_rate_for_dvfs+0x20/0x74)
<4>[ 4109.549978] [<c0025088>] (ddrfreq_scale_rate_for_dvfs+0x20/0x74) from [<c002937c>] (dvfs_target+0x15c/0x204)
<4>[ 4109.549993] [<c002937c>] (dvfs_target+0x15c/0x204) from [<c0027d70>] (dvfs_clk_set_rate+0x44/0x80)
<4>[ 4109.550007] [<c0027d70>] (dvfs_clk_set_rate+0x44/0x80) from [<c00252a0>] (ddrfreq_mode.part.3+0x40/0xec)
<4>[ 4109.550017] [<c00252a0>] (ddrfreq_mode.part.3+0x40/0xec) from [<c00257c0>] (ddrfreq_work+0x184/0x1d4)
<4>[ 4109.550029] [<c00257c0>] (ddrfreq_work+0x184/0x1d4) from [<c0025868>] (ddrfreq_task+0x58/0x1b8)
<4>[ 4109.550041] [<c0025868>] (ddrfreq_task+0x58/0x1b8) from [<c0051ad4>] (kthread+0xa0/0xac)
<4>[ 4109.550054] [<c0051ad4>] (kthread+0xa0/0xac) from [<c000da98>] (ret_from_fork+0x14/0x3c)
<4>[ 4092.709215] CPU: 2 PID: 17844 Comm: mali-utility-wo Not tainted 3.10.0 #136
<4>[ 4092.709408] [<c0037494>] (mm_update_next_owner+0xc4/0x1c0) from [<c0037704>] (exit_mm+0x174/0x184)
<4>[ 4092.709422] [<c0037704>] (exit_mm+0x174/0x184) from [<c0037918>] (do_exit+0x204/0x400)
<4>[ 4092.709433] [<c0037918>] (do_exit+0x204/0x400) from [<c0037bc8>] (do_group_exit+0x88/0xb4)
<4>[ 4092.709447] [<c0037bc8>] (do_group_exit+0x88/0xb4) from [<c00444b0>] (get_signal_to_deliver+0x3b4/0x3fc)
<4>[ 4092.709459] [<c00444b0>] (get_signal_to_deliver+0x3b4/0x3fc) from [<c0010c00>] (do_signal+0xa0/0x14c)
<4>[ 4092.709469] [<c0010c00>] (do_signal+0xa0/0x14c) from [<c0010fa4>] (do_work_pending+0x4c/0x94)
<4>[ 4092.709480] [<c0010fa4>] (do_work_pending+0x4c/0x94) from [<c000da40>] (work_pending+0xc/0x20)
cpu0 is waiting for the other cpu respond ipi, but one cpu is blocked on getting &tasklist_lock
while irq is disabled and it will not respond ipi. If all the operation of &tasklist_lock is irq-disabled,
the &tasklist_lock will become available before the owner respond ipi, so the blocked cpu will get the
&tasklist_lock.
Signed-off-by: cl <cl@rock-chips.com>
This patch introduces generic code to perform PM domain look-up using
device tree and automatically bind devices to their PM domains.
Generic device tree bindings are introduced to specify PM domains of
devices in their device tree nodes.
Backwards compatibility with legacy Samsung-specific PM domain bindings
is provided, but for now the new code is not compiled when
CONFIG_ARCH_EXYNOS is selected to avoid collision with legacy code.
This will change as soon as the Exynos PM domain code gets converted to
use the generic framework in further patch.
This patch was originally submitted by Tomasz Figa when he was employed
by Samsung.
Link: http://marc.info/?l=linux-pm&m=139955349702152&w=2
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Rob Herring <robh@kernel.org>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de>
Reviewed-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
(cherry picked from commit aa42240ab2)
Signed-off-by: Mark Brown <broonie@kernel.org>
Conflicts:
include/linux/pm_domain.h
commit 82975bc6a6 upstream.
x86 call do_notify_resume on paranoid returns if TIF_UPROBE is set but
not on non-paranoid returns. I suspect that this is a mistake and that
the code only works because int3 is paranoid.
Setting _TIF_NOTIFY_RESUME in the uprobe code was probably a workaround
for the x86 bug. With that bug fixed, we can remove _TIF_NOTIFY_RESUME
from the uprobes code.
Reported-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This unbreaks the build on architectures such as um that do not
support CONFIG_PM_SLEEP.
Change-Id: Ia846ed0a7fca1d762ececad20748d23610e8544f
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
