and associated inet_is_local_unbindable_port() helper function:
use it to make explicitly binding to an unbindable port return
-EPERM 'Operation not permitted'.
Autobind doesn't honour this new sysctl since:
(a) you can simply set both if that's the behaviour you desire
(b) there could be a use for preventing explicit while allowing auto
(c) it's faster in the relatively critical path of doing port selection
during connect() to only check one bitmap instead of both
Various ports may have special use cases which are not suitable for
use by general userspace applications. Currently, ports specified in
ip_local_reserved_ports sysctl will not be returned only in case of
automatic port assignment, but nothing prevents you from explicitly
binding to them - even from an entirely unprivileged process.
In certain cases it is desirable to prevent the host from assigning the
ports even in case of explicit binds, even from superuser processes.
Example use cases might be:
- a port being stolen by the nic for remote serial console, remote
power management or some other sort of debugging functionality
(crash collection, gdb, direct access to some other microcontroller
on the nic or motherboard, remote management of the nic itself).
- a transparent proxy where packets are being redirected: in case
a socket matches this connection, packets from this application
would be incorrectly sent to one of the endpoints.
Initially I wanted to solve this problem via the simple one line:
static inline bool inet_port_requires_bind_service(struct net *net, unsigned short port) {
- return port < net->ipv4.sysctl_ip_prot_sock;
+ return port < net->ipv4.sysctl_ip_prot_sock || inet_is_local_reserved_port(net, port);
}
However, this doesn't work for two reasons:
(a) it changes userspace visible behaviour of the existing local
reserved ports sysctl, and there appears to be enough documentation
on the internet talking about setting it to make this a bad idea
(b) it doesn't prevent privileged apps from using these ports,
CAP_BIND_SERVICE is relatively likely to be available to, for example,
a recursive DNS server so it can listed on port 53, which also needs
to do src port randomization for outgoing queries due to security
reasons (and it thus does manual port binding).
If we *know* that certain ports are simply unusable, then it's better
nothing even gets the opportunity to try to use them. This way we at
least get a quick failure, instead of some sort of timeout (or possibly
even corruption of the data stream of the non-kernel based use case).
Test:
vm:~# cat /proc/sys/net/ipv4/ip_local_unbindable_ports
vm:~# python -c 'import socket; s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM, 0); s.bind(("::", 3967))'
vm:~# python -c 'import socket; s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, 0); s.bind(("::", 3967))'
vm:~# echo 3967 > /proc/sys/net/ipv4/ip_local_unbindable_ports
vm:~# cat /proc/sys/net/ipv4/ip_local_unbindable_ports
3967
vm:~# python -c 'import socket; s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM, 0); s.bind(("::", 3967))'
socket.error: (1, 'Operation not permitted')
vm:~# python -c 'import socket; s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, 0); s.bind(("::", 3967))'
socket.error: (1, 'Operation not permitted')
Cc: Sean Tranchetti <stranche@codeaurora.org>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Linux SCTP <linux-sctp@vger.kernel.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Bug: 140404597
Change-Id: Ie96207bea90ae1345adf7b45724d0caf4d6e52c2
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
(cherry picked from commit 8a4b8ea595)
Currently, the enqueue and dequeue tracehooks pass in the flags
parameter, however, the after tracehooks that follow do not.
Bug: 226570047
Change-Id: I51cb50054562893271e5d3efd7c6bd028977622d
Signed-off-by: Shaleen Agrawal <quic_shalagra@quicinc.com>
We are switching to the generic pfn_valid function and the
arm64-specific one is being removed.
ERROR: Differences between ksymtab and symbol list detected!
Symbols missing from ksymtab:
- pfn_valid
Bug: 228454859
Change-Id: I8cc2d19aa2cb6e7639b2d1b08d0c67fc9c7c948e
Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com>
There are a lot of different structures that need to have a "frozen" abi
for the next 5+ years. Add padding to a lot of them in order to be able
to handle any future changes that might be needed due to LTS and
security fixes that might come up.
It's a best guess, based on what has happened in the past from the
5.10.0..5.10.110 release (1 1/2 years). Yes, past changes do not mean
that future changes will also be needed in the same area, but that is a
hint that those areas are both well maintained and looked after, and
there have been previous problems found in them.
Also the list of structures that are being required based on OEM usage
in the android/ symbol lists were consulted as that's a larger list than
what has been changed in the past.
Hopefully we caught everything we need to worry about, only time will
tell...
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I880bbcda0628a7459988eeb49d18655522697664
Try to mitigate potential future driver core api changes by padding to
struct bus_type, struct device_driver, struct class, and struct device.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6892cde6481ba775789f0c02239dcfde3a26b56e
Try to mitigate potential future driver core api changes by adding a
padding to struct elevator_mq_ops and struct elevator_type.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia4c2667fd5ca9e6dd2e0d30b95a0f8d5eb7921dc
Try to mitigate potential future driver core api changes by adding a
padding to struct scsi_cmnd, struct scsi_device, and struct
scsi_host_template.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie6a2b91970e8f9063bf00e96a0dff661f77b8e8d
Try to mitigate potential future driver core api changes by adding a
padding to struct work_struct and struct delayed_work
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5492a13e2430c1a5775aec52518144b7aa4f3268
Try to mitigate potential future driver core api changes by adding a
padding to struct user_struct and struct sched_domain.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie8f685122767b690a116193aefd8c5e3b6ef8f17
Try to mitigate potential future driver core api changes by adding a
padding to stuct phy_device and struct phy_driver
Inspired by the upstream changes in 5.4.26 and 4.19.111
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8dbc5f76e9eddfc5741f944168222aedacd0a8bb
Try to mitigate potential future driver core api changes by adding a
padding to a bunch of filesystem structures.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Change-Id: Ida6d98d30f292c980ab07e0250fec5268c4c87ed
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Try to mitigate potential future driver core api changes by adding a
padding to struct dentry and struct dentry_operations.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idde3c6e99bd4af3a91ba115b8ec148e3e1cdd4a9
Try to mitigate potential future driver core api changes by adding a
padding to struct bio_integrity_payload and struct bio_set.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0397ede2e11560ad9422cd7765434fcd4f7a6dd8
This reverts commit ee5fed1cef.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If0ec2bbe712e7dfd5bf43f0f266ddc255a2d28b3
This reverts commit 34c16f1a20.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2654f99101dc95994cb5cc3328f288401dfe389f
This reverts commit 93d8bbeafb.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I965b9e7225127b5b0e58082e05d80bcebdb1e547
This reverts commit 990e8bd6d9.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id685a5c9bca0cd0aa8bcc0d2da6288b9220456c8
This reverts commit ab02bc73ec.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5a655c83ddbb6b70841f91e74924504ea6c320ec
This reverts commit 240526f655.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic76a90ab14c2e03b2e40a1e7385f3cf5cb562ec8
This reverts commit 5cc70dfa47.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8727d672ee887e1598d1661bbcd99061dcdae4d2
This reverts commit 7be3754601.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I94e86dbe2ba7f2f860854cf1f7f825a9a8215853
This reverts commit a717ddfe1a.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia97655771b9a074f4d0724dc5ca543f63d139af4
This reverts commit 7f7da7f236.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ife780bae48b0b10e7502aa90a701f631f9b5a32f
This reverts commit 0c5b51622c.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5b2c6e89737a2ac647f19719a1ccf256c2794a02
This reverts commit c31598eb0b.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia44bf70cb550e4840e3be1be7c8b2b0bea0a330e
This reverts commit ff1561ac7f.
It is no longer needed as we are able to update the abi at this point in
time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I20acdca0aa5b59436e890887c03f125f027a9d45
The list_for_each_entry_safe() macro saves the current item (n) and
the item after (n+1), so that n can be safely removed without
corrupting the list. However, when traversing the list and removing
items using gadget giveback, the DWC3 lock is briefly released,
allowing other routines to execute. There is a situation where, while
items are being removed from the cancelled_list using
dwc3_gadget_ep_cleanup_cancelled_requests(), the pullup disable
routine is running in parallel (due to UDC unbind). As the cleanup
routine removes n, and the pullup disable removes n+1, once the
cleanup retakes the DWC3 lock, it references a request who was already
removed/handled. With list debug enabled, this leads to a panic.
Ensure all instances of the macro are replaced where gadget giveback
is used.
Example call stack:
Thread#1:
__dwc3_gadget_ep_set_halt() - CLEAR HALT
-> dwc3_gadget_ep_cleanup_cancelled_requests()
->list_for_each_entry_safe()
->dwc3_gadget_giveback(n)
->dwc3_gadget_del_and_unmap_request()- n deleted[cancelled_list]
->spin_unlock
->Thread#2 executes
...
->dwc3_gadget_giveback(n+1)
->Already removed!
Thread#2:
dwc3_gadget_pullup()
->waiting for dwc3 spin_lock
...
->Thread#1 released lock
->dwc3_stop_active_transfers()
->dwc3_remove_requests()
->fetches n+1 item from cancelled_list (n removed by Thread#1)
->dwc3_gadget_giveback()
->dwc3_gadget_del_and_unmap_request()- n+1 deleted[cancelled_list]
->spin_unlock
Fixes: d4f1afe5e8 ("usb: dwc3: gadget: move requests to cancelled_list")
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220414183521.23451-1-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 230843866
(cherry picked from commit bf594d1d0c)
Change-Id: I357028fb51441a7effe90d115f6faa3f2034d326
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
If a Setup packet is received but yet to DMA out, the controller will
not process the End Transfer command of any endpoint. Polling of its
DEPCMD.CmdAct may block setting up TRB for Setup packet, causing a
command timeout.
This may occur if the driver doesn’t service the completion interrupt of
the control status stage yet due to system latency, then it won’t
prepare TRB and start the transfer for the next Setup Stage. To the host
side, the control transfer had completed, and the host can send a new
Setup packet at this point.
In the meanwhile, if the driver receives an async call to dequeue a
request (triggering End Transfer) to any endpoint, then the driver will
service that End transfer first, blocking the control status stage
completion handler. Since no TRB is available for the Setup stage, the
Setup packet can’t be DMA’ed out and the End Transfer gets hung.
The driver must not block setting up of the Setup stage. So track and
only issue the End Transfer command only when there’s Setup TRB prepared
so that the controller can DMA out the Setup packet. Delay the End
transfer command if there's no Setup TRB available. This is applicable to
all DWC_usb3x IPs.
Co-developed-by: Wesley Cheng <quic_wcheng@quicinc.com>
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220309205402.4467-1-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 230843866
(cherry picked from commit e4cf6580ac)
Change-Id: I7f643ae340a20f12d5f86965674aa58df1be3979
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Per Kconfig:
config USB_NET_AX88179_178A
tristate "ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet"
depends on USB_USBNET
select CRC32
select PHYLIB
default y
help
This option adds support for ASIX AX88179 based USB 3.0/2.0
to Gigabit Ethernet adapters.
This driver should work with at least the following devices:
* ASIX AX88179
* ASIX AX88178A
* Sitcomm LN-032
This driver creates an interface named "ethX", where X depends on
what other networking devices you have in use.
This was already enabled on 'db845c_gki.fragment',
which suggests this hardware is reasonably common
(even though I don't have a dongle that requires it).
Test: TreeHugger
Bug: 200269356
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9915cfb54a324f007d508a8e3d2aad1d6fc9e5de
(cherry picked from commit 3ed683cb94)
When pKVM is enabled, host memory accesses are translated by an identity
mapping at stage-2, which is populated lazily in response to synchronous
exceptions from 64-bit EL1 and EL0.
Extend this handling to cover exceptions originating from 32-bit EL0 as
well. Although these are very unlikely to occur in practice, as the
kernel typically ensures that user pages are initialised before mapping
them in, drivers could still map previously untouched device pages into
userspace and expect things to work rather than panic the system.
Cc: Quentin Perret <qperret@google.com>
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220427171332.13635-1-will@kernel.org
(cherry picked from commit 2a50fc5fd0
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git fixes)
Bug: 216811181
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I98ad9d9f0e2a78751ed73cc5d7c481d07a3ed1db
This fixes the kernelci error:
"ERROR: modpost: module configfs uses symbol kern_path from namespace
VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver, but does not import it."
Fixes: 0a77fca3aa ("ANDROID: GKI: set vfs-only exports into their own namespace")
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: Ib4ab1b83c8c8c996b1f15c419fb8ce0549832699
Our test build is broken by KCFLAGS overrided in build.config.comm.
Since Linux Makefile supports 'export KCFLAGS=XXX' to customize the
KCFLAGS, and we should keep this functionality.
Bug: 230818006
Fixes: 6c55ca2cae ("ANDROID: Add flag to indicate compiling against ACK")
Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com>
Change-Id: I9425d79697bc1fe816ce82d523f91631dee6b8f4
When ufs initializes without scmd->device->sector_size set, scsi_get_lba()
will get a wrong shift number and trigger an ubsan error. The shift
exponent 4294967286 is too large for the 64-bit type 'sector_t' (aka
'unsigned long long').
Call scsi_get_lba() only when opcode is READ_10/WRITE_10/UNMAP.
Link: https://lore.kernel.org/r/20220307111752.10465-1-peter.wang@mediatek.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 2bd3b6b759 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Bug: 228405696
Change-Id: I5bdf04628eff2a0c2a36c89f9934033fb3d8a392
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Signed-off-by: Yee Lee <yee.lee@mediatek.com>
Add a flag: __ANDROID_COMMON_KERNEL__ which out-of-tree vendor drivers
can use to check if they are compiling against an Android Common Kernel.
These out-of-tree vendor drivers can use this flag +
LINUX_KERNEL_VERSION to determine if a feature has been backported.
Bug: 229953929
Change-Id: I832344d63f3639479784753edfb7ac405068312f
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
There are two tracepoints in usb_gadget_connect() and
usb_gadget_disconnect(). This patch will export the tracepoints so that
vendor modules can use them.
Bug: 189130101
Change-Id: I73ace6ad7a29a835431879162cb5e5ff3d6b2239
Signed-off-by: fengmingli <mingli.feng@vivo.com>
(cherry picked from commit 6f33bce13a)
The rt sync wakeup support has a condition which relies on a field that
exists only when CONFIG_SMP is defined, causing a compilation issue.
Since sync wakeup has no real meaning on a non-SMP system, we can just
drop the CONFIG_RT_GROUP_SCHED part of the #ifdef.
Fixes: da5f3cd378 ("ANDROID: sched/rt: Add support for rt sync wakeups")
Signed-off-by: J. Avila <elavila@google.com>
Change-Id: I9b95304408d323b0c1017bd33746ecfbb2b35808
