In dw_pcie_host_init() regardless of whether the link has been
started or not, the code waits for the link to come up. Even in
cases where start_link() is not defined the code ends up spinning
in a loop for 1 second. Since in some systems dw_pcie_host_init()
gets called during probe, this one second loop for each pcie
interface instance ends up extending the boot time.
Wait for the link up in only if the start_link() is defined.
The patch submitted to the upstream kernel (see link below) was not
accepted due to no upstream user.
The change here is a simplified version of that patch, which will wait
for a link only if start_link ops has been defined.
Also, this patch was already applied before in
https://r.android.com/2548250 but the functionality was lost after
https://lore.kernel.org/all/20220624143428.8334-14-Sergey.Semin@baikalelectronics.ru/
was pulled in from the LTS merge.
This patch restores the functionality (of removing the delay) which was
lost during the LTS merge.
Bug: 315052790
Link: https://lore.kernel.org/all/20240112093006.2832105-1-ajayagarwal@google.com/
Change-Id: I4e8d00f6195062728417e41ddd51072880676920
Signed-off-by: Sajid Dalvi <sdalvi@google.com>
Add support for configuring the maximum segment size.
Add support for segments smaller than the page size.
This patch enables testing segments smaller than the page size with a
driver that does not call blk_rq_map_sg().
Bug: 308663717
Bug: 319125789
Change-Id: I74165d83e71201116378c4598c2f9a2ff8c8b623
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Juan Yescas <jyescas@google.com>
Add a kernel module parameter for configuring the maximum segment size.
This patch enables testing SCSI support for segments smaller than the
page size.
Bug: 308663717
Bug: 319125789
Change-Id: Ib645dead4e10d4aaf5a1dfc1d064038153737bc1
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Juan Yescas <jyescas@google.com>
This new debugfs attribute makes it easier to verify the code that tracks
how many queues require limits below the page size.
Bug: 308663717
Bug: 319125789
Change-Id: I855113cd3898f9641c7c3f1b4732bf4990fc7d3d
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
[jyescas@google.com: Wrap #include "blk-mq-debugfs.h" with
#ifndef __GENKSYSM__ to avoid ABI CRC
changes.]
Signed-off-by: Juan Yescas <jyescas@google.com>
Add support in the bio splitting code and also in the bio submission code
for bios with segments smaller than the page size.
Bug: 308663717
Bug: 319125789
Change-Id: Iea511675ad96b0c8255c2b87811ad33c3a02c8fa
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
[jyescas@google.com: the function bio_may_exceed_limits() does not
exists in the 5.15 kernel, so the sub page limit
code in block/blk.h was moved to the function
__blk_queue_split() in block/blk-merge.c]
Signed-off-by: Juan Yescas <jyescas@google.com>
If the segment size is smaller than the page size there may be multiple
segments per bvec even if a bvec only contains a single page. Hence this
patch.
Bug: 308663717
Bug: 319125789
Change-Id: I446aab83a2c519cb3c42d5d8ffd814dcc34274d2
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Juan Yescas <jyescas@google.com>
Allow block drivers to configure the following:
* Maximum number of hardware sectors values smaller than
PAGE_SIZE >> SECTOR_SHIFT. For PAGE_SIZE = 4096 this means that values
below 8 become supported.
* A maximum segment size below the page size. This is most useful
for page sizes above 4096 bytes.
The blk_sub_page_segments static branch will be used in later patches to
prevent that performance of block drivers that support segments >=
PAGE_SIZE and max_hw_sectors >= PAGE_SIZE >> SECTOR_SHIFT would be affected.
This patch may change the behavior of existing block drivers from not
working into working. If a block driver calls
blk_queue_max_hw_sectors() or blk_queue_max_segment_size(), this is
usually done to configure the maximum supported limits. An attempt to
configure a limit below what is supported by the block layer causes the
block layer to select a larger value. If that value is not supported by
the block driver, this may cause other data to be transferred than
requested, a kernel crash or other undesirable behavior.
Keeps the ABI stable by taking advantage of a hole in the structure!
Bug: 308663717
Bug: 319125789
Bug: 324152549
Change-Id: I4a7b605f0f0d82dde0b4703496c7314064f48acb
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
[jyescas@google.com: disable subpage limits in block/blk-sysfs.c
instead block/blk-core.c because the function
blk_free_queue() is not defined in 5.15 kernel]
Signed-off-by: Juan Yescas <jyescas@google.com>
Introduce variables that represent the lower configuration bounds. This
patch does not change any functionality.
Bug: 308663717
Bug: 319125789
Change-Id: Ia39fbe29a0711caba841a7b44d462608216841ec
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Juan Yescas <jyescas@google.com>
Switch to the modern style of printing kernel messages. Use %u instead
of %d to print unsigned integers.
The pr_fmt() format is added on top of the file to include __func__
in the pr_info() calls.
Bug: 308663717
Bug: 319125789
Change-Id: Iea0a19c8221fe1a2fcd3f26c5ffd0c3b69935eec
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
[jyescas@google.com: define pr_fmt(fmt) to include __func__ in the output]
Signed-off-by: Juan Yescas <jyescas@google.com>
Since SPF is an out-of-tree feature, the risks of changing its behavior
are higher. Add a vendor hook to enable speculative swap pagefaults. By
default it's disabled and should not cause troubles for current users.
Bug: 322762567
Change-Id: I3df7c545aa27d2707ee51ea42368f785c5faa735
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Speculative page handling was disabled in do_swap_page() because it was
unsafe to call migration_entry_wait(). Another calls which are not safe
without taking mmap_lock are ksm_might_need_to_copy() because it relies
on the VMA being stable and readahead. However if we avoid these cases,
the rest seems to be safe. Relax the check to avoid only these unsafe
cases and allow speculation otherwise.
Bug: 322762567
Change-Id: Ic1fda0a5549088d5f37004dbacf3193116a5f868
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The following list of commits, which are in the 5.15.136 release, add a
new field in struct ipv6_devconf and this breaks the abi. Fix this by
using one of the reserved slots for upstream changes and update the stg
file to preserve the build.
5e13e69ddf ("net: release reference to inet6_dev pointer")
aade10d51d ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
8f12d2d66c ("net: add sysctl accept_ra_min_rtr_lft")
type 'struct ipv6_devconf' changed
member 'union { struct { __s32 accept_ra_min_lft; u32 padding; }; struct { u64 android_kabi_reserved1; }; union { }; }' was added
member 'u64 android_kabi_reserved1' was removed
Bug: 320243175
Change-Id: Icddcad574f3c29f6d3e63b10f8c7e51bdf46fe7f
Signed-off-by: Carlos Llamas <cmllamas@google.com>
The android_kabi.h header file uses the __stringify() macro without
explicitly including its definition via linux/stringify.h. This can
result in build breaking when using the ANDROID_KABI_USE macro:
common/include/linux/ipv6.h:83:2: error: expected ')'
ANDROID_KABI_USE(1, struct { __s32 accept_ra_min_lft; u32 padding; });
^
[...]
common/include/linux/android_kabi.h:44:24: note: expanded from macro '__ANDROID_KABI_CHECK_SIZE_ALIGN'
__FILE__ ":" __stringify(__LINE__) ": " \
^
To fix this let android_kabi.h include stringify.h explicitly instead of
relying on includes of previous unrelated header files.
Bug: 324437514
Change-Id: I16cced44e723871b2e1a92b312e60f38e41fea70
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Commit d7c1a9a0ed ("wifi: nl80211: validate and configure puncturing
bitmap") and commit 9b89495e47 ("wifi: nl80211: Allow authentication
frames and set keys on NAN interface") added two entries to the
nl80211_ext_feature_index enum, which caused the CRC value for the
wireless_send_event() symbol to change.
Fix this by hiding the new enum entries during the CRC generation phase.
While the values of NUM_NL80211_EXT_FEATURES and
MAX_NL80211_EXT_FEATURES have changed, it shouldn't be a problem in this
case, since MAX_NL80211_EXT_FEATURES is not used in the kernel source,
and the one usage of NUM_NL80211_EXT_FEATURES remains unchanged.
Bug: 272227555
Bug: 324871355
Change-Id: I8b5be4c39b1ab72f0f2b3c9ff10f15a981a431db
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
Wi-Fi Aware R4 specification defines NAN Pairing which uses PASN handshake
to authenticate the peer and generate keys. Hence allow to register and transmit
the PASN authentication frames on NAN interface and set the keys to driver or
underlying modules on NAN interface.
The driver needs to configure the feature flag NL80211_EXT_FEATURE_SECURE_NAN,
which also helps userspace modules to know if the driver supports secure NAN.
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Link: https://lore.kernel.org/r/1675519179-24174-1-git-send-email-quic_vganneva@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 272227555
Change-Id: Ib8e15683772cf9696b51fb5360642813ca0a078b
(cherry picked from commit 9b89495e47)
[shivbara: replace reserved UAPI attribute with corresponding upstream
attribute]
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
(cherry picked from commit 092199e995efc58b29d568614581b3f63a05ca8c)
Signed-off-by: Lee Jones <joneslee@google.com>
Currently action frames TX only with ML address as A3(BSSID) are
allowed in an ML AP, but TX for a non-ML Station can happen in any
link of an ML BSS with link BSS address as A3.
In case of an MLD, if User-space has provided a valid link_id in
action frame TX request, allow transmission of the frame in that link.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Link: https://lore.kernel.org/r/20230201061602.3918-1-quic_ramess@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 272227555
Change-Id: Iceb00b0713d9123f040e10e06cbfc412ee6a0375
(cherry picked from commit 19085ef39f)
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
(cherry picked from commit 05164a8564bacb11ed74b2826b27f8bded606a12)
Signed-off-by: Lee Jones <joneslee@google.com>
- New feature flag, NL80211_EXT_FEATURE_PUNCT, to advertise
driver support for preamble puncturing in AP mode.
- New attribute, NL80211_ATTR_PUNCT_BITMAP, to receive a puncturing
bitmap from the userspace during AP bring up (NL80211_CMD_START_AP)
and channel switch (NL80211_CMD_CHANNEL_SWITCH) operations. Each bit
corresponds to a 20 MHz channel in the operating bandwidth, lowest
bit for the lowest channel. Bit set to 1 indicates that the channel
is punctured. Higher 16 bits are reserved.
- New members added to structures cfg80211_ap_settings and
cfg80211_csa_settings to propagate the bitmap to the driver after
validation.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Link: https://lore.kernel.org/r/20230131001227.25014-3-quic_alokad@quicinc.com
[move validation against 0xffff into policy]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 272227555
Change-Id: I2d9a90cba8812bfe81d0168133ef2239dcc536ac
(cherry picked from commit d7c1a9a0ed)
[shivbara: replace reserved UAPI attributes with corresponding
upstream attributes]
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
(cherry picked from commit e8a4772f4d125216fe5ea362d48e7f1a7051111a)
Signed-off-by: Lee Jones <joneslee@google.com>
- Move ieee80211_valid_disable_subchannel_bitmap() from mlme.c to
chan.c, rename it as cfg80211_valid_disable_subchannel_bitmap()
and export it.
- Modify the prototype to include struct cfg80211_chan_def instead
of only bandwidth to support a check which returns false if the
primary channel is punctured.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Link: https://lore.kernel.org/r/20230131001227.25014-2-quic_alokad@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 272227555
Change-Id: I0b5d7829982afc0ae18b105ddd3ad9df7d3dd7ed
(cherry picked from commit b25413fed3)
[shivbara: Skipped changes in net/mac80211 due to missing
dependency changes]
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
(cherry picked from commit 5761541a4eb5b73572602cddeca2f732052b96e2)
Signed-off-by: Lee Jones <joneslee@google.com>
nl80211_send_ap_stopped() can be called multiple times on the same
netdev for each link when using Multi-Link Operation. Add the
MLO_LINK_ID attribute to the event to allow userspace to distinguish
which link the event is for.
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Link: https://lore.kernel.org/r/20230128125844.2407135-2-alvin@pqrs.dk
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 272227555
Change-Id: I02104259eda61893f5f40bcd18a5e89bf6871ae6
(cherry picked from commit cba7217a92)
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
(cherry picked from commit 267de69e07c3246ec07eec621689d17bef1bb377)
Signed-off-by: Lee Jones <joneslee@google.com>
Merge commit c51de219f5 ("Merge tag 'android14-5.15.131_r00' into
android-14-5.15") brought in upstream commit 7963d4d710 ("usb: typec:
tcpci: move tcpci.h to include/linux/usb/"). However, the reference
to the drivers/usb/typec/tcpm/tcpci.h headers was not removed from
the all_headers_unsafe ddk_headers target.
This causes build failures when building with --allow_ddk_unsafe_headers
as the file cannot be found, so remove it.
Bug: 324422915
Fixes: c51de219f5 ("Merge tag 'android14-5.15.131_r00' into android-14-5.15")
Change-Id: Id65881dd87df6edb3fe9f935e8bb45faa6af2374
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
Blocks are tracked by u32, so the max permitted filesize is
(U32_MAX + 1) * BLOCK_SIZE. Additionally, in order to support crypto
data unit sizes of 4K with a 16K block with IV_INO_LBLK_{32,64}, we must
further restrict max filesize to (U32_MAX + 1) * 4096. This does not
affect 4K blocksize f2fs as the natural limit for files are well below
that.
Fixes: ac5dd4e5de6a ("BACKPORT: Support Block Size == Page Size")
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit a6a010f5def544af3efcfe21683905a712b60536)
Change-Id: I8697e37841e1882a3f613e9aab1857ad7e4c3f2f
Bug: 248132568
This allows f2fs to support cases where the block size = page size for
both 4K and 16K block sizes. Other sizes should work as well, should the
need arise. This does not currently support 4K Block size filesystems if
the page size is 16K.
Change-Id: Ifab03cddeec1389a6a3fb64174063ffccbb93072
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Bug: 248132568
(cherry picked from commit 8b8e202be3264fc33464f8dc319e0c1563ac89d8)
(fixed minor conflict in fs/f2fs/inode.c)
Full LTO takes the '-mbranch-protection=none' passed to the compiler
when generating the dynamic shadow call stack patching code as a hint to
stop emitting PAC instructions altogether. (Thin LTO appears unaffected
by this)
Work around this by disabling LTO for the compilation unit, which
appears to convince the linker that it should still use PAC in the rest
of the kernel..
Fixes: 3b619e22c4 ("arm64: implement dynamic shadow call stack for Clang")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20240123133052.1417449-6-ardb+git@google.com
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit d104a6fef3fec137d8d44961224ab76edbd6cbc7)
Bug: 317883735
Change-Id: Ic4bdb0a6e527f8cb2745282b81945aa7b7231502
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 upstream.
When deactivating the catch-all set element, check the state in the next
generation that represents this transaction.
This bug uncovered after the recent removal of the element busy mark
a2dd0233cb ("netfilter: nf_tables: remove busy mark and gc batch API").
Bug: 323034444
Fixes: aaa31047a6 ("netfilter: nftables: add catch-all set element support")
Cc: stable@vger.kernel.org
Reported-by: lonial con <kongln9170@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a372f1d01b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I40ac92a33db48a2709079d27d7d529946ba297c7
[ Upstream commit af73483f4e8b6f5c68c9aa63257bdd929a9c194a ]
The IDA usually detects double-frees, but that detection failed to
consider the case when there are no nearby IDs allocated and so we have a
NULL bitmap rather than simply having a clear bit. Add some tests to the
test-suite to be sure we don't inadvertently reintroduce this problem.
Unfortunately they're quite noisy so include a message to disregard
the warnings.
Bug: 321878978
Reported-by: Zhenghan Wang <wzhmmmmm@gmail.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 5dbcdaf4db)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I4919e5c64af12f86fe1a91e1e9224a58eedbf345
commit f1082dd31f upstream.
An nftables family is merely a hollow container, its family just a
number and such not reliant on compile-time options other than nftables
support itself. Add an artificial check so attempts at using a family
the kernel can't support fail as early as possible. This helps user
space detect kernels which lack e.g. NFPROTO_INET.
Bug: 321815738
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ab3a3aadb3)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I7123795885791a62089d5f7d1e5ff5a3f90e4abd
Adding kernfs_rwsem in kernfs_root breaks the ABI unfortunately
since it changes the size of kernfs_root structure.
To fix the issue, this patch introduces new data structure
kernfs_root_ext which includes kernfs_root with kernfs_rwsem to
avoid increasing kernfs_root'size. It also introduces kernfs_rwsem
wrapper function to reach kernfs_rwsem from kernfs_root to minimize
change.
Bug: 320903885
Bug: 219424218
Bug: 206126556
Signed-off-by: Minchan Kim <minchan@google.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Iabaad9623e9a101210073db3106c93f06847a8b3
Marek reported the warning below.
=========================
WARNING: held lock freed!
5.16.0-rc2+ #10984 Not tainted
-------------------------
kworker/1:0/18 is freeing memory ffff00004034e200-ffff00004034e3ff,
with a lock still held there!
ffff00004034e348 (&root->kernfs_rwsem){++++}-{3:3}, at:
__kernfs_remove+0x310/0x37c
3 locks held by kworker/1:0/18:
#0: ffff000040107938 ((wq_completion)cgroup_destroy){+.+.}-{0:0}, at:
process_one_work+0x1f0/0x6f0
#1: ffff80000b55bdc0
((work_completion)(&(&css->destroy_rwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x1f0/0x6f0
#2: ffff00004034e348 (&root->kernfs_rwsem){++++}-{3:3}, at:
__kernfs_remove+0x310/0x37c
stack backtrace:
CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 5.16.0-rc2+ #10984
Hardware name: Raspberry Pi 4 Model B (DT)
Workqueue: cgroup_destroy css_free_rwork_fn
Call trace:
dump_backtrace+0x0/0x1ac
show_stack+0x18/0x24
dump_stack_lvl+0x8c/0xb8
dump_stack+0x18/0x34
debug_check_no_locks_freed+0x124/0x140
kfree+0xf0/0x3a4
kernfs_put+0x1f8/0x224
__kernfs_remove+0x1b8/0x37c
kernfs_destroy_root+0x38/0x50
css_free_rwork_fn+0x288/0x3d4
process_one_work+0x288/0x6f0
worker_thread+0x74/0x470
kthread+0x188/0x194
ret_from_fork+0x10/0x20
Since kernfs moves the kernfs_rwsem lock into root, it couldn't hold
the lock when the root node is tearing down. Thus, get the refcount
of root node.
Fixes: 393c371408 ("kernfs: switch global kernfs_rwsem lock to per-fs lock")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Link: https://lore.kernel.org/r/20211201231648.1027165-1-minchan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 555a0ce455)
Bug: 320903885
Change-Id: If96f85b88b662e88430c9c8d1efb436e9a80ddcf
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The kernfs implementation has big lock granularity(kernfs_rwsem) so
every kernfs-based(e.g., sysfs, cgroup) fs are able to compete the
lock. It makes trouble for some cases to wait the global lock
for a long time even though they are totally independent contexts
each other.
A general example is process A goes under direct reclaim with holding
the lock when it accessed the file in sysfs and process B is waiting
the lock with exclusive mode and then process C is waiting the lock
until process B could finish the job after it gets the lock from
process A.
This patch switches the global kernfs_rwsem to per-fs lock, which
put the rwsem into kernfs_root.
Suggested-by: Tejun Heo <tj@kernel.org>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Link: https://lore.kernel.org/r/20211118230008.2679780-1-minchan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 393c371408)
Bug: 320903885
Bug: 219424218
Bug: 206126556
Change-Id: I5f942f7a4a18b3c2198496fea789b381ba955d19
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit 96e78d17ff3251e17ba5894ad194227c0a44adbb.
Keeps the ABI stable by taking advantage of a hole in the structure!
Bug: 307236803
Change-Id: Ic5f7ebeb3a9b13afdb3bfff7e54c4a93b863dab6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Since the cmpxchg() to unlock the VMA (reset ref count from -1), is
enclosed in VM_BUG_ON_VMA() it gets compiled out in non-debug builds
(CONFIG_DEBUG_VM=n). This means that any VMA that underwent a fast-remap
will have it's refcount stuck at -1, making it not be eligible for
future speculative faults, and preventing freeing of the VMA.
Bug: 322411509
Change-Id: If5bf61c7d94268700f2c4f096d946201b68abdb8
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
This config will cause the 'CtsHdmiCecHostTestCases' test case to fail.
According to the discussion in bug 309377116, it is recommended to remove this config.
Bug: 322143898
Change-Id: Ied37a6c55f4198dbb9dbb9b6c3156a8a7a0bd945
Signed-off-by: James Tai <james.tai@realtek.com>
It was pointed out that since commit b6115e140102 ("ANDROID:
uid_sys_stat: split the global lock uid_lock to the fine-grained locks
for each hlist in hash_table") taking a spin_lock in uid_lock()
causes a scheduling while atomic error if CONFIG_UID_SYS_STATS_DEBUG
is enabled, as get_full_task_comm() takes the mmap_write_lock()
which is a semaphore, breaking the proper ordering.
In the GKI CONFIG_UID_SYS_STATS_DEBUG is disabled, so this went
unnoticed.
The uid_sys_stats logic isn't ever going to go upstream (it depends
on reverting upstream logic) and will hopefully be replaced eventually.
So there's not much reason to drag around this debug logic that is
unused.
So drop it. Less code to schlep forward.
Bug: 320184870
Change-Id: I2cfce79d5a25a3eba11a5509444c07b4642ef2de
Signed-off-by: John Stultz <jstultz@google.com>
Amit Pundir at Linaro reported seeing crashes in uid_sys_stats
driver when building with GCC.
Looking into it, it seems the uid_entry_tmp value is used
while only partially initialized, causing potential out of bound
access on the uid_entry io arrays.
This likely has gone unnoticed with clang as I believe we're
using the zero initialization for stack variables security
feature.
So change the logic to fully initialize the uid_entry_tmp
value.
Fixes: f68d4f3c3b53 ("ANDROID: uid_sys_stat: instead update_io_stats_uid_locked to update_io_stats_uid")
Reported-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: John Stultz <jstultz@google.com>
Change-Id: I78de245e80ef60aabec78a615c7ba582ab5a2242
When handling error status from uvcg_video_usb_req_queue,
uvc_video_complete currently calls uvcg_queue_cancel with
video->req_lock held. uvcg_queue_cancel internally locks
queue->irqlock, which nests queue->irqlock inside
video->req_lock. This isn't a functional bug at the
moment, but does open up possibilities for ABBA
deadlocks in the future.
This patch fixes the accidental nesting by dropping
video->req_lock before calling uvcg_queue_cancel.
Fixes: 6acba0345b68 ("usb:gadget:uvc Do not use worker thread to pump isoc usb requests")
Signed-off-by: Avichal Rakesh <arakesh@google.com>
Link: https://lore.kernel.org/r/20240104215009.2252452-2-arakesh@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 314338409
(cherry picked from commit 9866dc4314c6c858e451933f965d64532aec00a9)
Change-Id: I22c79314f6d3ca74c0d53e462a1bde26806d3ff2
Signed-off-by: Avichal Rakesh <arakesh@google.com>
