Finally got bluetooth working, so add the modules to
the db845c gki fragment
Bug: 146449535
Change-Id: I0e987fcae3b3c0bff7e6846ab61477d5707c7a5d
Signed-off-by: John Stultz <john.stultz@linaro.org>
Correct the filesystem name to "binder" to enable
genfscon per-file labelling for binderfs.
Fixes: 7a4b519474 ("selinux: allow per-file labelling for binderfs")
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Bug: 136497735
Change-Id: I6139ede4eb6e85f5399f826834b062bbf33d28cf
Link: https://lore.kernel.org/patchwork/patch/1188587/
Fix all sparse errors in fs/incfs except
fs/incfs/integrity.c:192:9: warning: Variable length array is used
Test: incfs_test passes
Bug: 133435829
Change-Id: I9c2e26e4e1a06a894977f11a3c8559b968dd115e
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Fixed incfs_test build errors
Fixed Kconfig errors
Readded .gitignore
Test: With just enabling CONFIG_INCREMENTAL_FS, both defconfig and
cuttlefish_defconfig build and incfs_test runs and passes
Bug: 133435829
Change-Id: Id3247ffcc63a095f66dcedf554017a06c5a9ce4a
Signed-off-by: Paul Lawrence <paullawrence@google.com>
This reverts commit 59438b4647.
This unblocks the booting of Android on newer kernels. It is a temporary
workaround and the correct fix is to add new core sepolicy.
Bug: 148822198
Change-Id: Ic521cb760c867c12dfcb7d2752280fbb0eddb82c
Signed-off-by: Alistair Delva <adelva@google.com>
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0fa183764fd1adbde44e8181f0b3df6cff4da18b
This reverts commit 0990eff7509fecafad9a44a56801c97e8e8ce9c6 which was a
revert of commit 38c1605e75.
We need these symbols back, so add the patch back.
Bug: 143136976
Cc: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I39f86820c3b0e5901006c588870d5efeda2e92f0
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I21591d9c9b073f02dde6aae031bd740fe512251b
This reverts commit 38c1605e75.
In order to merge with the scsi code upstream, this needs to be
reverted. Hopefully we can merge it back later...
Bug: 143136976
Cc: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4ba46c9e11a3882131449efcc8a45481348fbea1
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2d3a69b5256f71ae18b500b0ef145f93e4255dbc
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I084fc068d4c94625e63441029e08e143146d97b7
With CONFIG_THINLTO and CFI both enabled, LLVM appends a hash to the
names of all static functions. This breaks userspace tools, so strip
out the hash from output.
Bug: 147422318
Change-Id: Ie19a59d9d0681298be54e73064badc361c0f7014
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
BPF dispatcher functions are patched at runtime to perform direct
instead of indirect calls. Disable CFI for the dispatcher functions
to avoid conflicts.
(re-add due to merge conflicts previously)
Bug: 145210207
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7edf6052e121d16ccb0f3d3492ff4eefedfa509e
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4c44b3c32065ea0ed8175b31665f2a4195a27300
This reverts commit aa2cc4ed15.
It conflicts with the upstream BPF changes so needs to be dropped for
now as it will show up throught the BPF tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a38cbaf388c3362f8fd7fad7139b16ea9967fe7
This reverts commit 22cf3ea720.
It conflicts with the BPF merge and will come in through the upstream
tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I404d2e9efcd6057d481be2562cb9b2a559b70e58
This reverts commit 3ea9abc389.
It conflicts with the BPF merge from upstream and will come in through
that tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I59c2176184c955d240b571d000460d89c6d2f80d
This reverts commit f6a4d900cc.
It conflicts with the BPF merge and will come in through that tree
instead.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idffa84def2a994a306c79803d49b7461adfae44c
This reverts commit cedd91c6f4.
It conflicts with the BPF merge and will have to be added back later "by
hand".
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9b070d804c16b12a416ddc630c4440ea85f5531b
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6d63f7c9484210bae7474a809defd1aaa58e15f8
Merge the upstream merge of fscrypt-for-linus, to resolve conflicts
between the fscrypt changes that went upstream in 5.6 and the inline
crypto and hardware-wrapped key support that is currently being carried
in the Android common kernels.
Conflicts:
fs/crypto/Kconfig
fs/crypto/bio.c
fs/crypto/fname.c
fs/crypto/fscrypt_private.h
fs/crypto/keyring.c
fs/crypto/keysetup.c
include/uapi/linux/fscrypt.h
Merge resolution notes:
- In fscrypt_zeroout_range(), split the inline crypto case into a
separate function fscrypt_zeroout_range_inlinecrypt(), as mixing the
two cases together became much harder due to the upstream changes.
- Allow the size of fscrypt-provisioning keys to be up to
FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE rather than FSCRYPT_MAX_KEY_SIZE.
Change-Id: Ib1e6b9eda8fb5dcfc6bdc8fa89d93f72b088c5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
BPF dispatcher functions are patched at runtime to perform direct
instead of indirect calls. Disable CFI for the dispatcher functions
to avoid conflicts.
Bug: 145210207
Change-Id: I61dc7ce8a549145a79b7e69c646888578e0641ba
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
>From Intel 64 and IA-32 Architectures Optimization Reference Manual,
3.4.1.4 Code Alignment, Assembly/Compiler Coding Rule 11: All branch
targets should be 16-byte aligned.
This commits aligns branch targets according to the Intel manual.
The nops used to align branch targets make the dispatcher larger, and
therefore the number of supported dispatch points/programs are
descreased from 64 to 48.
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20191213175112.30208-7-bjorn.topel@gmail.com
(cherry picked from commit 116eb788f5)
Bug: 145210207
Change-Id: I04996cd41bf109aaa63b5aa23773c34ef1f90d8b
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
The BPF dispatcher is a multi-way branch code generator, mainly
targeted for XDP programs. When an XDP program is executed via the
bpf_prog_run_xdp(), it is invoked via an indirect call. The indirect
call has a substantial performance impact, when retpolines are
enabled. The dispatcher transform indirect calls to direct calls, and
therefore avoids the retpoline. The dispatcher is generated using the
BPF JIT, and relies on text poking provided by bpf_arch_text_poke().
The dispatcher hijacks a trampoline function it via the __fentry__ nop
of the trampoline. One dispatcher instance currently supports up to 64
dispatch points. A user creates a dispatcher with its corresponding
trampoline with the DEFINE_BPF_DISPATCHER macro.
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20191213175112.30208-3-bjorn.topel@gmail.com
(cherry picked from commit 75ccbef636)
Bug: 145210207
Change-Id: Ieb954fd4c968e41f1c1b9ea03ab89fd1f73df5cd
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This reverts commit 788bbf4f26.
Reason for revert: fixes a conflict with upcoming upstream BPF changes.
Bug: 145210207
Change-Id: I3bbc1279fc613be0d2e833008413ad3561b851df
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This reverts commit d9756ba082.
Reason for revert: fixes a conflict with upcoming upstream BPF changes.
Bug: 145210207
Change-Id: I0e7e76c117ab3608b6dd5a1bc6b949b9e109038f
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
For some reason a duplicated line ended up in here.
Thanks to Matthias for pointing it out.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7ebeddcd4a9bc210edd69d9ce5e9d3a30a6ef469
This reverts commit b61876ed12.
It was merged differently upstream in the 5.6-rc1 merge window so revert
this version as upstream got a different one.
Cc: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: Quentin Perret <quentin.perret@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I508fd204109f0f947ede40a44116ad51e5631b64
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I005e68433be6b1d66bd56d7e1c8f44ab8e78bebe
Pull mmu_notifier updates from Jason Gunthorpe:
"This small series revises the names in mmu_notifier to make the code
clearer and more readable"
* tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
mm/mmu_notifiers: Use 'interval_sub' as the variable for mmu_interval_notifier
mm/mmu_notifiers: Use 'subscription' as the variable name for mmu_notifier
mm/mmu_notifier: Rename struct mmu_notifier_mm to mmu_notifier_subscriptions
Pull thread management updates from Christian Brauner:
"Sargun Dhillon over the last cycle has worked on the pidfd_getfd()
syscall.
This syscall allows for the retrieval of file descriptors of a process
based on its pidfd. A task needs to have ptrace_may_access()
permissions with PTRACE_MODE_ATTACH_REALCREDS (suggested by Oleg and
Andy) on the target.
One of the main use-cases is in combination with seccomp's user
notification feature. As a reminder, seccomp's user notification
feature was made available in v5.0. It allows a task to retrieve a
file descriptor for its seccomp filter. The file descriptor is usually
handed of to a more privileged supervising process. The supervisor can
then listen for syscall events caught by the seccomp filter of the
supervisee and perform actions in lieu of the supervisee, usually
emulating syscalls. pidfd_getfd() is needed to expand its uses.
There are currently two major users that wait on pidfd_getfd() and one
future user:
- Netflix, Sargun said, is working on a service mesh where users
should be able to connect to a dns-based VIP. When a user connects
to e.g. 1.2.3.4:80 that runs e.g. service "foo" they will be
redirected to an envoy process. This service mesh uses seccomp user
notifications and pidfd to intercept all connect calls and instead
of connecting them to 1.2.3.4:80 connects them to e.g.
127.0.0.1:8080.
- LXD uses the seccomp notifier heavily to intercept and emulate
mknod() and mount() syscalls for unprivileged containers/processes.
With pidfd_getfd() more uses-cases e.g. bridging socket connections
will be possible.
- The patchset has also seen some interest from the browser corner.
Right now, Firefox is using a SECCOMP_RET_TRAP sandbox managed by a
broker process. In the future glibc will start blocking all signals
during dlopen() rendering this type of sandbox impossible. Hence,
in the future Firefox will switch to a seccomp-user-nofication
based sandbox which also makes use of file descriptor retrieval.
The thread for this can be found at
https://sourceware.org/ml/libc-alpha/2019-12/msg00079.html
With pidfd_getfd() it is e.g. possible to bridge socket connections
for the supervisee (binding to a privileged port) and taking actions
on file descriptors on behalf of the supervisee in general.
Sargun's first version was using an ioctl on pidfds but various people
pushed for it to be a proper syscall which he duely implemented as
well over various review cycles. Selftests are of course included.
I've also added instructions how to deal with merge conflicts below.
There's also a small fix coming from the kernel mentee project to
correctly annotate struct sighand_struct with __rcu to fix various
sparse warnings. We've received a few more such fixes and even though
they are mostly trivial I've decided to postpone them until after -rc1
since they came in rather late and I don't want to risk introducing
build warnings.
Finally, there's a new prctl() command PR_{G,S}ET_IO_FLUSHER which is
needed to avoid allocation recursions triggerable by storage drivers
that have userspace parts that run in the IO path (e.g. dm-multipath,
iscsi, etc). These allocation recursions deadlock the device.
The new prctl() allows such privileged userspace components to avoid
allocation recursions by setting the PF_MEMALLOC_NOIO and
PF_LESS_THROTTLE flags. The patch carries the necessary acks from the
relevant maintainers and is routed here as part of prctl()
thread-management."
* tag 'threads-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim
sched.h: Annotate sighand_struct with __rcu
test: Add test for pidfd getfd
arch: wire up pidfd_getfd syscall
pid: Implement pidfd_getfd syscall
vfs, fdtable: Add fget_task helper
