vendor may have the need to implement their own util_fits_cpu
function
Bug: 261704404
Change-Id: I0318f6cadd5c45a37f1acafdded479b25e520e6b
Signed-off-by: Chungkai Mei <chungkai@google.com>
In order to make the nVHE stack size easily configurable,
introduce NVHE_STACK_SHIFT which must be >= PAGE_SHIFT.
Increase the stack size to 8KB if PAGE_SIZE is 4KB, since
some vendors require a larger stack in the hypervisor.
Bug: 305486112
Change-Id: Ic7612d5d5bf9d20db811ce67b177bbda192adf92
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
The null_blk kernel driver is essential for block layer functional and
performance testing. Hence this patch.
Bug: 305274387
Change-Id: I169a0540de67ef797c1918358445d029b2eb1078
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Easily done now, just by clearing FMODE_LSEEK in ->f_mode
during proc_reg_open() for such entries.
Fixes: 868941b144 "fs: remove no_llseek"
Change-Id: Iac64d5d73ce9647a516eec870867369efe23cf33
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 3f61631d47)
Signed-off-by: David Anderson <dvander@google.com>
Allow pKVM to set device attributes (nGnRE) on stage-2 entries when
KVM_PGTABLE_PROT_DEVICE is used.
Bug: 303529066
Change-Id: I19ddbd627cb67fb4ad295af6ea5fff129d7a94f7
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
The hyp tracing support depends on CONFIG_TRACING, not CONFIG_FTRACE.
Also, TRACING might be selected while FTRACE is not leading to a build
error.
Bug: 306320920
Change-Id: I69614b6d1eb0e3d9013e00c2d10836b37034b929
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
By this vh, so that we can record page information
and add custom optimisations such as cma.
Bug: 305868227
Change-Id: I6d20dc96f864202ea0ca236c82337f385a9054f6
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
commit e994764976 upstream.
sctp_mt_check doesn't validate the flag_count field. An attacker can
take advantage of that to trigger a OOB read and leak memory
information.
Add the field validation in the checkentry function.
Bug: 304913898
Fixes: 2e4e6a17af ("[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables")
Cc: stable@vger.kernel.org
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 4921f9349b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ife4e69f6218fdaca2a8647b5ed00d875a5ed0d34
The kunit targets build in-tree kunit modules with a pre-set
defconfig fragment.
This is the defconfig fragment to be applied to enable kunit tests
as modules. Because we apply defconfig fragments after running
make defconfig, the individual tests must be enabled instead of
a global CONFIG_KUNIT_ALL_TESTS flag.
Note: Comparing to the change on android-mainline, this change
deletes the following tests because they do not present in
android14-5.15:
CONFIG_NETDEV_ADDR_LIST_TEST
CONFIG_REGMAP_KUNIT
CONFIG_INPUT_KUNIT_TEST
CONFIG_SND_SOC_UTILS_KUNIT_TEST
CONFIG_HID_KUNIT_TEST
CONFIG_IIO_FORMAT_KUNIT_TEST
CONFIG_CLK_KUNIT_TEST
CONFIG_CLK_GATE_KUNIT_TEST
Comparing to the change on android-mainline, this change
adds a symbol list for kunit tests. To update this symbol list:
bazel run //common:kunit_aarch64_abi_update_symbol_list
Comparing to the change on android-mainline, this change
does not contain a target for riscv64.
Test: manually build with
bazel run //common:kunit_aarch64_dist
bazel run //common:kunit_x86_64_dist
bazel run //common:kunit_riscv64_dist
Bug: 296116800
Bug: 304616548
Bug: 305290382
Change-Id: If3b94f495aa64b657508781b12e3e0716c725f3f
Signed-off-by: Yifan Hong <elsk@google.com>
This is the basis for enabling Kunit tests.
Bug: 304616548
Change-Id: I83c08539182eca10ca833f932edabdde19978be5
Signed-off-by: Yifan Hong <elsk@google.com>
When MADV_PAGEOUT is called on a private file mapping VMA region,
we bail out early if the process is neither owner nor write capable
of the file. However, this VMA may have both private/shared clean
pages and private dirty pages. The opportunity of paging out the
private dirty pages (Anon pages) is missed. Fix this by caching
the file access check and use it later along with PageAnon() during
page walk.
We observe ~10% improvement in zram usage, thus leaving more available
memory on a 4GB RAM system running Android.
Link: https://lkml.kernel.org/r/1667971116-12900-1-git-send-email-quic_pkondeti@quicinc.com
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Cc: Charan Teja Kalla <quic_charante@quicinc.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 8fc5be8efc3cf356f25098fbd4bda7c0e949c2ea
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable)
Bug: 259329159
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Change-Id: I5f2d425aec94e5a75ebeaf90f9f5d7adf1975c59
(cherry picked from commit 979df868f594e76a36a7a9523991cdc5b5f99a14)
commit 69c5d284f6 upstream.
The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.
Add a checkentry function to validate the structure.
This was originally reported by the ZDI project (ZDI-CAN-18408).
Bug: 304913716
Fixes: 1b50b8a371 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1c164c1e9e)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic2ff70b303f55f9c3c5db24295bcb223ed7175a7
[ Upstream commit f4f8a78031 ]
The opt_num field is controlled by user mode and is not currently
validated inside the kernel. An attacker can take advantage of this to
trigger an OOB read and potentially leak information.
BUG: KASAN: slab-out-of-bounds in nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
Read of size 2 at addr ffff88804bc64272 by task poc/6431
CPU: 1 PID: 6431 Comm: poc Not tainted 6.0.0-rc4 #1
Call Trace:
nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
nf_osf_find+0x186/0x2f0 net/netfilter/nfnetlink_osf.c:281
nft_osf_eval+0x37f/0x590 net/netfilter/nft_osf.c:47
expr_call_ops_eval net/netfilter/nf_tables_core.c:214
nft_do_chain+0x2b0/0x1490 net/netfilter/nf_tables_core.c:264
nft_do_chain_ipv4+0x17c/0x1f0 net/netfilter/nft_chain_filter.c:23
[..]
Also add validation to genre, subtype and version fields.
Bug: 304913642
Fixes: 11eeef41d5 ("netfilter: passive OS fingerprint xtables match")
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 7bb8d52b42)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If79c79e3f55de8c81b70c19661cb0084b02c3da2
commit 265b4da82d upstream.
The rsvp classifier has served us well for about a quarter of a century but has
has not been getting much maintenance attention due to lack of known users.
Bug: 304913975
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 08569c92f7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I4716954c5e8d5414a580eb34c699908028aa754b
[ Upstream commit 0113d9c9d1 ]
Currently, we assume the skb is associated with a device before calling
__ip_options_compile, which is not always the case if it is re-routed by
ipvs.
When skb->dev is NULL, dev_net(skb->dev) will become null-dereference.
This patch adds a check for the edge case and switch to use the net_device
from the rtable when skb->dev is NULL.
Bug: 304913674
Fixes: ed0de45a10 ("ipv4: recompile ip options in ipv4_link_failure")
Suggested-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Cc: Vadim Fedorenko <vfedorenko@novek.ru>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 2712545e53)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie840ff3351e487f7095c49fac4fdd1e81021a982
Make the UFS device execute realtime (RT) requests before other requests.
This will be used in Android to reduce the I/O latency of the foreground
app.
Change-Id: Ia8fa42517e6f8e11439bd91b2e23762c00845724
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
(cherry picked from commit 00d2fa28da0aa371ad215e92ebf5297c0e7d4861 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Bart Van Assche <bvanassche@google.com>
ufshcd_comp_scsi_upiu() has one caller and that caller ensures that
lrbp->cmd != NULL. Hence leave out the lrbp->cmd check from
ufshcd_comp_scsi_upiu().
Change-Id: Ic37b0eda0d59c0b7d759a5d352f139cdcffbf163
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
(cherry picked from commit c788cf8a21cd3b12a1823869878e3fd93132859f git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Bart Van Assche <bvanassche@google.com>
It may happen that zoned writes get reordered and hence that a zoned
device receives these out of order. If that happens, the SCSI error
handler will resubmit the zoned writes in LBA order. Only resubmit
zoned writes if the number of retries has not been exceeded. Otherwise
fail the zoned write.
Bug: 234829282
Change-Id: Ieb0e596df60b05f67d7c54ebd2e700e6c550d6f5
Signed-off-by: Bart Van Assche <bvanassche@google.com>
blk_mq_process_requeue_list() inserts requeued requests in front of other
requests. This is fine for all request types except for sequential zoned
writes. Hence this patch.
Bug: 234829282
Change-Id: If1f1aece17f425104a936b36db33eab5f9ba5c2d
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for supporting I/O priority in the storage stack.
Bug: 186902601
Change-Id: I387ac4792c89d88d131c5146b116a0393c01b096
Signed-off-by: Bart Van Assche <bvanassche@google.com>
memory allocations
We add these hooks to avoid key threads blocked in memory allocation
path.
-android_vh_free_unref_page_bypass ----We create a memory pool for the
key threads. This hook determines whether a page should be free to the
pool or to buddy freelist. It works with a existing hook
`android_vh_alloc_pages_reclaim_bypass`, which takes pages out of the
pool.
-android_vh_kvmalloc_node_use_vmalloc ----For key threads, we perfer
not to run into direct reclaim. So we clear __GFP_DIRECT_RECLAIM flag.
For threads which are not that important, we perfer use vmalloc.
-android_vh_should_alloc_pages_retry ----Before key threads run into
direct reclaim, we want to retry with a lower watermark.
-android_vh_unreserve_highatomic_bypass ----We want to keep more
highatomic pages when unreserve them to avoid highatomic allocation
failures.
-android_vh_rmqueue_bulk_bypass ----We found sometimes when key threads
run into rmqueue_bulk, it took several milliseconds spinning at
zone->lock or filling per-cpu pages. We use this hook to take pages from
the mempool mentioned above, rather than grab zone->lock and fill a
batch of pages to per-cpu.
Bug: 288216516
Bug: 304066882
Change-Id: I1656032d6819ca627723341987b6094775bc345f
Signed-off-by: Oven <liyangouwen1@oppo.com>
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
(cherry picked from commit aa47cc7c206a8e159a735e6f1513ece6dac1e0ba)
__kvm_hyp_host_forward_smc() forwards SMCs to EL3, which means we
exit and enter the hypervisor without tracing those.
Add missing hyp events.
Bug: 304445720
Change-Id: I0b66c37f1521702764b12c038324c3fec3e499a6
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Store the hyp address in kvm_arm_hyp_host_fp_state[], to avoid having to
calculate it with kern_hyp_va() on every access.
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I52902c297f9b957a8d035be942e3cbeb32fed0a2
Allocate and map hyp memory to maintain the host's fp/simd state,
which is also used for SVE and SME, later in the initialization
process. The amount of memory needed to track the host's state
varies depending on the number of cpus in the system, whether
there's SVE support, as well as the SVE vector size. Much of the
state needed to extract this information isn't initialized yet at
kvm_hyp_reserve().
Fixes: 6dc9af85f7 ("ANDROID: KVM: arm64: Allocate host fp state at pkvm init rather than per cpu")
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I744be685a107ddd92c6975bafb0149aebad7bb55
[ Upstream commit f15f29fd47 ]
Chain binding only requires the rule addition/insertion command within
the same transaction. Removal of rules from chain bindings within the
same transaction makes no sense, userspace does not utilize this
feature. Replace nft_chain_is_bound() check to nft_chain_binding() in
rule deletion commands. Replace command implies a rule deletion, reject
this command too.
Rule flush command can also safely rely on this nft_chain_binding()
check because unbound chains are not allowed since 62e1e94b24
("netfilter: nf_tables: reject unbound chain set before commit phase").
Bug: 302085977
Fixes: d0e2c7de92 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9af8bb2afe)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I8b05dc37062824db4c2901000fdf701b38605d32
Commit 44042b4498 ("mm/page_alloc: allow high-order pages to be stored
on the per-cpu lists") adjusts the pcp batch size __rmqueue_pcplist()
allocates from rmqueue_bulk() in proportion to the page order.
This line was not properly carried forward when porting
commit 37b2d597bb ("ANDROID: mm: add cma pcp list") to android 13-5.15.
Fixes: 37b2d597bb ("ANDROID: mm: add cma pcp list")
Bug: 260129859
Change-Id: I28b7c22c75596176fd951974d1dd682ee1014efb
Signed-off-by: Patrick Daly <quic_pdaly@quicinc.com>
(cherry picked from commit 4931d96eb36e955fe72eee53b1ce834e2894ab5c)
Currently, cma_alloc() checks if the task has fatal signals pending
and simply bail out without updating return type(defaulting to EBUSY).
Update the return type to EINTR when cma allocation fails due to pending
fatal signals.
Bug: 245880180
Change-Id: Ibcef026a3af3417a5a10e0eae51017f477f6ac0f
Signed-off-by: Nikhil V <quic_nprakash@quicinc.com>
Some usb hubs will negotiate DisplayPort Alt mode with the device
but will then negotiate a data role swap after entering the alt
mode. The data role swap causes the device to unregister all alt
modes, however the usb hub will still send Attention messages
even after failing to reregister the Alt Mode. type_altmode_attention
currently does not verify whether or not a device's altmode partner
exists, which results in a NULL pointer error when dereferencing
the typec_altmode and typec_altmode_ops belonging to the altmode
partner.
Verify the presence of a device's altmode partner before sending
the Attention message to the Alt Mode driver.
Fixes: 8a37d87d72 ("usb: typec: Bus type for alternate modes")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230814180559.923475-1-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 288952921
(cherry picked from commit f236433064)
[rd: changed return type of typec_altmode_attention to void to not break
kmi, moved tcpm_log from error return to typec_altmode_attention as
dev_warn]
Change-Id: I054a6ef56b9b2d7c4e8167e8630a8c277910da88
Signed-off-by: RD Babiera <rdbabiera@google.com>
Commit 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
bypasses the pcplist on lock contention and returns the page directly to
the buddy list of the page's migratetype.
For pages that don't have their own pcplist, such as CMA and HIGHATOMIC,
the migratetype is temporarily updated such that the page can hitch a ride
on the MOVABLE pcplist. Their true type is later reassessed when flushing
in free_pcppages_bulk(). However, when lock contention is detected after
the type was already overridden, the bypass will then put the page on the
wrong buddy list.
Once on the MOVABLE buddy list, the page becomes eligible for fallbacks
and even stealing. In the case of HIGHATOMIC, otherwise ineligible
allocations can dip into the highatomic reserves. In the case of CMA, the
page can be lost from the CMA region permanently.
Use a separate pcpmigratetype variable for the pcplist override. Use the
original migratetype when going directly to the buddy. This fixes the bug
and should make the intentions more obvious in the code.
Originally sent here to address the HIGHATOMIC case:
https://lore.kernel.org/lkml/20230821183733.106619-4-hannes@cmpxchg.org/
Changelog updated in response to the CMA-specific bug report.
[mgorman@techsingularity.net: updated changelog]
Link: https://lkml.kernel.org/r/20230911181108.GA104295@cmpxchg.org
Fixes: 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Joe Liu <joe.liu@mediatek.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 302075941
(cherry picked from commit 7b086755fb)
Change-Id: I5e62c941e0a91db551a56f4b8c1ae14f87fd2bc3
Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com>
Since commit 4e57a4ddf6 ("ARM: 9107/1: syscall: always store
thread_info->abi_syscall"), the seccomp selftests "syscall_errno"
and "syscall_faked" have been broken. Both seccomp and PTRACE depend
on using the special value of "-1" for skipping syscalls. This value
wasn't working because it was getting masked by __NR_SYSCALL_MASK in
both PTRACE_SET_SYSCALL and get_syscall_nr().
Explicitly test for -1 in PTRACE_SET_SYSCALL and get_syscall_nr(),
leaving it exposed when present, allowing tracers to skip syscalls
again.
Cc: Russell King <linux@armlinux.org.uk>
Cc: Arnd Bergmann <arnd@kernel.org>
Cc: Lecopzer Chen <lecopzer.chen@mediatek.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: linux-arm-kernel@lists.infradead.org
Fixes: 4e57a4ddf6 ("ARM: 9107/1: syscall: always store thread_info->abi_syscall")
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20230810195422.2304827-2-keescook@chromium.org
Change-Id: I5b13c06a9cca85d13beec809a695198a7696df45
Signed-off-by: Kees Cook <keescook@chromium.org>
(cherry picked from commit 4697b5848b)
Bug: 289991100
Signed-off-by: Edward Liaw <edliaw@google.com>
This patch tries to preload extent_cache given POSIX_FADV_WILLNEED, which is
more useful for generic usecases.
Bug: 301585673
Bug: 296299682
Fixes: f43b021e14 ("FROMGIT: f2fs: preload extent_cache for POSIX_FADV_WILLNEED")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 3e729e50d01e6a336132d1739866a6463f82faa9
https://git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev)
Change-Id: I11702b172270b143209407d06aa0338f19f19b43
By this vh, so that we can reimplement the function xhci_urb_suitable_for_idt()
Bug: 301055890
Change-Id: I5e4eabf1155eceb650eee6a42b0e00e8d55281dc
Signed-off-by: Wanwei Jiang <wanwei.jiang@amlogic.com>
Update_io_stats_uid_locked would take a long lock-time of uid_lock due to
call do_each_thread to compute uid_entry->io, which would cause to lock
competition sometime.
Using uid_entry_tmp to get the result of update_io_stats_uid, so that we
can unlock_uid during update_io_stats_uid, in order to avoid the
unnecessary lock-time of uid_lock.
Bug: 278138377
Signed-off-by: Peifeng Li <lipeifeng@oppo.com>
(cherry picked from https://android-review.googlesource.com/q/commit:c1fa53f3cf85c0a1c23f0e0a944986b4aa049073)
Merged-In: I5be62105e57e2a896a95d906e3c14e17c7f8077d
Change-Id: I5be62105e57e2a896a95d906e3c14e17c7f8077d
locks for each hlist in hash_table.
1.Hash_table in uid_sys_stat is protected by a global lock named id_lock,
which causes some lock competition issue. Actually, uid_lock can be split to
several file-grained locks for each hlist in hash_table, which avoid
the unnecessary lock competition when get different-uid process info.
2. Switching rt-mutex to spinlock, in order to operate with read_rcu_lock.
Bug: 278138377
Signed-off-by: Peifeng Li <lipeifeng@oppo.com>
(cherry picked from https://android-review.googlesource.com/q/commit:c949fbdce0bc792dea206c709d909094be579c3a)
Merged-In: Ib252b65e9aebe3a594e6edf075f7aa01f8e6105d
Change-Id: Ib252b65e9aebe3a594e6edf075f7aa01f8e6105d
