commit c1592a8994 upstream.
Toggle deleted anonymous sets as inactive in the next generation, so
users cannot perform any update on it. Clear the generation bitmask
in case the transaction is aborted.
The following KASAN splat shows a set element deletion for a bound
anonymous set that has been already removed in the same transaction.
[ 64.921510] ==================================================================
[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
[ 64.931120] Call Trace:
[ 64.932699] <TASK>
[ 64.934292] dump_stack_lvl+0x33/0x50
[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.937551] kasan_report+0xda/0x120
[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
[ 64.945710] ? kasan_set_track+0x21/0x30
[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
Bug: 282877000
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I536b7fbec55a5b37a57546023891a3dcfeb2c24b
commit b5fc29233d upstream.
After commit d38afeec26 ("tcp/udp: Call inet6_destroy_sock()
in IPv6 sk->sk_destruct()."), we call inet6_destroy_sock() in
sk->sk_destruct() by setting inet6_sock_destruct() to it to make
sure we do not leak inet6-specific resources.
Now we can remove unnecessary inet6_destroy_sock() calls in
sk->sk_prot->destroy().
DCCP and SCTP have their own sk->sk_destruct() function, so we
change them separately in the following patches.
Change-Id: Iae566ce3b7a73584548fc88c950518b53194c5df
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a8cf114105)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit d83806c4c0 upstream.
Since 32ef9e5054, -Wa,-gdwarf-2 is no longer used in KBUILD_AFLAGS.
Instead, it includes -g, the appropriate -gdwarf-* flag, and also the
-Wa versions of both of those if building with Clang and GNU as. As a
result, debug info was being generated for the purgatory objects, even
though the intention was that it not be.
Fixes: 32ef9e5054 ("Makefile.debug: re-enable debug info for .S files")
Change-Id: I68ab786b0a713958e145908bbd26b7f842de5575
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Cc: stable@vger.kernel.org
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 588d682251)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6dcbd0a69c upstream.
MIPS's exit sections are discarded at runtime as well.
Fixes link error:
`.exit.text' referenced in section `__jump_table' of fs/fuse/inode.o:
defined in discarded section `.exit.text' of fs/fuse/inode.o
Fixes: 99cb0d917f ("arch: fix broken BuildID for arm64 and riscv")
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Change-Id: I2acdca2a4b35005d411c57978f4765bcc936e093
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f9a20ef5e8)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
and sched_waking to let module probe them
Get task info about sleep and waking
Bug: 190422437
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: I828c93f531f84e6133c2c3a7f8faada51683afcf
(cherry picked from commit 13af062abf)
(cherry picked from commit 869954e72dac700580d0ea5734d07b574e41afe9)
(cherry picked from commit b7f527071c)
Get task info about scheduling delay, iowait, and block time.
It is used to get thread scheduling info when thread happened abnormal situation.
Bug: 189415303
Change-Id: Ib6b548f8a78de5b26d555e9a89e3cc79ea2d1024
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit a6bb1af39d)
(cherry picked from commit 6d8d2ab52facfd6d5de2715e2470872e6a70cf22)
(cherry picked from commit c3c2917768)
Export get_wchan to get the block reason.
It is used to get the block reason(why the thread blocked in Uninterrupted Sleep) when happened long D state. We use this information check if it's reasonable.
Bug: 205684022
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I7b65bb502b805e7dac13e5f9d725da1ff70fe306
(cherry picked from commit 0db6925868)
(cherry picked from commit de72c813d12537ea6ced87b39ffcad446815609a)
(cherry picked from commit 1bcf1fc767)
Export symbol of the function wq_worker_comm() in kernel/workqueue.c for dlkm to get the description of the kworker process. It is used to get the description when kworker thread happened abnormal situation.
Bug: 208394207
Signed-off-by: zhengding chen <chenzhengding@oppo.com>
Change-Id: I2e7ddd52a15e22e99e6596f16be08243af1bb473
(cherry picked from commit 28de741861)
(cherry picked from commit 87e0e98c25ba8e121975708943335e3abad651d9)
(cherry picked from commit 38a713dc80)
Commit 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object
iteration loop of kmemleak_scan()") fixes soft lockup problem in
kmemleak_scan() by periodically doing a cond_resched(). It does take a
reference of the current object before doing it. Unfortunately, if the
object has been deleted from the object_list, the next object pointed to
by its next pointer may no longer be valid after coming back from
cond_resched(). This can result in use-after-free and other nasty
problem.
Fix this problem by adding a del_state flag into kmemleak_object structure
to synchronize the object deletion process between kmemleak_cond_resched()
and __remove_object() to make sure that the object remained in the
object_list in the duration of the cond_resched() call.
Link: https://lkml.kernel.org/r/20230119040111.350923-3-longman@redhat.com
Fixes: 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object iteration loop of kmemleak_scan()")
Change-Id: I7d44a56d2943e7140d9bcad56c6b1a20236f3827
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 782e417953)
[surenb: resolve trivial merge conflict due to the new pinned parameter
in kmemleak_cond_resched]
Bug: 280352049
Change-Id: Id1b794a3f22053141a0e86269a3316da1da317db
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Since we do not enforce symbol lists to be generated using
the ABI tooling; it is possible to have the symbol list
updates with CRLF characters at the end of a line, leading
and trailining white spaces based on how they are manually
edited. The header generation script fails in this case when
it parses these symbols with CRLF or sorting order may not
be correct for symbols with trailing white spaces.
Update the preprocessing of the symbol list to remove any
carriage returns, strip any leading and trailing white spaces
in addition to the other preprocessing.
Bug: 280837072
Test: TH, manual verification
Change-Id: I4b832c28b42f196056c38fc3e2ccd517a03e13fa
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
(cherry picked from commit 6b893a535cfa8a5e9a6cd792e0437fe66cb2296b)
This change ensures that if configured in the policy, the if_id set in
the policy and secpath states match during the inbound policy check.
Without this, there is potential for ambiguity where entries in the
secpath differing by only the if_id could be mismatched.
Notably, this is checked in the outbound direction when resolving
templates to SAs, but not on the inbound path when matching SAs and
policies.
Test: Tested against Android kernel unit tests & CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Bug: 279217934
(cherry picked from commit 8680407b6fhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master)
Change-Id: Ibb97561eaf1a99b7ad239d4d4860bfe5b0ac20ea
Signed-off-by: Carlos Llamas <cmllamas@google.com>
When Android moved the wifi drivers to be a vendor driver, it disabled
CFG80211 from the build configuration, yet that needs to be enabled in
the vendor module build. As the struct net_device is defined in the
core kernel image, both builds needs to have the same structure size, so
always enable it in the structure and protect any potential vendor
changes from showing up in the CRC checker by maing it a void * as far
as it is concerned.
Also update the kernel abi definition to resolve this:
function symbol 'int ___pskb_trim(struct sk_buff*, unsigned int)' changed
CRC changed from 0x3d8e01bc to 0x6c6bbe0a
function symbol 'struct sk_buff* __alloc_skb(unsigned int, gfp_t, int, int)' changed
CRC changed from 0x35a57bd5 to 0xd9823116
function symbol 'int __dev_change_net_namespace(struct net_device*, struct net*, const char*, int)' changed
CRC changed from 0x8bc2389e to 0x1c3133b9
... 823 omitted; 826 symbols have only CRC changes
type 'struct net_device' changed
member 'struct wireless_dev* ieee80211_ptr' was added
17 members ('struct wpan_dev* ieee802154_ptr' .. 'struct hlist_node index_hlist') changed
offset changed by 64
Fixes: c304eddcec ("net: wrap the wireless pointers in struct net_device in an ifdef")
Change-Id: I7c2a10da63b6022abbac78a3a0d48c2fd405f42c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
As part of the host deprivilege process, memory regions advertised in
the "pkvm,protected-region" devicetree nodes are unmapped from the
host stage-2 page-table and annotated specially so that the memory can
be used exclusively by hypervisor modules.
Since the state of this memory in the host stage-2 may not be in the
"owned" state (for example, if it corresponds to a "no-map" region),
remove the initial check of the page state and allow unmapping of any
pages from the trusted host.
Bug: 280380533
Cc: Quentin Perret <qperret@google.com>
Fixes: 417e986b54 ("ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback")
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ic28a2557d6d515b356645228fd41d3c921826489
A collision between aosp/2569890 (symbol list update) and aosp/2582310
(KMI update) caused this fall out. Fix forward by updating the
representation accordingly.
Bug: 281981998
Change-Id: I312fa0662e8289e4cd0ecd0fcf40f1d4aae612a1
Signed-off-by: Matthias Maennich <maennich@google.com>
This hook allows us to capture information when a process is forked so
that we can stat and set some key task's CPU affinity in the ko module
later. This patch, along with aosp/2548175, is necessary for our
affinity settings.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: Ib93e05e5f6c338c5f7ada56bfebdd705f87f1f66
(cherry picked from commit a188361628461c58a4dfc72869d9acb1dfa2542f)
Exporting the symbol cpuset_cpus_allowed() so that we can adjust a
certain type of application's CPU affinity in vendor hooks according
to our tuning policy.
Related commit: aosp/2548175
Bug: 189725786
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I7919a893ab64bb441ab43cbb0b16825ed76d802d
(cherry picked from commit 5a7d01ed73e4fc812fda1d7288086dc73a283405)
Add vendor hooks for CPU affinity to support OEM's tuning policy, where
we can block or unblock a certain type of application's CPU affinity.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I3402abec4d9faa08f564409bfb8db8d7902f3aa2
(cherry picked from commit 7cf9646c245fdc63e2a3c9fad457c11fabdd2dfc)
Add ramjiyani@ as per-file owner for list of protected
modules for all current & future architectures.
android/gki_*_protected_modules
Bug: 151893768
Test: TH
Change-Id: I0048c99a28cfe24e1ba7c7d6189fd8c7dfdf6f0d
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add snd_usb_power_domain_set() to the symbol list, as it is exported for
modules to utilize. Class drivers may need this to ensure USB audio device
is placed in the proper power state if an alternative audio path is used.
(i.e. offload path)
Symbols added:
snd_usb_power_domain_set
Bug: 255912822
Change-Id: I667fcaf8c841fd63c9b4d0307ac86e178d15e8b8
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
pKVM modules may need to enable fine grain traps. To allow this
use-case, expose a function allowing to manipulate HFGWTR_EL2 on the
current CPU. This configuration will be persistent across power
management cycles and such as it is propagated all the way to the
init params per-cpu struct.
Bug: 245034629
Change-Id: If9c29849df50847d3a796345927bd51c37c358bc
Signed-off-by: Quentin Perret <qperret@google.com>
pKVM modules may need to enable additional traps on top of what pKVM
already enables. To allow this use-case, expose a function allowing to
manipulate HCR_EL2 on the current CPU. This configuration will be
persistent across power management cycles and such as it is propagated
all the way to the init params per-cpu struct.
Bug: 245034629
Change-Id: I21d596bd1d01f4edc48a188cc3c2eb78dc9a4444
Signed-off-by: Quentin Perret <qperret@google.com>
Converting cfg80211.ko & mac80211.ko as vendor modules
made some symbols cited in the symbol lists for partners
but are no longer available in ksymtab as these features
are disabled in the gki_defconfit to convert them to vendor
modules.
Manually trimmed the symbol lists for builds to succeed.
Bug: 281137343
Test: TH
Change-Id: Ieb60c12ddb4f2b89aa387df2d69c31f8cfee54d8
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Convert cfg80211.ko and mac80211.ko as vendor modules to
pave a way for merging 802.11be Wi-Fi 7 functionalities
from upstream over the next year without affecting the KMI.
Bug: 281137343
Test: TH
Change-Id: Id1823924a3e5d8d03518599e6b3209e9cdd771d5
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
We want to use this hook to record the sleeping time due to Futex
Bug: 210947226
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: I637f889dce42937116d10979e0c40fddf96cd1a2
(cherry picked from commit a7ab784f60)
If an important task is going to sleep through do_futex(),
find out it's futex-owner by the pid comes from userspace,
and boost the owner by some means to shorten the sleep time.
How to boost? Depends on these hooks:
commit 53e8099784 ("ANDROID: vendor_hooks: Add hooks for scheduler")
Bug: 243110112
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I9a315cfb414fd34e0ef7a2cf9d57df50d4dd984f
(cherry picked from commit 548da5d23d)
Add support to use a random local address in authentication and
deauthentication frames sent to unassociated peer when the driver
supports.
The driver needs to configure receive behavior to accept frames with
random transmit address specified in TX path authentication frames
during the time of the frame exchange is pending and such frames need to
be acknowledged similarly to frames sent to the local permanent address
when this random address functionality is used.
This capability allows use of randomized transmit address for PASN
authentication frames to improve privacy of WLAN clients.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Link: https://lore.kernel.org/r/20230112012415.167556-2-quic_vjakkam@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 280613325
Change-Id: Ife3ad20656cba20c1b971bb3a074cc27e21e2c5b
(cherry picked from commit 6933486133https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main)
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Add ANDROID_OEM_DATA_ARRAY to the struct user so that we can record the
necessary data to implement the OEM's scheduling policy.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I418293391bc62a68207eae51a79bd45a7f6cd2ed
(cherry picked from commit 77e791866b)
Add vendor hooks in add/update/remove frequency QoS request process to
ensure that we can access the OEM's "frequency watchdog" logic for
abnormal frequency monitoring. This is necessary for our power tuning
policy.
Bug: 187458531
Signed-off-by: heshuai1 <heshuai1@xiaomi.com>
Change-Id: I1fb8fd6134432ecfb44ad242c66ccd8280ab9b43
(cherry picked from commit c445fe4dc67ad74dacfa548bc78876a7ce057086)
INFO: ABI DIFFERENCES HAVE BEEN DETECTED!
INFO: 4 function symbol(s) added
'int __traceiter_android_vh_alloc_uid(void*, struct user_struct*)'
'int __traceiter_android_vh_free_user(void*, struct user_struct*)'
'struct user_struct* find_user(kuid_t)'
'void free_uid(struct user_struct*)'
2 variable symbol(s) added
'struct tracepoint __tracepoint_android_vh_alloc_uid'
'struct tracepoint __tracepoint_android_vh_free_user'
function symbol 'struct block_device* I_BDEV(struct inode*)' changed
CRC changed from 0xbf847796 to 0x9903391b
function symbol 'void __ClearPageMovable(struct page*)' changed
function symbol 'void __SetPageMovable(struct page*, const struct movable_operations*)' changed
CRC changed from 0x9c92af65 to 0xfd8bfc31
... 4297 omitted; 4300 symbols have only CRC changes
type 'struct user_struct' changed
byte size changed from 136 to 152
member 'u64 android_oem_data1[2]' was added
Bug: 277846574
Change-Id: Ifd44123eb32963e8e9f85de84c505a28cff12d14
Signed-off-by: wang qiankun <wangqiankun3@xiaomi.corp-partner.google.com>
Exporting the symbols find_user() & free_uid() to access user task
information in ko module for monitoring and optimization purposes. This
is a necessary component of our scheduling policy.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I12135c0af312904dd21b6f074beda086ad5ece98
(cherry picked from commit 16350016d8)
(cherry picked from commit eec2cd3df3aa2d92136658d3619dc5142155c7d4)
