Now that the generic implementation of ChaCha20 has been refactored to
allow varying the number of rounds, add support for XChaCha12, which is
the XSalsa construction applied to ChaCha12. ChaCha12 is one of the
three ciphers specified by the original ChaCha paper
(https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of
Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than
ChaCha20 but has a lower, but still large, security margin.
We need XChaCha12 support so that it can be used in the Adiantum
encryption mode, which enables disk/file encryption on low-end mobile
devices where AES-XTS is too slow as the CPUs lack AES instructions.
We'd prefer XChaCha20 (the more popular variant), but it's too slow on
some of our target devices, so at least in some cases we do need the
XChaCha12-based version. In more detail, the problem is that Adiantum
is still much slower than we're happy with, and encryption still has a
quite noticeable effect on the feel of low-end devices. Users and
vendors push back hard against encryption that degrades the user
experience, which always risks encryption being disabled entirely. So
we need to choose the fastest option that gives us a solid margin of
security, and here that's XChaCha12. The best known attack on ChaCha
breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's
security margin is still better than AES-256's. Much has been learned
about cryptanalysis of ARX ciphers since Salsa20 was originally designed
in 2005, and it now seems we can be comfortable with a smaller number of
rounds. The eSTREAM project also suggests the 12-round version of
Salsa20 as providing the best balance among the different variants:
combining very good performance with a "comfortable margin of security".
Note that it would be trivial to add vanilla ChaCha12 in addition to
XChaCha12. However, it's unneeded for now and therefore is omitted.
As discussed in the patch that introduced XChaCha20 support, I
considered splitting the code into separate chacha-common, chacha20,
xchacha20, and xchacha12 modules, so that these algorithms could be
enabled/disabled independently. However, since nearly all the code is
shared anyway, I ultimately decided there would have been little benefit
to the added complexity.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit aa7624093chttps://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0
Signed-off-by: Eric Biggers <ebiggers@google.com>
In preparation for adding XChaCha12 support, rename/refactor
chacha20-generic to support different numbers of rounds. The
justification for needing XChaCha12 support is explained in more detail
in the patch "crypto: chacha - add XChaCha12 support".
The only difference between ChaCha{8,12,20} are the number of rounds
itself; all other parts of the algorithm are the same. Therefore,
remove the "20" from all definitions, structures, functions, files, etc.
that will be shared by all ChaCha versions.
Also make ->setkey() store the round count in the chacha_ctx (previously
chacha20_ctx). The generic code then passes the round count through to
chacha_block(). There will be a ->setkey() function for each explicitly
allowed round count; the encrypt/decrypt functions will be the same. I
decided not to do it the opposite way (same ->setkey() function for all
round counts, with different encrypt/decrypt functions) because that
would have required more boilerplate code in architecture-specific
implementations of ChaCha and XChaCha.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1ca1b91794https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
arch/x86/crypto/chacha20_glue.c
drivers/crypto/caam/caamalg.c
drivers/crypto/caam/caamalg_qi2.c
drivers/crypto/caam/compat.h
include/crypto/chacha20.h
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I7fa203ddc7095ce8675a32f49b8a5230cd0cf5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add support for the XChaCha20 stream cipher. XChaCha20 is the
application of the XSalsa20 construction
(https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than
to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or
96 bits, depending on convention) to 192 bits, while provably retaining
ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the
key and first 128 nonce bits to a 256-bit subkey. Then, it does the
ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce.
We need XChaCha support in order to add support for the Adiantum
encryption mode. Note that to meet our performance requirements, we
actually plan to primarily use the variant XChaCha12. But we believe
it's wise to first add XChaCha20 as a baseline with a higher security
margin, in case there are any situations where it can be used.
Supporting both variants is straightforward.
Since XChaCha20's subkey differs for each request, XChaCha20 can't be a
template that wraps ChaCha20; that would require re-keying the
underlying ChaCha20 for every request, which wouldn't be thread-safe.
Instead, we make XChaCha20 its own top-level algorithm which calls the
ChaCha20 streaming implementation internally.
Similar to the existing ChaCha20 implementation, we define the IV to be
the nonce and stream position concatenated together. This allows users
to seek to any position in the stream.
I considered splitting the code into separate chacha20-common, chacha20,
and xchacha20 modules, so that chacha20 and xchacha20 could be
enabled/disabled independently. However, since nearly all the code is
shared anyway, I ultimately decided there would have been little benefit
to the added complexity of separate modules.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit de61d7ae5dhttps://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886
Signed-off-by: Eric Biggers <ebiggers@google.com>
Make the ARM scalar AES implementation closer to constant-time by
disabling interrupts and prefetching the tables into L1 cache. This is
feasible because due to ARM's "free" rotations, the main tables are only
1024 bytes instead of the usual 4096 used by most AES implementations.
On ARM Cortex-A7, the speed loss is only about 5%. The resulting code
is still over twice as fast as aes_ti.c. Responsiveness is potentially
a concern, but interrupts are only disabled for a single AES block.
Note that even after these changes, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software. But it's valuable to make such attacks more difficult.
Much of this patch is based on patches suggested by Ard Biesheuvel.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 913a3aa07dhttps://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I453a7b71c3bb0051106b37cdb71d4511fd4e388a
Signed-off-by: Eric Biggers <ebiggers@google.com>
Optimize ChaCha20 NEON performance by:
- Implementing the 8-bit rotations using the 'vtbl.8' instruction.
- Streamlining the part that adds the original state and XORs the data.
- Making some other small tweaks.
On ARM Cortex-A7, these optimizations improve ChaCha20 performance from
about 12.08 cycles per byte to about 11.37 -- a 5.9% improvement.
There is a tradeoff involved with the 'vtbl.8' rotation method since
there is at least one CPU (Cortex-A53) where it's not fastest. But it
seems to be a better default; see the added comment. Overall, this
patch reduces Cortex-A53 performance by less than 0.5%.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a1b22a5f45)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: Id7d26e6079cee50111f6d9616459547c60e6cb3e
Signed-off-by: Eric Biggers <ebiggers@google.com>
In commit 9f480faec5 ("crypto: chacha20 - Fix keystream alignment for
chacha20_block()"), I had missed that chacha20_block() can be called
directly on the buffer passed to get_random_bytes(), which can have any
alignment. So, while my commit didn't break anything, it didn't fully
solve the alignment problems.
Revert my solution and just update chacha20_block() to use
put_unaligned_le32(), so the output buffer need not be aligned.
This is simpler, and on many CPUs it's the same speed.
But, I kept the 'tmp' buffers in extract_crng_user() and
_get_random_bytes() 4-byte aligned, since that alignment is actually
needed for _crng_backtrack_protect() too.
Reported-by: Stephan Müller <smueller@chronox.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a5e9f55709)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: Ic355d2416330ae2f4a50cb7064633810e35a93bf
Signed-off-by: Eric Biggers <ebiggers@google.com>
Define a filesystem magic value to be used for sdcardfs.
Bug: 120446149
Change-Id: I54daa1452aa6a3ce0401d7d923e0a897f0c26d96
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Partial revert of 197df04c74 ("rename user_path_umountat() to
user_path_mountpoint_at()"), to restore access to vfs_path_lookup()
without including fs/internal.h, as needed by sdcardfs.
Bug: 120446149
Change-Id: I757f2df9f4dcc66f633939e7833e6fa2ac0ff4f8
Signed-off-by: Alistair Strachan <astrachan@google.com>
Inotify does not currently know when a filesystem
is acting as a wrapper around another fs. This means
that inotify watchers will miss any modifications to
the base file, as well as any made in a separate
stacked fs that points to the same file.
d_canonical_path solves this problem by allowing the fs
to map a dentry to a path in the lower fs. Inotify
can use it to find the appropriate place to watch to
be informed of all changes to a file.
Bug: 70706497
Bug: 120446149
Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
[astrachan: Folded 34df4102216e ("ANDROID: fsnotify: Notify lower fs of
open") into this patch]
Signed-off-by: Alistair Strachan <astrachan@google.com>
This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.
Bug: 35848445
Bug: 120446149
Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
[AmitP: Minor refactoring of original patch to align with
changes from the following upstream commit
4bfd054ae1 ("fs: fold __inode_permission() into inode_permission()").
Also introduce vfs_mkobj2(), because do_create()
moved from using vfs_create() to vfs_mkobj()
eecec19d9e ("mqueue: switch to vfs_mkobj(), quit abusing ->d_fsdata")
do_create() is dropped/cleaned-up upstream so a
minor refactoring there as well.
066cc813e9 ("do_mq_open(): move all work prior to dentry_open() into a helper")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[astrachan: Folded the following changes into this patch:
f46c9d62dd81 ("ANDROID: fs: Export vfs_rmdir2")
9992eb8b9a1e ("ANDROID: xattr: Pass EOPNOTSUPP to permission2")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
This allows filesystems to use their mount private data to
influence the permssions they use in setattr2. It has
been separated into a new call to avoid disrupting current
setattr users.
Bug: 120446149
Change-Id: I19959038309284448f1b7f232d579674ef546385
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Now we pass the vfsmount when mounting and remounting.
This allows the filesystem to actually set up the mount
specific data, although we can't quite do anything with
it yet. show_options is expanded to include data that
lives with the mount.
To avoid changing existing filesystems, these have
been added as new vfs functions.
Bug: 120446149
Change-Id: If80670bfad9f287abb8ac22457e1b034c9697097
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This starts to add private data associated directly
to mount points. The intent is to give filesystems
a sense of where they have come from, as a means of
letting a filesystem take different actions based on
this information.
Bug: 62094374
Bug: 120446149
Change-Id: Ie769d7b3bb2f5972afe05c1bf16cf88c91647ab2
Signed-off-by: Daniel Rosenberg <drosen@google.com>
[astrachan: Folded 89a54ed3bf68 ("ANDROID: mnt: Fix next_descendent")
into this patch]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Export the following symbols:
- copy_fs_struct
- free_fs_struct
- security_path_chown
- set_fs_pwd
- vfs_read
- vfs_write
These are needed to build sdcardfs as a module.
Bug: 35142419
Bug: 120446149
Change-Id: If6e14f0b3bdc858a9f684e6c209927a9232091f0
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
[astrachan: Folded the following changes into this patch:
e19f69662df5 ("ANDROID: Revert "fs: unexport vfs_read and vfs_write"")
17071a8e1e7d ("ANDROID: fs: Export free_fs_struct and set_fs_pwd")
2e9a639597cd ("ANDROID: export security_path_chown")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
This reverts commit e94591d0d9.
This cleanup broke the parsing of procfs mount parameters.
Bug: 79705088
Change-Id: I0f07180ef9a994c884abfa269ffb273ee0bcbc0d
Signed-off-by: Alistair Strachan <astrachan@google.com>
This allows the context manager to retrieve information about nodes
that it holds a reference to, such as the current number of
references to those nodes.
Such information can for example be used to determine whether the
servicemanager is the only process holding a reference to a node.
This information can then be passed on to the process holding the
node, which can in turn decide whether it wants to shut down to
reduce resource usage.
Bug: 79983843
Change-Id: I21e52ed1ca2137f7bfdc0300365fb1285b7e3d70
Signed-off-by: Martijn Coenen <maco@android.com>
Currently, IPv6 router discovery always puts routes into
RT6_TABLE_MAIN. This causes problems for connection managers
that want to support multiple simultaneous network connections
and want control over which one is used by default (e.g., wifi
and wired).
To work around this connection managers typically take the routes
they prefer and copy them to static routes with low metrics in
the main table. This puts the burden on the connection manager
to watch netlink to see if the routes have changed, delete the
routes when their lifetime expires, etc.
Instead, this patch adds a per-interface sysctl to have the
kernel put autoconf routes into different tables. This allows
each interface to have its own autoconf table, and choosing the
default interface (or using different interfaces at the same
time for different types of traffic) can be done using
appropriate ip rules.
The sysctl behaves as follows:
- = 0: default. Put routes into RT6_TABLE_MAIN as before.
- > 0: manual. Put routes into the specified table.
- < 0: automatic. Add the absolute value of the sysctl to the
device's ifindex, and use that table.
The automatic mode is most useful in conjunction with
net.ipv6.conf.default.accept_ra_rt_table. A connection manager
or distribution could set it to, say, -100 on boot, and
thereafter just use IP rules.
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
[AmitP: Refactored original changes to align with
the changes introduced by upstream commits
830218c1ad ("net: ipv6: Fix processing of RAs in presence of VRF"),
8d1c802b28 ("net/ipv6: Flip FIB entries to fib6_info").
Also folded following android-4.9 commit changes into this patch
be65fb01da ("ANDROID: net: ipv6: remove unused variable ifindex in")]
Bug: 120445791
Change-Id: I82d16e3737d9cdfa6489e649e247894d0d60cbb1
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
https://lkml.org/lkml/2016/1/11/587
Bug: 29054680
Bug: 120445712
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
[jeffv: Upstream doesn't want it https://lkml.org/lkml/2016/6/17/101]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Send notifications when the label becomes active after an idle period.
Send netlink message notifications in addition to sysfs notifications.
Using a uevent with
subsystem=xt_idletimer
INTERFACE=...
STATE={active,inactive}
This is backport from common android-3.0
commit: beb914e987
with uevent support instead of a new netlink message type.
Bug: 120445672
Change-Id: I31677ef00c94b5f82c8457e5bf9e5e584c23c523
Signed-off-by: Ashish Sharma <ashishsharma@google.com>
Signed-off-by: JP Abgrall <jpa@google.com>
[astrachan: Folded the following changes into this patch:
ee0b238fada5 ("netfilter: xt_IDLETIMER: time-stamp and suspend/resume handling.")
728c058a495e ("netfilter: xt_IDLETIMER: Adds the uid field in the msg")
5ebea489d44c ("netfilter: xt_IDLETIMER: Fix use after free condition during work")
5ab69d7ba2c5 ("netfilter: xt_IDLETIMER: Use fullsock when querying uid")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
The original xt_quota in the kernel is plain broken:
- counts quota at a per CPU level
(was written back when ubiquitous SMP was just a dream)
- provides no way to count across IPV4/IPV6.
This patch is the original unaltered code from:
http://sourceforge.net/projects/xtables-addons
at commit e84391ce665cef046967f796dd91026851d6bbf3
Bug: 120445421
Change-Id: I19d49858840effee9ecf6cff03c23b45a97efdeb
Signed-off-by: JP Abgrall <jpa@google.com>
[astrachan: Folded 4d33aa305871 ("netfilter: xt_quota2: fixup the quota2,
and enable.") into this patch]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Add API log_wakeup_reason() and expose it to userspace via sysfs path
/sys/kernel/wakeup_reasons/last_resume_reason
Bug: 120445600
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
[AmitP: Folded following android-4.9 commit changes into this patch
1135122a19 ("ANDROID: POWER: fix compile warnings in log_wakeup_reason")
b4e6247778 ("ANDROID: Power: Changes the permission to read only for sysfs file /sys/kernel/wakeup_reasons/last_resume_reason")
e13dbc7c69 ("ANDROID: power: wakeup_reason: rename irq_count to irqcount")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[astrachan: Folded the following changes into this patch:
39d7c7fe91c0 ("ANDROID: power: wakeup_reason: Add guard condition for maximum wakeup reasons")
0730434bdf49 ("ANDROID: power: wakeup_reason: Avoids bogus error messages for the suspend aborts.")
4e42dceae54e ("ANDROID: power: wakeup_reason: Adds functionality to log the last suspend abort reason.")
f21313b70ac7 ("ANDROID: power: wakeup_reason: Report suspend times from last_suspend_time")
f97ec34442ac ("ANDROID: power: wakeup_reason: fix suspend time reporting")
cd92df73e504 ("ANDROID: power: wakeup: Add last wake up source logging for suspend abort reason.")
546b6ae3c087 ("ANDROID: power: wakeup: Add the guard condition for len in pm_get_active_wakeup_sources")
1453d9ffcdbe ("ANDROID: power: wakeup_reason: make logging work in an interrupt context.")]
Change-Id: I81addaf420f1338255c5d0638b0d244a99d777d1
Signed-off-by: Alistair Strachan <astrachan@google.com>
Decare war on uninterruptible sleep. Add a tracepoint which
walks the kernel stack and dumps the first non-scheduler function
called before the scheduler is invoked.
Bug: 120445457
Change-Id: I19e965d5206329360a92cbfe2afcc8c30f65c229
Signed-off-by: Riley Andrews <riandrews@google.com>
[astrachan: deleted an unnecessary whitespace change]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Add a userspace visible knob to tell the VM to keep an extra amount
of memory free, by increasing the gap between each zone's min and
low watermarks.
This is useful for realtime applications that call system
calls and have a bound on the number of allocations that happen
in any short time period. In this application, extra_free_kbytes
would be left at an amount equal to or larger than than the
maximum number of allocations that happen in any burst.
It may also be useful to reduce the memory use of virtual
machines (temporarily?), in a way that does not cause memory
fragmentation like ballooning does.
[ccross]
Revived for use on old kernels where no other solution exists.
The tunable will be removed on kernels that do better at avoiding
direct reclaim.
[surenb]
Will be reverted as soon as Android framework is reworked to
use upstream-supported watermark_scale_factor instead of
extra_free_kbytes.
Bug: 86445363
Bug: 109664768
Bug: 120445732
Change-Id: I765a42be8e964bfd3e2886d1ca85a29d60c3bb3e
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Android expects system_server to be able to move tasks between different
cgroups/cpusets, but does not want to be running as root. Let's relax
permission check so that processes can move other tasks if they have
CAP_SYS_NICE in the affected task's user namespace.
BUG=b:31790445,chromium:647994
TEST=Boot android container, examine logcat
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/394927
Reviewed-by: Ricky Zhou <rickyz@chromium.org>
[AmitP: Refactored original changes to align with upstream commit
201af4c0fa ("cgroup: move cgroup files under kernel/cgroup/")]
Bug: 120445593
Change-Id: Ia919c66ab6ed6a6daf7c4cf67feb38b13b1ad09b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
In case some sysfs nodes needs to be labeled with a different label than
sysfs then user needs to be notified when a core is brought back online.
Bug: 29359497
Bug: 120444461
Change-Id: I0395c86e01cd49c348fda8f93087d26f88557c91
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Adds tracepoints in ext4/f2fs/mpage to track readpages/buffered
write()s. This allows us to track files that are being read/written
to PIDs.
Bug: 120445624
Change-Id: I44476230324e9397e292328463f846af4befbd6d
[joelaf: Needed for storaged fsync accounting ("storaged --uid" and
"storaged --task".)]
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
[AmitP: Folded following android-4.9 commit changes into this patch
a5c4dbb05a ("ANDROID: Replace spaces by '_' for some
android filesystem tracepoints.")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[astrachan: Folded 63066f4acf92 ("ANDROID: fs: Refactor FS
readpage/write tracepoints.") into this patch
Signed-off-by: Alistair Strachan <astrachan@google.com>
If androidboot.vbmeta.invalidate_on_error is 'yes' and
androidboot.vbmeta.device is set and points to a device with vbmeta
magic, this header will be overwritten upon an irrecoverable dm-verity
error. The side-effect of this is that the slot will fail to verify on
next reboot, effectively triggering the boot loader to fallback to
another slot. This work both if the vbmeta struct is at the start of a
partition or if there's an AVB footer at the end.
This code is based on drivers/md/dm-verity-chromeos.c from ChromiumOS.
Bug: 31622239
Bug: 120445368
Test: Manually tested (other arch).
Signed-off-by: David Zeuthen <zeuthen@google.com>
[astrachan: re-diffed against a kernel without dm-android-verity]
Change-Id: I571b5a75461da38ad832a9bea33c298bef859e26
Signed-off-by: Alistair Strachan <astrachan@google.com>
This deliberately changes the behavior of the per-cpuset
cpus file to not be effected by hotplug. When a cpu is offlined,
it will be removed from the cpuset/cpus file. When a cpu is onlined,
if the cpuset originally requested that that cpu was part of the cpuset,
that cpu will be restored to the cpuset. The cpus files still
have to be hierachical, but the ranges no longer have to be out of
the currently online cpus, just the physically present cpus.
Bug: 120444281
Change-Id: I22cdf33e7d312117bcefba1aeb0125e1ada289a9
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
[AmitP: Refactored original changes to align with upstream commit
201af4c0fa ("cgroup: move cgroup files under kernel/cgroup/")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
This adds a counter to the taskstats extended accounting fields, which
tracks the number of times fsync is called, and then plumbs it through
to the uid_sys_stats driver.
Bug: 120442023
Change-Id: I6c138de5b2332eea70f57e098134d1d141247b3f
Signed-off-by: Jin Qian <jinqian@google.com>
[AmitP: Refactored changes to align with changes from upstream commit
9a07000400 ("sched/headers: Move CONFIG_TASK_XACCT bits from <linux/sched.h> to <linux/sched/xacct.h>")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[tkjos: Needed for storaged fsync accounting ("storaged --uid" and
"storaged --task").]
[astrachan: This is modifying a userspace interface and should probably
be reworked]
Signed-off-by: Alistair Strachan <astrachan@google.com>
IO usages are accounted in foreground and background buckets.
For each uid, io usage is calculated in two steps.
delta = current total of all uid tasks - previus total
current bucket += delta
Bucket is determined by current uid stat. Userspace writes to
/proc/uid_procstat/set <uid> <stat> when uid stat is updated.
/proc/uid_io/stats shows IO usage in this format.
<uid> <foreground IO> <background IO>
Bug: 34198239
Bug: 120442023
Change-Id: Ib8bebda53e7a56f45ea3eb0ec9a3153d44188102
Signed-off-by: Jin Qian <jinqian@google.com>
[connoro: Used by storaged.]
[astrachan: Note: this version does not track fsync syscalls; this is
implemented in a follow up due to the fact it depends on
modifications to the task_xacct feature.]
[astrachan: Folded in the following changes:
e003a91d8f42 ("ANDROID: uid_sys_stats: allow writing same state")
89b984bf2efd ("ANDROID: uid_sys_stats: fix negative write bytes.")
bb5ee21cc4dd ("ANDROID: uid_sys_stats: change to use rt_mutex")
9297d5a160c7 ("ANDROID: uid_sys_stats: reduce update_io_stats overhead")
89402d07fe91 ("ANDROID: uid_sys_stats: defer io stats calulation for dead tasks")
6dc5d8173a8c ("ANDROID: uid_sys_stats: check previous uid_entry before call find_or_register_uid")
0ca2ece8f7ec ("ANDROID: uid_sys_stats: log task io with a debug flag")
c9c096ef0e67 ("ANDROID: uid_sys_stats: Copy task_struct comm field to bigger buffer")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Adds proc files /proc/uid_cputime/show_uid_stat and
/proc/uid_cputime/remove_uid_range.
show_uid_stat lists the total utime and stime for the active as well as
terminated processes for each of the uids.
Writing a range of uids to remove_uid_range will delete the accounting
for all the uids within that range.
Bug: 120442023
Change-Id: I21d9210379da730b33ddc1a0ea663c8c9d2ac15b
Signed-off-by: Jin Qian <jinqian@google.com>
[AmitP: Refactored the original patch because upstream commit
605dc2b31a ("tsacct: Convert obsolete cputime type to nsecs")
made cputime_t type obsolete, so use u64 nanoseconds directly instead.
Also folded following android-4.9 changes into this patch
48a9906c0f ("ANDROID: proc: uid_cputime: create uids from kuids")
453ac31cab ("ANDROID: proc: uid_cputime: fix show_uid_stat permission")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[connoro: Used by batterystats.]
[astrachan: Folded in the file/kconfig rename and the following changes:
da3687fbc393 ("ANDROID: uid_cputime: fix cputime overflow")
71e3eb512d00 ("ANDROID: uid_cputime: Iterates over all the threads instead of processes.")
c65f0080c300 ("ANDROID: uid_cputime: Check for the range while removing range of UIDs.")
c8212458e3a5 ("ANDROID: uid_sys_stats: fix access of task_uid(task)")
bb5ee21cc4dd ("ANDROID: uid_sys_stats: change to use rt_mutex")
6dc5d8173a8c ("ANDROID: uid_sys_stats: check previous uid_entry before call find_or_register_uid")
82b9872b3894 ("ANDROID: uid_sys_stats: Replace tasklist lock with RCU in uid_cputime_show")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Used to prevent remounting MMC on suspend/resume.
Bug: 120441127
Change-Id: I20821a82831b07ca037973d5d92e832372c6b583
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This driver presents a standard USB audio class interface to the host
and an ALSA PCM device to userspace
Bug: 78114713
Bug: 120441124
[badhri: f_audio_source is being migrated to userspace.]
Change-Id: If16b14a5ff27045f9cb2daaf1ae9195c5eeab7d0
Signed-off-by: Mike Lockwood <lockwood@google.com>
[AmitP: Folded following android-4.9 commit changes into this patch
Parts of e275439310 ("ANDROID: usb: gadget: Fixes and hacks to make android usb gadget compile on 3.8")
i6d9285e2574a ("ANDROID: usb: gadget: f_audio_source:replace deprecated API")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[astrachan: Folded the following changes into this patch:
ddfd0c4070c1 ("ANDROID: usb: gadget: f_audio_source: Move to USB_FUNCTION API")
a3ab81aaa19e ("ANDROID: usb: gadget: f_audio_source: Move gadget functions code")
2095c953d894 ("ANDROID: usb: gadget: f_audio_source: change max ISO packet size")
8671b3e53638 ("ANDROID: usb: gadget: f_audio_source: Fixed USB Audio Class Interface Descriptor")
af98f36edbe2 ("ANDROID: usb: gadget: f_audio_source: disable the CPU C-states upon playback")
a830751a338e ("CHROMIUM: usb: gadget: f_audio_source: add .free_func callback")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Android frameworks relies on the alsa
config reported by the f_midi device.
Bug: 111003288
Bug: 120441124
Change-Id: I0695e00b166fd953f50acea93802245b0d5a5240
[badhri: The framework should be moved away from this]
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.
Bug: 63740241
Bug: 120441124
Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
[badhri: f_accessory is being migrated to userspace.]
Signed-off-by: Mike Lockwood <lockwood@android.com>
[AmitP: Folded following android-4.9 commit changes into this patch
ceb2f0aac6 ("ANDROID: usb: gadget: accessory: Fix section mismatch")
Parts of e275439310 ("ANDROID: usb: gadget: Fixes and hacks to make android usb gadget compile on 3.8")
1b07ec7515 ("ANDROID: drivers: usb: gadget: 64-bit related type fixes")]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[astrachan: Folded the following changes into this patch:
9d5891d516e2 ("ANDROID: usb: gadget: f_accessory: Add ACCESSORY_SET_AUDIO_MODE control request and ioctl")
dc66cfce9622 ("ANDROID: usb: gadget: f_accessory: Add support for HID input devices")
5f1ac9c2871b ("ANDROID: usb: gadget: f_accessory: move userspace interface to uapi")
9a6241722cd8 ("ANDROID: usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write")
31a0ecd5a825 ("ANDROID: usb: gadget: f_accessory: check for accessory device before disconnecting HIDs")
580721fa6cbc ("ANDROID: usb: gadget: f_accessory: Migrate to USB_FUNCTION API")
7f407172fb28 ("ANDROID: usb: gadget: f_accessory: Fix for UsbAccessory clean unbind.")
ebc98ac5a22f ("ANDROID: usb: gadget: f_accessory: fix false disconnect due to a signal sent to the reading process")
71c6dc5ffdab ("ANDROID: usb: gadget: f_accessory: assign no-op request complete callbacks")
675047ee68e9 ("ANDROID: usb: gadget: f_accessory: Move gadget functions code")
b2bedaa5c7df ("CHROMIUM: usb: gadget: f_accessory: add .raw_request callback")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Android frameworks (UsbDeviceManager) relies on gadget state exported
through device attributes. This CL adds the device attribute to export
USB gadget state.
Bug: 68755607
Bug: 120441124
Change-Id: Id0391810d75b58c579610fbec6e37ab22f28886d
[badhri: Migrate to using udc uevents from upstream sysfs.]
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
[AmitP: Folded following android-4.9 commit changes into this patch
Parts of e45c769fa7 ("ANDROID: usb: gadget: cleanup: fix unused variable and function warnings")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
