Allow drivers to register mm_page_alloc hooks when alloc pages.
This helps to get page info when alloc pages exit.
Bug: 307485594
Change-Id: I6bdec48bf04a19718e49a51e52ac8d4ae64a7f86
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
Add hooks to support oem's binder feature of improving binder_thread->task sched priority
1) Check if it is a specific task in trace_android_vh_binder_transaction_buffer() and store the flag to t->android_vendor_data1
2) If it is a specific binder task and binder_thread selected, raise the sched priority of binder_thread->task in runqueue.
3) If it is a specific binder task but no binder_thread selected (e.g pending_async or no free threads), insert t->work to the appropriate position in the list.
4) Reset the sched priority when BR_TRANSACTION or BC_FREE_BUFFER.
Some high-priority async binder task reset the sched priority when BC_FREE_BUFFER in trace_android_vh_binder_free_buf().
Some middle-priority async binder task reset the sched priority when driver return server "BR_TRANSACTION" in trace_android_vh_binder_transaction_received().
Bug: 299328919
Change-Id: Iab4939fe4a4881b31961aaa2fef500b51c944743
Signed-off-by: lfc <lfc@oppo.com>
If userspace tried to add a backing file in a fuse_dentry_revalidate
where there wasn't one originally, this would trigger a crash. Disallow
this operation for now.
Bug: 296013218
Fixes: 57f3ff9648 ("ANDROID: fuse-bpf v1.1")
Test: fuse_test passes, following script no longer crashes:
adb shell su root setenforce 0
adb shell su root chmod ug+w /data/media
adb shell su root rm /data/media/Android -rf
adb shell su root mkdir -p /storage/emulated/Android/data/test
adb shell su root ls -l /storage/emulated/Android/data/test
Change-Id: Id8a67c43d1edfa010403d5f17e31109b796998cf
Signed-off-by: liujinbao1 <liujinbao1@xiaomi.corp-partner.google.com>
(cherry picked from commit 63d4231d85)
[ Upstream commit 7433b6d2af ]
Kyle Zeng reported that there is a race between IPSET_CMD_ADD and IPSET_CMD_SWAP
in netfilter/ip_set, which can lead to the invocation of `__ip_set_put` on a
wrong `set`, triggering the `BUG_ON(set->ref == 0);` check in it.
The race is caused by using the wrong reference counter, i.e. the ref counter instead
of ref_netlink.
Bug: 303172721
Fixes: 24e227896b ("netfilter: ipset: Add schedule point in call_ad().")
Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
Closes: https://lore.kernel.org/netfilter-devel/ZPZqetxOmH+w%2Fmyc@westworld/#r
Tested-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit ea5a61d588)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I33a6a6234830c600a4ebd62ed1fee3a48876b98d
commit a282a2f105 upstream.
ceph_frame_desc::fd_lens is an int array. decode_preamble() thus
effectively casts u32 -> int but the checks for segment lengths are
written as if on unsigned values. While reading in HELLO or one of the
AUTH frames (before authentication is completed), arithmetic in
head_onwire_len() can get duped by negative ctrl_len and produce
head_len which is less than CEPH_PREAMBLE_LEN but still positive.
This would lead to a buffer overrun in prepare_read_control() as the
preamble gets copied to the newly allocated buffer of size head_len.
Bug: 303173400
Cc: stable@vger.kernel.org
Fixes: cd1a677cad ("libceph, ceph: implement msgr2.1 protocol (crc and secure modes)")
Reported-by: Thelford Williams <thelford@google.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit db8ca8d9b4)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I49eacd72317664d920b13e3fec087d0e14802b93
[ Upstream commit 24e227896b ]
syzkaller found a repro that causes Hung Task [0] with ipset. The repro
first creates an ipset and then tries to delete a large number of IPs
from the ipset concurrently:
IPSET_ATTR_IPADDR_IPV4 : 172.20.20.187
IPSET_ATTR_CIDR : 2
The first deleting thread hogs a CPU with nfnl_lock(NFNL_SUBSYS_IPSET)
held, and other threads wait for it to be released.
Previously, the same issue existed in set->variant->uadt() that could run
so long under ip_set_lock(set). Commit 5e29dc36bd ("netfilter: ipset:
Rework long task execution when adding/deleting entries") tried to fix it,
but the issue still exists in the caller with another mutex.
While adding/deleting many IPs, we should release the CPU periodically to
prevent someone from abusing ipset to hang the system.
Note we need to increment the ipset's refcnt to prevent the ipset from
being destroyed while rescheduling.
[0]:
INFO: task syz-executor174:268 blocked for more than 143 seconds.
Not tainted 6.4.0-rc1-00145-gba79e9a73284 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor174 state:D stack:0 pid:268 ppid:260 flags:0x0000000d
Call trace:
__switch_to+0x308/0x714 arch/arm64/kernel/process.c:556
context_switch kernel/sched/core.c:5343 [inline]
__schedule+0xd84/0x1648 kernel/sched/core.c:6669
schedule+0xf0/0x214 kernel/sched/core.c:6745
schedule_preempt_disabled+0x58/0xf0 kernel/sched/core.c:6804
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6fc/0xdb0 kernel/locking/mutex.c:747
__mutex_lock_slowpath+0x14/0x20 kernel/locking/mutex.c:1035
mutex_lock+0x98/0xf0 kernel/locking/mutex.c:286
nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
nfnetlink_rcv_msg+0x480/0x70c net/netfilter/nfnetlink.c:295
netlink_rcv_skb+0x1c0/0x350 net/netlink/af_netlink.c:2546
nfnetlink_rcv+0x18c/0x199c net/netfilter/nfnetlink.c:658
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x664/0x8cc net/netlink/af_netlink.c:1365
netlink_sendmsg+0x6d0/0xa4c net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg net/socket.c:747 [inline]
____sys_sendmsg+0x4b8/0x810 net/socket.c:2503
___sys_sendmsg net/socket.c:2557 [inline]
__sys_sendmsg+0x1f8/0x2a4 net/socket.c:2586
__do_sys_sendmsg net/socket.c:2595 [inline]
__se_sys_sendmsg net/socket.c:2593 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2593
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x84/0x270 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x134/0x24c arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x2c/0x7c arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
Bug: 303172721
Reported-by: syzkaller <syzkaller@googlegroups.com>
Fixes: a7b4f989a6 ("netfilter: ipset: IP set core support")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit fea199dbf6)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I7d2c299b1d7d298b5abd76306821320546338a77
vendor may have the need to implement their own util_fits_cpu
function
Bug: 261704404
Change-Id: I0318f6cadd5c45a37f1acafdded479b25e520e6b
Signed-off-by: Chungkai Mei <chungkai@google.com>
In order to make the nVHE stack size easily configurable,
introduce NVHE_STACK_SHIFT which must be >= PAGE_SHIFT.
Increase the stack size to 8KB if PAGE_SIZE is 4KB, since
some vendors require a larger stack in the hypervisor.
Bug: 305486112
Change-Id: Ic7612d5d5bf9d20db811ce67b177bbda192adf92
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
The null_blk kernel driver is essential for block layer functional and
performance testing. Hence this patch.
Bug: 305274387
Change-Id: I169a0540de67ef797c1918358445d029b2eb1078
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Easily done now, just by clearing FMODE_LSEEK in ->f_mode
during proc_reg_open() for such entries.
Fixes: 868941b144 "fs: remove no_llseek"
Change-Id: Iac64d5d73ce9647a516eec870867369efe23cf33
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 3f61631d47)
Signed-off-by: David Anderson <dvander@google.com>
Allow pKVM to set device attributes (nGnRE) on stage-2 entries when
KVM_PGTABLE_PROT_DEVICE is used.
Bug: 303529066
Change-Id: I19ddbd627cb67fb4ad295af6ea5fff129d7a94f7
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
The hyp tracing support depends on CONFIG_TRACING, not CONFIG_FTRACE.
Also, TRACING might be selected while FTRACE is not leading to a build
error.
Bug: 306320920
Change-Id: I69614b6d1eb0e3d9013e00c2d10836b37034b929
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
By this vh, so that we can record page information
and add custom optimisations such as cma.
Bug: 305868227
Change-Id: I6d20dc96f864202ea0ca236c82337f385a9054f6
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
commit e994764976 upstream.
sctp_mt_check doesn't validate the flag_count field. An attacker can
take advantage of that to trigger a OOB read and leak memory
information.
Add the field validation in the checkentry function.
Bug: 304913898
Fixes: 2e4e6a17af ("[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables")
Cc: stable@vger.kernel.org
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 4921f9349b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ife4e69f6218fdaca2a8647b5ed00d875a5ed0d34
The kunit targets build in-tree kunit modules with a pre-set
defconfig fragment.
This is the defconfig fragment to be applied to enable kunit tests
as modules. Because we apply defconfig fragments after running
make defconfig, the individual tests must be enabled instead of
a global CONFIG_KUNIT_ALL_TESTS flag.
Note: Comparing to the change on android-mainline, this change
deletes the following tests because they do not present in
android14-5.15:
CONFIG_NETDEV_ADDR_LIST_TEST
CONFIG_REGMAP_KUNIT
CONFIG_INPUT_KUNIT_TEST
CONFIG_SND_SOC_UTILS_KUNIT_TEST
CONFIG_HID_KUNIT_TEST
CONFIG_IIO_FORMAT_KUNIT_TEST
CONFIG_CLK_KUNIT_TEST
CONFIG_CLK_GATE_KUNIT_TEST
Comparing to the change on android-mainline, this change
adds a symbol list for kunit tests. To update this symbol list:
bazel run //common:kunit_aarch64_abi_update_symbol_list
Comparing to the change on android-mainline, this change
does not contain a target for riscv64.
Test: manually build with
bazel run //common:kunit_aarch64_dist
bazel run //common:kunit_x86_64_dist
bazel run //common:kunit_riscv64_dist
Bug: 296116800
Bug: 304616548
Bug: 305290382
Change-Id: If3b94f495aa64b657508781b12e3e0716c725f3f
Signed-off-by: Yifan Hong <elsk@google.com>
This is the basis for enabling Kunit tests.
Bug: 304616548
Change-Id: I83c08539182eca10ca833f932edabdde19978be5
Signed-off-by: Yifan Hong <elsk@google.com>
When MADV_PAGEOUT is called on a private file mapping VMA region,
we bail out early if the process is neither owner nor write capable
of the file. However, this VMA may have both private/shared clean
pages and private dirty pages. The opportunity of paging out the
private dirty pages (Anon pages) is missed. Fix this by caching
the file access check and use it later along with PageAnon() during
page walk.
We observe ~10% improvement in zram usage, thus leaving more available
memory on a 4GB RAM system running Android.
Link: https://lkml.kernel.org/r/1667971116-12900-1-git-send-email-quic_pkondeti@quicinc.com
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Cc: Charan Teja Kalla <quic_charante@quicinc.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 8fc5be8efc3cf356f25098fbd4bda7c0e949c2ea
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable)
Bug: 259329159
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Change-Id: I5f2d425aec94e5a75ebeaf90f9f5d7adf1975c59
(cherry picked from commit 979df868f594e76a36a7a9523991cdc5b5f99a14)
commit 69c5d284f6 upstream.
The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.
Add a checkentry function to validate the structure.
This was originally reported by the ZDI project (ZDI-CAN-18408).
Bug: 304913716
Fixes: 1b50b8a371 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1c164c1e9e)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic2ff70b303f55f9c3c5db24295bcb223ed7175a7
[ Upstream commit f4f8a78031 ]
The opt_num field is controlled by user mode and is not currently
validated inside the kernel. An attacker can take advantage of this to
trigger an OOB read and potentially leak information.
BUG: KASAN: slab-out-of-bounds in nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
Read of size 2 at addr ffff88804bc64272 by task poc/6431
CPU: 1 PID: 6431 Comm: poc Not tainted 6.0.0-rc4 #1
Call Trace:
nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
nf_osf_find+0x186/0x2f0 net/netfilter/nfnetlink_osf.c:281
nft_osf_eval+0x37f/0x590 net/netfilter/nft_osf.c:47
expr_call_ops_eval net/netfilter/nf_tables_core.c:214
nft_do_chain+0x2b0/0x1490 net/netfilter/nf_tables_core.c:264
nft_do_chain_ipv4+0x17c/0x1f0 net/netfilter/nft_chain_filter.c:23
[..]
Also add validation to genre, subtype and version fields.
Bug: 304913642
Fixes: 11eeef41d5 ("netfilter: passive OS fingerprint xtables match")
Reported-by: Lucas Leong <wmliang@infosec.exchange>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 7bb8d52b42)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If79c79e3f55de8c81b70c19661cb0084b02c3da2
commit 265b4da82d upstream.
The rsvp classifier has served us well for about a quarter of a century but has
has not been getting much maintenance attention due to lack of known users.
Bug: 304913975
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 08569c92f7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I4716954c5e8d5414a580eb34c699908028aa754b
[ Upstream commit 0113d9c9d1 ]
Currently, we assume the skb is associated with a device before calling
__ip_options_compile, which is not always the case if it is re-routed by
ipvs.
When skb->dev is NULL, dev_net(skb->dev) will become null-dereference.
This patch adds a check for the edge case and switch to use the net_device
from the rtable when skb->dev is NULL.
Bug: 304913674
Fixes: ed0de45a10 ("ipv4: recompile ip options in ipv4_link_failure")
Suggested-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Cc: Vadim Fedorenko <vfedorenko@novek.ru>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 2712545e53)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie840ff3351e487f7095c49fac4fdd1e81021a982
Make the UFS device execute realtime (RT) requests before other requests.
This will be used in Android to reduce the I/O latency of the foreground
app.
Change-Id: Ia8fa42517e6f8e11439bd91b2e23762c00845724
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
(cherry picked from commit 00d2fa28da0aa371ad215e92ebf5297c0e7d4861 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Bart Van Assche <bvanassche@google.com>
ufshcd_comp_scsi_upiu() has one caller and that caller ensures that
lrbp->cmd != NULL. Hence leave out the lrbp->cmd check from
ufshcd_comp_scsi_upiu().
Change-Id: Ic37b0eda0d59c0b7d759a5d352f139cdcffbf163
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
(cherry picked from commit c788cf8a21cd3b12a1823869878e3fd93132859f git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Bart Van Assche <bvanassche@google.com>
It may happen that zoned writes get reordered and hence that a zoned
device receives these out of order. If that happens, the SCSI error
handler will resubmit the zoned writes in LBA order. Only resubmit
zoned writes if the number of retries has not been exceeded. Otherwise
fail the zoned write.
Bug: 234829282
Change-Id: Ieb0e596df60b05f67d7c54ebd2e700e6c550d6f5
Signed-off-by: Bart Van Assche <bvanassche@google.com>
blk_mq_process_requeue_list() inserts requeued requests in front of other
requests. This is fine for all request types except for sequential zoned
writes. Hence this patch.
Bug: 234829282
Change-Id: If1f1aece17f425104a936b36db33eab5f9ba5c2d
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for supporting I/O priority in the storage stack.
Bug: 186902601
Change-Id: I387ac4792c89d88d131c5146b116a0393c01b096
Signed-off-by: Bart Van Assche <bvanassche@google.com>
memory allocations
We add these hooks to avoid key threads blocked in memory allocation
path.
-android_vh_free_unref_page_bypass ----We create a memory pool for the
key threads. This hook determines whether a page should be free to the
pool or to buddy freelist. It works with a existing hook
`android_vh_alloc_pages_reclaim_bypass`, which takes pages out of the
pool.
-android_vh_kvmalloc_node_use_vmalloc ----For key threads, we perfer
not to run into direct reclaim. So we clear __GFP_DIRECT_RECLAIM flag.
For threads which are not that important, we perfer use vmalloc.
-android_vh_should_alloc_pages_retry ----Before key threads run into
direct reclaim, we want to retry with a lower watermark.
-android_vh_unreserve_highatomic_bypass ----We want to keep more
highatomic pages when unreserve them to avoid highatomic allocation
failures.
-android_vh_rmqueue_bulk_bypass ----We found sometimes when key threads
run into rmqueue_bulk, it took several milliseconds spinning at
zone->lock or filling per-cpu pages. We use this hook to take pages from
the mempool mentioned above, rather than grab zone->lock and fill a
batch of pages to per-cpu.
Bug: 288216516
Bug: 304066882
Change-Id: I1656032d6819ca627723341987b6094775bc345f
Signed-off-by: Oven <liyangouwen1@oppo.com>
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
(cherry picked from commit aa47cc7c206a8e159a735e6f1513ece6dac1e0ba)
__kvm_hyp_host_forward_smc() forwards SMCs to EL3, which means we
exit and enter the hypervisor without tracing those.
Add missing hyp events.
Bug: 304445720
Change-Id: I0b66c37f1521702764b12c038324c3fec3e499a6
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Store the hyp address in kvm_arm_hyp_host_fp_state[], to avoid having to
calculate it with kern_hyp_va() on every access.
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I52902c297f9b957a8d035be942e3cbeb32fed0a2
Allocate and map hyp memory to maintain the host's fp/simd state,
which is also used for SVE and SME, later in the initialization
process. The amount of memory needed to track the host's state
varies depending on the number of cpus in the system, whether
there's SVE support, as well as the SVE vector size. Much of the
state needed to extract this information isn't initialized yet at
kvm_hyp_reserve().
Fixes: 6dc9af85f7 ("ANDROID: KVM: arm64: Allocate host fp state at pkvm init rather than per cpu")
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I744be685a107ddd92c6975bafb0149aebad7bb55
[ Upstream commit f15f29fd47 ]
Chain binding only requires the rule addition/insertion command within
the same transaction. Removal of rules from chain bindings within the
same transaction makes no sense, userspace does not utilize this
feature. Replace nft_chain_is_bound() check to nft_chain_binding() in
rule deletion commands. Replace command implies a rule deletion, reject
this command too.
Rule flush command can also safely rely on this nft_chain_binding()
check because unbound chains are not allowed since 62e1e94b24
("netfilter: nf_tables: reject unbound chain set before commit phase").
Bug: 302085977
Fixes: d0e2c7de92 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9af8bb2afe)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I8b05dc37062824db4c2901000fdf701b38605d32
Commit 44042b4498 ("mm/page_alloc: allow high-order pages to be stored
on the per-cpu lists") adjusts the pcp batch size __rmqueue_pcplist()
allocates from rmqueue_bulk() in proportion to the page order.
This line was not properly carried forward when porting
commit 37b2d597bb ("ANDROID: mm: add cma pcp list") to android 13-5.15.
Fixes: 37b2d597bb ("ANDROID: mm: add cma pcp list")
Bug: 260129859
Change-Id: I28b7c22c75596176fd951974d1dd682ee1014efb
Signed-off-by: Patrick Daly <quic_pdaly@quicinc.com>
(cherry picked from commit 4931d96eb36e955fe72eee53b1ce834e2894ab5c)
Currently, cma_alloc() checks if the task has fatal signals pending
and simply bail out without updating return type(defaulting to EBUSY).
Update the return type to EINTR when cma allocation fails due to pending
fatal signals.
Bug: 245880180
Change-Id: Ibcef026a3af3417a5a10e0eae51017f477f6ac0f
Signed-off-by: Nikhil V <quic_nprakash@quicinc.com>
Some usb hubs will negotiate DisplayPort Alt mode with the device
but will then negotiate a data role swap after entering the alt
mode. The data role swap causes the device to unregister all alt
modes, however the usb hub will still send Attention messages
even after failing to reregister the Alt Mode. type_altmode_attention
currently does not verify whether or not a device's altmode partner
exists, which results in a NULL pointer error when dereferencing
the typec_altmode and typec_altmode_ops belonging to the altmode
partner.
Verify the presence of a device's altmode partner before sending
the Attention message to the Alt Mode driver.
Fixes: 8a37d87d72 ("usb: typec: Bus type for alternate modes")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230814180559.923475-1-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 288952921
(cherry picked from commit f236433064)
[rd: changed return type of typec_altmode_attention to void to not break
kmi, moved tcpm_log from error return to typec_altmode_attention as
dev_warn]
Change-Id: I054a6ef56b9b2d7c4e8167e8630a8c277910da88
Signed-off-by: RD Babiera <rdbabiera@google.com>
Commit 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
bypasses the pcplist on lock contention and returns the page directly to
the buddy list of the page's migratetype.
For pages that don't have their own pcplist, such as CMA and HIGHATOMIC,
the migratetype is temporarily updated such that the page can hitch a ride
on the MOVABLE pcplist. Their true type is later reassessed when flushing
in free_pcppages_bulk(). However, when lock contention is detected after
the type was already overridden, the bypass will then put the page on the
wrong buddy list.
Once on the MOVABLE buddy list, the page becomes eligible for fallbacks
and even stealing. In the case of HIGHATOMIC, otherwise ineligible
allocations can dip into the highatomic reserves. In the case of CMA, the
page can be lost from the CMA region permanently.
Use a separate pcpmigratetype variable for the pcplist override. Use the
original migratetype when going directly to the buddy. This fixes the bug
and should make the intentions more obvious in the code.
Originally sent here to address the HIGHATOMIC case:
https://lore.kernel.org/lkml/20230821183733.106619-4-hannes@cmpxchg.org/
Changelog updated in response to the CMA-specific bug report.
[mgorman@techsingularity.net: updated changelog]
Link: https://lkml.kernel.org/r/20230911181108.GA104295@cmpxchg.org
Fixes: 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Joe Liu <joe.liu@mediatek.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 302075941
(cherry picked from commit 7b086755fb)
Change-Id: I5e62c941e0a91db551a56f4b8c1ae14f87fd2bc3
Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com>
