Don't call dput on error code
Change-Id: Ie63645c9ed67fa231829917ae8ca154e049b4921
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Bug: 133435829
(cherry picked from commit 334164ca0f18ea89a922b90020f5e3840a928503)
- added chmod() to +0222 to make all backing files and dirs
writable. vold/system_server have a umask that clears those
flags, making incfs unusable
Signed-off-by: Yurii Zubrytskyi <zyy@google.com>
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Bug: 133435829
Change-Id: Id9258401570cc2cc7cd5735aace89d379a9b043d
(cherry picked from commit bc5e5bc1d007e99228ca0717daa12639627819ba)
into android-mainline
Baby steps on the merge to make it easier to debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5062fa8157ffcbad14795942662628d16e390173
Finally got bluetooth working, so add the modules to
the db845c gki fragment
Bug: 146449535
Change-Id: I0e987fcae3b3c0bff7e6846ab61477d5707c7a5d
Signed-off-by: John Stultz <john.stultz@linaro.org>
Correct the filesystem name to "binder" to enable
genfscon per-file labelling for binderfs.
Fixes: 7a4b519474 ("selinux: allow per-file labelling for binderfs")
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Bug: 136497735
Change-Id: I6139ede4eb6e85f5399f826834b062bbf33d28cf
Link: https://lore.kernel.org/patchwork/patch/1188587/
Fix all sparse errors in fs/incfs except
fs/incfs/integrity.c:192:9: warning: Variable length array is used
Test: incfs_test passes
Bug: 133435829
Change-Id: I9c2e26e4e1a06a894977f11a3c8559b968dd115e
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Fixed incfs_test build errors
Fixed Kconfig errors
Readded .gitignore
Test: With just enabling CONFIG_INCREMENTAL_FS, both defconfig and
cuttlefish_defconfig build and incfs_test runs and passes
Bug: 133435829
Change-Id: Id3247ffcc63a095f66dcedf554017a06c5a9ce4a
Signed-off-by: Paul Lawrence <paullawrence@google.com>
This reverts commit 59438b4647.
This unblocks the booting of Android on newer kernels. It is a temporary
workaround and the correct fix is to add new core sepolicy.
Bug: 148822198
Change-Id: Ic521cb760c867c12dfcb7d2752280fbb0eddb82c
Signed-off-by: Alistair Delva <adelva@google.com>
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0fa183764fd1adbde44e8181f0b3df6cff4da18b
This reverts commit 0990eff7509fecafad9a44a56801c97e8e8ce9c6 which was a
revert of commit 38c1605e75.
We need these symbols back, so add the patch back.
Bug: 143136976
Cc: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I39f86820c3b0e5901006c588870d5efeda2e92f0
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I21591d9c9b073f02dde6aae031bd740fe512251b
This reverts commit 38c1605e75.
In order to merge with the scsi code upstream, this needs to be
reverted. Hopefully we can merge it back later...
Bug: 143136976
Cc: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4ba46c9e11a3882131449efcc8a45481348fbea1
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2d3a69b5256f71ae18b500b0ef145f93e4255dbc
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I084fc068d4c94625e63441029e08e143146d97b7
With CONFIG_THINLTO and CFI both enabled, LLVM appends a hash to the
names of all static functions. This breaks userspace tools, so strip
out the hash from output.
Bug: 147422318
Change-Id: Ie19a59d9d0681298be54e73064badc361c0f7014
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
BPF dispatcher functions are patched at runtime to perform direct
instead of indirect calls. Disable CFI for the dispatcher functions
to avoid conflicts.
(re-add due to merge conflicts previously)
Bug: 145210207
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7edf6052e121d16ccb0f3d3492ff4eefedfa509e
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4c44b3c32065ea0ed8175b31665f2a4195a27300
This reverts commit aa2cc4ed15.
It conflicts with the upstream BPF changes so needs to be dropped for
now as it will show up throught the BPF tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a38cbaf388c3362f8fd7fad7139b16ea9967fe7
This reverts commit 22cf3ea720.
It conflicts with the BPF merge and will come in through the upstream
tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I404d2e9efcd6057d481be2562cb9b2a559b70e58
This reverts commit 3ea9abc389.
It conflicts with the BPF merge from upstream and will come in through
that tree.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I59c2176184c955d240b571d000460d89c6d2f80d
This reverts commit f6a4d900cc.
It conflicts with the BPF merge and will come in through that tree
instead.
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idffa84def2a994a306c79803d49b7461adfae44c
This reverts commit cedd91c6f4.
It conflicts with the BPF merge and will have to be added back later "by
hand".
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9b070d804c16b12a416ddc630c4440ea85f5531b
Baby steps in the 5.6-rc1 merge cycle to make things easier to review
and debug.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6d63f7c9484210bae7474a809defd1aaa58e15f8
From Boris Ostrovsky:
The KVM hypervisor may provide a guest with ability to defer remote TLB
flush when the remote VCPU is not running. When this feature is used,
the TLB flush will happen only when the remote VPCU is scheduled to run
again. This will avoid unnecessary (and expensive) IPIs.
Under certain circumstances, when a guest initiates such deferred action,
the hypervisor may miss the request. It is also possible that the guest
may mistakenly assume that it has already marked remote VCPU as needing
a flush when in fact that request had already been processed by the
hypervisor. In both cases this will result in an invalid translation
being present in a vCPU, potentially allowing accesses to memory locations
in that guest's address space that should not be accessible.
Note that only intra-guest memory is vulnerable.
The five patches address both of these problems:
1. The first patch makes sure the hypervisor doesn't accidentally clear
a guest's remote flush request
2. The rest of the patches prevent the race between hypervisor
acknowledging a remote flush request and guest issuing a new one.
Conflicts:
arch/x86/kvm/x86.c [move from kvm_arch_vcpu_free to kvm_arch_vcpu_destroy]
Now that we are mapping kvm_steal_time from the guest directly we
don't need keep a copy of it in kvm_vcpu_arch.st. The same is true
for the stime field.
This is part of CVE-2019-3016.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There is a potential race in record_steal_time() between setting
host-local vcpu->arch.st.steal.preempted to zero (i.e. clearing
KVM_VCPU_PREEMPTED) and propagating this value to the guest with
kvm_write_guest_cached(). Between those two events the guest may
still see KVM_VCPU_PREEMPTED in its copy of kvm_steal_time, set
KVM_VCPU_FLUSH_TLB and assume that hypervisor will do the right
thing. Which it won't.
Instad of copying, we should map kvm_steal_time and that will
guarantee atomicity of accesses to @preempted.
This is part of CVE-2019-3016.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
__kvm_map_gfn()'s call to gfn_to_pfn_memslot() is
* relatively expensive
* in certain cases (such as when done from atomic context) cannot be called
Stashing gfn-to-pfn mapping should help with both cases.
This is part of CVE-2019-3016.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm_vcpu_(un)map operates on gfns from any current address space.
In certain cases we want to make sure we are not mapping SMRAM
and for that we can use kvm_(un)map_gfn() that we are introducing
in this patch.
This is part of CVE-2019-3016.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Merge the upstream merge of fscrypt-for-linus, to resolve conflicts
between the fscrypt changes that went upstream in 5.6 and the inline
crypto and hardware-wrapped key support that is currently being carried
in the Android common kernels.
Conflicts:
fs/crypto/Kconfig
fs/crypto/bio.c
fs/crypto/fname.c
fs/crypto/fscrypt_private.h
fs/crypto/keyring.c
fs/crypto/keysetup.c
include/uapi/linux/fscrypt.h
Merge resolution notes:
- In fscrypt_zeroout_range(), split the inline crypto case into a
separate function fscrypt_zeroout_range_inlinecrypt(), as mixing the
two cases together became much harder due to the upstream changes.
- Allow the size of fscrypt-provisioning keys to be up to
FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE rather than FSCRYPT_MAX_KEY_SIZE.
Change-Id: Ib1e6b9eda8fb5dcfc6bdc8fa89d93f72b088c5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
BPF dispatcher functions are patched at runtime to perform direct
instead of indirect calls. Disable CFI for the dispatcher functions
to avoid conflicts.
Bug: 145210207
Change-Id: I61dc7ce8a549145a79b7e69c646888578e0641ba
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
>From Intel 64 and IA-32 Architectures Optimization Reference Manual,
3.4.1.4 Code Alignment, Assembly/Compiler Coding Rule 11: All branch
targets should be 16-byte aligned.
This commits aligns branch targets according to the Intel manual.
The nops used to align branch targets make the dispatcher larger, and
therefore the number of supported dispatch points/programs are
descreased from 64 to 48.
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20191213175112.30208-7-bjorn.topel@gmail.com
(cherry picked from commit 116eb788f5)
Bug: 145210207
Change-Id: I04996cd41bf109aaa63b5aa23773c34ef1f90d8b
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
