This is a possibility in android_setup when using cdev leading
to a NULL pointer dereference in spin_lock_irqsave. Using the
spinlock of gadget item to prevent the condition.
Bug: 189800931
Signed-off-by: Ray Chi <raychi@google.com>
Change-Id: Idc4cbcaed7dc6e1e35e8a63de84c1415fb83ef5e
Inline mem_cgroup_try_charge_swap, mem_cgroup_uncharge_swap and
cgroup_throttle_swaprate functions to perform mem_cgroup_disabled static
key check inline before calling the main body of the function. This
minimizes the memcg overhead in the pagefault and exit_mmap paths when
memcgs are disabled using cgroup_disable=memory command-line option.
This change results in ~1% overhead reduction when running PFT test [1]
comparing {CONFIG_MEMCG=n} against {CONFIG_MEMCG=y, cgroup_disable=memory}
configuration on an 8-core ARM64 Android device.
[1] https://lkml.org/lkml/2006/8/29/294 also used in mmtests suite
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Link: https://lore.kernel.org/patchwork/patch/1458908/
Bug: 191223209
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I18d59090ec908037b39324d1f1bb511d06e9c690
Inline mem_cgroup_{charge/uncharge} and mem_cgroup_uncharge_list functions
functions to perform mem_cgroup_disabled static key check inline before
calling the main body of the function. This minimizes the memcg overhead
in the pagefault and exit_mmap paths when memcgs are disabled using
cgroup_disable=memory command-line option.
This change results in ~0.4% overhead reduction when running PFT test [1]
comparing {CONFIG_MEMCG=n} against {CONFIG_MEMCG=y, cgroup_disable=memory}
configuration on an 8-core ARM64 Android device.
[1] https://lkml.org/lkml/2006/8/29/294 also used in mmtests suite
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Conflicts:
include/linux/memcontrol.h
mm/memcontrol.c
1. Trivial merge conflicts in memcontrol.h
2. Did not need to rename __mem_cgroup_charge into memcg_charge as in the
upstream version since in 5.10 __mem_cgroup_charge did not exist
Link: https://lore.kernel.org/patchwork/patch/1458907/
Bug: 191223209
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9aad72aeabec2fe01f7218d629ec545c47b5d2c3
Add mem_cgroup_disabled check in vmpressure, mem_cgroup_uncharge_swap and
cgroup_throttle_swaprate functions. This minimizes the memcg overhead in
the pagefault and exit_mmap paths when memcgs are disabled using
cgroup_disable=memory command-line option.
This change results in ~2.1% overhead reduction when running PFT test [1]
comparing {CONFIG_MEMCG=n, CONFIG_MEMCG_SWAP=n} against {CONFIG_MEMCG=y,
CONFIG_MEMCG_SWAP=y, cgroup_disable=memory} configuration on an 8-core
ARM64 Android device.
[1] https://lkml.org/lkml/2006/8/29/294 also used in mmtests suite
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Link: https://lore.kernel.org/patchwork/patch/1458906/
Bug: 191223209
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ic1fc75eb1e4d7a9848cf641b9f232ad3262c490b
Android captures per-process system memory state when certain low memory
events (e.g a foreground app kill) occur, to identify potential memory
hoggers. In order to measure how much memory a process actually consumes,
it is necessary to include the DMA buffer sizes for that process in the
memory accounting. Since the handle to DMA buffers are raw FDs, it is
important to be able to identify which processes have FD references to a
DMA buffer.
Currently, DMA buffer FDs can be accounted using /proc/<pid>/fd/* and
/proc/<pid>/fdinfo -- both are only readable by the process owner, as
follows:
1. Do a readlink on each FD.
2. If the target path begins with "/dmabuf", then the FD is a dmabuf FD.
3. stat the file to get the dmabuf inode number.
4. Read/ proc/<pid>/fdinfo/<fd>, to get the DMA buffer size.
Accessing other processes' fdinfo requires root privileges. This limits
the use of the interface to debugging environments and is not suitable for
production builds. Granting root privileges even to a system process
increases the attack surface and is highly undesirable.
Since fdinfo doesn't permit reading process memory and manipulating
process state, allow accessing fdinfo under PTRACE_MODE_READ_FSCRED.
Link: https://lkml.kernel.org/r/20210308170651.919148-1-kaleshsingh@google.com
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Suggested-by: Jann Horn <jannh@google.com>
Acked-by: Christian König <christian.koenig@amd.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Helge Deller <deller@gmx.de>
Cc: Hridya Valsaraju <hridya@google.com>
Cc: James Morris <jamorris@linux.microsoft.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 7bc3fa0172)
Bug: 159126739
Bug: 167141117
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Change-Id: I842b689670f731138592f45c7124ef446d9aa59a
Sometimes, alloc_contig_range fails at test_pages_isolated.
Report the failed page to page_pinner for tracking them to
be able to investigate it.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: Ifcb913faa87a131915efd72848e6ca59c15b75b4
To keep track of page migration failures, record the following
page states to capture natural state transitions of a page during
migration:
* detected
* put reference count
* free
With such transition change, it was a lot easier to analyze page
migration failure issues. Since we already have annotation on the
put_page side, this patch adds the record in free path and page
migration failure path.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I18182d3fd62850c5580c9e89a5362bdae630f153
While I was investigating CMA allocation latency, adding fields below
were very useful to detect the CMA allocation latency issues.
This patch adds following fields of struct page.
for struct page:
int count
int mapcount
struct address_space
This patch removes page_mt since it was not useful ever for me.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I312505901a227cd404555f845550d2a9c9ce89da
This patch changes timestamp format to align with trace event time format.
It was much easier to parse page_pinner event order by the time with
trace event.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: Ib0e81a47df588a2f6ebf842a5f3c5b298da4fe40
For print_page_pinner argument passing, use the one structure
parameter instead of several parameters with fields of the
structure.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I3816eb6154c6c56a66ee9079091880afda817914
There are several path the WARN_ON_ONCE could be triggered but
it doesn't mean real bug since we intentionally allow it to make
code simple at this moment. So just remove the warnings to prevent
folks confused it.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7d14c8490db841f61b01fe7c16b406c9b1850c46
Currently, __reset_page_pinner reset only PAGE_EXT_GET page freeing,
not PAGE_EXT_PINNER_MIGRATION_FAILED page. It should handle both
cases to prevent wrong PAGE_EXT_PINNER_MIGRATION_FAILED setting.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I9b4124393ee432c7cb29cd12d160ecf2a1e34360
There are some places using put_page_testzero instead of put_page.
Thus, move page_pinner_put_page into put_page_testzero to catch
all of put operations.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: If33b2a28ceb64e3ccab83990eac2c1cc291c3b08
Make function name more clear to indicate what it's doing.
Bug: 192475091
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I6adabc0df6a54cf24d8287bf0f22cf7dcdc7ad03
Export try_to_free_mem_cgroup_pages function to allow vendor modules to reclaim a memory cgroup.
Bug: 192052083
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Iec6ef50f5c71c62d0c9aa6de90e56a143dac61c1
Export cgroup_add_legacy_cftypes and a helper function to allow vendor module to expose additional files in the memory cgroup hierarchy.
Bug: 192052083
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Ie2b936b3e77c7ab6d740d1bb6d70e03c70a326a7
DWC USB3 DT node is supposed to be compliant with the Generic xHCI
Controller schema, but with additional vendor-specific properties, the
controller-specific reference clocks and PHYs. So let's convert the
currently available legacy text-based DWC USB3 bindings to the DT schema
and make sure the DWC USB3 nodes are also validated against the
usb-xhci.yaml schema.
Note 1. we have to discard the nodename restriction of being prefixed with
"dwc3@" string, since in accordance with the usb-hcd.yaml schema USB nodes
are supposed to be named as "^usb(@.*)".
Note 2. The clock-related properties are marked as optional to match the
DWC USB3 driver expectation and to improve the bindings mainainability
so in case if there is a glue-node it would the responsible for the
clocks initialization.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20201210090944.16283-11-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 186724205
(cherry picked from commit 389d776588)
Change-Id: I898cfa402b56f1d8535425d76200f624e7a2ae27
Signed-off-by: Wesley Cheng <wcheng@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In fips140.ko, enable the behavior that the upstream fips_enabled flag
controls, such as the XTS weak key check which apparently is required.
Note that some of this behavior, such as the DRBG continuity check, is
allegedly not required. But to ensure we don't miss anything that was
already handled upstream, it seems best to define fips_enabled to 1. We
can still disable anything that turns out to be problematic.
Bug: 153614920
Bug: 188620248
Change-Id: Idcded9e69e7d7cdf7f2937009af209857b0c08e2
Signed-off-by: Eric Biggers <ebiggers@google.com>
fips140_algorithms[] is a list of cra_names rather than
cra_driver_names, so to specify that the existing DRBG algorithms need
to be unregistered it needs to contain "stdrng".
Bug: 153614920
Bug: 188620248
Change-Id: Id655e74858ca6bff4eedaf761d54c3ae54c2260f
Signed-off-by: Eric Biggers <ebiggers@google.com>
crypto_remove_final() calls crypto_alg_put() which can take
crypto_alg_sem again, via a call stack like:
down_write(&crypto_alg_sem)
crypto_drop_spawn()
crypto_ccm_free()
crypto_aead_free_instance()
crypto_destroy_instance()
crypto_alg_put() (inlined)
crypto_remove_final()
unregister_existing_fips140_algos()
That causes a deadlock because unregister_existing_fips140_algos() is
already holding crypto_alg_sem.
Fix this by reducing the scope of crypto_alg_sem to the actual list
traversal and not the crypto_alg_put().
Bug: 153614920
Bug: 188620248
Change-Id: Ia724d8b13480233dad051c538dc504cb27be8777
Signed-off-by: Eric Biggers <ebiggers@google.com>
Check for errors when executing the initcalls so that we can't fail to
register some algorithms without noticing.
Bug: 153614920
Bug: 188620248
Change-Id: I8e55de3d7624c6700f161c92705d0f6f874476d8
Signed-off-by: Eric Biggers <ebiggers@google.com>
It may be helpful to know whether the "already-live algorithms" code
path is being executed or not, and if so, with which algorithms. Add a
log message for it.
Bug: 153614920
Bug: 188620248
Change-Id: Ie3757794b1e43f630d5dc8f888c6ad33acacbc4c
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add the hook that vendor can design and bypass the suspend/resume.
When the bypass is set, skip the orignal suspend/resume methods.
In mobile, a co-processor can be used with USB audio, and ACPU may
be able to sleep in such condition to improve power consumption.
We will need vendor hook to support this.
Bug: 192774581
Signed-off-by: Puma Hsu <pumahsu@google.com>
Change-Id: Ic62a8a1e662bbe3fb0aa17af7491daace0b9f18a
For dma-heap users, they can't bypass cache sync when map/unmap iova
with dma heap. But they can do it by adding DMA_ATTR_SKIP_CPU_SYNC
into dma_alloc_attrs.
To keep alignment, at dma_heap side, also use
dma_buf_attachment.dma_map_attrs to do iova map & unmap.
This patch is a little different with linux patch, because ACK
has cached heap, and linux doesn't have it
Bug: 189986159
Link: https://lore.kernel.org/patchwork/patch/1455032/
Change-Id: I324712644688c29e55c9197efcde9283bbbd813b
Signed-off-by: Guangming Cao <Guangming.Cao@mediatek.com>
Add reclaim_shmem_address_space to symbol list. This gerrit also
contains the changes resulted from changing the number of params in
shmem_mark_page_lazyfree function.
Leaf changes summary: 2 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 1 Changed, 1 Added
function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added
variable
1 Added function:
[A] 'function int reclaim_shmem_address_space(address_space*)'
1 function with some sub-type change:
[C] 'function void shmem_mark_page_lazyfree(page*)' at shmem.c:4296:1
has some sub-type changes:
CRC (modversions) changed from 0x81dbf5b0 to 0xd16d738a
parameter 2 of type 'typedef bool' was added
Bug: 187798288
Change-Id: Ieebc6d0cb2211a80a126f39b46e3c7d3583dca60
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
Vendor module needs arch_mmap_rnd() to generate new mm->mmap_base
when defining a custom mmap_layout.
More details in https://buganizer.corp.google.com/issues/191439466
Bug: 191439466
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I37644438b4e170732adc62810388450155c178a4
With allnoconfig, build is breaking with below message, which is
introduced in commit daeabfe7fa ("ANDROID: mm: add
reclaim_shmem_address_space() for faster reclaims"). Fix it.
mm/shmem.c: In function ‘reclaim_shmem_address_space’:
mm/shmem.c:4321:7: error: implicit declaration of function
‘isolate_lru_page’ [-Werror=implicit-function-declaration]
if (isolate_lru_page(page))
Bug: 187798288
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
Change-Id: I27494b329e9b667869e1f5264bd319d94b8d2dd6
Some vendors want to add things to 'struct skb_shared_info', so give
them an array to place their data.
Bug: 171013716
Signed-off-by: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
Change-Id: Ia0024e3e8de89f4ef335fa26208ec6c45abafb22
samsung ExynosAuto SoC has two types of host controller interface to
support the virtualization of UFS Device.
One is the physical host(PH) that the same as conventaional UFSHCI,
and the other is the virtual host(VH) that support data transfer function only.
In this structure, the virtual host does not support like device management.
This patch skips the interface configuration part that cannot be performed
in the virtual host.
Signed-off-by: jongmin jeong <jjmin.jeong@samsung.com>
Link: https://lore.kernel.org/linux-scsi/20210709065711.25195-3-chanho61.park@samsung.com/
Bug: 190689163
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Change-Id: I65b56f898da9d57c627b5752535dd563e4fd3e8d
samsung ExynosAuto9 SoC has two types of host controller interface to
support the virtualization of UFS Device.
One is the physical host(PH) that the same as conventaional UFSHCI,
and the other is the virtual host(VH) that support data transfer function
only.
In this structure, the virtual host does not support UIC command.
To support this, we add the quirk and return 0 when the UIC command
send function is called.
Signed-off-by: jongmin jeong <jjmin.jeong@samsung.com>
Link: https://lore.kernel.org/linux-scsi/20210709065711.25195-2-chanho61.park@samsung.com/
Bug: 190689163
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Change-Id: Ie528726b29bcb643149440bf1c90eaa5995c5ac1
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and bpf operations.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ie4ed8df7ad66df2486fc7e52a26d9191fc0c176e
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and open operation.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ia644ceb02dbc230ee1d25cad3630c2c3f908e41a
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and related operations.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: If20bd8bb8311ad10a374033734fbdc7ef61a7704
android_vh_ptype_head:
To add a debugging chain to ptype list
android_vh_kfree_skb
To sniff the dropped packet at kernel network
Bug: 163716381
Signed-off-by: Bae Soukjin <soukjin.bae@samsung.com>
Change-Id: Ide80bf0a129da31a1824d4a33026ac42be327361
(cherry picked from commit d88b2969cfa78608ad4563e5f4fa84497cc0ffa6)
(cherry picked from commit a8021ba684c584b8a4361d1680f6e466748ab012)
Make the following changes in ufshcd_abort():
- Return FAILED instead of SUCCESS if the abort handler notices that a SCSI
command has already been completed. Returning SUCCESS in this case
triggers a use-after-free and may trigger a kernel crash.
- Fix the code for aborting SCSI commands submitted to a WLUN.
The current approach for aborting SCSI commands that have been submitted to
a WLUN and that timed out is as follows:
- Report to the SCSI core that the command has completed successfully.
Let the block layer free any data buffers associated with the command.
- Mark the command as outstanding in 'outstanding_reqs'.
- If the block layer tries to reuse the tag associated with the aborted
command, busy-wait until the tag is freed.
This approach can result in:
- Memory corruption if the controller accesses the data buffer after the
block layer has freed the associated data buffers.
- A race condition if ufshcd_queuecommand() or ufshcd_exec_dev_cmd()
checks the bit that corresponds to an aborted command in 'outstanding_reqs'
after it has been cleared and before it is reset.
- High energy consumption if ufshcd_queuecommand() repeatedly returns
SCSI_MLQUEUE_HOST_BUSY.
Fix this by reporting to the SCSI error handler that aborting a SCSI
command failed if the SCSI command was submitted to a WLUN.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Stanley Chu <stanley.chu@mediatek.com>
Cc: Can Guo <cang@codeaurora.org>
Cc: Asutosh Das <asutoshd@codeaurora.org>
Cc: Avri Altman <avri.altman@wdc.com>
Fixes: 7a7e66c65d ("scsi: ufs: Fix a race condition between ufshcd_abort() and eh_work()")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/linux-scsi/20210701211224.17070-17-bvanassche@acm.org/
Change-Id: Ice5138ece51bf0e00dc0aa5fcd3ac74659b2afc0
BUG: 192807596
Signed-off-by: Bart Van Assche <bvanassche@google.com>
In our vendor driver, we need to call the following function:
mm/mmap.c : unsigned long vm_unmapped_area(struct vm_unmapped_area_info *info);
Bug: 191439466
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I8eb0f8cc80ab7a0ebc9db3e3b217be94843da3ed
