commit 86a24e99c9 upstream.
dma_request_slave_channel() may return NULL which will lead to
NULL pointer dereference error in 'tmp_chan->private'.
Correct this behaviour by, first, switching from deprecated function
dma_request_slave_channel() to dma_request_chan(). Secondly, enable
sanity check for the resuling value of dma_request_chan().
Also, fix description that follows the enacted changes and that
concerns the use of dma_request_slave_channel().
Fixes: 706e2c8811 ("ASoC: fsl_asrc_dma: Reuse the dma channel if available in Back-End")
Co-developed-by: Natalia Petrova <n.petrova@fintech.ru>
Change-Id: I2ae5ca9cbb40afd7c5f066e8ed984cf4f35c832e
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Acked-by: Shengjiu Wang <shengjiu.wang@gmail.com>
Link: https://lore.kernel.org/r/20230417133242.53339-1-n.zhandarovich@fintech.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 6cb818ed5f)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 0b186bb061 upstream.
With PCI if the device was suspended it is brought back to full
power and then suspended again.
This doesn't happen when device is described via DT.
We need to make sure that we tear down pipelines only if the device
was previously active (thus the pipelines were setup).
Otherwise, we can break the use_count:
[ 219.009743] sof-audio-of-imx8m 3b6e8000.dsp:
sof_ipc3_tear_down_all_pipelines: widget PIPELINE.2.SAI3.IN is still in use: count -1
and after this everything stops working.
Fixes: d185e0689a ("ASoC: SOF: pm: Always tear down pipelines before DSP suspend")
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Change-Id: Ic7f724954ede17a021a486dba6c9eed9e3354438
Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>
Link: https://lore.kernel.org/r/20230405092655.19587-1-daniel.baluta@oss.nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 7a6593b5d7)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit dc70eb868b upstream.
The current code path can lead to warnings because of uninitialized device,
which contains, as a consequence, uninitialized kobject. The uninitialized
device is passed to of_platform_populate, which will at some point, while
creating child device, try to get a reference on uninitialized parent,
resulting in the following warning:
kobject: '(null)' ((ptrval)): is not initialized, yet kobject_get() is
being called.
The warning is observed after migrating a kernel 5.10.x to 6.1.x.
Reverting commit 0d70af3c25 ("fpga: bridge: Use standard dev_release for
class driver") seems to remove the warning.
This commit aggregates device_initialize() and device_add() into
device_register() but this new call is done AFTER of_platform_populate
Fixes: 0d70af3c25 ("fpga: bridge: Use standard dev_release for class driver")
Change-Id: I4726f74122c2755c1b14b66f40250306b1a796b2
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/20230404133102.2837535-2-alexis.lothore@bootlin.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 71b6df69f1)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 0da6e5fd6c upstream.
We started disabling '-Warray-bounds' for gcc-12 originally on s390,
because it resulted in some warnings that weren't realistically fixable
(commit 8b202ee218: "s390: disable -Warray-bounds").
That s390-specific issue was then found to be less common elsewhere, but
generic (see f0be87c42c: "gcc-12: disable '-Warray-bounds' universally
for now"), and then later expanded the version check was expanded to
gcc-11 (5a41237ad1: "gcc: disable -Warray-bounds for gcc-11 too").
And it turns out that I was much too optimistic in thinking that it's
all going to go away, and here we are with gcc-13 showing all the same
issues. So instead of expanding this one version at a time, let's just
disable it for gcc-11+, and put an end limit to it only when we actually
find a solution.
Yes, I'm sure some of this is because the kernel just does odd things
(like our "container_of()" use, but also knowingly playing games with
things like linker tables and array layouts).
And yes, some of the warnings are likely signs of real bugs, but when
there are hundreds of false positives, that doesn't really help.
Oh well.
Change-Id: Ie09553dec193c593f34169f835a876ea81b7cb6d
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a93c20f583)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6431b0f6ff upstream.
After commit d38afeec26 ("tcp/udp: Call inet6_destroy_sock()
in IPv6 sk->sk_destruct()."), we call inet6_destroy_sock() in
sk->sk_destruct() by setting inet6_sock_destruct() to it to make
sure we do not leak inet6-specific resources.
SCTP sets its own sk->sk_destruct() in the sctp_init_sock(), and
SCTPv6 socket reuses it as the init function.
To call inet6_sock_destruct() from SCTPv6 sk->sk_destruct(), we
set sctp_v6_destruct_sock() in a new init function.
Change-Id: Ie3beb7e182e26def3fb7b50fef029fd5a8c94fc7
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a09b9383b7)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 1651951ebe upstream.
After commit d38afeec26 ("tcp/udp: Call inet6_destroy_sock()
in IPv6 sk->sk_destruct()."), we call inet6_destroy_sock() in
sk->sk_destruct() by setting inet6_sock_destruct() to it to make
sure we do not leak inet6-specific resources.
DCCP sets its own sk->sk_destruct() in the dccp_init_sock(), and
DCCPv6 socket shares it by calling the same init function via
dccp_v6_init_sock().
To call inet6_sock_destruct() from DCCPv6 sk->sk_destruct(), we
export it and set dccp_v6_sk_destruct() in the init function.
Change-Id: I1aa8f30c780796bb5d446874bb44113783d6460a
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a530b33fe9)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit c1592a8994 upstream.
Toggle deleted anonymous sets as inactive in the next generation, so
users cannot perform any update on it. Clear the generation bitmask
in case the transaction is aborted.
The following KASAN splat shows a set element deletion for a bound
anonymous set that has been already removed in the same transaction.
[ 64.921510] ==================================================================
[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
[ 64.931120] Call Trace:
[ 64.932699] <TASK>
[ 64.934292] dump_stack_lvl+0x33/0x50
[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.937551] kasan_report+0xda/0x120
[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
[ 64.945710] ? kasan_set_track+0x21/0x30
[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
Bug: 282877000
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I536b7fbec55a5b37a57546023891a3dcfeb2c24b
commit b5fc29233d upstream.
After commit d38afeec26 ("tcp/udp: Call inet6_destroy_sock()
in IPv6 sk->sk_destruct()."), we call inet6_destroy_sock() in
sk->sk_destruct() by setting inet6_sock_destruct() to it to make
sure we do not leak inet6-specific resources.
Now we can remove unnecessary inet6_destroy_sock() calls in
sk->sk_prot->destroy().
DCCP and SCTP have their own sk->sk_destruct() function, so we
change them separately in the following patches.
Change-Id: Iae566ce3b7a73584548fc88c950518b53194c5df
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a8cf114105)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit d83806c4c0 upstream.
Since 32ef9e5054, -Wa,-gdwarf-2 is no longer used in KBUILD_AFLAGS.
Instead, it includes -g, the appropriate -gdwarf-* flag, and also the
-Wa versions of both of those if building with Clang and GNU as. As a
result, debug info was being generated for the purgatory objects, even
though the intention was that it not be.
Fixes: 32ef9e5054 ("Makefile.debug: re-enable debug info for .S files")
Change-Id: I68ab786b0a713958e145908bbd26b7f842de5575
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Cc: stable@vger.kernel.org
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 588d682251)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6dcbd0a69c upstream.
MIPS's exit sections are discarded at runtime as well.
Fixes link error:
`.exit.text' referenced in section `__jump_table' of fs/fuse/inode.o:
defined in discarded section `.exit.text' of fs/fuse/inode.o
Fixes: 99cb0d917f ("arch: fix broken BuildID for arm64 and riscv")
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Change-Id: I2acdca2a4b35005d411c57978f4765bcc936e093
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f9a20ef5e8)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
and sched_waking to let module probe them
Get task info about sleep and waking
Bug: 190422437
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: I828c93f531f84e6133c2c3a7f8faada51683afcf
(cherry picked from commit 13af062abf)
(cherry picked from commit 869954e72dac700580d0ea5734d07b574e41afe9)
(cherry picked from commit b7f527071c)
Get task info about scheduling delay, iowait, and block time.
It is used to get thread scheduling info when thread happened abnormal situation.
Bug: 189415303
Change-Id: Ib6b548f8a78de5b26d555e9a89e3cc79ea2d1024
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
(cherry picked from commit a6bb1af39d)
(cherry picked from commit 6d8d2ab52facfd6d5de2715e2470872e6a70cf22)
(cherry picked from commit c3c2917768)
Export get_wchan to get the block reason.
It is used to get the block reason(why the thread blocked in Uninterrupted Sleep) when happened long D state. We use this information check if it's reasonable.
Bug: 205684022
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I7b65bb502b805e7dac13e5f9d725da1ff70fe306
(cherry picked from commit 0db6925868)
(cherry picked from commit de72c813d12537ea6ced87b39ffcad446815609a)
(cherry picked from commit 1bcf1fc767)
Export symbol of the function wq_worker_comm() in kernel/workqueue.c for dlkm to get the description of the kworker process. It is used to get the description when kworker thread happened abnormal situation.
Bug: 208394207
Signed-off-by: zhengding chen <chenzhengding@oppo.com>
Change-Id: I2e7ddd52a15e22e99e6596f16be08243af1bb473
(cherry picked from commit 28de741861)
(cherry picked from commit 87e0e98c25ba8e121975708943335e3abad651d9)
(cherry picked from commit 38a713dc80)
Commit 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object
iteration loop of kmemleak_scan()") fixes soft lockup problem in
kmemleak_scan() by periodically doing a cond_resched(). It does take a
reference of the current object before doing it. Unfortunately, if the
object has been deleted from the object_list, the next object pointed to
by its next pointer may no longer be valid after coming back from
cond_resched(). This can result in use-after-free and other nasty
problem.
Fix this problem by adding a del_state flag into kmemleak_object structure
to synchronize the object deletion process between kmemleak_cond_resched()
and __remove_object() to make sure that the object remained in the
object_list in the duration of the cond_resched() call.
Link: https://lkml.kernel.org/r/20230119040111.350923-3-longman@redhat.com
Fixes: 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object iteration loop of kmemleak_scan()")
Change-Id: I7d44a56d2943e7140d9bcad56c6b1a20236f3827
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 782e417953)
[surenb: resolve trivial merge conflict due to the new pinned parameter
in kmemleak_cond_resched]
Bug: 280352049
Change-Id: Id1b794a3f22053141a0e86269a3316da1da317db
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Since we do not enforce symbol lists to be generated using
the ABI tooling; it is possible to have the symbol list
updates with CRLF characters at the end of a line, leading
and trailining white spaces based on how they are manually
edited. The header generation script fails in this case when
it parses these symbols with CRLF or sorting order may not
be correct for symbols with trailing white spaces.
Update the preprocessing of the symbol list to remove any
carriage returns, strip any leading and trailing white spaces
in addition to the other preprocessing.
Bug: 280837072
Test: TH, manual verification
Change-Id: I4b832c28b42f196056c38fc3e2ccd517a03e13fa
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
(cherry picked from commit 6b893a535cfa8a5e9a6cd792e0437fe66cb2296b)
This change ensures that if configured in the policy, the if_id set in
the policy and secpath states match during the inbound policy check.
Without this, there is potential for ambiguity where entries in the
secpath differing by only the if_id could be mismatched.
Notably, this is checked in the outbound direction when resolving
templates to SAs, but not on the inbound path when matching SAs and
policies.
Test: Tested against Android kernel unit tests & CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Bug: 279217934
(cherry picked from commit 8680407b6fhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master)
Change-Id: Ibb97561eaf1a99b7ad239d4d4860bfe5b0ac20ea
Signed-off-by: Carlos Llamas <cmllamas@google.com>
When Android moved the wifi drivers to be a vendor driver, it disabled
CFG80211 from the build configuration, yet that needs to be enabled in
the vendor module build. As the struct net_device is defined in the
core kernel image, both builds needs to have the same structure size, so
always enable it in the structure and protect any potential vendor
changes from showing up in the CRC checker by maing it a void * as far
as it is concerned.
Also update the kernel abi definition to resolve this:
function symbol 'int ___pskb_trim(struct sk_buff*, unsigned int)' changed
CRC changed from 0x3d8e01bc to 0x6c6bbe0a
function symbol 'struct sk_buff* __alloc_skb(unsigned int, gfp_t, int, int)' changed
CRC changed from 0x35a57bd5 to 0xd9823116
function symbol 'int __dev_change_net_namespace(struct net_device*, struct net*, const char*, int)' changed
CRC changed from 0x8bc2389e to 0x1c3133b9
... 823 omitted; 826 symbols have only CRC changes
type 'struct net_device' changed
member 'struct wireless_dev* ieee80211_ptr' was added
17 members ('struct wpan_dev* ieee802154_ptr' .. 'struct hlist_node index_hlist') changed
offset changed by 64
Fixes: c304eddcec ("net: wrap the wireless pointers in struct net_device in an ifdef")
Change-Id: I7c2a10da63b6022abbac78a3a0d48c2fd405f42c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
As part of the host deprivilege process, memory regions advertised in
the "pkvm,protected-region" devicetree nodes are unmapped from the
host stage-2 page-table and annotated specially so that the memory can
be used exclusively by hypervisor modules.
Since the state of this memory in the host stage-2 may not be in the
"owned" state (for example, if it corresponds to a "no-map" region),
remove the initial check of the page state and allow unmapping of any
pages from the trusted host.
Bug: 280380533
Cc: Quentin Perret <qperret@google.com>
Fixes: 417e986b54 ("ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback")
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ic28a2557d6d515b356645228fd41d3c921826489
A collision between aosp/2569890 (symbol list update) and aosp/2582310
(KMI update) caused this fall out. Fix forward by updating the
representation accordingly.
Bug: 281981998
Change-Id: I312fa0662e8289e4cd0ecd0fcf40f1d4aae612a1
Signed-off-by: Matthias Maennich <maennich@google.com>
This hook allows us to capture information when a process is forked so
that we can stat and set some key task's CPU affinity in the ko module
later. This patch, along with aosp/2548175, is necessary for our
affinity settings.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: Ib93e05e5f6c338c5f7ada56bfebdd705f87f1f66
(cherry picked from commit a188361628461c58a4dfc72869d9acb1dfa2542f)
Exporting the symbol cpuset_cpus_allowed() so that we can adjust a
certain type of application's CPU affinity in vendor hooks according
to our tuning policy.
Related commit: aosp/2548175
Bug: 189725786
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I7919a893ab64bb441ab43cbb0b16825ed76d802d
(cherry picked from commit 5a7d01ed73e4fc812fda1d7288086dc73a283405)
Add vendor hooks for CPU affinity to support OEM's tuning policy, where
we can block or unblock a certain type of application's CPU affinity.
Bug: 183674818
Signed-off-by: lijianzhong <lijianzhong@xiaomi.com>
Change-Id: I3402abec4d9faa08f564409bfb8db8d7902f3aa2
(cherry picked from commit 7cf9646c245fdc63e2a3c9fad457c11fabdd2dfc)
Add ramjiyani@ as per-file owner for list of protected
modules for all current & future architectures.
android/gki_*_protected_modules
Bug: 151893768
Test: TH
Change-Id: I0048c99a28cfe24e1ba7c7d6189fd8c7dfdf6f0d
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add snd_usb_power_domain_set() to the symbol list, as it is exported for
modules to utilize. Class drivers may need this to ensure USB audio device
is placed in the proper power state if an alternative audio path is used.
(i.e. offload path)
Symbols added:
snd_usb_power_domain_set
Bug: 255912822
Change-Id: I667fcaf8c841fd63c9b4d0307ac86e178d15e8b8
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
pKVM modules may need to enable fine grain traps. To allow this
use-case, expose a function allowing to manipulate HFGWTR_EL2 on the
current CPU. This configuration will be persistent across power
management cycles and such as it is propagated all the way to the
init params per-cpu struct.
Bug: 245034629
Change-Id: If9c29849df50847d3a796345927bd51c37c358bc
Signed-off-by: Quentin Perret <qperret@google.com>
pKVM modules may need to enable additional traps on top of what pKVM
already enables. To allow this use-case, expose a function allowing to
manipulate HCR_EL2 on the current CPU. This configuration will be
persistent across power management cycles and such as it is propagated
all the way to the init params per-cpu struct.
Bug: 245034629
Change-Id: I21d596bd1d01f4edc48a188cc3c2eb78dc9a4444
Signed-off-by: Quentin Perret <qperret@google.com>
Converting cfg80211.ko & mac80211.ko as vendor modules
made some symbols cited in the symbol lists for partners
but are no longer available in ksymtab as these features
are disabled in the gki_defconfit to convert them to vendor
modules.
Manually trimmed the symbol lists for builds to succeed.
Bug: 281137343
Test: TH
Change-Id: Ieb60c12ddb4f2b89aa387df2d69c31f8cfee54d8
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
