Use rcu_read_lock_sched() & rcu_read_unlock_sched() to mark the
beginning & end of a RCU-sched critical section instead.
Bug: 171362096
Signed-off-by: Neal Liu <neal.liu@mediatek.com>
Change-Id: Idb40e2c2356621398e06944f7cb9b8bc5ef1d92a
Enable support for CONFIG_X86_X2APIC, if available. This speeds up
operation in a hypervisor, as APIC is handled via MSRs.
Bug: 171287650
Change-Id: Ie3cf57d07b8dde08ec609dfb031cfb0029218501
Signed-off-by: Abdulla Kamar <abdulla@google.com>
commit 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE")
changes the size of 'struct module' a bit by adding a single boolean
value to the middle. Move things around a bit and take up a space to
preserve the abi so that nothing changes with the abi before that commit
was merged.
This might be able to be dropped at the next Android KABI "Break", if
one happens.
Bug: 171277690
Fixes: 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie31a6fcea384ad665248c87f7abfde4d214da70a
If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
for all modules importing these symbols, and don't allow loading
symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
imported gplonly symbols. Add a anti-circumvention devices so people
don't accidentally get themselves into trouble this way.
Comment from Greg:
"Ah, the proven-to-be-illegal "GPL Condom" defense :)"
Bug: 171277690
[jeyu: pr_info -> pr_err and pr_warn as per discussion]
Link: http://lore.kernel.org/r/20200730162957.GA22469@lst.de
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
(cherry picked from commit 262e6ae7081df304fc625cf368d5c2cbba2bb991)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id7c1af6bb8523bc39bda1efc661929d9ea0ccb20
Report the GPLONLY status through a new argument.
Bug: 157965270
Bug: 171277690
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
(cherry picked from commit ef1dac6021cc8ec5de02ce31722bf26ac4ed5523)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I93285e06e380509b11356256da4d3d5a8738e252
Use the same spelling variant as the rest of the file.
Bug: 157965270
Bug: 171277690
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
(cherry picked from commit cd8732cdcc37d7077c4fa2c966b748c0662b607e)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0ad6d1dcbe39053566bb922b9a71359f753df85c
each_symbol_section is only used inside of module.c.
Bug: 157965270
Bug: 171277690
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
(cherry picked from commit a54e04914c211b5678602a46b3ede5d82ec1327d)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5debe30f150847281874d9b2c47952f9036d37d2
Update the android/abi_gki_aarch64_qcom with recent symbol additions.
Simple change and no need to update the .xml file, as no new symbol
addition.
Bug: 171100523
Change-Id: I5083548f18633b66b76d525209c52b4c44eded75
Signed-off-by: Ravikanth Tuniki <rtunik@codeaurora.org>
When releasing a thread todo list when tearing down
a binder_proc, the following race was possible which
could result in a use-after-free:
1. Thread 1: enter binder_release_work from binder_thread_release
2. Thread 2: binder_update_ref_for_handle() -> binder_dec_node_ilocked()
3. Thread 2: dec nodeA --> 0 (will free node)
4. Thread 1: ACQ inner_proc_lock
5. Thread 2: block on inner_proc_lock
6. Thread 1: dequeue work (BINDER_WORK_NODE, part of nodeA)
7. Thread 1: REL inner_proc_lock
8. Thread 2: ACQ inner_proc_lock
9. Thread 2: todo list cleanup, but work was already dequeued
10. Thread 2: free node
11. Thread 2: REL inner_proc_lock
12. Thread 1: deref w->type (UAF)
The problem was that for a BINDER_WORK_NODE, the binder_work element
must not be accessed after releasing the inner_proc_lock while
processing the todo list elements since another thread might be
handling a deref on the node containing the binder_work element
leading to the node being freed.
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20201009232455.4054810-1-tkjos@google.com
Cc: <stable@vger.kernel.org> # 4.14, 4.19, 5.4, 5.8
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f3277cbfba763cd2826396521b9296de67cf1bbc)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7c1bf0b74824f272664e76206c5dc3b66b9eeaff
Declare war on uninterruptible sleep. Add a tracepoint which
walks the kernel stack and dumps the first non-scheduler function
called before the scheduler is invoked.
Bug: 120445457
Change-Id: I19e965d5206329360a92cbfe2afcc8c30f65c229
Signed-off-by: Riley Andrews <riandrews@google.com>
[astrachan: deleted an unnecessary whitespace change]
Signed-off-by: Alistair Strachan <astrachan@google.com>
Bug: 170916884
Signed-off-by: Todd Kjos <tkjos@google.com>
Update the android/abi_gki_aarch64_qcom with recent symbol additions.
No need to update the .xml file, as no new symbol addition.
Bug: 171024164
Signed-off-by: Raviteja Tamatam <travitej@codeaurora.org>
Change-Id: I38fdb82878c578a19fb01df1e97eb7fafd7dac06
The KMI was changed by several patches on Oct 15. Update the
generation number.
Bug: 161946584
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: If641819d24743f319cfe704b79ec479be8aae78f
Leaf changes summary: 3291 artifacts changed (10 filtered out)
Changed leaf types summary: 5 (1 filtered out) leaf types changed
Removed/Changed/Added functions summary: 0 Removed, 3237 Changed (9 filtered out), 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 49 Changed, 0 Added variable
3237 functions with some sub-type change:
49 Changed variables:
type of variable changed:
type size hasn't changed
1 data member insertion:
'deferred_split pglist_data::deferred_split_queue', at offset 42048 (in bits) at mmzone.h:785:1
there are data member changes:
'lruvec pglist_data::lruvec' offset changed from 42048 to 42304 (in bits) (by +256 bits)
'unsigned long int pglist_data::flags' offset changed from 43136 to 43392 (in bits) (by +256 bits)
3325 impacted interfaces
type of variable changed:
type size hasn't changed
there are data member changes:
type 'u64[2]' of 'task_struct::android_vendor_data1' changed:
type name changed from 'u64[2]' to 'u64[3]'
array type size changed from 128 to 192
array type subrange 1 changed length from 2 to 3
'u64 task_struct::android_kabi_reserved1' offset changed from 21312 to 21376 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved2' offset changed from 21376 to 21440 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved3' offset changed from 21440 to 21504 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved4' offset changed from 21504 to 21568 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved5' offset changed from 21568 to 21632 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved6' offset changed from 21632 to 21696 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved7' offset changed from 21696 to 21760 (in bits) (by +64 bits)
'u64 task_struct::android_kabi_reserved8' offset changed from 21760 to 21824 (in bits) (by +64 bits)
3325 impacted interfaces
'struct file at fs.h:955:1' changed:
type size changed from 2048 to 2176 (in bits)
2 data member insertions:
'u64 file::android_kabi_reserved1', at offset 2048 (in bits) at fs.h:995:1
'u64 file::android_vendor_data1', at offset 2112 (in bits) at fs.h:996:1
3325 impacted interfaces
'struct mem_cgroup at memcontrol.h:208:1' changed:
type size changed from 21504 to 22528 (in bits)
1 data member insertion:
'deferred_split mem_cgroup::deferred_split_queue', at offset 22144 (in bits) at memcontrol.h:334:1
there are data member changes:
type 'atomic_long_t[56]' of 'mem_cgroup::vmevents' changed:
type name changed from 'atomic_long_t[56]' to 'atomic_long_t[70]'
array type size changed from 3584 to 4480
array type subrange 1 changed length from 56 to 70
'atomic_long_t mem_cgroup::memory_events[7]' offset changed from 17280 to 18176 (in bits) (by +896 bits)
'atomic_long_t mem_cgroup::memory_events_local[7]' offset changed from 17728 to 18624 (in bits) (by +896 bits)
'unsigned long int mem_cgroup::socket_pressure' offset changed from 18176 to 19072 (in bits) (by +896 bits)
'bool mem_cgroup::tcpmem_active' offset changed from 18240 to 19136 (in bits) (by +896 bits)
'int mem_cgroup::tcpmem_pressure' offset changed from 18272 to 19168 (in bits) (by +896 bits)
'int mem_cgroup::kmemcg_id' offset changed from 18304 to 19200 (in bits) (by +896 bits)
'memcg_kmem_state mem_cgroup::kmem_state' offset changed from 18336 to 19232 (in bits) (by +896 bits)
'list_head mem_cgroup::kmem_caches' offset changed from 18368 to 19264 (in bits) (by +896 bits)
'int mem_cgroup::last_scanned_node' offset changed from 18496 to 19392 (in bits) (by +896 bits)
'list_head mem_cgroup::cgwb_list' offset changed from 18560 to 19456 (in bits) (by +896 bits)
'wb_domain mem_cgroup::cgwb_domain' offset changed from 18688 to 19584 (in bits) (by +896 bits)
'memcg_cgwb_frn mem_cgroup::cgwb_frn[4]' offset changed from 19776 to 20672 (in bits) (by +896 bits)
'list_head mem_cgroup::event_list' offset changed from 21056 to 21952 (in bits) (by +896 bits)
'spinlock_t mem_cgroup::event_list_lock' offset changed from 21184 to 22080 (in bits) (by +896 bits)
'mem_cgroup_per_node* mem_cgroup::nodeinfo[]' offset changed from 21248 to 22400 (in bits) (by +1152 bits)
420 impacted interfaces
'struct memcg_vmstats_percpu at memcontrol.h:88:1' changed:
type size changed from 6272 to 7168 (in bits)
there are data member changes:
type 'unsigned long int[56]' of 'memcg_vmstats_percpu::events' changed:
type name changed from 'unsigned long int[56]' to 'unsigned long int[70]'
array type size changed from 3584 to 4480
array type subrange 1 changed length from 56 to 70
'unsigned long int memcg_vmstats_percpu::nr_page_events' offset changed from 6016 to 6912 (in bits) (by +896 bits)
'unsigned long int memcg_vmstats_percpu::targets[3]' offset changed from 6080 to 6976 (in bits) (by +896 bits)
420 impacted interfaces
'struct pglist_data at mmzone.h:713:1' changed:
details were reported earlier
'struct task_struct at sched.h:636:1' changed:
details were reported earlier
Bug: 161946584
Change-Id: I84324ddd226df0c756d61fc02081dc4bc37f36b1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Add an element to ANDROID_VENDOR_DATA_ARRAY(1,2) in task_struct
Bug: 169343953
Signed-off-by: Egor Uleyskiy <e.uleyskiy@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iee22bb544da5cc355d162d7a966c656f453c8a33
Devices with plenty of RAM might benefit from THP usage. Added fields
would allow to enable CONFIG_TRANSPARENT_HUGEPAGE without affecting ABI.
Bug: 168269341
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ieb644a8da5377383d514197ee02d7bfd6f1d346d
ehci_handshake was added to the symbol list as a temporary workaround
for CRC-related issues in the ehci code. But since this has now been
fixed, let's drop the unnecessary symbol list altogether.
Bug: 167230325
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8f56b01ff9bed8e0d417f8c90adb7c32480d55cf
The CRC calculation done by genksyms is triggered when the parser hits
EXPORT_SYMBOL*() macros. At this point, genksyms recursively expands the
types of the function parameters, and uses that as the input for the CRC
calculation. In the case of forward-declared structs, the type expands
to 'UNKNOWN'. Following this, it appears that the result of the
expansion of each type is cached somewhere, and seems to be re-used
when/if the same type is seen again for another exported symbol in the
same C file.
Unfortunately, this can cause CRC 'stability' issues when a struct
definition becomes visible in the middle of a C file. For example, let's
assume code with the following pattern:
struct foo;
int bar(struct foo *arg)
{
/* Do work ... */
}
EXPORT_SYMBOL_GPL(bar);
/* This contains struct foo's definition */
#include "foo.h"
int baz(struct foo *arg)
{
/* Do more work ... */
}
EXPORT_SYMBOL_GPL(baz);
Here, baz's CRC will be computed using the expansion of struct foo that
was cached after bar's CRC calculation ('UNKOWN' here). But if
EXPORT_SYMBOL_GPL(bar) is removed from the file (because of e.g. symbol
trimming using CONFIG_TRIM_UNUSED_KSYMS), struct foo will be expanded
late, during baz's CRC calculation, which now has visibility over the
full struct definition, hence resulting in a different CRC for baz.
The proper fix for this certainly is in genksyms, but that will take me
some time to get right. In the meantime, we have seen one occurrence of
this in the ehci-hcd code which hits this problem because of the way it
includes C files halfway through the code together with an unlucky mix
of symbol trimming.
In order to workaround this, move the include done in ehci-hub.c early
in ehci-hcd.c, hence making sure the struct definitions are visible to
the entire file. This improves CRC stability of the ehci-hcd exports
even when symbol trimming is enabled.
Bug: 167230325
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20200916171825.3228122-1-qperret@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 29231826f3bd65500118c473fccf31c0cf14dbc0)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie56a4deee980652e5285a0744a8bcc2c9e60db73
Update the Vivo symbol list to come up to date with some more modules.
No new symbols are exported from the system, so no .xml file change
needed.
Bug: 170931247
Change-Id: I21e8ce22e327f315efecb9c4597560239b1e0aae
Signed-off-by: Chenggang Wang <wangchenggang@vivo.com>
- Add the hook to provide additional information
of sysrq crash.
Bug: 170234110
Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com>
Change-Id: Ib8f14eaa639b2ef959e911d611515868ff9f193d
Update the Vivo symbol list to come up to date with some more modules.
No new symbols are exported from the system, so no .xml file change
needed.
New symbol additions should come in their own, separate commit.
Bug: 170441871
Cc: Chenggang Wang <wangchenggang@vivo.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic597312f943fe0dc67199ff1c51cd32ace939abe
Background:
When CPU is going to idle state, it would inform RCU that
current CPU is entering idle through rcu_idle_enter(),
and RCU will ignore read-side critical sections of this CPU.
However, there is CFI check mechanism inside idle flow and
calls rcu_read_lock(), so "rcu_read_lock() used illegally while idle"
in rcu_read_lock() will be triggered because rcu_idle_enter()
was already called before.
Beside, the pointer of rcu_dereference() might be invalid
due to the RCU read-side critical sections will be ignoring in
this going idle CPU, it might cause problems like:
access the wrong data/address, kernel exception...
Based on above description:
We will add __nocfi to cpuidle_enter_state to avoid
“rcu_read_lock() used illegally while idle!”
and avoid the usage of invalid pointer of rcu_dereference()
in this situation.
Bug: 169017431
Change-Id: I8bbe25704e18cfde351a8f4277dd4b44b07421f5
Signed-off-by: rogercl.yang <rogercl.yang@mediatek.com>
Signed-off-by: Chun-Hung Wu <chun-hung.wu@mediatek.com>
- Add the hook to provide additional information like
a task scheduling log.
Bug: 169374262
Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com>
Change-Id: I203dbc6faa77687ea48769f76658d28b29ef46fd
Some additional drivers are now needed for cpufreq to work, so
add them to the db845c_gki.fragment
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Ie126f4613b9e5e31c9862d3d4b9c2afb4a5562e6
Bug: 146449535
Update the android/abi_gki_aarch64_qcom with recent symbol additions.
Simple change and no need to update the .xml file, as no new symbol
addition.
Bug: 169739756
Change-Id: I3e992c3ecf4a06eed4b3459cb6343cc5a4f8941d
Signed-off-by: Mayank Grover <groverm@codeaurora.org>
With non-canonical CFI, LLVM generates jump table entries for external
symbols in modules and as a result, a function pointer passed from a
module to the core kernel will have a different address.
Disable the warning for now.
Bug: 145210207
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Change-Id: I576a07206a465902773481e51a84529f0ac2e84b
- Add EXPORT_SYMBOL_GPL for find_task_by_vpid() so that drivers
can be loadable as a module.
- This API is required by loadable driver module from samsung to
read process related information based on pid and thread id.
To get information on when a certain process or thread was started,
duration of run, Average load contributed by it.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Bug: 158067689
Change-Id: I0db9cc50c93eedff0f3e9dea0ac09a5d17d118f0
(cherry picked from commit bee18dd57e89f4e7aa79f6054b9238b99e45c191)
- Add EXPORT_SYMBOL_GPL for runqueues().
- This API is required by loadable driver module,to get number of
jobs in the run queue (state R) or waiting for disk I/O (state D)
averaged over 1 min.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Bug: 158067689
Change-Id: I3e80a46bef2e7c92714b68cc5b6b617ac50bc478
(cherry picked from commit 6b0a9dc6df8d8be21c8d178a01e0711b0fe6ce73)
- Add EXPORT_SYMBOL_GPL for nsec_to_clock_t() so that drivers
be loadable as a module.
- This API is required by loadable driver module from samsung to
fetch process uptime based on CPU clock ticks to get the exact time
during which app is scheduled in user mode.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Bug: 158067689
Change-Id: I45be5fd7873dc7c21aa583313499f48f8b10bb1b
(cherry picked from commit 0575bec804810d9b8abf533c4ef4a957968553fc)
- Add EXPORT_SYMBOL_GPL for __lock_task_sighand()
- This API is required by loadable driver module from samsung to
Lock task structure, when reading task/process related information.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Bug: 158067689
Change-Id: Ia54e17b1f2630bcc648e7840cf36e743f08ba9c9
(cherry picked from commit a719abf03114cfc0b9f68937d9cd900d74d65cae)
- Add EXPORT_SYMBOL_GPL for thread_group_cputime_adjusted()
to allow drivers to be loadable as a module.
- This API is required by loadable driver module from samsung
to fetch process uptime based on CPU clock ticks to get the
exact duration of time app is scheduled in user mode.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Bug: 158067689
Change-Id: I1843de08edf5bb2eee806845f4b5e0a305da5fe7
(cherry picked from commit bf679b941237ae76d0bba8d98e670819e029847a)
- Add EXPORT_SYMBOL_GPL for get_avenrun() so that drivers
be loadable as a module.
- This API is required by loadable driver module
to get Number of jobs in the run queue (state R) or waiting
for disk I/O(state D) averaged over 1 min.
Signed-off-by: Abhilasha Rao <abhilasha.hv@samsung.corp-partner.google.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Bug: 158067689
Change-Id: I56c12c908be068f78e16004df876be3bee0e7229
(cherry picked from commit 64ea6f327359a90eca8ec9fe2a8f0caba0188e45)
This adds missing anonymous to union types, creating some one-time
churn.
Bug: 167563393
Change-Id: I08f55d48793870c6a82ff2c76d3460733ffdbe41
Signed-off-by: Matthias Maennich <maennich@google.com>
Different cpu type will have different suppression ration.
So we add cpumask parameter to cpu capacity vendor hook.
Bug: 167126223
Signed-off-by: Yun Hsiang <yun.hsiang@mediatek.com>
Change-Id: I983a3aca2195f7c37c43d31fa588c999a825ee49
Update the android/abi_gki_aarch64_exynos with recent symbol additions.
Note, no new symbols are needed to be exported here, making this a
simple change and no need to update the .xml file.
Bug: 168666574
Signed-off-by: Jaehyoung Choi <jkkkkk.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibe92486f6f84163990b65c75be96236f76f8af1e
And replace many references of ${ROOT_DIR}/common with
${ROOT_DIR}/${KERNEL_DIR}, which makes it a lot easier
to branch off of ACK and update the KERNEL_DIR.
The variable of KERNEL_DIR will be set in build/_setup_env.sh
to the directory of the build config file by default if it's
not set explicitly in the build config file or in environment.
Test: build test with following configs
common/build.config.gki.aarch64
common/build.config.db845c
common/build.config.hikey960
common-modules/virtual-device/build.config.cuttlefish.aarch64
common-modules/virtual-device/build.config.goldfish.aarch64
Bug: 162785964
Change-Id: I790ac0ded10bd790484f14c6f93d53e06c38b830
Signed-off-by: Will McVicker <willmcvicker@google.com>
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
(cherry picked from commit 931718fa65fe5e34d143250c048f591a7d74e5f8)
