By default, thermal power throttle is always enable, but sometimes it
need to be disabled for a period of time, so add it to meet platform
thermal requirement.
Bug: 209386157
Signed-off-by: Jeson Gao <jeson.gao@unisoc.com>
Signed-off-by: Di Shen <di.shen@unisoc.com>
Change-Id: If9c53a9669eec8e2821d837cfa3c660a9cfbf934
(cherry picked from commit 64999249d5fecc79805fd799bdf71bc5b554efc1)
In the event, gadget_connect call (which invokes pullup) fails,
propagate the error to udc bind operation which inturn sends the
error to configfs. The userspace can then retry enumeartion if
it chooses to.
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20230510075252.31023-3-quic_kriskura@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 275538389
(cherry picked from commit d34f9bafa78da2a561c67d9daf55fc4d1d80edf0 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next)
[wcheng: Fixed some merge conflicts in usb_udc_connect_control]
Change-Id: I3068fc6f679ec236fa700c4cb5dd56238dacb5ac
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
If the core soft reset timeout happens, avoid setting up event
buffers and starting gadget as the writes to these registers
may not reflect when in reset and setting the run stop bit
can lead the controller to access wrong event buffer address
resulting in a crash.
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20230510075252.31023-2-quic_kriskura@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 275538389
(cherry picked from commit 813f44d57e19ccaa7330e829bd913515be42719d https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next)
Change-Id: Ieb7fe9f6d0dc64814cf6f9b86d5ee188d07de537
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
To implement the devfreq cooling device registration by
energy model, it should add devfreq_cooling_em_register
to symbol list.
1 function symbol(s) added
'struct thermal_cooling_device* devfreq_cooling_em_register(struct devfreq*, struct devfreq_cooling_power*)'
Bug: 288934529
Signed-off-by: Di Shen <di.shen@unisoc.com>
Change-Id: I168a5bf1130edd7e53f107deb5c606fc98a95953
[ Upstream commit 04c55383fa5689357bcdd2c8036725a55ed632bc ]
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Bug: 273251569
Fixes: 705c709126 ("net: sched: cls_u32: no need to call tcf_exts_change for newly allocated struct")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 07f9cc229b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I95524bfda9a08a40b3d54515e528419dba18dc55
* CONFIG_WATCHDOG is disabled when compiling with
--kgdb option, hence the list of modules produced is
adjusted conditionally.
Bug: 270320056
Change-Id: I0eafb118836e6a31dc3b0392ab7d60b5597b9367
Signed-off-by: Ulises Mendez Martinez <umendez@google.com>
There are situations during the xhci_resume() sequence, which allows for
re-initializing of the XHCI HC. However, in case the HCD is being removed,
these operations may not be needed. Set the removal state before issuing
the runtime PM get on the XHCI device, so that the XHCI resume routine will
know when to bypass the re-init logic.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Message-ID: <20230531222719.14143-3-quic_wcheng@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 285037166
(cherry picked from commit 18af4b5c97915a6daef9de28a30ae1d3786bc2ac https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing)
Change-Id: I59ca78320bb2705c8aed8a9823de5a955ff97b0c
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
During XHCI resume, if there was a host controller error detected the
routine will attempt to re-initialize the XHCI HC, so that it can return
back to an operational state. If the XHCI host controller is being
removed, this sequence would be already handled within the XHCI halt path,
leading to a duplicate set of reg ops/calls. In addition, since the XHCI
bus is being removed, the overhead added in restarting the HCD is
unnecessary. Check for the XHC state before setting the reinit_xhc
parameter, which is responsible for triggering the restart.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Message-ID: <20230531222719.14143-2-quic_wcheng@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 285037166
(cherry picked from commit fb2ce17874cf3c3c183e5fd75144ffbe2313bf31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing)
Change-Id: Iaaf20e855930b67b356e34286991411f74af2d60
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
When the kernel is built inside a sandbox container,
a forest of symlinks to the source files may be
created in the container. In this case, the generated
kheaders.tar.xz should follow these symlinks
to access the source files, instead of packing
the symlinks themselves.
Test: manual (add kheaders_data.tar.xz to the output,
then examine the contents)
Bug: 276339429
Fixes: b0acbba3f489 ("Revert "Revert "Revert "FROMLIST: kheaders: Follow symlinks to source files."""")
Link: https://lore.kernel.org/lkml/20230420010029.2702543-1-elsk@google.com/
Signed-off-by: Yifan Hong <elsk@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:28fa7afc424f3dc53358c0e9b080433d78f0cd54)
Merged-In: Ie4db22dfa13d05fdccb3ad8f4fae2fe3fead994e
Change-Id: Ie4db22dfa13d05fdccb3ad8f4fae2fe3fead994e
Generally DAMP is a best practice in Bazel, for this
specific case, it helps with:
* Better target discoverability and auto-completion.
* It's possible to use `select` for KGDB fixes later on
without encountering name expectations broken.
Bug: 256196368
Bug: 270320056
Change-Id: I300404a9b2b4b7c6569145a942ecb445d23e8e9a
Signed-off-by: Ulises Mendez Martinez <umendez@google.com>
* CONFIG_WATCHDOG is disabled when compiling with
--kgdb option, hence the list of modules produced is
adjusted conditionally on its value.
Bug: 270320056
Change-Id: I4db55fdf6b91a65209d2e0ae3bbb5f384c7eca22
Signed-off-by: Ulises Mendez Martinez <umendez@google.com>
modules.bzl is the source of truth for the list of GKI
modules. There is no need to keep two lists.
Test: TH
Bug: 287697703
Signed-off-by: Yifan Hong <elsk@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:a8a61755f67730af45d50f6173a4eedbcefa1c87)
Merged-In: I8953e92696833cf8ec27aa80724ec468c08736f1
Change-Id: I8953e92696833cf8ec27aa80724ec468c08736f1
The existing fuse-bpf freeing logic would free the fuse_file struct
immediately. However, this would break readahead. Move freeing logic
to the same place as done in classic fuse.
Bug: 286287652
Test: fuse_test passes, android boots, cts tests run
Change-Id: If13519f0e956a8da0dc98e7ac4aed2036070e969
Signed-off-by: Paul Lawrence <paullawrence@google.com>
By putting and nulling fuse_inode's bpf field in fuse_evict_inode, we
left a race condition - this inode can still be active. Do not put the
bpf program until we are doing the final free in fuse_free_inode. This
was the root cause of the reported bug.
The backing inode cannot be put in fuse_free_inode, since put_inode can
sleep and this is called from an RCU handler. But the backing inode
cannot be freed until an RCU interval, so move the put_inode to the same
location as in overlayfs, which is destroy_inode.
Remove a path in fuse_handle_bpf_prog whereby bpf can be nulled out.
When we want to be able to null/change the bpf_prog in the future, we
will have to use a mutex or maybe RCU to protect existing users. But
until this time, ban this path.
Bug: 284450048
Test: fuse_test passes, Pixel 6 passes basic tests
Change-Id: Ie6844242f279a5b202eb021eac5a2dd3d08bf09d
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Current usecases require more than 16 CMA areas. Hence increase the
number of CMA areas to 32.
Bug: 287582821
Change-Id: I50439ee2a3e16d62fdf6c77b99f4779f3af430d6
Signed-off-by: Pratyush Brahma <quic_pbrahma@quicinc.com>
Signed-off-by: Jaskaran Singh <quic_jasksing@quicinc.com>
They are controlled by kernel_images.modules_list, which is
set by define_common_kernels already.
The flags in build.configs has no effect.
Test: TH
Bug: 287697703
Signed-off-by: Yifan Hong <elsk@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:9bf4e4620ecc801c7eb824210595d9777b4a2ff8)
Merged-In: I1e322529476b4db67a1574393819900bdbd41311
Change-Id: I1e322529476b4db67a1574393819900bdbd41311
Commit "ANDROID: HID; Over-ride default maximum buffer size when using
UHID" provided a means for the UHID driver to offer an alternative
(smaller) report buffer size when dealing with user-space. The method
used was an Android-only solution designed to prevent the KMI ABI from
being broken (nb: the upstream solution was cleaner, but broke the ABI).
Since this solution involved consuming resources exported by a
subordinate driver, that driver would have to be enabled for the export
to take place. Since all of our default configs enable UHID, an issue
was not detected. However, for more specific kernel configs, where HID
is enabled, but UHID is not, this leads to compile-time undefined symbol
errors:
ld.lld: error: undefined symbol: uhid_hid_driver
This patch relies on the compiler to leave out unutilised sections of
the code if the associated resources are not available.
Bug: 260007429
Reported-by: Paul Lawrence <paullawrence@google.com>
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I80b1aa7454c89d5c5e21f0268252ffb666efab97
[ Upstream commit 63264422785021704c39b38f65a78ab9e4a186d7 ]
In r592_probe, dev->detect_timer was bound with r592_detect_timer.
In r592_irq function, the timer function will be invoked by mod_timer.
If we remove the module which will call hantro_release to make cleanup,
there may be a unfinished work. The possible sequence is as follows,
which will cause a typical UAF bug.
Fix it by canceling the work before cleanup in r592_remove.
CPU0 CPU1
|r592_detect_timer
r592_remove |
memstick_free_host|
put_device; |
kfree(host); |
|
| queue_work
| &host->media_checker //use
Bug: 287729043
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Link: https://lore.kernel.org/r/20230307164338.1246287-1-zyytlz.wz@163.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9a342d4eb9)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Idb15f593287ebaeec294b3e276126306fa6743ba
commit 22ed903eee23a5b174e240f1cdfa9acf393a5210 upstream.
syzbot detected a crash during log recovery:
XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200.
XFS (loop0): Starting recovery (logdev: internal)
==================================================================
BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x15c/0x6d0 fs/xfs/libxfs/xfs_btree.c:1813
Read of size 8 at addr ffff88807e89f258 by task syz-executor132/5074
CPU: 0 PID: 5074 Comm: syz-executor132 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
print_address_description+0x74/0x340 mm/kasan/report.c:306
print_report+0x107/0x1f0 mm/kasan/report.c:417
kasan_report+0xcd/0x100 mm/kasan/report.c:517
xfs_btree_lookup_get_block+0x15c/0x6d0 fs/xfs/libxfs/xfs_btree.c:1813
xfs_btree_lookup+0x346/0x12c0 fs/xfs/libxfs/xfs_btree.c:1913
xfs_btree_simple_query_range+0xde/0x6a0 fs/xfs/libxfs/xfs_btree.c:4713
xfs_btree_query_range+0x2db/0x380 fs/xfs/libxfs/xfs_btree.c:4953
xfs_refcount_recover_cow_leftovers+0x2d1/0xa60 fs/xfs/libxfs/xfs_refcount.c:1946
xfs_reflink_recover_cow+0xab/0x1b0 fs/xfs/xfs_reflink.c:930
xlog_recover_finish+0x824/0x920 fs/xfs/xfs_log_recover.c:3493
xfs_log_mount_finish+0x1ec/0x3d0 fs/xfs/xfs_log.c:829
xfs_mountfs+0x146a/0x1ef0 fs/xfs/xfs_mount.c:933
xfs_fs_fill_super+0xf95/0x11f0 fs/xfs/xfs_super.c:1666
get_tree_bdev+0x400/0x620 fs/super.c:1282
vfs_get_tree+0x88/0x270 fs/super.c:1489
do_new_mount+0x289/0xad0 fs/namespace.c:3145
do_mount fs/namespace.c:3488 [inline]
__do_sys_mount fs/namespace.c:3697 [inline]
__se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f89fa3f4aca
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd5fb5ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f89fa3f4aca
RDX: 0000000020000100 RSI: 0000000020009640 RDI: 00007fffd5fb5f10
RBP: 00007fffd5fb5f10 R08: 00007fffd5fb5f50 R09: 000000000000970d
R10: 0000000000200800 R11: 0000000000000206 R12: 0000000000000004
R13: 0000555556c6b2c0 R14: 0000000000200800 R15: 00007fffd5fb5f50
</TASK>
The fuzzed image contains an AGF with an obviously garbage
agf_refcount_level value of 32, and a dirty log with a buffer log item
for that AGF. The ondisk AGF has a higher LSN than the recovered log
item. xlog_recover_buf_commit_pass2 reads the buffer, compares the
LSNs, and decides to skip replay because the ondisk buffer appears to be
newer.
Unfortunately, the ondisk buffer is corrupt, but recovery just read the
buffer with no buffer ops specified:
error = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno,
buf_f->blf_len, buf_flags, &bp, NULL);
Skipping the buffer leaves its contents in memory unverified. This sets
us up for a kernel crash because xfs_refcount_recover_cow_leftovers
reads the buffer (which is still around in XBF_DONE state, so no read
verification) and creates a refcountbt cursor of height 32. This is
impossible so we run off the end of the cursor object and crash.
Fix this by invoking the verifier on all skipped buffers and aborting
log recovery if the ondisk buffer is corrupt. It might be smarter to
force replay the log item atop the buffer and then see if it'll pass the
write verifier (like ext4 does) but for now let's go with the
conservative option where we stop immediately.
Bug: 284409747
Link: https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Reported-by: Danila Chernetsov <listdansp@mail.ru>
Link: https://lore.kernel.org/linux-xfs/20230601164439.15404-1-listdansp@mail.ru
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a2961463d7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie5e156221966323a9cb7cc261b4ed17593cfaabd
commit 25c150ac103a4ebeed0319994c742a90634ddf18 upstream.
Previously, capability was checked using capable(), which verified that the
caller of the ioctl system call had the required capability. In addition,
the result of the check would be stored in the HCI_SOCK_TRUSTED flag,
making it persistent for the socket.
However, malicious programs can abuse this approach by deliberately sharing
an HCI socket with a privileged task. The HCI socket will be marked as
trusted when the privileged task occasionally makes an ioctl call.
This problem can be solved by using sk_capable() to check capability, which
ensures that not only the current task but also the socket opener has the
specified capability, thus reducing the risk of privilege escalation
through the previously identified vulnerability.
Bug: 286456284
Cc: stable@vger.kernel.org
Fixes: f81f5b2db8 ("Bluetooth: Send control open and close messages for HCI raw sockets")
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 47e6893a5b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I9a4b20c7b1e9b4e6bbd6371264aec039770a52ff
mas_rebalance() is called to rebalance an insufficient node into a
single node or two sufficient nodes. The preallocation estimate is
always too many in this case as the height of the tree will never grow
and there is no possibility to have a three way split in this case, so
revise the node allocation count.
Change-Id: I04ba0674da381c06d4f8077f9f59d64b7d1a8312
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link: https://lore.kernel.org/all/20230612203953.2093911-9-Liam.Howlett@oracle.com/
Bug: 274059236
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
mas_prealloc() may walk partially down the tree before finding that a
split or spanning store is needed. When the write occurs, relax the
logic on resetting the walk so that partial walks will not restart, but
walks that have gone too far (a store that affects beyond the current
node) should be restarted.
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link: https://lore.kernel.org/all/20230612203953.2093911-16-Liam.Howlett@oracle.com/
Bug: 274059236
Change-Id: I87dedebae085f067b08caeaf1bd19bb343ff305f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Calculate the number of nodes based on the pending write action instead
of assuming the worst case.
This addresses a performance regression introduced in platforms that
have longer allocation timing.
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link: https://lore.kernel.org/all/20230612203953.2093911-15-Liam.Howlett@oracle.com/
[surenb: replace mas_wr_new_end with mas_wr_node_size]
Bug: 274059236
Change-Id: I8fc22bca45fa005acf767722034a260242a4da52
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This is needed to get the module on the system_dlkm image.
Bug: 276339429
Change-Id: Ib8c19d0d23f27bc3872e8d387b20cef07327c600
Signed-off-by: Will McVicker <willmcvicker@google.com>
Set KMI_GENERATION=11 for 6/16 KMI update
function symbol changed from 'int __traceiter_android_rvh_schedule(void*, struct task_struct*, struct task_struct*, struct rq*)' to 'int __traceiter_android_rvh_schedule(void*, unsigned int, struct task_struct*, struct task_struct*, struct rq*)'
CRC changed from 0x6be67582 to 0x5597e05e
type changed from 'int(void*, struct task_struct*, struct task_struct*, struct rq*)' to 'int(void*, unsigned int, struct task_struct*, struct task_struct*, struct rq*)'
parameter 2 type changed from 'struct task_struct*' to 'unsigned int'
parameter 4 type changed from 'struct rq*' to 'struct task_struct*'
pointed-to type changed from 'struct rq' to 'struct task_struct'
parameter 5 of type 'struct rq*' was added
function symbol 'struct usb_hcd* __usb_create_hcd(const struct hc_driver*, struct device*, struct device*, const char*, struct usb_hcd*)' changed
CRC changed from 0xab3fbd7 to 0x44b8d338
function symbol 'struct usb_phy* devm_usb_get_phy(struct device*, enum usb_phy_type)' changed
CRC changed from 0x976fe01c to 0x3b6c04cd
function symbol 'struct usb_phy* devm_usb_get_phy_by_node(struct device*, struct device_node*, struct notifier_block*)' changed
CRC changed from 0xaaf602d1 to 0x9225cdfb
... 25 omitted; 28 symbols have only CRC changes
type 'struct usb_phy' changed
byte size changed from 360 to 392
member 'u64 android_kabi_reserved0' was added
member 'u64 android_kabi_reserved1' changed
offset changed by 64
member 'u64 android_kabi_reserved2' was added
member 'u64 android_kabi_reserved3' was added
member 'u64 android_kabi_reserved4' was added
Bug: 287162457
Change-Id: I82bd766a4ac81bb8fdaca4d95e95c8c413ac7485
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Checking whether the ui and render threads are preempted
during frame drawing,then adjusting the prority and core
selection if they are preempted,because we expect the
threads to be executed first.By introducing the
sched_mode parameter, we can check the prev thread
preemption status in the hook, and judging important
threads for executing business logic.
Bug: 285166029
Change-Id: I6af31dff4c9032940c7f1c991a25a49ebbeac7a8
Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com>
There is at least one pending change for struct usb_phy that is not
going to make the ABI freeze deadline, but has already been submitted
upstream and is under active development. So reserve a spot for that
new callback to be added, and provide a bit more buffer here to the
structure for any future LTS changes that might be coming in this area
of the kernel
Bug: 151154716
Cc: Stanley Chang <stanley_chang@realtek.com>
Change-Id: I992a46fa35502fd491ee24d503290119c9b9f655
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Match by how many bytes or packets a connection has transferred so far, or by average bytes per packet.
Bug: 284571311
Signed-off-by: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
Change-Id: I352bc42ab0da321e29a8cef1069565b7a5f182e7
(cherry picked from commit d80f39a5aed79ae81eb92f009829905da8e4f7a0)
Now that the branch is used to create production GKI
images, need to institute ACK DrNo for all commits.
The DrNo approvers are in the android-mainline branch
at /OWNERS_DrNo.
Bug: 287162457
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: Id5bb83d7add5f314df6816c1c51b4bf2d8018e79
This locks down OWNERS approval to a small group to guard against
unintentional breakages.
Bug: 287162457
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: I58ca467b1e7786e1ad0f6ad67c7a7a5845a91ec6
Set KMI_GENERATION=10 for 6/16 KMI update
function symbol changed from 'int devm_gh_rm_register_platform_ops(struct device*, struct gh_rm_platform_ops*)' to 'int devm_gh_rm_register_platform_ops(struct device*, const struct gh_rm_platform_ops*)'
CRC changed from 0xec193d82 to 0xe82ea1f9
type changed from 'int(struct device*, struct gh_rm_platform_ops*)' to 'int(struct device*, const struct gh_rm_platform_ops*)'
parameter 2 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
function symbol changed from 'int gh_rm_register_platform_ops(struct gh_rm_platform_ops*)' to 'int gh_rm_register_platform_ops(const struct gh_rm_platform_ops*)'
CRC changed from 0xc34a7803 to 0xfd11885c
type changed from 'int(struct gh_rm_platform_ops*)' to 'int(const struct gh_rm_platform_ops*)'
parameter 1 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
function symbol changed from 'void gh_rm_unregister_platform_ops(struct gh_rm_platform_ops*)' to 'void gh_rm_unregister_platform_ops(const struct gh_rm_platform_ops*)'
CRC changed from 0xc1f09d18 to 0x57f483b
type changed from 'void(struct gh_rm_platform_ops*)' to 'void(const struct gh_rm_platform_ops*)'
parameter 1 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
function symbol 'int ___pskb_trim(struct sk_buff*, unsigned int)' changed
CRC changed from 0xb8fdf4c6 to 0x45b20f13
function symbol 'struct sk_buff* __alloc_skb(unsigned int, gfp_t, int, int)' changed
CRC changed from 0x34355489 to 0x19dd35ba
function symbol 'void __balance_callbacks(struct rq*)' changed
CRC changed from 0x76a1a2f4 to 0x2af1f39a
... 886 omitted; 889 symbols have only CRC changes
type 'struct hci_dev' changed
byte size changed from 6416 to 6464
member 'struct mutex unregister_lock' was added
106 members ('struct work_struct cmd_sync_cancel_work' .. 'u64 android_kabi_reserved4') changed
offset changed by 384
type 'struct sock' changed
member 'int sk_wait_pending' was added
type 'struct xhci_driver_overrides' changed
byte size changed from 64 to 120
member 'int(* address_device)(struct usb_hcd*, struct usb_device*)' was added
member 'int(* bus_suspend)(struct usb_hcd*)' was added
member 'int(* bus_resume)(struct usb_hcd*)' was added
member 'u64 android_kabi_reserved1' was added
member 'u64 android_kabi_reserved2' was added
member 'u64 android_kabi_reserved3' was added
member 'u64 android_kabi_reserved4' was added
type 'struct pneigh_entry' changed
member changed from 'u8 key[0]' to 'u32 key[0]'
offset changed from 232 to 256
type changed from 'u8[0]' to 'u32[0]'
element type changed from 'u8' = '__u8' = 'unsigned char' to 'u32' = '__u32' = 'unsigned int'
resolved type changed from 'unsigned char' to 'unsigned int'
type 'struct usb_udc' changed
byte size changed from 952 to 1048
member 'bool allow_connect' was added
member 'struct work_struct vbus_work' was added
member 'struct mutex connect_lock' was added
type 'struct sk_psock' changed
byte size changed from 392 to 472
member changed from 'struct work_struct work' to 'struct delayed_work work'
offset changed from 2176 to 2112
type changed from 'struct work_struct' to 'struct delayed_work'
member 'struct rcu_work rwork' changed
offset changed by 640
type 'struct netns_sysctl_ipv6' changed
member changed from 'bool skip_notify_on_dev_down' to 'int skip_notify_on_dev_down'
type changed from 'bool' = '_Bool' to 'int'
resolved type changed from '_Bool' to 'int'
member 'u8 fib_notify_on_flag_change' changed
offset changed by 24
type 'struct sk_psock_work_state' changed
byte size changed from 16 to 8
member 'struct sk_buff* skb' was removed
2 members ('u32 len' .. 'u32 off') changed
offset changed by -64
Bug: 287162457
Change-Id: I438a8aa2c6a38dd5d575493b2735fe4d4403a971
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Const-ify the gh_rm_platform_ops.
Syncs with the latest version of the platform ops:
https://lore.kernel.org/all/20230613172054.3959700-15-quic_eberman@quicinc.com/
INFO: function symbol changed from 'int devm_gh_rm_register_platform_ops(struct device*, struct gh_rm_platform_ops*)' to 'int devm_gh_rm_register_platform_ops(struct device*, const struct gh_rm_platform_ops*)'
CRC changed from 0xc4b20ef4 to 0x7fe0042f
type changed from 'int(struct device*, struct gh_rm_platform_ops*)' to 'int(struct device*, const struct gh_rm_platform_ops*)'
parameter 2 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
function symbol changed from 'int gh_rm_register_platform_ops(struct gh_rm_platform_ops*)' to 'int gh_rm_register_platform_ops(const struct gh_rm_platform_ops*)'
CRC changed from 0xc34a7803 to 0xfd11885c
type changed from 'int(struct gh_rm_platform_ops*)' to 'int(const struct gh_rm_platform_ops*)'
parameter 1 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
function symbol changed from 'void gh_rm_unregister_platform_ops(struct gh_rm_platform_ops*)' to 'void gh_rm_unregister_platform_ops(const struct gh_rm_platform_ops*)'
CRC changed from 0xc1f09d18 to 0x57f483b
type changed from 'void(struct gh_rm_platform_ops*)' to 'void(const struct gh_rm_platform_ops*)'
parameter 1 type changed from 'struct gh_rm_platform_ops*' to 'const struct gh_rm_platform_ops*'
pointed-to type changed from 'struct gh_rm_platform_ops' to 'const struct gh_rm_platform_ops'
qualifier const added
Bug: 287037804
Change-Id: Iff37610b721c344ac8c6b1737830f6d1e8674d34
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
usb_udc_connect_control(), soft_connect_store() and
usb_gadget_deactivate() can potentially race against each other to invoke
usb_gadget_connect()/usb_gadget_disconnect(). To prevent this, guard
udc->started, gadget->allow_connect, gadget->deactivate and
gadget->connect with connect_lock so that ->pullup() is only invoked when
the gadget is bound, started and not deactivated. The routines
usb_gadget_connect_locked(), usb_gadget_disconnect_locked(),
usb_udc_connect_control_locked(), usb_gadget_udc_start_locked(),
usb_gadget_udc_stop_locked() are called with this lock held.
An earlier version of this commit was reverted due to the crash reported in
https://lore.kernel.org/all/ZF4BvgsOyoKxdPFF@francesco-nb.int.toradex.com/.
commit 16737e78d190 ("usb: gadget: udc: core: Offload usb_udc_vbus_handler processing")
addresses the crash reported.
Cc: stable@vger.kernel.org
Fixes: 628ef0d273 ("usb: udc: add usb_udc_vbus_handler")
Change-Id: I33b56f9eee28059a7e113d6c8081ab6653a03c33
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Message-ID: <20230609010227.978661-2-badhri@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 286d9975a838d0a54da049765fa1d1fb96b89682
https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-linus)
usb_udc_vbus_handler() can be invoked from interrupt context by irq
handlers of the gadget drivers, however, usb_udc_connect_control() has
to run in non-atomic context due to the following:
a. Some of the gadget driver implementations expect the ->pullup
callback to be invoked in non-atomic context.
b. usb_gadget_disconnect() acquires udc_lock which is a mutex.
Hence offload invocation of usb_udc_connect_control()
to workqueue.
UDC should not be pulled up unless gadget driver is bound. The new flag
"allow_connect" is now set by gadget_bind_driver() and cleared by
gadget_unbind_driver(). This prevents work item to pull up the gadget
even if queued when the gadget driver is already unbound.
Cc: stable@vger.kernel.org
Fixes: 1016fc0c09 ("USB: gadget: Fix obscure lockdep violation for udc_mutex")
Change-Id: Idbe00846fc5394397567024c3081381ddec7cfae
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Message-ID: <20230609010227.978661-1-badhri@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 50966da807c81c5eb3bdfd392990fe0bba94d1ee
https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-linus)
commit fe2ccc6c29d53e14d3c8b3ddf8ad965a92e074ee upstream.
Since commit ec6cef9cd9 ("Bluetooth: Fix SMP channel registration for
unconfigured controllers") the debugfs interface for unconfigured
controllers will be created when the controller is configured.
There is however currently nothing preventing a controller from being
configured multiple time (e.g. setting the device address using btmgmt)
which results in failed attempts to register the already registered
debugfs entries:
debugfs: File 'features' in directory 'hci0' already present!
debugfs: File 'manufacturer' in directory 'hci0' already present!
debugfs: File 'hci_version' in directory 'hci0' already present!
...
debugfs: File 'quirk_simultaneous_discovery' in directory 'hci0' already present!
Add a controller flag to avoid trying to register the debugfs interface
more than once.
Fixes: ec6cef9cd9 ("Bluetooth: Fix SMP channel registration for unconfigured controllers")
Cc: stable@vger.kernel.org # 4.0
Change-Id: I495feabe66fa2b294ff72fbb5dfd1bd869b1ad83
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e5ae01fd46)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 1857c19941c87eb36ad47f22a406be5dfe5eff9f ]
When the HCI_UNREGISTER flag is set, no jobs should be scheduled. Fix
potential race when HCI_UNREGISTER is set after the flag is tested in
hci_cmd_sync_queue.
Fixes: 0b94f2651f ("Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set")
Change-Id: I565a2ad87dc2ce4fd62ee0d09a5d28342fec8ad3
Signed-off-by: Zhengping Jiang <jiangzp@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 17aac12002)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit edf2e1d2019b2730d6076dbe4c040d37d7c10bbe ]
skip_notify_on_dev_down ctl table expects this field
to be an int (4 bytes), not a bool (1 byte).
Because proc_dou8vec_minmax() was added in 5.13,
this patch converts skip_notify_on_dev_down to an int.
Following patch then converts the field to u8 and use proc_dou8vec_minmax().
Fixes: 7c6bb7d2fa ("net/ipv6: Add knob to skip DELROUTE message on device down")
Change-Id: I99875fad5012906099456fafa88e42e7f02133cf
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 76e38e6e1b)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
