Merge branch 'android12-5.10' into android12-5.10-lts

Catch up the -lts branch with the recent backmerge and some smaller
changes.  Included in here are the following commits:

* 95fd17f446 Merge tag 'android12-5.10.223_r00' into android12-5.10
* 5a3d6440f5 ANDROID: Update the GKI symbol list and ABI XML
* 134a56fc8a ANDROID: irqchip/irq-gic-v3: Add vendor hook for gic suspend
* c2201dde2a FROMLIST: binder: fix UAF caused by offsets overwrite
* 68af227b95 ANDROID: gki - set CONFIG_USB_NET_AX88179_178A=y (usb gbit ethernet dongle)
* d66c08993e ANDROID: gki - CONFIG_USB_NET_AX8817X=y
* eeb46257ab ANDROID: GKI: Update symbols to symbol list
* 7541015675 ANDROID: GKI: remove export of tracing control functions
* 08892fdf71 ANDROID: Incremental fs: Retry page faults on non-fatal errors
* 686e8cd4df ANDROID: update ABI XML due to struct clk_core change
* 5a64f75761 UPSTREAM: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()

Change-Id: I49a26d4d4b4a41e5350d3917ac530074cf26b471
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

android/abi_gki_aarch64_qcom

@@ -984,6 +984,9 @@
   get_user_pages
   get_zeroed_page
   gfp_zone
+  gic_cpu_init
+  gic_dist_init
+  gic_dist_wait_for_rwp
   gic_nonsecure_priorities
   gic_resume
   gov_attr_set_init
@@ -2587,6 +2590,7 @@
   __traceiter_android_vh_ftrace_oops_exit
   __traceiter_android_vh_ftrace_size_check
   __traceiter_android_vh_gic_resume
+  __traceiter_android_vh_gic_suspend
   __traceiter_android_vh_gpio_block_read
   __traceiter_android_vh_handle_tlb_conf
   __traceiter_android_vh_iommu_setup_dma_ops
@@ -2716,6 +2720,7 @@
   __tracepoint_android_vh_ftrace_oops_exit
   __tracepoint_android_vh_ftrace_size_check
   __tracepoint_android_vh_gic_resume
+  __tracepoint_android_vh_gic_suspend
   __tracepoint_android_vh_gpio_block_read
   __tracepoint_android_vh_handle_tlb_conf
   __tracepoint_android_vh_iommu_setup_dma_ops

android/abi_gki_aarch64_transsion

@@ -134,3 +134,9 @@
   __tracepoint_android_vh_blk_mq_free_tags
   __tracepoint_android_vh_blk_mq_sched_insert_request
   zero_pfn
+  fsnotify_add_mark
+  fsnotify_alloc_group
+  fsnotify_destroy_mark
+  fsnotify_init_mark
+  fsnotify_put_group
+  fsnotify_put_mark

arch/arm64/configs/db845c_gki.fragment

@@ -6,8 +6,6 @@ CONFIG_MAC80211=m
 CONFIG_QRTR=m
 CONFIG_QRTR_TUN=m
 CONFIG_SCSI_UFS_QCOM=m
-CONFIG_USB_NET_AX8817X=m
-CONFIG_USB_NET_AX88179_178A=m
 CONFIG_INPUT_PM8941_PWRKEY=m
 CONFIG_SERIAL_MSM=m
 CONFIG_SERIAL_QCOM_GENI=m

arch/arm64/configs/gki_defconfig

@@ -333,8 +333,6 @@ CONFIG_PPPOL2TP=y
 CONFIG_USB_RTL8150=y
 CONFIG_USB_RTL8152=y
 CONFIG_USB_USBNET=y
-# CONFIG_USB_NET_AX8817X is not set
-# CONFIG_USB_NET_AX88179_178A is not set
 CONFIG_USB_NET_CDC_EEM=y
 # CONFIG_USB_NET_NET1080 is not set
 # CONFIG_USB_NET_CDC_SUBSET is not set

arch/x86/configs/gki_defconfig

@@ -304,8 +304,6 @@ CONFIG_PPPOL2TP=y
 CONFIG_USB_RTL8150=y
 CONFIG_USB_RTL8152=y
 CONFIG_USB_USBNET=y
-# CONFIG_USB_NET_AX8817X is not set
-# CONFIG_USB_NET_AX88179_178A is not set
 CONFIG_USB_NET_CDC_EEM=y
 # CONFIG_USB_NET_NET1080 is not set
 # CONFIG_USB_NET_CDC_SUBSET is not set

drivers/android/binder.c

@@ -3436,6 +3436,7 @@ static void binder_transaction(struct binder_proc *proc,
 		 */
 		copy_size = object_offset - user_offset;
 		if (copy_size && (user_offset > object_offset ||
+				object_offset > tr->data_size ||
 				binder_alloc_copy_user_to_buffer(
 					&target_proc->alloc,
 					t->buffer, user_offset,

drivers/android/vendor_hooks.c

@@ -145,6 +145,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpu_idle_enter);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpu_idle_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_find_busiest_group);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_gic_resume);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_gic_suspend);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_wq_lockup_pool);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ipi_stop);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_dump_throttled_rt_tasks);

drivers/irqchip/irq-gic-v3.c

@@ -217,10 +217,11 @@ static void gic_do_wait_for_rwp(void __iomem *base, u32 bit)
 }
 
 /* Wait for completion of a distributor change */
-static void gic_dist_wait_for_rwp(void)
+void gic_dist_wait_for_rwp(void)
 {
 	gic_do_wait_for_rwp(gic_data.dist_base, GICD_CTLR_RWP);
 }
+EXPORT_SYMBOL_GPL(gic_dist_wait_for_rwp);
 
 /* Wait for completion of a redistributor change */
 static void gic_redist_wait_for_rwp(void)
@@ -797,7 +798,7 @@ static bool gic_has_group0(void)
 	return val != 0;
 }
 
-static void __init gic_dist_init(void)
+void gic_dist_init(void)
 {
 	unsigned int i;
 	u64 affinity;
@@ -855,6 +856,7 @@ static void __init gic_dist_init(void)
 	for (i = 0; i < GIC_ESPI_NR; i++)
 		gic_write_irouter(affinity, base + GICD_IROUTERnE + i * 8);
 }
+EXPORT_SYMBOL_GPL(gic_dist_init);
 
 static int gic_iterate_rdists(int (*fn)(struct redist_region *, void __iomem *))
 {
@@ -1136,7 +1138,7 @@ static int gic_dist_supports_lpis(void)
 		!gicv3_nolpi);
 }
 
-static void gic_cpu_init(void)
+void gic_cpu_init(void)
 {
 	void __iomem *rbase;
 	int i;
@@ -1163,6 +1165,7 @@ static void gic_cpu_init(void)
 	/* initialise system registers */
 	gic_cpu_sys_reg_init();
 }
+EXPORT_SYMBOL_GPL(gic_cpu_init);
 
 #ifdef CONFIG_SMP
 
@@ -1363,8 +1366,17 @@ void gic_resume(void)
 }
 EXPORT_SYMBOL_GPL(gic_resume);
 
+static int gic_suspend(void)
+{
+	int ret = 0;
+
+	trace_android_vh_gic_suspend(&gic_data, &ret);
+	return ret;
+}
+
 static struct syscore_ops gic_syscore_ops = {
 	.resume = gic_resume,
+	.suspend = gic_suspend,
 };
 
 static void gic_syscore_init(void)
@@ -1375,6 +1387,7 @@ static void gic_syscore_init(void)
 #else
 static inline void gic_syscore_init(void) { }
 void gic_resume(void) { }
+static int gic_suspend(void) { return 0; }
 #endif
 
 

fs/incfs/format.h

@@ -314,6 +314,11 @@ struct backing_file_context {
 	 * there is no need to get/put the creds
 	 */
 	const struct cred *bc_cred;
+
+	/*
+	 * The file has a bad block, i.e. one that has failed checksumming.
+	 */
+	bool bc_has_bad_block;
 };
 
 struct metadata_handler {

fs/incfs/sysfs.c

@@ -35,6 +35,7 @@ DECLARE_FEATURE_FLAG(zstd);
 DECLARE_FEATURE_FLAG(v2);
 DECLARE_FEATURE_FLAG(bugfix_throttling);
 DECLARE_FEATURE_FLAG(bugfix_inode_eviction);
+DECLARE_FEATURE_FLAG(bugfix_retry_page_fault);
 
 static struct attribute *attributes[] = {
 	&corefs_attr.attr,
@@ -42,6 +43,7 @@ static struct attribute *attributes[] = {
 	&v2_attr.attr,
 	&bugfix_throttling_attr.attr,
 	&bugfix_inode_eviction_attr.attr,
+	&bugfix_retry_page_fault_attr.attr,
 	NULL,
 };
 

fs/incfs/vfs.c

@@ -115,7 +115,28 @@ static const struct address_space_operations incfs_address_space_ops = {
 
 static vm_fault_t incfs_fault(struct vm_fault *vmf)
 {
-	vmf->flags &= ~FAULT_FLAG_ALLOW_RETRY;
+	struct file *file = vmf->vma->vm_file;
+	struct data_file *df = get_incfs_data_file(file);
+	struct backing_file_context *bfc = df ? df->df_backing_file_context : NULL;
+
+	/*
+	 * This is something of a kludge
+	 * We want to retry if the read from the underlying file is interrupted,
+	 * but not if the read fails because the stored data is corrupt since the
+	 * latter causes an infinite loop.
+	 *
+	 * However, whether we wish to retry must be set before we call
+	 * filemap_fault, *and* there is no way of getting the read error code out
+	 * of filemap_fault.
+	 *
+	 * So unless there is a robust solution to both the above problems, we can
+	 * solve the actual issues we have encoutered by retrying unless there is
+	 * known corruption in the backing file. This does mean that we won't retry
+	 * with a corrupt backing file if a (good) read is interrupted, but we
+	 * don't really handle corruption well anyway at this time.
+	 */
+	if (bfc && bfc->bc_has_bad_block)
+		vmf->flags &= ~FAULT_FLAG_ALLOW_RETRY;
 	return filemap_fault(vmf);
 }
 
@@ -581,6 +602,13 @@ static int read_single_page(struct file *f, struct page *page)
 	else if (read_result < PAGE_SIZE)
 		zero_user(page, read_result, PAGE_SIZE - read_result);
 
+	if (result == -EBADMSG) {
+		struct backing_file_context *bfc = df ? df->df_backing_file_context : NULL;
+
+		if (bfc)
+			bfc->bc_has_bad_block = 1;
+	}
+
 	if (result == 0)
 		SetPageUptodate(page);
 	else

include/linux/irqchip/arm-gic-v3.h

@@ -723,6 +723,9 @@ static inline bool gic_enable_sre(void)
 }
 
 void gic_resume(void);
+void gic_dist_init(void);
+void gic_cpu_init(void);
+void gic_dist_wait_for_rwp(void);
 
 #endif
 

include/trace/hooks/gic_v3.h

@@ -19,6 +19,9 @@ struct irq_data;
 /* struct irq_data */
 #include <linux/irq.h>
 #endif /* __GENKSYMS__ */
+
+struct gic_chip_data;
+
 DECLARE_RESTRICTED_HOOK(android_rvh_gic_v3_set_affinity,
 	TP_PROTO(struct irq_data *d, const struct cpumask *mask_val,
 		 u64 *affinity, bool force, void __iomem *base),
@@ -26,6 +29,9 @@ DECLARE_RESTRICTED_HOOK(android_rvh_gic_v3_set_affinity,
 	1);
 
 /* macro versions of hooks are no longer required */
+DECLARE_HOOK(android_vh_gic_suspend,
+	TP_PROTO(struct gic_chip_data *gd, int *ret),
+	TP_ARGS(gd, ret));
 
 #endif /* _TRACE_HOOK_GIC_V3_H */
 /* This part must be outside protection */

kernel/trace/trace.c

@@ -984,7 +984,6 @@ void tracing_on(void)
 {
 	tracer_tracing_on(&global_trace);
 }
-EXPORT_SYMBOL_GPL(tracing_on);
 
 
 static __always_inline void

tools/testing/selftests/filesystems/incfs/Makefile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: GPL-2.0
-CFLAGS += -D_FILE_OFFSET_BITS=64 -Wall -Werror -I../.. -I../../../../.. -fno-omit-frame-pointer -fsanitize=address -g
-LDLIBS := -llz4 -lzstd -lcrypto -lpthread -fsanitize=address
+CFLAGS += -D_FILE_OFFSET_BITS=64 -Wall -Wno-deprecated-declarations -Werror -I../.. -I../../../../.. -fno-omit-frame-pointer -g
+LDLIBS := -llz4 -lzstd -lcrypto -lpthread
 TEST_GEN_PROGS := incfs_test incfs_stress incfs_perf
 
 include ../../lib.mk