firefly-linux-kernel-4.4.55.git
9 years agoUSB: gadget: midi: Fix deadlock unbinding driver while it is in use
Mike Lockwood [Thu, 29 Jan 2015 21:37:06 +0000 (13:37 -0800)]
USB: gadget: midi: Fix deadlock unbinding driver while it is in use

Using snd_card_free_when_closed rather than snd_card_free in f_midi_unbind
makes it safe to disable the driver while a userspace client has the
ALSA device open.

Change-Id: Ibc40c01e7b1ce90fc61d3ea654b4816fadfc7ffd
Signed-off-by: Mike Lockwood <lockwood@google.com>
9 years agofs: ecryptfs: readdir: constify actor
Amit Pundir [Fri, 13 Mar 2015 08:29:47 +0000 (13:59 +0530)]
fs: ecryptfs: readdir: constify actor

actor is a constant in dir_context struct and
because of that we run into following build failure:
----------
fs/ecryptfs/file.c: In function ‘ecryptfs_readdir’:
fs/ecryptfs/file.c:130:2: error: assignment of read-only member ‘actor’
make[2]: *** [fs/ecryptfs/file.o] Error 1
make[1]: *** [fs/ecryptfs] Error 2
make: *** [fs] Error 2
----------

This fix is based on commit: b2497fc3057a([readdir] constify ->actor)

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
9 years agomm: reorder can_do_mlock to fix audit denial
Jeff Vander Stoep [Wed, 11 Mar 2015 21:32:24 +0000 (14:32 -0700)]
mm: reorder can_do_mlock to fix audit denial

A userspace call to mmap(MAP_LOCKED) may result in the successful locking
of memory while also producing a confusing audit log denial.  can_do_mlock
checks capable and rlimit.  If either of these return positive
can_do_mlock returns true.  The capable check leads to an LSM hook used by
apparmour and selinux which produce the audit denial.  Reordering so
rlimit is checked first eliminates the denial on success, only recording a
denial when the lock is unsuccessful as a result of the denial.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Paul Cassella <cassella@cray.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
9 years agodm-verity: Add modes and emit uevent on corrupted blocks
Sami Tolvanen [Thu, 26 Feb 2015 13:47:41 +0000 (13:47 +0000)]
dm-verity: Add modes and emit uevent on corrupted blocks

Add a device specific mode to dm-verity for handling corrupted
blocks:

  DM_VERITY_MODE_EIO is the default behavior, where reading a
  corrupted block results in -EIO.

  DM_VERITY_MODE_LOGGING only logs corrupted blocks, but does
  not block the read.

  DM_VERITY_MODE_RESTART calls kernel_restart when a corrupted
  block is discovered.

Each mode sends a uevent to notify userspace of corruption and
allow further recovery actions.

Defaults to previous behavior, other modes can be enabled with
an optional parameter added to the verity table.

Change-Id: Ib72ae6ccb865594d28f3553bdcc5a40b1d7af390
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
9 years agoproc: make oom adjustment files user read-only
Rom Lemarchand [Sat, 7 Mar 2015 17:38:05 +0000 (09:38 -0800)]
proc: make oom adjustment files user read-only

Make oom_adj and oom_score_adj user read-only.

Bug: 19636629
Change-Id: I055bb172d5b4d3d856e25918f3c5de8edf31e4a3
Signed-off-by: Rom Lemarchand <romlem@google.com>
9 years agoRevert "Grants system server access to /proc/<pid>/oom_adj for Android applications."
Rom Lemarchand [Sat, 7 Mar 2015 17:33:41 +0000 (09:33 -0800)]
Revert "Grants system server access to /proc/<pid>/oom_adj for Android applications."

This reverts commit aa3305f2ba5976a95637c69c63409fdf007e1414.

Bug: 19636629
Change-Id: I8dcd6a12cc591cb410d6a799c7e875726495504f

9 years agofs/proc/task_mmu.c: add user-space support for resetting mm->hiwater_rss (peak RSS)
Petr Cermak [Wed, 18 Feb 2015 10:39:10 +0000 (10:39 +0000)]
fs/proc/task_mmu.c: add user-space support for resetting mm->hiwater_rss (peak RSS)

Peak resident size of a process can be reset back to the process's
current rss value by writing "5" to /proc/pid/clear_refs.  The driving
use-case for this would be getting the peak RSS value, which can be
retrieved from the VmHWM field in /proc/pid/status, per benchmark
iteration or test scenario.

Origin:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=695f055936938c674473ea071ca7359a863551e7

[akpm@linux-foundation.org: clarify behaviour in documentation]
Signed-off-by: Petr Cermak <petrcermak@chromium.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Primiano Tucci <primiano@chromium.org>
Cc: Petr Cermak <petrcermak@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I543a7640639d9916e813af875003fe3ee3a6bfe0

9 years agonet: ping: Return EAFNOSUPPORT when appropriate.
Lorenzo Colitti [Tue, 3 Mar 2015 14:16:16 +0000 (23:16 +0900)]
net: ping: Return EAFNOSUPPORT when appropriate.

1. For an IPv4 ping socket, ping_check_bind_addr does not check
   the family of the socket address that's passed in. Instead,
   make it behave like inet_bind, which enforces either that the
   address family is AF_INET, or that the family is AF_UNSPEC and
   the address is 0.0.0.0.
2. For an IPv6 ping socket, ping_check_bind_addr returns EINVAL
   if the socket family is not AF_INET6. Return EAFNOSUPPORT
   instead, for consistency with inet6_bind.
3. Make ping_v4_sendmsg and ping_v6_sendmsg return EAFNOSUPPORT
   instead of EINVAL if an incorrect socket address structure is
   passed in.
4. Make IPv6 ping sockets be IPv6-only. The code does not support
   IPv4, and it cannot easily be made to support IPv4 because
   the protocol numbers for ICMP and ICMPv6 are different. This
   makes connect(::ffff:192.0.2.1) fail with EAFNOSUPPORT instead
   of making the socket unusable.

Among other things, this fixes an oops that can be triggered by:

    int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
    struct sockaddr_in6 sin6 = {
        .sin6_family = AF_INET6,
        .sin6_addr = in6addr_any,
    };
    bind(s, (struct sockaddr *) &sin6, sizeof(sin6));

[backport of net 9145736d4862145684009d6a72a6e61324a9439e]

Change-Id: If06ca86d9f1e4593c0d6df174caca3487c57a241
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agolz4: fix compression/decompression signedness mismatch
Sergey Senozhatsky [Wed, 11 Sep 2013 21:26:32 +0000 (14:26 -0700)]
lz4: fix compression/decompression signedness mismatch

LZ4 compression and decompression functions require different in
signedness input/output parameters: unsigned char for compression and
signed char for decompression.

Change decompression API to require "(const) unsigned char *".

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Yann Collet <yann.collet.73@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agolib: add lz4 compressor module
Chanho Min [Mon, 8 Jul 2013 23:01:49 +0000 (16:01 -0700)]
lib: add lz4 compressor module

This patchset is for supporting LZ4 compression and the crypto API using
it.

As shown below, the size of data is a little bit bigger but compressing
speed is faster under the enabled unaligned memory access.  We can use
lz4 de/compression through crypto API as well.  Also, It will be useful
for another potential user of lz4 compression.

lz4 Compression Benchmark:
Compiler: ARM gcc 4.6.4
ARMv7, 1 GHz based board
   Kernel: linux 3.4
   Uncompressed data Size: 101 MB
         Compressed Size  compression Speed
   LZO   72.1MB   32.1MB/s, 33.0MB/s(UA)
   LZ4   75.1MB   30.4MB/s, 35.9MB/s(UA)
   LZ4HC 59.8MB    2.4MB/s,  2.5MB/s(UA)
- UA: Unaligned memory Access support
- Latest patch set for LZO applied

This patch:

Add support for LZ4 compression in the Linux Kernel.  LZ4 Compression APIs
for kernel are based on LZ4 implementation by Yann Collet and were changed
for kernel coding style.

LZ4 homepage : http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository : http://code.google.com/p/lz4/
svn revision : r90

Two APIs are added:

lz4_compress() support basic lz4 compression whereas lz4hc_compress()
support high compression or CPU performance get lower but compression
ratio get higher.  Also, we require the pre-allocated working memory with
the defined size and destination buffer must be allocated with the size of
lz4_compressbound.

[akpm@linux-foundation.org: make lz4_compresshcctx() static]
Signed-off-by: Chanho Min <chanho.min@lge.com>
Cc: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: Bob Pearson <rpearson@systemfabricworks.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Herbert Xu <herbert@gondor.hengli.com.au>
Cc: Yann Collet <yann.collet.73@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agodecompressor: add LZ4 decompressor module
Kyungsik Lee [Mon, 8 Jul 2013 23:01:45 +0000 (16:01 -0700)]
decompressor: add LZ4 decompressor module

Add support for LZ4 decompression in the Linux Kernel.  LZ4 Decompression
APIs for kernel are based on LZ4 implementation by Yann Collet.

Benchmark Results(PATCH v3)
Compiler: Linaro ARM gcc 4.6.2

1. ARMv7, 1.5GHz based board
   Kernel: linux 3.4
   Uncompressed Kernel Size: 14MB
        Compressed Size  Decompression Speed
   LZO  6.7MB            20.1MB/s, 25.2MB/s(UA)
   LZ4  7.3MB            29.1MB/s, 45.6MB/s(UA)

2. ARMv7, 1.7GHz based board
   Kernel: linux 3.7
   Uncompressed Kernel Size: 14MB
        Compressed Size  Decompression Speed
   LZO  6.0MB            34.1MB/s, 52.2MB/s(UA)
   LZ4  6.5MB            86.7MB/s
- UA: Unaligned memory Access support
- Latest patch set for LZO applied

This patch set is for adding support for LZ4-compressed Kernel.  LZ4 is a
very fast lossless compression algorithm and it also features an extremely
fast decoder [1].

But we have five of decompressors already and one question which does
arise, however, is that of where do we stop adding new ones?  This issue
had been discussed and came to the conclusion [2].

Russell King said that we should have:

 - one decompressor which is the fastest
 - one decompressor for the highest compression ratio
 - one popular decompressor (eg conventional gzip)

If we have a replacement one for one of these, then it should do exactly
that: replace it.

The benchmark shows that an 8% increase in image size vs a 66% increase
in decompression speed compared to LZO(which has been known as the
fastest decompressor in the Kernel).  Therefore the "fast but may not be
small" compression title has clearly been taken by LZ4 [3].

[1] http://code.google.com/p/lz4/
[2] http://thread.gmane.org/gmane.linux.kbuild.devel/9157
[3] http://thread.gmane.org/gmane.linux.kbuild.devel/9347

LZ4 homepage: http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository: http://code.google.com/p/lz4/

Signed-off-by: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Yann Collet <yann.collet.73@gmail.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agoSquashfs: Add LZ4 compression configuration option
Phillip Lougher [Thu, 27 Nov 2014 18:48:44 +0000 (18:48 +0000)]
Squashfs: Add LZ4 compression configuration option

Add the glue code, and also update the documentation.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: add LZ4 compression support
Phillip Lougher [Thu, 27 Nov 2014 06:49:14 +0000 (06:49 +0000)]
Squashfs: add LZ4 compression support

Add support for reading file systems compressed with the
LZ4 compression algorithm.

This patch adds the LZ4 decompressor wrapper code.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agofs/squashfs/super.c: logging cleanup
Fabian Frederick [Wed, 6 Aug 2014 23:03:52 +0000 (16:03 -0700)]
fs/squashfs/super.c: logging cleanup

- Convert printk to pr_foo()
- Add pr_fmt for future logging entries
- Coalesce formats

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agofs/squashfs/file_direct.c: replace count*size kmalloc by kmalloc_array
Fabian Frederick [Wed, 6 Aug 2014 23:03:50 +0000 (16:03 -0700)]
fs/squashfs/file_direct.c: replace count*size kmalloc by kmalloc_array

kmalloc_array() manages count*sizeof overflow.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agofs/squashfs/squashfs.h: replace pr_warning by pr_warn
Fabian Frederick [Wed, 4 Jun 2014 23:05:52 +0000 (16:05 -0700)]
fs/squashfs/squashfs.h: replace pr_warning by pr_warn

Update the last pr_warning callsite in fs branch

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agofs: push sync_filesystem() down to the file system's remount_fs()
Theodore Ts'o [Thu, 13 Mar 2014 14:14:33 +0000 (10:14 -0400)]
fs: push sync_filesystem() down to the file system's remount_fs()

Previously, the no-op "mount -o mount /dev/xxx" operation when the
file system is already mounted read-write causes an implied,
unconditional syncfs().  This seems pretty stupid, and it's certainly
documented or guaraunteed to do this, nor is it particularly useful,
except in the case where the file system was mounted rw and is getting
remounted read-only.

However, it's possible that there might be some file systems that are
actually depending on this behavior.  In most file systems, it's
probably fine to only call sync_filesystem() when transitioning from
read-write to read-only, and there are some file systems where this is
not needed at all (for example, for a pseudo-filesystem or something
like romfs).

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: linux-fsdevel@vger.kernel.org
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Artem Bityutskiy <dedekind1@gmail.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Evgeniy Dushistov <dushistov@mail.ru>
Cc: Jan Kara <jack@suse.cz>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Anders Larsen <al@alarsen.net>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
Cc: Petr Vandrovec <petr@vandrovec.name>
Cc: xfs@oss.sgi.com
Cc: linux-btrfs@vger.kernel.org
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Cc: codalist@coda.cs.cmu.edu
Cc: linux-ext4@vger.kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net
Cc: fuse-devel@lists.sourceforge.net
Cc: cluster-devel@redhat.com
Cc: linux-mtd@lists.infradead.org
Cc: jfs-discussion@lists.sourceforge.net
Cc: linux-nfs@vger.kernel.org
Cc: linux-nilfs@vger.kernel.org
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: ocfs2-devel@oss.oracle.com
Cc: reiserfs-devel@vger.kernel.org
9 years agoSquashfs: fix failure to unlock pages on decompress error
Phillip Lougher [Sun, 24 Nov 2013 00:40:49 +0000 (00:40 +0000)]
Squashfs: fix failure to unlock pages on decompress error

Direct decompression into the page cache.  If we fall back
to using an intermediate buffer (because we cannot grab all the
page cache pages) and we get a decompress fail, we forgot to
release the pages.

Reported-by: Roman Peniaev <r.peniaev@gmail.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: Check stream is not NULL in decompressor_multi.c
Phillip Lougher [Sun, 10 Nov 2013 00:02:29 +0000 (00:02 +0000)]
Squashfs: Check stream is not NULL in decompressor_multi.c

Fix static checker complaint that stream is not checked in
squashfs_decompressor_destroy().

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
9 years agoSquashfs: Directly decompress into the page cache for file data
Phillip Lougher [Wed, 13 Nov 2013 02:04:19 +0000 (02:04 +0000)]
Squashfs: Directly decompress into the page cache for file data

This introduces an implementation of squashfs_readpage_block()
that directly decompresses into the page cache.

This uses the previously added page handler abstraction to push
down the necessary kmap_atomic/kunmap_atomic operations on the
page cache buffers into the decompressors.  This enables
direct copying into the page cache without using the slow
kmap/kunmap calls.

The code detects when multiple threads are racing in
squashfs_readpage() to decompress the same block, and avoids
this regression by falling back to using an intermediate
buffer.

This patch enhances the performance of Squashfs significantly
when multiple processes are accessing the filesystem simultaneously
because it not only reduces memcopying, but it more importantly
eliminates the lock contention on the intermediate buffer.

Using single-thread decompression.

        dd if=file1 of=/dev/null bs=4096 &
        dd if=file2 of=/dev/null bs=4096 &
        dd if=file3 of=/dev/null bs=4096 &
        dd if=file4 of=/dev/null bs=4096

Before:

629145600 bytes (629 MB) copied, 45.8046 s, 13.7 MB/s

After:

629145600 bytes (629 MB) copied, 9.29414 s, 67.7 MB/s

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
9 years agoSquashfs: Restructure squashfs_readpage()
Phillip Lougher [Thu, 31 Oct 2013 19:24:27 +0000 (19:24 +0000)]
Squashfs: Restructure squashfs_readpage()

Restructure squashfs_readpage() splitting it into separate
functions for datablocks, fragments and sparse blocks.

Move the memcpying (from squashfs cache entry) implementation of
squashfs_readpage_block into file_cache.c

This allows different implementations to be supported.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
9 years agoSquashfs: Generalise paging handling in the decompressors
Phillip Lougher [Mon, 18 Nov 2013 02:59:12 +0000 (02:59 +0000)]
Squashfs: Generalise paging handling in the decompressors

Further generalise the decompressors by adding a page handler
abstraction.  This adds helpers to allow the decompressors
to access and process the output buffers in an implementation
independant manner.

This allows different types of output buffer to be passed
to the decompressors, with the implementation specific
aspects handled at decompression time, but without the
knowledge being held in the decompressor wrapper code.

This will allow the decompressors to handle Squashfs
cache buffers, and page cache pages.

This patch adds the abstraction and an implementation for
the caches.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
9 years agoSquashfs: add multi-threaded decompression using percpu variable
Phillip Lougher [Mon, 18 Nov 2013 02:31:36 +0000 (02:31 +0000)]
Squashfs: add multi-threaded decompression using percpu variable

Add a multi-threaded decompression implementation which uses
percpu variables.

Using percpu variables has advantages and disadvantages over
implementations which do not use percpu variables.

Advantages:
  * the nature of percpu variables ensures decompression is
    load-balanced across the multiple cores.
  * simplicity.

Disadvantages: it limits decompression to one thread per core.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agosquashfs: Enhance parallel I/O
Minchan Kim [Mon, 28 Oct 2013 05:26:30 +0000 (14:26 +0900)]
squashfs: Enhance parallel I/O

Now squashfs have used for only one stream buffer for decompression
so it hurts parallel read performance so this patch supports
multiple decompressor to enhance performance parallel I/O.

Four 1G file dd read on KVM machine which has 2 CPU and 4G memory.

dd if=test/test1.dat of=/dev/null &
dd if=test/test2.dat of=/dev/null &
dd if=test/test3.dat of=/dev/null &
dd if=test/test4.dat of=/dev/null &

old : 1m39s -> new : 9s

* From v1
  * Change comp_strm with decomp_strm - Phillip
  * Change/add comments - Phillip

Signed-off-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: Refactor decompressor interface and code
Phillip Lougher [Wed, 13 Nov 2013 02:56:26 +0000 (02:56 +0000)]
Squashfs: Refactor decompressor interface and code

The decompressor interface and code was written from
the point of view of single-threaded operation.  In doing
so it mixed a lot of single-threaded implementation specific
aspects into the decompressor code and elsewhere which makes it
difficult to seamlessly support multiple different decompressor
implementations.

This patch does the following:

1.  It removes compressor_options parsing from the decompressor
    init() function.  This allows the decompressor init() function
    to be dynamically called to instantiate multiple decompressors,
    without the compressor options needing to be read and parsed each
    time.

2.  It moves threading and all sleeping operations out of the
    decompressors.  In doing so, it makes the decompressors
    non-blocking wrappers which only deal with interfacing with
    the decompressor implementation.

3. It splits decompressor.[ch] into decompressor generic functions
   in decompressor.[ch], and moves the single threaded
   decompressor implementation into decompressor_single.c.

The result of this patch is Squashfs should now be able to
support multiple decompressors by adding new decompressor_xxx.c
files with specialised implementations of the functions in
decompressor_single.c

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
9 years agoSquashfs: add corruption check for type in squashfs_readdir()
Phillip Lougher [Wed, 4 Sep 2013 01:58:12 +0000 (02:58 +0100)]
Squashfs: add corruption check for type in squashfs_readdir()

We read the type field from disk.  This value should be sanity
checked for correctness to avoid an out of bounds access when
reading the squashfs_filetype_table array.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: add corruption check in get_dir_index_using_offset()
Phillip Lougher [Tue, 3 Sep 2013 03:52:52 +0000 (04:52 +0100)]
Squashfs: add corruption check in get_dir_index_using_offset()

We read the size (of the name) field from disk.  This value should
be sanity checked for correctness to avoid blindly reading
huge amounts of unnecessary data from disk on corruption.

Note, here we're not actually reading the name into a buffer, but
skipping it, and so corruption doesn't cause buffer overflow, merely
lots of unnecessary amounts of data to be read.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: fix corruption checks in squashfs_readdir()
Phillip Lougher [Tue, 3 Sep 2013 03:38:43 +0000 (04:38 +0100)]
Squashfs: fix corruption checks in squashfs_readdir()

The dir_count and size fields when read from disk are sanity
checked for correctness.  However, the sanity checks only check the
values are not greater than expected.  As dir_count and size were
incorrectly defined as signed ints, this can lead to corrupted values
appearing as negative which are not trapped.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: fix corruption checks in squashfs_lookup()
Phillip Lougher [Tue, 3 Sep 2013 03:21:52 +0000 (04:21 +0100)]
Squashfs: fix corruption checks in squashfs_lookup()

The dir_count and size fields when read from disk are sanity
checked for correctness.  However, the sanity checks only check the
values are not greater than expected.  As dir_count and size were
incorrectly defined as signed ints, this can lead to corrupted values
appearing as negative which are not trapped.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: fix corruption check in get_dir_index_using_name()
Phillip Lougher [Tue, 3 Sep 2013 03:02:53 +0000 (04:02 +0100)]
Squashfs: fix corruption check in get_dir_index_using_name()

Patch "Squashfs: sanity check information from disk" from
Dan Carpenter adds a missing check for corruption in the
"size" field while reading the directory index from disk.

It, however, sets err to -EINVAL, this value is not used later, and
so setting it is completely redundant.  So remove it.

Errors in reading the index are deliberately non-fatal.  If we
get an error in reading the index we just return the part of the
index we have managed to read - the index isn't essential,
just quicker.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: Optimized uncompressed buffer loop
Manish Sharma [Wed, 4 Sep 2013 17:01:23 +0000 (22:31 +0530)]
Squashfs: Optimized uncompressed buffer loop

Merged the two for loops. We might get a little gain by overlapping
wait_on_bh and the memcpy operations.

Signed-off-by: Manish Sharma <manishrma@gmail.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years agoSquashfs: sanity check information from disk
Dan Carpenter [Wed, 17 Jul 2013 12:20:25 +0000 (15:20 +0300)]
Squashfs: sanity check information from disk

We read the size of the name from the disk, but a larger name than
expected would cause memory corruption.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
9 years ago[readdir] constify ->actor
Al Viro [Thu, 23 May 2013 02:22:04 +0000 (22:22 -0400)]
[readdir] constify ->actor

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago[readdir] introduce ->iterate(), ctx->pos, dir_emit()
Al Viro [Wed, 15 May 2013 22:49:12 +0000 (18:49 -0400)]
[readdir] introduce ->iterate(), ctx->pos, dir_emit()

New method - ->iterate(file, ctx).  That's the replacement for ->readdir();
it takes callback from ctx->actor, uses ctx->pos instead of file->f_pos and
calls dir_emit(ctx, ...) instead of filldir(data, ...).  It does *not*
update file->f_pos (or look at it, for that matter); iterate_dir() does the
update.

Note that dir_emit() takes the offset from ctx->pos (and eventually
filldir_t will lose that argument).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago[readdir] introduce iterate_dir() and dir_context
Al Viro [Wed, 15 May 2013 17:52:59 +0000 (13:52 -0400)]
[readdir] introduce iterate_dir() and dir_context

iterate_dir(): new helper, replacing vfs_readdir().

struct dir_context: contains the readdir callback (and will get more stuff
in it), embedded into whatever data that callback wants to deal with;
eventually, we'll be passing it to ->readdir() replacement instead of
(data,filldir) pair.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago[readdir] convert squashfs
Al Viro [Thu, 16 May 2013 05:17:58 +0000 (01:17 -0400)]
[readdir] convert squashfs

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif
Cong Wang [Tue, 15 Apr 2014 23:25:34 +0000 (16:25 -0700)]
ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif

As suggested by Julian:

Simply, flowi4_iif must not contain 0, it does not
look logical to ignore all ip rules with specified iif.

because in fib_rule_match() we do:

        if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
                goto out;

flowi4_iif should be LOOPBACK_IFINDEX by default.

We need to move LOOPBACK_IFINDEX to include/net/flow.h:

1) It is mostly used by flowi_iif

2) Fix the following compile error if we use it in flow.h
by the patches latter:

In file included from include/linux/netfilter.h:277:0,
                 from include/net/netns/netfilter.h:5,
                 from include/net/net_namespace.h:21,
                 from include/linux/netdevice.h:43,
                 from include/linux/icmpv6.h:12,
                 from include/linux/ipv6.h:61,
                 from include/net/ipv6.h:16,
                 from include/linux/sunrpc/clnt.h:27,
                 from include/linux/nfs_fs.h:30,
                 from init/do_mounts.c:32:
include/net/flow.h: In function ‘flowi4_init_output’:
include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)

[Backport of net-next 6a662719c9868b3d6c7d26b3a085f0cd3cc15e64]

Change-Id: Ib7a0a08d78c03800488afa1b2c170cb70e34cfd9
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
9 years agoum: remove dead code
Richard Weinberger [Fri, 19 Jul 2013 09:35:32 +0000 (11:35 +0200)]
um: remove dead code

"me" is not used.

[cherry-pick of upstream 9e82d450531c79b18ab18c9b9645cdd9db31ee98]

Change-Id: Ifc3550184931dddf8feebd6c3137e60b97f6a0f1
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
9 years agoum: siginfo cleanup
Richard Weinberger [Fri, 19 Jul 2013 09:31:36 +0000 (11:31 +0200)]
um: siginfo cleanup

Currently we use both struct siginfo and siginfo_t.
Let's use struct siginfo internally to avoid ongoing
compiler warning. We are allowed to do so because
struct siginfo and siginfo_t are equivalent.

[cherry-pick of upstream 9a8c1359571c5d5e2fbc43cf457a6486b70a70cb]

Change-Id: I564775c9ed515c39ffff7d7d600a85d50291f31d
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
9 years agonet: ipv6: make "ip -6 route get mark xyz" work.
Lorenzo Colitti [Thu, 15 May 2014 23:38:41 +0000 (16:38 -0700)]
net: ipv6: make "ip -6 route get mark xyz" work.

Currently, "ip -6 route get mark xyz" ignores the mark passed in
by userspace. Make it honour the mark, just like IPv4 does.

[net-next commit 2e47b291953c35afa4e20a65475954c1a1b9afe1]

Change-Id: Ief6cd1e1b7e43dc0d008b7e692be62cadc5cc7ca
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoandroid: base-cfg: turn off /dev/mem and /dev/kmem
Mark Salyzyn [Mon, 2 Mar 2015 17:04:10 +0000 (09:04 -0800)]
android: base-cfg: turn off /dev/mem and /dev/kmem

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 19549480
Change-Id: Icd43da8712efab46aa70590311c0fb170a9e124c

9 years agokbuild: make it possible to specify the module output dir
Rom Lemarchand [Fri, 6 Feb 2015 00:07:59 +0000 (16:07 -0800)]
kbuild: make it possible to specify the module output dir

Make modinst_dir user-defined on the command line.

This allows to do things like:
make MODLIB=output/ modinst_dir=. modules_install

to ensure all the .ko are in the output/ directory.

Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151
Signed-off-by: Rom Lemarchand <romlem@android.com>
(cherry picked from commit ae7f28e5aa168a008c153ccff7cc437066d016c3)

9 years agoxt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
Mohamad Ayyash [Wed, 14 Jan 2015 03:20:44 +0000 (19:20 -0800)]
xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket

It prevents a kernel panic when accessing sk->sk_socket fields due to NULLing sk->sk_socket when sock_orphan is called through
sk_common_release.

Change-Id: I4aa46b4e2d8600e4d4ef8dcdd363aa4e6e5f8433
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
(cherry picked from commit cdea0ebcb8bcfe57688f6cb692b49e550ebd9796)

9 years agoipv6: clean up anycast when an interface is destroyed
Sabrina Dubroca [Wed, 10 Sep 2014 21:23:02 +0000 (23:23 +0200)]
ipv6: clean up anycast when an interface is destroyed

If we try to rmmod the driver for an interface while sockets with
setsockopt(JOIN_ANYCAST) are alive, some refcounts aren't cleaned up
and we get stuck on:

  unregister_netdevice: waiting for ens3 to become free. Usage count = 1

If we LEAVE_ANYCAST/close everything before rmmod'ing, there is no
problem.

We need to perform a cleanup similar to the one for multicast in
addrconf_ifdown(how == 1).

BUG: 18902601
Change-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agousb: gadget: check for accessory device before disconnecting HIDs
Amit Pundir [Fri, 16 Jan 2015 00:11:10 +0000 (05:41 +0530)]
usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit 32a71bce154cb89a549b9b7d28e8cf03b889d849)

9 years agostaging: android: ashmem: add missing include
Rom Lemarchand [Sat, 24 Jan 2015 23:08:42 +0000 (15:08 -0800)]
staging: android: ashmem: add missing include

Include <linux/types.h> into ashmem.h to ensure referenced types are defined

Signed-off-by: Rom Lemarchand <romlem@android.com>
Change-Id: Iac18ed86dd47296d02a269607b1514724aaa9958

9 years agousb: gadget: android: Save/restore ep0 completion function
Jack Pham [Wed, 19 Feb 2014 06:16:19 +0000 (22:16 -0800)]
usb: gadget: android: Save/restore ep0 completion function

The android_setup() function currently gives the f_accessory
setup function first opportunity to handle control requests
in order to support Android Open Accessory (AOA) hosts. That
function makes use of cdev->req and overrides its completion
function, but not in all cases. Thus, if a later request uses
the same request pointer but doesn't (re)set req->complete it
could result in the wrong completion function being called and
causing invalid memory access.

One way to fix this would be to explicitly set req->complete in
all cases but that might require auditing all function drivers
that have ep0 handling. Instead, note that the composite device
had already initially set cdev->req->complete and simply cache
and restore that pointer at the start of android_setup().

Change-Id: I33bcd17bd20687a349d537d1013b52a2afef6996
Signed-off-by: Jack Pham <jackp@codeaurora.org>
9 years agoselinux: Remove obsolete selinux_audit_data initialization.
Stephen Smalley [Wed, 21 Jan 2015 18:59:39 +0000 (13:59 -0500)]
selinux: Remove obsolete selinux_audit_data initialization.

Commit 899838b25f063a94594b1df6e0100aea1ec57fac eliminated the need
to initialize selinux_audit_data except in the slow path, when it is
handled by slow_avc_audit().  That commit removed all other initializations
of selinux_audit_data but this one remained since the binder security
hooks are not yet upstream (posted them to linux-kernel today).

Change-Id: I735e4500cde23275686cb3208068cbf8dd7bccd7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
9 years agoselinux: make the netif cache namespace aware
Paul Moore [Wed, 10 Sep 2014 21:09:57 +0000 (17:09 -0400)]
selinux: make the netif cache namespace aware

While SELinux largely ignores namespaces, for good reason, there are
some places where it needs to at least be aware of namespaces in order
to function correctly.  Network namespaces are one example.  Basic
awareness of network namespaces are necessary in order to match a
network interface's index number to an actual network device.

This patch corrects a problem with network interfaces added to a
non-init namespace, and can be reproduced with the following commands:

 [NOTE: the NetLabel configuration is here only to active the dynamic
        networking controls ]

 # netlabelctl unlbl add default address:0.0.0.0/0 \
   label:system_u:object_r:unlabeled_t:s0
 # netlabelctl unlbl add default address:::/0 \
   label:system_u:object_r:unlabeled_t:s0
 # netlabelctl cipsov4 add pass doi:100 tags:1
 # netlabelctl map add domain:lspp_test_netlabel_t \
   protocol:cipsov4,100

 # ip link add type veth
 # ip netns add myns
 # ip link set veth1 netns myns
 # ip a add dev veth0 10.250.13.100/24
 # ip netns exec myns ip a add dev veth1 10.250.13.101/24
 # ip l set veth0 up
 # ip netns exec myns ip l set veth1 up

 # ping -c 1 10.250.13.101
 # ip netns exec myns ping -c 1 10.250.13.100

Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
9 years agoselinux: correctly label /proc inodes in use before the policy is loaded
Paul Moore [Wed, 19 Mar 2014 20:46:18 +0000 (16:46 -0400)]
selinux: correctly label /proc inodes in use before the policy is loaded

commit f64410ec665479d7b4b77b7519e814253ed0f686 upstream.

This patch is based on an earlier patch by Eric Paris, he describes
the problem below:

  "If an inode is accessed before policy load it will get placed on a
   list of inodes to be initialized after policy load.  After policy
   load we call inode_doinit() which calls inode_doinit_with_dentry()
   on all inodes accessed before policy load.  In the case of inodes
   in procfs that means we'll end up at the bottom where it does:

     /* Default to the fs superblock SID. */
     isec->sid = sbsec->sid;

     if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
             if (opt_dentry) {
                     isec->sclass = inode_mode_to_security_class(...)
                     rc = selinux_proc_get_sid(opt_dentry,
                                               isec->sclass,
                                               &sid);
                     if (rc)
                             goto out_unlock;
                     isec->sid = sid;
             }
     }

   Since opt_dentry is null, we'll never call selinux_proc_get_sid()
   and will leave the inode labeled with the label on the superblock.
   I believe a fix would be to mimic the behavior of xattrs.  Look
   for an alias of the inode.  If it can't be found, just leave the
   inode uninitialized (and pick it up later) if it can be found, we
   should be able to call selinux_proc_get_sid() ..."

On a system exhibiting this problem, you will notice a lot of files in
/proc with the generic "proc_t" type (at least the ones that were
accessed early in the boot), for example:

   # ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
   system_u:object_r:proc_t:s0 /proc/sys/kernel/shmmax

However, with this patch in place we see the expected result:

   # ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
   system_u:object_r:sysctl_kernel_t:s0 /proc/sys/kernel/shmmax

Change-Id: I7742b4b7e53b45e4dd13d99c39553a927aa4a7e9
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
9 years agoselinux: fix inode security list corruption
Stephen Smalley [Mon, 6 Oct 2014 20:32:52 +0000 (16:32 -0400)]
selinux: fix inode security list corruption

commit 923190d32de4428afbea5e5773be86bea60a9925 upstream.

sb_finish_set_opts() can race with inode_free_security()
when initializing inode security structures for inodes
created prior to initial policy load or by the filesystem
during ->mount().   This appears to have always been
a possible race, but commit 3dc91d4 ("SELinux:  Fix possible
NULL pointer dereference in selinux_inode_permission()")
made it more evident by immediately reusing the unioned
list/rcu element  of the inode security structure for call_rcu()
upon an inode_free_security().  But the underlying issue
was already present before that commit as a possible use-after-free
of isec.

Shivnandan Kumar reported the list corruption and proposed
a patch to split the list and rcu elements out of the union
as separate fields of the inode_security_struct so that setting
the rcu element would not affect the list element.  However,
this would merely hide the issue and not truly fix the code.

This patch instead moves up the deletion of the list entry
prior to dropping the sbsec->isec_lock initially.  Then,
if the inode is dropped subsequently, there will be no further
references to the isec.

Change-Id: I7c56670bddbb896f159701651758d2e7f739dff8
Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agoselinux: put the mmap() DAC controls before the MAC controls
Paul Moore [Fri, 28 Feb 2014 12:23:24 +0000 (07:23 -0500)]
selinux: put the mmap() DAC controls before the MAC controls

commit 0909c0ae999c325b9d34c6f4710f40730ae3bc24 upstream.

It turns out that doing the SELinux MAC checks for mmap() before the
DAC checks was causing users and the SELinux policy folks headaches
as users were seeing a lot of SELinux AVC denials for the
memprotect:mmap_zero permission that would have also been denied by
the normal DAC capability checks (CAP_SYS_RAWIO).

Example:

 # cat mmap_test.c
  #include <stdlib.h>
  #include <stdio.h>
  #include <errno.h>
  #include <sys/mman.h>

  int main(int argc, char *argv[])
  {
        int rc;
        void *mem;

        mem = mmap(0x0, 4096,
                   PROT_READ | PROT_WRITE,
                   MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
        if (mem == MAP_FAILED)
                return errno;
        printf("mem = %p\n", mem);
        munmap(mem, 4096);

        return 0;
  }
 # gcc -g -O0 -o mmap_test mmap_test.c
 # ./mmap_test
 mem = (nil)
 # ausearch -m AVC | grep mmap_zero
 type=AVC msg=audit(...): avc:  denied  { mmap_zero }
   for pid=1025 comm="mmap_test"
   scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
   tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
   tclass=memprotect

This patch corrects things so that when the above example is run by a
user without CAP_SYS_RAWIO the SELinux AVC is no longer generated as
the DAC capability check fails before the SELinux permission check.

Change-Id: Ic3b2ef30d13c15ca7c60adbd3c3b93ebe251c7bc
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
9 years agoselinux: reduce the number of calls to synchronize_net() when flushing caches
Paul Moore [Thu, 26 Jun 2014 18:33:56 +0000 (14:33 -0400)]
selinux: reduce the number of calls to synchronize_net() when flushing caches

commit 615e51fdda6f274e94b1e905fcaf6111e0d9aa20 upstream.

When flushing the AVC, such as during a policy load, the various
network caches are also flushed, with each making a call to
synchronize_net() which has shown to be expensive in some cases.
This patch consolidates the network cache flushes into a single AVC
callback which only calls synchronize_net() once for each AVC cache
flush.

Change-Id: I2a7f020748d1adf2b68246f6ef86d0c871adffb7
Reported-by: Jaejyn Shin <flagon22bass@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
9 years ago[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs
Mark Salyzyn [Wed, 7 Jan 2015 17:27:15 +0000 (09:27 -0800)]
[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs

- add "pstore" and "debugfs" to list of in-core exceptions
- change fstype checks to boolean equation
- change from strncmp to strcmp for checking

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 18917345
Bug: 18935184
Change-Id: Ib648f30ce4b5d6c96f11465836d6fee89bec1c72

9 years agoSELinux: Update policy version to support constraints info
Richard Haines [Tue, 19 Nov 2013 22:34:23 +0000 (17:34 -0500)]
SELinux: Update policy version to support constraints info

Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow
holding of policy source info for constraints.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
9 years ago[PATCH v4 4/5] pstore: add pmsg
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 4/5] pstore: add pmsg

A secured user-space accessible pstore object. Writes
to /dev/pmsg0 are appended to the buffer, on reboot
the persistent contents are available in
/sys/fs/pstore/pmsg-ramoops-[ID].

One possible use is syslogd, or other daemon, can
write messages, then on reboot provides a means to
triage user-space activities leading up to a panic
as a companion to the pstore dmesg or console logs.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
v2: switch from snprintf to scnprintf
v3: split out prz_ok checking into PATCH 3/5
    replace pmsg_lseek with noop_llseek
    use pr_fmt() macro
    make write atomic and use a vmalloc'd bounce buffer
v4: use mutex_lock instead of spin_lock.

Change-Id: I82a2a9a989d7583c5fcb65ff520027dc3a034a4c

9 years ago[PATCH 3/5] pstore: handle zero-sized prz in series
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH 3/5] pstore: handle zero-sized prz in series

Corrects a problem wih ramoops_pstore_read failing to
return the next in a prz series after first zero-sized
entry, not venturing to the next non-zero entry.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Change-Id: Iedce3b94c13917da33be44e1d80811757774c793

9 years ago[PATCH v2 2/5] pstore: remove superfluous memory size check
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v2 2/5] pstore: remove superfluous memory size check

All previous checks will fail with error if memory size
is not sufficient to register a zone, so this legacy
check has become redundant.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Kees Cook <keescook@chromium.org>
v2: renumber pmsg series dependencies

Change-Id: Ie21c988ae0b1ebb0dafa6c0c0b069e9cfe1e8506

9 years ago[PATCH v4 1/5] pstore: use snprintf
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 1/5] pstore: use snprintf

No guarantees that the names will not exceed the
name buffer with future adjustments.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Joe Perches <joe@perches.com>
v2: switch from snprintf to scnprintf
v3: remove embedded space
v4: renumber pmsg series dependencies

Change-Id: I161fe8cadc967d74e18cc09b7d60b5b398c92c86

9 years agopstore: clarify clearing of _read_cnt in ramoops_context
Liu ShuoX [Mon, 17 Mar 2014 00:24:49 +0000 (11:24 +1100)]
pstore: clarify clearing of _read_cnt in ramoops_context

*_read_cnt in ramoops_context need to be cleared during pstore ->open to
support mutli times getting the records.  The patch added missed
ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe.

Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>
Cc: Colin Cross <ccross@android.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Change-Id: I98622b2587ed661884e74a7273cfc92ee99eaae3

9 years agoprctl: make PR_SET_TIMERSLACK_PID pid namespace aware
Micha Kalfon [Tue, 13 Jan 2015 10:12:57 +0000 (12:12 +0200)]
prctl: make PR_SET_TIMERSLACK_PID pid namespace aware

Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the
target pid in the caller's namespace. Otherwise, calls from pid
namespace other than init would fail or affect the wrong task.

Change-Id: I1da15196abc4096536713ce03714e99d2e63820a
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
9 years agoprctl: fix misplaced PR_SET_TIMERSLACK_PID case
Micha Kalfon [Tue, 13 Jan 2015 09:47:20 +0000 (11:47 +0200)]
prctl: fix misplaced PR_SET_TIMERSLACK_PID case

The case clause for the PR_SET_TIMERSLACK_PID option was placed inside
the an internal switch statement for PR_MCE_KILL (see commits 37a591d4
and 8ae872f1) . This commit moves it to the right place.

Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
9 years agoAdd security hooks to binder and implement the hooks for SELinux.
Stephen Smalley [Mon, 5 Nov 2012 13:15:34 +0000 (08:15 -0500)]
Add security hooks to binder and implement the hooks for SELinux.

Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC.  The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).

This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.

Change-Id: I34266b66320b6a3df9ac01833d7f94daf742920e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
9 years agoandroid: binder: Change binder mutex to rtmutex.
Riley Andrews [Sat, 27 Sep 2014 00:36:36 +0000 (17:36 -0700)]
android: binder: Change binder mutex to rtmutex.

Surfaceflinger uses binder heavily to receive/send frames from applications
while compositing the screen. Change the binder mutex to an rt mutex to minimize
instances where high priority surfaceflinger binder work is blocked by lower
priority binder ipc.

Change-Id: If7429040641d6e463f20301ec14f02ecf6b0da36
Signed-off-by: Riley Andrews <riandrews@google.com>
9 years agoandroid: binder: More offset validation.
Arve Hjønnevåg [Fri, 14 Feb 2014 04:25:06 +0000 (20:25 -0800)]
android: binder: More offset validation.

Make sure offsets don't point to overlapping flat_binder_object
structs.

Change-Id: I85c759b9c6395492474b177625dc6b0b289fd6b0
Signed-off-by: Arve Hjønnevåg <arve@android.com>
9 years agoandroid: binder: remove binder.h
Greg Kroah-Hartman [Thu, 16 Oct 2014 13:26:51 +0000 (15:26 +0200)]
android: binder: remove binder.h

binder.h isn't needed to just include a uapi file and set a single
define, so move it into binder.c to save a few lines of code.

Change-Id: Idcd0aba576295bbe0ddf5d18c4b1d1e8efdc8c84
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: binder: move to the "real" part of the kernel
Greg Kroah-Hartman [Thu, 16 Oct 2014 12:40:38 +0000 (14:40 +0200)]
staging: android: binder: move to the "real" part of the kernel

The Android binder code has been "stable" for many years now.  No matter
what comes in the future, we are going to have to support this API, so
might as well move it to the "real" part of the kernel as there's no
real work that needs to be done to the existing code.

Change-Id: I36d5c6fc05aff26dd01a227201be18e86c9f9994
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: fix coding style issues
Dmitry Voytik [Mon, 8 Sep 2014 14:16:34 +0000 (18:16 +0400)]
staging: binder: fix coding style issues

Fix coding style issues:
* put braces in all if-else branches;
* limit the length of changed lines to 80 columns.
checkpatch.pl warning count reduces by 3.

Change-Id: I1796588ef0f358780445203c5afa87361ab2bf73
Signed-off-by: Dmitry Voytik <voytikd@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: Break up a long line in binder_send_failed_reply
William Panlener [Thu, 4 Sep 2014 03:44:03 +0000 (22:44 -0500)]
staging: android: Break up a long line in binder_send_failed_reply

Kernel coding style. Breaking long lines and strings.

Change-Id: Ie1af1f3bcfef547ab69f873f2e86ee37c8c23caf
Signed-off-by: William Panlener <wpanlener@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: fix attribute as suggested by checkpatch
Purnendu Kapadia [Fri, 15 Aug 2014 17:20:30 +0000 (18:20 +0100)]
staging: android: fix attribute as suggested by checkpatch

we should use __packed attribute

Change-Id: I9c74b57799bc6787d54cf6e2563adc96dff666d2
Signed-off-by: Purnendu Kapadia <pro8linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: Clean up else statement from binder_send_failed_reply
Lucas Tanure [Mon, 14 Jul 2014 00:31:05 +0000 (21:31 -0300)]
staging: android: Clean up else statement from binder_send_failed_reply

Kernel coding style. Remove useless else statement after return.

Changes from v1 and v2: Fix warning for mixed declarations and code.
Declaration of "struct binder_transaction *next" made outside of while.

Changes from v3: Removed initialization to NULL for next variable.

Change-Id: I1ec8b512130595b90098126acf562e58eeca8458
Signed-off-by: Lucas Tanure <tanure@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: binder.c: binder_ioctl() cleanup
Riley Andrews [Mon, 12 Jan 2015 22:01:03 +0000 (14:01 -0800)]
staging: android: binder.c: binder_ioctl() cleanup

binder_ioctl() is quite huge and checkpatch dirty - mostly because of
the amount of code for the BINDER_WRITE_READ and BINDER_SET_CONTEXT_MGR.
Moved that code into the new binder_ioctl_write_read() and
binder_ioctl_set_ctx_mgr()

Change-Id: I9c5cea46a570ca91768e5aa7b11c7178bdbb667d
Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com>
Cc: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: add vm_fault handler
Vinayak Menon [Mon, 2 Jun 2014 12:47:59 +0000 (18:17 +0530)]
staging: binder: add vm_fault handler

An issue was observed when a userspace task exits.
The page which hits error here is the zero page.
In binder mmap, the whole of vma is not mapped.
On a task crash, when debuggerd reads the binder regions,
the unmapped areas fall to do_anonymous_page in handle_pte_fault,
due to the absence of a vm_fault handler. This results in
zero page being mapped. Later in zap_pte_range, vm_normal_page
returns zero page in the case of VM_MIXEDMAP and it results in the
error.

BUG: Bad page map in process mediaserver  pte:9dff379f pmd:9bfbd831
page:c0ed8e60 count:1 mapcount:-1 mapping:  (null) index:0x0
page flags: 0x404(referenced|reserved)
addr:40c3f000 vm_flags:10220051 anon_vma:  (null) mapping:d9fe0764 index:fd
vma->vm_ops->fault:   (null)
vma->vm_file->f_op->mmap: binder_mmap+0x0/0x274
CPU: 0 PID: 1463 Comm: mediaserver Tainted: G        W    3.10.17+ #1
[<c001549c>] (unwind_backtrace+0x0/0x11c) from [<c001200c>] (show_stack+0x10/0x14)
[<c001200c>] (show_stack+0x10/0x14) from [<c0103d78>] (print_bad_pte+0x158/0x190)
[<c0103d78>] (print_bad_pte+0x158/0x190) from [<c01055f0>] (unmap_single_vma+0x2e4/0x598)
[<c01055f0>] (unmap_single_vma+0x2e4/0x598) from [<c010618c>] (unmap_vmas+0x34/0x50)
[<c010618c>] (unmap_vmas+0x34/0x50) from [<c010a9e4>] (exit_mmap+0xc8/0x1e8)
[<c010a9e4>] (exit_mmap+0xc8/0x1e8) from [<c00520f0>] (mmput+0x54/0xd0)
[<c00520f0>] (mmput+0x54/0xd0) from [<c005972c>] (do_exit+0x360/0x990)
[<c005972c>] (do_exit+0x360/0x990) from [<c0059ef0>] (do_group_exit+0x84/0xc0)
[<c0059ef0>] (do_group_exit+0x84/0xc0) from [<c0066de0>] (get_signal_to_deliver+0x4d4/0x548)
[<c0066de0>] (get_signal_to_deliver+0x4d4/0x548) from [<c0011500>] (do_signal+0xa8/0x3b8)

Add a vm_fault handler which returns VM_FAULT_SIGBUS, and prevents the
wrong fallback to do_anonymous_page.

Change-Id: I43c227e489f74f4907f199caf99f571b61883064
Signed-off-by: Vinayak Menon <vinayakm.list@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agoStaging: Android: removed an unnecessary else statement
Karthik Nayak [Sat, 21 Jun 2014 14:53:16 +0000 (20:23 +0530)]
Staging: Android: removed an unnecessary else statement

As per checkpatch warning, removed an unnecessary else statement
proceeding an if statement with a return.

Change-Id: I718d9ece6c8bac128c10ecaf904721410d701b60
Signed-off-by: Karthik Nayak <karthik.188@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: binder.c: Use more appropriate functions for euid retrieval
Tair Rzayev [Sat, 31 May 2014 19:43:34 +0000 (22:43 +0300)]
staging: android: binder.c: Use more appropriate functions for euid retrieval

Instead of getting the reference to whole credential structure, use
task_euid() and current_euid() to get it.

Change-Id: Id5b9d0305b5f90023415863e569988023aaae290
Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: fix usage of uninit scalar in binder_transaction()
Christian Engelmayer [Wed, 7 May 2014 19:44:53 +0000 (21:44 +0200)]
staging: binder: fix usage of uninit scalar in binder_transaction()

Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.

Change-Id: I6c960b7d3ad0adb28fad106a9a0b8cb934013987
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Arve <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: cleanup dereference of noderef expressions
Jerry Snitselaar [Thu, 1 May 2014 06:58:55 +0000 (23:58 -0700)]
staging: binder: cleanup dereference of noderef expressions

Clean up sparse warnings for cred struct dereference.

Change-Id: I78059976c0488abfe9eb4e9f0b0f8ac10c7ef4f9
Signed-off-by: Jerry Snitselaar <dev@snitselaar.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: android: fix missing a blank line after declarations
Seunghun Lee [Wed, 30 Apr 2014 16:30:23 +0000 (01:30 +0900)]
staging: android: fix missing a blank line after declarations

This patch fixes "Missing a blank line after declarations" warnings.

Change-Id: Iede8a80f003eba36fd1f8d3ec8135d9d35c16ee9
Signed-off-by: Seunghun Lee <waydi1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: add __user annotation in binder.c
Mathieu Maret [Tue, 15 Apr 2014 10:03:05 +0000 (12:03 +0200)]
staging: binder: add __user annotation in binder.c

Add __user to binder_version to correct sparse warning.
Reduce line size to fit to coding style.

Change-Id: I8694fb5a082721c69d1596b2853c5d4899f6536b
Signed-off-by: Mathieu Maret <mathieu.maret@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agostaging: binder: Support concurrent 32 bit and 64 bit processes.
Arve Hjønnevåg [Fri, 21 Feb 2014 22:40:26 +0000 (14:40 -0800)]
staging: binder: Support concurrent 32 bit and 64 bit processes.

For 64bit systems we want to use the same binder interface for 32bit and
64bit processes. Thus the size and the layout of the structures passed
between the kernel and the userspace has to be the same for both 32 and
64bit processes.

This change replaces all the uses of void* and size_t with
binder_uintptr_t and binder_size_t. These are then typedefed to specific
sizes depending on the use of the interface, as follows:
       * __u32 - on legacy 32bit only userspace
       * __u64 - on mixed 32/64bit userspace where all processes use the same
interface.

This change also increments the BINDER_CURRENT_PROTOCOL_VERSION to 8 and
hooks the compat_ioctl entry for the mixed 32/64bit Android userspace.

This patch also provides a CONFIG_ANDROID_BINDER_IPC_32BIT option for
compatability, which if set which enables the old protocol, setting
BINDER_CURRENT_PROTOCOL_VERSION to 7, on 32 bit systems.

Please note that all 64bit kernels will use the 64bit Binder ABI.

Change-Id: If54f075787a6bb261012eb73295eb4f83a8c91c9
Cc: Colin Cross <ccross@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Serban Constantinescu <serban.constantinescu@arm.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
[jstultz: Merged with upstream type changes. Various whitespace fixes
and longer Kconfig description for checkpatch. Included improved commit
message from Serban (with a few tweaks).]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agoStaging: android: add __user annotation in binder.c
Bojan Prtvar [Sun, 1 Sep 2013 18:30:38 +0000 (20:30 +0200)]
Staging: android: add __user annotation in binder.c

This fixes the following sparse error
drivers/staging/android/binder.c:1795:36: error: incompatible types in comparison expression (different address spaces)

Change-Id: I3824cb700d0de0e24c94771b1441e639d7d4d18b
Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agoStaging: android: Mark local functions in binder.c as static
Bojan Prtvar [Mon, 2 Sep 2013 06:18:40 +0000 (08:18 +0200)]
Staging: android: Mark local functions in binder.c as static

This fixes the following sparse warnings
drivers/staging/android/binder.c:1703:5: warning: symbol 'binder_thread_write' was not declared. Should it be static?
drivers/staging/android/binder.c:2058:6: warning: symbol 'binder_stat_br' was not declared. Should it be static?

Change-Id: Ib3fadafe30b5ffa3776270574809823e898caac3
Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9 years agoRevert "Add security hooks to binder and implement the hooks for SELinux."
Riley Andrews [Mon, 12 Jan 2015 21:52:20 +0000 (13:52 -0800)]
Revert "Add security hooks to binder and implement the hooks for SELinux."

This reverts commit 6e6d8f546c36b161067efa5e0518f56be0200e77.

Change-Id: I8f0dba7c90f2c2d285d14696277e1ec7d48978d3

9 years agoRevert "staging: binder: Change binder mutex to rtmutex."
Riley Andrews [Mon, 12 Jan 2015 21:47:28 +0000 (13:47 -0800)]
Revert "staging: binder: Change binder mutex to rtmutex."

This reverts commit 5d03bd0fdd66d3472386864cf32b4b82dda8d1a5.

9 years agoRevert "Staging: android: binder: Support concurrent 32 bit and 64 bit processes."
Riley Andrews [Sat, 10 Jan 2015 03:10:36 +0000 (19:10 -0800)]
Revert "Staging: android: binder: Support concurrent 32 bit and 64 bit processes."

This reverts commit 2d595dc92ae19b49e4c1ebb1f8e3b461a2d06592.

Change-Id: I1e4e306fa38f851b3044abb8a7c929c298c14812

9 years agoRevert "ARM: tegra: flounder: stick to 32bit binder for now."
Riley Andrews [Sat, 10 Jan 2015 03:10:24 +0000 (19:10 -0800)]
Revert "ARM: tegra: flounder: stick to 32bit binder for now."

This reverts commit 8179b7b7fe7e0ee85f670d109de6d7e3be46b2a9.

Change-Id: Iba8c90cc88b39dd357ecbd7c942469966b53f123

9 years agoRevert "Staging: android: binder: More offset validation."
Riley Andrews [Sat, 10 Jan 2015 03:08:03 +0000 (19:08 -0800)]
Revert "Staging: android: binder: More offset validation."

This reverts commit 3fac2c119f537d4d8fea3f0b9063d72f44857b82.

Change-Id: I8840b43eceff9ef52d9bae2079d22046488a4ec2

9 years agoirq: pm: Remove unused variable
Dmitry Shmidt [Tue, 13 Jan 2015 21:52:49 +0000 (13:52 -0800)]
irq: pm: Remove unused variable

Change-Id: Ie4311b554628af878cd80fd0abc03b2be294f0bf
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
9 years agowlan: Add get_wake_irq functionality
Dmitry Shmidt [Mon, 12 Jan 2015 21:42:05 +0000 (13:42 -0800)]
wlan: Add get_wake_irq functionality

Change-Id: Ic41f06c509b2e625dc9ec4131903db6920c5fd4e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
9 years agoARM: pull in <asm/simd.h> from asm-generic
Ard Biesheuvel [Fri, 20 Sep 2013 07:57:37 +0000 (09:57 +0200)]
ARM: pull in <asm/simd.h> from asm-generic

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
9 years agoARM: move VFP init to an earlier boot stage
Ard Biesheuvel [Wed, 22 May 2013 08:38:53 +0000 (10:38 +0200)]
ARM: move VFP init to an earlier boot stage

In order to use the NEON unit in the kernel, we should
initialize it a bit earlier in the boot process so NEON users
that like to do a quick benchmark at load time (like the
xor_blocks or RAID-6 code) find the NEON/VFP unit already
enabled.

Replaced late_initcall() with core_initcall().

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
9 years agoARM: 7837/3: fix Thumb-2 bug in AES assembler code
Ard Biesheuvel [Sat, 21 Sep 2013 10:23:50 +0000 (11:23 +0100)]
ARM: 7837/3: fix Thumb-2 bug in AES assembler code

Patch 638591c enabled building the AES assembler code in Thumb2 mode.
However, this code used arithmetic involving PC rather than adr{l}
instructions to generate PC-relative references to the lookup tables,
and this needs to take into account the different PC offset when
running in Thumb mode.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agoARM: add support for kernel mode NEON
Ard Biesheuvel [Thu, 16 May 2013 09:41:48 +0000 (11:41 +0200)]
ARM: add support for kernel mode NEON

In order to safely support the use of NEON instructions in
kernel mode, some precautions need to be taken:
- the userland context that may be present in the registers (even
  if the NEON/VFP is currently disabled) must be stored under the
  correct task (which may not be 'current' in the UP case),
- to avoid having to keep track of additional vfpstates for the
  kernel side, disallow the use of NEON in interrupt context
  and run with preemption disabled,
- after use, re-enable preemption and re-enable the lazy restore
  machinery by disabling the NEON/VFP unit.

This patch adds the functions kernel_neon_begin() and
kernel_neon_end() which take care of the above. It also adds
the Kconfig symbol KERNEL_MODE_NEON to enable it.

Change-Id: I286f9d414e87568f094b7782762faea46c6d4831
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Chris Fries <cfries@motorola.com>
9 years agoARM: 8120/1: crypto: sha512: add ARM NEON implementation
Jussi Kivilinna [Tue, 29 Jul 2014 16:15:24 +0000 (17:15 +0100)]
ARM: 8120/1: crypto: sha512: add ARM NEON implementation

This patch adds ARM NEON assembly implementation of SHA-512 and SHA-384
algorithms.

tcrypt benchmark results on Cortex-A8, sha512-generic vs sha512-neon-asm:

block-size      bytes/update    old-vs-new
16              16              2.99x
64              16              2.67x
64              64              3.00x
256             16              2.64x
256             64              3.06x
256             256             3.33x
1024            16              2.53x
1024            256             3.39x
1024            1024            3.52x
2048            16              2.50x
2048            256             3.41x
2048            1024            3.54x
2048            2048            3.57x
4096            16              2.49x
4096            256             3.42x
4096            1024            3.56x
4096            4096            3.59x
8192            16              2.48x
8192            256             3.42x
8192            1024            3.56x
8192            4096            3.60x
8192            8192            3.60x

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agoARM: 8119/1: crypto: sha1: add ARM NEON implementation
Jussi Kivilinna [Tue, 29 Jul 2014 16:14:14 +0000 (17:14 +0100)]
ARM: 8119/1: crypto: sha1: add ARM NEON implementation

This patch adds ARM NEON assembly implementation of SHA-1 algorithm.

tcrypt benchmark results on Cortex-A8, sha1-arm-asm vs sha1-neon-asm:

block-size      bytes/update    old-vs-new
16              16              1.04x
64              16              1.02x
64              64              1.05x
256             16              1.03x
256             64              1.04x
256             256             1.30x
1024            16              1.03x
1024            256             1.36x
1024            1024            1.52x
2048            16              1.03x
2048            256             1.39x
2048            1024            1.55x
2048            2048            1.59x
4096            16              1.03x
4096            256             1.40x
4096            1024            1.57x
4096            4096            1.62x
8192            16              1.03x
8192            256             1.40x
8192            1024            1.58x
8192            4096            1.63x
8192            8192            1.63x

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agoARM: 8118/1: crypto: sha1/make use of common SHA-1 structures
Jussi Kivilinna [Tue, 29 Jul 2014 16:14:09 +0000 (17:14 +0100)]
ARM: 8118/1: crypto: sha1/make use of common SHA-1 structures

Common SHA-1 structures are defined in <crypto/sha.h> for code sharing.

This patch changes SHA-1/ARM glue code to use these structures.

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agocrypto: arm-aes - fix encryption of unaligned data
Mikulas Patocka [Fri, 25 Jul 2014 23:42:30 +0000 (19:42 -0400)]
crypto: arm-aes - fix encryption of unaligned data

Fix the same alignment bug as in arm64 - we need to pass residue
unprocessed bytes as the last argument to blkcipher_walk_done.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org # 3.13+
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoCRYPTO: Fix more AES build errors
Russell King [Thu, 2 Jan 2014 17:14:45 +0000 (17:14 +0000)]
CRYPTO: Fix more AES build errors

Building a multi-arch kernel results in:

arch/arm/crypto/built-in.o: In function `aesbs_xts_decrypt':
sha1_glue.c:(.text+0x15c8): undefined reference to `bsaes_xts_decrypt'
arch/arm/crypto/built-in.o: In function `aesbs_xts_encrypt':
sha1_glue.c:(.text+0x1664): undefined reference to `bsaes_xts_encrypt'
arch/arm/crypto/built-in.o: In function `aesbs_ctr_encrypt':
sha1_glue.c:(.text+0x184c): undefined reference to `bsaes_ctr32_encrypt_blocks'
arch/arm/crypto/built-in.o: In function `aesbs_cbc_decrypt':
sha1_glue.c:(.text+0x19b4): undefined reference to `bsaes_cbc_encrypt'

This code is already runtime-conditional on NEON being supported, so
there's no point compiling it out depending on the minimum build
architecture.

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agoARM: add .gitignore entry for aesbs-core.S
Russell King [Mon, 7 Oct 2013 14:43:53 +0000 (15:43 +0100)]
ARM: add .gitignore entry for aesbs-core.S

This avoids this file being incorrectly added to git.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
9 years agoARM: add support for bit sliced AES using NEON instructions
Ard Biesheuvel [Mon, 16 Sep 2013 16:31:38 +0000 (18:31 +0200)]
ARM: add support for bit sliced AES using NEON instructions

Bit sliced AES gives around 45% speedup on Cortex-A15 for encryption
and around 25% for decryption. This implementation of the AES algorithm
does not rely on any lookup tables so it is believed to be invulnerable
to cache timing attacks.

This algorithm processes up to 8 blocks in parallel in constant time. This
means that it is not usable by chaining modes that are strictly sequential
in nature, such as CBC encryption. CBC decryption, however, can benefit from
this implementation and runs about 25% faster. The other chaining modes
implemented in this module, XTS and CTR, can execute fully in parallel in
both directions.

The core code has been adopted from the OpenSSL project (in collaboration
with the original author, on cc). For ease of maintenance, this version is
identical to the upstream OpenSSL code, i.e., all modifications that were
required to make it suitable for inclusion into the kernel have been made
upstream. The original can be found here:

    http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f6a6130

Note to integrators:
While this implementation is significantly faster than the existing table
based ones (generic or ARM asm), especially in CTR mode, the effects on
power efficiency are unclear as of yet. This code does fundamentally more
work, by calculating values that the table based code obtains by a simple
lookup; only by doing all of that work in a SIMD fashion, it manages to
perform better.

Cc: Andy Polyakov <appro@openssl.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>