Al Viro [Wed, 15 May 2013 17:52:59 +0000 (13:52 -0400)]
[readdir] introduce iterate_dir() and dir_context
iterate_dir(): new helper, replacing vfs_readdir().
struct dir_context: contains the readdir callback (and will get more stuff
in it), embedded into whatever data that callback wants to deal with;
eventually, we'll be passing it to ->readdir() replacement instead of
(data,filldir) pair.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Thu, 16 May 2013 05:17:58 +0000 (01:17 -0400)]
[readdir] convert squashfs
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cong Wang [Tue, 15 Apr 2014 23:25:34 +0000 (16:25 -0700)]
ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif
As suggested by Julian:
Simply, flowi4_iif must not contain 0, it does not
look logical to ignore all ip rules with specified iif.
because in fib_rule_match() we do:
if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
goto out;
flowi4_iif should be LOOPBACK_IFINDEX by default.
We need to move LOOPBACK_IFINDEX to include/net/flow.h:
1) It is mostly used by flowi_iif
2) Fix the following compile error if we use it in flow.h
by the patches latter:
In file included from include/linux/netfilter.h:277:0,
from include/net/netns/netfilter.h:5,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/linux/icmpv6.h:12,
from include/linux/ipv6.h:61,
from include/net/ipv6.h:16,
from include/linux/sunrpc/clnt.h:27,
from include/linux/nfs_fs.h:30,
from init/do_mounts.c:32:
include/net/flow.h: In function ‘flowi4_init_output’:
include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)
[Backport of net-next
6a662719c9868b3d6c7d26b3a085f0cd3cc15e64]
Change-Id: Ib7a0a08d78c03800488afa1b2c170cb70e34cfd9
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Richard Weinberger [Fri, 19 Jul 2013 09:35:32 +0000 (11:35 +0200)]
um: remove dead code
"me" is not used.
[cherry-pick of upstream
9e82d450531c79b18ab18c9b9645cdd9db31ee98]
Change-Id: Ifc3550184931dddf8feebd6c3137e60b97f6a0f1
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Richard Weinberger [Fri, 19 Jul 2013 09:31:36 +0000 (11:31 +0200)]
um: siginfo cleanup
Currently we use both struct siginfo and siginfo_t.
Let's use struct siginfo internally to avoid ongoing
compiler warning. We are allowed to do so because
struct siginfo and siginfo_t are equivalent.
[cherry-pick of upstream
9a8c1359571c5d5e2fbc43cf457a6486b70a70cb]
Change-Id: I564775c9ed515c39ffff7d7d600a85d50291f31d
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Lorenzo Colitti [Thu, 15 May 2014 23:38:41 +0000 (16:38 -0700)]
net: ipv6: make "ip -6 route get mark xyz" work.
Currently, "ip -6 route get mark xyz" ignores the mark passed in
by userspace. Make it honour the mark, just like IPv4 does.
[net-next commit
2e47b291953c35afa4e20a65475954c1a1b9afe1]
Change-Id: Ief6cd1e1b7e43dc0d008b7e692be62cadc5cc7ca
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mark Salyzyn [Mon, 2 Mar 2015 17:04:10 +0000 (09:04 -0800)]
android: base-cfg: turn off /dev/mem and /dev/kmem
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug:
19549480
Change-Id: Icd43da8712efab46aa70590311c0fb170a9e124c
Rom Lemarchand [Fri, 6 Feb 2015 00:07:59 +0000 (16:07 -0800)]
kbuild: make it possible to specify the module output dir
Make modinst_dir user-defined on the command line.
This allows to do things like:
make MODLIB=output/ modinst_dir=. modules_install
to ensure all the .ko are in the output/ directory.
Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151
Signed-off-by: Rom Lemarchand <romlem@android.com>
(cherry picked from commit
ae7f28e5aa168a008c153ccff7cc437066d016c3)
Mohamad Ayyash [Wed, 14 Jan 2015 03:20:44 +0000 (19:20 -0800)]
xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
It prevents a kernel panic when accessing sk->sk_socket fields due to NULLing sk->sk_socket when sock_orphan is called through
sk_common_release.
Change-Id: I4aa46b4e2d8600e4d4ef8dcdd363aa4e6e5f8433
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
(cherry picked from commit
cdea0ebcb8bcfe57688f6cb692b49e550ebd9796)
Sabrina Dubroca [Wed, 10 Sep 2014 21:23:02 +0000 (23:23 +0200)]
ipv6: clean up anycast when an interface is destroyed
If we try to rmmod the driver for an interface while sockets with
setsockopt(JOIN_ANYCAST) are alive, some refcounts aren't cleaned up
and we get stuck on:
unregister_netdevice: waiting for ens3 to become free. Usage count = 1
If we LEAVE_ANYCAST/close everything before rmmod'ing, there is no
problem.
We need to perform a cleanup similar to the one for multicast in
addrconf_ifdown(how == 1).
BUG:
18902601
Change-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Amit Pundir [Fri, 16 Jan 2015 00:11:10 +0000 (05:41 +0530)]
usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[ 136.724761] Unable to handle kernel NULL pointer dereference at virtual address
00000064
[ 136.724809] pgd =
c0204000
[ 136.731924] [
00000064] *pgd=
00000000
[ 136.737830] Internal error: Oops: 5 [#1] SMP ARM
[ 136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
3.18.0-rc4-00400-gf75300e-dirty #76
[ 136.742788] task:
c0fb19d8 ti:
c0fa4000 task.ti:
c0fa4000
[ 136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[ 136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----
This patch adds a test to check if USB Accessory device exists before freeing HIDs.
Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit
32a71bce154cb89a549b9b7d28e8cf03b889d849)
Rom Lemarchand [Sat, 24 Jan 2015 23:08:42 +0000 (15:08 -0800)]
staging: android: ashmem: add missing include
Include <linux/types.h> into ashmem.h to ensure referenced types are defined
Signed-off-by: Rom Lemarchand <romlem@android.com>
Change-Id: Iac18ed86dd47296d02a269607b1514724aaa9958
Jack Pham [Wed, 19 Feb 2014 06:16:19 +0000 (22:16 -0800)]
usb: gadget: android: Save/restore ep0 completion function
The android_setup() function currently gives the f_accessory
setup function first opportunity to handle control requests
in order to support Android Open Accessory (AOA) hosts. That
function makes use of cdev->req and overrides its completion
function, but not in all cases. Thus, if a later request uses
the same request pointer but doesn't (re)set req->complete it
could result in the wrong completion function being called and
causing invalid memory access.
One way to fix this would be to explicitly set req->complete in
all cases but that might require auditing all function drivers
that have ep0 handling. Instead, note that the composite device
had already initially set cdev->req->complete and simply cache
and restore that pointer at the start of android_setup().
Change-Id: I33bcd17bd20687a349d537d1013b52a2afef6996
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Stephen Smalley [Wed, 21 Jan 2015 18:59:39 +0000 (13:59 -0500)]
selinux: Remove obsolete selinux_audit_data initialization.
Commit
899838b25f063a94594b1df6e0100aea1ec57fac eliminated the need
to initialize selinux_audit_data except in the slow path, when it is
handled by slow_avc_audit(). That commit removed all other initializations
of selinux_audit_data but this one remained since the binder security
hooks are not yet upstream (posted them to linux-kernel today).
Change-Id: I735e4500cde23275686cb3208068cbf8dd7bccd7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Paul Moore [Wed, 10 Sep 2014 21:09:57 +0000 (17:09 -0400)]
selinux: make the netif cache namespace aware
While SELinux largely ignores namespaces, for good reason, there are
some places where it needs to at least be aware of namespaces in order
to function correctly. Network namespaces are one example. Basic
awareness of network namespaces are necessary in order to match a
network interface's index number to an actual network device.
This patch corrects a problem with network interfaces added to a
non-init namespace, and can be reproduced with the following commands:
[NOTE: the NetLabel configuration is here only to active the dynamic
networking controls ]
# netlabelctl unlbl add default address:0.0.0.0/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl unlbl add default address:::/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl cipsov4 add pass doi:100 tags:1
# netlabelctl map add domain:lspp_test_netlabel_t \
protocol:cipsov4,100
# ip link add type veth
# ip netns add myns
# ip link set veth1 netns myns
# ip a add dev veth0 10.250.13.100/24
# ip netns exec myns ip a add dev veth1 10.250.13.101/24
# ip l set veth0 up
# ip netns exec myns ip l set veth1 up
# ping -c 1 10.250.13.101
# ip netns exec myns ping -c 1 10.250.13.100
Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Paul Moore [Wed, 19 Mar 2014 20:46:18 +0000 (16:46 -0400)]
selinux: correctly label /proc inodes in use before the policy is loaded
commit
f64410ec665479d7b4b77b7519e814253ed0f686 upstream.
This patch is based on an earlier patch by Eric Paris, he describes
the problem below:
"If an inode is accessed before policy load it will get placed on a
list of inodes to be initialized after policy load. After policy
load we call inode_doinit() which calls inode_doinit_with_dentry()
on all inodes accessed before policy load. In the case of inodes
in procfs that means we'll end up at the bottom where it does:
/* Default to the fs superblock SID. */
isec->sid = sbsec->sid;
if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
if (opt_dentry) {
isec->sclass = inode_mode_to_security_class(...)
rc = selinux_proc_get_sid(opt_dentry,
isec->sclass,
&sid);
if (rc)
goto out_unlock;
isec->sid = sid;
}
}
Since opt_dentry is null, we'll never call selinux_proc_get_sid()
and will leave the inode labeled with the label on the superblock.
I believe a fix would be to mimic the behavior of xattrs. Look
for an alias of the inode. If it can't be found, just leave the
inode uninitialized (and pick it up later) if it can be found, we
should be able to call selinux_proc_get_sid() ..."
On a system exhibiting this problem, you will notice a lot of files in
/proc with the generic "proc_t" type (at least the ones that were
accessed early in the boot), for example:
# ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
system_u:object_r:proc_t:s0 /proc/sys/kernel/shmmax
However, with this patch in place we see the expected result:
# ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
system_u:object_r:sysctl_kernel_t:s0 /proc/sys/kernel/shmmax
Change-Id: I7742b4b7e53b45e4dd13d99c39553a927aa4a7e9
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Stephen Smalley [Mon, 6 Oct 2014 20:32:52 +0000 (16:32 -0400)]
selinux: fix inode security list corruption
commit
923190d32de4428afbea5e5773be86bea60a9925 upstream.
sb_finish_set_opts() can race with inode_free_security()
when initializing inode security structures for inodes
created prior to initial policy load or by the filesystem
during ->mount(). This appears to have always been
a possible race, but commit
3dc91d4 ("SELinux: Fix possible
NULL pointer dereference in selinux_inode_permission()")
made it more evident by immediately reusing the unioned
list/rcu element of the inode security structure for call_rcu()
upon an inode_free_security(). But the underlying issue
was already present before that commit as a possible use-after-free
of isec.
Shivnandan Kumar reported the list corruption and proposed
a patch to split the list and rcu elements out of the union
as separate fields of the inode_security_struct so that setting
the rcu element would not affect the list element. However,
this would merely hide the issue and not truly fix the code.
This patch instead moves up the deletion of the list entry
prior to dropping the sbsec->isec_lock initially. Then,
if the inode is dropped subsequently, there will be no further
references to the isec.
Change-Id: I7c56670bddbb896f159701651758d2e7f739dff8
Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Paul Moore [Fri, 28 Feb 2014 12:23:24 +0000 (07:23 -0500)]
selinux: put the mmap() DAC controls before the MAC controls
commit
0909c0ae999c325b9d34c6f4710f40730ae3bc24 upstream.
It turns out that doing the SELinux MAC checks for mmap() before the
DAC checks was causing users and the SELinux policy folks headaches
as users were seeing a lot of SELinux AVC denials for the
memprotect:mmap_zero permission that would have also been denied by
the normal DAC capability checks (CAP_SYS_RAWIO).
Example:
# cat mmap_test.c
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <sys/mman.h>
int main(int argc, char *argv[])
{
int rc;
void *mem;
mem = mmap(0x0, 4096,
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
if (mem == MAP_FAILED)
return errno;
printf("mem = %p\n", mem);
munmap(mem, 4096);
return 0;
}
# gcc -g -O0 -o mmap_test mmap_test.c
# ./mmap_test
mem = (nil)
# ausearch -m AVC | grep mmap_zero
type=AVC msg=audit(...): avc: denied { mmap_zero }
for pid=1025 comm="mmap_test"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=memprotect
This patch corrects things so that when the above example is run by a
user without CAP_SYS_RAWIO the SELinux AVC is no longer generated as
the DAC capability check fails before the SELinux permission check.
Change-Id: Ic3b2ef30d13c15ca7c60adbd3c3b93ebe251c7bc
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Paul Moore [Thu, 26 Jun 2014 18:33:56 +0000 (14:33 -0400)]
selinux: reduce the number of calls to synchronize_net() when flushing caches
commit
615e51fdda6f274e94b1e905fcaf6111e0d9aa20 upstream.
When flushing the AVC, such as during a policy load, the various
network caches are also flushed, with each making a call to
synchronize_net() which has shown to be expensive in some cases.
This patch consolidates the network cache flushes into a single AVC
callback which only calls synchronize_net() once for each AVC cache
flush.
Change-Id: I2a7f020748d1adf2b68246f6ef86d0c871adffb7
Reported-by: Jaejyn Shin <flagon22bass@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Mark Salyzyn [Wed, 7 Jan 2015 17:27:15 +0000 (09:27 -0800)]
[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs
- add "pstore" and "debugfs" to list of in-core exceptions
- change fstype checks to boolean equation
- change from strncmp to strcmp for checking
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug:
18917345
Bug:
18935184
Change-Id: Ib648f30ce4b5d6c96f11465836d6fee89bec1c72
Richard Haines [Tue, 19 Nov 2013 22:34:23 +0000 (17:34 -0500)]
SELinux: Update policy version to support constraints info
Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow
holding of policy source info for constraints.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 4/5] pstore: add pmsg
A secured user-space accessible pstore object. Writes
to /dev/pmsg0 are appended to the buffer, on reboot
the persistent contents are available in
/sys/fs/pstore/pmsg-ramoops-[ID].
One possible use is syslogd, or other daemon, can
write messages, then on reboot provides a means to
triage user-space activities leading up to a panic
as a companion to the pstore dmesg or console logs.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
v2: switch from snprintf to scnprintf
v3: split out prz_ok checking into PATCH 3/5
replace pmsg_lseek with noop_llseek
use pr_fmt() macro
make write atomic and use a vmalloc'd bounce buffer
v4: use mutex_lock instead of spin_lock.
Change-Id: I82a2a9a989d7583c5fcb65ff520027dc3a034a4c
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH 3/5] pstore: handle zero-sized prz in series
Corrects a problem wih ramoops_pstore_read failing to
return the next in a prz series after first zero-sized
entry, not venturing to the next non-zero entry.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Change-Id: Iedce3b94c13917da33be44e1d80811757774c793
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v2 2/5] pstore: remove superfluous memory size check
All previous checks will fail with error if memory size
is not sufficient to register a zone, so this legacy
check has become redundant.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Kees Cook <keescook@chromium.org>
v2: renumber pmsg series dependencies
Change-Id: Ie21c988ae0b1ebb0dafa6c0c0b069e9cfe1e8506
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 1/5] pstore: use snprintf
No guarantees that the names will not exceed the
name buffer with future adjustments.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Joe Perches <joe@perches.com>
v2: switch from snprintf to scnprintf
v3: remove embedded space
v4: renumber pmsg series dependencies
Change-Id: I161fe8cadc967d74e18cc09b7d60b5b398c92c86
Liu ShuoX [Mon, 17 Mar 2014 00:24:49 +0000 (11:24 +1100)]
pstore: clarify clearing of _read_cnt in ramoops_context
*_read_cnt in ramoops_context need to be cleared during pstore ->open to
support mutli times getting the records. The patch added missed
ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe.
Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>
Cc: Colin Cross <ccross@android.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Change-Id: I98622b2587ed661884e74a7273cfc92ee99eaae3
Micha Kalfon [Tue, 13 Jan 2015 10:12:57 +0000 (12:12 +0200)]
prctl: make PR_SET_TIMERSLACK_PID pid namespace aware
Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the
target pid in the caller's namespace. Otherwise, calls from pid
namespace other than init would fail or affect the wrong task.
Change-Id: I1da15196abc4096536713ce03714e99d2e63820a
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
Micha Kalfon [Tue, 13 Jan 2015 09:47:20 +0000 (11:47 +0200)]
prctl: fix misplaced PR_SET_TIMERSLACK_PID case
The case clause for the PR_SET_TIMERSLACK_PID option was placed inside
the an internal switch statement for PR_MCE_KILL (see commits
37a591d4
and
8ae872f1) . This commit moves it to the right place.
Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
Stephen Smalley [Mon, 5 Nov 2012 13:15:34 +0000 (08:15 -0500)]
Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.
Change-Id: I34266b66320b6a3df9ac01833d7f94daf742920e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Riley Andrews [Sat, 27 Sep 2014 00:36:36 +0000 (17:36 -0700)]
android: binder: Change binder mutex to rtmutex.
Surfaceflinger uses binder heavily to receive/send frames from applications
while compositing the screen. Change the binder mutex to an rt mutex to minimize
instances where high priority surfaceflinger binder work is blocked by lower
priority binder ipc.
Change-Id: If7429040641d6e463f20301ec14f02ecf6b0da36
Signed-off-by: Riley Andrews <riandrews@google.com>
Arve Hjønnevåg [Fri, 14 Feb 2014 04:25:06 +0000 (20:25 -0800)]
android: binder: More offset validation.
Make sure offsets don't point to overlapping flat_binder_object
structs.
Change-Id: I85c759b9c6395492474b177625dc6b0b289fd6b0
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Greg Kroah-Hartman [Thu, 16 Oct 2014 13:26:51 +0000 (15:26 +0200)]
android: binder: remove binder.h
binder.h isn't needed to just include a uapi file and set a single
define, so move it into binder.c to save a few lines of code.
Change-Id: Idcd0aba576295bbe0ddf5d18c4b1d1e8efdc8c84
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Thu, 16 Oct 2014 12:40:38 +0000 (14:40 +0200)]
staging: android: binder: move to the "real" part of the kernel
The Android binder code has been "stable" for many years now. No matter
what comes in the future, we are going to have to support this API, so
might as well move it to the "real" part of the kernel as there's no
real work that needs to be done to the existing code.
Change-Id: I36d5c6fc05aff26dd01a227201be18e86c9f9994
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dmitry Voytik [Mon, 8 Sep 2014 14:16:34 +0000 (18:16 +0400)]
staging: binder: fix coding style issues
Fix coding style issues:
* put braces in all if-else branches;
* limit the length of changed lines to 80 columns.
checkpatch.pl warning count reduces by 3.
Change-Id: I1796588ef0f358780445203c5afa87361ab2bf73
Signed-off-by: Dmitry Voytik <voytikd@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Panlener [Thu, 4 Sep 2014 03:44:03 +0000 (22:44 -0500)]
staging: android: Break up a long line in binder_send_failed_reply
Kernel coding style. Breaking long lines and strings.
Change-Id: Ie1af1f3bcfef547ab69f873f2e86ee37c8c23caf
Signed-off-by: William Panlener <wpanlener@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Purnendu Kapadia [Fri, 15 Aug 2014 17:20:30 +0000 (18:20 +0100)]
staging: android: fix attribute as suggested by checkpatch
we should use __packed attribute
Change-Id: I9c74b57799bc6787d54cf6e2563adc96dff666d2
Signed-off-by: Purnendu Kapadia <pro8linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lucas Tanure [Mon, 14 Jul 2014 00:31:05 +0000 (21:31 -0300)]
staging: android: Clean up else statement from binder_send_failed_reply
Kernel coding style. Remove useless else statement after return.
Changes from v1 and v2: Fix warning for mixed declarations and code.
Declaration of "struct binder_transaction *next" made outside of while.
Changes from v3: Removed initialization to NULL for next variable.
Change-Id: I1ec8b512130595b90098126acf562e58eeca8458
Signed-off-by: Lucas Tanure <tanure@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Riley Andrews [Mon, 12 Jan 2015 22:01:03 +0000 (14:01 -0800)]
staging: android: binder.c: binder_ioctl() cleanup
binder_ioctl() is quite huge and checkpatch dirty - mostly because of
the amount of code for the BINDER_WRITE_READ and BINDER_SET_CONTEXT_MGR.
Moved that code into the new binder_ioctl_write_read() and
binder_ioctl_set_ctx_mgr()
Change-Id: I9c5cea46a570ca91768e5aa7b11c7178bdbb667d
Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com>
Cc: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vinayak Menon [Mon, 2 Jun 2014 12:47:59 +0000 (18:17 +0530)]
staging: binder: add vm_fault handler
An issue was observed when a userspace task exits.
The page which hits error here is the zero page.
In binder mmap, the whole of vma is not mapped.
On a task crash, when debuggerd reads the binder regions,
the unmapped areas fall to do_anonymous_page in handle_pte_fault,
due to the absence of a vm_fault handler. This results in
zero page being mapped. Later in zap_pte_range, vm_normal_page
returns zero page in the case of VM_MIXEDMAP and it results in the
error.
BUG: Bad page map in process mediaserver pte:
9dff379f pmd:
9bfbd831
page:
c0ed8e60 count:1 mapcount:-1 mapping: (null) index:0x0
page flags: 0x404(referenced|reserved)
addr:
40c3f000 vm_flags:
10220051 anon_vma: (null) mapping:
d9fe0764 index:fd
vma->vm_ops->fault: (null)
vma->vm_file->f_op->mmap: binder_mmap+0x0/0x274
CPU: 0 PID: 1463 Comm: mediaserver Tainted: G W 3.10.17+ #1
[<
c001549c>] (unwind_backtrace+0x0/0x11c) from [<
c001200c>] (show_stack+0x10/0x14)
[<
c001200c>] (show_stack+0x10/0x14) from [<
c0103d78>] (print_bad_pte+0x158/0x190)
[<
c0103d78>] (print_bad_pte+0x158/0x190) from [<
c01055f0>] (unmap_single_vma+0x2e4/0x598)
[<
c01055f0>] (unmap_single_vma+0x2e4/0x598) from [<
c010618c>] (unmap_vmas+0x34/0x50)
[<
c010618c>] (unmap_vmas+0x34/0x50) from [<
c010a9e4>] (exit_mmap+0xc8/0x1e8)
[<
c010a9e4>] (exit_mmap+0xc8/0x1e8) from [<
c00520f0>] (mmput+0x54/0xd0)
[<
c00520f0>] (mmput+0x54/0xd0) from [<
c005972c>] (do_exit+0x360/0x990)
[<
c005972c>] (do_exit+0x360/0x990) from [<
c0059ef0>] (do_group_exit+0x84/0xc0)
[<
c0059ef0>] (do_group_exit+0x84/0xc0) from [<
c0066de0>] (get_signal_to_deliver+0x4d4/0x548)
[<
c0066de0>] (get_signal_to_deliver+0x4d4/0x548) from [<
c0011500>] (do_signal+0xa8/0x3b8)
Add a vm_fault handler which returns VM_FAULT_SIGBUS, and prevents the
wrong fallback to do_anonymous_page.
Change-Id: I43c227e489f74f4907f199caf99f571b61883064
Signed-off-by: Vinayak Menon <vinayakm.list@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Karthik Nayak [Sat, 21 Jun 2014 14:53:16 +0000 (20:23 +0530)]
Staging: Android: removed an unnecessary else statement
As per checkpatch warning, removed an unnecessary else statement
proceeding an if statement with a return.
Change-Id: I718d9ece6c8bac128c10ecaf904721410d701b60
Signed-off-by: Karthik Nayak <karthik.188@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tair Rzayev [Sat, 31 May 2014 19:43:34 +0000 (22:43 +0300)]
staging: android: binder.c: Use more appropriate functions for euid retrieval
Instead of getting the reference to whole credential structure, use
task_euid() and current_euid() to get it.
Change-Id: Id5b9d0305b5f90023415863e569988023aaae290
Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christian Engelmayer [Wed, 7 May 2014 19:44:53 +0000 (21:44 +0200)]
staging: binder: fix usage of uninit scalar in binder_transaction()
Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.
Change-Id: I6c960b7d3ad0adb28fad106a9a0b8cb934013987
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Arve <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jerry Snitselaar [Thu, 1 May 2014 06:58:55 +0000 (23:58 -0700)]
staging: binder: cleanup dereference of noderef expressions
Clean up sparse warnings for cred struct dereference.
Change-Id: I78059976c0488abfe9eb4e9f0b0f8ac10c7ef4f9
Signed-off-by: Jerry Snitselaar <dev@snitselaar.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Seunghun Lee [Wed, 30 Apr 2014 16:30:23 +0000 (01:30 +0900)]
staging: android: fix missing a blank line after declarations
This patch fixes "Missing a blank line after declarations" warnings.
Change-Id: Iede8a80f003eba36fd1f8d3ec8135d9d35c16ee9
Signed-off-by: Seunghun Lee <waydi1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mathieu Maret [Tue, 15 Apr 2014 10:03:05 +0000 (12:03 +0200)]
staging: binder: add __user annotation in binder.c
Add __user to binder_version to correct sparse warning.
Reduce line size to fit to coding style.
Change-Id: I8694fb5a082721c69d1596b2853c5d4899f6536b
Signed-off-by: Mathieu Maret <mathieu.maret@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Arve Hjønnevåg [Fri, 21 Feb 2014 22:40:26 +0000 (14:40 -0800)]
staging: binder: Support concurrent 32 bit and 64 bit processes.
For 64bit systems we want to use the same binder interface for 32bit and
64bit processes. Thus the size and the layout of the structures passed
between the kernel and the userspace has to be the same for both 32 and
64bit processes.
This change replaces all the uses of void* and size_t with
binder_uintptr_t and binder_size_t. These are then typedefed to specific
sizes depending on the use of the interface, as follows:
* __u32 - on legacy 32bit only userspace
* __u64 - on mixed 32/64bit userspace where all processes use the same
interface.
This change also increments the BINDER_CURRENT_PROTOCOL_VERSION to 8 and
hooks the compat_ioctl entry for the mixed 32/64bit Android userspace.
This patch also provides a CONFIG_ANDROID_BINDER_IPC_32BIT option for
compatability, which if set which enables the old protocol, setting
BINDER_CURRENT_PROTOCOL_VERSION to 7, on 32 bit systems.
Please note that all 64bit kernels will use the 64bit Binder ABI.
Change-Id: If54f075787a6bb261012eb73295eb4f83a8c91c9
Cc: Colin Cross <ccross@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Serban Constantinescu <serban.constantinescu@arm.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
[jstultz: Merged with upstream type changes. Various whitespace fixes
and longer Kconfig description for checkpatch. Included improved commit
message from Serban (with a few tweaks).]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bojan Prtvar [Sun, 1 Sep 2013 18:30:38 +0000 (20:30 +0200)]
Staging: android: add __user annotation in binder.c
This fixes the following sparse error
drivers/staging/android/binder.c:1795:36: error: incompatible types in comparison expression (different address spaces)
Change-Id: I3824cb700d0de0e24c94771b1441e639d7d4d18b
Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bojan Prtvar [Mon, 2 Sep 2013 06:18:40 +0000 (08:18 +0200)]
Staging: android: Mark local functions in binder.c as static
This fixes the following sparse warnings
drivers/staging/android/binder.c:1703:5: warning: symbol 'binder_thread_write' was not declared. Should it be static?
drivers/staging/android/binder.c:2058:6: warning: symbol 'binder_stat_br' was not declared. Should it be static?
Change-Id: Ib3fadafe30b5ffa3776270574809823e898caac3
Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Riley Andrews [Mon, 12 Jan 2015 21:52:20 +0000 (13:52 -0800)]
Revert "Add security hooks to binder and implement the hooks for SELinux."
This reverts commit
6e6d8f546c36b161067efa5e0518f56be0200e77.
Change-Id: I8f0dba7c90f2c2d285d14696277e1ec7d48978d3
Riley Andrews [Mon, 12 Jan 2015 21:47:28 +0000 (13:47 -0800)]
Revert "staging: binder: Change binder mutex to rtmutex."
This reverts commit
5d03bd0fdd66d3472386864cf32b4b82dda8d1a5.
Riley Andrews [Sat, 10 Jan 2015 03:10:36 +0000 (19:10 -0800)]
Revert "Staging: android: binder: Support concurrent 32 bit and 64 bit processes."
This reverts commit
2d595dc92ae19b49e4c1ebb1f8e3b461a2d06592.
Change-Id: I1e4e306fa38f851b3044abb8a7c929c298c14812
Riley Andrews [Sat, 10 Jan 2015 03:10:24 +0000 (19:10 -0800)]
Revert "ARM: tegra: flounder: stick to 32bit binder for now."
This reverts commit
8179b7b7fe7e0ee85f670d109de6d7e3be46b2a9.
Change-Id: Iba8c90cc88b39dd357ecbd7c942469966b53f123
Riley Andrews [Sat, 10 Jan 2015 03:08:03 +0000 (19:08 -0800)]
Revert "Staging: android: binder: More offset validation."
This reverts commit
3fac2c119f537d4d8fea3f0b9063d72f44857b82.
Change-Id: I8840b43eceff9ef52d9bae2079d22046488a4ec2
Dmitry Shmidt [Tue, 13 Jan 2015 21:52:49 +0000 (13:52 -0800)]
irq: pm: Remove unused variable
Change-Id: Ie4311b554628af878cd80fd0abc03b2be294f0bf
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Mon, 12 Jan 2015 21:42:05 +0000 (13:42 -0800)]
wlan: Add get_wake_irq functionality
Change-Id: Ic41f06c509b2e625dc9ec4131903db6920c5fd4e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Ard Biesheuvel [Fri, 20 Sep 2013 07:57:37 +0000 (09:57 +0200)]
ARM: pull in <asm/simd.h> from asm-generic
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ard Biesheuvel [Wed, 22 May 2013 08:38:53 +0000 (10:38 +0200)]
ARM: move VFP init to an earlier boot stage
In order to use the NEON unit in the kernel, we should
initialize it a bit earlier in the boot process so NEON users
that like to do a quick benchmark at load time (like the
xor_blocks or RAID-6 code) find the NEON/VFP unit already
enabled.
Replaced late_initcall() with core_initcall().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Ard Biesheuvel [Sat, 21 Sep 2013 10:23:50 +0000 (11:23 +0100)]
ARM: 7837/3: fix Thumb-2 bug in AES assembler code
Patch
638591c enabled building the AES assembler code in Thumb2 mode.
However, this code used arithmetic involving PC rather than adr{l}
instructions to generate PC-relative references to the lookup tables,
and this needs to take into account the different PC offset when
running in Thumb mode.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Ard Biesheuvel [Thu, 16 May 2013 09:41:48 +0000 (11:41 +0200)]
ARM: add support for kernel mode NEON
In order to safely support the use of NEON instructions in
kernel mode, some precautions need to be taken:
- the userland context that may be present in the registers (even
if the NEON/VFP is currently disabled) must be stored under the
correct task (which may not be 'current' in the UP case),
- to avoid having to keep track of additional vfpstates for the
kernel side, disallow the use of NEON in interrupt context
and run with preemption disabled,
- after use, re-enable preemption and re-enable the lazy restore
machinery by disabling the NEON/VFP unit.
This patch adds the functions kernel_neon_begin() and
kernel_neon_end() which take care of the above. It also adds
the Kconfig symbol KERNEL_MODE_NEON to enable it.
Change-Id: I286f9d414e87568f094b7782762faea46c6d4831
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Chris Fries <cfries@motorola.com>
Jussi Kivilinna [Tue, 29 Jul 2014 16:15:24 +0000 (17:15 +0100)]
ARM: 8120/1: crypto: sha512: add ARM NEON implementation
This patch adds ARM NEON assembly implementation of SHA-512 and SHA-384
algorithms.
tcrypt benchmark results on Cortex-A8, sha512-generic vs sha512-neon-asm:
block-size bytes/update old-vs-new
16 16 2.99x
64 16 2.67x
64 64 3.00x
256 16 2.64x
256 64 3.06x
256 256 3.33x
1024 16 2.53x
1024 256 3.39x
1024 1024 3.52x
2048 16 2.50x
2048 256 3.41x
2048 1024 3.54x
2048 2048 3.57x
4096 16 2.49x
4096 256 3.42x
4096 1024 3.56x
4096 4096 3.59x
8192 16 2.48x
8192 256 3.42x
8192 1024 3.56x
8192 4096 3.60x
8192 8192 3.60x
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jussi Kivilinna [Tue, 29 Jul 2014 16:14:14 +0000 (17:14 +0100)]
ARM: 8119/1: crypto: sha1: add ARM NEON implementation
This patch adds ARM NEON assembly implementation of SHA-1 algorithm.
tcrypt benchmark results on Cortex-A8, sha1-arm-asm vs sha1-neon-asm:
block-size bytes/update old-vs-new
16 16 1.04x
64 16 1.02x
64 64 1.05x
256 16 1.03x
256 64 1.04x
256 256 1.30x
1024 16 1.03x
1024 256 1.36x
1024 1024 1.52x
2048 16 1.03x
2048 256 1.39x
2048 1024 1.55x
2048 2048 1.59x
4096 16 1.03x
4096 256 1.40x
4096 1024 1.57x
4096 4096 1.62x
8192 16 1.03x
8192 256 1.40x
8192 1024 1.58x
8192 4096 1.63x
8192 8192 1.63x
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jussi Kivilinna [Tue, 29 Jul 2014 16:14:09 +0000 (17:14 +0100)]
ARM: 8118/1: crypto: sha1/make use of common SHA-1 structures
Common SHA-1 structures are defined in <crypto/sha.h> for code sharing.
This patch changes SHA-1/ARM glue code to use these structures.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Mikulas Patocka [Fri, 25 Jul 2014 23:42:30 +0000 (19:42 -0400)]
crypto: arm-aes - fix encryption of unaligned data
Fix the same alignment bug as in arm64 - we need to pass residue
unprocessed bytes as the last argument to blkcipher_walk_done.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org # 3.13+
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Russell King [Thu, 2 Jan 2014 17:14:45 +0000 (17:14 +0000)]
CRYPTO: Fix more AES build errors
Building a multi-arch kernel results in:
arch/arm/crypto/built-in.o: In function `aesbs_xts_decrypt':
sha1_glue.c:(.text+0x15c8): undefined reference to `bsaes_xts_decrypt'
arch/arm/crypto/built-in.o: In function `aesbs_xts_encrypt':
sha1_glue.c:(.text+0x1664): undefined reference to `bsaes_xts_encrypt'
arch/arm/crypto/built-in.o: In function `aesbs_ctr_encrypt':
sha1_glue.c:(.text+0x184c): undefined reference to `bsaes_ctr32_encrypt_blocks'
arch/arm/crypto/built-in.o: In function `aesbs_cbc_decrypt':
sha1_glue.c:(.text+0x19b4): undefined reference to `bsaes_cbc_encrypt'
This code is already runtime-conditional on NEON being supported, so
there's no point compiling it out depending on the minimum build
architecture.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Mon, 7 Oct 2013 14:43:53 +0000 (15:43 +0100)]
ARM: add .gitignore entry for aesbs-core.S
This avoids this file being incorrectly added to git.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Ard Biesheuvel [Mon, 16 Sep 2013 16:31:38 +0000 (18:31 +0200)]
ARM: add support for bit sliced AES using NEON instructions
Bit sliced AES gives around 45% speedup on Cortex-A15 for encryption
and around 25% for decryption. This implementation of the AES algorithm
does not rely on any lookup tables so it is believed to be invulnerable
to cache timing attacks.
This algorithm processes up to 8 blocks in parallel in constant time. This
means that it is not usable by chaining modes that are strictly sequential
in nature, such as CBC encryption. CBC decryption, however, can benefit from
this implementation and runs about 25% faster. The other chaining modes
implemented in this module, XTS and CTR, can execute fully in parallel in
both directions.
The core code has been adopted from the OpenSSL project (in collaboration
with the original author, on cc). For ease of maintenance, this version is
identical to the upstream OpenSSL code, i.e., all modifications that were
required to make it suitable for inclusion into the kernel have been made
upstream. The original can be found here:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=
6f6a6130
Note to integrators:
While this implementation is significantly faster than the existing table
based ones (generic or ARM asm), especially in CTR mode, the effects on
power efficiency are unclear as of yet. This code does fundamentally more
work, by calculating values that the table based code obtains by a simple
lookup; only by doing all of that work in a SIMD fashion, it manages to
perform better.
Cc: Andy Polyakov <appro@openssl.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ard Biesheuvel [Sun, 15 Sep 2013 15:10:43 +0000 (17:10 +0200)]
ARM: move AES typedefs and function prototypes to separate header
Put the struct definitions for AES keys and the asm function prototypes in a
separate header and export the asm functions from the module.
This allows other drivers to use them directly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Greg Hackmann [Tue, 16 Dec 2014 23:59:51 +0000 (15:59 -0800)]
video: adf: fix wrong bitops in adf_modeinfo_to_fb_videomode()
Change-Id: I1296153e382c0b66b713a0e7d09665ed5961f13d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Lianwei Wang [Wed, 3 Dec 2014 01:20:50 +0000 (17:20 -0800)]
cpufreq: interactive: only boost tunable affected cpus
It is not correct to boost all the cpus when tunable boost
parameters are changed. It also does not need to boost the
cpus which is already boosted.
Signed-off-by: Lianwei Wang <a22439@motorola.com>
Erik Kline [Fri, 5 Dec 2014 10:45:10 +0000 (19:45 +0900)]
net: ipv6: allow choosing optimistic addresses with use_optimistic
The use_optimistic sysctl makes optimistic IPv6 addresses
equivalent to preferred addresses for source address selection
(e.g., when calling connect()), but it does not allow an
application to bind to optimistic addresses. This behaviour is
inconsistent - for example, it doesn't make sense for bind() to
an optimistic address fail with EADDRNOTAVAIL, but connect() to
choose that address outgoing address on the same socket.
Bug:
17769720
Bug:
18609055
Change-Id: I9de0d6c92ac45e29d28e318ac626c71806666f13
Signed-off-by: Erik Kline <ek@google.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Minsung Kim [Sat, 29 Nov 2014 12:43:53 +0000 (21:43 +0900)]
cpufreq: interactive: don't skip waking up speedchange_task if target_freq > policy->cur
When __cpufreq_driver_target() in speedchange_task failed for some reason, the
policy->cur could be lower than the target_freq. The governor misses to change
the target_freq if the target_freq is equal to the next_freq at the next sample
time.
Added a check to prevent the CPU to stay at the speed that is lower than the
target_freq for long duration.
Change-Id: Ibfdcd193b8280390b8f8374a63218aa31267f310
Signed-off-by: Minsung Kim <ms925.kim@samsung.com>
Lorenzo Colitti [Thu, 27 Nov 2014 06:12:10 +0000 (15:12 +0900)]
Make suspend abort reason logging depend on CONFIG_PM_SLEEP
This unbreaks the build on architectures such as um that do not
support CONFIG_PM_SLEEP.
Change-Id: Ia846ed0a7fca1d762ececad20748d23610e8544f
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Jane Zhou [Mon, 24 Nov 2014 19:44:08 +0000 (11:44 -0800)]
net/ping: handle protocol mismatching scenario
ping_lookup() may return a wrong sock if sk_buff's and sock's protocols
dont' match. For example, sk_buff's protocol is ETH_P_IPV6, but sock's
sk_family is AF_INET, in that case, if sk->sk_bound_dev_if is zero, a wrong
sock will be returned.
the fix is to "continue" the searching, if no matching, return NULL.
[cherry-pick of net
91a0b603469069cdcce4d572b7525ffc9fd352a6]
Bug:
18512516
Change-Id: I520223ce53c0d4e155c37d6b65a03489cc7fd494
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Jane Zhou <a17711@motorola.com>
Signed-off-by: Yiwei Zhao <gbjc64@motorola.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Greg Hackmann [Tue, 2 Dec 2014 00:13:30 +0000 (16:13 -0800)]
arch: arm64: force -fno-pic
The aarch64-linux-android- toolchain enables -fpic by default. -fpic
isn't needed for the kernel and breaks CONFIG_JUMP_LABEL, so turn it
off.
Change-Id: I685da1dc60e4cf1e9abcfb56e03654675ac02a0c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Riley Andrews [Sat, 27 Sep 2014 00:36:36 +0000 (17:36 -0700)]
staging: binder: Change binder mutex to rtmutex.
Surfaceflinger uses binder heavily to receive/send frames from applications
while compositing the screen. Change the binder mutex to an rt mutex to minimize
instances where high priority surfaceflinger binder work is blocked by lower
priority binder ipc.
Signed-off-by: Riley Andrews <riandrews@google.com>
Change-Id: I086a715267648448f0c5f62b037a3093d1079a79
Rom Lemarchand [Fri, 7 Nov 2014 17:42:40 +0000 (09:42 -0800)]
memcg: add permission check
Use the 'allow_attach' handler for the 'mem' cgroup to allow
non-root processes to add arbitrary processes to a 'mem' cgroup
if it has the CAP_SYS_NICE capability set.
Bug:
18260435
Change-Id: If7d37bf90c1544024c4db53351adba6a64966250
Signed-off-by: Rom Lemarchand <romlem@android.com>
Rom Lemarchand [Fri, 7 Nov 2014 20:48:17 +0000 (12:48 -0800)]
cgroup: refactor allow_attach function into common code
move cpu_cgroup_allow_attach to a common subsys_cgroup_allow_attach.
This allows any process with CAP_SYS_NICE to move tasks across cgroups if
they use this function as their allow_attach handler.
Bug:
18260435
Change-Id: I6bb4933d07e889d0dc39e33b4e71320c34a2c90f
Signed-off-by: Rom Lemarchand <romlem@android.com>
Vinod Koul [Tue, 7 Jan 2014 16:25:42 +0000 (21:55 +0530)]
ALSA: compress: add num_sample_rates in snd_codec_desc
this gives ability to convey the valid values of supported rates in
sample_rates array
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
929559be6d2c494e25bb58b730da4a78c1459e7b)
Signed-off-by: Yuchen Song <yuchens@nvidia.com>
Change-Id: Icfbb6d272a70c0a94719613c00bac18c5a0e3f87
Vinod Koul [Sat, 4 Jan 2014 11:29:13 +0000 (16:59 +0530)]
ALSA: compress: update struct snd_codec_desc for sample rate
Now that we don't use SNDRV_PCM_RATE_xxx bit fields for sample rate, we need to
change the description to an array for describing the sample rates supported by
the sink/source
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
b8bab04829ab190f71921d4180bda438ba6124ae)
Signed-off-by: Yuchen Song <yuchens@nvidia.com>
Change-Id: I6c2fa5a5034ec749e9d7a71c49a1108af2416848
Vinod Koul [Sat, 4 Jan 2014 11:29:12 +0000 (16:59 +0530)]
ALSA: compress: update comment for sample rate in snd_codec
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
d9afee6904caa7cf3c7f417f02e765db89d2b5dc)
Signed-off-by: Yuchen Song <yuchens@nvidia.com>
Change-Id: I7608d924613611222766a898a97c856a64c2eb68
Vinod Koul [Sat, 4 Jan 2014 11:29:11 +0000 (16:59 +0530)]
ALSA: compress: remove the sample rate check
commit
f0e9c080 - "ALSA: compress: change the way sample rates are sent to
kernel" changed the way sample rates are sent. So now we don't need to check for
PCM_RATE_xxx in kernel
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
2aac06f787940543fb37bfdb982eb99431bc6094)
Signed-off-by: Yuchen Song <yuchens@nvidia.com>
Change-Id: I6448d844fb31097bf33e52c23a7e38d6b089ce69
Vinod Koul [Mon, 16 Dec 2013 09:25:34 +0000 (14:55 +0530)]
ALSA: compress: change the way sample rates are sent to kernel
The usage of SNDRV_RATES is not effective as we can have rates like 12000 or
some other ones used by decoders. This change the usage of this to use the raw
Hz values to be sent to kernel
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
f0e9c08065dc31210fc4cf313c4ecaa088187dc5)
Signed-off-by: Yuchen Song <yuchens@nvidia.com>
Change-Id: Ia4c67405b9cf9aef9c641bce9b02a994939eae00
Erik Kline [Tue, 28 Oct 2014 09:11:14 +0000 (18:11 +0900)]
net: ipv6: Add a sysctl to make optimistic addresses useful candidates
Add a sysctl that causes an interface's optimistic addresses
to be considered equivalent to other non-deprecated addresses
for source address selection purposes. Preferred addresses
will still take precedence over optimistic addresses, subject
to other ranking in the source address selection algorithm.
This is useful where different interfaces are connected to
different networks from different ISPs (e.g., a cell network
and a home wifi network).
The current behaviour complies with RFC 3484/6724, and it
makes sense if the host has only one interface, or has
multiple interfaces on the same network (same or cooperating
administrative domain(s), but not in the multiple distinct
networks case.
For example, if a mobile device has an IPv6 address on an LTE
network and then connects to IPv6-enabled wifi, while the wifi
IPv6 address is undergoing DAD, IPv6 connections will try use
the wifi default route with the LTE IPv6 address, and will get
stuck until they time out.
Also, because optimistic nodes can receive frames, issue
an RTM_NEWADDR as soon as DAD starts (with the IFA_F_OPTIMSTIC
flag appropriately set). A second RTM_NEWADDR is sent if DAD
completes (the address flags have changed), otherwise an
RTM_DELADDR is sent.
Also: add an entry in ip-sysctl.txt for optimistic_dad.
[cherry-pick of net-next
7fd2561e4ebdd070ebba6d3326c4c5b13942323f]
Signed-off-by: Erik Kline <ek@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug:
17769720
Change-Id: Ic7e50781c607e1f3a492d9ce7395946efb95c533
Dmitry Shmidt [Fri, 31 Oct 2014 23:05:46 +0000 (16:05 -0700)]
power: Add check_wakeup_reason() to verify wakeup source irq
Wakeup reason is set before driver resume handlers are called.
It is cleared before driver suspend handlers are called, on
PM_SUSPEND_PREPARE.
Change-Id: I04218c9b0c115a7877e8029c73e6679ff82e0aa4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Ruchi Kandoi [Wed, 29 Oct 2014 17:36:27 +0000 (10:36 -0700)]
power: Adds functionality to log the last suspend abort reason.
Extends the last_resume_reason to log suspend abort reason. The abort
reasons will have "Abort:" appended at the start to distinguish itself
from the resume reason.
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Change-Id: I3207f1844e3d87c706dfc298fb10e1c648814c5f
Ruchi Kandoi [Tue, 21 Oct 2014 20:55:04 +0000 (13:55 -0700)]
cpufreq: Avoid using global variable total_cpus
The change is to compile on kernels where cpufreq stats are compiled as
a module (CONFIG_CPU_FREQ_STAT=m), because total_cpus is not exported for
module use.
Reported-By: Emilio López <elopez93@gmail.com>
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Change-Id: I4f3c74f0fac5e8d9449655b26bf3b407b0fe4290
Ruchi Kandoi [Wed, 15 Oct 2014 00:43:21 +0000 (17:43 -0700)]
power: Avoids bogus error messages for the suspend aborts.
Avoids printing bogus error message "tasks refusing to freeze", in cases
where pending wakeup source caused the suspend abort.
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Change-Id: I913ad290f501b31cd536d039834c8d24c6f16928
Will Deacon [Fri, 27 Jun 2014 16:01:47 +0000 (17:01 +0100)]
ARM: 8087/1: ptrace: reload syscall number after secure_computing() check
On the syscall tracing path, we call out to secure_computing() to allow
seccomp to check the syscall number being attempted. As part of this, a
SIGTRAP may be sent to the tracer and the syscall could be re-written by
a subsequent SET_SYSCALL ptrace request. Unfortunately, this new syscall
is ignored by the current code unless TIF_SYSCALL_TRACE is also set on
the current thread.
This patch slightly reworks the enter path of the syscall tracing code
so that we always reload the syscall number from
current_thread_info()->syscall after the potential ptrace traps.
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Kees Cook [Tue, 10 Jun 2014 22:40:23 +0000 (15:40 -0700)]
ARM: add seccomp syscall
Wires up the new seccomp syscall.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Conflicts:
arch/arm/include/uapi/asm/unistd.h
arch/arm/kernel/calls.S
Signed-off-by: Lee Campbell <leecam@chromium.org>
Lee Campbell [Wed, 8 Oct 2014 21:40:22 +0000 (14:40 -0700)]
seccomp: fix syscall numbers for x86 and x86_64
Correcting syscall numbers for seccomp
Signed-off-by: Lee Campbell <leecam@chromium.org>
Guenter Roeck [Mon, 11 Aug 2014 03:50:30 +0000 (20:50 -0700)]
seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
Current upstream kernel hangs with mips and powerpc targets in
uniprocessor mode if SECCOMP is configured.
Bisect points to commit
dbd952127d11 ("seccomp: introduce writer locking").
Turns out that code such as
BUG_ON(!spin_is_locked(&list_lock));
can not be used in uniprocessor mode because spin_is_locked() always
returns false in this configuration, and that assert_spin_locked()
exists for that very purpose and must be used instead.
Fixes: dbd952127d11 ("seccomp: introduce writer locking")
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Kees Cook [Thu, 5 Jun 2014 07:23:17 +0000 (00:23 -0700)]
seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
Applying restrictive seccomp filter programs to large or diverse
codebases often requires handling threads which may be started early in
the process lifetime (e.g., by code that is linked in). While it is
possible to apply permissive programs prior to process start up, it is
difficult to further restrict the kernel ABI to those threads after that
point.
This change adds a new seccomp syscall flag to SECCOMP_SET_MODE_FILTER for
synchronizing thread group seccomp filters at filter installation time.
When calling seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
filter) an attempt will be made to synchronize all threads in current's
threadgroup to its new seccomp filter program. This is possible iff all
threads are using a filter that is an ancestor to the filter current is
attempting to synchronize to. NULL filters (where the task is running as
SECCOMP_MODE_NONE) are also treated as ancestors allowing threads to be
transitioned into SECCOMP_MODE_FILTER. If prctrl(PR_SET_NO_NEW_PRIVS,
...) has been set on the calling thread, no_new_privs will be set for
all synchronized threads too. On success, 0 is returned. On failure,
the pid of one of the failing threads will be returned and no filters
will have been applied.
The race conditions against another thread are:
- requesting TSYNC (already handled by sighand lock)
- performing a clone (already handled by sighand lock)
- changing its filter (already handled by sighand lock)
- calling exec (handled by cred_guard_mutex)
The clone case is assisted by the fact that new threads will have their
seccomp state duplicated from their parent before appearing on the tasklist.
Holding cred_guard_mutex means that seccomp filters cannot be assigned
while in the middle of another thread's exec (potentially bypassing
no_new_privs or similar). The call to de_thread() may kill threads waiting
for the mutex.
Changes across threads to the filter pointer includes a barrier.
Based on patches by Will Drewry.
Suggested-by: Julien Tinnes <jln@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Kees Cook [Fri, 27 Jun 2014 22:01:35 +0000 (15:01 -0700)]
seccomp: allow mode setting across threads
This changes the mode setting helper to allow threads to change the
seccomp mode from another thread. We must maintain barriers to keep
TIF_SECCOMP synchronized with the rest of the seccomp state.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
kernel/seccomp.c
Kees Cook [Fri, 27 Jun 2014 22:18:48 +0000 (15:18 -0700)]
seccomp: introduce writer locking
Normally, task_struct.seccomp.filter is only ever read or modified by
the task that owns it (current). This property aids in fast access
during system call filtering as read access is lockless.
Updating the pointer from another task, however, opens up race
conditions. To allow cross-thread filter pointer updates, writes to the
seccomp fields are now protected by the sighand spinlock (which is shared
by all threads in the thread group). Read access remains lockless because
pointer updates themselves are atomic. However, writes (or cloning)
often entail additional checking (like maximum instruction counts)
which require locking to perform safely.
In the case of cloning threads, the child is invisible to the system
until it enters the task list. To make sure a child can't be cloned from
a thread and left in a prior state, seccomp duplication is additionally
moved under the sighand lock. Then parent and child are certain have
the same seccomp state when they exit the lock.
Based on patches by Will Drewry and David Drysdale.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
kernel/fork.c
Kees Cook [Fri, 27 Jun 2014 22:16:33 +0000 (15:16 -0700)]
seccomp: split filter prep from check and apply
In preparation for adding seccomp locking, move filter creation away
from where it is checked and applied. This will allow for locking where
no memory allocation is happening. The validation, filter attachment,
and seccomp mode setting can all happen under the future locks.
For extreme defensiveness, I've added a BUG_ON check for the calculated
size of the buffer allocation in case BPF_MAXINSN ever changes, which
shouldn't ever happen. The compiler should actually optimize out this
check since the test above it makes it impossible.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
kernel/seccomp.c
Kees Cook [Wed, 21 May 2014 22:23:46 +0000 (15:23 -0700)]
sched: move no_new_privs into new atomic flags
Since seccomp transitions between threads requires updates to the
no_new_privs flag to be atomic, the flag must be part of an atomic flag
set. This moves the nnp flag into a separate task field, and introduces
accessors.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
kernel/sys.c
Kees Cook [Wed, 25 Jun 2014 23:08:24 +0000 (16:08 -0700)]
seccomp: add "seccomp" syscall
This adds the new "seccomp" syscall with both an "operation" and "flags"
parameter for future expansion. The third argument is a pointer value,
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).
In addition to the TSYNC flag later in this patch series, there is a
non-zero chance that this syscall could be used for configuring a fixed
argument area for seccomp-tracer-aware processes to pass syscall arguments
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
for this syscall. Additionally, this syscall uses operation, flags,
and user pointer for arguments because strictly passing arguments via
a user pointer would mean seccomp itself would be unable to trivially
filter the seccomp syscall itself.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
arch/x86/syscalls/syscall_32.tbl
arch/x86/syscalls/syscall_64.tbl
include/uapi/asm-generic/unistd.h
kernel/seccomp.c
And fixup of unistd32.h to truly enable sys_secomp.
Change-Id: I95bea02382c52007d22e5e9dc563c7d055c2c83f
Kees Cook [Wed, 25 Jun 2014 22:55:25 +0000 (15:55 -0700)]
seccomp: split mode setting routines
Separates the two mode setting paths to make things more readable with
fewer #ifdefs within function bodies.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Kees Cook [Wed, 25 Jun 2014 22:38:02 +0000 (15:38 -0700)]
seccomp: extract check/assign mode helpers
To support splitting mode 1 from mode 2, extract the mode checking and
assignment logic into common functions.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Kees Cook [Wed, 21 May 2014 22:02:11 +0000 (15:02 -0700)]
seccomp: create internal mode-setting function
In preparation for having other callers of the seccomp mode setting
logic, split the prctl entry point away from the core logic that performs
seccomp mode setting.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>