In an issue very similar to 4e461c777e3 (xt_qtaguid: Fix panic
caused by synack processing), we were seeing panics on occasion
in testing.
In this case, it was the same issue, but caused by a different
call path, as the sk being returned from qtaguid_find_sk() was
not a full socket. Resulting in the sk->sk_socket deref to fail.
This patch adds an extra check to ensure the sk being retuned
is a full socket, and if not it returns NULL.
Reported-by: Milosz Wasilewski <milosz.wasilewski@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
This change allows to use same kernel image with
different console options for uart and fiq_debugger.
If fiq_debugger.disable will be set to 1/y/Y,
fiq_debugger will not be initialized.
Change-Id: I71fda54f5f863d13b1437b1f909e52dd375d002d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
When you configure (set it up) a STA interface, the driver
install a multicast filter. This is normal behavior, when
one application subscribe to multicast address the filter
is updated. When Access Point interface is configured, there
is no filter installation and the "filter update" path is
disabled in the driver.
The problem happens when you switch an interface from STA
type to AP type. The filter is installed but there are no
means to update it.
Change-Id: Ied22323af831575303abd548574918baa9852dd0
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
fiq_debugger is taking over uart, so it is necessary to disable
original uart in DT file. It can be done manually or by overlay.
Change-Id: I9f50ec15b0e22e602d73b9f745fc8666f8925d09
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If CONFIG_DUAL_ROLE_USB_INTF is disabled but the exported functions
are referenced, the build will result in warnings such as:
In file included from include/linux/usb/class-dual-role.h:112:13:
warning: ‘dual_role_instance_changed’ defined but not used
[-Wunused-function]
These stub functions should be static inline.
Change-Id: I5a9ef58dca32306fac5a4c7f28cdaa36fa8ae078
Signed-off-by: Jack Pham <jackp@codeaurora.org>
(cherry picked from commit 2d152dbb0743526b21d6bbefe097f874c027f860)
(cherry picked from commit 8ad66cafaa10e6ba94ff79a8dbc2cc437c6bfe93)
In upstream commit ca6fb06518836ef9b65dc0aac02ff97704d52a05
(tcp: attach SYNACK messages to request sockets instead of
listener)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6fb0651883
The building of synack messages was changed, which made it so
the skb->sk points to a casted request_sock. This is problematic,
as there is no sk_socket in a request_sock. So when the qtaguid_mt
function tries to access the sk->sk_socket, it accesses uninitialized
memory.
After looking at how other netfilter implementations handle this,
I realized there was a skb_to_full_sk() helper added, which the
xt_qtaguid code isn't yet using.
This patch adds its use, and resovles panics seen when accessing
uninitialzed memory when processing synack packets.
Reported-by: YongQin Liu <yongquin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Allows FUSE to report to inotify that it is acting
as a layered filesystem. The userspace component
returns a string representing the location of the
underlying file. If the string cannot be resolved
into a path, the top level path is returned instead.
bug: 23904372
Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Update seq_printf() usage in xt_qtaguid to align
with changes from mainline commit 6798a8caaf64
"fs/seq_file: convert int seq_vprint/seq_printf/etc...
returns to void".
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
When CONFIG_MMC_SIMULATE_MAX_SPEED is enabled, Expose max_read_speed,
max_write_speed and cache_size default module parameters and sysfs
controls to simulate a slow eMMC device. Default values are 0 (off),
0 (off) and 4 MB respectively.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26976972
Change-Id: I342bfbd8b85f9b790e3f0e1e4e51a900ae07e05d
Add a sysfs entry that allows user space to determine whether dm-verity
has come across correctable errors on the underlying block device.
Bug: 22655252
Bug: 27928374
Change-Id: I80547a2aa944af2fb9ffde002650482877ade31b
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 7911fad5f0a2cf5afc2215657219a21e6630e001)
The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.
ERROR: "do_munmap" undefined!
Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.
ERROR: "d_absolute_path" undefined!
Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
CONFIG_SDCARD_FS_CI_SEARCH only guards a define for
LOOKUP_CASE_INSENSITIVE, which is never used in the
kernel. Remove both, along with the option matching
that supports it.
Change-Id: I363a8f31de8ee7a7a934d75300cc9ba8176e2edf
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Patch "vfs: add d_canonical_path for stacked filesystem support"
erroneously updated the ALL_INOTIFY_BITS count. This changes it back
Change-Id: Idb04edc736da276159d30f04c40cff9d6b1e070f
Attempts to build sdcardfs as module fail with
fs/sdcardfs/lookup.c: In function '__sdcardfs_lookup':
fs/sdcardfs/lookup.c:243:5: error: 'LOOKUP_CASE_INSENSITIVE' undeclared
This occurs because the define is enclosed with #ifdef
CONFIG_SDCARD_FS_CI_SEARCH. If SDCARD_FS_CI_SEARCH is configured to be
built as module, this does not work. Alternatives would be to use #if
IS_ENABLED(CONFIG_SDCARD_FS_CI_SEARCH), or to declare SDCARD_FS_CI_SEARCH
as bool, but that does not work because the define is used unconditionally
in the source.
Note that LOOKUP_CASE_INSENSITIVE is only set but not evaluated in the
current source code, so setting the flag has no real effect.
Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Inotify does not currently know when a filesystem
is acting as a wrapper around another fs. This means
that inotify watchers will miss any modifications to
the base file, as well as any made in a separate
stacked fs that points to the same file.
d_canonical_path solves this problem by allowing the fs
to map a dentry to a path in the lower fs. Inotify
can use it to find the appropriate place to watch to
be informed of all changes to a file.
Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
In M, the workings of sdcardfs were changed significantly.
This brings sdcardfs into line with the changes.
Change-Id: I10e91a84a884c838feef7aa26c0a2b21f02e052e
Fixed existing type-casting in packagelist management code. All
warnings at compile time were taken care of.
Change-Id: I1ea97786d1d1325f31b9f09ae966af1f896a2af5
Signed-off-by: Daniel Campello <campello@google.com>
Only included the source code as is for kernel 3.0. Following patches
take care of porting this file system to version 3.10.
Change-Id: I09e76db77cd98a059053ba5b6fd88572a4b75b5b
Signed-off-by: Daniel Campello <campello@google.com>
Windows requires OS specific descriptors for automatic
install of drivers for MTP devices.
https://msdn.microsoft.com/en-us/library/windows/
hardware/gg463179.aspx
BUG=24583401
BUG=chrome-os-partner:43409
Change-Id: I9397072ca3d183efbc9571c6cde3790f10d8851e
Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Reviewed-on: https://chromium-review.googlesource.com/304346
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
After this upstream commit: 3c86726cfe38952f0366f86acfbbb025813ec1c2,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.
BUG=chrome-os-partner:49140
TEST=none
Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>
When userspace unbinds gadget functions through configfs, the
.free_func() callback is always invoked. (in config_usb_cfg_unlink())
Implement it as a no-op to avoid the following crash:
[ 68.125679] configfs-gadget gadget: unbind function 'accessory'/ffffffc0720bf000
[ 68.133202] configfs-gadget gadget: unbind function 'audio_source'/ffffffc0012ca3c0
[ 68.142668] tegra-xudc 700d0000.usb-device: ep 0 disabled
[ 68.148186] Bad mode in Synchronous Abort handler detected, code 0x86000006
[ 68.155144] CPU: 2 PID: 1 Comm: init Tainted: G U W 3.18.0-09419-g87296c3-dirty #561
[ 68.163743] Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
[ 68.169566] task: ffffffc0bc8d0000 ti: ffffffc0bc8bc000 task.ti: ffffffc0bc8bc000
[ 68.177039] PC is at 0x0
[ 68.179577] LR is at usb_put_function+0x14/0x1c
....
BUG=chrome-os-partner:49140
TEST="setprop sys.usb.config accessory,audio_source" on A44 and then
switch back to default: "setprop sys.usb.config mtp,adb", no crash will
be seen.
Change-Id: I5b6141964aab861e86e3afb139ded02d4d122dab
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321013
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>
wBytesPerInterval in SuperSpeed Endpoint Companion Descriptor needs
to be set large enough to reserve enough bus time for associated
periodic endpoint.
Originally, wBytesPerInterval for mtp's interrupt IN endpoint is set
to 2 and its single interrupt transfer will be split into many 2 bytes
interrupt transfers. So, we change wBytesPerInterval to INTR_BUFFER_SIZE
to ensure interrupt transfer will not be split.
BUG=none
TEST=Smaug works as a MTP device
Change-Id: I49c0df892b2d9e0193a684eef23f73664ced9f91
Signed-off-by: Henry Lin <henryl@nvidia.com>
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/299091
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>
Add SuperSpeed endpoint and companion descriptors.
BUG=chrome-os-partner:43682
TEST=Smaug enumerates as a SuperSpeed device.
Change-Id: I2bf3125d180fcb07222a5740fa67f3526cf3e95c
Signed-off-by: Hui Fu <hfu@nvidia.com>
Signed-off-by: Henry Lin <henryl@nvidia.com>
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/294950
The API to log the suspend reason was introduced with commit 57caa2ad5ce3
("power: Adds functionality to log the last suspend abort reason.").
It is called from functions enabled with PM_SLEEP and from functions
enabled with SUSPEND, but only available if SUSPEND is enabled.
This can result in build failures such as the following if PM_SLEEP
is enabled, but SUSPEND is not.
kernel/built-in.o: In function `try_to_freeze_tasks':
process.c:(.text+0x30928): undefined reference to `log_suspend_abort_reason'
drivers/built-in.o: In function `syscore_suspend':
(.text+0x6e250): undefined reference to `log_suspend_abort_reason'
drivers/built-in.o: In function `__device_suspend':
main.c:(.text+0x7a528): undefined reference to `log_suspend_abort_reason'
Fixes: 57caa2ad5ce3 ("power: Adds functionality to log the last suspend abort reason.")
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Commit 1eff8f99f9f9 ("PM / Suspend: Print wall time at suspend entry and
exit") calls rtc_time_to_tm(), which in turn calls rtc_time64_to_tm().
Since RTC_LIB is not mandatory for all architetures, this can result in
the following build error.
suspend.c:(.text+0x2f36c): undefined reference to `rtc_time64_to_tm'
rtc_time64_to_tm() is implemented in rtc-lib, so SUSPEND now needs to
select RTC_LIB.
Fixes: 1eff8f99f9f9 ("PM / Suspend: Print wall time at suspend entry and exit")
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Commit 1af89c1ef3b6 ("Hack: net: PPPoPNS and PPPoLAC build fixes for 4.1")
fixed the build for PPPoPNS and PPPoLAC by re-introducing a field in
struct msghdr which was removed upstream. Re-introducing the field doesn't
get it used, so it is quite likely that the code never worked. Fix it up for
good.
Fixes: 1af89c1ef3b6 ("Hack: net: PPPoPNS and PPPoLAC build fixes for 4.1")
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Since sdio_reset_comm() re-initializes the SDIO card, disable retuning
before idling and shutting down the card. Tuning will be re-enabled (if
necessary) in mmc_sdio_init_card().
BUG=chrome-os-partner:46444
TEST=With CL:311815, toggle WiFi on/off on Smaug and observe that the
WiFi card comes back up and is able to tune successfully.
Change-Id: Ib4a5cfd4d75fc9e3ed7bb3f1e2ffd30de16c5d28
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/311797
Reviewed-by: Derek Basehore <dbasehore@chromium.org>
[briannorris: brought from Chromium kernel in 3.18 -> 4.4 rebase]
Signed-off-by: Brian Norris <briannorris@google.com>
The 'bCount' field is u8. Noticed by this warning:
drivers/usb/gadget/function/f_mtp.c:264:3: warning: large integer implicitly truncated to unsigned type [-Woverflow]
Change-Id: Ie82dfd1a8986ecd3acf143e41c46822f0d1aca4f
Signed-off-by: Brian Norris <briannorris@google.com>
(cherry picked from commit 011e507b413393eab8279dac8b778ad9b6e9971b)
Running mmcqd as a prio 120 thread forces it to compete with standard
user processes for IO performance, especially when the system is under
severe CPU load. Move it to a SCHED_FIFO thread to reduce the impact of
load on IO performance.
Signed-off-by: Tim Murray <timmurray@google.com>
Bug: 25392275
Change-Id: I1edfe73baa25e181367c30c1f40fee886e92b60d
Few Android drivers e.g. uid_cputime, keyreset/combo
fail to build as kernel modules. Instead of fixing the
build lets make these drivers non-modular (switch config
to "bool" from "tristate" in Kconfig) since Android doesn't
support building kernel modules anyway.
Change-Id: I50c66228c38c8b7c221ec7d6773fcb59bd201be9
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Check if the len is not greater than maximum to prevent buffer overflow.
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Change-Id: I575b0a72bb5448b68353408d71fa8b83420c9088
Avoid waking up every thread sleeping in an epoll_wait call during
suspend and resume by calling a freezable blocking call. Previous
patches modified the freezer to avoid sending wakeups to threads
that are blocked in freezable blocking calls.
This call was selected to be converted to a freezable call because
it doesn't hold any locks or release any resources when interrupted
that might be needed by another freezing task or a kernel driver
during suspend, and is a common site where idle userspace tasks are
blocked.
Change-Id: I848d08d28c89302fd42bbbdfa76489a474ab27bf
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
adb reboot calls /proc/sysrq-trigger to force an emergency remount (ro) of all
mounted disks. This is executed in the order of the time the mount was originally
done. Because we have a test system which loop mount images from an extra
partition, we see errors cause the loop mounted partitions gets remounted after
this physical partition was set to read only already.
Fix this by reversing the order of the emergency remount. This will remount the
disk first which have been mounted last.
So instead of remounting in this order:
/dev/sda1
/dev/loop1
/dev/loop2
we now remount in this order:
/dev/loop2
/dev/loop1
/dev/sda1
Change-Id: I68fe7e16cc9400ab5278877af70c9ea1d9b57936
Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>
AOSP commit b13ce9f4aa6f "ARM64: add option to build
Image.gz/dtb combo" broke archclean / mrproper build
targets and we run into:
----------
./scripts/Makefile.clean:14: arch/arm64/boot/amd/Makefile: No such file or directory
make[2]: *** No rule to make target `arch/arm64/boot/amd/Makefile'. Stop.
make[1]: *** [arch/arm64/boot/amd] Error 2
make: *** [archclean] Error 2
----------
This patch skip the missing Kbuild/Makefile reporting
error. It does the job (i.e cleanup dts/*/*.dtb and
do not spit out missing file error messages as well).
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Make modinst_dir user-defined on the command line.
This allows to do things like:
make MODLIB=output/ modinst_dir=. modules_install
to ensure all the .ko are in the output/ directory.
Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151
Signed-off-by: Rom Lemarchand <romlem@android.com>
* What
This provides an interface for issuing an FITRIM which uses the
secure discard instead of just a discard.
Only the eMMC command is "secure", and not how the FS uses it:
due to the fact that the FS might reassign a region somewhere else,
the original deleted data will not be affected by the "trim" which only
handles un-used regions.
So we'll just call it "deep discard", and note that this is a
"best effort" cleanup.
* Why
Once in a while, We want to be able to cleanup most of the unused blocks
after erasing a bunch of files.
We don't want to constantly secure-discard via a mount option.
From an eMMC spec perspective, it tells the device to really get rid of
all the data for the specified blocks and not just put them back into the
pool of free ones (unlike the normal TRIM). The eMMC spec says the
secure trim handling must make sure the data (and metadata) is not available
anymore. A simple TRIM doesn't clear the data, it just puts blocks in the
free pool.
JEDEC Standard No. 84-A441
7.6.9 Secure Erase
7.6.10 Secure Trim
From an FS perspective, it is acceptable to leave some data behind.
- directory entries related to deleted files
- databases entries related to deleted files
- small-file data stored in inode extents
- blocks held by the FS waiting to be re-used (mitigated by sync).
- blocks reassigned by the FS prior to FIDTRIM.
Change-Id: I676a1404a80130d93930c84898360f2e6fb2f81e
Signed-off-by: Geremy Condra <gcondra@google.com>
Signed-off-by: JP Abgrall <jpa@google.com>
Replace bcd2bin and bin2bcd with one that maps years 1970 to 2129
in a pattern that works with the underlying hardware.
The only transition that does not work correctly for this rtc clock
is the transition from 2099 to 2100, it proceeds to 2000. The rtc
clock retains and transitions the year correctly in all other
circumstances.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26346842
Change-Id: Ie527700190b1ae4b4bc3c12279d875aa5985b168
Place SLPZ pin in sleep state at system suspend time if a GPIO is
provided by board platform data.
Change-Id: I93c61fa0ae474e968e0f909209c9bfcaafe3dd2c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Suspend attempts can abort when the FUSE daemon is already frozen
and a client is waiting uninterruptibly for a response, causing
freezing of tasks to fail.
Use the freeze-friendly wait API, but disregard other signals.
Change-Id: Icefb7e4bbc718ccb76bf3c04daaa5eeea7e0e63c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Add wake_peer which is called before starting UART TX. The idea here
is to provide a mechanism where we can wakeup our peer before sending
data.
Change-Id: I42e0779b635f64ca99184b45d5b028de80197491
Signed-off-by: San Mehat <san@google.com>
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
