sock_i_uid() acquires the sk_callback_lock which does not exist for
sockets in TCP_NEW_SYN_RECV state. This results in errors showing up
as spinlock bad magic. Fix this by looking for the full sock as
suggested by Eric.
Callstack for reference -
-003|rwlock_bug
-004|arch_read_lock
-004|do_raw_read_lock
-005|raw_read_lock_bh
-006|sock_i_uid
-007|from_kuid_munged(inline)
-007|reset_timer
-008|idletimer_tg_target
-009|ipt_do_table
-010|iptable_mangle_hook
-011|nf_iterate
-012|nf_hook_slow
-013|NF_HOOK_COND(inline)
-013|ip_output
-014|ip_local_out
-015|ip_build_and_send_pkt
-016|tcp_v4_send_synack
-017|atomic_sub_return(inline)
-017|reqsk_put(inline)
-017|tcp_conn_request
-018|tcp_v4_conn_request
-019|tcp_rcv_state_process
-020|tcp_v4_do_rcv
-021|tcp_v4_rcv
-022|ip_local_deliver_finish
-023|NF_HOOK_THRESH(inline)
-023|NF_HOOK(inline)
-023|ip_local_deliver
-024|ip_rcv_finish
-025|NF_HOOK_THRESH(inline)
-025|NF_HOOK(inline)
-025|ip_rcv
-026|deliver_skb(inline)
-026|deliver_ptype_list_skb(inline)
-026|__netif_receive_skb_core
-027|__netif_receive_skb
-028|netif_receive_skb_internal
-029|netif_receive_skb
Change-Id: Ic8f3a3d2d7af31434d1163b03971994e2125d552
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Eric Dumazet <edumazet@google.com>
Andoid files frequently have spaces in them, as do cmdline strings.
Replace these spaces with '_', so tools that parse these tracepoints
don't get terribly confused.
Change-Id: I1cbbedf5c803aa6a58d9b8b7836e9125683c49d1
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
(cherry picked from commit 5035d5f0933758dd515327d038e5bef7e40dbaa7)
(cherry picked from commit 6f4a2453a14bae428dd10ba3bb9c15dccfc9eb8d)
schedule_work(&timer->work) appears to be called after
cancel_work_sync(&info->timer->work) is completed.
Work can be scheduled from the PM_POST_SUSPEND notification event
even after cancel_work_sync is called.
Call stack
-004|notify_netlink_uevent(
| [X19] timer = 0xFFFFFFC0A5DFC780 -> (
| ...
| [NSD:0xFFFFFFC0A5DFC800] kobj = 0x6B6B6B6B6B6B6B6B,
| [NSD:0xFFFFFFC0A5DFC868] timeout = 0x6B6B6B6B,
| [NSD:0xFFFFFFC0A5DFC86C] refcnt = 0x6B6B6B6B,
| [NSD:0xFFFFFFC0A5DFC870] work_pending = 0x6B,
| [NSD:0xFFFFFFC0A5DFC871] send_nl_msg = 0x6B,
| [NSD:0xFFFFFFC0A5DFC872] active = 0x6B,
| [NSD:0xFFFFFFC0A5DFC874] uid = 0x6B6B6B6B,
| [NSD:0xFFFFFFC0A5DFC878] suspend_time_valid = 0x6B))
-005|idletimer_tg_work(
-006|__read_once_size(inline)
-006|static_key_count(inline)
-006|static_key_false(inline)
-006|trace_workqueue_execute_end(inline)
-006|process_one_work(
-007|worker_thread(
-008|kthread(
-009|ret_from_fork(asm)
---|end of frame
Force any pending idletimer_tg_work() to complete before freeing
the associated work struct and after unregistering to the pm_notifier
callback.
Change-Id: I4c5f0a1c142f7d698c092cf7bcafdb0f9fbaa9c1
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
If table_make_digest() fails, verify_verity_signature() would try to
pass the returned ERR_PTR() to kfree().
This fixes the smatch error:
drivers/md/dm-android-verity.c:601 verify_verity_signature() error: 'pks' dereferencing possible ERR_PTR()
Change-Id: I9b9b7764b538cb4a5f94337660e9b0f149b139be
Signed-off-by: Greg Hackmann <ghackmann@google.com>
When performing orphan cleanup on mount, ext4 may truncate pages.
Truncation as currently implemented may require the encryption key for
partial zeroing, and the key isn't necessarily available on mount.
Since the userspace tools don't perform the partial zeroing operation
anyway, let's just skip doing that in the kernel.
This patch fixes a BUG_ON() oops.
Bug: 35209576
Change-Id: I2527a3f8d2c57d2de5df03fda69ee397f76095d7
Signed-off-by: Michael Halcrow <mhalcrow@google.com>
Refactor the fs readpage/write tracepoints to move the
inode->path lookup outside the tracepoint code, and pass a pointer
to the path into the tracepoint code instead. This is necessary
because the tracepoint code runs non-preemptible. Thanks to
Trilok Soni for catching this in 4.4.
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
We never use the 64 anyway.
Should fix compile warning.
Change-Id: I384155cc24e0a259d7d3898f310fc33154991311
Signed-off-by: Lingfeng Yang <lfy@google.com>
goldfish_sync requires the following modifications
to bring it up:
- Copy and integrate goldfish_sync version of
sw_sync, from out of dma-buf driver.
- Don't delete timelines by itself; rely on put
Change-Id: Ie88d506955dbf5c8532281f122471dc7b1c0bccb
Signed-off-by: Lingfeng Yang <lfy@google.com>
Remove unused variable "ifindex" in rt6_get_route_info().
"ifindex" is not used anymore, dev->ifindex is used directly instead.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
https://lkml.org/lkml/2016/9/14/208
Interactive governor has lived in Android sources for a very long time
and this commit is based on the code present in following branch:
https://android.googlesource.com/kernel/common android-4.4
The Interactive governor is designed for latency-sensitive workloads,
such as interactive user interfaces like the mobile phones and tablets.
The interactive governor aims to be significantly more responsive to
ramp CPU quickly up when CPU-intensive activity begins.
Existing governors sample CPU load at a particular rate, typically every
X ms and then update the frequency from a work-handler. This can lead
to under-powering UI threads for the period of time during which the
user begins interacting with a previously-idle system until the next
sample period happens.
The 'interactive' governor uses a different approach.
A real-time thread is used for scaling up, giving the remaining tasks
the CPU performance benefit, unlike existing governors which are more
likely to schedule ramp-up work to occur after your performance starved
tasks have completed.
The Android version of interactive governor also checks whether to scale
the CPU frequency up soon after coming out of idle. When the CPU comes
out of idle, the governor check if the CPU sampling is overdue or not.
If yes, it immediately starts the sampling. Otherwise, the utilization
hooks from the scheduler handle the sampling later. If the CPU is very
busy from exiting idle to when the evaluation happens, then it assumes
that the CPU is under-powered and ramps it to MAX speed.
If the CPU was not sufficiently busy to immediately ramp to MAX speed,
then the governor evaluates the CPU load since the last speed
adjustment, choosing the highest value between that longer-term load or
the short-term load since idle exit to determine the CPU speed to ramp
to.
Idle notifiers will be be handled later and are not included for now.
The core of this code is written and maintained (in Android
repositories) by Mike Chan and Todd Poyner over a long period of time.
Vireshk has made changes to to the governor to align it with the current
practices followed with mainline governors, like using utilization hooks
from the scheduler and handling kobject (for governor's sysfs directory)
in a race free manner. And of course this included general cleanup of
the governor as well.
Signed-off-by: Mike Chan <mike@android.com>
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Change-Id: Ib5e8d1dab0fa3cc5ba79b7a554c8dde35435cbdb
[AmitP: Cherry-picked this version from
https://git.kernel.org/cgit/linux/kernel/git/vireshk/pm.git/log/?h=cpufreq/interactive-idle-notifier.
Also refactored and folded https://lkml.org/lkml/2016/9/14/209
patch into this unified patch.]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Eliminate the offset argument to sdcardfs_direct_IO() which is dropped
by upstream commit c8b8e32d700f ("direct-io: eliminate the offset
argument to ->direct_IO"), otherwise we run into following build error:
CC [M] fs/sdcardfs/mmap.o
fs/sdcardfs/mmap.c:76:15: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
.direct_IO = sdcardfs_direct_IO,
^
fs/sdcardfs/mmap.c:76:15: note: (near initialization for ‘sdcardfs_aops.direct_IO’)
Change-Id: I292d93bb16365a9fa46494accb2b5da51028b5c1
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Since commit 2773bf00aeb9 ("fs: rename "rename2" i_op to "rename""),
syscall rename2 is merged with rename syscall and it broke sdcard_fs
build and we get following build error:
CC [M] fs/sdcardfs/inode.o
fs/sdcardfs/inode.c:786:13: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
.rename = sdcardfs_rename,
^
fs/sdcardfs/inode.c:786:13: note: (near initialization for ‘sdcardfs_dir_iops.rename’)
renameat2 syscall is the same as renameat with an added flags argument
and calling renameat2 with flags=0 is equivalent to calling renameat.
Change-Id: I48f3c76c3af481241188253a76f310670de6bd18
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Since commit 31051c85b5e2 ("fs: Give dentry to inode_change_ok()
instead of inode"), to avoid clearing of capabilities or security
related extended attributes too early, inode_change_ok() will
need to take dentry instead of inode. Propagate it down to
sdcardfs_setattr() and also rename it to setattr_prepare(),
otherwise we run into following build error:
CC [M] fs/sdcardfs/inode.o
fs/sdcardfs/inode.c: In function ‘sdcardfs_setattr’:
fs/sdcardfs/inode.c:644:8: error: implicit declaration of function ‘inode_change_ok’ [-Werror=implicit-function-declaration]
err = inode_change_ok(inode, ia);
^
Change-Id: I714b4f4f68b7fea1ac82a71d2f323c76b11fa008
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
->d_compare() doesn't get parent as a separate argument anymore
according to upstream commit 6fa67e707559 ("get rid of 'parent'
argument of ->d_compare()").
We run into following build error otherwise:
CC [M] fs/sdcardfs/dentry.o
fs/sdcardfs/dentry.c:183:15: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
.d_compare = sdcardfs_cmp_ci,
^
fs/sdcardfs/dentry.c:183:15: note: (near initialization for ‘sdcardfs_ci_dops.d_compare’)
Change-Id: I51801b57aeb8287f1e69ce6cb944e8722ff37bea
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Fix following sdcardfs compilation error introduced in code
refactoring by upstream commit 8387ff2577eb ("vfs: make the
string hashes salt the hash").
CC [M] fs/sdcardfs/dentry.o
In file included from ./include/linux/dcache.h:13:0,
from fs/sdcardfs/sdcardfs.h:29,
from fs/sdcardfs/dentry.c:21:
fs/sdcardfs/dentry.c: In function ‘sdcardfs_hash_ci’:
./include/linux/stringhash.h:38:51: error: expected expression before ‘)’ token
#define init_name_hash(salt) (unsigned long)(salt)
^
fs/sdcardfs/dentry.c:138:9: note: in expansion of macro ‘init_name_hash’
hash = init_name_hash();
^
Change-Id: I9feb6c075a7e953726954f5746fc009202d3121c
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Use inode_{lock,unlock,lock_nested} wrappers as suggested by upstream
commit 5955102c9984 (wrappers for ->i_mutex access) for access to
->i_mutex, otherwise we run into following build error:
CC [M] fs/sdcardfs/dentry.o
In file included from fs/sdcardfs/dentry.c:21:0:
fs/sdcardfs/sdcardfs.h: In function ‘lock_parent’:
fs/sdcardfs/sdcardfs.h:422:33: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_lock_nested(&d_inode(dir)->i_mutex, I_MUTEX_PARENT);
^
fs/sdcardfs/sdcardfs.h: In function ‘unlock_dir’:
fs/sdcardfs/sdcardfs.h:428:28: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_unlock(&d_inode(dir)->i_mutex);
^
In file included from ./include/linux/fs.h:19:0,
from fs/sdcardfs/sdcardfs.h:31,
from fs/sdcardfs/dentry.c:21:
fs/sdcardfs/sdcardfs.h: In function ‘prepare_dir’:
fs/sdcardfs/sdcardfs.h:457:27: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_lock(&d_inode(dent)->i_mutex);
^
./include/linux/mutex.h:146:44: note: in definition of macro ‘mutex_lock’
#define mutex_lock(lock) mutex_lock_nested(lock, 0)
^
In file included from fs/sdcardfs/dentry.c:21:0:
fs/sdcardfs/sdcardfs.h:459:29: error: ‘struct inode’ has no member named‘i_mutex’
mutex_unlock(&d_inode(dent)->i_mutex);
^
fs/sdcardfs/sdcardfs.h:466:38: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_unlock(&d_inode(parent.dentry)->i_mutex);
^
Change-Id: I4c8298045ac511aba5542d9ca967331f550376a5
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
propagate_remount was not accounting for the slave mounts
of other slave mounts, leading to some namespaces not
recieving the remount information.
bug:33731928
Change-Id: Idc9e8c2ed126a4143229fc23f10a959c2d0a3854
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Don't use lookup_one_len so we can grab the spinlock that
protects d_subdirs.
Bug: 30954918
Change-Id: I0c6a393252db7beb467e0d563739a3a14e1b5115
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Sdcardfs uses the same magic value as wrapfs.
This should not be the case. As it is entirely
in memory, the value can be changed without any
loss of compatibility.
Change-Id: I24200b805d5e6d32702638be99e47d50d7f2f746
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This switches sdcardfs over to using permission2.
Instead of mounting several sdcardfs instances onto
the same underlaying directory, you bind mount a
single mount several times, and remount with the
options you want. These are stored in the private
mount data, allowing you to maintain the same tree,
but have different permissions for different mount
points.
Warning functions have been added for permission,
as it should never be called, and the correct
behavior is unclear.
Change-Id: I841b1d70ec60cf2b866fa48edeb74a0b0f8334f5
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Adds support for mount2, remount2, and the functions
to allocate/clone/copy the private data
The next patch will switch over to actually using it.
Change-Id: I8a43da26021d33401f655f0b2784ead161c575e3
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.
Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This allows filesystems to use their mount private data to
influence the permssions they use in setattr2. It has
been separated into a new call to avoid disrupting current
setattr users.
Change-Id: I19959038309284448f1b7f232d579674ef546385
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Now we pass the vfsmount when mounting and remounting.
This allows the filesystem to actually set up the mount
specific data, although we can't quite do anything with
it yet. show_options is expanded to include data that
lives with the mount.
To avoid changing existing filesystems, these have
been added as new vfs functions.
Change-Id: If80670bfad9f287abb8ac22457e1b034c9697097
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This starts to add private data associated directly
to mount points. The intent is to give filesystems
a sense of where they have come from, as a means of
letting a filesystem take different actions based on
this information.
Change-Id: Ie769d7b3bb2f5972afe05c1bf16cf88c91647ab2
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This removes a deadlock under low memory conditions.
filp_open can call lookup_slow, which will attempt to
lock the parent.
Change-Id: I940643d0793f5051d1e79a56f4da2fa8ca3d8ff7
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Adding packages to the package list and moving files
takes a large amount of locks, and is currently a
heavy operation. This adds a 'top' field to the
inode_info, which points to the inode for the top
most directory whose owner you would like to match.
On permission checks and get_attr, we look up the
owner based on the information at top. When we change
a package mapping, we need only modify the information
in the corresponding top inode_info's. When renaming,
we must ensure top is set correctly in all children.
This happens when an app specific folder gets moved
outside of the folder for that app.
Change-Id: Ib749c60b568e9a45a46f8ceed985c1338246ec6c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This fixes a bug where the first lookup of a
file or folder created under a different view
would not be case insensitive. It will now
search through for a case insensitive match
if the initial lookup fails.
Bug:28024488
Change-Id: I4ff9ce297b9f2f9864b47540e740fd491c545229
Signed-off-by: Daniel Rosenberg <drosen@google.com>
The mode on files created on the lower fs should
not be affected by the umask of the calling
task's fs_struct. Instead, we create a copy
and modify it as needed. This also lets us avoid
the string shenanigans around .nomedia files.
Bug: 27992761
Change-Id: Ia3a6e56c24c6e19b3b01c1827e46403bb71c2f4c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Enable qcom's memory state tracking driver config
CONFIG_MEMORY_STATE_TIME in android-recommended.config
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Enabled UID_CPUTIME and dependent PROFILING config option.
UID_CPUTIME (/proc/uid_cputime) interfaces provide amount of time a
UID's processes spent executing in user-space and kernel-space. It is
used by batterystats service.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Add:
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
to android-base.cfg
The kernel.perf_event_paranoid sysctl is set to 3 by default.
No unprivileged use of the perf_event_open syscall will be
permitted unless it is changed.
Bug: 29054680
Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Now that Android is moving towards ConfigFS based USB gadgets,
lets enable USB_CONFIGFS and relevant Android gadget functions
instead of obsolete USB_G_ANDROID composite driver which doesn't
exist now.
Enabled following ConfigFS gadget functions:
F_FS for ADB
F_MTP/PTP for MTP/PTP
F_ACC for Android USB Accessory
F_AUDIO_SRC for USB Audio Source
F_MIDI for MIDI, and
CONFIGFS_UEVENT for communicating USB state change notifications to userspace.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Upstream now supports AOSP kernel config fragments:
commit 27eb6622ab67 ("config: add android config fragments").
This patch merge non-upstream AOSP config fragments from
android/configs/android-* of common kernel experimental/android-4.9
to kernel/configs/android-*.
Added initial set of AOSP config fragments and a README.android,
from AOSP Change-ID: I3a4883f3b04d2820e90ceb3c4d02390d6458d6ce
("android: configs: Initial commit of Android config fragments"),
to explain the purpose of Android config fragments and how to use
them to generate a device config compatible with Android.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
New driver memory_state_time tracks time spent in different DDR
frequency and bandwidth states.
Memory drivers such as qcom,cpubw can post updated state to the driver
after registering a callback. Processed by a workqueue
Bandwidth buckets are read in from device tree in the relevant qualcomm
section, can be defined in any quantity and spacing.
The data is exposed at /sys/kernel/memory_state_time, able to be read by
the Android framework.
Functionality is behind a config option CONFIG_MEMORY_STATE_TIME
Change-Id: I4fee165571cb975fb9eacbc9aada5e6d7dd748f0
Signed-off-by: James Carr <carrja@google.com>
