git.osdn.net Git - sagit-ice-cold/kernel_xiaomi

ANDROID: dm verity fec: initialize recursion level

Explicitly initialize recursion level to zero at the beginning of each
I/O operation.

Bug: 28943429
Change-Id: I00c612be2b8c22dd5afb65a739551df91cb324fc
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 32ffb3a22d7fd269b2961323478ece92c06a8334)

ANDROID: dm verity fec: fix RS block calculation

A call to do_div was changed in Linux 4.5 to div64_u64 in
verity_fec_decode, which broke RS block calculation due to
incompatible semantics. This change fixes the computation.

Bug: 21893453
Change-Id: Idb88b901e0209c2cccc9c0796689f780592d58f9
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 879aac93eebcc2862d71afa9eca3a0c0f51b3b01)

ANDROID: dm verity fec: add missing release from fec_ktype

Add a release function to allow destroying the dm-verity device.

Bug: 27928374
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Change-Id: Ic0f7c17e4889c5580d70b52d9a709a37165a5747
(cherry picked from commit 0039ccf47c8f99888f7b71b2a36a68a027fbe357)

ANDROID: dm verity fec: limit error correction recursion

If verity tree itself is sufficiently corrupted in addition to data
blocks, it's possible for error correction to end up in a deep recursive
error correction loop that eventually causes a kernel panic as follows:

[   14.728962] [<ffffffc0008c1a14>] verity_fec_decode+0xa8/0x138
[   14.734691] [<ffffffc0008c3ee0>] verity_verify_level+0x11c/0x180
[   14.740681] [<ffffffc0008c482c>] verity_hash_for_block+0x88/0xe0
[   14.746671] [<ffffffc0008c1508>] fec_decode_rsb+0x318/0x75c
[   14.752226] [<ffffffc0008c1a14>] verity_fec_decode+0xa8/0x138
[   14.757956] [<ffffffc0008c3ee0>] verity_verify_level+0x11c/0x180
[   14.763944] [<ffffffc0008c482c>] verity_hash_for_block+0x88/0xe0

This change limits the recursion to a reasonable level during a single
I/O operation.

Bug: 28943429
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Change-Id: I0a7ebff331d259c59a5e03c81918cc1613c3a766
(cherry picked from commit f4b9e40597e73942d2286a73463c55f26f61bfa7)

ANDROID: restrict access to perf events

Add:
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y

to android-base.cfg

The kernel.perf_event_paranoid sysctl is set to 3 by default.
No unprivileged use of the perf_event_open syscall will be
permitted unless it is changed.

Bug: 29054680
Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917

FROMLIST: security,perf: Allow further restriction of perf_event_open

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Bug: 29054680
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8

BACKPORT: perf tools: Document the perf sysctls

perf_event_paranoid was only documented in source code and a perf error
message. Copy the documentation from the error message to
Documentation/sysctl/kernel.txt.

perf_cpu_time_max_percent was already documented but missing from the
list at the top, so add it there.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/20160119213515.GG2637@decadent.org.uk
[ Remove reference to external Documentation file, provide info inline, as before ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Bug: 29054680
Change-Id: I13e73cfb2ad761c94762d0c8196df7725abdf5c5

UPSTREAM: arm64: module: avoid undefined shift behavior in reloc_data()

Compilers may engage the improbability drive when encountering shifts
by a distance that is a multiple of the size of the operand type. Since
the required bounds check is very simple here, we can get rid of all the
fuzzy masking, shifting and comparing, and use the documented bounds
directly.

Change-Id: Ibc1b73f4a630bc182deb6edfa7458b5e29ba9577
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>

UPSTREAM: arm64: module: fix relocation of movz instruction with negative immediate

The test whether a movz instruction with a signed immediate should be
turned into a movn instruction (i.e., when the immediate is negative)
is flawed, since the value of imm is always positive. Also, the
subsequent bounds check is incorrect since the limit update never
executes, due to the fact that the imm_type comparison will always be
false for negative signed immediates.

Let's fix this by performing the sign test on sval directly, and
replacing the bounds check with a simple comparison against U16_MAX.

Change-Id: I9ad3d8bfd91e5fdc6434b1be6c3062dfec193176
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[will: tidied up use of sval, renamed MOVK enum value to MOVKZ]
Signed-off-by: Will Deacon <will.deacon@arm.com>

Revert "armv6 dcc tty driver"

This reverts commit 97312429c2bef1bf8055d01b35cf12028f60ef62.

Drop AOSP's "armv6 dcc tty driver" in favor of upstream DCC driver for
ARMv6/v7 16c63f8ea49c (drivers: char: hvc: add arm JTAG DCC console
support) and for ARMv8 4cad4c57e0b3 (ARM64: TTY: hvc_dcc: Add support
for ARM64 dcc).

Change-Id: I0ca651ef2d854fff03cee070524fe1e3971b6d8f
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "arm: dcc_tty: fix armv6 dcc tty build failure"

This reverts commit dfc1d4be88597141f5ad9d39908c13944d209009.

Drop AOSP's "armv6 dcc tty driver" in favor of upstream DCC driver for
ARMv6/v7 16c63f8ea49c (drivers: char: hvc: add arm JTAG DCC console
support) and for ARMv8 4cad4c57e0b3 (ARM64: TTY: hvc_dcc: Add support
for ARM64 dcc).

Change-Id: I8110a4fd649b8ac1ec9bfac00255c1214135e4b2
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

ARM64: Ignore Image-dtb from git point of view

Change-Id: I5bbf1db90f28ea956383b4a5d91ad508eea656dc
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

arm64: add option to build Image-dtb

Some bootloaders couldn't decompress Image.gz-dtb.

Change-Id: I698cd0c4ee6894e8d0655d88f3ecf4826c28a645
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

ANDROID: usb: gadget: f_midi: set fi->f to NULL when free f_midi function

fi->f is set in f_midi's alloc_func, need to clean this to
NULL in free_func, otherwise on ConfigFS's function switch,
midi->usb_function it self is freed, fi->f will be a wild
pointer and run into below kernel panic:
---------------
[   58.950628] Unable to handle kernel paging request at virtual address 63697664
[   58.957869] pgd = c0004000
[   58.960583] [63697664] *pgd=00000000
[   58.964185] Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM
[   58.970111] Modules linked in:
[   58.973191] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.1.15-03504-g34c857c-dirty #89
[   58.981024] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[   58.987557] task: c110bd70 ti: c1100000 task.ti: c1100000
[   58.992962] PC is at 0x63697664
[   58.996120] LR is at android_setup+0x78/0x138
<..snip..>
[   60.044980] 1fc0: ffffffff ffffffff c1000684 00000000 00000000 c108ecd0 c11f7294 c11039c0
[   60.053181] 1fe0: c108eccc c110d148 1000406a 412fc09a 00000000 1000807c 00000000 00000000
[   60.061420] [<c073b1fc>] (android_setup) from [<c0730490>] (udc_irq+0x758/0x1034)
[   60.068951] [<c0730490>] (udc_irq) from [<c017c650>] (handle_irq_event_percpu+0x50/0x254)
[   60.077165] [<c017c650>] (handle_irq_event_percpu) from [<c017c890>] (handle_irq_event+0x3c/0x5c)
[   60.086072] [<c017c890>] (handle_irq_event) from [<c017f3ec>] (handle_fasteoi_irq+0xe0/0x198)
[   60.094630] [<c017f3ec>] (handle_fasteoi_irq) from [<c017bcfc>] (generic_handle_irq+0x2c/0x3c)
[   60.103271] [<c017bcfc>] (generic_handle_irq) from [<c017bfb8>] (__handle_domain_irq+0x7c/0xec)
[   60.112000] [<c017bfb8>] (__handle_domain_irq) from [<c0101450>] (gic_handle_irq+0x24/0x5c)
--------------

Signed-off-by: Winter Wang <wente.wang@nxp.com>

UPSTREAM: mac80211: fix "warning: ‘target_metric’ may be used uninitialized"

(This cherry-picks b4201cc4fc6e1c57d6d306b1f787865043d60129 upstream)

This fixes:

net/mac80211/mesh_hwmp.c:603:26: warning: ‘target_metric’ may be used uninitialized in this function

target_metric is only consumed when reply = true so no bug exists here,
but not all versions of gcc realize it. Initialize to 0 to remove the
warning.

Change-Id: I13923fda9d314f48196c29e4354133dfe01f5abd
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
[jstultz: Cherry-picked to android-4.4]
Signed-off-by: John Stultz <john.stultz@linaro.org>

UPSTREAM: tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)

(cherry pick from commit 5c17c861a357e9458001f021a7afa7aab9937439)

ioctl(TIOCGETD) retrieves the line discipline id directly from the
ldisc because the line discipline id (c_line) in termios is untrustworthy;
userspace may have set termios via ioctl(TCSETS*) without actually
changing the line discipline via ioctl(TIOCSETD).

However, directly accessing the current ldisc via tty->ldisc is
unsafe; the ldisc ptr dereferenced may be stale if the line discipline
is changing via ioctl(TIOCSETD) or hangup.

Wait for the line discipline reference (just like read() or write())
to retrieve the "current" line discipline id.

Cc: <stable@vger.kernel.org>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 28409131
Change-Id: I6774bd883a2e48bbe020486c72c42fb410e3f98a

Revert "drivers: power: use 'current' instead of 'get_current()'"

This reverts commit e1b5d103894d097fb630aebc3c1fdaf257f7c9bb.

This patch fixed the aosp commit ad86cc8ad632 (drivers: power:
Add watchdog timer to catch drivers which lockup during suspend.),
which we dropped in Change Id Ic72a87432e27844155467817600adc6cf0c2209c,
so we no longer need this fix. A part of this patch is already reverted
in above mentioned Change Id.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

cpufreq: interactive: drop cpufreq_{get,put}_global_kobject func calls

Upstream commit 8eec1020f0c0 (cpufreq: create cpu/cpufreq at boot time)
make sure that cpufreq sysfs entry get created at boot time, and there
is no need to create/destroy it on need basis anymore.

So drop deprecated cpufreq_{get,put}_global_kobject function calls which
otherwise result in following compilation errors:

drivers/cpufreq/cpufreq_interactive.c: In function 'cpufreq_governor_interactive':
drivers/cpufreq/cpufreq_interactive.c:1187:4: error: implicit declaration of function 'cpufreq_get_global_kobject' [-Werror=implicit-function-declaration]
    WARN_ON(cpufreq_get_global_kobject());
    ^
drivers/cpufreq/cpufreq_interactive.c:1197:5: error: implicit declaration of function 'cpufreq_put_global_kobject'[-Werror=implicit-function-declaration]
     cpufreq_put_global_kobject();
     ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "cpufreq: interactive: build fixes for 4.4"

This reverts commit bc68f6c4efbd4ddbb15817203f18b7941d9ffd52.

This build fix broke the Interactive Gov at runtime with duplicate sysfs
entry warnings at boot time. We no longer need to this create/destroy
cpufreq sysfs entry at run time on need basis thanks to upstream commit
8eec1020f0c0 (cpufreq: create cpu/cpufreq at boot time) which creates it
at boot time. Hence drop this build fix.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

xt_qtaguid: Fix panic caused by processing non-full socket.

In an issue very similar to 4e461c777e3 (xt_qtaguid: Fix panic
caused by synack processing), we were seeing panics on occasion
in testing.

In this case, it was the same issue, but caused by a different
call path, as the sk being returned from qtaguid_find_sk() was
not a full socket. Resulting in the sk->sk_socket deref to fail.

This patch adds an extra check to ensure the sk being retuned
is a full socket, and if not it returns NULL.

Reported-by: Milosz Wasilewski <milosz.wasilewski@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>

fiq_debugger: Add fiq_debugger.disable option

This change allows to use same kernel image with
different console options for uart and fiq_debugger.
If fiq_debugger.disable will be set to 1/y/Y,
fiq_debugger will not be initialized.

Change-Id: I71fda54f5f863d13b1437b1f909e52dd375d002d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

UPSTREAM: procfs: fixes pthread cross-thread naming if !PR_DUMPABLE

The PR_DUMPABLE flag causes the pid related paths of the
proc file system to be owned by ROOT. The implementation
of pthread_set/getname_np however needs access to
/proc/<pid>/task/<tid>/comm.
If PR_DUMPABLE is false this implementation is locked out.

This patch installs a special permission function for
the file "comm" that grants read and write access to
all threads of the same group regardless of the ownership
of the inode. For all other threads the function falls back
to the generic inode permission check.

Signed-off-by: Janis Danisevskis <jdanis@google.com>

FROMLIST: wlcore: Disable filtering in AP role

When you configure (set it up) a STA interface, the driver
install a multicast filter. This is normal behavior, when
one application subscribe to multicast address the filter
is updated. When Access Point interface is configured, there
is no filter installation and the "filter update" path is
disabled in the driver.

The problem happens when you switch an interface from STA
type to AP type. The filter is installed but there are no
means to update it.

Change-Id: Ied22323af831575303abd548574918baa9852dd0
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Revert "drivers: power: Add watchdog timer to catch drivers which lockup during suspend."

This reverts commit ad86cc8ad63229eeeba0628e99f2f59df55a25fd.

Commit 70fea60d888d ("PM / Sleep: Detect device suspend/resume lockup...")
added a suspend/resume watchdog timer to catch the lockup. Let's revert the
duplicate one.

Change-Id: Ic72a87432e27844155467817600adc6cf0c2209c
Signed-off-by: Lianwei Wang <lianwei.wang@gmail.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

fiq_debugger: Add option to apply uart overlay by FIQ_DEBUGGER_UART_OVERLAY

fiq_debugger is taking over uart, so it is necessary to disable
original uart in DT file. It can be done manually or by overlay.

Change-Id: I9f50ec15b0e22e602d73b9f745fc8666f8925d09
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Revert "Recreate asm/mach/mmc.h include file"

This reverts commit 5b42ae3edab6c39c1337d36881d29350bb36dcff.

This recereated arch/arm/include/asm/mach/mmc.h include file has
no active user in android-4.x kernels. Also all the necessary bits
are already moved to include/linux/amba/mmci.h.

6ef297f86b62 (ARM: 5720/1: Move MMCI header to amba include dir)

Change-Id: Ibf258b355d17f54f49b777a8f6e0089e9b59a3a5
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "ARM: Add 'card_present' state to mmc_platfrom_data"

This reverts commit 541632275e983573b8250fcd4402f772d7bd1e6f.

mmc_platform_data (or arch/arm/include/asm/mach/mmc.h in general)
has no active user in android-4.x kernels. Also all the necessary
bits are already moved to include/linux/amba/mmci.h.

6ef297f86b62 (ARM: 5720/1: Move MMCI header to amba include dir)

Change-Id: Iff384eb527327bf88543408e0257241c1fd99a43
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

usb: dual-role: make stub functions inline

If CONFIG_DUAL_ROLE_USB_INTF is disabled but the exported functions
are referenced, the build will result in warnings such as:

In file included from include/linux/usb/class-dual-role.h:112:13:
warning: ‘dual_role_instance_changed’ defined but not used
[-Wunused-function]

These stub functions should be static inline.

Change-Id: I5a9ef58dca32306fac5a4c7f28cdaa36fa8ae078
Signed-off-by: Jack Pham <jackp@codeaurora.org>
(cherry picked from commit 2d152dbb0743526b21d6bbefe097f874c027f860)
(cherry picked from commit 8ad66cafaa10e6ba94ff79a8dbc2cc437c6bfe93)

Revert "mmc: Add status IRQ and status callback function to mmc platform data"

This reverts commit 91fa97e1e5c001d52f6c993d37be08d1e84f47b7.

This patch is no longer valid. There are no users for this status irq and
callback in android-4.x. The Qcom platform (mach-msm/qsd8x50, HTC Dream..)
and SDCC controller (msm_sdcc) using this status IRQ and callback are
dropped from mainline sometime back.

27842bb18b00 (mmc: Remove msm_sdcc driver)
c0c89fafa289 (ARM: Remove mach-msm and associated ARM architecture code)

Change-Id: Ia38e42a06dc184395f79c1ec1d306bf9775704d5
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

quick selinux support for tracefs

Here is just the quick fix for tracefs with selinux.
just add tracefs to the list of whitelisted filesystem
types in selinux_is_sblabel_mnt(), but the right fix would be to
generalize this logic as described in the last item on the todo list,
https://bitbucket.org/seandroid/wiki/wiki/ToDo

Change-Id: I2aa803ccffbcd2802a7287514da7648e6b364157
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>

Revert "hid-multitouch: Filter collections by application usage."

This reverts commit 0840b80cb9626906b57df54e7229db60f9aea4f2.

This patch is already upstreamed in v4.4, commit
658d4aed59b3 (HID: hid-multitouch: Filter collections by application usage.),
and further fixed/cleaned up afterwards in commits
c2ef8f21ea8f (HID: multitouch: add support for trackpads),
76f5902aebda (HID: hid-multitouch: Simplify setup and frame synchronization) et al.

By having this duplicate patch in AOSP we are doing redundant
checks for Touchscreen and Touchpad devices.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "HID: steelseries: validate output report details"

This reverts commit 90037b2720acffa6da2269a10ecf24ec2dace89b.

Remove duplicate code. This patch is already upstreamed in v4.4,
commit 41df7f6d4372 (HID: steelseries: validate output report details).

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

xt_qtaguid: Fix panic caused by synack processing

In upstream commit ca6fb06518836ef9b65dc0aac02ff97704d52a05
(tcp: attach SYNACK messages to request sockets instead of
listener)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6fb0651883

The building of synack messages was changed, which made it so
the skb->sk points to a casted request_sock. This is problematic,
as there is no sk_socket in a request_sock. So when the qtaguid_mt
function tries to access the sk->sk_socket, it accesses uninitialized
memory.

After looking at how other netfilter implementations handle this,
I realized there was a skb_to_full_sk() helper added, which the
xt_qtaguid code isn't yet using.

This patch adds its use, and resovles panics seen when accessing
uninitialzed memory when processing synack packets.

Reported-by: YongQin Liu <yongquin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>

Revert "mm: vmscan: Add a debug file for shrinkers"

Kernel panic when type "cat /sys/kernel/debug/shrinker"

Unable to handle kernel paging request at virtual address 0af37d40
pgd = d4dec000
[0af37d40] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[<c0bb8f24>] (_raw_spin_lock) from [<c020aa08>] (list_lru_count_one+0x14/0x28)
[<c020aa08>] (list_lru_count_one) from [<c02309a8>] (super_cache_count+0x40/0xa0)
[<c02309a8>] (super_cache_count) from [<c01f6ab0>] (debug_shrinker_show+0x50/0x90)
[<c01f6ab0>] (debug_shrinker_show) from [<c024fa5c>] (seq_read+0x1ec/0x48c)
[<c024fa5c>] (seq_read) from [<c022e8f8>] (__vfs_read+0x20/0xd0)
[<c022e8f8>] (__vfs_read) from [<c022f0d0>] (vfs_read+0x7c/0x104)
[<c022f0d0>] (vfs_read) from [<c022f974>] (SyS_read+0x44/0x9c)
[<c022f974>] (SyS_read) from [<c0107580>] (ret_fast_syscall+0x0/0x3c)
Code: e1a04000 e3a00001 ebd66b39 f594f000 (e1943f9f)
---[ end trace 60c74014a63a9688 ]---
Kernel panic - not syncing: Fatal exception

shrink_control.nid is used but not initialzed, same for
shrink_control.memcg.

This reverts commit b0e7a582b2264cdf75874dcd8df915b6b4427755.

Change-Id: I108de88fa4baaef99a53c4e4c6a1d8c4b4804157
Reported-by: Xiaowen Liu <xiaowen.liu@freescale.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Revert "SELinux: Enable setting security contexts on rootfs inodes."

This reverts commit 78d36d2111cd4ca722a602846f7db8f54a0b074c.

Drop this duplicate patch. This patch is already upstreamed in v4.4. Commits
5c73fceb8c70 (SELinux: Enable setting security contexts on rootfs inodes.),
12f348b9dcf6 (SELinux: rename SE_SBLABELSUPP to SBLABEL_MNT), and
b43e725d8d38 (SELinux: use a helper function to determine seclabel),
for reference.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "SELinux: build fix for 4.1"

This reverts commit 43e1b4f528e1654fadd1097f7cc5c50be6e45b77.

This patch is part of code which is already upstreamed in v4.4. Commits
5c73fceb8c70 (SELinux: Enable setting security contexts on rootfs inodes.),
12f348b9dcf6 (SELinux: rename SE_SBLABELSUPP to SBLABEL_MNT), and
b43e725d8d38 (SELinux: use a helper function to determine seclabel).
for reference.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

fuse: Add support for d_canonical_path

Allows FUSE to report to inotify that it is acting
as a layered filesystem. The userspace component
returns a string representing the location of the
underlying file. If the string cannot be resolved
into a path, the top level path is returned instead.

bug: 23904372
Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f
Signed-off-by: Daniel Rosenberg <drosen@google.com>

vfs: change d_canonical_path to take two paths

bug: 23904372
Change-Id: I4a686d64b6de37decf60019be1718e1d820193e6
Signed-off-by: Daniel Rosenberg <drosen@google.com>

android: recommended.cfg: remove CONFIG_UID_STAT

Remove UID Stat driver.

Change-Id: Ifc9d2c6fe27900f30e6407398f5b24222518bffc
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

netfilter: xt_qtaguid: seq_printf fixes

Update seq_printf() usage in xt_qtaguid to align
with changes from mainline commit 6798a8caaf64
"fs/seq_file: convert int seq_vprint/seq_printf/etc...
returns to void".

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "misc: uidstat: Adding uid stat driver to collect network statistics."

This reverts commit 6b6d5fbf9ae567aefb58099a30bbb6d25fa8925b.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "net: activity_stats: Add statistics for network transmission activity"

This reverts commit afedd7beba14385fd797166751fde39e0f52cf72.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "net: activity_stats: Stop using obsolete create_proc_read_entry api"

This reverts commit 7c121720fa14889d59e933aad0a8b9ce948a39ae.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "misc: uidstat: avoid create_stat() race and blockage."

This reverts commit f7a812174033fe620509e6e8ca7022abd924b1c4.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "misc: uidstat: Remove use of obsolete create_proc_read_entry api"

This reverts commit fccab646d33381af63e4f4c0d4f309a1d2b4b0c3.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "misc seq_printf fixes for 4.4"

This reverts commit 5c7566a29bff14166d952f2ea525d5231546f821.

This patch revert some changes in net/netfilter/xt_qtaguid.c as well.
I'll submit another patch to restore those changes.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "misc: uid_stat: Include linux/atomic.h instead of asm/atomic.h"

This reverts commit 8d3a6c1538fb021448c4f6381f6191061f947ba1.

This series of patches revert AOSP UID_STAT and NET_ACTIVITY_STATS drivers.
I could not find any meaningful usage of these interfaces in AOSP master.

UID_STAT driver expose "/proc/uid_stat/*" interfaces but it is only
used in AOSP master as in what appears be an out of date bandwidth
test in frameworks/base and in somewhat recent battery utils test
in external/chromium-trace project.

NET_ACTIVITY_STATS driver expose "/proc/net/stat/activity" interface
but I can not track its usage anywhere in AOSP at all.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

Revert "net: socket ioctl to reset connections matching local address"

Use SOCK_DESTROY from now instead of SIOCKILLADDR

This reverts commit 38f0ec724f5306c81130ca9343c856aa37a76d54.

Change-Id: I2dcd833b66c88a48de8978dce9d72ab78f9af549

Revert "net: fix iterating over hashtable in tcp_nuke_addr()"

This reverts commit 4747299b2c8e8778927b3df0501023d76fe4f2d5.

Revert "net: fix crash in tcp_nuke_addr()"

This reverts commit 08f7c4280cd5efe9e274240c42177f459431bac2.

Revert "Don't kill IPv4 sockets when killing IPv6 sockets was requested."

This reverts commit 8bf4413b4f54e24120b90ecbfee426beeddc3ff0.

Revert "tcp: Fix IPV6 module build errors"

This reverts commit 3823c8136f2170b3ac5e6a5f8b857746a786e845.

android: base-cfg: remove CONFIG_SWITCH

Change-Id: I3fd1aa7a54fe3a8d3ad5537cbc61386e52f41ea0
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Revert "switch: switch class and GPIO drivers."

Drivers should use extcon moving forward.
Documentation/extcon/porting-android-switch-class describes
how to port existing switch class drivers to extcon.

This reverts commit e4b8e66e0ae2e78e913d7b86f2507fdb0aa731b4.

Change-Id: I5b622c7ab4c0cb9670f8903f259a99888f503c1a

Revert "drivers: switch: remove S_IWUSR from dev_attr"

This reverts commit dc66dee02dcd6ea774e3ed4ae32e88b0f3b4bee7.

ANDROID: base-cfg: enable CONFIG_IP_NF_NAT

IP_NF_TARGET_{MASQUERADE,NETMAP,REDIRECT} configs,
already enabled in android-base.cfg for tethering,
are of no use if CONFIG_IP_NF_NAT is not enabled.

Don't rely on platform config for that and enable
CONFIG_IP_NF_NAT in android-base.cfg as well.

Change-Id: Ic72bcebbd925b142b09539466bf963188c83108a
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

BACKPORT: selinux: restrict kernel module loading

Backport notes:
Backport uses kernel_module_from_file not kernel_read_file hook.
kernel_read_file replaced kernel_module_from_file in the 4.6 kernel.
There are no inode_security_() helper functions (also introduced in
4.6) so the inode lookup is done using the file_inode() helper which
is standard for kernel version < 4.6.

(Cherry picked from commit 61d612ea731e57dc510472fb746b55cdc017f371)

Utilize existing kernel_read_file hook on kernel module load.
Add module_load permission to the system class.

Enforces restrictions on kernel module origin when calling the
finit_module syscall. The hook checks that source type has
permission module_load for the target type.
Example for finit_module:

allow foo bar_file:system module_load;

Similarly restrictions are enforced on kernel module loading when
calling the init_module syscall. The hook checks that source
type has permission module_load with itself as the target object
because the kernel module is sourced from the calling process.
Example for init_module:

allow foo foo:system module_load;

Bug: 27824855
Change-Id: I64bf3bd1ab2dc735321160642dc6bbfa996f8068
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

android: base-cfg: enable CONFIG_QUOTA

Bug: 28032718
Change-Id: I7cb6b641f72085e69b90dca11d2ea68adcd02390
(cherry picked from commit e1b53a388e9cfcf870520a6899a37456cf1ae2c6)

ANDROID: mmc: Add CONFIG_MMC_SIMULATE_MAX_SPEED

When CONFIG_MMC_SIMULATE_MAX_SPEED is enabled, Expose max_read_speed,
max_write_speed and cache_size default module parameters and sysfs
controls to simulate a slow eMMC device. Default values are 0 (off),
0 (off) and 4 MB respectively.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26976972
Change-Id: I342bfbd8b85f9b790e3f0e1e4e51a900ae07e05d

android: base-cfg: Add CONFIG_INET_DIAG_DESTROY

Change-Id: I67430b05eca8fd520d2795d3db60faf2ec0fab9e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

cpufreq: interactive: only apply interactive boost when enabled

Only apply the interactive boost when the interactive governor is
enabled. This seems like the right thing to do.

This was originally reviewed on
https://chromium-review.googlesource.com/273501

Change-Id: I5f4a7320683eada099f9a4253e3d6b0f03057fe8
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Dmitry Torokhov <dtor@google.com>

cpufreq: interactive: fix policy locking

cpufreq_interactive_speedchange_task() is running as a separate kernel
thread and is calling __cpufreq_driver_target(), which requires callers
to hold policy->rwsem for writing to prevent racing with other parts of
the kernel trying to adjust the frequency, for example kernel thermal
throttling. Let's change the code to take policy->rwsem and while at it
refactor the code a bit.

This was originally 2 changes reviewed at:
https://chromium-review.googlesource.com/246273
https://chromium-review.googlesource.com/256120

Change-Id: Icc2d97c6c1b929acd2ee32e8c81d81fd2af778ab
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Dmitry Torokhov <dtor@google.com>

ANDROID: dm verity fec: add sysfs attribute fec/corrected

Add a sysfs entry that allows user space to determine whether dm-verity
has come across correctable errors on the underlying block device.

Bug: 22655252
Bug: 27928374
Change-Id: I80547a2aa944af2fb9ffde002650482877ade31b
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 7911fad5f0a2cf5afc2215657219a21e6630e001)

ANDROID: android: base-cfg: enable CONFIG_DM_VERITY_FEC

Bug: 21893453
Change-Id: Idd0dfe4e3e527df2eff2f0d734effc40dce294c7
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 9408350ed80005174918ce5147490035b2cf451b)

UPSTREAM: dm verity: add ignore_zero_blocks feature

If ignore_zero_blocks is enabled dm-verity will return zeroes for blocks
matching a zero hash without validating the content.

Change-Id: I728fa4b2586b29f2793ea5cb014289892819d249
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit 0cc37c2df4fa0aa702f9662edce4b7ce12c86b7a)

UPSTREAM: dm verity: add support for forward error correction

Add support for correcting corrupted blocks using Reed-Solomon.

This code uses RS(255, N) interleaved across data and hash
blocks. Each error-correcting block covers N bytes evenly
distributed across the combined total data, so that each byte is a
maximum distance away from the others. This makes it possible to
recover from several consecutive corrupted blocks with relatively
small space overhead.

In addition, using verity hashes to locate erasures nearly doubles
the effectiveness of error correction. Being able to detect
corrupted blocks also improves performance, because only corrupted
blocks need to corrected.

For a 2 GiB partition, RS(255, 253) (two parity bytes for each
253-byte block) can correct up to 16 MiB of consecutive corrupted
blocks if erasures can be located, and 8 MiB if they cannot, with
16 MiB space overhead.

Change-Id: Ife4f8889f7fbf0974bf3ed4be6d3322ae9b4cb0e
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit a739ff3f543afbb4a041c16cd0182c8e8d366e70)

UPSTREAM: dm verity: factor out verity_for_bv_block()

verity_for_bv_block() will be re-used by optional dm-verity object.

Change-Id: I80e0f8e7c9f234fce3fbdf21cb05aba3041d7f98
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit bb4d73ac5e4f0a6c4853f35824f6cb2d396a2f9c)

UPSTREAM: dm verity: factor out structures and functions useful to separate object

Prepare for an optional verity object to make use of existing dm-verity
structures and functions.

Change-Id: Ib14c3834bfed222b33e068908fb5f71a53e1187b
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit ffa393807cd69656d5b6bc9d9622e205071cbab8)

UPSTREAM: dm verity: move dm-verity.c to dm-verity-target.c

Prepare for extending dm-verity with an optional object. Follows the
naming convention used by other DM targets (e.g. dm-cache and dm-era).

Change-Id: If6d2f27b290adf14fa77f3745fdc13aaa417c8dc
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit 03045cbafa2d663ad8d0a583ac219d202d824344)

UPSTREAM: dm verity: separate function for parsing opt args

Move optional argument parsing into a separate function to make it
easier to add more of them without making verity_ctr even longer.

Change-Id: I9cd9df41c3326824f8cca5764075501987e78a52
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit 753c1fd02807cb43a1c5d01d75d454054d46bdad)

UPSTREAM: dm verity: clean up duplicate hashing code

Handle dm-verity salting in one place to simplify the code.

Change-Id: If923a01dc63ae5123af13ba1b0863b73e33ddf46
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit 6dbeda3469ced777bc3138ed5918f7ae79670b7b)

UPSTREAM: dm: don't save and restore bi_private

Device mapper used the field bi_private to point to dm_target_io. However,
since kernel 3.15, the bi_private field is unused, and so the targets do
not need to save and restore this field.

This patch removes code that saves and restores bi_private from dm-cache,
dm-snapshot and dm-verity.

Change-Id: Ic72905ccb6d58ff94eafaa47ba54b2688d92d3d1
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
(cherry picked from commit fe3265b180d6282648f03bc6ac3958c733df01c2)

mm: Export do_munmap

The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.

ERROR: "do_munmap" undefined!

Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>

sdcardfs: remove unneeded __init and __exit

Change-Id: I2a2d45d52f891332174c3000e8681c5167c1564f

sdcardfs: Remove unused code

Change-Id: Ie97cba27ce44818ac56cfe40954f164ad44eccf6

fs: Export d_absolute_path

The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.

ERROR: "d_absolute_path" undefined!

Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>

sdcardfs: remove effectless config option

CONFIG_SDCARD_FS_CI_SEARCH only guards a define for
LOOKUP_CASE_INSENSITIVE, which is never used in the
kernel. Remove both, along with the option matching
that supports it.

Change-Id: I363a8f31de8ee7a7a934d75300cc9ba8176e2edf
Signed-off-by: Daniel Rosenberg <drosen@google.com>

inotify: Fix erroneous update of bit count

Patch "vfs: add d_canonical_path for stacked filesystem support"
erroneously updated the ALL_INOTIFY_BITS count. This changes it back

Change-Id: Idb04edc736da276159d30f04c40cff9d6b1e070f

fs: sdcardfs: Declare LOOKUP_CASE_INSENSITIVE unconditionally

Attempts to build sdcardfs as module fail with

fs/sdcardfs/lookup.c: In function '__sdcardfs_lookup':
fs/sdcardfs/lookup.c:243:5: error: 'LOOKUP_CASE_INSENSITIVE' undeclared

This occurs because the define is enclosed with #ifdef
CONFIG_SDCARD_FS_CI_SEARCH. If SDCARD_FS_CI_SEARCH is configured to be
built as module, this does not work. Alternatives would be to use #if
IS_ENABLED(CONFIG_SDCARD_FS_CI_SEARCH), or to declare SDCARD_FS_CI_SEARCH
as bool, but that does not work because the define is used unconditionally
in the source.

Note that LOOKUP_CASE_INSENSITIVE is only set but not evaluated in the
current source code, so setting the flag has no real effect.

Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>

trace: cpufreq: fix typo in min/max cpufreq

Change-Id: Ieed402d3a912b7a318826e101efe2c24b07ebfe4
Signed-off-by: Thierry Strudel <tstrudel@google.com>

sdcardfs: Add support for d_canonical_path

Change-Id: I5d6f0e71b8ca99aec4b0894412f1dfd1cfe12add
Signed-off-by: Daniel Rosenberg <drosen@google.com>

vfs: add d_canonical_path for stacked filesystem support

Inotify does not currently know when a filesystem
is acting as a wrapper around another fs. This means
that inotify watchers will miss any modifications to
the base file, as well as any made in a separate
stacked fs that points to the same file.
d_canonical_path solves this problem by allowing the fs
to map a dentry to a path in the lower fs. Inotify
can use it to find the appropriate place to watch to
be informed of all changes to a file.

Change-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6
Signed-off-by: Daniel Rosenberg <drosen@google.com>

sdcardfs: Bring up to date with Android M permissions:

In M, the workings of sdcardfs were changed significantly.
This brings sdcardfs into line with the changes.

Change-Id: I10e91a84a884c838feef7aa26c0a2b21f02e052e

Changed type-casting in packagelist management

Fixed existing type-casting in packagelist management code. All
warnings at compile time were taken care of.

Change-Id: I1ea97786d1d1325f31b9f09ae966af1f896a2af5
Signed-off-by: Daniel Campello <campello@google.com>

Port of sdcardfs to 4.4

Change-Id: I25b99ecf214e72ebf6a57ec3085972542a8d7951
Signed-off-by: Daniel Rosenberg <drosen@google.com>

Included sdcardfs source code for kernel 3.0

Only included the source code as is for kernel 3.0. Following patches
take care of porting this file system to version 3.10.

Change-Id: I09e76db77cd98a059053ba5b6fd88572a4b75b5b
Signed-off-by: Daniel Campello <campello@google.com>

ANDROID: usb: gadget: Add support for MTP OS desc

Windows requires OS specific descriptors for automatic
install of drivers for MTP devices.

https://msdn.microsoft.com/en-us/library/windows/
hardware/gg463179.aspx

BUG=24583401
BUG=chrome-os-partner:43409

Change-Id: I9397072ca3d183efbc9571c6cde3790f10d8851e
Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Reviewed-on: https://chromium-review.googlesource.com/304346
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726cfe38952f0366f86acfbbb025813ec1c2,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

CHROMIUM: usb: gadget: audio_source: add .free_func callback

When userspace unbinds gadget functions through configfs, the
.free_func() callback is always invoked. (in config_usb_cfg_unlink())
Implement it as a no-op to avoid the following crash:

[ 68.125679] configfs-gadget gadget: unbind function 'accessory'/ffffffc0720bf000
[ 68.133202] configfs-gadget gadget: unbind function 'audio_source'/ffffffc0012ca3c0
[ 68.142668] tegra-xudc 700d0000.usb-device: ep 0 disabled
[ 68.148186] Bad mode in Synchronous Abort handler detected, code 0x86000006
[ 68.155144] CPU: 2 PID: 1 Comm: init Tainted: G U W 3.18.0-09419-g87296c3-dirty #561
[ 68.163743] Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
[ 68.169566] task: ffffffc0bc8d0000 ti: ffffffc0bc8bc000 task.ti: ffffffc0bc8bc000
[ 68.177039] PC is at 0x0
[ 68.179577] LR is at usb_put_function+0x14/0x1c
....

BUG=chrome-os-partner:49140
TEST="setprop sys.usb.config accessory,audio_source" on A44 and then
switch back to default: "setprop sys.usb.config mtp,adb", no crash will
be seen.

Change-Id: I5b6141964aab861e86e3afb139ded02d4d122dab
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321013
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

CHROMIUM: usb: gadget: f_mtp: fix usb_ss_ep_comp_descriptor

wBytesPerInterval in SuperSpeed Endpoint Companion Descriptor needs
to be set large enough to reserve enough bus time for associated
periodic endpoint.

Originally, wBytesPerInterval for mtp's interrupt IN endpoint is set
to 2 and its single interrupt transfer will be split into many 2 bytes
interrupt transfers. So, we change wBytesPerInterval to INTR_BUFFER_SIZE
to ensure interrupt transfer will not be split.

BUG=none
TEST=Smaug works as a MTP device

Change-Id: I49c0df892b2d9e0193a684eef23f73664ced9f91
Signed-off-by: Henry Lin <henryl@nvidia.com>
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/299091
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

CHROMIUM: usb: gadget: f_mtp: Add SuperSpeed support

Add SuperSpeed endpoint and companion descriptors.

BUG=chrome-os-partner:43682
TEST=Smaug enumerates as a SuperSpeed device.

Change-Id: I2bf3125d180fcb07222a5740fa67f3526cf3e95c
Signed-off-by: Hui Fu <hfu@nvidia.com>
Signed-off-by: Henry Lin <henryl@nvidia.com>
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/294950

FROMLIST: mmc: block: fix ABI regression of mmc_blk_ioctl

If mmc_blk_ioctl returns -EINVAL, blkdev_ioctl continues to
work without returning err to user-space. But now we check
CAP_SYS_RAWIO firstly, so we return -EPERM to blkdev_ioctl,
which make blkdev_ioctl return -EPERM to user-space directly.
So this will break all the ioctl with BLKROSET. Now we find
Android-adb suffer it for the following log:

remount of /system failed;
couldn't make block device writable: Operation not permitted
openat(AT_FDCWD, "/dev/block/platform/ff420000.dwmmc/by-name/system", O_RDONLY) = 3
ioctl(3, BLKROSET, 0) = -1 EPERM (Operation not permitted)

Fixes: a5f5774c55a2 ("mmc: block: Add new ioctl to send multi commands")
Change-Id: Ie9ba728e366abf4ab73fd6102d2a2aa0d4ee5c66
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>

FROMLIST: mm: ASLR: use get_random_long()

(cherry picked from commit https://lkml.org/lkml/2016/2/4/833)

Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long(). Also address shifting bug which, in case
of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.

Bug: 26963541
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I36c156c9b8d7d157134895fddd4cd6efddcbee86

FROMLIST: drivers: char: random: add get_random_long()

(cherry picked from commit https://lkml.org/lkml/2016/2/4/831)

d07e22597d1d355 ("mm: mmap: add new /proc tunable for mmap_base ASLR")
added the ability to choose from a range of values to use for entropy
count in generating the random offset to the mmap_base address. The
maximum value on this range was set to 32 bits for 64-bit x86 systems, but
this value could be increased further, requiring more than the 32 bits of
randomness provided by get_random_int(), as is already possible for arm64.
Add a new function: get_random_long() which more naturally fits with the
mmap usage of get_random_int() but operates exactly the same as
get_random_int().

Also, fix the shifting constant in mmap_rnd() to be an unsigned long so
that values greater than 31 bits generate an appropriate mask without
overflow. This is especially important on x86, as its shift instruction
uses a 5-bit mask for the shift operand, which meant that any value for
mmap_rnd_bits over 31 acts as a no-op and effectively disables mmap_base
randomization.

Finally, replace calls to get_random_int() with get_random_long() where
appropriate.

Bug: 26963541
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I5b45621088666d5d1dfbf43952f25ea0798b10ba

FROMLIST: pstore-ram: fix NULL reference when used with pdata

When using platform-data (not DT), we get an OOPS, because drvdata is
only initialized after we try to use it.

This addresses my comments made on the upstream submission here:

https://patchwork.kernel.org/patch/7980651/

Fixes boot on Chrome OS systems, including the Pixel 2.

Change-Id: I97360edf2ce61c83dc543cb6c169f3287e2dae4b
Fixes: b1d1b7187c11 ("FROMLIST: pstore-ram: add Device Tree bindings")
Signed-off-by: Brian Norris <briannorris@google.com>

usb: u_ether: Add missing rx_work init

commit 398a708ed5f3ef771d96dfb9b95b5d5170d17eb7
usb: u_ether: Add workqueue as bottom half handler for rx data path

set up a worker for the rx data path but missed a case where the
work_struct needed to be initialized.

This patch adds the missing 'INIT_WORK'

Change-Id: I2daabd39d35b3e17a3054837282d649d9c78a0aa
Signed-off-by: Matthew Moeller <moeller.matt@gmail.com>

ANDROID: dm-crypt: run in a WQ_HIGHPRI workqueue

(cherry pick from commit ad3ac5180979e5dd1f84e4a807f76fb9fb19f814)

Running dm-crypt in a standard workqueue results in IO competing for CPU
time with standard user apps, which can lead to pipeline bubbles and
seriously degraded performance. Move to a WQ_HIGHPRI workqueue to
protect against that.

Signed-off-by: Tim Murray <timmurray@google.com>
Bug: 25392275
Change-Id: I2828587c754a7c2cafdd78b3323b9896cb8cd4e7

Revert "ANDROID: dm-crypt: run in a WQ_HIGHPRI workqueue"

This reverts commit 46050a93ff9e13fddcdcaff35e2b0b863b3af69b.

Change-Id: I3e37cf37c9ea0270737608dcd92ab5c311ea5ab8

UPSTREAM: ALSA: timer: Harden slave timer list handling

(cherry pick from commit b5a663aa426f4884c71cd8580adae73f33570f0d)

A slave timer instance might be still accessible in a racy way while
operating the master instance as it lacks of locking.  Since the
master operation is mostly protected with timer->lock, we should cope
with it while changing the slave instance, too.  Also, some linked
lists (active_list and ack_list) of slave instances aren't unlinked
immediately at stopping or closing, and this may lead to unexpected
accesses.

This patch tries to address these issues.  It adds spin lock of
timer->lock (either from master or slave, which is equivalent) in a
few places.  For avoiding a deadlock, we ensure that the global
slave_active_lock is always locked at first before each timer lock.

Also, ack and active_list of slave instances are properly unlinked at
snd_timer_stop() and snd_timer_close().

Last but not least, remove the superfluous call of _snd_timer_stop()
at removing slave links.  This is a noop, and calling it may confuse
readers wrt locking.  Further cleanup will follow in a later patch.

Actually we've got reports of use-after-free by syzkaller fuzzer, and
this hopefully fixes these issues.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Bug: 26636060

ANDROID: dm-crypt: run in a WQ_HIGHPRI workqueue

(cherry pick from commit ad3ac5180979e5dd1f84e4a807f76fb9fb19f814)

Running dm-crypt in a standard workqueue results in IO competing for CPU
time with standard user apps, which can lead to pipeline bubbles and
seriously degraded performance. Move to a WQ_HIGHPRI workqueue to
protect against that.

Signed-off-by: Tim Murray <timmurray@google.com>
Bug: 25392275
Change-Id: I589149a31c7b5d322fe2ed5b2476b1f6e3d5ee6f