[ Upstream commit 4727dc20e0 ]
PF_IO_WORKER are kernel threads too, but they aren't PF_KTHREAD in the
sense that we don't assign ->set_child_tid with our own structure. Just
ensure that every arch sets up the PF_IO_WORKER threads like kthreads
in the arch implementation of copy_thread().
Change-Id: Iec4a3c42a39f016b323476d7238f3d36aaf0e6cf
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 320c8057ec)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
When CPU idle is enabled, the idle call should also notify the
idle_notifier_call_chain of the change in status. Otherwise some
processes will think the CPU is always active.
CRs-Fixed: 677525
Change-Id: Iabd6f617d6835688cf8b482ac1321e5c1deafffd
Signed-off-by: Patrick Cain <pcain@codeaurora.org>
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
Signed-off-by: Liang Chen <cl@rock-chips.com>
(cherry picked from https://android.googlesource.com/kernel/msm
commit e7f65ab439125bdc29a7a0ca7345ff746d014119)
https://source.android.com/security/bulletin/2022-04-01
CVE-2021-0707
CVE-2021-39800
CVE-2021-39801 (4.9 only)
CVE-2021-39802
* tag 'ASB-2022-04-05_12-5.10': (3832 commits)
ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus
ANDROID: vendor_hooks: Reduce pointless modversions CRC churn
UPSTREAM: locking/lockdep: Avoid potential access of invalid memory in lock_class
ANDROID: mm: Fix implicit declaration of function 'isolate_lru_page'
ANDROID: GKI: Update symbols to symbol list
ANDROID: GKI: Update symbols to symbol list
ANDROID: GKI: Add hook symbol to symbol list
Revert "ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree"
ANDROID: vendor_hooks: Add hooks to for free_unref_page_commit
ANDROID: vendor_hooks: Add hooks to for alloc_contig_range
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hooks: Add hook in shrink_node_memcgs
ANDROID: GKI: Add symbols to symbol list
FROMGIT: iommu/iova: Improve 32-bit free space estimate
ANDROID: export walk_page_range and swp_swap_info
ANDROID: vendor_hooks: export shrink_slab
ANDROID: usb: gadget: f_accessory: add compat_ioctl support
UPSTREAM: sr9700: sanity check for packet length
UPSTREAM: io_uring: return back safer resurrect
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
...
Change-Id: Ic61ead530b99b10ffd535a358a48fe9bb8c33fd4
Conflicts:
drivers/android/Kconfig
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
drivers/gpu/drm/rockchip/rockchip_vop_reg.c
drivers/i2c/busses/i2c-rk3x.c
drivers/media/i2c/imx258.c
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
drivers/usb/dwc2/gadget.c
drivers/usb/gadget/function/uvc.h
lib/Kconfig.debug
Changes in 5.10.96
Bluetooth: refactor malicious adv data check
media: venus: core: Drop second v4l2 device unregister
net: sfp: ignore disabled SFP node
net: stmmac: skip only stmmac_ptp_register when resume from suspend
s390/module: fix loading modules with a lot of relocations
s390/hypfs: include z/VM guests with access control group set
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
PM: wakeup: simplify the output logic of pm_show_wakelocks()
tracing/histogram: Fix a potential memory leak for kstrdup()
tracing: Don't inc err_log entry count if entry allocation fails
ceph: properly put ceph_string reference after async create attempt
ceph: set pool_ns in new inode layout for async creates
fsnotify: fix fsnotify hooks in pseudo filesystems
Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
drm/etnaviv: relax submit size limits
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
arm64: errata: Fix exec handling in erratum 1418040 workaround
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: stm32: fix software flow control transfer
tty: n_gsm: fix SW flow control encoding/handling
tty: Add support for Brainboxes UC cards.
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
usb: xhci-plat: fix crash when suspend if remote wake enable
usb: common: ulpi: Fix crash in ulpi_match()
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: typec: tcpm: Do not disconnect while receiving VBUS off
ucsi_ccg: Check DEV_INT bit only when starting CCG4
jbd2: export jbd2_journal_[grab|put]_journal_head
ocfs2: fix a deadlock when commit trans
sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask
x86/MCE/AMD: Allow thresholding interface updates after init
powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs
powerpc/32s: Fix kasan_init_region() for KASAN
powerpc/32: Fix boot failure with GCC latent entropy plugin
i40e: Increase delay to 1 s after global EMP reset
i40e: Fix issue when maximum queues is exceeded
i40e: Fix queues reservation for XDP
i40e: Fix for failed to init adminq while VF reset
i40e: fix unsigned stat widths
usb: roles: fix include/linux/usb/role.h compile issue
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
ipv6_tunnel: Rate limit warning messages
net: fix information leakage in /proc/net/ptype
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
hwmon: (lm90) Mark alert as broken for MAX6680
ping: fix the sk_bound_dev_if match in ping_lookup
ipv4: avoid using shared IP generator for connected sockets
hwmon: (lm90) Reduce maximum conversion rate for G781
NFSv4: Handle case where the lookup of a directory fails
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
net-procfs: show net devices bound packet types
drm/msm: Fix wrong size calculation
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
ipv6: annotate accesses to fn->fn_sernum
NFS: Ensure the server has an up to date ctime before hardlinking
NFS: Ensure the server has an up to date ctime before renaming
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
kernel: delete repeated words in comments
perf: Fix perf_event_read_local() time
sched/pelt: Relax the sync of util_sum with util_avg
net: phy: broadcom: hook up soft_reset for BCM54616S
phylib: fix potential use-after-free
octeontx2-pf: Forward error codes to VF
rxrpc: Adjust retransmission backoff
efi/libstub: arm64: Fix image check alignment at entry
hwmon: (lm90) Mark alert as broken for MAX6654
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
net: ipv4: Move ip_options_fragment() out of loop
net: ipv4: Fix the warning for dereference
ipv4: fix ip option filtering for locally generated fragments
ibmvnic: init ->running_cap_crqs early
ibmvnic: don't spin in tasklet
video: hyperv_fb: Fix validation of screen resolution
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
yam: fix a memory leak in yam_siocdevprivate()
net: cpsw: Properly initialise struct page_pool_params
net: hns3: handle empty unknown interrupt for VF
Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
net: bridge: vlan: fix single net device option dumping
ipv4: raw: lock the socket in raw_bind()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: remove sparse error in ip_neigh_gw4()
net: bridge: vlan: fix memory leak in __allowed_ingress
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
usr/include/Makefile: add linux/nfc.h to the compile-test coverage
fsnotify: invalidate dcache before IN_DELETE event
block: Fix wrong offset in bio_truncate()
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
Linux 5.10.96
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie34be06fa082557e93eda246f1a9ebf9f155a138
commit 38e0257e0e upstream.
The erratum 1418040 workaround enables CNTVCT_EL1 access trapping in EL0
when executing compat threads. The workaround is applied when switching
between tasks, but the need for the workaround could also change at an
exec(), when a non-compat task execs a compat binary or vice versa. Apply
the workaround in arch_setup_new_exec().
This leaves a small window of time between SET_PERSONALITY and
arch_setup_new_exec where preemption could occur and confuse the old
workaround logic that compares TIF_32BIT between prev and next. Instead, we
can just read cntkctl to make sure it's in the state that the next task
needs. I measured cntkctl read time to be about the same as a mov from a
general-purpose register on N1. Update the workaround logic to examine the
current value of cntkctl instead of the previous task's compat state.
Fixes: d49f7d7376 ("arm64: Move handling of erratum 1418040 into C code")
Cc: <stable@vger.kernel.org> # 5.9.x
Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211220234114.3926-1-scott@os.amperecomputing.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
https://source.android.com/security/bulletin/2021-12-01
CVE-2021-33909
CVE-2021-38204
CVE-2021-0961
* tag 'ASB-2021-12-05_12-5.10': (3010 commits)
ANDROID: workqueue: export symbol of the function wq_worker_comm()
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hooks: Add hooks for binder proc transaction
ANDROID: GKI: Add symbols abi for USB IP kernel modules.
ANDROID: GKI: Fix file mode on mtk abi file
UPSTREAM: erofs: fix deadlock when shrink erofs slab
ANDROID: init_task: Init android vendor and oem data
UPSTREAM: sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
ANDROID: Update symbol list for mtk
UPSTREAM: erofs: fix unsafe pagevec reuse of hooked pclusters
UPSTREAM: erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
UPSTREAM: usb: dwc3: gadget: Fix null pointer exception
ANDROID: fips140: support "evaluation testing" builds via build.sh
FROMGIT: sched/scs: Reset task stack state in bringup_cpu()
ANDROID: dma-buf: heaps: fix dma-buf heap pool pages stat
ANDROID: ABI: Add several spi_mem related symbols
UPSTREAM: spi: spi-mem: add spi_mem_dtr_supports_op()
ANDROID: gki_defconfig: enable CONFIG_SPI_MEM
ANDROID: ABI: Add several iio related symbols
ANDROID: ABI: Update symbol list for IMX
...
Change-Id: I09cddc92fa34553b944e62cc5cbbba94a84e5437
Conflicts:
arch/arm/boot/dts/rk322x.dtsi
arch/arm64/boot/dts/rockchip/rk3399.dtsi
drivers/dma-buf/heaps/system_heap.c
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
drivers/gpu/drm/rockchip/rockchip_drm_vop.c
drivers/gpu/drm/rockchip/rockchip_lvds.c
drivers/gpu/drm/rockchip/rockchip_vop_reg.c
drivers/mtd/nand/spi/core.c
drivers/pci/controller/pcie-rockchip-host.c
drivers/soc/rockchip/Kconfig
drivers/usb/dwc3/core.c
drivers/usb/dwc3/core.h
A port of 8608d7c441 to ARM64. Both the
original code and this port are limited to dumping kernel addresses, so
don't bother if the registers are from a userspace process.
Change-Id: Idc76804c54efaaeb70311cbb500c54db6dac4525
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
Sync up with android12-5.10 for the following commits:
d30938528e ANDROID: GKI: Update symbol list for VIVO
47458bf124 ANDROID: block: export tracepoints
e41b116463 ANDROID: setlocalversion: make KMI_GENERATION optional
5dac28a174 BACKPORT: uapi: virtio_ids: add a sound device type ID from OASIS spec
2f3f5731de ANDROID: GKI: Add vendor hook to binder transaction
775cd2119d ANDROID: qcom: Add smp_call_function_single_async to ABI
d736cbf8d9 Revert "sched/fair: Keep load_avg and load_sum synced"
de0ba4ea3c Revert "sched/pelt: Ensure that *_sum is always synced with *_avg"
8630facf34 Revert "sched/fair: Ensure _sum and _avg values stay consistent"
7a7b5f89d9 ANDROID: locking/rwsem: only clean RWSEM_FLAG_HANDOFF when already set
a1a4c80265 UPSTREAM: f2fs: change fiemap way in printing compression chunk
cc98cd4a3e ANDROID: GKI: add allowed list file for xiaomi
fa9c907453 ANDROID: GKI: Update symbol list
ea592f07f6 ANDROID: Update symbol list for mtk
a4eacf3227 ANDROID: binder: fix regression in sender_euid
6b7c37f6c4 ANDROID: fips140: use UTS_RELEASE as FIPS version
11db2de0af BACKPORT: binder: use cred instead of task for getsecid
3af7a2f610 BACKPORT: binder: use cred instead of task for selinux checks
d492977395 BACKPORT: binder: use euid from cred instead of using task
7e2fbdaeab ANDROID: vendor_hooks: Add hooks for frequency optimization
054a3c228a ANDROID: GKI: Update symbols to symbol list
0db6925868 ANDROID: vendor_hooks: export get_wchan
a61d61bab7 ANDROID: vendor_hooks: Add hooks to record the time of the process in various states
6cf4b65244 FROMGIT: dma-buf: acquire name lock before read/write dma_buf.name
Due to api additions in android12-5.10, this also adds more api symbols
to track:
Leaf changes summary: 33 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 19 Added functions
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 14 Added variables
19 Added functions:
[A] 'function int __traceiter_android_vh_cpufreq_fast_switch(void*, cpufreq_policy*, unsigned int, unsigned int)'
[A] 'function int __traceiter_android_vh_cpufreq_resolve_freq(void*, cpufreq_policy*, unsigned int, unsigned int)'
[A] 'function int __traceiter_android_vh_cpufreq_target(void*, cpufreq_policy*, unsigned int, unsigned int)'
[A] 'function int __traceiter_android_vh_sched_stat_runtime_rt(void*, task_struct*, u64)'
[A] 'function int __traceiter_block_bio_complete(void*, request_queue*, bio*)'
[A] 'function int __traceiter_block_bio_queue(void*, request_queue*, bio*)'
[A] 'function int __traceiter_block_getrq(void*, request_queue*, bio*, int)'
[A] 'function int __traceiter_block_rq_complete(void*, request*, int, unsigned int)'
[A] 'function int __traceiter_block_rq_insert(void*, request_queue*, request*)'
[A] 'function int __traceiter_block_rq_issue(void*, request_queue*, request*)'
[A] 'function int __traceiter_block_rq_merge(void*, request_queue*, request*)'
[A] 'function int __traceiter_block_rq_requeue(void*, request_queue*, request*)'
[A] 'function int __traceiter_block_split(void*, request_queue*, bio*, unsigned int)'
[A] 'function int __traceiter_sched_stat_runtime(void*, task_struct*, u64, u64)'
[A] 'function int dev_change_flags(net_device*, unsigned int, netlink_ext_ack*)'
[A] 'function unsigned long int get_wchan(task_struct*)'
[A] 'function void* mempool_alloc_pages(gfp_t, void*)'
[A] 'function void mempool_free_pages(void*, void*)'
[A] 'function int mempool_resize(mempool_t*, int)'
14 Added variables:
[A] 'tracepoint __tracepoint_android_vh_cpufreq_fast_switch'
[A] 'tracepoint __tracepoint_android_vh_cpufreq_resolve_freq'
[A] 'tracepoint __tracepoint_android_vh_cpufreq_target'
[A] 'tracepoint __tracepoint_android_vh_sched_stat_runtime_rt'
[A] 'tracepoint __tracepoint_block_bio_complete'
[A] 'tracepoint __tracepoint_block_bio_queue'
[A] 'tracepoint __tracepoint_block_getrq'
[A] 'tracepoint __tracepoint_block_rq_complete'
[A] 'tracepoint __tracepoint_block_rq_insert'
[A] 'tracepoint __tracepoint_block_rq_issue'
[A] 'tracepoint __tracepoint_block_rq_merge'
[A] 'tracepoint __tracepoint_block_rq_requeue'
[A] 'tracepoint __tracepoint_block_split'
[A] 'tracepoint __tracepoint_sched_stat_runtime'
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I15990841323b2a040b41d8207da3532f3d0db795
Export get_wchan to get the block reason
Bug: 205684022
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I7b65bb502b805e7dac13e5f9d725da1ff70fe306
This reverts commit 1aa1f6a7cf.
The hook android_vh_mpam_set is not used by any vendor, so remove
it to help with merge issues with future LTS releases.
If this is needed by any real user, it can easily be reverted to add it
back and then the symbol should be added to the abi list at the same
time to prevent it from being removed again later.
Bug: 203756332
Bug: 165333282
Cc: C-J.Chen <C-J.Chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I18356743538df7d41a00f54479bf2a0bc3a62e06
Changes in 5.10.70
PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
ocfs2: drop acl cache for directories too
mm: fix uninitialized use in overcommit_policy_handler
usb: gadget: r8a66597: fix a loop in set_feature()
usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
cifs: fix incorrect check for null pointer in header_assemble
xen/x86: fix PV trap handling on secondary processors
usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
USB: cdc-acm: fix minor-number release
Revert "USB: bcma: Add a check for devm_gpiod_get"
binder: make sure fd closes complete
staging: greybus: uart: fix tty use after free
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
usb: dwc3: core: balance phy init and exit
usb: core: hcd: Add support for deferring roothub registration
USB: serial: mos7840: remove duplicated 0xac24 device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add device id for Foxconn T99W265
mcb: fix error handling in mcb_alloc_bus()
erofs: fix up erofs_lookup tracepoint
btrfs: prevent __btrfs_dump_space_info() to underflow its free space
xhci: Set HCD flag to defer primary roothub registration
serial: 8250: 8250_omap: Fix RX_LVL register offset
serial: mvebu-uart: fix driver's tx_empty callback
scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
drm/amd/pm: Update intermediate power state for SI
net: hso: fix muxed tty registration
comedi: Fix memory leak in compat_insnlist()
afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
afs: Fix updating of i_blocks on file/dir extension
platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
enetc: Fix illegal access when reading affinity_hint
enetc: Fix uninitialized struct dim_sample field usage
bnxt_en: Fix TX timeout when TX ring size is set to the smallest
net: hns3: fix change RSS 'hfunc' ineffective issue
net: hns3: check queue id range before using
net/smc: add missing error check in smc_clc_prfx_set()
net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
net: dsa: don't allocate the slave_mii_bus using devres
net: dsa: realtek: register the MDIO bus under devres
kselftest/arm64: signal: Add SVE to the set of features we can check for
kselftest/arm64: signal: Skip tests if required features are missing
s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
gpio: uniphier: Fix void functions to remove return value
qed: rdma - don't wait for resources under hw error recovery flow
net/mlx4_en: Don't allow aRFS for encapsulated packets
atlantic: Fix issue in the pm resume flow.
scsi: iscsi: Adjust iface sysfs attr detection
scsi: target: Fix the pgr/alua_support_store functions
tty: synclink_gt, drop unneeded forward declarations
tty: synclink_gt: rename a conflicting function name
fpga: machxo2-spi: Return an error on failure
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
nvme-tcp: fix incorrect h2cdata pdu offset accounting
treewide: Change list_sort to use const pointers
nvme: keep ctrl->namespaces ordered
thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
cifs: fix a sign extension bug
scsi: qla2xxx: Restore initiator in dual mode
scsi: lpfc: Use correct scnprintf() limit
irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
irqchip/gic-v3-its: Fix potential VPE leak on error
md: fix a lock order reversal in md_alloc
x86/asm: Add a missing __iomem annotation in enqcmds()
x86/asm: Fix SETZ size enqcmds() build failure
io_uring: put provided buffer meta data under memcg accounting
blktrace: Fix uaf in blk_trace access after removing by sysfs
net: phylink: Update SFP selected interface on advertising changes
net: macb: fix use after free on rmmod
net: stmmac: allow CSR clock of 300MHz
blk-mq: avoid to iterate over stale request
m68k: Double cast io functions to unsigned long
ipv6: delay fib6_sernum increase in fib6_add
cpufreq: intel_pstate: Override parameters if HWP forced by BIOS
bpf: Add oversize check before call kvcalloc()
xen/balloon: use a kernel thread instead a workqueue
nvme-multipath: fix ANA state updates when a namespace is not present
nvme-rdma: destroy cm id before destroy qp to avoid use after free
sparc32: page align size in arch_dma_alloc
amd/display: downgrade validation failure log level
block: check if a profile is actually registered in blk_integrity_unregister
block: flush the integrity workqueue in blk_integrity_unregister
blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
compiler.h: Introduce absolute_pointer macro
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
sparc: avoid stringop-overread errors
qnx4: avoid stringop-overread errors
parisc: Use absolute_pointer() to define PAGE0
arm64: Mark __stack_chk_guard as __ro_after_init
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
net: 6pack: Fix tx timeout and slot time
spi: Fix tegra20 build with CONFIG_PM=n
EDAC/synopsys: Fix wrong value type assignment for edac_mode
EDAC/dmc520: Assign the proper type to dimm->edac_mode
thermal/drivers/int340x: Do not set a wrong tcc offset on resume
USB: serial: cp210x: fix dropped characters with CP2102
xen/balloon: fix balloon kthread freezing
qnx4: work around gcc false positive warning bug
Linux 5.10.70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0be3ab08ab5dd724a79c5c5ff8e49c18d2666193
* android12-5.10-2021-08: (429 commits)
ANDROID: Update symbol list for mtk
ANDROID: scheduler: export task_sched_runtime
FROMLIST: mm: slub: fix slub_debug disabling for list of slabs
FROMLIST: mm/madvise: add MADV_WILLNEED to process_madvise()
ANDROID: Update the exynos symbol list
FROMGIT: firmware: arm_scmi: Free mailbox channels if probe fails
ANDROID: GKI: gki_defconfig: Enable CONFIG_NFC
ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE
ANDROID: GKI: update xiaomi symbol list and ABI XML
ANDROID: ABI: update generic symbol list
ANDROID: scsi: ufs: Enable CONFIG_SCSI_UFS_HPB
ANDROID: scsi: ufs: Make CONFIG_SCSI_UFS_HPB compatible with the GKI
UPSTREAM: arm64: vdso: Avoid ISB after reading from cntvct_el0
ANDROID: GKI: Disable X86_MCE drivers
ANDROID: GKI: Update symbols to symbol list
ANDROID: ABI: update allowed list for exynos
FROMGIT: sched: Skip priority checks with SCHED_FLAG_KEEP_PARAMS
FROMGIT: sched: Don't report SCHED_FLAG_SUGOV in sched_getattr()
FROMGIT: sched/deadline: Fix reset_on_fork reporting of DL tasks
BACKPORT: FROMGIT: sched: Fix UCLAMP_FLAG_IDLE setting
...
Change-Id: I5e0600bb4ccd0333366b016b42332e1e79e56b61
Conflicts:
drivers/usb/gadget/configfs.c
include/linux/usb/gadget.h
If the system rebooted, there might be i2c transfer at the
same time, it will make something unpredictable, because
the i2c host was reset, but the slave device wasn't, such
as rk808 pmic, so make sure the i2c transfer to be finished
before system shutdown at the reset mode.
This call chain is expected to be executed before kernel_restart
to do something before reset system. such as, i2c restart,
boot mode config.
Change-Id: I3c09f3acbe86595c295edc191aa38351adb7d5dc
Signed-off-by: David Wu <david.wu@rock-chips.com>
Signed-off-by: Jianqun Xu <jay.xu@rock-chips.com>
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
In the next patch, we will start reading sctlr_user from
mte_update_sctlr_user and subsequently writing a new value based on the
task's TCF setting and potentially the per-CPU TCF preference. This
means that we need to be careful to disable preemption around any
code sequences that read from sctlr_user and subsequently write to
sctlr_user and/or SCTLR_EL1, so that we don't end up writing a stale
value (based on the previous CPU's TCF preference) to either of them.
We currently have four such sequences, in the prctl handlers for
PR_SET_TAGGED_ADDR_CTRL and PR_PAC_SET_ENABLED_KEYS, as well as in
the task initialization code that resets the prctl settings. Change
the prctl handlers to disable preemption in the handlers themselves
rather than the functions that they call, and change the task
initialization code to call the respective prctl handlers instead of
setting sctlr_user directly.
As a result of this change, we no longer need the helper function
set_task_sctlr_el1, nor does its behavior make sense any more, so
remove it.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/Ic0e8a0c00bb47d786c1e8011df0b7fe99bee4bb5
Link: https://lore.kernel.org/linux-arm-kernel/20210713234801.3858018-4-pcc@google.com/
Bug: 189966263
Change-Id: Ic0e8a0c00bb47d786c1e8011df0b7fe99bee4bb5
The kernel does not use any keys besides IA so we don't need to
install IB/DA/DB/GA on kernel exit if we arrange to install them
on task switch instead, which we can expect to happen an order of
magnitude less often.
Furthermore we can avoid installing the user IA in the case where the
user task has IA disabled and just leave the kernel IA installed. This
also lets us avoid needing to install IA on kernel entry.
On an Apple M1 under a hypervisor, the overhead of kernel entry/exit
has been measured to be reduced by 15.6ns in the case where IA is
enabled, and 31.9ns in the case where IA is disabled.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/Ieddf6b580d23c9e0bed45a822dabe72d2ffc9a8e
Link: https://lore.kernel.org/r/2d653d055f38f779937f2b92f8ddd5cf9e4af4f4.1616123271.git.pcc@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Bug: 192536783
(cherry picked from commit b90e483938)
Change-Id: Ia01f55f50c55b53e65ea7089a3bb61ee7660e578
[quic_eberman@quicinc.com: resolve merge conflict in
arch/arm64/kernel/process.c]
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Peter Collingbourne <pcc@google.com>
This change introduces a prctl that allows the user program to control
which PAC keys are enabled in a particular task. The main reason
why this is useful is to enable a userspace ABI that uses PAC to
sign and authenticate function pointers and other pointers exposed
outside of the function, while still allowing binaries conforming
to the ABI to interoperate with legacy binaries that do not sign or
authenticate pointers.
The idea is that a dynamic loader or early startup code would issue
this prctl very early after establishing that a process may load legacy
binaries, but before executing any PAC instructions.
This change adds a small amount of overhead to kernel entry and exit
due to additional required instruction sequences.
On a DragonBoard 845c (Cortex-A75) with the powersave governor, the
overhead of similar instruction sequences was measured as 4.9ns when
simulating the common case where IA is left enabled, or 43.7ns when
simulating the uncommon case where IA is disabled. These numbers can
be seen as the worst case scenario, since in more realistic scenarios
a better performing governor would be used and a newer chip would be
used that would support PAC unlike Cortex-A75 and would be expected
to be faster than Cortex-A75.
On an Apple M1 under a hypervisor, the overhead of the entry/exit
instruction sequences introduced by this patch was measured as 0.3ns
in the case where IA is left enabled, and 33.0ns in the case where
IA is disabled.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: Dave Martin <Dave.Martin@arm.com>
Link: https://linux-review.googlesource.com/id/Ibc41a5e6a76b275efbaa126b31119dc197b927a5
Link: https://lore.kernel.org/r/d6609065f8f40397a4124654eb68c9f490b4d477.1616123271.git.pcc@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Bug: 192536783
(cherry picked from commit 201698626f)
Change-Id: Ic0a21c92a22575f9ec3599fb67bd2931a50b9f04
[quic_eberman@quicinc.com: Resolved merge conflict in
arch/arm64/kernel/process.c]
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Peter Collingbourne <pcc@google.com>
The scheduler now knows enough about these braindead systems to place
32-bit tasks accordingly, so throw out the safety checks and allow the
ret-to-user path to avoid do_notify_resume() if there is nothing to do.
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 178507149
Link: https://lore.kernel.org/linux-arch/20201208132835.6151-16-will@kernel.org/
[will: Fixed trivial conflict with vendor hook in __switch_to()]
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I1258f5a95c2c4fc0548103810677b4b0a74320b4
Scheduling a 32-bit application on a 64-bit-only CPU is a bad idea.
Ensure that 32-bit applications always take the slow-path when returning
to userspace on a system with mismatched support at EL0, so that we can
avoid trying to run on a 64-bit-only CPU and force a SIGKILL instead.
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 178507149
Link: https://lore.kernel.org/linux-arch/20201208132835.6151-5-will@kernel.org/
[will: Fixed trivial conflict with vendor hook in __switch_to()]
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I5ae90f3fb63499d7016f93d13e32693e26890f92
For consistency, all tasks have a pt_regs reserved at the highest
portion of their task stack. Among other things, this ensures that a
task's SP is always pointing within its stack rather than pointing
immediately past the end.
While it is never legitimate to ERET from a kthread, we take pains to
initialize pt_regs for kthreads as if this were legitimate. As this is
never legitimate, the effects of an erroneous return are rarely tested.
Let's simplify things by initializing a kthread's pt_regs such that an
ERET is caught as an illegal exception return, and removing the explicit
initialization of other exception context. Note that as
spectre_v4_enable_task_mitigation() only manipulates the PSTATE within
the unused regs this is safe to remove.
As user tasks will have their exception context initialized via
start_thread() or start_compat_thread(), this should only impact cases
where something has gone very wrong and we'd like that to be clearly
indicated.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20201113124937.20574-2-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit f80d034086)
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Id6fca836e7830efb4df34350c01d44e7317b2dbd
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Export show_regs for vendor module usage to print cpu back trace
from trace_android_vh_ipi_stop vendor hook.
Bug: 177348820
Change-Id: Idcbe887dfc02626d4af1a4cb53dafe3d5a2ba1dd
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Steps on the way to 5.10-rc7
Resolves a merge issue in:
arch/arm64/kernel/process.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If22f5ca1f09e08cdb95f841f3381eda5cd31ee00
Pull arm64 fixes from Will Deacon:
"I'm sad to say that we've got an unusually large arm64 fixes pull for
rc7 which addresses numerous significant instrumentation issues with
our entry code.
Without these patches, lockdep is hopelessly unreliable in some
configurations [1,2] and syzkaller is therefore not a lot of use
because it's so noisy.
Although much of this has always been broken, it appears to have been
exposed more readily by other changes such as 044d0d6de9 ("lockdep:
Only trace IRQ edges") and general lockdep improvements around IRQ
tracing and NMIs.
Fixing this properly required moving much of the instrumentation hooks
from our entry assembly into C, which Mark has been working on for the
last few weeks. We're not quite ready to move to the recently added
generic functions yet, but the code here has been deliberately written
to mimic that closely so we can look at cleaning things up once we
have a bit more breathing room.
Having said all that, the second version of these patches was posted
last week and I pushed it into our CI (kernelci and cki) along with a
commit which forced on PROVE_LOCKING, NOHZ_FULL and
CONTEXT_TRACKING_FORCE. The result? We found a real bug in the
md/raid10 code [3].
Oh, and there's also a really silly typo patch that's unrelated.
Summary:
- Fix numerous issues with instrumentation and exception entry
- Fix hideous typo in unused register field definition"
[1] https://lore.kernel.org/r/CACT4Y+aAzoJ48Mh1wNYD17pJqyEcDnrxGfApir=-j171TnQXhw@mail.gmail.com
[2] https://lore.kernel.org/r/20201119193819.GA2601289@elver.google.com
[3] https://lore.kernel.org/r/94c76d5e-466a-bc5f-e6c2-a11b65c39f83@redhat.com
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mte: Fix typo in macro definition
arm64: entry: fix EL1 debug transitions
arm64: entry: fix NMI {user, kernel}->kernel transitions
arm64: entry: fix non-NMI kernel<->kernel transitions
arm64: ptrace: prepare for EL1 irq/rcu tracking
arm64: entry: fix non-NMI user<->kernel transitions
arm64: entry: move el1 irq/nmi logic to C
arm64: entry: prepare ret_to_user for function call
arm64: entry: move enter_from_user_mode to entry-common.c
arm64: entry: mark entry code as noinstr
arm64: mark idle code as noinstr
arm64: syscall: exit userspace before unmasking exceptions
Core code disables RCU when calling arch_cpu_idle(), so it's not safe
for arch_cpu_idle() or its calees to be instrumented, as the
instrumentation callbacks may attempt to use RCU or other features which
are unsafe to use in this context.
Mark them noinstr to prevent issues.
The use of local_irq_enable() in arch_cpu_idle() is similarly
problematic, and the "sched/idle: Fix arch_cpu_idle() vs tracing" patch
queued in the tip tree addresses that case.
Reported-by: Marco Elver <elver@google.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20201130115950.22492-3-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Pull locking fixes from Thomas Gleixner:
"Two more places which invoke tracing from RCU disabled regions in the
idle path.
Similar to the entry path the low level idle functions have to be
non-instrumentable"
* tag 'locking-urgent-2020-11-29' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
intel_idle: Fix intel_idle() vs tracing
sched/idle: Fix arch_cpu_idle() vs tracing
We call arch_cpu_idle() with RCU disabled, but then use
local_irq_{en,dis}able(), which invokes tracing, which relies on RCU.
Switch all arch_cpu_idle() implementations to use
raw_local_irq_{en,dis}able() and carefully manage the
lockdep,rcu,tracing state like we do in entry.
(XXX: we really should change arch_cpu_idle() to not return with
interrupts enabled)
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lkml.kernel.org/r/20201120114925.594122626@infradead.org
In a surprising turn of events, it transpires that CPU capabilities
configured as ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE are never set as the
result of late-onlining. Therefore our handling of erratum 1418040 does
not get activated if it is not required by any of the boot CPUs, even
though we allow late-onlining of an affected CPU.
In order to get things working again, replace the cpus_have_const_cap()
invocation with an explicit check for the current CPU using
this_cpu_has_cap().
Cc: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Cc: Stephen Boyd <swboyd@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20201106114952.10032-1-will@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
When the CONFIG_ASYMMETRIC_AARCH32 option is enabled (EXPERT), the type
of the ARM64_HAS_32BIT_EL0 capability becomes WEAK_LOCAL_CPU_FEATURE.
The kernel will now return true for system_supports_32bit_el0() and
checks 32-bit tasks are affined to AArch32 capable CPUs only in
do_notify_resume(). If the affinity contains a non-capable AArch32 CPU,
the tasks will get SIGKILLed. If the last CPU supporting 32-bit is
offlined, the kernel will SIGKILL any scheduled 32-bit tasks (the
alternative is to prevent offlining through a new .cpu_disable feature
entry).
In addition to the relaxation of the ARM64_HAS_32BIT_EL0 capability,
this patch factors out the 32-bit cpuinfo and features setting into
separate functions: __cpuinfo_store_cpu_32bit(),
init_cpu_32bit_features(). The cpuinfo of the booting CPU
(boot_cpu_data) is now updated on the first 32-bit capable CPU even if
it is a secondary one. The ID_AA64PFR0_EL0_64BIT_ONLY feature is relaxed
to FTR_NONSTRICT and FTR_HIGHER_SAFE when the asymmetric AArch32 support
is enabled. The compat_elf_hwcaps are only verified for the
AArch32-capable CPUs to still allow hotplugging AArch64-only CPUs.
Bug: 168847043
Reason: Needed for bringup. Revert when upstream patch is available
Nacked-for-upstream-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
Cc: Morten Rasmussen <Morten.Rasmussen@arm.com>
Cc: Valentin Schneider <valentin.schneider@arm.com>
Cc: Qais Yousef <qais.yousef@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Qais Yousef <qais.yousef@arm.com>
[Qais: removed affinity handling to a separate patch and fixed up
docs/naming to match the change]
Change-Id: I1a9860a883f001ddebb4df9dee7504edf970d593
Add userspace support for the Memory Tagging Extension introduced by
Armv8.5.
(Catalin Marinas and others)
* for-next/mte: (30 commits)
arm64: mte: Fix typo in memory tagging ABI documentation
arm64: mte: Add Memory Tagging Extension documentation
arm64: mte: Kconfig entry
arm64: mte: Save tags when hibernating
arm64: mte: Enable swap of tagged pages
mm: Add arch hooks for saving/restoring tags
fs: Handle intra-page faults in copy_mount_options()
arm64: mte: ptrace: Add NT_ARM_TAGGED_ADDR_CTRL regset
arm64: mte: ptrace: Add PTRACE_{PEEK,POKE}MTETAGS support
arm64: mte: Allow {set,get}_tagged_addr_ctrl() on non-current tasks
arm64: mte: Restore the GCR_EL1 register after a suspend
arm64: mte: Allow user control of the generated random tags via prctl()
arm64: mte: Allow user control of the tag check mode via prctl()
mm: Allow arm64 mmap(PROT_MTE) on RAM-based files
arm64: mte: Validate the PROT_MTE request via arch_validate_flags()
mm: Introduce arch_validate_flags()
arm64: mte: Add PROT_MTE support to mmap() and mprotect()
mm: Introduce arch_calc_vm_flag_bits()
arm64: mte: Tags-aware aware memcmp_pages() implementation
arm64: Avoid unnecessary clear_user_page() indirection
...
The PR_SPEC_DISABLE_NOEXEC option to the PR_SPEC_STORE_BYPASS prctl()
allows the SSB mitigation to be enabled only until the next execve(),
at which point the state will revert back to PR_SPEC_ENABLE and the
mitigation will be disabled.
Add support for PR_SPEC_DISABLE_NOEXEC on arm64.
Reported-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Rewrite the Spectre-v4 mitigation handling code to follow the same
approach as that taken by Spectre-v2.
For now, report to KVM that the system is vulnerable (by forcing
'ssbd_state' to ARM64_SSBD_UNKNOWN), as this will be cleared up in
subsequent steps.
Signed-off-by: Will Deacon <will@kernel.org>
In preparation for ptrace() access to the prctl() value, allow calling
these functions on non-current tasks.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
The IRG, ADDG and SUBG instructions insert a random tag in the resulting
address. Certain tags can be excluded via the GCR_EL1.Exclude bitmap
when, for example, the user wants a certain colour for freed buffers.
Since the GCR_EL1 register is not accessible at EL0, extend the
prctl(PR_SET_TAGGED_ADDR_CTRL) interface to include a 16-bit field in
the first argument for controlling which tags can be generated by the
above instruction (an include rather than exclude mask). Note that by
default all non-zero tags are excluded. This setting is per-thread.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
By default, even if PROT_MTE is set on a memory range, there is no tag
check fault reporting (SIGSEGV). Introduce a set of option to the
exiting prctl(PR_SET_TAGGED_ADDR_CTRL) to allow user control of the tag
check fault mode:
PR_MTE_TCF_NONE - no reporting (default)
PR_MTE_TCF_SYNC - synchronous tag check fault reporting
PR_MTE_TCF_ASYNC - asynchronous tag check fault reporting
These options translate into the corresponding SCTLR_EL1.TCF0 bitfield,
context-switched by the kernel. Note that the kernel accesses to the
user address space (e.g. read() system call) are not checked if the user
thread tag checking mode is PR_MTE_TCF_NONE or PR_MTE_TCF_ASYNC. If the
tag checking mode is PR_MTE_TCF_SYNC, the kernel makes a best effort to
check its user address accesses, however it cannot always guarantee it.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
The Memory Tagging Extension has two modes of notifying a tag check
fault at EL0, configurable through the SCTLR_EL1.TCF0 field:
1. Synchronous raising of a Data Abort exception with DFSC 17.
2. Asynchronous setting of a cumulative bit in TFSRE0_EL1.
Add the exception handler for the synchronous exception and handling of
the asynchronous TFSRE0_EL1.TF0 bit setting via a new TIF flag in
do_notify_resume().
On a tag check failure in user-space, whether synchronous or
asynchronous, a SIGSEGV will be raised on the faulting thread.
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Co-developed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
- To use MPAM in kernel task, vendor_hook call is needed to
set MPAM at scheduling time.
- Vendor_hooks is call ed when task is switching for MPAM state
Bug: 165333282
Signed-off-by: C-J.Chen <C-J.Chen@mediatek.com>
Change-Id: I30270c667c26e1a7039580b33011665bb3a8cce7
Tao Huang