Skip to content
Snippets Groups Projects
  1. Apr 02, 2019
  2. Apr 01, 2019
  3. Mar 29, 2019
    • Petri Gynther's avatar
      Merge android-4.9 (4.9.165+) into android-msm-bluecross-4.9-lts · b5d151ed
      Petri Gynther authored
      
      commit 86a136d9 ("Revert "ANDROID: input: keychord: Add keychord driver"")
      is the base for android-4.9-q branch.
      
        * Revert "ANDROID: input: keychord: Add keychord driver"
            drivers/input/misc/Kconfig
            drivers/input/misc/Makefile
          Revert "ANDROID: input: misc: keychord: move header to uapi"
          Revert "ANDROID: input: misc: keychord: log when keychord triggered"
          Revert "ANDROID: keychord: Fix a slab out-of-bounds read."
          Revert "Use %zu to print resid (size_t)."
          Revert "ANDROID: keychord: Fix races in keychord_write."
          Revert "ANDROID: keychord: Fix for a memory leak in keychord."
          Revert "ANDROID: keychord: Check for write data size"
          ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish and ranchu
        * BACKPORT: mm/debug.c: provide useful debugging information for VM_BUG
            mm/debug.c
        * UPSTREAM: bug: use %pB in BUG and stack protector failure
            kernel/panic.c
            lib/bug.c
          UPSTREAM: x86/alternative: Print unadorned pointers
          UPSTREAM: trace_uprobe: Display correct offset in uprobe_events
        * UPSTREAM: usercopy: Remove pointer from overflow report
            mm/usercopy.c
          UPSTREAM: Do not hash userspace addresses in fault handlers
          UPSTREAM: mm/slab.c: do not hash pointers when debugging slab
          UPSTREAM: kasan: use %px to print addresses instead of %p
        * BACKPORT: vsprintf: add printk specifier %px
            lib/vsprintf.c
        * BACKPORT: printk: hash addresses printed with %p
            lib/vsprintf.c
        * ANDROID: Fix race in crng_reseed()
            drivers/char/random.c
        * UPSTREAM: siphash: implement HalfSipHash1-3 for hash tables
            include/linux/siphash.h
            lib/siphash.c
        * UPSTREAM: siphash: add cryptographically secure PRF
            include/linux/siphash.h
            lib/Kconfig.debug
            lib/Makefile
            lib/siphash.c
        * BACKPORT: vsprintf: refactor %pK code out of pointer()
            lib/vsprintf.c
          BACKPORT: docs: correct documentation for %pK
          Merge upstream-f2fs-stable-linux-4.9.y into android-4.9
        * BACKPORT: filemap: add a comment about FAULT_FLAG_RETRY_NOWAIT behavior
            mm/filemap.c
        * BACKPORT: filemap: drop the mmap_sem for all blocking operations
            mm/filemap.c
        * BACKPORT: filemap: kill page_cache_read usage in filemap_fault
            include/linux/pagemap.h
            mm/filemap.c
        * ANDROID: binder: remove extra declaration left after backport
            drivers/android/binder.c
        * UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
            net/socket.c
        * FROMGIT: binder: fix BUG_ON found by selinux-testsuite
            drivers/android/binder.c
          ANDROID: dm-bow: Fix 32 bit compile errors
        * ANDROID: fix 4.9 backport of psi header refactoring
            kernel/sched/core.c
        * UPSTREAM: mm: proc: smaps_rollup: fix pss_locked calculation
            fs/proc/task_mmu.c
        * UPSTREAM: binder: fix handling of misaligned binder object
            drivers/android/binder.c
          UPSTREAM: binder: fix sparse issue in binder_alloc_selftest.c
        * BACKPORT: binder: use userspace pointer as base of buffer space
            drivers/android/binder.c
            drivers/android/binder_alloc.c
            drivers/android/binder_alloc.h
            drivers/android/binder_trace.h
        * UPSTREAM: binder: fix kerneldoc header for struct binder_buffer
            drivers/android/binder_alloc.h
        * BACKPORT: binder: remove user_buffer_offset
            drivers/android/binder.c
            drivers/android/binder_alloc.c
            drivers/android/binder_alloc.h
        * UPSTREAM: binder: remove kernel vm_area for buffer space
            drivers/android/binder_alloc.c
        * UPSTREAM: binder: avoid kernel vm_area for buffer fixups
            drivers/android/binder.c
        * BACKPORT: binder: add function to copy binder object from buffer
            drivers/android/binder.c
        * BACKPORT: binder: add functions to copy to/from binder buffers
            drivers/android/binder.c
            drivers/android/binder_alloc.c
            drivers/android/binder_alloc.h
        * UPSTREAM: binder: create userspace-to-binder-buffer copy function
            drivers/android/binder.c
            drivers/android/binder_alloc.c
            drivers/android/binder_alloc.h
          ANDROID: Add dm-bow to cuttlefish configuration
          ANDROID: dm-bow: Backport to 4.9
          ANDROID: dm-bow: backport to 4.14
        * ANDROID: dm-bow: Add dm-bow feature
            drivers/md/Kconfig
            drivers/md/Makefile
        * f2fs: set pin_file under CAP_SYS_ADMIN
            fs/f2fs/file.c
        * f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
            fs/f2fs/inline.c
        * f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
            fs/f2fs/xattr.c
        * f2fs: fix to do sanity check with inode.i_inline_xattr_size
            fs/f2fs/inode.c
            fs/f2fs/super.c
            fs/f2fs/xattr.h
        * f2fs: give some messages for inline_xattr_size
            fs/f2fs/super.c
        * f2fs: don't trigger read IO for beyond EOF page
            fs/f2fs/data.c
        * f2fs: fix to add refcount once page is tagged PG_private
            fs/f2fs/checkpoint.c
            fs/f2fs/data.c
            fs/f2fs/dir.c
            fs/f2fs/f2fs.h
            fs/f2fs/node.c
            fs/f2fs/segment.c
        * f2fs: remove wrong comment in f2fs_invalidate_page()
            fs/f2fs/data.c
        * f2fs: fix to use kvfree instead of kzfree
            fs/f2fs/xattr.c
        * f2fs: print more parameters in trace_f2fs_map_blocks
            include/trace/events/f2fs.h
        * f2fs: trace f2fs_ioc_shutdown
            fs/f2fs/file.c
            include/trace/events/f2fs.h
        * f2fs: fix to avoid deadlock of atomic file operations
            fs/f2fs/segment.c
        * f2fs: fix to dirty inode for i_mode recovery
            fs/f2fs/file.c
        * f2fs: give random value to i_generation
            fs/f2fs/f2fs.h
            fs/f2fs/namei.c
            fs/f2fs/super.c
        * f2fs: no need to take page lock in readdir
            fs/f2fs/dir.c
        * f2fs: fix to update iostat correctly in IPU path
            fs/f2fs/segment.c
        * f2fs: fix encrypted page memory leak
            fs/f2fs/data.c
        * f2fs: make fault injection covering __submit_flush_wait()
            fs/f2fs/segment.c
        * f2fs: fix to retry fill_super only if recovery failed
            fs/f2fs/super.c
        * f2fs: silence VM_WARN_ON_ONCE in mempool_alloc
            fs/f2fs/data.c
        * f2fs: correct spelling mistake
            include/linux/f2fs_fs.h
        * f2fs: fix wrong #endif
            fs/f2fs/f2fs.h
        * f2fs: don't clear CP_QUOTA_NEED_FSCK_FLAG
            fs/f2fs/checkpoint.c
        * f2fs: don't allow negative ->write_io_size_bits
            fs/f2fs/super.c
        * f2fs: fix to check inline_xattr_size boundary correctly
            fs/f2fs/f2fs.h
            fs/f2fs/super.c
            include/linux/f2fs_fs.h
        * Revert "f2fs: fix to avoid deadlock of atomic file operations"
            fs/f2fs/segment.c
        * Revert "f2fs: fix to check inline_xattr_size boundary correctly"
            fs/f2fs/f2fs.h
            fs/f2fs/super.c
            include/linux/f2fs_fs.h
          f2fs: do not use mutex lock in atomic context
        * f2fs: fix potential data inconsistence of checkpoint
            fs/f2fs/data.c
            fs/f2fs/f2fs.h
            fs/f2fs/file.c
            fs/f2fs/inline.c
        * f2fs: fix to avoid deadlock of atomic file operations
            fs/f2fs/segment.c
        * f2fs: fix to check inline_xattr_size boundary correctly
            fs/f2fs/f2fs.h
            fs/f2fs/super.c
            include/linux/f2fs_fs.h
        * f2fs: jump to label 'free_node_inode' when failing from d_make_root()
            fs/f2fs/super.c
          f2fs: fix to document inline_xattr_size option
        * f2fs: fix to data block override node segment by mistake
            fs/f2fs/super.c
        * f2fs: fix typos in code comments
            include/linux/f2fs_fs.h
        * f2fs: use xattr_prefix to wrap up
            fs/f2fs/xattr.c
        * f2fs: sync filesystem after roll-forward recovery
            fs/f2fs/checkpoint.c
            fs/f2fs/node.c
            fs/f2fs/super.c
        * fs: export evict_inodes
            fs/inode.c
            fs/internal.h
            include/linux/fs.h
        * f2fs: flush quota blocks after turnning it off
            fs/f2fs/super.c
        * f2fs: avoid null pointer exception in dcc_info
            fs/f2fs/f2fs.h
        * f2fs: don't wake up too frequently, if there is lots of IOs
            fs/f2fs/segment.h
        * f2fs: try to keep CP_TRIMMED_FLAG after successful umount
            fs/f2fs/segment.c
        * f2fs: add quick mode of checkpoint=disable for QA
            fs/f2fs/checkpoint.c
            fs/f2fs/f2fs.h
            fs/f2fs/file.c
            fs/f2fs/segment.c
            fs/f2fs/super.c
            include/linux/f2fs_fs.h
        * f2fs: run discard jobs when put_super
            fs/f2fs/f2fs.h
            fs/f2fs/segment.c
            fs/f2fs/super.c
            fs/f2fs/sysfs.c
        * f2fs: fix to set sbi dirty correctly
            fs/f2fs/f2fs.h
        * f2fs: UBSAN: set boolean value iostat_enable correctly
            fs/f2fs/sysfs.c
        * f2fs: add brackets for macros
            fs/f2fs/f2fs.h
        * f2fs: check if file namelen exceeds max value
            fs/f2fs/dir.c
        * f2fs: fix to trigger fsck if dirent.name_len is zero
            fs/f2fs/dir.c
        * f2fs: no need to check return value of debugfs_create functions
            fs/f2fs/debug.c
            fs/f2fs/f2fs.h
            fs/f2fs/super.c
        * f2fs: export FS_NOCOW_FL flag to user
            fs/f2fs/f2fs.h
            fs/f2fs/file.c
        * f2fs: check inject_rate validity during configuring
            fs/f2fs/sysfs.c
        * f2fs: remove set but not used variable 'err'
            fs/f2fs/data.c
        * f2fs: fix compile warnings: 'struct *' declared inside parameter list
            include/trace/events/f2fs.h
        * f2fs: change error code to -ENOMEM from -EINVAL
            fs/f2fs/super.c
      
      Change-Id: I199547b8a925245ea0fd613296fc5cedb762c5f6
      Signed-off-by: default avatarPetri Gynther <pgynther@google.com>
      b5d151ed
    • Mark Salyzyn's avatar
      ANDROID: drop CONFIG_INPUT_KEYCHORD from all · 83a4de05
      Mark Salyzyn authored
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Bug: 129556081
      Change-Id: Ie8a2b9977a21022c204a19f1a8d781ea5a23c656
      83a4de05
    • Mark Salyzyn's avatar
      Revert "ANDROID: input: keychord: Add keychord driver" · 86a136d9
      Mark Salyzyn authored
      This reverts commit 630a1e7f.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Cc: Mike Lockwood <lockwood@android.com>
      Cc: Amit Pundir <amit.pundir@linaro.org>
      Bug: 64114943
      Bug: 129556081
      Change-Id: I6afdb551f273b6d0e25bf4b23cd8b88e39fbe47f
      86a136d9
    • Mark Salyzyn's avatar
      Revert "ANDROID: input: misc: keychord: move header to uapi" · a8f5dd22
      Mark Salyzyn authored
      This reverts commit f4d1cf12.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Cc: Colin Cross <ccross@android.com>
      Bug: 64114943
      Bug: 129556081
      Change-Id: I788f3cc4bec226fcccdd84127599e291f570087d
      a8f5dd22
    • Mark Salyzyn's avatar
      Revert "ANDROID: input: misc: keychord: log when keychord triggered" · b1233839
      Mark Salyzyn authored
      This reverts commit c4be12ac.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Cc: JP Abgrall <jpa@google.com>
      Cc: Amit Pundir <amit.pundir@linaro.org>
      Bug: 64114943
      Bug: 129556081
      Change-Id: I6db729ae86ea9d01e2f2266c5572a4fcafcbb325
      b1233839
    • Mark Salyzyn's avatar
      Revert "ANDROID: keychord: Fix a slab out-of-bounds read." · 6ee9e4fa
      Mark Salyzyn authored
      This reverts commit 913d980e.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Cc: Amit Pundir <amit.pundir@linaro.org>
      Bug: 64114943
      Bug: 63962952
      Bug: 129556081
      Change-Id: I0a652b72b0ee62974c408ffb0987cc2ef9e346c1
      6ee9e4fa
    • Mark Salyzyn's avatar
      Revert "Use %zu to print resid (size_t)." · df900d06
      Mark Salyzyn authored
      This reverts commit a1e4c795.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Change-Id: I1e2430474a857a53091a5a4c39e160f0ba7ecf25
      df900d06
    • Mark Salyzyn's avatar
      Revert "ANDROID: keychord: Fix races in keychord_write." · cbda3ea2
      Mark Salyzyn authored
      This reverts commit 59584701.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Bug: 64133562
      Bug: 63974334
      Bug: 129556081
      Change-Id: Ie94621b0adf8b1f8c0d249f74385cc2914b1aec0
      cbda3ea2
    • Mark Salyzyn's avatar
      Revert "ANDROID: keychord: Fix for a memory leak in keychord." · 9455a4e7
      Mark Salyzyn authored
      This reverts commit 72a8dae2.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Bug: 64483974
      Bug: 129556081
      Change-Id: I4191a02aa70f3c4eb517b9a0ec092380b90130b4
      9455a4e7
    • Mark Salyzyn's avatar
      Revert "ANDROID: keychord: Check for write data size" · b006044a
      Mark Salyzyn authored
      This reverts commit f6738522.
      
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Bug: 73962978
      Bug: 129556081
      Change-Id: Icaba57e6759f246fb75e28e5f6a84411eddaf953
      b006044a
    • Mark Salyzyn's avatar
      ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish and ranchu · 1a225ad8
      Mark Salyzyn authored
      Remove keychord driver, replaced in user space by
      https://android-review.googlesource.com/c/677629
      
      .
      
      Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
      Bug: 64114943
      Bug: 129556081
      Change-Id: Ie8a2b9977a21022c204a19f1a8d781ea5a23c656
      1a225ad8
    • Alexander Perez's avatar
      misc: easelcomm: Fixes race conditions in shutdown and command handler. · f4d5b02f
      Alexander Perez authored and Harrison Lingren's avatar Harrison Lingren committed
      
      This CL fixes race conditions inside easelcomm_stop_local and
      also fixes a race condition in easelcomm command handler.
      
      Bug: 112309571
      Bug: 112312381
      
      Change-Id: I7a7e8188869e66b48af10ef03438e2f8068dcf41
      Signed-off-by: default avatarAlexander Perez <alexperez@google.com>
      f4d5b02f
    • Hridya Valsaraju's avatar
      Do not copy Image.lz4-dtb to dist · c943c6a0
      Hridya Valsaraju authored
      
      pick_prebuilt script does not look for it any longer.
      
      Test: make
      Bug: 129350739
      Change-Id: Id0413901932ace63712d1414937c937e47bccc83
      Signed-off-by: default avatarHridya Valsaraju <hridya@google.com>
      c943c6a0
    • Petri Gynther's avatar
      arm64/configs: b1c1: simplify log buffer allocation · 3b1fcbd4
      Petri Gynther authored
      
      Switch to 1 MiB static log buffer in __log_buf[]:
        define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT)
        static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN);
      
      instead of having the log buffer reallocated at boot by:
        setup_log_buf()
          log_buf_add_cpu()
            log_buf_len_update()
          new_log_buf = memblock_virt_alloc_nopanic()
      
      There is no need to do this reallocation for the log buffer.
      
      Change-Id: Ibe9cdef76ac654d9b176086a33baac7128746121
      Signed-off-by: default avatarPetri Gynther <pgynther@google.com>
      3b1fcbd4
    • Eric Biggers's avatar
      UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release() · 03904fb7
      Eric Biggers authored
      
      Commit 9060cb71 ("net: crypto set sk to NULL when af_alg_release.")
      fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is
      closed concurrently with fchownat().  However, it ignored that many
      other proto_ops::release() methods don't set sock->sk to NULL and
      therefore allow the same use-after-free:
      
          - base_sock_release
          - bnep_sock_release
          - cmtp_sock_release
          - data_sock_release
          - dn_release
          - hci_sock_release
          - hidp_sock_release
          - iucv_sock_release
          - l2cap_sock_release
          - llcp_sock_release
          - llc_ui_release
          - rawsock_release
          - rfcomm_sock_release
          - sco_sock_release
          - svc_release
          - vcc_release
          - x25_release
      
      Rather than fixing all these and relying on every socket type to get
      this right forever, just make __sock_release() set sock->sk to NULL
      itself after calling proto_ops::release().
      
      Reproducer that produces the KASAN splat when any of these socket types
      are configured into the kernel:
      
          #include <pthread.h>
          #include <stdlib.h>
          #include <sys/socket.h>
          #include <unistd.h>
      
          pthread_t t;
          volatile int fd;
      
          void *close_thread(void *arg)
          {
              for (;;) {
                  usleep(rand() % 100);
                  close(fd);
              }
          }
      
          int main()
          {
              pthread_create(&t, NULL, close_thread, NULL);
              for (;;) {
                  fd = socket(rand() % 50, rand() % 11, 0);
                  fchownat(fd, "", 1000, 1000, 0x1000);
                  close(fd);
              }
          }
      
      Fixes: 86741ec2 ("net: core: Add a UID field to struct sock.")
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      
      (cherry picked from commit ff7b11aa)
      Bug: 125367761
      Test: used reproducer above
      Change-Id: Ied4bbca5c7eb80c201fec6e0aabc95c24acc1b59
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      03904fb7
    • Andrey Konovalov's avatar
      FROMLIST: selftests, arm64: add a selftest for passing tagged pointers to kernel · ed3b4d2c
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994348
      
      )
      
      This patch adds a simple test, that calls the uname syscall with a
      tagged user pointer as an argument. Without the kernel accepting tagged
      user pointers the test fails with EFAULT.
      
      Bug: 112461694
      Change-Id: Id23d66680a6bb55a098ef69bfa8af90c096fe53b
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      ed3b4d2c
    • Andrey Konovalov's avatar
      FROMLIST: arm64: update Documentation/arm64/tagged-pointers.txt · dcada441
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994350
      
      )
      
      Document the changes in Documentation/arm64/tagged-pointers.txt.
      
      Bug: 112461694
      Change-Id: If1b651e611a10ae57917385c3ad0cdff50a60e46
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      dcada441
    • Andrey Konovalov's avatar
      FROMLIST: fs, arm64: untag user address in copy_mount_options · ae0fa31a
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994349
      
      )
      
      In copy_mount_options a user address is being subtracted from TASK_SIZE.
      If the address is lower than TASK_SIZE, the size is calculated to not
      allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
      However if the address is tagged, then the size will be calculated
      incorrectly.
      
      Untag the address before subtracting.
      
      Bug: 112461694
      Change-Id: I7228ae4a599b2a25139af12f6c87cd2abbad51ce
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      ae0fa31a
    • Andrey Konovalov's avatar
      FROMLIST: lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user · 74a2c069
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994351
      
      )
      
      strncpy_from_user and strnlen_user accept user addresses as arguments, and
      do not go through the same path as copy_from_user and others, so here we
      need to handle the case of tagged user addresses separately.
      
      Untag user pointers passed to these functions.
      
      Bug: 112461694
      Change-Id: Ic967545f1046e52e4ee3a10a67a617fe599eb7a1
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      74a2c069
    • Andrey Konovalov's avatar
      FROMLIST: mm, arm64: untag user addresses in mm/gup.c · e3b486ac
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994347
      
      )
      
      mm/gup.c provides a kernel interface that accepts user addresses and
      manipulates user pages directly (for example get_user_pages, that is used
      by the futex syscall). Since a user can provided tagged addresses, we need
      to handle such case.
      
      Add untagging to gup.c functions that use user addresses for vma lookup.
      
      Bug: 112461694
      Change-Id: I01656a5221d9291dff7f6002e4d4a7bc244299c2
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      e3b486ac
    • Andrey Konovalov's avatar
      FROMLIST: arm64: untag user addresses in access_ok and __uaccess_mask_ptr · 4092639b
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994346/
      
      )
      
      copy_from_user (and a few other similar functions) are used to copy data
      from user memory into the kernel memory or vice versa. Since a user can
      provided a tagged pointer to one of the syscalls that use copy_from_user,
      we need to correctly handle such pointers.
      
      Do this by untagging user pointers in access_ok and in __uaccess_mask_ptr,
      before performing access validity checks.
      
      Bug: 112461694
      Change-Id: Idc71064575a0a758c5588aef4a5d17cdab101d70
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      4092639b
    • Andrey Konovalov's avatar
      FROMLIST: uaccess: add untagged_addr definition for other arches · d17608f3
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994345/
      
      )
      
      To allow arm64 syscalls accept tagged pointers from userspace, we must
      untag them when they are passed to the kernel. Since untagging is done in
      generic parts of the kernel, the untagged_addr macro needs to be defined
      for all architectures.
      
      Define it as a noop for other architectures besides arm64.
      
      Bug: 112461694
      Change-Id: I7b9bd43d4f27492f49b4374d3aec96577f44b7fb
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      d17608f3
    • Andrey Konovalov's avatar
      FROMLIST: arm64: add type casts to untagged_addr macro · dec524a5
      Andrey Konovalov authored
      (from https://lore.kernel.org/patchwork/patch/994344
      
      )
      
      This patch makes the untagged_addr macro accept all kinds of address types
      (void *, unsigned long, etc.) and allows not to specify type casts in each
      place where it is used. This is done by using __typeof__.
      
      Bug: 112461694
      Change-Id: Ic3fcffa4ff31be0ec3765983fcd777d7d7a4069d
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      dec524a5
    • Robin Murphy's avatar
      UPSTREAM: arm64: uaccess: Formalise types for access_ok() · ba29da09
      Robin Murphy authored
      
      In converting __range_ok() into a static inline, I inadvertently made
      it more type-safe, but without considering the ordering of the relevant
      conversions. This leads to quite a lot of Sparse noise about the fact
      that we use __chk_user_ptr() after addr has already been converted from
      a user pointer to an unsigned long.
      
      Rather than just adding another cast for the sake of shutting Sparse up,
      it seems reasonable to rework the types to make logical sense (although
      the resulting codegen for __range_ok() remains identical). The only
      callers this affects directly are our compat traps where the inferred
      "user-pointer-ness" of a register value now warrants explicit casting.
      
      Bug: 112461694
      
      Change-Id: I4b28f0542ff3a242387c5be9c144c1f204edd240
      Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      (cherry picked from commit 9085b34d)
      ba29da09
    • Robin Murphy's avatar
      BACKPORT: arm64: Make USER_DS an inclusive limit · 2691b1a6
      Robin Murphy authored
      
      Currently, USER_DS represents an exclusive limit while KERNEL_DS is
      inclusive. In order to do some clever trickery for speculation-safe
      masking, we need them both to behave equivalently - there aren't enough
      bits to make KERNEL_DS exclusive, so we have precisely one option. This
      also happens to correct a longstanding false negative for a range
      ending on the very top byte of kernel memory.
      
      Mark Rutland points out that we've actually got the semantics of
      addresses vs. segments muddled up in most of the places we need to
      amend, so shuffle the {USER,KERNEL}_DS definitions around such that we
      can correct those properly instead of just pasting "-1"s everywhere.
      
      Bug: 112461694
      
      Change-Id: Ic1dc1b845d6574a89d1b0dbcf7c7cff61baf6e9c
      Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      (cherry picked from commit 51369e39)
      2691b1a6
    • Arnd Bergmann's avatar
      UPSTREAM: mm/gup.c: fix access_ok() argument type · d11504be
      Arnd Bergmann authored
      MIPS just got changed to only accept a pointer argument for access_ok(),
      causing one warning in drivers/scsi/pmcraid.c.  I tried changing x86 the
      same way and found the same warning in __get_user_pages_fast() and
      nowhere else in the kernel during randconfig testing:
      
        mm/gup.c: In function '__get_user_pages_fast':
        mm/gup.c:1578:6: error: passing argument 1 of '__chk_range_not_ok' makes pointer from integer without a cast [-Werror=int-conversion]
      
      It would probably be a good idea to enforce type-safety in general, so
      let's change this file to not cause a warning if we do that.
      
      I don't know why the warning did not appear on MIPS.
      
      Bug: 112461694
      
      Change-Id: I20303cecbb088463c3d7db751ea349039e776b21
      Fixes: 2667f50e ("mm: introduce a general RCU get_user_pages_fast()")
      Link: http://lkml.kernel.org/r/20170421162659.3314521-1-arnd@arndb.de
      
      
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      (cherry picked from commit aa2369f1)
      d11504be
    • Stephen Boyd's avatar
      UPSTREAM: arm64: print a fault message when attempting to write RO memory · fa7d3d32
      Stephen Boyd authored
      
      If a page is marked read only we should print out that fact,
      instead of printing out that there was a page fault. Right now we
      get a cryptic error message that something went wrong with an
      unhandled fault, but we don't evaluate the esr to figure out that
      it was a read/write permission fault.
      
      Instead of seeing:
      
        Unable to handle kernel paging request at virtual address ffff000008e460d8
        pgd = ffff800003504000
        [ffff000008e460d8] *pgd=0000000083473003, *pud=0000000083503003, *pmd=0000000000000000
        Internal error: Oops: 9600004f [#1] PREEMPT SMP
      
      we'll see:
      
        Unable to handle kernel write to read-only memory at virtual address ffff000008e760d8
        pgd = ffff80003d3de000
        [ffff000008e760d8] *pgd=0000000083472003, *pud=0000000083435003, *pmd=0000000000000000
        Internal error: Oops: 9600004f [#1] PREEMPT SMP
      
      We also add a userspace address check into is_permission_fault()
      so that the function doesn't return true for ttbr0 PAN faults
      when it shouldn't.
      
      Bug: 112461694
      
      Change-Id: I5f4ff11815edc1ea869724e8f246f78c00ff69e1
      Reviewed-by: default avatarJames Morse <james.morse@arm.com>
      Tested-by: default avatarJames Morse <james.morse@arm.com>
      Acked-by: default avatarLaura Abbott <labbott@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarStephen Boyd <stephen.boyd@linaro.org>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      (cherry picked from commit b824b930)
      fa7d3d32
    • Matthew Wilcox's avatar
      BACKPORT: mm/debug.c: provide useful debugging information for VM_BUG · 7df01a21
      Matthew Wilcox authored
      With the recent addition of hashed kernel pointers, places which need to
      produce useful debug output have to specify %px, not %p.  This patch
      fixes all the VM debug to use %px.  This is appropriate because it's
      debug output that the user should never be able to trigger, and kernel
      developers need to see the actual pointers.
      
      Link: http://lkml.kernel.org/r/20171219133236.GE13680@bombadil.infradead.org
      
      
      Signed-off-by: default avatarMatthew Wilcox <mawilcox@microsoft.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: "Tobin C. Harding" <me@tobin.cc>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      (cherry picked from commit 152a2d19)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 124090075
      Test: Build and boot cuttlefish
      Change-Id: I547bb27cd5bab8886ef192c6c0f9aac816149adb
      7df01a21
    • Kees Cook's avatar
      UPSTREAM: bug: use %pB in BUG and stack protector failure · 96dc04da
      Kees Cook authored
      The BUG and stack protector reports were still using a raw %p.  This
      changes it to %pB for more meaningful output.
      
      Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast
      
      
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Richard Weinberger <richard.weinberger@gmail.com>,
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      (cherry picked from commit 0862ca42)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Change-Id: Id4ff4ef7d236f1d7ce6d61ef071bd0d4414c8dd2
      96dc04da
    • Borislav Petkov's avatar
      UPSTREAM: x86/alternative: Print unadorned pointers · f98a05fa
      Borislav Petkov authored
      
      After commit ad67b74d ("printk: hash addresses printed with %p")
      pointers are being hashed when printed. However, this makes the alternative
      debug output completely useless. Switch to %px in order to see the
      unadorned kernel pointers.
      
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: riel@redhat.com
      Cc: ak@linux.intel.com
      Cc: peterz@infradead.org
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: jikos@kernel.org
      Cc: luto@amacapital.net
      Cc: dave.hansen@intel.com
      Cc: torvalds@linux-foundation.org
      Cc: keescook@google.com
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: tim.c.chen@linux.intel.com
      Cc: gregkh@linux-foundation.org
      Cc: pjt@google.com
      Link: https://lkml.kernel.org/r/20180126121139.31959-2-bp@alien8.de
      
      
      
      (cherry picked from commit 0e6c16c6)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Change-Id: I41bfb7c947105ec4cd83fddba8c5cb59c36ec8fd
      f98a05fa
    • Ravi Bangoria's avatar
      UPSTREAM: trace_uprobe: Display correct offset in uprobe_events · bd16dbe6
      Ravi Bangoria authored
      Recently, how the pointers being printed with %p has been changed
      by commit ad67b74d ("printk: hash addresses printed with %p").
      This is causing a regression while showing offset in the
      uprobe_events file. Instead of %p, use %px to display offset.
      
      Before patch:
      
        # perf probe -vv -x /tmp/a.out main
        Opening /sys/kernel/debug/tracing//uprobe_events write=1
        Writing event: p:probe_a/main /tmp/a.out:0x58c
      
        # cat /sys/kernel/debug/tracing/uprobe_events
        p:probe_a/main /tmp/a.out:0x0000000049a0f352
      
      After patch:
      
        # cat /sys/kernel/debug/tracing/uprobe_events
        p:probe_a/main /tmp/a.out:0x000000000000058c
      
      Link: http://lkml.kernel.org/r/20180106054246.15375-1-ravi.bangoria@linux.vnet.ibm.com
      
      
      
      Cc: stable@vger.kernel.org
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Acked-by: default avatarSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      (cherry picked from commit 0e4d819d)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Change-Id: I9818360c1eb6ae2a37144d29792cfdc3fd2e1807
      bd16dbe6
    • Kees Cook's avatar
      UPSTREAM: usercopy: Remove pointer from overflow report · 6d698fb4
      Kees Cook authored
      
      Using %p was already mostly useless in the usercopy overflow reports,
      so this removes it entirely to avoid confusion now that %p-hashing
      is enabled.
      
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      (cherry picked from commit 4f5e8386)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 4f5e8386
      Test: Build and boot cuttlefish
      Change-Id: I361837fa62ab77b2299af78d8f806ed42b236203
      6d698fb4
    • Kees Cook's avatar
      UPSTREAM: Do not hash userspace addresses in fault handlers · 4d800a65
      Kees Cook authored
      
      The hashing of %p was designed to restrict kernel addresses. There is
      no reason to hash the userspace values seen during a segfault report,
      so switch these to %px. (Some architectures already use %lx.)
      
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      (cherry picked from commit 10a7e9d8)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Change-Id: Ifd289b69e0ecf51cab5afe847943b72a0c7320ef
      4d800a65
    • Geert Uytterhoeven's avatar
      UPSTREAM: mm/slab.c: do not hash pointers when debugging slab · 6d7a9764
      Geert Uytterhoeven authored
      If CONFIG_DEBUG_SLAB/CONFIG_DEBUG_SLAB_LEAK are enabled, the slab code
      prints extra debug information when e.g.  corruption is detected.  This
      includes pointers, which are not very useful when hashed.
      
      Fix this by using %px to print unhashed pointers instead where it makes
      sense, and by removing the printing of a last user pointer referring to
      code.
      
      [geert+renesas@glider.be: v2]
        Link: http://lkml.kernel.org/r/1513179267-2509-1-git-send-email-geert+renesas@glider.be
      Link: http://lkml.kernel.org/r/1512641861-5113-1-git-send-email-geert+renesas@glider.be
      
      
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Acked-by: default avatarChristoph Lameter <cl@linux.com>
      Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: "Tobin C . Harding" <me@tobin.cc>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      (cherry picked from commit 85c3e4a5)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build & boot cuttlefish
      Change-Id: If32a97745e45b87dab98f523708c2a9c8c7acf0a
      6d7a9764
    • Tobin C. Harding's avatar
      UPSTREAM: kasan: use %px to print addresses instead of %p · 6f4a3724
      Tobin C. Harding authored
      
      Pointers printed with %p are now hashed by default. Kasan needs the
      actual address. We can use the new printk specifier %px for this
      purpose.
      
      Use %px instead of %p to print addresses.
      
      Signed-off-by: default avatarTobin C. Harding <me@tobin.cc>
      (cherry picked from commit 6424f6bb)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build & boot cuttlefish
      Change-Id: I6f242e5a3fcddbf8e6af4f601d7bb05f29340949
      6f4a3724
    • Tobin C. Harding's avatar
      BACKPORT: vsprintf: add printk specifier %px · 5c145bd6
      Tobin C. Harding authored
      
      printk specifier %p now hashes all addresses before printing. Sometimes
      we need to see the actual unmodified address. This can be achieved using
      %lx but then we face the risk that if in future we want to change the
      way the Kernel handles printing of pointers we will have to grep through
      the already existent 50 000 %lx call sites. Let's add specifier %px as a
      clear, opt-in, way to print a pointer and maintain some level of
      isolation from all the other hex integer output within the Kernel.
      
      Add printk specifier %px to print the actual unmodified address.
      
      Signed-off-by: default avatarTobin C. Harding <me@tobin.cc>
      (cherry picked from commit 7b1924a1)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Change-Id: I735db3b72abb318f535d55122f1745d0ead0dbe7
      5c145bd6
    • Tobin C. Harding's avatar
      BACKPORT: printk: hash addresses printed with %p · ae89bc64
      Tobin C. Harding authored
      
      Currently there exist approximately 14 000 places in the kernel where
      addresses are being printed using an unadorned %p. This potentially
      leaks sensitive information regarding the Kernel layout in memory. Many
      of these calls are stale, instead of fixing every call lets hash the
      address by default before printing. This will of course break some
      users, forcing code printing needed addresses to be updated.
      
      Code that _really_ needs the address will soon be able to use the new
      printk specifier %px to print the address.
      
      For what it's worth, usage of unadorned %p can be broken down as
      follows (thanks to Joe Perches).
      
      $ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
         1084 arch
           20 block
           10 crypto
           32 Documentation
         8121 drivers
         1221 fs
          143 include
          101 kernel
           69 lib
          100 mm
         1510 net
           40 samples
            7 scripts
           11 security
          166 sound
          152 tools
            2 virt
      
      Add function ptr_to_id() to map an address to a 32 bit unique
      identifier. Hash any unadorned usage of specifier %p and any malformed
      specifiers.
      
      Signed-off-by: default avatarTobin C. Harding <me@tobin.cc>
      (cherry picked from commit ad67b74d)
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      
      Bug: 78533979
      Test: Build and boot cuttlefish
      Test: Runtime tests by enabling CONFIG_TEST_PRINTF
      Change-Id: I4a12d890d7b22caa502280d78cb4f6a09c866471
      ae89bc64
    • Sandeep Patil's avatar
      ANDROID: Fix race in crng_reseed() · 92fc1591
      Sandeep Patil authored
      
      The crng_init triggers process_crng_rdy_callbacks() and those callbacks
      can call into the crng again. So, leave the spinlock before processing
      the callbacks.
      
      This is a version of upstream commit '4a072c71'
      
      Bug: 124090075
      Test: Build and boot cuttlefish with hwrng enabled
      
      Change-Id: Ie5b7a60cd17eae80ca26b518c60110fd18efd548
      Signed-off-by: default avatarSandeep Patil <sspatil@android.com>
      92fc1591
Loading