When testing the atomic write fix patches, the f2fs_bug_on was
triggered as below:

------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:935!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 UID: 0 PID: 257 Comm: bash Not tainted 6.13.0-rc1-00033-gc283a70d3497 #5
RIP: 0010:f2fs_evict_inode+0x50f/0x520
Call Trace:
 <TASK>
 ? __die_body+0x65/0xb0
 ? die+0x9f/0xc0
 ? do_trap+0xa1/0x170
 ? f2fs_evict_inode+0x50f/0x520
 ? f2fs_evict_inode+0x50f/0x520
 ? handle_invalid_op+0x65/0x80
 ? f2fs_evict_inode+0x50f/0x520
 ? exc_invalid_op+0x39/0x50
 ? asm_exc_invalid_op+0x1a/0x20
 ? __pfx_f2fs_get_dquots+0x10/0x10
 ? f2fs_evict_inode+0x50f/0x520
 ? f2fs_evict_inode+0x2e5/0x520
 evict+0x186/0x2f0
 prune_icache_sb+0x75/0xb0
 super_cache_scan+0x1a8/0x200
 do_shrink_slab+0x163/0x320
 shrink_slab+0x2fc/0x470
 drop_slab+0x82/0xf0
 drop_caches_sysctl_handler+0x4e/0xb0
 proc_sys_call_handler+0x183/0x280
 vfs_write+0x36d/0x450
 ksys_write+0x68/0xd0
 do_syscall_64+0xc8/0x1a0
 ? arch_exit_to_user_mode_prepare+0x11/0x60
 ? irqentry_exit_to_user_mode+0x7e/0xa0

The root cause is: f2fs uses FI_ATOMIC_DIRTIED to indicate dirty
atomic files during commit. If the inode is dirtied during commit,
such as by f2fs_i_pino_write, the vfs inode keeps clean and the
f2fs inode is set to FI_DIRTY_INODE. The FI_DIRTY_INODE flag cann't
be cleared by write_inode later due to the clean vfs inode. Finally,
f2fs_bug_on is triggered due to this inconsistent state when evict.

To reproduce this situation:
- fd = open("/mnt/test.db", O_WRONLY)
- ioctl(fd, F2FS_IOC_START_ATOMIC_WRITE)
- mv /mnt/test.db /mnt/test1.db
- ioctl(fd, F2FS_IOC_COMMIT_ATOMIC_WRITE)
- echo 3 > /proc/sys/vm/drop_caches

To fix this problem, clear FI_DIRTY_INODE after commit, then
f2fs_mark_inode_dirty_sync will ensure a consistent dirty state.

Bug: 402645924

Fixes: fccaa81d ("f2fs: prevent atomic file from being dirtied before commit")
Change-Id: I2c637b4bc544453b07ab124527efb694da9b757f
Signed-off-by: Yunlei He <heyunlei@xiaomi.com>
Signed-off-by: Jianan Huang <huangjianan@xiaomi.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 03511e93)
(cherry picked from commit 0e0c5304)

[ Upstream commit 399a45e5 ]

device_del() can lead to new work being scheduled in gadget->work
workqueue. This is observed, for example, with the dwc3 driver with the
following call stack:
  device_del()
    gadget_unbind_driver()
      usb_gadget_disconnect_locked()
        dwc3_gadget_pullup()
	  dwc3_gadget_soft_disconnect()
	    usb_gadget_set_state()
	      schedule_work(&gadget->work)

Move flush_work() after device_del() to ensure the workqueue is cleaned
up.

Fixes: 5702f753 ("usb: gadget: udc-core: move sysfs_notify() to a workqueue")
Cc: stable <stable@kernel.org>

Bug: 400887227
Bug: 400301689
Change-Id: Icf64956f8a17b1876388546b679cfd203d9701dc
Signed-off-by: Roy Luo <royluo@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20250204233642.666991-1-royluo@google.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 859cb45a)
Signed-off-by: wei li <sirius.liwei@honor.corp-partner.google.com>
(cherry picked from commit de3fe451)

This reverts commit cf57490a.

The USB_XHCI_SIDEBAND driver is currently under development in the
upstream kernel. Enabling it in the Generic Kernel Image (GKI) at this
stage poses potential risks. The snapshot of the driver included in
android15-6.6 is an early revision and lacks several critical fixes
present in the latest upstream revisions.

Bug: 391779198
Bug: 399809445
Change-Id: Ifc0106e3773064b0e1ec5f770f22cb6ba68c4cad
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit 3d4074a7)
Signed-off-by: Lee Jones <joneslee@google.com>

Users of such symbols have been notified and are in agreement.

7 function symbol(s) removed
  'int xhci_sideband_add_endpoint(struct xhci_sideband*, struct usb_host_endpoint*)'
  'int xhci_sideband_create_interrupter(struct xhci_sideband*, int, int, bool)'
  'int xhci_sideband_enable_interrupt(struct xhci_sideband*, u32)'
  'struct xhci_sideband* xhci_sideband_register(struct usb_device*)'
  'int xhci_sideband_remove_endpoint(struct xhci_sideband*, struct usb_host_endpoint*)'
  'void xhci_sideband_remove_interrupter(struct xhci_sideband*)'
  'void xhci_sideband_unregister(struct xhci_sideband*)'

Bug: 394470945
Bug: 399809445
Change-Id: Ie553e3ccf96def4f2e9f3deffbf498296b082325
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit b2ae7d71)
[Lee: Resolved some surrounding diff conflicts - some of the original patch wasn't relevant]
Signed-off-by: Lee Jones <joneslee@google.com>

This reverts commit 7c12a8c0.

Reason for revert: Disabling CONFIG_USB_XHCI_SIDEBAND in gerrit
https://r.android.com/3464443

, so revert symbol change also.

Bug: 391779198
Bug: 399809445
Change-Id: I29eeee78d8e5a8495032b587d4268766d24bebe8
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit 23855221)
Signed-off-by: Lee Jones <joneslee@google.com>

3 function symbol(s) added
  'int __traceiter_android_vh_io_statistics(void*, struct address_space*, unsigned int, unsigned int, bool, bool)'
  'void percpu_ref_exit(struct percpu_ref*)'
  'int percpu_ref_init(struct percpu_ref*, percpu_ref_func_t*, unsigned int, gfp_t)'

1 variable symbol(s) added
  'struct tracepoint __tracepoint_android_vh_io_statistics'

Bug: 380502059
Bug: 395990879
Change-Id: Ieb313ab6ebb1fcb411a7a519444743637957ff75
Signed-off-by: Rui Chen <chenrui9@honor.com>
(cherry picked from commit 5b820e14)
Signed-off-by: DANGJian <dangjian@honor.corp-partner.google.com>

Add vendor hook to get metainfo of direct/buffered read and write.
Determine hot files in each performance-sensitive user scenario.

Bug: 380502059
Bug: 395990879
Change-Id: Ie7604852df637d6664afd72e87bd6d4b14bbc2a2
Signed-off-by: Rui Chen <chenrui9@honor.com>
(cherry picked from commit affce30e)
Signed-off-by: DANGJian <dangjian@honor.corp-partner.google.com>

commit 900f83cf upstream.

When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.

Bug: 381754752
Cc: stable@vger.kernel.org
Fixes: fa1aa143 ("selinux: extended permissions for ioctls")
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Change-Id: I1689d8c5084a24c1a34ef3d15d71f8cfa4122447

24 function symbol(s) added
	'int mempool_init(mempool_t *pool, int min_nr, mempool_alloc_t *alloc_fn,
			mempool_free_t *free_fn, void *pool_data)'
	'void mempool_exit(mempool_t *pool)'
	'int dm_register_target(struct target_type *tt)'
	'void dm_unregister_target(struct target_type *tt)'
	'int __ref dm_get_device(struct dm_target *ti, const char *path, blk_mode_t mode,
		struct dm_dev **result)'
	'void dm_put_device(struct dm_target *ti, struct dm_dev *d)'
	'int dm_set_target_max_io_len(struct dm_target *ti, sector_t len)'
	'unsigned int dm_bio_get_target_bio_nr(const struct bio *bio)'
	'const char *dm_table_device_name(struct dm_table *t)'
	'void dm_table_event(struct dm_table *t)'
	'const char *dm_shift_arg(struct dm_arg_set *as)'
	'int dm_read_arg_group(const struct dm_arg *arg, struct dm_arg_set *arg_set,
			unsigned int *value, char **error)'
	'void dm_consume_args(struct dm_arg_set *as, unsigned int num_args)'
	'void *dm_per_bio_data(struct bio *bio, size_t data_size)'
	'void dm_submit_bio_remap(struct bio *clone, struct bio *tgt_clone)'
	'unsigned int dm_get_reserved_bio_based_ios(void)'
	'int bioset_init(struct bio_set *bs,
 		unsigned int pool_size,
 		unsigned int front_pad,
 		int flags)'
	'void bioset_exit(struct bio_set *bs)'
	'void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key,
			const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE], gfp_t gfp_mask)'
	'void blk_crypto_evict_key(struct block_device *bdev,
			const struct blk_crypto_key *key)'
	'int blk_crypto_derive_sw_secret(struct block_device *bdev,
 				const u8 *eph_key, size_t eph_key_size,
 				u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])'
	'void __sched wait_for_completion_io(struct completion *x)'
	'void zero_fill_bio_iter(struct bio *bio, struct bvec_iter start)'
	'int __trace_bputs(unsigned long ip, const char *str)'
1 value symbol added
	'struct page *empty_zero_page;'

Bug: 391513201
Bug: 394696922
Change-Id: I73a25a03489af27392fb04ffe6a83f984c6ae850
Signed-off-by: Rui Chen <chenrui9@honor.com>
(cherry picked from commit b49cbb85)

This list contains symbols for  Paragon UFSD driver for NTFS and exFAT file systems.

18 function symbol(s) added
  'int __cond_resched_lock(spinlock_t*)'
  'struct buffer_head* __find_get_block(struct block_device*, sector_t, unsigned int)'
  'int __posix_acl_create(struct posix_acl**, gfp_t, umode_t*)'
  'int add_to_page_cache_lru(struct page*, struct address_space*, unsigned long, gfp_t)'
  'struct buffer_head* alloc_buffer_head(gfp_t)'
  'void d_rehash(struct dentry*)'
  'int filemap_fdatawrite_wbc(struct address_space*, struct writeback_control*)'
  'void free_buffer_head(struct buffer_head*)'
  'int posix_acl_equiv_mode(const struct posix_acl*, umode_t*)'
  'struct posix_acl* posix_acl_from_xattr(struct user_namespace*, const void*, size_t)'
  'int posix_acl_to_xattr(struct user_namespace*, const struct posix_acl*, void*, size_t)'
  'int posix_acl_valid(struct user_namespace*, const struct posix_acl*)'
  'void set_cached_acl(struct inode*, int, struct posix_acl*)'
  'void shrink_dcache_sb(struct super_block*)'
  'void sync_inodes_sb(struct super_block*)'
  'void wait_for_completion_io(struct completion*)'
  'void write_dirty_buffer(struct buffer_head*, blk_opf_t)'
  'void yield()'

Bug: 393994588
Signed-off-by: Konstantin Komarov <Konstantin.Komarov.GKI@paragon-software.com>
Change-Id: I817b3e0c7ad779c72333cf0e7973eb02873f1cee

This gets rids of the buildifier warning about native-cc.

Bug: 391456084
Signed-off-by: HONG Yifan <elsk@google.com>
Change-Id: Id04acdf460a729ba0138b44793a27dc053af9c78

commit 70457385 upstream.

This patch addresses an issue introduced by commit 1a83a716 ("mm:
krealloc: consider spare memory for __GFP_ZERO") which causes MTE
(Memory Tagging Extension) to falsely report a slab-out-of-bounds error.

The problem occurs when zeroing out spare memory in __do_krealloc. The
original code only considered software-based KASAN and did not account
for MTE. It does not reset the KASAN tag before calling memset, leading
to a mismatch between the pointer tag and the memory tag, resulting in a
false positive.

Example of the error:
==================================================================
swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188
swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1
swapper/0: Pointer tag: [f4], memory tag: [fe]
swapper/0:
swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.
swapper/0: Hardware name: MT6991(ENG) (DT)
swapper/0: Call trace:
swapper/0:  dump_backtrace+0xfc/0x17c
swapper/0:  show_stack+0x18/0x28
swapper/0:  dump_stack_lvl+0x40/0xa0
swapper/0:  print_report+0x1b8/0x71c
swapper/0:  kasan_report+0xec/0x14c
swapper/0:  __do_kernel_fault+0x60/0x29c
swapper/0:  do_bad_area+0x30/0xdc
swapper/0:  do_tag_check_fault+0x20/0x34
swapper/0:  do_mem_abort+0x58/0x104
swapper/0:  el1_abort+0x3c/0x5c
swapper/0:  el1h_64_sync_handler+0x80/0xcc
swapper/0:  el1h_64_sync+0x68/0x6c
swapper/0:  __memset+0x84/0x188
swapper/0:  btf_populate_kfunc_set+0x280/0x3d8
swapper/0:  __register_btf_kfunc_id_set+0x43c/0x468
swapper/0:  register_btf_kfunc_id_set+0x48/0x60
swapper/0:  register_nf_nat_bpf+0x1c/0x40
swapper/0:  nf_nat_init+0xc0/0x128
swapper/0:  do_one_initcall+0x184/0x464
swapper/0:  do_initcall_level+0xdc/0x1b0
swapper/0:  do_initcalls+0x70/0xc0
swapper/0:  do_basic_setup+0x1c/0x28
swapper/0:  kernel_init_freeable+0x144/0x1b8
swapper/0:  kernel_init+0x20/0x1a8
swapper/0:  ret_from_fork+0x10/0x20
==================================================================

Bug: 390070977
Bug: 391031881
(cherry picked from commit 70457385
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/


linux-6.6.y)
Fixes: 1a83a716 ("mm: krealloc: consider spare memory for __GFP_ZERO")
Signed-off-by: Qun-Wei Lin <qun-wei.lin@mediatek.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Seiya Wang <seiya.wang@mediatek.com>
Change-Id: Iea0ba629183042d594665ab51b410965963d167e
(cherry picked from commit 6b18f0b5)
(cherry picked from commit e087ce9a)

Bug: 383669484
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: Icc49e9fa197ecbbd6a974f7df2791de75b548989

alloc_contig_migrate_range has every information to be able to understand
big contiguous allocation latency.  For example, how many pages are
migrated, how many times they were needed to unmap from page tables.

This patch adds the trace event to collect the allocation statistics.  In
the field, it was quite useful to understand CMA allocation latency.

[akpm@linux-foundation.org: a/trace_mm_alloc_config_migrate_range_info_enabled/trace_mm_alloc_contig_migrate_range_info_enabled]
Link: https://lkml.kernel.org/r/20240228051127.2859472-1-richardycc@google.com


Signed-off-by: Richard Chang <richardycc@google.com>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org.>
Cc: Martin Liu <liumartin@google.com>
Cc: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Bug: 315897534
(cherry picked from commit c8b36003)
[richardycc: slight modification for android change 0de2f429]
Change-Id: If6c3cd106201fd13683d1dd5afdfa62a48a4dd3b
Signed-off-by: Richard Chang <richardycc@google.com>

Move our existing input sanity checking to the top of sel_write_load()
and add a check to ensure the buffer size is non-zero.

Move a local variable initialization from the declaration to before it
is used.

Minor style adjustments.

Reported-by: Sam Sun <samsun1006219@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Bug: 386755977
Change-Id: I76ec20258a8ef8a2966e98d523b58a0aa8b49bda
(cherry picked from commit 42c77323)
Signed-off-by: yaozhongmin <yaozhongmin@xiaomi.com>

1 variable symbol(s) added
  'struct utf8data_table tf8_data_table_new'

Bug: 387229724
Bug: 382800956

Change-Id: I550db0dad74ff5fcfe34de7708b6b6118d21a477
Signed-off-by: Chunhai Guo <guochunhai@vivo.corp-partner.google.com>

Add symbol utf8_data_table_new to ensure compatibility with both new and
old utf8 encoding during file lookup.

Bug: 387229724
Bug: 382800956

Change-Id: I75da2a468ac4a51f7bc907633b9c316a72f2b8c2
Signed-off-by: Chunhai Guo <guochunhai@vivo.corp-partner.google.com>

This commit addresses an issue related to below kernel panic where
panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON
in functionsfs_bind, which easily leads to the following scenarios.

1.adb_write in adbd               2. UDC write via configfs
  =================	             =====================

->usb_ffs_open_thread()           ->UDC write
 ->open_functionfs()               ->configfs_write_iter()
  ->adb_open()                      ->gadget_dev_desc_UDC_store()
   ->adb_write()                     ->usb_gadget_register_driver_owner
                                      ->driver_register()
->StartMonitor()                       ->bus_add_driver()
 ->adb_read()                           ->gadget_bind_driver()
<times-out without BIND event>           ->configfs_composite_bind()
                                          ->usb_add_function()
->open_functionfs()                        ->ffs_func_bind()
 ->adb_open()                               ->functionfs_bind()
                                       <ffs->state !=FFS_ACTIVE>

The adb_open, adb_read, and adb_write operations are invoked from the
daemon, but trying to bind the function is a process that is invoked by
UDC write through configfs, which opens up the possibility of a race
condition between the two paths. In this race scenario, the kernel panic
occurs due to the WARN_ON from functionfs_bind when panic_on_warn is
enabled. This commit fixes the kernel panic by removing the unnecessary
WARN_ON.

Kernel panic - not syncing: kernel: panic_on_warn set ...
[   14.542395] Call trace:
[   14.542464]  ffs_func_bind+0x1c8/0x14a8
[   14.542468]  usb_add_function+0xcc/0x1f0
[   14.542473]  configfs_composite_bind+0x468/0x588
[   14.542478]  gadget_bind_driver+0x108/0x27c
[   14.542483]  really_probe+0x190/0x374
[   14.542488]  __driver_probe_device+0xa0/0x12c
[   14.542492]  driver_probe_device+0x3c/0x220
[   14.542498]  __driver_attach+0x11c/0x1fc
[   14.542502]  bus_for_each_dev+0x104/0x160
[   14.542506]  driver_attach+0x24/0x34
[   14.542510]  bus_add_driver+0x154/0x270
[   14.542514]  driver_register+0x68/0x104
[   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4
[   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144
[   14.542526]  configfs_write_iter+0xf0/0x138

Fixes: ddf8abd2 ("USB: f_fs: the FunctionFS driver")
Cc: stable <stable@kernel.org>
Signed-off-by: Akash M <akash.m5@samsung.com>
Link: https://lore.kernel.org/r/20241219125221.1679-1-akash.m5@samsung.c


om
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 383235079
(cherry picked from commit dfc51e48
https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/
usb-linus)
Change-Id: Ib8ec6cbac0ac0601f75ede2911f00baef099cec1
Signed-off-by: Akash M <akash.m5@samsung.com>

commit f7d306b4 upstream.

The usb_get_descriptor() function does DMA so we're not allowed
to use a stack buffer for that.  Doing DMA to the stack is not portable
all architectures.  Move the "new_device_descriptor" from being stored
on the stack and allocate it with kmalloc() instead.

Bug: 382243530
Fixes: b909df18 ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices")
Cc: stable@kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mountain


Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Benoît Sevens <bsevens@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 44a7b041)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I469212aa538584e3d8cc5b0087b68c99acf43f64

ERRO:
3 function symbol(s) added
  'int __traceiter_android_vh_gzvm_destroy_vm_post_process(void*, struct gzvm*)'
  'int __traceiter_android_vh_gzvm_handle_demand_page_post(void*, struct gzvm*, int, u64, u64, u32)'
  'int __traceiter_android_vh_gzvm_handle_demand_page_pre(void*, struct gzvm*, int, u64, u64, u32)'

3 variable symbol(s) added
  'struct tracepoint __tracepoint_android_vh_gzvm_destroy_vm_post_process'
  'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_post'
  'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_pre'

Bug: 386715781
Change-Id: I84813a4af337b9278e6b4cfc01de53ea3b652d34
Signed-off-by: xuyuqing <xuyuqing@xiaomi.corp-partner.google.com>

Adding the following symbols:
  - __traceiter_android_rvh_do_read_fault
  - __tracepoint_android_rvh_do_read_fault

Bug: 384815694
Change-Id: I653d52df4d541b71896ba27bd914055daa4fa02d
Signed-off-by: liangjlee <liangjlee@google.com>

This patch add a restricted vendor hook in do_read_fault() for tracking
which file and offsets are faulted.

Bug: 336736235
Change-Id: I425690e58550c4ac44912daa10b5eac0728bfb4e
Signed-off-by: liangjlee <liangjlee@google.com>
(cherry picked from commit 29a00abe)

The UDC state in sysfs (/sys/class/udc/<udc>/state) should accurately
reflect the current state of the USB Device Controller.

Currently, the UDC state is not handled consistently during gadget
disconnection. While the disconnect interrupt path correctly sets the
state to "not-attached", manual deconfiguration leaves the state in
"configured", misrepresenting the actual situation.

This commit ensures consistent UDC state handling by setting the state to
"not-attached" after manual deconfiguration. This accurately reflects the
UDC's state and provides a consistent behavior regardless of the
disconnection method.

Signed-off-by: Roy Luo <royluo@google.com>
Reviewed-by: André Draszik <andre.draszik@linaro.org>
Tested-by: André Draszik <andre.draszik@linaro.org>
Link: https://lore.kernel.org/r/20241223042536.1465299-1-royluo@google.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 339241080
(cherry picked from commit 1ff24d40
 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git


 usb-next)
Signed-off-by: Roy Luo <royluo@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:3f924195e2221970e40c33cdca57933f4b63bf31)
Merged-In: I6840073addbcbd2acd0145363e4e5aac2f7422ee
Change-Id: I6840073addbcbd2acd0145363e4e5aac2f7422ee

4 function symbol(s) added
  'bool __oom_reap_task_mm(struct mm_struct*)'
  'int do_send_sig_info(int, struct kernel_siginfo*, struct task_struct*, enum pid_type)'
  'void get_reclaim_params(int*, int*)'
  'int set_reclaim_params(int, int)'

Bug: 323406883
Change-Id: Ia6b9986cbc4d43b7f964eeb52ff19cd2e3af7abf
Signed-off-by: Richard Chang <richardycc@google.com>

Export two functions to help memory reclaim.

Bug: 323406883
Change-Id: I099d414c9b3648224ab077b9929c6622b2d4228a
Signed-off-by: Minchan Kim <minchan@google.com>
Signed-off-by: Richard Chang <richardycc@google.com>

This patch adds two exported functions to set/get reclaim parameters.

Bug: 323406883
Change-Id: I8c29073dba3e77cb5db7f45b640518deae04b8a9
Signed-off-by: Minchan Kim <minchan@google.com>
Signed-off-by: Richard Chang <richardycc@google.com>

6 function symbol(s) added
'int __traceiter_f2fs_gc_begin(struct super_block *, int, bool, unsigned int, long long, long long, long long, unsigned int, unsigned int, int, unsigned int)'
'int __traceiter_f2fs_gc_end(struct super_block *, int, int, int, long long, long long, long long, unsigned int, unsigned int, int, unsigned int)'
'int __traceiter_f2fs_write_checkpoint(struct super_block *, int, const char *)'
'int __traceiter_f2fs_sync_file_enter(struct inode *)'
'int __traceiter_f2fs_sync_file_exit(struct inode *, int, int, int)'
'int __traceiter_ufshcd_command(const char *, enum ufs_trace_str_t, unsigned int, u32, u32, int, u32, u64, u8, u8)'

6 variable symbol(s) added
'struct tracepoint __tracepoint_f2fs_gc_begin'
'struct tracepoint __tracepoint_f2fs_gc_end'
'struct tracepoint __tracepoint_f2fs_write_checkpoint'
'struct tracepoint __tracepoint_f2fs_sync_file_enter'
'struct tracepoint __tracepoint_f2fs_sync_file_exit'
'struct tracepoint __tracepoint_ufshcd_command'

Bug: 386161799
Change-Id: Ia2f87fc3acd3d26cfe7b2438892b85cb3190af66
Signed-off-by: lijiameng3 <lijiameng3@xiaomi.corp-partner.google.com>

export trace_f2fs_gc_begin trace_f2fs_gc_end trace_f2fs_write_checkpoint trace_f2fs_sync_file_enter trace_f2fs_sync_file_exit trace_ufshcd_command so we can hook it in our ko to capture some ioinfo.

Bug: 386161420
Change-Id: I958cbf817345b8b44eb12cf3b37023d1281546ff
Signed-off-by: lijiameng3 <lijiameng3@xiaomi.corp-partner.google.com>

4 function symbol(s) added
  'struct clk* clk_register_mux_table(struct device*, const char*, const char* const*, u8, unsigned long, void*, u8, u32, u8, const u32*, spinlock_t*)'
  'int devm_devfreq_register_opp_notifier(struct device*, struct devfreq*)'
  'struct fwnode_handle* fwnode_create_software_node(const struct property_entry*, const struct fwnode_handle*)'
  'bool input_device_enabled(struct input_dev*)'

1 variable symbol(s) added
  'const char* v4l2_type_names[15]'

Bug: 385924874
Change-Id: I9123b508cbc5f26f3730453af5817c40a43e2b6e
Signed-off-by: meitaogao <meitaogao@asrmicro.com>

Adding the following symbols:
  - __traceiter_cma_alloc_finish
  - __traceiter_cma_alloc_start
  - __tracepoint_cma_alloc_finish
  - __tracepoint_cma_alloc_start

Bug: 315897033
Change-Id: Id1762c9b6538d9643eb9c488a65587d46dea3252
Signed-off-by: Richard Chang <richardycc@google.com>

2 function symbol(s) added
  'void tcp_cong_avoid_ai(struct tcp_sock *tp, u32 w, u32 acked)'
  'u32 tcp_reno_undo_cwnd(struct sock *sk)'

Bug: 383007920
Change-Id: I6975f6a61fb5b01cde75ae96779ff6f570663e1c
Signed-off-by: zhangpeng <zhangpeng9@oppo.com>

This reverts commit a2c66ca8.

Reason for revert: VTS failure some tests in VtsHalBootAidlTargetTest

Change-Id: I2a7fbd35c6d5d7ba13f7edbe0b95a4c5791404b8
Signed-off-by: Howard Chen <howardsoc@google.com>
Bug: 384925942

commit b909df18 upstream.

A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.

This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.

Bug: 382243530
Signed-off-by: Benoît Sevens <bsevens@google.com>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Cc: stable@kernel.org
Link: https://patch.msgid.link/20241120124144.3814457-1-bsevens@google.com


Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit b8f8b81d)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I1aa1a442a5c87116200dcab02f84e1bd48f86bb5

Adding the following symbols:
  - debugfs_lookup_and_remove
  - devm_register_sys_off_handler
  - init_on_free
  - pci_free_irq
  - pci_request_irq
  - __traceiter_android_vh_binder_proc_transaction_finish
  - __traceiter_android_vh_check_new_page
  - __traceiter_android_vh_free_pages_prepare_init
  - __traceiter_android_vh_post_alloc_hook
  - __tracepoint_android_vh_binder_proc_transaction_finish
  - __tracepoint_android_vh_check_new_page
  - __tracepoint_android_vh_free_pages_prepare_init
  - __tracepoint_android_vh_post_alloc_hook

Bug: 383166773
Change-Id: I2deb32da0193effc1d33a7c4d4b47d016a05840b
Signed-off-by: Minchan Kim <minchan@google.com>

zeroing on free but defering the zeroing to allocation context
to avoid slow memory reclaiming

Bug: 383166773
Change-Id: I746f4fbc20df5cf394d7644ff2cd6f25916c9790
Signed-off-by: Minchan Kim <minchan@google.com>

Improve commit fc88bb11 ("usb: roles: add lockdep class key to struct
usb_role_switch") as follows:
* Move the lock class key declaration just above the mutex declaration such
  that the declaration order of these objects matches their initialization
  order.
* Destroy the mutex and lock class key just before these objects are
  freed. This makes it easier to verify that the destruction calls happen
  after the last use of these objects.
* Instead of switching the mutex key to the dynamic lock class key after
  initialization of the mutex has completed, initialize the mutex with the
  dynamic lock class key.

Cc: Amit Sunil Dhamne <amitsd@google.com>
Cc: Badhri Jagan Sridharan <badhri@google.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ifbe0b6064220c0a4f7bc6be7bcfa23514a635e8c
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240912223956.3554086-4-bvanassche@acm.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 357676850
(cherry picked from commit 7d01ef78)
Signed-off-by: Bart Van Assche <bvanassche@google.com>

There can be multiple role switch devices running on a platform. Given
that lockdep is not capable of differentiating between locks of
different instances, false positive warnings for circular locking are
reported. To prevent this, register unique lockdep key for each of the
individual instances.

Change-Id: I087906873262e6c5c7425d02d4281c8ab1b01809
Signed-off-by: Amit Sunil Dhamne <amitsd@google.com>
Reviewed-by: Badhri Jagan Sridharan <badhri@google.com>
Link: https://lore.kernel.org/r/20240822223717.253433-1-amitsd@google.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 357676850
(cherry picked from commit fc88bb11)
[ bvanassche: included if (IS_ERR_OR_NULL(sw)) inversion ]
Signed-off-by: Bart Van Assche <bvanassche@acm.org>

The following pattern occurs 5 times in kernel drivers:

	lockdep_register_key(key);
	__mutex_init(mutex, name, key);

In several cases the 'name' argument matches #mutex. Hence, introduce
the mutex_init_with_key() macro. This macro derives the 'name' argument
from the 'mutex' argument.

Suggested-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Change-Id: I7ea3ec15e8649de151bddf37413599de8cda10b2
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240912223956.3554086-3-bvanassche@acm.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 357676850
(cherry picked from commit e837d833)
Signed-off-by: Bart Van Assche <bvanassche@google.com>

With CONFIG_PREEMPT_RT disabled __mutex_init() is a function. With
CONFIG_PREEMPT_RT enabled, __mutex_init() is a macro. I assume this is why
mutex_init() is defined twice as exactly the same macro.

Prepare for introducing a new macro for mutex initialization by combining
the two identical mutex_init() definitions into a single definition. This
patch does not change any functionality because the C preprocessor expands
macros when it encounters the macro name and not when a macro definition
is encountered. See also commit bb630f9f ("locking/rtmutex: Add mutex
variant for RT").

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Change-Id: I96b6c752d3b3029d12c048135bb7f58181ae9e69
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240912223956.3554086-2-bvanassche@acm.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 357676850
(cherry picked from commit 96f80528)
[ bvanassche: backported to kernel v6.6 ]
Signed-off-by: Bart Van Assche <bvanassche@google.com>

The put_device() call in power_supply_put() may call
power_supply_dev_release(). The latter function does not sleep so
power_supply_put() doesn't sleep either. Hence, remove the might_sleep()
call from power_supply_put(). This patch suppresses false positive
complaints about calling a sleeping function from atomic context if
power_supply_put() is called from atomic context.

Cc: Kyle Tso <kyletso@google.com>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Fixes: 1a352462 ("power_supply: Add power_supply_put for decrementing device reference counter")
Change-Id: I0bb18a30afaa7642fed2be1111d6838935276a54
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20240917193914.47566-1-bvanassche@acm.org


Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Bug: 355251920
(cherry picked from commit f6da4553)
Signed-off-by: Bart Van Assche <bvanassche@google.com>