Skip to content
Snippets Groups Projects
  1. Jan 24, 2025
  2. Jan 20, 2025
    • Qun-Wei Lin's avatar
      UPSTREAM: mm: krealloc: Fix MTE false alarm in __do_krealloc · 9f047a51
      Qun-Wei Lin authored
      commit 70457385 upstream.
      
      This patch addresses an issue introduced by commit 1a83a716 ("mm:
      krealloc: consider spare memory for __GFP_ZERO") which causes MTE
      (Memory Tagging Extension) to falsely report a slab-out-of-bounds error.
      
      The problem occurs when zeroing out spare memory in __do_krealloc. The
      original code only considered software-based KASAN and did not account
      for MTE. It does not reset the KASAN tag before calling memset, leading
      to a mismatch between the pointer tag and the memory tag, resulting in a
      false positive.
      
      Example of the error:
      ==================================================================
      swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188
      swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1
      swapper/0: Pointer tag: [f4], memory tag: [fe]
      swapper/0:
      swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.
      swapper/0: Hardware name: MT6991(ENG) (DT)
      swapper/0: Call trace:
      swapper/0:  dump_backtrace+0xfc/0x17c
      swapper/0:  show_stack+0x18/0x28
      swapper/0:  dump_stack_lvl+0x40/0xa0
      swapper/0:  print_report+0x1b8/0x71c
      swapper/0:  kasan_report+0xec/0x14c
      swapper/0:  __do_kernel_fault+0x60/0x29c
      swapper/0:  do_bad_area+0x30/0xdc
      swapper/0:  do_tag_check_fault+0x20/0x34
      swapper/0:  do_mem_abort+0x58/0x104
      swapper/0:  el1_abort+0x3c/0x5c
      swapper/0:  el1h_64_sync_handler+0x80/0xcc
      swapper/0:  el1h_64_sync+0x68/0x6c
      swapper/0:  __memset+0x84/0x188
      swapper/0:  btf_populate_kfunc_set+0x280/0x3d8
      swapper/0:  __register_btf_kfunc_id_set+0x43c/0x468
      swapper/0:  register_btf_kfunc_id_set+0x48/0x60
      swapper/0:  register_nf_nat_bpf+0x1c/0x40
      swapper/0:  nf_nat_init+0xc0/0x128
      swapper/0:  do_one_initcall+0x184/0x464
      swapper/0:  do_initcall_level+0xdc/0x1b0
      swapper/0:  do_initcalls+0x70/0xc0
      swapper/0:  do_basic_setup+0x1c/0x28
      swapper/0:  kernel_init_freeable+0x144/0x1b8
      swapper/0:  kernel_init+0x20/0x1a8
      swapper/0:  ret_from_fork+0x10/0x20
      ==================================================================
      
      Bug: 390070977
      Bug: 391031881
      (cherry picked from commit 70457385
      https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
      
      
      linux-6.6.y)
      Fixes: 1a83a716 ("mm: krealloc: consider spare memory for __GFP_ZERO")
      Signed-off-by: default avatarQun-Wei Lin <qun-wei.lin@mediatek.com>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarSeiya Wang <seiya.wang@mediatek.com>
      Change-Id: Iea0ba629183042d594665ab51b410965963d167e
      (cherry picked from commit 6b18f0b5)
      (cherry picked from commit e087ce9a)
  3. Jan 06, 2025
  4. Jan 04, 2025
  5. Jan 03, 2025
    • Chunhai Guo's avatar
      ANDROID: GKI: update symbol list for vivo · 7c5518bc
      Chunhai Guo authored
      
      1 variable symbol(s) added
        'struct utf8data_table tf8_data_table_new'
      
      Bug: 387229724
      Bug: 382800956
      
      Change-Id: I550db0dad74ff5fcfe34de7708b6b6118d21a477
      Signed-off-by: default avatarChunhai Guo <guochunhai@vivo.corp-partner.google.com>
      7c5518bc
    • Chunhai Guo's avatar
      ANDROID: unicode: Add symbol for utf8 encoding compatibility for file lookup · 59a52ac0
      Chunhai Guo authored
      
      Add symbol utf8_data_table_new to ensure compatibility with both new and
      old utf8 encoding during file lookup.
      
      Bug: 387229724
      Bug: 382800956
      
      Change-Id: I75da2a468ac4a51f7bc907633b9c316a72f2b8c2
      Signed-off-by: default avatarChunhai Guo <guochunhai@vivo.corp-partner.google.com>
      59a52ac0
    • Akash M's avatar
      FROMGIT: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind · a6fbce86
      Akash M authored
      
      This commit addresses an issue related to below kernel panic where
      panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON
      in functionsfs_bind, which easily leads to the following scenarios.
      
      1.adb_write in adbd               2. UDC write via configfs
        =================	             =====================
      
      ->usb_ffs_open_thread()           ->UDC write
       ->open_functionfs()               ->configfs_write_iter()
        ->adb_open()                      ->gadget_dev_desc_UDC_store()
         ->adb_write()                     ->usb_gadget_register_driver_owner
                                            ->driver_register()
      ->StartMonitor()                       ->bus_add_driver()
       ->adb_read()                           ->gadget_bind_driver()
      <times-out without BIND event>           ->configfs_composite_bind()
                                                ->usb_add_function()
      ->open_functionfs()                        ->ffs_func_bind()
       ->adb_open()                               ->functionfs_bind()
                                             <ffs->state !=FFS_ACTIVE>
      
      The adb_open, adb_read, and adb_write operations are invoked from the
      daemon, but trying to bind the function is a process that is invoked by
      UDC write through configfs, which opens up the possibility of a race
      condition between the two paths. In this race scenario, the kernel panic
      occurs due to the WARN_ON from functionfs_bind when panic_on_warn is
      enabled. This commit fixes the kernel panic by removing the unnecessary
      WARN_ON.
      
      Kernel panic - not syncing: kernel: panic_on_warn set ...
      [   14.542395] Call trace:
      [   14.542464]  ffs_func_bind+0x1c8/0x14a8
      [   14.542468]  usb_add_function+0xcc/0x1f0
      [   14.542473]  configfs_composite_bind+0x468/0x588
      [   14.542478]  gadget_bind_driver+0x108/0x27c
      [   14.542483]  really_probe+0x190/0x374
      [   14.542488]  __driver_probe_device+0xa0/0x12c
      [   14.542492]  driver_probe_device+0x3c/0x220
      [   14.542498]  __driver_attach+0x11c/0x1fc
      [   14.542502]  bus_for_each_dev+0x104/0x160
      [   14.542506]  driver_attach+0x24/0x34
      [   14.542510]  bus_add_driver+0x154/0x270
      [   14.542514]  driver_register+0x68/0x104
      [   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4
      [   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144
      [   14.542526]  configfs_write_iter+0xf0/0x138
      
      Fixes: ddf8abd2 ("USB: f_fs: the FunctionFS driver")
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarAkash M <akash.m5@samsung.com>
      Link: https://lore.kernel.org/r/20241219125221.1679-1-akash.m5@samsung.c
      
      
      om
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      Bug: 383235079
      (cherry picked from commit dfc51e48
      https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/
      usb-linus)
      Change-Id: Ib8ec6cbac0ac0601f75ede2911f00baef099cec1
      Signed-off-by: default avatarAkash M <akash.m5@samsung.com>
      a6fbce86
    • Dan Carpenter's avatar
      UPSTREAM: ALSA: usb-audio: Fix a DMA to stack memory bug · 89be8631
      Dan Carpenter authored
      
      commit f7d306b4 upstream.
      
      The usb_get_descriptor() function does DMA so we're not allowed
      to use a stack buffer for that.  Doing DMA to the stack is not portable
      all architectures.  Move the "new_device_descriptor" from being stored
      on the stack and allocate it with kmalloc() instead.
      
      Bug: 382243530
      Fixes: b909df18 ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices")
      Cc: stable@kernel.org
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mountain
      
      
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarBenoît Sevens <bsevens@google.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      (cherry picked from commit 44a7b041)
      Signed-off-by: default avatarLee Jones <joneslee@google.com>
      Change-Id: I469212aa538584e3d8cc5b0087b68c99acf43f64
      89be8631
    • xuyuqing's avatar
      ANDROID: ABI: Update symbol list for xiaomi · dbf1c333
      xuyuqing authored
      
      ERRO:
      3 function symbol(s) added
        'int __traceiter_android_vh_gzvm_destroy_vm_post_process(void*, struct gzvm*)'
        'int __traceiter_android_vh_gzvm_handle_demand_page_post(void*, struct gzvm*, int, u64, u64, u32)'
        'int __traceiter_android_vh_gzvm_handle_demand_page_pre(void*, struct gzvm*, int, u64, u64, u32)'
      
      3 variable symbol(s) added
        'struct tracepoint __tracepoint_android_vh_gzvm_destroy_vm_post_process'
        'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_post'
        'struct tracepoint __tracepoint_android_vh_gzvm_handle_demand_page_pre'
      
      Bug: 386715781
      Change-Id: I84813a4af337b9278e6b4cfc01de53ea3b652d34
      Signed-off-by: default avatarxuyuqing <xuyuqing@xiaomi.corp-partner.google.com>
      dbf1c333
  6. Dec 30, 2024
  7. Dec 27, 2024
  8. Dec 24, 2024
  9. Dec 23, 2024
  10. Dec 21, 2024
    • Minchan Kim's avatar
      ANDROID: ABI: Update pixel symbol list · 86179fae
      Minchan Kim authored
      
      Adding the following symbols:
        - debugfs_lookup_and_remove
        - devm_register_sys_off_handler
        - init_on_free
        - pci_free_irq
        - pci_request_irq
        - __traceiter_android_vh_binder_proc_transaction_finish
        - __traceiter_android_vh_check_new_page
        - __traceiter_android_vh_free_pages_prepare_init
        - __traceiter_android_vh_post_alloc_hook
        - __tracepoint_android_vh_binder_proc_transaction_finish
        - __tracepoint_android_vh_check_new_page
        - __tracepoint_android_vh_free_pages_prepare_init
        - __tracepoint_android_vh_post_alloc_hook
      
      Bug: 383166773
      Change-Id: I2deb32da0193effc1d33a7c4d4b47d016a05840b
      Signed-off-by: default avatarMinchan Kim <minchan@google.com>
      86179fae
    • Minchan Kim's avatar
      ANDROID: defer zeroing to allocation context in init_on_free · 7e1ae40a
      Minchan Kim authored
      
      zeroing on free but defering the zeroing to allocation context
      to avoid slow memory reclaiming
      
      Bug: 383166773
      Change-Id: I746f4fbc20df5cf394d7644ff2cd6f25916c9790
      Signed-off-by: default avatarMinchan Kim <minchan@google.com>
      7e1ae40a
  11. Dec 20, 2024
  12. Dec 19, 2024
    • Kalesh Singh's avatar
      ANDROID: 16K: x86_64: Disable userfaultfd · 865e7e4f
      Kalesh Singh authored
      
      When emulating 16KB page size on x86_64, the kernel presents a 16KB page
      size to userspace. However the kernel and hardware still operates at a
      4KB page size granularity.
      
      This mean that even though the mimumun size of memory that userspace can
      request is 16384 (from mmap); faults still happen at a 4KB granularity
      in the kernel.
      
      This is inherently incompatible with UFFD, which is used by the default
      ART GC in Android V. Since UFFD necessarily needs to operate on
      PTEs (4096) but from the client's perspective in userspace the page size
      is 16384.
      
      Disable the UFFD if emulating 16KB (larger than 4KB) page sizes on
      x86_64.
      
      Bug: 379001861
      Bug: 384985178
      Bug: 377361489
      Test: Tested on Android Studio x86_64 emulator no system restarts.
      Test: grep -i 'collectortype' logcat; Expect collector type CC instead
            of collectortype CMC (UFFD GC)
      Change-Id: Idad47e5f57aa1843921d550f16f248ed34da2100
      Signed-off-by: default avatarKalesh Singh <kaleshsingh@google.com>
      865e7e4f
    • liulu.liu@honor.corp-partner.google.com's avatar
      ANDROID: ABI: update symbol list for honor · 46493cec
      
      4 function symbol(s) added
        'int __traceiter_rpm_idle(void*, struct device *dev, int flags)'
        'int __traceiter_rpm_suspend(void*, struct device *dev, int flags)'
        'int __traceiter_rpm_resume(void*, struct device *dev, int flags)'
        'int __traceiter_rpm_return_int(void*, struct device *dev, unsigned long ip, int ret)'
      
      4 variable symbol(s) added
        'struct tracepoint __tracepoint_rpm_idle'
        'struct tracepoint __tracepoint_rpm_suspend'
        'struct tracepoint __tracepoint_rpm_resume'
        'struct tracepoint __tracepoint_rpm_return_int'
      
      Bug: 384649917
      Change-Id: I4f5defc1e915aafb67f0cb1588774cbf9e466ff2
      Signed-off-by: default avatarliulu liu <liulu.liu@honor.corp-partner.google.com>
      46493cec
  13. Dec 18, 2024
Loading