Select Git revision
Search by author
- Any Author
- authors
-
72162444 72162444 gaochangning
-
Aakash Dave aakash.dave
-
Aaron Kim akim
-
Aaron Kloc akloc
-
Aaron Lan aaron.lan
-
Aaron Nabil aaronna
-
Aaron Pohle aaron.pohle
-
Abbott Chung chung.abbott
-
Abdallah Omar abdallah_omar
-
Abdessamii Chalbi abdessamii.chalbi
-
Abdul Hussain Sirajudeen abdul.hussain
-
Abdullah Elmarghany abdullah_elmarghany
-
Abel Fang abel_fang
-
Abel Vesa
abel.vesa
-
Abhijeet Badurkar abhijeet.badurkar
-
Abhijit Adsule adsule
-
Abhijit Murthy abhijit
-
Abhi Khanal akhanal
-
Abhimanyu Raj abhimanyu.raj
-
abhishek chandra abhishek.chandra
- Oct 29, 2024
-
-
Mukesh Ojha authored
Add missing symbols used by qcom qfprom driver to the abi symbol list Bug: 376023320 Bug: 376285589 Change-Id: I59d1a7198466dbb6f53cfb4d012fbde602fc4fbb Signed-off-by:
Mukesh Ojha <quic_mojha@quicinc.com> (cherry picked from commit 968c817f)
-
Jagadeesh Kona authored
Add missing symbols used by qcom cpufreq hw driver to the abi symbol list. Bug: 374703398 Bug: 376285589 Change-Id: Idc20ddaf9a88dd341be9ad2850ce2e83546e4210 Signed-off-by:
Jagadeesh Kona <quic_jkona@quicinc.com> (cherry picked from commit ff7191c4)
-
Veerendranath Jakkam authored
Avoid overriding BSS information generated from MBSSID or direct source with BSS information generated from per-STA profile source to avoid losing actual signal strength and information elements such as RNR and Basic ML elements. Signed-off-by:
Veerendranath Jakkam <quic_vjakkam@quicinc.com> Link: https://patch.msgid.link/20240904030917.3602369-4-quic_vjakkam@quicinc.com Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Bug: 338006731 Bug: 376285589 (cherry picked from commit 450732ab https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main) Change-Id: I556803e40c89d3cfee5405796235252bf2896a6f Signed-off-by:
-
Veerendranath Jakkam authored
Currently signal of the BSS entry generated from the per-STA profile indicated as zero, but userspace may consider it as high signal strength since 0 dBm is a valid RSSI value. To avoid this don't report the signal to userspace when the BSS entry created from a per-STA profile. Signed-off-by:
-
Veerendranath Jakkam authored
Define public enum with BSS source types in core.h. Upcoming patches need this to store BSS source type in struct cfg80211_internal_bss. Signed-off-by:
-
- Oct 28, 2024
-
-
Adding the following symbols: - vm_unmapped_area ABI differences: 1 function symbol(s) added 'unsigned long vm_unmapped_area(struct vm_unmapped_area_info*)' Bug: 344489121 Bug: 374248106 Bug: 376058021 Signed-off-by:
Vamsidhar reddy Gaddam <gvamsi@google.com> Signed-off-by:
Will McVicker <willmcvicker@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:2fd50de3843a87446e3bd9a4e6f04bdd5ab3a3df) Merged-In: I1798b662e81283e1f8e8f2091e5e4b6d2d4fe2c0 Change-Id: I1798b662e81283e1f8e8f2091e5e4b6d2d4fe2c0
-
- Oct 22, 2024
-
-
Elliot Berman authored
Values from (LONG_MAX, ULONG_MAX] aren't supported values by xarray. Allocate a container to store the value instead and insert the container to the xarray. Change-Id: Iaf6a50cc4d56ab2108e3e21f2dfc493cd518cb22 Bug: 375052404 Bug: 373872273 Fixes: ed8ebd8c ("FROMLIST: virt: gunyah: Allow userspace to initialize context of primary vCPU") Signed-off-by:
Elliot Berman <quic_eberman@quicinc.com> (cherry picked from commit 36ff1c94)
-
Elliot Berman authored
Test that the boot_context->reg provided by userspace has upper bits cleared. Change-Id: If96f7980b026336def24f8ff88d303d0bfa7b598 Bug: 375052404 Bug: 373872273 Fixes: ed8ebd8c ("FROMLIST: virt: gunyah: Allow userspace to initialize context of primary vCPU") Signed-off-by:
-
- Oct 15, 2024
-
-
Gabriel Krisman Bertazi authored
We don't need to handle them separately. Instead, just let them decompose/casefold to themselves. Change-Id: I01c3f2c98ae4d84269586cec09f18239cbee0abb Signed-off-by:
Gabriel Krisman Bertazi <krisman@suse.de> (cherry picked from commit 5c26d2f1) Signed-off-by:
Greg Kroah-Hartman <gregkh@google.com> Signed-off-by:
Lee Jones <joneslee@google.com>
-
yenchia.chen authored
2 function symbol(s) added 'int _snd_pcm_lib_alloc_vmalloc_buffer(struct snd_pcm_substream*, size_t, gfp_t)' 'int snd_pcm_lib_free_vmalloc_buffer(struct snd_pcm_substream*)' Bug: 372826655 Bug: 373507415 Change-Id: I14adc9e7a148fa649b6fd198645c31a5cda10d89 Signed-off-by:
yenchia.chen <yenchia.chen@mediatek.com> (cherry picked from commit c8921c62)
-
- Oct 14, 2024
-
-
Willem de Bruijn authored
Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediatek.com/ Fixes: 9fd1ff5d ("udp: Support UDP fraglist GRO/GSO.") Signed-off-by:
Willem de Bruijn <willemb@google.com> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmail.com Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Bug: 373245346 Bug: 333849117 Change-Id: I5a317e002f149cf9d399dce9bf87cd649a24da19 (cherry picked from commit a1e40ac5) Signed-off-by:
Lena Wang <lena.wang@mediatek.corp-partner.google.com> (cherry picked from commit 42c2d1ea)
-
- Oct 02, 2024
-
-
yenchia.chen authored
4 function symbol(s) added 'int generic_mii_ioctl(struct mii_if_info*, struct mii_ioctl_data*, int, unsigned int*)' 'void mii_ethtool_get_link_ksettings(struct mii_if_info*, struct ethtool_link_ksettings*)' 'int mii_ethtool_set_link_ksettings(struct mii_if_info*, const struct ethtool_link_ksettings*)' 'int mii_nway_restart(struct mii_if_info*)' Bug: 369058937 Bug: 369463758 Bug: 371019111 Change-Id: Idd603d82ef9caaadf2ec03f85640b468e57caf25 Signed-off-by:
-
yenchia.chen authored
44 function symbol(s) added 'struct device* __root_device_register(const char*, struct module*)' 'int __trace_bputs(unsigned long, const char*)' 'int alloc_contig_range(unsigned long, unsigned long, unsigned int, gfp_t)' 'void clk_hw_unregister_fixed_rate(struct clk_hw*)' 'void clk_hw_unregister_gate(struct clk_hw*)' 'int copy_from_iter_toio(void*, struct iov_iter*, size_t)' 'int copy_to_iter_fromio(struct iov_iter*, const void*, size_t)' 'void cpufreq_dbs_governor_exit(struct cpufreq_policy*)' 'int cpufreq_dbs_governor_init(struct cpufreq_policy*)' 'void cpufreq_dbs_governor_limits(struct cpufreq_policy*)' 'int cpufreq_dbs_governor_start(struct cpufreq_policy*)' 'void cpufreq_dbs_governor_stop(struct cpufreq_policy*)' 'unsigned int dbs_update(struct cpufreq_policy*)' 'int devm_hwspin_lock_unregister(struct device*, struct hwspinlock_device*)' 'void gov_update_cpu_data(struct dbs_data*)' 'int iio_read_channel_scale(struct iio_channel*, int*, int*)' 'void invalidate_bh_lrus()' 'void media_device_register_entity_notify(struct media_device*, struct media_entity_notify*)' 'struct thermal_cooling_device* of_cpufreq_cooling_register(struct cpufreq_policy*)' 'int pinctrl_count_index_with_args(const struct device_node*, const char*)' 'int pinctrl_parse_index_with_args(const struct device_node*, const char*, int, struct of_phandle_args*)' 'int pinctrl_register_and_init(struct pinctrl_desc*, struct device*, void*, struct pinctrl_dev**)' 'int pinmux_generic_add_function(struct pinctrl_dev*, const char*, const char* const*, unsigned int, void*)' 'int pinmux_generic_remove_function(struct pinctrl_dev*, unsigned int)' 'bool regcache_reg_cached(struct regmap*, unsigned int)' 'void root_device_unregister(struct device*)' 'struct rproc_mem_entry* rproc_of_resm_mem_entry_init(struct device*, u32, size_t, u32, const char*, ...)' 'ssize_t sampling_rate_store(struct gov_attr_set*, const char*, size_t)' 'void serial8250_do_pm(struct uart_port*, unsigned int, unsigned int)' 'unsigned int serial8250_modem_status(struct uart_8250_port*)' 'void serial8250_rpm_put_tx(struct uart_8250_port*)' 'u16 serial8250_rx_chars(struct uart_8250_port*, u16)' 'void serial8250_tx_chars(struct uart_8250_port*)' 'int snd_compress_new(struct snd_card*, int, int, const char*, struct snd_compr*)' 'int snd_soc_add_component(struct snd_soc_component*, struct snd_soc_dai_driver*, int)' 'int snd_soc_component_initialize(struct snd_soc_component*, const struct snd_soc_component_driver*, struct device*)' 'int snd_soc_tdm_params_to_bclk(struct snd_pcm_hw_params*, int, int, int)' 'int usb_anchor_empty(struct usb_anchor*)' 'void usb_reset_endpoint(struct usb_device*, unsigned int)' 'void usb_unlink_anchored_urbs(struct usb_anchor*)' 'int xhci_add_endpoint(struct usb_hcd*, struct usb_device*, struct usb_host_endpoint*)' 'int xhci_check_bandwidth(struct usb_hcd*, struct usb_device*)' 'int xhci_drop_endpoint(struct usb_hcd*, struct usb_device*, struct usb_host_endpoint*)' 'void xhci_reset_bandwidth(struct usb_hcd*, struct usb_device*)' 1 variable symbol(s) added 'const struct fwnode_operations irqchip_fwnode_ops' Bug: 365867885 Change-Id: I00b2be9f2ba76fa0adde8d8c2f2254c240ed4dc6 Signed-off-by:
-
yenchia.chen authored
18 function symbol(s) added 'int lzo1x_1_compress(const unsigned char*, size_t, unsigned char*, size_t*, void*)' 'int media_create_pad_links(const struct media_device*, u32, struct media_entity*, u16, u32, struct media_entity*, u16, u32, bool)' 'int media_get_pad_index(struct media_entity*, u32, enum media_pad_signal_type)' 'ssize_t perf_event_sysfs_show(struct device*, struct device_attribute*, char*)' 'int trace_array_destroy(struct trace_array*)' 'struct trace_array* trace_array_get_by_name(const char*)' 'int trace_array_init_printk(struct trace_array*)' 'int trace_array_printk(struct trace_array*, unsigned long, const char*, ...)' 'int vb2_core_dqbuf(struct vb2_queue*, unsigned int*, void*, bool)' 'int vb2_core_expbuf(struct vb2_queue*, int*, unsigned int, unsigned int, unsigned int, unsigned int)' '__poll_t vb2_core_poll(struct vb2_queue*, struct file*, poll_table*)' 'int vb2_core_qbuf(struct vb2_queue*, unsigned int, void*, struct media_request*)' 'void vb2_core_querybuf(struct vb2_queue*, unsigned int, void*)' 'int vb2_core_queue_init(struct vb2_queue*)' 'void vb2_core_queue_release(struct vb2_queue*)' 'int vb2_core_reqbufs(struct vb2_queue*, enum vb2_memory, unsigned int, unsigned int*)' 'int vb2_core_streamoff(struct vb2_queue*, unsigned int)' 'int vb2_core_streamon(struct vb2_queue*, unsigned int)' Bug: 365702846 Change-Id: Idcf32c9310b4db7eea795d624b8db01dbb9c704a Signed-off-by:
-
Jishnu Prakash authored
Add the symbols class_create_file_ns and class_remove_file_ns to be used by haptics module. Bug: 365040477 Bug: 367452992 Bug: 371019111 Change-Id: I555e963cf7c63d4764c6616d3b09998d42016187 Signed-off-by:
Jishnu Prakash <quic_jprakash@quicinc.com> (cherry picked from commit 15860879) Signed-off-by:
Blagovest Kolenichev <quic_c_bkolen@quicinc.com> (cherry picked from commit bdf7a8d2)
-
Elliot Berman authored
gunyah_gup_reclaim_parcel incorrectly used folio_put() to drop the refcount for the pinned page. This leaves the folio pincount elevated. If the VM initialization fails in Gunyah and Linux needs to reclaim the mem parcel, mm will complain that the pincount was higher than refcount. This reclaim path is not normally used, as memory backed by parcels is reclaimed in the demand paging path if the VM starts successfully. Bug: 358605784 Bug: 367452992 Bug: 371019111 Fixes: 296cceed ("ANDROID: virt: gunyah: Add gup based demand paging support") Change-Id: I88454e1f0527632f1f78345e3833d16cbc098467 Signed-off-by:
-
Elliot Berman authored
gunyah_gup_share_parcel() has an in/out parameter which indicates the number of pages requested to be shared in the mem parcel. We were not returning the number of pages actually shared in the mem parcel and this caused THPs to be undercounted. Later, when converting the parcel to demand paged (gunyah_vm_parcel_to_paged), we hit the BUG_ON on line 55 due to the undercount. Fix the BUG_ON by correctly counting the *nr return value. Bug: 367452992 Bug: 371019111 Fixes: due to the undercount. Fix the BUG_ON by correctly counting the *nr return value due to the undercount. Fix the BUG_ON by correctly counting the *nr return value. Fixes: 296cceed ("ANDROID: virt: gunyah: Add gup based demand paging support") Change-Id: I6492b02d075d903ab68d6c89c4bb1cd78af25c28 Signed-off-by:
-
Zhipeng Wang authored
1 function symbol(s) added 'void devm_nvmem_device_put(struct device*, struct nvmem_device*)' Bug: 365423073 Bug: 365651034 Bug: 371019111 Change-Id: I40d06c1b1fc7715425fb6dfec677e9aeb531d1f0 Signed-off-by:
Zhipeng Wang <zhipeng.wang_1@nxp.com> (cherry picked from commit bf54351c) (cherry picked from commit 32a68c6f)
-
- Sep 27, 2024
-
-
Kalesh Singh authored
In some cases VMAs are split without the mmap write lock held; later the lock is taken to fixup vm_flags of the original VMA. Since some uppper bits of vm_flags are used to encode the ELF padding ranges, they need to be modified on splits. This is usually handled correctly by __split_vma(). However in the above case, the flags get over witten later under the write lock. Preserve vm_flag bits on reset to correctly represent padding. Bug: 370026937 Bug: 357901498 Change-Id: I1cb75419e614791a47cbdb0341373f619daf0bf2 Signed-off-by:Kalesh Singh <kaleshsingh@google.com>
-
Kalesh Singh authored
Introduce inline header to avoid circular dependency. This will be used in a subsequent patch. Also take opportunity to do some small noop refactor in vma_pad_pages() and split_pad_vma() for more robust code. Bug: 370026937 Bug: 357901498 Change-Id: Ia5f447758d0d07ed3e1429ca1e35dcc0741cc22a Signed-off-by: -
Aran Dalton authored
Add initial symbol list for sunxi. Bug: 369230473 Bug: 369930676 Change-Id: I933b7a015631de70c65d4a254f7609fdf3b476be Signed-off-by:
Aran Dalton <arda@allwinnertech.com> (cherry picked from commit 9ddbcd8d)
-
- Sep 17, 2024
-
-
Carlos Llamas authored
The patches to support binder's frozen notification feature break the KMI. This change fixes such issues by (1) moving proc->delivered_freeze into the existing proc_wrapper struction, (2) dropping the frozen stats support and (3) amending the STG due to a harmless enum binder_work_type addition. These are the reported KMI issues fixed by this patch: function symbol 'int __traceiter_binder_transaction_received(void*, struct binder_transaction*)' changed CRC changed from 0x74e9c98b to 0xfe0f8640 type 'struct binder_proc' changed byte size changed from 584 to 632 member 'struct list_head delivered_death' changed offset changed by 256 member 'struct list_head delivered_freeze' was added 13 members ('u32 max_threads' .. 'u64 android_oem_data1') changed offset changed by 384 type 'struct binder_thread' changed byte size changed from 464 to 496 2 members ('atomic_t tmp_ref' .. 'bool is_dead') changed offset changed by 224 4 members ('struct task_struct* task' .. 'enum binder_prio_state prio_state') changed offset changed by 256 type 'struct binder_stats' changed byte size changed from 216 to 244 member changed from 'atomic_t br[21]' to 'atomic_t br[23]' type changed from 'atomic_t[21]' to 'atomic_t[23]' number of elements changed from 21 to 23 member changed from 'atomic_t bc[19]' to 'atomic_t bc[22]' offset changed from 672 to 736 type changed from 'atomic_t[19]' to 'atomic_t[22]' number of elements changed from 19 to 22 member changed from 'atomic_t obj_created[7]' to 'atomic_t obj_created[8]' offset changed from 1280 to 1440 type changed from 'atomic_t[7]' to 'atomic_t[8]' number of elements changed from 7 to 8 member changed from 'atomic_t obj_deleted[7]' to 'atomic_t obj_deleted[8]' offset changed from 1504 to 1696 type changed from 'atomic_t[7]' to 'atomic_t[8]' number of elements changed from 7 to 8 type 'enum binder_work_type' changed enumerator 'BINDER_WORK_FROZEN_BINDER' (10) was added enumerator 'BINDER_WORK_CLEAR_FREEZE_NOTIFICATION' (11) was added Bug: 363013421 Signed-off-by:Carlos Llamas <cmllamas@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:eec02eddcd1ba20463901242e8a7d424cb582cce) Merged-In: If9f1f14a2eda215a4c9cb0823c50c8e0e8079ef1 Change-Id: If9f1f14a2eda215a4c9cb0823c50c8e0e8079ef1
-
Yu-Ting Tseng authored
Add a flag to binder_features to indicate that the freeze notification feature is available. Signed-off-by:
Yu-Ting Tseng <yutingtseng@google.com> Acked-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 363013421 (cherry picked from commit 30b968b0 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Signed-off-by:
-
Yu-Ting Tseng authored
Frozen processes present a significant challenge in binder transactions. When a process is frozen, it cannot, by design, accept and/or respond to binder transactions. As a result, the sender needs to adjust its behavior, such as postponing transactions until the peer process unfreezes. However, there is currently no way to subscribe to these state change events, making it impossible to implement frozen-aware behaviors efficiently. Introduce a binder API for subscribing to frozen state change events. This allows programs to react to changes in peer process state, mitigating issues related to binder transactions sent to frozen processes. Implementation details: For a given binder_ref, the state of frozen notification can be one of the followings: 1. Userspace doesn't want a notification. binder_ref->freeze is null. 2. Userspace wants a notification but none is in flight. list_empty(&binder_ref->freeze->work.entry) = true 3. A notification is in flight and waiting to be read by userspace. binder_ref_freeze.sent is false. 4. A notification was read by userspace and kernel is waiting for an ack. binder_ref_freeze.sent is true. When a notification is in flight, new state change events are coalesced into the existing binder_ref_freeze struct. If userspace hasn't picked up the notification yet, the driver simply rewrites the state. Otherwise, the notification is flagged as requiring a resend, which will be performed once userspace acks the original notification that's inflight. See https://r.android.com/3070045 for how userspace is going to use this feature. Signed-off-by:
-
- Sep 03, 2024
-
-
Matthias Maennich authored
Bug: 360292654 Signed-off-by:Matthias Maennich <maennich@google.com> Change-Id: I4c741de74c30ce24eb64a57b939845e277dae6c0
-
- Sep 02, 2024
-
-
Will Deacon authored
If the IOMMU data abort handler has successfully handled the fault, we should return to next instruction in the host immediately and not run any further handlers. Bug: 357016611 Bug: 278749606 Signed-off-by:Will Deacon <willdeacon@google.com> Change-Id: Id652ac7559123cf6bb743067b69518e84699ccc9
-
Will Deacon authored
Commit 8c61291f ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purge_fragmented_block+0x204/0x21c | _vm_unmap_aliases+0x170/0x378 | vm_unmap_aliases+0x1c/0x28 | change_memory_common+0x1dc/0x26c | set_memory_ro+0x18/0x24 | module_enable_ro+0x98/0x238 | do_init_module+0x1b0/0x310 Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the addition to the xarray. Link: https://lkml.kernel.org/r/20240812171606.17486-1-will@kernel.org Fixes: 8c61291f ("mm: fix incorrect vbq reference in purge_fragmented_block") Signed-off-by:
Will Deacon <will@kernel.org> Reviewed-by:
Baoquan He <bhe@redhat.com> Reviewed-by:
Uladzislau Rezki (Sony) <urezki@gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang@unisoc.com> Cc: Hailong.Liu <hailong.liu@oppo.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 3e3de794 akpm/mm.git mm-hotfixes-stable) Bug: 357792929 Signed-off-by:
-
wuwei1 authored
Enable support for BBR (Bottleneck Bandwidth and RTT) TCP congestion control algorithm, which maximizes network utilization under certain scenarios. Note this still maintains CUBIC as the default algorithm. Bug: 362198193 Change-Id: I2885893e565f91d14cb2c139d975e4abfee80daf Signed-off-by:
wuwei1 <11150500@vivo.corp-partner.google.com> Signed-off-by:
-
- Sep 01, 2024
-
-
Linux Patches Robot authored
is_madv_discard did its check wrong. MADV_ flags are not bitwise, they're normal sequential numbers. So, for instance: behavior & (/* ... */ | MADV_REMOVE) tagged both MADV_REMOVE and MADV_RANDOM (bit 0 set) as discard operations. As a result the kernel could erroneously block certain madvises (e.g MADV_RANDOM or MADV_HUGEPAGE) on sealed VMAs due to them sharing bits with blocked MADV operations (e.g REMOVE or WIPEONFORK). This is obviously incorrect, so use a switch statement instead. Link: https://lkml.kernel.org/r/20240807173336.2523757-1-pedro.falcato@gmail.com Link: https://lkml.kernel.org/r/20240807173336.2523757-2-pedro.falcato@gmail.com Fixes: 8be7258a ("mseal: add mseal syscall") Signed-off-by:
Pedro Falcato <pedro.falcato@gmail.com> Tested-by:
Jeff Xu <jeffxu@chromium.org> Reviewed-by:
Jeff Xu <jeffxu@google.com> Change-Id: Ia74688deb004790c81aabd6a17d4b0af139bbd41
-
- Aug 30, 2024
-
-
Sai Harshini Nimmala authored
Add missing symbols to qcom symbol list. Bug: 363229748 Signed-off-by:Sai Harshini Nimmala <quic_snimmala@quicinc.com> Change-Id: I297a0e41ef86181717bbee4da118e3a3102e67e6
-
jiangxinpei authored
2 function symbol(s) added 'int __traceiter_android_vh_udp6_unicast_rcv_skb(void*, struct sk_buff*, struct sock*)' 'int __traceiter_android_vh_udp_unicast_rcv_skb(void*, struct sk_buff*, struct sock*)' 2 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_udp6_unicast_rcv_skb' 'struct tracepoint __tracepoint_android_vh_udp_unicast_rcv_skb' Bug: 362208332 Change-Id: Ie8e9d410b6c88beabfc290d85e9829afa90b379d Signed-off-by:xinpei jiang <jiangxinpei@honor.com>
-
jiangxinpei authored
1.android_vh_udp_unicast_rcv_skb For statistics of received IPv4 UDP packets for specified uids. 2.android_vh_udp6_unicast_rcv_skb For statistics of received IPv6 UDP packets for specified uids. Bug: 362208332 Change-Id: Ibd3a832b50966229c1f036c8b7589d43669f055e Signed-off-by: -
Greg Kroah-Hartman authored
FROMLIST: usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" In commit b16abab1 ("usb: typec: tcpm: unregister existing source caps before re-registration"), quilt, and git, applied the diff to the incorrect function, which would cause bad problems if exercised in a device with these capabilities. Fix this all up (including the follow-up fix in commit 04c05d50 ("usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps") to be in the correct function. Fixes: 04c05d50 ("usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps") Fixes: b16abab1 ("usb: typec: tcpm: unregister existing source caps before re-registration") Reported-by:
Charles Yo <charlesyo@google.com> Cc: Kyle Tso <kyletso@google.com> Cc: Amit Sunil Dhamne <amitsd@google.com> Cc: Ondrej Jirman <megi@xff.cz> Cc: Heikki Krogerus <heikki.krogerus@linux.intel.com> Cc: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by:
-
Hangyu Hua authored
[ Upstream commit affc18fd ] q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur. Bug: 349777785 Fixes: c2999f7f ("net: sched: multiq: don't call qdisc_put() while holding tree lock") Signed-off-by:
Hangyu Hua <hbh25y@gmail.com> Acked-by:
Cong Wang <cong.wang@bytedance.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Sasha Levin <sashal@kernel.org> (cherry picked from commit 0f208fad) Signed-off-by:
-
chunpeng li authored
Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef597 ("mm: memcg: fix split queue list crash when large folio migration") was right to fix the memcg-dependent locking broken in 85ce2c51 ("memcontrol: only transfer the memcg data for migration"), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the "right" lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio's reference count is temporarily frozen to 0 - adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it). Link: https://lkml.kernel.org/r/29c83d1a-11ca-b6c9-f92e-6ccb322af510@google.com Fixes: 9bcef597 ("mm: memcg: fix split queue list crash when large folio migration") Signed-off-by:
Hugh Dickins <hughd@google.com> Reviewed-by:
Baolin Wang <baolin.wang@linux.alibaba.com> Cc: Barry Song <baohua@kernel.org> Cc: David Hildenbrand <david@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Kefeng Wang <wangkefeng.wang@huawei.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Nhat Pham <nphamcs@gmail.com> Cc: Yang Shi <shy828301@gmail.com> Cc: Zi Yan <ziy@nvidia.com> Cc: <stable@vger.kernel.org> Signed-off-by:
chunpeng li <chunpng.lee@gmail.com> (cherry picked from commit be9581ea)
-
chunpeng li authored
When running autonuma with enabling multi-size THP, I encountered the following kernel crash issue: [ 134.290216] list_del corruption. prev->next should be fffff9ad42e1c490, but was dead000000000100. (prev=fffff9ad42399890) [ 134.290877] kernel BUG at lib/list_debug.c:62! [ 134.291052] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 134.291210] CPU: 56 PID: 8037 Comm: numa01 Kdump: loaded Tainted: G E 6.7.0-rc4+ #20 [ 134.291649] RIP: 0010:__list_del_entry_valid_or_report+0x97/0xb0 ...... [ 134.294252] Call Trace: [ 134.294362] <TASK> [ 134.294440] ? die+0x33/0x90 [ 134.294561] ? do_trap+0xe0/0x110 ...... [ 134.295681] ? __list_del_entry_valid_or_report+0x97/0xb0 [ 134.295842] folio_undo_large_rmappable+0x99/0x100 [ 134.296003] destroy_large_folio+0x68/0x70 [ 134.296172] migrate_folio_move+0x12e/0x260 [ 134.296264] ? __pfx_remove_migration_pte+0x10/0x10 [ 134.296389] migrate_pages_batch+0x495/0x6b0 [ 134.296523] migrate_pages+0x1d0/0x500 [ 134.296646] ? __pfx_alloc_misplaced_dst_folio+0x10/0x10 [ 134.296799] migrate_misplaced_folio+0x12d/0x2b0 [ 134.296953] do_numa_page+0x1f4/0x570 [ 134.297121] __handle_mm_fault+0x2b0/0x6c0 [ 134.297254] handle_mm_fault+0x107/0x270 [ 134.300897] do_user_addr_fault+0x167/0x680 [ 134.304561] exc_page_fault+0x65/0x140 [ 134.307919] asm_exc_page_fault+0x22/0x30 The reason for the crash is that, the commit 85ce2c51 ("memcontrol: only transfer the memcg data for migration") removed the charging and uncharging operations of the migration folios and cleared the memcg data of the old folio. During the subsequent release process of the old large folio in destroy_large_folio(), if the large folio needs to be removed from the split queue, an incorrect split queue can be obtained (which is pgdat->deferred_split_queue) because the old folio's memcg is NULL now. This can lead to list operations being performed under the wrong split queue lock protection, resulting in a list crash as above. After the migration, the old folio is going to be freed, so we can remove it from the split queue in mem_cgroup_migrate() a bit earlier before clearing the memcg data to avoid getting incorrect split queue. [akpm@linux-foundation.org: fix comment, per Zi Yan] Link: https://lkml.kernel.org/r/61273e5e9b490682388377c20f52d19de4a80460.1703054559.git.baolin.wang@linux.alibaba.com Fixes: 85ce2c51 ("memcontrol: only transfer the memcg data for migration") Signed-off-by:
Nhat Pham <nphamcs@gmail.com> Reviewed-by:
Yang Shi <shy828301@gmail.com> Reviewed-by:
Zi Yan <ziy@nvidia.com> Cc: David Hildenbrand <david@redhat.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Muchun Song <muchun.song@linux.dev> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by:
-
chunpeng li authored
For most migration use cases, only transfer the memcg data from the old folio to the new folio, and clear the old folio's memcg data. No charging and uncharging will be done. This shaves off some work on the migration path, and avoids the temporary double charging of a folio during its migration. The only exception is replace_page_cache_folio(), which will use the old mem_cgroup_migrate() (now renamed to mem_cgroup_replace_folio). In that context, the isolation of the old page isn't quite as thorough as with migration, so we cannot use our new implementation directly. This patch is the result of the following discussion on the new hugetlb memcg accounting behavior: https://lore.kernel.org/lkml/20231003171329.GB314430@monkey/ Link: https://lkml.kernel.org/r/20231006184629.155543-3-nphamcs@gmail.com Signed-off-by:
Johannes Weiner <hannes@cmpxchg.org> Acked-by:
-
zhujingpeng authored
1 function symbol(s) added 'int __traceiter_android_vh_mutex_unlock_slowpath_before_wakeq(void*, struct mutex*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_vh_mutex_unlock_slowpath_before_wakeq' Bug: 362700382 Change-Id: I96f00ca0a7539f319f711e33e3a757e04c0b08ca Signed-off-by:zhujingpeng <zhujingpeng@vivo.com>
-
zhujingpeng authored
This hook is used to modify the variables in mutex oemdata when the task releases mutex lock. This code cannot be done in existing hook trace_android_vh_mutex_unlock_slowpath(), because it is executed after wake_up_q, and there is a risk that the mutex object has been freed. Bug: 362700382 Change-Id: I7787c0ea51959642a010891606b2bc39fe056dd2 Signed-off-by: -
Darren Chang authored
ANDROID: Add CtsLibcoreLegacy22TestCases and high percen coverage CtsCameraTestCases to the kernel-presubmit group Bug: 360874465 Change-Id: Id2b4dbb5a8677ed36598eb1cc9d35ae6418784ad Signed-off-by:Darren Chang <chihsheng@google.com>
-
