android-verity documentation states that the target expectets
the key, followed by the backing device on the commandline as follows
"dm=system none ro,0 1 android-verity <public-key-id> <backing-partition>"
However, the code actually expects the backing device as the first
parameter. Fix that.
Bug: 72722987
Change-Id: Ibd56c0220f6003bdfb95aa2d611f787e75a65c97
Signed-off-by: Sandeep Patil <sspatil@google.com>
Fixed bio API calls as they changed from 4.4 to 4.9.
Fixed the driver to use the new verify_signature_one() API.
Remove the dead code resulted from the rebase.
Bug: 72722987
Test: Build and boot hikey with system partition mounted as root using
android-verity
Signed-off-by: Sandeep Patil <sspatil@google.com>
Change-Id: I1e29111d57b62f0451404c08d49145039dd00737
The builtin keyring was exported prior to this which allowed
android-verity to simply lookup the key in the builtin keyring and
verify the signature of the verity metadata.
This is now broken as the kernel expects the signature to be
in pkcs#7 format (same used for module signing). Obviously, this doesn't
work with the verity metadata as we just append the raw signature in the
metadata .. sigh.
*This one time*, add an API to accept arbitrary signature and verify
that with a key from system's trusted keyring.
Bug: 72722987
Test:
$ adb push verity_fs.img /data/local/tmp/
$ adb root && adb shell
> cd /data/local/tmp
> losetup /dev/block/loop0 verity_fs.img
> dmctl create verity-fs android-verity 0 4200 Android:#7e4333f9bba00adfe0ede979e28ed1920492b40f 7:0
> mount -t ext4 /dev/block/dm-0 temp/
> cat temp/foo.txt temp/bar.txt
Change-Id: I0c14f3cb2b587b73a4c75907367769688756213e
Signed-off-by: Sandeep Patil <sspatil@google.com>
Tasklist lock is acuquired in uid_cputime_show for updating the stats
for all tasks in the system. This can potentially disable preemption
for several milli seconds. Replace tasklist_lock with RCU read side
primitives.
Change-Id: Ife69cb577bfdceaae6eb21b9bda09a0fe687e140
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
next_descendent did not properly handle the case
where the initial mount had no slaves. In this case,
we would look for the next slave, but since don't
have a master, the check for wrapping around to the
start of the list will always fail. Instead, we check
for this case, and ensure that we end the iteration
when we come back to the root.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 62094374
Change-Id: I43dfcee041aa3730cb4b9a1161418974ef84812e
Every time _cpu_up() is called for a CPU, idle_thread_get() is called
which then re-initializes a CPU's idle thread that was already
previously created and cached in a global variable in
smpboot.c. idle_thread_get() calls init_idle() which then calls
__sched_fork(). __sched_fork() is where cpufreq_task_times_init() is,
and cpufreq_task_times_init() allocates memory for the task struct's
time_in_state array.
Since idle_thread_get() reuses a task struct instance that was already
previously created, this means that every time it calls init_idle(),
cpufreq_task_times_init() allocates this array again and overwrites
the existing allocation that the idle thread already had.
This causes memory to be leaked every time a CPU is onlined. In order
to fix this, move allocation of time_in_state into _do_fork to avoid
allocating it at all for idle threads. The cpufreq times interface is
intended to be used for tracking userspace tasks, so we can safely
remove it from the kernel's idle threads without killing any
functionality.
But that's not all!
Task structs can be freed outside of release_task(), which creates
another memory leak because a task struct can be freed without having
its cpufreq times allocation freed. To fix this, free the cpufreq
times allocation at the same time that task struct allocations are
freed, in free_task().
Since free_task() can also be called in error paths of copy_process()
after dup_task_struct(), set time_in_state to NULL immediately after
calling dup_task_struct() to avoid possible double free.
Bug description and fix adapted from patch submitted by
Sultan Alsawaf <sultanxda@gmail.com> at
https://android-review.googlesource.com/c/kernel/msm/+/700134
Bug: 110044919
Test: Hikey960 builds, boots & reports /proc/<pid>/time_in_state
correctly
Change-Id: I12fe7611fc88eb7f6c39f8f7629ad27b6ec4722c
Signed-off-by: Connor O'Brien <connoro@google.com>
Add empty versions of functions to cpufreq_times.h to cut down on use
of #ifdef in .c files.
Test: kernel builds with and without CONFIG_CPU_FREQ_TIMES=y
Change-Id: I49ac364fac3d42bba0ca1801e23b15081094fb12
Signed-off-by: Connor O'Brien <connoro@google.com>
sdcardfs_mkdir() calls check_min_free_space(). When reserved_mb is not zero, a negative dentry will be passed to
ext4_statfs() at last and ext4_statfs() will crash. The parent dentry is positive. So we use the parent dentry to
check free space.
Change-Id: I80ab9623fe59ba911f4cc9f0e029a1c6f7ee421b
Signed-off-by: Lianjun Huang <huanglianjun@vivo.com>
This change adds a kernel config for default enable
the check_at_most_once dm-verity option. This is to give us
the ability to enforce the usage of at_most_once
for entry-level phones.
Change-Id: Id40416672c4c2209a9866997d8c164b5de5dc7dc
Signed-off-by: Patrik Torstensson <totte@google.com>
Bug: 72664474
Add a userspace visible knob to tell the VM to keep an extra amount
of memory free, by increasing the gap between each zone's min and
low watermarks.
This is useful for realtime applications that call system
calls and have a bound on the number of allocations that happen
in any short time period. In this application, extra_free_kbytes
would be left at an amount equal to or larger than than the
maximum number of allocations that happen in any burst.
It may also be useful to reduce the memory use of virtual
machines (temporarily?), in a way that does not cause memory
fragmentation like ballooning does.
[ccross]
Revived for use on old kernels where no other solution exists.
The tunable will be removed on kernels that do better at avoiding
direct reclaim.
[surenb]
Will be reverted as soon as Android framework is reworked to
use upstream-supported watermark_scale_factor instead of
extra_free_kbytes.
Bug: 86445363
Change-Id: I765a42be8e964bfd3e2886d1ca85a29d60c3bb3e
Signed-off-by: Rik van Riel<riel@redhat.com>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Merge with the configs from kernel/configs.git added recently.
This should fix ipsec VPN functionality.
Bug: 80540078
Change-Id: I9cc99f5e34d2809670fe2fc0df121610657f6769
Signed-off-by: Alistair Strachan <astrachan@google.com>
When uid_base_stuff has no entries, proc_uid_base_readdir tries to
compute an address before the start of the array. Revise this check to
use uid_base_stuff + nents instead, which makes the code valid
regardless of array size.
Bug: 80158484
Test: No more compiler warning with CONFIG_CPU_FREQ_TIMES=n
Change-Id: I6e55b27c3ba8210cee194f6d27bbd62c0b263796
Signed-off-by: Connor O'Brien <connoro@google.com>
Disable the ORC unwinder. This feature requires libelf-dev, which is
breaking some automated build systems that do not have it installed.
As we already enabled CONFIG_FRAME_POINTER, we already incurred the
performance penalty of the legacy stack unwinder, so this is pretty
much a no-op change.
Bug: 63889157
Change-Id: Ic0704ebb726c97449ed873556262cc0db3e9a6cf
Signed-off-by: Alistair Strachan <astrachan@google.com>
The last upgrade introduced a new build failure, because it had a bug
which caused it to emit PLT relocations, certain types of which cannot
be handled by the reloc tool in the kernel.
See https://bugs.llvm.org/show_bug.cgi?id=36674 for more details.
Bug: 63889157
Change-Id: I813febdbacb0579abcb12dc7f2164cce1e2f5a26
Signed-off-by: Alistair Strachan <astrachan@google.com>
Use the same clang version as hikey-linaro.
Bug: 63889157
Change-Id: I6932d6149642d429086207e63aa8a8d5c2afd6f7
Signed-off-by: Alistair Strachan <astrachan@google.com>
Reconcile with changes made to the kernel manifest. Clang must come from
master because it was not usable for kernel builds in older branches of
the Android platform.
Bug: 63889157
Change-Id: Id0a080fc2f1cba495f37f26afa48e43e736b756a
Signed-off-by: Alistair Strachan <astrachan@google.com>
After d_revalidate returns 0, the vfs will call
d_invalidate, which will call d_drop itself, along
with other cleanup.
Bug: 78262592
Change-Id: Idbb30e008c05d62edf2217679cb6a5517d8d1a2c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Remove keychord driver, replaced in user space by
https://android-review.googlesource.com/c/677629.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Cc: Jin Qian <jinqian@google.com>
Cc: Amit Pundir <amit.pundir@linaro.org>
Bug: 64114943
Change-Id: I0b673a5c68dbe28afa033d2ca70e12daea144b2a
Bug: 79166848
Change-Id: I41d2fe57b377e305b4b68c30c98ee94643d142e4
Test: Build a kernel with trace_prink and see warning
Signed-off-by: Wei Wang <wvw@google.com>
Add C wrappers to allow indirect calls to sha[12]_ce_transform
without tripping CFI.
Bug: 67506682
Change-Id: If872f30095994206bc768eee13670be552b2a247
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Disable CFI for code that runs at EL2 because __cfi_check only
understands EL1 addresses.
Bug: 67506682
Change-Id: Ia582943be0b31669d88464fd99228a5368b1aa6a
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
4.9.93 panics on boot when CFI_CLANG and UNMAP_KERNEL_AT_EL0 are both
enabled. From Sami Tolvanen:
"kpti_install_ng_mappings makes an indirect call to a physical address,
which trips CFI. Adding the __nocfi attribute to this function should
fix the problem."
Bug: 77811249
Change-Id: I87d1ceb29f1ba2caee8954547596f4236bdfc31f
Reported-by: Jean-Baptiste Theou <jb@essential.com>
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Disable CFI to allow an indirect call to a physical address.
Bug: 67506682
Change-Id: I0ec38f34245a4ad52f508f6989093526d3bf442f
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
With CFI enabled, LLVM appends .cfi to most function names, which
potentially breaks user space tools. While stripping the postfix is
not optimal either, this should at least create less confusion.
Bug: 67506682
Bug: 73328469
Change-Id: I253f34a562629032ddd792b8498e171109ea7cbc
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This change adds the CONFIG_CFI_CLANG option, CFI error handling,
and a faster look-up table for cross module CFI checks.
Bug: 67506682
Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
[AmitP: Rebased to newer kernels without clang LTO support]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
d_make_root will call iput on failure, so we
shouldn't try to do that ourselves.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 77923821
Change-Id: I1abb4afb0f894ab917b7c6be8c833676f436beb7
When an sdcardfs dentry is destroyed, it may not yet
have its fsdata initialized. It must be checked before
we try to access the paths in its private data.
Additionally, when cleaning up the superblock after
a failure, we don't have our sb private data, so
check for that case.
Bug: 77923821
Change-Id: I89caf6e121ed86480b42024664453fe0031bbcf3
Signed-off-by: Daniel Rosenberg <drosen@google.com>
The build server config can be used with gcc or clang.
Specify CC=clang to build with clang.
Change-Id: Id346ab1489ecaaef8e9e66b084cc416dd0581f69
Signed-off-by: Alistair Strachan <astrachan@google.com>
This file is based on x86_64_defconfig, merged with the base and
recommended configs from configs.git, with the virtio drivers enabled
and some spurious kernel features turned off.
Change-Id: I61bde941e8cfef2dd83cb4ff040f7380922cc44e
Signed-off-by: Alistair Strachan <astrachan@google.com>
Add per-uid files that report the data in binary format rather than
text, to allow faster reading & parsing by userspace.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: compare values to those reported in /proc/uid_time_in_state
Change-Id: I463039ea7f17b842be4c70024fe772539fe2ce02
Add support for reporting per-uid information through procfs, roughly
following the approach used for per-tid and per-tgid directories in
fs/proc/base.c.
This also entails some new tracking of which uids have been used, to
avoid losing information when the last task with a given uid exits.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: ls /proc/uid/; compare with UIDs in /proc/uid_time_in_state
Change-Id: I0908f0c04438b11ceb673d860e58441bf503d478
Add time in state data to task structs, and create
/proc/<pid>/time_in_state files to show how long each individual task
has run at each frequency.
Create a CONFIG_CPU_FREQ_TIMES option to enable/disable this tracking.
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 72339335
Test: Read /proc/<pid>/time_in_state
Change-Id: Ia6456754f4cb1e83b2bc35efa8fbe9f8696febc8
page allocated in fuse_dentry_canonical_path to be handled in
fuse_dev_do_write is allocated using __get_free_pages(GFP_KERNEL).
This may not return a page with data filled with 0. Now this
page may not have a null terminator at all.
If this happens and userspace fuse daemon screws up by passing a string
to kernel which is not NULL terminated (or did not fill anything),
then inside fuse driver in kernel when we try to do
strlen(fuse_dev_write->kern_path->getname_kernel)
on that page data -> it may give us issue with kernel paging request.
Unable to handle kernel paging request at virtual address
------------[ cut here ]------------
<..>
PC is at strlen+0x10/0x90
LR is at getname_kernel+0x2c/0xf4
<..>
strlen+0x10/0x90
kern_path+0x28/0x4c
fuse_dev_do_write+0x5b8/0x694
fuse_dev_write+0x74/0x94
do_iter_readv_writev+0x80/0xb8
do_readv_writev+0xec/0x1cc
vfs_writev+0x54/0x64
SyS_writev+0x64/0xe4
el0_svc_naked+0x24/0x28
To avoid this we should ensure in case of FUSE_CANONICAL_PATH,
the page is null terminated.
Change-Id: I33ca7cc76b4472eaa982c67bb20685df451121f5
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Bug: 75984715
[Daniel - small edit, using args size ]
Signed-off-by: Daniel Rosenberg <drosen@google.com>
sdcardfs_name_match gets a 'name' argument from the underlying FS.
This need not be null terminated string.
So in sdcardfs_name_match -> qstr_case_eq -> we should use
str_n_case_eq.
This happens because few of the entries in lower level FS may not be
NULL terminated and may have some garbage characters passed while
doing sdcardfs_name_match.
For e.g.
# dmesg |grep Download
[ 103.646386] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 104.021340] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 105.196864] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 109.113521] sdcardfs_name_match: q1->name=logs, q1->len=4,
q2->name=Download\x17\x80\x03, q2->len=8
Now when we try to create a directory with different case for a such
files. SDCARDFS creates a entry if it could not find the underlying
entry in it's dcache.
To reproduce:-
1. bootup the device wait for some time after sdcardfs mounting to
complete.
2. cd /storage/emulated/0
3. echo 3 > /proc/sys/vm/drop_caches
4. mkdir download
We now start seeing two entries with name.
Download & download.
Change-Id: I976d92a220a607dd8cdb96c01c2041c5c2bc3326
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
bug: 75987238
While doing parallel builds using "make -j" option, I ran into
a build race condition a few times where-in Image.gz-dtb target
starts building before Image.gz is even ready, resulting in a
corrupt Image.gz-dtb kernel image.
How to reproduce -->
$ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-androidkernel- defconfig menuconfig
+
CONFIG_BUILD_ARM64_APPENDED_DTB_IMAGE=y
CONFIG_BUILD_ARM64_APPENDED_DTB_IMAGE_NAMES="qcom/apq8096-db820c"
$ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-androidkernel- -j9
<snip> ..
SYSMAP System.map
OBJCOPY arch/arm64/boot/Image
GZIP arch/arm64/boot/Image.gz
DTC arch/arm64/boot/dts/qcom/apq8096-db820c.dtb
Building modules, stage 2.
CAT arch/arm64/boot/Image.gz-dtb
GZIP arch/arm64/boot/Image.gz
.. <snip>
$ du -sh arch/arm64/boot/Image.gz-dtb
28K arch/arm64/boot/Image.gz-dtb
When built with this patch -->
$ du -sh arch/arm64/boot/Image.gz-dtb
8.9M arch/arm64/boot/Image.gz-dtb
Let's make Image.gz-dtb build target depend on Image.gz explicitly.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
get_task_comm() currently checks if buf_size != TASK_COMM_LEN
and fails even if sizeof(buf) > TASK_COMM_LEN.
Change-Id: Icb3e9c172607534ef1db10baf5d626083db73498
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
