| Age | Commit message (Collapse) | Author |
|---|
|
Bug: 31796270
Test: Manually tested on x86_64.
Signed-off-by: David Zeuthen <zeuthen@google.com>
Patchset: init-dm
Change-Id: I3688001cf69a2c82bc417482e2a538c76abd3618
|
|
A proper definition of sdio_reset_comm() was brought in when merging
Android-specific common kernel changes into Brillo's common kernel. We
can now the hack compile fix hack in bcmsdh_sdmmc.c.
Bug: 25923642
Patchset: wlan0 up on kylin board, iw is normal connect the AP.
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I7fea434b7f173b25acab2942eba106c2da542457
|
|
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 29823941
Patchset: keys-fixes
(cherry-picked from 38327424b40bcebe2de92d07312c89360ac9229a)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I89dbb7761ffd4e7bf2ed59189704ebfdbad59bd0
|
|
This fixes CVE-2016-0758.
In the ASN.1 decoder, when the length field of an ASN.1 value is extracted,
it isn't validated against the remaining amount of data before being added
to the cursor. With a sufficiently large size indicated, the check:
datalen - dp < 2
may then fail due to integer overflow.
Fix this by checking the length indicated against the amount of remaining
data in both places a definite length is determined.
Whilst we're at it, make the following changes:
(1) Check the maximum size of extended length does not exceed the capacity
of the variable it's being stored in (len) rather than the type that
variable is assumed to be (size_t).
(2) Compare the EOC tag to the symbolic constant ASN1_EOC rather than the
integer 0.
(3) To reduce confusion, move the initialisation of len outside of:
for (len = 0; n > 0; n--) {
since it doesn't have anything to do with the loop counter n.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Peter Jones <pjones@redhat.com>
Bug: 29814470
Patchset: keys-fixes
(cherry-picked from 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I9e4ee09f93913092c15a51e572551da21904d082
|
|
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Problem is that mark_source_chains should not have been called --
the rule doesn't have a next entry, so its supposed to return
an absolute verdict of either ACCEPT or DROP.
However, the function conditional() doesn't work as the name implies.
It only checks that the rule is using wildcard address matching.
However, an unconditional rule must also not be using any matches
(no -m args).
The underflow validator only checked the addresses, therefore
passing the 'unconditional absolute verdict' test, while
mark_source_chains also tested for presence of matches, and thus
proceeeded to the next (not-existent) rule.
Unify this so that all the callers have same idea of 'unconditional rule'.
Reported-by: Ben Hawkes <hawkes@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Bug: 28940694
Patchset: netfilter-x-tables-unconditional-helper
(cherry-picked from 54d83fc74aa9ec72794373cb47432c5f7fb1a309)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I27f66a808a5795aac1a58fd6b76b1a7e11d0b62a
|
|
usbnet_link_change will call schedule_work and should be
avoided if bind is failing. Otherwise we will end up with
scheduled work referring to a netdev which has gone away.
Instead of making the call conditional, we can just defer
it to usbnet_probe, using the driver_info flag made for
this purpose.
Fixes: 8a34b0ae8778 ("usbnet: cdc_ncm: apply usbnet_link_change")
Reported-by: Andrey Konovalov <andreyknvl@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: 28744625
Patchset: net-usb-cdc-ncm-link-change-fix
(cherry-picked from 4d06dd537f95683aba3651098ae288b7cbff8274)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I844c8cd517a4973a8a23621ffcc472251e000923
|
|
Backport notes: This resolves clk warnings in the designware i2c
driver on HiKey seen during suspend/resume.
Cherrypicked from: aa8e54b559479d0cb7eb632ba443b8cacd20cd4b
If a suitable prepare callback cannot be found for a given device and
its driver has no PM callbacks at all, assume that it can go direct to
complete when the system goes to sleep.
The reason for this is that there's lots of devices in a system that do
no PM at all and there's no reason for them to prevent their ancestors
to do direct_complete if they can support it.
Change-Id: Ia773afb4b266f012336b99fc8cf87453839e078b
Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[jstultz: Backported to 4.4]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: None
Patchset: power-sleep-direct-complete
(backported from aa8e54b559479d0cb7eb632ba443b8cacd20cd4b)
Signed-off-by: Mattias Nissler <mnissler@google.com>
|
|
The stack object “ci” has a total size of 8 bytes. Its last 3 bytes
are padding bytes which are not initialized and leaked to userland
via “copy_to_user”.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 28619695
Patchset: usbfs-devio-info-leak
(cherry-picked from 681fef8380eb818c0b845fca5d2ab1dcbab114ee)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I7bdfdbb6f04ef788d55e4c10db785fb36cd832b2
|
|
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Bug: None
Patchset: alsa-info-leak-fixes
(cherry-picked from e4ec8cc8039a7063e24204299b462bd1383184a5)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I773118fa3920f852c56c4687d5606bbe3f138ca6
|
|
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Bug: None
Patchset: alsa-info-leak-fixes
(cherry-picked from 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I1b39596fc3f9ba5ee3c7eece646c4807e0ca2cc7
|
|
The stack object “tread” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Bug: None
Patchset: alsa-info-leak-fixes
(cherry-picked from cec8f96e49d9be372fdb0c3836dcf31ec71e457e)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I6f1072552af4f189cec4ee5d85c6391cf8eb18a4
|
|
The stack object “map” has a total size of 32 bytes. Its last 4
bytes are padding generated by compiler. These padding bytes are
not initialized and sent out via “nla_put”.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: 28620102
Patchset: netlink-info-leak-fix
(cherry-picked from 5f8e44741f9f216e33736ea4ec65ca9ac03036e6)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I4e0585403a4599de8e926e8c6a87aae327a0a1b7
|
|
In case some sysfs nodes needs to be labeled with a different label than
sysfs then user needs to be notified when a core is brought back online.
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Bug: 29359497
Patchset: cpu-online-event
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: If8ac6286947f6e359bc190caf14eda80c9d61b87
|
|
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Bug: 29054680
Patchset: perf-lockdown
(patch from https://lkml.org/lkml/2016/1/11/587)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I2f2c625205358d68086c32e35b9ca814252786c4
|
|
perf_event_paranoid was only documented in source code and a perf error
message. Copy the documentation from the error message to
Documentation/sysctl/kernel.txt.
perf_cpu_time_max_percent was already documented but missing from the
list at the top, so add it there.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/20160119213515.GG2637@decadent.org.uk
[ Remove reference to external Documentation file, provide info inline, as before ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Bug: 29054680
Patchset: perf-lockdown
(backported from 3379e0c3effa87d7734fc06277a7023292aadb0c)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I0373a15cfa0aae9123570af7095994b5cf8cd9ef
|
|
Compilers may engage the improbability drive when encountering shifts
by a distance that is a multiple of the size of the operand type. Since
the required bounds check is very simple here, we can get rid of all the
fuzzy masking, shifting and comparing, and use the documented bounds
directly.
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Bug: None
Patchset: arm64-kmod-loading-fixes
(cherry-picked from f930896967fa3f9ab16a6f87267b92798308d48f)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I4edb68cd15f7a41dd42c3b6480c688183b853430
|
|
immediate
The test whether a movz instruction with a signed immediate should be
turned into a movn instruction (i.e., when the immediate is negative)
is flawed, since the value of imm is always positive. Also, the
subsequent bounds check is incorrect since the limit update never
executes, due to the fact that the imm_type comparison will always be
false for negative signed immediates.
Let's fix this by performing the sign test on sval directly, and
replacing the bounds check with a simple comparison against U16_MAX.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[will: tidied up use of sval, renamed MOVK enum value to MOVKZ]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Bug: None
Patchset: arm64-kmod-loading-fixes
(cherry-picked from b24a557527f97ad88619d5bd4c8017c635056d69)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: If881c1c7fcd6e67c835cb1b678654b9545ba3192
|
|
This fixes:
net/mac80211/mesh_hwmp.c:603:26: warning: ‘target_metric’ may be used uninitialized in this function
target_metric is only consumed when reply = true so no bug exists here,
but not all versions of gcc realize it. Initialize to 0 to remove the
warning.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: None
Patchset: net-mac80211-target-metric-warning
(cherry-picked from b4201cc4fc6e1c57d6d306b1f787865043d60129)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Iee90826d8a0b7db8eb2e19c3e567dfe779c99f7a
|
|
The PR_DUMPABLE flag causes the pid related paths of the proc file
system to be owned by ROOT.
The implementation of pthread_set/getname_np however needs access to
/proc/<pid>/task/<tid>/comm. If PR_DUMPABLE is false this
implementation is locked out.
This patch installs a special permission function for the file "comm"
that grants read and write access to all threads of the same group
regardless of the ownership of the inode. For all other threads the
function falls back to the generic inode permission check.
[akpm@linux-foundation.org: fix spello in comment]
Signed-off-by: Janis Danisevskis <jdanis@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Colin Ian King <colin.king@canonical.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Minfei Huang <mnfhuang@gmail.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Calvin Owens <calvinowens@fb.com>
Cc: Jann Horn <jann@thejh.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: None
Patchset: procfs-cross-thread-naming
(cherry-picked from 1b3044e39a89cb1d4d5313da477e8dfea2b5232d)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ib4a1d8532561cd87eed1e1c820155d97c0149dfe
|
|
When you configure (set it up) a STA interface, the driver
install a multicast filter. This is normal behavior, when
one application subscribe to multicast address the filter
is updated. When Access Point interface is configured, there
is no filter installation and the "filter update" path is
disabled in the driver.
The problem happens when you switch an interface from STA
type to AP type. The filter is installed but there are no
means to update it.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Bug: None
Patchset: wlcore-disable-filtering
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I1853c2e2c592216e0e88fb4f33e46bf094a4aa4a
|
|
Here is just the quick fix for tracefs with selinux.
just add tracefs to the list of whitelisted filesystem
types in selinux_is_sblabel_mnt(), but the right fix would be to
generalize this logic as described in the last item on the todo list,
https://bitbucket.org/seandroid/wiki/wiki/ToDo
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Bug: None
Patchset: selinux-tracefs
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I141d016ea4931911414ae8555afc8f3d76f8fcfb
|
|
Backport notes:
Backport uses kernel_module_from_file not kernel_read_file hook.
kernel_read_file replaced kernel_module_from_file in the 4.6 kernel.
There are no inode_security_() helper functions (also introduced in
4.6) so the inode lookup is done using the file_inode() helper which
is standard for kernel version < 4.6.
(Cherry picked from commit 61d612ea731e57dc510472fb746b55cdc017f371)
Utilize existing kernel_read_file hook on kernel module load.
Add module_load permission to the system class.
Enforces restrictions on kernel module origin when calling the
finit_module syscall. The hook checks that source type has
permission module_load for the target type.
Example for finit_module:
allow foo bar_file:system module_load;
Similarly restrictions are enforced on kernel module loading when
calling the init_module syscall. The hook checks that source
type has permission module_load with itself as the target object
because the kernel module is sourced from the calling process.
Example for init_module:
allow foo foo:system module_load;
Bug: 27824855
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Patchset: selinux-kmod-loading
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I9d611259ccce060e0a866e645a3bcf6c466b658f
|
|
When CONFIG_MMC_SIMULATE_MAX_SPEED is enabled, Expose max_read_speed,
max_write_speed and cache_size default module parameters and sysfs
controls to simulate a slow eMMC device. Default values are 0 (off),
0 (off) and 4 MB respectively.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Bug: 26976972
Patchset: mmc-simulate-max-speed
(patch from https://patchwork.kernel.org/patch/8714661/)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ifa1870e2b416664c2c00796021f805ac7cbcc453
|
|
do_div was replaced with div64_u64 at some point, causing a bug
with block calculation due to incompatible semantics of the two
functions.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Fixes: a739ff3f543a ("dm verity: add support for forward error correction")
Bug: None
Patchset: dm-verity
(patch from https://patchwork.kernel.org/patch/9191189/)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ib8f4b353e6db936e3da4f3914fd638f32035796b
|
|
If verity tree itself is sufficiently corrupted in addition to data
blocks, it's possible for error correction to end up in a deep recursive
error correction loop that eventually causes a kernel panic as follows:
[ 14.728962] [<ffffffc0008c1a14>] verity_fec_decode+0xa8/0x138
[ 14.734691] [<ffffffc0008c3ee0>] verity_verify_level+0x11c/0x180
[ 14.740681] [<ffffffc0008c482c>] verity_hash_for_block+0x88/0xe0
[ 14.746671] [<ffffffc0008c1508>] fec_decode_rsb+0x318/0x75c
[ 14.752226] [<ffffffc0008c1a14>] verity_fec_decode+0xa8/0x138
[ 14.757956] [<ffffffc0008c3ee0>] verity_verify_level+0x11c/0x180
[ 14.763944] [<ffffffc0008c482c>] verity_hash_for_block+0x88/0xe0
This change limits the recursion to a reasonable level during a single
I/O operation.
Contains subsequent fix:
Sami Tolvanen <samitolvanen@google.com>:
ANDROID: dm verity fec: initialize recursion level
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Bug: 28943429
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I42d0871f9deb401e05e5985117735dc1f68c5c38
|
|
Add a sysfs entry that allows user space to determine whether dm-verity
has come across correctable errors on the underlying block device.
Contains subsequent fix:
Sami Tolvanen <samitolvanen@google.com>:
ANDROID: dm verity fec: add missing release from fec_ktype
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Bug: 22655252
Bug: 27928374
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I9e6eb6c5c10b699123709aa9684386649cbd70ff
|
|
If ignore_zero_blocks is enabled dm-verity will return zeroes for blocks
matching a zero hash without validating the content.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I238a1d65611ce6d0acc7908cd412e85750234672
|
|
Add support for correcting corrupted blocks using Reed-Solomon.
This code uses RS(255, N) interleaved across data and hash
blocks. Each error-correcting block covers N bytes evenly
distributed across the combined total data, so that each byte is a
maximum distance away from the others. This makes it possible to
recover from several consecutive corrupted blocks with relatively
small space overhead.
In addition, using verity hashes to locate erasures nearly doubles
the effectiveness of error correction. Being able to detect
corrupted blocks also improves performance, because only corrupted
blocks need to corrected.
For a 2 GiB partition, RS(255, 253) (two parity bytes for each
253-byte block) can correct up to 16 MiB of consecutive corrupted
blocks if erasures can be located, and 8 MiB if they cannot, with
16 MiB space overhead.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I4a817b80d1ebddb804a68640dee12d13f5fd258c
|
|
verity_for_bv_block() will be re-used by optional dm-verity object.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I563bc7f0b9fe419721c96ac5a0d611f3062e46a1
|
|
object
Prepare for an optional verity object to make use of existing dm-verity
structures and functions.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: If6943ef869c121fc4ae3be901020eac587028af3
|
|
Prepare for extending dm-verity with an optional object. Follows the
naming convention used by other DM targets (e.g. dm-cache and dm-era).
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Icb5b4a2113fb8422136aaab279c11658692f9360
|
|
Move optional argument parsing into a separate function to make it
easier to add more of them without making verity_ctr even longer.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I089ebbdb1bf984d89f3a4ba14bedafc9c91cdeac
|
|
Handle dm-verity salting in one place to simplify the code.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I5b30794cf0c6df4ab3f28739eeee44e41f3cf0e8
|
|
Device mapper used the field bi_private to point to dm_target_io. However,
since kernel 3.15, the bi_private field is unused, and so the targets do
not need to save and restore this field.
This patch removes code that saves and restores bi_private from dm-cache,
dm-snapshot and dm-verity.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Bug: None
Patchset: dm-verity
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I918dae5fd4c1fd166efa80ccd8ffa7803216f2b3
|
|
Only included the source code as is for kernel 3.0. Following patches
take care of porting this file system to version 3.10.
Includes fixes and subsequent work:
Daniel Campello <campello@google.com>:
Port of sdcardfs to 4.4
Daniel Campello <campello@google.com>:
Changed type-casting in packagelist management
Daniel Rosenberg <drosen@google.com>:
sdcardfs: Bring up to date with Android M permissions:
Daniel Rosenberg <drosen@google.com>:
sdcardfs: Add support for d_canonical_path
Guenter Roeck <groeck@chromium.org>:
fs: sdcardfs: Declare LOOKUP_CASE_INSENSITIVE unconditionally
Daniel Rosenberg <drosen@google.com>:
sdcardfs: remove effectless config option
Daniel Rosenberg <drosen@google.com>:
sdcardfs: Remove unused code
Daniel Rosenberg <drosen@google.com>:
sdcardfs: remove unneeded __init and __exit
Daniel Rosenberg <drosen@google.com>:
vfs: change d_canonical_path to take two paths
Guenter Roeck <groeck@chromium.org>:
fs: Export d_absolute_path
Guenter Roeck <groeck@chromium.org>:
mm: Export do_munmap
Julia Lawall <julia.lawall@lip6.fr>:
ANDROID: sdcardfs: fix itnull.cocci warnings
Daniel Rosenberg <drosen@google.com>:
sdcardfs: Truncate packages_gid.list on overflow
Signed-off-by: Daniel Campello <campello@google.com>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Bug: None
Patchset: fs-sdcardfs
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ieaa4626f8c38b1c1df4c1f30444a3438541ed5a4
|
|
Allows FUSE to report to inotify that it is acting
as a layered filesystem. The userspace component
returns a string representing the location of the
underlying file. If the string cannot be resolved
into a path, the top level path is returned instead.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 23904372
Patchset: fs-dentry-canonical-path
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ib493fc72076ea1c0fa3e9139752ba7f6bc1a5a6b
|
|
Inotify does not currently know when a filesystem
is acting as a wrapper around another fs. This means
that inotify watchers will miss any modifications to
the base file, as well as any made in a separate
stacked fs that points to the same file.
d_canonical_path solves this problem by allowing the fs
to map a dentry to a path in the lower fs. Inotify
can use it to find the appropriate place to watch to
be informed of all changes to a file.
Includes subsequent work and fixes:
Daniel Rosenberg <drosen@google.com>:
inotify: Fix erroneous update of bit count
Daniel Rosenberg <drosen@google.com>:
inotify: Fix erroneous update of bit count
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 23904372
Patchset: fs-dentry-canonical-path
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I3ed224cdcf589ac3b46fafd3d90b9775bf68f3cd
|
|
Running dm-crypt in a standard workqueue results in IO competing for CPU
time with standard user apps, which can lead to pipeline bubbles and
seriously degraded performance. Move to a WQ_HIGHPRI workqueue to
protect against that.
Signed-off-by: Tim Murray <timmurray@google.com>
Bug: 25392275
Patchset: dm-crypt-highpri-workqueue
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ice4e98c32591f17b1400cfe12b82fa54e9ada1cf
|
|
do_div() must only be used with a u64 dividend.
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Bug: None
Patchset: do-div-fixes
(cherry-picked from 8d43b49e7e0070f96ac46d30659a336c0224fa0b)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ib1775ac90c5eea27bbc42f7107197f2149e28219
|
|
Lorenzo reported that we could not properly find v4mapped sockets
in inet_diag_find_one_icsk(). This patch fixes the issue.
[cherry-pick of fc439d9489479411fbf9bbbec2c768df89e85503]
Reported-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Ib943434c45e1afd61c435d5cc8398bb990ac28eb
|
|
When closing a listen socket, tcp_abort currently calls
tcp_done without clearing the request queue. If the socket has a
child socket that is established but not yet accepted, the child
socket is then left without a parent, causing a leak.
Fix this by setting the socket state to TCP_CLOSE and calling
inet_csk_listen_stop with the socket lock held, like tcp_close
does.
Tested using net_test. With this patch, calling SOCK_DESTROY on a
listen socket that has an established but not yet accepted child
socket results in the parent and the child being closed, such
that they no longer appear in sock_diag dumps.
[cherry-pick of net-next 2010b93e9317cc12acd20c4aed385af7f9d1681e]
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I3fd2482bc82c769f217ca86ab44796193cb097da
|
|
Adding support for SYN_RECV request sockets to tcp_abort()
is quite easy after our tcp listener rewrite.
Note that we also need to better handle listeners, or we might
leak not yet accepted children, because of a missing
inet_csk_listen_stop() call.
[cherry-pick of net-next 07f6f4a31e5a8dee67960fc07bb0b37c5f879d4d]
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Tested-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I98b5411da553677c3132dbf6a7ba75fd348d26f7
|
|
This implements SOCK_DESTROY for TCP sockets. It causes all
blocking calls on the socket to fail fast with ECONNABORTED and
causes a protocol close of the socket. It informs the other end
of the connection by sending a RST, i.e., initiating a TCP ABORT
as per RFC 793. ECONNABORTED was chosen for consistency with
FreeBSD.
[cherry-pick of net-next c1e64e298b8cad309091b95d8436a0255c84f54a]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Iaba3cb1f6b0411d588fe43ff9f25835a0a844296
|
|
This passes the SOCK_DESTROY operation to the underlying protocol
diag handler, or returns -EOPNOTSUPP if that handler does not
define a destroy operation.
Most of this patch is just renaming functions. This is not
strictly necessary, but it would be fairly counterintuitive to
have the code to destroy inet sockets be in a function whose name
starts with inet_diag_get.
[backport of net-next 6eb5d2e08f071c05ecbe135369c9ad418826cab2]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I91423eafeec7f8c72219433eb29516c2e465b537
|
|
This patch adds a SOCK_DESTROY operation, a destroy function
pointer to sock_diag_handler, and a diag_destroy function
pointer. It does not include any implementation code.
[backport of net-next 64be0aed59ad519d6f2160868734f7e278290ac1]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I7dbbd623d791829cb032a71661fcb2564e2e3a96
|
|
Currently, inet_diag_dump_one_icsk finds a socket and then dumps
its information to userspace. Split it into a part that finds the
socket and a part that dumps the information.
[cherry-pick of net-next b613f56ec9baf30edf5d9d607b822532a273dad7]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug: None
Patchset: net-diag-socket-destroy
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I2908a0d12dd1ccd8dd1a9d276fd1c9c8d82ea36f
|
|
Running mmcqd as a prio 120 thread forces it to compete with standard
user processes for IO performance, especially when the system is under
severe CPU load. Move it to a SCHED_FIFO thread to reduce the impact of
load on IO performance.
Signed-off-by: Tim Murray <timmurray@google.com>
Bug: 25392275
Patchset: mmc-sched-fifo
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: I5f52acdd59ffc5ed9b8a9ad23ee34bede7ac5714
|
|
If a /d/binder/proc/[pid] entry is kept open after linux has
torn down the associated process, binder_proc_show can deference
an invalid binder_proc that has been stashed in the debugfs
inode. Validate that the binder_proc ptr passed into binder_proc_show
has not been freed by looking for it within the global process list
whilst the global lock is held. If the ptr is not valid, print nothing.
Cc: Colin Cross <ccross@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Dmitry Shmidt <dimitrysh@google.com>
Cc: Rom Lemarchand <romlem@google.com>
Cc: Serban Constantinescu <serban.constantinescu@arm.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
[jstultz: Minor commit message tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: None
Patchset: binder
(cherry-picked from 83050a4e21979fe1821916fce2fca36255569ed3)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Id3defe7e7e9fd398d75c775f93fff86295d1bdfc
|
|
Make sure offsets don't point to overlapping flat_binder_object
structs.
Cc: Colin Cross <ccross@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Dmitry Shmidt <dimitrysh@google.com>
Cc: Rom Lemarchand <romlem@google.com>
Cc: Serban Constantinescu <serban.constantinescu@arm.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: None
Patchset: binder
(cherry-picked from 212265e5ad726ed7fd2ec7d61d36d9e0b0d3e655)
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Id031d8f05486402cdce64f5cd360085746704a18
|
|
No need to set .owner here. The core will do it.
Remove .owner field if calls are used which set it automatically
Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci
CC: Lizhe Liu <lizhe.liu@intel.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Bug: None
Patchset: platform-goldfish
Signed-off-by: Mattias Nissler <mnissler@google.com>
Change-Id: Id1bc0a84d153cd2594db5c0fa28bdaf80f2f36da
|
