Merge android-4.4-p.194 (2b29211
) into msm-4.4
* refs/heads/tmp-2b29211
Revert "ANDROID: regression introduced override_creds=off"
ANDROID: regression introduced override_creds=off
Fix fallout from changes to bootparam_utils.h
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
ANDROID: arm64: fix leftover RWX when using CONFIG_UNMAP_KERNEL_AT_EL0
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Avoid taking multiple locks in handle_lmk_event
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix binder change in merge of 4.4.183
Fix overlayfs build break
binder: binder: fix possible UAF when freeing buffer
ANDROID: Revert "f2fs: avoid out-of-range memory access"
ANDROID: overlayfs: Fix a regression in commit b24be4acd
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
ANDROID: xfrm: remove in_compat_syscall() checks
BACKPORT: binder: Set end of SG buffer area properly.
UPSTREAM: binder: check for overflow when alloc for security context
BACKPORT: binder: fix race between munmap() and direct reclaim
ANDROID: cuttlefish 4.4: enable CONFIG_CRYPTO_AES_NI_INTEL=y
ANDROID: cuttlefish_defconfig: Disable DEVTMPFS
ANDROID: cuttlefish_defconfig: Enable CONFIG_CPUSETS and CONFIG_CGROUP_SCHEDTUNE
ANDROID: cuttlefish_defconfig: Drop dead CRYPTO options
UPSTREAM: virtio: new feature to detect IOMMU device quirk
UPSTREAM: vring: Use the DMA API on Xen
UPSTREAM: virtio_ring: Support DMA APIs
UPSTREAM: vring: Introduce vring_use_dma_api()
ANDROID: cuttlefish_defconfig: L2TP/PPTP to OLAC/OPNS
ANDROID: cuttlefish_defconfig: Enable DEBUG_SET_MODULE_RONX
ANDROID: Fix cuttlefish redundant vsock connection.
ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS
ANDROID: Move from clang r349610 to r353983c.
Make arm64 serial port config compatible with crosvm
UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED
ANDROID: cuttlefish_defconfig: Add support for AC97 audio
ANDROID: Move from clang r346389b to r349610.
ANDROID: cuttlefish_defconfig: Enable vsock options
UPSTREAM: vhost/vsock: fix reset orphans race with close timeout
UPSTREAM: vhost/vsock: fix use-after-free in network stack callers
UPSTREAM: vhost: correctly check the iova range when waking virtqueue
UPSTREAM: vhost: synchronize IOTLB message with dev cleanup
UPSTREAM: vhost: fix info leak due to uninitialized memory
UPSTREAM: vhost: fix vhost_vq_access_ok() log check
UPSTREAM: vhost: validate log when IOTLB is enabled
UPSTREAM: vhost_net: add missing lock nesting notation
UPSTREAM: vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
UPSTREAM: vhost/vsock: fix uninitialized vhost_vsock->guest_cid
UPSTREAM: vhost_net: correctly check tx avail during rx busy polling
UPSTREAM: vsock: use new wait API for vsock_stream_sendmsg()
UPSTREAM: vsock: cancel packets when failing to connect
UPSTREAM: vhost-vsock: add pkt cancel capability
UPSTREAM: vsock: track pkt owner vsock
UPSTREAM: vhost: fix initialization for vq->is_le
UPSTREAM: vhost/vsock: handle vhost_vq_init_access() error
UPSTREAM: vsock: lookup and setup guest_cid inside vhost_vsock_lock
UPSTREAM: vhost-vsock: fix orphan connection reset
UPSTREAM: vsock/virtio: fix src/dst cid format
UPSTREAM: VSOCK: Don't dec ack backlog twice for rejected connections
UPSTREAM: vhost/vsock: drop space available check for TX vq
UPSTREAM: virtio-vsock: fix include guard typo
UPSTREAM: vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
UPSTREAM: VSOCK: Use kvfree()
BACKPORT: vhost: split out vringh Kconfig
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: detect 32 bit integer wrap around
UPSTREAM: VSOCK: Add Makefile and Kconfig
UPSTREAM: VSOCK: Introduce vhost_vsock.ko
UPSTREAM: VSOCK: Introduce virtio_transport.ko
BACKPORT: VSOCK: Introduce virtio_vsock_common.ko
UPSTREAM: VSOCK: defer sock removal to transports
UPSTREAM: VSOCK: transport-specific vsock_transport functions
UPSTREAM: vsock: make listener child lock ordering explicit
UPSTREAM: vhost: new device IOTLB API
BACKPORT: vhost: convert pre sorted vhost memory array to interval tree
UPSTREAM: vhost: introduce vhost memory accessors
UPSTREAM: vhost_net: stop polling socket during rx processing
UPSTREAM: VSOCK: constify vsock_transport structure
UPSTREAM: vhost: lockless enqueuing
UPSTREAM: vhost: simplify work flushing
UPSTREAM: VSOCK: Only check error on skb_recv_datagram when skb is NULL
BACKPORT: AF_VSOCK: Shrink the area influenced by prepare_to_wait
UPSTREAM: vhost_net: basic polling support
UPSTREAM: vhost: introduce vhost_vq_avail_empty()
UPSTREAM: vhost: introduce vhost_has_work()
UPSTREAM: vhost: rename vhost_init_used()
UPSTREAM: vhost: rename cross-endian helpers
UPSTREAM: vhost: fix error path in vhost_init_used()
UPSTREAM: virtio: make find_vqs() checkpatch.pl-friendly
UPSTREAM: net: move napi_hash[] into read mostly section
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
ANDROID: cuttlefish_defconfig: Enable VIRT_WIFI
FROMGIT, BACKPORT: mac80211-next: rtnetlink wifi simulation device
ANDROID: Move from clang r328903 to r346389b.
ANDROID: arm64 defconfig / build config for cuttlefish
ANDROID: Communicates LMK events to userland where they can be logged
Fix merge issue with 4.4.178
Fix merge issue with 4.4.177
FROMGIT: binder: create node flag to request sender's security context
ion: Disable ION_HEAP_TYPE_SYSTEM_CONTIG
ANDROID: uid_sys_stats: Copy task_struct comm field to bigger buffer
UPSTREAM: binder: fix race that allows malicious free of live buffer
Makefile: Tidy up 4.4.165 merge
ANDROID: sdcardfs: Change current->fs under lock
ANDROID: sdcardfs: Don't use OVERRIDE_CRED macro
arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
ANDROID: arm64: mm: fix 4.4.154 merge
Fix backport of "tcp: detect malicious patterns in tcp_collapse_ofo_queue()"
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
Conflicts:
Makefile
arch/arm64/configs/cuttlefish_defconfig
arch/arm64/include/asm/cpufeature.h
arch/x86/configs/x86_64_cuttlefish_defconfig
arch/x86/include/asm/uaccess_32.h
drivers/net/wireless/virt_wifi.c
drivers/staging/android/lowmemorykiller.c
fs/f2fs/checkpoint.c
fs/f2fs/data.c
fs/f2fs/dir.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/inline.c
fs/f2fs/inode.c
fs/f2fs/node.c
fs/f2fs/recovery.c
fs/f2fs/segment.c
fs/f2fs/segment.h
fs/f2fs/super.c
fs/squashfs/block.c
include/linux/f2fs_fs.h
include/linux/msm_mdp.h
include/uapi/linux/android/binder.h
include/uapi/linux/virtio_ids.h
kernel/cpu.c
Change-Id: I3d8da865a81161d356b11f84344c27e172c3add3
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This commit is contained in:
commit
520bc0d2f2
7 changed files with 47 additions and 21 deletions
|
@ -78,7 +78,6 @@ CONFIG_INET=y
|
|||
CONFIG_IP_MULTICAST=y
|
||||
CONFIG_IP_ADVANCED_ROUTER=y
|
||||
CONFIG_IP_MULTIPLE_TABLES=y
|
||||
CONFIG_NET_IPGRE_DEMUX=y
|
||||
CONFIG_NET_IPVTI=y
|
||||
CONFIG_INET_ESP=y
|
||||
# CONFIG_INET_XFRM_MODE_BEET is not set
|
||||
|
@ -170,7 +169,6 @@ CONFIG_IP6_NF_FILTER=y
|
|||
CONFIG_IP6_NF_TARGET_REJECT=y
|
||||
CONFIG_IP6_NF_MANGLE=y
|
||||
CONFIG_IP6_NF_RAW=y
|
||||
CONFIG_L2TP=y
|
||||
CONFIG_NET_SCHED=y
|
||||
CONFIG_NET_SCH_HTB=y
|
||||
CONFIG_NET_CLS_U32=y
|
||||
|
@ -216,8 +214,8 @@ CONFIG_PPP=y
|
|||
CONFIG_PPP_BSDCOMP=y
|
||||
CONFIG_PPP_DEFLATE=y
|
||||
CONFIG_PPP_MPPE=y
|
||||
CONFIG_PPTP=y
|
||||
CONFIG_PPPOL2TP=y
|
||||
CONFIG_PPPOLAC=y
|
||||
CONFIG_PPPOPNS=y
|
||||
CONFIG_USB_USBNET=y
|
||||
# CONFIG_USB_NET_AX8817X is not set
|
||||
# CONFIG_USB_NET_AX88179_178A is not set
|
||||
|
@ -414,6 +412,5 @@ CONFIG_HARDENED_USERCOPY=y
|
|||
CONFIG_SECURITY_SELINUX=y
|
||||
CONFIG_CRYPTO_SHA512=y
|
||||
CONFIG_CRYPTO_LZ4=y
|
||||
CONFIG_CRYPTO_ZSTD=y
|
||||
CONFIG_CRYPTO_ANSI_CPRNG=y
|
||||
CONFIG_XZ_DEC=y
|
||||
|
|
|
@ -505,7 +505,7 @@ static int __init map_entry_trampoline(void)
|
|||
{
|
||||
extern char __entry_tramp_text_start[];
|
||||
|
||||
pgprot_t prot = PAGE_KERNEL_EXEC;
|
||||
pgprot_t prot = PAGE_KERNEL_ROX;
|
||||
phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
|
||||
|
||||
/* The trampoline is always mapped and can therefore be global */
|
||||
|
|
|
@ -13,10 +13,13 @@ CONFIG_IKCONFIG_PROC=y
|
|||
CONFIG_CGROUPS=y
|
||||
CONFIG_CGROUP_DEBUG=y
|
||||
CONFIG_CGROUP_FREEZER=y
|
||||
CONFIG_CPUSETS=y
|
||||
CONFIG_CGROUP_CPUACCT=y
|
||||
CONFIG_CGROUP_SCHEDTUNE=y
|
||||
CONFIG_CGROUP_SCHED=y
|
||||
CONFIG_RT_GROUP_SCHED=y
|
||||
CONFIG_NAMESPACES=y
|
||||
CONFIG_SCHED_TUNE=y
|
||||
CONFIG_BLK_DEV_INITRD=y
|
||||
# CONFIG_RD_LZ4 is not set
|
||||
CONFIG_KALLSYMS_ALL=y
|
||||
|
@ -462,6 +465,7 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
|||
CONFIG_CRYPTO_SHA512=y
|
||||
CONFIG_CRYPTO_LZ4=y
|
||||
CONFIG_CRYPTO_ZSTD=y
|
||||
CONFIG_CRYPTO_AES_NI_INTEL=y
|
||||
CONFIG_ASYMMETRIC_KEY_TYPE=y
|
||||
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
|
||||
CONFIG_X509_CERTIFICATE_PARSER=y
|
||||
|
|
|
@ -528,7 +528,8 @@ struct binder_priority {
|
|||
* @requested_threads_started: number binder threads started
|
||||
* (protected by @inner_lock)
|
||||
* @tmp_ref: temporary reference to indicate proc is in use
|
||||
* (protected by @inner_lock)
|
||||
* (atomic since @proc->inner_lock cannot
|
||||
* always be acquired)
|
||||
* @default_priority: default scheduler priority
|
||||
* (invariant after initialized)
|
||||
* @debugfs_entry: debugfs node
|
||||
|
@ -562,7 +563,7 @@ struct binder_proc {
|
|||
int max_threads;
|
||||
int requested_threads;
|
||||
int requested_threads_started;
|
||||
int tmp_ref;
|
||||
atomic_t tmp_ref;
|
||||
struct binder_priority default_priority;
|
||||
struct dentry *debugfs_entry;
|
||||
struct binder_alloc alloc;
|
||||
|
@ -2053,9 +2054,9 @@ static void binder_thread_dec_tmpref(struct binder_thread *thread)
|
|||
static void binder_proc_dec_tmpref(struct binder_proc *proc)
|
||||
{
|
||||
binder_inner_proc_lock(proc);
|
||||
proc->tmp_ref--;
|
||||
atomic_dec(&proc->tmp_ref);
|
||||
if (proc->is_dead && RB_EMPTY_ROOT(&proc->threads) &&
|
||||
!proc->tmp_ref) {
|
||||
!atomic_read(&proc->tmp_ref)) {
|
||||
binder_inner_proc_unlock(proc);
|
||||
binder_free_proc(proc);
|
||||
return;
|
||||
|
@ -2117,8 +2118,26 @@ static struct binder_thread *binder_get_txn_from_and_acq_inner(
|
|||
|
||||
static void binder_free_transaction(struct binder_transaction *t)
|
||||
{
|
||||
if (t->buffer)
|
||||
t->buffer->transaction = NULL;
|
||||
struct binder_proc *target_proc;
|
||||
|
||||
spin_lock(&t->lock);
|
||||
target_proc = t->to_proc;
|
||||
if (target_proc) {
|
||||
atomic_inc(&target_proc->tmp_ref);
|
||||
spin_unlock(&t->lock);
|
||||
|
||||
binder_inner_proc_lock(target_proc);
|
||||
if (t->buffer)
|
||||
t->buffer->transaction = NULL;
|
||||
binder_inner_proc_unlock(target_proc);
|
||||
binder_proc_dec_tmpref(target_proc);
|
||||
} else {
|
||||
/*
|
||||
* If the transaction has no target_proc, then
|
||||
* t->buffer->transaction * has already been cleared.
|
||||
*/
|
||||
spin_unlock(&t->lock);
|
||||
}
|
||||
kfree(t);
|
||||
binder_stats_deleted(BINDER_STAT_TRANSACTION);
|
||||
}
|
||||
|
@ -2871,7 +2890,7 @@ static struct binder_node *binder_get_node_refs_for_txn(
|
|||
target_node = node;
|
||||
binder_inc_node_nilocked(node, 1, 0, NULL);
|
||||
binder_inc_node_tmpref_ilocked(node);
|
||||
node->proc->tmp_ref++;
|
||||
atomic_inc(&node->proc->tmp_ref);
|
||||
*procp = node->proc;
|
||||
} else
|
||||
*error = BR_DEAD_REPLY;
|
||||
|
@ -2967,7 +2986,7 @@ static void binder_transaction(struct binder_proc *proc,
|
|||
goto err_dead_binder;
|
||||
}
|
||||
target_proc = target_thread->proc;
|
||||
target_proc->tmp_ref++;
|
||||
atomic_inc(&target_proc->tmp_ref);
|
||||
binder_inner_proc_unlock(target_thread->proc);
|
||||
} else {
|
||||
if (tr->target.handle) {
|
||||
|
@ -3700,10 +3719,12 @@ static int binder_thread_write(struct binder_proc *proc,
|
|||
buffer->debug_id,
|
||||
buffer->transaction ? "active" : "finished");
|
||||
|
||||
binder_inner_proc_lock(proc);
|
||||
if (buffer->transaction) {
|
||||
buffer->transaction->buffer = NULL;
|
||||
buffer->transaction = NULL;
|
||||
}
|
||||
binder_inner_proc_unlock(proc);
|
||||
if (buffer->async_transaction && buffer->target_node) {
|
||||
struct binder_node *buf_node;
|
||||
struct binder_work *w;
|
||||
|
@ -4565,7 +4586,7 @@ static int binder_thread_release(struct binder_proc *proc,
|
|||
* The corresponding dec is when we actually
|
||||
* free the thread in binder_free_thread()
|
||||
*/
|
||||
proc->tmp_ref++;
|
||||
atomic_inc(&proc->tmp_ref);
|
||||
/*
|
||||
* take a ref on this thread to ensure it
|
||||
* survives while we are releasing it
|
||||
|
@ -5060,6 +5081,7 @@ static int binder_open(struct inode *nodp, struct file *filp)
|
|||
return -ENOMEM;
|
||||
spin_lock_init(&proc->inner_lock);
|
||||
spin_lock_init(&proc->outer_lock);
|
||||
atomic_set(&proc->tmp_ref, 0);
|
||||
get_task_struct(current->group_leader);
|
||||
proc->tsk = current->group_leader;
|
||||
mutex_init(&proc->files_lock);
|
||||
|
@ -5239,7 +5261,7 @@ static void binder_deferred_release(struct binder_proc *proc)
|
|||
* Make sure proc stays alive after we
|
||||
* remove all the threads
|
||||
*/
|
||||
proc->tmp_ref++;
|
||||
atomic_inc(&proc->tmp_ref);
|
||||
|
||||
proc->is_dead = true;
|
||||
threads = 0;
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
#include <linux/circ_buf.h>
|
||||
#include <linux/proc_fs.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/poll.h>
|
||||
|
||||
#define CREATE_TRACE_POINTS
|
||||
#include <trace/events/almk.h>
|
||||
|
|
|
@ -3524,11 +3524,6 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
|
|||
seg_i = CURSEG_I(sbi, i);
|
||||
segno = le32_to_cpu(ckpt->cur_data_segno[i]);
|
||||
blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
|
||||
if (blk_off > ENTRIES_IN_SUM) {
|
||||
f2fs_bug_on(sbi, 1);
|
||||
f2fs_put_page(page, 1);
|
||||
return -EFAULT;
|
||||
}
|
||||
seg_i->next_segno = segno;
|
||||
reset_curseg(sbi, i, 0);
|
||||
seg_i->alloc_type = ckpt->alloc_type[i];
|
||||
|
|
|
@ -2562,6 +2562,12 @@ static int sanity_check_raw_super(struct f2fs_sb_info *sbi,
|
|||
return -EFSCORRUPTED;
|
||||
}
|
||||
|
||||
if (le32_to_cpu(raw_super->segment_count) > F2FS_MAX_SEGMENT) {
|
||||
f2fs_info(sbi, "Invalid segment count (%u)",
|
||||
le32_to_cpu(raw_super->segment_count));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* check CP/SIT/NAT/SSA/MAIN_AREA area boundary */
|
||||
if (sanity_check_area_boundary(sbi, bh))
|
||||
return -EFSCORRUPTED;
|
||||
|
@ -2677,6 +2683,7 @@ int f2fs_sanity_check_ckpt(struct f2fs_sb_info *sbi)
|
|||
|
||||
sit_bitmap_size = le32_to_cpu(ckpt->sit_ver_bitmap_bytesize);
|
||||
nat_bitmap_size = le32_to_cpu(ckpt->nat_ver_bitmap_bytesize);
|
||||
log_blocks_per_seg = le32_to_cpu(raw_super->log_blocks_per_seg);
|
||||
|
||||
if (sit_bitmap_size != ((sit_segs / 2) << log_blocks_per_seg) / 8 ||
|
||||
nat_bitmap_size != ((nat_segs / 2) << log_blocks_per_seg) / 8) {
|
||||
|
|
Loading…
Add table
Reference in a new issue