(cherry picked from commit https://lkml.org/lkml/2015/12/21/341)
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I438ae2dae939ea7f311246832cb789afdd6cba4e
(cherry picked from commit https://lkml.org/lkml/2015/12/21/337)
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ibf9ed3d4390e9686f5cc34f605d509a20d40e6c2
Update vma_merge() call in private anonymous memory prctl,
introduced in AOSP commit ee8c5f78f09a
"mm: add a field to store names for private anonymous memory",
so as to align with changes from upstream commit 19a809afe2
"userfaultfd: teach vma_merge to merge across vma->vm_userfaultfd_ctx".
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Add a userspace visible knob to tell the VM to keep an extra amount
of memory free, by increasing the gap between each zone's min and
low watermarks.
This is useful for realtime applications that call system
calls and have a bound on the number of allocations that happen
in any short time period. In this application, extra_free_kbytes
would be left at an amount equal to or larger than than the
maximum number of allocations that happen in any burst.
It may also be useful to reduce the memory use of virtual
machines (temporarily?), in a way that does not cause memory
fragmentation like ballooning does.
[ccross]
Revived for use on old kernels where no other solution exists.
The tunable will be removed on kernels that do better at avoiding
direct reclaim.
Change-Id: I765a42be8e964bfd3e2886d1ca85a29d60c3bb3e
Signed-off-by: Rik van Riel<riel@redhat.com>
Signed-off-by: Colin Cross <ccross@android.com>
This patch adds a debugfs file called "shrinker" when read this calls
all the shrinkers in the system with nr_to_scan set to zero and prints
the result. These results are the number of objects the shrinkers have
available and can thus be used an indication of the total memory
that would be availble to the system if a shrink occurred.
Change-Id: Ied0ee7caff3d2fc1cb4bb839aaafee81b5b0b143
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
ramoops is one of the remaining places where ARM vendors still rely on
board-specific shims. Device Tree lets us replace those shims with
generic code.
These bindings mirror the ramoops module parameters, with two small
differences:
(1) dump_oops becomes an optional "no-dump-oops" property, since ramoops
sets dump_oops=1 by default.
(2) mem_type=1 becomes the more self-explanatory "unbuffered" property.
(am from https://lkml.org/lkml/2016/1/7/750)
Change-Id: I2140199a861d50fc2bcbbe85b16bf17fb9ccaa1d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Update Documentation/android.txt to reference PSTORE_CONSOLE
and PSTORE_RAM instead of ANDROID_RAM_CONSOLE
Change-Id: I2c56e73f8c65c3ddbe6ddbf1faadfacb42a09575
Reported-by: Jon Medhurst (Tixy) <tixy@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Add a skip_initramfs option to allow choosing whether to boot using
the initramfs or not at runtime.
Change-Id: If30428fa748c1d4d3d7b9d97c1f781de5e4558c3
Signed-off-by: Rom Lemarchand <romlem@google.com>
In commit d6cb004d80 (of: fix CONFIG_CMDLINE_EXTEND),
the types of some variables in early_init_dt_scan_chosen()
were modified, which results in build warnings.
This patch resets the unsigned long to an int, and re-adds
the const to the char*.
Change-Id: Ie60ae92b4552e453cf477dd83f42838b3f95975e
Signed-off-by: John Stultz <john.stultz@linaro.org>
strlcat takes the size of the buffer, not the number of characters
to concatenate. If the size of the device tree command line p is
larger than the CONFIG_CMDLINE string data, then strcat(data, p, l)
will hit a BUG_ON because strlen(data) > l.
Replace the second strlcat with a strncpy plus a manual null
termination.
Also rearrange the code to reduce indent depth to make it more
readable, and replace data with a char *cmdline to avoid extra
casts.
Signed-off-by: Colin Cross <ccross@android.com>
Copy the config choice for CONFIG_CMDLINE_EXTEND from
arch/arm/Kconfig, including CONFIG_CMDLINE_FROM_BOOTLOADER
as the default. These will be used by drivers/of/fdt.c.
Change-Id: I8416038498ddf8fc1e99ab06109825eb1492aa7f
Signed-off-by: Colin Cross <ccross@android.com>
The old logic assumes CMDLINE_FROM_BOOTLOADER vs. CMDLINE_FORCE and
ignores CMDLINE_EXTEND. Here's the old logic:
- CONFIG_CMDLINE_FORCE=true
CONFIG_CMDLINE
- dt bootargs=non-empty:
dt bootargs
- dt bootargs=empty, @data is non-empty string
@data is left unchanged
- dt bootargs=empty, @data is empty string
CONFIG_CMDLINE (or "" if that's not defined)
The new logic is now documented in of_fdt.h and is copied here for
reference:
- CONFIG_CMDLINE_FORCE=true
CONFIG_CMDLINE
- CONFIG_CMDLINE_EXTEND=true, @data is non-empty string
@data + dt bootargs (even if dt bootargs are empty)
- CONFIG_CMDLINE_EXTEND=true, @data is empty string
CONFIG_CMDLINE + dt bootargs (even if dt bootargs are empty)
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=non-empty:
dt bootargs
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=empty, @data is non-empty string
@data is left unchanged
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=empty, @data is empty string
CONFIG_CMDLINE (or "" if that's not defined)
Signed-off-by: Doug Anderson <dianders@chromium.org>
CC: devicetree-discuss@lists.ozlabs.org
CC: Grant Likely <grant.likely@secretlab.ca>
CC: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: Rob Herring <rob.herring@calxeda.com>
Change-Id: I40ace250847f813358125dfcaa8998fd32cf7ea3
Signed-off-by: Colin Cross <ccross@android.com>
If the bootloader used a page table that is incompatible with domain 0
in client mode, and boots with the mmu on, then swithing domain 0 to
client mode causes a fault if we don't flush the tlb after updating
the page table pointer.
v2: Add ISB before loading dacr.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Allows a defconfig to set a list of dtbs to concatenate with an
Image.gz to create a Image.gz-dtb.
Includes 8adb162 arm64: Fix correct dtb clean-files location
Change-Id: I0b462322d5c970f1fdf37baffece7ad058099f4a
Signed-off-by: Alex Ray <aray@google.com>
Allow CONFIG_BUILD_ARM_APPENDED_DTB_IMAGE_NAMES to specify
a space separated list of dtbs to append to the zImage,
and name the resulting file zImage-dtb
Change-Id: Ied5d0bafbd1d01fc1f109c15c4283de7029903c9
Signed-off-by: Colin Cross <ccross@android.com>
Allows a defconfig to set a default dtb to concatenate with a zImage
to create a zImage-dtb.<dtb name>
Signed-off-by: Erik Gilling <konkers@android.com>
Change-Id: I34b643b1c49228fbae88a56e46c93c478089620d
In the 3.10 kernel, dtb-y is not defined in Makefile.boot anymore
but in dts/Makefile, so it needs to be included too.
Change-Id: I6d6fccf933709bcb6220ce8f12b4b9e2a7c40d63
Signed-off-by: Benoit Goby <benoit@android.com>
Move the poison pointer offset to 0xdead000000000000, a
recognized value that is not mappable by user-space exploits.
Change-Id: I558441a26a7c8390aa087f32c4cbe980de8c8ce3
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
The aarch64-linux-android- toolchain enables -fpic by default. -fpic
isn't needed for the kernel and breaks CONFIG_JUMP_LABEL, so turn it
off.
Change-Id: I685da1dc60e4cf1e9abcfb56e03654675ac02a0c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
A port of 8608d7c4418c75841c562a90cddd9beae5798a48 to ARM64. Both the
original code and this port are limited to dumping kernel addresses, so
don't bother if the registers are from a userspace process.
Change-Id: Idc76804c54efaaeb70311cbb500c54db6dac4525
Signed-off-by: Greg Hackmann <ghackmann@google.com>
pfn_valid() returns a false positive when the lower (64 - PAGE_SHIFT)
bits match a valid pfn but some of the upper bits are set. This caused
a kernel panic in kpageflags_read() when a userspace utility parsed
/proc/*/pagemap, neglected to discard the upper flag bits, and tried to
lseek()+read() from the corresponding offset in /proc/kpageflags.
A valid pfn will never have the upper PAGE_SHIFT bits set, so simply
check for this before passing the pfn to memblock_is_memory().
Change-Id: Ief5d8cd4dd93cbecd545a634a8d5885865cb5970
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Bail out early if IRQs are disabled in do_page_fault or else
[14415.157266] BUG: sleeping function called from invalid context at arch/arm/mm/fault.c:301
Russell King's idea from
http://comments.gmane.org/gmane.linux.ports.arm.omap/59256
Signed-off-by: JP Abgrall <jpa@google.com>
At times, it is necessary for boards to provide some additional information
as part of panic logs. Provide information on the board hardware as part
of panic logs.
It is safer to print this information at the very end in case something
bad happens as part of the information retrieval itself.
To use this, set global mach_panic_string to an appropriate string in the
board file.
Change-Id: Id12cdda87b0cd2940dd01d52db97e6162f671b4d
Signed-off-by: Nishanth Menon <nm@ti.com>
If the console_lock was held while the system was rebooted, the messages
in the temporary logbuffer would not have propogated to all the console
drivers.
This force releases the console lock if it failed to be acquired.
Change-Id: I193dcf7b968be17966833e50b8b8bc70d5d9fe89
Signed-off-by: Dima Zavin <dima@android.com>
If CACHE_FLUSH_RANGE_LIMIT is defined, then the entire dcache will
be flushed if the requested range is larger than this limit.
Change-Id: I29277d645a9d6716b1952cf3b870c78496261dd0
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Fix spinlock declaration and tty_insert/flip arguments.
If ARM DCC tty driver is enabled then we run into following build failure:
----------
CC drivers/char/dcc_tty.o
drivers/char/dcc_tty.c:29:36: error: ‘SPIN_LOCK_UNLOCKED’ undeclared here (not in a function)
drivers/char/dcc_tty.c: In function ‘dcc_poll_locked’:
drivers/char/dcc_tty.c:83:4: warning: passing argument 1 of ‘tty_insert_flip_string’ from incompatible pointer type [enabled by default]
In file included from drivers/char/dcc_tty.c:23:0:
include/linux/tty_flip.h:32:19: note: expected ‘struct tty_port *’ but argument is of type ‘struct tty_struct *’
drivers/char/dcc_tty.c:84:4: warning: passing argument 1 of ‘tty_flip_buffer_push’ from incompatible pointer type [enabled by default]
In file included from drivers/char/dcc_tty.c:23:0:
include/linux/tty_flip.h:13:13: note: expected ‘struct tty_port *’ but argument is of type ‘struct tty_struct *’
make[2]: *** [drivers/char/dcc_tty.o] Error 1
----------
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
This is extremely useful in diagnosing remote crashes, and is based heavily
on original work by <md@google.com>.
Signed-off-by: San Mehat <san@google.com>
Cc: Michael Davidson <md@google.com>
[ARM] process: Use uber-safe probe_kernel_address() to read mem when dumping.
This prevents the dump from taking pagefaults / external aborts.
Change-Id: I8df76e8638780f94fb1bd7ea4471e3f7b01df950
Signed-off-by: San Mehat <san@google.com>
Fix redundant "buffer->private_flags & ION_PRIV_FLAG_SHRINKER_FREE"
checks in if(!cached ...) condition block.
AOSP Change-Id: I98ee8902df0c80135dddfa998c4ca4c2bb44e40e,
"ion: Handle the memory mapping correctly on x86", is broken
on android-3.18+ kernels. It conflicts with upstream commit
53a91c68fa, "staging: ion: Add private buffer flag to skip
page pooling on free", and break the ION_PRIV_FLAG_SHRINKER_FREE
private flag check logic.
Change-Id: I9cee4bcc3545cf92e07c21c2b42d27cf88da3316
Reported-by: chenfeng <puck.chen@hisilicon.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
ION_POOL_CACHE_POLICY uses x86 specific commands.
Only allow it to be used for x86.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: Ic66e175fa41486b0b5f77872f2193add77cbe66f
(cherry picked from commit 43f4056cbec017c4414d74b032e9c14e009eabb0)
This patch modifies the ion page pool code to address
limitation in x86 PAT. When one physical page is mapped
to multiple virtual pages, the same cache policy
should be used. Add set_memory_wc/uc call to avoid aliases.
If not, all mappings will be cached(write back).
Change-Id: I98ee8902df0c80135dddfa998c4ca4c2bb44e40e
Signed-off-by: Zhebin Jin <zhebin.jin@intel.com>
Signed-off-by: Vinil Cheeramvelil <vinil.cheeramvelil@intel.com>
Commit "SELinux: Enable setting security contexts on rootfs inodes."
cherry-picked in experimental/android-4.1 used a now obsolete flag
SE_SBLABELSUPP. Rename it to SBLABEL_MNT as intended by upstream
commit 12f348b9dc "SELinux: rename SE_SBLABELSUPP to SBLABEL_MNT",
otherwise we run into following build error:
CC security/selinux/hooks.o
security/selinux/hooks.c: In function ‘sb_finish_set_opts’:
security/selinux/hooks.c:459:19: error: ‘SE_SBLABELSUPP’ undeclared (first use in this function)
sbsec->flags |= SE_SBLABELSUPP;
^
security/selinux/hooks.c:459:19: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [security/selinux/hooks.o] Error 1
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
NOT intended for new Android devices - this commit is unnecessary
for a target device that does not have a previous M variant.
DO NOT upstream. Android only.
Motivation:
This commit mitigates a mismatch between selinux kernel and
selinux userspace. The selinux ioctl white-listing binary policy
format that was accepted into Android M differs slightly from what
was later accepted into the upstream kernel. This leaves Android
master branch kernels incompatible with Android M releases. This
patch restores backwards compatibility. This is important because:
1. kernels may be updated on a different cycle than the rest of the
OS e.g. security patching.
2. Android M bringup may still be ongoing for some devices. The
same kernel should work for both M and master.
Backwards compatibility is achieved by checking for an Android M
policy characteristic during initial policy read and converting to
upstream policy format. The inverse conversion is done for policy
write as required for CTS testing.
Bug: 22846070
Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
rootfs (ramfs) can support setting of security contexts
by userspace due to the vfs fallback behavior of calling
the security module to set the in-core inode state
for security.* attributes when the filesystem does not
provide an xattr handler. No xattr handler required
as the inodes are pinned in memory and have no backing
store.
This is useful in allowing early userspace to label individual
files within a rootfs while still providing a policy-defined
default via genfs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Commit b641072 ("security: Add AID_NET_RAW and AID_NET_ADMIN capability
check in cap_capable().") introduces additional checks for AID_NET_xxx
macros. Since the header file including those macros are conditionally
included, the checks should also be conditionally executed.
Change-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b
Signed-off-by: Tushar Behera <tushar.behera@linaro.org>
Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
AOSP's cpufreq_stats patch to report power/current
per cpufreq is broken at the moment so skip power
reporting for now.
Change-Id: I07779511f51ff3a9303dc98a3b71ac0a5882a4e9
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Checking if the uid_entry->uid matches the uid intended to be removed will
prevent deleting unwanted uid_entry.
Type cast the key for the hashtable to the same size, as when they were
inserted. This will make sure that we can find the uid_entry we want.
Bug: 25195548
Change-Id: I567942123cfb20e4b61ad624da19ec4cc84642c1
Signed-off: Ruchi kandoi <kandoiruchi@google.com>
Converting cputime_t to usec caused overflow when the value is greater
than 1 hour. Use msec and convert to unsigned long long to support bigger
range.
Bug: 22461683
Change-Id: I853fe3e8e7dbf0d3e2cc5c6f9688a5a6e1f1fb3e
Signed-off-by: Jin Qian <jinqian@google.com>
This avoids the race where a particular process is terminating and we
read the show_uid_stats. At this time since the task_struct still exists
and we will account for the terminating process as one of the active
task, where as the stats would have been added in the task exit
callback.
Bug: 22064385
Change-Id: Id2ae04b33fcd230eda9683a41b6019d4dd8f5d85
Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
/proc/uid_cputime/show_uid_stats shows a third field power for each of
the uids. It represents the power in the units (uAusec)
Change-Id: I52fdc5e59647e9dc97561a26d56f462a2689ba9c
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Create uids from kuids using from_kuid_munged(),
otherwise we run into following build error and warnings:
--------------------
CC drivers/misc/uid_cputime.o
drivers/misc/uid_cputime.c: In function ‘uid_stat_show’:
drivers/misc/uid_cputime.c:90:36: error: incompatible type for argument 1 of ‘find_or_register_uid’
drivers/misc/uid_cputime.c:54:26: note: expected ‘uid_t’ but argument is of type ‘kuid_t’
drivers/misc/uid_cputime.c:94:4: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘kuid_t’ [-Wformat]
drivers/misc/uid_cputime.c: In function ‘process_notifier’:
drivers/misc/uid_cputime.c:194:6: error: incompatible types when assigning to type ‘uid_t’ from type ‘kuid_t’
make[2]: *** [drivers/misc/uid_cputime.o] Error 1
--------------------
Change-Id: Ifecb98001f7fe2fac74d1ef3e1abd03d43fc9059
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit b0f4decae627cf2d74e6f72c7ecb939c77d48625)
Adds proc files /proc/uid_cputime/show_uid_stat and
/proc/uid_cputime/remove_uid_range.
show_uid_stat lists the total utime and stime for the active as well as
terminated processes for each of the uids.
Writing a range of uids to remove_uid_range will delete the accounting
for all the uids within that range.
Change-Id: I21d9210379da730b33ddc1a0ea663c8c9d2ac15b
