Android SELinux policies block SysV IPC. New kernels should not be
built with it.
Bug: 22300191
Change-Id: Ia4bcb179ff71825cab19eed603d4064a8d061a93
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Now that Android is moving towards ConfigFS based USB gadgets,
lets enable USB_CONFIGFS and relevant Android gadget functions
instead of obsolete USB_G_ANDROID composite driver which doesn't
exist now.
Enabled following ConfigFS gadget functions:
F_FS for ADB
F_MTP/PTP for MTP/PTP
F_ACC for Android USB Accessory
F_AUDIO_SRC for USB Audio Source
F_MIDI for MIDI, and
CONFIGFS_UEVENT for communicating USB state change notifications to userspace.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
android-base.cfg already enables several IPV6 sub-options, but not the
main IPV6 option. Without this, build errors such has this:
net/netfilter/xt_qtaguid.c:1591: undefined reference to `xt_socket_get6_sk'
occur if the starting defconfig hasn't already enabled IVP6,
Change-Id: I265089a2eec1ef8938e0a6fb95e1aacd16d99281
Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Kevin Hilman <khilman@linaro.org>
ARMV8_DEPRECATED replaces the now-reverted ARMV7_COMPAT in the upstream
kernel
Change-Id: I5d5cee4e11c01d717692198fa070826930847703
Signed-off-by: Greg Hackmann <ghackmann@google.com>
The Logitech unifying driver depends on hidraw being available.
Recommending one without the other will cause the Logitech driver to
silently fail when connecting Logitech devices.
Change-Id: I92ed2b6803537d9da6eed7fcada8f329cb4469a2
Signed-off-by: Michael Wright <michaelwr@google.com>
TCPMSS is required for the Android Vpn service to correctly
handle the MTU on tun/ppp devices. Bug: 11579326
We don't really need SCHED_TRACER and the TIMER_STATS.
Change-Id: I10c5767a6324a496713752d4fe9eff361dc8e06a
(cherry picked from commit 23f01e8e81f3c53985958fa291b39c84293ad047)
We don't like CONFIG_MODULES anymore.
Connection tracker handling of large SIP fails.
Change-Id: Ie3c65aefcc6181752d6656c97e63035e5b5653ff
Signed-off-by: JP Abgrall <jpa@google.com>
Because there is not tool to consistently generate these config
fragments, lets keep the alphabetical instead of random.
Change-Id: I0f098f6be6bdd272544295a3d5a48d04411e4514
Signed-off-by: JP Abgrall <jpa@google.com>
This will be a noop unless the KSM thread is enabled by userspace
Change-Id: Ia5fde14504cc0da50522e2f875d8d021f9e054ba
Signed-off-by: Rom Lemarchand <romlem@google.com>
- Add 2 files that contain the minimal and recommended kernel config
options respectively.
- Add a README to explain their purpose and how to use them to
generate a device config compatible with Android.
Change-Id: I3a4883f3b04d2820e90ceb3c4d02390d6458d6ce
Signed-off-by: Rom Lemarchand <romlem@google.com>
Few Android drivers e.g. uid_cputime and PPPoLAC/oPNS,
keyreset/combo, cpufreq_interactive etc.. fail to build
as kernel modules. Instead of fixing the build lets
make these drivers non-modular (switch config to "bool"
from "tristate" in Kconfig) since Android doesn't
support building kernel modules anyway.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Check if the len is not greater than maximum to prevent buffer overflow.
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Change-Id: I575b0a72bb5448b68353408d71fa8b83420c9088
If a /d/binder/proc/[pid] entry is kept open after linux has
torn down the associated process, binder_proc_show can deference
an invalid binder_proc that has been stashed in the debugfs
inode. Validate that the binder_proc ptr passed into binder_proc_show
has not been freed by looking for it within the global process list
whilst the global lock is held. If the ptr is not valid, print nothing.
Bug: 19587483
Change-Id: Idd5ad79f5648b7eed49d1ec75ae93f9e12a74ee9
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Make sure offsets don't point to overlapping flat_binder_object
structs.
Change-Id: I12c3757872e0f16dbd6e3b92fd214004cf87047e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
(cherry pick from commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2)
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Change-Id: I6052fa14ab54e32878ac9895356f1049bb96a138
AOSP commit a61e4d271cba "Enable adb with android-pipe
in IA image" made GOLDFISH_BUS modular (i.e switched it
to "tristate" in Kconfig from "bool"), which is not
buildable. Instead of fixing the build and supporting
it in modular form, which AOSP doesn't agree with anyway,
lets restore it to the original state ("bool") in the Kconfig.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
No need to set .owner here. The core will do it.
Remove .owner field if calls are used which set it automatically
Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci
CC: Lizhe Liu <lizhe.liu@intel.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
To enable adb for x86/x86_64 Brillo emulator, we bring
drivers/platform/goldfish/ in kernel/common (branch android-3.18)
up to date with that in kernel/goldfish
(branch android-goldfish-3.10), by porting the following patches:
044d26f goldfish: Enable ACPI-based enumeration for android pipe
acf92a5 goldfish_pipe: Pass physical addresses to the device if supported
77559b0 [MIPS] Enable platform support for Goldfish virtual devices
1bebc76 platform: goldfish: pipe: don't log when dropping PIPE_ERROR_AGAIN
3c56d07 platform: goldfish: pipe: add devicetree bindings
ca8dafc android_pipe: Pin pages to memory while copying and other cleanups
b765d47 android_pipe: don't be clever with #define offsets
7119108 goldfish: refactor goldfish platform configs
dc02035 goldfish: fix kernel panic when using multiple adb connection
Change-Id: Ic4f2f5e43ba2a70831d6a12a370417984f784dbc
Signed-off-by: Lizhe Liu <lizhe.liu@intel.com>
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Signed-off-by: Jason Hu <jia-cheng.hu@intel.com>
Signed-off-by: Yu Ning <yu.ning@intel.com>
Avoid waking up every thread sleeping in an epoll_wait call during
suspend and resume by calling a freezable blocking call. Previous
patches modified the freezer to avoid sending wakeups to threads
that are blocked in freezable blocking calls.
This call was selected to be converted to a freezable call because
it doesn't hold any locks or release any resources when interrupted
that might be needed by another freezing task or a kernel driver
during suspend, and is a common site where idle userspace tasks are
blocked.
Change-Id: I848d08d28c89302fd42bbbdfa76489a474ab27bf
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
adb reboot calls /proc/sysrq-trigger to force an emergency remount (ro) of all
mounted disks. This is executed in the order of the time the mount was originally
done. Because we have a test system which loop mount images from an extra
partition, we see errors cause the loop mounted partitions gets remounted after
this physical partition was set to read only already.
Fix this by reversing the order of the emergency remount. This will remount the
disk first which have been mounted last.
So instead of remounting in this order:
/dev/sda1
/dev/loop1
/dev/loop2
we now remount in this order:
/dev/loop2
/dev/loop1
/dev/sda1
Change-Id: I68fe7e16cc9400ab5278877af70c9ea1d9b57936
Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>
AOSP commit b13ce9f4aa6f "ARM64: add option to build
Image.gz/dtb combo" broke archclean / mrproper build
targets and we run into:
----------
./scripts/Makefile.clean:14: arch/arm64/boot/amd/Makefile: No such file or directory
make[2]: *** No rule to make target `arch/arm64/boot/amd/Makefile'. Stop.
make[1]: *** [arch/arm64/boot/amd] Error 2
make: *** [archclean] Error 2
----------
This patch skip the missing Kbuild/Makefile reporting
error. It does the job (i.e cleanup dts/*/*.dtb and
do not spit out missing file error messages as well).
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Make modinst_dir user-defined on the command line.
This allows to do things like:
make MODLIB=output/ modinst_dir=. modules_install
to ensure all the .ko are in the output/ directory.
Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151
Signed-off-by: Rom Lemarchand <romlem@android.com>
* What
This provides an interface for issuing an FITRIM which uses the
secure discard instead of just a discard.
Only the eMMC command is "secure", and not how the FS uses it:
due to the fact that the FS might reassign a region somewhere else,
the original deleted data will not be affected by the "trim" which only
handles un-used regions.
So we'll just call it "deep discard", and note that this is a
"best effort" cleanup.
* Why
Once in a while, We want to be able to cleanup most of the unused blocks
after erasing a bunch of files.
We don't want to constantly secure-discard via a mount option.
From an eMMC spec perspective, it tells the device to really get rid of
all the data for the specified blocks and not just put them back into the
pool of free ones (unlike the normal TRIM). The eMMC spec says the
secure trim handling must make sure the data (and metadata) is not available
anymore. A simple TRIM doesn't clear the data, it just puts blocks in the
free pool.
JEDEC Standard No. 84-A441
7.6.9 Secure Erase
7.6.10 Secure Trim
From an FS perspective, it is acceptable to leave some data behind.
- directory entries related to deleted files
- databases entries related to deleted files
- small-file data stored in inode extents
- blocks held by the FS waiting to be re-used (mitigated by sync).
- blocks reassigned by the FS prior to FIDTRIM.
Change-Id: I676a1404a80130d93930c84898360f2e6fb2f81e
Signed-off-by: Geremy Condra <gcondra@google.com>
Signed-off-by: JP Abgrall <jpa@google.com>
Emulate NMIs on systems where they are not available by using timer
interrupts on other cpus. Each cpu will use its softlockup hrtimer
to check that the next cpu is processing hrtimer interrupts by
verifying that a counter is increasing.
This patch is useful on systems where the hardlockup detector is not
available due to a lack of NMIs, for example most ARM SoCs.
Without this patch any cpu stuck with interrupts disabled can
cause a hardware watchdog reset with no debugging information,
but with this patch the kernel can detect the lockup and panic,
which can result in useful debugging info.
Change-Id: Ia5faf50243e19c1755201212e04c8892d929785a
Signed-off-by: Colin Cross <ccross@android.com>
Replace bcd2bin and bin2bcd with one that maps years 1970 to 2129
in a pattern that works with the underlying hardware.
The only transition that does not work correctly for this rtc clock
is the transition from 2099 to 2100, it proceeds to 2000. The rtc
clock retains and transitions the year correctly in all other
circumstances.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26346842
Change-Id: Ie527700190b1ae4b4bc3c12279d875aa5985b168
Place SLPZ pin in sleep state at system suspend time if a GPIO is
provided by board platform data.
Change-Id: I93c61fa0ae474e968e0f909209c9bfcaafe3dd2c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Suspend attempts can abort when the FUSE daemon is already frozen
and a client is waiting uninterruptibly for a response, causing
freezing of tasks to fail.
Use the freeze-friendly wait API, but disregard other signals.
Change-Id: Icefb7e4bbc718ccb76bf3c04daaa5eeea7e0e63c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Add wake_peer which is called before starting UART TX. The idea here
is to provide a mechanism where we can wakeup our peer before sending
data.
Change-Id: I42e0779b635f64ca99184b45d5b028de80197491
Signed-off-by: San Mehat <san@google.com>
(cherry picked from commit https://lkml.org/lkml/2015/12/21/339)
x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address.
This value represents a compromise between increased ASLR
effectiveness and avoiding address-space fragmentation. Replace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ic38735a8de2943843a73b5c20855ccfa92513422
(cherry picked from commit https://lkml.org/lkml/2015/12/21/340)
arm64: arch_mmap_rnd() uses STACK_RND_MASK to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I0be0bf8b1ed412863f248323e2d86b1df5bf21c6
(cherry picked from commit https://lkml.org/lkml/2015/12/21/341)
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I438ae2dae939ea7f311246832cb789afdd6cba4e
(cherry picked from commit https://lkml.org/lkml/2015/12/21/337)
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ibf9ed3d4390e9686f5cc34f605d509a20d40e6c2
