Introduce a new socket ioctl, SIOCKILLADDR, that nukes all sockets
bound to the same local address. This is useful in situations with
dynamic IPs, to kill stuck connections.
Signed-off-by: Brian Swetland <swetland@google.com>
net: fix tcp_v4_nuke_addr
Signed-off-by: Dima Zavin <dima@android.com>
net: ipv4: Fix a spinlock recursion bug in tcp_v4_nuke.
We can't hold the lock while calling to tcp_done(), so we drop
it before calling. We then have to start at the top of the chain again.
Signed-off-by: Dima Zavin <dima@android.com>
net: ipv4: Fix race in tcp_v4_nuke_addr().
To fix a recursive deadlock in 2.6.29, we stopped holding the hash table lock
across tcp_done() calls. This fixed the deadlock, but introduced a race where
the socket could die or change state.
Fix: Before unlocking the hash table, we grab a reference to the socket. We
can then unlock the hash table without risk of the socket going away. We then
lock the socket, which is safe because it is pinned. We can then call
tcp_done() without recursive deadlock and without race. Upon return, we unlock
the socket and then unpin it, killing it.
Change-Id: Idcdae072b48238b01bdbc8823b60310f1976e045
Signed-off-by: Robert Love <rlove@google.com>
Acked-by: Dima Zavin <dima@android.com>
ipv4: disable bottom halves around call to tcp_done().
Signed-off-by: Robert Love <rlove@google.com>
Signed-off-by: Colin Cross <ccross@android.com>
ipv4: Move sk_error_report inside bh_lock_sock in tcp_v4_nuke_addr
When sk_error_report is called, it wakes up the user-space thread, which then
calls tcp_close. When the tcp_close is interrupted by the tcp_v4_nuke_addr
ioctl thread running tcp_done, it leaks 392 bytes and triggers a WARN_ON.
This patch moves the call to sk_error_report inside the bh_lock_sock, which
matches the locking used in tcp_v4_err.
Signed-off-by: Colin Cross <ccross@android.com>
Add a family of knobs to /sys/kernel/ipv4 for controlling the TCP window size:
tcp_wmem_min
tcp_wmem_def
tcp_wmem_max
tcp_rmem_min
tcp_rmem_def
tcp_rmem_max
This six values mirror the sysctl knobs in /proc/sys/net/ipv4/tcp_wmem and
/proc/sys/net/ipv4/tcp_rmem.
Sysfs, unlike sysctl, allows us to set and manage the files' permissions and
owners.
Signed-off-by: Robert Love <rlove@google.com>
With CONFIG_ANDROID_PARANOID_NETWORK, require specific uids/gids to instantiate
network sockets.
Signed-off-by: Robert Love <rlove@google.com>
paranoid networking: Use in_egroup_p() to check group membership
The previous group_search() caused trouble for partners with module builds.
in_egroup_p() is also cleaner.
Signed-off-by: Nick Pelly <npelly@google.com>
Fix 2.6.29 build.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
net: Fix compilation of the IPv6 module
Fix compilation of the IPv6 module -- current->euid does not exist anymore,
current_euid() is what needs to be used.
Signed-off-by: Steinar H. Gunderson <sesse@google.com>
net: bluetooth: Remove the AID_NET_BT* gid numbers
Removed bluetooth checks for AID_NET_BT and AID_NET_BT_ADMIN
which are not useful anymore.
This is in preparation for getting rid of all the AID_* gids.
Signed-off-by: JP Abgrall <jpa@google.com>
Add <linux/android_aid.h>, our mapping of AID defines to gid numbers.
Change-Id: I3a02eb2b5c7e336e3de0cb45d8e04ec82f7281b4
Signed-off-by: Robert Love <rlove@google.com>
For disk devices, a new uevent parameter 'NPARTS' specifies the number
of partitions detected by the kernel. Partition devices get 'PARTN' which
specifies the partitions index in the table, and 'PARTNAME', which
specifies PARTNAME specifices the partition name of a partition device
Signed-off-by: Dima Zavin <dima@android.com>
This reverts commit 829b6962f7.
Revert this change as it causes a sysfs path to change and therefore
introduces and ABI regression. More precisely Android's vold is not being
able to access /sys/module/mmcblk/parameters/perdev_minors any more, since
the path becomes changed to: "/sys/module/mmc_block/..."
Fixes: 829b6962f7 ("mmc: block: don't use parameter prefix if built as
module")
Reported-by: John Stultz <john.stultz@linaro.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
CONFIG_EXPERIMENTAL has been removed from the kernel, so clean
up its use in MMC_EMBEDDED_SDIO and MMC_PARANOID_SD_INIT options.
Change-Id: If414c265134b36740a84564274a631803c8e81b4
Cc: Arve Hjønnevåg <arve@android.com>
Cc: San Mehat <san@google.com>
Cc: Android Kernel Team <kernel-team@android.com>
Reported-by: Jon Medhurst (Tixy) <tixy@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Add some logging to make it clear just how the emmc timeout
was handled.
Change-Id: Id33fd28d8b9778dc4e85db829e2637a328eddab4
Signed-off-by: Ken Sumrall <ksumrall@android.com>
mmc_sdio_init_card function is doing necessary initialization
Change-Id: I7d2e432b2af8a76267378acba07e3e4e8fd1e6bc
Signed-off-by: Hosung Kim <hosung0.kim@samsung.com>
This patch sets extend_wakelock if the host's
bus is marked dead due to card removal.
This change was originally made in bc4dc52f178828
(mmc: mmcblk: Add support for deferred SD bus resume),
which was reverted due to the majority of the patch
no longer building or making sense. However one small
part of that patch ought to be saved.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: San Mehat <san@android.com>
mmc: core: Rework mmc_delayed_work wakelock so that the wakelock is only extended if a card is added or removed.
Signed-off-by: San Mehat <san@google.com>
This is required to support chips which use SDIO for signaling/
communication but do not implement the various card enumeration registers
as required for full SD / SDIO cards.
mmc: sdio: Fix bug where we're freeing the CIS tables we never allocated when using EMBEDDED_SDIO
mmc: Add max_blksize to embedded SDIO data
Change-Id: Ibff2e3e991e5522f55ec8c6edc25ed09f2553736
Signed-off-by: San Mehat <san@google.com>
Set the GENHD_FL_EXT_DEVT flag, which will allocate minor numbers
in major 259 for partitions past disk->minors.
Also remove the use of disk_devt to determine devidx from md->disk.
md->disk->first_minor is always initialized from devidx and can
always be used to recover it.
Signed-off-by: Colin Cross <ccross@android.com>
it doesn't need S_IWUSR attribute since xxx_store API is un-needed.
otherwise the WARN check in device_create_file will alert.
Change-Id: I6360bf022dcd659bfb3f41c84624f954d5d15ea5
Signed-off-by: Qiao Zhou <zhouqiao@marvell.com>
This change fixes two problems.
First, it ensures that the hid-multitouch driver does not incorrectly
map GenericDesktop usages that are intended for other applications,
such as a Mouse.
Second, it sets the appropriate input properties so that user-space
can distinguish TouchScreen devices (INPUT_PROP_DIRECT) from
TouchPad devices (INPUT_PROP_POINTER) and configure them accordingly.
Change-Id: I8c2d947929186ffe7cf04b37c76e29b9abecf8cb
Signed-off-by: jeffbrown@android.com
A HID device could send a malicious output report that would cause the
steelseries HID driver to write beyond the output report allocation
during initialization, causing a heap overflow:
[ 167.981534] usb 1-1: New USB device found, idVendor=1038, idProduct=1410
...
[ 182.050547] BUG kmalloc-256 (Tainted: G W ): Redzone overwritten
CVE-2013-2891
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Switched do_restart to run in a seperate workqueue to handle
cases where kernel_restart hangs.
Change-Id: I1ecd61f8d0859f1a86d37c692351d644b5db9c69
Signed-off-by: Daniel Rosenberg <drosen@google.com>
keyreset now registers a keycombo driver that acts as the old
keyreset driver acted.
Change-Id: I08f5279e3a33b267571b699697f9f54508868983
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Keycombo lets you provide a key up and key down function, and an
optional time delay for key down. The driver will call the key
down function after the specified key combo has been held for the
speicified time delay. After you release the combo, if the key down
has happened, it calls key up.
Change-Id: I6a9a94e96a8f58fadd908fd1dc7944b9102a089f
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Move the entire contents of linux/keychord.h header to uapi, it only
contains a userspace interface.
Change-Id: If94f83328b19efb58c66391dce3bd8e927788d8d
Signed-off-by: Colin Cross <ccross@android.com>
This driver allows userspace to receive notification when client
specified key combinations are pressed.
The client opens /dev/keychord and writes a list of keychords
for the driver to monitor.
The client then reads or polls /dev/keychord for notifications.
A client specified ID for the keychord is returned from read()
when a keychord press is detected.
Signed-off-by: Mike Lockwood <lockwood@android.com>
keychord: fix to build without CONFIG_PREEMPT
Change-Id: I911f13aeda4224b6fa57863bc7e8972fec8837fb
Add a platform device in the board file to specify a reset key-combo.
The first time the key-combo is detected a work function that syncs
the filesystems is scheduled. If all the keys are released and then
pressed again, it calls panic. Reboot on panic should be set for
this to work.
Change-Id: I9d54283ca1fba45e4b1ae1a407524cdda8171143
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Remove the early suspend handler. Leave the suspend functions
for now, they should eventually get called through a userspace
interface.x
Change-Id: I67f9dafe32fe32577bab93c42b95824db96c215c
Signed-off-by: Colin Cross <ccross@android.com>
Supports keyboard matrixces, direct inputs, direct outputs and axes connected to gpios.
Change-Id: I5e921e6e3a1cc169316ee3b665f4cc21b5735114
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Nick Pelly <npelly@google.com>
Use module_param_cb helper routine instead of
__module_param_call otherwise we run into following
build error:
CC drivers/staging/android/lowmemorykiller.o
drivers/staging/android/lowmemorykiller.c:293:28: error: macro "__module_param_call" requires 7 arguments, but only 6 given
S_IRUGO | S_IWUSR, -1);
^
drivers/staging/android/lowmemorykiller.c:290:1: warning: data definition has no type or storage class [enabled by default]
__module_param_call(MODULE_PARAM_PREFIX, adj,
^
drivers/staging/android/lowmemorykiller.c:290:1: error: type defaults to ‘int’ in declaration of ‘__module_param_call’ [-Werror=implicit-int]
drivers/staging/android/lowmemorykiller.c:273:32: warning: ‘lowmem_adj_array_ops’ defined but not used [-Wunused-variable]
static struct kernel_param_ops lowmem_adj_array_ops = {
^
cc1: some warnings being treated as errors
make[3]: *** [drivers/staging/android/lowmemorykiller.o] Error 1
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Allows for capturing lmk kill events and
their rationale.
Change-Id: Ibe215db5bb9806fc550c72c0b9832c85cbd56bf6
Signed-off-by: Martijn Coenen <maco@google.com>
lowmemorykiller debug messages are inscrutable and mostly useful
for debugging the lowmemorykiller, not explaining why a process
was killed. Make the messages more useful by prefixing them
with "lowmemorykiller: " and explaining in more readable terms
what was killed, who it was killed for, and why it was killed.
The messages now look like:
[ 76.997631] lowmemorykiller: Killing 'droid.gallery3d' (2172), adj 1000,
[ 76.997635] to free 27436kB on behalf of 'kswapd0' (29) because
[ 76.997638] cache 122624kB is below limit 122880kB for oom_score_adj 1000
[ 76.997641] Free memory is -53356kB above reserved
A negative number for free memory above reserved means some of the
reserved memory has been used and is being regenerated by kswapd,
which is likely what called the shrinkers.
Change-Id: I1fe983381e73e124b90aa5d91cb66e55eaca390f
Signed-off-by: Colin Cross <ccross@android.com>
The conversion to use oom_score_adj instead of the deprecated oom_adj
values breaks existing user-space code. Add a config option to convert
oom_adj values written to oom_score_adj values if they appear to be
valid oom_adj values.
Change-Id: I68308125059b802ee2991feefb07e9703bc48549
Signed-off-by: Arve Hjønnevåg <arve@android.com>
When ashmem_shrink is called from direct reclaim on a user thread, a
call to do_fallocate will check for permissions against the security
policy of that user thread. It can thus fail by chance if called on a
thread that isn't permitted to modify the relevant ashmem areas.
Because we know that we have a shmem file underneath, call the shmem
implementation of fallocate directly instead of going through the
user-space interface for fallocate.
FIX=DMS06243560
Area: Kernel/Linux Kernel
Bug: 21951515
Change-Id: Ie98fff18a2bdeb535cd24d4fbdd13677e12681a7
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
