Before this patch, a process with some permissive seccomp filter
that was applied by root without NO_NEW_PRIVS was able to add
more filters to itself without setting NO_NEW_PRIVS by setting
the new filter from a throwaway thread with NO_NEW_PRIVS.
Signed-off-by: Jann Horn <jann@thejh.net>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Bug: 36656103
(cherry-picked from commit 103502a35cfce0710909da874f092cb44823ca03)
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I5abd7daab9172f1dfd53e11706b7c7f331f2f4f1
Git-commit: 5ac4b903e458141402c79671b4d3c43f99476719
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Make sockfs_setattr() static as it is not used outside of net/socket.c
This fixes the following GCC warning:
net/socket.c:534:5: warning: no previous prototype for ‘sockfs_setattr’ [-Wmissing-prototypes]
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: Ie613c441b3fe081bdaec8c480d3aade482873bf8
Fixes: Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59
("net: core: Add a UID field to struct sock.")
(cherry picked from commit dc647ec88e029307e60e6bf9988056605f11051a)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Git-commit: 5785fa4bbb12739c5959828a8c18cc0e506622d9
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP
protocols.") made ip_do_redirect call sock_net(sk) to determine
the network namespace of the passed-in socket. This crashes if sk
is NULL.
Fix this by getting the network namespace from the skb instead.
Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.")
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: I16a3c343cb142c482ca6dd363c28b3a12d73a46d
Fixes: Change-Id: I910504b508948057912bc188fd1e8aca28294de3
("net: inet: Support UID-based routing in IP protocols.")
(cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Git-commit: 8703ea3d29931265cd3dac73ac9a5f85d92a7e55
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
->setattr() was recently implemented for socket files to sync the socket
inode's uid to the new 'sk_uid' member of struct sock. It does this by
copying over the ia_uid member of struct iattr. However, ia_uid is
actually only valid when ATTR_UID is set in ia_valid, indicating that
the uid is being changed, e.g. by chown. Other metadata operations such
as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could
be set to a "garbage" value from the stack.
Fix this by only copying the uid over when ATTR_UID is set.
[backport of net e1a3a60a2ebe991605acb14cd58e39c0545e174e]
Bug: 16355602
Change-Id: I20e53848e54282b72a388ce12bfa88da5e3e9efe
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 10487d4e83e94f6f5ac0912f8af04ad7dd29f071
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP
protocols.") made __build_flow_key call sock_net(sk) to determine
the network namespace of the passed-in socket. This crashes if sk
is NULL.
Fix this by getting the network namespace from the skb instead.
[Backport of net-next d109e61bfe7a468fd8df4a7ceb65635e7aa909a0]
Bug: 16355602
Change-Id: I27161b70f448bb95adce3994a97920d54987ce4e
Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.")
Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ca05d6a257c539ccb3e12d7c7f874f5baf20a015
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
- Use the UID in routing lookups made by protocol connect() and
sendmsg() functions.
- Make sure that routing lookups triggered by incoming packets
(e.g., Path MTU discovery) take the UID of the socket into
account.
- For packets not associated with a userspace socket, (e.g., ping
replies) use UID 0 inside the user namespace corresponding to
the network namespace the socket belongs to. This allows
all namespaces to apply routing and iptables rules to
kernel-originated traffic in that namespaces by matching UID 0.
This is better than using the UID of the kernel socket that is
sending the traffic, because the UID of kernel sockets created
at namespace creation time (e.g., the per-processor ICMP and
TCP sockets) is the UID of the user that created the socket,
which might not be mapped in the namespace.
[Backport of net-next e2d118a1cb5e60d077131a09db1d81b90a5295fe]
Bug: 16355602
Change-Id: I910504b508948057912bc188fd1e8aca28294de3
Tested: compiles allnoconfig, allyesconfig, allmodconfig
Tested: https://android-review.googlesource.com/253302
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 327455146c7467670e7c94b089ef88f57bc57311
Git-repo: https://android.googlesource.com/kernel/common.git
[resolved trivial merge conflicts]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
- Define a new FIB rule attributes, FRA_UID_RANGE, to describe a
range of UIDs.
- Define a RTA_UID attribute for per-UID route lookups and dumps.
- Support passing these attributes to and from userspace via
rtnetlink. The value INVALID_UID indicates no UID was
specified.
- Add a UID field to the flow structures.
[Backport of net-next 622ec2c9d52405973c9f1ca5116eb1c393adfc7d]
Bug: 16355602
Change-Id: Iea98e6fedd0fd4435a1f4efa3deb3629505619ab
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 0baa8bcd2d48a89ee304051167ded77a10baabcc
Git-repo: https://android.googlesource.com/kernel/common.git
[resolved trivial merge conflicts]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Protocol sockets (struct sock) don't have UIDs, but most of the
time, they map 1:1 to userspace sockets (struct socket) which do.
Various operations such as the iptables xt_owner match need
access to the "UID of a socket", and do so by following the
backpointer to the struct socket. This involves taking
sk_callback_lock and doesn't work when there is no socket
because userspace has already called close().
Simplify this by adding a sk_uid field to struct sock whose value
matches the UID of the corresponding struct socket. The semantics
are as follows:
1. Whenever sk_socket is non-null: sk_uid is the same as the UID
in sk_socket, i.e., matches the return value of sock_i_uid.
Specifically, the UID is set when userspace calls socket(),
fchown(), or accept().
2. When sk_socket is NULL, sk_uid is defined as follows:
- For a socket that no longer has a sk_socket because
userspace has called close(): the previous UID.
- For a cloned socket (e.g., an incoming connection that is
established but on which userspace has not yet called
accept): the UID of the socket it was cloned from.
- For a socket that has never had an sk_socket: UID 0 inside
the user namespace corresponding to the network namespace
the socket belongs to.
Kernel sockets created by sock_create_kern are a special case
of #1 and sk_uid is the user that created them. For kernel
sockets created at network namespace creation time, such as the
per-processor ICMP and TCP sockets, this is the user that created
the network namespace.
[Backport of net-next 86741ec25462e4c8cdce6df2f41ead05568c7d5e]
Bug: 16355602
Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 0b4969c3ee65a18f19c426b6f2342304376c2cab
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in
tcp_vX_send_reset()") I missed other spots we could deref a NULL
skb_dst(skb)
Again, if a socket is provided, we do not need skb_dst() to get a
pointer to network namespace : sock_net(sk) is good enough.
[Backport of net-next 0f85feae6b710ced3abad5b2b47d31dfcb956b62]
Bug: 16355602
Change-Id: Ibe1def7979625ee7902bff2f33ec8945b9945948
Reported-by: Dann Frazier <dann.frazier@canonical.com>
Bisected-by: Dann Frazier <dann.frazier@canonical.com>
Tested-by: Dann Frazier <dann.frazier@canonical.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode")
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 043dcfd7006df619269bd73955738719887b6515
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
After commit ca777eff51f7 ("tcp: remove dst refcount false sharing for
prequeue mode") we have to relax check against skb dst in
tcp_v[46]_send_reset() if prequeue dropped the dst.
If a socket is provided, a full lookup was done to find this socket,
so the dst test can be skipped.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=88191
Reported-by: Jaša Bartelj <jasa.bartelj@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Daniel Borkmann <dborkman@redhat.com>
Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode")
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexander Duyck reported high false sharing on dst refcount in tcp stack
when prequeue is used. prequeue is the mechanism used when a thread is
blocked in recvmsg()/read() on a TCP socket, using a blocking model
rather than select()/poll()/epoll() non blocking one.
We already try to use RCU in input path as much as possible, but we were
forced to take a refcount on the dst when skb escaped RCU protected
region. When/if the user thread runs on different cpu, dst_release()
will then touch dst refcount again.
Commit 093162553c (tcp: force a dst refcount when prequeue packet)
was an example of a race fix.
It turns out the only remaining usage of skb->dst for a packet stored
in a TCP socket prequeue is IP early demux.
We can add a logic to detect when IP early demux is probably going
to use skb->dst. Because we do an optimistic check rather than duplicate
existing logic, we need to guard inet_sk_rx_dst_set() and
inet6_sk_rx_dst_set() from using a NULL dst.
Many thanks to Alexander for providing a nice bug report, git bisection,
and reproducer.
Tested using Alexander script on a 40Gb NIC, 8 RX queues.
Hosts have 24 cores, 48 hyper threads.
echo 0 >/proc/sys/net/ipv4/tcp_autocorking
for i in `seq 0 47`
do
for j in `seq 0 2`
do
netperf -H $DEST -t TCP_STREAM -l 1000 \
-c -C -T $i,$i -P 0 -- \
-m 64 -s 64K -D &
done
done
Before patch : ~6Mpps and ~95% cpu usage on receiver
After patch : ~9Mpps and ~35% cpu usage on receiver.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Unfortunately we record PIDs in audit records using a variety of
methods despite the correct way being the use of task_tgid_nr().
This patch converts all of these callers, except for the case of
AUDIT_SET in audit_receive_msg() (see the comment in the code).
Reported-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Bug: 28952093
(cherry picked from commit fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: I36508a25c957f5108299e68a3b0f627c94eb27eb
Git-commit: ba44f95ff22308cfe3227ba1804b5e476f60342d
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This adds the capability for a process that has CAP_NET_ADMIN on
a socket to see the socket mark in socket dumps.
Commit a52e95abf772 ("net: diag: allow socket bytecode filters to
match socket marks") recently gave privileged processes the
ability to filter socket dumps based on mark. This patch is
complementary: it ensures that the mark is also passed to
userspace in the socket's netlink attributes. It is useful for
tools like ss which display information about sockets.
[backport of net-next d545caca827b65aab557a9e9dcdcf1e5a3823c2d]
Change-Id: I0c9708aae5ab8dfa296b8a1e6aecceb2a382415a
Tested: https://android-review.googlesource.com/270210
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 37249459aab0efae6ee7e11d12fc8f790dd32ebc
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
udp_diag_destroy does look up the IPv4 UDP hashtable for mapped
addresses, but it gets the IPv4 address to look up from the
beginning of the IPv6 address instead of the end.
[backport of net-next f95bf346226b9b79352e05508beececc807cc37a]
Change-Id: I86665b3f4e17c29afd496571d30cec7d14672009
Tested: https://android-review.googlesource.com/269874
Fixes: 5d77dca82839 ("net: diag: support SOCK_DESTROY for UDP sockets")
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: a6226bbfbbdfbb2e4e4eecd162449f889275825e
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This implements SOCK_DESTROY for UDP sockets similar to what was done
for TCP with commit c1e64e298b8ca ("net: diag: Support destroying TCP
sockets.") A process with a UDP socket targeted for destroy is awakened
and recvmsg fails with ECONNABORTED.
[backport of net-next 5d77dca82839ef016a93ad7acd7058b14d967752]
Change-Id: I84e71e774c859002f98dcdb5e0ca01f35227a44c
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: f7d5f821e7f558588fc8fdce9a500cf5058e9bf3
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This allows a privileged process to filter by socket mark when
dumping sockets via INET_DIAG_BY_FAMILY. This is useful on
systems that use mark-based routing such as Android.
The ability to filter socket marks requires CAP_NET_ADMIN, which
is consistent with other privileged operations allowed by the
SOCK_DIAG interface such as the ability to destroy sockets and
the ability to inspect BPF filters attached to packet sockets.
[backport of net-next a52e95abf772b43c9226e9a72d3c1353903ba96f]
Change-Id: Ic02caf628a71007cc7c48c9da220b4088f5aa4f4
Tested: https://android-review.googlesource.com/261350
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: d4c5e3877cbaaa2e51e53a853535caf5c8c9ebdc
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This simplifies the code a bit and also allows inet_diag_bc_audit
to send to userspace an error that isn't EINVAL.
[backport of net-next 627cc4add53c0470bfd118002669205d222d3a54]
Change-Id: I3afb83931e3dfb56c4c5c2f6567305981458c694
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 4a639707ce0fb6e06db638e02620b3a558e61342
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Add support to inet_diag facility to filter sockets based on device
index. If an interface index is in the filter only sockets bound
to that index (sk_bound_dev_if) are returned.
[backport of net-next 637c841dd7a5f9bd97b75cbe90b526fa1a52e530]
Change-Id: Ib430cfb44f1b3b1a771a561247ee9140737e52fd
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 41e1e3f25086fdac04df527e9d99b1f4b0d74249
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Clearing Non uC interrupts before processing will
result in clearing interrupt data.
Change-Id: I47ea7c22250264da206e1fb8691e77224c825ab0
CRs-Fixed: 1008549
Acked-by: Mohammed Javid <mjavid@qti.qualcomm.com>
Signed-off-by: sunil paidimarri <hisunil@codeaurora.org>
When stack memory is provided to HW as part of descriptor
it can lead to cache alignment issues. Make changes to
use heap memory whereever applicable.
Change-Id: I666f98cf2ec45a4743db0ab7bc6d2df821cce84a
Acked-by: Chaitanya Pratapa <cpratapa@qti.qualcomm.com>
Signed-off-by: Sridhar Ancha <sancha@codeaurora.org>
Added IOCTL for adding a rule on a specific location on the
rt\flt table. The rule will be added after the rule with the
given handle.
Change-Id: I148561fecc7a2e2c9861dbce8975b02947839968
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Amir Levy <alevy@codeaurora.org>
Signed-off-by: Nadine Toledano <nadinet@codeaurora.org>
Currently value of MAX_NUM_OF_MUX_CHANNEL is 10
but number of valid interfaces is 8. So empty interface
is also getting mux id. Return mux id only for valid
interfaces.
Change-Id: I7852df0aa0ccee781c1bf6857a4183b99194f3ee
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Currently IPA send common error -EFAULT to user space
in case of IOCTL fails. Change error value for set quota
based on error received from modem.
Change-Id: Ib6ba487a186245ddf752cd08de12293af1ea1bb9
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Add ioctl for user space to get ipa hw version
Change-Id: Iba207623126f641324fbcf174bddd46552f489de
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Add several defines and structs to allow IPA nat driver compile.
Change IPA_HW_MAX to be a define instead of enum so user space
can check its existence with ifdef.
Change-Id: I33df449d18b678dca44475f04eb72318179dda11
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Amir Levy <alevy@codeaurora.org>
add support on wan-driver to query modem or
wlan-fw to get the total data usage for all
tethered clients.
Change-Id: I56f40f1c0f6b2ec4279e78b3aeb81c687d08bf2e
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
propagation from qcacld-3.0 to qcacld-2.0
In function dot11f_unpack functions length of buffer passed is
decremented as pointer advances in the buffer. Add a check for
integer underflow before decrementing the length.
qcacld-3.0 to CLD2.0 propagation of the following CRs:
2237141, 2231755, 2246426, 2150438
Change-Id: I4ed39d326855c2027ff0bc3cbe5c8981a2ae2aa1
CRs-Fixed: 2259649
Propagation from qcacld-3.0 to qcacld-2.0
In function wma_extscan_change_results_event_handler(), numResults
in dest_chglist is assigning as total_entries in the event, but the
memory allocated to dest_chglist is based on the numap variable,
which may cause out of buffer read in extscan indication callback
function wlan_hdd_cfg80211_extscan_signif_wifi_change_results_ind().
Also tSirWifiSignificantChange array parsing in both the functions
is not efficient which may lead to accessing unallocated memory.
To address out of buffer read, assign numap to numResults in
dest_chglist and to address accessing of unallocated memory,
parse tSirWifiSignificantChange array with efficient logic.
Change-Id: I469405d68cf075e58aa3a17e884032882a595b18
CRs-Fixed: 2275630
Add sanity check for vdev_id in wma_apfind_evt_handler
and wma_lost_link_info_handler.
Change-Id: I1f469b25ac88deb4d5bbaf754c0ea441e6cb04de
CRs-Fixed: 2227076
There might be scenario when NET_TX is preempted by
irq context and context is resumed when recovery flag is set.
Resumed context will try to enqueue data packet in invalid
state and can result to invalid HW access.
To mitigate this problem check for recovery flag and return
the context gracefully.
Change-Id: I6d58875e1f3d668984f76936a7e304fe68279c47
CRs-Fixed: 2252943
Bug: 80160768
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
Fix for possible information leak issue because of unintialised variable
Which can be accesed from userspace in camera fd driver
Bug: 73889358
Signed-off-by: annamraj <annamraj@codeaurora.org>
Change-Id: I4552c4829e9532d848e46fd123316b26105e310e
Driver has smeNeighborMiddleOfRoaming to check if STA is in middle
of roaming. Further sme_staInMiddleOfRoaming acquires lock to know
roam status, which is not required at all. Further driver can enter
sleep state because of mutex lock in suspend path and can result in
DPM device timeout.
Hence, replace sme_staInMiddleOfRoaming with smeNeighborMiddleOfRoaming
and remove redundant API sme_staInMiddleOfRoaming. Driver does not use
any lock in smeNeighborMiddleOfRoaming to check roaming status.
Change-Id: I96193becaa05a68044e092bb607eb5db60526a11
CRs-Fixed: 2250171
Bug: 80256778
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
In cleanup_stats(), a freed memory pointer pos might be accessed for
list traversal. Switch to using _safe() variant of the list API to
prevent undefined accesses.
Bug: 79421260
Change-Id: I7d068cb7813ccb9bfdbcab4646b4ec890145828a
Signed-off-by: Mahesh Sivasubramanian <msivasub@codeaurora.org>
In below concurrent case, allocated nid can be loaded into free nid cache
and be allocated again.
Thread A Thread B
- f2fs_create
- f2fs_new_inode
- alloc_nid
- __insert_nid_to_list(ALLOC_NID_LIST)
- f2fs_balance_fs_bg
- build_free_nids
- __build_free_nids
- scan_nat_page
- add_free_nid
- __lookup_nat_cache
- f2fs_add_link
- init_inode_metadata
- new_inode_page
- new_node_page
- set_node_addr
- alloc_nid_done
- __remove_nid_from_list(ALLOC_NID_LIST)
- __insert_nid_to_list(FREE_NID_LIST)
This patch makes nat cache lookup and free nid list operation being atomical
to avoid this race condition.
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
We want to use network trace events in production
builds, to help diagnose Wifi problems. However, we
don't want to expose raw kernel pointers in such
builds.
Change the format specifier for the skbaddr field,
so that, if kptr_restrict is enabled, the pointers
will be reported as 0.
Bug: 30090733
Change-Id: Ic4bd583d37af6637343601feca875ee24479ddff
Signed-off-by: mukesh agrawal <quiche@google.com>
Git-commit: 0020e178ac5c7069d45fef7ed1dafedf168dcfaf
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
while commit thread is in progress, suspend is called and stop thread
sets the commit_pending flag to zero, but commit thread increments the
flag, due to which while resume pan idle func time out.
check for disp thread before incrementing the commit_pending flag.
Change-Id: I92483a2b9c44cc41c6d31e8a7d3b2a5bfe11fbc9
Signed-off-by: Raghavendra Ambadas <rambad@codeaurora.org>
In diagchar_open() protect the decrement of number of diag clients
so that there will be no race conditions while reading the value
from other functions.
Change-Id: I0e2fb5331eec9c7bba39e7d881b69559256833a3
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Add null terminator to end of buffered copied from user to prevent
over reading.
Change-Id: I80cfcb087ea2c335fd65d8fcdaf372c7d34a533d
Signed-off-by: David Dai <daidavid1@codeaurora.org>
Issue is seen when apr callback is received while voice_svc_release
is in process of freeing the driver private data.
Avoid invalid access of private data pointer by putting
the callback and release functions in the same locked context.
Change-Id: I93af13cab0a3c7e653a9bc9fa7f4f86bfa0502df
Signed-off-by: smanag <smanag@codeaurora.org>
ac could get freed during the execution of q6asm_callback.
And kernel panic happens. Add spinlock to protect ac to avoid
kernel panic.
Change-Id: Ie49c8a3979231552ba7d5f207aab0d95ffdc2a72
Signed-off-by: Meng Wang <mwang@codeaurora.org>
Add size check to make sure the data sizes from WDSP
ELF metadata and the split firmware ELF are the same.
Change-Id: Ic2f7dc04dfc95608302cba23461c519378619db0
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
cpu_idle_poll() is entered into when either the cpu_idle_force_poll is set or
tick_check_broadcast_expired() returns true. The exit condition from
cpu_idle_poll() is tif_need_resched().
However this does not take into account scenarios where cpu_idle_force_poll
changes or tick_check_broadcast_expired() returns false, without setting
the resched flag. So a cpu will be caught in cpu_idle_poll() needlessly,
thereby wasting power. Add an explicit check on cpu_idle_force_poll and
tick_check_broadcast_expired() to the exit condition of cpu_idle_poll()
to avoid this.
Change-Id: I9e48347dba41ee9980afa00e0fe5be0fdddb5e6e
Signed-off-by: Preeti U Murthy <preeti@linux.vnet.ibm.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20150121105655.15279.59626.stgit@preeti.in.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
[pkondeti@codeaurora.org: Resolved merge conflicts]
Git-commit: ff6f2d29bd31cdfa1ac494a8b26d2af8ba887d59
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Now that CMDQ device and driver are stable, Change unnecessary
pr_err logs to pr_debug.
Also use %pK instead of %p while printing addresses to avoid leaking
of kernel addresses.
Change-Id: I95683ffe0410daef86dd9a376f5769d8f40ae990
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
Use %pK instead of %p in debug logs so that kernel addresses don't get
leaked when debug logs are dynamically enabled.
Change-Id: I3c0df8a8db6643ab547d8599dd03b54030f76ece
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
(cherry pick from commit 93a1e86ce10e4898f9ca9cd09d659a8a7780ee5e)
An attribute NL80211_ATTR_SOCKET_OWNER can be set by the scan initiator.
If present, the attribute will cause the scan to be stopped if the client
dies.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 25561044
Change-Id: Ibe4a555b29b64b6df1b9ed4cdcd0f05a69416d14
Git-commit: 5dc2042459d5345c64c35269058a60720f3c6d29
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
(cherry pick from commit 78f22b6a3a9254460d23060530b48ae02a9394e3)
When dynamically creating interfaces from userspace, e.g. for P2P usage,
such interfaces are usually owned by the process that created them, i.e.
wpa_supplicant. Should wpa_supplicant crash, such interfaces will often
cease operating properly and cause problems on restarting the process.
To avoid this problem, introduce an ownership concept for interfaces. If
an interface is owned by a netlink socket, then it will be destroyed if
the netlink socket is closed for any reason, including if the process it
belongs to crashed. This gives us a race-free way to get rid of any such
interfaces.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 25561044
Change-Id: I5a9c8883c5c204ac5d2917ab8492b44daf4b71e7
Git-commit: 5586920dfea6a8dc963a55572de0256a4faa636e
Git-repo: https://android.googlesource.com/kernel/common.git
[resolved trivial merge conflicts]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
(cherry picked from commit 6bc2b856bb7c49f238914d965c0b1057ec78226e)
Set TIF_MEMDIE tsk_thread flag before send kill signal to the
selected thread. This is to fit a usual code sequence and avoid
potential race issue.
Signed-off-by: Weijie Yang <weijie.yang@samsung.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 76fc4536faaac9644151fb8a38731c8cf4ab85c4
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Jann Horn
Tobias Klauser
Lorenzo Colitti
Eric Biggers
Eric Dumazet
Paul Moore
David Ahern
sunil paidimarri
Sridhar Ancha
Mohammed Javid
Skylar Chang
Amir Levy
Qun Zhang
Min Liu
tinlin
Srinivas Girigowda
annamraj
Mahesh Sivasubramanian
Chao Yu
mukesh agrawal
raghavendra ambadas
Sreelakshmi Gownipalli
David Dai
smanag
Meng Wang
Xiaoyu Ye
Preeti U Murthy
Vijay Viswanath
Jukka Rissanen
Johannes Berg
Weijie Yang