This project is mirrored from https://github.com/kaderbava/android_kernel_realme_sdm710.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update . This branch has diverged from upstream.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update . This branch has diverged from upstream.
- May 30, 2024
-
-
Kader Bava authored
-
- Apr 01, 2024
-
-
Bug: 221009551 Test: build, boot Signed-off-by:Jimmy Hu <hhhuuu@google.com> Change-Id: I82add2a6cb5e3060c930105b1b8b4f45da85f5f8
-
Fixes: 4b7e37cbcd65 ("usb: new attributes implementation to enable/disable usb data") Bug: 194649527 Test: build, boot Signed-off-by:Albert Wang <albertccwang@google.com>
-
Bug: 184613044 Test: driver probe and attributes access normally Signed-off-by: -
Prevent possible integer overflow by sanitizing the alloc request size coming from the client against allottable amount of memory. Change-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576 Signed-off-by:
Manoj Prabhu B <quic_bmanoj@quicinc.com> Signed-off-by:
Michael Bestas <mkbestas@lineageos.org>
-
Fix the sscanf overflow on the destination argument without the specifier. Change-Id: Iffc4967b1e11b3a91c97416cedc411a00b9bfc3b Signed-off-by:Manjunatha Madana <quic_c_mamanj@quicinc.com>
-
The global declared mmap_handle can be left dangling for case when the handle is freed by the calling function. Fix is to address this. Also add a check to make sure the mmap_handle is accessed legally. Change-Id: I367f8a41339aa0025b545b125ee820220efedeee Signed-off-by:Soumya Managoli <quic_c_smanag@quicinc.com>
-
Added check for voice session index. Change-Id: Ifff36add5d62f2fdc3395de1447075d297f2c2df Signed-off-by: -
Remove one more VLA that was not caught. Bug: 154930031 Change-Id: I2c6c1f6d5e6ef23769c117a47689e1539b85c882 Signed-off-by:Alistair Delva <adelva@google.com>
-
Android passes a lot of arguments via kernel command line. Current kernel command line is close to limit on a lot of devices. Increase kernel command line size to avoid cases when arguments are trimmed. Bug: 120817253 Change-Id: I18fc3a066273718fce021d85ca31e3f755706a13 Signed-off-by:Syuan Yang <syuanyang@google.com>
-
There is no check for voip pkt pkt_len,if it contains the minimum required data. This can lead to integer underflow. Add check for the same. Change-Id: I91d4f2ad8dfb060cdb2ab9e36dc9f886ea40908a Signed-off-by: -
Add check for the max hpcm_buf_node size before copy to avoid buffer out of bounds issue. Change-Id: Id647888430ce302359a857ef54d321bee99889bf Signed-off-by: -
We have 7 groups that is: background/ camera-daemon/ foreground/ rt/ nnapi-hal/ top-app and root group. Adding another one for testing. Bug: 150582812 Test: Build Change-Id: I2d749a7bde4ad4c7c05f7218c9a5f39f8533acae Signed-off-by:
Wei Wang <wvw@google.com> (cherry picked from commit 33b0444720e2d492326e4713179d5363472aba8b) Signed-off-by:
davidchao <davidchao@google.com>
-
Below warning is observed during boot when lockdep is enabled. Fix it by adding RCU lock around sched_boost_enabled usage. [ 0.158789] WARNING: suspicious RCU usage [ 0.158819] include/linux/cgroup.h:477 \ suspicious rcu_dereference_check() usage! [ 0.158935] Call trace: [ 0.158948] dump_backtrace+0x0/0x190 [ 0.158958] show_stack+0x20/0x30 [ 0.158970] dump_stack+0xe8/0x13c [ 0.158981] lockdep_rcu_suspicious+0x128/0x150 [ 0.158994] task_sched_boost+0x90/0xa8 [ 0.159005] pick_next_task_fair+0x7f8/0x9e0 [ 0.159016] __schedule+0x92c/0x1028 [ 0.159026] schedule_idle+0x24/0x40 [ 0.159038] do_idle+0x270/0x2a8 [ 0.159049] cpu_startup_entry+0x24/0x28 [ 0.159060] secondary_start_kernel+0x168/0x178. Change-Id: Id1d95744aa91d8aafee9ec0c413468b5ee18f0db Signed-off-by:Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
-
Current logic copies user buf size of data from the avail dsp buf at a given offset. If this offset returned from DSP in READ_DONE event goes out of bounds or is corrupted, then it can lead to out of bounds DSP buffer access, resulting in memory fault. Fix is to add check for this buf offset, if it is within the buf size range. Change-Id: I7753cc6db394704dbb959477150141d42b836bef Signed-off-by: -
Currently in wma_extscan_hotlist_match_event_handler API, dest_hotlist get memory allocation based on numap which takes value from event->total_entries. But numap is limited to WMA_EXTSCAN_MAX_HOTLIST_ENTRIES and event->total_entries more than WMA_EXTSCAN_MAX_HOTLIST_ENTRIES can cause out of bound issue. Fix is to populate dest_hotlist->numOfAps from numap instead of event->total_entries to avoid any out of bound issue. Change-Id: I756f7e4a4dcd454508bba83d4a8bbbb139530905 CRs-Fixed: 3346781
-
trace_printk will cause trace_printk_init_buffers executed in kernel start, which will increase memory and also show bad warnings in production kernel. Test: see warning message gone in dmesg Bug: 72894705 Change-Id: Id2d114ed8ba01abc80d9b00f0b1df3b0c852faf1 Signed-off-by: -
This piece of bash code starts running randomly and slows down building process by 40-50% and when hitting techpack driver building slows down to Pentium 4 speeds. Change-Id: Idebeabaee2a57e77560d531a356e6c3e1981436c Signed-off-by:
Yaroslav Furman <yaro330@gmail.com> Signed-off-by:
Park Ju Hyung <qkrwngud825@gmail.com> Signed-off-by:
improbir <ghosh_probir@yahoo.com>
-
Unfortunately, oplus_chg is full of dangerous kernel coding practices including weak memory orderings and will be prone to multiple breakages if the compiler (optimization flags) changes. Rather than spending time fixing all that, risking blowing up my phone, relax the optimizations to -Os so that it is less susceptible to -O2/-O3 changes and follow closer to what the OPPO/OnePlus engineers originally intended. Change-Id: I6bc976ae6a5296ef32fc7b5e82d876138bde6465 Signed-off-by:
-
Re-organise the perf accounting for fault handling in preparation for enabling handling of hardware poison faults in subsequent commits. The change updates perf accounting to be inline with the behaviour on x86. With this update, the perf fault accounting - * Always report PERF_COUNT_SW_PAGE_FAULTS * Doesn't report anything else for VM_FAULT_ERROR (which includes hwpoison faults) * Reports PERF_COUNT_SW_PAGE_FAULTS_MAJ if it's a major fault (indicated by VM_FAULT_MAJOR) * Otherwise, reports PERF_COUNT_SW_PAGE_FAULTS_MIN Change-Id: I4be2180ef9d046fb4f8edcbcc9dc30ce0c6622d2 Signed-off-by:Punit Agrawal <punit.agrawal@arm.com> Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
-
Add VM_FAULT_HWPOISON[_LARGE] handling to the arm64 page fault handler. Handling of VM_FAULT_HWPOISON[_LARGE] is very similar to VM_FAULT_OOM, the only difference is that a different si_code (BUS_MCEERR_AR) is passed to user space and si_addr_lsb field is initialized. Change-Id: I08f39836c68eb5ca597531464c7c2c1abf9c18b4 Signed-off-by:
Jonathan (Zhixiong) Zhang <zjzhang@codeaurora.org> Signed-off-by:
Tyler Baicar <tbaicar@codeaurora.org> (fix new __do_user_fault call-site) Signed-off-by:
Steve Capper <steve.capper@arm.com> Tested-by:
Manoj Iyer <manoj.iyer@canonical.com> Signed-off-by:
-
Only return error when switching from one boost type to another. Bug: 80322824 Test: no error set same value to /proc/sys/kernel/sched_boost several times Test: error when set "1","2" to /proc/sys/kernel/sched_boost alternately to change mode without set "0" first Signed-off-by: -
I've added current->comm printing to the end of this logger and got logs like this: [ 69.640668] EXT4-fs (sda31): errors=remount-ro for active namespaces on umount 2 by magiskd Signed-off-by:
UtsavBalar1231 <utsavbalar1231@gmail.com> Signed-off-by:
cykeek <cykeek@proton.me> Signed-off-by:
-
Signed-off-by:
-
Encrypted pages during GC are read and cached in META_MAPPING. However, due to cached pages in META_MAPPING, there is an issue where newly written pages are lost by IPU or DIO writes. Thread A - f2fs_gc() Thread B /* phase 3 */ down_write(i_gc_rwsem) ra_data_block() ---- (a) up_write(i_gc_rwsem) f2fs_direct_IO() : - down_read(i_gc_rwsem) - __blockdev_direct_io() - get_data_block_dio_write() - f2fs_dio_submit_bio() ---- (b) - up_read(i_gc_rwsem) /* phase 4 */ down_write(i_gc_rwsem) move_data_block() ---- (c) up_write(i_gc_rwsem) (a) In phase 3 of f2fs_gc(), up-to-date page is read from storage and cached in META_MAPPING. (b) In thread B, writing new data by IPU or DIO write on same blkaddr as read in (a). cached page in META_MAPPING become out-dated. (c) In phase 4 of f2fs_gc(), out-dated page in META_MAPPING is copied to new blkaddr. In conclusion, the newly written data in (b) is lost. To address this issue, invalidating pages in META_MAPPING before IPU or DIO write. Fixes: 6aa58d8ad20a ("f2fs: readahead encrypted block during GC") Signed-off-by:Hyeong-Jun Kim <hj514.kim@samsung.com> Reviewed-by:
Chao Yu <chao@kernel.org> Signed-off-by:
Jaegeuk Kim <jaegeuk@kernel.org> Change-Id: Iba693bd98a02c86efa65797499b79a1ad712e816 Signed-off-by:
Marco Zanin <mrczn.bb@gmail.com> Signed-off-by:
-
In OPPO's kernel: enlarge min_fsync_blocks to optimize performance - yanwu@TECH.Storage.FS.oF2FS, 2019/08/12 Huawei is also doing this in their production kernel. If this optimization is good for them and shipped with their devices, it should be good for us. Signed-off-by:
Jesse Chan <jc@linux.com> Signed-off-by:
DennySPb <dennyspb@gmail.com> Signed-off-by:
Chenyang Zhong <zhongcy95@gmail.com> Signed-off-by:
-
GC should run conservatively as possible to reduce latency spikes to the user. Setting ioprio to idle class will allow the kernel to schedule GC thread's I/O to not affect any other processes' I/O requests. Signed-off-by:
-
With the default DPOLICY_BG discard thread is ioaware, which prevents the discard thread from issuing the discard commands. On low RAM setups, it is observed that these discard commands in the cache are consuming high memory. This patch aims to relax the memory pressure on the system due to f2fs pending discard cmds by changing the policy to DPOLICY_FORCE based on the nm_i->ram_thresh configured. Signed-off-by:
Sahitya Tummala <stummala@codeaurora.org> Reviewed-by:
Chao Yu <yuchao0@huawei.com> Signed-off-by:
-
if2fs_fill_super -> f2fs_build_segment_manager -> create_discard_cmd_control -> f2fs_start_discard_thread It invokes kthread_run to create a thread and run issue_discard_thread. However, if f2fs_build_node_manager fails, the control flow goes to free_nm and calls f2fs_destroy_node_manager. This function will free sbi->nm_info. However, if issue_discard_thread accesses sbi->nm_info after the deallocation, but before the f2fs_stop_discard_thread, it will cause UAF(Use-after-free). -> f2fs_destroy_segment_manager -> destroy_discard_cmd_control -> f2fs_stop_discard_thread Fix this by stopping discard thread before f2fs_destroy_node_manager. Note that, the commit d6d2b491a82e1 introduces the call of f2fs_available_free_memory into issue_discard_thread. Cc: stable@vger.kernel.org Fixes: d6d2b491a82e ("f2fs: allow to change discard policy based on cached discard cmds") Signed-off-by:Dongliang Mu <mudongliangabcd@gmail.com> Reviewed-by:
Lee Jones <lee.jones@linaro.org> Change-Id: If121b453455b11b2aded8ba8a3899faad431dbd3 Signed-off-by:
-
generic_make_request: Trying to write to read-only block-device dm-5 (partno 0) WARNING: CPU: 7 PID: 546 at block/blk-core.c:2190 generic_make_request_checks+0x664/0x690 pc : generic_make_request_checks+0x664/0x690 lr : generic_make_request_checks+0x664/0x690 Call trace: generic_make_request_checks+0x664/0x690 generic_make_request+0xf0/0x3a4 submit_bio+0x80/0x250 __submit_merged_bio+0x368/0x4e0 __submit_merged_write_cond.llvm.12294350193007536502+0xe0/0x3e8 f2fs_wait_on_page_writeback+0x84/0x128 f2fs_convert_inline_page+0x35c/0x6f8 f2fs_convert_inline_inode+0xe0/0x2e0 f2fs_file_mmap+0x48/0x9c mmap_region+0x41c/0x74c do_mmap+0x40c/0x4fc vm_mmap_pgoff+0xb8/0x114 vm_mmap+0x34/0x48 elf_map+0x68/0x108 load_elf_binary+0x538/0xb70 search_binary_handler+0xac/0x1dc exec_binprm+0x50/0x15c __do_execve_file+0x620/0x740 __arm64_sys_execve+0x54/0x68 el0_svc_common+0x9c/0x168 el0_svc_handler+0x60/0x6c el0_svc+0x8/0xc Change-Id: Ic64ab27a890c8f597619ab545dcceb668aa1b8c5 Signed-off-by:
-
During checkpoint=disable period, f2fs bypasses all the synchronous IOs such as sync and fsync. So, when enabling it back, we must flush all of them in order to keep the data persistent. Otherwise, suddern power-cut right after enabling checkpoint will cause data loss. Bug: 171063590 Fixes: 4354994f097d ("f2fs: checkpoint disabling") Cc: stable@vger.kernel.org Reviewed-by:Jaegeuk Kim <jaegeuk@google.com> Change-Id: Iaca2d6fc1841fffa8677d5d592732c94241fb3fb (cherry picked from commit e39210f0cc71f9bab72fb7517d1b58738dfaed86) Signed-off-by:
-
GC moves data blocks when they require post_read_process. If the blocks were encrypted by FBE, we had to skip another encryption by dm-default-key. [1] Fsverity borrows the above IO flow when moving the blocks, but we missed that we shoud move plain blocks if they're not FBE blocks, since dm-default-key will use original LBA for DUN when decrypting the moved block like below. 1. GC w/o this patch (bi_crypt_skip=1) FS: Verity non-FBE block LBA#1 -> LBA#2 (block A) Encrypted_DUN(LBA#1) -> Encrypted_DUN(LBA#1) | | DM: Encrypted_DUN(LBA#1) Encrypted_DUN(LBA#1) When reading LBA#2, the block is decrypted by DUN#LAB#1, which is wrong. 2. GC w/ this patch (bi_crypt_skip=0) FS: Verity non-FBE block LBA#1 -> LBA#2 (block A) Decrypted(block A) -> Decrypted(block A) | | DM: Encrypted_DUN(LBA#1) Encrypted_DUN(LBA#2) [1] commit af4ef71b89c5 ("dm-default-key, f2fs, ICE: support dm-default-key with f2fs/ICE") Change-Id: I0ed594749f4037a675e636bdb55a6a318960f44d Signed-off-by: -
Android sets the value to 50ms via vold's IdleMaint service. Since 500ms is too long for GC to colllect all invalid segments in time which results in performance degradation. On un-encrypted device, vold fails to set this value to 50ms thus degrades the performance over time. Based on [1]. [1] https://github.com/topjohnwu/Magisk/pull/5462 Signed-off-by:
Panchajanya1999 <rsk52959@gmail.com> Change-Id: I80f2c29558393d726d5e696aaf285096c8108b23 Signed-off-by:
-
This deadlock is hitting Android users (Pixel 3/3a/4) with Magisk, due to frequent umount/mount operations that trigger quota_sync, hitting the race. See https://github.com/topjohnwu/Magisk/issues/3171 for additional impact discussion. In commit db6ec53b7e03, we added a semaphore to protect quota flags. As part of this commit, we changed f2fs_quota_sync to call f2fs_lock_op, in an attempt to prevent an AB/BA type deadlock with quota_sem locking in block_operation. However, rwsem in Linux is not recursive. Therefore, the following deadlock can occur: f2fs_quota_sync down_read(cp_rwsem) // f2fs_lock_op filemap_fdatawrite f2fs_write_data_pages ... block_opertaion down_write(cp_rwsem) - marks rwsem as "writer pending" down_read_trylock(cp_rwsem) - fails as there is a writer pending. Code keeps on trying, live-locking the filesystem. We solve this by creating a new rwsem, used specifically to synchronize this case, instead of attempting to reuse an existing lock. Signed-off-by:
Shachar Raindel <shacharr@gmail.com> Fixes: db6ec53b7e03 f2fs: add a rw_sem to cover quota flag changes Signed-off-by:
Pranav Vashi <neobuddy89@gmail.com> Signed-off-by:
iusmac <iusico.maxim@libero.it> Signed-off-by:
-
Signed-off-by:
-
Signed-off-by:
-
This patch changes umount(2) flow to wait for delayed fput/mntput. Meanwhile, we can still see unclosed name spaces which can trigger filesystem panic due to released device illustrated below. (i.e., ext4 with errors=panic) So, it introduces fs->umount_end() to change filesystem behavior like error=remount-ro in ext4. WARN: DO NOT upstream! This is only related to Android reboot procedure, and resolves the below issue where a kernel panic happens when a living filesystem tries to access dead block device after device_shutdown done by kernel_restart. Term: namespace(mnt_get_count()) 1. create_new_namespaces() creates ns1 and ns2, /data(1) ns1(1) ns2(1) | | | --------------------- | sb->s_active = 3 2. after binder_proc_clear_zombies() for ns2 and ns1 triggers - delayed_fput() - delayed_mntput_work(ns2) /data(1) ns1(1) | | ---------- | sb->s_active = 2 3. umount() for /data is successed. ns1(1) | sb->s_active = 1 4. device_shutdown() by init 5. - delayed_mntput_work(ns1) - put_super(), since sb->s_active = 0 - -EIO Bug: 63981945 Bug: 65481582 Bug: 72236603 Change-Id: I7db02f480cc839bf9c245e078164a8168ea0d88b Signed-off-by: -
* This spams warnings * aarch64-linux-gnu-ld: warning: -z norelro ignored Signed-off-by:
nishant6342 <www.rajsonu13@gmail.com> Signed-off-by:
-
../drivers/soc/qcom/icnss.c:3154:37: warning: implicit conversion from enumeration type 'enum icnss_driver_mode' to different enumeration type 'enum wlfw_driver_mode_enum_v01' [-Wenum-conversion] ret = wlfw_wlan_mode_send_sync_msg(mode); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^~~~ 1 warning generated. Signed-off-by:Nathan Chancellor <natechancellor@gmail.com> Signed-off-by:
-
../sound/soc/codecs/wcd_cpe_services.c:667:17: error: implicit conversion from enumeration type 'enum cpe_svc_result' to different enumeration type 'enum cmi_api_result' [-Werror,-Wenum-conversion] notif.result = result; ~ ^~~~~~ ../sound/soc/codecs/wcd_cpe_services.c:1358:8: error: implicit conversion from enumeration type 'enum cpe_svc_result' to different enumeration type 'enum cpe_process_result' [-Werror,-Wenum-conversion] rc = cpe_send_msg_to_inbox(t_info, 0, m); ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Change-Id: I9f66adc89f6ad95a723d14c7bbdad71ca6a2dcc4 Signed-off-by:
-
