aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-20Merge branch 'linaro-android-3.10-lsk' of ↵v3.10/topic/aospMark Brown
git://android.git.linaro.org/kernel/linaro-android into lsk-v3.10-aosp
2015-02-12Merge branch 'android-3.10' of ↵Amit Pundir
https://android.googlesource.com/kernel/common into linaro-android-3.10-lsk * android-3.10: (60 commits) kbuild: make it possible to specify the module output dir xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket ipv6: clean up anycast when an interface is destroyed usb: gadget: check for accessory device before disconnecting HIDs staging: android: ashmem: add missing include usb: gadget: android: Save/restore ep0 completion function selinux: Remove obsolete selinux_audit_data initialization. selinux: make the netif cache namespace aware selinux: correctly label /proc inodes in use before the policy is loaded selinux: fix inode security list corruption selinux: put the mmap() DAC controls before the MAC controls selinux: reduce the number of calls to synchronize_net() when flushing caches [PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs SELinux: Update policy version to support constraints info [PATCH v4 4/5] pstore: add pmsg [PATCH 3/5] pstore: handle zero-sized prz in series [PATCH v2 2/5] pstore: remove superfluous memory size check [PATCH v4 1/5] pstore: use snprintf pstore: clarify clearing of _read_cnt in ramoops_context prctl: make PR_SET_TIMERSLACK_PID pid namespace aware ... Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Conflicts: drivers/staging/android/Kconfig
2015-02-06kbuild: make it possible to specify the module output dirRom Lemarchand
Make modinst_dir user-defined on the command line. This allows to do things like: make MODLIB=output/ modinst_dir=. modules_install to ensure all the .ko are in the output/ directory. Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151 Signed-off-by: Rom Lemarchand <romlem@android.com> (cherry picked from commit ae7f28e5aa168a008c153ccff7cc437066d016c3)
2015-01-28xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socketMohamad Ayyash
It prevents a kernel panic when accessing sk->sk_socket fields due to NULLing sk->sk_socket when sock_orphan is called through sk_common_release. Change-Id: I4aa46b4e2d8600e4d4ef8dcdd363aa4e6e5f8433 Signed-off-by: Mohamad Ayyash <mkayyash@google.com> (cherry picked from commit cdea0ebcb8bcfe57688f6cb692b49e550ebd9796)
2015-01-26ipv6: clean up anycast when an interface is destroyedSabrina Dubroca
If we try to rmmod the driver for an interface while sockets with setsockopt(JOIN_ANYCAST) are alive, some refcounts aren't cleaned up and we get stuck on: unregister_netdevice: waiting for ens3 to become free. Usage count = 1 If we LEAVE_ANYCAST/close everything before rmmod'ing, there is no problem. We need to perform a cleanup similar to the one for multicast in addrconf_ifdown(how == 1). BUG: 18902601 Change-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-26usb: gadget: check for accessory device before disconnecting HIDsAmit Pundir
While disabling ConfigFS Android gadget, android_disconnect() calls kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free the registered HIDs without checking whether the USB accessory device really exist or not. If USB accessory device doesn't exist then we run into following kernel panic: ----8<---- [  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064 [  136.724809] pgd = c0204000 [  136.731924] [00000064] *pgd=00000000 [  136.737830] Internal error: Oops: 5 [#1] SMP ARM [  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76 [  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000 [  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60 [  136.756246] LR is at kill_all_hid_devices+0x24/0x114 ---->8---- This patch adds a test to check if USB Accessory device exists before freeing HIDs. Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b Signed-off-by: Amit Pundir <amit.pundir@linaro.org> (cherry picked from commit 32a71bce154cb89a549b9b7d28e8cf03b889d849)
2015-01-24staging: android: ashmem: add missing includeRom Lemarchand
Include <linux/types.h> into ashmem.h to ensure referenced types are defined Signed-off-by: Rom Lemarchand <romlem@android.com> Change-Id: Iac18ed86dd47296d02a269607b1514724aaa9958
2015-01-23usb: gadget: android: Save/restore ep0 completion functionJack Pham
The android_setup() function currently gives the f_accessory setup function first opportunity to handle control requests in order to support Android Open Accessory (AOA) hosts. That function makes use of cdev->req and overrides its completion function, but not in all cases. Thus, if a later request uses the same request pointer but doesn't (re)set req->complete it could result in the wrong completion function being called and causing invalid memory access. One way to fix this would be to explicitly set req->complete in all cases but that might require auditing all function drivers that have ep0 handling. Instead, note that the composite device had already initially set cdev->req->complete and simply cache and restore that pointer at the start of android_setup(). Change-Id: I33bcd17bd20687a349d537d1013b52a2afef6996 Signed-off-by: Jack Pham <jackp@codeaurora.org>
2015-01-21selinux: Remove obsolete selinux_audit_data initialization.Stephen Smalley
Commit 899838b25f063a94594b1df6e0100aea1ec57fac eliminated the need to initialize selinux_audit_data except in the slow path, when it is handled by slow_avc_audit(). That commit removed all other initializations of selinux_audit_data but this one remained since the binder security hooks are not yet upstream (posted them to linux-kernel today). Change-Id: I735e4500cde23275686cb3208068cbf8dd7bccd7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20selinux: make the netif cache namespace awarePaul Moore
While SELinux largely ignores namespaces, for good reason, there are some places where it needs to at least be aware of namespaces in order to function correctly. Network namespaces are one example. Basic awareness of network namespaces are necessary in order to match a network interface's index number to an actual network device. This patch corrects a problem with network interfaces added to a non-init namespace, and can be reproduced with the following commands: [NOTE: the NetLabel configuration is here only to active the dynamic networking controls ] # netlabelctl unlbl add default address:0.0.0.0/0 \ label:system_u:object_r:unlabeled_t:s0 # netlabelctl unlbl add default address:::/0 \ label:system_u:object_r:unlabeled_t:s0 # netlabelctl cipsov4 add pass doi:100 tags:1 # netlabelctl map add domain:lspp_test_netlabel_t \ protocol:cipsov4,100 # ip link add type veth # ip netns add myns # ip link set veth1 netns myns # ip a add dev veth0 10.250.13.100/24 # ip netns exec myns ip a add dev veth1 10.250.13.101/24 # ip l set veth0 up # ip netns exec myns ip l set veth1 up # ping -c 1 10.250.13.101 # ip netns exec myns ping -c 1 10.250.13.100 Reported-by: Jiri Jaburek <jjaburek@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-01-20selinux: correctly label /proc inodes in use before the policy is loadedPaul Moore
commit f64410ec665479d7b4b77b7519e814253ed0f686 upstream. This patch is based on an earlier patch by Eric Paris, he describes the problem below: "If an inode is accessed before policy load it will get placed on a list of inodes to be initialized after policy load. After policy load we call inode_doinit() which calls inode_doinit_with_dentry() on all inodes accessed before policy load. In the case of inodes in procfs that means we'll end up at the bottom where it does: /* Default to the fs superblock SID. */ isec->sid = sbsec->sid; if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { if (opt_dentry) { isec->sclass = inode_mode_to_security_class(...) rc = selinux_proc_get_sid(opt_dentry, isec->sclass, &sid); if (rc) goto out_unlock; isec->sid = sid; } } Since opt_dentry is null, we'll never call selinux_proc_get_sid() and will leave the inode labeled with the label on the superblock. I believe a fix would be to mimic the behavior of xattrs. Look for an alias of the inode. If it can't be found, just leave the inode uninitialized (and pick it up later) if it can be found, we should be able to call selinux_proc_get_sid() ..." On a system exhibiting this problem, you will notice a lot of files in /proc with the generic "proc_t" type (at least the ones that were accessed early in the boot), for example: # ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }' system_u:object_r:proc_t:s0 /proc/sys/kernel/shmmax However, with this patch in place we see the expected result: # ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }' system_u:object_r:sysctl_kernel_t:s0 /proc/sys/kernel/shmmax Change-Id: I7742b4b7e53b45e4dd13d99c39553a927aa4a7e9 Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@redhat.com>
2015-01-20selinux: fix inode security list corruptionStephen Smalley
commit 923190d32de4428afbea5e5773be86bea60a9925 upstream. sb_finish_set_opts() can race with inode_free_security() when initializing inode security structures for inodes created prior to initial policy load or by the filesystem during ->mount(). This appears to have always been a possible race, but commit 3dc91d4 ("SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()") made it more evident by immediately reusing the unioned list/rcu element of the inode security structure for call_rcu() upon an inode_free_security(). But the underlying issue was already present before that commit as a possible use-after-free of isec. Shivnandan Kumar reported the list corruption and proposed a patch to split the list and rcu elements out of the union as separate fields of the inode_security_struct so that setting the rcu element would not affect the list element. However, this would merely hide the issue and not truly fix the code. This patch instead moves up the deletion of the list entry prior to dropping the sbsec->isec_lock initially. Then, if the inode is dropped subsequently, there will be no further references to the isec. Change-Id: I7c56670bddbb896f159701651758d2e7f739dff8 Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-20selinux: put the mmap() DAC controls before the MAC controlsPaul Moore
commit 0909c0ae999c325b9d34c6f4710f40730ae3bc24 upstream. It turns out that doing the SELinux MAC checks for mmap() before the DAC checks was causing users and the SELinux policy folks headaches as users were seeing a lot of SELinux AVC denials for the memprotect:mmap_zero permission that would have also been denied by the normal DAC capability checks (CAP_SYS_RAWIO). Example: # cat mmap_test.c #include <stdlib.h> #include <stdio.h> #include <errno.h> #include <sys/mman.h> int main(int argc, char *argv[]) { int rc; void *mem; mem = mmap(0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0); if (mem == MAP_FAILED) return errno; printf("mem = %p\n", mem); munmap(mem, 4096); return 0; } # gcc -g -O0 -o mmap_test mmap_test.c # ./mmap_test mem = (nil) # ausearch -m AVC | grep mmap_zero type=AVC msg=audit(...): avc: denied { mmap_zero } for pid=1025 comm="mmap_test" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect This patch corrects things so that when the above example is run by a user without CAP_SYS_RAWIO the SELinux AVC is no longer generated as the DAC capability check fails before the SELinux permission check. Change-Id: Ic3b2ef30d13c15ca7c60adbd3c3b93ebe251c7bc Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20selinux: reduce the number of calls to synchronize_net() when flushing cachesPaul Moore
commit 615e51fdda6f274e94b1e905fcaf6111e0d9aa20 upstream. When flushing the AVC, such as during a policy load, the various network caches are also flushed, with each making a call to synchronize_net() which has shown to be expensive in some cases. This patch consolidates the network cache flushes into a single AVC callback which only calls synchronize_net() once for each AVC cache flush. Change-Id: I2a7f020748d1adf2b68246f6ef86d0c871adffb7 Reported-by: Jaejyn Shin <flagon22bass@gmail.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-01-14[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore ↵Mark Salyzyn
and debugfs - add "pstore" and "debugfs" to list of in-core exceptions - change fstype checks to boolean equation - change from strncmp to strcmp for checking Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 18917345 Bug: 18935184 Change-Id: Ib648f30ce4b5d6c96f11465836d6fee89bec1c72
2015-01-14SELinux: Update policy version to support constraints infoRichard Haines
Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow holding of policy source info for constraints. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-01-13[PATCH v4 4/5] pstore: add pmsgMark Salyzyn
A secured user-space accessible pstore object. Writes to /dev/pmsg0 are appended to the buffer, on reboot the persistent contents are available in /sys/fs/pstore/pmsg-ramoops-[ID]. One possible use is syslogd, or other daemon, can write messages, then on reboot provides a means to triage user-space activities leading up to a panic as a companion to the pstore dmesg or console logs. Signed-off-by: Mark Salyzyn <salyzyn@android.com> v2: switch from snprintf to scnprintf v3: split out prz_ok checking into PATCH 3/5 replace pmsg_lseek with noop_llseek use pr_fmt() macro make write atomic and use a vmalloc'd bounce buffer v4: use mutex_lock instead of spin_lock. Change-Id: I82a2a9a989d7583c5fcb65ff520027dc3a034a4c
2015-01-13[PATCH 3/5] pstore: handle zero-sized prz in seriesMark Salyzyn
Corrects a problem wih ramoops_pstore_read failing to return the next in a prz series after first zero-sized entry, not venturing to the next non-zero entry. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Change-Id: Iedce3b94c13917da33be44e1d80811757774c793
2015-01-13[PATCH v2 2/5] pstore: remove superfluous memory size checkMark Salyzyn
All previous checks will fail with error if memory size is not sufficient to register a zone, so this legacy check has become redundant. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Acked-by: Kees Cook <keescook@chromium.org> v2: renumber pmsg series dependencies Change-Id: Ie21c988ae0b1ebb0dafa6c0c0b069e9cfe1e8506
2015-01-13[PATCH v4 1/5] pstore: use snprintfMark Salyzyn
No guarantees that the names will not exceed the name buffer with future adjustments. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Acked-by: Joe Perches <joe@perches.com> v2: switch from snprintf to scnprintf v3: remove embedded space v4: renumber pmsg series dependencies Change-Id: I161fe8cadc967d74e18cc09b7d60b5b398c92c86
2015-01-13pstore: clarify clearing of _read_cnt in ramoops_contextLiu ShuoX
*_read_cnt in ramoops_context need to be cleared during pstore ->open to support mutli times getting the records. The patch added missed ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe. Signed-off-by: Liu ShuoX <shuox.liu@intel.com> Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com> Cc: Colin Cross <ccross@android.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Tony Luck <tony.luck@intel.com> Change-Id: I98622b2587ed661884e74a7273cfc92ee99eaae3
2015-01-13prctl: make PR_SET_TIMERSLACK_PID pid namespace awareMicha Kalfon
Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the target pid in the caller's namespace. Otherwise, calls from pid namespace other than init would fail or affect the wrong task. Change-Id: I1da15196abc4096536713ce03714e99d2e63820a Signed-off-by: Micha Kalfon <micha@cellrox.com> Acked-by: Oren Laadan <orenl@cellrox.com>
2015-01-13prctl: fix misplaced PR_SET_TIMERSLACK_PID caseMicha Kalfon
The case clause for the PR_SET_TIMERSLACK_PID option was placed inside the an internal switch statement for PR_MCE_KILL (see commits 37a591d4 and 8ae872f1) . This commit moves it to the right place. Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea Signed-off-by: Micha Kalfon <micha@cellrox.com> Acked-by: Oren Laadan <orenl@cellrox.com>
2015-01-13Add security hooks to binder and implement the hooks for SELinux.Stephen Smalley
Add security hooks to the binder and implement the hooks for SELinux. The security hooks enable security modules such as SELinux to implement controls over binder IPC. The security hooks include support for controlling what process can become the binder context manager (binder_set_context_mgr), controlling the ability of a process to invoke a binder transaction/IPC to another process (binder_transaction), controlling the ability a process to transfer a binder reference to another process (binder_transfer_binder), and controlling the ability of a process to transfer an open file to another process (binder_transfer_file). This support is used by SE Android, http://selinuxproject.org/page/SEAndroid. Change-Id: I34266b66320b6a3df9ac01833d7f94daf742920e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-13android: binder: Change binder mutex to rtmutex.Riley Andrews
Surfaceflinger uses binder heavily to receive/send frames from applications while compositing the screen. Change the binder mutex to an rt mutex to minimize instances where high priority surfaceflinger binder work is blocked by lower priority binder ipc. Change-Id: If7429040641d6e463f20301ec14f02ecf6b0da36 Signed-off-by: Riley Andrews <riandrews@google.com>
2015-01-13android: binder: More offset validation.Arve Hjønnevåg
Make sure offsets don't point to overlapping flat_binder_object structs. Change-Id: I85c759b9c6395492474b177625dc6b0b289fd6b0 Signed-off-by: Arve Hjønnevåg <arve@android.com>
2015-01-13android: binder: remove binder.hGreg Kroah-Hartman
binder.h isn't needed to just include a uapi file and set a single define, so move it into binder.c to save a few lines of code. Change-Id: Idcd0aba576295bbe0ddf5d18c4b1d1e8efdc8c84 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: binder: move to the "real" part of the kernelGreg Kroah-Hartman
The Android binder code has been "stable" for many years now. No matter what comes in the future, we are going to have to support this API, so might as well move it to the "real" part of the kernel as there's no real work that needs to be done to the existing code. Change-Id: I36d5c6fc05aff26dd01a227201be18e86c9f9994 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: fix coding style issuesDmitry Voytik
Fix coding style issues: * put braces in all if-else branches; * limit the length of changed lines to 80 columns. checkpatch.pl warning count reduces by 3. Change-Id: I1796588ef0f358780445203c5afa87361ab2bf73 Signed-off-by: Dmitry Voytik <voytikd@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: Break up a long line in binder_send_failed_replyWilliam Panlener
Kernel coding style. Breaking long lines and strings. Change-Id: Ie1af1f3bcfef547ab69f873f2e86ee37c8c23caf Signed-off-by: William Panlener <wpanlener@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: fix attribute as suggested by checkpatchPurnendu Kapadia
we should use __packed attribute Change-Id: I9c74b57799bc6787d54cf6e2563adc96dff666d2 Signed-off-by: Purnendu Kapadia <pro8linux@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: Clean up else statement from binder_send_failed_replyLucas Tanure
Kernel coding style. Remove useless else statement after return. Changes from v1 and v2: Fix warning for mixed declarations and code. Declaration of "struct binder_transaction *next" made outside of while. Changes from v3: Removed initialization to NULL for next variable. Change-Id: I1ec8b512130595b90098126acf562e58eeca8458 Signed-off-by: Lucas Tanure <tanure@linux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: binder.c: binder_ioctl() cleanupRiley Andrews
binder_ioctl() is quite huge and checkpatch dirty - mostly because of the amount of code for the BINDER_WRITE_READ and BINDER_SET_CONTEXT_MGR. Moved that code into the new binder_ioctl_write_read() and binder_ioctl_set_ctx_mgr() Change-Id: I9c5cea46a570ca91768e5aa7b11c7178bdbb667d Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com> Cc: Arve Hjønnevåg <arve@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: add vm_fault handlerVinayak Menon
An issue was observed when a userspace task exits. The page which hits error here is the zero page. In binder mmap, the whole of vma is not mapped. On a task crash, when debuggerd reads the binder regions, the unmapped areas fall to do_anonymous_page in handle_pte_fault, due to the absence of a vm_fault handler. This results in zero page being mapped. Later in zap_pte_range, vm_normal_page returns zero page in the case of VM_MIXEDMAP and it results in the error. BUG: Bad page map in process mediaserver pte:9dff379f pmd:9bfbd831 page:c0ed8e60 count:1 mapcount:-1 mapping: (null) index:0x0 page flags: 0x404(referenced|reserved) addr:40c3f000 vm_flags:10220051 anon_vma: (null) mapping:d9fe0764 index:fd vma->vm_ops->fault: (null) vma->vm_file->f_op->mmap: binder_mmap+0x0/0x274 CPU: 0 PID: 1463 Comm: mediaserver Tainted: G W 3.10.17+ #1 [<c001549c>] (unwind_backtrace+0x0/0x11c) from [<c001200c>] (show_stack+0x10/0x14) [<c001200c>] (show_stack+0x10/0x14) from [<c0103d78>] (print_bad_pte+0x158/0x190) [<c0103d78>] (print_bad_pte+0x158/0x190) from [<c01055f0>] (unmap_single_vma+0x2e4/0x598) [<c01055f0>] (unmap_single_vma+0x2e4/0x598) from [<c010618c>] (unmap_vmas+0x34/0x50) [<c010618c>] (unmap_vmas+0x34/0x50) from [<c010a9e4>] (exit_mmap+0xc8/0x1e8) [<c010a9e4>] (exit_mmap+0xc8/0x1e8) from [<c00520f0>] (mmput+0x54/0xd0) [<c00520f0>] (mmput+0x54/0xd0) from [<c005972c>] (do_exit+0x360/0x990) [<c005972c>] (do_exit+0x360/0x990) from [<c0059ef0>] (do_group_exit+0x84/0xc0) [<c0059ef0>] (do_group_exit+0x84/0xc0) from [<c0066de0>] (get_signal_to_deliver+0x4d4/0x548) [<c0066de0>] (get_signal_to_deliver+0x4d4/0x548) from [<c0011500>] (do_signal+0xa8/0x3b8) Add a vm_fault handler which returns VM_FAULT_SIGBUS, and prevents the wrong fallback to do_anonymous_page. Change-Id: I43c227e489f74f4907f199caf99f571b61883064 Signed-off-by: Vinayak Menon <vinayakm.list@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13Staging: Android: removed an unnecessary else statementKarthik Nayak
As per checkpatch warning, removed an unnecessary else statement proceeding an if statement with a return. Change-Id: I718d9ece6c8bac128c10ecaf904721410d701b60 Signed-off-by: Karthik Nayak <karthik.188@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: binder.c: Use more appropriate functions for euid retrievalTair Rzayev
Instead of getting the reference to whole credential structure, use task_euid() and current_euid() to get it. Change-Id: Id5b9d0305b5f90023415863e569988023aaae290 Signed-off-by: Tair Rzayev <tair.rzayev@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: fix usage of uninit scalar in binder_transaction()Christian Engelmayer
Fix the error path when a cookie mismatch is detected. In that case the function jumps to the exit label without setting the uninitialized, local variable 'return_error'. Detected by Coverity - CID 201453. Change-Id: I6c960b7d3ad0adb28fad106a9a0b8cb934013987 Signed-off-by: Christian Engelmayer <cengelma@gmx.at> Acked-by: Arve <arve@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: cleanup dereference of noderef expressionsJerry Snitselaar
Clean up sparse warnings for cred struct dereference. Change-Id: I78059976c0488abfe9eb4e9f0b0f8ac10c7ef4f9 Signed-off-by: Jerry Snitselaar <dev@snitselaar.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: android: fix missing a blank line after declarationsSeunghun Lee
This patch fixes "Missing a blank line after declarations" warnings. Change-Id: Iede8a80f003eba36fd1f8d3ec8135d9d35c16ee9 Signed-off-by: Seunghun Lee <waydi1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: add __user annotation in binder.cMathieu Maret
Add __user to binder_version to correct sparse warning. Reduce line size to fit to coding style. Change-Id: I8694fb5a082721c69d1596b2853c5d4899f6536b Signed-off-by: Mathieu Maret <mathieu.maret@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13staging: binder: Support concurrent 32 bit and 64 bit processes.Arve Hjønnevåg
For 64bit systems we want to use the same binder interface for 32bit and 64bit processes. Thus the size and the layout of the structures passed between the kernel and the userspace has to be the same for both 32 and 64bit processes. This change replaces all the uses of void* and size_t with binder_uintptr_t and binder_size_t. These are then typedefed to specific sizes depending on the use of the interface, as follows: * __u32 - on legacy 32bit only userspace * __u64 - on mixed 32/64bit userspace where all processes use the same interface. This change also increments the BINDER_CURRENT_PROTOCOL_VERSION to 8 and hooks the compat_ioctl entry for the mixed 32/64bit Android userspace. This patch also provides a CONFIG_ANDROID_BINDER_IPC_32BIT option for compatability, which if set which enables the old protocol, setting BINDER_CURRENT_PROTOCOL_VERSION to 7, on 32 bit systems. Please note that all 64bit kernels will use the 64bit Binder ABI. Change-Id: If54f075787a6bb261012eb73295eb4f83a8c91c9 Cc: Colin Cross <ccross@android.com> Cc: Arve Hjønnevåg <arve@android.com> Cc: Serban Constantinescu <serban.constantinescu@arm.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by: Arve Hjønnevåg <arve@android.com> [jstultz: Merged with upstream type changes. Various whitespace fixes and longer Kconfig description for checkpatch. Included improved commit message from Serban (with a few tweaks).] Signed-off-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13Staging: android: add __user annotation in binder.cBojan Prtvar
This fixes the following sparse error drivers/staging/android/binder.c:1795:36: error: incompatible types in comparison expression (different address spaces) Change-Id: I3824cb700d0de0e24c94771b1441e639d7d4d18b Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13Staging: android: Mark local functions in binder.c as staticBojan Prtvar
This fixes the following sparse warnings drivers/staging/android/binder.c:1703:5: warning: symbol 'binder_thread_write' was not declared. Should it be static? drivers/staging/android/binder.c:2058:6: warning: symbol 'binder_stat_br' was not declared. Should it be static? Change-Id: Ib3fadafe30b5ffa3776270574809823e898caac3 Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-13Revert "Add security hooks to binder and implement the hooks for SELinux."Riley Andrews
This reverts commit 6e6d8f546c36b161067efa5e0518f56be0200e77. Change-Id: I8f0dba7c90f2c2d285d14696277e1ec7d48978d3
2015-01-13Revert "staging: binder: Change binder mutex to rtmutex."Riley Andrews
This reverts commit 5d03bd0fdd66d3472386864cf32b4b82dda8d1a5.
2015-01-13Revert "Staging: android: binder: Support concurrent 32 bit and 64 bit ↵Riley Andrews
processes." This reverts commit 2d595dc92ae19b49e4c1ebb1f8e3b461a2d06592. Change-Id: I1e4e306fa38f851b3044abb8a7c929c298c14812
2015-01-13Revert "ARM: tegra: flounder: stick to 32bit binder for now."Riley Andrews
This reverts commit 8179b7b7fe7e0ee85f670d109de6d7e3be46b2a9. Change-Id: Iba8c90cc88b39dd357ecbd7c942469966b53f123
2015-01-13Revert "Staging: android: binder: More offset validation."Riley Andrews
This reverts commit 3fac2c119f537d4d8fea3f0b9063d72f44857b82. Change-Id: I8840b43eceff9ef52d9bae2079d22046488a4ec2
2015-01-13irq: pm: Remove unused variableDmitry Shmidt
Change-Id: Ie4311b554628af878cd80fd0abc03b2be294f0bf Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-01-13Merge branch 'linaro-android-3.10-lsk' of ↵Mark Brown
git://android.git.linaro.org/kernel/linaro-android into lsk-v3.10-aosp