| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Emulate NMIs on systems where they are not available by using timer
interrupts on other cpus. Each cpu will use its softlockup hrtimer
to check that the next cpu is processing hrtimer interrupts by
verifying that a counter is increasing.
This patch is useful on systems where the hardlockup detector is not
available due to a lack of NMIs, for example most ARM SoCs.
Without this patch any cpu stuck with interrupts disabled can
cause a hardware watchdog reset with no debugging information,
but with this patch the kernel can detect the lockup and panic,
which can result in useful debugging info.
Change-Id: Ia5faf50243e19c1755201212e04c8892d929785a
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace bcd2bin and bin2bcd with one that maps years 1970 to 2129
in a pattern that works with the underlying hardware.
The only transition that does not work correctly for this rtc clock
is the transition from 2099 to 2100, it proceeds to 2000. The rtc
clock retains and transitions the year correctly in all other
circumstances.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26346842
Change-Id: Ie527700190b1ae4b4bc3c12279d875aa5985b168
|
| |
|
|
|
|
|
|
| |
Place SLPZ pin in sleep state at system suspend time if a GPIO is
provided by board platform data.
Change-Id: I93c61fa0ae474e968e0f909209c9bfcaafe3dd2c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Suspend attempts can abort when the FUSE daemon is already frozen
and a client is waiting uninterruptibly for a response, causing
freezing of tasks to fail.
Use the freeze-friendly wait API, but disregard other signals.
Change-Id: Icefb7e4bbc718ccb76bf3c04daaa5eeea7e0e63c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
|
| |
|
|
|
|
|
|
|
| |
Add wake_peer which is called before starting UART TX. The idea here
is to provide a mechanism where we can wakeup our peer before sending
data.
Change-Id: I42e0779b635f64ca99184b45d5b028de80197491
Signed-off-by: San Mehat <san@google.com>
|
| |
|
|
| |
This reverts commit 7fc150543c73de71859631c8a6b17e3067fe7617.
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit https://lkml.org/lkml/2015/12/21/339)
x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address.
This value represents a compromise between increased ASLR
effectiveness and avoiding address-space fragmentation. Replace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ic38735a8de2943843a73b5c20855ccfa92513422
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit https://lkml.org/lkml/2015/12/21/340)
arm64: arch_mmap_rnd() uses STACK_RND_MASK to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I0be0bf8b1ed412863f248323e2d86b1df5bf21c6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit https://lkml.org/lkml/2015/12/21/341)
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I438ae2dae939ea7f311246832cb789afdd6cba4e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit https://lkml.org/lkml/2015/12/21/337)
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ibf9ed3d4390e9686f5cc34f605d509a20d40e6c2
|
| |
|
|
|
|
|
|
|
|
| |
Update vma_merge() call in private anonymous memory prctl,
introduced in AOSP commit ee8c5f78f09a
"mm: add a field to store names for private anonymous memory",
so as to align with changes from upstream commit 19a809afe2fe
"userfaultfd: teach vma_merge to merge across vma->vm_userfaultfd_ctx".
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a userspace visible knob to tell the VM to keep an extra amount
of memory free, by increasing the gap between each zone's min and
low watermarks.
This is useful for realtime applications that call system
calls and have a bound on the number of allocations that happen
in any short time period. In this application, extra_free_kbytes
would be left at an amount equal to or larger than than the
maximum number of allocations that happen in any burst.
It may also be useful to reduce the memory use of virtual
machines (temporarily?), in a way that does not cause memory
fragmentation like ballooning does.
[ccross]
Revived for use on old kernels where no other solution exists.
The tunable will be removed on kernels that do better at avoiding
direct reclaim.
Change-Id: I765a42be8e964bfd3e2886d1ca85a29d60c3bb3e
Signed-off-by: Rik van Riel<riel@redhat.com>
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds a debugfs file called "shrinker" when read this calls
all the shrinkers in the system with nr_to_scan set to zero and prints
the result. These results are the number of objects the shrinkers have
available and can thus be used an indication of the total memory
that would be availble to the system if a shrink occurred.
Change-Id: Ied0ee7caff3d2fc1cb4bb839aaafee81b5b0b143
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ramoops is one of the remaining places where ARM vendors still rely on
board-specific shims. Device Tree lets us replace those shims with
generic code.
These bindings mirror the ramoops module parameters, with two small
differences:
(1) dump_oops becomes an optional "no-dump-oops" property, since ramoops
sets dump_oops=1 by default.
(2) mem_type=1 becomes the more self-explanatory "unbuffered" property.
(am from https://lkml.org/lkml/2016/1/7/750)
Change-Id: I2140199a861d50fc2bcbbe85b16bf17fb9ccaa1d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
| |
|
|
|
|
|
| |
Allow writing into the ramoops console buffer.
Change-Id: Iff0d69b562e4dae33ea7f8d19412227bebb17e47
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
|
|
| |
Update Documentation/android.txt to reference PSTORE_CONSOLE
and PSTORE_RAM instead of ANDROID_RAM_CONSOLE
Change-Id: I2c56e73f8c65c3ddbe6ddbf1faadfacb42a09575
Reported-by: Jon Medhurst (Tixy) <tixy@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
|
| |
|
|
|
|
|
|
| |
Add a skip_initramfs option to allow choosing whether to boot using
the initramfs or not at runtime.
Change-Id: If30428fa748c1d4d3d7b9d97c1f781de5e4558c3
Signed-off-by: Rom Lemarchand <romlem@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In commit d6cb004d80 (of: fix CONFIG_CMDLINE_EXTEND),
the types of some variables in early_init_dt_scan_chosen()
were modified, which results in build warnings.
This patch resets the unsigned long to an int, and re-adds
the const to the char*.
Change-Id: Ie60ae92b4552e453cf477dd83f42838b3f95975e
Signed-off-by: John Stultz <john.stultz@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
strlcat takes the size of the buffer, not the number of characters
to concatenate. If the size of the device tree command line p is
larger than the CONFIG_CMDLINE string data, then strcat(data, p, l)
will hit a BUG_ON because strlen(data) > l.
Replace the second strlcat with a strncpy plus a manual null
termination.
Also rearrange the code to reduce indent depth to make it more
readable, and replace data with a char *cmdline to avoid extra
casts.
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
|
| |
Copy the config choice for CONFIG_CMDLINE_EXTEND from
arch/arm/Kconfig, including CONFIG_CMDLINE_FROM_BOOTLOADER
as the default. These will be used by drivers/of/fdt.c.
Change-Id: I8416038498ddf8fc1e99ab06109825eb1492aa7f
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old logic assumes CMDLINE_FROM_BOOTLOADER vs. CMDLINE_FORCE and
ignores CMDLINE_EXTEND. Here's the old logic:
- CONFIG_CMDLINE_FORCE=true
CONFIG_CMDLINE
- dt bootargs=non-empty:
dt bootargs
- dt bootargs=empty, @data is non-empty string
@data is left unchanged
- dt bootargs=empty, @data is empty string
CONFIG_CMDLINE (or "" if that's not defined)
The new logic is now documented in of_fdt.h and is copied here for
reference:
- CONFIG_CMDLINE_FORCE=true
CONFIG_CMDLINE
- CONFIG_CMDLINE_EXTEND=true, @data is non-empty string
@data + dt bootargs (even if dt bootargs are empty)
- CONFIG_CMDLINE_EXTEND=true, @data is empty string
CONFIG_CMDLINE + dt bootargs (even if dt bootargs are empty)
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=non-empty:
dt bootargs
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=empty, @data is non-empty string
@data is left unchanged
- CMDLINE_FROM_BOOTLOADER=true, dt bootargs=empty, @data is empty string
CONFIG_CMDLINE (or "" if that's not defined)
Signed-off-by: Doug Anderson <dianders@chromium.org>
CC: devicetree-discuss@lists.ozlabs.org
CC: Grant Likely <grant.likely@secretlab.ca>
CC: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: Rob Herring <rob.herring@calxeda.com>
Change-Id: I40ace250847f813358125dfcaa8998fd32cf7ea3
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the bootloader used a page table that is incompatible with domain 0
in client mode, and boots with the mmu on, then swithing domain 0 to
client mode causes a fault if we don't flush the tlb after updating
the page table pointer.
v2: Add ISB before loading dacr.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
|
|
|
| |
Allows a defconfig to set a list of dtbs to concatenate with an
Image.gz to create a Image.gz-dtb.
Includes 8adb162 arm64: Fix correct dtb clean-files location
Change-Id: I0b462322d5c970f1fdf37baffece7ad058099f4a
Signed-off-by: Alex Ray <aray@google.com>
|
| |
|
|
|
|
|
|
|
| |
Allow CONFIG_BUILD_ARM_APPENDED_DTB_IMAGE_NAMES to specify
a space separated list of dtbs to append to the zImage,
and name the resulting file zImage-dtb
Change-Id: Ied5d0bafbd1d01fc1f109c15c4283de7029903c9
Signed-off-by: Colin Cross <ccross@android.com>
|
| |
|
|
|
|
|
|
| |
Allows a defconfig to set a default dtb to concatenate with a zImage
to create a zImage-dtb.<dtb name>
Signed-off-by: Erik Gilling <konkers@android.com>
Change-Id: I34b643b1c49228fbae88a56e46c93c478089620d
|
| |
|
|
|
|
|
|
| |
In the 3.10 kernel, dtb-y is not defined in Makefile.boot anymore
but in dts/Makefile, so it needs to be included too.
Change-Id: I6d6fccf933709bcb6220ce8f12b4b9e2a7c40d63
Signed-off-by: Benoit Goby <benoit@android.com>
|
| |
|
|
|
|
| |
Added return address to show caller function in /proc/vmallocinfo
Change-Id: Ieb0bbf6ec82b561cea6ff18f0516744050dfc269
|
| |
|
|
|
|
|
|
|
| |
Move the poison pointer offset to 0xdead000000000000, a
recognized value that is not mappable by user-space exploits.
Change-Id: I558441a26a7c8390aa087f32c4cbe980de8c8ce3
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
| |
|
|
|
|
|
|
|
| |
The aarch64-linux-android- toolchain enables -fpic by default. -fpic
isn't needed for the kernel and breaks CONFIG_JUMP_LABEL, so turn it
off.
Change-Id: I685da1dc60e4cf1e9abcfb56e03654675ac02a0c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
| |
|
|
|
|
|
|
|
| |
A port of 8608d7c4418c75841c562a90cddd9beae5798a48 to ARM64. Both the
original code and this port are limited to dumping kernel addresses, so
don't bother if the registers are from a userspace process.
Change-Id: Idc76804c54efaaeb70311cbb500c54db6dac4525
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pfn_valid() returns a false positive when the lower (64 - PAGE_SHIFT)
bits match a valid pfn but some of the upper bits are set. This caused
a kernel panic in kpageflags_read() when a userspace utility parsed
/proc/*/pagemap, neglected to discard the upper flag bits, and tried to
lseek()+read() from the corresponding offset in /proc/kpageflags.
A valid pfn will never have the upper PAGE_SHIFT bits set, so simply
check for this before passing the pfn to memblock_is_memory().
Change-Id: Ief5d8cd4dd93cbecd545a634a8d5885865cb5970
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bail out early if IRQs are disabled in do_page_fault or else
[14415.157266] BUG: sleeping function called from invalid context at arch/arm/mm/fault.c:301
Russell King's idea from
http://comments.gmane.org/gmane.linux.ports.arm.omap/59256
Signed-off-by: JP Abgrall <jpa@google.com>
|
| |
|
|
|
| |
Change-Id: I5ca8db61b595adc642a07ea187bd41fd7636840e
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At times, it is necessary for boards to provide some additional information
as part of panic logs. Provide information on the board hardware as part
of panic logs.
It is safer to print this information at the very end in case something
bad happens as part of the information retrieval itself.
To use this, set global mach_panic_string to an appropriate string in the
board file.
Change-Id: Id12cdda87b0cd2940dd01d52db97e6162f671b4d
Signed-off-by: Nishanth Menon <nm@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the console_lock was held while the system was rebooted, the messages
in the temporary logbuffer would not have propogated to all the console
drivers.
This force releases the console lock if it failed to be acquired.
Change-Id: I193dcf7b968be17966833e50b8b8bc70d5d9fe89
Signed-off-by: Dima Zavin <dima@android.com>
|
| |
|
|
|
|
| |
Makes low-level printk work.
Signed-off-by: Tony Lindgren <tony@atomide.com>
|
| |
|
|
|
|
|
|
| |
If CACHE_FLUSH_RANGE_LIMIT is defined, then the entire dcache will
be flushed if the requested range is larger than this limit.
Change-Id: I29277d645a9d6716b1952cf3b870c78496261dd0
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix spinlock declaration and tty_insert/flip arguments.
If ARM DCC tty driver is enabled then we run into following build failure:
----------
CC drivers/char/dcc_tty.o
drivers/char/dcc_tty.c:29:36: error: ‘SPIN_LOCK_UNLOCKED’ undeclared here (not in a function)
drivers/char/dcc_tty.c: In function ‘dcc_poll_locked’:
drivers/char/dcc_tty.c:83:4: warning: passing argument 1 of ‘tty_insert_flip_string’ from incompatible pointer type [enabled by default]
In file included from drivers/char/dcc_tty.c:23:0:
include/linux/tty_flip.h:32:19: note: expected ‘struct tty_port *’ but argument is of type ‘struct tty_struct *’
drivers/char/dcc_tty.c:84:4: warning: passing argument 1 of ‘tty_flip_buffer_push’ from incompatible pointer type [enabled by default]
In file included from drivers/char/dcc_tty.c:23:0:
include/linux/tty_flip.h:13:13: note: expected ‘struct tty_port *’ but argument is of type ‘struct tty_struct *’
make[2]: *** [drivers/char/dcc_tty.o] Error 1
----------
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
|
| |
|
|
|
| |
Signed-off-by: Brian Swetland <swetland@google.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is extremely useful in diagnosing remote crashes, and is based heavily
on original work by <md@google.com>.
Signed-off-by: San Mehat <san@google.com>
Cc: Michael Davidson <md@google.com>
[ARM] process: Use uber-safe probe_kernel_address() to read mem when dumping.
This prevents the dump from taking pagefaults / external aborts.
Change-Id: I8df76e8638780f94fb1bd7ea4471e3f7b01df950
Signed-off-by: San Mehat <san@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix redundant "buffer->private_flags & ION_PRIV_FLAG_SHRINKER_FREE"
checks in if(!cached ...) condition block.
AOSP Change-Id: I98ee8902df0c80135dddfa998c4ca4c2bb44e40e,
"ion: Handle the memory mapping correctly on x86", is broken
on android-3.18+ kernels. It conflicts with upstream commit
53a91c68fa7b, "staging: ion: Add private buffer flag to skip
page pooling on free", and break the ION_PRIV_FLAG_SHRINKER_FREE
private flag check logic.
Change-Id: I9cee4bcc3545cf92e07c21c2b42d27cf88da3316
Reported-by: chenfeng <puck.chen@hisilicon.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
|
| |
|
|
|
|
|
|
|
| |
ION_POOL_CACHE_POLICY uses x86 specific commands.
Only allow it to be used for x86.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: Ic66e175fa41486b0b5f77872f2193add77cbe66f
(cherry picked from commit 43f4056cbec017c4414d74b032e9c14e009eabb0)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies the ion page pool code to address
limitation in x86 PAT. When one physical page is mapped
to multiple virtual pages, the same cache policy
should be used. Add set_memory_wc/uc call to avoid aliases.
If not, all mappings will be cached(write back).
Change-Id: I98ee8902df0c80135dddfa998c4ca4c2bb44e40e
Signed-off-by: Zhebin Jin <zhebin.jin@intel.com>
Signed-off-by: Vinil Cheeramvelil <vinil.cheeramvelil@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PAGE_SHIFT, After this change each bit in bitmap (genalloc - General purpose special memory pool)
represents one page size memory.
Cc:sprd-ind-kernel-group@googlegroups.com
Cc:sanjeev.yadav@spreadtrum.com
Cc:Colin Cross <ccross@android.com>
cc:John Stultz <john.stultz@linaro.org>
Change-Id: I1172285dac014ecd2f1a965604b697d6739c1726
Signed-off-by: Rajmal Menariya <rajmal.menariya@spreadtrum.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit "SELinux: Enable setting security contexts on rootfs inodes."
cherry-picked in experimental/android-4.1 used a now obsolete flag
SE_SBLABELSUPP. Rename it to SBLABEL_MNT as intended by upstream
commit 12f348b9dcf6 "SELinux: rename SE_SBLABELSUPP to SBLABEL_MNT",
otherwise we run into following build error:
CC security/selinux/hooks.o
security/selinux/hooks.c: In function ‘sb_finish_set_opts’:
security/selinux/hooks.c:459:19: error: ‘SE_SBLABELSUPP’ undeclared (first use in this function)
sbsec->flags |= SE_SBLABELSUPP;
^
security/selinux/hooks.c:459:19: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [security/selinux/hooks.o] Error 1
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NOT intended for new Android devices - this commit is unnecessary
for a target device that does not have a previous M variant.
DO NOT upstream. Android only.
Motivation:
This commit mitigates a mismatch between selinux kernel and
selinux userspace. The selinux ioctl white-listing binary policy
format that was accepted into Android M differs slightly from what
was later accepted into the upstream kernel. This leaves Android
master branch kernels incompatible with Android M releases. This
patch restores backwards compatibility. This is important because:
1. kernels may be updated on a different cycle than the rest of the
OS e.g. security patching.
2. Android M bringup may still be ongoing for some devices. The
same kernel should work for both M and master.
Backwards compatibility is achieved by checking for an Android M
policy characteristic during initial policy read and converting to
upstream policy format. The inverse conversion is done for policy
write as required for CTS testing.
Bug: 22846070
Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rootfs (ramfs) can support setting of security contexts
by userspace due to the vfs fallback behavior of calling
the security module to set the in-core inode state
for security.* attributes when the filesystem does not
provide an xattr handler. No xattr handler required
as the inodes are pinned in memory and have no backing
store.
This is useful in allowing early userspace to label individual
files within a rootfs while still providing a policy-defined
default via genfs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit b641072 ("security: Add AID_NET_RAW and AID_NET_ADMIN capability
check in cap_capable().") introduces additional checks for AID_NET_xxx
macros. Since the header file including those macros are conditionally
included, the checks should also be conditionally executed.
Change-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b
Signed-off-by: Tushar Behera <tushar.behera@linaro.org>
Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
|
