Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Jul 08, 2014

  1. net: wireless: bcmdhd: Add WIPHY_WOWLAN_ANY support

    Change-Id: I4a9de9ab40f6de2e5ef5830529cfb066d6c75b57
    Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
    Dmitry Shmidt authored

Feb 28, 2014

  1. android: base-cfg: enable DM_VERITY (used for secureboot)

    Change-Id: I68d769f97ffa76bb45e65d34a96dd7f558c02d08
    Signed-off-by: JP Abgrall <jpa@google.com>
    (cherry picked from commit 37cb5be)
    JP Abgrall authored
  2. android: configs: Add CONFIG_NETFILTER_XT_TARGET_IDLETIMER

    Signed-off-by: Ashish Sharma <ashishsharma@google.com>
    Ashish Sharma authored JP Abgrall committed
  3. android: configs: Grab the android/configs from kernel/common

    This is a squash of all changes from kernel/common android-3.4 up to
      5e35d66 android: configs: add IPV6 ROUTE INFO
    
    Change-Id: I848f1865ec7da1dfc3338a3e9d7f944a6f00f2a6
    Signed-off-by: JP Abgrall <jpa@google.com>
    JP Abgrall authored

Feb 19, 2014

  1. tcp: add a sysctl to config the tcp_default_init_rwnd

    The default initial rwnd was hardcoded to 10.
    
    Now we allow it to be controlled via
      /proc/sys/net/ipv4/tcp_default_init_rwnd
    which limits the values from 3 to 100
    
    This is somewhat needed because ipv6 routes are
    autoconfigured by the kernel.
    
    See "An Argument for Increasing TCP's Initial Congestion Window"
    in https://developers.google.com/speed/articles/tcp_initcwnd_paper.pdf
    
    Change-Id: I7eac8a0a5133371aea9ecb9aec0b608bd7f2cc57
    Signed-off-by: JP Abgrall <jpa@google.com>
    JP Abgrall authored

Feb 13, 2014

  1. fix false disconnect due to a signal sent to the reading process

    - In the current implementation, when a signal is sent to the reading process,
      read is cancelled by calling usb_ep_dequeue, which lead into calling
      acc_complete_out with ECONNRESET, but the current logic treats it as
      disconnection, which makes the device inaccessible until cable is actually
      disconnected.
    - The fix calls disconnect only when ESHUTDOWN error is passed.
    - If data has already arrived while trying cancelling, the data is marked
      as available, and it will be read out on the next read. This is necessary
      as USB bulk is assumed to guarantee no data loss.
    
    Signed-off-by: keunyoung <keunyoung@google.com>
    keunyoung authored JP Abgrall committed

Feb 08, 2014

  1. stephensmalley

    SELinux: Fix kernel BUG on empty security contexts.

    Setting an empty security context (length=0) on a file will
    lead to incorrectly dereferencing the type and other fields
    of the security context structure, yielding a kernel BUG.
    As a zero-length security context is never valid, just reject
    all such security contexts whether coming from userspace
    via setxattr or coming from the filesystem upon a getxattr
    request by SELinux.
    
    Setting a security context value (empty or otherwise) unknown to
    SELinux in the first place is only possible for a root process
    (CAP_MAC_ADMIN), and, if running SELinux in enforcing mode, only
    if the corresponding SELinux mac_admin permission is also granted
    to the domain by policy.  In Fedora policies, this is only allowed for
    specific domains such as livecd for setting down security contexts
    that are not defined in the build host policy.
    
    [On Android, this can only be set by root/CAP_MAC_ADMIN processes,
    and if running SELinux in enforcing mode, only if mac_admin permission
    is granted in policy.  In Android 4.4, this would only be allowed for
    root/CAP_MAC_ADMIN processes that are also in unconfined domains. In current
    AOSP master, mac_admin is not allowed for any domains except the recovery
    console which has a legitimate need for it.  The other potential vector
    is mounting a maliciously crafted filesystem for which SELinux fetches
    xattrs (e.g. an ext4 filesystem on a SDcard).  However, the end result is
    only a local denial-of-service (DOS) due to kernel BUG.  This fix is
    queued for 3.14.]
    
    Reproducer:
    su
    setenforce 0
    touch foo
    setfattr -n security.selinux foo
    
    Caveat:
    Relabeling or removing foo after doing the above may not be possible
    without booting with SELinux disabled.  Any subsequent access to foo
    after doing the above will also trigger the BUG.
    
    BUG output from Matthew Thode:
    [  473.893141] ------------[ cut here ]------------
    [  473.962110] kernel BUG at security/selinux/ss/services.c:654!
    [  473.995314] invalid opcode: 0000 [#6] SMP
    [  474.027196] Modules linked in:
    [  474.058118] CPU: 0 PID: 8138 Comm: ls Tainted: G      D   I
    3.13.0-grsec #1
    [  474.116637] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0
    07/29/10
    [  474.149768] task: ffff8805f50cd010 ti: ffff8805f50cd488 task.ti:
    ffff8805f50cd488
    [  474.183707] RIP: 0010:[<ffffffff814681c7>]  [<ffffffff814681c7>]
    context_struct_compute_av+0xce/0x308
    [  474.219954] RSP: 0018:ffff8805c0ac3c38  EFLAGS: 00010246
    [  474.252253] RAX: 0000000000000000 RBX: ffff8805c0ac3d94 RCX:
    0000000000000100
    [  474.287018] RDX: ffff8805e8aac000 RSI: 00000000ffffffff RDI:
    ffff8805e8aaa000
    [  474.321199] RBP: ffff8805c0ac3cb8 R08: 0000000000000010 R09:
    0000000000000006
    [  474.357446] R10: 0000000000000000 R11: ffff8805c567a000 R12:
    0000000000000006
    [  474.419191] R13: ffff8805c2b74e88 R14: 00000000000001da R15:
    0000000000000000
    [  474.453816] FS:  00007f2e75220800(0000) GS:ffff88061fc00000(0000)
    knlGS:0000000000000000
    [  474.489254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  474.522215] CR2: 00007f2e74716090 CR3: 00000005c085e000 CR4:
    00000000000207f0
    [  474.556058] Stack:
    [  474.584325]  ffff8805c0ac3c98 ffffffff811b549b ffff8805c0ac3c98
    ffff8805f1190a40
    [  474.618913]  ffff8805a6202f08 ffff8805c2b74e88 00068800d0464990
    ffff8805e8aac860
    [  474.653955]  ffff8805c0ac3cb8 000700068113833a ffff880606c75060
    ffff8805c0ac3d94
    [  474.690461] Call Trace:
    [  474.723779]  [<ffffffff811b549b>] ? lookup_fast+0x1cd/0x22a
    [  474.778049]  [<ffffffff81468824>] security_compute_av+0xf4/0x20b
    [  474.811398]  [<ffffffff8196f419>] avc_compute_av+0x2a/0x179
    [  474.843813]  [<ffffffff8145727b>] avc_has_perm+0x45/0xf4
    [  474.875694]  [<ffffffff81457d0e>] inode_has_perm+0x2a/0x31
    [  474.907370]  [<ffffffff81457e76>] selinux_inode_getattr+0x3c/0x3e
    [  474.938726]  [<ffffffff81455cf6>] security_inode_getattr+0x1b/0x22
    [  474.970036]  [<ffffffff811b057d>] vfs_getattr+0x19/0x2d
    [  475.000618]  [<ffffffff811b05e5>] vfs_fstatat+0x54/0x91
    [  475.030402]  [<ffffffff811b063b>] vfs_lstat+0x19/0x1b
    [  475.061097]  [<ffffffff811b077e>] SyS_newlstat+0x15/0x30
    [  475.094595]  [<ffffffff8113c5c1>] ? __audit_syscall_entry+0xa1/0xc3
    [  475.148405]  [<ffffffff8197791e>] system_call_fastpath+0x16/0x1b
    [  475.179201] Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48
    8b 3d 45 d0 b6 00 8b 40 08 89 c6 ff ce e8 d1 b0 06 00 48 85 c0 49 89 c7
    75 02 <0f> 0b 48 8b 45 b8 4c 8b 28 eb 1e 49 8d 7d 08 be 80 01 00 00 e8
    [  475.255884] RIP  [<ffffffff814681c7>]
    context_struct_compute_av+0xce/0x308
    [  475.296120]  RSP <ffff8805c0ac3c38>
    [  475.328734] ---[ end trace f076482e9d754adc ]---
    
    [sds:  commit message edited to note Android implications and
    to generate a unique Change-Id for gerrit]
    
    Change-Id: I4d5389f0cfa72b5f59dada45081fa47e03805413
    Reported-by:  Matthew Thode <mthode@mthode.org>
    Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: stable@vger.kernel.org
    Signed-off-by: Paul Moore <pmoore@redhat.com>
    stephensmalley authored JP Abgrall committed

Feb 05, 2014

  1. netfilter: xt_IDLETIMER: Revert to retain the kernel API format.

    Reverted Change-Id: Iaeca5dd2d7878c0733923ae03309a2a7b86979ca
    
    Change-Id: I0e0a4f60ec14330d8d8d1c5a508fa058d9919e07
    Signed-off-by: Ashish Sharma <ashishsharma@google.com>
    Ashish Sharma authored JP Abgrall committed
  2. Steven Rostedt

    SELinux: Fix possible NULL pointer dereference in selinux_inode_permi…

    …ssion()
    
    While running stress tests on adding and deleting ftrace instances I hit
    this bug:
    
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
      IP: selinux_inode_permission+0x85/0x160
      PGD 63681067 PUD 7ddbe067 PMD 0
      Oops: 0000 [#1] PREEMPT
      CPU: 0 PID: 5634 Comm: ftrace-test-mki Not tainted 3.13.0-rc4-test-00033-gd2a6dde-dirty #20
      Hardware name:                  /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006
      task: ffff880078375800 ti: ffff88007ddb0000 task.ti: ffff88007ddb0000
      RIP: 0010:[<ffffffff812d8bc5>]  [<ffffffff812d8bc5>] selinux_inode_permission+0x85/0x160
      RSP: 0018:ffff88007ddb1c48  EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000800000 RCX: ffff88006dd43840
      RDX: 0000000000000001 RSI: 0000000000000081 RDI: ffff88006ee46000
      RBP: ffff88007ddb1c88 R08: 0000000000000000 R09: ffff88007ddb1c54
      R10: 6e6576652f6f6f66 R11: 0000000000000003 R12: 0000000000000000
      R13: 0000000000000081 R14: ffff88006ee46000 R15: 0000000000000000
      FS:  00007f217b5b6700(0000) GS:ffffffff81e21000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033^M
      CR2: 0000000000000020 CR3: 000000006a0fe000 CR4: 00000000000007f0
      Call Trace:
        security_inode_permission+0x1c/0x30
        __inode_permission+0x41/0xa0
        inode_permission+0x18/0x50
        link_path_walk+0x66/0x920
        path_openat+0xa6/0x6c0
        do_filp_open+0x43/0xa0
        do_sys_open+0x146/0x240
        SyS_open+0x1e/0x20
        system_call_fastpath+0x16/0x1b
      Code: 84 a1 00 00 00 81 e3 00 20 00 00 89 d8 83 c8 02 40 f6 c6 04 0f 45 d8 40 f6 c6 08 74 71 80 cf 02 49 8b 46 38 4c 8d 4d cc 45 31 c0 <0f> b7 50 20 8b 70 1c 48 8b 41 70 89 d9 8b 78 04 e8 36 cf ff ff
      RIP  selinux_inode_permission+0x85/0x160
      CR2: 0000000000000020
    
    Investigating, I found that the inode->i_security was NULL, and the
    dereference of it caused the oops.
    
    in selinux_inode_permission():
    
    	isec = inode->i_security;
    
    	rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
    
    Note, the crash came from stressing the deletion and reading of debugfs
    files.  I was not able to recreate this via normal files.  But I'm not
    sure they are safe.  It may just be that the race window is much harder
    to hit.
    
    What seems to have happened (and what I have traced), is the file is
    being opened at the same time the file or directory is being deleted.
    As the dentry and inode locks are not held during the path walk, nor is
    the inodes ref counts being incremented, there is nothing saving these
    structures from being discarded except for an rcu_read_lock().
    
    The rcu_read_lock() protects against freeing of the inode, but it does
    not protect freeing of the inode_security_struct.  Now if the freeing of
    the i_security happens with a call_rcu(), and the i_security field of
    the inode is not changed (it gets freed as the inode gets freed) then
    there will be no issue here.  (Linus Torvalds suggested not setting the
    field to NULL such that we do not need to check if it is NULL in the
    permission check).
    
    Note, this is a hack, but it fixes the problem at hand.  A real fix is
    to restructure the destroy_inode() to call all the destructor handlers
    from the RCU callback.  But that is a major job to do, and requires a
    lot of work.  For now, we just band-aid this bug with this fix (it
    works), and work on a more maintainable solution in the future.
    
    Link: http://lkml.kernel.org/r/20140109101932.0508dec7@gandalf.local.home
    Link: http://lkml.kernel.org/r/20140109182756.17abaaa8@gandalf.local.home
    
    Cc: stable@vger.kernel.org
    Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    rostedt authored JP Abgrall committed

Feb 03, 2014

  1. nf: xt_qtaguid: fix handling for cases where tunnels are used.

    * fix skb->dev vs par->in/out
    When there is some forwarding going on, it introduces extra state
    around devs associated with xt_action_param->in/out and sk_buff->dev.
    E.g.
       par->in and par->out are both set, or
       skb->dev and par->out are both set (and different)
    This would lead qtaguid to make the wrong assumption about the
    direction and update the wrong device stats.
    Now we rely more on par->in/out.
    
    * Fix handling when qtaguid is used as "owner"
    When qtaguid is used as an owner module, and sk_socket->file is
    not there (happens when tunnels are involved), it would
    incorrectly do a tag stats update.
    
    * Correct debug messages.
    
    Bug: 11687690
    Change-Id: I2b1ff8bd7131969ce9e25f8291d83a6280b3ba7f
    Signed-off-by: JP Abgrall <jpa@google.com>
    (cherry picked from commit 2b71479)
    JP Abgrall authored

Jan 29, 2014

  1. hannes

    ping: prevent NULL pointer dereference on write to msg_name

    A plain read() on a socket does set msg->msg_name to NULL. So check for
    NULL pointer first.
    
    [Backport of net-next cf970c0]
    
    Bug: 12780426
    Change-Id: I29d9cb95ef05ec76d37517e01317f4a29e60931c
    Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
    hannes authored Lorenzo Colitti committed

Sep 04, 2013

  1. net: wireless: bcmdhd: Clean scan status if request is empty

    Change-Id: I1c00b5a84846faf316305f57a6a74ded2288a6fd
    Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
    Dmitry Shmidt authored

Aug 22, 2013

  1. net: wireless: bcmdhd: Inject EID value if it has 0 length

    Change-Id: Ifd102bee45e1a1e04ba015c39631a741ca74d6ee
    Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
    Dmitry Shmidt authored

Aug 21, 2013

  1. net: wireless: bcmdhd: Fix roaming to hidden AP

    Change-Id: Id64d12962049833e19705fbe109ef04b60014079
    Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
    Dmitry Shmidt authored

Aug 05, 2013

  1. net: ipv6: fix wrong ping_v6_sendmsg return value

    [net-next commit fbfe80c]
    
    ping_v6_sendmsg currently returns 0 on success. It should return
    the number of bytes written instead.
    
    Bug: 9469865
    Change-Id: I82b7d3a37ba91ad24e6dbd97a4880745ce16ad31
    Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Lorenzo Colitti authored
  2. net: ipv6: add missing lock in ping_v6_sendmsg

    [net-next commit a1bdc45]
    
    Bug: 9469865
    Change-Id: I480f8ce95956dd8f17fbbb26dc60cc162f8ec933
    Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Lorenzo Colitti authored

Jul 23, 2013

  1. net: wireless: bcmdhd: Enable p2p support bits for p2p device

    Change-Id: Ie3537aaeecdbbddb5219b41c42f2f6ac5d85f5b4
    Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
    Dmitry Shmidt authored

Jun 26, 2013

  1. ping: always initialize ->sin6_scope_id and ->sin6_flowinfo

    [net-next commit c26d6b4]
    
    If we don't need scope id, we should initialize it to zero.
    Same for ->sin6_flowinfo.
    
    Change-Id: I28e4bc9593e76fc3434052182466fab4bb8ccf3a
    Cc: Lorenzo Colitti <lorenzo@google.com>
    Cc: David S. Miller <davem@davemloft.net>
    Signed-off-by: Cong Wang <amwang@redhat.com>
    Acked-by: Lorenzo Colitti <lorenzo@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Cong Wang authored jp abgrall committed
  2. net: ipv6: Add IPv6 support to the ping socket.

    [backport of net-next 6d0bfe2]
    
    This adds the ability to send ICMPv6 echo requests without a
    raw socket. The equivalent ability for ICMPv4 was added in
    2011.
    
    Instead of having separate code paths for IPv4 and IPv6, make
    most of the code in net/ipv4/ping.c dual-stack and only add a
    few IPv6-specific bits (like the protocol definition) to a new
    net/ipv6/ping.c. Hopefully this will reduce divergence and/or
    duplication of bugs in the future.
    
    Caveats:
    
    - Setting options via ancillary data (e.g., using IPV6_PKTINFO
      to specify the outgoing interface) is not yet supported.
    - There are no separate security settings for IPv4 and IPv6;
      everything is controlled by /proc/net/ipv4/ping_group_range.
    - The proc interface does not yet display IPv6 ping sockets
      properly.
    
    Tested with a patched copy of ping6 and using raw socket calls.
    Compiles and works with all of CONFIG_IPV6={n,m,y}.
    
    Change-Id: Ia359af556021344fc7f890c21383aadf950b6498
    Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    [lorenzo@google.com: backported to 3.0]
    Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
    Lorenzo Colitti authored JP Abgrall committed
  3. hannes

    ipv6: introdcue __ipv6_addr_needs_scope_id and ipv6_iface_scope_id he…

    …lper functions
    
    [net-next commit b7ef213]
    
    __ipv6_addr_needs_scope_id checks if an ipv6 address needs to supply
    a 'sin6_scope_id != 0'. 'sin6_scope_id != 0' was enforced in case
    of link-local addresses. To support interface-local multicast these
    checks had to be enhanced and are now consolidated into these new helper
    functions.
    
    v2:
    a) migrated to struct ipv6_addr_props
    
    v3:
    a) reverted changes for ipv6_addr_props
    b) test for address type instead of comparing scope
    
    v4:
    a) unchanged
    
    Change-Id: Id6fc54cec61f967928e08a9eba4f857157d973a3
    Suggested-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
    Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    hannes authored jp abgrall committed
  4. misc: uidstat: avoid create_stat() race and blockage.

    * create_stat() race would lead to:
      [   58.132324] proc_dir_entry 'uid_stat/10061' already registered
    
    * blocking kmalloc reported by sbranden
     tcp_read_sock()
      uid_stat_tcp_rcv()
        create_stat()
          kmalloc(GFP_KERNEL)
    
    Signed-off-by: JP Abgrall <jpa@google.com>
    JP Abgrall authored

Jun 12, 2013

  1. cpufreq: interactive: avoid underflow on active time calculation

    Check for idle time delta less than elapsed time delta, avoid
    underflow computing active time.
    
    Change-Id: I3e4c6ef1ad794eec49ed379c0c50fa727fd6ad28
    Signed-off-by: Minsung Kim <ms925.kim@samsung.com>
    Minsung Kim authored Todd Poynor committed
  2. cpufreq: interactive: reduce chance of zero time delta on load eval

    Reschedule load sampling timer after timestamp of sample start taken,
    hold spinlock across entire sequence to avoid preemption.  Avoid the
    WARN for zero time delta in the load sampling timer function.
    
    Change-Id: Idc10a756f09141decb6df92669521a1ebf0dbc10
    Signed-off-by: Todd Poynor <toddpoynor@google.com>
    Todd Poynor authored
  3. cpufreq: interactive: handle errors from cpufreq_frequency_table_target

    Add checks for error return from cpufreq_frequency_table_target, and be
    less noisy on the existing call with an error check.  CPU hotplug and
    system shutdown may cause this call to return -EINVAL.
    
    Bug: 8613560
    Change-Id: Id78d8829920462c0db1c7e14e717d91740d6cb44
    Signed-off-by: Todd Poynor <toddpoynor@google.com>
    Todd Poynor authored

Jun 05, 2013

  1. ashmem: avoid deadlock between read and mmap calls

    Avoid holding ashmem_mutex across code that can page fault.  Page faults
    grab the mmap_sem for the process, which are also held by mmap calls
    prior to calling ashmem_mmap, which locks ashmem_mutex.  The reversed
    order of locking between the two can deadlock.
    
    The calls that can page fault are read() and the ASHMEM_SET_NAME and
    ASHMEM_GET_NAME ioctls.  Move the code that accesses userspace pages
    outside the ashmem_mutex.
    
    Bug: 9261835
    Change-Id: If1322e981d29c889a56cdc9dfcbc6df2729a45e9
    Signed-off-by: Todd Poynor <toddpoynor@google.com>
    Todd Poynor authored

May 28, 2013

  1. ARM: Allow SoCs to enable scatterlist chaining

    Allow SoCs to enable the scatterlist chaining support, which allows
    scatterlist tables to be broken up into smaller allocations.
    
    As support for this feature depends on the implementation details of
    the users of the scatterlists, we can't enable this globally without
    auditing all the users, which is a very big task.  Instead, let SoCs
    progressively switch over to using this.
    
    SoC drivers using scatterlists and SoC DMA implementations need
    auditing before this option can be enabled for the SoC.
    
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
    Russell King authored Rom Lemarchand committed
  2. trace/events: fix gpu event timestamp formatting

    This change fixes the how the gpu_sched_switch timestamp field is formatted.
    
    Signed-off-by: Jamie Gennis <jgennis@google.com>
    Change-Id: I273234935254ed15772c9e561c9af20e480004ae
    Jamie Gennis authored Rom Lemarchand committed
  3. trace/events: add gpu trace events

    Change-Id: I0607b9c776acf61cb796b8572cf8cfb8b2dc1377
    Signed-off-by: Jamie Gennis <jgennis@google.com>
    Jamie Gennis authored Rom Lemarchand committed
  4. gpu: ion: Fix bug in ion shrinker

    The high variable was sometimes used uninitialized
    
    Change-Id: I2f51413fd2d063fdff325047e824dc8c749d9e0a
    Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
    Rebecca Schultz Zavin authored Rom Lemarchand committed
  5. gpu: ion: ion_chunk_heap: Zero chunk heap memory at creation time

    Allocations from the ion heap need to be zeroed to protect userspace
    from seeing memory belonging to other processes.  First allocations
    from this heap were not zero'd allowing users to see memory from other
    processes on a warm reset.
    
    Change-Id: I524a7b79cb76c390c870fcf8b30d213185fc85a0
    Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
    Rebecca Schultz Zavin authored Rom Lemarchand committed
  6. gpu: ion: fix kfree/list_del order

    With CONFIG_SLUB_DEBUG_ON it would panic during
    ion_alloc()
     ion_buffer_create()
       io_heap_drain_freelist()
    
    Signed-off-by: JP Abgrall <jpa@google.com>
    JP Abgrall authored Rom Lemarchand committed
  7. gpu: ion: Make ion_free asynchronous

    Add the ability for a heap to free buffers asynchrounously.  Freed buffers
    are placed on a free list and freed from a low priority background thread.
    If allocations from a particular heap fail, the free list is drained.  This
    patch also enable asynchronous frees from the chunk heap.
    
    Change-Id: Idfdbc8608b6cbd9e27d2e31ea4fd84fea9f69f7d
    Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
    Rebecca Schultz Zavin authored Rom Lemarchand committed
  8. gpu: ion: Add support for sharing buffers with dma buf kernel handles

    Currently ion can only share buffers with dma buf fd's. Fd's can not be
    used inside the kernel as they are process specific so support for
    sharing buffers with dma buf kernel handles is needed to support kernel
    only use cases. An example use case could be a GPU driver using ion
    that wants to share its output buffers with a 3d party display
    controller driver supporting dma buf.
    
    Change-Id: If1b3753ddbd5b44c5a3e622055d5473e16fc1c48
    Signed-off-by: Johan Mossberg <johan.mossberg@stericsson.com>
    Johan Mossberg authored Rom Lemarchand committed
  9. gpu: ion: Only flush buffers in the chunk heap if they were used cached

    Change-Id: I4ffcf81a6be09e968310bbd882fb017415d61b48
    Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
    Rebecca Schultz Zavin authored Rom Lemarchand committed
  10. gpu: ion: Refactor the code to zero buffers

    Refactor the code in the system heap used to map and zero the buffers
    into a seperate utility so it can be called from other heaps.  Use it from
    the chunk heap.
    
    Change-Id: I706341ae42b80bc4aae8a8614b4f73435bbf05d9
    Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
    Rebecca Schultz Zavin authored Rom Lemarchand committed
Something went wrong with that request. Please try again.