Strona główna Odkrywaj Pomoc
Zaloguj się
xiaomi-sm8450
/
android_kernel_xiaomi_sm8450
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Merge keystone/android12-5.10-keystone-qcom-release.198+ (3724c71) into msm-5.10

* refs/heads/tmp-3724c71:
  ANDROID: ABI: Update symbol list for Mediatek
  ANDROID: Add vendor hook for ufs perf heuristic and error recovery
  ANDROID: scsi: ufs: add perf heuristic design
  ANDROID: scsi: ufs: vendor check response and recovery addition
  FROMGIT: PM / devfreq: Synchronize devfreq_monitor_[start/stop]
  UPSTREAM: dm verity: don't perform FEC for failed readahead IO
  UPSTREAM: netfilter: nft_set_pipapo: skip inactive elements during set walk
  UPSTREAM: ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
  UPSTREAM: x86/sev: Check for user-space IOIO pointing to kernel space
  UPSTREAM: x86/sev: Check IOBM for IOIO exceptions from user-space
  UPSTREAM: nvmet-tcp: Fix a possible UAF in queue intialization setup
  FROMLIST: binder: fix memory leaks of spam and pending work
  ANDROID: Snapshot Mainline's version of checkpatch.pl
  ANDROID: scsi: ufs: vendor check response and recovery addition
  ANDROID: scsi: ufs: add perf heuristic design
  ANDROID: ABI: Update symbol list for Mediatek
  ANDROID: Add vendor hook for ufs perf heuristic and error recovery
  UPSTREAM: io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
  UPSTREAM: ufs: core: wlun send SSU timeout recovery
  ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override
  ANDROID: fix up rpmsg_device ABI break
  ANDROID: fix up platform_device ABI break
  UPSTREAM: rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
  UPSTREAM: rpmsg: glink: Release driver_override
  BACKPORT: rpmsg: Fix calling device_lock() on non-initialized device
  BACKPORT: rpmsg: Fix kfree() of static memory on setting driver_override
  UPSTREAM: rpmsg: Constify local variable in field store macro
  UPSTREAM: driver: platform: Add helper for safer setting of driver_override
  FROMGIT: Input: uinput - allow injecting event times
  ANDROID: abi_gki_aarch64_qcom: Add android_gki_sysctl_vals
  UPSTREAM: kheaders: Have cpio unconditionally replace files
  ANDROID: ABI: Update oplus symbol list
  ANDROID: vendor_hooks: Add hooks for binder
  BACKPORT: firmware_loader: Abort all upcoming firmware load request once reboot triggered
  UPSTREAM: firmware_loader: Refactor kill_pending_fw_fallback_reqs()

 Conflicts:
	drivers/rpmsg/qcom_glink_native.c
	scripts/checkpatch.pl

Change-Id: Ida92ae178d85f57a32e4d91bba787f1985decfc1
Signed-off-by: Sivasri Kumar, Vanka <[email protected]>
Sivasri Kumar, Vanka 1 rok temu
rodzic
b284e4819c 3724c71648
commit
4a7ce2bb52
30 zmienionych plików z 1306 dodań i 400 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 2 4
      android/ACK_SHA
  2. 228 201
      android/abi_gki_aarch64.xml
  3. 20 13
      android/abi_gki_aarch64_db845c
  4. 14 0
      android/abi_gki_aarch64_mtk
  5. 12 0
      android/abi_gki_aarch64_oplus
  6. 10 0
      arch/x86/boot/compressed/sev-es.c
  7. 44 9
      arch/x86/kernel/sev-es-shared.c
  8. 27 0
      arch/x86/kernel/sev-es.c
  9. 22 4
      drivers/android/binder.c
  10. 13 0
      drivers/android/vendor_hooks.c
  11. 69 0
      drivers/base/driver.c
  12. 4 24
      drivers/base/platform.c
  13. 22 2
      drivers/devfreq/devfreq.c
  14. 34 0
      drivers/input/misc/uinput.c
  15. 3 1
      drivers/md/dm-verity-target.c
  16. 2 5
      drivers/nvme/target/tcp.c
  17. 2 0
      drivers/rpmsg/qcom_glink_native.c
  18. 33 4
      drivers/rpmsg/rpmsg_core.c
  19. 1 4
      drivers/rpmsg/rpmsg_internal.h
  20. 52 19
      drivers/scsi/ufs/ufshcd.c
  21. 19 0
      drivers/scsi/ufs/ufshcd.h
  22. 2 0
      include/linux/device/driver.h
  23. 5 1
      include/linux/platform_device.h
  24. 11 1
      include/linux/rpmsg.h
  25. 26 0
      include/trace/hooks/binder.h
  26. 34 0
      include/trace/hooks/ufshcd.h
  27. 12 6
      io_uring/io_uring.c
  28. 4 2
      net/ipv4/igmp.c
  29. 3 0
      net/netfilter/nft_set_pipapo.c
  30. 576 100
      scripts/checkpatch.pl

+ 2 - 4
android/ACK_SHA
Wyświetl plik 

@@ -1,4 +1,2 @@
 
-android12-5.10-2023-11_r2
 
-
 
-226a9632f13d26e93fa416f6b003712b69118322
 
-
 
+26d1d5093064d66f4aeef96a10c76ec6186df1c6
 
+android12-5.10-2024-01_r1

Plik diff jest za duży
+ 228 - 201
android/abi_gki_aarch64.xml


+ 20 - 13
android/abi_gki_aarch64_db845c
Wyświetl plik 

@@ -213,7 +213,6 @@
 
   gpiochip_generic_request
 
   gpiochip_get_data
 
   gpiochip_remove
 
-  gpiod_direction_output
 
   gpiod_direction_output_raw
 
   gpiod_set_consumer_name
 
   gpiod_set_raw_value
 
@@ -469,10 +468,6 @@
 
   qcom_smem_state_unregister
 
   queue_delayed_work_on
 
   queue_work_on
 
-  radix_tree_delete
 
-  radix_tree_insert
 
-  radix_tree_lookup
 
-  radix_tree_next_chunk
 
   ___ratelimit
 
   rational_best_approximation
 
   _raw_spin_lock
 
@@ -526,6 +521,7 @@
 
   reset_control_reset
 
   round_jiffies_up
 
   rpmsg_register_device
 
+  rpmsg_register_device_override
 
   rpmsg_send
 
   rpmsg_unregister_device
 
   rproc_add
 
@@ -609,6 +605,7 @@
 
   strncpy
 
   strnlen
 
   strpbrk
 
+  strscpy
 
   strscpy_pad
 
   strsep
 
   __sw_hweight16
 
@@ -761,7 +758,6 @@
 
   skb_dequeue_tail
 
   skb_realloc_headroom
 
   strlcat
 
-  strscpy
 
   thermal_cooling_device_register
 
   vzalloc
 
 
@@ -769,8 +765,8 @@
 
   pci_clear_master
 
   pci_disable_device
 
   pci_disable_msi
 
+  pcie_capability_clear_and_set_word
 
   pcie_capability_read_word
 
-  pcie_capability_write_word
 
   pci_enable_device
 
   pci_enable_msi
 
   pci_iomap
 
@@ -1136,9 +1132,12 @@
 
   drm_atomic_private_obj_fini
 
   drm_atomic_private_obj_init
 
   drm_bridge_attach
 
+  drm_bridge_connector_enable_hpd
 
+  drm_bridge_connector_init
 
+  drm_bridge_detect
 
+  drm_bridge_hpd_notify
 
   drm_compat_ioctl
 
   drm_connector_has_possible_encoder
 
-  drm_connector_init_with_ddc
 
   drm_connector_list_iter_begin
 
   drm_connector_list_iter_end
 
   drm_connector_list_iter_next
 
@@ -1285,7 +1284,6 @@
 
   generic_file_llseek
 
   get_pid_task
 
   get_unused_fd_flags
 
-  gpiod_direction_input
 
   gpiod_get_value
 
   gpiod_set_value
 
   hdmi_audio_infoframe_pack
 
@@ -1367,10 +1365,6 @@
 
   tty_termios_baud_rate
 
   tty_termios_encode_baud_rate
 
 
-# required by ns.ko
 
-  kernel_bind
 
-  radix_tree_iter_resume
 
-
 
 # required by nvmem_qfprom.ko
 
   devm_nvmem_register
 
 
@@ -1531,6 +1525,7 @@
 
   srcu_notifier_chain_unregister
 
 
 # required by qcom_geni_serial.ko
 
+  devm_krealloc
 
   dev_pm_clear_wake_irq
 
   dev_pm_set_dedicated_wake_irq
 
   oops_in_progress
 
@@ -1590,10 +1585,16 @@
 
   autoremove_wake_function
 
   datagram_poll
 
   do_wait_intr_irq
 
+  kernel_bind
 
   lock_sock_nested
 
   proto_register
 
   proto_unregister
 
+  radix_tree_delete
 
+  radix_tree_insert
 
   radix_tree_iter_delete
 
+  radix_tree_iter_resume
 
+  radix_tree_lookup
 
+  radix_tree_next_chunk
 
   _raw_write_lock_bh
 
   _raw_write_unlock_bh
 
   refcount_dec_and_mutex_lock
 
@@ -1731,6 +1732,9 @@
 
   of_clk_add_provider
 
   of_clk_src_simple_get
 
 
+# required by snd-soc-wsa881x.ko
 
+  gpiod_direction_output
 
+
 
 # required by socinfo.ko
 
   add_device_randomness
 
   soc_device_register
 
@@ -1807,8 +1811,11 @@
 
   mfd_remove_devices
 
 
 # preserved by --additions-only
 
+  drm_connector_init_with_ddc
 
+  gpiod_direction_input
 
   idr_alloc_u32
 
   of_clk_get_by_name
 
+  pcie_capability_write_word
 
   snd_pcm_create_iec958_consumer_hw_params
 
   snd_soc_get_volsw_sx
 
   snd_soc_info_volsw_sx

+ 14 - 0
android/abi_gki_aarch64_mtk
Wyświetl plik 

@@ -2227,7 +2227,14 @@
 
   __traceiter_android_vh_snd_compr_use_pause_in_drain
 
   __traceiter_android_vh_sound_usb_support_cpu_suspend
 
   __traceiter_android_vh_syscall_prctl_finished
 
+  __traceiter_android_vh_ufs_abort_success_ctrl
 
+  __traceiter_android_vh_ufs_compl_rsp_check_done
 
+  __traceiter_android_vh_ufs_err_check_ctrl
 
+  __traceiter_android_vh_ufs_err_handler
 
+  __traceiter_android_vh_ufs_err_print_ctrl
 
+  __traceiter_android_vh_ufs_perf_huristic_ctrl
 
   __traceiter_android_vh_ufs_send_command
 
+  __traceiter_android_vh_ufs_send_command_post_change
 
   __traceiter_android_vh_ufs_send_tm_command
 
   __traceiter_cpu_frequency
 
   __traceiter_gpu_mem_total
 
@@ -2312,7 +2319,14 @@
 
   __tracepoint_android_vh_snd_compr_use_pause_in_drain
 
   __tracepoint_android_vh_sound_usb_support_cpu_suspend
 
   __tracepoint_android_vh_syscall_prctl_finished
 
+  __tracepoint_android_vh_ufs_abort_success_ctrl
 
+  __tracepoint_android_vh_ufs_compl_rsp_check_done
 
+  __tracepoint_android_vh_ufs_err_check_ctrl
 
+  __tracepoint_android_vh_ufs_err_handler
 
+  __tracepoint_android_vh_ufs_err_print_ctrl
 
+  __tracepoint_android_vh_ufs_perf_huristic_ctrl
 
   __tracepoint_android_vh_ufs_send_command
 
+  __tracepoint_android_vh_ufs_send_command_post_change
 
   __tracepoint_android_vh_ufs_send_tm_command
 
   __tracepoint_cpu_frequency
 
   __tracepoint_gpu_mem_total

+ 12 - 0
android/abi_gki_aarch64_oplus
Wyświetl plik 

@@ -2966,6 +2966,12 @@
 
   __traceiter_task_newtask
 
   __traceiter_task_rename
 
   __traceiter_xhci_urb_giveback
 
+  __traceiter_android_vh_binder_proc_transaction_finish
 
+  __traceiter_android_vh_alloc_oem_binder_struct
 
+  __traceiter_android_vh_binder_transaction_received
 
+  __traceiter_android_vh_free_oem_binder_struct
 
+  __traceiter_android_vh_binder_special_task
 
+  __traceiter_android_vh_binder_free_buf
 
   __tracepoint_android_rvh_account_irq
 
   __tracepoint_android_rvh_after_enqueue_task
 
   __tracepoint_android_rvh_build_perf_domains
 
@@ -3238,6 +3244,12 @@
 
   __tracepoint_task_newtask
 
   __tracepoint_task_rename
 
   __tracepoint_xhci_urb_giveback
 
+  __tracepoint_android_vh_binder_proc_transaction_finish
 
+  __tracepoint_android_vh_alloc_oem_binder_struct
 
+  __tracepoint_android_vh_binder_transaction_received
 
+  __tracepoint_android_vh_free_oem_binder_struct
 
+  __tracepoint_android_vh_binder_special_task
 
+  __tracepoint_android_vh_binder_free_buf
 
   trace_print_array_seq
 
   trace_print_flags_seq
 
   trace_print_hex_seq

+ 10 - 0
arch/x86/boot/compressed/sev-es.c
Wyświetl plik 

@@ -106,6 +106,16 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt,
 
 	return ES_OK;
 
 }
 
 
+static enum es_result vc_ioio_check(struct es_em_ctxt *ctxt, u16 port, size_t size)
 
+{
 
+	return ES_OK;
 
+}
 
+
 
+static bool fault_in_kernel_space(unsigned long address)
 
+{
 
+	return false;
 
+}
 
+
 
 #undef __init
 
 #undef __pa
 
 #define __init

+ 44 - 9
arch/x86/kernel/sev-es-shared.c
Wyświetl plik 

@@ -217,6 +217,23 @@ fail:
 
 		asm volatile("hlt\n");
 
 }
 
 
+static enum es_result vc_insn_string_check(struct es_em_ctxt *ctxt,
 
+					   unsigned long address,
 
+					   bool write)
 
+{
 
+	if (user_mode(ctxt->regs) && fault_in_kernel_space(address)) {
 
+		ctxt->fi.vector     = X86_TRAP_PF;
 
+		ctxt->fi.error_code = X86_PF_USER;
 
+		ctxt->fi.cr2        = address;
 
+		if (write)
 
+			ctxt->fi.error_code |= X86_PF_WRITE;
 
+
 
+		return ES_EXCEPTION;
 
+	}
 
+
 
+	return ES_OK;
 
+}
 
+
 
 static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt,
 
 					  void *src, char *buf,
 
 					  unsigned int data_size,
 
@@ -224,7 +241,12 @@ static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt,
 
 					  bool backwards)
 
 {
 
 	int i, b = backwards ? -1 : 1;
 
-	enum es_result ret = ES_OK;
 
+	unsigned long address = (unsigned long)src;
 
+	enum es_result ret;
 
+
 
+	ret = vc_insn_string_check(ctxt, address, false);
 
+	if (ret != ES_OK)
 
+		return ret;
 
 
 	for (i = 0; i < count; i++) {
 
 		void *s = src + (i * data_size * b);
 
@@ -245,7 +267,12 @@ static enum es_result vc_insn_string_write(struct es_em_ctxt *ctxt,
 
 					   bool backwards)
 
 {
 
 	int i, s = backwards ? -1 : 1;
 
-	enum es_result ret = ES_OK;
 
+	unsigned long address = (unsigned long)dst;
 
+	enum es_result ret;
 
+
 
+	ret = vc_insn_string_check(ctxt, address, true);
 
+	if (ret != ES_OK)
 
+		return ret;
 
 
 	for (i = 0; i < count; i++) {
 
 		void *d = dst + (i * data_size * s);
 
@@ -281,6 +308,9 @@ static enum es_result vc_insn_string_write(struct es_em_ctxt *ctxt,
 
 static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
 
 {
 
 	struct insn *insn = &ctxt->insn;
 
+	size_t size;
 
+	u64 port;
 
+
 
 	*exitinfo = 0;
 
 
 	switch (insn->opcode.bytes[0]) {
 
@@ -289,7 +319,7 @@ static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
 
 	case 0x6d:
 
 		*exitinfo |= IOIO_TYPE_INS;
 
 		*exitinfo |= IOIO_SEG_ES;
 
-		*exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
 
+		port	   = ctxt->regs->dx & 0xffff;
 
 		break;
 
 
 	/* OUTS opcodes */
 
@@ -297,41 +327,43 @@ static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
 
 	case 0x6f:
 
 		*exitinfo |= IOIO_TYPE_OUTS;
 
 		*exitinfo |= IOIO_SEG_DS;
 
-		*exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
 
+		port	   = ctxt->regs->dx & 0xffff;
 
 		break;
 
 
 	/* IN immediate opcodes */
 
 	case 0xe4:
 
 	case 0xe5:
 
 		*exitinfo |= IOIO_TYPE_IN;
 
-		*exitinfo |= (u8)insn->immediate.value << 16;
 
+		port	   = (u8)insn->immediate.value & 0xffff;
 
 		break;
 
 
 	/* OUT immediate opcodes */
 
 	case 0xe6:
 
 	case 0xe7:
 
 		*exitinfo |= IOIO_TYPE_OUT;
 
-		*exitinfo |= (u8)insn->immediate.value << 16;
 
+		port	   = (u8)insn->immediate.value & 0xffff;
 
 		break;
 
 
 	/* IN register opcodes */
 
 	case 0xec:
 
 	case 0xed:
 
 		*exitinfo |= IOIO_TYPE_IN;
 
-		*exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
 
+		port	   = ctxt->regs->dx & 0xffff;
 
 		break;
 
 
 	/* OUT register opcodes */
 
 	case 0xee:
 
 	case 0xef:
 
 		*exitinfo |= IOIO_TYPE_OUT;
 
-		*exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
 
+		port	   = ctxt->regs->dx & 0xffff;
 
 		break;
 
 
 	default:
 
 		return ES_DECODE_FAILED;
 
 	}
 
 
+	*exitinfo |= port << 16;
 
+
 
 	switch (insn->opcode.bytes[0]) {
 
 	case 0x6c:
 
 	case 0x6e:
 
@@ -341,12 +373,15 @@ static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
 
 	case 0xee:
 
 		/* Single byte opcodes */
 
 		*exitinfo |= IOIO_DATA_8;
 
+		size       = 1;
 
 		break;
 
 	default:
 
 		/* Length determined by instruction parsing */
 
 		*exitinfo |= (insn->opnd_bytes == 2) ? IOIO_DATA_16
 
 						     : IOIO_DATA_32;
 
+		size       = (insn->opnd_bytes == 2) ? 2 : 4;
 
 	}
 
+
 
 	switch (insn->addr_bytes) {
 
 	case 2:
 
 		*exitinfo |= IOIO_ADDR_16;
 
@@ -362,7 +397,7 @@ static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
 
 	if (insn_has_rep_prefix(insn))
 
 		*exitinfo |= IOIO_REP;
 
 
-	return ES_OK;
 
+	return vc_ioio_check(ctxt, (u16)port, size);
 
 }
 
 
 static enum es_result vc_handle_ioio(struct ghcb *ghcb, struct es_em_ctxt *ctxt)

+ 27 - 0
arch/x86/kernel/sev-es.c
Wyświetl plik 

@@ -448,6 +448,33 @@ static enum es_result vc_slow_virt_to_phys(struct ghcb *ghcb, struct es_em_ctxt
 
 	return ES_OK;
 
 }
 
 
+static enum es_result vc_ioio_check(struct es_em_ctxt *ctxt, u16 port, size_t size)
 
+{
 
+	BUG_ON(size > 4);
 
+
 
+	if (user_mode(ctxt->regs)) {
 
+		struct thread_struct *t = &current->thread;
 
+		struct io_bitmap *iobm = t->io_bitmap;
 
+		size_t idx;
 
+
 
+		if (!iobm)
 
+			goto fault;
 
+
 
+		for (idx = port; idx < port + size; ++idx) {
 
+			if (test_bit(idx, iobm->bitmap))
 
+				goto fault;
 
+		}
 
+	}
 
+
 
+	return ES_OK;
 
+
 
+fault:
 
+	ctxt->fi.vector = X86_TRAP_GP;
 
+	ctxt->fi.error_code = 0;
 
+
 
+	return ES_EXCEPTION;
 
+}
 
+
 
 /* Include code shared with pre-decompression boot stage */
 
 #include "sev-es-shared.c"

+ 22 - 4
drivers/android/binder.c
Wyświetl plik 

@@ -1673,6 +1673,7 @@ static void binder_free_transaction(struct binder_transaction *t)
 
 {
 
 	struct binder_proc *target_proc = t->to_proc;
 
 
+	trace_android_vh_free_oem_binder_struct(t);
 
 	if (target_proc) {
 
 		binder_inner_proc_lock(target_proc);
 
 		target_proc->outstanding_txns--;
 
@@ -2855,6 +2856,7 @@ static int binder_proc_transaction(struct binder_transaction *t,
 
 	bool oneway = !!(t->flags & TF_ONE_WAY);
 
 	bool pending_async = false;
 
 	struct binder_transaction *t_outdated = NULL;
 
+	bool enqueue_task = true;
 
 
 	BUG_ON(!node);
 
 	binder_node_lock(node);
 
@@ -2894,7 +2896,10 @@ static int binder_proc_transaction(struct binder_transaction *t,
 
 					    node->inherit_rt);
 
 		binder_enqueue_thread_work_ilocked(thread, &t->work);
 
 	} else if (!pending_async) {
 
-		binder_enqueue_work_ilocked(&t->work, &proc->todo);
 
+		trace_android_vh_binder_special_task(t, proc, thread,
 
+			&t->work, &proc->todo, !oneway, &enqueue_task);
 
+		if (enqueue_task)
 
+			binder_enqueue_work_ilocked(&t->work, &proc->todo);
 
 	} else {
 
 		if ((t->flags & TF_UPDATE_TXN) && proc->is_frozen) {
 
 			t_outdated = binder_find_outdated_transaction_ilocked(t,
 
@@ -2907,11 +2912,16 @@ static int binder_proc_transaction(struct binder_transaction *t,
 
 				proc->outstanding_txns--;
 
 			}
 
 		}
 
-		binder_enqueue_work_ilocked(&t->work, &node->async_todo);
 
+		trace_android_vh_binder_special_task(t, proc, thread,
 
+			&t->work, &node->async_todo, !oneway, &enqueue_task);
 
+		if (enqueue_task)
 
+			binder_enqueue_work_ilocked(&t->work, &node->async_todo);
 
 	}
 
 
 	trace_android_vh_binder_proc_transaction_end(current, proc->tsk,
 
 		thread ? thread->task : NULL, t->code, pending_async, !oneway);
 
+	trace_android_vh_binder_proc_transaction_finish(proc, t,
 
+		thread ? thread->task : NULL, pending_async, !oneway);
 
 
 	if (!pending_async)
 
 		binder_wakeup_thread_ilocked(proc, thread, !oneway /* sync */);
 
@@ -3349,6 +3359,7 @@ static void binder_transaction(struct binder_proc *proc,
 
 	t->buffer->target_node = target_node;
 
 	t->buffer->clear_on_free = !!(t->flags & TF_CLEAR_BUF);
 
 	trace_binder_transaction_alloc_buf(t->buffer);
 
+	trace_android_vh_alloc_oem_binder_struct(tr, t, target_proc);
 
 
 	if (binder_alloc_copy_user_to_buffer(
 
 				&target_proc->alloc,
 
@@ -3818,6 +3829,9 @@ binder_free_buf(struct binder_proc *proc,
 
 		struct binder_thread *thread,
 
 		struct binder_buffer *buffer, bool is_failure)
 
 {
 
+	bool enqueue_task = true;
 
+
 
+	trace_android_vh_binder_free_buf(proc, thread, buffer);
 
 	binder_inner_proc_lock(proc);
 
 	if (buffer->transaction) {
 
 		buffer->transaction->buffer = NULL;
 
@@ -3837,8 +3851,10 @@ binder_free_buf(struct binder_proc *proc,
 
 		if (!w) {
 
 			buf_node->has_async_transaction = false;
 
 		} else {
 
-			binder_enqueue_work_ilocked(
 
-					w, &proc->todo);
 
+			trace_android_vh_binder_special_task(NULL, proc, thread, w,
 
+				&proc->todo, false, &enqueue_task);
 
+			if (enqueue_task)
 
+				binder_enqueue_work_ilocked(w, &proc->todo);
 
 			binder_wakeup_proc_ilocked(proc);
 
 		}
 
 		binder_node_inner_unlock(buf_node);
 
@@ -4785,6 +4801,7 @@ retry:
 
 		ptr += trsize;
 
 
 		trace_binder_transaction_received(t);
 
+		trace_android_vh_binder_transaction_received(t, proc, thread, cmd);
 
 		binder_stat_br(proc, thread, cmd);
 
 		binder_debug(BINDER_DEBUG_TRANSACTION,
 
 			     "%d:%d %s %d %d:%d, cmd %d size %zd-%zd ptr %016llx-%016llx\n",
 
@@ -4867,6 +4884,7 @@ static void binder_release_work(struct binder_proc *proc,
 
 				"undelivered TRANSACTION_ERROR: %u\n",
 
 				e->cmd);
 
 		} break;
 
+		case BINDER_WORK_TRANSACTION_ONEWAY_SPAM_SUSPECT:
 
 		case BINDER_WORK_TRANSACTION_COMPLETE: {
 
 			binder_debug(BINDER_DEBUG_DEAD_TRANSACTION,
 
 				"undelivered TRANSACTION_COMPLETE\n");

+ 13 - 0
drivers/android/vendor_hooks.c
Wyświetl plik 

@@ -499,6 +499,19 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_madvise_cold_or_pageout_abort);
 
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_compact_finished);
 
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_wakeup_bypass);
 
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_skip_swapcache);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_proc_transaction_finish);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_alloc_oem_binder_struct);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_transaction_received);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_free_oem_binder_struct);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_special_task);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_free_buf);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_perf_huristic_ctrl);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_send_command_post_change);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_abort_success_ctrl);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_compl_rsp_check_done);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_err_handler);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_err_check_ctrl);
 
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ufs_err_print_ctrl);
 
 /*
 
  * For type visibility
 
  */

+ 69 - 0
drivers/base/driver.c
Wyświetl plik 

@@ -30,6 +30,75 @@ static struct device *next_device(struct klist_iter *i)
 
 	return dev;
 
 }
 
 
+/**
 
+ * driver_set_override() - Helper to set or clear driver override.
 
+ * @dev: Device to change
 
+ * @override: Address of string to change (e.g. &device->driver_override);
 
+ *            The contents will be freed and hold newly allocated override.
 
+ * @s: NUL-terminated string, new driver name to force a match, pass empty
 
+ *     string to clear it ("" or "\n", where the latter is only for sysfs
 
+ *     interface).
 
+ * @len: length of @s
 
+ *
 
+ * Helper to set or clear driver override in a device, intended for the cases
 
+ * when the driver_override field is allocated by driver/bus code.
 
+ *
 
+ * Returns: 0 on success or a negative error code on failure.
 
+ */
 
+int driver_set_override(struct device *dev, const char **override,
 
+			const char *s, size_t len)
 
+{
 
+	const char *new, *old;
 
+	char *cp;
 
+
 
+	if (!override || !s)
 
+		return -EINVAL;
 
+
 
+	/*
 
+	 * The stored value will be used in sysfs show callback (sysfs_emit()),
 
+	 * which has a length limit of PAGE_SIZE and adds a trailing newline.
 
+	 * Thus we can store one character less to avoid truncation during sysfs
 
+	 * show.
 
+	 */
 
+	if (len >= (PAGE_SIZE - 1))
 
+		return -EINVAL;
 
+
 
+	if (!len) {
 
+		/* Empty string passed - clear override */
 
+		device_lock(dev);
 
+		old = *override;
 
+		*override = NULL;
 
+		device_unlock(dev);
 
+		kfree(old);
 
+
 
+		return 0;
 
+	}
 
+
 
+	cp = strnchr(s, len, '\n');
 
+	if (cp)
 
+		len = cp - s;
 
+
 
+	new = kstrndup(s, len, GFP_KERNEL);
 
+	if (!new)
 
+		return -ENOMEM;
 
+
 
+	device_lock(dev);
 
+	old = *override;
 
+	if (cp != s) {
 
+		*override = new;
 
+	} else {
 
+		/* "\n" passed - clear override */
 
+		kfree(new);
 
+		*override = NULL;
 
+	}
 
+	device_unlock(dev);
 
+
 
+	kfree(old);
 
+
 
+	return 0;
 
+}
 
+EXPORT_SYMBOL_GPL(driver_set_override);
 
+
 
 /**
 
  * driver_for_each_device - Iterator for devices bound to a driver.
 
  * @drv: Driver we're iterating.

+ 4 - 24
drivers/base/platform.c
Wyświetl plik 

@@ -1046,31 +1046,11 @@ static ssize_t driver_override_store(struct device *dev,
 
 				     const char *buf, size_t count)
 
 {
 
 	struct platform_device *pdev = to_platform_device(dev);
 
-	char *driver_override, *old, *cp;
 
-
 
-	/* We need to keep extra room for a newline */
 
-	if (count >= (PAGE_SIZE - 1))
 
-		return -EINVAL;
 
-
 
-	driver_override = kstrndup(buf, count, GFP_KERNEL);
 
-	if (!driver_override)
 
-		return -ENOMEM;
 
-
 
-	cp = strchr(driver_override, '\n');
 
-	if (cp)
 
-		*cp = '\0';
 
-
 
-	device_lock(dev);
 
-	old = pdev->driver_override;
 
-	if (strlen(driver_override)) {
 
-		pdev->driver_override = driver_override;
 
-	} else {
 
-		kfree(driver_override);
 
-		pdev->driver_override = NULL;
 
-	}
 
-	device_unlock(dev);
 
+	int ret;
 
 
-	kfree(old);
 
+	ret = driver_set_override(dev, (const char **)&pdev->driver_override, buf, count);
 
+	if (ret)
 
+		return ret;
 
 
 	return count;
 
 }

+ 22 - 2
drivers/devfreq/devfreq.c
Wyświetl plik 

@@ -438,10 +438,14 @@ static void devfreq_monitor(struct work_struct *work)
 
 	if (err)
 
 		dev_err(&devfreq->dev, "dvfs failed with (%d) error\n", err);
 
 
+	if (devfreq->stop_polling)
 
+		goto out;
 
+
 
 	queue_delayed_work(devfreq_wq, &devfreq->work,
 
 				msecs_to_jiffies(devfreq->profile->polling_ms));
 
-	mutex_unlock(&devfreq->lock);
 
 
+out:
 
+	mutex_unlock(&devfreq->lock);
 
 	trace_devfreq_monitor(devfreq);
 
 }
 
 
@@ -459,6 +463,10 @@ void devfreq_monitor_start(struct devfreq *devfreq)
 
 	if (devfreq->governor->interrupt_driven)
 
 		return;
 
 
+	mutex_lock(&devfreq->lock);
 
+	if (delayed_work_pending(&devfreq->work))
 
+		goto out;
 
+
 
 	switch (devfreq->profile->timer) {
 
 	case DEVFREQ_TIMER_DEFERRABLE:
 
 		INIT_DEFERRABLE_WORK(&devfreq->work, devfreq_monitor);
 
@@ -467,12 +475,16 @@ void devfreq_monitor_start(struct devfreq *devfreq)
 
 		INIT_DELAYED_WORK(&devfreq->work, devfreq_monitor);
 
 		break;
 
 	default:
 
-		return;
 
+		goto out;
 
 	}
 
 
 	if (devfreq->profile->polling_ms)
 
 		queue_delayed_work(devfreq_wq, &devfreq->work,
 
 			msecs_to_jiffies(devfreq->profile->polling_ms));
 
+
 
+out:
 
+	devfreq->stop_polling = false;
 
+	mutex_unlock(&devfreq->lock);
 
 }
 
 EXPORT_SYMBOL(devfreq_monitor_start);
 
 
@@ -489,6 +501,14 @@ void devfreq_monitor_stop(struct devfreq *devfreq)
 
 	if (devfreq->governor->interrupt_driven)
 
 		return;
 
 
+	mutex_lock(&devfreq->lock);
 
+	if (devfreq->stop_polling) {
 
+		mutex_unlock(&devfreq->lock);
 
+		return;
 
+	}
 
+
 
+	devfreq->stop_polling = true;
 
+	mutex_unlock(&devfreq->lock);
 
 	cancel_delayed_work_sync(&devfreq->work);
 
 }
 
 EXPORT_SYMBOL(devfreq_monitor_stop);

+ 34 - 0
drivers/input/misc/uinput.c
Wyświetl plik 

@@ -33,6 +33,7 @@
 
 #define UINPUT_NAME		"uinput"
 
 #define UINPUT_BUFFER_SIZE	16
 
 #define UINPUT_NUM_REQUESTS	16
 
+#define UINPUT_TIMESTAMP_ALLOWED_OFFSET_SECS 10
 
 
 enum uinput_state { UIST_NEW_DEVICE, UIST_SETUP_COMPLETE, UIST_CREATED };
 
 
@@ -569,11 +570,40 @@ static int uinput_setup_device_legacy(struct uinput_device *udev,
 
 	return retval;
 
 }
 
 
+/*
 
+ * Returns true if the given timestamp is valid (i.e., if all the following
 
+ * conditions are satisfied), false otherwise.
 
+ * 1) given timestamp is positive
 
+ * 2) it's within the allowed offset before the current time
 
+ * 3) it's not in the future
 
+ */
 
+static bool is_valid_timestamp(const ktime_t timestamp)
 
+{
 
+	ktime_t zero_time;
 
+	ktime_t current_time;
 
+	ktime_t min_time;
 
+	ktime_t offset;
 
+
 
+	zero_time = ktime_set(0, 0);
 
+	if (ktime_compare(zero_time, timestamp) >= 0)
 
+		return false;
 
+
 
+	current_time = ktime_get();
 
+	offset = ktime_set(UINPUT_TIMESTAMP_ALLOWED_OFFSET_SECS, 0);
 
+	min_time = ktime_sub(current_time, offset);
 
+
 
+	if (ktime_after(min_time, timestamp) || ktime_after(timestamp, current_time))
 
+		return false;
 
+
 
+	return true;
 
+}
 
+
 
 static ssize_t uinput_inject_events(struct uinput_device *udev,
 
 				    const char __user *buffer, size_t count)
 
 {
 
 	struct input_event ev;
 
 	size_t bytes = 0;
 
+	ktime_t timestamp;
 
 
 	if (count != 0 && count < input_event_size())
 
 		return -EINVAL;
 
@@ -588,6 +618,10 @@ static ssize_t uinput_inject_events(struct uinput_device *udev,
 
 		if (input_event_from_user(buffer + bytes, &ev))
 
 			return -EFAULT;
 
 
+		timestamp = ktime_set(ev.input_event_sec, ev.input_event_usec * NSEC_PER_USEC);
 
+		if (is_valid_timestamp(timestamp))
 
+			input_set_timestamp(udev->dev, timestamp);
 
+
 
 		input_event(udev->dev, ev.type, ev.code, ev.value);
 
 		bytes += input_event_size();
 
 		cond_resched();

+ 3 - 1
drivers/md/dm-verity-target.c
Wyświetl plik 

@@ -583,7 +583,9 @@ static void verity_end_io(struct bio *bio)
 
 	struct dm_verity_io *io = bio->bi_private;
 
 
 	if (bio->bi_status &&
 
-	    (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) {
 
+	    (!verity_fec_is_enabled(io->v) ||
 
+	     verity_is_system_shutting_down() ||
 
+	     (bio->bi_opf & REQ_RAHEAD))) {
 
 		verity_finish_io(io, bio->bi_status);
 
 		return;
 
 	}

+ 2 - 5
drivers/nvme/target/tcp.c
Wyświetl plik 

@@ -336,6 +336,7 @@ static void nvmet_tcp_fatal_error(struct nvmet_tcp_queue *queue)
 
 
 static void nvmet_tcp_socket_error(struct nvmet_tcp_queue *queue, int status)
 
 {
 
+	queue->rcv_state = NVMET_TCP_RECV_ERR;
 
 	if (status == -EPIPE || status == -ECONNRESET)
 
 		kernel_sock_shutdown(queue->sock, SHUT_RDWR);
 
 	else
 
@@ -882,15 +883,11 @@ static int nvmet_tcp_handle_icreq(struct nvmet_tcp_queue *queue)
 
 	iov.iov_len = sizeof(*icresp);
 
 	ret = kernel_sendmsg(queue->sock, &msg, &iov, 1, iov.iov_len);
 
 	if (ret < 0)
 
-		goto free_crypto;
 
+		return ret; /* queue removal will cleanup */
 
 
 	queue->state = NVMET_TCP_Q_LIVE;
 
 	nvmet_prepare_receive_pdu(queue);
 
 	return 0;
 
-free_crypto:
 
-	if (queue->hdr_digest || queue->data_digest)
 
-		nvmet_tcp_free_crypto(queue);
 
-	return ret;
 
 }
 
 
 static void nvmet_tcp_handle_req_failure(struct nvmet_tcp_queue *queue,

+ 2 - 0
drivers/rpmsg/qcom_glink_native.c
Wyświetl plik 

@@ -1850,6 +1850,7 @@ static void qcom_glink_rpdev_release(struct device *dev)
 
 {
 
 	struct rpmsg_device *rpdev = to_rpmsg_device(dev);
 
 
+	kfree(rpdev->driver_override);
 
 	kfree(rpdev);
 
 }
 
 
@@ -2134,6 +2135,7 @@ static void qcom_glink_device_release(struct device *dev)
 
 
 	/* Release qcom_glink_alloc_channel() reference */
 
 	kref_put(&channel->refcount, qcom_glink_channel_release);
 
+	kfree(rpdev->driver_override);
 
 	kfree(rpdev);
 
 }

+ 33 - 4
drivers/rpmsg/rpmsg_core.c
Wyświetl plik 

@@ -368,7 +368,8 @@ field##_store(struct device *dev, struct device_attribute *attr,	\
 
 	      const char *buf, size_t sz)				\
 
 {									\
 
 	struct rpmsg_device *rpdev = to_rpmsg_device(dev);		\
 
-	char *new, *old;						\
 
+	const char *old;						\
 
+	char *new;							\
 
 									\
 
 	new = kstrndup(buf, sz, GFP_KERNEL);				\
 
 	if (!new)							\
 
@@ -565,24 +566,52 @@ static struct bus_type rpmsg_bus = {
 
 	.remove		= rpmsg_dev_remove,
 
 };
 
 
-int rpmsg_register_device(struct rpmsg_device *rpdev)
 
+/*
 
+ * A helper for registering rpmsg device with driver override and name.
 
+ * Drivers should not be using it, but instead rpmsg_register_device().
 
+ */
 
+int rpmsg_register_device_override(struct rpmsg_device *rpdev,
 
+				   const char *driver_override)
 
 {
 
 	struct device *dev = &rpdev->dev;
 
 	int ret;
 
 
+	if (driver_override)
 
+		strcpy(rpdev->id.name, driver_override);
 
+
 
 	dev_set_name(&rpdev->dev, "%s.%s.%d.%d", dev_name(dev->parent),
 
 		     rpdev->id.name, rpdev->src, rpdev->dst);
 
 
 	rpdev->dev.bus = &rpmsg_bus;
 
 
-	ret = device_register(&rpdev->dev);
 
+	device_initialize(dev);
 
+	if (driver_override) {
 
+		ret = driver_set_override(dev, (const char **)&rpdev->driver_override,
 
+					  driver_override,
 
+					  strlen(driver_override));
 
+		if (ret) {
 
+			dev_err(dev, "device_set_override failed: %d\n", ret);
 
+			put_device(dev);
 
+			return ret;
 
+		}
 
+	}
 
+
 
+	ret = device_add(dev);
 
 	if (ret) {
 
-		dev_err(dev, "device_register failed: %d\n", ret);
 
+		dev_err(dev, "device_add failed: %d\n", ret);
 
+		kfree(rpdev->driver_override);
 
+		rpdev->driver_override = NULL;
 
 		put_device(&rpdev->dev);
 
 	}
 
 
 	return ret;
 
 }
 
+EXPORT_SYMBOL(rpmsg_register_device_override);
 
+
 
+int rpmsg_register_device(struct rpmsg_device *rpdev)
 
+{
 
+	return rpmsg_register_device_override(rpdev, NULL);
 
+}
 
 EXPORT_SYMBOL(rpmsg_register_device);
 
 
 /*

+ 1 - 4
drivers/rpmsg/rpmsg_internal.h
Wyświetl plik 

@@ -89,10 +89,7 @@ struct device *rpmsg_find_device(struct device *parent,
 
  */
 
 static inline int rpmsg_chrdev_register_device(struct rpmsg_device *rpdev)
 
 {
 
-	strcpy(rpdev->id.name, "rpmsg_chrdev");
 
-	rpdev->driver_override = "rpmsg_chrdev";
 
-
 
-	return rpmsg_register_device(rpdev);
 
+	return rpmsg_register_device_override(rpdev, "rpmsg_ctrl");
 
 }
 
 
 #endif

+ 52 - 19
drivers/scsi/ufs/ufshcd.c
Wyświetl plik 

@@ -145,10 +145,7 @@ enum {
 
 	UFSHCD_STATE_EH_SCHEDULED_NON_FATAL,
 
 };
 
 
-/* UFSHCD error handling flags */
 
-enum {
 
-	UFSHCD_EH_IN_PROGRESS = (1 << 0),
 
-};
 
+
 
 
 /* UFSHCD UIC layer error flags */
 
 enum {
 
@@ -161,12 +158,6 @@ enum {
 
 	UFSHCD_UIC_PA_GENERIC_ERROR = (1 << 6), /* Generic PA error */
 
 };
 
 
-#define ufshcd_set_eh_in_progress(h) \
 
-	((h)->eh_flags |= UFSHCD_EH_IN_PROGRESS)
 
-#define ufshcd_eh_in_progress(h) \
 
-	((h)->eh_flags & UFSHCD_EH_IN_PROGRESS)
 
-#define ufshcd_clear_eh_in_progress(h) \
 
-	((h)->eh_flags &= ~UFSHCD_EH_IN_PROGRESS)
 
 
 struct ufs_pm_lvl_states ufs_pm_lvl_states[] = {
 
 	{UFS_ACTIVE_PWR_MODE, UIC_LINK_ACTIVE_STATE},
 
@@ -2105,6 +2096,7 @@ void ufshcd_send_command(struct ufs_hba *hba, unsigned int task_tag)
 
 	}
 
 	/* Make sure that doorbell is committed immediately */
 
 	wmb();
 
+	trace_android_vh_ufs_send_command_post_change(hba, lrbp);
 
 }
 
 
 /**
 
@@ -2770,7 +2762,9 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd)
 
 	}
 
 	/* Make sure descriptors are ready before ringing the doorbell */
 
 	wmb();
 
-
 
+	trace_android_vh_ufs_perf_huristic_ctrl(hba, lrbp, &err);
 
+	if (err)
 
+		goto out;
 
 	ufshcd_send_command(hba, tag);
 
 out:
 
 	up_read(&hba->clk_scaling_lock);
 
@@ -5203,7 +5197,7 @@ static irqreturn_t ufshcd_uic_cmd_compl(struct ufs_hba *hba, u32 intr_status)
 
 }
 
 
 /* Release the resources allocated for processing a SCSI command. */
 
-static void ufshcd_release_scsi_cmd(struct ufs_hba *hba,
 
+void ufshcd_release_scsi_cmd(struct ufs_hba *hba,
 
 				    struct ufshcd_lrb *lrbp)
 
 {
 
 	struct scsi_cmnd *cmd = lrbp->cmd;
 
@@ -5214,6 +5208,7 @@ static void ufshcd_release_scsi_cmd(struct ufs_hba *hba,
 
 	ufshcd_release(hba);
 
 	ufshcd_clk_scaling_update_busy(hba);
 
 }
 
+EXPORT_SYMBOL_GPL(ufshcd_release_scsi_cmd);
 
 
 /**
 
  * __ufshcd_transfer_req_compl - handle SCSI and query command completion
 
@@ -5234,9 +5229,13 @@ static void __ufshcd_transfer_req_compl(struct ufs_hba *hba,
 
 		lrbp->compl_time_stamp = ktime_get();
 
 		cmd = lrbp->cmd;
 
 		if (cmd) {
 
+			bool done = false;
 
 			if (unlikely(ufshcd_should_inform_monitor(hba, lrbp)))
 
 				ufshcd_update_monitor(hba, lrbp);
 
 			trace_android_vh_ufs_compl_command(hba, lrbp);
 
+			trace_android_vh_ufs_compl_rsp_check_done(hba, lrbp, &done);
 
+			if (done)
 
+				return;
 
 			ufshcd_add_command_trace(hba, index, "complete");
 
 			cmd->result = ufshcd_transfer_rsp_status(hba, lrbp);
 
 			ufshcd_release_scsi_cmd(hba, lrbp);
 
@@ -5803,11 +5802,13 @@ out:
 
 }
 
 
 /* Complete requests that have door-bell cleared */
 
-static void ufshcd_complete_requests(struct ufs_hba *hba)
 
+void ufshcd_complete_requests(struct ufs_hba *hba)
 
 {
 
 	ufshcd_trc_handler(hba, false);
 
 	ufshcd_tmc_handler(hba);
 
 }
 
+EXPORT_SYMBOL_GPL(ufshcd_complete_requests);
 
+
 
 
 /**
 
  * ufshcd_quirk_dl_nac_errors - This function checks if error handling is
 
@@ -5921,7 +5922,7 @@ static void ufshcd_clk_scaling_suspend(struct ufs_hba *hba, bool suspend)
 
 	}
 
 }
 
 
-static void ufshcd_err_handling_prepare(struct ufs_hba *hba)
 
+void ufshcd_err_handling_prepare(struct ufs_hba *hba)
 
 {
 
 	pm_runtime_get_sync(hba->dev);
 
 	if (pm_runtime_status_suspended(hba->dev) || hba->is_sys_suspended) {
 
@@ -5956,8 +5957,9 @@ static void ufshcd_err_handling_prepare(struct ufs_hba *hba)
 
 	up_write(&hba->clk_scaling_lock);
 
 	cancel_work_sync(&hba->eeh_work);
 
 }
 
+EXPORT_SYMBOL_GPL(ufshcd_err_handling_prepare);
 
 
-static void ufshcd_err_handling_unprepare(struct ufs_hba *hba)
 
+void ufshcd_err_handling_unprepare(struct ufs_hba *hba)
 
 {
 
 	ufshcd_scsi_unblock_requests(hba);
 
 	ufshcd_release(hba);
 
@@ -5965,6 +5967,7 @@ static void ufshcd_err_handling_unprepare(struct ufs_hba *hba)
 
 		ufshcd_clk_scaling_suspend(hba, false);
 
 	pm_runtime_put(hba->dev);
 
 }
 
+EXPORT_SYMBOL_GPL(ufshcd_err_handling_unprepare);
 
 
 static inline bool ufshcd_err_handling_should_stop(struct ufs_hba *hba)
 
 {
 
@@ -6037,10 +6040,16 @@ static void ufshcd_err_handler(struct work_struct *work)
 
 	bool err_tm = false;
 
 	int err = 0, pmc_err;
 
 	int tag;
 
+	bool err_handled = false;
 
 	bool needs_reset = false, needs_restore = false;
 
 
 	hba = container_of(work, struct ufs_hba, eh_work);
 
 
+	trace_android_vh_ufs_err_handler(hba, &err_handled);
 
+
 
+	if (err_handled)
 
+		return;
 
+
 
 	down(&hba->host_sem);
 
 	spin_lock_irqsave(hba->host->host_lock, flags);
 
 	if (ufshcd_err_handling_should_stop(hba)) {
 
@@ -6346,14 +6355,16 @@ static irqreturn_t ufshcd_check_errors(struct ufs_hba *hba, u32 intr_status)
 
 		 * update the transfer error masks to sticky bits, let's do this
 
 		 * irrespective of current ufshcd_state.
 
 		 */
 
+		bool skip = false;
 
 		hba->saved_err |= hba->errors;
 
 		hba->saved_uic_err |= hba->uic_error;
 
 
+		trace_android_vh_ufs_err_print_ctrl(hba, &skip);
 
 		/* dump controller state before resetting */
 
-		if ((hba->saved_err &
 
+		if (!skip &&((hba->saved_err &
 
 		     (INT_FATAL_ERRORS | UFSHCD_UIC_HIBERN8_MASK)) ||
 
 		    (hba->saved_uic_err &&
 
-		     (hba->saved_uic_err != UFSHCD_UIC_PA_GENERIC_ERROR))) {
 
+		     (hba->saved_uic_err != UFSHCD_UIC_PA_GENERIC_ERROR)))) {
 
 			dev_err(hba->dev, "%s: saved_err 0x%x saved_uic_err 0x%x\n",
 
 					__func__, hba->saved_err,
 
 					hba->saved_uic_err);
 
@@ -6418,6 +6429,7 @@ static irqreturn_t ufshcd_tmc_handler(struct ufs_hba *hba)
 
 static irqreturn_t ufshcd_sl_intr(struct ufs_hba *hba, u32 intr_status)
 
 {
 
 	irqreturn_t retval = IRQ_NONE;
 
+	bool err_check = false;
 
 
 	if (intr_status & UFSHCD_UIC_MASK)
 
 		retval |= ufshcd_uic_cmd_compl(hba, intr_status);
 
@@ -6428,9 +6440,14 @@ static irqreturn_t ufshcd_sl_intr(struct ufs_hba *hba, u32 intr_status)
 
 	if (intr_status & UTP_TASK_REQ_COMPL)
 
 		retval |= ufshcd_tmc_handler(hba);
 
 
-	if (intr_status & UTP_TRANSFER_REQ_COMPL)
 
+	if (intr_status & UTP_TRANSFER_REQ_COMPL) {
 
 		retval |= ufshcd_trc_handler(hba, ufshcd_has_utrlcnr(hba));
 
 
+		trace_android_vh_ufs_err_check_ctrl(hba, &err_check);
 
+		if (err_check)
 
+			ufshcd_check_errors(hba, hba->errors);
 
+	}
 
+
 
 	return retval;
 
 }
 
 
@@ -7048,8 +7065,10 @@ static int ufshcd_abort(struct scsi_cmnd *cmd)
 
 	outstanding = __test_and_clear_bit(tag, &hba->outstanding_reqs);
 
 	spin_unlock_irqrestore(host->host_lock, flags);
 
 
-	if (outstanding)
 
+	if (outstanding) {
 
 		ufshcd_release_scsi_cmd(hba, lrbp);
 
+		trace_android_vh_ufs_abort_success_ctrl(hba, lrbp);
 
+	}
 
 
 	err = SUCCESS;
 
 
@@ -7163,6 +7182,20 @@ static int ufshcd_eh_host_reset_handler(struct scsi_cmnd *cmd)
 
 
 	hba = shost_priv(cmd->device->host);
 
 
+	/*
 
+	 * If runtime pm send SSU and got timeout, scsi_error_handler
 
+	 * stuck at this function to wait for flush_work(&hba->eh_work).
 
+	 * And ufshcd_err_handler(eh_work) stuck at wait for runtime pm active.
 
+	 * Do ufshcd_link_recovery instead schedule eh_work can prevent
 
+	 * dead lock to happen.
 
+	 */
 
+	if (hba->pm_op_in_progress) {
 
+		if (ufshcd_link_recovery(hba))
 
+			err = FAILED;
 
+
 
+		return err;
 
+	}
 
+
 
 	spin_lock_irqsave(hba->host->host_lock, flags);
 
 	hba->force_reset = true;
 
 	ufshcd_schedule_eh_work(hba);

+ 19 - 0
drivers/scsi/ufs/ufshcd.h
Wyświetl plik 

@@ -82,6 +82,19 @@ enum ufs_event_type {
 
 	UFS_EVT_CNT,
 
 };
 
 
+/* UFSHCD error handling flags */
 
+enum {
 
+	UFSHCD_EH_IN_PROGRESS = (1 << 0),
 
+};
 
+
 
+#define ufshcd_set_eh_in_progress(h) \
 
+	((h)->eh_flags |= UFSHCD_EH_IN_PROGRESS)
 
+#define ufshcd_eh_in_progress(h) \
 
+	((h)->eh_flags & UFSHCD_EH_IN_PROGRESS)
 
+#define ufshcd_clear_eh_in_progress(h) \
 
+	((h)->eh_flags &= ~UFSHCD_EH_IN_PROGRESS)
 
+
 
+
 
 /**
 
  * struct uic_command - UIC command structure
 
  * @command: UIC command
 
@@ -1048,6 +1061,12 @@ int ufshcd_wait_for_register(struct ufs_hba *hba, u32 reg, u32 mask,
 
 void ufshcd_parse_dev_ref_clk_freq(struct ufs_hba *hba, struct clk *refclk);
 
 void ufshcd_update_evt_hist(struct ufs_hba *hba, u32 id, u32 val);
 
 void ufshcd_hba_stop(struct ufs_hba *hba);
 
+void ufshcd_complete_requests(struct ufs_hba *hba);
 
+void ufshcd_release_scsi_cmd(struct ufs_hba *hba,
 
+				    struct ufshcd_lrb *lrbp);
 
+void ufshcd_err_handling_prepare(struct ufs_hba *hba);
 
+void ufshcd_err_handling_unprepare(struct ufs_hba *hba);
 
+
 
 
 static inline void check_upiu_size(void)
 
 {

+ 2 - 0
include/linux/device/driver.h
Wyświetl plik 

@@ -155,6 +155,8 @@ extern int __must_check driver_create_file(struct device_driver *driver,
 
 extern void driver_remove_file(struct device_driver *driver,
 
 			       const struct driver_attribute *attr);
 
 
+int driver_set_override(struct device *dev, const char **override,
 
+			const char *s, size_t len);
 
 extern int __must_check driver_for_each_device(struct device_driver *drv,
 
 					       struct device *start,
 
 					       void *data,

+ 5 - 1
include/linux/platform_device.h
Wyświetl plik 

@@ -31,7 +31,11 @@ struct platform_device {
 
 	struct resource	*resource;
 
 
 	const struct platform_device_id	*id_entry;
 
-	char *driver_override; /* Driver name to force a match */
 
+	/*
 
+	 * Driver name to force a match.  Do not set directly, because core
 
+	 * frees it.  Use driver_set_override() to set or clear it.
 
+	 */
 
+	char *driver_override;
 
 
 	/* MFD cell pointer */
 
 	struct mfd_cell *mfd_cell;

+ 11 - 1
include/linux/rpmsg.h
Wyświetl plik 

@@ -42,7 +42,9 @@ struct rpmsg_channel_info {
 
  * rpmsg_device - device that belong to the rpmsg bus
 
  * @dev: the device struct
 
  * @id: device id (used to match between rpmsg drivers and devices)
 
- * @driver_override: driver name to force a match
 
+ * @driver_override: driver name to force a match; do not set directly,
 
+ *                   because core frees it; use driver_set_override() to
 
+ *                   set or clear it.
 
  * @src: local address
 
  * @dst: destination address
 
  * @ept: the rpmsg endpoint of this channel
 
@@ -120,6 +122,8 @@ struct rpmsg_driver {
 
 
 #if IS_ENABLED(CONFIG_RPMSG)
 
 
+int rpmsg_register_device_override(struct rpmsg_device *rpdev,
 
+				   const char *driver_override);
 
 int register_rpmsg_device(struct rpmsg_device *dev);
 
 void unregister_rpmsg_device(struct rpmsg_device *dev);
 
 int __register_rpmsg_driver(struct rpmsg_driver *drv, struct module *owner);
 
@@ -147,6 +151,12 @@ int rpmsg_set_signals(struct rpmsg_endpoint *ept, u32 set, u32 clear);
 
 
 #else
 
 
+static inline int rpmsg_register_device_override(struct rpmsg_device *rpdev,
 
+						 const char *driver_override)
 
+{
 
+	return -ENXIO;
 
+}
 
+
 
 static inline int register_rpmsg_device(struct rpmsg_device *dev)
 
 {
 
 	return -ENXIO;

+ 26 - 0
include/trace/hooks/binder.h
Wyświetl plik 

@@ -17,6 +17,8 @@ struct binder_proc;
 
 struct binder_thread;
 
 struct binder_transaction;
 
 struct binder_transaction_data;
 
+struct binder_work;
 
+struct binder_buffer;
 
 #else
 
 /* struct binder_alloc */
 
 #include <../drivers/android/binder_alloc.h>
 
@@ -114,6 +116,30 @@ DECLARE_HOOK(android_vh_binder_read_done,
 
 DECLARE_HOOK(android_vh_binder_has_work_ilocked,
 
 	TP_PROTO(struct binder_thread *thread, bool do_proc_work, int *ret),
 
 	TP_ARGS(thread, do_proc_work, ret));
 
+DECLARE_HOOK(android_vh_binder_proc_transaction_finish,
 
+	TP_PROTO(struct binder_proc *proc, struct binder_transaction *t,
 
+		struct task_struct *binder_th_task, bool pending_async, bool sync),
 
+	TP_ARGS(proc, t, binder_th_task, pending_async, sync));
 
+DECLARE_HOOK(android_vh_alloc_oem_binder_struct,
 
+	TP_PROTO(struct binder_transaction_data *tr, struct binder_transaction *t,
 
+		struct binder_proc *proc),
 
+	TP_ARGS(tr, t, proc));
 
+DECLARE_HOOK(android_vh_binder_transaction_received,
 
+	TP_PROTO(struct binder_transaction *t, struct binder_proc *proc,
 
+		struct binder_thread *thread, uint32_t cmd),
 
+	TP_ARGS(t, proc, thread, cmd));
 
+DECLARE_HOOK(android_vh_free_oem_binder_struct,
 
+	TP_PROTO(struct binder_transaction *t),
 
+	TP_ARGS(t));
 
+DECLARE_HOOK(android_vh_binder_special_task,
 
+	TP_PROTO(struct binder_transaction *t, struct binder_proc *proc,
 
+		struct binder_thread *thread, struct binder_work *w,
 
+		struct list_head *head, bool sync, bool *special_task),
 
+	TP_ARGS(t, proc, thread, w, head, sync, special_task));
 
+DECLARE_HOOK(android_vh_binder_free_buf,
 
+	TP_PROTO(struct binder_proc *proc, struct binder_thread *thread,
 
+		struct binder_buffer *buffer),
 
+	TP_ARGS(proc, thread, buffer));
 
 /* macro versions of hooks are no longer required */
 
 
 #endif /* _TRACE_HOOK_BINDER_H */

+ 34 - 0
include/trace/hooks/ufshcd.h
Wyświetl plik 

@@ -75,6 +75,40 @@ DECLARE_HOOK(android_vh_ufs_update_sdev,
 
 DECLARE_HOOK(android_vh_ufs_clock_scaling,
 
 	TP_PROTO(struct ufs_hba *hba, bool *force_out, bool *force_scaling, bool *scale_up),
 
 	TP_ARGS(hba, force_out, force_scaling, scale_up));
 
+
 
+DECLARE_HOOK(android_vh_ufs_send_command_post_change,
 
+	TP_PROTO(struct ufs_hba *hba, struct ufshcd_lrb *lrbp),
 
+	TP_ARGS(hba, lrbp));
 
+
 
+DECLARE_HOOK(android_vh_ufs_perf_huristic_ctrl,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 struct ufshcd_lrb *lrbp, int *err),
 
+	TP_ARGS(hba, lrbp, err));
 
+
 
+DECLARE_HOOK(android_vh_ufs_abort_success_ctrl,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 struct ufshcd_lrb *lrbp),
 
+	TP_ARGS(hba, lrbp));
 
+
 
+DECLARE_HOOK(android_vh_ufs_err_handler,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 bool *err_handled),
 
+	TP_ARGS(hba, err_handled));
 
+
 
+DECLARE_HOOK(android_vh_ufs_compl_rsp_check_done,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 struct ufshcd_lrb *lrbp, bool *done),
 
+	TP_ARGS(hba, lrbp, done));
 
+
 
+DECLARE_HOOK(android_vh_ufs_err_print_ctrl,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 bool *skip),
 
+	TP_ARGS(hba, skip));
 
+
 
+DECLARE_HOOK(android_vh_ufs_err_check_ctrl,
 
+	TP_PROTO(struct ufs_hba *hba,
 
+		 bool *err_check),
 
+	TP_ARGS(hba, err_check));
 
 #endif /* _TRACE_HOOK_UFSHCD_H */
 
 /* This part must be outside protection */
 
 #include <trace/define_trace.h>

+ 12 - 6
io_uring/io_uring.c
Wyświetl plik 

@@ -10248,7 +10248,7 @@ static int io_uring_show_cred(struct seq_file *m, unsigned int id,
 
 
 static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m)
 
 {
 
-	struct io_sq_data *sq = NULL;
 
+	int sq_pid = -1, sq_cpu = -1;
 
 	bool has_lock;
 
 	int i;
 
 
@@ -10261,13 +10261,19 @@ static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m)
 
 	has_lock = mutex_trylock(&ctx->uring_lock);
 
 
 	if (has_lock && (ctx->flags & IORING_SETUP_SQPOLL)) {
 
-		sq = ctx->sq_data;
 
-		if (!sq->thread)
 
-			sq = NULL;
 
+		struct io_sq_data *sq = ctx->sq_data;
 
+
 
+		if (mutex_trylock(&sq->lock)) {
 
+			if (sq->thread) {
 
+				sq_pid = task_pid_nr(sq->thread);
 
+				sq_cpu = task_cpu(sq->thread);
 
+			}
 
+			mutex_unlock(&sq->lock);
 
+		}
 
 	}
 
 
-	seq_printf(m, "SqThread:\t%d\n", sq ? task_pid_nr(sq->thread) : -1);
 
-	seq_printf(m, "SqThreadCpu:\t%d\n", sq ? task_cpu(sq->thread) : -1);
 
+	seq_printf(m, "SqThread:\t%d\n", sq_pid);
 
+	seq_printf(m, "SqThreadCpu:\t%d\n", sq_cpu);
 
 	seq_printf(m, "UserFiles:\t%u\n", ctx->nr_user_files);
 
 	for (i = 0; has_lock && i < ctx->nr_user_files; i++) {
 
 		struct file *f = io_file_from_index(ctx, i);

+ 4 - 2
net/ipv4/igmp.c
Wyświetl plik 

@@ -216,8 +216,10 @@ static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
 
 	int tv = prandom_u32() % max_delay;
 
 
 	im->tm_running = 1;
 
-	if (!mod_timer(&im->timer, jiffies+tv+2))
 
-		refcount_inc(&im->refcnt);
 
+	if (refcount_inc_not_zero(&im->refcnt)) {
 
+		if (mod_timer(&im->timer, jiffies + tv + 2))
 
+			ip_ma_put(im);
 
+	}
 
 }
 
 
 static void igmp_gq_start_timer(struct in_device *in_dev)

+ 3 - 0
net/netfilter/nft_set_pipapo.c
Wyświetl plik 

@@ -2028,6 +2028,9 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set,
 
 
 		e = f->mt[r].e;
 
 
+		if (!nft_set_elem_active(&e->ext, iter->genmask))
 
+			goto cont;
 
+
 
 		elem.priv = e;
 
 
 		iter->err = iter->fn(ctx, set, iter, &elem);

Plik diff jest za duży
+ 576 - 100
scripts/checkpatch.pl


Niektóre pliki nie zostały wyświetlone z powodu dużej ilości zmienionych plików