Merge "Merge keystone/android12-5.10-keystone-qcom-release.66+ (4a750ed) into msm-5.10"

android/ACK_SHA

@@ -0,0 +1 @@
+109f31ac23f5fc4fa3517bfc1cd005eccf93193b

android/abi_gki_aarch64_oplus

@@ -2585,6 +2585,9 @@
   __traceiter_android_vh_alter_rwsem_list_add
   __traceiter_android_vh_arch_set_freq_scale
   __traceiter_android_vh_binder_alloc_new_buf_locked
+  __traceiter_android_vh_binder_new_ref
+  __traceiter_android_vh_binder_del_ref
+  __traceiter_android_vh_binder_proc_transaction
   __traceiter_android_vh_binder_preset
   __traceiter_android_vh_binder_priority_skip
   __traceiter_android_vh_binder_reply
@@ -2776,6 +2779,9 @@
   __tracepoint_android_vh_alter_rwsem_list_add
   __tracepoint_android_vh_arch_set_freq_scale
   __tracepoint_android_vh_binder_alloc_new_buf_locked
+  __tracepoint_android_vh_binder_new_ref
+  __tracepoint_android_vh_binder_del_ref
+  __tracepoint_android_vh_binder_proc_transaction
   __tracepoint_android_vh_binder_preset
   __tracepoint_android_vh_binder_priority_skip
   __tracepoint_android_vh_binder_reply

android/abi_gki_aarch64_qcom

@@ -2251,6 +2251,7 @@
   smp_call_function
   smp_call_function_any
   smp_call_function_single
+  smp_call_function_single_async
   snd_card_free
   snd_card_new
   snd_card_register
@@ -2500,6 +2501,7 @@
   __traceiter_android_rvh_cpu_cgroup_online
   __traceiter_android_rvh_cpufreq_transition
   __traceiter_android_rvh_dequeue_task
+  __traceiter_android_rvh_do_sched_yield
   __traceiter_android_rvh_enqueue_task
   __traceiter_android_rvh_find_busiest_queue
   __traceiter_android_rvh_find_lowest_rq
@@ -2611,6 +2613,7 @@
   __tracepoint_android_rvh_cpu_cgroup_online
   __tracepoint_android_rvh_cpufreq_transition
   __tracepoint_android_rvh_dequeue_task
+  __tracepoint_android_rvh_do_sched_yield
   __tracepoint_android_rvh_enqueue_task
   __tracepoint_android_rvh_find_busiest_queue
   __tracepoint_android_rvh_find_lowest_rq

android/abi_gki_aarch64_vivo

@@ -1749,6 +1749,15 @@
   __traceiter_android_vh_ufs_send_command
   __traceiter_android_vh_ufs_update_sdev
   __traceiter_binder_transaction_received
+  __traceiter_block_bio_complete
+  __traceiter_block_bio_queue
+  __traceiter_block_getrq
+  __traceiter_block_rq_complete
+  __traceiter_block_rq_insert
+  __traceiter_block_rq_issue
+  __traceiter_block_rq_merge
+  __traceiter_block_rq_requeue
+  __traceiter_block_split
   __traceiter_cpu_frequency_limits
   __traceiter_cpu_idle
   __traceiter_dwc3_complete_trb
@@ -1852,6 +1861,15 @@
   __tracepoint_android_vh_ufs_update_sdev
   __tracepoint_android_vh_vmpressure
   __tracepoint_binder_transaction_received
+  __tracepoint_block_bio_complete
+  __tracepoint_block_bio_queue
+  __tracepoint_block_getrq
+  __tracepoint_block_rq_complete
+  __tracepoint_block_rq_insert
+  __tracepoint_block_rq_issue
+  __tracepoint_block_rq_merge
+  __tracepoint_block_rq_requeue
+  __tracepoint_block_split
   __tracepoint_cpu_frequency_limits
   __tracepoint_cpu_idle
   __tracepoint_dwc3_complete_trb

arch/arm64/configs/consolidate.fragment

@@ -95,3 +95,4 @@ CONFIG_TASKS_RUDE_RCU=y
 # CONFIG_TEST_VMALLOC is not set
 # CONFIG_TEST_XARRAY is not set
 CONFIG_TRACE_PREEMPT_TOGGLE=y
+CONFIG_USB_MON=y

block/blk-core.c

@@ -58,6 +58,13 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_remap);
 EXPORT_TRACEPOINT_SYMBOL_GPL(block_bio_complete);
 EXPORT_TRACEPOINT_SYMBOL_GPL(block_split);
 EXPORT_TRACEPOINT_SYMBOL_GPL(block_unplug);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_bio_queue);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_getrq);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_insert);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_issue);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_merge);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_requeue);
+EXPORT_TRACEPOINT_SYMBOL_GPL(block_rq_complete);
 
 DEFINE_IDA(blk_queue_ida);
 

crypto/Kconfig

@@ -53,14 +53,14 @@ config CRYPTO_FIPS140_MOD
 	  meet FIPS 140 and NIAP FPT_TST_EXT.1 requirements.  It shouldn't be
 	  used if you don't need to meet these requirements.
 
-config CRYPTO_FIPS140_MOD_ERROR_INJECTION
+config CRYPTO_FIPS140_MOD_EVAL_TESTING
-	bool "Support injecting failures into the FIPS 140 self-tests"
+	bool "Enable evaluation testing features in FIPS 140 module"
 	depends on CRYPTO_FIPS140_MOD
 	help
-	  This option adds a module parameter "broken_alg" to the fips140 module
+	  This option adds some features to the FIPS 140 module which are needed
-	  which can be used to fail the self-tests for a particular algorithm,
+	  for lab evaluation testing of the module, e.g. support for injecting
-	  causing a kernel panic.  This option is for FIPS lab testing only, and
+	  errors and support for a userspace interface to some of the module's
-	  it shouldn't be enabled on production systems.
+	  services.  This option should not be enabled in production builds.
 
 config CRYPTO_ALGAPI
 	tristate

crypto/Makefile

@@ -239,11 +239,14 @@ fips140-objs := \
 	fips140-refs.o \
 	fips140-selftests.o \
 	crypto-fips.a
+fips140-$(CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING) += \
+	fips140-eval-testing.o
 obj-m += fips140.o
 
 CFLAGS_fips140-alg-registration.o += $(FIPS140_CFLAGS)
 CFLAGS_fips140-module.o += $(FIPS140_CFLAGS)
 CFLAGS_fips140-selftests.o += $(FIPS140_CFLAGS)
+CFLAGS_fips140-eval-testing.o += $(FIPS140_CFLAGS)
 
 hostprogs-always-y := fips140_gen_hmac
 HOSTLDLIBS_fips140_gen_hmac := -lcrypto -lelf

crypto/fips140-eval-testing-uapi.h

@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+
+#ifndef _CRYPTO_FIPS140_EVAL_TESTING_H
+#define _CRYPTO_FIPS140_EVAL_TESTING_H
+
+#include <linux/ioctl.h>
+
+/*
+ * This header defines the ioctls that are available on the fips140 character
+ * device.  These ioctls expose some of the module's services to userspace so
+ * that they can be tested by the FIPS certification lab; this is a required
+ * part of getting a FIPS 140 certification.  These ioctls do not have any other
+ * purpose, and they do not need to be present in production builds.
+ */
+
+/*
+ * Call the fips140_is_approved_service() function.  The argument must be the
+ * service name as a NUL-terminated string.  The return value will be 1 if
+ * fips140_is_approved_service() returned true, or 0 if it returned false.
+ */
+#define FIPS140_IOCTL_IS_APPROVED_SERVICE	_IO('F', 0)
+
+/*
+ * Call the fips140_module_version() function.  The argument must be a pointer
+ * to a buffer of size >= 256 chars.  The NUL-terminated string returned by
+ * fips140_module_version() will be written to this buffer.
+ */
+#define FIPS140_IOCTL_MODULE_VERSION		_IOR('F', 1, char[256])
+
+#endif /* _CRYPTO_FIPS140_EVAL_TESTING_H */

crypto/fips140-eval-testing.c

@@ -0,0 +1,129 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright 2021 Google LLC
+ *
+ * This file can optionally be built into fips140.ko in order to support certain
+ * types of testing that the FIPS lab has to do to evaluate the module.  It
+ * should not be included in production builds of the module.
+ */
+
+/*
+ * We have to redefine inline to mean always_inline, so that _copy_to_user()
+ * gets inlined.  This is needed for it to be placed into the correct section.
+ * See fips140_copy_to_user().
+ *
+ * We also need to undefine BUILD_FIPS140_KO to allow the use of the code
+ * patching which copy_to_user() requires.
+ */
+#undef inline
+#define inline inline __attribute__((__always_inline__)) __gnu_inline \
+       __inline_maybe_unused notrace
+#undef BUILD_FIPS140_KO
+
+#include <linux/cdev.h>
+#include <linux/fs.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+
+#include "fips140-module.h"
+#include "fips140-eval-testing-uapi.h"
+
+/*
+ * This option allows deliberately failing the self-tests for a particular
+ * algorithm.
+ */
+static char *fips140_fail_selftest;
+module_param_named(fail_selftest, fips140_fail_selftest, charp, 0);
+
+/* This option allows deliberately failing the integrity check. */
+static bool fips140_fail_integrity_check;
+module_param_named(fail_integrity_check, fips140_fail_integrity_check, bool, 0);
+
+static dev_t fips140_devnum;
+static struct cdev fips140_cdev;
+
+/* Inject a self-test failure (via corrupting the result) if requested. */
+void fips140_inject_selftest_failure(const char *impl, u8 *result)
+{
+	if (fips140_fail_selftest && strcmp(impl, fips140_fail_selftest) == 0)
+		result[0] ^= 0xff;
+}
+
+/* Inject an integrity check failure (via corrupting the text) if requested. */
+void fips140_inject_integrity_failure(u8 *textcopy)
+{
+	if (fips140_fail_integrity_check)
+		textcopy[0] ^= 0xff;
+}
+
+static long fips140_ioctl_is_approved_service(unsigned long arg)
+{
+	const char *service_name = strndup_user((const char __user *)arg, 256);
+	long ret;
+
+	if (IS_ERR(service_name))
+		return PTR_ERR(service_name);
+
+	ret = fips140_is_approved_service(service_name);
+
+	kfree(service_name);
+	return ret;
+}
+
+/*
+ * Code in fips140.ko is covered by an integrity check by default, and this
+ * check breaks if copy_to_user() is called.  This is because copy_to_user() is
+ * an inline function that relies on code patching.  However, since this is
+ * "evaluation testing" code which isn't included in the production builds of
+ * fips140.ko, it's acceptable to just exclude it from the integrity check.
+ */
+static noinline unsigned long __section("text.._fips140_unchecked")
+fips140_copy_to_user(void __user *to, const void *from, unsigned long n)
+{
+	return copy_to_user(to, from, n);
+}
+
+static long fips140_ioctl_module_version(unsigned long arg)
+{
+	const char *version = fips140_module_version();
+	size_t len = strlen(version) + 1;
+
+	if (len > 256)
+		return -EOVERFLOW;
+
+	if (fips140_copy_to_user((void __user *)arg, version, len))
+		return -EFAULT;
+
+	return 0;
+}
+
+static long fips140_ioctl(struct file *file, unsigned int cmd,
+			  unsigned long arg)
+{
+	switch (cmd) {
+	case FIPS140_IOCTL_IS_APPROVED_SERVICE:
+		return fips140_ioctl_is_approved_service(arg);
+	case FIPS140_IOCTL_MODULE_VERSION:
+		return fips140_ioctl_module_version(arg);
+	default:
+		return -ENOTTY;
+	}
+}
+
+static const struct file_operations fips140_fops = {
+	.unlocked_ioctl = fips140_ioctl,
+};
+
+bool fips140_eval_testing_init(void)
+{
+	if (alloc_chrdev_region(&fips140_devnum, 1, 1, "fips140") != 0) {
+		pr_err("failed to allocate device number\n");
+		return false;
+	}
+	cdev_init(&fips140_cdev, &fips140_fops);
+	if (cdev_add(&fips140_cdev, fips140_devnum, 1) != 0) {
+		pr_err("failed to add fips140 character device\n");
+		return false;
+	}
+	return true;
+}

crypto/fips140-module.c

@@ -29,15 +29,6 @@
 #include "fips140-module.h"
 #include "internal.h"
 
-/*
- * This option allows deliberately failing the self-tests for a particular
- * algorithm.  This is for FIPS lab testing only.
- */
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
-char *fips140_broken_alg;
-module_param_named(broken_alg, fips140_broken_alg, charp, 0);
-#endif
-
 /*
  * FIPS 140-2 prefers the use of HMAC with a public key over a plain hash.
  */
@@ -397,6 +388,8 @@ static bool __init check_fips140_module_hmac(void)
 				  offset_to_ptr(&fips140_rela_rodata.offset),
 				  fips140_rela_rodata.count);
 
+	fips140_inject_integrity_failure(textcopy);
+
 	tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
 	if (IS_ERR(tfm)) {
 		pr_err("failed to allocate hmac tfm (%ld)\n", PTR_ERR(tfm));
@@ -545,6 +538,9 @@ fips140_init(void)
 	if (!update_fips140_library_routines())
 		goto panic;
 
+	if (!fips140_eval_testing_init())
+		goto panic;
+
 	pr_info("module successfully loaded\n");
 	return 0;
 

crypto/fips140-module.h

@@ -20,16 +20,31 @@
 #define FIPS140_MODULE_NAME "Android Kernel Cryptographic Module"
 #define FIPS140_MODULE_VERSION UTS_RELEASE
 
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
+/* fips140-eval-testing.c */
-extern char *fips140_broken_alg;
+#ifdef CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING
-#endif
+void fips140_inject_selftest_failure(const char *impl, u8 *result);
+void fips140_inject_integrity_failure(u8 *textcopy);
+bool fips140_eval_testing_init(void);
+#else
+static inline void fips140_inject_selftest_failure(const char *impl, u8 *result)
+{
+}
+static inline void fips140_inject_integrity_failure(u8 *textcopy)
+{
+}
+static inline bool fips140_eval_testing_init(void)
+{
+	return true;
+}
+#endif /* !CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING */
 
+/* fips140-module.c */
 extern struct completion fips140_tests_done;
 extern struct task_struct *fips140_init_thread;
-
-bool __init __must_check fips140_run_selftests(void);
-
 bool fips140_is_approved_service(const char *name);
 const char *fips140_module_version(void);
 
+/* fips140-selftests.c */
+bool __init __must_check fips140_run_selftests(void);
+
 #endif /* _CRYPTO_FIPS140_MODULE_H */

crypto/fips140-selftests.c

@@ -146,11 +146,7 @@ static int __init __must_check
 fips_check_result(u8 *result, const u8 *expected_result, size_t result_size,
 		  const char *impl, const char *operation)
 {
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
+	fips140_inject_selftest_failure(impl, result);
-	/* Inject a failure (via corrupting the result) if requested. */
-	if (fips140_broken_alg && strcmp(impl, fips140_broken_alg) == 0)
-		result[0] ^= 0xff;
-#endif
 	if (memcmp(result, expected_result, result_size) != 0) {
 		pr_err("wrong result from %s %s\n", impl, operation);
 		return -EBADMSG;

drivers/android/binder.c

@@ -2797,6 +2797,7 @@ static void binder_transaction(struct binder_proc *proc,
 	if (target_thread)
 		e->to_thread = target_thread->pid;
 	e->to_proc = target_proc->pid;
+	trace_android_rvh_binder_transaction(target_proc, proc, thread, tr);
 
 	/* TODO: reuse incoming transaction for reply */
 	t = kzalloc(sizeof(*t), GFP_KERNEL);

drivers/android/vendor_hooks.c

@@ -239,6 +239,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_create_worker);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_check_preempt_tick);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_check_preempt_wakeup_ignore);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_replace_next_task_fair);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_do_sched_yield);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_wait_for_work);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_sync_txn_recvd);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_build_sched_domains);
@@ -289,6 +290,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_timerfd_create);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_alloc_new_buf_locked);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_reply);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_trans);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_binder_transaction);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_preset);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_proc_transaction);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_binder_new_ref);

drivers/usb/gadget/function/f_fs.c

@@ -614,7 +614,7 @@ static int ffs_ep0_open(struct inode *inode, struct file *file)
 	file->private_data = ffs;
 	ffs_data_opened(ffs);
 
-	return 0;
+	return stream_open(inode, file);
 }
 
 static int ffs_ep0_release(struct inode *inode, struct file *file)
@@ -1152,7 +1152,7 @@ ffs_epfile_open(struct inode *inode, struct file *file)
 	file->private_data = epfile;
 	ffs_data_opened(epfile->ffs);
 
-	return 0;
+	return stream_open(inode, file);
 }
 
 static int ffs_aio_cancel(struct kiocb *kiocb)

fs/f2fs/data.c

@@ -1859,8 +1859,9 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
 	u64 logical = 0, phys = 0, size = 0;
 	u32 flags = 0;
 	int ret = 0;
-	bool compr_cluster = false;
+	bool compr_cluster = false, compr_appended;
 	unsigned int cluster_size = F2FS_I(inode)->i_cluster_size;
+	unsigned int count_in_cluster = 0;
 	loff_t maxbytes;
 
 	if (fieinfo->fi_flags & FIEMAP_FLAG_CACHE) {
@@ -1908,15 +1909,17 @@ next:
 	map.m_next_pgofs = &next_pgofs;
 	map.m_seg_type = NO_CHECK_TYPE;
 
-	if (compr_cluster)
+	if (compr_cluster) {
-		map.m_len = cluster_size - 1;
+		map.m_lblk += 1;
+		map.m_len = cluster_size - count_in_cluster;
+	}
 
 	ret = f2fs_map_blocks(inode, &map, 0, F2FS_GET_BLOCK_FIEMAP);
 	if (ret)
 		goto out;
 
 	/* HOLE */
-	if (!(map.m_flags & F2FS_MAP_FLAGS)) {
+	if (!compr_cluster && !(map.m_flags & F2FS_MAP_FLAGS)) {
 		start_blk = next_pgofs;
 
 		if (blks_to_bytes(inode, start_blk) < blks_to_bytes(inode,
@@ -1926,6 +1929,14 @@ next:
 		flags |= FIEMAP_EXTENT_LAST;
 	}
 
+	compr_appended = false;
+	/* In a case of compressed cluster, append this to the last extent */
+	if (compr_cluster && ((map.m_flags & F2FS_MAP_UNWRITTEN) ||
+			!(map.m_flags & F2FS_MAP_FLAGS))) {
+		compr_appended = true;
+		goto skip_fill;
+	}
+
 	if (size) {
 		flags |= FIEMAP_EXTENT_MERGED;
 		if (IS_ENCRYPTED(inode))
@@ -1942,39 +1953,37 @@ next:
 	if (start_blk > last_blk)
 		goto out;
 
-	if (compr_cluster) {
+skip_fill:
-		compr_cluster = false;
-
-
-		logical = blks_to_bytes(inode, start_blk - 1);
-		phys = blks_to_bytes(inode, map.m_pblk);
-		size = blks_to_bytes(inode, cluster_size);
-
-		flags |= FIEMAP_EXTENT_ENCODED;
-
-		start_blk += cluster_size - 1;
-
-		if (start_blk > last_blk)
-			goto out;
-
-		goto prep_next;
-	}
-
 	if (map.m_pblk == COMPRESS_ADDR) {
 		compr_cluster = true;
-		start_blk++;
+		count_in_cluster = 1;
-		goto prep_next;
+	} else if (compr_appended) {
+		unsigned int appended_blks = cluster_size -
+						count_in_cluster + 1;
+		size += blks_to_bytes(inode, appended_blks);
+		start_blk += appended_blks;
+		compr_cluster = false;
+	} else {
+		logical = blks_to_bytes(inode, start_blk);
+		phys = __is_valid_data_blkaddr(map.m_pblk) ?
+			blks_to_bytes(inode, map.m_pblk) : 0;
+		size = blks_to_bytes(inode, map.m_len);
+		flags = 0;
+
+		if (compr_cluster) {
+			flags = FIEMAP_EXTENT_ENCODED;
+			count_in_cluster += map.m_len;
+			if (count_in_cluster == cluster_size) {
+				compr_cluster = false;
+				size += blks_to_bytes(inode, 1);
+			}
+		} else if (map.m_flags & F2FS_MAP_UNWRITTEN) {
+			flags = FIEMAP_EXTENT_UNWRITTEN;
+		}
+
+		start_blk += bytes_to_blks(inode, size);
 	}
 
-	logical = blks_to_bytes(inode, start_blk);
-	phys = blks_to_bytes(inode, map.m_pblk);
-	size = blks_to_bytes(inode, map.m_len);
-	flags = 0;
-	if (map.m_flags & F2FS_MAP_UNWRITTEN)
-		flags = FIEMAP_EXTENT_UNWRITTEN;
-
-	start_blk += bytes_to_blks(inode, size);
-
 prep_next:
 	cond_resched();
 	if (fatal_signal_pending(current))

include/trace/hooks/binder.h

@@ -52,6 +52,10 @@ DECLARE_HOOK(android_vh_binder_trans,
 	TP_PROTO(struct binder_proc *target_proc, struct binder_proc *proc,
 		struct binder_thread *thread, struct binder_transaction_data *tr),
 	TP_ARGS(target_proc, proc, thread, tr));
+DECLARE_RESTRICTED_HOOK(android_rvh_binder_transaction,
+	TP_PROTO(struct binder_proc *target_proc, struct binder_proc *proc,
+		struct binder_thread *thread, struct binder_transaction_data *tr),
+	TP_ARGS(target_proc, proc, thread, tr), 1);
 DECLARE_HOOK(android_vh_binder_preset,
 	TP_PROTO(struct hlist_head *hhead, struct mutex *lock),
 	TP_ARGS(hhead, lock));

include/trace/hooks/sched.h

@@ -291,6 +291,10 @@ DECLARE_RESTRICTED_HOOK(android_rvh_replace_next_task_fair,
 			bool simple, struct task_struct *prev),
 	TP_ARGS(rq, p, se, repick, simple, prev), 1);
 
+DECLARE_RESTRICTED_HOOK(android_rvh_do_sched_yield,
+	TP_PROTO(struct rq *rq),
+	TP_ARGS(rq), 1);
+
 DECLARE_RESTRICTED_HOOK(android_rvh_util_est_update,
 	TP_PROTO(struct cfs_rq *cfs_rq, struct task_struct *p, bool task_sleep, int *ret),
 	TP_ARGS(cfs_rq, p, task_sleep, ret), 1);

include/uapi/linux/virtio_ids.h

@@ -45,6 +45,7 @@
 #define VIRTIO_ID_CRYPTO       20 /* virtio crypto */
 #define VIRTIO_ID_IOMMU        23 /* virtio IOMMU */
 #define VIRTIO_ID_MEM          24 /* virtio mem */
+#define VIRTIO_ID_SOUND        25 /* virtio sound */
 #define VIRTIO_ID_FS           26 /* virtio filesystem */
 #define VIRTIO_ID_PMEM         27 /* virtio pmem */
 #define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */

kernel/locking/rwsem.c

@@ -1287,7 +1287,7 @@ out_nolock:
 	list_del(&waiter.list);
 
 	if (unlikely(wstate == WRITER_HANDOFF))
-		atomic_long_add(-RWSEM_FLAG_HANDOFF,  &sem->count);
+		atomic_long_andnot(RWSEM_FLAG_HANDOFF,  &sem->count);
 
 	if (list_empty(&sem->wait_list))
 		atomic_long_andnot(RWSEM_FLAG_WAITERS, &sem->count);

kernel/sched/core.c

@@ -6343,6 +6343,8 @@ static void do_sched_yield(void)
 	schedstat_inc(rq->yld_count);
 	current->sched_class->yield_task(rq);
 
+	trace_android_rvh_do_sched_yield(rq);
+
 	preempt_disable();
 	rq_unlock_irq(rq, &rf);
 	sched_preempt_enable_no_resched();

kernel/sched/fair.c

@@ -3511,9 +3511,10 @@ update_tg_cfs_runnable(struct cfs_rq *cfs_rq, struct sched_entity *se, struct cf
 static inline void
 update_tg_cfs_load(struct cfs_rq *cfs_rq, struct sched_entity *se, struct cfs_rq *gcfs_rq)
 {
-	long delta, running_sum, runnable_sum = gcfs_rq->prop_runnable_sum;
+	long delta_avg, running_sum, runnable_sum = gcfs_rq->prop_runnable_sum;
 	unsigned long load_avg;
 	u64 load_sum = 0;
+	s64 delta_sum;
 	u32 divider;
 
 	if (!runnable_sum)
@@ -3560,13 +3561,13 @@ update_tg_cfs_load(struct cfs_rq *cfs_rq, struct sched_entity *se, struct cfs_rq
 	load_sum = (s64)se_weight(se) * runnable_sum;
 	load_avg = div_s64(load_sum, divider);
 
-	delta = load_avg - se->avg.load_avg;
+	delta_sum = load_sum - (s64)se_weight(se) * se->avg.load_sum;
+	delta_avg = load_avg - se->avg.load_avg;
 
 	se->avg.load_sum = runnable_sum;
 	se->avg.load_avg = load_avg;
-
+	add_positive(&cfs_rq->avg.load_avg, delta_avg);
-	add_positive(&cfs_rq->avg.load_avg, delta);
+	add_positive(&cfs_rq->avg.load_sum, delta_sum);
-	cfs_rq->avg.load_sum = cfs_rq->avg.load_avg * divider;
 }
 
 static inline void add_tg_cfs_propagate(struct cfs_rq *cfs_rq, long runnable_sum)
@@ -3682,15 +3683,15 @@ update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq)
 
 		r = removed_load;
 		sub_positive(&sa->load_avg, r);
-		sa->load_sum = sa->load_avg * divider;
+		sub_positive(&sa->load_sum, r * divider);
 
 		r = removed_util;
 		sub_positive(&sa->util_avg, r);
-		sa->util_sum = sa->util_avg * divider;
+		sub_positive(&sa->util_sum, r * divider);
 
 		r = removed_runnable;
 		sub_positive(&sa->runnable_avg, r);
-		sa->runnable_sum = sa->runnable_avg * divider;
+		sub_positive(&sa->runnable_sum, r * divider);
 
 		/*
 		 * removed_runnable is the unweighted version of removed_load so we
@@ -3777,17 +3778,11 @@ static void attach_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *s
  */
 static void detach_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *se)
 {
-	/*
-	 * cfs_rq->avg.period_contrib can be used for both cfs_rq and se.
-	 * See ___update_load_avg() for details.
-	 */
-	u32 divider = get_pelt_divider(&cfs_rq->avg);
-
 	dequeue_load_avg(cfs_rq, se);
 	sub_positive(&cfs_rq->avg.util_avg, se->avg.util_avg);
-	cfs_rq->avg.util_sum = cfs_rq->avg.util_avg * divider;
+	sub_positive(&cfs_rq->avg.util_sum, se->avg.util_sum);
 	sub_positive(&cfs_rq->avg.runnable_avg, se->avg.runnable_avg);
-	cfs_rq->avg.runnable_sum = cfs_rq->avg.runnable_avg * divider;
+	sub_positive(&cfs_rq->avg.runnable_sum, se->avg.runnable_sum);
 
 	add_tg_cfs_propagate(cfs_rq, -se->avg.load_sum);
 

samples/crypto/fips140_lab_test.c

@@ -0,0 +1,187 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright 2021 Google LLC
+ *
+ * This is a sample program which calls some ioctls on /dev/fips140 and prints
+ * the results.  The purpose of this program is to allow the FIPS certification
+ * lab to test some services of fips140.ko, which they are required to do.  This
+ * is a sample program only, and it can be modified by the lab as needed.  This
+ * program must be run as root, and it only works if the system has loaded a
+ * build of fips140.ko with evaluation testing support enabled.
+ *
+ * This program can be compiled and run on an Android device as follows:
+ *
+ *	NDK_DIR=$HOME/android-ndk-r23b  # adjust directory path as needed
+ *	$NDK_DIR/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android31-clang \
+ *		fips140_lab_test.c -O2 -Wall -o fips140_lab_test
+ *	adb push fips140_lab_test /data/local/tmp/
+ *	adb root
+ *	adb shell /data/local/tmp/fips140_lab_test
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <sys/sysmacros.h>
+#include <unistd.h>
+
+#include "../../crypto/fips140-eval-testing-uapi.h"
+
+static int fips140_dev_fd = -1;
+
+#define ARRAY_SIZE(A) (sizeof(A) / sizeof((A)[0]))
+
+static const char *booltostr(bool b)
+{
+	return b ? "true" : "false";
+}
+
+static void __attribute__((noreturn))
+do_die(const char *format, va_list va, int err)
+{
+	fputs("ERROR: ", stderr);
+	vfprintf(stderr, format, va);
+	if (err)
+		fprintf(stderr, ": %s", strerror(err));
+	putc('\n', stderr);
+	exit(1);
+}
+
+static void __attribute__((noreturn, format(printf, 1, 2)))
+die_errno(const char *format, ...)
+{
+	va_list va;
+
+	va_start(va, format);
+	do_die(format, va, errno);
+	va_end(va);
+}
+
+static void __attribute__((noreturn, format(printf, 1, 2)))
+die(const char *format, ...)
+{
+	va_list va;
+
+	va_start(va, format);
+	do_die(format, va, 0);
+	va_end(va);
+}
+
+static int get_fips140_device_number(void)
+{
+	FILE *f;
+	char line[128];
+	int number;
+	char name[32];
+
+	f = fopen("/proc/devices", "r");
+	if (!f)
+		die_errno("failed to open /proc/devices");
+	while (fgets(line, sizeof(line), f)) {
+		if (sscanf(line, "%d %31s", &number, name) == 2 &&
+		    strcmp(name, "fips140") == 0)
+			return number;
+	}
+	fclose(f);
+	die("fips140 device node is unavailable.\n"
+"The fips140 device node is only available when the fips140 module is loaded\n"
+"and has been built with evaluation testing support.");
+}
+
+static void create_fips140_node_if_needed(void)
+{
+	struct stat stbuf;
+	int major;
+
+	if (stat("/dev/fips140", &stbuf) == 0)
+		return;
+
+	major = get_fips140_device_number();
+	if (mknod("/dev/fips140", S_IFCHR | 0600, makedev(major, 1)) != 0)
+		die_errno("failed to create fips140 device node");
+}
+
+static bool fips140_is_approved_service(const char *name)
+{
+	int ret = ioctl(fips140_dev_fd, FIPS140_IOCTL_IS_APPROVED_SERVICE, name);
+
+	if (ret < 0)
+		die_errno("FIPS140_IOCTL_IS_APPROVED_SERVICE unexpectedly failed");
+	if (ret == 1)
+		return true;
+	if (ret == 0)
+		return false;
+	die("FIPS140_IOCTL_IS_APPROVED_SERVICE returned unexpected value %d",
+	    ret);
+}
+
+static const char *fips140_module_version(void)
+{
+	char buf[256];
+	char *str;
+	int ret = ioctl(fips140_dev_fd, FIPS140_IOCTL_MODULE_VERSION, buf);
+
+	if (ret < 0)
+		die_errno("FIPS140_IOCTL_MODULE_VERSION unexpectedly failed");
+	if (ret != 0)
+		die("FIPS140_IOCTL_MODULE_VERSION returned unexpected value %d", ret);
+	str = strdup(buf);
+	if (!str)
+		die("out of memory");
+	return str;
+}
+
+static const char * const services_to_check[] = {
+	"aes",
+	"cbc(aes)",
+	"cbcmac(aes)",
+	"cmac(aes)",
+	"ctr(aes)",
+	"cts(cbc(aes))",
+	"ecb(aes)",
+	"essiv(cbc(aes),sha256)",
+	"gcm(aes)",
+	"hmac(sha1)",
+	"hmac(sha224)",
+	"hmac(sha256)",
+	"hmac(sha384)",
+	"hmac(sha512)",
+	"jitterentropy_rng",
+	"sha1",
+	"sha224",
+	"sha256",
+	"sha384",
+	"sha512",
+	"stdrng",
+	"xcbc(aes)",
+	"xts(aes)",
+};
+
+int main(void)
+{
+	size_t i;
+
+	if (getuid() != 0)
+		die("This program requires root.  Run 'adb root' first.");
+
+	create_fips140_node_if_needed();
+
+	fips140_dev_fd = open("/dev/fips140", O_RDONLY);
+	if (fips140_dev_fd < 0)
+		die_errno("failed to open /dev/fips140");
+
+	printf("fips140_module_version() => \"%s\"\n", fips140_module_version());
+	for (i = 0; i < ARRAY_SIZE(services_to_check); i++) {
+		const char *service = services_to_check[i];
+
+		printf("fips140_is_approved_service(\"%s\") => %s\n", service,
+		       booltostr(fips140_is_approved_service(service)));
+	}
+	return 0;
+}

scripts/module.lds.S

@@ -71,6 +71,7 @@ SECTIONS {
 		*(.text..L.cfi.jumptable .text..L.cfi.jumptable.*)
 		__cfi_jt_end = .;
 		*(.text.._end)
+		*(.text.._fips140_unchecked)
 	}
 #endif
 }

scripts/setlocalversion

@@ -41,8 +41,6 @@ if test $# -gt 0; then
 		kmi_generation=$1
 		[ $(expr $kmi_generation : '^[0-9]\+$') -eq 0 ] && usage
 		shift
-	else
-		usage
 	fi
 fi
 if test $# -gt 0 -o ! -d "$srctree"; then
@@ -68,6 +66,8 @@ scm_version()
 
 		if [ -n "$android_release" ] && [ -n "$kmi_generation" ]; then
 			printf '%s' "-$android_release-$kmi_generation"
+		elif [ -n "$android_release" ]; then
+			printf '%s' "-$android_release"
 		fi
 
 		# If we are at a tagged commit (like "v2.6.30-rc6"), we ignore