Merge branch 'android12-5.10' into android12-5.10-lts

Sync up with android12-5.10 for the following commits:

29af14b086 ANDROID: GKI: Update symbols to symbol list
8d7f609cda ANDROID: fips140: add name and version, and a function to retrieve them
64d769e53f ANDROID: fips140: add service indicators
b9066e59a5 ANDROID: GKI: Update symbols to symbol list
1eae8229b7 ANDROID: GKI: Update symbols to symbol list
aee113fcef ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure
9cafb6afaa ANDROID: GKI: Update symbols to symbol list
6ad609468d ANDROID: Fix mmu_notifier imbalance
62f22f5c05 ANDROID: ABI: Update symbol list for IMX
f5284c5c9c ANDROID: Update symbol list for mtk
8a30a2cadd ANDROID: GKI: update virtual device symbol list
cf721d6c46 ANDROID: ABI: add new symbols required by fips140.ko
482b0323cf ANDROID: fips140: zeroize temporary values from integrity check
ecf9341134 ANDROID: fips140: remove in-place updating of live algorithms
e45108ecff ANDROID: fips140: block crypto operations until tests complete
6b995f5a54 ANDROID: fips140: preserve RELA sections without relying on the module loader
e8d56bd78b ANDROID: module: apply special LTO treatment to .text even if CFI is disabled
52b70d491b ANDROID: fips140: use FIPS140_CFLAGS when compiling fips140-selftests.c
e5b14396f9 ANDROID: fips140: take into account AES-GCM not being approvable
960ebb2b56 ANDROID: fips140: add jitterentropy to fips140 module
2ee56aad31 ANDROID: fips140: add AES-CMAC
2b5843ae2d ANDROID: fips140: add AES-CBC-CTS
1be58af077 ANDROID: fips140: remove non-prediction-resistant DRBG test
17ccefe140 ANDROID: fips140: use full 16-byte IV
b397a0387c ANDROID: fips140: test all implementations
82c940e0e1 ANDROID: Update symbol list for mtk
8d68a30fe1 ANDROID: ASoC: soc-pcm: Get all BEs along DAPM path
ea440234c7 ANDROID: GKI: refresh XML following ANDROID_KABI_USE change
f8b361d17d ANDROID: GKI: rework the ANDROID_KABI_USE() macro to not use __UNIQUE()
ad8da78c87 UPSTREAM: sched/scs: Reset the shadow stack when idle_task_exit
74782dd0ce ANDROID: cpuhp/pause: add function define if not define CONFIG_CPUSETS
75a5637ccf ANDROID: GKI: Add a symbol to vendor symbol list
1c0e68339c ANDROID: f2fs: fix potential deadlock by android ftrace
8d5dd0a5a4 ANDROID: gki_defconfig: enable CONFIG_USB_CONFIGFS_F_UVC
d4091df63c ANDROID: GKI: Update symbols list for vivo
a451a6c447 ANDROID: GKI: Add missing symbol list whitespace
a32d8ee384 Revert "ANDROID: mpam: add vendor hook to record MPAM"
2ccbb92f7f ANDROID: userfaultfd: Fix merge resolution: validate_range()
09bd9e940e ANDROID: cpuhp/pause: schedule cpu_hotplug_work on resume cpu
2a813b466b ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus
a8c611fa24 ANDROID: GKI: Update symbols list for vivo
16493a3c87 Revert "BACKPORT: ASoC: soc-pcm: Get all BEs along DAPM path"
a84e45d3c3 FROMGIT: usb: dwc3: gadget: Skip resizing EP's TX FIFO if already resized
168de6b1d9 FROMGIT: usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep
6cb41901ea ANDROID: ABI: update allowed list for galaxy
48e5c07fe0 ANDROID: dma_heap: add dma_parms for uncached heap
a0345d4590 ANDROID: GKI: rockchip: Enable symbols for pinctrl and rk8xx
8e9111c2b2 ANDROID: GKI: rockchip: Enable symbols for typec
28edc30761 ANDROID: GKI: rockchip: Add build script
9329ddc34d ANDROID: GKI: Add some symbols to symbol list to support vendor module
bd4a84253c UPSTREAM:  core: Add L2P entry swap quirk for Micron UFS
44b339535e ANDROID: gki_defconfig: remove CONFIG_UBSAN_MISC entry
71f70987f9 UPSTREAM: ubsan: remove overflow checks
65a04c1a8e UPSTREAM: ubsan: disable unsigned-overflow check for i386
7611578ecb UPSTREAM: ubsan: expand tests and reporting
fca16257ca UPSTREAM: ubsan: remove UBSAN_MISC in favor of individual options
c2985e13dd UPSTREAM: ubsan: enable for all*config builds
5eb5780afe UPSTREAM: ubsan: disable UBSAN_TRAP for all*config
c108d79a12 UPSTREAM: ubsan: disable object-size sanitizer under GCC
9ecd3c915d UPSTREAM: ubsan: move cc-option tests into Kconfig
70e365831f UPSTREAM: ubsan: remove redundant -Wno-maybe-uninitialized
45b1eb7115 UPSTREAM: mm/mremap: fix BUILD_BUG_ON() error in get_extent

Due to api additions in android12-5.10, this also adds more api symbols
to track:

Leaf changes summary: 75 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 53 Added functions
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 22 Added variables

53 Added functions:

  [A] 'function __sum16 __skb_checksum_complete(sk_buff*)'
  [A] 'function int __traceiter_android_vh_cpu_up(void*, unsigned int)'
  [A] 'function int __traceiter_android_vh_cpufreq_acct_update_power(void*, u64, task_struct*, unsigned int)'
  [A] 'function int __traceiter_android_vh_filemap_fault_cache_page(void*, vm_fault*, page*)'
  [A] 'function int __traceiter_android_vh_filemap_fault_get_page(void*, vm_fault*, page**, bool*)'
  [A] 'function int __traceiter_android_vh_mem_cgroup_alloc(void*, mem_cgroup*)'
  [A] 'function int __traceiter_android_vh_mem_cgroup_css_offline(void*, cgroup_subsys_state*, mem_cgroup*)'
  [A] 'function int __traceiter_android_vh_mem_cgroup_css_online(void*, cgroup_subsys_state*, mem_cgroup*)'
  [A] 'function int __traceiter_android_vh_mem_cgroup_free(void*, mem_cgroup*)'
  [A] 'function int __traceiter_android_vh_mem_cgroup_id_remove(void*, mem_cgroup*)'
  [A] 'function int __traceiter_android_vh_mmap_region(void*, vm_area_struct*, unsigned long int)'
  [A] 'function int __traceiter_android_vh_scmi_timeout_sync(void*, int*)'
  [A] 'function int __traceiter_android_vh_shrink_slab_bypass(void*, gfp_t, int, mem_cgroup*, int, bool*)'
  [A] 'function int __traceiter_android_vh_snd_soc_card_get_comp_chain(void*, bool*)'
  [A] 'function int __traceiter_android_vh_try_to_unmap_one(void*, vm_area_struct*, page*, unsigned long int, bool)'
  [A] 'function int __traceiter_sched_stat_sleep(void*, task_struct*, u64)'
  [A] 'function int __traceiter_sched_waking(void*, task_struct*)'
  [A] 'function int __typec_altmode_register_driver(typec_altmode_driver*, module*)'
  [A] 'function int ahash_register_instance(crypto_template*, ahash_instance*)'
  [A] 'function int blkcg_activate_policy(request_queue*, const blkcg_policy*)'
  [A] 'function void blkcg_deactivate_policy(request_queue*, const blkcg_policy*)'
  [A] 'function int blkcg_policy_register(blkcg_policy*)'
  [A] 'function void blkcg_policy_unregister(blkcg_policy*)'
  [A] 'function blkcg_gq* blkg_lookup_slowpath(blkcg*, request_queue*, bool)'
  [A] 'function int crypto_grab_spawn(crypto_spawn*, crypto_instance*, const char*, u32, u32)'
  [A] 'function int crypto_register_aeads(aead_alg*, int)'
  [A] 'function int crypto_register_ahashes(ahash_alg*, int)'
  [A] 'function int crypto_register_rng(rng_alg*)'
  [A] 'function crypto_tfm* crypto_spawn_tfm(crypto_spawn*, u32, u32)'
  [A] 'function void crypto_unregister_rng(rng_alg*)'
  [A] 'function cgroup_subsys_state* css_next_descendant_pre(cgroup_subsys_state*, cgroup_subsys_state*)'
  [A] 'function int dump_align(coredump_params*, int)'
  [A] 'function int dump_emit(coredump_params*, void*, int)'
  [A] 'function fwnode_handle* fwnode_create_software_node(const property_entry*, const fwnode_handle*)'
  [A] 'function int ip6_local_out(net*, sock*, sk_buff*)'
  [A] 'function int ip6_route_me_harder(net*, sock*, sk_buff*)'
  [A] 'function int ip_local_out(net*, sock*, sk_buff*)'
  [A] 'function cgroup_subsys_state* kthread_blkcg()'
  [A] 'function void nf_ct_attach(sk_buff*, const sk_buff*)'
  [A] 'function cgroup_subsys_state* of_css(kernfs_open_file*)'
  [A] 'function pinctrl_gpio_range* pinctrl_find_gpio_range_from_pin(pinctrl_dev*, unsigned int)'
  [A] 'function void skb_dump(const char*, const sk_buff*, bool)'
  [A] 'function int spi_write_then_read(spi_device*, void*, unsigned int, void*, unsigned int)'
  [A] 'function tcpm_port* tcpm_register_port(device*, tcpc_dev*)'
  [A] 'function void tcpm_unregister_port(tcpm_port*)'
  [A] 'function typec_port* typec_altmode2port(typec_altmode*)'
  [A] 'function int typec_altmode_enter(typec_altmode*, u32*)'
  [A] 'function int typec_altmode_exit(typec_altmode*)'
  [A] 'function int typec_altmode_notify(typec_altmode*, unsigned long int, void*)'
  [A] 'function void typec_altmode_unregister_driver(typec_altmode_driver*)'
  [A] 'function int typec_altmode_vdm(typec_altmode*, const u32, const u32*, int)'
  [A] 'function int typec_get_negotiated_svdm_version(typec_port*)'
  [A] 'function int vb2_create_bufs(vb2_queue*, v4l2_create_buffers*)'

22 Added variables:

  [A] 'tracepoint __tracepoint_android_rvh_tcp_recvmsg'
  [A] 'tracepoint __tracepoint_android_rvh_tcp_recvmsg_stat'
  [A] 'tracepoint __tracepoint_android_rvh_tcp_sendmsg_locked'
  [A] 'tracepoint __tracepoint_android_rvh_udp_recvmsg'
  [A] 'tracepoint __tracepoint_android_rvh_udp_sendmsg'
  [A] 'tracepoint __tracepoint_android_vh_cpu_up'
  [A] 'tracepoint __tracepoint_android_vh_cpufreq_acct_update_power'
  [A] 'tracepoint __tracepoint_android_vh_filemap_fault_cache_page'
  [A] 'tracepoint __tracepoint_android_vh_filemap_fault_get_page'
  [A] 'tracepoint __tracepoint_android_vh_mem_cgroup_alloc'
  [A] 'tracepoint __tracepoint_android_vh_mem_cgroup_css_offline'
  [A] 'tracepoint __tracepoint_android_vh_mem_cgroup_css_online'
  [A] 'tracepoint __tracepoint_android_vh_mem_cgroup_free'
  [A] 'tracepoint __tracepoint_android_vh_mem_cgroup_id_remove'
  [A] 'tracepoint __tracepoint_android_vh_mmap_region'
  [A] 'tracepoint __tracepoint_android_vh_scmi_timeout_sync'
  [A] 'tracepoint __tracepoint_android_vh_shrink_slab_bypass'
  [A] 'tracepoint __tracepoint_android_vh_snd_soc_card_get_comp_chain'
  [A] 'tracepoint __tracepoint_android_vh_try_to_unmap_one'
  [A] 'tracepoint __tracepoint_sched_stat_sleep'
  [A] 'tracepoint __tracepoint_sched_waking'
  [A] 'blkcg blkcg_root'

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica9d2a84fcd58c6ff9c2b0eb7146a7e9657c167f

Documentation/dev-tools/ubsan.rst

@@ -86,3 +86,4 @@ References
 
 .. _1: https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
 .. _2: https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
+.. _3: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

android/abi_gki_aarch64_fips140

@@ -6,12 +6,14 @@
 # required by fips140.ko
   add_random_ready_callback
   aead_register_instance
-  arm64_const_caps_ready
+  ahash_register_instance
+  arch_timer_read_counter
   bcmp
   cancel_work_sync
   __cfi_slowpath
+  complete_all
+  completion_done
   cpu_have_feature
-  cpu_hwcap_keys
   crypto_aead_decrypt
   crypto_aead_encrypt
   crypto_aead_setauthsize
@@ -19,7 +21,6 @@
   crypto_ahash_finup
   crypto_ahash_setkey
   crypto_alg_list
-  crypto_alg_mod_lookup
   crypto_alg_sem
   crypto_alloc_aead
   crypto_alloc_base
@@ -28,7 +29,6 @@
   crypto_alloc_skcipher
   crypto_attr_alg_name
   crypto_check_attr_type
-  crypto_cipher_decrypt_one
   crypto_cipher_encrypt_one
   crypto_cipher_setkey
   crypto_destroy_tfm
@@ -38,17 +38,23 @@
   crypto_grab_ahash
   crypto_grab_shash
   crypto_grab_skcipher
+  crypto_grab_spawn
   crypto_inst_setname
   crypto_put_default_null_skcipher
   crypto_register_aead
+  crypto_register_aeads
+  crypto_register_ahash
+  crypto_register_ahashes
   crypto_register_alg
+  crypto_register_algs
+  crypto_register_rng
   crypto_register_rngs
   crypto_register_shash
   crypto_register_shashes
+  crypto_register_skcipher
   crypto_register_skciphers
   crypto_register_template
   crypto_register_templates
-  crypto_remove_final
   crypto_remove_spawns
   crypto_req_done
   crypto_rng_reset
@@ -63,8 +69,10 @@
   crypto_skcipher_encrypt
   crypto_skcipher_setkey
   crypto_spawn_tfm2
+  crypto_spawn_tfm
   crypto_unregister_aead
   crypto_unregister_alg
+  crypto_unregister_rng
   crypto_unregister_rngs
   crypto_unregister_shash
   crypto_unregister_shashes
@@ -87,6 +95,7 @@
   kmalloc_order_trace
   kmem_cache_alloc_trace
   kmemdup
+  ktime_get
   __list_add_valid
   __list_del_entry_valid
   memcpy
@@ -99,6 +108,9 @@
   preempt_schedule_notrace
   printk
   queue_work_on
+  ___ratelimit
+  _raw_spin_lock
+  _raw_spin_unlock
   refcount_warn_saturate
   scatterwalk_ffwd
   scatterwalk_map_and_copy
@@ -121,7 +133,6 @@
   strlcpy
   strlen
   strncmp
-  synchronize_rcu_tasks
   system_wq
   __traceiter_android_vh_aes_decrypt
   __traceiter_android_vh_aes_encrypt
@@ -134,23 +145,29 @@
   tracepoint_probe_register
   up_write
   wait_for_completion
+  xa_load
+  xa_store
 
-# needed by fips140.ko but not identified by the tooling
+# preserved by --additions-only
-# TODO(b/189327973): [GKI: ABI] Build of fips140.ko module fails to identify some symbols
-  __crypto_memneq
-  __crypto_xor
   aes_decrypt
   aes_encrypt
   aes_expandkey
+  arm64_const_caps_ready
   ce_aes_expandkey
+  cpu_hwcap_keys
   crypto_aes_inv_sbox
   crypto_aes_sbox
   crypto_aes_set_key
+  crypto_alg_mod_lookup
+  crypto_cipher_decrypt_one
   crypto_ft_tab
   crypto_inc
   crypto_it_tab
+  __crypto_memneq
+  crypto_remove_final
   crypto_sha1_finup
   crypto_sha1_update
+  __crypto_xor
   gf128mul_lle
   sha1_transform
   sha224_final
@@ -158,3 +175,4 @@
   sha256_block_data_order
   sha256_final
   sha256_update
+  synchronize_rcu_tasks

android/abi_gki_aarch64_galaxy

@@ -749,11 +749,17 @@ blk_sync_queue
   blk_unregister_region
   blk_update_request
   blk_verify_command
+  blkcg_activate_policy
+  blkcg_deactivate_policy
+  blkcg_policy_register
+  blkcg_policy_unregister
+  blkcg_root
   blkdev_fsync
   blkdev_get_by_dev
   blkdev_get_by_path
   blkdev_issue_flush
   blkdev_put
+  blkg_lookup_slowpath
   blocking_notifier_call_chain
   blocking_notifier_chain_register
   blocking_notifier_chain_unregister
@@ -922,6 +928,8 @@ copy_from_kernel_nofault
   copy_page
   cpu_all_bits
   cpu_bit_bitmap
+  cpu_hotplug_disable
+  cpu_hotplug_enable
   cpu_hwcap_keys
   cpu_hwcaps
   cpu_irqtime
@@ -1010,6 +1018,7 @@ crypto_unregister_alg
   crypto_unregister_rngs
   crypto_unregister_scomp
   css_next_child
+  css_next_descendant_pre
   csum_ipv6_magic
   csum_partial
   csum_tcpudp_nofold
@@ -1163,6 +1172,7 @@ device_del
   device_destroy
   device_find_child
   device_for_each_child
+  device_get_child_node_count
   device_get_dma_attr
   device_get_mac_address
   device_get_match_data
@@ -1808,7 +1818,9 @@ drm_writeback_signal_completion
   drmm_kmalloc
   drmm_mode_config_init
   dst_release
+  dump_align
   dump_backtrace
+  dump_emit
   dump_stack
   dup_iter
   dw_handle_msi_irq
@@ -2432,6 +2444,7 @@ kstrtoull_from_user
   ksys_sync_helper
   kthread_bind
   kthread_bind_mask
+  kthread_blkcg
   kthread_cancel_delayed_work_sync
   kthread_cancel_work_sync
   kthread_create_on_node
@@ -2733,6 +2746,7 @@ of_clk_src_simple_get
   of_count_phandle_with_args
   of_cpu_node_to_id
   of_cpufreq_cooling_register
+  of_css
   of_devfreq_cooling_register
   of_devfreq_cooling_register_power
   of_device_get_match_data
@@ -3442,6 +3456,7 @@ scsi_compat_ioctl
   scsi_device_get
   scsi_device_put
   scsi_device_quiesce
+  scsi_dma_unmap
   scsi_eh_ready_devs
   scsi_ioctl
   scsi_ioctl_block_when_processing_errors
@@ -3484,6 +3499,7 @@ sdio_writesb
   securityfs_create_dir
   securityfs_create_file
   securityfs_remove
+  send_sig_info
   seq_buf_printf
   seq_file_path
   seq_hex_dump

android/abi_gki_aarch64_imx

@@ -133,6 +133,7 @@
   devm_extcon_dev_allocate
   devm_extcon_dev_register
   devm_free_irq
+  devm_get_clk_from_child
   devm_gpiochip_add_data_with_key
   devm_gpiod_get
   devm_gpiod_get_index
@@ -148,7 +149,6 @@
   devm_phy_create
   devm_phy_get
   devm_pinctrl_get
-  devm_pinctrl_put
   devm_platform_ioremap_resource
   __devm_regmap_init
   __devm_regmap_init_i2c
@@ -307,6 +307,7 @@
   drm_mode_duplicate
   drm_mode_equal
   drm_mode_find_dmt
+  drm_mode_is_420_also
   drm_mode_is_420_only
   drm_mode_probed_add
   drm_mode_set_name
@@ -337,7 +338,6 @@
   eth_validate_addr
   event_triggers_call
   extcon_set_state_sync
-  filp_close
   find_next_bit
   finish_wait
   flush_work
@@ -433,7 +433,6 @@
   kobject_put
   kobject_uevent_env
   kthread_create_on_node
-  kthread_should_stop
   ktime_get
   ktime_get_mono_fast_ns
   ktime_get_real_ts64
@@ -500,6 +499,7 @@
   netif_device_attach
   netif_device_detach
   netif_napi_add
+  netif_receive_skb
   netif_rx
   netif_rx_ni
   netif_tx_stop_all_queues
@@ -652,6 +652,8 @@
   regcache_mark_dirty
   regcache_sync
   __register_chrdev
+  register_inet6addr_notifier
+  register_inetaddr_notifier
   register_netdev
   register_netdevice
   register_netdevice_notifier
@@ -818,10 +820,11 @@
   trace_raw_output_prep
   trace_seq_printf
   try_module_get
-  tty_flip_buffer_push
   __udelay
   __unregister_chrdev
   unregister_chrdev_region
+  unregister_inet6addr_notifier
+  unregister_inetaddr_notifier
   unregister_netdev
   unregister_netdevice_notifier
   unregister_netdevice_queue
@@ -877,6 +880,7 @@
   v4l2_m2m_job_finish
   v4l2_m2m_next_buf
   v4l2_m2m_release
+  v4l2_src_change_event_subscribe
   v4l2_subdev_call_wrappers
   v4l2_subdev_init
   v4l2_subdev_link_validate
@@ -1140,7 +1144,6 @@
   drm_atomic_get_new_connector_for_encoder
   drm_connector_attach_max_bpc_property
   drm_connector_init_with_ddc
-  drm_mode_is_420_also
   drm_scdc_read
   drm_scdc_set_high_tmds_clock_ratio
   drm_scdc_set_scrambling
@@ -1258,8 +1261,6 @@
   __put_page
   reset_control_reset
   schedule_hrtimeout
-  set_user_nice
-  si_meminfo
   sync_file_create
   sync_file_get_fence
   __task_pid_nr_ns
@@ -1268,6 +1269,7 @@
   up_write
   vm_mmap
   vm_munmap
+  vm_zone_stat
 
 # required by gmsl-max9286.ko
   i2c_smbus_read_byte_data
@@ -1402,6 +1404,7 @@
   rational_best_approximation
   _raw_spin_trylock
   sysrq_mask
+  tty_flip_buffer_push
   __tty_insert_flip_char
   tty_insert_flip_string_fixed_flag
   tty_termios_encode_baud_rate
@@ -1533,13 +1536,10 @@
   kvfree
   kvmalloc_node
   netdev_set_default_ethtool_ops
-  netif_receive_skb
   netif_receive_skb_list
   prandom_bytes
   ___pskb_trim
   rcu_barrier
-  register_inet6addr_notifier
-  register_inetaddr_notifier
   rhashtable_free_and_destroy
   rhashtable_insert_slow
   rhltable_init
@@ -1560,14 +1560,10 @@
   __skb_gso_segment
   skb_queue_head
   system_freezable_wq
-  unregister_inet6addr_notifier
-  unregister_inetaddr_notifier
   unregister_netdevice_many
   __usecs_to_jiffies
 
 # required by moal.ko
-  bitmap_parse
-  cpumask_next_and
   default_wake_function
   hex_dump_to_buffer
   in4_pton
@@ -1579,6 +1575,7 @@
   iw_handler_get_thrspy
   iw_handler_set_spy
   iw_handler_set_thrspy
+  kthread_should_stop
   ktime_get_raw_ts64
   mmc_hw_reset
   mmc_set_data_timeout
@@ -1609,7 +1606,7 @@
   proc_create_data
   proc_mkdir
   remove_proc_entry
-  rps_needed
+  request_firmware_direct
   sdio_claim_host
   sdio_claim_irq
   sdio_disable_func
@@ -1629,8 +1626,6 @@
   sdio_writesb
   skb_realloc_headroom
   sort
-  static_key_slow_dec
-  static_key_slow_inc
   strcat
   strchr
   strim
@@ -1680,7 +1675,6 @@
 # required by mxc-jpeg-encdec.ko
   v4l2_m2m_dqbuf
   v4l2_m2m_qbuf
-  v4l2_src_change_event_subscribe
 
 # required by mxs-dma.ko
   dmaenginem_async_device_register
@@ -1720,6 +1714,9 @@
   v4l2_event_subdev_unsubscribe
   __v4l2_find_nearest_size
 
+# required by ov5640_camera_mipi_v2.ko
+  devm_pinctrl_put
+
 # required by panel-raydium-rm67191.ko
   devm_backlight_device_register
   mipi_dsi_dcs_enter_sleep_mode
@@ -1836,7 +1833,6 @@
   backlight_device_register
   backlight_device_unregister
   devm_pwm_get
-  gpiod_get_direction
   pwm_apply_state
   pwm_free
   pwm_request
@@ -1995,7 +1991,6 @@
   snd_soc_dapm_put_enum_double
 
 # required by snd-soc-simple-card-utils.ko
-  devm_get_clk_from_child
   devm_kvasprintf
   of_property_read_string_helper
   snd_soc_dapm_get_pin_switch
@@ -2056,6 +2051,8 @@
 
 # required by trusty-ipc.ko
   _copy_from_iter
+  dma_buf_vmap
+  dma_buf_vunmap
   fget
   import_iovec
   strncpy_from_user
@@ -2117,6 +2114,7 @@
 # required by vsiv4l2.ko
   devm_device_add_group
   v4l2_event_dequeue
+  vb2_create_bufs
   vb2_prepare_buf
 
 # required by vvcam-video.ko

android/abi_gki_aarch64_mtk

@@ -1940,6 +1940,7 @@
   __traceiter_android_vh_rwsem_wake
   __traceiter_android_vh_rwsem_write_finished
   __traceiter_android_vh_scheduler_tick
+  __traceiter_android_vh_scmi_timeout_sync
   __traceiter_android_vh_selinux_avc_insert
   __traceiter_android_vh_selinux_avc_lookup
   __traceiter_android_vh_selinux_avc_node_delete
@@ -1952,6 +1953,7 @@
   __traceiter_android_vh_set_module_permit_after_init
   __traceiter_android_vh_set_module_permit_before_init
   __traceiter_android_vh_set_wake_flags
+  __traceiter_android_vh_snd_soc_card_get_comp_chain
   __traceiter_android_vh_syscall_prctl_finished
   __traceiter_android_vh_ufs_send_command
   __traceiter_android_vh_ufs_send_tm_command
@@ -2018,6 +2020,7 @@
   __tracepoint_android_vh_rwsem_wake
   __tracepoint_android_vh_rwsem_write_finished
   __tracepoint_android_vh_scheduler_tick
+  __tracepoint_android_vh_scmi_timeout_sync
   __tracepoint_android_vh_selinux_avc_insert
   __tracepoint_android_vh_selinux_avc_lookup
   __tracepoint_android_vh_selinux_avc_node_delete
@@ -2030,6 +2033,7 @@
   __tracepoint_android_vh_set_module_permit_after_init
   __tracepoint_android_vh_set_module_permit_before_init
   __tracepoint_android_vh_set_wake_flags
+  __tracepoint_android_vh_snd_soc_card_get_comp_chain
   __tracepoint_android_vh_syscall_prctl_finished
   __tracepoint_android_vh_ufs_send_command
   __tracepoint_android_vh_ufs_send_tm_command

android/abi_gki_aarch64_oplus

@@ -1173,7 +1173,10 @@
   ioremap_cache
   iounmap
   __iowrite32_copy
+  ip6_local_out
+  ip6_route_me_harder
   ipi_desc_get
+  ip_local_out
   ip_route_me_harder
   iput
   ipv6_find_hdr
@@ -1526,6 +1529,7 @@
   net_namespace_list
   net_ns_type_operations
   net_ratelimit
+  nf_ct_attach
   nf_ct_delete
   nf_register_net_hooks
   nf_unregister_net_hooks
@@ -2254,6 +2258,7 @@
   si_swapinfo
   sk_alloc
   skb_add_rx_frag
+  __skb_checksum_complete
   skb_checksum_help
   skb_clone
   skb_clone_sk
@@ -2263,6 +2268,7 @@
   skb_copy_datagram_iter
   skb_copy_expand
   skb_dequeue
+  skb_dump
   skb_ensure_writable
   skb_free_datagram
   __skb_get_hash
@@ -2592,8 +2598,10 @@
   __traceiter_android_vh_clear_mask_adjust
   __traceiter_android_vh_clear_reserved_fmt_fields
   __traceiter_android_vh_commit_creds
+  __traceiter_android_vh_cpufreq_acct_update_power
   __traceiter_android_vh_cpu_idle_enter
   __traceiter_android_vh_cpu_idle_exit
+  __traceiter_android_vh_cpu_up
   __traceiter_android_vh_do_send_sig_info
   __traceiter_android_vh_em_cpu_energy
   __traceiter_android_vh_exclude_reserved_zone
@@ -2617,6 +2625,12 @@
   __traceiter_android_vh_jiffies_update
   __traceiter_android_vh_kmalloc_slab
   __traceiter_android_vh_logbuf
+  __traceiter_android_vh_mem_cgroup_alloc
+  __traceiter_android_vh_mem_cgroup_css_offline
+  __traceiter_android_vh_mem_cgroup_css_online
+  __traceiter_android_vh_mem_cgroup_free
+  __traceiter_android_vh_mem_cgroup_id_remove
+  __traceiter_android_vh_meminfo_proc_show
   __traceiter_android_vh_mutex_unlock_slowpath
   __traceiter_android_vh_mutex_wait_finish
   __traceiter_android_vh_mutex_wait_start
@@ -2625,6 +2639,7 @@
   __traceiter_android_vh_printk_hotplug
   __traceiter_android_vh_process_killed
   __traceiter_android_vh_revert_creds
+  __traceiter_android_vh_rmqueue
   __traceiter_android_vh_rwsem_init
   __traceiter_android_vh_rwsem_wake
   __traceiter_android_vh_rwsem_wake_finish
@@ -2653,6 +2668,7 @@
   __traceiter_android_vh_syscall_prctl_finished
   __traceiter_android_vh_timer_calc_index
   __traceiter_android_vh_tune_inactive_ratio
+  __traceiter_android_vh_tune_scan_type
   __traceiter_android_vh_tune_swappiness
   __traceiter_android_vh_ufs_compl_command
   __traceiter_android_vh_ufs_send_command
@@ -2673,9 +2689,11 @@
   __traceiter_sched_overutilized_tp
   __traceiter_sched_stat_blocked
   __traceiter_sched_stat_iowait
+  __traceiter_sched_stat_sleep
   __traceiter_sched_stat_wait
   __traceiter_sched_switch
   __traceiter_sched_update_nr_running_tp
+  __traceiter_sched_waking
   __traceiter_suspend_resume
   __traceiter_task_newtask
   __traceiter_task_rename
@@ -2766,8 +2784,10 @@
   __tracepoint_android_vh_clear_mask_adjust
   __tracepoint_android_vh_clear_reserved_fmt_fields
   __tracepoint_android_vh_commit_creds
+  __tracepoint_android_vh_cpufreq_acct_update_power
   __tracepoint_android_vh_cpu_idle_enter
   __tracepoint_android_vh_cpu_idle_exit
+  __tracepoint_android_vh_cpu_up
   __tracepoint_android_vh_do_send_sig_info
   __tracepoint_android_vh_em_cpu_energy
   __tracepoint_android_vh_exclude_reserved_zone
@@ -2791,6 +2811,12 @@
   __tracepoint_android_vh_jiffies_update
   __tracepoint_android_vh_kmalloc_slab
   __tracepoint_android_vh_logbuf
+  __tracepoint_android_vh_mem_cgroup_alloc
+  __tracepoint_android_vh_mem_cgroup_css_offline
+  __tracepoint_android_vh_mem_cgroup_css_online
+  __tracepoint_android_vh_mem_cgroup_free
+  __tracepoint_android_vh_mem_cgroup_id_remove
+  __tracepoint_android_vh_meminfo_proc_show
   __tracepoint_android_vh_mutex_unlock_slowpath
   __tracepoint_android_vh_mutex_wait_finish
   __tracepoint_android_vh_mutex_wait_start
@@ -2799,6 +2825,7 @@
   __tracepoint_android_vh_printk_hotplug
   __tracepoint_android_vh_process_killed
   __tracepoint_android_vh_revert_creds
+  __tracepoint_android_vh_rmqueue
   __tracepoint_android_vh_rwsem_init
   __tracepoint_android_vh_rwsem_wake
   __tracepoint_android_vh_rwsem_wake_finish
@@ -2827,6 +2854,7 @@
   __tracepoint_android_vh_syscall_prctl_finished
   __tracepoint_android_vh_timer_calc_index
   __tracepoint_android_vh_tune_inactive_ratio
+  __tracepoint_android_vh_tune_scan_type
   __tracepoint_android_vh_tune_swappiness
   __tracepoint_android_vh_ufs_compl_command
   __tracepoint_android_vh_ufs_send_command
@@ -2850,9 +2878,11 @@
   __tracepoint_sched_overutilized_tp
   __tracepoint_sched_stat_blocked
   __tracepoint_sched_stat_iowait
+  __tracepoint_sched_stat_sleep
   __tracepoint_sched_stat_wait
   __tracepoint_sched_switch
   __tracepoint_sched_update_nr_running_tp
+  __tracepoint_sched_waking
   tracepoint_srcu
   __tracepoint_suspend_resume
   __tracepoint_task_newtask

android/abi_gki_aarch64_rockchip

@@ -56,7 +56,11 @@
   __clk_get_name
   clk_get_parent
   clk_get_rate
+  clk_hw_get_flags
   clk_hw_get_name
+  clk_hw_get_parent
+  clk_hw_get_rate
+  __clk_mux_determine_rate
   clk_notifier_register
   clk_notifier_unregister
   clk_prepare
@@ -109,6 +113,7 @@
   del_gendisk
   del_timer
   del_timer_sync
+  desc_to_gpio
   destroy_workqueue
   dev_driver_string
   _dev_err
@@ -140,9 +145,10 @@
   devm_devfreq_register_opp_notifier
   devm_extcon_dev_allocate
   devm_extcon_dev_register
-  devm_extcon_register_notifier
   devm_free_irq
   devm_fwnode_gpiod_get_index
+  devm_get_clk_from_child
+  devm_gpiochip_add_data_with_key
   devm_gpiod_get
   devm_gpiod_get_index
   devm_gpiod_get_index_optional
@@ -156,18 +162,21 @@
   devm_kmemdup
   devm_kstrdup
   devm_led_classdev_register_ext
+  devm_mfd_add_devices
   devm_nvmem_register
   devm_of_clk_add_hw_provider
   __devm_of_phy_provider_register
   devm_phy_create
   devm_phy_get
   devm_pinctrl_get
+  devm_pinctrl_register
   devm_platform_get_and_ioremap_resource
   devm_platform_ioremap_resource
   devm_platform_ioremap_resource_byname
   devm_power_supply_register
   devm_pwm_get
   devm_regmap_field_alloc
+  __devm_regmap_init
   __devm_regmap_init_i2c
   __devm_regmap_init_mmio_clk
   devm_regulator_bulk_get
@@ -294,7 +303,6 @@
   dummy_irq_chip
   enable_irq
   extcon_get_edev_by_phandle
-  extcon_get_property
   extcon_get_state
   extcon_register_notifier
   extcon_set_state_sync
@@ -308,6 +316,7 @@
   flush_workqueue
   fpsimd_context_busy
   frame_vector_to_pages
+  free_irq
   __free_pages
   free_pages
   fwnode_handle_put
@@ -340,6 +349,7 @@
   gpiod_set_value_cansleep
   gpiod_to_irq
   gpio_to_desc
+  handle_nested_irq
   handle_simple_irq
   hid_debug
   hid_hw_close
@@ -358,6 +368,7 @@
   i2c_get_adapter
   i2c_put_adapter
   i2c_register_driver
+  i2c_smbus_read_byte_data
   __i2c_smbus_xfer
   i2c_smbus_xfer
   i2c_transfer
@@ -383,11 +394,14 @@
   iommu_get_domain_for_dev
   __ioremap
   iounmap
+  irq_create_mapping_affinity
   __irq_domain_add
   irq_domain_remove
   irq_find_mapping
   irq_get_irq_data
+  irq_modify_status
   irq_set_chained_handler_and_data
+  irq_set_chip
   irq_set_chip_and_handler_name
   irq_set_chip_data
   irq_set_irq_type
@@ -449,7 +463,9 @@
   memdup_user
   memset
   memstart_addr
+  mfd_remove_devices
   mmc_of_parse
+  mod_delayed_work_on
   mod_timer
   module_layout
   module_put
@@ -471,6 +487,7 @@
   of_clk_del_provider
   of_clk_get
   of_clk_get_by_name
+  of_clk_src_onecell_get
   of_clk_src_simple_get
   of_count_phandle_with_args
   of_devfreq_cooling_register_power
@@ -522,11 +539,15 @@
   phy_power_off
   phy_power_on
   phy_set_mode_ext
+  pinconf_generic_dt_node_to_map
   pinctrl_dev_get_drvdata
+  pinctrl_gpio_direction_input
+  pinctrl_gpio_direction_output
   pinctrl_lookup_state
   pinctrl_pm_select_default_state
   pinctrl_pm_select_sleep_state
   pinctrl_select_state
+  pinctrl_utils_free_map
   platform_bus_type
   platform_device_put
   platform_device_register_full
@@ -593,7 +614,9 @@
   regmap_bulk_write
   regmap_field_read
   regmap_field_update_bits_base
+  regmap_irq_get_domain
   regmap_irq_get_virq
+  regmap_raw_write
   regmap_read
   regmap_update_bits_base
   regmap_write
@@ -616,6 +639,7 @@
   regulator_set_voltage_time_sel
   remap_pfn_range
   remove_proc_entry
+  request_threaded_irq
   reset_control_assert
   reset_control_deassert
   revalidate_disk_size
@@ -624,6 +648,7 @@
   rtc_tm_to_time64
   rtc_valid_tm
   scatterwalk_map_and_copy
+  sched_clock
   schedule
   schedule_timeout
   scnprintf
@@ -676,6 +701,8 @@
   snd_soc_put_enum_double
   snd_soc_put_volsw
   snprintf
+  __spi_register_driver
+  spi_sync
   sprintf
   sscanf
   __stack_chk_fail
@@ -694,6 +721,7 @@
   sysfs_create_file_ns
   sysfs_create_group
   sysfs_create_link
+  __sysfs_match_string
   sysfs_remove_group
   sysfs_remove_link
   system_unbound_wq
@@ -714,6 +742,7 @@
   update_devfreq
   up_read
   up_write
+  usb_debug_root
   usleep_range
   uuid_null
   v4l2_async_notifier_cleanup
@@ -826,7 +855,6 @@
   drm_dp_dpcd_write
   drm_dp_start_crc
   drm_dp_stop_crc
-  irq_modify_status
 
 # required by ch.ko
   param_array_ops
@@ -839,6 +867,15 @@
   of_clk_add_hw_provider
   of_clk_hw_simple_get
 
+# required by clk-rk628.ko
+  devm_reset_controller_register
+
+# required by clk-rockchip-regmap.ko
+  clk_hw_get_num_parents
+  clk_hw_get_parent_by_index
+  divider_recalc_rate
+  divider_round_rate_parent
+
 # required by clk-rockchip.ko
   clk_divider_ops
   clk_divider_ro_ops
@@ -846,12 +883,8 @@
   clk_fractional_divider_ops
   clk_gate_ops
   __clk_get_hw
-  clk_hw_get_flags
-  clk_hw_get_parent
-  clk_hw_get_rate
   clk_hw_register_composite
   clk_hw_round_rate
-  __clk_mux_determine_rate
   clk_mux_ops
   clk_mux_ro_ops
   clk_register_composite
@@ -861,7 +894,6 @@
   clk_register_mux_table
   divider_get_val
   match_string
-  of_clk_src_onecell_get
   register_restart_handler
   reset_controller_register
   __udelay
@@ -922,7 +954,6 @@
   power_supply_get_battery_info
   power_supply_put_battery_info
   regmap_raw_read
-  regmap_raw_write
 
 # required by dw-hdmi-cec.ko
   cec_allocate_adapter
@@ -968,7 +999,6 @@
   extcon_set_property_capability
   hdmi_drm_infoframe_pack
   hdmi_vendor_infoframe_pack
-  mod_delayed_work_on
   of_get_i2c_adapter_by_node
 
 # required by dw-mipi-dsi.ko
@@ -1031,7 +1061,6 @@
   usb_add_hcd
   usb_calc_bus_time
   usb_create_hcd
-  usb_debug_root
   usb_del_gadget_udc
   usb_disabled
   usb_ep_set_maxpacket_limit
@@ -1060,6 +1089,23 @@
 # required by fan53555.ko
   gpiod_set_raw_value
 
+# required by fusb302.ko
+  device_get_named_child_node
+  disable_irq_nosync
+  extcon_get_extcon_dev
+  fwnode_create_software_node
+  i2c_smbus_read_i2c_block_data
+  i2c_smbus_write_byte_data
+  i2c_smbus_write_i2c_block_data
+  tcpm_cc_change
+  tcpm_pd_hard_reset
+  tcpm_pd_receive
+  tcpm_pd_transmit_complete
+  tcpm_register_port
+  tcpm_unregister_port
+  tcpm_vbus_change
+  vsnprintf
+
 # required by ghash-ce.ko
   aes_expandkey
   gf128mul_lle
@@ -1073,7 +1119,6 @@
   handle_edge_irq
   handle_level_irq
   __irq_alloc_domain_generic_chips
-  irq_create_mapping_affinity
   irq_gc_ack_set_bit
   irq_gc_mask_clr_bit
   irq_gc_mask_set_bit
@@ -1114,19 +1159,16 @@
   i2c_verify_client
 
 # required by i2c-gpio.ko
-  desc_to_gpio
   i2c_bit_add_numbered_bus
 
 # required by i2c-hid.ko
   dev_printk
-  free_irq
   hid_add_device
   hid_allocate_device
   hid_destroy_device
   hid_input_report
   hid_parse_report
   i2c_smbus_read_byte
-  request_threaded_irq
 
 # required by i2c-mux.ko
   i2c_add_numbered_adapter
@@ -1381,6 +1423,7 @@
   nvmem_cell_get
 
 # required by phy-rockchip-inno-usb2.ko
+  devm_extcon_register_notifier
   extcon_set_state
   extcon_sync
   wakeup_source_remove
@@ -1389,16 +1432,24 @@
   strcasecmp
   usb_add_phy
 
+# required by phy-rockchip-typec.ko
+  extcon_get_property
+
 # required by phy-rockchip-usb.ko
   __of_reset_control_get
 
-# required by pinctrl-rk805.ko
+# required by pinctrl-rk628.ko
-  devm_gpiochip_add_data_with_key
+  irq_domain_xlate_twocell
-  devm_pinctrl_register
+  pinctrl_add_gpio_range
-  pinconf_generic_dt_node_to_map
+  pinctrl_find_gpio_range_from_pin
-  pinctrl_gpio_direction_input
+
-  pinctrl_gpio_direction_output
+# required by pinctrl-rockchip.ko
-  pinctrl_utils_free_map
+  of_find_node_by_phandle
+  of_platform_populate
+  pinconf_generic_parse_dt_config
+  pinctrl_force_default
+  pinctrl_force_sleep
+  pin_get_name
 
 # required by pl330.ko
   amba_driver_register
@@ -1448,22 +1499,35 @@
   devres_release
   kernel_kobj
 
+# required by rk628.ko
+  irq_dispose_mapping
+  irq_domain_xlate_onetwocell
+  irq_set_parent
+  mfd_add_devices
+
 # required by rk805-pwrkey.ko
   devm_request_any_context_irq
   input_set_capability
 
+# required by rk806-core.ko
+  devm_regmap_add_irq_chip
+
+# required by rk806-spi.ko
+  spi_write_then_read
+
 # required by rk808-regulator.ko
   gpiod_is_active_low
 
 # required by rk808.ko
-  devm_mfd_add_devices
-  i2c_smbus_read_byte_data
   kobject_create_and_add
   platform_device_add
   platform_device_alloc
+  pm_power_off_prepare
+  register_syscore_ops
   regmap_add_irq_chip
   regmap_del_irq_chip
-  regmap_irq_get_domain
+  system_state
+  unregister_syscore_ops
 
 # required by rk818_battery.ko
   blocking_notifier_call_chain
@@ -1571,9 +1635,6 @@
   iio_push_to_buffers
   iio_trigger_notify_done
 
-# required by rockchip_sip.ko
-  sched_clock
-
 # required by rockchip_thermal.ko
   devm_thermal_zone_of_sensor_register
   thermal_zone_device_disable
@@ -1719,6 +1780,7 @@
   drm_property_create_range
   drm_property_destroy
   __drm_puts_seq_file
+  drm_rect_calc_hscale
   drm_send_event_locked
   drm_simple_encoder_init
   drm_universal_plane_init
@@ -1822,7 +1884,6 @@
   of_property_read_variable_u8_array
 
 # required by snd-soc-cx2072x.ko
-  __devm_regmap_init
   regmap_multi_reg_write
   snd_soc_params_to_frame_size
 
@@ -1840,8 +1901,13 @@
   snd_pcm_hw_constraint_eld
   snd_soc_dapm_add_routes
 
+# required by snd-soc-rk817.ko
+  snd_soc_add_component_controls
+  snd_soc_component_exit_regmap
+  snd_soc_component_init_regmap
+  snd_soc_unregister_component
+
 # required by snd-soc-simple-card-utils.ko
-  devm_get_clk_from_child
   devm_kasprintf
   devm_kvasprintf
   snd_soc_card_jack_new
@@ -1874,9 +1940,7 @@
   spi_finalize_current_transfer
 
 # required by spidev.ko
-  __spi_register_driver
   spi_setup
-  spi_sync
   stream_open
 
 # required by system_heap.ko
@@ -1889,6 +1953,12 @@
   __sg_page_iter_next
   __sg_page_iter_start
 
+# required by tcpci_husb311.ko
+  i2c_smbus_read_word_data
+  tcpci_irq
+  tcpci_register_port
+  tcpci_unregister_port
+
 # required by tee.ko
   bus_register
   bus_unregister
@@ -1913,6 +1983,19 @@
 # required by tps65132-regulator.ko
   regulator_set_active_discharge_regmap
 
+# required by typec_displayport.ko
+  fwnode_find_reference
+  sysfs_notify
+  typec_altmode2port
+  typec_altmode_enter
+  typec_altmode_exit
+  typec_altmode_get_partner
+  typec_altmode_notify
+  __typec_altmode_register_driver
+  typec_altmode_unregister_driver
+  typec_altmode_vdm
+  typec_get_negotiated_svdm_version
+
 # required by v4l2-fwnode.ko
   fwnode_device_is_available
   fwnode_get_name
@@ -1970,7 +2053,6 @@
   page_endio
   register_blkdev
   strcpy
-  __sysfs_match_string
   sysfs_streq
   unregister_blkdev
   vzalloc

android/abi_gki_aarch64_virtual_device

@@ -693,9 +693,7 @@
   led_set_brightness_nosleep
   led_trigger_event
   led_trigger_register
-  led_trigger_register_simple
   led_trigger_unregister
-  led_trigger_unregister_simple
 
 # required by lzo-rle.ko
   lzorle1x_1_compress
@@ -1349,6 +1347,7 @@
 # required by virtio_pci.ko
   irq_set_affinity_hint
   pci_alloc_irq_vectors_affinity
+  pci_device_is_present
   pci_disable_sriov
   pci_enable_sriov
   pci_find_capability
@@ -1383,8 +1382,6 @@
   wait_for_completion_interruptible_timeout
 
 # required by vmw_vsock_virtio_transport.ko
-  lock_sock_nested
-  release_sock
   virtio_transport_connect
   virtio_transport_deliver_tap_pkt
   virtio_transport_destruct

android/abi_gki_aarch64_vivo

@@ -1713,6 +1713,8 @@
   __traceiter_android_vh_binder_wakeup_ilocked
   __traceiter_android_vh_cpu_idle_enter
   __traceiter_android_vh_cpu_idle_exit
+  __traceiter_android_vh_filemap_fault_cache_page
+  __traceiter_android_vh_filemap_fault_get_page
   __traceiter_android_vh_ftrace_dump_buffer
   __traceiter_android_vh_ftrace_format_check
   __traceiter_android_vh_ftrace_oops_enter
@@ -1721,6 +1723,7 @@
   __traceiter_android_vh_iommu_setup_dma_ops
   __traceiter_android_vh_ipi_stop
   __traceiter_android_vh_jiffies_update
+  __traceiter_android_vh_mmap_region
   __traceiter_android_vh_mmc_attach_sd
   __traceiter_android_vh_mmc_blk_mq_rw_recovery
   __traceiter_android_vh_mmc_blk_reset
@@ -1732,7 +1735,9 @@
   __traceiter_android_vh_show_max_freq
   __traceiter_android_vh_show_resume_epoch_val
   __traceiter_android_vh_show_suspend_epoch_val
+  __traceiter_android_vh_shrink_slab_bypass
   __traceiter_android_vh_timer_calc_index
+  __traceiter_android_vh_try_to_unmap_one
   __traceiter_android_vh_ufs_check_int_errors
   __traceiter_android_vh_ufs_compl_command
   __traceiter_android_vh_ufs_send_command
@@ -1782,10 +1787,15 @@
   __tracepoint_android_rvh_set_readahead_gfp_mask
   __tracepoint_android_rvh_set_skip_swapcache_flags
   __tracepoint_android_rvh_set_task_cpu
+  __tracepoint_android_rvh_tcp_recvmsg
+  __tracepoint_android_rvh_tcp_recvmsg_stat
+  __tracepoint_android_rvh_tcp_sendmsg_locked
   __tracepoint_android_rvh_tick_entry
   __tracepoint_android_rvh_try_to_wake_up
   __tracepoint_android_rvh_try_to_wake_up_success
   __tracepoint_android_rvh_ttwu_cond
+  __tracepoint_android_rvh_udp_recvmsg
+  __tracepoint_android_rvh_udp_sendmsg
   __tracepoint_android_rvh_update_cpu_capacity
   __tracepoint_android_rvh_update_cpus_allowed
   __tracepoint_android_rvh_update_misfit_status
@@ -1799,6 +1809,8 @@
   __tracepoint_android_vh_cpu_idle_enter
   __tracepoint_android_vh_cpu_idle_exit
   __tracepoint_android_vh_dup_task_struct
+  __tracepoint_android_vh_filemap_fault_cache_page
+  __tracepoint_android_vh_filemap_fault_get_page
   __tracepoint_android_vh_ftrace_dump_buffer
   __tracepoint_android_vh_ftrace_format_check
   __tracepoint_android_vh_ftrace_oops_enter
@@ -1808,6 +1820,7 @@
   __tracepoint_android_vh_ipi_stop
   __tracepoint_android_vh_irqtime_account_process_tick
   __tracepoint_android_vh_jiffies_update
+  __tracepoint_android_vh_mmap_region
   __tracepoint_android_vh_mmc_attach_sd
   __tracepoint_android_vh_mmc_blk_mq_rw_recovery
   __tracepoint_android_vh_mmc_blk_reset
@@ -1819,7 +1832,9 @@
   __tracepoint_android_vh_show_max_freq
   __tracepoint_android_vh_show_resume_epoch_val
   __tracepoint_android_vh_show_suspend_epoch_val
+  __tracepoint_android_vh_shrink_slab_bypass
   __tracepoint_android_vh_timer_calc_index
+  __tracepoint_android_vh_try_to_unmap_one
   __tracepoint_android_vh_tune_scan_type
   __tracepoint_android_vh_tune_swappiness
   __tracepoint_android_vh_ufs_check_int_errors

arch/arm64/Makefile.postlink

@@ -3,8 +3,11 @@
 #
 # This file is included by the generic Kbuild makefile to permit the
 # architecture to perform postlink actions on vmlinux and any .ko module file.
-# In this case, we only need it for fips140.ko, which needs a HMAC digest to be
+# In this case, we only need it for fips140.ko, which needs some postprocessing
-# injected into it. All other targets are NOPs.
+# for the integrity check mandated by FIPS. This involves making copies of the
+# relocation sections so that the module will have access to them at
+# initialization time, and calculating and injecting a HMAC digest into the
+# module. All other targets are NOPs.
 #
 
 PHONY := __archpost
@@ -15,7 +18,14 @@ include scripts/Kbuild.include
 
 CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac
 quiet_cmd_gen_hmac = HMAC    $@
-      cmd_gen_hmac = $(CMD_FIPS140_GEN_HMAC) $@
+      cmd_gen_hmac = $(OBJCOPY) $@ \
+	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')=$@.rela.text \
+	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')=$@.rela.rodata \
+	--add-section=.init.rela.text=$@.rela.text \
+	--add-section=.init.rela.rodata=$@.rela.rodata \
+	--set-section-flags=.init.rela.text=alloc,readonly \
+	--set-section-flags=.init.rela.rodata=alloc,readonly && \
+	$(CMD_FIPS140_GEN_HMAC) $@
 
 # `@true` prevents complaints when there is nothing to be done
 
@@ -29,7 +39,7 @@ $(objtree)/crypto/fips140.ko: FORCE
 	@true
 
 clean:
-	@true
+	rm -f $(objtree)/crypto/fips140.ko.rela.*
 
 PHONY += FORCE clean
 

arch/arm64/configs/gki_defconfig

@@ -495,6 +495,7 @@ CONFIG_USB_CONFIGFS_F_AUDIO_SRC=y
 CONFIG_USB_CONFIGFS_F_UAC2=y
 CONFIG_USB_CONFIGFS_F_MIDI=y
 CONFIG_USB_CONFIGFS_F_HID=y
+CONFIG_USB_CONFIGFS_F_UVC=y
 CONFIG_TYPEC=y
 CONFIG_TYPEC_TCPM=y
 CONFIG_TYPEC_TCPCI=y
@@ -667,7 +668,10 @@ CONFIG_MAGIC_SYSRQ=y
 CONFIG_UBSAN=y
 CONFIG_UBSAN_TRAP=y
 CONFIG_UBSAN_LOCAL_BOUNDS=y
-# CONFIG_UBSAN_MISC is not set
+# CONFIG_UBSAN_SHIFT is not set
+# CONFIG_UBSAN_OBJECT_SIZE is not set
+# CONFIG_UBSAN_BOOL is not set
+# CONFIG_UBSAN_ENUM is not set
 CONFIG_PAGE_OWNER=y
 CONFIG_PAGE_PINNER=y
 CONFIG_DEBUG_MEMORY_INIT=y

arch/arm64/configs/rockchip_gki.fragment

@@ -0,0 +1,237 @@
+CONFIG_ARCH_ROCKCHIP=y
+CONFIG_ARM_ROCKCHIP_BUS_DEVFREQ=m
+CONFIG_ARM_ROCKCHIP_CPUFREQ=m
+# CONFIG_ATA_SFF is not set
+CONFIG_BACKLIGHT_PWM=m
+CONFIG_BATTERY_CW2015=m
+CONFIG_BATTERY_RK817=m
+CONFIG_BATTERY_RK818=m
+CONFIG_BLK_DEV_NVME=m
+CONFIG_BMA2XX_ACC=m
+CONFIG_CHARGER_BQ25700=m
+CONFIG_CHARGER_RK817=m
+CONFIG_CHARGER_RK818=m
+CONFIG_CHR_DEV_SCH=m
+CONFIG_CHR_DEV_SG=m
+# CONFIG_CLK_RK1808 is not set
+# CONFIG_CLK_RK3308 is not set
+CONFIG_COMMON_CLK_PWM=m
+CONFIG_COMMON_CLK_RK808=m
+CONFIG_COMMON_CLK_ROCKCHIP=m
+CONFIG_COMMON_CLK_SCMI=m
+CONFIG_COMPASS_AK8963=m
+CONFIG_COMPASS_AK8975=m
+CONFIG_COMPASS_DEVICE=m
+CONFIG_CPUFREQ_DT=m
+CONFIG_CPU_FREQ_GOV_ONDEMAND=m
+CONFIG_CPU_FREQ_GOV_USERSPACE=m
+CONFIG_CPU_PX30=y
+CONFIG_CPU_RK3328=y
+CONFIG_CPU_RK3368=y
+CONFIG_CPU_RK3399=y
+CONFIG_CPU_RK3568=y
+CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
+CONFIG_CRYPTO_GHASH_ARM64_CE=m
+CONFIG_CRYPTO_SHA1_ARM64_CE=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_DEVFREQ_EVENT_ROCKCHIP_NOCP=m
+CONFIG_DMABUF_HEAPS_CMA=m
+CONFIG_DMABUF_HEAPS_SYSTEM=m
+CONFIG_DRAGONRISE_FF=y
+CONFIG_DRM_DW_HDMI_CEC=m
+CONFIG_DRM_DW_HDMI_I2S_AUDIO=m
+CONFIG_DRM_PANEL_SIMPLE=m
+CONFIG_DRM_ROCKCHIP=m
+CONFIG_DRM_SII902X=m
+CONFIG_DTC_SYMBOLS=y
+# CONFIG_DWMAC_GENERIC is not set
+CONFIG_DW_WATCHDOG=m
+CONFIG_GPIO_ROCKCHIP=m
+CONFIG_GREENASIA_FF=y
+CONFIG_GSENSOR_DEVICE=m
+CONFIG_GS_DA223=m
+CONFIG_GS_KXTJ9=m
+CONFIG_GS_LIS3DH=m
+CONFIG_GS_LSM303D=m
+CONFIG_GS_MC3230=m
+CONFIG_GS_MMA7660=m
+CONFIG_GS_MMA8452=m
+CONFIG_GS_MXC6655XA=m
+CONFIG_GS_SC7660=m
+CONFIG_GS_SC7A20=m
+CONFIG_GS_SC7A30=m
+CONFIG_GYROSCOPE_DEVICE=m
+CONFIG_GYRO_EWTSA=m
+CONFIG_GYRO_L3G20D=m
+CONFIG_GYRO_L3G4200D=m
+CONFIG_GYRO_LSM330=m
+CONFIG_GYRO_MPU6500=m
+CONFIG_GYRO_MPU6880=m
+CONFIG_HALL_DEVICE=m
+CONFIG_HID_A4TECH=m
+CONFIG_HID_ACRUX=m
+CONFIG_HID_ACRUX_FF=y
+CONFIG_HID_ALPS=m
+CONFIG_HID_APPLEIR=m
+CONFIG_HID_AUREAL=m
+CONFIG_HID_BELKIN=m
+CONFIG_HID_CHERRY=m
+CONFIG_HID_CHICONY=m
+CONFIG_HID_CYPRESS=m
+CONFIG_HID_DRAGONRISE=m
+CONFIG_HID_EMS_FF=m
+CONFIG_HID_EZKEY=m
+CONFIG_HID_GREENASIA=m
+CONFIG_HID_GYRATION=m
+CONFIG_HID_HOLTEK=m
+CONFIG_HID_ICADE=m
+CONFIG_HID_KENSINGTON=m
+CONFIG_HID_KEYTOUCH=m
+CONFIG_HID_KYE=m
+CONFIG_HID_LCPOWER=m
+CONFIG_HID_LENOVO=m
+CONFIG_HID_MONTEREY=m
+CONFIG_HID_NTRIG=m
+CONFIG_HID_ORTEK=m
+CONFIG_HID_PANTHERLORD=m
+CONFIG_HID_PETALYNX=m
+CONFIG_HID_PRIMAX=m
+CONFIG_HID_SAITEK=m
+CONFIG_HID_SAMSUNG=m
+CONFIG_HID_SMARTJOYPLUS=m
+CONFIG_HID_SPEEDLINK=m
+CONFIG_HID_STEELSERIES=m
+CONFIG_HID_SUNPLUS=m
+CONFIG_HID_THINGM=m
+CONFIG_HID_THRUSTMASTER=m
+CONFIG_HID_TIVO=m
+CONFIG_HID_TOPSEED=m
+CONFIG_HID_TWINHAN=m
+CONFIG_HID_WALTOP=m
+CONFIG_HID_ZEROPLUS=m
+CONFIG_HID_ZYDACRON=m
+CONFIG_HS_MH248=m
+CONFIG_HW_RANDOM_ROCKCHIP=m
+CONFIG_I2C_CHARDEV=m
+CONFIG_I2C_GPIO=m
+CONFIG_I2C_HID=m
+CONFIG_I2C_RK3X=m
+CONFIG_IIO_BUFFER_CB=m
+CONFIG_INPUT_RK805_PWRKEY=m
+CONFIG_ION=y
+CONFIG_ION_SYSTEM_HEAP=y
+CONFIG_JOLIET=y
+CONFIG_KEYBOARD_ADC=m
+CONFIG_LEDS_GPIO=m
+CONFIG_LEDS_TRIGGER_BACKLIGHT=m
+CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
+CONFIG_LEDS_TRIGGER_HEARTBEAT=m
+CONFIG_LIGHT_DEVICE=m
+CONFIG_LSM330_ACC=m
+CONFIG_LS_CM3217=m
+CONFIG_LS_CM3218=m
+CONFIG_LS_STK3410=m
+# CONFIG_MALI400_PROFILING is not set
+CONFIG_MFD_RK808=m
+CONFIG_MMC_DW=m
+CONFIG_MMC_DW_ROCKCHIP=m
+CONFIG_MMC_SDHCI_OF_ARASAN=m
+CONFIG_MMC_SDHCI_OF_DWCMSHC=m
+CONFIG_MPU6500_ACC=m
+CONFIG_MPU6880_ACC=m
+CONFIG_OPTEE=m
+CONFIG_PANTHERLORD_FF=y
+CONFIG_PHY_ROCKCHIP_DP=m
+CONFIG_PHY_ROCKCHIP_EMMC=m
+CONFIG_PHY_ROCKCHIP_INNO_DSIDPHY=m
+CONFIG_PHY_ROCKCHIP_INNO_USB2=m
+CONFIG_PHY_ROCKCHIP_INNO_USB3=m
+CONFIG_PHY_ROCKCHIP_NANENG_COMBO_PHY=m
+CONFIG_PHY_ROCKCHIP_NANENG_EDP=m
+CONFIG_PHY_ROCKCHIP_PCIE=m
+CONFIG_PHY_ROCKCHIP_SNPS_PCIE3=m
+CONFIG_PHY_ROCKCHIP_TYPEC=m
+CONFIG_PHY_ROCKCHIP_USB=m
+CONFIG_PINCTRL_RK805=m
+CONFIG_PINCTRL_ROCKCHIP=m
+CONFIG_PL330_DMA=m
+CONFIG_PROXIMITY_DEVICE=m
+CONFIG_PS_STK3410=m
+CONFIG_PWM_ROCKCHIP=m
+CONFIG_REGULATOR_ACT8865=m
+CONFIG_REGULATOR_FAN53555=m
+CONFIG_REGULATOR_GPIO=m
+CONFIG_REGULATOR_LP8752=m
+CONFIG_REGULATOR_MP8865=m
+CONFIG_REGULATOR_PWM=m
+CONFIG_REGULATOR_RK808=m
+CONFIG_REGULATOR_TPS65132=m
+CONFIG_REGULATOR_XZ3216=m
+CONFIG_RK_CONSOLE_THREAD=y
+CONFIG_RK_NAND=m
+CONFIG_ROCKCHIP_ANALOGIX_DP=y
+CONFIG_ROCKCHIP_CDN_DP=y
+CONFIG_ROCKCHIP_CPUINFO=m
+CONFIG_ROCKCHIP_DEBUG=m
+CONFIG_ROCKCHIP_DW_HDMI=y
+CONFIG_ROCKCHIP_DW_MIPI_DSI=y
+CONFIG_ROCKCHIP_EFUSE=m
+CONFIG_ROCKCHIP_FIQ_DEBUGGER=m
+CONFIG_ROCKCHIP_GRF=m
+CONFIG_ROCKCHIP_INNO_HDMI=y
+CONFIG_ROCKCHIP_IODOMAIN=m
+CONFIG_ROCKCHIP_IOMMU=m
+CONFIG_ROCKCHIP_IPA=m
+CONFIG_ROCKCHIP_LVDS=y
+CONFIG_ROCKCHIP_OPP=m
+CONFIG_ROCKCHIP_OTP=m
+CONFIG_ROCKCHIP_PHY=m
+CONFIG_ROCKCHIP_PM_DOMAINS=m
+CONFIG_ROCKCHIP_PVTM=m
+CONFIG_ROCKCHIP_REMOTECTL=m
+CONFIG_ROCKCHIP_REMOTECTL_PWM=m
+CONFIG_ROCKCHIP_RGB=y
+CONFIG_ROCKCHIP_SARADC=m
+CONFIG_ROCKCHIP_SIP=m
+CONFIG_ROCKCHIP_SYSTEM_MONITOR=m
+CONFIG_ROCKCHIP_THERMAL=m
+CONFIG_ROCKCHIP_VENDOR_STORAGE=m
+CONFIG_ROCKCHIP_VENDOR_STORAGE_UPDATE_LOADER=y
+CONFIG_RTC_DRV_RK808=m
+CONFIG_SENSOR_DEVICE=m
+CONFIG_SMARTJOYPLUS_FF=y
+CONFIG_SND_SIMPLE_CARD=m
+CONFIG_SND_SOC_BT_SCO=m
+CONFIG_SND_SOC_CX2072X=m
+CONFIG_SND_SOC_DUMMY_CODEC=m
+CONFIG_SND_SOC_ES7202=m
+CONFIG_SND_SOC_ES7210=m
+CONFIG_SND_SOC_ES7243E=m
+CONFIG_SND_SOC_ES8311=m
+CONFIG_SND_SOC_ES8316=m
+CONFIG_SND_SOC_ES8396=m
+CONFIG_SND_SOC_RK3328=m
+CONFIG_SND_SOC_RK817=m
+CONFIG_SND_SOC_RK_CODEC_DIGITAL=m
+CONFIG_SND_SOC_ROCKCHIP=m
+CONFIG_SND_SOC_ROCKCHIP_PDM=m
+CONFIG_SND_SOC_ROCKCHIP_SPDIF=m
+CONFIG_SND_SOC_RT5640=m
+CONFIG_SND_SOC_SPDIF=m
+CONFIG_SPI_ROCKCHIP=m
+CONFIG_SPI_SPIDEV=m
+CONFIG_SW_SYNC=m
+CONFIG_SYSCON_REBOOT_MODE=m
+CONFIG_TEE=m
+CONFIG_TEST_POWER=m
+CONFIG_TOUCHSCREEN_GSLX680_PAD=m
+CONFIG_TOUCHSCREEN_GT1X=m
+CONFIG_TYPEC_DP_ALTMODE=m
+CONFIG_TYPEC_FUSB302=m
+CONFIG_VIDEO_DW9714=m
+CONFIG_VIDEO_OV2680=m
+CONFIG_VIDEO_OV5695=m
+CONFIG_ZISOFS=y
+CONFIG_ZRAM=m
+CONFIG_ZSMALLOC=m
+# CONFIG_USB_DUMMY_HCD is not set

arch/arm64/kernel/process.c

@@ -45,7 +45,6 @@
 #include <linux/thread_info.h>
 #include <linux/prctl.h>
 #include <trace/hooks/fpsimd.h>
-#include <trace/hooks/mpam.h>
 
 #include <asm/alternative.h>
 #include <asm/arch_gicv3.h>
@@ -572,11 +571,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
 	ssbs_thread_switch(next);
 	erratum_1418040_thread_switch(prev, next);
 	ptrauth_thread_switch_user(next);
-	/*
-	 *  vendor hook is needed before the dsb(),
-	 *  because MPAM is related to cache maintenance.
-	 */
-	trace_android_vh_mpam_set(prev, next);
 
 	/*
 	 * Complete any pending TLB or cache maintenance on this CPU in case

arch/powerpc/kernel/vmlinux.lds.S

@@ -311,6 +311,10 @@ SECTIONS
 #else
 	.data : AT(ADDR(.data) - LOAD_OFFSET) {
 		DATA_DATA
+#ifdef CONFIG_UBSAN
+		*(.data..Lubsan_data*)
+		*(.data..Lubsan_type*)
+#endif
 		*(.data.rel*)
 		*(.toc1)
 		*(.branch_lt)

arch/x86/configs/gki_defconfig

@@ -446,6 +446,7 @@ CONFIG_USB_CONFIGFS_F_ACC=y
 CONFIG_USB_CONFIGFS_F_AUDIO_SRC=y
 CONFIG_USB_CONFIGFS_F_MIDI=y
 CONFIG_USB_CONFIGFS_F_HID=y
+CONFIG_USB_CONFIGFS_F_UVC=y
 CONFIG_TYPEC=y
 CONFIG_TYPEC_TCPM=y
 CONFIG_TYPEC_TCPCI=y
@@ -601,7 +602,10 @@ CONFIG_MAGIC_SYSRQ=y
 CONFIG_UBSAN=y
 CONFIG_UBSAN_TRAP=y
 CONFIG_UBSAN_LOCAL_BOUNDS=y
-# CONFIG_UBSAN_MISC is not set
+# CONFIG_UBSAN_SHIFT is not set
+# CONFIG_UBSAN_OBJECT_SIZE is not set
+# CONFIG_UBSAN_BOOL is not set
+# CONFIG_UBSAN_ENUM is not set
 CONFIG_PAGE_OWNER=y
 CONFIG_PAGE_PINNER=y
 CONFIG_DEBUG_MEMORY_INIT=y

build.config.gki.aarch64.fips140

@@ -15,3 +15,4 @@ DEFCONFIG=fips140_gki_defconfig
 KMI_SYMBOL_LIST=android/abi_gki_aarch64_fips140
 PRE_DEFCONFIG_CMDS="cat ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/gki_defconfig ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/fips140_gki.fragment > ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG};"
 POST_DEFCONFIG_CMDS="rm ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG}"
+KMI_SYMBOL_LIST_ADD_ONLY=1

build.config.rockchip

@@ -0,0 +1,8 @@
+. ${ROOT_DIR}/${KERNEL_DIR}/build.config.gki.aarch64
+
+
+DEFCONFIG=rockchip_aarch64_gki_defconfig
+KMI_SYMBOL_LIST=android/abi_gki_aarch64_rockchip
+PRE_DEFCONFIG_CMDS="KCONFIG_CONFIG=${ROOT_DIR}/common/arch/arm64/configs/${DEFCONFIG} ${ROOT_DIR}/common/scripts/kconfig/merge_config.sh -m -r ${ROOT_DIR}/common/arch/arm64/configs/gki_defconfig ${ROOT_DIR}/common/arch/arm64/configs/rockchip_gki.config"
+POST_DEFCONFIG_CMDS="rm ${ROOT_DIR}/common/arch/arm64/configs/${DEFCONFIG}"
+

crypto/Makefile

@@ -200,14 +200,19 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o
 
 ifneq ($(CONFIG_CRYPTO_FIPS140_MOD),)
 
-FIPS140_CFLAGS := -D__DISABLE_EXPORTS -DBUILD_FIPS140_KO
+FIPS140_CFLAGS := -D__DISABLE_EXPORTS -DBUILD_FIPS140_KO -include fips140-defs.h
+
+CFLAGS_jitterentropy-fips.o := -O0
+KASAN_SANITIZE_jitterentropy-fips.o = n
+UBSAN_SANITIZE_jitterentropy-fips.o = n
 
 #
 # Create a separate FIPS archive containing a duplicate of each builtin generic
 # module that is in scope for FIPS 140-2 certification
 #
-crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o gcm.o xts.o hmac.o memneq.o \
+crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o cts.o gcm.o xts.o hmac.o cmac.o \
-		    gf128mul.o aes_generic.o lib-crypto-aes.o \
+		    memneq.o gf128mul.o aes_generic.o lib-crypto-aes.o \
+		    jitterentropy.o jitterentropy-kcapi.o \
 		    sha1_generic.o sha256_generic.o sha512_generic.o \
 		    lib-sha1.o lib-crypto-sha256.o
 crypto-fips-objs := $(foreach o,$(crypto-fips-objs),$(o:.o=-fips.o))
@@ -228,10 +233,17 @@ $(obj)/lib-crypto-%-fips.o: $(srctree)/lib/crypto/%.c FORCE
 $(obj)/crypto-fips.a: $(addprefix $(obj)/,$(crypto-fips-objs)) FORCE
 	$(call if_changed,ar_and_symver)
 
-fips140-objs		:= fips140-module.o fips140-selftests.o crypto-fips.a
+fips140-objs := \
+	fips140-alg-registration.o \
+	fips140-module.o \
+	fips140-refs.o \
+	fips140-selftests.o \
+	crypto-fips.a
 obj-m += fips140.o
 
+CFLAGS_fips140-alg-registration.o += $(FIPS140_CFLAGS)
 CFLAGS_fips140-module.o += $(FIPS140_CFLAGS)
+CFLAGS_fips140-selftests.o += $(FIPS140_CFLAGS)
 
 hostprogs-always-y := fips140_gen_hmac
 HOSTLDLIBS_fips140_gen_hmac := -lcrypto -lelf

crypto/fips140-alg-registration.c

@@ -0,0 +1,388 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Block crypto operations until tests complete
+ *
+ * Copyright 2021 Google LLC
+ *
+ * This file defines the fips140_crypto_register_*() functions, to which all
+ * calls to crypto_register_*() in the module are redirected.  These functions
+ * override the tfm initialization function of each algorithm to insert a wait
+ * for the module having completed its self-tests and integrity check.
+ *
+ * The exact field that we override depends on the algorithm type.  For
+ * algorithm types that have a strongly-typed initialization function pointer
+ * (e.g. skcipher), we must override that, since cra_init isn't guaranteed to be
+ * called for those despite the field being present in the base struct.  For the
+ * other algorithm types (e.g. "cipher") we must override cra_init.
+ *
+ * All of this applies to both normal algorithms and template instances.
+ *
+ * The purpose of all of this is to meet a FIPS requirement where the module
+ * must not produce any output from cryptographic algorithms until it completes
+ * its tests.  Technically this is impossible, but this solution meets the
+ * intent of the requirement, assuming the user makes a supported sequence of
+ * API calls.  Note that we can't simply run the tests before registering the
+ * algorithms, as the algorithms must be registered in order to run the tests.
+ *
+ * It would be much easier to handle this in the kernel's crypto API framework.
+ * Unfortunately, that was deemed insufficient because the module itself is
+ * required to do the enforcement.  What is *actually* required is still very
+ * vague, but the approach implemented here should meet the requirement.
+ */
+
+/*
+ * This file is the one place in fips140.ko that needs to call the kernel's real
+ * algorithm registration functions, so #undefine all the macros from
+ * fips140-defs.h so that the "fips140_" prefix doesn't automatically get added.
+ */
+#undef aead_register_instance
+#undef ahash_register_instance
+#undef crypto_register_aead
+#undef crypto_register_aeads
+#undef crypto_register_ahash
+#undef crypto_register_ahashes
+#undef crypto_register_alg
+#undef crypto_register_algs
+#undef crypto_register_rng
+#undef crypto_register_rngs
+#undef crypto_register_shash
+#undef crypto_register_shashes
+#undef crypto_register_skcipher
+#undef crypto_register_skciphers
+#undef shash_register_instance
+#undef skcipher_register_instance
+
+#include <crypto/algapi.h>
+#include <crypto/internal/aead.h>
+#include <crypto/internal/hash.h>
+#include <crypto/internal/rng.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/xarray.h>
+
+#include "fips140-module.h"
+
+/* Indicates whether the self-tests and integrity check have completed */
+DECLARE_COMPLETION(fips140_tests_done);
+
+/* The thread running the self-tests and integrity check */
+struct task_struct *fips140_init_thread;
+
+/*
+ * Map from crypto_alg to original initialization function (possibly NULL)
+ *
+ * Note: unregistering an algorithm will leak its map entry, as we don't bother
+ * to remove it.  This should be fine since fips140.ko can't be unloaded.  The
+ * proper solution would be to store the original function pointer in a new
+ * field in 'struct crypto_alg', but that would require kernel support.
+ */
+static DEFINE_XARRAY(fips140_init_func_map);
+
+static bool fips140_ready(void)
+{
+	return completion_done(&fips140_tests_done);
+}
+
+/*
+ * Wait until crypto operations are allowed to proceed.  Return true if the
+ * tests are done, or false if the caller is the thread running the tests so it
+ * is allowed to proceed anyway.
+ */
+static bool fips140_wait_until_ready(struct crypto_alg *alg)
+{
+	if (fips140_ready())
+		return true;
+	/*
+	 * The thread running the tests must not wait.  Since tfms can only be
+	 * allocated in task context, we can reliably determine whether the
+	 * invocation is from that thread or not by checking 'current'.
+	 */
+	if (current == fips140_init_thread)
+		return false;
+
+	pr_info("blocking user of %s until tests complete\n",
+		alg->cra_driver_name);
+	wait_for_completion(&fips140_tests_done);
+	pr_info("tests done, allowing %s to proceed\n", alg->cra_driver_name);
+	return true;
+}
+
+static int fips140_store_init_function(struct crypto_alg *alg, void *func)
+{
+	void *ret;
+
+	/*
+	 * The XArray API requires 4-byte aligned values.  Although function
+	 * pointers in general aren't guaranteed to be 4-byte aligned, it should
+	 * be the case for the platforms this module is used on.
+	 */
+	if (WARN_ON((unsigned long)func & 3))
+		return -EINVAL;
+
+	ret = xa_store(&fips140_init_func_map, (unsigned long)alg, func,
+		       GFP_KERNEL);
+	return xa_err(ret);
+}
+
+/* Get the algorithm's original initialization function (possibly NULL) */
+static void *fips140_load_init_function(struct crypto_alg *alg)
+{
+	return xa_load(&fips140_init_func_map, (unsigned long)alg);
+}
+
+/* tfm initialization function overrides */
+
+static int fips140_alg_init_tfm(struct crypto_tfm *tfm)
+{
+	struct crypto_alg *alg = tfm->__crt_alg;
+	int (*cra_init)(struct crypto_tfm *tfm) =
+		fips140_load_init_function(alg);
+
+	if (fips140_wait_until_ready(alg))
+		WRITE_ONCE(alg->cra_init, cra_init);
+	return cra_init ? cra_init(tfm) : 0;
+}
+
+static int fips140_aead_init_tfm(struct crypto_aead *tfm)
+{
+	struct aead_alg *alg = crypto_aead_alg(tfm);
+	int (*init)(struct crypto_aead *tfm) =
+		fips140_load_init_function(&alg->base);
+
+	if (fips140_wait_until_ready(&alg->base))
+		WRITE_ONCE(alg->init, init);
+	return init ? init(tfm) : 0;
+}
+
+static int fips140_ahash_init_tfm(struct crypto_ahash *tfm)
+{
+	struct hash_alg_common *halg = crypto_hash_alg_common(tfm);
+	struct ahash_alg *alg = container_of(halg, struct ahash_alg, halg);
+	int (*init_tfm)(struct crypto_ahash *tfm) =
+		fips140_load_init_function(&halg->base);
+
+	if (fips140_wait_until_ready(&halg->base))
+		WRITE_ONCE(alg->init_tfm, init_tfm);
+	return init_tfm ? init_tfm(tfm) : 0;
+}
+
+static int fips140_shash_init_tfm(struct crypto_shash *tfm)
+{
+	struct shash_alg *alg = crypto_shash_alg(tfm);
+	int (*init_tfm)(struct crypto_shash *tfm) =
+		fips140_load_init_function(&alg->base);
+
+	if (fips140_wait_until_ready(&alg->base))
+		WRITE_ONCE(alg->init_tfm, init_tfm);
+	return init_tfm ? init_tfm(tfm) : 0;
+}
+
+static int fips140_skcipher_init_tfm(struct crypto_skcipher *tfm)
+{
+	struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
+	int (*init)(struct crypto_skcipher *tfm) =
+		fips140_load_init_function(&alg->base);
+
+	if (fips140_wait_until_ready(&alg->base))
+		WRITE_ONCE(alg->init, init);
+	return init ? init(tfm) : 0;
+}
+
+/* Single algorithm registration */
+
+#define prepare_alg(alg, base_alg, field, wrapper_func)			\
+({									\
+	int err = 0;							\
+									\
+	if (!fips140_ready() && alg->field != wrapper_func) {		\
+		err = fips140_store_init_function(base_alg, alg->field);\
+		if (err == 0)						\
+			alg->field = wrapper_func;			\
+	}								\
+	err;								\
+})
+
+static int fips140_prepare_alg(struct crypto_alg *alg)
+{
+	/*
+	 * Override cra_init.  This is only for algorithm types like cipher and
+	 * rng that don't have a strongly-typed initialization function.
+	 */
+	return prepare_alg(alg, alg, cra_init, fips140_alg_init_tfm);
+}
+
+static int fips140_prepare_aead_alg(struct aead_alg *alg)
+{
+	return prepare_alg(alg, &alg->base, init, fips140_aead_init_tfm);
+}
+
+static int fips140_prepare_ahash_alg(struct ahash_alg *alg)
+{
+	return prepare_alg(alg, &alg->halg.base, init_tfm,
+			   fips140_ahash_init_tfm);
+}
+
+static int fips140_prepare_rng_alg(struct rng_alg *alg)
+{
+	/*
+	 * rng doesn't have a strongly-typed initialization function, so we must
+	 * treat rng algorithms as "generic" algorithms.
+	 */
+	return fips140_prepare_alg(&alg->base);
+}
+
+static int fips140_prepare_shash_alg(struct shash_alg *alg)
+{
+	return prepare_alg(alg, &alg->base, init_tfm, fips140_shash_init_tfm);
+}
+
+static int fips140_prepare_skcipher_alg(struct skcipher_alg *alg)
+{
+	return prepare_alg(alg, &alg->base, init, fips140_skcipher_init_tfm);
+}
+
+int fips140_crypto_register_alg(struct crypto_alg *alg)
+{
+	return fips140_prepare_alg(alg) ?: crypto_register_alg(alg);
+}
+
+int fips140_crypto_register_aead(struct aead_alg *alg)
+{
+	return fips140_prepare_aead_alg(alg) ?: crypto_register_aead(alg);
+}
+
+int fips140_crypto_register_ahash(struct ahash_alg *alg)
+{
+	return fips140_prepare_ahash_alg(alg) ?: crypto_register_ahash(alg);
+}
+
+int fips140_crypto_register_rng(struct rng_alg *alg)
+{
+	return fips140_prepare_rng_alg(alg) ?: crypto_register_rng(alg);
+}
+
+int fips140_crypto_register_shash(struct shash_alg *alg)
+{
+	return fips140_prepare_shash_alg(alg) ?: crypto_register_shash(alg);
+}
+
+int fips140_crypto_register_skcipher(struct skcipher_alg *alg)
+{
+	return fips140_prepare_skcipher_alg(alg) ?:
+		crypto_register_skcipher(alg);
+}
+
+/* Instance registration */
+
+int fips140_aead_register_instance(struct crypto_template *tmpl,
+				   struct aead_instance *inst)
+{
+	return fips140_prepare_aead_alg(&inst->alg) ?:
+		aead_register_instance(tmpl, inst);
+}
+
+int fips140_ahash_register_instance(struct crypto_template *tmpl,
+				    struct ahash_instance *inst)
+{
+	return fips140_prepare_ahash_alg(&inst->alg) ?:
+		ahash_register_instance(tmpl, inst);
+}
+
+int fips140_shash_register_instance(struct crypto_template *tmpl,
+				    struct shash_instance *inst)
+{
+	return fips140_prepare_shash_alg(&inst->alg) ?:
+		shash_register_instance(tmpl, inst);
+}
+
+int fips140_skcipher_register_instance(struct crypto_template *tmpl,
+				       struct skcipher_instance *inst)
+{
+	return fips140_prepare_skcipher_alg(&inst->alg) ?:
+		skcipher_register_instance(tmpl, inst);
+}
+
+/* Bulk algorithm registration */
+
+int fips140_crypto_register_algs(struct crypto_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_algs(algs, count);
+}
+
+int fips140_crypto_register_aeads(struct aead_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_aead_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_aeads(algs, count);
+}
+
+int fips140_crypto_register_ahashes(struct ahash_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_ahash_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_ahashes(algs, count);
+}
+
+int fips140_crypto_register_rngs(struct rng_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_rng_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_rngs(algs, count);
+}
+
+int fips140_crypto_register_shashes(struct shash_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_shash_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_shashes(algs, count);
+}
+
+int fips140_crypto_register_skciphers(struct skcipher_alg *algs, int count)
+{
+	int i;
+	int err;
+
+	for (i = 0; i < count; i++) {
+		err = fips140_prepare_skcipher_alg(&algs[i]);
+		if (err)
+			return err;
+	}
+
+	return crypto_register_skciphers(algs, count);
+}

crypto/fips140-defs.h

@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright 2021 Google LLC
+ *
+ * This file is automatically included by all files built into fips140.ko, via
+ * the "-include" compiler flag.  It redirects all calls to algorithm
+ * registration functions to the wrapper functions defined within the module.
+ */
+
+#define aead_register_instance		fips140_aead_register_instance
+#define ahash_register_instance		fips140_ahash_register_instance
+#define crypto_register_aead		fips140_crypto_register_aead
+#define crypto_register_aeads		fips140_crypto_register_aeads
+#define crypto_register_ahash		fips140_crypto_register_ahash
+#define crypto_register_ahashes		fips140_crypto_register_ahashes
+#define crypto_register_alg		fips140_crypto_register_alg
+#define crypto_register_algs		fips140_crypto_register_algs
+#define crypto_register_rng		fips140_crypto_register_rng
+#define crypto_register_rngs		fips140_crypto_register_rngs
+#define crypto_register_shash		fips140_crypto_register_shash
+#define crypto_register_shashes		fips140_crypto_register_shashes
+#define crypto_register_skcipher	fips140_crypto_register_skcipher
+#define crypto_register_skciphers	fips140_crypto_register_skciphers
+#define shash_register_instance		fips140_shash_register_instance
+#define skcipher_register_instance	fips140_skcipher_register_instance

crypto/fips140-generated-testvecs.h

@@ -11,19 +11,19 @@ static const u8 fips_message[32] __initconst =
 
 static const u8 fips_aes_key[16] __initconst = "128-bit AES key";
 
-static const u8 fips_aes_iv[16] __initconst = "ABCDEFGHIJKL";
+static const u8 fips_aes_iv[16] __initconst = "ABCDEFGHIJKLMNOP";
 
 static const u8 fips_aes_cbc_ciphertext[32] __initconst =
-	"\xc4\x6d\xad\xa4\x04\x52\x11\x5a\x7a\xb3\x7c\x68\x85\x8d\x90\xf0"
+	"\x4c\x3e\xeb\x38\x8d\x1f\x28\xfd\xa2\x3b\xa9\xda\x36\xf2\x99\xe2"
-	"\x55\xc3\xd3\x35\xc1\x75\x31\x90\xdf\x90\x4b\x5a\x56\xfd\xa7\x89";
+	"\x84\x84\x66\x37\x0a\x53\x68\x2f\x17\x95\x8d\x7f\xca\x5a\x68\x4e";
 
 static const u8 fips_aes_ecb_ciphertext[32] __initconst =
 	"\xc1\x9d\xe6\xb8\xb2\x90\xff\xfe\xf2\x77\x18\xb0\x55\xd3\xee\xa9"
 	"\xe2\x6f\x4a\x32\x67\xfd\xb7\xa5\x2f\x4b\x6e\x1a\x86\x2b\x6e\x3a";
 
 static const u8 fips_aes_ctr_ciphertext[32] __initconst =
-	"\x92\xbe\x23\xa1\x80\x88\x5d\x31\x27\xb3\x9c\x40\x58\x57\x1d\xde"
+	"\xed\x06\x2c\xd0\xbc\x48\xd1\x2e\x6a\x4e\x13\xe9\xaa\x17\x40\xca"
-	"\xc1\x8d\x5b\xe7\x42\x93\x09\xf8\xd4\xf7\x49\x42\xcf\x40\x62\x7e";
+	"\x00\xb4\xaf\x3b\x4f\xee\x73\xd6\x6c\x41\xf6\x4c\x8b\x0d\x6a\x0f";
 
 static const u8 fips_aes_gcm_assoc[22] __initconst = "associated data string";
 
@@ -36,8 +36,11 @@ static const u8 fips_aes_xts_key[32] __initconst =
 	"This is an AES-128-XTS key.";
 
 static const u8 fips_aes_xts_ciphertext[32] __initconst =
-	"\x5e\xb9\x98\xd6\x26\xb3\x55\xbf\x44\xab\x3e\xae\x73\xc0\x81\xc9"
+	"\x4f\xf7\x9f\x6c\x00\xa8\x30\xdf\xff\xf3\x25\x9c\xf6\x0b\x1b\xfd"
-	"\xf4\x29\x0e\x17\x1e\xc5\xc8\x90\x79\x99\xf1\x43\x3a\x23\x08\x5a";
+	"\x3b\x34\x5e\x67\x7c\xf8\x8b\x68\x9a\xb9\x5a\x89\x51\x51\xbd\x35";
+
+static const u8 fips_aes_cmac_digest[16] __initconst =
+	"\x0c\x05\xda\x64\x51\x0c\x8e\x6c\x86\x52\x46\xa8\x2d\xb1\xfe\x0f";
 
 static const u8 fips_hmac_key[16] __initconst = "128-bit HMAC key";
 

crypto/fips140-module.c

@@ -14,6 +14,8 @@
  * don't need to meet these requirements.
  */
 
+#undef __DISABLE_EXPORTS
+
 #include <linux/ctype.h>
 #include <linux/module.h>
 #include <crypto/aead.h>
@@ -66,34 +68,57 @@ const u8 *__rodata_start = &__fips140_rodata_start;
 /*
  * The list of the crypto API algorithms (by cra_name) that will be unregistered
  * by this module, in preparation for the module registering its own
- * implementation(s) of them.  When adding a new algorithm here, make sure to
+ * implementation(s) of them.
- * consider whether it needs a self-test added to fips140_selftests[] as well.
+ *
+ * All algorithms that will be declared as FIPS-approved in the module
+ * certification must be listed here, to ensure that the non-FIPS-approved
+ * implementations of these algorithms in the kernel image aren't used.
+ *
+ * For every algorithm in this list, the module should contain all the "same"
+ * implementations that the kernel image does, including the C implementation as
+ * well as any architecture-specific implementations.  This is needed to avoid
+ * performance regressions as well as the possibility of an algorithm being
+ * unavailable on some CPUs.  E.g., "xcbc(aes)" isn't in this list, as the
+ * module doesn't have a C implementation of it (and it won't be FIPS-approved).
+ *
+ * Due to a quirk in the FIPS requirements, "gcm(aes)" isn't actually able to be
+ * FIPS-approved.  However, we otherwise treat it the same as the algorithms
+ * that will be FIPS-approved, and therefore it's included in this list.
+ *
+ * When adding a new algorithm here, make sure to consider whether it needs a
+ * self-test added to fips140_selftests[] as well.
  */
-static const char * const fips140_algorithms[] __initconst = {
+static const struct {
-	"aes",
+	const char *name;
+	bool approved;
+} fips140_algs_to_replace[] = {
+	{"aes", true},
 
-	"gcm(aes)",
+	{"cmac(aes)", true},
+	{"ecb(aes)", true},
 
-	"ecb(aes)",
+	{"cbc(aes)", true},
-	"cbc(aes)",
+	{"cts(cbc(aes))", true},
-	"ctr(aes)",
+	{"ctr(aes)", true},
-	"xts(aes)",
+	{"xts(aes)", true},
+	{"gcm(aes)", false},
 
-	"hmac(sha1)",
+	{"hmac(sha1)", true},
-	"hmac(sha224)",
+	{"hmac(sha224)", true},
-	"hmac(sha256)",
+	{"hmac(sha256)", true},
-	"hmac(sha384)",
+	{"hmac(sha384)", true},
-	"hmac(sha512)",
+	{"hmac(sha512)", true},
-	"sha1",
+	{"sha1", true},
-	"sha224",
+	{"sha224", true},
-	"sha256",
+	{"sha256", true},
-	"sha384",
+	{"sha384", true},
-	"sha512",
+	{"sha512", true},
 
-	"stdrng",
+	{"stdrng", true},
+	{"jitterentropy_rng", false},
 };
 
-static bool __init is_fips140_algo(struct crypto_alg *alg)
+static bool __init fips140_should_unregister_alg(struct crypto_alg *alg)
 {
 	int i;
 
@@ -104,13 +129,70 @@ static bool __init is_fips140_algo(struct crypto_alg *alg)
 	if (alg->cra_flags & CRYPTO_ALG_ASYNC)
 		return false;
 
-	for (i = 0; i < ARRAY_SIZE(fips140_algorithms); i++)
+	for (i = 0; i < ARRAY_SIZE(fips140_algs_to_replace); i++) {
-		if (!strcmp(alg->cra_name, fips140_algorithms[i]))
+		if (!strcmp(alg->cra_name, fips140_algs_to_replace[i].name))
 			return true;
+	}
 	return false;
 }
 
-static LIST_HEAD(unchecked_fips140_algos);
+/*
+ * FIPS 140-3 service indicators.  FIPS 140-3 requires that all services
+ * "provide an indicator when the service utilises an approved cryptographic
+ * algorithm, security function or process in an approved manner".  What this
+ * means is very debatable, even with the help of the FIPS 140-3 Implementation
+ * Guidance document.  However, it was decided that a function that takes in an
+ * algorithm name and returns whether that algorithm is approved or not will
+ * meet this requirement.  Note, this relies on some properties of the module:
+ *
+ *   - The module doesn't distinguish between "services" and "algorithms"; its
+ *     services are simply its algorithms.
+ *
+ *   - The status of an approved algorithm is never non-approved, since (a) the
+ *     module doesn't support operating in a non-approved mode, such as a mode
+ *     where the self-tests are skipped; (b) there are no cases where the module
+ *     supports non-approved settings for approved algorithms, e.g.
+ *     non-approved key sizes; and (c) this function isn't available to be
+ *     called until the module_init function has completed, so it's guaranteed
+ *     that the self-tests and integrity check have already passed.
+ *
+ *   - The module does support some non-approved algorithms, so a single static
+ *     indicator ("return true;") would not be acceptable.
+ */
+bool fips140_is_approved_service(const char *name)
+{
+	size_t i;
+
+	for (i = 0; i < ARRAY_SIZE(fips140_algs_to_replace); i++) {
+		if (!strcmp(name, fips140_algs_to_replace[i].name))
+			return fips140_algs_to_replace[i].approved;
+	}
+	return false;
+}
+EXPORT_SYMBOL_GPL(fips140_is_approved_service);
+
+/*
+ * FIPS 140-3 requires that modules provide a "service" that outputs "the name
+ * or module identifier and the versioning information that can be correlated
+ * with a validation record".  This function meets that requirement.
+ *
+ * Note: the module also prints this same information to the kernel log when it
+ * is loaded.  That might meet the requirement by itself.  However, given the
+ * vagueness of what counts as a "service", we provide this function too, just
+ * in case the certification lab or CMVP is happier with an explicit function.
+ *
+ * Note: /sys/modules/fips140/scmversion also provides versioning information
+ * about the module.  However that file just shows the bare git commit ID, so it
+ * probably isn't sufficient to meet the FIPS requirement, which seems to want
+ * the "official" module name and version number used in the FIPS certificate.
+ */
+const char *fips140_module_version(void)
+{
+	return FIPS140_MODULE_NAME " " FIPS140_MODULE_VERSION;
+}
+EXPORT_SYMBOL_GPL(fips140_module_version);
+
+static LIST_HEAD(existing_live_algos);
 
 /*
  * Release a list of algorithms which have been removed from crypto_alg_list.
@@ -153,38 +235,53 @@ static void __init unregister_existing_fips140_algos(void)
 	down_write(&crypto_alg_sem);
 
 	/*
-	 * Find all registered algorithms that we care about, and move them to
+	 * Find all registered algorithms that we care about, and move them to a
-	 * a private list so that they are no longer exposed via the algo
+	 * private list so that they are no longer exposed via the algo lookup
-	 * lookup API. Subsequently, we will unregister them if they are not in
+	 * API. Subsequently, we will unregister them if they are not in active
-	 * active use. If they are, we cannot simply remove them but we can
+	 * use. If they are, we can't fully unregister them but we can ensure
-	 * adapt them later to use our integrity checked backing code.
+	 * that new users won't use them.
 	 */
 	list_for_each_entry_safe(alg, tmp, &crypto_alg_list, cra_list) {
-		if (is_fips140_algo(alg)) {
+		if (!fips140_should_unregister_alg(alg))
+			continue;
 		if (refcount_read(&alg->cra_refcnt) == 1) {
 			/*
-				 * This algorithm is not currently in use, but
+			 * This algorithm is not currently in use, but there may
-				 * there may be template instances holding
+			 * be template instances holding references to it via
-				 * references to it via spawns. So let's tear
+			 * spawns. So let's tear it down like
-				 * it down like crypto_unregister_alg() would,
+			 * crypto_unregister_alg() would, but without releasing
-				 * but without releasing the lock, to prevent
+			 * the lock, to prevent races with concurrent TFM
-				 * races with concurrent TFM allocations.
+			 * allocations.
 			 */
 			alg->cra_flags |= CRYPTO_ALG_DEAD;
 			list_move(&alg->cra_list, &remove_list);
 			crypto_remove_spawns(alg, &spawns, NULL);
 		} else {
 			/*
-				 * This algorithm is live, i.e., there are TFMs
+			 * This algorithm is live, i.e. it has TFMs allocated,
-				 * allocated that rely on it for its crypto
+			 * so we can't fully unregister it.  It's not necessary
-				 * transformations. We will swap these out
+			 * to dynamically redirect existing users to the FIPS
-				 * later with integrity checked versions.
+			 * code, given that they can't be relying on FIPS
+			 * certified crypto in the first place.  However, we do
+			 * need to ensure that new users will get the FIPS code.
+			 *
+			 * In most cases, setting alg->cra_priority to 0
+			 * achieves this.  However, that isn't enough for
+			 * algorithms like "hmac(sha256)" that need to be
+			 * instantiated from a template, since existing
+			 * algorithms always take priority over a template being
+			 * instantiated.  Therefore, we move the algorithm to
+			 * a private list so that algorithm lookups won't find
+			 * it anymore.  To further distinguish it from the FIPS
+			 * algorithms, we also append "+orig" to its name.
 			 */
 			pr_info("found already-live algorithm '%s' ('%s')\n",
 				alg->cra_name, alg->cra_driver_name);
-				list_move(&alg->cra_list,
+			alg->cra_priority = 0;
-					  &unchecked_fips140_algos);
+			strlcat(alg->cra_name, "+orig", CRYPTO_MAX_ALG_NAME);
-			}
+			strlcat(alg->cra_driver_name, "+orig",
+				CRYPTO_MAX_ALG_NAME);
+			list_move(&alg->cra_list, &existing_live_algos);
 		}
 	}
 	up_write(&crypto_alg_sem);
@@ -259,12 +356,19 @@ static void __init unapply_rodata_relocations(void *section, int section_size,
 	}
 }
 
+extern struct {
+	u32	offset;
+	u32	count;
+} fips140_rela_text, fips140_rela_rodata;
+
 static bool __init check_fips140_module_hmac(void)
 {
+	struct crypto_shash *tfm = NULL;
 	SHASH_DESC_ON_STACK(desc, dontcare);
 	u8 digest[SHA256_DIGEST_SIZE];
 	void *textcopy, *rodatacopy;
 	int textsize, rodatasize;
+	bool ok = false;
 	int err;
 
 	textsize	= &__fips140_text_end - &__fips140_text_start;
@@ -276,7 +380,7 @@ static bool __init check_fips140_module_hmac(void)
 	textcopy = kmalloc(textsize + rodatasize, GFP_KERNEL);
 	if (!textcopy) {
 		pr_err("Failed to allocate memory for copy of .text\n");
-		return false;
+		goto out;
 	}
 
 	rodatacopy = textcopy + textsize;
@@ -286,38 +390,36 @@ static bool __init check_fips140_module_hmac(void)
 
 	// apply the relocations in reverse on the copies of .text  and .rodata
 	unapply_text_relocations(textcopy, textsize,
-				 __this_module.arch.text_relocations,
+				 offset_to_ptr(&fips140_rela_text.offset),
-				 __this_module.arch.num_text_relocations);
+				 fips140_rela_text.count);
 
 	unapply_rodata_relocations(rodatacopy, rodatasize,
-				   __this_module.arch.rodata_relocations,
+				  offset_to_ptr(&fips140_rela_rodata.offset),
-				   __this_module.arch.num_rodata_relocations);
+				  fips140_rela_rodata.count);
 
-	kfree(__this_module.arch.text_relocations);
+	tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
-	kfree(__this_module.arch.rodata_relocations);
+	if (IS_ERR(tfm)) {
-
+		pr_err("failed to allocate hmac tfm (%ld)\n", PTR_ERR(tfm));
-	desc->tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
+		tfm = NULL;
-	if (IS_ERR(desc->tfm)) {
+		goto out;
-		pr_err("failed to allocate hmac tfm (%ld)\n", PTR_ERR(desc->tfm));
-		kfree(textcopy);
-		return false;
 	}
+	desc->tfm = tfm;
 
 	pr_info("using '%s' for integrity check\n",
-		crypto_shash_driver_name(desc->tfm));
+		crypto_shash_driver_name(tfm));
 
-	err = crypto_shash_setkey(desc->tfm, fips140_integ_hmac_key,
+	err = crypto_shash_setkey(tfm, fips140_integ_hmac_key,
 				  strlen(fips140_integ_hmac_key)) ?:
 	      crypto_shash_init(desc) ?:
 	      crypto_shash_update(desc, textcopy, textsize) ?:
 	      crypto_shash_finup(desc, rodatacopy, rodatasize, digest);
 
-	crypto_free_shash(desc->tfm);
+	/* Zeroizing this is important; see the comment below. */
-	kfree(textcopy);
+	shash_desc_zero(desc);
 
 	if (err) {
 		pr_err("failed to calculate hmac shash (%d)\n", err);
-		return false;
+		goto out;
 	}
 
 	if (memcmp(digest, fips140_integ_hmac_digest, sizeof(digest))) {
@@ -326,171 +428,20 @@ static bool __init check_fips140_module_hmac(void)
 
 		pr_err("calculated digest: %*phN\n", (int)sizeof(digest),
 		       digest);
-
+		goto out;
-		return false;
 	}
-
+	ok = true;
-	return true;
+out:
-}
-
-static bool __init update_live_fips140_algos(void)
-{
-	struct crypto_alg *alg, *new_alg, *tmp;
-
 	/*
-	 * Find all algorithms that we could not unregister the last time
+	 * FIPS 140-3 requires that all "temporary value(s) generated during the
-	 * around, due to the fact that they were already in use.
+	 * integrity test" be zeroized (ref: FIPS 140-3 IG 9.7.B).  There is no
+	 * technical reason to do this given that these values are public
+	 * information, but this is the requirement so we follow it.
 	 */
-	down_write(&crypto_alg_sem);
+	crypto_free_shash(tfm);
-	list_for_each_entry_safe(alg, tmp, &unchecked_fips140_algos, cra_list) {
+	memzero_explicit(digest, sizeof(digest));
-
+	kfree_sensitive(textcopy);
-		/*
+	return ok;
-		 * Take this algo off the list before releasing the lock. This
-		 * ensures that a concurrent invocation of
-		 * crypto_unregister_alg() observes a consistent state, i.e.,
-		 * the algo is still on the list, and crypto_unregister_alg()
-		 * will release it, or it is not, and crypto_unregister_alg()
-		 * will issue a warning but ignore this condition otherwise.
-		 */
-		list_del_init(&alg->cra_list);
-		up_write(&crypto_alg_sem);
-
-		/*
-		 * Grab the algo that will replace the live one.
-		 * Note that this will instantiate template based instances as
-		 * well, as long as their driver name uses the conventional
-		 * pattern of "template(algo)". In this case, we are relying on
-		 * the fact that the templates carried by this module will
-		 * supersede the builtin ones, due to the fact that they were
-		 * registered later, and therefore appear first in the linked
-		 * list. For example, "hmac(sha1-ce)" constructed using the
-		 * builtin hmac template and the builtin SHA1 driver will be
-		 * superseded by the integrity checked versions of HMAC and
-		 * SHA1-ce carried in this module.
-		 *
-		 * Note that this takes a reference to the new algorithm which
-		 * will never get released. This is intentional: once we copy
-		 * the function pointers from the new algo into the old one, we
-		 * cannot drop the new algo unless we are sure that the old one
-		 * has been released, and this is someting we don't keep track
-		 * of at the moment.
-		 */
-		new_alg = crypto_alg_mod_lookup(alg->cra_driver_name,
-						alg->cra_flags & CRYPTO_ALG_TYPE_MASK,
-						CRYPTO_ALG_TYPE_MASK | CRYPTO_NOLOAD);
-
-		if (IS_ERR(new_alg)) {
-			pr_crit("Failed to allocate '%s' for updating live algo (%ld)\n",
-				alg->cra_driver_name, PTR_ERR(new_alg));
-			return false;
-		}
-
-		/*
-		 * The FIPS module's algorithms are expected to be built from
-		 * the same source code as the in-kernel ones so that they are
-		 * fully compatible. In general, there's no way to verify full
-		 * compatibility at runtime, but we can at least verify that
-		 * the algorithm properties match.
-		 */
-		if (alg->cra_ctxsize != new_alg->cra_ctxsize ||
-		    alg->cra_alignmask != new_alg->cra_alignmask) {
-			pr_crit("Failed to update live algo '%s' due to mismatch:\n"
-				"cra_ctxsize   : %u vs %u\n"
-				"cra_alignmask : 0x%x vs 0x%x\n",
-				alg->cra_driver_name,
-				alg->cra_ctxsize, new_alg->cra_ctxsize,
-				alg->cra_alignmask, new_alg->cra_alignmask);
-			return false;
-		}
-
-		/*
-		 * Update the name and priority so the algorithm stands out as
-		 * one that was updated in order to comply with FIPS140, and
-		 * that it is not the preferred version for further use.
-		 */
-		strlcat(alg->cra_name, "+orig", CRYPTO_MAX_ALG_NAME);
-		alg->cra_priority = 0;
-
-		switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
-			struct aead_alg *old_aead, *new_aead;
-			struct skcipher_alg *old_skcipher, *new_skcipher;
-			struct shash_alg *old_shash, *new_shash;
-			struct rng_alg *old_rng, *new_rng;
-
-		case CRYPTO_ALG_TYPE_CIPHER:
-			alg->cra_u.cipher = new_alg->cra_u.cipher;
-			break;
-
-		case CRYPTO_ALG_TYPE_AEAD:
-			old_aead = container_of(alg, struct aead_alg, base);
-			new_aead = container_of(new_alg, struct aead_alg, base);
-
-			old_aead->setkey	= new_aead->setkey;
-			old_aead->setauthsize	= new_aead->setauthsize;
-			old_aead->encrypt	= new_aead->encrypt;
-			old_aead->decrypt	= new_aead->decrypt;
-			old_aead->init		= new_aead->init;
-			old_aead->exit		= new_aead->exit;
-			break;
-
-		case CRYPTO_ALG_TYPE_SKCIPHER:
-			old_skcipher = container_of(alg, struct skcipher_alg, base);
-			new_skcipher = container_of(new_alg, struct skcipher_alg, base);
-
-			old_skcipher->setkey	= new_skcipher->setkey;
-			old_skcipher->encrypt	= new_skcipher->encrypt;
-			old_skcipher->decrypt	= new_skcipher->decrypt;
-			old_skcipher->init	= new_skcipher->init;
-			old_skcipher->exit	= new_skcipher->exit;
-			break;
-
-		case CRYPTO_ALG_TYPE_SHASH:
-			old_shash = container_of(alg, struct shash_alg, base);
-			new_shash = container_of(new_alg, struct shash_alg, base);
-
-			old_shash->init		= new_shash->init;
-			old_shash->update	= new_shash->update;
-			old_shash->final	= new_shash->final;
-			old_shash->finup	= new_shash->finup;
-			old_shash->digest	= new_shash->digest;
-			old_shash->export	= new_shash->export;
-			old_shash->import	= new_shash->import;
-			old_shash->setkey	= new_shash->setkey;
-			old_shash->init_tfm	= new_shash->init_tfm;
-			old_shash->exit_tfm	= new_shash->exit_tfm;
-			break;
-
-		case CRYPTO_ALG_TYPE_RNG:
-			old_rng = container_of(alg, struct rng_alg, base);
-			new_rng = container_of(new_alg, struct rng_alg, base);
-
-			old_rng->generate	= new_rng->generate;
-			old_rng->seed		= new_rng->seed;
-			old_rng->set_ent	= new_rng->set_ent;
-			break;
-		default:
-			/*
-			 * This should never happen: every item on the
-			 * fips140_algorithms list should match one of the
-			 * cases above, so if we end up here, something is
-			 * definitely wrong.
-			 */
-			pr_crit("Unexpected type %u for algo %s, giving up ...\n",
-				alg->cra_flags & CRYPTO_ALG_TYPE_MASK,
-				alg->cra_driver_name);
-			return false;
-		}
-
-		/*
-		 * Move the algorithm back to the algorithm list, so it is
-		 * visible in /proc/crypto et al.
-		 */
-		down_write(&crypto_alg_sem);
-		list_add_tail(&alg->cra_list, &crypto_alg_list);
-	}
-	up_write(&crypto_alg_sem);
-
-	return true;
 }
 
 static void fips140_sha256(void *p, const u8 *data, unsigned int len, u8 *out,
@@ -548,7 +499,8 @@ fips140_init(void)
 {
 	const u32 *initcall;
 
-	pr_info("loading module\n");
+	pr_info("loading " FIPS140_MODULE_NAME " " FIPS140_MODULE_VERSION "\n");
+	fips140_init_thread = current;
 
 	unregister_existing_fips140_algos();
 
@@ -570,19 +522,6 @@ fips140_init(void)
 		}
 	}
 
-	if (!update_live_fips140_algos())
-		goto panic;
-
-	if (!update_fips140_library_routines())
-		goto panic;
-
-	/*
-	 * Wait until all tasks have at least been scheduled once and preempted
-	 * voluntarily. This ensures that none of the superseded algorithms that
-	 * were already in use will still be live.
-	 */
-	synchronize_rcu_tasks();
-
 	if (!fips140_run_selftests())
 		goto panic;
 
@@ -601,6 +540,11 @@ fips140_init(void)
 	}
 	pr_info("integrity check passed\n");
 
+	complete_all(&fips140_tests_done);
+
+	if (!update_fips140_library_routines())
+		goto panic;
+
 	pr_info("module successfully loaded\n");
 	return 0;
 

crypto/fips140-module.h

@@ -6,15 +6,30 @@
 #ifndef _CRYPTO_FIPS140_MODULE_H
 #define _CRYPTO_FIPS140_MODULE_H
 
+#include <linux/completion.h>
 #include <linux/module.h>
 
 #undef pr_fmt
 #define pr_fmt(fmt) "fips140: " fmt
 
+/*
+ * This is the name and version number of the module that are shown on the FIPS
+ * certificate.  These don't necessarily have any relation to the filename of
+ * the .ko file, or to the git branch or commit ID.
+ */
+#define FIPS140_MODULE_NAME "Android Kernel Cryptographic Module"
+#define FIPS140_MODULE_VERSION "v1.0"
+
 #ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
 extern char *fips140_broken_alg;
 #endif
 
+extern struct completion fips140_tests_done;
+extern struct task_struct *fips140_init_thread;
+
 bool __init __must_check fips140_run_selftests(void);
 
+bool fips140_is_approved_service(const char *name);
+const char *fips140_module_version(void);
+
 #endif /* _CRYPTO_FIPS140_MODULE_H */

crypto/fips140-refs.S

@@ -0,0 +1,34 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright 2021 Google LLC
+ * Author: Ard Biesheuvel <ardb@google.com>
+ *
+ * This file contains the variable definitions that will be used by the FIPS140
+ * s/w module to access the RELA sections in the ELF image. These are used to
+ * apply the relocations applied by the module loader in reverse, so that we
+ * can reconstruct the image that was used to derive the HMAC used by the
+ * integrity check.
+ *
+ * The first .long of each entry will be populated by the module loader based
+ * on the actual placement of the respective RELA section in memory. The second
+ * .long carries the RELA entry count, and is populated by the host tool that
+ * also generates the HMAC of the contents of .text and .rodata.
+ */
+
+#include <linux/linkage.h>
+#include <asm/assembler.h>
+
+	.section	".init.rodata", "a"
+
+	.align	2
+	.globl	fips140_rela_text
+fips140_rela_text:
+	.weak	__sec_rela_text
+	.long	__sec_rela_text - .
+	.long	0
+
+	.globl	fips140_rela_rodata
+fips140_rela_rodata:
+	.weak	__sec_rela_rodata
+	.long	__sec_rela_rodata - .
+	.long	0

crypto/fips140-selftests.c

@@ -14,10 +14,6 @@
  * is somewhat helpful.  Basically, all implementations of all FIPS approved
  * algorithms (including modes of operation) must be tested.  However:
  *
- *   - If an implementation won't be used, it doesn't have to be tested.  So
- *     when multiple implementations of the same algorithm are registered with
- *     the crypto API, we only have to test the default (highest-priority) one.
- *
  *   - There are provisions for skipping tests that are already sufficiently
  *     covered by other tests.  E.g., HMAC-SHA256 may cover SHA-256.
  *
@@ -28,12 +24,16 @@
  *
  *   - Only one key size per algorithm needs to be tested.
  *
+ * There is some ambiguity about whether all implementations of each algorithm
+ * must be tested, or whether it is sufficient to test just the highest priority
+ * implementation.  To be safe we test all implementations, except ones that can
+ * be excluded by one of the rules above.
+ *
  * See fips140_selftests[] for the list of tests we've selected.  Currently, all
- * our test vectors except the DRBG ones were generated by the script
+ * our test vectors except the AES-CBC-CTS and DRBG ones were generated by the
- * tools/crypto/gen_fips140_testvecs.py, using the known-good implementations in
+ * script tools/crypto/gen_fips140_testvecs.py, using the known-good
- * the Python packages hashlib, pycryptodome, and cryptography.  The DRBG test
+ * implementations in the Python packages hashlib, pycryptodome, and
- * vectors were manually extracted from
+ * cryptography.
- * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip.
  *
  * Note that we don't reuse the upstream crypto API's self-tests
  * (crypto/testmgr.{c,h}), for several reasons:
@@ -54,22 +54,12 @@
 #include <crypto/aes.h>
 #include <crypto/drbg.h>
 #include <crypto/hash.h>
-#include <crypto/internal/cipher.h>
 #include <crypto/rng.h>
 #include <crypto/sha.h>
 #include <crypto/skcipher.h>
 
 #include "fips140-module.h"
 
-/* Test vector for a block cipher algorithm */
-struct blockcipher_testvec {
-	const u8 *key;
-	size_t key_size;
-	const u8 *plaintext;
-	const u8 *ciphertext;
-	size_t block_size;
-};
-
 /* Test vector for an AEAD algorithm */
 struct aead_testvec {
 	const u8 *key;
@@ -121,15 +111,27 @@ struct drbg_testvec {
 	size_t out_size;
 };
 
-/*
- * A struct which specifies an algorithm name (using crypto API syntax), a test
- * function for that algorithm, and a test vector used by that test function.
- */
 struct fips_test {
+	/* The name of the algorithm, in crypto API syntax */
 	const char *alg;
-	int __must_check (*func)(const struct fips_test *test);
+
+	/*
+	 * The optional list of implementations to test.  @func will be called
+	 * once per implementation, or once with @alg if this list is empty.
+	 * The implementation names must be given in crypto API syntax, or in
+	 * the case of a library implementation should have "-lib" appended.
+	 */
+	const char *impls[8];
+
+	/*
+	 * The test function.  It should execute a known-answer test on an
+	 * algorithm implementation, using the below test vector.
+	 */
+	int __must_check (*func)(const struct fips_test *test,
+				 const char *impl);
+
+	/* The test vector, with a format specific to the type of algorithm */
 	union {
-		struct blockcipher_testvec blockcipher;
 		struct aead_testvec aead;
 		struct skcipher_testvec skcipher;
 		struct hash_testvec hash;
@@ -141,17 +143,16 @@ struct fips_test {
 #define MAX_IV_SIZE	16
 
 static int __init __must_check
-fips_check_result(const struct fips_test *test, u8 *result,
+fips_check_result(u8 *result, const u8 *expected_result, size_t result_size,
-		  const u8 *expected_result, size_t result_size,
+		  const char *impl, const char *operation)
-		  const char *operation)
 {
 #ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
 	/* Inject a failure (via corrupting the result) if requested. */
-	if (fips140_broken_alg && strcmp(test->alg, fips140_broken_alg) == 0)
+	if (fips140_broken_alg && strcmp(impl, fips140_broken_alg) == 0)
 		result[0] ^= 0xff;
 #endif
 	if (memcmp(result, expected_result, result_size) != 0) {
-		pr_err("wrong result from %s %s\n", test->alg, operation);
+		pr_err("wrong result from %s %s\n", impl, operation);
 		return -EBADMSG;
 	}
 	return 0;
@@ -176,96 +177,56 @@ fips_validate_alg(const struct crypto_alg *alg)
 	return 0;
 }
 
-/* Test a block cipher using the crypto_cipher API. */
 static int __init __must_check
-fips_test_blockcipher(const struct fips_test *test)
+fips_handle_alloc_tfm_error(const char *impl, int err)
 {
-	const struct blockcipher_testvec *vec = &test->blockcipher;
+	if (err == -ENOENT) {
-	struct crypto_cipher *tfm;
-	u8 block[MAX_CIPHER_BLOCKSIZE];
-	int err;
-
-	if (WARN_ON(vec->block_size > MAX_CIPHER_BLOCKSIZE))
-		return -EINVAL;
-
-	tfm = crypto_alloc_cipher(test->alg, 0, 0);
-	if (IS_ERR(tfm)) {
-		err = PTR_ERR(tfm);
-		pr_err("failed to allocate %s tfm: %d\n", test->alg, err);
-		return err;
-	}
-	err = fips_validate_alg(tfm->base.__crt_alg);
-	if (err)
-		goto out;
-	if (crypto_cipher_blocksize(tfm) != vec->block_size) {
-		pr_err("%s has wrong block size\n", test->alg);
-		err = -EINVAL;
-		goto out;
-	}
-
-	err = crypto_cipher_setkey(tfm, vec->key, vec->key_size);
-	if (err) {
-		pr_err("failed to set %s key: %d\n", test->alg, err);
-		goto out;
-	}
-
-	/* Encrypt the plaintext, then verify the resulting ciphertext. */
-	memcpy(block, vec->plaintext, vec->block_size);
-	crypto_cipher_encrypt_one(tfm, block, block);
-	err = fips_check_result(test, block, vec->ciphertext, vec->block_size,
-				"encryption");
-	if (err)
-		goto out;
-
-	/* Decrypt the ciphertext, then verify the resulting plaintext. */
-	crypto_cipher_decrypt_one(tfm, block, block);
-	err = fips_check_result(test, block, vec->plaintext, vec->block_size,
-				"decryption");
-out:
-	crypto_free_cipher(tfm);
-	return err;
-}
-
 		/*
- * Test for plain AES (no mode of operation).  We test this separately from the
+		 * The requested implementation of the algorithm wasn't found.
- * AES modes because the implementation of AES which is used by the "aes"
+		 * This is expected if the CPU lacks a feature the
- * crypto_cipher isn't necessarily the same as that used by the AES modes such
+		 * implementation needs, such as the ARMv8 Crypto Extensions.
- * as "ecb(aes)".  Similarly, the aes_{encrypt,decrypt}() library functions may
+		 *
- * use a different implementation as well, so we test them separately too.
+		 * When this happens, the implementation isn't available for
+		 * use, so we can't test it, nor do we need to.  So we just skip
+		 * the test.
 		 */
+		pr_info("%s is unavailable (no CPU support?), skipping testing it\n",
+			impl);
+		return 0;
+	}
+	pr_err("failed to allocate %s tfm: %d\n", impl, err);
+	return err;
+}
+
 static int __init __must_check
-fips_test_aes(const struct fips_test *test)
+fips_test_aes_library(const struct fips_test *test, const char *impl)
 {
-	const struct blockcipher_testvec *vec = &test->blockcipher;
+	const struct skcipher_testvec *vec = &test->skcipher;
 	struct crypto_aes_ctx ctx;
 	u8 block[AES_BLOCK_SIZE];
 	int err;
 
-	if (WARN_ON(vec->block_size != AES_BLOCK_SIZE))
+	if (WARN_ON(vec->message_size != AES_BLOCK_SIZE))
 		return -EINVAL;
 
-	err = fips_test_blockcipher(test);
-	if (err)
-		return err;
-
 	err = aes_expandkey(&ctx, vec->key, vec->key_size);
 	if (err) {
 		pr_err("aes_expandkey() failed: %d\n", err);
 		return err;
 	}
 	aes_encrypt(&ctx, block, vec->plaintext);
-	err = fips_check_result(test, block, vec->ciphertext, AES_BLOCK_SIZE,
+	err = fips_check_result(block, vec->ciphertext, AES_BLOCK_SIZE,
-				"encryption (library API)");
+				impl, "encryption");
 	if (err)
 		return err;
 	aes_decrypt(&ctx, block, block);
-	return fips_check_result(test, block, vec->plaintext, AES_BLOCK_SIZE,
+	return fips_check_result(block, vec->plaintext, AES_BLOCK_SIZE,
-				 "decryption (library API)");
+				 impl, "decryption");
 }
 
 /* Test a length-preserving symmetric cipher using the crypto_skcipher API. */
 static int __init __must_check
-fips_test_skcipher(const struct fips_test *test)
+fips_test_skcipher(const struct fips_test *test, const char *impl)
 {
 	const struct skcipher_testvec *vec = &test->skcipher;
 	struct crypto_skcipher *tfm;
@@ -277,18 +238,17 @@ fips_test_skcipher(const struct fips_test *test)
 
 	if (WARN_ON(vec->iv_size > MAX_IV_SIZE))
 		return -EINVAL;
+	if (WARN_ON(vec->message_size <= 0))
+		return -EINVAL;
 
-	tfm = crypto_alloc_skcipher(test->alg, 0, 0);
+	tfm = crypto_alloc_skcipher(impl, 0, 0);
-	if (IS_ERR(tfm)) {
+	if (IS_ERR(tfm))
-		err = PTR_ERR(tfm);
+		return fips_handle_alloc_tfm_error(impl, PTR_ERR(tfm));
-		pr_err("failed to allocate %s tfm: %d\n", test->alg, err);
-		return err;
-	}
 	err = fips_validate_alg(&crypto_skcipher_alg(tfm)->base);
 	if (err)
 		goto out;
 	if (crypto_skcipher_ivsize(tfm) != vec->iv_size) {
-		pr_err("%s has wrong IV size\n", test->alg);
+		pr_err("%s has wrong IV size\n", impl);
 		err = -EINVAL;
 		goto out;
 	}
@@ -307,7 +267,7 @@ fips_test_skcipher(const struct fips_test *test)
 
 	err = crypto_skcipher_setkey(tfm, vec->key, vec->key_size);
 	if (err) {
-		pr_err("failed to set %s key: %d\n", test->alg, err);
+		pr_err("failed to set %s key: %d\n", impl, err);
 		goto out;
 	}
 
@@ -315,11 +275,11 @@ fips_test_skcipher(const struct fips_test *test)
 	memcpy(iv, vec->iv, vec->iv_size);
 	err = crypto_skcipher_encrypt(req);
 	if (err) {
-		pr_err("%s encryption failed: %d\n", test->alg, err);
+		pr_err("%s encryption failed: %d\n", impl, err);
 		goto out;
 	}
-	err = fips_check_result(test, message, vec->ciphertext,
+	err = fips_check_result(message, vec->ciphertext, vec->message_size,
-				vec->message_size, "encryption");
+				impl, "encryption");
 	if (err)
 		goto out;
 
@@ -327,11 +287,11 @@ fips_test_skcipher(const struct fips_test *test)
 	memcpy(iv, vec->iv, vec->iv_size);
 	err = crypto_skcipher_decrypt(req);
 	if (err) {
-		pr_err("%s decryption failed: %d\n", test->alg, err);
+		pr_err("%s decryption failed: %d\n", impl, err);
 		goto out;
 	}
-	err = fips_check_result(test, message, vec->plaintext,
+	err = fips_check_result(message, vec->plaintext, vec->message_size,
-				vec->message_size, "decryption");
+				impl, "decryption");
 out:
 	kfree(message);
 	skcipher_request_free(req);
@@ -341,7 +301,7 @@ out:
 
 /* Test an AEAD using the crypto_aead API. */
 static int __init __must_check
-fips_test_aead(const struct fips_test *test)
+fips_test_aead(const struct fips_test *test, const char *impl)
 {
 	const struct aead_testvec *vec = &test->aead;
 	const int tag_size = vec->ciphertext_size - vec->plaintext_size;
@@ -359,17 +319,14 @@ fips_test_aead(const struct fips_test *test)
 	if (WARN_ON(vec->ciphertext_size <= vec->plaintext_size))
 		return -EINVAL;
 
-	tfm = crypto_alloc_aead(test->alg, 0, 0);
+	tfm = crypto_alloc_aead(impl, 0, 0);
-	if (IS_ERR(tfm)) {
+	if (IS_ERR(tfm))
-		err = PTR_ERR(tfm);
+		return fips_handle_alloc_tfm_error(impl, PTR_ERR(tfm));
-		pr_err("failed to allocate %s tfm: %d\n", test->alg, err);
-		return err;
-	}
 	err = fips_validate_alg(&crypto_aead_alg(tfm)->base);
 	if (err)
 		goto out;
 	if (crypto_aead_ivsize(tfm) != vec->iv_size) {
-		pr_err("%s has wrong IV size\n", test->alg);
+		pr_err("%s has wrong IV size\n", impl);
 		err = -EINVAL;
 		goto out;
 	}
@@ -393,14 +350,14 @@ fips_test_aead(const struct fips_test *test)
 
 	err = crypto_aead_setkey(tfm, vec->key, vec->key_size);
 	if (err) {
-		pr_err("failed to set %s key: %d\n", test->alg, err);
+		pr_err("failed to set %s key: %d\n", impl, err);
 		goto out;
 	}
 
 	err = crypto_aead_setauthsize(tfm, tag_size);
 	if (err) {
 		pr_err("failed to set %s authentication tag size: %d\n",
-		       test->alg, err);
+		       impl, err);
 		goto out;
 	}
 
@@ -412,11 +369,11 @@ fips_test_aead(const struct fips_test *test)
 	aead_request_set_crypt(req, sg, sg, vec->plaintext_size, iv);
 	err = crypto_aead_encrypt(req);
 	if (err) {
-		pr_err("%s encryption failed: %d\n", test->alg, err);
+		pr_err("%s encryption failed: %d\n", impl, err);
 		goto out;
 	}
-	err = fips_check_result(test, message, vec->ciphertext,
+	err = fips_check_result(message, vec->ciphertext, vec->ciphertext_size,
-				vec->ciphertext_size, "encryption");
+				impl, "encryption");
 	if (err)
 		goto out;
 
@@ -428,11 +385,11 @@ fips_test_aead(const struct fips_test *test)
 	aead_request_set_crypt(req, sg, sg, vec->ciphertext_size, iv);
 	err = crypto_aead_decrypt(req);
 	if (err) {
-		pr_err("%s decryption failed: %d\n", test->alg, err);
+		pr_err("%s decryption failed: %d\n", impl, err);
 		goto out;
 	}
-	err = fips_check_result(test, message, vec->plaintext,
+	err = fips_check_result(message, vec->plaintext, vec->plaintext_size,
-				vec->plaintext_size, "decryption");
+				impl, "decryption");
 out:
 	kfree(message);
 	kfree(assoc);
@@ -449,7 +406,7 @@ out:
  * be no hash algorithms that can be accessed only through crypto_ahash.
  */
 static int __init __must_check
-fips_test_hash(const struct fips_test *test)
+fips_test_hash(const struct fips_test *test, const char *impl)
 {
 	const struct hash_testvec *vec = &test->hash;
 	struct crypto_shash *tfm;
@@ -459,17 +416,14 @@ fips_test_hash(const struct fips_test *test)
 	if (WARN_ON(vec->digest_size > HASH_MAX_DIGESTSIZE))
 		return -EINVAL;
 
-	tfm = crypto_alloc_shash(test->alg, 0, 0);
+	tfm = crypto_alloc_shash(impl, 0, 0);
-	if (IS_ERR(tfm)) {
+	if (IS_ERR(tfm))
-		err = PTR_ERR(tfm);
+		return fips_handle_alloc_tfm_error(impl, PTR_ERR(tfm));
-		pr_err("failed to allocate %s tfm: %d\n", test->alg, err);
-		return err;
-	}
 	err = fips_validate_alg(&crypto_shash_alg(tfm)->base);
 	if (err)
 		goto out;
 	if (crypto_shash_digestsize(tfm) != vec->digest_size) {
-		pr_err("%s has wrong digest size\n", test->alg);
+		pr_err("%s has wrong digest size\n", impl);
 		err = -EINVAL;
 		goto out;
 	}
@@ -477,7 +431,7 @@ fips_test_hash(const struct fips_test *test)
 	if (vec->key) {
 		err = crypto_shash_setkey(tfm, vec->key, vec->key_size);
 		if (err) {
-			pr_err("failed to set %s key: %d\n", test->alg, err);
+			pr_err("failed to set %s key: %d\n", impl, err);
 			goto out;
 		}
 	}
@@ -485,22 +439,18 @@ fips_test_hash(const struct fips_test *test)
 	err = crypto_shash_tfm_digest(tfm, vec->message, vec->message_size,
 				      digest);
 	if (err) {
-		pr_err("%s digest computation failed: %d\n", test->alg, err);
+		pr_err("%s digest computation failed: %d\n", impl, err);
 		goto out;
 	}
-	err = fips_check_result(test, digest, vec->digest, vec->digest_size,
+	err = fips_check_result(digest, vec->digest, vec->digest_size,
-				"digest");
+				impl, "digest");
 out:
 	crypto_free_shash(tfm);
 	return err;
 }
 
-/*
- * Test the sha256() library function, as it may not be covered by the "sha256"
- * crypto_shash, and thus may not be covered by the "hmac(sha256)" test we do.
- */
 static int __init __must_check
-fips_test_sha256_library(const struct fips_test *test)
+fips_test_sha256_library(const struct fips_test *test, const char *impl)
 {
 	const struct hash_testvec *vec = &test->hash;
 	u8 digest[SHA256_DIGEST_SIZE];
@@ -509,13 +459,13 @@ fips_test_sha256_library(const struct fips_test *test)
 		return -EINVAL;
 
 	sha256(vec->message, vec->message_size, digest);
-	return fips_check_result(test, digest, vec->digest, vec->digest_size,
+	return fips_check_result(digest, vec->digest, vec->digest_size,
-				 "digest (library API)");
+				 impl, "digest");
 }
 
 /* Test a DRBG using the crypto_rng API. */
 static int __init __must_check
-fips_test_drbg(const struct fips_test *test)
+fips_test_drbg(const struct fips_test *test, const char *impl)
 {
 	const struct drbg_testvec *vec = &test->drbg;
 	struct crypto_rng *rng;
@@ -524,12 +474,9 @@ fips_test_drbg(const struct fips_test *test)
 	struct drbg_string addtl, pers, testentropy;
 	int err;
 
-	rng = crypto_alloc_rng(test->alg, 0, 0);
+	rng = crypto_alloc_rng(impl, 0, 0);
-	if (IS_ERR(rng)) {
+	if (IS_ERR(rng))
-		err = PTR_ERR(rng);
+		return fips_handle_alloc_tfm_error(impl, PTR_ERR(rng));
-		pr_err("failed to allocate %s tfm: %d\n", test->alg, err);
-		return PTR_ERR(rng);
-	}
 	err = fips_validate_alg(&crypto_rng_alg(rng)->base);
 	if (err)
 		goto out;
@@ -549,7 +496,7 @@ fips_test_drbg(const struct fips_test *test)
 	drbg_string_fill(&pers, vec->pers, vec->pers_size);
 	err = crypto_drbg_reset_test(rng, &pers, &test_data);
 	if (err) {
-		pr_err("failed to reset %s\n", test->alg);
+		pr_err("failed to reset %s\n", impl);
 		goto out;
 	}
 
@@ -570,7 +517,7 @@ fips_test_drbg(const struct fips_test *test)
 	}
 	if (err) {
 		pr_err("failed to get bytes from %s (try 1): %d\n",
-		       test->alg, err);
+		       impl, err);
 		goto out;
 	}
 
@@ -590,13 +537,13 @@ fips_test_drbg(const struct fips_test *test)
 	}
 	if (err) {
 		pr_err("failed to get bytes from %s (try 2): %d\n",
-		       test->alg, err);
+		       impl, err);
 		goto out;
 	}
 
 	/* Check that the DRBG generated the expected output. */
-	err = fips_check_result(test, output, vec->output, vec->out_size,
+	err = fips_check_result(output, vec->output, vec->out_size,
-				"get_bytes");
+				impl, "get_bytes");
 out:
 	kfree(output);
 	crypto_free_rng(rng);
@@ -606,33 +553,144 @@ out:
 /* Include the test vectors generated by the Python script. */
 #include "fips140-generated-testvecs.h"
 
-/* List of all self-tests.  Keep this in sync with fips140_algorithms[]. */
+/*
+ * List of all self-tests.  Keep this in sync with fips140_algorithms[].
+ *
+ * When possible, we have followed the FIPS 140-2 Implementation Guidance (IG)
+ * document when creating this list of tests.  The result is intended to be a
+ * list of tests that is near-minimal (and thus minimizes runtime overhead)
+ * while complying with all requirements.  For additional details, see the
+ * comment at the beginning of this file.
+ */
 static const struct fips_test fips140_selftests[] __initconst = {
 	/*
-	 * Tests for AES and AES modes.
+	 * Test for the AES library API.
 	 *
-	 * The full list of AES algorithms we potentially need to test are AES
+	 * Since the AES library API may use its own AES implementation and the
-	 * by itself, AES-CBC, AES-CTR, AES-ECB, AES-GCM, and AES-XTS.  We can
+	 * module provides no support for composing it with a mode of operation
-	 * follow the FIPS 140-2 Implementation Guidance (IG) document to try to
+	 * (it's just plain AES), we must test it directly.
-	 * reduce this list, but we run into the issue that the architecture-
+	 *
-	 * specific implementations of these algorithms in Linux often don't
+	 * In contrast, we don't need to directly test the "aes" ciphers that
-	 * share the "same" underlying AES implementation.  E.g., the ARMv8 CE
+	 * are accessible through the crypto_cipher API (e.g. "aes-ce"), as they
-	 * optimized implementations issue ARMv8 CE instructions directly rather
+	 * are covered indirectly by AES-CMAC and AES-ECB tests.
-	 * than going through a separate AES implementation.  In this case,
-	 * separate tests are needed according to section 9.2 of the IG.
 	 */
 	{
 		.alg		= "aes",
-		.func		= fips_test_aes,
+		.impls		= {"aes-lib"},
-		.blockcipher	= {
+		.func		= fips_test_aes_library,
+		.skcipher	= {
 			.key		= fips_aes_key,
 			.key_size	= sizeof(fips_aes_key),
 			.plaintext	= fips_message,
 			.ciphertext	= fips_aes_ecb_ciphertext,
-			.block_size	= 16,
+			.message_size	= 16,
 		}
-	}, {
+	},
+	/*
+	 * Tests for AES-CMAC, a.k.a. "cmac(aes)" in crypto API syntax.
+	 *
+	 * The IG requires that each underlying AES implementation be tested in
+	 * an authenticated mode, if implemented.  Of such modes, this module
+	 * implements AES-GCM and AES-CMAC.  However, AES-GCM doesn't "count"
+	 * because this module's implementations of AES-GCM won't actually be
+	 * FIPS-approved, due to a quirk in the FIPS requirements.
+	 *
+	 * Therefore, for us this requirement applies to AES-CMAC, so we must
+	 * test the "cmac" template composed with each "aes" implementation.
+	 *
+	 * Separately from the above, we also must test all standalone
+	 * implementations of "cmac(aes)" such as "cmac-aes-ce", as they don't
+	 * reuse another full AES implementation and thus can't be covered by
+	 * another test.
+	 */
+	{
+		.alg		= "cmac(aes)",
+		.impls		= {
+			/* "cmac" template with all "aes" implementations */
+			"cmac(aes-generic)",
+			"cmac(aes-arm64)",
+			"cmac(aes-ce)",
+			/* All standalone implementations of "cmac(aes)" */
+			"cmac-aes-neon",
+			"cmac-aes-ce",
+		},
+		.func		= fips_test_hash,
+		.hash		= {
+			.key		= fips_aes_key,
+			.key_size	= sizeof(fips_aes_key),
+			.message	= fips_message,
+			.message_size	= sizeof(fips_message),
+			.digest		= fips_aes_cmac_digest,
+			.digest_size	= sizeof(fips_aes_cmac_digest),
+		}
+	},
+	/*
+	 * Tests for AES-ECB, a.k.a. "ecb(aes)" in crypto API syntax.
+	 *
+	 * The IG requires that each underlying AES implementation be tested in
+	 * a mode that exercises the encryption direction of AES and in a mode
+	 * that exercises the decryption direction of AES.  CMAC only covers the
+	 * encryption direction, so we choose ECB to test decryption.  Thus, we
+	 * test the "ecb" template composed with each "aes" implementation.
+	 *
+	 * Separately from the above, we also must test all standalone
+	 * implementations of "ecb(aes)" such as "ecb-aes-ce", as they don't
+	 * reuse another full AES implementation and thus can't be covered by
+	 * another test.
+	 */
+	{
+		.alg		= "ecb(aes)",
+		.impls		= {
+			/* "ecb" template with all "aes" implementations */
+			"ecb(aes-generic)",
+			"ecb(aes-arm64)",
+			"ecb(aes-ce)",
+			/* All standalone implementations of "ecb(aes)" */
+			"ecb-aes-neon",
+			"ecb-aes-neonbs",
+			"ecb-aes-ce",
+		},
+		.func		= fips_test_skcipher,
+		.skcipher	= {
+			.key		= fips_aes_key,
+			.key_size	= sizeof(fips_aes_key),
+			.plaintext	= fips_message,
+			.ciphertext	= fips_aes_ecb_ciphertext,
+			.message_size	= sizeof(fips_message)
+		}
+	},
+	/*
+	 * Tests for AES-CBC, AES-CBC-CTS, AES-CTR, AES-XTS, and AES-GCM.
+	 *
+	 * According to the IG, an AES mode of operation doesn't need to have
+	 * its own test, provided that (a) both the encryption and decryption
+	 * directions of the underlying AES implementation are already tested
+	 * via other mode(s), and (b) in the case of an authenticated mode, at
+	 * least one other authenticated mode is already tested.  The tests of
+	 * the "cmac" and "ecb" templates fulfill these conditions; therefore,
+	 * we don't need to test any other AES mode templates.
+	 *
+	 * This does *not* apply to standalone implementations of these modes
+	 * such as "cbc-aes-ce", as such implementations don't reuse another
+	 * full AES implementation and thus can't be covered by another test.
+	 * We must test all such standalone implementations.
+	 *
+	 * The AES-GCM test isn't actually required, as it's expected that this
+	 * module's AES-GCM implementation won't actually be able to be
+	 * FIPS-approved.  This is unfortunate; it's caused by the FIPS
+	 * requirements for GCM being incompatible with GCM implementations that
+	 * don't generate their own IVs.  We choose to still include the AES-GCM
+	 * test to keep it on par with the other FIPS-approved algorithms, in
+	 * case it turns out that AES-GCM can be approved after all.
+	 */
+	{
 		.alg		= "cbc(aes)",
+		.impls		= {
+			/* All standalone implementations of "cbc(aes)" */
+			"cbc-aes-neon",
+			"cbc-aes-neonbs",
+			"cbc-aes-ce",
+		},
 		.func		= fips_test_skcipher,
 		.skcipher	= {
 			.key		= fips_aes_key,
@@ -643,8 +701,40 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.ciphertext	= fips_aes_cbc_ciphertext,
 			.message_size	= sizeof(fips_message),
 		}
+	}, {
+		.alg		= "cts(cbc(aes))",
+		.impls		= {
+			/* All standalone implementations of "cts(cbc(aes))" */
+			"cts-cbc-aes-neon",
+			"cts-cbc-aes-ce",
+		},
+		.func		= fips_test_skcipher,
+		/* Test vector taken from RFC 3962 */
+		.skcipher	= {
+			.key    = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+				  "\x74\x65\x72\x69\x79\x61\x6b\x69",
+			.key_size = 16,
+			.iv	= "\x00\x00\x00\x00\x00\x00\x00\x00"
+				  "\x00\x00\x00\x00\x00\x00\x00\x00",
+			.iv_size = 16,
+			.plaintext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+				     "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+				     "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+				     "\x20\x47\x61\x75\x27\x73\x20",
+			.ciphertext = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1"
+				      "\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+				      "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+				      "\xc0\x7b\x25\xe2\x5e\xcf\xe5",
+			.message_size = 31,
+		}
 	}, {
 		.alg		= "ctr(aes)",
+		.impls		= {
+			/* All standalone implementations of "ctr(aes)" */
+			"ctr-aes-neon",
+			"ctr-aes-neonbs",
+			"ctr-aes-ce",
+		},
 		.func		= fips_test_skcipher,
 		.skcipher	= {
 			.key		= fips_aes_key,
@@ -655,34 +745,14 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.ciphertext	= fips_aes_ctr_ciphertext,
 			.message_size	= sizeof(fips_message),
 		}
-	}, {
-		.alg		= "ecb(aes)",
-		.func		= fips_test_skcipher,
-		.skcipher	= {
-			.key		= fips_aes_key,
-			.key_size	= sizeof(fips_aes_key),
-			.plaintext	= fips_message,
-			.ciphertext	= fips_aes_ecb_ciphertext,
-			.message_size	= sizeof(fips_message)
-		}
-	}, {
-		.alg		= "gcm(aes)",
-		.func		= fips_test_aead,
-		.aead		= {
-			.key		= fips_aes_key,
-			.key_size	= sizeof(fips_aes_key),
-			.iv		= fips_aes_iv,
-			/* The GCM implementation assumes an IV size of 12. */
-			.iv_size	= 12,
-			.assoc		= fips_aes_gcm_assoc,
-			.assoc_size	= sizeof(fips_aes_gcm_assoc),
-			.plaintext	= fips_message,
-			.plaintext_size	= sizeof(fips_message),
-			.ciphertext	= fips_aes_gcm_ciphertext,
-			.ciphertext_size = sizeof(fips_aes_gcm_ciphertext),
-		}
 	}, {
 		.alg		= "xts(aes)",
+		.impls		= {
+			/* All standalone implementations of "xts(aes)" */
+			"xts-aes-neon",
+			"xts-aes-neonbs",
+			"xts-aes-ce",
+		},
 		.func		= fips_test_skcipher,
 		.skcipher	= {
 			.key		= fips_aes_xts_key,
@@ -693,27 +763,36 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.ciphertext	= fips_aes_xts_ciphertext,
 			.message_size	= sizeof(fips_message),
 		}
-	/*
-	 * Tests for SHA-1, SHA-256, HMAC-SHA256, and SHA-512.
-	 *
-	 * The selection of these specific tests follows the guidance from
-	 * section 9 of the FIPS 140-2 Implementation Guidance (IG) document to
-	 * achieve a minimal list of tests, rather than testing all of
-	 * SHA-{1,224,256,384,512} and HMAC-SHA{1,224,256,384,512}.  As per the
-	 * IG, testing SHA-224 is only required if SHA-256 isn't implemented,
-	 * and testing SHA-384 is only required if SHA-512 isn't implemented.
-	 * Also, HMAC only has to be tested with one underlying SHA, and the
-	 * HMAC test also fulfills the test for its underlying SHA.  That would
-	 * result in a test list of e.g. SHA-1, HMAC-SHA256, and SHA-512.
-	 *
-	 * However we also need to take into account cases where implementations
-	 * aren't shared in the "natural" way assumed by the IG.  Currently the
-	 * only known exception w.r.t. SHA-* and HMAC-* is the sha256() library
-	 * function which may not be covered by the test of the "hmac(sha256)"
-	 * crypto_shash.  So, we test sha256() separately.
-	 */
 	}, {
+		.alg		= "gcm(aes)",
+		.impls		= {
+			/* All standalone implementations of "gcm(aes)" */
+			"gcm-aes-ce",
+		},
+		.func		= fips_test_aead,
+		.aead		= {
+			.key		= fips_aes_key,
+			.key_size	= sizeof(fips_aes_key),
+			.iv		= fips_aes_iv,
+			/* The GCM implementations assume an IV size of 12. */
+			.iv_size	= 12,
+			.assoc		= fips_aes_gcm_assoc,
+			.assoc_size	= sizeof(fips_aes_gcm_assoc),
+			.plaintext	= fips_message,
+			.plaintext_size	= sizeof(fips_message),
+			.ciphertext	= fips_aes_gcm_ciphertext,
+			.ciphertext_size = sizeof(fips_aes_gcm_ciphertext),
+		}
+	},
+
+	/* Tests for SHA-1 */
+	{
 		.alg		= "sha1",
+		.impls		= {
+			/* All implementations of "sha1" */
+			"sha1-generic",
+			"sha1-ce"
+		},
 		.func		= fips_test_hash,
 		.hash		= {
 			.message	= fips_message,
@@ -721,8 +800,35 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.digest		= fips_sha1_digest,
 			.digest_size	= sizeof(fips_sha1_digest)
 		}
-	}, {
+	},
+	/*
+	 * Tests for all SHA-256 implementations other than the sha256() library
+	 * function.  As per the IG, these tests also fulfill the tests for the
+	 * corresponding SHA-224 implementations.
+	 */
+	{
 		.alg		= "sha256",
+		.impls		= {
+			/* All implementations of "sha256" */
+			"sha256-generic",
+			"sha256-arm64",
+			"sha256-ce",
+		},
+		.func		= fips_test_hash,
+		.hash		= {
+			.message	= fips_message,
+			.message_size	= sizeof(fips_message),
+			.digest		= fips_sha256_digest,
+			.digest_size	= sizeof(fips_sha256_digest)
+		}
+	},
+	/*
+	 * Test for the sha256() library function.  This must be tested
+	 * separately because it may use its own SHA-256 implementation.
+	 */
+	{
+		.alg		= "sha256",
+		.impls		= {"sha256-lib"},
 		.func		= fips_test_sha256_library,
 		.hash		= {
 			.message	= fips_message,
@@ -730,7 +836,36 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.digest		= fips_sha256_digest,
 			.digest_size	= sizeof(fips_sha256_digest)
 		}
-	}, {
+	},
+	/*
+	 * Tests for all SHA-512 implementations.  As per the IG, these tests
+	 * also fulfill the tests for the corresponding SHA-384 implementations.
+	 */
+	{
+		.alg		= "sha512",
+		.impls		= {
+			/* All implementations of "sha512" */
+			"sha512-generic",
+			"sha512-arm64",
+			"sha512-ce",
+		},
+		.func		= fips_test_hash,
+		.hash		= {
+			.message	= fips_message,
+			.message_size	= sizeof(fips_message),
+			.digest		= fips_sha512_digest,
+			.digest_size	= sizeof(fips_sha512_digest)
+		}
+	},
+	/*
+	 * Test for HMAC.  As per the IG, only one HMAC test is required,
+	 * provided that the same HMAC code is shared by all HMAC-SHA*.  This is
+	 * true in our case.  We choose HMAC-SHA256 for the test.
+	 *
+	 * Note that as per the IG, this can fulfill the test for the underlying
+	 * SHA.  However, we don't currently rely on this.
+	 */
+	{
 		.alg		= "hmac(sha256)",
 		.func		= fips_test_hash,
 		.hash		= {
@@ -741,61 +876,36 @@ static const struct fips_test fips140_selftests[] __initconst = {
 			.digest		= fips_hmac_sha256_digest,
 			.digest_size	= sizeof(fips_hmac_sha256_digest)
 		}
-	}, {
+	},
-		.alg		= "sha512",
-		.func		= fips_test_hash,
-		.hash		= {
-			.message	= fips_message,
-			.message_size	= sizeof(fips_message),
-			.digest		= fips_sha512_digest,
-			.digest_size	= sizeof(fips_sha512_digest)
-		}
 	/*
-	 * Tests for DRBG algorithms.
+	 * Known-answer tests for the SP800-90A DRBG algorithms.
 	 *
-	 * Only the default variant (the one that users get when they request
+	 * These test vectors were manually extracted from
-	 * "stdrng") is required to be tested, as we don't consider the other
+	 * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip.
-	 * variants to be used / usable in the FIPS security policy.  This is
-	 * similar to how e.g. we don't test both "xts(aes-generic)" and
-	 * "xts-aes-ce" but rather just "xts(aes)".
 	 *
-	 * Currently the default one is "drbg_nopr_hmac_sha256"; however, just
+	 * The selection of these tests follows the FIPS 140-2 IG as well as
-	 * in case we also test the prediction-resistant enabled variant too.
+	 * Section 11 of SP800-90A:
+	 *
+	 * - We must test all DRBG types (HMAC, Hash, and CTR) that the module
+	 *   implements.  However, currently the module only implements
+	 *   HMAC_DRBG (since CONFIG_CRYPTO_DRBG_CTR and CONFIG_CRYPTO_DRBG_HASH
+	 *   aren't enabled).  Therefore, we only need to test HMAC_DRBG.
+	 *
+	 * - We only need to test one HMAC variant.
+	 *
+	 * - We must test all DRBG operations: Instantiate(), Reseed(), and
+	 *   Generate().  However, a single test sequence with a single output
+	 *   comparison may cover all three operations, and this is what we do.
+	 *   Note that Reseed() happens implicitly via the use of the additional
+	 *   input and also via the use of prediction resistance when enabled.
+	 *
+	 * - The personalization string, additional input, and prediction
+	 *   resistance support must be tested.  Therefore we have chosen test
+	 *   vectors that have a nonempty personalization string and nonempty
+	 *   additional input, and we test the prediction-resistant variant.
+	 *   Testing the non-prediction-resistant variant is not required.
 	 */
-	}, {
+	{
-		.alg	= "drbg_nopr_hmac_sha256",
-		.func	= fips_test_drbg,
-		.drbg	= {
-			.entropy =
-				"\xf9\x7a\x3c\xfd\x91\xfa\xa0\x46\xb9\xe6\x1b\x94"
-				"\x93\xd4\x36\xc4\x93\x1f\x60\x4b\x22\xf1\x08\x15"
-				"\x21\xb3\x41\x91\x51\xe8\xff\x06\x11\xf3\xa7\xd4"
-				"\x35\x95\x35\x7d\x58\x12\x0b\xd1\xe2\xdd\x8a\xed",
-			.entropy_size = 48,
-			.output =
-				"\xc6\x87\x1c\xff\x08\x24\xfe\x55\xea\x76\x89\xa5"
-				"\x22\x29\x88\x67\x30\x45\x0e\x5d\x36\x2d\xa5\xbf"
-				"\x59\x0d\xcf\x9a\xcd\x67\xfe\xd4\xcb\x32\x10\x7d"
-				"\xf5\xd0\x39\x69\xa6\x6b\x1f\x64\x94\xfd\xf5\xd6"
-				"\x3d\x5b\x4d\x0d\x34\xea\x73\x99\xa0\x7d\x01\x16"
-				"\x12\x6d\x0d\x51\x8c\x7c\x55\xba\x46\xe1\x2f\x62"
-				"\xef\xc8\xfe\x28\xa5\x1c\x9d\x42\x8e\x6d\x37\x1d"
-				"\x73\x97\xab\x31\x9f\xc7\x3d\xed\x47\x22\xe5\xb4"
-				"\xf3\x00\x04\x03\x2a\x61\x28\xdf\x5e\x74\x97\xec"
-				"\xf8\x2c\xa7\xb0\xa5\x0e\x86\x7e\xf6\x72\x8a\x4f"
-				"\x50\x9a\x8c\x85\x90\x87\x03\x9c",
-			.out_size = 128,
-			.add_a =
-				"\x51\x72\x89\xaf\xe4\x44\xa0\xfe\x5e\xd1\xa4\x1d"
-				"\xbb\xb5\xeb\x17\x15\x00\x79\xbd\xd3\x1e\x29\xcf"
-				"\x2f\xf3\x00\x34\xd8\x26\x8e\x3b",
-			.add_b =
-				"\x88\x02\x8d\x29\xef\x80\xb4\xe6\xf0\xfe\x12\xf9"
-				"\x1d\x74\x49\xfe\x75\x06\x26\x82\xe8\x9c\x57\x14"
-				"\x40\xc0\xc9\xb5\x2c\x42\xa6\xe0",
-			.add_size = 32,
-		}
-	}, {
 		.alg	= "drbg_pr_hmac_sha256",
 		.func	= fips_test_drbg,
 		.drbg	= {
@@ -845,19 +955,44 @@ static const struct fips_test fips140_selftests[] __initconst = {
 	}
 };
 
+static int __init __must_check
+fips_run_test(const struct fips_test *test)
+{
+	int i;
+	int err;
+
+	/*
+	 * If no implementations were specified, then just test the default one.
+	 * Otherwise, test the specified list of implementations.
+	 */
+
+	if (test->impls[0] == NULL) {
+		err = test->func(test, test->alg);
+		if (err)
+			pr_emerg("self-tests failed for algorithm %s: %d\n",
+				 test->alg, err);
+		return err;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(test->impls) && test->impls[i] != NULL;
+	     i++) {
+		err = test->func(test, test->impls[i]);
+		if (err) {
+			pr_emerg("self-tests failed for algorithm %s, implementation %s: %d\n",
+				 test->alg, test->impls[i], err);
+			return err;
+		}
+	}
+	return 0;
+}
+
 bool __init fips140_run_selftests(void)
 {
 	int i;
 
 	pr_info("running self-tests\n");
 	for (i = 0; i < ARRAY_SIZE(fips140_selftests); i++) {
-		const struct fips_test *test = &fips140_selftests[i];
+		if (fips_run_test(&fips140_selftests[i]) != 0) {
-		int err;
-
-		err = test->func(test);
-		if (err) {
-			pr_emerg("self-tests failed for algorithm %s: %d\n",
-				 test->alg, err);
 			/* The caller is responsible for calling panic(). */
 			return false;
 		}

crypto/fips140_gen_hmac.c

@@ -28,7 +28,7 @@
 static Elf64_Ehdr *ehdr;
 static Elf64_Shdr *shdr;
 static int num_shdr;
-static const char *strtab;
+static const char *strtab, *shstrtab;
 static Elf64_Sym *syms;
 static int num_syms;
 
@@ -42,17 +42,78 @@ static Elf64_Shdr *find_symtab_section(void)
 	return NULL;
 }
 
-static void *get_sym_addr(const char *sym_name)
+static int get_section_idx(const char *name)
+{
+	int i;
+
+	for (i = 0; i < num_shdr; i++)
+		if (!strcmp(shstrtab + shdr[i].sh_name, name))
+			return i;
+	return -1;
+}
+
+static int get_sym_idx(const char *sym_name)
 {
 	int i;
 
 	for (i = 0; i < num_syms; i++)
 		if (!strcmp(strtab + syms[i].st_name, sym_name))
+			return i;
+	return -1;
+}
+
+static void *get_sym_addr(const char *sym_name)
+{
+	int i = get_sym_idx(sym_name);
+
+	if (i >= 0)
 		return (void *)ehdr + shdr[syms[i].st_shndx].sh_offset +
 		       syms[i].st_value;
 	return NULL;
 }
 
+static int update_rela_ref(const char *name)
+{
+	/*
+	 * We need to do a couple of things to ensure that the copied RELA data
+	 * is accessible to the module itself at module init time:
+	 * - the associated entry in the symbol table needs to refer to the
+	 *   correct section index, and have SECTION type and GLOBAL linkage.
+	 * - the 'count' global variable in the module need to be set to the
+	 *   right value based on the size of the RELA section.
+	 */
+	unsigned int *size_var;
+	int sec_idx, sym_idx;
+	char str[32];
+
+	sprintf(str, "fips140_rela_%s", name);
+	size_var = get_sym_addr(str);
+	if (!size_var) {
+		printf("variable '%s' not found, disregarding .%s section\n",
+		       str, name);
+		return 1;
+	}
+
+	sprintf(str, "__sec_rela_%s", name);
+	sym_idx = get_sym_idx(str);
+
+	sprintf(str, ".init.rela.%s", name);
+	sec_idx = get_section_idx(str);
+
+	if (sec_idx < 0 || sym_idx < 0) {
+		fprintf(stderr, "failed to locate metadata for .%s section in binary\n",
+			name);
+		return 0;
+	}
+
+	syms[sym_idx].st_shndx = sec_idx;
+	syms[sym_idx].st_info = (STB_GLOBAL << 4) | STT_SECTION;
+
+	size_var[1] = shdr[sec_idx].sh_size / sizeof(Elf64_Rela);
+
+	return 1;
+}
+
 static void hmac_section(HMAC_CTX *hmac, const char *start, const char *end)
 {
 	void *start_addr = get_sym_addr(start);
@@ -103,6 +164,10 @@ int main(int argc, char **argv)
 	num_syms = symtab_shdr->sh_size / sizeof(Elf64_Sym);
 
 	strtab = (void *)ehdr + shdr[symtab_shdr->sh_link].sh_offset;
+	shstrtab = (void *)ehdr + shdr[ehdr->e_shstrndx].sh_offset;
+
+	if (!update_rela_ref("text") || !update_rela_ref("rodata"))
+		exit(EXIT_FAILURE);
 
 	hmac_key = get_sym_addr("fips140_integ_hmac_key");
 	if (!hmac_key) {

drivers/android/vendor_hooks.c

@@ -17,7 +17,6 @@
 #include <trace/hooks/dtask.h>
 #include <trace/hooks/cpuidle.h>
 #include <trace/hooks/topology.h>
-#include <trace/hooks/mpam.h>
 #include <trace/hooks/gic.h>
 #include <trace/hooks/wqlockup.h>
 #include <trace/hooks/debug.h>
@@ -123,7 +122,6 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_sched_show_task);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_shmem_alloc_page);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpu_idle_enter);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cpu_idle_exit);
-EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mpam_set);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_find_busiest_group);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_gic_resume);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_wq_lockup_pool);
@@ -376,6 +374,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_usb_dev_resume);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ipv6_gen_linklocal_addr);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_sound_usb_support_cpu_suspend);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_snd_compr_use_pause_in_drain);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_snd_soc_card_get_comp_chain);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_show_max_freq);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_tcp_sendmsg_locked);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_tcp_recvmsg);

drivers/dma-buf/heaps/system_heap.c

@@ -543,10 +543,37 @@ static struct dma_heap_ops system_uncached_heap_ops = {
 	.allocate = system_uncached_heap_not_initialized,
 };
 
+static int set_heap_dev_dma(struct device *heap_dev)
+{
+	int err = 0;
+
+	if (!heap_dev)
+		return -EINVAL;
+
+	dma_coerce_mask_and_coherent(heap_dev, DMA_BIT_MASK(64));
+
+	if (!heap_dev->dma_parms) {
+		heap_dev->dma_parms = devm_kzalloc(heap_dev,
+						   sizeof(*heap_dev->dma_parms),
+						   GFP_KERNEL);
+		if (!heap_dev->dma_parms)
+			return -ENOMEM;
+
+		err = dma_set_max_seg_size(heap_dev, (unsigned int)DMA_BIT_MASK(64));
+		if (err) {
+			devm_kfree(heap_dev, heap_dev->dma_parms);
+			dev_err(heap_dev, "Failed to set DMA segment size, err:%d\n", err);
+			return err;
+		}
+	}
+
+	return 0;
+}
+
 static int system_heap_create(void)
 {
 	struct dma_heap_export_info exp_info;
-	int i;
+	int i, err = 0;
 
 	for (i = 0; i < NUM_ORDERS; i++) {
 		pools[i] = dmabuf_page_pool_create(order_flags[i], orders[i]);
@@ -577,7 +604,10 @@ static int system_heap_create(void)
 	if (IS_ERR(sys_uncached_heap))
 		return PTR_ERR(sys_uncached_heap);
 
-	dma_coerce_mask_and_coherent(dma_heap_get_dev(sys_uncached_heap), DMA_BIT_MASK(64));
+	err = set_heap_dev_dma(dma_heap_get_dev(sys_uncached_heap));
+	if (err)
+		return err;
+
 	mb(); /* make sure we only set allocate after dma_mask is set */
 	system_uncached_heap_ops.allocate = system_uncached_heap_allocate;
 

drivers/scsi/ufs/ufs_quirks.h

@@ -116,4 +116,10 @@ struct ufs_dev_fix {
  */
 #define UFS_DEVICE_QUIRK_DELAY_AFTER_LPM        (1 << 11)
 
+/*
+ * Some UFS devices require L2P entry should be swapped before being sent to the
+ * UFS device for HPB READ command.
+ */
+#define UFS_DEVICE_QUIRK_SWAP_L2P_ENTRY_FOR_HPB_READ (1 << 12)
+
 #endif /* UFS_QUIRKS_H_ */

drivers/scsi/ufs/ufshcd.c

@@ -202,7 +202,8 @@ ufs_get_desired_pm_lvl_for_dev_link_state(enum ufs_dev_pwr_mode dev_state,
 static struct ufs_dev_fix ufs_fixups[] = {
 	/* UFS cards deviations table */
 	UFS_FIX(UFS_VENDOR_MICRON, UFS_ANY_MODEL,
-		UFS_DEVICE_QUIRK_DELAY_BEFORE_LPM),
+		UFS_DEVICE_QUIRK_DELAY_BEFORE_LPM |
+		UFS_DEVICE_QUIRK_SWAP_L2P_ENTRY_FOR_HPB_READ),
 	UFS_FIX(UFS_VENDOR_SAMSUNG, UFS_ANY_MODEL,
 		UFS_DEVICE_QUIRK_DELAY_BEFORE_LPM |
 		UFS_DEVICE_QUIRK_HOST_PA_TACTIVATE |

drivers/scsi/ufs/ufshpb.c

@@ -329,15 +329,19 @@ ufshpb_get_pos_from_lpn(struct ufshpb_lu *hpb, unsigned long lpn, int *rgn_idx,
 }
 
 static void
-ufshpb_set_hpb_read_to_upiu(struct ufshpb_lu *hpb, struct ufshcd_lrb *lrbp,
+ufshpb_set_hpb_read_to_upiu(struct ufs_hba *hba, struct ufshpb_lu *hpb,
-			    u32 lpn, __be64 ppn, u8 transfer_len, int read_id)
+			    struct ufshcd_lrb *lrbp, u32 lpn, __be64 ppn,
+			    u8 transfer_len, int read_id)
 {
 	unsigned char *cdb = lrbp->cmd->cmnd;
-
+	__be64 ppn_tmp = ppn;
 	cdb[0] = UFSHPB_READ;
 
+	if (hba->dev_quirks & UFS_DEVICE_QUIRK_SWAP_L2P_ENTRY_FOR_HPB_READ)
+		ppn_tmp = swab64(ppn);
+
 	/* ppn value is stored as big-endian in the host memory */
-	memcpy(&cdb[6], &ppn, sizeof(__be64));
+	memcpy(&cdb[6], &ppn_tmp, sizeof(__be64));
 	cdb[14] = transfer_len;
 	cdb[15] = read_id;
 
@@ -696,7 +700,8 @@ int ufshpb_prep(struct ufs_hba *hba, struct ufshcd_lrb *lrbp)
 		}
 	}
 
-	ufshpb_set_hpb_read_to_upiu(hpb, lrbp, lpn, ppn, transfer_len, read_id);
+	ufshpb_set_hpb_read_to_upiu(hba, hpb, lrbp, lpn, ppn, transfer_len,
+				    read_id);
 
 	hpb->stats.hit_cnt++;
 	return 0;

drivers/usb/dwc3/core.h

@@ -728,6 +728,7 @@ struct dwc3_ep {
 #define DWC3_EP_FORCE_RESTART_STREAM	BIT(9)
 #define DWC3_EP_FIRST_STREAM_PRIMED	BIT(10)
 #define DWC3_EP_PENDING_CLEAR_STALL	BIT(11)
+#define DWC3_EP_TXFIFO_RESIZED		BIT(12)
 
 	/* This last one is specific to EP0 */
 #define DWC3_EP0_DIR_IN		BIT(31)

drivers/usb/dwc3/gadget.c

@@ -700,6 +700,7 @@ void dwc3_gadget_clear_tx_fifos(struct dwc3 *dwc)
 				   DWC31_GTXFIFOSIZ_TXFRAMNUM;
 
 		dwc3_writel(dwc->regs, DWC3_GTXFIFOSIZ(num >> 1), size);
+		dep->flags &= ~DWC3_EP_TXFIFO_RESIZED;
 	}
 	dwc->num_ep_resized = 0;
 }
@@ -745,6 +746,10 @@ static int dwc3_gadget_resize_tx_fifos(struct dwc3_ep *dep)
 	if (!usb_endpoint_dir_in(dep->endpoint.desc) || dep->number <= 1)
 		return 0;
 
+	/* bail if already resized */
+	if (dep->flags & DWC3_EP_TXFIFO_RESIZED)
+		return 0;
+
 	ram1_depth = DWC3_RAM1_DEPTH(dwc->hwparams.hwparams7);
 
 	if ((dep->endpoint.maxburst > 1 &&
@@ -805,6 +810,7 @@ static int dwc3_gadget_resize_tx_fifos(struct dwc3_ep *dep)
 	}
 
 	dwc3_writel(dwc->regs, DWC3_GTXFIFOSIZ(dep->number >> 1), fifo_size);
+	dep->flags |= DWC3_EP_TXFIFO_RESIZED;
 	dwc->num_ep_resized++;
 
 	return 0;
@@ -993,7 +999,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
 
 	dep->stream_capable = false;
 	dep->type = 0;
-	dep->flags = 0;
+	dep->flags &= DWC3_EP_TXFIFO_RESIZED;
 
 	return 0;
 }
@@ -1811,7 +1817,7 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req)
 	struct dwc3		*dwc = dep->dwc;
 
 	if (!dep->endpoint.desc || !dwc->pullups_connected || !dwc->connected) {
-		dev_err(dwc->dev, "%s: can't queue to disabled endpoint\n",
+		dev_dbg(dwc->dev, "%s: can't queue to disabled endpoint\n",
 				dep->name);
 		return -ESHUTDOWN;
 	}

fs/f2fs/data.c

@@ -3330,7 +3330,13 @@ static int f2fs_write_begin(struct file *file, struct address_space *mapping,
 	block_t blkaddr = NULL_ADDR;
 	int err = 0;
 
-	if (trace_android_fs_datawrite_start_enabled()) {
+	/*
+	 * Should avoid quota operations which can make deadlock:
+	 * kswapd -> f2fs_evict_inode -> dquot_drop ->
+	 *   f2fs_dquot_commit -> f2fs_write_begin ->
+	 *   d_obtain_alias -> __d_alloc -> kmem_cache_alloc(GFP_KERNEL)
+	 */
+	if (trace_android_fs_datawrite_start_enabled() && !IS_NOQUOTA(inode)) {
 		char *path, pathbuf[MAX_TRACE_PATHBUF_LEN];
 
 		path = android_fstrace_get_pathname(pathbuf,

fs/incfs/vfs.c

@@ -458,8 +458,10 @@ static struct dentry *open_or_create_special_dir(struct dentry *backing_dir,
 	err = vfs_mkdir(backing_inode, index_dentry, 0777);
 	inode_unlock(backing_inode);
 
-	if (err)
+	if (err) {
+		dput(index_dentry);
 		return ERR_PTR(err);
+	}
 
 	if (!d_really_is_positive(index_dentry) ||
 		unlikely(d_unhashed(index_dentry))) {

fs/userfaultfd.c

@@ -1873,7 +1873,7 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg)
 			   sizeof(uffdio_continue) - (sizeof(__s64))))
 		goto out;
 
-	ret = validate_range(ctx->mm, &uffdio_continue.range.start,
+	ret = validate_range(ctx->mm, uffdio_continue.range.start,
 			     uffdio_continue.range.len);
 	if (ret)
 		goto out;

include/linux/cpuset.h

@@ -55,6 +55,7 @@ extern int cpuset_init(void);
 extern void cpuset_init_smp(void);
 extern void cpuset_force_rebuild(void);
 extern void cpuset_update_active_cpus(void);
+extern void cpuset_update_active_cpus_affine(int cpu);
 extern void cpuset_wait_for_hotplug(void);
 extern void cpuset_cpus_allowed(struct task_struct *p, struct cpumask *mask);
 extern void cpuset_cpus_allowed_fallback(struct task_struct *p);
@@ -172,6 +173,8 @@ static inline void cpuset_init_smp(void) {}
 
 static inline void cpuset_force_rebuild(void) { }
 
+static inline void cpuset_update_active_cpus_affine(int cpu) {}
+
 static inline void cpuset_update_active_cpus(void)
 {
 	partition_sched_domains(1, NULL, NULL);

include/sound/soc.h

@@ -1105,12 +1105,6 @@ struct snd_soc_card {
 	ANDROID_KABI_RESERVE(3);
 	ANDROID_KABI_RESERVE(4);
 };
-
-struct snd_soc_card_ext {
-	struct snd_soc_card card;
-	unsigned int component_chaining:1;
-};
-
 #define for_each_card_prelinks(card, i, link)				\
 	for ((i) = 0;							\
 	     ((i) < (card)->num_links) && ((link) = &(card)->dai_link[i]); \

include/trace/hooks/mpam.h

@@ -1,23 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-#undef TRACE_SYSTEM
-#define TRACE_SYSTEM mpam
-#undef TRACE_INCLUDE_PATH
-#define TRACE_INCLUDE_PATH trace/hooks
-#if !defined(_TRACE_HOOK_MPAM_H) || defined(TRACE_HEADER_MULTI_READ)
-#define _TRACE_HOOK_MPAM_H
-#include <linux/tracepoint.h>
-#include <trace/hooks/vendor_hooks.h>
-/*
- * Following tracepoints are not exported in tracefs and provide a
- * mechanism for vendor modules to hook and extend functionality
- */
-struct task_struct;
-DECLARE_HOOK(android_vh_mpam_set,
-	TP_PROTO(struct task_struct *prev, struct task_struct *next),
-	TP_ARGS(prev, next));
-
-/* macro versions of hooks are no longer required */
-
-#endif /* _TRACE_HOOK_MPAM_H */
-/* This part must be outside protection */
-#include <trace/define_trace.h>

include/trace/hooks/sound.h

@@ -15,6 +15,10 @@ DECLARE_HOOK(android_vh_sound_usb_support_cpu_suspend,
 		bool *is_support),
 	TP_ARGS(udev, direction, is_support));
 
+DECLARE_HOOK(android_vh_snd_soc_card_get_comp_chain,
+	TP_PROTO(bool *component_chaining),
+	TP_ARGS(component_chaining));
+
 #endif /* _TRACE_HOOK_SOUND_H */
 /* This part must be outside protection */
 #include <trace/define_trace.h>

kernel/cgroup/cpuset.c

@@ -3289,6 +3289,11 @@ void cpuset_update_active_cpus(void)
 	schedule_work(&cpuset_hotplug_work);
 }
 
+void cpuset_update_active_cpus_affine(int cpu)
+{
+	schedule_work_on(cpu, &cpuset_hotplug_work);
+}
+
 void cpuset_wait_for_hotplug(void)
 {
 	flush_work(&cpuset_hotplug_work);

kernel/cpu.c

@@ -1361,11 +1361,11 @@ int resume_cpus(struct cpumask *cpus)
 
 	prev_prio = pause_reduce_prio();
 
-	/* Lazy Resume.  Build domains immediately instead of scheduling
+	/* Lazy Resume. Build domains through schedule a workqueue on
-	 * a workqueue.  This is so that the cpu can pull load when
+	 * resuming cpu. This is so that the resuming cpu can work more
-	 * sent a load balancing kick.
+	 * early, and cannot add additional load to other busy cpu.
 	 */
-	cpuset_hotplug_workfn(NULL);
+	cpuset_update_active_cpus_affine(cpumask_first(cpus));
 
 	cpus_write_lock();
 

lib/Kconfig.ubsan

@@ -14,6 +14,7 @@ if UBSAN
 
 config UBSAN_TRAP
 	bool "On Sanitizer warnings, abort the running kernel code"
+	depends on !COMPILE_TEST
 	depends on $(cc-option, -fsanitize-undefined-trap-on-error)
 	help
 	  Building kernels with Sanitizer features enabled tends to grow
@@ -36,10 +37,17 @@ config UBSAN_KCOV_BROKEN
 	  See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
 	  in newer releases.
 
+config CC_HAS_UBSAN_BOUNDS
+	def_bool $(cc-option,-fsanitize=bounds)
+
+config CC_HAS_UBSAN_ARRAY_BOUNDS
+	def_bool $(cc-option,-fsanitize=array-bounds)
+
 config UBSAN_BOUNDS
 	bool "Perform array index bounds checking"
 	default UBSAN
 	depends on !UBSAN_KCOV_BROKEN
+	depends on CC_HAS_UBSAN_ARRAY_BOUNDS || CC_HAS_UBSAN_BOUNDS
 	help
 	  This option enables detection of directly indexed out of bounds
 	  array accesses, where the array size is known at compile time.
@@ -47,36 +55,105 @@ config UBSAN_BOUNDS
 	  to the {str,mem}*cpy() family of functions (that is addressed
 	  by CONFIG_FORTIFY_SOURCE).
 
+config UBSAN_ONLY_BOUNDS
+	def_bool CC_HAS_UBSAN_BOUNDS && !CC_HAS_UBSAN_ARRAY_BOUNDS
+	depends on UBSAN_BOUNDS
+	help
+	  This is a weird case: Clang's -fsanitize=bounds includes
+	  -fsanitize=local-bounds, but it's trapping-only, so for
+	  Clang, we must use -fsanitize=array-bounds when we want
+	  traditional array bounds checking enabled. For GCC, we
+	  want -fsanitize=bounds.
+
+config UBSAN_ARRAY_BOUNDS
+	def_bool CC_HAS_UBSAN_ARRAY_BOUNDS
+	depends on UBSAN_BOUNDS
+
 config UBSAN_LOCAL_BOUNDS
 	bool "Perform array local bounds checking"
 	depends on UBSAN_TRAP
-	depends on CC_IS_CLANG
 	depends on !UBSAN_KCOV_BROKEN
+	depends on $(cc-option,-fsanitize=local-bounds)
 	help
 	  This option enables -fsanitize=local-bounds which traps when an
-	  exception/error is detected. Therefore, it should be enabled only
+	  exception/error is detected. Therefore, it may only be enabled
-	  if trapping is expected.
+	  with CONFIG_UBSAN_TRAP.
+
 	  Enabling this option detects errors due to accesses through a
 	  pointer that is derived from an object of a statically-known size,
 	  where an added offset (which may not be known statically) is
 	  out-of-bounds.
 
-config UBSAN_MISC
+config UBSAN_SHIFT
-	bool "Enable all other Undefined Behavior sanity checks"
+	bool "Perform checking for bit-shift overflows"
 	default UBSAN
+	depends on $(cc-option,-fsanitize=shift)
 	help
-	  This option enables all sanity checks that don't have their
+	  This option enables -fsanitize=shift which checks for bit-shift
-	  own Kconfig options. Disable this if you only want to have
+	  operations that overflow to the left or go switch to negative
-	  individually selected checks.
+	  for signed types.
+
+config UBSAN_DIV_ZERO
+	bool "Perform checking for integer divide-by-zero"
+	depends on $(cc-option,-fsanitize=integer-divide-by-zero)
+	help
+	  This option enables -fsanitize=integer-divide-by-zero which checks
+	  for integer division by zero. This is effectively redundant with the
+	  kernel's existing exception handling, though it can provide greater
+	  debugging information under CONFIG_UBSAN_REPORT_FULL.
+
+config UBSAN_UNREACHABLE
+	bool "Perform checking for unreachable code"
+	# objtool already handles unreachable checking and gets angry about
+	# seeing UBSan instrumentation located in unreachable places.
+	depends on !STACK_VALIDATION
+	depends on $(cc-option,-fsanitize=unreachable)
+	help
+	  This option enables -fsanitize=unreachable which checks for control
+	  flow reaching an expected-to-be-unreachable position.
+
+config UBSAN_OBJECT_SIZE
+	bool "Perform checking for accesses beyond the end of objects"
+	default UBSAN
+	# gcc hugely expands stack usage with -fsanitize=object-size
+	# https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/
+	depends on !CC_IS_GCC
+	depends on $(cc-option,-fsanitize=object-size)
+	help
+	  This option enables -fsanitize=object-size which checks for accesses
+	  beyond the end of objects where the optimizer can determine both the
+	  object being operated on and its size, usually seen with bad downcasts,
+	  or access to struct members from NULL pointers.
+
+config UBSAN_BOOL
+	bool "Perform checking for non-boolean values used as boolean"
+	default UBSAN
+	depends on $(cc-option,-fsanitize=bool)
+	help
+	  This option enables -fsanitize=bool which checks for boolean values being
+	  loaded that are neither 0 nor 1.
+
+config UBSAN_ENUM
+	bool "Perform checking for out of bounds enum values"
+	default UBSAN
+	depends on $(cc-option,-fsanitize=enum)
+	help
+	  This option enables -fsanitize=enum which checks for values being loaded
+	  into an enum that are outside the range of given values for the given enum.
+
+config UBSAN_ALIGNMENT
+	bool "Perform checking for misaligned pointer usage"
+	default !HAVE_EFFICIENT_UNALIGNED_ACCESS
+	depends on !UBSAN_TRAP && !COMPILE_TEST
+	depends on $(cc-option,-fsanitize=alignment)
+	help
+	  This option enables the check of unaligned memory accesses.
+	  Enabling this option on architectures that support unaligned
+	  accesses may produce a lot of false positives.
 
 config UBSAN_SANITIZE_ALL
 	bool "Enable instrumentation for the entire kernel"
 	depends on ARCH_HAS_UBSAN_SANITIZE_ALL
-
-	# We build with -Wno-maybe-uninitilzed, but we still want to
-	# use -Wmaybe-uninitilized in allmodconfig builds.
-	# So dependsy bellow used to disable this option in allmodconfig
-	depends on !COMPILE_TEST
 	default y
 	help
 	  This option activates instrumentation for the entire kernel.
@@ -85,15 +162,6 @@ config UBSAN_SANITIZE_ALL
 	  Enabling this option will get kernel image size increased
 	  significantly.
 
-config UBSAN_ALIGNMENT
-	bool "Enable checks for pointers alignment"
-	default !HAVE_EFFICIENT_UNALIGNED_ACCESS
-	depends on !UBSAN_TRAP
-	help
-	  This option enables the check of unaligned memory accesses.
-	  Enabling this option on architectures that support unaligned
-	  accesses may produce a lot of false positives.
-
 config TEST_UBSAN
 	tristate "Module for testing for undefined behavior detection"
 	depends on m

lib/test_ubsan.c

@@ -5,71 +5,78 @@
 
 typedef void(*test_ubsan_fp)(void);
 
-static void test_ubsan_add_overflow(void)
+#define UBSAN_TEST(config, ...)	do {					\
-{
+		pr_info("%s " __VA_ARGS__ "%s(%s=%s)\n", __func__,	\
-	volatile int val = INT_MAX;
+			sizeof(" " __VA_ARGS__) > 2 ? " " : "",		\
-
+			#config, IS_ENABLED(config) ? "y" : "n");	\
-	val += 2;
+	} while (0)
-}
-
-static void test_ubsan_sub_overflow(void)
-{
-	volatile int val = INT_MIN;
-	volatile int val2 = 2;
-
-	val -= val2;
-}
-
-static void test_ubsan_mul_overflow(void)
-{
-	volatile int val = INT_MAX / 2;
-
-	val *= 3;
-}
-
-static void test_ubsan_negate_overflow(void)
-{
-	volatile int val = INT_MIN;
-
-	val = -val;
-}
 
 static void test_ubsan_divrem_overflow(void)
 {
 	volatile int val = 16;
 	volatile int val2 = 0;
 
+	UBSAN_TEST(CONFIG_UBSAN_DIV_ZERO);
 	val /= val2;
 }
 
 static void test_ubsan_shift_out_of_bounds(void)
 {
-	volatile int val = -1;
+	volatile int neg = -1, wrap = 4;
-	int val2 = 10;
+	int val1 = 10;
+	int val2 = INT_MAX;
 
-	val2 <<= val;
+	UBSAN_TEST(CONFIG_UBSAN_SHIFT, "negative exponent");
+	val1 <<= neg;
+
+	UBSAN_TEST(CONFIG_UBSAN_SHIFT, "left overflow");
+	val2 <<= wrap;
 }
 
 static void test_ubsan_out_of_bounds(void)
 {
-	volatile int i = 4, j = 5;
+	volatile int i = 4, j = 5, k = -1;
+	volatile char above[4] = { }; /* Protect surrounding memory. */
 	volatile int arr[4];
+	volatile char below[4] = { }; /* Protect surrounding memory. */
 
+	above[0] = below[0];
+
+	UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "above");
 	arr[j] = i;
+
+	UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "below");
+	arr[k] = i;
 }
 
+enum ubsan_test_enum {
+	UBSAN_TEST_ZERO = 0,
+	UBSAN_TEST_ONE,
+	UBSAN_TEST_MAX,
+};
+
 static void test_ubsan_load_invalid_value(void)
 {
 	volatile char *dst, *src;
 	bool val, val2, *ptr;
-	char c = 4;
+	enum ubsan_test_enum eval, eval2, *eptr;
+	unsigned char c = 0xff;
 
+	UBSAN_TEST(CONFIG_UBSAN_BOOL, "bool");
 	dst = (char *)&val;
 	src = &c;
 	*dst = *src;
 
 	ptr = &val2;
 	val2 = val;
+
+	UBSAN_TEST(CONFIG_UBSAN_ENUM, "enum");
+	dst = (char *)&eval;
+	src = &c;
+	*dst = *src;
+
+	eptr = &eval2;
+	eval2 = eval;
 }
 
 static void test_ubsan_null_ptr_deref(void)
@@ -77,6 +84,7 @@ static void test_ubsan_null_ptr_deref(void)
 	volatile int *ptr = NULL;
 	int val;
 
+	UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE);
 	val = *ptr;
 }
 
@@ -85,6 +93,7 @@ static void test_ubsan_misaligned_access(void)
 	volatile char arr[5] __aligned(4) = {1, 2, 3, 4, 5};
 	volatile int *ptr, val = 6;
 
+	UBSAN_TEST(CONFIG_UBSAN_ALIGNMENT);
 	ptr = (int *)(arr + 1);
 	*ptr = val;
 }
@@ -95,24 +104,25 @@ static void test_ubsan_object_size_mismatch(void)
 	volatile int val __aligned(8) = 4;
 	volatile long long *ptr, val2;
 
+	UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE);
 	ptr = (long long *)&val;
 	val2 = *ptr;
 }
 
 static const test_ubsan_fp test_ubsan_array[] = {
-	test_ubsan_add_overflow,
-	test_ubsan_sub_overflow,
-	test_ubsan_mul_overflow,
-	test_ubsan_negate_overflow,
-	test_ubsan_divrem_overflow,
 	test_ubsan_shift_out_of_bounds,
 	test_ubsan_out_of_bounds,
 	test_ubsan_load_invalid_value,
-	//test_ubsan_null_ptr_deref, /* exclude it because there is a crash */
 	test_ubsan_misaligned_access,
 	test_ubsan_object_size_mismatch,
 };
 
+/* Excluded because they Oops the module. */
+static const test_ubsan_fp skip_ubsan_array[] = {
+	test_ubsan_divrem_overflow,
+	test_ubsan_null_ptr_deref,
+};
+
 static int __init test_ubsan_init(void)
 {
 	unsigned int i;
@@ -120,7 +130,6 @@ static int __init test_ubsan_init(void)
 	for (i = 0; i < ARRAY_SIZE(test_ubsan_array); i++)
 		test_ubsan_array[i]();
 
-	(void)test_ubsan_null_ptr_deref; /* to avoid unsed-function warning */
 	return 0;
 }
 module_init(test_ubsan_init);

lib/ubsan.c

@@ -163,74 +163,6 @@ static void ubsan_epilogue(void)
 	}
 }
 
-static void handle_overflow(struct overflow_data *data, void *lhs,
-			void *rhs, char op)
-{
-
-	struct type_descriptor *type = data->type;
-	char lhs_val_str[VALUE_LENGTH];
-	char rhs_val_str[VALUE_LENGTH];
-
-	if (suppress_report(&data->location))
-		return;
-
-	ubsan_prologue(&data->location, type_is_signed(type) ?
-			"signed-integer-overflow" :
-			"unsigned-integer-overflow");
-
-	val_to_string(lhs_val_str, sizeof(lhs_val_str), type, lhs);
-	val_to_string(rhs_val_str, sizeof(rhs_val_str), type, rhs);
-	pr_err("%s %c %s cannot be represented in type %s\n",
-		lhs_val_str,
-		op,
-		rhs_val_str,
-		type->type_name);
-
-	ubsan_epilogue();
-}
-
-void __ubsan_handle_add_overflow(void *data,
-				void *lhs, void *rhs)
-{
-
-	handle_overflow(data, lhs, rhs, '+');
-}
-EXPORT_SYMBOL(__ubsan_handle_add_overflow);
-
-void __ubsan_handle_sub_overflow(void *data,
-				void *lhs, void *rhs)
-{
-	handle_overflow(data, lhs, rhs, '-');
-}
-EXPORT_SYMBOL(__ubsan_handle_sub_overflow);
-
-void __ubsan_handle_mul_overflow(void *data,
-				void *lhs, void *rhs)
-{
-	handle_overflow(data, lhs, rhs, '*');
-}
-EXPORT_SYMBOL(__ubsan_handle_mul_overflow);
-
-void __ubsan_handle_negate_overflow(void *_data, void *old_val)
-{
-	struct overflow_data *data = _data;
-	char old_val_str[VALUE_LENGTH];
-
-	if (suppress_report(&data->location))
-		return;
-
-	ubsan_prologue(&data->location, "negation-overflow");
-
-	val_to_string(old_val_str, sizeof(old_val_str), data->type, old_val);
-
-	pr_err("negation of %s cannot be represented in type %s:\n",
-		old_val_str, data->type->type_name);
-
-	ubsan_epilogue();
-}
-EXPORT_SYMBOL(__ubsan_handle_negate_overflow);
-
-
 void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
 {
 	struct overflow_data *data = _data;

mm/memory.c

@@ -3159,7 +3159,7 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
 	 */
 	if (!pte_map_lock(vmf)) {
 		ret = VM_FAULT_RETRY;
-		goto out_free_new;
+		goto out_invalidate_end;
 	}
 	if (likely(pte_same(*vmf->pte, vmf->orig_pte))) {
 		if (old_page) {
@@ -3247,6 +3247,8 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
 		put_page(old_page);
 	}
 	return page_copied ? VM_FAULT_WRITE : 0;
+out_invalidate_end:
+	mmu_notifier_invalidate_range_only_end(&range);
 out_free_new:
 	put_page(new_page);
 out:

mm/mremap.c

@@ -336,8 +336,9 @@ enum pgt_entry {
  * valid. Else returns a smaller extent bounded by the end of the source and
  * destination pgt_entry.
  */
-static unsigned long get_extent(enum pgt_entry entry, unsigned long old_addr,
+static __always_inline unsigned long get_extent(enum pgt_entry entry,
-			unsigned long old_end, unsigned long new_addr)
+			unsigned long old_addr, unsigned long old_end,
+			unsigned long new_addr)
 {
 	unsigned long next, extent, mask, size;
 

scripts/Makefile.ubsan

@@ -1,37 +1,16 @@
 # SPDX-License-Identifier: GPL-2.0
 
-export CFLAGS_UBSAN :=
+# Enable available and selected UBSAN features.
+ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT)		+= -fsanitize=alignment
+ubsan-cflags-$(CONFIG_UBSAN_ONLY_BOUNDS)	+= -fsanitize=bounds
+ubsan-cflags-$(CONFIG_UBSAN_ARRAY_BOUNDS)	+= -fsanitize=array-bounds
+ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS)	+= -fsanitize=local-bounds
+ubsan-cflags-$(CONFIG_UBSAN_SHIFT)		+= -fsanitize=shift
+ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO)		+= -fsanitize=integer-divide-by-zero
+ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE)	+= -fsanitize=unreachable
+ubsan-cflags-$(CONFIG_UBSAN_OBJECT_SIZE)	+= -fsanitize=object-size
+ubsan-cflags-$(CONFIG_UBSAN_BOOL)		+= -fsanitize=bool
+ubsan-cflags-$(CONFIG_UBSAN_ENUM)		+= -fsanitize=enum
+ubsan-cflags-$(CONFIG_UBSAN_TRAP)		+= -fsanitize-undefined-trap-on-error
 
-ifdef CONFIG_UBSAN_ALIGNMENT
+export CFLAGS_UBSAN := $(ubsan-cflags-y)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
-endif
-
-ifdef CONFIG_UBSAN_BOUNDS
-      ifdef CONFIG_CC_IS_CLANG
-            CFLAGS_UBSAN += -fsanitize=array-bounds
-      else
-            CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
-      endif
-endif
-
-ifdef CONFIG_UBSAN_LOCAL_BOUNDS
-      CFLAGS_UBSAN += -fsanitize=local-bounds
-endif
-
-ifdef CONFIG_UBSAN_MISC
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum)
-endif
-
-ifdef CONFIG_UBSAN_TRAP
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize-undefined-trap-on-error)
-endif
-
-      # -fsanitize=* options makes GCC less smart than usual and
-      # increase number of 'maybe-uninitialized false-positives
-      CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)

scripts/module.lds.S

@@ -56,14 +56,16 @@ SECTIONS {
 		*(.rodata.._end)
 	}
 
-#ifdef CONFIG_CFI_CLANG
-	/*
-	 * With CFI_CLANG, ensure __cfi_check is at the beginning of the
-	 * .text section, and that the section is aligned to page size.
-	 */
 	.text : ALIGN(PAGE_SIZE) {
 		*(.text.._start)
+#ifdef CONFIG_CFI_CLANG
+		/*
+		 * With CFI_CLANG, ensure __cfi_check is at the beginning of
+		 * the .text section, and that the section is aligned to page
+		 * size.
+		 */
 		*(.text.__cfi_check)
+#endif
 		*(.text .text.[0-9a-zA-Z_]*)
 		__cfi_jt_start = .;
 		*(.text..L.cfi.jumptable .text..L.cfi.jumptable.*)
@@ -71,7 +73,6 @@ SECTIONS {
 		*(.text.._end)
 	}
 #endif
-#endif
 }
 
 /* bring in arch-specific sections */

sound/soc/soc-core.c

@@ -2175,17 +2175,9 @@ EXPORT_SYMBOL_GPL(snd_soc_add_dai_controls);
  */
 int snd_soc_register_card(struct snd_soc_card *card)
 {
-	struct snd_soc_card_ext *card_ext;
-
 	if (!card->name || !card->dev)
 		return -EINVAL;
 
-	card_ext = devm_kzalloc(card->dev,
-				sizeof(struct snd_soc_card_ext), GFP_KERNEL);
-
-	memcpy(&card_ext->card, card, sizeof(struct snd_soc_card));
-	card = &card_ext->card;
-
 	dev_set_drvdata(card->dev, card);
 
 	INIT_LIST_HEAD(&card->widgets);

sound/soc/soc-pcm.c

@@ -26,6 +26,7 @@
 #include <sound/soc-dpcm.h>
 #include <sound/soc-link.h>
 #include <sound/initval.h>
+#include <trace/hooks/sound.h>
 
 #define DPCM_MAX_BE_USERS	8
 
@@ -1274,8 +1275,8 @@ int dpcm_path_get(struct snd_soc_pcm_runtime *fe,
 	int stream, struct snd_soc_dapm_widget_list **list)
 {
 	struct snd_soc_dai *cpu_dai = asoc_rtd_to_cpu(fe, 0);
-	struct snd_soc_card_ext *card_ext;
 	int paths;
+	bool chaining = false;
 
 	if (fe->num_cpus > 1) {
 		dev_err(fe->dev,
@@ -1283,12 +1284,11 @@ int dpcm_path_get(struct snd_soc_pcm_runtime *fe,
 		return -EINVAL;
 	}
 
-	card_ext = container_of(fe->card, struct snd_soc_card_ext, card);
+	trace_android_vh_snd_soc_card_get_comp_chain(&chaining);
 
 	/* get number of valid DAI paths and their widgets */
 	paths = snd_soc_dapm_dai_get_connected_widgets(cpu_dai, stream, list,
-			card_ext->component_chaining ?
+			chaining ? NULL : dpcm_end_walk_at_be);
-					NULL : dpcm_end_walk_at_be);
 
 	dev_dbg(fe->dev, "ASoC: found %d audio %s paths\n", paths,
 			stream ? "capture" : "playback");

tools/crypto/gen_fips140_testvecs.py

@@ -28,7 +28,7 @@ scriptname = os.path.basename(__file__)
 message     = bytes('This is a 32-byte test message.\0', 'ascii')
 aes_key     = bytes('128-bit AES key\0', 'ascii')
 aes_xts_key = bytes('This is an AES-128-XTS key.\0\0\0\0\0', 'ascii')
-aes_iv      = bytes('ABCDEFGHIJKL\0\0\0\0', 'ascii')
+aes_iv      = bytes('ABCDEFGHIJKLMNOP', 'ascii')
 assoc       = bytes('associated data string', 'ascii')
 hmac_key    = bytes('128-bit HMAC key', 'ascii')
 
@@ -82,7 +82,7 @@ def generate_aes_testvecs():
     print_value('aes_ecb_ciphertext', ecb.encrypt(message))
 
     ctr = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CTR,
-                                    nonce=aes_iv[:12])
+                                    nonce=bytes(), initial_value=aes_iv)
     print_value('aes_ctr_ciphertext', ctr.encrypt(message))
 
     print_value('aes_gcm_assoc', assoc)
@@ -101,6 +101,10 @@ def generate_aes_testvecs():
     ciphertext = xts.update(message) + xts.finalize()
     print_value('aes_xts_ciphertext', ciphertext)
 
+    cmac = Cryptodome.Hash.CMAC.new(aes_key, ciphermod=Cryptodome.Cipher.AES)
+    cmac.update(message)
+    print_value('aes_cmac_digest', cmac.digest())
+
 def generate_sha_testvecs():
     print_value('hmac_key', hmac_key)
     for alg in ['sha1', 'sha256', 'hmac_sha256', 'sha512']: