| Age | Commit message (Collapse) | Author |
|---|
|
Changes to TLK driver to allow logging for TLK via
the linux kmsg file.
Bug 1332411
Original author: Jay Patel <japatel@nvidia.com>
Change-Id: I14d23d2598b391a98ca9e693ae47982da24e17cb
Signed-off-by: Sharif Inamdar <isharif@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/289035
|
|
Add mutex lock to serialize all ioctls that will
result in a smc call to tlk.
bug 1340442
bug 1340471
Change-Id: Ie2cc1e21dcff0a78c971aad0c230f71d1f2b1c49
Signed-off-by: James Zhao <jamesz@nvidia.com>
(cherry picked from commit 2a9da9d1c1e717d7f44befb0ca84cbca413b9e3f)
Signed-off-by: Ajay Nandakumar <anandakumarm@nvidia.com>
|
|
Add support for attempting to register the req/param buffers with
TLK. If it fails, we know we're on an older TLK and have to use
phys address to indicate where the buffers are.
If the SMC succeeds, we pass the virtual pointers to the buffers
knowing TLK will map them in and use them directly. This takes
care of the coherency and reduces our dependence on phys addrs.
Once both TLK and kernel changes have been synced up, we'll remove
the legacy support.
Bug 1353314
Change-Id: I1a73ddc66f002f966e80579ac49bbbd3e64a1f72
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/269802
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
* Try to encompass the duplicate cpu affinity code in
a macro which can be used at multiple places without
code duplication.
* Avoid over-writing saved_regs, while re-entering the
secure world with a FS-complete smc call.
* Remove the fs_ready logic as it is buggy and is not
working as expected.
Change-Id: I916e5ae53d87285e3e3be14647446a22ae795c1c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/269118
Reviewed-by: James Zhao <jamesz@nvidia.com>
|
|
- All smc calls need to be done through CPU0.
- Add the sched_setaffinity logic to tlk_generic_smc(), will solve
the occasional prefetch abort.
- Also adding sched_setaffinity logic to tlk_extended_smc().
bug 1322280
Change-Id: I67716bec49aec1f1c9a2e33ec3de90aec2048870
Signed-off-by: James Zhao <jamesz@nvidia.com>
Signed-off-by: Aaron Gamble <jgamble@nvidia.com>
Reviewed-on: http://git-master/r/264177
Tested-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Tested-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
For the sake of consistency with other projects, change:
OTE_ERROR_ORIGIN_*
return_origin
error_origin
to match result_origin
Change-Id: I571c81a387ab35ed05cc3002371bc5d6ae606178
Signed-off-by: Aaron Gamble <jgamble@nvidia.com>
Reviewed-on: http://git-master/r/243549
(cherry picked from commit 1a1e6ac1e74a2594662f4601f7a37baf4d4b78bd)
Reviewed-on: http://git-master/r/256381
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: James Zhao <jamesz@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
Instead of relying on change page attribute calls, instead use DMA
routines to get uncached mem. This will go away in the near future
when we can map these buffers directly in the kernel.
Change-Id: I6a375f2b1b09f987deae8a61e0907209b90c870e
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/252523
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Aaron Gamble <jgamble@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Tested-by: Aaron Gamble <jgamble@nvidia.com>
|
|
The user space daemon will retry 3 times whenever it receives errors for new
requests.
Bug 1314244
Change-Id: I57f1740d7b24d2f3f3f97e7e83a5434f54d05bdb
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/244187
(cherry picked from commit 639efa238a01be8fd9debf4c8511c9eac942fc46)
Reviewed-on: http://git-master/r/249874
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Tested-by: Aaron Gamble <jgamble@nvidia.com>
|
|
With secure storage there is a situation when we getback from the SMC call,
but find that the stack is completely corrupted due to SVC handling in the
kernel. To avoid such scenarios, use a local stack to save/restore our context.
Bug 1291402
Change-Id: If7d4c336aa0cc664b7c7f7134becb68d03e22ece
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/241681
(cherry picked from commit 4fb8a5f59ce565cb684d9aaa816a465d7c3a5d04)
Reviewed-on: http://git-master/r/249872
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Tested-by: Aaron Gamble <jgamble@nvidia.com>
|
|
- add new parameter passing support for variable number of parameter
- some clean up of naming conventions
Bug 1310292
Change-Id: Ie9669456682fe2b85eb79a3d9cb4cbac9eba8d54
Signed-off-by: James Zhao <jamesz@nvidia.com>
Reviewed-on: http://git-master/r/239104
(cherry picked from commit da4ee985be76b4f02284510d2eb7e851fb50bc0b)
Reviewed-on: http://git-master/r/249870
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Tested-by: Varun Wadekar <vwadekar@nvidia.com>
Tested-by: Aaron Gamble <jgamble@nvidia.com>
|
|
During each request from the daemon, set a bit in a global variable
indicating that the daemon is alive and kicking. For each request from
secure world, check this bit to see if the daemon is present, and send
error if not present.
Bug 1291402
Change-Id: Ie8c59a465451b1781b4f379c0b6f661b05a417da
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/237850
(cherry picked from commit 205baa9bb3f4d2ba150253284ac7af9733938a01)
Reviewed-on: http://git-master/r/249869
Reviewed-by: Automatic_Commit_Validation_User
Tested-by: Aaron Gamble <jgamble@nvidia.com>
|
|
Bug 1305672
Change-Id: I21efcac292bfc2001087614437a4fee68fe5db69
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/237571
(cherry picked from commit 3d8d572a2aabe7d6943cd39ce42d82394c87ff5a)
Reviewed-on: http://git-master/r/249868
Reviewed-by: Automatic_Commit_Validation_User
Tested-by: Aaron Gamble <jgamble@nvidia.com>
Reviewed-by: James Zhao <jamesz@nvidia.com>
Tested-by: James Zhao <jamesz@nvidia.com>
|
|
Change-Id: I2cc26b954b0a47adc419b15a2c69cf19414648c8
Signed-off-by: Ajay Nandakumar <anandakumarm@nvidia.com>
Reviewed-on: http://git-master/r/260903
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
- Add a new FS ioctl handler to service ioctls from the storage
daemon.
- Add read/write handler to help the secure world to get its
data across to the storage daemon.
- A read request with NULL input params will return the size of
the file. The client then can allocate memory accordingly and proceed
with the actual read.
The general sequence of events from the daemon would be:
- TEE_IOCTL_FILE_NEW_REQ to get the file name, size and type (read/write)
- TEE_IOCTL_FILE_FILL_BUF to get data in case of writes
- TEE_IOCTL_FILE_REQ_COMPLETE to signal completion to the secure world
Change-Id: I52450af8d79164338773c1575417a863978de3d6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/220982
GVS: Gerrit_Virtual_Submit
|
|
Change-Id: Iad130dc9ea776302376319e0cfdcfe72057b8354
|
|
The process using ns_driver sometimes can't be scheduled to
available onlined cpu. It is because cpu affinity has changed
after using ns_driver. ns_driver saves current cpu affinity by
calling sched_getaffinity which returns cpu affinity AND-masked
by onlined cpus. ns_driver should save just current cpu affinity,
not cpu affinity AND-masked by onlined cpus.
More info: http://git-master/r/198844
Change-Id: Iae89fa71f7c130f67dce908d916b80bba2fc84bb
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/220453
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
GVS: Gerrit_Virtual_Submit
|
|
This change adds basic support for setting the return origin code
for TA service calls.
It also adds support for moving TEE params tagged as output-only
or input/output properly on OpenSession and InvokeCommand ops
from the requesting client (NS user-mode client or another TA)
to the target task and back.
* the nv_tee_driver code was restructured such that all of the
TEE-specific handling code is now in tee_comms.c; main.c handles
only very basic top-level API processing
* attempted to clear up return code handling; the top-level ioctl now
only fails if a bad cmd type is sent in or there is a problem w/user
buffer handling; once the request gets sent over to tee_comms.c then
any errors are propogated back via the TEE_Request->result/
TEE_Request->result_origin fields
* modifed testapp and trusted_app to test the ability to modify
in/out params to both an OpenSession and InvokeCommand request.
Tested w/tot by running the testapp and testapp_wv multiple times.
Signed-off-by: Scott Long <scottl@nvidia.com>
Change-Id: Ie494384db0e6f47a8eaac7606d80b986390c3133
Reviewed-on: http://git-master/r/211636
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Tested-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
Added basic driver support, ioctl interface
Added support to lock the temporary and the shared memory buffers
Added command parameter descriptor free and used lists
Added shmem descriptor to keep track of pinned buffer
Added support to unpin temp buffers
Change-Id: I048c72bcf98ce0e75264144e66a1f8759b0ba0fe
Reviewed-on: http://git-master/r/169837
Reviewed-on: http://git-master/r/190658
Signed-off-by: Vandana Salve <vsalve@nvidia.com>
Reviewed-on: http://git-master/r/212074
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Tested-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
This new config would only be enabled when we enable a secure os
implementation. This config would be generic and we can reuse it
if/when we change the secure os vendor.
Change-Id: I94a0a365d4dc834fafa1137a0c0d9adf1b394c51
Signed-off-by: James Zhao <jamesz@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/211756
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Chris Johnson <cwj@nvidia.com>
|
|
This change fixes incorrect cpu affinity after excuting tf_driver.
The process using tf_driver sometimes can't be schecduled to
available onlined cpu. It is because cpu affinity has changed
after using tf_driver. tf_driver saves current cpu affinity by
calling sched_getaffinity which returns cpu affinity AND-masked
by onlined cpus. tf_driver should save just current cpu affinity,
not cpu affinity AND-masked by onlined cpus.
bug 1218943
cherry picked from commit bba209aa7fe8b4f52f5d42acc1b21d8f54c18fe0)
Reviewed-on: http://git-master/r/#change,195830
Change-Id: I4f39b9768f95dd773582fbff6bb4577c3debd9b3
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/198844
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.03.39731
1. Support GCC for Secure services and drivers
2. Enables hazard detection timeout at TF boot time on all cores
Bug 1186790
Change-Id: I8344c59c5dc22cafe234f823bf9595f11a695e79
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/172644
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.02.39373
Create a new SMC (0xFFFFFFE7) for no flush operations in cluster power down.
Bug 969937
Change-Id: Ie91d1ab2560ab56ee9ca2c8f35757a9bb5222c26
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/168212
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
Add new tracepoint events for SecureOS-related tracing.
The timestamp traces measure the number of cycles taken
to switch between normal world and secure world using the
CP15 cycle counter.
Bug 1042455
Change-Id: Ia7f0718a0fcc399875a175670b80dfe33f79b95e
Signed-off-by: Charles Tan <ctan@nvidia.com>
Reviewed-on: http://git-master/r/159367
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Antti Miettinen <amiettinen@nvidia.com>
Tested-by: Antti Miettinen <amiettinen@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.01.39197.zip
Support PM features
1) Cluster power down(LP2)
2) Low Power SoC Suspend(LP0, LP1)
3) Dynamic CPU Core & Cluster Switching
Bug 969937
Bug 1178454
Change-Id: I27d994e19c65eb928177c816dfa97be01ad5c1e1
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/166483
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Krishna Reddy <vdumpa@nvidia.com>
|
|
V9 version for Tegra3: TF_TEGRA3_AB02.02.38127
V9 version for Tegra4: TF_TEGRA4_AC02.01e1.38186
This package is the first release of Trusted Foundations v9
It supports all the features supported by TFv8 (i.e. TF_TEGRA3_AB01.13)
1) Dynamic loading of secure services is supported
2) ARM generic and Tegra specific code are regrouped in HAL driversthat can be repostlinked
3) The fix for imprecise abort observed during Widvine session
bug 969937
bug 969981
Change-Id: I1fd0d0df21ead84fb226ba2e0a6b3cf463472a26
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/147176
GVS: Gerrit_Virtual_Submit
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
Rebase-Id: Rf6e847c41b3cc7e6e019aed3bb5a5e6707b65443
|
|
Tegra 3 version: TF_TEGRA3_AB01.16.37161
Improvements in maintenance operations of L2 Cache Controlller.
Change-Id: Iddbd61b21b6d83548d5a8c636e26b07b3b4f1385
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/128948
(cherry picked from commit 9bc5ccb125f8c32733a73bbc560ee71ac143f359)
Reviewed-on: http://git-master/r/131895
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: James Zhao <jamesz@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Tested-by: Bharat Nihalani <bnihalani@nvidia.com>
Rebase-Id: R8c263ccbbb7b08d08ecdd629122c3168f39df169
|
|
Tegra 3 version: TF_TEGRA3_AB01.15.36932
1)Fix an issue in GIC controller
2)Add a task profiler option into the Trusted Foundations
3)Fixes the RCU stalls
Change-Id: Ib137dc4f155765cb7d7084f1f9a6f75d3bf38116
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/122808
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: James Zhao <jamesz@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
Rebase-Id: R97f4136d69db3a3d5e27baf203e706cd7033a853
|
|
In K3.1, this code was setting PF_FREEZER_NOSIG, which meant
freeze_task would signal this thread to TIF_FREEZE later.
In K3.4, PF_FREEZER_NOSIG was removed and the code ported to
toggle PF_KTHREAD instead. But, in the port we missed restoring
the previous task value (leaving PF_KTHREAD still set).
Bug 988873
Change-Id: I1071ea33c08c64288162cd628977081a422c716f
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/123535
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
Rebase-Id: R14cd172412d6b32840e81eeb76d08d62a4976f6a
|
|
Tegra 3 version: TF_TEGRA3_AB01.14.36781
1)Kernel boot addr in TF boot args, branch prediction activated early,
fix in system driver mapping.
2)Several improvments in boot and L2CC operations
3)Fix to support Neon
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Change-Id: I16ed5d46d196875dece1f0006a0b04dbfdb58d42
Reviewed-on: http://git-master/r/119790
Reviewed-by: James Zhao <jamesz@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Tested-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Rebase-Id: Rc7524ba871709cd9ef436629bfb3b7afd00bcc2a
|
|
Tegra 3 version: TF_TEGRA3_AB01.11.35578, TF_TEGRA3_AB01.11p1.35578
TF_TEGRA3_AB01.11p2.36386, TF_TEGRA3_AB01.11p3.36518
TF_TEGRA3_AB01.11p4.36577, TF_TEGRA3_AB01.11p5.36677
1)Add memory profiling tool to debug secure services's stack and heap
2)Add support to enable dynamic clock gating feature in PL310 register
3)TEE client API at kernel level
4)Stable FIQ debugging (SDK ver 1.09)
5)clrex stability change
6)GIC controller stability settings
7)Fix LP1
8)Fix floating pt support
Bug 1021831
Change-Id: I5c2a693a27dc591b62863aa0fe4ff65163e67aba
Signed-off-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-on: http://git-master/r/117515
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-by: Marvin Zhang <mzhang@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
Rebase-Id: R0eaf29c4f060f0ba51d39fd8d9372c2c87d14dd4
|
|
Update TL's SDK to ver 01.12. New SDK adds -
1) LP2 exit time optimization
2) L2 cache optimization - stop only, no flush
3) PL310 - set dynamic clock gate
4) Support for TEEE client api's for drivers
bug 996822
Change-Id: Id46b7dd153ef05cffeed76558fa7a8c50cae5bd7
Signed-off-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-on: http://git-master/r/108025
(cherry picked from commit 3f2b434827ef9456b12dab23339de19afa1ff77c)
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
Change-Id: I44399a9c79dba6439858d1bcdf8cd8add1fb3a8b
Reviewed-on: http://git-master/r/109535
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Rebase-Id: Rce02b64cbc12267dc9cb9f9534ac6b21015d0e78
|
|
after-upstream-android
Conflicts:
arch/arm/common/Kconfig
arch/arm/mm/Makefile
arch/arm/mm/cache-l2x0.c
arch/arm/mm/mmu.c
drivers/input/Kconfig
drivers/input/Makefile
drivers/power/Kconfig
kernel/futex.c
|
|
Tegra 2 version: TF_TEGRA2_AA01.09.34784
Tegra 3 version: TF_TEGRA3_AB01.08.34931
Add dynamic support for UART used by the Secure World trace driver.
The files are from the Tegra 3 version of SDK.
Bug 960201.
Change-Id: I14c3cfc35f81d3a37981e82760c2a2259164a904
Signed-off-by: Marvin Zhang <mzhang@nvidia.com>
Reviewed-on: http://git-master/r/94306
(cherry picked from commit 173b55aa4d30fc3771719093d675972fca600cd3)
Reviewed-on: http://git-master/r/104037
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Tested-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
GVS: Gerrit_Virtual_Submit
Rebase-Id: Re5653583a200924e2412c2805707c2fa6d3bbf47
|
|
Signed-off-by: Dan Willemsen <dwillemsen@nvidia.com>
Rebase-Id: R47b1b93daee445118009e4cadcdd815132926b01
|
|
bug 949219
Change-Id: Ia7d23d3aab631e6a78c53518bc1f608d46e8f341
Signed-off-by: Sanjay Singh Rawat <srawat@nvidia.com>
Reviewed-on: http://git-master/r/92260
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Rebase-Id: Rd290a611821faeac3d42d4a647855712e9450cb8
|
|
Tegra 2 version: TF_TEGRA2_AA01.07.34078
Tegra 3 version: TF_TEGRA3_AB01.06.34049
Bug 950169
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/89927
(cherry picked from commit 28fc4a5b80a0f6db3e6dc50efd8c0412e2ae11bf)
Change-Id: I41413b4f00d243e3bb56d44fb32eea29d0291401
Reviewed-on: http://git-master/r/90445
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Tested-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
Conflicts:
security/tf_driver/tf_comm.c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Rebase-Id: R7d6137a8401fe5dea232f324ad65f398f9cf67f3
|
|
On the first allocation of a coarse page array, explicitly set the
ref_count to 1, rather than incrementing (as the allocator used may
not guarantee a zero initted struct).
Bug 928289
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/77514
(cherry picked from commit 7329d105883f8b5db87a45085cf6c47c234c4126)
Change-Id: Ic33eecfaf0620340dd430dfa43793fbf0bd8ad8f
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
Reviewed-on: http://git-master/r/79998
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Rebase-Id: R2049e34b1246fb6ff086cc497ccae1f526102209
|
|
Change-Id: Ie87bb2e71e8ce5cd8c249d0db196bf4e5c5e2ae4
Reviewed-on: http://git-master/r/71039
Reviewed-by: Automatic_Commit_Validation_User
Tested-by: Dan Willemsen <dwillemsen@nvidia.com>
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
Rebase-Id: Rcfa338a684ea8c3827aa69683e25bf02cc04a8db
|
|
Add CONFIG_TRUSTED_FOUNDATIONS build option and calls to issue
SMCs to the TL secure monitor (used when needing to update state
not writable by non-secure code).
Make security/tf_driver an optional part of the build, which is
part of the TL framework to interact with secure services.
Bug 883391
Change-Id: I9c6c14ff457fb3a0c612d558fe731a17c2480750
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/65616
Reviewed-by: Varun Colbert <vcolbert@nvidia.com>
Tested-by: Varun Colbert <vcolbert@nvidia.com>
Rebase-Id: R57977499bb6b372ac4faa360e442e8733265e9f3
|
|
The COMMON_AUDIT_DATA_INIT macros have been removed, and are
now replaced with open coded ad.type initialization.
Thus, this patch updates the selinux_binder_transfer_file function
so it builds.
Change-Id: Ide41069a87638e294899768d09302f4013794e4c
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
|
|
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.
Change-Id: I9a64a87825df2e60b9c51400377af4a9cd1c4049
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
Commit b641072 ("security: Add AID_NET_RAW and AID_NET_ADMIN capability
check in cap_capable().") introduces additional checks for AID_NET_xxx
macros. Since the header file including those macros are conditionally
included, the checks should also be conditionally executed.
Change-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b
Signed-off-by: Tushar Behera <tushar.behera@linaro.org>
Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
|
|
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
|
|
The SELinux labeled IPsec code was improperly handling its reference
counting, dropping a reference on a delete operation instead of on a
free/release operation.
Reported-by: Ondrej Moris <omoris@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Faster kernel compiles by way of fewer unnecessary includes.
[akpm@linux-foundation.org: fix fallout]
[akpm@linux-foundation.org: fix build]
Signed-off-by: Kent Overstreet <koverstreet@google.com>
Cc: Zach Brown <zab@redhat.com>
Cc: Felipe Balbi <balbi@ti.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Asai Thambi S P <asamymuthupa@micron.com>
Cc: Selvan Mani <smani@micron.com>
Cc: Sam Bradshaw <sbradshaw@micron.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Reviewed-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull VFS updates from Al Viro,
Misc cleanups all over the place, mainly wrt /proc interfaces (switch
create_proc_entry to proc_create(), get rid of the deprecated
create_proc_read_entry() in favor of using proc_create_data() and
seq_file etc).
7kloc removed.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (204 commits)
don't bother with deferred freeing of fdtables
proc: Move non-public stuff from linux/proc_fs.h to fs/proc/internal.h
proc: Make the PROC_I() and PDE() macros internal to procfs
proc: Supply a function to remove a proc entry by PDE
take cgroup_open() and cpuset_open() to fs/proc/base.c
ppc: Clean up scanlog
ppc: Clean up rtas_flash driver somewhat
hostap: proc: Use remove_proc_subtree()
drm: proc: Use remove_proc_subtree()
drm: proc: Use minor->index to label things, not PDE->name
drm: Constify drm_proc_list[]
zoran: Don't print proc_dir_entry data in debug
reiserfs: Don't access the proc_dir_entry in r_open(), r_start() r_show()
proc: Supply an accessor for getting the data from a PDE's parent
airo: Use remove_proc_subtree()
rtl8192u: Don't need to save device proc dir PDE
rtl8187se: Use a dir under /proc/net/r8180/
proc: Add proc_mkdir_data()
proc: Move some bits from linux/proc_fs.h to linux/{of.h,signal.h,tty.h}
proc: Move PDE_NET() to fs/proc/proc_net.c
...
|
|
Pull networking updates from David Miller:
"Highlights (1721 non-merge commits, this has to be a record of some
sort):
1) Add 'random' mode to team driver, from Jiri Pirko and Eric
Dumazet.
2) Make it so that any driver that supports configuration of multiple
MAC addresses can provide the forwarding database add and del
calls by providing a default implementation and hooking that up if
the driver doesn't have an explicit set of handlers. From Vlad
Yasevich.
3) Support GSO segmentation over tunnels and other encapsulating
devices such as VXLAN, from Pravin B Shelar.
4) Support L2 GRE tunnels in the flow dissector, from Michael Dalton.
5) Implement Tail Loss Probe (TLP) detection in TCP, from Nandita
Dukkipati.
6) In the PHY layer, allow supporting wake-on-lan in situations where
the PHY registers have to be written for it to be configured.
Use it to support wake-on-lan in mv643xx_eth.
From Michael Stapelberg.
7) Significantly improve firewire IPV6 support, from YOSHIFUJI
Hideaki.
8) Allow multiple packets to be sent in a single transmission using
network coding in batman-adv, from Martin Hundebøll.
9) Add support for T5 cxgb4 chips, from Santosh Rastapur.
10) Generalize the VXLAN forwarding tables so that there is more
flexibility in configurating various aspects of the endpoints.
From David Stevens.
11) Support RSS and TSO in hardware over GRE tunnels in bxn2x driver,
from Dmitry Kravkov.
12) Zero copy support in nfnelink_queue, from Eric Dumazet and Pablo
Neira Ayuso.
13) Start adding networking selftests.
14) In situations of overload on the same AF_PACKET fanout socket, or
per-cpu packet receive queue, minimize drop by distributing the
load to other cpus/fanouts. From Willem de Bruijn and Eric
Dumazet.
15) Add support for new payload offset BPF instruction, from Daniel
Borkmann.
16) Convert several drivers over to mdoule_platform_driver(), from
Sachin Kamat.
17) Provide a minimal BPF JIT image disassembler userspace tool, from
Daniel Borkmann.
18) Rewrite F-RTO implementation in TCP to match the final
specification of it in RFC4138 and RFC5682. From Yuchung Cheng.
19) Provide netlink socket diag of netlink sockets ("Yo dawg, I hear
you like netlink, so I implemented netlink dumping of netlink
sockets.") From Andrey Vagin.
20) Remove ugly passing of rtnetlink attributes into rtnl_doit
functions, from Thomas Graf.
21) Allow userspace to be able to see if a configuration change occurs
in the middle of an address or device list dump, from Nicolas
Dichtel.
22) Support RFC3168 ECN protection for ipv6 fragments, from Hannes
Frederic Sowa.
23) Increase accuracy of packet length used by packet scheduler, from
Jason Wang.
24) Beginning set of changes to make ipv4/ipv6 fragment handling more
scalable and less susceptible to overload and locking contention,
from Jesper Dangaard Brouer.
25) Get rid of using non-type-safe NLMSG_* macros and use nlmsg_*()
instead. From Hong Zhiguo.
26) Optimize route usage in IPVS by avoiding reference counting where
possible, from Julian Anastasov.
27) Convert IPVS schedulers to RCU, also from Julian Anastasov.
28) Support cpu fanouts in xt_NFQUEUE netfilter target, from Holger
Eitzenberger.
29) Network namespace support for nf_log, ebt_log, xt_LOG, ipt_ULOG,
nfnetlink_log, and nfnetlink_queue. From Gao feng.
30) Implement RFC3168 ECN protection, from Hannes Frederic Sowa.
31) Support several new r8169 chips, from Hayes Wang.
32) Support tokenized interface identifiers in ipv6, from Daniel
Borkmann.
33) Use usbnet_link_change() helper in USB net driver, from Ming Lei.
34) Add 802.1ad vlan offload support, from Patrick McHardy.
35) Support mmap() based netlink communication, also from Patrick
McHardy.
36) Support HW timestamping in mlx4 driver, from Amir Vadai.
37) Rationalize AF_PACKET packet timestamping when transmitting, from
Willem de Bruijn and Daniel Borkmann.
38) Bring parity to what's provided by /proc/net/packet socket dumping
and the info provided by netlink socket dumping of AF_PACKET
sockets. From Nicolas Dichtel.
39) Fix peeking beyond zero sized SKBs in AF_UNIX, from Benjamin
Poirier"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1722 commits)
filter: fix va_list build error
af_unix: fix a fatal race with bit fields
bnx2x: Prevent memory leak when cnic is absent
bnx2x: correct reading of speed capabilities
net: sctp: attribute printl with __printf for gcc fmt checks
netlink: kconfig: move mmap i/o into netlink kconfig
netpoll: convert mutex into a semaphore
netlink: Fix skb ref counting.
net_sched: act_ipt forward compat with xtables
mlx4_en: fix a build error on 32bit arches
Revert "bnx2x: allow nvram test to run when device is down"
bridge: avoid OOPS if root port not found
drivers: net: cpsw: fix kernel warn on cpsw irq enable
sh_eth: use random MAC address if no valid one supplied
3c509.c: call SET_NETDEV_DEV for all device types (ISA/ISAPnP/EISA)
tg3: fix to append hardware time stamping flags
unix/stream: fix peeking with an offset larger than data in queue
unix/dgram: fix peeking with an offset larger than data in queue
unix/dgram: peek beyond 0-sized skbs
openvswitch: Remove unneeded ovs_netdev_get_ifindex()
...
|
|
Merge third batch of fixes from Andrew Morton:
"Most of the rest. I still have two large patchsets against AIO and
IPC, but they're a bit stuck behind other trees and I'm about to
vanish for six days.
- random fixlets
- inotify
- more of the MM queue
- show_stack() cleanups
- DMI update
- kthread/workqueue things
- compat cleanups
- epoll udpates
- binfmt updates
- nilfs2
- hfs
- hfsplus
- ptrace
- kmod
- coredump
- kexec
- rbtree
- pids
- pidns
- pps
- semaphore tweaks
- some w1 patches
- relay updates
- core Kconfig changes
- sysrq tweaks"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (109 commits)
Documentation/sysrq: fix inconstistent help message of sysrq key
ethernet/emac/sysrq: fix inconstistent help message of sysrq key
sparc/sysrq: fix inconstistent help message of sysrq key
powerpc/xmon/sysrq: fix inconstistent help message of sysrq key
ARM/etm/sysrq: fix inconstistent help message of sysrq key
power/sysrq: fix inconstistent help message of sysrq key
kgdb/sysrq: fix inconstistent help message of sysrq key
lib/decompress.c: fix initconst
notifier-error-inject: fix module names in Kconfig
kernel/sys.c: make prctl(PR_SET_MM) generally available
UAPI: remove empty Kbuild files
menuconfig: print more info for symbol without prompts
init/Kconfig: re-order CONFIG_EXPERT options to fix menuconfig display
kconfig menu: move Virtualization drivers near other virtualization options
Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
relay: use macro PAGE_ALIGN instead of FIX_SIZE
kernel/relay.c: move FIX_SIZE macro into relay.c
kernel/relay.c: remove unused function argument actor
drivers/w1/slaves/w1_ds2760.c: fix the error handling in w1_ds2760_add_slave()
drivers/w1/slaves/w1_ds2781.c: fix the error handling in w1_ds2781_add_slave()
...
|
|
Use call_usermodehelper_setup() + call_usermodehelper_exec() instead of
calling call_usermodehelper_fns(). In case there's an OOM in this last
function the cleanup function may not be called - in this case we would
miss a call to key_put().
Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Cc: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Tejun Heo <tj@kernel.org>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem update from James Morris:
"Just some minor updates across the subsystem"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: eliminate passing d_name.name to process_measurement()
TPM: Retry SaveState command in suspend path
tpm/tpm_i2c_infineon: Add small comment about return value of __i2c_transfer
tpm/tpm_i2c_infineon.c: Add OF attributes type and name to the of_device_id table entries
tpm_i2c_stm_st33: Remove duplicate inclusion of header files
tpm: Add support for new Infineon I2C TPM (SLB 9645 TT 1.2 I2C)
char/tpm: Convert struct i2c_msg initialization to C99 format
drivers/char/tpm/tpm_ppi: use strlcpy instead of strncpy
tpm/tpm_i2c_stm_st33: formatting and white space changes
Smack: include magic.h in smackfs.c
selinux: make security_sb_clone_mnt_opts return an error on context mismatch
seccomp: allow BPF_XOR based ALU instructions.
Fix NULL pointer dereference in smack_inode_unlink() and smack_inode_rmdir()
Smack: add support for modification of existing rules
smack: SMACK_MAGIC to include/uapi/linux/magic.h
Smack: add missing support for transmute bit in smack_str_from_perm()
Smack: prevent revoke-subject from failing when unseen label is written to it
tomoyo: use DEFINE_SRCU() to define tomoyo_ss
tomoyo: use DEFINE_SRCU() to define tomoyo_ss
|
