Google Git
Sign in
android / kernel / common / refs/tags/android14-6.1-2023-08_r3
tag6e5944dee64efc9911d84883ba35c49ac8202969
taggerHoward Chen <howardsoc@google.com>Mon Sep 11 12:20:49 2023 +0800
objectf580df859bb06948e26f249d348a74348c237271 
android14-6.1 August 2023 release 3

Artifacts:
  https://ci.android.com/builds/submitted/10781043/kernel_aarch64/latest
commitf580df859bb06948e26f249d348a74348c237271[log] [tgz]
authorJohn Stultz <jstultz@google.com>Sat Aug 26 01:32:59 2023 +0000
committerTreehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>Fri Sep 08 11:11:08 2023 +0000
treea7bfadd7de5e27e5020f5db12609837f97170305
parenteb739ed4cf12407543b02fb484eda2a546fcecff [diff]
ANDROID: uid_sys_stats: Use llist for deferred work

A use-after-free bug was found in the previous custom lock-free list
implementation for the deferred work, so switch functionality to llist
implementation.

While the previous approach atomically handled the list head, it did not
assure the new node's next pointer was assigned before the head was
pointed to the node, allowing the consumer to traverse to an invalid
next pointer.

Additionally, in switching to llists, this patch pulls the entire list
off the list head once and processes it separately, reducing the number
of atomic operations compared with the custom lists's implementation
which pulled one node at a time atomically from the list head.

BUG: KASAN: use-after-free in process_notifier+0x270/0x2dc
Write of size 8 at addr d4ffff89545c3c58 by task Blocking Thread/3431
Pointer tag: [d4], memory tag: [fe]

call trace:
 dump_backtrace+0xf8/0x118
 show_stack+0x18/0x24
 dump_stack_lvl+0x60/0x78
 print_report+0x178/0x470
 kasan_report+0x8c/0xbc
 kasan_tag_mismatch+0x28/0x3c
 __hwasan_tag_mismatch+0x30/0x60
 process_notifier+0x270/0x2dc
 notifier_call_chain+0xb4/0x108
 blocking_notifier_call_chain+0x54/0x80
 profile_task_exit+0x20/0x2c
 do_exit+0xec/0x1114
 __arm64_sys_exit_group+0x0/0x24
 get_signal+0x93c/0xa78
 do_notify_resume+0x158/0x3fc
 el0_svc+0x54/0x78
 el0t_64_sync_handler+0x44/0xe4
 el0t_64_sync+0x190/0x194

Bug: 294468796
Bug: 295787403
Bug: 299197985
Fixes: 8e86825eecfa ("ANDROID: uid_sys_stats: Use a single work for deferred updates")
Change-Id: Id377348c239ec720a5237726bc3632544d737e3b
Signed-off-by: John Stultz <jstultz@google.com>
[nkapron: Squashed with other changes and rewrote the commit message]
Signed-off-by: Neill Kapron <nkapron@google.com>
(cherry picked from commit 87647c0c54bbfe865691d8b58988a3ce941b905e)
1 file changed
tree: a7bfadd7de5e27e5020f5db12609837f97170305
  1. android/
  2. arch/
  3. block/
  4. certs/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. fs/
  9. include/
  10. init/
  11. io_uring/
  12. ipc/
  13. kernel/
  14. lib/
  15. LICENSES/
  16. mm/
  17. net/
  18. rust/
  19. samples/
  20. scripts/
  21. security/
  22. sound/
  23. tools/
  24. usr/
  25. virt/
  26. .clang-format
  27. .cocciconfig
  28. .get_maintainer.ignore
  29. .gitattributes
  30. .gitignore
  31. .mailmap
  32. .rustfmt.toml
  33. BUILD.bazel
  34. build.config.aarch64
  35. build.config.allmodconfig
  36. build.config.allmodconfig.aarch64
  37. build.config.allmodconfig.arm
  38. build.config.allmodconfig.x86_64
  39. build.config.amlogic
  40. build.config.arm
  41. build.config.common
  42. build.config.constants
  43. build.config.db845c
  44. build.config.gki
  45. build.config.gki-debug.aarch64
  46. build.config.gki-debug.x86_64
  47. build.config.gki.aarch64
  48. build.config.gki.aarch64.16k
  49. build.config.gki.aarch64.fips140
  50. build.config.gki.riscv64
  51. build.config.gki.x86_64
  52. build.config.gki_kasan
  53. build.config.gki_kasan.aarch64
  54. build.config.gki_kasan.x86_64
  55. build.config.gki_kprobes
  56. build.config.gki_kprobes.aarch64
  57. build.config.gki_kprobes.x86_64
  58. build.config.khwasan
  59. build.config.riscv64
  60. build.config.rockpi4
  61. build.config.x86_64
  62. COPYING
  63. CREDITS
  64. Kbuild
  65. Kconfig
  66. Kconfig.ext
  67. MAINTAINERS
  68. Makefile
  69. modules.bzl
  70. OWNERS
  71. OWNERS_DrNo
  72. README
  73. README.md
README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

    • Do not send patches upstream that contain only symbol exports. To be considered for upstream Linux, additions of EXPORT_SYMBOL_GPL() require an in-tree modular driver that uses the symbol -- so include the new driver or changes to an existing driver in the same patchset as the export.
    • When sending patches upstream, the commit message must contain a clear case for why the patch is needed and beneficial to the community. Enabling out-of-tree drivers or functionality is not not a persuasive case.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with kernel-team@android.com. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass scripts/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry picked from commit ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry picked from commit ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [joe: Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • add a Bug: tag with the Android bug (required for patches not accepted into a maintainer tree)
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/20190619171517.GA17557@someone.com/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)