| Age | Commit message (Collapse) | Author |
|---|
|
1. Enable Marvell SPI controller and MTD m25p80 driver in kernel config
2. Add SPI pin configuration in dts file
3. Support setting the SPI controller clock dynamically
4. Use GPIO to control the #CS signal of SPI
BUG: 27844484
Change-Id: I3691f37e869dc43599417ed734ea9b9dd4db2944
|
|
Add pin[GPIO/SPI/I2C] configuration information for the extension board
to support the Peripheral HAL.
BUG=27689060
Change-Id: Ifd52812b7cdd89b94e8387935d706c39ffdc44bf
|
|
(cherry picked from commit https://lkml.org/lkml/2016/2/4/833)
Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long(). Also address shifting bug which, in case
of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: Ia66447c8e07db36b76789f6a61ea3d14a14707df
Signed-off-by: Kees Cook <keescook@google.com>
|
|
(cherry picked from commit https://lkml.org/lkml/2016/2/4/831)
d07e22597d1d355 ("mm: mmap: add new /proc tunable for mmap_base ASLR")
added the ability to choose from a range of values to use for entropy
count in generating the random offset to the mmap_base address. The
maximum value on this range was set to 32 bits for 64-bit x86 systems, but
this value could be increased further, requiring more than the 32 bits of
randomness provided by get_random_int(), as is already possible for arm64.
Add a new function: get_random_long() which more naturally fits with the
mmap usage of get_random_int() but operates exactly the same as
get_random_int().
Also, fix the shifting constant in mmap_rnd() to be an unsigned long so
that values greater than 31 bits generate an appropriate mask without
overflow. This is especially important on x86, as its shift instruction
uses a 5-bit mask for the shift operand, which meant that any value for
mmap_rnd_bits over 31 acts as a no-op and effectively disables mmap_base
randomization.
Finally, replace calls to get_random_int() with get_random_long() where
appropriate.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: Iaf20b2fb8f15bfccf3db92442fe0fa121282b586
Signed-off-by: Kees Cook <keescook@google.com>
|
|
(cherry picked from commit https://lkml.org/lkml/2015/12/21/339)
x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address.
This value represents a compromise between increased ASLR
effectiveness and avoiding address-space fragmentation. Replace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: I65e14a627f2b370566652f569b07e4327d9e42df
Signed-off-by: Kees Cook <keescook@google.com>
|
|
(cherry picked from commit https://lkml.org/lkml/2015/12/21/340)
arm64: arch_mmap_rnd() uses STACK_RND_MASK to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: I9192fa3dd0e061066985b48c84d95c88710282db
Signed-off-by: Kees Cook <keescook@google.com>
|
|
(cherry picked from commit https://lkml.org/lkml/2015/12/21/341)
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: I93b29b4abfd3fa6555bd4e21ac4a208b1f30540a
Signed-off-by: Kees Cook <keescook@google.com>
|
|
(cherry picked from commit https://lkml.org/lkml/2015/12/21/337)
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Bug: 27796957
Patchset: ASLR sysctl
Change-Id: I91c5c5e48f24ce3a0c96697711ead226e6752196
Signed-off-by: Kees Cook <keescook@google.com>
|
|
The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
when tearing down the rawmidi interface. So we shouldn't try to free it
in snd_usbmidi_create() after having registered the rawmidi interface.
Found by KASAN.
Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com>
Acked-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Bug: 27300729
(cherry picked from commit 07d86ca93db7e5cdf4743564d98292042ec21af7)
Signed-off-by: Kees Cook <keescook@google.com>
Change-Id: I50e3d5dfe02a7e196c7b4ccf58cd7e37cae010e6
|
|
Remove the git info from the kernel image. The cgitinfo script casue
the kernel compilation crash if the path of the kernel is too long.
BUG=27455239
Change-Id: Iebf42ec95232b7b9bca9050a73995abf3026b12b
|
|
BUG=26894696
Change-Id: I39073164739ade0e0e83979f0baa8d9028b4c940
|
|
1. Enable SMSC75XX usb ethernet adapter.
2. Enable RTL815x usb ethernet adapter.
BUG=26986287
Change-Id: I0c689c6e0353180d74c82252e57780e466f14aed
|
|
pstore compression/decompression was added during 3.12.
The ramoops driver prepends a "====timestamp.timestamp-C|D\n"
header to the compressed record before handing it over to pstore
driver which doesn't know about the header. In pstore_decompress(),
the pstore driver reads the first "==" as a zlib header, so the
decompression always fails. For example, this causes the driver
to write /dev/pstore/dmesg-ramoops-0.enc.z instead of
/dev/pstore/dmesg-ramoops-0.
This patch makes the ramoops driver remove the header before
pstore decompression.
Signed-off-by: Ben Zhang <benzh@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
|
Add support for ConfigFS gadget functions.
BUG=26147310
Change-Id: I8817aad2b0baefb331e469c0e99d4206ea087bdf
|
|
pxa-3.14
|
|
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Bug: 26692844
(cherry picked from commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2)
Signed-off-by: Kees Cook <keescook@google.com>
Change-Id: I80dce82304fcecb633508b4adaf49840547d78b3
|
|
Update marvell security drive update to date.
BUG=25833706
Change-Id: I305347e9571401ef59ee94d7bdf21cbfbaf8a5f4
|
|
Cherry pick from https://android-review.googlesource.com/#/c/123424/1
pstore: selinux: add security in-core xattr support for pstore and debugfs
- add "pstore" and "debugfs" to list of in-core exceptions
- change fstype checks to boolean equation
- change from strncmp to strcmp for checking
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
BUG=26258202
Change-Id: I35b41660701fe63a5e8173813ac62b84474ec48f
|
|
Add switch classs hook in 88pm88x-headset driver so that the headset
information can be read from /sys/class/switch/h2w/.
BUG=26071627
Change-Id: Iec7626bfb9cb0a617a38591cd3508366bd1fabc8
|
|
1) To pass the wifi calibration data to wifi driver
2) Added the wifi driver error handling for de-association
BUG=25731975
Change-Id: I2b72bc92f969b0abf155eb78a0de2de2a21e9528
|
|
1. Disable SDIO auto tuning during probe
2. Remove useless GPIOs from dts
BUG=25864607
Change-Id: I2d2f80cf094924f8634e2d49de739299daeffdd8
|
|
DTS changes:
1. Remove unused settings of front camera.
2. Disable unused sensors.
Remove unnecessary debugging information of modules:
1. DVC power down log.
2. sdhci-pxav3 tuning log.
3. Thermal policy log.
Test:
[ 3.626789] c2 1 (init) init: init first stage started!
BUG=25579467
Change-Id: Id7e86f709e5adf2d68aa299ec436c17d95b217fb
|
|
The USB type A's vbus doesn't connect to otgsc, so there is no need to
check its status.
BUG=25653524
Change-Id: Ide3fef19c1820c9ff363c647005eab7a003a398f
|
|
Rename kernel config file from armadillo_edge_defconfig to
abox_edge_defconfig.
BUG=25755186
Change-Id: If23af1274075a0fa90450f6645dc2e2c3990feb5
|
|
changes:
1. Remove JOYSTICK and TABLET.
2. Remove BATTERY_88PM80X/88PM88X.
3. Remove BACKLIGHT_LCD_SUPPORT to speed up booting.
BUG=25751592
BUG=25579467
Change-Id: Ifbfdcb52df3f186101ed139e67b2e313400cd656
|
|
cause the error KEY_VOLUMEUP events.
BUG=25655525
Change-Id: I2e0d0baf5d6bf1e2696b0dbae87c93144b0b6ce3
|
|
Changes:
1) zImage entry point switches EL2-aarch64 to EL1-aarch32 instead of
kernel entry point.
2) Set ZRELADDR of mach-mmp/Makefile.boot to 8MB.
3) Fix buggy TTBCR setup in arch/arm/boot/compressed/head.S Bits
[2:0] and not [1:0] should be set to 0 as TTBCR.N is a 3-bit field
and non-0 value would result in truncated TTB space and thus limited
virtual space accessible.
4) Kernel defconfig: enable CONFIG_APPENDED_DTB and related settings.
5) Disable stack protector on atags-to-fdt function.
The reason is -fstack-protector-strong generates a stack canary code in
atags_to_fdt(), which accesses __stack_chk_guard in .bss. This violates
the assumption that atags_to_fdt does not access any globals as
explicitly stated in comments before the function invocation in head.S.
The function is called before GOT relocations are performed, thus
__stack_chk_guard is accessed by offset in GOT, not an actual relocated
address. That this might work on many platforms that have accessible
memory at low addresses (similar to a NULL pointer access),but On iap140
the lowest 8MB of physical address space is not accessible to
Non-Security, therefore __stack_chk_guard results in exception.
BUG=25393413
BUG=25421621
Change-Id: I72164e43b2dc400ae7db0e3403e5ae78cd6e5a34
|
|
BUG=25486837
Change-Id: Ia1345dd932a61c1f658b5293d48ff4cf498009b9
|
|
BUG=25486837
Change-Id: I358f678c0d1fc8974ac7a84c5ef2aab75d60baeb
|
|
Change-Id: I99cb8fae615165d7d61e249421e0c089398b9390
|
|
Change-Id: Ibad4efd5da787b2dd05605af5826816c988a3ae2
|
|
Change-Id: I6e015357989d4dff97e942ac47ae1a65fdfa0fea
|
|
Changed the sd8777 bluetooth device accessing group to net_bt_stack
Change-Id: Id9e7aa5d4838dabfd55f0370e29aa6a0c494ad3e
|
|
This code is not exercised by policy version 26, but will be upon
upgrade to policy version 30.
Bug: 18087110
Change-Id: I07c6f34607713294a6a12c43a64d9936f0602200
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.
Bug: 20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)
|
|
Extend the generic ioctl permission check with support for per-command
filtering. Source/target/class sets including the ioctl permission may
additionally include a set of commands. Example:
allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 }
auditallow <source> <target>:<class> 0x892A
When ioctl commands are omitted only the permissions are checked. This
feature is intended to provide finer granularity for the ioctl
permission which may be too imprecise in some circumstances. For
example, the same driver may use ioctls to provide important and
benign functionality such as driver version or socket type as well as
dangerous capabilities such as debugging features, read/write/execute
to physical memory or access to sensitive data. Per-command filtering
provides a mechanism to reduce the attack surface of the kernel, and
limit applications to the subset of commands required.
The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change.
Bug: 18087110
Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
Add information about ioctl calls to the LSM audit data. Log the
file path and command number.
Bug: 18087110
Change-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
|
|
Since we use ltr 558als, so disable ltr_55x.
Change-Id: I51912949d74dc542883ff6f0b5cd921da3bb29cd
Signed-off-by: Tim Wang <wangtt@marvell.com>
|
|
Change-Id: I0ebdf9a299e280848d8e8f323ccc9c25d8231277
Signed-off-by: Peng Du <pengdu@marvell.com>
|
|
Change-Id: I47983a674bac70e86710dbd0b5a09e34f61dee0b
Signed-off-by: Peng Du <pengdu@marvell.com>
|
|
Change-Id: I2a5f8c86d3e7207748b32da7216794436fec7ebb
Signed-off-by: Peng Du <pengdu@marvell.com>
|
|
Change-Id: Id1baab405b0c90051137a8b347e21a1327dcab02
Signed-off-by: Peng Du <pengdu@marvell.com>
|
|
Change-Id: I9ec2e6e3e20d8fc4586c76c2a7c147eb123c0047
Signed-off-by: Peng Du <pengdu@marvell.com>
|
|
Enable bma2x2 driver for pxa1908sl
Change-Id: Ib51a0c6dfcd11e838639bb46422e8c4437af380c
Signed-off-by: yanggao <yanggao@marvell.com>
|
|
add generic driver to support vibrator controlled by PWM/GPIO/LDO
Change-Id: I35177c1fda2679219b461c6bbacf92fd64905c8b
Signed-off-by: Andy Luo <yifeiluo@marvell.com>
|
|
add 3-Axis accelerometer sensor bma2x2 driver support
Change-Id: I65bfa426aeea94725ccdf04311eca645ec4caa99
Signed-off-by: yanggao <yanggao@marvell.com>
|
|
Enable mstar touchscreen panel, add Kconfig, Makefile.
Change-Id: I803c55da4be10eedb47d4a3df6c9fd1ddb7213c0
Signed-off-by: Qiang Liu <qiangliu@marvell.com>
Signed-off-by: yanggao <yanggao@marvell.com>
|
|
Enable mstar touchscreen driver.
Change-Id: I8d2259c6f8c6856c926d3455611461b1a7f51abf
Signed-off-by: yanggao <yanggao@marvell.com>
Signed-off-by: Qiang Liu <qiangliu@marvell.com>
|
|
Enable config HX8394D in default pxa1908 config.
Change-Id: I73d9c1b44c81ecdb07b98d54c21013cd7b560f66
Signed-off-by: Qiang Liu <qiangliu@marvell.com>
|
