from armani_user_defconfig

Break the initialization dependency on module-load and tie it to
opening up the actual v4l device.

Change-Id: I12d5226e7e9b15d14cf62e2dc666612f4cb608f1

https://www.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima

* Add QCOM_TDLS config entry and derp fix

Signed-off-by: LuffyXDA <beastdragon01@gmail.com>

This patch fixes wrong memcpy size when copying ltk value to
HCI_OP_LE_LTK_REPLY command.

Change-Id: I8de20d772e5d2bd7b5a3c60d020c6a0e4be742ee

Export audio_effects.h for userland to use

Change-Id: Ib4b040a87bcf89542d8c9dfb363fcd5f9a1bfc76

Change-Id: Ib85d17d76ce39e8e405aa9cf1dd0dc225c183f05

The composition fallback mechanism might not ensure unsetting of
the pipe whose prepare call failed due to smp configuration change,
typically in the cases where change in composition requests same
pipe. This scenario is a deadlock where composition switch does
not happen, due to these pipe failures.

To handle such cases, for changed SMP request for a pipe doing
non backend composition, allow smp configuration to happen, so
that the composition could be successfully switched, thereby
preventing the deadlock.

Change-Id: I2d29ac6591671494abc7c4caf7c6c53f058d12f6
Signed-off-by: Justin Philip <jphili@codeaurora.org>

MDP_SMP_FORCE_ALLOC flag is used to allow SMP
allocations even when there is mismatch between
allocated and requested SMPs for a pipe.
User space can make use of this flag in extreme scenarios
where SMP allocations need to pass like GPU composition
and playback of protected  or secure videos.

Change-Id: I369b4361e7e2bbfc8150add467678c4ef8d5cfb6
Signed-off-by: Justin Philip <jphili@codeaurora.org>

Send the resolution along with output buffer to the client
to avoid a race condition where resolution might be changed
multiple times in driver before client requests for updated
resolution.

Change-Id: I8ebb99e3baa04da09f153195a674babcebcfea78
Signed-off-by: Maheshwar Ajja <majja@codeaurora.org>

Firmware requires the max number of hier-p layers
to be used during the encode session to be set
in load resources state. Without this change,
firmware will not enable hier-p encoding. Also
switch to using HFI_PROPERTY_CONFIG_VENC_HIER_P_ENH_LAYER
to set the number of hier-p layers.

Change-Id: I1fbf835acdb7d0a06d33cf9c2d038fb87c10010d
Signed-off-by: Arun Menon <avmenon@codeaurora.org>

Adds support to set initial qp, thereby allowing the client to set
initial qp for I,P, and B frames.

Change-Id: Ie956651bde85e800d97a0007769af9aec8ca16a4
Signed-off-by: Ashray Kulkarni <ashrayk@codeaurora.org>

When hardware is overloaded or when max number of clients are
reached in driver or firmware, hardware error is sent to video
client. This change is to replace hardware error with actual
errors.

CRs-fixed: 575852
Change-Id: I07e599f894a3716a3dc4fed5eb7c987311f5bdde
Signed-off-by: Deepak Verma <dverma@codeaurora.org>

Add support and control for setting Active format
description and closed caption meta data in the
extradata. FW parses metadata and adds it to the
extradata. Client can use control to parse extradata
for the metadata information.

Change-Id: I79fb71e635927c95e0792862c9dea7d96f58e895
Signed-off-by: Jayasena Sangaraboina <jsanga@codeaurora.org>

0x8080 is gray color concealment, changing it to
black color, which is 0x8010.

Change-Id: I50897d771913ee33a5b2c2ea486996dfc0c294bf
Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>

Right now, input buffer size is calculated based on
maximum supported height and width returned from FW.
These values are not true representation as they are
calculated for rotation usecase. Driver needs to use
max MB supported from FW. This change fixes the same.

CRs-Fixed: 599818
Change-Id: I5b5f7d0db1088a4bc16ec7a32b31e1f763d5da7c
Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>

Take the minimum of the size calculated by driver using
max width and height supported and the size set by client
for input buffers. Change interface to get input and
output buffer sizes.

Change-Id: Ia3eb4cc7ae7bb38e2650fff1b694623e2aab62ef
Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>

Add 8KB worth of padding for extradata. This is required to accommodate
some of the larger extradata types that didn't fit into the residual
space between the actual buffer size and its aligned size.

CRs-Fixed: 647378
Change-Id: I550f806079dfbdece229f68ffdfc5c0e20b3c9e1
Signed-off-by: Deva Ramasubramanian <dramasub@codeaurora.org>

Previously, the extradata size was included within VENUS_BUFFER_SIZE
and callers (primarily in userspace) wouldn't know how much extra
padding was added to the buffer size. Exposing it allows userspace to
query directly instead of doing guesswork.

Change-Id: I7f9701a4adfe364d757028514bdd4fa84402a995
Signed-off-by: Deva Ramasubramanian <dramasub@codeaurora.org>

* Userspace uses this value too, so both kernel and userspace need to be
  in agreement here.

Change-Id: Ic216adf95bf4207c93089d611c5122edaeb25a04

This reverts commit 5d21435.

* To fix video recording

* Thanks to @ilopez85

 * MDP 4.2 supports Polynomial Color Correction. Use this to implement
   a simple sysfs API for adjusting RGB scaling values. This can be
   used to implement color temperature and other controls.
 * Why use this when we have KCAL? This code is dead simple, the
   interface is in the right place, and it allows for 128X accuracy.

Change-Id: Ie17c84ee3c1092ea65804566bdf05326a34a6d4d

Change the flag to vendor command from NL80211_FLAG_NEED_WIPHY to
NL80211_FLAG_NEED_NETDEV

Change-Id: Ia7a99a326b87f4d6caa4b1b8a60943c03a757cb0
Signed-off-by: Jing Ji <a5705c@motorola.com>
Reviewed-on: http://gerrit.mot.com/647903
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Igor Kovalenko <igork@motorola.com>
SLTApproved: Christopher Fries <cfries@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>

Many "rmnet_usb 1-1:1.6: [rmnet_usb0] error: rmnet_ioct
called for unsupported cmd" messages are output when doing
Embedded Rmnet communication. It is caused by receiving
unsupported commands in rmnet_ioctl function. This is not
an error condition, so downgrade to debug log level to quiet
messages appearing on console. Moreover, Change %d to %x
in this dev_dbg function call. %x will make it easier to
identify ioctl code since they are usually defined in hex
format in the header files.

Change-Id: I776e9ced0a8a042331d73ab0cfebacc33f61dfc6
CRs-fixed: 622875
Signed-off-by: Guang Jian Zeng <gzeng@codeaurora.org>

Setting net.ipv6.conf.<interface>.accept_ra=2 causes the kernel
to accept RAs even when forwarding is enabled. However, enabling
forwarding purges all default routes on the system, breaking
connectivity until the next RA is received. Fix this by not
purging default routes on interfaces that have accept_ra=2.

Change-Id: Icda010467c030b11f2cc91fac8d1331b6e9fc370
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CRs-Fixed: 646636
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>

After IP route cache removal, I believe rcu_bh() has very little use and
we should remove this RCU variant, since it adds some cycles in fast
path.

Anyway, the call_rcu_bh() use in fib_true is obviously wrong, since
some users only assert rcu_read_lock().

Change-Id: Ie22d933518d579f4d018a4efec9d3a39c7b64681
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 0c03eca
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>

Allows other areas in the kernel to register notifier callbacks which
get invoked whenever something performs an administrative action on a
socket. This patch adds hooks in socket(), bind(), listen(), accept(),
shutdown().

CRs-Fixed:  626021
Change-Id: I4ae99cb2206d7c4eddba69757335c18d10143045
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>

Added module which subscribes to socket notifier events. Notifier events
are then converted to a multicast netlink message for user space
applications to consume.

CRs-Fixed:  626021
Change-Id: Id5c6808d972b69f5f065d7fba9094e75c6ad0b2c
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>

[net-next commit bf439b3]

Change-Id: I8356e9132088c75d4510021c6e4c2641d772087a
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: a5d5c16
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>

Currently, IPv6 router discovery always puts routes into
RT6_TABLE_MAIN. This causes problems for connection managers
that want to support multiple simultaneous network connections
and want control over which one is used by default (e.g., wifi
and wired).

To work around this connection managers typically take the routes
they prefer and copy them to static routes with low metrics in
the main table. This puts the burden on the connection manager
to watch netlink to see if the routes have changed, delete the
routes when their lifetime expires, etc.

Instead, this patch adds a per-interface sysctl to have the
kernel put autoconf routes into different tables. This allows
each interface to have its own autoconf table, and choosing the
default interface (or using different interfaces at the same
time for different types of traffic) can be done using
appropriate ip rules.

The sysctl behaves as follows:

- = 0: default. Put routes into RT6_TABLE_MAIN as before.
- > 0: manual. Put routes into the specified table.
- < 0: automatic. Add the absolute value of the sysctl to the
       device's ifindex, and use that table.

The automatic mode is most useful in conjunction with
net.ipv6.conf.default.accept_ra_rt_table. A connection manager
or distribution could set it to, say, -100 on boot, and
thereafter just use IP rules.

Change-Id: I093d39fb06ec413905dc0d0d5792c1bc5d5c73a9
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 5fe5c51
Git-repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolve trivial merge conflicts]
Signed-off-by: Ian Maund <imaund@codeaurora.org>

Kernel-originated IP packets that have no user socket associated
with them (e.g., ICMP errors and echo replies, TCP RSTs, etc.)
are emitted with a mark of zero. Add a sysctl to make them have
the same mark as the packet they are replying to.

This allows an administrator that wishes to do so to use
mark-based routing, firewalling, etc. for these replies by
marking the original packets inbound.

Tested using user-mode linux:
 - ICMP/ICMPv6 echo replies and errors.
 - TCP RST packets (IPv4 and IPv6).

Change-Id: I95d896647b278d092ef331d1377b959da1deb042
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 3356997
Git-repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolve trivial merge conflicts.]
Signed-off-by: Ian Maund <imaund@codeaurora.org>

When using mark-based routing, sockets returned from accept()
may need to be marked differently depending on the incoming
connection request.

This is the case, for example, if different socket marks identify
different networks: a listening socket may want to accept
connections from all networks, but each connection should be
marked with the network that the request came in on, so that
subsequent packets are sent on the correct network.

This patch adds a sysctl to mark TCP sockets based on the fwmark
of the incoming SYN packet. If enabled, and an unmarked socket
receives a SYN, then the SYN packet's fwmark is written to the
connection's inet_request_sock, and later written back to the
accepted socket when the connection is established.  If the
socket already has a nonzero mark, then the behaviour is the same
as it is today, i.e., the listening socket's fwmark is used.

Black-box tested using user-mode linux:

- IPv4/IPv6 SYN+ACK, FIN, etc. packets are routed based on the
  mark of the incoming SYN packet.
- The socket returned by accept() is marked with the mark of the
  incoming SYN packet.
- Tested with syncookies=1 and syncookies=2.

Change-Id: I5e8c9b989762a93f3eb5a0c1b4df44f62d57f3cb
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
[imaund@codeaurora.org: Resolve trivial merge conflicts.]
Git-commit: 4593f09
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>

This contains the following commits:

1. 0149763 net: core: Add a UID range to fib rules.
2. 1650474 net: core: Use the socket UID in routing lookups.
3. 0b16771 net: ipv4: Add the UID to the route cache.
4. ee058f1 net: core: Add a RTA_UID attribute to routes.
    This is so that userspace can do per-UID route lookups.

Bug: 15413527
Change-Id: I1285474c6734614d3bda6f61d88dfe89a4af7892
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 0b42874
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>

Bug: 15413527
Change-Id: If33bebb7b52c0ebfa8dac2452607bce0c2b0faa0
Signed-off-by: Sreeram Ramachandran <sreeram@google.com>
Git-commit: 0836a0c
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>

Reset WLED enable register in wled initialization function to avoid
unnecessary power consumption during the device boots up.

CRs-Fixed: 588781
Change-Id: Id8d8ed9d3c20e2209847457c711b7645d5de45b3
Signed-off-by: Sarada Prasanna Garnayak <c_sgarna@codeaurora.org>
Signed-off-by: LuffyXDA <beastdragon01@gmail.com>

Since the last parameter of qpnp_led_masked_write function is
of type 'u8', make sure that only value of type 'u8' is passed
to this parameter of function to avoid truncation.

CRs-Fixed: 618799
Change-Id: If047f844fc45713b77c4561a88253dade3c4c478
Signed-off-by: Abinaya P <abinayap@codeaurora.org>
Signed-off-by: LuffyXDA <beastdragon01@gmail.com>

Some leds use PWM wave to control the brightness. The original
period granularity is using microsecond by default, it's a very
large granularity and will cause some user experience issues on
leds' brightness.

Auto select the PWM period granularity between microsecond and
nanosecond according to the range that hardware can support.

CRs-Fixed: 622683
Change-Id: I0669a0c88ca2ba491f0a53be6070476d61374d72
Signed-off-by: Xu Kai <kaixu@codeaurora.org>
Signed-off-by: LuffyXDA <beastdragon01@gmail.com>

Conflicts:
	drivers/leds/leds-qpnp.c

The LPG hardware supports dynamically changing the duty cycle
without disabling the output. So pwm_disable calling can be
removed when setting nonzero brightness level, which avoid the
delays of the PWM wave output when changing PWM configuration.

CRs-Fixed: 622683
Change-Id: I8c5bdef1992c41f73fe16cce615b2d1d6dad7775
Signed-off-by: Xu Kai <kaixu@codeaurora.org>
Signed-off-by: LuffyXDA <beastdragon01@gmail.com>

simple_ondemands private data must be set to NULL, otherwise we would
run into a NULL pointer in kgsl_devfreq_get_dev_status().

Change-Id: Id494f1b65cb674fee56dae958bc1da267ed15501

Current logic in ASM driver supports CPU and DSP buffers only
when the number of buffers is power of 2. At times, the number
of buffers might need to be different than power of 2. Modify
the logic to find next available CPU or DSP buffer, even when
the number of buffers is anything other than power of 2.

CRs-Fixed: 771446
Change-Id: Ibda6e0843387f6286a75c1bf4dc2068b4c4e7e9b
Signed-off-by: Banajit Goswami <bgoswami@codeaurora.org>

The power_on alarm might be replaced or cleared during alarm
suspend and resume process.So restore the power_on alarm into RTC
during alarm resume.

Change-Id: I1eefb082f9dfbd78517f3da1cc60a989853555fd
Signed-off-by: Mao Jinlong <c_jmao@codeaurora.org>

* Fix compilation warnings

The UL_TIMOUT_DELAY of 1sec is very high in CDRX usecase where
the Modem and the network agree that no data will be exchanged for
a set amount of time. In this case A2 want to power collapse early
which is done by UL unvote from BAM DMUX.

Add a flag to reduce the UL_TIMEOUT_DELAY for early UL unvote from
BAM DMUX to allow A2 early power collapse.

CRs-Fixed: 826107
Change-Id: Iea99d59f0eadf2f385c66e3280a194be38c6d003
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>

Add support for LZ4 decompression in the Linux Kernel.  LZ4 Decompression
APIs for kernel are based on LZ4 implementation by Yann Collet.

Benchmark Results(PATCH v3)
Compiler: Linaro ARM gcc 4.6.2

1. ARMv7, 1.5GHz based board
   Kernel: linux 3.4
   Uncompressed Kernel Size: 14MB
        Compressed Size  Decompression Speed
   LZO  6.7MB            20.1MB/s, 25.2MB/s(UA)
   LZ4  7.3MB            29.1MB/s, 45.6MB/s(UA)

2. ARMv7, 1.7GHz based board
   Kernel: linux 3.7
   Uncompressed Kernel Size: 14MB
        Compressed Size  Decompression Speed
   LZO  6.0MB            34.1MB/s, 52.2MB/s(UA)
   LZ4  6.5MB            86.7MB/s
- UA: Unaligned memory Access support
- Latest patch set for LZO applied

This patch set is for adding support for LZ4-compressed Kernel.  LZ4 is a
very fast lossless compression algorithm and it also features an extremely
fast decoder [1].

But we have five of decompressors already and one question which does
arise, however, is that of where do we stop adding new ones?  This issue
had been discussed and came to the conclusion [2].

Russell King said that we should have:

 - one decompressor which is the fastest
 - one decompressor for the highest compression ratio
 - one popular decompressor (eg conventional gzip)

If we have a replacement one for one of these, then it should do exactly
that: replace it.

The benchmark shows that an 8% increase in image size vs a 66% increase
in decompression speed compared to LZO(which has been known as the
fastest decompressor in the Kernel).  Therefore the "fast but may not be
small" compression title has clearly been taken by LZ4 [3].

[1] http://code.google.com/p/lz4/
[2] http://thread.gmane.org/gmane.linux.kbuild.devel/9157
[3] http://thread.gmane.org/gmane.linux.kbuild.devel/9347

LZ4 homepage: http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository: http://code.google.com/p/lz4/

Signed-off-by: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Yann Collet <yann.collet.73@gmail.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I1cf752fa48886aeff3c8732e3413f53c82b30e56
Reviewed-on: http://gerrit.mot.com/694981
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
SLTApproved: Christopher Fries <cfries@motorola.com>

Add support for extracting LZ4-compressed kernel images, as well as
LZ4-compressed ramdisk images in the kernel boot process.

Signed-off-by: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Florian Fainelli <florian@openwrt.org>
Cc: Yann Collet <yann.collet.73@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

This patchset is for supporting LZ4 compression and the crypto API using
it.

As shown below, the size of data is a little bit bigger but compressing
speed is faster under the enabled unaligned memory access.  We can use
lz4 de/compression through crypto API as well.  Also, It will be useful
for another potential user of lz4 compression.

lz4 Compression Benchmark:
Compiler: ARM gcc 4.6.4
ARMv7, 1 GHz based board
   Kernel: linux 3.4
   Uncompressed data Size: 101 MB
         Compressed Size  compression Speed
   LZO   72.1MB		  32.1MB/s, 33.0MB/s(UA)
   LZ4   75.1MB		  30.4MB/s, 35.9MB/s(UA)
   LZ4HC 59.8MB		   2.4MB/s,  2.5MB/s(UA)
- UA: Unaligned memory Access support
- Latest patch set for LZO applied

This patch:

Add support for LZ4 compression in the Linux Kernel.  LZ4 Compression APIs
for kernel are based on LZ4 implementation by Yann Collet and were changed
for kernel coding style.

LZ4 homepage : http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository : http://code.google.com/p/lz4/
svn revision : r90

Two APIs are added:

lz4_compress() support basic lz4 compression whereas lz4hc_compress()
support high compression or CPU performance get lower but compression
ratio get higher.  Also, we require the pre-allocated working memory with
the defined size and destination buffer must be allocated with the size of
lz4_compressbound.

[akpm@linux-foundation.org: make lz4_compresshcctx() static]
Signed-off-by: Chanho Min <chanho.min@lge.com>
Cc: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: Bob Pearson <rpearson@systemfabricworks.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Herbert Xu <herbert@gondor.hengli.com.au>
Cc: Yann Collet <yann.collet.73@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The LZ4 code is listed as using the "BSD 2-Clause License".

Signed-off-by: Richard Laager <rlaager@wiktel.com>
Acked-by: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: Chanho Min <chanho.min@lge.com>
Cc: Richard Yao <ryao@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ The 2-clause BSD can be just converted into GPL, but that's rude and
  pointless, so don't do it   - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

LZ4 compression and decompression functions require different in
signedness input/output parameters: unsigned char for compression and
signed char for decompression.

Change decompression API to require "(const) unsigned char *".

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Yann Collet <yann.collet.73@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Given some pathologically compressed data, lz4 could possibly decide to
wrap a few internal variables, causing unknown things to happen.  Catch
this before the wrapping happens and abort the decompression.

Reported-by: "Don A. Bailey" <donb@securitymouse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There is one other possible overrun in the lz4 code as implemented by
Linux at this point in time (which differs from the upstream lz4
codebase, but will get synced at in a future kernel release.)  As
pointed out by Don, we also need to check the overflow in the data
itself.

While we are at it, replace the odd error return value with just a
"simple" -1 value as the return value is never used for anything other
than a basic "did this work or not" check.

Reported-by: "Don A. Bailey" <donb@securitymouse.com>
Reported-by: Willy Tarreau <w@1wt.eu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Jan points out that I forgot to make the needed fixes to the
lz4_uncompress_unknownoutputsize() function to mirror the changes done
in lz4_decompress() with regards to potential pointer overflows.

The only in-kernel user of this function is the zram code, which only
takes data from a valid compressed buffer that it made itself, so it's
not a big issue.  But due to external kernel modules using this
function, it's better to be safe here.

Reported-by: Jan Beulich <JBeulich@suse.com>
Cc: "Don A. Bailey" <donb@securitymouse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Add LZ4 compressor support.  Enable it with
CONFIG_ZRAM_LZ4_COMPRESS=y

Change-Id: I4bb62c1b51be9171f03386a2b714c6f7542cf321
Signed-off-by: Chris Fries <cfries@motorola.com>
Reviewed-on: http://gerrit.mot.com/694989
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Russell Knize <rknize@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>

Set ARM_EFFICIENT_UNALIGNED_ACCESS to improve performance in lz4
compression and decompression.

On msm8x26 cortex-a7,

                       LZO                LZ4               LZ4 w/ UA
decompress (bs=4k)     121.21             115.52            148.7

                       LZO                LZ4               LZ4 w/ UA
compress (bs=4k)       37.5               34.5              44.8

Change-Id: I10dfea380f7558e29576d65f91c8cee13bf8e166
Signed-off-by: Chris Fries <cfries@motorola.com>
Reviewed-on: http://gerrit.mot.com/697567
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Shashank Shekhar <shashankshekhar@motorola.com>
Reviewed-by: Igor Kovalenko <igork@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>

Enable the LZ4 compression algorithm.

Also enable this algorithm for ZRAM since it decompresses
faster than the default LZO.

Change-Id: Id5e173681060ddc24ec9682ce5bbeda4c757903a
Signed-off-by: Chris Fries <cfries@motorola.com>
Reviewed-on: http://gerrit.mot.com/694990
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Shashank Shekhar <shashankshekhar@motorola.com>
Reviewed-by: Igor Kovalenko <igork@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>

…f2fs.git/log/?h=linux-3.4

Up to date as of cfd8e10865e66202237817e362c6ad6b475ce7c1

f2fs: support 3.4
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

This patch introduces a generic ioctl for fs shutdown.

Change-Id: I452ee16b0078a2704b8026962e5bd07b67710c06

FIOPS (Fair IOPS) ioscheduler is IOPS based ioscheduler, so only targets
for drive without I/O seek. It's quite similar like CFQ, but the dispatch
decision is made according to IOPS instead of slice.

The algorithm is simple. Drive has a service tree, and each task lives in
the tree. The key into the tree is called vios (virtual I/O). Every request
has vios, which is calculated according to its ioprio, request size and so
on. Task's vios is the sum of vios of all requests it dispatches. FIOPS
always selects task with minimum vios in the service tree and let the task
dispatch request. The dispatched request's vios is then added to the task's
vios and the task is repositioned in the sevice tree.

Unlike CFQ, FIOPS doesn't have separate sync/async queues, because with I/O
less writeback, usually a task can only dispatch either sync or async requests.
Bias read or write request can still be done with read/write scale.

One issue is if workload iodepth is lower than drive queue_depth, IOPS
share of a task might not be strictly according to its priority, request
size and so on. In this case, the drive is in idle actually. Solving the
problem need make drive idle, so impact performance. I believe CFQ isn't
completely fair between tasks in such case too.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops read/write request scale

read/write speed of Flash based storage usually is different. For example,
in my SSD maxium thoughput of read is about 3 times faster than that of
write. Add a scale to differenate read and write. Also add a tunable, so
user can assign different scale for read and write.

By default, the scale is 1:1, which means the scale is a noop.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops sync/async scale

CFQ gives 2.5 times more share to sync workload. This matches CFQ.

Note this is different with the read/write scale. We have 3 types of
requests:
1. read
2. sync write
3. write
CFQ doesn't differentitate type 1 and 2, but request cost of 1 and 2
are usually different for flash based storage. So we have both sync/async
and read/write scale here.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops add ioprio support

Add CFQ-like ioprio support. Priority A will get 20% more share than priority
A+1, which matches CFQ.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops preserve vios key for deep queue depth workload

If the task has running request, even it's added into service tree newly,
we preserve its vios key, so it will not lost its share. This should work
for task driving big queue depth. For single depth task, there is no approach
to preserve its vios key.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops bias sync workload

If there are async requests running, delay async workload. Otherwise
async workload (usually very deep iodepth) will use all queue iodepth
and later sync requests will get long delayed. The idea is from CFQ.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

block: fiops add some trace information

Add some trace information, which is helpful when I do debugging.

Change-Id: I971fcef95e7fdb6360b0e07cffefc0b51a6fbbc0
Signed-off-by: Shaohua Li <shaohua.li@intel.com>

Update Kconfig.iosched and do the related Makefile changes to include
kernel configuration options for BFQ. Also add the bfqio controller
to the cgroups subsystem.

Signed-off-by: Paolo Valente <paolo.valente@unimore.it>
Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>

Change-Id: I58d05e292ee338400601336797aefb82f9638cf9

Add the BFQ-v7r8 I/O scheduler to 3.4.
The general structure is borrowed from CFQ, as much of the code for
handling I/O contexts. Over time, several useful features have been
ported from CFQ as well (details in the changelog in README.BFQ). A
(bfq_)queue is associated to each task doing I/O on a device, and each
time a scheduling decision has to be made a queue is selected and served
until it expires.

    - Slices are given in the service domain: tasks are assigned
      budgets, measured in number of sectors. Once got the disk, a task
      must however consume its assigned budget within a configurable
      maximum time (by default, the maximum possible value of the
      budgets is automatically computed to comply with this timeout).
      This allows the desired latency vs "throughput boosting" tradeoff
      to be set.

    - Budgets are scheduled according to a variant of WF2Q+, implemented
      using an augmented rb-tree to take eligibility into account while
      preserving an O(log N) overall complexity.

    - A low-latency tunable is provided; if enabled, both interactive
      and soft real-time applications are guaranteed a very low latency.

    - Latency guarantees are preserved also in the presence of NCQ.

    - Also with flash-based devices, a high throughput is achieved
      while still preserving latency guarantees.

    - BFQ features Early Queue Merge (EQM), a sort of fusion of the
      cooperating-queue-merging and the preemption mechanisms present
      in CFQ. EQM is in fact a unified mechanism that tries to get a
      sequential read pattern, and hence a high throughput, with any
      set of processes performing interleaved I/O over a contiguous
      sequence of sectors.

    - BFQ supports full hierarchical scheduling, exporting a cgroups
      interface.  Since each node has a full scheduler, each group can
      be assigned its own weight.

    - If the cgroups interface is not used, only I/O priorities can be
      assigned to processes, with ioprio values mapped to weights
      with the relation weight = IOPRIO_BE_NR - ioprio.

    - ioprio classes are served in strict priority order, i.e., lower
      priority queues are not served as long as there are higher
      priority queues.  Among queues in the same class the bandwidth is
      distributed in proportion to the weight of each queue. A very
      thin extra bandwidth is however guaranteed to the Idle class, to
      prevent it from starving.

Change-Id: I1603a3f5cdbaca85d8494a396be7daf932a754b3
Signed-off-by: Paolo Valente <paolo.valente@unimore.it>
Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>

A set of processes may happen  to  perform interleaved reads, i.e.,requests
whose union would give rise to a  sequential read  pattern.  There are two
typical  cases: in the first  case,   processes  read  fixed-size chunks of
data at a fixed distance from each other, while in the second case processes
may read variable-size chunks at  variable distances. The latter case occurs
for  example with  QEMU, which  splits the  I/O generated  by the  guest into
multiple chunks,  and lets these chunks  be served by a  pool of cooperating
processes,  iteratively  assigning  the  next  chunk of  I/O  to  the first
available  process. CFQ  uses actual  queue merging  for the  first type of
rocesses, whereas it  uses preemption to get a sequential  read pattern out
of the read requests  performed by the second type of  processes. In the end
it uses  two different  mechanisms to  achieve the  same goal: boosting the
throughput with interleaved I/O.

This patch introduces  Early Queue Merge (EQM), a unified mechanism to get a
sequential  read pattern  with both  types of  processes. The  main idea is
checking newly arrived requests against the next request of the active queue
both in case of actual request insert and in case of request merge. By doing
so, both the types of processes can be handled by just merging their queues.
EQM is  then simpler and  more compact than the  pair of mechanisms used in
CFQ.

Finally, EQM  also preserves the  typical low-latency properties of BFQ, by
properly restoring the weight-raising state of  a queue when it gets back to
a non-merged state.

Change-Id: If95ed48806330667f26959006a20ad13abfd44be
Signed-off-by: Mauro Andreolini <mauro.andreolini@unimore.it>
Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>
Signed-off-by: Paolo Valente <paolo.valente@unimore.it>

* Enable KSM
* Enable F2FS
* Enable FIOPS and BFQ I/O schedulers
* Enable interactive and conservative cpu governors
* Disable CGROUP_MEM_RES_CTLR as it causes bootloops

bc is the standard tool for multi-precision arithmetic.  We switched
to Perl because akpm reported a hard-to-reproduce build hang, which
was very odd because affected and unaffected machines were all running
the same version of GNU bc.

Unfortunately switching to Perl required a really ugly "canning"
mechanism to support Perl < 5.8 installations lacking the Math::BigInt
module.

It was recently pointed out to me that some very old versions of GNU
make had problems with pipes in subshells, which was indeed the
construct used in the Makefile rules in that version of the patch;
Perl didn't need it so switching to Perl fixed the problem for
unrelated reasons.  With the problem (hopefully) root-caused, we can
switch back to bc and do the arbitrary-precision arithmetic naturally.

Change-Id: I048a7fb947f2fbd7b454e85b122c0e3601c02136
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>

Add a new Kconfig to enable more conservative computations sent
to mpdecision:

 * Do not make IO busy
 * Do a time window weighted load computation instead of just a sum
 * Do an sliding window averaged time computation for number runnable

The purpose of these changes is to make mpdecision less likely to
keep extra cores online.  It currently has a tendancy to run more
cores running than needed and this can even cause some lag issues.

Change-Id: Ibbe9dca04c8b3425e288afef9ef6166fbc4a0613

Change-Id: I8ef699df0133d97c067ba225e633776f5006d32c

commit 2b7834d upstream (net-next).

This new command is missing.

Change-Id: If511000c19aa9af7220ff775d88ace9834b35dcb
Fixes: 880a6fa ("xfrm: configure policy hash table thresholds by netlink")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit 5e6deeb upstream (net-next).

This command is missing.

Change-Id: Id0a0d9bf7a4af98a8f761fec902d1296138a911f
Fixes: ecfd6b1 ("[XFRM]: Export SPD info")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit 5b5800f upstream (net-next).

These commands are missing.

Change-Id: I3fd1d3d700592c653e1a5c5199125805d55aaa95
Fixes: 28d8909 ("[XFRM]: Export SAD info.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit b0b59b0 upstream (net-next).

This command is missing.

Change-Id: I8fa3b1b9815296d3b001244d2212f79f5654bd01
Fixes: 97a64b4 ("[XFRM]: Introduce XFRM_MSG_REPORT.")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit 8d465bb upstream (net-next).

This command is missing.

Change-Id: Id2c9344ca1ab2c96e0b758ad1efb38e16cf23b86
Fixes: 5c79de6 ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit bd2cba0 upstream (net-next).

This command is missing.

Change-Id: Ida52130382e42355e5f3b39134aa61a1ea98026d
Fixes: 3a2dfbe ("xfrm: Notify changes in UDP encapsulation via netlink")
CC: Martin Willi <martin@strongswan.org>
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

commit 6a96e15 upstream.

The SELinux AF_NETLINK/NETLINK_SOCK_DIAG socket class was missing the
SOCK_DIAG_BY_FAMILY definition which caused SELINUX_ERR messages when
the ss tool was run.

 # ss
 Netid  State  Recv-Q Send-Q  Local Address:Port   Peer Address:Port
 u_str  ESTAB  0      0                  * 14189             * 14190
 u_str  ESTAB  0      0                  * 14145             * 14144
 u_str  ESTAB  0      0                  * 14151             * 14150
 {...}
 # ausearch -m SELINUX_ERR
 ----
 time->Thu Jan 23 11:11:16 2014
 type=SYSCALL msg=audit(1390493476.445:374):
  arch=c000003e syscall=44 success=yes exit=40
  a0=3 a1=7fff03aa11f0 a2=28 a3=0 items=0 ppid=1852 pid=1895
  auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
  tty=pts0 ses=1 comm="ss" exe="/usr/sbin/ss"
  subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
 type=SELINUX_ERR msg=audit(1390493476.445:374):
  SELinux:  unrecognized netlink message type=20 for sclass=32

Change-Id: I22218ec620bc3ee6396145f1c2ad8ed222648309
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

When new objects are created we have great and flexible rules to
determine the type of the new object.  We aren't quite as flexible or
mature when it comes to determining the user, role, and range.  This
patch adds a new ability to specify the place a new objects user, role,
and range should come from.  For users and roles it can come from either
the source or the target of the operation.  aka for files the user can
either come from the source (the running process and todays default) or
it can come from the target (aka the parent directory of the new file)

examples always are done with
directory context: system_u:object_r:mnt_t:s0-s0:c0.c512
process context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[no rule]
	unconfined_u:object_r:mnt_t:s0   test_none
[default user source]
	unconfined_u:object_r:mnt_t:s0   test_user_source
[default user target]
	system_u:object_r:mnt_t:s0       test_user_target
[default role source]
	unconfined_u:unconfined_r:mnt_t:s0 test_role_source
[default role target]
	unconfined_u:object_r:mnt_t:s0   test_role_target
[default range source low]
	unconfined_u:object_r:mnt_t:s0 test_range_source_low
[default range source high]
	unconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high
[default range source low-high]
	unconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high
[default range target low]
	unconfined_u:object_r:mnt_t:s0 test_range_target_low
[default range target high]
	unconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high
[default range target low-high]
	unconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high

upstream commit aa89326

Change-Id: Ic8f33d05793bf742c70c68ea79e33c7f40ffbd53
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

Because Fedora shipped userspace based on my development tree we now
have policy version 27 in the wild defining only default user, role, and
range.  Thus to add default_type we need a policy.28.

Upstream commit eed7795

Signed-off-by: Eric Paris <eparis@redhat.com>
Change-Id: Icb3324af7f740249977a4559c2c5692c7fcc22a2
Signed-off-by: tarun93 <tarunmyid@gmail.com>

Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow
holding of policy source info for constraints.

Upstream commit a660bec

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Change-Id: If419c7bfdea2f7006c9a62ea595f0cbfe5c78871
Signed-off-by: tarun93 <tarunmyid@gmail.com>

Add information about ioctl calls to the LSM audit data. Log the
file path and command number.

Bug: 18087110
Change-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

 note that this patch depends on a prior patch that is already in
 android-3.4 but has not apparently found its way into the msm 3.4
 branches (but is included in exynos and tegra),
 https://android-review.googlesource.com/#/c/92962/

Extend the generic ioctl permission check with support for per-command
filtering. Source/target/class sets including the ioctl permission may
additionally include a set of commands. Example:

allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 }
auditallow <source> <target>:<class> 0x892A

When ioctl commands are omitted only the permissions are checked. This
feature is intended to provide finer granularity for the ioctl
permission which may be too imprecise in some circumstances. For
example, the same driver may use ioctls to provide important and
benign functionality such as driver version or socket type as well as
dangerous capabilities such as debugging features, read/write/execute
to physical memory or access to sensitive data. Per-command filtering
provides a mechanism to reduce the attack surface of the kernel, and
limit applications to the subset of commands required.

The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change.

Bug: 18087110
Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

This code is not exercised by policy version 26, but will be upon
upgrade to policy version 30.

Bug: 18087110
Change-Id: I07c6f34607713294a6a12c43a64d9936f0602200
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.

Bug: 20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)
Signed-off-by: tarun93 <tarunmyid@gmail.com>

If a wakeup source is found to be pending in the last stage of suspend
after syscore suspend then the device doesn't suspend but the error is
not propogated which causes an error in the accounting for the number
of suspend aborts and successful suspends.

Change-Id: Ib63b4ead755127eaf03e3b303aab3c782ad02ed1
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

This reverts commit c061682.

Bug: 22846070
Change-Id: I665c1f2350e10ce890e7c4be1a06e666929d5d7a
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

This reverts commit c9a8571.

Bug: 22846070
Change-Id: I85e2b6322f98bd584ed523b0bd0291375dbc35dc
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

This reverts commit bc84b4a.

Bug: 22846070
Change-Id: Ib4cb130b2225ea2e22556ff852313e0de7dddcab
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

This reverts commit 643ce43.

Bug: 22846070
Change-Id: I5dde1878e5baac43b4968141c0dc60b70e042183
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>

(cherry pick from commit 83d4a80)

Commit f01e1af ("selinux: don't pass in NULL avd to avc_has_perm_noaudit")
made this pointer reassignment unnecessary. Avd should continue to reference
the stack-based copy.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: tweaked subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: Ie33688d163870705272607309a27fb7c8f870748

Signed-off-by: tarun93 <tarunmyid@gmail.com>

(cherry pick from commit 671a278)

Add information about ioctl calls to the LSM audit data. Log the
file path and command number.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I4a7678294e0a3075f57bd77c76fd17e6f0d33e75

Signed-off-by: tarun93 <tarunmyid@gmail.com>

(cherry picked from commit fa1aa14)

Add extended permissions logic to selinux. Extended permissions
provides additional permissions in 256 bit increments. Extend the
generic ioctl permission check to use the extended permissions for
per-command filtering. Source/target/class sets including the ioctl
permission may additionally include a set of commands. Example:

allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds
auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds

Where unpriv_app_socket_cmds and priv_gpu_cmds are macros
representing commonly granted sets of ioctl commands.

When ioctl commands are omitted only the permissions are checked.
This feature is intended to provide finer granularity for the ioctl
permission that may be too imprecise. For example, the same driver
may use ioctls to provide important and benign functionality such as
driver version or socket type as well as dangerous capabilities such
as debugging features, read/write/execute to physical memory or
access to sensitive data. Per-command filtering provides a mechanism
to reduce the attack surface of the kernel, and limit applications
to the subset of commands required.

The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format
change.

The extended permissions logic is deliberately generic to allow
components to be reused e.g. netlink filters

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I299dc776d2f98d593ecc051707110c92a085350f
Signed-off-by: tarun93 <tarunmyid@gmail.com>

NOT intended for new Android devices - this commit is unnecessary
for a target device that does not have a previous M variant.

DO NOT upstream. Android only.

Motivation:

This commit mitigates a mismatch between selinux kernel and
selinux userspace. The selinux ioctl white-listing binary policy
format that was accepted into Android M differs slightly from what
was later accepted into the upstream kernel. This leaves Android
master branch kernels incompatible with Android M releases. This
patch restores backwards compatibility. This is important because:

1. kernels may be updated on a different cycle than the rest of the
   OS e.g. security patching.
2. Android M bringup may still be ongoing for some devices. The
   same kernel should work for both M and master.

Backwards compatibility is achieved by checking for an Android M
policy characteristic during initial policy read and converting to
upstream policy format. The inverse conversion is done for policy
write as required for CTS testing.

Bug: 22846070
Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: tarun93 <tarunmyid@gmail.com>