diff --git a/devices/asus-z00t/kernel/0001-Revert-Grants-system-server-access-to-proc-pid-oom_a.patch b/devices/asus-z00t/kernel/0001-Revert-Grants-system-server-access-to-proc-pid-oom_a.patch new file mode 100644 index 00000000..645588e0 --- /dev/null +++ b/devices/asus-z00t/kernel/0001-Revert-Grants-system-server-access-to-proc-pid-oom_a.patch @@ -0,0 +1,76 @@ +From 1f49c9dd4d5074f15de3231d08435e2d02c62534 Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 20:50:37 -0400 +Subject: [PATCH] Revert "Grants system server access to /proc//oom_adj + for Android applications." + +This reverts commit aa3305f2ba5976a95637c69c63409fdf007e1414. +--- + fs/proc/base.c | 37 +------------------------------------ + 1 file changed, 1 insertion(+), 36 deletions(-) + +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 870abad7717..174364d1314 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -139,12 +139,6 @@ struct pid_entry { + NULL, &proc_single_file_operations, \ + { .proc_show = show } ) + +-/* ANDROID is for special files in /proc. */ +-#define ANDROID(NAME, MODE, OTYPE) \ +- NOD(NAME, (S_IFREG|(MODE)), \ +- &proc_##OTYPE##_inode_operations, \ +- &proc_##OTYPE##_operations, {}) +- + /* + * Count the number of hardlinks for the pid_entry table, excluding the . + * and .. links. +@@ -1012,35 +1006,6 @@ out: + return err < 0 ? err : count; + } + +-static int oom_adjust_permission(struct inode *inode, int mask) +-{ +- uid_t uid; +- struct task_struct *p; +- +- p = get_proc_task(inode); +- if(p) { +- uid = task_uid(p); +- put_task_struct(p); +- } +- +- /* +- * System Server (uid == 1000) is granted access to oom_adj of all +- * android applications (uid > 10000) as and services (uid >= 1000) +- */ +- if (p && (current_fsuid() == 1000) && (uid >= 1000)) { +- if (inode->i_mode >> 6 & mask) { +- return 0; +- } +- } +- +- /* Fall back to default. */ +- return generic_permission(inode, mask); +-} +- +-static const struct inode_operations proc_oom_adj_inode_operations = { +- .permission = oom_adjust_permission, +-}; +- + static const struct file_operations proc_oom_adj_operations = { + .read = oom_adj_read, + .write = oom_adj_write, +@@ -2793,7 +2758,7 @@ static const struct pid_entry tgid_base_stuff[] = { + REG("cgroup", S_IRUGO, proc_cgroup_operations), + #endif + INF("oom_score", S_IRUGO, proc_oom_score), +- ANDROID("oom_adj", S_IRUGO|S_IWUSR, oom_adj), ++ REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations), + REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations), + #ifdef CONFIG_AUDITSYSCALL + REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations), +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/0001-Revert-Handle-sk-being-NULL-in-UID-based-routing.patch b/devices/asus-z00t/kernel/0001-Revert-Handle-sk-being-NULL-in-UID-based-routing.patch new file mode 100644 index 00000000..c4836664 --- /dev/null +++ b/devices/asus-z00t/kernel/0001-Revert-Handle-sk-being-NULL-in-UID-based-routing.patch @@ -0,0 +1,654 @@ +From 10ce33b7e705444925a85014319fd9959f586bc4 Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 20:46:09 -0400 +Subject: [PATCH] Revert "Handle 'sk' being NULL in UID-based routing." + +This reverts commit ba2261dc1bedf87f853def25db65df3f8977a14b. + +Revert "net: core: Support UID-based routing." + +This reverts commit 588de68efbffe9698deac0c8ee5cfd7a3f348be2. +--- + include/net/fib_rules.h | 6 +--- + include/net/flow.h | 8 +---- + include/net/ip.h | 1 - + include/net/route.h | 6 ++-- + include/uapi/linux/fib_rules.h | 2 -- + include/uapi/linux/rtnetlink.h | 1 - + net/core/fib_rules.c | 59 +------------------------------- + net/ipv4/fib_frontend.c | 1 - + net/ipv4/inet_connection_sock.c | 6 ++-- + net/ipv4/ip_output.c | 3 +- + net/ipv4/ping.c | 3 +- + net/ipv4/raw.c | 3 +- + net/ipv4/route.c | 23 ++++--------- + net/ipv4/syncookies.c | 3 +- + net/ipv4/udp.c | 3 +- + net/ipv4/xfrm4_policy.c | 1 - + net/ipv6/af_inet6.c | 1 - + net/ipv6/datagram.c | 1 - + net/ipv6/inet6_connection_sock.c | 1 - + net/ipv6/ping.c | 1 - + net/ipv6/raw.c | 1 - + net/ipv6/route.c | 6 ---- + net/ipv6/syncookies.c | 1 - + net/ipv6/tcp_ipv6.c | 1 - + net/ipv6/udp.c | 1 - + 25 files changed, 18 insertions(+), 125 deletions(-) + +diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h +index 3a4c37d9fb0..e361f488242 100644 +--- a/include/net/fib_rules.h ++++ b/include/net/fib_rules.h +@@ -23,8 +23,6 @@ struct fib_rule { + struct fib_rule __rcu *ctarget; + char iifname[IFNAMSIZ]; + char oifname[IFNAMSIZ]; +- uid_t uid_start; +- uid_t uid_end; + struct rcu_head rcu; + struct net * fr_net; + }; +@@ -82,9 +80,7 @@ struct fib_rules_ops { + [FRA_FWMARK] = { .type = NLA_U32 }, \ + [FRA_FWMASK] = { .type = NLA_U32 }, \ + [FRA_TABLE] = { .type = NLA_U32 }, \ +- [FRA_GOTO] = { .type = NLA_U32 }, \ +- [FRA_UID_START] = { .type = NLA_U32 }, \ +- [FRA_UID_END] = { .type = NLA_U32 } ++ [FRA_GOTO] = { .type = NLA_U32 } + + static inline void fib_rule_get(struct fib_rule *rule) + { +diff --git a/include/net/flow.h b/include/net/flow.h +index c3679f972fd..0eb5516a4ca 100644 +--- a/include/net/flow.h ++++ b/include/net/flow.h +@@ -31,7 +31,6 @@ struct flowi_common { + #define FLOWI_FLAG_CAN_SLEEP 0x02 + #define FLOWI_FLAG_KNOWN_NH 0x04 + __u32 flowic_secid; +- uid_t flowic_uid; + }; + + union flowi_uli { +@@ -68,7 +67,6 @@ struct flowi4 { + #define flowi4_proto __fl_common.flowic_proto + #define flowi4_flags __fl_common.flowic_flags + #define flowi4_secid __fl_common.flowic_secid +-#define flowi4_uid __fl_common.flowic_uid + + /* (saddr,daddr) must be grouped, same order as in IP header */ + __be32 saddr; +@@ -88,8 +86,7 @@ static inline void flowi4_init_output(struct flowi4 *fl4, int oif, + __u32 mark, __u8 tos, __u8 scope, + __u8 proto, __u8 flags, + __be32 daddr, __be32 saddr, +- __be16 dport, __be16 sport, +- uid_t uid) ++ __be16 dport, __be16 sport) + { + fl4->flowi4_oif = oif; + fl4->flowi4_iif = LOOPBACK_IFINDEX; +@@ -99,7 +96,6 @@ static inline void flowi4_init_output(struct flowi4 *fl4, int oif, + fl4->flowi4_proto = proto; + fl4->flowi4_flags = flags; + fl4->flowi4_secid = 0; +- fl4->flowi4_uid = uid; + fl4->daddr = daddr; + fl4->saddr = saddr; + fl4->fl4_dport = dport; +@@ -127,7 +123,6 @@ struct flowi6 { + #define flowi6_proto __fl_common.flowic_proto + #define flowi6_flags __fl_common.flowic_flags + #define flowi6_secid __fl_common.flowic_secid +-#define flowi6_uid __fl_common.flowic_uid + struct in6_addr daddr; + struct in6_addr saddr; + __be32 flowlabel; +@@ -171,7 +166,6 @@ struct flowi { + #define flowi_proto u.__fl_common.flowic_proto + #define flowi_flags u.__fl_common.flowic_flags + #define flowi_secid u.__fl_common.flowic_secid +-#define flowi_uid u.__fl_common.flowic_uid + } __attribute__((__aligned__(BITS_PER_LONG/8))); + + static inline struct flowi *flowi4_to_flowi(struct flowi4 *fl4) +diff --git a/include/net/ip.h b/include/net/ip.h +index 80da4e188d4..2e5194a2302 100644 +--- a/include/net/ip.h ++++ b/include/net/ip.h +@@ -155,7 +155,6 @@ struct ip_reply_arg { + /* -1 if not needed */ + int bound_dev_if; + u8 tos; +- uid_t uid; + }; + + #define IP_REPLY_ARG_NOSRCCHECK 1 +diff --git a/include/net/route.h b/include/net/route.h +index 43280f6fa56..2ea40c1b5e0 100644 +--- a/include/net/route.h ++++ b/include/net/route.h +@@ -52,7 +52,6 @@ struct rtable { + __u8 rt_uses_gateway; + + int rt_iif; +- uid_t rt_uid; + + /* Info on neighbour */ + __be32 rt_gateway; +@@ -143,7 +142,7 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi + flowi4_init_output(fl4, oif, sk ? sk->sk_mark : 0, tos, + RT_SCOPE_UNIVERSE, proto, + sk ? inet_sk_flowi_flags(sk) : 0, +- daddr, saddr, dport, sport, sk ? sock_i_uid(sk) : 0); ++ daddr, saddr, dport, sport); + if (sk) + security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); + return ip_route_output_flow(net, fl4, sk); +@@ -254,8 +253,7 @@ static inline void ip_route_connect_init(struct flowi4 *fl4, __be32 dst, __be32 + flow_flags |= FLOWI_FLAG_CAN_SLEEP; + + flowi4_init_output(fl4, oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, +- protocol, flow_flags, dst, src, dport, sport, +- sock_i_uid(sk)); ++ protocol, flow_flags, dst, src, dport, sport); + } + + static inline struct rtable *ip_route_connect(struct flowi4 *fl4, +diff --git a/include/uapi/linux/fib_rules.h b/include/uapi/linux/fib_rules.h +index 9dcdb6251cb..51da65b68b8 100644 +--- a/include/uapi/linux/fib_rules.h ++++ b/include/uapi/linux/fib_rules.h +@@ -49,8 +49,6 @@ enum { + FRA_TABLE, /* Extended table id */ + FRA_FWMASK, /* mask for netfilter mark */ + FRA_OIFNAME, +- FRA_UID_START, /* UID range */ +- FRA_UID_END, + __FRA_MAX + }; + +diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h +index b1a99e18b70..7a2144e1afa 100644 +--- a/include/uapi/linux/rtnetlink.h ++++ b/include/uapi/linux/rtnetlink.h +@@ -296,7 +296,6 @@ enum rtattr_type_t { + RTA_MP_ALGO, /* no longer used */ + RTA_TABLE, + RTA_MARK, +- RTA_UID, + RTA_MFC_STATS, + __RTA_MAX + }; +diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c +index fb9adc5d193..84340a2605e 100644 +--- a/net/core/fib_rules.c ++++ b/net/core/fib_rules.c +@@ -17,11 +17,6 @@ + #include + #include + +-#define uid_valid(uid) ((uid) != -1) +-#define uid_lte(a, b) ((a) <= (b)) +-#define uid_eq(a, b) ((a) == (b)) +-#define uid_gte(a, b) ((a) >= (b)) +- + int fib_default_rule_add(struct fib_rules_ops *ops, + u32 pref, u32 table, u32 flags) + { +@@ -36,8 +31,6 @@ int fib_default_rule_add(struct fib_rules_ops *ops, + r->pref = pref; + r->table = table; + r->flags = flags; +- r->uid_start = INVALID_UID; +- r->uid_end = INVALID_UID; + r->fr_net = hold_net(ops->fro_net); + + /* The lock is not required here, the list in unreacheable +@@ -186,23 +179,6 @@ void fib_rules_unregister(struct fib_rules_ops *ops) + } + EXPORT_SYMBOL_GPL(fib_rules_unregister); + +-static inline uid_t fib_nl_uid(struct nlattr *nla) +-{ +- return nla_get_u32(nla); +-} +- +-static int nla_put_uid(struct sk_buff *skb, int idx, uid_t uid) +-{ +- return nla_put_u32(skb, idx, uid); +-} +- +-static int fib_uid_range_match(struct flowi *fl, struct fib_rule *rule) +-{ +- return (!uid_valid(rule->uid_start) && !uid_valid(rule->uid_end)) || +- (uid_gte(fl->flowi_uid, rule->uid_start) && +- uid_lte(fl->flowi_uid, rule->uid_end)); +-} +- + static int fib_rule_match(struct fib_rule *rule, struct fib_rules_ops *ops, + struct flowi *fl, int flags) + { +@@ -217,9 +193,6 @@ static int fib_rule_match(struct fib_rule *rule, struct fib_rules_ops *ops, + if ((rule->mark ^ fl->flowi_mark) & rule->mark_mask) + goto out; + +- if (!fib_uid_range_match(fl, rule)) +- goto out; +- + ret = ops->match(rule, fl, flags); + out: + return (rule->flags & FIB_RULE_INVERT) ? !ret : ret; +@@ -390,19 +363,6 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh) + } else if (rule->action == FR_ACT_GOTO) + goto errout_free; + +- /* UID start and end must either both be valid or both unspecified. */ +- rule->uid_start = rule->uid_end = INVALID_UID; +- if (tb[FRA_UID_START] || tb[FRA_UID_END]) { +- if (tb[FRA_UID_START] && tb[FRA_UID_END]) { +- rule->uid_start = fib_nl_uid(tb[FRA_UID_START]); +- rule->uid_end = fib_nl_uid(tb[FRA_UID_END]); +- } +- if (!uid_valid(rule->uid_start) || +- !uid_valid(rule->uid_end) || +- !uid_lte(rule->uid_start, rule->uid_end)) +- goto errout_free; +- } +- + err = ops->configure(rule, skb, frh, tb); + if (err < 0) + goto errout_free; +@@ -509,14 +469,6 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh) + (rule->mark_mask != nla_get_u32(tb[FRA_FWMASK]))) + continue; + +- if (tb[FRA_UID_START] && +- !uid_eq(rule->uid_start, fib_nl_uid(tb[FRA_UID_START]))) +- continue; +- +- if (tb[FRA_UID_END] && +- !uid_eq(rule->uid_end, fib_nl_uid(tb[FRA_UID_END]))) +- continue; +- + if (!ops->compare(rule, frh, tb)) + continue; + +@@ -573,9 +525,7 @@ static inline size_t fib_rule_nlmsg_size(struct fib_rules_ops *ops, + + nla_total_size(4) /* FRA_PRIORITY */ + + nla_total_size(4) /* FRA_TABLE */ + + nla_total_size(4) /* FRA_FWMARK */ +- + nla_total_size(4) /* FRA_FWMASK */ +- + nla_total_size(4) /* FRA_UID_START */ +- + nla_total_size(4); /* FRA_UID_END */ ++ + nla_total_size(4); /* FRA_FWMASK */ + + if (ops->nlmsg_payload) + payload += ops->nlmsg_payload(rule); +@@ -631,13 +581,6 @@ static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule, + (rule->target && + nla_put_u32(skb, FRA_GOTO, rule->target))) + goto nla_put_failure; +- +- if (uid_valid(rule->uid_start)) +- nla_put_uid(skb, FRA_UID_START, rule->uid_start); +- +- if (uid_valid(rule->uid_end)) +- nla_put_uid(skb, FRA_UID_END, rule->uid_end); +- + if (ops->fill(rule, skb, frh) < 0) + goto nla_put_failure; + +diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c +index 3f991296301..9bac2e954b9 100644 +--- a/net/ipv4/fib_frontend.c ++++ b/net/ipv4/fib_frontend.c +@@ -531,7 +531,6 @@ const struct nla_policy rtm_ipv4_policy[RTA_MAX + 1] = { + [RTA_METRICS] = { .type = NLA_NESTED }, + [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, + [RTA_FLOW] = { .type = NLA_U32 }, +- [RTA_UID] = { .type = NLA_U32 }, + }; + + static int rtm_to_fib_config(struct net *net, struct sk_buff *skb, +diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c +index ca872fec1db..07905f79996 100644 +--- a/net/ipv4/inet_connection_sock.c ++++ b/net/ipv4/inet_connection_sock.c +@@ -422,8 +422,7 @@ struct dst_entry *inet_csk_route_req(struct sock *sk, + sk->sk_protocol, + flags, + (opt && opt->opt.srr) ? opt->opt.faddr : ireq->rmt_addr, +- ireq->loc_addr, ireq->rmt_port, inet_sk(sk)->inet_sport, +- sock_i_uid(sk)); ++ ireq->loc_addr, ireq->rmt_port, inet_sk(sk)->inet_sport); + security_req_classify_flow(req, flowi4_to_flowi(fl4)); + rt = ip_route_output_flow(net, fl4, sk); + if (IS_ERR(rt)) +@@ -459,8 +458,7 @@ struct dst_entry *inet_csk_route_child_sock(struct sock *sk, + RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, + sk->sk_protocol, inet_sk_flowi_flags(sk), + (opt && opt->opt.srr) ? opt->opt.faddr : ireq->rmt_addr, +- ireq->loc_addr, ireq->rmt_port, inet_sk(sk)->inet_sport, +- sock_i_uid(sk)); ++ ireq->loc_addr, ireq->rmt_port, inet_sk(sk)->inet_sport); + security_req_classify_flow(req, flowi4_to_flowi(fl4)); + rt = ip_route_output_flow(net, fl4, sk); + if (IS_ERR(rt)) +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index 1204570dcce..a15b080130a 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1494,8 +1494,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr, + RT_SCOPE_UNIVERSE, ip_hdr(skb)->protocol, + ip_reply_arg_flowi_flags(arg), + daddr, saddr, +- tcp_hdr(skb)->source, tcp_hdr(skb)->dest, +- arg->uid); ++ tcp_hdr(skb)->source, tcp_hdr(skb)->dest); + security_skb_classify_flow(skb, flowi4_to_flowi(&fl4)); + rt = ip_route_output_key(net, &fl4); + if (IS_ERR(rt)) +diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c +index 86ee6cf6fe9..f05594b2ff4 100644 +--- a/net/ipv4/ping.c ++++ b/net/ipv4/ping.c +@@ -789,8 +789,7 @@ int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + + flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, + RT_SCOPE_UNIVERSE, sk->sk_protocol, +- inet_sk_flowi_flags(sk), faddr, saddr, 0, 0, +- sock_i_uid(sk)); ++ inet_sk_flowi_flags(sk), faddr, saddr, 0, 0); + + security_sk_classify_flow(sk, flowi4_to_flowi(&fl4)); + rt = ip_route_output_flow(net, &fl4, sk); +diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c +index b9c87c8c0b1..b4a1c42a627 100644 +--- a/net/ipv4/raw.c ++++ b/net/ipv4/raw.c +@@ -573,8 +573,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, + inet_sk_flowi_flags(sk) | FLOWI_FLAG_CAN_SLEEP | + (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), +- daddr, saddr, 0, 0, +- sock_i_uid(sk)); ++ daddr, saddr, 0, 0); + + if (!inet->hdrincl) { + err = raw_probe_proto_opt(&fl4, msg); +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 3283060a8cc..fe162ac7ecc 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -515,7 +515,7 @@ void __ip_select_ident(struct iphdr *iph, int segs) + } + EXPORT_SYMBOL(__ip_select_ident); + +-static void __build_flow_key(struct flowi4 *fl4, struct sock *sk, ++static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk, + const struct iphdr *iph, + int oif, u8 tos, + u8 prot, u32 mark, int flow_flags) +@@ -531,12 +531,11 @@ static void __build_flow_key(struct flowi4 *fl4, struct sock *sk, + flowi4_init_output(fl4, oif, mark, tos, + RT_SCOPE_UNIVERSE, prot, + flow_flags, +- iph->daddr, iph->saddr, 0, 0, +- sk ? sock_i_uid(sk) : 0); ++ iph->daddr, iph->saddr, 0, 0); + } + + static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb, +- struct sock *sk) ++ const struct sock *sk) + { + const struct iphdr *iph = ip_hdr(skb); + int oif = skb->dev->ifindex; +@@ -547,7 +546,7 @@ static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb, + __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0); + } + +-static void build_sk_flow_key(struct flowi4 *fl4, struct sock *sk) ++static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk) + { + const struct inet_sock *inet = inet_sk(sk); + const struct ip_options_rcu *inet_opt; +@@ -561,11 +560,11 @@ static void build_sk_flow_key(struct flowi4 *fl4, struct sock *sk) + RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, + inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, + inet_sk_flowi_flags(sk), +- daddr, inet->inet_saddr, 0, 0, sock_i_uid(sk)); ++ daddr, inet->inet_saddr, 0, 0); + rcu_read_unlock(); + } + +-static void ip_rt_build_flow_key(struct flowi4 *fl4, struct sock *sk, ++static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk, + const struct sk_buff *skb) + { + if (skb) +@@ -1157,7 +1156,6 @@ void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt) + fl4.flowi4_oif = rt->dst.dev->ifindex; + fl4.flowi4_iif = skb->dev->ifindex; + fl4.flowi4_mark = skb->mark; +- fl4.flowi4_uid = skb->sk ? sock_i_uid(skb->sk) : 0; + + rcu_read_lock(); + if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0) +@@ -1448,7 +1446,6 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + rth->rt_iif = 0; + rth->rt_pmtu = 0; + rth->rt_gateway = 0; +- rth->rt_uid = 0; + rth->rt_uses_gateway = 0; + INIT_LIST_HEAD(&rth->rt_uncached); + if (our) { +@@ -1572,7 +1569,6 @@ static int __mkroute_input(struct sk_buff *skb, + rth->rt_is_input = 1; + rth->rt_iif = 0; + rth->rt_pmtu = 0; +- rth->rt_uid = 0; + rth->rt_gateway = 0; + rth->rt_uses_gateway = 0; + INIT_LIST_HEAD(&rth->rt_uncached); +@@ -1743,7 +1739,6 @@ local_input: + rth->rt_is_input = 1; + rth->rt_iif = 0; + rth->rt_pmtu = 0; +- rth->rt_uid = 0; + rth->rt_gateway = 0; + rth->rt_uses_gateway = 0; + INIT_LIST_HEAD(&rth->rt_uncached); +@@ -1947,7 +1942,6 @@ add: + rth->rt_is_input = 0; + rth->rt_iif = orig_oif ? : 0; + rth->rt_pmtu = 0; +- rth->rt_uid = fl4->flowi4_uid; + rth->rt_gateway = 0; + rth->rt_uses_gateway = 0; + INIT_LIST_HEAD(&rth->rt_uncached); +@@ -2223,7 +2217,6 @@ struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_or + rt->rt_is_input = ort->rt_is_input; + rt->rt_iif = ort->rt_iif; + rt->rt_pmtu = ort->rt_pmtu; +- rt->rt_uid = ort->rt_uid; + + rt->rt_genid = rt_genid(net); + rt->rt_flags = ort->rt_flags; +@@ -2334,10 +2327,6 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src, + nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark)) + goto nla_put_failure; + +- if (rt->rt_uid != (uid_t) -1 && +- nla_put_u32(skb, RTA_UID, rt->rt_uid)) +- goto nla_put_failure; +- + error = rt->dst.error; + + if (rt_is_input_route(rt)) { +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index c94032b95c6..5abb45e281b 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -353,8 +353,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, + inet_sk_flowi_flags(sk), + (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, +- ireq->loc_addr, th->source, th->dest, +- sock_i_uid(sk)); ++ ireq->loc_addr, th->source, th->dest); + security_req_classify_flow(req, flowi4_to_flowi(&fl4)); + rt = ip_route_output_key(sock_net(sk), &fl4); + if (IS_ERR(rt)) { +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c +index cba31349280..7a8af35c475 100644 +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -963,8 +963,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, + RT_SCOPE_UNIVERSE, sk->sk_protocol, + inet_sk_flowi_flags(sk)|FLOWI_FLAG_CAN_SLEEP, +- faddr, saddr, dport, inet->inet_sport, +- sock_i_uid(sk)); ++ faddr, saddr, dport, inet->inet_sport); + + security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); + rt = ip_route_output_flow(net, fl4, sk); +diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c +index 4c436751bf9..9b5b5ddf8cd 100644 +--- a/net/ipv4/xfrm4_policy.c ++++ b/net/ipv4/xfrm4_policy.c +@@ -80,7 +80,6 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, + const struct flowi4 *fl4 = &fl->u.ip4; + + xdst->u.rt.rt_iif = fl4->flowi4_iif; +- xdst->u.rt.rt_uid = fl4->flowi4_uid; + + xdst->u.dst.dev = dev; + dev_hold(dev); +diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c +index dc96abd0dbb..112e14fa81b 100644 +--- a/net/ipv6/af_inet6.c ++++ b/net/ipv6/af_inet6.c +@@ -702,7 +702,6 @@ int inet6_sk_rebuild_header(struct sock *sk) + fl6.flowi6_mark = sk->sk_mark; + fl6.fl6_dport = inet->inet_dport; + fl6.fl6_sport = inet->inet_sport; +- fl6.flowi6_uid = sock_i_uid(sk); + security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); + + rcu_read_lock(); +diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c +index 193274c912f..0deea6ef4cc 100644 +--- a/net/ipv6/datagram.c ++++ b/net/ipv6/datagram.c +@@ -162,7 +162,6 @@ ipv4_connected: + fl6.flowi6_mark = sk->sk_mark; + fl6.fl6_dport = inet->inet_dport; + fl6.fl6_sport = inet->inet_sport; +- fl6.flowi6_uid = sock_i_uid(sk); + + if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST)) + fl6.flowi6_oif = np->mcast_oif; +diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c +index f92676cb879..9cdb8e43451 100644 +--- a/net/ipv6/inet6_connection_sock.c ++++ b/net/ipv6/inet6_connection_sock.c +@@ -86,7 +86,6 @@ struct dst_entry *inet6_csk_route_req(struct sock *sk, + fl6->flowi6_mark = inet_rsk(req)->ir_mark; + fl6->fl6_dport = inet_rsk(req)->rmt_port; + fl6->fl6_sport = inet_rsk(req)->loc_port; +- fl6->flowi6_uid = sock_i_uid(sk); + security_req_classify_flow(req, flowi6_to_flowi(fl6)); + + dst = ip6_dst_lookup_flow(sk, fl6, final_p, false); +diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c +index 40c13d48dde..9215ccbec01 100644 +--- a/net/ipv6/ping.c ++++ b/net/ipv6/ping.c +@@ -163,7 +163,6 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + fl6.flowi6_mark = sk->sk_mark; + fl6.fl6_icmp_type = user_icmph.icmp6_type; + fl6.fl6_icmp_code = user_icmph.icmp6_code; +- fl6.flowi6_uid = sock_i_uid(sk); + security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); + + if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) +diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c +index 5a9539e871a..a98f5f05325 100644 +--- a/net/ipv6/raw.c ++++ b/net/ipv6/raw.c +@@ -763,7 +763,6 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, + memset(&fl6, 0, sizeof(fl6)); + + fl6.flowi6_mark = sk->sk_mark; +- fl6.flowi6_uid = sock_i_uid(sk); + + if (sin6) { + if (addr_len < SIN6_LEN_RFC2133) +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 0f68d4db7d3..a6a9023e8fd 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2247,7 +2247,6 @@ static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = { + [RTA_PRIORITY] = { .type = NLA_U32 }, + [RTA_METRICS] = { .type = NLA_NESTED }, + [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, +- [RTA_UID] = { .type = NLA_U32 }, + }; + + static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh, +@@ -2636,11 +2635,6 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh) + if (tb[RTA_OIF]) + oif = nla_get_u32(tb[RTA_OIF]); + +- if (tb[RTA_UID]) +- fl6.flowi6_uid = nla_get_u32(tb[RTA_UID]); +- else +- fl6.flowi6_uid = (iif ? (uid_t) -1 : current_uid()); +- + if (iif) { + struct net_device *dev; + int flags = 0; +diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c +index 701d0656a40..a596f388339 100644 +--- a/net/ipv6/syncookies.c ++++ b/net/ipv6/syncookies.c +@@ -243,7 +243,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) + fl6.flowi6_mark = ireq->ir_mark; + fl6.fl6_dport = inet_rsk(req)->rmt_port; + fl6.fl6_sport = inet_sk(sk)->inet_sport; +- fl6.flowi6_uid = sock_i_uid(sk); + security_req_classify_flow(req, flowi6_to_flowi(&fl6)); + + dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false); +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c +index c1310fc4d6c..57f152323b6 100644 +--- a/net/ipv6/tcp_ipv6.c ++++ b/net/ipv6/tcp_ipv6.c +@@ -253,7 +253,6 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, + fl6.flowi6_mark = sk->sk_mark; + fl6.fl6_dport = usin->sin6_port; + fl6.fl6_sport = inet->inet_sport; +- fl6.flowi6_uid = sock_i_uid(sk); + + opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); + final_p = fl6_update_dst(&fl6, opt, &final); +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c +index 7de2ce1f299..5187bf51592 100644 +--- a/net/ipv6/udp.c ++++ b/net/ipv6/udp.c +@@ -1149,7 +1149,6 @@ do_udp_sendmsg: + fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex; + + fl6.flowi6_mark = sk->sk_mark; +- fl6.flowi6_uid = sock_i_uid(sk); + + if (msg->msg_controllen) { + opt = &opt_space; +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/0001-Revert-misc-uidstat-change-release-handler-for-stat-.patch b/devices/asus-z00t/kernel/0001-Revert-misc-uidstat-change-release-handler-for-stat-.patch new file mode 100644 index 00000000..83eb451e --- /dev/null +++ b/devices/asus-z00t/kernel/0001-Revert-misc-uidstat-change-release-handler-for-stat-.patch @@ -0,0 +1,501 @@ +From 01129f192beb09cd31bef20320b10167c10b3a23 Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 21:04:14 -0400 +Subject: [PATCH] Revert "misc: uidstat: change release handler for stat read + operation" + +This reverts commit 0dcb3df744e01e8d6588f5eecfe6a510c4ce95d6. + +Revert "misc: uidstat: Remove use of obsolete create_proc_read_entry api" + +This reverts commit 6908fe248fc3e976363807985478871106b22a19. + +Revert "net: activity_stats: Stop using obsolete create_proc_read_entry api" + +This reverts commit 4af1c50c2b8d5cb96ee803cc8c8d969708130509. + +Revert "misc: uidstat: avoid create_stat() race and blockage." + +This reverts commit 760017d10ac80defe7fa9ad12aebf36ced5f3119. + +Revert "net: activity_stats: Add statistics for network transmission activity" + +This reverts commit 1f65785d2b92ccad4ebab8f0b39c9e232d76946f. + +Revert "misc: uidstat: Adding uid stat driver to collect network statistics." + +This reverts commit 5a5f2f9219cf1df0cbd14542c5c709e34653d7f9. +--- + drivers/misc/Kconfig | 4 - + drivers/misc/Makefile | 1 - + drivers/misc/uid_stat.c | 152 ----------------------------------- + include/linux/uid_stat.h | 29 ------- + include/net/activity_stats.h | 25 ------ + net/Kconfig | 8 -- + net/Makefile | 1 - + net/activity_stats.c | 119 --------------------------- + net/ipv4/tcp.c | 10 --- + 9 files changed, 349 deletions(-) + delete mode 100644 drivers/misc/uid_stat.c + delete mode 100644 include/linux/uid_stat.h + delete mode 100644 include/net/activity_stats.h + delete mode 100644 net/activity_stats.c + +diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig +index f159fff09bf..803b65906ca 100644 +--- a/drivers/misc/Kconfig ++++ b/drivers/misc/Kconfig +@@ -434,10 +434,6 @@ config TI_DAC7512 + This driver can also be built as a module. If so, the module + will be called ti_dac7512. + +-config UID_STAT +- bool "UID based statistics tracking exported to /proc/uid_stat" +- default n +- + config VMWARE_BALLOON + tristate "VMware Balloon Driver" + depends on X86 && HYPERVISOR_GUEST +diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile +index a53a897faab..e4d3c0346a0 100644 +--- a/drivers/misc/Makefile ++++ b/drivers/misc/Makefile +@@ -38,7 +38,6 @@ obj-$(CONFIG_SENSORS_TSL2550) += tsl2550.o + obj-$(CONFIG_EP93XX_PWM) += ep93xx_pwm.o + obj-$(CONFIG_DS1682) += ds1682.o + obj-$(CONFIG_TI_DAC7512) += ti_dac7512.o +-obj-$(CONFIG_UID_STAT) += uid_stat.o + obj-$(CONFIG_C2PORT) += c2port/ + obj-$(CONFIG_HMC6352) += hmc6352.o + obj-y += eeprom/ +diff --git a/drivers/misc/uid_stat.c b/drivers/misc/uid_stat.c +deleted file mode 100644 +index 27b516b8a90..00000000000 +--- a/drivers/misc/uid_stat.c ++++ /dev/null +@@ -1,152 +0,0 @@ +-/* drivers/misc/uid_stat.c +- * +- * Copyright (C) 2008 - 2009 Google, Inc. +- * +- * This software is licensed under the terms of the GNU General Public +- * License version 2, as published by the Free Software Foundation, and +- * may be copied, distributed, and modified under those terms. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- */ +- +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-static DEFINE_SPINLOCK(uid_lock); +-static LIST_HEAD(uid_list); +-static struct proc_dir_entry *parent; +- +-struct uid_stat { +- struct list_head link; +- uid_t uid; +- atomic_t tcp_rcv; +- atomic_t tcp_snd; +-}; +- +-static struct uid_stat *find_uid_stat(uid_t uid) { +- struct uid_stat *entry; +- +- list_for_each_entry(entry, &uid_list, link) { +- if (entry->uid == uid) { +- return entry; +- } +- } +- return NULL; +-} +- +-static int uid_stat_atomic_int_show(struct seq_file *m, void *v) +-{ +- unsigned int bytes; +- atomic_t *counter = m->private; +- +- bytes = (unsigned int) (atomic_read(counter) + INT_MIN); +- return seq_printf(m, "%u\n", bytes); +-} +- +-static int uid_stat_read_atomic_int_open(struct inode *inode, struct file *file) +-{ +- return single_open(file, uid_stat_atomic_int_show, PDE_DATA(inode)); +-} +- +-static const struct file_operations uid_stat_read_atomic_int_fops = { +- .open = uid_stat_read_atomic_int_open, +- .read = seq_read, +- .llseek = seq_lseek, +- .release = single_release, +-}; +- +-/* Create a new entry for tracking the specified uid. */ +-static struct uid_stat *create_stat(uid_t uid) { +- struct uid_stat *new_uid; +- /* Create the uid stat struct and append it to the list. */ +- new_uid = kmalloc(sizeof(struct uid_stat), GFP_ATOMIC); +- if (!new_uid) +- return NULL; +- +- new_uid->uid = uid; +- /* Counters start at INT_MIN, so we can track 4GB of network traffic. */ +- atomic_set(&new_uid->tcp_rcv, INT_MIN); +- atomic_set(&new_uid->tcp_snd, INT_MIN); +- +- list_add_tail(&new_uid->link, &uid_list); +- return new_uid; +-} +- +-static void create_stat_proc(struct uid_stat *new_uid) +-{ +- char uid_s[32]; +- struct proc_dir_entry *entry; +- sprintf(uid_s, "%d", new_uid->uid); +- entry = proc_mkdir(uid_s, parent); +- +- /* Keep reference to uid_stat so we know what uid to read stats from. */ +- proc_create_data("tcp_snd", S_IRUGO, entry, +- &uid_stat_read_atomic_int_fops, &new_uid->tcp_snd); +- +- proc_create_data("tcp_rcv", S_IRUGO, entry, +- &uid_stat_read_atomic_int_fops, &new_uid->tcp_rcv); +-} +- +-static struct uid_stat *find_or_create_uid_stat(uid_t uid) +-{ +- struct uid_stat *entry; +- unsigned long flags; +- spin_lock_irqsave(&uid_lock, flags); +- entry = find_uid_stat(uid); +- if (entry) { +- spin_unlock_irqrestore(&uid_lock, flags); +- return entry; +- } +- entry = create_stat(uid); +- spin_unlock_irqrestore(&uid_lock, flags); +- if (entry) +- create_stat_proc(entry); +- return entry; +-} +- +-int uid_stat_tcp_snd(uid_t uid, int size) { +- struct uid_stat *entry; +- activity_stats_update(); +- entry = find_or_create_uid_stat(uid); +- if (!entry) +- return -1; +- atomic_add(size, &entry->tcp_snd); +- return 0; +-} +- +-int uid_stat_tcp_rcv(uid_t uid, int size) { +- struct uid_stat *entry; +- activity_stats_update(); +- entry = find_or_create_uid_stat(uid); +- if (!entry) +- return -1; +- atomic_add(size, &entry->tcp_rcv); +- return 0; +-} +- +-static int __init uid_stat_init(void) +-{ +- parent = proc_mkdir("uid_stat", NULL); +- if (!parent) { +- pr_err("uid_stat: failed to create proc entry\n"); +- return -1; +- } +- return 0; +-} +- +-__initcall(uid_stat_init); +diff --git a/include/linux/uid_stat.h b/include/linux/uid_stat.h +deleted file mode 100644 +index 6bd6c4e52d1..00000000000 +--- a/include/linux/uid_stat.h ++++ /dev/null +@@ -1,29 +0,0 @@ +-/* include/linux/uid_stat.h +- * +- * Copyright (C) 2008-2009 Google, Inc. +- * +- * This software is licensed under the terms of the GNU General Public +- * License version 2, as published by the Free Software Foundation, and +- * may be copied, distributed, and modified under those terms. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- */ +- +-#ifndef __uid_stat_h +-#define __uid_stat_h +- +-/* Contains definitions for resource tracking per uid. */ +- +-#ifdef CONFIG_UID_STAT +-int uid_stat_tcp_snd(uid_t uid, int size); +-int uid_stat_tcp_rcv(uid_t uid, int size); +-#else +-#define uid_stat_tcp_snd(uid, size) do {} while (0); +-#define uid_stat_tcp_rcv(uid, size) do {} while (0); +-#endif +- +-#endif /* _LINUX_UID_STAT_H */ +diff --git a/include/net/activity_stats.h b/include/net/activity_stats.h +deleted file mode 100644 +index 10e4c1506ee..00000000000 +--- a/include/net/activity_stats.h ++++ /dev/null +@@ -1,25 +0,0 @@ +-/* +- * Copyright (C) 2010 Google, Inc. +- * +- * This software is licensed under the terms of the GNU General Public +- * License version 2, as published by the Free Software Foundation, and +- * may be copied, distributed, and modified under those terms. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * Author: Mike Chan (mike@android.com) +- */ +- +-#ifndef __activity_stats_h +-#define __activity_stats_h +- +-#ifdef CONFIG_NET_ACTIVITY_STATS +-void activity_stats_update(void); +-#else +-#define activity_stats_update(void) {} +-#endif +- +-#endif /* _NET_ACTIVITY_STATS_H */ +diff --git a/net/Kconfig b/net/Kconfig +index b9d1e6929cd..77d7f381c0a 100644 +--- a/net/Kconfig ++++ b/net/Kconfig +@@ -87,14 +87,6 @@ config ANDROID_PARANOID_NETWORK + help + none + +-config NET_ACTIVITY_STATS +- bool "Network activity statistics tracking" +- default y +- help +- Network activity statistics are useful for tracking wireless +- modem activity on 2G, 3G, 4G wireless networks. Counts number of +- transmissions and groups them in specified time buckets. +- + config NETWORK_SECMARK + bool "Security Marking" + help +diff --git a/net/Makefile b/net/Makefile +index 7878913abba..27336ffefa7 100644 +--- a/net/Makefile ++++ b/net/Makefile +@@ -70,6 +70,5 @@ obj-$(CONFIG_BATMAN_ADV) += batman-adv/ + obj-$(CONFIG_NFC) += nfc/ + obj-$(CONFIG_OPENVSWITCH) += openvswitch/ + obj-$(CONFIG_VSOCKETS) += vmw_vsock/ +-obj-$(CONFIG_NET_ACTIVITY_STATS) += activity_stats.o + obj-$(CONFIG_RMNET_DATA) += rmnet_data/ + obj-$(CONFIG_IPC_ROUTER) += ipc_router/ +diff --git a/net/activity_stats.c b/net/activity_stats.c +deleted file mode 100644 +index 4609ce2043e..00000000000 +--- a/net/activity_stats.c ++++ /dev/null +@@ -1,119 +0,0 @@ +-/* net/activity_stats.c +- * +- * Copyright (C) 2010 Google, Inc. +- * +- * This software is licensed under the terms of the GNU General Public +- * License version 2, as published by the Free Software Foundation, and +- * may be copied, distributed, and modified under those terms. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * Author: Mike Chan (mike@android.com) +- */ +- +-#include +-#include +-#include +-#include +- +-/* +- * Track transmission rates in buckets (power of 2). +- * 1,2,4,8...512 seconds. +- * +- * Buckets represent the count of network transmissions at least +- * N seconds apart, where N is 1 << bucket index. +- */ +-#define BUCKET_MAX 10 +- +-/* Track network activity frequency */ +-static unsigned long activity_stats[BUCKET_MAX]; +-static ktime_t last_transmit; +-static ktime_t suspend_time; +-static DEFINE_SPINLOCK(activity_lock); +- +-void activity_stats_update(void) +-{ +- int i; +- unsigned long flags; +- ktime_t now; +- s64 delta; +- +- spin_lock_irqsave(&activity_lock, flags); +- now = ktime_get(); +- delta = ktime_to_ns(ktime_sub(now, last_transmit)); +- +- for (i = BUCKET_MAX - 1; i >= 0; i--) { +- /* +- * Check if the time delta between network activity is within the +- * minimum bucket range. +- */ +- if (delta < (1000000000ULL << i)) +- continue; +- +- activity_stats[i]++; +- last_transmit = now; +- break; +- } +- spin_unlock_irqrestore(&activity_lock, flags); +-} +- +-static int activity_stats_show(struct seq_file *m, void *v) +-{ +- int i; +- int ret; +- +- seq_printf(m, "Min Bucket(sec) Count\n"); +- +- for (i = 0; i < BUCKET_MAX; i++) { +- ret = seq_printf(m, "%15d %lu\n", 1 << i, activity_stats[i]); +- if (ret) +- return ret; +- } +- +- return 0; +-} +- +-static int activity_stats_notifier(struct notifier_block *nb, +- unsigned long event, void *dummy) +-{ +- switch (event) { +- case PM_SUSPEND_PREPARE: +- suspend_time = ktime_get_real(); +- break; +- +- case PM_POST_SUSPEND: +- suspend_time = ktime_sub(ktime_get_real(), suspend_time); +- last_transmit = ktime_sub(last_transmit, suspend_time); +- } +- +- return 0; +-} +- +-static int activity_stats_open(struct inode *inode, struct file *file) +-{ +- return single_open(file, activity_stats_show, PDE_DATA(inode)); +-} +- +-static const struct file_operations activity_stats_fops = { +- .open = activity_stats_open, +- .read = seq_read, +- .llseek = seq_lseek, +- .release = seq_release, +-}; +- +-static struct notifier_block activity_stats_notifier_block = { +- .notifier_call = activity_stats_notifier, +-}; +- +-static int __init activity_stats_init(void) +-{ +- proc_create("activity", S_IRUGO, +- init_net.proc_net_stat, &activity_stats_fops); +- return register_pm_notifier(&activity_stats_notifier_block); +-} +- +-subsys_initcall(activity_stats_init); +- +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c +index 0fe6968be03..8eb92820588 100644 +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -268,7 +268,6 @@ + #include + #include + #include +-#include + + #include + #include +@@ -1257,9 +1256,6 @@ out: + tcp_push(sk, flags, mss_now, tp->nonagle); + out_nopush: + release_sock(sk); +- +- if (copied + copied_syn) +- uid_stat_tcp_snd(current_uid(), copied + copied_syn); + return copied + copied_syn; + + do_fault: +@@ -1567,7 +1563,6 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc, + if (copied > 0) { + tcp_recv_skb(sk, seq, &offset); + tcp_cleanup_rbuf(sk, copied); +- uid_stat_tcp_rcv(current_uid(), copied); + } + return copied; + } +@@ -1972,9 +1967,6 @@ skip_copy: + tcp_cleanup_rbuf(sk, copied); + + release_sock(sk); +- +- if (copied > 0) +- uid_stat_tcp_rcv(current_uid(), copied); + return copied; + + out: +@@ -1983,8 +1975,6 @@ out: + + recv_urg: + err = tcp_recv_urg(sk, msg, len, flags); +- if (err > 0) +- uid_stat_tcp_rcv(current_uid(), err); + goto out; + + recv_sndq: +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/0001-Revert-qmp-sphinx-Add-Qualcomm-Malware-Protection-ke.patch b/devices/asus-z00t/kernel/0001-Revert-qmp-sphinx-Add-Qualcomm-Malware-Protection-ke.patch new file mode 100644 index 00000000..f31e5197 --- /dev/null +++ b/devices/asus-z00t/kernel/0001-Revert-qmp-sphinx-Add-Qualcomm-Malware-Protection-ke.patch @@ -0,0 +1,80 @@ +From c6dd0ab43f56b292d1c20ffa0154d238f90444c0 Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 20:41:09 -0400 +Subject: [PATCH] Revert "qmp: sphinx: Add Qualcomm Malware Protection kernel + instrumentation" + +This reverts commit 3c77a990d0ce566b354b367824d1bf423617351c. + +This breaks the kernel build in some situations, for a feature that is +undoubtedly useless to us, and already disabled. +--- + fs/proc/base.c | 7 ------- + net/socket.c | 5 ----- + 2 files changed, 12 deletions(-) + +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 77fd2d4226f..870abad7717 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -87,7 +87,6 @@ + #include + #include + #include +-#include + #ifdef CONFIG_HARDWALL + #include + #endif +@@ -968,9 +967,6 @@ static ssize_t oom_adj_write(struct file *file, const char __user *buf, + goto out; + } + +- qmp_sphinx_logk_oom_adjust_write(task->pid, +- task->cred->uid, oom_adj); +- + task_lock(task); + if (!task->mm) { + err = -EINVAL; +@@ -1103,9 +1099,6 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf, + goto out; + } + +- qmp_sphinx_logk_oom_adjust_write(task->pid, +- task->cred->uid, oom_score_adj); +- + task_lock(task); + if (!task->mm) { + err = -EINVAL; +diff --git a/net/socket.c b/net/socket.c +index 0e9f6dddb2a..a1cb73b83b0 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -88,7 +88,6 @@ + #include + #include + #include +-#include + + #include + #include +@@ -1793,8 +1792,6 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, + struct iovec iov; + int fput_needed; + +- qmp_sphinx_logk_sendto(fd, buff, len, flags, addr, addr_len); +- + if (len > INT_MAX) + len = INT_MAX; + if (unlikely(!access_ok(VERIFY_READ, buff, len))) +@@ -1856,8 +1853,6 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, + int err, err2; + int fput_needed; + +- qmp_sphinx_logk_recvfrom(fd, ubuf, size, flags, addr, addr_len); +- + if (size > INT_MAX) + size = INT_MAX; + if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size))) +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/0001-asus-flash-Remove-hardcoded-IDs-for-USER_NS.patch b/devices/asus-z00t/kernel/0001-asus-flash-Remove-hardcoded-IDs-for-USER_NS.patch new file mode 100644 index 00000000..3ff3d2fa --- /dev/null +++ b/devices/asus-z00t/kernel/0001-asus-flash-Remove-hardcoded-IDs-for-USER_NS.patch @@ -0,0 +1,49 @@ +From 827c9118b1de82044cf7a370b96a676a0b49a03f Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 22:00:42 -0400 +Subject: [PATCH] asus-flash: Remove hardcoded IDs, for USER_NS + +Big oof... this section of code is not good. + +This makes the build work woth USER_NS. +--- + .../msm/camera_v2/sensor/flash/msm_led_i2c_trigger.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/drivers/media/platform/msm/camera_v2/sensor/flash/msm_led_i2c_trigger.c b/drivers/media/platform/msm/camera_v2/sensor/flash/msm_led_i2c_trigger.c +index 3593d29b79f..7c84a057b93 100644 +--- a/drivers/media/platform/msm/camera_v2/sensor/flash/msm_led_i2c_trigger.c ++++ b/drivers/media/platform/msm/camera_v2/sensor/flash/msm_led_i2c_trigger.c +@@ -2247,14 +2247,10 @@ int msm_flash_i2c_probe(struct i2c_client *client, + #endif + /*For ASUS FLASH+++*/ + proc_entry_flash = proc_create_data("driver/asus_flash", 0666, NULL, &asus_flash_proc_fops, dummy); +- proc_set_user(proc_entry_flash, 1000, 1000); + proc_entry_flash_second = proc_create_data("driver/asus_flash2", 0666, NULL, &asus_flash_second_proc_fops, dummy2); +- proc_set_user(proc_entry_flash_second, 1000, 1000); + if( is_ZD550KL() ){ + proc_entry_flash_third = proc_create_data("driver/asus_flash3", 0666, NULL, &asus_flash_third_proc_fops, dummy3); +- proc_set_user(proc_entry_flash_third, 1000, 1000); + proc_entry_flash_fourth = proc_create_data("driver/asus_flash4", 0666, NULL, &asus_flash_fourth_proc_fops, dummy4); +- proc_set_user(proc_entry_flash_fourth, 1000, 1000); + } + /*For ASUS FLASH---*/ + pr_info("%s:%d probe success\n", __func__, __LINE__); +@@ -2349,14 +2345,10 @@ int msm_flash_probe(struct platform_device *pdev, + + /*For ASUS FLASH+++*/ + proc_entry_flash = proc_create_data("driver/asus_flash", 0666, NULL, &asus_flash_proc_fops, dummy); +- proc_set_user(proc_entry_flash, 1000, 1000); + proc_entry_flash_second = proc_create_data("driver/asus_flash2", 0666, NULL, &asus_flash_second_proc_fops, dummy2); +- proc_set_user(proc_entry_flash_second, 1000, 1000); + if( is_ZD550KL() ){ + proc_entry_flash_third = proc_create_data("driver/asus_flash3", 0666, NULL, &asus_flash_third_proc_fops, dummy3); +- proc_set_user(proc_entry_flash_third, 1000, 1000); + proc_entry_flash_fourth = proc_create_data("driver/asus_flash4", 0666, NULL, &asus_flash_fourth_proc_fops, dummy4); +- proc_set_user(proc_entry_flash_fourth, 1000, 1000); + } + /*For ASUS FLASH---*/ + mutex_init(&flash_lock); +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/0001-netfilter-xt_IDLETIMER-make-compatible-with-USER_NS.patch b/devices/asus-z00t/kernel/0001-netfilter-xt_IDLETIMER-make-compatible-with-USER_NS.patch new file mode 100644 index 00000000..aec8495c --- /dev/null +++ b/devices/asus-z00t/kernel/0001-netfilter-xt_IDLETIMER-make-compatible-with-USER_NS.patch @@ -0,0 +1,25 @@ +From a5ba367ef054aa7c24a778a4a535c34406e0be33 Mon Sep 17 00:00:00 2001 +From: Samuel Dionne-Riel +Date: Wed, 9 Oct 2019 21:23:29 -0400 +Subject: [PATCH] netfilter: xt_IDLETIMER: make compatible with USER_NS + +--- + net/netfilter/xt_IDLETIMER.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/netfilter/xt_IDLETIMER.c b/net/netfilter/xt_IDLETIMER.c +index 94ce95e00cc..26f2279c391 100644 +--- a/net/netfilter/xt_IDLETIMER.c ++++ b/net/netfilter/xt_IDLETIMER.c +@@ -365,7 +365,7 @@ static void reset_timer(const struct idletimer_tg_info *info, + read_lock_bh(&sk->sk_callback_lock); + if ((sk->sk_socket) && (sk->sk_socket->file) && + (sk->sk_socket->file->f_cred)) +- timer->uid = sk->sk_socket->file->f_cred->uid; ++ timer->uid = from_kuid_munged(current_user_ns(), sk->sk_socket->file->f_cred->uid); + read_unlock_bh(&sk->sk_callback_lock); + } + +-- +2.23.0 + diff --git a/devices/asus-z00t/kernel/config.aarch64 b/devices/asus-z00t/kernel/config.aarch64 index 2d873bff..e5faafb6 100644 --- a/devices/asus-z00t/kernel/config.aarch64 +++ b/devices/asus-z00t/kernel/config.aarch64 @@ -117,11 +117,11 @@ CONFIG_SCHED_HMP=y CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set CONFIG_IPC_NS=y -# CONFIG_USER_NS is not set -# CONFIG_PID_NS is not set +CONFIG_USER_NS=y +CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_UIDGID_CONVERTED=y -# CONFIG_UIDGID_STRICT_TYPE_CHECKS is not set +CONFIG_UIDGID_STRICT_TYPE_CHECKS=y # CONFIG_SCHED_AUTOGROUP is not set # CONFIG_SYSFS_DEPRECATED is not set # CONFIG_RELAY is not set @@ -356,6 +356,7 @@ CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_BALANCE_ANON_FILE_RECLAIM=y CONFIG_GENERIC_EARLY_IOREMAP=y CONFIG_PROCESS_RECLAIM=y +CONFIG_VM_MAX_READAHEAD=128 # CONFIG_XEN is not set CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_SECCOMP=y @@ -524,7 +525,6 @@ CONFIG_IPV6_SUBTREES=y # CONFIG_IPV6_MROUTE is not set # CONFIG_NETLABEL is not set # CONFIG_ANDROID_PARANOID_NETWORK is not set -CONFIG_NET_ACTIVITY_STATS=y CONFIG_NETWORK_SECMARK=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y @@ -647,10 +647,9 @@ CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_POLICY=y # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y -CONFIG_NETFILTER_XT_MATCH_QTAGUID=y +# CONFIG_NETFILTER_XT_MATCH_QTAGUID is not set CONFIG_NETFILTER_XT_MATCH_QUOTA=y -CONFIG_NETFILTER_XT_MATCH_QUOTA2=y -CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y +# CONFIG_NETFILTER_XT_MATCH_QUOTA2 is not set # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set # CONFIG_NETFILTER_XT_MATCH_REALM is not set # CONFIG_NETFILTER_XT_MATCH_RECENT is not set @@ -1031,7 +1030,6 @@ CONFIG_APDS9930=y # CONFIG_HMC6352 is not set # CONFIG_DS1682 is not set # CONFIG_TI_DAC7512 is not set -CONFIG_UID_STAT=y # CONFIG_BMP085_I2C is not set # CONFIG_BMP085_SPI is not set # CONFIG_PCH_PHUB is not set @@ -3379,11 +3377,6 @@ CONFIG_ZRAM=y # # Android # -CONFIG_ANDROID=y -CONFIG_ANDROID_BINDER_IPC=y -# CONFIG_ANDROID_BINDER_IPC_32BIT is not set -CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder" -# CONFIG_ANDROID_BINDER_IPC_SELFTEST is not set CONFIG_ASHMEM=y # CONFIG_ANDROID_LOGGER is not set CONFIG_ANDROID_TIMED_OUTPUT=y @@ -3709,6 +3702,14 @@ CONFIG_MEM_SHARE_QMI_SERVICE=y # CONFIG_FIRMWARE_MEMMAP is not set CONFIG_MSM_TZ_LOG=y +# +# Android +# +CONFIG_ANDROID=y +CONFIG_ANDROID_BINDER_IPC=y +CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder" +# CONFIG_ANDROID_BINDER_IPC_SELFTEST is not set + # # Firmware Drivers # @@ -3804,7 +3805,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_ECRYPT_FS is not set -CONFIG_SDCARD_FS=y +# CONFIG_SDCARD_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set diff --git a/devices/asus-z00t/kernel/default.nix b/devices/asus-z00t/kernel/default.nix index e7ea7e8b..a40f40c3 100644 --- a/devices/asus-z00t/kernel/default.nix +++ b/devices/asus-z00t/kernel/default.nix @@ -15,12 +15,18 @@ src = fetchFromGitHub { owner = "LineageOS"; repo = "android_kernel_asus_msm8916"; - rev = "d56000991e7d90e3a75afd86fb2f3c779232ff29"; # lineage-15.1 - sha256 = "079sm5z0ml0ijm866ga5mzwnix4wzvida0469vymbrh8mhz47p4r"; + rev = "1a45c63742b8c3253a38c2ff97b672918c88d8df"; # lineage-15.1 + sha256 = "02mfz3h5s3lvkdinglqmhm2hyfw4w0hqzzh1xla1i9wfc31ddbap"; }; patches = [ ./0001-Porting-changes-found-in-LineageOS-android_kernel_cy.patch + ./0001-Revert-qmp-sphinx-Add-Qualcomm-Malware-Protection-ke.patch + ./0001-Revert-Handle-sk-being-NULL-in-UID-based-routing.patch + ./0001-Revert-Grants-system-server-access-to-proc-pid-oom_a.patch + ./0001-Revert-misc-uidstat-change-release-handler-for-stat-.patch + ./0001-netfilter-xt_IDLETIMER-make-compatible-with-USER_NS.patch + ./0001-asus-flash-Remove-hardcoded-IDs-for-USER_NS.patch ./01_more_precise_arch.patch ./01_fix_gcc6_errors.patch ./02_mdss_fb_refresh_rate.patch