From 7b8d3e27a31815a51ddbe07fb235a04704acbbeb Mon Sep 17 00:00:00 2001
From: kuyo chang <kuyo.chang@mediatek.com>
Date: Fri, 13 Dec 2024 23:51:28 +0800
Subject: [PATCH] ANDROID: GKI: Add initial dynamically task vendor size flow

UBSAN trigged loading invalid value when CONFIG_PAGE_POISONING=y.
The static vendor data has been initial by android_init_vendor_data.
Add the initial flow for the memory content to zero before vendor use it.

Bug: 383246978

Change-Id: Ic4351dfeda5b9d49cfddeaf0464f9250bed80ffe
Signed-off-by: kuyo chang <kuyo.chang@mediatek.com>
Signed-off-by: kuyo chang <kuyo.chang@mediatek.corp-partner.google.com>
[jstultz: Minor cleanup to avoid ifdefs]
Signed-off-by: John Stultz <jstultz@google.com>
---
 include/linux/sched/task.h | 19 +++++++++++++++++++
 kernel/fork.c              |  2 +-
 kernel/sched/sched.h       |  9 ---------
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h
index 8404847cf93e..9da934f24cfa 100644
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -239,4 +239,23 @@ static inline void task_unlock(struct task_struct *p)
 
 DEFINE_GUARD(task_lock, struct task_struct *, task_lock(_T), task_unlock(_T))
 
+#ifdef CONFIG_GKI_DYNAMIC_TASK_STRUCT_SIZE
+static inline void *android_task_vendor_data(struct task_struct *p)
+{
+	if (p == &init_task)
+		return &vendor_data_pad[0];
+
+	return p + 1;
+}
+
+static inline void android_init_dynamic_vendor_data(struct task_struct *p)
+{
+	if (arch_task_struct_size > sizeof(struct task_struct))
+		memset((void *)android_task_vendor_data(p), 0x0,
+		       arch_task_struct_size - sizeof(struct task_struct));
+}
+#else /* !CONFIG_GKI_DYNAMIC_TASK_STRUCT_SIZE */
+static inline void android_init_dynamic_vendor_data(struct task_struct *p) {}
+#endif /* CONFIG_GKI_DYNAMIC_TASK_STRUCT_SIZE */
+
 #endif /* _LINUX_SCHED_TASK_H */
diff --git a/kernel/fork.c b/kernel/fork.c
index e6f25678f367..7775370f4053 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1211,7 +1211,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
 #endif
 	android_init_vendor_data(tsk, 1);
 	android_init_oem_data(tsk, 1);
-
+	android_init_dynamic_vendor_data(tsk);
 	trace_android_vh_dup_task_struct(tsk, orig);
 	return tsk;
 
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index 5150e3bc7ac2..91b503d627dd 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -3989,15 +3989,6 @@ void sched_enq_and_set_task(struct sched_enq_and_set_ctx *ctx);
 
 #include "ext.h"
 
-#ifdef CONFIG_GKI_DYNAMIC_TASK_STRUCT_SIZE
-static inline void *android_task_vendor_data(struct task_struct *p)
-{
-	if (p == &init_task)
-		return &vendor_data_pad[0];
-
-	return p + 1;
-}
-#endif
 
 #ifdef CONFIG_RT_SOFTIRQ_AWARE_SCHED
 extern bool cpu_busy_with_softirqs(int cpu);