When kernel operates hw ctls, early RVC in bootloader
can also co-exist to update hardware registers. So it's
needed to care the reserved pipe by early RVC before
kernel starts to handle ctl setup.
CRs-Fixed: 2225630
Change-Id: I2df06350a44bd128dfb89cc0668c41d2edfb26a6
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
commit 4d09122c1868 ("sched: Fix spinlock recursion in sched_exit()")
moved freeing of task's current and previous window arrays outside
the rq->lock. These arrays can be accessed from another CPU in parallel
and end up using freed memory. For example,
CPU#0 CPU#1
---------------------------------- -------------------------------
sched_exit() try_to_wake_up()--> The task wakes
up on CPU#0
task_rq_lock() set_task_cpu()
fixup_busy_time() --> waiting for
CPU#0's rq->lock
task_rq_unlock() fixup_busy_time()-->lock acquired
free_task_load_ptrs()
kfree(p->ravg.curr_window_cpu) update_task_ravg()-->called on
current of CPU#0
trace_sched_update_task_ravg()
--> access freed memory
p->ravg.curr_window_cpu = NULL;
To fix this issue, window array pointers must be set to NULL before
freeing the memory. Since this happens outside the lock, memory barriers
are needed on write and read paths. A much simpler alternative would be
skipping update_task_ravg() trace point for tasks that are marked as dead.
The window stats of dead tasks are not updated any ways. While at it, skip
this trace point for newly created tasks for which also window stats are
not updated.
Change-Id: I4d7cb8a3cf7cf84270b09721140d35205643b7ab
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
[spathi@codeaurora.org: moved changes to hmp.c since EAS is not supported]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Sometimes a GPIO is fetched with NULL as parent device, and
that is just fine. So under these circumstances, avoid using
dev_name() to provide a name for the GPIO line.
Change-Id: Iacf2ef35d50118cd755e26ed4211c3c4b1289ff2
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Git-commit: 7d18f0a14aa6a0d6bad39111c1fb655f07f71d59
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
The SNDRV_RAWMIDI_STREAM_{OUTPUT,INPUT} ioctls may reallocate
runtime->buffer while other kernel threads are accessing it. If the
underlying krealloc() call frees the original buffer, then this can turn
into a use-after-free.
Most of these accesses happen while the thread is holding runtime->lock,
and can be fixed by just holding the same lock while replacing
runtime->buffer, however we can't hold this spinlock while
snd_rawmidi_kernel_{read1,write1} are copying to/from userspace. We
need to add and acquire a new mutex to prevent this from happening
concurrently with reallocation. We hold this mutex during the entire
reallocation process, to also prevent multiple concurrent reallocations
leading to a double-free.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
bug: 64315347
Change-Id: I05764d4f1a38f373eb7c0ac1c98607ee5ff0eded
[dcagle@codeaurora.org: Resolve trivial merge conflict]
Git-repo: https://android.googlesource.com/kernel/msm
Git-commit: d7193540482d11ff0ad3a07fc18717811641c6eb
Signed-off-by: Dennis Cagle <dcagle@codeaurora.org>
As per the sd card spec, mmc need to power cycle sd card in case sd
card voltage switch operation fails. Currently we are directly going
for low speed mode without power cycle, which is in violation of sd
card spec. Now we will retry for 10 times in case timeout happens
while switching voltage and at last, in case, it did not succeed in
switching sd card voltage, mmc would go for low speed mode.
Change-Id: Icece08732b8d52104e0890dce81ad16844265edd
Signed-off-by: Ram Prakash Gupta <rampraka@codeaurora.org>
Due to command queuing, there is a possibility of servicing
completion of multiple requests from hw irq context. So in
this case, hw irq will launch softirq for all requests which
were completed (irrespective of whether it was success or failure).
If one of the requests failed, then the softirq corresponding
to error ed request will set current cmdq state to CMDQ_STATE_ERR.
Because of this, subsequent completion softirqs for successful
requests will BUG_ON.
We should let higher layers know of completion of successful
requests. Hence change the BUG_ON to WARN_ON and skip
blk_end_request() only if the corresponding request has
an error (instead of checking if the cmdq state is in error)
Change-Id: Ieb7f9d12ba04b6ab6499bf29f3716b0ddfb880fb
Signed-off-by: Pradeep P V K <ppvk@codeaurora.org>
In the code, start_fetch can try to access the buffer
pointer variable after free, as the same pointer can
can be freed at RELEASE_BUF call too at the same time.
Hence fixing this race condition.
Change-Id: I05825fb3423f95bc251e79416de50dc32cf086dc
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
The user-space may send regulatory hint that has cellular sub-type
enabled. To process such events, enable
CONFIG_CFG80211_REG_CELLULAR_HINTS.
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Change-Id: I79aceece8e7f17bbcf8186b03c74d82be82c5a4c
CRs-Fixed: 2201959
Check for CAP_NET_ADMIN capability of the user
space application who tries to access rmnet driver IOCTL.
Change-Id: If6bb4b54659306c5103b5e34bf02c7234c851e0a
CRs-Fixed: 2226355
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
