Commit graph

121950 commits

Author SHA1 Message Date
Linux Build Service Account
07ab04950a Merge "ARM: dts: msm: Enable auto-calibration for WLED on PM660/PMI8998" 2017-08-11 16:23:53 -07:00
Linux Build Service Account
0cae764de2 Merge "ARM: dts: msm: Add fastrpc vmid flag for sdm660" 2017-08-10 21:36:37 -07:00
Linux Build Service Account
d73a32a9d1 Merge "Revert "ARM: dts: msm: enable ADV7535 on MSM8996Pro Auto CDP lite platform"" 2017-08-10 21:36:35 -07:00
Guchun Chen
ea3c1f1db1 Revert "ARM: dts: msm: enable ADV7535 on MSM8996Pro Auto CDP lite platform"
This reverts commit 9ec3ce38d7.

This change brings one NULL pointer in display kernel booting, which
will bring crash on msm8996 lite board. So revert this commit temporarily.

Change-Id: I7e11b78b47f0e2f2f5cc05a0220f1ff7f3a1addd
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
2017-08-10 17:52:01 +08:00
Tharun Kumar Merugu
46756eb931 ARM: dts: msm: Add fastrpc vmid flag for sdm660
Add a device specific flag for new vmid heap shared feature.

Change-Id: I9be679f9edd0048acbb057ceff4d877c630e4258
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
2017-08-10 02:23:19 -07:00
Linux Build Service Account
0975f1e0b7 Merge "defconfig: msm: Enable PAN emulation" 2017-08-08 16:24:51 -07:00
Linux Build Service Account
1b6a7f7ebb Merge "defconfig: msm: enable fstack-protector-strong" 2017-08-08 09:02:18 -07:00
Linux Build Service Account
cb10479cfa Merge "Merge android-4.4@59ff2e1 (v4.4.78) into msm-4.4" 2017-08-08 09:02:16 -07:00
Linux Build Service Account
0257f99a4d Merge "defconfig: msm: Disable DEVPORT config for msm8998" 2017-08-08 09:02:15 -07:00
Linux Build Service Account
6d76f20002 Merge "ARM: dts: msm: Set FDE key size to 256bit for sdm630" 2017-08-08 09:02:07 -07:00
Mohammed Khajapasha
e2ecce0bc0 defconfig: msm: Disable DEVPORT config for msm8998
Disable CONFIG_DEVPORT config for msm8998.
As selinux policy requires this node to be not
accessible to userspace.


Change-Id: I302d71a56764504ec246ddb6a98d8c07094846e4
Signed-off-by: Mohammed Khajapasha <mkhaja@codeaurora.org>
2017-08-07 14:23:31 +05:30
Neeraj Soni
cab4692597 ARM: dts: msm: Set FDE key size to 256bit for sdm630
Set FDE encryption key size to 256bit for sdm630
target.

Change-Id: I4314c1408fb6cadcdb8d81a02a4dccb55f3f9065
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
2017-08-07 13:29:14 +05:30
Sarada Prasanna Garnayak
45bdc1b602 ARM: dts: msm: Config sleep state for wlan bootstrap pin for msm8996
Configure the sleep state for the wlan bootstrap pin for
msm8996. This configuration helps in power saving during
device sleep state.

CRs-Fixed: 1040537
Change-Id: Ia35f8bba901826b55722cb140c953f32b18610de
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
2017-08-04 11:28:10 -07:00
Sarada Prasanna Garnayak
b094306e99 ARM: dts: msm: add fixed regulator support for wlan_en for msm8996
The QCA wlan chipset uses tlmm, msm and pmic gpio for the WLAN_EN
signal pin. The tlmm or msm gpio uses pinctrl or gpio library for
configuring the sleep/active state runtime.

The pmic gpio runtime configuration is not feasible using gpio
library or pinctrl framework. Convert the pmic gpio to fixed
regulator to runtime control(enable/disable) via regulator framework.

CRs-Fixed: 1040537
Change-Id: I4963c2753b463d5852a847a20fe280107abca337
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
2017-08-04 11:28:03 -07:00
Blagovest Kolenichev
b65ef47237 Merge android-4.4@59ff2e1 (v4.4.78) into msm-4.4
* refs/heads/tmp-59ff2e1
  Linux 4.4.78
  kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
  kvm: vmx: Check value written to IA32_BNDCFGS
  kvm: x86: Guest BNDCFGS requires guest MPX support
  kvm: vmx: Do not disable intercepts for BNDCFGS
  KVM: x86: disable MPX if host did not enable MPX XSAVE features
  tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results
  PM / QoS: return -EINVAL for bogus strings
  PM / wakeirq: Convert to SRCU
  sched/topology: Optimize build_group_mask()
  sched/topology: Fix overlapping sched_group_mask
  crypto: caam - fix signals handling
  crypto: sha1-ssse3 - Disable avx2
  crypto: atmel - only treat EBUSY as transient if backlog
  crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
  mm: fix overflow check in expand_upwards()
  tpm: Issue a TPM2_Shutdown for TPM2 devices.
  Add "shutdown" to "struct class".
  tpm: Provide strong locking for device removal
  tpm: Get rid of chip->pdev
  selftests/capabilities: Fix the test_execve test
  mnt: Make propagate_umount less slow for overlapping mount propagation trees
  mnt: In propgate_umount handle visiting mounts in any order
  mnt: In umount propagation reparent in a separate pass
  vt: fix unchecked __put_user() in tioclinux ioctls
  exec: Limit arg stack to at most 75% of _STK_LIM
  s390: reduce ELF_ET_DYN_BASE
  powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
  arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
  arm: move ELF_ET_DYN_BASE to 4MB
  binfmt_elf: use ELF_ET_DYN_BASE only for PIE
  checkpatch: silence perl 5.26.0 unescaped left brace warnings
  fs/dcache.c: fix spin lockup issue on nlru->lock
  mm/list_lru.c: fix list_lru_count_node() to be race free
  kernel/extable.c: mark core_kernel_text notrace
  tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth
  parisc/mm: Ensure IRQs are off in switch_mm()
  parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
  parisc: use compat_sys_keyctl()
  parisc: Report SIGSEGV instead of SIGBUS when running out of stack
  irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
  cfg80211: Check if PMKID attribute is of expected size
  cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
  cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
  brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
  rds: tcp: use sock_create_lite() to create the accept socket
  vrf: fix bug_on triggered by rx when destroying a vrf
  net: ipv6: Compare lwstate in detecting duplicate nexthops
  ipv6: dad: don't remove dynamic addresses if link is down
  net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
  bpf: prevent leaking pointer via xadd on unpriviledged
  net: prevent sign extension in dev_get_stats()
  tcp: reset sk_rx_dst in tcp_disconnect()
  net: dp83640: Avoid NULL pointer dereference.
  ipv6: avoid unregistering inet6_dev for loopback
  net/phy: micrel: configure intterupts after autoneg workaround
  net: sched: Fix one possible panic when no destroy callback
  net_sched: fix error recovery at qdisc creation
  ANDROID: android-verity: mark dev as rw for linear target
  ANDROID: sdcardfs: Remove unnecessary lock
  ANDROID: binder: don't check prio permissions on restore.
  Add BINDER_GET_NODE_DEBUG_INFO ioctl
  UPSTREAM: cpufreq: schedutil: Trace frequency only if it has changed
  UPSTREAM: cpufreq: schedutil: Avoid reducing frequency of busy CPUs prematurely
  UPSTREAM: cpufreq: schedutil: Refactor sugov_next_freq_shared()
  UPSTREAM: cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start()
  UPSTREAM: cpufreq: schedutil: Pass sg_policy to get_next_freq()
  UPSTREAM: cpufreq: schedutil: move cached_raw_freq to struct sugov_policy
  UPSTREAM: cpufreq: schedutil: Rectify comment in sugov_irq_work() function
  UPSTREAM: cpufreq: schedutil: irq-work and mutex are only used in slow path
  UPSTREAM: cpufreq: schedutil: enable fast switch earlier
  UPSTREAM: cpufreq: schedutil: Avoid indented labels
  Linux 4.4.77
  saa7134: fix warm Medion 7134 EEPROM read
  x86/mm/pat: Don't report PAT on CPUs that don't support it
  ext4: check return value of kstrtoull correctly in reserved_clusters_store
  staging: comedi: fix clean-up of comedi_class in comedi_init()
  staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
  tcp: fix tcp_mark_head_lost to check skb len before fragmenting
  md: fix super_offset endianness in super_1_rdev_size_change
  md: fix incorrect use of lexx_to_cpu in does_sb_need_changing
  perf tools: Use readdir() instead of deprecated readdir_r() again
  perf tests: Remove wrong semicolon in while loop in CQM test
  perf trace: Do not process PERF_RECORD_LOST twice
  perf dwarf: Guard !x86_64 definitions under #ifdef else clause
  perf pmu: Fix misleadingly indented assignment (whitespace)
  perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
  perf tools: Remove duplicate const qualifier
  perf script: Use readdir() instead of deprecated readdir_r()
  perf thread_map: Use readdir() instead of deprecated readdir_r()
  perf tools: Use readdir() instead of deprecated readdir_r()
  perf bench numa: Avoid possible truncation when using snprintf()
  perf tests: Avoid possible truncation with dirent->d_name + snprintf
  perf scripting perl: Fix compile error with some perl5 versions
  perf thread_map: Correctly size buffer used with dirent->dt_name
  perf intel-pt: Use __fallthrough
  perf top: Use __fallthrough
  tools strfilter: Use __fallthrough
  tools string: Use __fallthrough in perf_atoll()
  tools include: Add a __fallthrough statement
  mqueue: fix a use-after-free in sys_mq_notify()
  RDMA/uverbs: Check port number supplied by user verbs cmds
  KEYS: Fix an error code in request_master_key()
  ath10k: override CE5 config for QCA9377
  x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings
  x86/tools: Fix gcc-7 warning in relocs.c
  gfs2: Fix glock rhashtable rcu bug
  USB: serial: qcserial: new Sierra Wireless EM7305 device ID
  USB: serial: option: add two Longcheer device ids
  pinctrl: sh-pfc: Update info pointer after SoC-specific init
  pinctrl: mxs: atomically switch mux and drive strength config
  pinctrl: sunxi: Fix SPDIF function name for A83T
  pinctrl: meson: meson8b: fix the NAND DQS pins
  pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data
  sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec
  sysctl: don't print negative flag for proc_douintvec
  mac80211_hwsim: Replace bogus hrtimer clockid
  usb: Fix typo in the definition of Endpoint[out]Request
  usb: usbip: set buffer pointers to NULL after free
  Add USB quirk for HVR-950q to avoid intermittent device resets
  USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  usb: dwc3: replace %p with %pK
  drm/virtio: don't leak bo on drm_gem_object_init failure
  tracing/kprobes: Allow to create probe with a module name starting with a digit
  mm: fix classzone_idx underflow in shrink_zones()
  bgmac: reset & enable Ethernet core before using it
  driver core: platform: fix race condition with driver_override
  fs: completely ignore unknown open flags
  fs: add a VALID_OPEN_FLAGS
  ANDROID: binder: add RT inheritance flag to node.
  ANDROID: binder: improve priority inheritance.
  ANDROID: binder: add min sched_policy to node.
  ANDROID: binder: add support for RT prio inheritance.
  ANDROID: binder: push new transactions to waiting threads.
  ANDROID: binder: remove proc waitqueue
  FROMLIST: binder: remove global binder lock
  FROMLIST: binder: fix death race conditions
  FROMLIST: binder: protect against stale pointers in print_binder_transaction
  FROMLIST: binder: protect binder_ref with outer lock
  FROMLIST: binder: use inner lock to protect thread accounting
  FROMLIST: binder: protect transaction_stack with inner lock.
  FROMLIST: binder: protect proc->threads with inner_lock
  FROMLIST: binder: protect proc->nodes with inner lock
  FROMLIST: binder: add spinlock to protect binder_node
  FROMLIST: binder: add spinlocks to protect todo lists
  FROMLIST: binder: use inner lock to sync work dq and node counts
  FROMLIST: binder: introduce locking helper functions
  FROMLIST: binder: use node->tmp_refs to ensure node safety
  FROMLIST: binder: refactor binder ref inc/dec for thread safety
  FROMLIST: binder: make sure accesses to proc/thread are safe
  FROMLIST: binder: make sure target_node has strong ref
  FROMLIST: binder: guarantee txn complete / errors delivered in-order
  FROMLIST: binder: refactor binder_pop_transaction
  FROMLIST: binder: use atomic for transaction_log index
  FROMLIST: binder: add more debug info when allocation fails.
  FROMLIST: binder: protect against two threads freeing buffer
  FROMLIST: binder: remove dead code in binder_get_ref_for_node
  FROMLIST: binder: don't modify thread->looper from other threads
  FROMLIST: binder: avoid race conditions when enqueuing txn
  FROMLIST: binder: refactor queue management in binder_thread_read
  FROMLIST: binder: add log information for binder transaction failures
  FROMLIST: binder: make binder_last_id an atomic
  FROMLIST: binder: change binder_stats to atomics
  FROMLIST: binder: add protection for non-perf cases
  FROMLIST: binder: remove binder_debug_no_lock mechanism
  FROMLIST: binder: move binder_alloc to separate file
  FROMLIST: binder: separate out binder_alloc functions
  FROMLIST: binder: remove unneeded cleanup code
  FROMLIST: binder: separate binder allocator structure from binder proc
  FROMLIST: binder: Use wake up hint for synchronous transactions.
  Revert "android: binder: move global binder state into context struct."
  sched: walt: fix window misalignment when HZ=300
  ANDROID: android-base.cfg: remove CONFIG_CGROUP_DEBUG
  ANDROID: sdcardfs: use mount_nodev and fix a issue in sdcardfs_kill_sb

Conflicts:
	drivers/android/binder.c
	drivers/net/wireless/ath/ath10k/pci.c

Change-Id: Ic6f82c2ec9929733a16a03bb3b745187e002f4f6
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
2017-08-04 07:53:32 -07:00
Linux Build Service Account
d56f94c6dc Merge "ARM: dts: msm: Add physical width and height for sharp 4k panel" 2017-08-03 20:51:22 -07:00
Imran Khan
55d5a7cdf8 defconfig: msm: enable fstack-protector-strong
Enable CC_STACKPROTECTOR_STRONG option for msm so that we
can make use of stack protector feature provided by compiler.

Change-Id: I28cfe711f42b7ad4d52a59169df6c72ec3458a12
Signed-off-by: Imran Khan <kimran@codeaurora.org>
2017-08-03 17:10:50 +05:30
Ramakrishna Gottimukkula
a66decc8b6 defconfig: msm: Enable PAN emulation
Privilege Access Never (PAN) enforces the usage of
copy_to_user/copy_from_user and friends when kernel accesses data from
user space. If user space memory is accessed outside of these functions
a kernel panic occurs.

Change-Id: Iacd5b3b2e1fd97487a4cd13ec96cb3508717d5fb
Signed-off-by: Ramakrishna Gottimukkula <rgottimu@codeaurora.org>
2017-08-03 13:38:27 +05:30
Ramakrishna Gottimukkula
2e7b372155 defconfig: msm: Enable hardened user copy
Hardened user copy provides an extra layer of security checks when
copy_to_user/copy_from_user APIs are used to ensure data accesses are
valid. When invalid accesses are detected the kernel will forcibly
crash.

Change-Id: Ie13ef8a6ee1a3431d43c57a4b7d6e14985e5c33a
Signed-off-by: Ramakrishna Gottimukkula <rgottimu@codeaurora.org>
2017-08-03 13:34:22 +05:30
Anirudh Ghayal
d3911a7c41 ARM: dts: msm: Enable auto-calibration for WLED on PM660/PMI8998
The auto-calibration logic dynamically detects the valid
strings (sinks) configured for that target.

CRs-Fixed: 2011194
Change-Id: Id6c9c148d1662baca33d3cde343aafff40b27c22
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
2017-08-02 14:20:07 +05:30
Vishnuvardhan Prodduturi
1eb04f10c6 ARM: dts: msm: Add physical width and height for sharp 4k panel
Add physical width and height parameters for Sharp 4K panel to
help in setting the right DPI for UI.

Change-Id: If8d841037bb216bfb0b7b0aa0fc4a1db5a45500b
Signed-off-by: Vishnuvardhan Prodduturi <vproddut@codeaurora.org>
2017-08-01 02:32:34 -07:00
Linux Build Service Account
6da9e55e26 Merge "ARM: dts: msm: Support Primary TDM Interface for msm8996" 2017-07-31 23:44:01 -07:00
Tirupathi Reddy
4b9f893b62 Revert "ARM: dts: msm: Enable ACD functionality for sdm630 CPU rails"
This reverts commit a4ca7944f4.
There have been stability failures (SPM ack timeouts) due to
ACD. Reverting this patch until the issue is resolved.

CRs-Fixed: 2084607
Change-Id: I407e4ecc5bd7af738c0d0599d1fa57007e959495
Signed-off-by: Tirupathi Reddy <tirupath@codeaurora.org>
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
2017-07-30 21:19:28 +05:30
Linux Build Service Account
d0b9794078 Merge "ARM: dts: msm: add memory region info for early splash feature on msm8996" 2017-07-28 16:48:57 -07:00
Mohit Aggarwal
cf6a289518 ARM: dts: msm: Make allocation for diag as guaranteed on sdm630
Currently, memshare allocates 5MB memory to diag client on
receiving requests from modem. With the patch diag client
will be considered guaranteed on sdm630 to avoid memory
allocation failure on modem SSRs. Also being guaranteed
client allocated memory will never be freed.

CRs-Fixed: 2054448
Change-Id: I7b0780d064a27e8ebca9d31747ce1f9c18d84fdb
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
2017-07-27 13:43:36 +05:30
Cong Tang
6d70b45cc4 ARM: dts: msm: Support Primary TDM Interface for msm8996
Support Primary TDM Interface for automotive and use optional property
clk-attribute couple_no to mimic PCM mode.

CRs-Fixed: 2083327
Change-Id: I2ef32eac5ecd4740f0985a77241952abca4ebc52
Signed-off-by: Cong Tang <congt@codeaurora.org>
2017-07-26 23:39:37 -07:00
Linux Build Service Account
1c9a156e41 Merge "ARM: dts: msm: enable DP functionality for SDA660 HDK platform" 2017-07-26 08:44:58 -07:00
Linux Build Service Account
123ada77d0 Merge "ARM: dts: msm: Add qseecom device node on msm8996 lfv platform" 2017-07-26 08:44:50 -07:00
zhaoyuan
4234d719d9 ARM: dts: msm: enable DP functionality for SDA660 HDK platform
SDA660 HDK platform has DP hardware blocks, so enable it in the
device tree.

CRs-Fixed: 2064346
Change-Id: Ieb524e37ed2f4cdd5776759b00ec182378ff6ff5
Signed-off-by: zhaoyuan <yzhao@codeaurora.org>
2017-07-26 00:26:29 -07:00
Prasanth Kamuju
db6ebef1cb ARM: dts: msm: Add intermediate voting for DDR in memlat for sdm630
The current vote mapping is not sufficient for the most of the
gaming usecases on sdm630. Added intermediate voting in the
current mapping.

CRs-Fixed: 2033301
Change-Id: Ie376a3ce46ccfd31a067dfa93967bb211e9df97a
Signed-off-by: Prasanth Kamuju <pkamuju@codeaurora.org>
2017-07-25 04:47:50 -07:00
Amit Blay
3d5f64fe8f ARM: dts: msm: Add qseecom device node on msm8996 lfv platform
Add qseecom device node in guest VM configuration.
This commit adds the device node for the qseecom driver,
and also the reserved memory region for the QSEECOM ION heap.

Change-Id: Ibdf80d080208b5ab8530a1c40ecbccc7298ae89b
Signed-off-by: Amit Blay <ablay@codeaurora.org>
2017-07-25 12:15:36 +03:00
Guchun Chen
1faafb0d7c ARM: dts: msm: add memory region info for early splash feature
on msm8996

These two memory regions are for the memory nodes which early
animation/static display will visit. Both are needed to be
processed in kernel handoff sequence.

Change-Id: I36a9b3dcc6b905af4bb8383cfbd1555e8e9bd417
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
2017-07-25 13:47:16 +08:00
Linux Build Service Account
72d01fe5e6 Merge "ARM: dts: msm: Add support for TOF sensor on msm8998 QVR" 2017-07-23 17:32:51 -07:00
Linux Build Service Account
7d24b9b417 Merge "ARM: dts: msm: Add remote debugger device configuration for cdsp" 2017-07-21 20:15:23 -07:00
Linux Build Service Account
44f9f08a04 Merge "ARM: dts: msm: Update bootargs with LPM disabled for msm8996pro" 2017-07-21 11:08:30 -07:00
Greg Kroah-Hartman
59ff2e15be This is the 4.4.78 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAllxlOsACgkQONu9yGCS
 aT4naw//VrWIuIf523IP6egcS+iprNM1lt8HZIzTQ0b2x0qv82UFA9FSs3e97dbG
 LJAUEmHW+oBbm6AekAUrNFF62qaMM5HYxVgGYeiniA1dRvLCDG/OxzxPc0hv6Kmm
 VsbZBlPQEj2B5tqUOkpvQNcqbKpIVglBsK4tjeHE/mRziUkIoPXWKS6Tt7VKGtBa
 gIGY7VASyKhPtxGCdbKzHsO/IGi3cmpwAyhqQDRBR/5Dxy3p9xlQ4gTpobeL+x8z
 A7WHqVNbgfdz21LBii5xE8+GUwiRjlYhxeFJTjhM6wo2/XCtw1FJgc7EMmsbVtbZ
 xYu1/tkYaZGoxOQ7sH5jNgVjE8IcyVimDa5eJ7p7fbh3AzsyXzAJIRc8cS7cL40F
 jLDWrYDnm5t7ziITrAf0uoMmRZLHqS2Bv5sqaoCxR3D51r6LVaNdavD6hYN1CLRA
 fjlDvnvwxbLPI4YPr7PZNu4oSJiawKx9jEBOTFSYu9L1XLvdvdcVU6ULAdpShnLn
 80a+YJmYsNg54im7sxFUw6z87AScznzirIpXEJoUO+Hs0SN9Rq/BQx8cKvVeaMEI
 z53c4Hci45Go/ozZVqCTxGbkQ6tKWIKBSo6kl3xchwms4lmijpWuwbAkDUzECNvv
 0RgyQvNx4d2cRJ8hIVcdVFzp+h+kgNqVQQ2nDld7/1QSZHLPhFo=
 =vrgw
 -----END PGP SIGNATURE-----

Merge 4.4.78 into android-4.4

Changes in 4.4.78
	net_sched: fix error recovery at qdisc creation
	net: sched: Fix one possible panic when no destroy callback
	net/phy: micrel: configure intterupts after autoneg workaround
	ipv6: avoid unregistering inet6_dev for loopback
	net: dp83640: Avoid NULL pointer dereference.
	tcp: reset sk_rx_dst in tcp_disconnect()
	net: prevent sign extension in dev_get_stats()
	bpf: prevent leaking pointer via xadd on unpriviledged
	net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
	ipv6: dad: don't remove dynamic addresses if link is down
	net: ipv6: Compare lwstate in detecting duplicate nexthops
	vrf: fix bug_on triggered by rx when destroying a vrf
	rds: tcp: use sock_create_lite() to create the accept socket
	brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
	cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
	cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
	cfg80211: Check if PMKID attribute is of expected size
	irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
	parisc: Report SIGSEGV instead of SIGBUS when running out of stack
	parisc: use compat_sys_keyctl()
	parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
	parisc/mm: Ensure IRQs are off in switch_mm()
	tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth
	kernel/extable.c: mark core_kernel_text notrace
	mm/list_lru.c: fix list_lru_count_node() to be race free
	fs/dcache.c: fix spin lockup issue on nlru->lock
	checkpatch: silence perl 5.26.0 unescaped left brace warnings
	binfmt_elf: use ELF_ET_DYN_BASE only for PIE
	arm: move ELF_ET_DYN_BASE to 4MB
	arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
	powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
	s390: reduce ELF_ET_DYN_BASE
	exec: Limit arg stack to at most 75% of _STK_LIM
	vt: fix unchecked __put_user() in tioclinux ioctls
	mnt: In umount propagation reparent in a separate pass
	mnt: In propgate_umount handle visiting mounts in any order
	mnt: Make propagate_umount less slow for overlapping mount propagation trees
	selftests/capabilities: Fix the test_execve test
	tpm: Get rid of chip->pdev
	tpm: Provide strong locking for device removal
	Add "shutdown" to "struct class".
	tpm: Issue a TPM2_Shutdown for TPM2 devices.
	mm: fix overflow check in expand_upwards()
	crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
	crypto: atmel - only treat EBUSY as transient if backlog
	crypto: sha1-ssse3 - Disable avx2
	crypto: caam - fix signals handling
	sched/topology: Fix overlapping sched_group_mask
	sched/topology: Optimize build_group_mask()
	PM / wakeirq: Convert to SRCU
	PM / QoS: return -EINVAL for bogus strings
	tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results
	KVM: x86: disable MPX if host did not enable MPX XSAVE features
	kvm: vmx: Do not disable intercepts for BNDCFGS
	kvm: x86: Guest BNDCFGS requires guest MPX support
	kvm: vmx: Check value written to IA32_BNDCFGS
	kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
	Linux 4.4.78

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-07-21 09:14:57 +02:00
Tharun Kumar Merugu
0c74826be7 ARM: dts: msm: Add remote debugger device configuration for cdsp
Adding remote debugger device configuration. The Remote Debugger driver
allows a debugger running on a host PC to communicate with a remote
stub running on peripheral subsystems.

Change-Id: I4aa40846efbf11739d81a9fbe22df811903d8eee
Acked-by: Chenna Kesava Raju <chennak@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
2017-07-20 23:56:44 -07:00
Haozhong Zhang
3ed43caedf kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
commit 691bd4340bef49cf7e5855d06cf24444b5bf2d85 upstream.

It's easier for host applications, such as QEMU, if they can always
access guest MSR_IA32_BNDCFGS in VMCS, even though MPX is disabled in
guest cpuid.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:45:00 +02:00
Jim Mattson
6ffa92ffae kvm: vmx: Check value written to IA32_BNDCFGS
commit 4531662d1abf6c1f0e5c2b86ddb60e61509786c8 upstream.

Bits 11:2 must be zero and the linear addess in bits 63:12 must be
canonical. Otherwise, WRMSR(BNDCFGS) should raise #GP.

Fixes: 0dd376e709 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save")
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:59 +02:00
Jim Mattson
a40f0ccd4f kvm: x86: Guest BNDCFGS requires guest MPX support
commit 4439af9f911ae0243ffe4e2dfc12bace49605d8b upstream.

The BNDCFGS MSR should only be exposed to the guest if the guest
supports MPX. (cf. the TSC_AUX MSR and RDTSCP.)

Fixes: 0dd376e709 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save")
Change-Id: I3ad7c01bda616715137ceac878f3fa7e66b6b387
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:59 +02:00
Jim Mattson
be6f33a61f kvm: vmx: Do not disable intercepts for BNDCFGS
commit a8b6fda38f80e75afa3b125c9e7f2550b579454b upstream.

The MSR permission bitmaps are shared by all VMs. However, some VMs
may not be configured to support MPX, even when the host does. If the
host supports VMX and the guest does not, we should intercept accesses
to the BNDCFGS MSR, so that we can synthesize a #GP
fault. Furthermore, if the host does not support MPX and the
"ignore_msrs" kvm kernel parameter is set, then we should intercept
accesses to the BNDCFGS MSR, so that we can skip over the rdmsr/wrmsr
without raising a #GP fault.

Fixes: da8999d318 ("KVM: x86: Intel MPX vmx and msr handle")
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:59 +02:00
Paolo Bonzini
c6f3576ed0 KVM: x86: disable MPX if host did not enable MPX XSAVE features
commit a87036add09283e6c4f4103a15c596c67b86ab86 upstream.

When eager FPU is disabled, KVM will still see the MPX bit in CPUID and
presumably the MPX vmentry and vmexit controls.  However, it will not
be able to expose the MPX XSAVE features to the guest, because the guest's
accessible XSAVE features are always a subset of host_xcr0.

In this case, we should disable the MPX CPUID bit, the BNDCFGS MSR,
and the MPX vmentry and vmexit controls for nested virtualization.
It is then unnecessary to enable guest eager FPU if the guest has the
MPX CPUID bit set.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:59 +02:00
Herbert Xu
f1bf5d83a9 crypto: sha1-ssse3 - Disable avx2
commit b82ce24426a4071da9529d726057e4e642948667 upstream.

It has been reported that sha1-avx2 can cause page faults by reading
beyond the end of the input.  This patch disables it until it can be
fixed.

Fixes: 7c1da8d0d0 ("crypto: sha - SHA1 transform x86_64 AVX2")
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:58 +02:00
Kees Cook
7888c0296c s390: reduce ELF_ET_DYN_BASE
commit a73dc5370e153ac63718d850bddf0c9aa9d871e6 upstream.

Now that explicitly executed loaders are loaded in the mmap region, we
have more freedom to decide where we position PIE binaries in the
address space to avoid possible collisions with mmap or stack regions.

For 64-bit, align to 4GB to allow runtimes to use the entire 32-bit
address space for 32-bit pointers.  On 32-bit use 4MB, which is the
traditional x86 minimum load location, likely to avoid historically
requiring a 4MB page table entry when only a portion of the first 4MB
would be used (since the NULL address is avoided).  For s390 the
position could be 0x10000, but that is needlessly close to the NULL
address.

Link: http://lkml.kernel.org/r/1498154792-49952-5-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:57 +02:00
Kees Cook
72a333a046 powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
commit 47ebb09d54856500c5a5e14824781902b3bb738e upstream.

Now that explicitly executed loaders are loaded in the mmap region, we
have more freedom to decide where we position PIE binaries in the
address space to avoid possible collisions with mmap or stack regions.

For 64-bit, align to 4GB to allow runtimes to use the entire 32-bit
address space for 32-bit pointers.  On 32-bit use 4MB, which is the
traditional x86 minimum load location, likely to avoid historically
requiring a 4MB page table entry when only a portion of the first 4MB
would be used (since the NULL address is avoided).

Link: http://lkml.kernel.org/r/1498154792-49952-4-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:57 +02:00
Kees Cook
43cf90f788 arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
commit 02445990a96e60a67526510d8b00f7e3d14101c3 upstream.

Now that explicitly executed loaders are loaded in the mmap region, we
have more freedom to decide where we position PIE binaries in the
address space to avoid possible collisions with mmap or stack regions.

For 64-bit, align to 4GB to allow runtimes to use the entire 32-bit
address space for 32-bit pointers.  On 32-bit use 4MB, to match ARM.
This could be 0x8000, the standard ET_EXEC load address, but that is
needlessly close to the NULL address, and anyone running arm compat PIE
will have an MMU, so the tight mapping is not needed.

Link: http://lkml.kernel.org/r/1498251600-132458-4-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:57 +02:00
Kees Cook
d2471b5e84 arm: move ELF_ET_DYN_BASE to 4MB
commit 6a9af90a3bcde217a1c053e135f5f43e5d5fafbd upstream.

Now that explicitly executed loaders are loaded in the mmap region, we
have more freedom to decide where we position PIE binaries in the
address space to avoid possible collisions with mmap or stack regions.

4MB is chosen here mainly to have parity with x86, where this is the
traditional minimum load location, likely to avoid historically
requiring a 4MB page table entry when only a portion of the first 4MB
would be used (since the NULL address is avoided).

For ARM the position could be 0x8000, the standard ET_EXEC load address,
but that is needlessly close to the NULL address, and anyone running PIE
on 32-bit ARM will have an MMU, so the tight mapping is not needed.

Link: http://lkml.kernel.org/r/1498154792-49952-2-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
Cc: Grzegorz Andrejczuk <grzegorz.andrejczuk@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Qualys Security Advisory <qsa@qualys.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:57 +02:00
Kees Cook
7eb968cd04 binfmt_elf: use ELF_ET_DYN_BASE only for PIE
commit eab09532d40090698b05a07c1c87f39fdbc5fab5 upstream.

The ELF_ET_DYN_BASE position was originally intended to keep loaders
away from ET_EXEC binaries.  (For example, running "/lib/ld-linux.so.2
/bin/cat" might cause the subsequent load of /bin/cat into where the
loader had been loaded.)

With the advent of PIE (ET_DYN binaries with an INTERP Program Header),
ELF_ET_DYN_BASE continued to be used since the kernel was only looking
at ET_DYN.  However, since ELF_ET_DYN_BASE is traditionally set at the
top 1/3rd of the TASK_SIZE, a substantial portion of the address space
is unused.

For 32-bit tasks when RLIMIT_STACK is set to RLIM_INFINITY, programs are
loaded above the mmap region.  This means they can be made to collide
(CVE-2017-1000370) or nearly collide (CVE-2017-1000371) with
pathological stack regions.

Lowering ELF_ET_DYN_BASE solves both by moving programs below the mmap
region in all cases, and will now additionally avoid programs falling
back to the mmap region by enforcing MAP_FIXED for program loads (i.e.
if it would have collided with the stack, now it will fail to load
instead of falling back to the mmap region).

To allow for a lower ELF_ET_DYN_BASE, loaders (ET_DYN without INTERP)
are loaded into the mmap region, leaving space available for either an
ET_EXEC binary with a fixed location or PIE being loaded into mmap by
the loader.  Only PIE programs are loaded offset from ELF_ET_DYN_BASE,
which means architectures can now safely lower their values without risk
of loaders colliding with their subsequently loaded programs.

For 64-bit, ELF_ET_DYN_BASE is best set to 4GB to allow runtimes to use
the entire 32-bit address space for 32-bit pointers.

Thanks to PaX Team, Daniel Micay, and Rik van Riel for inspiration and
suggestions on how to implement this solution.

Fixes: d1fd836dcf ("mm: split ET_DYN ASLR from mmap ASLR")
Link: http://lkml.kernel.org/r/20170621173201.GA114489@beast
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Qualys Security Advisory <qsa@qualys.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Grzegorz Andrejczuk <grzegorz.andrejczuk@intel.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:57 +02:00
Helge Deller
b291457465 parisc/mm: Ensure IRQs are off in switch_mm()
commit 649aa24254e85bf6bd7807dd372d083707852b1f upstream.

This is because of commit f98db6013c55 ("sched/core: Add switch_mm_irqs_off()
and use it in the scheduler") in which switch_mm_irqs_off() is called by the
scheduler, vs switch_mm() which is used by use_mm().

This patch lets the parisc code mirror the x86 and powerpc code, ie. it
disables interrupts in switch_mm(), and optimises the scheduler case by
defining switch_mm_irqs_off().

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:56 +02:00
Thomas Bogendoerfer
635a58225c parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
commit 33f9e02495d15a061f0c94ef46f5103a2d0c20f3 upstream.

Enabling parport pc driver on a B2600 (and probably other 64bit PARISC
systems) produced following BUG:

CPU: 0 PID: 1 Comm: swapper Not tainted 4.12.0-rc5-30198-g1132d5e #156
task: 000000009e050000 task.stack: 000000009e04c000

     YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
PSW: 00001000000001101111111100001111 Not tainted
r00-03  000000ff0806ff0f 000000009e04c990 0000000040871b78 000000009e04cac0
r04-07  0000000040c14de0 ffffffffffffffff 000000009e07f098 000000009d82d200
r08-11  000000009d82d210 0000000000000378 0000000000000000 0000000040c345e0
r12-15  0000000000000005 0000000040c345e0 0000000000000000 0000000040c9d5e0
r16-19  0000000040c345e0 00000000f00001c4 00000000f00001bc 0000000000000061
r20-23  000000009e04ce28 0000000000000010 0000000000000010 0000000040b89e40
r24-27  0000000000000003 0000000000ffffff 000000009d82d210 0000000040c14de0
r28-31  0000000000000000 000000009e04ca90 000000009e04cb40 0000000000000000
sr00-03  0000000000000000 0000000000000000 0000000000000000 0000000000000000
sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000

IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000404aece0 00000000404aece4
 IIR: 03ffe01f    ISR: 0000000010340000  IOR: 000001781304cac8
 CPU:        0   CR30: 000000009e04c000 CR31: 00000000e2976de2
 ORIG_R28: 0000000000000200
 IAOQ[0]: sba_dma_supported+0x80/0xd0
 IAOQ[1]: sba_dma_supported+0x84/0xd0
 RP(r2): parport_pc_probe_port+0x178/0x1200

Cause is a call to dma_coerce_mask_and_coherenet in parport_pc_probe_port,
which PARISC DMA API doesn't handle very nicely. This commit gives back
DMA_ERROR_CODE for DMA API calls, if device isn't capable of DMA
transaction.

Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:56 +02:00