Issue:
When total_steps is updated, after that, copy_from_user
fails with an error, then, i2c_reg_tbl is not allocated.
In this case, when calling msm_actuator_parse_i2c_params,
it lead to out-of-bound memory write.
Fix:
1) Assign total_steps to zero when error from copying.
2) Add NULL pointer check for i2c tbl.
3) Fixing the issue where the function can return
with an error code leaving "a_ctrl->i2c_reg_tbl"
and "a_ctrl->total_steps" out of sync.
Change-Id: Ib46deceb7bd8efff1cb606b894396e7016271dd3
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
The ath10k wlan firmware supports GTK rekeying while asleep.
Enable GTK rekeying failure wakeup source in wow suspend.
This adds support to wakeup the device from wow suspend
state if GTK rekeying process failed in the wlan firmware.
CRs-Fixed: 2169340
Change-Id: I321a6139d74b0fcf476e961ba83879fae9c39f04
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Variable map may pointing to the same buffer on race conditions
in functions fastrpc_internal_mmap and fastrpc_internal_munmap,
use mutex to avoid race conditions on same buffer.
Change-Id: I96ed884c44a36f574677ba3ba189dfbf2ce3751d
Acked-by: Krishnaiah Tadakamalla <ktadakam@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Currently, recharge SOC is adjusted based on the SOC at which
charge termination occurs. However, it gets reset back to the
original threshold only if input is removed. This does not work
well if charging resumes again once the battery is out of JEITA
as the recharge SOC threshold stays configured at a lower value.
Fix it by adjusting recharge SOC to the original threshold once
charging begins.
CRs-Fixed: 2163058
Change-Id: I07c714d32ba0005d3b0ff61142928eda58f049d0
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
KTM lmh dcvs frequency mitigation uses given online/first cpu max/min
mitigation request. There can be cases like emergency frequency
mitigation where mitigation request is for a particular cpu only and
online/first cpu may be one of the other cpus from the same cluster.
In this case lmh dcvs takes online/first cpu max request which can be
in no mitigation state. It leads to unmitigated state even though one
of the cpus is triggered.
If device supports cluster mitigation, use min/max request of that
cluster instead of min/max request of given online/first cpu.
It ensures lmh dcvs mitigation if one of the cpu mitigation is
triggered and other unmitigated cpu of same cluster is given as
online/first cpu.
Change-Id: Ibbb913eb67a7f84d4c3658d0edae495990ca9010
Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
To support reset function in virtual clock driver, we register
a reset controller in virtual clock front driver. It is a virtual
reset controller which talks with host backend via virtual clock
message.
Change-Id: I13d48180534110260d66e42f3a02b63c2afcaeca
Signed-off-by: Zhiqiang Tu <ztu@codeaurora.org>
Fix warning that the variable is used before initialized, which
might be treated as error in strict case.
Change-Id: I95a34fa31e87fde2055af745f46f65a0d0402efc
Signed-off-by: Ferry Zhou <tianguiz@codeaurora.org>
AIS camera voting on VFE and ISPIF clocks cause XO shutdown failure.
So, add new AIS manager driver, to control AIS camera clock votes.
Also add a new method in early camera driver to turn on/off clocks
when it's needed.
Change-Id: I43090b51cb29ca9de62dfa191f77b7aa9dae8613
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
Issue:
i2c_reg_tbl may be null under error condition when set param.
then, other actuator function still may use the i2c_reg_tbl as null.
Fix:
1) the assignment total_steps follow on kmalloc buffer.
2) Add NULL pointer check for i2c tbl.
CRs-Fixed: 2152401
Change-Id: Ieec3d88e6dae0177787da0906f53d59ac4f5a624
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
When CONFIG_QCOM_BUS_SCALING is not defined, compilation
error is observed for ufs_qcom_set_bus_vote(), as incorrect
arguments are being passed in its defination. This change
fixes compilation error by passing correct arguments to
ufs_qcom_set_bus_vote() function.
Change-Id: I4c502482bf8dda46fd1352a097ade90f67fe1d73
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Add a sysctl nf_ipv4_defrag_skip to skip defragmentation per
interface. This is set 0 to preserve existing behavior (always
defrag per interface).
This is useful for pure ipv4 forwarding scenarios (without NAT)
in conjunction with xfrm. It appears that network stack defrags
the packets and then forwards them to xfrm which then encrypts
and then later fragments them on a different boundary compared
to the source.
CRs-Fixed: 2140310
Change-Id: I11956284a9692579274e8626f61cc6432232254c
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
add vendor defined get/put function to cache FB and improve hyp performance
Change-Id: I10f7faedc565819aed24c71c0815af571df10b85
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Add kcontrol support for TDM slot width and
slot number configuration for secondary TDM
interface.
CRs-fixed: 2170145
Signed-off-by: Derek Chen <chenche@codeaurora.org>
Change-Id: I573421d005618c07c5735196490385d67f36f89a
Some camera entries are missing in camera dtsi files which are
causing failure on LA XO shutdown. Added all missing automotive
camera entries to dtsi files which are used by camera driver
during LA XO shutdown.
Change-Id: I633ed0788bb1dd6c512c6d6349c3750c19bcdd26
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
Glink does not wait for pil to inform about subsystem up. It triggers
link up on first interrupt processed after ssr, this can cause stability
issues if some delayed interrupt is processed after ssr.
Glink waits for PIL to notify about subsystem up and initializes
its state only after that.
CRs-Fixed: 2165753
Change-Id: I71614e6d7e68bf2fa12ac7f27894492019bd3829
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
The list_for_each macro was not used correctly, where the intermediate
variable would be LIST_POISON, resulting in a untrusted pointer
dereference. Switch to using list_for_each_entry_safe to for safe
removal of a list entry.
Change-Id: I0e0fd5dd9f251b5093d6e9d6335387512ec59249
Signed-off-by: Mahesh Sivasubramanian <msivasub@codeaurora.org>
mmc_host is a virtual device and it doesn't have any pm ops and so during
pm registration of device, no_pm_callback gets set as true. The
mmc_host device is not runtime enabled as it is a virtual device and
mmc_host is the parent device of mmc_card. As the mmc_host is runtime
disabled, mmc_card can runtime suspend/resume without depending on
state of mmc_host during normal operations. During system suspend, the
direct_complete flag of mmc_host device gets set as it has no pm_ops.
When mmc_card successfully suspends, it clears the direct_complete flag
of its parent (mmc_host).
But in certain cases during dpm_suspend, an async error can occur after
suspend work for mmc_card is scheduled and before it gets executed. In
that case, mmc_card suspend work will not clear the direct_complete flag
of mmc_host. When mmc_host suspend comes after that of mmc_card,
it too will skip all actions.
But by this time, the mmc_host device has been added to device_suspended
list. So during resume, mmc_host resume will do dpm resume of mmc_host.
In dpm_resume, all devices which has direct_complete flag set will be
runtime_enabled. This is because, in dpm_suspend, any device with
direct_complete flag will be runtime_disabled. Thus, mmc_host which has
direct_complete flag set, will get runtime enabled during dpm_resume.
This is a problem in pm framework with direct_complete flag
(runtime enabling a device in resume when it was not runtime disabled
in suspend path).
Now that mmc_host device is runtime enabled, to runtime resume the
mmc_card, the pm framework will try to runtime resume the mmc_host
device as well and will fail. This prevents mmc_card from runtime
resuming after a runtime_suspend.
Fix this by adding a dummy suspend_prepare() fn for mmc_host. This
prevents the direct_complete flag of mmc_host device from getting set.
Change-Id: Ib739399027958d17e418e0240684b0b517a02941
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
While assigning msa permission, number of memory region is passed
as an argument within platform private data. This number could
exceed the range of memory region buffer that preallocated. Hence
add size check before accessing region buffer.
Change-Id: I45f4efc7edaa636c861458dab74b1956767d2019
CRs-Fixed: 2101134
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
