commit a0341fc1981a950c1e902ab901e98f60e0e243f3 upstream.
This read handler had a lot of custom logic and wrote outside the bounds of
the provided buffer. This could lead to kernel and userspace memory
corruption. Just use simple_read_from_buffer() with a stack buffer.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 523402fa9101090c91d2033b7ebdfdcf65880488 upstream.
We currently attempt to check whether a physical address range provided
to __ioremap() may be in use by the page allocator by examining the
value of PageReserved for each page in the region - lowmem pages not
marked reserved are presumed to be in use by the page allocator, and
requests to ioremap them fail.
The way we check this has been broken since commit 92923ca3aa ("mm:
meminit: only set page reserved in the memblock region"), because
memblock will typically not have any knowledge of non-RAM pages and
therefore those pages will not have the PageReserved flag set. Thus when
we attempt to ioremap a region outside of RAM we incorrectly fail
believing that the region is RAM that may be in use.
In most cases ioremap() on MIPS will take a fast-path to use the
unmapped kseg1 or xkphys virtual address spaces and never hit this path,
so the only way to hit it is for a MIPS32 system to attempt to ioremap()
an address range in lowmem with flags other than _CACHE_UNCACHED.
Perhaps the most straightforward way to do this is using
ioremap_uncached_accelerated(), which is how the problem was discovered.
Fix this by making use of walk_system_ram_range() to test the address
range provided to __ioremap() against only RAM pages, rather than all
lowmem pages. This means that if we have a lowmem I/O region, which is
very common for MIPS systems, we're free to ioremap() address ranges
within it. A nice bonus is that the test is no longer limited to lowmem.
The approach here matches the way x86 performed the same test after
commit c81c8a1eee ("x86, ioremap: Speed up check for RAM pages") until
x86 moved towards a slightly more complicated check using walk_mem_res()
for unrelated reasons with commit 0e4c12b45aa8 ("x86/mm, resource: Use
PAGE_KERNEL protection for ioremap of memory pages").
Signed-off-by: Paul Burton <paul.burton@mips.com>
Reported-by: Serge Semin <fancer.lancer@gmail.com>
Tested-by: Serge Semin <fancer.lancer@gmail.com>
Fixes: 92923ca3aa ("mm: meminit: only set page reserved in the memblock region")
Cc: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: stable@vger.kernel.org # v4.2+
Patchwork: https://patchwork.linux-mips.org/patch/19786/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Allow front aux sensor to be connected on device.
Change-Id: I0386c23c77b38200c20581cd85b20c96bf074547
Signed-off-by: Vijay kumar Tumati <vtumati@codeaurora.org>
Early domain services run on cpu1 in LK, so hotplug
cpu1 once early domain services are finished.
Change-Id: I23b57b8b7460c5740083b27af72251b2fad78ed4
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
Enable the diagfwd-usb platform driver for MSM8996
CV2X boards. This is used to forward diag data from MDM
via USB.
Change-Id: I816e82c25ca623c47c541e4e790e22b90c55da41
Signed-off-by: Gustavo Solaira <gustavos@codeaurora.org>
Some devices need diag via USB even when MHI is used
for rmnet and qmi tethering. This is because of lack
of support for diagfwd for mhi_dev in Linux.
Change-Id: Ie0ec19ee109d49aa409d1df3ad5ca24b75de7102
Signed-off-by: Gustavo Solaira <gustavos@codeaurora.org>
Add support for creation of diag traffic channel in case
the connected device has 0x05C6 VID and 0x901D PID.
0x901D : DIAG + ADB
Change-Id: I6df0aca714f10ea7d854f621e19da1388a7e7d5c
Signed-off-by: Gustavo Solaira <gustavos@codeaurora.org>
Enable DIAG and IPC bridge driver on msm8996 auto to support
interfacing with DIAG and QMI interfaces.
Change-Id: I8b32bdfc6aa29c090b21512e202c2822b9752a48
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Disable the diag_smux code to fix the build with
diagfwd USB enabled since the dependencies for
diag_smux are not available it is deprecated in
this kernel version.
Change-Id: I6a8bc3a34f67ed5b1ca175cad0b3067e2c2df199
Signed-off-by: Gustavo Solaira <gustavos@codeaurora.org>
IPC logging is for debugging purpose and
it may disabled in kernel anytime.
From IPA driver printing the error log on IPC
create context is misleading.
Instead of error, make it as debug.
Change-Id: Icee2b1ad9fcef446f79dfc71f554a24a90ea3d2d
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
This change is done to disable the hdmi scrambler related display
kernel error messages in the boot logs.
Change-Id: I7f9284c3d64e291ef9c6442e7e89f6551cbce8d6
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
HDMI display on auto boards has disabled pluggable function
and hardcoded 1080p mode for output. So ddc related function
should also be skipped. Otherwise, some error messages are
printed when accessing ddc.
Change-Id: I42694b0586dd870e7881b422cd3d6ee960276b17
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Fix the %p format prints with %pK.
Change-Id: I1743bacb76c1db4bfa304146f7d391751b35273c
Signed-off-by: Lakshmi Narayana Kalavala <lkalaval@codeaurora.org>
Signed-off-by: Navid Bahrani <nbahrani@codeaurora.org>
Add documentation for new PHY clock skew parameters
in the neutrino driver.
Change-Id: Ibefa49ef0f91e42e3bb6d050eeac4a4adfc67ee1
Signed-off-by: Aditya Mathur <aditmath@codeaurora.org>
This mutex lock will help to synchronise the usage of iommu domain
structure which is getting used by multiple threads to perform
iommu attach and iommu detach in case of any error.
Without this change we are seeing page poisoning - write after free
when running stress tests using iommu-debug test cases.
Change-Id: I388a90084ab8cc7e7097bac9a41ed5fed6dad312
Acked-by: Ankur Saxena <c_ankusa@qti.qualcomm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@codeaurora.org>
Signed-off-by: VENKATA RAO KAKANI <vkakani@codeaurora.org>
Sched governor was removed in df147c9e33
and this probably was left here by mistake. Remove it to avoid confusion.
Signed-off-by: Artem Borisov <dedsa2002@gmail.com>
Use proper interrupt type from the device tree for gpio interrupt
from CAN controller in qti-can driver as irq type may vary with
different targets.
Change-Id: If08c3f6d53fc6e8b7a55be47705c5a1841c0c913
Signed-off-by: Balachandra C S <balacs@codeaurora.org>
Use the proper device tree property in qti-can driver for enabling
can-fd feature.
Change-Id: I4c59e7037a8e0f4972603aceb65138a190080074
Signed-off-by: Balachandra C S <balacs@codeaurora.org>
Add IOCTL command to indicate the controller that firmware update
file end of file is reached.
Change-Id: Ib538ff68a4b974234ce541696d38772e7065b7d8
Signed-off-by: Balachandra C S <balacs@codeaurora.org>
Ignore the data from spi if data read happens to be 0xFF.
Change-Id: Ib1f28b70ee11e99f73a80166df56132371076f86
Signed-off-by: Balachandra C S <balacs@codeaurora.org>
In some cases, observed that vfe node information is
not filled in the stream information, this will lead
to a null pointer access. To avoid such scenarios,
a null check is added.
Change-Id: Ibe8e095629574e2d8b8fbb097449d49bc0a762b3
Signed-off-by: Shobhit Singh <shobsi@codeaurora.org>
PCIe bus related APIs should not directly called from common files.
Instead, create equivalent abstract BUS APIs from where it can
decide which corresponding PCIe bus APIs to be invoked. This will
help to extend other buses like USB and SDIO in the future.
Change-Id: I1f115173f2e6c34e3a8cb6f975349112f52697e4
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Bus layer is a shim layer for potential buses (PCIe, USB and SDIO)
of WLAN devices. It abstracts all the bus related APIs for common
files of the driver so that it can help make them bus independent.
Change-Id: I06e19a26d34168fe0fcc65229a4519b868cd97c1
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Send dummy board data file to firmware if bdf_bypass is enabled,
no matter the real file is present or not.
Change-Id: I042d0ce7190fa56f362baf99c5847edf50419377
Signed-off-by: Yue Ma <yuem@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltGDlAACgkQONu9yGCS
aT4Snw/+N3Z1IpnNbtyt8i+ZgKv3B36t4bcKGRklAye7jfNPEg2nNaJxMDLNrXoE
6sUVPmle5ktDy4Kd2yfA900MkL4Z9UVD4JwufTf7tRtYgiLM+Xc0Dvx3cflgEcoq
uEUy5W+GLQflVddhdCgthKohHXVggRg4auydCr0YsvmnNiQpb/VRgKE8dWpVimQk
sV9/ZgBcG6nxi7ukpPXVMuVqs7N1nTWFagz271KdxkiOMBkEvDdqvt1gdFKk9e39
8d5iksU5dBLYHED0ihAQtpA04Pxp8nsT79h6m/pGcO0bYf2DI+f+CPkb3r5z7C2l
Dv1047Qe6VOKtgV/2914bTz2ZQaCofqM0Q+AqGPoSehBH6eOS/LCi8Hhd+FQJTjx
J7zzKlYIOZYk2eQicxKDL4Twn+jZt+dBH7qPuf4k3yTy5FFeTyR7uSLL0aIQ9ubh
4VqGVY+MN40/74Znlu1pullGUlRAFcpjvscDmMISFxpBHazLHZmCEC9NGv2x6YQx
ORLibcKO2aOa6ouwtlwuGxmM8dCwc3H5adsZtYdDs0k6E+OTki7D2mh3tZbl5ESp
VZ6u319XVqxDVoVm1tCS5LywEY0LZ1WevbFlN9VN9YqEKB+VyImxqN7l33MWuvqT
TOt4RjV+RS9rwaqA5HAbQGsPvPYsu0CvNyswbMs5O0/3CIFWZUA=
=jY+8
-----END PGP SIGNATURE-----
Merge 4.4.140 into android-4.4
Changes in 4.4.140
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
USB: serial: cp210x: add CESINEL device ids
USB: serial: cp210x: add Silicon Labs IDs for Windows Update
n_tty: Fix stall at n_tty_receive_char_special().
staging: android: ion: Return an ERR_PTR in ion_map_kernel
n_tty: Access echo_* variables carefully.
x86/boot: Fix early command-line parsing when matching at end
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
i2c: rcar: fix resume by always initializing registers before transfer
ipv4: Fix error return value in fib_convert_metrics()
kprobes/x86: Do not modify singlestep buffer while resuming
nvme-pci: initialize queue memory before interrupts
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
ARM: dts: imx6q: Use correct SDMA script for SPI5 core
ubi: fastmap: Correctly handle interrupted erasures in EBA
mm: hugetlb: yield when prepping struct pages
tracing: Fix missing return symbol in function_graph output
scsi: sg: mitigate read/write abuse
s390: Correct register corruption in critical section cleanup
drbd: fix access after free
cifs: Fix infinite loop when using hard mount option
jbd2: don't mark block as modified if the handle is out of credits
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: only look at the bg_flags field if it is valid
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: add more inode number paranoia checks
ext4: add more mount time checks of the superblock
ext4: check superblock mapped prior to committing
HID: i2c-hid: Fix "incomplete report" noise
HID: hiddev: fix potential Spectre v1
HID: debug: check length before copy_to_user()
x86/mce: Detect local MCEs properly
x86/mce: Fix incorrect "Machine check from unknown source" message
media: cx25840: Use subdev host data for PLL override
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
dm bufio: avoid sleeping while holding the dm_bufio lock
dm bufio: drop the lock when doing GFP_NOIO allocation
mtd: rawnand: mxc: set spare area size register explicitly
dm bufio: don't take the lock in dm_bufio_shrink_count
mtd: cfi_cmdset_0002: Change definition naming to retry write operation
mtd: cfi_cmdset_0002: Change erase functions to retry for error
mtd: cfi_cmdset_0002: Change erase functions to check chip good only
netfilter: nf_log: don't hold nf_log_mutex during user access
staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
Linux 4.4.140
Change-Id: I1eb015e1fee548fb958c7e5eb4754b425cfab6b7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
