The region index for bivcm is not validated against the region size.
This causes out-of-bound read on the KASAN kernel.
Add restriction that region index smaller than region size.
CRs-Fixed: 2379514
Change-Id: I72c4a41a4b41c8fa70c174ffd3215a81eaa14355
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
Add check for minimum length before typecasting to build mask
structure to prevent out of bound access.
CRs-Fixed: 2431005
Change-Id: I97b439ead62c8a67869c9209442ef771308f2d3f
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Structures in shared memory that can be modified by remote
processors may have untrusted values, they should be validated
before use.
Adding proper validation before using fields of shared
structures.
CRs-Fixed: 2421602
Change-Id: I947ed5b0fe5705e5223d75b0ea8aafb36113ca5a
Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org>
Since DSP is not supposed to modify the base pointer rpra of the
input/output arguments offloaded to DSP, maintain a local copy of
the pointer and use it after receiving interrupt from DSP.
Change-Id: I4afade7184cb2aca148060fb0cda06c6174f3b55
Acked-by: Maitreyi Gupta <maitreyi@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
* This change makes WiFi report invalid signal strength.
This reverts commit be468730d315e973e9936da275b06600d0ce276c.
Change-Id: I01094049520ea706c27e00f316539f9d9d53bbc7
* Makes the device get stuck on splash screen
when booting in offline charging mode.
This reverts commit b03b261cfc.
Change-Id: I79fc04a43a7995c1015464b2d3c481200ddcaf8d
Add proper check for validating the IP type while
sending request for ul-filter-rule install.
Change-Id: I170230310884f176cf41d5ae20287f6d74a4bc29
Signed-off-by: Praveen Kurapati <pkurapat@codeaurora.org>
Add support for 16ch playback and record usecase support
for primary and quaternary TDM ports.
Add mixer controls to set slot width, slot mapping and
calculate bit clock dynamically. Set bit clock for all
TDM ports dynamically.
Change-Id: I9d356d61f29ba18dd77138bd895139042a3c01f6
Signed-off-by: Dhanalakshmi Siddani <dsiddani@codeaurora.org>
Update max channels supported for TDM ports from 8 to 16.
Update pcm driver to support 32 channels and 32bit format.
Change-Id: I3d3b42983fff22e0102b9eb2aaca1a5698820605
Signed-off-by: Dhanalakshmi Siddani <dsiddani@codeaurora.org>
dwc3_drd_state_string() will return null for undefined state and
fix it by adding undefined name to state_names.
Change-Id: I40be0b14c098fe2e9d77df3ff1108c3d4d55a30f
Signed-off-by: Vamsi Krishna Samavedam <vskrishn@codeaurora.org>
Introduce additional WAIT_FOR_LPM input flag to ensure USB
enters low power mode after stop_peripheral or stop_host.
This makes sure that USB hardware is reset after LPM for
cases where quick transition to host mode happens while
its child was still preventing dwc3 to enter low power mode.
In the absence of h/w reset after stop_peripheral, host mode
doesn't work.
Change-Id: I67e4fcdc11a3337e3e90b4ca8f461e328a6e8ecf
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
otg_state enum defines states for USB OTG devices. Since, driver
supports only role change (DRD) and no OTG support, hence, instead
of using otg_states create separate drd_state enums.
Change-Id: Ifda1fac712e751c980ce51b60b473e5921f2001d
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
arr_filp is an alias to filp_to_release. It is exposed
to access indices greater than allotted space of 15 bytes,
equal to size of OBJECT_COUNTS_MAX_OO. This change fixes
the stack overflow by taking an independent variable to track
the number of output objects.
Change-Id: Idca9cef3c69693d27d4ca3d0e0b4845fc27c998a
Signed-off-by: Anmolpreet Kaur <anmolpre@codeaurora.org>
currently only NULL pointer check is used to validate the return
value from clk_get, this change to handle all the failures.
This snapshot is taken from auto-kernel.lnx.4.4.c1
ported it from auto-kernel.lnx.4.4.c1 to 4.4
Change-Id: I275cb4717c675baf528e05c50058f2c6b0025011
Signed-off-by: E V Ravi <evenka@codeaurora.org>
In few scenarios, the request frame may get
delayed and current and request frame id may
become same. While user space is informed to
delay a frame in such scenarios, the pattern
shouldn't get reset.
Change-Id: I63f1301fbbe7cba024a686cbd783af25232f1293
Signed-off-by: Meera Gande <mgande@codeaurora.org>
Add check for minimum length before typecasting to build mask
structure to prevent out of bound access while processing
get msg mask command.
CRs-Fixed: 2431047
Change-Id: I5b8341f278b0b46359800e43c604c5671261c728
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
As part of EDID parser, add support to parse extended EDID
Block Map (0xf0) block and parse all subsequent CEA (0x02)
extended EDID Blocks.
Change-Id: I581efae59dde3abf6f297d5a2519ac0088554b64
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
Only Block0 and Block1 of EDID are being read successfully.
Fix EDID segment read failure for Block2 and Block3.
Change-Id: I2d501878c6089b275e77587f3f41416aec2ef389
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
As part of destination scalar on HDMI, INTF3 will be
configured as dual LM single display for higher video
timings. Assign block_id for HDMI INTF.
Change-Id: I09f5eb4136c4a8248f3dc9a36e2d94110419112d
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
Check the size of ADSP payload before accessing it.
CRs-Fixed: 2380694
Change-Id: Icdc19a85b39a397ba6d7177f42ece4626b901832
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Lock Implementation for avoid race condition leading
to out-of-bound write in "msm_vb2_queue_setup
Change-Id: I386f1709bdf3328ae0c1db44980db8453849babf
Signed-off-by: E V Ravi <evenka@codeaurora.org>
Check if payload data is atleast the minimum expected size
before accessing the data in it.
Change-Id: Ia1295ca5ad5d002122e416fae53588681da687ea
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Check size of payload array before access in qdsp_mvm_callback.
Change-Id: I81d945f963cfb4a3cb26155700b82880d891ec5e
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
Within EDID parser's data structure, sink_caps of previous
EDID are being retained. Reset sink_caps before parsing new
EDID.
Change-Id: I7927161256ec87ab77b26a9d7bc5e0cd1df5583b
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
