callback
There is race condition around private data used in put() and get()
of few mixer ctls with close() callback. Added global mutex lock and
code changes to protect such critical section by accessing such lock.
Change-Id: I276c2a234cfcbef88b4272b945e5c3f121e8eb32
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Current acc_relative_busy calculation is causing integer overflow
in 32 bit system. "stats->busy_time * stats->current_frequency"
results in a value which is beyond the 32 bit range.
Typecasting the value to u64 to avoid overflow.
Change-Id: Id97da02bef608787ceb7c9751bbfc203af56deb1
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
In ioctls like kgsl_ioctl_submit_commands(), if both syncobj
type and cmd/marker/sparseobj type are submitted, the syncobj
is queued first followed by the other obj type. After syncobj
is successfully queued, in case of failure in get_timestamp
while queuing the other obj, both the command objs are
destroyed. As sync obj is already queued, accessing this
later would cause a crash.
Compare the user generated timestamp with the drawctxt
timestamp and return early in case of error. This avoids
unnecessary queuing of drawobjs.
Change-Id: I336c95c42ab1075d7653cba02772f92c918c884c
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
The register window needs to be configed properly before accessing
any larger than 4K range PCIe registers. Expose the lock to WLAN
driver to avoid race condition when both drivers try to config it.
Change-Id: I94ccd963d4fd0a9715330d2e5733346ccd993ae1
Signed-off-by: Yue Ma <yuem@codeaurora.org>
When unloading the app, reset all client members to NULL
to protect from accessing the memory after being freed.
Change-Id: I573b9c6fde03539522d2b04724a2246660c62518
Signed-off-by: jitendra thakare <jitendrathakare@codeaurora.org>
[ Upstream commit 58e75155009cc800005629955d3482f36a1e0eec ]
As seen on some USB wireless keyboards manufactured by Primax, the HID
parser was using some assumptions that are not always true. In this case
it's s the fact that, inside the scope of a main item, an Usage Page
will always precede an Usage.
The spec is not pretty clear as 6.2.2.7 states "Any usage that follows
is interpreted as a Usage ID and concatenated with the Usage Page".
While 6.2.2.8 states "When the parser encounters a main item it
concatenates the last declared Usage Page with a Usage to form a
complete usage value." Being somewhat contradictory it was decided to
match Window's implementation, which follows 6.2.2.8.
In summary, the patch moves the Usage Page concatenation from the local
item parsing function to the main item parsing function.
Change-Id: Id25c0c7e11712501d117fb715b64db7772ac2066
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Terry Junge <terry.junge@poly.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Git-commit: 5db3c5adf4
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Rahul Shahare <rshaha@codeaurora.org>
It seems there is out of bound access chances for lsm_app_type_cfg
array within msm_routing_get_lsm_app_type_cfg_control() callback.
Added case check to return invalid value if user tries to exceed
maximum allocated size of array to avoid it.
Change-Id: Ied86e6c9a957255c55bb126a09741fbde429be32
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
The reg in soc_mixer_control is 32-bit. When using
SOC_SINGLE_EXT, the value of FE DAI ID which is passed
as shift(to be operated on the reg) may be more than 31,
which may cause overflow.
Use SOC_DOUBLE_EXT instead of SOC_SINGLE_EXT so that the
reg field can be set to SOC_NO_PM to avoid any DAPM operation,
while passing BE and FE IDs in shift and rshift fields. And
these values can be retrieve in get/put functions and use them.
This is to avoid any possible overflow in DAPM operation.
Change-Id: I17fa4e059889ae725e6f015a779f518e6d0a813f
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
This change ask hypervisor to remove memory mapping for MSS
from IOMMU second stage table and assign the ownership back to
HLOS just after MBA is booted.
Presently this is being done only after MBA is booted and MDT is
authenticated.
Change-Id: I724c1bcc664827e666612dd34cd078f3f044498a
Signed-off-by: Avaneesh Kumar Dwivedi <akdwived@codeaurora.org>
Main DRM & eDRM driver has asynchronous probes. In order to ensure that
both the driver's probe has completed there is a wait for completion for
respective driver is executed. There is an issue where the
wait for the eDRM driver blocks the eDRM driver deferred probe call.
This change remove wait in the eDRM driver for completion of its probe
as eDRM driver is always initialized after main DRM and necessary clock
voting would also be done in main DRM.
Change-Id: I422419d381ad3d0361fb80f3b2b9d176203a9342
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
In mdss_dsi_cmd_write, a failure in copying the cmds to
'string_buf' can cause an early return. In this case,
the 'pcmds->string_buf' won't be pointing to a valid
buffer. This can lead to use-after-free and memory leak.
To avoid this, assign the newly allocated buffer to
'pcmds->string_buf' after returning from krealloc call.
Change-Id: I286f12c86078d1989cb09453c8a395a4ad94b324
Signed-off-by: Nirmal Abraham <nabrah@codeaurora.org>
Votable callback accesses work structure as part of
their callback, initialize work before creation of votables.
Change-Id: I91741b3d54c73aab5c695a31292a32752edc77cd
Signed-off-by: Umang Chheda <uchheda@codeaurora.org>
Place check for mask size and validate source length against
sum of header length and mask size to prevent out of bound access.
Change-Id: I8ac089202b6e3007773b92be8cfdc52fcb30ec3c
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
There is a chance that wr_offset can be modified to
an arbitrary value as it is a global variable. Have
a local copy of this value and use it for further
manipulation.
Change-Id: If3b76a0dd95e81bd057d89626818c72405f91d65
Signed-off-by: Rama Krishna Phani A <rphani@codeaurora.org>
CONFIG_ENABLE_FP_SIMD_SETTINGS :
Enable FP(Floating Point) and SIMD settings required
during execution of AArch32 processes.
CONFIG_MSM_APP_SETTINGS :
Enable support for app specific setting on MSM8996. This
is required for providing an interface so that app specific
settings can be applied / cleared.
Change-Id: Ife81b927dc58ef5e5fb7a6668286c176f16ad7bf
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Base_sel variable is being accessed with out any check.
Add proper check before accessing base_sel variable.
Change-Id: I31232cc0285bc8cc01d8fa4ee7954bf2f766cbce
Signed-off-by: Rama Krishna Phani A <rphani@codeaurora.org>
validate structures and payload sizes in the
packet against packet size to avoid OOB access.
Change-Id: I8a203a81506f603c2e37c1b2a780d3088e6933be
Signed-off-by: Sanjay Singh <sisanj@codeaurora.org>
Make change to validate if there exists enough space to write a
unit64 instead of a unit32 value, in __qseecom_update_cmd_buf_64.
Change-Id: Iabf61dea240f16108e1765585aae3a12d2d651c9
Signed-off-by: jitendra thakare <jitendrathakare@codeaurora.org>
