While handling dsi_gen_read_status, status buffer
was xlogging without checking for its max size.
Add proper conditional check to xlog status buffer.
Change-Id: Ia5a1fe18de123d2911c31ae79492b96f67e1273d
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
The macro hides some control flow, making it easier
to run into bugs.
bug: 111642636
Change-Id: I37ec207c277d97c4e7f1e8381bc9ae743ad78435
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Git-commit: e1a7c83cfd36c26e208c72740a045a8fe79aee44
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Signed-off-by: Srinivasa Rao Kuppala <srkupp@codeaurora.org>
scm_call2 can block scm calls up to 2s due to its
retry mechanism whenever the secure firmware is
busy waiting for certain processing by the client
who in turn is waiting upon its scm call to either
complete or return with failure.
Upon early return, client can process the pending
requests to free up secure firmware and unblock
processing of all pending scm calls. Add a noretry
variant for scm_call2 which can be used by clients
who do not intend to wait for 2s for return status.
Change-Id: I1f0849464a64c32a4de4510fa5787b0ab328725c
Signed-off-by: Kaushal Kumar <kaushalk@codeaurora.org>
While handling dsi_gen_read_status, status buffer
was xlogging without checking for its max size.
Add proper conditional check to xlog status buffer.
Change-Id: Ia5a1fe18de123d2911c31ae79492b96f67e1273d
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
Attempting to avoid cloning the skb when broadcasting by inflating
the refcount with sock_hold/sock_put while under RCU lock is dangerous
and violates RCU principles. It leads to subtle race conditions when
attempting to free the SKB, as we may reference sockets that have
already been freed by the stack.
Unable to handle kernel paging request at virtual address 6b6b6b6b6b6c4b
[006b6b6b6b6b6c4b] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
task: fffffff78f65b380 task.stack: ffffff8049a88000
pc : sock_rfree+0x38/0x6c
lr : skb_release_head_state+0x6c/0xcc
Process repro (pid: 7117, stack limit = 0xffffff8049a88000)
Call trace:
sock_rfree+0x38/0x6c
skb_release_head_state+0x6c/0xcc
skb_release_all+0x1c/0x38
__kfree_skb+0x1c/0x30
kfree_skb+0xd0/0xf4
pfkey_broadcast+0x14c/0x18c
pfkey_sendmsg+0x1d8/0x408
sock_sendmsg+0x44/0x60
___sys_sendmsg+0x1d0/0x2a8
__sys_sendmsg+0x64/0xb4
SyS_sendmsg+0x34/0x4c
el0_svc_naked+0x34/0x38
Kernel panic - not syncing: Fatal exception
CRs-Fixed: 2251019
Change-Id: Ib3b01f941a34a7df61fe9445f746b7df33f4656a
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
In functions snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(),
if the result of (min + max) is negative, then fls() returns
signed integer with value as 32. This leads to signed integer
overflow as complete operation is considered as signed integer.
UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:50
signed integer overflow:
-2147483648 - 1 cannot be represented in type 'int'
Call trace:
[<ffffff852f746fe4>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffff852f746fe4>] dump_stack+0xec/0x158 lib/dump_stack.c:51
[<ffffff852f7b5f3c>] ubsan_epilogue+0x18/0x50 lib/ubsan.c:164
[<ffffff852f7b6840>] handle_overflow+0xf8/0x130 lib/ubsan.c:195
[<ffffff852f7b68f0>] __ubsan_handle_sub_overflow+0x34/0x44 lib/ubsan.c:211
[<ffffff85307971a0>] snd_soc_get_volsw_sx+0x1a8/0x1f8 sound/soc/soc-ops.c:382
Typecast the operation to unsigned int to fix the issue.
Change-Id: I40d070b1357f016eb1622146180e4abb340e5d00
Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Git-commit: ae7d1247d8673ebfd686b17e759d4be391165368
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
Changes the naming convention and adds
PID as suffix to the debugfs files.
Adds debugfs file data in the tabular format and also
creates global file in /sys/kernel/debug/adsprpc directory.
Change-Id: I25f3f7ea59dd39c9d44d99c8503f431f10072c33
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
If the result of (min + max) is negative in functions
snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(), there
will be an overflow for the variable 'mask'.
UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:6
signed integer overflow:
-2147483648 - 1 cannot be represented in type 'int'
Fix this by updating the variable type of 'mask' to unsigned int.
Change-Id: Ia34f397fad5b93c0e2ffacae60e051ad20c20bdf
Signed-off-by: Banajit Goswami <bgoswami@codeaurora.org>
pppolac driver incorrectly enqueues the packet into the sock queue
without pulling UDP headers. The application will receive data along
with UDP header when L2TP control packets are received.
The issue was introduced after moving UDP header removal functionality
from process rcvmesg context to BH context.
Instead of pppolac driver directly queuing L2TP control packets into
socket queue, return packet to udp_queue_rcv_skb, which will deliver the
packet to the application after pulling the UDP header.
Fixes: e6afc8ace ("udp: remove headers from UDP packets before queueing")
Change-Id: Icfa0fd8da43ea9c14fa7c718746a6529651ac202
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>
Acked-by: Sharath Chandra Vurukala <sharathv@qti.qualcomm.com>
Attempting to avoid cloning the skb when broadcasting by inflating
the refcount with sock_hold/sock_put while under RCU lock is dangerous
and violates RCU principles. It leads to subtle race conditions when
attempting to free the SKB, as we may reference sockets that have
already been freed by the stack.
Unable to handle kernel paging request at virtual address 6b6b6b6b6b6c4b
[006b6b6b6b6b6c4b] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
task: fffffff78f65b380 task.stack: ffffff8049a88000
pc : sock_rfree+0x38/0x6c
lr : skb_release_head_state+0x6c/0xcc
Process repro (pid: 7117, stack limit = 0xffffff8049a88000)
Call trace:
sock_rfree+0x38/0x6c
skb_release_head_state+0x6c/0xcc
skb_release_all+0x1c/0x38
__kfree_skb+0x1c/0x30
kfree_skb+0xd0/0xf4
pfkey_broadcast+0x14c/0x18c
pfkey_sendmsg+0x1d8/0x408
sock_sendmsg+0x44/0x60
___sys_sendmsg+0x1d0/0x2a8
__sys_sendmsg+0x64/0xb4
SyS_sendmsg+0x34/0x4c
el0_svc_naked+0x34/0x38
Kernel panic - not syncing: Fatal exception
CRs-Fixed: 2251019
Change-Id: Ib3b01f941a34a7df61fe9445f746b7df33f4656a
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Smp2p test code is used internally to test the
functionality of drivers and has no real use case
in end product.
Change-Id: I7a50c077bb71068188b5411424c5782b3d0edbb7
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Smp2p test code is used internally to test the
functionality of drivers and has no real use case
in end product.
Change-Id: I7a50c077bb71068188b5411424c5782b3d0edbb7
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Currently, when a client invokes the service-locator to get
the domain list for a service, a data structure is dynamically
allocated to hold this information, and that is given to the
client for use. However, after the client uses the domain list,
the data structure is not freed, resulting in a memory leak.
Free domain list data structure after client use to fix
memory leak.
Change-Id: I2b87afefbb35c2c296b4267450fa3152e3725ab9
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Adding code changes to validate user inputs.
Before allocating the NAT entry verifying the
NAT entry size in range or not.
Change-Id: I21147f20a12243af5d21aebdc206703964db2be4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Adding code changes to validate user inputs.
Before allocating the NAT entry verifying the
NAT entry size in range or not.
Change-Id: I21147f20a12243af5d21aebdc206703964db2be4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
This patch add a coresight unit specific function coresight_cross_read
which can be used for ETM registers by providing a ETM specific read
function which does smp cross call to ensure the unit is powered up
before the register is accessed.
Change-Id: I4037028a171c8ca733513e82c4443b6e332a088c
Signed-off-by: Yuanfang Zhang <zhangyuanfang@codeaurora.org>
If fw build timestamp passed by QMI is a non-NULL terminated string,
it might result in a out-of-bounds read in icnss_get_soc_info. Hence,
manually NULL terminate the string.
Change-Id: I252196cd12784d841b29303c42591efc59da64f1
CRs-Fixed: 2322317
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
Add a check to make sure device actually transitioned to SUSPEND
state before halting dispatcher in adreno_suspend_device function.
kgsl_pwrctrl_change_state(device,KGSL_STATE_SUSPEND) in
kgsl_suspend_device can return zero without actually changing state
to SUSPEND if device state is NONE or INIT.
Change-Id: I4a5a69007c71651ea2cf7fa7360c960c6856031e
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Dload type imem offset is corrected for MSM8998, so that
correct imem address is updated.
Change-Id: I519603641753ec39d86fbf923bd80afcd6b1345d
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
This is required to fix the VTS test case failures which are failing
as the kernel supports EXT2/EXT3 but the tools mkfs.ext2/mkfs.ext3
doesn't exist anymore.
Change-Id: I46aa9e9a9c7ebac4655f18fda1451bd2cf594a25
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Currently RT is deleted even if rt rule or header proc ctx
is invalid. Add check to prevent it.
Change-Id: Ic37ff9a33fab2b3c0d6393e43452e4b62a91d932
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
GPU should not be forced to SUSPEND state when it is in INIT
or NONE state as this transition is invalid.
Change-Id: Ia3d0fd131348508fe34c57f271c1f991a98afa19
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Added sysfs entries to show kgsl memory usage statistics.
gpumem_mapped: kgsl memory mapped in the process address space.
gpumem_unmapped: kgsl allocated memory but not mapped in process.
imported_mem: graphics memory not allocated by the kgsl.
Below is the sysfs path for new entries:
/sys/class/kgsl/kgsl/proc/<pid>/
Change-Id: I08c2014d28dc0ca1e2b54ebf966d00143b303b54
Signed-off-by: Amit Kushwaha <kushwaha@codeaurora.org>
Avoid the release of memory for dynamic fps PLL codes. The memory
is part of the continuous splash memory region and will be freed
eventually as part of the splash screen memory cleanup routine.
Change-Id: I67afb46057770298668ae5790637e8b4b08fd030
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Update the DSI bit clock frequencies supported for the NT35597
video mode panel on SDM660 for dynamic bit clock feature.
Change-Id: I597bb43bf8f93aa6d98afff5d5b8973689460b41
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Add DT properties to enable support for dynamic DSI bit clock
feature on NT35597 dual DSI video mode panel on SDM660.
Change-Id: I9b382a7a79ba546c8f99889a5a14d2733ea8771f
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Add change to support changing the DSI bit clock dynamically
for video mode panels. This helps to avoid interference of
DSI clock with other subsystems runtime.
Change-Id: I05790a6dd9d8a2fc3cf31727d032e5220d6164e5
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Add the DT properties in DSI controller/PLL nodes/memory nodes which
are needed for supporting dynamic refresh feature for SDM660/SDM630.
Change-Id: Iccfaf219705de28eb4bd721987075eab09b0120f
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Add CLK_SET_RATE_NO_REPARENT flag for the software mux clocks in
DSI 14nm PLL driver which is needed for dynamic refresh feature.
Update the dynamic fps structure to align the PLL codes with
vco frequency instead of fps.
Change-Id: I533f615ce51be7229171b6accac3f14ab2dca949
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
