The virtclk can disable clocks by hab in suspend flow. If hab irq is
disabled then, the power manage task will stick in uninterruptable hab
receive function.
Change-Id: I780ecede7494346953f5f77d665dd77c2cc6d28a
Signed-off-by: Yimin Peng <yiminp@codeaurora.org>
Add initial devices trees for SDM455 CDP devices
Change-Id: I33bf922baf1dcd5c214f0be81affba25eab0c70c
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial devices trees for SDM455 QRD devices
Change-Id: I7107029ac33f47f1866d7907ff9086d98c466039
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial device trees for SDM455 MTP devices
Change-Id: I8b8f3038ae435db9ea87c7e6a72d79e82f72806f
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
CNSS_DEV_ERR_NOTIFY should not be cleared before collecting firmware
dump as device is still in asserted state. Clear it after collecting
firmware dump.
Change-Id: Ic57c65d8ffa1806a0af83e653d6573f19ab1e705
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Large values returned by bitmap_find_next_zero_area() can overflow
and become negative when stored in signed variable 'pageno' that
can lead to failure of condition 'pageno < dma_mem->nr_pages'.
Due to this, Use-after-free issue is observed in bitmap_set(),
When user requests to allocate large size buffer using ion calls.
BUG: KASAN: use-after-free in bitmap_set+0x9c/0xd4 at addr ffffffe774946cc0
Read of size 8 by task syz-executor0/19717
page:ffffffbe5dd25180 count:0 mapcount:-127 mapping:(null)
index:0xffffffe774947000 flags: 0x0()
page dumped because: kasan: bad access detected
page_owner info is not active (free page?)
CPU: 3 PID: 19717 Comm: syz-executor0 Tainted: G W 4.4.78+ #1
Call trace:
[<ffffffa10c68b6fc>] dump_backtrace+0x0/0x2fc
[<ffffffa10c68ba1c>] show_stack+0x24/0x30
[<ffffffa10cc29a34>] dump_stack+0xdc/0x134
[<ffffffa10c8b2c10>] kasan_report+0x380/0x508
[<ffffffa10c8b1f38>] __asan_load8+0x24/0x80
[<ffffffa10cc42218>] bitmap_set+0x9c/0xd4
[<ffffffa10d15941c>] removed_alloc+0x188/0x5e4
[<ffffffa10dba4f40>] ion_cma_allocate+0x164/0x3e0
[<ffffffa10db9cef4>] __ion_alloc+0x368/0x1044
[<ffffffa10db9e0c8>] ion_ioctl+0x25c/0x6ac
[<ffffffa10c8e2f40>] do_vfs_ioctl+0x844/0x9a8
[<ffffffa10c8e311c>] SyS_ioctl+0x78/0xbc
[<ffffffa10c683730>] el0_svc_naked+0x24/0x28
Change-Id: Ibbaa451250bdfa9ce2a6e2cb9d2ee357ee0c8385
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.
Fix it by manually convert it as void* when doing the addition.
CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
API provision for WLAN host driver to check if WLAN PCIe device
is down.
Change-Id: I91efcd781af67c72b787c89e6b619c4cc49da34b
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Subsystem notification for adsp and wlan in guest.
Change-Id: I49e3e0a160a2434ba9df8008a5ad5051fbeed194
Signed-off-by: Venkata Rao Kakani <vkakani@codeaurora.org>
ALARM_EN status is retained in PMIC register after device shutdown
if poweron_alarm is enabled. Read it to make sure the driver has
consistent value with the register status.
Change-Id: Iee0a19ba5126265b36a353c1d1b249d09185564a
Signed-off-by: Mao Jinlong <c_jmao@codeaurora.org>
Add the CPR configuration of Speed-bin 3 for the power
and performance cluster of SDM630.
Change-Id: I6bf9a837ae941cf3ad9413da6e44821916acf197
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
Add mutex lock in rtac_open and rtac_release
to avoid usage count discrepancies leading
to multiple calls to unmap memory resulting in
null pointer dereference.
CRs-Fixed: 2271712
Change-Id: Ie6da28837c352030b8d7e377d68a70cf04e7072a
Signed-off-by: Tanya Dixit <tdixit@codeaurora.org>
Add support to dump complete ramdump of subsystem from start of first
segment to end of last segment without leaving any hole in between.
Change-Id: I0bcab1d4e04748d3934b7a4d99eec59727c3afb1
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Since message received from spi cannot be trusted there is possibility
of out-of-bound read if received read_id is not in range of fifo.
The patch validate rx_fifo_read index of edge info for remote side.
Change-Id: I3d3fa749935f477e5f98f986adc24e6e6a682d4d
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Expand display type/id enumeration up to eight types.
Change-Id: I19c47e6b4aa57dc94020f909260e1de2218ca82d
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Not all devices on an MDIO bus are PHYs. Meaning not all MDIO drivers
are PHY drivers. Add support for generic MDIO drivers.
Change-Id: I65c7c8a497bbac9ef67b3d21c869818a09378e3c
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-Commit: a9049e0c513c4521dbfaa302af8ed08b3366b41f
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Anthony Mah <amah@codeaurora.org>
Otherwise we might dereference an already freed file and/or inode
when aio_complete is called before we return from the read_iter or
write_iter method.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 0b944d3a4bba6b25f43aed530f4fa85c04d162a6)
Change-Id: I628a87b5036ba1ba5ba5152fa0329d02999d3649
Git-Commit: 0b944d3a4bba6b25f43aed530f4fa85c04d162a6
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
[riteshh@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Align with android-base.cfg which is android kernel config
requirement for msm8998_defconfig.
Change-Id: I69cbca16705d25b5505792b11ae4f054be09457f
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Add socinfo support for SDM455 Soc and update the
bindings fot the same.
Change-Id: I9b30795e202d84ae06020983b2d656772fb4f313
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
The control cpu thread which initiates hotplug calls kthread_park()
for hotplug thread and sets KTHREAD_SHOULD_PARK. After this control
thread wakes up the hotplug thread. There is a chance that wakeup
code sees the hotplug thread (running on AP core) in INTERRUPTIBLE
state, but sets its state to RUNNING after hotplug thread has entered
kthread_parkme() and changed its state to TASK_PARKED. This can result
in panic later on in kthread_unpark(), as it sees KTHREAD_IS_PARKED
flag set but fails to rebind the kthread, due to it being not in
TASK_PARKED state. Fix this, by serializing wakeup state change,
against state change before parking the kthread.
Below is the possible race:
Control thread Hotplug Thread
kthread_park()
set KTHREAD_SHOULD_PARK
smpboot_thread_fn
set_current_state(TASK_INTERRUPTIBLE);
kthread_parkme
wake_up_process()
raw_spin_lock_irqsave(&p->pi_lock, flags);
if (!(p->state & state)) -> this will fail
goto out;
__kthread_parkme
__set_current_state(TASK_PARKED);
if (p->on_rq && ttwu_remote(p, wake_flags))
ttwu_remote()
p->state = TASK_RUNNING;
schedule();
So to avoid this race, take pi_lock to serial state changes.
Change-Id: Ie71645d37046f7ee74df880dbead29efbaad199a
Suggested-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
Add uninterruptible flag in hab receiving for virtual reset controller
to avoid being interrupted by signal.
Change-Id: Iddca4134eec082537110bd7735e0e282cd5c7454
Signed-off-by: Zhiqiang Tu <ztu@codeaurora.org>
During composition switch, current driver ends up calling
rndis_ipa_cleanup twice without calling rndis_ipa_init() in between.
This could cause spinbug in IPA driver due to uninitialized spin lock.
Hence fix the issue by moving rndis_ipa_init() to bind() callback and
calling rndis_ipa_cleanup() in unbind() callback.
Change-Id: I1be18de9137ba61cf0f004c7edeac54235617d33
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
This size is the maximum amount of virtual address space we gather
up before attempting to purge with a TLB flush. It is 128M in most cases.
With repeated and high size vmalloc operations, it may easily generate
more fragments. This is wasting limited vmalloc area, for 32bits.
So make it configable and the default multiplier as 8, 32bits only.
Change-Id: I68a75acb16d3cff05f8b13c05ae78922269e219f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
Invert the polarity of PMD_MPP_08 on msm8996 CV2X
to properly power on and off the external
modem as required.
Change-Id: I56226f4d14a2e21331bacf0a7125dc06bfd91aac
Signed-off-by: Aditya Mathur <aditmath@codeaurora.org>
