Virtual clock operations returned error when received signal.
Uninterruptible flag is added in receiving response to avoid
being interrupted by signal.
Change-Id: Id3b5b56432751ec5b49c36a028444c0360fe811f
Signed-off-by: Zhiqiang Tu <ztu@codeaurora.org>
In the blocking mode of habmm_socket_recv(), it is an
interruptible wait by default. Here, the uninterruptible
version is added.
Change-Id: Iba9ee10afb3f2529a99a9c90f6fc0cb56fb9cb08
Signed-off-by: Yong Ding <yongding@codeaurora.org>
In case of poweroff charging mode, accessory function instance
is not created and due to this, _acc_dev will be NULL. If target
is connected to Accessory dock in poweroff charging mode, there
is a chance dev pointer is accessed, which is NULL. Hence add a
check before processing control request and return error if it is
NULL.
Change-Id: I4f1deb9d764b8c0bd1d7837cbc43a2933167f568
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
In IPV6 the neighbor solicitations are used by nodes to determine
the link layer address of a neighbor and neighbor advertisements
are used by nodes to respond to a neighbor solicitation message.
During WOW suspend offload the neighbor solicitation packet handling
method to WLAN firmware, this adds support to prevent the device
wakeup by neighbor solicitation packet.
CRs-Fixed: 2217590
Change-Id: I5d860e6651b7c62223d9d00886fc386dcf647cab
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Add device node qualcomm hardware random generator, so that to provide
real random number if qrng is enabled.
This is for security purpose for the application.
Change-Id: Ib359b39ec5c32cb05ed1e38c1ad377657e5c47ae
Signed-off-by: Parai Wang <fpwang@codeaurora.org>
sdcardfs_name_match gets a 'name' argument from the underlying FS.
This need not be null terminated string.
So in sdcardfs_name_match -> qstr_case_eq -> we should use
str_n_case_eq.
This happens because few of the entries in lower level FS may not be
NULL terminated and may have some garbage characters passed while
doing sdcardfs_name_match.
For e.g.
# dmesg |grep Download
[ 103.646386] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 104.021340] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 105.196864] sdcardfs_name_match: q1->name=.nomedia, q1->len=8,
q2->name=Download\x17\x80\x03, q2->len=8
[ 109.113521] sdcardfs_name_match: q1->name=logs, q1->len=4,
q2->name=Download\x17\x80\x03, q2->len=8
Now when we try to create a directory with different case for a such
files. SDCARDFS creates a entry if it could not find the underlying
entry in it's dcache.
To reproduce:-
1. bootup the device wait for some time after sdcardfs mounting to
complete.
2. cd /storage/emulated/0
3. echo 3 > /proc/sys/vm/drop_caches
4. mkdir download
We now start seeing two entries with name.
Download & download.
Change-Id: I976d92a220a607dd8cdb96c01c2041c5c2bc3326
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Modified conditional checks to read lm_sequence so as to avoid
the possibility of pointer overflow.
CRs-Fixed: 2212443
Change-Id: I72b30e35996c40f23fc81739e27724b1188f1c05
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
page allocated in fuse_dentry_canonical_path to be handled in
fuse_dev_do_write is allocated using __get_free_pages(GFP_KERNEL).
This may not return a page with data filled with 0. Now this
page may not have a null terminator at all.
If this happens and userspace fuse daemon screws up by passing a string
to kernel which is not NULL terminated (or did not fill anything),
then inside fuse driver in kernel when we try to do
strlen(fuse_dev_write->kern_path->getname_kernel)
on that page data -> it may give us issue with kernel paging request.
Unable to handle kernel paging request at virtual address
------------[ cut here ]------------
<..>
PC is at strlen+0x10/0x90
LR is at getname_kernel+0x2c/0xf4
<..>
strlen+0x10/0x90
kern_path+0x28/0x4c
fuse_dev_do_write+0x5b8/0x694
fuse_dev_write+0x74/0x94
do_iter_readv_writev+0x80/0xb8
do_readv_writev+0xec/0x1cc
vfs_writev+0x54/0x64
SyS_writev+0x64/0xe4
el0_svc_naked+0x24/0x28
To avoid this we should ensure in case of FUSE_CANONICAL_PATH,
the page is null terminated.
Change-Id: I33ca7cc76b4472eaa982c67bb20685df451121f5
Bug: 75984715
[Daniel - small edit, using args size ]
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Git-Repo: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?h=aosp-new/android-4.9&id=4fb542f2aa1414cea5686efcf72a411b7213c375
Git-Commit: 4fb542f2aa1414cea5686efcf72a411b7213c375
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
When processing blocked listener request, ptr_app's app_blocked
flag should be set to prevent it being unloaded at this time;
Besides, need to check unblock request's scm_call response result
to see if it is blocked again; and removed redundant codes.
Change-Id: I2d72a88e9e600d6b7e944ae978b9d89a7b6db242
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Make change to block system signals when qseecom is waiting for
a blocked listener becomes available. This will prevent qseecom
being waken up by power collapse and returning to kernel, which
may cause XPU violation as TA req/resp buffer is still XPU protected
at this time
Change-Id: Ie5ea16f11ad653937236de042afb1bb5710123e6
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
SDE plane src/dst size is uninitialized and programmed to hw when
only color format is changed. This change will only configure hw
when src/dst size is calculated.
Change-Id: I5953f899a2c503b1d8f2577c28a67711b9ed9a67
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
Enable CSID error interrupts, and sending the error status
to user mode components as v4l2 event.
Change-Id: I62a08a88ebc39e1192136ba1c9179f709f5439f5
Signed-off-by: Andy Sun <bins@codeaurora.org>
This reverts commit 84d22be9dc ("msm: vidc: Add support for decoder
STOP command")
There is regression for Video playback with this commit. Therefore,
it needs to be reverted.
Change-Id: Ibc4ca31c48e148063de60f59ea90d693d5657163
Signed-off-by: Sanjay Singh <sisanj@codeaurora.org>
Currently the number of maximum bytes to be copied from buffer is
incorrectly using the size of buffer. Replace to use the count
which is the maximum number of bytes to be read.
Change-Id: I797c4dc0af626e347dfef43a754d0c469585ba55
Signed-off-by: Taniya Das <tdas@codeaurora.org>
When WLAN driver encounters FW timeout scenarios, it may check if the
FW is down by calling icnss_is_fw_down() API. Recovery should also be
considered as FW down, as FW has not completely recovered and ready
for WLAN communication.
Change-Id: I4c9e15aacc5605dca823e2cfcbf6f87152aaa78e
CRs-Fixed: 2218795
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
Check the number of bytes to copy against the size of the
user buffer before copy to user to avoid buffer overflow.
Change-Id: Icdd3d4e755deca19fa431e903620bd9e4c701c89
Signed-off-by: Harsh Sahu <hsahu@codeaurora.org>
As per the hardware recommendation, configure the LED1 to
HW_STROBE mode when LED2 or LED3 is configured in HW_STROBE
mode. This enables hardware strobe option working for LED2/3
channels.
CRs-Fixed: 2213325
Change-Id: I1ceaa7477b8d0c18e03fbdea9d5347d0e75fc0f0
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
Multi-strobe option is used to enable/disable the LEDs
back-to-back without disabling the module in the HW_STROBE mode.
Hence, enable the multi-strobe option if the LED is configured
in HW_STROBE mode.
Change-Id: I3e16254c6dcb4c4ae0b295cd7eea4e8ee8e1c2c7
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
