validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.
Validate size of each attribute before parsing to avoid potential buffer
overread.
Fixes: 2a51931192 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: d7f13f7450369281a5d0ea463cc69890a15923ae
Change-Id: I34198e599a950c30495ec3445799972db7f9f42e
CRs-Fixed: 2069828
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Buffer overread may happen as nl80211_set_station() reads 4 bytes
from the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE without
validating the size of data received when userspace sends less
than 4 bytes of data with NL80211_ATTR_LOCAL_MESH_POWER_MODE.
Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE to avoid
the buffer overread.
Fixes: 3b1c5a5307 ("{cfg,nl}80211: mesh power mode primitives and userspace access")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 8feb69c7bd89513be80eb19198d48f154b254021
Change-Id: Ie20993309501fd242782311b9fe787931f716116
CRs-Fixed: 2055013
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
nla policy checks for only maximum length of the attribute data
when the attribute type is NLA_BINARY. If userspace sends less
data than specified, the wireless drivers may access illegal
memory. When type is NLA_UNSPEC, nla policy check ensures that
userspace sends minimum specified length number of bytes.
Remove type assignment to NLA_BINARY from nla_policy of
NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
WLAN_PMKID_LEN bytes are received from userspace with
NL80211_ATTR_PMKID.
Fixes: 67fbb16be6 ("nl80211: PMKSA caching support")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 9361df14d1cbf966409d5d6f48bb334384fbe138
Change-Id: I5feb729a9ef48f67c4ee460e7e133d5fc8cecd4f
CRs-Fixed: 2061676
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Alexei had his box explode because doing read() on a package
(rapl/uncore) event that isn't currently scheduled in ends up doing an
out-of-bounds load.
Rework the code to more explicitly deal with event->oncpu being -1.
Author: Peter Zijlstra (Intel) <peterz@infradead.org>
Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Tested-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: David Carrillo-Cisneros <davidcc@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: eranian@google.com
Fixes: d6a2f9035bfc ("perf/core: Introduce PMU_EV_CAP_READ_ACTIVE_PKG")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Git-commit: 451d24d1e5f40bad000fa9abe36ddb16fc9928cb
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[pfay@codeaurora.org: apply the event->oncpu validity check from
from the patch. Other code from the patch calls routines
not yet in 4.4 so omit that part of patch. This code fixes
segfault crashes during reboot where the event->oncpu value is -1.
Change-Id: I040f0af2030e53ac3329e4b3a1bbcd37f080cdcf
Signed-off-by: Patrick Fay <pfay@codeaurora.org>
The wcn external gpio configuration has moved to WLAN firmware
code. To avoid the gpio resource request conflict and power offload
failure between wcnss platform driver and WLAN firmware.
Remove external gpio configuration from the wcnss platform driver.
Change-Id: Iaef979437d9e48d66a5e9e2fc88bc5783fed7480
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
The wcnss wlan module power up sequence has been changed.
To add support for the wcnss new power up sequence configured
3.3v external GPIO in wcnss platform driver.
Add check for the target to support the 3.3v external gpio for
the wcnss power up and routine to control the gpio like gpio
init, enable, disable for the device power management in different
state of the wcnss wlan device.
CRs-Fixed: 2065396
Change-Id: Ie6b79415b670522aa0abee58a23a31cffec76f5a
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
The WLAN dual band support vary from target to target
and to enable/disable dual band support for a particular
target the wcnss platform driver read the wlan hardware
qfuse register and export the dual band capability info
to wlan host driver to enable/disable this dual band feature.
Add export symbol for dual band capability info.
CRs-Fixed: 1115909
Change-Id: I7dc26435e3ac0ac1eec71f0e334878b35e25224d
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
It is a hardware requirement to increase snoc clock frequency
in HID sniff mode due to low wlan throughput. To provide this,
add support to enable and disable snoc clock.
Update the voltage regulator configuration API as per upstream
kernel.
CRs-Fixed: 1101377
Change-Id: I1130353bf861ca31792c40ef51243497788ed56d
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Update the synchronization process of the cnss platform driver
memory expansion and WLAN firmware table configuration from
the userspace through sysfs firmware update node.
CRs-Fixed: 2071560
Change-Id: I672ba84ad10c905be7855c1b8a930ac7adf349f1
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Source pipe index may returned invalid or
given invalid from IOCTl.
Check it for valid before sending it to Q6.
Change-Id: I9dbbc930014549ed2d0620af6872816a18b438b5
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Couple of code cleanup
- Initialize the return variable before using it.
- Remove unnecessary NULL check.
Change-Id: I8e63cb95ae99d1656143ae4b1d130f92890bb3c5
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Make use of mutex lock to access IOCTL so that two threads
can avoid race condition.
Change-Id: I3650affa0577b30531160e1d11c57d13baf34c2f
CRs-Fixed: 2060377
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
Make a change not to handle Q6 resource manager
deinit in SSR situation.
Change-Id: I5c3f68deb4514747146c5118fb58dad121ca7335
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
In the completion handler of rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.
Change-Id: I15ffd0bef4b42adf2300085dc3720d599e647cb5
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
In the completion handler of the rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.
Change-Id: I476c6c82d367f6f5fc6eff25b049b3323b68b859
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
In the completion handler of rndis command requests
we are parsing the request buffers without
checking the status of the request. This might
cause parsing of the erroneous requests.
Fix this by checking the status of the request before
parsing the request buffer.
Change-Id: I52001128ac421e58e1801eebc243a8c91618582c
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
This change is to move specific node parsing code to other place
for early splash feature on auto platform, not impacting kernel
booting process of other platforms.
Change-Id: I6deed1a75545c82ee777d9b4269f1420ab2eb07a
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Set bus resume polocy for eMMC & SD drivers.
Change-Id: If2e76877fb229a4aba38249c4a1bb2ff8d28ba32
Signed-off-by: San Mehat <san@google.com>
Git-commit: 2c84417a1305da892c8a7d0bf8d0bad50d1688b8
Git-repo: git://git-android.quicinc.com/kernel/msm-3.10
[vbadigan@codeaurora.org: Dropped changes which are already
present in mmc driver as part of other propagations]
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
