Fix uninitialized local variable error which might have lead to
crash.
CRs-Fixed: 2030137
Change-Id: I3fd95cb343c3175e4190c8ebfe209399db0602a6
Signed-off-by: Abir Ghosh <abirg@codeaurora.org>
Terminate the string, coming from userspace and containing the name
of fingerprint trusted app, with null character, to make sure kernel
memory does not leak into logs
Change-Id: I1668a64fcb6747ce3ef3b1ee6321fa5fa4a1798a
CRs-Fixed: 2029409
Signed-off-by: Abir Ghosh <abirg@codeaurora.org>
Validate the name of the client app before passing it to
qseecom_start_app.
CRs-Fixed: 2006695
Change-Id: I9c6b16050d4f6fc94827021c7b0f2ab292452f60
Signed-off-by: Abir Ghosh <abirg@codeaurora.org>
Fix the below potential race between these two contexts -
mb_cache_entry_get() and mb_cache_shrink_scan(), which results
into use after free issue.
task a:
mb_cache_shrink_scan()
|--if(!list_empty(&mb_cache_lru_list))
|--get the ce entry
|--list_del_init(&ce->e_lru_list);
|--check ce->e_used, ce->e_queued,
ce->e_refcnt and continue
-> gets prempted here
task b:
ext4_xattr_release_block()
|--mb_cache_entry_get()
|--get ce from hlist_bl_for_each_entry()
|--increment ce->e_used and
list_del_init(&ce->e_lru_list)
|--mb_cache_entry_free()
|--hlist_bl_lock(ce->e_block_hash_p);
-> results into use after free
Also, fix similar potential race between mb_cache_entry_alloc() and
mb_cache_entry_get() in case if cache->c_max_entries is reached.
Change-Id: I01049bae5d914cfb8494ab299ec2e068745d1110
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Configure battery thermal coefficients for QRD660/630 to make sure the
device could read the correct battery temperatures.
CRs-Fixed: 2038922
Change-Id: I21d0eedfec0a0529d8864d11b703659f4ba43b6a
Signed-off-by: Yingwei Zhao <cyizhao@codeaurora.org>
Add the necessary infrastructure to keep timestamp history
of commands, events and other useful info for debugging
complex issues. This helps in diagnosing events leading
upto failure.
Change-Id: I34f78b0c875262fa06c16d476be6255f7ae4d92f
Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org>
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Signed-off-by: Can Guo <cang@codeaurora.org>
Currently memcpy is copying from a bigger memory size to a smaller
memory size. This change corrects this issue by performing the
memcopy restricted to the smaller of the src or dest memory buffer.
CRs-fixed: 2028228
Change-Id: Ibbe5665083799a4262d3cfbb06f94f3e35e03748
Signed-off-by: Harsh Sahu <hsahu@codeaurora.org>
This reverts commit 566b44214c (smb138x:
introduce support for smb1355).
This is not required since smb1355 support is moved to its own driver.
Change-Id: Ibad8595c09a865e273adb6f30d6a75f931220131
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
This reverts commit 0f0e36134d ("smb138x:
use chg src bit to disable parallel charger)
This is not required, since smb1355 support is moved to its own driver.
Change-Id: I1bd454030d29195f03be132d167ec8294169b9d5
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Support faking input current limited state. This is very helpful
in testing/debugging the software based vbus changing algorithms.
Change-Id: I7cf548c94397ee680c9d65343c49ec7b16873e88
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Add POWER_SUPPLY_PROP_REAL_TYPE property for usb_psy to present its real
charger type. POWER_SUPPLY_PROP_TYPE in usb_psy is always set to
POWER_SUPPLY_TYPE_USB_PD for healthd to recognize it as an AC charger.
Also add usb_port_psy with POWER_SUPPLY_TYPE_USB type is added for healthd
to recognize it as an USB host. Their ONLINE properties will be updated
according to the VBUS status, type-c mode and real charger type.
With this type being set statically, update the usb phy and pd policy
engine code to look at real type.
Change-Id: I90aa69325cc82b09dfb513c0eeecbc61e092a57f
Signed-off-by: Fenglin Wu <fenglinw@codeaurora.org>
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Due to the issue with the isoc transfers being interrupted
by the CPU going into the idle state, the C-states will be
disabled for the playback time.
Change-Id: If4e52673606923d7e33a1d1dbe0192b8ad24f78c
Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Value 0xFFFFFFFF should be set according specification
of MTP for large files when fileSize + mtpHeader is greater
than 0xFFFFFFFF.
MTP Specification, Appendix H - USB Optimizations
Patchset: mtp
Change-Id: I6213de052914350be2f87b73f8135f9c0cd05d7c
Signed-off-by: Witold Sciuk <witold.sciuk@intel.com>
Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Current driver implementation uses global variables to create
minidump elf header.
Move all elf global variables into a structure, and also replace
'msm_minidump_enabled' API with 'minidump_enabled' global variable.
And also add minidump_table address in elf, which would be useful
for parsers to get memory dump table addresses without vmlinux symbols.
Change-Id: I8829d88ce234179f429ae9537a3582df794c2cdf
Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
Current implementation uses pr_info to print error messages.
Update driver prints log level with pr_err instead of
pr_info, and also update with proper error number for
minidump table update failure return.
Change-Id: I27667715c71b361b9ee0f7856c94242d3ca21014
Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkJWpMACgkQONu9yGCS
aT7guA/+JdSobjlRUshtcbUGVEwMjSuNFkZEpeTUWxxkrnNVPnIefP4jcCXEctvL
OxY4TxtvCQO/m+4Yx0ImVkcPBajd55OWiV90fZ0khVwu+4abLPgizj9lUhrXmmGV
LZjRyurtYFAwoGCvNsPE8NHxf923SFB8j1og0dEmoFGrH4tI+K5A9KPYKaYASU9Q
uT5rQMU0YrZBvJYzTc9DNKWHD4ekLzn7o/ORodFwQVC7pdQdGpOCq3Ap+LZbtYnn
146ziEfycRBSt3x9kYf7gztdGLv4tLZJJv7McI6qfX8+Vrt+Wgy4ObSblmTl57RH
4WAxed2gZ8NW+fnSJZFR8iomRBu1dsyyTESSt1lCEC6i29ardQip5y4/yGLaBtiJ
nbcUp1Ld+twQYm0p1UMJVo0DUE6xcrwnCoNyhkGzz1XfdQQwvFCaq30PlsjKxI6E
X/1rRfuICH2dmIn1ziiCb8qBBjHvKbZY5Mg7W8s6E12yIGKuY08m3KaimSMdWt1D
jKUKMGD9AunC2l4OAGggObMoTG5SaGSSDr8yPG9QxVvD0AvpnpSEFJ8PIi5O7JiB
jcFNZawAljzIf0VYGrbGAzbrijiaan/WHm3va7U7K1JzIdFzbOlUANpJLhBR70Mb
Gc3GEcdMflqJUJ6lapEaaFyC8qPjNI5Ks0/7ER0pgTICBoFVSyg=
=eMmm
-----END PGP SIGNATURE-----
Merge 4.4.66 into android-4.4
Changes in 4.4.66:
f2fs: do more integrity verification for superblock
xc2028: unlock on error in xc2028_set_config()
ARM: OMAP2+: timer: add probe for clocksources
clk: sunxi: Add apb0 gates for H3
crypto: testmgr - fix out of bound read in __test_aead()
drm/amdgpu: fix array out of bounds
ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
md:raid1: fix a dead loop when read from a WriteMostly disk
MIPS: Fix crash registers on non-crashing CPUs
net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
net_sched: close another race condition in tcf_mirred_release()
RDS: Fix the atomicity for congestion map update
regulator: core: Clear the supply pointer if enabling fails
usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
xen/x86: don't lose event interrupts
sparc64: kern_addr_valid regression
sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
net: neigh: guard against NULL solicit() method
net: phy: handle state correctly in phy_stop_machine
l2tp: purge socket queues in the .destruct() callback
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
l2tp: take reference on sessions being dumped
l2tp: fix PPP pseudo-wire auto-loading
net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
sctp: listen on the sock only when it's state is listening or closed
tcp: clear saved_syn in tcp_disconnect()
dp83640: don't recieve time stamps twice
net: ipv6: RTF_PCPU should not be settable from userspace
netpoll: Check for skb->queue_mapping
ip6mr: fix notification device destruction
macvlan: Fix device ref leak when purging bc_queue
ipv6: check skb->protocol before lookup for nexthop
ipv6: check raw payload size correctly in ioctl
ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
MIPS: KGDB: Use kernel context for sleeping threads
MIPS: Avoid BUG warning in arch_check_elf
p9_client_readdir() fix
Input: i8042 - add Clevo P650RS to the i8042 reset list
nfsd: check for oversized NFSv2/v3 arguments
ARCv2: save r30 on kernel entry as gcc uses it for code-gen
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
Linux 4.4.66
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
We recently renamed CONFIG_UID_CPUTIME, but didn't update all the
defconfigs.
Change-Id: Ic52f904d6ada3d0e32a8278ec95f7b34b29f96b9
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
When routing FM over MI2S, add support for required
port mixer controls.
CRs-Fixed: 2034932
Change-Id: I04e08ae8f876fe08390b3dae96d4522c2546fb32
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
In particular SSR scenario, digital codec access happens without
clock enabled. While SSR down event notification in progress,
APR driver blocks request to DSP to enable clock since APR already
received down event. regmap access to digital codec register results in
AHB timeout error. If DSP clock enable request fails, set the regmap
access cache only mode to avoid any register access.
CRs-Fixed: 2034468
Change-Id: Id1141339d2673920167ed7ac74b13b6fee05173f
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
On some platforms, the regulatory domain (country) is set
using mechanisms external to WIFI, such as cellular modem
and GPS. In these scenarios the regulatory hints that
are received over the air (in beacons and similar) can
conflict and even cause an incorrect country to be set.
Add an option to ignore the OTA regulatory hints to better
support such scenarios.
Change-Id: Ia46fe2699f4cc9859713947c0153107462fdec06
Signed-off-by: Lior David <liord@codeaurora.org>
Fix the compilation issue seen due to the regulator framework
changes from 3.10 to 4.4 kernel. Also remove the redundant error
messages during the memory allocation failures.
Change-Id: I4887c2d3acaff562fb41e6c2eaeb2c1ef2c1bde5
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
During Mini dump collection, cache dump needs extra memory
and time hence disable it in perf builds.
Change-Id: I68aae6edf676c27b8443fdcc88ece05fa3a26748
Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
Support for clock recovery in compress driver.
Userspace app can issue clock recovery command with a positive value
to advance the clock or a negative value to delay the clock.
CRs-Fixed: 2036899
Change-Id: Iacfc18afe6723edea84ed3382ac62810fcadb31a
Signed-off-by: Manish Dewangan <manish@codeaurora.org>
After cold boot calibration WLAN FW send pin connect result to
platform driver through qmi indication message. To avoid uninitialized
access of pin connect result structure member initialize it properly.
CRs-Fixed: 2042000
Change-Id: I5654583e890f9ee67ddcc632aecd9ecb8a160062
Signed-off-by: Hardik Kantilal Patel <hkpatel@codeaurora.org>
Now mutex_init() is in function_alloc_mtp_ptp() which will be
called when USB composition change.
In the corner case, USB composition change when do mtp_read(),
the mutex lock is initialized when do mutex_lock().
Change-Id: I7a61f6fe6d8865462c5445f7075722f4f151b03f
Signed-off-by: Liangliang Lu <luliang@codeaurora.org>
Set smmu-s1-en to enable SMMU stage1.
This change also sets SMMU base address and size, required when
SMMU stage1 is enabled.
Change-Id: I30f4528c665c7623cb56de0773a0a3da2b4c21bf
Signed-off-by: Maya Erez <merez@codeaurora.org>
UB size of second RDI is overlapping
with first RDI. Correcting UB size configuration
for RDI streams.
Change-Id: I658744a52b86066eb198cdf2e760b75fdb76605a
Signed-off-by: Shilpa Mamidi <shilpam@codeaurora.org>
The "_header" field of the macro was being incorrectly expanded to just
"header". This was only working because all the functions which used this
macro already had "header" defined in scope.
Change-Id: I19e77ae78cfff471ddffd428cb3fd055c6340737
Signed-off-by: Sharat Masetty <smasetty@codeaurora.org>
This patch helps dump the full 64k per ring preemption
record to GPU snapshot which is collected during GPU
recovery step. We use the general object snapshot section
type to store these records and we only collect the preemption
records if preemption was going to kick in, which is when
the number of rings is greater than one.
Change-Id: I1872bc14c6b39c8c4963ce9c98e96b03cbfec907
Signed-off-by: Sharat Masetty <smasetty@codeaurora.org>
In bandwidth limit read function, 'buf' array
elements might be used uninitialized. Ensure
the array elements are initialized.
Change-Id: I210c73b14327436296a844fc5ebd47ccc02bf5fb
Signed-off-by: Jayant Shekhar <jshekhar@codeaurora.org>
On 4.4 kernel, 'commit 364549ddc2 ("mmc: core: Remove
redundant ->power_restore() callback for MMC")' removed
power_restore callback for MMC since mmc_reset is
implemented. Hence use reset instead of power_restore in
mmc_cmdq_hw_reset. Also modify the caller function mmc_cmdq_hw_reset
to properly use the mmc_reset.
Change-Id: Ia06d579401b6a083b164dff7a253d1eb3caef1a3
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
The eMMC HW reset may be implemented either via the host ops ->hw_reset()
callback or through DT and the eMMC pwrseq. Additionally some eMMC cards
don't support HW reset.
To allow a reset to be done for the different combinations of mmc hosts
and eMMC/MMC cards, let's implement a fallback via trying a regular power
cycle. This improves the mmc block layer retry mechanism of failing I/O
requests.
Change-Id: I5cafd54327cde22ea9599543382f1b294272a42c
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
[Ulf: Rewrote changelog]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Git-commit: 4e6c71788d6bb0e5438fc9211fa6e52dcca01474
Git-repo: git://git.linaro.org/people/ulf.hansson/mmc.git
[vviswana@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
This is snapshot of the OnSemi NCP6335D driver as of msm-3.10
'commit 156ba1726643 ("regulator: onsemi-ncp6335d: Add i2c retry logic")'.
Change-Id: I4cf0acd272fcf498462d4397385cd62f144eadf8
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
commit 34a477e5297cbaa6ecc6e17c042a866e1cbe80d6 upstream.
On x86-32, with CONFIG_FIRMWARE and multiple CPUs, if you enable function
graph tracing and then suspend to RAM, it will triple fault and reboot when
it resumes.
The first fault happens when booting a secondary CPU:
startup_32_smp()
load_ucode_ap()
prepare_ftrace_return()
ftrace_graph_is_dead()
(accesses 'kill_ftrace_graph')
The early head_32.S code calls into load_ucode_ap(), which has an an
ftrace hook, so it calls prepare_ftrace_return(), which calls
ftrace_graph_is_dead(), which tries to access the global
'kill_ftrace_graph' variable with a virtual address, causing a fault
because the CPU is still in real mode.
The fix is to add a check in prepare_ftrace_return() to make sure it's
running in protected mode before continuing. The check makes sure the
stack pointer is a virtual kernel address. It's a bit of a hack, but
it's not very intrusive and it works well enough.
For reference, here are a few other (more difficult) ways this could
have potentially been fixed:
- Move startup_32_smp()'s call to load_ucode_ap() down to *after* paging
is enabled. (No idea what that would break.)
- Track down load_ucode_ap()'s entire callee tree and mark all the
functions 'notrace'. (Probably not realistic.)
- Pause graph tracing in ftrace_suspend_notifier_call() or bringup_cpu()
or __cpu_up(), and ensure that the pause facility can be queried from
real mode.
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: "Rafael J . Wysocki" <rjw@rjwysocki.net>
Cc: linux-acpi@vger.kernel.org
Cc: Borislav Petkov <bp@alien8.de>
Cc: Len Brown <lenb@kernel.org>
Link: http://lkml.kernel.org/r/5c1272269a580660703ed2eccf44308e790c7a98.1492123841.git.jpoimboe@redhat.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
