The "tx_blocked_signal_sent" flag is not reset correctly after receiving
the interrupt from the remote side. Hence further READ_NOTIF commands are
not written into FIFO in FIFO full case.
Reset the "tx_blocked_signal_sent" correctly after write space available
in FIFO.
CRs-Fixed: 2175526
Change-Id: I236da2a2b984b3f3cce8400b50f72ce1016d7e40
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In some of the SCM APIs implememnted by the QCPE front end,
some return values were not propagated correctly.
Change-Id: I2b0aa7f5511eac384db82a65b380a5d964514e57
Signed-off-by: Amit Blay <ablay@codeaurora.org>
If session id is invalid then dtmf voice info will also
be invalid.
Add check to return error if session id is invalid.
CRs-Fixed: 2306771
Change-Id: I362340f9f666c95949eaa94d0ced4cb3a1b9abab
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
If session id is invalid then dtmf voice info will also
be invalid.
Add check to return error if session id is invalid.
CRs-Fixed: 2306771
Change-Id: I362340f9f666c95949eaa94d0ced4cb3a1b9abab
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
The virtclk can disable clocks by hab in suspend flow. If hab irq is
disabled then, the power manage task will stick in uninterruptable hab
receive function.
Change-Id: I780ecede7494346953f5f77d665dd77c2cc6d28a
Signed-off-by: Yimin Peng <yiminp@codeaurora.org>
Add initial devices trees for SDM455 CDP devices
Change-Id: I33bf922baf1dcd5c214f0be81affba25eab0c70c
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial devices trees for SDM455 QRD devices
Change-Id: I7107029ac33f47f1866d7907ff9086d98c466039
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial device trees for SDM455 MTP devices
Change-Id: I8b8f3038ae435db9ea87c7e6a72d79e82f72806f
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
CNSS_DEV_ERR_NOTIFY should not be cleared before collecting firmware
dump as device is still in asserted state. Clear it after collecting
firmware dump.
Change-Id: Ic57c65d8ffa1806a0af83e653d6573f19ab1e705
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Large values returned by bitmap_find_next_zero_area() can overflow
and become negative when stored in signed variable 'pageno' that
can lead to failure of condition 'pageno < dma_mem->nr_pages'.
Due to this, Use-after-free issue is observed in bitmap_set(),
When user requests to allocate large size buffer using ion calls.
BUG: KASAN: use-after-free in bitmap_set+0x9c/0xd4 at addr ffffffe774946cc0
Read of size 8 by task syz-executor0/19717
page:ffffffbe5dd25180 count:0 mapcount:-127 mapping:(null)
index:0xffffffe774947000 flags: 0x0()
page dumped because: kasan: bad access detected
page_owner info is not active (free page?)
CPU: 3 PID: 19717 Comm: syz-executor0 Tainted: G W 4.4.78+ #1
Call trace:
[<ffffffa10c68b6fc>] dump_backtrace+0x0/0x2fc
[<ffffffa10c68ba1c>] show_stack+0x24/0x30
[<ffffffa10cc29a34>] dump_stack+0xdc/0x134
[<ffffffa10c8b2c10>] kasan_report+0x380/0x508
[<ffffffa10c8b1f38>] __asan_load8+0x24/0x80
[<ffffffa10cc42218>] bitmap_set+0x9c/0xd4
[<ffffffa10d15941c>] removed_alloc+0x188/0x5e4
[<ffffffa10dba4f40>] ion_cma_allocate+0x164/0x3e0
[<ffffffa10db9cef4>] __ion_alloc+0x368/0x1044
[<ffffffa10db9e0c8>] ion_ioctl+0x25c/0x6ac
[<ffffffa10c8e2f40>] do_vfs_ioctl+0x844/0x9a8
[<ffffffa10c8e311c>] SyS_ioctl+0x78/0xbc
[<ffffffa10c683730>] el0_svc_naked+0x24/0x28
Change-Id: Ibbaa451250bdfa9ce2a6e2cb9d2ee357ee0c8385
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.
Fix it by manually convert it as void* when doing the addition.
CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
API provision for WLAN host driver to check if WLAN PCIe device
is down.
Change-Id: I91efcd781af67c72b787c89e6b619c4cc49da34b
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Subsystem notification for adsp and wlan in guest.
Change-Id: I49e3e0a160a2434ba9df8008a5ad5051fbeed194
Signed-off-by: Venkata Rao Kakani <vkakani@codeaurora.org>
ALARM_EN status is retained in PMIC register after device shutdown
if poweron_alarm is enabled. Read it to make sure the driver has
consistent value with the register status.
Change-Id: Iee0a19ba5126265b36a353c1d1b249d09185564a
Signed-off-by: Mao Jinlong <c_jmao@codeaurora.org>
Add the CPR configuration of Speed-bin 3 for the power
and performance cluster of SDM630.
Change-Id: I6bf9a837ae941cf3ad9413da6e44821916acf197
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
Add mutex lock in rtac_open and rtac_release
to avoid usage count discrepancies leading
to multiple calls to unmap memory resulting in
null pointer dereference.
CRs-Fixed: 2271712
Change-Id: Ie6da28837c352030b8d7e377d68a70cf04e7072a
Signed-off-by: Tanya Dixit <tdixit@codeaurora.org>
Add support to dump complete ramdump of subsystem from start of first
segment to end of last segment without leaving any hole in between.
Change-Id: I0bcab1d4e04748d3934b7a4d99eec59727c3afb1
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Since message received from spi cannot be trusted there is possibility
of out-of-bound read if received read_id is not in range of fifo.
The patch validate rx_fifo_read index of edge info for remote side.
Change-Id: I3d3fa749935f477e5f98f986adc24e6e6a682d4d
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Expand display type/id enumeration up to eight types.
Change-Id: I19c47e6b4aa57dc94020f909260e1de2218ca82d
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Not all devices on an MDIO bus are PHYs. Meaning not all MDIO drivers
are PHY drivers. Add support for generic MDIO drivers.
Change-Id: I65c7c8a497bbac9ef67b3d21c869818a09378e3c
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-Commit: a9049e0c513c4521dbfaa302af8ed08b3366b41f
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Anthony Mah <amah@codeaurora.org>
Otherwise we might dereference an already freed file and/or inode
when aio_complete is called before we return from the read_iter or
write_iter method.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 0b944d3a4bba6b25f43aed530f4fa85c04d162a6)
Change-Id: I628a87b5036ba1ba5ba5152fa0329d02999d3649
Git-Commit: 0b944d3a4bba6b25f43aed530f4fa85c04d162a6
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
[riteshh@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Align with android-base.cfg which is android kernel config
requirement for msm8998_defconfig.
Change-Id: I69cbca16705d25b5505792b11ae4f054be09457f
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Add socinfo support for SDM455 Soc and update the
bindings fot the same.
Change-Id: I9b30795e202d84ae06020983b2d656772fb4f313
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
The control cpu thread which initiates hotplug calls kthread_park()
for hotplug thread and sets KTHREAD_SHOULD_PARK. After this control
thread wakes up the hotplug thread. There is a chance that wakeup
code sees the hotplug thread (running on AP core) in INTERRUPTIBLE
state, but sets its state to RUNNING after hotplug thread has entered
kthread_parkme() and changed its state to TASK_PARKED. This can result
in panic later on in kthread_unpark(), as it sees KTHREAD_IS_PARKED
flag set but fails to rebind the kthread, due to it being not in
TASK_PARKED state. Fix this, by serializing wakeup state change,
against state change before parking the kthread.
Below is the possible race:
Control thread Hotplug Thread
kthread_park()
set KTHREAD_SHOULD_PARK
smpboot_thread_fn
set_current_state(TASK_INTERRUPTIBLE);
kthread_parkme
wake_up_process()
raw_spin_lock_irqsave(&p->pi_lock, flags);
if (!(p->state & state)) -> this will fail
goto out;
__kthread_parkme
__set_current_state(TASK_PARKED);
if (p->on_rq && ttwu_remote(p, wake_flags))
ttwu_remote()
p->state = TASK_RUNNING;
schedule();
So to avoid this race, take pi_lock to serial state changes.
Change-Id: Ie71645d37046f7ee74df880dbead29efbaad199a
Suggested-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
