While trying to write dsi commands from userspace, the user buffer
is copied using simple_write_to_buffer. If the number of bytes in
the user buffer is less than the destination buffer, the length was
set to the destination buffer length. Subsequently the buffer could
be read from userspace to dump a lot of uninitialized kernel heap
data. Update the destination buffer with the correct size of bytes
copied from the user buffer.
Change-Id: Ib28f3698655d25ad8103fc02199a1d214092e232
Signed-off-by: Ashish Garg <ashigarg@codeaurora.org>
A negative sleep time could be interpreted as a large positive sleep
time when its casted to a unsigned type. This could result in CPU sleeping
for a longer than expected duration resulting in missed interrupts.
Change-Id: I472f355c8ba392ab46d53fceddb448f7e35c178e
Signed-off-by: Mahesh Sivasubramanian <msivasub@codeaurora.org>
Signed-off-by: Maulik Shah <mkshah@codeaurora.org>
Signed-off-by: Naresh Malladi <namall@codeaurora.org>
Initializing metadata buffer to zero before reusing the buffer
for next invoke.
Change-Id: Iaab3478732b83427a475e95afa0e031cb76f60d9
Acked-by: Viswanatham Paduchuri <vpaduchu@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
This is required to add a PM QOS request to disallow L2PC on masked CPUS.
It improves queue to submit time for first set of GPU commands
which results in GPU wake up.
Change-Id: If7e0925ec76065158188671f1d11a0de5e9900aa
Signed-off-by: Gaurav Sonwani <gsonwani@codeaurora.org>
Removed a local variable in mmc_start_req() which was used to store the
error encountered while starting a new data request. If an error is
encountered while starting a new request, the error
information is stored in the mrq. The error information stored in the
mrq is during error handling. So removing the unused variable.
Change-Id: Ifeedc91433230d5156d286bd332a85fb221188ac
Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
In case the DPCD read transaction continuously times out, it is
likely that the sink is not responding or the DP cable/dongle is
faulty and hence no response is seen. In such cases, avoid
reporting the DP connect event to userspace.
Change-Id: Ie07de464f63dc3b18c875a061a18ad00e4c99e85
Signed-off-by: Padmanabhan Komanduru <pkomandu@codeaurora.org>
Audio codec interrupt line is connected to pin61 of MPM. Map
interrupt 209 to MPM pin61 to wakeup APSS from TCXO mode.
CRs-Fixed: 2040808
Change-Id: I74cfc871b6e99c62dda30033e6dabb5fe5d19705
Signed-off-by: Nagaradhesh Yeleswarapu <nagaradh@qti.qualcomm.com>
Fix ordering of link creation between node->prev and prev->next in
osq_lock(). A case in which the status of optimistic spin queue is
CPU6->CPU2 in which CPU6 has acquired the lock. At this point if CPU0
comes in to acquire osq_lock, it will update the tail count. After tail
count update if CPU2 starts to unqueue itself from optimistic spin queue,
it will find updated tail count with CPU0 and update CPU2 node->next to
NULL in osq_wait_next(). If reordering of following stores happen then
prev->next where prev being CPU2 would be updated to point to CPU0 node:
node->prev = prev;
WRITE_ONCE(prev->next, node);
At this point if next instruction
WRITE_ONCE(next->prev, prev);
in CPU2 path is committed before the update of CPU0 node->prev = prev then
CPU0 node->prev will point to CPU6 node. At this point if CPU0 path's
node->prev = prev is committed resulting in change of CPU0 prev back to
CPU2 node. CPU2 node->next is NULL currently, so if CPU0 gets into unqueue
path of osq_lock it will keep spinning in infinite loop as condition
prev->next == node will never be true.
Change-Id: I48d847096daf3c228de90ae1cd2a6415b7bde65a
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
The legacy detection workaround change restricts DCP to 1.5A draw,
regardless of legacy/non-legacy type. This was to prevent a legacy
(non-compliant) cable, incorrectly detected as non-legacy cable from
drawing more than 1.5A.
The issue with legacy bit is that hardware could end up reporting
non-legacy for a legacy cable (not the other way round). We want to
ensure that for non-compliant legacy cable SDP/CDP current limits
are honoured and that for a Rp = 10k legacy cable VBUS shouldn't go
higher than 5V.
This cap of 1.5A on DCP is not necessary. Moreover AICL will limit the
current if needed.
To realize this force the Rp based current whenever DCP or float
is seen via the LEGACY_UNKNOWN_VOTER. LEGACY_UNKNOWN_VOTER is not
removed unless a confirmed hvdcp or pd is seen.
Change-Id: I89505e9db4f045aaf71ab0ee534de783ea4d2df3
Signed-off-by: Ashay Jaiswal <ashayj@codeaurora.org>
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
MHI change requires all work to be finished before returning from
the ERROR, SHUTDOWN and DISABLE callbacks. Call mhi xprt enable and
disable functions directly instead of deferring the work. Remove
calls to mhi_close_channel to prevent calling MHI after the disable
callback.
CRs-Fixed: 1095436
Change-Id: I37910cfd3b51693b1f3bc84815d95595602690e8
Signed-off-by: Chris Lew <clew@codeaurora.org>
The MHI driver is changing their APIs to use the device
node during registration. This change accommodates the
API changes and callback state changes.
CRs-Fixed: 1095436
Change-Id: I1899d97d676c28b89bb5f85c1a92732f6cfec904
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Sujeev Dias <sdias@codeaurora.org>
In kernel version 4.1, tracefs was separated from debugfs into its
own filesystem. Prior to this split, files in
/sys/kernel/debug/tracing could be labeled during filesystem
creation using genfscon or later from userspace using setxattr. This
change re-enables support for genfscon labeling.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 6a3911837da0a90ed599fd0a9836472f5e7ddf1b)
Change-Id: I98ad8c829302346705c1abcdc8f019f479fdefb6
Bug: 62413700
Excessive logging due to several successive memory allocation failure
may cause a watchdog bite. Hence, this change adds ratelimit to logging
on memory allocation failure.
Change-Id: I8e5d78918a32c48ef7fa587f3dc63cbd1f065d5f
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
The debug option to always ON the GPU clocks does not check the regulator
state. If the user tries to set this option while GPU is in Slumber state
then enabling clocks will fail.
Make sure we enable the GPU regulators before enabling its clocks.
Change-Id: Id77773224c674fe2e1b6179a039750b24e5e5f87
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
prepare_to_wait() will enqueue the thread on the given queue
and put it into the given execution state,
which is TASK_INTERRUPTIBLE.
Further processing in function, calls mutex_lock(),
will go into a new version of the going-to-sleep code,
changing the task state.
That, of course, may well interfere with the outer
sleeping code.
So, nesting of sleeping primitives in this way is discouraged.
And new warning was added to point out this kind of nesting.
Fix the nesting of sleeping primitives with the new solution
provide in linux kernel.
Change-Id: Id1a5f64472cd2d63e679706c6482db98f89ec765
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Resolve memory out of bound access by correcting the
length of the buffer to be copied.
Change-Id: I2cc74a664399913acf67464a5f6827b100522676
Signed-off-by: Revathi Uddaraju <revathiu@codeaurora.org>
Currently, there is possibility of out-of-bound accesses during
handling of data in non-hdlc path. The patch adds proper protection
when processing non-hdlc packet information to fix the issue.
CRs-Fixed: 2029216
Change-Id: I07c466f85bd8ac08226948fea86b1d8567e68431
Signed-off-by: Hardik Arya <harya@codeaurora.org>
The pointer req_frm is coming from userspace, it may overflow stream_info.
Adding a bound check to prevent the same.
CRs-fixed: 2008683
Change-Id: I8682e09ff2ab7ba490bbbd9e20db978493c5f3e4
Signed-off-by: Senthil Kumar Rajagopal <skrajago@codeaurora.org>
Signed-off-by: Andy Sun <bins@codeaurora.org>
Live Lock due to task spinning while unqueue of CPU osq_node
from optimistic_spin_queue. Task T1 had decremented mutex count to
acquire the lock on CPU0. Before setting owner it got preempted. On
CPU1 task T2 acquired osq_lock and started spinning on owner of mutex
with preemption disabled. CPU1 runq has one task, so need_resched will
not be set. On CPU0 task T3 tried to acquire osq_lock to spin on the
same mutex. At this time following scenario causes soft lockup:
After preemption of task T1, RT task T3 tried to acquire the same
mutex. It will start spinning on the osq_lock until the lock is available
or need_resched is set. For RT task, need_resched will not be set. Task T3
will not be able to bail out of the infinite loop.
Change-Id: Ifd7506047119a22e14b15459ac6b04b410ba1c84
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Current upstream parser only handles RGB deep color
modes.
Add support in the SDE EDID parser module to parse
HDMI VSDB block and indicate support for YUV 420
deep color modes in the sink.
Change-Id: If6c007263094e7716a29cae503d3e3471ae04306
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
Add default value support for plane enum property which caller is
able to pass in different default value when initialize the enum
property list.
Change-Id: I57595bf7c42b0e528a18ab0951655a169b00d611
Signed-off-by: Jin Li <jinl@codeaurora.org>
Signed-off-by: Yunyun Cao <yunyunc@codeaurora.org>
Conntrack, if enabled, verifies complete checksum on all tcp
packets. If a packet is corrupted, it sets ip_summed field
to CHECKSUM_COMPLETE and checksum valid field to false.
With these changes such packet will be dropped.
Packets that are corrupted can go into userspace even when
the checksum is wrong. The io_vec library pushes the data into
pipe before checking the checksum. If the checksum is wrong,
the copied data is not reverted. Users observe corrupted data
in the application memory due to such corrupted packets.
This fix is to plug one such hole.
This change might be redundant on kernels after v4.9.
Change-Id: Iffface598d0fa2b25fb9c20c7aa6443aab9d8aea
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Neighbour index of step table possibly have same position,
so i2c operation reported invalid size parameters.
we add protection condition to return success value.
Change-Id: I7dab8f44a99c7c3c7d6996c8decb8bcd09c246c9
Signed-off-by: penliu <pengfeiliu@codeaurora.org>
Sysfs attribute "inactivity_timer" not being used anymore so remove that
entry from sysfs.
CRs-Fixed: 2048725
Change-Id: I30d2d4a3cb9899b7975a6395eab90337fc006488
Signed-off-by: Arumuga Durai A <cadurai@codeaurora.org>
The PM_QOS_CPU_DMA_LATENCY QOS request attached to an IRQ is ignored
if the IRQ is affined to an isolated CPU. As isolated CPUs enter
deep sleep state, it is better not to affine IRQs to those CPUs.
Change-Id: Ieab4a04eca222b91159208b21bc9e14390ecd62e
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Userspace can set the default IRQ affinity setting by writing into
/proc/irq/default_smp_affinity file. When an IRQ affinity is
broken during isolation/hotplug,override the affinity to online and
un-isolated CPUs from the default affinity CPUs. If no such CPU
is available, then only override with cpu_online_mask.
Change-Id: I7578728ed0d7c17c5890d9916cfd6451d1968568
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
