Remove kzfree() after kclient list iteration to avoid invalid
pointer deference.
Change-Id: I78922269e219fcb16d3cff05f8b168a75a3c05ae
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Add a null pointer check on sg_src to avoid a possible
null pointer dereference in qcedev driver.
Change-Id: I9d4f9147ae6c340064110381c98d064f29fd9444
Signed-off-by: Ramandeep Trehan <rtrehan@codeaurora.org>
New msg SSIDs, log and event mask codes for different subsystems
are added as a new requirement for enable logging.
Change-Id: I31e784307e6de388e1de0806baacf00116360c30
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Disable CONFIG_INET_LRO in sdm660_defconfig
and sdm660-perf_defconfig to avoid pop up.
Change-Id: I62069b3f8df27812f714e9875a0e7b7e20e31d4c
Signed-off-by: Vara Prasad A V S G <vavsg@codeaurora.org>
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
If the caller has set __GFP_NOWARN don't print the following message:
vmap allocation for size 15736832 failed: use vmalloc=<size> to increase
size.
This can happen with the ARM/Linux or ARM64/Linux module loader built
with CONFIG_ARM{,64}_MODULE_PLTS=y which does a first attempt at loading
a large module from module space, then falls back to vmalloc space.
Change-Id: Ib907156055959e22a419b79fb424772baea556d0
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Git-Commit: 03497d761c55438144fd63534d4223418fdfd345
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
When CONFIG_ARM_MODULE_PLTS is enabled, the first allocation using the
module space fails, because the module is too big, and then the module
allocation is attempted from vmalloc space. Silence the first allocation
failure in that case by setting __GFP_NOWARN.
Change-Id: I94ed69d0cb42b16f68b08354f6f62dc22851d84a
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Git-commit: 75d24d968af8913f641c612930c96acc5399e427
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
When CONFIG_ARM64_MODULE_PLTS is enabled, the first allocation using the
module space fails, because the module is too big, and then the module
allocation is attempted from vmalloc space. Silence the first allocation
failure in that case by setting __GFP_NOWARN.
Change-Id: I15999e9fb0405dbd76e74dde5b2f94025899d875
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
Git-commit: 0c2cf6d9487cb90be6ad7fac66044dfa8e8e5243
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
The "tx_blocked_signal_sent" flag is not reset correctly after receiving
the interrupt from the remote side. Hence further READ_NOTIF commands are
not written into FIFO in FIFO full case.
Reset the "tx_blocked_signal_sent" correctly after write space available
in FIFO.
CRs-Fixed: 2175526
Change-Id: I236da2a2b984b3f3cce8400b50f72ce1016d7e40
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In some of the SCM APIs implememnted by the QCPE front end,
some return values were not propagated correctly.
Change-Id: I2b0aa7f5511eac384db82a65b380a5d964514e57
Signed-off-by: Amit Blay <ablay@codeaurora.org>
If session id is invalid then dtmf voice info will also
be invalid.
Add check to return error if session id is invalid.
CRs-Fixed: 2306771
Change-Id: I362340f9f666c95949eaa94d0ced4cb3a1b9abab
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
The virtclk can disable clocks by hab in suspend flow. If hab irq is
disabled then, the power manage task will stick in uninterruptable hab
receive function.
Change-Id: I780ecede7494346953f5f77d665dd77c2cc6d28a
Signed-off-by: Yimin Peng <yiminp@codeaurora.org>
Add initial devices trees for SDM455 CDP devices
Change-Id: I33bf922baf1dcd5c214f0be81affba25eab0c70c
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial devices trees for SDM455 QRD devices
Change-Id: I7107029ac33f47f1866d7907ff9086d98c466039
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
Add initial device trees for SDM455 MTP devices
Change-Id: I8b8f3038ae435db9ea87c7e6a72d79e82f72806f
Signed-off-by: Teng Fei Fan <tengfei@codeaurora.org>
CNSS_DEV_ERR_NOTIFY should not be cleared before collecting firmware
dump as device is still in asserted state. Clear it after collecting
firmware dump.
Change-Id: Ic57c65d8ffa1806a0af83e653d6573f19ab1e705
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Large values returned by bitmap_find_next_zero_area() can overflow
and become negative when stored in signed variable 'pageno' that
can lead to failure of condition 'pageno < dma_mem->nr_pages'.
Due to this, Use-after-free issue is observed in bitmap_set(),
When user requests to allocate large size buffer using ion calls.
BUG: KASAN: use-after-free in bitmap_set+0x9c/0xd4 at addr ffffffe774946cc0
Read of size 8 by task syz-executor0/19717
page:ffffffbe5dd25180 count:0 mapcount:-127 mapping:(null)
index:0xffffffe774947000 flags: 0x0()
page dumped because: kasan: bad access detected
page_owner info is not active (free page?)
CPU: 3 PID: 19717 Comm: syz-executor0 Tainted: G W 4.4.78+ #1
Call trace:
[<ffffffa10c68b6fc>] dump_backtrace+0x0/0x2fc
[<ffffffa10c68ba1c>] show_stack+0x24/0x30
[<ffffffa10cc29a34>] dump_stack+0xdc/0x134
[<ffffffa10c8b2c10>] kasan_report+0x380/0x508
[<ffffffa10c8b1f38>] __asan_load8+0x24/0x80
[<ffffffa10cc42218>] bitmap_set+0x9c/0xd4
[<ffffffa10d15941c>] removed_alloc+0x188/0x5e4
[<ffffffa10dba4f40>] ion_cma_allocate+0x164/0x3e0
[<ffffffa10db9cef4>] __ion_alloc+0x368/0x1044
[<ffffffa10db9e0c8>] ion_ioctl+0x25c/0x6ac
[<ffffffa10c8e2f40>] do_vfs_ioctl+0x844/0x9a8
[<ffffffa10c8e311c>] SyS_ioctl+0x78/0xbc
[<ffffffa10c683730>] el0_svc_naked+0x24/0x28
Change-Id: Ibbaa451250bdfa9ce2a6e2cb9d2ee357ee0c8385
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.
Fix it by manually convert it as void* when doing the addition.
CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
API provision for WLAN host driver to check if WLAN PCIe device
is down.
Change-Id: I91efcd781af67c72b787c89e6b619c4cc49da34b
Signed-off-by: Yue Ma <yuem@codeaurora.org>
Subsystem notification for adsp and wlan in guest.
Change-Id: I49e3e0a160a2434ba9df8008a5ad5051fbeed194
Signed-off-by: Venkata Rao Kakani <vkakani@codeaurora.org>
ALARM_EN status is retained in PMIC register after device shutdown
if poweron_alarm is enabled. Read it to make sure the driver has
consistent value with the register status.
Change-Id: Iee0a19ba5126265b36a353c1d1b249d09185564a
Signed-off-by: Mao Jinlong <c_jmao@codeaurora.org>
Add the CPR configuration of Speed-bin 3 for the power
and performance cluster of SDM630.
Change-Id: I6bf9a837ae941cf3ad9413da6e44821916acf197
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
Add mutex lock in rtac_open and rtac_release
to avoid usage count discrepancies leading
to multiple calls to unmap memory resulting in
null pointer dereference.
CRs-Fixed: 2271712
Change-Id: Ie6da28837c352030b8d7e377d68a70cf04e7072a
Signed-off-by: Tanya Dixit <tdixit@codeaurora.org>
Add support to dump complete ramdump of subsystem from start of first
segment to end of last segment without leaving any hole in between.
Change-Id: I0bcab1d4e04748d3934b7a4d99eec59727c3afb1
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Since message received from spi cannot be trusted there is possibility
of out-of-bound read if received read_id is not in range of fifo.
The patch validate rx_fifo_read index of edge info for remote side.
Change-Id: I3d3fa749935f477e5f98f986adc24e6e6a682d4d
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Expand display type/id enumeration up to eight types.
Change-Id: I19c47e6b4aa57dc94020f909260e1de2218ca82d
Signed-off-by: Camus Wong <camusw@codeaurora.org>
