If WLAN interface is not brought up for certain amount of time
after it is created, idle shutdown will happen to power off WLAN
device. Idle restart will happen to power up WLAN device if WLAN
is needed by user again. Add the support in platform driver.
Change-Id: I63e85c7de20536fc4146e05146e72537095025e5
Signed-off-by: Naman Padhiar <npadhiar@codeaurora.org>
When plane is detached from crtc in one atomic commit and then
attached to another crtc in the next atomic commit, the second
plane state swap will happen when the first commit is still running
in the previous crtc's worker thread, which will result in two
threads programming the same plane and run into undeterministic
state.
Fix is to add plane_mask check before state swap, together with
crtc_mask check. This will make sure there is no pending worker
thread working on the same plane.
Change-Id: I64cd4b68fa9746e988d933069ac0f8083d974c79
Signed-off-by: Xiaowen Wu <wxiaowen@codeaurora.org>
when request_frame is very late or reg_update is missing for previous frame
reject it inform using drop_reconfig flag.
Change-Id: Ic7be9c765da63e2c84c4ce2ff05a3cc146f5c2bd
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
Only Block0 and Block1 of EDID are being read successfully.
Fix EDID segment read failure for Block2 and Block3.
Change-Id: I2d501878c6089b275e77587f3f41416aec2ef389
Signed-off-by: Narender Ankam <nankam@codeaurora.org>
Few commands with smaller length than dci packet request header
can fail due to present header length check. Modify the length
check to cater to smaller length packets.
Change-Id: Icf2e45b4eb1be0f2a15f47e58baffe86ece20a1d
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
In hdmi-as-primary usecase with resolution change, the
vsync_handler can get called from overlay_on function before
the vsync handler is registered via ctl_start. Add a check
to avoid the null ptr access while accessing the vsync
handler function ptr in this case.
Change-Id: Ic47b10502939c4a4751c78da1f8fe28b3005cf3b
Signed-off-by: Nirmal Abraham <nabrah@codeaurora.org>
Handle debugfs override edid and firmware edid at the low level to
transparently and completely replace the real edid. Previously, we
practically only used the modes from the override EDID, and none of the
other data, such as audio parameters.
This change also prevents actual EDID reads when the EDID is to be
overridden, but retains the DDC probe. This is useful if the reason for
preferring override EDID are problems with reading the data, or
corruption of the data.
Move firmware EDID loading from helper to core, as the functionality
moves to lower level as well. This will result in a change of module
parameter from drm_kms_helper.edid_firmware to drm.edid_firmware, which
arguably makes more sense anyway.
Some future work remains related to override and firmware EDID
validation. Like before, no validation is done for override EDID. The
firmware EDID is validated separately in the loader. Some unification
and deduplication would be in order, to validate all of them at the
drm_do_get_edid() level, like "real" EDIDs.
v2: move firmware loading to core
v3: rebase, commit message refresh
Cc: Abdiel Janulgue <abdiel.janulgue@linux.intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Tested-by: Abdiel Janulgue <abdiel.janulgue@linux.intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Acked-by: Dave Airlie <airlied@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1e8a710bcac46e5136c1a7b430074893c81f364a.1505203831.git.jani.nikula@intel.com
Git-commit: 53fd40a90f3c0bdad86ec266ee5df833f54ace39
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: I5003038a40d3eeb469dc49257650f4194f084231
[tanmay@codeaurora.org: resolved trivial merge conflicts]
Signed-off-by: Tanmay Shah <tanmay@codeaurora.org>
drawobj_destroy_sync() tries to cancel all pending sync events
by taking local copy of pending list. In case of sync point timestamp
event, it goes ahead and accesses context's events list assuming that
event's context would be alive.
But at the same time, if the other context, which is of interest for
these sync point events, can be destroyed by cancelling all
events in its group.
This leads to use-after-free in drawobj_destroy_sync() path.
Fix is to give the responsibility of putting the context's ref count
to the thread which clears the pending mask.
Change-Id: I8d08ef6ddb38ca917f75088071c04727bced11d2
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
OverlayFS is needed to be enabled to align with the
latest android base config. Enable it for SDM660 and
MSM8998.
Change-Id: I9856b55bbda74fdd7f03644d5aad1464549a053f
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
validate structures and payload sizes in the
packet against packet size to avoid OOB access.
Change-Id: Id44e5c6be4dde3e6545d453f5edd3219776a4e58
Signed-off-by: Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
Signed-off-by: Sanjay Singh <sisanj@codeaurora.org>
IMO the override_edid should override any default EDID for the
connector, whether that came in via the connector helper ->get_modes()
vfunc or via the firmware EDID mechanism.
Cc: Thomas Wood <thomas.wood@intel.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.kernel.org/patch/7822361/
Git-Commit: 0e8578c996a33c8da9c28f8ed2d1be68694070ee
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: I247c19010434473c9af9e0bb8cdeed6b335e4714
Signed-off-by: Tanmay Shah <tanmay@codeaurora.org>
when isp tasklet get delayed due to scheduling, recover
pingpong mismatch from both isp and send back buffer to
framework to avoid framedrop.
Change-Id: If7357d7b2669f99eb45c364288f09954b9f0a710
Signed-off-by: Ramesh V <ramev@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
* refs/heads/tmp-aeb051d
Linux 4.4.186
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
dm verity: use message limit for data block corruption message
sis900: fix TX completion
ppp: mppe: Add softdep to arc4
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
perf/core: Fix perf_sample_regs_user() mm check
e1000e: start network tx queue only when link is up
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
usb: gadget: ether: Fix race between gether_disconnect and rx_submit
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
fscrypt: don't set policy for a dead directory
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
bnx2x: Check if transceiver implements DDM before access
md: fix for divide error in status_resync
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
Input: imx_keypad - make sure keyboard can always wake up system
can: mcp251x: add support for mcp25625
dt-bindings: can: mcp251x: add mcp25625 support
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: mesh: fix RCU warning
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
ANDROID: overlayfs ovl_create_of_link regression
Change-Id: I42190d7fc7de3f2287199a9f69bc42bcf3596ec7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl00DyQACgkQONu9yGCS
aT7NRhAAr1yyk+Rs9H80NW2K733VFLGbT/nsmCEPwi+oS6/AiN+4U0pgi+4YCHSU
waBXC7BBBNp/tm86zAH5fQmvdWNeCy3hTS0SXbP5BkpjNlpuTr0KM6hHT0ZiQtTE
i8H9jqG2j0vvyylbFv0B0T4WX+7B8F4U3wH0888MrxgJGrbZYIw2G0C910zH66A5
XSi9Lsp6xv52Q4zgea0oiKplqTBvTMDQZDxUzp4Dgd3byXu6UVqKUzI67OjkPvIO
umQ04beAx3jkuQwcab0kqd8i+hj7/9skT9G0wwhDJLSQr7hgi06V+YWql9Y+L6GD
H4BWHzbWssGbZIGYdPRMiqojSjjTzvLmBZyEHbsjHdNmYGyLqX/R0MPbuoeOFfBD
eP7oQIoEwRiHH9Ys1RNQsikBqdkege1gG1kRvrAeK1YDCUpX7xWLkwDfvzWerAD5
jjW9xZ3AYGiIRoZ2Uz8NqWash3KenHnYLulST6xlQ2yiLSadA9C869Asyl7WCtrR
XFQd/ZJwKahQiiaItu6ZlStqfrJaJ6T0dWwTficQHdWozP8KD2m83xIXo+9OQEc/
bcvLNpYe0dWy41ZJR2j6bqc+mpb8c+VoSmoyL2amsqIiGkBVoiQYmZ31qHNvEVeg
QwF7949xYp7CfanJ8hgNAc31VgZSuC5nzMwuDwybCoATxDLHMRo=
=cWZi
-----END PGP SIGNATURE-----
Merge 4.4.186 into android-4.4
Changes in 4.4.186
Input: elantech - enable middle button support on 2 ThinkPads
samples, bpf: fix to change the buffer size for read()
mac80211: mesh: fix RCU warning
mwifiex: Fix possible buffer overflows at parsing bss descriptor
dt-bindings: can: mcp251x: add mcp25625 support
can: mcp251x: add support for mcp25625
Input: imx_keypad - make sure keyboard can always wake up system
ARM: davinci: da850-evm: call regulator_has_full_constraints()
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
md: fix for divide error in status_resync
bnx2x: Check if transceiver implements DDM before access
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
mwifiex: Abort at too short BSS descriptor element
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
fscrypt: don't set policy for a dead directory
mwifiex: Don't abort on small, spec-compliant vendor IEs
USB: serial: ftdi_sio: add ID for isodebug v1
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
usb: gadget: ether: Fix race between gether_disconnect and rx_submit
usb: renesas_usbhs: add a workaround for a race condition of workqueue
staging: comedi: dt282x: fix a null pointer deref on interrupt
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
carl9170: fix misuse of device driver API
VMCI: Fix integer overflow in VMCI handle arrays
MIPS: Remove superfluous check for __linux__
e1000e: start network tx queue only when link is up
perf/core: Fix perf_sample_regs_user() mm check
ARM: omap2: remove incorrect __init annotation
be2net: fix link failure after ethtool offline test
ppp: mppe: Add softdep to arc4
sis900: fix TX completion
dm verity: use message limit for data block corruption message
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
ARC: hide unused function unw_hdr_alloc
s390: fix stfle zero padding
s390/qdio: (re-)initialize tiqdio list entries
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
Linux 4.4.186
Change-Id: Ie2eb68e394f94310d144fdba04d7ebfb3cb63cb7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
There is a possible case of double unlock of the
spinlock ccid_dev->lock when the ccid daemon is trying
to write while the disable is being processed.
Fix this by going to done once the unlock is done.
Also, remove the unnecessary goto at the end of the
function call.
Change-Id: Idab0801cbf9db91e18d933c8088a4af479b8691f
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
Some structures are used uninitialized, which may
result in unexpected behavior.
Initialize these structures before using them.
CRs-Fixed: 2494231
Change-Id: I89c7c8ec9defe1db14b9c8cdc3632f5d0051e626
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
commit ac6639cd3db607d386616487902b4cc1850a7be5 upstream.
Current code sets the dsci to 0x00000080. Which doesn't make any sense,
as the indicator area is located in the _left-most_ byte.
Worse: if the dsci is the _shared_ indicator, this potentially clears
the indication of activity for a _different_ device.
tiqdio_thinint_handler() will then have no reason to call that device's
IRQ handler, and the device ends up stalling.
Fixes: d0c9d4a89f ("[S390] qdio: set correct bit in dsci")
Cc: <stable@vger.kernel.org>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e54e4785cb5cb4896cf4285964aeef2125612fb2 upstream.
When tiqdio_remove_input_queues() removes a queue from the tiq_list as
part of qdio_shutdown(), it doesn't re-initialize the queue's list entry
and the prev/next pointers go stale.
If a subsequent qdio_establish() fails while sending the ESTABLISH cmd,
it calls qdio_shutdown() again in QDIO_IRQ_STATE_ERR state and
tiqdio_remove_input_queues() will attempt to remove the queue entry a
second time. This dereferences the stale pointers, and bad things ensue.
Fix this by re-initializing the list entry after removing it from the
list.
For good practice also initialize the list entry when the queue is first
allocated, and remove the quirky checks that papered over this omission.
Note that prior to
commit e521813468f7 ("s390/qdio: fix access to uninitialized qdio_q fields"),
these checks were bogus anyway.
setup_queues_misc() clears the whole queue struct, and thus needs to
re-init the prev/next pointers as well.
Fixes: 779e6e1c72 ("[S390] qdio: new qdio driver.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4f18d869ffd056c7858f3d617c71345cf19be008 upstream.
The stfle inline assembly returns the number of double words written
(condition code 0) or the double words it would have written
(condition code 3), if the memory array it got as parameter would have
been large enough.
The current stfle implementation assumes that the array is always
large enough and clears those parts of the array that have not been
written to with a subsequent memset call.
If however the array is not large enough memset will get a negative
length parameter, which means that memset clears memory until it gets
an exception and the kernel crashes.
To fix this simply limit the maximum length. Move also the inline
assembly to an extra function to avoid clobbering of register 0, which
might happen because of the added min_t invocation together with code
instrumentation.
The bug was introduced with commit 14375bc4eb ("[S390] cleanup
facility list handling") but was rather harmless, since it would only
write to a rather large array. It became a potential problem with
commit 3ab121ab18 ("[S390] kernel: Add z/VM LGR detection"). Since
then it writes to an array with only four double words, while some
machines already deliver three double words. As soon as machines have
a facility bit within the fifth double a crash on IPL would happen.
Fixes: 14375bc4eb ("[S390] cleanup facility list handling")
Cc: <stable@vger.kernel.org> # v2.6.37+
Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fd5de2721ea7d16e2b16c4049ac49f229551b290 upstream.
As kernelci.org reports, this function is not used in
vdk_hs38_defconfig:
arch/arc/kernel/unwind.c:188:14: warning: 'unw_hdr_alloc' defined but not used [-Wunused-function]
Fixes: bc79c9a721 ("ARC: dw2 unwind: Reinstante unwinding out of modules")
Link: https://kernelci.org/build/id/5d1cae3f59b514300340c132/logs/
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2eba4e640b2c4161e31ae20090a53ee02a518657 ]
DM verity should also use DMERR_LIMIT to limit repeat data block
corruption messages.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
