1. Max value stands for number of levels in SX control. The value
was adjusted inappropriately, which causes inconsistency between
max and min value.
2. Code assumes negative value of mc->min. Positive mc->min leads
to incorrect number of levels. The fix covers the risk.
CRs-Fixed: 1053735
Change-Id: I71bd8f11ff9faff9252129d84c1a80845fc2fe2a
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
On Dual-WiFi platforms, SDIO and PCIe dumps are overwritten by
the crashscope, as they use the same dump name.
Use different dump names to distinguish the dump between SDIO and PCIe.
CRs-Fixed: 1037346
Change-Id: I59c0ee5d3c5f206ae09d6b813f1e5c1ce1434cc1
Signed-off-by: Anand Kumar <anandkumar@codeaurora.org>
A number of functions include ext4_add_dx_entry, make_indexed_dir,
etc. are being passed a dentry even though the only thing they use is
the containing parent. We can shrink the code size slightly by maing
this replacement. This will also be useful in cases where we don't
have a dentry as the argument to the directory entry insert functions.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: "Theodore Ts'o" <tytso@google.com>
Git-commit: e3b970d19418e2cfeeaca323ae620cc2dab22086
Git-repo: https://android.googlesource.com/kernel/msm/
Change-Id: I565f822a8fc795740155154a7f003340b26ee128
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
When event needs to be processed synchronously, event posting
thread waits for the completion. After completion, result from
the event work is retrieved and event buffer would be freed. But
if waiting thread gets interrupted then wait_for_completion API
returns failure and it also frees the buffer posted for
processing. Event work queue may accesses the freed buffer and
crash the system.
Fix the issue by properly synchronizing event buffer free between
caller and event work by checking for return value of
wait_for_completion.
CRs-fixed: 1057180
Change-Id: Ic3968fd4c0232da6bc9a97d94376f540f62bd2e6
Signed-off-by: Prashanth Bhatta <bhattap@codeaurora.org>
Enable CoreSight abort for msmcobalt. CoreSight driver will
dump any trace present in the current sink in case we hit a
kernel panic, user fault or an undefined instruction.
Change-Id: Iff2fdfb547617425182429d95fb1d3b9a2e4321f
Signed-off-by: Satyajit Desai <sadesai@codeaurora.org>
Sometime endpoint command timeout happening after
usb device enumeration. Controller stops responding to
any endpoint commands afterwards. To recover from this
condition restart usb by simulating vbus off and on
except for end transfer command. Also increase the
command timeout from 1500us to 3000us.
Change-Id: I7c1833d844fd432b33158686361e24e66a2fd92c
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Driver is setting notify request pointer to NULL in order
to prevent re-queueing of notification request until it is
completed. This results into NULL ptr dereference if ioctl
happens before driver unbind tries to free the request buffer.
Fix this issue by introduce a flag q_again to prevent re-queuing
of same request instead of setting notify request pointer to NULL.
Also add NULL check in usb_cser_free_req() and set the request
pointer to NULL after freeing it.
Change-Id: Id431f911d3bdebfeedd0a5c1e36218ce7467ba67
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
The overlay zorder values copied from user space are used
as index in left_lm_zo_cnt and right_lm_zo_cnt. This fix
will validate the overlay zorder value copied from user
space to not go beyond MDSS_MDP_MAX_STAGE, thus preventing
any arbitrary increments in kernel memory.
CRs-Fixed: 1049232
Change-Id: Ie8e65ce9f58cb357204bfa4c6a6e0fccec82d5ba
Signed-off-by: Shalini Krishnamoorthi <shakri@codeaurora.org>
Store the avr vtotal information computed from the initial timing
information and use it to restore the register values to avoid
flickering issues during suspend/resume usecase.
CRs-Fixed: 1056610
Change-Id: I8c7d27a062b90a3f200904f0ba20fbdb0bb32d70
Signed-off-by: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
RFC 6864 states that the IPv4 ID field MUST NOT be used for purposes other
than fragmentation and reassembly. Currently we are looking at this field
as a way of identifying what frames can be aggregated and which cannot for
GRO. While this is valid for frames that do not have DF set, it is invalid
to do so if the bit is set.
In addition we were generating IPv4 ID collisions when 2 or more flows were
interleaved over the same tunnel. To prevent that we store the result of
all IP ID checks via a "|=" instead of overwriting previous values.
With this patch we support two different approaches for the IP ID field.
The first is a non-incrementing IP ID with DF bit set. In such a case we
simply won't write to the flush_id field in the GRO context block. The
other option is the legacy option in which the IP ID must increment by 1
for every packet we aggregate.
In the case of the non-incrementing IP ID we will end up losing the data
that the IP ID is fixed. However as per RFC 6864 we should be able to
write any value into the IP ID when the DF bit is set so this should cause
minimal harm.
v2: Updated patch so that we now only support one of two options. Either
the IP ID is fixed with DF bit set, or the IP ID is incrementing. That
allows us to support the fixed ID case as occurs with IPv6 to IPv4
header translation and what is likely already out there for some
devices with tunnel headers.
CRs-Fixed: 1017614
Change-Id: I01065135889697dd8512ced09b8e1939e0fb645b
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Patch-mainline: netdev @ April 4, 2016, 4:31 p.m
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
