validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.
Validate size of each attribute before parsing to avoid potential buffer
overread.
Fixes: 2a51931192 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: d7f13f7450369281a5d0ea463cc69890a15923ae
Change-Id: I34198e599a950c30495ec3445799972db7f9f42e
CRs-Fixed: 2069828
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Buffer overread may happen as nl80211_set_station() reads 4 bytes
from the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE without
validating the size of data received when userspace sends less
than 4 bytes of data with NL80211_ATTR_LOCAL_MESH_POWER_MODE.
Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE to avoid
the buffer overread.
Fixes: 3b1c5a5307 ("{cfg,nl}80211: mesh power mode primitives and userspace access")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 8feb69c7bd89513be80eb19198d48f154b254021
Change-Id: Ie20993309501fd242782311b9fe787931f716116
CRs-Fixed: 2055013
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
nla policy checks for only maximum length of the attribute data
when the attribute type is NLA_BINARY. If userspace sends less
data than specified, the wireless drivers may access illegal
memory. When type is NLA_UNSPEC, nla policy check ensures that
userspace sends minimum specified length number of bytes.
Remove type assignment to NLA_BINARY from nla_policy of
NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
WLAN_PMKID_LEN bytes are received from userspace with
NL80211_ATTR_PMKID.
Fixes: 67fbb16be6 ("nl80211: PMKSA caching support")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 9361df14d1cbf966409d5d6f48bb334384fbe138
Change-Id: I5feb729a9ef48f67c4ee460e7e133d5fc8cecd4f
CRs-Fixed: 2061676
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Update the synchronization process of the cnss platform driver
memory expansion and WLAN firmware table configuration from
the userspace through sysfs firmware update node.
CRs-Fixed: 2071560
Change-Id: I672ba84ad10c905be7855c1b8a930ac7adf349f1
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Couple of code cleanup
- Initialize the return variable before using it.
- Remove unnecessary NULL check.
Change-Id: I8e63cb95ae99d1656143ae4b1d130f92890bb3c5
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Make use of mutex lock to access IOCTL so that two threads
can avoid race condition.
Change-Id: I3650affa0577b30531160e1d11c57d13baf34c2f
CRs-Fixed: 2060377
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
In the completion handler of rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.
Change-Id: I15ffd0bef4b42adf2300085dc3720d599e647cb5
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
In the completion handler of the rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.
Change-Id: I476c6c82d367f6f5fc6eff25b049b3323b68b859
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
In the completion handler of rndis command requests
we are parsing the request buffers without
checking the status of the request. This might
cause parsing of the erroneous requests.
Fix this by checking the status of the request before
parsing the request buffer.
Change-Id: I52001128ac421e58e1801eebc243a8c91618582c
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
This change is to move specific node parsing code to other place
for early splash feature on auto platform, not impacting kernel
booting process of other platforms.
Change-Id: I6deed1a75545c82ee777d9b4269f1420ab2eb07a
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Set bus resume polocy for eMMC & SD drivers.
Change-Id: If2e76877fb229a4aba38249c4a1bb2ff8d28ba32
Signed-off-by: San Mehat <san@google.com>
Git-commit: 2c84417a1305da892c8a7d0bf8d0bad50d1688b8
Git-repo: git://git-android.quicinc.com/kernel/msm-3.10
[vbadigan@codeaurora.org: Dropped changes which are already
present in mmc driver as part of other propagations]
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Add support for switch latency property to add
additional delay if switch is present.
Change-Id: Ia64a79d5ec51d3abb66cebd0a187349711c96af2
Signed-off-by: Rama Krishna Phani A <rphani@codeaurora.org>
This reverts commit 0e4399bcb0.
Delay is needed only in case of PCIe switch and not required
for normal case.
Change-Id: Ifa6317f7be1159b2ebc55f64fabcc47d450dc260
Signed-off-by: Rama Krishna Phani A <rphani@codeaurora.org>
Add a PM QOS request to disallow L2PC during wake up
from SLUMBER state. This is required to improve queue
to submit time for first set of GPU commands which results
in GPU wake up.
Change-Id: Iad1a6dfdf9e1fe034eef4fae526138d724bdd3eb
Signed-off-by: Gaurav Sonwani <gsonwani@codeaurora.org>
The original method of getting array member size is wrong.
Considerating vfe_dev->hw_info is set during runtime, so set the number
statically.
Change-Id: I90a2fb19948409b22ed219ba8ec8bc4deb4f0a46
Signed-off-by: Andy Sun <bins@codeaurora.org>
A median filter is useful for filtering out outliers. Add it.
Change-Id: I21f97a870c262e5fb3d33b8250a2bf074f519b58
Signed-off-by: Nicholas Troast <ntroast@codeaurora.org>
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Add support for the CC_STEP and CC_STEP_SEL properties in the BMS power
supply. These properties will be used to communicate the future charge
currents for time to full calculations.
Change-Id: I44087b42b31800d1885bdaf1f38815c8756bc9a8
Signed-off-by: Nicholas Troast <ntroast@codeaurora.org>
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
