These were hacks and no longer needed as next binder from
android-4.4@59ff2e1 (v4.4.78) has been reworked to use
fine-grained locking.
This is a preparation for clean merge of binder changes from
android-4.4@59ff2e1 (v4.4.78), which follows right after this
commit.
Reverted changes:
=================
773fc2f android: binder: use copy_from_user_preempt_disabled
To keep the driver consistent, and until we have
fine-grained locking in place.
Change-Id: I90fe02cdedb8a5677b900a68528fb443b9204322
Signed-off-by: Riley Andrews <riandrews@google.com>
Git-repo: https://source.codeaurora.org/quic/la/kernel/msm-4.4
Git-commit: 5c9ce54ca3a66a57e4ebfe3ae71c5733b6bcc579
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
821e02f CHROMIUM: android: binder: Fix potential scheduling-while-atomica
Commit f1e7f0a724f6 ("android: binder: Disable preemption while holding
the global binder lock.") re-enabled preemption around most of the sites
where calls to potentially sleeping functions were made, but missed
__alloc_fd(), which can sleep if the fdtable needs to be resized.
Re-enable preemption around __alloc_fd() as well as __fd_install() which
can now sleep in upstream kernels as of commit 8a81252b77 ("fs/file.c:
don't acquire files->file_lock in fd_install()").
BUG=chrome-os-partner:44012
TEST=Build and boot on Smaug.
Change-Id: I9819c4b95876f697e75b1b84810b6c520d9c33ec
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/308582
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Riley Andrews <riandrews@google.com>
Git-repo: https://source.codeaurora.org/quic/la/kernel/msm-4.4
Git-commit: c267ff1d548ed1bdad6a08f1c70776c5e60d569e
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
e4045d6 android: binder: Disable preemption while holding the global binder lock.
Change-Id: I90fe02cdedb8a5677b900a68528fb443b9204322
Signed-off-by: Riley Andrews <riandrews@google.com>
Git-repo: https://source.codeaurora.org/quic/la/kernel/msm-4.4
Git-commit: 5c9ce54ca3a66a57e4ebfe3ae71c5733b6bcc579
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
Change-Id: Id97e04f3694d76c2b6a1e7c0dc39da15d83c2867
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
QMI client is not disconnected if driver is failed to load
due to mode response timeout.
Disconnect QMI client if driver is failed to load after
starting QMI services.
Change-Id: I36b059fbe3254990ad6daa13533122497805e649
Signed-off-by: Govind Singh <govinds@codeaurora.org>
There is a possibility of integer overflow in the arithmetic
calculation for cmd_size. Fix this by adding checks for such
arithmetic.
Change-Id: I2298a32f8ba3411decb29f55bb7b55e2214de35a
Signed-off-by: Abhilash Kumar <krabhi@codeaurora.org>
Format specifier %p can leak kernel addresses while not valuing the
kptr_restrict system settings. When kptr_restrict is set to (1), kernel
pointers printed using the %pK format specifier will be replaced with
0's.
Debugging Note : &pK prints only Zeros as address. If you need actual
address information, write 0 to kptr_restrict.
echo 0 > /proc/sys/kernel/kptr_restrict
Change-Id: If3e3a7d5c737b8b7e2c2f78e2814747db4a770cd
Signed-off-by: Liangliang Lu <luliang@codeaurora.org>
Whenever userspace calls read system call for ctrl_dev, ccid driver
waits till it receives control request from host. Once it receives
control data, it unblocks read and passes data to userspace. But if
cable is disconnected, then ccid driver is not unblocking read due
to which next open of ctrl_dev failing. This results in ccid functionality
not working after cable reconnection as userspace not able to open
ctrl_dev. Hence fix the issue by checking for online status and if
online flag is cleared, unblock read and return -ENODEV.
Also align request buffer length to OUT endpoint's max packet size,
when userspace tries to queue buffer length that is not multiple of
OUT endpoint max packet as USB controller expects length multiple of
maxpacket.
Change-Id: I97d1819c21919b6c66b7a1e5fbf1c452ec691639
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
Vote 1.8V IO and XTAL regulators before 3.3V VREG for WLAN hardware
to strictly follow the hardware requirement. Make sure 3.3V VREG is
voted at least 100us after 1.8V IO.
Change-Id: Ifc52c2062349a9913e6c998573b62d111faa5886
CRs-fixed: 1009287
Signed-off-by: Yue Ma <yuem@codeaurora.org>
During preemption microcode does save restore for all perf
counters. If we read the power counters at preemption boundary
we might get abnormal value from the perf counter. This will
result in showing incorrect GPU busy percentage. Fix this by
setting the abnormal power perf counter value with zero.
Change-Id: I96ba367ceeeb92d6adb507d0d917113297b4b58d
Signed-off-by: Abhilash Kumar <krabhi@codeaurora.org>
validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.
Validate size of each attribute before parsing to avoid potential buffer
overread.
Fixes: 2a51931192 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: d7f13f7450369281a5d0ea463cc69890a15923ae
Change-Id: I34198e599a950c30495ec3445799972db7f9f42e
CRs-Fixed: 2069828
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Add GI country to regulatory database
CRs-Fixed: 2084871
Change-Id: If8726ae6ee414b49e1efae65825601214a800092
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Few functions have variables which might get used with out
proper initialization. Initialize variables to default values.
CRs-Fixed: 2087109
Change-Id: I7645940e8d466e0ef67a5b8b7702b18b160cc10f
Signed-off-by: Rama Krishna Phani A <rphani@codeaurora.org>
Buffer overread may happen as nl80211_set_station() reads 4 bytes
from the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE without
validating the size of data received when userspace sends less
than 4 bytes of data with NL80211_ATTR_LOCAL_MESH_POWER_MODE.
Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE to avoid
the buffer overread.
Fixes: 3b1c5a5307 ("{cfg,nl}80211: mesh power mode primitives and userspace access")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 8feb69c7bd89513be80eb19198d48f154b254021
Change-Id: Ie20993309501fd242782311b9fe787931f716116
CRs-Fixed: 2055013
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Remove IR country from regdb.
CRs-Fixed: 2084887
Change-Id: Id69e26e584dcd66096358d0acb6d7c847ce0784b
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Enable CC_STACKPROTECTOR_STRONG option for msm so that we
can make use of stack protector feature provided by compiler.
Change-Id: I28cfe711f42b7ad4d52a59169df6c72ec3458a12
Signed-off-by: Imran Khan <kimran@codeaurora.org>
event->handle pointer can be used after free due to
the race condition between kgsl_sync_callback and
kgsl_sync_fence_async_cancel.
Protect the event->handle with a spinlock to
avoid concurrent access issues.
Change-Id: I3719e401af9ece82ac68b72f2aef784c7fdc1104
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
There is a race condition issue between the IRQ context trying to
trigger preemption and the user context trying to submit commands to
the GPU. The check in a5xx_flush() API only updates the wptr if the GPU is
not in preemption. In the cases where we move from PREEMPT_START to
PREEMPT_NONE there is a small window where the preempt state is still
in START but the CPU context switches to the user thread which is in
the a5xx_flush() call to update the wptr, but fails to update the wptr to
the GPU since the preempt state is not PREEMPT_NONE. This leads to a
GPU stall.
Introduce a new intermediate state PREEMPT_ABORT and
change preempt_trigger() to use gpu's current ring instead of the
ring retrieved from get_next_ring() while in this state.
Change-Id: I333e9de19824bd373901bbc8afc829de04635017
CRs-Fixed: 2081164
Signed-off-by: Sharat Masetty <smasetty@codeaurora.org>
nla policy checks for only maximum length of the attribute data
when the attribute type is NLA_BINARY. If userspace sends less
data than specified, the wireless drivers may access illegal
memory. When type is NLA_UNSPEC, nla policy check ensures that
userspace sends minimum specified length number of bytes.
Remove type assignment to NLA_BINARY from nla_policy of
NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
WLAN_PMKID_LEN bytes are received from userspace with
NL80211_ATTR_PMKID.
Fixes: 67fbb16be6 ("nl80211: PMKSA caching support")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Git-commit: 9361df14d1cbf966409d5d6f48bb334384fbe138
Change-Id: I5feb729a9ef48f67c4ee460e7e133d5fc8cecd4f
CRs-Fixed: 2061676
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Alexei had his box explode because doing read() on a package
(rapl/uncore) event that isn't currently scheduled in ends up doing an
out-of-bounds load.
Rework the code to more explicitly deal with event->oncpu being -1.
Author: Peter Zijlstra (Intel) <peterz@infradead.org>
Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Tested-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: David Carrillo-Cisneros <davidcc@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: eranian@google.com
Fixes: d6a2f9035bfc ("perf/core: Introduce PMU_EV_CAP_READ_ACTIVE_PKG")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Git-commit: 451d24d1e5f40bad000fa9abe36ddb16fc9928cb
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[pfay@codeaurora.org: apply the event->oncpu validity check from
from the patch. Other code from the patch calls routines
not yet in 4.4 so omit that part of patch. This code fixes
segfault crashes during reboot where the event->oncpu value is -1.
Change-Id: I040f0af2030e53ac3329e4b3a1bbcd37f080cdcf
Signed-off-by: Patrick Fay <pfay@codeaurora.org>
