During SUSPEND event, check the pointer for governor
private data is not NULL before updating bus parameters
to zero.
Change-Id: I1a37173e8ae7ad4bcd5f8497c5956302e647c862
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Adding a function to check for dangling pointer using IPA IDR structure
to avoid use after free error.
Change-Id: I0bd3d733bf10403366abc643f89c3e5c5e6228e9
Acked-by: Suhas Mallesh <smallesh@qti.qualcomm.com>
Signed-off-by: Michael Adisumarta <madisuma@codeaurora.org>
As per new clock plan for GFX3D clock, min and low svs levels are
not required so update the gpu pwr levels for msm_gpu node.
Change-Id: I6e0c8e60e9e2bbbf12c86b7652832f55306b45ac
Signed-off-by: Amit Nischal <anischal@codeaurora.org>
Update the latest macro definitions of event code and log code
ranges.
Change-Id: Ice3827c13cbb3a5ec30139079561cf527620fcef
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
With ID clear notification i.e. USB host mode disconnect, current
code is using PM runtime autosuspend functionality to put USB into
LPM having autosuspend delay of 1sec. With USB host mode cable
disconnect/connect having delay of less than 1 second, USB doesn't
go into LPM in between USB host mode disconnect and USB host mode
cable connect. This results into XHCI controller not being reset as
expected causing USB low speed and high speed device enumeration
issue with connect-debounce failure condition. Fix this issue by
replacing autosuspend functionality by pm_runtime_put_sync_suspend()
to put USB into LPM with USB host cable disconnect immediately.
While at it, also move queueing of sm_work function to dedicated
sm_usb_wq from system workqueue to avoid parallel runs.
Change-Id: I0db6ea7e63b853e419ccfd51808b8955e874db76
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Select a random global GPU address for the "scratch" buffer that is used
by the ringbuffer for various tasks.
Change-Id: Ic0dedbaddda71dbf9cb2adab3c6c33a24d6a604c
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
To prepare to allow global buffers to allocate a semi-random GPU address
move from a sequential allocator to a bitmap based one.
Change-Id: Ic0dedbadba36c4c7b7839528103997724eac7d6d
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
Execute user profiling in an indirect buffer. This ensures that addresses
and values specified directly from the user don't end up in the
ringbuffer.
Change-Id: Ic0dedbadedcaab29ce5738a39c1ff6269261bae4
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
If a command is using a profiling buffer, make sure that the offset
is within the bounds of the specified memory descriptor.
Change-Id: Ic0dedbadc77e8eccd957136467bd0c56a1af2dab
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Print error message if process kill on remote subsystem failed.
Validate channel ID before dereferencing the channel info struct.
When trying to release process on DSP, print failure message only
when the subsystem is up, to avoid flooding of kernel logs for
daemons.
Change-Id: I1b7325d686f6e8699e6f98f529c5dff85cce630d
Acked-by: Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
* refs/heads/tmp-3edc5af
Linux 4.4.193
vhost: make sure log_num < in_num
af_packet: tone down the Tx-ring unsupported spew.
x86, boot: Remove multiple copy of static function sanitize_boot_params()
clk: s2mps11: Add used attribute to s2mps11_dt_match
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
vhost/test: fix build for vhost test
xfrm: clean up xfrm protocol checks
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
ANDROID: regression introduced override_creds=off
Change-Id: I2a9b4c63e3572bbfe461ace3ccc41451a6ef700c
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
commit 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 upstream.
The code assumes log_num < in_num everywhere, and that is true as long as
in_num is incremented by descriptor iov count, and log_num by 1. However
this breaks if there's a zero sized descriptor.
As a result, if a malicious guest creates a vring desc with desc.len = 0,
it may cause the host kernel to crash by overflowing the log array. This
bug can be triggered during the VM migration.
There's no need to log when desc.len = 0, so just don't increment log_num
in this case.
Fixes: 3a4d5c94e9 ("vhost_net: a kernel-level virtio server")
Cc: stable@vger.kernel.org
Reviewed-by: Lidong Chen <lidongchen@tencent.com>
Signed-off-by: ruippan <ruippan@tencent.com>
Signed-off-by: yongduan <yongduan@tencent.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6ae81ced378820c4c6434b1dedba14a7122df310 ]
Trinity and other fuzzers can hit this WARN on far too easily,
resulting in a tainted kernel that hinders automated fuzzing.
Replace it with a rate-limited printk.
Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 8c5477e8046ca139bac250386c08453da37ec1ae upstream.
Kernel build warns:
'sanitize_boot_params' defined but not used [-Wunused-function]
at below files:
arch/x86/boot/compressed/cmdline.c
arch/x86/boot/compressed/error.c
arch/x86/boot/compressed/early_serial_console.c
arch/x86/boot/compressed/acpi.c
That's becausethey each include misc.h which includes a definition of
sanitize_boot_params() via bootparam_utils.h.
Remove the inclusion from misc.h and have the c file including
bootparam_utils.h directly.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/1563283092-1189-1-git-send-email-zhenzhong.duan@oracle.com
[nc: Fixed conflict around lack of 67b6662559f7f]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9c940bbe2bb47e03ca5e937d30b6a50bf9c0e671 ]
Clang warns after commit 8985167ecf57 ("clk: s2mps11: Fix matching when
built as module and DT node contains compatible"):
drivers/clk/clk-s2mps11.c:242:34: warning: variable 's2mps11_dt_match'
is not needed and will not be emitted [-Wunneeded-internal-declaration]
static const struct of_device_id s2mps11_dt_match[] = {
^
1 warning generated.
This warning happens when a variable is used in some construct that
doesn't require a reference to that variable to be emitted in the symbol
table; in this case, it's MODULE_DEVICE_TABLE, which only needs to hold
the data of the variable, not the variable itself.
$ nm -S drivers/clk/clk-s2mps11.o | rg s2mps11_dt_match
00000078 000003d4 R __mod_of__s2mps11_dt_match_device_table
Normally, with device ID table variables, it means that the variable
just needs to be tied to the device declaration at the bottom of the
file, like s2mps11_clk_id:
$ nm -S drivers/clk/clk-s2mps11.o | rg s2mps11_clk_id
00000000 00000078 R __mod_platform__s2mps11_clk_id_device_table
00000000 00000078 r s2mps11_clk_id
However, because the comment above this deliberately doesn't want this
variable added to .of_match_table, we need to mark s2mps11_dt_match as
__used to silence this warning. This makes it clear to Clang that the
variable is used for something, even if a reference to it isn't being
emitted.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Fixes: 8985167ecf57 ("clk: s2mps11: Fix matching when built as module and DT node contains compatible")
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 31013836a71e07751a6827f9d2ad41ef502ddaff ]
The basepath may contain special characters, which would confuse the regex
matcher. ${var#prefix} does the right thing.
Link: http://lkml.kernel.org/r/20190518055946.181563-1-drinkcat@chromium.org
Fixes: 67a28de47faa8358 ("scripts/decode_stacktrace: only strip base path when a prefix of the path")
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 264b563b8675771834419057cbe076c1a41fb666 upstream.
Since vhost_exceeds_weight() was introduced, callers need to specify
the packet weight and byte weight in vhost_dev_init(). Note that, the
packet weight isn't counted in this patch to keep the original behavior
unchanged.
Fixes: e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 upstream.
In commit 6a53b7593233 ("xfrm: check id proto in validate_tmpl()")
I introduced a check for xfrm protocol, but according to Herbert
IPSEC_PROTO_ANY should only be used as a wildcard for lookup, so
it should be removed from validate_tmpl().
And, IPSEC_PROTO_ANY is expected to only match 3 IPSec-specific
protocols, this is why xfrm_state_flush() could still miss
IPPROTO_ROUTING, which leads that those entries are left in
net->xfrm.state_all before exit net. Fix this by replacing
IPSEC_PROTO_ANY with zero.
This patch also extracts the check from validate_tmpl() to
xfrm_id_proto_valid() and uses it in parse_ipsecrequest().
With this, no other protocols should be added into xfrm.
Fixes: 6a53b7593233 ("xfrm: check id proto in validate_tmpl()")
Reported-by: syzbot+0bf0519d6e0de15914fe@syzkaller.appspotmail.com
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 89781d0806c2c4f29072d3f00cb2dd4274aabc3d upstream.
The recent change to shuffle the codec initialization procedure for
Realtek via commit 607ca3bd220f ("ALSA: hda/realtek - EAPD turn on
later") caused the silent output on some machines. This change was
supposed to be safe, but it isn't actually; some devices have quirk
setups to override the EAPD via COEF or BTL in the additional verb
table, which is applied at the beginning of snd_hda_gen_init(). And
this EAPD setup is again overridden in alc_auto_init_amp().
For recovering from the regression, tell snd_hda_gen_init() not to
apply the verbs there by a new flag, then apply the verbs in
alc_init().
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204727
Fixes: 607ca3bd220f ("ALSA: hda/realtek - EAPD turn on later")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 333f31436d3db19f4286f8862a00ea1d8d8420a1 upstream.
Since the chained quirks via chained_before flag is applied before the
depth check, it may lead to the endless recursive calls, when the
chain were set up incorrectly. Fix it by moving the depth check at
the beginning of the loop.
Fixes: 1f57825077 ("ALSA: hda - Add chained_before flag to the fixup entry")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To support remote wakeup of MSM8996, a GPIO needs
to be configured as a wakeup interrupt source.
WLAN firmware can toggle this pin to wakeup the
Host when wireless wakeup is triggered.
Change-Id: Id13652f262f37649bb35196f21ae1ff90b7a637a
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Make change to validate if there exists enough space to write a
struct qseecom_param_memref instead of a unit32 value, in the
request buffer in __qseecom_update_qteec_req_buf.
Change-Id: I4e092f7aa2b23648c2cedfada311828b9ceb35dc
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Fixes a regression introduced by the series of commits:
commit 17bd9a7f78
("ANDROID: overlayfs ovl_create_of_link regression"),
commit 272fcd1ca7ceb252b1c3a2961110c7c1722707cf
("ANDROID: overlayfs: override_creds=off option bypass creator_cred"),
commit aab9adb4b8
("Merge 4.4.179 into android-4.4") that took in an incomplete,
backport of commit 54a07fff4b
("ovl: fix uid/gid when creating over whiteout") (or upstream
commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0
("ovl: fix uid/gid when creating over whiteout"))
where a crash is observed a crash in ovl_create_or_link() when a
simple re-direction command in vendor directory.
/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&
After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:
[ 377.382745] ovl_create_or_link+0xac/0x710
[ 377.382745] ovl_create_object+0xb8/0x110
[ 377.382745] ovl_create+0x34/0x40
[ 377.382745] path_openat+0xd44/0x15a8
[ 377.382745] do_filp_open+0x80/0x128
[ 377.382745] do_sys_open+0x140/0x250
[ 377.382745] __arm64_sys_openat+0x2c/0x38
ovl_override_creds returns NULL because the override_cred flag is set
to false. This causes ovl_revert_creds also to fail.
There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated. So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Tested-by: Rishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Bug: 109821005
Bug: 112955896
Bug: 127298877
Bug: 137541192
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
Add support for retrying core reset and re-initialization in host
mode if the PHY PLL lock failure is seen. Also, increase the lock
timeout to 50 msec.
Change-Id: I8c8db60dcd73b7cf05598538d0c519b1b1e2417f
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
