commit 867bfa4a5fcee66f2b25639acae718e8b28b25a5 upstream.
load_flat_shared_library() is broken: It only calls load_flat_file() if
prepare_binprm() returns zero, but prepare_binprm() returns the number of
bytes read - so this only happens if the file is empty.
Instead, call into load_flat_file() if the number of bytes read is
non-negative. (Even if the number of bytes is zero - in that case,
load_flat_file() will see nullbytes and return a nice -ENOEXEC.)
In addition, remove the code related to bprm creds and stop using
prepare_binprm() - this code is loading a library, not a main executable,
and it only actually uses the members "buf", "file" and "filename" of the
linux_binprm struct. Instead, call kernel_read() directly.
Link: http://lkml.kernel.org/r/20190524201817.16509-1-jannh@google.com
Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Cc: Nicolas Pitre <nicolas.pitre@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Greg Ungerer <gerg@linux-m68k.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Data pointer may be NULL, check for reset value
to be false in that case and return EINVAL for
invalid argument.
Change-Id: I05a4aa96724c123516a7965bd0e939bdf0c86553
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
During dwc3 suspend clk_disable is directly getting
called without calling clk_enable in dwc3 resume
functionality for SS Phy. This fix add a check and
disables clock only if it is enabled.
Change-Id: Id4c4a71ca4e57274c0f09a83ce4d22fe13909cd1
Signed-off-by: Chetan C R <cravin@codeaurora.org>
The charger associated with MSM8996 does not support
HVDCP detection by default. Enable DP DM pulsing support
so that charger driver can support HVDCP detection.
And all the 8996 platforms does not have this charger,
hence enable the pulsing support on those platforms
where this charger is present.
Change-Id: I70549df99bd11303d7c334227c869767f5ea51a8
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
get_task_struct used to reserve 'selected' outside rcu_read_lock block.
Remove the need for get_task_mm, removing the possibility of lock issues there.
Bug: 133479338
Signed-off-by: Jim Blackler <jimblackler@google.com>
Change-Id: I1399e2f669242c04e0e397bc09c987358aa97a0a
Conflicting lock events have been reported resulting from
rcu_read_lock, mmap_sem (in get_cmdline) and lmk_event_lock.
This CL avoids the possibility of these conditions by moving
handle_lmk_event outside rcu_read_lock and invoking get_cmdline before
lmk_event_lock is taken.
Bug: 133479338, 133829075
Signed-off-by: Jim Blackler <jimblackler@google.com>
Change-Id: Ib3c32587472bd972e3ac108798e2af3f4a5c329a
In case best_frame is not populated with virtual/physical capable frame,
NULL pointer is passed as an argument to of_iomap .To avoid NULL pointer
dereference add a check before.
Change-Id: Ia7bad6630662ee3a4ad7c9226f9d3858b2e7a36c
Signed-off-by: Ankit Mishra <ankimi@codeaurora.org>
The region index for bivcm is not validated against the region size.
This causes out-of-bound read on the KASAN kernel.
Add restriction that region index smaller than region size.
CRs-Fixed: 2379514
Change-Id: I72c4a41a4b41c8fa70c174ffd3215a81eaa14355
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
The dtb.img is made by concatenating all the compiled dtbs
after the kernel is compiled. This dtb.img is then added to be
a part of the boot.img.
Change-Id: I9684126c312e3f5988b1eaa298b37037a11fe747
Signed-off-by: Rahul Shahare <rshaha@codeaurora.org>
Enable CONFIG_HID_SONY for compliance with android Q CTS suite
requirement for SDM660 and MSM8998.
Change-Id: Ie87d55f861c47a018b7b368b58ef79f46d449268
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
user space can send commit message with dest scaler structure populated,
this would cause null pointer access, if dest scaler is not initialized,
this change validate if target supports dest scaler.
Change-Id: I37516f4704a013d4628688930783d6e7ab93277f
Signed-off-by: Raghavendra Ambadas <rambad@codeaurora.org>
when pending requests are present due to drop_reconfig,
avoid skip_all programming to hardware during epoch event.
Change-Id: I9a56d179c30484c99c36bf1a9d60e8071fdd4a9a
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
trace log support added for important VFE events,
these traces can be enabled with camera trace event.
Change-Id: I1e5c043ad3b69df632ff63130ff8eea10ab2097c
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
Fix page fault in ISP when there is no reg update
for two consecutive request frame time.
Change-Id: Ie246f146c1ec0785e0e6fa0671dd2ff28fbe6b38
Signed-off-by: Lokesh Kumar Aakulu <lkumar@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
There is possibility that due to scheduling latency of tasklet,
user threads VFE hardware could not be updated intime resulting
in fatal error, invalid memory access. Added logic to track
and gracefully handle the scheduling issues.
Change-Id: I29acde4fe23a59e6ff0e5190e1c4b9c59f6ae08f
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
Sub-system shutdown timeout is 20 seconds. In wlan platform driver,
modem block shutdown timeout should be less than sub-system timeout.
Hence, change block shutdown timeout to 15 seconds.
Change-Id: I936e0c462858727b86b35b924dd124a5d1434780
Signed-off-by: Mohammed Siddiq <msiddiq@codeaurora.org>
Zero initialize the local variables that store information from the
remote. On the chance reading from the remote fails, the data in these
structs will now be zero instead of stale data.
Change-Id: Iafaeb71a5dc57e27a34b4250ea529fbe27df2393
Signed-off-by: Chris Lew <clew@codeaurora.org>
This change disables dynamic bind/unbind capability
for CPP/JPEG/FD modules since it is not currently supported.
Change-Id: Ice692d7d700c3b7a75463b109265f958993031eb
Signed-off-by: Venu Raidu <vraidu@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>
* refs/heads/tmp-282d84a
Linux 4.4.184
tcp: refine memory limit test in tcp_fragment()
Change-Id: I99ffacfb623b2cc5acb0401a3dfc08bae6461810
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
During ringbuffer parsing, same IB can exist multiple times
but size validation happens only for the first time.
This leads to out of bound access if the subsequent sizes are
greater than the allocated size.
Add a check to make sure that requested size is within the
allocated range.
Change-Id: Ie5d3c02c1669de2e6188821399e985f0991aa57c
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
This is required to fix the VTS test case failures which are failing
as the kernel supports EXT2/EXT3 but the tools mkfs.ext2/mkfs.ext3
doesn't exist anymore.
Change-Id: Iaa17b827439e4f775cdfe9044d35b8a0155f8f08
Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org>
Structures in shared memory that can be modified by remote
processors may have untrusted values, they should be validated
before use.
Adding proper validation before using fields of shared
structures.
CRs-Fixed: 2421611
Change-Id: Ifed71c506a26105eac3db9ee35f086d7dbf5a3a3
Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org>
commit b6653b3629e5b88202be3c9abc44713973f5c4b4 upstream.
tcp_fragment() might be called for skbs in the write queue.
Memory limits might have been exceeded because tcp_sendmsg() only
checks limits at full skb (64KB) boundaries.
Therefore, we need to make sure tcp_fragment() wont punish applications
that might have setup very low SO_SNDBUF values.
Fixes: f070ef2ac667 ("tcp: tcp_fragment() should apply sane memory limits")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Christoph Paasch <cpaasch@apple.com>
Tested-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
During playback on speaker mute is observed if spk
amplifier is not enabled. Enable speaker amplifier
when SPK PA is enabled.
CRs-Fixed: 2374703
Change-Id: I932d78afc58051b42a21ee77b394a13f111e68c6
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
The memory for task load pointers are allocated twice for each
idle thread except for the boot CPU. This happens during boot
from idle_threads_init()->idle_init() in the following 2 paths.
1. idle_init()->fork_idle()->copy_process()->
sched_fork()->init_new_task_load()
2. idle_init()->fork_idle()-> init_idle()->init_new_task_load()
The memory allocation for all tasks happens through the 1st path,
so use the same for idle tasks and kill the 2nd path. Since
the idle thread of boot CPU does not go through fork_idle(),
allocate the memory for it separately.
Change-Id: I4696a414ffe07d4114b56d326463026019e278f1
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
[schikk@codeaurora.org: resolved merge conflicts]
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
LMH-DCVSh driver right now achieves the software mitigation by using
the domain max scm call. But this could have some delays in clearing
the mitigation.
To avoid the delay, use the frequency cap scm call to place the
mitigation.
Change-Id: I00f1b2534505e02c8e66f6ce8088c37bfbb98198
Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
KTM driver right now achieves the software mitigation by using
the domain max scm call. But this could have some delays in clearing
the mitigation.
To avoid the delay, use the frequency cap scm call to place the
mitigation.
Change-Id: If357a57836fe0be13977a56a1f20567715908f25
Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
Change data type for gpu ib vote to unsigned
long to suit the bw vote data type in devfreq
governor functions.
Change-Id: I6aeb201ee67d111ee527c17e051b5125968a9683
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Signed-off-by: Pranav Patel <pranavp@codeaurora.org>
