Resolve memory out of bound access by correcting the
length of the buffer to be copied.
Change-Id: I2cc74a664399913acf67464a5f6827b100522676
Signed-off-by: Revathi Uddaraju <revathiu@codeaurora.org>
Currently, there is possibility of out-of-bound accesses during
handling of data in non-hdlc path. The patch adds proper protection
when processing non-hdlc packet information to fix the issue.
CRs-Fixed: 2029216
Change-Id: I07c466f85bd8ac08226948fea86b1d8567e68431
Signed-off-by: Hardik Arya <harya@codeaurora.org>
The pointer req_frm is coming from userspace, it may overflow stream_info.
Adding a bound check to prevent the same.
CRs-fixed: 2008683
Change-Id: I8682e09ff2ab7ba490bbbd9e20db978493c5f3e4
Signed-off-by: Senthil Kumar Rajagopal <skrajago@codeaurora.org>
Signed-off-by: Andy Sun <bins@codeaurora.org>
Live Lock due to task spinning while unqueue of CPU osq_node
from optimistic_spin_queue. Task T1 had decremented mutex count to
acquire the lock on CPU0. Before setting owner it got preempted. On
CPU1 task T2 acquired osq_lock and started spinning on owner of mutex
with preemption disabled. CPU1 runq has one task, so need_resched will
not be set. On CPU0 task T3 tried to acquire osq_lock to spin on the
same mutex. At this time following scenario causes soft lockup:
After preemption of task T1, RT task T3 tried to acquire the same
mutex. It will start spinning on the osq_lock until the lock is available
or need_resched is set. For RT task, need_resched will not be set. Task T3
will not be able to bail out of the infinite loop.
Change-Id: Ifd7506047119a22e14b15459ac6b04b410ba1c84
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Current upstream parser only handles RGB deep color
modes.
Add support in the SDE EDID parser module to parse
HDMI VSDB block and indicate support for YUV 420
deep color modes in the sink.
Change-Id: If6c007263094e7716a29cae503d3e3471ae04306
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
Add default value support for plane enum property which caller is
able to pass in different default value when initialize the enum
property list.
Change-Id: I57595bf7c42b0e528a18ab0951655a169b00d611
Signed-off-by: Jin Li <jinl@codeaurora.org>
Signed-off-by: Yunyun Cao <yunyunc@codeaurora.org>
Conntrack, if enabled, verifies complete checksum on all tcp
packets. If a packet is corrupted, it sets ip_summed field
to CHECKSUM_COMPLETE and checksum valid field to false.
With these changes such packet will be dropped.
Packets that are corrupted can go into userspace even when
the checksum is wrong. The io_vec library pushes the data into
pipe before checking the checksum. If the checksum is wrong,
the copied data is not reverted. Users observe corrupted data
in the application memory due to such corrupted packets.
This fix is to plug one such hole.
This change might be redundant on kernels after v4.9.
Change-Id: Iffface598d0fa2b25fb9c20c7aa6443aab9d8aea
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Neighbour index of step table possibly have same position,
so i2c operation reported invalid size parameters.
we add protection condition to return success value.
Change-Id: I7dab8f44a99c7c3c7d6996c8decb8bcd09c246c9
Signed-off-by: penliu <pengfeiliu@codeaurora.org>
Sysfs attribute "inactivity_timer" not being used anymore so remove that
entry from sysfs.
CRs-Fixed: 2048725
Change-Id: I30d2d4a3cb9899b7975a6395eab90337fc006488
Signed-off-by: Arumuga Durai A <cadurai@codeaurora.org>
The PM_QOS_CPU_DMA_LATENCY QOS request attached to an IRQ is ignored
if the IRQ is affined to an isolated CPU. As isolated CPUs enter
deep sleep state, it is better not to affine IRQs to those CPUs.
Change-Id: Ieab4a04eca222b91159208b21bc9e14390ecd62e
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Userspace can set the default IRQ affinity setting by writing into
/proc/irq/default_smp_affinity file. When an IRQ affinity is
broken during isolation/hotplug,override the affinity to online and
un-isolated CPUs from the default affinity CPUs. If no such CPU
is available, then only override with cpu_online_mask.
Change-Id: I7578728ed0d7c17c5890d9916cfd6451d1968568
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
With commit bfc60d474137 ("genirq: Use irq_set_affinity_locked to change
irq affinity"), affinity listeners receive the notification when the irq
affinity is changed during migration. If there is no online and
un-isolated CPU available from the user specified affinity, the affinity
is overridden with all online and un-isolated CPUs. The same cpumask is
notified to PM QOS affinity listener which applies PM_QOS_CPU_DMA_LATENCY
vote to all those CPUs. As the low level irqchip driver sets affinity to
only one CPU, do the same while overriding the affinity during migration.
Change-Id: I0bcb75dd356658da100fbeeefd33ef8b121f4d6d
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Add support of cnss_utils for WLAN. Export APIs to WLAN
host driver which are used to set/get WLAN related
information. These information could be retrived later
when WLAN driver is reloaded.
CRs-Fixed: 2060693
Change-Id: I2c8c36602ec8af133946ff00c41ce648a2628041
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
When write masters are reloaded pingpong status regi-
-ster will not be reset. Instead, it would be holding
a stale data, until new axi_done irq is interrupted.
So, place a check to validate the pingpong register
value based on the reloaded status of write masters.
Change-Id: Id14b886154f8a8ef8d5c05338023d8172d6925d0
Signed-off-by: Lokesh Kumar Aakulu <lkumar@codeaurora.org>
debug offset comes from the user and can hold any value which can
cause unaligned access. This change fixes the unaligned access
problem on debug offset by properly aligning it.
Change-Id: Ie4de9a12433f6ffd568c6c86928b71a5537b0dff
Signed-off-by: Harsh Sahu <hsahu@codeaurora.org>
The PM_QOS_CPU_DMA_LATENCY vote attached to an IRQ is discarded,
if it is affined to an isolated CPU. So we need atleast 1 CPU
in online and un-isolate state. The scheduler rejects isolating
a CPU if it is the only online and un-isolated CPU in the system.
Add the same check for CPU hotplug.
Change-Id: I5bdfe6e3bb0352ed3ae5a2de90097b73d248f3fc
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
IPA needs to be kept disabled in APQ 8098 platform.
Change-Id: If340d72d1dc18f2861635528ea1a37a4d81421bd
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
when set_cs() is called by framework, first check the device suspend
status and if not suspended then proceed for register access. Let system
suspend call SPI runtime suspend but make sure set_cs doesn't race with
it by holding the mutex.
Change-Id: Id6d05ac37227bf3358438eeedf279ddd1c9aab8b
Signed-off-by: Mukesh Kumar Savaliya <msavaliy@codeaurora.org>
Format specifier %p can leak kernel addresses while not valuing the
kptr_restrict system settings. When kptr_restrict is set to (1), kernel
pointers printed using the %pK format specifier will be replaced with 0's
Change-Id: Iff8d82b12e958b938fc767bf3e8c3a3c8fc65c2a
Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
ACS fails as channel details are null in survey info.
Add the missing fields in survey_info structure and
populate the channel details in survey results.
CRs-Fixed: 2027495
Change-Id: I1ca933ded4ca039845203ccd51d77cf7cef1c000
Signed-off-by: Ashutosh Kumar <askuma@codeaurora.org>
Some of the smmu interfaces error are under pr_debug
in splash logo path. Put them under pr_err.
Change-Id: I1805a4a00e3c2a2d2ed1772e84759c301b56b115
Signed-off-by: Jayant Shekhar <jshekhar@codeaurora.org>
In the current implementation, if panel is configured in split
mode and supports multiple resolutions, then the pixel clock
calculation for the supported modes does not take split mode
into consideration. This causes issues when recovery or charger
application try to configure display. So fix the same by
recalculating the pixel clock with taking care of proper width
in case of split mode panel.
Change-Id: Ie6b50bcd67d3e283610f8b04ac0a974b3527e552
Signed-off-by: Sandeep Panda <spanda@codeaurora.org>
Defines the non-removable property for UFS device node.
This basically lets the driver know that UFS is the
boot device.
Change-Id: I1c8aa298af4afc7e42d0c8a3690f7d3360e37647
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
As interrupt info table is changed after TZ 4.0, update
its offset according to TZ version when tz_log driver
reads it.
Change-Id: I28750a12b79a3920904c00fd52a2f4c7ffef7000
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* refs/heads/tmp-77ddb50:
UPSTREAM: usb: gadget: f_fs: avoid out of bounds access on comp_desc
Linux 4.4.74
mm: fix new crash in unmapped_area_topdown()
Allow stack to grow up to address space limit
mm: larger stack guard gap, between vmas
alarmtimer: Rate limit periodic intervals
MIPS: Fix bnezc/jialc return address calculation
usb: dwc3: exynos fix axius clock error path to do cleanup
alarmtimer: Prevent overflow of relative timers
genirq: Release resources in __setup_irq() error path
swap: cond_resched in swap_cgroup_prepare()
mm/memory-failure.c: use compound_head() flags for huge pages
USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR()
usb: r8a66597-hcd: decrease timeout
usb: r8a66597-hcd: select a different endpoint on timeout
USB: gadget: dummy_hcd: fix hub-descriptor removable fields
pvrusb2: reduce stack usage pvr2_eeprom_analyze()
usb: core: fix potential memory leak in error path during hcd creation
USB: hub: fix SS max number of ports
iio: proximity: as3935: recalibrate RCO after resume
staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
mac80211: fix IBSS presp allocation size
mac80211: fix CSA in IBSS mode
mac80211/wpa: use constant time memory comparison for MACs
mac80211: don't look at the PM bit of BAR frames
vb2: Fix an off by one error in 'vb2_plane_vaddr'
cpufreq: conservative: Allow down_threshold to take values from 1 to 10
can: gs_usb: fix memory leak in gs_cmd_reset()
configfs: Fix race between create_link and configfs_rmdir
UPSTREAM: bpf: don't let ldimm64 leak map addresses on unprivileged
BACKPORT: ext4: fix data exposure after a crash
ANDROID: sdcardfs: remove dead function open_flags_to_access_mode()
ANDROID: android-base.cfg: split out arm64-specific configs
Linux 4.4.73
sparc64: make string buffers large enough
s390/kvm: do not rely on the ILC on kvm host protection fauls
xtensa: don't use linux IRQ #0
tipc: ignore requests when the connection state is not CONNECTED
proc: add a schedule point in proc_pid_readdir()
romfs: use different way to generate fsid for BLOCK or MTD
sctp: sctp_addr_id2transport should verify the addr before looking up assoc
r8152: avoid start_xmit to schedule napi when napi is disabled
r8152: fix rtl8152_post_reset function
r8152: re-schedule napi for tx
nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED"
ravb: unmap descriptors when freeing rings
drm/ast: Fixed system hanged if disable P2A
drm/nouveau: Don't enabling polling twice on runtime resume
parisc, parport_gsc: Fixes for printk continuation lines
net: adaptec: starfire: add checks for dma mapping errors
pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES
gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page
net/mlx4_core: Avoid command timeouts during VF driver device shutdown
drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers
drm/nouveau: prevent userspace from deleting client object
ipv6: fix flow labels when the traffic class is non-0
FS-Cache: Initialise stores_lock in netfs cookie
fscache: Clear outstanding writes when disabling a cookie
fscache: Fix dead object requeue
ethtool: do not vzalloc(0) on registers dump
log2: make order_base_2() behave correctly on const input value zero
kasan: respect /proc/sys/kernel/traceoff_on_warning
jump label: pass kbuild_cflags when checking for asm goto support
PM / runtime: Avoid false-positive warnings from might_sleep_if()
ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping switches
i2c: piix4: Fix request_region size
sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications
sierra_net: Skip validating irrelevant fields for IDLE LSIs
net: hns: Fix the device being used for dma mapping during TX
NET: mkiss: Fix panic
NET: Fix /proc/net/arp for AX.25
ipv6: Inhibit IPv4-mapped src address on the wire.
ipv6: Handle IPv4-mapped src to in6addr_any dst.
net: xilinx_emaclite: fix receive buffer overflow
net: xilinx_emaclite: fix freezes due to unordered I/O
Call echo service immediately after socket reconnect
staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
ARM: dts: imx6dl: Fix the VDD_ARM_CAP voltage for 396MHz operation
partitions/msdos: FreeBSD UFS2 file systems are not recognized
s390/vmem: fix identity mapping
usb: gadget: f_fs: Fix possibe deadlock
Conflicts:
drivers/usb/gadget/function/f_fs.c
Change-Id: I23106e9fc2c4f2d0b06acce59b781f6c36487fcc
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Add all A5XX RBBM status registers to pre-crash dumper
registers list so that snapshot captures the accurate
state of the individual blocks.
Change-Id: I774b84f3cb69b7b0aa119e87229d9ec9c96bbbb4
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Adding remote debugger device configuration. The Remote Debugger driver
allows a debugger running on a host PC to communicate with a remote
stub running on peripheral subsystems.
Change-Id: I89e686c7e049a9fc8e1b6173ce009333df5b4ca1
Acked-by: Chenna Kesava Raju <chennak@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
