commit f181d6a3bcc35633facf5f3925699021c13492c5 upstream.
Add the missing IBSS capability flag during capability init as it needs
to be inserted into the generated beacon in order for CSA to work.
Fixes: cd7760e62c ("mac80211: add support for CSA in IBSS mode")
Signed-off-by: Piotr Gawlowicz <gawlowicz@tkn.tu-berlin.de>
Signed-off-by: Mikołaj Chwalisz <chwalisz@tkn.tu-berlin.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 98c67d187db7808b1f3c95f2110dd4392d034182 upstream.
Otherwise, we enable all sorts of forgeries via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 769dc04db3ed8484798aceb015b94deacc2ba557 upstream.
When a peer sends a BAR frame with PM bit clear, we should
not modify its PM state as madated by the spec in
802.11-20012 10.2.1.2.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5ebb6dd36c9f5fb37b1077b393c254d70a14cb46 upstream.
We should ensure that 'plane_no' is '< vb->num_planes' as done in
'vb2_plane_cookie' just a few lines below.
Fixes: e23ccc0ad9 ("[media] v4l: add videobuf2 Video for Linux 2 driver framework")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b8e11f7d2791bd9320be1c6e772a60b2aa093e45 upstream.
Commit 27ed3cd2eb (cpufreq: conservative: Fix the logic in frequency
decrease checking) removed the 10 point substraction when comparing the
load against down_threshold but did not remove the related limit for the
down_threshold value. As a result, down_threshold lower than 11 is not
allowed even though values from 1 to 10 do work correctly too. The
comment ("cannot be lower than 11 otherwise freq will not fall") also
does not apply after removing the substraction.
For this reason, allow down_threshold to take any value from 1 to 99
and fix the related comment.
Fixes: 27ed3cd2eb (cpufreq: conservative: Fix the logic in frequency decrease checking)
Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5cda3ee5138e91ac369ed9d0b55eab0dab077686 upstream.
This patch adds the missing kfree() in gs_cmd_reset() to free the
memory that is not used anymore after usb_control_msg().
Cc: Maximilian Schneider <max@schneidersoft.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In case of failure to send QMI message to modem
remove the delay from AP since modem is probably
down (SSR\reboot).
Change-Id: Iae4d5162d39cd05f5c50d75087ec90dfe04a6c43
Signed-off-by: Amir Levy <alevy@codeaurora.org>
Defines the non-removable property for ufs/emmc device node
This basically lets the driver whether ufs/emmc is the boot
device
Change-Id: I7e583e0ecef064d1ed91b443fe35f98a3b2c0c8a
Signed-off-by: Lei wang <leiwan@codeaurora.org>
Since glink callbacks are called in interrupt context, avoid using
functions that can sleep in the callbacks. Use separate work queue
to free the buffer.
Change-Id: I8abae4becb4c4ac1feb8794db4d2a6bb378943ac
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
[ Upstream commit 0d0e57697f162da4aa218b5feafe614fb666db07 ]
The patch fixes two things at once:
1) It checks the env->allow_ptr_leaks and only prints the map address to
the log if we have the privileges to do so, otherwise it just dumps 0
as we would when kptr_restrict is enabled on %pK. Given the latter is
off by default and not every distro sets it, I don't want to rely on
this, hence the 0 by default for unprivileged.
2) Printing of ldimm64 in the verifier log is currently broken in that
we don't print the full immediate, but only the 32 bit part of the
first insn part for ldimm64. Thus, fix this up as well; it's okay to
access, since we verified all ldimm64 earlier already (including just
constants) through replace_map_fd_with_map_ptr().
Fixes: 1be7f75d16 ("bpf: enable non-root eBPF programs")
Fixes: cbd3570086 ("bpf: verifier (add ability to receive verification log)")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 62199770
Change-Id: I62ee47d06ddc669ba2863e8cf24f8f3e7683a461
IOMMU will be detached for Secure Display session. We need to make
sure to unmap all the buffers before detaching IOMMU. There are a
couple of cases where the buffer on pipe which is being used for
Secure Display, isn't unmapped before IOMMU detach. Add handling
for such cases in validate and kickoff. Also, add changes to wait
for secure session completion in rotator, before mapping buffers.
Change-Id: Ia47f519b8ba471848bbf2eef4ae1c010f1d0c1d2
Signed-off-by: Krishna Chaitanya Devarakonda <kdevarak@codeaurora.org>
Possible use after free issue while accessing magic number,
if the ctx is already freed.
Magic number check is removed.
CRs-Fixed: 2061287
Change-Id: Ie157a930c7eb310829766319e0af742114337e6c
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
glink_pkt driver has no limit on number of intents auto queued for rx.
Intent are auto queued when remote side request for intent without checking
how many packets are pending to be read by client.
A max limit check is added to avoid memory exhaustion case with indefinite
intent queueing.
CRs-Fixed: 2042581
Change-Id: I68aa102b323716f591841b192477a70397a5536b
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
Add the mdss panel file to support qrd device tree overlay.
Change-Id: I65152ee6a7cafdbba299f0e0a3cac2e77c8c2660
Signed-off-by: Maria Yu <aiquny@codeaurora.org>
During hardware initialization charger is configured in
DRP mode from force UFP mode and after mode configuration
hardware takes ~300/400 msec for UFP/DFP detection. In case
if the delay between moving to DRP mode and software enabling
interrupts is more than hardware detection delay then software
will miss the detection interrupt. Fix this by moving DRP
configuration after interrupt request this ensures software will
receive interrupt once hardware detection completes.
CRs-Fixed: 2065296
Change-Id: I55c59ed558e8db40a7b1af7638832da1f9547222
Signed-off-by: Ashay Jaiswal <ashayj@codeaurora.org>
Add protection code to avoid the redundant firmware
setup from the userspace. Synchronize firmware setup
global data access by multiple firmware setup routines
when firmware setup triggered by userspace is in progress.
CRs-Fixed: 2053638
Change-Id: Ib5bf05aade464a0789c7b848457e95d25c4e6f8f
Signed-off-by: Sarada Prasanna Garnayak <sgarna@codeaurora.org>
Currently driver is removing pm_qos request after acquiring spinlock in
pcm_close() callback. This could cause warning as pm_qos_remove_request()
can sleep. Hence move removing pm_qos request before acquiring spin lock.
Change-Id: I8e898934c4e83b80c994b2a293abbd920589ac62
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
There is no syncronization between msm_vb2_get_buf
and msm_delete_stream which can lead to use after
free.
Fixed it by using read/write lock.
Change-Id: Icff5cd81b1a4e9c28f19936dec570751feab0ccf
Signed-off-by: Manish Poddar <mpoddar@codeaurora.org>
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
Signed-off-by: Andy Sun <bins@codeaurora.org>
