When tcp_sendmsg() allocates a fresh and empty skb, it puts it at the
tail of the write queue using tcp_add_write_queue_tail()
Then it attempts to copy user data into this fresh skb.
If the copy fails, we undo the work and remove the fresh skb.
Unfortunately, this undo lacks the change done to tp->highest_sack and
we can leave a dangling pointer (to a freed skb)
Later, tcp_xmit_retransmit_queue() can dereference this pointer and
access freed memory. For regular kernels where memory is not unmapped,
this might cause SACK bugs because tcp_highest_sack_seq() is buggy,
returning garbage instead of tp->snd_nxt, but with various debug
features like CONFIG_DEBUG_PAGEALLOC, this can crash the kernel.
This bug was found by Marco Grassi thanks to syzkaller.
Change-Id: Iba5975e360eb2b2729b6f958b7cb00bfc469e51b
Fixes: 6859d49475 ("[TCP]: Abstract tp->highest_sack accessing & point to next skb")
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: bb1fceca22492109be12640d49f5ea5a544c6bb4
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
when USB cable is disconnected during TX data transfers, endpoints will
be disabled during function disable. If userspace client tries to queue
requests on disabled endpoints, driver will wait till endpoints are
enabled and then queues previous session requests. This results in kernel
driver and userspace driver out of sync and due to this, stall will be
seen. Hence fix this issue by returning error value if client tries to
queue requests on TX endpoint during device offline.
CRs-Fixed: 633497
Change-Id: I3e43b8a704367aff7fe8dd88159315aef811c51c
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Isolation code needs to be synchronized with both hotplug and suspend.
Ensure this by taking the lock that is taken by both paths and ensure
hotplug notifiers are processed for suspend/resume.
Change-Id: I663588cfd2f9e3972b9adc1a10887ef36cd70c57
Signed-off-by: Olav Haugan <ohaugan@codeaurora.org>
Add charger/FG device nodes along with the necessary
configuration.
Keep all these nodes disabled for simulator/RUMI platform.
CRs-fixed: 1091731
Change-Id: I9c751d777d8402cdea3cdfb27da1a19a98a250e2
Signed-off-by: Ashay Jaiswal <ashayj@codeaurora.org>
Remove the pointless checking against interface combinations in
the initial basic beacon interval validation, that currently isn't
taking into account radar detection or channels properly. Instead,
just validate the basic range there, and then delay real checking
to the interface combination validation that drivers must do.
This means that drivers wanting to use the beacon_int_min_gcd will
now have to pass the new_beacon_int when validating the AP/mesh
start.
CRs-Fixed: 1087922
Change-Id: Iec536bcdf4ed95e3d796324fd8bf5df259b340b0
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Git-commit: 4c8dea638c16141adb046fd2e0cab51dfe43650c
[liord@codeaurora.org: Fix conflicts]
Signed-off-by: Lior David <liord@codeaurora.org>
We shouldn't abort the iteration with an error when one of the
potential combinations can't accomodate the beacon interval
request, we should just skip that particular combination. Fix
the code to do so.
CRs-Fixed: 1087922
Change-Id: Ib1ae7221291b8176d61d58e756a3814c80d98d27
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Git-commit: 0507a3ac6e98f50583912ec78d07c2e4daaf2b28
[liord@codeaurora.org: cherry-pick without changes]
Signed-off-by: Lior David <liord@codeaurora.org>
Beacon interval interface combinations validation was missing
for MESH/IBSS join, add those.
Johannes: also move the beacon interval check disallowing really
tiny and really big intervals into the common function, which
adds it for AP mode.
CRs-Fixed: 1087922
Change-Id: I282300533dcd80f65c9ba366246d028a6130ffff
Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Git-commit: 12d20fc9186a742d40e824f575df5aa62be31d69
[liord@codeaurora.org: fix conflicts and trivial compile errors]
Signed-off-by: Lior David <liord@codeaurora.org>
Change the power supply for msmcobalt QRD interposer platform
to use regulators from pmfalcon.
CRs-Fixed: 1090535
Change-Id: Ib1fdb0454c6e1d770ea6ec11a6032f8553d56c06
Signed-off-by: xiaonian <xiaonian@codeaurora.org>
Add venus device nodes to support hardware accelerated
video codecs for starlord.
CRs-Fixed: 1088324
Change-Id: I2e8ffab214106c01557446e00dbebe2cc2a52bd1
Signed-off-by: Deepak Kushwah <dkushwah@codeaurora.org>
Specify the regulators for mdss on falcon track3.
Change-Id: Ie828c8568ef09c89cff157d16d3cb322647b6f6e
Signed-off-by: Ashish Garg <ashigarg@codeaurora.org>
Add the LDO and NCP display +ve and -ve bias for LCD
display.
Change-Id: Ia85688854f26fe871d5c1253c2d51d75d84deb8f
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
Add common dtsi file for msmfalcon and msmtriton. Also Add
device tree entry for super speed USB3 controller, super speed
phy and high speed phy.
Change-Id: I326eceeddff8e77d346c3365fa46cd539324451f
Signed-off-by: Chandana Kishori Chiluveru <cchiluve@codeaurora.org>
To optimize charging during power negotiation and the voltage
is not changing, for example when transitioning from implicit
contract to the default 5V PDO, there is no requirement to
suspend the charging and hence setting the charger's
PROP_PD_CURRENT_MAX can be avoided. It is only needed when
changing voltages, in which case current limit should be
calculated based on pSnkStdby (2.5W), or when staying at the
same voltage and decreasing current.
Also fix the incorrect setting of PROP_CURRENT_MAX to
PROP_PD_CURRENT_MAX when doing a sink->source swap.
Change-Id: Ib53902459646e590df4dc7fcb00f833d5e8f41ed
Signed-off-by: Jack Pham <jackp@codeaurora.org>
There's no harm in having drivers read the list, since they can
use RCU protection or RTNL locking; allow this to not require
each and every driver to also implement its own bookkeeping.
CRs-Fixed: 1087922
Change-Id: I2f38b8ba1ddbe6041a4189f5d9b72c982f0fb367
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Git-commit: 53873f134d285191ef6435882d55837093a36c53
[liord@codeaurora.org: fix conflicts]
Signed-off-by: Lior David <liord@codeaurora.org>
Increase the refresh rate for the RRADC to support
reading refreshed USBIN voltage at a higher frequency.
To support the higher frequency at which the data
is refreshed enable continuous mode and force update
on reading every cycle on the USBIN_V trigger.
After reading the USBIN_V result set the RRADC to non
continuous mode with default trigger setting.
Change-Id: I7e9ada5de1f619c6a34a4b2e1764f5e908564ce5
Signed-off-by: Siddartha Mohanadoss <smohanad@codeaurora.org>
Clear mpm_wcssaon_config bits before top level reset.
If those bits are non-zero during WLAN is enabled,
there could be random failures.
CRs-Fixed: 1086372
Change-Id: Ia03380dfa4852c80fedb38f3c79f55d8d1a9a7f6
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
Currently we disable try.SINK right before pd becomes active and
re-enable it right after inactive. This breaks typec compliance.
To fix it, disable try.SINK mode in the probe and never enable it.
Change-Id: I61523188f45daca026b90943c845b43a8327f51e
Signed-off-by: Harry Yang <harryy@codeaurora.org>
Currently there is an issue introduced by forcing the results of
the icl_votable while pd is active. icl_votable is a min voter
and since the DEFAULT_VOTER votes 1.5Amps that becomes the max
one could draw when pd is active. This is incorrect and hence the
issue.
Note that DEFAULT_VOTER is only needed while DCP is present.
So, to fix it, rename DEFAULT_VOTER to DCP_VOTER and make DCP_VOTER
unvote and vote when pd_active is set and unset respectively.
CRs-Fixed: 1091477
Change-Id: I7435f05f20e12a7704ae5d9597b5cdc9b5a61d00
Signed-off-by: Harry Yang <harryy@codeaurora.org>
Incorporate the 2016-10-31 updates to the internal regulatory
database. Update countries Bahrain, Belize, Chile, Egypt, Honduras,
India, S Korea, Nepal, Panama, Russia, Senegal, TT and UAE. Also
update St. Kitts&Navis and St. Lucia dfs region.
Change-Id: Ia151b2dd5229f07790ac961af298305b24e098fb
CRs-Fixed: 1091511
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Device tree creation of new mediabox variant of
apqcobalt.
CRs-Fixed: 1091110
Change-Id: I4f8070e7fd0aa39664208cfab2448b5a95ab2326
Signed-off-by: Mohamed Moussa <mmouss@codeaurora.org>
Signed-off-by: David Ng <dave@codeaurora.org>
