There is a race condition between ipa3_nat_init_cmd
and ipa_read_nat4. The two thread will R/W the critical
global variables. This will result in race conditions
and possibly buffer overread/ overwrite issues. Add code
to prevent this race condition.
Change-Id: I6bf9a837ae941cf3ad9413da6e44821916acf196
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Add support to Hibernation for msm8996AU based auto
platform.
Change-Id: I6db195dbf33a146c01b3d097ef9b34cb11019f60
Signed-off-by: Atul Raut <araut@codeaurora.org>
Currnetly NAT table is not deleted even if public ip is assigned to
NAT table. Add check to prevent deletion only if public ip is not assigned.
Change-Id: I4855b21472d3f6bf541d07733b18592e9e677ce6
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
There is a possibility of out-of-bound read if msg mask
ranges received from peripheral are more than max ssid per
range. Cap msg mask's ssid ranges to MAX_SSID_PER_RANGE if
ranges received from peripheral are greater than the same.
Change-Id: I886692ad223e16678bfaecbe381c62fdf3503cb5
Signed-off-by: Hardik Arya <harya@codeaurora.org>
IPA driver expose routing rule id IOCTL's to user space.
There is a chance of getting invalid routing rule-id.
Validate it before committing it to IPA hardware.
Change-Id: If80b94d3a055f9212d25aff9a57d1b45001ba586
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
In msm_cpp_irq function, tx_level is read using msm_carmera_io_r(),
However, this value is never verified to lower than
MSM_CPP_TX_FIFO_LEVEL (16), As tx_level is used as the upper bound
for the following loop, any value bigger than 16 will result in a
buffer overflow. Hence handling this case as error with error log.
Change-Id: I13222b315c3c9ee46bedb8b4e8e161179fea321d
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
The driver is modified to allow communication between a virtual
subsystem, and its native clients.
Change-Id: I40854327431f3691f76df9d781dbd0a24090594e
Signed-off-by: Anant Goel <anantg@codeaurora.org>
Remove configs for SMD, SMEM and SMP2P. These configs
are not required for the GVM platform.
Change-Id: I93d154085c6f249cd26949b40a953e66f010e72b
Signed-off-by: Anant Goel <anantg@codeaurora.org>
Modify subsys_notif_virt device to enable communication between
subsystems and their registered clients.
Change-Id: Id44081a391c55f1326082e6b629e69b7de5dbb9e
Signed-off-by: Anant Goel <anantg@codeaurora.org>
Move the mask_info mutex initialization outside mask structure
to facilitate prevention of out of bound access while initializing
msg mask during md session creation. Use separate msg_mask_tbl_count
for ODL session msg mask and regular msg mask to prevent out of
bound access in a possible race condition of accessing mask ranges.
Change-Id: I87497c67daff8cc1797a1266d50456bdbd3a9c23
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
During capability qmi message failure ICNSS_MSA0_ASSIGNED
flag is not getting clear. Due to this after PDR/SSR next
time it is not configuring the MSA0 permission to q6 which
result into NOC error as q6 is not having access permission.
To address above issue clear ICNSS_MSA0_ASSIGNED bit in
failure case.
CRs-Fixed: 2300877
Change-Id: I6aeaedb5a394b843c4f1c8ef1e0be47a6947b331
Signed-off-by: Hardik Kantilal Patel <hkpatel@codeaurora.org>
Currently user regulatory hint is ignored if all wiphys
in the system are self managed. But the hint is not ignored
if there is no wiphy in the system. This affects the global
regulatory setting. Global regulatory setting needs to be
maintained so that it can be applied to a new wiphy entering
the system. Therefore, do not ignore user regulatory setting
even if all wiphys in the system are self managed.
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Change-Id: I468fcd3403259b03369e011fa41b003e8ff33d3c
CRs-Fixed: 2276224
Git-commit: e31f6456c01c76f154e1b25cd54df97809a49edb
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
* refs/heads/tmp-f057ff9
Linux 4.4.148
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
x86/init: fix build with CONFIG_SWAP=n
x86/speculation/l1tf: Fix up CPU feature flags
x86/mm/kmmio: Make the tracer robust against L1TF
x86/mm/pat: Make set_memory_np() L1TF safe
x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
x86/speculation/l1tf: Invert all not present mappings
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
x86/speculation/l1tf: Protect PAE swap entries against L1TF
x86/cpufeatures: Add detection of L1D cache flush support.
x86/speculation/l1tf: Extend 64bit swap file size limit
x86/bugs: Move the l1tf function and define pr_fmt properly
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
mm: fix cache mode tracking in vm_insert_mixed()
mm: Add vm_insert_pfn_prot()
x86/speculation/l1tf: Add sysfs reporting for l1tf
x86/speculation/l1tf: Make sure the first page is always reserved
x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
x86/speculation/l1tf: Protect swap entries against L1TF
x86/speculation/l1tf: Change order of offset/type in swap entry
mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
x86/mm: Fix swap entry comment and macro
x86/mm: Move swap offset/type up in PTE to work around erratum
x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
x86/irqflags: Provide a declaration for native_save_fl
kprobes/x86: Fix %p uses in error messages
x86/speculation: Protect against userspace-userspace spectreRSB
x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
ARM: dts: imx6sx: fix irq for pcie bridge
IB/ocrdma: fix out of bounds access to local buffer
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/core: Make testing MR flags for writability a static inline function
fix __legitimize_mnt()/mntput() race
fix mntput/mntput race
root dentries need RCU-delayed freeing
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
xen/netfront: don't cache skb_shinfo()
parisc: Define mb() and add memory barriers to assembler unlock sequences
parisc: Enable CONFIG_MLONGCALLS by default
fork: unconditionally clear stack on fork
ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
tpm: fix race condition in tpm_common_write()
ext4: fix check to prevent initializing reserved inodes
Linux 4.4.147
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
i2c: imx: Fix reinit_completion() use
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
ext4: fix false negatives *and* false positives in ext4_check_descriptors()
netlink: Don't shift on 64 for ngroups
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
nohz: Fix local_timer_softirq_pending()
genirq: Make force irq threading setup more robust
scsi: qla2xxx: Return error when TMF returns
scsi: qla2xxx: Fix ISP recovery on unload
Conflicts:
include/linux/swapfile.h
Removed CONFIG_CRYPTO_ECHAINIV from defconfig files since this upmerge is
adding this config to Kconfig file.
Change-Id: Ide96c29f919d76590c2bdccf356d1d464a892fd7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
memset smsg to avoid the padding data of kernel to be shared
with user space. Fix is to set fields event to all "0", but there is
actually 6 bytes padding between "sktype" and "skflags", so memset was
done to set all the padding bits to 0.
CRs-Fixed: 2287852
Change-Id: I435486b80ad19c5fa54b098680623e7a4f080198
Signed-off-by: Kaustubh Pandey <kapandey@codeaurora.org>
Acked-by: Chinmay Agarwal <chinagar@qti.qualcomm.com>
Such warning of "initialization from incompatible pointer type"
is found in the build time, and it's good to fix it.
Change-Id: Iaf820ae7ec4a7851185febbdebaaab3706fb2402
Signed-off-by: Yong Ding <yongding@codeaurora.org>
Currently, the EDID parser adds the formats based on the
parsing of the Video data blocks and other CTA blocks.
However, there is no input validation based on the
HDMI HFVSDB block to check whether the mode advertised
by the sink actually falls in the TMDS char rate limits.
Add this check in the EDID parser to make sure invalid
formats are not added to the list.
Change-Id: I9a8e8f023924421710cf27402be98150554d0271
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
This adds support for saving the arm-smmu client's context
just before going into hibernation. This context is restored
on the subesequent hibernate restore.
Also, invalidate the TLB during the restore phase to avoid
wrong translations post-resume.
Change-Id: Idd8d12bb4d13f8a62bd51e0adaad82bd92f658ee
Signed-off-by: vkakani <vkakani@codeaurora.org>
Signed-off-by: Arun KS <arunks@codeaurora.org>
Signed-off-by: Atul Raut <araut@codeaurora.org>
Signed-off-by: Siddhartha Agrawal <agrawals@codeaurora.org>
Check the cid number to be less than MAX_CID in csid.
Change-Id: I16777dc8e8c72e01dc10490cd4c205c939adb7b5
Signed-off-by: Chunhuan Zhan <zhanc@codeaurora.org>
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
jpeg driver is calling class_create with stack variable, which
can be overwritten by other stack variables.
Change-Id: I92ccd4629cef8a06b7715b8483cf53a9607bd22f
Signed-off-by: Deepak Shankar <dees@codeaurora.org>
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
This reverts commit 563b2f7a6b.
The previous approach of dynamically updating the writeable
permission bits of the power/data_role attributes only works
if the userspace application has root permission since the
call to sysfs_update_group() removes and re-adds the files. If
they had previously been chown/chgrp'ed, the ownership would be
reset. On the other hand, if there was a ueventd rule to
dynamically update the ownership, then the mode would always
be overridden with the static umask given in the ueventd rule,
contradicting the driver's determination of writeability.
Hence, the more comprehensive fix should be done in userspace
to not rely solely on writeability. Still, this change needs
to be reverted since it can still cause a race between ueventd
and the userspace service trying to check writability.
Change-Id: Ic667a97f2bae41e5a86ee45565518b06db959b36
Signed-off-by: Jack Pham <jackp@codeaurora.org>
