sockaddr structure is filled with required information only which
results in few memory locations of structure with uninitialized data.
Memset complete structure before using it to remove uninitialized data.
CRs-Fixed: 2274853
Change-Id: I181710bde100fb1553b925d9fdf227af35ff38b5
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In high speed sensor data stream case system is not entering into
suspend state due to edge and port specific wake-up sources.
Add flag to check and avoid the wakeup sources for all sensor ports.
CRs-Fixed: 2196601
Change-Id: Ibf642619b969925dc96e8a57e11f7e349b85c024
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
The increment logic of u64 pointer in skb_copy_to_log_buf() leads to
buffer overflow.
Modify the proto type of skb_copy_to_log_buf() function to accept
only unsigned char pointer.
CRs-Fixed: 2212592
Change-Id: I8affff1316656c1060ec57f2fb10b46f85314358
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
The skb_peek and skb_peek_tail functions can return NULL if the skb
list is empty. Check the return value before using the skb.
CRs-Fixed: 2121368
Change-Id: If14320104ec37b8b7504e930ed8fd06e72d08724
Signed-off-by: Chris Lew <clew@codeaurora.org>
Change the IPC wakelock name to include PID since
complete process name is not printed in many bugreports.
IPC wakelock are of format ipc<port_id>_<PID>_<proc_name>.
Improve debugfs logging to include port_id to service_id mapping
and the amount of transactions on each local port. This information
is helpful in associating a local port with the service ID. This
info is present in /d/dump_local_ports.
CRs-Fixed: 2063352
Change-Id: Id6406f89b3b61066399ef5660b9d2ab37bff6728
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
By default IPC Router core uses edge and port specific wakeup sources
which are blocking system suspend in special use cases like streaming
non wakeup sensors data at high speed.
Add dynamic wakeup source enable/disable functionality to acquire the
wakeup source only during the APPS suspend stage.
CRs-Fixed: 2057391
Change-Id: I2a5ea4e2c31432a9dd195c702ef7001b26eed33d
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Allowing services to be registered on a non-client port will cause either
an existing service or a control port to be over-written. This will cause
undefined functional behavior.
Allow the services to be registered only on client ports.
CRs-Fixed: 1101792
Change-Id: If6cfc75e9314204b7b44957f1598a8a2e1a45325
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
Fail cases of accept() system call on AF_MSM_IPC socket family causes
NULL pointer de-reference of sock structure variable in release operation.
Validate the sock structure pointer before using it in release operation.
CRs-Fixed: 1068888
Change-Id: I5637e52be59ea9504ea6ae317394bef0c28c7865
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
conn_info is used to connect the local port with destination port
address and is freed only for remote server cleanup in SSR case
which leads memory leak for other remote ports which valid conn_info.
Free the conn_info structure for all remote ports during the SSR and
while handling remove client message.
CRs-Fixed: 1057219
Change-Id: I164a9eb308f5779d545766b18bb41184c49bbb3d
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
IPC Router assigns NULL to write_space callback for all sockets in its
family by defaults. The setsockopt operation with SO_SNDBUF option
accesses write_space callback without checking its validity. This may
lead to a NULL pointer dereferencing when that operation is performed.
Assign a dummy write_space callback operation by default to all IPC Router
sockets.
CRs-Fixed: 1025150
Change-Id: Id2454683116c948b7bb4fa3c50a91a5a9585a491
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
In local client and local service communication, getting the reference
count for local xport_info pointer fails with -ENODEV and returns
without sending the resume tx message which blocks the communication.
Check and remove the reference get logic for local xprt_info.
CRs-Fixed: 1009471
Change-Id: If11cd577d30c22d79544f4668e08ccf269237236
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In SSR case the xprt_info pointer is freed without considering the users of
the pointer in TX path will leads to use after free of the pointer.
Use the reference count to keep track of the xprt_info structure and wait
for the all user to complete the task before free the xprt_info pointer.
CRs-Fixed: 999123
Change-Id: I894a877346ff1d395c6f1b06267dfec333cb1024
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
IPC Router binds any port as a control port and moves it from the client
port list to control port list. Misbehaving clients can exploit this
incorrect behavior.
IPC Router to check if the port is a client port before binding it as a
control port.
CRs-Fixed: 974577
Change-Id: I9f189b76967d5f85750218a7cb6537d187a69663
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
The service info structure is allocated with uninitialized memory for the
max number of services and returns the complete structure to the usersapce
resulting in the information leak if lookup operation finds less number of
services than the requested number.
Check the minimum of requested and available services and copy the minimum
information to the user-space.
CRs-Fixed: 965934
Change-Id: Ic97f875855fdc6440c1db1d8d0338ee8b03a9d0a
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Currently, IPC Router statically associates the version of the
protocol to be used with each link. Thus, dynamic version negotiation
is not possible.
Add support for version negotiation that sets IPC Router version
after a successful negotiation.
Change-Id: Iea04742ef30443c1e36760561e7f20175c4fbaa6
Signed-off-by: Atish Kumar Patra <apatra@codeaurora.org>
The networking module uses iov_iter library to manage the vector buffers
from user-space. Use iov_iter accessor functions to copy the data from/to
the user-space vector buffers.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
Update the function signature of sendmsg and recvmsg operations.
Pass the kernel socket flag to the updated socket object allocation
function.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
qmi_encdec.h header file is no longer required in IPC Router. Remove
including that header file.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
This snapshot is taken as of msm-3.18 commit e70ad0cd (Promotion of
kernel.lnx.3.18-151201.)
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
