The current api which performs the clock reset is moved to use the reset
framework, so support the changes in ufs driver for the same. The reset
framework requires to get reset handle and perform assert/deassert of the
resets.
Change-Id: I78d833639772cf541e563cbf9fae1aa75ec6a7da
Signed-off-by: Amit Nischal <anischal@codeaurora.org>
Disable clocks in reverse order of the way you enable them so as to
avoid clock stuck_on warnings.
CRs-Fixed: 1066446
Change-Id: I071df5d5848878e5ff7b514bf9089c011a0c6a69
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
Create codec entry for wcd934x codec so that userspace can retrieve
the codec info.
CRs-Fixed: 1063367
Change-Id: Ie846b5edf1d8aaecce5140986dad8da69d608d5a
Signed-off-by: Walter Yang <yandongy@codeaurora.org>
As there are many hardware version of wcd934x codec. Add version
check in the code so that userspace can get the version info.
CRs-Fixed: 1063367
Change-Id: Ia320380d568426c2d7a414a832980a556ff27f0f
Signed-off-by: Walter Yang <yandongy@codeaurora.org>
In trigger_cpu_pwr_stats_calc(), if the local variable 'prev_temp' is
already updated with the latest temperature then temp might be used
uninitialized.
When scheduler's power data snapshot updates in the sampling thread,
update the temperature as well if the temperature has been the same for
some duration such that temp is used only when the sensor is read.
In update_userspace_power, incorrect cpumask could cause the function to
use uninitialized cpu variable. Initialize it to -1 at the beginning of
the function and treat unmodified value as error condition.
Change-Id: Ieccdc3f54f9c9f2cecc6b8578400c6fe44333177
Signed-off-by: Archana Sathyakumar <asathyak@codeaurora.org>
Send SUBSYS_BEFORE_SHUTDOWN notification to clients before doing
graceful shutdown so that clients can do their end of housekeeping.
CRs-Fixed: 1066446
Change-Id: I77b248c51914651aea4b27d7c5a3d5d784b1e542
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
This prevents stacking filesystems (ecryptfs and overlayfs) from using
procfs as lower filesystem. There is too much magic going on inside
procfs, and there is no good reason to stack stuff on top of procfs.
(For example, procfs does access checks in VFS open handlers, and
ecryptfs by design calls open handlers from a kernel thread that doesn't
drop privileges or so.)
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9
(cherry picked from commit e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9)
Change-Id: I1bf47b15e8201d3a049a04e1b054c664d9be9bea
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Problem is that mark_source_chains should not have been called --
the rule doesn't have a next entry, so its supposed to return
an absolute verdict of either ACCEPT or DROP.
However, the function conditional() doesn't work as the name implies.
It only checks that the rule is using wildcard address matching.
However, an unconditional rule must also not be using any matches
(no -m args).
The underflow validator only checked the addresses, therefore
passing the 'unconditional absolute verdict' test, while
mark_source_chains also tested for presence of matches, and thus
proceeeded to the next (not-existent) rule.
Unify this so that all the callers have same idea of 'unconditional rule'.
Reported-by: Ben Hawkes <hawkes@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 54d83fc74aa9ec72794373cb47432c5f7fb1a309
(cherry picked from commit 54d83fc74aa9ec72794373cb47432c5f7fb1a309)
Change-Id: I425228695bd50751476ac6032f10e3b927825f35
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes: f70e2e0619 ('KEYS: Do preallocation for __key_link()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 38327424b40bcebe2de92d07312c89360ac9229a
(cherry picked from commit 38327424b40bcebe2de92d07312c89360ac9229a)
Change-Id: I07568c78448b9d4bcc19b506ac0cbeb3d8af6961
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
https://lkml.org/lkml/2016/1/11/587
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Git-repo: https://android.googlesource.com/kernel/common.git
Git-commit: 012b0adcf7299f6509d4984cf46ee11e6eaed4e4
[d-cagle@codeaurora.org: Resolve trivial merge conflicts]
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Bug: 29054680
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
perf_event_paranoid was only documented in source code and a perf error
message. Copy the documentation from the error message to
Documentation/sysctl/kernel.txt.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/20160119213515.GG2637@decadent.org.uk
[ Remove reference to external Documentation file, provide info inline, as before ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Bug: 29054680
Change-Id: I13e73cfb2ad761c94762d0c8196df7725abdf5c5
Git-repo: https://android.googlesource.com/kernel/common.git
Git-commit: b79154b8f7702f6e8a56ce9f1355f841cec16c37
[d-cagle@codeaurora.org: Resolve trivial merge conflicts]
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
The stack object “map” has a total size of 32 bytes. Its last 4
bytes are padding generated by compiler. These padding bytes are
not initialized and sent out via “nla_put”.
Change-Id: I41f4745f24720c7af5ab08dc4274224d7fe4dcfe
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 5f8e44741f9f216e33736ea4ec65ca9ac03036e6
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
If cpr3_ctrl_clear_cpr4_config() returns an error at the
beginning of the cpr3_regulator_measure_aging() function, then
goto cleanup is called. After that, the *_restore values are
written back into hardware registers. Unfortunately, these
*_restore variables are uninitialized in this code path.
Correct this issue.
Change-Id: I906613a00137925c9903ac6c01771c459594864f
CRs-Fixed: 1066407
Signed-off-by: David Collins <collinsd@codeaurora.org>
A discrepancy between cpu_online_mask and cpuset's effective_cpus
mask is inevitable during hotplug since cpuset defers updating of
effective_cpus mask using a workqueue, during which time nothing
prevents the system from more hotplug operations. For that reason
guarantee_online_cpus() walks up the cpuset hierarchy until it finds
an intersection under the assumption that top cpuset's effective_cpus
mask intersects with cpu_online_mask even with such a race occurring.
However a sequence of CPU hotplugs can open a time window, during which
none of the effective CPUs in the top cpuset intersect with
cpu_online_mask.
For example when there are 4 possible CPUs 0-3 and only CPU0 is online:
======================== ===========================
cpu_online_mask top_cpuset.effective_cpus
======================== ===========================
echo 1 > cpu2/online.
CPU hotplug notifier woke up hotplug work but not yet scheduled.
[0,2] [0]
echo 0 > cpu0/online.
The workqueue is still runnable.
[2] [0]
======================== ===========================
Now there is no intersection between cpu_online_mask and
top_cpuset.effective_cpus. Thus invoking sys_sched_setaffinity() at
this moment can cause following:
Unable to handle kernel NULL pointer dereference at virtual address 000000d0
------------[ cut here ]------------
Kernel BUG at ffffffc0001389b0 [verbose debug info unavailable]
Internal error: Oops - BUG: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 2 PID: 1420 Comm: taskset Tainted: G W 4.4.8+ #98
task: ffffffc06a5c4880 ti: ffffffc06e124000 task.ti: ffffffc06e124000
PC is at guarantee_online_cpus+0x2c/0x58
LR is at cpuset_cpus_allowed+0x4c/0x6c
<snip>
Process taskset (pid: 1420, stack limit = 0xffffffc06e124020)
Call trace:
[<ffffffc0001389b0>] guarantee_online_cpus+0x2c/0x58
[<ffffffc00013b208>] cpuset_cpus_allowed+0x4c/0x6c
[<ffffffc0000d61f0>] sched_setaffinity+0xc0/0x1ac
[<ffffffc0000d6374>] SyS_sched_setaffinity+0x98/0xac
[<ffffffc000085cb0>] el0_svc_naked+0x24/0x28
The top cpuset's effective_cpus are guaranteed to be identical to
cpu_online_mask eventually. Hence fall back to cpu_online_mask when
there is no intersection between top cpuset's effective_cpus and
cpu_online_mask.
CRs-fixed: 1058529
Change-Id: I83ee4619feff2ca7452119c9baecb6ffde755287
Signed-off-by: Joonwoo Park <joonwoop@codeaurora.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: cgroups@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.17+
Signed-off-by: Tejun Heo <tj@kernel.org>
EQ bias is enabled in of msmcobalt version 2 csiphy.
Differentiate this setting with new version 2 camera dt file.
CRs-Fixed: 1050172
Change-Id: I5781453f2b2a81b9cf5f7fb643e021b53879583e
Signed-off-by: Viswanadha Raju Thotakura <viswanad@codeaurora.org>
Provide client_id in ind_register QMI request message so that
WLAN FW can identify different clients.
CRs-Fixed: 1065341
Change-Id: I2d79daa72fb87a7d3c0818563a88e94f36af48b8
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
The spss-util driver provides utilities required for the SPSS.
It provides the fuse state for key selection.
It provides the SPSS HW version.
Change-Id: I70c37d64db351db86e3d1d5dddb810257c68d72f
Signed-off-by: Amir Samuelov <amirs@codeaurora.org>
The function regulator_set_optimum_mode() has been renamed to
regulator_set_load(). So update the driver accordingly.
Change-Id: I7d69a4529368918f159a25769f497e6425838460
Signed-off-by: Abinaya P <abinayap@codeaurora.org>
Correct return value check of gtp_read_fw_version, called in probe
of the Goodix driver. The return value is actually the number of
registers read through gtp_i2c_read() function call.
Also change the error message of gtp_check_product_id.
Change-Id: I0b643e250a487f08a19555237802b020b0873d1a
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
Use standard initializer code in gtp_i2c_read and
gtp_i2c_write functions for Goodix touchscreen driver.
Change-Id: Id954be61a0b4596339a659928fb630c5c5538a9a
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
Signed-off-by: Sudhakar Manapati <smanap@codeaurora.org>
Replace non-standard debug function with the conventional
functions in Goodix driver. And remove unnecessary debug
function used in Goodix driver.
Change-Id: Ia89d225333c1309710aab67b9c406784567e3050
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
Signed-off-by: Sudhakar Manapati <smanap@codeaurora.org>
MSM GPIO 69 is used as a clock for native playback
on msmcobalt. Add the GPIO 69 configuration along with
pinctrl information.
CRs-Fixed: 1066167
Change-Id: Icd3e82a754867c0f16035a5f3eb7f86ee57c7281
Signed-off-by: Meng Wang <mwang@codeaurora.org>
There are multiple buffer overflow and input validation issues
in Goodix gt915 driver, fix these issues by adding data length
check and change file system node mode.
Change-Id: I5173fc1ca021fd45c939c7c8a4f460651330de5b
Signed-off-by: Bingzhe Cai <bingzhec@codeaurora.org>
Signed-off-by: Sudhakar Manapati <smanap@codeaurora.org>
Add dynamic detection support to goodix driver, where
the driver tries to read the chip id and make sure
it is communicating with the right chip.
gtp_read_version is modified to gtp_read_fw_version
which reads the firmware version from the controller
and will be used during fw update process.
Change-Id: I2dc51b84f817413da6bf9b266e2fe7e0bb09c4bc
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
Signed-off-by: Sudhakar Manapati <smanap@codeaurora.org>
Multi-touch(MT) protocol B use input_mt_report_slot_state()
instead of send ABS_MT_TRACKING_ID event directly, so modify
the driver to follow the protocol and remove redundant protocol
A code.
Change-Id: I542e61fabaaa04fcf5fb7e454e10599511f18e39
Signed-off-by: Bingzhe Cai <bingzhec@codeaurora.org>
Signed-off-by: Sudhakar Manapati <smanap@codeaurora.org>
Add missing change for request_firmware_nowait so third party
drivers are able to load their firmware
Change-Id: Ic6b842a717bde9c2bc50a7c7845c7c50ac05be25
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
