Commit graph

599564 commits

Author SHA1 Message Date
Sachin Grover
e42662afef selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
Call trace:
 [<ffffff9203a8d7a8>] dump_backtrace+0x0/0x428
 [<ffffff9203a8dbf8>] show_stack+0x28/0x38
 [<ffffff920409bfb8>] dump_stack+0xd4/0x124
 [<ffffff9203d187e8>] print_address_description+0x68/0x258
 [<ffffff9203d18c00>] kasan_report.part.2+0x228/0x2f0
 [<ffffff9203d1927c>] kasan_report+0x5c/0x70
 [<ffffff9203d1776c>] check_memory_region+0x12c/0x1c0
 [<ffffff9203d17cdc>] memcpy+0x34/0x68
 [<ffffff9203d75348>] xattr_getsecurity+0xe0/0x160
 [<ffffff9203d75490>] vfs_getxattr+0xc8/0x120
 [<ffffff9203d75d68>] getxattr+0x100/0x2c8
 [<ffffff9203d76fb4>] SyS_fgetxattr+0x64/0xa0
 [<ffffff9203a83f70>] el0_svc_naked+0x24/0x28

If user get root access and calls security.selinux setxattr() with an
embedded NUL on a file and then if some process performs a getxattr()
on that file with a length greater than the actual length of the string,
it would result in a panic.

To fix this, add the actual length of the string to the security context
instead of the length passed by the userspace process.

Change-Id: Ie0b8bfc7c96bc12282b955fb3adf41b3c2d011cd
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>
2018-05-30 21:25:04 -07:00
Linux Build Service Account
7f1e39e00b Merge "drm: sde: Check commit's validity when starting splash handoff" 2018-05-30 10:21:00 -07:00
Linux Build Service Account
fc98b97cd8 Merge "msm: kgsl: Don't dump GPMU registers on non GPMU devices" 2018-05-29 13:57:06 -07:00
Linux Build Service Account
addd4dab16 Merge "ASoC: msm: add boot marker for mi2s and auto sound card" 2018-05-29 05:07:37 -07:00
Linux Build Service Account
5cb5749cd7 Merge "defconfig: msm: enable lpass resource mgr for msm8996-auto" 2018-05-27 09:11:15 -07:00
Linux Build Service Account
2115d78a54 Merge "ARM: dts: msm: add lpass resource mgr on automotive msm8996" 2018-05-27 09:11:14 -07:00
Linux Build Service Account
fd10e25d18 Merge "defconfig: msm: enable Sensor DSP framework" 2018-05-27 09:11:11 -07:00
Linux Build Service Account
b746664418 Merge "msm: ipa: fix to not allow NAT DMA command without device initialization" 2018-05-27 02:06:57 -07:00
Linux Build Service Account
10f17193d7 Merge "defconfig: msmcortex: Enable INET_UDP_DIAG" 2018-05-26 13:26:54 -07:00
Linux Build Service Account
d9f6f32dae Merge "defconfig: sdm660: Enable INET_UDP_DIAG" 2018-05-26 13:26:53 -07:00
Linux Build Service Account
7879aadfcc Merge "asoc: msm8998: Add configuration for adaptive bitrate." 2018-05-26 13:26:51 -07:00
Mohammed Javid
333b7dec60 msm: ipa: fix to not allow NAT DMA command without device initialization
Without NAT device initialization sending NAT DMA
commands leads to XPU violation. Added checks to
verify device initialized or not before sending DMA
command.

Change-Id: I7440abc14a81e1621573f0e2808a410d60b2458d
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
2018-05-26 23:56:08 +05:30
Linux Build Service Account
4df80cc49c Merge "Merge android-4.4.132 (46155cc) into msm-4.4" 2018-05-25 08:58:07 -07:00
Linux Build Service Account
32645e12c3 Merge "defconfig: msm-auto: Enable PASR driver for msm8996" 2018-05-25 08:58:03 -07:00
Linux Build Service Account
2583029971 Merge "soc: qcom: pasr: Add MSM PASR driver" 2018-05-25 08:58:01 -07:00
Linux Build Service Account
2d58063eb8 Merge "usb: Use DECLARE_USB_FUNCTION() for initializing USB QDSS function driver" 2018-05-25 00:09:43 -07:00
Linux Build Service Account
c1b445a451 Merge "power: qpnp-fg-gen3: Restore recharge SOC only when not in JEITA" 2018-05-25 00:09:42 -07:00
Linux Build Service Account
0828ba03db Merge "ARM: dts: msm: remove leakage on ldo26 for msm8996" 2018-05-25 00:09:39 -07:00
Mayank Rana
5ddd6eca57 usb: Use DECLARE_USB_FUNCTION() for initializing USB QDSS function driver
USB QDSS function driver is already registered as module and having init
and exit APIs. DECLARE_USB_FUNCTION_INIT() adds additional module entries
for USB QDSS function driver. This results into seeing error as
"usb_qdss_init: failed to register diag -17" when usb_function_register()
is called 2nd time. Hence fix this issue by using DECLARE_USB_FUNCTION()
instead of DECLARE_USB_FUNCTION_INIT() API.

Change-Id: I37da484eaa44e60e331d18fa720289a2dff8ad50
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
2018-05-24 17:02:00 -07:00
Subbaraman Narayanamurthy
9c572ce8ee power: qpnp-fg-gen3: Restore recharge SOC only when not in JEITA
Currently, recharge SOC is adjusted (lowered) based on the SOC
where charging terminates. It is restored back to the original
threshold when the charge termination condition goes away. This
works fine in most cases. However there are certain conditions
where the charger fluctuates between fast and taper regions along
with the charge termination status.

Handle this by checking if battery is out of JEITA as well before
restoring back the original recharge SOC threshold.

CRs-Fixed: 2213369
Change-Id: Ic64151ddbbff09c26d6ebfcd3e6d4e70e0be8c9d
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
2018-05-24 13:14:29 -07:00
Linux Build Service Account
45c4f7d22f Merge "ASoC: msm: Modify buf size check to prevent OOB error" 2018-05-24 02:46:45 -07:00
Linux Build Service Account
25405b771e Merge "drm/msm : check buffer size before writing to user buffer" 2018-05-24 02:46:44 -07:00
Linux Build Service Account
8696c16cbb Merge "drm/msm/sde: fix array overflow" 2018-05-24 02:46:43 -07:00
Linux Build Service Account
3ff5bbb593 Merge "fb: msm_dba: disable timing generator correctly during suspend" 2018-05-24 02:46:42 -07:00
Linux Build Service Account
f485daa540 Merge "ARM: dts: msm: remove modem region reserved on APQ8096 ADP" 2018-05-24 02:46:41 -07:00
Linux Build Service Account
2ed9c4ea73 Merge "msm: camera: Fix for Possible information leak issue" 2018-05-24 02:46:40 -07:00
Linux Build Service Account
b2798d39f3 Merge "ARM: dts: msm: Configure irq flag for blsp_uart2 in 8996 gvm" 2018-05-24 02:46:38 -07:00
Linux Build Service Account
99f9e4f8bb Merge "power: smb-lib: Allow PD enable/disable for typeC devices only" 2018-05-24 02:46:37 -07:00
Linux Build Service Account
7b7e229ed2 Merge "cfg80211: Add backport flag for user cellular base hint" 2018-05-24 02:46:35 -07:00
Linux Build Service Account
490a4fd34e Merge "cfg80211: Call reg_notifier for self managed hints conditionally" 2018-05-24 02:46:35 -07:00
Arun KS
de05cd34fe defconfig: msm-auto: Enable PASR driver for msm8996
Enable DDR self-refresh vote/unvote feature for msm8996 based
auto boards.

Change-Id: I27aa6da4de6497130b6262c3bac4d5bc8f0623e8
Signed-off-by: Arun KS <arunks@codeaurora.org>
2018-05-24 11:42:43 +05:30
Arun KS
58a8e73988 soc: qcom: pasr: Add MSM PASR driver
Partial Array Self-Refresh driver is used to interface
with rpm to vote/unvote on memory self-refresh from HLOS.

Driver listens to memory hotplug notifications and decides
to vote or unvote depending on memory online and offline.
This vote is considered by RPM to avoid self-refresh on
offlined DDR segments. And hence a reduce in power consumption.

Change-Id: Ida2b36d671c6379dc3c07258a95cf15ae07a4bc0
Signed-off-by: Arun KS <arunks@codeaurora.org>
2018-05-24 11:42:15 +05:30
Soumya Managoli
fd819b7aa3 asoc: msm8998: Add configuration for adaptive bitrate.
Add hostless front end DAI to trigger backend
configuration of BT backend dai required for
configuring BT ABR statistics. Add mixer ctrls
to independently configure TX and RX sample
rates to allow BT RX and TX backends.

Change-Id: Iac3cd5317db2653a87f106d43cfc7fe90e4f4875
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
2018-05-23 22:21:52 -07:00
Linux Build Service Account
c43f38b61e Merge "msm: ipa: Fix to slab out of bounds issue" 2018-05-23 18:44:49 -07:00
Linux Build Service Account
01008184ec Merge "spmi: pmic-arb: support updating interrupt type flags" 2018-05-23 18:44:45 -07:00
Vivek Kumar
cb84e2692b ARM: dts: msm: Configure irq flag for blsp_uart2 in 8996 gvm
Configure irq flag as level high for blsp_uart2 wake-up
interrupt in msm8996 gvm.

Change-Id: I028ea5ea36da2a97c6878b763fcde1ebbbed9847
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
2018-05-23 09:49:03 -07:00
Venkateswara Rao Tadikonda
fb94867ea4 msm: kgsl: Don't dump GPMU registers on non GPMU devices
In Snapshot path, GPMU register offsets are being dumped on all A5xx
devices. But some targets on A5xx does not have GPMU. So accessing GPMU
registers would cause device fault.
Allow the GPMU register access only on targets with GPMU.

Change-Id: I2885dbdaf1cc95f960dcfacad52d6ded1dc9ac1d
Signed-off-by: Venkateswara Rao Tadikonda <vtadik@codeaurora.org>
2018-05-23 15:54:00 +05:30
vkakani
ad1bef8b82 ARM: dts: msm: remove leakage on ldo26 for msm8996
ssc_sensor voting the ldo26 clock causing leak
disable ssc_sensor which is not required for auto.

Change-Id: I1bc5c3c0f091ad3f7fc0d2180e1825b5019648ec
Signed-off-by: vkakani <vkakani@codeaurora.org>
2018-05-23 15:14:41 +05:30
Vivek Kumar
445cee88de serial: msm_serial_hs: Configure IRQ flag
Configure irq flag for wake_up IRQ which is
passed from the DT.

Change-Id: Ib521a73a6164053c9bf846078482afb6671b76e0
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
2018-05-22 23:18:09 -07:00
Srinivasarao P
a0cf9875da Merge android-4.4.132 (46155cc) into msm-4.4
* refs/heads/tmp-46155cc
  Linux 4.4.132
  perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
  perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
  perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
  perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
  perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
  tracing/uprobe_event: Fix strncpy corner case
  Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
  atm: zatm: Fix potential Spectre v1
  net: atm: Fix potential Spectre v1
  can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
  tracing: Fix regex_match_front() to not over compare the test string
  libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
  rfkill: gpio: fix memory leak in probe error path
  xfrm_user: fix return value from xfrm_user_rcv_msg
  f2fs: fix a dead loop in f2fs_fiemap()
  bdi: Fix oops in wb_workfn()
  tcp: fix TCP_REPAIR_QUEUE bound checking
  perf: Remove superfluous allocation error check
  soreuseport: initialise timewait reuseport field
  dccp: initialize ireq->ir_mark
  net: fix uninit-value in __hw_addr_add_ex()
  net: initialize skb->peeked when cloning
  net: fix rtnh_ok()
  netlink: fix uninit-value in netlink_sendmsg
  crypto: af_alg - fix possible uninit-value in alg_bind()
  ipvs: fix rtnl_lock lockups caused by start_sync_thread
  usb: musb: host: fix potential NULL pointer dereference
  USB: serial: option: adding support for ublox R410M
  USB: serial: option: reimplement interface masking
  USB: Accept bulk endpoints with 1024-byte maxpacket
  USB: serial: visor: handle potential invalid device configuration
  test_firmware: fix setting old custom fw path back on exit, second try
  drm/vmwgfx: Fix a buffer object leak
  IB/mlx5: Use unlimited rate when static rate is not supported
  NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
  RDMA/mlx5: Protect from shift operand overflow
  RDMA/ucma: Allow resolving address w/o specifying source address
  xfs: prevent creating negative-sized file via INSERT_RANGE
  Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
  Input: leds - fix out of bound access
  tracepoint: Do not warn on ENOMEM
  ALSA: aloop: Add missing cable lock to ctl API callbacks
  ALSA: aloop: Mark paused device as inactive
  ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
  ALSA: pcm: Check PCM state at xfern compat ioctl
  USB: serial: option: Add support for Quectel EP06
  gpmi-nand: Handle ECC Errors in erased pages
  ath10k: rebuild crypto header in rx data frames
  ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
  mac80211: Add RX flag to indicate ICV stripped
  mac80211: allow same PN for AMSDU sub-frames
  mac80211: allow not sending MIC up from driver for HW crypto
  percpu: include linux/sched.h for cond_resched()
  KVM: s390: Enable all facility bits that are known good for passthrough
  bpf: map_get_next_key to return first key on NULL
  perf/core: Fix the perf_cpu_time_max_percent check
  goldfish: pipe: ANDROID: mark local functions static
  Revert "goldfish: pipe: ANDROID: Allocate memory with GFP_KERNEL."
  UPSTREAM: ANDROID: binder: prevent transactions into own process.
  goldfish: pipe: ANDROID: Add DMA support
  UPSTREAM: f2fs: clear PageError on writepage - part 2
  UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage()
  ANDROID: build.config: enforce trace_printk check
  ANDROID: x86_64_cuttlefish_defconfig: Disable KPTI
  UPSTREAM: mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()
  UPSTREAM: mac80211: Fix clang warning about constant operand in logical operation
  UPSTREAM: nl80211: Fix enum type of variable in nl80211_put_sta_rate()
  UPSTREAM: sysfs: remove signedness from sysfs_get_dirent
  UPSTREAM: tracing: Use cpumask_available() to check if cpumask variable may be used
  BACKPORT: clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK
  UPSTREAM: netpoll: Fix device name check in netpoll_setup()
  FROMLIST: staging: Fix sparse warnings in vsoc driver.
  FROMLIST: staging: vsoc: Fix a i386-randconfig warning.
  FROMLIST: staging: vsoc: Create wc kernel mapping for region shm.
  Revert "goldfish: pipe: ANDROID: remove a redundant target"
  goldfish: pipe: ANDROID: Replace writel with gf_write_ptr
  goldfish: pipe: ANDROID: Use dev_ logging instead of pr_
  goldfish: pipe: ANDROID: fix checkpatch warnings
  goldfish: pipe: ANDROID: Update module license

Conflicts:
	drivers/net/wireless/ath/ath10k/core.c
	drivers/net/wireless/ath/ath10k/core.h
	drivers/net/wireless/ath/ath10k/htt_rx.c

Change-Id: If2ede1dea6a07b3fd498724e83071fd547170e1c
[spathi@codeaurora.org: resolved compilation errors in ath10k
by rebuilding crypto header in rx data frames]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
2018-05-22 15:23:13 +05:30
Tejaswi Tanikella
1e52f94bdb defconfig: msmcortex: Enable INET_UDP_DIAG
Enable config to enable UDP stats collection by ss tool.
  "ss -uneiopan" should work now.

Change-Id: If74647d5027f509c7f4f5878aae8e051ed15c979
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
2018-05-22 14:09:32 +05:30
Vivek Kumar
a386587650 ARM: dts: msm: remove modem region reserved on APQ8096 ADP
This reverts commit bb5f7ce39e.
GPS uses modem memory in lahb115 for 8996 APQ.

Change-Id: I0784af084f764b64dc1acfa0236a7e4ef949193d
Signed-off-by: Vivek Kumar <vivekuma@codeaurora.org>
2018-05-22 01:20:55 -07:00
Tejaswi Tanikella
5a4b30514b defconfig: sdm660: Enable INET_UDP_DIAG
Enable config to enable UDP stats collection by ss tool.
  "ss -uneiopan" should work now.

Change-Id: I6535055c12646826e6f96e8cb17dc8bf5e02f37e
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
2018-05-22 13:11:47 +05:30
Zhiqiang Tu
996c86f94e ASoC: msm: add boot marker for mi2s and auto sound card
Add boot marker for booting KPI measurement.

Change-Id: I58fac2a1bed4f9c4e484b3dadb6a766c260f3f06
Signed-off-by: Zhiqiang Tu <ztu@codeaurora.org>
2018-05-22 13:33:41 +08:00
Linux Build Service Account
d0d5319fd6 Merge "soc: qcom: scm_qcpe: Fix unused variable warning" 2018-05-21 21:44:22 -07:00
Linux Build Service Account
f1164b6fff Merge "msm:ais: Remove recursive locks" 2018-05-21 21:44:20 -07:00
Linux Build Service Account
3d8551da60 Merge "arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW" 2018-05-21 08:45:43 -07:00
Umang Agrawal
b7c91feb97 power: smb-lib: Allow PD enable/disable for typeC devices only
Currently if pd is not allowed, we force pd_active to 0 inorder
to run the legacy workaround and rerun apsd. But, this workaround
is required only for typeC devices.

Add a check to prevent PD disable for micro usb device.

Change-Id: I842166f66065c281ab366da327080b09a5e282e1
Signed-off-by: Umang Agrawal <uagrawal@codeaurora.org>
2018-05-21 17:55:57 +05:30
annamraj
677db4bc17 msm: camera: Fix for Possible information leak issue
Fix for possible information leak issue because of unintialised variable
Which can be accesed from userspace in camera fd driver

Signed-off-by: annamraj <annamraj@codeaurora.org>
Change-Id: I4552c4829e9532d848e46fd123316b26105e310e
2018-05-21 15:05:52 +05:30
Mohammed Javid
1e03864e8a msm: ipa: Fix to slab out of bounds issue
Add changes to verify passed value with in the allocated
max array size range or not before accessing structure.

Change-Id: If70493e937f6f0bc29bbfe08bf43738bdb4e9cf4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
2018-05-21 12:57:20 +05:30