Below is the synchronization issue between unmount and kjournald2
contexts, which results into use after free issue in kjournald2().
Fix this issue by using journal->j_state_lock to synchronize the
wait_event() done in journal_kill_thread() and the wake_up() done
in kjournald2().
TASK 1:
umount cmd:
|--jbd2_journal_destroy() {
|--journal_kill_thread() {
write_lock(&journal->j_state_lock);
journal->j_flags |= JBD2_UNMOUNT;
...
write_unlock(&journal->j_state_lock);
wake_up(&journal->j_wait_commit); TASK 2 wakes up here:
kjournald2() {
...
checks JBD2_UNMOUNT flag and calls goto end-loop;
...
end_loop:
write_unlock(&journal->j_state_lock);
journal->j_task = NULL; --> If this thread gets
pre-empted here, then TASK 1 wait_event will
exit even before this thread is completely
done.
wait_event(journal->j_wait_done_commit, journal->j_task == NULL);
...
write_lock(&journal->j_state_lock);
write_unlock(&journal->j_state_lock);
}
|--kfree(journal);
}
}
wake_up(&journal->j_wait_done_commit); --> this step
now results into use after free issue.
}
Change-Id: I7487aff6f946544cfcfc38a9f28769be762e3969
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Use correct method to connect to static processes as the existing
method was used for dynamic process creation.
Change-Id: Id7f631560edd9b8e4e970baecdda50f7804991bd
Acked-by: Ashwini Patil <aapatil@qti.qualcomm.com>
Signed-off-by: Sathish Ambley <sathishambley@codeaurora.org>
Do not close MHI channels when usb is disconnected and a process
is running in memory device mode.
Change-Id: I043fc25542e432a9fa294d4f433945718b2e5878
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
During ramdump collection we assign memory to HLOS from subsystem for
non-secure pil. Whether ramdump collection is successful or not, we
should assign memory back to subsystem. This is to avoid access
violations in powerup path which happens after ramdump.
CRs-Fixed: 2002073
Change-Id: I7f1d42aebb44464fe077ca544ce91c2d7a8eefbb
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
Add error message for GFP_ATOMIC allocation failure. Keep current
design to drop packet if allocation fails. This print will help debug
issues where a system critical client fails because of a dropped GLINK
packet.
CRs-Fixed: 1112151
Change-Id: I6a69cbf1f88295009284d726a06fa5affd4cc591
Signed-off-by: Chris Lew <clew@codeaurora.org>
Debug policy of secure devices take care of nullifying
the ram dumps in secure boot mode. So no need to check
about secure boot mode in reboot driver to enable
download feature.
Change-Id: Idb5c93aca630f0093fccc2997bf50e7958dfbf54
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
firmware-5.bin file for WCN3990 contains just WMI and HTT versions and
firmware is loaded by PIL.
This change, populate the hw params for WCN3990 and parse
firmware-5.bin file for WMI and HTT versions.
CRs-Fixed: 2002151
Change-Id: Ic65d3696e9546fd428e608f4738e9fe53d61338f
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
