Change a variable type in QMI encode logic to avoid
buffer overflow scenario.
Change-Id: I11b10cce0e9ab5b02738b2ba13e637df979e9310
Signed-off-by: Gopala Krishna Nuthaki <gnuthaki@codeaurora.org>
Charan Teja reported a 'use-after-free' in dmabuffs_dname [1], which
happens if the dma_buf_release() is called while the userspace is
accessing the dma_buf pseudo fs's dmabuffs_dname() in another process,
and dma_buf_release() releases the dmabuf object when the last reference
to the struct file goes away.
I discussed with Arnd Bergmann, and he suggested that rather than tying
the dma_buf_release() to the file_operations' release(), we can tie it to
the dentry_operations' d_release(), which will be called when the last ref
to the dentry is removed.
The path exercised by __fput() calls f_op->release() first, and then calls
dput, which eventually calls d_op->d_release().
In the 'normal' case, when no userspace access is happening via dma_buf
pseudo fs, there should be exactly one fd, file, dentry and inode, so
closing the fd will kill of everything right away.
In the presented case, the dentry's d_release() will be called only when
the dentry's last ref is released.
Therefore, lets move dma_buf_release() from fops->release() to
d_ops->d_release()
Many thanks to Arnd for his FS insights :)
[1]: https://lore.kernel.org/patchwork/patch/1238278/
Fixes: bb2bb90 ("dma-buf: add DMA_BUF_SET_NAME ioctls")
Reported-by: syzbot+3643a18836bce555bff6@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org> [5.3+]
Cc: Arnd Bergmann <arnd@arndb.de>
Reported-by: Charan Teja Reddy <charante@codeaurora.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Tested-by: Charan Teja Reddy <charante@codeaurora.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20200611114418.19852-1-sumit.semwal@linaro.org
Bug: 162699017
Signed-off-by: Allen Chiu <allen.chiu@mediatek.com>
Change-Id: Ief19296f201132c3e32b11958a857798c34f81fb
Git-commit: 2581e5be6555232e784487fc00961ce83c5236a1
Git-repo: https://android.googlesource.com/kernel/msm
Signed-off-by: PavanKumar S.R. <pavasr@codeaurora.org>
In addition to the master CP, toggle the UVLO config for slave CP
on USB removal to avoid poweroff-leakage.
Change-Id: I1f5d5185d003cfe104b4a67efc1fe88f105f0151
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
When system shuts down while there are work running on NPU,
NPUSS will be shut down without notifying kernel driver which
causes IPC commands timedout and triggers SSR handling.
This change is to detect this case and handle it properly
to avoid SSR.
Change-Id: I4ba6d702c2d39aa8e1894eba2ec049787df14aa8
Signed-off-by: Jilai Wang <jilaiw@codeaurora.org>
The underlying arm-smmu hardware only supports mapping addresses
aligned to PAGE_SIZE. Thus the actual mapped region may be larger than
the range returned by iommu_map_sg():
[sg_dma_address(), sg_dma_address() + sg->length)
When unmapping, ensure the same alignment requirements are applied
in order to avoid leaking iova addresses.
Change-Id: I1f5d5185d003cfe104b4a67efc1fe88f105f015f
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
Print error logs in the callback by using pr_err_ratelimited
so that watchdog bark will not occur due to excessive logging
when the callback is triggered before probe is completed.
Change-Id: I82bb84b7812cef5cb8a37e99c5cf1a54411cbdb8
Signed-off-by: Sarannya S <sarannya@codeaurora.org>
For MSM8937_32, add the configs related to charging,
vibrator and rtc.
Change-Id: I584a8520a9cd9344f72549a0bf62dc57ac9d8507
Signed-off-by: Shilpa Suresh <sbsure@codeaurora.org>
For MSM8937_64 targets, add PMIC configs related to
charging, vibrator and rtc.
Change-Id: I2891118f051ff9697aafcfa394940e1765fba2e4
Signed-off-by: Shilpa Suresh <sbsure@codeaurora.org>
For MSM8937_32go, add the configs related
to charging, vibration and rtc.
Change-Id: I0f7ca9fab3eddff785c9c755daf15796973d0226
Signed-off-by: Shilpa Suresh <sbsure@codeaurora.org>
Userspace initiates a shutdown if battery_status != charging
and SOC = 0, this is to prevent a deep-discharge of the battery
when the discharge current is higher than the charge current
at SOC = 0. Report this status from the kernel driver when
additionally the current voltage is below the cutoff threshold.
Change-Id: I89bb283ce9c0e01cd8c04cba2d7d33d5baca3fe7
Signed-off-by: Shilpa Suresh <sbsure@codeaurora.org>
Add Charger/FG/BMS drivers qpnp-linear-charger.c, qpn-vm-bms.c,
smb1360-charger-fg.c and related files for QM215 target.
Add snapshots of the new files as of msm-4.9 commit 0848b3af1d2f
("ARM: dts: qcom: disabled wled bl type for sim_vid panel").
Change-Id: Ibc5d2a8daace8351020c53a9129fff9999f552da
Signed-off-by: Shilpa Suresh <sbsure@codeaurora.org>
Enable configs for ADC_TM and SPMI VADC, ADC5 drivers for
SPF targets for 32, 32Go and 64 bit variants.
Change-Id: Ic75dbe6fcafb1e4d2a49bbe87439fde4351b1218
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Signed-off-by: Manjunatha Madana <mamanj@codeaurora.org>
Make changes to use IIO framework APIs for reading
ADC channel information instead of VADC APIs.
Change-Id: I70ab09905d0f4a23fb5d0617ba6d031ecc7fb8bc
Signed-off-by: Manjunatha Madana <mamanj@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
This is snapshot of qpnp-adc-tm driver as of
msm-4.9 'commit 7e65e03259909 (Merge "msm: kgsl:
Deregister gpu address on memdesc_sg_virt failure")'.
Removed support for adc_tm_hc and hkadc_ldo as they
are not used for SPF targets. Removed IADC, VADC APIS,
structs and enums not needed for ADC_TM. VADC functions
required for sake of compilation have been retained,
which will be subsequently replaced with IIO functions
to suit msm-4.19.
Change-Id: If8e4fb03471ec045293659b2404f8be95684f8be
Signed-off-by: Manjunatha Madana <mamanj@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
Currently during nop desc send, we are setting
nop pending flag to false before queing desc,
due to which we are not able to queue nop desc
again if it fails for first time. Now setting
nop pending flag to false only if we successfully
queued nop desc.
Change-Id: Ice0b3726f2ff0e81c0e5b041346e0ba06619ef62
Signed-off-by: Piyush Dhyani <pdhyani@codeaurora.org>
Added support to drop packets if more than 10
packets have accumulated in the rx list since usb
is not sending write done for previous packets sent
to usb to avoid memory exhaustion.
Change-Id: I44fe814abc5b199e1d1b86dcc6d0e2f043d15c49
Signed-off-by: Vivek Golani <vgolani@codeaurora.org>
Fix use-after-free of rt_tbl in __ipa_del_flt_rule
by checking if the rt_tbl is already freed.
Change-Id: I09541f65f474dc42f262c603d99f6bbcbb0ce8ec
Signed-off-by: Muralidharan M <murm@codeaurora.org>
Avoid printing error when ENODEV is returned from glink callback
and use dev_err_ratelimited so that throttling will not happen
due to excessive logging.
Change-Id: I9369046c2f907ecd38416c8927764c7a8b7c1ca4
Signed-off-by: Sarannya S <sarannya@codeaurora.org>
Enable more basic controls for Camera Terminal and Processing Unit
Change-Id: Ia3627731e05afa57c770439b958c9af51e42c630
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
Currently driver calculating stale delay based on baud rate during
stop_rx sequencer. When BT started with lower baud rate like 2400
this logic will add around 130msecs of extra delay during BT INIT.
This change will remove logic for stale delay calculation
based on baud rate and add constant delay of 10msec to
wait for stale interrupt during stop_rx_sequencer.
Change-Id: I566d79145ba887de71482642655b63c5bd640fc8
Signed-off-by: Yatish Kumar Singh <yatishku@codeaurora.org>
Add some traces to make it easier to debug and track timeline behavior.
Change-Id: Ic0dedbadbfe623c675616a0d2fdd800b49f14705
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rohan Sethi <rohsethi@codeaurora.org>
Some graphics APIs want the ability to create and use timelines
with 64 bit sequence numbers to synchronize between threads.
Add support for timelines that can be created, signaled and managed from
user space. Timelines can also be signaled from a draw context command
stream via an auxiliary command and a wait can be added as a sync object
to any GPU command.
Change-Id: Ic0dedbad0ffc99cc309951369eaf85b56727802c
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rohan Sethi <rohsethi@codeaurora.org>
Currently driver calculating stale delay based on baud rate during
stop_rx sequencer. When BT started with lower baud rate like 2400
this logic will add around 130msecs of extra delay during BT INIT.
This change will remove logic for stale delay calculation
based on baud rate and add constant delay of 10msec to
wait for stale interrupt during stop_rx_sequencer.
Change-Id: I566d79145ba887de71482642655b63c5bd640fc8
Signed-off-by: Yatish Kumar Singh <yatishku@codeaurora.org>
Currently, the f_mtp driver marks the mtp_tx_req_len to 1M.
As a result, file transfer from device to host PC fails for
devices using ChipIdea controller since it does not allow request
length greater than 16k for IN Endpoint. Hence, to allow such
file transfers, limit Tx req length to 16k.
Change-Id: Ib9ca95880ca0b1a2f0c66817e54e9a7b2af53fe6
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
[ppratap@codeaurora.org : replace DBG with mtp_log]
Signed-off-by: Pratham Pratap <ppratap@codeaurora.org>
Use synchronous wakeup interface to wakeup the userspace daemon.
Scheduler can make use of this hint to find a better CPU for the
waker task.
Change-Id: I7d077235f9b8fe771869dd7e6fccee7d356d858b
Suggested-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Pradeep P V K <pragalla@codeaurora.org>
The synchronous wakeup interface is available only for the interruptible
wakeup. Add it for normal wakeup.
Change-Id: Ia4460aa55690d14d203cdc843bd600c9e26c53f1
Suggested-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Pradeep P V K <pragalla@codeaurora.org>
Make changes to free up all pending EOB pages when SKB allocation
used to handle EOT is failed as we could end up in a frag
overflow.
Change-Id: I80ae84d00d1bbf2cf89e97261d2fe8c3742eda04
Signed-off-by: Jagadeesh Ponduru <jponduru@codeaurora.org>
Extend the KGSL uapi for the sempahore timeline APIs,
aux commands and syncobjs.
Change-Id: Ic0dedbadf7338b49da52ab9d0e54d5321217c3fd
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rohan Sethi <rohsethi@codeaurora.org>
This patch contains changes for adding support for new HSP SoC versions.
CRs-Fixed: 2941918
Change-Id: I170bf26458dbeb84182ead97594c3dc605b1a64f
Signed-off-by: Prateek Raj Singh <pratsing@codeaurora.org>
