Riva n oss #1227
Open
Riva n oss #1227
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2070510 I70b6ef0796be010129f8d8a7380f685bb76daf7d qpnp-fg: fix integer overflow Change-Id: Ia83bc66071405e65f9ec4b9c66052373bc93b3fa CRs-Fixed: 2070510
Change-Id: I7eee852c4946e02138b0cbd40b7639625684fbfc
Change total UB buffer size allocated for image Write masters as per the HW specification. Change-Id: Ifbfda4057f3de81171fb48d14584e07423d67075 Signed-off-by: Abhishek Kondaveeti <akondave@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2045867 I92aa16bd0d57a0d59ecd26eef1ac92220332998d ion: fix logical-not comparison warning 2060938 I11d6ed65175bf66de2310547a14d44d2b1dbda3a ARM: dts: msm: Adding AF support for Rear Aux Camera 2059656 I601bb37ddcc34d459c207cf579f29744fe912d7b ASoC: msm: qdsp6v2: add size check to fix out of bounds 2052535 I22f5b67815fe7d448b5ed847e4e3d65af63bed84 input: synaptics_dsx: validate bounds of intr_reg_num 2030638 I1c874f713a3ebada63ba2c85f021aa78b04af44b fbdev: msm: Allocate fd with O_CLOEXEC flag 2053970 I731a015c952d131187a47a8d346fb6478fddeeb1 msm: sensor: Fix for variable being de-referenced withou 2060504 I4dd73872ab8c374793268cef2b9a2dfccf3454c9 compat_qcedev: Fix accessing userspace memory in kernel 2060371 I9cfaff05b1fff6969a2543c3816d41ed1fabf897 msm: sensor: actuator: add conditional check for ioctl Change-Id: Ibe3b21035a838d0457a0ed6e5437b0a14937fbd7 CRs-Fixed: 2060938, 2030638, 2060504, 2052535, 2060371, 2045867, 2053970, 2059656
Fix race condition seen between reading tmc buffer and enabling the device. The race condition can result in a use after free issue if the buffer is released while a read is in progress. Change-Id: I44e0f8b95ddfae5acac6fcc59e78a7741aaa97cc Signed-off-by: Satyajit Desai <sadesai@codeaurora.org>
Copying the flash initialization parameters from userspace memory to kernel memory and in turn checking for the validity of the flash initialization parameters pointer sent from userspace CRs-Fixed: 2059812 Change-Id: I957c10959108eb08b263d439a9a449b90338b6db Signed-off-by: kaiwang <kaiwang@codeaurora.org>
Currently, there is a possibility of out-of-bound access while processing data received from user space. The patch adds proper checks for valid address. CRs-Fixed: 2048536 Change-Id: I1e0fc7a9d69e69f3326429d5d9540dd3bb1a59b0 Signed-off-by: Hardik Arya <harya@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2034533 I8b5424400ce668756ac23cbcbd6e1cec79b6255c ASoC: msm: Fix kernel crash in "Speaker Function" mixer Change-Id: I9db2acffc399eb1069ee2addd7af48ef9d875898 CRs-Fixed: 2034533
The assignement of EP transfer resources was not handled properly in the dwc3 driver. Commit aebda61 ("usb: dwc3: Reset the transfer resource index on SET_INTERFACE") previously fixed one aspect of this where resources may be exhausted with multiple calls to SET_INTERFACE. However, it introduced an issue where composite devices with multiple interfaces can be assigned the same transfer resources for different endpoints. This patch solves both issues. The assignment of transfer resources cannot perfectly follow the data book due to the fact that the controller driver does not have all knowledge of the configuration in advance. It is given this information piecemeal by the composite gadget framework after every SET_CONFIGURATION and SET_INTERFACE. Trying to follow the databook programming model in this scenario can cause errors. For two reasons: 1) The databook says to do DEPSTARTCFG for every SET_CONFIGURATION and SET_INTERFACE (8.1.5). This is incorrect in the scenario of multiple interfaces. 2) The databook does not mention doing more DEPXFERCFG for new endpoint on alt setting (8.1.6). The following simplified method is used instead: All hardware endpoints can be assigned a transfer resource and this setting will stay persistent until either a core reset or hibernation. So whenever we do a DEPSTARTCFG(0) we can go ahead and do DEPXFERCFG for every hardware endpoint as well. We are guaranteed that there are as many transfer resources as endpoints. This patch triggers off of the calling dwc3_gadget_start_config() for EP0-out, which always happens first, and which should only happen in one of the above conditions. Fixes: aebda61 ("usb: dwc3: Reset the transfer resource index on SET_INTERFACE") Cc: <stable@vger.kernel.org> # v3.2+ Reported-by: Ravi Babu <ravibabu@ti.com> Signed-off-by: John Youn <johnyoun@synopsys.com> Signed-off-by: Felipe Balbi <balbi@kernel.org> Git-commit: c450960 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org> Change-Id: I36174da25c7a76d3bee3da4746ef9e4b171610f8
When system resume and suspend happening at the same time, the resume sequence will schedule the work (policy->update) before policy->update getting chance to run in the meantime suspend or hotplug of an cpu happens at the same time resume is happening, and if the cpu is the last in the cluster policy is freed. This triggers an issue when scheduler tries to schedule the work which is scheduled in resume path But the handles are freed already. Flush the Queued work if any before freeing policy. Change-Id: I41504e7d9c201916457681537ac480c92e7cbe5d Signed-off-by: Santosh Mardi <gsantosh@codeaurora.org>
Currently, there is possibility of out-of-bound accesses during handling of data in non-hdlc path. The patch adds proper protection when processing non-hdlc packet information to fix the issue. CRs-Fixed: 2029216 Change-Id: I07c466f85bd8ac08226948fea86b1d8567e68431 Signed-off-by: Hardik Arya <harya@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2056902 Id41bfe24dd0050aedf7b51e7c6b6a08fd370d922 regulator: mem-acc: Add range check based override fuse 2065274 I8150a571e11ccc128298fe75acef21ffe9b08a9a USB: phy-msm-qusb: Enable autoresume only when device is 2056902 Iabfb0f19ab4f10c32ef9ffd630aff53c0b270d4d ARM: dts: msm: Use override mem-acc settings for msm8940 Change-Id: I5d56ff47446052261c632c3175cd87bc78e060a3 CRs-Fixed: 2056902, 2065274
When verifying that the submit_cmd offset and size do not exceed the bounds of the GEM object make sure to cast the math operation into a suitably large buffer to account for overflow. Change-Id: Ic0dedbad97513ee538d539e771038b3cf0405e91 Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org> Signed-off-by: Sharat Masetty <smasetty@codeaurora.org>
If the end transfer does not happen on ISOC endpoints as a part of endpoint disable during set alt transitions; the consequent start transfers are failed. Fix this by explicitly doing stop active transfers on ISOC endpoints during endpoint disable. Change-Id: I66f8c7d10cfee4ba1c816ad0c1d2486f86936d34 Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2048536 I1e0fc7a9d69e69f3326429d5d9540dd3bb1a59b0 diag: Add proper checks to fix possible out-of-bound iss 2035100 Ic86c9e73cd676cbf8680f5b7266ee3829f4ccbd2 msm: mdss: fix null pointer dereferencing Change-Id: I67ceb35d1727559fcfdc80ff892aadd76dd6b3f1 CRs-Fixed: 2035100, 2048536
During error scenario, if interrupt status of CQ controller is cleared before halting the controller, the CQ controller can send commands to card in the time delay between clearing of interrupt and halting. The response of card to these commands can overwrite the error information stored in Response Arg register. So, if an error is detected, the CQ must be halted first and then the interrupt must be cleared. Change-Id: Ief7039226b01b50fc71cf17a4eb625afd8c9bd06 Signed-off-by: Vijay Viswanath <vviswana@codeaurora.org>
Initialize member value of struct audio_aio_write_param after declaration. CRs-Fixed: 2091953 Change-Id: Iaf3ff1232e85ae8d26e9d97ce4c2aa3408da7a80 Signed-off-by: Yidong Huang <yidongh@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2042362 2055291 If136012855834b0b8cba91eb66bf711750e8f372 diag: Synchronize msg mask read and write on a periphera 2087899 I334791ac35f8bcbd34362ed112aa624275a46947 tracing : fix race condition reading saved tgids Change-Id: Ib981e96da81a65d02ba12b52ce6f93313307924f CRs-Fixed: 2042362, 2055291, 2087899
No upper-bound validation is performed when reading number of extended CEA blocks from the untrusted source (EDID). Add a check to limit the number of CEA extension blocks. Change-Id: I69f09ed0ad28a4c267cf3e8f7a12efe46f75e244 Signed-off-by: Narender Ankam <nankam@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2091953 Iaf3ff1232e85ae8d26e9d97ce4c2aa3408da7a80 ASoC: msm: qdspv2: initialize struct member before being Change-Id: I67f924d110daf89259581ecc511a05070f2f56ba CRs-Fixed: 2091953
Set the dll to last known good phase before sending status command while executing tuning. This is to ensure that status command won't fail due to bad phase. Thus we can avoid sending status command multiple times and reduce tuning latency. Change-Id: Ib7fa5a8acbbffd9662617a357d221b36494a98b9 Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Memory allocations with GFP_KERNEL flag in clock scaling path might trigger IO transfer. This can cause deadlock since the claim_host lock which is needed by mmc driver to perform IO is held by clock scaling context. Below is the exact call sequence: mmc_devfreq_set_target() -> mmc_clk_update_freq () -> mmc_change_bus_speed() -> mmc_select_hs400() -> mmc_select_bus_width() -> mmc_get_ext_csd() -> kzalloc(512, GFP_KERNEL) -> try_to_free_pages() -> evict() -> ext4_evict_inode(). To avoid this scenario, use PF_MEMALLOC flag for clock scaling context so that it can have access to the more reserves of memory. And since devfreq workitem would run in different kworker threads, restore to original flags once done with setting clock frequency. Change-Id: If52f83f6ecae982d8ed709b08fd84545c7ecbc43 Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
The patch initializes dci peripheral buffers to NULL to prevent access before allocation by validating buffer status. CRs-Fixed: 2048635 Change-Id: I9be46e751da81cbbbae4fe0333c23101fdbf79ed Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
If a large request has to be queued onto an EP, then multi_req flag for that EP is set before queueing the request to the hardware. Now if the UDC is suspended during cable disconnect before the request could be queued to the HW, then multi_req flag is not cleared even by ep_disable. Then on cable connect, re-enumeration fails with Large Request error for that particular endpoint. Fix this by clearing multi_req flag if the UDC suspend happens before HW enqueue happens. Change-Id: I77316192876b46ab82b775e01e2155309c2e91f8 Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
commit 4617f56 upstream. When calling a dm ioctl that doesn't process any data (IOCTL_FLAGS_NO_PARAMS), the contents of the data field in struct dm_ioctl are left initialized. Current code is incorrectly extending the size of data copied back to user, causing the contents of kernel stack to be leaked to user. Fix by only copying contents before data and allow the functions processing the ioctl to override. CRs-Fixed: 2094612 Change-Id: Id643af806105d898c53afae4e7760709c7f0896c Signed-off-by: Adrian Salido <salidoa@google.com> Reviewed-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-commit: 4617f56 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Shadab Naseem <snaseem@codeaurora.org>
Change-Id: I8b7bdca042d3b71dece6eb567b0734ade396118e
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2067859 I9172776d9ffa0af5deb9898125fc6403fdcdee0f soc: qcom: glink: Initialize dummy xprt with dummy funct 2048635 I9be46e751da81cbbbae4fe0333c23101fdbf79ed diag: dci: Add NULL pointer checks for dci buffers 2077623 I69f09ed0ad28a4c267cf3e8f7a12efe46f75e244 msm: mdss: hdmi: validate HDMI EDID's max number of CEA Change-Id: Ifdadc018e8a5895af1fc178f147b7beb3aeb0d4b CRs-Fixed: 2077623, 2048635, 2067859
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2094612 Id643af806105d898c53afae4e7760709c7f0896c dm ioctl: prevent stack leak in dm ioctl call Change-Id: I1fa7179edd2f1a017d7611173b01c287425f12ac CRs-Fixed: 2094612
Check validity of command before processing. Change-Id: Icc5c57eac999b7c40fbb9505b2b88745167adc66 Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2082679 I77316192876b46ab82b775e01e2155309c2e91f8 usb: gadget: Clear multi_req flag if UDC suspended 2077430 Ib7fa5a8acbbffd9662617a357d221b36494a98b9 mmc: sdhci-msm: Set dll to good phase while sending cmd1 2063174 If52f83f6ecae982d8ed709b08fd84545c7ecbc43 mmc: core: Use PF_MEMALLOC flag for clock scaling contex Change-Id: Iddca380e71fc03a6daeb7fed9f23ad09c79ac5f1 CRs-Fixed: 2063174, 2077430, 2082679
Initialize the has_locked member before running SSR spinlock test to ensure consistent results. CRs-Fixed: 2091946 Change-Id: Ifad37541a94668b496aa9204dc80920b9a7ff244 Signed-off-by: Chris Lew <clew@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2083314 Icc5c57eac999b7c40fbb9505b2b88745167adc66 msm: camera: Return -NOTTY on invalid ioctl command. Change-Id: I09f6d2f3b95f653bfcc1d96c4c07badd555f63a7 CRs-Fixed: 2083314
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 2091946 Ifad37541a94668b496aa9204dc80920b9a7ff244 soc: qcom: smp2p: spinlock_test: Initialize work item Change-Id: I7527082d2accbf5d0157db4734da52e3a38cdc2e CRs-Fixed: 2091946
Add NULL pointer check for vfe_base of VFE0. CRs-Fixed: 1032715 Change-Id: I540d9ff831fc9447ecf145f75ea84da3668c4f6f Signed-off-by: Haibin Liu <haibinl@codeaurora.org> Signed-off-by: VijayaKumar T M <vtmuni@codeaurora.org>
CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 1032715 I540d9ff831fc9447ecf145f75ea84da3668c4f6f msm: camera: isp: Check null pointer for VFE0 base Change-Id: Ib02ca554366142720e5db594548445df92f7fffd CRs-Fixed: 1032715
Change-Id: I2edc30707a76a15342209949769352513b0397b3
The Patch based on QualComm release version: LA.UM.5.6.r1-05900-89xx.0 The kernel config file used are: rosy-perf_defconfig(Redmi 5), S88505AA1-perf_defconfig(Redmi 5A), S88503AC1-perf_defconfig(Redmi 4A) Change-Id: I384337b584abfd77ba82ddc59d2cc57ab5adb9ca Signed-off-by: hehao <hehao@xiaomi.com>
Change-Id: I7410e2f49d516521ad34f4957f29269194c5fcc7 Signed-off-by: hehao <hehao@xiaomi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Oreo for Redmi 4A