Change-Id: Ie90853eae002f89dfb179d99e6e151de3831c30e

Wake up and abort all busy listener processing threads before listener
unregistration, then to avoid deadlock between listener unregistration
and listener processing threads, as mutex may be hold by another busy
listener thread when qseecom gets a listener unregistration request or
qseecom daemon is dead.

Change-Id: I6b6ddb34eb6bcff763e3d13f026c4b2f4bcb32a9
Signed-off-by: Zhen Kong <zkong@codeaurora.org>

Consider the below scenario:
Three contexts:
1. Exception event handler [eeh]
2. Clock scaling
3. Error handler [eh]

	- Exception was raised
	- eeh runs
		- acquires dev.cmd.lock [1]
		- waits for rw_sem [3]
	- scaling is triggered from userspace
		- acquires rw_sem [2]
		- issues hibern8
		- error in hibern8
		- triggers error-handler (eh)
		- flushes eh [4]
	- eh is scheduled
		- waits on dev.cmd.lock [5]
So, [3] waits for [2] which flushes eh and waits on [5]
which has been acquired by [1]

So, release the rw_sem before issuing hibern8 and flush pending
error handler work if any, during clock scaling triggered from
user-space.

Change-Id: I968dd3d87bdfbf0aa1373a879a75f3c17349564e
Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>

When there is a FW assert, icnss receives the PD down
notification only after the PD dump is pushed to the filesystem.
And if there is a delay in pushing the dump, the notification is
delayed as well, that could result in various timeout in WLAN host
without knowing that FW is already asserted. So add support to send
FW assert early indication to host thru smp2p channel.

CRs-Fixed: 2185226
Change-Id: I470f17a31ae05685e7e3a4701b32ff792e14677e
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
Signed-off-by: Hardik Kantilal Patel <hkpatel@codeaurora.org>

* commit '6fe599d9':
  msm: camera: icp: Dump hfi queues in case of FW timeout
  msm: camera: sensor: Correct spelling error
  msm: camera: icp: allow reconfig io during streaming
  msm: camera: sync: Protect row state read
  ARM: dts: msm: Add register base address for sdm670/sdm845
  msm: camera: reqmgr: Create workq based on driver requirement
  msm: camera: flash: Optimizing flash off operation
  msm: camera: isp: Fix TPG acquire error
  msm: camera: ife: Changes CSID acquire resource logic
  msm: camera: util: validate patch offset value
  msm: camera: isp: Initialize used_bytes to avoid corruption
  msm: camera: sensor: Unlock the mutex in case of error
  msm: camera: sensor: Assign power settings pointer to null
  ARM: dts: msm: Modify qdss region for sdm670/sdm845
  msm: camera: sync: use lock to protect row state read

Change-Id: Ic8ecc6dc071d06307aca948eaa99b30ad035a32e
Signed-off-by: Sridhar Gujje <sgujje@codeaurora.org>

Call trace:
 [<ffffff9203a8d7a8>] dump_backtrace+0x0/0x428
 [<ffffff9203a8dbf8>] show_stack+0x28/0x38
 [<ffffff920409bfb8>] dump_stack+0xd4/0x124
 [<ffffff9203d187e8>] print_address_description+0x68/0x258
 [<ffffff9203d18c00>] kasan_report.part.2+0x228/0x2f0
 [<ffffff9203d1927c>] kasan_report+0x5c/0x70
 [<ffffff9203d1776c>] check_memory_region+0x12c/0x1c0
 [<ffffff9203d17cdc>] memcpy+0x34/0x68
 [<ffffff9203d75348>] xattr_getsecurity+0xe0/0x160
 [<ffffff9203d75490>] vfs_getxattr+0xc8/0x120
 [<ffffff9203d75d68>] getxattr+0x100/0x2c8
 [<ffffff9203d76fb4>] SyS_fgetxattr+0x64/0xa0
 [<ffffff9203a83f70>] el0_svc_naked+0x24/0x28

If user get root access and calls security.selinux setxattr() with an
embedded NUL on a file and then if some process performs a getxattr()
on that file with a length greater than the actual length of the string,
it would result in a panic.

To fix this, add the actual length of the string to the security context
instead of the length passed by the userspace process.

Change-Id: Ie0b8bfc7c96bc12282b955fb3adf41b3c2d011cd
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>

Change-Id: I4909f614e6829329e13f8a1ff2dd84f1dc9108a0

Add changes to verify passed value with in the allocated
max array size range or not before accessing structure.

Change-Id: If70493e937f6f0bc29bbfe08bf43738bdb4e9cf4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

Correctly free pointers allocated by kzalloc. Remove devm_kfree
in error handling as device associated memory is automatically
freed upon destruction of device. Always use put_device instead
of kfree on initialized device.

Change-Id: Icbd88e9ccd42fedb4fbce5eff69248c3fceffc02
Signed-off-by: David Dai <daidavid1@codeaurora.org>

Currently, reallocated mask update buffers are not
updated if the received mask range is more than the
mask update buffer length. Update the reallocated buffer
address before writing the mask to peripherals.

CRs-Fixed: 2266693
Change-Id: I6b506ce68e17b7da61926b0f9543157812a8c555
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>

commit c52232a4 upstream.

On CPU hotunplug the enqueued timers of the unplugged CPU are migrated to a
live CPU. This happens from the control thread which initiated the unplug.

If the CPU on which the control thread runs came out from a longer idle
period then the base clock of that CPU might be stale because the control
thread runs prior to any event which forwards the clock.

In such a case the timers from the unplugged CPU are queued on the live CPU
based on the stale clock which can cause large delays due to increased
granularity of the outer timer wheels which are far away from base:;clock.

But there is a worse problem than that. The following sequence of events
illustrates it:

 - CPU0 timer1 is queued expires = 59969 and base->clk = 59131.

   The timer is queued at wheel level 2, with resulting expiry time = 60032
   (due to level granularity).

 - CPU1 enters idle @60007, with next timer expiry @60020.

 - CPU0 is hotplugged at @60009

 - CPU1 exits idle and runs the control thread which migrates the
   timers from CPU0

   timer1 is now queued in level 0 for immediate handling in the next
   softirq because the requested expiry time 59969 is before CPU1 base->clk
   60007

 - CPU1 runs code which forwards the base clock which succeeds because the
   next expiring timer. which was collected at idle entry time is still set
   to 60020.

   So it forwards beyond 60007 and therefore misses to expire the migrated
   timer1. That timer gets expired when the wheel wraps around again, which
   takes between 63 and 630ms depending on the HZ setting.

Address both problems by invoking forward_timer_base() for the control CPUs
timer base. All other places, which might run into a similar problem
(mod_timer()/add_timer_on()) already invoke forward_timer_base() to avoid
that.

[ tglx: Massaged comment and changelog ]

Change-Id: Ied68e3e2f7d429b6da90d645bfbe3293e01601e5
Fixes: a683f390 ("timers: Forward the wheel clock whenever possible")
Co-developed-by: Neeraj Upadhyay <neeraju@codeaurora.org>
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Anna-Maria Gleixner <anna-maria@linutronix.de>
Cc: linux-arm-msm@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180118115022.6368-1-clingutla@codeaurora.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: c52232a4
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


[gkohli@codeaurora: Resolve trivial merge conflicts]
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>

Make audio sound card DT node child of APR DT node for
SDM845 target.

Change-Id: Ib1264003635dfef4e93985809edf6da5d910db5a
Signed-off-by: Meng Wang <mengw@codeaurora.org>

While setting enable bit of spi interrupt, there is
chance of enabling spurious interrupt which is by default
disabled for soc. So instead of setting restore the
previous state of enable bit.

Change-Id: Ie6e363f04864fc6e36be83ebd20b19b5e6b45f54
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>

Clear all saved restore configuration, and changed spi
configuration, from prior save/restore.

Change-Id: Ic750b39d95d074d911406cf44b295c251532e40e
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>

Disable mode-2 selection from RSC hardware after
sw has triggered it manually. This avoids double
shutdown issue if panel does not generate a vsync
after solver enabled. The change also updates F0
Qtimer trigger for mode_2 entry triggered during
mode_0 or mode_1.

Change-Id: Ic7a993acbdb7cdeb4ff9654846b430cdf0938d7a
Signed-off-by: Dhaval Patel <pdhaval@codeaurora.org>

In HDK845 design, GPIO49 was used as the selection of DP AUX Switch.
With incorrect gpio config, some type-C to DP adapters only work on
one side.

Change-Id: I6258a6b79524b966d535ab68fb088a881ebd4456
Signed-off-by: Xipeng Gu <guxipeng@codeaurora.org>

Currently, mask pointers are not updated in
case peripherals are supporting more mask
tables. The patch updates the mask pointers
properly.

Change-Id: I1360c722076fca0215e0ccd28247c4741a1ebd88
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>

fault_around aims to reduce minor faults of file-backed pages via
speculative ahead pte mapping and relying on readahead logic.  However,
on non-HW access bit architecture the benefit is highly limited because
they should emulate the young bit with minor faults for reclaim's page
aging algorithm.  IOW, we cannot reduce minor faults on those
architectures.

I did quick a test on my ARM machine.

512M file mmap sequential every word read on eSATA drive 4 times.
stddev is stable.

  = fault_around 4096 =
  elapsed time(usec): 6747645

  = fault_around 65536 =
  elapsed time(usec): 6709263

  0.5% gain.

Even when I tested it with eMMC there is no gain because I guess with
slow storage the major fault is the dominant factor.

Also, fault_around has the side effect of shrinking slab more
aggressively and causes higher vmpressure, so if such speculation fails,
it can evict slab more which can result in page I/O (e.g., inode cache).
In the end, it would make void any benefit of fault_around.

So let's make the default "disabled" on those architectures.

Change-Id: I5e6b74943c95f6779b3a6e463b4d0a8b27eaac01
Link: http://lkml.kernel.org/r/20160518014229.GB21538@bbox


Signed-off-by: Minchan Kim <minchan@kernel.org>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-commit: d0834a6c
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git


Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

Based on Kirill's patch [1].

Currently, faultaround code produces young pte.  This can screw up
vmscan behaviour[2], as it makes vmscan think that these pages are hot
and not push them out on first round.

During sparse file access faultaround gets more pages mapped and all of
them are young. Under memory pressure, this makes vmscan swap out anon
pages instead, or to drop other page cache pages which otherwise stay
resident.

Modify faultaround to produce old ptes if sysctl 'want_old_faultaround_pte'
is set, so they can easily be reclaimed under memory pressure.

This can to some extend defeat the purpose of faultaround on machines
without hardware accessed bit as it will not help us with reducing the
number of minor page faults.

Making the faultaround ptes old results in a unixbench regression for some
architectures [3][4]. But on some architectures like arm64 it is not found
to cause any regression.

unixbench shell8 scores on arm64 v8.2 hardware with CONFIG_ARM64_HW_AFDBM
enabled  (5 runs min, max, avg):
Base: (741,748,744)
With this patch: (739,748,743)

So by default produce old ptes and provide a sysctl option to make the
ptes young.

[1] http://lkml.kernel.org/r/1463488366-47723-1-git-send-email-kirill.shutemov@linux.intel.com
[2] https://lkml.kernel.org/r/1460992636-711-1-git-send-email-vinmenon@codeaurora.org
[3] https://marc.info/?l=linux-kernel&m=146582237922378&w=2
[4] https://marc.info/?l=linux-mm&m=146589376909424&w=2



Change-Id: I9f6300121fa5cdcd157b25e2c6e6536ce150af63
[vinmenon@codeaurora.org: add fault_address to fault_end for 4.9]
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Patch-mainline: linux-mm @ Fri, 19 Jan 2018 17:24:54
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

This reverts commit 23f8a2f5.

fault_around_bytes were reduced as it was found to cause reclaim
issues. The reclaim issues were mainly because of faultaround
producing young ptes. The following patches will make faultaround
produce old ptes. Thus revert the fault_around_bytes to its
original value.

Change-Id: If9a385eead5a5d7a0d40fed41ddf4753e15d2998
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

This patch enables the speculative page fault on the arm64
architecture.

I completed spf porting in 4.9. From the test result,
we can see app launching time improved by about 10% in average.
For the apps which have more than 50 threads, 15% or even more
improvement can be got.

Change-Id: Ib7c8b2e354800b5023e6c6400448a6d40aaf89c8
Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com>
Patch-mainline: linux-mm @ Wed, 2 May 2018 15:54:32
[vinmenon@codeaurora.org: remove the speculative fault perf counter
plus 4.9 porting conflict fixes - rearrange the __do_page_fault code
to make it work fine with speculative page fault]
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

Set ARCH_SUPPORTS_SPECULATIVE_PAGE_FAULT for arm64. This
enables Speculative Page Fault handler.

Change-Id: Ic55bd1993b3af78ddac25867c5f422861079bb27
Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com>
Patch-mainline: linux-mm @ Wed, 2 May 2018 15:54:31
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>