In case of SOF freeze perform the task of notifying the devices
in a workq instead of timer callback context to avoid watchdog
bite from mutex lock.

Change-Id: Ie787900e4a7f28209d9aa1d7e580186982f918db
Signed-off-by: Vishalsingh Hajeri <vhajeri@codeaurora.org>

Bug: 31494725
Change-Id: I10a0c2aae883dfaa6c235c38689a704064557008
Git-repo: https://android.googlesource.com/kernel/msm.git


Git-commit: b57e736e
[d-cagle@codeaurora.org: Automatic resolve of merge conflicts]
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

In ufshcd_query_ioctl(), if attribute value passed in
user buffer is null, boot feature will be disabled and
device enters in EDL mode.
To fix this, add check in ioctl path to avoid writing 00h
to Boot LUN enable attribute.

Change-Id: Ib7983075de3d6968a215cbc8b79c42a20fcc71a4
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>

Change-Id: I47978c13b6a3d09671ba8b66edf3374c37dda7a4

This reverts commit 01c7f5cf.

Change-Id: Ia0eb3536e8cb49f272a5f7a64946436796059a75
Signed-off-by: Vishvanath Singh <vishvana@codeaurora.org>

* commit 'b469676f':
  Revert "msm: camera: isp: improve flush logic to prevent race condition"
  msm: camera: cpas: Modify error check
  msm: camera: Remove sysfs bind/unbind files
  msm: camera: isp: Fix race condition in tasklet stop
  msm: camera: sync: resolve race condition between merge and signal
  msm: camera: Check for valid per frame i2c data.
  msm: camera: jpeg: Fix flush with request id
  msm: camera: flash: Remove wrong bubble condition check
  msm: camera: eeprom: Memory allocation using vzalloc
  msm: camera: fix double free in jpeg mgr
  msm: camera: cpas: Update logic for reading hw version at runtime
  msm: camera: icp: icp log modification
  msm: camera: isp: Fix the return value for CDM timeout error
  msm: camera: cdm: Add log utility for CDM cmd buffers
  msm: camera: cci: Fix error check
  msm: camera: icp: Add release call
  msm: camera: Improve logging capability in kmd drivers
  msm: camera: Check for valid per frame i2c data.
  msm: camera: debugfs to update clk rates dynamically
  ARM: dts: msm: Add src clk name in csiphy node
  ARM: dts: msm: Add field to determine clock control
  msm: camera: Return IRQ_NONE from irq handlers
  msm: camera: Dynamically enable CSID SOF irq
  Revert "msm: camera: icp: removes reference input depedency"
  msm: camera: cpas: Add protection for concurrent execution
  msm: camera: sensor: Allocate buffer to be of DMA memory type
  msm: camera: Fix power related issues across sensor modules
  msm: camera: isp: acquire tasklet cmd before processing top half
  msm: camera: Fix for actuator manual move lens not working
  msm: camera: icp: removes reference input depedency
  msm: camera: isp: improve flush logic to prevent race condition
  msm: camera: sensor: Add support to vote for PWM mode
  msm: camera: icp: Handle Watchdog/subsystem failures
  msm: camera: reqmgr: Change state check in callbacks
  msm: camera: Correct check for rdi res_id

Change-Id: Ifd92e6d8e8d1915c6fae5a2f6717c18b96f425cd
Signed-off-by: Sridhar Gujje <sgujje@codeaurora.org>

Fixes the incorrect return path in qseecom_start_app() function with
proper clean-up. With out this patch, there are lot of memory leaks.

Change-Id: Ied95480fa28b11efa3e53219102bfbe782921351
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>

SPS driver does not support manual bind/unbind operations
through sysfs. Suppress the bind/unbind nodes. Do not free
SPS struct in sps_device_de_init since it is being done in
sps_exit, and also to avoid use-after-free.

Change-Id: If6da6c5fb9d1a44d0420c6151f7f9d0a33cb2d04
Signed-off-by: Siva Kumar Akkireddi <sivaa@codeaurora.org>

Once USB DPL consumer ep is configured,
there is a chance of IPA hardware getting stalled,
if DPL client is not pulling the data over other end.
so, set holb discard over USB DPL cons ep
to avoid this stall.

Change-Id: I520b8c1ec84e03b783677c43670cbb9f904a4b4f
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

To avoid access of variable after being freed, using
list_first_entry_safe function to iterate over list
of given type,safe against removal of list entry.

Change-Id: I70611fddf3e9b80b1affa3e5235be24eac0d0a58
Signed-off-by: Monika Singh <monising@codeaurora.org>

Change-Id: Ie90853eae002f89dfb179d99e6e151de3831c30e

sockaddr structure is filled with required information only which
results in few memory locations of structure with uninitialized data.

Memset complete structure before using it to remove uninitialized data.

CRs-Fixed: 2274853
Change-Id: I181710bde100fb1553b925d9fdf227af35ff38b5
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>

The change fixes the error check while voting for axi clk.

Change-Id: I1f32e8276c455878b9832fd45ec0f7596b3d9ff6
Signed-off-by: Karthik Anantha Ram <kartanan@codeaurora.org>
Signed-off-by: Vishalsingh Hajeri <vhajeri@codeaurora.org>

This change disables dynamic bind/unbind capability for camera
driver modules since it is not currently supported.

Change-Id: I22a7490ae9670f6b4305356a2267a68d9781466b
Signed-off-by: Jigarkumar Zala <jzala@codeaurora.org>

commit e0058f3a upstream.

In asn1_ber_decoder(), indefinitely-sized ASN.1 items were being passed
to the action functions before their lengths had been computed, using
the bogus length of 0x80 (ASN1_INDEFINITE_LENGTH).  This resulted in
reading data past the end of the input buffer, when given a specially
crafted message.

Fix it by rearranging the code so that the indefinite length is resolved
before the action is called.

This bug was originally found by fuzzing the X.509 parser in userspace
using libFuzzer from the LLVM project.

KASAN report (cleaned up slightly):

    BUG: KASAN: slab-out-of-bounds in memcpy ./include/linux/string.h:341 [inline]
    BUG: KASAN: slab-out-of-bounds in x509_fabricate_name.constprop.1+0x1a4/0x940 crypto/asymmetric_keys/x509_cert_parser.c:366
    Read of size 128 at addr ffff880035dd9eaf by task keyctl/195

    CPU: 1 PID: 195 Comm: keyctl Not tainted 4.14.0-09238-g1d3b78bbc6e9 #26
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
    Call Trace:
     __dump_stack lib/dump_stack.c:17 [inline]
     dump_stack+0xd1/0x175 lib/dump_stack.c:53
     print_address_description+0x78/0x260 mm/kasan/report.c:252
     kasan_report_error mm/kasan/report.c:351 [inline]
     kasan_report+0x23f/0x350 mm/kasan/report.c:409
     memcpy+0x1f/0x50 mm/kasan/kasan.c:302
     memcpy ./include/linux/string.h:341 [inline]
     x509_fabricate_name.constprop.1+0x1a4/0x940 crypto/asymmetric_keys/x509_cert_parser.c:366
     asn1_ber_decoder+0xb4a/0x1fd0 lib/asn1_decoder.c:447
     x509_cert_parse+0x1c7/0x620 crypto/asymmetric_keys/x509_cert_parser.c:89
     x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
     asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
     key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
     SYSC_add_key security/keys/keyctl.c:122 [inline]
     SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
     entry_SYSCALL_64_fastpath+0x1f/0x96

    Allocated by task 195:
     __do_kmalloc_node mm/slab.c:3675 [inline]
     __kmalloc_node+0x47/0x60 mm/slab.c:3682
     kvmalloc ./include/linux/mm.h:540 [inline]
     SYSC_add_key security/keys/keyctl.c:104 [inline]
     SyS_add_key+0x19e/0x290 security/keys/keyctl.c:62
     entry_SYSCALL_64_fastpath+0x1f/0x96

Fixes: 42d5ec27 ("X.509: Add an ASN.1 decoder")
Reported-by: Alexander Potapenko <glider@google.com>
Bug: 73827422
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I1d286e1bd7d4a000d60420f7f8531161bdb35db3
Git-repo: https://android.googlesource.com/kernel/msm


Git-commit: 122b7139
Signed-off-by: Srinivasa Rao Kuppala <srkupp@codeaurora.org>

This change sets the atomic variable tasklet_active to 0 in
stop before calling flush. This also adds call to tasklet_kill
before tasklet_disable in stop. This will fix a race condition
between tasklet stop/enqueue. And it will ensure the tasklet
is correctly halted and will not be raised repeatedly.

Change-Id: Ibf9f78b41e3201be50cdee8653dd4e64d2142fbd
Signed-off-by: Harsh Shah <harshs@codeaurora.org>

Add support for early WLAN FW assert indication thru smp2p.

Change-Id: I38f0e42cf0f5e054e2c6d7caa58515842034bc48
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>

During merge, it ensures the state of merged fence and remaining
count are serialized with any of the child node sync call.

Change-Id: I443a82a39c2b6a52b70fe66b131fc9972b363c85
Signed-off-by: Alok Pandey <akumarpa@codeaurora.org>
Signed-off-by: Junzhe Zou <jnzhezou@codeaurora.org>

Wait for GMU to move to ACTIVE state before triggering preemption.
This is required to make sure CP doesn't interrupt GMU during
wake-up from IFPC.

Change-Id: I9c8ee07a4887deb30483b5523585d547b5d38806
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

Currently, GMU recovery for preemption and performance
counter OOB set failures is not getting triggered.
Enable this to make sure GMU snapshot is dumped and
recovery happens for these failures.

Change-Id: Ie4084c236957538d396cfb504f50d7b325a5743d
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

On GMU recovery failure, kgsl clears the GMU_FAULT bit
and also restores the kgsl state to orginal state from
which GMU/GPU wake up was triggered to make sure any
attempt to wake GMU/GPU after this is treated as a fresh
start/hard reset. But on recovery failure, GMU HS, clocks
and IRQ are still ON/enabled because of which any attempt
of GMU/GPU wakeup results in multiple warnings from GMU
start as HS, clocks and IRQ are still ON while doing a
fresh start i.e. wake up from SLUMBER.

Suspend the GMU on recovery failure to make sure next
attempt to wake up GMU/GPU is indeed a fresh start/
hard reset.

Change-Id: Ib0ffa8e19bbcf6ace1c438ec04275f7aabddce1b
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

RSCC wake-up sequence should only be triggered if RSCC
sleep sequence was done earlier i.e. they should always
be balanced to make sure GMU FW, RSCC and PDC state are
in sync.

Add GMU_RSCC_SLEEP_SEQ_DONE GMU flag to track whether
RSCC sleep sequence was done or not and trigger sleep
and wake-up sequence based on this flag to make they
are always balanced.

Change-Id: I78d8be52a770bd6e939da91fa68b6fd01f10034e
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

This is needed in order to avoid the spurious interrupts
seen during preemption.

Change-Id: Id8a465d1d3ea5b6994ab36d24d0efa1a84c9c6b6
Signed-off-by: Harshdeep Dhatt <hdhatt@codeaurora.org>
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

Use usleep_delay when waiting for CX votes to be removed,
usleep_delay will yield control to other RT threads.

Signed-off-by: Oleg Perelet <operelet@codeaurora.org>
Change-Id: Ia305dfe1e051a8fb603da595ad1e1cbcfc9f285c
Signed-off-by: George Shen <sqiao@codeaurora.org>
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

Unbalanced OOB set and clear function calls may cause undefined
GMU behavior and result in system failure.

Change-Id: Idc1aa69787726de701fe32a9578bbbe158d271a6
Signed-off-by: George Shen <sqiao@codeaurora.org>
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>