Change-Id: I55ad2b6bae58cc20db1174d3ff0b45bc23820b52

Zero message may be passed causing null pointer de-reference.
Adding check on the number of messages passed to handle the issue.

Change-Id: I7cef6dd2070c5eaaa748698c45540f8aa1d96116
Signed-off-by: Vipin Deep Kaur <vkaur@codeaurora.org>

Currently it is possible for an ION client to allocate non-HLOS memory
(ie memory which isn't assigned to the HLOS vmid), map this memory, and
then attempt to access this memory from the CPU.
Attempting to access non-HLOS memory from the CPU will cause a
stage-2 fault.

Fix ION so that non-HLOS memory cannot be mapped by the CPU.

Change-Id: Ifb51de2eabc076cddc744c13f01ef97b4a7c6874
Signed-off-by: Liam Mark <lmark@codeaurora.org>

No need to process response messages from video hardware
after device went into invalid state. Processing responses
may result in use-after-free memory fault because client
might free all the resources after error.
Change-Id: Ia2c22a2740466e6368e61437aa4246927150858b
Signed-off-by: Maheshwar Ajja <majja@codeaurora.org>
Signed-off-by: Sanjay Singh <sisanj@codeaurora.org>

There might be a case where the battery-temperature changes
significantly (cold -> good) across shutdown, which may
result in a huge change the SOC. Using shutdown SOC under this
condition may not be ideal, hence add a logic to ignore the
shutdown SOC if battery-temperature exceeds a temperature. This
temperature difference can be specified via the DT property
"qcom,shutdown-temp-diff".

Also, ignore the shutdown SOC based on the SOC difference
between shutdown SOC and PON SOC. Use "qcom,shutdown-soc-threshold"
property to specify the SOC difference.

Change-Id: I14b274dd7cad98b55fdce1aaa27783272231afdf
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>

When migrating encrypted block from background GC thread, we only add
them into f2fs inner bio cache, but forget to submit the cached bio, it
may cause potential deadlock when we are waiting page writebacked, fix
it.

Change-Id: I3e0f31c8825e5d7a33bad296562a2a652236f5ef
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Git-commit: 1b456ddbaa5457c807f7315d5e0f1188c88a6ddc
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/


[stummala@codeaurora.org: Back port the change]
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>

Remove kzfree() after kclient list iteration to avoid invalid
pointer deference.

Change-Id: I78922269e219fcb16d3cff05f8b168a75a3c05ae
Signed-off-by: Zhen Kong <zkong@codeaurora.org>

In 64 bit kernel and 32 bit userspace, ioctl_ptr from
kernel space, should NOT call the copy_from_user.

In 64 bit kernel and 64 bit userspace, ioctl_ptr from
user space, use the copy_from_user to copy data.

use the is_compat_task to distinguish two condition.

CRs-Fixed: 2283160
Change-Id: If9205e4f3176a52e52f694a3183dc9c5b7617a97
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>

For some targets that have less vmalloc space this can be increased by
enabling config ENABLE_VMALLOC_SAVING. With this config we can reclaim
virtual mappings which remains unused because of non hlos carveout
reservations in lowmem.

Select the default method of reclaiming virtual memory as vmalloc saving.

Change-Id: I249992871babe8c64c34d52ef43bbc7c81636d47
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>

Memory allocation using kzalloc can return a valid pointer
when a zero size memory is requested. Therefore it is
important to use IS_ZERO_OR_NULL macro instead of just
checking for a null pointer prior to any use of the allocated
memory.

CRs-Fixed: 2279573
Change-Id: I3a9526347669d77bd5642195ab2681ef96ce580a
Signed-off-by: Aravind Venkateswaran <aravindh@codeaurora.org>

By default all the interrupt sources for TYPE_C_OR_RID_DETECTION_CHANGE
are enabled and are getting fired frequently on any event. Disable all
the interrupt sources not handled by charger driver.

Change-Id: I613e06472a6f83b66b702b7420afd890792515dc
Signed-off-by: Umang Agrawal <uagrawal@codeaurora.org>

By current definition, CONFIG_VMALLOC_SAVING uses the VA space of
carveout areas as vmalloc area, but reduces the size of default
vmalloc space, thereby keeping the total vmalloc size same as
without CONFIG_VMALLOC_SAVING, and in turn increasing the lowmem.
This means, changes in carveout sizes will have the side effect
of altering the vmalloc size, which will then need "vmalloc"
kernel param changes for every change in carveout size. And these
changes in values passed to vmalloc kernel param, can have a side
effect on targets that shares the kernel params but does not save
any VA space using CONFIG_VMALLOC_SAVING (for e.g. when some or
all of the carveouts are in highmem area.).

It can be argued that this patch changes the meaning of vmalloc
kernel param, and is bad. For e.g. when vmalloc=300M is passed,
the user may expect the vmalloc to be 300M, but the actual total
vmalloc will be 300M plus VA recovered from carveouts. This won't
seem to be an issue if "vmalloc" param is understood as a method
to increase the "default" vmalloc area size.

Change-Id: I30bc22f1c685a7de92ca331bf32ca152798fc13b
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

There is potential integer truncation in the wcnss_prealloc_get api.
size_t is 8 byte on x64 platform and "unsigned int" is 4 byte.
To avoid this integer truncation, pass size as size_t instead
of unsigned int.

CRs-Fixed: 2269610
Change-Id: I14b274dd7cad98b55fdce1aaa27783272231afde
Signed-off-by: Anurag Chouhan <achouhan@codeaurora.org>

VM_IOREMAP is used to access hardware through a mechanism called
I/O mapped memory. Android binder is a IPC machanism which will
not access I/O memory.

And VM_IOREMAP has alignment requiement which may not needed in
binder.
    __get_vm_area_node()
    {
    ...
        if (flags & VM_IOREMAP)
            align = 1ul << clamp_t(int, fls_long(size),
               PAGE_SHIFT, IOREMAP_MAX_ORDER);
    ...
    }

This patch will save some kernel vm area, especially for 32bit os.

In 32bit OS, kernel vm area is only 240MB. We may got below
error when launching a app:

<3>[ 4482.440053] binder_alloc: binder_alloc_mmap_handler: 15728 8ce67000-8cf65000 get_vm_area failed -12
<3>[ 4483.218817] binder_alloc: binder_alloc_mmap_handler: 15745 8ce67000-8cf65000 get_vm_area failed -12

Link: https://lkml.org/lkml/2018/1/9/1260



Change-Id: Id3a715da6060191d05384697a4f266f82cdcba2b
Patch-mainline: linux-kernel @ 01/10/18, 10:49
Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com>
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>

Reduce the qseecom_ta heap for sdm429 target.

Change-Id: Id36e3fb616c5888d64c34d24c87590856519fa8a
Signed-off-by: Mohamed Sunfeer <msunfeer@codeaurora.org>

Ensure that the same CPU address returned from the DMA memory
allocation API is passed to the DMA memory free API.

Change-Id: I116358378465cd518e1e1ecb60aee465301a709f
Acked-by: Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
Signed-off-by: Mohit Sharma <smohit@codeaurora.org>

Update correct VA to user space, so that during unmap VA will be
matched and memory is freed.

Change-Id: I22d7940b0526db96e47fdf634ada63449f4f2d3f
Acked-by: Himateja Reddy <hmreddy@qti.qualcomm.com>
Signed-off-by: Mohammed Nayeem Ur Rahman <mohara@codeaurora.org>
Signed-off-by: Mohit Sharma <smohit@codeaurora.org>

Change-Id: I17e31a118204c946ae72f9449ca57ca4eb0cf8c0
Signed-off-by: Mohit Sharma <smohit@codeaurora.org>

This reverts commit c942cc38.

Change-Id: Id112017766f93e5657616399f38ab061cdadc347
Signed-off-by: Mohit Sharma <smohit@codeaurora.org>

Generalise eeprom 1 node for msm8953 based targets, so that it
is not specific to only ov8865.

Change-Id: I2378087a476de90af92441d929e3eae2776e63fb
Signed-off-by: Samyukta Mogily <smogily@codeaurora.org>

Add support to de-bounce USBIN_OV signal, during de-bounce
period charger driver reports battery status as CHARGING
if USB is present and input path is not suspended.

Change-Id: I9f34e33ce1a43d6f81f147e02ea1ed36ea5b8318
Signed-off-by: Ashay Jaiswal <ashayj@codeaurora.org>

Use correct indexing when using the contianer_of operation to
get the DSI clock manager handle to avoid potential out of
bounds memory accesses.

Change-Id: I8804c5ff2bb602527f84749116e1408513e22759
Signed-off-by: Aravind Venkateswaran <aravindh@codeaurora.org>