- Nov 16, 2018
-
-
Daniel Rosenberg authored
The macro hides some control flow, making it easier to run into bugs. bug: 111642636 Change-Id: I37ec207c277d97c4e7f1e8381bc9ae743ad78435 Reported-by:
Jann Horn <jannh@google.com> Signed-off-by:
Daniel Rosenberg <drosen@google.com> Git-repo: https://android.googlesource.com/kernel/msm Git-commit: c17e2d40 Signed-off-by:
Dennis Cagle <dcagle@codeaurora.org>
-
Daniel Rosenberg authored
bug: 111641492 Change-Id: I79e9894f94880048edaf0f7cfa2d180f65cbcf3b Reported-by:
-
Tharun Kumar Merugu authored
Update mmap list links before every mmap free. Change-Id: Icb612a329e8defd65414842bae20f459c02364b9 Acked-by:
Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com> Signed-off-by:
Tharun Kumar Merugu <mtharu@codeaurora.org>
-
Sanjay Singh authored
If video state set to DEINIT before processing all frame done packets in the list may create video failures as explained below, the client communication to video hardware will fail because of DEINIT state and client will close the session upon failure which will happen in parallel to response thread processing the response packets in the list. It may happen that client already free'd the buffer references and response thread might access the same buffer reference and results in use-after-free memory fault. So In case of sys error from video hardware, set video state to DEINIT after processing all packets in the list to avoid use-after-free failure. Change-Id: Id44c26b1bbfc49e9725bf70e21a3e861a04d0133 Signed-off-by:
Maheshwar Ajja <majja@codeaurora.org> Signed-off-by:
Sanjay Singh <sisanj@codeaurora.org>
-
Chinmay Agarwal authored
Attempting to avoid cloning the skb when broadcasting by inflating the refcount with sock_hold/sock_put while under RCU lock is dangerous and violates RCU principles. It leads to subtle race conditions when attempting to free the SKB, as we may reference sockets that have already been freed by the stack. Unable to handle kernel paging request at virtual address "6b6b6b6b6b6c4b" [006b6b6b6b6b6c4b] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP task: "fffffff78f65b380" task.stack: "ffffff8049a88000" pc : sock_rfree+0x38/0x6c lr : skb_release_head_state+0x6c/0xcc Process repro (pid: 7117, stack limit = 0xffffff8049a88000) Call trace: sock_rfree+0x38/0x6c skb_release_head_state+0x6c/0xcc skb_release_all+0x1c/0x38 __kfree_skb+0x1c/0x30 kfree_skb+0xd0/0xf4 pfkey_broadcast+0x14c/0x18c pfkey_sendmsg+0x1d8/0x408 sock_sendmsg+0x44/0x60 ___sys_sendmsg+0x1d0/0x2a8 __sys_sendmsg+0x64/0xb4 SyS_sendmsg+0x34/0x4c el0_svc_naked+0x34/0x38 Kernel panic - not syncing: Fatal exception CRs-Fixed: 2251019 Change-Id: Ib3b01f941a34a7df61fe9445f746b7df33f4656a Signed-off-by:
Sean Tranchetti <stranche@codeaurora.org> Signed-off-by:
Chinmay Agarwal <chinagar@codeaurora.org>
-
Mohammed Javid authored
Protect ipa default routing table from addition, deletion and modification once after default rule added by ipa-driver. Change-Id: I045d9c29fed23edf796d826e440b81124e1f666a Signed-off-by:Mohammed Javid <mjavid@codeaurora.org>
-
Matthew Wilcox authored
commit abc1be13 upstream. f2fs specifies the __GFP_ZERO flag for allocating some of its pages. Unfortunately, the page cache also uses the mapping's GFP flags for allocating radix tree nodes. It always masked off the __GFP_HIGHMEM flag, and masks off __GFP_ZERO in some paths, but not all. That causes radix tree nodes to be allocated with a NULL list_head, which causes backtraces like: __list_del_entry+0x30/0xd0 list_lru_del+0xac/0x1ac page_cache_tree_insert+0xd8/0x110 The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the innermost location, and remove it from earlier in the callchain. Change-Id: I6b91267ad49104d3b6d6fcc84159d24fa96eec6e Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org Fixes: 449dd698 ("mm: keep page cache radix tree nodes in check") Signed-off-by:
Matthew Wilcox <mawilcox@microsoft.com> Reported-by:
Chris Fries <cfries@google.com> Debugged-by:
Minchan Kim <minchan@kernel.org> Acked-by:
Johannes Weiner <hannes@cmpxchg.org> Acked-by:
Michal Hocko <mhocko@suse.com> Reviewed-by:
Jan Kara <jack@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Git-Commit: f4c86fa0 Signed-off-by:
Vinayak Menon <vinmenon@codeaurora.org>
-
Paras Nagda authored
No need to process response messages from video hardware after device went into invalid state. Processing responses may result in use-after-free memory fault because client might free all the resources after error. Change-Id: I7e980fdc1ee84bf53301f3e84c5492991adc3e30 Signed-off-by:Paras Nagda <pnagda@codeaurora.org>
-
Sanjay Singh authored
No need to process response messages from video hardware after device went into invalid state. Processing responses may result in use-after-free memory fault because client might free all the resources after error. Change-Id: Ia2c22a2740466e6368e61437aa4246927150858b Signed-off-by:
-
Paras Nagda authored
If video state set to DEINIT before processing all frame done packets in the list may create video failures as explained below, the client communication to video hardware will fail because of DEINIT state and client will close the session upon failure which will happen in parallel to response thread processing the response packets in the list. It may happen that client already free'd the buffer references and response thread might access the same buffer reference and results in use-after-free memory fault. So In case of sys error from video hardware, set video state to DEINIT after processing all packets in the list to avoid use-after-free failure. Change-Id: Ie4ebf94100e78cbbae6b22e120a32154d9333998 Signed-off-by: -
Liam Mark authored
Currently it is possible for an ION client to allocate non-HLOS memory (ie memory which isn't assigned to the HLOS vmid), map this memory, and then attempt to access this memory from the CPU. Attempting to access non-HLOS memory from the CPU will cause a stage-2 fault. Fix ION so that non-HLOS memory cannot be mapped by the CPU. Change-Id: Ifb51de2eabc076cddc744c13f01ef97b4a7c6874 Signed-off-by:Liam Mark <lmark@codeaurora.org>
-
- Oct 12, 2018
-
-
Florian Westphal authored
We need to make sure the offsets are not out of range of the total size. Also check that they are in ascending order. The WARN_ON triggered by syzkaller (it sets panic_on_warn) is changed to also bail out, no point in continuing parsing. Briefly tested with simple ruleset of -A INPUT --limit 1/s' --log plus jump to custom chains using 32bit ebtables binary. Reported-by:
<syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com> Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-commit: b7181216 Change-Id: Ic1b91b00521fb550f1774b916aa5b53c91940ed0 Signed-off-by:
Satyanarayana Dash <sadash@codeaurora.org>
-
Manoj Prabhu B authored
Move the mask_info mutex initialization outside mask structure to facilitate prevention of out of bound access while initializing msg mask during md session creation. Use separate msg_mask_tbl_count for ODL session msg mask and regular msg mask to prevent out of bound access in a possible race condition of accessing mask ranges. The chances of accessing uninitialized mask is prevented by adding null pointer checks for the mask structure and its member pointer. Change-Id: I87497c67daff8cc1797a1266d50456bdbd3a9c23 Signed-off-by:
Manoj Prabhu B <bmanoj@codeaurora.org> Signed-off-by:
-
Nick Desaulniers authored
Bug: 31494725 Git-repo: https://android.googlesource.com/kernel/msm.git Git-commit: b57e736e [d-cagle@codeaurora.org: Automatic resolve of merge conflicts] Change-Id: I10a0c2aae883dfaa6c235c38689a704064557008 Signed-off-by:
Dennis Cagle <d-cagle@codeaurora.org> Signed-off-by:
-
Anurag Chouhan authored
There is potential integer truncation in the wcnss_prealloc_get api. size_t is 8 byte on x64 platform and "unsigned int" is 4 byte. To avoid this integer truncation, pass size as size_t instead of unsigned int. CRs-Fixed: 2269610 Change-Id: I14b274dd7cad98b55fdce1aaa27783272231afde Signed-off-by:
Anurag Chouhan <achouhan@codeaurora.org> Signed-off-by:
-
Akhil P Oommen authored
Syncsource spinlock is not properly taken while removing syncsource id from the synsource_idr. idr_find() and idr_remove() should be called atomically. Fix this by keeping idr_find() and idr_remove() inside a single lock. Change-Id: I51b8dcd0d67deda746c05e4cbd9eb1355d8f5d0b Signed-off-by:
Akhil P Oommen <akhilpo@codeaurora.org> Signed-off-by:
-
Mohammed Javid authored
Once after the dma free, assign the pointer with NULL and reset mem allocated flag, to avoid dangling pointer dereferencing. Change-Id: I74a2c2b0589a576de7946e4e2244c7ef5cca975f Signed-off-by:
-
Aravind Venkateswaran authored
Use correct indexing when using the contianer_of operation to get the DSI clock manager handle to avoid potential out of bounds memory accesses. Change-Id: I8804c5ff2bb602527f84749116e1408513e22759 Signed-off-by:Aravind Venkateswaran <aravindh@codeaurora.org>
-
Aravind Venkateswaran authored
Ensure that the escape clock is turned on prior to reinitializing the DSI PHY when exiting idle power collapse. This will ensure that there are no spurious transitions on the lanes after the PHY clamps are removed. Change-Id: Ic7ce1af62581b71d2a610b18381c9c57eb80696c Signed-off-by:
Tharun Raj Soma <tsoma@codeaurora.org>
-
Aravind Venkateswaran authored
Separate DSI high speed (HS) clocks from low power (LP) clock, so that we can have better control in enabling and disabling these clocks independently. Some DSI hardware versions need LP clocks to be turned on before programming DSI PHY. Change-Id: I05efde2bb2a7f737e2f952554b41e3ab74e990e5 Signed-off-by:
-
- Sep 04, 2018
-
-
Odelu Kukatla authored
CX GDSC has a parent supply which is required to be enabled before turning on CX GDSC; therefore, specify VDD_CX as the parent supply for CX GDSC. Also update the min level for VDD_CX regulator. Change-Id: If770109a03152e98183930289556d6c3cf6ec497 Signed-off-by:
Odelu Kukatla <okukatla@codeaurora.org> Signed-off-by:
-
Deepak Kumar authored
Wait for GMU to move to ACTIVE state before triggering preemption. This is required to make sure CP doesn't interrupt GMU during wake-up from IFPC. Change-Id: I9c8ee07a4887deb30483b5523585d547b5d38806 Signed-off-by:
Deepak Kumar <dkumar@codeaurora.org> Signed-off-by:
-
Deepak Kumar authored
Currently, GMU recovery for preemption and performance counter OOB set failures is not getting triggered. Enable this to make sure GMU snapshot is dumped and recovery happens for these failures. Change-Id: Ie4084c236957538d396cfb504f50d7b325a5743d Signed-off-by:
-
Deepak Kumar authored
On GMU recovery failure, kgsl clears the GMU_FAULT bit and also restores the kgsl state to orginal state from which GMU/GPU wake up was triggered to make sure any attempt to wake GMU/GPU after this is treated as a fresh start/hard reset. But on recovery failure, GMU HS, clocks and IRQ are still ON/enabled because of which any attempt of GMU/GPU wakeup results in multiple warnings from GMU start as HS, clocks and IRQ are still ON while doing a fresh start i.e. wake up from SLUMBER. Suspend the GMU on recovery failure to make sure next attempt to wake up GMU/GPU is indeed a fresh start/ hard reset. Change-Id: Ib0ffa8e19bbcf6ace1c438ec04275f7aabddce1b Signed-off-by:
-
Deepak Kumar authored
Kgsl driver polls GMU for fence status to become zero in case it was one in IRQ handler and prints "AHB fence stuck in ISR" error log in case it doesn't happen in multiple retries. Add a small delay between two retries to make sure GMU firmware gets sufficient time to abort power collapse. This will avoid this error prints in scenarios where waiting loop finish much faster and GMU is still in process of aborting power collapse. This will also reduce number of retries. Also, dump register GMU_AO_RBBM_INT_UNMASKED_STATUS_SHADOW as part of error message to identify the unhandled IRQ when this error happens. Change-Id: Ia67a44db43d5a4ec3dd7f3323e7754d950490aec Signed-off-by:
-
Deepak Kumar authored
RSCC wake-up sequence should only be triggered if RSCC sleep sequence was done earlier i.e. they should always be balanced to make sure GMU FW, RSCC and PDC state are in sync. Add GMU_RSCC_SLEEP_SEQ_DONE GMU flag to track whether RSCC sleep sequence was done or not and trigger sleep and wake-up sequence based on this flag to make they are always balanced. Change-Id: I78d8be52a770bd6e939da91fa68b6fd01f10034e Signed-off-by:
-
Lynus Vaz authored
If the IRQ pending count is incremented, make sure it is decremented even in case of errors. Change-Id: I63443d4430b24ff82eb58d729e42f7115607ff25 Signed-off-by:
Lynus Vaz <lvaz@codeaurora.org> Signed-off-by:
-
Sachin Grover authored
Call trace: [<ffffff9203a8d7a8>] dump_backtrace+0x0/0x428 [<ffffff9203a8dbf8>] show_stack+0x28/0x38 [<ffffff920409bfb8>] dump_stack+0xd4/0x124 [<ffffff9203d187e8>] print_address_description+0x68/0x258 [<ffffff9203d18c00>] kasan_report.part.2+0x228/0x2f0 [<ffffff9203d1927c>] kasan_report+0x5c/0x70 [<ffffff9203d1776c>] check_memory_region+0x12c/0x1c0 [<ffffff9203d17cdc>] memcpy+0x34/0x68 [<ffffff9203d75348>] xattr_getsecurity+0xe0/0x160 [<ffffff9203d75490>] vfs_getxattr+0xc8/0x120 [<ffffff9203d75d68>] getxattr+0x100/0x2c8 [<ffffff9203d76fb4>] SyS_fgetxattr+0x64/0xa0 [<ffffff9203a83f70>] el0_svc_naked+0x24/0x28 If user get root access and calls security.selinux setxattr() with an embedded NUL on a file and then if some process performs a getxattr() on that file with a length greater than the actual length of the string, it would result in a panic. To fix this, add the actual length of the string to the security context instead of the length passed by the userspace process. Change-Id: Ie0b8bfc7c96bc12282b955fb3adf41b3c2d011cd Signed-off-by:
Sachin Grover <sgrover@codeaurora.org> Signed-off-by:
-
Karthik Anantha Ram authored
As part of shutdown when we free the power settings we should assign the pointer to NULL. And in power down we validate the settings. Change-Id: I7abe11548e211dfd89387069191234488dcfd0ce Signed-off-by:
Karthik Anantha Ram <kartanan@codeaurora.org> Signed-off-by:
-
Vivek Veenam authored
Sensor power settings can be freed by some thread while another thread try to access it. Add NULL check before to prevent this. Change-Id: Ice3d8c6da65afd5196be67860543eb974183c55e Signed-off-by:
Vivek Veenam <vveenam@codeaurora.org> Signed-off-by:
-
Laxminath Kasam authored
As L7B regulator used as micbias regulator for audio, SDM710 PMIC regulator require L10 and L1 also to be enabled along with L7B. Add L10 and L1 to on-demand supply list of audio regulators. CRs-Fixed: 2287883 Change-Id: Ifba608f1f348ab2e65db49bebed7effd0c07567c Signed-off-by:
Laxminath Kasam <lkasam@codeaurora.org> Signed-off-by:
-
Yunsheng Lin authored
skb maybe freed in hns_nic_net_xmit_hw() and return NETDEV_TX_OK, which cause hns_nic_net_xmit to use a freed skb. BUG: KASAN: use-after-free in hns_nic_net_xmit_hw+0x62c/0x940... [17659.112635] alloc_debug_processing+0x18c/0x1a0 [17659.117208] __slab_alloc+0x52c/0x560 [17659.120909] kmem_cache_alloc_node+0xac/0x2c0 [17659.125309] __alloc_skb+0x6c/0x260 [17659.128837] tcp_send_ack+0x8c/0x280 [17659.132449] __tcp_ack_snd_check+0x9c/0xf0 [17659.136587] tcp_rcv_established+0x5a4/0xa70 [17659.140899] tcp_v4_do_rcv+0x27c/0x620 [17659.144687] tcp_prequeue_process+0x108/0x170 [17659.149085] tcp_recvmsg+0x940/0x1020 [17659.152787] inet_recvmsg+0x124/0x180 [17659.156488] sock_recvmsg+0x64/0x80 [17659.160012] SyS_recvfrom+0xd8/0x180 [17659.163626] __sys_trace_return+0x0/0x4 [17659.167506] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=23 cpu=1 pid=13 [17659.174000] free_debug_processing+0x1d4/0x2c0 [17659.178486] __slab_free+0x240/0x390 [17659.182100] kmem_cache_free+0x24c/0x270 [17659.186062] kfree_skbmem+0xa0/0xb0 [17659.189587] __kfree_skb+0x28/0x40 [17659.193025] napi_gro_receive+0x168/0x1c0 [17659.197074] hns_nic_rx_up_pro+0x58/0x90 [17659.201038] hns_nic_rx_poll_one+0x518/0xbc0 [17659.205352] hns_nic_common_poll+0x94/0x140 [17659.209576] net_rx_action+0x458/0x5e0 [17659.213363] __do_softirq+0x1b8/0x480 [17659.217062] run_ksoftirqd+0x64/0x80 [17659.220679] smpboot_thread_fn+0x224/0x310 [17659.224821] kthread+0x150/0x170 [17659.228084] ret_from_fork+0x10/0x40 BUG: KASAN: use-after-free in hns_nic_net_xmit+0x8c/0xc0... [17751.080490] __slab_alloc+0x52c/0x560 [17751.084188] kmem_cache_alloc+0x244/0x280 [17751.088238] __build_skb+0x40/0x150 [17751.091764] build_skb+0x28/0x100 [17751.095115] __alloc_rx_skb+0x94/0x150 [17751.098900] __napi_alloc_skb+0x34/0x90 [17751.102776] hns_nic_rx_poll_one+0x180/0xbc0 [17751.107097] hns_nic_common_poll+0x94/0x140 [17751.111333] net_rx_action+0x458/0x5e0 [17751.115123] __do_softirq+0x1b8/0x480 [17751.118823] run_ksoftirqd+0x64/0x80 [17751.122437] smpboot_thread_fn+0x224/0x310 [17751.126575] kthread+0x150/0x170 [17751.129838] ret_from_fork+0x10/0x40 [17751.133454] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=19 cpu=7 pid=43 [17751.139951] free_debug_processing+0x1d4/0x2c0 [17751.144436] __slab_free+0x240/0x390 [17751.148051] kmem_cache_free+0x24c/0x270 [17751.152014] kfree_skbmem+0xa0/0xb0 [17751.155543] __kfree_skb+0x28/0x40 [17751.159022] napi_gro_receive+0x168/0x1c0 [17751.163074] hns_nic_rx_up_pro+0x58/0x90 [17751.167041] hns_nic_rx_poll_one+0x518/0xbc0 [17751.171358] hns_nic_common_poll+0x94/0x140 [17751.175585] net_rx_action+0x458/0x5e0 [17751.179373] __do_softirq+0x1b8/0x480 [17751.183076] run_ksoftirqd+0x64/0x80 [17751.186691] smpboot_thread_fn+0x224/0x310 [17751.190826] kthread+0x150/0x170 [17751.194093] ret_from_fork+0x10/0x40 Change-Id: I5fbdea5d0264c79dbcc91f8519cda1004b667866 Fixes: 13ac695e ("net:hns: Add support of Hip06 SoC to the Hislicon Network Subsystem") Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
lipeng <lipeng321@huawei.com> Reported-by:
Jun He <hjat2005@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-commit: 27463ad9 Signed-off-by:
-
Florian Westphal authored
The rationale for removing the check is only correct for rulesets generated by ip(6)tables. In iptables, a jump can only occur to a user-defined chain, i.e. because we size the stack based on number of user-defined chains we cannot exceed stack size. However, the underlying binary format has no such restriction, and the validation step only ensures that the jump target is a valid rule start point. IOW, its possible to build a rule blob that has no user-defined chains but does contain a jump. If this happens, no jump stack gets allocated and crash occurs because no jumpstack was allocated. Change-Id: I03e0851c2c9feeb4350c55bbc797a67ed7b3d8b7 Fixes: 7814b6ec ("netfilter: xtables: don't save/restore jumpstack offset") Reported-by:
<syzbot+e783f671527912cd9403@syzkaller.appspotmail.com> Signed-off-by:
-
Johannes Thumshirn authored
If the list search in sg_get_rq_mark() fails to find a valid request, we return a bogus element. This then can later lead to a GPF in sg_remove_scat(). So don't return bogus Sg_requests in sg_get_rq_mark() but NULL in case the list search doesn't find a valid request. Bug: 79090045 Signed-off-by:
Johannes Thumshirn <jthumshirn@suse.de> Reported-by:
Andrey Konovalov <andreyknvl@google.com> Cc: Hannes Reinecke <hare@suse.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Doug Gilbert <dgilbert@interlog.com> Reviewed-by:
Hannes Reinecke <hare@suse.de> Acked-by:
Doug Gilbert <dgilbert@interlog.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
Chenbo Feng <fengc@google.com> (cherry picked from commit 48ae8484) Change-Id: If95d1a8eef3748c9937201e524184b89a5eaaf2e Bug: 75300370 Git-repo: https://android.googlesource.com/kernel/msm Git-commit: 58408c68 Signed-off-by:
-
Siva Kumar Akkireddi authored
SPS driver does not support manual bind/unbind operations through sysfs. Suppress the bind/unbind nodes. Do not free SPS struct in sps_device_de_init since it is being done in sps_exit, and also to avoid use-after-free. Change-Id: If6da6c5fb9d1a44d0420c6151f7f9d0a33cb2d04 Signed-off-by:
Siva Kumar Akkireddi <sivaa@codeaurora.org> Signed-off-by:
-
Mohit Aggarwal authored
Currently, mask pointers are not updated in case peripherals are supporting more mask tables. The patch updates the mask pointers properly. Change-Id: I1360c722076fca0215e0ccd28247c4741a1ebd88 Signed-off-by:
Mohit Aggarwal <maggarwa@codeaurora.org> Signed-off-by:
-
Tharun Kumar Merugu authored
Destroy mutex before file free, to avoid use after free of mutex. Change-Id: I4ff73dc17b15043eacbb299219a379bfd1a8efa6 Signed-off-by:
-
Archana Sriram authored
Modified conditional checks to read lm_sequence so as to avoid the possibility of pointer overflow. CRs-Fixed: 2212443 Change-Id: I72b30e35996c40f23fc81739e27724b1188f1c05 Signed-off-by:
Archana Sriram <apsrir@codeaurora.org> Signed-off-by:
-
Vinayak Menon authored
ion_system_heap_destroy_pools frees the pool, but does not invalidate the pointer. This can result in a double free if ion_system_heap_create_pools fails, and then causes ion_system_heap_create to call into ion_system_heap_destroy_pools again from the error path. This can happen in ion_system_heap_create when one of the secure pool creation fails. Change-Id: Ic73ca78722aa5a575cc4dd7c1caa560b518094f2 Signed-off-by:
-
Tharun Kumar Merugu authored
Remove the use of dmac_flush_range for userspace buffers and add msm_ion_do_cache_op for flushing user space buffers. Change-Id: Ice73eafac840bd1cabee0a2bfc8a641832a7d0c8 Signed-off-by:
-
