Validate the input parameters to avoid any unexpected
scenarios.

Change-Id: If77ac66470baf937b160800174ea14f1a8cb6408
Signed-off-by: Pooja Kumari <kumarip@codeaurora.org>
Signed-off-by: Abhishek Choubey <abchoube@codeaurora.org>

Change-Id: Ic9336b2e25e7991d0d2da168215e2fec6e0b2e84

Commit 15122ee2 ("arm64: Enforce BBM for huge IO/VMAP mappings")
disallowed block mappings for ioremap since that code does not honor
break-before-make. The same APIs are also used for permission updating
though and the extra checks prevent the permission updates from happening,
even though this should be permitted. This results in read-only permissions
not being fully applied. Visibly, this can occasionaly be seen as a failure
on the built in rodata test when the test data ends up in a section or
as an odd RW gap on the page table dump. Fix this by using
pgattr_change_is_safe instead of p*d_present for determining if the
change is permitted.

Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Fixes: 15122ee2 ("arm64: Enforce BBM for huge IO/VMAP mappings")
Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Git-Commit: 82034c23
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Change-Id: I7cbc0366b5101ade51a527b4c9e72f0a39ea5246
[sudaraja@codeaurora.org: added definition for pfn_pud, merge conflict fixes]
Signed-off-by: Sudarshan Rajagopalan <sudaraja@codeaurora.org>
[guptap@codeaurora.org: added definition for pgattr_change_is_safe, merge conflict fixes]
Signed-off-by: Prakash Gupta <guptap@codeaurora.org>

When icnss receive server arrive it send wlfw_msa_mem_info_send_sync_msg
QMI request to firmware and in response expect range of addresses and size
to be mapped. Add condition to check whether addresses in response falls
under valid range otherwise it asserts.

Change-Id: I9a8542cb6c3b3cefe112d1f08a76dd2eadf68d2f
Signed-off-by: Naman Padhiar <npadhiar@codeaurora.org>

Change-Id: I99f26d14722f4612203763b2444115ec753beb12

* commit '055d8e60':
  msm: camera: icp: Fix issue in camera GDSC operations
  msm: camera: icp: Use usleep instead of msleep for smaller delays
  msm: camera: Fix to address clock voting through debugfs
  msm: camera: sensor: Delete request even if apply failed
  msm: camera: sensor: Use vzalloc to alloc reg setting memory
  msm: camera: reqmgr: Get the index difference properly
  msm: camera: core: release ref after config failed
  msm: camera: icp: icp debug improvement
  msm: camera: isp: clearing isp context entries for rdi_only_context
  msm: camera: Additional information to ICP page fault handler

Change-Id: If75fb92a00641c9732223163ba83ecb6c9369490
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

Subtract command descriptor offset from buffer length obtained
from kernel before validating length of command buffer.

Change-Id: I38b244873c20894ee26b687c4bb19ef103c79363
Signed-off-by: Mukund Madhusudan Atre <matre@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

Defines new macros
  CAM_INFO_RATE_LIMIT_CUSTOM
  CAM_ERR_RATE_LIMIT_CUSTOM

These macros ratelimits logs with provided interval and burst.
Function cam_sync_get_obj_ref is called from CAM_SYNC_SIGNAL ioctl. If
userspace frequently calls this function with invalid sync id, then error
log can cause excessive loging.
Ratelimit log  to 5 times in 1 second.

Change-Id: Id362f7b2025b7d6be88b054b0bacb4134b6a5952
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

num_out_res which is part of acquire arguments from UMD
is not validated. Compute buffer size only if num_out_res
is within the valid range.

Change-Id: I9cc577df8f92b66f7f721977575d58536e4c1f2f
Signed-off-by: Vishalsingh Hajeri <vhajeri@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

Currently we are seeing error log which is not actual error in
case of cam-secure usecase. This change moves the error log at
correct place to reflect the actual error.

Change-Id: I7cc81966def89133c6f9261f403b4609dcfea70e
Signed-off-by: Jigarkumar Zala <jzala@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

When icnss receive server arrive it send wlfw_msa_mem_info_send_sync_msg
QMI request to firmware and in response expect range of addresses and size
to be mapped. Add condition to check whether addresses in response falls
under valid range otherwise it asserts.

Change-Id: I9a8542cb6c3b3cefe112d1f08a76dd2eadf68d2f
Signed-off-by: Naman Padhiar <npadhiar@codeaurora.org>

Add checks for OOB Read in new CAM_ISP_GENERIC_BLOB_TYPE_BW_CONFIG_V2.
When command buffers are passed from userspace in the form of generic
blobs, the size must be validated to prevent out of bounds read.

Change-Id: Ic604c7466cf4735abe010c6134b6e4a7f7ff6b59
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

Currently CPAS only handles IB voted by each client. Added support
to handle AB along with IB to be voted on external bus.

Change-Id: Iff5b28f3980a1293adb81e389915d08ff84728bc
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

In some cases, observed that vfe node information is
not filled in the stream information, this will lead
to a null pointer access. To avoid such scenarios,
a null check is added.

Change-Id: Ibe8e095629574e2d8b8fbb097449d49bc0a762b3
Signed-off-by: Shobhit Singh <shobsi@codeaurora.org>
Signed-off-by: Mounika Reddy Tangirala <mtangi@codeaurora.org>
Signed-off-by: Sumalatha Malothu <smalot@codeaurora.org>

We find there are many white noise if not add uart gpio
control config, so add it.

Change-Id: Ie260923558ffdb75637298a8a2c18a372bc16f24
Signed-off-by: Tengfei Fan <tengfeif@codeaurora.org>

EEPROM needs to be released even if configuration fails, so
the state should be CAM_EEPROM_ACQUIRE  instead of
CAM_EEPROM_INIT.

Change-Id: I4c68cd606daec3d105a2473dbdd51c7549099479
Signed-off-by: Depeng Shao <depengs@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

Many nvmem providers are not very keen on having default sysfs
nvmem entry, as most of the usecases for them are inside kernel
itself. And in some cases read/writes to some areas in nvmem are
restricted and trapped at secure monitor level, so accessing them
from userspace would result in board reboots.

This patch adds new NVMEM_SYSFS Kconfig to make binary sysfs entry
an optional one. This provision will give more flexibility to users.
This patch also moves existing sysfs code to a new file so that its
not compiled in when its not really required.

Change-Id: Id34e899845ea7320490dc6df5673ce3e77489982
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Gaurav Kohli <gkohli@codeaurora.org>
Tested-by: Gaurav Kohli <gkohli@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: ae0c2d72
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git


[schikk@codeaurora.org: Resolved merge conflicts and fixed
compilation issues]
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>

This change disables the sysfs nvmem entry by default.

Change-Id: Ic6d38e71091f90133fd9490608836912f77697e6
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>

Validate the buffer size against the parsing command structure size
before parsing to prevent possible out of bound error case.

CRs-Fixed: 2437341
Change-Id: I31c9a556539fce403691294a76160ae4936e7065
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>

set_page_dirty() is racy if the caller has no
reference against page->mapping->host, and if
the page is unlocked. This is because another
CPU could truncate the page off the mapping and
then free the mapping.

Use set_page_dirty_lock() to avoid this race condition.

Change-Id: I517fb9aee66560618c7676b311368f7a7498011f
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>

Lock Implementation for avoid race condition leading
to out-of-bound write in "msm_vb2_queue_setup.

CRs-Fixed: 2362627
Change-Id: I7f7420c7437b9ac2f215929a8614b0846e890c98
Signed-off-by: Vijay kumar Tumati <vtumati@codeaurora.org>
Signed-off-by: Raja Mallik <rmallik@codeaurora.org>

currently only NULL pointer check is used to validate the return
value from clk_get, this change to handle all the failures.

Change-Id: Icd8b7e33d0f235a7c5dde2307972a594908e6a60
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>

Frame remap logic is based on PIX SOF events only,
this fix is to avoid this remap logic for RDI streams.

Change-Id: I100d2bfd098d186f4bb3cb348e683c73e1d7c00b
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>

Add platform subtype on APQ8009W, MSM8909W 512MB and 1GB
devices to differentiate sensor calibration on new WTP.

Change-Id: I1cf670bd591005ef6fb0d375c3cf13cab3966997
Signed-off-by: Nagireddy Annem <nannem@codeaurora.org>