Change-Id: I1ce802e23b17bde17d38d3e3895b6b6cb6a253de
Signed-off-by: Mohd Mujahid Pasha <pasha@codeaurora.org>

The sched_cpu_deactivate()->synchronize_rcu_mult() is not taking
expedited path even though rcu_expedited is enabled. So split
the synchronize_rcu_mult() call into synchronize_sched() and
synchronize_rcu() to improve the hotplug latency.

Change-Id: Ic21fbf790e7ed2f314b4058a489cde7813897c1f
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>

with dual_isp_sync enabled pix path regupdate can be processed
with interrupt from dual_isp_sync irq. however RDI dual only
one ISP. So regupdate irq need to be processed from each ISP.

Change-Id: Iff0c397ee8e21784b1bf994482bb575c0482b8cb
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>

Enable CONFIG_CPU_FREQ_TIMES to enable the driver to log the cpu
core frequency stats.

Change-Id: I30be6159d28491b0f90c0d2ac85090ff036c8e2e
Signed-off-by: Santosh Mardi <gsantosh@codeaurora.org>

On Trinket, polling for gcc_camera_ahb_clk status would
result in stuck at off error as the clock is critical.
Hence add BRANCH_HALT_DELAY flag to avoid returning error
at bootup.

Change-Id: Idb2f4c75f072596aeec04f048750d1a5f4fb6c2c
Signed-off-by: Diptanshu Jamgade <djamgade@codeaurora.org>

dma_buf_attach can return a negative error code wrapped
into a pointer on failure. Correct the error check and move
access to dma_buf_attachment pointer after the error check
to avoid accessing invalid pointer.

Change-Id: I77426fefb17370da5ed57878632bec8bacbc77a0
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>

Add check to fix NULL pointer refernce.

Change-Id: Id50022a0b2c3e4ad1b4f7f5307070f41ae133b16
Signed-off-by: Pooja Kumari <kumarip@codeaurora.org>

Add slew rate reg and value for trinket, and adjust
drive strength as per recommendation.

Change-Id: Iaa29977d0122f930adfba38e8d4027ce22e3514b
Signed-off-by: Ramprasad Katkam <katkam@codeaurora.org>

VEN will be toggled from NFC driver only once during boot
and it will remain high on successful driver probe exit,
after that MW shouldn't modify it's state
as eSE is also powered using VEN gpio in SN100 NFC HW.

VEN toggle will reset eSE power and cause failure if
any communication is in progress.

Change-Id: Id18d0f6177c16c7c99f91a75dd126c138352755c
Signed-off-by: Bhuvan Varshney <bvarshne@codeaurora.org>

Add back defconfig entries to enable VADC and ADC_TM drivers
which were removed earlier for kernel optimization.

Change-Id: I3fe2659c60335fd4049f670d818bbda89f047df4
Signed-off-by: Jishnu Prakash <jprakash@codeaurora.org>

Update right pre-fetch/lvl_empty threshold config on
wdi end point.

Change-Id: I7c2702063acf079fccfdfbaaf9e0dc0d2a9f4204
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

Update QUSB2 HS PHY initialization sequence to improve
the RX sensitivity. The new sequence achieves this by
updating the TUNE1 and TUNE3 values.

Change-Id: I7c3400d29314a36c17de2b695e5ebf79743ba9d6
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>

If client enables HW AUTOCTS mode then set UPSTAT_AUTOCTS,otherwise
serial core disables TX fully at the framework layer and
no communication happens.

Change-Id: Ied2bec705991aad16638f767c09f33ae4dbfafdf
Signed-off-by: Akash Asthana <akashast@codeaurora.org>

Add proper check for validating the IP type while
sending request for ul-filter-rule install.

Change-Id: I170230310884f176cf41d5ae20287f6d74a4bc29
Signed-off-by: Praveen Kurapati <pkurapat@codeaurora.org>

During IPA shutdown the allocation for memory request fails.
So modify IPA to not sleep while memory allocation.

Change-Id: I4b12462ca65a753f91a0ede757b6ddf31afe9044
Signed-off-by: Praveen Kurapati <pkurapat@codeaurora.org>

In dual_isp_sync mode, process rdi reg_update to fix RDI buf done
issue.

Change-Id: Ibeee7f9c621320a6f4ddd79653bb32e91913c23e
Signed-off-by: Ramesh V <ramev@codeaurora.org>

In some scenario receiving the unexpected EOB interrupt on WAN consumer
pipe, but couldn't find from which source received this packet. Add
changes to assert if EOB interrupt received on WAN consumer pipe.

Change-Id: I28c32ef811b0354adff616563c6ef550d859d0c5
Signed-off-by: Ashok Vuyyuru <avuyyuru@codeaurora.org>

Using correct device pointer to get the firmware data.

This reverts commit be6c82d9.

Change-Id: I0b26e5a1453161c76897543be16ff00fb0c2f241
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>

There is no pinctrl function named "fpc_reset_gpio_low"
and "fpc_reset_gpio_high".
Remove warning:
[    7.890295] sdmmagpie-pinctrl 3400000.pinctrl: function 'fpc_reset_gpio_low' not supported
[    7.898776] sdmmagpie-pinctrl 3400000.pinctrl: invalid function fpc_reset_gpio_low in map table
[    7.907766] sdmmagpie-pinctrl 3400000.pinctrl: function 'fpc_reset_gpio_high' not supported
[    7.916345] sdmmagpie-pinctrl 3400000.pinctrl: invalid function fpc_reset_gpio_high in map table

Change-Id: I485dccd7702d7458b73f2bd08da59b127b07facb
Signed-off-by: Linyu Yuan <linyyuan@codeaurora.org>

Since DSP is not supposed to modify the base pointer rpra of the
input/output arguments offloaded to DSP, maintain a local copy of
the pointer and use it after receiving interrupt from DSP.

Change-Id: I4afade7184cb2aca148060fb0cda06c6174f3b55
Acked-by: Maitreyi Gupta <maitreyi@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>

There is a race condition between removing glue directory and adding a new
device under the glue directory. It can be reproduced in following test:

path 1: Add the child device under glue dir
device_add()
    get_device_parent()
        mutex_lock(&gdp_mutex);
        ....
        /*find parent from glue_dirs.list*/
        list_for_each_entry(k, &dev->class->p->glue_dirs.list, entry)
            if (k->parent == parent_kobj) {
                kobj = kobject_get(k);
                break;
            }
        ....
        mutex_unlock(&gdp_mutex);
        ....
    ....
    kobject_add()
        kobject_add_internal()
            create_dir()
                sysfs_create_dir_ns()
                    if (kobj->parent)
                        parent = kobj->parent->sd;
                    ....
                    kernfs_create_dir_ns(parent)
                        kernfs_new_node()
                            kernfs_get(parent)
                        ....
                        /* link in */
                        rc = kernfs_add_one(kn);
                        if (!rc)
                            return kn;

                        kernfs_put(kn)
                            ....
                            repeat:
                            kmem_cache_free(kn)
                            kn = parent;

                            if (kn) {
                                if (atomic_dec_and_test(&kn->count))
                                    goto repeat;
                            }
                        ....

path2: Remove last child device under glue dir
device_del()
    cleanup_device_parent()
        cleanup_glue_dir()
            mutex_lock(&gdp_mutex);
            if (!kobject_has_children(glue_dir))
                kobject_del(glue_dir);
            kobject_put(glue_dir);
            mutex_unlock(&gdp_mutex);

Before path2 remove last child device under glue dir, If path1 add a new
device under glue dir, the glue_dir kobject reference count will be
increase to 2 via kobject_get(k) in get_device_parent(). And path1 has
been called kernfs_new_node(), but not call kernfs_get(parent).
Meanwhile, path2 call kobject_del(glue_dir) beacause 0 is returned by
kobject_has_children(). This result in glue_dir->sd is freed and it's
reference count will be 0. Then path1 call kernfs_get(parent) will trigger
a warning in kernfs_get()(WARN_ON(!atomic_read(&kn->count))) and increase
it's reference count to 1. Because glue_dir->sd is freed by path2, the next
call kernfs_add_one() by path1 will fail(This is also use-after-free)
and call atomic_dec_and_test() to decrease reference count. Because the
reference count is decremented to 0, it will also call kmem_cache_free()
to free glue_dir->sd again. This will result in double free.

In order to avoid this happening, we we should not call kobject_del() on
path2 when the reference count of glue_dir is greater than 1. So we add a
conditional statement to fix it.

The following calltrace is captured in kernel 4.14 with the following patch
applied:

commit 726e4109 ("drivers: core: Remove glue dirs from sysfs earlier")

--------------------------------------------------------------------------
[    3.633703] WARNING: CPU: 4 PID: 513 at .../fs/kernfs/dir.c:494
                Here is WARN_ON(!atomic_read(&kn->count) in kernfs_get().
....
[    3.633986] Call trace:
[    3.633991]  kernfs_create_dir_ns+0xa8/0xb0
[    3.633994]  sysfs_create_dir_ns+0x54/0xe8
[    3.634001]  kobject_add_internal+0x22c/0x3f0
[    3.634005]  kobject_add+0xe4/0x118
[    3.634011]  device_add+0x200/0x870
[    3.634017]  _request_firmware+0x958/0xc38
[    3.634020]  request_firmware_into_buf+0x4c/0x70
....
[    3.634064] kernel BUG at .../mm/slub.c:294!
                Hrer is BUG_ON(object == fp) in set_freepointer().
....
[    3.634346] Call trace:
[    3.634351]  kmem_cache_free+0x504/0x6b8
[    3.634355]  kernfs_put+0x14c/0x1d8
[    3.634359]  kernfs_create_dir_ns+0x88/0xb0
[    3.634362]  sysfs_create_dir_ns+0x54/0xe8
[    3.634366]  kobject_add_internal+0x22c/0x3f0
[    3.634370]  kobject_add+0xe4/0x118
[    3.634374]  device_add+0x200/0x870
[    3.634378]  _request_firmware+0x958/0xc38
[    3.634381]  request_firmware_into_buf+0x4c/0x70
--------------------------------------------------------------------------

Fixes: 726e4109 ("drivers: core: Remove glue dirs from sysfs earlier")

Change-Id: I2c5b99e62d78783e2c454af1266d787500b6675e
Signed-off-by: Muchun Song <smuchun@gmail.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Greg KH <gregkh@linuxfoundation.org>
Patch-mainline: linux-kernel @ 04/23/19, 22:32
Signed-off-by: Prateek Sood <prsood@codeaurora.org>

Enable AXI/ABH clocks, inorder to perform CPP AXI
reset successfully.

Change-Id: I68d16825243d63f612709ce414bdaaa19af45bbe
Signed-off-by: Venu Raidu <vraidu@codeaurora.org>

The avc allocations are marked with GFP_NOWAIT and thus
considered to be non-fatal allocations. This also makes
these allocations easy to fail thus filling the log buffer
with page allocation failure messages. There are no known
cases of these messages being of any importance for
debugging. Disable them.

Change-Id: I3517a134ad0e8deb307f0d140f4b16cb303a9f7f
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>

In dual vfe mode set frame drop notify mask to
vfe0 and vfe1. so that downstream camera module
will not miss frame drop notify.

Change-Id: Ida61e0041bef245dcc2c6c6f3bbbfdf982d4acbc
Signed-off-by: Ramesh V <ramev@codeaurora.org>