Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 34a6d139 authored by Michael Bestas's avatar Michael Bestas
Browse files

Merge tag 'LA.UM.9.15.2.r1-10600-KAMORTA.QSSI14.0' of... 

Merge tag 'LA.UM.9.15.2.r1-10600-KAMORTA.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19 into android13-4.19-kona

"LA.UM.9.15.2.r1-10600-KAMORTA.QSSI14.0"

* tag 'LA.UM.9.15.2.r1-10600-KAMORTA.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19:
  ii2c: i2c-master-msm-geni: add null pointer check in event call back
  msm-4.19: qseecom: Fix possible race condition
  adsprpc: Handle UAF scenario in put_args
  msm: adsprpc: use-after-free (UAF) in global maps
  soc: qcom: smem: Add boundary checks for partitions
  UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
  loop: Select I/O scheduler 'none' from inside add_disk()
  BACKPORT: loop: Fix missing discard support when using LOOP_CONFIGURE
  loop: Check for overflow while configuring loop
  BACKPORT: loop: Set correct device size when using LOOP_CONFIGURE
  block: delete part_round_stats and switch to less precise counting
  BACKPORT: media: venus: hfi: fix the check in session buffer requirement
  msm: adsprpc: Handle UAF in fastrpc internal munmap
  msm: kgsl: Keep postamble packets in a privileged buffer
  soc: qcom: qsee_ipc_irq_bridge: Remove redundant cleanup
  net: qrtr: fifo: Add bounds check on tx path

Change-Id: I1709553f1864cd481a3c7f385aa5a40573c13e51
parents 024b5480 79954138

drivers/i2c/busses/i2c-qcom-geni.c

+10 −2
Original line number Diff line number Diff line
@@ -351,8 +351,16 @@ static irqreturn_t geni_i2c_irq(int irq, void *dev) 
static void gi2c_ev_cb(struct dma_chan *ch, struct msm_gpi_cb const *cb_str,

		       void *ptr)

{

	struct geni_i2c_dev *gi2c = ptr;

	u32 m_stat = cb_str->status;

	struct geni_i2c_dev *gi2c;

	u32 m_stat;



	if (!ptr || !cb_str) {

		pr_err("%s: Invalid ev_cb buffer\n", __func__);

		return;

	}



	gi2c = (struct geni_i2c_dev *)ptr;

	m_stat = cb_str->status;



	switch (cb_str->cb_event) {

	case MSM_GPI_QUP_ERROR:

drivers/misc/qseecom.c

+75 −30
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
 * QTI Secure Execution Environment Communicator (QSEECOM) driver

 *

 * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.

 * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.

 * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.

 */



#define pr_fmt(fmt) "QSEECOM: %s: " fmt, __func__
@@ -7613,14 +7613,15 @@ static long qseecom_ioctl(struct file *file, 


	switch (cmd) {

	case QSEECOM_IOCTL_REGISTER_LISTENER_REQ: {

		mutex_lock(&listener_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("reg lstnr req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&listener_access_lock);

			ret = -EINVAL;

			break;

		}

		pr_debug("ioctl register_listener_req()\n");

		mutex_lock(&listener_access_lock);

		atomic_inc(&data->ioctl_count);

		data->type = QSEECOM_LISTENER_SERVICE;

		ret = qseecom_register_listener(data, argp);
@@ -7632,15 +7633,16 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_UNREGISTER_LISTENER_REQ: {

		mutex_lock(&listener_access_lock);

		if ((data->listener.id == 0) ||

			(data->type != QSEECOM_LISTENER_SERVICE)) {

			pr_err("unreg lstnr req: invalid handle (%d) lid(%d)\n",

						data->type, data->listener.id);

			mutex_unlock(&listener_access_lock);

			ret = -EINVAL;

			break;

		}

		pr_debug("ioctl unregister_listener_req()\n");

		mutex_lock(&listener_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_unregister_listener(data);

		atomic_dec(&data->ioctl_count);
@@ -7651,15 +7653,16 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_SEND_CMD_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("send cmd req: invalid handle (%d) app_id(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if (qseecom.support_bus_scaling) {

			/* register bus bw in case the client doesn't do it */

			if (!data->mode) {
@@ -7713,15 +7716,16 @@ static long qseecom_ioctl(struct file *file, 
	}

	case QSEECOM_IOCTL_SEND_MODFD_CMD_REQ:

	case QSEECOM_IOCTL_SEND_MODFD_CMD_64_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("send mdfd cmd: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if (qseecom.support_bus_scaling) {

			if (!data->mode) {

				mutex_lock(&qsee_bw_mutex);
@@ -7777,13 +7781,16 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_RECEIVE_REQ: {

		mutex_lock(&listener_access_lock);

		if ((data->listener.id == 0) ||

			(data->type != QSEECOM_LISTENER_SERVICE)) {

			pr_err("receive req: invalid handle (%d), lid(%d)\n",

						data->type, data->listener.id);

			mutex_unlock(&listener_access_lock);

			ret = -EINVAL;

			break;

		}

		mutex_unlock(&listener_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_receive_req(data);

		atomic_dec(&data->ioctl_count);
@@ -7793,14 +7800,15 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_SEND_RESP_REQ: {

		mutex_lock(&listener_access_lock);

		if ((data->listener.id == 0) ||

			(data->type != QSEECOM_LISTENER_SERVICE)) {

			pr_err("send resp req: invalid handle (%d), lid(%d)\n",

						data->type, data->listener.id);

			mutex_unlock(&listener_access_lock);

			ret = -EINVAL;

			break;

		}

		mutex_lock(&listener_access_lock);

		atomic_inc(&data->ioctl_count);

		if (!qseecom.qsee_reentrancy_support)

			ret = qseecom_send_resp();
@@ -7814,16 +7822,17 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_SET_MEM_PARAM_REQ: {

		mutex_lock(&app_access_lock);

		if ((data->type != QSEECOM_CLIENT_APP) &&

			(data->type != QSEECOM_GENERIC) &&

			(data->type != QSEECOM_SECURE_SERVICE)) {

			pr_err("set mem param req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		pr_debug("SET_MEM_PARAM: qseecom addr = 0x%pK\n", data);

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_set_client_mem_param(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -7834,16 +7843,17 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_LOAD_APP_REQ: {

		mutex_lock(&app_access_lock);

		if ((data->type != QSEECOM_GENERIC) &&

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("load app req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->type = QSEECOM_CLIENT_APP;

		pr_debug("LOAD_APP_REQ: qseecom_addr = 0x%pK\n", data);

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_load_app(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -7854,15 +7864,16 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_UNLOAD_APP_REQ: {

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("unload app req:invalid handle(%d) app_id(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		pr_debug("UNLOAD_APP: qseecom_addr = 0x%pK\n", data);

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_unload_app(data, false);

		atomic_dec(&data->ioctl_count);
@@ -7881,10 +7892,12 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_PERF_ENABLE_REQ:{

		mutex_lock(&app_access_lock);

		if ((data->type != QSEECOM_GENERIC) &&

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("perf enable req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}
@@ -7892,6 +7905,7 @@ static long qseecom_ioctl(struct file *file, 
			(data->client.app_id == 0)) {

			pr_err("perf enable req:invalid handle(%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}
@@ -7906,13 +7920,16 @@ static long qseecom_ioctl(struct file *file, 
				pr_err("Fail to vote for clocks %d\n", ret);

		}

		atomic_dec(&data->ioctl_count);

		mutex_unlock(&app_access_lock);

		break;

	}

	case QSEECOM_IOCTL_PERF_DISABLE_REQ:{

		mutex_lock(&app_access_lock);

		if ((data->type != QSEECOM_SECURE_SERVICE) &&

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("perf disable req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}
@@ -7920,6 +7937,7 @@ static long qseecom_ioctl(struct file *file, 
			(data->client.app_id == 0)) {

			pr_err("perf disable: invalid handle (%d)app_id(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}
@@ -7933,6 +7951,7 @@ static long qseecom_ioctl(struct file *file, 
			mutex_unlock(&qsee_bw_mutex);

		}

		atomic_dec(&data->ioctl_count);

		mutex_unlock(&app_access_lock);

		break;

	}
@@ -7942,28 +7961,32 @@ static long qseecom_ioctl(struct file *file, 
			pr_debug("crypto clock is not handled by HLOS\n");

			break;

		}

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("set bus scale: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		atomic_inc(&data->ioctl_count);

		ret = qseecom_scale_bus_bandwidth(data, argp);

		atomic_dec(&data->ioctl_count);

		mutex_unlock(&app_access_lock);

		break;

	}

	case QSEECOM_IOCTL_LOAD_EXTERNAL_ELF_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("load ext elf req: invalid client handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->type = QSEECOM_UNAVAILABLE_CLIENT_APP;

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_load_external_elf(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -7973,14 +7996,15 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_UNLOAD_EXTERNAL_ELF_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_UNAVAILABLE_CLIENT_APP) {

			pr_err("unload ext elf req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_unload_external_elf(data);

		atomic_dec(&data->ioctl_count);
@@ -7990,15 +8014,16 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {

		mutex_lock(&app_access_lock);

		if ((data->type != QSEECOM_GENERIC) &&

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("app loaded query req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->type = QSEECOM_CLIENT_APP;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		pr_debug("APP_LOAD_QUERY: qseecom_addr = 0x%pK\n", data);

		ret = qseecom_query_app_loaded(data, argp);
@@ -8007,9 +8032,11 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_SEND_CMD_SERVICE_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("send cmd svc req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}
@@ -8017,9 +8044,9 @@ static long qseecom_ioctl(struct file *file, 
		if (qseecom.qsee_version < QSEE_VERSION_03) {

			pr_err("SEND_CMD_SERVICE_REQ: Invalid qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_send_service_cmd(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -8029,19 +8056,21 @@ static long qseecom_ioctl(struct file *file, 
	case QSEECOM_IOCTL_CREATE_KEY_REQ: {

		if (!(qseecom.support_pfe || qseecom.support_fde))

			pr_err("Features requiring key init not supported\n");

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("create key req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_05) {

			pr_err("Create Key feature unsupported: qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_create_key(data, argp);

		if (ret)
@@ -8054,19 +8083,21 @@ static long qseecom_ioctl(struct file *file, 
	case QSEECOM_IOCTL_WIPE_KEY_REQ: {

		if (!(qseecom.support_pfe || qseecom.support_fde))

			pr_err("Features requiring key init not supported\n");

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("wipe key req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_05) {

			pr_err("Wipe Key feature unsupported in qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_wipe_key(data, argp);

		if (ret)
@@ -8078,19 +8109,21 @@ static long qseecom_ioctl(struct file *file, 
	case QSEECOM_IOCTL_UPDATE_KEY_USER_INFO_REQ: {

		if (!(qseecom.support_pfe || qseecom.support_fde))

			pr_err("Features requiring key init not supported\n");

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("update key req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_05) {

			pr_err("Update Key feature unsupported in qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_update_key_user_info(data, argp);

		if (ret)
@@ -8100,14 +8133,15 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_SAVE_PARTITION_HASH_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("save part hash req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_save_partition_hash(argp);

		atomic_dec(&data->ioctl_count);
@@ -8115,14 +8149,15 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_IS_ES_ACTIVATED_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("ES activated req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_is_es_activated(argp);

		atomic_dec(&data->ioctl_count);
@@ -8130,14 +8165,15 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_IOCTL_MDTP_CIPHER_DIP_REQ: {

		mutex_lock(&app_access_lock);

		if (data->type != QSEECOM_GENERIC) {

			pr_err("MDTP cipher DIP req: invalid handle (%d)\n",

								data->type);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		data->released = true;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_mdtp_cipher_dip(argp);

		atomic_dec(&data->ioctl_count);
@@ -8146,14 +8182,15 @@ static long qseecom_ioctl(struct file *file, 
	}

	case QSEECOM_IOCTL_SEND_MODFD_RESP:

	case QSEECOM_IOCTL_SEND_MODFD_RESP_64: {

		mutex_lock(&listener_access_lock);

		if ((data->listener.id == 0) ||

			(data->type != QSEECOM_LISTENER_SERVICE)) {

			pr_err("receive req: invalid handle (%d), lid(%d)\n",

						data->type, data->listener.id);

			mutex_unlock(&listener_access_lock);

			ret = -EINVAL;

			break;

		}

		mutex_lock(&listener_access_lock);

		atomic_inc(&data->ioctl_count);

		if (cmd == QSEECOM_IOCTL_SEND_MODFD_RESP)

			ret = qseecom_send_modfd_resp(data, argp);
@@ -8168,20 +8205,22 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_QTEEC_IOCTL_OPEN_SESSION_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("Open session: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_40) {

			pr_err("GP feature unsupported: qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_qteec_open_session(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -8193,20 +8232,22 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_QTEEC_IOCTL_CLOSE_SESSION_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("Close session: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_40) {

			pr_err("GP feature unsupported: qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_qteec_close_session(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -8217,20 +8258,22 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_QTEEC_IOCTL_INVOKE_MODFD_CMD_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("Invoke cmd: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_40) {

			pr_err("GP feature unsupported: qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_qteec_invoke_modfd_cmd(data, argp);

		atomic_dec(&data->ioctl_count);
@@ -8242,20 +8285,22 @@ static long qseecom_ioctl(struct file *file, 
		break;

	}

	case QSEECOM_QTEEC_IOCTL_REQUEST_CANCELLATION_REQ: {

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		if ((data->client.app_id == 0) ||

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("Cancel req: invalid handle (%d) appid(%d)\n",

					data->type, data->client.app_id);

			mutex_unlock(&app_access_lock);

			ret = -EINVAL;

			break;

		}

		if (qseecom.qsee_version < QSEE_VERSION_40) {

			pr_err("GP feature unsupported: qsee ver %u\n",

				qseecom.qsee_version);

			mutex_unlock(&app_access_lock);

			return -EINVAL;

		}

		/* Only one client allowed here at a time */

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);

		ret = qseecom_qteec_request_cancellation(data, argp);

		atomic_dec(&data->ioctl_count);