Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 2a9983ea authored by Nathan Chancellor's avatar Nathan Chancellor
Browse files

Merge tag 'LA.UM.6.2.r1-08100-sdm660.0' into kernel.lnx.4.4.r27-rel 



"LA.UM.6.2.r1-08100-sdm660.0"

* tag 'LA.UM.6.2.r1-08100-sdm660.0':
  mm-camera2:isp2: Release buffer lock after use
  USB: core: harden cdc_parse_cdc_header
  usbnet: move the CDC parser into USB core
  sctp: do not peel off an assoc from one netns to another one
  netlink: Add netns check on taps
  KEYS: encrypted: fix buffer overread in valid_master_desc()
  PCI: Fix race condition with driver_override
  ANDROID: NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
  mm-camera2:isp2: Release buffer lock after use
  sdcardfs: Fix sdcardfs to stop creating cases-sensitive duplicate entries.
  ath10k: enable neighbor solicitation offload in wow suspend
  clk: msm: osm: Update maximum number of bytes to read from buffer
  msm: sde: check buffer size before writing to user buffer
  msm: vidc: Fix use after free issue in set_output_buffers
  USB: f_accessory: Check dev pointer before decoding ctrl request
  ANDROID: fuse: Add null terminator to path in canonical path to avoid issue
  ath10k: deinit wow config in driver unload
  msm: kgsl: Enhance reading lm_sequence in _execute_reg_sequence()
  block: Fix oops in locked_inode_to_wb_and_lock_list()
  block: Fix bdi assignment to bdev inode when racing with disk delete
  fbdev: msm: check buffer size before writing to user buffer
  msm: mdss: Fix for wrong length in copy_to_user
  clk: qcom: osm: Update maximum number of bytes to read from buffer

Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>

Conflicts:
	drivers/net/usb/usbnet.c
	net/sctp/socket.c
parents 32cddad5 17b7aa55

drivers/clk/msm/clock-osm.c

+2 −2
Original line number Original line Diff line number Diff line 
/*

/*

 * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.

 * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.

 *

 *

 * This program is free software; you can redistribute it and/or modify

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

 * it under the terms of the GNU General Public License version 2 and
@@ -2868,7 +2868,7 @@ static ssize_t debugfs_trace_method_get(struct file *file, char __user *buf, 
	else if (c->trace_method == XOR_PACKET)

	else if (c->trace_method == XOR_PACKET)

		len = snprintf(debug_buf, sizeof(debug_buf), "xor\n");

		len = snprintf(debug_buf, sizeof(debug_buf), "xor\n");





	rc = simple_read_from_buffer((void __user *) buf, len, ppos,

	rc = simple_read_from_buffer((void __user *) buf, count, ppos,

				     (void *) debug_buf, len);

				     (void *) debug_buf, len);





	mutex_unlock(&debug_buf_mutex);

	mutex_unlock(&debug_buf_mutex);

drivers/clk/qcom/clk-cpu-osm.c

+2 −2
Original line number Original line Diff line number Diff line 
/*

/*

 * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.

 * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.

 *

 *

 * This program is free software; you can redistribute it and/or modify

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

 * it under the terms of the GNU General Public License version 2 and
@@ -2691,7 +2691,7 @@ static ssize_t debugfs_trace_method_get(struct file *file, char __user *buf, 
	else if (c->trace_method == XOR_PACKET)

	else if (c->trace_method == XOR_PACKET)

		len = snprintf(debug_buf, sizeof(debug_buf), "xor\n");

		len = snprintf(debug_buf, sizeof(debug_buf), "xor\n");





	rc = simple_read_from_buffer((void __user *) buf, len, ppos,

	rc = simple_read_from_buffer((void __user *) buf, count, ppos,

				     (void *) debug_buf, len);

				     (void *) debug_buf, len);





	mutex_unlock(&debug_buf_mutex);

	mutex_unlock(&debug_buf_mutex);

drivers/gpu/msm/adreno_a5xx.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -1381,13 +1381,13 @@ static int _execute_reg_sequence(struct adreno_device *adreno_dev, 




	/* todo double check the reg writes */

	/* todo double check the reg writes */

	while ((cur - opcode) < length) {

	while ((cur - opcode) < length) {

		if (cur[0] == 1 && ((cur + 4) - opcode) <= length) {

		if (cur[0] == 1 && (length - (cur - opcode) >= 4)) {

			/* Write a 32 bit value to a 64 bit reg */

			/* Write a 32 bit value to a 64 bit reg */

			reg = cur[2];

			reg = cur[2];

			reg = (reg << 32) | cur[1];

			reg = (reg << 32) | cur[1];

			kgsl_regwrite(KGSL_DEVICE(adreno_dev), reg, cur[3]);

			kgsl_regwrite(KGSL_DEVICE(adreno_dev), reg, cur[3]);

			cur += 4;

			cur += 4;

		} else if (cur[0] == 2 && ((cur + 5) - opcode) <= length) {

		} else if (cur[0] == 2 && (length - (cur - opcode) >= 5)) {

			/* Write a 64 bit value to a 64 bit reg */

			/* Write a 64 bit value to a 64 bit reg */

			reg = cur[2];

			reg = cur[2];

			reg = (reg << 32) | cur[1];

			reg = (reg << 32) | cur[1];
@@ -1395,7 +1395,7 @@ static int _execute_reg_sequence(struct adreno_device *adreno_dev, 
			val = (val << 32) | cur[3];

			val = (val << 32) | cur[3];

			kgsl_regwrite(KGSL_DEVICE(adreno_dev), reg, val);

			kgsl_regwrite(KGSL_DEVICE(adreno_dev), reg, val);

			cur += 5;

			cur += 5;

		} else if (cur[0] == 3 && ((cur + 2) - opcode) <= length) {

		} else if (cur[0] == 3 && (length - (cur - opcode) >= 2)) {

			/* Delay for X usec */

			/* Delay for X usec */

			udelay(cur[1]);

			udelay(cur[1]);

			cur += 2;

			cur += 2;

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c

+11 −1
Original line number Original line Diff line number Diff line
@@ -3101,12 +3101,18 @@ static int msm_isp_start_axi_stream(struct vfe_device *vfe_dev_ioctl, 
		return -EINVAL;

		return -EINVAL;





	msm_isp_get_timestamp(&timestamp, vfe_dev_ioctl);

	msm_isp_get_timestamp(&timestamp, vfe_dev_ioctl);



	mutex_lock(&vfe_dev_ioctl->buf_mgr->lock);

	for (i = 0; i < stream_cfg_cmd->num_streams; i++) {

	for (i = 0; i < stream_cfg_cmd->num_streams; i++) {

		if (stream_cfg_cmd->stream_handle[i] == 0)

		if (stream_cfg_cmd->stream_handle[i] == 0)

			continue;

			continue;

		stream_info = msm_isp_get_stream_common_data(vfe_dev_ioctl,

		stream_info = msm_isp_get_stream_common_data(vfe_dev_ioctl,

			HANDLE_TO_IDX(stream_cfg_cmd->stream_handle[i]));

			HANDLE_TO_IDX(stream_cfg_cmd->stream_handle[i]));



		if (!stream_info) {

			pr_err("%s: stream_info is NULL", __func__);

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			return -EINVAL;

		}

		if (SRC_TO_INTF(stream_info->stream_src) < VFE_SRC_MAX)

		if (SRC_TO_INTF(stream_info->stream_src) < VFE_SRC_MAX)

			src_state = axi_data->src_info[

			src_state = axi_data->src_info[

				SRC_TO_INTF(stream_info->stream_src)].active;

				SRC_TO_INTF(stream_info->stream_src)].active;
@@ -3114,6 +3120,7 @@ static int msm_isp_start_axi_stream(struct vfe_device *vfe_dev_ioctl, 
		else {

		else {

			ISP_DBG("%s: invalid src info index\n", __func__);

			ISP_DBG("%s: invalid src info index\n", __func__);

			rc = -EINVAL;

			rc = -EINVAL;

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			goto error;

			goto error;

		}

		}

		spin_lock_irqsave(&stream_info->lock, flags);

		spin_lock_irqsave(&stream_info->lock, flags);
@@ -3125,6 +3132,7 @@ static int msm_isp_start_axi_stream(struct vfe_device *vfe_dev_ioctl, 
		}

		}

		if (rc) {

		if (rc) {

			spin_unlock_irqrestore(&stream_info->lock, flags);

			spin_unlock_irqrestore(&stream_info->lock, flags);

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			goto error;

			goto error;

		}

		}
@@ -3147,6 +3155,7 @@ static int msm_isp_start_axi_stream(struct vfe_device *vfe_dev_ioctl, 
				HANDLE_TO_IDX(

				HANDLE_TO_IDX(

				stream_cfg_cmd->stream_handle[i]));

				stream_cfg_cmd->stream_handle[i]));

			spin_unlock_irqrestore(&stream_info->lock, flags);

			spin_unlock_irqrestore(&stream_info->lock, flags);

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			goto error;

			goto error;

		}

		}

		for (k = 0; k < stream_info->num_isp; k++) {

		for (k = 0; k < stream_info->num_isp; k++) {
@@ -3205,6 +3214,7 @@ static int msm_isp_start_axi_stream(struct vfe_device *vfe_dev_ioctl, 
		spin_unlock_irqrestore(&stream_info->lock, flags);

		spin_unlock_irqrestore(&stream_info->lock, flags);

		streams[num_streams++] = stream_info;

		streams[num_streams++] = stream_info;

	}

	}

	mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);





	for (i = 0; i < MAX_VFE; i++) {

	for (i = 0; i < MAX_VFE; i++) {

		vfe_dev = update_vfes[i];

		vfe_dev = update_vfes[i];

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -1102,6 +1102,7 @@ static int msm_isp_start_stats_stream(struct vfe_device *vfe_dev_ioctl, 
	struct vfe_device *vfe_dev;

	struct vfe_device *vfe_dev;





	msm_isp_get_timestamp(&timestamp, vfe_dev_ioctl);

	msm_isp_get_timestamp(&timestamp, vfe_dev_ioctl);

	mutex_lock(&vfe_dev_ioctl->buf_mgr->lock);





	num_stats_comp_mask =

	num_stats_comp_mask =

		vfe_dev_ioctl->hw_info->stats_hw_info->num_stats_comp_mask;

		vfe_dev_ioctl->hw_info->stats_hw_info->num_stats_comp_mask;
@@ -1120,6 +1121,7 @@ static int msm_isp_start_stats_stream(struct vfe_device *vfe_dev_ioctl, 
		}

		}

		if (rc) {

		if (rc) {

			spin_unlock_irqrestore(&stream_info->lock, flags);

			spin_unlock_irqrestore(&stream_info->lock, flags);

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			goto error;

			goto error;

		}

		}

		rc = msm_isp_init_stats_ping_pong_reg(

		rc = msm_isp_init_stats_ping_pong_reg(
@@ -1127,6 +1129,7 @@ static int msm_isp_start_stats_stream(struct vfe_device *vfe_dev_ioctl, 
		if (rc < 0) {

		if (rc < 0) {

			spin_unlock_irqrestore(&stream_info->lock, flags);

			spin_unlock_irqrestore(&stream_info->lock, flags);

			pr_err("%s: No buffer for stream%d\n", __func__, idx);

			pr_err("%s: No buffer for stream%d\n", __func__, idx);

			mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);

			return rc;

			return rc;

		}

		}

		init_completion(&stream_info->active_comp);

		init_completion(&stream_info->active_comp);
@@ -1161,6 +1164,7 @@ static int msm_isp_start_stats_stream(struct vfe_device *vfe_dev_ioctl, 
				stats_data->num_active_stream);

				stats_data->num_active_stream);

		streams[num_stream++] = stream_info;

		streams[num_stream++] = stream_info;

	}

	}

	mutex_unlock(&vfe_dev_ioctl->buf_mgr->lock);





	for (k = 0; k < MAX_VFE; k++) {

	for (k = 0; k < MAX_VFE; k++) {

		if (!update_vfes[k] || num_active_streams[k])

		if (!update_vfes[k] || num_active_streams[k])