The fb notifier callback will call mdnie_update() on
FB_BLANK_UNBLANK, which will then call mdnie_update_sequence()
with the table returned by mdnie_find_table(mdnie).

This will discard the values written to sensorRGB if we do not
save them.

Change-Id: I29cae3f98f64885abd3ebabc43ad13a959a3fffa

This reverts commit 810a8a6f.

Change-Id: Id1b79618f860a554986c5f2f84855aea25be7ee7

Change-Id: I5fdfc68ce780d8029a02012c10ee84760e09e487

Change-Id: Ie5d050f6d3b8f36c59b92e7c20d44d578bf987ef
Signed-off-by: Usaamah Patel <ussyp2015@gmail.com>

Change-Id: I198a2b7ecca57cbfd1f909bec23b99241822a035
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>

* -r (--no-run-if-empty) doesn't exist on OSX version of xargs

Change-Id: I322fcb678ac0083f1fc9acbdaad9c7e070f4d6bb
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>

Change-Id: I014aa5fe00ebb18deba51248207d5cd50f67b863
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>

This reverts commit 69db61c9.

Change-Id: Iba001dc9f73cc34606dd0840ca7008edc5e8988b

Original commit: https://github.com/LineageOS/android_kernel_motorola_msm8974/commit/1c30279966ed5e22f3cc12edd4d7a29010b551c6

Required to at least make (post-)O-ADB without enabled legacy interface enabled.

Hacked into Samsung's USB-stack without much thinking

Change-Id: Ie7a303e3550588b576e0968cdd0b58bdb177c3af

pcrypt is using the old way of freeing instances, where the ->free()
method specified in the 'struct crypto_template' is passed a pointer to
the 'struct crypto_instance'.  But the crypto_instance is being
kfree()'d directly, which is incorrect because the memory was actually
allocated as an aead_instance, which contains the crypto_instance at a
nonzero offset.  Thus, the wrong pointer was being kfree()'d.

Fix it by switching to the new way to free aead_instance's where the
->free() method is specified in the aead_instance itself.

Change-Id: Ia072fa391205a4ba42249cf439eb7bad90241c95
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface")
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
The reason is due to insufficient serialization in lo_release(), which
will continue to use the loop device even after it has decremented the
lo_refcnt to zero.

In the meantime, another process can come in, open the loop device
again as it is being shut down. Confusion ensues.

Change-Id: Ib58f658b8b756d30c9f7363225e5749c939b7e56
Reported-by: 范龙飞 <long7573@126.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

set rm->atomic.op_active to 0 when rds_pin_pages() fails
or the user supplied address is invalid,
this prevents a NULL pointer usage in rds_atomic_free_op()

Change-Id: I5f8b687d93587969997e765bd6f0838f09583ba1
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

When args->nr_local is 0, nr_pages gets also 0 due some size
calculation via rds_rm_size(), which is later used to allocate
pages for DMA, this bug produces a heap Out-Of-Bound write access
to a specific memory region.

Change-Id: Ia146a87544c0c23f7ea7f72ac30544ac777d9323
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Denys provided an awesome KASAN report pointing to an use
after free in xt_TCPMSS

I have provided three patches to fix this issue, either in xt_TCPMSS or
in xt_tcpudp.c. It seems xt_TCPMSS patch has the smallest possible
impact.

Change-Id: Ia2a0983db2d48aaa918957507163c34e4fd6860e
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit 4f0414e54e4d1893c6f08260693f8ef84c929293 upstream.

We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.

[connoro@google.com: backport to 3.18, where the relevant logic is
located in skcipher_recvmsg() rather than skcipher_recvmsg_sync()]

Change-Id: I97b99469c82dd24e032b561cfd443e46a1cf75e9
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Connor O'Brien <connoro@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ASoC: dapm: Add snd_soc_dapm_switch to the power up/down sequence table

The power up/down sequence order for DAPM switch widgets is not explicitly
initialized, causing them to be run always as the first widget type for both
power up and down. Move it to the same position in the sequence as other mixer
widget types.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: dapm: Provide early event callbacks for power up and down

Some devices may benefit from being able to start some parts of the widget
power up/down sequence earlier on in the sequence than the point at which
the final power state is committed. Support these by providing events which
are called before any power state changes are done.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>

ASoC: Fix early event callback list iteration

The power_list field is used when adding a widget to a power sequence list. Use
the same field when iterating the list using list_for_each_entry, otherwise
we'll see undefined behavior.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

ASoC: dapm: Remove unnecessary loop

The condition 'i == item' is only true when, well, 'i' equals 'item'.
So just use 'item' directly as the index into the array.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: dapm: Add a helper function to free a DAPM path

We have the same code for freeing a DAPM path in three different locations.
Introduce a new helper function to take care of this.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: dapm: Fix return value of snd_soc_dapm_put_{volsw,enum_virt}()

The ALSA core expect the put callback of a control to return 1 if the value of
the control changed and 0 if it did not. Both snd_soc_dapm_put_volsw() and
snd_soc_dapm_put_enum_virt() currently always returns 0. For both functions we
already have a 'change' variable which either contains 1 or 0 depending on
whether the value has changed or not, so just return that.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: dapm: Use generic power check for everything except DAIs

As noticed by Lars-Peter Clausen since the move to using widgets to hook
into the DAIs we no longer directly manage the power of AIF or DAC/ADC
widgets from the stream integration so they can just use the generic power
checks instead of the custom stream integration ones they currently do.

Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: dapm: Pass snd_soc_card directly to soc_dpcm_runtime_update()

soc_dpcm_runtime_update() operates on a ASoC card as a whole. Currently it takes
a snd_soc_dapm_widget as its only parameter though. The widget is then used to
look up the card and is otherwise unused. This patch changes the function to
take a pointer to the card directly. This makes it possible to to call
soc_dpcm_runtime_update() for updates which are not related to one specific
widget.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: jack: Use power efficient workqueue

The accessory detect debounce work is not performance sensitive so let
the scheduler run it wherever is most efficient rather than in a per CPU
workqueue by using the system power efficient workqueue.

Signed-off-by: Mark Brown <broonie@linaro.org>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>

ASoC: jack: Remove unnecessary call to snd_soc_dapm_new_widgets()

snd_soc_jack_add_pins() does not create any new DAPM widgets, so there is no
need to call snd_soc_dapm_new_widgets().

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>

ASoC: pcm: Use the power efficient workqueue for delayed powerdown

There is no need to use a normal per-CPU workqueue for delayed power downs
as they're not timing or performance critical and waking up a core for them
would defeat some of the point.

Signed-off-by: Mark Brown <broonie@linaro.org>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>

pcm_native: switch to fdget()/fdput()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

ALSA: Constify the snd_pcm_substream struct ops field

The ops field of the snd_pcm_substream struct is never modified inside the ALSA
core. Making it const allows drivers to declare their snd_pcm_ops struct as
const.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: Fix the default suffix string with high card number

ALSA core tries to add a suffix as "_1" automatically when the given
id string conflicts.  The current code assumes implicitly that the max
card number is 16 so that the single hex "_X" suffix can be put.
However, with the dynamic device management, the card can be at most
32, so it can put even a non-hex character there.  Also, when the max
card number is increased in future, this would result in worse.

This patch rewrites the code to add the suffix string in a simpler
(thus cleaner) way.  It can support up to three digits, so it should
suffice for most requirements.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: vmaster: Add snd_ctl_sync_vmaster() helper function

Introduce a new helper function, snd_ctl_sync_vmaster(), which updates
the slave put callbacks forcibly as well as calling the hook.  This
will be used in the upcoming patch in HD-audio codec driver for
toggling the mute in vmaster slaves.

Along with the new function, the old snd_ctl_sync_vmaster_hook() is
replaced as a macro calling with the argument hook_only=true.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: vmaster: Fix the regression of missing vmaster hook call

The commit [1ca2f2ec: ALSA: vmaster: Add snd_ctl_sync_vmaster() helper
function] changed master_put() function and the check for the required
vmaster hook call is wrongly performed now, which results in the
missing hook call upon "Master Playback Switch" value changes.
This patch corrects the check logic.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: pcm: Add snd_printd_ratelimit()

Direct calls to printk_limit() will emit log noise even when CONFIG_SND_DEBUG is not
defined. Add a wrapper macro around printk_limit() that is conditionally defined by
CONFIG_SND_DEBUG.

Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: Yacine Belkadi <yacine.belkadi.1@gmail.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: pcm: Use snd_printd_ratelimit()

The use of snd_printd_ratelimit() supresses superfluous output from
printk_ratelimit() when CONFIG_SND_DEBUG is not defined. For example,

[   43.753692] snd_pcm_update_hw_ptr0: 26 callbacks suppressed
[   48.822131] snd_pcm_update_hw_ptr0: 25 callbacks suppressed
[   53.894953] snd_pcm_update_hw_ptr0: 25 callbacks suppressed
[   58.997761] snd_pcm_update_hw_ptr0: 25 callbacks suppressed
[   64.100952] snd_pcm_update_hw_ptr0: 25 callbacks suppressed

fills the log even when no debug output is actually produced.

Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: Yacine Belkadi <yacine.belkadi.1@gmail.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM

Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = d5300000
[00000008] *pgd=0d265831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
CPU: 0 PID: 2295 Comm: vlc Not tainted 3.11.0+ #755
task: dee74800 ti: e213c000 task.ti: e213c000
PC is at snd_pcm_info+0xc8/0xd8
LR is at 0x30232065
pc : [<c031b52c>]    lr : [<30232065>]    psr: a0070013
sp : e213dea8  ip : d81cb0d0  fp : c05f7678
r10: c05f7770  r9 : fffffdfd  r8 : 00000000
r7 : d8a968a8  r6 : d8a96800  r5 : d8a96200  r4 : d81cb000
r3 : 00000000  r2 : d81cb000  r1 : 00000001  r0 : d8a96200
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 15300019  DAC: 00000015
Process vlc (pid: 2295, stack limit = 0xe213c248)
[<c031b52c>] (snd_pcm_info) from [<c031b570>] (snd_pcm_info_user+0x34/0x9c)
[<c031b570>] (snd_pcm_info_user) from [<c03164a4>] (snd_pcm_control_ioctl+0x274/0x280)
[<c03164a4>] (snd_pcm_control_ioctl) from [<c0311458>] (snd_ctl_ioctl+0xc0/0x55c)
[<c0311458>] (snd_ctl_ioctl) from [<c00eca84>] (do_vfs_ioctl+0x80/0x31c)
[<c00eca84>] (do_vfs_ioctl) from [<c00ecd5c>] (SyS_ioctl+0x3c/0x60)
[<c00ecd5c>] (SyS_ioctl) from [<c000e500>] (ret_fast_syscall+0x0/0x48)
Code: e1a00005 e59530dc e3a01001 e1a02004 (e5933008)
---[ end trace cb3d9bdb8dfefb3c ]---

This is provoked when the ASoC front end is open along with its backend,
(which causes the backend to have a runtime assigned to it) and then the
SNDRV_CTL_IOCTL_PCM_INFO is requested for the (visible) backend device.

Resolve this by ensuring that ASoC internal backend devices are not
visible to userspace, just as the commentry for snd_pcm_new_internal()
says it should be.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Mark Brown <broonie@linaro.org>
Cc: <stable@vger.kernel.org> [v3.4+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ASoC: dapm: Power off all widgets in the snd_soc_dapm_shutdown

The widgets generated by the machine driver need to power off too.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: Mark Brown <broonie@linaro.org>

samsung: don't bother with setting VM_IO

io_remap_pfn_range() will set it just fine

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

ASoC: bells: Hookup DMICs for Bells

Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

ASoC: bells: Add missing route to power up DSP clock

Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@linaro.org>

ALSA: compress_core: don't return -EBADFD from poll if paused

Pausing audio playback is not an illegal state so it doesn't
seem sensible for poll() to return -EBADFD on a paused stream.
There's also no reason to assume that we can't write more data
to the DSP while playback is paused. Remove the -EBADFD so that
a stream in paused state will still report the buffer
availability from poll(). It is up to the user process to
manage its state so that it knows whether it is paused or not.

Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>
Acked-by VInod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function

When the process is sleeping at the SNDRV_PCM_STATE_PAUSED
state from the wait_for_avail function, the sleep process will be woken by
timeout(10 seconds). Even if the sleep process wake up by timeout, by this
patch, the process will continue with sleep and wait for the other state.

Signed-off-by: JongHo Kim <furmuwon@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

consolidate the reassignments of ->f_op in ->open() instances

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

ASoC: clearwater: Add EDRE controls

Change-Id: Iedb7020430b9e41b62dd82a975f6922dfc9cd4a6
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>
Signed-off-by: Nikesh Oswal <Nikesh.Oswal@wolfsonmicro.com>

mfd: arizona: Fix resume reset with external DCVDD

The holding of reset during resume for external DCVDD's was only
intended to be applied to Clearwater. But it has been accidentally
applied to all CODECs. This is especially broken for wm5102 where we
never actually release the reset line.

This patch corrects this such that this is only held for Clearwater.

Change-Id: I4a404428122df6a0ea68affad205365c5edf905e
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: arizona: Add better support for system suspend

Allow the chip to completely power off if we enter runtime suspend and
there is no jack detection active. This is helpful for systems where
system suspend might remove the supplies to the CODEC, without informing
us. Note the powering off is done in runtime suspend rather than system
suspend, because we need to hold reset until the first time DCVDD is
powered anyway (which would be in runtime resume), and we might as well
save the extra power.

Change-Id: I1e403a485c0be0d11aa9d85b95a4c9af7c7819da
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: wm5102: Remove registers for output 3R from readable list

The earpiece on 5102 is mono, thus there is no output 3R. Remove the
registers associated with the unused right channel from the readable
registers list.

Change-Id: Icf69624b804e517149b1402b82967b7afd04f343
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: wm5102: Remove set of volume update bits for output 3R

The earpiece on wm5102 is mono, thus there is no output 3R. Don't toggle
the volume update bits for this output, although worth noting that doing
so had no negative effects it is just redundant.

Change-Id: Ifc9fd307168bda12d568870ac7c52bf7da9c6867
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: dapm: Add new widgets to the end of the widget list

Currently new widgets are appended to the beginning of the cards widget
list. This has the effect that widgets that are created while iterating
over the widget list in snd_soc_dapm_new_widgets() (like e.g. the
auto-disable widgets) are not covered during that invocation of the
function. If no further invocations of snd_soc_dapm_new_widgets() happen
these widgets will not be fully initialized and e.g. no debugfs entries are
created for them.

By adding new widgets to the end of the widget list we make sure that
widgets that are created in snd_soc_dapm_new_widgets() will still be
handled during the same snd_soc_dapm_new_widgets() invocation and are
always fully initialized.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
(cherry picked from commit 92fa12426741d52b39ec92ad77c9843d3fc2b3d6)

Change-Id: I80b2903ec85d96c1175e89d65cde9e8e83a5fbd4
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Piotr Stankiewicz <piotrs@opensource.wolfsonmicro.com>

ASoC: dapm: Break out of widget search when source and sink are located

Currently snd_soc_dapm_add_route will continue to search the widget list
even after both the source and sink for the route have been located.
This patch breaks out of the search when both are located giving a
small improvement in probe time for drivers.

Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
(cherry picked from commit 70c751095d5481d246ae7ec622ed35a76ce6ff0c)

Change-Id: I89682bc30eb28fb92b403c1d7002d8e2e413033e
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: dapm: Add cache to speed up adding of routes

Some CODECs have a significant number of DAPM routes and for each route,
when it is added to the card, the entire card widget list must be
searched. When adding routes it is very likely, however, that adjacent
routes will require adjacent widgets. For example all the routes for a
mux are likely added in a block and the sink widget will be the same
each time and it is also quite likely that the source widgets are
sequential located in the widget list.

This patch adds a cache to the DAPM context, this cache will hold the
source and sink widgets from the last call to snd_soc_dapm_add_route for
that context. A small search of the widget list will be made from those
points for both the sink and source. Currently this search only checks
both the last widget and the one adjacent to it.

On wm8280 which has approximately 500 widgets and 30000 routes (one of
the largest CODECs in mainline), the number of paths that hit the cache
is 24000, which significantly improves probe time.

Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
(cherry picked from commit 45a110a1377d9f7afbbf53e351b72cf813ac426e)

Change-Id: I19c1e2b23a79c9089f23e63c54ebff83bfa322b2
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: arizona: Fix noise generator gain TLV

Several codecs have an incorrect dB scaling for the noise
generator gain that started at 0dB and went upwards. Actually
the highest setting is 0dB.

Change-Id: Ie8847e3e35ea3284d5fc6912a7318679e6371a6b
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoC: wm5102: No need for event type on virtual output mux

The virtual output mux seems to be defined as a SND_SOC_DAPM_VIRT_MUX_E
but no event functions are provided. This seems to be a typo correct to
a standard SND_SOC_DAPM_VIRT_MUX, this silences this Sparse warning:

sound/soc/codecs/wm5102.c
warning 1339:1 Using plain integer as NULL pointer

Change-Id: I94a597102266dcb529914a625627c1376899aabf
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

Fixup the merge

Change-Id: I71c1a42830b21715f4bbab0877b6dc12ad1dec09

switch: arizona: Mute mic on button or jack removal if hs-mic is set

If hs mic is set, mute the headset mic on button presses and jack removal
to avoid excess TX TDMA noise during certain network conditions

Change-Id: Idab94b55a6124eb333704cc2d0599a64beb79e00
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>

Revert "mfd: arizona: Add better support for system suspend"

This reverts commit e9140bb9ae1b46372440f56f56b4082b95f43a52.

Disabling the interrupts from runtime suspend has some non-trivial
issues. These need to be investigated, since this patch is of little
value in typical systems revert for now.

Change-Id: Ied4ae5c8daa146e9b33fb7f762f23d1ec593cd21
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

regulator: arizona-micsupp: Always add CHANGE_BYPASS to DT init_data

When reading the init_data from device tree the 3.10 kernel doesn't
support REGULATOR_CHANGE_BYPASS. As there are few sensible use-cases for
not having this simply add the flag to valid_ops_mask after reading the
init_data from DT.

Change-Id: I367d80739dd01480638e69d214c7a2fc550cb560
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: clearwater: Make INTERRUPT_DEBOUNCE_7 readable

Jack detect debounce is controlled on Clearwater by INTERRUPT_DEBOUNCE_7
so make this readable and remove the old ARIZONA_JACK_DETECT_DEBOUNCE.

Change-Id: I2378ca7408773db4a9a640b454f38445fd062d95
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoc: wm_adsp: Add debugfs entry for host buffer error field

This patch adds a "error" node in a "buffer0" subdirectory in debugfs
that reads the error field of the host buffer of a running DSP.

Change-Id: I9d5451a1fafde2ace3f768d0e34ece0bee8687f9
Signed-off-by: Simon Trimmer <simont@opensource.wolfsonmicro.com>

switch: arizona: micd handler must check state before accessing registers

The micd handler is triggered by an IRQ, which could be spurious,
so it must check that it is actually in mic detection state. This
must be done before attempting to access any codec registers because
if we are not in the correct state the codec could be powered-down.

Change-Id: Ibc2b6430024d6f4aa76019aa4fa792f6763d6c78
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

switch: arizona: Always defer micd handler to the workqueue

The micd_handler is potentially not thread-safe in the case where
its IRQ fires spuriously at the same time as one deferred to the
workqueue is also running. This can result in the first one to
start assuming that it has cancelled the timer but in fact the
timer was restarted during the race window.

To avoid this, always queue the micd handling on the workqueue.

Change-Id: I2775e92801d8e64dbfd14265e9538c58fdc49c0d
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoC: clearwater: Fix incorrect interrupt disable in remove()

The codec remove was attempting to disable the DRC interrupt using
the old Arizona interrupt mask register that doesn't exist on
Clearwater.

Change-Id: I975453c4724a78a4910b65b30e8462bf42252348
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoC: arizona: Implement stability check for LHPF coefficients

Change-Id: I3a951942e3ce6af64c5b7bd2c8fb3da0ecba552e
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: arizona: Fixup register table definitions

The regmap register definitions have been a source of many small fixes
as issues are discovered.  As such I made a small automated tool to
check these definitions. This patch fixes the issues (mostly harmless)
located by that tool, the issues fall into three catagories:

1) Volatile registers that have a default in the defaults table (default
has been removed from the table since it is redundant)
2) Registers that are marked as volatile but unreadable (register has
been removed from the volatile list since it is obviously not being
used)
3) Registers that arn't readable but have an entry in the defaults
table (again removed since it is redundant)
4) Readable non-volatile registers that are missing a default, these are
dangerous as they won't get synced during a cache sync. Fortunately,
most of them seem to be registers that shouldn't be there (for example
wm5102 had readable registers for DRC2 and ISRC3 which is doesn't have)

Hopefully another tool will be produced to check the actual default
values themselves but that is outside the scope of this patch.

Change-Id: I06e6f6e0acc9ee6baafabc004606f58733b410ec
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

extcon: arizona: Use correct debounce register for Clearwater

The ARIZONA_JACK_DETECT_DEBOUNCE register doesn't exist on Clearwater and
later codecs, instead debounce is set by CLEARWATER_INTERRUPT_DEBOUNCE_7

Change-Id: I3276744227517f63ba3bd48feafd88a6c3081216
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoC: wm_adsp: Dump scratch registers on DSP shutdown

[switching to upstream version]

The SCRATCH registers are used by firmwares to hold diagnostic
information. Log this during shutdown to assist analysis and debug
of firmwares.

Change-Id: Iaead7843ad33cd1fe4680d6e62b208d93269846b
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

ASoC: florida: Remove unused volume ramp up write sequences

Change-Id: Id941be037da7c01bacfb6eb603d9ebae412eebb7
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: florida: Add registers for custom write sequence triggers

Change-Id: I44129672abc0c0f1c084350787d3979d812db050
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

mfd: florida: Add triggers for the volume ramp write sequences

Attach the two volume ramp down write sequences for the headphones to
two custom write sequence triggers.

Change-Id: I2c77fc08818ea8a82dc34eb10ea9804fe58b93d2
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: florida: Use write sequence triggers to trigger volume ramp

Write sequences started through WRITE_SEQUENCER_CTRL_0 do not queue
nicely with other write sequences. This patch switches to using a custom
trigger to queue the volume ramp down write sequences for the no DRE
case of headphone disable.

Change-Id: I6fe2da03456420d026bc62a4b504caa09da7fbb3
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: florida: Coalesce volume ramp sequence delays

Before powering down the headphones whilst DRE is not enabled we should
ramp down the volume for the output to ensure glitch free operation.
Currently, two 10mS delays are used for this. This patch coalesces these
with the standard power down delay. This is acceptable because the write
sequencer in the chip will queue all the write sequences, so the
headphone disable sequence can't run until the matching volume ramp has
completed. So in the driver we only need to allow enough total delay to
ensure that all the write sequences have finished.

Change-Id: I2e49891921ed4b51278d491629f155ce8e215644
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: florida: Combine pre and post headphone handlers

Both the post_enable and post_disable handlers for the Florida
headphones simply add delay, now the delays are all coalesced into one
delay at the end it doesn't matter if we add that delay in the pre or
post handler. So this patch merges the post handlers into the pre
handles.

Change-Id: Ia83e8f94f05a553ef5ce0c55cecdcacdf62d7ab5
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: florida: Move DRE handling into Florida driver

Change-Id: I34b76addd1d9ee0e1849f489010e4da7c7e6b2b9
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: florida: Sync DRE handling with upstream

Change-Id: Idf8cf38c42469b572625bd23817b97c8b98416cc
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>

ASoC: clearwater: Adding Support for  AEC2 Loopback

Change-Id: I23e1391e4ecfb0e63cbcce02a74584dccf4672c9
Signed-off-by: V V N Praveen Kumar <praveenkumar.vegivada@incubesol.com>

ASoC: wm_adsp: Support stereo capture for Ez2Control

Change-Id: I5b74db1767c2ed22073b30c551fa924663789ee8
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>
Signed-off-by: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>

regmap: Use reg_sequence for multi_reg_write / register_patch

Separate the functionality using sequences of register writes from the
functions that take register defaults. This change renames the arguments
in order to support the extension of reg_sequence to take an optional
delay to be applied after any given register in a sequence is written.
This avoids adding an int to all register defaults, which could
substantially increase memory usage for regmaps with large default tables.

This also updates all the clients of multi_reg_write/register_patch.

Change-Id: Ib82b04621d3d2c1051f030308d08caed611b7008
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>

regmap: Apply optional delay in multi_reg_write/register_patch

Add an optional delay_us field in reg_sequence to allow the client to
specify a delay (in microseconds) to be applied after any given write
in a sequence of writes.

We treat a delay in a sequence the same way we treat a page change as
they are logically similar in that you can coalesce all write before
a delay (in the same way you can coalesce all writes before a page
change is needed)

Change-Id: Ic6850a90c71c6a7f15f4a76625ae8a75ab5c5d6a
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>

mfd: arizona: Add lock to avoid race between dapm and set_sysclk

For the cases where we modify the input to the DSPCLK domain on
the fly we need to clear DSPCLK_ENA during the modification.
Due to the fact that the DSPCLK supply widget also controls this bit,
make sure we don't race.

We can't use the dapm mutex here because we cannot guarantee that
set_sysclk will not be called without the dapm_mutex held.

Change-Id: I87c69f3893221bdfdaeb5bced5ec021f26998f07
Signed-off-by: Nariman Poushin <nariman@opensource.wolfsonmicro.com>

ALSA: pcm : Call kill_fasync() in stream lock

commit 3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 upstream.

Currently kill_fasync() is called outside the stream lock in
snd_pcm_period_elapsed().  This is potentially racy, since the stream
may get released even during the irq handler is running.  Although
snd_pcm_release_substream() calls snd_pcm_drop(), this doesn't
guarantee that the irq handler finishes, thus the kill_fasync() call
outside the stream spin lock may be invoked after the substream is
detached, as recently reported by KASAN.

As a quick workaround, move kill_fasync() call inside the stream
lock.  The fasync is rarely used interface, so this shouldn't have a
big impact from the performance POV.

Ideally, we should implement some sync mechanism for the proper finish
of stream and irq handler.  But this oneliner should suffice for most
cases, so far.

Change-Id: Ic06f5367153223bb29904672fec26e8294df3529
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

ALSA: seq: Fix use-after-free at creating a port

backported 71105998845fb012937332fe2e806d443c09e026 from
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git



There is a potential race window opened at creating and deleting a
port via ioctl, as spotted by fuzzing.  snd_seq_create_port() creates
a port object and returns its pointer, but it doesn't take the
refcount, thus it can be deleted immediately by another thread.
Meanwhile, snd_seq_ioctl_create_port() still calls the function
snd_seq_system_client_ev_port_start() with the created port object
that is being deleted, and this triggers use-after-free like:

 BUG: KASAN: use-after-free in snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] at addr ffff8801f2241cb1
 =============================================================================
 BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
 -----------------------------------------------------------------------------
 INFO: Allocated in snd_seq_create_port+0x94/0x9b0 [snd_seq] age=1 cpu=3 pid=4511
 	___slab_alloc+0x425/0x460
 	__slab_alloc+0x20/0x40
  	kmem_cache_alloc_trace+0x150/0x190
	snd_seq_create_port+0x94/0x9b0 [snd_seq]
	snd_seq_ioctl_create_port+0xd1/0x630 [snd_seq]
 	snd_seq_do_ioctl+0x11c/0x190 [snd_seq]
 	snd_seq_ioctl+0x40/0x80 [snd_seq]
 	do_vfs_ioctl+0x54b/0xda0
 	SyS_ioctl+0x79/0x90
 	entry_SYSCALL_64_fastpath+0x16/0x75
 INFO: Freed in port_delete+0x136/0x1a0 [snd_seq] age=1 cpu=2 pid=4717
 	__slab_free+0x204/0x310
 	kfree+0x15f/0x180
 	port_delete+0x136/0x1a0 [snd_seq]
 	snd_seq_delete_port+0x235/0x350 [snd_seq]
 	snd_seq_ioctl_delete_port+0xc8/0x180 [snd_seq]
 	snd_seq_do_ioctl+0x11c/0x190 [snd_seq]
 	snd_seq_ioctl+0x40/0x80 [snd_seq]
 	do_vfs_ioctl+0x54b/0xda0
 	SyS_ioctl+0x79/0x90
 	entry_SYSCALL_64_fastpath+0x16/0x75
 Call Trace:
  [<ffffffff81b03781>] dump_stack+0x63/0x82
  [<ffffffff81531b3b>] print_trailer+0xfb/0x160
  [<ffffffff81536db4>] object_err+0x34/0x40
  [<ffffffff815392d3>] kasan_report.part.2+0x223/0x520
  [<ffffffffa07aadf4>] ? snd_seq_ioctl_create_port+0x504/0x630 [snd_seq]
  [<ffffffff815395fe>] __asan_report_load1_noabort+0x2e/0x30
  [<ffffffffa07aadf4>] snd_seq_ioctl_create_port+0x504/0x630 [snd_seq]
  [<ffffffffa07aa8f0>] ? snd_seq_ioctl_delete_port+0x180/0x180 [snd_seq]
  [<ffffffff8136be50>] ? taskstats_exit+0xbc0/0xbc0
  [<ffffffffa07abc5c>] snd_seq_do_ioctl+0x11c/0x190 [snd_seq]
  [<ffffffffa07abd10>] snd_seq_ioctl+0x40/0x80 [snd_seq]
  [<ffffffff8136d433>] ? acct_account_cputime+0x63/0x80
  [<ffffffff815b515b>] do_vfs_ioctl+0x54b/0xda0
  .....

We may fix this in a few different ways, and in this patch, it's fixed
simply by taking the refcount properly at snd_seq_create_port() and
letting the caller unref the object after use.  Also, there is another
potential use-after-free by sprintf() call in snd_seq_create_port(),
and this is moved inside the lock.

This fix covers CVE-2017-15265.

Change-Id: I329a13fac06fe45d08c68afba38405ca0e05c397
Reported-and-tested-by: Michael23 Yu <ycqzsy@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

mfd: arizona: remove duplicated switch-statements

Change-Id: I86a020d841e463fec354c45cec58141e09c086e1

binder_poll() passes the thread->wait waitqueue that
can be slept on for work. When a thread that uses
epoll explicitly exits using BINDER_THREAD_EXIT,
the waitqueue is freed, but it is never removed
from the corresponding epoll data structure. When
the process subsequently exits, the epoll cleanup
code tries to access the waitlist, which results in
a use-after-free.

Prevent this by using POLLFREE when the thread exits.

(cherry picked from commit f5cb779ba16334b45ba8946d6bfa6d9834d1527f)

Change-Id: Ib34b1cbb8ab2192d78c3d9956b2f963a66ecad2e
Signed-off-by: Martijn Coenen <maco@android.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: stable <stable@vger.kernel.org> # 4.14
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

It was no longer being used.

Change-Id: I7fc42b76f688a459ad990f59fbd7006b96bb91a6
Signed-off-by: Martijn Coenen <maco@android.com>

Allowing binder to expose the 64-bit API on 32-bit kernels caused a
build warning:

drivers/android/binder.c: In function 'binder_transaction_buffer_release':
drivers/android/binder.c:2220:15: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
    fd_array = (u32 *)(parent_buffer + fda->parent_offset);
               ^
drivers/android/binder.c: In function 'binder_translate_fd_array':
drivers/android/binder.c:2445:13: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
  fd_array = (u32 *)(parent_buffer + fda->parent_offset);
             ^
drivers/android/binder.c: In function 'binder_fixup_parent':
drivers/android/binder.c:2511:18: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]

This adds extra type casts to avoid the warning.

However, there is another problem with the Kconfig option: turning
it on or off creates two incompatible ABI versions, a kernel that
has this enabled cannot run user space that was built without it
or vice versa. A better solution might be to leave the option hidden
until the binder code is fixed to deal with both ABI versions.

Fixes: e8d2ed7db7c3 ("Revert "staging: Fix build issues with new binder API"")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1c363eaece2752c5f8b1b874cb4ae435de06aa66)

Change-Id: Id09185a6f86905926699e92a2b30201b8a5e83e5

If the top is changed while we're attempting to use it, it's
possible that the reference will be put while we are in the
process of grabbing a reference.

Now we grab a spinlock to protect grabbing our reference count.

Additionally, we now set the inode_info's top value to point to
it's own data when initializing, which makes tracking changes
easier.

Change-Id: If15748c786ce4c0480ab8c5051a92523aff284d2
Signed-off-by: Daniel Rosenberg <drosen@google.com>

This reverts commit f18c44dc552e2ed0655ed5ec49b578da4dd30588.

Instead of calling notify within sdcardfs, which reverse the
order of notifications during an open with truncate, we'll
make fs_notify worry about it.

Change-Id: Ic634401c0f223500066300a4df8b1453a0b35b60
Bug: 70706497
Signed-off-by: Daniel Rosenberg <drosen@google.com>

We now use the lower filesystem's getattr for time and size related
information.

Change-Id: I3dd05614a0c2837a13eeb033444fbdf070ddce2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 72007585

The permission call for xattr operations happens regardless of
whether or not the xattr functions are implemented.

The xattr functions currently don't have support for permission2.
Passing EOPNOTSUPP as the mount point in xattr_permission allows
us to return EOPNOTSUPP early in permission2, if the filesystem
supports it.

Change-Id: I9d07e4cd633cf40af60450ffbff7ac5c1b4e8c2c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35848445

Moving default_normal from mount info to superblock info
as it doesn't need to change between mount points.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 72158116
Change-Id: I16c6a0577c601b4f7566269f7e189fcf697afd4e

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 64672411
Change-Id: I98796df95dc9846adb77a11f49a1a254fb1618b1

The default_normal option causes mounts with the gid set to
AID_SDCARD_RW to have user specific gids, as in the normal case.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I9619b8ac55f41415df943484dc8db1ea986cef6f
Bug: 64672411

fsnotify_open is not called within dentry_open,
so we need to call it ourselves.

Change-Id: Ia7f323b3d615e6ca5574e114e8a5d7973fb4c119
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 70706497

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 63245673
Change-Id: I5fc596420301045895e5a9a7e297fd05434babf9

This moves the code to adjust the gid/uid of lower filesystem
files under the mount flag derive_gid.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I44eaad4ef67c7fcfda3b6ea3502afab94442610c
Bug: 63245673

Change-Id: Ifa3d274dba05aeadedef15a15c10b5bb49b9b063

Change-Id: I8c713bd27233aac4156c0224ab92869207ea69ee

Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.

Change-Id: Ieab6000d17aa069a05bbe9eb398ce9d540fc4426
Cc: stable@vger.kernel.org
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The retry logic for netlink_attachskb() inside sys_mq_notify()
is nasty and vulnerable:

1) The sock refcnt is already released when retry is needed
2) The fd is controllable by user-space because we already
   release the file refcnt

so we when retry but the fd has been just closed by user-space
during this small window, we end up calling netlink_detachskb()
on the error path which releases the sock again, later when
the user-space closes this socket a use-after-free could be
triggered.

Setting 'sock' to NULL here should be sufficient to fix it.

Change-Id: Ibce67ffb3a45be33bab466e9aed10c4a5a94c98f
Reported-by: GeneBlue <geneblue.mail@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

syzkaller found a way to trigger double frees from ip_mc_drop_socket()

It turns out that leave a copy of parent mc_list at accept() time,
which is very bad.

Very similar to commit 8b485ce69876 ("tcp: do not inherit
fastopen_req from parent")

Initial report from Pray3r, completed by Andrey one.
Thanks a lot to them !

Change-Id: I431b90eae7874a2ba726677b295ecce09e1a8fd1
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Pray3r <pray3r.z@gmail.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Before this patch, a process with some permissive seccomp filter
that was applied by root without NO_NEW_PRIVS was able to add
more filters to itself without setting NO_NEW_PRIVS by setting
the new filter from a throwaway thread with NO_NEW_PRIVS.

Signed-off-by: Jann Horn <jann@thejh.net>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

Bug: 36656103
(cherry-picked from commit 103502a35cfce0710909da874f092cb44823ca03)
Signed-off-by: Paul Lawrence <paullawrence@google.com>

Change-Id: I5abd7daab9172f1dfd53e11706b7c7f331f2f4f1

Change-Id: I7e4790860d216b3c5cdd7808c7d07aedcee21928

Change-Id: Id8b47a6c616bbb2cc5b16eaa92513d623a104e37

Change-Id: I9637f7df469231ed3a97d04239d009c773a25696

The getrandom(2) system call was requested by the LibreSSL Portable
developers.  It is analoguous to the getentropy(2) system call in
OpenBSD.

The rationale of this system call is to provide resiliance against
file descriptor exhaustion attacks, where the attacker consumes all
available file descriptors, forcing the use of the fallback code where
/dev/[u]random is not available.  Since the fallback code is often not
well-tested, it is better to eliminate this potential failure mode
entirely.

The other feature provided by this new system call is the ability to
request randomness from the /dev/urandom entropy pool, but to block
until at least 128 bits of entropy has been accumulated in the
/dev/urandom entropy pool.  Historically, the emphasis in the
/dev/urandom development has been to ensure that urandom pool is
initialized as quickly as possible after system boot, and preferably
before the init scripts start execution.

This is because changing /dev/urandom reads to block represents an
interface change that could potentially break userspace which is not
acceptable.  In practice, on most x86 desktop and server systems, in
general the entropy pool can be initialized before it is needed (and
in modern kernels, we will printk a warning message if not).  However,
on an embedded system, this may not be the case.  And so with this new
interface, we can provide the functionality of blocking until the
urandom pool has been initialized.  Any userspace program which uses
this new functionality must take care to assure that if it is used
during the boot process, that it will not cause the init scripts or
other portions of the system startup to hang indefinitely.

SYNOPSIS
	#include <linux/random.h>

	int getrandom(void *buf, size_t buflen, unsigned int flags);

DESCRIPTION
	The system call getrandom() fills the buffer pointed to by buf
	with up to buflen random bytes which can be used to seed user
	space random number generators (i.e., DRBG's) or for other
	cryptographic uses.  It should not be used for Monte Carlo
	simulations or other programs/algorithms which are doing
	probabilistic sampling.

	If the GRND_RANDOM flags bit is set, then draw from the
	/dev/random pool instead of the /dev/urandom pool.  The
	/dev/random pool is limited based on the entropy that can be
	obtained from environmental noise, so if there is insufficient
	entropy, the requested number of bytes may not be returned.
	If there is no entropy available at all, getrandom(2) will
	either block, or return an error with errno set to EAGAIN if
	the GRND_NONBLOCK bit is set in flags.

	If the GRND_RANDOM bit is not set, then the /dev/urandom pool
	will be used.  Unlike using read(2) to fetch data from
	/dev/urandom, if the urandom pool has not been sufficiently
	initialized, getrandom(2) will block (or return -1 with the
	errno set to EAGAIN if the GRND_NONBLOCK bit is set in flags).

	The getentropy(2) system call in OpenBSD can be emulated using
	the following function:

            int getentropy(void *buf, size_t buflen)
            {
                    int     ret;

                    if (buflen > 256)
                            goto failure;
                    ret = getrandom(buf, buflen, 0);
                    if (ret < 0)
                            return ret;
                    if (ret == buflen)
                            return 0;
            failure:
                    errno = EIO;
                    return -1;
            }

RETURN VALUE
       On success, the number of bytes that was filled in the buf is
       returned.  This may not be all the bytes requested by the
       caller via buflen if insufficient entropy was present in the
       /dev/random pool, or if the system call was interrupted by a
       signal.

       On error, -1 is returned, and errno is set appropriately.

ERRORS
	EINVAL		An invalid flag was passed to getrandom(2)

	EFAULT		buf is outside the accessible address space.

	EAGAIN		The requested entropy was not available, and
			getentropy(2) would have blocked if the
			GRND_NONBLOCK flag was not set.

	EINTR		While blocked waiting for entropy, the call was
			interrupted by a signal handler; see the description
			of how interrupted read(2) calls on "slow" devices
			are handled with and without the SA_RESTART flag
			in the signal(7) man page.

NOTES
	For small requests (buflen <= 256) getrandom(2) will not
	return EINTR when reading from the urandom pool once the
	entropy pool has been initialized, and it will return all of
	the bytes that have been requested.  This is the recommended
	way to use getrandom(2), and is designed for compatibility
	with OpenBSD's getentropy() system call.

	However, if you are using GRND_RANDOM, then getrandom(2) may
	block until the entropy accounting determines that sufficient
	environmental noise has been gathered such that getrandom(2)
	will be operating as a NRBG instead of a DRBG for those people
	who are working in the NIST SP 800-90 regime.  Since it may
	block for a long time, these guarantees do *not* apply.  The
	user may want to interrupt a hanging process using a signal,
	so blocking until all of the requested bytes are returned
	would be unfriendly.

	For this reason, the user of getrandom(2) MUST always check
	the return value, in case it returns some error, or if fewer
	bytes than requested was returned.  In the case of
	!GRND_RANDOM and small request, the latter should never
	happen, but the careful userspace code (and all crypto code
	should be careful) should check for this anyway!

	Finally, unless you are doing long-term key generation (and
	perhaps not even then), you probably shouldn't be using
	GRND_RANDOM.  The cryptographic algorithms used for
	/dev/urandom are quite conservative, and so should be
	sufficient for all purposes.  The disadvantage of GRND_RANDOM
	is that it can block, and the increased complexity required to
	deal with partially fulfilled getrandom(2) requests.

Change-Id: I6a56c0e113139f055d48f6424a6904100db5db88
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Zach Brown <zab@zabbo.net>

Change-Id: I06c6cd781d7f5423294d237f4a1af287750a49c4