Initialize member value of struct apr_client_data after declaration.
CRs-Fixed: 2091948
Change-Id: I8a185ebd4126f7d064de90bf652bc96c2ab7b408
Signed-off-by: Yidong Huang <yidongh@codeaurora.org>
Change all qdsp6v2 audio driver to use %pK instead
of %p. %pK hides addresses when the users doesn't
have kernel permissions. If address information
is needed echo 0 > /proc/sys/kernel/kptr_restrict.
Change-Id: Ifcd61bd2615505be80dd834e9dbee9c22f3d72ac
Signed-off-by: Viraja Kommaraju <virajak@codeaurora.org>
Initialize the has_locked member before running SSR
spinlock test to ensure consistent results.
CRs-Fixed: 2091946
Change-Id: Ifad37541a94668b496aa9204dc80920b9a7ff244
Signed-off-by: Chris Lew <clew@codeaurora.org>
The current implementation is using mutex lock to protect the Rx data
packet list but Glink core can notify the Rx data in atomic context
and the mutex lock is not used in some places.
Replace the mutex lock with spinlock to protect the Rx data packet list.
CRs-Fixed: 852949
Change-Id: Ie7543a98e6589e8068b873a8bb4f49b9a195d881
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
The buffer allocated in file open operations need to be
protected as there can be a possiblity of use-after-free
scenario.
Process A B
| |
open |
| |
read started |
| close
Add mutex lock to protect the buffer to avoid this.
"msm_rpmstats_copy_stats" accesses the variable "pdata->read_idx"
without locking. The userspace can invoke the "read" call from
multiple threads which will call "msm_rpmstats_file_read" which
in turn calls "msm_rpmstats_copy_stats".
This can allow the statement "pdata->read_idx++" increment
"read_idx" beyond the limit ("prvdata->num_records") and call
"msm_rpmstats_read_register" with this value.
Also allow reading RPM stats information using sysfs nodes.
The stats are available at
/sys/power/system_sleep/stats
Change-Id: I031f02bb2694a97ced86da0a9f54d0e434e4ad6d
Signed-off-by: Naresh Malladi <namall@codeaurora.org>
Initialize few variables and check return value of sscanf.
use 'goto' to exit without sending rpm send message request
in case of sscanf failure.
Change-Id: I86f723b4dbbca30b80a33de8b2c28116da8730dd
Signed-off-by: Naresh Malladi <namall@codeaurora.org>
As debugfs interface is intended to test the respective ssr, remove
from the driver to make sure it won't be available by default.
CRs-Fixed: 2025661
Change-Id: I6af9a8333c8028611f889cc2f9b0beb37ef12c9b
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
Variable current_image can be modified by multiple threads.
This change will protect current_image getting modified
by multiple threads.
Change-Id: I33df463311b24f73b1ba124d388731a72bd13263
CRs-Fixed: 2016485
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Explicitly clear the subsystem loading address in case of any
memory failure. It will help to avoid any platform dependency.
Change-Id: I3be8f6318d68f02c02e637fc34f4a868e9fafa45
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
PIL boot failure if happened due to memory allocation failure then skip
clearing segments as there is nothing loaded in fw region.
Change-Id: If0c09dd47941be0d9fe42496db43365ece32f3e9
Signed-off-by: Avaneesh Kumar Dwivedi <akdwived@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
In existing implementation, we are clearing fw region when loading fails
midway. This is not in consonance with MBA design so differentiate
between modem and other PIL modules. While at it, rectify the data type
of subsys_state in qmi_client_info as well.
Change-Id: I985456fca42346947eac24df5bf66599dcbf4c53
Signed-off-by: Avaneesh Kumar Dwivedi <akdwived@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
In existing implementation elf region was being clearead before memory
access to firmware region assigned to HLOS. So to avoid it using
separate function which will be called only when HLOS is the owner.
Change-Id: I8bb22e4dbe3e1f898678d0c0f6e60268b88fc150
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
In existing implementation elf region was being clearead before memory
access to firmware region assigned to HLOS. So to avoid it using
separate function which will be called only when HLOS is the owner.
Change-Id: I8bb22e4dbe3e1f898678d0c0f6e60268b88fc150
Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
Clear memory where elf segments are loaded if any of the segments fail
authentication.
CRs-Fixed: 1113126
Change-Id: I85d6bdc8efbb5738a863e59c0244222defcc1bcb
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
Add size check to ensure the payload fits inside the declared payload
size to prevent loss of data when copying.
CRs-Fixed: 2009224
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Change-Id: I4275c626605272941143b54a7b8861b25f8e750a
variable size is output variable and is not initialized,
printing it can lead to information leak.
variable size is removed from log message.
CRs-Fixed: 1093837
Change-Id: I95cf227bb82a2ee7c6f43db151f75a942e8e55ce
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
Add a mutex to prevent two threads from processing the same response
at the same time. This ensures responses are processed completely and
sequentially.
CRs-Fixed: 1116015
Change-Id: Id2ef32edb939f8af2850b54bd6f6f447939c0732
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Replace WARN with pr_warn so that stack trace is not printed with the
message.
CRs-Fixed: 1111653
Change-Id: Id1c7bbe8a528199261455ba7901e9df81913aef8
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
Non-atomic scm call which could be interrupted, trustzone will store
the session id in a register(x6) which will be used when trustzone resumes
the call.
To avoid x6 being used by compiler, HLOS now uses it to send a zero before
making scm call.
This is the same change as in the 32bit scm call.
Change-Id: If7a3ee28bdbf22acf447531603819a6f4f1603ca
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
The core_ctl module takes input from userspace and CPU load information to
decide how many CPUs to keep online. User space has the following tunables:
- min_cpus: Minimum number of CPUs to keep online. This overrides other
heuristics.
- max_cpus: Maximum number of CPUs to keep online. This overrides other
heuristics.
- additional_cpus: Additional idle CPUs to keep ready for use.
- busy_up_thres: The normalized load% threshold that the CPU load should
exceeded for the CPU to be go from not busy to busy.
It could be a single threshold for all CPUs in a group, or num_cpus
thresholds separated by spaces to specify different thresholds based on
the current number of online CPUs.
- busy_down_thres: The normalized load% threshold that the CPU load should
be lower than for the CPU to go from busy to not busy.
It could be a single threshold for all CPUs in a group, or num_cpus
thresholds separated by spaces to specify different thresholds based on
the current number of online CPUs.
- offline_delay_ms: The time to wait for before offline cores when the
number of needed CPUs goes down.
Mot-CRs-fixed: (CR)
Change-Id: Ied1d5bcbb8da5bbd5f3d1a3f042599babace6b65
Signed-off-by: Saravana Kannan <skannan@codeaurora.org>
Signed-off-by: Junjie Wu <junjiew@codeaurora.org>
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Ravi Chebolu <arc095@motorola.com>
Reviewed-on: http://gerrit.mot.com/866560
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver <sltawvr@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Lian-Wei Wang <lian-wei.wang@motorola.com>
Reviewed-by: Christopher Fries <cfries@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>
The drivers uses %p to print the Kernel pointers.
Replace %p with appropriate format to stop revealing Kernel pointers.
Change-Id: Ic7d77e920ccfe779b979f732d506d59dcdfe885a
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
scm_call2 is printing the input arguments if TZ ret value is < 0
leading to information leak. Remove printing input arguments.
Change-Id: I21dd6d83fa979aed2c79ebb2c9c8de63a247dded
CRs-Fixed: 1076407
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
There is a posibility of a buffer overflow in scm_call,
add check to avoid the same.
Change-Id: Iee908c56ec530569b35dafa060139e0428efc781
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
Add size checks to validate minimum size is met. Update log messages
to include only relevant information to ensure logs are accurate and
useful.
Change-Id: Idf76a7d964ec6989a0474d49895e54103f17938b
CRs-fixed: 1073129
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Fix the dangling pointer issues on CoreSight that can cause kernel
panic.
Change-Id: If3abe89bf0326230c29a49d293ab22ebcec93076
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
Change format string to %pK instead of %p in the debug statements. This
change fixes kernel address leaks from the usage of %p.
CRs-Fixed: 1052825
Change-Id: Ib95f691919a2977f5436cd4c6ac4a002d70dd729
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
Array overflow can occur in firmware_name_store(), if the variable
buf contains the string larger than size of subsys->desc->fw_name
Change-Id: Ice39d7a1eb0b5f53125cc5d528021a99b9f7ff90
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Array overflow can occur in firmware_name_store(), if the variable
buf contains the string larger than size of subsys->desc->fw_name
Change-Id: Ice39d7a1eb0b5f53125cc5d528021a99b9f7ff90
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Non-atomic scm call which could be interrupted, trustzone will store
the session id in a register(x6) which will be used when trustzone resumes
the call.
To avoid x6 being used by compiler, HLOS now uses it to send a zero before
making scm call.
This is the same change as in the 32bit scm call.
Change-Id: If7a3ee28bdbf22acf447531603819a6f4f1603ca
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
The SMD state machine contains few sync points where it can be ensured that
the remote side has observed a state transition before proceeding to the
next state. This can lead to situations where the local side misses an
expected state transition and therefore does not perform expected
processing.
If the local side observes a state transition that could have only occurred
if a close state tranition was missed, perform the missed processing.
CRs-Fixed: 933788
Change-Id: I36e0beddc3afc2f96c090d9b856bb6a4a9a9262f
Signed-off-by: Jeffrey Hugo <jhugo@codeaurora.org>
As scheduler doesn't guarantee scheduling even into high
priority worker task within 1 sec after waking up, it can't
pet watchdog properly. Use rt task to pet watchdog even if
the scheduler is busy to handle normal priority tasks.
CRs-Fixed: 940039
Change-Id: Ief8a01df8ef61481c94c3f781d22796882320fc0
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
[pdaly@codeaurora.org:
resolve INIT_COMPLETION rename
resolve include file changes]
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
The last_pet variable is set in suspend callback and during
pet_watchdog() and is printed when watchdog bark handler gets
called. This variable does not represent exact last pet time in
cases where non secure bark occurs before system could pet the
watchdog upon wakeup event from low power mode. Reset the
watchdog during msm_watchdog_resume() and update last_pet
variable so that watchdog bark messages will represent latest
info.
This commit also adds memory barrier after resetting watchdog in
msm_watchdog_suspend(). This will make sure watchdog writes are
complete before proceeding further.
Change-Id: I44492a947bc3664b7d14cfae9e877ebe0dc32836
Signed-off-by: Sarangdhar Joshi <spjoshi@codeaurora.org>
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
