There is possibility that network will be used after free.
This change is to fix this issue.

Change-Id: I2368532df4fc4e75e8d8f2f259a989b5af5f9679
Signed-off-by: Gao Wang <quic_gaowang@quicinc.com>
(cherry picked from commit 4cfe408f)

Update gki_defconfig in msm-kernel by replace the one in kp common,
to keep same defconfig.

Change-Id: Ie4577aa5686d4982f031562fb6241b4fe754da0e
Signed-off-by: Kai Meng <quic_kmeng@quicinc.com>

A persistence map is expected to hold refs=2 during its creation.
However, the Fuzzy test can create a persistence map by configuring
a mismatch between attributes and flags using the KEEP MAP attribute
and FD NOMAP flags. This sets the map reference count to 1. The user
then calls fastrpc_internal_munmap_fd to free the map since it
doesn't check flags, which can cause a use-after-free (UAF) for the
file map and shared buffer. Add a check to restrict DMA handle
maps with invalid attributes.

Change-Id: I2f024ef99cc2a0487010504166e3af3433d5302d
Acked-by: Santosh <quic_ssakore@quicinc.com>
Signed-off-by: Anand Kulkarni <quic_anankulk@quicinc.com>
(cherry picked from commit 56cd0e3a)

Fix the condition check that overrides the number of
smr/context banks in the system.

Change-Id: I4bc4def7dc348346543f8378548d37c96a47647e
Signed-off-by: Deepak Suresh <quic_deesur@quicinc.com>

Enable hdmi input mux driver for switch DP and HDMI in 8550 target.

Change-Id: I4dbf1e95882c8655bc45a697008c0c51c6a27f92
Signed-off-by: Bhasker Reddy Komatireddy <quic_kbhasker@quicinc.com>

Add CROW APQ SoC information to socinfo.

Change-Id: I98415f455f777561beedb70ed9f3d39dab49d83e
Signed-off-by: Swetha Chikkaboraiah <quic_schikk@quicinc.com>

When a MHI WAKE request (that is request to bring MHI from M3 to M0) is
received while device is in D0, this request is being dropped as there
is no way to notify host about this event. This is leading to failure at
client drivers as they unable to wakeup mhi and perform write operation.

Fix the issue by waiting for D3hot in MHI before sending the wake
request:
    - If M0 is received while waiting, exit the function.
    - If D3hot/D3cold is received, send the wake request.
    - Else return failure.

Increase the timeout value of mhi_dev_write_channel() from 2s to 2.5s
to accommodate the waiting time for D state transition to D3hot/D3cold.

Change-Id: Idd58bb664d31bc1e5615119284c6cba924fe17b6
Signed-off-by: Sumit Kumar <quic_sumk@quicinc.com>

Enable SLEEP_CLK_32K_SCALE to correct sleep clock frequency.

Change-Id: Ibab81213c966ed71b3af2a520f621692e2dd486d
Signed-off-by: Ayyagari Ushasreevalli <quic_aushasre@quicinc.com>

The current code collects RAM dumps for both DSP SSR and PDR, but not
required during PDR. Fix is to collect it for SSR and skip it for PDR.

Acked-by: rnallago <quic_rnallago@quicinc.com>
Change-Id: I624bff31944e053c927a1260c3c689f1bd1a073e
Signed-off-by: Ansa Ahmed <quic_ansa@quicinc.com>

Add lt8711uxe2 hdmi switch state.

Change-Id: I5e561b3565fd40491765892eda464f491aa25fcf
Signed-off-by: Guihong Liu <quic_guihongl@quicinc.com>

Fix the issue that spidev is unavailable in perf build.

Change-Id: I441dcd27552b55eae6e4e5e5f8ffa9bf2271fd3a
Signed-off-by: Xiaoning Ma <quic_mxiaonin@quicinc.com>

Generate a private key and cert for dm-verity, and add
verification of root hash signature for dm-verity devices.

Change-Id: I7bd51eced12f686d445e5bf6a6eda8e191ad7469
Signed-off-by: Ankit Lathiya <quic_alathiya@quicinc.com>

Increase the block size of the buffer sent to MHI with contiguous
memory.

Change-Id: I24251f45da201962c0725353205f71a21bfdf78a
Signed-off-by: Mao Jinlong <quic_jinlmao@quicinc.com>

Enable clock for emac0 passthrough.

Change-Id: Ia2015e237a4d3f7c19c24d8b2d3038297f882464
Signed-off-by: Uppalamarthi Sowmya <quic_usowmya@quicinc.com>

path_lookupat() is capable of safely reading unmapped VAs, by using
load_unaligned_zeropad(). If an unmapped VA is read whilst the
function is being called, that resulting page fault will get
re-directed to __do_page_fault(), which will call fixup_exception() to
handle the aforementioned unmapped-VA-read.

Now consider some memory was still mapped at S1 but lent to another
Gunyah VM. path_lookupat() can then use load_unaligned_zeropad() on a
page that virtually borders - in the S1 VA space - the page that was
lent to the other VM, and end up trying to read content from that
page. Gunyah will then inject an syncrhonous external abort for a PTW
fault, which will map to do_sea(). Register a callback for
trace_android_rvh_try_fixup_sea(), which returns true if we can
attempt a fixup_exception() call in do_sea() to zero-pad the read to
the page that was lent away.

Change-Id: I30a85d33f6c52d902275a178191cd47a2336658a
Signed-off-by: Chris Goldsworthy <quic_cgoldswo@quicinc.com>

Mhi_tsync struct will not be freed and reallocated during esoc poweroff
and poweron. There is a chance that after host ring time sync DB and set
local flag db_pending as true, subsystem recovery is triggered and esoc
poweroff, in this case, host has no chance to clear db_pending because
host is unable to receive time sync event.

After esoc power on, host can not ring DB any more as the db_pending is
not cleared.

Hence, reinit the mhi_tsync struct during init to fix this issue.

Change-Id: I16398e6f6a7d524d783fda89fde3e5edb2bdf392
Signed-off-by: Qiang Yu <quic_qianyu@quicinc.com>

Use queue work to wait backend respond to avoid kernel bug or warning
that scheduling while atomic or RCU read-side critical section
for VirtIO minidump.

Change-Id: Ia9c289274611c0fdf4244b3a8b96da30ae8adad2
Signed-off-by: Fei Yang <quic_feiyan@quicinc.com>

When there are multiple USB controllers operating in host mode, there
is a possibility of receiving USB host notifications that belong to a
different controller. This can sometimes occur before the host is
initialized, leading to a NULL pointer dereference.

This patch adds necessary checks to ensure that only notifications
belonging to the matching controller are handled, preventing potential
NULL pointer dereferences and unwanted controller settings.

Change-Id: If557f98016314e183494071c68d839ae9b8d24cb
Signed-off-by: Faisal Hassan <quic_faisalh@quicinc.com>

Add socinfo support for kalama QCM Non-pop SoC ID.

Change-Id: I7f68c9ef106028edf581a24ef4fd34813f16fe05
Signed-off-by: Bhasker Reddy Komatireddy <quic_kbhasker@quicinc.com>