Select Git revision
Search by author
- Any Author
- authors
-
72162444 72162444 gaochangning
-
Aakash Dave aakash.dave
-
Aaron Kim akim
-
Aaron Kloc akloc
-
Aaron Lan aaron.lan
-
Aaron Nabil aaronna
-
Aaron Pohle aaron.pohle
-
Abbott Chung chung.abbott
-
Abdallah Omar abdallah_omar
-
Abdessamii Chalbi abdessamii.chalbi
-
Abdul Hussain Sirajudeen abdul.hussain
-
Abdullah Alghamdi a.alghamdi
-
Abdullah Elmarghany abdullah_elmarghany
-
Abel Fang abel_fang
-
Abhijeet Badurkar abhijeet.badurkar
-
Abhijit Adsule adsule
-
Abhijit Murthy abhijit
-
Abhi Khanal akhanal
-
Abhilash Sahoo abhilashsahoo
-
Abhimanyu Raj abhimanyu.raj
- Mar 20, 2017
-
-
Simon Dubray authored
This debug option costs around 5 MBytes of RAM and can be safely removed as our 3.10 kernel is stable enough now. As CONFIG_SPLIT_PTLOCK_CPUS is depending of this one, its value is set back automatically to default (4). Change-Id: Ic218dd58152fe0a22f0e195dd835130d509f262f Tracked-On: https://jira01.devtools.intel.com/browse/AW-4638 Signed-off-by:
Simon Dubray <simonx.dubray@intel.com> Reviewed-on: https://android.intel.com/572652 Reviewed-by:
jenkins_ndg <jenkins_ndg@intel.com> Reviewed-by:
Zaghdoud, WalidX <walidx.zaghdoud@intel.com> Reviewed-by:
Nassiet, GaelleX <gaellex.nassiet@intel.com> Reviewed-by:
Viel, ClementX <clementx.viel@intel.com> Tested-by:
Deverge, Jean-francoisX <jean-francoisx.deverge@intel.com> Reviewed-by:
Whitfield, MichaelX <michaelx.whitfield@intel.com> Reviewed-by:
Tasayco Loarte, VictorX <victorx.tasayco.loarte@intel.com> Reviewed-by:
Ledentec, AlexandreX <alexandrex.ledentec@intel.com>
-
- Mar 16, 2017
-
-
Ghaddab, RiadhX authored
This reverts commit 5ef1cfba. Change-Id: I90f2287355aef6a3046b7c329632a93433eea515 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4782 Reviewed-on: https://android.intel.com/573335 Reviewed-by:
Ghaddab, RiadhX <riadhx.ghaddab@intel.com> Reviewed-by:
Jacquet, CyrilX <cyrilx.jacquet@intel.com> Reviewed-by:
-
Simon Dubray authored
DSR count had been increased from 2 to 15 three years ago in order to make it less power-agressive and avoid shutting down the display for nothing. On our platforms, we need to reduce it in order to increase the s0ix residency in use cases with a few fps. It will allow to sleep more between 2 frames. As free_count is incremented every 16ms, 2 is maybe a bit too agressive (32ms) but 4 looks like a good trade-off and should be safe enough. Change-Id: Ie2e142fb7e25897d144c352e6eb3f2f7d0dd8573 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4777 Signed-off-by:
Lachaud, EtienneX <etiennex.lachaud@intel.com> Reviewed-by:
Bel Aj Ali, HabibX <habibx.bel.aj.ali@intel.com> Tested-by:
-
- Mar 14, 2017
-
-
Simon Dubray authored
Instead of hardcoding all the pci devices we do not want to power on/off, only change power state of lss with a driver registered. Change-Id: Ic5700d02eac32f721f701679a6cbef526f7eac28 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4522 Signed-off-by:
Korpershoek, MattijsX <mattijsx.korpershoek@intel.com> Reviewed-by:
-
- Mar 03, 2017
-
-
Simon Dubray authored
As our kernel 3.10 is quite stable now, we can disable debugging features to save some RAM and improve user experience. Change-Id: If90d13e02c6c2c7bf22693a26a6b881d34298699 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4529 Signed-off-by:
-
Simon Dubray authored
The purpose of this patch is to reduce graphics memory usage. It reduces the size of memory allocated for hashtables from 8MB to 512kB as we assume that our small watches need less memory than merrifield phones. This optimization should save around 15MB of RAM on our kernel. Change-Id: Ic6737eb41b4286707193e6487287aa9cc2c57d26 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4180 Signed-off-by:
Gong, Sophia <sophia.gong@intel.com> Reviewed-by:
Ben Alaya, AymenX <aymenx.ben.alaya@intel.com> Reviewed-by:
Louis, FabienX <fabienx.louis@intel.com> Reviewed-by:
-
- Mar 02, 2017
-
-
Simon Dubray authored
As our devices do not need video support, disable this useless config. Change-Id: Ia8730b259569f960cf2d311c3a55cb2895c1a810 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4180 Signed-off-by:
-
Simon Dubray authored
2MB of memory are allocated by the kernel for memory cgroups while we never use them on our devices, so disable support in defconfig Change-Id: I9591e0c8836868a2fb2472cb1e843efe8432a359 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4485 Signed-off-by:
-
- Feb 24, 2017
-
-
Jim Lin authored
When gadget is disconnected, running sequence is like this. . android_work: sent uevent USB_STATE=DISCONNECTED . Call trace: usb_string_copy+0xd0/0x128 gadget_config_name_configuration_store+0x4 gadget_config_name_attr_store+0x40/0x50 configfs_write_file+0x198/0x1f4 vfs_write+0x100/0x220 SyS_write+0x58/0xa8 . configfs_composite_unbind . configfs_composite_bind In configfs_composite_bind, it has "cn->strings.s = cn->configuration;" When usb_string_copy is invoked. it would allocate memory, copy input string, release previous pointed memory space, and use new allocated memory. When gadget is connected, host sends down request to get information. Call trace: usb_gadget_get_string+0xec/0x168 lookup_string+0x64/0x98 composite_setup+0xa34/0x1ee8 android_setup+0xb4/0x140 If gadget is disconnected and connected quickly, in the failed case, cn->configuration memory has been released by usb_string_copy kfree but configfs_composite_bind hasn't been run in time to assign new allocated "cn->configuration" pointer to "cn->strings.s". When "strlen(s->s) of usb_gadget_get_string is being executed, the dangling memory is accessed, "BUG: KASAN: use-after-free" error occurs. BUG=chrome-os-partner:58412 TEST=After smaug device was connected to ubuntu PC host, detached and attached type-C cable quickly several times without seeing "BUG: KASAN: use-after-free in usb_gadget_get_string". Bug: 31614969 Change-Id: I58240ee7c55ae8f8fb8597d14f09c5ac07abb032 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Signed-off-by:
Jim Lin <jilin@nvidia.com> Signed-off-by:
Siqi Lin <siqilin@google.com> Reviewed-on: https://android.intel.com/569912 Reviewed-by:
Akue, LoicX <loicx.akue@intel.com> Reviewed-by:
-
Andrew Chant authored
Place file offset validity checks under mutex. BUG: 33555878 BUG: 33002026 Change-Id: I1945cfc8af7d1a310ae0d7bbb85002d4c448f30b Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Signed-off-by:
Andrew Chant <achant@google.com> Reviewed-on: https://android.intel.com/569911 Reviewed-by:
Hu, Bingquan <bingquan.hu@intel.com> Reviewed-by:
-
Eric Dumazet authored
CAP_NET_ADMIN users should not be allowed to set negative sk_sndbuf or sk_rcvbuf values, as it can lead to various memory corruptions, crashes, OOM... Note that before commit 82981930 ("net: cleanups in sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable. This needs to be backported to all known linux kernels. Again, many thanks to syzkaller team for discovering this gem. Change-Id: I158db8dd09043734287ba70be657881c5185fd71 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Signed-off-by:
Eric Dumazet <edumazet@google.com> Reported-by:
Andrey Konovalov <andreyknvl@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Reviewed-on: https://android.intel.com/569900 Reviewed-by:
-
Philip Pettersson authored
When packet_set_ring creates a ring buffer it will initialize a struct timer_list if the packet version is TPACKET_V3. This value can then be raced by a different thread calling setsockopt to set the version to TPACKET_V1 before packet_set_ring has finished. This leads to a use-after-free on a function pointer in the struct timer_list when the socket is closed as the previously initialized timer will not be deleted. The bug is fixed by taking lock_sock(sk) in packet_setsockopt when changing the packet version while also taking the lock at the start of packet_set_ring. Change-Id: Ia7b15ac2269ec7dc8806cb7eeb3a45be8743a881 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Fixes: f6fb8f10 ("af-packet: TPACKET_V3 flexible buffer implementation.") Signed-off-by:
Philip Pettersson <philip.pettersson@gmail.com> Signed-off-by:
-
Guillaume Nault authored
Lock socket before checking the SOCK_ZAPPED flag in l2tp_ip6_bind(). Without lock, a concurrent call could modify the socket flags between the sock_flag(sk, SOCK_ZAPPED) test and the lock_sock() call. This way, a socket could be inserted twice in l2tp_ip6_bind_table. Releasing it would then leave a stale pointer there, generating use-after-free errors when walking through the list or modifying adjacent entries. BUG: KASAN: use-after-free in l2tp_ip6_close+0x22e/0x290 at addr ffff8800081b0ed8 Write of size 8 by task syz-executor/10987 CPU: 0 PID: 10987 Comm: syz-executor Not tainted 4.8.0+ #39 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 ffff880031d97838 ffffffff829f835b ffff88001b5a1640 ffff8800081b0ec0 ffff8800081b15a0 ffff8800081b6d20 ffff880031d97860 ffffffff8174d3cc ffff880031d978f0 ffff8800081b0e80 ffff88001b5a1640 ffff880031d978e0 Call Trace: [<ffffffff829f835b>] dump_stack+0xb3/0x118 lib/dump_stack.c:15 [<ffffffff8174d3cc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:156 [< inline >] print_address_description mm/kasan/report.c:194 [<ffffffff8174d666>] kasan_report_error+0x1f6/0x4d0 mm/kasan/report.c:283 [< inline >] kasan_report mm/kasan/report.c:303 [<ffffffff8174db7e>] __asan_report_store8_noabort+0x3e/0x40 mm/kasan/report.c:329 [< inline >] __write_once_size ./include/linux/compiler.h:249 [< inline >] __hlist_del ./include/linux/list.h:622 [< inline >] hlist_del_init ./include/linux/list.h:637 [<ffffffff8579047e>] l2tp_ip6_close+0x22e/0x290 net/l2tp/l2tp_ip6.c:239 [<ffffffff850b2dfd>] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [<ffffffff851dc5a0>] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [<ffffffff84c4581d>] sock_release+0x8d/0x1d0 net/socket.c:570 [<ffffffff84c45976>] sock_close+0x16/0x20 net/socket.c:1017 [<ffffffff817a108c>] __fput+0x28c/0x780 fs/file_table.c:208 [<ffffffff817a1605>] ____fput+0x15/0x20 fs/file_table.c:244 [<ffffffff813774f9>] task_work_run+0xf9/0x170 [<ffffffff81324aae>] do_exit+0x85e/0x2a00 [<ffffffff81326dc8>] do_group_exit+0x108/0x330 [<ffffffff81348cf7>] get_signal+0x617/0x17a0 kernel/signal.c:2307 [<ffffffff811b49af>] do_signal+0x7f/0x18f0 [<ffffffff810039bf>] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [<ffffffff81006060>] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [<ffffffff85e4d726>] entry_SYSCALL_64_fastpath+0xc4/0xc6 Object at ffff8800081b0ec0, in cache L2TP/IPv6 size: 1448 Allocated: PID = 10987 [ 1116.897025] [<ffffffff811ddcb6>] save_stack_trace+0x16/0x20 [ 1116.897025] [<ffffffff8174c736>] save_stack+0x46/0xd0 [ 1116.897025] [<ffffffff8174c9ad>] kasan_kmalloc+0xad/0xe0 [ 1116.897025] [<ffffffff8174cee2>] kasan_slab_alloc+0x12/0x20 [ 1116.897025] [< inline >] slab_post_alloc_hook mm/slab.h:417 [ 1116.897025] [< inline >] slab_alloc_node mm/slub.c:2708 [ 1116.897025] [< inline >] slab_alloc mm/slub.c:2716 [ 1116.897025] [<ffffffff817476a8>] kmem_cache_alloc+0xc8/0x2b0 mm/slub.c:2721 [ 1116.897025] [<ffffffff84c4f6a9>] sk_prot_alloc+0x69/0x2b0 net/core/sock.c:1326 [ 1116.897025] [<ffffffff84c58ac8>] sk_alloc+0x38/0xae0 net/core/sock.c:1388 [ 1116.897025] [<ffffffff851ddf67>] inet6_create+0x2d7/0x1000 net/ipv6/af_inet6.c:182 [ 1116.897025] [<ffffffff84c4af7b>] __sock_create+0x37b/0x640 net/socket.c:1153 [ 1116.897025] [< inline >] sock_create net/socket.c:1193 [ 1116.897025] [< inline >] SYSC_socket net/socket.c:1223 [ 1116.897025] [<ffffffff84c4b46f>] SyS_socket+0xef/0x1b0 net/socket.c:1203 [ 1116.897025] [<ffffffff85e4d685>] entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 10987 [ 1116.897025] [<ffffffff811ddcb6>] save_stack_trace+0x16/0x20 [ 1116.897025] [<ffffffff8174c736>] save_stack+0x46/0xd0 [ 1116.897025] [<ffffffff8174cf61>] kasan_slab_free+0x71/0xb0 [ 1116.897025] [< inline >] slab_free_hook mm/slub.c:1352 [ 1116.897025] [< inline >] slab_free_freelist_hook mm/slub.c:1374 [ 1116.897025] [< inline >] slab_free mm/slub.c:2951 [ 1116.897025] [<ffffffff81748b28>] kmem_cache_free+0xc8/0x330 mm/slub.c:2973 [ 1116.897025] [< inline >] sk_prot_free net/core/sock.c:1369 [ 1116.897025] [<ffffffff84c541eb>] __sk_destruct+0x32b/0x4f0 net/core/sock.c:1444 [ 1116.897025] [<ffffffff84c5aca4>] sk_destruct+0x44/0x80 net/core/sock.c:1452 [ 1116.897025] [<ffffffff84c5ad33>] __sk_free+0x53/0x220 net/core/sock.c:1460 [ 1116.897025] [<ffffffff84c5af23>] sk_free+0x23/0x30 net/core/sock.c:1471 [ 1116.897025] [<ffffffff84c5cb6c>] sk_common_release+0x28c/0x3e0 ./include/net/sock.h:1589 [ 1116.897025] [<ffffffff8579044e>] l2tp_ip6_close+0x1fe/0x290 net/l2tp/l2tp_ip6.c:243 [ 1116.897025] [<ffffffff850b2dfd>] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [ 1116.897025] [<ffffffff851dc5a0>] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [ 1116.897025] [<ffffffff84c4581d>] sock_release+0x8d/0x1d0 net/socket.c:570 [ 1116.897025] [<ffffffff84c45976>] sock_close+0x16/0x20 net/socket.c:1017 [ 1116.897025] [<ffffffff817a108c>] __fput+0x28c/0x780 fs/file_table.c:208 [ 1116.897025] [<ffffffff817a1605>] ____fput+0x15/0x20 fs/file_table.c:244 [ 1116.897025] [<ffffffff813774f9>] task_work_run+0xf9/0x170 [ 1116.897025] [<ffffffff81324aae>] do_exit+0x85e/0x2a00 [ 1116.897025] [<ffffffff81326dc8>] do_group_exit+0x108/0x330 [ 1116.897025] [<ffffffff81348cf7>] get_signal+0x617/0x17a0 kernel/signal.c:2307 [ 1116.897025] [<ffffffff811b49af>] do_signal+0x7f/0x18f0 [ 1116.897025] [<ffffffff810039bf>] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [ 1116.897025] [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [ 1116.897025] [<ffffffff81006060>] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [ 1116.897025] [<ffffffff85e4d726>] entry_SYSCALL_64_fastpath+0xc4/0xc6 Memory state around the buggy address: ffff8800081b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800081b0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8800081b0e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ ffff8800081b0f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8800081b0f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== The same issue exists with l2tp_ip_bind() and l2tp_ip_bind_table. Change-Id: I6bff1df385742b1d836d43180dc87fadcea80784 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Reported-by:Baozeng Ding <sploving1@gmail.com> Reported-by:
Guillaume Nault <g.nault@alphalink.fr> Signed-off-by:
-
Daniel Rosenberg authored
Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Bug: 31992382 Test: See bug for poc Change-Id: I6bff1df385742b1d836d43180dc87fadcea80782 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Signed-off-by:
Daniel Rosenberg <drosen@google.com> Reviewed-on: https://android.intel.com/569892 Reviewed-by:
-
Mark Salyzyn authored
Sysrq must be enabled via /proc/sys/kernel/sysrq as a security measure to enable various critical fiq debugger commands that either leak information or can be used as a system attack. Default disabled, this will leave the reboot, reset, irqs, sleep, nosleep, console and ps commands. Reboot and reset commands will be restricted from taking any parameters. We will also switch to showing the limited command set in this mode. Bug: 32402555 Change-Id: I3f74b1ff5e4971d619bcb37a911fed68fbb538d5 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Reviewed-on: https://android.intel.com/569870 Reviewed-by:
-
Kai Qiang authored
change the tilt threshold degree from 20 to 15 Change-Id: I054523324172d4dda84477183bb084837ef10195 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4187 Signed-off-by:
Kai Qiang <kaix.qiang@intel.com> Reviewed-on: https://android.intel.com/567758 Reviewed-by:
-
Andrey Ryabinin authored
This fixes CVE-2016-8650. If mpi_powm() is given a zero exponent, it wants to immediately return either 1 or 0, depending on the modulus. However, if the result was initalised with zero limb space, no limbs space is allocated and a NULL-pointer exception ensues. Fix this by allocating a minimal amount of limb space for the result when the 0-exponent case when the result is 1 and not touching the limb space when the result is 0. This affects the use of RSA keys and X.509 certificates that carry them. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6 PGD 0 Oops: 0002 [#1] SMP Modules linked in: CPU: 3 PID: 3014 Comm: keyctl Not tainted 4.9.0-rc6-fscache+ #278 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 task: ffff8804011944c0 task.stack: ffff880401294000 RIP: 0010:[<ffffffff8138ce5d>] [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6 RSP: 0018:ffff880401297ad8 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffff88040868bec0 RCX: ffff88040868bba0 RDX: ffff88040868b260 RSI: ffff88040868bec0 RDI: ffff88040868bee0 RBP: ffff880401297ba8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000047 R11: ffffffff8183b210 R12: 0000000000000000 R13: ffff8804087c7600 R14: 000000000000001f R15: ffff880401297c50 FS: 00007f7a7918c700(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000401250000 CR4: 00000000001406e0 Stack: ffff88040868bec0 0000000000000020 ffff880401297b00 ffffffff81376cd4 0000000000000100 ffff880401297b10 ffffffff81376d12 ffff880401297b30 ffffffff81376f37 0000000000000100 0000000000000000 ffff880401297ba8 Call Trace: [<ffffffff81376cd4>] ? __sg_page_iter_next+0x43/0x66 [<ffffffff81376d12>] ? sg_miter_get_next_page+0x1b/0x5d [<ffffffff81376f37>] ? sg_miter_next+0x17/0xbd [<ffffffff8138ba3a>] ? mpi_read_raw_from_sgl+0xf2/0x146 [<ffffffff8132a95c>] rsa_verify+0x9d/0xee [<ffffffff8132acca>] ? pkcs1pad_sg_set_buf+0x2e/0xbb [<ffffffff8132af40>] pkcs1pad_verify+0xc0/0xe1 [<ffffffff8133cb5e>] public_key_verify_signature+0x1b0/0x228 [<ffffffff8133d974>] x509_check_for_self_signed+0xa1/0xc4 [<ffffffff8133cdde>] x509_cert_parse+0x167/0x1a1 [<ffffffff8133d609>] x509_key_preparse+0x21/0x1a1 [<ffffffff8133c3d7>] asymmetric_key_preparse+0x34/0x61 [<ffffffff812fc9f3>] key_create_or_update+0x145/0x399 [<ffffffff812fe227>] SyS_add_key+0x154/0x19e [<ffffffff81001c2b>] do_syscall_64+0x80/0x191 [<ffffffff816825e4>] entry_SYSCALL64_slow_path+0x25/0x25 Code: 56 41 55 41 54 53 48 81 ec a8 00 00 00 44 8b 71 04 8b 42 04 4c 8b 67 18 45 85 f6 89 45 80 0f 84 b4 06 00 00 85 c0 75 2f 41 ff ce <49> c7 04 24 01 00 00 00 b0 01 75 0b 48 8b 41 18 48 83 38 01 0f RIP [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6 RSP <ffff880401297ad8> CR2: 0000000000000000 ---[ end trace d82015255d4a5d8d ]--- Basically, this is a backport of a libgcrypt patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526 Change-Id: I77e53254632ed7c0bad865e3ae156fafc02c6251 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391 Fixes: cdec9cb5 ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
David Howells <dhowells@redhat.com> cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> cc: linux-ima-devel@lists.sourceforge.net cc: stable@vger.kernel.org Signed-off-by:
James Morris <james.l.morris@oracle.com> Reviewed-on: https://android.intel.com/569859 Reviewed-by:
-
- Feb 21, 2017
-
-
MorganX Binet authored
- Currently a wakelock is held only when the cable type is DCP. SDP and CDP cable types are handled in OTG driver. - This patches includes the other types of cable Change-Id: I14083df70b20c73de6322df62ea8756100caa96e Tracked-On: https://jira01.devtools.intel.com/browse/AW-2877 Signed-off-by:
MorganX Binet <morganx.binet@intel.com> Reviewed-on: https://android.intel.com/568927 Reviewed-by:
Chaumette, HubertX <hubertx.chaumette@intel.com> Reviewed-by:
Saadani, MarouaneX <marouanex.saadani@intel.com> Reviewed-by:
Ferrari, AlainX <alainx.ferrari@intel.com> Reviewed-by:
-
- Feb 20, 2017
-
-
Julien Masson authored
On power on sequence, we should rotate screen to 180 degree. Change-Id: I59b774d0bd2d99165438ff88f4c88907dcef2585 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4188 Signed-off-by:
Julien Masson <julienx.masson@intel.com> Reviewed-on: https://android.intel.com/567406 Reviewed-by:
Liu, WeiX W <weix.w.liu@intel.com> Reviewed-by:
-
- Feb 16, 2017
-
-
Kai Qiang authored
modified scale from 2G to 8G of st_lsm6ds3h Change-Id: I83184453d1d0d361e8a3381fb654d26fb6538598 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3409 Signed-off-by:
-
- Feb 15, 2017
-
-
Sophia Gong authored
This patch is to WA below CTS 7.1-r1 dEQP mem stress failures. The failed case intends to create 128 EGL contexts. Each 3D EGL context allocates about 1.5MB memory. 1MB of them are for 3D heap size. This patch decreases PDS/USC heap size to 48MB for overall 128 EGL contexts. Full CTS-7.1, gfx smooth validation shows no side effects. dEQP-EGL.functional.multicontext#non_shared dEQP-EGL.functional.multicontext#non_shared_clear dEQP-EGL.functional.multicontext#non_shared_make_current Change-Id: I26c55ec940ab154986f475e16c72fb0a807fde18 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3635 Signed-off-by:
wenshelx <wenshengx.wang@intel.com> Reviewed-on: https://android.intel.com/567744 Reviewed-by:
-
- Feb 09, 2017
-
-
Greg Hackmann authored
Bug: 32838767 Change-Id: I987b07c30b3ed76865a002e7c154a5fa36b1bf29 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4085 Signed-off-by:
Greg Hackmann <ghackmann@google.com> Reviewed-on: https://android.intel.com/565598 Reviewed-by:
Ben Abdessalem, AmrX <amrx.ben.abdessalem@intel.com> Reviewed-by:
-
Adrian Salido authored
As mentioned in commit 52ee2dfd ("pids: refactor vnr/nr_ns helpers to make them safe"). *_nr_ns helpers used to be buggy. The commit addresses most of the helpers but is missing task_tgid_xxx() Without this protection there is a possible use after free reported by kasan instrumented kernel: ================================================================== BUG: KASAN: use-after-free in task_tgid_nr_ns+0x2c/0x44 at addr *** Read of size 8 by task cat/2472 CPU: 1 PID: 2472 Comm: cat Tainted: **** Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT) Call trace: [<ffffffc00020ad2c>] dump_backtrace+0x0/0x17c [<ffffffc00020aec0>] show_stack+0x18/0x24 [<ffffffc0011573d0>] dump_stack+0x94/0x100 [<ffffffc0003c7dc0>] kasan_report+0x308/0x554 [<ffffffc0003c7518>] __asan_load8+0x20/0x7c [<ffffffc00025a54c>] task_tgid_nr_ns+0x28/0x44 [<ffffffc00046951c>] proc_pid_status+0x444/0x1080 [<ffffffc000460f60>] proc_single_show+0x8c/0xdc [<ffffffc0004081b0>] seq_read+0x2e8/0x6f0 [<ffffffc0003d1420>] vfs_read+0xd8/0x1e0 [<ffffffc0003d1b98>] SyS_read+0x68/0xd4 Accessing group_leader while holding rcu_lock and using the now safe helpers introduced in the commit mentioned, this race condition is addressed. Bug: 31495866 Signed-off-by:
Adrian Salido <salidoa@google.com> Tracked-On: https://jira01.devtools.intel.com/browse/AW-4085 Change-Id: I4315217922dda375a30a3581c0c1740dda7b531b Reviewed-on: https://android.intel.com/565596 Reviewed-by:
-
Simon Dubray authored
Handle properly return values in tmd26723 probe to return negative values when data structures have been free'd. Change-Id: I6b7ba86bdac9dac9544dcb3bd979f18e6b4e4c64 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4020 Signed-off-by:
-
Jann Horn authored
This ensures that do_mmap() won't implicitly make AIO memory mappings executable if the READ_IMPLIES_EXEC personality flag is set. Such behavior is problematic because the security_mmap_file LSM hook doesn't catch this case, potentially permitting an attacker to bypass a W^X policy enforced by SELinux. I have tested the patch on my machine. To test the behavior, compile and run this: #define _GNU_SOURCE #include <unistd.h> #include <sys/personality.h> #include <linux/aio_abi.h> #include <err.h> #include <stdlib.h> #include <stdio.h> #include <sys/syscall.h> int main(void) { personality(READ_IMPLIES_EXEC); aio_context_t ctx = 0; if (syscall(__NR_io_setup, 1, &ctx)) err(1, "io_setup"); char cmd[1000]; sprintf(cmd, "cat /proc/%d/maps | grep -F '/[aio]'", (int)getpid()); system(cmd); return 0; } In the output, "rw-s" is good, "rwxs" is bad. Signed-off-by:Jann Horn <jann@thejh.net> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 22f6b4d34fcf039c63a94e7670e0da24f8575a5a) Bug: 31711619 Tracked-On: https://jira01.devtools.intel.com/browse/AW-4085 Change-Id: Ib4ffd30b61f1d9ba629049f65a21afbf94e25cfd Reviewed-on: https://android.intel.com/565587 Reviewed-by:
-
- Feb 03, 2017
-
-
MorganX Binet authored
previous VINDPM implementation did not take into account that register is reset at each cable connection so VINDPM is forced every minute at the same time as threshold value update Change-Id: I249666e061eec3d73c45e6ee4af37fb3562d53e0 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3147 Signed-off-by:
-
Julien Masson authored
This type aims to be the reference for display device. Change-Id: Ib21b3a93587ad0ac3b0e35ac7ab413557a6811ee Tracked-On: https://jira01.devtools.intel.com/browse/AW-2918 Signed-off-by:
Afonso, PhilippeX <philippex.afonso@intel.com> Reviewed-by:
-
- Jan 25, 2017
-
-
Hu Bingquan authored
The mod_timer might be called the workqueue handler, and also from the power_enable sys nodes, they might collide. The fix is to protect again this collision. Change-Id: Iae939ab1fe4dfdf9b1fb1c75d19ebfe146ae9dcd Tracked-On: https://jira01.devtools.intel.com/browse/AW-3861 Signed-off-by:
Rouis, KhalifaX <khalifax.rouis@intel.com> Reviewed-by:
-
Simon Dubray authored
lowmemorykiller was not taking into account unevictable pages when deciding what level to kill. If significant amounts of memory were pinned, this caused lowmemorykiller to effectively stop at a much higher level than it should. Change-Id: I4cdbe9bd8546b3d8eb9ec6c2f463e82fe7fa15e9 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3921 Signed-off-by:
-
- Jan 20, 2017
-
-
Amr BEN ABDESSALEM authored
This patch fixes a faced memory leak caused by not detaching sih structure if firmware download fails. unreferenced object 0xffff8800091ae300 (size 256): comm "WifiStateMachin", pid 621, jiffies 4296455689 (age 869.950s) backtrace: [<ffffffff829c2449>] kmemleak_alloc+0x49/0xb0 [<ffffffff821817ef>] __kmalloc+0x12f/0x2c0 [<ffffffff8243ba6c>] osl_malloc+0x6c/0xa0 [<ffffffff8243baae>] osl_mallocz+0xe/0x30 [<ffffffff8243fd12>] si_attach+0x32/0x110 [<ffffffff8248308b>] dhdsdio_probe_attach+0x43b/0xd20 [<ffffffff8248dc0d>] dhd_bus_devreset+0x16d/0x2e0 [<ffffffff8242d098>] dhd_net_bus_devreset+0x48/0xf0 [<ffffffff82444372>] wl_android_wifi_on+0xe2/0x160 [<ffffffff82430e89>] dhd_open+0xb9/0x270 unreferenced object 0xffff880010154000 (size 2048): comm "WifiStateMachin", pid 621, jiffies 4296455689 (age 870.010s) backtrace: [<ffffffff829c2449>] kmemleak_alloc+0x49/0xb0 [<ffffffff821817ef>] __kmalloc+0x12f/0x2c0 [<ffffffff8243ba6c>] osl_malloc+0x6c/0xa0 [<ffffffff8243baae>] osl_mallocz+0xe/0x30 [<ffffffff8243fd2b>] si_attach+0x4b/0x110 [<ffffffff8248308b>] dhdsdio_probe_attach+0x43b/0xd20 [<ffffffff8248dc0d>] dhd_bus_devreset+0x16d/0x2e0 [<ffffffff8242d098>] dhd_net_bus_devreset+0x48/0xf0 [<ffffffff82444372>] wl_android_wifi_on+0xe2/0x160 [<ffffffff82430e89>] dhd_open+0xb9/0x270 Change-Id: I1a63e33e0a7e1f91bdf061dc519f418f7fdfb698 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3799 Signed-off-by:
-
Sebastien MICHEL authored
Change-Id: I48e1e1dcfbd70e1de8d6e9aeb262594204f86bb7 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3920 Signed-off-by:
Sebastien MICHEL <sebastien.michel@intel.com> Signed-off-by:
-
- Jan 19, 2017
-
-
Ben Abdessalem, AmrX authored
Cypress proposed an other patch for fixing this issue; to be aligned, we revert so. This reverts commit 42f53e7b. Change-Id: Ib7c2b7c12f85fcea34632752584a2d9addf16e4d Tracked-On: https://jira01.devtools.intel.com/browse/AW-3799 Signed-off-by:
-
Kai Qiang authored
When the proximity sensor was not well configured the thresholds has been lowered to 0x60 in a range of (0x0 -> 0x3ff) measured data. This threshold has to be increased to 0x100 as for some devices (DVT) the reported data for a far distance corresponds to a value near 0xa0 Change-Id: Id455c1a02ae1c943026a81dd7e9fa7f338c18b8e Tracked-On: https://jira01.devtools.intel.com/browse/AW-3821 Signed-off-by:
Samoun, JacquesX <jacquesx.samoun@intel.com> Reviewed-by:
-
- Jan 18, 2017
-
-
Riadh GHADDAB authored
- This patch resolves the false detection issues due to a storm of interrupts coming from the proximity sensor - It is achieved by changing the comparison logic to detect proximity and by initialize a proximity read on probe and on resume. - A reconfiguration of the device is also added in the resume function - Change deprecated function __cancel_scheduled_work Change-Id: I35f881079fadecdc18fcb053247075858301e0e2 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3821 Signed-off-by:
Bride, Jacques <jacques.bride@intel.com> Reviewed-by:
-
MorganX Binet authored
bq25898 reboot notifier was not called after a "reboot -p" command because of shutdown called previously by osip reboot notifier increasing its priority in order to be called before shutdown Change-Id: Ia39ae08270df534aad2f1f9b7f08754b623f0039 Tracked-On: https://jira01.devtools.intel.com/browse/AW-2906 Signed-off-by:
-
Riadh GHADDAB authored
- This patch corrects some coding style errors in the proximity sensor driver. - It adds as well some logs to help debugging the driver Change-Id: I12e81ffdc7c776a4d3fadc908b8e7190fe526efa Tracked-On: https://jira01.devtools.intel.com/browse/AW-3821 Signed-off-by:
-
- Jan 16, 2017
-
-
Peiqian Li authored
This reverts commit 09af6739. With the new HW variant SPL SP3, the coordinate flip is not needed, the fix was verified ok. Change-Id: I7e0e1702956eeb125995d0a482c1fc639ada6bc9 Tracked-On: https://jira01.devtools.intel.com/browse/AW-3736 Signed-off-by:
Peiqian Li <peiqianx.li@intel.com> Reviewed-on: https://android.intel.com/561284 Reviewed-by:
-
- Jan 13, 2017
-
-
MorganX Binet authored
when VUSB is low (~ 4.5V-4.7V), the charger behaves wrongly (toggling between charging and stop charging) HW team propose to fix it by setting VINDPM voltage within the charger every minute at a value where VINDPM = VBAT + 400mV FORCE_VINDPM should be forced to 1 Change-Id: Idfe9c0f39b03ae6e0344d4b4338121d4d27e1bae Tracked-On: https://jira01.devtools.intel.com/browse/AW-3147 Signed-off-by:
-
Louis, FabienX authored
This patch fix an issue introduced by the following commit : fbe2f38d8f6f8c127f93a197a5abe73b45c7393b Change-Id: I9144e991e6370f973c0715abf18b27f37dd1f30e Tracked-On: https://jira01.devtools.intel.com/browse/AW-3683 Signed-off-by:
-
- Jan 12, 2017
-
-
Andrew Wyper authored
Patch to adjust the timer/wakelock delays in the BT LPM driver, improving bt power consumption. Change-Id: I9129f0426571a814d134f11ec4d7923cf28735bf Tracked-On: https://jira01.devtools.intel.com/browse/AW-1701 Signed-off-by:
Andrew Wyper <andrewx.wyper@intel.com> Reviewed-on: https://android.intel.com/562195 Reviewed-by:
Ferraton, Jean RegisX <jean.regisx.ferraton@intel.com> Tested-by:
Ranquet, Guillaume <guillaume.ranquet@intel.com> Reviewed-by:
-
