android_kernel_zuk_msm8996.git

	Commit message (Collapse)	Author	Age
*	Merge remote-tracking branch 'msm8998/lineage-20' into lineage-20	Raghuram Subramani	2024-10-17
\| \| \| \|	Change-Id: I126075a330f305c85f8fe1b8c9d408f368be95d1
*	Merge tag 'LA.UM.8.4.c25-06600-8x98.0' of ↵	Michael Bestas	2022-11-05
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://git.codelinaro.org/clo/la/kernel/msm-4.4 into android13-4.4-msm8998 "LA.UM.8.4.c25-06600-8x98.0" * tag 'LA.UM.8.4.c25-06600-8x98.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.4: diag: Prevent out of bound write while sending dci pkt to remote diag: Ensure dci entry is valid before sending the packet ion: Fix integer overflow in msm_ion_custom_ioctl diag: Use valid data_source for a valid token msm: kgsl: Remove 'fd' dependency to get dma_buf handle msm: kgsl: Fix gpuaddr_in_range() to check upper bound msm: adsprpc: Handle UAF in fastrpc debugfs read msm: kgsl: Add a sysfs node to control performance counter reads msm: kgsl: Perform cache flush on the pages obtained using get_user_pages() soc: qcom: hab: Add sanity check for payload_count msm: kgsl: Fix out of bound write in adreno_profile_submit_time futex: Fix inode life-time issue futex: Handle faults correctly for PI futexes futex: Simplify fixup_pi_state_owner() futex: Use pi_state_update_owner() in put_pi_state() rtmutex: Remove unused argument from rt_mutex_proxy_unlock() futex: Provide and use pi_state_update_owner() futex: Replace pointless printk in fixup_owner() futex: Avoid violating the 10th rule of futex futex: Rework inconsistent rt_mutex/futex_q state futex: Remove rt_mutex_deadlock_account_*() futex,rt_mutex: Provide futex specific rt_mutex API msm: adsprpc: Handle UAF in process shell memory Disable TRACER Check to improve Camera Performance msm: kgsl: Deregister gpu address on memdesc_sg_virt failure crypto: Fix possible stack out-of-bound error msm: kgsl: Correct the refcount on current process PID. msm: kgsl: Compare pid pointer instead of TGID for a new process qcom,max-freq-level change for trial msm: kgsl: Protect the memdesc->gpuaddr in SVM use cases. msm: kgsl: Stop using memdesc->usermem. Conflicts: drivers/char/adsprpc.c drivers/char/diag/diag_dci.c drivers/gpu/msm/kgsl.c drivers/gpu/msm/kgsl_debugfs.c drivers/gpu/msm/kgsl_iommu.c drivers/gpu/msm/kgsl_mmu.c drivers/gpu/msm/kgsl_sharedmem.c drivers/gpu/msm/kgsl_trace.h kernel/futex.c kernel/locking/rtmutex.c kernel/locking/rtmutex_common.h Change-Id: I777ee96b855e2967ef6733e603d12f40174974d0
\| *	Merge "diag: Ensure dci entry is valid before sending the packet"	Linux Build Service Account	2022-09-21
\| \|\
\| \| *	diag: Ensure dci entry is valid before sending the packet	Manoj Prabhu B	2022-09-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Possibility of a race condition which can free the dci entry causing use after free case is prevented by adding the check for entry's validity. Change-Id: Ib436ffd16c266636d99885d6091eb1a6887737c7 Signed-off-by: Manoj Prabhu B <quic_bmanoj@quicinc.com>
\| * \|	diag: Prevent out of bound write while sending dci pkt to remote	Manoj Prabhu B	2022-09-19
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Sanitize user input length for the maximum buffer size before writing the dci packet to remote. Change-Id: I1f813a969fcce589f9e5024864ef4a650f2cf64e Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
\| *	diag: Use valid data_source for a valid token	Manoj Prabhu B	2022-09-16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	For a valid token indicating remote proc use data_source to indicate packet originated from dci remote source. Change-Id: I01729a905d532fae7ea046acc143598eca04460b Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	diag: Prevent resource leakage of task structure	Manoj Prabhu B	2021-08-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The task structure with reference count incremented while dci client is registered should be updated with reference count decremented in failure case of registration. Change-Id: I093229d83dca2699e0343224756895eff0915e38 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org> CVE-2020-11160
* \|	Merge tag 'LA.UM.9.2.r1-03400-SDMxx0.0' of ↵	Michael Bestas	2021-07-10
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://source.codeaurora.org/quic/la/kernel/msm-4.4 into lineage-18.1-caf-msm8998 * tag 'LA.UM.9.2.r1-03400-SDMxx0.0' of https://source.codeaurora.org/quic/la/kernel/msm-4.4: diag: Use valid data_source for a valid token Change-Id: Ie86f072048d1863b07d74ef1e6500b5f18e75963
\| * \|	diag: Use valid data_source for a valid token	Manoj Prabhu B	2021-05-18
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	For a valid token indicating remote proc use data_source to indicate packet originated from dci remote source. Change-Id: I01729a905d532fae7ea046acc143598eca04460b Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	Merge 276ddca7adc68caa71ebeefce827e4b99deabf99 on remote branch	Linux Build Service Account	2020-06-13
\|\\| \| \| \| \| \| \|	Change-Id: I380e15f0799ece6e0abc77bf6ba38e21000b5bb0
\| *	diag: dci: Synchronize dci mempool buffers alloc and free	Manoj Prabhu B	2020-06-02
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Prevent possible race condition while freeing dci mempool buffers by properly synchronizing allocation and free. Change-Id: Iac8b9b9bd8a475d519a644d555d87b9101b9b6b8 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	Merge 72078891843ce0d5b8e95040d09ba92913916af9 on remote branch	Linux Build Service Account	2019-12-06
\|\\| \| \| \| \| \| \|	Change-Id: I7db555e5bb639a8eb4480bb7b2a32143462abb37
\| *	Merge "msm: Update config name of function-1 driver"	Linux Build Service Account	2019-11-13
\| \|\
\| \| *	msm: Update config name of function-1 driver	Amandeep Singh	2019-09-13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Update config name to enable and disable SDIO function-1 driver support and its dependencies. Change-Id: I91de5e75c115f755ddc84bd80e5942162120f6cf Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
\| * \|	diag: Reallocate dci buffer with proper required capacity	Hardik Arya	2019-11-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	DCI command buffer reallocation is not done properly with required capacity. The patch reallocates the same buffer and updated capacity properly with header and response length. Change-Id: I7b5fd132b9241d0f1493bcb602a6b361e4ad9a04 Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \| \|	Merge 6dec23e2d32dd103cb6ece90a831f3bb224a8f4f on remote branch	Linux Build Service Account	2019-10-21
\|\\| \| \| \| \| \| \| \| \| \| \|	Change-Id: Ie9ffa6f969667108741ac99373d809eca056fc67
\| * \|	diag: Validate msg source length to prevent out of bound access	Manoj Prabhu B	2019-10-09
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Place check for mask size and validate source length against sum of header length and mask size to prevent out of bound access. Change-Id: I8ac089202b6e3007773b92be8cfdc52fcb30ec3c Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \| \|	Merge 36f663352d8e241b313ae19a94c5d30ea077e243 on remote branch	Linux Build Service Account	2019-09-19
\|\\| \| \| \| \| \| \| \| \| \| \|	Change-Id: I52f4656180f7f4927da6ffedbbca9cfaf0026a8a
\| * \|	diag: Update diag get log request structure	Hardik Arya	2019-09-10
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently diag get log mask is using structure with num_items which is not being used. The patch updates structure for diag get log mask request. Change-Id: I1d4d110ca1793e1c8bedcab33e2626f02af37926 Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \|	msm: diag: Update LF markings to be on same line	Amandeep Singh	2019-09-13
\| \| \| \| \| \| \| \| \| \|	Change-Id: Iba238a5dfcddbf486c6877563b41a3ef74d49526 Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
* \|	msm: Update config to replace the restricted keyword	Amandeep Singh	2019-09-13
\|/ \| \| \| \|	Change-Id: I91de5e75c115f755ddc84bd80e5942162120f6cf Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
*	Merge "msm: diag: Add SDIO transport in diag"	Linux Build Service Account	2019-09-03
\|\
\| *	msm: diag: Add SDIO transport in diag	Amandeep Singh	2019-09-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add support for SDIO transport in diag core framework. Change-Id: Ic3ccfec3acd60b36a96aebb49a5681219a25e643 Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
\| *	diag: Update diag over sdio snapshot	Amandeep Singh	2019-09-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Update code to support diag for peripheral devices over sdio bus. Change-Id: I14678f301f94b239b61c4c94d3c0ff65204e739e Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
* \|	Merge "diag: Add diag over sdio support"	Linux Build Service Account	2019-09-03
\|\\|
\| *	diag: Add diag over sdio support	Amandeep Singh	2019-09-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit is taken as of msm-4.4 commit f185067e3685 ("diag: Fix HSIC read complete work function"). Change-Id: I629fe0d9ed697fb20fd9263ecea6009157181e63 Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
* \|	diag: dci: Prevent using uninitialized variables	Manoj Prabhu B	2019-08-21
\|/ \| \| \| \| \| \| \| \|	Presently chance of using uninitialized variables if a dci command is not found is avoided by initializing command structure variables. Change-Id: I190299917ea6c7fadfc7686d43a7da098e0bc05e Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
*	diag: dci: Prevent using uninitialized variables	Manoj Prabhu B	2019-08-06
\| \| \| \| \| \| \| \|	Avoid using uninitialized variables by initializing to prevent invalid behavior. Change-Id: I5c04874d63f0250b84f4967d48f79e6b4b733bc1 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
*	diag: dci: Validate pkt length before parsing for full header	Manoj Prabhu B	2019-08-02
\| \| \| \| \| \| \| \| \|	Few commands with smaller length than dci packet request header can fail due to present header length check. Modify the length check to cater to smaller length packets. Change-Id: Icf2e45b4eb1be0f2a15f47e58baffe86ece20a1d Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
*	diag: dci: Correct out of bounds check in processing dci pkt rsp	Manoj Prabhu B	2019-06-17
\| \| \| \| \| \| \| \| \|	Correct the out of bounds check and prevent moving the temp pointer further than out of bounds check which is not necessary while processing dci pkt rsp. Change-Id: I01f8cd7454aff81b24c986eade35c79724976151 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
*	diag: Prevent out-of-bound access while processing userspace data	Hardik Arya	2019-06-12
\| \| \| \| \| \| \| \|	Proper buffer length checks are missing in diagchar_write handlers for userspace data while processing the same buffer. Change-Id: I5b8095766e09c22f164398089505fe827fee8b54 Signed-off-by: Hardik Arya <harya@codeaurora.org>
*	diag: Prevent out-of-bound access while processing non-hdlc pkt	Hardik Arya	2019-06-10
\| \| \| \| \| \| \| \| \| \|	While parsing non-hdlc packet buffer length passed to hdlc recovery is not updated after parsing partial packet, Which can lead to out-of-bound access. The patch passes the updated buffer length for the same. Change-Id: I5596f8c5a72680684c9c9056dccaf33e3c36832c Signed-off-by: Hardik Arya <harya@codeaurora.org>
*	Merge "diag: Prevent out-of-bound access while processing dci transaction"	Linux Build Service Account	2019-06-02
\|\
\| *	diag: Prevent out-of-bound access while processing dci transaction	Hardik Arya	2019-05-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Proper buffer length check is missing for dci userspace data buffer before processing the dci transaction. The patch adds proper check for the same. Change-Id: I68c0e8c41d4e05493adecf8a1fcacea708dfafa2 Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \|	Merge "diag: Prevent out-of-bound access while processing mask commands"	Linux Build Service Account	2019-06-02
\|\\|
\| *	diag: Prevent out-of-bound access while processing mask commands	Hardik Arya	2019-05-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Mask commands are being processed without proper check of buffer length, which can lead to out of bound access. The patch adds proper check for buffer length. Change-Id: I6eb7ad01fb86f0cd0fb32390cfedd518428a64ba Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \|	Merge "diag: Validate command length against size of command structure"	Linux Build Service Account	2019-05-08
\|\ \
\| * \|	diag: Validate command length against size of command structure	Manoj Prabhu B	2019-05-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	While processing a packet containing command request, buffer size need to be checked against size of the command structures that is being parsed to prevent possible out of bound access. CRs-Fixed: 2432633 Change-Id: I048bdbd0c096a6d03501bdd5b1d2d4bb50d45dd6 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \| \|	diag: Check buffer size against command structure size	Manoj Prabhu B	2019-05-01
\|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Validate the buffer size against the parsing command structure size before parsing to prevent possible out of bound error case. CRs-Fixed: 2437341 Change-Id: I31c9a556539fce403691294a76160ae4936e7065 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	diag: dci: Validate dci response length before parsing	Manoj Prabhu B	2019-04-26
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Prevent possible out of bound access due to missing length check while extracting dci packet response by adding proper checks. CRs-Fixed: 2434571 Change-Id: I7b6972bf6559bdca99333a75d989cd6d3431b801 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	Merge "diag: Prevent out of bound access while getting build mask"	Linux Build Service Account	2019-04-24
\|\ \
\| * \|	diag: Prevent out of bound access while getting build mask	Manoj Prabhu B	2019-04-24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add check for minimum length before typecasting to build mask structure to prevent out of bound access. CRs-Fixed: 2431005 Change-Id: I97b439ead62c8a67869c9209442ef771308f2d3f Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \| \|	Merge "diag: Check command size against the minimum before parsing"	Linux Build Service Account	2019-04-24
\|\ \ \
\| * \| \|	diag: Check command size against the minimum before parsing	Manoj Prabhu B	2019-04-24
\| \|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add check for minimum length before typecasting to build mask structure to prevent out of bound access while processing get msg mask command. CRs-Fixed: 2431047 Change-Id: I5b8341f278b0b46359800e43c604c5671261c728 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* / /	diag: dci: Add missing length check before parsing the buffer	Manoj Prabhu B	2019-04-24
\|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Missing check against a structure is added to prevent possible out of bound access while processing dci packet response. CRs-Fixed: 2434612 Change-Id: I32c83dcc70bcf6465723be669d23e9f523e82755 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	Merge "diag: Add protection while accessing usb_info's buffer table"	Linux Build Service Account	2019-03-25
\|\ \
\| * \|	diag: Add protection while accessing usb_info's buffer table	Hardik Arya	2019-03-25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently there a possibility of NULL pointer dereference while accessing usb_info's buffer table due to missing proper protection. The patch adds protection for the same. Change-Id: I974a70a48e7ac47b42bc237aac4db1b9e47be6be Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \| \|	diag: Free usb buffer's entry after removing from list	Hardik Arya	2019-03-25
\|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently, there is possibility of memory leak due to not freeing allocated memory for usb buffer's entry after removing it from list. The patch handle this by freeing the entry. Change-Id: Idb08ecad859749e6ab1b09184362de38de4a9836 Signed-off-by: Hardik Arya <harya@codeaurora.org>
* \|	diag: dci: Prevent task deallocation and possible resource leak	Manoj Prabhu B	2019-03-13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Prevent DCI clients' task structs from being deallocated to provide diag driver a chance to clean up its dci client list. Also update dci client list pid reference count properly to prevent any resource leakage. Change-Id: Ie15df7103ef1ec733e1e0d08a0a22b4da6b418b3 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
* \|	diag: dci: Prevent task deallocation and possible resource leak	Manoj Prabhu B	2019-02-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Prevent DCI clients' task structs from being deallocated to provide diag driver a chance to clean up its dci client list. Also update dci client list pid reference count properly to prevent any resource leakage. Bug: 68726653 Change-Id: I31c61442a48ac263fd9ff341f6c29db8ace90952 Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>