android_kernel_zuk_msm8996.git

	Commit message (Collapse)	Author	Age
*	Merge tag 'LA.UM.8.4.c25-06600-8x98.0' of ↵	Michael Bestas	2022-11-05
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://git.codelinaro.org/clo/la/kernel/msm-4.4 into android13-4.4-msm8998 "LA.UM.8.4.c25-06600-8x98.0" * tag 'LA.UM.8.4.c25-06600-8x98.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.4: diag: Prevent out of bound write while sending dci pkt to remote diag: Ensure dci entry is valid before sending the packet ion: Fix integer overflow in msm_ion_custom_ioctl diag: Use valid data_source for a valid token msm: kgsl: Remove 'fd' dependency to get dma_buf handle msm: kgsl: Fix gpuaddr_in_range() to check upper bound msm: adsprpc: Handle UAF in fastrpc debugfs read msm: kgsl: Add a sysfs node to control performance counter reads msm: kgsl: Perform cache flush on the pages obtained using get_user_pages() soc: qcom: hab: Add sanity check for payload_count msm: kgsl: Fix out of bound write in adreno_profile_submit_time futex: Fix inode life-time issue futex: Handle faults correctly for PI futexes futex: Simplify fixup_pi_state_owner() futex: Use pi_state_update_owner() in put_pi_state() rtmutex: Remove unused argument from rt_mutex_proxy_unlock() futex: Provide and use pi_state_update_owner() futex: Replace pointless printk in fixup_owner() futex: Avoid violating the 10th rule of futex futex: Rework inconsistent rt_mutex/futex_q state futex: Remove rt_mutex_deadlock_account_*() futex,rt_mutex: Provide futex specific rt_mutex API msm: adsprpc: Handle UAF in process shell memory Disable TRACER Check to improve Camera Performance msm: kgsl: Deregister gpu address on memdesc_sg_virt failure crypto: Fix possible stack out-of-bound error msm: kgsl: Correct the refcount on current process PID. msm: kgsl: Compare pid pointer instead of TGID for a new process qcom,max-freq-level change for trial msm: kgsl: Protect the memdesc->gpuaddr in SVM use cases. msm: kgsl: Stop using memdesc->usermem. Conflicts: drivers/char/adsprpc.c drivers/char/diag/diag_dci.c drivers/gpu/msm/kgsl.c drivers/gpu/msm/kgsl_debugfs.c drivers/gpu/msm/kgsl_iommu.c drivers/gpu/msm/kgsl_mmu.c drivers/gpu/msm/kgsl_sharedmem.c drivers/gpu/msm/kgsl_trace.h kernel/futex.c kernel/locking/rtmutex.c kernel/locking/rtmutex_common.h Change-Id: I777ee96b855e2967ef6733e603d12f40174974d0
\| *	crypto: Fix possible stack out-of-bound error	Monika Singh	2021-03-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adding fix to check the upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538 Signed-off-by: Monika Singh <monising@codeaurora.org>
* \|	Merge "crypto: Fix possible stack out of bound error"	Linux Build Service Account	2020-11-10
\|\ \ \| \|/ \|/\|
\| *	crypto: Fix possible stack out of bound error	Tanwee Kausar	2020-11-06
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adding fix to check upper limit on the length of the destination array while copying element from source address to avoid stack out of bound error. Change-Id: I71ab7c8045f300623e4d906a764940dbcc88c878 Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
* \|	crypto: Fix possible stack out of bound error	Tanwee Kausar	2020-11-04
\|/ \| \| \| \| \| \| \| \|	Adding fix to check upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471 Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
*	crypto: qcedev: Fix out of memory issue	AnilKumar Chimata	2020-04-21
\| \| \| \| \| \| \| \| \| \| \|	Fixes memory leak issue which is caused due to unfreed memory of req struct after processing the user space request , this happens for every client who are using from user space through ioctls. Change-Id: I2f267b960a2c73a65b85e72b0bff9a87df68b4e0 Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org> Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
*	crypto: msm: update QTI crypto drivers for msm-4.4	Zhen Kong	2020-04-21
\| \| \| \| \| \| \| \| \| \| \| \|	Fix compilation issues for QTI crypto driver on msm-4.4 , this change does code clean up to remove unsupported SMMU attribute, allocate qcedev_async_req from heap instead of stack, and add NULL pointer check for ota_async_req. Change-Id: I5cabcb6993d8855275f3b38c7de6eafb77f8cbf4 Signed-off-by: Zhen Kong <zkong@codeaurora.org> Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org> Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
*	msm: ice: check for crypto engine availability	Neeraj Soni	2019-02-07
\| \| \| \| \| \| \| \| \| \|	There can be many ice instances present in dtsi file but not all of them will be initialized by storage driver. Check if crypto instance is initialized before setting it up for data encryption/decryption usage. Change-Id: I7c9227007474052513b277dec5963a973781c524 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
*	ARM: dts: msm: Remove Out-Of-Bound access	Monika Singh	2018-12-03
\| \| \| \| \| \| \| \|	Remove the out of bound access vulnerability in the qce driver reachable via ioctl. Change-Id: I4320cd27334eaae975f4a6ad07fb7b2e5ebccffd Signed-off-by: Monika Singh <monising@codeaurora.org>
*	wqcrypto: qcedev: Add null pointer check on sg_src	Ramandeep Trehan	2018-09-21
\| \| \| \| \| \| \| \|	Add a null pointer check on sg_src to avoid a possible null pointer dereference in qcedev driver. Change-Id: I9d4f9147ae6c340064110381c98d064f29fd9444 Signed-off-by: Ramandeep Trehan <rtrehan@codeaurora.org>
*	crypto: msm: reset pointer before returning from the function	Parai Wang	2018-03-27
\| \| \| \| \| \| \| \| \| \|	Reset cipher_req.creq.dst and cipher_req.creq.src pointer to NULL before returning from the function, and initialize scatterlist variable before using it. Change-Id: I5d5eee06a5213a05b20bf459ef0bf0c433fadbdd Signed-off-by: Zhen Kong <zkong@codeaurora.org> Signed-off-by: Parai Wang <fpwang@codeaurora.org>
*	crypto: msm: fix authdata copy issue in qcedev_sha_req_cb	Zhen Kong	2017-10-13
\| \| \| \| \| \| \| \| \| \| \|	qcedev_sha_req_cb() is only called by _sha_complete() during sha operation, and will copy byte_count value from authdata array. This array size is two, and only contains two byte_count value that are used for sha operation. So make change to only copy the first two elements from this array. Change-Id: I535f2ec0e358870a9a2163b3c0bf154b2c8d003f Signed-off-by: Zhen Kong <zkong@codeaurora.org>
*	crypto: ice: Sanitize the ice device return address.	Neeraj Soni	2017-10-03
\| \| \| \| \| \| \| \| \| \|	Even if ICE device is not found it is possible for list device API to return non NULL pointer which will pass all NULL checks in code. Ensure to return proper address or NULL. Change-Id: I1465614b86f1415376b2adffeec6e4da1a33ddd5 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
*	Merge "crypto: msm: Fix several race condition issues in crypto drivers"	Linux Build Service Account	2017-08-03
\|\
\| *	crypto: msm: Fix several race condition issues in crypto drivers	Brahmaji K	2017-07-20
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check areq before referencing, replace xchg to automic_xchg and verify return values of set key during SHA operations. Change-Id: Ife01372ba4990bfefe52b82db4ab33ef76190944 Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
* \|	Merge "qcom: scm: update function return value and input parameter type"	Linux Build Service Account	2017-08-03
\|\ \
\| * \|	qcom: scm: update function return value and input parameter type	Mohammed Khajapasha	2017-07-19
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Update the function return value and input scm_ret variable type for restore secure configuration in scm_restore_sec_cfg() fn. Adding scm_ret input variable for scm_get_feat_version() fn. Change-Id: Ideef914ded8dfdb4c780fd27d7273986eeb41f5c Signed-off-by: Mohammed Khajapasha <mkhaja@codeaurora.org>
* \|	Merge "crypto: ice: Remove redundant checks"	Linux Build Service Account	2017-07-22
\|\ \ \| \|/ \|/\|
\| *	crypto: ice: Remove redundant checks	Neeraj Soni	2017-07-21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check is implemented in required function as part of new implementation. Change-Id: I346cd27cb254abe7d9706f01a9b463750614245e Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
* \|	Merge "crypto: Change format specifier %p to %pK"	Linux Build Service Account	2017-07-06
\|\ \
\| * \|	crypto: Change format specifier %p to %pK	mohamed sunfeer	2017-06-29
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Format specifier %p can leak kernel addresses while not valuing the kptr_restrict system settings. When kptr_restrict is set to (1), kernel pointers printed using the %pK format specifier will be replaced with 0's Change-Id: Iff8d82b12e958b938fc767bf3e8c3a3c8fc65c2a Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
* \| \|	Merge "compat_qcedev: Fix accessing userspace memory in kernel space"	Linux Build Service Account	2017-07-05
\|\ \ \
\| * \| \|	compat_qcedev: Fix accessing userspace memory in kernel space	mohamed sunfeer	2017-06-21
\| \|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Use put_user API to write the data to userspace from kernel space to avoid accessing userspace memory directly in kernel space. Change-Id: I4dd73872ab8c374793268cef2b9a2dfccf3454c9 Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
* \| \|	Merge "scsi: ufs: Unblock UFS while ICE HW configuration"	Linux Build Service Account	2017-06-29
\|\ \ \ \| \|/ / \|/\| \|
\| * \|	scsi: ufs: Unblock UFS while ICE HW configuration	Neeraj Soni	2017-06-20
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Blocking UFS requests while ICE HW is getting configured is not required as block layer requeues the requests anyway. Change-Id: I5aacf772c93eb134a3e48c79b3fbdaefd8378581 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
* \|	crypto: msm: fix rfc4309(ccm(aes)) issue on msm-4.4	Zhen Kong	2017-06-13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In newer kernel (msm-4.4 or later), for AEAD ciphering, crypto api has been re-worked and the assoclen defines the length of association data and iv together. But for rfc4309(ccm(aes)), iv is not part of AAD. Therefore, change qcrypto driver to remove the iv, by subtract 8 from assoclen for rfc4309(ccm(aes)). Change-Id: I37eb1934d7817b5b5c33440122b68e5d37854960 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* \|	qcdev: Check the digest length during the SHA operations	Brahmaji K	2017-05-16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check the digest length to avoid buffer overflow while doing the SHA operations. Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1 Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
* \|	ota_crypto: Add NULL pointer check for new_req variable	Brahmaji K	2017-05-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add NULL pointer check before accessing the new_req variable. Change-Id: I8460115ccb16a2c43c45394275e9519ed3c6b045 Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
* \|	crypto: msm: Fix buffer overflow issue	AnilKumar Chimata	2017-04-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In multi-threaded environment diglen variable could be modified by multiple threads at the same time. Buffer overflow might happen in current thread if another thread changes the diglen variable. So add mutex locks to avoid this issue. Change-Id: I62c63c55c028dedb1dd0eec862851bd8e818a5d3 Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
* \|	crypto: msm: Use appropriate logging function	Neeraj Soni	2017-04-05
\|/ \| \| \| \| \| \|	Dynamic debug can be used to get the logs Change-Id: I6510da111019022149190fd753a5da1cc816fffa Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
*	crypto: msm: check invalid src and dst vbuf in qcedev.c	Zhen Kong	2017-02-25
\| \| \| \| \| \| \| \| \|	src and dst vbuf address and length are provided from userspace, and they are invalid if vbuf address is NULL but length is not zero. Add additional checks in qcedev_check_cipher_params to prevent it. Change-Id: Iadc1a0c1c5b2f7a56acd03a23c08e45b5a671b19 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
*	ice: Sent proper storage type for ICE configuration during reset	AnilKumar Chimata	2017-02-14
\| \| \| \| \| \| \| \| \|	Read instance type from device tree node to know the storage type for ICE configuration, which is used to program the corresponding ICE register during ICE reset. Change-Id: I0eb423fb84dc89115227abc7c5688df7ae9a4a3c Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
*	ice: fix issue with losing ICE key configuration during reset	Andrey Markovytch	2017-02-08
\| \| \| \| \| \| \|	TZ is called to restore key configuration in case of UFS reset Change-Id: Id434e7f9ec6befdce97f52fd350957b66adcb15f Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
*	Merge "qcrypto: protect potential integer overflow."	Linux Build Service Account	2017-02-03
\|\
\| *	qcrypto: protect potential integer overflow.	Zhen Kong	2017-01-25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adding user passed parameters without check might lead to Integer overflow and unpredictable system behaviour. Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* \|	Merge "crypto: msm: check length before copying to buf in _debug_stats_read"	Linux Build Service Account	2017-02-02
\|\ \
\| * \|	crypto: msm: check length before copying to buf in _debug_stats_read	Zhen Kong	2017-02-01
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Make sure that `len` is not larger than `count` before copying data to userspace `buf` in _debug_stats_read(). Change-Id: Iafb7cfa3828653f8c28183c812797c3d9a183da1 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* /	crypto: ice: Fix NULL pointer exception in ice.	Brahmaji K	2017-02-02
\|/ \| \| \| \| \| \| \| \|	While enabling ICE setup and on error conditions, the regulator is disabled. Before disabling the regulator, check if the regulator is up and able to access the registers of regulator. Change-Id: I94dd2b3e25444818f7bdf2f791f4fa9efaefce15 Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
*	Merge "crypto: msm: check integer overflow on total data len in qcedev.c"	Linux Build Service Account	2017-01-23
\|\
\| *	crypto: msm: check integer overflow on total data len in qcedev.c	Zhen Kong	2017-01-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	qcedev_vbuf_ablk_cipher will calculate total data length. It starts with the value of "areq->cipher_op_req.byteoffset", which is controlled by the user. Make change to check if this total data length has integer overflow issue in qcedev_check_cipher_params. Change-Id: Ice42dca6d47eb8febfe8a34e566c69e4799fab57 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* \|	crypto: msm: remove extraneous parentheses in qcedev.c	Zhen Kong	2017-01-19
\|/ \| \| \| \| \| \| \|	remove extraneous parentheses around the comparison to resolve static analysis warning. Change-Id: I67c755f028a8bf27e0b924cd636a1cce27e149fc Signed-off-by: Zhen Kong <zkong@codeaurora.org>
*	ice: fix security issue with validating error in pointer	Andrey Markovytch	2016-12-25
\| \| \| \| \| \| \| \|	get_ice_device_from_storage_type can return error pointer which is not NULL in case of error, this was not checked, changes fixes this. Change-Id: I7dd8a068454a7bd250189ff9467c685af449f81b Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
*	Merge "msm: crypto: fix AEAD issues for HW crypto driver on msm-4.4"	Linux Build Service Account	2016-12-23
\|\
\| *	msm: crypto: fix AEAD issues for HW crypto driver on msm-4.4	Zhen Kong	2016-12-21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Make change to fix AEAD operation issues due to incorrect usage of new aead interface introduced into kernel msm-4.4. Change-Id: I472449c52bff40d48f7d65b05e145cc47cba9357 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* \|	Merge "msm: crypto: set CLR_CNTXT bit for crypto operations"	Linux Build Service Account	2016-11-30
\|\ \
\| * \|	msm: crypto: set CLR_CNTXT bit for crypto operations	Zhen Kong	2016-11-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	HLOS Crypto driver needs to set CLR_CNTXT bit for operations with legacy software key registers Change-Id: Iff482f726d106e99a4006f7077a171da3c7ca9c3 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* \| \|	Merge "msm: crypto: fix issues on digest buf and copy_from_user in qcedev.c"	Linux Build Service Account	2016-11-25
\|\ \ \
\| * \| \|	msm: crypto: fix issues on digest buf and copy_from_user in qcedev.c	Zhen Kong	2016-11-14
\| \|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Make the digest length not larger than the size of the buffer qcedev_areq.sha_op_req.digest; and use the checked variants of the copy_from/to_user() APIs to avoid small race window of their unchecked variants. Change-Id: I3db0c20ac5fa47ed278f3d60368c406f472430c1 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
* / /	crypto: msm: qce50: Prevent deadlock during timeout	Yasir Malik	2016-11-09
\|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Lock out interrupts during issuing dummy request in timeout to prevent from a potential deadlock happening. Change-Id: I986d8c36c839a1dee23761465ad331ffc31dd6ac CRs-Fixed: 1008319 Acked-by: Che-Min Hsieh <cheminh@qti.qualcomm.com> Signed-off-by: Yasir Malik <ymalik@codeaurora.org>
* \|	qcedev: Validate Source and Destination addresses	AnilKumar Chimata	2016-11-04
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Source and Destination addresses passed by user space apps/clients are validated independent of type of operation to mitigate kernel address space exploitation. Change-Id: I9ecb0103d7a73eedb2e0d1db1d5613b18dd77e59 Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>