This repository has been archived by the owner on May 1, 2020. It is now read-only.
Upstream changes #21
Merged
Upstream changes #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This module tracks cputime and io stats. Signed-off-by: Jin Qian <jinqian@google.com> Bug: 34198239 Change-Id: I9ee7d9e915431e0bb714b36b5a2282e1fdcc7342 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
IO usages are accounted in foreground and background buckets. For each uid, io usage is calculated in two steps. delta = current total of all uid tasks - previus total current bucket += delta Bucket is determined by current uid stat. Userspace writes to /proc/uid_procstat/set <uid> <stat> when uid stat is updated. /proc/uid_io/stats shows IO usage in this format. <uid> <foreground IO> <background IO> Signed-off-by: Jin Qian <jinqian@google.com> Bug: 34198239 Change-Id: I3369e59e063b1e5ee0dfe3804c711d93cb937c0c Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Signed-off-by: Jin Qian <jinqian@google.com> Bug: 34360629 Change-Id: Ia748351e07910b1febe54f0484ca1be58c4eb9c7 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Userspace keeps retrying when it sees nothing is written. Bug: 34364961 Change-Id: Ie288c90c6a206fb863dcad010094fcd1373767aa Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
No need to aggregate the switched uid separately since update_io_stats_locked covers all uids. Bug: 34198239 Change-Id: Ifed347264b910de02e3f3c8dec95d1a2dbde58c0 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
A task can cancel writes made by other tasks. In rare cases, cancelled_write_bytes is larger than write_bytes if the task itself didn't make any write. This doesn't affect total size but may cause confusion when looking at IO usage on individual tasks. Bug: 35851986 Change-Id: If6cb549aeef9e248e18d804293401bb2b91918ca Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Change-Id: I6c138de5b2332eea70f57e098134d1d141247b3f Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Change-Id: Ie888d8a0f4ec7a27dea86dc4afba8e6fd4203488 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
We see this happens multiple times in heavy workload in systrace
and AMS stuck in uid_lock.
Running process: Process 953
Running thread: android.ui
State: Uninterruptible Sleep
Start:
1,025.628 ms
Duration:
27,955.949 ms
On CPU:
Running instead: system_server
Args:
{kernel callsite when blocked:: "uid_procstat_write+0xb8/0x144"}
Changing to rt_mutex can mitigate the priority inversion
Bug: 34991231
Bug: 34193533
Change-Id: I481baad840b7bc2dfa9b9a59b4dff93cafb90077
Test: on marlin
Signed-off-by: Wei Wang <wvw@google.com>
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Change-Id: I8a41b331c973898015d11d2018257727083f7910 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Replaced read_lock with rcu_read_lock to reduce time that preemption is disabled. Added a function to update io stats for specific uid and moved hash table lookup, user_namespace out of loops. Bug: 37319300 Change-Id: I2b81b5cd3b6399b40d08c3c14b42cad044556970 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
struct task_struct *task should be proteced by tasklist_lock. Change-Id: Iefcd13442a9b9d855a2bbcde9fd838a4132fee58 Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com> (cherry picked from commit 90d7877) Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Store sum of dead task io stats in uid_entry and defer uid io calulation until next uid proc stat change or dumpsys. Bug: 37754877 Change-Id: I970f010a4c841c5ca26d0efc7e027414c3c952e0 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Setuid can cause negative delta. Check this and update total usage only if delta is positive. Bug: 64317562 Change-Id: I4818c246db66cabf3b11d277faceedec1678694a Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
It is not uid_cputime.c anymore. Change-Id: I7effc2a449c1f9cba9d86a7b122a9c05fc266405 Signed-off-by: Artem Borisov <dedsa2002@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Few Android drivers viz. uid_sys_stats and keyreset/combo fail to build as kernel modules. uid_sys_stats.ko failed for undefined "tasklist_lock", which got un-exported in commit c59923a ("remove the tasklist_lock export"). Quoting from the commit, "Modules have no business looking at it, and all instances in drivers have been due to use of too-lowlevel APIs. Having this symbol exported prevents moving to more scalable locking schemes for the task list.". So instead of exporting tasklist_lock again, lets not build uid_sys_stats driver as module. Similarly skip building keyreset driver as module which call sys_sync() syscall. To keep things in perspective we don't build these drivers as modules in later kernels (android-4.4/4.9) as well. Change-Id: I6371df72d79c7ad0f0c08e6ebf7e16f1b0970761 Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
uid_io depends on TASK_XACCT and TASK_IO_ACCOUNTING. So add depends in Kconfig before compiling code. Change-Id: Ie6bf57ec7c2eceffadf4da0fc2aca001ce10c36e Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 21334988 Bug: 26966375 Change-Id: I17b097ae4ea6c63c2e9fddd9544e3f06d49b609d Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
We've got a memory leak with the following producer: while true; do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null; done The buffer req is allocated and not freed after we return. Fix it. Fixes: 2908d77 ("[SCSI] aic94xx: new driver") Signed-off-by: Jason Yan <yanaijie@huawei.com> CC: John Garry <john.garry@huawei.com> CC: chenqilin <chenqilin2@huawei.com> CC: chenxiang <chenxiang66@hisilicon.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
…RM ioctl CVE-2018-7755 FromBrian Belleville Date Wed, 7 Mar 2018 16:02:45 -0800 The final field of a floppy_struct is the field name, which is a pointer to a string in kernel memory. The kernel pointer should not be copied to user memory. The FDGETPRM ioctl copies a floppy_struct to user memory, including the name field. This pointer cannot be used by the user, and it will leak a kernel address to user-space, which will reveal the location of kernel code and data and undermine KASLR protection. Instead, copy the floppy_struct except for the name field. Signed-off-by: Brian Belleville <bbellevi@uci.edu> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
…E-2018-7273 From Brian Belleville Date Tue, 20 Feb 2018 14:54:25 -0800 Outputting kernel addresses will reveal the locations of kernel code and data. Change the cases in show_floppy that print fd_timer.work.func and fd_timeout.work.func to use the %pf format specifier, which will print the symbol name, like what is done for the other function pointers printed by show_floppy. No longer output the value of cont. The variable cont is a pointer that can hold the address of kernel global variables. Signed-off-by: Brian Belleville <bbellevi@uci.edu> https://lkml.org/lkml/2018/2/20/669 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
…2018-1068 We need to make sure the offsets are not out of range of the total size. Also check that they are in ascending order. The WARN_ON triggered by syzkaller (it sets panic_on_warn) is changed to also bail out, no point in continuing parsing. Briefly tested with simple ruleset of -A INPUT --limit 1/s' --log plus jump to custom chains using 32bit ebtables binary. Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
The ISA msnd drivers have loops fetching the ring-buffer head, tail and size values inside the loops. Such codes are inefficient and fragile. This patch optimizes it, and also adds the sanity check to avoid the endless loops. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196131 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196133 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Bug: 65023233 Signed-off-by: Roberto Pereira <rpere@google.com> Change-Id: Ib45f402cf304f9b8bf18884738f92b9c3db55573 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
When card->num_aux_devs is zero, card->rtd_aux is assigned an out-of-bounds
address.
This was found by KASan at runtime:
==================================================================
BUG: KASAN: slab-out-of-bounds in msm_audrx_init+0xaa8/0xba4 at addr ffffffc14021ec18
Read of size 8 by task kworker/u8:9/264
page:ffffffbdc5008000 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000004000(head)
page dumped because: kasan: bad access detected
CPU: 3 PID: 264 Comm: kworker/u8:9 Tainted: G B W 3.18.31-Sultan #39
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3.0 + PMI8996 MTP (DT)
Workqueue: deferwq deferred_probe_work_func
Call trace:
[<ffffffc00008a7bc>] dump_backtrace+0x0/0x298
[<ffffffc00008aa68>] show_stack+0x14/0x1c
[<ffffffc000fa8134>] dump_stack+0x98/0xc0
[<ffffffc0001b1a44>] kasan_report+0x3a4/0x4e8
[<ffffffc0001b115c>] __asan_load8+0x24/0x7c
[<ffffffc000cf47b4>] msm_audrx_init+0xaa8/0xba4
[<ffffffc000c293f4>] snd_soc_register_card+0x10ac/0x1c04
[<ffffffc000cf564c>] msm8996_asoc_machine_probe+0xd9c/0xf1c
[<ffffffc000670a8c>] platform_drv_probe+0x50/0xa4
[<ffffffc00066ecd4>] driver_probe_device+0x114/0x2e0
[<ffffffc00066eee0>] __device_attach+0x40/0x64
[<ffffffc00066cf20>] bus_for_each_drv+0xac/0xdc
[<ffffffc00066f058>] device_attach+0x94/0xc0
[<ffffffc00066d218>] bus_probe_device+0x48/0xf0
[<ffffffc00066e53c>] deferred_probe_work_func+0xa0/0xd0
[<ffffffc0000c229c>] process_one_work+0x324/0x50c
[<ffffffc0000c2928>] worker_thread+0x4a4/0x624
[<ffffffc0000c9808>] kthread+0x138/0x14c
Memory state around the buggy address:
ffffffc14021eb00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
ffffffc14021eb80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>ffffffc14021ec00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
^
ffffffc14021ec80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
ffffffc14021ed00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================
Change-Id: I5e5cf2f672753c483917142b6ebf1330995b20a5
Signed-off-by: Sultanxda <sultanxda@gmail.com>
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
When this copy_to_user() fails, the mutex won't be unlocked. Fix it. Change-Id: Ide7a7ed9ca8a8d33dafd2060a0c24c57e6396ea8 Signed-off-by: Sultanxda <sultanxda@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
When the minfreq is set to the maxfreq, there is nothing to really do: the CPU is already running at its maxfreq. In this scenario, just do nothing and re-arm the timer. Signed-off-by: Sultanxda <sultanxda@gmail.com> This happens when strong boosts get dispatched by our BoostFramework. Change-Id: Ic95e2f52901965b40d07f055bb93a6a614a5d79c Signed-off-by: Alex Naidis <alex.naidis@linux.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
When the panel timings are parsed, a stack-allocated variable is used to store the parsed data; however, this creates two problems. The first problem is that this creates a memory leak since a kstrdup() address is stored into the stack-allocated variable at the end of the mdss_dsi_panel_timing_from_dt() function. The second problem this creates is that the address of the stack-allocated variable is stored into the current_timing struct member (inside mdss_dsi_panel_timing_switch()) for future use in the driver. Since the data that current_timing points to is expected to persist long after init, allocate memory for the timing settings to fix the issues. Change-Id: I2bbc957b229a010c1b5701f2e40e42e65cd88b2d Signed-off-by: Sultanxda <sultanxda@gmail.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
hrtimer_init_on_stack() needs a matching call to destroy_hrtimer_on_stack(), so both need to be exported. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit c08376a) [astrachan: Fixes i386-allmodconfig build failure in vsoc.ko noticed by 01.org kbuild-all project building kernel/msm] Bug: 70214720 Change-Id: If4d5c466255019322ea21ef38ee5b1b382cce969 Signed-off-by: Alistair Strachan <astrachan@google.com>
After d_revalidate returns 0, the vfs will call d_invalidate, which will call d_drop itself, along with other cleanup. Bug: 78262592 Change-Id: Idbb30e008c05d62edf2217679cb6a5517d8d1a2c Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
In multiple WMA event handler functions, ssid_len is used to copy ssid from FW buffer to local buffer and ssid_len value is received from the FW. If the ssid_len value exceeds SIR_MAC_MAX_SSID_LENGTH then a buffer overwrite would occur. Add sanity check for ssid_len against SIR_MAC_MAX_SSID_LENGTH in multiple WMA handler functions Bug: 72956801 Change-Id: I9e4b1f88c275093b4912496cdb936cf54a8880a2 CRs-Fixed: 2162678 Signed-off-by: Ecco Park <eccopark@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
qcacld-3.0 to qcacld-2.0 propagation Add max check for probe request length against max length of probe request buffer to avoid buffer overflow. Bug: 72957234 Change-Id: Ie0fad7443b2c749c66bb9ad662625a16d3a840c3 CRs-Fixed: 2155808 Signed-off-by: Ahmed ElArabawy <arabawy@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Check for the validity of num_msdus when received the htt message of HTT_T2H_MSG_TYPE_TX_COMPL_IND or HTT_T2H_MSG_TYPE_TX_INSPECT_IND from firmware to ensure the buffer overflow does not happen. Bug: 72957505 Change-Id: Ic6ce75f34c5e2705d174eda014350e6ef0391388 CRs-Fixed: 2146869 Signed-off-by: Ahmed ElArabawy <arabawy@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
There is no check for the return value of dot11fUnpackIeRSN API in hdd_ProcessGENIE API, which may cause stack overflow if pmkid_count is returned as more than the PMKIDCache size. Add a check for return value of dot11fUnpackIeRSN to avoid possible stack overflow. Bug: 72957507 Change-Id: I56424c706de121b18b8d3f2c4a35089ec0434452 CRs-Fixed: 2149187 Signed-off-by: Ecco Park <eccopark@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
The txrx_fw_stats cmd will allocate a req object before sending the cmd to the firmware, this memory is only freed when get response from firmware. The memory leak will appear if the firmware doesn't response in time before the driver unloading. This fix will add a pending queue to trace this req object in the pdev. when pdev is detaching, it will clean up this queue to avoid memory leak. Bug: 72957257 Change-Id: I35f6216d35befbab978bba161252b305488bd34c CRs-Fixed: 2113219 Signed-off-by: Ecco Park <eccopark@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Dump the txrx stat req if the queue is not empty when detatch the pdev. Bug: 72957257 Change-Id: Ic38e01668efd28baf55acb04f448e236cc224c79 CRs-Fixed: 2113219 Signed-off-by: Ecco Park <eccopark@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
In function wma_unified_link_iface_stats_event_handler, num_ac is received from the firmware and is used in the loop to populate values into results. However, the memory for results is allocated only for WIFI_AC_MAX and a buffer overflow will occur if num_ac is greater than or equal to WIFI_AC_MAX. Add checks to make sure num_ac is not greater than to WIFI_AC_MAX. Note: This CL has been updated to fix the check to only return error on num_ac > WIFI_AC_MAX since an equal value is a valid value. This is to fix b/73597588. Bug: 70237689 Change-Id: Ie2056017aae641236efb118889e2919795b60f18 CRs-Fixed: 2154226 Signed-off-by: Ahmed ElArabawy <arabawy@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
In function wma_vdev_start_rsp_ind, vdev_id is received from the FW and is used to access wma_handle->interfaces without validating the upper limit. If the value of vdev_id received from the FW is not less than max_bssid, then a buffer overwrite will occur in the function wma_vdev_start_rsp_ind. Add sanity check to make sure vdev_id is less than max_bssid. Bug: 72957725 Change-Id: I83e1b797ca50a7fb58519f66dde26b035a2393ce CRs-Fixed: 2150359 Signed-off-by: Ahmed ElArabawy <arabawy@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Fragment count will be larger than the upper limit of cvg_nbuf_cb->extra_flag.num which would lead to an overread of fragment length. Upper limit check for fragment count is added in this change. Change-Id: Icc078b2efee554ac84377b5edd90d0a5c7a61f98 CRs-Fixed: 2129566 Bug: 72957387 Signed-off-by: Ecco Park <eccopark@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Add data_len check in wma_nan_rsp_event_handler() to avoid OOB access. Bug: 74237168 Change-Id: Iff42da84567381a4b64bc07e69ff1a0cd4b5a543 CRs-Fixed: 2170630 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
sdcardfs_mkdir() calls check_min_free_space(). When reserved_mb is not zero, a negative dentry will be passed to ext4_statfs() at last and ext4_statfs() will crash. The parent dentry is positive. So we use the parent dentry to check free space. Change-Id: I80ab9623fe59ba911f4cc9f0e029a1c6f7ee421b Signed-off-by: Lianjun Huang <huanglianjun@vivo.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Add spin lock to resolve race conditions while accessing substream runtime resource CRs-fixed: 2112713 Change-Id: I8db743303ceb50205d62adfc02caf6ecab635d47 Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Fix memory leak due to rpm request not freed during error conditions. Change-Id: I440a58bf452e76c8886f7bcd8f89b24698a301e9 Signed-off-by: Raghavendra Kakarla <rkakarla@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
During probe function of the Linux PIL kernel driver Initialization of various resources are done. This fix is for acquired resource cleanup, in case of error. CRs-Fixed: 2129451 Change-Id: I0b3511cff7e2917fe83bddfc15086e939f5c2abc Signed-off-by: Jitendra Sharma <shajit@codeaurora.org> Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Export new ioctl to user space to know the qsee version, which is required for QSEECOM listener services. Change-Id: Idd80ce0a3153d669d5f6fb748f73f7aaedefb3a5 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Add boundary check before copying data from userspace buffer to dwc3 local buffer. The third parameter passed to copy_from_user() should be minimum of the two values between userpsace buffer size count and (local_buffer size - 1). The last one byte in local_buffer should be reserved for null terminator. Change-Id: I9b2e3db4d5ad6b5f14515cadafa6264f9e8b786c Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Add size check to make sure the data sizes from WDSP ELF metadata and the split firmware ELF are the same. Change-Id: Ic2f7dc04dfc95608302cba23461c519378619db0 Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Issue is seen when apr callback is received while voice_svc_release is in process of freeing the driver private data. Avoid invalid access of private data pointer by putting the callback and release functions in the same locked context. Change-Id: I93af13cab0a3c7e653a9bc9fa7f4f86bfa0502df Signed-off-by: smanag <smanag@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
ac could get freed during the execution of q6asm_callback. And kernel panic happens. Add spinlock to protect ac to avoid kernel panic. Change-Id: Ie49c8a3979231552ba7d5f207aab0d95ffdc2a72 Signed-off-by: Meng Wang <mwang@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Add null terminator to end of buffered copied from user to prevent over reading. Change-Id: I80cfcb087ea2c335fd65d8fcdaf372c7d34a533d Signed-off-by: David Dai <daidavid1@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Fix issue in msm_thermal_process_voltage_table_request. For voltage tables bigger than 16 it is not correclty passing the partial table size to user space. The full size is passed instead of the partial size. For example if reading a table of 18 values the first read returns 16, and the partial read returns 18 but it should return 2. Change-Id: I75943e94341388cca772ee45bc1275fb5d2091d2 Signed-off-by: Jeff Bernard <jbernard@codeaurora.org> Signed-off-by: Santhosh Kumar Thimmanna Bhattar <sthim@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Increase the memstore size to increase the number of the kgsl context that can be supported simultaneously. Signed-off-by: Sriharsha P V <spvasu@codeaurora.org> Change-Id: I295dfd057cf5869a77b265262b38b41fca3cf3ba Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
The first APPS default routing table rule is installed at the IPA driver initialization. To prevent routing exception, this rule cannot be deleted by user application. This change prevents deleting this rule. Change-Id: Ia27434fd24a15fea5956018a1271b11bbe227df7 CRs-fixed: 2165859 Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
There a possibility of out-of-bound read because of not validating source buffer length against length that about to be copied. The patch adds proper check for validating length before copying data CRs-Fixed: 2163793 Change-Id: I7c93839d0c4d83024ce23a0ce494d09dd08567a9 Signed-off-by: Hardik Arya <harya@codeaurora.org> Signed-off-by: Bharat Pawar <bpawar@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. Therefore, using kfree is unsafe since it can lead to the Double-Free security issue. This change removes kfree from msm_dbm_probe function to avoid double free for dbm_data. Change-Id: I512284d021ba89d5d04a6d498aa17489e37bff2e Signed-off-by: Pratham Pratap <prathampratap@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
The part of old d_free() is that dealt with actual freeing of dentry. Taken out of dentry_kill() into a separate function. Git-repo: https://github.com/torvalds/linux.git Git-commit: b4f0354 Change-Id: I4b16554b6f6acc558d299ca3282eebf93612d8a9 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Ankit Jain <jankit@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
* external dentry names get a small structure prepended to them (struct external_name). * it contains an atomic refcount, matching the number of struct dentry instances that have ->d_name.name pointing to that external name. The first thing free_dentry() does is decrementing refcount of external name, so the instances that are between the call of free_dentry() and RCU-delayed actual freeing do not contribute. * __d_move(x, y, false) makes the name of x equal to the name of y, external or not. If y has an external name, extra reference is grabbed and put into x->d_name.name. If x used to have an external name, the reference to the old name is dropped and, should it reach zero, freeing is scheduled via kfree_rcu(). * free_dentry() in dentry with external name decrements the refcount of that name and, should it reach zero, does RCU-delayed call that will free both the dentry and external name. Otherwise it does what it used to do, except that __d_free() doesn't even look at ->d_name.name; it simply frees the dentry. All non-RCU accesses to dentry external name are safe wrt freeing since they all should happen before free_dentry() is called. RCU accesses might run into a dentry seen by free_dentry() or into an old name that got already dropped by __d_move(); however, in both cases dentry must have been alive and refer to that name at some point after we'd done rcu_read_lock(), which means that any freeing must be still pending. Git-repo: https://github.com/torvalds/linux.git Git-commit: 8d85b48 Change-Id: I1fa645f0e2eba6e8485daa8593600f933a5342c9 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Ankit Jain <jankit@codeaurora.org> Signed-off-by: Mugata, Sreenivasa Rao <smugat@codeaurora.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Increase the buffer-head per-CPU LRU size to allow efficient filesystem operations that access many blocks for each transaction. For example, creating a file in a large ext4 directory with quota enabled will access multiple buffer heads and will overflow the LRU at the default 8-block LRU size: * parent directory inode table block (ctime, nlinks for subdirs) * new inode bitmap * inode table block * 2 quota blocks * directory leaf block (not reused, but pollutes one cache entry) * 2 levels htree blocks (only one is reused, other pollutes cache) * 2 levels indirect/index blocks (only one is reused) The buffer-head per-CPU LRU size is raised to 16, as it shows in metadata performance benchmarks up to 10% gain for create, 4% for lookup and 7% for destroy. Change-Id: Ia8e4c430886b29fca32b7d4319365088cc2ca9d1 Signed-off-by: Liang Zhen <liang.zhen@intel.com> Signed-off-by: Andreas Dilger <andreas.dilger@intel.com> Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
When debugging the read-only hugepage case, I was confused by the fact that get_futex_key() did an access_ok() only for the non-shared futex case, since the user address checking really isn't in any way specific to the private key handling. Now, it turns out that the shared key handling does effectively do the equivalent checks inside get_user_pages_fast() (it doesn't actually check the address range on x86, but does check the page protections for being a user page). So it wasn't actually a bug, but the fact that we treat the address differently for private and shared futexes threw me for a loop. Just move the check up, so that it gets done for both cases. Also, use the 'rw' parameter for the type, even if it doesn't actually matter any more (it's a historical artifact of the old racy i386 "page faults from kernel space don't check write protections"). Change-Id: I70a366e4e392e917dce1ac19d66dfaea8984939b Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.