diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h
index f772e15c47663f0aafa1b287e8b9ac6aa3a55d2c..2d4e9c26f8f6e47de3b35ca8ae8c1f7b2fdcf887 100644
--- a/arch/arm64/include/asm/esr.h
+++ b/arch/arm64/include/asm/esr.h
@@ -109,6 +109,46 @@
((ESR_ELx_EC_BRK64 << ESR_ELx_EC_SHIFT) | ESR_ELx_IL | \
((imm) & 0xffff))
+/* ISS field definitions for System instruction traps */
+#define ESR_ELx_SYS64_ISS_RES0_SHIFT 22
+#define ESR_ELx_SYS64_ISS_RES0_MASK (UL(0x7) << ESR_ELx_SYS64_ISS_RES0_SHIFT)
+#define ESR_ELx_SYS64_ISS_DIR_MASK 0x1
+#define ESR_ELx_SYS64_ISS_DIR_READ 0x1
+#define ESR_ELx_SYS64_ISS_DIR_WRITE 0x0
+
+#define ESR_ELx_SYS64_ISS_RT_SHIFT 5
+#define ESR_ELx_SYS64_ISS_RT_MASK (UL(0x1f) << ESR_ELx_SYS64_ISS_RT_SHIFT)
+#define ESR_ELx_SYS64_ISS_CRM_SHIFT 1
+#define ESR_ELx_SYS64_ISS_CRM_MASK (UL(0xf) << ESR_ELx_SYS64_ISS_CRM_SHIFT)
+#define ESR_ELx_SYS64_ISS_CRN_SHIFT 10
+#define ESR_ELx_SYS64_ISS_CRN_MASK (UL(0xf) << ESR_ELx_SYS64_ISS_CRN_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP1_SHIFT 14
+#define ESR_ELx_SYS64_ISS_OP1_MASK (UL(0x7) << ESR_ELx_SYS64_ISS_OP1_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP2_SHIFT 17
+#define ESR_ELx_SYS64_ISS_OP2_MASK (UL(0x7) << ESR_ELx_SYS64_ISS_OP2_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP0_SHIFT 20
+#define ESR_ELx_SYS64_ISS_OP0_MASK (UL(0x3) << ESR_ELx_SYS64_ISS_OP0_SHIFT)
+#define ESR_ELx_SYS64_ISS_SYS_MASK (ESR_ELx_SYS64_ISS_OP0_MASK | \
+ ESR_ELx_SYS64_ISS_OP1_MASK | \
+ ESR_ELx_SYS64_ISS_OP2_MASK | \
+ ESR_ELx_SYS64_ISS_CRN_MASK | \
+ ESR_ELx_SYS64_ISS_CRM_MASK)
+#define ESR_ELx_SYS64_ISS_SYS_VAL(op0, op1, op2, crn, crm) \
+ (((op0) << ESR_ELx_SYS64_ISS_OP0_SHIFT) | \
+ ((op1) << ESR_ELx_SYS64_ISS_OP1_SHIFT) | \
+ ((op2) << ESR_ELx_SYS64_ISS_OP2_SHIFT) | \
+ ((crn) << ESR_ELx_SYS64_ISS_CRN_SHIFT) | \
+ ((crm) << ESR_ELx_SYS64_ISS_CRM_SHIFT))
+
+#define ESR_ELx_SYS64_ISS_SYS_OP_MASK (ESR_ELx_SYS64_ISS_SYS_MASK | \
+ ESR_ELx_SYS64_ISS_DIR_MASK)
+
+#define ESR_ELx_SYS64_ISS_SYS_CNTVCT (ESR_ELx_SYS64_ISS_SYS_VAL(3, 3, 2, 14, 0) | \
+ ESR_ELx_SYS64_ISS_DIR_READ)
+
+#define ESR_ELx_SYS64_ISS_SYS_CNTFRQ (ESR_ELx_SYS64_ISS_SYS_VAL(3, 3, 0, 14, 0) | \
+ ESR_ELx_SYS64_ISS_DIR_READ)
+
#ifndef __ASSEMBLY__
#include <asm/types.h>
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 130151b6deadfdf66bc20000a30efc8a9c08d5b1..f7c5d7e1c3547bc62097dc34fabe3e4affe19af0 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -574,7 +574,7 @@ el0_sync:
cmp x24, #ESR_ELx_EC_FP_EXC64 // FP/ASIMD exception
b.eq el0_fpsimd_exc
cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
- b.eq el0_undef
+ b.eq el0_sys
cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception
b.eq el0_sp_pc
cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
@@ -702,6 +702,16 @@ el0_undef:
mov x0, sp
bl do_undefinstr
b ret_to_user
+el0_sys:
+ /*
+ * System instructions, for trapped cache maintenance instructions
+ */
+ enable_dbg_and_irq
+ ct_user_exit
+ mov x0, x25
+ mov x1, sp
+ bl do_sysinstr
+ b ret_to_user
el0_dbg:
/*
* Debug exception handling
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index d9243d126881bb9acee7381e5b9becd40eda83b0..3c76fb97ec2fa9df8a8729b68c84d07b2a4c1700 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -33,6 +33,7 @@
#include <linux/syscalls.h>
#include <asm/atomic.h>
+#include <asm/barrier.h>
#include <asm/bug.h>
#include <asm/debug-monitors.h>
#include <asm/esr.h>
@@ -449,6 +450,54 @@ asmlinkage void __exception do_undefinstr(struct pt_regs *regs)
arm64_notify_die("Oops - undefined instruction", regs, &info, 0);
}
+static void cntvct_read_handler(unsigned int esr, struct pt_regs *regs)
+{
+ int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
+
+ isb();
+ if (rt != 31)
+ regs->regs[rt] = arch_counter_get_cntvct();
+ regs->pc += 4;
+}
+
+static void cntfrq_read_handler(unsigned int esr, struct pt_regs *regs)
+{
+ int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
+
+ if (rt != 31)
+ regs->regs[rt] = read_sysreg(cntfrq_el0);
+ regs->pc += 4;
+}
+
+static void cntpct_read_handler(unsigned int esr, struct pt_regs *regs)
+{
+ int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
+
+ isb();
+ if (rt != 31)
+ regs->regs[rt] = read_sysreg(cntpct_el0);
+ regs->pc += 4;
+}
+
+#define ESR_ELx_SYS64_ISS_SYS_CNTPCT (ESR_ELx_SYS64_ISS_SYS_VAL(3, 3, 1, 14, 0) | \
+ ESR_ELx_SYS64_ISS_DIR_READ)
+
+asmlinkage void __exception do_sysinstr(unsigned int esr, struct pt_regs *regs)
+{
+ if ((esr & ESR_ELx_SYS64_ISS_SYS_OP_MASK) == ESR_ELx_SYS64_ISS_SYS_CNTVCT) {
+ cntvct_read_handler(esr, regs);
+ return;
+ } else if ((esr & ESR_ELx_SYS64_ISS_SYS_OP_MASK) == ESR_ELx_SYS64_ISS_SYS_CNTFRQ) {
+ cntfrq_read_handler(esr, regs);
+ return;
+ } else if ((esr & ESR_ELx_SYS64_ISS_SYS_OP_MASK) == ESR_ELx_SYS64_ISS_SYS_CNTPCT) {
+ cntpct_read_handler(esr, regs);
+ return;
+ }
+
+ do_undefinstr(regs);
+}
+
long compat_arm_syscall(struct pt_regs *regs);
asmlinkage long do_ni_syscall(struct pt_regs *regs)
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 6e49c0006ee615b66b52fb1baad7de080967a2bc..2a2ac78fbe4c9bf6628fd7ee3303a5205ce2e7ed 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -2621,6 +2621,10 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num,
if (!size)
size = sizeof(struct fastrpc_ioctl_init_attrs);
VERIFY(err, 0 == copy_from_user(&p.init, param, size));
+ if (err)
+ goto bail;
+ VERIFY(err, p.init.init.filelen >= 0 &&
+ p.init.init.memlen >= 0);
if (err)
goto bail;
VERIFY(err, 0 == fastrpc_init_process(fl, &p.init));
diff --git a/drivers/clocksource/Kconfig b/drivers/clocksource/Kconfig
index 8bf3355e95db46aaf17310d740ad655cdc93369e..41ab304f877481c5dc7c31076aac5c0ec86ee887 100644
--- a/drivers/clocksource/Kconfig
+++ b/drivers/clocksource/Kconfig
@@ -158,6 +158,14 @@ config ARM_ARCH_TIMER_EVTSTREAM
This must be disabled for hardware validation purposes to detect any
hardware anomalies of missing events.
+config ARM_ARCH_TIMER_VCT_ACCESS
+ bool "Support for ARM architected timer virtual counter access in userspace"
+ default n
+ depends on ARM_ARCH_TIMER
+ help
+ This option enables support for reading the ARM architected timer's
+ virtual counter in userspace.
+
config MSM_TIMER_LEAP
bool "ARCH TIMER counter rollover"
default n
diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
index 5dc26d29e4a420d71be8674de72c0e468ea5f0c0..a2f9e68333d8c7142ebabc039933d952c5d84ec8 100644
--- a/drivers/clocksource/arm_arch_timer.c
+++ b/drivers/clocksource/arm_arch_timer.c
@@ -326,14 +326,18 @@ static void arch_counter_set_user_access(void)
{
u32 cntkctl = arch_timer_get_cntkctl();
- /* Disable user access to the timers */
+ /* Disable user access to the timers and the physical counter */
/* Also disable virtual event stream */
cntkctl &= ~(ARCH_TIMER_USR_PT_ACCESS_EN
- | ARCH_TIMER_VIRT_EVT_EN);
+ | ARCH_TIMER_USR_VT_ACCESS_EN
+ | ARCH_TIMER_VIRT_EVT_EN
+ | ARCH_TIMER_USR_PCT_ACCESS_EN);
- /* Enable user access to the virtual and physical counters */
- cntkctl |= ARCH_TIMER_USR_VCT_ACCESS_EN | ARCH_TIMER_USR_PCT_ACCESS_EN
- | ARCH_TIMER_USR_VT_ACCESS_EN;
+ /* Enable user access to the virtual counter */
+ if (IS_ENABLED(CONFIG_ARM_ARCH_TIMER_VCT_ACCESS))
+ cntkctl |= ARCH_TIMER_USR_VCT_ACCESS_EN;
+ else
+ cntkctl &= ~ARCH_TIMER_USR_VCT_ACCESS_EN;
arch_timer_set_cntkctl(cntkctl);
}
diff --git a/drivers/input/touchscreen/synaptics_dsx_htc/synaptics_dsx_rmi_dev_htc.c b/drivers/input/touchscreen/synaptics_dsx_htc/synaptics_dsx_rmi_dev_htc.c
index e699dfea50c8146d0e7c85ed84a4fc3f4a00c4b4..bf3a18fb061afee8d02b7732562bed6dfbe621c5 100644
--- a/drivers/input/touchscreen/synaptics_dsx_htc/synaptics_dsx_rmi_dev_htc.c
+++ b/drivers/input/touchscreen/synaptics_dsx_htc/synaptics_dsx_rmi_dev_htc.c
@@ -125,19 +125,19 @@ static struct bin_attribute attr_data = {
};
static struct device_attribute attrs[] = {
- __ATTR(open, S_IRUGO | S_IWUSR | S_IWGRP,
+ __ATTR(open, S_IRUGO | S_IWUSR,
synaptics_rmi4_show_error,
rmidev_sysfs_open_store),
- __ATTR(release, S_IRUGO | S_IWUSR | S_IWGRP,
+ __ATTR(release, S_IRUGO | S_IWUSR,
synaptics_rmi4_show_error,
rmidev_sysfs_release_store),
__ATTR(attn_state, S_IRUGO,
rmidev_sysfs_attn_state_show,
synaptics_rmi4_store_error),
- __ATTR(pid, S_IRUGO | S_IRUGO | S_IWUSR | S_IWGRP,
+ __ATTR(pid, S_IRUGO | S_IRUGO | S_IWUSR,
rmidev_sysfs_pid_show,
rmidev_sysfs_pid_store),
- __ATTR(term, S_IRUGO | S_IWUSR | S_IWGRP,
+ __ATTR(term, S_IRUGO | S_IWUSR,
synaptics_rmi4_show_error,
rmidev_sysfs_term_store),
__ATTR(intr_mask, S_IRUGO,
diff --git a/drivers/mfd/wcd9xxx-core.c b/drivers/mfd/wcd9xxx-core.c
index ba3299db8a2b3adcc77feb7363cce02c2e4706f6..7224bd6a457c93e9f2901602693eaa8ecb543d28 100644
--- a/drivers/mfd/wcd9xxx-core.c
+++ b/drivers/mfd/wcd9xxx-core.c
@@ -1399,19 +1399,19 @@ static int wcd9xxx_slim_probe(struct slim_device *slim)
("wcd9xxx_core", 0);
if (!IS_ERR(debugfs_wcd9xxx_dent)) {
debugfs_peek = debugfs_create_file("slimslave_peek",
- S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+ S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
(void *) "slimslave_peek", &codec_debug_ops);
debugfs_poke = debugfs_create_file("slimslave_poke",
- S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+ S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
(void *) "slimslave_poke", &codec_debug_ops);
debugfs_power_state = debugfs_create_file("power_state",
- S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+ S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
(void *) "power_state", &codec_debug_ops);
debugfs_reg_dump = debugfs_create_file("slimslave_reg_dump",
- S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+ S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
(void *) "slimslave_reg_dump", &codec_debug_ops);
}
#endif
diff --git a/drivers/soc/qcom/spcom.c b/drivers/soc/qcom/spcom.c
index 0c44d76bc7c77b149b994a1905d4e3ea9fc1b26d..f0a728f06d1031d766d24ba260fc63813a7472e8 100644
--- a/drivers/soc/qcom/spcom.c
+++ b/drivers/soc/qcom/spcom.c
@@ -247,7 +247,7 @@ struct spcom_device {
int channel_count;
/* private */
- struct mutex lock;
+ struct mutex cmd_lock;
/* Link state */
struct completion link_state_changed;
@@ -1872,6 +1872,8 @@ static int spcom_handle_write(struct spcom_channel *ch,
swap_id = htonl(cmd->cmd_id);
memcpy(cmd_name, &swap_id, sizeof(int));
+ mutex_lock(&spcom_dev->cmd_lock);
+
pr_debug("cmd_id [0x%x] cmd_name [%s].\n", cmd_id, cmd_name);
switch (cmd_id) {
@@ -1895,9 +1897,11 @@ static int spcom_handle_write(struct spcom_channel *ch,
break;
default:
pr_err("Invalid Command Id [0x%x].\n", (int) cmd->cmd_id);
- return -EINVAL;
+ ret = -EINVAL;
}
+ mutex_unlock(&spcom_dev->cmd_lock);
+
return ret;
}
@@ -2596,7 +2600,7 @@ static int spcom_probe(struct platform_device *pdev)
return -ENOMEM;
spcom_dev = dev;
- mutex_init(&dev->lock);
+ mutex_init(&spcom_dev->cmd_lock);
init_completion(&dev->link_state_changed);
spcom_dev->link_state = GLINK_LINK_STATE_DOWN;
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index e4530ac6d5d41db093de4befdb124c7c755a6036..28c9afe538ca688bbdbc5c4db2320a5b8de3af7e 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -753,10 +753,12 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
break;
case ASHMEM_SET_SIZE:
ret = -EINVAL;
+ mutex_lock(&ashmem_mutex);
if (!asma->file) {
ret = 0;
asma->size = (size_t)arg;
}
+ mutex_unlock(&ashmem_mutex);
break;
case ASHMEM_GET_SIZE:
ret = asma->size;
diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c
index ce2ba4aa97a7e5e90faa05e40f1fbdef72c1566a..d3bd4bf7bec9ecf46cb66290c3f3714aabb42edc 100644
--- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c
+++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c
@@ -286,7 +286,7 @@ static int hdd_parse_setrmcenable_command(uint8_t *pValue,
if ('\0' == *inPtr)
return 0;
- v = sscanf(inPtr, "%32s ", buf);
+ v = sscanf(inPtr, "%31s ", buf);
if (1 != v)
return -EINVAL;
@@ -324,7 +324,7 @@ static int hdd_parse_setrmcactionperiod_command(uint8_t *pValue,
if ('\0' == *inPtr)
return 0;
- v = sscanf(inPtr, "%32s ", buf);
+ v = sscanf(inPtr, "%31s ", buf);
if (1 != v)
return -EINVAL;
diff --git a/drivers/video/fbdev/msm/mdss_mdp_pp_v1_7.c b/drivers/video/fbdev/msm/mdss_mdp_pp_v1_7.c
index 71cab148e1c3fc7b1a024eada138eccb0fa90f18..0824b36c5605d58f2b2a6df195927049da830f79 100644
--- a/drivers/video/fbdev/msm/mdss_mdp_pp_v1_7.c
+++ b/drivers/video/fbdev/msm/mdss_mdp_pp_v1_7.c
@@ -1954,20 +1954,24 @@ static int pp_pgc_get_config(char __iomem *base_addr, void *cfg_data,
u32 *c0_data = NULL, *c1_data = NULL, *c2_data = NULL;
u32 val = 0, i = 0, sz = 0;
struct mdp_pgc_lut_data *pgc_data = NULL;
- struct mdp_pgc_lut_data_v1_7 *pgc_data_v17 = NULL;
+ struct mdp_pgc_lut_data_v1_7 pgc_lut_data_v17;
+ struct mdp_pgc_lut_data_v1_7 *pgc_data_v17 = &pgc_lut_data_v17;
if (!base_addr || !cfg_data) {
pr_err("invalid params base_addr %pK cfg_data %pK block_type %d\n",
base_addr, cfg_data, block_type);
return -EINVAL;
}
pgc_data = (struct mdp_pgc_lut_data *) cfg_data;
- pgc_data_v17 = (struct mdp_pgc_lut_data_v1_7 *)
- pgc_data->cfg_payload;
- if (pgc_data->version != mdp_pgc_v1_7 || !pgc_data_v17) {
+ if (pgc_data->version != mdp_pgc_v1_7 || !pgc_data->cfg_payload) {
pr_err("invalid pgc version %d payload %pK\n",
- pgc_data->version, pgc_data_v17);
+ pgc_data->version, pgc_data->cfg_payload);
return -EINVAL;
}
+ if (copy_from_user(pgc_data_v17, (void __user *) pgc_data->cfg_payload,
+ sizeof(*pgc_data_v17))) {
+ pr_err("copy from user failed for pgc lut data\n");
+ return -EFAULT;
+ }
if (!(pgc_data->flags & MDP_PP_OPS_READ)) {
pr_info("read ops is not set %d", pgc_data->flags);
return -EINVAL;
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 7ba41b0dd3b13b392902d5d9c12f9ebda0ba363f..1341aca72a4a192551740dcebed40a46921dc6c5 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -5402,17 +5402,20 @@ long group_norm_util(struct energy_env *eenv, struct sched_group *sg)
static int find_new_capacity(struct energy_env *eenv,
const struct sched_group_energy * const sge)
{
- int idx;
+ int idx, max_idx = sge->nr_cap_states - 1;
unsigned long util = group_max_util(eenv);
+ /* default is max_cap if we don't find a match */
+ eenv->cap_idx = max_idx;
+
for (idx = 0; idx < sge->nr_cap_states; idx++) {
- if (sge->cap_states[idx].cap >= util)
+ if (sge->cap_states[idx].cap >= util) {
+ eenv->cap_idx = idx;
break;
+ }
}
- eenv->cap_idx = idx;
-
- return idx;
+ return eenv->cap_idx;
}
static int group_idle_state(struct sched_group *sg)