Age | Commit message (Collapse) | Author |
|
commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream.
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But this seems to be insufficient in the light of the stack usage in
userspace. E.g. glibc uses as large as 64kB alloca() in many commonly
used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX]
which is 256kB or stack strings with MAX_ARG_STRLEN.
This will become especially dangerous for suid binaries and the default
no limit for the stack size limit because those applications can be
tricked to consume a large portion of the stack and a single glibc call
could jump over the guard page. These attacks are not theoretical,
unfortunatelly.
Make those attacks less probable by increasing the stack guard gap
to 1MB (on systems with 4k pages; but make it depend on the page size
because systems with larger base pages might cap stack allocations in
the PAGE_SIZE units) which should cover larger alloca() and VLA stack
allocations. It is obviously not a full fix because the problem is
somehow inherent, but it should reduce attack space a lot.
One could argue that the gap size should be configurable from userspace,
but that can be done later when somebody finds that the new 1MB is wrong
for some special case applications. For now, add a kernel command line
option (stack_guard_gap) to specify the stack gap size (in page units).
Implementation wise, first delete all the old code for stack guard page:
because although we could get away with accounting one extra page in a
stack vma, accounting a larger gap can break userspace - case in point,
a program run with "ulimit -S -v 20000" failed when the 1MB gap was
counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK
and strict non-overcommit mode.
Instead of keeping gap inside the stack vma, maintain the stack guard
gap as a gap between vmas: using vm_start_gap() in place of vm_start
(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few
places which need to respect the gap - mainly arch_get_unmapped_area(),
and and the vma tree's subtree_gap support for that.
Bug 1946430
Change-Id: I9a66aabc34b687996fb971e01bb0ef30a3d4de7d
Original-patch-by: Oleg Nesterov <oleg@redhat.com>
Original-patch-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Tested-by: Helge Deller <deller@gmx.de> # parisc
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[wt: backport to 4.11: adjust context]
[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide]
[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes]
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1509390
GVS: Gerrit_Virtual_Submit
Tested-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
|
|
GPIO used for WOL is briefly used in i210 reset procedure.
This patch makes sure it's freed and can be used for a wakeup
source.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
_BSD_SOURCE was deprecated in favour of _DEFAULT_SOURCE since glibc
2.20[1]. To avoid build warning on glibc2.20, _DEFAULT_SOURCE should
also be defined.
[1]: https://sourceware.org/glibc/wiki/Release/2.20
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/1410487817-13403-1-git-send-email-chanho61.park@samsung.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
(cherry picked from commit 512fe365373b9c95a70b4b6357503ee74d27214f)
|
|
Let the kernel print some debug messages when a user program
crashes due to an exception.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Some functionality used by android binary drivers
were missing.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
As stated by the eMMC 5.0 specification, a chip should not be rejected
only because of the revision stated in the EXT_CSD_REV field of the
EXT_CSD register.
Remove the control on this value, the control of the CSD_STRUCTURE field
should be sufficient to reject future incompatible changes.
Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
(cherry picked from commit 03a59437ef6b6ad7fb0165cb9b96c08d6bf057fc)
|
|
Merge NVIDIA's latest Linux for Tegra aka L4T R21.6 Linux kernel changes
from git://nv-tegra.nvidia.com/linux-3.10.git commit:
b271e8fa67a6d9c4600274a25636cfe00fdd1b68
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
This reverts commit 8fdf8dc5afdb02625084356ebd7c0d1c7494a00e.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
This reverts commit 0293e897d740cc7991c82567aab5dee0e66294fd.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Signed-off-by: Peter Gielda <pgielda@antmicro.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Some of reads transaction getting before write
has completed resulting in RAW violation. This
WAR avoids this situation.
Bug 1345350
Change-Id: I56728d00326b193be26ccb4fe68787ebd8a2623d
Signed-off-by: Jay Agarwal <jagarwal@nvidia.com>
Reviewed-on: http://git-master/r/365301
(cherry picked from commit a706735e3c50a70dfee4a3d11378d3a1872a71d7)
Reviewed-on: https://git-master.nvidia.com/r/1595945
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Reviewed-by: Manikanta Maddireddy <mmaddireddy@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Mantravadi Karthik <mkarthik@nvidia.com>
|
|
DDC/EDID detection was failing on Apalis TK1 V1.2A on Ixora.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
We moved HDMI DDC configuration to the device-tree.
If DDC config is missing from the device-tree
we default to v1.2 config.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Support the V1.2 hardware revision with the following pin muxing
changes:
Ddc_scl_pv4 and ddc_sda_pv5 previously used as Apalis GPIO3 and GPIO4
are now used as DDC pins.
Gen2_i2c_scl_pt5 and gen2_i2c_sda_pt6 previously used as DDC pins are
now used as USB power enable signals.
Usb_vbus_en0_pn4 and usb_vbus_en1_pn5 previously used as USB power
enable signals are now used as GPIO3 and GPIO4.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Update model and compatibility nodes to be more in-line with mainline.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Cosmetic clean-up to bring it more in-line with mainline driver in order
to be able to easily assess whether it is all kosher.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Bug 1989825
Change-Id: Id158ece2176c4ac339a7232dfde8c47ce2241122
Cc: stable@vger.kernel.org
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1558952
(cherry picked from commit c005032a3ffe77437f6ebc704af377fc9bc46279)
Reviewed-on: https://git-master.nvidia.com/r/1570529
Reviewed-by: Matthew Pedro <mapedro@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
Tested-by: Winnie Hsu <whsu@nvidia.com>
|
|
This automatically selects options for zone DMA and 64 bit DMA addresses
when LPAE is enabled on ARM Tegra platforms. These options are required
for proper operation with LPAE enabled.
The ZONE_DMA option is required to ensure that drivers that allocate DMA
memory get buffers from the first 4 GiB. This is necessary because a lot
of the controllers only support addressing 32 bits.
As for ARCH_DMA_ADDR_T_64BIT, there are situations where devices that do
support addresses of more than 32 bits (such as the display controller
or the GPU) can run without translating addresses through an IOMMU on a
device with more than 4 GiB of system memory.
Note that both of these options are stop-gap solutions required only
until the IOMMU can be properly integrated with the DMA mapping API and
drivers use that properly and consistently.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
[treding@nvidia.com: specify rationale for options]
Signed-off-by: Thierry Reding <treding@nvidia.com>
(backported from commit 6aa26c5d66595494e810c791602d87a572c78808)
|
|
Bug 200336148
This reverts commit 2db040946ff8340485b2b33fe5a46f3166fa96f6.
Change-Id: I8a80a7bd1bd8b1a949fba26b683ac1c9bebc0c04
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1534941
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
|
|
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Bug 1989825
Change-Id: Id158ece2176c4ac339a7232dfde8c47ce2241122
Cc: stable@vger.kernel.org
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1558952
GVS: Gerrit_Virtual_Submit
|
|
With gcc 7 the following compile time error occurs:
| drivers/video/tegra/dc/dp.c:1178:12: error: the omitted middle operand in ?: will always be 'true', suggest explicit middle operand [-Werror=parentheses]
| cr_done ? : ({ret = -EINVAL; goto fail; });
| ^
| drivers/video/tegra/dc/dp.c:1186:12: error: the omitted middle operand in ?: will always be 'true', suggest explicit middle operand [-Werror=parentheses]
| lt_done ? : ({ret = -EINVAL; goto fail; });
| ^
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
With gcc 7 the following compile time error occurs:
| arch/arm/mach-tegra/tegra11_soctherm.c:2978:40: error: the omitted middle operand in ?: will always be 'true', suggest explicit middle operand [-Werror=parentheses]
| s->sensor_enable = s->sensor_enable ?: therm->zone_enable;
| ^
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
With gcc 7 the following compile time error occurs:
| drivers/video/tegra/dc/dsi.c:766:34: error: '*' in boolean context, suggest '&&' instead [-Werror=int-in-bool-context]
| drivers/video/tegra/dc/dsi.c:757:1:
| (platform_t_phy_ps) ? ( \
| ~~~~~~~~~~~~~~~~~~~
| kernel-source/drivers/video/tegra/dc/dsi.c:766:34:
| dsi->info.phy_timing.t_tlpx_ns * 1000,
| drivers/video/tegra/dc/dsi.c:757:2: note: in definition of macro 'SELECT_T_PHY'
| (platform_t_phy_ps) ? ( \
| ^~~~~~~~~~~~~~~~~
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
With gcc 7 the following compile time error occurs:
| arch/arm/mach-tegra/powergate-t12x.c:814:10: error: statement will never be executed [-Werror=switch-unreachable]
| return true;
| ^~~~
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
With gcc 7 the following compile time error occurs:
| .../drivers/usb/gadget/tegra_udc.c:2565:17: error: 'out' directive writing 3 bytes into a region of size between 2 and 11 [-Werror=format-overflow=]
| sprintf(name, "ep%dout", i);
| ^~~~~~~~~
| .../drivers/usb/gadget/tegra_udc.c:2565:3: note: 'sprintf' output between 7 and 16 bytes into a destination of size 14
| sprintf(name, "ep%dout", i);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
The last end point will never be greater than 32 but the compiler can
not find this out from the code. Work around this by passing a format
specifier to interpreat i as a signed char.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Activate PWM pin muxing for Apalis PWM3. Note that the same PWM3 is
already active on pu6 being Apalis BKL1_PWM as well. Therefore exporting
that one for raw sysfs access will fail and one has to revert to using
the pwm backlight.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Enable support for the Large Physical Address Extension aka LPAE.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Tegra spi driver was using devm_kzalloc before dev
was bound.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
It turns out that the current PCIe reset implementation is not quite
working reliably due to some Intel i210 errata. Fix this by making sure
the i210's +V3.3_ETH rail is properly disabled during its reset
sequence.
Also further improve on the bringing up the PCIe switch as found on the
Apalis Evaluation board.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Toradex Carrier boards use the ST M41T0 RTC (not M41T00). The RTC
is almost the same, but the M41T0 needs some special handling in
case the oscillator fails. Now that support for this difference is
available, using the new compatible string to make use of it.
Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
The m41t0 variant is very similar to the already supported m41t00
variant, with the notable exception of the oscillator fail bit.
The data sheet notes:
If the oscillator fail (OF) bit is internally set to a '1,' this
indicates that the oscillator has either stopped, or was stopped
for some period of time and can be used to judge the validity of
the clock and date data.
The bit will get cleared with a regular write of the system time,
so no changes are needed to clear it.
Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
(backported from commit 8566f70c8a90f3914b06e934852596ba94aaa381)
|
|
We have never used the IOCTL FREE_OBJ_CTX. Using it leads to context being
only partially available, and can lead to use-after-free.
Bug 1885775
Change-Id: I9d2b632ab79760f8186d02e0f35861b3a6aae649
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1506479
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
|
|
Handle the race condition between malicious fd close and
copy_to_user error, which can create use after free condition.
This is fixed by deferring the fd install, which eliminates
the race that leads to use after free condition.
Fixing Google Bug 32160775.
Bug 1835857
Change-Id: I337807e4360661beced8f9e1155c47b66607b8df
Signed-off-by: Krishna Reddy <vdumpa@nvidia.com>
Reviewed-on: http://git-master/r/1248391
Reviewed-on: https://git-master.nvidia.com/r/1512958
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>
|
|
Prepare for snapd integration.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Change SPI2 clock parent to clk_m being 12 MHz which is anyway the
maximum frequency the K20 micro controller's SPI peripheral can be run.
This further allows for the EzPort to be run at exactly 2 MHz which is
the maximum allowed as well.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Max Krummenacher <max.krummenacher@toradex.com>
(cherry picked from commit 15e73283a975a1b899d7f6807aa882ef885573dd)
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
This patch includes CAN driver and improvements in SPI communications
for Apalis TK1 k20 based MFD.
Requires firmware version 0.9.
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
|
|
Drive current for LANE4 was not set if configured as 24bpp LVDS out.
Fix it by programming proper drive current register if using 24bpp out.
https://devtalk.nvidia.com/default/topic/1003030
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Dominik Sliwa <dominik.sliwa@toradex.com>
|
|
In the debugfs support for reading panel registers, max payload
needs to be limited to the buff array size to avoid stack corruption.
Bug 1873360
Change-Id: Ibee7bd81027d2669297942c09b905f1dd3bb09ee
Signed-off-by: Pavan Kunapuli <pkunapuli@nvidia.com>
Signed-off-by: sakets <sakets@nvidia.com>
Reviewed-on: https://git-master/r/1507653
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
|
|
When the NVMAP_IOC_PIN_MULT_32 and NVMAP_IOC_UNPIN_MULT_32 are
called it is possible that the op.addr is not initialized. This
can cause write to some random address thus causing corruption.
This patch fixes Google Bug 31668540
bug 1832092
Change-Id: I4d12d1a6c777131ba1fa2a753ea640861f8e82a6
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Reviewed-on: http://git-master/r/1314406
(cherry picked from commit da0c43534bb61e2e0849e297d389517d5e4ed168)
Reviewed-on: http://git-master/r/1504673
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
|
|
Use locking to protect generated fd, so that it can't be
freed before channel open completes. Also add null value checks
in release call.
CVE-2016-8449 (A-31798848)
Bug 1830023
Bug 1849492
Change-Id: Ie6e2b29c7132fdfdff6b0bfa75440bd43afffd5f
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1285817
(cherry picked from commit 2ff0fdedfd65f269359d6540df4662e958681aa7)
Reviewed-on: http://git-master/r/1299505
(cherry picked from commit ea1af2ce5a746bda36205357c9e0adaf527026bb)
Reviewed-on: http://git-master/r/1489467
(cherry picked from commit 89559abb25f82dc333eafa26391be0a50d6e9e0a)
Reviewed-on: http://git-master/r/1504674
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Tested-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
|
|
Use the correct page size index for pgsz_idx in gk20a_vm_alloc_space().
Previously the page size itself was used, not the page size index.
Bug 1837624
Change-Id: I652f5af5321c1c49dc8eb170d3f92f00c23d2b6f
Signed-off-by: Alex Waterman <alexw@nvidia.com>
(cherry picked from commit fd13e0e1c4e397335c24497a0f92c85934d6185f)
Reviewed-on: http://git-master/r/1503371
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
|
|
Consider the following case:
1. NVMAP_IOC_CREATE on IOVMM gives a valid fd to user space
2. user space does not call NVMAP_IOC_ALLOC.
3. user space calls a client driver IOCTL which calls dma_buf_map_attachment
4. call to dma_buf_map_attachment propagates till__nvmap_sg_table
which has heap_pgalloc as true and tries to access pages[]
which has all NULL.
5. Similarly, a dma_buf_kmap() can result in __nvmap_kmap() being called
which again results in NULL dereference if pages[] is accessed.
A valid __nvmap_sg_table should occur only when h->alloc is true.
So, add check for it.
bug 1838597
bug 1883708
Change-Id: I400d9d8a94ff1003db207fc9c252b9256d796f60
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
(cherry picked from commit 8244d104b7635cb0b26b651b6851498b9a84d7d6)
Reviewed-on: http://git-master/r/1489579
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>
|
|
Initialized the uninitialized variables and handled return status
from nvmap_get_handle_param.
Bug 1884311
Bug 1820242
Change-Id: I2390c859d2b2af39eaff44749ca64e60920fe944
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1259560
Reviewed-on: http://git-master/r/1489707
GVS: Gerrit_Virtual_Submit
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
|