firefly-linux-kernel-4.4.55.git
12 years agonet: wireless: bcmdhd: Fix crash on timeout in wl_notify_escan_complete
Dmitry Shmidt [Tue, 13 Mar 2012 00:33:52 +0000 (17:33 -0700)]
net: wireless: bcmdhd: Fix crash on timeout in wl_notify_escan_complete

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Add sched-scan config option
Dmitry Shmidt [Mon, 12 Mar 2012 22:45:04 +0000 (15:45 -0700)]
net: wireless: bcmdhd: Add sched-scan config option

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Allow Improved suspend/resume processing on 2.6.39
Dmitry Shmidt [Mon, 5 Mar 2012 21:25:48 +0000 (13:25 -0800)]
net: wireless: bcmdhd: Allow Improved suspend/resume processing on 2.6.39

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Always turn Off wlan power on interface down
Dmitry Shmidt [Mon, 5 Mar 2012 18:17:06 +0000 (10:17 -0800)]
net: wireless: bcmdhd: Always turn Off wlan power on interface down

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonl80211/cfg80211: add match filtering for sched_scan
Luciano Coelho [Wed, 31 Aug 2011 13:01:48 +0000 (16:01 +0300)]
nl80211/cfg80211: add match filtering for sched_scan

Introduce filtering for scheduled scans to reduce the number of
unnecessary results (which cause useless wake-ups).

Add a new nested attribute where sets of parameters to be matched can
be passed when starting a scheduled scan.  Only scan results that
match any of the sets will be returned.

At this point, the set consists of a single parameter, an SSID.  This
can be easily extended in the future to support more complex matches.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Conflicts:

include/linux/nl80211.h
net/wireless/nl80211.c

12 years agonl80211/cfg80211: add max_sched_scan_ie_len in the hw description
Luciano Coelho [Wed, 13 Jul 2011 11:57:29 +0000 (14:57 +0300)]
nl80211/cfg80211: add max_sched_scan_ie_len in the hw description

Some chips may support different lengths of user-supplied IEs with a
single scheduled scan command than with a single normal scan command.

To support this, this patch creates a separate hardware description
element that describes the maximum size of user-supplied information
element data supported in scheduled scans.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agonl80211/cfg80211: add max_sched_scan_ssids in the hw description
Luciano Coelho [Wed, 13 Jul 2011 11:57:28 +0000 (14:57 +0300)]
nl80211/cfg80211: add max_sched_scan_ssids in the hw description

Some chips can scan more SSIDs with a single scheduled scan command
than with a single normal scan command (eg. wl12xx chips).

To support this, this patch creates a separate hardware description
element that describes the amount of SSIDs supported in scheduled
scans.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Conflicts:

include/linux/nl80211.h

12 years agoARM: 7296/1: proc-v7.S: remove HARVARD_CACHE preprocessor guards
Will Deacon [Fri, 20 Jan 2012 11:10:18 +0000 (12:10 +0100)]
ARM: 7296/1: proc-v7.S: remove HARVARD_CACHE preprocessor guards

commit 612539e81f655f6ac73c7af1da8701c1ee618aee upstream.

On v7, we use the same cache maintenance instructions for data lines
as for unified lines. This was not the case for v6, where HARVARD_CACHE
was defined to indicate the L1 cache topology.

This patch removes the erroneous compile-time check for HARVARD_CACHE in
proc-v7.S, ensuring that we perform I-side invalidation at boot.

Reported-and-Acked-by: Shawn Guo <shawn.guo@linaro.org>
Acked-by: Catalin Marinas <Catalin.Marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
12 years agonet: wireless: bcmdhd: Add SETSUSPENDMODE command
Dmitry Shmidt [Tue, 28 Feb 2012 19:03:37 +0000 (11:03 -0800)]
net: wireless: bcmdhd: Add SETSUSPENDMODE command

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Minor cleaning
Dmitry Shmidt [Tue, 28 Feb 2012 18:30:59 +0000 (10:30 -0800)]
net: wireless: bcmdhd: Minor cleaning

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Add SET_RANDOM_MAC_SOFTAP option
Dmitry Shmidt [Mon, 27 Feb 2012 23:51:56 +0000 (15:51 -0800)]
net: wireless: bcmdhd: Add SET_RANDOM_MAC_SOFTAP option

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Update to Version 5.90.195.30
Dmitry Shmidt [Mon, 27 Feb 2012 22:02:51 +0000 (14:02 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.30

- Fix STA features if P2P FW is in use
- Move ENABLE_P2P_INTERFACE to Makefile
- Minor fixes in PNO scan

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Update to Version 5.90.195.28
Dmitry Shmidt [Mon, 27 Feb 2012 20:35:15 +0000 (12:35 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.28

- Improve scan for p2p
- Use use_rxchain support
- Use WL_WIRELESS_EXT instead of CONFIG_WIRELESS_EXT
- Initial sched_scan support

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agocfg80211: fix a crash in nl80211_send_station
Felix Fietkau [Thu, 11 Aug 2011 01:00:33 +0000 (19:00 -0600)]
cfg80211: fix a crash in nl80211_send_station

mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random
pointer memory access in nl80211_send_station.
Instead of checking if the pointer is null, use sinfo->filled, like
the rest of the fields.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agonet: wireless: bcmdhd: Turn interface down (only) in case of FW crash
Dmitry Shmidt [Thu, 23 Feb 2012 18:36:40 +0000 (10:36 -0800)]
net: wireless: bcmdhd: Turn interface down (only) in case of FW crash

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Fix driver hang when resetting
Mike J. Chen [Thu, 16 Feb 2012 05:54:57 +0000 (21:54 -0800)]
net: wireless: bcmdhd: Fix driver hang when resetting

bus->tx_max was not being initialized when we do a reset and
the driver is statically linked.  this led to about a 50%
chance that it would be considered an illegal value when
we send the mac address to the FW.  add code to initialize
it to a safe value until we receive the right value from the fw.

Bug: 5974574

Change-Id: I28ab25d97203ef075e5354c25f85a25daaff5594
Signed-off-by: Mike J. Chen <mjchen@google.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agocpufreq interactive governor: event tracing
Todd Poynor [Fri, 17 Feb 2012 00:27:59 +0000 (16:27 -0800)]
cpufreq interactive governor: event tracing

Change-Id: Ic13614a3da2faa2d4bd215ca3eb7191614f0cf66
Signed-off-by: Todd Poynor <toddpoynor@google.com>
12 years agoInput: evdev - fix variable initialisation
Heiko Stuebner [Wed, 1 Feb 2012 18:33:01 +0000 (10:33 -0800)]
Input: evdev - fix variable initialisation

Commit 509f87c5f564 (evdev - do not block waiting for an event if
fd
is nonblock) created a code path were it was possible to use retval
uninitialized.

This could lead to the xorg evdev input driver getting corrupt data
and refusing to work with log messages like
AUO-Pixcir touchscreen: Read error: Success
sg060_keys: Read error: Success
AUO-Pixcir touchscreen: Read error: Success
sg060_keys: Read error: Success
(for drivers auo-pixcir-ts and gpio-keys).

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
12 years agoInput: evdev - Add ioctl to block suspend while event queue is not empty.
Arve Hjønnevåg [Fri, 17 Oct 2008 22:20:55 +0000 (15:20 -0700)]
Input: evdev - Add ioctl to block suspend while event queue is not empty.

Add an ioctl, EVIOCSSUSPENDBLOCK, to enable a wakelock that will block
suspend while the event queue is not empty. This allows userspace code to
process input events while the device appears to be asleep.

The current code holds the wakelock for up 5 seconds for every input
device and client. This can prevent suspend if sensor with a high data
rate is active, even when that sensor is not capable of waking the
device once it is suspended.

Change-Id: I624d66ef30a0b3abb543685c343382b8419b42b9
Signed-off-by: Arve Hjønnevåg <arve@android.com>
12 years agoInput: evdev - Don't hold wakelock when no data is available to user-space
Arve Hjønnevåg [Tue, 24 Jan 2012 01:15:45 +0000 (17:15 -0800)]
Input: evdev - Don't hold wakelock when no data is available to user-space

If there is no SYN_REPORT event in the buffer the buffer data is invisible
to user-space. The wakelock should not be held in this case.

Change-Id: Idae890ff0da8eb46a2cfce61a95b3a97252551ad
Signed-off-by: Arve Hjønnevåg <arve@android.com>
12 years agonet: wireless: bcmdhd: Increase pm_notify callback priority
Dmitry Shmidt [Tue, 31 Jan 2012 19:06:23 +0000 (11:06 -0800)]
net: wireless: bcmdhd: Increase pm_notify callback priority

Make pm_notify callback to be called the first on suspend/resume path to
ensure it will always be called.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Fix crash on dhdsdio_probe_attach() failure
Dmitry Shmidt [Mon, 30 Jan 2012 23:43:31 +0000 (15:43 -0800)]
net: wireless: bcmdhd: Fix crash on dhdsdio_probe_attach() failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
12 years agonet: wireless: bcmdhd: Daemonize wl_event_handler
Dmitry Shmidt [Mon, 30 Jan 2012 21:03:19 +0000 (13:03 -0800)]
net: wireless: bcmdhd: Daemonize wl_event_handler

Daemonizing makes thread (besides other things) NON-FREEZABLE, and it will not
get fake signal on suspend to quicl down_interruptible()

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to Version 5.90.195.23
Dmitry Shmidt [Tue, 24 Jan 2012 21:59:40 +0000 (13:59 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.23

- WFD fixes

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to Version 5.90.195.22
Dmitry Shmidt [Tue, 24 Jan 2012 21:55:00 +0000 (13:55 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.22

- Disable Ad-hoc support for cfg80211
- dhd_linux.c: Fix incorrect pid check
- Merge Android changes from Android tree

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to Version 5.90.195.19
Dmitry Shmidt [Tue, 24 Jan 2012 21:47:47 +0000 (13:47 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.19

- Add WFD changes
- Add extra locking for internal ioctl operations

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to Version 5.90.195.15
Dmitry Shmidt [Tue, 24 Jan 2012 21:37:34 +0000 (13:37 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.195.15

- Add WFD concurrent mode support

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Add WIPHY_FLAG_SUPPORTS_FW_ROAM flag
Dmitry Shmidt [Mon, 23 Jan 2012 20:47:21 +0000 (12:47 -0800)]
net: wireless: bcmdhd: Add WIPHY_FLAG_SUPPORTS_FW_ROAM flag

Adding this flag will allow NL80211_ATTR_ROAM_SUPPORT, and will set
  WPA_DRIVER_FLAGS_BSS_SELECTION flag in wpa_supplicant

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fake PNO event to wake up the wpa_supplicant
Dmitry Shmidt [Fri, 20 Jan 2012 22:15:05 +0000 (14:15 -0800)]
net: wireless: bcmdhd: Fake PNO event to wake up the wpa_supplicant

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agousb: gadget: android: Honor CONFIG_USB_GADGET_VBUS_DRAW
Scott Anderson [Wed, 18 Jan 2012 23:56:51 +0000 (15:56 -0800)]
usb: gadget: android: Honor CONFIG_USB_GADGET_VBUS_DRAW

The maximum current draw was hard coded to 500 mA.  composite.c
has code that uses CONFIG_USB_GADGET_VBUS_DRAW to set the
bMaxPower and to set whether or not the device is self-powered if
they haven't been set.  This change removes the code in android.c
to allow composite.c to set them.

Change-Id: I9db37922e91ee86e9e5c0e14519e119e5c41ca48
Signed-off-by: Scott Anderson <saa@google.com>
13 years agousb: gadget: Fix usb string id allocation
Benoit Goby [Fri, 20 Jan 2012 22:42:41 +0000 (14:42 -0800)]
usb: gadget: Fix usb string id allocation

Don't reset next_string_id every time the gadget is enabled, this makes
the next strings allocated overwrite strings allocated at probe time.
Instead, fix rndis not to allocate new string ids on every config bind.

Change-Id: Ied28ee416bb6f00c434c34176fe5b7f0dcb2b2d4
Signed-off-by: Benoit Goby <benoit@android.com>
13 years agonl80211/cfg80211: Make addition of new sinfo fields safer
Jouni Malinen [Thu, 11 Aug 2011 08:46:22 +0000 (11:46 +0300)]
nl80211/cfg80211: Make addition of new sinfo fields safer

Add a comment pointing out the use of enum station_info_flags for
all new struct station_info fields. In addition, memset the sinfo
buffer to zero before use on all paths in the current tree to avoid
leaving uninitialized pointers in the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agocfg80211/nl80211: Send AssocReq IEs to user space in AP mode
Jouni Malinen [Mon, 8 Aug 2011 09:11:52 +0000 (12:11 +0300)]
cfg80211/nl80211: Send AssocReq IEs to user space in AP mode

When user space SME/MLME (e.g., hostapd) is not used in AP mode, the
IEs from the (Re)Association Request frame that was processed in
firmware need to be made available for user space (e.g., RSN IE for
hostapd). Allow this to be done with cfg80211_new_sta().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agomisc: remove android pmem driver, it's obsolete.
Dima Zavin [Mon, 23 Jan 2012 18:39:02 +0000 (10:39 -0800)]
misc: remove android pmem driver, it's obsolete.

Change-Id: I48d9778007e1e9eed2bb34e33ceee818c23afaa5
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoRevert "proc: enable writing to /proc/pid/mem"
Dima Zavin [Thu, 19 Jan 2012 17:51:07 +0000 (09:51 -0800)]
Revert "proc: enable writing to /proc/pid/mem"

This reverts commit 198214a7ee50375fa71a65e518341980cfd4b2f0.

13 years agoram_console: set CON_ANYTIME console flag
Dima Zavin [Thu, 12 Jan 2012 23:55:25 +0000 (15:55 -0800)]
ram_console: set CON_ANYTIME console flag

We want to ensure that we get all the console messages, even ones
that occur while the printing CPU is not yet online.

Change-Id: I1d2694d05ac9415669a92f38efdd8e71c927705b
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoRevert "usb: gadget: rndis: don't use dev_get_stats"
Benoit Goby [Fri, 16 Dec 2011 02:40:37 +0000 (18:40 -0800)]
Revert "usb: gadget: rndis: don't use dev_get_stats"

This reverts commit ffdab0c0c40bab6de78b1952bb07aed221994b73.

Not needed anymore in 2.6.39 and 3.0, dev_get_stats has been fixed
and may be called from atomic context. See:
1ac9ad1 net: remove dev_txq_stats_fold()

13 years agonet: wireless: bcmdhd: Enable wlan access on resume for all sdio functions
Dmitry Shmidt [Mon, 19 Dec 2011 18:24:09 +0000 (10:24 -0800)]
net: wireless: bcmdhd: Enable wlan access on resume for all sdio functions

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fix P2P interface removal
Dmitry Shmidt [Fri, 16 Dec 2011 20:54:51 +0000 (12:54 -0800)]
net: wireless: bcmdhd: Fix P2P interface removal

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcm4329: Fix pno_enable if disassociated
Dmitry Shmidt [Thu, 15 Dec 2011 20:12:20 +0000 (12:12 -0800)]
net: wireless: bcm4329: Fix pno_enable if disassociated

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fix proper scan command even if request is NULL
Dmitry Shmidt [Wed, 14 Dec 2011 01:39:48 +0000 (17:39 -0800)]
net: wireless: bcmdhd: Fix proper scan command even if request is NULL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Decrease event wake_lock timeout to 1500 ms
Dmitry Shmidt [Tue, 13 Dec 2011 20:27:49 +0000 (12:27 -0800)]
net: wireless: bcmdhd: Decrease event wake_lock timeout to 1500 ms

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fix getting arp_hostip table
Dmitry Shmidt [Mon, 12 Dec 2011 23:40:33 +0000 (15:40 -0800)]
net: wireless: bcmdhd: Fix getting arp_hostip table

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Allow to push more packets to FW for Tx
Dmitry Shmidt [Wed, 7 Dec 2011 00:27:37 +0000 (16:27 -0800)]
net: wireless: bcmdhd: Allow to push more packets to FW for Tx

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fix scan crash in ibss mode
Dmitry Shmidt [Fri, 2 Dec 2011 21:24:01 +0000 (13:24 -0800)]
net: wireless: bcmdhd: Fix scan crash in ibss mode

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Add FW reloading in case of FW hang
Dmitry Shmidt [Fri, 2 Dec 2011 21:10:47 +0000 (13:10 -0800)]
net: wireless: bcmdhd: Add FW reloading in case of FW hang

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to Version 5.90.125.94.1
Dmitry Shmidt [Wed, 30 Nov 2011 20:49:02 +0000 (12:49 -0800)]
net: wireless: bcmdhd: Update to Version 5.90.125.94.1

- Return zeroed private command buffer
- Fix memory leak in wl_inform_single_bss()

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Use CONFIG_DHD_USE_STATIC_BUF for preallocated memory
Dmitry Shmidt [Sat, 12 Nov 2011 00:04:12 +0000 (16:04 -0800)]
net: wireless: bcmdhd: Use CONFIG_DHD_USE_STATIC_BUF for preallocated memory

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agowireless: Protect regdomain change by mutex
Dmitry Shmidt [Mon, 19 Dec 2011 20:32:21 +0000 (12:32 -0800)]
wireless: Protect regdomain change by mutex

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agommc: Set suspend/resume bus operations if CONFIG_PM_RUNTIME is used
Dmitry Shmidt [Sat, 17 Dec 2011 01:52:18 +0000 (17:52 -0800)]
mmc: Set suspend/resume bus operations if CONFIG_PM_RUNTIME is used

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agousb: gadget: android: Don't allow changing the functions list if enabled
Benoit Goby [Sat, 10 Dec 2011 02:05:00 +0000 (18:05 -0800)]
usb: gadget: android: Don't allow changing the functions list if enabled

Change-Id: I3ad39b420ce79a8602a7eca1daac1f56b30bad5c
Signed-off-by: Benoit Goby <benoit@android.com>
13 years agousb: gadget: android: Cancel pending ctrlrequest before disabling
Benoit Goby [Tue, 29 Nov 2011 21:49:27 +0000 (13:49 -0800)]
usb: gadget: android: Cancel pending ctrlrequest before disabling

Make sure there is no pending ctrlrequest before removing the config.
Otherwise the ctrlrequest complete callback could access structures
after they have been freed. Unbind cancels pending transfers but not
ep0 requests.

Bug: 5513065 5440193

Change-Id: I063c22bf5d104a3d2df71cf622409459fac5f27a
Signed-off-by: Benoit Goby <benoit@android.com>
13 years agoARM: idle: call idle notifiers before stopping nohz tick
Colin Cross [Wed, 30 Nov 2011 00:37:07 +0000 (16:37 -0800)]
ARM: idle: call idle notifiers before stopping nohz tick

If an idle notifier modifies a timer, calling the notifier after
the sched tick has been stopped may leave the sched tick set too
early.  Move teh idle notifier call before the call to
tick_nohz_stop_sched_tick.

Change-Id: I0db3284bec6d0193bc5e2a57650ab06bd8342319
Signed-off-by: Colin Cross <ccross@android.com>
13 years agousb: gadget: android: Reset next_string_id before enable
Benoit Goby [Tue, 29 Nov 2011 02:01:03 +0000 (18:01 -0800)]
usb: gadget: android: Reset next_string_id before enable

Reset next_string_id to 0 before enabling the gadget driver. Otherwise,
after a large number of enable/disable cycles, bind will fail
because we cannot allocate new string ids. String ids cannot be larger
than 254 per USB spec.

Change-Id: I44f5fece45008b7a0a18c025d4eb5ce842585c28
Signed-off-by: Benoit Goby <benoit@android.com>
13 years agoBluetooth: Keep master role when SCO or eSCO is active
hyungseoung.yoo [Fri, 18 Nov 2011 04:57:01 +0000 (13:57 +0900)]
Bluetooth: Keep master role when SCO or eSCO is active

This improves compatbility with a lot of headset / chipset
combinations. Ideally this should not be needed.

Change-Id: I8b676701e12e416aa7d60801b9d353b15d102709
Signed-off-by: hyungseoung.yoo <hyungseoung.yoo@samsung.com>
Signed-off-by: Jaikumar Ganesh <jaikumarg@android.com>
13 years agortc: Fix some bugs that allowed accumulating time drift in suspend/resume
Arve Hjønnevåg [Tue, 22 Nov 2011 22:56:50 +0000 (14:56 -0800)]
rtc: Fix some bugs that allowed accumulating time drift in suspend/resume

The current code checks if abs(delta_delta.tv_sec) is greater or
equal to two before it discards the old delta value, but this can
trigger at close to -1 seconds since -1.000000001 seconds is stored
as tv_sec -2 and tv_nsec 999999999 in a normalized timespec.

rtc_resume had an early return check if the rtc value had not changed
since rtc_suspend. This effectivly stops time for the duration of the
short sleep. Check if sleep_time is positive after all the adjustments
have been applied instead since this allows the old_system adjustment
in rtc_suspend to have an effect even for short sleep cycles.

Change-Id: I00b45c0349ec91a4bab9b41a126b377515427898
Signed-off-by: Arve Hjønnevåg <arve@android.com>
13 years agoFix "time: Catch invalid timespec sleep values in __timekeeping_inject_sleeptime...
Arve Hjønnevåg [Tue, 22 Nov 2011 23:28:27 +0000 (15:28 -0800)]
Fix "time: Catch invalid timespec sleep values in __timekeeping_inject_sleeptime" to compile on 3.0

Change-Id: I1225f279cda04dedbfb7f853f6b58f1032bd6d2b

13 years agotime: Catch invalid timespec sleep values in __timekeeping_inject_sleeptime
John Stultz [Thu, 2 Jun 2011 01:18:09 +0000 (18:18 -0700)]
time: Catch invalid timespec sleep values in __timekeeping_inject_sleeptime

Arve suggested making sure we catch possible negative sleep time
intervals that could be passed into timekeeping_inject_sleeptime.

CC: Arve Hjønnevåg <arve@android.com>
CC: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>
13 years agortc: Avoid accumulating time drift in suspend/resume
John Stultz [Fri, 27 May 2011 18:33:18 +0000 (11:33 -0700)]
rtc: Avoid accumulating time drift in suspend/resume

Because the RTC interface is only a second granular interface,
each time we read from the RTC for suspend/resume, we introduce a
half second (on average) of error.

In order to avoid this error accumulating as the system is suspended
over and over, this patch measures the time delta between the RTC
and the system CLOCK_REALTIME.

If the delta is less then 2 seconds from the last suspend, we compensate
by using the previous time delta (keeping it close). If it is larger
then 2 seconds, we assume the clock was set or has been changed, so we
do no correction and update the delta.

Note: If NTP is running, ths could seem to "fight" with the NTP corrected
time, where as if the system time was off by 1 second, and NTP slewed the
value in, a suspend/resume cycle could undo this correction, by trying to
restore the previous offset from the RTC. However, without this patch,
since each read could cause almost a full second worth of error, its
possible to get almost 2 seconds of error just from the suspend/resume
cycle alone, so this about equal to any offset added by the compensation.

Further on systems that suspend/resume frequently, this should keep time
closer then NTP could compensate for if the errors were allowed to
accumulate.

Credits to Arve Hjønnevåg for suggesting this solution.

This patch also improves some of the variable names and adds more clear
comments.

CC: Arve Hjønnevåg <arve@android.com>
CC: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>
13 years agomisc: remove kernel debugger core
Dima Zavin [Thu, 10 Nov 2011 00:07:17 +0000 (16:07 -0800)]
misc: remove kernel debugger core

The current split between this and the fiq debugger is awkward and does
not have any benefit (the interface between the two is also too simplistic).
The fiq debugger code itself needs a lot of refactoring, part of which
would be to split out some components that are arch indpendent.

So, for now, move this very small piece back into the fiq_debugger.

Change-Id: Ie4ec2a2f5d907be1691a0eb6ae9304aad29ecd14
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: dump sysrq directly to console if enabled
Dima Zavin [Thu, 10 Nov 2011 00:48:00 +0000 (16:48 -0800)]
ARM: common: fiq_debugger: dump sysrq directly to console if enabled

If the fiq console is enabled, then don't filter the console output
while sysrq command is in progress.

Change-Id: I9389d757373a5fdca5cbf61f0723667510d3ae88

13 years agoARM: common: fiq_debugger: add irq context debug functions
Dima Zavin [Thu, 10 Nov 2011 00:10:57 +0000 (16:10 -0800)]
ARM: common: fiq_debugger: add irq context debug functions

This code is moved here from the drivers/misc/kernel_debugger.

Change-Id: Iccf21c4313a8516a917125ca93f64baa5f354228
Signed-off-by: Dima Zavin <dima@android.com>
13 years agonet: wireless: bcmdhd: Call init_ioctl() only if was started properly for WEXT
Dmitry Shmidt [Wed, 9 Nov 2011 21:06:25 +0000 (13:06 -0800)]
net: wireless: bcmdhd: Call init_ioctl() only if was started properly for WEXT

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Call init_ioctl() only if was started properly
Dmitry Shmidt [Wed, 9 Nov 2011 21:00:24 +0000 (13:00 -0800)]
net: wireless: bcmdhd: Call init_ioctl() only if was started properly

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Fix possible memory leak in escan/iscan
Dmitry Shmidt [Fri, 4 Nov 2011 20:56:28 +0000 (13:56 -0700)]
net: wireless: bcmdhd: Fix possible memory leak in escan/iscan

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agocpufreq: interactive governor: default 20ms timer
Todd Poynor [Thu, 10 Nov 2011 00:56:18 +0000 (16:56 -0800)]
cpufreq: interactive governor: default 20ms timer

Change-Id: Ie9952f07b38667f2932474090044195c57976faa
Signed-off-by: Todd Poynor <toddpoynor@google.com>
13 years agocpufreq: interactive governor: go to intermediate hi speed before max
Todd Poynor [Wed, 9 Nov 2011 03:54:07 +0000 (19:54 -0800)]
cpufreq: interactive governor: go to intermediate hi speed before max

* Add attribute hispeed_freq, which defaults to max.

* Rename go_maxspeed_load to go_hispeed_load.

* If hit go_hispeed_load and at min speed, go to hispeed_freq;
  if hit go_hispeed_load and already above min speed go to max
  speed.

Change-Id: I1050dec5f013fc1177387352ba787a7e1c68703e
Signed-off-by: Todd Poynor <toddpoynor@google.com>
13 years agocpufreq: interactive governor: scale to max only if at min speed
Todd Poynor [Fri, 4 Nov 2011 04:22:54 +0000 (21:22 -0700)]
cpufreq: interactive governor: scale to max only if at min speed

Change-Id: Ieffb2aa56b5290036285c948718be7be0d3af9e8
Signed-off-by: Todd Poynor <toddpoynor@google.com>
13 years agocpufreq: interactive governor: apply intermediate load on current speed
Todd Poynor [Fri, 28 Oct 2011 01:25:59 +0000 (18:25 -0700)]
cpufreq: interactive governor: apply intermediate load on current speed

Calculate intermediate speed by applyng CPU load to current speed, not
max speed.

Change-Id: Idecf598b9a203b07c989c5d9e9c6efc67a1afc2e
Signed-off-by: Todd Poynor <toddpoynor@google.com>
13 years agoARM: idle: update idle ticks before call idle end notifier
Todd Poynor [Fri, 4 Nov 2011 04:05:41 +0000 (21:05 -0700)]
ARM: idle: update idle ticks before call idle end notifier

Such that interactive cpufreq governor uses up-to-date idle time
information.

Reported by Colin Cross <ccross@android.com>

Change-Id: I06425444f800f803afc9dc7a6ad0fdb46c918bb6
Signed-off-by: Todd Poynor <toddpoynor@google.com>
13 years agoinput: gpio_input: don't print debounce message unless flag is set
Dima Zavin [Tue, 8 Nov 2011 21:03:11 +0000 (13:03 -0800)]
input: gpio_input: don't print debounce message unless flag is set

Change-Id: I29ccb32e795c5c3e4c51c3d3a209f5b55dfd7d94
Signed-off-by: Dima Zavin <dima@android.com>
13 years agonet: wireless: bcm4329: Skip dhd_bus_stop() if bus is already down
Dmitry Shmidt [Fri, 4 Nov 2011 18:10:04 +0000 (11:10 -0700)]
net: wireless: bcm4329: Skip dhd_bus_stop() if bus is already down

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Skip dhd_bus_stop() if bus is already down
Dmitry Shmidt [Fri, 4 Nov 2011 18:08:37 +0000 (11:08 -0700)]
net: wireless: bcmdhd: Skip dhd_bus_stop() if bus is already down

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Improve suspend/resume processing
Dmitry Shmidt [Wed, 2 Nov 2011 23:51:29 +0000 (16:51 -0700)]
net: wireless: bcmdhd: Improve suspend/resume processing

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Check if FW is Ok for internal FW call
Dmitry Shmidt [Wed, 2 Nov 2011 22:06:14 +0000 (15:06 -0700)]
net: wireless: bcmdhd: Check if FW is Ok for internal FW call

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agotcp: Don't nuke connections for the wrong protocol
Lorenzo Colitti [Fri, 4 Nov 2011 00:05:11 +0000 (17:05 -0700)]
tcp: Don't nuke connections for the wrong protocol

Currently, calling tcp_nuke_addr to reset IPv6 connections
resets IPv4 connections as well, because all Android
framework sockets are dual-stack (i.e., IPv6) sockets, and
we don't check the source address to see if the connection
was in fact an IPv4 connection.

Fix this by checking the source address and not resetting
the connection if it's a mapped address.

Also slightly tweak the IPv4 code path, which doesn't check
for mapped addresses either. This was not causing any
problems because tcp_is_local normally always returns true
for LOOPBACK4_IPV6 (127.0.0.6), because the loopback
interface is configured as as 127.0.0.0/8. However,
checking explicitly for LOOPBACK4_IPV6 makes the code a bit
more robust.

Bug: 5535055
Change-Id: I4d6ed3497c5b8643c864783cf681f088cf6b8d2a
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
13 years agoARM: common: fiq_debugger: make uart irq be no_suspend
Dima Zavin [Thu, 27 Oct 2011 23:31:24 +0000 (16:31 -0700)]
ARM: common: fiq_debugger: make uart irq be no_suspend

Change-Id: I8e3d2a95c0ddc2706b021cd33534fe2fd302268e
Signed-off-by: Dima Zavin <dima@android.com>
13 years agonet: wireless: Skip connect warning for CONFIG_CFG80211_ALLOW_RECONNECT
Dmitry Shmidt [Fri, 28 Oct 2011 17:35:37 +0000 (10:35 -0700)]
net: wireless: Skip connect warning for CONFIG_CFG80211_ALLOW_RECONNECT

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agoMerge commit 'v3.0.8' into android-3.0
Colin Cross [Thu, 27 Oct 2011 22:01:19 +0000 (15:01 -0700)]
Merge commit 'v3.0.8' into android-3.0

13 years agomm: avoid livelock on !__GFP_FS allocations
Mel Gorman [Mon, 24 Oct 2011 23:33:42 +0000 (16:33 -0700)]
mm: avoid livelock on !__GFP_FS allocations

Under the following conditions, __alloc_pages_slowpath can loop
forever:
gfp_mask & __GFP_WAIT is true
gfp_mask & __GFP_FS is false
reclaim and compaction make no progress
order <= PAGE_ALLOC_COSTLY_ORDER

The gfp conditions are normally invalid, because !__GFP_FS
disables most of the reclaim methods that __GFP_WAIT would
wait for.  However, these conditions happen very often during
suspend and resume, when pm_restrict_gfp_mask() effectively
converts all GFP_KERNEL allocations into __GFP_WAIT.

The oom killer is not run because gfp_mask & __GFP_FS is false,
but should_alloc_retry will always return true when order is less
than PAGE_ALLOC_COSTLY_ORDER.  __alloc_pages_slowpath will
loop forever between the rebalance label and should_alloc_retry,
unless another thread happens to release enough pages to satisfy
the allocation.

Add a check to detect when PM has disabled __GFP_FS, and do not
retry if reclaim is not making any progress.

[taken from patch on lkml by Mel Gorman, commit message by ccross]
Change-Id: I864a24e9d9fd98bd0e3d6e9c1e85b6c1b766850e
Signed-off-by: Colin Cross <ccross@android.com>
13 years agommc: block: Improve logging of handling emmc timeouts
Ken Sumrall [Wed, 26 Oct 2011 01:16:58 +0000 (18:16 -0700)]
mmc: block: Improve logging of handling emmc timeouts

Add some logging to make it clear just how the emmc timeout
was handled.

Change-Id: Id33fd28d8b9778dc4e85db829e2637a328eddab4
Signed-off-by: Ken Sumrall <ksumrall@android.com>
13 years agommc: block: add checking of r/w command response
Russell King - ARM Linux [Mon, 20 Jun 2011 19:10:49 +0000 (20:10 +0100)]
mmc: block: add checking of r/w command response

Check the status bits in the r/w command response for any errors.
If error bits are set, then we won't have seen any data transferred,
so it's pointless doing any further checking.

Change-Id: If118a4bcbb0e57a7d95b5e40d662fca87fdcba7f
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
13 years agommc: block: improve error recovery from command channel errors
Russell King - ARM Linux [Mon, 20 Jun 2011 19:10:28 +0000 (20:10 +0100)]
mmc: block: improve error recovery from command channel errors

Command channel errors fall into four classes:

1. The command was issued with the card in the wrong state
2. The command failed to be received by the card correctly
3. The cards response failed to be received by the host (CRC error)
4. The card failed to respond to the card

For (1), in theory we should know that the card is in the correct state.
However, a failed stop command (or other failure) may result in the card
remaining in a data transfer state from the previous command.  If we
detect this condition, we try to recover by sending a stop command.

For the initial commands (set block count and the read/write command)
no data will have been transferred.  All that we need deal with is
retrying at this point.  A failed stop command can be remedied as
above.

If we are unable to recover the card (eg, the card ignores our requests
for status, or we don't recognise the error code) then we immediately
fail the request.

Change-Id: Ief109a57fd21a247381b38f1164c22f0344f0284
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
13 years agommc: block: allow get_card_status() to return error status
Russell King - ARM Linux [Mon, 20 Jun 2011 19:10:08 +0000 (20:10 +0100)]
mmc: block: allow get_card_status() to return error status

If the MMC_SEND_STATUS command is not successful, we should not return
a zero status word, but instead allow the caller to know positively
that an error occurred.

Convert the open-coded get_card_status() to use the helper function,
and provide definitions for the card state field.

Change-Id: Icfd6258af78a89c21abac386c556153fa3fac364
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
13 years agonet: wireless: bcm4329: Prohibit FW access in case of FW crash
Dmitry Shmidt [Wed, 26 Oct 2011 20:57:26 +0000 (13:57 -0700)]
net: wireless: bcm4329: Prohibit FW access in case of FW crash

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Adjust scan parameters for wl_cfg80211_connect()
Dmitry Shmidt [Wed, 26 Oct 2011 19:22:25 +0000 (12:22 -0700)]
net: wireless: bcmdhd: Adjust scan parameters for wl_cfg80211_connect()

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agonet: wireless: bcmdhd: Update to version 5.90.125.94
Dmitry Shmidt [Tue, 25 Oct 2011 23:32:46 +0000 (16:32 -0700)]
net: wireless: bcmdhd: Update to version 5.90.125.94

- Fix WFD interface removal
- Fix profile update
- Keep same mode for softap or WFD during early suspend
- Add dhd_console_ms parameter access

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years agoARM: common: fiq_debugger: protect the uart state from the sleep timer
Dima Zavin [Fri, 14 Oct 2011 05:38:45 +0000 (22:38 -0700)]
ARM: common: fiq_debugger: protect the uart state from the sleep timer

Change-Id: I6b834d5cab96c3466042f758feb69eae6893ec49
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: add suspend/resume handlers
Dima Zavin [Mon, 10 Oct 2011 22:24:34 +0000 (15:24 -0700)]
ARM: common: fiq_debugger: add suspend/resume handlers

Change-Id: If6eb75059fdf4867eb9a974d60b9d50e5e3350d4
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: add uart_enable/disable platform callbacks
Dima Zavin [Wed, 5 Oct 2011 21:08:20 +0000 (14:08 -0700)]
ARM: common: fiq_debugger: add uart_enable/disable platform callbacks

This allows the platform specific drivers to properly enable
and disable the uart at the appropriate times. On some platforms, just
managing the clock is not enough.

Change-Id: I5feaab04cfe313a4a9470ca274838676b9684201
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: add non-fiq debugger support
Dima Zavin [Mon, 3 Oct 2011 03:35:47 +0000 (20:35 -0700)]
ARM: common: fiq_debugger: add non-fiq debugger support

Add irq-only support to the debugger. This allows the debugger
to always run at irq context. This introduces limitations to
being able to debug certain kinds of issues, but it is still
very useful as a debugging tool.

Change-Id: I1e4223e886cb2d90ef5ed31419bdd5cdd7f904ca
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: peek the 0th char in ringbuf
Dima Zavin [Wed, 26 Oct 2011 04:24:10 +0000 (21:24 -0700)]
ARM: common: fiq_debugger: peek the 0th char in ringbuf

ringbuf_consume advances the tail ptr, so peek should always
just peek at offset 0

Change-Id: I8d3d22d2ec1e563d73b53ccbad302e6d74e64e53
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: fix the cleanup on errors in probe
Dima Zavin [Thu, 20 Oct 2011 21:48:37 +0000 (14:48 -0700)]
ARM: common: fiq_debugger: fix the cleanup on errors in probe

Change-Id: I58bd0604c0520b13e11bf02836eb4ddbadba1372
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoARM: common: fiq_debugger: do not disable debug when console is enabled
Dima Zavin [Sun, 9 Oct 2011 18:47:35 +0000 (11:47 -0700)]
ARM: common: fiq_debugger: do not disable debug when console is enabled

Change-Id: I5f8074a860f9b143ee0c87296683bbf2cffb5a36
Signed-off-by: Dima Zavin <dima@android.com>
13 years agoram_console: pass in a boot info string
Colin Cross [Tue, 25 Oct 2011 21:31:58 +0000 (14:31 -0700)]
ram_console: pass in a boot info string

Allow the board file to pass a boot info string through the
platform data that is appended to the /proc/last_kmsg file.

Change-Id: I37065fafb09676085465c93384d8e176fdd942d6
Signed-off-by: Colin Cross <ccross@android.com>
13 years agoLinux 3.0.8
Greg Kroah-Hartman [Tue, 25 Oct 2011 05:11:12 +0000 (07:11 +0200)]
Linux 3.0.8

13 years agohfsplus: Fix kfree of wrong pointers in hfsplus_fill_super() error path
Seth Forshee [Thu, 15 Sep 2011 14:48:27 +0000 (10:48 -0400)]
hfsplus: Fix kfree of wrong pointers in hfsplus_fill_super() error path

commit f588c960fcaa6fa8bf82930bb819c9aca4eb9347 upstream.

Commit 6596528e391a ("hfsplus: ensure bio requests are not smaller than
the hardware sectors") changed the pointers used for volume header
allocations but failed to free the correct pointers in the error path
path of hfsplus_fill_super() and hfsplus_read_wrapper.

The second hunk came from a separate patch by Pavel Ivanov.

Reported-by: Pavel Ivanov <paivanof@gmail.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Christoph Hellwig <hch@tuxera.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoALSA: hda - Add position_fix quirk for Dell Inspiron 1010
Takashi Iwai [Tue, 18 Oct 2011 08:44:05 +0000 (10:44 +0200)]
ALSA: hda - Add position_fix quirk for Dell Inspiron 1010

commit 051a8cb6550d917225ead1cd008b5966350f6d53 upstream.

The previous fix for the position-buffer check gives yet another
regression on a Dell laptop.  The safest fix right now is to add a
static quirk for this device (and better to apply it for stable
kernels too).

Reported-by: Éric Piel <Eric.Piel@tremplin-utc.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoALSA: HDA: conexant support for Lenovo T520/W520
Daniel Suchy [Tue, 18 Oct 2011 09:09:44 +0000 (11:09 +0200)]
ALSA: HDA: conexant support for Lenovo T520/W520

commit ca201c096269ee2d40037fea96a59fd0695888c4 upstream.

This is patch for Conexant codec of Intel HDA driver, adding new quirk
for Lenovo Thinkpad T520 and W520. Conexant autodetection works fine for
T520 (similar subsystem ID is used also in W520 model) and detects more
mixer features compared to generic (fallback) Lenovo quirk with
hardcoded options in Conexant codec.

Patch was activelly tested with Linux 3.0.4, 3.0.6 and 3.0.7 without any
problems.

Signed-off-by: Daniel Suchy <danny@danysek.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agocrypto: ghash - Avoid null pointer dereference if no key is set
Nick Bowler [Thu, 20 Oct 2011 12:16:55 +0000 (14:16 +0200)]
crypto: ghash - Avoid null pointer dereference if no key is set

commit 7ed47b7d142ec99ad6880bbbec51e9f12b3af74c upstream.

The ghash_update function passes a pointer to gf128mul_4k_lle which will
be NULL if ghash_setkey is not called or if the most recent call to
ghash_setkey failed to allocate memory.  This causes an oops.  Fix this
up by returning an error code in the null case.

This is trivially triggered from unprivileged userspace through the
AF_ALG interface by simply writing to the socket without setting a key.

The ghash_final function has a similar issue, but triggering it requires
a memory allocation failure in ghash_setkey _after_ at least one
successful call to ghash_update.

  BUG: unable to handle kernel NULL pointer dereference at 00000670
  IP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul]
  *pde = 00000000
  Oops: 0000 [#1] PREEMPT SMP
  Modules linked in: ghash_generic gf128mul algif_hash af_alg nfs lockd nfs_acl sunrpc bridge ipv6 stp llc

  Pid: 1502, comm: hashatron Tainted: G        W   3.1.0-rc9-00085-ge9308cf #32 Bochs Bochs
  EIP: 0060:[<d88c92d4>] EFLAGS: 00000202 CPU: 0
  EIP is at gf128mul_4k_lle+0x23/0x60 [gf128mul]
  EAX: d69db1f0 EBX: d6b8ddac ECX: 00000004 EDX: 00000000
  ESI: 00000670 EDI: d6b8ddac EBP: d6b8ddc8 ESP: d6b8dda4
   DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
  Process hashatron (pid: 1502, ti=d6b8c000 task=d6810000 task.ti=d6b8c000)
  Stack:
   00000000 d69db1f0 00000163 00000000 d6b8ddc8 c101a520 d69db1f0 d52aa000
   00000ff0 d6b8dde8 d88d310f d6b8a3f8 d52aa000 00001000 d88d502c d6b8ddfc
   00001000 d6b8ddf4 c11676ed d69db1e8 d6b8de24 c11679ad d52aa000 00000000
  Call Trace:
   [<c101a520>] ? kmap_atomic_prot+0x37/0xa6
   [<d88d310f>] ghash_update+0x85/0xbe [ghash_generic]
   [<c11676ed>] crypto_shash_update+0x18/0x1b
   [<c11679ad>] shash_ahash_update+0x22/0x36
   [<c11679cc>] shash_async_update+0xb/0xd
   [<d88ce0ba>] hash_sendpage+0xba/0xf2 [algif_hash]
   [<c121b24c>] kernel_sendpage+0x39/0x4e
   [<d88ce000>] ? 0xd88cdfff
   [<c121b298>] sock_sendpage+0x37/0x3e
   [<c121b261>] ? kernel_sendpage+0x4e/0x4e
   [<c10b4dbc>] pipe_to_sendpage+0x56/0x61
   [<c10b4e1f>] splice_from_pipe_feed+0x58/0xcd
   [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
   [<c10b51f5>] __splice_from_pipe+0x36/0x55
   [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
   [<c10b6383>] splice_from_pipe+0x51/0x64
   [<c10b63c2>] ? default_file_splice_write+0x2c/0x2c
   [<c10b63d5>] generic_splice_sendpage+0x13/0x15
   [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
   [<c10b527f>] do_splice_from+0x5d/0x67
   [<c10b6865>] sys_splice+0x2bf/0x363
   [<c129373b>] ? sysenter_exit+0xf/0x16
   [<c104dc1e>] ? trace_hardirqs_on_caller+0x10e/0x13f
   [<c129370c>] sysenter_do_call+0x12/0x32
  Code: 83 c4 0c 5b 5e 5f c9 c3 55 b9 04 00 00 00 89 e5 57 8d 7d e4 56 53 8d 5d e4 83 ec 18 89 45 e0 89 55 dc 0f b6 70 0f c1 e6 04 01 d6 <f3> a5 be 0f 00 00 00 4e 89 d8 e8 48 ff ff ff 8b 45 e0 89 da 0f
  EIP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul] SS:ESP 0068:d6b8dda4
  CR2: 0000000000000670
  ---[ end trace 4eaa2a86a8e2da24 ]---
  note: hashatron[1502] exited with preempt_count 1
  BUG: scheduling while atomic: hashatron/1502/0x10000002
  INFO: lockdep is turned off.
  [...]

Signed-off-by: Nick Bowler <nbowler@elliptictech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>