"LA.UM.9.12.1.r1-09700-SMxx50.QSSI12.0"
* tag 'LA.UM.9.12.1.r1-09700-SMxx50.QSSI12.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19:
adsprpc: Handle UAF scenario in put_args
securemsm-kernel: Decrement the server object ref count in mutex context
qcedev: fix UAF in qcedev_smmu
msm: kgsl: Fix error handling during drawctxt switch
msm: ipa: Add additional cleanup in finish rt rule addition
vidc_3x: Fix cts failures
msm: kgsl: Fix error handling during drawctxt switch
msm: eva: Adding kref count for cvp_get_inst_from_id
msm: adsprpc: use-after-free (UAF) in global maps
scsi: ufs: Add load voting for UFS's VCCQ2 parent regulator
msm: adsprpc: use-after-free (UAF) in global maps
pci: pci-msm-msi: Re-name irq chip name for the driver
rpmsg: glink: Get reference of channel objects in rx path
serial: msm_geni_serial: Make HW Flow off if CRSTCTS flag not set
serial: msm_geni_serial: check ioctl_count with auto_suspend enabled
serial: msm_geni_serial: Move UART Rx path errors to ipc logs
serial: msm_geni_serial: Prevent excessive logging due to WARN_ON
serial: msm_geni_serial: Check for wakeup byte after suspend
serial: msm_geni_serial: Update wakeup byte handling mechanism
serial: msm_geni_serial: Check if workqueue allocation fails
serial: msm_geni_serial: Handle vote_clock_off when rx data is inflight
serial: msm_geni_serial: Check if port is open in msm_geni_wakeup_work
serial: msm_geni_serial: Change wakeup interrupt handling mechanism
serial: msm_geni_serial: Handle delayed Rx cancel cmd interrupt
serial: msm_geni_serial: Handle Rx EOT & DMA_DONE after DMA Reset
ARM: defconfig: Enable config for msm8937_32 and msm8937_32go
ARM: defconfig: Enable config for msm8937
memshare: Prevent possible integer overflow
diag: Correct argument list for debug logs
memshare: Prevent possible integer overflow
soc: qcom: smem: Add boundary checks for partitions
msm: kgsl: Fix upper bound check for iommu address
cnss2: Add support for configuring calibration duration
msm: kgsl: Limit the syncpoint count for AUX commands
msm: kgsl: Prevent wrap around during user address mapping
misc: update nordic DFU function check
msm: kgsl: Use dma_buf_get() to get dma_buf structure
msm: kgsl: Make sure that pool pages don't have any extra references
cnss2: Validate maximum number of memory segments
net: qrtr: fifo: Add bounds check on tx path
icnss2: Add data length validation in cnss_wlfw_qdss_data_send_sync()
cnss2: Unregister host driver during PCI remove
msm: cvp: Resuming DSP if power collapse fails
msm: ADSPRPC: Restrict untrusted applications from attaching to GuestOS
misc: updates to controller's driver
defconfig: Enable KinecticsXR Nordic chip for SKU4
misc: add makefile changes for Nordic chip
msm: synx: fix copyright
defconfig: Enable Novatek NT36xxx Touch for tron target
cnss2: Update bound checks for sbl reg dumps to SRAM mem range
Conflicts:
drivers/soc/qcom/memshare/msm_memshare.c
drivers/soc/qcom/smcinvoke.c
Change-Id: If105d0d4f52aec12ae176eef8cd93b20751b8d62
Fix an out of order definition of MODULE_DEVICE_TABLE, add missing
brackets to fix a suspect indentation warning and mark an
implcit switch fall through.
Fixes: 377c69bf3e72 ("crypto: msm: Add QTI crypto drivers")
Change-Id: Ic0dedbada33fd2e5c692e5f0d64fd0e7b7afb5f1
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Fix the following warning from gcc 7.4.1 with -Werror enabled:
drivers/crypto/msm/qce50.c:4668:28: error: ‘~’ on a boolean expression
[-Werror=bool-operation]
pce_dev->cadence_flag = ~pce_dev->cadence_flag;
drivers/crypto/msm/qce50.c:4668:28: note: did you mean to use logical not?.
Fixes: 377c69bf3e72 ("crypto: msm: Add QTI crypto drivers")
Change-Id: Ic0dedbad73c49d059d68d9412009b74583d33154
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
External researcher found UAF in qcedev_smmu.c on an error condition in
qcedev_check_and_map_buffer. When an error occurs, we free binfo, but it
is still kept in the registeredbufs list. The fix removes it from the
list before freeing binfo.
Change-Id: I0327e456bd46106b12c36a5a21305407aae428dd
Signed-off-by: Daniel Perez-Zoghbi <quic_dperezzo@quicinc.com>
When qcedev module is exiting, it disconnects SPS.
At this times, crypto clocks need to be turned on
or it will cause a synchronous abort.
Tests: rmmod on the qcedev module.
Change-Id: I1721fe408392ef81b07a6c08d2196b2413ba2b2f
Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com>
Signed-off-by: Nageswara reddy Karnati <quic_nkarnati@quicinc.com>
check the num_fds passed into unmap buf ioctl,
or else it can lead to an out of bounds access.
Test: Build compilation. qcedev tests.
Change-Id: I206ba01dfa989346ade769a0f68b372b21f84043
Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com>
Signed-off-by: Pranav Lavhate <quic_plavhate@quicinc.com>
ice_type defined in local scope and is passed to class_create
function where it saves the passed buffer as name identifier.
Due to local scope the passed buffer becomes invalid and if
read during uevent can cause in stack-out-of-bounds errors.
This change adds two variable is_sdcc_ice and is_ufscard_ice
which is used to determine corrrect ice instance name. ice
instance names are global macro which is passed to clas_create
which fix stack-out-of-bound issue due to local scope.
Change-Id: I59e617263801a0741e45d423401ce1232b3d65d1
Signed-off-by: Jiten Patel <jitepate@codeaurora.org>
QSEECOM sets the Full Disk Encryption(FDE) key into
slot 0 by default, but for File Based Encryption(FBE)
device where Metadata Encryption(ME) is enabled, slot zero
is already used. So, an ioctl for setting FDE key into
Inline Crypto Engine(ICE) when called on device with ME
enabled, would overwrite the key set for ME, and hence
would lead to failure during reboot. Hence, set the slot
value of FDE key as 31 which is the last slot supported.
Use the same slot during read/write operations as well.
Tests: 1. Device bootup for sdm660 target with FDE enabled
2. OTA update of kernel images with fix included.
Change-Id: Id77c4e55ce5740fd8babdfa690d3c39d39258f6e
Signed-off-by: Vaibhav Agrawal <vagrawa@codeaurora.org>
Adding fix to check the upper limit on the length
of the destination array while copying elements
from source address to avoid stack out of bound error.
Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538
Signed-off-by: Monika Singh <monising@codeaurora.org>
With new file encryption framework the crypto
vops should support crypto configuration for block
disk encryption feature as well.
Add ice.c and ice.h files, Ported and fixed the merged conflicts in
cqhci-crypto-qti.c file. (cherry picked from mainline kernel_msm-4.14
commit: 3317668)
Conflicts:-
drivers/mmc/host/cqhci-crypto-qti.c
drivers/crypto/msm/iceregs.h
drivers/crypto/msm/ice.c
new files added:-
drivers/crypto/msm/iceregs.h
drivers/crypto/msm/ice.c
Validations done:-
1) Device bootup successfully to UI.
2) Unlock device by PIN set on Q build.
3) adb shell getprop ro.crypto.state: encrypted
adb shell getprop ro.crypto.type: block
4) After OTA check WIFI and BT scanning success.
5) Launch browser and do browsing(success).
6) Settings-> sound -> check the ringtones(old save ringtones retained).
Change-Id: I1504a023f91376b207d9af19ad097405a3a42c85
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Signed-off-by: Jiten Patel <jitepate@codeaurora.org>
Adding fix to check the upper limit on the length
of the destination array while copying elements from
source address to avoid stack out of bound error.
Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471
Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
General Purpose Crypto Engine (GPCE) hardware has added SHA/HMAC
384/512 in v5.4.0 and above. Hence adding support for SHA/HMAC
384/512 in kernel crypto drivers.
Change-Id: I540cab6d627008508d01c1c3df3ca36abf0e70e0
Signed-off-by: Monika Singh <monising@codeaurora.org>
NULL pointer is dereferenced after checking with NULL, which
needs to fix to avoid NULL pointer exception.
Change-Id: I2a95c2f74b72e43931b6fe93671953a27566d8a3
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
pr_err is replaced with pr_debug to avoid any error statement
in kernel logs when debugfs is disabled on production builds.
Change-Id: I660e4d085fa4c2cdf4d3cd03b6cf1fadba9f3b8f
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
pr_err is replaced with pr_debug to avoid any error statement
in kernel logs when debugfs is disabled on production builds.
Change-Id: Ic2371bb9d62d2a281808cc34d79170aabc496627
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
_qcrypto_init() should not be dependent on DEBUG_FS
API's returning success. Continue device init,
when DEBUG_FS is disabled.
Change-Id: I3298f2644c2f3ed6f417170e4c3ceaab8aa46dd1
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
qcedev_init() should not be dependent on DEBUG_FS
API's returning success. Continue device init,
when DEBUG_FS is disabled.
Change-Id: Iebe1faf68e4629bbb419479821fb777c8834b93f
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Make change to enable/disable clock just before/after crypto operation.
Change-Id: I0fad859b142ccc6250d597e07aff7c530d40154f
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Set the max value of num_fds to QCEDEV_MAX_BUFFERS to prevent
out of bound access of fd, fd_size, fd_offset array.
Change-Id: I88889472a4bd14f786588bd2c9e06e69a98e94c9
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
This changes ensures that correct value is returned from suspend
function when timeout occurs and ice is still busy.
Change-Id: Ic93ae41126d6146423d8203dcec5dbcbb6a52739
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
Crypto engine can be put to suspend by host controller after workqueue
is scheduled. Also shutdown sequence can be ongoing while workqueue is
scheduled/executing. The request passed to crypto driver in these
cases can be invalidated by host device driver. So check for crypto
engine state before processing the pending requests.
Change-Id: I4aa2a211e439a876c8525ab062a7cb917b4e2d7e
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
Add limit to size of ice instance type name to eliminate possibility of
buffer overflow.
Change-Id: I974eb82acd2de5231897b647c92f749dfb944350
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
Validity of pointer returned from kmalloc is checked before
dereferencing it and the correct error code is propogated
forward for effective handling by the system.
Change-Id: If2fc0395f19b2cc07a3655571e52217d67a7ef93
Signed-off-by: Prerna Kalla <prernak@codeaurora.org>
Add ICE support for the new UFS card by
handling the ice device appropriately in
PFK.
Change-Id: I69f8d7b3560f854929f043d3f6f694cc28ff3dac
Signed-off-by: Gaurav Kashyap <gaurkash@codeaurora.org>
This is a snapshot of the crypto drivers as of msm-4.14
commit <0c0f7fab791> (crypto: qcedev: Fix out of memory issue)
with changes to comply with msm-4.19 format requirement.
Change-Id: Ic566a15e41511d229a9e476c03962753da583946
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Ths is a snapshot of the crypto drivers as of msm-4.14 commit
<5d5c991894e> (ARM: dts: msm: Add glink pkt channels for
sdxprairie).
Change-Id: I61e36e2b9efe06c2506aabfa8a088a32c79c4519
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
