Revert "Keep history after reset to baedb01"
This reverts commit b3623962bb6bb253d1504dd890bf87ac27556044, reversing
changes made to 950d95a4987aa899e5c259b97d2774181113ef49.
Change-Id: I8d7e4171184086bd8c3d014bafb68ab62545df1f
Signed-off-by: Patrick Tjin <pattjin@google.com>
diff --git a/arch/arm/mach-msm/perf_event_msm_krait_l2.c b/arch/arm/mach-msm/perf_event_msm_krait_l2.c
index c9e2b8f..e15604b 100644
--- a/arch/arm/mach-msm/perf_event_msm_krait_l2.c
+++ b/arch/arm/mach-msm/perf_event_msm_krait_l2.c
@@ -18,13 +18,15 @@
#include <mach/msm-krait-l2-accessors.h>
+#define PMU_CODES_SIZE 64
+
/*
* The L2 PMU is shared between all CPU's, so protect
* its bitmap access.
*/
struct pmu_constraints {
u64 pmu_bitmap;
- u8 codes[64];
+ u8 codes[PMU_CODES_SIZE];
raw_spinlock_t lock;
} l2_pmu_constraints = {
.pmu_bitmap = 0,
@@ -419,7 +421,7 @@
u8 group = evt_type & 0x0000F;
u8 code = (evt_type & 0x00FF0) >> 4;
unsigned long flags;
- u32 err = 0;
+ int err = 0;
u64 bitmap_t;
u32 shift_idx;
@@ -436,6 +438,11 @@
shift_idx = ((reg * 4) + group);
+ if (shift_idx >= PMU_CODES_SIZE) {
+ err = -EINVAL;
+ goto out;
+ }
+
bitmap_t = 1 << shift_idx;
if (!(l2_pmu_constraints.pmu_bitmap & bitmap_t)) {
@@ -476,12 +483,17 @@
unsigned long flags;
u64 bitmap_t;
u32 shift_idx;
+ int err = 1;
if (evt_prefix == L2_TRACECTR_PREFIX)
return 1;
raw_spin_lock_irqsave(&l2_pmu_constraints.lock, flags);
shift_idx = ((reg * 4) + group);
+ if (shift_idx >= PMU_CODES_SIZE) {
+ err = -EINVAL;
+ goto out;
+ }
bitmap_t = 1 << shift_idx;
@@ -492,7 +504,8 @@
l2_pmu_constraints.codes[shift_idx] = -1;
raw_spin_unlock_irqrestore(&l2_pmu_constraints.lock, flags);
- return 1;
+out:
+ return err;
}
int get_num_events(void)
diff --git a/drivers/media/platform/msm/vidc/hfi_response_handler.c b/drivers/media/platform/msm/vidc/hfi_response_handler.c
index f41e68e..ede7539 100644
--- a/drivers/media/platform/msm/vidc/hfi_response_handler.c
+++ b/drivers/media/platform/msm/vidc/hfi_response_handler.c
@@ -78,6 +78,26 @@
return vidc_err;
}
+static int validate_session_pkt(struct list_head *sessions,
+ struct hal_session *sess, struct mutex *session_lock)
+{
+ struct hal_session *session;
+ int invalid = 1;
+ if (session_lock) {
+ mutex_lock(session_lock);
+ list_for_each_entry(session, sessions, list) {
+ if (session == sess) {
+ invalid = 0;
+ break;
+ }
+ }
+ mutex_unlock(session_lock);
+ }
+ if (invalid)
+ dprintk(VIDC_WARN, "Invalid session from FW: %p\n", sess);
+ return invalid;
+}
+
static void hfi_process_sess_evt_seq_changed(
msm_vidc_callback callback, u32 device_id,
struct hfi_msg_event_notify_packet *pkt)
@@ -197,8 +217,10 @@
}
static void hfi_process_event_notify(
msm_vidc_callback callback, u32 device_id,
- struct hfi_msg_event_notify_packet *pkt)
+ struct hfi_msg_event_notify_packet *pkt,
+ struct list_head *sessions, struct mutex *session_lock)
{
+ struct hal_session *sess = NULL;
dprintk(VIDC_DBG, "RECVD:EVENT_NOTIFY");
if (!callback || !pkt ||
@@ -206,6 +228,7 @@
dprintk(VIDC_ERR, "Invalid Params");
return;
}
+ sess = (struct hal_session *)pkt->session_id;
switch (pkt->event_id) {
case HFI_EVENT_SYS_ERROR:
@@ -215,11 +238,14 @@
break;
case HFI_EVENT_SESSION_ERROR:
dprintk(VIDC_ERR, "HFI_EVENT_SESSION_ERROR");
- hfi_process_session_error(callback, device_id, pkt);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_error(callback, device_id, pkt);
break;
case HFI_EVENT_SESSION_SEQUENCE_CHANGED:
dprintk(VIDC_INFO, "HFI_EVENT_SESSION_SEQUENCE_CHANGED");
- hfi_process_sess_evt_seq_changed(callback, device_id, pkt);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_sess_evt_seq_changed(callback,
+ device_id, pkt);
break;
case HFI_EVENT_SESSION_PROPERTY_CHANGED:
dprintk(VIDC_INFO, "HFI_EVENT_SESSION_PROPERTY_CHANGED");
@@ -1183,9 +1209,11 @@
u32 hfi_process_msg_packet(
msm_vidc_callback callback, u32 device_id,
- struct vidc_hal_msg_pkt_hdr *msg_hdr)
+ struct vidc_hal_msg_pkt_hdr *msg_hdr,
+ struct list_head *sessions, struct mutex *session_lock)
{
u32 rc = 0;
+ struct hal_session *sess = NULL;
if (!callback || !msg_hdr || msg_hdr->size <
VIDC_IFACEQ_MIN_PKT_SIZE) {
dprintk(VIDC_ERR, "hal_process_msg_packet:bad"
@@ -1196,10 +1224,14 @@
dprintk(VIDC_INFO, "Received: 0x%x in ", msg_hdr->packet);
rc = (u32) msg_hdr->packet;
+ sess = (struct hal_session *)((struct
+ vidc_hal_session_cmd_pkt*) msg_hdr)->session_id;
+
switch (msg_hdr->packet) {
case HFI_MSG_EVENT_NOTIFY:
hfi_process_event_notify(callback, device_id,
- (struct hfi_msg_event_notify_packet *) msg_hdr);
+ (struct hfi_msg_event_notify_packet *) msg_hdr,
+ sessions, session_lock);
break;
case HFI_MSG_SYS_INIT_DONE:
hfi_process_sys_init_done(callback, device_id,
@@ -1209,9 +1241,10 @@
case HFI_MSG_SYS_IDLE:
break;
case HFI_MSG_SYS_SESSION_INIT_DONE:
- hfi_process_session_init_done(callback, device_id,
- (struct hfi_msg_sys_session_init_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_init_done(callback, device_id,
+ (struct hfi_msg_sys_session_init_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SYS_PROPERTY_INFO:
hfi_process_sys_property_info(
@@ -1219,68 +1252,81 @@
msg_hdr);
break;
case HFI_MSG_SYS_SESSION_END_DONE:
- hfi_process_session_end_done(callback, device_id,
- (struct hfi_msg_sys_session_end_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_end_done(callback, device_id,
+ (struct hfi_msg_sys_session_end_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_LOAD_RESOURCES_DONE:
- hfi_process_session_load_res_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_load_res_done(callback, device_id,
(struct hfi_msg_session_load_resources_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_START_DONE:
- hfi_process_session_start_done(callback, device_id,
- (struct hfi_msg_session_start_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_start_done(callback, device_id,
+ (struct hfi_msg_session_start_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_STOP_DONE:
- hfi_process_session_stop_done(callback, device_id,
- (struct hfi_msg_session_stop_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_stop_done(callback, device_id,
+ (struct hfi_msg_session_stop_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_EMPTY_BUFFER_DONE:
- hfi_process_session_etb_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_etb_done(callback, device_id,
(struct hfi_msg_session_empty_buffer_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_FILL_BUFFER_DONE:
- hfi_process_session_ftb_done(callback, device_id, msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_ftb_done(callback, device_id,
+ msg_hdr);
break;
case HFI_MSG_SESSION_FLUSH_DONE:
- hfi_process_session_flush_done(callback, device_id,
- (struct hfi_msg_session_flush_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_flush_done(callback, device_id,
+ (struct hfi_msg_session_flush_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_PROPERTY_INFO:
- hfi_process_session_prop_info(callback, device_id,
- (struct hfi_msg_session_property_info_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_prop_info(callback, device_id,
+ (struct hfi_msg_session_property_info_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_RELEASE_RESOURCES_DONE:
- hfi_process_session_rel_res_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_rel_res_done(callback, device_id,
(struct hfi_msg_session_release_resources_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SYS_RELEASE_RESOURCE:
hfi_process_sys_rel_resource_done(callback, device_id,
(struct hfi_msg_sys_release_resource_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_GET_SEQUENCE_HEADER_DONE:
- hfi_process_session_get_seq_hdr_done(
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_get_seq_hdr_done(
callback, device_id, (struct
hfi_msg_session_get_sequence_header_done_packet*)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_RELEASE_BUFFERS_DONE:
- hfi_process_session_rel_buf_done(
- callback, device_id, (struct
- hfi_msg_session_release_buffers_done_packet*)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_rel_buf_done(callback, device_id,
+ (struct hfi_msg_session_release_buffers_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SYS_SESSION_ABORT_DONE:
- hfi_process_session_abort_done(callback, device_id, (struct
- hfi_msg_sys_session_abort_done_packet*) msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_abort_done(callback, device_id,
+ (struct hfi_msg_sys_session_abort_done_packet *)
+ msg_hdr);
break;
default:
dprintk(VIDC_DBG, "UNKNOWN_MSG_TYPE : %d", msg_hdr->packet);
diff --git a/drivers/media/platform/msm/vidc/msm_vidc.c b/drivers/media/platform/msm/vidc/msm_vidc.c
index 6c7205a..414e564 100644
--- a/drivers/media/platform/msm/vidc/msm_vidc.c
+++ b/drivers/media/platform/msm/vidc/msm_vidc.c
@@ -694,11 +694,23 @@
return 0;
}
+static bool valid_v4l2_buffer(struct v4l2_buffer *b,
+ struct msm_vidc_inst *inst) {
+ enum vidc_ports port =
+ !V4L2_TYPE_IS_MULTIPLANAR(b->type) ? MAX_PORT_NUM :
+ b->type == V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE ? CAPTURE_PORT :
+ b->type == V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE ? OUTPUT_PORT :
+ MAX_PORT_NUM;
+
+ return port != MAX_PORT_NUM &&
+ inst->fmts[port]->num_planes == b->length;
+}
+
int msm_vidc_prepare_buf(void *instance, struct v4l2_buffer *b)
{
struct msm_vidc_inst *inst = instance;
- if (!inst || !b)
+ if (!inst || !b || !valid_v4l2_buffer(b, inst))
return -EINVAL;
if (is_dynamic_output_buffer_mode(b, inst)) {
@@ -840,15 +852,9 @@
int rc = 0;
int i;
- if (!inst || !b)
+ if (!inst || !b || !valid_v4l2_buffer(b, inst))
return -EINVAL;
- if (b->length > VIDEO_MAX_PLANES) {
- dprintk(VIDC_ERR, "num planes exceeds max: %d\n",
- b->length);
- return -EINVAL;
- }
-
if (is_dynamic_output_buffer_mode(b, inst)) {
if (b->m.planes[0].reserved[0])
inst->map_output_buffer = true;
@@ -913,15 +919,9 @@
struct buffer_info *buffer_info = NULL;
int i = 0, rc = 0;
- if (!inst || !b)
+ if (!inst || !b || !valid_v4l2_buffer(b, inst))
return -EINVAL;
- if (b->length > VIDEO_MAX_PLANES) {
- dprintk(VIDC_ERR, "num planes exceed maximum: %d\n",
- b->length);
- return -EINVAL;
- }
-
if (inst->session_type == MSM_VIDC_DECODER)
rc = msm_vdec_dqbuf(instance, b);
if (inst->session_type == MSM_VIDC_ENCODER)
diff --git a/drivers/media/platform/msm/vidc/q6_hfi.c b/drivers/media/platform/msm/vidc/q6_hfi.c
index bc3b93d..9148846 100644
--- a/drivers/media/platform/msm/vidc/q6_hfi.c
+++ b/drivers/media/platform/msm/vidc/q6_hfi.c
@@ -184,7 +184,8 @@
if (!rc)
hfi_process_msg_packet(device->callback,
device->device_id,
- (struct vidc_hal_msg_pkt_hdr *) packet);
+ (struct vidc_hal_msg_pkt_hdr *) packet,
+ &device->sess_head, &device->session_lock);
} while (!rc);
if (rc != -ENODATA)
@@ -483,6 +484,7 @@
}
INIT_LIST_HEAD(&dev->sess_head);
+ mutex_init(&dev->session_lock);
if (!dev->event_queue.buffer) {
rc = q6_init_event_queue(dev);
@@ -583,7 +585,9 @@
rc = -EBADE;
goto err_session_init;
}
+ mutex_lock(&dev->session_lock);
list_add_tail(&new_session->list, &dev->sess_head);
+ mutex_unlock(&dev->session_lock);
return new_session;
err_session_init:
@@ -646,7 +650,11 @@
sess_close = session;
dprintk(VIDC_DBG, "deleted the session: 0x%x",
sess_close->session_id);
+ mutex_lock(&((struct q6_hfi_device *)
+ sess_close->device)->session_lock);
list_del(&sess_close->list);
+ mutex_unlock(&((struct q6_hfi_device *)
+ sess_close->device)->session_lock);
kfree(sess_close);
return 0;
}
diff --git a/drivers/media/platform/msm/vidc/q6_hfi.h b/drivers/media/platform/msm/vidc/q6_hfi.h
index 3dc4607..c2ed918 100644
--- a/drivers/media/platform/msm/vidc/q6_hfi.h
+++ b/drivers/media/platform/msm/vidc/q6_hfi.h
@@ -43,6 +43,7 @@
struct q6_resources resources;
struct msm_vidc_platform_resources *res;
void *apr;
+ struct mutex session_lock;
};
struct q6_apr_cmd_sys_init_packet {
diff --git a/drivers/media/platform/msm/vidc/venus_hfi.c b/drivers/media/platform/msm/vidc/venus_hfi.c
index ea2d6df..c33bfa0 100644
--- a/drivers/media/platform/msm/vidc/venus_hfi.c
+++ b/drivers/media/platform/msm/vidc/venus_hfi.c
@@ -1045,6 +1045,7 @@
INIT_LIST_HEAD(&dev->sess_head);
mutex_init(&dev->read_lock);
mutex_init(&dev->write_lock);
+ mutex_init(&dev->session_lock);
venus_hfi_set_registers(dev);
if (!dev->hal_client) {
@@ -1484,7 +1485,10 @@
else if (session_type == 2)
new_session->is_decoder = 1;
new_session->device = dev;
+
+ mutex_lock(&dev->session_lock);
list_add_tail(&new_session->list, &dev->sess_head);
+ mutex_unlock(&dev->session_lock);
if (create_pkt_cmd_sys_session_init(&pkt, (u32)new_session,
session_type, codec_type)) {
@@ -1554,7 +1558,11 @@
sess_close = session;
dprintk(VIDC_DBG, "deleted the session: 0x%p",
sess_close);
+ mutex_lock(&((struct venus_hfi_device *)
+ sess_close->device)->session_lock);
list_del(&sess_close->list);
+ mutex_unlock(&((struct venus_hfi_device *)
+ sess_close->device)->session_lock);
kfree(sess_close);
return 0;
}
@@ -1985,7 +1993,8 @@
while (!venus_hfi_iface_msgq_read(device, packet)) {
rc = hfi_process_msg_packet(device->callback,
device->device_id,
- (struct vidc_hal_msg_pkt_hdr *) packet);
+ (struct vidc_hal_msg_pkt_hdr *) packet,
+ &device->sess_head, &device->session_lock);
if (rc == HFI_MSG_EVENT_NOTIFY)
venus_hfi_process_msg_event_notify(
device, (void *)packet);
diff --git a/drivers/media/platform/msm/vidc/venus_hfi.h b/drivers/media/platform/msm/vidc/venus_hfi.h
index a59a053..44cdf31 100644
--- a/drivers/media/platform/msm/vidc/venus_hfi.h
+++ b/drivers/media/platform/msm/vidc/venus_hfi.h
@@ -188,6 +188,7 @@
struct mutex read_lock;
struct mutex write_lock;
struct mutex clock_lock;
+ struct mutex session_lock;
msm_vidc_callback callback;
struct vidc_mem_addr iface_q_table;
struct vidc_mem_addr qdss;
diff --git a/drivers/media/platform/msm/vidc/vidc_hfi.h b/drivers/media/platform/msm/vidc/vidc_hfi.h
index 8a03751..a664622 100644
--- a/drivers/media/platform/msm/vidc/vidc_hfi.h
+++ b/drivers/media/platform/msm/vidc/vidc_hfi.h
@@ -848,6 +848,7 @@
};
u32 hfi_process_msg_packet(msm_vidc_callback callback,
- u32 device_id, struct vidc_hal_msg_pkt_hdr *msg_hdr);
+ u32 device_id, struct vidc_hal_msg_pkt_hdr *msg_hdr,
+ struct list_head *sessions, struct mutex *session_lock);
#endif
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index e9c81b8..15f15d5 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -1017,10 +1017,12 @@
} else if (subelt_id == WPS_ID_DEVICE_NAME) {
char devname[100];
size_t namelen = MIN(subelt_len, sizeof(devname));
- memcpy(devname, subel, namelen);
- devname[namelen-1] = '\0';
- WL_DBG((" attr WPS_ID_DEVICE_NAME: %s (len %u)\n",
- devname, subelt_len));
+ if (namelen) {
+ memcpy(devname, subel, namelen);
+ devname[namelen - 1] = '\0';
+ WL_DBG((" attr WPS_ID_DEVICE_NAME: %s (len %u)\n",
+ devname, subelt_len));
+ }
} else if (subelt_id == WPS_ID_DEVICE_PWD_ID) {
valptr[0] = *subel;
valptr[1] = *(subel + 1);