Merge branch 'android-msm-pixel-4.19-rvc' into android-msm-pixel-4.19-rvc-qpr1
Bug: 172309972
Change-Id: I339bb861b5bdfa9a34d7bb21d6be3657c93e9a6d
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 8cbcee7..b9d9ddc 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -873,9 +873,11 @@
}
if (map->flags == ADSP_MMAP_HEAP_ADDR ||
map->flags == ADSP_MMAP_REMOTE_HEAP_ADDR) {
+ spin_lock(&me->hlock);
map->refs--;
if (!map->refs)
hlist_del_init(&map->hn);
+ spin_unlock(&me->hlock);
if (map->refs > 0)
return;
} else {
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index c179cbb..4f68bf4 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -2,7 +2,7 @@
/*
* QTI Crypto Engine driver.
*
- * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.
*/
#define pr_fmt(fmt) "QCE50: %s: " fmt, __func__
@@ -841,6 +841,11 @@
switch (creq->alg) {
case CIPHER_ALG_DES:
if (creq->mode != QCE_MODE_ECB) {
+ if (ivsize > MAX_IV_LENGTH) {
+ pr_err("%s: error: Invalid length parameter\n",
+ __func__);
+ return -EINVAL;
+ }
_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
pce = cmdlistinfo->encr_cntr_iv;
pce->data = enciv32[0];
diff --git a/drivers/gpu/msm/adreno_drawctxt.c b/drivers/gpu/msm/adreno_drawctxt.c
index d81a73b..c6c3a33 100644
--- a/drivers/gpu/msm/adreno_drawctxt.c
+++ b/drivers/gpu/msm/adreno_drawctxt.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
- * Copyright (c) 2002,2007-2019, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2002,2007-2020, The Linux Foundation. All rights reserved.
*/
#include <linux/debugfs.h>
@@ -475,11 +475,12 @@
drawctxt = ADRENO_CONTEXT(context);
rb = drawctxt->rb;
+ spin_lock(&drawctxt->lock);
+
spin_lock(&adreno_dev->active_list_lock);
list_del_init(&drawctxt->active_node);
spin_unlock(&adreno_dev->active_list_lock);
- spin_lock(&drawctxt->lock);
count = drawctxt_detach_drawobjs(drawctxt, list);
spin_unlock(&drawctxt->lock);
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index e7fd0b5..975dd0d 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1766,7 +1766,7 @@
(!regset->active || regset->active(t->task, regset) > 0)) {
int ret;
size_t size = regset_size(t->task, regset);
- void *data = kmalloc(size, GFP_KERNEL);
+ void *data = kzalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
ret = regset->get(t->task, regset,