Merge "fix the missing hub_release declaration" into mnc-dr-dev-qcom-lego
diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
index 0f288a7c..a0c1e31 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -240,6 +240,7 @@
pr_err("Event: %llx failed constraint check.\n",
event->attr.config);
event->state = PERF_EVENT_STATE_OFF;
+ err = -EPERM;
goto out;
}
diff --git a/arch/arm/mach-msm/perf_event_msm_krait_l2.c b/arch/arm/mach-msm/perf_event_msm_krait_l2.c
index 65a5d2f..cc39b71 100644
--- a/arch/arm/mach-msm/perf_event_msm_krait_l2.c
+++ b/arch/arm/mach-msm/perf_event_msm_krait_l2.c
@@ -468,6 +468,7 @@
if (!(event->cpu < 0)) {
event->state = PERF_EVENT_STATE_OFF;
event->attr.constraint_duplicate = 1;
+ err = -EPERM;
}
}
out:
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index 6669600..716fbd59 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -98,7 +98,7 @@
#define __P001 __PAGE_READONLY
#define __P010 __PAGE_COPY
#define __P011 __PAGE_COPY
-#define __P100 __PAGE_EXECONLY
+#define __P100 __PAGE_EXECONLY_EXEC
#define __P101 __PAGE_READONLY_EXEC
#define __P110 __PAGE_COPY_EXEC
#define __P111 __PAGE_COPY_EXEC
@@ -107,7 +107,7 @@
#define __S001 __PAGE_READONLY
#define __S010 __PAGE_SHARED
#define __S011 __PAGE_SHARED
-#define __S100 __PAGE_EXECONLY
+#define __S100 __PAGE_EXECONLY_EXEC
#define __S101 __PAGE_READONLY_EXEC
#define __S110 __PAGE_SHARED_EXEC
#define __S111 __PAGE_SHARED_EXEC
@@ -144,8 +144,6 @@
#define pte_write(pte) (!!(pte_val(pte) & PTE_WRITE))
#define pte_exec(pte) (!(pte_val(pte) & PTE_UXN))
-#define pte_valid_ng(pte) \
- ((pte_val(pte) & (PTE_VALID | PTE_NG)) == (PTE_VALID | PTE_NG))
#define pte_valid_user(pte) \
((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
#define pte_valid_not_user(pte) \
@@ -224,7 +222,7 @@
static inline void set_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t *ptep, pte_t pte)
{
- if (pte_valid_ng(pte)) {
+ if (pte_valid_user(pte)) {
if (!pte_special(pte) && pte_exec(pte))
__sync_icache_dcache(pte, addr);
if (pte_dirty(pte) && pte_write(pte))
diff --git a/drivers/gpu/msm/kgsl_sync.c b/drivers/gpu/msm/kgsl_sync.c
index b80b699..eac5b5d 100644
--- a/drivers/gpu/msm/kgsl_sync.c
+++ b/drivers/gpu/msm/kgsl_sync.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2016, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -464,23 +464,23 @@
goto out;
}
+ kref_init(&syncsource->refcount);
+ syncsource->private = private;
+
idr_preload(GFP_KERNEL);
spin_lock(&private->syncsource_lock);
id = idr_alloc(&private->syncsource_idr, syncsource, 1, 0, GFP_NOWAIT);
- spin_unlock(&private->syncsource_lock);
- idr_preload_end();
-
if (id > 0) {
- kref_init(&syncsource->refcount);
syncsource->id = id;
- syncsource->private = private;
-
param->id = id;
ret = 0;
} else {
ret = id;
}
+ spin_unlock(&private->syncsource_lock);
+ idr_preload_end();
+
out:
if (ret) {
if (syncsource && syncsource->oneshot)
@@ -538,25 +538,23 @@
{
struct kgsl_syncsource_destroy *param = data;
struct kgsl_syncsource *syncsource = NULL;
- struct kgsl_process_private *private;
+ struct kgsl_process_private *private = dev_priv->process_priv;
- syncsource = kgsl_syncsource_get(dev_priv->process_priv,
- param->id);
+ spin_lock(&private->syncsource_lock);
+ syncsource = idr_find(&private->syncsource_idr, param->id);
+
+ if (syncsource) {
+ idr_remove(&private->syncsource_idr, param->id);
+ syncsource->id = 0;
+ }
+
+ spin_unlock(&private->syncsource_lock);
if (syncsource == NULL)
return -EINVAL;
- private = syncsource->private;
-
- spin_lock(&private->syncsource_lock);
- idr_remove(&private->syncsource_idr, param->id);
- syncsource->id = 0;
- spin_unlock(&private->syncsource_lock);
-
/* put reference from syncsource creation */
kgsl_syncsource_put(syncsource);
- /* put reference from getting the syncsource above */
- kgsl_syncsource_put(syncsource);
return 0;
}
diff --git a/drivers/misc/shsensor_hub/ml630q790/ml630q790.c b/drivers/misc/shsensor_hub/ml630q790/ml630q790.c
index 5888d8d..109ed9c 100755
--- a/drivers/misc/shsensor_hub/ml630q790/ml630q790.c
+++ b/drivers/misc/shsensor_hub/ml630q790/ml630q790.c
@@ -9022,7 +9022,7 @@
shub_qos_end();
if(ret != SHUB_RC_OK) {
DBG(DBG_LV_ERROR, "Failed shub_initialize. ret=%x\n", ret);
- goto REGIST_ERR;
+ return -ENODEV;
}
DBG(DBG_LV_INFO, "Init Complete!!!\n");
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index c6fa1ee..80c9f8e 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1028,10 +1028,20 @@
unsigned delay;
/* Continue a partial initialization */
- if (type == HUB_INIT2)
- goto init2;
- if (type == HUB_INIT3)
+ if (type == HUB_INIT2 || type == HUB_INIT3) {
+ device_lock(hub->intfdev);
+
+ /* Was the hub disconnected while we were waiting? */
+ if (hub->disconnected) {
+ device_unlock(hub->intfdev);
+ kref_put(&hub->kref, hub_release);
+ return;
+ }
+ if (type == HUB_INIT2)
+ goto init2;
goto init3;
+ }
+ kref_get(&hub->kref);
/* The superspeed hub except for root hub has to use Hub Depth
* value as an offset into the route string to locate the bits
@@ -1237,6 +1247,7 @@
PREPARE_DELAYED_WORK(&hub->init_work, hub_init_func3);
schedule_delayed_work(&hub->init_work,
msecs_to_jiffies(delay));
+ device_unlock(hub->intfdev);
return; /* Continues at init3: below */
} else {
msleep(delay);
@@ -1257,6 +1268,11 @@
/* Allow autosuspend if it was suppressed */
if (type <= HUB_INIT3)
usb_autopm_put_interface_async(to_usb_interface(hub->intfdev));
+
+ if (type == HUB_INIT2 || type == HUB_INIT3)
+ device_unlock(hub->intfdev);
+
+ kref_put(&hub->kref, hub_release);
}
/* Implement the continuations for the delays above */
diff --git a/drivers/usb/dwc3/debugfs.c b/drivers/usb/dwc3/debugfs.c
index 014b3a9..29cdc99e 100644
--- a/drivers/usb/dwc3/debugfs.c
+++ b/drivers/usb/dwc3/debugfs.c
@@ -650,7 +650,7 @@
struct seq_file *s = file->private_data;
struct dwc3 *dwc = s->private;
char kbuf[10];
- unsigned int num, dir;
+ unsigned int num, dir, temp;
unsigned long flags;
memset(kbuf, 0, 10);
@@ -661,8 +661,16 @@
if (sscanf(kbuf, "%u %u", &num, &dir) != 2)
return -EINVAL;
+ if (dir != 0 && dir != 1)
+ return -EINVAL;
+
+ temp = (num << 1) + dir;
+ if (temp >= (dwc->num_in_eps + dwc->num_out_eps) ||
+ temp >= DWC3_ENDPOINTS_NUM)
+ return -EINVAL;
+
spin_lock_irqsave(&dwc->lock, flags);
- ep_num = (num << 1) + dir;
+ ep_num = temp;
spin_unlock_irqrestore(&dwc->lock, flags);
return count;
diff --git a/drivers/video/adf/adf_client.c b/drivers/video/adf/adf_client.c
index 8061d8e..0f1a04f 100644
--- a/drivers/video/adf/adf_client.c
+++ b/drivers/video/adf/adf_client.c
@@ -305,9 +305,10 @@
}
done:
- if (ret < 0)
+ if (ret < 0) {
adf_buffer_mapping_cleanup(mapping, buf);
-
+ memset(mapping, 0, sizeof(*mapping));
+ }
return ret;
}
diff --git a/fs/aio.c b/fs/aio.c
index ded94c4..9798d4e 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -977,12 +977,17 @@
static ssize_t aio_setup_single_vector(int rw, struct kiocb *kiocb)
{
- if (unlikely(!access_ok(!rw, kiocb->ki_buf, kiocb->ki_nbytes)))
- return -EFAULT;
+ size_t len = kiocb->ki_nbytes;
+
+ if (len > MAX_RW_COUNT)
+ len = MAX_RW_COUNT;
+
+ if (unlikely(!access_ok(!rw, kiocb->ki_buf, len)))
+ return -EFAULT;
kiocb->ki_iovec = &kiocb->ki_inline_vec;
kiocb->ki_iovec->iov_base = kiocb->ki_buf;
- kiocb->ki_iovec->iov_len = kiocb->ki_nbytes;
+ kiocb->ki_iovec->iov_len = len;
kiocb->ki_nr_segs = 1;
return 0;
}
diff --git a/include/linux/poison.h b/include/linux/poison.h
index 2110a81..253c9b4 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
* under normal circumstances, used to verify that nobody uses
* non-initialized list entries.
*/
-#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA)
-#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA)
+#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
+#define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA)
/********** include/linux/timer.h **********/
/*
diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index 0991d30..fd89706 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -1212,6 +1212,12 @@
ac->port[dir].buf = buf;
+ /* check for integer overflow */
+ if ((bufcnt > 0) && ((INT_MAX / bufcnt) < bufsz)) {
+ pr_err("%s: integer overflow\n", __func__);
+ mutex_unlock(&ac->cmd_lock);
+ goto fail;
+ }
bytes_to_alloc = bufsz * bufcnt;
/* The size to allocate should be multiple of 4K bytes */
