Modify the request_module to prefix the file system type with "fs-"
and add aliases to all of the filesystems that can be built as modules
to match.
A common practice is to build all of the kernel code and leave code
that is not commonly needed as modules, with the result that many
users are exposed to any bug anywhere in the kernel.
Looking for filesystems with a fs- prefix limits the pool of possible
modules that can be loaded by mount to just filesystems trivially
making things safer with no real cost.
Using aliases means user space can control the policy of which
filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
with blacklist and alias directives. Allowing simple, safe,
well understood work-arounds to known problematic software.
This also addresses a rare but unfortunate problem where the filesystem
name is not the same as it's module name and module auto-loading
would not work. While writing this patch I saw a handful of such
cases. The most significant being autofs that lives in the module
autofs4.
This is relevant to user namespaces because we can reach the request
module in get_fs_type() without having any special permissions, and
people get uncomfortable when a user specified string (in this case
the filesystem type) goes all of the way to request_module.
After having looked at this issue I don't think there is any
particular reason to perform any filtering or permission checks beyond
making it clear in the module request that we want a filesystem
module. The common pattern in the kernel is to call request_module()
without regards to the users permissions. In general all a filesystem
module does once loaded is call register_filesystem() and go to sleep.
Which means there is not much attack surface exposed by loading a
filesytem module unless the filesystem is mounted. In a user
namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
which most filesystems do not set today.
Change-Id: I623b13dbdb44bb9ba7481f29575e1ca4ad8102f4
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Add mutex around qseecom_set_client_mem_param to prevent an
ioctl thread modifying and corrupting data which is being
processed by another ioctl in the other thread
Change-Id: I0cfb8afab4001c2913be693dfe44c761b9568893
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Format specifier %p can leak kernel addresses while not valuing the
kptr_restrict system settings. When kptr_restrict is set to (1), kernel
pointers printed using the %pK format specifier will be replaced with
0's.
So that %pK will not leak kernel pointers to unprivileged users.
So change the format specifier from %p to %pK.
Debugging Note : &pK prints only Zeros as address. if you need actual
address information, pls echo 0 to kptr_restrict.
$ echo 0 > /proc/sys/kernel/kptr_restrict
Bug: 31498159
Change-Id: I0baf2be2d5a476e2e4267f20b99d0ddf5492469e
Signed-off-by: Mallikarjuna Reddy Amireddy <mamire@codeaurora.org>
Make change in __qseecom_load_fw() and qseecom_load_commonlib_image()
to check buffer size before copying img to buffer.
CRs-fixed: 1080290
CAF-Change-Id: I0f48666ac948a9571e249598ae7cc19df9036b1d
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
CVE-2017-0614
Change-Id: Ib5ee6fed48f742e5bd71d3af0a119441c59d2a52
(cherry picked from commit fc2ae27eb9721a0ce050c2062734fec545cda604)
In an error handling case, the QSEECOM_IOCTL_LOAD_APP_REQ ioctl
freed the entry for new TA, but didn't removed it from
qseecom_registered_app_list. Make change to remove it.
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Signed-off-by: Mallikarjuna Reddy Amireddy <mamire@codeaurora.org>
(cherry picked from commit 0ed0f061bcd71940ed65de2ba46e37e709e31471)
Change-Id: Id681fbf3c923027d3db875d506cbe3f971919a8d
Validate pointers send from user space and pointers
embedded within the mesasge sent from user space.
Bug: 28769920
Change-Id: I1be54924ef3d301908af6e8d4e6506f2aa7f6428
Signed-off-by: Mona Hossain <mhossain@codeaurora.org>
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Signed-off-by: Gilad Avidov <giladavidov@google.com>
Validate the caller is the right type for the IOCTL being
issued and inputs are valid.
Bug: 28747998
Change-Id: Iad71f0f5ed4d53c5d011bd55cdf74ec053d09af5
Signed-off-by: Mona Hossain <mhossain@codeaurora.org>
Signed-off-by: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
Validate cmd_req_buf pointer offset in qseecom_send_modfy_cmd, and
make sure cmd buffer address to be within shared bufffer.
Bug: 28804057
Change-Id: I431511a92ab2cccbc2daebc0cf76cc3872689a97
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Printing a string with that does not have null terminated character,
would lead to overflow, as the print continues until it finds a null
terminated character.
Avoid this issue by explicitly assigning a string with null termination.
Bug: 28749708
Change-Id: I9528db2ba046c514d829097d08c09540588bb1a2
Signed-off-by: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
Check if there is no integer overflow before using req_len and
resp_len (received from user space). If an overflow is detected
then exit the operation.
Bug: 28571496
Change-Id: I0459a6992bb3b280db42be63a275c55fa6105b1c
Signed-off-by: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
__copy_from_user does not do address check, so use
copy_from_user instead.
Bug: 28469042
Change-Id: I575c0f3c44b55a521c0d42828988c518c0640a29
CRs-Fixed: 545747
Signed-off-by: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
In order to keep the code consistent with all other platforms, the
thread notifier is changed to profile event notifier.
Change-Id: I5b996c789927b42dacba10af6fe81a21866e2c8f
Adds proc files /proc/uid_cputime/show_uid_stat and
/proc/uid_cputime/remove_uid_range.
show_uid_stat lists the total utime and stime for the active as well as
terminated processes for each of the uids.
Writing a range of uids to remove_uid_range will delete the accounting
for all the uids within that range.
Change-Id: I21d9210379da730b33ddc1a0ea663c8c9d2ac15b
commit bcdee04ea7 upstream.
pci_disable_device(pdev) used to be in pci remove function. But this
PCI device has two functions with interrupt lines connected to a
single pin. The other one is a USB host controller. So when we disable
the PIN there e.g. by rmmod hpilo, the controller stops working. It is
because the interrupt link is disabled in ACPI since it is not
refcounted yet. See acpi_pci_link_free_irq called from
acpi_pci_irq_disable.
It is not the best solution whatsoever, but as a workaround until the
ACPI irq link refcounting is sorted out this should fix the reported
errors.
References: https://lkml.org/lkml/2008/11/4/535
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Grant Grundler <grundler@parisc-linux.org>
Cc: Nobin Mathew <nobin.mathew@gmail.com>
Cc: Robert Hancock <hancockr@shaw.ca>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: David Altobelli <david.altobelli@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a1470c7bf3 upstream.
Bug report from: wenxiong@linux.vnet.ibm.com
The issue is happened in dual controller configuration. We got the
sysfs warnings when rmmod the ipr module.
enclosure_unregister() in drivers/msic/enclosure.c, call device_unregister()
for each componment deivce, device_unregister() ->device_del()->kobject_del()
->sysfs_remove_dir(). In sysfs_remove_dir(), set kobj->sd = NULL.
For each componment device,
enclosure_component_release()->enclosure_remove_links()->sysfs_remove_link()
in which checking kobj->sd again, it has been set as NULL when doing
device_unregister. So we saw all these sysfs WARNING.
Tested-by: wenxiong@linux.vnet.ibm.com
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
A process waiting on a signal can be awaken by any signal. We
need to only continue processing when the condition of the
wait event is met.
Change-Id: Ib2102babbb505876f89b04399729e6ff5a475605
Signed-off-by: Mona Hossain <mhossain@codeaurora.org>
Signed-off-by: Praveen Chavan <pchavan@codeaurora.org>
Information from slimport vendor:
With the wrong value set to SP_TX_AUX_CTRL_REG2, 7808 will try to
write 0x00 to a random offset of EDID in the monitor. if the monitor's
EDID is over written, we make it a bad EDID; with a bad EDID, AP will
output 640x480p only normally. But most of monitors have write protection
of EDID, 7808 is not able over write it.
This issue not able to be reproduced with a monitor with EDID write
protection.
We have to fix this bug in case the very unlucky end user has a monitor
without EDID write protection.
Issue 10062852
Change-Id: Id8eff5a77154d648c8eb5046ef1cf35f4f9a712d
Signed-off-by: yetta_wu <yetta_wu@asus.com>
Avoid collision with ac mode for update power source to touch ic.
Change-Id: I5ce03351d8f93cd758c2238d3a6836816385a22b
Signed-off-by: mars_kao <mars_kao@asus.com>
Suggested by vendor, do slight modification in hdmi_rx_restart_audio_chk
Change-Id: Icba15affc4572b77be98e27c6263489c50bacb1b
Signed-off-by: yetta_wu <yetta_wu@asus.com>
Fix HDMI doesn't work in some connection order
Issue 9599418
Change-Id: I785c38f2818801beb575e5babceb3f784ba6e037
Signed-off-by: yetta_wu <yetta_wu@asus.com>
1.upload firmware to A032.
2.modify driver to update power source when use slim port to hdmi.
A032 fix issue:
9471817:Hover touches.
9366206:Device show multiple-ghost touch after connect HDMI and tilt device to 40~65 degree.
9471956:Unclean lift offs.
9471962:Edge swipes causing hooks or missing touch points.
Noise problem.
Add ESD Protection Mechanism.
Change-Id: I4d22ecc4433ae5fd755a6954c6cd4af5062fb0b3
Signed-off-by: mars_kao <mars_kao@asus.com>
Fix the issue that the slimport detect pin would keep changing high
and low when plug slimport dongle only (no HDMI device).
This would let our device cannot go to tcxo shutdown.
This reverts commit e29e266b40.
Conflicts:
drivers/misc/slimport_anx7808/slimport.c
Change-Id: I261aa09576f555e29479cfc190b6b5d802d5790d
Signed-off-by: yetta_wu <yetta_wu@asus.com>
2013-05-10
V0.4
1. To be compatible with combo dongle.
2. To be compatible with dongle of other venders'.
3. Add HDCP dynamically switch sysfs path
/sys/devices/i2c-0/0-0039/hdcp_switch
4. Add some phy register settings for eye diagram on deb
5. Modify the codes to conform to linux coding style
Change-Id: I22a085be67143c74960f391af03ee42a7106d196
Signed-off-by: yetta_wu <yetta_wu@asus.com>
If connect slimport and boot device, the screen would not show because
slimport detect pin is 1 already. No interrupt to trigger slimport
detect and show.
Change-Id: Id53d23d7ae71588d5679ee87c560442d49468e00
Signed-off-by: yetta_wu <yetta_wu@asus.com>
to make charging IC function correctly
Change-Id: I619ee5eccb85e586b8a5adbacc40115547e1d168
Reviewed-on: http://mcrd1-5.corpnet.asus/code-review/master/68687
Reviewed-by: Yetta Wu <Yetta_Wu@asus.com>
Tested-by: Yetta Wu <Yetta_Wu@asus.com>
Reviewed-by: Warlock Tai <warlock_tai@asus.com>
- Revise gpio settings to active gsbi2 bus in board-flo-gpiomux.c.
- Register both mpu6500 and akm8963 to gsbi2 bus.
- Add drivers for mpu6500 and akm8963 with MotionApps v5.1.4.
Change-Id: I2ddfc1bc28153c6396d5fa0534927ede31383e94
Reviewed-on: http://mcrd1-5.corpnet.asus/code-review/master/68257
Reviewed-by: Jive Hwang <jive_hwang@asus.com>
Tested-by: Jive Hwang <jive_hwang@asus.com>
1. slimport basic function
2. set gpio 50 as 27M clock (function_2, refer to document 80-N7752-2 p.435)
3. request USB_ID pin (gpio 77) to let detect pin work
4. the version history:
V0.1
The gerenal slimport ANX7808 driver for customer evalutaion and application.
2013-01-08
V0.2
1. Add pull down ID_OUT pin once the slimport accessary is plugged, and left it to default status
once the accessay is unplugged.
2. If the incoming video is YUV, convert it to RGB colorspace, since our RGB dangle only support RGB.
2013-01-29
V0.3
1. Correct the error in eye diagram test.
2. Correct the phy auto test.
Change-Id: I0d35945b5682ca736ec00b3d5166001f2ab5dfc3
Change-Id: Ibdf3ba27e119f0ae361b28b1f33f7522d5fdf758
Reviewed-on: http://mcrd1-5.corpnet.asus/code-review/master/67937
Reviewed-by: Yetta Wu <Yetta_Wu@asus.com>
Tested-by: Yetta Wu <Yetta_Wu@asus.com>
Reviewed-by: Warlock Tai <warlock_tai@asus.com>
The device might fall in abnormal state in slimport with power on.
The slimport couldn't detect the cable correctly at that time.
We make a sure that the slimport is in power off before turning it on
to avoid that issue.
Change-Id: I119f17e3767221582d1d4330fdfa913552b84503
When the driver is removed from the kernel, you should nullify the
anx7808_client to avoid wrong detecting the slimport cable.
Because it is used in slimport_is_connected().
Change-Id: Ia9cc580e0463e30008493e628a1d3ea9cb07377c
Possible to use the wake_lock in the interrupt handler before initializing
the wake lock. So you should initialize the wake_lock before using it.
Change-Id: I73c1de326403e24c5ba3dae9654cf6bc06f8ea93
enable_irq_wake is a wrapper function of irq_set_irq_wake(). So you don't need
to use irq_set_irq_wake().
Change-Id: I68ceeda1468b449ba32de63430e45dad5ebfeb15
There are wrong error handling in probe(). For example, if you failed to
request the irq, you don't need to free the irq at that time. You just need
to free the irq after you requested the irq successfully.
Change-Id: I353e0cf79b71af760ba4d478fb39ab888e633d0a
- refactor the driver
- Add a VGA Dongle into RX_VGA (00 22 b9 73 69 76 61)
- recovery when backuped dongle type != current dongle type
Change-Id: I3e4dbaac6085308b1997b6b871a5a52fd91c6972
Since clk_prepare_enable is being used when enabling clocks,
clk_disable_prepare should be used to disable them.
CRs-fixed: 453579
Change-Id: Ic15c99e1fa82e45a3b9165af60c104a6bb736f92
Signed-off-by: Amy Maloche <amaloche@codeaurora.org>
Add device tree (DT) support for isa1200. Extract device
properties from DT and store it in platform data structure.
Change-Id: I9ed9cc36cb07db00634b9e73a8052e62d313d484
Signed-off-by: Amy Maloche <amaloche@codeaurora.org>
There exist a possibility for "handle" input being NULL. We need
to check for this before dereferencing it.
Change-Id: I50c1c6855ad303e05b52e6e37d774551d9db4fc4
Signed-off-by: Mona Hossain <mhossain@codeaurora.org>
Spinlocks are used for locking in process context.
So replace spinlock with mutex.
CRs-fixed: 430723
Change-Id: I7e422234a48de3ea21fd86033bdaad286490924c
Signed-off-by: Mohan Pallaka <mpallaka@codeaurora.org>
(cherry picked from commit 65206ee410894cb15de172a1c06d1490413a4867)
Signed-off-by: Neha Pandey <nehap@codeaurora.org>
The TSPP driver requires using 3 or 4 GPIOs per TSIF instance,
depending on the TSIF operation mode. The driver used to configure
all the GPIOs regardless of TSIF instance and mode.
This commit changes the driver's GPIO configuration mechanism to
take into account the TSIF instance and mode, and use only the relevant
GPIOs. This is required by customers who may now utilize the unused GPIOs
for other purposes.
Change-Id: Ia216f479871e613ca48f73dc63c0a6cdab4dad57
Signed-off-by: Liron Kuch <lkuch@codeaurora.org>
Update the TSPP driver to support using the device tree mechanism
for getting platform-dependent data.
Change-Id: I5ac0f90266c3f30621865cf097db4dba1ee07fc6
Signed-off-by: Liron Kuch <lkuch@codeaurora.org>
