Add mutex lock to protect private data in _put() and
get() calls.
Change-Id: I776ba5739fec4f1ff6542ef48de79ad3873f1161
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Add mutex lock to protect private data in _put() and
get() calls.
Change-Id: I92f5a6515b6d1c4ad650a7dcf22a0a231a84dd30
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
There is race condition around private data used in put() and get()
of few mixer ctls with close() callback.Add global mutex lock and
code changes to protect such critical section by accessing such lock.
Change-Id: I276c2a234cfcbef88b4272b945e5c3f121e8eb32
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Payload size is not checked before payload access. Check it
to avoid out-of-boundary memory access.
Change-Id: I913e37ba8eaa3451934b88de1e6b14a5e83f493b
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
APPS crashes randomly due to invalid memory allocation
in q6asm_audio_client_buf_free_contiguous.
Added check to return error if memory allocation size is 0.
Change-Id: I40f49aa147d513b29b56224a5ee77ccbb2dcc110
CRs-Fixed: 2285272
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Expected buffer size to read is 2 bytes.
Corrected the size check to return error
when count is not 2.
Change-Id: I43b572d191f6f98a8a790b5ae77b43fabcd7329a
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Payload size is not checked before payload access. Check size
to avoid out-of-boundary memory access.
Change-Id: Iaa39ee4ea5489bb5579e7b7d5dfada12d88c5809
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Check if payload data is big enough before accessing
the data in it.
Change-Id: I939f205a8cebf6ef4859f81fae5429bca013d540
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Token from DSP might be invalid for array index. Validate
the token before being used as array index.
Change-Id: I9f47e1328d75d9f9acf7e85ddb452019b6eced0a
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Validate buffer index obtained from ADSP token before using it.
CRs-Fixed: 2372302
Change-Id: I5c3b1634bd08b516844638dd67f726a882edfc17
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Payload size validity is not checked before using it in array index.
Check payload size to avoid out-of-boundary memory.
Change-Id: Ic0b06bb331fc1753ff7543bb218ab12d6a4a3ca8
Signed-off-by: Kunlei Zhang <kunleiz@codeaurora.org>
Check the size of ADSP payload before accessing it.
CRs-Fixed: 2380694
Change-Id: I52e74e5a86499ea61f8426f767948ce940d4d59c
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Check buffer size in qdsp_cvs_callback before access in
ul_pkt.
Change-Id: Ic19994b46086709231656ec747d2df988b7a512f
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
With commit f6896ad1b5966405e87ef668922cadddad52f2eb, an incorrectly ordered
memset() command was present. This causes compilation to fail on GCC 5+.
Fix the order of the passed parameters to properly set requested memory.
BUG=38500815
TEST= Kernel compiles and boots bullhead.
Change-Id: Ic7cc759bb19385ad6839d2003358c7ead6df94be
Tested-by: Aun-Ali Zaidi <admin@kodeit.net>
Signed-off-by: Aun-Ali Zaidi <admin@kodeit.net>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Currently we set CONFIG_CC_OPTIMIZE_FOR_SIZE which suppressed the compiler
warning of unused variables which can lead undefined behavior e.g. memory
corruption and panic. See https://lkml.org/lkml/2013/3/25/347.
This patch fixes all the uninitilized variables in kernel
Bug: 33353384
Test: On device
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I0ae1082f447b435d71156d471878ba71aa16c378
Send compress data by q6asm_run callback when user resumes music,
if the write_done event has been callback at offload pause state.
Bug: 30101878
Signed-off-by: Eric Laurent <elaurent@google.com>
Add pointer validation checks to prevent sending
invalid handles to ADSP as part of unmap memory
regions command.
CRs-Fixed: 1018367
Change-Id: I0dfb2fccb4414ed82ee10d73576fda66a273043d
Signed-off-by: Karthik Reddy Katta <a_katta@codeaurora.org>
Use smaller fragment sizes at DSP interface than at
user space interface.
This allows to write earlier to the DSP without waiting for
a full user space fragement in case of underrun or gapless
transition.
Bug: 28545177
Signed-off-by: Eric Laurent <elaurent@google.com>
Change the HW delay debug print so it does not
seem like an error. Adds comments in the code
describing the HW delay feature.
Change-Id: I0955623a7bdb0f4180c908ba079cf6f900e496a5
Signed-off-by: Ben Romberger <bromberg@codeaurora.org>
Add range check to make sure the received audio port index
from ADSP is within the valid range.
Change-Id: Ief647df1659f7f349a843f666d8f92f34a9a43be
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
ac could get freed during the execution of q6asm_callback.
And kernel panic happens. Add spinlock to protect ac to avoid
kernel panic.
Change-Id: Ie49c8a3979231552ba7d5f207aab0d95ffdc2a72
Signed-off-by: Meng Wang <mwang@codeaurora.org>
Check for debugfs ops buf size passed before reading
to eliminate the possibility of reading out of bounds.
Bug: 77528653
Change-Id: I28fd60ce93256b6b0bad62b449092a891cc15463
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Set freed pointers to NULL to avoid double free
in msm_compr_playback_open and msm_compr_playback_free
functions of the compress driver.
CRs-Fixed: 2142216
Change-Id: Ifd011dd85dd9f610c7b69dd460f73d26e006cd66
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
Add size check to ensure cal data bytes size fits inside
the cal date when copying to user space buffer.
CRs-Fixed: 2110256
Change-Id: I511999984684a9db4aaf1cf2c65eb1495c36980f
Signed-off-by: kunleiz <kunleiz@codeaurora.org>
Fix access of a dangling pointer by assigning it to NULL.
CRs-Fixed: 2096407
Change-Id: I22c1d55ea611ac59cdca51924787f6831bad8c2b
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
A copy_from_user is not always expected to succeed. Therefore, check
for an error before operating on the buffer post copy.
CRs-Fixed: 1116070
Change-Id: I21032719e6e85f280ca0cda875c84ac8dee8916b
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Before calling audio calibration ioctl functions, compare the
allocated buffer size to the size of the header and cal type header
to ensure the buffer is big enough.
Change-Id: I601bb37ddcc34d459c207cf579f29744fe912d7b
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
msm-compr-q6-v2.c and msm-compr-q6-v2.h are no longer used.
CRs-Fixed: 2022953
Change-Id: I856d90a212a3e123a2c8b80092aff003f7c608c7
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
In the ioctl function, driver allocates memory to store data
internally before calling copy_to_user to copy data to user-space.
It is possible that kernel internal information can be leaked to
user space through this if the allocated memory is not completely
overwritten with valid data. Use kzalloc to fix this.
CRs-fixed: 2026045
Change-Id: I754ae2157034a135aaca4a15badf10d2567b7ed6
Signed-off-by: Bhalchandra Gajare <gajare@codeaurora.org>
Set address to NULL on error to ensure a stale address is not used.
CRs-Fixed: 2038685
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Change-Id: I17e7b7b404625d21721b2466e70fa8be2370b517
Eagle driver is not in use any more.
Remove the code and associated calls
to it.
CRs-Fixed: 1103106
Change-Id: Ice5333861beda9538f0783b70b3267523d16fd2b
Signed-off-by: Alexy Joseph <alexyj@codeaurora.org>
Pointer after kfree is not sanitized.
Set pointer to NULL.
CRs-Fixed: 2008031
Change-Id: Ia59a57fcd142a6ed18d168992b8da4019314afa4
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Add out of bounds check in routing put functions
for the mux value before accessing the texts
pointer of soc_enum struct with mux as index.
CRs-fixed: 1097569
Change-Id: Ib9ef8d398f0765754b0f79666963fac043b66077
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
If two ioctls are triggered with different commands,
there is a possibility to access freed confidence level
memory. To resolve this acquire lock in ioctl.
Also release mutex lock properly in error cases.
CRs-Fixed: 1103085
Change-Id: I7d6b2eff21c8297e5f0755a0c141254be32f777d
Signed-off-by: Yeleswarapu Nagaradhesh <nagaradh@codeaurora.org>
