Merge branch 'android-msm-bullhead-3.10-oc' into android-msm-bullhead-3.10android-8.1.0_r0.21 android-8.1.0_r0.17

January 2018.1 Bug: 68996203 Change-Id: I8d8fde2ad141ecfc2ecf072b32aa4299c4935b80 Signed-off-by: Patrick Tjin <pattjin@google.com>
author: Patrick Tjin <pattjin@google.com> 2017-11-20 10:36:44 -0800
committer: Patrick Tjin <pattjin@google.com> 2017-11-20 10:36:44 -0800
commit: e39482cf7ffe570d38b12eea210caad1af03df98 (patch)
tree: f4fcd13835487ffee02d7a4f67d5ea1c0e78076b
parent: 7d1e90244638906341cd548ac840e92721d824a4 (diff)
parent: a896f83eec05962c1052cf96e68561912f0c68dd (diff)
13 files changed, 168 insertions, 44 deletions
diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h
index 72674f4c3871..59aae93ab823 100644
--- a/arch/arm64/include/asm/esr.h
+++ b/arch/arm64/include/asm/esr.h
@@ -54,4 +54,44 @@
 #define ESR_EL1_EC_BKPT32	(0x38)
 #define ESR_EL1_EC_BRK64	(0x3C)
 
+/* ISS field definitions for System instruction traps */
+#define ESR_ELx_SYS64_ISS_RES0_SHIFT	22
+#define ESR_ELx_SYS64_ISS_RES0_MASK	(UL(0x7) << ESR_ELx_SYS64_ISS_RES0_SHIFT)
+#define ESR_ELx_SYS64_ISS_DIR_MASK	0x1
+#define ESR_ELx_SYS64_ISS_DIR_READ	0x1
+#define ESR_ELx_SYS64_ISS_DIR_WRITE	0x0
+
+#define ESR_ELx_SYS64_ISS_RT_SHIFT	5
+#define ESR_ELx_SYS64_ISS_RT_MASK	(UL(0x1f) << ESR_ELx_SYS64_ISS_RT_SHIFT)
+#define ESR_ELx_SYS64_ISS_CRM_SHIFT	1
+#define ESR_ELx_SYS64_ISS_CRM_MASK	(UL(0xf) << ESR_ELx_SYS64_ISS_CRM_SHIFT)
+#define ESR_ELx_SYS64_ISS_CRN_SHIFT	10
+#define ESR_ELx_SYS64_ISS_CRN_MASK	(UL(0xf) << ESR_ELx_SYS64_ISS_CRN_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP1_SHIFT	14
+#define ESR_ELx_SYS64_ISS_OP1_MASK	(UL(0x7) << ESR_ELx_SYS64_ISS_OP1_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP2_SHIFT	17
+#define ESR_ELx_SYS64_ISS_OP2_MASK	(UL(0x7) << ESR_ELx_SYS64_ISS_OP2_SHIFT)
+#define ESR_ELx_SYS64_ISS_OP0_SHIFT	20
+#define ESR_ELx_SYS64_ISS_OP0_MASK	(UL(0x3) << ESR_ELx_SYS64_ISS_OP0_SHIFT)
+#define ESR_ELx_SYS64_ISS_SYS_MASK	(ESR_ELx_SYS64_ISS_OP0_MASK | \
+					 ESR_ELx_SYS64_ISS_OP1_MASK | \
+					 ESR_ELx_SYS64_ISS_OP2_MASK | \
+					 ESR_ELx_SYS64_ISS_CRN_MASK | \
+					 ESR_ELx_SYS64_ISS_CRM_MASK)
+#define ESR_ELx_SYS64_ISS_SYS_VAL(op0, op1, op2, crn, crm) \
+					(((op0) << ESR_ELx_SYS64_ISS_OP0_SHIFT) | \
+					 ((op1) << ESR_ELx_SYS64_ISS_OP1_SHIFT) | \
+					 ((op2) << ESR_ELx_SYS64_ISS_OP2_SHIFT) | \
+					 ((crn) << ESR_ELx_SYS64_ISS_CRN_SHIFT) | \
+					 ((crm) << ESR_ELx_SYS64_ISS_CRM_SHIFT))
+
+#define ESR_ELx_SYS64_ISS_SYS_OP_MASK	(ESR_ELx_SYS64_ISS_SYS_MASK | \
+					 ESR_ELx_SYS64_ISS_DIR_MASK)
+
+#define ESR_ELx_SYS64_ISS_SYS_CNTVCT	(ESR_ELx_SYS64_ISS_SYS_VAL(3, 3, 2, 14, 0) | \
+					 ESR_ELx_SYS64_ISS_DIR_READ)
+
+#define ESR_ELx_SYS64_ISS_SYS_CNTFRQ	(ESR_ELx_SYS64_ISS_SYS_VAL(3, 3, 0, 14, 0) | \
+					 ESR_ELx_SYS64_ISS_DIR_READ)
+
 #endif /* __ASM_ESR_H */
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 1580951fb3c2..2e32bb0a17cf 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -377,7 +377,7 @@ el0_sync:
 	cmp	x24, #ESR_EL1_EC_FP_EXC64	// FP/ASIMD exception
 	b.eq	el0_fpsimd_exc
 	cmp	x24, #ESR_EL1_EC_SYS64		// configurable trap
-	b.eq	el0_undef
+	b.eq	el0_sys
 	cmp	x24, #ESR_EL1_EC_SP_ALIGN	// stack alignment exception
 	b.eq	el0_sp_pc
 	cmp	x24, #ESR_EL1_EC_PC_ALIGN	// pc alignment exception
@@ -490,6 +490,15 @@ el0_undef:
 	enable_dbg_and_irq
 	mov	x0, sp
 	b	do_undefinstr
+el0_sys:
+	/*
+	 * System instructions, for trapped cache maintenance instructions
+	 */
+	enable_dbg
+	enable_irq
+	mov	x0, x25
+	mov	x1, sp
+	b	do_sysinstr
 el0_dbg:
 	/*
 	 * Debug exception handling
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 619344d6f2bd..8c2cdcc1e53b 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -32,8 +32,11 @@
 #include <linux/sched.h>
 #include <linux/syscalls.h>
 
+#include <asm/arch_timer.h>
 #include <asm/atomic.h>
+#include <asm/barrier.h>
 #include <asm/debug-monitors.h>
+#include <asm/esr.h>
 #include <asm/traps.h>
 #include <asm/stacktrace.h>
 #include <asm/exception.h>
@@ -381,6 +384,38 @@ die_sig:
 	arm64_notify_die("Oops - undefined instruction", regs, &info, 0);
 }
 
+static void cntvct_read_handler(unsigned int esr, struct pt_regs *regs)
+{
+	int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
+
+	isb();
+	if (rt != 31)
+		regs->regs[rt] = arch_counter_get_cntvct();
+	regs->pc += 4;
+}
+
+static void cntfrq_read_handler(unsigned int esr, struct pt_regs *regs)
+{
+	int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
+
+	if (rt != 31)
+		asm volatile("mrs %0, cntfrq_el0" : "=r" (regs->regs[rt]));
+	regs->pc += 4;
+}
+
+asmlinkage void __exception do_sysinstr(unsigned int esr, struct pt_regs *regs)
+{
+	if ((esr & ESR_ELx_SYS64_ISS_SYS_OP_MASK) == ESR_ELx_SYS64_ISS_SYS_CNTVCT) {
+		cntvct_read_handler(esr, regs);
+		return;
+	} else if ((esr & ESR_ELx_SYS64_ISS_SYS_OP_MASK) == ESR_ELx_SYS64_ISS_SYS_CNTFRQ) {
+		cntfrq_read_handler(esr, regs);
+		return;
+	}
+
+	do_undefinstr(regs);
+}
+
 long compat_arm_syscall(struct pt_regs *regs);
 
 asmlinkage long do_ni_syscall(struct pt_regs *regs)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f497c7c..bb68c92e68c6 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -441,13 +441,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
 		char __user *from = iov->iov_base;
 
 		while (seglen) {
-			sgl = list_first_entry(&ctx->tsgl,
-					       struct skcipher_sg_list, list);
-			sg = sgl->sg;
-
-			while (!sg->length)
-				sg++;
-
 			used = ctx->used;
 			if (!used) {
 				err = skcipher_wait_for_data(sk, flags);
@@ -469,6 +462,13 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
 			if (!used)
 				goto free;
 
+			sgl = list_first_entry(&ctx->tsgl,
+					       struct skcipher_sg_list, list);
+			sg = sgl->sg;
+
+			while (!sg->length)
+				sg++;
+
 			ablkcipher_request_set_crypt(&ctx->req, sg,
 						     ctx->rsgl.sg, used,
 						     ctx->iv);
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 44f318011ad0..f5ed8007247b 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -1894,6 +1894,9 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num,
 						sizeof(init)));
 		if (err)
 			goto bail;
+		VERIFY(err, init.filelen >= 0 && init.memlen >= 0);
+		if (err)
+			goto bail;
 		VERIFY(err, 0 == fastrpc_init_process(fdata, &init));
 		if (err)
 			goto bail;
diff --git a/drivers/clocksource/Kconfig b/drivers/clocksource/Kconfig
index 593485b02ee5..b1de73fde72a 100644
--- a/drivers/clocksource/Kconfig
+++ b/drivers/clocksource/Kconfig
@@ -82,6 +82,14 @@ config ARM_ARCH_TIMER_EVTSTREAM
 	  This must be disabled for hardware validation purposes to detect any
 	  hardware anomalies of missing events.
 
+config ARM_ARCH_TIMER_VCT_ACCESS
+	bool "Support for ARM architected timer virtual counter access in userspace"
+	default n
+	depends on ARM_ARCH_TIMER
+	help
+	  This option enables support for reading the ARM architected timer's
+	  virtual counter in userspace.
+
 config CLKSRC_METAG_GENERIC
 	def_bool y if METAG
 	help
diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
index 1bdf38aab486..66797216f58f 100644
--- a/drivers/clocksource/arm_arch_timer.c
+++ b/drivers/clocksource/arm_arch_timer.c
@@ -320,7 +320,10 @@ static void arch_counter_set_user_access(void)
 			| ARCH_TIMER_USR_PCT_ACCESS_EN);
 
 	/* Enable user access to the virtual counter */
-	cntkctl |= ARCH_TIMER_USR_VCT_ACCESS_EN;
+	if (IS_ENABLED(CONFIG_ARM_ARCH_TIMER_VCT_ACCESS))
+		cntkctl |= ARCH_TIMER_USR_VCT_ACCESS_EN;
+	else
+		cntkctl &= ~ARCH_TIMER_USR_VCT_ACCESS_EN;
 
 	arch_timer_set_cntkctl(cntkctl);
 }
diff --git a/drivers/input/touchscreen/synaptics_rmi_dev.c b/drivers/input/touchscreen/synaptics_rmi_dev.c
index e7c19d00c054..ff147784c89a 100644
--- a/drivers/input/touchscreen/synaptics_rmi_dev.c
+++ b/drivers/input/touchscreen/synaptics_rmi_dev.c
@@ -73,19 +73,19 @@ struct rmidev_data {
 };
 
 static struct device_attribute attrs[] = {
-	__ATTR(open, S_IWUSR | S_IWGRP,
+	__ATTR(open, S_IWUSR,
 			NULL,
 			rmidev_sysfs_open_store),
-	__ATTR(release, S_IWUSR | S_IWGRP,
+	__ATTR(release, S_IWUSR,
 			NULL,
 			rmidev_sysfs_release_store),
-	__ATTR(address, S_IWUSR | S_IWGRP,
+	__ATTR(address, S_IWUSR,
 			NULL,
 			rmidev_sysfs_address_store),
-	__ATTR(length, S_IWUSR | S_IWGRP,
+	__ATTR(length, S_IWUSR,
 			NULL,
 			rmidev_sysfs_length_store),
-	__ATTR(data, (S_IWUSR | S_IWGRP),
+	__ATTR(data, S_IWUSR,
 			rmidev_sysfs_data_show,
 			rmidev_sysfs_data_store),
 };
diff --git a/drivers/mfd/wcd9xxx-core.c b/drivers/mfd/wcd9xxx-core.c
index 2f31f24ca496..7c2054b2c048 100644
--- a/drivers/mfd/wcd9xxx-core.c
+++ b/drivers/mfd/wcd9xxx-core.c
@@ -2101,19 +2101,19 @@ static int wcd9xxx_slim_probe(struct slim_device *slim)
 		("wcd9xxx_core", 0);
 	if (!IS_ERR(debugfs_wcd9xxx_dent)) {
 		debugfs_peek = debugfs_create_file("slimslave_peek",
-		S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+		S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
 		(void *) "slimslave_peek", &codec_debug_ops);
 
 		debugfs_poke = debugfs_create_file("slimslave_poke",
-		S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+		S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
 		(void *) "slimslave_poke", &codec_debug_ops);
 
 		debugfs_power_state = debugfs_create_file("power_state",
-		S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+		S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
 		(void *) "power_state", &codec_debug_ops);
 
 		debugfs_reg_dump = debugfs_create_file("slimslave_reg_dump",
-		S_IFREG | S_IRUGO, debugfs_wcd9xxx_dent,
+		S_IFREG | S_IRUSR, debugfs_wcd9xxx_dent,
 		(void *) "slimslave_reg_dump", &codec_debug_ops);
 	}
 #endif
diff --git a/drivers/soc/qcom/msm_glink_pkt.c b/drivers/soc/qcom/msm_glink_pkt.c
index 946c82e0d2b1..d29b4c0812e3 100644
--- a/drivers/soc/qcom/msm_glink_pkt.c
+++ b/drivers/soc/qcom/msm_glink_pkt.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2015, 2017 The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -78,7 +78,7 @@ struct glink_pkt_dev {
 
 	wait_queue_head_t ch_read_wait_queue;
 	struct list_head pkt_list;
-	struct mutex pkt_list_lock;
+	spinlock_t pkt_list_lock;
 
 	struct wakeup_source pa_ws;	/* Packet Arrival Wakeup Source */
 	struct work_struct packet_arrival_work;
@@ -147,7 +147,7 @@ module_param_named(debug_mask, msm_glink_pkt_debug_mask,
 		int, S_IRUGO | S_IWUSR | S_IWGRP);
 
 static void glink_pkt_queue_rx_intent_worker(struct work_struct *work);
-
+static bool glink_pkt_read_avail(struct glink_pkt_dev *devp);
 
 #define DEBUG
 
@@ -228,7 +228,7 @@ void glink_pkt_notify_rx(void *handle, const void *priv,
 	GLINK_PKT_INFO("%s(): priv[%p] data[%p] size[%zu]\n",
 		   __func__, pkt_priv, (char *)ptr, size);
 
-	pkt = kzalloc(sizeof(struct glink_rx_pkt), GFP_KERNEL);
+	pkt = kzalloc(sizeof(*pkt), GFP_ATOMIC);
 	if (!pkt) {
 		GLINK_PKT_ERR("%s: memory allocation failed\n", __func__);
 		return;
@@ -237,9 +237,9 @@ void glink_pkt_notify_rx(void *handle, const void *priv,
 	pkt->data = ptr;
 	pkt->pkt_priv = pkt_priv;
 	pkt->size = size;
-	mutex_lock(&devp->pkt_list_lock);
+	spin_lock_irqsave(&devp->pkt_list_lock, flags);
 	list_add_tail(&pkt->list, &devp->pkt_list);
-	mutex_unlock(&devp->pkt_list_lock);
+	spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 
 	spin_lock_irqsave(&devp->pa_spinlock, flags);
 	__pm_stay_awake(&devp->pa_ws);
@@ -348,6 +348,24 @@ static void glink_pkt_queue_rx_intent_worker(struct work_struct *work)
 }
 
 /**
+ * glink_pkt_read_avail() - check any pending packets to read
+ * devp:	pointer to G-Link packet device.
+ *
+ * This function is used to check any pending data packets are
+ * available to read or not.
+ */
+static bool glink_pkt_read_avail(struct glink_pkt_dev *devp)
+{
+	bool list_is_empty;
+	unsigned long flags;
+
+	spin_lock_irqsave(&devp->pkt_list_lock, flags);
+	list_is_empty = list_empty(&devp->pkt_list);
+	spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
+	return !list_is_empty;
+}
+
+/**
  * glink_pkt_read() - read() syscall for the glink_pkt device
  * file:	Pointer to the file structure.
  * buf:	Pointer to the userspace buffer.
@@ -384,8 +402,13 @@ ssize_t glink_pkt_read(struct file *file,
 		__func__, devp->i, count);
 
 	ret = wait_event_interruptible(devp->ch_read_wait_queue,
-				     !devp->handle ||
-				     !list_empty(&devp->pkt_list));
+				     !devp->handle || devp->in_reset ||
+				     glink_pkt_read_avail(devp));
+	if (devp->in_reset) {
+		GLINK_PKT_ERR("%s: notifying reset for glink_pkt_dev id:%d\n",
+			__func__, devp->i);
+		return -ENETRESET;
+	}
 	if (!devp->handle) {
 		GLINK_PKT_ERR("%s on a closed glink_pkt_dev id:%d\n",
 			__func__, devp->i);
@@ -401,15 +424,16 @@ ssize_t glink_pkt_read(struct file *file,
 		return ret;
 	}
 
+	spin_lock_irqsave(&devp->pkt_list_lock, flags);
 	pkt = list_first_entry(&devp->pkt_list, struct glink_rx_pkt, list);
-
 	if (pkt->size > count) {
 		GLINK_PKT_ERR("%s: Small Buff on dev Id:%d-[%zu > %zu]\n",
 				__func__, devp->i, pkt->size, count);
+		spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 		return -ETOOSMALL;
 	}
-
 	list_del(&pkt->list);
+	spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 
 	ret = copy_to_user(buf, pkt->data, pkt->size);
 	BUG_ON(ret != 0);
@@ -420,7 +444,7 @@ ssize_t glink_pkt_read(struct file *file,
 
 	mutex_lock(&devp->ch_lock);
 	spin_lock_irqsave(&devp->pa_spinlock, flags);
-	if (devp->poll_mode && list_empty(&devp->pkt_list)) {
+	if (devp->poll_mode && !glink_pkt_read_avail(devp)) {
 		__pm_relax(&devp->pa_ws);
 		devp->ws_locked = 0;
 		devp->poll_mode = 0;
@@ -516,7 +540,7 @@ static unsigned int glink_pkt_poll(struct file *file, poll_table *wait)
 		return POLLERR;
 	}
 
-	if (!list_empty(&devp->pkt_list)) {
+	if (glink_pkt_read_avail(devp)) {
 		mask |= POLLIN | POLLRDNORM;
 		GLINK_PKT_INFO("%s sets POLLIN for glink_pkt_dev id: %d\n",
 			__func__, devp->i);
@@ -565,6 +589,7 @@ static int glink_pkt_mmap(struct file *file, struct vm_area_struct *vma)
 	struct glink_rx_pkt *pkt = NULL;
 	unsigned long pfn;
 	unsigned long size;
+	unsigned long flags;
 	void *data = NULL;
 
 	devp = file->private_data;
@@ -579,7 +604,7 @@ static int glink_pkt_mmap(struct file *file, struct vm_area_struct *vma)
 
 	GLINK_PKT_INFO("%s: on glink_pkt_dev id[%d]\n", __func__, devp->i);
 
-	if (list_empty(&devp->pkt_list)) {
+	if (!glink_pkt_read_avail(devp)) {
 		GLINK_PKT_ERR("%s: No Rx data on id[%d]\n", __func__, devp->i);
 		return -EAGAIN; /* No DATA */
 	}
@@ -591,6 +616,7 @@ static int glink_pkt_mmap(struct file *file, struct vm_area_struct *vma)
 	}
 	info->handle = devp->handle;
 
+	spin_lock_irqsave(&devp->pkt_list_lock, flags);
 	pkt = list_first_entry(&devp->pkt_list, struct glink_rx_pkt, list);
 	data = (void *)pkt->data;
 	info->buf = (void *)pkt->data;
@@ -598,6 +624,7 @@ static int glink_pkt_mmap(struct file *file, struct vm_area_struct *vma)
 	if ((pkt->size < PAGE_SIZE) && ((unsigned long)data & ~PAGE_MASK)) {
 		data = kzalloc(PAGE_SIZE, GFP_KERNEL);
 		if (!data) {
+			spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 			GLINK_PKT_ERR("%s: data Memory allocation failed\n",
 					__func__);
 			return -ENOMEM;
@@ -614,11 +641,13 @@ static int glink_pkt_mmap(struct file *file, struct vm_area_struct *vma)
 	vma->vm_ops = &glink_pkt_vm_ops;
 	if (remap_pfn_range(vma, vma->vm_start, pfn,
 			size, vma->vm_page_prot)) {
+		spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 		GLINK_PKT_ERR("%s: Remap failed\n", __func__);
 		return -EAGAIN;
 	}
 
 	list_del(&pkt->list);
+	spin_unlock_irqrestore(&devp->pkt_list_lock, flags);
 	kfree(pkt);
 	return 0;
 }
@@ -711,8 +740,7 @@ int glink_pkt_open(struct inode *inode, struct file *file)
 				devp->open_cfg.edge, devp->open_cfg.name);
 			ret = -ENODEV;
 		}
-		wakeup_source_init(&devp->pa_ws, devp->open_cfg.name);
-		INIT_WORK(&devp->packet_arrival_work, packet_arrival_worker);
+		wakeup_source_init(&devp->pa_ws, devp->dev_name);
 	}
 	devp->ref_cnt++;
 	mutex_unlock(&devp->ch_lock);
@@ -792,7 +820,8 @@ static int glink_pkt_init_add_device(struct glink_pkt_dev *devp, int i)
 	init_waitqueue_head(&devp->ch_read_wait_queue);
 	spin_lock_init(&devp->pa_spinlock);
 	INIT_LIST_HEAD(&devp->pkt_list);
-	mutex_init(&devp->pkt_list_lock);
+	spin_lock_init(&devp->pkt_list_lock);
+	INIT_WORK(&devp->packet_arrival_work, packet_arrival_worker);
 
 	cdev_init(&devp->cdev, &glink_pkt_fops);
 	devp->cdev.owner = THIS_MODULE;
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index f13aab21da4a..f39983c87c29 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -672,10 +672,12 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		break;
 	case ASHMEM_SET_SIZE:
 		ret = -EINVAL;
+		mutex_lock(&ashmem_mutex);
 		if (!asma->file) {
 			ret = 0;
 			asma->size = (size_t) arg;
 		}
+		mutex_unlock(&ashmem_mutex);
 		break;
 	case ASHMEM_GET_SIZE:
 		ret = asma->size;
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c
index ecd9fc559367..1be32f0da270 100755
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c
@@ -1302,7 +1302,7 @@ static int hdd_parse_setrmcenable_command(tANI_U8 *pValue, tANI_U8 *pRmcEnable)
         return 0;
     }
 
-    sscanf(inPtr, "%32s ", buf);
+    sscanf(inPtr, "%31s ", buf);
     v = kstrtos32(buf, 10, &tempInt);
     if ( v < 0)
     {
@@ -1346,7 +1346,7 @@ static int hdd_parse_setrmcactionperiod_command(tANI_U8 *pValue,
         return 0;
     }
 
-    sscanf(inPtr, "%32s ", buf);
+    sscanf(inPtr, "%31s ", buf);
     v = kstrtos32(buf, 10, &tempInt);
     if ( v < 0)
     {
diff --git a/mm/migrate.c b/mm/migrate.c
index 9fe247a6df4a..f9c473c263ad 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -37,6 +37,7 @@
 #include <linux/gfp.h>
 #include <linux/balloon_compaction.h>
 #include <trace/events/kmem.h>
+#include <linux/ptrace.h>
 
 #include <asm/tlbflush.h>
 
@@ -1383,7 +1384,6 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
 		const int __user *, nodes,
 		int __user *, status, int, flags)
 {
-	const struct cred *cred = current_cred(), *tcred;
 	struct task_struct *task;
 	struct mm_struct *mm;
 	int err;
@@ -1407,14 +1407,9 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
 
 	/*
 	 * Check if this process has the right to modify the specified
-	 * process. The right exists if the process has administrative
-	 * capabilities, superuser privileges or the same
-	 * userid as the target process.
+	 * process. Use the regular "ptrace_may_access()" checks.
 	 */
-	tcred = __task_cred(task);
-	if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
-	    !uid_eq(cred->uid,  tcred->suid) && !uid_eq(cred->uid,  tcred->uid) &&
-	    !capable(CAP_SYS_NICE)) {
+	if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
 		rcu_read_unlock();
 		err = -EPERM;
 		goto out;
author	Patrick Tjin <pattjin@google.com>	2017-11-20 10:36:44 -0800
committer	Patrick Tjin <pattjin@google.com>	2017-11-20 10:36:44 -0800
commit	e39482cf7ffe570d38b12eea210caad1af03df98 (patch)
tree	f4fcd13835487ffee02d7a4f67d5ea1c0e78076b
parent	7d1e90244638906341cd548ac840e92721d824a4 (diff)
parent	a896f83eec05962c1052cf96e68561912f0c68dd (diff)