PD#SWPL-5395
Problem:
sm1 support double-edge trigger, current code do not support.
Solution:
add relatvie bitmask to support this function.
Verify:
ptm & sm1_skt
Change-Id: I48ebc9b38db868f946c49b6fd5f98d427b2669df
Signed-off-by: Qianggui Song <qianggui.song@amlogic.com>
PD#SWPL-6193
Problem:
ramdump need write compressed data to persist storage device.
But if we write it under uboot, it may cause journal and block
bitmap mismatch due to different version of file system. This
caused kernel panic after ramdump finished.
Solution:
Write compressed data under kernel.
This change also removed some extern function of ramdump since
we use sticky register to store ramdump information.
Verify:
p212
Change-Id: Idd83ec6ead4783918b90a39cf716fd3117402278
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#SWPL-9471
Problem:
it will hangup when play 3D game for a long time
Solution:
using the origin clk-mux ops to register cpu clock
Verify:
test passed on x301
Change-Id: I1b977e3a9559ef5f376d4cb8a4735e943c07f525
Signed-off-by: Jian Hu <jian.hu@amlogic.com>
PD#SWPL-15143
Problem:
userspace program use the write() syscall to write the node.
when write the strlen() length content, it will fail.
Solution:
use the buf[size] to instead of buf[size-1]
Verify:
U200
Change-Id: I886d9a1cbf3da459476bca76c9a5708ecbc20afe
Signed-off-by: Ao Xu <ao.xu@amlogic.com>
PD#SWPL-11059
Problem:
gamma setting in DRM
Solution:
merge commit related to gamma
Author: Ao Xu <ao.xu@amlogic.com>
Date: Tue Oct 30 19:18:21 2018 +0800
drm: add meson private property gamma_lut
When setting CTM, gamma is also set again.
Setting gamma frequently will lead to visual glitches.
Add a private value to record whether
gamma_lut blob is changed.
Bug: b/113682067
Test: Ran on device and changed gamma to verify there are no glitches
Author: Fergus Simpson <afergs@google.com>
Date: Fri Aug 10 13:18:36 2018 -0700
[Estelle] Enable top/bottom color clamping
Modifies amvecm's color clipping to allow either the lower or upper
limit to be set. This sets clipping registers that hold the top and
bottom 10-bit clipping values for each color channel.
This does not cause the artifacts that we've been seeing while trying
enable the gamma tables.
Usage (set a clip of 32/255):
echo 20080020 > /sys/class/amvecm/color_bottom
Bug: 109942195
Test: Flashed to device and tested with a internal changes that use the
registers.
Author: Frank Chen <frank.chen@amlogic.com>
Date: Wed Aug 8 15:21:17 2018 +0800
remove gamma_enable in am_meson_crtc_create
Verify:
verify by u200
Change-Id: I4221b3b4671516e7afd4dea14ce3cd71b4b66433
Signed-off-by: Dezhi Kong <dezhi.kong@amlogic.com>
PD#SWPL-11320
Problem:
current gem driver have not implementted the import interface.
For drm-hwc in android, gralloc allocate the dumb buffer, it
should use the import interface to import the allocated buffer
to the drm driver.
Solution:
implement the gem import interface
Verify:
g12a-u200
Change-Id: I32f7705fd67853a1000875b2af69fcaf700330e1
Signed-off-by: Ao Xu <ao.xu@amlogic.com>
PD#SWPL-7987
Problem:
TL1 DRM support
Solution:
add TL1 DRM support
Verify:
t962x2_x301
Change-Id: Ibc8ff641f42c0a416e80c3a420c1d808e0ad8b26
Signed-off-by: Dezhi Kong <dezhi.kong@amlogic.com>
PD#SWPL-4866
Problem:
1. The old implement not support atomic. (the atomic check on am_meson
hdmi.c will disable CP,The set property function will not reached when
use atomic set CP)
2. The hdcp work kthread start and terminal not match cause coredump.
Problem:
need add hdcp function.
Solution:
Start hdcp work when the encoder enabled.stop when encoder disabled.
modified hdcp work state machine.
Verify:
On u212 drm backend, use drm-helper-client to set CP property.
need enable atomic on wayland.based on below CL
http://scgit.amlogic.com:8080/#/c/78810/1http://scgit.amlogic.com:8080/#/c/78804/2http://scgit.amlogic.com:8080/#/c/78811/1
Change-Id: If213b7def89ff1f1ec63b866a21a3323e098786f
Signed-off-by: lingjie li <lingjie.li@amlogic.com>
PD#SWPL-12289
Problem:
drm driver has no debug sysfs file
Solution:
add follow sysfs node
1. dump the osd register
/sys/kernel/debug/dri/%minor%/vpu/reg_dump
2. dump the gem buffer image
/sys/kernel/debug/dri/%minor%/vpu/dump
3. set the gem buffer image store path
/sys/kernel/debug/dri/%minor%/vpu/imgpath
4. set 1 to disable the osd plane
/sys/kernel/debug/dri/%minor%/vpu/blank
Verify:
g12a-u200
Change-Id: I10746d65b09d3b530dc22720b8cee669fa120dde
Signed-off-by: Ao Xu <ao.xu@amlogic.com>
PD#SWPL-13092
Problem:
drm driver has no drm support
Solution:
add afbc block support
Verify:
g12a-u200
Change-Id: If2e57b63032e9f93be800bda652b80e560163231
Signed-off-by: Ao Xu <ao.xu@amlogic.com>
PD#SWPL-8061
Problem:
SM1 support
Solution:
add sm1 support
Verify:
verify by ac200 with modetest command
Change-Id: Id79f227afa7f7dbcaad09887f8bdbd1f64b93c4a
Signed-off-by: Dezhi Kong <dezhi.kong@amlogic.com>
PD#SWPL-9646
Problem:
unsupport multi-layer
Solution:
add multi-layer support
Verify:
verify by w400 with modetest command
Change-Id: I5cd50761d2ab9cfff0f80d38e20455044c7a33fd
Signed-off-by: Dezhi Kong <dezhi.kong@amlogic.com>
PD#SWPL-7872
Problem:
TM2 special case , vd2 afbc can't work on TM2
Solution:
Process bl+el as SDR on TM2
Verify:
T962e2
Change-Id: I2433b72c4b5548e75665aba9623a29cd5f12d202
Signed-off-by: yao liu <yao.liu@amlogic.com>
PD#TV-1586
Problem:
no atv format get func
Solution:
Add atv format get func
Verify:
verified by x301
Change-Id: Ia43d5a67370d2b025e1b32833a5408a5e7d251d4
Signed-off-by: Nian Jing <nian.jing@amlogic.com>
PD#TV-6007
Problem:
ATV scan range is not qualified
Solution:
1.change 0x128 from 0x140008 to 0x1f0008 for ntsc-m
2.support cutwindow adjust debug:
echo h index val >/sys/class/tvafe/tvafe0/cutwin
echo v index val >/sys/class/tvafe/tvafe0/cutwin
echo r >/sys/class/tvafe/tvafe0/cutwin
3.support cutwindow config in dts
Verify:
x301
Change-Id: Idc3a3e8857cea2462da6edcbbf4ffefab6d48f7b
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
PD#SWPL-13115
Problem:
Apk drop lots of frames before render
the first frame, in this case, omx_run
is false and no frames will render.
Decoder doesn't have free output buffer.
Solution:
Drop dv frames in video sync before render
the first frame if app want to drop.
Verify:
Verified on U212
Change-Id: I463619f658d7f78ad8d513e17ca78482e17b3a4e
Signed-off-by: yao liu <yao.liu@amlogic.com>
PD#SWPL-6397
Problem:
tm2 is a new chip
Solution:
add vpu driver support for tm2
Verify:
pxp
Change-Id: I19275c513b68fba8feced37f1ff8fca9bf48d395
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
PD#OTT-5603
Problem:
Configurate GPIO_AO 9 as mclk_0,it doesn't work.
Solution:
From SM1, the mclk pad register is changed.
Using standard clk tree to make it compitable.
Verify:
TM2, SM1.
Change-Id: I8d53296297536c90768495232570f33fc89db131
Signed-off-by: Shuai Li <shuai.li@amlogic.com>
PD#SWPL-4233
Problem:
3D framepacking mode display black screen
Solution:
Add vinfo 3d flag and hdmitx update
when work 3d mode
Verify:
U212
Change-Id: Ia2b7b25c9ed401dbec2c487ea2a5c6cc1e0d8b8d
Signed-off-by: Kaifu Hu <kaifu.hu@amlogic.com>
PD#TV-5482
Problem:
Image flicker for non-std avin,
because the force_nostd parameter is modified to a unsuitable value.
Solution:
remove force_nostd paramete,
add sysfs node support for force_nostd
Verify:
x301
Change-Id: Ic50a311c6b5a63bcbd1d56651713de5be60a38a2
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
PD#SWPL-6404
Problem:
KASAN error:global-out-of-bounds in nls_uniname_cmp
Solution:
Append "\0\0" to the string of UNI_CUR_DIR_NAME and UNI_PAR_DIR_NAME
Verify:
x301
Change-Id: Ic94e837ed7874d337207c31eedfc966b46ab8ecd
Signed-off-by: changqing.gao <changqing.gao@amlogic.com>
PD#SWPL-15901
Problem:
OTT-6792
upstream a45403b515
The extended attribute code now uses the crc32c checksum for hashing
purposes, so we should just always always initialize it. We also want
to prevent NULL pointer dereferences if one of the metadata checksum
features is enabled after the file sytsem is originally mounted.
This issue has been assigned CVE-2018-1094.
https://bugzilla.kernel.org/show_bug.cgi?id=199183https://bugzilla.redhat.com/show_bug.cgi?id=1560788
Solution:
Verify:
Change-Id: I30362945537ff4aa05fbf8e83dc52c25b3d24586
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#SWPL-15901
Problem:
In ext4_xattr_make_inode_space of xattr.c, there is a possible out-of-bounds
write due to improper input validation. This could lead to local escalation
of privilege in the kernel with no additional execution privileges needed.
User interaction is needed for exploitation.
Solution:
The fix is designed to never move system.data out of the inode.
Platform:
Raven
Verify:
Raven
Change-Id: I0820e6e84c8a5ab7d40d14ce14c11f9f8e1f9503
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#SWPL-15901
Problem:
In sdcardfs_open of file.c, there is a possible Use After Free
due to an unusual root cause. This could lead to local escalation
of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.
Solution:
The fix is designed to avoid the OVERRIDE_CRED macro in favor
of more explicit control flow.
Platform:
Raven
Verify:
Raven
Change-Id: Idab016c33c2dfbd9425533ed5c5501b671677572
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#OTT-6798
Problem:
ext4: zero out the unused memory region in the extent tree block
Solution:
This commit zeroes out the unused memory region in the buffer_head
corresponding to the extent metablock after writing the extent header
and the corresponding extent node entries.
This is done to prevent random uninitialized data from getting into
the filesystem when the extent block is synced.
This fixes CVE-2019-11833.
Verify:
Raven
Change-Id: I5c6aae01432f5517b539312507e59e8dfb9c25eb
Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#SWPL-6028
PD#SWPL-8535
Problem:
enable ftrce in ramoops for new dtbs
Solution:
enable ftrce in ramoops for new dtbs
Verify:
X301
Change-Id: If5db23ed5e37dcd2522229e5aa2ed31e78a75c48
Signed-off-by: Jianxin Pan <jianxin.pan@amlogic.com>
PD#SWPL-8759
Problem:
disable EAS on non-big-little platforms
Solution:
disable EAS on non-big-little platforms
Verify:
w400, u200
Change-Id: I11845def9efaa2e1da8fd30ac26daeb0dc47eda4
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#GH-134
Problem:
When freeze abort happen, it will lose device_unblock_probing(),
so device probe is blocked.
Solution:
When freeze abort happen, release device_block_probing
Verify:
SM1_S905D3_AC200
Change-Id: I3e591fe9ed392b6a4d30285817a91fbfec25336f
Signed-off-by: Qiufang Dai <qiufang.dai@amlogic.com>
PD#SWPL-16045
commit b2eb85b49a upstream
When there are no callbacks pending on an idle system, I noticed that
RCU softirq is continuously firing. During this the cpu_no_qs is set to
false, and core_needs_qs is set to true indefinitely. This causes
rcu_process_callbacks to be repeatedly called, even though the node
corresponding to the CPU has that CPU's mask bit cleared and the system
is idle. I believe the race is when such mask clearing is done during
idle CPU scan of the quiescent state forcing stage in the kthread
instead of the softirq. Since the rnp mask is cleared, but the flags on
the CPU's rdp are not cleared, the CPU thinks it still needs to report
to core RCU.
Cure this by clearing the core_needs_qs flag when the CPU detects that
its node is already updated which will avoid the unwanted softirq raises
to the benefit of real-time systems.
Test: Ran rcutorture for various tree RCU configs.
Change-Id: Ibf34014eabdb0105847e5e642348e32e4a6194a1
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#SWPL-7092
This reverts commit 68c4a4f8ab, with
various conflict clean-ups.
With the default root directory mode set to 0750 now, the capability
check was redundant.
Change-Id: If978c34cef8345b0ba67a038eed7d54d4f1423d6
Suggested-by: Nick Kralevich <nnk@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
PD#SWPL-7852
Problem:
android.security.sts.Poc16_11#testPocCVE_2016_6753 fail
Solution:
do not expose kernel addr info via cgroup_css_links_read
Verify:
U200
Change-Id: I74e4904e8b662db9d6589a1926c62c87e12d6f6f
Signed-off-by: Jiamin Ma <jiamin.ma@amlogic.com>
PD#SWPL-2399
Problem:
freeze mode can not kill the secondary cpus
Solution:
move the cpu kill function before the freeze function
Verify:
tl1 test success
Change-Id: I1da7cb8bcd800b8372fd152490eadd4ef3866ece
Signed-off-by: zhiqiang liang <zhiqiang.liang@amlogic.com>
PD#SWPL-15901
Problem:
In the hidp_process_report in bluetooth, there is an integer overflow.
This could lead to an out of bounds write with no additional execution
privileges needed. User interaction is not needed for exploitation.
Solution:
The fix is designed to make the length an unsigned integer and prevent
the overflow condition.
Platform:
Raven
Verify:
Raven
Change-Id: I2f7b2c5aea90120777177a4bdf238110e2ec22e2
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#OTT-6793
Problem:
socket: close race condition between sock_close() and sockfs_setattr()
Solution:
fchownat() doesn't even hold refcnt of fd until it figures out
fd is really needed (otherwise is ignored) and releases it after
it resolves the path. This means sock_close() could race with
sockfs_setattr(), which leads to a NULL pointer dereference
since typically we set sock->sk to NULL in ->release().
As pointed out by Al, this is unique to sockfs. So we can fix this
in socket layer by acquiring inode_lock in sock_close() and
checking against NULL in sockfs_setattr().
sock_release() is called in many places, only the sock_close()
path matters here. And fortunately, this should not affect normal
sock_close() as it is only called when the last fd refcnt is gone.
It only affects sock_close() with a parallel sockfs_setattr() in
progress, which is not common.
Verify:
Raven
Change-Id: I336827581400c93c655e6bd9b837ec6f07c94632
Fixes: 86741ec254 ("net: core: Add a UID field to struct sock.")
Reported-by: shankarapailoor <shankarapailoor@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#OTT-5671
[Problem]
The irda_setsockopt function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
allows local users to cause a denial of service (ias_object
use-after-free and system crash) or possibly have unspecified other
impact via an AF_IRDA socket.
[Solution]
The irda_setsockopt() function conditionally allocates memory for a new
self->ias_object or, in some cases, reuses the existing
self->ias_object. Existing objects were incorrectly reinserted into the
LM_IAS database which corrupted the doubly linked list used for the
hashbin implementation of the LM_IAS database. When combined with a
memory leak in irda_bind(), this issue could be leveraged to create a
use-after-free vulnerability in the hashbin list. This patch fixes the
issue by only inserting newly allocated objects into the database.
[Test]
Change-Id: Idbdc870be0064e331969b39a7b6e447c16a9073a
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
