PD#SWPL-8799
Problem:
HDR-001-TC3 GXF is brighter than VID in LL mode
Solution:
dolby_vision_target_graphics_L for LL mode
Verify:
verified on u212
Change-Id: I3b39ec048bfff3d8ae797702c1c783356d59e604
Signed-off-by: yao liu <yao.liu@amlogic.com>
PD#SWPL-8545
Problem:
AL1 slope problem
Solution:
for beginning playback, use small omx_pts_interval_upper and
omx_pts_dv_lower to let pcr adjust according to omxpts quickly. Also
omxpts compenstion use sched_clock instead of getimeofday.
Verify:
verify by nts
Change-Id: If9476a9793e3e5da691ea720de78f1c20f01a1e5
Signed-off-by: shuanglong.wang <shuanglong.wang@amlogic.com>
PD#SWPL-1505
PD#SWPL-8867
Problem:
Amlogic arm kernel text_offset is 0x208000,
ko start address to kernel text end address arrange is too big(>32M)
it can cause insmod ko failed.
Solution:
modify text_offset to 0x108000
first 0x100000 is invisibe to kernel.
Verify:
u200
Change-Id: I9684b108b57a15b03e4279146c1dc57667aa5d12
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#OTT-1836
Problem:
disable video when window is too small
Solution:
set black_threshold_height default 48
Verify:
U212
Change-Id: I9ed7deb54baef1c44bb9cc0c1a4d699140663864
Signed-off-by: jintao xu <jintao.xu@amlogic.com>
PD#SWPL-8755
Problem:
too much print in stress test
Solution:
remove ddr managerment print for stress test
Verify:
Verified by x301
Change-Id: Ibd2835005da2664f623504a226562d2f8d9708ba
Signed-off-by: Zhe Wang <Zhe.Wang@amlogic.com>
PD#TV-5266
Problem:
Vpp used the wrong aspect ratio in 3D, screen mode = normal
and aspect ratio is 0 in ratecontrol variable.
Solution:
When the aspect ratio is 0, set the default value as
(height << 8) / width
Verify:
Verified by x301
Change-Id: I34f7cd3ce5ed1818d3090ebb4be934225038625e
Signed-off-by: Brian Zhu <brian.zhu@amlogic.com>
PD#SWPL-8850
Problem:
too many print when channel change.
Solution:
Modify vframe epoll event flow to avoid same event.
Verify:
verify on marconi.
Change-Id: Iefbd190c0280276bf941c48bf99706a0f2573df1
Signed-off-by: qiyao.zhou <qiyao.zhou@amlogic.com>
PD#SWPL-8850
Problem:
too many print when channel change.
Solution:
Modify vframe epoll event flow to avoid same event.
Verify:
verify on marconi.
Change-Id: Id709439f24d3cad82df6082c477cacce1a9b9cc7
Signed-off-by: qiyao.zhou <qiyao.zhou@amlogic.com>
PD#SWPL-6403
Problem:
vlock phase lock time is not accurate as theoretical value
Solution:
1.change the limite
2.increace the frq and phase lock window
3.lone time unlock, need retry
Verify:
tl1
Change-Id: I67e56e59f53848128e65a54c6a8acf750a03b72d
Signed-off-by: Yong Qin <yong.qin@amlogic.com>
PD#SWPL-5658
Problem:
emmc run hs200 200M now
Solution:
set emmc busmode to hs400 200M
Verify:
passed on t962e2 ab311
Change-Id: If5fef5c3b55cc95152b0d5d19bb5a56b293aafcf
Signed-off-by: ruixuan.li <ruixuan.li@amlogic.com>
Signed-off-by: Ruixuan Li <ruixuan.li@amlogic.com>
PD#SWPL-8670
Problem:
G12B report response crc error when hs400 200M busmode
Solution:
find a eyetest hole between 14-20 or 48-54, otherwise
tuning tx_delay and find again and
adjust CMD rx timing dynamically in HS400 mode
Verify:
passed on G12B
Change-Id: I23e4d5118e0ca0564367a77102aea9e1085633a9
Signed-off-by: Long Yu <long.yu@amlogic.com>
PD#SWPL-8159
Problem:
Default graphics is always 100nit,
need to set different nits for SDR/HDR/DV TV
Solution:
dolby_vision_target_graphics_max[] for DV/HDR/SDR;
dolby_vision_target_max[][] for video_max;
module param dolby_vision_target_max for force graphics max
when set it to non-zero;
Verify:
verified on sm1
Change-Id: If6f5ae4ffb37629b51d21764302689da776e9f7f
Signed-off-by: yao liu <yao.liu@amlogic.com>
PD#SWPL-8338
Problem:
video of 4k playback caton.
Solution:
4k video does not do tb detection.
Verify:
on x301
Change-Id: Idf10ca33e7ba2d26d759c6e5c21bc465cad0992e
Signed-off-by: renjiang.han <renjiang.han@amlogic.com>
PD#SWPL-8082
Problem:
Very low ratio(0.3%) of SError can be seen when do auto-reboot
test on g12b platfrom.
Solution:
Clear mmu mapping of secmon cma before a73 run
Verify:
w400
Change-Id: Idacfaea29dea2eff86304c7071a560c76654a5c3
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#SWPL-5314
Problem:
1. add a dummy vframe flag VFRAME_FLAG_EMPTY_FRAME_V4L.
2. add the FRAME_BASE_PATH_V4L_* for v4l2 display
3. recycle vframes when the isr recevie the empty vframe.
Solution:
1. fixed some issues for the v4l2 decode.
2. add pause and resume for v4l2 m2m job.
Verify:
todo
Change-Id: I00b44ad4d3a75f7e2167ca347562d002c2690430
Signed-off-by: Nanxin Qin <nanxin.qin@amlogic.com>
PD#SWPL-8546
Problem:
it hangup in tm2 64bit
Solution:
call clk_set_parent to set
tl1_dsu_fixed_source_sel1 to 1G
Verify:
verified on tm2 ab311
Change-Id: I2e75c76aab3ba2510050592ea5f6c3069cfa9f4d
Signed-off-by: Jian Hu <jian.hu@amlogic.com>
PD#SWPL-7379
Problem:
Decoding stream with no audio pid freezes video
Solution:
Reply the stream with no audio after loop play
Verify:
Verified by R314
Change-Id: I8782271fbf40398c639346c960f0e61911ffc1ee
Signed-off-by: Yinming Ding <yinming.ding@amlogic.com>
PD#TV-5777
Problem:
[CVTE][T972][9.0][System]: PT190004-1300: Appear auto reboot exception
during downloading Facebook app.
get_user_pfn() may caused unmatched pte_offset_map/pte_unmap call, then
may cause bad task preempt_count and subsequently panic.
Solution:
add matched pte_offset_map/pte_unmap
Verify:
tl1
Change-Id: I98240b443b8a0fae89d0ee93701eb1bfdce51b82
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
PD#SWPL-8310
Problem:
DTV, a/v is out of sync
Solution:
add i2s and spdif fine clk tuning interface
Verify:
verify on R311.
Change-Id: I8219774bd5fe334fa21227d427ce4dbb06177dc8
Signed-off-by: Zhe Wang <Zhe.Wang@amlogic.com>
PD#SWPL-8419
Problem:
Get the wrong g_vpotch value when platform bootup
Solution:
reset the g_vpotch value according to current vinfo
Verify:
verified by u212
Change-Id: I063140f0a19cf349cd8e6d66c571ae5b2c7e3de7
Signed-off-by: Brian Zhu <brian.zhu@amlogic.com>
PD#TV-4687
Problem:
Set the screen mode of HDMI channel to 4:3 and
restart to enter HDMI again. The screen displays abnormal
Solution:
optimize lc size config
Verify:
verify on TL1
Change-Id: I320f7476e09d900635767190748a4fbb486b5f6f
Signed-off-by: MingLiang Dong <mingliang.dong@amlogic.com>
PD#SWPL-6801
Problem:
There is too much kernel print which
blocks the system
Solution:
Add condition to remove the print log
Verify:
A113
Change-Id: I5762893b424e8201e2725f33854473097f1246b9
Signed-off-by: yujie.wu <yujie.wu@amlogic.com>
PD#SWPL-7391
Problem:
when hdmi 4k, tv menu set game mode, some time have
floral stripe
Solution:
afbc write addr is same at read addr, will occur.
Verify:
tl1
Change-Id: Iac10768116dea0d3bc4175871b954d56b044f390
Signed-off-by: Yong Qin <yong.qin@amlogic.com>
PD#SWPL-8572
Problem:
In change http://scgit.amlogic.com:8080/#/c/73995/ we have changed
memory layout of vmalloc. Which caused kasan can't be used
Solution:
change kasan address layout
Verify:
x301
Change-Id: I28aee4b1d9b622dd884e6c2d6b621aa870cd8586
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#SWPL-8572
Problem:
To avoid vmalloc address space not enough caused by binder, in
following change we have increased 128mb vmalloc address space:
http://scgit.amlogic.com:8080/#/c/72977/
Solution:
Since we have back porting binder optimize from kernel 4.19 in
change:
http://scgit.amlogic.com:8080/#/c/73975/
So we can restore 240mb memory space for vmalloc
Verify:
x301
Change-Id: If16e83eadb9ab40bb7e0e2ca168dc604420cdac7
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#SWPL-8572
Problems:
based on android platfrom, each process may allocate 1MB vmalloc
memory space for IPC. But most process don't use full memory
range of vmalloc space. It's a waste of memory space and may
cause driver can't work normal based on 32bit kernel
Soluton:
On kernel 4.19, google have fixed it, so we need back porting
following changes:
Squashed commit of the following:
commit b12a56e5342e15e99b0fb07c67dfce0891ba2f6b
Author: Todd Kjos <tkjos@google.com>
Date: Tue Mar 19 09:53:01 2019 -0700
FROMGIT: binder: fix BUG_ON found by selinux-testsuite
The selinux-testsuite found an issue resulting in a BUG_ON()
where a conditional relied on a size_t going negative when
checking the validity of a buffer offset.
(cherry picked from commit 5997da8214
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
char-misc-linus)
Bug: 67668716
Change-Id: Ib3b408717141deadddcb6b95ad98c0b97d9d98ea
Fixes: 7a67a39320 ("binder: add function to copy binder object from buffer")
Reported-by: Paul Moore <paul@paul-moore.com>
Tested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
commit 5b28e504d93a5f1efc074dd7cdcadc07293bb783
Author: Todd Kjos <tkjos@android.com>
Date: Thu Feb 14 15:22:57 2019 -0800
UPSTREAM: binder: fix handling of misaligned binder object
Fixes crash found by syzbot:
kernel BUG at drivers/android/binder_alloc.c:LINE! (2)
(cherry pick from commit 26528be672)
Bug: 67668716
Reported-and-tested-by: syzbot+55de1eb4975dec156d8f@syzkaller.appspotmail.com
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ib8597dd05a158f78503d4affe6c5f46ded16a811
commit e110c3b44e437bad09f76c2b42f23dcad898f57d
Author: Todd Kjos <tkjos@android.com>
Date: Wed Feb 13 11:48:53 2019 -0800
UPSTREAM: binder: fix sparse issue in binder_alloc_selftest.c
Fixes sparse issues reported by the kbuild test robot running
on https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
char-misc-testing: bde4a19fc0 ("binder: use userspace pointer as base
of buffer space")
Error output (drivers/android/binder_alloc_selftest.c):
sparse: warning: incorrect type in assignment (different address spaces)
sparse: expected void *page_addr
sparse: got void [noderef] <asn:1> *user_data
sparse: error: subtraction of different types can't work
Fixed by adding necessary "__user" tags.
(cherry pick from commit 36f3093792)
Bug: 67668716
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ia0a16d163251381d4bc04f46a44dddbc18b10a85
commit 9f6fd7733286f1af04d153c9d3a050ca2615b3cc
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:20 2019 -0800
BACKPORT: binder: use userspace pointer as base of buffer space
Now that alloc->buffer points to the userspace vm_area
rename buffer->data to buffer->user_data and rename
local pointers that hold user addresses. Also use the
"__user" tag to annotate all user pointers so sparse
can flag cases where user pointer vaues are copied to
kernel pointers. Refactor code to use offsets instead
of user pointers.
(cherry pick from commit bde4a19fc0)
Bug: 67668716
Change-Id: I9d04b844c5994d1f6214da795799e6b373bc9816
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 194d8606b011657ce30bf0c240a5adcad0691201
Author: Todd Kjos <tkjos@android.com>
Date: Wed Dec 5 15:19:25 2018 -0800
UPSTREAM: binder: fix kerneldoc header for struct binder_buffer
Fix the incomplete kerneldoc header for struct binder_buffer.
(cherry pick from commit 7a2670a5bc)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I6bb942e6a9466b02653349943524462f205af839
commit 55cb58623a60d48678d8eb74e1cabe7744ed62c2
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:19 2019 -0800
BACKPORT: binder: remove user_buffer_offset
Remove user_buffer_offset since there is no kernel
buffer pointer anymore.
(cherry pick from commit c41358a5f5)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I399219867704dc5013453a7738193c742fc970ad
commit 3301f77efa9d99e742e5642243b891e014becf17
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:18 2019 -0800
UPSTREAM: binder: remove kernel vm_area for buffer space
Remove the kernel's vm_area and the code that maps
buffer pages into it.
(cherry pick from commit 880211667b)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I2595bb8416c2bbfcf97ad3d7380ae94e29c209fb
commit 628c27a60665f15984364f6c0a1bda03473b3a78
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:17 2019 -0800
UPSTREAM: binder: avoid kernel vm_area for buffer fixups
Refactor the functions to validate and fixup struct
binder_buffer pointer objects to avoid using vm_area
pointers. Instead copy to/from kernel space using
binder_alloc_copy_to_buffer() and
binder_alloc_copy_from_buffer(). The following
functions were refactored:
refactor binder_validate_ptr()
binder_validate_fixup()
binder_fixup_parent()
(cherry pick from commit db6b0b810b)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ic222af9b6c56bf48fd0b65debe981d19a7809e77
commit ed39057090cc4a95c318bafcd97f418da56e3867
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:16 2019 -0800
BACKPORT: binder: add function to copy binder object from buffer
When creating or tearing down a transaction, the binder driver
examines objects in the buffer and takes appropriate action.
To do this without needing to dereference pointers into the
buffer, the local copies of the objects are needed. This patch
introduces a function to validate and copy binder objects
from the buffer to a local structure.
(cherry pick from commit 7a67a39320)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I42dfe238a2d20bdeff479068ca87a80e4577e64a
commit 01f8f48c56b53faf1c795112f451a032a0d00b75
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:15 2019 -0800
BACKPORT: binder: add functions to copy to/from binder buffers
Avoid vm_area when copying to or from binder buffers.
Instead, new copy functions are added that copy from
kernel space to binder buffer space. These use
kmap_atomic() and kunmap_atomic() to create temporary
mappings and then memcpy() is used to copy within
that page.
Also, kmap_atomic() / kunmap_atomic() use the appropriate
cache flushing to support VIVT cache architectures.
Allow binder to build if CPU_CACHE_VIVT is defined.
Several uses of the new functions are added here. More
to follow in subsequent patches.
(cherry picked from commit 8ced0c6231)
Bug: 67668716
Change-Id: I6a93d2396d0a80c352a1d563fc7fb523a753e38c
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bfc28d4c046d2a1aea5db66508e7fbb65a31a4a9
Author: Todd Kjos <tkjos@android.com>
Date: Fri Feb 8 10:35:14 2019 -0800
UPSTREAM: binder: create userspace-to-binder-buffer copy function
The binder driver uses a vm_area to map the per-process
binder buffer space. For 32-bit android devices, this is
now taking too much vmalloc space. This patch removes
the use of vm_area when copying the transaction data
from the sender to the buffer space. Instead of using
copy_from_user() for multi-page copies, it now uses
binder_alloc_copy_user_to_buffer() which uses kmap()
and kunmap() to map each page, and uses copy_from_user()
for copying to that page.
(cherry picked from 1a7c3d9bb7)
Bug: 67668716
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I59ff83455984fce4626476e30601ed8b99858a92
commit 89a1a65d35200d8ca94c865f061f11af41a8ced7
Author: Todd Kjos <tkjos@android.com>
Date: Mon Jan 14 09:10:21 2019 -0800
FROMGIT: binder: create node flag to request sender's security context
To allow servers to verify client identity, allow a node
flag to be set that causes the sender's security context
to be delivered with the transaction. The BR_TRANSACTION
command is extended in BR_TRANSACTION_SEC_CTX to
contain a pointer to the security context string.
Signed-off-by: Todd Kjos <tkjos@google.com>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ec74136dedhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
master)
Change-Id: I44496546e2d0dc0022f818a45cd52feb1c1a92cb
Signed-off-by: Todd Kjos <tkjos@google.com>
commit 4afd6d2498ecd54e4211c6e47d8956a686a52ee3
Author: Todd Kjos <tkjos@android.com>
Date: Wed Dec 5 15:19:26 2018 -0800
UPSTREAM: binder: filter out nodes when showing binder procs
When dumping out binder transactions via a debug node,
the output is too verbose if a process has many nodes.
Change the output for transaction dumps to only display
nodes with pending async transactions.
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ecd589d8f5)
Bug: 112037142
Change-Id: Iaa76ebdc844037ce1ee3bf2e590676790a959cef
commit 72e3c1d60a499bfa547d962a150082f47bfb16af
Author: Todd Kjos <tkjos@android.com>
Date: Tue Nov 6 15:55:32 2018 -0800
binder: fix race that allows malicious free of live buffer
commit 7bada55ab5 upstream.
Malicious code can attempt to free buffers using the BC_FREE_BUFFER
ioctl to binder. There are protections against a user freeing a buffer
while in use by the kernel, however there was a window where
BC_FREE_BUFFER could be used to free a recently allocated buffer that
was not completely initialized. This resulted in a use-after-free
detected by KASAN with a malicious test program.
This window is closed by setting the buffer's allow_user_free attribute
to 0 when the buffer is allocated or when the user has previously freed
it instead of waiting for the caller to set it. The problem was that
when the struct buffer was recycled, allow_user_free was stale and set
to 1 allowing a free to go through.
Signed-off-by: Todd Kjos <tkjos@google.com>
Acked-by: Arve Hjønnevåg <arve@android.com>
Cc: stable <stable@vger.kernel.org> # 4.14
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c7940ee7e55f4caec80ab646b7f9d495ee2677c6
Author: Martijn Coenen <maco@android.com>
Date: Sat Aug 25 13:50:56 2018 -0700
UPSTREAM: binder: Add BINDER_GET_NODE_INFO_FOR_REF ioctl.
This allows the context manager to retrieve information about nodes
that it holds a reference to, such as the current number of
references to those nodes.
Such information can for example be used to determine whether the
servicemanager is the only process holding a reference to a node.
This information can then be passed on to the process holding the
node, which can in turn decide whether it wants to shut down to
reduce resource usage.
Bug: 79983843
Change-Id: I21e52ed1ca2137f7bfdc0300365fb1285b7e3d70
Signed-off-by: Martijn Coenen <maco@android.com>
commit afd02b5ead68a94eb6bf1bf5234271687d7eb461
Author: Minchan Kim <minchan@kernel.org>
Date: Thu Aug 23 14:29:56 2018 +0900
android: binder: fix the race mmap and alloc_new_buf_locked
There is RaceFuzzer report like below because we have no lock to close
below the race between binder_mmap and binder_alloc_new_buf_locked.
To close the race, let's use memory barrier so that if someone see
alloc->vma is not NULL, alloc->vma_vm_mm should be never NULL.
(I didn't add stable mark intentionallybecause standard android
userspace libraries that interact with binder (libbinder & libhwbinder)
prevent the mmap/ioctl race. - from Todd)
"
Thread interleaving:
CPU0 (binder_alloc_mmap_handler) CPU1 (binder_alloc_new_buf_locked)
===== =====
// drivers/android/binder_alloc.c
// #L718 (v4.18-rc3)
alloc->vma = vma;
// drivers/android/binder_alloc.c
// #L346 (v4.18-rc3)
if (alloc->vma == NULL) {
...
// alloc->vma is not NULL at this point
return ERR_PTR(-ESRCH);
}
...
// #L438
binder_update_page_range(alloc, 0,
(void *)PAGE_ALIGN((uintptr_t)buffer->data),
end_page_addr);
// In binder_update_page_range() #L218
// But still alloc->vma_vm_mm is NULL here
if (need_mm && mmget_not_zero(alloc->vma_vm_mm))
alloc->vma_vm_mm = vma->vm_mm;
Crash Log:
==================================================================
BUG: KASAN: null-ptr-deref in __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_unless include/linux/atomic.h:533 [inline]
BUG: KASAN: null-ptr-deref in mmget_not_zero include/linux/sched/mm.h:75 [inline]
BUG: KASAN: null-ptr-deref in binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218
Write of size 4 at addr 0000000000000058 by task syz-executor0/11184
CPU: 1 PID: 11184 Comm: syz-executor0 Not tainted 4.18.0-rc3 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x16e/0x22c lib/dump_stack.c:113
kasan_report_error mm/kasan/report.c:352 [inline]
kasan_report+0x163/0x380 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x140/0x1a0 mm/kasan/kasan.c:267
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278
__atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline]
atomic_add_unless include/linux/atomic.h:533 [inline]
mmget_not_zero include/linux/sched/mm.h:75 [inline]
binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218
binder_alloc_new_buf_locked drivers/android/binder_alloc.c:443 [inline]
binder_alloc_new_buf+0x467/0xc30 drivers/android/binder_alloc.c:513
binder_transaction+0x125b/0x4fb0 drivers/android/binder.c:2957
binder_thread_write+0xc08/0x2770 drivers/android/binder.c:3528
binder_ioctl_write_read.isra.39+0x24f/0x8e0 drivers/android/binder.c:4456
binder_ioctl+0xa86/0xf34 drivers/android/binder.c:4596
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0x154/0xd40 fs/ioctl.c:686
ksys_ioctl+0x94/0xb0 fs/ioctl.c:701
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x43/0x50 fs/ioctl.c:706
do_syscall_64+0x167/0x4b0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
"
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Martijn Coenen <maco@android.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3ed5fd0f095e9d6fe5f33f909165a8cd596e8b46
Author: Sherry Yang <sherryy@android.com>
Date: Tue Aug 7 12:57:13 2018 -0700
android: binder: Rate-limit debug and userspace triggered err msgs
Use rate-limited debug messages where userspace can trigger
excessive log spams.
Acked-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Sherry Yang <sherryy@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8129fb3ee7af23a888383aa23647c9d576ecdfef
Author: Sherry Yang <sherryy@android.com>
Date: Thu Jul 26 17:17:17 2018 -0700
android: binder: Show extra_buffers_size in trace
Add extra_buffers_size to the binder_transaction_alloc_buf tracepoint.
Acked-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Sherry Yang <sherryy@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3b0bbcb65457ddec6fbee72bb26002e2bba16089
Author: Guenter Roeck <linux@roeck-us.net>
Date: Mon Jul 23 14:41:38 2018 -0700
android: binder: Include asm/cacheflush.h after linux/ include files
If asm/cacheflush.h is included first, the following build warnings are
seen with sparc32 builds.
In file included from arch/sparc/include/asm/cacheflush.h:11:0,
from drivers/android/binder.c:54:
arch/sparc/include/asm/cacheflush_32.h:40:37: warning:
'struct page' declared inside parameter list will not be visible
outside of this definition or declaration
Moving the asm/ include after linux/ includes solves the problem.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e8a4948f49629c6ab122339f46908884d55ca7e9
Author: Guenter Roeck <linux@roeck-us.net>
Date: Mon Jul 23 14:47:23 2018 -0700
android: binder_alloc: Include asm/cacheflush.h after linux/ include files
If asm/cacheflush.h is included first, the following build warnings are
seen with sparc32 builds.
In file included from ./arch/sparc/include/asm/cacheflush.h:11:0,
from drivers/android/binder_alloc.c:20:
./arch/sparc/include/asm/cacheflush_32.h:40:37: warning:
'struct page' declared inside parameter list
Moving the asm/ include after linux/ includes fixes the problem.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8cae6730ef318700ab3a0db3ef43ee6a5e5856c8
Author: Geert Uytterhoeven <geert@linux-m68k.org>
Date: Wed Jun 6 14:40:56 2018 +0200
android: binder: Drop dependency on !M68K
As of commit 7124330dab ("m68k/uaccess: Revive 64-bit
get_user()"), the 64-bit Android binder interface builds fine on m68k.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
verify:
p212
Change-Id: I1bac2c5345bcac64a3890f1688c1ecc4a3654a79
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#SWPL-7804
Problem:
OTA upgrade would fail because nand info page no consisent
Solution:
Keep nand info page consisent between bl2/bl33/kernel
Verify:
s420
Change-Id: Icef5f720ba80e5f639b4ee7d1f1201833d5a5656
Signed-off-by: Liang Yang <liang.yang@amlogic.com>
PD #SWPL-6027
Problem:
dmabuf panic when vout1,vout2 run at same time.
Solution:
When do pandisplay, only release the dma buf displayed
on current vout pipeline.
Verify:
Verify on macroni.
Change-Id: I8951d55f9f56cbfa509bcbe2906a108c5f50dbfe
Signed-off-by: sky zhou <sky.zhou@amlogic.com>
PD#SWPL-8658
Problem:
handle is NULL cause kernel panic.
Solution:
Add IS_ERR_OR_NULL to prevent hanle from being NULL
to cause kernel panic.
Verify:
on T962X2
Change-Id: I3086a497d99646e6475a93b5a53b3c9aca2d2ada
Signed-off-by: renjiang.han <renjiang.han@amlogic.com>
PD#SWPL-8565
Problem:
unknown buf be taken by vpp sometimes
Solution:
fix skip mechanism, reduce numeber of unknown buf
Verify:
verified by t962x2_x301
Change-Id: I296d9f2f5c25a37ec32b458ecb23d64ca8c321a7
Signed-off-by: zhiwei.yuan <zhiwei.yuan@amlogic.com>
