aboutsummaryrefslogtreecommitdiff
path: root/drivers
Commit message (Collapse)AuthorAgeFilesLines
* Revert "hand-pick: mediatek:remove unnecessary sido call flow"Moyster2016-11-111-0/+12
| | | | This reverts commit 9a7858491639342b5d3c8d496d3b9370d2330591.
* wlan: WiFi Direct CTS fixsdragonpt2016-11-116-11/+66
| | | | | | | | | | | | | | | | | | | | | | Cylen Yao <cylen.yao@mediatek.com> Details: 1. WiFi Direct CTS tests will fail as supplicant and driver could not keep sync in following case: 1.1 supplicant will request channel when do p2p listen, but driver/firmware has not switch to the target channel when supplicant get remain on channel credit by call driver API of remain on channel; This will make supplicant and driver in unsync state which will make supplicant fail to go to listen state randomly. 1.2 Supplicant and driver will also keep unsync when do mgmt frame TX; supplicant will do other task once mgmt frame TX is returned by calling driver API mgmt_tx, but, driver has not actually TX the mgmt frame out. In extremely case, driver will drop the second mgmt frame if the previous on has not been TX out, just as the group owner test case.
* tty: Properly fix memleak of alloc_piddragonpt2016-11-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cylen Yao <cylen.yao@mediatek.com> bug: 7845126 MT67x2 Memleak is due to unreleased pid->count, which execute in function: get_pid()(pid->count++) and put_pid()(pid->count--). The race condition as following: task[dumpsys] task[adbd] in disassociate_ctty() in tty_signal_session_leader() ----------------------- ------------------------- tty = get_current_tty(); // tty is not NULL ... spin_lock_irq(&current->sighand->siglock); put_pid(current->signal->tty_old_pgrp); current->signal->tty_old_pgrp = NULL; spin_unlock_irq(&current->sighand->siglock); spin_lock_irq(&p->sighand->siglock); ... p->signal->tty = NULL; ... spin_unlock_irq(&p->sighand->siglock); tty = get_current_tty(); // tty NULL, goto else branch by accident. if (tty) { ... put_pid(tty_session); put_pid(tty_pgrp); ... } else { print msg } in task[dumpsys], in disassociate_ctty(), tty is set NULL by task[adbd], tty_signal_session_leader(), then it goto else branch and lack of put_pid(), cause memleak. move spin_unlock(sighand->siglock) after get_current_tty() can avoid the race and fix the memleak.
* Fix "Security Vulnerability - kernel info leak of wifi driver"cm2016-11-111-7/+14
|
* mediatek: battery: Report the voltage in the correct scaleDiogo Ferreira2016-11-071-2/+2
| | | | | | The framework expects microvolts but we were reporting millivolts. Change-Id: I16a38e71e7cc1d87278bed7440fcdfefae34955f
* xen-netback: ref count shared ringsWei Liu2016-11-073-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... so that we can make sure the rings are not freed until all SKBs in internal queues are consumed. 1. The VM is receiving packets through bonding + bridge + netback + netfront. 2. For some unknown reason at least one packet remains in the rx queue and is not delivered to the domU immediately by netback. 3. The VM finishes shutting down. 4. The shared ring between dom0 and domU is freed. 5. then xen-netback continues processing the pending requests and tries to put the packet into the now already released shared ring. > XXXlan0: port 9(vif26.0) entered disabled state > BUG: unable to handle kernel paging request at ffffc900108641d8 > IP: [<ffffffffa04147dc>] xen_netbk_rx_action+0x18b/0x6f0 [xen_netback] > PGD 57e20067 PUD 57e21067 PMD 571a7067 PTE 0 > Oops: 0000 [#1] SMP > ... > CPU: 0 PID: 12587 Comm: netback/0 Not tainted 3.10.0-ucs58-amd64 #1 Debian 3.10.11-1.58.201405060908 > Hardware name: FUJITSU PRIMERGY BX620 S6/D3051, BIOS 080015 Rev.3C78.3051 07/22/2011 > task: ffff880004b067c0 ti: ffff8800561ec000 task.ti: ffff8800561ec000 > RIP: e030:[<ffffffffa04147dc>] [<ffffffffa04147dc>] xen_netbk_rx_action+0x18b/0x6f0 [xen_netback] > RSP: e02b:ffff8800561edce8 EFLAGS: 00010202 > RAX: ffffc900104adac0 RBX: ffff8800541e95c0 RCX: ffffc90010864000 > RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff880040014380 > RBP: ffff8800570e6800 R08: 0000000000000000 R09: ffff880004799800 > R10: ffffffff813ca115 R11: ffff88005e4fdb08 R12: ffff880054e6f800 > R13: ffff8800561edd58 R14: ffffc900104a1000 R15: 0000000000000000 > FS: 00007f19a54a8700(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000 > CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: ffffc900108641d8 CR3: 0000000054cb3000 CR4: 0000000000002660 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Stack: > ffff880004b06ba0 0000000000000000 ffff88005da13ec0 ffff88005da13ec0 > 0000000004b067c0 ffffc900104a8ac0 ffffc900104a1020 000000005da13ec0 > 0000000000000000 0000000000000001 ffffc900104a8ac0 ffffc900104adac0 > Call Trace: > [<ffffffff813ca32d>] ? _raw_spin_lock_irqsave+0x11/0x2f > [<ffffffffa0416033>] ? xen_netbk_kthread+0x174/0x841 [xen_netback] > [<ffffffff8105d373>] ? wake_up_bit+0x20/0x20 > [<ffffffffa0415ebf>] ? xen_netbk_tx_build_gops+0xce8/0xce8 [xen_netback] > [<ffffffff8105cd73>] ? kthread_freezable_should_stop+0x56/0x56 > [<ffffffffa0415ebf>] ? xen_netbk_tx_build_gops+0xce8/0xce8 [xen_netback] > [<ffffffff8105ce1e>] ? kthread+0xab/0xb3 > [<ffffffff81003638>] ? xen_end_context_switch+0xe/0x1c > [<ffffffff8105cd73>] ? kthread_freezable_should_stop+0x56/0x56 > [<ffffffff813cfbfc>] ? ret_from_fork+0x7c/0xb0 > [<ffffffff8105cd73>] ? kthread_freezable_should_stop+0x56/0x56 > Code: 8b b3 d0 00 00 00 48 8b bb d8 00 00 00 0f b7 74 37 02 89 70 08 eb 07 c7 40 08 00 00 00 00 89 d2 c7 40 04 00 00 00 00 48 83 c2 08 <0f> b7 34 d1 89 30 c7 44 24 60 00 00 00 00 8b 44 d1 04 89 44 24 > RIP [<ffffffffa04147dc>] xen_netbk_rx_action+0x18b/0x6f0 [xen_netback] > RSP <ffff8800561edce8> > CR2: ffffc900108641d8 Track the shared ring buffer being unmapped and drop those packets. Ref-count the rings as followed: map -> set to 1 start_xmit -> inc when queueing SKB to internal queue rx_action -> dec after finishing processing a SKB unmap -> dec and wait to be 0 Note that this is different from ref counting the vif structure itself. Currently only guest Rx path is taken care of because that's where the bug surfaced. This bug doesn't exist in kernel >=3.12 as multi-queue support was added there. Link: <https://lists.xenproject.org/archives/html/xen-devel/2014-06/msg00818.html> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Philipp Hahn <hahn@univention.de> Cc: David Vrabel <david.vrabel@citrix.com> Tested-by: Philipp Hahn <hahn@univention.de> Signed-off-by: Willy Tarreau <w@1wt.eu>
* ACPI / sysfs: fix error code in get_status()Dan Carpenter2016-11-071-4/+3
| | | | | | | | | | | | | | | | | commit f18ebc211e259d4f591e39e74b2aa2de226c9a1d upstream. The problem with ornamental, do-nothing gotos is that they lead to "forgot to set the error code" bugs. We should be returning -EINVAL here but we don't. It leads to an uninitalized variable in counter_show(): drivers/acpi/sysfs.c:603 counter_show() error: uninitialized symbol 'status'. Fixes: 1c8fce27e275 (ACPI: introduce drivers/acpi/sysfs.c) Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* staging: comedi: daqboard2000: bug fix board type matching codeIan Abbott2016-11-071-1/+1
| | | | | | | | | | | | | | | | | | commit 80e162ee9b31d77d851b10f8c5299132be1e120f upstream. `daqboard2000_find_boardinfo()` is supposed to check if the DaqBoard/2000 series model is supported, based on the PCI subvendor and subdevice ID. The current code is wrong as it is comparing the PCI device's subdevice ID to an expected, fixed value for the subvendor ID. It should be comparing the PCI device's subvendor ID to this fixed value. Correct it. Fixes: 7e8401b23e7f ("staging: comedi: daqboard2000: add back subsystem_device check") Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Cc: <stable@vger.kernel.org> # 3.7+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Willy Tarreau <w@1wt.eu>
* crypto: nx - off by one bug in nx_of_update_msc()Dan Carpenter2016-11-071-1/+1
| | | | | | | | | | | | | | | | commit e514cc0a492a3f39ef71b31590a7ef67537ee04b upstream. The props->ap[] array is defined like this: struct alg_props ap[NX_MAX_FC][NX_MAX_MODE][3]; So we can see that if msc->fc and msc->mode are == to NX_MAX_FC or NX_MAX_MODE then we're off by one. Fixes: ae0222b7289d ('powerpc/crypto: nx driver code supporting nx encryption') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Willy Tarreau <w@1wt.eu>
* megaraid_sas: Fix probing cards without io portYinghai Lu2016-11-072-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit e7f851684efb3377e9c93aca7fae6e76212e5680 upstream. Found one megaraid_sas HBA probe fails, [ 187.235190] scsi host2: Avago SAS based MegaRAID driver [ 191.112365] megaraid_sas 0000:89:00.0: BAR 0: can't reserve [io 0x0000-0x00ff] [ 191.120548] megaraid_sas 0000:89:00.0: IO memory region busy! and the card has resource like, [ 125.097714] pci 0000:89:00.0: [1000:005d] type 00 class 0x010400 [ 125.104446] pci 0000:89:00.0: reg 0x10: [io 0x0000-0x00ff] [ 125.110686] pci 0000:89:00.0: reg 0x14: [mem 0xce400000-0xce40ffff 64bit] [ 125.118286] pci 0000:89:00.0: reg 0x1c: [mem 0xce300000-0xce3fffff 64bit] [ 125.125891] pci 0000:89:00.0: reg 0x30: [mem 0xce200000-0xce2fffff pref] that does not io port resource allocated from BIOS, and kernel can not assign one as io port shortage. The driver is only looking for MEM, and should not fail. It turns out megasas_init_fw() etc are using bar index as mask. index 1 is used as mask 1, so that pci_request_selected_regions() is trying to request BAR0 instead of BAR1. Fix all related reference. Fixes: b6d5d8808b4c ("megaraid_sas: Use lowest memory bar for SR-IOV VF support") Signed-off-by: Yinghai Lu <yinghai@kernel.org> Acked-by: Kashyap Desai <kashyap.desai@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* aacraid: Check size values after double-fetch from userDave Carroll2016-11-071-2/+11
| | | | | | | | | | | | | | | | | | | | | commit fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3 upstream. In aacraid's ioctl_send_fib() we do two fetches from userspace, one the get the fib header's size and one for the fib itself. Later we use the size field from the second fetch to further process the fib. If for some reason the size from the second fetch is different than from the first fix, we may encounter an out-of- bounds access in aac_fib_send(). We also check the sender size to insure it is not out of bounds. This was reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was assigned CVE-2016-6480. Reported-by: Pengfei Wang <wpengfeinudt@gmail.com> Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)' Cc: stable@vger.kernel.org Signed-off-by: Dave Carroll <david.carroll@microsemi.com> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* PCI: Limit config space size for Netronome NFP4000Simon Horman2016-11-071-0/+1
| | | | | | | | | | | | | | | | | | | commit c2e771b02792d222cbcd9617fe71482a64f52647 upstream. Like the NFP6000, the NFP4000 as an erratum where reading/writing to PCI config space addresses above 0x600 can cause the NFP to generate PCIe completion timeouts. Limit the NFP4000's PF's config space size to 0x600 bytes as is already done for the NFP6000. The NFP4000's VF is 0x6004 (PCI_DEVICE_ID_NETRONOME_NFP6000_VF), the same device ID as the NFP6000's VF. Thus, its config space is already limited by the existing use of quirk_nfp6000(). Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* PCI: Limit config space size for Netronome NFP6000 familyJason S. McMullan2016-11-071-0/+11
| | | | | | | | | | | | | | | | commit 9f33a2ae59f24452c1076749deb615bccd435ca9 upstream. The NFP6000 has an erratum where reading/writing to PCI config space addresses above 0x600 can cause the NFP to generate PCIe completion timeouts. Limit the NFP6000's config space size to 0x600 bytes. Signed-off-by: Jason S. McMullan <jason.mcmullan@netronome.com> [simon: edited changelog] Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* PCI: Support PCIe devices with short cfg_sizeJason S. McMullan2016-11-071-9/+9
| | | | | | | | | | | | | | | | | | | | | | commit c20aecf6963d1273d8f6d61c042b4845441ca592 upstream. If a device quirk modifies the pci_dev->cfg_size to be less than PCI_CFG_SPACE_EXP_SIZE (4096), but greater than PCI_CFG_SPACE_SIZE (256), the PCI sysfs interface truncates the readable size to PCI_CFG_SPACE_SIZE. Allow sysfs access to config space up to cfg_size, even if the device doesn't support the entire 4096-byte PCIe config space. Note that pci_read_config() and pci_write_config() limit access to dev->cfg_size even though pcie_config_attr contains 4096 (the maximum size). Signed-off-by: Jason S. McMullan <jason.mcmullan@netronome.com> [simon: edited changelog] Signed-off-by: Simon Horman <simon.horman@netronome.com> [bhelgaas: more changelog edits] Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Willy Tarreau <w@1wt.eu>
* ANDROID: binder: Clear binder and cookie when setting handle in flat binder ↵Arve Hjønnevåg2016-11-071-0/+5
| | | | | | | | | | | struct Prevents leaking pointers between processes BUG: 30768347 Change-Id: Id898076926f658a1b8b27a3ccb848756b36de4ca Signed-off-by: Arve Hjønnevåg <arve@android.com> Ticket: PORRIDGE-499
* staging: android: Change %p to %pK in debug messagesDivya Ponnusamy2016-11-071-2/+2
| | | | | | | | | | | | The format specifier %p can leak kernel addresses while not valuing the kptr_restrict system settings. Use %pK instead of %p, which also evaluates whether kptr_restrict is set. Bug: 30148243 Change-Id: Ib1adf14e9620ad7b1bd3e962001c852610210d46 Signed-off-by: Divya Ponnusamy <pdivya@codeaurora.org> Ticket: PORRIDGE-499
* binder: prevent kptr leak by using %pK format specifierNick Desaulniers2016-11-071-1/+1
| | | | | | | | Works in conjunction with kptr_restrict. Bug: 30143283 Change-Id: I2b3ce22f4e206e74614d51453a1d59b7080ab05a (cherry picked from commit 7905a759cc685b58078483013cc584dc8327d118)
* Fix compilingfire8552016-11-071-1/+1
|
* mt6735: Add an RGB configuration sys attr driver for videox/corr10Diogo Ferreira2016-11-074-4/+111
| | | | | | | | | | | Adds the RGB configuration node which leverages the gamma subsystem to perform color correction. The new node takes rgb triplets that range from 0-2000 each, computes the gamma registers and dispatches them to the gamma correction subsystem. Change-Id: Iac9d3cbd4f423ccfffb8d665c29cfd251767a398
* Fix "arbitrary write-zero in mtkfb_ioctl() of Mediatek driver" issueyang-cy.chen2016-11-072-97/+2
| | | | | | | | | | | | | | | | Problem: lack of boundary check of user input parameter to cause arbitrary write-zero. Solution: remove unused code from driver Bug num:28175025,28175027 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> (cherry picked from commit c811910368f393068b343ebdcb6d515dc33cd710) Change-Id: Ie59f5dd742b6b2295f63f76583a5cac2bdcf5d53 Ticket: PORRIDGE-398
* Fix "stack overflow in Mediatek Thermal driver" issueyang-cy.chen2016-11-071-0/+3
| | | | | | | | | | | | | | Problem: lack of boundary check of user input parameter before copy_from_user. Solution: Add boundary protection to prevent buffer overflow Bug num:28332766 Change-Id: I8536ae241070e59fbb15449bd3bca00d895e0b3f Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> Ticket: PORRIDGE-398
* Fix "Security Vulnerability - arbitrary address write ddp_drv.c" issueyang-cy.chen2016-11-074-52/+0
| | | | | | | | | | | | | | | | Problem: user input parameter without validation Solution: Remove legacy code to prevent buffer overflow Bug num:28402341 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> (cherry picked from commit 76884c3948a5896c7d724a6852e9f8d1403fa9d0) Change-Id: I77467ae0c0652c7f44238b0320a1a6fef71c0d97 Ticket: PORRIDGE-398
* Fix "Security Vulnerability - kernel info leak ddp_drv.c" issueyang-cy.chen2016-11-071-1/+0
| | | | | | | | | | | | | | | | Problem: user input parameter without validation Solution: Remove legacy code to prevent buffer overflow Bug num:28402240 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> (cherry picked from commit a8a18e931e3772d1bef10ec0b4611aa25831f0c0) Change-Id: I046968817190fc054225fb8c73f87574ec8db511 Ticket: PORRIDGE-398
* power: wakeup: partially revert some wakelock togglescm2016-11-071-5/+0
| | | | | This reverts msm_hsic_ws, since it's not used on MediaTek platform Makes no issue in having this here.. But let's keep this clean...
* android: fiq_debugger: fix cut-off help messageColin Cross2016-11-071-1/+2
| | | | | | | | | fiq_debugger_printf has a 256 byte limit, which was causing the help lines for "kmsg" and "version" to be dropped. Split the long string into two calls. Change-Id: I55f9f030247cc16d13ae6236736311a5ef0c7aa0 Signed-off-by: Colin Cross <ccross@android.com>
* hand-pick: mediatek:remove unnecessary sido call flowMoyster2016-11-071-12/+0
| | | | | | | | | | | | | Problem: unnecessary sido call flow cause watchdog timeout Solution: remove unnecessary part that cause the issue Bug num:20566147 Change-Id: Iee332f38d339808f7245b4b0271b0f353f4081c4 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com>
* power: wakeup: add wakelock togglesengstk2016-09-281-0/+29
| | | | Signed-off-by: engstk <eng.stk@sapo.pt>
* mmc: core: fix race between mmc_power_off and mmc_power_upSahitya Tummala2016-09-281-1/+8
| | | | | | | | | | | | | | In case card detect IRQ is triggered before mmc_add_host(), then there could be a potential race between mmc_power_off() which gets called from mmc_rescan() of card detect IRQ handler and mmc_start_host() which gets called from mmc_add_host(). This may turn off the clocks while mmc_start_host() is still running and thus may result in an un-clocked register access. Change-Id: I522df75ba0ad23f065127e015ad825075be94596 Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> Signed-off-by: franciscofranco <franciscofranco.1990@gmail.com> Signed-off-by: W4TCH0UT <ateekujjawal@gmail.com>
* PM: Enable asynchronous noirq resume threads to save the resuming timeanarkia19762016-09-131-9/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Subject [PATCH] PM: Enable asynchronous noirq resume threads to save the resuming time From Chuansheng Liu <> Date Tue, 14 Jan 2014 15:18:08 +0800 Currently, the dpm_resume_noirq() is done synchronously, and for PCI devices pci_pm_resume_noirq(): pci_pm_resume_noirq() pci_pm_default_resume_early() pci_power_up() pci_raw_set_power_state() Which set the device from D3hot to D0 mostly, for every device, there will be one 10ms(pci_pm_d3_delay) to wait. Hence normally dpm_resume_noirq() will cost > 100ms, which is bigger for mobile platform. Here implementing it with asynchronous way which will reduce much. For example below, The 80% time is saved. With synchronous way: [ 1411.272218] PM: noirq resume of devices complete after 92.223 msecs With asynchronous way: [ 110.616735] PM: noirq resume of devices complete after 10.544 msecs Signed-off-by: Liu, Chuansheng <chuansheng.liu@intel.com>
* USB: android: Fix memory leak in mass_storage_function_init()Azhar Shaikh2016-09-131-0/+4
| | | | | | | | | | | | | mass_storage_function_init() calls fsg_common_init() which allocates memory to fsg buffers only once during bootup. This memory is never freed, which results in a memory leak. The reference count is incremented in mass_storage_function_init() and in fsg_bind_config(). The count incremented in bind_config is decremented in fsg_unbind(). Free this memory and also decrement the reference count in mass_storage_function_cleanup() which will be called during gadget unbind. Change-Id: I51e8d062471540df01bcb3122195711bbaffe455 Signed-off-by: Azhar Shaikh <azhars@codeaurora.org>
* cpuidle: Add need_resched() checkPatrick Daly2016-09-131-0/+5
| | | | | | | | | | The cpuidle framework is disabled as part of suspend. In this scenario, the cpu may enter wfi without checking the need_resched() flag. Prevent this from occuring. CRs-fixed: 920501 Change-Id: Ib2077833279d84b2aea25c61198dfbdcf4566ea4 Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
* cpufreq: ondemand: Eliminate the deadband effectanarkia19762016-09-131-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | using the formula: Target frequency = C * load where C = policy->cpuinfo.max_freq / 100 Though, in many cases, the minimum available frequency is pretty high and the above calculation introduces a dead band from load 0 to 100 * policy->cpuinfo.min_freq / policy->cpuinfo.max_freq where the target frequency is always calculated to less than policy->cpuinfo.min_freq and the minimum frequency is selected. For example: on Intel i7-3770 @ 3.4GHz the policy->cpuinfo.min_freq = 1600000 and the policy->cpuinfo.max_freq = 3400000 (without turbo). Thus, the CPU starts to scale up at a load above 47. On quad core 1500MHz Krait the policy->cpuinfo.min_freq = 384000 and the policy->cpuinfo.max_freq = 1512000. Thus, the CPU starts to scale at load above 25. Change the calculation of target frequency to eliminate the above effect using the formula: Target frequency = A + B * load where A = policy->cpuinfo.min_freq and B = (policy->cpuinfo.max_freq - policy->cpuinfo->min_freq) / 100 This will map load values 0 to 100 linearly to cpuinfo.min_freq to cpuinfo.max_freq. Also, use the CPUFREQ_RELATION_C in __cpufreq_driver_target to select the closest frequency in frequency_table. This is necessary to avoid selection of minimum frequency only when load equals to 0. It will also help for selection of frequencies using a more 'fair' criterion. Tables below show the difference in selected frequency for specific values of load without and with this patch. On Intel i7-3770 @ 3.40GHz: Without With Load Target Selected Target Selected 0 0 1600000 1600000 1600000 5 170050 1600000 1690050 1700000 10 340100 1600000 1780100 1700000 15 510150 1600000 1870150 1900000 20 680200 1600000 1960200 2000000 25 850250 1600000 2050250 2100000 30 1020300 1600000 2140300 2100000 35 1190350 1600000 2230350 2200000 40 1360400 1600000 2320400 2400000 45 1530450 1600000 2410450 2400000 50 1700500 1900000 2500500 2500000 55 1870550 1900000 2590550 2600000 60 2040600 2100000 2680600 2600000 65 2210650 2400000 2770650 2800000 70 2380700 2400000 2860700 2800000 75 2550750 2600000 2950750 3000000 80 2720800 2800000 3040800 3000000 85 2890850 2900000 3130850 3100000 90 3060900 3100000 3220900 3300000 95 3230950 3300000 3310950 3300000 100 3401000 3401000 3401000 3401000 On ARM quad core 1500MHz Krait: Without With Load Target Selected Target Selected 0 0 384000 384000 384000 5 75600 384000 440400 486000 10 151200 384000 496800 486000 15 226800 384000 553200 594000 20 302400 384000 609600 594000 25 378000 384000 666000 702000 30 453600 486000 722400 702000 35 529200 594000 778800 810000 40 604800 702000 835200 810000 45 680400 702000 891600 918000 50 756000 810000 948000 918000 55 831600 918000 1004400 1026000 60 907200 918000 1060800 1026000 65 982800 1026000 1117200 1134000 70 1058400 1134000 1173600 1134000 75 1134000 1134000 1230000 1242000 80 1209600 1242000 1286400 1242000 85 1285200 1350000 1342800 1350000 90 1360800 1458000 1399200 1350000 95 1436400 1458000 1455600 1458000 100 1512000 1512000 1512000 1512000 Tested on Intel i7-3770 CPU @ 3.40GHz and on ARM quad core 1500MHz Krait (Android smartphone). Benchmarks on Intel i7 shows a performance improvement on low and medium work loads with lower power consumption. Specifics: Phoronix Linux Kernel Compilation 3.1: Time: -0.40%, energy: -0.07% Phoronix Apache: Time: -4.98%, energy: -2.35% Phoronix FFMPEG: Time: -6.29%, energy: -4.02% Also, running mp3 decoding (very low load) shows no differences with and without this patch. Signed-off-by: Stratos Karafotis <stratosk@semaphore.gr> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
* devfreq: gpu: added simple time_in_state statsanarkia19762016-09-131-0/+21
| | | | | * All Credits to @andip71 * Modded to similar cpu stats table
* PM: devfreq: Always reflect a change of polling intervalmyfluxi2016-09-131-1/+1
| | | | Change-Id: Ie895bdf1ed1126e05483890f7ed64ac05890710a
* PM: devfreq: Fix simple_ondemand crashing on startupmyfluxi2016-09-131-1/+4
| | | | | | | simple_ondemands private data must be set to NULL, otherwise we would run into a NULL pointer in kgsl_devfreq_get_dev_status(). Change-Id: I6cc6a8b11e3b58b8c3e3c26d43ee36949cf62351
* devfreq: Use high priority workqueuemyfluxi2016-09-131-1/+4
| | | | | | | It does not make sense to run kgsl on high and devfreq on regular priority. Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
* sched: cpufreq: Adds a field cpu_power in the task_structRuchi Kandoi2016-09-101-0/+19
| | | | | | | | | | | | cpu_power has been added to keep track of amount of power each task is consuming. cpu_power is updated whenever stime and utime are updated for a task. power is computed by taking into account the frequency at which the current core was running and the current for cpu actively running at hat frequency. Bug: 21498425 Change-Id: Ic535941e7b339aab5cae9081a34049daeb44b248 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* cpufreq_stats: Adds the fucntionality to load current values for each frequencyRuchi Kandoi2016-09-101-28/+139
| | | | | | | | | | | | for all the cores. The current values for the cpu cores needs to be added to the device tree for this functionaly to work. It loads the current values for each frequecy in uA for all the cores. Bug: 21498425 Change-Id: If03311aaeb3e4c09375dd0beb9ad4fbb254b5c08 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* uid_cputime: Check for the range while removing range of UIDs.Ruchi Kandoi2016-09-101-4/+5
| | | | | | | | | | | Checking if the uid_entry->uid matches the uid intended to be removed will prevent deleting unwanted uid_entry. Type cast the key for the hashtable to the same size, as when they were inserted. This will make sure that we can find the uid_entry we want. Bug: 25195548 Change-Id: I567942123cfb20e4b61ad624da19ec4cc84642c1 Signed-off: Ruchi kandoi <kandoiruchi@google.com>
* uid_cputime: Iterates over all the threads instead of processes.Ruchi Kandoi2016-09-101-3/+3
| | | | | | Bug: 22833116 Change-Id: I775a18f61bd2f4df2bec23d01bd49421d0969f87 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* uid_cputime: fix cputime overflowJin Qian2016-09-101-4/+6
| | | | | | | | | | | Converting cputime_t to usec caused overflow when the value is greater than 1 hour. Use msec and convert to unsigned long long to support bigger range. Bug: 22461683 Change-Id: I853fe3e8e7dbf0d3e2cc5c6f9688a5a6e1f1fb3e Signed-off-by: Jin Qian <jinqian@google.com>
* uid_cputime: Avoids double accounting of process stime, utime and cpu_power inRuchi Kandoi2016-09-101-0/+6
| | | | | | | | | | | | | | | task exit. This avoids the race where a particular process is terminating and we read the show_uid_stats. At this time since the task_struct still exists and we will account for the terminating process as one of the active task, where as the stats would have been added in the task exit callback. Bug: 22064385 Change-Id: Id2ae04b33fcd230eda9683a41b6019d4dd8f5d85 Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* uid_cputime: Extends the cputime functionality to report power per uidRuchi Kandoi2016-09-101-2/+10
| | | | | | | | /proc/uid_cputime/show_uid_stats shows a third field power for each of the uids. It represents the power in the units (uAusec) Change-Id: I52fdc5e59647e9dc97561a26d56f462a2689ba9c Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* proc: uid_cputime: fix show_uid_stat permissionJin Qian2016-09-101-1/+1
| | | | | Change-Id: Ice9084e39da599261df0be6dc305b817b50cfbbf Signed-off-by: Jin Qian <jinqian@google.com>
* proc: uid_cputime: create uids from kuidsAmit Pundir2016-09-101-3/+5
| | | | | | | | | | | | | | | | | | | Create uids from kuids using from_kuid_munged(), otherwise we run into following build error and warnings: -------------------- CC drivers/misc/uid_cputime.o drivers/misc/uid_cputime.c: In function ‘uid_stat_show’: drivers/misc/uid_cputime.c:90:36: error: incompatible type for argument 1 of ‘find_or_register_uid’ drivers/misc/uid_cputime.c:54:26: note: expected ‘uid_t’ but argument is of type ‘kuid_t’ drivers/misc/uid_cputime.c:94:4: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘kuid_t’ [-Wformat] drivers/misc/uid_cputime.c: In function ‘process_notifier’: drivers/misc/uid_cputime.c:194:6: error: incompatible types when assigning to type ‘uid_t’ from type ‘kuid_t’ make[2]: *** [drivers/misc/uid_cputime.o] Error 1 -------------------- Change-Id: Ifecb98001f7fe2fac74d1ef3e1abd03d43fc9059 Signed-off-by: Amit Pundir <amit.pundir@linaro.org> (cherry picked from commit b0f4decae627cf2d74e6f72c7ecb939c77d48625)
* proc: uid: Adds accounting for the cputimes per uid.jinqian2016-09-103-0/+242
| | | | | | | | | | | | | Adds proc files /proc/uid_cputime/show_uid_stat and /proc/uid_cputime/remove_uid_range. show_uid_stat lists the total utime and stime for the active as well as terminated processes for each of the uids. Writing a range of uids to remove_uid_range will delete the accounting for all the uids within that range. Change-Id: I21d9210379da730b33ddc1a0ea663c8c9d2ac15b
* fix partition pathMoyster2016-09-101-1/+1
|
* cpufreq: remove race while accessing cur_policyBibek Basu2016-09-101-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While accessing cur_policy during executing events CPUFREQ_GOV_START, CPUFREQ_GOV_STOP, CPUFREQ_GOV_LIMITS, same mutex lock is not taken, dbs_data->mutex, which leads to race and data corruption while running continious suspend resume test. This is seen with ondemand governor with suspend resume test using rtcwake. Unable to handle kernel NULL pointer dereference at virtual address 00000028 pgd = ed610000 [00000028] *pgd=adf11831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM Modules linked in: nvhost_vi CPU: 1 PID: 3243 Comm: rtcwake Not tainted 3.10.24-gf5cf9e5 #1 task: ee708040 ti: ed61c000 task.ti: ed61c000 PC is at cpufreq_governor_dbs+0x400/0x634 LR is at cpufreq_governor_dbs+0x3f8/0x634 pc : [<c05652b8>] lr : [<c05652b0>] psr: 600f0013 sp : ed61dcb0 ip : 000493e0 fp : c1cc14f0 r10: 00000000 r9 : 00000000 r8 : 00000000 r7 : eb725280 r6 : c1cc1560 r5 : eb575200 r4 : ebad7740 r3 : ee708040 r2 : ed61dca8 r1 : 001ebd24 r0 : 00000000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5387d Table: ad61006a DAC: 00000015 [<c05652b8>] (cpufreq_governor_dbs+0x400/0x634) from [<c055f700>] (__cpufreq_governor+0x98/0x1b4) [<c055f700>] (__cpufreq_governor+0x98/0x1b4) from [<c0560770>] (__cpufreq_set_policy+0x250/0x320) [<c0560770>] (__cpufreq_set_policy+0x250/0x320) from [<c0561dcc>] (cpufreq_update_policy+0xcc/0x168) [<c0561dcc>] (cpufreq_update_policy+0xcc/0x168) from [<c0561ed0>] (cpu_freq_notify+0x68/0xdc) [<c0561ed0>] (cpu_freq_notify+0x68/0xdc) from [<c008eff8>] (notifier_call_chain+0x4c/0x8c) [<c008eff8>] (notifier_call_chain+0x4c/0x8c) from [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) from [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) from [<c00aac6c>] (pm_qos_update_bounded_target+0xd8/0x310) [<c00aac6c>] (pm_qos_update_bounded_target+0xd8/0x310) from [<c00ab3b0>] (__pm_qos_update_request+0x64/0x70) [<c00ab3b0>] (__pm_qos_update_request+0x64/0x70) from [<c004b4b8>] (tegra_pm_notify+0x114/0x134) [<c004b4b8>] (tegra_pm_notify+0x114/0x134) from [<c008eff8>] (notifier_call_chain+0x4c/0x8c) [<c008eff8>] (notifier_call_chain+0x4c/0x8c) from [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) from [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) from [<c00ac228>] (pm_notifier_call_chain+0x1c/0x34) [<c00ac228>] (pm_notifier_call_chain+0x1c/0x34) from [<c00ad38c>] (enter_state+0xec/0x128) [<c00ad38c>] (enter_state+0xec/0x128) from [<c00ad400>] (pm_suspend+0x38/0xa4) [<c00ad400>] (pm_suspend+0x38/0xa4) from [<c00ac114>] (state_store+0x70/0xc0) [<c00ac114>] (state_store+0x70/0xc0) from [<c027b1e8>] (kobj_attr_store+0x14/0x20) [<c027b1e8>] (kobj_attr_store+0x14/0x20) from [<c019cd9c>] (sysfs_write_file+0x104/0x184) [<c019cd9c>] (sysfs_write_file+0x104/0x184) from [<c0143038>] (vfs_write+0xd0/0x19c) [<c0143038>] (vfs_write+0xd0/0x19c) from [<c0143414>] (SyS_write+0x4c/0x78) [<c0143414>] (SyS_write+0x4c/0x78) from [<c000f080>] (ret_fast_syscall+0x0/0x30) Code: e1a00006 eb084346 e59b0020 e5951024 (e5903028) ---[ end trace 0488523c8f6b0f9d ]--- Signed-off-by: Bibek Basu <bbasu@nvidia.com> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Cc: 3.11+ <stable@vger.kernel.org> # 3.11+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: franciscofranco <franciscofranco.1990@gmail.com>
* random: allow architectures to optionally define random_get_entropy()Theodore Ts'o2016-09-101-4/+4
| | | | | | | | | | | | | | Allow architectures which have a disabled get_cycles() function to provide a random_get_entropy() function which provides a fine-grained, rapidly changing counter that can be used by the /dev/random driver. For example, an architecture might have a rapidly changing register used to control random TLB cache eviction, or DRAM refresh that doesn't meet the requirements of get_cycles(), but which is good enough for the needs of the random driver. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: stable@vger.kernel.org
* random32: add prandom_u32_max and convert open coded usersDaniel Borkmann2016-09-101-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Many functions have open coded a function that returns a random number in range [0,N-1]. Under the assumption that we have a PRNG such as taus113 with being well distributed in [0, ~0U] space, we can implement such a function as uword t = (n*m')>>32, where m' is a random number obtained from PRNG, n the right open interval border and t our resulting random number, with n,m',t in u32 universe. Lets go with Joe and simply call it prandom_u32_max(), although technically we have an right open interval endpoint, but that we have documented. Other users can further be migrated to the new prandom_u32_max() function later on; for now, we need to make sure to migrate reciprocal_divide() users for the reciprocal_divide() follow-up fixup since their function signatures are going to change. Joint work with Hannes Frederic Sowa. Cc: Jakub Zawadzki <darkjames-ws@darkjames.pl> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Conflicts: net/packet/af_packet.c
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-27 13:41:04 +0000