{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":15878393,"defaultBranch":"android-13-release-ttz","name":"kernel-msm","ownerLogin":"MotorolaMobilityLLC","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2014-01-13T19:06:34.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6362357?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1720829257.0","currentOid":""},"activityList":{"items":[{"before":"405a353daa84947082cfb8993eb4a3949ac9d6ba","after":"7c5980eed5b4816993168a3d0aaef39628e95bb5","ref":"refs/heads/android-11-release-rpls31.q2-63-10-2-2","pushedAt":"2024-07-13T00:07:31.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"Configure Compute DSP as secure for Olson R\n\nMake even CDSP as secure DSP per QC recommendation\nSee QCOM KBA-180627141440 for details\n\nChange-Id: I5d381e76595bab728e2d01a105a24e0914070948\nReviewed-on: https://gerrit.mot.com/2002530\nSME-Granted: SME Approvals Granted\nTested-by: Jira Key\nReviewed-by: Gunashree Visweswara \nSLTApproved: Gunashree Visweswara \nSubmit-Approved: Gunashree Visweswara \nTested-by: Gunashree Visweswara ","shortMessageHtmlLink":"Configure Compute DSP as secure for Olson R"}},{"before":null,"after":"1f65ab87e2fcf8b0c72ad17719dba2351ffef056","ref":"refs/heads/android-12-release-s3rv32.128-36-6","pushedAt":"2024-07-12T18:33:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: kgsl: Make sure that pool pages don't have any extra references\n\nBefore putting a page back in the pool be sure that it doesn't have\nany additional references that would be a signal that somebody else\nis looking at the page and that it would be a bad idea to keep it\naround and run the risk of accidentally handing it to a different\nprocess.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-21666\nBug: 271879644\nCRs-Fixed: 3400780\n\nChange-Id: Ic0dedbad0cf2ffb34b76ad23e393c5a911114b82\nSigned-off-by: Jordan Crouse \nSigned-off-by: Kamal Agrawal \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2578144\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"msm: kgsl: Make sure that pool pages don't have any extra references"}},{"before":null,"after":"5bd3b48fc336f1a3b50dba6f73a01d5187b1560a","ref":"refs/heads/android-14-release-u1tgn34.42-86","pushedAt":"2024-07-06T01:11:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"Merge GKI android12-5.10-2023-11_r4 for LTS 5.10.189+\n\nupgrade GKI to android12-5.10-2023-11_r4 for Genevn5G.\n\nChange-Id: I05e1fd5b420b45298c578481e45068360cf2a54f\nSigned-off-by: wu chao ","shortMessageHtmlLink":"Merge GKI android12-5.10-2023-11_r4 for LTS 5.10.189+"}},{"before":"0a2e78ddce265f4d246643b64b1065e4a4f00751","after":"09a707ff3e2d60c45ea21238844134d4f70f68f1","ref":"refs/heads/android-13-release-t1shs33.35-23-20-4-18","pushedAt":"2024-07-05T20:49:52.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"kgsl: Gen7: Enable access protection for LPAC pipeline\n\nEnable access protection for LPAC pipeline so that command\nprocessor will restrict access to a block of registers from\nwithin the command stream. Any attempt to access protected\nregister space will result in fault.\n\nChange-Id: Ia8d391f7b9ad1b5d38e7d4d8ac727d2d3f54f53a\nSigned-off-by: Hareesh Gundu \nSigned-off-by: Sanjay Yadav ","shortMessageHtmlLink":"kgsl: Gen7: Enable access protection for LPAC pipeline"}},{"before":"cb24c2573e213a1854d745473235ae6679dd4c01","after":"8ce26ab2f9db0bff82cae65593e0c23219e2a095","ref":"refs/heads/android-13-release-t1sus33.1-124-6-8-1","pushedAt":"2024-07-01T21:56:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"BACKPORT: media: venus: hfi: fix the check in session buffer requirement\n\nBuffer requirement, for different buffer type, comes from video firmware.\nWhile copying these requirements, there is an OOB possibility when the\npayload from firmware is more than expected size. Fix the check to avoid\nthe OOB possibility.\n\ncherry picked from b18e36dfd6c9 (\"media: venus: hfi: fix the check to\nhandle session buffer requirement\").\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2024-21475\nCRs-Fixed: 3530093\n\nChange-Id: I8169c57b2c244c52bac0b4de460b9820707f6ff7\nCc: stable@vger.kernel.org\nFixes: 09c2845e8fe4 (\"[media] media: venus: hfi: add Host Firmware Interface (HFI)\")\nReviewed-by: Nathan Hebert \nSigned-off-by: Stanimir Varbanov \nSigned-off-by: Hans Verkuil \nSigned-off-by: V(CR) Garodia \n(cherry picked from commit 8346a4a3b40d2075635723f537952a8e27dfc949)\n(cherry picked from commit 52d7d578b2b66f6db302a19d18a75fedbb79f7dc)\n(cherry picked from commit 1b2aae0c49e80b77ae561859ceMontana0b99cf761b7)\nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2877465\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key\n(cherry picked from commit 3ed2fc303806ee230e5170b09a51fe88350df240)","shortMessageHtmlLink":"BACKPORT: media: venus: hfi: fix the check in session buffer requirement"}},{"before":null,"after":"0a2e78ddce265f4d246643b64b1065e4a4f00751","ref":"refs/heads/android-13-release-t1shs33.35-23-20-4-18","pushedAt":"2024-07-01T20:47:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"memshare: Prevent possible integer overflow\n\nPrevent possible integer overflow by sanitizing the alloc request\nsize coming from the client against allottable amount of memory.\n\nChange-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576\nSigned-off-by: Manoj Prabhu B \n(cherry picked from commit 9abb15f5c8e1d80c3be0ac7188bf4871087942f2)","shortMessageHtmlLink":"memshare: Prevent possible integer overflow"}},{"before":"47172b99669345721eeefd30ee811773f4ad4718","after":"309ab1a9778142da597c84b0448259e4d2d9c482","ref":"refs/heads/android-13-release-t2se33.73-23-2","pushedAt":"2024-06-26T22:22:56.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"iommu: Fix missing return check of arm_lpae_init_pte\n\nUAF scenaRiveray occur in clients with EL1 privileges for\niova mappings when we miss to check the return value of\narm_lpae_init_pte which may lead to an PTE be counted as\nit was set even if it was already existing. This can cause a\ndangling IOMMU PTE to be left mapped pointing to a\nfreed object and cause UAF in the client if the dangling PTE\nis accessed after a failed unmap operation.\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2024-21468\nCRs-Fixed: 3614610\nFixes: 27de1978c331 (\"ANDROID: GKI: iommu/io-pgtable-arm: LPAE related updates by vendor\")\nChange-Id: I5cfc1aea66df8767fb270de3e2135a1a170f049f\nSigned-off-by: Pratyush Brahma \nSigned-off-by: Ashutosh Verma \n\n(cherry picked from commit de59b74d74c7b523b116cf1149a1111ceb56f6a0)\n\nChange-Id: I5cfc1aea66df8767fb270de3e2135a1a170f049f\nReviewed-on: https://gerrit.mot.com/2850017\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Chakradhar Gajjala \nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"iommu: Fix missing return check of arm_lpae_init_pte"}},{"before":null,"after":"d27a2e93f451d81d3908614565a8a4e37f01b4fa","ref":"refs/heads/android-13-release-t1sjs33.117-30-3-9","pushedAt":"2024-06-15T01:41:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"iommu: Fix missing return check of arm_lpae_init_pte\n\nUAF scenaRiveray occur in clients with EL1 privileges for\niova mappings when we miss to check the return value of\narm_lpae_init_pte which may lead to an PTE be counted as\nit was set even if it was already existing. This can cause a\ndangling IOMMU PTE to be left mapped pointing to a\nfreed object and cause UAF in the client if the dangling PTE\nis accessed after a failed unmap operation.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2024-21468\nCRs-Fixed: 3614610\nFixes: 27de1978c331 (\"ANDROID: GKI: iommu/io-pgtable-arm: LPAE related updates by vendor\")\nChange-Id: I2f77ead04c6f923051085e42350dee6f5517b900\nSigned-off-by: Pratyush Brahma \nSigned-off-by: Ashutosh Verma \n\n(cherry picked from commit 1bf697a3d4f720c8563380e471ee54caac81e052)\n(cherry picked from commit 817d4d315dbb2ee1115a1256f90ce7e1b88ba64d)\n\nChange-Id: I2f77ead04c6f923051085e42350dee6f5517b900\nReviewed-on: https://gerrit.mot.com/2850001\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Chakradhar Gajjala \nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"iommu: Fix missing return check of arm_lpae_init_pte"}},{"before":"ec38702d2ff8751b613630e7c80560ada51af073","after":"a9986b2c9160c5a60b665457511a0aa54c4d79c9","ref":"refs/heads/android-11-release-rpjs31.q1-53-12-5","pushedAt":"2024-06-15T00:40:22.000Z","pushType":"push","commitsCount":47,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: npu: remove asynchronous network execution support\n\nRemove asynchronous network execution related code since it's\nnot used.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2022-22068\nCRs-Fixed: 3084983\nBug: 218337596\n\nChange-Id: I8332b7a24d8cb89df50ea1a20e4a0f6120289ba6\nSigned-off-by: Jilai Wang \nSigned-off-by: Gajjala Chakradhar \nReviewed-on: https://gerrit.mot.com/2255771\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Huosheng Liao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"msm: npu: remove asynchronous network execution support"}},{"before":null,"after":"79b9ad79cf3d37005788a7cabceaeff52376208a","ref":"refs/heads/android-14-release-u3uv34.26-9-4","pushedAt":"2024-06-05T04:20:30.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"Use different return variable to avoid overwritten\n\nCallers reply on the return value of acquire_runtime_env to check\nstate and release resources. Use different variable to avoid\noverwrite return value\n\nChange-Id: I7855df094f50a67fac0ead992abf6ba948848923\nReviewed-on: https://gerrit.mot.com/2921739\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nReviewed-by: Yuesheng Huang \nTested-by: Jira Key\nSubmit-Approved: Jira Key","shortMessageHtmlLink":"Use different return variable to avoid overwritten"}},{"before":"e2e8dc992e1e2d0f22bfa6c4e152aadfd8a8a7ae","after":"96a5d74f380c5374b38b83d08d1d6d580f2c3177","ref":"refs/heads/android-13-release-t1sjs33.117-30-3-5","pushedAt":"2024-06-04T15:33:04.000Z","pushType":"push","commitsCount":9,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"memshare: Prevent possible integer overflow\n\nPrevent possible integer overflow by sanitizing the alloc request\nsize coming from the client against allottable amount of memory.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43550\nCRs-Fixed: 3595842\nChange-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576\nSigned-off-by: Manoj Prabhu B \nSigned-off-by: VIJAYAN CHENGANNAGARI \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2841320\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"memshare: Prevent possible integer overflow"}},{"before":null,"after":"1db0416c3d6cc4e9ebb36b339aecc2f9bb11c2df","ref":"refs/heads/android-14-release-u1tpc34.3-26-3","pushedAt":"2024-06-04T07:49:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"psi: Fix psi state corruption when schedule() races with cgroup move\n\n4117cebf1a9f (\"psi: Optimize task switch inside shared cgroups\")\nintroduced a race condition that corrupts internal psi state. This\nmanifests as kernel warnings, sometimes followed by bogusly high IO\npressure:\n\n psi: task underflow! cpu=1 t=2 tasks=[0 0 0 0] clear=c set=0\n (schedule() decreasing RUNNING and ONCPU, both of which are 0)\n\n psi: incosistent task state! task=2412744:systemd cpu=17 psi_flags=e clear=3 set=0\n (cgroup_move_task() clearing MEMSTALL and IOWAIT, but task is MEMSTALL | RUNNING | ONCPU)\n\nWhat the offending commit does is batch the two psi callbacks in\nschedule() to reduce the number of cgroup tree updates. When prev is\ndeactivated and removed from the runqueue, nothing is done in psi at\nfirst; when the task switch completes, TSK_RUNNING and TSK_IOWAIT are\nupdated along with TSK_ONCPU.\n\nHowever, the deactivation and the task switch inside schedule() aren't\natomic: pick_next_task() may drop the rq lock for load balancing. When\nthis happens, cgroup_move_task() can run after the task has been\nphysically dequeued, but the psi updates are still pending. Since it\nlooks at the task's scheduler state, it doesn't move everything to the\nnew cgroup that the task switch that follows is about to clear from\nit. cgroup_move_task() will leak the TSK_RUNNING count in the old\ncgroup, and psi_sched_switch() will underflow it in the new cgroup.\n\nA similar thing can happen for iowait. TSK_IOWAIT is usually set when\na p->in_iowait task is dequeued, but again this update is deferred to\nthe switch. cgroup_move_task() can see an unqueued p->in_iowait task\nand move a non-existent TSK_IOWAIT. This results in the inconsistent\ntask state warning, as well as a counter underflow that will result in\npermanent IO ghost pressure being reported.\n\nFix this bug by making cgroup_move_task() use task->psi_flags instead\nof looking at the potentially mismatching scheduler state.\n\n[ We used the scheduler state historically in order to not rely on\n task->psi_flags for anything but debugging. But that ship has sailed\n anyway, and this is simpler and more robust.\n\n We previously already batched TSK_ONCPU clearing with the\n TSK_RUNNING update inside the deactivation call from schedule(). But\n that ordering was safe and didn't result in TSK_ONCPU corruption:\n unl(CR) most places in the scheduler, cgroup_move_task() only checked\n task_current() and handled TSK_ONCPU if the task was still queued. ]\n\nFixes: 4117cebf1a9f (\"psi: Optimize task switch inside shared cgroups\")\nSigned-off-by: Johannes Weiner \nSigned-off-by: Peter Zijlstra (Intel) \nLink: https://lkml.kernel.org/r/20210503174917.38579-1-hannes@cmpxchg.org\n\nChange-Id: I83fc22d7ecb515896a526892f40066353a6dadd0\nMot-CRs-fixed: (CR)\nReviewed-on: https://gerrit.mot.com/2408024\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key\nReviewed-on: https://gerrit.mot.com/2817400\nReviewed-by: Hongshu Lou \nReviewed-by: Huosheng Liao ","shortMessageHtmlLink":"psi: Fix psi state corruption when schedule() races with cgroup move"}},{"before":null,"after":"0d725d14e4d1247acb93d34a891a53cb0192ae59","ref":"refs/heads/android-14-release-u2ub34.44-30-6r1","pushedAt":"2024-05-17T09:28:43.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"remove moto_sched changes when disabled\n\nChange-Id: Ic2a9da7257d03ec08629602e43504d03e14e9366\nSigned-off-by: chentao8 \nReviewed-on: https://gerrit.mot.com/2888737\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Wang Wang \nSubmit-Approved: Jira Key\n(cherry picked from commit 54599ccc35568e2da53c75c9cb4070ada53ae806)\nReviewed-on: https://gerrit.mot.com/2888869\nReviewed-by: Lianlu Chen \nSubmit-Approved: panyq6 ","shortMessageHtmlLink":"remove moto_sched changes when disabled"}},{"before":null,"after":"fab87a19966b0c68a1a6b1df247c113dab9067c0","ref":"refs/heads/android-13-release-t1tgns33.60-114-5","pushedAt":"2024-05-17T04:49:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: kgsl: Fix gpu_work_period trace format\n\nUserspace code expects the uid type as u32.\nTherefore fix correct format specifier for uid.\n\nChange-Id: Ie670336d115d588cabd51ad89a86bf8a5764b85b\nSigned-off-by: Hareesh Gundu \nSigned-off-by: NISARG SHETH \n(cherry picked from commit 4032264123afc3fbde4a0be25635d8dcf7c3e69f)","shortMessageHtmlLink":"msm: kgsl: Fix gpu_work_period trace format"}},{"before":null,"after":"f553fd3a4b265160fffad524910b8468d3ad7690","ref":"refs/heads/android-13-release-t3tfs33.66-37-3","pushedAt":"2024-05-17T03:26:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"soc: qcom: hgsl: fix potential use after free\n\nA malicous user can close the fd after dma_buf_fd, then there\nwill be a use after free issue due to later's get_dma_buf, fix\nit by installing fd after get_dma_buf.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43547\nCRs-Fixed: 3602462\nBug: 314791076\n\nChange-Id: Iffca7c0eb1cc58a6a52a7100e55a639c75ff0a62\nSigned-off-by: Hui Li \n(cherry picked from commit 8b0c9674da2669e5e04e2a021b862ed3c92a8b06)\nSigned-off-by: Gajjala Chakradhar \nReviewed-on: https://gerrit.mot.com/2870449\nSLTApproved: Slta Waiver\nSME-Granted: SME Approvals Granted\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key\n(cherry picked from commit 204cb73570eb25d3bbb54c06a550e921763edfb7)","shortMessageHtmlLink":"soc: qcom: hgsl: fix potential use after free"}},{"before":null,"after":"f102f4c33b45a7b3dfdeed2be6e9b722f4de3017","ref":"refs/heads/android-14-release-u1tps34.29-37-2-3","pushedAt":"2024-05-15T17:58:02.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"memshare: Prevent possible integer overflow\n\nPrevent possible integer overflow by sanitizing the alloc request\nsize coming from the client against allottable amount of memory.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43550\nCRs-Fixed: 3595842\nChange-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576\nSigned-off-by: Manoj Prabhu B \nSigned-off-by: VIJAYAN CHENGANNAGARI \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2841279\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"memshare: Prevent possible integer overflow"}},{"before":null,"after":"ff8d277ae93eed1adf6ece63158738c0ce4e16b0","ref":"refs/heads/android-14-release-u1tcs34.22-64-6-1","pushedAt":"2024-05-08T09:49:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"memshare: Prevent possible integer overflow\n\nPrevent possible integer overflow by sanitizing the alloc request\nsize coming from the client against allottable amount of memory.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43550\nCRs-Fixed: 3595842\nChange-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576\nSigned-off-by: Manoj Prabhu B \nSigned-off-by: VIJAYAN CHENGANNAGARI \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2841279\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"memshare: Prevent possible integer overflow"}},{"before":"628a1751b2a165821774ada6211f98e259e798f2","after":"c0b8e81ebe1f1e3c1173c77e7ade553d9c069489","ref":"refs/heads/android-12-release-s0rcs32.41-10-9-2","pushedAt":"2024-05-08T05:01:34.000Z","pushType":"push","commitsCount":73,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write\n\n[ Upstream commit a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 ]\n\nIn pxa3xx_gcu_write, a count parameter of type size_t is passed to words of\ntype int. Then, copy_from_user() may cause a heap overflow because it is used\nas the third argument of copy_from_user().\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2022-39842\nBug: 245928838\n\nChange-Id: If3b27ac3720242550e7e9b5547590085a75ee5ba\nSigned-off-by: Hyunwoo Kim \nSigned-off-by: Helge Deller \nSigned-off-by: Sasha Levin \nSigned-off-by: Gajjala Chakradhar \nReviewed-on: https://gerrit.mot.com/2480183\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Konstantin Makariev \nSubmit-Approved: Jira Key\n(cherry picked from commit eb1e6179c10605c8808f3966f85ffc9ca66c138c)","shortMessageHtmlLink":"video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write"}},{"before":null,"after":"b130de6c427c417dea6a73fc370c8cb32e63b472","ref":"refs/heads/android-12-release-s1rxs32.50-13-25","pushedAt":"2024-05-08T04:10:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: kgsl: Limit the syncpoint count for AUX commands\n\nKGSL internally has a limit on the length of the list of syncpoints\nsubmitted in a single AUX command. Enforce this limit so we don't\noverwrite memory beyond the structures that track these syncpoints.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-33106\nCRs-Fixed: 3612841\nChange-Id: I261bfd4f786ff7e4fbe07e8bca9e9b8d8b87c950\nSigned-off-by: Lynus Vaz \nSigned-off-by: Kaushal Sanadhya \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2789322\nSLTApproved: Slta Waiver\nSME-Granted: SME Approvals Granted\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key\n(cherry picked from commit 716c138e4d22444ba2f5246ceece073fda59d0c1)","shortMessageHtmlLink":"msm: kgsl: Limit the syncpoint count for AUX commands"}},{"before":null,"after":"cb24c2573e213a1854d745473235ae6679dd4c01","ref":"refs/heads/android-13-release-t1sus33.1-124-6-8-1","pushedAt":"2024-05-07T23:13:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"memshare: Prevent possible integer overflow\n\nPrevent possible integer overflow by sanitizing the alloc request\nsize coming from the client against allottable amount of memory.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43550\nCRs-Fixed: 3595842\nChange-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576\nSigned-off-by: Manoj Prabhu B \nSigned-off-by: VIJAYAN CHENGANNAGARI \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2841279\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"memshare: Prevent possible integer overflow"}},{"before":null,"after":"a0d823eec6b084d813e28b9febd9d63a62b6453e","ref":"refs/heads/android-13-release-t1shs33.35-23-20-12","pushedAt":"2024-05-07T22:07:59.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: kgsl: Update gpu work period logging\n\nParallel GPU work can be submitted from several different\nprocesses with the same application UID. Hence update gpu\nwork period logging based on application uid instead of PID.\n\nChange-Id: Ifb18da3a8c251a8dd64b74e2088517d4e6150131\nSigned-off-by: Hareesh Gundu \nSigned-off-by: NISARG SHETH \n(cherry picked from commit e882e63ab6Montana65b64c12ad10386e6a0f0b269d4)","shortMessageHtmlLink":"msm: kgsl: Update gpu work period logging"}},{"before":null,"after":"f7d65cfff19b653213d9bd6b067d070e4aaa2745","ref":"refs/heads/android-14-release-u2um34.27-38-5","pushedAt":"2024-04-30T10:07:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"remove moto_sched changes when disabled\n\nChange-Id: Ic2a9da7257d03ec08629602e43504d03e14e9366\nSigned-off-by: chentao8 \nReviewed-on: https://gerrit.mot.com/2887898\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Zhangqing Huang \nReviewed-by: Wang Wang \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"remove moto_sched changes when disabled"}},{"before":null,"after":"0645d7611091eaa706fa269b2cc209cbbe37cdab","ref":"refs/heads/android-14-release-u1ufn34.41-70r3","pushedAt":"2024-04-30T07:14:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"config:fogo5gna:remove aw8838\n\nfogo5g na can't pass new hac standard.\nso just pass old hac standard.\nif use old hac standard.\ndon't need aw8838.\nso remove it.\n\nChange-Id: I66f80a5e1549193c53f394b6481b09c2041c405d\nSigned-off-by: liaohj \nReviewed-on: https://gerrit.mot.com/2850083\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Wanlong Zhou \nReviewed-by: Zhenxin Xi \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"config:fogo5gna:remove aw8838"}},{"before":null,"after":"41ddc7d5e0d2dfebbbd2ee8b67d469dbc04495aa","ref":"refs/heads/android-12-release-s3rxc32.33-8-25","pushedAt":"2024-04-25T08:10:18.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: kgsl: Check user generated timestamp before queuing drawobjs\n\nIn ioctls l(CR) kgsl_ioctl_submit_commands(), if both syncobj\ntype and cmd/marker/sparseobj type are submitted, the syncobj\nis queued first followed by the other obj type. After syncobj\nis successfully queued, in case of failure in get_timestamp\nwhile queuing the other obj, both the command objs are\ndestroyed. As sync obj is already queued, accessing this\nlater would cause a crash.\n\nCompare the user generated timestamp with the drawctxt\ntimestamp and return early in case of error. This avoids\nunnecessary queuing of drawobjs.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-33021\nCRs-Fixed: 3397562 \n\nChange-Id: Iedebd480bc18cd74d2f69d24a9dc1032fab01cdb\nSigned-off-by: Kamal Agrawal \nSigned-off-by: Dharshan R \nReviewed-on: https://gerrit.mot.com/2653225\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"msm: kgsl: Check user generated timestamp before queuing drawobjs"}},{"before":"f1c28235b0decd2048fcd463a3918c25c36d855b","after":"1a9ca4963ab2b77273c568af3e8d303ef9024f25","ref":"refs/heads/android-14-release-u1tr34.8-19-11","pushedAt":"2024-04-16T00:09:24.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap\n\nThread 1 can make a to call fastrpc_mmap_create under internal mem map\nand release fl->map_mutex. Thread 2 can make call to internal mem unmap,\nacquire fl->map_mutex and get same map though fastrpc_mmap_remove.\nThread 1 fail in fastrpc_mem_map_to_dsp jumps to bail and do map free.\nThread 2 still holds same map which can lead use after free. Serialize\nfastrpc internal mem map and unmap.\n\nChange-Id: I54a3602914b43fc67635c0de193bd21aa13daaa3\nSigned-off-by: Santosh Sakore \n(cherry picked from commit b1f71f187b5fee55fba5ca529facc3ac13d9f4af)","shortMessageHtmlLink":"msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap"}},{"before":"2184629309ffcaf0376c88f31b21a77425b70cdb","after":"b155c6a026be2352bc6afd6e1ffa59388783a348","ref":"refs/heads/android-13-release-traa","pushedAt":"2024-04-10T11:09:41.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"net: qrtr: fifo: Add bounds check on tx path\n\nAdd bounds check on values read from shared memory in the tx path. In\ncases where the VM is misbehaving, the qrtr transport should exit and\nprint a warning when bogus values may cause out of bounds to be read.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-22387\nCRs-Fixed: 3356023\nBug: 276750306\n\nChange-Id: I7ebef28ed8eba4c4da0b32d5114365bbe6bea390\nSigned-off-by: Sarannya S \n(cherry picked from commit 66646d99cbf4ec28ff9b8fd8d327c6f906d254c4)\nSigned-off-by: Gajjala Chakradhar \nReviewed-on: https://gerrit.mot.com/2635313\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Konstantin Makariev \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"net: qrtr: fifo: Add bounds check on tx path"}},{"before":null,"after":"a5720393ff33822b84620fce87fadddf6cc213e7","ref":"refs/heads/android-13-release-t3tbs33.2-47-2-4","pushedAt":"2024-04-10T04:36:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"Subject: [PATCH] pci: msm: Decouple pci framework from pm ops-CR#3475311\n\npick CR#3475311 to stable line.\nFix \"ds_3gpp_wm_sm_mgr.c:3967\" issue in (CR).\n\nChange-Id: I5c2051a61c4129249de16197b146677fc1bed5fb\nSigned-off-by: guhong \nReviewed-on: https://gerrit.mot.com/2814521\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: panyq6 \nSLTApproved: panyq6 \nSubmit-Approved: panyq6 \nTested-by: panyq6 \n(cherry picked from commit 68dce74b01dd053fb2cd67c3c4d5c28f464e726a)","shortMessageHtmlLink":"Subject: [PATCH] pci: msm: Decouple pci framework from pm ops-CR#3475311"}},{"before":null,"after":"df23a2df32c7d9df6560803027e95c6a44acdde4","ref":"refs/heads/android-14-release-u1tc34.22-64-6","pushedAt":"2024-04-04T21:30:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap\n\nThread 1 can make a to call fastrpc_mmap_create under internal mem map\nand release fl->map_mutex. Thread 2 can make call to internal mem unmap,\nacquire fl->map_mutex and get same map though fastrpc_mmap_remove.\nThread 1 fail in fastrpc_mem_map_to_dsp jumps to bail and do map free.\nThread 2 still holds same map which can lead use after free. Serialize\nfastrpc internal mem map and unmap.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-43514\nCRs-Fixed: 3613254\nBug: 303101664\n\nChange-Id: I54a3602914b43fc67635c0de193bd21aa13daaa3\nSigned-off-by: DEEPAK SANNAPAREDDY \nSigned-off-by: Ashutosh Verma \nReviewed-on: https://gerrit.mot.com/2832044\nSLTApproved: Slta Waiver\nSME-Granted: SME Approvals Granted\nTested-by: Jira Key\nReviewed-by: Chakradhar Gajjala \nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap"}},{"before":"4024c7b527270fb20f3413c97c310d9f4cadf9f5","after":"2012a0c0182b726804b4c3073154928c5024b756","ref":"refs/heads/android-13-release-t1ssms33.1-121-4-5","pushedAt":"2024-03-25T22:42:02.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"rpmsg: slatecom: Discard unaligned packet to read\n\nIf intent_alloc_size and chunk size are unaligned with the minimum offset,\nthen ahb_read can lead to bytes overflow as ahb_read is performed\nwith word_size aligned.\n\nIf the received chunk_size is not aligned to word_size, discard packet\nto read.\n\nMot-CRs-fixed: (CR)\nCVE-Fixed: CVE-2023-33087\nCRs-Fixed: 3508356\nChange-Id: I36fabc8bde22355de1ae32cb026a2a246778d47e\nSigned-off-by: Kaushal Hooda \nSigned-off-by: Ashutosh Verma >ashverma@motorola.com>\nReviewed-on: https://gerrit.mot.com/2758526\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xiangpo Zhao \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"rpmsg: slatecom: Discard unaligned packet to read"}},{"before":null,"after":"91b0f02f936cce76eca97f587784bb95742bf9c9","ref":"refs/heads/android-14-release-u1sq34.52-21-1","pushedAt":"2024-03-12T03:02:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mbissaromoto","name":null,"path":"/mbissaromoto","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12086507?s=80&v=4"},"commit":{"message":"Wlan: Revert \"icnss2: Remove wlan driver on device shutdown\"\n\nThis reverts commit 66f41bc187636810562bad0db6b2588c50db7b05.\n\nChange-Id: I1927521d3082b6759911ae948b8d3f352f2fd58f\nReviewed-on: https://gerrit.mot.com/2805308\nSME-Granted: SME Approvals Granted\nSLTApproved: Slta Waiver\nTested-by: Jira Key\nReviewed-by: Xianglong Liao \nReviewed-by: Yue Sun \nReviewed-by: Tao Sun \nSubmit-Approved: Jira Key","shortMessageHtmlLink":"Wlan: Revert \"icnss2: Remove wlan driver on device shutdown\""}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEfk36KgA","startCursor":null,"endCursor":null}},"title":"Activity · MotorolaMobilityLLC/kernel-msm"}