Merge "platform: msm_shared: prevent possible oob access in case of ubi image."
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index c7e65cb..ef8ff88 100755
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -495,8 +495,8 @@
cmdline_len += (strlen(androidboot_slot_suffix)+
strlen(SUFFIX_SLOT(current_active_slot)));
- sprintf(sys_path_cmdline, sys_path_cmdline,
- (partition_get_index("system")+1));
+ snprintf(sys_path_cmdline, sizeof(*sys_path_cmdline),
+ sys_path_cmdline, (partition_get_index("system")+1));
cmdline_len += strlen(sys_path_cmdline);
if (!boot_into_recovery)
@@ -4020,6 +4020,7 @@
static char has_slot_reply[NUM_PARTITIONS][MAX_RSP_SIZE];
const char *tmp;
char tmpbuff[MAX_GET_VAR_NAME_SIZE];
+ signed active_slt;
if (!published)
{
@@ -4029,18 +4030,23 @@
for(i=0; i<count; i++)
{
memset(tmpbuff, 0, MAX_GET_VAR_NAME_SIZE);
- sprintf(tmpbuff, "has-slot:%s", has_slot_pname[i]);
- strcpy(has_slot_pname[i], tmpbuff);
+ snprintf(tmpbuff, MAX_GET_VAR_NAME_SIZE,"has-slot:%s",
+ has_slot_pname[i]);
+ strlcpy(has_slot_pname[i], tmpbuff, MAX_GET_VAR_NAME_SIZE);
fastboot_publish(has_slot_pname[i], has_slot_reply[i]);
}
for (i=0; i<AB_SUPPORTED_SLOTS; i++)
{
tmp = SUFFIX_SLOT(i);
- sprintf(slot_info[i].slot_is_unbootable, "slot-unbootable:%s", tmp);
- sprintf(slot_info[i].slot_is_active, "slot-active:%s", tmp);
- sprintf(slot_info[i].slot_is_succesful, "slot-success:%s", tmp);
- sprintf(slot_info[i].slot_retry_count, "slot-retry-count:%s", tmp);
+ snprintf(slot_info[i].slot_is_unbootable, sizeof(slot_info[i].slot_is_unbootable),
+ "slot-unbootable:%s", tmp);
+ snprintf(slot_info[i].slot_is_active, sizeof(slot_info[i].slot_is_active),
+ "slot-active:%s", tmp);
+ snprintf(slot_info[i].slot_is_succesful, sizeof(slot_info[i].slot_is_succesful),
+ "slot-success:%s", tmp);
+ snprintf(slot_info[i].slot_retry_count, sizeof(slot_info[i].slot_retry_count),
+ "slot-retry-count:%s", tmp);
fastboot_publish(slot_info[i].slot_is_unbootable,
slot_info[i].slot_is_unbootable_rsp);
fastboot_publish(slot_info[i].slot_is_active,
@@ -4056,8 +4062,13 @@
published = true;
}
- sprintf(active_slot_suffix, "%s",
- SUFFIX_SLOT(partition_find_active_slot()));
+ active_slt = partition_find_active_slot();
+ if (active_slt != INVALID)
+ snprintf(active_slot_suffix, sizeof(active_slot_suffix), "%s",
+ SUFFIX_SLOT(active_slt));
+ else
+ strlcpy(active_slot_suffix, "INVALID", sizeof(active_slot_suffix));
+
/* Update partition meta information */
partition_fill_slot_meta(slot_info);
return;
diff --git a/dev/gcdb/display/include/display_resource.h b/dev/gcdb/display/include/display_resource.h
index 12437aa..142f27c 100755
--- a/dev/gcdb/display/include/display_resource.h
+++ b/dev/gcdb/display/include/display_resource.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2013-2015, 2017, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,6 +70,9 @@
#define SIM_DUALDSI_CMD_PANEL_NODE "qcom,mdss_dsi_dual_sim_cmd"
#define SIM_DUALDSI_CMD_SLAVE_PANEL_NODE "qcom,mdss_dsi_dual_sim_cmd"
+#define DISABLE_PANEL_CONFIG "disable"
+#define DISABLE_PANEL_STRING "1:dsi:0:none:1:none:cfg:none"
+
/*---------------------------------------------------------------------------*/
/* Structure definition */
/*---------------------------------------------------------------------------*/
diff --git a/platform/msm_shared/ab_partition_parser.c b/platform/msm_shared/ab_partition_parser.c
index db37d00..bd900d9 100644
--- a/platform/msm_shared/ab_partition_parser.c
+++ b/platform/msm_shared/ab_partition_parser.c
@@ -506,14 +506,14 @@
/* 2. put the partition name in array */
tmp = pname_size-strlen(suffix_str);
strlcpy(has_slot_pname[count], pname, tmp+1);
- strcpy(has_slot_reply[count], " Yes");
+ strlcpy(has_slot_reply[count], " Yes", MAX_RSP_SIZE);
count++;
}
}
else
{
- strcpy(has_slot_pname[count], pname);
- strcpy(has_slot_reply[count], " No");
+ strlcpy(has_slot_pname[count], pname, MAX_GET_VAR_NAME_SIZE);
+ strlcpy(has_slot_reply[count], " No", MAX_RSP_SIZE);
count++;
}
@@ -545,15 +545,18 @@
for(i=0; i<AB_SUPPORTED_SLOTS; i++)
{
current_slot_index = boot_slot_index[i];
- strcpy(slot_info[i].slot_is_unbootable_rsp,
- slot_is_bootable(ptn_entries, current_slot_index)?"No":"Yes");
- strcpy(slot_info[i].slot_is_active_rsp,
- slot_is_active(ptn_entries, current_slot_index)?"Yes":"No");
- strcpy(slot_info[i].slot_is_succesful_rsp,
- slot_is_sucessful(ptn_entries, current_slot_index)?"Yes":"No");
+ strlcpy(slot_info[i].slot_is_unbootable_rsp,
+ slot_is_bootable(ptn_entries, current_slot_index)?"No":"Yes",
+ MAX_RSP_SIZE);
+ strlcpy(slot_info[i].slot_is_active_rsp,
+ slot_is_active(ptn_entries, current_slot_index)?"Yes":"No",
+ MAX_RSP_SIZE);
+ strlcpy(slot_info[i].slot_is_succesful_rsp,
+ slot_is_sucessful(ptn_entries, current_slot_index)?"Yes":"No",
+ MAX_RSP_SIZE);
itoa(slot_retry_count(ptn_entries, current_slot_index),
(unsigned char *)buff, 2, 10);
- strcpy(slot_info[i].slot_retry_count_rsp, buff);
+ strlcpy(slot_info[i].slot_retry_count_rsp, buff, MAX_RSP_SIZE);
}
}
@@ -579,6 +582,12 @@
(PARTITION_ENTRY_SIZE*NUM_PARTITIONS + GPT_HEADER_BLOCKS*block_size);
buffer = memalign(CACHE_LINE, ROUNDUP(max_gpt_size_bytes, CACHE_LINE));
+ if (!buffer)
+ {
+ dprintf(CRITICAL, "update_gpt: Failed at memory allocation\n");
+ goto out;
+ }
+
ret = mmc_read(gpt_start_addr, (uint32_t *)buffer,
max_gpt_size_bytes);
if (ret)
@@ -629,7 +638,8 @@
goto out;
}
out:
- free(buffer);
+ if (buffer)
+ free(buffer);
return ret;
}
diff --git a/platform/msm_shared/mdp3.c b/platform/msm_shared/mdp3.c
index 1014b45..8c59bae 100644
--- a/platform/msm_shared/mdp3.c
+++ b/platform/msm_shared/mdp3.c
@@ -125,7 +125,7 @@
writel(0x00000000, MDP_DMA_P_OUT_XY);
writel(pinfo->yres << 16 | pinfo->xres, MDP_DMA_P_SIZE);
- writel(MIPI_FB_ADDR, MDP_DMA_P_BUF_ADDR);
+ writel((uint32_t)fb->base, MDP_DMA_P_BUF_ADDR);
writel(pinfo->xres * ystride, MDP_DMA_P_BUF_Y_STRIDE);
writel(hsync_period << 16 | lcdc->h_pulse_width, \
MDP_DSI_VIDEO_HSYNC_CTL);
@@ -189,7 +189,7 @@
writel(pack_pattern << 8 | 0x3f | (0 << 25)| (1 << 19) | (1 << 7) , MDP_DMA_P_CONFIG); // rgb888
writel(0x00000000, MDP_DMA_P_OUT_XY);
writel(pinfo->yres << 16 | pinfo->xres, MDP_DMA_P_SIZE);
- writel(MIPI_FB_ADDR, MDP_DMA_P_BUF_ADDR);
+ writel((uint32_t)fb->base, MDP_DMA_P_BUF_ADDR);
writel(pinfo->xres * ystride, MDP_DMA_P_BUF_Y_STRIDE);
diff --git a/target/mdm9607/init.c b/target/mdm9607/init.c
index 45c3bd3..40776f7 100644
--- a/target/mdm9607/init.c
+++ b/target/mdm9607/init.c
@@ -66,6 +66,7 @@
/* PMIC config data */
#define PMIC_ARB_CHANNEL_NUM 0
#define PMIC_ARB_OWNER_ID 0
+#define PMIC_MAJOR_V1 1
/* NANDc BAM pipe numbers */
#define DATA_CONSUMER_PIPE 0
@@ -334,6 +335,8 @@
void reboot_device(unsigned reboot_reason)
{
uint8_t reset_type = 0;
+ struct board_pmic_data pmic_info;
+
/* Write the reboot reason */
writel(reboot_reason, RESTART_REASON_ADDR);
@@ -347,7 +350,18 @@
else
reset_type = PON_PSHOLD_HARD_RESET;
- pm8x41_v2_reset_configure(reset_type);
+ if (board_pmic_info(&pmic_info, SMEM_V7_SMEM_MAX_PMIC_DEVICES))
+ {
+ /* make decision based on pmic major version */
+ switch (pmic_info.pmic_version >>16)
+ {
+ case PMIC_MAJOR_V1:
+ pm8x41_v2_reset_configure(reset_type);
+ break;
+ default:
+ pm8x41_reset_configure(reset_type);
+ }
+ }
/* Drop PS_HOLD for MSM */
writel(0x00, MPM2_MPM_PS_HOLD);
diff --git a/target/msm8953/target_display.c b/target/msm8953/target_display.c
index d0cbfd9..f085161 100644
--- a/target/msm8953/target_display.c
+++ b/target/msm8953/target_display.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -388,8 +388,23 @@
struct oem_panel_data oem = mdss_dsi_get_oem_data();
uint32_t platform_subtype = board_hardware_subtype();
- /* default to hdmi for apq iot */
- if ((platform_subtype == HW_PLATFORM_SUBTYPE_IOT)) {
+ /*
+ * if disable config is passed irrespective of
+ * platform type, disable DSI controllers
+ */
+ if (!strcmp(oem.panel, DISABLE_PANEL_CONFIG)) {
+ if (buf_size < (prefix_string_len +
+ strlen(DISABLE_PANEL_STRING))) {
+ dprintf(CRITICAL, "Disable command line argument \
+ is greater than buffer size\n");
+ return false;
+ }
+ strlcpy(pbuf, DISPLAY_CMDLINE_PREFIX, buf_size);
+ buf_size -= prefix_string_len;
+ pbuf += prefix_string_len;
+ strlcpy(pbuf, DISABLE_PANEL_STRING, buf_size);
+ } else if (platform_subtype == HW_PLATFORM_SUBTYPE_IOT) {
+ /* default to hdmi for apq iot */
if (!strcmp(oem.panel, "")) {
if (buf_size < (prefix_string_len +
strlen(HDMI_ADV_PANEL_STRING))) {
@@ -454,7 +469,9 @@
oem.cont_splash = false;
}
- if ((platform_subtype == HW_PLATFORM_SUBTYPE_IOT)) {
+ /* skip splash screen completely not just cont splash */
+ if ((platform_subtype == HW_PLATFORM_SUBTYPE_IOT)
+ || !strcmp(oem.panel, DISABLE_PANEL_CONFIG)) {
dprintf(INFO, "%s: Platform subtype %d\n",
__func__, platform_subtype);
return;