When binder transaction happened, We want to know it's transaction code
and it is oneway or not.
Bug: 208910215
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Ic03e5481e96e120a1953a101895714db04ca2bdf
When a task yields, it relinquishes the cpu and
scheduler is tasked to find another task.
However our vendor scheduler logic implementation
could return the same task leading to a loop where
the yielded task gets to run back, so add hook point
in do_sched_yield() for vendor can do some work
before task is scheduled.
Bug: 205804537
Change-Id: I6528c3f4b0ee360559ef9c97cb1eb2b2d1357870
Signed-off-by: Tengfei Fan <quic_tengfan@quicinc.com>
We want to get binder free space information in the binder
transaction, but this needs to hold the mutex lock. So we add
this restrict hook to do this.
Bug: 205648032
Change-Id: Ie1f377018da686bd62f5ac2d1e5421899741e6d5
Signed-off-by: Liangliang Li <liliangliang@vivo.com>
A recent change to use proc->cred instead of proc->tsk as the source
for sender_euid caused a failure in the CredentialsTest#CaptureLayersTest
test. Revert 1 line of the patch to fix the test. The rest of the patch
needs to remain since the subsequent patches rely on it.
Before fixing upstream, we need to investigate more since the code looks
correct so the issue may be a latent userspace bug.
Bug: 205938623
Fixes: d65efd5b73dc ("UPSTREAM: binder: use euid from cred instead of using task")
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I16543a50f43f79131234995fb0813de00795bd3d
Use the 'struct cred' saved at binder_open() to lookup
the security ID via security_cred_getsecid(). This
ensures that the security context that opened binder
is the one used to generate the secctx.
Cc: stable@vger.kernel.org # 5.4+
Fixes: ec74136ded ("binder: create node flag to request sender's security context")
Signed-off-by: Todd Kjos <tkjos@google.com>
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Reported-by: kernel test robot <lkp@intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Bug: 200688826
(cherry picked from commit 4d5b553974)
[ refactored to avoid changing KMI: struct binder_proc ]
Change-Id: Ie023be3190caf20ca3901560455e9f027c9426cd
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes: 79af73079d ("Add security hooks to binder and implement the hooks for SELinux.")
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Bug: 200688826
(cherry picked from commit 52f8869337)
[ refactored to avoid changing KMI: struct binder_proc ]
Change-Id: I1664c1f0c2142c17e9ca0d6790bb94de79f531e3
Save the 'struct cred' associated with a binder process
at initial open to avoid potential race conditions
when converting to an euid.
Set a transaction's sender_euid from the 'struct cred'
saved at binder_open() instead of looking up the euid
from the binder proc's 'struct task'. This ensures
the euid is associated with the security context that
of the task that opened binder.
Cc: stable@vger.kernel.org # 4.4+
Fixes: 457b9a6f09 ("Staging: android: add binder driver")
Signed-off-by: Todd Kjos <tkjos@google.com>
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Suggested-by: Jann Horn <jannh@google.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Bug: 200688826
(cherry picked from commit 29bc22ac5e)
[ refactored to avoid changing KMI: struct binder_proc ]
Change-Id: Icaf996a7f5543b7d6943dff3cbe89bfc3614044c
These hooks will do the following works:
a) Record the number of times when target_freq being clamped
b) Record the number of times when target_freq is greater than policy->cur
c) Make corresponding optimization strategies in different hooks
Bug: 205906618
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: I8eba66fd0c6d36393ca39045cf228b659834e0ae
Signed-off-by: xieliujie <xieliujie@oppo.com>
These hooks will do the following works:
a) record the time of the process in various states
b) Make corresponding optimization strategies in different hooks
Bug: 205938967
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Ia3c47bbf0aadd17337ce18fd910343b1b8c3ef93
Add hooks to gather data of unusual aborts and summarize it with
other information.
Bug: 203187389
Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com>
Change-Id: I37b3047e72f64dc210d3d3bffe5ee207daeba8d6
dpcm_end_walk_at_be() stops the graph walk when first BE is found for
the given FE component. In a component model we may want to connect
multiple DAIs from different components.
android_vh_snd_soc_card_get_comp_chain can be registered here
to allows DAI/component chaining.
Later PCM operations can be called for all these listed components for a
valid DAPM path.
ALSA machine driver can setup component_chaining like below code slice.
static void my_board_component_chaining_hook(void *data, bool *ret)
{
*ret = true;
}
static int my_board_dev_probe(struct platform_device *pdev)
{
register_trace_android_vh_snd_soc_card_get_comp_chain(
my_board_component_chaining_hook, NULL);
return 0;
}
static int my_board_dev_remove(struct platform_device *pdev)
{
unregister_trace_android_vh_snd_soc_card_get_comp_chain(
my_board_component_chaining_hook, NULL);
return 0;
}
static struct platform_driver my_board_driver = {
...
.probe = my_board_dev_probe,
.remove = my_board_dev_remove,
...
};
Bug: 198732156
Signed-off-by: Bicycle Tsai <bicycle.tsai@mediatek.com>
Change-Id: Ife5df291d40af9ec83d57462b6a08aba95d9119d
This reverts commit 1aa1f6a7cf.
The hook android_vh_mpam_set is not used by any vendor, so remove
it to help with merge issues with future LTS releases.
If this is needed by any real user, it can easily be reverted to add it
back and then the symbol should be added to the abi list at the same
time to prevent it from being removed again later.
Bug: 203756332
Bug: 165333282
Cc: C-J.Chen <C-J.Chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I18356743538df7d41a00f54479bf2a0bc3a62e06
Add struct (iova_domain *) in iova alloc & free vendor hook by create a new vendor hook.
Thus we can know the iova we are operating belongs to which iova domain.
Bug: 201255968
Change-Id: I7df419650af2e85a3b2b8c3d6995247694bdc953
Signed-off-by: Chao Hao <chao.hao@mediatek.com>
Signed-off-by: Guangming Cao <Guangming.Cao@mediatek.com>
Currently the core UFS driver does not have a vops to notify when the
device is operational. This commit introduces a hook, which serves to
notify device completing initialization and is ready to accept I/O.
This is required by the FIPS140-2 [1] self integrity test of inline
encryption engine, which must run whenever the host controller is reset.
The code requires sleeping while waiting for I/O to complete and allocating
some memory dynamically, which requires the vendor hook to be restricted.
[1] https://csrc.nist.gov/publications/detail/fips/140/2/final
Bug: 185809932
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I6f476f9c2e2b50574d2898c3f1ef6b648d92df24
During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object
cleanup may close 1 or more fds. The close operations are
completed using the task work mechanism -- which means the thread
needs to return to userspace or the file object may never be
dereferenced -- which can lead to hung processes.
Force the binder thread back to userspace if an fd is closed during
BC_FREE_BUFFER handling.
Fixes: 80cd795630 ("binder: fix use-after-free due to ksys_close() during fdget()")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Martijn Coenen <maco@android.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20210830195146.587206-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 111997867
(cherry picked from commit 5fdb55c1ac
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
Change-Id: Idffa9b54edfc289d95b24f7ae2aa11ae494c7158
Currently cgroup freezer is used to freeze the application threads, and
BINDER_FREEZE is used to freeze the corresponding binder interface.
There's already a mechanism in ioctl(BINDER_FREEZE) to wait for any
existing transactions to drain out before actually freezing the binder
interface.
But freezing an app requires 2 steps, freezing the binder interface with
ioctl(BINDER_FREEZE) and then freezing the application main threads with
cgroupfs. This is not an atomic operation. The following race issue
might happen.
1) Binder interface is frozen by ioctl(BINDER_FREEZE);
2) Main thread A initiates a new sync binder transaction to process B;
3) Main thread A is frozen by "echo 1 > cgroup.freeze";
4) The response from process B reaches the frozen thread, which will
unexpectedly fail.
This patch provides a mechanism to check if there's any new pending
transaction happening between ioctl(BINDER_FREEZE) and freezing the
main thread. If there's any, the main thread freezing operation can
be rolled back to finish the pending transaction.
Furthermore, the response might reach the binder driver before the
rollback actually happens. That will still cause failed transaction.
As the other process doesn't wait for another response of the response,
the response transaction failure can be fixed by treating the response
transaction like an oneway/async one, allowing it to reach the frozen
thread. And it will be consumed when the thread gets unfrozen later.
NOTE: This patch reuses the existing definition of struct
binder_frozen_status_info but expands the bit assignments of __u32
member sync_recv.
To ensure backward compatibility, bit 0 of sync_recv still indicates
there's an outstanding sync binder transaction. This patch adds new
information to bit 1 of sync_recv, indicating the binder transaction
happens exactly when there's a race.
If an existing userspace app runs on a new kernel, a sync binder call
will set bit 0 of sync_recv so ioctl(BINDER_GET_FROZEN_INFO) still
return the expected value (true). The app just doesn't check bit 1
intentionally so it doesn't have the ability to tell if there's a race.
This behavior is aligned with what happens on an old kernel which
doesn't set bit 1 at all.
A new userspace app can 1) check bit 0 to know if there's a sync binder
transaction happened when being frozen - same as before; and 2) check
bit 1 to know if that sync binder transaction happened exactly when
there's a race - a new information for rollback decision.
Fixes: 432ff1e916 ("binder: BINDER_FREEZE ioctl")
Acked-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Li Li <dualli@google.com>
Test: stress test with apps being frozen and initiating binder calls at
the same time, confirmed the pending transactions succeeded.
Link: https://lore.kernel.org/r/20210910164210.2282716-2-dualli@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 198493121
(cherry picked from commit b564171ade
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
char-misc-linus)
Change-Id: I488ba75056f18bb3094ba5007027b76b5caebec9
Add hook in try_to_unmap_one() to trace this function for debug memory
swap bugs.
Bug: 198385827
Change-Id: I1fdbe60e09bb491b949e06a07133710453ecca03
Signed-off-by: Jiewen Wang <jiewen.wang@vivo.com>
Add hook in mmap_region() to record the vma and address information
of monitored processes.
Bug: 198385827
Change-Id: I0bde29113b47ca7f4a9f5d42a54188e791ca3b7e
Signed-off-by: Jiewen Wang <jiewen.wang@vivo.com>
This patch implements a vendor hook that changes d3hot_delay to use
usleep_range() instead of msleep() to reduce the resume time from 20ms to 10ms.
The call sequence is as follows:
pci_pm_resume_noirq()
pci_pm_default_resume_early()
pci_power_up()
pci_raw_set_power_state() --> msleep(10)
The default d3hot_delay is 10ms. Using msleep for delays less than 20ms could
result in delays up to 20ms.
Reference: Documentation/timers/timers-howto.rst
Using usleep_range() results in the delay being closer to 10ms and this reduces
the resume time.
Bug: 194231641
Change-Id: If3e4dcfb99edad302371273933fa6784854cf892
Signed-off-by: Sajid Dalvi <sdalvi@google.com>
Some hardware has a way to restore all keyslots at once that is
significantly faster than restoring each keyslot individually, as is
done by blk_ksm_reprogram_all_keys(). Add a hook
"android_rvh_ufs_reprogram_all_keys" that allows overriding the
restoration of all keyslots after UFS reset. This may sleep, so this
must be a "restricted" Android vendor hook rather than a regular one.
Note that currently this functionality can't be upstreamed, as support
for the hardware that needs it would need to be upstreamed first.
Bug: 162257402
Bug: 181905172
Change-Id: I0b25393a5131941f085892560e08a64e63cd1369
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add hook to tcp/udp to collect network info and do performance tuning.
Bug: 190523684
Change-Id: Id790a381d5ce6c35a747697510f14678ccf3ff2f
Signed-off-by: Liangliang Li <liliangliang@vivo.com>
Need restricted hook so that it can sleep.
The old non-restricted versions need to stay in place as a consequence
of KMI freeze.
Bug: 194431527
Change-Id: I7093b66f95c3b9c473386ade60d8897426ddbb13
Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org>
The vendor hook functions we implemented will invoke callback functions which have do some sleep or spinlock
operations and have risk of deadlock due to preemption disabled of normal vendor hook function.
So we have to use restricted vendor hook function instead.
Due to KMI freeze we could not change the existing hooks.
trace_android_rvh_media_device_setup_link =>invoke setup_link, link_notify callback
trace_android_rvh_v4l2subdev_set_xxx =>invoke set_xxx callback
Bug: 193870284
Signed-off-by: Louis Kuo <louis.kuo@mediatek.com>
Change-Id: I94fe2e112b6c3d9ac5177abb30a99b7007068f7e
security_secid_to_secctx() can fail because of a GFP_ATOMIC allocation
This needs to be retried from userspace. However, binder driver doesn't
propagate specific enough error codes just yet (WIP b/28321379). We'll
retry on the binder driver as a temporary work around until userspace
can do this instead.
Bug: 174806915
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: Ifebddeb7adf9707613512952b97ab702f0d2d592
Vendor hook is add in the commit:
https://android-review.googlesource.com/c/kernel/common/+/1687592
When we register the vendor hook and build, there is build error:
too long symbol "__tracepoint_android_vh_binder_transaction_priority_skip"
So, I shorten the function name
android_vh_binder_transaction_priority_skip -->
android_vh_binder_priority_skip
Bug: 186482511
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I27f39dd32436b09257bcf6e746f4ccdfbd6d6cfe
Some vendors want to add a field when a 'sruct sock' is added so give a
hook to handle this. Any memory allocated when
trace_android_rvh_sk_alloc() is called needs to be freed when
trace_android_rvh_sk_free() is called.
Note, if trace_android_rvh_sk_alloc() fails, be sure to be able to
handle this in trace_android_rvh_sk_free(), but that should not be an
issue as that needs to be addressed in vendor code that runs for 'struct
sock' objects that have been created before the vendor code is loaded no
matter what.
Bug: 171013716
Signed-off-by: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
Change-Id: I108a2f31d2dcc228f46159816deee6235afafbbd
Some vendors want to add a field when a 'sruct nf_conn' is added so give a
hook to handle this. Any memory allocated when
trace_android_rvh_nf_conn_alloc() is called needs to be freed when
trace_android_rvh_nf_conn_free() is called.
Note, if trace_android_rvh_nf_conn_alloc() fails, be sure to be able to
handle this in trace_android_rvh_nf_conn_free(), but that should not be
an issue as that needs to be addressed in vendor code that runs for
'struct nf_conn' objects that have been created before the vendor code
is loaded no matter what.
Bug: 171013716
Signed-off-by: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
Change-Id: I4d2b025196a3df7ba4adec313c90483811cac728
in our vendor driver, we need the following three kernel variables:
include/linuc/mm.h:
extern unsigned long stack_guard_gap;
extern int sysctl_legacy_va_layout;
include/linux/security.h:
extern unsigned long mmap_min_addr;
Bug: 191439466
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I9d1759d8157ddd214475742e417dfb9e870d4b2e
Add a hook to query from vendor's compress driver if it is support pause
in draining and if the platform need to keep in draining state.
Bug: 184020292
Bug: 178992384
Change-Id: Id2e2ff72d7ee66fc633473ec109ed3d8a2baaeff
Signed-off-by: Robert Lee <lerobert@google.com>
This vendor hook let us initialize payload of the request.
Bug: 188749221
Change-Id: I51d6a3010ac0ab36066dbe1368158592832112b7
Signed-off-by: Yang Yang <yang.yang@vivo.com>
This vendor hook let us attach oem data as payload to the request.
The payload is used by oem driver for debugging purpose.
Bug: 188749221
Change-Id: Iac598bd9cce836dac0efe9198a3e7752928f351a
Signed-off-by: Yang Yang <yang.yang@vivo.com>
Add vendor hook android_vh_sound_check_support_cpu_suspend
to allow ACPU to suspend during USB playback/capture,
if this is supported.
Bug: 192206510
Change-Id: Ia8d4c335db27de5fcefab13cab653fd1ae34f691
Signed-off-by: JJ Lee <leejj@google.com>
This patch provides an ipv6 vendor hook which can be used to
disable kernel auto generate the ipv6 link-local address.
The reasons why the kernel does not need to automatically
generate the ipv6 link-local address are as follows:
(1) In the 3GPP TS 29.061, here is a description as follows:
"in order to avoid any conflict between the link-local address
of the MS and that of the GGSN, the Interface-Identifier used
by the MS to build its link-local address shall be assigned by
the GGSN. The GGSN ensures the uniqueness of this Interface-
Identifier. The MT shall then enforce the use of this
Interface-Identifier by the TE"
In other words, in the cellular network, GGSN determines whether
to reply a solicited RA message by identifying the low 64 bits
of the source address of the received RS message. Therefore,
cellular network device's ipv6 link-local address should be set
as the format of fe80::(GGSN assigned IID).
For example: When using a new kernel and ARPHRD_RAWIP, kernel
will generate an EUI64 format ipv6 link-local address, and the
Linux kernel will uses this link-local address to send RS message.
The result is that the GGSN will not reply to the RS message with
a solicited RA message.
For mobile operators that don't need to support RFC7217, setting
addr_gen_mode == 1 is sufficient, it can avoid the above issue,
but when the addr_gen_mode is changed to the
IN6_ADDR_GEN_MODE_STABLE_PRIVACY, the above problem still exist.
The detail as follows:
(2) For some other mobile operators that need to support RFC7217,
the mobile device's addr_gen_mode will be switched to the
IN6_ADDR_GEN_MODE_STABLE_PRIVACY, instead of using
IN6_ADDR_GEN_MODE_NONE.
The purpose is: in the IN6_ADDR_GEN_MODE_STABLE_PRIVACY mode,
kernel can gererate a stable privacy global ipv6 address after
receiveing RA, and network processes can use this global address
to communicate with the outside network.
Of course, mobile operators that need to support RFC7217 should
also meet the requirement of 3GPP TS 29.061, that is, MT should
use IID assigned by the GGSN to build its ipv6 link-local address
and use this address to send RS. We don't want the kernel to
automatically generate an ipv6 link-local address when
addr_gen_mode == 2. Otherwise, using the stable privacy ipv6
link-local address automatically generated by the kernel to send
RS message, GGSN will not be able to respond to the RS and reply
a RA message.
Therefore, after this patch, the kernel can determine whether to
disable the automatic ipv6 link-local address generation by judging
the net device name.
Bug: 190685002
Change-Id: I93420cacd96789769edc7214fb8a2dd1455ce374
Signed-off-by: Rocco Yue <rocco.yue@mediatek.com>
Add the hook that vendor can design and bypass the suspend/resume.
When the bypass is set, skip the orignal suspend/resume methods.
In mobile, a co-processor can be used with USB audio, and ACPU may
be able to sleep in such condition to improve power consumption.
We will need vendor hook to support this.
Bug: 192774581
Signed-off-by: Puma Hsu <pumahsu@google.com>
Change-Id: Ic62a8a1e662bbe3fb0aa17af7491daace0b9f18a
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and bpf operations.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ie4ed8df7ad66df2486fc7e52a26d9191fc0c176e
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and open operation.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ia644ceb02dbc230ee1d25cad3630c2c3f908e41a
Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and related operations.
Bug: 191291287
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: If20bd8bb8311ad10a374033734fbdc7ef61a7704
android_vh_ptype_head:
To add a debugging chain to ptype list
android_vh_kfree_skb
To sniff the dropped packet at kernel network
Bug: 163716381
Signed-off-by: Bae Soukjin <soukjin.bae@samsung.com>
Change-Id: Ide80bf0a129da31a1824d4a33026ac42be327361
(cherry picked from commit d88b2969cfa78608ad4563e5f4fa84497cc0ffa6)
(cherry picked from commit a8021ba684c584b8a4361d1680f6e466748ab012)
Some drivers can maintain its own pool of shmem pages that can reduce
the latencies in allocation of them by avoiding in getting a page from
buddy. To support this, add a vendor hook which first tries to get the
page from the driver maintained shmem pool when shmem_alloc_page is
called. If failed, it will simply fall back to the original path.
Bug: 187798288
Change-Id: I5deaf995b2e2ac40c2192096435954ee3f4a4fa8
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
int the commit: https://android-review.googlesource.com/c/kernel/common/+/1699406/
When we build our vendor driver, report two errors:
1) Symbol too long "trace_android_vh_get_unmapped_area_from_anti_fragment_pool"
2) Symbol too long "trace_android_vh_get_unmapped_area_include_reserved_zone"
So, I shorten the function names:
android_vh_get_unmapped_area_from_anti_fragment_pool --> android_vh_get_from_fragment_pool
android_vh_get_unmapped_area_include_reserved_zone --> android_vh_include_reserved_zone
Bug: 191439466
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: Icee4faa24df4fe1fc29434cd205c4dea82b4fba5
We need to obtain the pid and tid information of the caller in the async binder transaction.
So we need to add the pid and tid information in the async binder transaction.
Bug: 190413570
Signed-off-by: zhang chuang <zhangchuang3@xiaomi.com>
Change-Id: If67c972aa53196d626ccfeb46b6b61e43ddc57ae
As restricted hooks have been introduced, regular vendor hooks are no
longer necessary.
Bug: 187917024
Change-Id: Ia70e9dd1bd7373e19bdc82e90a2384201076bc0b
Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org>
This patch is based on 1699785. It uses to extend the related interface
to support the request-based operations. We use extension fields in the
parameters of VIDIOC_SUBDEV_S_SELECTION, VIDIOC_SUBDEV_S_FMT and
VIDIOC_SUBDEV_S_FRAME_INTERVAL as request fd.
The driver uses media_request_get_by_fd() to retrieve the media request and
save the pending change in it, so that we can apply the pending change in
req_queue() callback then.
Bug: 191903073
CR-Id:
Signed-off-by: Louis Kuo <louis.kuo@mediatek.com>
Change-Id: Idb7921724cf8febc44b01880a4ad8b7c9272ba6a
