- 23 Mar, 2018 5 commits
-
-
Nobutaka Okabe authored
There are two versions of TEAC UD-501, the normal version and the vendor updated version(UD-501V2). They have the same VID/PID, but the num of the altsetting is different, UD-501 has 2 altsets for stream, and UD-501V2 has 3. So, add the logic to distinguish them by the Product Name, not by the PID. Signed-off-by: Nobutaka Okabe <nob77413@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Nobutaka Okabe authored
Add native DSD support quirk for Luxman DA-06 DAC, by adding the PID/VID 1852:5065. Rename "is_marantz_denon_dac()" function to "is_itf_usb_dsd_2alts_dac()" to cover broader device family sharing the same USB audio implementation(*). For the same reason, rename "is_teac_dsd_dac()" function to "is_itf_usb_dsd_3alts_dac()". (*) These devices have the same USB controller "ITF-USB DSD", supplied by INTERFACE Co., Ltd. "ITF-USB DSD" USB controller has two patterns, Pattern 1. (2 altsets version) - Altset 0: for control - Altset 1: for stream (S32) - Altset 2: for stream (S32, DSD_U32) Pattern 2. (3 altsets version) - Altset 0: for control - Altset 1: for stream (S16) - Altset 2: for stream (S32) - Altset 3: for stream (S32, DSD_U32) "is_itf_usb_dsd_2alts_dac()" returns true, if the DAC has "Pattern 1" USB controller, and "is_itf_usb_dsd_3alts_dac()" returns true, if "Pattern2". Signed-off-by: Nobutaka Okabe <nob77413@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
Back-merge for applying more series of fixes for USB DSD support. Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Nobutaka Okabe authored
Add native DSD support quirk for TEAC UD-301 DAC, by adding the PID/VID 0644:804a. Signed-off-by: Nobutaka Okabe <nob77413@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Andrew Chant authored
This patch fixes code readability and should have no functional change. Correct uac control query functions to account for the 1-based indexing of USB Audio Class control identifiers. The function parameter, u8 control, should be the constant defined in audio-v2.h to identify the control to be checked for readability or writeability. This patch fixes all callers that had adjusted, and makes explicit the mapping between audio_feature_info[] array index and the associated control identifier. Signed-off-by: Andrew Chant <achant@google.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 22 Mar, 2018 4 commits
-
-
Takashi Iwai authored
In loopback_open() and loopback_close(), we assign and release the substream object to the corresponding cable in a racy way. It's neither locked nor done in the right position. The open callback assigns the substream before its preparation finishes, hence the other side of the cable may pick it up, which may lead to the invalid memory access. This patch addresses these: move the assignment to the end of the open callback, and wrap with cable->lock for avoiding concurrent accesses. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
The aloop driver tries to stop the pending timer via timer_del() in the trigger callback and in the close callback. The former is correct, as it's an atomic operation, while the latter expects that the timer gets really removed and proceeds the resource releases after that. But timer_del() doesn't synchronize, hence the running timer may still access the released resources. A similar situation can be also seen in the prepare callback after trigger(STOP) where the prepare tries to re-initialize the things while a timer is still running. The problems like the above are seen indirectly in some syzkaller reports (although it's not 100% clear whether this is the only cause, as the race condition is quite narrow and not always easy to trigger). For addressing these issues, this patch adds the explicit alls of timer_del_sync() in some places, so that the pending timer is properly killed / synced. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Kailang Yang authored
It will have a chance speaker no sound after system resume. To toggle NID 0x53 index 0x2 bit 15 will solve this issue. This usage will also suitable with ALC256. Fixes: 4a219ef8 ("ALSA: hda/realtek - Add ALC256 HP depop function") Signed-off-by: Kailang Yang <kailang@realtek.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Kailang Yang authored
This platform was hardware fixed type for CTIA type for headset port. Assigned 0x19 verb will fix can't record issue. Signed-off-by: Kailang Yang <kailang@realtek.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 21 Mar, 2018 2 commits
-
-
Ruslan Bilovol authored
Recently released USB Audio Class 3.0 specification introduces many significant changes comparing to previous versions, like - new Power Domains, support for LPM/L1 - new Cluster descriptor - changed layout of all class-specific descriptors - new High Capability descriptors - New class-specific String descriptors - new and removed units - additional sources for interrupts - removed Type II Audio Data Formats - ... and many other things (check spec) It also provides backward compatibility through multiple configurations, as well as requires mandatory support for BADD (Basic Audio Device Definition) on each ADC3.0 compliant device This patch adds initial support of UAC3 specification that is enough for Generic I/O Profile (BAOF, BAIF) device support from BADD document. Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
We've observed too long probe time with Coffee Lake (CFL) machines, and the likely cause is some communication problem between the HD-audio controller and the codec chips. While the controller expects an IRQ wakeup for each codec response, it seems sometimes missing, and it takes one second for the controller driver to time out and read the response in the polling mode. Although we aren't sure about the real culprit yet, in this patch, we put a workaround by forcing the polling mode as default for CFL machines; the polling mode itself isn't too heavy, and much better than other workarounds initially suggested (e.g. disabling power-save), at least. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199007 Fixes: e79b0006 ("ALSA: hda - Add Coffelake PCI ID") Reported-and-tested-by: Hui Wang <hui.wang@canonical.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 19 Mar, 2018 3 commits
-
-
Ruslan Bilovol authored
Offload USB audio interface parsing function by moving quirks to a specially designed location (quirks.c) Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
Back-merge of for-linus branch for applying the further UAC3 patches. Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Kirill Marinushkin authored
Currently, the offsets in the UAC2 processing unit descriptor are calculated incorrectly. It causes an issue when connecting the device which provides such a feature: ~~~~ [84126.724420] usb 1-1.3.1: invalid Processing Unit descriptor (id 18) ~~~~ After this patch is applied, the UAC2 processing unit inits w/o this error. Fixes: 23caaf19 ("ALSA: usb-mixer: Add support for Audio Class v2.0") Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 17 Mar, 2018 1 commit
-
-
Takashi Iwai authored
Some HP laptops have a mute mute LED controlled by a pin VREF. The Realtek codec driver updates the VREF via vmaster hook by calling snd_hda_set_pin_ctl_cache(). This works fine as long as the driver is running in a normal mode. However, when the VREF change happens during the codec being in runtime PM suspend, the regmap access will skip and postpone the actual register change. This ends up with the unchanged LED status until the next runtime PM resume even if you change the Master mute switch. (Interestingly, the machine keeps the LED status even after the codec goes into D3 -- but it's another story.) For improving this usability, let the driver temporarily powering up / down only during the pin VREF change. This can be achieved easily by wrapping the call with snd_hda_power_up_pm() / *_down_pm(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199073 Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 13 Mar, 2018 3 commits
-
-
Takashi Iwai authored
Just a minor simplification. Change from kcalloc() shouldn't matter as each array element is fully initialized. Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
A helper function used by snd_pcm_hw_refine() still keeps using VLA for timestamps of hw constraint rules that are non-fixed size. Let's replace the VLA with a simple kmalloc() array. Reference: https://lkml.org/lkml/2018/3/7/621Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Guneshwor Singh authored
Icelake is a next generation Intel platform. Add PCI ID for it. Signed-off-by: Guneshwor Singh <guneshwor.o.singh@intel.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 12 Mar, 2018 5 commits
-
-
Takashi Iwai authored
Merge tag 'asoc-fix-v4.16-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.16 This is a fairly standard collection of fixes, there's no changes to the core here just a bunch of small device specific changes for single drivers plus an update to the MAINTAINERS file for the sgl5000.
-
Mark Brown authored
Merge remote-tracking branches 'asoc/fix/amd', 'asoc/fix/hdmi-codec', 'asoc/fix/rt5651', 'asoc/fix/samsung', 'asoc/fix/sgtl5000', 'asoc/fix/sunxi' and 'asoc/fix/wm-adsp' into asoc-linus
-
Colin Ian King authored
The pointer 'pipe' is being initialized with a value that is never read and it is re-assigned later, hence the initialization is redundant and can be removed. Also remove pointer 'runtime' as it is no longer required. Cleans up clang warning: sound/pci/echoaudio/echoaudio.c:740:20: warning: Value stored to 'pipe' during its initialization is never read Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
With the commit 1ba8f9d3 ("ALSA: hda: Add a power_save blacklist"), we changed the default value of power_save option to -1 for processing the power-save blacklist. Unfortunately, this seems breaking user-space applications that actually read the power_save parameter value via sysfs and judge / adjust the power-saving status. They see the value -1 as if the power-save is turned off, although the actual value is taken from CONFIG_SND_HDA_POWER_SAVE_DEFAULT and it can be a positive. So, overall, passing -1 there was no good idea. Let's partially revert it -- at least for power_save option default value is restored again to CONFIG_SND_HDA_POWER_SAVE_DEFAULT. Meanwhile, in this patch, we keep the blacklist behavior and make is adjustable via the new option, pm_blacklist. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199073 Fixes: 1ba8f9d3 ("ALSA: hda: Add a power_save blacklist") Acked-by: Hans de Goede <hdegoede@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Linus Torvalds authored
-
- 11 Mar, 2018 9 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86/pti updates from Thomas Gleixner: "Yet another pile of melted spectrum related updates: - Drop native vsyscall support finally as it causes more trouble than benefit. - Make microcode loading more robust. There were a few issues especially related to late loading which are now surfacing because late loading of the IB* microcodes addressing spectre issues has become more widely used. - Simplify and robustify the syscall handling in the entry code - Prevent kprobes on the entry trampoline code which lead to kernel crashes when the probe hits before CR3 is updated - Don't check microcode versions when running on hypervisors as they are considered as lying anyway. - Fix the 32bit objtool build and a coment typo" * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/kprobes: Fix kernel crash when probing .entry_trampoline code x86/pti: Fix a comment typo x86/microcode: Synchronize late microcode loading x86/microcode: Request microcode on the BSP x86/microcode/intel: Look into the patch cache first x86/microcode: Do not upload microcode if CPUs are offline x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode: Get rid of struct apply_microcode_ctx x86/spectre_v2: Don't check microcode versions when running under hypervisors x86/vsyscall/64: Drop "native" vsyscalls x86/entry/64/compat: Save one instruction in entry_INT80_compat() x86/entry: Do not special-case clone(2) in compat entry x86/syscalls: Use COMPAT_SYSCALL_DEFINEx() macros for x86-only compat syscalls x86/syscalls: Use proper syscall definition for sys_ioperm() x86/entry: Remove stale syscall prototype x86/syscalls/32: Simplify $entry == $compat entries objtool: Fix 32-bit build
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull timer fix from Thomas Gleixner: "Just a single fix which adds a missing Kconfig dependency to avoid unmet dependency warnings" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/atmel-st: Add 'depends on HAS_IOMEM' to fix unmet dependency
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull RAS fixes from Thomas Gleixner: "Two small fixes for RAS/MCE: - Serialize sysfs changes to avoid concurrent modificaiton of underlying data - Add microcode revision to Machine Check records. This should have been there forever, but now with the broken microcode versions in the wild it has become important" * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/MCE: Serialize sysfs changes x86/MCE: Save microcode revision in machine check records
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf updates from Thomas Gleixner: "Another set of perf updates: - Fix a Skylake Uncore event format declaration - Prevent perf pipe mode from crahsing which was caused by a missing buffer allocation - Make the perf top popup message which tells the user that it uses fallback mode on older kernels a debug message. - Make perf context rescheduling work correcctly - Robustify the jump error drawing in perf browser mode so it does not try to create references to NULL initialized offset entries - Make trigger_on() robust so it does not enable the trigger before everything is set up correctly to handle it - Make perf auxtrace respect the --no-itrace option so it does not try to queue AUX data for decoding. - Prevent having different number of field separators in CVS output lines when a counter is not supported. - Make the perf kallsyms man page usage behave like it does for all other perf commands. - Synchronize the kernel headers" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Fix ctx_event_type in ctx_resched() perf tools: Fix trigger class trigger_on() perf auxtrace: Prevent decoding when --no-itrace perf stat: Fix CVS output format for non-supported counters tools headers: Sync x86's cpufeatures.h tools headers: Sync copy of kvm UAPI headers perf record: Fix crash in pipe mode perf annotate browser: Be more robust when drawing jump arrows perf top: Fix annoying fallback message on older kernels perf kallsyms: Fix the usage on the man page perf/x86/intel/uncore: Fix Skylake UPI event format
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull locking fix from Thomas Gleixner: "rt_mutex_futex_unlock() grew a new irq-off call site, but the function assumes that its always called from irq enabled context. Use (un)lock_irqsafe() to handle the new call site correctly" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites
-
git://git.infradead.org/users/vkoul/slave-dmaLinus Torvalds authored
Pull dmaengine fixes from Vinod Koul: "Two small fixes are for this cycle: - fix max_chunk_size for rcar-dmac for R-Car Gen3 - fix clock resource of mv_xor_v2" * tag 'dmaengine-fix-4.16-rc5' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: mv_xor_v2: Fix clock resource by adding a register clock dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull GPIO fix from Linus Walleij: "This is a single GPIO fix for the v4.16 series affecting the Renesas driver, and fixes wakeup from external stuff" * tag 'gpio-v4.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: rcar: Use wakeup_path i.s.o. explicit clock handling
-
Gregory CLEMENT authored
On the CP110 components which are present on the Armada 7K/8K SoC we need to explicitly enable the clock for the registers. However it is not needed for the AP8xx component, that's why this clock is optional. With this patch both clock have now a name, but in order to be backward compatible, the name of the first clock is not used. It allows to still use this clock with a device tree using the old binding. Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com> Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
Takashi Iwai authored
snd_pcm_oss_get_formats() has an obvious use-after-free around snd_mask_test() calls, as spotted by syzbot. The passed format_mask argument is a pointer to the hw_params object that is freed before the loop. What a surprise that it has been present since the original code of decades ago... Reported-by: syzbot+4090700a4f13fccaf648@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 10 Mar, 2018 8 commits
-
-
Linus Torvalds authored
Merge tag 'kbuild-fixes-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - make fixdep parse kconfig.h to fix missing rebuild - replace hyphens with underscores in builtin DTB label names - fix typos * tag 'kbuild-fixes-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: Handle builtin dtb file names containing hyphens scripts/bloat-o-meter: fix typos in help fixdep: do not ignore kconfig.h fixdep: remove some false CONFIG_ matches fixdep: remove stale references to uml-config.h
-
git://www.linux-watchdog.org/linux-watchdogLinus Torvalds authored
Pull watchdog fixes from Wim Van Sebroeck: - f71808e_wdt: Fix magic close handling - sbsa: 32-bit read fix for WCV - hpwdt: Remove legacy NMI sourcing * tag 'linux-watchdog-4.16-fixes-2' of git://www.linux-watchdog.org/linux-watchdog: watchdog: hpwdt: Remove legacy NMI sourcing. watchdog: sbsa: use 32-bit read for WCV watchdog: f71808e_wdt: Fix magic close handling
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: - a xen-blkfront fix from Bhavesh with a multiqueue fix when detaching/re-attaching - a few important NVMe fixes, including a revert for a sysfs fix that caused some user space confusion - two bcache fixes by way of Michael Lyle - a loop regression fix, fixing an issue with lost writes on DAX. * tag 'for-linus-20180309' of git://git.kernel.dk/linux-block: loop: Fix lost writes caused by missing flag nvme_fc: rework sqsize handling nvme-fabrics: Ignore nr_io_queues option for discovery controllers xen-blkfront: move negotiate_mq to cover all cases of new VBDs Revert "nvme: create 'slaves' and 'holders' entries for hidden controllers" bcache: don't attach backing with duplicate UUID bcache: fix crashes in duplicate cache device register nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors nvme-pci: Fix EEH failure on ppc
-
Linus Torvalds authored
Merge tag 'for-4.16/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix an uninitialized variable false warning in dm bufio - Fix DM's passthrough ioctl support to be race free against an underlying device being removed. - Fix corner-case of DM raid resync reporting if/when the raid becomes degraded during resync; otherwise automated raid repair will fail. - A few DM multipath fixes to make non-SCSI optimizations, that were introduced during the 4.16 merge, useful for all non-SCSI devices, rather than narrowly define this non-SCSI mode in terms of "nvme". This allows the removal of "queue_mode nvme" that really didn't need to be introduced. Instead DM core will internalize whether nvme-specific IO submission optimizations are doable and DM multipath will only do SCSI-specific device handler operations if SCSI is in use. * tag 'for-4.16/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm table: allow upgrade from bio-based to specialized bio-based variant dm mpath: remove unnecessary NVMe branching in favor of scsi_dh checks dm table: fix "nvme" test dm raid: fix incorrect sync_ratio when degraded dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl dm bufio: avoid false-positive Wmaybe-uninitialized warning
-
git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdmaLinus Torvalds authored
Pull rdma fixes from Doug Ledford: - Various driver bug fixes in mlx5, mlx4, bnxt_re and qedr, ranging from bugs under load to bad error case handling - There in one largish patch fixing the locking in bnxt_re to avoid a machine hard lock situation - A few core bugs on error paths - A patch to reduce stack usage in the new CQ API - One mlx5 regression introduced in this merge window - There were new syzkaller scripts written for the RDMA subsystem and we are fixing issues found by the bot - One of the commits (aa0de36a “RDMA/mlx5: Fix integer overflow while resizing CQ”) is missing part of the commit log message and one of the SOB lines. The original patch was from Leon Romanovsky, and a cut-n-paste separator in the commit message confused patchworks which then put the end of message separator in the wrong place in the downloaded patch, and I didn’t notice in time. The patch made it into the official branch, and the only way to fix it in-place was to rebase. Given the pain that a rebase causes, and the fact that the patch has relevant tags for stable and syzkaller, a revert of the munged patch and a reapplication of the original patch with the log message intact was done. * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (25 commits) RDMA/mlx5: Fix integer overflow while resizing CQ Revert "RDMA/mlx5: Fix integer overflow while resizing CQ" RDMA/ucma: Check that user doesn't overflow QP state RDMA/mlx5: Fix integer overflow while resizing CQ RDMA/ucma: Limit possible option size IB/core: Fix possible crash to access NULL netdev RDMA/bnxt_re: Avoid Hard lockup during error CQE processing RDMA/core: Reduce poll batch for direct cq polling IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() IB/mlx5: When not in dual port RoCE mode, use provided port as native IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs RDMA/qedr: Fix iWARP write and send with immediate RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP connect with port mapper RDMA/qedr: Fix ipv6 destination address resolution IB/core : Add null pointer check in addr_resolve RDMA/bnxt_re: Fix the ib_reg failure cleanup RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Unconditionly fence non wire memory operations ...
-
git://git.infradead.org/linux-platform-drivers-x86Linus Torvalds authored
Pull x86 platform driver fixes from Darren Hart: "Correct a module loading race condition between the DELL_SMBIOS backend modules and the first user by converting them to bool features of the DELL_SMBIOS driver. Fixup the resulting Kconfig dependency issue with DCDBAS" * tag 'platform-drivers-x86-v4.16-6' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: dell-smbios: Resolve dependency error on DCDBAS platform/x86: Allow for SMBIOS backend defaults platform/x86: dell-smbios: Link all dell-smbios-* modules together platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base platform/x86: dell-smbios: Correct some style warnings
-
Takashi Iwai authored
When releasing a client, we need to clear the clienttab[] entry at first, then call snd_seq_queue_client_leave(). Otherwise, the in-flight cell in the queue might be picked up by the timer interrupt via snd_seq_check_queue() before calling snd_seq_queue_client_leave(), and it's delivered to another queue while the client is clearing queues. This may eventually result in an uncleared cell remaining in a queue, and the later snd_seq_pool_delete() may need to wait for a long time until the event gets really processed. By moving the clienttab[] clearance at the beginning of release, any event delivery of a cell belonging to this client will fail at a later point, since snd_seq_client_ptr() returns NULL. Thus the cell that was picked up by the timer interrupt will be returned immediately without further delivery, and the long stall of snd_seq_delete_pool() can be avoided, too. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Takashi Iwai authored
Although we've covered the races between concurrent write() and ioctl() in the previous patch series, there is still a possible UAF in the following scenario: A: user client closed B: timer irq -> snd_seq_release() -> snd_seq_timer_interrupt() -> snd_seq_free_client() -> snd_seq_check_queue() -> cell = snd_seq_prioq_cell_peek() -> snd_seq_prioq_leave() .... removing all cells -> snd_seq_pool_done() .... vfree() -> snd_seq_compare_tick_time(cell) ... Oops So the problem is that a cell is peeked and accessed without any protection until it's retrieved from the queue again via snd_seq_prioq_cell_out(). This patch tries to address it, also cleans up the code by a slight refactoring. snd_seq_prioq_cell_out() now receives an extra pointer argument. When it's non-NULL, the function checks the event timestamp with the given pointer. The caller needs to pass the right reference either to snd_seq_tick or snd_seq_realtime depending on the event timestamp type. A good news is that the above change allows us to remove the snd_seq_prioq_cell_peek(), too, thus the patch actually reduces the code size. Reviewed-by: Nicolai Stange <nstange@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-