- 13 Dec, 2018 40 commits
-
-
Daniel Vetter authored
commit ce858828 upstream. Sending the exact same hotplug event is not great uapi. Luckily the only already merged implementation of leases (in the -modesetting driver) doesn't care about what kind of uevent it gets, and unconditionally processes both hotplug and lease changes. So we can still adjust the uapi here. But e.g. weston tries to filter stuff, and I guess others might want to do that too. Try to make that possible. Cc: stable since it's uapi adjustement that we want to roll out everywhere. Michel Dänzer mentioned on irc that -amdgpu also has lease support. It has the same code flow as -modesetting though, so we can still go ahead. v2: Mention -amdgpu (Michel) Cc: Keith Packard <keithp@keithp.com> Cc: Dave Airlie <airlied@redhat.com> Cc: stable@vger.kernel.org Reviewed-by:
Keith Packard <keithp@keithp.com> Signed-off-by:
Daniel Vetter <daniel.vetter@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181129094226.30591-1-daniel.vetter@ffwll.chSigned-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Junwei Zhang authored
commit d7fd6765 upstream. Some new variants require updated firmware. Signed-off-by:
Junwei Zhang <Jerry.Zhang@amd.com> Reviewed-by:
Evan Quan <evan.quan@amd.com> Signed-off-by:
Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org Signed-off-by:
-
Pan Bian authored
commit e5bde04c upstream. In multiple functions, the algorithm fields are read after its reference is dropped through crypto_mod_put. In this case, the algorithm memory may be freed, resulting in use-after-free bugs. This patch delays the put operation until the algorithm is never used. Fixes: 79c65d17 ("crypto: cbc - Convert to skcipher") Fixes: a7d85e06 ("crypto: cfb - add support for Cipher FeedBack mode") Fixes: 043a4400 ("crypto: pcbc - Convert to skcipher") Cc: <stable@vger.kernel.org> Signed-off-by:
Pan Bian <bianpan2016@163.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Young Xiao authored
Revert commit ef9209b6 "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" commit 87e4a540 upstream. pstapriv->max_num_sta is always <= NUM_STA, since max_num_sta is either set in _rtw_init_sta_priv() or rtw_set_beacon(). Fixes: ef9209b6 ("staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c") Signed-off-by:
Young Xiao <YangX92@hotmail.com> Reviewed-by:
Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Young Xiao authored
commit 300cd664 upstream. In commit 8b7a13c3 ("staging: r8712u: Fix possible buffer overrun") we fix a potential off by one by making the limit smaller. The better fix is to make the buffer larger. This makes it match up with the similar code in other drivers. Fixes: 8b7a13c3 ("staging: r8712u: Fix possible buffer overrun") Signed-off-by:
-
Paulo Alcantara authored
commit c988de29 upstream. Make sure to use the CIFS_DIR_SEP(cifs_sb) as path separator for prefixpath too. Fixes a bug with smb1 UNIX extensions. Fixes: a6b5058f ("fs/cifs: make share unaccessible at root level mountable") Signed-off-by:
Paulo Alcantara <palcantara@suse.com> Reviewed-by:
Aurelien Aptel <aaptel@suse.com> Signed-off-by:
Steve French <stfrench@microsoft.com> CC: Stable <stable@vger.kernel.org> Signed-off-by:
-
Masayoshi Mizuma authored
[ Upstream commit 9fd61bc9 ] commit 124049de ("x86/e820: put !E820_TYPE_RAM regions into memblock.reserved") breaks movable_node kernel option because it changed the memory gap range to reserved memblock. So, the node is marked as Normal zone even if the SRAT has Hot pluggable affinity. ===================================================================== kernel: BIOS-e820: [mem 0x0000180000000000-0x0000180fffffffff] usable kernel: BIOS-e820: [mem 0x00001c0000000000-0x00001c0fffffffff] usable ... kernel: reserved[0x12]#011[0x0000181000000000-0x00001bffffffffff], 0x000003f000000000 bytes flags: 0x0 ... kernel: ACPI: SRAT: Node 2 PXM 6 [mem 0x180000000000-0x1bffffffffff] hotplug kernel: ACPI: SRAT: Node 3 PXM 7 [mem 0x1c0000000000-0x1fffffffffff] hotplug ... kernel: Movable zone start for each node kernel: Node 3: 0x00001c0000000000 kernel: Early memory node ranges ... ===================================================================== The original issue is fixed by the former patches, so let's revert commit 124049de ("x86/e820: put !E820_TYPE_RAM regions into memblock.reserved"). Link: http://lkml.kernel.org/r/20181002143821.5112-4-msys.mizuma@gmail.comSigned-off-by:
Masayoshi Mizuma <m.mizuma@jp.fujitsu.com> Reviewed-by:
Pavel Tatashin <pavel.tatashin@microsoft.com> Acked-by:
Ingo Molnar <mingo@kernel.org> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Oscar Salvador <osalvador@suse.de> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Sasha Levin <sashal@kernel.org>
-
Sasha Levin authored
[ Upstream commit 13682e52 ] When the performance governor is set as default, the rock960 hangs around one minute after booting, whatever the activity is (idle, key pressed, loaded, ...). Based on the commit log found at https://patchwork.kernel.org/patch/10092377/ "vdd_log has no consumer and therefore will not be set to a specific voltage. Still the PWM output pin gets configured and thence the vdd_log output voltage will changed from it's default. Depending on the idle state of the PWM this will slightly over or undervoltage the logic supply of the RK3399 and cause instability with GbE (undervoltage) and PCIe (overvoltage). Since the default value set by a voltage divider is the correct supply voltage and we don't need to change it during runtime we remove the rail from the devicetree completely so the PWM pin will not be configured." After removing the vdd-log from the rock960's specific DT, the board does no longer hang and shows a stable behavior. Apply the same change for the rock960 by removing the vdd-log from the DT. Fixes: 874846f1 ("arm64: dts: rockchip: add 96boards RK3399 Ficus board") Cc: stable@vger.kernel.org Tested-by:
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Signed-off-by:
Daniel Lezcano <daniel.lezcano@linaro.org> Signed-off-by:
Heiko Stuebner <heiko@sntech.de> [sl: adjust filename for 4.19] Signed-off-by:
-
Mathias Nyman authored
commit 0472bf06 upstream. Don't allow USB3 U1 or U2 if the latency to wake up from the U-state reaches the service interval for a periodic endpoint. This is according to xhci 1.1 specification section 4.23.5.2 extra note: "Software shall ensure that a device is prevented from entering a U-state where its worst case exit latency approaches the ESIT." Allowing too long exit latencies for periodic endpoint confuses xHC internal scheduling, and new devices may fail to enumerate with a "Not enough bandwidth for new device state" error from the host. Cc: <stable@vger.kernel.org> Signed-off-by:
Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by:
-
Sandeep Singh authored
commit a7d57abc upstream. Occasionally AMD SNPS 3.0 xHC does not respond to CSS when set, also it does not flag anything on SRE and HCE to point the internal xHC errors on USBSTS register. This stalls the entire system wide suspend and there is no point in stalling just because of xHC CSS is not responding. To work around this problem, if the xHC does not flag anything on SRE and HCE, we can skip the CSS timeout and allow the system to continue the suspend. Once the system resume happens we can internally reset the controller using XHCI_RESET_ON_RESUME quirk Signed-off-by:
Shyam Sundar S K <Shyam-sundar.S-k@amd.com> Signed-off-by:
Sandeep Singh <Sandeep.Singh@amd.com> cc: Nehal Shah <Nehal-bakulchandra.Shah@amd.com> Cc: <stable@vger.kernel.org> Tested-by:
Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by:
-
Kees Cook authored
commit e46daee5 upstream. The arm compiler internally interprets an inline assembly label as an unsigned long value, not a pointer. As a result, under CONFIG_FORTIFY_SOURCE, the address of a label has a size of 4 bytes, which was tripping the runtime checks. Instead, we can just cast the label (as done with the size calculations earlier). Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1639397Reported-by:
William Cohen <wcohen@redhat.com> Fixes: 6974f0c4 ("include/linux/string.h: add the option of fortified string.h functions") Cc: stable@vger.kernel.org Acked-by:
Laura Abbott <labbott@redhat.com> Acked-by:
Masami Hiramatsu <mhiramat@kernel.org> Tested-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
Bin Liu authored
commit 59861547 upstream. The driver defines three states for a cppi channel. - idle: .chan_busy == 0 && not in .pending list - pending: .chan_busy == 0 && in .pending list - busy: .chan_busy == 1 && not in .pending list There are cases in which the cppi channel could be in the pending state when cppi41_dma_issue_pending() is called after cppi41_runtime_suspend() is called. cppi41_stop_chan() has a bug for these cases to set channels to idle state. It only checks the .chan_busy flag, but not the .pending list, then later when cppi41_runtime_resume() is called the channels in .pending list will be transitioned to busy state. Removing channels from the .pending list solves the problem. Fixes: 975faaeb ("dma: cppi41: start tear down only if channel is busy") Cc: stable@vger.kernel.org # v3.15+ Signed-off-by:
Bin Liu <b-liu@ti.com> Reviewed-by:
Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by:
Vinod Koul <vkoul@kernel.org> Signed-off-by:
-
Lucas Stach authored
commit 64068853 upstream. DMA buffer descriptors aren't allocated from atomic context, so they can use the less heavyweigth GFP_NOWAIT. Signed-off-by:
Lucas Stach <l.stach@pengutronix.de> Signed-off-by:
Robin Gong <yibin.gong@nxp.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Lucas Stach authored
commit b8603d2a upstream. The dmaengine documentation states that device_terminate_all may be asynchronous and need not wait for the active transfers to stop. This allows us to move most of the functionality currently implemented in the sdma channel termination function to run in a worker, outside of any atomic context. Moving this out of atomic context has two benefits: we can now sleep while waiting for the channel to terminate, instead of busy waiting and the freeing of the dma descriptors happens with IRQs enabled, getting rid of a warning in the dma mapping code. As the termination is now async, we need to implement the device_synchronize dma engine function which simply waits for the worker to finish its execution. Signed-off-by:
-
Lucas Stach authored
commit ebb853b1 upstream. This reverts commit fe5b85c6. The SDMA engine needs the descriptors to be contiguous in memory. As the dma pool API is only able to provide a single descriptor per alloc invocation there is no guarantee that multiple descriptors satisfy this requirement. Also the code in question is broken as it only allocates memory for a single descriptor, without looking at the number of descriptors required for the transfer, leading to out-of-bounds accesses when the descriptors are written. Signed-off-by:
-
Lucas Stach authored
commit c06abca6 upstream. This reverts commit c1199875, as this depends on another commit that is going to be reverted. Signed-off-by:
-
Andy Shevchenko authored
commit ffe843b1 upstream. Intel Merrifield has a reduced size of FIFO used in iDMA 32-bit controller, i.e. 512 bytes instead of 1024. Fix this by partitioning it as 64 bytes per channel. Note, in the future we might switch to 'fifo-size' property instead of hard coded value. Fixes: 199244d6 ("dmaengine: dw: add support of iDMA 32-bit hardware") Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by:
-
Chuck Lever authored
commit 8dae5398 upstream. call_encode can be invoked more than once per RPC call. Ensure that each call to gss_wrap_req_priv does not overwrite pointers to previously allocated memory. Signed-off-by:
Chuck Lever <chuck.lever@oracle.com> Cc: stable@kernel.org Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by:
-
Will Deacon authored
commit b4aecf78 upstream. Since commit 3b8c9f1c ("arm64: IPI each CPU after invalidating the I-cache for kernel mappings"), a call to flush_icache_range() will use an IPI to cross-call other online CPUs so that any stale instructions are flushed from their pipelines. This triggers a WARN during the hibernation resume path, where flush_icache_range() is called with interrupts disabled and is therefore prone to deadlock: | Disabling non-boot CPUs ... | CPU1: shutdown | psci: CPU1 killed. | CPU2: shutdown | psci: CPU2 killed. | CPU3: shutdown | psci: CPU3 killed. | WARNING: CPU: 0 PID: 1 at ../kernel/smp.c:416 smp_call_function_many+0xd4/0x350 | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.20.0-rc4 #1 Since all secondary CPUs have been taken offline prior to invalidating the I-cache, there's actually no need for an IPI and we can simply call __flush_icache_range() instead. Cc: <stable@vger.kernel.org> Fixes: 3b8c9f1c ("arm64: IPI each CPU after invalidating the I-cache for kernel mappings") Reported-by:
Kunihiko Hayashi <hayashi.kunihiko@socionext.com> Tested-by:
James Morse <james.morse@arm.com> Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
Catalin Marinas <catalin.marinas@arm.com> Signed-off-by:
-
Stefan Hajnoczi authored
commit 834e772c upstream. If the network stack calls .send_pkt()/.cancel_pkt() during .release(), a struct vhost_vsock use-after-free is possible. This occurs because .release() does not wait for other CPUs to stop using struct vhost_vsock. Switch to an RCU-enabled hashtable (indexed by guest CID) so that .release() can wait for other CPUs by calling synchronize_rcu(). This also eliminates vhost_vsock_lock acquisition in the data path so it could have a positive effect on performance. This is CVE-2018-14625 "kernel: use-after-free Read in vhost_transport_send_pkt". Cc: stable@vger.kernel.org Reported-and-tested-by: syzbot+bd391451452fb0b93039@syzkaller.appspotmail.com Reported-by: syzbot+e3e074963495f92a89ed@syzkaller.appspotmail.com Reported-by: syzbot+d5a0a170c5069658b141@syzkaller.appspotmail.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Acked-by:
Jason Wang <jasowang@redhat.com> Signed-off-by:
-
Halil Pasic authored
commit 78b1a52e upstream. While ccw_io_helper() seems like intended to be exclusive in a sense that it is supposed to facilitate I/O for at most one thread at any given time, there is actually nothing ensuring that threads won't pile up at vcdev->wait_q. If they do, all threads get woken up and see the status that belongs to some other request than their own. This can lead to bugs. For an example see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788432 This race normally does not cause any problems. The operations provided by struct virtio_config_ops are usually invoked in a well defined sequence, normally don't fail, and are normally used quite infrequent too. Yet, if some of the these operations are directly triggered via sysfs attributes, like in the case described by the referenced bug, userspace is given an opportunity to force races by increasing the frequency of the given operations. Let us fix the problem by ensuring, that for each device, we finish processing the previous request before starting with a new one. Signed-off-by:
Halil Pasic <pasic@linux.ibm.com> Reported-by:
Colin Ian King <colin.king@canonical.com> Cc: stable@vger.kernel.org Message-Id: <20180925121309.58524-3-pasic@linux.ibm.com> Signed-off-by:
Cornelia Huck <cohuck@redhat.com> Signed-off-by:
-
Halil Pasic authored
commit 2448a299 upstream. Currently we have a race on vcdev->config in virtio_ccw_get_config() and in virtio_ccw_set_config(). This normally does not cause problems, as these are usually infrequent operations. However, for some devices writing to/reading from the config space can be triggered through sysfs attributes. For these, userspace can force the race by increasing the frequency. Signed-off-by:
-
Helge Deller authored
commit 1e8249b8 upstream. Frank Schreiner reported, that since kernel 4.18 he faces sysfs-warnings when loading modules on a 32-bit kernel. Here is one such example: sysfs: cannot create duplicate filename '/module/nfs/sections/.text' CPU: 0 PID: 98 Comm: modprobe Not tainted 4.18.0-2-parisc #1 Debian 4.18.10-2 Backtrace: [<1017ce2c>] show_stack+0x3c/0x50 [<107a7210>] dump_stack+0x28/0x38 [<103f900c>] sysfs_warn_dup+0x88/0xac [<103f8b1c>] sysfs_add_file_mode_ns+0x164/0x1d0 [<103f9e70>] internal_create_group+0x11c/0x304 [<103fa0a0>] sysfs_create_group+0x48/0x60 [<1022abe8>] load_module.constprop.35+0x1f9c/0x23b8 [<1022b278>] sys_finit_module+0xd0/0x11c [<101831dc>] syscall_exit+0x0/0x14 This warning gets triggered by the fact, that due to commit 24b6c225 ("parisc: Build kernel without -ffunction-sections") we now get multiple .text sections in the kernel modules for which sysfs_create_group() can't create multiple virtual files. This patch works around the problem by re-enabling the -ffunction-sections compiler option for modules, while keeping it disabled for the non-module kernel code. Reported-by:
Frank Scheiner <frank.scheiner@web.de> Fixes: 24b6c225 ("parisc: Build kernel without -ffunction-sections") Cc: <stable@vger.kernel.org> # v4.18+ Signed-off-by:
Helge Deller <deller@gmx.de> Signed-off-by:
-
Enric Balletbo i Serra authored
commit 48a2ca0e upstream. This reverts commit 3aa2177e. That commit triggered a new WARN when unloading the module (see at the end of the commit message). When a class_dev is embedded in a structure then that class_dev is the thing that controls the lifetime of that structure, for that reason device managed allocations can't be used here. See Documentation/kobject.txt. Revert the above patch, so the struct is allocated using kzalloc and we have a release function for it that frees the allocated memory, otherwise it is broken. ------------[ cut here ]------------ Device 'cros_ec' does not have a release() function, it is broken and must be fixed. WARNING: CPU: 3 PID: 3675 at drivers/base/core.c:895 device_release+0x80/0x90 Modules linked in: btusb btrtl btintel btbcm bluetooth ... CPU: 3 PID: 3675 Comm: rmmod Not tainted 4.20.0-rc4 #76 Hardware name: Google Kevin (DT) pstate: 40000005 (nZcv daif -PAN -UAO) pc : device_release+0x80/0x90 lr : device_release+0x80/0x90 sp : ffff00000c47bc70 x29: ffff00000c47bc70 x28: ffff8000e86b0d40 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000056000000 x24: 0000000000000015 x23: ffff8000f0bbf860 x22: ffff000000d320a0 x21: ffff8000ee93e100 x20: ffff8000ed931428 x19: ffff8000ed931418 x18: 0000000000000020 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000400 x14: 0000000000000143 x13: 0000000000000000 x12: 0000000000000400 x11: 0000000000000157 x10: 0000000000000960 x9 : ffff00000c47b9b0 x8 : ffff8000e86b1700 x7 : 0000000000000000 x6 : ffff8000f7d520b8 x5 : ffff8000f7d520b8 x4 : 0000000000000000 x3 : ffff8000f7d58e68 x2 : ffff8000e86b0d40 x1 : 37d859939c964800 x0 : 0000000000000000 Call trace: device_release+0x80/0x90 kobject_put+0x74/0xe8 device_unregister+0x20/0x30 ec_device_remove+0x34/0x48 [cros_ec_dev] platform_drv_remove+0x28/0x48 device_release_driver_internal+0x1a8/0x240 driver_detach+0x40/0x80 bus_remove_driver+0x54/0xa8 driver_unregister+0x2c/0x58 platform_driver_unregister+0x10/0x18 cros_ec_dev_exit+0x1c/0x2d8 [cros_ec_dev] __arm64_sys_delete_module+0x16c/0x1f8 el0_svc_common+0x84/0xd8 el0_svc_handler+0x2c/0x80 el0_svc+0x8/0xc ---[ end trace a57c4625f3c60ae8 ]--- Cc: stable@vger.kernel.org Fixes: 3aa2177e ("mfd: cros_ec: Use devm_kzalloc for private data") Signed-off-by:
Enric Balletbo i Serra <enric.balletbo@collabora.com> Reviewed-by:
Guenter Roeck <groeck@chromium.org> Reviewed-by:
Dmitry Torokhov <dtor@chromium.org> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Signed-off-by:
-
Mauro Carvalho Chehab authored
commit 3420f65c upstream. The dvb_frontend core already checks for the frequencies. No need for any additional check inside the driver. It is part of the fixes for the following bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1116374 Fixes: a3f90c75 ("media: dvb: convert tuner_info frequencies to Hz") Reported-by:
Stakanov Schufter <stakanov@eclipso.eu> Reported-by:
Takashi Iwai <tiwai@suse.de> Cc: stable@vger.kernel.org # For 4.19 Signed-off-by:
Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by:
-
Mauro Carvalho Chehab authored
commit 3d8e450f upstream. Tuners should report frequencies in Hz. That works fine on most drivers, but, in the case of dvb-pll, some settings are for satellite tuners, while others are for terrestrial/cable ones. The code was trying to solve it at probing time, but that doesn't work, as, when _attach is called, the delivery system may be wrong. Fix it by ensuring that all frequencies are in Hz at the per-tuner max/min values. While here, add a debug message, as this would help to debug any issues there. It partially fixes the following bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1116374 Fixes: a3f90c75 ("media: dvb: convert tuner_info frequencies to Hz") Reported-by:
-
Hans Verkuil authored
commit cb3b2ffb upstream. The size passed to memchr is too large as it assumes the search starts at the start of the buffer, but it can start at an offset. Cc: <stable@vger.kernel.org> # for v4.19 and up Signed-off-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
-
Hans Verkuil authored
commit f96d8448 upstream. When converting gspca to vb2 I missed that fact that the buffer sizes were rounded up to the next page size. As a result some gspca drivers (spca561 being one of them) reported frame overflows. Modify the code to align the buffer sizes to the next page size, just as the original code did. Fixes: 1f5965c4 ("media: gspca: convert to vb2") Tested-off-by:
Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by:
softwarebugs <softwarebugs@protonmail.com> Cc: <stable@vger.kernel.org> # for v4.18 and up Signed-off-by:
-
Chris Chiu authored
commit b72f936f upstream. Acer AIO Veriton Z4860G/Z6860G with the same ALC286 codec has issues with the input from external microphone. The issue can be fixed by the fixup ALC286_FIXUP_ACER_AIO_MIC_NO_PRESENCE for Veriton Z4660G. Signed-off-by:
Jian-Hong Pan <jian-hong@endlessm.com> Signed-off-by:
Daniel Drake <drake@endlessm.com> Signed-off-by:
Chris Chiu <chiu@endlessm.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
Chris Chiu authored
commit 9f8aefed upstream. Acer AIO Veriton Z4660G with ALC286 codec has issue with the input from external microphones connecting via 'Front Mic' jack. The fixup ALC286_FIXUP_ACER_AIO_MIC_NO_PRESENCE enables the jack sensing of the headset and fix the audio input issue of external microphone. Signed-off-by:
-
Chris Chiu authored
commit 705b65f1 upstream. The Acer AIO Aspire C24-860 with ALC286 can't detect the headset microphone. Just like another Acer AIO U27-880, it needs a different pin value for 0x18 and the headset fixup to make headset mic work. Signed-off-by:
-
Chris Chiu authored
commit 33aaebd4 upstream. Acer Aspire U27-880(AIO) with ALC286 codec can not detect headset mic and internal mic not working either. It needs the similar quirk like Sony laptops to fix headphone jack sensing and enables use of the internal microphone. Unfortunately jack sensing for the headset mic is still not working. Signed-off-by:
-
Takashi Iwai authored
commit 54947cd6 upstream. We've got a regression report for some Thinkpad models (at least T570s) which shows the too low speaker output volume. The bisection leaded to the commit 61fcf8ec ("ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform"), and it's basically adding the two pin configurations for the dock, and looks harmless. The real culprit seems, though, that the DAC assignment for the speaker pin is implicitly assumed on these devices, i.e. pin NID 0x14 to be coupled with DAC NID 0x03. When more pins are configured by the commit above, the auto-parser changes the DAC assignment, and this resulted in the regression. As a workaround, just provide the fixed pin / DAC mapping table for this Thinkpad fixup function. It's no generic solution, but the problem itself is pretty much device-specific, so must be good enough. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554304 Fixes: 61fcf8ec ("ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform") Cc: <stable@vger.kernel.org> Reported-and-tested-by:
Jeremy Cline <jcline@redhat.com> Signed-off-by:
-
Takashi Iwai authored
commit 5363857b upstream. As addressed in alsa-lib (commit b420056604f0), we need to fix the case where the evaluation of PCM interval "(x x+1]" leading to -EINVAL. After applying rules, such an interval may be translated as "(x x+1)". Fixes: ff2d6acd ("ALSA: pcm: Fix snd_interval_refine first/last with open min/max") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Takashi Iwai authored
commit b51abed8 upstream. Currently the PCM core calls snd_pcm_unlink() always unconditionally at closing a stream. However, since snd_pcm_unlink() invokes the global rwsem down, the lock can be easily contended. More badly, when a thread runs in a high priority RT-FIFO, it may stall at spinning. Basically the call of snd_pcm_unlink() is required only for the linked streams that are already rare occasion. For normal use cases, this code path is fairly superfluous. As an optimization (and also as a workaround for the RT problem above in normal situations without linked streams), this patch adds a check before calling snd_pcm_unlink() and calls it only when needed. Reported-by:
Chanho Min <chanho.min@lge.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
Chanho Min authored
commit b888a5f7 upstream. Commit 67ec1072 ("ALSA: pcm: Fix rwsem deadlock for non-atomic PCM stream") fixes deadlock for non-atomic PCM stream. But, This patch causes antother stuck. If writer is RT thread and reader is a normal thread, the reader thread will be difficult to get scheduled. It may not give chance to release readlocks and writer gets stuck for a long time if they are pinned to single cpu. The deadlock described in the previous commit is because the linux rwsem queues like a FIFO. So, we might need non-FIFO writelock, not non-block one. My suggestion is that the writer gives reader a chance to be scheduled by using the minimum msleep() instaed of spinning without blocking by writer. Also, The *_nonblock may be changed to *_nonfifo appropriately to this concept. In terms of performance, when trylock is failed, this minimum periodic msleep will have the same performance as the tick-based schedule()/wake_up_q(). [ Although this has a fairly high performance penalty, the relevant code path became already rare due to the previous commit ("ALSA: pcm: Call snd_pcm_unlink() conditionally at closing"). That is, now this unconditional msleep appears only when using linked streams, and this must be a rare case. So we accept this as a quick workaround until finding a more suitable one -- tiwai ] Fixes: 67ec1072 ("ALSA: pcm: Fix rwsem deadlock for non-atomic PCM stream") Suggested-by:
Wonmin Jung <wonmin.jung@lge.com> Signed-off-by:
-
Kai-Heng Feng authored
commit 3deef52c upstream. It's similar to other AMD audio devices, it also supports D3, which can save some power drain. Signed-off-by:
-
Hui Peng authored
commit 5f8cf712 upstream. If a USB sound card reports 0 interfaces, an error condition is triggered and the function usb_audio_probe errors out. In the error path, there was a use-after-free vulnerability where the memory object of the card was first freed, followed by a decrement of the number of active chips. Moving the decrement above the atomic_dec fixes the UAF. [ The original problem was introduced in 3.1 kernel, while it was developed in a different form. The Fixes tag below indicates the original commit but it doesn't mean that the patch is applicable cleanly. -- tiwai ] Fixes: 362e4e49 ("ALSA: usb-audio - clear chip->probing on error exit") Reported-by:
Hui Peng <benquike@gmail.com> Reported-by:
Mathias Payer <mathias.payer@nebelwelt.net> Signed-off-by:
-
Tony Das authored
commit 44ff57e6 upstream. This patch adds quirk VID/PID IDs for the SMSL D1 in order to enable Native DSD support. [ Moved the added entry in numerical order -- tiwai ] Signed-off-by:
Tony Das <tdas444@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
commit f51ccf46 upstream. The USB-serial console implementation has never reported the actual terminal settings used. Despite storing the corresponding cflags in its struct console, these were never honoured on later tty open() where the tty termios would be left initialised to the driver defaults. Unlike the serial console implementation, the USB-serial code calls subdriver open() already at console setup. While calling set_termios() and write() before open() looks like it could work for some USB-serial drivers, others definitely do not expect this, so modelling this after serial core is going to be intrusive, if at all possible. Instead, use a (renamed) tty helper to save the termios data used at console setup so that the tty termios reflects the actual terminal settings after a subsequent tty open(). Note that the calls to tty_init_termios() (tty_driver_install()) and tty_save_termios() are serialised using the disconnect mutex. This specifically fixes a regression that was triggered by a recent change adding software flow control to the pl2303 driver: a getty trying to disable flow control while leaving the baud rate unchanged would now also set the baud rate to the driver default (prior to the flow-control change this had been a noop). Fixes: 7041d9c3 ("USB: serial: pl2303: add support for tx xon/xoff flow control") Cc: stable <stable@vger.kernel.org> # 4.18 Cc: Florian Zumbiehl <florz@florz.de> Reported-by:
Jarkko Nikula <jarkko.nikula@linux.intel.com> Tested-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
-
