1. 10 Nov, 2019 28 commits
  2. 06 Nov, 2019 12 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.19.82 · 5ee93551
      Greg Kroah-Hartman authored
      5ee93551
    • Takashi Iwai's avatar
      Revert "ALSA: hda: Flush interrupts on disabling" · 914a7d42
      Takashi Iwai authored
      [ Upstream commit 1a7f60b9 ]
      
      This reverts commit caa8422d.
      
      It turned out that this commit caused a regression at shutdown /
      reboot, as the synchronize_irq() calls seems blocking the whole
      shutdown.  Also another part of the change about shuffling the call
      order looks suspicious; the azx_stop_chip() call disables the CORB /
      RIRB while the others may still need the CORB/RIRB update.
      
      Since the original commit itself was a cargo-fix, let's revert the
      whole patch.
      
      Fixes: caa8422d ("ALSA: hda: Flush interrupts on disabling")
      BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=205333
      BugLinK: https://bugs.freedesktop.org/show_bug.cgi?id=111174Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Link: https://lore.kernel.org/r/20191028081056.22010-1-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      914a7d42
    • Nicholas Piggin's avatar
      powerpc/powernv: Fix CPU idle to be called with IRQs disabled · 8f560302
      Nicholas Piggin authored
      [ Upstream commit 7d647505 ]
      
      Commit e78a7614 ("idle: Prevent late-arriving interrupts from
      disrupting offline") changes arch_cpu_idle_dead to be called with
      interrupts disabled, which triggers the WARN in pnv_smp_cpu_kill_self.
      
      Fix this by fixing up irq_happened after hard disabling, rather than
      requiring there are no pending interrupts, similarly to what was done
      done until commit 2525db04 ("powerpc/powernv: Simplify lazy IRQ
      handling in CPU offline").
      
      Fixes: e78a7614 ("idle: Prevent late-arriving interrupts from disrupting offline")
      Reported-by: default avatarPaul Mackerras <paulus@samba.org>
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      [mpe: Add unexpected_mask rather than checking for known bad values,
            change the WARN_ON() to a WARN_ON_ONCE()]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20191022115814.22456-1-npiggin@gmail.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      8f560302
    • Justin Song's avatar
      ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface · 92930e92
      Justin Song authored
      [ Upstream commit e2995b95 ]
      
      This patch adds native DSD support for Gustard U16/X26 USB Interface.
      Tested using VID and fp->dsd_raw method.
      Signed-off-by: default avatarJustin Song <flyingecar@gmail.com>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/CA+9XP1ipsFn+r3bCBKRinQv-JrJ+EHOGBdZWZoMwxFv0R8Y1MQ@mail.gmail.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      92930e92
    • Jussi Laako's avatar
      ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel · c08182db
      Jussi Laako authored
      [ Upstream commit 0067e154 ]
      
      Oppo has issued firmware updates that change alt setting used for DSD
      support. However, these devices seem to support auto-detection, so
      support is moved from explicit whitelisting to auto-detection.
      
      Also Rotel devices have USB interfaces that support DSD with
      auto-detection.
      Signed-off-by: default avatarJussi Laako <jussi@sonarnerd.net>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      c08182db
    • Jussi Laako's avatar
      ALSA: usb-audio: DSD auto-detection for Playback Designs · d8808d2e
      Jussi Laako authored
      [ Upstream commit eb7505d5 ]
      
      Add DSD support auto-detection for newer Playback Designs devices. Older
      device generations have a different USB interface implementation.
      
      Keep the auto-detection VID whitelist sorted.
      Signed-off-by: default avatarJussi Laako <jussi@sonarnerd.net>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      d8808d2e
    • Takashi Iwai's avatar
      ALSA: timer: Fix mutex deadlock at releasing card · 83131743
      Takashi Iwai authored
      [ Upstream commit a3933186 ]
      
      When a card is disconnected while in use, the system waits until all
      opened files are closed then releases the card.  This is done via
      put_device() of the card device in each device release code.
      
      The recently reported mutex deadlock bug happens in this code path;
      snd_timer_close() for the timer device deals with the global
      register_mutex and it calls put_device() there.  When this timer
      device is the last one, the card gets freed and it eventually calls
      snd_timer_free(), which has again the protection with the global
      register_mutex -- boom.
      
      Basically put_device() call itself is race-free, so a relative simple
      workaround is to move this put_device() call out of the mutex.  For
      achieving that, in this patch, snd_timer_close_locked() got a new
      argument to store the card device pointer in return, and each caller
      invokes put_device() with the returned object after the mutex unlock.
      Reported-and-tested-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      83131743
    • Takashi Iwai's avatar
      ALSA: timer: Simplify error path in snd_timer_open() · 145fadf6
      Takashi Iwai authored
      [ Upstream commit 41672c0c ]
      
      Just a minor refactoring to use the standard goto for error paths in
      snd_timer_open() instead of open code.  The first mutex_lock() is
      moved to the beginning of the function to make the code clearer.
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      145fadf6
    • Eric Dumazet's avatar
      sch_netem: fix rcu splat in netem_enqueue() · a6c91087
      Eric Dumazet authored
      commit 159d2c7d upstream.
      
      qdisc_root() use from netem_enqueue() triggers a lockdep warning.
      
      __dev_queue_xmit() uses rcu_read_lock_bh() which is
      not equivalent to rcu_read_lock() + local_bh_disable_bh as far
      as lockdep is concerned.
      
      WARNING: suspicious RCU usage
      5.3.0-rc7+ #0 Not tainted
      -----------------------------
      include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage!
      
      other info that might help us debug this:
      
      rcu_scheduler_active = 2, debug_locks = 1
      3 locks held by syz-executor427/8855:
       #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
       #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 net/ipv4/ip_output.c:214
       #1: 00000000b5525c01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804
       #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
       #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline]
       #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838
      
      stack backtrace:
      CPU: 0 PID: 8855 Comm: syz-executor427 Not tainted 5.3.0-rc7+ #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x172/0x1f0 lib/dump_stack.c:113
       lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357
       qdisc_root include/net/sch_generic.h:492 [inline]
       netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479
       __dev_xmit_skb net/core/dev.c:3527 [inline]
       __dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838
       dev_queue_xmit+0x18/0x20 net/core/dev.c:3902
       neigh_hh_output include/net/neighbour.h:500 [inline]
       neigh_output include/net/neighbour.h:509 [inline]
       ip_finish_output2+0x1726/0x2570 net/ipv4/ip_output.c:228
       __ip_finish_output net/ipv4/ip_output.c:308 [inline]
       __ip_finish_output+0x5fc/0xb90 net/ipv4/ip_output.c:290
       ip_finish_output+0x38/0x1f0 net/ipv4/ip_output.c:318
       NF_HOOK_COND include/linux/netfilter.h:294 [inline]
       ip_mc_output+0x292/0xf40 net/ipv4/ip_output.c:417
       dst_output include/net/dst.h:436 [inline]
       ip_local_out+0xbb/0x190 net/ipv4/ip_output.c:125
       ip_send_skb+0x42/0xf0 net/ipv4/ip_output.c:1555
       udp_send_skb.isra.0+0x6b2/0x1160 net/ipv4/udp.c:887
       udp_sendmsg+0x1e96/0x2820 net/ipv4/udp.c:1174
       inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807
       sock_sendmsg_nosec net/socket.c:637 [inline]
       sock_sendmsg+0xd7/0x130 net/socket.c:657
       ___sys_sendmsg+0x3e2/0x920 net/socket.c:2311
       __sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413
       __do_sys_sendmmsg net/socket.c:2442 [inline]
       __se_sys_sendmmsg net/socket.c:2439 [inline]
       __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2439
       do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a6c91087
    • Valentin Vidic's avatar
      net: usb: sr9800: fix uninitialized local variable · 3ecf8529
      Valentin Vidic authored
      commit 77b6d09f upstream.
      
      Make sure res does not contain random value if the call to
      sr_read_cmd fails for some reason.
      
      Reported-by: syzbot+f1842130bbcfb335bac1@syzkaller.appspotmail.com
      Signed-off-by: default avatarValentin Vidic <vvidic@valentin-vidic.from.hr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3ecf8529
    • Eric Dumazet's avatar
      bonding: fix potential NULL deref in bond_update_slave_arr · 14a703ef
      Eric Dumazet authored
      commit a7137534 upstream.
      
      syzbot got a NULL dereference in bond_update_slave_arr() [1],
      happening after a failure to allocate bond->slave_arr
      
      A workqueue (bond_slave_arr_handler) is supposed to retry
      the allocation later, but if the slave is removed before
      the workqueue had a chance to complete, bond->slave_arr
      can still be NULL.
      
      [1]
      
      Failed to build slave-array.
      kasan: CONFIG_KASAN_INLINE enabled
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] SMP KASAN PTI
      Modules linked in:
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:bond_update_slave_arr.cold+0xc6/0x198 drivers/net/bonding/bond_main.c:4039
      RSP: 0018:ffff88018fe33678 EFLAGS: 00010246
      RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000290b000
      RDX: 0000000000000000 RSI: ffffffff82b63037 RDI: ffff88019745ea20
      RBP: ffff88018fe33760 R08: ffff880170754280 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: ffff88019745ea00 R14: 0000000000000000 R15: ffff88018fe338b0
      FS:  00007febd837d700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000004540a0 CR3: 00000001c242e005 CR4: 00000000001626f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       [<ffffffff82b5b45e>] __bond_release_one+0x43e/0x500 drivers/net/bonding/bond_main.c:1923
       [<ffffffff82b5b966>] bond_release drivers/net/bonding/bond_main.c:2039 [inline]
       [<ffffffff82b5b966>] bond_do_ioctl+0x416/0x870 drivers/net/bonding/bond_main.c:3562
       [<ffffffff83ae25f4>] dev_ifsioc+0x6f4/0x940 net/core/dev_ioctl.c:328
       [<ffffffff83ae2e58>] dev_ioctl+0x1b8/0xc70 net/core/dev_ioctl.c:495
       [<ffffffff83995ffd>] sock_do_ioctl+0x1bd/0x300 net/socket.c:1088
       [<ffffffff83996a80>] sock_ioctl+0x300/0x5d0 net/socket.c:1196
       [<ffffffff81b124db>] vfs_ioctl fs/ioctl.c:47 [inline]
       [<ffffffff81b124db>] file_ioctl fs/ioctl.c:501 [inline]
       [<ffffffff81b124db>] do_vfs_ioctl+0xacb/0x1300 fs/ioctl.c:688
       [<ffffffff81b12dc6>] SYSC_ioctl fs/ioctl.c:705 [inline]
       [<ffffffff81b12dc6>] SyS_ioctl+0xb6/0xe0 fs/ioctl.c:696
       [<ffffffff8101ccc8>] do_syscall_64+0x528/0x770 arch/x86/entry/common.c:305
       [<ffffffff84400091>] entry_SYSCALL_64_after_hwframe+0x42/0xb7
      
      Fixes: ee637714 ("bonding: Simplify the xmit function for modes that use xmit_hash")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: Mahesh Bandewar <maheshb@google.com>
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      14a703ef
    • Johan Hovold's avatar
      NFC: pn533: fix use-after-free and memleaks · 24aaf7f4
      Johan Hovold authored
      commit 6af3aa57 upstream.
      
      The driver would fail to deregister and its class device and free
      related resources on late probe errors.
      
      Reported-by: syzbot+cb035c75c03dbe34b796@syzkaller.appspotmail.com
      Fixes: 32ecc75d ("NFC: pn533: change order operations in dev registation")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      24aaf7f4