- 18 Oct, 2018 7 commits
-
-
Yu Zhao authored
[ Upstream commit 75383f8d ] Internally, skl_init_chip() calls snd_hdac_bus_init_chip() which 1) sets bus->chip_init to prevent multiple entrances before device is stopped; 2) enables interrupt. We shouldn't use it for the purpose of resetting device only because 1) when we really want to initialize device, we won't be able to do so; 2) we are ready to handle interrupt yet, and kernel crashes when interrupt comes in. Rename azx_reset() to snd_hdac_bus_reset_link(), and use it to reset device properly. Fixes: 60767abc ("ASoC: Intel: Skylake: Reset the controller in probe") Reviewed-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Yu Zhao <yuzhao@google.com> Signed-off-by:
Mark Brown <broonie@kernel.org> Signed-off-by:
Sasha Levin <alexander.levin@microsoft.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Yu Zhao authored
[ Upstream commit b61749a8 ] In snd_hdac_bus_init_chip(), we enable interrupt before snd_hdac_bus_init_cmd_io() initializing dma buffers. If irq has been acquired and irq handler uses the dma buffer, kernel may crash when interrupt comes in. Fix the problem by postponing enabling irq after dma buffer initialization. And warn once on null dma buffer pointer during the initialization. Reviewed-by:
-
Kuninori Morimoto authored
[ Upstream commit 6c92d5a2 ] Current rsnd driver will fallback to PIO mode if it can't get DMA handler. But, DMA might return -EPROBE_DEFER when probe timing. This driver always fallback to PIO mode especially from commit ac6bbf0c ("iommu: Remove IOMMU_OF_DECLARE") because of this reason. The DMA driver will be probed later, but sound driver might be probed as PIO mode in such case. This patch fixup this issue. Then, -EPROBE_DEFER is not error. Thus, let's don't indicate error message in such case. And it needs to call rsnd_adg_remove() individually if probe failed, because it registers clk which should be unregister. Maybe PIO fallback feature itself is not needed, but let's keep it so far. Signed-off-by:
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by:
-
Kuninori Morimoto authored
[ Upstream commit 69235ccf ] ADG has buffer over flow bug if DT has more than 3 clock-frequency. This patch fixup this issue, and uses first 2 values. clock-frequency = <x y>; /* this is OK */ clock-frequency = <x y z>; /* this is NG */ Signed-off-by:
Hiroyuki Yokoyama <hiroyuki.yokoyama.vx@renesas.com> Signed-off-by:
-
Danny Smith authored
[ Upstream commit 5ea752c6 ] Fixed range in safeload conditional to allow safeload to up to 20 bytes, without a lower limit. Signed-off-by:
Danny Smith <dannys@axis.com> Acked-by:
Lars-Peter Clausen <lars@metafoo.de> Signed-off-by:
-
Pierre-Louis Bossart authored
[ Upstream commit 960cdd50 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by:
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> Acked-by:
Charles Keepax <ckeepax@opensource.cirrus.com> Signed-off-by:
-
Oder Chiou authored
[ Upstream commit 6f0a2562 ] After our evaluation, we need to modify the default values to make sure the volume applied immediately. Signed-off-by:
Oder Chiou <oder_chiou@realtek.com> Signed-off-by:
-
- 10 Oct, 2018 1 commit
-
-
Kai-Heng Feng authored
commit 709ae62e upstream. The issue is the same as commit dd9aa335 ("ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO"), the output requires to connect to a node with Amp-out capability. Applying the same fixup ALC298_FIXUP_SPK_VOLUME can fix the issue. BugLink: https://bugs.launchpad.net/bugs/1775068Signed-off-by:
Kai-Heng Feng <kai.heng.feng@canonical.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
- 04 Oct, 2018 3 commits
-
-
Liam Girdwood authored
[ Upstream commit e01b4f62 ] Sometime a component or topology may configure a DAI widget with no private data leading to a dev_dbg() dereferencne of this data. Fix this to check for non NULL private data and let users know if widget is missing DAI. Signed-off-by:
Liam Girdwood <liam.r.girdwood@linux.intel.com> Signed-off-by:
-
Kai-Heng Feng authored
[ Upstream commit 1adca4b0 ] This patch can make audio controller in AMD Raven Ridge gets runtime suspended to D3, to save ~1W power when it's not in use. Cc: Vijendar Mukunda <Vijendar.Mukunda@amd.com> Signed-off-by:
-
Nicholas Mc Guire authored
[ Upstream commit 222bce5e ] Both calls to of_find_node_by_name() and of_get_next_child() return a node pointer with refcount incremented thus it must be explicidly decremented here after the last usage. As we are assured to have a refcounted np either from the initial of_find_node_by_name(NULL, name); or from the of_get_next_child(gpio, np) in the while loop if we reached the error code path below, an x of_node_put(np) is needed. Signed-off-by:
Nicholas Mc Guire <hofrat@osadl.org> Fixes: commit f3d9478b ("[ALSA] snd-aoa: add snd-aoa") Signed-off-by:
-
- 29 Sep, 2018 12 commits
-
-
Takashi Sakamoto authored
commit 498fe23a upstream. Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 6c29230e ('ALSA: oxfw: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by:
-
Takashi Sakamoto authored
commit 1064bc68 upstream. After finishing discover of stream formats, ALSA OXFW driver has memory leak of allocated memory object at error path. This commit releases the memory object at the error path. Fixes: 6c29230e ('ALSA: oxfw: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Takashi Sakamoto authored
commit ce925f08 upstream. After allocating model-dependent data, ALSA OXFW driver has memory leak of the data at error path. This commit releases the data at the error path. Fixes: 6c29230e ('ALSA: oxfw: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Takashi Sakamoto authored
commit c3b55e2e upstream. After allocating memory object for response buffer, ALSA fireworks driver has leak of the memory object at error path. This commit releases the object at the error path. Fixes: 7d3c1d59('ALSA: fireworks: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Takashi Sakamoto authored
commit 8d28277c upstream. Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: b610386c ('ALSA: firewire-tascam: deleyed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Takashi Sakamoto authored
commit a49a83ab upstream. Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 86c8dd7f ('ALSA: firewire-digi00x: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Takashi Sakamoto authored
commit 36f3a6e0 upstream. An allocated memory forgets to be released. Fixes: 76fdb3a9 ('ALSA: fireface: add support for Fireface 400') Cc: <stable@vger.kernel.org> # 4.12+ Signed-off-by:
-
Willy Tarreau authored
commit 49434c6c upstream. snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates memory using kmalloc() and partially fills it by calling snd_emu10k1_fx8010_info() before returning the resulting structure to userspace, leaving uninitialized holes. Let's just use kzalloc() here. BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.htmlSigned-off-by:
Willy Tarreau <w@1wt.eu> Cc: Jann Horn <jannh@google.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
Takashi Sakamoto authored
commit 493626f2 upstream. When executing 'fw_run_transaction()' with 'TCODE_WRITE_BLOCK_REQUEST', an address of 'payload' argument is used for streaming DMA mapping by 'firewire_ohci' module if 'size' argument is larger than 8 byte. Although in this case the address should not be on kernel stack, current implementation of ALSA bebob driver uses data in kernel stack for a cue to boot M-Audio devices. This often brings unexpected result, especially for a case of CONFIG_VMAP_STACK=y. This commit fixes the bug. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=201021 Reference: https://forum.manjaro.org/t/firewire-m-audio-410-driver-wont-load-firmware/51165 Fixes: a2b2a779('ALSA: bebob: Send a cue to load firmware for M-Audio Firewire series') Cc: <stable@vger.kernel.org> # v3.16+ Signed-off-by:
-
Takashi Sakamoto authored
commit b1fbebd4 upstream. After allocating model-dependent data for M-Audio FW1814 and ProjectMix I/O, ALSA bebob driver has memory leak at error path. This commit releases the allocated data at the error path. Fixes: 04a2c73c('ALSA: bebob: delayed registration of sound card') Cc: <stable@vger.kernel.org> # v4.7+ Signed-off-by:
-
Jiada Wang authored
commit 4d230d12 upstream. Clocking operations clk_get/set_rate, are non-atomic, they shouldn't be called in soc_pcm_trigger() which is atomic. Following issue was found due to execution of clk_get_rate() causes sleep in soc_pcm_trigger(), which shouldn't be blocked. We can reproduce this issue by following > enable CONFIG_DEBUG_ATOMIC_SLEEP=y > compile, and boot > mount -t debugfs none /sys/kernel/debug > while true; do cat /sys/kernel/debug/clk/clk_summary > /dev/null; done & > while true; do aplay xxx; done This patch adds support to .prepare callback, and moves non-atomic clocking operations to it. As .prepare is non-atomic, it is always called before trigger_start/trigger_stop. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620 in_atomic(): 1, irqs_disabled(): 128, pid: 2242, name: aplay INFO: lockdep is turned off. irq event stamp: 5964 hardirqs last enabled at (5963): [<ffff200008e59e40>] mutex_lock_nested+0x6e8/0x6f0 hardirqs last disabled at (5964): [<ffff200008e623f0>] _raw_spin_lock_irqsave+0x24/0x68 softirqs last enabled at (5502): [<ffff200008081838>] __do_softirq+0x560/0x10c0 softirqs last disabled at (5495): [<ffff2000080c2e78>] irq_exit+0x160/0x25c Preemption disabled at:[ 62.904063] [<ffff200008be4d48>] snd_pcm_stream_lock+0xb4/0xc0 CPU: 2 PID: 2242 Comm: aplay Tainted: G B C 4.9.54+ #186 Hardware name: Renesas Salvator-X board based on r8a7795 (DT) Call trace: [<ffff20000808fe48>] dump_backtrace+0x0/0x37c [<ffff2000080901d8>] show_stack+0x14/0x1c [<ffff2000086f4458>] dump_stack+0xfc/0x154 [<ffff2000081134a0>] ___might_sleep+0x57c/0x58c [<ffff2000081136b8>] __might_sleep+0x208/0x21c [<ffff200008e5980c>] mutex_lock_nested+0xb4/0x6f0 [<ffff2000087cac74>] clk_prepare_lock+0xb0/0x184 [<ffff2000087cb094>] clk_core_get_rate+0x14/0x54 [<ffff2000087cb0f4>] clk_get_rate+0x20/0x34 [<ffff20000113aa00>] rsnd_adg_ssi_clk_try_start+0x158/0x4f8 [snd_soc_rcar] [<ffff20000113da00>] rsnd_ssi_init+0x668/0x7a0 [snd_soc_rcar] [<ffff200001133ff4>] rsnd_soc_dai_trigger+0x4bc/0xcf8 [snd_soc_rcar] [<ffff200008c1af24>] soc_pcm_trigger+0x2a4/0x2d4 Fixes: e7d850dd ("ASoC: rsnd: use mod base common method on SSI-parent") Signed-off-by:
Jiada Wang <jiada_wang@mentor.com> Signed-off-by:
Timo Wischer <twischer@de.adit-jv.com> [Kuninori: tidyup for upstream] Signed-off-by:
-
Sébastien Szymanski authored
commit 90a3b7f8 upstream. The MMTLR bit is in the CS4265_SPDIF_CTL2 register at address 0x12 bit 0 and not at address 0x0 bit 1. Fix this. Signed-off-by:
Sébastien Szymanski <sebastien.szymanski@armadeus.com> Signed-off-by:
-
- 26 Sep, 2018 6 commits
-
-
Jaechul Lee authored
commit 975b6a93 upstream. devm_gpiod_get is called with GPIOF_OUT_INIT_LOW but the function doesn't allow the parameters. Unluckily, GPIOF_OUT_INIT_LOW is same value as GPIOD_ASIS and gpio direction isn't set properly. Muted stream comes up when I try recording some sounds on TM2. mic-bias gpiod state can't be changed because the gpiod is created with the invalid parameter. The gpio should be set GPIOD_OUT_HIGH. Fixes: 1bfbc260 ("ASoC: samsung: Add machine driver for Exynos5433 based TM2 board") Signed-off-by:
Jaechul Lee <jcsing.lee@samsung.com> Reviewed-by:
Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by:
Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by:
-
Christophe Jaillet authored
commit 6431a7e3 upstream. If 'clk_prepare_enable()' fails, we must 'put' the corresponding clock. Othewise, there is a resource leak. Fixes: f5c97c7b ("ASoC: samsung: i2s: Handle return value of clk_prepare_enable.") Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
-
Timo Wischer authored
[ Upstream commit ff2d6acd ] Without this commit the following intervals [x y), (x y) were be replaced to (y-1 y) by snd_interval_refine_last(). This was also done if y-1 is part of the previous interval. With this changes it will be replaced with [y-1 y) in case of y-1 is part of the previous interval. A similar behavior will be used for snd_interval_refine_first(). This commit adapts the changes for alsa-lib of commit 9bb985c ("pcm: snd_interval_refine_first/last: exclude value only if also excluded before") Signed-off-by:
-
Oder Chiou authored
[ Upstream commit d96f8bd2 ] The patch fixes the issue of the delay volume applied. Signed-off-by:
-
Takashi Iwai authored
[ Upstream commit bd1cd0eb ] AU0828_DEVICE() macro in quirks-table.h uses USB_DEVICE_VENDOR_SPEC() for expanding idVendor and idProduct fields. However, the latter macro adds also match_flags and bInterfaceClass, which are different from the values AU0828_DEVICE() macro sets after that. For fixing them, just expand idVendor and idProduct fields manually in AU0828_DEVICE(). This fixes sparse warnings like: sound/usb/quirks-table.h:2892:1: warning: Initializer entry defined twice Signed-off-by:
-
Takashi Iwai authored
[ Upstream commit 7c500f9e ] The default sample sizes set by msnd driver are bogus; it sets ALSA PCM format, not the actual bit width. Signed-off-by:
-
- 19 Sep, 2018 1 commit
-
-
Takashi Iwai authored
commit 16037643 upstream. On AMD/ATI controllers, the HD-audio controller driver allows a bus reset upon the error recovery, and its procedure includes the cancellation of pending jack polling work as found in snd_hda_bus_codec_reset(). This works usually fine, but it becomes a problem when the reset happens from the jack poll work itself; then calling cancel_work_sync() from the work being processed tries to wait the finish endlessly. As a workaround, this patch adds the check of current_work() and applies the cancel_work_sync() only when it's not from the jackpoll_work. This doesn't fix the root cause of the reported error below, but at least, it eases the unexpected stall of the whole system. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200937 Cc: <stable@vger.kernel.org> Cc: Lukas Wunner <lukas@wunner.de> Signed-off-by:
-
- 15 Sep, 2018 2 commits
-
-
Gustavo A. R. Silva authored
commit ad0eaee6 upstream. Add missing break statement in order to prevent the code from falling through to the default case. Addresses-Coverity-ID: 115050 ("Missing break in switch") Reported-by:
Valdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by:
Gustavo A. R. Silva <gustavo@embeddedor.com> Acked-by:
-
Matthias Kaehlcke authored
[ Upstream commit f861e3e2 ] The driver expects to find the device id in rt5677_of_match.data, however it is currently assigned to rt5677_of_match.type. Fix this. The problem was found with the help of clang: sound/soc/codecs/rt5677.c:5010:36: warning: expression which evaluates to zero treated as a null pointer constant of type 'const void *' [-Wnon-literal-null-conversion] { .compatible = "realtek,rt5677", RT5677 }, ^~~~~~ Fixes: ddc9e69b ("ASoC: rt5677: Hide platform data in the module sources") Signed-off-by:
Matthias Kaehlcke <mka@chromium.org> Reviewed-by:
Guenter Roeck <groeck@chromium.org> Acked-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
-
- 05 Sep, 2018 3 commits
-
-
Gustavo A. R. Silva authored
commit ae1c696a upstream. There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we will end up having a NULL pointer dereference. Fix this by replacing devm_ioremap with devm_ioremap_resource, which has the NULL check and the memory region request. This code was detected with the help of Coccinelle. Cc: stable@vger.kernel.org Fixes: 2bd8d1d5 ("ASoC: sirf: Add audio usp interface driver") Signed-off-by:
-
Takashi Iwai authored
commit c889a45d upstream. zx-tdm driver sets the DAI driver definitions with the format bits wrongly set with SNDRV_PCM_FORMAT_*, instead of SNDRV_PCM_FMTBIT_*. This patch corrects the definitions. Spotted by a sparse warning: sound/soc/zte/zx-tdm.c:363:35: warning: restricted snd_pcm_format_t degrades to integer Fixes: 870e0ddc ("ASoC: zx-tdm: add zte's tdm controller driver") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Jerome Brunet authored
commit 4febced1 upstream. When merging codec formats, dpcm_runtime_base_format() should skip the codecs which are not supporting the current stream direction. At the moment, if a BE link has more than one codec, and only one of these codecs has no capture DAI, it becomes impossible to start a capture stream because the merged format would be 0. Skipping invalid codec DAI solves the problem. Fixes: b073ed4e ("ASoC: soc-pcm: DPCM cares BE format") Signed-off-by:
Jerome Brunet <jbrunet@baylibre.com> Signed-off-by:
-
- 24 Aug, 2018 1 commit
-
-
Takashi Iwai authored
[ Upstream commit c9a4c638 ] The kernel may spew a WARNING with UBSAN undefined behavior at handling ALSA sequencer ioctl SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT: UBSAN: Undefined behaviour in sound/core/seq/seq_clientmgr.c:2007:14 signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x122/0x1c8 lib/dump_stack.c:113 ubsan_epilogue+0x12/0x86 lib/ubsan.c:159 handle_overflow+0x1c2/0x21f lib/ubsan.c:190 __ubsan_handle_add_overflow+0x2a/0x31 lib/ubsan.c:198 snd_seq_ioctl_query_next_client+0x1ac/0x1d0 sound/core/seq/seq_clientmgr.c:2007 snd_seq_ioctl+0x264/0x3d0 sound/core/seq/seq_clientmgr.c:2144 .... It happens only when INT_MAX is passed there, as we're incrementing it unconditionally. So the fix is trivial, check the value with INT_MAX. Although the bug itself is fairly harmless, it's better to fix it so that fuzzers won't hit this again later. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200211Signed-off-by:
-
- 22 Aug, 2018 4 commits
-
-
Takashi Iwai authored
commit 3acd3e3b upstream. The endian conversions used in vxp_dma_read() and vxp_dma_write() are superfluous and even wrong on big-endian machines, as inw() and outw() already do conversions. Kill them. Cc: <stable@vger.kernel.org> Signed-off-by:
-
Takashi Iwai authored
commit dfef01e1 upstream. snd_dma_alloc_pages_fallback() tries to allocate pages again when the allocation fails with reduced size. But the first try actually *increases* the size to power-of-two, which may give back a larger chunk than the requested size. This confuses the callers, e.g. sgbuf assumes that the size is equal or less, and it may result in a bad loop due to the underflow and eventually lead to Oops. The code of this function seems incorrectly assuming the usage of get_order(). We need to decrease at first, then align to power-of-two. Reported-and-tested-by:
he, bo <bo.he@intel.com> Reported-by:
zhang jun <jun.zhang@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by:
-
Hans de Goede authored
commit 8e82a728 upstream. I added the subsys product-id for the HDMI HDA device rather then for the PCH one, this commit fixes this. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1525104 Cc: stable@vger.kernel.org Signed-off-by:
Hans de Goede <hdegoede@redhat.com> Signed-off-by:
-
Takashi Iwai authored
commit 69756930 upstream. One place in cs5535audio_build_dma_packets() does an extra conversion via cpu_to_le32(); namely jmpprd_addr is passed to setup_prd() ops, which writes the value via cs_writel(). That is, the callback does the conversion by itself, and we don't need to convert beforehand. This patch fixes that bogus conversion. Cc: <stable@vger.kernel.org> Signed-off-by:
-
