08 Sep, 2016
2 commits
-
When a seq-virmidi driver is initialized, it registers a rawmidi
instance with its callback to create an associated seq kernel client.
Currently it's done throughly in rawmidi's register_mutex context.
Recently it was found that this may lead to a deadlock another rawmidi
device that is being attached with the sequencer is accessed, as both
open with the same register_mutex. This was actually triggered by
syzkaller, as Dmitry Vyukov reported:======================================================
[ INFO: possible circular locking dependency detected ]
4.8.0-rc1+ #11 Not tainted
-------------------------------------------------------
syz-executor/7154 is trying to acquire lock:
(register_mutex#5){+.+.+.}, at: [] snd_rawmidi_kernel_open+0x4b/0x260 sound/core/rawmidi.c:341but task is already holding lock:
(&grp->list_mutex){++++.+}, at: [] check_and_subscribe_port+0x5b/0x5c0 sound/core/seq/seq_ports.c:495which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&grp->list_mutex){++++.+}:
[] lock_acquire+0x208/0x430 kernel/locking/lockdep.c:3746
[] down_read+0x49/0xc0 kernel/locking/rwsem.c:22
[< inline >] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:681
[] snd_seq_deliver_event+0x35e/0x890 sound/core/seq/seq_clientmgr.c:822
[] > snd_seq_kernel_client_dispatch+0x126/0x170 sound/core/seq/seq_clientmgr.c:2418
[] snd_seq_system_broadcast+0xb2/0xf0 sound/core/seq/seq_system.c:101
[] snd_seq_create_kernel_client+0x24a/0x330 sound/core/seq/seq_clientmgr.c:2297
[< inline >] snd_virmidi_dev_attach_seq sound/core/seq/seq_virmidi.c:383
[] snd_virmidi_dev_register+0x29f/0x750 sound/core/seq/seq_virmidi.c:450
[] snd_rawmidi_dev_register+0x30c/0xd40 sound/core/rawmidi.c:1645
[] __snd_device_register.part.0+0x63/0xc0 sound/core/device.c:164
[< inline >] __snd_device_register sound/core/device.c:162
[] snd_device_register_all+0xad/0x110 sound/core/device.c:212
[] snd_card_register+0xef/0x6c0 sound/core/init.c:749
[] snd_virmidi_probe+0x3ef/0x590 sound/drivers/virmidi.c:123
[] platform_drv_probe+0x8b/0x170 drivers/base/platform.c:564
......-> #0 (register_mutex#5){+.+.+.}:
[< inline >] check_prev_add kernel/locking/lockdep.c:1829
[< inline >] check_prevs_add kernel/locking/lockdep.c:1939
[< inline >] validate_chain kernel/locking/lockdep.c:2266
[] __lock_acquire+0x4d44/0x4d80 kernel/locking/lockdep.c:3335
[] lock_acquire+0x208/0x430 kernel/locking/lockdep.c:3746
[< inline >] __mutex_lock_common kernel/locking/mutex.c:521
[] mutex_lock_nested+0xb1/0xa20 kernel/locking/mutex.c:621
[] snd_rawmidi_kernel_open+0x4b/0x260 sound/core/rawmidi.c:341
[] midisynth_subscribe+0xf7/0x350 sound/core/seq/seq_midi.c:188
[< inline >] subscribe_port sound/core/seq/seq_ports.c:427
[] check_and_subscribe_port+0x467/0x5c0 sound/core/seq/seq_ports.c:510
[] snd_seq_port_connect+0x2c9/0x500 sound/core/seq/seq_ports.c:579
[] snd_seq_ioctl_subscribe_port+0x1d8/0x2b0 sound/core/seq/seq_clientmgr.c:1480
[] snd_seq_do_ioctl+0x184/0x1e0 sound/core/seq/seq_clientmgr.c:2225
[] snd_seq_kernel_client_ctl+0xa8/0x110 sound/core/seq/seq_clientmgr.c:2440
[] snd_seq_oss_midi_open+0x3b4/0x610 sound/core/seq/oss/seq_oss_midi.c:375
[] snd_seq_oss_synth_setup_midi+0x107/0x4c0 sound/core/seq/oss/seq_oss_synth.c:281
[] snd_seq_oss_open+0x748/0x8d0 sound/core/seq/oss/seq_oss_init.c:274
[] odev_open+0x6a/0x90 sound/core/seq/oss/seq_oss.c:138
[] soundcore_open+0x30f/0x640 sound/sound_core.c:639
......other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&grp->list_mutex);
lock(register_mutex#5);
lock(&grp->list_mutex);
lock(register_mutex#5);*** DEADLOCK ***
======================================================The fix is to simply move the registration parts in
snd_rawmidi_dev_register() to the outside of the register_mutex lock.
The lock is needed only to manage the linked list, and it's not
necessarily to cover the whole initialization process.Reported-by: Dmitry Vyukov
Cc:
Signed-off-by: Takashi Iwai -
When a user timer instance is continued without the explicit start
beforehand, the system gets eventually zero-division error like:divide error: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
CPU: 1 PID: 27320 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003c9b2280 task.stack: ffff880027280000
RIP: 0010:[] [< inline >] ktime_divns include/linux/ktime.h:195
RIP: 0010:[] [] snd_hrtimer_callback+0x1bc/0x3c0 sound/core/hrtimer.c:62
Call Trace:
[< inline >] __run_hrtimer kernel/time/hrtimer.c:1238
[] __hrtimer_run_queues+0x325/0xe70 kernel/time/hrtimer.c:1302
[] hrtimer_interrupt+0x18b/0x420 kernel/time/hrtimer.c:1336
[] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:933
[] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:957
[] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:487
.....Although a similar issue was spotted and a fix patch was merged in
commit [6b760bb2c63a: ALSA: timer: fix division by zero after
SNDRV_TIMER_IOCTL_CONTINUE], it seems covering only a part of
iceberg.In this patch, we fix the issue a bit more drastically. Basically the
continue of an uninitialized timer is supposed to be a fresh start, so
we do it for user timers. For the direct snd_timer_continue() call,
there is no way to pass the initial tick value, so we kick out for the
uninitialized case.Reported-by: Dmitry Vyukov
Cc:
Signed-off-by: Takashi Iwai
02 Sep, 2016
1 commit
-
I got this with syzkaller:
==================================================================
BUG: KASAN: null-ptr-deref on address 0000000000000020
Read of size 32 by task syz-executor/22519
CPU: 1 PID: 22519 Comm: syz-executor Not tainted 4.8.0-rc2+ #169
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2
014
0000000000000001 ffff880111a17a00 ffffffff81f9f141 ffff880111a17a90
ffff880111a17c50 ffff880114584a58 ffff880114584a10 ffff880111a17a80
ffffffff8161fe3f ffff880100000000 ffff880118d74a48 ffff880118d74a68
Call Trace:
[] dump_stack+0x83/0xb2
[] kasan_report_error+0x41f/0x4c0
[] kasan_report+0x34/0x40
[] ? snd_timer_user_read+0x554/0x790
[] check_memory_region+0x13e/0x1a0
[] kasan_check_read+0x11/0x20
[] snd_timer_user_read+0x554/0x790
[] ? snd_timer_user_info_compat.isra.5+0x2b0/0x2b0
[] ? proc_fault_inject_write+0x1c1/0x250
[] ? next_tgid+0x2a0/0x2a0
[] ? do_group_exit+0x108/0x330
[] ? fsnotify+0x72a/0xca0
[] __vfs_read+0x10e/0x550
[] ? snd_timer_user_info_compat.isra.5+0x2b0/0x2b0
[] ? do_sendfile+0xc50/0xc50
[] ? __fsnotify_update_child_dentry_flags+0x60/0x60
[] ? kcov_ioctl+0x56/0x190
[] ? common_file_perm+0x2e2/0x380
[] ? __fsnotify_parent+0x5e/0x2b0
[] ? security_file_permission+0x86/0x1e0
[] ? rw_verify_area+0xe5/0x2b0
[] vfs_read+0x115/0x330
[] SyS_read+0xd1/0x1a0
[] ? vfs_write+0x4b0/0x4b0
[] ? __this_cpu_preempt_check+0x1c/0x20
[] ? __context_tracking_exit.part.4+0x3a/0x1e0
[] ? vfs_write+0x4b0/0x4b0
[] do_syscall_64+0x1c4/0x4e0
[] ? syscall_return_slowpath+0x16c/0x1d0
[] entry_SYSCALL64_slow_path+0x25/0x25
==================================================================There are a couple of problems that I can see:
- ioctl(SNDRV_TIMER_IOCTL_SELECT), which potentially sets
tu->queue/tu->tqueue to NULL on memory allocation failure, so read()
would get a NULL pointer dereference like the above splat- the same ioctl() can free tu->queue/to->tqueue which means read()
could potentially see (and dereference) the freed pointerWe can fix both by taking the ioctl_lock mutex when dereferencing
->queue/->tqueue, since that's always held over all the ioctl() code.Just looking at the code I find it likely that there are more problems
here such as tu->qhead pointing outside the buffer if the size is
changed concurrently using SNDRV_TIMER_IOCTL_PARAMS.Signed-off-by: Vegard Nossum
Cc:
Signed-off-by: Takashi Iwai
31 Aug, 2016
2 commits
-
In hwdep interface of fireworks driver, accessing to user space is in a
critical section with disabled local interrupt. Depending on architecture,
accessing to user space can cause page fault exception. Then local
processor stores machine status and handles the synchronous event. A
handler corresponding to the event can call task scheduler to wait for
preparing pages. In a case of usage of single core processor, the state to
disable local interrupt is worse because it don't handle usual interrupts
from hardware.This commit fixes this bug, performing the accessing outside spinlock. This
commit also gives up counting the number of queued response messages to
simplify ring-buffer management.Reported-by: Vaishali Thakkar
Cc: stable@vger.kernel.org
Fixes: 555e8a8f7f14('ALSA: fireworks: Add command/response functionality into hwdep interface')
Signed-off-by: Takashi Sakamoto
Signed-off-by: Takashi Iwai -
In hwdep interface of firewire-tascam driver, accessing to user space is
in a critical section with disabled local interrupt. Depending on
architecture, accessing to user space can cause page fault exception. Then
local processor stores machine status and handle the synchronous event. A
handler corresponding to the event can call task scheduler to wait for
preparing pages. In a case of usage of single core processor, the state to
disable local interrupt is worse because it doesn't handle usual interrupts
from hardware.This commit fixes this bug, by performing the accessing outside spinlock.
Reported-by: Vaishali Thakkar
Cc: stable@vger.kernel.org
Fixes: e5e0c3dd257b('ALSA: firewire-tascam: add hwdep interface')
Signed-off-by: Takashi Sakamoto
Signed-off-by: Takashi Iwai
30 Aug, 2016
2 commits
-
The subwoofer on Inspiron 7559 was disabled originally.
Applying a pin fixup to node 0x1b can enable it and make it work.Old pin: 0x411111f0
New pin: 0x90170151Signed-off-by: Kai-Heng Feng
Cc:
Signed-off-by: Takashi Iwai -
This patch enables headset microphone on some variants of
Dell Inspiron 5468. (Dell SSID 0x07ad)BugLink: https://bugs.launchpad.net/bugs/1617900
Signed-off-by: Shrirang Bagul
Cc:
Signed-off-by: Takashi Iwai
29 Aug, 2016
3 commits
-
Avoid getting sample rate on B850V3 CP2114 as it is unsupported and
causes noisy "current rate is different from the runtime rate" messages
when playback starts.Signed-off-by: Ken Lin
Signed-off-by: Akshay Bhat
Cc:
Signed-off-by: Takashi Iwai -
I hit this with syzkaller:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1327 Comm: a.out Not tainted 4.8.0-rc2+ #190
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
task: ffff88011278d600 task.stack: ffff8801120c0000
RIP: 0010:[] [] snd_hrtimer_start+0x77/0x100
RSP: 0018:ffff8801120c7a60 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000007
RDX: 0000000000000009 RSI: 1ffff10023483091 RDI: 0000000000000048
RBP: ffff8801120c7a78 R08: ffff88011a5cf768 R09: ffff88011a5ba790
R10: 0000000000000002 R11: ffffed00234b9ef1 R12: ffff880114843980
R13: ffffffff84213c00 R14: ffff880114843ab0 R15: 0000000000000286
FS: 00007f72958f3700(0000) GS:ffff88011aa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000603001 CR3: 00000001126ab000 CR4: 00000000000006f0
Stack:
ffff880114843980 ffff880111eb2dc0 ffff880114843a34 ffff8801120c7ad0
ffffffff82c81ab1 0000000000000000 ffffffff842138e0 0000000100000000
ffff880111eb2dd0 ffff880111eb2dc0 0000000000000001 ffff880111eb2dc0
Call Trace:
[] snd_timer_start1+0x331/0x670
[] snd_timer_start+0x5d/0xa0
[] snd_timer_user_ioctl+0x88e/0x2830
[] ? __follow_pte.isra.49+0x430/0x430
[] ? snd_timer_pause+0x80/0x80
[] ? do_wp_page+0x3aa/0x1c90
[] ? put_prev_entity+0x108f/0x21a0
[] ? snd_timer_pause+0x80/0x80
[] do_vfs_ioctl+0x193/0x1050
[] ? cpuacct_account_field+0x12f/0x1a0
[] ? ioctl_preallocate+0x200/0x200
[] ? syscall_trace_enter+0x3cf/0xdb0
[] ? __context_tracking_exit.part.4+0x9a/0x1e0
[] ? exit_to_usermode_loop+0x190/0x190
[] ? check_preemption_disabled+0x37/0x1e0
[] ? security_file_ioctl+0x89/0xb0
[] SyS_ioctl+0x8f/0xc0
[] ? do_vfs_ioctl+0x1050/0x1050
[] do_syscall_64+0x1c4/0x4e0
[] entry_SYSCALL64_slow_path+0x25/0x25
Code: c7 c7 c4 b9 c8 82 48 89 d9 4c 89 ee e8 63 88 7f fe e8 7e 46 7b fe 48 8d 7b 48 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 b6 04 02 84 c0 74 04 84 c0 7e 65 80 7b 48 00 74 0e e8 52 46
RIP [] snd_hrtimer_start+0x77/0x100
RSP
---[ end trace 5955b08db7f2b029 ]---This can happen if snd_hrtimer_open() fails to allocate memory and
returns an error, which is currently not checked by snd_timer_open():ioctl(SNDRV_TIMER_IOCTL_SELECT)
- snd_timer_user_tselect()
- snd_timer_close()
- snd_hrtimer_close()
- (struct snd_timer *) t->private_data = NULL
- snd_timer_open()
- snd_hrtimer_open()
- kzalloc() fails; t->private_data is still NULLioctl(SNDRV_TIMER_IOCTL_START)
- snd_timer_user_start()
- snd_timer_start()
- snd_timer_start1()
- snd_hrtimer_start()
- t->private_data == NULL // boomSigned-off-by: Vegard Nossum
Cc:
Signed-off-by: Takashi Iwai -
I got this:
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 1327 Comm: a.out Not tainted 4.8.0-rc2+ #189
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
task: ffff8801120a9580 task.stack: ffff8801120b0000
RIP: 0010:[] [] snd_hrtimer_callback+0x1da/0x3f0
RSP: 0018:ffff88011aa87da8 EFLAGS: 00010006
RAX: 0000000000004f76 RBX: ffff880112655e88 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff880112655ea0 RDI: 0000000000000001
RBP: ffff88011aa87e00 R08: ffff88013fff905c R09: ffff88013fff9048
R10: ffff88013fff9050 R11: 00000001050a7b8c R12: ffff880114778a00
R13: ffff880114778ab4 R14: ffff880114778b30 R15: 0000000000000000
FS: 00007f071647c700(0000) GS:ffff88011aa80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000603001 CR3: 0000000112021000 CR4: 00000000000006e0
Stack:
0000000000000000 ffff880114778ab8 ffff880112655ea0 0000000000004f76
ffff880112655ec8 ffff880112655e80 ffff880112655e88 ffff88011aa98fc0
00000000b97ccf2b dffffc0000000000 ffff88011aa98fc0 ffff88011aa87ef0
Call Trace:
[] __hrtimer_run_queues+0x347/0xa00
[] ? snd_hrtimer_close+0x130/0x130
[] ? retrigger_next_event+0x1b0/0x1b0
[] ? hrtimer_interrupt+0x136/0x4b0
[] hrtimer_interrupt+0x1b0/0x4b0
[] local_apic_timer_interrupt+0x6e/0xf0
[] ? kvm_guest_apic_eoi_write+0x13/0xc0
[] smp_apic_timer_interrupt+0x76/0xa0
[] apic_timer_interrupt+0x8c/0xa0
[] ? _raw_spin_unlock_irqrestore+0x2c/0x60
[] snd_timer_start1+0xdd/0x670
[] snd_timer_continue+0x45/0x80
[] snd_timer_user_ioctl+0x1030/0x2830
[] ? __follow_pte.isra.49+0x430/0x430
[] ? snd_timer_pause+0x80/0x80
[] ? do_wp_page+0x3aa/0x1c90
[] ? handle_mm_fault+0xbc8/0x27f0
[] ? __pmd_alloc+0x370/0x370
[] ? snd_timer_pause+0x80/0x80
[] do_vfs_ioctl+0x193/0x1050
[] ? ioctl_preallocate+0x200/0x200
[] ? syscall_trace_enter+0x3cf/0xdb0
[] ? __context_tracking_exit.part.4+0x9a/0x1e0
[] ? exit_to_usermode_loop+0x190/0x190
[] ? check_preemption_disabled+0x37/0x1e0
[] ? security_file_ioctl+0x89/0xb0
[] SyS_ioctl+0x8f/0xc0
[] ? do_vfs_ioctl+0x1050/0x1050
[] do_syscall_64+0x1c4/0x4e0
[] entry_SYSCALL64_slow_path+0x25/0x25
Code: e8 fc 42 7b fe 8b 0d 06 8a 50 03 49 0f af cf 48 85 c9 0f 88 7c 01 00 00 48 89 4d a8 e8 e0 42 7b fe 48 8b 45 c0 48 8b 4d a8 48 99 f7 f9 49 01 c7 e8 cb 42 7b fe 48 8b 55 d0 48 b8 00 00 00 00
RIP [] snd_hrtimer_callback+0x1da/0x3f0
RSP
---[ end trace 6aa380f756a21074 ]---The problem happens when you call ioctl(SNDRV_TIMER_IOCTL_CONTINUE) on a
completely new/unused timer -- it will have ->sticks == 0, which causes a
divide by 0 in snd_hrtimer_callback().Signed-off-by: Vegard Nossum
Cc:
Signed-off-by: Takashi Iwai
25 Aug, 2016
7 commits
-
…roonie/sound into for-linus
ASoC: Fixes for v4.8
A clutch of fixes for v4.8. These are mainly driver specific, the most
notable ones being those for OMAP which fix a series of issues that
broke boot on some platforms there when deferred probe kicked in.
There's also one core fix for an issue when unbinding a card which for
some reason had managed to not manifest until recently. -
…x/omap', 'asoc/fix/samsung', 'asoc/fix/simple' and 'asoc/fix/wm2000' into asoc-linus
-
…da7213' and 'asoc/fix/debugfs' into asoc-linus
24 Aug, 2016
1 commit
-
MSI Cubi MS-B120 needs the same fixup as the Gigabyte BXBT-2807 for its
mic to work.They both use a single 3-way jack for both mic and headset with an
ALC283 codec, with the same pins used.Cc: Daniel Drake
Signed-off-by: Anisse Astier
Signed-off-by: Takashi Iwai
23 Aug, 2016
2 commits
-
Fixes: ddd17531ad908 ("ASoC: omap-mcpdm: Clean up with devm_* function")
Managed irq request will not doing any good in ASoC probe level as it is
not going to free up the irq when the driver is unbound from the sound
card.Signed-off-by: Peter Ujfalusi
Reported-by: Russell King
Signed-off-by: Mark Brown -
Make sure i2c_device_id tables are NULL terminated.
Signed-off-by: Wei Yongjun
Signed-off-by: Mark Brown
22 Aug, 2016
3 commits
-
The commit 02fc76f6a changed base of the sysfs attributes from device to card.
The "show" callbacks dereferenced wrong objects because of this.Fixes: 02fc76f6a7db ('ALSA: line6: Create sysfs via snd_card_add_dev_attr()')
Cc: # v4.0+
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Andrej Krutak
Signed-off-by: Takashi Iwai -
Done, because line6_stream_stop() locks and calls line6_unlink_audio_urbs(),
which in turn invokes audio_out_callback(), which tries to lock 2nd time.Fixes:
=============================================
[ INFO: possible recursive locking detected ]
4.4.15+ #15 Not tainted
---------------------------------------------
mplayer/3591 is trying to acquire lock:
(&(&line6pcm->out.lock)->rlock){-.-...}, at: [] audio_out_callback+0x70/0x110 [snd_usb_line6]but task is already holding lock:
(&(&line6pcm->out.lock)->rlock){-.-...}, at: [] line6_stream_stop+0x24/0x5c [snd_usb_line6]other info that might help us debug this:
Possible unsafe locking scenario:CPU0
----
lock(&(&line6pcm->out.lock)->rlock);
lock(&(&line6pcm->out.lock)->rlock);*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by mplayer/3591:
#0: (snd_pcm_link_rwlock){.-.-..}, at: [] snd_pcm_stream_lock+0x1e/0x40 [snd_pcm]
#1: (&(&substream->self_group.lock)->rlock){-.-...}, at: [] snd_pcm_stream_lock+0x26/0x40 [snd_pcm]
#2: (&(&line6pcm->out.lock)->rlock){-.-...}, at: [] line6_stream_stop+0x24/0x5c [snd_usb_line6]stack backtrace:
CPU: 0 PID: 3591 Comm: mplayer Not tainted 4.4.15+ #15
Hardware name: Generic AM33XX (Flattened Device Tree)
[] (unwind_backtrace) from [] (show_stack+0x11/0x14)
[] (show_stack) from [] (dump_stack+0x8b/0xac)
[] (dump_stack) from [] (__lock_acquire+0xc8b/0x1780)
[] (__lock_acquire) from [] (lock_acquire+0x99/0x1c0)
[] (lock_acquire) from [] (_raw_spin_lock_irqsave+0x3f/0x4c)
[] (_raw_spin_lock_irqsave) from [] (audio_out_callback+0x70/0x110 [snd_usb_line6])
[] (audio_out_callback [snd_usb_line6]) from [] (__usb_hcd_giveback_urb+0x53/0xd0)
[] (__usb_hcd_giveback_urb) from [] (musb_giveback+0x3d/0x98)
[] (musb_giveback) from [] (musb_urb_dequeue+0x6d/0x114)
[] (musb_urb_dequeue) from [] (usb_hcd_unlink_urb+0x39/0x98)
[] (usb_hcd_unlink_urb) from [] (line6_unlink_audio_urbs+0x6a/0x6c [snd_usb_line6])
[] (line6_unlink_audio_urbs [snd_usb_line6]) from [] (line6_stream_stop+0x42/0x5c [snd_usb_line6])
[] (line6_stream_stop [snd_usb_line6]) from [] (snd_line6_trigger+0xb6/0xf4 [snd_usb_line6])
[] (snd_line6_trigger [snd_usb_line6]) from [] (snd_pcm_do_stop+0x36/0x38 [snd_pcm])
[] (snd_pcm_do_stop [snd_pcm]) from [] (snd_pcm_action_single+0x22/0x40 [snd_pcm])
[] (snd_pcm_action_single [snd_pcm]) from [] (snd_pcm_action+0xac/0xb0 [snd_pcm])
[] (snd_pcm_action [snd_pcm]) from [] (snd_pcm_drop+0x38/0x64 [snd_pcm])
[] (snd_pcm_drop [snd_pcm]) from [] (snd_pcm_common_ioctl1+0x7fe/0xbe8 [snd_pcm])
[] (snd_pcm_common_ioctl1 [snd_pcm]) from [] (snd_pcm_playback_ioctl1+0x15c/0x51c [snd_pcm])
[] (snd_pcm_playback_ioctl1 [snd_pcm]) from [] (snd_pcm_playback_ioctl+0x20/0x28 [snd_pcm])
[] (snd_pcm_playback_ioctl [snd_pcm]) from [] (do_vfs_ioctl+0x3af/0x5c8)Fixes: 63e20df1e5b2 ('ALSA: line6: Reorganize PCM stream handling')
Cc: # v4.0+
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Andrej Krutak
Signed-off-by: Takashi Iwai -
If there's an error, pcm is released in line6_pcm_acquire already.
Fixes: 247d95ee6dd2 ('ALSA: line6: Handle error from line6_pcm_acquire()')
Cc: # v4.0+
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Andrej Krutak
Signed-off-by: Takashi Iwai
19 Aug, 2016
2 commits
-
The dmic-codec was registered within the platform_driver's probe function,
which can cause deferred probe to run in loops as reported and analyzed by
Russell King.Use module_init/exit in the driver and handle the dmic-codec device
registration and removal at that level instead of the platform_driver
probe/remove.Signed-off-by: Peter Ujfalusi
Reported-by: Russell King
Tested-by: Russell King
Signed-off-by: Mark Brown -
Both the card and DAPM cleanups recursively delete their debugfs
directories. Since the DAPM debugfs subdirectory for the card is
located within the card debugfs this means we end up trying to double
free the DAPM subdirectory. Reorder the cleanup to free the card
debugfs after we've cleaned up DAPM and it has deleted its own
subdirectory.Reported-by: Russell King - ARM Linux
Tested-by: Russell King
Signed-off-by: Mark Brown
18 Aug, 2016
1 commit
-
This reverts commit 65aca64d05b5eaa5ce15e18b458a8d338ddbd478.
The patches for twl6040 MFD and clk missed the merge window and
causing the McPDM driver to never probe since it is put back to
the deferred list because the missing drivers.Signed-off-by: Peter Ujfalusi
Signed-off-by: Mark Brown
16 Aug, 2016
2 commits
-
commit cbaadf0f90d6 ("ASoC: atmel_ssc_dai: refactor the startup and
shutdown") refactored code such that the SSC is reset on every
startup; this breaks duplex audio (e.g. first start audio playback,
then start record, causing the playback to stop/hang)Fixes: cbaadf0f90d6 (ASoC: atmel_ssc_dai: refactor the startup and shutdown)
Signed-off-by: Christoph Huber
Signed-off-by: Peter Meerwald-Stadler
Signed-off-by: Mark Brown
Cc: stable@vger.kernel.org -
After we have called dpcm_path_get we should make sure to call
dpcm_path_put on all error paths. This was not happening causing the
allocated widget list to be leaked, this patch corrects this by adding a
dpcm_path_put to the error path.Signed-off-by: Charles Keepax
Signed-off-by: Mark Brown
12 Aug, 2016
1 commit
-
Fix to return error code -ENODEV from the error handling
case instead of 0, as done elsewhere in this function.Fixes: 87b2bdf02278 ("ASoC: Intel: Skylake: Initialize NHLT table")
Signed-off-by: Wei Yongjun
Acked-By: Vinod Koul
Signed-off-by: Mark Brown
11 Aug, 2016
2 commits
-
Anything that sets ret in wm2000_anc_transition will have immediately
returned anyway as such we will always return an uninitialised ret at the
bottom of the function. Simply replace the return with a return 0;Signed-off-by: Charles Keepax
Signed-off-by: Mark Brown -
If we fail to find a platform we simply return EPROBE_DEFER,
but we have allocated the rtd pointer. All error paths before
soc_add_pcm_runtime need to call soc_free_pcm_runtime first to
avoid leaking the rtd pointer. A suitable error path already
exists and is used else where in the function so simply use that
here as well.Signed-off-by: Charles Keepax
Signed-off-by: Mark Brown
10 Aug, 2016
1 commit
-
For SKL and later Intel chips, we control the power well per codec
basis via link_power callback since the commit [03b135cebc47: ALSA:
hda - remove dependency on i915 power well for SKL].
However, there are a few exceptional cases where the gfx registers are
accessed from the audio driver: namely the wakeup override bit
toggling at (both system and runtime) resume. This seems causing a
kernel warning when accessed during the power well down (and likely
resulting in the bogus register accesses).This patch puts the proper power up / down sequence around the resume
code so that the wakeup bit is fiddled properly while the power is
up. (The other callback, sync_audio_rate, is used only in the PCM
callback, so it's guaranteed in the power-on.)Also, by this proper power up/down, the instantaneous flip of wakeup
bit in the resume callback that was introduced by the commit
[033ea349a7cd: ALSA: hda - Fix Skylake codec timeout] becomes
superfluous, as snd_hdac_display_power() already does it. So we can
clean it up together.Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96214
Fixes: 03b135cebc47 ('ALSA: hda - remove dependency on i915 power well for SKL')
Cc: # v4.2+
Tested-by: Hans de Goede
Signed-off-by: Takashi Iwai
09 Aug, 2016
2 commits
-
The ELP HD USB Camera (05a3:9420) needs this quirk for suppressing
the unsupported sample rate inquiry.Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=98481
Cc:
Signed-off-by: Vittorio Gambaletta
Signed-off-by: Takashi Iwai -
VF0610 does not support reading the sample rate which leads to many
lines of "cannot get freq at ep 0x82". This patch adds the USB ID
(0x041E:4080) to snd_usb_get_sample_rate_quirk() list.Signed-off-by: Piotr Karasinski
Cc:
Signed-off-by: Takashi Iwai
05 Aug, 2016
4 commits
-
Pull sound fixes from Takashi Iwai:
"Nothing existing here: as usual a few HD-audio fixes (device fixups, a
new AMD PCI ID, and a fix for krealloc() usage), in addition to a fix
in Kconfig for legacy arm drivers"* tag 'sound-fix-4.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Fix headset mic detection problem for two dell machines
ALSA: hda: Fix krealloc() with __GFP_ZERO usage
ALSA: hda: add AMD Bonaire AZ PCI ID with proper driver caps
ALSA: arm: Fix empty menuconfig SND_ARM
ALSA: hda - On-board speaker fixup on ACER Veriton
ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO -
Previously code defaulted to 32 BCLKS per WCLK which meant 24 and
32 bit DAI formats would not work properly. This patch fixes the
issue by defaulting to 64 BCLKs per WCLK.Signed-off-by: Adam Thomson
Signed-off-by: Mark Brown -
The patch is to fix the static check error as the following.
The patch commit b50455fab459 ("ASoC: nau8825: cross talk suppression
measurement function") from Jun 7, 2016, leads to the following
static checker warning:sound/soc/codecs/nau8825.c:265 nau8825_sema_acquire()
warn: 'sem:&nau8825->xtalk_sem' is sometimes locked here and
sometimes unlocked.The semaphone acquire function has return value, and some callers
can do error handling when lock fails.Signed-off-by: John Hsu
Signed-off-by: Mark Brown -
In chromium, the following steps will make codec function fail.
\1. plug in headphones, Play music
\2. run "powerd_dbus_suspend"
\3. resume from S3
After resume, the jack detection will restart and make configuration
for the headset. Meanwhile, the playback prepares and starts to work.
The two sequences will conflict and make wrong register configuration.Originally, the driver adds protection for the case when it finds
the playback is active. But the "powerd_dbus_suspend" command will
close the pcm stream before suspend. Therefore, the driver can't
detect the playback after resume, and the protection not works.
For the issue, the driver raises protection every time after resume.
The protection will release after jack detection and configuration
completes, and then the playback just will goes on.Signed-off-by: John Hsu
Signed-off-by: Mark Brown
04 Aug, 2016
2 commits
-
There is no "pclk" alias in the s3c2440 clk driver for "soc-audio"
device so related clk_get() fails, which prevents any operation
of the S3C24XX_UDA134X sound card.
Instead we get the clock on behalf of the I2S device, i.e. we use
the I2S block gate clock which has PCLK is its parent clock.Without this patch there is an error like:
s3c24xx_uda134x_startup cannot get pclk
ASoC: UDA134X startup failed: -2Signed-off-by: Sylwester Nawrocki
Signed-off-by: Mark Brown -
One of the machines has ALC255 on it, another one has ALC298 on it.
On the machine with the codec ALC298, it also has the speaker volume
problem, so we add the fixup chained to ALC298_FIXUP_SPK_VOLUME rather
than adding a group of pin definition in the pin quirk table, since
the speak volume problem does not happen on other machines yet.Cc:
Signed-off-by: Hui Wang
Signed-off-by: Takashi Iwai
