1. 16 9月, 2019 37 次提交
    • B
      remoteproc: qcom: q6v5-mss: add SCM probe dependency · 2c2cf224
      Brian Norris 提交于
      [ Upstream commit bbcda30271752bb7490f2e2aef5411dbcae69116 ]
      
      The memory ownership transfer request is performed using SCM, ensure
      that SCM is available before we probe the driver if memory protection is
      needed by the subsystem.
      
      Fixes: 6c5a9dc2 ("remoteproc: qcom: Make secure world call for mem ownership switch")
      Cc: stable@vger.kernel.org
      Signed-off-by: NBrian Norris <briannorris@chromium.org>
      [bjorn: Added condition for need_mem_protection, updated commit message]
      Signed-off-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2c2cf224
    • Z
      x86, hibernate: Fix nosave_regions setup for hibernation · 4d970758
      Zhimin Gu 提交于
      [ Upstream commit cc55f7537db6af371e9c1c6a71161ee40f918824 ]
      
      On 32bit systems, nosave_regions(non RAM areas) located between
      max_low_pfn and max_pfn are not excluded from hibernation snapshot
      currently, which may result in a machine check exception when
      trying to access these unsafe regions during hibernation:
      
      [  612.800453] Disabling lock debugging due to kernel taint
      [  612.805786] mce: [Hardware Error]: CPU 0: Machine Check Exception: 5 Bank 6: fe00000000801136
      [  612.814344] mce: [Hardware Error]: RIP !INEXACT! 60:<00000000d90be566> {swsusp_save+0x436/0x560}
      [  612.823167] mce: [Hardware Error]: TSC 1f5939fe276 ADDR dd000000 MISC 30e0000086
      [  612.830677] mce: [Hardware Error]: PROCESSOR 0:306c3 TIME 1529487426 SOCKET 0 APIC 0 microcode 24
      [  612.839581] mce: [Hardware Error]: Run the above through 'mcelog --ascii'
      [  612.846394] mce: [Hardware Error]: Machine check: Processor context corrupt
      [  612.853380] Kernel panic - not syncing: Fatal machine check
      [  612.858978] Kernel Offset: 0x18000000 from 0xc1000000 (relocation range: 0xc0000000-0xf7ffdfff)
      
      This is because on 32bit systems, pages above max_low_pfn are regarded
      as high memeory, and accessing unsafe pages might cause expected MCE.
      On the problematic 32bit system, there are reserved memory above low
      memory, which triggered the MCE:
      
      e820 memory mapping:
      [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009d7ff] usable
      [    0.000000] BIOS-e820: [mem 0x000000000009d800-0x000000000009ffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
      [    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000d160cfff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000d160d000-0x00000000d1613fff] ACPI NVS
      [    0.000000] BIOS-e820: [mem 0x00000000d1614000-0x00000000d1a44fff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000d1a45000-0x00000000d1ecffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000d1ed0000-0x00000000d7eeafff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000d7eeb000-0x00000000d7ffffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000d8000000-0x00000000d875ffff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000d8760000-0x00000000d87fffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000d8800000-0x00000000d8fadfff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000d8fae000-0x00000000d8ffffff] ACPI data
      [    0.000000] BIOS-e820: [mem 0x00000000d9000000-0x00000000da71bfff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000da71c000-0x00000000da7fffff] ACPI NVS
      [    0.000000] BIOS-e820: [mem 0x00000000da800000-0x00000000dbb8bfff] usable
      [    0.000000] BIOS-e820: [mem 0x00000000dbb8c000-0x00000000dbffffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000dd000000-0x00000000df1fffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000f8000000-0x00000000fbffffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fed03fff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
      [    0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved
      [    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000041edfffff] usable
      
      Fix this problem by changing pfn limit from max_low_pfn to max_pfn.
      This fix does not impact 64bit system because on 64bit max_low_pfn
      is the same as max_pfn.
      Signed-off-by: NZhimin Gu <kookoo.gu@intel.com>
      Acked-by: NPavel Machek <pavel@ucw.cz>
      Signed-off-by: NChen Yu <yu.c.chen@intel.com>
      Acked-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: All applicable <stable@vger.kernel.org>
      Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4d970758
    • D
      Drivers: hv: kvp: Fix two "this statement may fall through" warnings · 805e0e46
      Dexuan Cui 提交于
      [ Upstream commit fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d ]
      
      We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is
      KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on
      the op code from the host to the userspace; when the userspace returns
      the info requested by the host, we pass the info on to the host in
      kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code
      actually doesn't cause any harm, because only message->kvp_hdr.operation
      is used by the userspace, in the case of KVP_OP_GET_IP_INFO.
      
      The patch also adds a missing "break;" in kvp_send_key(). BTW, the current
      buggy code actually doesn't cause any harm, because in the case of
      KVP_OP_SET, the unexpected fall-through corrupts
      message->body.kvp_set.data.key_size, but that is not really used: see
      the definition of struct hv_kvp_exchg_msg_value.
      Signed-off-by: NDexuan Cui <decui@microsoft.com>
      Cc: K. Y. Srinivasan <kys@microsoft.com>
      Cc: Haiyang Zhang <haiyangz@microsoft.com>
      Cc: Stephen Hemminger <sthemmin@microsoft.com>
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NK. Y. Srinivasan <kys@microsoft.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      805e0e46
    • D
      keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h · 3f3beae2
      David Howells 提交于
      [ Upstream commit 2ecefa0a15fd0ef88b9cd5d15ceb813008136431 ]
      
      The keyctl_dh_params struct in uapi/linux/keyctl.h contains the symbol
      "private" which means that the header file will cause compilation failure
      if #included in to a C++ program.  Further, the patch that added the same
      struct to the keyutils package named the symbol "priv", not "private".
      
      The previous attempt to fix this (commit 8a2336e5) did so by simply
      renaming the kernel's copy of the field to dh_private, but this then breaks
      existing userspace and as such has been reverted (commit 8c0f9f5b).
      
      [And note, to those who think that wrapping the struct in extern "C" {}
       will work: it won't; that only changes how symbol names are presented to
       the assembler and linker.].
      
      Instead, insert an anonymous union around the "private" member and add a
      second member in there with the name "priv" to match the one in the
      keyutils package.  The "private" member is then wrapped in !__cplusplus
      cpp-conditionals to hide it from C++.
      
      Fixes: ddbb4114 ("KEYS: Add KEYCTL_DH_COMPUTE command")
      Fixes: 8a2336e5 ("uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name")
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      cc: Randy Dunlap <rdunlap@infradead.org>
      cc: Lubomir Rintel <lkundrak@v3.sk>
      cc: James Morris <jmorris@namei.org>
      cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
      cc: Stephan Mueller <smueller@chronox.de>
      cc: Andrew Morton <akpm@linux-foundation.org>
      cc: Linus Torvalds <torvalds@linux-foundation.org>
      cc: stable@vger.kernel.org
      Signed-off-by: NJames Morris <james.morris@microsoft.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3f3beae2
    • G
      scsi: qla2xxx: Move log messages before issuing command to firmware · bac1c4ed
      Giridhar Malavali 提交于
      [ Upstream commit 9fe278f44b4bc06cc61e33b2af65f87d507d13d0 ]
      
      There is a probability that the SRB structure might have been released by the
      time the debug log message dereferences it.  This patch moved the log messages
      before the command is issued to the firmware to prevent unknown behavior and
      kernel crash
      
      Fixes: 726b8548 ("qla2xxx: Add framework for async fabric discovery")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NGiridhar Malavali <giridhar.malavali@cavium.com>
      Reviewed-by: NEwan D. Milne <emilne@redhat.com>
      Signed-off-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bac1c4ed
    • H
      media: cec: remove cec-edid.c · 6e087eae
      Hans Verkuil 提交于
      [ Upstream commit f94d463f1b7f83d465ed77521821583dbcdaa3c5 ]
      
      Move cec_get_edid_phys_addr() to cec-adap.c. It's not worth keeping
      a separate source for this.
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Cc: <stable@vger.kernel.org>      # for v4.17 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6e087eae
    • H
      media: cec/v4l2: move V4L2 specific CEC functions to V4L2 · 85130845
      Hans Verkuil 提交于
      [ Upstream commit 9cfd2753f8f3923f89cbb15f940f3aa0e7202d3e ]
      
      Several CEC functions are actually specific for use with receivers,
      i.e. they should be part of the V4L2 subsystem, not CEC.
      
      These functions deal with validating and modifying EDIDs for (HDMI)
      receivers, and they do not actually have anything to do with the CEC
      subsystem and whether or not CEC is enabled. The problem was that if
      the CEC_CORE config option was not set, then these functions would
      become stubs, but that's not right: they should always be valid.
      
      So replace the cec_ prefix by v4l2_ and move them to v4l2-dv-timings.c.
      Update all drivers that call these accordingly.
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Reported-by: NLars-Peter Clausen <lars@metafoo.de>
      Cc: <stable@vger.kernel.org>      # for v4.17 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      85130845
    • J
      drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" · c09d675f
      Jan-Marek Glogowski 提交于
      [ Upstream commit 3cf71bc9904d7ee4a25a822c5dcb54c7804ea388 ]
      
      This re-applies the workaround for "some DP sinks, [which] are a
      little nuts" from commit 1a36147b ("drm/i915: Perform link
      quality check unconditionally during long pulse").
      It makes the secondary AOC E2460P monitor connected via DP to an
      acer Veriton N4640G usable again.
      
      This hunk was dropped in commit c85d200e ("drm/i915: Move SST
      DP link retraining into the ->post_hotplug() hook")
      
      Fixes: c85d200e ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook")
      [Cleaned up commit message, added stable cc]
      Signed-off-by: NLyude Paul <lyude@redhat.com>
      Signed-off-by: NJan-Marek Glogowski <glogow@fbihome.de>
      Cc: stable@vger.kernel.org
      Link: https://patchwork.freedesktop.org/patch/msgid/20180825191035.3945-1-lyude@redhat.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      c09d675f
    • Y
      kernel/module: Fix mem leak in module_add_modinfo_attrs · 3015291b
      YueHaibing 提交于
      [ Upstream commit bc6f2a757d525e001268c3658bd88822e768f8db ]
      
      In module_add_modinfo_attrs if sysfs_create_file
      fails, we forget to free allocated modinfo_attrs
      and roll back the sysfs files.
      
      Fixes: 03e88ae1 ("[PATCH] fix module sysfs files reference counting")
      Reviewed-by: NMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: NJessica Yu <jeyu@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3015291b
    • J
      modules: always page-align module section allocations · 9c49f781
      Jessica Yu 提交于
      [ Upstream commit 38f054d549a869f22a02224cd276a27bf14b6171 ]
      
      Some arches (e.g., arm64, x86) have moved towards non-executable
      module_alloc() allocations for security hardening reasons. That means
      that the module loader will need to set the text section of a module to
      executable, regardless of whether or not CONFIG_STRICT_MODULE_RWX is set.
      
      When CONFIG_STRICT_MODULE_RWX=y, module section allocations are always
      page-aligned to handle memory rwx permissions. On some arches with
      CONFIG_STRICT_MODULE_RWX=n however, when setting the module text to
      executable, the BUG_ON() in frob_text() gets triggered since module
      section allocations are not page-aligned when CONFIG_STRICT_MODULE_RWX=n.
      Since the set_memory_* API works with pages, and since we need to call
      set_memory_x() regardless of whether CONFIG_STRICT_MODULE_RWX is set, we
      might as well page-align all module section allocations for ease of
      managing rwx permissions of module sections (text, rodata, etc).
      
      Fixes: 2eef1399a866 ("modules: fix BUG when load module with rodata=n")
      Reported-by: NMartin Kaiser <lists@kaiser.cx>
      Reported-by: NBartosz Golaszewski <brgl@bgdev.pl>
      Tested-by: NDavid Lechner <david@lechnology.com>
      Tested-by: NMartin Kaiser <martin@kaiser.cx>
      Tested-by: NBartosz Golaszewski <bgolaszewski@baylibre.com>
      Signed-off-by: NJessica Yu <jeyu@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9c49f781
    • B
      remoteproc: qcom: q6v5: shore up resource probe handling · 84ba9ae1
      Brian Norris 提交于
      [ Upstream commit 1e2517d126171a41f801738ffd19687836cd178a ]
      
      Commit d5269c4553a6 ("remoteproc: qcom: q6v5: Propagate EPROBE_DEFER")
      fixed up our probe code to handle -EPROBE_DEFER, but it ignored one of
      our interrupts, and it also didn't really handle all the other error
      codes you might get (e.g., with a bad DT definition). Handle those all
      explicitly.
      
      Fixes: d5269c4553a6 ("remoteproc: qcom: q6v5: Propagate EPROBE_DEFER")
      Reviewed-by: NDouglas Anderson <dianders@chromium.org>
      Signed-off-by: NBrian Norris <briannorris@chromium.org>
      Signed-off-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      84ba9ae1
    • N
      clk: s2mps11: Add used attribute to s2mps11_dt_match · 56944c0b
      Nathan Chancellor 提交于
      [ Upstream commit 9c940bbe2bb47e03ca5e937d30b6a50bf9c0e671 ]
      
      Clang warns after commit 8985167ecf57 ("clk: s2mps11: Fix matching when
      built as module and DT node contains compatible"):
      
      drivers/clk/clk-s2mps11.c:242:34: warning: variable 's2mps11_dt_match'
      is not needed and will not be emitted [-Wunneeded-internal-declaration]
      static const struct of_device_id s2mps11_dt_match[] = {
                                       ^
      1 warning generated.
      
      This warning happens when a variable is used in some construct that
      doesn't require a reference to that variable to be emitted in the symbol
      table; in this case, it's MODULE_DEVICE_TABLE, which only needs to hold
      the data of the variable, not the variable itself.
      
      $ nm -S drivers/clk/clk-s2mps11.o | rg s2mps11_dt_match
      00000078 000003d4 R __mod_of__s2mps11_dt_match_device_table
      
      Normally, with device ID table variables, it means that the variable
      just needs to be tied to the device declaration at the bottom of the
      file, like s2mps11_clk_id:
      
      $ nm -S drivers/clk/clk-s2mps11.o | rg s2mps11_clk_id
      00000000 00000078 R __mod_platform__s2mps11_clk_id_device_table
      00000000 00000078 r s2mps11_clk_id
      
      However, because the comment above this deliberately doesn't want this
      variable added to .of_match_table, we need to mark s2mps11_dt_match as
      __used to silence this warning. This makes it clear to Clang that the
      variable is used for something, even if a reference to it isn't being
      emitted.
      Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Fixes: 8985167ecf57 ("clk: s2mps11: Fix matching when built as module and DT node contains compatible")
      Signed-off-by: NStephen Boyd <sboyd@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      56944c0b
    • H
      nvme-fc: use separate work queue to avoid warning · 480101a4
      Hannes Reinecke 提交于
      [ Upstream commit 8730c1ddb69bdeeb10c1f613a4e15e95862b1981 ]
      
      When tearing down a controller the following warning is issued:
      
      WARNING: CPU: 0 PID: 30681 at ../kernel/workqueue.c:2418 check_flush_dependency
      
      This happens as the err_work workqueue item is scheduled on the
      system workqueue (which has WQ_MEM_RECLAIM not set), but is flushed
      from a workqueue which has WQ_MEM_RECLAIM set.
      
      Fix this by providing an FC-NVMe specific workqueue.
      
      Fixes: 4cff280a5fcc ("nvme-fc: resolve io failures during connect")
      Signed-off-by: NHannes Reinecke <hare@suse.com>
      Reviewed-by: NJames Smart <james.smart@broadcom.com>
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      480101a4
    • D
      riscv: remove unused variable in ftrace · 5f147150
      David Abdurachmanov 提交于
      [ Upstream commit 397182e0db56b8894a43631ce72de14d90a29834 ]
      
      Noticed while building kernel-4.20.0-0.rc5.git2.1.fc30 for
      Fedora 30/RISCV.
      
      [..]
      BUILDSTDERR: arch/riscv/kernel/ftrace.c: In function 'prepare_ftrace_return':
      BUILDSTDERR: arch/riscv/kernel/ftrace.c:135:6: warning: unused variable 'err' [-Wunused-variable]
      BUILDSTDERR:   int err;
      BUILDSTDERR:       ^~~
      [..]
      Signed-off-by: NDavid Abdurachmanov <david.abdurachmanov@gmail.com>
      Fixes: e949b6db51dc1 ("riscv/function_graph: Simplify with function_graph_enter()")
      Reviewed-by: NOlof Johansson <olof@lixom.net>
      Acked-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: NPalmer Dabbelt <palmer@sifive.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5f147150
    • N
      scripts/decode_stacktrace: match basepath using shell prefix operator, not regex · 8d23872c
      Nicolas Boichat 提交于
      [ Upstream commit 31013836a71e07751a6827f9d2ad41ef502ddaff ]
      
      The basepath may contain special characters, which would confuse the regex
      matcher.  ${var#prefix} does the right thing.
      
      Link: http://lkml.kernel.org/r/20190518055946.181563-1-drinkcat@chromium.org
      Fixes: 67a28de47faa8358 ("scripts/decode_stacktrace: only strip base path when a prefix of the path")
      Signed-off-by: NNicolas Boichat <drinkcat@chromium.org>
      Reviewed-by: NStephen Boyd <swboyd@chromium.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8d23872c
    • D
      arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 · 6c550a5d
      Dmitry Voytik 提交于
      [ Upstream commit 26e2d7b03ea7ff254bf78305aa44dda62e70b78e ]
      
      After commit ef05bcb60c1a, boot from USB drives is broken.
      Fix this problem by enabling usb-host regulators during boot time.
      
      Fixes: ef05bcb60c1a ("arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64")
      Cc: stable@vger.kernel.org
      Signed-off-by: NDmitry Voytik <voytikd@gmail.com>
      Signed-off-by: NHeiko Stuebner <heiko@sntech.de>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6c550a5d
    • F
      media: stm32-dcmi: fix irq = 0 case · 57337011
      Fabien Dessenne 提交于
      [ Upstream commit dbb9fcc8c2d8d4ea1104f51d4947a8a8199a2cb5 ]
      
      Manage the irq = 0 case, where we shall return an error.
      
      Fixes: b5b5a27bee58 ("media: stm32-dcmi: return appropriate error codes during probe")
      Signed-off-by: NFabien Dessenne <fabien.dessenne@st.com>
      Reported-by: NPavel Machek <pavel@ucw.cz>
      Acked-by: NPavel Machek <pavel@ucw.cz>
      Signed-off-by: NHans Verkuil <hverkuil-cisco@xs4all.nl>
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      57337011
    • C
      powerpc/64: mark start_here_multiplatform as __ref · 7f8b2360
      Christophe Leroy 提交于
      [ Upstream commit 9c4e4c90ec24652921e31e9551fcaedc26eec86d ]
      
      Otherwise, the following warning is encountered:
      
      WARNING: vmlinux.o(.text+0x3dc6): Section mismatch in reference from the variable start_here_multiplatform to the function .init.text:.early_setup()
      The function start_here_multiplatform() references
      the function __init .early_setup().
      This is often because start_here_multiplatform lacks a __init
      annotation or the annotation of .early_setup is wrong.
      
      Fixes: 56c46bba9bbf ("powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX")
      Cc: Russell Currey <ruscur@russell.cc>
      Signed-off-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7f8b2360
    • S
      x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() · 85a24825
      Steven Rostedt (VMware) 提交于
      [ Upstream commit 745cfeaac09ce359130a5451d90cb0bd4094c290 ]
      
      Arnd reported the following compiler warning:
      
      arch/x86/kernel/ftrace.c:669:23: error: 'ftrace_jmp_replace' defined but not used [-Werror=unused-function]
      
      The ftrace_jmp_replace() function now only has a single user and should be
      simply moved by that user. But looking at the code, it shows that
      ftrace_jmp_replace() is similar to ftrace_call_replace() except that instead
      of using the opcode of 0xe8 it uses 0xe9. It makes more sense to consolidate
      that function into one implementation that both ftrace_jmp_replace() and
      ftrace_call_replace() use by passing in the op code separate.
      
      The structure in ftrace_code_union is also modified to replace the "e8"
      field with the more appropriate name "op".
      
      Cc: stable@vger.kernel.org
      Reported-by: NArnd Bergmann <arnd@arndb.de>
      Acked-by: NArnd Bergmann <arnd@arndb.de>
      Link: http://lkml.kernel.org/r/20190304200748.1418790-1-arnd@arndb.de
      Fixes: d2a68c4effd8 ("x86/ftrace: Do not call function graph from dynamic trampolines")
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      85a24825
    • H
      selftests: fib_rule_tests: use pre-defined DEV_ADDR · b93aed78
      Hangbin Liu 提交于
      [ Upstream commit 34632975cafdd07ce80e85c2eda4e9c16b5f2faa ]
      
      DEV_ADDR is defined but not used. Use it in address setting.
      Do the same with IPv6 for consistency.
      Reported-by: NDavid Ahern <dsahern@gmail.com>
      Fixes: fc82d93e57e3 ("selftests: fib_rule_tests: fix local IPv4 address typo")
      Signed-off-by: NHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b93aed78
    • J
      timekeeping: Use proper ktime_add when adding nsecs in coarse offset · 68829256
      Jason A. Donenfeld 提交于
      [ Upstream commit 0354c1a3cdf31f44b035cfad14d32282e815a572 ]
      
      While this doesn't actually amount to a real difference, since the macro
      evaluates to the same thing, every place else operates on ktime_t using
      these functions, so let's not break the pattern.
      
      Fixes: e3ff9c3678b4 ("timekeeping: Repair ktime_get_coarse*() granularity")
      Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: NArnd Bergmann <arnd@arndb.de>
      Link: https://lkml.kernel.org/r/20190621203249.3909-1-Jason@zx2c4.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      68829256
    • M
      {nl,mac}80211: fix interface combinations on crypto controlled devices · 1aa38ece
      Manikanta Pubbisetty 提交于
      [ Upstream commit e6f4051123fd33901e9655a675b22aefcdc5d277 ]
      
      Commit 33d915d9e8ce ("{nl,mac}80211: allow 4addr AP operation on
      crypto controlled devices") has introduced a change which allows
      4addr operation on crypto controlled devices (ex: ath10k). This
      change has inadvertently impacted the interface combinations logic
      on such devices.
      
      General rule is that software interfaces like AP/VLAN should not be
      listed under supported interface combinations and should not be
      considered during validation of these combinations; because of the
      aforementioned change, AP/VLAN interfaces(if present) will be checked
      against interfaces supported by the device and blocks valid interface
      combinations.
      
      Consider a case where an AP and AP/VLAN are up and running; when a
      second AP device is brought up on the same physical device, this AP
      will be checked against the AP/VLAN interface (which will not be
      part of supported interface combinations of the device) and blocks
      second AP to come up.
      
      Add a new API cfg80211_iftype_allowed() to fix the problem, this
      API works for all devices with/without SW crypto control.
      Signed-off-by: NManikanta Pubbisetty <mpubbise@codeaurora.org>
      Fixes: 33d915d9e8ce ("{nl,mac}80211: allow 4addr AP operation on crypto controlled devices")
      Link: https://lore.kernel.org/r/1563779690-9716-1-git-send-email-mpubbise@codeaurora.orgSigned-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1aa38ece
    • D
      blk-iolatency: fix STS_AGAIN handling · 178d1337
      Dennis Zhou 提交于
      [ Upstream commit c9b3007feca018d3f7061f5d5a14cb00766ffe9b ]
      
      The iolatency controller is based on rq_qos. It increments on
      rq_qos_throttle() and decrements on either rq_qos_cleanup() or
      rq_qos_done_bio(). a3fb01ba5af0 fixes the double accounting issue where
      blk_mq_make_request() may call both rq_qos_cleanup() and
      rq_qos_done_bio() on REQ_NO_WAIT. So checking STS_AGAIN prevents the
      double decrement.
      
      The above works upstream as the only way we can get STS_AGAIN is from
      blk_mq_get_request() failing. The STS_AGAIN handling isn't a real
      problem as bio_endio() skipping only happens on reserved tag allocation
      failures which can only be caused by driver bugs and already triggers
      WARN.
      
      However, the fix creates a not so great dependency on how STS_AGAIN can
      be propagated. Internally, we (Facebook) carry a patch that kills read
      ahead if a cgroup is io congested or a fatal signal is pending. This
      combined with chained bios progagate their bi_status to the parent is
      not already set can can cause the parent bio to not clean up properly
      even though it was successful. This consequently leaks the inflight
      counter and can hang all IOs under that blkg.
      
      To nip the adverse interaction early, this removes the rq_qos_cleanup()
      callback in iolatency in favor of cleaning up always on the
      rq_qos_done_bio() path.
      
      Fixes: a3fb01ba5af0 ("blk-iolatency: only account submitted bios")
      Debugged-by: NTejun Heo <tj@kernel.org>
      Debugged-by: NJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: NDennis Zhou <dennis@kernel.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      178d1337
    • L
      Blk-iolatency: warn on negative inflight IO counter · 5f33e812
      Liu Bo 提交于
      [ Upstream commit 391f552af213985d3d324c60004475759a7030c5 ]
      
      This is to catch any unexpected negative value of inflight IO counter.
      Signed-off-by: NLiu Bo <bo.liu@linux.alibaba.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5f33e812
    • D
      hv_sock: Fix hang when a connection is closed · 91a71a61
      Dexuan Cui 提交于
      [ Upstream commit 685703b497bacea8765bb409d6b73455b73c540e ]
      
      There is a race condition for an established connection that is being closed
      by the guest: the refcnt is 4 at the end of hvs_release() (Note: here the
      'remove_sock' is false):
      
      1 for the initial value;
      1 for the sk being in the bound list;
      1 for the sk being in the connected list;
      1 for the delayed close_work.
      
      After hvs_release() finishes, __vsock_release() -> sock_put(sk) *may*
      decrease the refcnt to 3.
      
      Concurrently, hvs_close_connection() runs in another thread:
        calls vsock_remove_sock() to decrease the refcnt by 2;
        call sock_put() to decrease the refcnt to 0, and free the sk;
        next, the "release_sock(sk)" may hang due to use-after-free.
      
      In the above, after hvs_release() finishes, if hvs_close_connection() runs
      faster than "__vsock_release() -> sock_put(sk)", then there is not any issue,
      because at the beginning of hvs_close_connection(), the refcnt is still 4.
      
      The issue can be resolved if an extra reference is taken when the
      connection is established.
      
      Fixes: a9eeb998c28d ("hv_sock: Add support for delayed close")
      Signed-off-by: NDexuan Cui <decui@microsoft.com>
      Reviewed-by: NSunil Muthuswamy <sunilmut@microsoft.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      91a71a61
    • S
      batman-adv: Only read OGM tvlv_len after buffer len check · 86d5ae21
      Sven Eckelmann 提交于
      commit a15d56a60760aa9dbe26343b9a0ac5228f35d445 upstream.
      
      Multiple batadv_ogm_packet can be stored in an skbuff. The functions
      batadv_iv_ogm_send_to_if()/batadv_iv_ogm_receive() use
      batadv_iv_ogm_aggr_packet() to check if there is another additional
      batadv_ogm_packet in the skb or not before they continue processing the
      packet.
      
      The length for such an OGM is BATADV_OGM_HLEN +
      batadv_ogm_packet->tvlv_len. The check must first check that at least
      BATADV_OGM_HLEN bytes are available before it accesses tvlv_len (which is
      part of the header. Otherwise it might try read outside of the currently
      available skbuff to get the content of tvlv_len.
      
      Fixes: ef261577 ("batman-adv: tvlv - basic infrastructure")
      Reported-by: syzbot+355cab184197dbbfa384@syzkaller.appspotmail.com
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Acked-by: NAntonio Quartulli <a@unstable.cc>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      86d5ae21
    • E
      batman-adv: fix uninit-value in batadv_netlink_get_ifindex() · 4b5fee45
      Eric Dumazet 提交于
      commit 3ee1bb7aae97324ec9078da1f00cb2176919563f upstream.
      
      batadv_netlink_get_ifindex() needs to make sure user passed
      a correct u32 attribute.
      
      syzbot reported :
      BUG: KMSAN: uninit-value in batadv_netlink_dump_hardif+0x70d/0x880 net/batman-adv/netlink.c:968
      CPU: 1 PID: 11705 Comm: syz-executor888 Not tainted 5.1.0+ #1
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x191/0x1f0 lib/dump_stack.c:113
       kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
       __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
       batadv_netlink_dump_hardif+0x70d/0x880 net/batman-adv/netlink.c:968
       genl_lock_dumpit+0xc6/0x130 net/netlink/genetlink.c:482
       netlink_dump+0xa84/0x1ab0 net/netlink/af_netlink.c:2253
       __netlink_dump_start+0xa3a/0xb30 net/netlink/af_netlink.c:2361
       genl_family_rcv_msg net/netlink/genetlink.c:550 [inline]
       genl_rcv_msg+0xfc1/0x1a40 net/netlink/genetlink.c:627
       netlink_rcv_skb+0x431/0x620 net/netlink/af_netlink.c:2486
       genl_rcv+0x63/0x80 net/netlink/genetlink.c:638
       netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
       netlink_unicast+0xf3e/0x1020 net/netlink/af_netlink.c:1337
       netlink_sendmsg+0x127e/0x12f0 net/netlink/af_netlink.c:1926
       sock_sendmsg_nosec net/socket.c:651 [inline]
       sock_sendmsg net/socket.c:661 [inline]
       ___sys_sendmsg+0xcc6/0x1200 net/socket.c:2260
       __sys_sendmsg net/socket.c:2298 [inline]
       __do_sys_sendmsg net/socket.c:2307 [inline]
       __se_sys_sendmsg+0x305/0x460 net/socket.c:2305
       __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2305
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      RIP: 0033:0x440209
      
      Fixes: b60620cf ("batman-adv: netlink: hardif query")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4b5fee45
    • G
      powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction · 47a0f70d
      Gustavo Romero 提交于
      commit 8205d5d98ef7f155de211f5e2eb6ca03d95a5a60 upstream.
      
      When we take an FP unavailable exception in a transaction we have to
      account for the hardware FP TM checkpointed registers being
      incorrect. In this case for this process we know the current and
      checkpointed FP registers must be the same (since FP wasn't used
      inside the transaction) hence in the thread_struct we copy the current
      FP registers to the checkpointed ones.
      
      This copy is done in tm_reclaim_thread(). We use thread->ckpt_regs.msr
      to determine if FP was on when in userspace. thread->ckpt_regs.msr
      represents the state of the MSR when exiting userspace. This is setup
      by check_if_tm_restore_required().
      
      Unfortunatley there is an optimisation in giveup_all() which returns
      early if tsk->thread.regs->msr (via local variable `usermsr`) has
      FP=VEC=VSX=SPE=0. This optimisation means that
      check_if_tm_restore_required() is not called and hence
      thread->ckpt_regs.msr is not updated and will contain an old value.
      
      This can happen if due to load_fp=255 we start a userspace process
      with MSR FP=1 and then we are context switched out. In this case
      thread->ckpt_regs.msr will contain FP=1. If that same process is then
      context switched in and load_fp overflows, MSR will have FP=0. If that
      process now enters a transaction and does an FP instruction, the FP
      unavailable will not update thread->ckpt_regs.msr (the bug) and MSR
      FP=1 will be retained in thread->ckpt_regs.msr.  tm_reclaim_thread()
      will then not perform the required memcpy and the checkpointed FP regs
      in the thread struct will contain the wrong values.
      
      The code path for this happening is:
      
             Userspace:                      Kernel
                         Start userspace
                          with MSR FP/VEC/VSX/SPE=0 TM=1
                            < -----
             ...
             tbegin
             bne
             fp instruction
                         FP unavailable
                             ---- >
                                              fp_unavailable_tm()
      					  tm_reclaim_current()
      					    tm_reclaim_thread()
      					      giveup_all()
      					        return early since FP/VMX/VSX=0
      						/* ckpt MSR not updated (Incorrect) */
      					      tm_reclaim()
      					        /* thread_struct ckpt FP regs contain junk (OK) */
                                                    /* Sees ckpt MSR FP=1 (Incorrect) */
      					      no memcpy() performed
      					        /* thread_struct ckpt FP regs not fixed (Incorrect) */
      					  tm_recheckpoint()
      					     /* Put junk in hardware checkpoint FP regs */
                                               ....
                            < -----
                         Return to userspace
                           with MSR TM=1 FP=1
                           with junk in the FP TM checkpoint
             TM rollback
             reads FP junk
      
      This is a data integrity problem for the current process as the FP
      registers are corrupted. It's also a security problem as the FP
      registers from one process may be leaked to another.
      
      This patch moves up check_if_tm_restore_required() in giveup_all() to
      ensure thread->ckpt_regs.msr is updated correctly.
      
      A simple testcase to replicate this will be posted to
      tools/testing/selftests/powerpc/tm/tm-poison.c
      
      Similarly for VMX.
      
      This fixes CVE-2019-15030.
      
      Fixes: f48e91e8 ("powerpc/tm: Fix FP and VMX register corruption")
      Cc: stable@vger.kernel.org # 4.12+
      Signed-off-by: NGustavo Romero <gromero@linux.vnet.ibm.com>
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190904045529.23002-1-gromero@linux.vnet.ibm.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      47a0f70d
    • T
      vhost/test: fix build for vhost test - again · 6e7040d6
      Tiwei Bie 提交于
      commit 264b563b8675771834419057cbe076c1a41fb666 upstream.
      
      Since vhost_exceeds_weight() was introduced, callers need to specify
      the packet weight and byte weight in vhost_dev_init(). Note that, the
      packet weight isn't counted in this patch to keep the original behavior
      unchanged.
      
      Fixes: e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
      Cc: stable@vger.kernel.org
      Signed-off-by: NTiwei Bie <tiwei.bie@intel.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Acked-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6e7040d6
    • T
      vhost/test: fix build for vhost test · 4f45483f
      Tiwei Bie 提交于
      commit 93d2c4de8d8129b97ee1e1a222aedb0719d2fcd9 upstream.
      
      Since below commit, callers need to specify the iov_limit in
      vhost_dev_init() explicitly.
      
      Fixes: b46a0bf78ad7 ("vhost: fix OOB in get_rx_bufs()")
      Cc: stable@vger.kernel.org
      Signed-off-by: NTiwei Bie <tiwei.bie@intel.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Acked-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4f45483f
    • D
      drm/vmwgfx: Fix double free in vmw_recv_msg() · dcd22e14
      Dan Carpenter 提交于
      commit 08b0c891605acf727e43e3e03a25857d3e789b61 upstream.
      
      We recently added a kfree() after the end of the loop:
      
      	if (retries == RETRIES) {
      		kfree(reply);
      		return -EINVAL;
      	}
      
      There are two problems.  First the test is wrong and because retries
      equals RETRIES if we succeed on the last iteration through the loop.
      Second if we fail on the last iteration through the loop then the kfree
      is a double free.
      
      When you're reading this code, please note the break statement at the
      end of the while loop.  This patch changes the loop so that if it's not
      successful then "reply" is NULL and we can test for that afterward.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 6b7c3b86f0b6 ("drm/vmwgfx: fix memory leak when too many retries have occurred")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: NThomas Hellstrom <thellstrom@vmware.com>
      Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dcd22e14
    • L
      sched/fair: Don't assign runtime for throttled cfs_rq · 38d38d1e
      Liangyan 提交于
      commit 5e2d2cc2588bd3307ce3937acbc2ed03c830a861 upstream.
      
      do_sched_cfs_period_timer() will refill cfs_b runtime and call
      distribute_cfs_runtime to unthrottle cfs_rq, sometimes cfs_b->runtime
      will allocate all quota to one cfs_rq incorrectly, then other cfs_rqs
      attached to this cfs_b can't get runtime and will be throttled.
      
      We find that one throttled cfs_rq has non-negative
      cfs_rq->runtime_remaining and cause an unexpetced cast from s64 to u64
      in snippet:
      
        distribute_cfs_runtime() {
          runtime = -cfs_rq->runtime_remaining + 1;
        }
      
      The runtime here will change to a large number and consume all
      cfs_b->runtime in this cfs_b period.
      
      According to Ben Segall, the throttled cfs_rq can have
      account_cfs_rq_runtime called on it because it is throttled before
      idle_balance, and the idle_balance calls update_rq_clock to add time
      that is accounted to the task.
      
      This commit prevents cfs_rq to be assgined new runtime if it has been
      throttled until that distribute_cfs_runtime is called.
      Signed-off-by: NLiangyan <liangyan.peng@linux.alibaba.com>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Reviewed-by: NValentin Schneider <valentin.schneider@arm.com>
      Reviewed-by: NBen Segall <bsegall@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: shanpeic@linux.alibaba.com
      Cc: stable@vger.kernel.org
      Cc: xlpang@linux.alibaba.com
      Fixes: d3d9dc33 ("sched: Throttle entities exceeding their allowed bandwidth")
      Link: https://lkml.kernel.org/r/20190826121633.6538-1-liangyan.peng@linux.alibaba.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      38d38d1e
    • H
      ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre · 044ab471
      Hui Wang 提交于
      commit 2a36c16efab254dd6017efeb35ad88ecc96f2328 upstream.
      
      This ThinkCentre machine has a new realtek codec alc222, it is not
      in the support list, we add it in the realtek.c then this machine
      can apply FIXUPs for the realtek codec.
      
      And this machine has two front mics which can't be handled
      by PA so far, it uses the pin 0x18 and 0x19 as the front mics, as
      a result the existing FIXUP ALC294_FIXUP_LENOVO_MIC_LOCATION doesn't
      work on this machine. Fortunately another FIXUP
      ALC283_FIXUP_HEADSET_MIC also can change the location for one of the
      two mics on this machine.
      
      Link: https://lore.kernel.org/r/20190904055327.9883-1-hui.wang@canonical.comSigned-off-by: NHui Wang <hui.wang@canonical.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      044ab471
    • J
      ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL · 849f85bf
      Jian-Hong Pan 提交于
      commit 60083f9e94b2f28047d71ed778adf89357c1a8fb upstream.
      
      Original pin node values of ASUS UX431FL with ALC294:
      
      0x12 0xb7a60140
      0x13 0x40000000
      0x14 0x90170110
      0x15 0x411111f0
      0x16 0x411111f0
      0x17 0x90170111
      0x18 0x411111f0
      0x19 0x411111f0
      0x1a 0x411111f0
      0x1b 0x411111f0
      0x1d 0x4066852d
      0x1e 0x411111f0
      0x1f 0x411111f0
      0x21 0x04211020
      
      1. Has duplicated internal speakers (0x14 & 0x17) which makes the output
         route become confused. So, the output volume cannot be changed by
         setting.
      2. Misses the headset mic pin node.
      
      This patch disables the confusing speaker (NID 0x14) and enables the
      headset mic (NID 0x19).
      
      Link: https://lore.kernel.org/r/20190902100054.6941-1-jian-hong@endlessm.comSigned-off-by: NJian-Hong Pan <jian-hong@endlessm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      849f85bf
    • S
      ALSA: hda/realtek - Add quirk for HP Pavilion 15 · a956998a
      Sam Bazley 提交于
      commit d33cd42d86671bed870827aa399aeb9f1da74119 upstream.
      
      HP Pavilion 15 (AMD Ryzen-based model) with 103c:84e7 needs the same
      quirk like HP Envy/Spectre x360 for enabling the mute LED over Mic3 pin.
      
      [ rearranged in the SSID number order by tiwai ]
      Signed-off-by: NSam Bazley <sambazley@fastmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a956998a
    • T
      ALSA: hda/realtek - Fix overridden device-specific initialization · d11ca2d7
      Takashi Iwai 提交于
      commit 89781d0806c2c4f29072d3f00cb2dd4274aabc3d upstream.
      
      The recent change to shuffle the codec initialization procedure for
      Realtek via commit 607ca3bd220f ("ALSA: hda/realtek - EAPD turn on
      later") caused the silent output on some machines.  This change was
      supposed to be safe, but it isn't actually; some devices have quirk
      setups to override the EAPD via COEF or BTL in the additional verb
      table, which is applied at the beginning of snd_hda_gen_init().  And
      this EAPD setup is again overridden in alc_auto_init_amp().
      
      For recovering from the regression, tell snd_hda_gen_init() not to
      apply the verbs there by a new flag, then apply the verbs in
      alc_init().
      
      BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204727
      Fixes: 607ca3bd220f ("ALSA: hda/realtek - EAPD turn on later")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d11ca2d7
    • T
      ALSA: hda - Fix potential endless loop at applying quirks · 2c4d2ce8
      Takashi Iwai 提交于
      commit 333f31436d3db19f4286f8862a00ea1d8d8420a1 upstream.
      
      Since the chained quirks via chained_before flag is applied before the
      depth check, it may lead to the endless recursive calls, when the
      chain were set up incorrectly.  Fix it by moving the depth check at
      the beginning of the loop.
      
      Fixes: 1f578250 ("ALSA: hda - Add chained_before flag to the fixup entry")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2c4d2ce8
  2. 10 9月, 2019 3 次提交