linux-stable.git/drivers/firewire, branch v3.16.78 Linux kernel stable tree firewire: net: fix fragmented datagram_size off-by-one 2017-02-23T03:54:28+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2016-10-30T16:32:01+00:00 f31d4542bf1aa7c7c902cb9066fb37d4e8d9e3b6 commit e9300a4b7bbae83af1f7703938c94cf6dc6d308f upstream. RFC 2734 defines the datagram_size field in fragment encapsulation headers thus: datagram_size: The encoded size of the entire IP datagram. The value of datagram_size [...] SHALL be one less than the value of Total Length in the datagram's IP header (see STD 5, RFC 791). Accordingly, the eth1394 driver of Linux 2.6.36 and older set and got this field with a -/+1 offset: ether1394_tx() /* transmit */ ether1394_encapsulate_prep() hdr->ff.dg_size = dg_size - 1; ether1394_data_handler() /* receive */ if (hdr->common.lf == ETH1394_HDR_LF_FF) dg_size = hdr->ff.dg_size + 1; else dg_size = hdr->sf.dg_size + 1; Likewise, I observe OS X 10.4 and Windows XP Pro SP3 to transmit 1500 byte sized datagrams in fragments with datagram_size=1499 if link fragmentation is required. Only firewire-net sets and gets datagram_size without this offset. The result is lacking interoperability of firewire-net with OS X, Windows XP, and presumably Linux' eth1394. (I did not test with the latter.) For example, FTP data transfers to a Linux firewire-net box with max_rec smaller than the 1500 bytes MTU - from OS X fail entirely, - from Win XP start out with a bunch of fragmented datagrams which time out, then continue with unfragmented datagrams because Win XP temporarily reduces the MTU to 576 bytes. So let's fix firewire-net's datagram_size accessors. Note that firewire-net thereby loses interoperability with unpatched firewire-net, but only if link fragmentation is employed. (This happens with large broadcast datagrams, and with large datagrams on several FireWire CardBus cards with smaller max_rec than equivalent PCI cards, and it can be worked around by setting a small enough MTU.) Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 
commit e9300a4b7bbae83af1f7703938c94cf6dc6d308f upstream.

RFC 2734 defines the datagram_size field in fragment encapsulation
headers thus:

    datagram_size:  The encoded size of the entire IP datagram.  The
    value of datagram_size [...] SHALL be one less than the value of
    Total Length in the datagram's IP header (see STD 5, RFC 791).

Accordingly, the eth1394 driver of Linux 2.6.36 and older set and got
this field with a -/+1 offset:

    ether1394_tx() /* transmit */
        ether1394_encapsulate_prep()
            hdr->ff.dg_size = dg_size - 1;

    ether1394_data_handler() /* receive */
        if (hdr->common.lf == ETH1394_HDR_LF_FF)
            dg_size = hdr->ff.dg_size + 1;
        else
            dg_size = hdr->sf.dg_size + 1;

Likewise, I observe OS X 10.4 and Windows XP Pro SP3 to transmit 1500
byte sized datagrams in fragments with datagram_size=1499 if link
fragmentation is required.

Only firewire-net sets and gets datagram_size without this offset.  The
result is lacking interoperability of firewire-net with OS X, Windows
XP, and presumably Linux' eth1394.  (I did not test with the latter.)
For example, FTP data transfers to a Linux firewire-net box with max_rec
smaller than the 1500 bytes MTU
  - from OS X fail entirely,
  - from Win XP start out with a bunch of fragmented datagrams which
    time out, then continue with unfragmented datagrams because Win XP
    temporarily reduces the MTU to 576 bytes.

So let's fix firewire-net's datagram_size accessors.

Note that firewire-net thereby loses interoperability with unpatched
firewire-net, but only if link fragmentation is employed.  (This happens
with large broadcast datagrams, and with large datagrams on several
FireWire CardBus cards with smaller max_rec than equivalent PCI cards,
and it can be worked around by setting a small enough MTU.)

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
firewire: net: guard against rx buffer overflows 2016-11-20T01:17:37+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2016-10-29T19:28:18+00:00 88eadd913f235ffd29767b504fd68caaa1394f76 commit 667121ace9dbafb368618dbabcf07901c962ddac upstream. The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin <eyal.itkin@gmail.com> Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com> Fixes: CVE 2016-8633 Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 
commit 667121ace9dbafb368618dbabcf07901c962ddac upstream.

The IP-over-1394 driver firewire-net lacked input validation when
handling incoming fragmented datagrams.  A maliciously formed fragment
with a respectively large datagram_offset would cause a memcpy past the
datagram buffer.

So, drop any packets carrying a fragment with offset + length larger
than datagram_size.

In addition, ensure that
  - GASP header, unfragmented encapsulation header, or fragment
    encapsulation header actually exists before we access it,
  - the encapsulated datagram or fragment is of nonzero size.

Reported-by: Eyal Itkin <eyal.itkin@gmail.com>
Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com>
Fixes: CVE 2016-8633
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
firewire: ohci: fix JMicron JMB38x IT context discovery 2015-12-13T17:49:09+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2015-11-03T00:46:21+00:00 bf60a52fcbe81bf61018413f345e2db46614df80 commit 100ceb66d5c40cc0c7018e06a9474302470be73c upstream. Reported by Clifford and Craig for JMicron OHCI-1394 + SDHCI combo controllers: Often or even most of the time, the controller is initialized with the message "added OHCI v1.10 device as card 0, 4 IR + 0 IT contexts, quirks 0x10". With 0 isochronous transmit DMA contexts (IT contexts), applications like audio output are impossible. However, OHCI-1394 demands that at least 4 IT contexts are implemented by the link layer controller, and indeed JMicron JMB38x do implement four of them. Only their IsoXmitIntMask register is unreliable at early access. With my own JMB381 single function controller I found: - I can reproduce the problem with a lower probability than Craig's. - If I put a loop around the section which clears and reads IsoXmitIntMask, then either the first or the second attempt will return the correct initial mask of 0x0000000f. I never encountered a case of needing more than a second attempt. - Consequently, if I put a dummy reg_read(...IsoXmitIntMaskSet) before the first write, the subsequent read will return the correct result. - If I merely ignore a wrong read result and force the known real result, later isochronous transmit DMA usage works just fine. So let's just fix this chip bug up by the latter method. Tested with JMB381 on kernel 3.13 and 4.3. Since OHCI-1394 generally requires 4 IT contexts at a minium, this workaround is simply applied whenever the initial read of IsoXmitIntMask returns 0, regardless whether it's a JMicron chip or not. I never heard of this issue together with any other chip though. I am not 100% sure that this fix works on the OHCI-1394 part of JMB380 and JMB388 combo controllers exactly the same as on the JMB381 single- function controller, but so far I haven't had a chance to let an owner of a combo chip run a patched kernel. Strangely enough, IsoRecvIntMask is always reported correctly, even though it is probed right before IsoXmitIntMask. Reported-by: Clifford Dunn Reported-by: Craig Moore <craig.moore@qenos.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 
commit 100ceb66d5c40cc0c7018e06a9474302470be73c upstream.

Reported by Clifford and Craig for JMicron OHCI-1394 + SDHCI combo
controllers:  Often or even most of the time, the controller is
initialized with the message "added OHCI v1.10 device as card 0, 4 IR +
0 IT contexts, quirks 0x10".  With 0 isochronous transmit DMA contexts
(IT contexts), applications like audio output are impossible.

However, OHCI-1394 demands that at least 4 IT contexts are implemented
by the link layer controller, and indeed JMicron JMB38x do implement
four of them.  Only their IsoXmitIntMask register is unreliable at early
access.

With my own JMB381 single function controller I found:
  - I can reproduce the problem with a lower probability than Craig's.
  - If I put a loop around the section which clears and reads
    IsoXmitIntMask, then either the first or the second attempt will
    return the correct initial mask of 0x0000000f.  I never encountered
    a case of needing more than a second attempt.
  - Consequently, if I put a dummy reg_read(...IsoXmitIntMaskSet)
    before the first write, the subsequent read will return the correct
    result.
  - If I merely ignore a wrong read result and force the known real
    result, later isochronous transmit DMA usage works just fine.

So let's just fix this chip bug up by the latter method.  Tested with
JMB381 on kernel 3.13 and 4.3.

Since OHCI-1394 generally requires 4 IT contexts at a minium, this
workaround is simply applied whenever the initial read of IsoXmitIntMask
returns 0, regardless whether it's a JMicron chip or not.  I never heard
of this issue together with any other chip though.

I am not 100% sure that this fix works on the OHCI-1394 part of JMB380
and JMB388 combo controllers exactly the same as on the JMB381 single-
function controller, but so far I haven't had a chance to let an owner
of a combo chip run a patched kernel.

Strangely enough, IsoRecvIntMask is always reported correctly, even
though it is probed right before IsoXmitIntMask.

Reported-by: Clifford Dunn
Reported-by: Craig Moore <craig.moore@qenos.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
firewire: cdev: prevent kernel stack leaking into ioctl arguments 2014-11-27T11:21:52+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2014-11-11T16:16:44+00:00 cec4c7e47c4f3ced43d346fbe686ebb122d59fa2 commit eaca2d8e75e90a70a63a6695c9f61932609db212 upstream. Found by the UC-KLEE tool: A user could supply less input to firewire-cdev ioctls than write- or write/read-type ioctl handlers expect. The handlers used data from uninitialized kernel stack then. This could partially leak back to the user if the kernel subsequently generated fw_cdev_event_'s (to be read from the firewire-cdev fd) which notably would contain the _u64 closure field which many of the ioctl argument structures contain. The fact that the handlers would act on random garbage input is a lesser issue since all handlers must check their input anyway. The fix simply always null-initializes the entire ioctl argument buffer regardless of the actual length of expected user input. That is, a runtime overhead of memset(..., 40) is added to each firewirew-cdev ioctl() call. [Comment from Clemens Ladisch: This part of the stack is most likely to be already in the cache.] Remarks: - There was never any leak from kernel stack to the ioctl output buffer itself. IOW, it was not possible to read kernel stack by a read-type or write/read-type ioctl alone; the leak could at most happen in combination with read()ing subsequent event data. - The actual expected minimum user input of each ioctl from include/uapi/linux/firewire-cdev.h is, in bytes: [0x00] = 32, [0x05] = 4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16, [0x01] = 36, [0x06] = 20, [0x0b] = 4, [0x10] = 20, [0x15] = 20, [0x02] = 20, [0x07] = 4, [0x0c] = 0, [0x11] = 0, [0x16] = 8, [0x03] = 4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12, [0x04] = 20, [0x09] = 24, [0x0e] = 4, [0x13] = 40, [0x18] = 4. Reported-by: David Ramos <daramos@stanford.edu> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 
commit eaca2d8e75e90a70a63a6695c9f61932609db212 upstream.

Found by the UC-KLEE tool:  A user could supply less input to
firewire-cdev ioctls than write- or write/read-type ioctl handlers
expect.  The handlers used data from uninitialized kernel stack then.

This could partially leak back to the user if the kernel subsequently
generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
which notably would contain the _u64 closure field which many of the
ioctl argument structures contain.

The fact that the handlers would act on random garbage input is a
lesser issue since all handlers must check their input anyway.

The fix simply always null-initializes the entire ioctl argument buffer
regardless of the actual length of expected user input.  That is, a
runtime overhead of memset(..., 40) is added to each firewirew-cdev
ioctl() call.  [Comment from Clemens Ladisch:  This part of the stack is
most likely to be already in the cache.]

Remarks:
  - There was never any leak from kernel stack to the ioctl output
    buffer itself.  IOW, it was not possible to read kernel stack by a
    read-type or write/read-type ioctl alone; the leak could at most
    happen in combination with read()ing subsequent event data.
  - The actual expected minimum user input of each ioctl from
    include/uapi/linux/firewire-cdev.h is, in bytes:
    [0x00] = 32, [0x05] =  4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
    [0x01] = 36, [0x06] = 20, [0x0b] =  4, [0x10] = 20, [0x15] = 20,
    [0x02] = 20, [0x07] =  4, [0x0c] =  0, [0x11] =  0, [0x16] =  8,
    [0x03] =  4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
    [0x04] = 20, [0x09] = 24, [0x0e] =  4, [0x13] = 40, [0x18] =  4.

Reported-by: David Ramos <daramos@stanford.edu>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Merge tag 'firewire-fix-vt6315' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 2014-07-27T16:42:06+00:00 Linus Torvalds torvalds@linux-foundation.org 2014-07-27T16:42:06+00:00 2bdb5eb79bbb0403fd272d097b14ae649302b98d Pull firewire regression fix from Stefan Richter: "IEEE 1394 (FireWire) subsystem fix: MSI don't work on VIA PCIe controllers with some isochronous workloads (regression since v3.16-rc1)" * tag 'firewire-fix-vt6315' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: ohci: disable MSI for VIA VT6315 again 
Pull firewire regression fix from Stefan Richter:
 "IEEE 1394 (FireWire) subsystem fix: MSI don't work on VIA PCIe
  controllers with some isochronous workloads (regression since
  v3.16-rc1)"

* tag 'firewire-fix-vt6315' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: ohci: disable MSI for VIA VT6315 again
firewire: ohci: disable MSI for VIA VT6315 again 2014-07-23T18:11:19+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2014-07-23T18:08:12+00:00 d584a66279949561418c82b12bb4c055e6c25836 Revert half of commit d151f9854f21: If isochronous I/O is attempted with packets larget than 1 kByte, VIA VT6315 rev 01 immediately stops to generate any interrupts if MSI are used. Fix this by going back to legacy interrupts. [Thread "Isochronous streaming with VT6315 OHCI", http://marc.info/?t=139049641500003] With smaller packets, the loss of IRQs happens too but only very rarely --- rarely eneough that it was not yet possible for me to determine whether QUIRK_NO_MSI is an actual fix for this rare variation of this chip bug. I am keeping QUIRK_CYCLE_TIMER off of VT6315 rev >= 1 because this has been verified by myself with certainty. On the other hand, I am also keeping QUIRK_CYCLE_TIMER on for VT6315 rev 0 because I don't know at this time whether this revision accesses Cycle Timer non-atomically like most of the other VIA OHCIs are known to do. Reported-by: Rémy Bruno <remy-fw@remy.trinnov.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Revert half of commit d151f9854f21:  If isochronous I/O is attempted with
packets larget than 1 kByte, VIA VT6315 rev 01 immediately stops to generate
any interrupts if MSI are used.  Fix this by going back to legacy interrupts.
[Thread "Isochronous streaming with VT6315 OHCI",
http://marc.info/?t=139049641500003]

With smaller packets, the loss of IRQs happens too but only very rarely ---
rarely eneough that it was not yet possible for me to determine whether
QUIRK_NO_MSI is an actual fix for this rare variation of this chip bug.

I am keeping QUIRK_CYCLE_TIMER off of VT6315 rev >= 1 because this has been
verified by myself with certainty.  On the other hand, I am also keeping
QUIRK_CYCLE_TIMER on for VT6315 rev 0 because I don't know at this time
whether this revision accesses Cycle Timer non-atomically like most of the
other VIA OHCIs are known to do.

Reported-by: Rémy Bruno <remy-fw@remy.trinnov.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 2014-07-15T00:17:53+00:00 Linus Torvalds torvalds@linux-foundation.org 2014-07-15T00:17:53+00:00 1b81e88189446fd6ee21e7e76770154931c5ea60 Pull firewire fix from Stefan Richter: "The 1394 drivers cannot and are not supposed to be built on platforms which don't provide the DMA mapping API (regression since v3.16-rc1 with CONFIG_COMPILE_TEST=y on some architectures)" * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: IEEE 1394 (FireWire) support should depend on HAS_DMA 
Pull firewire fix from Stefan Richter:
 "The 1394 drivers cannot and are not supposed to be built on platforms
  which don't provide the DMA mapping API (regression since v3.16-rc1
  with CONFIG_COMPILE_TEST=y on some architectures)"

* tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: IEEE 1394 (FireWire) support should depend on HAS_DMA
firewire: IEEE 1394 (FireWire) support should depend on HAS_DMA 2014-07-13T18:53:25+00:00 Geert Uytterhoeven geert@linux-m68k.org 2014-07-09T19:04:00+00:00 655fc39bf40331e13503bed85c9ed0278bc35575 Commit b3d681a4fc108f9653bbb44e4f4e72db2b8a5734 ("firewire: Use COMPILE_TEST for build testing") added COMPILE_TEST as an alternative dependency for the purpose of build testing the firewire core. However, this bypasses all other implicit dependencies assumed by PCI, like HAS_DMA. If NO_DMA=y: drivers/built-in.o: In function `fw_iso_buffer_destroy': (.text+0x36a096): undefined reference to `dma_unmap_page' drivers/built-in.o: In function `fw_iso_buffer_map_dma': (.text+0x36a164): undefined reference to `dma_map_page' drivers/built-in.o: In function `fw_iso_buffer_map_dma': (.text+0x36a172): undefined reference to `dma_mapping_error' drivers/built-in.o: In function `sbp2_send_management_orb': sbp2.c:(.text+0x36c6b4): undefined reference to `dma_map_single' sbp2.c:(.text+0x36c6c8): undefined reference to `dma_mapping_error' sbp2.c:(.text+0x36c772): undefined reference to `dma_map_single' sbp2.c:(.text+0x36c786): undefined reference to `dma_mapping_error' sbp2.c:(.text+0x36c854): undefined reference to `dma_unmap_single' sbp2.c:(.text+0x36c872): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sbp2_map_scatterlist': sbp2.c:(.text+0x36ccbc): undefined reference to `scsi_dma_map' sbp2.c:(.text+0x36cd36): undefined reference to `dma_map_single' sbp2.c:(.text+0x36cd4e): undefined reference to `dma_mapping_error' sbp2.c:(.text+0x36cd84): undefined reference to `scsi_dma_unmap' drivers/built-in.o: In function `sbp2_unmap_scatterlist': sbp2.c:(.text+0x36cda6): undefined reference to `scsi_dma_unmap' sbp2.c:(.text+0x36cdc6): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `complete_command_orb': sbp2.c:(.text+0x36d6ac): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sbp2_scsi_queuecommand': sbp2.c:(.text+0x36d8e0): undefined reference to `dma_map_single' sbp2.c:(.text+0x36d8f6): undefined reference to `dma_mapping_error' Add an explicit dependency on HAS_DMA to fix this. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Reviewed-by: Jean Delvare <jdelvare@suse.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Commit b3d681a4fc108f9653bbb44e4f4e72db2b8a5734 ("firewire: Use
COMPILE_TEST for build testing") added COMPILE_TEST as an alternative
dependency for the purpose of build testing the firewire core.
However, this bypasses all other implicit dependencies assumed by PCI,
like HAS_DMA.

If NO_DMA=y:

    drivers/built-in.o: In function `fw_iso_buffer_destroy':
    (.text+0x36a096): undefined reference to `dma_unmap_page'
    drivers/built-in.o: In function `fw_iso_buffer_map_dma':
    (.text+0x36a164): undefined reference to `dma_map_page'
    drivers/built-in.o: In function `fw_iso_buffer_map_dma':
    (.text+0x36a172): undefined reference to `dma_mapping_error'
    drivers/built-in.o: In function `sbp2_send_management_orb':
    sbp2.c:(.text+0x36c6b4): undefined reference to `dma_map_single'
    sbp2.c:(.text+0x36c6c8): undefined reference to `dma_mapping_error'
    sbp2.c:(.text+0x36c772): undefined reference to `dma_map_single'
    sbp2.c:(.text+0x36c786): undefined reference to `dma_mapping_error'
    sbp2.c:(.text+0x36c854): undefined reference to `dma_unmap_single'
    sbp2.c:(.text+0x36c872): undefined reference to `dma_unmap_single'
    drivers/built-in.o: In function `sbp2_map_scatterlist':
    sbp2.c:(.text+0x36ccbc): undefined reference to `scsi_dma_map'
    sbp2.c:(.text+0x36cd36): undefined reference to `dma_map_single'
    sbp2.c:(.text+0x36cd4e): undefined reference to `dma_mapping_error'
    sbp2.c:(.text+0x36cd84): undefined reference to `scsi_dma_unmap'
    drivers/built-in.o: In function `sbp2_unmap_scatterlist':
    sbp2.c:(.text+0x36cda6): undefined reference to `scsi_dma_unmap'
    sbp2.c:(.text+0x36cdc6): undefined reference to `dma_unmap_single'
    drivers/built-in.o: In function `complete_command_orb':
    sbp2.c:(.text+0x36d6ac): undefined reference to `dma_unmap_single'
    drivers/built-in.o: In function `sbp2_scsi_queuecommand':
    sbp2.c:(.text+0x36d8e0): undefined reference to `dma_map_single'
    sbp2.c:(.text+0x36d8f6): undefined reference to `dma_mapping_error'

Add an explicit dependency on HAS_DMA to fix this.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Merge tag 'sound-3.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound into next 2014-06-04T16:08:25+00:00 Linus Torvalds torvalds@linux-foundation.org 2014-06-04T16:08:25+00:00 b77279bc2e81545b20824da701b349272a78e4e7 Pull sound updates from Takashi Iwai: "At this time, majority of changes come from ASoC world while we got a few new drivers in other places for FireWire and USB. There have been lots of ASoC core cleanups / refactoring, but very little visible to external users. ASoC: - Support for specifying aux CODECs in DT - Removal of the deprecated mux and enum macros - More moves towards full componentisation - Removal of some unused I/O code - Lots of cleanups, fixes and enhancements to the davinci, Freescale, Haswell and Realtek drivers - Several drivers exposed directly in Kconfig for use with simple-card - GPIO descriptor support for jacks - More updates and fixes to the Freescale SSI, Intel and rsnd drivers - New drivers for Cirrus CS42L56, Realtek RT5639, RT5642 and RT5651 and ST STA350, Analog Devices ADAU1361, ADAU1381, ADAU1761 and ADAU1781, and Realtek RT5677 HD-audio: - Clean up Dell headset quirks - Noise fixes for Dell and Sony laptops - Thinkpad T440 dock fix - Realtek codec updates (ALC293,ALC233,ALC3235) - Tegra HD-audio HDMI support FireWire-audio: - FireWire audio stack enhancement (AMDTP, MIDI), support for incoming isochronous stream and duplex streams with timestamp synchronization - BeBoB-based devices support - Fireworks-based device support USB-audio: - Behringer BCD2000 USB device support Misc: - Clean up of a few old drivers, atmel, fm801, etc" * tag 'sound-3.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (480 commits) ASoC: Fix wrong argument for card remove callbacks ASoC: free jack GPIOs before the sound card is freed ALSA: firewire-lib: Remove a comment about restriction of asynchronous operation ASoC: cache: Fix error code when not using ASoC level cache ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop ALSA: firewire-lib: Use IEC 61883-6 compliant labels for Raw Audio data ASoC: add RT5677 CODEC driver ASoC: intel: The Baytrail/MAX98090 driver depends on I2C ASoC: rt5640: Add the function "get_clk_info" to RL6231 shared support ASoC: rt5640: Add the function of the PLL clock calculation to RL6231 shared support ASoC: rt5640: Add RL6231 class device shared support for RT5640, RT5645 and RT5651 ASoC: cache: Fix possible ZERO_SIZE_PTR pointer dereferencing error. ASoC: Add helper functions to cast from DAPM context to CODEC/platform ALSA: bebob: sizeof() vs ARRAY_SIZE() typo ASoC: wm9713: correct mono out PGA sources ALSA: synth: emux: soundfont.c: Cleaning up memory leak ASoC: fsl: Remove dependencies of boards for SND_SOC_EUKREA_TLV320 ASoC: fsl-ssi: Use regmap ASoC: fsl-ssi: reorder and document fsl_ssi_private ... 
Pull sound updates from Takashi Iwai:
 "At this time, majority of changes come from ASoC world while we got a
  few new drivers in other places for FireWire and USB.  There have been
  lots of ASoC core cleanups / refactoring, but very little visible to
  external users.

  ASoC:
   - Support for specifying aux CODECs in DT
   - Removal of the deprecated mux and enum macros
   - More moves towards full componentisation
   - Removal of some unused I/O code
   - Lots of cleanups, fixes and enhancements to the davinci, Freescale,
     Haswell and Realtek drivers
   - Several drivers exposed directly in Kconfig for use with
     simple-card
   - GPIO descriptor support for jacks
   - More updates and fixes to the Freescale SSI, Intel and rsnd drivers
   - New drivers for Cirrus CS42L56, Realtek RT5639, RT5642 and RT5651
     and ST STA350, Analog Devices ADAU1361, ADAU1381, ADAU1761 and
     ADAU1781, and Realtek RT5677

  HD-audio:
   - Clean up Dell headset quirks
   - Noise fixes for Dell and Sony laptops
   - Thinkpad T440 dock fix
   - Realtek codec updates (ALC293,ALC233,ALC3235)
   - Tegra HD-audio HDMI support

  FireWire-audio:
   - FireWire audio stack enhancement (AMDTP, MIDI), support for
     incoming isochronous stream and duplex streams with timestamp
     synchronization
   - BeBoB-based devices support
   - Fireworks-based device support

  USB-audio:
   - Behringer BCD2000 USB device support

  Misc:
   - Clean up of a few old drivers, atmel, fm801, etc"

* tag 'sound-3.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (480 commits)
  ASoC: Fix wrong argument for card remove callbacks
  ASoC: free jack GPIOs before the sound card is freed
  ALSA: firewire-lib: Remove a comment about restriction of asynchronous operation
  ASoC: cache: Fix error code when not using ASoC level cache
  ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
  ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
  ALSA: firewire-lib: Use IEC 61883-6 compliant labels for Raw Audio data
  ASoC: add RT5677 CODEC driver
  ASoC: intel: The Baytrail/MAX98090 driver depends on I2C
  ASoC: rt5640: Add the function "get_clk_info" to RL6231 shared support
  ASoC: rt5640: Add the function of the PLL clock calculation to RL6231 shared support
  ASoC: rt5640: Add RL6231 class device shared support for RT5640, RT5645 and RT5651
  ASoC: cache: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
  ASoC: Add helper functions to cast from DAPM context to CODEC/platform
  ALSA: bebob: sizeof() vs ARRAY_SIZE() typo
  ASoC: wm9713: correct mono out PGA sources
  ALSA: synth: emux: soundfont.c: Cleaning up memory leak
  ASoC: fsl: Remove dependencies of boards for SND_SOC_EUKREA_TLV320
  ASoC: fsl-ssi: Use regmap
  ASoC: fsl-ssi: reorder and document fsl_ssi_private
  ...
Merge tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 into next 2014-06-04T14:47:03+00:00 Linus Torvalds torvalds@linux-foundation.org 2014-06-04T14:47:03+00:00 1b3636093d4e07f5fc8a8eb2f9a5e14a5a2674bf Pull firewire updates from Stefan Richter: "IEEE 1394 (FireWire) subsystem changes: One optimization for some VIA controllers, one fix, one kconfig brushup" * tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: ohci: enable MSI for VIA VT6315 rev 1, drop cycle timer quirk firewire: Use COMPILE_TEST for build testing firewire: net: fix NULL derefencing in fwnet_probe() 
Pull firewire updates from Stefan Richter:
 "IEEE 1394 (FireWire) subsystem changes: One optimization for some VIA
  controllers, one fix, one kconfig brushup"

* tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: ohci: enable MSI for VIA VT6315 rev 1, drop cycle timer quirk
  firewire: Use COMPILE_TEST for build testing
  firewire: net: fix NULL derefencing in fwnet_probe()