<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/include/sound, branch v3.16.52</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ALSA: seq: Avoid invalid lockdep class warning</title>
<updated>2018-01-01T20:52:05+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2017-11-06T19:16:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a7a1e985acc925aacf54e7cd96d2032c2620b3b1'/>
<id>a7a1e985acc925aacf54e7cd96d2032c2620b3b1</id>
<content type='text'>
commit 3510c7aa069aa83a2de6dab2b41401a198317bdc upstream.

The recent fix for adding rwsem nesting annotation was using the given
"hop" argument as the lock subclass key.  Although the idea itself
works, it may trigger a kernel warning like:
  BUG: looking up invalid subclass: 8
  ....
since the lockdep has a smaller number of subclasses (8) than we
currently allow for the hops there (10).

The current definition is merely a sanity check for avoiding the too
deep delivery paths, and the 8 hops are already enough.  So, as a
quick fix, just follow the max hops as same as the max lockdep
subclasses.

Fixes: 1f20f9ff57ca ("ALSA: seq: Fix nested rwsem annotation for lockdep splat")
Reported-by: syzbot &lt;syzkaller@googlegroups.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 3510c7aa069aa83a2de6dab2b41401a198317bdc upstream.

The recent fix for adding rwsem nesting annotation was using the given
"hop" argument as the lock subclass key.  Although the idea itself
works, it may trigger a kernel warning like:
  BUG: looking up invalid subclass: 8
  ....
since the lockdep has a smaller number of subclasses (8) than we
currently allow for the hops there (10).

The current definition is merely a sanity check for avoiding the too
deep delivery paths, and the 8 hops are already enough.  So, as a
quick fix, just follow the max hops as same as the max lockdep
subclasses.

Fixes: 1f20f9ff57ca ("ALSA: seq: Fix nested rwsem annotation for lockdep splat")
Reported-by: syzbot &lt;syzkaller@googlegroups.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ALSA: timer: Limit max instances per timer</title>
<updated>2018-01-01T20:52:05+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2017-11-05T09:07:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7d1e8308873ed4084e2fccaad541b4f66686f6c3'/>
<id>7d1e8308873ed4084e2fccaad541b4f66686f6c3</id>
<content type='text'>
commit 9b7d869ee5a77ed4a462372bb89af622e705bfb8 upstream.

Currently we allow unlimited number of timer instances, and it may
bring the system hogging way too much CPU when too many timer
instances are opened and processed concurrently.  This may end up with
a soft-lockup report as triggered by syzkaller, especially when
hrtimer backend is deployed.

Since such insane number of instances aren't demanded by the normal
use case of ALSA sequencer and it merely  opens a risk only for abuse,
this patch introduces the upper limit for the number of instances per
timer backend.  As default, it's set to 1000, but for the fine-grained
timer like hrtimer, it's set to 100.

Reported-by: syzbot
Tested-by: Jérôme Glisse &lt;jglisse@redhat.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9b7d869ee5a77ed4a462372bb89af622e705bfb8 upstream.

Currently we allow unlimited number of timer instances, and it may
bring the system hogging way too much CPU when too many timer
instances are opened and processed concurrently.  This may end up with
a soft-lockup report as triggered by syzkaller, especially when
hrtimer backend is deployed.

Since such insane number of instances aren't demanded by the normal
use case of ALSA sequencer and it merely  opens a risk only for abuse,
this patch introduces the upper limit for the number of instances per
timer backend.  As default, it's set to 1000, but for the fine-grained
timer like hrtimer, it's set to 100.

Reported-by: syzbot
Tested-by: Jérôme Glisse &lt;jglisse@redhat.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ALSA: seq: Fix copy_from_user() call inside lock</title>
<updated>2018-01-01T20:51:49+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2017-10-09T08:02:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5d8caf4103691b6630a9d9388e01ee0c56dd0a73'/>
<id>5d8caf4103691b6630a9d9388e01ee0c56dd0a73</id>
<content type='text'>
commit 5803b023881857db32ffefa0d269c90280a67ee0 upstream.

The event handler in the virmidi sequencer code takes a read-lock for
the linked list traverse, while it's calling snd_seq_dump_var_event()
in the loop.  The latter function may expand the user-space data
depending on the event type.  It eventually invokes copy_from_user(),
which might be a potential dead-lock.

The sequencer core guarantees that the user-space data is passed only
with atomic=0 argument, but snd_virmidi_dev_receive_event() ignores it
and always takes read-lock().  For avoiding the problem above, this
patch introduces rwsem for non-atomic case, while keeping rwlock for
atomic case.

Also while we're at it: the superfluous irq flags is dropped in
snd_virmidi_input_open().

Reported-by: Jia-Ju Bai &lt;baijiaju1990@163.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5803b023881857db32ffefa0d269c90280a67ee0 upstream.

The event handler in the virmidi sequencer code takes a read-lock for
the linked list traverse, while it's calling snd_seq_dump_var_event()
in the loop.  The latter function may expand the user-space data
depending on the event type.  It eventually invokes copy_from_user(),
which might be a potential dead-lock.

The sequencer core guarantees that the user-space data is passed only
with atomic=0 argument, but snd_virmidi_dev_receive_event() ignores it
and always takes read-lock().  For avoiding the problem above, this
patch introduces rwsem for non-atomic case, while keeping rwlock for
atomic case.

Also while we're at it: the superfluous irq flags is dropped in
snd_virmidi_input_open().

Reported-by: Jia-Ju Bai &lt;baijiaju1990@163.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ALSA: rawmidi: Make snd_rawmidi_transmit() race-free</title>
<updated>2016-02-25T00:18:43+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2016-01-31T10:57:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=530372deca1a2c6484ef452b94e904fd318e61e1'/>
<id>530372deca1a2c6484ef452b94e904fd318e61e1</id>
<content type='text'>
commit 06ab30034ed9c200a570ab13c017bde248ddb2a6 upstream.

A kernel WARNING in snd_rawmidi_transmit_ack() is triggered by
syzkaller fuzzer:
  WARNING: CPU: 1 PID: 20739 at sound/core/rawmidi.c:1136
Call Trace:
 [&lt;     inline     &gt;] __dump_stack lib/dump_stack.c:15
 [&lt;ffffffff82999e2d&gt;] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [&lt;ffffffff81352089&gt;] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [&lt;ffffffff813522b9&gt;] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [&lt;ffffffff84f80bd5&gt;] snd_rawmidi_transmit_ack+0x275/0x400 sound/core/rawmidi.c:1136
 [&lt;ffffffff84fdb3c1&gt;] snd_virmidi_output_trigger+0x4b1/0x5a0 sound/core/seq/seq_virmidi.c:163
 [&lt;     inline     &gt;] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [&lt;ffffffff84f87ed9&gt;] snd_rawmidi_kernel_write1+0x549/0x780 sound/core/rawmidi.c:1223
 [&lt;ffffffff84f89fd3&gt;] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1273
 [&lt;ffffffff817b0323&gt;] __vfs_write+0x113/0x480 fs/read_write.c:528
 [&lt;ffffffff817b1db7&gt;] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:624
 [&lt;ffffffff817b50a1&gt;] SyS_write+0x111/0x220 fs/read_write.c:616
 [&lt;ffffffff86336c36&gt;] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

Also a similar warning is found but in another path:
Call Trace:
 [&lt;     inline     &gt;] __dump_stack lib/dump_stack.c:15
 [&lt;ffffffff82be2c0d&gt;] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [&lt;ffffffff81355139&gt;] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [&lt;ffffffff81355369&gt;] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [&lt;ffffffff8527e69a&gt;] rawmidi_transmit_ack+0x24a/0x3b0 sound/core/rawmidi.c:1133
 [&lt;ffffffff8527e851&gt;] snd_rawmidi_transmit_ack+0x51/0x80 sound/core/rawmidi.c:1163
 [&lt;ffffffff852d9046&gt;] snd_virmidi_output_trigger+0x2b6/0x570 sound/core/seq/seq_virmidi.c:185
 [&lt;     inline     &gt;] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [&lt;ffffffff85285a0b&gt;] snd_rawmidi_kernel_write1+0x4bb/0x760 sound/core/rawmidi.c:1252
 [&lt;ffffffff85287b73&gt;] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1302
 [&lt;ffffffff817ba5f3&gt;] __vfs_write+0x113/0x480 fs/read_write.c:528
 [&lt;ffffffff817bc087&gt;] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:624
 [&lt;ffffffff817bf371&gt;] SyS_write+0x111/0x220 fs/read_write.c:616
 [&lt;ffffffff86660276&gt;] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

In the former case, the reason is that virmidi has an open code
calling snd_rawmidi_transmit_ack() with the value calculated outside
the spinlock.   We may use snd_rawmidi_transmit() in a loop just for
consuming the input data, but even there, there is a race between
snd_rawmidi_transmit_peek() and snd_rawmidi_tranmit_ack().

Similarly in the latter case, it calls snd_rawmidi_transmit_peek() and
snd_rawmidi_tranmit_ack() separately without protection, so they are
racy as well.

The patch tries to address these issues by the following ways:
- Introduce the unlocked versions of snd_rawmidi_transmit_peek() and
  snd_rawmidi_transmit_ack() to be called inside the explicit lock.
- Rewrite snd_rawmidi_transmit() to be race-free (the former case).
- Make the split calls (the latter case) protected in the rawmidi spin
  lock.

BugLink: http://lkml.kernel.org/r/CACT4Y+YPq1+cYLkadwjWa5XjzF1_Vki1eHnVn-Lm0hzhSpu5PA@mail.gmail.com
BugLink: http://lkml.kernel.org/r/CACT4Y+acG4iyphdOZx47Nyq_VHGbpJQK-6xNpiqUjaZYqsXOGw@mail.gmail.com
Reported-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Tested-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 06ab30034ed9c200a570ab13c017bde248ddb2a6 upstream.

A kernel WARNING in snd_rawmidi_transmit_ack() is triggered by
syzkaller fuzzer:
  WARNING: CPU: 1 PID: 20739 at sound/core/rawmidi.c:1136
Call Trace:
 [&lt;     inline     &gt;] __dump_stack lib/dump_stack.c:15
 [&lt;ffffffff82999e2d&gt;] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [&lt;ffffffff81352089&gt;] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [&lt;ffffffff813522b9&gt;] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [&lt;ffffffff84f80bd5&gt;] snd_rawmidi_transmit_ack+0x275/0x400 sound/core/rawmidi.c:1136
 [&lt;ffffffff84fdb3c1&gt;] snd_virmidi_output_trigger+0x4b1/0x5a0 sound/core/seq/seq_virmidi.c:163
 [&lt;     inline     &gt;] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [&lt;ffffffff84f87ed9&gt;] snd_rawmidi_kernel_write1+0x549/0x780 sound/core/rawmidi.c:1223
 [&lt;ffffffff84f89fd3&gt;] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1273
 [&lt;ffffffff817b0323&gt;] __vfs_write+0x113/0x480 fs/read_write.c:528
 [&lt;ffffffff817b1db7&gt;] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:624
 [&lt;ffffffff817b50a1&gt;] SyS_write+0x111/0x220 fs/read_write.c:616
 [&lt;ffffffff86336c36&gt;] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

Also a similar warning is found but in another path:
Call Trace:
 [&lt;     inline     &gt;] __dump_stack lib/dump_stack.c:15
 [&lt;ffffffff82be2c0d&gt;] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [&lt;ffffffff81355139&gt;] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [&lt;ffffffff81355369&gt;] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [&lt;ffffffff8527e69a&gt;] rawmidi_transmit_ack+0x24a/0x3b0 sound/core/rawmidi.c:1133
 [&lt;ffffffff8527e851&gt;] snd_rawmidi_transmit_ack+0x51/0x80 sound/core/rawmidi.c:1163
 [&lt;ffffffff852d9046&gt;] snd_virmidi_output_trigger+0x2b6/0x570 sound/core/seq/seq_virmidi.c:185
 [&lt;     inline     &gt;] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [&lt;ffffffff85285a0b&gt;] snd_rawmidi_kernel_write1+0x4bb/0x760 sound/core/rawmidi.c:1252
 [&lt;ffffffff85287b73&gt;] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1302
 [&lt;ffffffff817ba5f3&gt;] __vfs_write+0x113/0x480 fs/read_write.c:528
 [&lt;ffffffff817bc087&gt;] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:624
 [&lt;ffffffff817bf371&gt;] SyS_write+0x111/0x220 fs/read_write.c:616
 [&lt;ffffffff86660276&gt;] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

In the former case, the reason is that virmidi has an open code
calling snd_rawmidi_transmit_ack() with the value calculated outside
the spinlock.   We may use snd_rawmidi_transmit() in a loop just for
consuming the input data, but even there, there is a race between
snd_rawmidi_transmit_peek() and snd_rawmidi_tranmit_ack().

Similarly in the latter case, it calls snd_rawmidi_transmit_peek() and
snd_rawmidi_tranmit_ack() separately without protection, so they are
racy as well.

The patch tries to address these issues by the following ways:
- Introduce the unlocked versions of snd_rawmidi_transmit_peek() and
  snd_rawmidi_transmit_ack() to be called inside the explicit lock.
- Rewrite snd_rawmidi_transmit() to be race-free (the former case).
- Make the split calls (the latter case) protected in the rawmidi spin
  lock.

BugLink: http://lkml.kernel.org/r/CACT4Y+YPq1+cYLkadwjWa5XjzF1_Vki1eHnVn-Lm0hzhSpu5PA@mail.gmail.com
BugLink: http://lkml.kernel.org/r/CACT4Y+acG4iyphdOZx47Nyq_VHGbpJQK-6xNpiqUjaZYqsXOGw@mail.gmail.com
Reported-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Tested-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ASoC: Use nested lock for snd_soc_dapm_mutex_lock</title>
<updated>2016-01-25T10:44:05+00:00</updated>
<author>
<name>Charles Keepax</name>
<email>ckeepax@opensource.wolfsonmicro.com</email>
</author>
<published>2015-12-29T16:25:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4388d98324508dbf7528b0050e50c04cdf336028'/>
<id>4388d98324508dbf7528b0050e50c04cdf336028</id>
<content type='text'>
commit 783513eec3209542fcd6ac0cbcb030b3c17a4827 upstream.

snd_soc_dapm_mutex_lock currently uses the un-nested call which can
cause lockdep warnings when called from control handlers (a relatively
common usage) and using modules. As creating the control causes a
potential mutex inversion with the handler, creating the control will
take the controls_rwsem under the dapm_mutex and accessing the control
will take the dapm_mutex under controls_rwsem.

All the users look like they want to be using the runtime class of the
lock anyway, so this patch just changes snd_soc_dapm_mutex_lock to use
the nested call, with the SND_SOC_DAPM_CLASS_RUNTIME class.

Fixes: f6d5e586b416 ("ASoC: dapm: Add helpers to lock/unlock DAPM mutex")
Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 783513eec3209542fcd6ac0cbcb030b3c17a4827 upstream.

snd_soc_dapm_mutex_lock currently uses the un-nested call which can
cause lockdep warnings when called from control handlers (a relatively
common usage) and using modules. As creating the control causes a
potential mutex inversion with the handler, creating the control will
take the controls_rwsem under the dapm_mutex and accessing the control
will take the dapm_mutex under controls_rwsem.

All the users look like they want to be using the runtime class of the
lock anyway, so this patch just changes snd_soc_dapm_mutex_lock to use
the nested call, with the SND_SOC_DAPM_CLASS_RUNTIME class.

Fixes: f6d5e586b416 ("ASoC: dapm: Add helpers to lock/unlock DAPM mutex")
Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ASoC: wm8904: Correct number of EQ registers</title>
<updated>2015-11-16T11:27:03+00:00</updated>
<author>
<name>Charles Keepax</name>
<email>ckeepax@opensource.wolfsonmicro.com</email>
</author>
<published>2015-10-20T09:25:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a9157a227206c0bcc57ed4d09a2b2888a90d3b8d'/>
<id>a9157a227206c0bcc57ed4d09a2b2888a90d3b8d</id>
<content type='text'>
commit 97aff2c03a1e4d343266adadb52313613efb027f upstream.

There are 24 EQ registers not 25, I suspect this bug came about because
the registers start at EQ1 not zero. The bug is relatively harmless as
the extra register written is an unused one.

Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 97aff2c03a1e4d343266adadb52313613efb027f upstream.

There are 24 EQ registers not 25, I suspect this bug came about because
the registers start at EQ1 not zero. The bug is relatively harmless as
the extra register written is an unused one.

Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ASoC: Add info callback for SX_TLV controls</title>
<updated>2015-11-16T11:27:01+00:00</updated>
<author>
<name>Charles Keepax</name>
<email>ckeepax@opensource.wolfsonmicro.com</email>
</author>
<published>2015-10-14T12:31:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=346f34d8ed36ba71da89993b7b75ced745f5481f'/>
<id>346f34d8ed36ba71da89993b7b75ced745f5481f</id>
<content type='text'>
commit 34198710f55b5f359f43e67d9a08fe5aadfbca1b upstream.

SX_TLV controls are intended for situations where the register behind
the control has some non-zero value indicating the minimum gain
and then gains increasing from there and eventually overflowing through
zero.

Currently every CODEC implementing these controls specifies the minimum
as the non-zero value for the minimum and the maximum as the number of
gain settings available.

This means when the info callback subtracts the minimum value from the
maximum value to calculate the number of gain levels available it is
actually under reporting the available levels. This patch fixes this
issue by adding a new snd_soc_info_volsw_sx callback that does not
subtract the minimum value.

Fixes: 1d99f2436d0d ("ASoC: core: Rework SOC_DOUBLE_R_SX_TLV add SOC_SINGLE_SX_TLV")
Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Acked-by: Brian Austin &lt;brian.austin@cirrus.com&gt;
Tested-by: Brian Austin &lt;brian.austin@cirrus.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
[ luis: backported to 3.16:
  - file rename: sound/soc/soc-ops.c -&gt; sound/soc/soc-core.c ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 34198710f55b5f359f43e67d9a08fe5aadfbca1b upstream.

SX_TLV controls are intended for situations where the register behind
the control has some non-zero value indicating the minimum gain
and then gains increasing from there and eventually overflowing through
zero.

Currently every CODEC implementing these controls specifies the minimum
as the non-zero value for the minimum and the maximum as the number of
gain settings available.

This means when the info callback subtracts the minimum value from the
maximum value to calculate the number of gain levels available it is
actually under reporting the available levels. This patch fixes this
issue by adding a new snd_soc_info_volsw_sx callback that does not
subtract the minimum value.

Fixes: 1d99f2436d0d ("ASoC: core: Rework SOC_DOUBLE_R_SX_TLV add SOC_SINGLE_SX_TLV")
Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Acked-by: Brian Austin &lt;brian.austin@cirrus.com&gt;
Tested-by: Brian Austin &lt;brian.austin@cirrus.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
[ luis: backported to 3.16:
  - file rename: sound/soc/soc-ops.c -&gt; sound/soc/soc-core.c ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ALSA: emu10k1: Emu10k2 32 bit DMA mode</title>
<updated>2015-05-12T08:36:38+00:00</updated>
<author>
<name>Peter Zubaj</name>
<email>pzubaj@marticonet.sk</email>
</author>
<published>2015-04-28T19:57:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=41b8de3ab6a3ec1ad580f0727c681a38c19251cd'/>
<id>41b8de3ab6a3ec1ad580f0727c681a38c19251cd</id>
<content type='text'>
commit 7241ea558c6715501e777396b5fc312c372e11d9 upstream.

Looks like audigy emu10k2 (probably emu10k1 - sb live too) support two
modes for DMA. Second mode is useful for 64 bit os with more then 2 GB
of ram (fixes problems with big soundfont loading)

1) 32MB from 2 GB address space using 8192 pages (used now as default)
2) 16MB from 4 GB address space using 4096 pages

Mode is set using HCFG_EXPANDED_MEM flag in HCFG register.
Also format of emu10k2 page table is then different.

Signed-off-by: Peter Zubaj &lt;pzubaj@marticonet.sk&gt;
Tested-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 7241ea558c6715501e777396b5fc312c372e11d9 upstream.

Looks like audigy emu10k2 (probably emu10k1 - sb live too) support two
modes for DMA. Second mode is useful for 64 bit os with more then 2 GB
of ram (fixes problems with big soundfont loading)

1) 32MB from 2 GB address space using 8192 pages (used now as default)
2) 16MB from 4 GB address space using 4096 pages

Mode is set using HCFG_EXPANDED_MEM flag in HCFG register.
Also format of emu10k2 page table is then different.

Signed-off-by: Peter Zubaj &lt;pzubaj@marticonet.sk&gt;
Tested-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE</title>
<updated>2015-05-12T08:36:35+00:00</updated>
<author>
<name>Charles Keepax</name>
<email>ckeepax@opensource.wolfsonmicro.com</email>
</author>
<published>2015-04-22T12:58:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=21f91efb471d1e3dc611496aa9cd9a174be63da4'/>
<id>21f91efb471d1e3dc611496aa9cd9a174be63da4</id>
<content type='text'>
commit a2d97723cb3a7741af81868427b36bba274b681b upstream.

Correct small copy and paste error where autodisable was not being
enabled for the SOC_DAPM_SINGLE_TLV_AUTODISABLE control.

Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit a2d97723cb3a7741af81868427b36bba274b681b upstream.

Correct small copy and paste error where autodisable was not being
enabled for the SOC_DAPM_SINGLE_TLV_AUTODISABLE control.

Signed-off-by: Charles Keepax &lt;ckeepax@opensource.wolfsonmicro.com&gt;
Signed-off-by: Mark Brown &lt;broonie@kernel.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ALSA: ak411x: Fix stall in work callback</title>
<updated>2015-02-10T13:38:44+00:00</updated>
<author>
<name>Takashi Iwai</name>
<email>tiwai@suse.de</email>
</author>
<published>2015-01-13T09:53:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=544d7ed59ef7b408e2ff0607b1c64e58936e5def'/>
<id>544d7ed59ef7b408e2ff0607b1c64e58936e5def</id>
<content type='text'>
commit 4161b4505f1690358ac0a9ee59845a7887336b21 upstream.

When ak4114 work calls its callback and the callback invokes
ak4114_reinit(), it stalls due to flush_delayed_work().  For avoiding
this, control the reentrance by introducing a refcount.  Also
flush_delayed_work() is replaced with cancel_delayed_work_sync().

The exactly same bug is present in ak4113.c and fixed as well.

Reported-by: Pavel Hofman &lt;pavel.hofman@ivitera.com&gt;
Acked-by: Jaroslav Kysela &lt;perex@perex.cz&gt;
Tested-by: Pavel Hofman &lt;pavel.hofman@ivitera.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4161b4505f1690358ac0a9ee59845a7887336b21 upstream.

When ak4114 work calls its callback and the callback invokes
ak4114_reinit(), it stalls due to flush_delayed_work().  For avoiding
this, control the reentrance by introducing a refcount.  Also
flush_delayed_work() is replaced with cancel_delayed_work_sync().

The exactly same bug is present in ak4113.c and fixed as well.

Reported-by: Pavel Hofman &lt;pavel.hofman@ivitera.com&gt;
Acked-by: Jaroslav Kysela &lt;perex@perex.cz&gt;
Tested-by: Pavel Hofman &lt;pavel.hofman@ivitera.com&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
