1. 18 Mar, 2019 1 commit
  2. 17 Mar, 2019 1 commit
    • Takashi Sakamoto's avatar
      ALSA: firewire-motu: use 'version' field of unit directory to identify model · 2d012c65
      Takashi Sakamoto authored
      Current ALSA firewire-motu driver uses the value of 'model' field
      of unit directory in configuration ROM for modalias for MOTU
      FireWire models. However, as long as I checked, Pre8 and
      828mk3(Hybrid) have the same value for the field (=0x100800).
      
      unit            | version   | model
      --------------- | --------- | ----------
      828mkII         | 0x000003  | 0x101800
      Traveler        | 0x000009  | 0x107800
      Pre8            | 0x00000f  | 0x100800 <-
      828mk3(FW)      | 0x000015  | 0x106800
      AudioExpress    | 0x000033  | 0x104800
      828mk3(Hybrid)  | 0x000035  | 0x100800 <-
      
      When updating firmware for MOTU 8pre FireWire from v1.0.0 to v1.0.3,
      I got change of the value from 0x100800 to 0x103800. On the other
      hand, the value of 'version' field is fixed to 0x00000f. As a quick
      glance, the higher 12 bits of the value of 'version' field represent
      firmware version, while the lower 12 bits is unknown.
      
      By induction, the value of 'version' field represents actual model.
      
      This commit changes modalias to match the value of 'version' field,
      instead of 'model' field. For degug, long name of added sound card
      includes hexadecimal value of 'model' field.
      
      Fixes: 6c5e1ac0 ("ALSA: firewire-motu: add support for Motu Traveler")
      Signed-off-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
      Cc: <stable@vger.kernel.org> # v4.19+
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      2d012c65
  3. 16 Mar, 2019 2 commits
  4. 14 Mar, 2019 3 commits
  5. 13 Mar, 2019 8 commits
  6. 28 Feb, 2019 2 commits
    • Manuel Reinhardt's avatar
      ALSA: usb-audio: Add quirk for MOTU MicroBook II · a634090a
      Manuel Reinhardt authored
      Add an entry to the quirks-table to for usb-audio to recognize the
      Microbook II (although it only exposes vendor interfaces). A simple boot
      quirk is also implemented to set up the sample rate and  make sure that
      no audio urbs are sent before the device is ready.
      
      This patch only provides audio playback and capture at 96kHz sample
      rate. Notice the following shortcomings:
      
      - The sample rate is currently hardcoded to 96k although the device also
        supports 48k and 44.1k.
      
      - The various mixer controls of the MicroBook are not made available.
      
      - The keep-iface control should be on by default because the device
        shuts down whenever the altsetting is reset which is usually unwanted.
        (I don't know the best way to do this)
      
      - The communication format used by the MicroBook for sample rate setting
        and also other setup has been reverse engineered by looking at the
        usbmon output while running the windows driver through virtualbox. In
        this patch the first byte of every message is set to \0 while in the
        observed communications the first byte acts as a "message-counter"
        increasing its value with every message sent. Leaving it at \0 does
        not seem to affect the device.
      Signed-off-by: default avatarManuel Reinhardt <manuel.rhdt@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      a634090a
    • Takashi Iwai's avatar
      Merge tag 'asoc-v5.1-2' of... · 70395a96
      Takashi Iwai authored
      Merge tag 'asoc-v5.1-2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-next
      
      ASoC: More changes for v5.1
      
      Another batch of changes for ASoC, no big core changes - it's mainly
      small fixes and improvements for individual drivers.
      
       - A big refresh and cleanup of the Samsung drivers, fixing a number of
         issues which allow the driver to be used with a wider range of
         userspaces.
       - Fixes for the Intel drivers to make them more standard so less likely
         to get bitten by core issues.
       - New driver for Cirrus Logic CS35L26.
      70395a96
  7. 26 Feb, 2019 15 commits
    • Mark Brown's avatar
      Merge branch 'asoc-5.1' into asoc-next · 3146089d
      Mark Brown authored
      3146089d
    • Mark Brown's avatar
      Merge branch 'asoc-5.0' into asoc-linus · b5e806ae
      Mark Brown authored
      b5e806ae
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: skip useless write in slave mode · 7b6b0049
      Olivier Moysan authored
      Dummy write in capture master mode is used to gate
      bus clocks. This write is useless in slave mode
      as the clocks are not managed by slave.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      7b6b0049
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: fix race condition in irq handler · 3005decf
      Olivier Moysan authored
      When snd_pcm_stop_xrun() is called in interrupt routine,
      substream context may have already been released.
      Add protection on substream context.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      3005decf
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: remove useless callback · 88dce52e
      Olivier Moysan authored
      Clocks do not need to be released on driver removal,
      as this is already managed before.
      Remove useless remove callback.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      88dce52e
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: fix dma configuration · 1ac2bd16
      Olivier Moysan authored
      DMA configuration is not balanced on start/stop.
      Move DMA configuration to trigger callback.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      1ac2bd16
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: fix stream count management · ebf629d5
      Olivier Moysan authored
      Move counter handling to trigger start section
      to manage multiple start/stop events.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      ebf629d5
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: fix 16 bit format support · 0c4c68d6
      Olivier Moysan authored
      I2S supports 16 bits data in 32 channel length.
      However the expected driver behavior, is to
      set channel length to 16 bits when data format is 16 bits.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      0c4c68d6
    • Olivier Moysan's avatar
      ASoC: stm32: i2s: fix IRQ clearing · 8ba3c521
      Olivier Moysan authored
      Because of regmap cache, interrupts may not be cleared
      as expected.
      Declare IFCR register as write only and make writings
      to IFCR register unconditional.
      Signed-off-by: default avatarOlivier Moysan <olivier.moysan@st.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      8ba3c521
    • Mark Brown's avatar
      Merge branch 'for-5.0' of... · ae3f563a
      Mark Brown authored
      Merge branch 'for-5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-5.1
      ae3f563a
    • Cheng-Yi Chiang's avatar
      ASoC: qcom: Kconfig: fix dependency for sdm845 · cdcdba5d
      Cheng-Yi Chiang authored
      SND_SOC_CROS_EC_CODEC depends on MFD_CROS_EC.
      Add that dependency to SND_SOC_SDM845 to fix unmet direct dependencies
      warning.
      
      Fixes: 74c6ecf4 (ASoC: qcom: Kconfig: select dmic for sdm845)
      Signed-off-by: default avatarCheng-Yi Chiang <cychiang@chromium.org>
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: default avatarEnric Balletbo i Serra <enric.balletbo@collabora.com>
      Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      cdcdba5d
    • Jenny TC's avatar
      ASoC: Intel: Boards: Add Maxim98373 support · 716d53cc
      Jenny TC authored
      This patch enables the reuse of kbl_da7219_max98927 machine driver to
      support max98373. The same machine driver is modified for cases where one
      amplifier is swapped out with another. Most of the changes are about
      renaming the codec and codec_dai names, with minor differences due to
      support for 24 bits in one case and 16 in the other.
      Signed-off-by: default avatarJenny TC <jenny.tc@intel.com>
      Acked-by: default avatarPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      716d53cc
    • Jiada Wang's avatar
      ASoC: rsnd: gen: fix SSI9 4/5/6/7 busif related register address · 8af6c521
      Jiada Wang authored
      Currently each SSI unit 's busif mode/adinr/dalign address is
      registered by: (in busif4 case)
      RSND_GEN_M_REG(SSI_BUSIF4_MODE, 0x500, 0x80)
      RSND_GEN_M_REG(SSI_BUSIF4_ADINR,0x504, 0x80)
      RSND_GEN_M_REG(SSI_BUSIF4_DALIGN, 0x508, 0x80)
      
      But according to user manual 41.1.4 Register Configuration
      ssi9 4/5/6/7 busif mode/adinr/dalign register address
      ( SSI9-[4/5/6/7]_BUSIF_[MODE/ADINR/DALIGN] )
      are out of this rule.
      
      This patch registers ssi9 4/5/6/7 mode/adinr/dalign register
      as single register, and access these registers in case of
      SSI9 BUSIF 4/5/6/7.
      
      Fixes: commit 8c9d7503 ("ASoC: rsnd: ssiu: Support BUSIF other than BUSIF0")
      Signed-off-by: default avatarJiada Wang <jiada_wang@mentor.com>
      Signed-off-by: default avatarTimo Wischer <twischer@de.adit-jv.com>
      Acked-by: default avatarKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      8af6c521
    • Takashi Sakamoto's avatar
      ALSA: firewire-motu: fix construction of PCM frame for capture direction · f97a0944
      Takashi Sakamoto authored
      In data blocks of common isochronous packet for MOTU devices, PCM
      frames are multiplexed in a shape of '24 bit * 4 Audio Pack', described
      in IEC 61883-6. The frames are not aligned to quadlet.
      
      For capture PCM substream, ALSA firewire-motu driver constructs PCM
      frames by reading data blocks byte-by-byte. However this operation
      includes bug for lower byte of the PCM sample. This brings invalid
      content of the PCM samples.
      
      This commit fixes the bug.
      Reported-by: default avatarPeter Sjöberg <autopeter@gmail.com>
      Cc: <stable@vger.kernel.org> # v4.12+
      Fixes: 4641c939 ("ALSA: firewire-motu: add MOTU specific protocol layer")
      Signed-off-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      f97a0944
    • Takashi Sakamoto's avatar
      ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 · 7dc661bd
      Takashi Sakamoto authored
      ALSA bebob driver has an entry for Focusrite Saffire Pro 10 I/O. The
      entry matches vendor_id in root directory and model_id in unit
      directory of configuration ROM for IEEE 1394 bus.
      
      On the other hand, configuration ROM of Focusrite Liquid Saffire 56
      has the same vendor_id and model_id. This device is an application of
      TCAT Dice (TCD2220 a.k.a Dice Jr.) however ALSA bebob driver can be
      bound to it randomly instead of ALSA dice driver. At present, drivers
      in ALSA firewire stack can not handle this situation appropriately.
      
      This commit uses more identical mod_alias for Focusrite Saffire Pro 10
      I/O in ALSA bebob driver.
      
      $ python2 crpp < /sys/bus/firewire/devices/fw1/config_rom
                     ROM header and bus information block
                     -----------------------------------------------------------------
      400  042a829d  bus_info_length 4, crc_length 42, crc 33437
      404  31333934  bus_name "1394"
      408  f0649222  irmc 1, cmc 1, isc 1, bmc 1, pmc 0, cyc_clk_acc 100,
                     max_rec 9 (1024), max_rom 2, gen 2, spd 2 (S400)
      40c  00130e01  company_id 00130e     |
      410  000606e0  device_id 01000606e0  | EUI-64 00130e01000606e0
      
                     root directory
                     -----------------------------------------------------------------
      414  0009d31c  directory_length 9, crc 54044
      418  04000014  hardware version
      41c  0c0083c0  node capabilities per IEEE 1394
      420  0300130e  vendor
      424  81000012  --> descriptor leaf at 46c
      428  17000006  model
      42c  81000016  --> descriptor leaf at 484
      430  130120c2  version
      434  d1000002  --> unit directory at 43c
      438  d4000006  --> dependent info directory at 450
      
                     unit directory at 43c
                     -----------------------------------------------------------------
      43c  0004707c  directory_length 4, crc 28796
      440  1200a02d  specifier id: 1394 TA
      444  13010001  version: AV/C
      448  17000006  model
      44c  81000013  --> descriptor leaf at 498
      
                     dependent info directory at 450
                     -----------------------------------------------------------------
      450  000637c7  directory_length 6, crc 14279
      454  120007f5  specifier id
      458  13000001  version
      45c  3affffc7  (immediate value)
      460  3b100000  (immediate value)
      464  3cffffc7  (immediate value)
      468  3d600000  (immediate value)
      
                     descriptor leaf at 46c
                     -----------------------------------------------------------------
      46c  00056f3b  leaf_length 5, crc 28475
      470  00000000  textual descriptor
      474  00000000  minimal ASCII
      478  466f6375  "Focu"
      47c  73726974  "srit"
      480  65000000  "e"
      
                     descriptor leaf at 484
                     -----------------------------------------------------------------
      484  0004a165  leaf_length 4, crc 41317
      488  00000000  textual descriptor
      48c  00000000  minimal ASCII
      490  50726f31  "Pro1"
      494  30494f00  "0IO"
      
                     descriptor leaf at 498
                     -----------------------------------------------------------------
      498  0004a165  leaf_length 4, crc 41317
      49c  00000000  textual descriptor
      4a0  00000000  minimal ASCII
      4a4  50726f31  "Pro1"
      4a8  30494f00  "0IO"
      
      $ python2 crpp < /sys/bus/firewire/devices/fw1/config_rom
                     ROM header and bus information block
                     -----------------------------------------------------------------
      400  040442e4  bus_info_length 4, crc_length 4, crc 17124
      404  31333934  bus_name "1394"
      408  e0ff8112  irmc 1, cmc 1, isc 1, bmc 0, pmc 0, cyc_clk_acc 255,
                     max_rec 8 (512), max_rom 1, gen 1, spd 2 (S400)
      40c  00130e04  company_id 00130e     |
      410  018001e9  device_id 04018001e9  | EUI-64 00130e04018001e9
      
                     root directory
                     -----------------------------------------------------------------
      414  00065612  directory_length 6, crc 22034
      418  0300130e  vendor
      41c  8100000a  --> descriptor leaf at 444
      420  17000006  model
      424  8100000e  --> descriptor leaf at 45c
      428  0c0087c0  node capabilities per IEEE 1394
      42c  d1000001  --> unit directory at 430
      
                     unit directory at 430
                     -----------------------------------------------------------------
      430  000418a0  directory_length 4, crc 6304
      434  1200130e  specifier id
      438  13000001  version
      43c  17000006  model
      440  8100000f  --> descriptor leaf at 47c
      
                     descriptor leaf at 444
                     -----------------------------------------------------------------
      444  00056f3b  leaf_length 5, crc 28475
      448  00000000  textual descriptor
      44c  00000000  minimal ASCII
      450  466f6375  "Focu"
      454  73726974  "srit"
      458  65000000  "e"
      
                     descriptor leaf at 45c
                     -----------------------------------------------------------------
      45c  000762c6  leaf_length 7, crc 25286
      460  00000000  textual descriptor
      464  00000000  minimal ASCII
      468  4c495155  "LIQU"
      46c  49445f53  "ID_S"
      470  41464649  "AFFI"
      474  52455f35  "RE_5"
      478  36000000  "6"
      
                     descriptor leaf at 47c
                     -----------------------------------------------------------------
      47c  000762c6  leaf_length 7, crc 25286
      480  00000000  textual descriptor
      484  00000000  minimal ASCII
      488  4c495155  "LIQU"
      48c  49445f53  "ID_S"
      490  41464649  "AFFI"
      494  52455f35  "RE_5"
      498  36000000  "6"
      
      Cc: <stable@vger.kernel.org> # v3.16+
      Fixes: 25784ec2 ("ALSA: bebob: Add support for Focusrite Saffire/SaffirePro series")
      Signed-off-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      7dc661bd
  8. 25 Feb, 2019 2 commits
    • Takashi Iwai's avatar
      ALSA: hda: Extend i915 component bind timeout · cfc35f9c
      Takashi Iwai authored
      I set 10 seconds for the timeout of the i915 audio component binding
      with a hope that recent machines are fast enough to handle all probe
      tasks in that period, but I was too optimistic.  The binding may take
      longer than that, and this caused a problem on the machine with both
      audio and graphics driver modules loaded in parallel, as Paul Menzel
      experienced.  This problem haven't hit so often just because the KMS
      driver is loaded in initrd on most machines.
      
      As a simple workaround, extend the timeout to 60 seconds.
      
      Fixes: f9b54e19 ("ALSA: hda/i915: Allow delayed i915 audio component binding")
      Reported-by: default avatarPaul Menzel <pmenzel+alsa-devel@molgen.mpg.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      cfc35f9c
    • Linus Torvalds's avatar
      Linux 5.0-rc8 · 5908e6b7
      Linus Torvalds authored
      5908e6b7
  9. 24 Feb, 2019 6 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · c3619a48
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "Bug fixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: MMU: record maximum physical address width in kvm_mmu_extended_role
        kvm: x86: Return LA57 feature based on hardware capability
        x86/kvm/mmu: fix switch between root and guest MMUs
        s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity
      c3619a48
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c4eb1e18
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Hopefully the last pull request for this release. Fingers crossed:
      
         1) Only refcount ESP stats on full sockets, from Martin Willi.
      
         2) Missing barriers in AF_UNIX, from Al Viro.
      
         3) RCU protection fixes in ipv6 route code, from Paolo Abeni.
      
         4) Avoid false positives in untrusted GSO validation, from Willem de
            Bruijn.
      
         5) Forwarded mesh packets in mac80211 need more tailroom allocated,
            from Felix Fietkau.
      
         6) Use operstate consistently for linkup in team driver, from George
            Wilkie.
      
         7) ThunderX bug fixes from Vadim Lomovtsev. Mostly races between VF
            and PF code paths.
      
         8) Purge ipv6 exceptions during netdevice removal, from Paolo Abeni.
      
         9) nfp eBPF code gen fixes from Jiong Wang.
      
        10) bnxt_en firmware timeout fix from Michael Chan.
      
        11) Use after free in udp/udpv6 error handlers, from Paolo Abeni.
      
        12) Fix a race in x25_bind triggerable by syzbot, from Eric Dumazet"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (65 commits)
        net: phy: realtek: Dummy IRQ calls for RTL8366RB
        tcp: repaired skbs must init their tso_segs
        net/x25: fix a race in x25_bind()
        net: dsa: Remove documentation for port_fdb_prepare
        Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
        selftests: fib_tests: sleep after changing carrier. again.
        net: set static variable an initial value in atl2_probe()
        net: phy: marvell10g: Fix Multi-G advertisement to only advertise 10G
        bpf, doc: add bpf list as secondary entry to maintainers file
        udp: fix possible user after free in error handler
        udpv6: fix possible user after free in error handler
        fou6: fix proto error handler argument type
        udpv6: add the required annotation to mib type
        mdio_bus: Fix use-after-free on device_register fails
        net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
        bnxt_en: Wait longer for the firmware message response to complete.
        bnxt_en: Fix typo in firmware message timeout logic.
        nfp: bpf: fix ALU32 high bits clearance bug
        nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
        Documentation: networking: switchdev: Update port parent ID section
        ...
      c4eb1e18
    • Linus Walleij's avatar
      net: phy: realtek: Dummy IRQ calls for RTL8366RB · 4c8e0459
      Linus Walleij authored
      This fixes a regression introduced by
      commit 0d2e778e
      "net: phy: replace PHY_HAS_INTERRUPT with a check for
      config_intr and ack_interrupt".
      
      This assumes that a PHY cannot trigger interrupt unless
      it has .config_intr() or .ack_interrupt() implemented.
      A later patch makes the code assume both need to be
      implemented for interrupts to be present.
      
      But this PHY (which is inside a DSA) will happily
      fire interrupts without either callback.
      
      Implement dummy callbacks for .config_intr() and
      .ack_interrupt() in the phy header to fix this.
      
      Tested on the RTL8366RB on D-Link DIR-685.
      
      Fixes: 0d2e778e ("net: phy: replace PHY_HAS_INTERRUPT with a check for config_intr and ack_interrupt")
      Cc: Heiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c8e0459
    • Eric Dumazet's avatar
      tcp: repaired skbs must init their tso_segs · bf50b606
      Eric Dumazet authored
      syzbot reported a WARN_ON(!tcp_skb_pcount(skb))
      in tcp_send_loss_probe() [1]
      
      This was caused by TCP_REPAIR sent skbs that inadvertenly
      were missing a call to tcp_init_tso_segs()
      
      [1]
      WARNING: CPU: 1 PID: 0 at net/ipv4/tcp_output.c:2534 tcp_send_loss_probe+0x771/0x8a0 net/ipv4/tcp_output.c:2534
      Kernel panic - not syncing: panic_on_warn set ...
      CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.0.0-rc7+ #77
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       <IRQ>
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x172/0x1f0 lib/dump_stack.c:113
       panic+0x2cb/0x65c kernel/panic.c:214
       __warn.cold+0x20/0x45 kernel/panic.c:571
       report_bug+0x263/0x2b0 lib/bug.c:186
       fixup_bug arch/x86/kernel/traps.c:178 [inline]
       fixup_bug arch/x86/kernel/traps.c:173 [inline]
       do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
       do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
       invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
      RIP: 0010:tcp_send_loss_probe+0x771/0x8a0 net/ipv4/tcp_output.c:2534
      Code: 88 fc ff ff 4c 89 ef e8 ed 75 c8 fb e9 c8 fc ff ff e8 43 76 c8 fb e9 63 fd ff ff e8 d9 75 c8 fb e9 94 f9 ff ff e8 bf 03 91 fb <0f> 0b e9 7d fa ff ff e8 b3 03 91 fb 0f b6 1d 37 43 7a 03 31 ff 89
      RSP: 0018:ffff8880ae907c60 EFLAGS: 00010206
      RAX: ffff8880a989c340 RBX: 0000000000000000 RCX: ffffffff85dedbdb
      RDX: 0000000000000100 RSI: ffffffff85dee0b1 RDI: 0000000000000005
      RBP: ffff8880ae907c90 R08: ffff8880a989c340 R09: ffffed10147d1ae1
      R10: ffffed10147d1ae0 R11: ffff8880a3e8d703 R12: ffff888091b90040
      R13: ffff8880a3e8d540 R14: 0000000000008000 R15: ffff888091b90860
       tcp_write_timer_handler+0x5c0/0x8a0 net/ipv4/tcp_timer.c:583
       tcp_write_timer+0x10e/0x1d0 net/ipv4/tcp_timer.c:607
       call_timer_fn+0x190/0x720 kernel/time/timer.c:1325
       expire_timers kernel/time/timer.c:1362 [inline]
       __run_timers kernel/time/timer.c:1681 [inline]
       __run_timers kernel/time/timer.c:1649 [inline]
       run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694
       __do_softirq+0x266/0x95a kernel/softirq.c:292
       invoke_softirq kernel/softirq.c:373 [inline]
       irq_exit+0x180/0x1d0 kernel/softirq.c:413
       exiting_irq arch/x86/include/asm/apic.h:536 [inline]
       smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
       apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
       </IRQ>
      RIP: 0010:native_safe_halt+0x2/0x10 arch/x86/include/asm/irqflags.h:58
      Code: ff ff ff 48 89 c7 48 89 45 d8 e8 59 0c a1 fa 48 8b 45 d8 e9 ce fe ff ff 48 89 df e8 48 0c a1 fa eb 82 90 90 90 90 90 90 fb f4 <c3> 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f4 c3 90 90 90 90 90 90
      RSP: 0018:ffff8880a98afd78 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
      RAX: 1ffffffff1125061 RBX: ffff8880a989c340 RCX: 0000000000000000
      RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a989cbbc
      RBP: ffff8880a98afda8 R08: ffff8880a989c340 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
      R13: ffffffff889282f8 R14: 0000000000000001 R15: 0000000000000000
       arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:555
       default_idle_call+0x36/0x90 kernel/sched/idle.c:93
       cpuidle_idle_call kernel/sched/idle.c:153 [inline]
       do_idle+0x386/0x570 kernel/sched/idle.c:262
       cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:353
       start_secondary+0x404/0x5c0 arch/x86/kernel/smpboot.c:271
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
      Kernel Offset: disabled
      Rebooting in 86400 seconds..
      
      Fixes: 79861919 ("tcp: fix TCP_REPAIR xmit queue setup")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: Andrey Vagin <avagin@openvz.org>
      Cc: Soheil Hassas Yeganeh <soheil@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bf50b606
    • Eric Dumazet's avatar
      net/x25: fix a race in x25_bind() · 797a22bd
      Eric Dumazet authored
      syzbot was able to trigger another soft lockup [1]
      
      I first thought it was the O(N^2) issue I mentioned in my
      prior fix (f657d22ee1f "net/x25: do not hold the cpu
      too long in x25_new_lci()"), but I eventually found
      that x25_bind() was not checking SOCK_ZAPPED state under
      socket lock protection.
      
      This means that multiple threads can end up calling
      x25_insert_socket() for the same socket, and corrupt x25_list
      
      [1]
      watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor.2:10492]
      Modules linked in:
      irq event stamp: 27515
      hardirqs last  enabled at (27514): [<ffffffff81006673>] trace_hardirqs_on_thunk+0x1a/0x1c
      hardirqs last disabled at (27515): [<ffffffff8100668f>] trace_hardirqs_off_thunk+0x1a/0x1c
      softirqs last  enabled at (32): [<ffffffff8632ee73>] x25_get_neigh+0xa3/0xd0 net/x25/x25_link.c:336
      softirqs last disabled at (34): [<ffffffff86324bc3>] x25_find_socket+0x23/0x140 net/x25/af_x25.c:341
      CPU: 0 PID: 10492 Comm: syz-executor.2 Not tainted 5.0.0-rc7+ #88
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:97
      Code: f4 ff ff ff e8 11 9f ea ff 48 c7 05 12 fb e5 08 00 00 00 00 e9 c8 e9 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 <48> 8b 75 08 65 48 8b 04 25 40 ee 01 00 65 8b 15 38 0c 92 7e 81 e2
      RSP: 0018:ffff88806e94fc48 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
      RAX: 1ffff1100d84dac5 RBX: 0000000000000001 RCX: ffffc90006197000
      RDX: 0000000000040000 RSI: ffffffff86324bf3 RDI: ffff88806c26d628
      RBP: ffff88806e94fc48 R08: ffff88806c1c6500 R09: fffffbfff1282561
      R10: fffffbfff1282560 R11: ffffffff89412b03 R12: ffff88806c26d628
      R13: ffff888090455200 R14: dffffc0000000000 R15: 0000000000000000
      FS:  00007f3a107e4700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f3a107e3db8 CR3: 00000000a5544000 CR4: 00000000001406f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       __x25_find_socket net/x25/af_x25.c:327 [inline]
       x25_find_socket+0x7d/0x140 net/x25/af_x25.c:342
       x25_new_lci net/x25/af_x25.c:355 [inline]
       x25_connect+0x380/0xde0 net/x25/af_x25.c:784
       __sys_connect+0x266/0x330 net/socket.c:1662
       __do_sys_connect net/socket.c:1673 [inline]
       __se_sys_connect net/socket.c:1670 [inline]
       __x64_sys_connect+0x73/0xb0 net/socket.c:1670
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457e29
      Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f3a107e3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
      RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
      RDX: 0000000000000012 RSI: 0000000020000200 RDI: 0000000000000005
      RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a107e46d4
      R13: 00000000004be362 R14: 00000000004ceb98 R15: 00000000ffffffff
      Sending NMI from CPU 0 to CPUs 1:
      NMI backtrace for cpu 1
      CPU: 1 PID: 10493 Comm: syz-executor.3 Not tainted 5.0.0-rc7+ #88
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__read_once_size include/linux/compiler.h:193 [inline]
      RIP: 0010:queued_write_lock_slowpath+0x143/0x290 kernel/locking/qrwlock.c:86
      Code: 4c 8d 2c 01 41 83 c7 03 41 0f b6 45 00 41 38 c7 7c 08 84 c0 0f 85 0c 01 00 00 8b 03 3d 00 01 00 00 74 1a f3 90 41 0f b6 55 00 <41> 38 d7 7c eb 84 d2 74 e7 48 89 df e8 cc aa 4e 00 eb dd be 04 00
      RSP: 0018:ffff888085c47bd8 EFLAGS: 00000206
      RAX: 0000000000000300 RBX: ffffffff89412b00 RCX: 1ffffffff1282560
      RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff89412b00
      RBP: ffff888085c47c70 R08: 1ffffffff1282560 R09: fffffbfff1282561
      R10: fffffbfff1282560 R11: ffffffff89412b03 R12: 00000000000000ff
      R13: fffffbfff1282560 R14: 1ffff11010b88f7d R15: 0000000000000003
      FS:  00007fdd04086700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007fdd04064db8 CR3: 0000000090be0000 CR4: 00000000001406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       queued_write_lock include/asm-generic/qrwlock.h:104 [inline]
       do_raw_write_lock+0x1d6/0x290 kernel/locking/spinlock_debug.c:203
       __raw_write_lock_bh include/linux/rwlock_api_smp.h:204 [inline]
       _raw_write_lock_bh+0x3b/0x50 kernel/locking/spinlock.c:312
       x25_insert_socket+0x21/0xe0 net/x25/af_x25.c:267
       x25_bind+0x273/0x340 net/x25/af_x25.c:703
       __sys_bind+0x23f/0x290 net/socket.c:1481
       __do_sys_bind net/socket.c:1492 [inline]
       __se_sys_bind net/socket.c:1490 [inline]
       __x64_sys_bind+0x73/0xb0 net/socket.c:1490
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457e29
      
      Fixes: 90c27297 ("X.25 remove bkl in bind")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: andrew hendry <andrew.hendry@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      797a22bd
    • Hauke Mehrtens's avatar
      net: dsa: Remove documentation for port_fdb_prepare · 99407d8f
      Hauke Mehrtens authored
      This callback was removed some time ago, also remove the documentation.
      
      Fixes: 1b6dd556 ("net: dsa: Remove prepare phase for FDB")
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      99407d8f