From: Greg Kroah-Hartman Date: Fri, 14 Dec 2018 11:14:31 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.19.10~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=416a74962343a2e0370a7ab4026f316504bf0137;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: alsa-fireface-fix-reference-to-wrong-register-for-clock-configuration.patch alsa-hda-realtek-alc294-mic-and-headset-mode-fixups-for-asus-x542un.patch alsa-hda-realtek-enable-audio-jacks-of-asus-ux433fn-ux333fa-with-alc294.patch alsa-hda-realtek-enable-audio-jacks-of-asus-ux533fd-with-alc294.patch alsa-hda-realtek-fix-the-mute-led-regresion-on-lenovo-x1-carbon.patch alsa-hda-realtek-fixed-headphone-issue-for-alc700.patch ib-hfi1-fix-an-out-of-bounds-access-in-get_hw_stats.patch --- diff --git a/queue-4.19/alsa-fireface-fix-reference-to-wrong-register-for-clock-configuration.patch b/queue-4.19/alsa-fireface-fix-reference-to-wrong-register-for-clock-configuration.patch new file mode 100644 index 00000000000..64e08eebd09 --- /dev/null +++ b/queue-4.19/alsa-fireface-fix-reference-to-wrong-register-for-clock-configuration.patch @@ -0,0 +1,38 @@ +From fa9c98e4b975bb3192ed6af09d9fa282ed3cd8a0 Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Sun, 9 Dec 2018 17:04:19 +0900 +Subject: ALSA: fireface: fix reference to wrong register for clock configuration + +From: Takashi Sakamoto + +commit fa9c98e4b975bb3192ed6af09d9fa282ed3cd8a0 upstream. + +In an initial commit, 'SYNC_STATUS' register is referred to get +clock configuration, however this is wrong, according to my local +note at hand for reverse-engineering about packet dump. It should +be 'CLOCK_CONFIG' register. Actually, ff400_dump_clock_config() +is correctly programmed. + +This commit fixes the bug. + +Cc: # v4.12+ +Fixes: 76fdb3a9e13a ('ALSA: fireface: add support for Fireface 400') +Signed-off-by: Takashi Sakamoto +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/fireface/ff-protocol-ff400.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/firewire/fireface/ff-protocol-ff400.c ++++ b/sound/firewire/fireface/ff-protocol-ff400.c +@@ -30,7 +30,7 @@ static int ff400_get_clock(struct snd_ff + int err; + + err = snd_fw_transaction(ff->unit, TCODE_READ_QUADLET_REQUEST, +- FF400_SYNC_STATUS, ®, sizeof(reg), 0); ++ FF400_CLOCK_CONFIG, ®, sizeof(reg), 0); + if (err < 0) + return err; + data = le32_to_cpu(reg); diff --git a/queue-4.19/alsa-hda-realtek-alc294-mic-and-headset-mode-fixups-for-asus-x542un.patch b/queue-4.19/alsa-hda-realtek-alc294-mic-and-headset-mode-fixups-for-asus-x542un.patch new file mode 100644 index 00000000000..417285cd47a --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-alc294-mic-and-headset-mode-fixups-for-asus-x542un.patch @@ -0,0 +1,63 @@ +From d8ae458eeca9ed686e09a1b894867cb91fc4c1cb Mon Sep 17 00:00:00 2001 +From: Chris Chiu +Date: Fri, 7 Dec 2018 17:17:11 +0800 +Subject: ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN + +From: Chris Chiu + +commit d8ae458eeca9ed686e09a1b894867cb91fc4c1cb upstream. + +The known ALC256_FIXUP_ASUS_MIC fixup can fix the headphone jack +sensing and enable use of the internal microphone on this laptop +X542UN. However, it's ALC294 so create a new fixup named +ALC294_FIXUP_ASUS_MIC to avoid confusion. + +Signed-off-by: Jian-Hong Pan +Signed-off-by: Daniel Drake +Signed-off-by: Chris Chiu +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5520,6 +5520,7 @@ enum { + ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, + ALC295_FIXUP_HP_AUTO_MUTE, + ALC286_FIXUP_ACER_AIO_MIC_NO_PRESENCE, ++ ALC294_FIXUP_ASUS_MIC, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -6406,6 +6407,16 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MIC + }, ++ [ALC294_FIXUP_ASUS_MIC] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x13, 0x90a60160 }, /* use as internal mic */ ++ { 0x19, 0x04a11120 }, /* use as headset mic, without its own jack detect */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7155,6 +7166,10 @@ static const struct snd_hda_pin_quirk al + SND_HDA_PIN_QUIRK(0x10ec0293, 0x1028, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE, + ALC292_STANDARD_PINS, + {0x13, 0x90a60140}), ++ SND_HDA_PIN_QUIRK(0x10ec0294, 0x1043, "ASUS", ALC294_FIXUP_ASUS_MIC, ++ {0x14, 0x90170110}, ++ {0x1b, 0x90a70130}, ++ {0x21, 0x04211020}), + SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, + ALC295_STANDARD_PINS, + {0x17, 0x21014020}, diff --git a/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux433fn-ux333fa-with-alc294.patch b/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux433fn-ux333fa-with-alc294.patch new file mode 100644 index 00000000000..812069026ed --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux433fn-ux333fa-with-alc294.patch @@ -0,0 +1,36 @@ +From 0bea4cc8383519f78f3f74caca7bdebdfb346d3b Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Fri, 7 Dec 2018 17:17:13 +0800 +Subject: ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 + +From: Jian-Hong Pan + +commit 0bea4cc8383519f78f3f74caca7bdebdfb346d3b upstream. + +The ASUS UX433FN and UX333FA with ALC294 cannot detect the headset MIC +and output through the internal speaker and the headphone until +ALC294_FIXUP_ASUS_SPK and ALC294_FIXUP_ASUS_HEADSET_MIC quirk applied. + +Signed-off-by: Daniel Drake +Signed-off-by: Jian-Hong Pan +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -7193,6 +7193,10 @@ static const struct snd_hda_pin_quirk al + {0x14, 0x90170110}, + {0x1b, 0x90a70130}, + {0x21, 0x04211020}), ++ SND_HDA_PIN_QUIRK(0x10ec0294, 0x1043, "ASUS", ALC294_FIXUP_ASUS_SPK, ++ {0x12, 0x90a60130}, ++ {0x17, 0x90170110}, ++ {0x21, 0x04211020}), + SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, + ALC295_STANDARD_PINS, + {0x17, 0x21014020}, diff --git a/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux533fd-with-alc294.patch b/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux533fd-with-alc294.patch new file mode 100644 index 00000000000..7c0da9d0606 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-enable-audio-jacks-of-asus-ux533fd-with-alc294.patch @@ -0,0 +1,69 @@ +From 4e051106730dfc640a8b49db88440af304726f4d Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Fri, 7 Dec 2018 17:17:12 +0800 +Subject: ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 + +From: Jian-Hong Pan + +commit 4e051106730dfc640a8b49db88440af304726f4d upstream. + +The ASUS UX533FD with ALC294 cannot detect the headset MIC and outputs +through the internal speaker and the headphone until +ALC294_FIXUP_ASUS_SPK and ALC294_FIXUP_ASUS_HEADSET_MIC quirk applied. + +Signed-off-by: Daniel Drake +Signed-off-by: Jian-Hong Pan +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5521,6 +5521,8 @@ enum { + ALC295_FIXUP_HP_AUTO_MUTE, + ALC286_FIXUP_ACER_AIO_MIC_NO_PRESENCE, + ALC294_FIXUP_ASUS_MIC, ++ ALC294_FIXUP_ASUS_HEADSET_MIC, ++ ALC294_FIXUP_ASUS_SPK, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -6417,6 +6419,26 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC + }, ++ [ALC294_FIXUP_ASUS_HEADSET_MIC] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x19, 0x01a1113c }, /* use as headset mic, without its own jack detect */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC ++ }, ++ [ALC294_FIXUP_ASUS_SPK] = { ++ .type = HDA_FIXUP_VERBS, ++ .v.verbs = (const struct hda_verb[]) { ++ /* Set EAPD high */ ++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x40 }, ++ { 0x20, AC_VERB_SET_PROC_COEF, 0x8800 }, ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC294_FIXUP_ASUS_HEADSET_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -6559,6 +6581,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1043, 0x12e0, "ASUS X541SA", ALC256_FIXUP_ASUS_MIC), + SND_PCI_QUIRK(0x1043, 0x13b0, "ASUS Z550SA", ALC256_FIXUP_ASUS_MIC), + SND_PCI_QUIRK(0x1043, 0x1427, "Asus Zenbook UX31E", ALC269VB_FIXUP_ASUS_ZENBOOK), ++ SND_PCI_QUIRK(0x1043, 0x14a1, "ASUS UX533FD", ALC294_FIXUP_ASUS_SPK), + SND_PCI_QUIRK(0x1043, 0x1517, "Asus Zenbook UX31A", ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A), + SND_PCI_QUIRK(0x1043, 0x16e3, "ASUS UX50", ALC269_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x1043, 0x1a13, "Asus G73Jw", ALC269_FIXUP_ASUS_G73JW), diff --git a/queue-4.19/alsa-hda-realtek-fix-the-mute-led-regresion-on-lenovo-x1-carbon.patch b/queue-4.19/alsa-hda-realtek-fix-the-mute-led-regresion-on-lenovo-x1-carbon.patch new file mode 100644 index 00000000000..a2254239497 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-fix-the-mute-led-regresion-on-lenovo-x1-carbon.patch @@ -0,0 +1,36 @@ +From 6ba189c5c1a4bda70dc1e4826c58b0246068bb8d Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Sun, 9 Dec 2018 09:16:43 +0800 +Subject: ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon + +From: Hui Wang + +commit 6ba189c5c1a4bda70dc1e4826c58b0246068bb8d upstream. + +Users reported a mute LED regression on Lenovo X1 Carbon, the root +cause is we applied the fixup of ALC285_FIXUP_LENOVO_HEADPHONE_NOISE +to this machine, then the machine can't apply the fixup of +ALC269_FIXUP_THINKPAD_ACPI anymore. To fix it, we chain two fixup +together. + +Fixes: c4cfcf6f4297 ("ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops") +Cc: +Signed-off-by: Hui Wang +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6395,6 +6395,8 @@ static const struct hda_fixup alc269_fix + [ALC285_FIXUP_LENOVO_HEADPHONE_NOISE] = { + .type = HDA_FIXUP_FUNC, + .v.func = alc285_fixup_invalidate_dacs, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_THINKPAD_ACPI + }, + [ALC295_FIXUP_HP_AUTO_MUTE] = { + .type = HDA_FIXUP_FUNC, diff --git a/queue-4.19/alsa-hda-realtek-fixed-headphone-issue-for-alc700.patch b/queue-4.19/alsa-hda-realtek-fixed-headphone-issue-for-alc700.patch new file mode 100644 index 00000000000..42dc27632ed --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-fixed-headphone-issue-for-alc700.patch @@ -0,0 +1,80 @@ +From bde1a7459623a66c2abec4d0a841e4b06cc88d9a Mon Sep 17 00:00:00 2001 +From: Kailang Yang +Date: Fri, 7 Dec 2018 15:14:59 +0800 +Subject: ALSA: hda/realtek - Fixed headphone issue for ALC700 + +From: Kailang Yang + +commit bde1a7459623a66c2abec4d0a841e4b06cc88d9a upstream. + +If it plugged headphone or headset into the jack, then +do the reboot, it will have a chance to cause headphone no sound. +It just need to run the headphone mode procedure after boot time. +The issue will be fixed. +It also suitable for ALC234 ALC274 and ALC294. + +Signed-off-by: Kailang Yang +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -7227,6 +7227,37 @@ static void alc269_fill_coef(struct hda_ + alc_update_coef_idx(codec, 0x4, 0, 1<<11); + } + ++static void alc294_hp_init(struct hda_codec *codec) ++{ ++ struct alc_spec *spec = codec->spec; ++ hda_nid_t hp_pin = spec->gen.autocfg.hp_pins[0]; ++ int i, val; ++ ++ if (!hp_pin) ++ return; ++ ++ snd_hda_codec_write(codec, hp_pin, 0, ++ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE); ++ ++ msleep(100); ++ ++ snd_hda_codec_write(codec, hp_pin, 0, ++ AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0); ++ ++ alc_update_coef_idx(codec, 0x6f, 0x000f, 0);/* Set HP depop to manual mode */ ++ alc_update_coefex_idx(codec, 0x58, 0x00, 0x8000, 0x8000); /* HP depop procedure start */ ++ ++ /* Wait for depop procedure finish */ ++ val = alc_read_coefex_idx(codec, 0x58, 0x01); ++ for (i = 0; i < 20 && val & 0x0080; i++) { ++ msleep(50); ++ val = alc_read_coefex_idx(codec, 0x58, 0x01); ++ } ++ /* Set HP depop to auto mode */ ++ alc_update_coef_idx(codec, 0x6f, 0x000f, 0x000b); ++ msleep(50); ++} ++ + /* + */ + static int patch_alc269(struct hda_codec *codec) +@@ -7352,6 +7383,7 @@ static int patch_alc269(struct hda_codec + spec->codec_variant = ALC269_TYPE_ALC294; + spec->gen.mixer_nid = 0; /* ALC2x4 does not have any loopback mixer path */ + alc_update_coef_idx(codec, 0x6b, 0x0018, (1<<4) | (1<<3)); /* UAJ MIC Vref control by verb */ ++ alc294_hp_init(codec); + break; + case 0x10ec0300: + spec->codec_variant = ALC269_TYPE_ALC300; +@@ -7363,6 +7395,7 @@ static int patch_alc269(struct hda_codec + spec->codec_variant = ALC269_TYPE_ALC700; + spec->gen.mixer_nid = 0; /* ALC700 does not have any loopback mixer path */ + alc_update_coef_idx(codec, 0x4a, 1 << 15, 0); /* Combo jack auto trigger control */ ++ alc294_hp_init(codec); + break; + + } diff --git a/queue-4.19/ib-hfi1-fix-an-out-of-bounds-access-in-get_hw_stats.patch b/queue-4.19/ib-hfi1-fix-an-out-of-bounds-access-in-get_hw_stats.patch new file mode 100644 index 00000000000..bde1bae90a0 --- /dev/null +++ b/queue-4.19/ib-hfi1-fix-an-out-of-bounds-access-in-get_hw_stats.patch @@ -0,0 +1,221 @@ +From 36d842194a57f1b21fbc6a6875f2fa2f9a7f8679 Mon Sep 17 00:00:00 2001 +From: Piotr Stankiewicz +Date: Wed, 28 Nov 2018 06:44:46 -0800 +Subject: IB/hfi1: Fix an out-of-bounds access in get_hw_stats + +From: Piotr Stankiewicz + +commit 36d842194a57f1b21fbc6a6875f2fa2f9a7f8679 upstream. + +When running with KASAN, the following trace is produced: + +[ 62.535888] + +================================================================== +[ 62.544930] BUG: KASAN: slab-out-of-bounds in +gut_hw_stats+0x122/0x230 [hfi1] +[ 62.553856] Write of size 8 at addr ffff88080e8d6330 by task +kworker/0:1/14 + +[ 62.565333] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted +4.19.0-test-build-kasan+ #8 +[ 62.575087] Hardware name: Intel Corporation S2600KPR/S2600KPR, BIOS +SE5C610.86B.01.01.0019.101220160604 10/12/2016 +[ 62.587951] Workqueue: events work_for_cpu_fn +[ 62.594050] Call Trace: +[ 62.598023] dump_stack+0xc6/0x14c +[ 62.603089] ? dump_stack_print_info.cold.1+0x2f/0x2f +[ 62.610041] ? kmsg_dump_rewind_nolock+0x59/0x59 +[ 62.616615] ? get_hw_stats+0x122/0x230 [hfi1] +[ 62.622985] print_address_description+0x6c/0x23c +[ 62.629744] ? get_hw_stats+0x122/0x230 [hfi1] +[ 62.636108] kasan_report.cold.6+0x241/0x308 +[ 62.642365] get_hw_stats+0x122/0x230 [hfi1] +[ 62.648703] ? hfi1_alloc_rn+0x40/0x40 [hfi1] +[ 62.655088] ? __kmalloc+0x110/0x240 +[ 62.660695] ? hfi1_alloc_rn+0x40/0x40 [hfi1] +[ 62.667142] setup_hw_stats+0xd8/0x430 [ib_core] +[ 62.673972] ? show_hfi+0x50/0x50 [hfi1] +[ 62.680026] ib_device_register_sysfs+0x165/0x180 [ib_core] +[ 62.687995] ib_register_device+0x5a2/0xa10 [ib_core] +[ 62.695340] ? show_hfi+0x50/0x50 [hfi1] +[ 62.701421] ? ib_unregister_device+0x2e0/0x2e0 [ib_core] +[ 62.709222] ? __vmalloc_node_range+0x2d0/0x380 +[ 62.716131] ? rvt_driver_mr_init+0x11f/0x2d0 [rdmavt] +[ 62.723735] ? vmalloc_node+0x5c/0x70 +[ 62.729697] ? rvt_driver_mr_init+0x11f/0x2d0 [rdmavt] +[ 62.737347] ? rvt_driver_mr_init+0x1f5/0x2d0 [rdmavt] +[ 62.744998] ? __rvt_alloc_mr+0x110/0x110 [rdmavt] +[ 62.752315] ? rvt_rc_error+0x140/0x140 [rdmavt] +[ 62.759434] ? rvt_vma_open+0x30/0x30 [rdmavt] +[ 62.766364] ? mutex_unlock+0x1d/0x40 +[ 62.772445] ? kmem_cache_create_usercopy+0x15d/0x230 +[ 62.780115] rvt_register_device+0x1f6/0x360 [rdmavt] +[ 62.787823] ? rvt_get_port_immutable+0x180/0x180 [rdmavt] +[ 62.796058] ? __get_txreq+0x400/0x400 [hfi1] +[ 62.802969] ? memcpy+0x34/0x50 +[ 62.808611] hfi1_register_ib_device+0xde6/0xeb0 [hfi1] +[ 62.816601] ? hfi1_get_npkeys+0x10/0x10 [hfi1] +[ 62.823760] ? hfi1_init+0x89f/0x9a0 [hfi1] +[ 62.830469] ? hfi1_setup_eagerbufs+0xad0/0xad0 [hfi1] +[ 62.838204] ? pcie_capability_clear_and_set_word+0xcd/0xe0 +[ 62.846429] ? pcie_capability_read_word+0xd0/0xd0 +[ 62.853791] ? hfi1_pcie_init+0x187/0x4b0 [hfi1] +[ 62.860958] init_one+0x67f/0xae0 [hfi1] +[ 62.867301] ? hfi1_init+0x9a0/0x9a0 [hfi1] +[ 62.873876] ? wait_woken+0x130/0x130 +[ 62.879860] ? read_word_at_a_time+0xe/0x20 +[ 62.886329] ? strscpy+0x14b/0x280 +[ 62.891998] ? hfi1_init+0x9a0/0x9a0 [hfi1] +[ 62.898405] local_pci_probe+0x70/0xd0 +[ 62.904295] ? pci_device_shutdown+0x90/0x90 +[ 62.910833] work_for_cpu_fn+0x29/0x40 +[ 62.916750] process_one_work+0x584/0x960 +[ 62.922974] ? rcu_work_rcufn+0x40/0x40 +[ 62.928991] ? __schedule+0x396/0xdc0 +[ 62.934806] ? __sched_text_start+0x8/0x8 +[ 62.941020] ? pick_next_task_fair+0x68b/0xc60 +[ 62.947674] ? run_rebalance_domains+0x260/0x260 +[ 62.954471] ? __list_add_valid+0x29/0xa0 +[ 62.960607] ? move_linked_works+0x1c7/0x230 +[ 62.967077] ? +trace_event_raw_event_workqueue_execute_start+0x140/0x140 +[ 62.976248] ? mutex_lock+0xa6/0x100 +[ 62.982029] ? __mutex_lock_slowpath+0x10/0x10 +[ 62.988795] ? __switch_to+0x37a/0x710 +[ 62.994731] worker_thread+0x62e/0x9d0 +[ 63.000602] ? max_active_store+0xf0/0xf0 +[ 63.006828] ? __switch_to_asm+0x40/0x70 +[ 63.012932] ? __switch_to_asm+0x34/0x70 +[ 63.019013] ? __switch_to_asm+0x40/0x70 +[ 63.025042] ? __switch_to_asm+0x34/0x70 +[ 63.031030] ? __switch_to_asm+0x40/0x70 +[ 63.037006] ? __schedule+0x396/0xdc0 +[ 63.042660] ? kmem_cache_alloc_trace+0xf3/0x1f0 +[ 63.049323] ? kthread+0x59/0x1d0 +[ 63.054594] ? ret_from_fork+0x35/0x40 +[ 63.060257] ? __sched_text_start+0x8/0x8 +[ 63.066212] ? schedule+0xcf/0x250 +[ 63.071529] ? __wake_up_common+0x110/0x350 +[ 63.077794] ? __schedule+0xdc0/0xdc0 +[ 63.083348] ? wait_woken+0x130/0x130 +[ 63.088963] ? finish_task_switch+0x1f1/0x520 +[ 63.095258] ? kasan_unpoison_shadow+0x30/0x40 +[ 63.101792] ? __init_waitqueue_head+0xa0/0xd0 +[ 63.108183] ? replenish_dl_entity.cold.60+0x18/0x18 +[ 63.115151] ? _raw_spin_lock_irqsave+0x25/0x50 +[ 63.121754] ? max_active_store+0xf0/0xf0 +[ 63.127753] kthread+0x1ae/0x1d0 +[ 63.132894] ? kthread_bind+0x30/0x30 +[ 63.138422] ret_from_fork+0x35/0x40 + +[ 63.146973] Allocated by task 14: +[ 63.152077] kasan_kmalloc+0xbf/0xe0 +[ 63.157471] __kmalloc+0x110/0x240 +[ 63.162804] init_cntrs+0x34d/0xdf0 [hfi1] +[ 63.168883] hfi1_init_dd+0x29a3/0x2f90 [hfi1] +[ 63.175244] init_one+0x551/0xae0 [hfi1] +[ 63.181065] local_pci_probe+0x70/0xd0 +[ 63.186759] work_for_cpu_fn+0x29/0x40 +[ 63.192310] process_one_work+0x584/0x960 +[ 63.198163] worker_thread+0x62e/0x9d0 +[ 63.203843] kthread+0x1ae/0x1d0 +[ 63.208874] ret_from_fork+0x35/0x40 + +[ 63.217203] Freed by task 1: +[ 63.221844] __kasan_slab_free+0x12e/0x180 +[ 63.227844] kfree+0x92/0x1a0 +[ 63.232570] single_release+0x3a/0x60 +[ 63.238024] __fput+0x1d9/0x480 +[ 63.242911] task_work_run+0x139/0x190 +[ 63.248440] exit_to_usermode_loop+0x191/0x1a0 +[ 63.254814] do_syscall_64+0x301/0x330 +[ 63.260283] entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +[ 63.270199] The buggy address belongs to the object at +ffff88080e8d5500 + which belongs to the cache kmalloc-4096 of size 4096 +[ 63.287247] The buggy address is located 3632 bytes inside of + 4096-byte region [ffff88080e8d5500, ffff88080e8d6500) +[ 63.303564] The buggy address belongs to the page: +[ 63.310447] page:ffffea00203a3400 count:1 mapcount:0 +mapping:ffff88081380e840 index:0x0 compound_mapcount: 0 +[ 63.323102] flags: 0x2fffff80008100(slab|head) +[ 63.329775] raw: 002fffff80008100 0000000000000000 0000000100000001 +ffff88081380e840 +[ 63.340175] raw: 0000000000000000 0000000000070007 00000001ffffffff +0000000000000000 +[ 63.350564] page dumped because: kasan: bad access detected + +[ 63.361974] Memory state around the buggy address: +[ 63.369137] ffff88080e8d6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 +[ 63.379082] ffff88080e8d6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 +[ 63.389032] >ffff88080e8d6300: 00 00 00 00 00 00 fc fc fc fc fc fc fc +fc fc fc +[ 63.398944] ^ +[ 63.406141] ffff88080e8d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc +fc fc fc +[ 63.416109] ffff88080e8d6400: fc fc fc fc fc fc fc fc fc fc fc fc fc +fc fc fc +[ 63.426099] +================================================================== + +The trace happens because get_hw_stats() assumes there is room in the +memory allocated in init_cntrs() to accommodate the driver counters. +Unfortunately, that routine only allocated space for the device +counters. + +Fix by insuring the allocation has room for the additional driver +counters. + +Cc: # v4.14+ +Fixes: b7481944b06e9 ("IB/hfi1: Show statistics counters under IB stats interface") +Reviewed-by: Mike Marciniczyn +Reviewed-by: Mike Ruhl +Signed-off-by: Piotr Stankiewicz +Signed-off-by: Dennis Dalessandro +Signed-off-by: Doug Ledford +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/hfi1/chip.c | 3 ++- + drivers/infiniband/hw/hfi1/hfi.h | 2 ++ + drivers/infiniband/hw/hfi1/verbs.c | 2 +- + 3 files changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/hfi1/chip.c ++++ b/drivers/infiniband/hw/hfi1/chip.c +@@ -12485,7 +12485,8 @@ static int init_cntrs(struct hfi1_devdat + } + + /* allocate space for the counter values */ +- dd->cntrs = kcalloc(dd->ndevcntrs, sizeof(u64), GFP_KERNEL); ++ dd->cntrs = kcalloc(dd->ndevcntrs + num_driver_cntrs, sizeof(u64), ++ GFP_KERNEL); + if (!dd->cntrs) + goto bail; + +--- a/drivers/infiniband/hw/hfi1/hfi.h ++++ b/drivers/infiniband/hw/hfi1/hfi.h +@@ -154,6 +154,8 @@ struct hfi1_ib_stats { + extern struct hfi1_ib_stats hfi1_stats; + extern const struct pci_error_handlers hfi1_pci_err_handler; + ++extern int num_driver_cntrs; ++ + /* + * First-cut criterion for "device is active" is + * two thousand dwords combined Tx, Rx traffic per +--- a/drivers/infiniband/hw/hfi1/verbs.c ++++ b/drivers/infiniband/hw/hfi1/verbs.c +@@ -1701,7 +1701,7 @@ static const char * const driver_cntr_na + static DEFINE_MUTEX(cntr_names_lock); /* protects the *_cntr_names bufers */ + static const char **dev_cntr_names; + static const char **port_cntr_names; +-static int num_driver_cntrs = ARRAY_SIZE(driver_cntr_names); ++int num_driver_cntrs = ARRAY_SIZE(driver_cntr_names); + static int num_dev_cntrs; + static int num_port_cntrs; + static int cntr_names_initialized; diff --git a/queue-4.19/series b/queue-4.19/series index 88160519674..2036e930f24 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -132,3 +132,10 @@ initramfs-clean-old-path-before-creating-a-hardlink.patch ocfs2-fix-potential-use-after-free.patch flexfiles-enforce-per-mirror-stateid-only-for-v4-dses.patch dax-check-page-mapping-isn-t-null.patch +alsa-fireface-fix-reference-to-wrong-register-for-clock-configuration.patch +alsa-hda-realtek-fixed-headphone-issue-for-alc700.patch +alsa-hda-realtek-alc294-mic-and-headset-mode-fixups-for-asus-x542un.patch +alsa-hda-realtek-enable-audio-jacks-of-asus-ux533fd-with-alc294.patch +alsa-hda-realtek-enable-audio-jacks-of-asus-ux433fn-ux333fa-with-alc294.patch +alsa-hda-realtek-fix-the-mute-led-regresion-on-lenovo-x1-carbon.patch +ib-hfi1-fix-an-out-of-bounds-access-in-get_hw_stats.patch