--- /dev/null
+From 75306820248e26d15d84acf4e297b9fb27dd3bb2 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@linaro.org>
+Date: Mon, 24 Feb 2014 11:59:14 +0900
+Subject: ASoC: da732x: Mark DC offset control registers volatile
+
+From: Mark Brown <broonie@linaro.org>
+
+commit 75306820248e26d15d84acf4e297b9fb27dd3bb2 upstream.
+
+The driver reads from the DC offset control registers during callibration
+but since the registers are marked as volatile and there is a register
+cache the values will not be read from the hardware after the first reading
+rendering the callibration ineffective.
+
+It appears that the driver was originally written for the ASoC level
+register I/O code but converted to regmap prior to merge and this issue
+was missed during the conversion as the framework level volatile register
+functionality was not being used.
+
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Acked-by: Adam Thomson <Adam.Thomson.Opensource@diasemi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/da732x.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/sound/soc/codecs/da732x.c
++++ b/sound/soc/codecs/da732x.c
+@@ -1268,11 +1268,23 @@ static struct snd_soc_dai_driver da732x_
+ },
+ };
+
++static bool da732x_volatile(struct device *dev, unsigned int reg)
++{
++ switch (reg) {
++ case DA732X_REG_HPL_DAC_OFF_CNTL:
++ case DA732X_REG_HPR_DAC_OFF_CNTL:
++ return true;
++ default:
++ return false;
++ }
++}
++
+ static const struct regmap_config da732x_regmap = {
+ .reg_bits = 8,
+ .val_bits = 8,
+
+ .max_register = DA732X_MAX_REG,
++ .volatile_reg = da732x_volatile,
+ .reg_defaults = da732x_reg_cache,
+ .num_reg_defaults = ARRAY_SIZE(da732x_reg_cache),
+ .cache_type = REGCACHE_RBTREE,
--- /dev/null
+From c42c8922c46d33ed769e99618bdfba06866a0c72 Mon Sep 17 00:00:00 2001
+From: Dylan Reid <dgreid@chromium.org>
+Date: Wed, 12 Feb 2014 10:24:54 -0800
+Subject: ASoC: max98090: sync regcache on entering STANDBY
+
+From: Dylan Reid <dgreid@chromium.org>
+
+commit c42c8922c46d33ed769e99618bdfba06866a0c72 upstream.
+
+Sync regcache when entering STANDBY from OFF. ON isn't entered with
+OFF as the current state, so the registers were not being re-synced
+after suspend/resume.
+
+The 98088 and 98095 already call regcache_sync from STANDBY.
+
+Signed-off-by: Dylan Reid <dgreid@chromium.org>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/max98090.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+--- a/sound/soc/codecs/max98090.c
++++ b/sound/soc/codecs/max98090.c
+@@ -1755,16 +1755,6 @@ static int max98090_set_bias_level(struc
+
+ switch (level) {
+ case SND_SOC_BIAS_ON:
+- if (codec->dapm.bias_level == SND_SOC_BIAS_OFF) {
+- ret = regcache_sync(max98090->regmap);
+-
+- if (ret != 0) {
+- dev_err(codec->dev,
+- "Failed to sync cache: %d\n", ret);
+- return ret;
+- }
+- }
+-
+ if (max98090->jack_state == M98090_JACK_STATE_HEADSET) {
+ /*
+ * Set to normal bias level.
+@@ -1778,6 +1768,16 @@ static int max98090_set_bias_level(struc
+ break;
+
+ case SND_SOC_BIAS_STANDBY:
++ if (codec->dapm.bias_level == SND_SOC_BIAS_OFF) {
++ ret = regcache_sync(max98090->regmap);
++ if (ret != 0) {
++ dev_err(codec->dev,
++ "Failed to sync cache: %d\n", ret);
++ return ret;
++ }
++ }
++ break;
++
+ case SND_SOC_BIAS_OFF:
+ /* Set internal pull-up to lowest power mode */
+ snd_soc_update_bits(codec, M98090_REG_JACK_DETECT,
--- /dev/null
+From 025c3fa9256d4c54506b7a29dc3befac54f5c68d Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 Feb 2014 09:24:12 +0100
+Subject: ASoC: sta32x: Fix array access overflow
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 025c3fa9256d4c54506b7a29dc3befac54f5c68d upstream.
+
+Preset EQ enum of sta32x codec driver declares too many number of
+items and it may lead to the access over the actual array size.
+
+Use SOC_ENUM_SINGLE_DECL() helper and it's automatically fixed.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Acked-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
+Acked-by: Lars-Peter Clausen <lars@metafoo.de>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/sta32x.c | 72 +++++++++++++++++++++++-----------------------
+ 1 file changed, 36 insertions(+), 36 deletions(-)
+
+--- a/sound/soc/codecs/sta32x.c
++++ b/sound/soc/codecs/sta32x.c
+@@ -187,42 +187,42 @@ static const unsigned int sta32x_limiter
+ 13, 16, TLV_DB_SCALE_ITEM(-1500, 300, 0),
+ };
+
+-static const struct soc_enum sta32x_drc_ac_enum =
+- SOC_ENUM_SINGLE(STA32X_CONFD, STA32X_CONFD_DRC_SHIFT,
+- 2, sta32x_drc_ac);
+-static const struct soc_enum sta32x_auto_eq_enum =
+- SOC_ENUM_SINGLE(STA32X_AUTO1, STA32X_AUTO1_AMEQ_SHIFT,
+- 3, sta32x_auto_eq_mode);
+-static const struct soc_enum sta32x_auto_gc_enum =
+- SOC_ENUM_SINGLE(STA32X_AUTO1, STA32X_AUTO1_AMGC_SHIFT,
+- 4, sta32x_auto_gc_mode);
+-static const struct soc_enum sta32x_auto_xo_enum =
+- SOC_ENUM_SINGLE(STA32X_AUTO2, STA32X_AUTO2_XO_SHIFT,
+- 16, sta32x_auto_xo_mode);
+-static const struct soc_enum sta32x_preset_eq_enum =
+- SOC_ENUM_SINGLE(STA32X_AUTO3, STA32X_AUTO3_PEQ_SHIFT,
+- 32, sta32x_preset_eq_mode);
+-static const struct soc_enum sta32x_limiter_ch1_enum =
+- SOC_ENUM_SINGLE(STA32X_C1CFG, STA32X_CxCFG_LS_SHIFT,
+- 3, sta32x_limiter_select);
+-static const struct soc_enum sta32x_limiter_ch2_enum =
+- SOC_ENUM_SINGLE(STA32X_C2CFG, STA32X_CxCFG_LS_SHIFT,
+- 3, sta32x_limiter_select);
+-static const struct soc_enum sta32x_limiter_ch3_enum =
+- SOC_ENUM_SINGLE(STA32X_C3CFG, STA32X_CxCFG_LS_SHIFT,
+- 3, sta32x_limiter_select);
+-static const struct soc_enum sta32x_limiter1_attack_rate_enum =
+- SOC_ENUM_SINGLE(STA32X_L1AR, STA32X_LxA_SHIFT,
+- 16, sta32x_limiter_attack_rate);
+-static const struct soc_enum sta32x_limiter2_attack_rate_enum =
+- SOC_ENUM_SINGLE(STA32X_L2AR, STA32X_LxA_SHIFT,
+- 16, sta32x_limiter_attack_rate);
+-static const struct soc_enum sta32x_limiter1_release_rate_enum =
+- SOC_ENUM_SINGLE(STA32X_L1AR, STA32X_LxR_SHIFT,
+- 16, sta32x_limiter_release_rate);
+-static const struct soc_enum sta32x_limiter2_release_rate_enum =
+- SOC_ENUM_SINGLE(STA32X_L2AR, STA32X_LxR_SHIFT,
+- 16, sta32x_limiter_release_rate);
++static SOC_ENUM_SINGLE_DECL(sta32x_drc_ac_enum,
++ STA32X_CONFD, STA32X_CONFD_DRC_SHIFT,
++ sta32x_drc_ac);
++static SOC_ENUM_SINGLE_DECL(sta32x_auto_eq_enum,
++ STA32X_AUTO1, STA32X_AUTO1_AMEQ_SHIFT,
++ sta32x_auto_eq_mode);
++static SOC_ENUM_SINGLE_DECL(sta32x_auto_gc_enum,
++ STA32X_AUTO1, STA32X_AUTO1_AMGC_SHIFT,
++ sta32x_auto_gc_mode);
++static SOC_ENUM_SINGLE_DECL(sta32x_auto_xo_enum,
++ STA32X_AUTO2, STA32X_AUTO2_XO_SHIFT,
++ sta32x_auto_xo_mode);
++static SOC_ENUM_SINGLE_DECL(sta32x_preset_eq_enum,
++ STA32X_AUTO3, STA32X_AUTO3_PEQ_SHIFT,
++ sta32x_preset_eq_mode);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter_ch1_enum,
++ STA32X_C1CFG, STA32X_CxCFG_LS_SHIFT,
++ sta32x_limiter_select);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter_ch2_enum,
++ STA32X_C2CFG, STA32X_CxCFG_LS_SHIFT,
++ sta32x_limiter_select);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter_ch3_enum,
++ STA32X_C3CFG, STA32X_CxCFG_LS_SHIFT,
++ sta32x_limiter_select);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter1_attack_rate_enum,
++ STA32X_L1AR, STA32X_LxA_SHIFT,
++ sta32x_limiter_attack_rate);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter2_attack_rate_enum,
++ STA32X_L2AR, STA32X_LxA_SHIFT,
++ sta32x_limiter_attack_rate);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter1_release_rate_enum,
++ STA32X_L1AR, STA32X_LxR_SHIFT,
++ sta32x_limiter_release_rate);
++static SOC_ENUM_SINGLE_DECL(sta32x_limiter2_release_rate_enum,
++ STA32X_L2AR, STA32X_LxR_SHIFT,
++ sta32x_limiter_release_rate);
+
+ /* byte array controls for setting biquad, mixer, scaling coefficients;
+ * for biquads all five coefficients need to be set in one go,
--- /dev/null
+From 70ff00f82a6af0ff68f8f7b411738634ce2f20d0 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Sat, 22 Feb 2014 18:27:17 +0100
+Subject: ASoC: sta32x: Fix cache sync
+
+From: Lars-Peter Clausen <lars@metafoo.de>
+
+commit 70ff00f82a6af0ff68f8f7b411738634ce2f20d0 upstream.
+
+codec->control_data contains a pointer to the regmap struct of the device, not
+to the device private data. Use snd_soc_codec_get_drvdata() instead.
+
+The issue was introduced in commit 29fdf4fbbe ("ASoC: sta32x: Convert to
+regmap").
+
+Fixes: 29fdf4fbbe (ASoC: sta32x: Convert to regmap)
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/sta32x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/sta32x.c
++++ b/sound/soc/codecs/sta32x.c
+@@ -331,7 +331,7 @@ static int sta32x_sync_coef_shadow(struc
+
+ static int sta32x_cache_sync(struct snd_soc_codec *codec)
+ {
+- struct sta32x_priv *sta32x = codec->control_data;
++ struct sta32x_priv *sta32x = snd_soc_codec_get_drvdata(codec);
+ unsigned int mute;
+ int rc;
+
--- /dev/null
+From b3619b288b621e63f66908045f48495869a996a6 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 27 Feb 2014 07:41:32 +0100
+Subject: ASoC: sta32x: Fix wrong enum for limiter2 release rate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit b3619b288b621e63f66908045f48495869a996a6 upstream.
+
+There is a typo in the Limiter2 Release Rate control, a wrong enum for
+Limiter1 is assigned. It must point to Limiter2.
+Spotted by a compile warning:
+
+In file included from sound/soc/codecs/sta32x.c:34:0:
+sound/soc/codecs/sta32x.c:223:29: warning: ‘sta32x_limiter2_release_rate_enum’ defined but not used [-Wunused-variable]
+ static SOC_ENUM_SINGLE_DECL(sta32x_limiter2_release_rate_enum,
+ ^
+include/sound/soc.h:275:18: note: in definition of macro ‘SOC_ENUM_DOUBLE_DECL’
+ struct soc_enum name = SOC_ENUM_DOUBLE(xreg, xshift_l, xshift_r, \
+ ^
+sound/soc/codecs/sta32x.c:223:8: note: in expansion of macro ‘SOC_ENUM_SINGLE_DECL’
+ static SOC_ENUM_SINGLE_DECL(sta32x_limiter2_release_rate_enum,
+ ^
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/sta32x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/sta32x.c
++++ b/sound/soc/codecs/sta32x.c
+@@ -432,7 +432,7 @@ SOC_SINGLE_TLV("Treble Tone Control", ST
+ SOC_ENUM("Limiter1 Attack Rate (dB/ms)", sta32x_limiter1_attack_rate_enum),
+ SOC_ENUM("Limiter2 Attack Rate (dB/ms)", sta32x_limiter2_attack_rate_enum),
+ SOC_ENUM("Limiter1 Release Rate (dB/ms)", sta32x_limiter1_release_rate_enum),
+-SOC_ENUM("Limiter2 Release Rate (dB/ms)", sta32x_limiter1_release_rate_enum),
++SOC_ENUM("Limiter2 Release Rate (dB/ms)", sta32x_limiter2_release_rate_enum),
+
+ /* depending on mode, the attack/release thresholds have
+ * two different enum definitions; provide both
--- /dev/null
+From 7a6c0a58dc824523966f212c76322d47c5b0e6fe Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 Feb 2014 09:37:30 +0100
+Subject: ASoC: wm8770: Fix wrong number of enum items
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 7a6c0a58dc824523966f212c76322d47c5b0e6fe upstream.
+
+wm8770 codec driver defines ain_enum with a wrong number of items.
+
+Use SOC_ENUM_DOUBLE_DECL() macro and it's automatically fixed.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Acked-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
+Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
+Acked-by: Lars-Peter Clausen <lars@metafoo.de>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/wm8770.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/codecs/wm8770.c
++++ b/sound/soc/codecs/wm8770.c
+@@ -196,8 +196,8 @@ static const char *ain_text[] = {
+ "AIN5", "AIN6", "AIN7", "AIN8"
+ };
+
+-static const struct soc_enum ain_enum =
+- SOC_ENUM_DOUBLE(WM8770_ADCMUX, 0, 4, 8, ain_text);
++static SOC_ENUM_DOUBLE_DECL(ain_enum,
++ WM8770_ADCMUX, 0, 4, ain_text);
+
+ static const struct snd_kcontrol_new ain_mux =
+ SOC_DAPM_ENUM("Capture Mux", ain_enum);
--- /dev/null
+From 548da08fc1e245faf9b0d7c41ecd8e07984fc332 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Sat, 22 Feb 2014 18:30:13 +0100
+Subject: ASoC: wm8958-dsp: Fix firmware block loading
+
+From: Lars-Peter Clausen <lars@metafoo.de>
+
+commit 548da08fc1e245faf9b0d7c41ecd8e07984fc332 upstream.
+
+The codec->control_data contains a pointer to the device's regmap struct. But
+wm8994_bulk_write() expects a pointer to the parent wm8998 device.
+
+The issue was introduced in commit d9a7666f ("ASoC: Remove ASoC-specific
+WM8994 I/O code").
+
+Fixes: d9a7666f ("ASoC: Remove ASoC-specific WM8994 I/O code")
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/wm8958-dsp2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/wm8958-dsp2.c
++++ b/sound/soc/codecs/wm8958-dsp2.c
+@@ -153,7 +153,7 @@ static int wm8958_dsp2_fw(struct snd_soc
+
+ data32 &= 0xffffff;
+
+- wm8994_bulk_write(codec->control_data,
++ wm8994_bulk_write(wm8994->wm8994,
+ data32 & 0xffffff,
+ block_len / 2,
+ (void *)(data + 8));
--- /dev/null
+From a08d3b3b99efd509133946056531cdf8f3a0c09b Mon Sep 17 00:00:00 2001
+From: Andrew Honig <ahonig@google.com>
+Date: Thu, 27 Feb 2014 19:35:14 +0100
+Subject: kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
+
+From: Andrew Honig <ahonig@google.com>
+
+commit a08d3b3b99efd509133946056531cdf8f3a0c09b upstream.
+
+The problem occurs when the guest performs a pusha with the stack
+address pointing to an mmio address (or an invalid guest physical
+address) to start with, but then extending into an ordinary guest
+physical address. When doing repeated emulated pushes
+emulator_read_write sets mmio_needed to 1 on the first one. On a
+later push when the stack points to regular memory,
+mmio_nr_fragments is set to 0, but mmio_is_needed is not set to 0.
+
+As a result, KVM exits to userspace, and then returns to
+complete_emulated_mmio. In complete_emulated_mmio
+vcpu->mmio_cur_fragment is incremented. The termination condition of
+vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments is never achieved.
+The code bounces back and fourth to userspace incrementing
+mmio_cur_fragment past it's buffer. If the guest does nothing else it
+eventually leads to a a crash on a memcpy from invalid memory address.
+
+However if a guest code can cause the vm to be destroyed in another
+vcpu with excellent timing, then kvm_clear_async_pf_completion_queue
+can be used by the guest to control the data that's pointed to by the
+call to cancel_work_item, which can be used to gain execution.
+
+Fixes: f78146b0f9230765c6315b2e14f56112513389ad
+Signed-off-by: Andrew Honig <ahonig@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -5982,7 +5982,7 @@ static int complete_emulated_mmio(struct
+ frag->len -= len;
+ }
+
+- if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) {
++ if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
+ vcpu->mmio_needed = 0;
+ if (vcpu->mmio_is_write)
+ return 1;
alsa-hda-ca0132-setup-cleanup-streams.patch
alsa-hda-ca0132-fix-recording-from-mode-id-0x8.patch
alsa-hda-enable-front-audio-jacks-on-one-hp-desktop-model.patch
+kvm-x86-fix-emulator-buffer-overflow-cve-2014-0049.patch
+asoc-max98090-sync-regcache-on-entering-standby.patch
+asoc-wm8770-fix-wrong-number-of-enum-items.patch
+asoc-da732x-mark-dc-offset-control-registers-volatile.patch
+asoc-sta32x-fix-cache-sync.patch
+asoc-sta32x-fix-wrong-enum-for-limiter2-release-rate.patch
+asoc-sta32x-fix-array-access-overflow.patch
+asoc-wm8958-dsp-fix-firmware-block-loading.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
