The load_mixer_volumes() function, which can be triggered by
unprivileged users via the SOUND_MIXER_SETLEVELS ioctl, is vulnerable to
a buffer overflow.  Because the provided "name" argument isn't
guaranteed to be NULL terminated at the expected 32 bytes, it's possible
to overflow past the end of the last element in the mixer_vols array.
Further exploitation can result in an arbitrary kernel write (via
subsequent calls to load_mixer_volumes()) leading to privilege
escalation, or arbitrary kernel reads via get_mixer_levels().  In
addition, the strcmp() may leak bytes beyond the mixer_vols array.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

The fix-up entries by the commit 2785591a
     ALSA: hda - Add fix-up for Sony VAIO with ALC275 codecs
weren't applied in the right position.  They had to be before the quirk
entry matching to all Sony devices.
Signed-off-by: Takashi Iwai <tiwai@suse.de>

When a mixer control element was already created with the given name,
try to find another index for avoiding conflicts, instead of breaking
with an error.  This makes the driver more robust.
Signed-off-by: Takashi Iwai <tiwai@suse.de>

When the d-mics are assigned to the same purpose of another analog mic
pins, the driver doesn't compute the index properly, resulting in an
error with "existing control".  This patch fixes it.
Signed-off-by: Takashi Iwai <tiwai@suse.de>

ALC275 doesn't require the ALC269 (and its variants) specific init
sequences.  Add the check of codec id.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Set GPIO2 for some Sony VAIO with ALC275 to fix speaker output.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

The Coverity checker spotted that we do not always remember to call
va_end() on 'args' in failure paths in snd_pcm_hw_rule_add().
Here's a patch to fix that up (compile tested only) - it also removes
some annoying trailing whitespace that caught my eye while I was in the
area..
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

BugLink: http://launchpad.net/bugs/580006

SKU turns off auto-mute for these machines, so ignore the SKU.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Due to the recent change for multiple mics assignment, we need to handle
the index of each Mic Boost control respectively.  Otherwise the driver
gets the control element conflicts, and gives the unsable state.

Reference: kernel bug 25002
	https://bugzilla.kernel.org/show_bug.cgi?id=25002Reported-and-tested-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Set default association/sequence right on pin 0x17 in order for
the automatic parser to recognize the subwoofer correctly.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

BugLink: http://launchpad.net/bugs/690530

The SKU value of this machine dictates that auto-mute should be
disabled. Since the SKU value is similar to the PCI SSID, the most
likely conclusion is that the SKU value should be ignored.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Currently bias of non-DAPM codec will be powered down (standby/off) whenever
there is a stream stop. This is wrong in simultaneous playback/capture since
the bias is put down immediately after stopping the first stream.

Fix this by using the codec->active count when figuring out the needed bias
level after stream stop.
Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

Acc to WM8580 manual, the default value for R8 is 0x10, not 0x1c.
Signed-off-by: Seungwhan Youn <sw.youn@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org

Deemphasis control's .get callback should update control's value instead
of returning it - return value of callback function is used for indicating
error or success of operation.
Signed-off-by: Dmitry Artamonow <mad_soft@inbox.ru>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org

BugLink: http://launchpad.net/497546

Confirmed that the ideapad model works better than the current
quirk for Dell Vostro 320.

Cc: stable@kernel.org (2.6.35+)
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

When a new HDMI/DP device is plugged in, hdmi_update_short_audio_desc()
is called for every SAD (Short Audio Descriptor) in the ELD data. For
LPCM coding type SAD defines the supported sample sizes. For several
other coding types (such as AC-3), a maximum bitrate is defined.

The maximum bitrate and sample size fields are not always cleared.
Therefore, if a device is unplugged and a different one is plugged in,
and the coding types of some SAD positions differ between the devices,
the old max_bitrate or sample_bits values will persist if the new SADs
do not define those values.

The leftover max_bitrate and sample_bits do not cause any issues other
than wrongly showing up in eld#X.Y procfs file and kernel log.

Fix that by always clearing sample_bits and max_bitrate when reading
SADs.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Commit bbbe3390 added functionality to restrict PCM parameters
based on ELD info (derived from EDID data) of the audio sink.

However, according to CEA-861-D no SAD is needed for basic audio
(32/44.1/48kHz stereo 16-bit audio), which is instead indicated with a
basic audio flag in the CEA EDID Extension.

The flag is not present in ELD. However, as all audio capable sinks are
required to support basic audio, we can assume it to be always
available.

Fix allowed audio formats with sinks that have SADs (Short Audio
Descriptors) which do not completely overlap with the basic audio
formats (there are no reports of affected devices so far) by always
assuming that basic audio is supported.
Reported-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Cc: stable@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Commit bbbe3390 added functionality to restrict PCM parameters
based on ELD info (derived from EDID data) of the audio sink.

However, it wrongly assumes that the bits 0-2 of the first byte of
CEA Short Audio Descriptors mean a supported number of channels. In
reality, they mean the maximum number of channels (as per CEA-861-D
7.5.2). This means that the channel count can only be used to restrict
max_channels, not min_channels.

Restricting min_channels causes us to deny opening the device in stereo
mode if the sink only has SADs that declare larger numbers of channels
(like Primare SP32 AV Processor does).

Fix that by not restricting min_channels based on ELD information.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Reported-by: Jean-Yves Avenard <jyavenard@gmail.com>
Tested-by: Jean-Yves Avenard <jyavenard@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Fix mismerge from the out of tree BSP where this support was developed.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

In case of SNDRV_PCM_FORMAT_S32_LE, we need to set WM8580_AIF_LENGTH_32,
rather than WM8580_AIF_LENGTH_24.
Also, the BCLK has to be 64fs, for sample size of 20, 24 and 32 bits.
Signed-off-by: Jassi Brar <jassi.brar@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

Properly free the resources in the case of soc_register_ac97_dai_link failure.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

As the comments of snd_soc_instantiate_cards() said,
snd_soc_instantiate_cards() must be called with client_mutex.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

SPKOUTL_BOOST start from third bit, SPKOUTLR_BOOST start from 0 bit.
Signed-off-by: Uk Kim <w0806.kim@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org

Signed-off-by: Uk Kim <w0806.kim@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org

BugLink: https://launchpad.net/bugs/685161

The reporter of the bug states that he must use position_fix=1 to enable
capture for the internal microphone, so set it for his machine's PCI
SSID.  Verified using 2.6.35 and the 2010-12-04 alsa-driver build.
Reported-and-tested-by: Ralph Wabel <rwabel@gmx.net>
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Added a quirk to cxt5066_cfg_tbl to enable jack sense for ThinkPad Edge 13.

Reference: http://launchpad.net/bugs/685015Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

On the docking station for the Lenovo T410 and T410s, the line-out 
doesn't work. The trouble seems to be that it generates a plug event, 
but then doesn't report that the jack is connected. So automute mutes 
the jack when you plug something into it. The following patch (next 
message) fixes it.

Signed-off-by: John Baboval <john.baboval at virtualcomputer.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

BugLink: https://launchpad.net/bugs/595482

The original reporter states that audible playback from the internal
speaker is inaudible despite the hardware being properly detected.  To
work around this symptom, he uses the model=lg quirk to properly enable
both playback, capture, and jack sense.  Another user corroborates this
workaround on separate hardware.  Add this PCI SSID to the quirk table
to enable it for further LG P1 Expresses.
Reported-and-tested-by: Philip Peitsch <philip.peitsch@gmail.com>
Tested-by: nikhov
Cc: <stable@kernel.org> [2.6.32+]
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Merge branch 'for-2.6.37' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/asoc-2.6 into fix/asoc

Not all omap boards use kernel based pin multiplexing so
CONFIG_SND_OMAP_SOC_N810 should not select it by default as it can make
harm to other boards in multi-board kernels.

Therefore put CONFIG_OMAP_MUX as a dependency to N810 ASoC machine driver.

Thanks to Tony Lindgren <tony@atomide.com> for noticing.
Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Cc: Tony Lindgren <tony@atomide.com>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Liam Girdwood <lrg@slimlogic.co.uk>

BugLink: https://launchpad.net/bugs/683695

The original reporter states that headphone jacks do not appear to
work.  Upon inspecting his codec dump, and upon further testing, it is
confirmed that the "alienware" model quirk is correct.

Reported-and-tested-by: Cody Thierauf
Cc: <stable@kernel.org> [2.6.32+]
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

According to the datasheet the bypass path enable/disable is
bit 3 therefore we need 0x8 and not 0x4.
Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>