From: <gregkh@linuxfoundation.org>
To: alsa-devel@alsa-project.org,andreyknvl@google.com,dan.carpenter@linaro.org,gregkh@linuxfoundation.org,hdanton@sina.com,perex@perex.cz,syzbot+d59c4387bfb6eced94e2@syzkaller.appspotmail.com,tiwai@suse.com,tiwai@suse.de
Cc: <stable-commits@vger.kernel.org>
Subject: Patch "ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check" has been added to the 4.19-stable tree
Date: Thu, 05 Sep 2024 15:06:14 +0200 [thread overview]
Message-ID: <2024090510-sulphate-payment-7f46@gregkh> (raw)
In-Reply-To: <d830ede4-1736-4548-94b3-51a21fa935c3@stanley.mountain>
This is a note to let you know that I've just added the patch titled
ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
alsa-usb-audio-fix-gpf-in-snd_usb_pipe_sanity_check.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From stable+bounces-73597-greg=kroah.com@vger.kernel.org Thu Sep 5 14:38:24 2024
From: Hillf Danton <dan.carpenter@linaro.org>
Date: Thu, 5 Sep 2024 15:38:13 +0300
Subject: ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
To: Takashi Iwai <tiwai@suse.de>
Cc: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, Hillf Danton <hdanton@sina.com>, alsa-devel@alsa-project.org, stable@vger.kernel.org
Message-ID: <d830ede4-1736-4548-94b3-51a21fa935c3@stanley.mountain>
Content-Disposition: inline
From: Hillf Danton <dan.carpenter@linaro.org>
[ Upstream commit 5d78e1c2b7f4be00bbe62141603a631dc7812f35 ]
syzbot found the following crash on:
general protection fault: 0000 [#1] SMP KASAN
RIP: 0010:snd_usb_pipe_sanity_check+0x80/0x130 sound/usb/helper.c:75
Call Trace:
snd_usb_motu_microbookii_communicate.constprop.0+0xa0/0x2fb sound/usb/quirks.c:1007
snd_usb_motu_microbookii_boot_quirk sound/usb/quirks.c:1051 [inline]
snd_usb_apply_boot_quirk.cold+0x163/0x370 sound/usb/quirks.c:1280
usb_audio_probe+0x2ec/0x2010 sound/usb/card.c:576
usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
really_probe+0x281/0x650 drivers/base/dd.c:548
....
It was introduced in commit 801ebf1043ae for checking pipe and endpoint
types. It is fixed by adding a check of the ep pointer in question.
BugLink: https://syzkaller.appspot.com/bug?extid=d59c4387bfb6eced94e2
Reported-by: syzbot <syzbot+d59c4387bfb6eced94e2@syzkaller.appspotmail.com>
Fixes: 801ebf1043ae ("ALSA: usb-audio: Sanity checks for each pipe and EP types")
Cc: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/usb/helper.c
+++ b/sound/usb/helper.c
@@ -85,7 +85,7 @@ int snd_usb_pipe_sanity_check(struct usb
struct usb_host_endpoint *ep;
ep = usb_pipe_endpoint(dev, pipe);
- if (usb_pipetype(pipe) != pipetypes[usb_endpoint_type(&ep->desc)])
+ if (!ep || usb_pipetype(pipe) != pipetypes[usb_endpoint_type(&ep->desc)])
return -EINVAL;
return 0;
}
Patches currently in stable-queue which might be from dan.carpenter@linaro.org are
queue-4.19/alsa-usb-audio-sanity-checks-for-each-pipe-and-ep-types.patch
queue-4.19/alsa-usb-audio-fix-gpf-in-snd_usb_pipe_sanity_check.patch
prev parent reply other threads:[~2024-09-05 13:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <76c0ef6b-f4bf-41f7-ad36-55f5b4b3180a@stanley.mountain>
2024-09-05 12:38 ` [PATCH 1/2 4.19.y] ALSA: usb-audio: Sanity checks for each pipe and EP types Takashi Iwai
2024-09-05 13:06 ` Patch "ALSA: usb-audio: Sanity checks for each pipe and EP types" has been added to the 4.19-stable tree gregkh
2024-09-05 13:34 ` [PATCH 1/2 4.19.y] ALSA: usb-audio: Sanity checks for each pipe and EP types Dan Carpenter
2024-09-05 13:49 ` Greg KH
2024-09-05 15:11 ` Dan Carpenter
2024-09-05 16:29 ` Greg KH
2024-09-05 12:38 ` [PATCH 2/2 4.19.y] ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Hillf Danton
2024-09-05 13:06 ` gregkh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024090510-sulphate-payment-7f46@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=alsa-devel@alsa-project.org \
--cc=andreyknvl@google.com \
--cc=dan.carpenter@linaro.org \
--cc=hdanton@sina.com \
--cc=perex@perex.cz \
--cc=stable-commits@vger.kernel.org \
--cc=syzbot+d59c4387bfb6eced94e2@syzkaller.appspotmail.com \
--cc=tiwai@suse.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox