From: Takashi Iwai <tiwai@suse.de>
To: Pavel Machek <pavel@denx.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
tiwai@suse.de, stable@vger.kernel.org, patches@lists.linux.dev,
linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, linux@roeck-us.net, shuah@kernel.org,
patches@kernelci.org, lkft-triage@lists.linaro.org,
jonathanh@nvidia.com, f.fainelli@gmail.com,
sudipm.mukherjee@gmail.com, rwarsow@gmx.de, conor@kernel.org,
hargar@microsoft.com, broonie@kernel.org, achill@achill.org,
sr@sladewatkins.com
Subject: Re: [PATCH 6.12 000/185] 6.12.59-rc1 review
Date: Tue, 25 Nov 2025 14:54:20 +0100 [thread overview]
Message-ID: <87ecpmp69f.wl-tiwai@suse.de> (raw)
In-Reply-To: <aSWtH0AZH5+aeb+a@duo.ucw.cz>
On Tue, 25 Nov 2025 14:20:31 +0100,
Pavel Machek wrote:
>
> On Fri 2025-11-21 14:10:27, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 6.12.59 release.
> > There are 185 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
>
>
> > Takashi Iwai <tiwai@suse.de>
> > ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
>
> This one is wrong for at least 6.12 and older.
>
> + if (ep->packsize[1] > ep->maxpacksize) {
> + usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
> + ep->maxpacksize, ep->cur_rate, ep->pps);
> + return -EINVAL;
> + }
>
> Needs to be err = -EINVAL; goto unlock;.
>
> (Or cherry pick guard() handling from newer kernels).
Thanks Pavel, a good catch!
A cherry-pick of the commit efea7a57370b for converting to guard()
doesn't seem to be cleanly applicable on 6.12.y, unfortunately.
So I guess it'd be easier to have a correction on the top instead,
something like below.
Takashi
-- 8< --
From: Takashi Iwai <tiwai@suse.de>
Subject: [PATCH v6.12.y] ALSA: usb-audio: Fix missing unlock at error path of
maxpacksize check
The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
usb-audio: Fix potential overflow of PCM transfer buffer") on the
older stable kernels like 6.12.y was broken since it doesn't consider
the mutex unlock, where the upstream code manages with guard().
In the older code, we still need an explicit unlock.
This is a fix that corrects the error path, applied only on old stable
trees.
Reported-by: Pavel Machek <pavel@denx.de>
Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz
Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/usb/endpoint.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 7238f65cbcff..aa201e4744bf 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -1389,7 +1389,8 @@ int snd_usb_endpoint_set_params(struct snd_usb_audio *chip,
if (ep->packsize[1] > ep->maxpacksize) {
usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
ep->maxpacksize, ep->cur_rate, ep->pps);
- return -EINVAL;
+ err = -EINVAL;
+ goto unlock;
}
/* calculate the frequency in 16.16 format */
--
2.52.0
next prev parent reply other threads:[~2025-11-25 13:54 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-21 13:10 [PATCH 6.12 000/185] 6.12.59-rc1 review Greg Kroah-Hartman
2025-11-21 13:13 ` [PATCH 6.12 172/185] io_uring/napi: fix io_napi_entry RCU accesses Greg Kroah-Hartman
2025-11-21 13:46 ` [PATCH 6.12 000/185] 6.12.59-rc1 review Pavel Machek
2025-11-21 16:28 ` Jon Hunter
2025-11-21 17:05 ` Brett Mastbergen
2025-11-21 18:22 ` Florian Fainelli
2025-11-22 4:46 ` Naresh Kamboju
2025-11-22 6:47 ` Greg Kroah-Hartman
2025-11-22 5:53 ` Brett A C Sheffield
2025-11-22 8:51 ` Pavel Machek
2025-11-22 9:05 ` Peter Schneider
2025-11-22 10:54 ` Jeffrin Thalakkottoor
2025-11-22 11:09 ` Ron Economos
2025-11-22 23:37 ` Miguel Ojeda
2025-11-23 11:53 ` Mark Brown
2025-11-25 13:20 ` Pavel Machek
2025-11-25 13:54 ` Takashi Iwai [this message]
2025-11-26 10:01 ` Pavel Machek
2025-11-26 10:06 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ecpmp69f.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=achill@achill.org \
--cc=akpm@linux-foundation.org \
--cc=broonie@kernel.org \
--cc=conor@kernel.org \
--cc=f.fainelli@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hargar@microsoft.com \
--cc=jonathanh@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=lkft-triage@lists.linaro.org \
--cc=patches@kernelci.org \
--cc=patches@lists.linux.dev \
--cc=pavel@denx.de \
--cc=rwarsow@gmx.de \
--cc=shuah@kernel.org \
--cc=sr@sladewatkins.com \
--cc=stable@vger.kernel.org \
--cc=sudipm.mukherjee@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox