5.15-stable patches

added patches:
	alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch

diff --git a/queue-5.15/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch b/queue-5.15/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
new file mode 100644 (file)
index 0000000..a853773
--- /dev/null
+++ b/queue-5.15/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
@@ -0,0 +1,41 @@
+From fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 26 Nov 2025 11:08:31 +0100
+Subject: ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 upstream.
+
+The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
+usb-audio: Fix potential overflow of PCM transfer buffer") on the
+older stable kernels like 6.12.y was broken since it doesn't consider
+the mutex unlock, where the upstream code manages with guard().
+In the older code, we still need an explicit unlock.
+
+This is a fix that corrects the error path, applied only on old stable
+trees.
+
+Reported-by: Pavel Machek <pavel@denx.de>
+Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz
+Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
+Reviewed-by: Pavel Machek <pavel@denx.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/endpoint.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/usb/endpoint.c
++++ b/sound/usb/endpoint.c
+@@ -1377,7 +1377,8 @@ int snd_usb_endpoint_set_params(struct s
+       if (ep->packsize[1] > ep->maxpacksize) {
+               usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
+                             ep->maxpacksize, ep->cur_rate, ep->pps);
+-              return -EINVAL;
++              err = -EINVAL;
++              goto unlock;
+       }
+ 
+       /* calculate the frequency in 16.16 format */

diff --git a/queue-5.15/series b/queue-5.15/series
index a2648176d5226aeb0f6644ec3386d92654984359..035666598f1a19a44dd67991c50d428dcf035ba9 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -274,6 +274,7 @@ strparser-fix-signed-unsigned-mismatch-bug.patch
 ipv4-route-prevent-rt_bind_exception-from-rebinding-stale-fnhe.patch
 fs-proc-fix-uaf-in-proc_readdir_de.patch
 alsa-usb-audio-fix-potential-overflow-of-pcm-transfer-buffer.patch
+alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
 spi-try-to-get-acpi-gpio-irq-earlier.patch
 edac-altera-handle-ocram-ecc-enable-after-warm-reset.patch
 edac-altera-use-inttest-register-for-ethernet-and-usb-sbe-injection.patch