--- /dev/null
+From b7b7e1ab7619deb3b299b5e5c619c3e6f183a12d Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 31 Jul 2024 16:19:41 +0200
+Subject: ALSA: usb-audio: Correct surround channels in UAC1 channel map
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit b7b7e1ab7619deb3b299b5e5c619c3e6f183a12d upstream.
+
+USB-audio driver puts SNDRV_CHMAP_SL and _SR as left and right
+surround channels for UAC1 channel map, respectively. But they should
+have been SNDRV_CHMAP_RL and _RR; the current value *_SL and _SR are
+rather "side" channels, not "surround". I guess I took those
+mistakenly when I read the spec mentioning "surround left".
+
+This patch corrects those entries to be the right channels.
+
+Suggested-by: Sylvain BERTRAND <sylvain.bertrand@legeek.net>
+Closes: https://lore.kernel.orgZ/qIyJD8lhd8hFhlC@freedom
+Fixes: 04324ccc75f9 ("ALSA: usb-audio: add channel map support")
+Cc: <stable@vger.kernel.org>
+Link: https://patch.msgid.link/20240731142018.24750-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/stream.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/usb/stream.c
++++ b/sound/usb/stream.c
+@@ -250,8 +250,8 @@ static struct snd_pcm_chmap_elem *conver
+ SNDRV_CHMAP_FR, /* right front */
+ SNDRV_CHMAP_FC, /* center front */
+ SNDRV_CHMAP_LFE, /* LFE */
+- SNDRV_CHMAP_SL, /* left surround */
+- SNDRV_CHMAP_SR, /* right surround */
++ SNDRV_CHMAP_RL, /* left surround */
++ SNDRV_CHMAP_RR, /* right surround */
+ SNDRV_CHMAP_FLC, /* left of center */
+ SNDRV_CHMAP_FRC, /* right of center */
+ SNDRV_CHMAP_RC, /* surround */
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
- net/ipv6/ndisc.c | 34 ++++++++++++++++++----------------
+ net/ipv6/ndisc.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
-diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
-index a640deb9ab14d..0961596bb085e 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
-@@ -223,6 +223,7 @@ struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
+@@ -223,6 +223,7 @@ struct ndisc_options *ndisc_parse_option
return NULL;
memset(ndopts, 0, sizeof(*ndopts));
while (opt_len) {
int l;
if (opt_len < sizeof(struct nd_opt_hdr))
return NULL;
-@@ -258,22 +259,23 @@ struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
+@@ -258,22 +259,23 @@ struct ndisc_options *ndisc_parse_option
break;
#endif
default:
}
next_opt:
opt_len -= l;
---
-2.43.0
-
--- /dev/null
+From 08f3a5c38087d1569e982a121aad1e6acbf145ce Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Thu, 25 Jul 2024 10:29:42 +0800
+Subject: net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit 08f3a5c38087d1569e982a121aad1e6acbf145ce upstream.
+
+It could lead to error happen because the variable res is not updated if
+the call to sr_share_read_word returns an error. In this particular case
+error code was returned and res stayed uninitialized. Same issue also
+applies to sr_read_reg.
+
+This can be avoided by checking the return value of sr_share_read_word
+and sr_read_reg, and propagating the error if the read operation failed.
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: c9b37458e956 ("USB2NET : SR9700 : One chip USB 1.1 USB2NET SR9700Device Driver Support")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Reviewed-by: Shigeru Yoshida <syoshida@redhat.com>
+Reviewed-by: Hariprasad Kelam <hkelam@marvell.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/sr9700.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/usb/sr9700.c
++++ b/drivers/net/usb/sr9700.c
+@@ -178,6 +178,7 @@ static int sr_mdio_read(struct net_devic
+ struct usbnet *dev = netdev_priv(netdev);
+ __le16 res;
+ int rc = 0;
++ int err;
+
+ if (phy_id) {
+ netdev_dbg(netdev, "Only internal phy supported\n");
+@@ -188,11 +189,17 @@ static int sr_mdio_read(struct net_devic
+ if (loc == MII_BMSR) {
+ u8 value;
+
+- sr_read_reg(dev, SR_NSR, &value);
++ err = sr_read_reg(dev, SR_NSR, &value);
++ if (err < 0)
++ return err;
++
+ if (value & NSR_LINKST)
+ rc = 1;
+ }
+- sr_share_read_word(dev, 1, loc, &res);
++ err = sr_share_read_word(dev, 1, loc, &res);
++ if (err < 0)
++ return err;
++
+ if (rc == 1)
+ res = le16_to_cpu(res) | BMSR_LSTATUS;
+ else
--- /dev/null
+From 8aa37bde1a7b645816cda8b80df4753ecf172bf1 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Thu, 1 Aug 2024 15:22:22 -0400
+Subject: protect the fetch of ->fd[fd] in do_dup2() from mispredictions
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 8aa37bde1a7b645816cda8b80df4753ecf172bf1 upstream.
+
+both callers have verified that fd is not greater than ->max_fds;
+however, misprediction might end up with
+ tofree = fdt->fd[fd];
+being speculatively executed. That's wrong for the same reasons
+why it's wrong in close_fd()/file_close_fd_locked(); the same
+solution applies - array_index_nospec(fd, fdt->max_fds) could differ
+from fd only in case of speculative execution on mispredicted path.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/file.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/file.c
++++ b/fs/file.c
+@@ -879,6 +879,7 @@ __releases(&files->file_lock)
+ * tables and this condition does not arise without those.
+ */
+ fdt = files_fdtable(files);
++ fd = array_index_nospec(fd, fdt->max_fds);
+ tofree = fdt->fd[fd];
+ if (!tofree && fd_is_open(fd, fdt))
+ goto Ebusy;
drm-vmwgfx-fix-overlay-when-using-screen-targets.patch
net-iucv-fix-use-after-free-in-iucv_sock_close.patch
ipv6-fix-ndisc_is_useropt-handling-for-pio.patch
+protect-the-fetch-of-fd-in-do_dup2-from-mispredictions.patch
+alsa-usb-audio-correct-surround-channels-in-uac1-channel-map.patch
+net-usb-sr9700-fix-uninitialized-variable-use-in-sr_mdio_read.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
