--- /dev/null
+From 4c6fe8c547e3c9e8c15dabdd23c569ee0df3adb1 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Tue, 18 May 2021 10:26:12 +0900
+Subject: ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 4c6fe8c547e3c9e8c15dabdd23c569ee0df3adb1 upstream.
+
+At high sampling transfer frequency, TC Electronic Konnekt Live
+transfers/receives 6 audio data frames in multi bit linear audio data
+channel of data block in CIP payload. Current hard-coded stream format
+is wrong.
+
+Cc: <stable@vger.kernel.org>
+Fixes: f1f0f330b1d0 ("ALSA: dice: add parameters of stream formats for models produced by TC Electronic")
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20210518012612.37268-1-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/firewire/dice/dice-tcelectronic.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/firewire/dice/dice-tcelectronic.c
++++ b/sound/firewire/dice/dice-tcelectronic.c
+@@ -38,8 +38,8 @@ static const struct dice_tc_spec konnekt
+ };
+
+ static const struct dice_tc_spec konnekt_live = {
+- .tx_pcm_chs = {{16, 16, 16}, {0, 0, 0} },
+- .rx_pcm_chs = {{16, 16, 16}, {0, 0, 0} },
++ .tx_pcm_chs = {{16, 16, 6}, {0, 0, 0} },
++ .rx_pcm_chs = {{16, 16, 6}, {0, 0, 0} },
+ .has_midi = true,
+ };
+
--- /dev/null
+From 05ca447630334c323c9e2b788b61133ab75d60d3 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 May 2021 10:39:39 +0200
+Subject: ALSA: line6: Fix racy initialization of LINE6 MIDI
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 05ca447630334c323c9e2b788b61133ab75d60d3 upstream.
+
+The initialization of MIDI devices that are found on some LINE6
+drivers are currently done in a racy way; namely, the MIDI buffer
+instance is allocated and initialized in each private_init callback
+while the communication with the interface is already started via
+line6_init_cap_control() call before that point. This may lead to
+Oops in line6_data_received() when a spurious event is received, as
+reported by syzkaller.
+
+This patch moves the MIDI initialization to line6_init_cap_control()
+as well instead of the too-lately-called private_init for avoiding the
+race. Also this reduces slightly more lines, so it's a win-win
+change.
+
+Reported-by: syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com
+Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com
+Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo
+Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/line6/driver.c | 4 ++++
+ sound/usb/line6/pod.c | 5 -----
+ sound/usb/line6/variax.c | 6 ------
+ 3 files changed, 4 insertions(+), 11 deletions(-)
+
+--- a/sound/usb/line6/driver.c
++++ b/sound/usb/line6/driver.c
+@@ -705,6 +705,10 @@ static int line6_init_cap_control(struct
+ line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL);
+ if (!line6->buffer_message)
+ return -ENOMEM;
++
++ ret = line6_init_midi(line6);
++ if (ret < 0)
++ return ret;
+ } else {
+ ret = line6_hwdep_init(line6);
+ if (ret < 0)
+--- a/sound/usb/line6/pod.c
++++ b/sound/usb/line6/pod.c
+@@ -420,11 +420,6 @@ static int pod_init(struct usb_line6 *li
+ if (err < 0)
+ return err;
+
+- /* initialize MIDI subsystem: */
+- err = line6_init_midi(line6);
+- if (err < 0)
+- return err;
+-
+ /* initialize PCM subsystem: */
+ err = line6_init_pcm(line6, &pod_pcm_properties);
+ if (err < 0)
+--- a/sound/usb/line6/variax.c
++++ b/sound/usb/line6/variax.c
+@@ -217,7 +217,6 @@ static int variax_init(struct usb_line6
+ const struct usb_device_id *id)
+ {
+ struct usb_line6_variax *variax = (struct usb_line6_variax *) line6;
+- int err;
+
+ line6->process_message = line6_variax_process_message;
+ line6->disconnect = line6_variax_disconnect;
+@@ -233,11 +232,6 @@ static int variax_init(struct usb_line6
+ if (variax->buffer_activate == NULL)
+ return -ENOMEM;
+
+- /* initialize MIDI subsystem: */
+- err = line6_init_midi(&variax->line6);
+- if (err < 0)
+- return err;
+-
+ /* initiate startup procedure: */
+ variax_startup1(variax);
+ return 0;
--- /dev/null
+From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Wed, 19 May 2021 08:40:11 +1000
+Subject: cifs: fix memory leak in smb2_copychunk_range
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.
+
+When using smb2_copychunk_range() for large ranges we will
+run through several iterations of a loop calling SMB2_ioctl()
+but never actually free the returned buffer except for the final
+iteration.
+This leads to memory leaks everytime a large copychunk is requested.
+
+Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2ops.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -1174,6 +1174,8 @@ smb2_copychunk_range(const unsigned int
+ cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));
+
+ /* Request server copy to target from src identified by key */
++ kfree(retbuf);
++ retbuf = NULL;
+ rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
+ trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
+ true /* is_fsctl */, (char *)pcchunk,
ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch
nvmet-seset-ns-file-when-open-fails.patch
locking-mutex-clear-mutex_flags-if-wait_list-is-empt.patch
+cifs-fix-memory-leak-in-smb2_copychunk_range.patch
+alsa-dice-fix-stream-format-for-tc-electronic-konnekt-live-at-high-sampling-transfer-frequency.patch
+alsa-line6-fix-racy-initialization-of-line6-midi.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
