6.1-stable patches

added patches:
	alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch

diff --git a/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch b/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
new file mode 100644 (file)
index 0000000..5beacdb
--- /dev/null
+++ b/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
@@ -0,0 +1,41 @@
+From fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 26 Nov 2025 11:08:31 +0100
+Subject: ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 upstream.
+
+The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
+usb-audio: Fix potential overflow of PCM transfer buffer") on the
+older stable kernels like 6.12.y was broken since it doesn't consider
+the mutex unlock, where the upstream code manages with guard().
+In the older code, we still need an explicit unlock.
+
+This is a fix that corrects the error path, applied only on old stable
+trees.
+
+Reported-by: Pavel Machek <pavel@denx.de>
+Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz
+Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
+Reviewed-by: Pavel Machek <pavel@denx.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/endpoint.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/usb/endpoint.c
++++ b/sound/usb/endpoint.c
+@@ -1382,7 +1382,8 @@ int snd_usb_endpoint_set_params(struct s
+       if (ep->packsize[1] > ep->maxpacksize) {
+               usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
+                             ep->maxpacksize, ep->cur_rate, ep->pps);
+-              return -EINVAL;
++              err = -EINVAL;
++              goto unlock;
+       }
+ 
+       /* calculate the frequency in 16.16 format */

diff --git a/queue-6.1/series b/queue-6.1/series
index 3d8a9d2e07b1afea0292a2fa34356d97f2c34f86..32fa436c85725668dba60712506fa3c25e149c88 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -280,7 +280,6 @@ rdma-hns-fix-wrong-wqe-data-when-qp-wraps-around.patch
 btrfs-mark-dirty-extent-range-for-out-of-bound-preal.patch
 fs-hpfs-fix-error-code-for-new_inode-failure-in-mkdi.patch
 um-fix-help-message-for-ssl-non-raw.patch
-clk-sunxi-ng-sun6i-rtc-add-a523-specifics.patch
 rtc-pcf2127-clear-minute-second-interrupt.patch
 arm-at91-pm-save-and-restore-acr-during-pll-disable-.patch
 clk-at91-clk-master-add-check-for-divide-by-3.patch
@@ -404,6 +403,7 @@ wifi-mac80211-reject-address-change-while-connecting.patch
 fs-proc-fix-uaf-in-proc_readdir_de.patch
 mmc-sdhci-of-dwcmshc-change-dll_strbin_tapnum_default-to-0x4.patch
 alsa-usb-audio-fix-potential-overflow-of-pcm-transfer-buffer.patch
+alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch
 spi-try-to-get-acpi-gpio-irq-earlier.patch
 loongarch-use-physical-addresses-for-csr_merrentry-csr_tlbrentry.patch
 edac-altera-handle-ocram-ecc-enable-after-warm-reset.patch