From 659842dc4690522d389466f39febdccbeb49436c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 4 Dec 2025 17:20:44 +0100 Subject: [PATCH] 6.1-stable patches added patches: alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch --- ...k-at-error-path-of-maxpacksize-check.patch | 41 +++++++++++++++++++ queue-6.1/series | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch diff --git a/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch b/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch new file mode 100644 index 0000000000..5beacdb824 --- /dev/null +++ b/queue-6.1/alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch @@ -0,0 +1,41 @@ +From fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 26 Nov 2025 11:08:31 +0100 +Subject: ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check + +From: Takashi Iwai + +commit fdf0dc82eb60091772ecea73cbc5a8fb7562fc45 upstream. + +The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA: +usb-audio: Fix potential overflow of PCM transfer buffer") on the +older stable kernels like 6.12.y was broken since it doesn't consider +the mutex unlock, where the upstream code manages with guard(). +In the older code, we still need an explicit unlock. + +This is a fix that corrects the error path, applied only on old stable +trees. + +Reported-by: Pavel Machek +Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz +Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer") +Reviewed-by: Pavel Machek +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/endpoint.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/usb/endpoint.c ++++ b/sound/usb/endpoint.c +@@ -1382,7 +1382,8 @@ int snd_usb_endpoint_set_params(struct s + if (ep->packsize[1] > ep->maxpacksize) { + usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n", + ep->maxpacksize, ep->cur_rate, ep->pps); +- return -EINVAL; ++ err = -EINVAL; ++ goto unlock; + } + + /* calculate the frequency in 16.16 format */ diff --git a/queue-6.1/series b/queue-6.1/series index 3d8a9d2e07..32fa436c85 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -280,7 +280,6 @@ rdma-hns-fix-wrong-wqe-data-when-qp-wraps-around.patch btrfs-mark-dirty-extent-range-for-out-of-bound-preal.patch fs-hpfs-fix-error-code-for-new_inode-failure-in-mkdi.patch um-fix-help-message-for-ssl-non-raw.patch -clk-sunxi-ng-sun6i-rtc-add-a523-specifics.patch rtc-pcf2127-clear-minute-second-interrupt.patch arm-at91-pm-save-and-restore-acr-during-pll-disable-.patch clk-at91-clk-master-add-check-for-divide-by-3.patch @@ -404,6 +403,7 @@ wifi-mac80211-reject-address-change-while-connecting.patch fs-proc-fix-uaf-in-proc_readdir_de.patch mmc-sdhci-of-dwcmshc-change-dll_strbin_tapnum_default-to-0x4.patch alsa-usb-audio-fix-potential-overflow-of-pcm-transfer-buffer.patch +alsa-usb-audio-fix-missing-unlock-at-error-path-of-maxpacksize-check.patch spi-try-to-get-acpi-gpio-irq-earlier.patch loongarch-use-physical-addresses-for-csr_merrentry-csr_tlbrentry.patch edac-altera-handle-ocram-ecc-enable-after-warm-reset.patch -- 2.47.3