From f23b8210f8eee7da8e36ac71771b5a33706857cc Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 9 Dec 2023 13:11:59 +0100
Subject: [PATCH] 5.4-stable patches

added patches:
	alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch
---
 ...out-of-bounds-in-snd_pcm_state_names.patch | 78 +++++++++++++++++++
 queue-5.4/series                              |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 queue-5.4/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch

diff --git a/queue-5.4/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch b/queue-5.4/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch
new file mode 100644
index 00000000000..003db03662f
--- /dev/null
+++ b/queue-5.4/alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch
@@ -0,0 +1,78 @@
+From 2b3a7a302c9804e463f2ea5b54dc3a6ad106a344 Mon Sep 17 00:00:00 2001
+From: Jason Zhang <jason.zhang@rock-chips.com>
+Date: Wed, 6 Dec 2023 09:31:39 +0800
+Subject: ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
+
+From: Jason Zhang <jason.zhang@rock-chips.com>
+
+commit 2b3a7a302c9804e463f2ea5b54dc3a6ad106a344 upstream.
+
+The pcm state can be SNDRV_PCM_STATE_DISCONNECTED at disconnect
+callback, and there is not an entry of SNDRV_PCM_STATE_DISCONNECTED
+in snd_pcm_state_names.
+
+This patch adds the missing entry to resolve this issue.
+
+cat /proc/asound/card2/pcm0p/sub0/status
+That results in stack traces like the following:
+
+[   99.702732][ T5171] Unexpected kernel BRK exception at EL1
+[   99.702774][ T5171] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP
+[   99.703858][ T5171] Modules linked in: bcmdhd(E) (...)
+[   99.747425][ T5171] CPU: 3 PID: 5171 Comm: cat Tainted: G         C OE     5.10.189-android13-4-00003-g4a17384380d8-ab11086999 #1
+[   99.748447][ T5171] Hardware name: Rockchip RK3588 CVTE V10 Board (DT)
+[   99.749024][ T5171] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
+[   99.749616][ T5171] pc : snd_pcm_substream_proc_status_read+0x264/0x2bc
+[   99.750204][ T5171] lr : snd_pcm_substream_proc_status_read+0xa4/0x2bc
+[   99.750778][ T5171] sp : ffffffc0175abae0
+[   99.751132][ T5171] x29: ffffffc0175abb80 x28: ffffffc009a2c498
+[   99.751665][ T5171] x27: 0000000000000001 x26: ffffff810cbae6e8
+[   99.752199][ T5171] x25: 0000000000400cc0 x24: ffffffc0175abc60
+[   99.752729][ T5171] x23: 0000000000000000 x22: ffffff802f558400
+[   99.753263][ T5171] x21: ffffff81d8d8ff00 x20: ffffff81020cdc00
+[   99.753795][ T5171] x19: ffffff802d110000 x18: ffffffc014fbd058
+[   99.754326][ T5171] x17: 0000000000000000 x16: 0000000000000000
+[   99.754861][ T5171] x15: 000000000000c276 x14: ffffffff9a976fda
+[   99.755392][ T5171] x13: 0000000065689089 x12: 000000000000d72e
+[   99.755923][ T5171] x11: ffffff802d110000 x10: 00000000000000e0
+[   99.756457][ T5171] x9 : 9c431600c8385d00 x8 : 0000000000000008
+[   99.756990][ T5171] x7 : 0000000000000000 x6 : 000000000000003f
+[   99.757522][ T5171] x5 : 0000000000000040 x4 : ffffffc0175abb70
+[   99.758056][ T5171] x3 : 0000000000000001 x2 : 0000000000000001
+[   99.758588][ T5171] x1 : 0000000000000000 x0 : 0000000000000000
+[   99.759123][ T5171] Call trace:
+[   99.759404][ T5171]  snd_pcm_substream_proc_status_read+0x264/0x2bc
+[   99.759958][ T5171]  snd_info_seq_show+0x54/0xa4
+[   99.760370][ T5171]  seq_read_iter+0x19c/0x7d4
+[   99.760770][ T5171]  seq_read+0xf0/0x128
+[   99.761117][ T5171]  proc_reg_read+0x100/0x1f8
+[   99.761515][ T5171]  vfs_read+0xf4/0x354
+[   99.761869][ T5171]  ksys_read+0x7c/0x148
+[   99.762226][ T5171]  __arm64_sys_read+0x20/0x30
+[   99.762625][ T5171]  el0_svc_common+0xd0/0x1e4
+[   99.763023][ T5171]  el0_svc+0x28/0x98
+[   99.763358][ T5171]  el0_sync_handler+0x8c/0xf0
+[   99.763759][ T5171]  el0_sync+0x1b8/0x1c0
+[   99.764118][ T5171] Code: d65f03c0 b9406102 17ffffae 94191565 (d42aa240)
+[   99.764715][ T5171] ---[ end trace 1eeffa3e17c58e10 ]---
+[   99.780720][ T5171] Kernel panic - not syncing: BRK handler: Fatal exception
+
+Signed-off-by: Jason Zhang <jason.zhang@rock-chips.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20231206013139.20506-1-jason.zhang@rock-chips.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/core/pcm.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/core/pcm.c
++++ b/sound/core/pcm.c
+@@ -251,6 +251,7 @@ static char *snd_pcm_state_names[] = {
+ 	STATE(DRAINING),
+ 	STATE(PAUSED),
+ 	STATE(SUSPENDED),
++	STATE(DISCONNECTED),
+ };
+ 
+ static char *snd_pcm_access_names[] = {
diff --git a/queue-5.4/series b/queue-5.4/series
index 0c9dedd194c..39d55d52831 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -32,3 +32,4 @@ scsi-be2iscsi-fix-a-memleak-in-beiscsi_init_wrb_hand.patch
 arm-imx-check-return-value-of-devm_kasprintf-in-imx_.patch
 arm-dts-imx-make-gpt-node-name-generic.patch
 arm-dts-imx7-declare-timers-compatible-with-fsl-imx6.patch
+alsa-pcm-fix-out-of-bounds-in-snd_pcm_state_names.patch
-- 
2.47.3