On Wed, 26 Nov 2025 11:01:19 +0100, Pavel Machek wrote:
Hi!
Takashi Iwai tiwai@suse.de ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
This one is wrong for at least 6.12 and older.
if (ep->packsize[1] > ep->maxpacksize) {usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",ep->maxpacksize, ep->cur_rate, ep->pps);return -EINVAL;}Needs to be err = -EINVAL; goto unlock;.
(Or cherry pick guard() handling from newer kernels).
Thanks Pavel, a good catch!
A cherry-pick of the commit efea7a57370b for converting to guard() doesn't seem to be cleanly applicable on 6.12.y, unfortunately. So I guess it'd be easier to have a correction on the top instead, something like below.
Yes, works for me, thanks for handling this.
-- 8< -- From: Takashi Iwai tiwai@suse.de Subject: [PATCH v6.12.y] ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer") on the older stable kernels like 6.12.y was broken since it doesn't consider the mutex unlock, where the upstream code manages with guard(). In the older code, we still need an explicit unlock.
This is a fix that corrects the error path, applied only on old stable trees.
Reported-by: Pavel Machek pavel@denx.de Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer") Signed-off-by: Takashi Iwai tiwai@suse.de
Reviewed-by: Pavel Machek pavel@denx.de
OK, will submit properly.
thanks,
Takashi