Re: [PATCH 6.12 000/185] 6.12.59-rc1 review

[Takashi Iwai]

On Wed, 26 Nov 2025 11:01:19 +0100,
Pavel Machek wrote:
> 
> Hi!
> 
> > > > Takashi Iwai <tiwai@xxxxxxx>
> > > >     ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
> > > 
> > > This one is wrong for at least 6.12 and older.
> > > 
> > > +       if (ep->packsize[1] > ep->maxpacksize) {
> > > +               usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
> > > +                             ep->maxpacksize, ep->cur_rate, ep->pps);
> > > +               return -EINVAL;
> > > +       }
> > >  
> > > Needs to be err = -EINVAL; goto unlock;.
> > > 
> > > (Or cherry pick guard() handling from newer kernels).
> > 
> > Thanks Pavel, a good catch!
> > 
> > A cherry-pick of the commit efea7a57370b for converting to guard()
> > doesn't seem to be cleanly applicable on 6.12.y, unfortunately.
> > So I guess it'd be easier to have a correction on the top instead,
> > something like below.
> 
> Yes, works for me, thanks for handling this.
> 
> > -- 8< --
> > From: Takashi Iwai <tiwai@xxxxxxx>
> > Subject: [PATCH v6.12.y] ALSA: usb-audio: Fix missing unlock at error path of
> >  maxpacksize check
> > 
> > The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
> > usb-audio: Fix potential overflow of PCM transfer buffer") on the
> > older stable kernels like 6.12.y was broken since it doesn't consider
> > the mutex unlock, where the upstream code manages with guard().
> > In the older code, we still need an explicit unlock.
> > 
> > This is a fix that corrects the error path, applied only on old stable
> > trees.
> > 
> > Reported-by: Pavel Machek <pavel@xxxxxxx>
> > Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@xxxxxxxxxx
> > Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
> > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> 
> Reviewed-by: Pavel Machek <pavel@xxxxxxx>

OK, will submit properly.


thanks,

Takashi