lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aSbP77sRVyWjXxWC@duo.ucw.cz>
Date: Wed, 26 Nov 2025 11:01:19 +0100
From: Pavel Machek <pavel@...x.de>
To: Takashi Iwai <tiwai@...e.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org,
	patches@...ts.linux.dev, linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	linux@...ck-us.net, shuah@...nel.org, patches@...nelci.org,
	lkft-triage@...ts.linaro.org, jonathanh@...dia.com,
	f.fainelli@...il.com, sudipm.mukherjee@...il.com, rwarsow@....de,
	conor@...nel.org, hargar@...rosoft.com, broonie@...nel.org,
	achill@...ill.org, sr@...dewatkins.com
Subject: Re: [PATCH 6.12 000/185] 6.12.59-rc1 review

Hi!

> > > Takashi Iwai <tiwai@...e.de>
> > >     ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
> > 
> > This one is wrong for at least 6.12 and older.
> > 
> > +       if (ep->packsize[1] > ep->maxpacksize) {
> > +               usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
> > +                             ep->maxpacksize, ep->cur_rate, ep->pps);
> > +               return -EINVAL;
> > +       }
> >  
> > Needs to be err = -EINVAL; goto unlock;.
> > 
> > (Or cherry pick guard() handling from newer kernels).
> 
> Thanks Pavel, a good catch!
> 
> A cherry-pick of the commit efea7a57370b for converting to guard()
> doesn't seem to be cleanly applicable on 6.12.y, unfortunately.
> So I guess it'd be easier to have a correction on the top instead,
> something like below.

Yes, works for me, thanks for handling this.

> -- 8< --
> From: Takashi Iwai <tiwai@...e.de>
> Subject: [PATCH v6.12.y] ALSA: usb-audio: Fix missing unlock at error path of
>  maxpacksize check
> 
> The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
> usb-audio: Fix potential overflow of PCM transfer buffer") on the
> older stable kernels like 6.12.y was broken since it doesn't consider
> the mutex unlock, where the upstream code manages with guard().
> In the older code, we still need an explicit unlock.
> 
> This is a fix that corrects the error path, applied only on old stable
> trees.
> 
> Reported-by: Pavel Machek <pavel@...x.de>
> Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz
> Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
> Signed-off-by: Takashi Iwai <tiwai@...e.de>

Reviewed-by: Pavel Machek <pavel@...x.de>

Best regards,
								Pavel
-- 
In cooperation with DENX Software Engineering GmbH, HRB 165235 Munich,
Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ