lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87ikexaz0g.wl-tiwai@suse.de>
Date: Wed, 26 Nov 2025 11:06:55 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Pavel Machek <pavel@...x.de>
Cc: Takashi Iwai <tiwai@...e.de>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	stable@...r.kernel.org,
	patches@...ts.linux.dev,
	linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org,
	linux@...ck-us.net,
	shuah@...nel.org,
	patches@...nelci.org,
	lkft-triage@...ts.linaro.org,
	jonathanh@...dia.com,
	f.fainelli@...il.com,
	sudipm.mukherjee@...il.com,
	rwarsow@....de,
	conor@...nel.org,
	hargar@...rosoft.com,
	broonie@...nel.org,
	achill@...ill.org,
	sr@...dewatkins.com
Subject: Re: [PATCH 6.12 000/185] 6.12.59-rc1 review

On Wed, 26 Nov 2025 11:01:19 +0100,
Pavel Machek wrote:
> 
> Hi!
> 
> > > > Takashi Iwai <tiwai@...e.de>
> > > >     ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
> > > 
> > > This one is wrong for at least 6.12 and older.
> > > 
> > > +       if (ep->packsize[1] > ep->maxpacksize) {
> > > +               usb_audio_dbg(chip, "Too small maxpacksize %u for rate %u / pps %u\n",
> > > +                             ep->maxpacksize, ep->cur_rate, ep->pps);
> > > +               return -EINVAL;
> > > +       }
> > >  
> > > Needs to be err = -EINVAL; goto unlock;.
> > > 
> > > (Or cherry pick guard() handling from newer kernels).
> > 
> > Thanks Pavel, a good catch!
> > 
> > A cherry-pick of the commit efea7a57370b for converting to guard()
> > doesn't seem to be cleanly applicable on 6.12.y, unfortunately.
> > So I guess it'd be easier to have a correction on the top instead,
> > something like below.
> 
> Yes, works for me, thanks for handling this.
> 
> > -- 8< --
> > From: Takashi Iwai <tiwai@...e.de>
> > Subject: [PATCH v6.12.y] ALSA: usb-audio: Fix missing unlock at error path of
> >  maxpacksize check
> > 
> > The recent backport of the upstream commit 05a1fc5efdd8 ("ALSA:
> > usb-audio: Fix potential overflow of PCM transfer buffer") on the
> > older stable kernels like 6.12.y was broken since it doesn't consider
> > the mutex unlock, where the upstream code manages with guard().
> > In the older code, we still need an explicit unlock.
> > 
> > This is a fix that corrects the error path, applied only on old stable
> > trees.
> > 
> > Reported-by: Pavel Machek <pavel@...x.de>
> > Closes: https://lore.kernel.org/aSWtH0AZH5+aeb+a@duo.ucw.cz
> > Fixes: 98e9d5e33bda ("ALSA: usb-audio: Fix potential overflow of PCM transfer buffer")
> > Signed-off-by: Takashi Iwai <tiwai@...e.de>
> 
> Reviewed-by: Pavel Machek <pavel@...x.de>

OK, will submit properly.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ