Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.0.y 2026-02-22T04:03:00+00:00 2026-02-22T04:03:00+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T04:03:00+00:00 urn:sha1:32a92f8c89326985e05dce8b22d3f0aa07a3e1bd This converts some of the visually simpler cases that have been split over multiple lines. I only did the ones that are easy to verify the resulting diff by having just that final GFP_KERNEL argument on the next line. Somebody should probably do a proper coccinelle script for this, but for me the trivial script actually resulted in an assertion failure in the middle of the script. I probably had made it a bit _too_ trivial. So after fighting that far a while I decided to just do some of the syntactically simpler cases with variations of the previous 'sed' scripts. The more syntactically complex multi-line cases would mostly really want whitespace cleanup anyway. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-02-18T07:52:08+00:00 Tim Bird tim.bird@sony.com 2026-02-12T18:31:03+00:00 urn:sha1:65ff3a8d0b0ab127b2580fcf334a06f76ae4744d Add an SPDX id of LGPL-2.0+ to files in the sound core sub-system that are missing ids. Remove boilerplate text. These files were originally submitted in a big commit for the ALSA sound system for kernel version 2.5.4, by Jaroslav Kysela, in Feb 2002. Signed-off-by: Tim Bird <tim.bird@sony.com> Link: https://patch.msgid.link/20260212183103.3720788-1-tim.bird@sony.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 2022-03-18T13:01:07+00:00 Takashi Iwai tiwai@suse.de 2022-03-18T08:20:36+00:00 urn:sha1:efb6402c3c4a7c26d97c92d70186424097b6e366 We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is given; in the reported case, it went over INT_MAX, hence it hits WARN_ON(). This patch is an attempt to avoid such an overflow and an allocation for too large buffers. First off, it adds the limit of 1MB as the upper bound for period bytes. This must be large enough for all use cases, and we really don't want to handle a larger temporary buffer than this size. The size check is performed at two places, where the original period bytes is calculated and where the plugin buffer size is calculated. In addition, the driver uses array_size() and array3_size() for multiplications to catch overflows for the converted period size and buffer bytes. Reported-by: syzbot+72732c532ac1454eeee9@syzkaller.appspotmail.com Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/00000000000085b1b305da5a66f3@google.com Link: https://lore.kernel.org/r/20220318082036.29699-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2021-06-09T15:30:25+00:00 Takashi Iwai tiwai@suse.de 2021-06-08T14:05:29+00:00 urn:sha1:51c816fdd17c63352b04e67c6c5ccaa3417f39aa There are a few places doing assignments in if condition in ALSA PCM and OSS emulation layers, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-56-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-07-09T11:01:29+00:00 Gustavo A. R. Silva gustavoars@kernel.org 2020-07-08T20:32:36+00:00 urn:sha1:c0dbbdad4e11f86d3e16fec50682c840e18a8135 Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/20200708203236.GA5112@embeddedor Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-04-24T19:39:09+00:00 Takashi Iwai tiwai@suse.de 2020-04-24T19:38:43+00:00 urn:sha1:ac957e8c54115c1ed32e41e0072af3a63576cda6 [ This is again a forward-port of the fix applied for 5.6-base code (commit 4285de0725b1) to 5.7-base, hence neither Fixes nor Cc-to-stable tags are included here -- tiwai ] The checks of the plugin buffer overflow in the previous fix by commit f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow") are put in the wrong places mistakenly, which leads to the expected (repeated) sound when the rate plugin is involved. Fix in the right places. Also, at those right places, the zero check is needed for the termination node, so added there as well, and let's get it done, finally. Link: https://lore.kernel.org/r/20200424193843.20397-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-04-03T07:38:50+00:00 Takashi Iwai tiwai@suse.de 2020-04-03T07:38:18+00:00 urn:sha1:ff7e06a55676931ab32db54f69189482a948c5ec [ This is essentially the same fix as commit ae769d355664, but it's adapted to the latest code for 5.7; hence it contains no Fixes or other tags for avoid backport confusion -- tiwai ] The recent fix for the OOB access in PCM OSS plugins (commit f2ecf903ef06: "ALSA: pcm: oss: Avoid plugin buffer overflow") caused a regression on OSS applications. The patch introduced the size check in client and slave size calculations to limit to each plugin's buffer size, but I overlooked that some code paths call those without allocating the buffer but just for estimation. This patch fixes the bug by skipping the size check for those code paths while keeping checking in the actual transfer calls. Link: https://lore.kernel.org/r/20200403073818.27943-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-03-30T07:46:51+00:00 Takashi Iwai tiwai@suse.de 2020-03-30T07:46:51+00:00 urn:sha1:aa21c3d4b941739651e77747d2f7a20a6c1d87bc 2020-03-12T15:58:03+00:00 Takashi Iwai tiwai@suse.de 2020-03-12T15:57:30+00:00 urn:sha1:5461e0530c222129dfc941058be114b5cbc00837 The return value checks in snd_pcm_plug_alloc() are covered with snd_BUG_ON() macro that may trigger a kernel WARNING depending on the kconfig. But since the error condition can be triggered by a weird user space parameter passed to OSS layer, we shouldn't give the kernel stack trace just for that. As it's a normal error condition, let's remove snd_BUG_ON() macro usage there. Reported-by: syzbot+2a59ee7a9831b264f45e@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200312155730.7520-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>