Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-03-17T08:54:48+00:00 2026-03-17T08:54:48+00:00 Alexey Nepomnyashih sdl@nppct.ru 2026-03-16T19:18:22+00:00 urn:sha1:bb120ad57def62e3f23e3d999c5fbed11f610993 Similar to commit d8dc8720468a ("ALSA: firewire-lib: fix uninitialized local variable"), the local variable `curr_cycle_time` in process_rx_packets() is declared without initialization. When the tracepoint event is not probed, the variable may appear to be used without being initialized. In practice the value is only relevant when the tracepoint is enabled, however initializing it avoids potential use of an uninitialized value and improves code safety. Initialize `curr_cycle_time` to zero. Fixes: fef4e61b0b76 ("ALSA: firewire-lib: extend tracepoints event including CYCLE_TIME of 1394 OHCI") Cc: stable@vger.kernel.org Signed-off-by: Alexey Nepomnyashih <sdl@nppct.ru> Link: https://patch.msgid.link/20260316191824.83249-1-sdl@nppct.ru Signed-off-by: Takashi Iwai <tiwai@suse.de> 2026-02-28T08:31:13+00:00 Takashi Iwai tiwai@suse.de 2026-02-27T15:57:00+00:00 urn:sha1:d4d5633d8b19b0e745a7910aea49956b3b47900d The use of snprintf() may cause a warning with W=1 due to the possibly truncated string. As the truncation doesn't really matter (and won't happen practically) in the case of dice driver, just shut it up by replacing with scnprintf(). Link: https://patch.msgid.link/20260227155705.1557224-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2026-02-22T16:26:33+00:00 Kees Cook kees@kernel.org 2026-02-22T07:46:04+00:00 urn:sha1:189f164e573e18d9f8876dbd3ad8fcbe11f93037 Conversion performed via this Coccinelle script: // SPDX-License-Identifier: GPL-2.0-only // Options: --include-headers-for-types --all-includes --include-headers --keep-comments virtual patch @gfp depends on patch && !(file in "tools") && !(file in "samples")@ identifier ALLOC = {kmalloc_obj,kmalloc_objs,kmalloc_flex, kzalloc_obj,kzalloc_objs,kzalloc_flex, kvmalloc_obj,kvmalloc_objs,kvmalloc_flex, kvzalloc_obj,kvzalloc_objs,kvzalloc_flex}; @@ ALLOC(... - , GFP_KERNEL ) $ make coccicheck MODE=patch COCCI=gfp.cocci Build and boot tested x86_64 with Fedora 42's GCC and Clang: Linux version 6.19.0+ (user@host) (gcc (GCC) 15.2.1 20260123 (Red Hat 15.2.1-7), GNU ld version 2.44-12.fc42) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Linux version 6.19.0+ (user@host) (clang version 20.1.8 (Fedora 20.1.8-4.fc42), LLD 20.1.8) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Signed-off-by: Kees Cook <kees@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-01-18T08:18:48+00:00 Takashi Sakamoto o-takashi@sakamocchi.jp 2026-01-17T14:28:22+00:00 urn:sha1:6b617317e5bc95e9962a712314ae0c4b7a4d5cc3 In the IEC 61883-1/6 packet streaming engine, the isochronous context header stores CIP headers. Previously, the header storage was limited to PAGE_SIZE, which constrained the maximum PCM buffer size. There is a function with configurable header size. Now the limitation is removed. Link: https://lore.kernel.org/r/20260117142823.440811-10-o-takashi@sakamocchi.jp Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> 2025-12-13T04:09:10+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-13T04:09:10+00:00 urn:sha1:7f3c8f9191254654e6a88cd757ff079dafbd2f0b Pull sound fixes from Takashi Iwai: "The only slightly large change is the enablement of CIX HD-audio controller, which took a bit time to be cooked up, while most of other changes are device-specific small trivial fixes: - Default disablement of the kconfig for decades old pre-release alsa-lib PCM API; it's only the default config value change, so it can't lead to any regressions for the existing setups - Support for CIX HD-audio controller - A few ASoC ACP fixes - Fixes for ASoC cirrus, bcm, wcd, qcom, ak platforms - Trivial hardening for FireWire and USB-audio - HD-audio Intel binding fix and quirks" * tag 'sound-fix-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (30 commits) ALSA: hda/tas2781: Add new quirk for HP new project ALSA: hda: cix-ipbloq: Use modern PM ops ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback ASoC: amd: acp: update tdm channels for specific DAI ASoC: cs35l56: Fix incorrect select SND_SOC_CS35L56_CAL_SYSFS_COMMON ALSA: firewire-motu: add bounds check in put_user loop for DSP events ASoC: cs35l41: Always return 0 when a subsystem ID is found ALSA: uapi: Fix typo in asound.h comment ALSA: Do not build obsolete API ALSA: hda: add CIX IPBLOQ HDA controller support ALSA: hda/core: add addr_offset field for bus address translation ALSA: hda: dt-bindings: add CIX IPBLOQ HDA controller support ALSA: hda/realtek: Add support for ASUS UM3406GA ALSA: hda/realtek: Add support for HP Turbine Laptops ALSA: usb-audio: Initialize status1 to fix uninitialized symbol errors ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() ASoC: cros_ec_codec: Remove unnecessary selection of CRYPTO ASoc: qcom: q6afe: fix bad guard conversion ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) ... 2025-12-09T07:08:02+00:00 Junrui Luo moonafterrain@outlook.com 2025-12-09T05:16:41+00:00 urn:sha1:298e753880b6ea99ac30df34959a7a03b0878eed In the DSP event handling code, a put_user() loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer boundary. Fix by adding a bounds check before put_user(). Suggested-by: Takashi Iwai <tiwai@suse.de> Fixes: 634ec0b2906e ("ALSA: firewire-motu: notify event for parameter change in register DSP model") Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB788112C72AF8A1C8C448B4B8AFA3A@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 2025-12-05T14:25:55+00:00 Junrui Luo moonafterrain@outlook.com 2025-12-03T04:27:03+00:00 urn:sha1:210d77cca3d0494ed30a5c628b20c1d95fa04fb1 The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header size (8 bytes). Fix by using min_t() to clamp the copy size, This ensures we never copy more than the user requested. Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 634ec0b2906e ("ALSA: firewire-motu: notify event for parameter change in register DSP model") Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB78810656377E79E58350D951AFD9A@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 2025-12-04T20:26:36+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-04T20:26:36+00:00 urn:sha1:205f1a0d188658ff3043d91c988378d8a81344c2 Pull firewire updates from Takashi Sakamoto: "This includes two changes for core functions, which affects all use cases of this subsystem: - Handle per-device interoperability quirks Some devices have quirks affecting interoperability. To identify such quirks at an early stages of device detection, the step for reading the configuration ROM contents has been changed. As a side effect, the entire detection process is now performed at the basic transaction speed (S100), without a trial to probe higher supported speeds. With this change, the following devices should now work with fewer issues: - TASCAM FW-1884, FW-1804, and FW-1082 - MOTU Audio Express - Safer removals of host card There was a race condition between host card removal and handling of bus reset events in the workqueue. This appears to be a long standing issue, and recent changes to use more workqueues escalate it. To solve it, a new callback has been added to the 1394 OHCI PCI driver to unregister the interrupt sources and wait for workqueue completions when removing a card instance" * tag 'firewire-updates-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: core: abort pending transactions at card removal firewire: core: add WQ_UNBOUND to alloc_workqueue users firewire: core: clear sources of hardware interrupt at card removal firewire: core: code refactoring to find and pop transaction entry firewire: core: code refactoring to remove transaction entry firewire: core: use cleanup function to release cached configuration ROM ALSA: firewire-tascam: reserve resources for transferred isochronous packets at S400 firewire: core: handle device quirk of TASCAM FW-1884/FW-1804/FW-1082 firewire: core: determine transaction speed after detecting quirks firewire: core: code refactoring to compute transaction speed firewire: core: handle device quirk of MOTU Audio Express firewire: core: detect device quirk when reading configuration ROM