Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-6.12.y 2026-01-08T09:14:26+00:00 2026-01-08T09:14:26+00:00 Junrui Luo moonafterrain@outlook.com 2025-12-16T10:59:26+00:00 urn:sha1:3139828f6b75552064582e146a3d893a8a0c7c95 [ Upstream commit e11c5c13ce0ab2325d38fe63500be1dd88b81e38 ] Clear substream pointers in close functions to avoid leaving dangling pointers, helping to improve code safety and prevents potential issues. Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881DF762CAB45EE42F6D812AFC2A@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-01-08T09:14:26+00:00 Takashi Iwai tiwai@suse.de 2025-12-16T10:59:25+00:00 urn:sha1:04520b4422fdee5105f067966299c38b3a8805df [ Upstream commit 4b97f8e614ba46a50bd181d40b5a1424411a211a ] Clean up the code using guard() for spin locks. Merely code refactoring, and no behavior change. Signed-off-by: Takashi Iwai <tiwai@suse.de> Link: https://patch.msgid.link/20250829145300.5460-19-tiwai@suse.de Stable-dep-of: e11c5c13ce0a ("ALSA: wavefront: Clear substream pointers on close") Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-12-18T12:55:23+00:00 Junrui Luo moonafterrain@outlook.com 2025-11-06T02:49:46+00:00 urn:sha1:5588b7c86effffa9bb55383a38800649d7b40778 commit 0c4a13ba88594fd4a27292853e736c6b4349823d upstream. The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int for comparison with dev->freemem Fix by using unsigned comparison to avoid integer overflow. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881B47789D1B060CE8BF4C3AFC2A@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-08-08T05:49:46+00:00 Takashi Iwai tiwai@suse.de 2024-08-07T13:34:25+00:00 urn:sha1:8b4ac5429938dd5f1fbf2eea0687f08cbcccb6be Use the standard print API with dev_*() instead of the old house-baked one. It gives better information and allows dynamically control of debug prints. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de> Link: https://patch.msgid.link/20240807133452.9424-36-tiwai@suse.de 2024-05-08T16:17:48+00:00 Takashi Iwai tiwai@suse.de 2024-05-07T13:55:04+00:00 urn:sha1:2e7b8fd6d9bccaa54b7504c3e0a729f0c47765c1 *-objs suffix is reserved rather for (user-space) host programs while usually *-y suffix is used for kernel drivers (although *-objs works for that purpose for now). Let's correct the old usages of *-objs in Makefiles. Signed-off-by: Takashi Iwai <tiwai@suse.de> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20240507135513.14919-5-tiwai@suse.de 2023-11-20T11:38:31+00:00 Philipp Stanner pstanner@redhat.com 2023-11-02T19:03:10+00:00 urn:sha1:5a77457232fa0453da4d3d5a7d530129944aeeb5 wavefront_fx.c utilizes memdup_user() to copy a userspace array. This does not check for an overflow. Use the new wrapper memdup_array_user() to copy the array more safely. Suggested-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Philipp Stanner <pstanner@redhat.com> Link: https://lore.kernel.org/r/20231102190309.50891-2-pstanner@redhat.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 2022-07-04T12:29:27+00:00 Colin Ian King colin.i.king@gmail.com 2022-06-29T10:27:43+00:00 urn:sha1:df98a94ce9c450a1af1193e06add37e601cbf2df Pointer end is being re-assigned the same value as it was initialized with in the previous statement. The re-assignment is redundant and can be removed. Cleans up clang scan-build warning: sound/isa/wavefront/wavefront_synth.c:582:17: warning: Value stored to 'end' during its initialization is never read Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Link: https://lore.kernel.org/r/20220629102744.139673-1-colin.i.king@gmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 2022-05-10T14:26:45+00:00 Takashi Iwai tiwai@suse.de 2022-05-10T10:36:26+00:00 urn:sha1:a34ae6c0660d3b96b0055f68ef74dc9478852245 The antient ISA wavefront driver reads its sample patch data (uploaded over an ioctl) via __get_user() with no good reason; likely just for some performance optimizations in the past. Let's change this to the standard get_user() and the error check for handling the fault case properly. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20220510103626.16635-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2021-07-19T14:17:27+00:00 Takashi Iwai tiwai@suse.de 2021-07-15T07:59:33+00:00 urn:sha1:f082b1ad39ea1e47d1acfec229f10d9b17415b76 This patch converts the resource management in ISA wavefront driver with devres as a clean up. Each manual resource management is converted with the corresponding devres helper. The remove callback became superfluous and dropped. This should give no user-visible functional changes. Link: https://lore.kernel.org/r/20210715075941.23332-72-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2021-06-09T15:29:42+00:00 Takashi Iwai tiwai@suse.de 2021-06-08T14:04:40+00:00 urn:sha1:520226e93e2620e027bde67a75025b3d61916a40 ISA WaveFront driver code contains lots of assignments in if condition, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-7-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>