This is a note to let you know that I've just added the patch titled
Revert "ALSA: usb-audio: purge needless variable length array"
to the 4.11-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
revert-alsa-usb-audio-purge-needless-variable-length-array.patch
and it can be found in the queue-4.11 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 64188cfbe5245d412de2139a3864e4e00b4136f0 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@xxxxxxx>
Date: Tue, 30 May 2017 09:23:41 +0200
Subject: Revert "ALSA: usb-audio: purge needless variable length array"
From: Takashi Iwai <tiwai@xxxxxxx>
commit 64188cfbe5245d412de2139a3864e4e00b4136f0 upstream.
This reverts commit 89b593c30e83 ("ALSA: usb-audio: purge needless
variable length array"). The patch turned out to cause a severe
regression, triggering an Oops at snd_usb_ctl_msg(). It was overseen
that snd_usb_ctl_msg() writes back the response to the given buffer,
while the patch changed it to a read-only const buffer. (One should
always double-check when an extra pointer cast is present...)
As a simple fix, just revert the affected commit. It was merely a
cleanup. Although it brings VLA again, it's clearer as a fix. We'll
address the VLA later in another patch.
Fixes: 89b593c30e83 ("ALSA: usb-audio: purge needless variable length array")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195875
Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
sound/usb/mixer_us16x08.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/sound/usb/mixer_us16x08.c
+++ b/sound/usb/mixer_us16x08.c
@@ -698,12 +698,12 @@ static int snd_us16x08_meter_get(struct
struct snd_usb_audio *chip = elem->head.mixer->chip;
struct snd_us16x08_meter_store *store = elem->private_data;
u8 meter_urb[64];
- char tmp[sizeof(mix_init_msg2)] = {0};
+ char tmp[max(sizeof(mix_init_msg1), sizeof(mix_init_msg2))];
switch (kcontrol->private_value) {
case 0:
- snd_us16x08_send_urb(chip, (char *)mix_init_msg1,
- sizeof(mix_init_msg1));
+ memcpy(tmp, mix_init_msg1, sizeof(mix_init_msg1));
+ snd_us16x08_send_urb(chip, tmp, 4);
snd_us16x08_recv_urb(chip, meter_urb,
sizeof(meter_urb));
kcontrol->private_value++;
@@ -721,7 +721,7 @@ static int snd_us16x08_meter_get(struct
case 3:
memcpy(tmp, mix_init_msg2, sizeof(mix_init_msg2));
tmp[2] = snd_get_meter_comp_index(store);
- snd_us16x08_send_urb(chip, tmp, sizeof(mix_init_msg2));
+ snd_us16x08_send_urb(chip, tmp, 10);
snd_us16x08_recv_urb(chip, meter_urb,
sizeof(meter_urb));
kcontrol->private_value = 0;
Patches currently in stable-queue which might be from tiwai@xxxxxxx are
queue-4.11/revert-alsa-usb-audio-purge-needless-variable-length-array.patch
queue-4.11/alsa-hda-apply-stac_9200_dell_m22-quirk-for-dell-latitude-d430.patch
queue-4.11/alsa-hda-no-loopback-on-alc299-codec.patch
queue-4.11/alsa-usb-fix-a-typo-in-tascam-us-16x08-mixer-element.patch