add Fixes: of what is selected so far

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

3 files changed, 165 insertions, 0 deletions

diff --git a/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch b/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch
new file mode 100644
index 0000000..a78102e
--- /dev/null
+++ b/queue/ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch
@@ -0,0 +1,76 @@
+From 7e05e996f77c02365f72cf8a4f023d1d8d6d67a2 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 18 Dec 2017 23:36:57 +0100
+Subject: [PATCH] ALSA: usb-audio: Fix the missing ctl name suffix at parsing
+ SU
+
+commit 5a15f289ee87eaf33f13f08a4909ec99d837ec5f upstream.
+
+The commit 89b89d121ffc ("ALSA: usb-audio: Add check return value for
+usb_string()") added the check of the return value from
+snd_usb_copy_string_desc(), which is correct per se, but it introduced
+a regression.  In the original code, either the "Clock Source",
+"Playback Source" or "Capture Source" suffix is added after the
+terminal string, while the commit changed it to add the suffix only
+when get_term_name() is failing.  It ended up with an incorrect ctl
+name like "PCM" instead of "PCM Capture Source".
+
+Also, even the original code has a similar bug: when the ctl name is
+generated from snd_usb_copy_string_desc() for the given iSelector, it
+also doesn't put the suffix.
+
+This patch addresses these issues: the suffix is added always when no
+static mapping is found.  Also the patch tries to put more comments
+and cleans up the if/else block for better readability in order to
+avoid the same pitfall again.
+
+Fixes: 89b89d121ffc ("ALSA: usb-audio: Add check return value for usb_string()")
+Reported-and-tested-by: Mauro Santos <registo.mailling@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
+diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
+index 6c36ff411ad0..a09d519c106e 100644
+--- a/sound/usb/mixer.c
++++ b/sound/usb/mixer.c
+@@ -2167,20 +2167,25 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid,
+ 	kctl->private_value = (unsigned long)namelist;
+ 	kctl->private_free = usb_mixer_selector_elem_free;
+ 
+-	nameid = uac_selector_unit_iSelector(desc);
++	/* check the static mapping table at first */
+ 	len = check_mapped_name(map, kctl->id.name, sizeof(kctl->id.name));
+-	if (len)
+-		;
+-	else if (nameid)
+-		len = snd_usb_copy_string_desc(state, nameid, kctl->id.name,
+-					 sizeof(kctl->id.name));
+-	else
+-		len = get_term_name(state, &state->oterm,
+-				    kctl->id.name, sizeof(kctl->id.name), 0);
+-
+ 	if (!len) {
+-		strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name));
++		/* no mapping ? */
++		/* if iSelector is given, use it */
++		nameid = uac_selector_unit_iSelector(desc);
++		if (nameid)
++			len = snd_usb_copy_string_desc(state, nameid,
++						       kctl->id.name,
++						       sizeof(kctl->id.name));
++		/* ... or pick up the terminal name at next */
++		if (!len)
++			len = get_term_name(state, &state->oterm,
++				    kctl->id.name, sizeof(kctl->id.name), 0);
++		/* ... or use the fixed string "USB" as the last resort */
++		if (!len)
++			strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name));
+ 
++		/* and add the proper suffix */
+ 		if (desc->bDescriptorSubtype == UAC2_CLOCK_SELECTOR)
+ 			append_ctl_name(kctl, " Clock Source");
+ 		else if ((state->oterm.type & 0xff00) == 0x0100)
+-- 
+2.15.0
+
diff --git a/queue/sctp-return-error-if-the-asoc-has-been-peeled-off-in.patch b/queue/sctp-return-error-if-the-asoc-has-been-peeled-off-in.patch
new file mode 100644
index 0000000..6355895
--- /dev/null
+++ b/queue/sctp-return-error-if-the-asoc-has-been-peeled-off-in.patch
@@ -0,0 +1,87 @@
+From 71341cb7552c396229d4cad46bdcff9b94cb8211 Mon Sep 17 00:00:00 2001
+From: Xin Long <lucien.xin@gmail.com>
+Date: Mon, 15 Jan 2018 17:01:36 +0800
+Subject: [PATCH] sctp: return error if the asoc has been peeled off in
+ sctp_wait_for_sndbuf
+
+commit a0ff660058b88d12625a783ce9e5c1371c87951f upstream.
+
+After commit cea0cc80a677 ("sctp: use the right sk after waking up from
+wait_buf sleep"), it may change to lock another sk if the asoc has been
+peeled off in sctp_wait_for_sndbuf.
+
+However, the asoc's new sk could be already closed elsewhere, as it's in
+the sendmsg context of the old sk that can't avoid the new sk's closing.
+If the sk's last one refcnt is held by this asoc, later on after putting
+this asoc, the new sk will be freed, while under it's own lock.
+
+This patch is to revert that commit, but fix the old issue by returning
+error under the old sk's lock.
+
+Fixes: cea0cc80a677 ("sctp: use the right sk after waking up from wait_buf sleep")
+Reported-by: syzbot+ac6ea7baa4432811eb50@syzkaller.appspotmail.com
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
+diff --git a/net/sctp/socket.c b/net/sctp/socket.c
+index 1e77b24088b8..f79df5115dc7 100644
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -84,7 +84,7 @@
+ static int sctp_writeable(struct sock *sk);
+ static void sctp_wfree(struct sk_buff *skb);
+ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
+-				size_t msg_len, struct sock **orig_sk);
++				size_t msg_len);
+ static int sctp_wait_for_packet(struct sock *sk, int *err, long *timeo_p);
+ static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p);
+ static int sctp_wait_for_accept(struct sock *sk, long timeo);
+@@ -1961,7 +1961,7 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
+ 	timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
+ 	if (!sctp_wspace(asoc)) {
+ 		/* sk can be changed by peel off when waiting for buf. */
+-		err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len, &sk);
++		err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
+ 		if (err) {
+ 			if (err == -ESRCH) {
+ 				/* asoc is already dead. */
+@@ -7753,12 +7753,12 @@ void sctp_sock_rfree(struct sk_buff *skb)
+ 
+ /* Helper function to wait for space in the sndbuf.  */
+ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
+-				size_t msg_len, struct sock **orig_sk)
++				size_t msg_len)
+ {
+ 	struct sock *sk = asoc->base.sk;
+-	int err = 0;
+ 	long current_timeo = *timeo_p;
+ 	DEFINE_WAIT(wait);
++	int err = 0;
+ 
+ 	pr_debug("%s: asoc:%p, timeo:%ld, msg_len:%zu\n", __func__, asoc,
+ 		 *timeo_p, msg_len);
+@@ -7898,17 +7898,13 @@ static int sctp_wait_for_connect(struct sctp_association *asoc, long *timeo_p)
+ 		release_sock(sk);
+ 		current_timeo = schedule_timeout(current_timeo);
+ 		lock_sock(sk);
+-		if (sk != asoc->base.sk) {
+-			release_sock(sk);
+-			sk = asoc->base.sk;
+-			lock_sock(sk);
+-		}
++		if (sk != asoc->base.sk)
++			goto do_error;
+ 
+ 		*timeo_p = current_timeo;
+ 	}
+ 
+ out:
+-	*orig_sk = sk;
+ 	finish_wait(&asoc->wait, &wait);
+ 
+ 	/* Release the association's refcnt.  */
+-- 
+2.15.0
+
diff --git a/queue/series b/queue/series
index 9ebca60..9985174 100644
--- a/queue/series
+++ b/queue/series
@@ -40,6 +40,7 @@ ALSA-pcm-prevent-UAF-in-snd_pcm_info.patch
 ALSA-seq-Remove-spurious-WARN_ON-at-timer-check.patch
 ALSA-usb-audio-Fix-out-of-bound-error.patch
 ALSA-usb-audio-Add-check-return-value-for-usb_string.patch
+ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch
 iommu-vt-d-Fix-scatterlist-offset-handling.patch
 smp-hotplug-Move-step-CPUHP_AP_SMPCFD_DYING-to-the-c.patch
 s390-always-save-and-restore-all-registers-on-contex.patch
@@ -82,6 +83,7 @@ zsmalloc-calling-zs_map_object-from-irq-is-a-bug.patch
 slub-fix-sysfs-duplicate-filename-creation-when-slub.patch
 sctp-do-not-free-asoc-when-it-is-already-dead-in-sct.patch
 sctp-use-the-right-sk-after-waking-up-from-wait_buf-.patch
+sctp-return-error-if-the-asoc-has-been-peeled-off-in.patch
 geneve-fix-fill_info-when-link-down.patch
 clk-qcom-common-fix-legacy-board-clock-registration.patch
 clk-uniphier-fix-DAPLL2-clock-rate-of-Pro5.patch