1. Patchew
  2. linux
  3. View series

[PATCH] ALSA: seq: Remove arbitrary prioq insertion limit

Cássio Gabriel posted 1 patch 2 weeks ago 
sound/core/seq/seq_prioq.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
[PATCH] ALSA: seq: Remove arbitrary prioq insertion limit
Posted by Cássio Gabriel 2 weeks ago 
The sequencer priority queue insertion path uses a hardcoded traversal
limit of 10000 entries.  The value is intended to catch a corrupted list,
but it also becomes a real limit for valid queues.

The event pool limit is per client, while a sequencer queue can be shared
by multiple clients.  A queue can therefore legitimately contain more than
10000 events.  In that case, inserting an event that has to be placed past
the arbitrary limit fails with -EINVAL.

Use the queue's own cell count as the traversal bound instead.  This keeps
the protection against inconsistent list accounting or cyclic lists without
rejecting valid large queues.

Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
---
 sound/core/seq/seq_prioq.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/sound/core/seq/seq_prioq.c b/sound/core/seq/seq_prioq.c
index 25c0ed8f9f0f..d5bad1c585f6 100644
--- a/sound/core/seq/seq_prioq.c
+++ b/sound/core/seq/seq_prioq.c
@@ -132,7 +132,7 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f,
 			  struct snd_seq_event_cell * cell)
 {
 	struct snd_seq_event_cell *cur, *prev;
-	int count;
+	int remaining;
 	int prior;
 
 	if (snd_BUG_ON(!f || !cell))
@@ -162,10 +162,16 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f,
 	prev = NULL;		/* previous cell */
 	cur = f->head;		/* cursor */
 
-	count = 10000; /* FIXME: enough big, isn't it? */
+	remaining = f->cells;
 	while (cur != NULL) {
 		/* compare timestamps */
 		int rel = compare_timestamp_rel(&cell->event, &cur->event);
+
+		if (remaining-- <= 0) {
+			pr_err("ALSA: seq: inconsistent prioq cell count\n");
+			return -EINVAL;
+		}
+
 		if (rel < 0)
 			/* new cell has earlier schedule time, */
 			break;
@@ -176,10 +182,6 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f,
 		/* move cursor to next cell */
 		prev = cur;
 		cur = cur->next;
-		if (! --count) {
-			pr_err("ALSA: seq: cannot find a pointer.. infinite loop?\n");
-			return -EINVAL;
-		}
 	}
 
 	/* insert it before cursor */

---
base-commit: fa16304d1c5086bb8b537dd05d36ea68032228c7
change-id: 20260518-alsa-seq-prioq-limit-a3734e5f0a4b

Best regards,
--  
Cássio Gabriel <cassiogabrielcontato@gmail.com>
Re: [PATCH] ALSA: seq: Remove arbitrary prioq insertion limit
Posted by Takashi Iwai 1 week, 6 days ago 
On Mon, 25 May 2026 16:16:09 +0200,
Cássio Gabriel wrote:
> 
> The sequencer priority queue insertion path uses a hardcoded traversal
> limit of 10000 entries.  The value is intended to catch a corrupted list,
> but it also becomes a real limit for valid queues.
> 
> The event pool limit is per client, while a sequencer queue can be shared
> by multiple clients.  A queue can therefore legitimately contain more than
> 10000 events.  In that case, inserting an event that has to be placed past
> the arbitrary limit fails with -EINVAL.
> 
> Use the queue's own cell count as the traversal bound instead.  This keeps
> the protection against inconsistent list accounting or cyclic lists without
> rejecting valid large queues.
> 
> Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>

Applied to for-next.  Thanks.


Takashi

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.