From: Takashi Iwai <tiwai@suse.de>
To: Maoyi Xie <maoyixie.tju@gmail.com>
Cc: Takashi Iwai <tiwai@suse.de>, Jaroslav Kysela <perex@perex.cz>,
linux-sound@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/2] ALSA: avoid past-the-end iterators in timer/seq port registration
Date: Tue, 19 May 2026 07:39:28 +0200 [thread overview]
Message-ID: <87cxys3qlr.wl-tiwai@suse.de> (raw)
In-Reply-To: <20260518194023.1667857-1-maoyixie.tju@gmail.com>
On Mon, 18 May 2026 21:40:21 +0200,
Maoyi Xie wrote:
>
> Two fixes in sound/core that remove past-the-end iterator
> use of the shape
>
> list_for_each_entry(iter, head, member) {
> if (...) break;
> }
> list_add_tail(&new, &iter->member);
>
> When the loop walks all entries without break, iter is past
> the end and &iter->member aliases the list head via
> container_of offset cancellation. The insert lands at the
> list tail, which is the intended behaviour, but the access
> is undefined per C11.
>
> Takashi Iwai confirmed on the inquiry thread that both sites
> are bugs introduced by commit 9244b2c3079f ("[ALSA] alsa core:
> convert to list_for_each_entry*"). The original list_for_each()
> loop terminated at the list head; the conversion to
> list_for_each_entry() left the post-loop access using the
> container struct, which aliases the head via offset
> cancellation.
>
> The patched code tracks an explicit insert_before pointer
> initialised to the list head and overwritten to &iter->member
> only when the loop breaks early. Observable behaviour is
> unchanged.
>
> Inquiry thread:
> https://lore.kernel.org/linux-sound/?q=iterator+used+after+loop+end+in+timer
>
> Maoyi Xie (2):
> ALSA: timer: avoid past-the-end iterator in snd_timer_dev_register()
> ALSA: seq: avoid past-the-end iterator in snd_seq_create_port()
Applied both patches now. Thanks.
Takashi
prev parent reply other threads:[~2026-05-19 5:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 16:00 ALSA: iterator used after loop end in timer/seq port registration? Maoyi Xie
2026-05-18 19:26 ` Takashi Iwai
2026-05-18 19:40 ` [PATCH 0/2] ALSA: avoid past-the-end iterators in timer/seq port registration Maoyi Xie
2026-05-18 19:40 ` [PATCH 1/2] ALSA: timer: avoid past-the-end iterator in snd_timer_dev_register() Maoyi Xie
2026-05-18 19:40 ` [PATCH 2/2] ALSA: seq: avoid past-the-end iterator in snd_seq_create_port() Maoyi Xie
2026-05-19 5:39 ` Takashi Iwai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cxys3qlr.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=maoyixie.tju@gmail.com \
--cc=perex@perex.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.