• Takashi Iwai's avatar
    ALSA: control: Fix racy management of user ctl memory size account · 998f26f4
    Takashi Iwai authored
    We've got a report about the possible race in the user control element
    counts (card->user_ctl_count), and it was confirmed that the race
    wasn't serious in the old code up to 5.12.  There, the value
    modification itself was exclusive and protected via a write semaphore,
    hence it's at most concurrent reads and evaluations before the
    increment.  Since it's only about the soft-limit to avoid the
    exhausting memory usage, one-off isn't a big problem at all.
    
    Meanwhile, the relevant code has been largely modified recently, and
    now card->user_ctl_count was replaced with card->user_ctl_alloc_size,
    and a few more places were added to access this field.  And, in this
    new code, it turned out to be more serious: the modifications are
    scattered in various places, and a few of them are without protection.
    It implies that it may lead to an inconsistent value by racy
    accesses.
    
    For addressing it, this patch extends the range covered by the
    card->controls_rw...
    998f26f4
control.c 60.2 KB