On Tue, 09 Jun 2020 13:47:33 +0200, Christoph Hellwig wrote:
Alex, can you try this patch?
Also could you check whether just papering over the memset() call alone avoids the crash like below? For PulseAudio and dmix/dsnoop, it's the only code path that accesses the vmapped buffer, I believe.
If this works more or less, I'll cook a more comprehensive fix.
thanks,
Takashi
--- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -754,9 +754,11 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, while (runtime->boundary * 2 <= LONG_MAX - runtime->buffer_size) runtime->boundary *= 2;
+#if 0 /* clear the buffer for avoiding possible kernel info leaks */ if (runtime->dma_area && !substream->ops->copy_user) memset(runtime->dma_area, 0, runtime->dma_bytes); +#endif
snd_pcm_timer_resolution_change(substream); snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);