On Mon, 04 Sep 2023 20:10:45 +0200, Ash Holland wrote:
Hello,
I upgraded to Linux 6.5 and found that my MIDI-input application no longer works, and causes an oops when I launch it.
The application can be found at https://github.com/sersorrel/lp; `cargo run` is enough to cause the oops, though it has many undocumented dependencies, sorry (including a Novation Launchpad Mini Mk3). Once the oops occurs, it seems like it can still send MIDI to the Launchpad (i.e. display things on it), but input from the Launchpad doesn't work. I use NixOS with minimally-altered kernel configuration (blacklisted r8152 module and `amdgpu.reset_method=4` parameter), and was happily using kernel 6.4.9 or so before upgrading to 6.5.
I bisected this to:
commit f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0 Author: Takashi Iwai tiwai@suse.de Date: 2023-05-23 09:53:38 +0200
ALSA: seq: Clear padded bytes at expanding events There can be a small memory hole that may not be cleared at expanding an event with the variable length type. Make sure to clear it. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-18-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>#regzbot introduced: f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0
I guess the problematic part is the `memset(buf + len, 0, newlen - len)`, which tries to memset a buffer that can be allocated in userspace.
Yes, that was a bad change. Could you try the fix below?
thanks,
Takashi
-- 8< -- --- a/sound/core/seq/seq_memory.c +++ b/sound/core/seq/seq_memory.c @@ -187,8 +187,12 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char err = expand_var_event(event, 0, len, buf, in_kernel); if (err < 0) return err; - if (len != newlen) - memset(buf + len, 0, newlen - len); + if (len != newlen) { + if (in_kernel) + memset(buf + len, 0, newlen - len); + else + clear_user((__force void __user *)buf + len, newlen - len); + } return newlen; } EXPORT_SYMBOL(snd_seq_expand_var_event);