On Mon, 04 Sep 2023 20:10:45 +0200, Ash Holland wrote: > > Hello, > > I upgraded to Linux 6.5 and found that my MIDI-input application no longer > works, and causes an oops when I launch it. > > The application can be found at https://github.com/sersorrel/lp; `cargo run` is > enough to cause the oops, though it has many undocumented dependencies, sorry > (including a Novation Launchpad Mini Mk3). Once the oops occurs, it seems like > it can still send MIDI to the Launchpad (i.e. display things on it), but input > from the Launchpad doesn't work. I use NixOS with minimally-altered kernel > configuration (blacklisted r8152 module and `amdgpu.reset_method=4` parameter), > and was happily using kernel 6.4.9 or so before upgrading to 6.5. > > I bisected this to: > > commit f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0 > Author: Takashi Iwai <tiwai@xxxxxxx> > Date: 2023-05-23 09:53:38 +0200 > > ALSA: seq: Clear padded bytes at expanding events > > There can be a small memory hole that may not be cleared at expanding > an event with the variable length type. Make sure to clear it. > > Reviewed-by: Jaroslav Kysela <perex@xxxxxxxx> > Link: https://lore.kernel.org/r/20230523075358.9672-18-tiwai@xxxxxxx > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> > > #regzbot introduced: f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0 > > I guess the problematic part is the `memset(buf + len, 0, newlen - len)`, which > tries to memset a buffer that can be allocated in userspace. Yes, that was a bad change. Could you try the fix below? thanks, Takashi -- 8< -- --- a/sound/core/seq/seq_memory.c +++ b/sound/core/seq/seq_memory.c @@ -187,8 +187,12 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char err = expand_var_event(event, 0, len, buf, in_kernel); if (err < 0) return err; - if (len != newlen) - memset(buf + len, 0, newlen - len); + if (len != newlen) { + if (in_kernel) + memset(buf + len, 0, newlen - len); + else + clear_user((__force void __user *)buf + len, newlen - len); + } return newlen; } EXPORT_SYMBOL(snd_seq_expand_var_event);
