kernel-packages team mailing list archive

[Craig Magina <1398596@xxxxxxxxxxxxxxxxxx>]

Excerpt from the report:

The exact same fixup code is being used for copy_to_user and
copy_from_user.

For the copy_from_user case we want to zero the rest of the kernel
destination buffer when we hit a pagefault reading from user space.

However, for the copy_to_user case we most definitely don't want to
write zeros in the destination buffer when we hit a pagefault writing
to user space! I get unhandled pagefaults here, when copy_to_user is
called:

   0xffffffc00073c638 <+8920>:  strb    wzr, [x6],#1
   0xffffffc00073c63c <+8924>:  subs    x2, x2, #0x1
   0xffffffc00073c640 <+8928>:  b.ne    0xffffffc00073c638 <__hyp_text_end+8920>
   0xffffffc00073c644 <+8932>:  ret

I would suggest re-working the fixup path and testing both fixup paths
thoroughly by placing the system under memory pressure and confirming
that they are both "hit".

** Summary changed:

- arm64: optimized copy_to_user and copy_from_user assembly code patch causing unhandled pagefaults
+ Revert arm64: optimized copy_to_user and copy_from_user assembly code

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1398596

Title:
  Revert arm64: optimized copy_to_user and copy_from_user assembly code

Status in linux package in Ubuntu:
  New

Bug description:
  The initial report of the issue can be found here:

  http://www.spinics.net/lists/arm-kernel/msg381811.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1398596/+subscriptions