target/linux/brcm2708/patches-4.19/950-0533-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch

   1 From 1f1c37d795048414202d1b097854ebb78df4b1fe Mon Sep 17 00:00:00 2001
   2 From: Tim Gover <tim.gover@raspberrypi.org>
   3 Date: Thu, 14 Mar 2019 10:16:02 +0000
   4 Subject: [PATCH 533/703] Fix copy_from_user if BCM2835_FAST_MEMCPY=n
   5
   6 The change which introduced CONFIG_BCM2835_FAST_MEMCPY unconditionally
   7 changed the behaviour of arm_copy_from_user. The page pinning code
   8 is not safe on ARMv7 if LPAE & high memory is enabled and causes
   9 crashes which look like PTE corruption.
  10
  11 Make __copy_from_user_memcpy conditional on CONFIG_2835_FAST_MEMCPY=y
  12 which is really an ARMv6 / Pi1 optimization and not necessary on newer
  13 ARM processors.
  14 ---
  15  arch/arm/lib/uaccess_with_memcpy.c | 6 ++++++
  16  1 file changed, 6 insertions(+)
  17
  18 --- a/arch/arm/lib/uaccess_with_memcpy.c
  19 +++ b/arch/arm/lib/uaccess_with_memcpy.c
  20 @@ -257,6 +257,7 @@ arm_copy_to_user(void __user *to, const
  21  unsigned long __must_check
  22  arm_copy_from_user(void *to, const void __user *from, unsigned long n)
  23  {
  24 +#ifdef CONFIG_BCM2835_FAST_MEMCPY
  25         /*
  26          * This test is stubbed out of the main function above to keep
  27          * the overhead for small copies low by avoiding a large
  28 @@ -271,6 +272,11 @@ arm_copy_from_user(void *to, const void
  29         } else {
  30                 n = __copy_from_user_memcpy(to, from, n);
  31         }
  32 +#else
  33 +       unsigned long ua_flags = uaccess_save_and_enable();
  34 +       n = __copy_from_user_std(to, from, n);
  35 +       uaccess_restore(ua_flags);
  36 +#endif
  37         return n;
  38  }
  39