X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=target%2Flinux%2Fbrcm2708%2Fpatches-4.19%2F950-0455-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch;fp=target%2Flinux%2Fbrcm2708%2Fpatches-4.19%2F950-0455-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch;h=b06b21404e93786bc32d3c8995179494867d320f;hb=84d555aa74434392b682fd9eb0fa701c89a046d6;hp=0000000000000000000000000000000000000000;hpb=953973c2991e8640549a55df7a0574a1abac8644;p=openwrt%2Fstaging%2Fchunkeey.git

diff --git a/target/linux/brcm2708/patches-4.19/950-0455-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch b/target/linux/brcm2708/patches-4.19/950-0455-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch
new file mode 100644
index 0000000000..b06b21404e
--- /dev/null
+++ b/target/linux/brcm2708/patches-4.19/950-0455-Fix-copy_from_user-if-BCM2835_FAST_MEMCPY-n.patch
@@ -0,0 +1,39 @@
+From ab2695d38f4ffadde05c2275ac68f4aad68ef336 Mon Sep 17 00:00:00 2001
+From: Tim Gover <tim.gover@raspberrypi.org>
+Date: Thu, 14 Mar 2019 10:16:02 +0000
+Subject: [PATCH] Fix copy_from_user if BCM2835_FAST_MEMCPY=n
+
+The change which introduced CONFIG_BCM2835_FAST_MEMCPY unconditionally
+changed the behaviour of arm_copy_from_user. The page pinning code
+is not safe on ARMv7 if LPAE & high memory is enabled and causes
+crashes which look like PTE corruption.
+
+Make __copy_from_user_memcpy conditional on CONFIG_2835_FAST_MEMCPY=y
+which is really an ARMv6 / Pi1 optimization and not necessary on newer
+ARM processors.
+---
+ arch/arm/lib/uaccess_with_memcpy.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/arm/lib/uaccess_with_memcpy.c
++++ b/arch/arm/lib/uaccess_with_memcpy.c
+@@ -257,6 +257,7 @@ arm_copy_to_user(void __user *to, const
+ unsigned long __must_check
+ arm_copy_from_user(void *to, const void __user *from, unsigned long n)
+ {
++#ifdef CONFIG_BCM2835_FAST_MEMCPY
+ 	/*
+ 	 * This test is stubbed out of the main function above to keep
+ 	 * the overhead for small copies low by avoiding a large
+@@ -271,6 +272,11 @@ arm_copy_from_user(void *to, const void
+ 	} else {
+ 		n = __copy_from_user_memcpy(to, from, n);
+ 	}
++#else
++	unsigned long ua_flags = uaccess_save_and_enable();
++	n = __copy_from_user_std(to, from, n);
++	uaccess_restore(ua_flags);
++#endif
+ 	return n;
+ }
+