Excerpt from the report: The exact same fixup code is being used for copy_to_user and copy_from_user.
For the copy_from_user case we want to zero the rest of the kernel destination buffer when we hit a pagefault reading from user space. However, for the copy_to_user case we most definitely don't want to write zeros in the destination buffer when we hit a pagefault writing to user space! I get unhandled pagefaults here, when copy_to_user is called: 0xffffffc00073c638 <+8920>: strb wzr, [x6],#1 0xffffffc00073c63c <+8924>: subs x2, x2, #0x1 0xffffffc00073c640 <+8928>: b.ne 0xffffffc00073c638 <__hyp_text_end+8920> 0xffffffc00073c644 <+8932>: ret I would suggest re-working the fixup path and testing both fixup paths thoroughly by placing the system under memory pressure and confirming that they are both "hit". ** Summary changed: - arm64: optimized copy_to_user and copy_from_user assembly code patch causing unhandled pagefaults + Revert arm64: optimized copy_to_user and copy_from_user assembly code -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1398596 Title: Revert arm64: optimized copy_to_user and copy_from_user assembly code To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1398596/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
