From ab2695d38f4ffadde05c2275ac68f4aad68ef336 Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.org>
Date: Thu, 14 Mar 2019 10:16:02 +0000
Subject: [PATCH] Fix copy_from_user if BCM2835_FAST_MEMCPY=n

The change which introduced CONFIG_BCM2835_FAST_MEMCPY unconditionally
changed the behaviour of arm_copy_from_user. The page pinning code
is not safe on ARMv7 if LPAE & high memory is enabled and causes
crashes which look like PTE corruption.

Make __copy_from_user_memcpy conditional on CONFIG_2835_FAST_MEMCPY=y
which is really an ARMv6 / Pi1 optimization and not necessary on newer
ARM processors.
---
 arch/arm/lib/uaccess_with_memcpy.c | 6 ++++++
 1 file changed, 6 insertions(+)

--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -257,6 +257,7 @@ arm_copy_to_user(void __user *to, const
 unsigned long __must_check
 arm_copy_from_user(void *to, const void __user *from, unsigned long n)
 {
+#ifdef CONFIG_BCM2835_FAST_MEMCPY
 	/*
 	 * This test is stubbed out of the main function above to keep
 	 * the overhead for small copies low by avoiding a large
@@ -271,6 +272,11 @@ arm_copy_from_user(void *to, const void
 	} else {
 		n = __copy_from_user_memcpy(to, from, n);
 	}
+#else
+	unsigned long ua_flags = uaccess_save_and_enable();
+	n = __copy_from_user_std(to, from, n);
+	uaccess_restore(ua_flags);
+#endif
 	return n;
 }