Re: arm64: copy_from_user access the last page of ddr has problem on 4.14 kernel

From: Will Deacon
Date: Wed Jan 16 2019 - 11:48:26 EST


[I'm due to get on a long flight shortly, so I've added LAKML and a few
others to CC]

On Wed, Jan 16, 2019 at 11:25:15AM +0800, Kassey wrote:
> Hi, Will and team:
>
> we met a issue when copy_from_user to access the last page of DDR
> on 4.14 kenrel, below is the detail steps,
> can you help to suggest if there is know fix or debug something ?
>
> 1. we mmap ( in userspace) a region of phy address that is not
> continous but include the last page of ddr
>
> for example our ddr end is 0x200000000
> the last page is fall in below addr:
> 0x1fffff000 to 0x200000000
>
> 2. we using copy_from_user to copy these mmap address to kernel buffer
>
> 3. and we find everytime when trying to copy_from_user the last page
> in phy of ddr,
> the dst kernel buffer is looks overwrite by some same patten start
> with "mmap" in this last page ,but the src in the last page of ddr is
> still correct.
>
> is there any know issue for copy_from_user to accces the last page of
> phy ddr mmaped by userspace ?

Not that I'm aware of. Are you using defconfig and can you reproduce the
problem with mainline (e.g. v5.0-rc2)? What exactly do you mean by:

"the fst kernel buffer is looks overwrite by some same patten start with
"mmap""?

Does the copy_from_user fail (what does it return?) or does it succeed but
the data copied appears to be junk? Is it deterministic? Could you share an
example of what the corrupted data looks like, please?

Cheers,

Will