Re: Data corruption on i.MX6 IPU in arm_copy_from_user()

From: Russell King (Oracle)
Date: Wed May 26 2021 - 09:19:05 EST


On Wed, May 26, 2021 at 02:29:07PM +0200, Krzysztof Hałasa wrote:
> "Russell King (Oracle)" <linux@xxxxxxxxxxxxxxx> writes:
>
> > Surely someone is not using copy_*_user() to copy data from userspace
> > direct to MMIO space... that would be crazy.
>
> No, it's the other way around: reading MMIO mapped to userspace (mmap
> on /dev/mem) and copying it to simple kernel buffer (e.g. pipe buffer).
> I.e., the MMIO is the userspace here (thus copy_from_user()).

Ah. I think we assume copy_from_user() will be used on memory only and
not device mappings.

In any case, looking at the architecture reference manual, LDM is
permitted on device and strongly ordered mappings, and the memory
subsystem is required to decompose it into a series of 32-bit accesses.
So, it sounds to me like there could be a hardware bug in the buses/IPU
causing this.

Can you try using LDM directly inside the kernel and seeing what effect
it has when reading the IPU? A simple test module should be sufficient.
I suspect it'll show the same thing - basically, that using LDM to the
IPU is broken.

Thanks.

--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!