Comment 1 for bug 1398596

Excerpt from the report:

The exact same fixup code is being used for copy_to_user and
copy_from_user.

For the copy_from_user case we want to zero the rest of the kernel
destination buffer when we hit a pagefault reading from user space.

However, for the copy_to_user case we most definitely don't want to
write zeros in the destination buffer when we hit a pagefault writing
to user space! I get unhandled pagefaults here, when copy_to_user is
called:

   0xffffffc00073c638 <+8920>: strb wzr, [x6],#1
   0xffffffc00073c63c <+8924>: subs x2, x2, #0x1
   0xffffffc00073c640 <+8928>: b.ne 0xffffffc00073c638 <__hyp_text_end+8920>
   0xffffffc00073c644 <+8932>: ret

I would suggest re-working the fixup path and testing both fixup paths
thoroughly by placing the system under memory pressure and confirming
that they are both "hit".