In __do_user_fault the fault address is being compared to TASK_SIZE to find out whether the address lies in the kernel or in user space. Since the fault address is coming from a user it can be tagged.
Untag the pointer before comparing.
Signed-off-by: Andrey Konovalov andreyknvl@google.com --- arch/arm64/mm/fault.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index b8eecc7b9531..89033d992d28 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -313,7 +313,7 @@ static void __do_user_fault(struct siginfo *info, unsigned int esr) * type", so we ignore this wrinkle and just return the translation * fault.) */ - if (current->thread.fault_address >= TASK_SIZE) { + if (untagged_addr(current->thread.fault_address) >= TASK_SIZE) { switch (ESR_ELx_EC(esr)) { case ESR_ELx_EC_DABT_LOW: /*