On Tue, Feb 25, 2020 at 06:41:55PM +0800, Macpaul Lin wrote:
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index ce1d023..728c260 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -35,6 +35,7 @@ #include <linux/mmu_context.h> #include <linux/poll.h> #include <linux/eventfd.h> +#include <linux/thread_info.h> #include "u_fs.h" #include "u_f.h" @@ -826,6 +827,10 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->read && ret > 0) { mm_segment_t oldfs = get_fs(); +#if defined(CONFIG_ARM64)
if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI))
set_thread_flag(TIF_TAGGED_ADDR);
+#endif set_fs(USER_DS); use_mm(io_data->mm); ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
I really don't think that's the correct fix. The TIF_TAGGED_ADDR is a per-thread property and not really compatible with use_mm(). We've had tagged pointers in arm64 user-space since day 0 and access_ok() would have prevented them, so this config is not something new. For some reason, adb now passes them to the kernel (presumably because user-space makes more use of them). If you have strong reasons not to fix it in adb, the next best thing may be to untag the addresses in the usb gadget driver.