Re: [PATCH v4] usb: gadget: f_fs: try to fix AIO issue under ARM 64 bit TAGGED mode

From: Macpaul Lin
Date: Sat Feb 29 2020 - 22:21:34 EST

Next message: Finn Thain: "Re: [PATCH v2 06/18] m68k: Replace setup_irq() by request_irq()"
Previous message: Marcel Holtmann: "Re: [PATCH v1] Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome"
In reply to: Catalin Marinas: "Re: [PATCH v4] usb: gadget: f_fs: try to fix AIO issue under ARM 64 bit TAGGED mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2020-02-28 at 16:48 +0000, Catalin Marinas wrote:
> On Wed, Feb 26, 2020 at 08:01:52PM +0800, Macpaul Lin wrote:
> > diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
> > index ce1d023..192935f 100644
> > --- a/drivers/usb/gadget/function/f_fs.c
> > +++ b/drivers/usb/gadget/function/f_fs.c
> > @@ -715,7 +715,20 @@ static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
> >
> > static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
> > {
> > - ssize_t ret = copy_to_iter(data, data_len, iter);
> > + ssize_t ret;
> > +
> > +#if defined(CONFIG_ARM64)
> > + /*
> > + * Replace tagged address passed by user space application before
> > + * copying.
> > + */
> > + if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI) &&
> > + (iter->type == ITER_IOVEC)) {
> > + *(unsigned long *)&iter->iov->iov_base =
> > + (unsigned long)untagged_addr(iter->iov->iov_base);
> > + }
> > +#endif
> > + ret = copy_to_iter(data, data_len, iter);
> > if (likely(ret == data_len))
> > return ret;
>
> I had forgotten that we discussed a similar case already a few months
> ago (thanks to Evgenii for pointing out). Do you have this commit
> applied to your tree: df325e05a682 ("arm64: Validate tagged addresses in
> access_ok() called from kernel threads")?
>

Yes! We have that patch. I've also got Google's reply about referencing
this patch in android kernel tree.
https://android-review.googlesource.com/c/kernel/common/+/1186615

However, during my debugging process, I've dumped specific length (e.g.,
24 bytes for the first request) AIO request buffer address both in adbd
and in __range_ok(). Then I've found __range_ok() still always return
false on address begin with "0x3c". Since untagged_addr() already called
in __range_ok(), to set "TIF_TAGGED_ADDR" with adbd's user space buffer
should be the possible solution. Hence I've send the v3 patch.

Anyway, I've found that to disable TAGGED address in adbd is possible by
this way and will report to Google and see how they think.

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 9e02e89ab..b2f6f8e3f 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -317,6 +317,8 @@ int main(int argc, char** argv) {
mallopt(M_DECAY_TIME, 1);
#endif

+ prctl(PR_SET_TAGGED_ADDR_CTRL, ~PR_TAGGED_ADDR_ENABLE, 0, 0, 0);
+
while (true) {
static struct option opts[] = {
{"root_seclabel", required_argument, nullptr, 's'},

Many thanks!
Macpaul Lin

Next message: Finn Thain: "Re: [PATCH v2 06/18] m68k: Replace setup_irq() by request_irq()"
Previous message: Marcel Holtmann: "Re: [PATCH v1] Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome"
In reply to: Catalin Marinas: "Re: [PATCH v4] usb: gadget: f_fs: try to fix AIO issue under ARM 64 bit TAGGED mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]