On Sat, 3 Feb 2024 at 13:56, Jiaxun Yang <jiaxun.yang@xxxxxxxxxxx> wrote: > > Given that exception_ip is guarded by !user_mode(regs), EPC must points > to a kernel text address. There is no way accessing kernel text will generate such > exception.. Sadly, that's not actually likely true. The thing is, the only reason for the code in get_mmap_lock_carefully() is for kernel bugs. IOW, some kernel bug with a wild pointer, and we do not want to deadlock on the mm semaphore, we want to get back to the fault handler and it should report an oops. ... and one of the "wild pointers" might in fact be the instruction pointer, in case we've branched through a NULL function pointer or similar. IOW, the exception *source* might be the instruction pointer itself. So I realy think that MIPS needs to have some kind of "safe kernel exception pointer" helper. One that is guaranteed not to fault when evaluating the exception pointer. Assuming the kernel itself is never built with MIPS16e instructions, maybe that's a safe assumption thanks to the "get_isa16_mode()" check of EPC. But all of this makes me nervous. Linus