Hi Gerald, > > Thanks, we were also trying to reproduce on x86, w/o success so far. But > I guess that matches David latest observations wrt to our exception handling > code on s390. > > Good news is that the problem goes away when I add this simple patch, which > should result in proper VM_WRITE check for vma flags, before triggering a > FAULT_FLAG_WRITE fault: > > --- a/arch/s390/mm/fault.c > +++ b/arch/s390/mm/fault.c > @@ -379,7 +379,9 @@ static inline vm_fault_t do_exception(struct pt_regs *regs, int access) > flags = FAULT_FLAG_DEFAULT; > if (user_mode(regs)) > flags |= FAULT_FLAG_USER; > - if (access == VM_WRITE || is_write) > + if (is_write) > + access = VM_WRITE; > + if (access == VM_WRITE) > flags |= FAULT_FLAG_WRITE; > mmap_read_lock(mm); That's what I had in mind, good. > > Still find it a bit hard to believe that this > 10 years old logic really > is/was broken all the time. I guess it simply did not matter for normal > PTE faults, probably because the common fault handling code later would > check itself via maybe_mkwrite(). And for hugetlb PTEs, it might not have > mattered before commit bcd51a3c679d. It is akward, but maybe we never really noticed for hugetlb (not sure how common read-only mappings are after all). > > > > > bcd51a3c679d eliminates the copying of page tables at fork for non-anon > > hugetlb vmas. So, in these tests you would likely see more pte_none() > > faults. > > Yes, makes sense, assuming now that it actually is related to s390 > exception handling code, not checking for VM_WRITE before triggering a > write fault for pte_none(). > > Thanks for checking! And Thanks a lot to David for finding that issue > in s390 exception handling code! Thanks! Looks like adding the WARN_ON_ONCE was the right decision.
