On Tue, 13 Mar 2018, Laurent Dufour wrote: > diff --git a/include/linux/mm.h b/include/linux/mm.h > index ef6ef0627090..dfa81a638b7c 100644 > --- a/include/linux/mm.h > +++ b/include/linux/mm.h > @@ -359,6 +359,12 @@ struct vm_fault { > * page table to avoid allocation from > * atomic context. > */ > + /* > + * These entries are required when handling speculative page fault. > + * This way the page handling is done using consistent field values. > + */ > + unsigned long vma_flags; > + pgprot_t vma_page_prot; > }; > > /* page entry size for vm->huge_fault() */ > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 446427cafa19..f71db2b42b30 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -3717,6 +3717,8 @@ static int hugetlb_no_page(struct mm_struct *mm, struct > vm_area_struct *vma, > .vma = vma, > .address = address, > .flags = flags, > + .vma_flags = vma->vm_flags, > + .vma_page_prot = vma->vm_page_prot, > /* > * Hard to debug if it ends up being > * used by a callee that assumes > diff --git a/mm/khugepaged.c b/mm/khugepaged.c > index 32314e9e48dd..a946d5306160 100644 > --- a/mm/khugepaged.c > +++ b/mm/khugepaged.c > @@ -882,6 +882,8 @@ static bool __collapse_huge_page_swapin(struct mm_struct > *mm, > .flags = FAULT_FLAG_ALLOW_RETRY, > .pmd = pmd, > .pgoff = linear_page_index(vma, address), > + .vma_flags = vma->vm_flags, > + .vma_page_prot = vma->vm_page_prot, > }; > > /* we only decide to swapin, if there is enough young ptes */ > diff --git a/mm/memory.c b/mm/memory.c > index 0200340ef089..46fe92b93682 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -2615,7 +2615,7 @@ static int wp_page_copy(struct vm_fault *vmf) > * Don't let another task, with possibly unlocked vma, > * keep the mlocked page. > */ > - if (page_copied && (vma->vm_flags & VM_LOCKED)) { > + if (page_copied && (vmf->vma_flags & VM_LOCKED)) { > lock_page(old_page); /* LRU manipulation */ > if (PageMlocked(old_page)) > munlock_vma_page(old_page);
Doesn't wp_page_copy() also need to pass this to anon_vma_prepare() so that find_mergeable_anon_vma() works correctly? > @@ -2649,7 +2649,7 @@ static int wp_page_copy(struct vm_fault *vmf) > */ > int finish_mkwrite_fault(struct vm_fault *vmf) > { > - WARN_ON_ONCE(!(vmf->vma->vm_flags & VM_SHARED)); > + WARN_ON_ONCE(!(vmf->vma_flags & VM_SHARED)); > if (!pte_map_lock(vmf)) > return VM_FAULT_RETRY; > /* > @@ -2751,7 +2751,7 @@ static int do_wp_page(struct vm_fault *vmf) > * We should not cow pages in a shared writeable mapping. > * Just mark the pages writable and/or call ops->pfn_mkwrite. > */ > - if ((vma->vm_flags & (VM_WRITE|VM_SHARED)) == > + if ((vmf->vma_flags & (VM_WRITE|VM_SHARED)) == > (VM_WRITE|VM_SHARED)) > return wp_pfn_shared(vmf); > > @@ -2798,7 +2798,7 @@ static int do_wp_page(struct vm_fault *vmf) > return VM_FAULT_WRITE; > } > unlock_page(vmf->page); > - } else if (unlikely((vma->vm_flags & (VM_WRITE|VM_SHARED)) == > + } else if (unlikely((vmf->vma_flags & (VM_WRITE|VM_SHARED)) == > (VM_WRITE|VM_SHARED))) { > return wp_page_shared(vmf); > } > @@ -3067,7 +3067,7 @@ int do_swap_page(struct vm_fault *vmf) > > inc_mm_counter_fast(vma->vm_mm, MM_ANONPAGES); > dec_mm_counter_fast(vma->vm_mm, MM_SWAPENTS); > - pte = mk_pte(page, vma->vm_page_prot); > + pte = mk_pte(page, vmf->vma_page_prot); > if ((vmf->flags & FAULT_FLAG_WRITE) && reuse_swap_page(page, NULL)) { > pte = maybe_mkwrite(pte_mkdirty(pte), vma); > vmf->flags &= ~FAULT_FLAG_WRITE; > @@ -3093,7 +3093,7 @@ int do_swap_page(struct vm_fault *vmf) > > swap_free(entry); > if (mem_cgroup_swap_full(page) || > - (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) > + (vmf->vma_flags & VM_LOCKED) || PageMlocked(page)) > try_to_free_swap(page); > unlock_page(page); > if (page != swapcache && swapcache) { > @@ -3150,7 +3150,7 @@ static int do_anonymous_page(struct vm_fault *vmf) > pte_t entry; > > /* File mapping without ->vm_ops ? */ > - if (vma->vm_flags & VM_SHARED) > + if (vmf->vma_flags & VM_SHARED) > return VM_FAULT_SIGBUS; > > /* > @@ -3174,7 +3174,7 @@ static int do_anonymous_page(struct vm_fault *vmf) > if (!(vmf->flags & FAULT_FLAG_WRITE) && > !mm_forbids_zeropage(vma->vm_mm)) { > entry = pte_mkspecial(pfn_pte(my_zero_pfn(vmf->address), > - vma->vm_page_prot)); > + vmf->vma_page_prot)); > if (!pte_map_lock(vmf)) > return VM_FAULT_RETRY; > if (!pte_none(*vmf->pte)) > @@ -3207,8 +3207,8 @@ static int do_anonymous_page(struct vm_fault *vmf) > */ > __SetPageUptodate(page); > > - entry = mk_pte(page, vma->vm_page_prot); > - if (vma->vm_flags & VM_WRITE) > + entry = mk_pte(page, vmf->vma_page_prot); > + if (vmf->vma_flags & VM_WRITE) > entry = pte_mkwrite(pte_mkdirty(entry)); > > if (!pte_map_lock(vmf)) { > @@ -3404,7 +3404,7 @@ static int do_set_pmd(struct vm_fault *vmf, struct page > *page) > for (i = 0; i < HPAGE_PMD_NR; i++) > flush_icache_page(vma, page + i); > > - entry = mk_huge_pmd(page, vma->vm_page_prot); > + entry = mk_huge_pmd(page, vmf->vma_page_prot); > if (write) > entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma); > > @@ -3478,11 +3478,11 @@ int alloc_set_pte(struct vm_fault *vmf, struct > mem_cgroup *memcg, > return VM_FAULT_NOPAGE; > > flush_icache_page(vma, page); > - entry = mk_pte(page, vma->vm_page_prot); > + entry = mk_pte(page, vmf->vma_page_prot); > if (write) > entry = maybe_mkwrite(pte_mkdirty(entry), vma); > /* copy-on-write page */ > - if (write && !(vma->vm_flags & VM_SHARED)) { > + if (write && !(vmf->vma_flags & VM_SHARED)) { > inc_mm_counter_fast(vma->vm_mm, MM_ANONPAGES); > page_add_new_anon_rmap(page, vma, vmf->address, false); > mem_cgroup_commit_charge(page, memcg, false, false); > @@ -3521,7 +3521,7 @@ int finish_fault(struct vm_fault *vmf) > > /* Did we COW the page? */ > if ((vmf->flags & FAULT_FLAG_WRITE) && > - !(vmf->vma->vm_flags & VM_SHARED)) > + !(vmf->vma_flags & VM_SHARED)) > page = vmf->cow_page; > else > page = vmf->page; > @@ -3775,7 +3775,7 @@ static int do_fault(struct vm_fault *vmf) > ret = VM_FAULT_SIGBUS; > else if (!(vmf->flags & FAULT_FLAG_WRITE)) > ret = do_read_fault(vmf); > - else if (!(vma->vm_flags & VM_SHARED)) > + else if (!(vmf->vma_flags & VM_SHARED)) > ret = do_cow_fault(vmf); > else > ret = do_shared_fault(vmf); > @@ -3832,7 +3832,7 @@ static int do_numa_page(struct vm_fault *vmf) > * accessible ptes, some can allow access by kernel mode. > */ > pte = ptep_modify_prot_start(vma->vm_mm, vmf->address, vmf->pte); > - pte = pte_modify(pte, vma->vm_page_prot); > + pte = pte_modify(pte, vmf->vma_page_prot); > pte = pte_mkyoung(pte); > if (was_writable) > pte = pte_mkwrite(pte); > @@ -3866,7 +3866,7 @@ static int do_numa_page(struct vm_fault *vmf) > * Flag if the page is shared between multiple address spaces. This > * is later used when determining whether to group tasks together > */ > - if (page_mapcount(page) > 1 && (vma->vm_flags & VM_SHARED)) > + if (page_mapcount(page) > 1 && (vmf->vma_flags & VM_SHARED)) > flags |= TNF_SHARED; > > last_cpupid = page_cpupid_last(page); > @@ -3911,7 +3911,7 @@ static inline int wp_huge_pmd(struct vm_fault *vmf, > pmd_t orig_pmd) > return vmf->vma->vm_ops->huge_fault(vmf, PE_SIZE_PMD); > > /* COW handled on pte level: split pmd */ > - VM_BUG_ON_VMA(vmf->vma->vm_flags & VM_SHARED, vmf->vma); > + VM_BUG_ON_VMA(vmf->vma_flags & VM_SHARED, vmf->vma); > __split_huge_pmd(vmf->vma, vmf->pmd, vmf->address, false, NULL); > > return VM_FAULT_FALLBACK; > @@ -4058,6 +4058,8 @@ static int __handle_mm_fault(struct vm_area_struct > *vma, unsigned long address, > .flags = flags, > .pgoff = linear_page_index(vma, address), > .gfp_mask = __get_fault_gfp_mask(vma), > + .vma_flags = vma->vm_flags, > + .vma_page_prot = vma->vm_page_prot, > }; > unsigned int dirty = flags & FAULT_FLAG_WRITE; > struct mm_struct *mm = vma->vm_mm; Don't you also need to do this? diff --git a/include/linux/mm.h b/include/linux/mm.h --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -694,9 +694,9 @@ void free_compound_page(struct page *page); * pte_mkwrite. But get_user_pages can cause write faults for mappings * that do not have writing enabled, when used by access_process_vm. */ -static inline pte_t maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) +static inline pte_t maybe_mkwrite(pte_t pte, unsigned long vma_flags) { - if (likely(vma->vm_flags & VM_WRITE)) + if (likely(vma_flags & VM_WRITE)) pte = pte_mkwrite(pte); return pte; } diff --git a/mm/huge_memory.c b/mm/huge_memory.c --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1195,8 +1195,8 @@ static int do_huge_pmd_wp_page_fallback(struct vm_fault *vmf, pmd_t orig_pmd, for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { pte_t entry; - entry = mk_pte(pages[i], vma->vm_page_prot); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); + entry = mk_pte(pages[i], vmf->vma_page_prot); + entry = maybe_mkwrite(pte_mkdirty(entry), vmf->vma_flags); memcg = (void *)page_private(pages[i]); set_page_private(pages[i], 0); page_add_new_anon_rmap(pages[i], vmf->vma, haddr, false); @@ -2169,7 +2169,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, entry = pte_swp_mksoft_dirty(entry); } else { entry = mk_pte(page + i, READ_ONCE(vma->vm_page_prot)); - entry = maybe_mkwrite(entry, vma); + entry = maybe_mkwrite(entry, vma->vm_flags); if (!write) entry = pte_wrprotect(entry); if (!young) diff --git a/mm/memory.c b/mm/memory.c --- a/mm/memory.c +++ b/mm/memory.c @@ -1826,7 +1826,7 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, out_mkwrite: if (mkwrite) { entry = pte_mkyoung(entry); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); + entry = maybe_mkwrite(pte_mkdirty(entry), vma->vm_flags); } set_pte_at(mm, addr, pte, entry); @@ -2472,7 +2472,7 @@ static inline void wp_page_reuse(struct vm_fault *vmf) flush_cache_page(vma, vmf->address, pte_pfn(vmf->orig_pte)); entry = pte_mkyoung(vmf->orig_pte); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); + entry = maybe_mkwrite(pte_mkdirty(entry), vmf->vma_flags); if (ptep_set_access_flags(vma, vmf->address, vmf->pte, entry, 1)) update_mmu_cache(vma, vmf->address, vmf->pte); pte_unmap_unlock(vmf->pte, vmf->ptl); @@ -2549,8 +2549,8 @@ static int wp_page_copy(struct vm_fault *vmf) inc_mm_counter_fast(mm, MM_ANONPAGES); } flush_cache_page(vma, vmf->address, pte_pfn(vmf->orig_pte)); - entry = mk_pte(new_page, vma->vm_page_prot); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); + entry = mk_pte(new_page, vmf->vma_page_prot); + entry = maybe_mkwrite(pte_mkdirty(entry), vmf->vma_flags); /* * Clear the pte entry and flush it first, before updating the * pte with the new entry. This will avoid a race condition @@ -3069,7 +3069,7 @@ int do_swap_page(struct vm_fault *vmf) dec_mm_counter_fast(vma->vm_mm, MM_SWAPENTS); pte = mk_pte(page, vmf->vma_page_prot); if ((vmf->flags & FAULT_FLAG_WRITE) && reuse_swap_page(page, NULL)) { - pte = maybe_mkwrite(pte_mkdirty(pte), vma); + pte = maybe_mkwrite(pte_mkdirty(pte), vmf->vm_flags); vmf->flags &= ~FAULT_FLAG_WRITE; ret |= VM_FAULT_WRITE; exclusive = RMAP_EXCLUSIVE; @@ -3481,7 +3481,7 @@ int alloc_set_pte(struct vm_fault *vmf, struct mem_cgroup *memcg, flush_icache_page(vma, page); entry = mk_pte(page, vmf->vma_page_prot); if (write) - entry = maybe_mkwrite(pte_mkdirty(entry), vma); + entry = maybe_mkwrite(pte_mkdirty(entry), vmf->vm_flags); /* copy-on-write page */ if (write && !(vmf->vma_flags & VM_SHARED)) { inc_mm_counter_fast(vma->vm_mm, MM_ANONPAGES); diff --git a/mm/migrate.c b/mm/migrate.c --- a/mm/migrate.c +++ b/mm/migrate.c @@ -240,7 +240,7 @@ static bool remove_migration_pte(struct page *page, struct vm_area_struct *vma, */ entry = pte_to_swp_entry(*pvmw.pte); if (is_write_migration_entry(entry)) - pte = maybe_mkwrite(pte, vma); + pte = maybe_mkwrite(pte, vma->vm_flags); if (unlikely(is_zone_device_page(new))) { if (is_device_private_page(new)) {