__do_page_fault() calls kprobe_page_fault without setting
current->thread.trap_nr first.
Hence, kprobe_page_fault is called with a stale trapnr.

Set current->thread.trap_nr before calling kprobe_page_fault.

Signed-off-by: Lorenz Hetterich <lorenz.hetterich@cispa.de>
---
 arch/loongarch/mm/fault.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/loongarch/mm/fault.c b/arch/loongarch/mm/fault.c
index 2c93d33356e5..c7703bdec4fc 100644
--- a/arch/loongarch/mm/fault.c
+++ b/arch/loongarch/mm/fault.c
@@ -182,6 +182,7 @@ static void __kprobes __do_page_fault(struct pt_regs *regs,
 	struct vm_area_struct *vma = NULL;
 	vm_fault_t fault;
 
+	current->thread.trap_nr = read_csr_excode();
 	if (kprobe_page_fault(regs, current->thread.trap_nr))
 		return;
 
-- 
2.43.0

Hi, Lorenz,

On Wed, Mar 18, 2026 at 11:18 PM Lorenz Hetterich
<lorenz.hetterich@cispa.de> wrote:
>
> __do_page_fault() calls kprobe_page_fault without setting
> current->thread.trap_nr first.
> Hence, kprobe_page_fault is called with a stale trapnr.
>
> Set current->thread.trap_nr before calling kprobe_page_fault.
>
> Signed-off-by: Lorenz Hetterich <lorenz.hetterich@cispa.de>
> ---
>  arch/loongarch/mm/fault.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/arch/loongarch/mm/fault.c b/arch/loongarch/mm/fault.c
> index 2c93d33356e5..c7703bdec4fc 100644
> --- a/arch/loongarch/mm/fault.c
> +++ b/arch/loongarch/mm/fault.c
> @@ -182,6 +182,7 @@ static void __kprobes __do_page_fault(struct pt_regs *regs,
>         struct vm_area_struct *vma = NULL;
>         vm_fault_t fault;
>
> +       current->thread.trap_nr = read_csr_excode();
>         if (kprobe_page_fault(regs, current->thread.trap_nr))
>                 return;
kprobe_page_fault() doesn't really use trap_nr, but this doesn't mean
this patch is useless, at least the second patch need this one.

But you can remove "current->thread.trap_nr = read_csr_excode()" in
do_sigbus() and do_sigsegv() at the same time.


Huacai

>
> --
> 2.43.0
>