On Sun, Feb 08, 2026 at 12:13:45PM +0200, Mike Rapoport wrote:
> Hi Peter,
>
> On Mon, Feb 02, 2026 at 04:36:40PM -0500, Peter Xu wrote:
> > On Tue, Jan 27, 2026 at 09:29:26PM +0200, Mike Rapoport wrote:
> > > From: "Mike Rapoport (Microsoft)" <[email protected]>
> > >
> > > Current userfaultfd implementation works only with memory managed by
> > > core MM: anonymous, shmem and hugetlb.
> > >
> > > First, there is no fundamental reason to limit userfaultfd support only
> > > to the core memory types and userfaults can be handled similarly to
> > > regular page faults provided a VMA owner implements appropriate
> > > callbacks.
> > >
> > > Second, historically various code paths were conditioned on
> > > vma_is_anonymous(), vma_is_shmem() and is_vm_hugetlb_page() and some of
> > > these conditions can be expressed as operations implemented by a
> > > particular memory type.
> > >
> > > Introduce vm_uffd_ops extension to vm_operations_struct that will
> > > delegate memory type specific operations to a VMA owner.
> > >
> > > Operations for anonymous memory are handled internally in userfaultfd
> > > using anon_uffd_ops that implicitly assigned to anonymous VMAs.
> > >
> > > Start with a single operation, ->can_userfault() that will verify that a
> > > VMA meets requirements for userfaultfd support at registration time.
> > >
> > > Implement that method for anonymous, shmem and hugetlb and move relevant
> > > parts of vma_can_userfault() into the new callbacks.
> > >
> > > Signed-off-by: Mike Rapoport (Microsoft) <[email protected]>
> > > ---
> > > include/linux/mm.h | 5 +++++
> > > include/linux/userfaultfd_k.h | 6 +++++
> > > mm/hugetlb.c | 21 ++++++++++++++++++
> > > mm/shmem.c | 23 ++++++++++++++++++++
> > > mm/userfaultfd.c | 41 ++++++++++++++++++++++-------------
> > > 5 files changed, 81 insertions(+), 15 deletions(-)
> > >
> > > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > > index 15076261d0c2..3c2caff646c3 100644
> > > --- a/include/linux/mm.h
> > > +++ b/include/linux/mm.h
> > > @@ -732,6 +732,8 @@ struct vm_fault {
> > > */
> > > };
> > >
> > > +struct vm_uffd_ops;
> > > +
> > > /*
> > > * These are the virtual MM functions - opening of an area, closing and
> > > * unmapping it (needed to keep files on disk up-to-date etc), pointer
> > > @@ -817,6 +819,9 @@ struct vm_operations_struct {
> > > struct page *(*find_normal_page)(struct vm_area_struct *vma,
> > > unsigned long addr);
> > > #endif /* CONFIG_FIND_NORMAL_PAGE */
> > > +#ifdef CONFIG_USERFAULTFD
> > > + const struct vm_uffd_ops *uffd_ops;
> > > +#endif
> > > };
> > >
> > > #ifdef CONFIG_NUMA_BALANCING
> > > diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
> > > index a49cf750e803..56e85ab166c7 100644
> > > --- a/include/linux/userfaultfd_k.h
> > > +++ b/include/linux/userfaultfd_k.h
> > > @@ -80,6 +80,12 @@ struct userfaultfd_ctx {
> > >
> > > extern vm_fault_t handle_userfault(struct vm_fault *vmf, unsigned long
> > > reason);
> > >
> > > +/* VMA userfaultfd operations */
> > > +struct vm_uffd_ops {
> > > + /* Checks if a VMA can support userfaultfd */
> > > + bool (*can_userfault)(struct vm_area_struct *vma, vm_flags_t vm_flags);
> > > +};
> > > +
> > > /* A combined operation mode + behavior flags. */
> > > typedef unsigned int __bitwise uffd_flags_t;
> > >
> > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> > > index 51273baec9e5..909131910c43 100644
> > > --- a/mm/hugetlb.c
> > > +++ b/mm/hugetlb.c
> > > @@ -4797,6 +4797,24 @@ static vm_fault_t hugetlb_vm_op_fault(struct
> > > vm_fault *vmf)
> > > return 0;
> > > }
> > >
> > > +#ifdef CONFIG_USERFAULTFD
> > > +static bool hugetlb_can_userfault(struct vm_area_struct *vma,
> > > + vm_flags_t vm_flags)
> > > +{
> > > + /*
> > > + * If user requested uffd-wp but not enabled pte markers for
> > > + * uffd-wp, then hugetlb is not supported.
> > > + */
> > > + if (!uffd_supports_wp_marker() && (vm_flags & VM_UFFD_WP))
> > > + return false;
> >
> > IMHO we don't need to dup this for every vm_uffd_ops driver. It might be
> > unnecessary to even make driver be aware how pte marker plays the role
> > here, because pte markers are needed for all page cache file systems
> > anyway. There should have no outliers. Instead we can just let
> > can_userfault() report whether the driver generically supports userfaultfd,
> > leaving the detail checks for core mm.
> >
> > I understand you wanted to also make anon to be a driver, so this line
> > won't apply to anon. However IMHO anon is special enough so we can still
> > make this in the generic path.
>
> Well, the idea is to drop all vma_is*() in can_userfault(). And maybe
> eventually in entire mm/userfaultfd.c
>
> If all page cache filesystems need this, something like this should work,
> right?
>
> if (!uffd_supports_wp_marker() && (vma->vm_flags & VM_SHARED) &&
> (vm_flags & VM_UFFD_WP))
> return false;
Sorry for a late response.
IIUC we can't check against VM_SHARED, because we need pte markers also for
MAP_PRIVATE on file mappings.
The need of pte markers come from the fact that the vma has a page cache
backing it, rather than whether it's a shared or private mapping. Consider
if a file mapping vma + MAP_PRIVATE, if we wr-protect the vma with nothing
populated, we want to still get notified whenever there's a write.
So the original check should be good.
I'm fine with most of the rest comments in this series I left and I'm OK if
you prefer settle things down first. For this one, I still want to see if
we can move this to uffd core code.
The whole point is I want to have zero info leaked about pte marker into
module ops.
For that, IMHO it'll be fine we use one vma_is_anonymous() is uffd core
code once.
Actually, I don't think uffd core can get rid of handling anon specially.
With this series applied, mfill_atomic_pte_copy() will still need to
hard-code anon processing on MAP_PRIVATE and I don't think it can go away..
mfill_atomic_pte_copy():
if (!(state->vma->vm_flags & VM_SHARED))
ops = &anon_uffd_ops;
IMHO using vma_is_anonymous() for one more time should be better than
leaking pte marker whole concept to modules. So the driver should only
report if the driver supports UFFD_WP in general. It shouldn't care about
anything the core mm would already do otherwise, including this one on
"whether system config / arch has globally enabled pte markers" and the
relation between that config and the WP feature impl details.
Thanks,
--
Peter Xu
