On Fri, May 08, 2026 at 04:55:21PM +0100, Kiryl Shutsemau (Meta) wrote: > Wire the fault side of read-write protection tracking and turn the > userspace interface on. > > An RWP-protected PTE is PAGE_NONE with the uffd bit set. The > PROT_NONE triggers a fault on any access; the uffd bit distinguishes > it from plain mprotect(PROT_NONE) or NUMA hinting. > > Fault dispatch, per level: > > PTE handle_pte_fault() -> do_uffd_rwp() > PMD __handle_mm_fault() -> do_huge_pmd_uffd_rwp() > hugetlb hugetlb_fault() -> hugetlb_handle_userfault() > > The RWP branches gate on userfaultfd_pte_rwp() / userfaultfd_huge_pmd_rwp() > (VM_UFFD_RWP plus the uffd bit) and fall through to do_numa_page() / > do_huge_pmd_numa_page() otherwise. Each delivers a > UFFD_PAGEFAULT_FLAG_RWP message through handle_userfault(); the handler > resolves it with UFFDIO_RWPROTECT clearing MODE_RWP. > > userfaultfd_must_wait() and userfaultfd_huge_must_wait() add matching > protnone+uffd waiters so sync-mode fault handlers block correctly. > > Expose the UAPI: > > UFFDIO_REGISTER_MODE_RWP -> UFFD_API_REGISTER_MODES > UFFD_FEATURE_RWP -> UFFD_API_FEATURES > _UFFDIO_RWPROTECT -> UFFD_API_RANGE_IOCTLS > UFFD_API_RANGE_IOCTLS_BASIC > > UFFD_FEATURE_RWP is masked out at UFFDIO_API time when PROT_NONE is > not available or VM_UFFD_RWP aliases VM_NONE (32-bit), so userspace > never sees an advertised-but-broken feature. > > Works on anonymous, shmem, and hugetlb memory. > > Signed-off-by: Kiryl Shutsemau <[email protected]> > Assisted-by: Claude:claude-opus-4-6
A small nit below, other than that Reviewed-by: Mike Rapoport (Microsoft) <[email protected]> > @@ -347,6 +359,14 @@ static inline bool userfaultfd_must_wait(struct > userfaultfd_ctx *ctx, > */ > if (!pte_write(ptent) && (reason & VM_UFFD_WP)) > goto out; > + /* > + * PTE is still RW-protected (protnone with uffd bit), wait for > + * userspace to resolve. Plain PROT_NONE without the marker is not > + * an RWP fault. > + */ > + if (pte_protnone(ptent) && pte_uffd(ptent) && > + (reason & VM_UFFD_RWP)) Nit: this fits even in 80-chars line > + goto out; > > ret = false; > out: -- Sincerely yours, Mike.
