Re: [PATCH v2 12/15] mm: generalize handling of userfaults in __do_fault()

[Mike Rapoport <rppt@kernel.org>]

On Thu, Mar 26, 2026 at 06:55:15PM -0700, James Houghton wrote:
> On Fri, Mar 6, 2026 at 9:19 AM Mike Rapoport <rppt@kernel.org> wrote:
> >
> > From: Peter Xu <peterx@redhat.com>
> >
> > When a VMA is registered with userfaulfd, its ->fault()
> > method should check if a folio exists in the page cache and call
> > handle_userfault() with appropriate mode:
> >
> > - VM_UFFD_MINOR if VMA is registered in minor mode and the folio exists
> > - VM_UFFD_MISSING if VMA is registered in missing mode and the folio
> >   does not exist
> >
> > Instead of calling handle_userfault() directly from a specific ->fault()
> > handler, call __do_userfault() helper from the generic __do_fault().
> >
> > For VMAs registered with userfaultfd the new __do_userfault() helper
> > will check if the folio is found in the page cache using
> > vm_uffd_ops->get_folio_noalloc() and call handle_userfault() with the
> > appropriate mode.
> >
> > Make vm_uffd_ops->get_folio_noalloc() required method for non-anonymous
> > VMAs mapped at PTE level.
> >
> > Signed-off-by: Peter Xu <peterx@redhat.com>
> > Co-developed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> > Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> > ---
> >  mm/memory.c      | 43 +++++++++++++++++++++++++++++++++++++++++++
> >  mm/shmem.c       | 12 ------------
> >  mm/userfaultfd.c |  8 ++++++++
> >  3 files changed, 51 insertions(+), 12 deletions(-)
> >
> > diff --git a/mm/memory.c b/mm/memory.c
> > index 07778814b4a8..e2183c44d70b 100644
> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@ -5328,6 +5328,41 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
> >         return VM_FAULT_OOM;
> >  }
> >
> > +#ifdef CONFIG_USERFAULTFD
> > +static vm_fault_t __do_userfault(struct vm_fault *vmf)
> > +{
> > +       struct vm_area_struct *vma = vmf->vma;
> > +       struct inode *inode;
> > +       struct folio *folio;
> > +
> > +       if (!(userfaultfd_missing(vma) || userfaultfd_minor(vma)))
> > +               return 0;
> > +
> > +       inode = file_inode(vma->vm_file);
> > +       folio = vma->vm_ops->uffd_ops->get_folio_noalloc(inode, vmf->pgoff);
> 
> If you do away with the change you made to vma_can_userfault(), please
> add a WARN_ON_ONCE() here if uffd_ops or uffd_ops->get_folio_noalloc
> are not present.
> 
> > +       if (!IS_ERR_OR_NULL(folio)) {
> > +               /*
> > +                * TODO: provide a flag for get_folio_noalloc() to avoid
> > +                * locking (or even the extra reference?)
> > +                */
> 
> I think a whole new op is better than adding a flag. Something like
> uffd_ops->folio_present().

Right now it follows what shmem does, let's keep it as TODO for future
optimizations.
 
> > +               folio_unlock(folio);
> > +               folio_put(folio);
> > +               if (userfaultfd_minor(vma))
> > +                       return handle_userfault(vmf, VM_UFFD_MINOR);
> > +       } else {
> > +               if (userfaultfd_missing(vma))
> > +                       return handle_userfault(vmf, VM_UFFD_MISSING);
> > +       }
> > +
> > +       return 0;
> > +}
> > +#else
> > +static inline vm_fault_t __do_userfault(struct vm_fault *vmf)
> > +{
> > +       return 0;
> > +}
> > +#endif
> > +
> >  /*
> >   * The mmap_lock must have been held on entry, and may have been
> >   * released depending on flags and vma->vm_ops->fault() return value.
> > @@ -5360,6 +5395,14 @@ static vm_fault_t __do_fault(struct vm_fault *vmf)
> >                         return VM_FAULT_OOM;
> >         }
> >
> > +       /*
> > +        * If this is an userfaultfd trap, process it in advance before
> 
> "If this is a userfault"

Indeed :)
 
> > +        * triggering the genuine fault handler.
> > +        */
> > +       ret = __do_userfault(vmf);
> > +       if (ret)
> > +               return ret;
> > +
> >         ret = vma->vm_ops->fault(vmf);
> >         if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE | VM_FAULT_RETRY |
> >                             VM_FAULT_DONE_COW)))
> > diff --git a/mm/shmem.c b/mm/shmem.c
> > index 68620caaf75f..239545352cd2 100644
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
> > @@ -2489,13 +2489,6 @@ static int shmem_get_folio_gfp(struct inode *inode, pgoff_t index,
> >         fault_mm = vma ? vma->vm_mm : NULL;
> >
> >         folio = filemap_get_entry(inode->i_mapping, index);
> > -       if (folio && vma && userfaultfd_minor(vma)) {
> > -               if (!xa_is_value(folio))
> > -                       folio_put(folio);
> > -               *fault_type = handle_userfault(vmf, VM_UFFD_MINOR);
> > -               return 0;
> > -       }
> > -
> >         if (xa_is_value(folio)) {
> >                 error = shmem_swapin_folio(inode, index, &folio,
> >                                            sgp, gfp, vma, fault_type);
> > @@ -2540,11 +2533,6 @@ static int shmem_get_folio_gfp(struct inode *inode, pgoff_t index,
> >          * Fast cache lookup and swap lookup did not find it: allocate.
> >          */
> >
> > -       if (vma && userfaultfd_missing(vma)) {
> > -               *fault_type = handle_userfault(vmf, VM_UFFD_MISSING);
> > -               return 0;
> > -       }
> > -
> >         /* Find hugepage orders that are allowed for anonymous shmem and tmpfs. */
> >         orders = shmem_allowable_huge_orders(inode, vma, index, write_end, false);
> >         if (orders > 0) {
> > diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
> > index 7cd7c5d1ce84..2ac5fad0ed6c 100644
> > --- a/mm/userfaultfd.c
> > +++ b/mm/userfaultfd.c
> > @@ -2045,6 +2045,14 @@ bool vma_can_userfault(struct vm_area_struct *vma, vm_flags_t vm_flags,
> >             !vma_is_anonymous(vma))
> >                 return false;
> >
> > +       /*
> > +        * File backed memory with PTE level mappigns must implement
> 
> "File-backed VMAs (except HugeTLB VMAs) must implement
> ops->get_folio_alloc() to support userfaults, as all userfaults in
> file-backed VMAs wlll call ops->get_folio_alloc() to determine the
> userfault type."

I like (except HugeTLB) more than "PTE ...", but it's not here to determine
the userfaulfd type, it's here to ensure we can __do_userfault() for a
memory type. 

	/*
	 * File backed VMAs (except HugeTLB) must implement
	 * ops->get_folio_noalloc() because it's required by
	 * __do_userfault() in page fault handling.
	 */
 
> > +        * ops->get_folio_noalloc()
> > +        */
> > +       if (!vma_is_anonymous(vma) && !is_vm_hugetlb_page(vma) &&
> > +           !ops->get_folio_noalloc)
> 
> With the separate folio_present() (or whatever) op, this check becomes
> more obvious. (Looking at this right now, it looks like we're checking
> for UFFDIO_CONTINUE/minor fault support here, but that's not really
> what's going on.)
> 
> Honestly I'm not 100% sure if this check should be here. If it's going
> to be here, then we should probably also have checks like these here:
>
> if (vm_flags & VM_UFFD_MINOR && !ops->get_folio_noalloc)
> 
> and
> 
> if (vm_flags & VM_UFFD_MISSING && !ops->alloc_folio)
> 
> So, maybe we should just leave it up to ops->can_userfault() to make
> sure we're doing the right thing?

This must be in the core so it can reject VMAs that can't be used in
__do_userfault() without complicating hot path in the page fault handler
with extra conditions.

> 
> > +               return false;
> > +
> >         return ops->can_userfault(vma, vm_flags);
> >  }
> >
> > --
> > 2.51.0
> >

-- 
Sincerely yours,
Mike.