From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8961531079B for ; Thu, 2 Apr 2026 04:23:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775103810; cv=none; b=g8tk5+zdRfHye25iHLqe3LOY1VbcHFKqGC4JFUeL5Lv4HCaVkoGDX6ZKkoMyJO6J+58+um4YrhDgZewbJUnFKnro6DXOYs6cD+MmCxr8CGHAEKBvmx9jIkZEViR0yGct0ET4i1FBaVVQiAUECEO44Ye5LaZSMW2pvBM9OTqN9iA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775103810; c=relaxed/simple; bh=FAwXg0Z/Js+Q1EDzl9Nu5mdr5OazvQaNgoMp89UtE2M=; h=Date:To:From:Subject:Message-Id; b=R63/R/R9mWTEfhF4Vkrq31LwMxgcs+WhS+UeD48qQbHJofHVGIWhTNcAjDJIaAu/FYN+s5kBZNVPLxkEHHgypzgAmV8TzntLcTtAqiAVWrwx/UCNTOxERux2gBMH4wl6kc7V1qZKK7XjcGENLByXhS+mTQLqh5B3p1uIoWt9LPM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=EREX+YEA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="EREX+YEA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 31035C19423; Thu, 2 Apr 2026 04:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1775103810; bh=FAwXg0Z/Js+Q1EDzl9Nu5mdr5OazvQaNgoMp89UtE2M=; h=Date:To:From:Subject:From; b=EREX+YEAzja/gHlZwdoMk/+hNnwgb5gKoFIpdHVzeLrLxRCWbbFj/h5PusmfjN+WC mszqBQl/GddFIVjqfKWxpsSCEI87DnwvLfzATVnXPvXCpUTd5QXB/AGMRgJc0WhZRo jtqv5StVH4zqmNmnpcuHLVgHNNDHvmBwoFAIAtfE= Date: Wed, 01 Apr 2026 21:23:29 -0700 To: mm-commits@vger.kernel.org,rppt@kernel.org,akpm@linux-foundation.org From: Andrew Morton Subject: [to-be-updated] userfaultfd-introduce-mfill_establish_pmd-helper.patch removed from -mm tree Message-Id: <20260402042330.31035C19423@smtp.kernel.org> Precedence: bulk X-Mailing-List: mm-commits@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: The quilt patch titled Subject: userfaultfd: introduce mfill_establish_pmd() helper has been removed from the -mm tree. Its filename was userfaultfd-introduce-mfill_establish_pmd-helper.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: "Mike Rapoport (Microsoft)" Subject: userfaultfd: introduce mfill_establish_pmd() helper Date: Mon, 30 Mar 2026 13:11:04 +0300 There is a lengthy code chunk in mfill_atomic() that establishes the PMD for UFFDIO operations. This code may be called twice: first time when the copy is performed with VMA/mm locks held and the other time after the copy is retried with locks dropped. Move the code that establishes a PMD into a helper function so it can be reused later during refactoring of mfill_atomic_pte_copy(). Link: https://lkml.kernel.org/r/20260330101116.1117699-4-rppt@kernel.org Signed-off-by: Mike Rapoport (Microsoft) Acked-by: Harry Yoo (Oracle) Cc: Andrea Arcangeli Cc: Andrei Vagin Cc: Axel Rasmussen Cc: Baolin Wang Cc: David Hildenbrand (Arm) Cc: Hugh Dickins Cc: James Houghton Cc: Liam Howlett Cc: Lorenzo Stoakes (Oracle) Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: Muchun Song Cc: Nikita Kalyazin Cc: Oscar Salvador Cc: Paolo Bonzini Cc: Peter Xu Cc: Sean Christopherson Cc: Shuah Khan Cc: Suren Baghdasaryan Cc: Vlastimil Babka Signed-off-by: Andrew Morton --- mm/userfaultfd.c | 102 ++++++++++++++++++++++----------------------- 1 file changed, 52 insertions(+), 50 deletions(-) --- a/mm/userfaultfd.c~userfaultfd-introduce-mfill_establish_pmd-helper +++ a/mm/userfaultfd.c @@ -157,6 +157,56 @@ static void uffd_mfill_unlock(struct vm_ } #endif +static pmd_t *mm_alloc_pmd(struct mm_struct *mm, unsigned long address) +{ + pgd_t *pgd; + p4d_t *p4d; + pud_t *pud; + + pgd = pgd_offset(mm, address); + p4d = p4d_alloc(mm, pgd, address); + if (!p4d) + return NULL; + pud = pud_alloc(mm, p4d, address); + if (!pud) + return NULL; + /* + * Note that we didn't run this because the pmd was + * missing, the *pmd may be already established and in + * turn it may also be a trans_huge_pmd. + */ + return pmd_alloc(mm, pud, address); +} + +static int mfill_establish_pmd(struct mfill_state *state) +{ + struct mm_struct *dst_mm = state->ctx->mm; + pmd_t *dst_pmd, dst_pmdval; + + dst_pmd = mm_alloc_pmd(dst_mm, state->dst_addr); + if (unlikely(!dst_pmd)) + return -ENOMEM; + + dst_pmdval = pmdp_get_lockless(dst_pmd); + if (unlikely(pmd_none(dst_pmdval)) && + unlikely(__pte_alloc(dst_mm, dst_pmd))) + return -ENOMEM; + + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_leaf(dst_pmdval))) + return -EEXIST; + if (unlikely(pmd_bad(dst_pmdval))) + return -EFAULT; + + state->pmd = dst_pmd; + return 0; +} + /* Check if dst_addr is outside of file's size. Must be called with ptl held. */ static bool mfill_file_over_size(struct vm_area_struct *dst_vma, unsigned long dst_addr) @@ -489,27 +539,6 @@ out: return ret; } -static pmd_t *mm_alloc_pmd(struct mm_struct *mm, unsigned long address) -{ - pgd_t *pgd; - p4d_t *p4d; - pud_t *pud; - - pgd = pgd_offset(mm, address); - p4d = p4d_alloc(mm, pgd, address); - if (!p4d) - return NULL; - pud = pud_alloc(mm, p4d, address); - if (!pud) - return NULL; - /* - * Note that we didn't run this because the pmd was - * missing, the *pmd may be already established and in - * turn it may also be a trans_huge_pmd. - */ - return pmd_alloc(mm, pud, address); -} - #ifdef CONFIG_HUGETLB_PAGE /* * mfill_atomic processing for HUGETLB vmas. Note that this routine is @@ -742,7 +771,6 @@ static __always_inline ssize_t mfill_ato struct vm_area_struct *dst_vma; long copied = 0; ssize_t err; - pmd_t *dst_pmd; /* * Sanitize the command parameters: @@ -809,41 +837,15 @@ retry: while (state.src_addr < src_start + len) { VM_WARN_ON_ONCE(state.dst_addr >= dst_start + len); - pmd_t dst_pmdval; - - dst_pmd = mm_alloc_pmd(dst_mm, state.dst_addr); - if (unlikely(!dst_pmd)) { - err = -ENOMEM; + err = mfill_establish_pmd(&state); + if (err) break; - } - dst_pmdval = pmdp_get_lockless(dst_pmd); - if (unlikely(pmd_none(dst_pmdval)) && - unlikely(__pte_alloc(dst_mm, dst_pmd))) { - err = -ENOMEM; - break; - } - dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is THP don't override it and just be strict. - * (This includes the case where the PMD used to be THP and - * changed back to none after __pte_alloc().) - */ - if (unlikely(!pmd_present(dst_pmdval) || - pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } - if (unlikely(pmd_bad(dst_pmdval))) { - err = -EFAULT; - break; - } /* * For shmem mappings, khugepaged is allowed to remove page * tables under us; pte_offset_map_lock() will deal with that. */ - state.pmd = dst_pmd; err = mfill_atomic_pte(&state); cond_resched(); _ Patches currently in -mm which might be from rppt@kernel.org are userfaultfd-introduce-mfill_get_vma-and-mfill_put_vma.patch userfaultfd-retry-copying-with-locks-dropped-in-mfill_atomic_pte_copy.patch userfaultfd-move-vma_can_userfault-out-of-line.patch userfaultfd-introduce-vm_uffd_ops.patch shmem-userfaultfd-use-a-vma-callback-to-handle-uffdio_continue.patch userfaultfd-introduce-vm_uffd_ops-alloc_folio.patch shmem-userfaultfd-implement-shmem-uffd-operations-using-vm_uffd_ops.patch userfaultfd-mfill_atomic-remove-retry-logic.patch