On Tue, May 12, 2026 at 08:29:02PM +0300, Mike Rapoport wrote: > On Fri, May 08, 2026 at 04:55:21PM +0100, Kiryl Shutsemau (Meta) wrote: > > Wire the fault side of read-write protection tracking and turn the > > userspace interface on. > > > > An RWP-protected PTE is PAGE_NONE with the uffd bit set. The > > PROT_NONE triggers a fault on any access; the uffd bit distinguishes > > it from plain mprotect(PROT_NONE) or NUMA hinting. > > > > Fault dispatch, per level: > > > > PTE handle_pte_fault() -> do_uffd_rwp() > > PMD __handle_mm_fault() -> do_huge_pmd_uffd_rwp() > > hugetlb hugetlb_fault() -> hugetlb_handle_userfault() > > > > The RWP branches gate on userfaultfd_pte_rwp() / userfaultfd_huge_pmd_rwp() > > (VM_UFFD_RWP plus the uffd bit) and fall through to do_numa_page() / > > do_huge_pmd_numa_page() otherwise. Each delivers a > > UFFD_PAGEFAULT_FLAG_RWP message through handle_userfault(); the handler > > resolves it with UFFDIO_RWPROTECT clearing MODE_RWP. > > > > userfaultfd_must_wait() and userfaultfd_huge_must_wait() add matching > > protnone+uffd waiters so sync-mode fault handlers block correctly. > > > > Expose the UAPI: > > > > UFFDIO_REGISTER_MODE_RWP -> UFFD_API_REGISTER_MODES > > UFFD_FEATURE_RWP -> UFFD_API_FEATURES > > _UFFDIO_RWPROTECT -> UFFD_API_RANGE_IOCTLS > > UFFD_API_RANGE_IOCTLS_BASIC > > > > UFFD_FEATURE_RWP is masked out at UFFDIO_API time when PROT_NONE is > > not available or VM_UFFD_RWP aliases VM_NONE (32-bit), so userspace > > never sees an advertised-but-broken feature. > > > > Works on anonymous, shmem, and hugetlb memory. > > > > Signed-off-by: Kiryl Shutsemau <[email protected]> > > Assisted-by: Claude:claude-opus-4-6 > > A small nit below, other than that > > Reviewed-by: Mike Rapoport (Microsoft) <[email protected]>
Thanks! > > @@ -347,6 +359,14 @@ static inline bool userfaultfd_must_wait(struct > > userfaultfd_ctx *ctx, > > */ > > if (!pte_write(ptent) && (reason & VM_UFFD_WP)) > > goto out; > > + /* > > + * PTE is still RW-protected (protnone with uffd bit), wait for > > + * userspace to resolve. Plain PROT_NONE without the marker is not > > + * an RWP fault. > > + */ > > + if (pte_protnone(ptent) && pte_uffd(ptent) && > > + (reason & VM_UFFD_RWP)) > > Nit: this fits even in 80-chars line Ack. -- Kiryl Shutsemau / Kirill A. Shutemov
