Re: [RFC PATCH] mm/hmm: Add userfaultfd support to fault handling
From: David Hildenbrand (Arm)
Date: Wed Apr 22 2026 - 03:33:19 EST
On 4/1/26 00:24, Stanislav Kinsburskii wrote:
> Add support for userfaultfd-enabled VMAs to the HMM framework.
>
> Extract fault handling logic into hmm_handle_mm_fault() to handle both
> regular and userfaultfd-backed mappings. The implementation follows
> fixup_user_fault() for handling VM_FAULT_RETRY and VM_FAULT_COMPLETED, with
> a key difference: instead of retrying or moving forward respectively,
> return -EBUSY after reacquiring mmap_read_lock. Since the lock was
> released, the VMA could have changed, so defer retry logic to the caller.
>
> This approach is inefficient for userfaultfd-backed VMAs, as HMM can only
> populate one page at a time, but keeps the framework simple by avoiding
> complex retry logic within HMM itself.
>
> Signed-off-by: Stanislav Kinsburskii <skinsburskii@xxxxxxxxxxxxxxxxxxx>
> ---
> mm/hmm.c | 40 ++++++++++++++++++++++++++++++++++++----
> 1 file changed, 36 insertions(+), 4 deletions(-)
>
> diff --git a/mm/hmm.c b/mm/hmm.c
> index f6c4ddff4bd6..d04d68e21473 100644
> --- a/mm/hmm.c
> +++ b/mm/hmm.c
> @@ -59,6 +59,35 @@ static int hmm_pfns_fill(unsigned long addr, unsigned long end,
> return 0;
> }
>
> +static int hmm_handle_mm_fault(struct vm_area_struct *vma,
> + unsigned long addr,
> + unsigned int fault_flags)
> +{
> + int ret;
> +
> + if (userfaultfd_missing(vma)) {
> + struct mm_struct *mm = vma->vm_mm;
> +
> + fault_flags |= FAULT_FLAG_ALLOW_RETRY |
> + FAULT_FLAG_USER;
> +
> + ret = handle_mm_fault(vma, addr, fault_flags, NULL);
> +
> + if (ret & (VM_FAULT_COMPLETED | VM_FAULT_RETRY)) {
> + mmap_read_lock(mm);
> + return -EBUSY;
> + }
> +
> + if (ret & VM_FAULT_ERROR)
> + return vm_fault_to_errno(ret, 0);
> + } else {
> + ret = handle_mm_fault(vma, addr, fault_flags, NULL);
> + if (ret & VM_FAULT_ERROR)
> + return vm_fault_to_errno(ret, 0);
> + }
I'm surprised that there is userfaultfd_missing() logic required here at
all.
What prevents us from always calling handle_mm_fault() in a way +
handling return values, such that we will just do the right thing
independent of userfaultfd_missing()?
--
Cheers,
David