Re: [PATCH RESEND] userfaultfd: snapshot VMA state across UFFDIO_COPY retry

Next message: Boris Brezillon: "Re: [PATCH v4 2/3] drm/panthor: Implement evicted status for GEM objects"
Previous message: sukhdeeps: "[PATCH net-next v3 3/12] net: atlantic: decouple aq_set_data_fl3l4() from driver internals"
In reply to: David Hildenbrand (Arm): "Re: [PATCH RESEND] userfaultfd: snapshot VMA state across UFFDIO_COPY retry"
Next in thread: David Hildenbrand (Arm): "Re: [PATCH RESEND] userfaultfd: snapshot VMA state across UFFDIO_COPY retry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mike Rapoport

Date: Wed May 20 2026 - 10:33:38 EST

On Wed, May 20, 2026 at 03:48:02PM +0200, David Hildenbrand (Arm) wrote:
> On 5/20/26 14:53, Mike Rapoport wrote:
> > On Wed, May 20, 2026 at 01:09:04PM +0200, David Hildenbrand (Arm) wrote:
> >> On 5/19/26 07:25, Mike Rapoport wrote:
> >
> > Do you mean per-VMA?
> > Per-MM counter would capture unrelated changes, e.g. an masvise() for
> > unrelated range.
>
> I was thinking about a per-MM thing for simplicity. If there were any changes,
> we'd retry (-EAGAIN).
>
> IOW, something like &mm->mm_lock_seq, which we have for per-vma locks already.
>
> Not sure if unrelated changes would really be a problem in practice (another
> thread gabbing the mmap_lock in write mode until we serviced the fault).

Let me reiterate:

A thread doing UFFDIO_COPY releases the VMA in mfill_copy_folio_retry(),
re-gets the VMA and checks if the per-MM counter stayed the same.

If another thread makes any change to VMA while mfill_copy_folio_retry()
waits to re-get the VMA, the counter would be incremented by another
thread. mfill_copy_folio_retry() will see the change after mfill_get_vma()
and will bail out with -EAGAIN.

So if another thread does, e.g. MADV_DONTFORK on completely unrelated VMA,
mfill_copy_folio_retry() will return -EAGAIN and I'm not sure we'll not
break the existing userspace by this.

> --
> Cheers,
>
> David

--
Sincerely yours,
Mike.