On Fri, Mar 06, 2026 at 07:18:07PM +0200, Mike Rapoport wrote:
> bool vma_can_userfault(struct vm_area_struct *vma, vm_flags_t vm_flags,
> bool wp_async)
> {
> - vm_flags &= __VM_UFFD_FLAGS;
> + const struct vm_uffd_ops *ops = vma_uffd_ops(vma);
>
> - if (vma->vm_flags & VM_DROPPABLE)
> + /* only VMAs that implement vm_uffd_ops are supported */
> + if (!ops)
> return false;
Just found out that rejecting a VMA that does not have uffd_ops but was
registered in WP-only mode with WP_ASYNC uffd context breaks
pagemap_ioctl() test and more broadly it breaks tracking of writes in SysV
shared memory areas.
This is weird that it's possible to use uffd with SysV SHM, but it's out
there for some time and I afraid we can't change that :/
Andrew, can you apply this as a fixup please
>From 6e3319ceab93d84558e735e1f4f451e80c85b267 Mon Sep 17 00:00:00 2001
From: "Mike Rapoport (Microsoft)" <[email protected]>
Date: Wed, 11 Mar 2026 20:21:38 +0200
Subject: [PATCH 1/1] userfaultfd: allow registration of WP_ASYNC for any VMA
Registration of a VMA with WP_ASYNC userfaulfd context in write-protect
mode does not require any VMA-specific resolution of user faults and
these faults are completely handled by the generic page fault handler.
This functionality existed since the introduction of WP_ASYNC mode and
it allows tracking writes to SysV shared memory mappings (shmget(2) and
shmat(2)).
Move the check for WP mode before checking for presence of ->uffd_ops in a
VMA to restore the original behaviour.
Signed-off-by: Mike Rapoport (Microsoft) <[email protected]>
---
mm/userfaultfd.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index b55d4a8d88cc..436795bf218e 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -2044,22 +2044,22 @@ bool vma_can_userfault(struct vm_area_struct *vma,
vm_flags_t vm_flags,
{
const struct vm_uffd_ops *ops = vma_uffd_ops(vma);
- /* only VMAs that implement vm_uffd_ops are supported */
- if (!ops)
- return false;
-
vm_flags &= __VM_UFFD_FLAGS;
- if (vma->vm_flags & VM_DROPPABLE)
- return false;
-
/*
- * If wp async enabled, and WP is the only mode enabled, allow any
+ * If WP is the only mode enabled and context is wp async, allow any
* memory type.
*/
if (wp_async && (vm_flags == VM_UFFD_WP))
return true;
+ /* For any other mode reject VMAs that don't implement vm_uffd_ops */
+ if (!ops)
+ return false;
+
+ if (vma->vm_flags & VM_DROPPABLE)
+ return false;
+
/*
* If user requested uffd-wp but not enabled pte markers for
* uffd-wp, then only anonymous memory is supported
--
2.51.0
