From nobody Thu Oct  9 04:46:24 2025
Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com
 [148.163.139.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B66746BFCE
	for <linux-kernel@vger.kernel.org>; Fri, 20 Jun 2025 01:25:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=148.163.139.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1750382718; cv=none;
 b=gbuL3rkDt66kQqL1Kj7b/zKs4evQCFfIHofxPr/9BM20fDbuQpX/FwJARzqpE1REDWrbwZ60g3JumotygguPtIkpbQ4ZUcCmwQ0fb8/IbvRSLCAdd9r3YSSxN12ZHGVKzwreyy5uyr0zSsYf9UOksx7i1IFQlxm7FMUbLGIGx98=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1750382718; c=relaxed/simple;
	bh=48H87QO2Pis/SoCKFWPY9K3keEwEH0YOZ4nBSSNwcvE=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=nS7r1wB2lVKVuctzEgCCz906oeeRlJGAoCrAW+U8CpqNmCOkGorKM8ZsjL1fWOrWhfV1Tp1DpRL5TiczUFyCB4Hy9GYI9XTnkneOdD9sxQ/XKLmriMIwbMd86F0dvgevdEASrKpxIPSP36XyswDyxlvn5MpqaMcIKf9RdBjymCQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu;
 spf=pass smtp.mailfrom=columbia.edu;
 dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b=k3eSBrgQ; arc=none smtp.client-ip=148.163.139.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b="k3eSBrgQ"
Received: from pps.filterd (m0167073.ppops.net [127.0.0.1])
	by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 55JGHmYZ015822
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc :
 content-transfer-encoding : content-type : date : from : in-reply-to :
 message-id : mime-version : references : subject : to; s=pps01;
 bh=+FYO/0M59dmuE89lk57/ngo+KRWnkH8LVWe4hPQu/fY=;
 b=k3eSBrgQX8ugAmAyRe9Y8gTr+vIJTGwUdhWsl33rAVAvAreqvtjanDBu0qjPU8Oq7R+7
 YsDbmccg6QIu6OBC/zvL+r7RWga5vZOEqFhHjEVtPMVo/p9py7inWML+bxPmQxUmxoUb
 MWg+df+2YSh9fTRYsIOjAjSSpLQyVy5ZFGNXSWXoetYRK2QVxLJ0chcaAHRRTRYWXxdM
 XFp4MHrN5VScIMTxXI8+X/4ukqULTb//4zsYL/80h17AcXWhgXqW+s1D4HLcDX4ruCxS
 d6cHYpTQc5CAvR3Or0dJWrU3zokzK1F/AqEEXhQmW3ovbwBDwcJAMH8XU6/hcg2xJT4Q Eg==
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199])
	by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 4794yg4h77-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:15 -0400
Received: by mail-qt1-f199.google.com with SMTP id
 d75a77b69052e-4a6f64eebecso21965601cf.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 19 Jun 2025 18:25:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750382691; x=1750987491;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+FYO/0M59dmuE89lk57/ngo+KRWnkH8LVWe4hPQu/fY=;
        b=QMqpWylx4z1UdDpkJ8ntN+TI6RTIN9RQtjb8NwVqeLKesOIEf5e09m1icckYc+nxVg
         WZ2DfAGkvQE77NBciicMwwH9Lb+zQa2HtSablCA9ZnOyn16XBskuwF+PMbUedYFLvhIR
         xVM467bhZBhux/wqakvZusGnD4wcw8S8K1osOy1dkcwt1M6P9/S8ysXIJ4cfgiIoPgpl
         m8ccALZDcAAMit3aW3MFP7TaIhxPFa8Z7c/SKZpx5gsz45Qovc0GJEQC731M3YeKN9fA
         hSlO0ZEOg62hjDrW86CvDh5s86lykHWnQY+rASfNx/7a+gFWVbs83deWeWiX3lp/JoRo
         xj/g==
X-Forwarded-Encrypted: i=1;
 AJvYcCWZFZKnjnaPsLxAhYiqdc5823CV3j/sWVwyANVLwE9Cferb7+Zpzlh1zCJctxfIumD/Np1USkUfRdibWxQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YxMZQMR5ihQ1pF79zMtsKW0xorCcX4coSehL3ahC65jEQhZcSM/
	i/wsgHOZJIGqwSb+X60KwS7MZ+dZfByR8Bhq2nZihGXd92cu2J5p5/5ZxZ8QSIlySVa/vD7AYTN
	sMg76Avah5+1GrL1K9434bwwd607ZDDf3DW2MJe712aNRKAyBcZ7FKF+rxAjBCA==
X-Gm-Gg: ASbGncv9GiyuzpHBxv4LbwZUaDW0YGdMPwsVFwrk2GxzgwTtmvDI2KYaIVNYEZ+pTpN
	6J5V//WAPoTB38RzwpgNBTPNyKDrfOmYKB9+1MDT/WDF2MqqUfw8QwRKvWz3EWygGjr3HX3hQSs
	YvTcMKrTNblDGWR07spgjb+a1ac60KANMSEfXxyJ+0D+iJbeZxDpl08u9qi64g1pZkI7Nh+rMgq
	n5K5KUunPLOZonmLzSNWMImYuRpED1o8DkxVUOtN8BcardjXV9snri6hw+KHtbcKjRxTuzcULCl
	0OfpNU6yJtcnJRLtkt5qlbEpOvJjgaohxH7j4BQkgUJDdOXuBjMYKazuqXARDQlCGwM2
X-Received: by 2002:a05:622a:40f:b0:47a:e482:2eae with SMTP id
 d75a77b69052e-4a77a229e06mr20311321cf.31.1750382690684;
        Thu, 19 Jun 2025 18:24:50 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFpgKZPPSMphCZVQvNohMUiRd5i1lgxsJaw2otLFCbdmxNwVix523VQOy7E3/sJIy61nwUvHA==
X-Received: by 2002:a05:622a:40f:b0:47a:e482:2eae with SMTP id
 d75a77b69052e-4a77a229e06mr20310941cf.31.1750382690182;
        Thu, 19 Jun 2025 18:24:50 -0700 (PDT)
Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu.
 [160.39.33.242])
        by smtp.gmail.com with ESMTPSA id
 d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Jun 2025 18:24:49 -0700 (PDT)
From: Tal Zussman <tz2294@columbia.edu>
Date: Thu, 19 Jun 2025 21:24:23 -0400
Subject: [PATCH v3 1/4] userfaultfd: correctly prevent registering
 VM_DROPPABLE regions
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20250619-uffd-fixes-v3-1-a7274d3bd5e4@columbia.edu>
References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
To: Andrew Morton <akpm@linux-foundation.org>, Peter Xu <peterx@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        David Hildenbrand <david@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
        Andrea Arcangeli <aarcange@redhat.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Tal Zussman <tz2294@columbia.edu>
X-Mailer: b4 0.14.3-dev-d7477
X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=1272;
 i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id;
 bh=48H87QO2Pis/SoCKFWPY9K3keEwEH0YOZ4nBSSNwcvE=;
 b=anDw4BUOIaeEyJ5c4porbKpKkHrHAXlVWt+d9mp9dQbT/Aordkik+mDY6JLUsIbX3B3SmAthB
 I7FE0uQDxRzCy7TSGKnedagoQqrgduV4YtN885eaf3bwsgnhRjP1ODV
X-Developer-Key: i=tz2294@columbia.edu; a=ed25519;
 pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y=
X-Proofpoint-ORIG-GUID: JlGgFJ-rA-bf5eJh6Gekv33t53-NF-AJ
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOSBTYWx0ZWRfX4ax3rOh7rplh
 E7hW+o2r3Q+10k5wTveL2Pll6ak/Sfw96sEb4Paak7dW2ccGc6IwDJemltPZlH9cQYbWRxzUow9
 zbU+Eq29RzCE6yV597nCf8og89U7io0Usmjyy1WyNktPrYTkvfvXL/iGR0a1p8q/kwVIOeU2O3W
 ZA0fBE8bK67aOUMrjDu5pKj5rkY45H4XLXEGpGzB2kLgSCwzRJ5Oa8VPpfq5F1XILjmmKRnag1L
 5KzfJS0Nys1n9yiiCEq2p7oGycnim/TNFGNiQbfW+gR7vCWA70Pp0lQ4PkykbhYk0qQ2Gb82uoP
 9Tc+GnlvG3NqDB5eQdODpfb/mqMtAtDXXwhJXshS3gAXwOMdEQ7cz+wleGNK2D5ui9W3GGNXhcl
 Gw/STN2/
X-Proofpoint-GUID: JlGgFJ-rA-bf5eJh6Gekv33t53-NF-AJ
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=927 clxscore=1015
 bulkscore=10 phishscore=0 adultscore=0 mlxscore=0 spamscore=0
 impostorscore=0 lowpriorityscore=10 malwarescore=0 priorityscore=1501
 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2505160000 definitions=main-2506200009

vma_can_userfault() masks off non-userfaultfd VM flags from vm_flags.
The vm_flags & VM_DROPPABLE test will then always be false, incorrectly
allowing VM_DROPPABLE regions to be registered with userfaultfd.

Additionally, vm_flags is not guaranteed to correspond to the actual
VMA's flags. Fix this test by checking the VMA's flags directly.

Link: https://lore.kernel.org/linux-mm/5a875a3a-2243-4eab-856f-bc53ccfec3ea=
@redhat.com/
Fixes: 9651fcedf7b9 ("mm: add MAP_DROPPABLE for designating always lazily f=
reeable mappings")
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Tal Zussman <tz2294@columbia.edu>
---
 include/linux/userfaultfd_k.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
index 75342022d144..f3b3d2c9dd5e 100644
--- a/include/linux/userfaultfd_k.h
+++ b/include/linux/userfaultfd_k.h
@@ -218,7 +218,7 @@ static inline bool vma_can_userfault(struct vm_area_str=
uct *vma,
 {
 	vm_flags &=3D __VM_UFFD_FLAGS;
=20
-	if (vm_flags & VM_DROPPABLE)
+	if (vma->vm_flags & VM_DROPPABLE)
 		return false;
=20
 	if ((vm_flags & VM_UFFD_MINOR) &&

--=20
2.39.5
From nobody Thu Oct  9 04:46:24 2025
Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com
 [148.163.135.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 963C635968
	for <linux-kernel@vger.kernel.org>; Fri, 20 Jun 2025 01:24:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=148.163.135.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1750382701; cv=none;
 b=n+nDCu434cHbwYuQqAg+A0NuIrcV/BYpafu0EdY9Rm2k9O8iPx2hw7VHLeyNRO78tic4OmEPNAE7Px76p8BWJkPZKbV+DgeOr7eB35hnKrepKTH8FHmik5MeTfWogssDA7KNY25OBTpoKb9KhR1vqENTo5cbQtuj4w0ZLR5BLSg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1750382701; c=relaxed/simple;
	bh=xXMlI7rpm3z9JLZGXMznkVZ0H27f9pBGFKN/B0zsoEE=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=XgKhy+YlZphLcjBzBkp0smTzOVbe7S4BGir6Dfyeyt5pRxWdyeFzDy16td0+heS187kg5XpGP6yp9NzqS9fGjLNjQIHIv4TKRnoXI4+ZGwpAKs4rzk9kftAaaHXEOqRDZvAQ6lVBJmsJpn/AAExUsxaZwcaglJiSAt07wgxd9q0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu;
 spf=pass smtp.mailfrom=columbia.edu;
 dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b=YPSmg/uw; arc=none smtp.client-ip=148.163.135.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b="YPSmg/uw"
Received: from pps.filterd (m0167068.ppops.net [127.0.0.1])
	by mx0a-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 55JEegad026963
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:24:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc :
 content-transfer-encoding : content-type : date : from : in-reply-to :
 message-id : mime-version : references : subject : to; s=pps01;
 bh=X46fh0ZZ1WeD/NYr5w40mQYpquA1g2f04LeJ0ONcmxE=;
 b=YPSmg/uwWqWtGNit0/X0eSqqIz7cpKxTTVyU2f1VKwLviwJL48VFuOSlEL6sul26oyw5
 Fx0oLE+3puaartKeVOcQ7NLQ92vPaDkREj/IhWjsyqYFFHGC/izDuMi9Qtq19vY5cSxq
 UHPqXFxY6HmjzoR8Lbg1YoQIwO48jZT7VRjHPq/ST6Y7kXuyONT75+rHfiufO/vJyEsn
 hxWHuvW6WcImCSfaeUHUFHiJTrt9Jnq8i/LG5e3szuYn0jPc0ntLyo1GPSXlMWP1bBBq
 mJaRKc23NmSEt3TjA610x5l2/tr3X3qi1qE9R7WGUDKw1EC/+sAnhsUxd4azXdbzfjhY vQ==
Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com
 [209.85.222.198])
	by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 4793c041vm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:24:53 -0400
Received: by mail-qk1-f198.google.com with SMTP id
 af79cd13be357-7d3eeab1223so166773785a.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 19 Jun 2025 18:24:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750382692; x=1750987492;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=X46fh0ZZ1WeD/NYr5w40mQYpquA1g2f04LeJ0ONcmxE=;
        b=Ie0Mkbc7JXFyKopgpaujMvlntvtzbUM2Ez3vRollRHkF5rwbMg7hEm0NHvWg9/00yy
         b77JNninBVcQ+PIsdvnkQmHAL1UOAD5kEc11BhmgM75edaxi8Kuds7jhbK1c0o3uL/K+
         62L0ow2MtrEiI/sVkLfVNGJm7wJkyLR+g3vHYwQxUJDjtL++frRRtfsOBuoalEZzAT/J
         oC/NETBmZLA3KoFNuM1wMEkBjCV9Q+dXQ/ebc/QiKMa/QXLCcybmiKTrgaoo/ZGAKLvB
         QnAx0BsY4YSGVngPn6nL95GtnDvHgvWYeq6Q0MnGqA5DcsJJGHrtyi/RjQBciIi4Qtw0
         NE7Q==
X-Forwarded-Encrypted: i=1;
 AJvYcCVTE/2bLa1IW8KpOTxhUm+d8n5BqLnvnE+iADUXtYpyRB8ci6Xlvu2yHTDbkjDlO65liwfF3IxeHQWo9Sw=@vger.kernel.org
X-Gm-Message-State: AOJu0YypJ4vCVc1JduI5wyAR0dD7nYuOLXGy7UBiG48/UcLb4PiWJxzY
	DN6sYsDhf+IyeSpS64wRGsbrv0aDdPEfIr7t+FfUPr3D4IKBArLKfVI6/r5Mkwhtyh0EFaR04yF
	sKlPt/LuDLyn5rMLXkr33T5s+hBRu/g08n43Rv5EkEDBlN0o0D7Z6TheZMq3Rmw==
X-Gm-Gg: ASbGncththqeXlFJNTH48kec/QkTA+0bRoUKxxEXOmIc35sMU7vqFFKA8GmjiuUySSZ
	Rk1kv7BRodPt8FMjAPKeoF6COLMUNl1phGObAxXEdkefa6mCG0ExMxku3K3S1rgAzjI7aJWaeYa
	70SW+5GRaICRbypUc2YGooCfqqWeJL47af/zbKhkRVR/HIn0DLuBhK/0/uYkkl3MbCEEzwi0DWp
	Ju+A+ELroKp2s11IvjBtQVwxwfhv1N8mjxXQH3uAh5KPC+FLwY5QmsIG9BEhTMGxZOu5A+zC0Q5
	SxZb/T2Cj8Fha6ac8IgNL5y7IKH+y7nhW1UGfGYZROeFb3w4WGwNNEvxIPJIy6HKmuEe
X-Received: by 2002:a05:620a:198e:b0:7d3:a7d9:1120 with SMTP id
 af79cd13be357-7d3fc06b8d5mr63538085a.24.1750382691971;
        Thu, 19 Jun 2025 18:24:51 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGJKSrSBgQ4uBVzQlMagjxckiiQ/tQxOZmwuAqKpCEwLsdmkXuPSybt+Cb06ko5l86V7nuVZQ==
X-Received: by 2002:a05:620a:198e:b0:7d3:a7d9:1120 with SMTP id
 af79cd13be357-7d3fc06b8d5mr63533785a.24.1750382690971;
        Thu, 19 Jun 2025 18:24:50 -0700 (PDT)
Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu.
 [160.39.33.242])
        by smtp.gmail.com with ESMTPSA id
 d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Jun 2025 18:24:50 -0700 (PDT)
From: Tal Zussman <tz2294@columbia.edu>
Date: Thu, 19 Jun 2025 21:24:24 -0400
Subject: [PATCH v3 2/4] userfaultfd: prevent unregistering VMAs through a
 different userfaultfd
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20250619-uffd-fixes-v3-2-a7274d3bd5e4@columbia.edu>
References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
To: Andrew Morton <akpm@linux-foundation.org>, Peter Xu <peterx@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        David Hildenbrand <david@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
        Andrea Arcangeli <aarcange@redhat.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Tal Zussman <tz2294@columbia.edu>
X-Mailer: b4 0.14.3-dev-d7477
X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=2822;
 i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id;
 bh=xXMlI7rpm3z9JLZGXMznkVZ0H27f9pBGFKN/B0zsoEE=;
 b=WzhBLDQrXcUIUlBCP8qTicibv+pXurkXgBplDu92U7x22Aj1+3bJyvMaG1h7d35DYp/eDYzJj
 iqoX7qrPiMQAmBmnvAIOMBdt+sMK+Un6Ig5Keny2IykvItTmx9ZCkVg
X-Developer-Key: i=tz2294@columbia.edu; a=ed25519;
 pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y=
X-Proofpoint-GUID: u4zVkJ5d4mqKzPsgLMDdXPziliqYUajH
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOCBTYWx0ZWRfX4gg2YrCn9dZg
 EdHY1K23Ra4/88fgGLEo//7b6Jn1CdkTgB2qfUOxRSI+G2O4B7AqPpiTODNVDQBGN5FzRsGf4b+
 ScNJvlIe5mPj9BGUFvfyMdlAEIGkvWWd/FpTiI1RWgY1d0oPzUPm7xdqH2OCdVCTBF+NpNz+dmT
 RRwaabSI7CqqIL2qFDRc0dpzAcWawSfp2DKwzJlsC3n742ieiyIkuSg56/R7dI9/hfud7iwcm1T
 HtH8yf2yw45EmrJyrD4f1IOMF9FmN8D7uYnS0mM9IyrpoIjiUWEVc9zt2qjKaxIKwaTmi08gpfc
 H8J7ZjBOtTS5gakL+illQ49H1j3uU4PBr0m8EgvhEmjhBoYp2ON6vOg67eG8wnR6oSi3qo26tHq
 Zc9p0bM9
X-Proofpoint-ORIG-GUID: u4zVkJ5d4mqKzPsgLMDdXPziliqYUajH
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=10
 phishscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=999
 malwarescore=0 bulkscore=10 clxscore=1015 spamscore=0 adultscore=0
 impostorscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2505160000 definitions=main-2506200008

Currently, a VMA registered with a uffd can be unregistered through a
different uffd associated with the same mm_struct.

The existing behavior is slightly broken and may incorrectly reject
unregistering some VMAs due to the following check:

	if (!vma_can_userfault(cur, cur->vm_flags, wp_async))
		goto out_unlock;

where wp_async is derived from ctx, not from cur. For example, a
file-backed VMA registered with wp_async enabled and UFFD_WP mode cannot
be unregistered through a uffd that does not have wp_async enabled.

Rather than fix this and maintain this odd behavior, make unregistration
stricter by requiring VMAs to be unregistered through the same uffd they
were registered with. Additionally, reorder the BUG() checks to avoid
the aforementioned wp_async issue in them. Convert the existing check to
VM_WARN_ON_ONCE() as BUG_ON() is deprecated.

This change slightly modifies the ABI. It should not be backported to
-stable. It is expected that no one depends on this behavior, and no
such cases are known.

While at it, correct the comment for the no userfaultfd case. This seems to
be a copy-paste artifact from the analogous userfaultfd_register() check.

Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory extern=
alization")
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Tal Zussman <tz2294@columbia.edu>
---
 fs/userfaultfd.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 22f4bf956ba1..8e7fb2a7a6aa 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1467,6 +1467,14 @@ static int userfaultfd_unregister(struct userfaultfd=
_ctx *ctx,
 		BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
 		       !!(cur->vm_flags & __VM_UFFD_FLAGS));
=20
+		/*
+		 * Prevent unregistering through a different userfaultfd than
+		 * the one used for registration.
+		 */
+		if (cur->vm_userfaultfd_ctx.ctx &&
+		    cur->vm_userfaultfd_ctx.ctx !=3D ctx)
+			goto out_unlock;
+
 		/*
 		 * Check not compatible vmas, not strictly required
 		 * here as not compatible vmas cannot have an
@@ -1490,15 +1498,12 @@ static int userfaultfd_unregister(struct userfaultf=
d_ctx *ctx,
 	for_each_vma_range(vmi, vma, end) {
 		cond_resched();
=20
-		BUG_ON(!vma_can_userfault(vma, vma->vm_flags, wp_async));
-
-		/*
-		 * Nothing to do: this vma is already registered into this
-		 * userfaultfd and with the right tracking mode too.
-		 */
+		/* VMA not registered with userfaultfd. */
 		if (!vma->vm_userfaultfd_ctx.ctx)
 			goto skip;
=20
+		VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx !=3D ctx);
+		VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async));
 		WARN_ON(!(vma->vm_flags & VM_MAYWRITE));
=20
 		if (vma->vm_start > start)

--=20
2.39.5
From nobody Thu Oct  9 04:46:24 2025
Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com
 [148.163.139.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B67337081D
	for <linux-kernel@vger.kernel.org>; Fri, 20 Jun 2025 01:25:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=148.163.139.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1750382718; cv=none;
 b=MqFS4sKICfx5oke8BwShpeHfgMCDiQbAnjAaBwEx8Jm8Qsc2DbL16Ys15zQjLD13sliceeqvwDJpF9ElEgwYN2ob2sLAQ36sB1WNH8rc0JnJOvcJBFEj+bYXo70Pu3gqJb0glK2uY2d6esmoePJ4w18qI/hmeh5L3g3OeTzY7SI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1750382718; c=relaxed/simple;
	bh=owMdNBEirTOUYDKZZnWe9phYEFPqEGWEX+HWk21JD8Q=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=ZnZrR9Eiih8NDM8lq58pEo5+GQJg5AORYJyTFbPczJb98D6+d/Pl5D/sWnjNcn+iuK0p7H6ukOl52ywiolQoIj65vVnauSIvylSOsLgc67XsjOC49xnrDfun3ruSQANEMu/9eacRZ36crAFy9utpAGQXGAjUene/Z6qNsU0KqSI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu;
 spf=pass smtp.mailfrom=columbia.edu;
 dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b=pSHeIDDa; arc=none smtp.client-ip=148.163.139.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b="pSHeIDDa"
Received: from pps.filterd (m0167076.ppops.net [127.0.0.1])
	by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 55JN8UAg025608
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc :
 content-transfer-encoding : content-type : date : from : in-reply-to :
 message-id : mime-version : references : subject : to; s=pps01;
 bh=RWFS/O3+ZD+8YlNR9npeOHUHV0ZFbSZR8/b4rJdEjvc=;
 b=pSHeIDDaDLpTbx9GfugZnqnxexbWNlyWpWIgYnJQ+iMefdM4cfoStS/Yf9M8ndhEyEV3
 HsAhqlndiqjPke+GBVOx/JYOcCskEguq5faxBnVjdZYnqVW5oxA5mxlidO4KAKwIe/o2
 /3VrvFz7Y2ovUuHZcxEQRLPlHx1k1hS+lbIUCYEDPdSw6JvTTfGbkVSvXE6cnNtpSW+c
 q3pLbQO30FiL8pc2kHNSpnVBmaloaZIt5JEOdUOG8AL1paRpi/VV637YFLpvt7PzRce/
 9I82owaz7asPhvYpkaug5G+nA2PS/ksbbz96tZKb1cYTQNIGCfqWbxDHmdLhezQck0Sg 9g==
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com
 [209.85.160.197])
	by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 479pqn795s-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:15 -0400
Received: by mail-qt1-f197.google.com with SMTP id
 d75a77b69052e-4a6e9182fbaso19661011cf.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 19 Jun 2025 18:25:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750382694; x=1750987494;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=RWFS/O3+ZD+8YlNR9npeOHUHV0ZFbSZR8/b4rJdEjvc=;
        b=epqMsDbrvHtYUuUyux/3QbVA+6PQgfB//l68K6jScTVnIYwJHc2LQuGrv5X/gUrqR+
         Tjg2LHeLRAYf1AlZ6TQVKtrf5knRm6NW1jg2bH25m+36CVH9CBRxamYPdS4suWNA2aNl
         6zwoHnnCEo00jipFei9TnoQC/LVJI2XI2/+JDXcdkn87cQGcjw0vIEUQnEIW+1Dv2ZlV
         0cWjfF11ZAu4H0Hrjs2b1VRQNyN2NIG68jt6DpwrgkqsRGnlwdRXkZrwm44BS7qC8WGH
         +swbXK75gm5eN7N0QYWsXueYp8itaLDYUCMXpmz9PQi5yWdzMftSn5S2Wp3dMfBEQH48
         A5jw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVFtRMphEj4iiCGRCBdwHTtDOINHN/tdUpuIAVMPLN7JetsRsrmA9WvsEX7vZ67C6WS4hGw9vbvYKb7X90=@vger.kernel.org
X-Gm-Message-State: AOJu0YwzlJll8z8JD/ct01saN93HBxltW3AYPQ+VMSyudJ2k+GKk4jlr
	fEifAbZRqnY53pvIc1chTw+OK9umDGei5cIlNsjfBHhbRPn7V18XucIvrP79dfgYysAZaENWTYx
	zN+r+rnCtmMOoB8bbB9TQneDNAE6I+kvKvpHM3B2xbmCf2TZI9p5c1aFyoT4hjw==
X-Gm-Gg: ASbGncuSL1MCZlOr+z4j/C0YAnIE7bQMhgjUVu2vvnG65fuiwz0GIakOHACJYspeqRQ
	uHbKNM7HdNmzDPNIy7/xV3b8zclZaihQhG9WFevXjR6jXEgdPW4NZ7iP+FJYL2K8l6CUc4iQGr9
	i7zIIZjKzicm/YjAAFSThsd1AZmKqGtYyf2LjA2Lv/YowfH1BfGUAV+Xq9/O03FBXpZENN0Dz9e
	gILUpBU/P3AVyervniBSG0DnprnBM2COz/nckG7v5xe7sue4zPeDQhErGmI212lWVQvPJ6ocmZq
	I1wEKj2/KkHTqN5lfdUzjIoTpF+Iq/tQc5nzU2/vOsIc18X+wsHe0/pW3G7GW1UZz6Bp
X-Received: by 2002:ac8:7d91:0:b0:4a7:8af:3372 with SMTP id
 d75a77b69052e-4a77c2d5a16mr6375801cf.1.1750382693799;
        Thu, 19 Jun 2025 18:24:53 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFxSBk/DrFdt6HyevBLvxZyXoVmuiIlMGpXyLYAA+lHLIJsHLNL10gZmy4gTm6BrPCle8DH6w==
X-Received: by 2002:ac8:7d91:0:b0:4a7:8af:3372 with SMTP id
 d75a77b69052e-4a77c2d5a16mr6375341cf.1.1750382692318;
        Thu, 19 Jun 2025 18:24:52 -0700 (PDT)
Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu.
 [160.39.33.242])
        by smtp.gmail.com with ESMTPSA id
 d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Jun 2025 18:24:51 -0700 (PDT)
From: Tal Zussman <tz2294@columbia.edu>
Date: Thu, 19 Jun 2025 21:24:25 -0400
Subject: [PATCH v3 3/4] userfaultfd: remove (VM_)BUG_ON()s
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20250619-uffd-fixes-v3-3-a7274d3bd5e4@columbia.edu>
References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
To: Andrew Morton <akpm@linux-foundation.org>, Peter Xu <peterx@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        David Hildenbrand <david@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
        Andrea Arcangeli <aarcange@redhat.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Tal Zussman <tz2294@columbia.edu>
X-Mailer: b4 0.14.3-dev-d7477
X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=13816;
 i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id;
 bh=owMdNBEirTOUYDKZZnWe9phYEFPqEGWEX+HWk21JD8Q=;
 b=1td6e7UCiOGMwEkYkMVCA0HLRM6tRyR/78GTYKhDrmwZH2WvlwjaVlh/MrbACG2gDu1MGQkz+
 RX31tKbOES0APmpnf+37BCJMSX26cru2Fd6gXWzVi7Omd8r5UHX6wod
X-Developer-Key: i=tz2294@columbia.edu; a=ed25519;
 pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y=
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOSBTYWx0ZWRfX77FAEwoKYOLq
 jxKQalxH4pO3Iu9P6GvBXR+Z0VAHNGz9YgOwnHXe7aOu6+z4qko2eKjXvwVIx8ir7jDRb9QU5Lc
 gDEM5drc3H194AjFIfLb5wFpdk4gbX5wlvZD1eA/2z58D7CbdZBuhmSyRQBNkIIVFz4CY9GRUp+
 vPLCuDzgufMjYzQN74398vX83OyoFhFVOalxyNVgP7fAZZYCncXFjHNuvani+G12lL1oLPpyAqK
 zeAl+Y69erlS0J4LMQ0bbYJ1ZBEUtqY7cnxR+VBrhPIvydE0Jusxa2NkktaIjCKdyc5o51gdNGn
 jIbrK8lcJHXE9Sp0pMV21BNj8Xa1NA2b3RbW9LDnjdT4mWfwmiyxzww+8T+cdx8I/Gtk5YMraTm
 6IHU0lRO
X-Proofpoint-GUID: UbF9qaeJF9CLpKAcQiykXECmsmFwoESg
X-Proofpoint-ORIG-GUID: UbF9qaeJF9CLpKAcQiykXECmsmFwoESg
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=10
 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 malwarescore=0
 spamscore=0 bulkscore=10 priorityscore=1501 phishscore=0 mlxlogscore=999
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2505160000 definitions=main-2506200009

BUG_ON() is deprecated [1]. Convert all the BUG_ON()s and VM_BUG_ON()s
to use VM_WARN_ON_ONCE().

There are a few additional cases that are converted or modified:

- Convert the printk(KERN_WARNING ...) in handle_userfault() to use
  pr_warn().

- Convert the WARN_ON_ONCE()s in move_pages() to use VM_WARN_ON_ONCE(),
  as the relevant conditions are already checked in validate_range() in
  move_pages()'s caller.

- Convert the VM_WARN_ON()'s in move_pages() to VM_WARN_ON_ONCE(). These
  cases should never happen and are similar to those in mfill_atomic()
  and mfill_atomic_hugetlb(), which were previously BUG_ON()s.
  move_pages() was added later than those functions and makes use of
  VM_WARN_ON() as a replacement for the deprecated BUG_ON(), but.
  VM_WARN_ON_ONCE() is likely a better direct replacement.

- Convert the WARN_ON() for !VM_MAYWRITE in userfaultfd_unregister() and
  userfaultfd_register_range() to VM_WARN_ON_ONCE(). This condition is
  enforced in userfaultfd_register() so it should never happen, and can
  be converted to a debug check.

[1] https://www.kernel.org/doc/html/v6.15/process/coding-style.html#use-war=
n-rather-than-bug

Signed-off-by: Tal Zussman <tz2294@columbia.edu>
---
 fs/userfaultfd.c | 59 ++++++++++++++++++++++++------------------------
 mm/userfaultfd.c | 68 +++++++++++++++++++++++++++-------------------------=
----
 2 files changed, 62 insertions(+), 65 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 8e7fb2a7a6aa..771e81ea4ef6 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -165,14 +165,14 @@ static void userfaultfd_ctx_get(struct userfaultfd_ct=
x *ctx)
 static void userfaultfd_ctx_put(struct userfaultfd_ctx *ctx)
 {
 	if (refcount_dec_and_test(&ctx->refcount)) {
-		VM_BUG_ON(spin_is_locked(&ctx->fault_pending_wqh.lock));
-		VM_BUG_ON(waitqueue_active(&ctx->fault_pending_wqh));
-		VM_BUG_ON(spin_is_locked(&ctx->fault_wqh.lock));
-		VM_BUG_ON(waitqueue_active(&ctx->fault_wqh));
-		VM_BUG_ON(spin_is_locked(&ctx->event_wqh.lock));
-		VM_BUG_ON(waitqueue_active(&ctx->event_wqh));
-		VM_BUG_ON(spin_is_locked(&ctx->fd_wqh.lock));
-		VM_BUG_ON(waitqueue_active(&ctx->fd_wqh));
+		VM_WARN_ON_ONCE(spin_is_locked(&ctx->fault_pending_wqh.lock));
+		VM_WARN_ON_ONCE(waitqueue_active(&ctx->fault_pending_wqh));
+		VM_WARN_ON_ONCE(spin_is_locked(&ctx->fault_wqh.lock));
+		VM_WARN_ON_ONCE(waitqueue_active(&ctx->fault_wqh));
+		VM_WARN_ON_ONCE(spin_is_locked(&ctx->event_wqh.lock));
+		VM_WARN_ON_ONCE(waitqueue_active(&ctx->event_wqh));
+		VM_WARN_ON_ONCE(spin_is_locked(&ctx->fd_wqh.lock));
+		VM_WARN_ON_ONCE(waitqueue_active(&ctx->fd_wqh));
 		mmdrop(ctx->mm);
 		kmem_cache_free(userfaultfd_ctx_cachep, ctx);
 	}
@@ -383,12 +383,12 @@ vm_fault_t handle_userfault(struct vm_fault *vmf, uns=
igned long reason)
 	if (!ctx)
 		goto out;
=20
-	BUG_ON(ctx->mm !=3D mm);
+	VM_WARN_ON_ONCE(ctx->mm !=3D mm);
=20
 	/* Any unrecognized flag is a bug. */
-	VM_BUG_ON(reason & ~__VM_UFFD_FLAGS);
+	VM_WARN_ON_ONCE(reason & ~__VM_UFFD_FLAGS);
 	/* 0 or > 1 flags set is a bug; we expect exactly 1. */
-	VM_BUG_ON(!reason || (reason & (reason - 1)));
+	VM_WARN_ON_ONCE(!reason || (reason & (reason - 1)));
=20
 	if (ctx->features & UFFD_FEATURE_SIGBUS)
 		goto out;
@@ -411,12 +411,11 @@ vm_fault_t handle_userfault(struct vm_fault *vmf, uns=
igned long reason)
 		 * to be sure not to return SIGBUS erroneously on
 		 * nowait invocations.
 		 */
-		BUG_ON(vmf->flags & FAULT_FLAG_RETRY_NOWAIT);
+		VM_WARN_ON_ONCE(vmf->flags & FAULT_FLAG_RETRY_NOWAIT);
 #ifdef CONFIG_DEBUG_VM
 		if (printk_ratelimit()) {
-			printk(KERN_WARNING
-			       "FAULT_FLAG_ALLOW_RETRY missing %x\n",
-			       vmf->flags);
+			pr_warn("FAULT_FLAG_ALLOW_RETRY missing %x\n",
+				vmf->flags);
 			dump_stack();
 		}
 #endif
@@ -602,7 +601,7 @@ static void userfaultfd_event_wait_completion(struct us=
erfaultfd_ctx *ctx,
 	 */
 out:
 	atomic_dec(&ctx->mmap_changing);
-	VM_BUG_ON(atomic_read(&ctx->mmap_changing) < 0);
+	VM_WARN_ON_ONCE(atomic_read(&ctx->mmap_changing) < 0);
 	userfaultfd_ctx_put(ctx);
 }
=20
@@ -710,7 +709,7 @@ void dup_userfaultfd_fail(struct list_head *fcs)
 		struct userfaultfd_ctx *ctx =3D fctx->new;
=20
 		atomic_dec(&octx->mmap_changing);
-		VM_BUG_ON(atomic_read(&octx->mmap_changing) < 0);
+		VM_WARN_ON_ONCE(atomic_read(&octx->mmap_changing) < 0);
 		userfaultfd_ctx_put(octx);
 		userfaultfd_ctx_put(ctx);
=20
@@ -1317,8 +1316,8 @@ static int userfaultfd_register(struct userfaultfd_ct=
x *ctx,
 	do {
 		cond_resched();
=20
-		BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
-		       !!(cur->vm_flags & __VM_UFFD_FLAGS));
+		VM_WARN_ON_ONCE(!!cur->vm_userfaultfd_ctx.ctx ^
+				!!(cur->vm_flags & __VM_UFFD_FLAGS));
=20
 		/* check not compatible vmas */
 		ret =3D -EINVAL;
@@ -1372,7 +1371,7 @@ static int userfaultfd_register(struct userfaultfd_ct=
x *ctx,
=20
 		found =3D true;
 	} for_each_vma_range(vmi, cur, end);
-	BUG_ON(!found);
+	VM_WARN_ON_ONCE(!found);
=20
 	ret =3D userfaultfd_register_range(ctx, vma, vm_flags, start, end,
 					 wp_async);
@@ -1464,8 +1463,8 @@ static int userfaultfd_unregister(struct userfaultfd_=
ctx *ctx,
 	do {
 		cond_resched();
=20
-		BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
-		       !!(cur->vm_flags & __VM_UFFD_FLAGS));
+		VM_WARN_ON_ONCE(!!cur->vm_userfaultfd_ctx.ctx ^
+				!!(cur->vm_flags & __VM_UFFD_FLAGS));
=20
 		/*
 		 * Prevent unregistering through a different userfaultfd than
@@ -1487,7 +1486,7 @@ static int userfaultfd_unregister(struct userfaultfd_=
ctx *ctx,
=20
 		found =3D true;
 	} for_each_vma_range(vmi, cur, end);
-	BUG_ON(!found);
+	VM_WARN_ON_ONCE(!found);
=20
 	vma_iter_set(&vmi, start);
 	prev =3D vma_prev(&vmi);
@@ -1504,7 +1503,7 @@ static int userfaultfd_unregister(struct userfaultfd_=
ctx *ctx,
=20
 		VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx !=3D ctx);
 		VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async));
-		WARN_ON(!(vma->vm_flags & VM_MAYWRITE));
+		VM_WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE));
=20
 		if (vma->vm_start > start)
 			start =3D vma->vm_start;
@@ -1569,7 +1568,7 @@ static int userfaultfd_wake(struct userfaultfd_ctx *c=
tx,
 	 * len =3D=3D 0 means wake all and we don't want to wake all here,
 	 * so check it again to be sure.
 	 */
-	VM_BUG_ON(!range.len);
+	VM_WARN_ON_ONCE(!range.len);
=20
 	wake_userfault(ctx, &range);
 	ret =3D 0;
@@ -1626,7 +1625,7 @@ static int userfaultfd_copy(struct userfaultfd_ctx *c=
tx,
 		return -EFAULT;
 	if (ret < 0)
 		goto out;
-	BUG_ON(!ret);
+	VM_WARN_ON_ONCE(!ret);
 	/* len =3D=3D 0 would wake all */
 	range.len =3D ret;
 	if (!(uffdio_copy.mode & UFFDIO_COPY_MODE_DONTWAKE)) {
@@ -1681,7 +1680,7 @@ static int userfaultfd_zeropage(struct userfaultfd_ct=
x *ctx,
 	if (ret < 0)
 		goto out;
 	/* len =3D=3D 0 would wake all */
-	BUG_ON(!ret);
+	VM_WARN_ON_ONCE(!ret);
 	range.len =3D ret;
 	if (!(uffdio_zeropage.mode & UFFDIO_ZEROPAGE_MODE_DONTWAKE)) {
 		range.start =3D uffdio_zeropage.range.start;
@@ -1793,7 +1792,7 @@ static int userfaultfd_continue(struct userfaultfd_ct=
x *ctx, unsigned long arg)
 		goto out;
=20
 	/* len =3D=3D 0 would wake all */
-	BUG_ON(!ret);
+	VM_WARN_ON_ONCE(!ret);
 	range.len =3D ret;
 	if (!(uffdio_continue.mode & UFFDIO_CONTINUE_MODE_DONTWAKE)) {
 		range.start =3D uffdio_continue.range.start;
@@ -1850,7 +1849,7 @@ static inline int userfaultfd_poison(struct userfault=
fd_ctx *ctx, unsigned long
 		goto out;
=20
 	/* len =3D=3D 0 would wake all */
-	BUG_ON(!ret);
+	VM_WARN_ON_ONCE(!ret);
 	range.len =3D ret;
 	if (!(uffdio_poison.mode & UFFDIO_POISON_MODE_DONTWAKE)) {
 		range.start =3D uffdio_poison.range.start;
@@ -2111,7 +2110,7 @@ static int new_userfaultfd(int flags)
 	struct file *file;
 	int fd;
=20
-	BUG_ON(!current->mm);
+	VM_WARN_ON_ONCE(!current->mm);
=20
 	/* Check the UFFD_* constants for consistency.  */
 	BUILD_BUG_ON(UFFD_USER_MODE_ONLY & UFFD_SHARED_FCNTL_FLAGS);
diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index bc473ad21202..240578bed181 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -561,7 +561,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb(
 	}
=20
 	while (src_addr < src_start + len) {
-		BUG_ON(dst_addr >=3D dst_start + len);
+		VM_WARN_ON_ONCE(dst_addr >=3D dst_start + len);
=20
 		/*
 		 * Serialize via vma_lock and hugetlb_fault_mutex.
@@ -602,7 +602,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb(
 		if (unlikely(err =3D=3D -ENOENT)) {
 			up_read(&ctx->map_changing_lock);
 			uffd_mfill_unlock(dst_vma);
-			BUG_ON(!folio);
+			VM_WARN_ON_ONCE(!folio);
=20
 			err =3D copy_folio_from_user(folio,
 						   (const void __user *)src_addr, true);
@@ -614,7 +614,7 @@ static __always_inline ssize_t mfill_atomic_hugetlb(
 			dst_vma =3D NULL;
 			goto retry;
 		} else
-			BUG_ON(folio);
+			VM_WARN_ON_ONCE(folio);
=20
 		if (!err) {
 			dst_addr +=3D vma_hpagesize;
@@ -635,9 +635,9 @@ static __always_inline ssize_t mfill_atomic_hugetlb(
 out:
 	if (folio)
 		folio_put(folio);
-	BUG_ON(copied < 0);
-	BUG_ON(err > 0);
-	BUG_ON(!copied && !err);
+	VM_WARN_ON_ONCE(copied < 0);
+	VM_WARN_ON_ONCE(err > 0);
+	VM_WARN_ON_ONCE(!copied && !err);
 	return copied ? copied : err;
 }
 #else /* !CONFIG_HUGETLB_PAGE */
@@ -711,12 +711,12 @@ static __always_inline ssize_t mfill_atomic(struct us=
erfaultfd_ctx *ctx,
 	/*
 	 * Sanitize the command parameters:
 	 */
-	BUG_ON(dst_start & ~PAGE_MASK);
-	BUG_ON(len & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(dst_start & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(len & ~PAGE_MASK);
=20
 	/* Does the address range wrap, or is the span zero-sized? */
-	BUG_ON(src_start + len <=3D src_start);
-	BUG_ON(dst_start + len <=3D dst_start);
+	VM_WARN_ON_ONCE(src_start + len <=3D src_start);
+	VM_WARN_ON_ONCE(dst_start + len <=3D dst_start);
=20
 	src_addr =3D src_start;
 	dst_addr =3D dst_start;
@@ -775,7 +775,7 @@ static __always_inline ssize_t mfill_atomic(struct user=
faultfd_ctx *ctx,
 	while (src_addr < src_start + len) {
 		pmd_t dst_pmdval;
=20
-		BUG_ON(dst_addr >=3D dst_start + len);
+		VM_WARN_ON_ONCE(dst_addr >=3D dst_start + len);
=20
 		dst_pmd =3D mm_alloc_pmd(dst_mm, dst_addr);
 		if (unlikely(!dst_pmd)) {
@@ -818,7 +818,7 @@ static __always_inline ssize_t mfill_atomic(struct user=
faultfd_ctx *ctx,
=20
 			up_read(&ctx->map_changing_lock);
 			uffd_mfill_unlock(dst_vma);
-			BUG_ON(!folio);
+			VM_WARN_ON_ONCE(!folio);
=20
 			kaddr =3D kmap_local_folio(folio, 0);
 			err =3D copy_from_user(kaddr,
@@ -832,7 +832,7 @@ static __always_inline ssize_t mfill_atomic(struct user=
faultfd_ctx *ctx,
 			flush_dcache_folio(folio);
 			goto retry;
 		} else
-			BUG_ON(folio);
+			VM_WARN_ON_ONCE(folio);
=20
 		if (!err) {
 			dst_addr +=3D PAGE_SIZE;
@@ -852,9 +852,9 @@ static __always_inline ssize_t mfill_atomic(struct user=
faultfd_ctx *ctx,
 out:
 	if (folio)
 		folio_put(folio);
-	BUG_ON(copied < 0);
-	BUG_ON(err > 0);
-	BUG_ON(!copied && !err);
+	VM_WARN_ON_ONCE(copied < 0);
+	VM_WARN_ON_ONCE(err > 0);
+	VM_WARN_ON_ONCE(!copied && !err);
 	return copied ? copied : err;
 }
=20
@@ -940,11 +940,11 @@ int mwriteprotect_range(struct userfaultfd_ctx *ctx, =
unsigned long start,
 	/*
 	 * Sanitize the command parameters:
 	 */
-	BUG_ON(start & ~PAGE_MASK);
-	BUG_ON(len & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(start & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(len & ~PAGE_MASK);
=20
 	/* Does the address range wrap, or is the span zero-sized? */
-	BUG_ON(start + len <=3D start);
+	VM_WARN_ON_ONCE(start + len <=3D start);
=20
 	mmap_read_lock(dst_mm);
=20
@@ -1709,15 +1709,13 @@ ssize_t move_pages(struct userfaultfd_ctx *ctx, uns=
igned long dst_start,
 	ssize_t moved =3D 0;
=20
 	/* Sanitize the command parameters. */
-	if (WARN_ON_ONCE(src_start & ~PAGE_MASK) ||
-	    WARN_ON_ONCE(dst_start & ~PAGE_MASK) ||
-	    WARN_ON_ONCE(len & ~PAGE_MASK))
-		goto out;
+	VM_WARN_ON_ONCE(src_start & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(dst_start & ~PAGE_MASK);
+	VM_WARN_ON_ONCE(len & ~PAGE_MASK);
=20
 	/* Does the address range wrap, or is the span zero-sized? */
-	if (WARN_ON_ONCE(src_start + len <=3D src_start) ||
-	    WARN_ON_ONCE(dst_start + len <=3D dst_start))
-		goto out;
+	VM_WARN_ON_ONCE(src_start + len < src_start);
+	VM_WARN_ON_ONCE(dst_start + len < dst_start);
=20
 	err =3D uffd_move_lock(mm, dst_start, src_start, &dst_vma, &src_vma);
 	if (err)
@@ -1867,9 +1865,9 @@ ssize_t move_pages(struct userfaultfd_ctx *ctx, unsig=
ned long dst_start,
 	up_read(&ctx->map_changing_lock);
 	uffd_move_unlock(dst_vma, src_vma);
 out:
-	VM_WARN_ON(moved < 0);
-	VM_WARN_ON(err > 0);
-	VM_WARN_ON(!moved && !err);
+	VM_WARN_ON_ONCE(moved < 0);
+	VM_WARN_ON_ONCE(err > 0);
+	VM_WARN_ON_ONCE(!moved && !err);
 	return moved ? moved : err;
 }
=20
@@ -1956,10 +1954,10 @@ int userfaultfd_register_range(struct userfaultfd_c=
tx *ctx,
 	for_each_vma_range(vmi, vma, end) {
 		cond_resched();
=20
-		BUG_ON(!vma_can_userfault(vma, vm_flags, wp_async));
-		BUG_ON(vma->vm_userfaultfd_ctx.ctx &&
-		       vma->vm_userfaultfd_ctx.ctx !=3D ctx);
-		WARN_ON(!(vma->vm_flags & VM_MAYWRITE));
+		VM_WARN_ON_ONCE(!vma_can_userfault(vma, vm_flags, wp_async));
+		VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx &&
+				vma->vm_userfaultfd_ctx.ctx !=3D ctx);
+		VM_WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE));
=20
 		/*
 		 * Nothing to do: this vma is already registered into this
@@ -2035,8 +2033,8 @@ void userfaultfd_release_all(struct mm_struct *mm,
 	prev =3D NULL;
 	for_each_vma(vmi, vma) {
 		cond_resched();
-		BUG_ON(!!vma->vm_userfaultfd_ctx.ctx ^
-		       !!(vma->vm_flags & __VM_UFFD_FLAGS));
+		VM_WARN_ON_ONCE(!!vma->vm_userfaultfd_ctx.ctx ^
+				!!(vma->vm_flags & __VM_UFFD_FLAGS));
 		if (vma->vm_userfaultfd_ctx.ctx !=3D ctx) {
 			prev =3D vma;
 			continue;

--=20
2.39.5
From nobody Thu Oct  9 04:46:24 2025
Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com
 [148.163.139.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D91312A177
	for <linux-kernel@vger.kernel.org>; Fri, 20 Jun 2025 01:25:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=148.163.139.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1750382724; cv=none;
 b=dKhDmaiUNjNKTO1xOp+EHfkKOAPrmXrU6Jx5MvdOmnfZMOwiN8/MiiPpHY8U3q2m5CPYR8WoE5yzjFSvEheXjGqWP5b0lXWY0Qc/2Yr2BBUz3/k0me4F2dlbnjBldfY6BCeBeZd+09oZ0HRtFSM481yDFbDekUO0cMsPRs7wJvs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1750382724; c=relaxed/simple;
	bh=EP9W1OmB+wcjXQYUgIL2fq+FEVkI22zf392uYjNc/Kw=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=t7JO7INtIvFuUIOojIEQuVe5QUkn0bGNONOhQEYoiAYb1X9970a92CLTFvgRoDFc3gbD04zcFhmdOo4W843kW7VtG6xZtSCZcz759jxd8WxL6SB4PKpZv6owVHFURCBmXUHws3VuoZgxO99vBuPe9jnQFofKziOTUMnlpVQAG/w=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu;
 spf=pass smtp.mailfrom=columbia.edu;
 dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b=b3DP1ef0; arc=none smtp.client-ip=148.163.139.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=columbia.edu
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=columbia.edu header.i=@columbia.edu
 header.b="b3DP1ef0"
Received: from pps.filterd (m0167075.ppops.net [127.0.0.1])
	by mx0b-00364e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 55JLOqdS014414
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=cc :
 content-transfer-encoding : content-type : date : from : in-reply-to :
 message-id : mime-version : references : subject : to; s=pps01;
 bh=y1DbwL1SG9nqQt6rgisMJIz4Tza+3QMR1zphzABvsLI=;
 b=b3DP1ef0ovPOnRNKCRG6SoL/WKc8apVbD69DjCrOT1sKDWfiKnlKsdrSy15K1J6h9SBb
 rlbQmR2U5e5jWz2wWyc5pIH6UIzQbI8fjaJoAoAtyMTbAj2qvGxTvhnEJYmJ1UbyTCfs
 XaCyPry8N6NaPpHtcDSXR6T8cXLjDC9ys5hidB5oSYU/hGEEqXGmonhRdDPmA/MTVq2G
 hAMmzDck/158YxVKophyvUhtaLp1x+k7SJQrXhe0d56Y2CRuawSGcpw7+4ApGutRxOsh
 tEQrq2iP+qRBf+ute9KIfZ9kwVi8+qwNH4WJLCQOKAnKrCfSeB624CirQhmE9K9YqP/P 0w==
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199])
	by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 479p7pqsdb-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Thu, 19 Jun 2025 21:25:21 -0400
Received: by mail-qt1-f199.google.com with SMTP id
 d75a77b69052e-4a44c8e11efso37178641cf.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 19 Jun 2025 18:25:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750382694; x=1750987494;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y1DbwL1SG9nqQt6rgisMJIz4Tza+3QMR1zphzABvsLI=;
        b=jJG2BBv6ZSmXiASELbTICagVKZOHsbdTnI2WwKvL7aTULgMlmI0bem4thKjL3pgKXX
         2gb3rBEJjNEns1aS+aXEDkJSfNroMYMcpV0V+akR/d3gp8wZDLHjPkVSz/KNsZQBsFeG
         e3GUK5SeDSl4qmjdSHj83oFknnNCKIq3iWzdqJtvuGW8LYo5QabsWj0Vsq6rxIdtWMkT
         8ttqMfPIuxJOtF771L/ufN8dlxSRC+wSgZBU1iOGj+JCLYwyKBc7k4/Q7RQBW4MzsZmK
         /zBy5YfwmSitpDK94h5PHgeQSFNTmZ7zR2B/1w5LVm84fuKjX7Zf/1skvLCwHE5hQHRq
         mawA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXIe71KXAK87dZRlNESqsnG8bBumLcQ6UlQnqnuIisBNqLzbFPSuft8OTMrxylWrD4NlFF7I9tBmk4ZzCE=@vger.kernel.org
X-Gm-Message-State: AOJu0Yw0zFBNFrdIfnjXgNRaAy4pTWsW1ZaDfDucaANISsfpgnMK6QT2
	R/VQy5mJy1Rm5909Mx/0IdR3nITAq75Q7tI2L754Ym78XJOpR1aK2c/9Rzv6e/DtR8GVIi6a3oT
	qS3HfDRVsiz67Rcpnk4zYhLNucayKXt2sLC80K6S2HrAscw2bLtb+60sTplKItA==
X-Gm-Gg: ASbGncvjwnBeRYSjA8+EyU2fyg7ucK933oXsxHVHpDx29HDCGQCNplgJm19PkodOv75
	eHgJ1rGeQ2P2sY072Zs5Q4VjoS8u+N3OayHwBuqdvRdn7Rumyiy/NeVwgqz0U1l5aJasovTHEte
	XJFog/dBevRFx4QvW/oFlKGFfIWp/f5kCsyEuiJ3b/hnIfIJWVPreAF6MvoYLIYpynvA8KyVBdx
	B/OEqq3D6RD27wMe8dsjIbyLh/OBMzLMX7CjHqCc924sHYddiBG9nMbjdzhommSH3589z36iu2b
	7Vu+or0y6/djGHKB9WDJpfZ6rS2HSooyWO8NR4U5QnPM5kG0YTLSKrV7BBhRDavjxzOu
X-Received: by 2002:a05:622a:134b:b0:4a4:2ffb:5482 with SMTP id
 d75a77b69052e-4a77a2cc1a2mr18298001cf.38.1750382694500;
        Thu, 19 Jun 2025 18:24:54 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGdvZEXi3Vbfe/ihSwyAC6bOFZTIRmYu8oCTMk4/J2B2hDJEgqywAAZZz5rCDXLHlNnuSS/tA==
X-Received: by 2002:a05:622a:134b:b0:4a4:2ffb:5482 with SMTP id
 d75a77b69052e-4a77a2cc1a2mr18297771cf.38.1750382694086;
        Thu, 19 Jun 2025 18:24:54 -0700 (PDT)
Received: from [127.0.1.1] (dyn-160-39-33-242.dyn.columbia.edu.
 [160.39.33.242])
        by smtp.gmail.com with ESMTPSA id
 d75a77b69052e-4a779e79c12sm3794321cf.53.2025.06.19.18.24.53
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Jun 2025 18:24:53 -0700 (PDT)
From: Tal Zussman <tz2294@columbia.edu>
Date: Thu, 19 Jun 2025 21:24:26 -0400
Subject: [PATCH v3 4/4] userfaultfd: remove UFFD_CLOEXEC, UFFD_NONBLOCK,
 and UFFD_FLAGS_SET
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20250619-uffd-fixes-v3-4-a7274d3bd5e4@columbia.edu>
References: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
In-Reply-To: <20250619-uffd-fixes-v3-0-a7274d3bd5e4@columbia.edu>
To: Andrew Morton <akpm@linux-foundation.org>, Peter Xu <peterx@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        David Hildenbrand <david@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
        Andrea Arcangeli <aarcange@redhat.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Tal Zussman <tz2294@columbia.edu>
X-Mailer: b4 0.14.3-dev-d7477
X-Developer-Signature: v=1; a=ed25519-sha256; t=1750382688; l=1546;
 i=tz2294@columbia.edu; s=20250528; h=from:subject:message-id;
 bh=EP9W1OmB+wcjXQYUgIL2fq+FEVkI22zf392uYjNc/Kw=;
 b=4m0MC8lpRu7JrFBUgKxSFn0CjaKQkdAzLnQAQrVX3RoGclBRGauwzPiHVkIISeEUPOieusAn7
 OZo32XipF0HBu7kDSe/Y3EbDpYR9WkGa6j1Q0UCU0Gc17bcAwqbVtH6
X-Developer-Key: i=tz2294@columbia.edu; a=ed25519;
 pk=BIj5KdACscEOyAC0oIkeZqLB3L94fzBnDccEooxeM5Y=
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIwMDAwOSBTYWx0ZWRfX4YYkCVux9QIt
 ZrlmPAudgr3SHGZhm4ELG4X+g7PXr7Fz+NHWtZfXg6tNOUZTFEs4M2QO5RfMhqNgHonbWsNPaM/
 /jhlCqLMkEx25XMGg/EdY5dQ3obtnK/cNTktmotOHaZZnEFFhacdegd/1L04l2oHL3dxhI1JgI/
 eY1Fhp+/eo4Qh1+1tM4cjh4Ecl1G5ZZjMSA6PKslvRXptGcDv1hzhuAIVJCj1LvSDT//DWol1eX
 5RbvLCsb/wiSSvVFBvsapqJhNWi/WCs1Mtb+xxPaNlh0MWoji2l3xrfs2lCkdSKzyKefa5gYTPH
 Q+0MFdwySX+0gPQtbf5NmFpObqqj4MrhJq2b7sF035QWjR3CM/5a/j5HhJKz5ovt5WsvkfcsAPM
 FmgvQxZe
X-Proofpoint-GUID: sxBSniOmz1Gpu_Lhm5uBuVYH5AF8GWJS
X-Proofpoint-ORIG-GUID: sxBSniOmz1Gpu_Lhm5uBuVYH5AF8GWJS
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-06-19_08,2025-06-18_03,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 bulkscore=10
 priorityscore=1501 malwarescore=0 suspectscore=0 lowpriorityscore=10
 clxscore=1015 mlxlogscore=523 mlxscore=0 adultscore=0 spamscore=0
 phishscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2505160000 definitions=main-2506200009

UFFD_CLOEXEC, UFFD_NONBLOCK, and UFFD_FLAGS_SET have been unused since they
were added in commit 932b18e0aec6 ("userfaultfd: linux/userfaultfd_k.h").
Remove them and the associated BUILD_BUG_ON() checks.

Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Tal Zussman <tz2294@columbia.edu>
---
 fs/userfaultfd.c              | 2 --
 include/linux/userfaultfd_k.h | 4 ----
 2 files changed, 6 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 771e81ea4ef6..a2928b0aec6f 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -2114,8 +2114,6 @@ static int new_userfaultfd(int flags)
=20
 	/* Check the UFFD_* constants for consistency.  */
 	BUILD_BUG_ON(UFFD_USER_MODE_ONLY & UFFD_SHARED_FCNTL_FLAGS);
-	BUILD_BUG_ON(UFFD_CLOEXEC !=3D O_CLOEXEC);
-	BUILD_BUG_ON(UFFD_NONBLOCK !=3D O_NONBLOCK);
=20
 	if (flags & ~(UFFD_SHARED_FCNTL_FLAGS | UFFD_USER_MODE_ONLY))
 		return -EINVAL;
diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
index f3b3d2c9dd5e..ccad58602846 100644
--- a/include/linux/userfaultfd_k.h
+++ b/include/linux/userfaultfd_k.h
@@ -30,11 +30,7 @@
  * from userfaultfd, in order to leave a free define-space for
  * shared O_* flags.
  */
-#define UFFD_CLOEXEC O_CLOEXEC
-#define UFFD_NONBLOCK O_NONBLOCK
-
 #define UFFD_SHARED_FCNTL_FLAGS (O_CLOEXEC | O_NONBLOCK)
-#define UFFD_FLAGS_SET (EFD_SHARED_FCNTL_FLAGS)
=20
 /*
  * Start with fault_pending_wqh and fault_wqh so they're more likely

--=20
2.39.5