4 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
5 * Copyright (C) 2008-2009 Red Hat, Inc.
6 * Copyright (C) 2015 Red Hat, Inc.
8 * This work is licensed under the terms of the GNU GPL, version 2. See
9 * the COPYING file in the top-level directory.
11 * Some part derived from fs/eventfd.c (anon inode setup) and
12 * mm/ksm.c (mm hashing).
15 #include <linux/hashtable.h>
16 #include <linux/sched.h>
18 #include <linux/poll.h>
19 #include <linux/slab.h>
20 #include <linux/seq_file.h>
21 #include <linux/file.h>
22 #include <linux/bug.h>
23 #include <linux/anon_inodes.h>
24 #include <linux/syscalls.h>
25 #include <linux/userfaultfd_k.h>
26 #include <linux/mempolicy.h>
27 #include <linux/ioctl.h>
28 #include <linux/security.h>
30 enum userfaultfd_state {
35 struct userfaultfd_ctx {
36 /* pseudo fd refcounting */
38 /* waitqueue head for the userfaultfd page faults */
39 wait_queue_head_t fault_wqh;
40 /* waitqueue head for the pseudo fd to wakeup poll/read */
41 wait_queue_head_t fd_wqh;
42 /* userfaultfd syscall flags */
45 enum userfaultfd_state state;
48 /* mm with one ore more vmas attached to this userfaultfd_ctx */
52 struct userfaultfd_wait_queue {
56 struct userfaultfd_ctx *ctx;
59 struct userfaultfd_wake_range {
64 static int userfaultfd_wake_function(wait_queue_t *wq, unsigned mode,
65 int wake_flags, void *key)
67 struct userfaultfd_wake_range *range = key;
69 struct userfaultfd_wait_queue *uwq;
70 unsigned long start, len;
72 uwq = container_of(wq, struct userfaultfd_wait_queue, wq);
74 /* don't wake the pending ones to avoid reads to block */
75 if (uwq->pending && !ACCESS_ONCE(uwq->ctx->released))
77 /* len == 0 means wake all */
80 if (len && (start > uwq->msg.arg.pagefault.address ||
81 start + len <= uwq->msg.arg.pagefault.address))
83 ret = wake_up_state(wq->private, mode);
86 * Wake only once, autoremove behavior.
88 * After the effect of list_del_init is visible to the
89 * other CPUs, the waitqueue may disappear from under
90 * us, see the !list_empty_careful() in
91 * handle_userfault(). try_to_wake_up() has an
92 * implicit smp_mb__before_spinlock, and the
93 * wq->private is read before calling the extern
94 * function "wake_up_state" (which in turns calls
95 * try_to_wake_up). While the spin_lock;spin_unlock;
96 * wouldn't be enough, the smp_mb__before_spinlock is
97 * enough to avoid an explicit smp_mb() here.
99 list_del_init(&wq->task_list);
105 * userfaultfd_ctx_get - Acquires a reference to the internal userfaultfd
107 * @ctx: [in] Pointer to the userfaultfd context.
109 * Returns: In case of success, returns not zero.
111 static void userfaultfd_ctx_get(struct userfaultfd_ctx *ctx)
113 if (!atomic_inc_not_zero(&ctx->refcount))
118 * userfaultfd_ctx_put - Releases a reference to the internal userfaultfd
120 * @ctx: [in] Pointer to userfaultfd context.
122 * The userfaultfd context reference must have been previously acquired either
123 * with userfaultfd_ctx_get() or userfaultfd_ctx_fdget().
125 static void userfaultfd_ctx_put(struct userfaultfd_ctx *ctx)
127 if (atomic_dec_and_test(&ctx->refcount)) {
128 VM_BUG_ON(spin_is_locked(&ctx->fault_pending_wqh.lock));
129 VM_BUG_ON(waitqueue_active(&ctx->fault_pending_wqh));
130 VM_BUG_ON(spin_is_locked(&ctx->fault_wqh.lock));
131 VM_BUG_ON(waitqueue_active(&ctx->fault_wqh));
132 VM_BUG_ON(spin_is_locked(&ctx->fd_wqh.lock));
133 VM_BUG_ON(waitqueue_active(&ctx->fd_wqh));
139 static inline void msg_init(struct uffd_msg *msg)
141 BUILD_BUG_ON(sizeof(struct uffd_msg) != 32);
143 * Must use memset to zero out the paddings or kernel data is
144 * leaked to userland.
146 memset(msg, 0, sizeof(struct uffd_msg));
149 static inline struct uffd_msg userfault_msg(unsigned long address,
151 unsigned long reason)
155 msg.event = UFFD_EVENT_PAGEFAULT;
156 msg.arg.pagefault.address = address;
157 if (flags & FAULT_FLAG_WRITE)
159 * If UFFD_FEATURE_PAGEFAULT_FLAG_WRITE was set in the
160 * uffdio_api.features and UFFD_PAGEFAULT_FLAG_WRITE
161 * was not set in a UFFD_EVENT_PAGEFAULT, it means it
162 * was a read fault, otherwise if set it means it's
165 msg.arg.pagefault.flags |= UFFD_PAGEFAULT_FLAG_WRITE;
166 if (reason & VM_UFFD_WP)
168 * If UFFD_FEATURE_PAGEFAULT_FLAG_WP was set in the
169 * uffdio_api.features and UFFD_PAGEFAULT_FLAG_WP was
170 * not set in a UFFD_EVENT_PAGEFAULT, it means it was
171 * a missing fault, otherwise if set it means it's a
172 * write protect fault.
174 msg.arg.pagefault.flags |= UFFD_PAGEFAULT_FLAG_WP;
179 * The locking rules involved in returning VM_FAULT_RETRY depending on
180 * FAULT_FLAG_ALLOW_RETRY, FAULT_FLAG_RETRY_NOWAIT and
181 * FAULT_FLAG_KILLABLE are not straightforward. The "Caution"
182 * recommendation in __lock_page_or_retry is not an understatement.
184 * If FAULT_FLAG_ALLOW_RETRY is set, the mmap_sem must be released
185 * before returning VM_FAULT_RETRY only if FAULT_FLAG_RETRY_NOWAIT is
188 * If FAULT_FLAG_ALLOW_RETRY is set but FAULT_FLAG_KILLABLE is not
189 * set, VM_FAULT_RETRY can still be returned if and only if there are
190 * fatal_signal_pending()s, and the mmap_sem must be released before
193 int handle_userfault(struct vm_area_struct *vma, unsigned long address,
194 unsigned int flags, unsigned long reason)
196 struct mm_struct *mm = vma->vm_mm;
197 struct userfaultfd_ctx *ctx;
198 struct userfaultfd_wait_queue uwq;
200 BUG_ON(!rwsem_is_locked(&mm->mmap_sem));
202 ctx = vma->vm_userfaultfd_ctx.ctx;
204 return VM_FAULT_SIGBUS;
206 BUG_ON(ctx->mm != mm);
208 VM_BUG_ON(reason & ~(VM_UFFD_MISSING|VM_UFFD_WP));
209 VM_BUG_ON(!(reason & VM_UFFD_MISSING) ^ !!(reason & VM_UFFD_WP));
212 * If it's already released don't get it. This avoids to loop
213 * in __get_user_pages if userfaultfd_release waits on the
214 * caller of handle_userfault to release the mmap_sem.
216 if (unlikely(ACCESS_ONCE(ctx->released)))
217 return VM_FAULT_SIGBUS;
220 * Check that we can return VM_FAULT_RETRY.
222 * NOTE: it should become possible to return VM_FAULT_RETRY
223 * even if FAULT_FLAG_TRIED is set without leading to gup()
224 * -EBUSY failures, if the userfaultfd is to be extended for
225 * VM_UFFD_WP tracking and we intend to arm the userfault
226 * without first stopping userland access to the memory. For
227 * VM_UFFD_MISSING userfaults this is enough for now.
229 if (unlikely(!(flags & FAULT_FLAG_ALLOW_RETRY))) {
231 * Validate the invariant that nowait must allow retry
232 * to be sure not to return SIGBUS erroneously on
233 * nowait invocations.
235 BUG_ON(flags & FAULT_FLAG_RETRY_NOWAIT);
236 #ifdef CONFIG_DEBUG_VM
237 if (printk_ratelimit()) {
239 "FAULT_FLAG_ALLOW_RETRY missing %x\n", flags);
243 return VM_FAULT_SIGBUS;
247 * Handle nowait, not much to do other than tell it to retry
250 if (flags & FAULT_FLAG_RETRY_NOWAIT)
251 return VM_FAULT_RETRY;
253 /* take the reference before dropping the mmap_sem */
254 userfaultfd_ctx_get(ctx);
256 /* be gentle and immediately relinquish the mmap_sem */
257 up_read(&mm->mmap_sem);
259 init_waitqueue_func_entry(&uwq.wq, userfaultfd_wake_function);
260 uwq.wq.private = current;
261 uwq.msg = userfault_msg(address, flags, reason);
265 spin_lock(&ctx->fault_wqh.lock);
267 * After the __add_wait_queue the uwq is visible to userland
268 * through poll/read().
270 __add_wait_queue(&ctx->fault_wqh, &uwq.wq);
272 set_current_state(TASK_KILLABLE);
273 if (!uwq.pending || ACCESS_ONCE(ctx->released) ||
274 fatal_signal_pending(current))
276 spin_unlock(&ctx->fault_wqh.lock);
278 wake_up_poll(&ctx->fd_wqh, POLLIN);
281 spin_lock(&ctx->fault_wqh.lock);
283 __remove_wait_queue(&ctx->fault_wqh, &uwq.wq);
284 __set_current_state(TASK_RUNNING);
285 spin_unlock(&ctx->fault_wqh.lock);
288 * ctx may go away after this if the userfault pseudo fd is
291 userfaultfd_ctx_put(ctx);
293 return VM_FAULT_RETRY;
296 static int userfaultfd_release(struct inode *inode, struct file *file)
298 struct userfaultfd_ctx *ctx = file->private_data;
299 struct mm_struct *mm = ctx->mm;
300 struct vm_area_struct *vma, *prev;
301 /* len == 0 means wake all */
302 struct userfaultfd_wake_range range = { .len = 0, };
303 unsigned long new_flags;
305 ACCESS_ONCE(ctx->released) = true;
308 * Flush page faults out of all CPUs. NOTE: all page faults
309 * must be retried without returning VM_FAULT_SIGBUS if
310 * userfaultfd_ctx_get() succeeds but vma->vma_userfault_ctx
311 * changes while handle_userfault released the mmap_sem. So
312 * it's critical that released is set to true (above), before
313 * taking the mmap_sem for writing.
315 down_write(&mm->mmap_sem);
317 for (vma = mm->mmap; vma; vma = vma->vm_next) {
319 BUG_ON(!!vma->vm_userfaultfd_ctx.ctx ^
320 !!(vma->vm_flags & (VM_UFFD_MISSING | VM_UFFD_WP)));
321 if (vma->vm_userfaultfd_ctx.ctx != ctx) {
325 new_flags = vma->vm_flags & ~(VM_UFFD_MISSING | VM_UFFD_WP);
326 prev = vma_merge(mm, prev, vma->vm_start, vma->vm_end,
327 new_flags, vma->anon_vma,
328 vma->vm_file, vma->vm_pgoff,
335 vma->vm_flags = new_flags;
336 vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX;
338 up_write(&mm->mmap_sem);
341 * After no new page faults can wait on this fault_wqh, flush
342 * the last page faults that may have been already waiting on
345 spin_lock(&ctx->fault_wqh.lock);
346 __wake_up_locked_key(&ctx->fault_wqh, TASK_NORMAL, 0, &range);
347 spin_unlock(&ctx->fault_wqh.lock);
349 wake_up_poll(&ctx->fd_wqh, POLLHUP);
350 userfaultfd_ctx_put(ctx);
354 /* fault_wqh.lock must be hold by the caller */
355 static inline unsigned int find_userfault(struct userfaultfd_ctx *ctx,
356 struct userfaultfd_wait_queue **uwq)
359 struct userfaultfd_wait_queue *_uwq;
360 unsigned int ret = 0;
362 VM_BUG_ON(!spin_is_locked(&ctx->fault_wqh.lock));
364 list_for_each_entry(wq, &ctx->fault_wqh.task_list, task_list) {
365 _uwq = container_of(wq, struct userfaultfd_wait_queue, wq);
370 * If there's at least a pending and
371 * we don't care which one it is,
372 * break immediately and leverage the
373 * efficiency of the LIFO walk.
377 * If we need to find which one was pending we
378 * keep walking until we find the first not
379 * pending one, so we read() them in FIFO order.
384 * break the loop at the first not pending
385 * one, there cannot be pending userfaults
386 * after the first not pending one, because
387 * all new pending ones are inserted at the
388 * head and we walk it in LIFO.
396 static unsigned int userfaultfd_poll(struct file *file, poll_table *wait)
398 struct userfaultfd_ctx *ctx = file->private_data;
401 poll_wait(file, &ctx->fd_wqh, wait);
403 switch (ctx->state) {
404 case UFFD_STATE_WAIT_API:
406 case UFFD_STATE_RUNNING:
407 spin_lock(&ctx->fault_wqh.lock);
408 ret = find_userfault(ctx, NULL);
409 spin_unlock(&ctx->fault_wqh.lock);
416 static ssize_t userfaultfd_ctx_read(struct userfaultfd_ctx *ctx, int no_wait,
417 struct uffd_msg *msg)
420 DECLARE_WAITQUEUE(wait, current);
421 struct userfaultfd_wait_queue *uwq = NULL;
423 /* always take the fd_wqh lock before the fault_wqh lock */
424 spin_lock(&ctx->fd_wqh.lock);
425 __add_wait_queue(&ctx->fd_wqh, &wait);
427 set_current_state(TASK_INTERRUPTIBLE);
428 spin_lock(&ctx->fault_wqh.lock);
429 if (find_userfault(ctx, &uwq)) {
431 * The fault_wqh.lock prevents the uwq to
432 * disappear from under us.
434 uwq->pending = false;
435 /* careful to always initialize msg if ret == 0 */
437 spin_unlock(&ctx->fault_wqh.lock);
441 spin_unlock(&ctx->fault_wqh.lock);
442 if (signal_pending(current)) {
450 spin_unlock(&ctx->fd_wqh.lock);
452 spin_lock(&ctx->fd_wqh.lock);
454 __remove_wait_queue(&ctx->fd_wqh, &wait);
455 __set_current_state(TASK_RUNNING);
456 spin_unlock(&ctx->fd_wqh.lock);
461 static ssize_t userfaultfd_read(struct file *file, char __user *buf,
462 size_t count, loff_t *ppos)
464 struct userfaultfd_ctx *ctx = file->private_data;
465 ssize_t _ret, ret = 0;
467 int no_wait = file->f_flags & O_NONBLOCK;
469 if (ctx->state == UFFD_STATE_WAIT_API)
471 BUG_ON(ctx->state != UFFD_STATE_RUNNING);
474 if (count < sizeof(msg))
475 return ret ? ret : -EINVAL;
476 _ret = userfaultfd_ctx_read(ctx, no_wait, &msg);
478 return ret ? ret : _ret;
479 if (copy_to_user((__u64 __user *) buf, &msg, sizeof(msg)))
480 return ret ? ret : -EFAULT;
483 count -= sizeof(msg);
485 * Allow to read more than one fault at time but only
486 * block if waiting for the very first one.
488 no_wait = O_NONBLOCK;
492 static void __wake_userfault(struct userfaultfd_ctx *ctx,
493 struct userfaultfd_wake_range *range)
495 unsigned long start, end;
497 start = range->start;
498 end = range->start + range->len;
500 spin_lock(&ctx->fault_wqh.lock);
501 /* wake all in the range and autoremove */
502 __wake_up_locked_key(&ctx->fault_wqh, TASK_NORMAL, 0, range);
503 spin_unlock(&ctx->fault_wqh.lock);
506 static __always_inline void wake_userfault(struct userfaultfd_ctx *ctx,
507 struct userfaultfd_wake_range *range)
510 * To be sure waitqueue_active() is not reordered by the CPU
511 * before the pagetable update, use an explicit SMP memory
512 * barrier here. PT lock release or up_read(mmap_sem) still
513 * have release semantics that can allow the
514 * waitqueue_active() to be reordered before the pte update.
519 * Use waitqueue_active because it's very frequent to
520 * change the address space atomically even if there are no
521 * userfaults yet. So we take the spinlock only when we're
522 * sure we've userfaults to wake.
524 if (waitqueue_active(&ctx->fault_wqh))
525 __wake_userfault(ctx, range);
528 static __always_inline int validate_range(struct mm_struct *mm,
529 __u64 start, __u64 len)
531 __u64 task_size = mm->task_size;
533 if (start & ~PAGE_MASK)
535 if (len & ~PAGE_MASK)
539 if (start < mmap_min_addr)
541 if (start >= task_size)
543 if (len > task_size - start)
548 static int userfaultfd_register(struct userfaultfd_ctx *ctx,
551 struct mm_struct *mm = ctx->mm;
552 struct vm_area_struct *vma, *prev, *cur;
554 struct uffdio_register uffdio_register;
555 struct uffdio_register __user *user_uffdio_register;
556 unsigned long vm_flags, new_flags;
558 unsigned long start, end, vma_end;
560 user_uffdio_register = (struct uffdio_register __user *) arg;
563 if (copy_from_user(&uffdio_register, user_uffdio_register,
564 sizeof(uffdio_register)-sizeof(__u64)))
568 if (!uffdio_register.mode)
570 if (uffdio_register.mode & ~(UFFDIO_REGISTER_MODE_MISSING|
571 UFFDIO_REGISTER_MODE_WP))
574 if (uffdio_register.mode & UFFDIO_REGISTER_MODE_MISSING)
575 vm_flags |= VM_UFFD_MISSING;
576 if (uffdio_register.mode & UFFDIO_REGISTER_MODE_WP) {
577 vm_flags |= VM_UFFD_WP;
579 * FIXME: remove the below error constraint by
580 * implementing the wprotect tracking mode.
586 ret = validate_range(mm, uffdio_register.range.start,
587 uffdio_register.range.len);
591 start = uffdio_register.range.start;
592 end = start + uffdio_register.range.len;
594 down_write(&mm->mmap_sem);
595 vma = find_vma_prev(mm, start, &prev);
601 /* check that there's at least one vma in the range */
603 if (vma->vm_start >= end)
607 * Search for not compatible vmas.
609 * FIXME: this shall be relaxed later so that it doesn't fail
610 * on tmpfs backed vmas (in addition to the current allowance
611 * on anonymous vmas).
614 for (cur = vma; cur && cur->vm_start < end; cur = cur->vm_next) {
617 BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
618 !!(cur->vm_flags & (VM_UFFD_MISSING | VM_UFFD_WP)));
620 /* check not compatible vmas */
626 * Check that this vma isn't already owned by a
627 * different userfaultfd. We can't allow more than one
628 * userfaultfd to own a single vma simultaneously or we
629 * wouldn't know which one to deliver the userfaults to.
632 if (cur->vm_userfaultfd_ctx.ctx &&
633 cur->vm_userfaultfd_ctx.ctx != ctx)
640 if (vma->vm_start < start)
648 BUG_ON(vma->vm_userfaultfd_ctx.ctx &&
649 vma->vm_userfaultfd_ctx.ctx != ctx);
652 * Nothing to do: this vma is already registered into this
653 * userfaultfd and with the right tracking mode too.
655 if (vma->vm_userfaultfd_ctx.ctx == ctx &&
656 (vma->vm_flags & vm_flags) == vm_flags)
659 if (vma->vm_start > start)
660 start = vma->vm_start;
661 vma_end = min(end, vma->vm_end);
663 new_flags = (vma->vm_flags & ~vm_flags) | vm_flags;
664 prev = vma_merge(mm, prev, start, vma_end, new_flags,
665 vma->anon_vma, vma->vm_file, vma->vm_pgoff,
667 ((struct vm_userfaultfd_ctx){ ctx }));
672 if (vma->vm_start < start) {
673 ret = split_vma(mm, vma, start, 1);
677 if (vma->vm_end > end) {
678 ret = split_vma(mm, vma, end, 0);
684 * In the vma_merge() successful mprotect-like case 8:
685 * the next vma was merged into the current one and
686 * the current one has not been updated yet.
688 vma->vm_flags = new_flags;
689 vma->vm_userfaultfd_ctx.ctx = ctx;
695 } while (vma && vma->vm_start < end);
697 up_write(&mm->mmap_sem);
700 * Now that we scanned all vmas we can already tell
701 * userland which ioctls methods are guaranteed to
702 * succeed on this range.
704 if (put_user(UFFD_API_RANGE_IOCTLS,
705 &user_uffdio_register->ioctls))
712 static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
715 struct mm_struct *mm = ctx->mm;
716 struct vm_area_struct *vma, *prev, *cur;
718 struct uffdio_range uffdio_unregister;
719 unsigned long new_flags;
721 unsigned long start, end, vma_end;
722 const void __user *buf = (void __user *)arg;
725 if (copy_from_user(&uffdio_unregister, buf, sizeof(uffdio_unregister)))
728 ret = validate_range(mm, uffdio_unregister.start,
729 uffdio_unregister.len);
733 start = uffdio_unregister.start;
734 end = start + uffdio_unregister.len;
736 down_write(&mm->mmap_sem);
737 vma = find_vma_prev(mm, start, &prev);
743 /* check that there's at least one vma in the range */
745 if (vma->vm_start >= end)
749 * Search for not compatible vmas.
751 * FIXME: this shall be relaxed later so that it doesn't fail
752 * on tmpfs backed vmas (in addition to the current allowance
753 * on anonymous vmas).
757 for (cur = vma; cur && cur->vm_start < end; cur = cur->vm_next) {
760 BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
761 !!(cur->vm_flags & (VM_UFFD_MISSING | VM_UFFD_WP)));
764 * Check not compatible vmas, not strictly required
765 * here as not compatible vmas cannot have an
766 * userfaultfd_ctx registered on them, but this
767 * provides for more strict behavior to notice
768 * unregistration errors.
777 if (vma->vm_start < start)
787 * Nothing to do: this vma is already registered into this
788 * userfaultfd and with the right tracking mode too.
790 if (!vma->vm_userfaultfd_ctx.ctx)
793 if (vma->vm_start > start)
794 start = vma->vm_start;
795 vma_end = min(end, vma->vm_end);
797 new_flags = vma->vm_flags & ~(VM_UFFD_MISSING | VM_UFFD_WP);
798 prev = vma_merge(mm, prev, start, vma_end, new_flags,
799 vma->anon_vma, vma->vm_file, vma->vm_pgoff,
806 if (vma->vm_start < start) {
807 ret = split_vma(mm, vma, start, 1);
811 if (vma->vm_end > end) {
812 ret = split_vma(mm, vma, end, 0);
818 * In the vma_merge() successful mprotect-like case 8:
819 * the next vma was merged into the current one and
820 * the current one has not been updated yet.
822 vma->vm_flags = new_flags;
823 vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX;
829 } while (vma && vma->vm_start < end);
831 up_write(&mm->mmap_sem);
837 * This is mostly needed to re-wakeup those userfaults that were still
838 * pending when userland wake them up the first time. We don't wake
839 * the pending one to avoid blocking reads to block, or non blocking
840 * read to return -EAGAIN, if used with POLLIN, to avoid userland
841 * doubts on why POLLIN wasn't reliable.
843 static int userfaultfd_wake(struct userfaultfd_ctx *ctx,
847 struct uffdio_range uffdio_wake;
848 struct userfaultfd_wake_range range;
849 const void __user *buf = (void __user *)arg;
852 if (copy_from_user(&uffdio_wake, buf, sizeof(uffdio_wake)))
855 ret = validate_range(ctx->mm, uffdio_wake.start, uffdio_wake.len);
859 range.start = uffdio_wake.start;
860 range.len = uffdio_wake.len;
863 * len == 0 means wake all and we don't want to wake all here,
864 * so check it again to be sure.
866 VM_BUG_ON(!range.len);
868 wake_userfault(ctx, &range);
876 * userland asks for a certain API version and we return which bits
877 * and ioctl commands are implemented in this kernel for such API
878 * version or -EINVAL if unknown.
880 static int userfaultfd_api(struct userfaultfd_ctx *ctx,
883 struct uffdio_api uffdio_api;
884 void __user *buf = (void __user *)arg;
888 if (ctx->state != UFFD_STATE_WAIT_API)
891 if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api)))
893 if (uffdio_api.api != UFFD_API || uffdio_api.features) {
894 memset(&uffdio_api, 0, sizeof(uffdio_api));
895 if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))
900 uffdio_api.features = UFFD_API_FEATURES;
901 uffdio_api.ioctls = UFFD_API_IOCTLS;
903 if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api)))
905 ctx->state = UFFD_STATE_RUNNING;
911 static long userfaultfd_ioctl(struct file *file, unsigned cmd,
915 struct userfaultfd_ctx *ctx = file->private_data;
919 ret = userfaultfd_api(ctx, arg);
921 case UFFDIO_REGISTER:
922 ret = userfaultfd_register(ctx, arg);
924 case UFFDIO_UNREGISTER:
925 ret = userfaultfd_unregister(ctx, arg);
928 ret = userfaultfd_wake(ctx, arg);
934 #ifdef CONFIG_PROC_FS
935 static void userfaultfd_show_fdinfo(struct seq_file *m, struct file *f)
937 struct userfaultfd_ctx *ctx = f->private_data;
939 struct userfaultfd_wait_queue *uwq;
940 unsigned long pending = 0, total = 0;
942 spin_lock(&ctx->fault_wqh.lock);
943 list_for_each_entry(wq, &ctx->fault_wqh.task_list, task_list) {
944 uwq = container_of(wq, struct userfaultfd_wait_queue, wq);
949 spin_unlock(&ctx->fault_wqh.lock);
952 * If more protocols will be added, there will be all shown
953 * separated by a space. Like this:
954 * protocols: aa:... bb:...
956 seq_printf(m, "pending:\t%lu\ntotal:\t%lu\nAPI:\t%Lx:%x:%Lx\n",
957 pending, total, UFFD_API, UFFD_API_FEATURES,
958 UFFD_API_IOCTLS|UFFD_API_RANGE_IOCTLS);
962 static const struct file_operations userfaultfd_fops = {
963 #ifdef CONFIG_PROC_FS
964 .show_fdinfo = userfaultfd_show_fdinfo,
966 .release = userfaultfd_release,
967 .poll = userfaultfd_poll,
968 .read = userfaultfd_read,
969 .unlocked_ioctl = userfaultfd_ioctl,
970 .compat_ioctl = userfaultfd_ioctl,
971 .llseek = noop_llseek,
975 * userfaultfd_file_create - Creates an userfaultfd file pointer.
976 * @flags: Flags for the userfaultfd file.
978 * This function creates an userfaultfd file pointer, w/out installing
979 * it into the fd table. This is useful when the userfaultfd file is
980 * used during the initialization of data structures that require
981 * extra setup after the userfaultfd creation. So the userfaultfd
982 * creation is split into the file pointer creation phase, and the
983 * file descriptor installation phase. In this way races with
984 * userspace closing the newly installed file descriptor can be
985 * avoided. Returns an userfaultfd file pointer, or a proper error
988 static struct file *userfaultfd_file_create(int flags)
991 struct userfaultfd_ctx *ctx;
993 BUG_ON(!current->mm);
995 /* Check the UFFD_* constants for consistency. */
996 BUILD_BUG_ON(UFFD_CLOEXEC != O_CLOEXEC);
997 BUILD_BUG_ON(UFFD_NONBLOCK != O_NONBLOCK);
999 file = ERR_PTR(-EINVAL);
1000 if (flags & ~UFFD_SHARED_FCNTL_FLAGS)
1003 file = ERR_PTR(-ENOMEM);
1004 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
1008 atomic_set(&ctx->refcount, 1);
1009 init_waitqueue_head(&ctx->fault_wqh);
1010 init_waitqueue_head(&ctx->fd_wqh);
1012 ctx->state = UFFD_STATE_WAIT_API;
1013 ctx->released = false;
1014 ctx->mm = current->mm;
1015 /* prevent the mm struct to be freed */
1016 atomic_inc(&ctx->mm->mm_users);
1018 file = anon_inode_getfile("[userfaultfd]", &userfaultfd_fops, ctx,
1019 O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
1026 SYSCALL_DEFINE1(userfaultfd, int, flags)
1031 error = get_unused_fd_flags(flags & UFFD_SHARED_FCNTL_FLAGS);
1036 file = userfaultfd_file_create(flags);
1038 error = PTR_ERR(file);
1039 goto err_put_unused_fd;
1041 fd_install(fd, file);
projects / cascardo / linux.git / blob