ANDROID: userfaultfd: add MOVE ioctl mode to confirm bug-fixes

Following issues were reported in the MOVE ioctl: 1. Panic when trying to move a source page which is in swap-cache [1] 2. Livelock when multiple threads try to move the same source page [2] Three patches have been upstreamed to fix these issues [3, 4, 5] MOVE ioctl was backported to ACK 6.1 and 6.6 for ART GC to use it [6]. Therefore, on these kernels in order to be able to identify in the userspace if the fixes are included, this mode is added. NOTE: UFFDIO_MOVE_MODE_CONFIRM_FIXED mode is only for 6.1 and 6.6 kernels, and will go away afterwards. [1] https://lore.kernel.org/linux-mm/20250219112519.92853-1-21cnbao@gmail.com/ [2] https://github.com/lokeshgidra/uffd_move_ioctl_deadlock [3] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=c50f8e6053b0503375c2975bf47f182445aebb4c [4] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=37b338eed10581784e854d4262da05c8d960c748 [5] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=927e926d72d9155fde3264459fe9bfd7b5e40d28 [6] b/274911254 Bug: 401790618 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:9bcabbda673adcfd8fbbfc2cdd2f738830ae385d) Merged-In: Ibd854ec7ac9ae6a2ca416767d032b6c71f1bc688 Change-Id: Ibd854ec7ac9ae6a2ca416767d032b6c71f1bc688 Bug: 402617944

ANDROID: userfaultfd: add MOVE ioctl mode to confirm bug-fixes
Following issues were reported in the MOVE ioctl: 1. Panic when trying to move a source page which is in swap-cache [1] 2. Livelock when multiple threads try to move the same source page [2] Three patches have been upstreamed to fix these issues [3, 4, 5] MOVE ioctl was backported to ACK 6.1 and 6.6 for ART GC to use it [6]. Therefore, on these kernels in order to be able to identify in the userspace if the fixes are included, this mode is added. NOTE: UFFDIO_MOVE_MODE_CONFIRM_FIXED mode is only for 6.1 and 6.6 kernels, and will go away afterwards. [1] https://lore.kernel.org/linux-mm/20250219112519.92853-1-21cnbao@gmail.com/ [2] https://github.com/lokeshgidra/uffd_move_ioctl_deadlock [3] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=c50f8e6053b0503375c2975bf47f182445aebb4c [4] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=37b338eed10581784e854d4262da05c8d960c748 [5] https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-stable&id=927e926d72d9155fde3264459fe9bfd7b5e40d28 [6] b/274911254 Bug: 401790618 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:9bcabbda673adcfd8fbbfc2cdd2f738830ae385d) Merged-In: Ibd854ec7ac9ae6a2ca416767d032b6c71f1bc688 Change-Id: Ibd854ec7ac9ae6a2ca416767d032b6c71f1bc688 Bug: 402617944
8d713f9e · Lokesh Gidra · edc5d365 · 8d713f9e · 8d713f9e
Commit 8d713f9e authored 1 week ago by Lokesh Gidra
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1942,7 +1942,8 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx,
 		return ret;

 	if (uffdio_move.mode & ~(UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES|
-				  UFFDIO_MOVE_MODE_DONTWAKE))
+				  UFFDIO_MOVE_MODE_DONTWAKE|
+				  UFFDIO_MOVE_MODE_CONFIRM_FIXED))
 		return -EINVAL;

 	if (mmget_not_zero(mm)) {

--- a/include/uapi/linux/userfaultfd.h
+++ b/include/uapi/linux/userfaultfd.h
@@ -325,6 +325,13 @@ struct uffdio_move {
 	 */
 #define UFFDIO_MOVE_MODE_DONTWAKE		((__u64)1<<0)
 #define UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES	((__u64)1<<1)
+	/*
+	 * To confirm if the ioctl has fixes to avoid panic when src folio is
+	 * in swap-cache. Also, to avoid livelock when multiple threads try
+	 * to move same src folio. It's a KMI workaround and cannot be relied
+	 * upon by userspace.
+	 */
+#define UFFDIO_MOVE_MODE_CONFIRM_FIXED		((__u64)1<<63)
 	__u64 mode;
 	/*
 	 * "move" is written by the ioctl and must be at the end: the