userfaultfd: refuse to __mfill_atomic_pte() for unsupported VMAs

__mfill_atomic_pte() unconditionally dereferences ops because there is an assumption that VMAs that can undergo mfill_* operations are vetted on registration and must have valid vm_uffd_ops. Add a guard against potential bugs and make sure __mfill_atomic_pte() bails out if ops is NULL. Link: https://lore.kernel.org/20260527184751.4147364-3-rppt@kernel.org Fixes: ad9ac3081332 ("userfaultfd: introduce vm_uffd_ops->alloc_folio()") Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org> Suggested-by: Lorenzo Stoakes <ljs@kernel.org> Reviewed-by: Lorenzo Stoakes <ljs@kernel.org> Reviewed-by: David CARLIER <devnexen@gmail.com> Cc: David Hildenbrand <david@kernel.org> Cc: Liam R. Howlett <liam@infradead.org> Cc: Michael Bommarito <michael.bommarito@gmail.com> Cc: Peter Xu <peterx@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
author: Mike Rapoport (Microsoft) <rppt@kernel.org> 2026-05-27 21:47:50 +0300
committer: Andrew Morton <akpm@linux-foundation.org> 2026-05-31 21:50:25 -0700
commit: df3ee3b3bbc327f570c5451666bbaf6cf8b4436a (patch)
tree: 6812fc3cae9d84e6872d58b6e97d14815f23f088
parent: 85668fda932a5b8f15f649cf06411525a0e4c8ec (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
index e5d2fb3ce2c1..2872c71bbf36 100644
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -552,6 +552,11 @@ static int __mfill_atomic_pte(struct mfill_state *state,
 	struct folio *folio;
 	int ret;
 
+	if (!ops) {
+		VM_WARN_ONCE(1, "UFFDIO_COPY for unsupported VMA");
+		return -EOPNOTSUPP;
+	}
+
 	folio = ops->alloc_folio(state->vma, state->dst_addr);
 	if (!folio)
 		return -ENOMEM;
author	Mike Rapoport (Microsoft) <rppt@kernel.org>	2026-05-27 21:47:50 +0300
committer	Andrew Morton <akpm@linux-foundation.org>	2026-05-31 21:50:25 -0700
commit	df3ee3b3bbc327f570c5451666bbaf6cf8b4436a (patch)
tree	6812fc3cae9d84e6872d58b6e97d14815f23f088
parent	85668fda932a5b8f15f649cf06411525a0e4c8ec (diff)