From: Jason Gunthorpe <jgg@xxxxxxxxxxxx> The hmm_range_fault() flow is fairly complicated. The scheme allows the caller to specify if it needs a usable result for each page, or if it only needs the current page table status filled in. This mixture of behavior is useful for a caller that wants to build a 'prefetch around fault' algorithm. Although we have no in-tree users of this capability, I am working on having RDMA ODP work in this manner, and removing these bugs from hmm_range_fault() is a necessary step. The basic principles are: - If the caller did not ask for a VA to be valid then hmm_range_fault() should not fail because of that VA - If 0 is returned from hmm_range_fault() then the entire pfns array contains valid data - HMM_PFN_ERROR is set if faulting fails, or if asking for faulting would fail - A 0 return from hmm_range_fault() does not have HMM_PFN_ERROR in any VA's the caller asked to be valid This series does not get there completely, I have a followup series closing some more complex cases. I tested this series using Ralph's hmm tester he posted a while back, other testing would be appreciated. Jason Gunthorpe (8): mm/hmm: add missing unmaps of the ptep during hmm_vma_handle_pte() mm/hmm: don't free the cached pgmap while scanning mm/hmm: do not call hmm_vma_walk_hole() while holding a spinlock mm/hmm: add missing pfns set to hmm_vma_walk_pmd() mm/hmm: add missing call to hmm_range_need_fault() before returning EFAULT mm/hmm: reorganize how !pte_present is handled in hmm_vma_handle_pte() mm/hmm: return -EFAULT when setting HMM_PFN_ERROR on requested valid pages mm/hmm: add missing call to hmm_pte_need_fault in HMM_PFN_SPECIAL handling mm/hmm.c | 166 ++++++++++++++++++++++++++----------------------------- 1 file changed, 79 insertions(+), 87 deletions(-) -- 2.25.1