* [PATCH v2 1/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev
2026-04-08 14:54 [PATCH v2 0/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev Alban Crequy
@ 2026-04-08 14:54 ` Alban Crequy
2026-04-08 14:54 ` [PATCH v2 2/2] selftests/mm: add tests for process_vm_readv flags Alban Crequy
1 sibling, 0 replies; 3+ messages in thread
From: Alban Crequy @ 2026-04-08 14:54 UTC (permalink / raw)
To: Andrew Morton, David Hildenbrand, Christian Brauner
Cc: Lorenzo Stoakes, Liam R . Howlett, Vlastimil Babka,
Mike Rapoport, Suren Baghdasaryan, Michal Hocko, linux-kernel,
linux-mm, Alban Crequy, Alban Crequy, Peter Xu, Willy Tarreau,
linux-kselftest, shuah
From: Alban Crequy <albancrequy@microsoft.com>
There are two categories of users for process_vm_readv:
1. Debuggers like GDB or strace.
When a debugger attempts to read the target memory and triggers a
page fault, the page fault needs to be resolved so that the debugger
can accurately interpret the memory. A debugger is typically attached
to a single process.
2. Profilers like OpenTelemetry eBPF Profiler.
The profiler uses a perf event to get stack traces from all
processes at 20Hz (20 stack traces to resolve per second). For
interpreted languages (Ruby, Python, etc.), the profiler uses
process_vm_readv to get the correct symbols. In this case,
performance is the most important. It is fine if some stack traces
cannot be resolved as long as it is not statistically significant.
The current behaviour of process_vm_readv is to resolve page faults in
the target VM. This is as desired for debuggers, but unwelcome for
profilers because the page fault resolution could take a lot of time
depending on the backing filesystem. Additionally, since profilers
monitor all processes, we don't want a slow page fault resolution for
one target process slowing down the monitoring for all other target
processes.
This patch adds the flag PROCESS_VM_NOWAIT, so the caller can choose to
not block on IO if the memory access causes a page fault.
Additionally, this patch adds the flag PROCESS_VM_PIDFD to refer to the
remote process via PID file descriptor instead of PID. Such a file
descriptor can be obtained with pidfd_open(2). This is useful to avoid
the pid number being reused. It is unlikely to happen for debuggers
because they can monitor the target process termination in other ways
(ptrace), but can be helpful in some profiling scenarios.
If a given flag is unsupported, the syscall returns the error EINVAL
without checking the buffers. This gives a way to userspace to detect
whether the current kernel supports a specific flag:
process_vm_readv(pid, NULL, 1, NULL, 1, PROCESS_VM_PIDFD)
-> EINVAL if the kernel does not support the flag PROCESS_VM_PIDFD
(before this patch)
-> EFAULT if the kernel supports the flag (after this patch)
Signed-off-by: Alban Crequy <albancrequy@microsoft.com>
---
v2:
- Expand commit message with use-case motivation (David Hildenbrand)
- Use unsigned long consistently for pvm_flags parameter (David Hildenbrand)
- Add PROCESS_VM_SUPPORTED_FLAGS kernel-internal define (David Hildenbrand)
- Keep (1UL << N) in UAPI header: BIT() is defined in vdso/bits.h
which is not exported to userspace, so UAPI headers using BIT() would
break when included from userspace programs (David Hildenbrand)
MAINTAINERS | 1 +
include/uapi/linux/process_vm.h | 9 +++++++++
mm/process_vm_access.c | 24 ++++++++++++++++++------
3 files changed, 28 insertions(+), 6 deletions(-)
create mode 100644 include/uapi/linux/process_vm.h
diff --git a/MAINTAINERS b/MAINTAINERS
index c3fe46d7c4bc..f7168c5d7acc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -16678,6 +16678,7 @@ F: include/linux/pgtable.h
F: include/linux/ptdump.h
F: include/linux/vmpressure.h
F: include/linux/vmstat.h
+F: include/uapi/linux/process_vm.h
F: kernel/fork.c
F: mm/Kconfig
F: mm/debug.c
diff --git a/include/uapi/linux/process_vm.h b/include/uapi/linux/process_vm.h
new file mode 100644
index 000000000000..4168e09f3f4e
--- /dev/null
+++ b/include/uapi/linux/process_vm.h
@@ -0,0 +1,9 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _UAPI_LINUX_PROCESS_VM_H
+#define _UAPI_LINUX_PROCESS_VM_H
+
+/* Flags for process_vm_readv/process_vm_writev */
+#define PROCESS_VM_PIDFD (1UL << 0)
+#define PROCESS_VM_NOWAIT (1UL << 1)
+
+#endif /* _UAPI_LINUX_PROCESS_VM_H */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
index 656d3e88755b..c6a25e9993e1 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -14,6 +14,9 @@
#include <linux/ptrace.h>
#include <linux/slab.h>
#include <linux/syscalls.h>
+#include <linux/process_vm.h>
+
+#define PROCESS_VM_SUPPORTED_FLAGS (PROCESS_VM_PIDFD | PROCESS_VM_NOWAIT)
/**
* process_vm_rw_pages - read/write pages from task specified
@@ -68,6 +71,7 @@ static int process_vm_rw_pages(struct page **pages,
* @mm: mm for task
* @task: task to read/write from
* @vm_write: 0 means copy from, 1 means copy to
+ * @pvm_flags: PROCESS_VM_* flags
* Returns 0 on success or on failure error code
*/
static int process_vm_rw_single_vec(unsigned long addr,
@@ -76,7 +80,8 @@ static int process_vm_rw_single_vec(unsigned long addr,
struct page **process_pages,
struct mm_struct *mm,
struct task_struct *task,
- int vm_write)
+ int vm_write,
+ unsigned long pvm_flags)
{
unsigned long pa = addr & PAGE_MASK;
unsigned long start_offset = addr - pa;
@@ -91,6 +96,8 @@ static int process_vm_rw_single_vec(unsigned long addr,
if (vm_write)
flags |= FOLL_WRITE;
+ if (pvm_flags & PROCESS_VM_NOWAIT)
+ flags |= FOLL_NOWAIT;
while (!rc && nr_pages && iov_iter_count(iter)) {
int pinned_pages = min_t(unsigned long, nr_pages, PVM_MAX_USER_PAGES);
@@ -141,7 +148,7 @@ static int process_vm_rw_single_vec(unsigned long addr,
* @iter: where to copy to/from locally
* @rvec: iovec array specifying where to copy to/from in the other process
* @riovcnt: size of rvec array
- * @flags: currently unused
+ * @flags: process_vm_readv/writev flags
* @vm_write: 0 if reading from other process, 1 if writing to other process
*
* Returns the number of bytes read/written or error code. May
@@ -163,6 +170,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
unsigned long nr_pages_iov;
ssize_t iov_len;
size_t total_len = iov_iter_count(iter);
+ unsigned int f_flags;
/*
* Work out how many pages of struct pages we're going to need
@@ -194,7 +202,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
}
/* Get process information */
- task = find_get_task_by_vpid(pid);
+ if (flags & PROCESS_VM_PIDFD)
+ task = pidfd_get_task(pid, &f_flags);
+ else
+ task = find_get_task_by_vpid(pid);
+
if (!task) {
rc = -ESRCH;
goto free_proc_pages;
@@ -215,7 +227,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
for (i = 0; i < riovcnt && iov_iter_count(iter) && !rc; i++)
rc = process_vm_rw_single_vec(
(unsigned long)rvec[i].iov_base, rvec[i].iov_len,
- iter, process_pages, mm, task, vm_write);
+ iter, process_pages, mm, task, vm_write, flags);
/* copied = space before - space after */
total_len -= iov_iter_count(iter);
@@ -244,7 +256,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
* @liovcnt: size of lvec array
* @rvec: iovec array specifying where to copy to/from in the other process
* @riovcnt: size of rvec array
- * @flags: currently unused
+ * @flags: process_vm_readv/writev flags
* @vm_write: 0 if reading from other process, 1 if writing to other process
*
* Returns the number of bytes read/written or error code. May
@@ -266,7 +278,7 @@ static ssize_t process_vm_rw(pid_t pid,
ssize_t rc;
int dir = vm_write ? ITER_SOURCE : ITER_DEST;
- if (flags != 0)
+ if (flags & ~PROCESS_VM_SUPPORTED_FLAGS)
return -EINVAL;
/* Check iovecs */
--
2.45.0
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH v2 2/2] selftests/mm: add tests for process_vm_readv flags
2026-04-08 14:54 [PATCH v2 0/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev Alban Crequy
2026-04-08 14:54 ` [PATCH v2 1/2] " Alban Crequy
@ 2026-04-08 14:54 ` Alban Crequy
1 sibling, 0 replies; 3+ messages in thread
From: Alban Crequy @ 2026-04-08 14:54 UTC (permalink / raw)
To: Andrew Morton, David Hildenbrand, Christian Brauner
Cc: Lorenzo Stoakes, Liam R . Howlett, Vlastimil Babka,
Mike Rapoport, Suren Baghdasaryan, Michal Hocko, linux-kernel,
linux-mm, Alban Crequy, Alban Crequy, Peter Xu, Willy Tarreau,
linux-kselftest, shuah
From: Alban Crequy <albancrequy@microsoft.com>
Add selftests for the PROCESS_VM_PIDFD and PROCESS_VM_NOWAIT flags
introduced in process_vm_readv/writev.
Tests cover:
- basic read with no flags
- invalid flags (EINVAL)
- invalid address (EFAULT)
- flag validation precedence over address validation
- PROCESS_VM_PIDFD: read via pidfd
- PROCESS_VM_NOWAIT: read from resident memory
- PROCESS_VM_PIDFD | PROCESS_VM_NOWAIT combined
- userfaultfd blocking read (no flags)
- PROCESS_VM_NOWAIT with userfaultfd (non-blocking, returns EFAULT)
Signed-off-by: Alban Crequy <albancrequy@microsoft.com>
---
New in v2.
tools/testing/selftests/mm/Makefile | 1 +
tools/testing/selftests/mm/process_vm_readv.c | 368 ++++++++++++++++++
2 files changed, 369 insertions(+)
create mode 100644 tools/testing/selftests/mm/process_vm_readv.c
diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile
index 7a5de4e9bf52..056d9d961f6b 100644
--- a/tools/testing/selftests/mm/Makefile
+++ b/tools/testing/selftests/mm/Makefile
@@ -105,6 +105,7 @@ TEST_GEN_FILES += droppable
TEST_GEN_FILES += guard-regions
TEST_GEN_FILES += merge
TEST_GEN_FILES += rmap
+TEST_GEN_FILES += process_vm_readv
ifneq ($(ARCH),arm64)
TEST_GEN_FILES += soft-dirty
diff --git a/tools/testing/selftests/mm/process_vm_readv.c b/tools/testing/selftests/mm/process_vm_readv.c
new file mode 100644
index 000000000000..cc25471410b5
--- /dev/null
+++ b/tools/testing/selftests/mm/process_vm_readv.c
@@ -0,0 +1,368 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#define _GNU_SOURCE
+#include <errno.h>
+#include <fcntl.h>
+#include <poll.h>
+#include <pthread.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/syscall.h>
+#include <sys/uio.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <linux/userfaultfd.h>
+
+#include "kselftest_harness.h"
+
+#ifndef PROCESS_VM_PIDFD
+#define PROCESS_VM_PIDFD (1UL << 0)
+#endif
+
+#ifndef PROCESS_VM_NOWAIT
+#define PROCESS_VM_NOWAIT (1UL << 1)
+#endif
+
+#ifndef __NR_pidfd_open
+#define __NR_pidfd_open 434
+#endif
+
+static int sys_pidfd_open(pid_t pid, unsigned int flags)
+{
+ return syscall(__NR_pidfd_open, pid, flags);
+}
+
+static const uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08 };
+#define POISON_BYTE 0xCC
+
+/*
+ * Test: basic process_vm_readv with no flags
+ */
+TEST(read_basic)
+{
+ uint8_t buf[sizeof(test_data)];
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = {
+ .iov_base = (void *)test_data,
+ .iov_len = sizeof(test_data)
+ };
+ ssize_t n;
+
+ memset(buf, POISON_BYTE, sizeof(buf));
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1, 0);
+ ASSERT_EQ(sizeof(test_data), n);
+ ASSERT_EQ(0, memcmp(buf, test_data, sizeof(test_data)));
+}
+
+/*
+ * Test: invalid flags should return EINVAL
+ */
+TEST(read_invalid_flags)
+{
+ uint8_t buf[8] = { 0 };
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = {
+ .iov_base = (void *)test_data,
+ .iov_len = sizeof(test_data)
+ };
+ ssize_t n;
+
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1, 255);
+ ASSERT_EQ(-1, n);
+ ASSERT_EQ(EINVAL, errno);
+}
+
+/*
+ * Test: invalid address should return EFAULT
+ */
+TEST(read_invalid_address)
+{
+ uint8_t buf[8] = { 0 };
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = { .iov_base = NULL, .iov_len = 8 };
+ ssize_t n;
+
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1, 0);
+ ASSERT_EQ(-1, n);
+ ASSERT_EQ(EFAULT, errno);
+}
+
+/*
+ * Test: invalid address with invalid flags should return EINVAL
+ * (flag check happens before address validation)
+ */
+TEST(read_invalid_address_invalid_flags)
+{
+ uint8_t buf[8] = { 0 };
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = { .iov_base = NULL, .iov_len = 8 };
+ ssize_t n;
+
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1, 255);
+ ASSERT_EQ(-1, n);
+ ASSERT_EQ(EINVAL, errno);
+}
+
+/*
+ * Test: invalid address with all valid flags should return EFAULT
+ * (flags are valid so we get past the flag check to the address check)
+ */
+TEST(read_invalid_address_all_valid_flags)
+{
+ int pidfd;
+ struct iovec local_iov = { .iov_base = NULL, .iov_len = 8 };
+ struct iovec remote_iov = { .iov_base = NULL, .iov_len = 8 };
+ ssize_t n;
+
+ pidfd = sys_pidfd_open(getpid(), 0);
+ ASSERT_GE(pidfd, 0);
+
+ n = process_vm_readv(pidfd, &local_iov, 1, &remote_iov, 1,
+ PROCESS_VM_PIDFD | PROCESS_VM_NOWAIT);
+ ASSERT_EQ(-1, n);
+ ASSERT_EQ(EFAULT, errno);
+
+ close(pidfd);
+}
+
+/*
+ * Test: read with PIDFD flag
+ */
+TEST(read_pidfd)
+{
+ uint8_t buf[sizeof(test_data)];
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = {
+ .iov_base = (void *)test_data,
+ .iov_len = sizeof(test_data)
+ };
+ ssize_t n;
+ int pidfd;
+
+ memset(buf, POISON_BYTE, sizeof(buf));
+ pidfd = sys_pidfd_open(getpid(), 0);
+ ASSERT_GE(pidfd, 0);
+
+ n = process_vm_readv(pidfd, &local_iov, 1, &remote_iov, 1,
+ PROCESS_VM_PIDFD);
+ ASSERT_EQ(sizeof(test_data), n);
+ ASSERT_EQ(0, memcmp(buf, test_data, sizeof(test_data)));
+
+ close(pidfd);
+}
+
+/*
+ * Test: read with NOWAIT from resident memory (should succeed)
+ */
+TEST(read_nowait_resident)
+{
+ uint8_t buf[sizeof(test_data)];
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = {
+ .iov_base = (void *)test_data,
+ .iov_len = sizeof(test_data)
+ };
+ ssize_t n;
+
+ memset(buf, POISON_BYTE, sizeof(buf));
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1,
+ PROCESS_VM_NOWAIT);
+ ASSERT_EQ(sizeof(test_data), n);
+ ASSERT_EQ(0, memcmp(buf, test_data, sizeof(test_data)));
+}
+
+/*
+ * Test: read with PIDFD + NOWAIT from resident memory
+ */
+TEST(read_pidfd_nowait_resident)
+{
+ uint8_t buf[sizeof(test_data)];
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov = {
+ .iov_base = (void *)test_data,
+ .iov_len = sizeof(test_data)
+ };
+ ssize_t n;
+ int pidfd;
+
+ memset(buf, POISON_BYTE, sizeof(buf));
+ pidfd = sys_pidfd_open(getpid(), 0);
+ ASSERT_GE(pidfd, 0);
+
+ n = process_vm_readv(pidfd, &local_iov, 1, &remote_iov, 1,
+ PROCESS_VM_PIDFD | PROCESS_VM_NOWAIT);
+ ASSERT_EQ(sizeof(test_data), n);
+ ASSERT_EQ(0, memcmp(buf, test_data, sizeof(test_data)));
+
+ close(pidfd);
+}
+
+/*
+ * Userfaultfd helpers for NOWAIT tests
+ */
+static int setup_userfaultfd(void)
+{
+ struct uffdio_api api = { .api = UFFD_API };
+ int uffd;
+
+ uffd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK);
+ if (uffd < 0)
+ return -1;
+
+ if (ioctl(uffd, UFFDIO_API, &api)) {
+ close(uffd);
+ return -1;
+ }
+
+ return uffd;
+}
+
+static void *register_uffd_region(int uffd, size_t size)
+{
+ struct uffdio_register reg;
+ void *mem;
+
+ mem = mmap(NULL, size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ if (mem == MAP_FAILED)
+ return NULL;
+
+ reg.range.start = (unsigned long)mem;
+ reg.range.len = size;
+ reg.mode = UFFDIO_REGISTER_MODE_MISSING;
+ if (ioctl(uffd, UFFDIO_REGISTER, ®)) {
+ munmap(mem, size);
+ return NULL;
+ }
+
+ return mem;
+}
+
+struct uffd_handler_args {
+ int uffd;
+ const void *content;
+ size_t content_len;
+};
+
+static void *uffd_handler_thread(void *arg)
+{
+ struct uffd_handler_args *ha = arg;
+ struct uffd_msg msg;
+ struct uffdio_copy copy;
+ struct pollfd pfd = {
+ .fd = ha->uffd,
+ .events = POLLIN
+ };
+ void *page;
+ long page_size = sysconf(_SC_PAGESIZE);
+ int ret;
+
+ page = mmap(NULL, page_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ if (page == MAP_FAILED)
+ return (void *)(long)-ENOMEM;
+
+ memcpy(page, ha->content, ha->content_len);
+
+ ret = poll(&pfd, 1, 5000);
+ if (ret <= 0)
+ goto out;
+
+ if (read(ha->uffd, &msg, sizeof(msg)) != sizeof(msg))
+ goto out;
+
+ if (msg.event != UFFD_EVENT_PAGEFAULT)
+ goto out;
+
+ copy.dst = msg.arg.pagefault.address & ~(page_size - 1);
+ copy.src = (unsigned long)page;
+ copy.len = page_size;
+ copy.mode = 0;
+ ioctl(ha->uffd, UFFDIO_COPY, ©);
+
+out:
+ munmap(page, page_size);
+ return NULL;
+}
+
+/*
+ * Test: read from userfaultfd-registered memory (no flags, should block
+ * until page fault is resolved by handler thread)
+ */
+TEST(read_userfaultfd_blocking)
+{
+ int uffd;
+ void *mem;
+ long page_size = sysconf(_SC_PAGESIZE);
+ uint8_t buf[sizeof(test_data)];
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov;
+ struct uffd_handler_args ha;
+ pthread_t handler;
+ ssize_t n;
+
+ memset(buf, POISON_BYTE, sizeof(buf));
+
+ uffd = setup_userfaultfd();
+ ASSERT_GE(uffd, 0);
+
+ mem = register_uffd_region(uffd, page_size);
+ ASSERT_NE(NULL, mem);
+
+ ha.uffd = uffd;
+ ha.content = test_data;
+ ha.content_len = sizeof(test_data);
+ ASSERT_EQ(0, pthread_create(&handler, NULL, uffd_handler_thread, &ha));
+
+ remote_iov.iov_base = mem;
+ remote_iov.iov_len = sizeof(test_data);
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1, 0);
+ ASSERT_EQ(sizeof(test_data), n);
+ ASSERT_EQ(0, memcmp(buf, test_data, sizeof(test_data)));
+
+ pthread_join(handler, NULL);
+ munmap(mem, page_size);
+ close(uffd);
+}
+
+/*
+ * Test: read with NOWAIT from userfaultfd-registered memory that has
+ * not been faulted in yet. Should return EFAULT (not block).
+ */
+TEST(read_nowait_userfaultfd)
+{
+ int uffd;
+ void *mem;
+ long page_size = sysconf(_SC_PAGESIZE);
+ uint8_t buf[sizeof(test_data)] = { 0 };
+ struct iovec local_iov = { .iov_base = buf, .iov_len = sizeof(buf) };
+ struct iovec remote_iov;
+ ssize_t n;
+
+ uffd = setup_userfaultfd();
+ ASSERT_GE(uffd, 0);
+
+ mem = register_uffd_region(uffd, page_size);
+ ASSERT_NE(NULL, mem);
+
+ /* Ensure the page is not present */
+ madvise(mem, page_size, MADV_DONTNEED);
+
+ remote_iov.iov_base = mem;
+ remote_iov.iov_len = sizeof(test_data);
+ n = process_vm_readv(getpid(), &local_iov, 1, &remote_iov, 1,
+ PROCESS_VM_NOWAIT);
+ ASSERT_EQ(-1, n);
+ ASSERT_EQ(EFAULT, errno);
+
+ munmap(mem, page_size);
+ close(uffd);
+}
+
+TEST_HARNESS_MAIN
--
2.45.0
^ permalink raw reply [flat|nested] 3+ messages in thread