Remove support for userfaultfd (#4040)

This commit removes support for the `userfaultfd` or "uffd" syscall on
Linux. This support was originally added for users migrating from Lucet
to Wasmtime, but the recent developments of kernel-supported
copy-on-write support for memory initialization wound up being more
appropriate for these use cases than usefaultfd. The main reason for
moving to copy-on-write initialization are:

* The `userfaultfd` feature was never necessarily intended for this
  style of use case with wasm and was susceptible to subtle and rare
  bugs that were extremely difficult to track down. We were never 100%
  certain that there were kernel bugs related to userfaultfd but the
  suspicion never went away.

* Handling faults with userfaultfd was always slow and single-threaded.
  Only one thread could handle faults and traveling to user-space to
  handle faults is inherently slower than handling them all in the
  kernel. The single-threaded aspect in particular presented a
  significant scaling bottleneck for embeddings that want to run many
  wasm instances in parallel.

* One of the major benefits of userfaultfd was lazy initialization of
  wasm linear memory which is also achieved with the copy-on-write
  initialization support we have right now.

* One of the suspected benefits of userfaultfd was less frobbing of the
  kernel vma structures when wasm modules are instantiated. Currently
  the copy-on-write support has a mitigation where we attempt to reuse
  the memory images where possible to avoid changing vma structures.
  When comparing this to userfaultfd's performance it was found that
  kernel modifications of vmas aren't a worrisome bottleneck so
  copy-on-write is suitable for this as well.

Overall there are no remaining benefits that userfaultfd gives that
copy-on-write doesn't, and copy-on-write solves a major downsides of
userfaultfd, the scaling issue with a single faulting thread.
Additionally copy-on-write support seems much more robust in terms of
kernel implementation since it's only using standard memory-management
syscalls which are heavily exercised. Finally copy-on-write support
provides a new bonus where read-only memory in WebAssembly can be mapped
directly to the same kernel cache page, even amongst many wasm instances
of the same module, which was never possible with userfaultfd.

In light of all this it's expected that all users of userfaultfd should
migrate to the copy-on-write initialization of Wasmtime (which is
enabled by default).

crates/runtime/src/memory.rs

@@ -276,11 +276,6 @@ pub enum Memory {
         /// The image management, if any, for this memory. Owned here and
         /// returned to the pooling allocator when termination occurs.
         memory_image: Option<MemoryImageSlot>,
-
-        /// Stores the pages in the linear memory that have faulted as guard pages when using the `uffd` feature.
-        /// These pages need their protection level reset before the memory can grow.
-        #[cfg(all(feature = "uffd", target_os = "linux"))]
-        guard_page_faults: Vec<(usize, usize, fn(*mut u8, usize) -> Result<()>)>,
     },
 
     /// A "dynamic" memory whose data is managed at runtime and lifetime is tied
@@ -340,8 +335,6 @@ impl Memory {
             size: minimum,
             make_accessible,
             memory_image,
-            #[cfg(all(feature = "uffd", target_os = "linux"))]
-            guard_page_faults: Vec::new(),
         })
     }
 
@@ -531,17 +524,6 @@ impl Memory {
             }
         }
 
-        #[cfg(all(feature = "uffd", target_os = "linux"))]
-        {
-            if self.is_static() {
-                // Reset any faulted guard pages before growing the memory.
-                if let Err(e) = self.reset_guard_pages() {
-                    store.memory_grow_failed(&e);
-                    return Ok(None);
-                }
-            }
-        }
-
         match self {
             Memory::Static {
                 base,
@@ -606,53 +588,6 @@ impl Memory {
             Memory::Dynamic(mem) => mem.vmmemory(),
         }
     }
-
-    /// Records a faulted guard page in a static memory.
-    ///
-    /// This is used to track faulted guard pages that need to be reset for the uffd feature.
-    ///
-    /// This function will panic if called on a dynamic memory.
-    #[cfg(all(feature = "uffd", target_os = "linux"))]
-    pub(crate) fn record_guard_page_fault(
-        &mut self,
-        page_addr: *mut u8,
-        size: usize,
-        reset: fn(*mut u8, usize) -> Result<()>,
-    ) {
-        match self {
-            Memory::Static {
-                guard_page_faults, ..
-            } => {
-                guard_page_faults.push((page_addr as usize, size, reset));
-            }
-            Memory::Dynamic(_) => {
-                unreachable!("dynamic memories should not have guard page faults")
-            }
-        }
-    }
-
-    /// Resets the previously faulted guard pages of a static memory.
-    ///
-    /// This is used to reset the protection of any guard pages that were previously faulted.
-    ///
-    /// This function will panic if called on a dynamic memory.
-    #[cfg(all(feature = "uffd", target_os = "linux"))]
-    pub(crate) fn reset_guard_pages(&mut self) -> Result<()> {
-        match self {
-            Memory::Static {
-                guard_page_faults, ..
-            } => {
-                for (addr, len, reset) in guard_page_faults.drain(..) {
-                    reset(addr as *mut u8, len)?;
-                }
-            }
-            Memory::Dynamic(_) => {
-                unreachable!("dynamic memories should not have guard page faults")
-            }
-        }
-
-        Ok(())
-    }
 }
 
 // The default memory representation is an empty memory that cannot grow.
@@ -663,8 +598,6 @@ impl Default for Memory {
             size: 0,
             make_accessible: Some(|_, _| unreachable!()),
             memory_image: None,
-            #[cfg(all(feature = "uffd", target_os = "linux"))]
-            guard_page_faults: Vec::new(),
         }
     }
 }