Re: [PATCH v4 12/14] userfaultfd: add UFFDIO_SET_MODE for runtime sync/async toggle

Next message: Jan Kara: "Re: [PATCH] jbd2: update outdated comment for jbd2_journal_try_to_free_buffers()"
Previous message: Rafael J. Wysocki: "Re: [PATCH v1 02/17] ACPI: NFIT: core: Use devm_acpi_install_notify_handler()"
In reply to: Kiryl Shutsemau (Meta): "[PATCH v4 12/14] userfaultfd: add UFFDIO_SET_MODE for runtime sync/async toggle"
Next in thread: Kiryl Shutsemau (Meta): "[PATCH v4 05/14] mm: add MM_CP_UFFD_RWP change_protection() flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kiryl Shutsemau

Date: Mon May 25 2026 - 11:45:18 EST

On Mon, May 25, 2026 at 12:42:20PM +0000, sashiko-bot@xxxxxxxxxx wrote:
> Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
> - [High] The userfaultfd_set_mode function iterates over an external mm_struct's VMAs without verifying address space stability.

Pre-existing pattern across UFFD ioctls -- userfaultfd_register(),
userfaultfd_unregister(), userfaultfd_rwprotect() all iterate VMAs
after mmget_not_zero() + mmap_write_lock() without
check_stable_address_space().

If the XA_ZERO_ENTRY hazard is real, it applies to all of those too;
leave as a separate audit follow-up.

> - [Low] Lockless read of ctx->features races with its own WRITE_ONCE
> update, causing a data race.

Will be fixed in v5:

- !(ctx->features & UFFD_FEATURE_RWP))
+ !(userfaultfd_features(ctx) & UFFD_FEATURE_RWP))

> --
> Sashiko AI review · https://sashiko.dev/#/patchset/20260525113737.1942478-1-kas@xxxxxxxxxx?part=12

--
Kiryl Shutsemau / Kirill A. Shutemov