On Mon, May 25, 2026 at 12:42:20PM +0000, [email protected] wrote:
> Thank you for your contribution! Sashiko AI review found 2 potential issue(s)
> to consider:
> - [High] The userfaultfd_set_mode function iterates over an external
> mm_struct's VMAs without verifying address space stability.
Pre-existing pattern across UFFD ioctls -- userfaultfd_register(),
userfaultfd_unregister(), userfaultfd_rwprotect() all iterate VMAs
after mmget_not_zero() + mmap_write_lock() without
check_stable_address_space().
If the XA_ZERO_ENTRY hazard is real, it applies to all of those too;
leave as a separate audit follow-up.
> - [Low] Lockless read of ctx->features races with its own WRITE_ONCE
> update, causing a data race.
Will be fixed in v5:
- !(ctx->features & UFFD_FEATURE_RWP))
+ !(userfaultfd_features(ctx) & UFFD_FEATURE_RWP))
> --
> Sashiko AI review ยท
> https://sashiko.dev/#/patchset/[email protected]?part=12
--
Kiryl Shutsemau / Kirill A. Shutemov
