Re: [PATCH v4 12/14] userfaultfd: add UFFDIO_SET_MODE for runtime sync/async toggle

Re: [PATCH v4 12/14] userfaultfd: add UFFDIO_SET_MODE for runtime sync/async toggle

[Kiryl Shutsemau]

On Mon, May 25, 2026 at 12:42:20PM +0000, sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
> - [High] The userfaultfd_set_mode function iterates over an external mm_struct's VMAs without verifying address space stability.

Pre-existing pattern across UFFD ioctls -- userfaultfd_register(),
userfaultfd_unregister(), userfaultfd_rwprotect() all iterate VMAs
after mmget_not_zero() + mmap_write_lock() without
check_stable_address_space().

If the XA_ZERO_ENTRY hazard is real, it applies to all of those too;
leave as a separate audit follow-up.

> - [Low] Lockless read of ctx->features races with its own WRITE_ONCE
> update, causing a data race.

Will be fixed in v5:

        -           !(ctx->features & UFFD_FEATURE_RWP))
        +           !(userfaultfd_features(ctx) & UFFD_FEATURE_RWP))

> -- 
> Sashiko AI review · https://sashiko.dev/#/patchset/20260525113737.1942478-1-kas@kernel.org?part=12

-- 
  Kiryl Shutsemau / Kirill A. Shutemov