Add UFFD write protection

[ValentaTomas]

• I'll test the WP functionality with FC 1.10.
• Check possible improvements for build system (WP applies only for sandboxes started from snapshots)

---

Note

Add UFFD write-protection support (register, handle WP faults, remove WP) and switch dirty tracking to writes; update mapping API and orchestrator integration with graceful fd-exit.

• UFFD/Userfaultfd:
  • Add write-protection support: new UFFDIO_WRITEPROTECT, UFFDIO_COPY_MODE_WP, flags, and Fd.writeProtect.
  • Register regions with UFFDIO_REGISTER_MODE_WP|MISSING in NewUserfaultfdFromFd and abstract fd via uffdio interface.
  • Handle events:
    • Missing reads: COPY with MODE_WP.
    • Missing writes: COPY (no WP) and mark dirty.
    • WP faults: remove WP and mark dirty.
  • Track accessed vs. dirty pages separately (missingRequests, writeRequests); Dirty() now returns write-based tracker.
  • Serve loop: poll via interface fd(), return fdexit.ErrFdExit on exit pipe, improved EINTR/EAGAIN handling.
  • Unregister/copy/sizes normalized to uintptr; close via interface.
• Orchestrator integration (uffd/uffd.go):
  • Pass userfaultfd.Fd to constructor; treat fdexit.ErrFdExit as normal shutdown; Stop() signals exit.
• FdExit:
  • Introduce ErrFdExit and propagate on graceful termination.
• Memory Mapping:
  • Change Mapping.GetOffset page size type from uint64 to uintptr.
• Tests:
  • Extensive new tests for missing/read/write, write-protection paths, random ops, event sequencing, cross-process serving, and settling behavior; helper fd/test utilities added and existing tests updated to new types.

^{Written by Cursor Bugbot for commit baa5ec3. This will update automatically on new commits. Configure here.}

[ValentaTomas]

bugbot run

[ValentaTomas]

@codex review

[cursor]

✅ Bugbot reviewed your changes and found no bugs!

---

[Copilot]

Pull Request Overview

This PR adds comprehensive UFFD (userfaultfd) write-protection support to track dirty pages, enabling more efficient snapshot creation. The implementation introduces a dual-tracking mechanism: read accesses are tracked via missingRequests and writes via writeRequests, with write-protected pages being unprotected on write faults and marked as dirty.

Key Changes:

• Implements write-protection flow: reads copy with UFFDIO_COPY_MODE_WP, writes to protected pages trigger WP+WRITE faults that remove protection and mark pages dirty
• Refactors fd handling from uffdFd to interface-based uffdio with Fd type, introducing ErrFdExit sentinel for clean termination
• Updates Mapping.GetOffset return type from uint64 to uintptr for page size consistency

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
userfaultfd_write_protection_test.go	Adds comprehensive write-protection tests covering standard/hugepages, serial/parallel operations
userfaultfd_test.go	Extensive test suite for UFFD events, request settling, and random operation sequences
userfaultfd_process_helpers_test.go	Updates cross-process test infrastructure with separate accessed/dirty offset tracking and improved signal handling
userfaultfd_missing_write_test.go	Enhances missing write tests with write-after-write scenarios and dirty offset validation
userfaultfd_missing_test.go	Updates missing read tests to use unified operation execution
userfaultfd_helpers_test.go	Adds executeOperation helper and accessed utility function
userfaultfd.go	Core implementation: adds uffdio interface, dual tracking (missingRequests/writeRequests), handleWriteProtected method
fd_helpers_test.go	Introduces mockFd for isolated testing and helpers for fd/API configuration
fd.go	Adds WP constants, writeProtect method, refactors to Fd type with interface compliance
uffd.go	Updates to use new Fd type and handle ErrFdExit as normal termination
mapping_test.go	Updates assertions for uintptr return type change
mapping.go	Changes GetOffset page-size return from uint64 to uintptr
fdexit.go	Adds ErrFdExit sentinel error for clean exit signaling

Comments suppressed due to low confidence (3)

packages/orchestrator/internal/sandbox/uffd/userfaultfd/userfaultfd_process_helpers_test.go:287

• Typo in variable name: accessedOffsestsSignal should be accessedOffsetsSignal (missing 't' in 'offsets').
  packages/orchestrator/internal/sandbox/uffd/userfaultfd/userfaultfd_process_helpers_test.go:298
• Typo in variable name: accessedOffsestsSignal should be accessedOffsetsSignal (missing 't' in 'offsets'). This is used in signal.Notify and select case, so it should be consistent.
  packages/orchestrator/internal/sandbox/uffd/userfaultfd/userfaultfd_missing_write_test.go:13
• Typo in comment: "flakyness" should be "flakiness".

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[ValentaTomas]

I'll test the WP functionality with FC 1.10.

[ValentaTomas]

• Handle writes to FC memory after FC pause (at least the io_uring does this).