Hi! Julian Orth reported at https://bugzilla.kernel.org/show_bug.cgi?id=219106 that udmabuf_create() checks for F_SEAL_WRITE in a racy way, so a udmabuf can end up holding references to pages in a write-sealed memfd, which theoretically breaks one of the security properties of memfd sealing. See also the discussion starting at <https://lore.kernel.org/linux-mm/CAHijbEV6wtTQy01djSfWBJksq4AEoZ=KYUsaKEKNSXbTTSM-Ww@xxxxxxxxxxxxxx/>. I think one possible correct pattern would be something like: mapping_map_writable() [with error bailout] check seals with F_GET_SEALS udmabuf_pin_folios() mapping_unmap_writable()
