On Thu, Nov 03, 2016 at 11:24:46AM -0600, Mike Rapoport wrote: > (changed 'CC: > - Michael Rapoport <RAPOPORT@xxxxxxxxxx>, > - Dr. David Alan Gilbert@v2.random, <dgilbert@xxxxxxxxxx>, > + Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>, > - Pavel Emelyanov <xemul@xxxxxxxxxxxxx>@v2.random > + Pavel Emelyanov <xemul@xxxxxxxxxxxxx> Sorry for this mess, so it turns out git will crunch a non rfc2822 compliant email address just fine, but postfix will not be happy and it rewrites the header in a best effort way. The email is still delivered because send-email specifies the addresses that git can cope with on the sendmail command line instead of using -t, that's why the email is delivered by the header is garbled. On the git list they're discussing if the parsing of the email addresses can be made more strict to follow rfc2822, otherwise from --dry-run things look ok, but then when you removed --dry-run you find out the hard way you left a trailing " in an email address... > On Thu, Nov 03, 2016 at 04:01:12PM +0800, Hillf Danton wrote: > > On Thursday, November 03, 2016 3:34 AM Andrea Arcangeli wrote: > > > +void madvise_userfault_dontneed(struct vm_area_struct *vma, > > > + struct vm_area_struct **prev, > > > + unsigned long start, unsigned long end) > > > +{ > > > + struct userfaultfd_ctx *ctx; > > > + struct userfaultfd_wait_queue ewq; > > > + > > > + ctx = vma->vm_userfaultfd_ctx.ctx; > > > + if (!ctx || !(ctx->features & UFFD_FEATURE_EVENT_MADVDONTNEED)) > > > + return; > > > + > > > + userfaultfd_ctx_get(ctx); > > > + *prev = NULL; /* We wait for ACK w/o the mmap semaphore */ > > > + up_read(&vma->vm_mm->mmap_sem); > > > + > > > + msg_init(&ewq.msg); > > > + > > > + ewq.msg.event = UFFD_EVENT_MADVDONTNEED; > > > + ewq.msg.arg.madv_dn.start = start; > > > + ewq.msg.arg.madv_dn.end = end; > > > + > > > + userfaultfd_event_wait_completion(ctx, &ewq); > > > + > > > + down_read(&vma->vm_mm->mmap_sem); > > > > After napping with mmap_sem released, is vma still valid? Wow, nice catch Hillf. There was zero chance to catch this at runtime, we don't munmap the vma while the testcase runs, plus even if we did such thing, to notice it would need to be reused fast enough. It was just a single instruction window for a pointer dereference... > You are right, vma may be invalid at that point. Thanks for spotting. > > Andrea, how do you prefer the fix, incremental or the entire patch updated? I'm applying your updated patch, fix you sent is correct. I will also move *prev= NULL just after up_read too, doing it before up_read looks like it has to be done before before releasing the lock which is not the case. Furthermore it's a microoptimization for scalability to do it after, but it won't make any runtime difference of course. Thanks, Andrea -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>