| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Oct 2011 15:23:21 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Michal Hocko <mhocko@...e.cz> Cc: David Rientjes <rientjes@...gle.com>, Konstantin Khlebnikov <khlebnikov@...nvz.org>, Oleg Nesterov <oleg@...hat.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, "Rafael J. Wysocki" <rjw@...k.pl>, Rusty Russell <rusty@...tcorp.com.au>, Tejun Heo <htejun@...il.com>, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH 2/2] oom: do not live lock on frozen tasks On Tue, 27 Sep 2011 10:01:47 +0200 Michal Hocko <mhocko@...e.cz> wrote: > Konstantin Khlebnikov has reported (https://lkml.org/lkml/2011/8/23/45) > that OOM can end up in a live lock if select_bad_process picks up a frozen > task. > Unfortunately we cannot mark such processes as unkillable to ignore them > because we could panic the system even though there is a chance that > somebody could thaw the process so we can make a forward process (e.g. a > process from another cpuset or with a different nodemask). > > Let's thaw an OOM selected frozen process right after we've sent fatal > signal from oom_kill_task. > Thawing is safe if the frozen task doesn't access any suspended device > (e.g. by ioctl) on the way out to the userspace where we handle the > signal and die. Note, we are not interested in the kernel threads because > they are not oom killable. > > Accessing suspended devices by a userspace processes shouldn't be an > issue because devices are suspended only after userspace is already > frozen and oom is disabled at that time. > > Other than that userspace accesses the fridge only from the > signal handling routines so we are able to handle SIGKILL without any > negative side effects or we always check for pending signals after > we return from try_to_freeze (e.g. in lguest). > > Signed-off-by: Michal Hocko <mhocko@...e.cz> > Reported-by: Konstantin Khlebnikov <khlebnikov@...nvz.org> > Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> > Acked-by: Rafael J. Wysocki <rjw@...k.pl> > Acked-by: David Rientjes <rientjes@...gle.com> > --- > mm/oom_kill.c | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/mm/oom_kill.c b/mm/oom_kill.c > index 626303b..c419a7e 100644 > --- a/mm/oom_kill.c > +++ b/mm/oom_kill.c > @@ -32,6 +32,7 @@ > #include <linux/mempolicy.h> > #include <linux/security.h> > #include <linux/ptrace.h> > +#include <linux/freezer.h> > > int sysctl_panic_on_oom; > int sysctl_oom_kill_allocating_task; > @@ -451,10 +452,15 @@ static int oom_kill_task(struct task_struct *p, struct mem_cgroup *mem) > task_pid_nr(q), q->comm); > task_unlock(q); > force_sig(SIGKILL, q); > + > + if (frozen(q)) > + thaw_process(q); > } > > set_tsk_thread_flag(p, TIF_MEMDIE); > force_sig(SIGKILL, p); > + if (frozen(p)) > + thaw_process(p); > > return 0; > } I'm not sure this is 1000% correct. Perhaps there's a conceivable window after the "if (frozen)" test where the task can flip itself into the frozen state. thaw_process() itself appears to be callable regardless of the frozen state and will do the right thing under the right lock. So this code would be safer, correcter and slower if it unconditionally called thaw_process(). I'm sure it doesn't matter though ;) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists