| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20151005173601.GA23150@redhat.com> Date: Mon, 5 Oct 2015 19:36:01 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: David Rientjes <rientjes@...gle.com>, Kyle Walker <kwalker@...hat.com>, Michal Hocko <mhocko@...nel.org>, Stanislav Kozina <skozina@...hat.com>, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, linux-kernel@...r.kernel.org Subject: Re: [PATCH -mm] mm/oom_kill: change oom_kill_process() to bump ->mm_count rather than ->mm_users On 10/05, Oleg Nesterov wrote: > > oom_kill_process() does atomic_inc(&mm->mm_users) to ensure that > this ->mm can't go away and this is wrong, change it to rely on > ->mm_count and mmdrop(). > > Firstly, we do not want to delay exit_mmap/etc if the victim exits > before we do mmput(), but this is minor. > > More importantly, we simply can not do mmput() in oom_kill_process(), > this can deadlock. For example, suppose that access_process_vm(tsk) > triggers OOM and oom-killer decides to kill this "tsk". If it exits > and does mmput() before us, ksm_exit() called by us may want to want > to take the same mmap_sem for writing. Self nack to the changelog ;) I still think the patch is fine, I'll resend it. But the changelog is wrong, in the case above access_process_vm() adds another reference to ->mm_users, so mmput() can never lead to mm_users == 0. > Signed-off-by: Oleg Nesterov <oleg@...hat.com> > --- > mm/oom_kill.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/oom_kill.c b/mm/oom_kill.c > index 034d219..52abb78 100644 > --- a/mm/oom_kill.c > +++ b/mm/oom_kill.c > @@ -571,7 +571,7 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p, > > /* Get a reference to safely compare mm after task_unlock(victim) */ > mm = victim->mm; > - atomic_inc(&mm->mm_users); > + atomic_inc(&mm->mm_count); > /* > * We should send SIGKILL before setting TIF_MEMDIE in order to prevent > * the OOM victim from depleting the memory reserves from the user > @@ -609,7 +609,7 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p, > } > rcu_read_unlock(); > > - mmput(mm); > + mmdrop(mm); > put_task_struct(victim); > } > #undef K > -- > 2.4.3 > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists