| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Oct 2015 18:56:12 +0200 From: Michal Hocko <mhocko@...nel.org> To: Oleg Nesterov <oleg@...hat.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, David Rientjes <rientjes@...gle.com>, Kyle Walker <kwalker@...hat.com>, Stanislav Kozina <skozina@...hat.com>, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, linux-kernel@...r.kernel.org Subject: Re: [PATCH -mm] mmoom-fix-potentially-killing-unrelated-process-fix On Tue 06-10-15 18:28:04, Oleg Nesterov wrote: > oom_kill_process() does atomic_inc(&mm->mm_users) to ensure that > this ->mm can't go away and this is wrong, change it to rely on > ->mm_count and mmdrop(). > > Firstly, we do not want to delay exit_mmap/etc if the victim exits > before we do mmput(), but this is minor. > > More importantly, we simply can not do mmput() in oom_kill_process(), > this can deadlock if (for example) the caller holds i_mmap_rwsem and > mmput() actually leads to exit_mmap(); the victim can have this file > mmaped and in this case unmap_vmas/free_pgtables paths will take the > same lock for writing. And at least huge_pmd_share() does pmd_alloc() > under i_mmap_rwsem because VM_HUGETLB memory is not reclaimable. Ouch, I have completely missed this during review! Thanks for catching this. On the second thought it is clear now. We really want to pin the mm_struct not the address space. > Signed-off-by: Oleg Nesterov <oleg@...hat.com> Acked-by: Michal Hocko <mhocko@...e.com> > --- > mm/oom_kill.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/oom_kill.c b/mm/oom_kill.c > index 034d219..52abb78 100644 > --- a/mm/oom_kill.c > +++ b/mm/oom_kill.c > @@ -571,7 +571,7 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p, > > /* Get a reference to safely compare mm after task_unlock(victim) */ > mm = victim->mm; > - atomic_inc(&mm->mm_users); > + atomic_inc(&mm->mm_count); > /* > * We should send SIGKILL before setting TIF_MEMDIE in order to prevent > * the OOM victim from depleting the memory reserves from the user > @@ -609,7 +609,7 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p, > } > rcu_read_unlock(); > > - mmput(mm); > + mmdrop(mm); > put_task_struct(victim); > } > #undef K > -- > 2.4.3 > -- Michal Hocko SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists