| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Dec 2021 11:03:46 -0800
From: Suren Baghdasaryan <surenb@...gle.com>
To: Michal Hocko <mhocko@...e.com>
Cc: akpm@...ux-foundation.org, rientjes@...gle.com,
willy@...radead.org, hannes@...xchg.org, guro@...com,
riel@...riel.com, minchan@...nel.org, kirill@...temov.name,
aarcange@...hat.com, christian@...uner.io, hch@...radead.org,
oleg@...hat.com, david@...hat.com, jannh@...gle.com,
shakeelb@...gle.com, luto@...nel.org, christian.brauner@...ntu.com,
fweimer@...hat.com, jengelh@...i.de, timmurray@...gle.com,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
kernel-team@...roid.com
Subject: Re: [PATCH v4 3/3] mm/oom_kill: allow process_mrelease to run under
mmap_lock protection
On Thu, Dec 9, 2021 at 12:59 AM Michal Hocko <mhocko@...e.com> wrote:
>
> On Wed 08-12-21 13:22:11, Suren Baghdasaryan wrote:
> > With exit_mmap holding mmap_write_lock during free_pgtables call,
> > process_mrelease does not need to elevate mm->mm_users in order to
> > prevent exit_mmap from destrying pagetables while __oom_reap_task_mm
> > is walking the VMA tree. The change prevents process_mrelease from
> > calling the last mmput, which can lead to waiting for IO completion
> > in exit_aio.
> >
> > Fixes: 337546e83fc7 ("mm/oom_kill.c: prevent a race between process_mrelease and exit_mmap")
>
> I am not sure I have brought this up already but I do not think Fixes
> tag is a good fit. 337546e83fc7 is a correct way to handle the race. It
> is just slightly less optimal than this fix.
Will post v5 without it. Thanks!
>
> > Signed-off-by: Suren Baghdasaryan <surenb@...gle.com>
>
> Acked-by: Michal Hocko <mhocko@...e.com>
>
> Thanks!
> > ---
> > mm/oom_kill.c | 27 +++++++++++++++------------
> > 1 file changed, 15 insertions(+), 12 deletions(-)
> >
> > diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> > index 1ddabefcfb5a..67780386f478 100644
> > --- a/mm/oom_kill.c
> > +++ b/mm/oom_kill.c
> > @@ -1169,15 +1169,15 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags)
> > goto put_task;
> > }
> >
> > - if (mmget_not_zero(p->mm)) {
> > - mm = p->mm;
> > - if (task_will_free_mem(p))
> > - reap = true;
> > - else {
> > - /* Error only if the work has not been done already */
> > - if (!test_bit(MMF_OOM_SKIP, &mm->flags))
> > - ret = -EINVAL;
> > - }
> > + mm = p->mm;
> > + mmgrab(mm);
> > +
> > + if (task_will_free_mem(p))
> > + reap = true;
> > + else {
> > + /* Error only if the work has not been done already */
> > + if (!test_bit(MMF_OOM_SKIP, &mm->flags))
> > + ret = -EINVAL;
> > }
> > task_unlock(p);
> >
> > @@ -1188,13 +1188,16 @@ SYSCALL_DEFINE2(process_mrelease, int, pidfd, unsigned int, flags)
> > ret = -EINTR;
> > goto drop_mm;
> > }
> > - if (!__oom_reap_task_mm(mm))
> > + /*
> > + * Check MMF_OOM_SKIP again under mmap_read_lock protection to ensure
> > + * possible change in exit_mmap is seen
> > + */
> > + if (!test_bit(MMF_OOM_SKIP, &mm->flags) && !__oom_reap_task_mm(mm))
> > ret = -EAGAIN;
> > mmap_read_unlock(mm);
> >
> > drop_mm:
> > - if (mm)
> > - mmput(mm);
> > + mmdrop(mm);
> > put_task:
> > put_task_struct(task);
> > return ret;
> > --
> > 2.34.1.400.ga245620fadb-goog
>
> --
> Michal Hocko
> SUSE Labs
Powered by blists - more mailing lists