• Michal Hocko's avatar
    oom_reaper: close race with exiting task · e2fe1456
    Michal Hocko authored
    Tetsuo has reported:
      Out of memory: Kill process 443 (oleg's-test) score 855 or sacrifice child
      Killed process 443 (oleg's-test) total-vm:493248kB, anon-rss:423880kB, file-rss:4kB, shmem-rss:0kB
      sh invoked oom-killer: gfp_mask=0x24201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), order=0, oom_score_adj=0
      sh cpuset=/ mems_allowed=0
      CPU: 2 PID: 1 Comm: sh Not tainted 4.6.0-rc7+ #51
      Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
      Call Trace:
        dump_stack+0x85/0xc8
        dump_header+0x5b/0x394
      oom_reaper: reaped process 443 (oleg's-test), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
    
    In other words:
    
      __oom_reap_task		exit_mm
        atomic_inc_not_zero
    				  tsk->mm = NULL
    				  mmput
    				    atomic_dec_and_test # > 0
    				  exit_oom_victim # New victim will be
    						  # selected
    				<OOM killer invoked>
    				  # no TIF_MEMDIE task so we can select a new one
        unmap_page_range # to release the memory
    
    The race exists even without the oom_reaper because anybody who pins the
    address space and gets preempted might race with exit_mm but oom_reaper
    made this race more probable.
    
    We can address the oom_reaper part by using oom_lock for __oom_reap_task
    because this would guarantee that a new oom victim will not be selected
    if the oom reaper might race with the exit path.  This doesn't solve the
    original issue, though, because somebody else still might be pinning
    mm_users and so __mmput won't be called to release the memory but that
    is not really realiably solvable because the task will get away from the
    oom sight as soon as it is unhashed from the task_list and so we cannot
    guarantee a new victim won't be selected.
    
    [akpm@linux-foundation.org: fix use of unused `mm', Per Stephen]
    [akpm@linux-foundation.org: coding-style fixes]
    Fixes: aac45363 ("mm, oom: introduce oom reaper")
    Link: http://lkml.kernel.org/r/1464271493-20008-1-git-send-email-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
    Reported-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    e2fe1456
oom_kill.c 27.3 KB