Commit 84416db6 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Greg Kroah-Hartman

oom: task->mm == NULL doesn't mean the memory was freed

commit c027a474 upstream.

exit_mm() sets ->mm == NULL then it does mmput()->exit_mmap() which
frees the memory.

However select_bad_process() checks ->mm != NULL before TIF_MEMDIE,
so it continues to kill other tasks even if we have the oom-killed
task freeing its memory.

Change select_bad_process() to check ->mm after TIF_MEMDIE, but skip
the tasks which have already passed exit_notify() to ensure a zombie
with TIF_MEMDIE set can't block oom-killer. Alternatively we could
probably clear TIF_MEMDIE after exit_mmap().
Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Reviewed-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 06b94385
...@@ -303,7 +303,7 @@ static struct task_struct *select_bad_process(unsigned int *ppoints, ...@@ -303,7 +303,7 @@ static struct task_struct *select_bad_process(unsigned int *ppoints,
do_each_thread(g, p) { do_each_thread(g, p) {
unsigned int points; unsigned int points;
if (!p->mm) if (p->exit_state)
continue; continue;
if (oom_unkillable_task(p, mem, nodemask)) if (oom_unkillable_task(p, mem, nodemask))
continue; continue;
...@@ -319,6 +319,8 @@ static struct task_struct *select_bad_process(unsigned int *ppoints, ...@@ -319,6 +319,8 @@ static struct task_struct *select_bad_process(unsigned int *ppoints,
*/ */
if (test_tsk_thread_flag(p, TIF_MEMDIE)) if (test_tsk_thread_flag(p, TIF_MEMDIE))
return ERR_PTR(-1UL); return ERR_PTR(-1UL);
if (!p->mm)
continue;
if (p->flags & PF_EXITING) { if (p->flags & PF_EXITING) {
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment