task_lock(p) protects p->mm->oom_disable_count such that it accurately
represents the number of threads attached to that mm that cannot be
killed by the oom killer. p->signal->oom_score_adj is never changed
without holding the lock.
This was missed in the fork() path, so we take the lock to ensure
checking its oom_score_adj and decrementing oom_disable_count don't race.
Reported-by: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx>
---
kernel/fork.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1304,8 +1304,10 @@ bad_fork_cleanup_namespaces:
exit_task_namespaces(p);
bad_fork_cleanup_mm:
if (p->mm) {
+ task_lock(p);
if (p->signal->oom_score_adj == OOM_SCORE_ADJ_MIN)
atomic_dec(&p->mm->oom_disable_count);
+ task_unlock(p);
mmput(p->mm);
}
bad_fork_cleanup_signal:
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>