Andrew, this can be either folded into 3/5 patch or go as a standalone one. I would be inclined to have it standalone for the record (the description should be pretty clear about the intention) and because the issue is highly unlikely. OOM during the PM freezer doesn't happen in 99% cases. On Sat 06-02-16 23:33:24, Tetsuo Handa wrote: > Michal Hocko wrote: [...] > > OK, I was thinking about it some more and it seems you are right here. > > oom_reaper as a kernel thread is not freezable automatically and so it > > might interfere after all the processes/kernel threads are considered > > frozen. Then it really might shut down TIF_MEMDIE too early and wake out > > oom_killer_disable. wait_event_freezable is not sufficient because the > > oom_reaper might running while the PM freezer is freezing tasks and it > > will miss it because it doesn't see it. > > I'm not using PM freezer, but your answer is opposite to my guess. > I thought try_to_freeze_tasks(false) is called by freeze_kernel_threads() > after oom_killer_disable() succeeded, and try_to_freeze_tasks(false) will > freeze both userspace tasks (including OOM victims which got TIF_MEMDIE > cleared by the OOM reaper) and kernel threads (including the OOM reaper). kernel threads which are not freezable are ignored by the freezer. > Thus, I was guessing that clearing TIF_MEMDIE without reaching do_exit() is > safe. Does the following explains it better? --- >From d7f57b1ac07532657312c91f3bba67cf0332b32f Mon Sep 17 00:00:00 2001 From: Michal Hocko <mhocko@xxxxxxxx> Date: Mon, 15 Feb 2016 10:09:39 +0100 Subject: [PATCH] oom: make oom_reaper freezable After "oom: clear TIF_MEMDIE after oom_reaper managed to unmap the address space" oom_reaper will call exit_oom_victim on the target task after it is done. This might however race with the PM freezer: CPU0 CPU1 CPU2 freeze_processes try_to_freeze_tasks # Allocation request out_of_memory oom_killer_disable wake_oom_reaper(P1) __oom_reap_task exit_oom_victim(P1) wait_event(oom_victims==0) [...] do_exit(P1) perform IO/interfere with the freezer which breaks the oom_killer_disable semantic. We no longer have a guarantee that the oom victim won't interfere with the freezer because it might be anywhere on the way to do_exit while the freezer thinks the task has already terminated. It might trigger IO or touch devices which are frozen already. In order to close this race, make the oom_reaper thread freezable. This will work because a) already running oom_reaper will block freezer to enter the quiescent state b) wake_oom_reaper will not wake up the reaper after it has been frozen c) the only way to call exit_oom_victim after try_to_freeze_tasks is from the oom victim's context when we know the further interference shouldn't be possible Signed-off-by: Michal Hocko <mhocko@xxxxxxxx> --- mm/oom_kill.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/oom_kill.c b/mm/oom_kill.c index ca61e6cfae52..7e9953a64489 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -521,6 +521,8 @@ static void oom_reap_task(struct task_struct *tsk) static int oom_reaper(void *unused) { + set_freezable(); + while (true) { struct task_struct *tsk = NULL; -- 2.7.0 -- Michal Hocko SUSE Labs -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>