From: Michal Hocko <mhocko@xxxxxxxx>
mmget_not_zero failing means that we are racing with mmput->__mmput
and we are currently interpreting this as a success because we believe
that __mmput will release the address space. This is not guaranteed
though because at least exit_aio might wait on IO and it is not entirely
clear whether it will terminate in a bounded amount of time. It is hard
to tell what else is lurking there.
This patch makes this path more conservative and we report a failure
which will lead to setting MMF_OOM_NOT_REAPABLE and MMF_OOM_REAPED if
this state is permanent.
Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>
---
mm/oom_kill.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 4ac089cba353..b2210b6c38ba 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -460,7 +460,7 @@ static bool __oom_reap_task(struct task_struct *tsk)
struct mm_struct *mm = NULL;
struct zap_details details = {.check_swap_entries = true,
.ignore_dirty = true};
- bool ret = true;
+ bool ret = false;
/*
* We have to make sure to not race with the victim exit path
@@ -479,10 +479,8 @@ static bool __oom_reap_task(struct task_struct *tsk)
mutex_lock(&oom_lock);
mm = tsk->signal->oom_mm;
- if (!down_read_trylock(&mm->mmap_sem)) {
- ret = false;
+ if (!down_read_trylock(&mm->mmap_sem))
goto unlock_oom;
- }
/*
* increase mm_users only after we know we will reap something so
@@ -494,6 +492,7 @@ static bool __oom_reap_task(struct task_struct *tsk)
goto unlock_oom;
}
+ ret = true;
tlb_gather_mmu(&tlb, mm, 0, -1);
for (vma = mm->mmap ; vma; vma = vma->vm_next) {
if (is_vm_hugetlb_page(vma))
--
2.8.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>