On Wed, Sep 13, 2017 at 01:34:27PM +0200, Michal Hocko wrote:
> From: Michal Hocko <mhocko@xxxxxxxx>
>
> Andrea has noticed that the oom_reaper doesn't invalidate the range
> via mmu notifiers (mmu_notifier_invalidate_range_start,
> mmu_notifier_invalidate_range_end) and that can corrupt the memory
> of the kvm guest for example.
>
> tlb_flush_mmu_tlbonly already invokes mmu notifiers but that is not
> sufficient as per Andrea:
> : mmu_notifier_invalidate_range cannot be used in replacement of
> : mmu_notifier_invalidate_range_start/end. For KVM
> : mmu_notifier_invalidate_range is a noop and rightfully so. A MMU
> : notifier implementation has to implement either
> : ->invalidate_range method or the invalidate_range_start/end
> : methods, not both. And if you implement invalidate_range_start/end
> : like KVM is forced to do, calling mmu_notifier_invalidate_range in
> : common code is a noop for KVM.
> :
> : For those MMU notifiers that can get away only implementing
> : ->invalidate_range, the ->invalidate_range is implicitly called by
> : mmu_notifier_invalidate_range_end(). And only those secondary MMUs
> : that share the same pagetable with the primary MMU (like AMD
> : iommuv2) can get away only implementing ->invalidate_range.
>
> As the callback is allowed to sleep and the implementation is out
> of hand of the MM it is safer to simply bail out if there is an
> mmu notifier registered. In order to not fail too early make the
> mm_has_notifiers check under the oom_lock and have a little nap before
> failing to give the current oom victim some more time to exit.
>
> Changes since v1
> - move mm_has_notifiers check after we hold mmap_sem to prevent from
> any potential races as per Andrea
>
> Fixes: aac453635549 ("mm, oom: introduce oom reaper")
> Noticed-by: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> Cc: stable
> Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>
> ---
> Hi,
> I have posted this as an RFC previously [1]. I have updated
> the changelog to be more clear about the issue and moved the
> mm_has_notifiers after the lock has been take based on Andrea's
> suggestion.
>
> Can we merge this?
>
> [1] http://lkml.kernel.org/r/20170830084600.17491-1-mhocko@xxxxxxxxxx
>
> include/linux/mmu_notifier.h | 5 +++++
> mm/oom_kill.c | 16 ++++++++++++++++
> 2 files changed, 21 insertions(+)
Reviewed-by: Andrea Arcangeli <aarcange@xxxxxxxxxx>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
