Huge vmalloc allocation on heavy loaded node can lead to a global memory shortage. Task called vmalloc can have worst badness and be selected by OOM-killer, however taken fatal signal does not interrupt allocation cycle. Vmalloc repeat page allocaions again and again, exacerbating the crisis and consuming the memory freed up by another killed tasks. After a successful completion of the allocation procedure, a fatal signal will be processed and task will be destroyed finally. However it may not release the consumed memory, since the allocated object may have a lifetime unrelated to the completed task. In the worst case, this can lead to the host will panic due to "Out of memory and no killable processes..." This patch allows OOM-killer to break vmalloc cycle, makes OOM more effective and avoid host panic. It does not check oom condition directly, however, and breaks page allocation cycle when fatal signal was received. This may trigger some hidden problems, when caller does not handle vmalloc failures, or when rollaback after failed vmalloc calls own vmallocs inside. However all of these scenarios are incorrect: vmalloc does not guarantee successful allocation, it has never been called with __GFP_NOFAIL and threfore either should not be used for any rollbacks or should handle such errors correctly and not lead to critical failures. Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> --- v2: tsk_is_oom_victim() check replaced by fatal_signal_pending(current), removed check inside __alloc_pages_bulk(), according to feedback from mhocko@. Updated patch description. --- mm/vmalloc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index d77830ff604c..71706f5447f0 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2860,6 +2860,9 @@ vm_area_alloc_pages(gfp_t gfp, int nid, struct page *page; int i; + if (fatal_signal_pending(current)) + break; + page = alloc_pages_node(nid, gfp, order); if (unlikely(!page)) break; -- 2.31.1