Subject: + oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock.patch added to -mm tree To: oleg@xxxxxxxxxx,dserrg@xxxxxxxxx,ebiederm@xxxxxxxxxxxx,fweisbec@xxxxxxxxx,mhocko@xxxxxxx,msb@xxxxxxxxxxxx,rientjes@xxxxxxxxxx,snanda@xxxxxxxxxxxx,xiaobing.tu@xxxxxxxxx,xindong.ma@xxxxxxxxx From: akpm@xxxxxxxxxxxxxxxxxxxx Date: Mon, 09 Dec 2013 15:07:35 -0800 The patch titled Subject: oom_kill: has_intersects_mems_allowed() needs rcu_read_lock() has been added to the -mm tree. Its filename is oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Oleg Nesterov <oleg@xxxxxxxxxx> Subject: oom_kill: has_intersects_mems_allowed() needs rcu_read_lock() At least out_of_memory() calls has_intersects_mems_allowed() without even rcu_read_lock(), this is obviously buggy. Add the necessary rcu_read_lock(). This means that we can not simply return from the loop, we need "bool ret" and "break". While at it, swap the names of task_struct's (the argument and the local). This cleans up the code a little bit and avoids the unnecessary initialization. Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Reviewed-by: Sergey Dyasly <dserrg@xxxxxxxxx> Tested-by: Sergey Dyasly <dserrg@xxxxxxxxx> Reviewed-by: Sameer Nanda <snanda@xxxxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Frederic Weisbecker <fweisbec@xxxxxxxxx> Cc: Mandeep Singh Baines <msb@xxxxxxxxxxxx> Cc: "Ma, Xindong" <xindong.ma@xxxxxxxxx> Reviewed-by: Michal Hocko <mhocko@xxxxxxx> Cc: "Tu, Xiaobing" <xiaobing.tu@xxxxxxxxx> Acked-by: David Rientjes <rientjes@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/oom_kill.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff -puN mm/oom_kill.c~oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock mm/oom_kill.c --- a/mm/oom_kill.c~oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock +++ a/mm/oom_kill.c @@ -47,18 +47,20 @@ static DEFINE_SPINLOCK(zone_scan_lock); #ifdef CONFIG_NUMA /** * has_intersects_mems_allowed() - check task eligiblity for kill - * @tsk: task struct of which task to consider + * @start: task struct of which task to consider * @mask: nodemask passed to page allocator for mempolicy ooms * * Task eligibility is determined by whether or not a candidate task, @tsk, * shares the same mempolicy nodes as current if it is bound by such a policy * and whether or not it has the same set of allowed cpuset nodes. */ -static bool has_intersects_mems_allowed(struct task_struct *tsk, +static bool has_intersects_mems_allowed(struct task_struct *start, const nodemask_t *mask) { - struct task_struct *start = tsk; + struct task_struct *tsk; + bool ret = false; + rcu_read_lock(); for_each_thread(start, tsk) { if (mask) { /* @@ -67,19 +69,20 @@ static bool has_intersects_mems_allowed( * mempolicy intersects current, otherwise it may be * needlessly killed. */ - if (mempolicy_nodemask_intersects(tsk, mask)) - return true; + ret = mempolicy_nodemask_intersects(tsk, mask); } else { /* * This is not a mempolicy constrained oom, so only * check the mems of tsk's cpuset. */ - if (cpuset_mems_allowed_intersects(current, tsk)) - return true; + ret = cpuset_mems_allowed_intersects(current, tsk); } + if (ret) + break; } + rcu_read_unlock(); - return false; + return ret; } #else static bool has_intersects_mems_allowed(struct task_struct *tsk, _ Patches currently in -mm which might be from oleg@xxxxxxxxxx are introduce-for_each_thread-to-replace-the-buggy-while_each_thread.patch oom_kill-change-oom_killc-to-use-for_each_thread.patch oom_kill-has_intersects_mems_allowed-needs-rcu_read_lock.patch oom_kill-add-rcu_read_lock-into-find_lock_task_mm.patch autofs4-allow-autofs-to-work-outside-the-initial-pid-namespace.patch autofs4-translate-pids-to-the-right-namespace-for-the-daemon.patch coredump-set_dumpable-fix-the-theoretical-race-with-itself.patch coredump-kill-mmf_dumpable-and-mmf_dump_securely.patch coredump-make-__get_dumpable-get_dumpable-inline-kill-fs-coredumph.patch proc-cleanup-simplify-get_task_state-task_state_array.patch proc-fix-the-potential-use-after-free-in-first_tid.patch proc-change-first_tid-to-use-while_each_thread-rather-than-next_thread.patch proc-dont-abuse-group_leader-in-proc_task_readdir-paths.patch proc-fix-f_pos-overflows-in-first_tid.patch kernel-forkc-remove-redundant-null-check-in-dup_mm.patch exec-check_unsafe_exec-use-while_each_thread-rather-than-next_thread.patch exec-check_unsafe_exec-kill-the-dead-eagain-and-clear_in_exec-logic.patch exec-move-the-final-allow_write_access-fput-into-free_bprm.patch exec-kill-task_struct-did_exec.patch fs-proc-arrayc-change-do_task_stat-to-use-while_each_thread.patch kernel-sysc-k_getrusage-can-use-while_each_thread.patch kernel-signalc-change-do_signal_stop-do_sigaction-to-use-while_each_thread.patch linux-next.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html