From: Oleg Nesterov <oleg@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-mm@kvack.org,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
David Rientjes <rientjes@google.com>,
Vladimir Davydov <vdavydov@parallels.com>,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
Michal Hocko <mhocko@suse.com>
Subject: Re: [PATCH 4/6] mm, oom: skip vforked tasks from being selected
Date: Mon, 30 May 2016 21:28:57 +0200 [thread overview]
Message-ID: <20160530192856.GA25696@redhat.com> (raw)
In-Reply-To: <1464613556-16708-5-git-send-email-mhocko@kernel.org>
On 05/30, Michal Hocko wrote:
>
> Make sure to not select vforked task as an oom victim by checking
> vfork_done in oom_badness.
I agree, this look like a good change to me... But.
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -176,11 +176,13 @@ unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg,
>
> /*
> * Do not even consider tasks which are explicitly marked oom
> - * unkillable or have been already oom reaped.
> + * unkillable or have been already oom reaped or the are in
> + * the middle of vfork
> */
> adj = (long)p->signal->oom_score_adj;
> if (adj == OOM_SCORE_ADJ_MIN ||
> - test_bit(MMF_OOM_REAPED, &p->mm->flags)) {
> + test_bit(MMF_OOM_REAPED, &p->mm->flags) ||
> + p->vfork_done) {
I don't think we can trust vfork_done != NULL.
copy_process() doesn't disallow CLONE_VFORK without CLONE_VM, so with this patch
it would be trivial to make the exploit which hides a memory hog from oom-killer.
So perhaps we need something like
bool in_vfork(p)
{
return p->vfork_done &&
p->real_parent->mm == mm;
}
task_lock() is not enough if CLONE_VM was used along with CLONE_PARENT... so this
also needs rcu_read_lock() to access ->real_parent.
Or I am totally confused?
Oleg.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-mm@kvack.org,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
David Rientjes <rientjes@google.com>,
Vladimir Davydov <vdavydov@parallels.com>,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
Michal Hocko <mhocko@suse.com>
Subject: Re: [PATCH 4/6] mm, oom: skip vforked tasks from being selected
Date: Mon, 30 May 2016 21:28:57 +0200 [thread overview]
Message-ID: <20160530192856.GA25696@redhat.com> (raw)
In-Reply-To: <1464613556-16708-5-git-send-email-mhocko@kernel.org>
On 05/30, Michal Hocko wrote:
>
> Make sure to not select vforked task as an oom victim by checking
> vfork_done in oom_badness.
I agree, this look like a good change to me... But.
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -176,11 +176,13 @@ unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg,
>
> /*
> * Do not even consider tasks which are explicitly marked oom
> - * unkillable or have been already oom reaped.
> + * unkillable or have been already oom reaped or the are in
> + * the middle of vfork
> */
> adj = (long)p->signal->oom_score_adj;
> if (adj == OOM_SCORE_ADJ_MIN ||
> - test_bit(MMF_OOM_REAPED, &p->mm->flags)) {
> + test_bit(MMF_OOM_REAPED, &p->mm->flags) ||
> + p->vfork_done) {
I don't think we can trust vfork_done != NULL.
copy_process() doesn't disallow CLONE_VFORK without CLONE_VM, so with this patch
it would be trivial to make the exploit which hides a memory hog from oom-killer.
So perhaps we need something like
bool in_vfork(p)
{
return p->vfork_done &&
p->real_parent->mm == mm;
}
task_lock() is not enough if CLONE_VM was used along with CLONE_PARENT... so this
also needs rcu_read_lock() to access ->real_parent.
Or I am totally confused?
Oleg.
next prev parent reply other threads:[~2016-05-30 19:29 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-30 13:05 [PATCH 0/6 -v2] Handle oom bypass more gracefully Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 13:05 ` [PATCH 1/6] proc, oom: drop bogus task_lock and mm check Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 13:49 ` Vladimir Davydov
2016-05-30 13:49 ` Vladimir Davydov
2016-05-30 17:43 ` Oleg Nesterov
2016-05-30 17:43 ` Oleg Nesterov
2016-05-31 7:32 ` Michal Hocko
2016-05-31 7:32 ` Michal Hocko
2016-05-31 22:53 ` Oleg Nesterov
2016-05-31 22:53 ` Oleg Nesterov
2016-06-01 6:53 ` Michal Hocko
2016-06-01 6:53 ` Michal Hocko
2016-06-01 10:41 ` Tetsuo Handa
2016-06-01 10:41 ` Tetsuo Handa
2016-06-01 10:48 ` Michal Hocko
2016-06-01 10:48 ` Michal Hocko
2016-05-30 13:05 ` [PATCH 2/6] proc, oom_adj: extract oom_score_adj setting into a helper Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 13:05 ` [PATCH 3/6] mm, oom_adj: make sure processes sharing mm have same view of oom_score_adj Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-31 7:41 ` Michal Hocko
2016-05-31 7:41 ` Michal Hocko
2016-05-30 13:05 ` [PATCH 4/6] mm, oom: skip vforked tasks from being selected Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 19:28 ` Oleg Nesterov [this message]
2016-05-30 19:28 ` Oleg Nesterov
2016-05-31 7:42 ` Michal Hocko
2016-05-31 7:42 ` Michal Hocko
2016-05-31 21:43 ` Oleg Nesterov
2016-05-31 21:43 ` Oleg Nesterov
2016-06-01 7:09 ` Michal Hocko
2016-06-01 7:09 ` Michal Hocko
2016-06-01 14:12 ` Tetsuo Handa
2016-06-01 14:25 ` Michal Hocko
2016-06-02 10:45 ` Tetsuo Handa
2016-06-02 11:20 ` Michal Hocko
2016-06-02 11:31 ` Tetsuo Handa
2016-06-02 12:55 ` Michal Hocko
2016-05-30 13:05 ` [PATCH 5/6] mm, oom: kill all tasks sharing the mm Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 18:18 ` Oleg Nesterov
2016-05-30 18:18 ` Oleg Nesterov
2016-05-31 7:43 ` Michal Hocko
2016-05-31 7:43 ` Michal Hocko
2016-05-31 21:48 ` Oleg Nesterov
2016-05-31 21:48 ` Oleg Nesterov
2016-05-30 13:05 ` [PATCH 6/6] mm, oom: fortify task_will_free_mem Michal Hocko
2016-05-30 13:05 ` Michal Hocko
2016-05-30 17:35 ` Oleg Nesterov
2016-05-30 17:35 ` Oleg Nesterov
2016-05-31 7:46 ` Michal Hocko
2016-05-31 7:46 ` Michal Hocko
2016-05-31 22:29 ` Oleg Nesterov
2016-05-31 22:29 ` Oleg Nesterov
2016-06-01 7:03 ` Michal Hocko
2016-06-01 7:03 ` Michal Hocko
2016-05-31 15:03 ` Tetsuo Handa
2016-05-31 15:10 ` Michal Hocko
2016-05-31 15:29 ` Tetsuo Handa
2016-06-01 7:25 ` Michal Hocko
2016-06-01 12:04 ` Tetsuo Handa
2016-06-01 12:43 ` Michal Hocko
2016-06-02 14:03 ` [PATCH 7/6] mm, oom: task_will_free_mem should skip oom_reaped tasks Michal Hocko
2016-06-02 14:03 ` Michal Hocko
2016-06-02 15:24 ` Tetsuo Handa
2016-06-02 15:50 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160530192856.GA25696@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=mhocko@suse.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rientjes@google.com \
--cc=vdavydov@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.