From: Dave Peterson <dsp@llnl.gov>
To: Andrew Morton <akpm@osdl.org>, Paul Jackson <pj@sgi.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
riel@surriel.com, nickpiggin@yahoo.com.au, ak@suse.de
Subject: Re: [PATCH 1/2 (repost)] mm: serialize OOM kill operations
Date: Thu, 27 Apr 2006 14:32:56 -0700 [thread overview]
Message-ID: <200604271432.56803.dsp@llnl.gov> (raw)
In-Reply-To: <20060427140921.249a00b0.akpm@osdl.org>
On Thursday 27 April 2006 14:09, Andrew Morton wrote:
> Paul Jackson <pj@sgi.com> wrote:
> > Adding a 'oom_notify' bitfield after the existing 'dumpable'
> > bitfield in mm_struct would save that slot:
> >
> > unsigned dumpable:2;
> > unsigned oom_notify:1;
>
> Note that these will occupy the same machine word. So they'll need
> locking. (Good luck trying to demonstrate the race though!)
Taking a quick look at the code, I think a race could happen like this:
Task A is executing a system call handler such as sys_setgid(),
sys_setuid(), etc. that assigns a value to the 'dumpable' field (i.e.
current->mm->dumpable = suid_dumpable; ). At the same time the OOM
killer decides to shoot task A. The following sequence of events could
take place:
1. Task A reads the machine word containing 'dumpable' into a
register and modifies the value in the register so that
'dumpable' is set to the desired value.
2. Task B, which is executing the OOM killer code, has decided to
shoot task A. B reads the machine word containing 'dumpable'
into a register, sets the bit corresponding to 'oom_notify',
and writes the machine word back to memory.
3. Task A writes its machine word back to memory, which wipes out
the setting of the 'oom_notify' bit by task B. Now the OOM
kill operation will never terminate, and all future OOM kill
operations will be prevented.
I guess it would be kind of nice if we had some sort of primitive for
atomically modifying multiple bits within a machine word.
Oh well :-/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-04-27 21:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-27 20:08 [PATCH 1/2 (repost)] mm: serialize OOM kill operations Dave Peterson
2006-04-27 20:44 ` Paul Jackson
2006-04-27 21:09 ` Andrew Morton
2006-04-27 21:32 ` Dave Peterson [this message]
2006-04-27 23:02 ` Paul Jackson
2006-04-28 22:09 ` Dave Peterson
2006-04-27 22:56 ` Andrew Morton
2006-04-28 21:59 ` Dave Peterson
2006-04-28 22:16 ` Andrew Morton
2006-04-28 22:24 ` Dave Peterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200604271432.56803.dsp@llnl.gov \
--to=dsp@llnl.gov \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nickpiggin@yahoo.com.au \
--cc=pj@sgi.com \
--cc=riel@surriel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).