From: Andrea Arcangeli <aarcange@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Oleg Nesterov <oleg@redhat.com>, Hugh Dickins <hughd@google.com>,
linux-mm@kvack.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mm, oom: allow oom reaper to race with exit_mmap
Date: Tue, 25 Jul 2017 21:19:52 +0200 [thread overview]
Message-ID: <20170725191952.GR29716@redhat.com> (raw)
In-Reply-To: <20170725160359.GO26723@dhcp22.suse.cz>
On Tue, Jul 25, 2017 at 06:04:00PM +0200, Michal Hocko wrote:
> - down_write(&mm->mmap_sem);
> + if (tsk_is_oom_victim(current))
> + down_write(&mm->mmap_sem);
> free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING);
> tlb_finish_mmu(&tlb, 0, -1);
>
> @@ -3012,7 +3014,8 @@ void exit_mmap(struct mm_struct *mm)
> }
> mm->mmap = NULL;
> vm_unacct_memory(nr_accounted);
> - up_write(&mm->mmap_sem);
> + if (tsk_is_oom_victim(current))
> + up_write(&mm->mmap_sem);
How is this possibly safe? mark_oom_victim can run while exit_mmap is
running. Even if you cache the first read in the local stack, failure
to notice you marked it, could lead to use after free. Or at least
there's no comment on which lock should prevent the use after free
with the above.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-07-25 19:19 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-24 7:23 [PATCH] mm, oom: allow oom reaper to race with exit_mmap Michal Hocko
2017-07-24 14:00 ` Kirill A. Shutemov
2017-07-24 14:15 ` Michal Hocko
2017-07-24 14:51 ` Kirill A. Shutemov
2017-07-24 16:11 ` Michal Hocko
2017-07-25 14:17 ` Kirill A. Shutemov
2017-07-25 14:26 ` Michal Hocko
2017-07-25 15:07 ` Kirill A. Shutemov
2017-07-25 15:15 ` Michal Hocko
2017-07-25 14:26 ` Michal Hocko
2017-07-25 15:17 ` Kirill A. Shutemov
2017-07-25 15:23 ` Michal Hocko
2017-07-25 15:31 ` Kirill A. Shutemov
2017-07-25 16:04 ` Michal Hocko
2017-07-25 19:19 ` Andrea Arcangeli [this message]
2017-07-26 5:45 ` Michal Hocko
2017-07-26 16:29 ` Andrea Arcangeli
2017-07-26 16:43 ` Andrea Arcangeli
2017-07-27 6:50 ` Michal Hocko
2017-07-27 14:55 ` Andrea Arcangeli
2017-07-28 6:23 ` Michal Hocko
2017-07-28 1:58 ` [PATCH 1/1] mm: oom: let oom_reap_task and exit_mmap to run kbuild test robot
2017-08-15 0:20 ` [PATCH] mm, oom: allow oom reaper to race with exit_mmap David Rientjes
2017-07-24 15:27 ` Michal Hocko
2017-07-24 16:42 ` kbuild test robot
2017-07-24 18:12 ` Michal Hocko
2017-07-25 15:26 ` Andrea Arcangeli
2017-07-25 15:45 ` Michal Hocko
2017-07-25 18:26 ` Andrea Arcangeli
2017-07-26 5:45 ` Michal Hocko
2017-07-26 16:39 ` Andrea Arcangeli
2017-07-27 6:32 ` Michal Hocko
-- strict thread matches above, loose matches on Subject: below --
2017-08-10 8:16 Michal Hocko
2017-08-10 18:05 ` Andrea Arcangeli
2017-08-10 18:51 ` Michal Hocko
2017-08-10 20:36 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170725191952.GR29716@redhat.com \
--to=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=oleg@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).