iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[PATCH] mm: fix mm_struct reference counting bugs in mm/oom_kill.c

Browse Source 
Fix oom_kill_task() so it doesn't call mmput() (which may sleep) while
holding tasklist_lock.

Signed-off-by: David S. Peterson <dsp@llnl.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Dave Peterson 2006-04-18 22:20:44 -07:00 committed by Linus Torvalds
parent 97c2c9b84d
commit 013159227b
1 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
mm/oom_kill.c
View File

@ -254,17 +254,24 @@ static void __oom_kill_task(task_t *p, const char *message)
force_sig(SIGKILL, p); force_sig(SIGKILL, p);
} }
static struct mm_struct *oom_kill_task(task_t *p, const char *message) static int oom_kill_task(task_t *p, const char *message)
{ {
struct mm_struct *mm = get_task_mm(p); struct mm_struct *mm;
task_t * g, * q; task_t * g, * q;
if (!mm) mm = p->mm;
return NULL;
if (mm == &init_mm) { /* WARNING: mm may not be dereferenced since we did not obtain its
mmput(mm); * value from get_task_mm(p). This is OK since all we need to do is
return NULL; * compare mm to q->mm below.
} *
* Furthermore, even if mm contains a non-NULL value, p->mm may
* change to NULL at any time since we do not hold task_lock(p).
* However, this is of no concern to us.
*/
if (mm == NULL || mm == &init_mm)
return 1;
__oom_kill_task(p, message); __oom_kill_task(p, message);
/* /*
@ -276,13 +283,12 @@ static struct mm_struct *oom_kill_task(task_t *p, const char *message)
__oom_kill_task(q, message); __oom_kill_task(q, message);
while_each_thread(g, q); while_each_thread(g, q);
return mm; return 0;
} }
static struct mm_struct *oom_kill_process(struct task_struct *p, static int oom_kill_process(struct task_struct *p, unsigned long points,
unsigned long points, const char *message) const char *message)
{ {
struct mm_struct *mm;
struct task_struct *c; struct task_struct *c;
struct list_head *tsk; struct list_head *tsk;
@ -293,9 +299,8 @@ static struct mm_struct *oom_kill_process(struct task_struct *p,
c = list_entry(tsk, struct task_struct, sibling); c = list_entry(tsk, struct task_struct, sibling);
if (c->mm == p->mm) if (c->mm == p->mm)
continue; continue;
mm = oom_kill_task(c, message); if (!oom_kill_task(c, message))
if (mm) return 0;
return mm;
} }
return oom_kill_task(p, message); return oom_kill_task(p, message);
} }
@ -310,7 +315,6 @@ static struct mm_struct *oom_kill_process(struct task_struct *p,
*/ */
void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order) void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
{ {
struct mm_struct *mm = NULL;
task_t *p; task_t *p;
unsigned long points = 0; unsigned long points = 0;
@ -330,12 +334,12 @@ void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
*/ */
switch (constrained_alloc(zonelist, gfp_mask)) { switch (constrained_alloc(zonelist, gfp_mask)) {
case CONSTRAINT_MEMORY_POLICY: case CONSTRAINT_MEMORY_POLICY:
mm = oom_kill_process(current, points, oom_kill_process(current, points,
"No available memory (MPOL_BIND)"); "No available memory (MPOL_BIND)");
break; break;
case CONSTRAINT_CPUSET: case CONSTRAINT_CPUSET:
mm = oom_kill_process(current, points, oom_kill_process(current, points,
"No available memory in cpuset"); "No available memory in cpuset");
break; break;
@ -357,8 +361,7 @@ retry:
panic("Out of memory and no killable processes...\n"); panic("Out of memory and no killable processes...\n");
} }
mm = oom_kill_process(p, points, "Out of memory"); if (oom_kill_process(p, points, "Out of memory"))
if (!mm)
goto retry; goto retry;
break; break;
@ -367,8 +370,6 @@ retry:
out: out:
read_unlock(&tasklist_lock); read_unlock(&tasklist_lock);
cpuset_unlock(); cpuset_unlock();
if (mm)
mmput(mm);
/* /*
* Give "p" a good chance of killing itself before we * Give "p" a good chance of killing itself before we