linux/drivers/char
Salman Qazi 730c586ad5 drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero
While running 20 parallel instances of dd as follows:

  #!/bin/bash
  for i in `seq 1 20`; do
           dd if=/dev/zero of=/export/hda3/dd_$i bs=1073741824 count=1 &
  done
  wait

on a 16G machine, we noticed that rather than just killing the processes,
the entire kernel went down.  Stracing dd reveals that it first does an
mmap2, which makes 1GB worth of zero page mappings.  Then it performs a
read on those pages from /dev/zero, and finally it performs a write.

The machine died during the reads.  Looking at the code, it was noticed
that /dev/zero's read operation had been changed by
557ed1fa26 ("remove ZERO_PAGE") from giving
zero page mappings to actually zeroing the page.

The zeroing of the pages causes physical pages to be allocated to the
process.  But, when the process exhausts all the memory that it can, the
kernel cannot kill it, as it is still in the kernel mode allocating more
memory.  Consequently, the kernel eventually crashes.

To fix this, I propose that when a fatal signal is pending during
/dev/zero read operation, we simply return and let the user process die.

Signed-off-by: Salman Qazi <sqazi@google.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ Modified error return and comment trivially.  - Linus]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-04 15:20:39 -07:00
..
agp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-04-20 08:42:48 -07:00
hw_random virtio-rng: Remove false BUG for spurious callbacks 2009-04-24 13:28:30 -07:00
ip2 proc tty: switch ip2 to ->proc_fops 2009-04-01 08:59:08 -07:00
ipmi ipmi: fix ipmi_si modprobe hang 2009-05-22 07:30:41 -07:00
mwave mwave: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:38 -08:00
pcmcia proc tty: switch synclink_cs to ->proc_fops 2009-04-01 08:59:08 -07:00
rio rio: addition has higher precedence than ?: 2009-04-06 14:36:43 -07:00
tpm TPM: get_event_name stack corruption 2009-05-20 08:30:05 +10:00
xilinx_hwicap xilinx_hwicap: remove improper wording in license statement 2008-12-17 11:23:07 -08:00
.gitignore
amiserial.c proc tty: switch amiserial to ->proc_fops 2009-04-01 08:59:10 -07:00
apm-emulation.c APM emulation: Notify about all suspend events, not just APM invoked ones (v2) 2008-07-16 23:27:02 +02:00
applicom.c applicom: Auto-load applicom module when device opened. 2009-04-06 14:36:30 -07:00
applicom.h
bfin-otp.c
briq_panel.c briq_panel: BKL pushdown 2008-06-20 14:05:55 -06:00
bsr.c trivial: drivers/char/bsr.c: Storage class should be before const qualifier 2009-03-30 15:22:02 +02:00
cd1865.h
ChangeLog
consolemap.c consolemap: indentation & braces disagree - reindent 2009-01-06 15:59:30 -08:00
cp437.uni unicode table for cp437 2008-12-13 11:25:49 -08:00
cs5535_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
cyclades.c cyclades: Auto-load cyclades module when device opened. 2009-04-06 14:36:30 -07:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1302.c rtc: use bcd2bin/bin2bcd 2008-10-20 08:52:41 -07:00
ds1620.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
dsp56k.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
dtlk.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
efirtc.c drivers/char/efirtc.c: removed duplicated #include 2008-08-04 16:59:56 -07:00
epca.c trivial: fix an -> a typos in documentation and comments 2009-01-06 11:28:07 +01:00
epca.h epca: use tty_port 2008-07-20 17:12:36 -07:00
epcaconfig.h
esp.c esp: fix section mismatch warning 2009-04-07 08:31:03 -07:00
generic_nvram.c driver/char/generic_nvram: fix banner 2008-06-12 18:05:41 -07:00
generic_serial.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
genrtc.c genrtc: BKL pushdown 2008-06-20 14:05:57 -06:00
hangcheck-timer.c
hpet.c clocksource: pass clocksource to read() callback 2009-04-21 13:41:47 -07:00
hvc_beat.c powerpc/cell: Use correct types in beat files 2009-01-08 16:25:16 +11:00
hvc_console.c hvc_console: Remove tty->low_latency 2009-01-16 16:15:16 +11:00
hvc_console.h powerpc: Make open count variables signed in hvcs/hvsi/hvc_console 2008-12-03 21:04:13 +11:00
hvc_irq.c hvc_console: Call free_irq() only if request_irq() was successful 2009-01-13 14:48:01 +11:00
hvc_iseries.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_iucv.c [S390] hvc_iucv: Provide IUCV z/VM user ID filtering 2009-03-26 15:24:08 +01:00
hvc_rtas.c
hvc_udbg.c powerpc: udbg-based backend for hvc_console 2008-11-19 16:04:25 +11:00
hvc_vio.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_xen.c hvc_console: Add a hangup notifier for backends 2008-10-22 10:59:54 +11:00
hvcs.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
hvsi.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
i8k.c i8k: Add Dell Vostro systems 2009-01-02 10:28:32 -08:00
isicom.c isicom: isicom kref leak fix 2009-04-06 14:36:33 -07:00
istallion.c proc tty: switch istallion to ->proc_fops 2009-04-01 08:59:08 -07:00
Kconfig NVRAM depends on RTC_DRV_CMOS 2009-01-31 01:21:59 +01:00
keyboard.c Input: keyboard - fix potential out of bound access to key_map 2008-10-08 23:45:36 -04:00
lp.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-12-28 16:54:33 -08:00
mbcs.c mbcs: cdev lock_kernel() pushdown 2008-06-20 14:05:48 -06:00
mbcs.h
mem.c drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero 2009-06-04 15:20:39 -07:00
misc.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
mmtimer.c mmtimer: Push BKL down into the ioctl handler 2008-07-17 11:34:49 -07:00
moxa.c tty: moxa, fix refcounting in moxa_poll_port 2009-04-06 14:36:33 -07:00
moxa.h
mspec.c mspec: convert nopfn to fault 2008-07-24 10:47:14 -07:00
mxser.c mxser: remove tty_port_tty_get from mxser_check_modem_status 2009-04-06 14:36:33 -07:00
mxser.h
n_hdlc.c tty: some ICANON magic is in the wrong places 2008-10-13 09:51:44 -07:00
n_r3964.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
n_tty.c tty: N_TTY SIGIO only works for read 2009-01-02 10:19:40 -08:00
nozomi.c tty: kref nozomi 2009-01-02 10:19:40 -08:00
nsc_gpio.c
nvram.c [PATCH] nvram - convert PRINT_PROC to seq_file 2008-11-11 09:56:00 +00:00
nwbutton.c
nwbutton.h
nwflash.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
pc8736x_gpio.c pc8736x_gpio: add support for PC87365 chips 2008-10-20 08:52:40 -07:00
ppdev.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
ps3flash.c powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/char 2009-01-16 16:15:14 +11:00
pty.c pty: Fix documentation 2009-01-12 16:37:00 -08:00
random.c Avoid ICE in get_random_int() with gcc-3.4.5 2009-05-19 11:25:35 -07:00
raw.c Add a missing unlock_kernel() in raw_open() 2009-03-27 10:59:09 -06:00
riscom8_reg.h
riscom8.c riscom8: Auto-load riscom8 module when device opened. 2009-04-06 14:36:31 -07:00
riscom8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
rocket_int.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rocket.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
rocket.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rtc.c RTC: Remove the BKL. 2009-01-08 16:44:03 -07:00
scc.h m68k: atari - Rename "mfp" to "st_mfp" 2009-02-22 09:23:02 -08:00
scx200_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
selection.c Fix memory corruption in console selection 2009-01-31 15:51:31 -08:00
ser_a2232.c m68k: ser_a2232 - Kill warn_unused_result warnings 2009-01-12 20:56:39 +01:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
snsc_event.c byteorder: don't directly include linux/byteorder/generic.h 2008-05-16 12:01:45 -07:00
snsc.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
snsc.h
sonypi.c Rationalize fasync return values 2009-03-16 08:34:35 -06:00
specialix_io8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
specialix.c specialix: Auto-load specialix module when device opened. 2009-04-06 14:36:31 -07:00
stallion.c proc tty: switch stallion to ->proc_fops 2009-04-01 08:59:09 -07:00
sx.c sx.c: avoid referencing freed memory if copy_from_user() fails 2009-02-20 17:57:49 -08:00
sx.h
sxboards.h
sxwindow.h
synclink_gt.c synclink_gt: add clock options 2009-04-02 19:05:01 -07:00
synclink.c proc tty: switch synclink to ->proc_fops 2009-04-01 08:59:09 -07:00
synclinkmp.c proc tty: switch synclinkmp to ->proc_fops 2009-04-01 08:59:09 -07:00
sysrq.c sysrq, intel_fb: fix sysrq g collision 2009-05-15 07:56:24 -05:00
tb0219.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
tlclk.c tlckl: BKL pushdown 2008-06-20 14:05:51 -06:00
toshiba.c
tty_audit.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_buffer.c tty: split the buffering from tty_io 2008-10-13 09:51:40 -07:00
tty_io.c pids: kill signal_struct-> __pgrp/__session and friends 2009-04-02 19:05:02 -07:00
tty_ioctl.c tty: Fix race in the flush for some ldiscs 2009-01-15 12:48:35 -08:00
tty_ldisc.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_port.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
vc_screen.c vcs: hook sysfs devices into object lifetime instead of "binding" 2009-03-24 16:38:26 -07:00
viotape.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
virtio_console.c virtio_console: support console resizing 2008-12-30 09:26:10 +10:30
vme_scc.c m68k: vme_scc - Kill warn_unused_result warnings 2009-01-12 20:56:38 +01:00
vr41xx_giu.c drivers/char: use nr_irqs 2008-10-16 16:52:05 +02:00
vt_ioctl.c vt: Add a note on the historical abuse of CLOCK_TICK_RATE 2009-05-06 14:47:13 -07:00
vt.c Revert "console ASCII glyph 1:1 mapping" 2009-04-19 10:51:40 -07:00