diff options
author | Alexey Dobriyan <adobriyan@sw.ru> | 2007-05-08 03:26:46 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-05-08 14:15:04 -0400 |
commit | 19c5d45a09312ca20cd1f9df3fd1a87fe0cb8aac (patch) | |
tree | de228e847ea4846e77cd64b35ca74eb5daa3d242 /fs/proc/base.c | |
parent | 72c1bbf308c75a136803d2d76d0e18258be14c7a (diff) |
/proc/*/oom_score oops re badness
Eternal quest to make
while true; do cat /proc/fs/xfs/stat >/dev/null 2>/dev/null; done
while true; do find /proc -type f 2>/dev/null | xargs cat >/dev/null 2>/dev/null; done
while true; do modprobe xfs; rmmod xfs; done
work reliably continues and now kernel oopses in the following way:
BUG: unable to handle ... at virtual address 6b6b6b6b
EIP is at badness
process: cat
proc_oom_score
proc_info_read
sys_fstat64
vfs_read
proc_info_read
sys_read
Failing code is prefetch hidden in list_for_each_entry() in badness().
badness() is reachable from two points. One is proc_oom_score, another
is out_of_memory() => select_bad_process() => badness().
Second path grabs tasklist_lock, while first doesn't.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/proc/base.c')
-rw-r--r-- | fs/proc/base.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 0697fd089de..ab1b439923e 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -314,7 +314,9 @@ static int proc_oom_score(struct task_struct *task, char *buffer) | |||
314 | struct timespec uptime; | 314 | struct timespec uptime; |
315 | 315 | ||
316 | do_posix_clock_monotonic_gettime(&uptime); | 316 | do_posix_clock_monotonic_gettime(&uptime); |
317 | read_lock(&tasklist_lock); | ||
317 | points = badness(task, uptime.tv_sec); | 318 | points = badness(task, uptime.tv_sec); |
319 | read_unlock(&tasklist_lock); | ||
318 | return sprintf(buffer, "%lu\n", points); | 320 | return sprintf(buffer, "%lu\n", points); |
319 | } | 321 | } |
320 | 322 | ||