aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Peterson <dsp@llnl.gov>2006-04-19 01:20:44 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-04-19 12:13:50 -0400
commit013159227b840dfd441bd2e4c8b4d77ffb3cc42e (patch)
tree15bd8349b4a105efc75c77dcd0c1a579ecd87ab4
parent97c2c9b84d0c1edf4926b13661d5af3f0edccbce (diff)
[PATCH] mm: fix mm_struct reference counting bugs in mm/oom_kill.c
Fix oom_kill_task() so it doesn't call mmput() (which may sleep) while holding tasklist_lock. Signed-off-by: David S. Peterson <dsp@llnl.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/oom_kill.c45
1 files changed, 23 insertions, 22 deletions
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 9a643c4bf77c..042e6436c3ee 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -254,17 +254,24 @@ static void __oom_kill_task(task_t *p, const char *message)
254 force_sig(SIGKILL, p); 254 force_sig(SIGKILL, p);
255} 255}
256 256
257static struct mm_struct *oom_kill_task(task_t *p, const char *message) 257static int oom_kill_task(task_t *p, const char *message)
258{ 258{
259 struct mm_struct *mm = get_task_mm(p); 259 struct mm_struct *mm;
260 task_t * g, * q; 260 task_t * g, * q;
261 261
262 if (!mm) 262 mm = p->mm;
263 return NULL; 263
264 if (mm == &init_mm) { 264 /* WARNING: mm may not be dereferenced since we did not obtain its
265 mmput(mm); 265 * value from get_task_mm(p). This is OK since all we need to do is
266 return NULL; 266 * compare mm to q->mm below.
267 } 267 *
268 * Furthermore, even if mm contains a non-NULL value, p->mm may
269 * change to NULL at any time since we do not hold task_lock(p).
270 * However, this is of no concern to us.
271 */
272
273 if (mm == NULL || mm == &init_mm)
274 return 1;
268 275
269 __oom_kill_task(p, message); 276 __oom_kill_task(p, message);
270 /* 277 /*
@@ -276,13 +283,12 @@ static struct mm_struct *oom_kill_task(task_t *p, const char *message)
276 __oom_kill_task(q, message); 283 __oom_kill_task(q, message);
277 while_each_thread(g, q); 284 while_each_thread(g, q);
278 285
279 return mm; 286 return 0;
280} 287}
281 288
282static struct mm_struct *oom_kill_process(struct task_struct *p, 289static int oom_kill_process(struct task_struct *p, unsigned long points,
283 unsigned long points, const char *message) 290 const char *message)
284{ 291{
285 struct mm_struct *mm;
286 struct task_struct *c; 292 struct task_struct *c;
287 struct list_head *tsk; 293 struct list_head *tsk;
288 294
@@ -293,9 +299,8 @@ static struct mm_struct *oom_kill_process(struct task_struct *p,
293 c = list_entry(tsk, struct task_struct, sibling); 299 c = list_entry(tsk, struct task_struct, sibling);
294 if (c->mm == p->mm) 300 if (c->mm == p->mm)
295 continue; 301 continue;
296 mm = oom_kill_task(c, message); 302 if (!oom_kill_task(c, message))
297 if (mm) 303 return 0;
298 return mm;
299 } 304 }
300 return oom_kill_task(p, message); 305 return oom_kill_task(p, message);
301} 306}
@@ -310,7 +315,6 @@ static struct mm_struct *oom_kill_process(struct task_struct *p,
310 */ 315 */
311void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order) 316void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
312{ 317{
313 struct mm_struct *mm = NULL;
314 task_t *p; 318 task_t *p;
315 unsigned long points = 0; 319 unsigned long points = 0;
316 320
@@ -330,12 +334,12 @@ void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask, int order)
330 */ 334 */
331 switch (constrained_alloc(zonelist, gfp_mask)) { 335 switch (constrained_alloc(zonelist, gfp_mask)) {
332 case CONSTRAINT_MEMORY_POLICY: 336 case CONSTRAINT_MEMORY_POLICY:
333 mm = oom_kill_process(current, points, 337 oom_kill_process(current, points,
334 "No available memory (MPOL_BIND)"); 338 "No available memory (MPOL_BIND)");
335 break; 339 break;
336 340
337 case CONSTRAINT_CPUSET: 341 case CONSTRAINT_CPUSET:
338 mm = oom_kill_process(current, points, 342 oom_kill_process(current, points,
339 "No available memory in cpuset"); 343 "No available memory in cpuset");
340 break; 344 break;
341 345
@@ -357,8 +361,7 @@ retry:
357 panic("Out of memory and no killable processes...\n"); 361 panic("Out of memory and no killable processes...\n");
358 } 362 }
359 363
360 mm = oom_kill_process(p, points, "Out of memory"); 364 if (oom_kill_process(p, points, "Out of memory"))
361 if (!mm)
362 goto retry; 365 goto retry;
363 366
364 break; 367 break;
@@ -367,8 +370,6 @@ retry:
367out: 370out:
368 read_unlock(&tasklist_lock); 371 read_unlock(&tasklist_lock);
369 cpuset_unlock(); 372 cpuset_unlock();
370 if (mm)
371 mmput(mm);
372 373
373 /* 374 /*
374 * Give "p" a good chance of killing itself before we 375 * Give "p" a good chance of killing itself before we