From: Michal Hocko <mhocko@kernel.org>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: David Rientjes <rientjes@google.com>, Tejun Heo <tj@kernel.org>,
Roman Gushchin <guro@fb.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mm,page_alloc: PF_WQ_WORKER threads must sleep at should_reclaim_retry().
Date: Wed, 5 Sep 2018 15:40:38 +0200 [thread overview]
Message-ID: <20180905134038.GE14951@dhcp22.suse.cz> (raw)
In-Reply-To: <195a512f-aecc-f8cf-f409-6c42ee924a8c@i-love.sakura.ne.jp>
On Wed 05-09-18 22:20:58, Tetsuo Handa wrote:
> On 2018/08/24 9:31, Tetsuo Handa wrote:
> > For now, I don't think we need to add af5679fbc669f31f to the list for
> > CVE-2016-10723, for af5679fbc669f31f might cause premature next OOM victim
> > selection (especially with CONFIG_PREEMPT=y kernels) due to
> >
> > __alloc_pages_may_oom(): oom_reap_task():
> >
> > mutex_trylock(&oom_lock) succeeds.
> > get_page_from_freelist() fails.
> > Preempted to other process.
> > oom_reap_task_mm() succeeds.
> > Sets MMF_OOM_SKIP.
> > Returned from preemption.
> > Finds that MMF_OOM_SKIP was already set.
> > Selects next OOM victim and kills it.
> > mutex_unlock(&oom_lock) is called.
> >
> > race window like described as
> >
> > Tetsuo was arguing that at least MMF_OOM_SKIP should be set under the lock
> > to prevent from races when the page allocator didn't manage to get the
> > freed (reaped) memory in __alloc_pages_may_oom but it sees the flag later
> > on and move on to another victim. Although this is possible in principle
> > let's wait for it to actually happen in real life before we make the
> > locking more complex again.
> >
> > in that commit.
> >
>
> Yes, that race window is real. We can needlessly select next OOM victim.
> I think that af5679fbc669f31f was too optimistic.
Changelog said
"Although this is possible in principle let's wait for it to actually
happen in real life before we make the locking more complex again."
So what is the real life workload that hits it? The log you have pasted
below doesn't tell much.
> [ 278.147280] Out of memory: Kill process 9943 (a.out) score 919 or sacrifice child
> [ 278.148927] Killed process 9943 (a.out) total-vm:4267252kB, anon-rss:3430056kB, file-rss:0kB, shmem-rss:0kB
> [ 278.151586] vmtoolsd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0
[...]
> [ 278.331527] Out of memory: Kill process 8790 (firewalld) score 5 or sacrifice child
> [ 278.333267] Killed process 8790 (firewalld) total-vm:358012kB, anon-rss:21928kB, file-rss:0kB, shmem-rss:0kB
> [ 278.336430] oom_reaper: reaped process 8790 (firewalld), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2018-09-05 13:40 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-26 11:06 Tetsuo Handa
2018-07-26 11:39 ` Michal Hocko
2018-07-27 15:47 ` Tetsuo Handa
2018-07-30 9:32 ` Michal Hocko
2018-07-30 14:34 ` Tetsuo Handa
2018-07-30 14:46 ` Michal Hocko
2018-07-30 14:54 ` Tejun Heo
2018-07-30 15:25 ` Tetsuo Handa
2018-07-30 15:44 ` Tejun Heo
2018-07-30 18:51 ` Michal Hocko
2018-07-30 19:10 ` Michal Hocko
2018-07-30 21:01 ` Tetsuo Handa
2018-07-31 5:09 ` Michal Hocko
2018-07-31 10:47 ` Tetsuo Handa
2018-07-31 11:15 ` Michal Hocko
2018-07-31 11:30 ` Tetsuo Handa
2018-07-31 11:55 ` Michal Hocko
2018-08-02 22:05 ` Tetsuo Handa
2018-08-03 6:16 ` Michal Hocko
2018-08-21 21:07 ` Tetsuo Handa
2018-08-22 7:32 ` Michal Hocko
2018-08-23 20:06 ` David Rientjes
2018-08-23 21:00 ` Tetsuo Handa
2018-08-23 22:45 ` David Rientjes
2018-08-24 0:31 ` Tetsuo Handa
2018-09-05 13:20 ` Tetsuo Handa
2018-09-05 13:40 ` Michal Hocko [this message]
2018-09-05 13:53 ` Tetsuo Handa
2018-09-05 14:04 ` Michal Hocko
2018-09-06 1:00 ` Tetsuo Handa
2018-09-06 5:57 ` Michal Hocko
2018-09-06 6:22 ` Tetsuo Handa
2018-09-06 7:03 ` Tetsuo Handa
2018-07-30 19:14 ` Tejun Heo
2018-08-27 13:51 Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180905134038.GE14951@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rientjes@google.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vdavydov.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox