From: Roman Gushchin <guro@fb.com>
To: Shakeel Butt <shakeelb@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@kernel.org>,
David Rientjes <rientjes@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH] mm, oom: fix use-after-free in oom_kill_process
Date: Sat, 19 Jan 2019 01:58:48 +0000 [thread overview]
Message-ID: <20190119015843.GB15935@castle.DHCP.thefacebook.com> (raw)
In-Reply-To: <20190119005022.61321-1-shakeelb@google.com>
Hi Shakeel!
>
> On looking further it seems like the process selected to be oom-killed
> has exited even before reaching read_lock(&tasklist_lock) in
> oom_kill_process(). More specifically the tsk->usage is 1 which is due
> to get_task_struct() in oom_evaluate_task() and the put_task_struct
> within for_each_thread() frees the tsk and for_each_thread() tries to
> access the tsk. The easiest fix is to do get/put across the
> for_each_thread() on the selected task.
Please, feel free to add
Reviewed-by: Roman Gushchin <guro@fb.com>
for this part.
>
> Now the next question is should we continue with the oom-kill as the
> previously selected task has exited? However before adding more
> complexity and heuristics, let's answer why we even look at the
> children of oom-kill selected task? The select_bad_process() has already
> selected the worst process in the system/memcg. Due to race, the
> selected process might not be the worst at the kill time but does that
> matter matter? The userspace can play with oom_score_adj to prefer
> children to be killed before the parent. I looked at the history but it
> seems like this is there before git history.
I'd totally support you in an attempt to remove this logic,
unless someone has a good example of its usefulness.
I believe it's a very old hack to select children over parents
in case they have the same oom badness (e.g. share most of the memory).
Maybe we can prefer older processes in case of equal oom badness,
and it will be enough.
Thanks!
next prev parent reply other threads:[~2019-01-19 1:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-19 0:50 Shakeel Butt
2019-01-19 0:50 ` Shakeel Butt
2019-01-19 1:58 ` Roman Gushchin [this message]
2019-01-20 20:20 ` Shakeel Butt
2019-01-20 20:20 ` Shakeel Butt
2019-01-19 3:35 ` Tetsuo Handa
2019-01-20 20:23 ` Shakeel Butt
2019-01-20 20:23 ` Shakeel Butt
2019-01-19 7:09 ` Michal Hocko
2019-01-20 20:24 ` Shakeel Butt
2019-01-20 20:24 ` Shakeel Butt
2019-01-21 9:19 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190119015843.GB15935@castle.DHCP.thefacebook.com \
--to=guro@fb.com \
--cc=akpm@linux-foundation.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rientjes@google.com \
--cc=shakeelb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox