[thirdparty/kernel/stable-queue.git] / releases / 3.0.1 / oom-task-mm-null-doesn-t-mean-the-memory-was-freed.patch

From c027a474a68065391c8773f6e83ed5412657e369 Mon Sep 17 00:00:00 2001
From: Oleg Nesterov <oleg@redhat.com>
Date: Sat, 30 Jul 2011 16:35:02 +0200
Subject: oom: task->mm == NULL doesn't mean the memory was freed

From: Oleg Nesterov <oleg@redhat.com>

commit c027a474a68065391c8773f6e83ed5412657e369 upstream.

exit_mm() sets ->mm == NULL then it does mmput()->exit_mmap() which
frees the memory.

However select_bad_process() checks ->mm != NULL before TIF_MEMDIE,
so it continues to kill other tasks even if we have the oom-killed
task freeing its memory.

Change select_bad_process() to check ->mm after TIF_MEMDIE, but skip
the tasks which have already passed exit_notify() to ensure a zombie
with TIF_MEMDIE set can't block oom-killer. Alternatively we could
probably clear TIF_MEMDIE after exit_mmap().

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 mm/oom_kill.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -303,7 +303,7 @@ static struct task_struct *select_bad_pr
 	do_each_thread(g, p) {
 		unsigned int points;
 
-		if (!p->mm)
+		if (p->exit_state)
 			continue;
 		if (oom_unkillable_task(p, mem, nodemask))
 			continue;
@@ -319,6 +319,8 @@ static struct task_struct *select_bad_pr
 		 */
 		if (test_tsk_thread_flag(p, TIF_MEMDIE))
 			return ERR_PTR(-1UL);
+		if (!p->mm)
+			continue;
 
 		if (p->flags & PF_EXITING) {
 			/*
Commit	Line	Data
d53dcc05 GKH	1	From c027a474a68065391c8773f6e83ed5412657e369 Mon Sep 17 00:00:00 2001
	2	From: Oleg Nesterov <oleg@redhat.com>
	3	Date: Sat, 30 Jul 2011 16:35:02 +0200
	4	Subject: oom: task->mm == NULL doesn't mean the memory was freed
	5
	6	From: Oleg Nesterov <oleg@redhat.com>
	7
	8	commit c027a474a68065391c8773f6e83ed5412657e369 upstream.
	9
	10	exit_mm() sets ->mm == NULL then it does mmput()->exit_mmap() which
	11	frees the memory.
	12
	13	However select_bad_process() checks ->mm != NULL before TIF_MEMDIE,
	14	so it continues to kill other tasks even if we have the oom-killed
	15	task freeing its memory.
	16
	17	Change select_bad_process() to check ->mm after TIF_MEMDIE, but skip
	18	the tasks which have already passed exit_notify() to ensure a zombie
	19	with TIF_MEMDIE set can't block oom-killer. Alternatively we could
	20	probably clear TIF_MEMDIE after exit_mmap().
	21
	22	Signed-off-by: Oleg Nesterov <oleg@redhat.com>
	23	Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
	24	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	25	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	26
	27	---
	28	mm/oom_kill.c \| 4 +++-
	29	1 file changed, 3 insertions(+), 1 deletion(-)
	30
	31	--- a/mm/oom_kill.c
	32	+++ b/mm/oom_kill.c
	33	@@ -303,7 +303,7 @@ static struct task_struct *select_bad_pr
	34	do_each_thread(g, p) {
	35	unsigned int points;
	36
	37	- if (!p->mm)
	38	+ if (p->exit_state)
	39	continue;
	40	if (oom_unkillable_task(p, mem, nodemask))
	41	continue;
	42	@@ -319,6 +319,8 @@ static struct task_struct *select_bad_pr
	43	*/
	44	if (test_tsk_thread_flag(p, TIF_MEMDIE))
	45	return ERR_PTR(-1UL);
	46	+ if (!p->mm)
	47	+ continue;
	48
	49	if (p->flags & PF_EXITING) {
	50	/*