mm: optimize the redundant loop of mm_update_owner_next()

commit cf3f9a593dab87a032d2b6a6fb205e7f3de4f0a1 upstream.

When mm_update_owner_next() is racing with swapoff (try_to_unuse()) or
/proc or ptrace or page migration (get_task_mm()), it is impossible to
find an appropriate task_struct in the loop whose mm_struct is the same as
the target mm_struct.

If the above race condition is combined with the stress-ng-zombie and
stress-ng-dup tests, such a long loop can easily cause a Hard Lockup in
write_lock_irq() for tasklist_lock.

Recognize this situation in advance and exit early.

Link: https://lkml.kernel.org/r/20240620122123.3877432-1-alexjlzheng@tencent.com
Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Mateusz Guzik <mjguzik@gmail.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Tycho Andersen <tandersen@netflix.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/exit.c b/kernel/exit.c
index 41a12630cbbc9cd80b6b5a154041c514b46ad3fe..2b9ef8abff79d530b3572ca26799b2bced5b1cc3 100644 (file)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -488,6 +488,8 @@ retry:
         * Search through everything else, we should not get here often.
         */
        for_each_process(g) {
+               if (atomic_read(&mm->mm_users) <= 1)
+                       break;
                if (g->flags & PF_KTHREAD)
                        continue;
                for_each_thread(g, c) {