-
David Rientjes authored
On Tue, 10 Nov 2009, akpm@linux-foundation.org wrote: > diff -puN mm/oom_kill.c~oom-kill-show-virtual-size-and-rss-information-of-the-killed-process mm/oom_kill.c > --- a/mm/oom_kill.c~oom-kill-show-virtual-size-and-rss-information-of-the-killed-process > +++ a/mm/oom_kill.c > @@ -352,6 +352,8 @@ static void dump_header(gfp_t gfp_mask, > dump_tasks(mem); > } > > +#define K(x) ((x) << (PAGE_SHIFT-10)) > + > /* > * Send SIGKILL to the selected process irrespective of CAP_SYS_RAW_IO > * flag though it's unlikely that we select a process with CAP_SYS_RAW_IO > @@ -371,9 +373,16 @@ static void __oom_kill_task(struct task_ > return; > } > > - if (verbose) > - printk(KERN_ERR "Killed process %d (%s)\n", > - task_pid_nr(p), p->comm); > + if (verbose) { > + task_lock(p); > + printk(KERN_ERR "Killed process %d (%s) " > + "vsz:%lukB, anon-rss:%lukB, file-rss:%lukB\n", > + task_pid_nr(p), p->comm, > + K(p->mm->total_vm), > + K(get_mm_counter(p->mm, anon_rss)), > + K(get_mm_counter(p->mm, file_rss))); > + task_unlock(p); > + } > > /* > * We give our sacrificial lamb high priority and access to There's a race there which can dereference a NULL p->mm. p->mm is protected by task_lock(), but there's no check added here that ensures p->mm is still valid. The previous check for !p->mm in __oom_kill_task() is not protected by task_lock(), so there's a race: select_bad_process() oom_kill_process(p) do_exit() exit_signals(p) /* PF_EXITING */ oom_kill_task(p) __oom_kill_task(p) exit_mm(p) task_lock(p) p->mm = NULL task_unlock(p) printk() of p->mm->total_vm Please merge this as a fix. Signed-off-by:
David Rientjes <rientjes@google.com> Reviewed-by:
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org>
4b608023
