From patchwork Fri May 27 08:00:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 102304 Delivered-To: patch@linaro.org Received: by 10.140.92.199 with SMTP id b65csp806581qge; Fri, 27 May 2016 01:01:46 -0700 (PDT) X-Received: by 10.98.152.142 with SMTP id d14mr20429966pfk.105.1464336105935; Fri, 27 May 2016 01:01:45 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w5si12716900pfj.174.2016.05.27.01.01.45; Fri, 27 May 2016 01:01:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932721AbcE0IBm (ORCPT + 30 others); Fri, 27 May 2016 04:01:42 -0400 Received: from mout.kundenserver.de ([212.227.126.133]:57855 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932338AbcE0IBk (ORCPT ); Fri, 27 May 2016 04:01:40 -0400 Received: from wuerfel.lan. ([78.42.132.4]) by mrelayeu.kundenserver.de (mreue002) with ESMTPA (Nemesis) id 0LpTKI-1bhzR50vRe-00fO7v; Fri, 27 May 2016 10:01:17 +0200 From: Arnd Bergmann To: Andrew Morton , Michal Hocko Cc: Arnd Bergmann , David Rientjes , Tetsuo Handa , Johannes Weiner , Oleg Nesterov , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] oom_reaper: don't call mmput_async() on uninitialized mm Date: Fri, 27 May 2016 10:00:48 +0200 Message-Id: <1464336081-994232-1-git-send-email-arnd@arndb.de> X-Mailer: git-send-email 2.7.0 X-Provags-ID: V03:K0:UYxJCEFMwU8rqdS85Jj5VVDdXlx4njrp0woj5BNEO7X+WrsLjxE CnsYbW0VV3n5ikk4GFx0rvSvDzCfbTFFu8lNGKHY7pmmP/V2+Hx4lSX9HCOR0KlVgrWh1kD 6mr7FYZpmcpFdM/Kvt7U1Wym7vGGI19JdKBmFaI36x7yX/eh425NbeN3T2RHi1ktCfJomkN dMR71ge0dAvmbeIW4XSfA== X-UI-Out-Filterresults: notjunk:1; V01:K0:WS6KBwaRJmc=:bumpE59XcMDgKkptpVt9rx qsg95vJ60iTmlGKtyRf+ZnpPkYxm5olGKhVXpH2G4e4tnkW6HGe9El4yEiWvW1rySHtepg3iw eIqLp2Ja1BV+yTv9R/XV2xaVvYaB/6w2CDIxv11XKoUBRKvriEdCAY0x/m3KHW/AaLpS5ZvdX 4LR6Fqti0QvDLU4AzoQeXvmvhAL8dlrBmy+EOpJJdbfxPtmIOR+OyqqaIoY7z8UmxTpM5GrwB bY0YQaMOPI1v3afCGub5ckYhRnCCm0jbc6dSxnPows+ALuiNKxSLTSMl0xfkCeUj6gQIY5jne dfMzN1UkUC218ngKoniKMNI8RtUvhEJOPsdsDSZubVhqTw8Lxn1M2eP6BTIMr+4GH6YLkMUTI k3pWjjbWCdeA7daRIC2p+w7GLBT6JAiCBBiYG3XMZtO4NeovOhEjswPBblQ+ZDLLEjJO8jgF1 WmXCNtQRr0B3AH1jpDE+B87iKvC9N0c+IJqCketwVecWRInI9bmeMHEx39Sp8UQTaVmogQRKL Ccb40USn26dMUdwO9rhCUljJD1YAP7Cbmnb5Q+at6Z3h2Cr8j/95Ddm8vWMcZJCkyQ70dHZ3T lCfviYy9xDgQSEo8FqVD86pgn1prVB4ym6v1BzlI0/CxEi8fcf7tkgY1hpVydMTDbxsSzCSlK nD0vjyuOY33qGW1i/vMtMDi8CvZTWyNiwNnVFDDQH3xZ/a2xMSMb+6fBrS76VtMbVEC+Mi32p 8EY8UcnpwQ7s3HOs Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The change to the oom_reaper to hold a mutex inside __oom_reap_task() accidentally started calling mmput_async() on the local mm before that variable got initialized, as reported by gcc in linux-next: mm/oom_kill.c: In function '__oom_reap_task': mm/oom_kill.c:537:2: error: 'mm' may be used uninitialized in this function [-Werror=maybe-uninitialized] This rearranges the code slightly back to the state before patch but leaves the lock in place. The error handling in the function still looks a bit confusing and could probably be improved but I could not come up with a solution that made me happy for now. Signed-off-by: Arnd Bergmann Fixes: mmotm ("oom_reaper: close race with exiting task") --- mm/oom_kill.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 2.7.0 diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 1685890d424e..255cb5f48019 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -447,7 +447,7 @@ static bool __oom_reap_task(struct task_struct *tsk) struct task_struct *p; struct zap_details details = {.check_swap_entries = true, .ignore_dirty = true}; - bool ret = true; + bool ret; /* * We have to make sure to not race with the victim exit path @@ -472,13 +472,16 @@ static bool __oom_reap_task(struct task_struct *tsk) * is no mm. */ p = find_lock_task_mm(tsk); - if (!p) - goto unlock_oom; + if (!p) { + mutex_unlock(&oom_lock); + return true; + } mm = p->mm; if (!atomic_inc_not_zero(&mm->mm_users)) { task_unlock(p); - goto unlock_oom; + mutex_unlock(&oom_lock); + return true; } task_unlock(p); @@ -527,6 +530,7 @@ static bool __oom_reap_task(struct task_struct *tsk) * to release its memory. */ set_bit(MMF_OOM_REAPED, &mm->flags); + ret = true; unlock_oom: mutex_unlock(&oom_lock); /*