Commit 855b0183 authored by Michal Hocko's avatar Michal Hocko Committed by Linus Torvalds
oom, oom_reaper: disable oom_reaper for oom_kill_allocating_task

Tetsuo has reported that oom_kill_allocating_task=1 will cause
oom_reaper_list corruption because oom_kill_process doesn't follow
standard OOM exclusion (aka ignores TIF_MEMDIE) and allows to enqueue
the same task multiple times - e.g.  by sacrificing the same child
multiple times.

This patch fixes the issue by introducing a new MMF_OOM_KILLED mm flag
which is set in oom_kill_process atomically and oom reaper is disabled
if the flag was already set.

Signed-off-by: default avatarMichal Hocko <>
Reported-by: default avatarTetsuo Handa <>
Cc: David Rientjes <>
Cc: Mel Gorman <>
Cc: Oleg Nesterov <>
Cc: Hugh Dickins <>
Cc: Rik van Riel <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 03049269
......@@ -512,6 +512,8 @@ static inline int get_dumpable(struct mm_struct *mm)
#define MMF_HAS_UPROBES 19 /* has uprobes */
#define MMF_RECALC_UPROBES 20 /* MMF_HAS_UPROBES can be wrong */
#define MMF_OOM_KILLED 21 /* OOM killer has chosen this mm */
struct sighand_struct {
......@@ -680,7 +680,7 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p,
unsigned int victim_points = 0;
bool can_oom_reap = true;
bool can_oom_reap;
* If the task is already exiting, don't alarm the sysadmin or kill
......@@ -742,6 +742,10 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p,
/* Get a reference to safely compare mm after task_unlock(victim) */
mm = victim->mm;
/* Make sure we do not try to oom reap the mm multiple times */
can_oom_reap = !test_and_set_bit(MMF_OOM_KILLED, &mm->flags);
* We should send SIGKILL before setting TIF_MEMDIE in order to prevent
* the OOM victim from depleting the memory reserves from the user
