DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=Received:Message-ID:Date:From:User-Agent:X-Accept-Language:MIME-Version:To:CC:Subject:X-Enigmail-Version:X-Enigmail-Supports:Content-Type:Content-Transfer-Encoding;
  b=FnGq+79qgSZ5exHguoeLyabxqlRsXN6x02vlvaIxabyrNJZR/aLPT0q7luskrEl2a3tcfemh8vlwf+z5ftxKciicwNCtJ7PemTf9HkBvyIgrrHinCXfHJZ6mKo/NccJJFni4a1Gx9iYX/jvE7AEQ+xPIMJ5yT4fxj15FWLViUHE=  ;
Message-ID: <43176820.5060609@yahoo.co.uk>
Date: Thu, 01 Sep 2005 21:44:16 +0100
From: Richard Hayden <rahaydenuk@yahoo.co.uk>
User-Agent: Mozilla Thunderbird 1.0 (X11/20050228)
MIME-Version: 1.0
To: linux-kernel@vger.kernel.org
CC: coywolf@gmail.com
Subject: A couple of OOM killer races
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1126
Lines: 29

Hi all,

It appears there is no protection in badness() (called by 
out_of_memory() for each process) when it reads p->mm->total_vm. Another 
processor (or a kernel preemption) could presumably run do_exit and then 
exit_mm, freeing the process in question's reference to its mm just 
after the (!p->mm) check but before it reads p->mm->total_vm, making the 
latter reference a null pointer reference.

Also there appears to be no protection when we set p->time_slice in 
__oom_kill_task(). Am I right in thinking that this field should be 
protected by the appropriate runqueue lock, at least this is what 
scheduler_tick() seems to use?

Have I missed anything?

Best regards,

Richard Hayden.

		
___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/