Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp31538pxb; Tue, 12 Apr 2022 15:59:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmFzys9KVvBRAtoKCrl9otGL3RB2ak2TZosg7LsNnMcOudtbDgnbLslV+mzPYo+T7JPAcy X-Received: by 2002:a17:902:8e82:b0:151:6f68:7088 with SMTP id bg2-20020a1709028e8200b001516f687088mr40803103plb.11.1649804377129; Tue, 12 Apr 2022 15:59:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649804377; cv=none; d=google.com; s=arc-20160816; b=UN2ilR/s7FRZV3Z8DjIbOqVOyofgSZhR3ICpKO4xpYOVWENqiRNLRRdiql/AJ/ntR8 NK1tPL3/hm9jySYjvE8pgmmXGEWTDi/niKa+aIeMPXnpXkpW5UhQ51DRFqH1uJRWkWL+ 7cpmh12fvXTL/Zwi+HttwnuRR0SvYWd2RweupXGkMQug0mWR2JCHNiGuIIF0L5ibJYqE I1hG9AdBDhyiK3Gbyyf3T22AmkXZk/2MTjBYpNE9oFaCYATsJNuOjpy5ODHSa5zNJofe u5jPFfaOHE+8eflL2zREFc0a8IOWAuU5EDHGzkfzrNBHL8EpH289m9frGL8w/jynniX9 HU6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=aJnqd5OLUuO1wuqKum2XiCzy6QcFrih6opRw+UalRwo=; b=Rqb0vChlTuga8owgmol7FCdhX3U8gjiBKs2XWwR5oPGgBdnWqntAesI58lMXJSDvSY Hi/zVZ1Tb54GpMYubsuM7H1yJ2JbjwF0ObJGYcnxPeLd8w5QcYm7mvFGkSVnxEViK4ed nZnfaxNxE2tziyqbu/T4Hsbi2iJ18NCDw/xyo8rPcxgP5bPv79LK65I8SBd2GDT/Ss/d fFicKr2OsP2/mpg77VuAOQBpZ4XrHWA6GYW5Pwaxj4CJY0JSj0/K5bRGaMwDgu0EnZx5 d7mnCGY4Be/2TllVQmaKLZhYkh7YGf8VBi75T8nKcv73D/8j+R1YaMErJCsMczDISRmL gypA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KOVyBbQy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id b2-20020a170902b60200b00153b2d164cbsi13792660pls.211.2022.04.12.15.59.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 15:59:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KOVyBbQy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1C862125294; Tue, 12 Apr 2022 14:41:21 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240254AbiDLRFf (ORCPT + 99 others); Tue, 12 Apr 2022 13:05:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232561AbiDLRFe (ORCPT ); Tue, 12 Apr 2022 13:05:34 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C3CD860055 for ; Tue, 12 Apr 2022 10:03:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1649782994; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aJnqd5OLUuO1wuqKum2XiCzy6QcFrih6opRw+UalRwo=; b=KOVyBbQyRVfgfioAapBUsG7Gasx9e5VJXX36BfbrGdh7Njg5SACTftrcos+8vnFP4wbxeq TBrQgl+s20srBq6E6S//2CRwNIocgE/vp4TLyoxaBWGC3mAqFtEUv0N2oJwetMky8GBwCf JLdSOE8Li3S+/L829FF1jIoriP8lgUA= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-124-CUWgdZ7dMbOzoi92uRxYKA-1; Tue, 12 Apr 2022 13:03:13 -0400 X-MC-Unique: CUWgdZ7dMbOzoi92uRxYKA-1 Received: by mail-qk1-f198.google.com with SMTP id bi19-20020a05620a319300b0069c16295aabso4660267qkb.1 for ; Tue, 12 Apr 2022 10:03:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=aJnqd5OLUuO1wuqKum2XiCzy6QcFrih6opRw+UalRwo=; b=ZJ3cG0CtX792zLZEGcJYl+kxOuJAxm2byqne01KV40fLvBEGC8N6LH8wq8L8J0rYoR bmKPOYZWIZdouYT8g8Jo9VQbundSj/FIB48fjkaAAP1EswvZBIDsT+buqzPlKjSXtVc9 b4VRmFD7+u+e45QtdKyg+pknlXBG2mlYWGE0Hec00yogkrf/MwN0LYbQlOj/Isx7oHan kJHJfDiYdLFs+AYVikqpOthol1HlDkmGiBPSa4J7XFUMHtQUC2dCx3EXC/npgjwTZHaU 51eCt3FYjzedrNsMXpFGceR7rtfX3PTmR7zJ5BTKHJRW8eoMf0ZfHQm1ywBSjWkb7G7n qzPA== X-Gm-Message-State: AOAM532Jlv8SnrFgtUm1FdpkvG1CzIDL8aYrof/JWYy7t7i4aiT6Ksrv MrL6RJp46gyveTQtn2ziQcIQpj5CvR/rWI65Sp2tozFUq9ttlWbUVGIvAY5bTCrn98PRcZPh6Vg SgrNSatF4OxhqAgSvWBr5jj0/ X-Received: by 2002:a05:6214:20e6:b0:443:58b7:6f5e with SMTP id 6-20020a05621420e600b0044358b76f5emr31485078qvk.120.1649782992801; Tue, 12 Apr 2022 10:03:12 -0700 (PDT) X-Received: by 2002:a05:6214:20e6:b0:443:58b7:6f5e with SMTP id 6-20020a05621420e600b0044358b76f5emr31485038qvk.120.1649782992415; Tue, 12 Apr 2022 10:03:12 -0700 (PDT) Received: from [192.168.0.188] ([24.48.139.231]) by smtp.gmail.com with ESMTPSA id c134-20020ae9ed8c000000b0069bf8f9cfb2sm6474764qkg.118.2022.04.12.10.03.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 Apr 2022 10:03:11 -0700 (PDT) Message-ID: Date: Tue, 12 Apr 2022 13:03:09 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH v8] oom_kill.c: futex: Don't OOM reap the VMA containing the robust_list_head Content-Language: en-US To: Thomas Gleixner , Peter Zijlstra Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Rafael Aquini , Waiman Long , Baoquan He , Christoph von Recklinghausen , Don Dutile , "Herton R . Krzesinski" , David Rientjes , Michal Hocko , Andrea Arcangeli , Andrew Morton , Davidlohr Bueso , Ingo Molnar , Joel Savitz , Darren Hart , stable@kernel.org References: <20220408032809.3696798-1-npache@redhat.com> <20220408081549.GM2731@worktop.programming.kicks-ass.net> <87k0bzk7e5.ffs@tglx> <1a7944c7-d717-d5af-f71d-92326f7bb7f6@redhat.com> <87h76yff3b.ffs@tglx> From: Nico Pache In-Reply-To: <87h76yff3b.ffs@tglx> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/12/22 12:20, Thomas Gleixner wrote: > On Mon, Apr 11 2022 at 19:51, Nico Pache wrote: >> On 4/8/22 09:54, Thomas Gleixner wrote: >>> The below reproduces the problem nicely, i.e. the lock() in the parent >>> times out. So why would the OOM killer fail to cause the same problem >>> when it reaps the private anon mapping where the private futex sits? >>> >>> If you revert the lock order in the child the robust muck works. >> >> Thanks for the reproducer Thomas :) >> >> I think I need to re-up my knowledge around COW and how it effects >> that stack. There are increased oddities when you add the pthread >> library that I cant fully wrap my head around at the moment. > > The pthread library functions are just conveniance so I did not have to > hand code the futex and robust list handling. > >> My confusion lies in how the parent/child share a robust list here, but they >> obviously do. In my mind the mut_s would be different in the child/parent after >> the fork and pthread_mutex_init (and friends) are done in the child. > > They don't share a robust list, each thread has it's own. > > The shared mutex mut_s is initialized in the parent before fork and it's > the same address in the child and it's not COWed because the mapping is > MAP_SHARED. > > The child allocates private memory and initializes the private mutex in > that private mapping. > > So now child does: > > pthread_mutex_lock(mut_s); > > That's the mutex in the memory shared with the parent. After that the > childs robusts list head points to mut_s::robust_list. > > Now it does: > > pthread_mutex_lock(mut_p); > > after that the childs robust list head points to mut_p::robust_list and > mut_p::robust_list points to mut_s::robust_list. > > So now the child unmaps the private memory and exists. > > The kernel tries to walk the robust list pointer and faults when trying > to access mut_p. End of walk and mut_s stays locked. > > So now think about the OOM case. The killed process has a shared mapping > with some other unrelated process (file, shmem) where mut_p sits. > > It gets killed after: > pthread_mutex_lock(mut_s); > pthread_mutex_lock(mut_p); > > So the OOM reaper rips the VMA which contains mut_p and therefore breaks > the chain which is necessary to reach mut_p. > > See? Yes, thank you for the detailed explanation, the missing piece just clicked in my head :) Cheers, -- Nico > > Thanks, > > tglx > > >