From patchwork Mon Nov 6 03:36:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wang Nan X-Patchwork-Id: 118000 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp2321623qgn; Sun, 5 Nov 2017 19:38:00 -0800 (PST) X-Google-Smtp-Source: ABhQp+S6g22/8ZKHSEWg2nhnsABrUA0E5FO2fhmupyBmm/QDo8l8GsWo1zNYYKloW0LA4ILZmtUw X-Received: by 10.101.80.10 with SMTP id f10mr14130999pgo.408.1509939479916; Sun, 05 Nov 2017 19:37:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1509939479; cv=none; d=google.com; s=arc-20160816; b=Jim8YGYYihQVHWnypyEIx4NDRQWtkQHtNvu87v1/Yz8VhJRTXHCj/ABM+2Kx4iQpUL 1dFOYmuo55PZnHOxMarrLR6QBNYJ0/DqNyGSPDWqvF1vQ9HdXOxAn4oMrrd86UFplnna n0fd+KZb6oslPE7c1qM7LuEAwxyFuWhVgkOAz4Ue7zFWoulHh/cI9khSENrtJwPX4+vx 9dIgTfYVI41dMr7xc0ENjGSucAOyv5Kn7vUYApoRAsRfXZ0bzaOKwEOvcNNS6OCGKFfU z65+5wczqXyen33QPGFKu8YFVRK2ycNycIQDVzCwPhCYPQy1KZfFOwiDpucXnlR5OW3a l/4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=mEKEPwTLluZn/4eDB+PPA/wuEJydu0kTrB/yxw/RnKI=; b=NLnm6clQi2X7DaWklCgjYjSGaQqJndcpXF5w5qu7+t4kceS0Su2muIpMB51FQ9shbr JO1xb4zoiEPNNxM4XelloObIaeII8RhzMzve2af0pFNUELr45JaHrgmaHq3KtYUn1Gi2 XUO8pny1XBp9n0FURLkY/OU9qLxLi6owPzmMj8zV5bs4sw8BmMnhYncCl5fgHrQ844xk mjHePo2hOlv8v+OaaKdm6Zh8MqbSSZqwOHMHAOnlfzIMrpG44AuaAz8r265yLILVAakz GaJQd4UheOBliq5gqpHF9B/T58yLeWijfX3TU5vYfPy2CnhTYGrVRTvjMYA6lRyuLv+o /acA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q13si10583885pgr.170.2017.11.05.19.37.59; Sun, 05 Nov 2017 19:37:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751603AbdKFDh5 (ORCPT + 26 others); Sun, 5 Nov 2017 22:37:57 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:46566 "EHLO huawei.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1750817AbdKFDh4 (ORCPT ); Sun, 5 Nov 2017 22:37:56 -0500 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id AD30FC483D693; Mon, 6 Nov 2017 11:37:43 +0800 (CST) Received: from linux-4hy3.site (10.107.193.248) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.361.1; Mon, 6 Nov 2017 11:37:30 +0800 From: Wang Nan To: , CC: Wang Nan , Bob Liu , Michal Hocko , Andrew Morton , David Rientjes , Ingo Molnar , Roman Gushchin , Konstantin Khlebnikov , "Andrea Arcangeli" Subject: [RFC PATCH] mm, oom_reaper: gather each vma to prevent leaking TLB entry Date: Mon, 6 Nov 2017 03:36:51 +0000 Message-ID: <20171106033651.172368-1-wangnan0@huawei.com> X-Mailer: git-send-email 2.10.1 MIME-Version: 1.0 X-Originating-IP: [10.107.193.248] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org tlb_gather_mmu(&tlb, mm, 0, -1) means gathering all virtual memory space. In this case, tlb->fullmm is true. Some archs like arm64 doesn't flush TLB when tlb->fullmm is true: commit 5a7862e83000 ("arm64: tlbflush: avoid flushing when fullmm == 1"). Which makes leaking of tlb entries. For example, when oom_reaper selects a task and reaps its virtual memory space, another thread in this task group may still running on another core and access these already freed memory through tlb entries. This patch gather each vma instead of gathering full vm space, tlb->fullmm is not true. The behavior of oom reaper become similar to munmapping before do_exit, which should be safe for all archs. Signed-off-by: Wang Nan Cc: Bob Liu Cc: Michal Hocko Cc: Andrew Morton Cc: Michal Hocko Cc: David Rientjes Cc: Ingo Molnar Cc: Roman Gushchin Cc: Konstantin Khlebnikov Cc: Andrea Arcangeli --- mm/oom_kill.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.10.1 diff --git a/mm/oom_kill.c b/mm/oom_kill.c index dee0f75..18c5b35 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -532,7 +532,6 @@ static bool __oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) */ set_bit(MMF_UNSTABLE, &mm->flags); - tlb_gather_mmu(&tlb, mm, 0, -1); for (vma = mm->mmap ; vma; vma = vma->vm_next) { if (!can_madv_dontneed_vma(vma)) continue; @@ -547,11 +546,13 @@ static bool __oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) * we do not want to block exit_mmap by keeping mm ref * count elevated without a good reason. */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + tlb_gather_mmu(&tlb, mm, vma->vm_start, vma->vm_end); unmap_page_range(&tlb, vma, vma->vm_start, vma->vm_end, NULL); + tlb_finish_mmu(&tlb, vma->vm_start, vma->vm_end); + } } - tlb_finish_mmu(&tlb, 0, -1); pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)),