rpms/kernel/F-11 linux-2.6-dev-zero-avoid-oom-lockup.patch, NONE, 1.1 kernel.spec, 1.1649, 1.1650

Chuck Ebbert cebbert at fedoraproject.org
Tue Jun 16 18:01:25 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19125

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-dev-zero-avoid-oom-lockup.patch 
Log Message:
Avoid lockup on OOM with /dev/zero

linux-2.6-dev-zero-avoid-oom-lockup.patch:

--- NEW FILE linux-2.6-dev-zero-avoid-oom-lockup.patch ---
From: Salman Qazi <sqazi at google.com>
Date: Thu, 4 Jun 2009 22:20:39 +0000 (-0700)
Subject: drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero
X-Git-Tag: v2.6.30~31
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=730c586ad5228c339949b2eb4e72b80ae167abc4

drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero

While running 20 parallel instances of dd as follows:

  #!/bin/bash
  for i in `seq 1 20`; do
           dd if=/dev/zero of=/export/hda3/dd_$i bs=1073741824 count=1 &
  done
  wait

on a 16G machine, we noticed that rather than just killing the processes,
the entire kernel went down.  Stracing dd reveals that it first does an
mmap2, which makes 1GB worth of zero page mappings.  Then it performs a
read on those pages from /dev/zero, and finally it performs a write.

The machine died during the reads.  Looking at the code, it was noticed
that /dev/zero's read operation had been changed by
557ed1fa2620dc119adb86b34c614e152a629a80 ("remove ZERO_PAGE") from giving
zero page mappings to actually zeroing the page.

The zeroing of the pages causes physical pages to be allocated to the
process.  But, when the process exhausts all the memory that it can, the
kernel cannot kill it, as it is still in the kernel mode allocating more
memory.  Consequently, the kernel eventually crashes.

To fix this, I propose that when a fatal signal is pending during
/dev/zero read operation, we simply return and let the user process die.

Signed-off-by: Salman Qazi <sqazi at google.com>
Cc: Nick Piggin <nickpiggin at yahoo.com.au>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
[ Modified error return and comment trivially.  - Linus]
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 8f05c38..65e12bc 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -694,6 +694,9 @@ static ssize_t read_zero(struct file * file, char __user * buf,
 		written += chunk - unwritten;
 		if (unwritten)
 			break;
+		/* Consider changing this to just 'signal_pending()' with lots of testing */
+		if (fatal_signal_pending(current))
+			return written ? written : -EINTR;
 		buf += chunk;
 		count -= chunk;
 		cond_resched();


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1649
retrieving revision 1.1650
diff -u -p -r1.1649 -r1.1650
--- kernel.spec	16 Jun 2009 04:57:23 -0000	1.1649
+++ kernel.spec	16 Jun 2009 18:00:54 -0000	1.1650
@@ -772,6 +772,7 @@ Patch9305: linux-2.6-xen-fix_warning_whe
 Patch9307: linux-2.6.29-xen-disable-gbpages.patch
 
 Patch11000: linux-2.6-parport-quickfix-the-proc-registration-bug.patch
+Patch11010: linux-2.6-dev-zero-avoid-oom-lockup.patch
 
 # via: enable 64-bit padlock support on nano, add CPU temp sensor,
 #  add via-sdmmc driver
@@ -1458,6 +1459,8 @@ ApplyPatch linux-2.6.29-xen-disable-gbpa
 # finally fix the proc registration bug (F11#503773 and others)
 ApplyPatch linux-2.6-parport-quickfix-the-proc-registration-bug.patch
 
+ApplyPatch linux-2.6-dev-zero-avoid-oom-lockup.patch
+
 # VIA: add 64-bit padlock support, sdmmc driver, temp sensor driver
 ApplyPatch via-centaur-merge-32-64-bit-init.patch
 ApplyPatch via-padlock-fix-might-sleep.patch
@@ -2055,6 +2058,9 @@ fi
 # and build.
 
 %changelog
+* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-188
+- Avoid lockup on OOM with /dev/zero
+
 * Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-187
 - Drop the disable of mwait on VIA Nano processor. The lockup bug is
   fixed by BIOS updates.

More information about the fedora-extras-commits mailing list