[kernel] Add patch to fix integer overflow of points in oom_badness (rhbz 750402)

Josh Boyer jwboyer at fedoraproject.org
Tue Nov 1 01:08:55 UTC 2011 

commit 36ae5a6210ad4c9bd4cd84d64a91a3069968f478
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Mon Oct 31 21:01:48 2011 -0400

    Add patch to fix integer overflow of points in oom_badness (rhbz 750402)

 kernel.spec                              |   10 +++-
 oom-fix-integer-overflow-of-points.patch |  100 ++++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 7e621b2..8464786 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -51,7 +51,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be prepended with "0.", so
 # for example a 3 here will become 0.3
 #
-%global baserelease 0
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -708,6 +708,8 @@ Patch21021: 0002-mm-Abort-reclaim-compaction-if-compaction-can-procee.patch
 #rhbz 749166
 Patch21050: xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch
 
+Patch21070: oom-fix-integer-overflow-of-points.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1318,6 +1320,9 @@ ApplyPatch 0002-mm-Abort-reclaim-compaction-if-compaction-can-procee.patch
 
 ApplyPatch select-regmap-from-wm8400.patch
 
+#rhbz 750402
+ApplyPatch oom-fix-integer-overflow-of-points.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2007,6 +2012,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Mon Oct 31 2011 Josh Boyer <jwboyer at redhat.com>
+- Add patch to fix integer overflow of points in oom_badness (rhbz 750402)
+
 * Mon Oct 31 2011 Kyle McMartin <kmcmartin at redhat.com>
 - Build a python-perf subpackage.
 
diff --git a/oom-fix-integer-overflow-of-points.patch b/oom-fix-integer-overflow-of-points.patch
new file mode 100644
index 0000000..02f6a8f
--- /dev/null
+++ b/oom-fix-integer-overflow-of-points.patch
@@ -0,0 +1,100 @@
+                                                                                                                                                                                                                                                               
+Delivered-To: jwboyer at gmail.com
+Received: by 10.220.45.11 with SMTP id c11cs62970vcf;
+        Mon, 31 Oct 2011 08:56:49 -0700 (PDT)
+Received: by 10.101.15.19 with SMTP id s19mr2706064ani.103.1320076596057;
+        Mon, 31 Oct 2011 08:56:36 -0700 (PDT)
+Return-Path: <linux-kernel-owner at vger.kernel.org>
+Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
+        by mx.google.com with ESMTP id x8si7676575ani.27.2011.10.31.08.56.32;
+        Mon, 31 Oct 2011 08:56:36 -0700 (PDT)
+Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner at vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
+Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner at vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mail=linux-kernel-owner at vger.kernel.org
+Received: (majordomo at vger.kernel.org) by vger.kernel.org via listexpand
+	id S934545Ab1JaP4X (ORCPT <rfc822;mel.lkml at gmail.com> + 99 others);
+	Mon, 31 Oct 2011 11:56:23 -0400
+Received: from mx1.redhat.com ([209.132.183.28]:23653 "EHLO mx1.redhat.com"
+	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+	id S934538Ab1JaP4X (ORCPT <rfc822;linux-kernel at vger.kernel.org>);
+	Mon, 31 Oct 2011 11:56:23 -0400
+Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
+	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p9VFuHOO027543
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
+	Mon, 31 Oct 2011 11:56:18 -0400
+Received: from dhcp-26-164.brq.redhat.com (dhcp-26-164.brq.redhat.com [10.34.26.164])
+	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p9VFuEK3018476;
+	Mon, 31 Oct 2011 11:56:15 -0400
+From:	Frantisek Hrbata <fhrbata at redhat.com>
+To:	rientjes at google.com
+Cc:	linux-mm at kvack.org, linux-kernel at vger.kernel.org,
+	akpm at linux-foundation.org, kosaki.motohiro at jp.fujitsu.com,
+	oleg at redhat.com, minchan.kim at gmail.com, stable at kernel.org,
+	eteo at redhat.com, pmatouse at redhat.com
+Subject: [PATCH v2] oom: fix integer overflow of points in oom_badness
+Date:	Mon, 31 Oct 2011 16:56:09 +0100
+Message-Id: <1320076569-23872-1-git-send-email-fhrbata at redhat.com>
+In-Reply-To: <1320048865-13175-1-git-send-email-fhrbata at redhat.com>
+References: <1320048865-13175-1-git-send-email-fhrbata at redhat.com>
+X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
+Sender:	linux-kernel-owner at vger.kernel.org
+Precedence: bulk
+List-ID: <linux-kernel.vger.kernel.org>
+X-Mailing-List:	linux-kernel at vger.kernel.org
+
+An integer overflow will happen on 64bit archs if task's sum of rss, swapents
+and nr_ptes exceeds (2^31)/1000 value. This was introduced by commit
+
+f755a04 oom: use pte pages in OOM score
+
+where the oom score computation was divided into several steps and it's no
+longer computed as one expression in unsigned long(rss, swapents, nr_pte are
+unsigned long), where the result value assigned to points(int) is in
+range(1..1000). So there could be an int overflow while computing
+
+176          points *= 1000;
+
+and points may have negative value. Meaning the oom score for a mem hog task
+will be one.
+
+196          if (points <= 0)
+197                  return 1;
+
+For example:
+[ 3366]     0  3366 35390480 24303939   5       0             0 oom01
+Out of memory: Kill process 3366 (oom01) score 1 or sacrifice child
+
+Here the oom1 process consumes more than 24303939(rss)*4096~=92GB physical
+memory, but it's oom score is one.
+
+In this situation the mem hog task is skipped and oom killer kills another and
+most probably innocent task with oom score greater than one.
+
+The points variable should be of type long instead of int to prevent the int
+overflow.
+
+Signed-off-by: Frantisek Hrbata <fhrbata at redhat.com>
+---
+ mm/oom_kill.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/mm/oom_kill.c b/mm/oom_kill.c
+index 626303b..e9a1785 100644
+--- a/mm/oom_kill.c
++++ b/mm/oom_kill.c
+@@ -162,7 +162,7 @@ static bool oom_unkillable_task(struct task_struct *p,
+ unsigned int oom_badness(struct task_struct *p, struct mem_cgroup *mem,
+ 		      const nodemask_t *nodemask, unsigned long totalpages)
+ {
+-	int points;
++	long points;
+ 
+ 	if (oom_unkillable_task(p, mem, nodemask))
+ 		return 0;
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+Please read the FAQ at  http://www.tux.org/lkml/

More information about the scm-commits mailing list