oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup (!774) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Nico Pache requested to merge npache/centos-stream-9:1951330.post into main Apr 25, 2022

The pthread struct is allocated on PRIVATE|ANONYMOUS memory [1] which
can be targeted by the oom reaper.  This mapping is used to store the
futex robust list head; the kernel does not keep a copy of the robust
list and instead references a userspace address to maintain the
robustness during a process death.

A race can occur between exit_mm and the oom reaper that allows the oom
reaper to free the memory of the futex robust list before the exit path
has handled the futex death:

Delay the OOM reaper, allowing more time for the exit path to perform
the futex cleanup.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1951330

Upstream-status: Linus

Signed-off-by: Nico Pache npache@redhat.com

Admin message

oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup

Merge request reports