[natty/ti-omap4 CVE 1/1] oom: use pte pages in OOM score

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Mon Feb 6 12:43:50 UTC 2012 

On Mon, Feb 06, 2012 at 09:37:14AM +0000, Andy Whitcroft wrote:
> From: KOSAKI Motohiro <kosaki.motohiro at jp.fujitsu.com>
> 
> PTE pages eat up memory just like anything else, but we do not account for
> them in any way in the OOM scores.  They are also _guaranteed_ to get
> freed up when a process is OOM killed, while RSS is not.
> 
> Reported-by: Dave Hansen <dave at linux.vnet.ibm.com>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro at jp.fujitsu.com>
> Cc: Hugh Dickins <hughd at google.com>
> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu at jp.fujitsu.com>
> Cc: Oleg Nesterov <oleg at redhat.com>
> Acked-by: David Rientjes <rientjes at google.com>
> Cc: <stable at kernel.org>		[2.6.36+]
> Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> 
> (cherry picked from commit f755a042d82b51b54f3bdd0890e5ea56c0fb6807)
> CVE-2011-2498
> BugLink: http://bugs.launchpad.net/bugs/922374
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> ---
>  mm/oom_kill.c |    9 ++++++---
>  1 files changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> index ea16f72..49ea0cc 100644
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -172,10 +172,13 @@ unsigned int oom_badness(struct task_struct *p, struct mem_cgroup *mem,
>  
>  	/*
>  	 * The baseline for the badness score is the proportion of RAM that each
> -	 * task's rss and swap space use.
> +	 * task's rss, pagetable and swap space use.
>  	 */
> -	points = (get_mm_rss(p->mm) + get_mm_counter(p->mm, MM_SWAPENTS)) * 1000 /
> -			totalpages;
> +	points = get_mm_rss(p->mm) + p->mm->nr_ptes;
> +	points += get_mm_counter(p->mm, MM_SWAPENTS);
> +
> +	points *= 1000;
> +	points /= totalpages;

This split up of the computation introduced a bug in 64 bit arches, which
is fixed by commit ff05b6f. Arm should be unaffected, but natty have this
broken at least with x86_64, oneiric already got the fix through stable.

>  	task_unlock(p);
>  
>  	/*
> -- 
> 1.7.8.3
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 

-- 
[]'s
Herton

More information about the kernel-team mailing list