android_kernel_xiaomi_sm8350/drivers/char
Salman Qazi 730c586ad5 drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero
While running 20 parallel instances of dd as follows:

  #!/bin/bash
  for i in `seq 1 20`; do
           dd if=/dev/zero of=/export/hda3/dd_$i bs=1073741824 count=1 &
  done
  wait

on a 16G machine, we noticed that rather than just killing the processes,
the entire kernel went down.  Stracing dd reveals that it first does an
mmap2, which makes 1GB worth of zero page mappings.  Then it performs a
read on those pages from /dev/zero, and finally it performs a write.

The machine died during the reads.  Looking at the code, it was noticed
that /dev/zero's read operation had been changed by
557ed1fa26 ("remove ZERO_PAGE") from giving
zero page mappings to actually zeroing the page.

The zeroing of the pages causes physical pages to be allocated to the
process.  But, when the process exhausts all the memory that it can, the
kernel cannot kill it, as it is still in the kernel mode allocating more
memory.  Consequently, the kernel eventually crashes.

To fix this, I propose that when a fatal signal is pending during
/dev/zero read operation, we simply return and let the user process die.

Signed-off-by: Salman Qazi <sqazi@google.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ Modified error return and comment trivially.  - Linus]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-04 15:20:39 -07:00
..
agp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-04-20 08:42:48 -07:00
hw_random virtio-rng: Remove false BUG for spurious callbacks 2009-04-24 13:28:30 -07:00
ip2 proc tty: switch ip2 to ->proc_fops 2009-04-01 08:59:08 -07:00
ipmi ipmi: fix ipmi_si modprobe hang 2009-05-22 07:30:41 -07:00
mwave mwave: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:38 -08:00
pcmcia proc tty: switch synclink_cs to ->proc_fops 2009-04-01 08:59:08 -07:00
rio rio: addition has higher precedence than ?: 2009-04-06 14:36:43 -07:00
tpm TPM: get_event_name stack corruption 2009-05-20 08:30:05 +10:00
xilinx_hwicap xilinx_hwicap: remove improper wording in license statement 2008-12-17 11:23:07 -08:00
.gitignore
amiserial.c proc tty: switch amiserial to ->proc_fops 2009-04-01 08:59:10 -07:00
apm-emulation.c
applicom.c applicom: Auto-load applicom module when device opened. 2009-04-06 14:36:30 -07:00
applicom.h
bfin-otp.c
briq_panel.c
bsr.c trivial: drivers/char/bsr.c: Storage class should be before const qualifier 2009-03-30 15:22:02 +02:00
cd1865.h
ChangeLog
consolemap.c consolemap: indentation & braces disagree - reindent 2009-01-06 15:59:30 -08:00
cp437.uni unicode table for cp437 2008-12-13 11:25:49 -08:00
cs5535_gpio.c
cyclades.c cyclades: Auto-load cyclades module when device opened. 2009-04-06 14:36:30 -07:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1302.c
ds1620.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
dsp56k.c
dtlk.c
efirtc.c
epca.c trivial: fix an -> a typos in documentation and comments 2009-01-06 11:28:07 +01:00
epca.h
epcaconfig.h
esp.c esp: fix section mismatch warning 2009-04-07 08:31:03 -07:00
generic_nvram.c
generic_serial.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
genrtc.c
hangcheck-timer.c
hpet.c clocksource: pass clocksource to read() callback 2009-04-21 13:41:47 -07:00
hvc_beat.c powerpc/cell: Use correct types in beat files 2009-01-08 16:25:16 +11:00
hvc_console.c hvc_console: Remove tty->low_latency 2009-01-16 16:15:16 +11:00
hvc_console.h powerpc: Make open count variables signed in hvcs/hvsi/hvc_console 2008-12-03 21:04:13 +11:00
hvc_irq.c hvc_console: Call free_irq() only if request_irq() was successful 2009-01-13 14:48:01 +11:00
hvc_iseries.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_iucv.c [S390] hvc_iucv: Provide IUCV z/VM user ID filtering 2009-03-26 15:24:08 +01:00
hvc_rtas.c
hvc_udbg.c
hvc_vio.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_xen.c
hvcs.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
hvsi.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
i8k.c i8k: Add Dell Vostro systems 2009-01-02 10:28:32 -08:00
isicom.c isicom: isicom kref leak fix 2009-04-06 14:36:33 -07:00
istallion.c proc tty: switch istallion to ->proc_fops 2009-04-01 08:59:08 -07:00
Kconfig NVRAM depends on RTC_DRV_CMOS 2009-01-31 01:21:59 +01:00
keyboard.c
lp.c
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-12-28 16:54:33 -08:00
mbcs.c
mbcs.h
mem.c drivers/char/mem.c: avoid OOM lockup during large reads from /dev/zero 2009-06-04 15:20:39 -07:00
misc.c
mmtimer.c
moxa.c tty: moxa, fix refcounting in moxa_poll_port 2009-04-06 14:36:33 -07:00
moxa.h
mspec.c
mxser.c mxser: remove tty_port_tty_get from mxser_check_modem_status 2009-04-06 14:36:33 -07:00
mxser.h
n_hdlc.c
n_r3964.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
n_tty.c tty: N_TTY SIGIO only works for read 2009-01-02 10:19:40 -08:00
nozomi.c tty: kref nozomi 2009-01-02 10:19:40 -08:00
nsc_gpio.c
nvram.c
nwbutton.c
nwbutton.h
nwflash.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
pc8736x_gpio.c
ppdev.c
ps3flash.c powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/char 2009-01-16 16:15:14 +11:00
pty.c pty: Fix documentation 2009-01-12 16:37:00 -08:00
random.c Avoid ICE in get_random_int() with gcc-3.4.5 2009-05-19 11:25:35 -07:00
raw.c Add a missing unlock_kernel() in raw_open() 2009-03-27 10:59:09 -06:00
riscom8_reg.h
riscom8.c riscom8: Auto-load riscom8 module when device opened. 2009-04-06 14:36:31 -07:00
riscom8.h
rocket_int.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rocket.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
rocket.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rtc.c RTC: Remove the BKL. 2009-01-08 16:44:03 -07:00
scc.h m68k: atari - Rename "mfp" to "st_mfp" 2009-02-22 09:23:02 -08:00
scx200_gpio.c
selection.c Fix memory corruption in console selection 2009-01-31 15:51:31 -08:00
ser_a2232.c m68k: ser_a2232 - Kill warn_unused_result warnings 2009-01-12 20:56:39 +01:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
snsc_event.c
snsc.c
snsc.h
sonypi.c Rationalize fasync return values 2009-03-16 08:34:35 -06:00
specialix_io8.h
specialix.c specialix: Auto-load specialix module when device opened. 2009-04-06 14:36:31 -07:00
stallion.c proc tty: switch stallion to ->proc_fops 2009-04-01 08:59:09 -07:00
sx.c sx.c: avoid referencing freed memory if copy_from_user() fails 2009-02-20 17:57:49 -08:00
sx.h
sxboards.h
sxwindow.h
synclink_gt.c synclink_gt: add clock options 2009-04-02 19:05:01 -07:00
synclink.c proc tty: switch synclink to ->proc_fops 2009-04-01 08:59:09 -07:00
synclinkmp.c proc tty: switch synclinkmp to ->proc_fops 2009-04-01 08:59:09 -07:00
sysrq.c sysrq, intel_fb: fix sysrq g collision 2009-05-15 07:56:24 -05:00
tb0219.c
tlclk.c
toshiba.c
tty_audit.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_buffer.c
tty_io.c pids: kill signal_struct-> __pgrp/__session and friends 2009-04-02 19:05:02 -07:00
tty_ioctl.c tty: Fix race in the flush for some ldiscs 2009-01-15 12:48:35 -08:00
tty_ldisc.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_port.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
vc_screen.c vcs: hook sysfs devices into object lifetime instead of "binding" 2009-03-24 16:38:26 -07:00
viotape.c
virtio_console.c virtio_console: support console resizing 2008-12-30 09:26:10 +10:30
vme_scc.c m68k: vme_scc - Kill warn_unused_result warnings 2009-01-12 20:56:38 +01:00
vr41xx_giu.c
vt_ioctl.c vt: Add a note on the historical abuse of CLOCK_TICK_RATE 2009-05-06 14:47:13 -07:00
vt.c Revert "console ASCII glyph 1:1 mapping" 2009-04-19 10:51:40 -07:00