Re: [PATCH v4 3/3] mm/oom_kill: Have the OOM reaper and exit_mmap() traverse the maple tree in opposite orders
From: Liam R. Howlett
Date: Fri Aug 15 2025 - 12:13:26 EST
* Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> [250815 10:41]:
> * zhongjinji@xxxxxxxxx <zhongjinji@xxxxxxxxx> [250814 09:56]:
> > From: zhongjinji <zhongjinji@xxxxxxxxx>
...
> > diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> > index 7ae4001e47c1..602d6836098a 100644
> > --- a/mm/oom_kill.c
> > +++ b/mm/oom_kill.c
> > @@ -517,7 +517,7 @@ static bool __oom_reap_task_mm(struct mm_struct *mm)
> > {
> > struct vm_area_struct *vma;
> > bool ret = true;
> > - VMA_ITERATOR(vmi, mm, 0);
> > + VMA_ITERATOR(vmi, mm, ULONG_MAX);
> >
> > /*
> > * Tell all users of get_user/copy_from_user etc... that the content
> > @@ -527,7 +527,12 @@ static bool __oom_reap_task_mm(struct mm_struct *mm)
> > */
> > set_bit(MMF_UNSTABLE, &mm->flags);
> >
> > - for_each_vma(vmi, vma) {
> > + /*
> > + * When two tasks unmap the same vma at the same time, they may contend for the
> > + * pte spinlock. To avoid traversing the same vma as exit_mmap unmap, traverse
> > + * the vma maple tree in reverse order.
> > + */
> > + for_each_vma_reverse(vmi, vma) {
>
> How is this possible? Both need the same lock..? What part of
> exit_mmap() will race here?
I see, exit_mmap() and the oom both use unmap_page_range() under the
mmap read lock, so they can race but since they'll contend on the pte
lock it doesn't really matter.
This is so rare, I don't think this is worth fixing.
Thanks,
Liam