Security: Kernel OOM-killer and allocation denial use different rules

Security: Kernel OOM-killer and allocation denial use different rules

Original patch created by Leonid Moiseichuk <leonid.moiseichuk@nokia.com>

Fixes the issue with the oom killer and lowmem module being inconsistent;
processes that are important enough to be protected from the oom killer should
not be denied memory either.

Signed-off-by: Henrik Saari <henrik.saari@nokia.com>
Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>

diff --git a/security/lowmem.c b/security/lowmem.c
index a627d511f8e2eb4ecae03eb12804367e71b37ad9..113be7544704f02507ac34f3665b1f35b3a691b8 100644 (file)
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -9,6 +9,7 @@
 #include <linux/pagemap.h>
 #include <linux/hugetlb.h>
 #include <linux/sysfs.h>
+#include <linux/oom.h>
 
 #define MY_NAME "lowmem"
 
@@ -207,6 +208,10 @@ static int low_vm_enough_memory(long pages)
                if (cap_sys_admin)
                        return 0;
 
+               /* OOM unkillable process is allowed to consume memory */
+               if (current->oomkilladj == OOM_DISABLE)
+                       return 0;
+
                /* uids from allowed_uids vector are also allowed no matter what */
                for (i = 0; i < LOWMEM_MAX_UIDS && allowed_uids[i]; i++)
                        if (current->uid == allowed_uids[i])