As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T. A local unprivileged user can make the system unusable. Upstream fixes: (1) 70834d30 "usermodehelper: use UMH_WAIT_PROC consistently" (2) b3449922 "usermodehelper: introduce umh_complete(sub_info)" (3) d0bd587a "usermodehelper: implement UMH_KILLABLE" (4) 9d944ef3 "usermodehelper: kill umh_wait, renumber UMH_* constants" (5) 5b9bd473 "usermodehelper: ____call_usermodehelper() doesn't need do_exit()" (6) 3e63a93b "kmod: introduce call_modprobe() helper" (7) 1cc684ab "kmod: make __request_module() killable" According to the reporter, (1) and (4) are optional and safer to exclude. References: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/963685 Acknowledgements: Red Hat would like to thank Tetsuo Handa for reporting this issue.
Statement: This issue does affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enteprise MRG. Future kernel updates may address this flaw.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1282 https://rhn.redhat.com/errata/RHSA-2012-1282.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0223 https://rhn.redhat.com/errata/RHSA-2013-0223.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1348 https://rhn.redhat.com/errata/RHSA-2013-1348.html