4.4-stable patches

added patches:
	uprobes-fix-the-memcg-accounting.patch

diff --git a/queue-4.4/series b/queue-4.4/series
index 7cf0d5b8464ff544e25d5d6bc17eb493e17a79e1..403dfbf7c90aa6ab8d0c54f213050b48387ffff0 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -172,3 +172,4 @@ ubifs-fix-assertion-in-layout_in_gaps.patch
 bcache-reserve_prio-is-too-small-by-one-when-prio_buckets-is-a-power-of-two.patch
 vhost-scsi-fix-reuse-of-vq-iov-in-response.patch
 x86-apic-do-not-init-irq-remapping-if-ioapic-is-disabled.patch
+uprobes-fix-the-memcg-accounting.patch

diff --git a/queue-4.4/uprobes-fix-the-memcg-accounting.patch b/queue-4.4/uprobes-fix-the-memcg-accounting.patch
new file mode 100644 (file)
index 0000000..6407ccf
--- /dev/null
+++ b/queue-4.4/uprobes-fix-the-memcg-accounting.patch
@@ -0,0 +1,59 @@
+From 6c4687cc17a788a6dd8de3e27dbeabb7cbd3e066 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Wed, 17 Aug 2016 17:36:29 +0200
+Subject: uprobes: Fix the memcg accounting
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit 6c4687cc17a788a6dd8de3e27dbeabb7cbd3e066 upstream.
+
+__replace_page() wronlgy calls mem_cgroup_cancel_charge() in "success" path,
+it should only do this if page_check_address() fails.
+
+This means that every enable/disable leads to unbalanced mem_cgroup_uncharge()
+from put_page(old_page), it is trivial to underflow the page_counter->count
+and trigger OOM.
+
+Reported-and-tested-by: Brenden Blanco <bblanco@plumgrid.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Reviewed-by: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Michal Hocko <mhocko@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
+Fixes: 00501b531c47 ("mm: memcontrol: rewrite charge API")
+Link: http://lkml.kernel.org/r/20160817153629.GB29724@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/uprobes.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -171,8 +171,10 @@ static int __replace_page(struct vm_area
+       mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
+       err = -EAGAIN;
+       ptep = page_check_address(page, mm, addr, &ptl, 0);
+-      if (!ptep)
++      if (!ptep) {
++              mem_cgroup_cancel_charge(kpage, memcg);
+               goto unlock;
++      }
+ 
+       get_page(kpage);
+       page_add_new_anon_rmap(kpage, vma, addr);
+@@ -199,7 +201,6 @@ static int __replace_page(struct vm_area
+ 
+       err = 0;
+  unlock:
+-      mem_cgroup_cancel_charge(kpage, memcg);
+       mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
+       unlock_page(page);
+       return err;