--- /dev/null
+From abca7c4965845924f65d40e0aa1092bdd895e314 Mon Sep 17 00:00:00 2001
+From: Pravin B Shelar <pshelar@nicira.com>
+Date: Wed, 20 Jun 2012 12:52:56 -0700
+Subject: mm: fix slab->page _count corruption when using slub
+
+From: Pravin B Shelar <pshelar@nicira.com>
+
+commit abca7c4965845924f65d40e0aa1092bdd895e314 upstream.
+
+On arches that do not support this_cpu_cmpxchg_double() slab_lock is used
+to do atomic cmpxchg() on double word which contains page->_count. The
+page count can be changed from get_page() or put_page() without taking
+slab_lock. That corrupts page counter.
+
+Fix it by moving page->_count out of cmpxchg_double data. So that slub
+does no change it while updating slub meta-data in struct page.
+
+[akpm@linux-foundation.org: use standard comment layout, tweak comment text]
+Reported-by: Amey Bhide <abhide@nicira.com>
+Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
+Acked-by: Christoph Lameter <cl@linux.com>
+Cc: Pekka Enberg <penberg@cs.helsinki.fi>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/mm_types.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/include/linux/mm_types.h
++++ b/include/linux/mm_types.h
+@@ -56,8 +56,18 @@ struct page {
+ };
+
+ union {
++#if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
++ defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
+ /* Used for cmpxchg_double in slub */
+ unsigned long counters;
++#else
++ /*
++ * Keep _count separate from slub cmpxchg_double data.
++ * As the rest of the double word is protected by
++ * slab_lock but _count is not.
++ */
++ unsigned counters;
++#endif
+
+ struct {
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
