From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Feb 2014 20:48:05 +0000 (-0800)
Subject: 3.10-stable patches
X-Git-Tag: v3.4.81~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=272b2fdb593f7860242c1eb342163045ee2b6fa2;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch
---

diff --git a/queue-3.10/mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch b/queue-3.10/mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch
new file mode 100644
index 00000000000..d887d3da2a3
--- /dev/null
+++ b/queue-3.10/mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch
@@ -0,0 +1,102 @@
+From f15bdfa802bfa5eb6b4b5a241b97ec9fa1204a35 Mon Sep 17 00:00:00 2001
+From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Date: Wed, 3 Jul 2013 15:02:37 -0700
+Subject: mm/memory-failure.c: fix memory leak in successful soft offlining
+
+From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+
+commit f15bdfa802bfa5eb6b4b5a241b97ec9fa1204a35 upstream.
+
+After a successful page migration by soft offlining, the source page is
+not properly freed and it's never reusable even if we unpoison it
+afterward.
+
+This is caused by the race between freeing page and setting PG_hwpoison.
+In successful soft offlining, the source page is put (and the refcount
+becomes 0) by putback_lru_page() in unmap_and_move(), where it's linked
+to pagevec and actual freeing back to buddy is delayed.  So if
+PG_hwpoison is set for the page before freeing, the freeing does not
+functions as expected (in such case freeing aborts in
+free_pages_prepare() check.)
+
+This patch tries to make sure to free the source page before setting
+PG_hwpoison on it.  To avoid reallocating, the page keeps
+MIGRATE_ISOLATE until after setting PG_hwpoison.
+
+This patch also removes obsolete comments about "keeping elevated
+refcount" because what they say is not true.  Unlike memory_failure(),
+soft_offline_page() uses no special page isolation code, and the
+soft-offlined pages have no elevated.
+
+Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Cc: Andi Kleen <andi@firstfloor.org>
+Cc: Mel Gorman <mel@csn.ul.ie>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Xishi Qiu <qiuxishi@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memory-failure.c |   22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+--- a/mm/memory-failure.c
++++ b/mm/memory-failure.c
+@@ -1421,7 +1421,8 @@ static int __get_any_page(struct page *p
+ 
+ 	/*
+ 	 * Isolate the page, so that it doesn't get reallocated if it
+-	 * was free.
++	 * was free. This flag should be kept set until the source page
++	 * is freed and PG_hwpoison on it is set.
+ 	 */
+ 	set_migratetype_isolate(p, true);
+ 	/*
+@@ -1444,7 +1445,6 @@ static int __get_any_page(struct page *p
+ 		/* Not a free page */
+ 		ret = 1;
+ 	}
+-	unset_migratetype_isolate(p, MIGRATE_MOVABLE);
+ 	unlock_memory_hotplug();
+ 	return ret;
+ }
+@@ -1511,7 +1511,6 @@ static int soft_offline_huge_page(struct
+ 			atomic_long_inc(&num_poisoned_pages);
+ 		}
+ 	}
+-	/* keep elevated page count for bad page */
+ 	return ret;
+ }
+ 
+@@ -1576,7 +1575,7 @@ int soft_offline_page(struct page *page,
+ 			atomic_long_inc(&num_poisoned_pages);
+ 		}
+ 	}
+-	/* keep elevated page count for bad page */
++	unset_migratetype_isolate(page, MIGRATE_MOVABLE);
+ 	return ret;
+ }
+ 
+@@ -1642,7 +1641,22 @@ static int __soft_offline_page(struct pa
+ 			if (ret > 0)
+ 				ret = -EIO;
+ 		} else {
++			/*
++			 * After page migration succeeds, the source page can
++			 * be trapped in pagevec and actual freeing is delayed.
++			 * Freeing code works differently based on PG_hwpoison,
++			 * so there's a race. We need to make sure that the
++			 * source page should be freed back to buddy before
++			 * setting PG_hwpoison.
++			 */
++			if (!is_free_buddy_page(page))
++				lru_add_drain_all();
++			if (!is_free_buddy_page(page))
++				drain_all_pages();
+ 			SetPageHWPoison(page);
++			if (!is_free_buddy_page(page))
++				pr_info("soft offline: %#lx: page leaked\n",
++					pfn);
+ 			atomic_long_inc(&num_poisoned_pages);
+ 		}
+ 	} else {
diff --git a/queue-3.10/series b/queue-3.10/series
index 51097a80cc7..36d3aa21498 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -21,3 +21,4 @@ mxl111sf-fix-compile-when-config_dvb_usb_mxl111sf-is-unset.patch
 x86-hweight-fix-bug-when-booting-with-config_gcov_profile_all-y.patch
 pinctrl-vt8500-change-devicetree-data-parsing.patch
 pinctrl-protect-pinctrl_list-add.patch
+mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch