From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 26 Apr 2015 09:56:36 +0000 (+0200)
Subject: 3.10-stable patches
X-Git-Tag: v4.0.1~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f43fc262d2e81762116768bef5918e61d58f722;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	mm-hugetlb-add-migration-hwpoisoned-entry-check-in.patch
---

diff --git a/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in.patch b/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in.patch
new file mode 100644
index 00000000000..78bbd827787
--- /dev/null
+++ b/queue-3.10/mm-hugetlb-add-migration-hwpoisoned-entry-check-in.patch
@@ -0,0 +1,71 @@
+From a8bda28d87c38c6aa93de28ba5d30cc18e865a11 Mon Sep 17 00:00:00 2001
+From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Date: Wed, 11 Feb 2015 15:25:28 -0800
+Subject: mm/hugetlb: add migration/hwpoisoned entry check in
+ hugetlb_change_protection
+
+From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+
+commit a8bda28d87c38c6aa93de28ba5d30cc18e865a11 upstream.
+
+There is a race condition between hugepage migration and
+change_protection(), where hugetlb_change_protection() doesn't care about
+migration entries and wrongly overwrites them.  That causes unexpected
+results like kernel crash.  HWPoison entries also can cause the same
+problem.
+
+This patch adds is_hugetlb_entry_(migration|hwpoisoned) check in this
+function to do proper actions.
+
+[n-horiguchi@ah.jp.nec.com: resolve conflict to apply to v3.10.71]
+Fixes: 290408d4a2 ("hugetlb: hugepage migration core")
+Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Mel Gorman <mel@csn.ul.ie>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Michal Hocko <mhocko@suse.cz>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Luiz Capitulino <lcapitulino@redhat.com>
+Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
+Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
+Cc: Steve Capper <steve.capper@linaro.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c |   21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -3117,7 +3117,26 @@ unsigned long hugetlb_change_protection(
+ 			pages++;
+ 			continue;
+ 		}
+-		if (!huge_pte_none(huge_ptep_get(ptep))) {
++		pte = huge_ptep_get(ptep);
++		if (unlikely(is_hugetlb_entry_hwpoisoned(pte))) {
++			spin_unlock(ptl);
++			continue;
++		}
++		if (unlikely(is_hugetlb_entry_migration(pte))) {
++			swp_entry_t entry = pte_to_swp_entry(pte);
++
++			if (is_write_migration_entry(entry)) {
++				pte_t newpte;
++
++				make_migration_entry_read(&entry);
++				newpte = swp_entry_to_pte(entry);
++				set_huge_pte_at(mm, address, ptep, newpte);
++				pages++;
++			}
++			spin_unlock(ptl);
++			continue;
++		}
++		if (!huge_pte_none(pte)) {
+ 			pte = huge_ptep_get_and_clear(mm, address, ptep);
+ 			pte = pte_mkhuge(huge_pte_modify(pte, newprot));
+ 			pte = arch_make_huge_pte(pte, vma, NULL, 0);
diff --git a/queue-3.10/series b/queue-3.10/series
index 632ebb88982..04c022706a0 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -20,3 +20,4 @@ bluetooth-add-firmware-update-for-atheros-0cf3-311f.patch
 bluetooth-btusb-add-imc-networks-broadcom-based.patch
 bluetooth-add-support-for-intel-bootloader-devices.patch
 bluetooth-ignore-isochronous-endpoints-for-intel-usb-bootloader.patch
+mm-hugetlb-add-migration-hwpoisoned-entry-check-in.patch