From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 21 Apr 2017 09:40:54 +0000 (+0200)
Subject: next 3.18
X-Git-Tag: v3.18.50~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6fd54f242c30f2006808218be55c7ac009d618b8;p=thirdparty%2Fkernel%2Fstable-queue.git

next 3.18
---

diff --git a/next-3.18/s390-mm-fix-cmma-vs-ksm-vs-others.patch b/next-3.18/s390-mm-fix-cmma-vs-ksm-vs-others.patch
new file mode 100644
index 00000000000..4563563bc2c
--- /dev/null
+++ b/next-3.18/s390-mm-fix-cmma-vs-ksm-vs-others.patch
@@ -0,0 +1,37 @@
+From a8f60d1fadf7b8b54449fcc9d6b15248917478ba Mon Sep 17 00:00:00 2001
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+Date: Sun, 9 Apr 2017 22:09:38 +0200
+Subject: s390/mm: fix CMMA vs KSM vs others
+
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+
+commit a8f60d1fadf7b8b54449fcc9d6b15248917478ba upstream.
+
+On heavy paging with KSM I see guest data corruption. Turns out that
+KSM will add pages to its tree, where the mapping return true for
+pte_unused (or might become as such later).  KSM will unmap such pages
+and reinstantiate with different attributes (e.g. write protected or
+special, e.g. in replace_page or write_protect_page)). This uncovered
+a bug in our pagetable handling: We must remove the unused flag as
+soon as an entry becomes present again.
+
+Signed-of-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
+index 024f85f..e2c0e4e 100644
+--- a/arch/s390/include/asm/pgtable.h
++++ b/arch/s390/include/asm/pgtable.h
+@@ -829,6 +829,8 @@ static inline void set_pte_at(struct mm_struct *mm, unsigned long addr,
+ {
+ 	pgste_t pgste;
+ 
++	if (pte_present(entry))
++		pte_val(entry) &= ~_PAGE_UNUSED;
+ 	if (mm_has_pgste(mm)) {
+ 		pgste = pgste_get_lock(ptep);
+ 		pgste_val(pgste) &= ~_PGSTE_GPS_ZERO;
+-- 
+2.7.4
diff --git a/next-3.18/series b/next-3.18/series
index 4426dd39b50..f0a511378e1 100644
--- a/next-3.18/series
+++ b/next-3.18/series
@@ -5,4 +5,5 @@ tracing-allocate-the-snapshot-buffer-before-enabling-probe.patch
 ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch
 cifs-do-not-send-echoes-before-negotiate-is-complete.patch
 cifs-remove-bad_network_name-flag.patch
+s390-mm-fix-cmma-vs-ksm-vs-others.patch
 
diff --git a/queue-4.10/series b/queue-4.10/series
index 34d90324940..cb8ff9ae24f 100644
--- a/queue-4.10/series
+++ b/queue-4.10/series
@@ -8,3 +8,4 @@ mm-prevent-nr_isolate_-stats-from-going-negative.patch
 cifs-do-not-send-echoes-before-negotiate-is-complete.patch
 cifs-remove-bad_network_name-flag.patch
 mmc-dw_mmc-silent-verbose-log-when-calling-from-pm-context.patch
+s390-mm-fix-cmma-vs-ksm-vs-others.patch
diff --git a/queue-4.9/series b/queue-4.9/series
index 56b0c4f2adc..dbaceba090a 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -6,3 +6,4 @@ ring-buffer-have-ring_buffer_iter_empty-return-true-when-empty.patch
 mm-prevent-nr_isolate_-stats-from-going-negative.patch
 cifs-do-not-send-echoes-before-negotiate-is-complete.patch
 cifs-remove-bad_network_name-flag.patch
+s390-mm-fix-cmma-vs-ksm-vs-others.patch