From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 12 Sep 2016 14:56:43 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.7.4~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=816f4253d7145b9bfedffd6c827028dac3f2a7f3;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	uprobes-fix-the-memcg-accounting.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index 7cf0d5b8464..403dfbf7c90 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -172,3 +172,4 @@ ubifs-fix-assertion-in-layout_in_gaps.patch
 bcache-reserve_prio-is-too-small-by-one-when-prio_buckets-is-a-power-of-two.patch
 vhost-scsi-fix-reuse-of-vq-iov-in-response.patch
 x86-apic-do-not-init-irq-remapping-if-ioapic-is-disabled.patch
+uprobes-fix-the-memcg-accounting.patch
diff --git a/queue-4.4/uprobes-fix-the-memcg-accounting.patch b/queue-4.4/uprobes-fix-the-memcg-accounting.patch
new file mode 100644
index 00000000000..6407ccf49cf
--- /dev/null
+++ b/queue-4.4/uprobes-fix-the-memcg-accounting.patch
@@ -0,0 +1,59 @@
+From 6c4687cc17a788a6dd8de3e27dbeabb7cbd3e066 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Wed, 17 Aug 2016 17:36:29 +0200
+Subject: uprobes: Fix the memcg accounting
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit 6c4687cc17a788a6dd8de3e27dbeabb7cbd3e066 upstream.
+
+__replace_page() wronlgy calls mem_cgroup_cancel_charge() in "success" path,
+it should only do this if page_check_address() fails.
+
+This means that every enable/disable leads to unbalanced mem_cgroup_uncharge()
+from put_page(old_page), it is trivial to underflow the page_counter->count
+and trigger OOM.
+
+Reported-and-tested-by: Brenden Blanco <bblanco@plumgrid.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Reviewed-by: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Michal Hocko <mhocko@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
+Fixes: 00501b531c47 ("mm: memcontrol: rewrite charge API")
+Link: http://lkml.kernel.org/r/20160817153629.GB29724@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/uprobes.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -171,8 +171,10 @@ static int __replace_page(struct vm_area
+ 	mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
+ 	err = -EAGAIN;
+ 	ptep = page_check_address(page, mm, addr, &ptl, 0);
+-	if (!ptep)
++	if (!ptep) {
++		mem_cgroup_cancel_charge(kpage, memcg);
+ 		goto unlock;
++	}
+ 
+ 	get_page(kpage);
+ 	page_add_new_anon_rmap(kpage, vma, addr);
+@@ -199,7 +201,6 @@ static int __replace_page(struct vm_area
+ 
+ 	err = 0;
+  unlock:
+-	mem_cgroup_cancel_charge(kpage, memcg);
+ 	mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
+ 	unlock_page(page);
+ 	return err;