From: Greg Kroah-Hartman Date: Wed, 22 Jan 2014 19:49:52 +0000 (-0800) Subject: 3.4-stable patches X-Git-Tag: v3.10.28~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a4f00127ae92afa3ce47e7c252118c4199d2d481;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: mm-memory-failure.c-recheck-pagehuge-after-hugetlb-page-migrate-successfully.patch --- diff --git a/queue-3.4/mm-memory-failure.c-recheck-pagehuge-after-hugetlb-page-migrate-successfully.patch b/queue-3.4/mm-memory-failure.c-recheck-pagehuge-after-hugetlb-page-migrate-successfully.patch new file mode 100644 index 00000000000..ee3609fdb68 --- /dev/null +++ b/queue-3.4/mm-memory-failure.c-recheck-pagehuge-after-hugetlb-page-migrate-successfully.patch @@ -0,0 +1,62 @@ +From a49ecbcd7b0d5a1cda7d60e03df402dd0ef76ac8 Mon Sep 17 00:00:00 2001 +From: Jianguo Wu +Date: Wed, 18 Dec 2013 17:08:54 -0800 +Subject: mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully + +From: Jianguo Wu + +commit a49ecbcd7b0d5a1cda7d60e03df402dd0ef76ac8 upstream. + +After a successful hugetlb page migration by soft offline, the source +page will either be freed into hugepage_freelists or buddy(over-commit +page). If page is in buddy, page_hstate(page) will be NULL. It will +hit a NULL pointer dereference in dequeue_hwpoisoned_huge_page(). + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000058 + IP: [] dequeue_hwpoisoned_huge_page+0x131/0x1d0 + PGD c23762067 PUD c24be2067 PMD 0 + Oops: 0000 [#1] SMP + +So check PageHuge(page) after call migrate_pages() successfully. + +[wujg: backport to 3.4: + - adjust context + - s/num_poisoned_pages/mce_bad_pages/] + +Signed-off-by: Jianguo Wu +Tested-by: Naoya Horiguchi +Reviewed-by: Naoya Horiguchi +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + mm/memory-failure.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1447,10 +1447,18 @@ static int soft_offline_huge_page(struct + return ret; + } + done: +- if (!PageHWPoison(hpage)) +- atomic_long_add(1 << compound_trans_order(hpage), &mce_bad_pages); +- set_page_hwpoison_huge_page(hpage); +- dequeue_hwpoisoned_huge_page(hpage); ++ /* overcommit hugetlb page will be freed to buddy */ ++ if (PageHuge(hpage)) { ++ if (!PageHWPoison(hpage)) ++ atomic_long_add(1 << compound_trans_order(hpage), ++ &mce_bad_pages); ++ set_page_hwpoison_huge_page(hpage); ++ dequeue_hwpoisoned_huge_page(hpage); ++ } else { ++ SetPageHWPoison(page); ++ atomic_long_inc(&mce_bad_pages); ++ } ++ + /* keep elevated page count for bad page */ + return ret; + } diff --git a/queue-3.4/series b/queue-3.4/series index b33756847c3..b6323998013 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -1,3 +1,4 @@ kvm-x86-convert-vapic-synchronization-to-_cached-functions-cve-2013-6368.patch staging-comedi-8255_pci-fix-for-newer-pci-dio48h.patch perf-x86-amd-ibs-fix-waking-up-from-s3-for-amd-family-10h.patch +mm-memory-failure.c-recheck-pagehuge-after-hugetlb-page-migrate-successfully.patch