From: Greg Kroah-Hartman Date: Tue, 18 Feb 2014 22:13:31 +0000 (-0800) Subject: 3.10-stable patches X-Git-Tag: v3.4.81~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdfba514e142089a624271799d8f73518ab9fa9f;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: mm-fix-process-accidentally-killed-by-mce-because-of-huge-page-migration.patch --- diff --git a/queue-3.10/mm-fix-process-accidentally-killed-by-mce-because-of-huge-page-migration.patch b/queue-3.10/mm-fix-process-accidentally-killed-by-mce-because-of-huge-page-migration.patch new file mode 100644 index 00000000000..a1ab4ddf62f --- /dev/null +++ b/queue-3.10/mm-fix-process-accidentally-killed-by-mce-because-of-huge-page-migration.patch @@ -0,0 +1,88 @@ +From qiuxishi@huawei.com Tue Feb 18 14:12:39 2014 +From: Xishi Qiu +Date: Fri, 14 Feb 2014 10:33:35 +0800 +Subject: mm: fix process accidentally killed by mce because of huge page migration +To: Naoya Horiguchi , Greg Kroah-Hartman +Cc: , , Linux MM , , Xishi Qiu , Li Zefan , Andrew Morton +Message-ID: <52FD807F.5010105@huawei.com> + +From: Xishi Qiu + +Based on c8721bbbdd36382de51cd6b7a56322e0acca2414 upstream, but only the +bugfix portion pulled out. + +Hi Naoya or Greg, + +We found a bug in 3.10.x. +The problem is that we accidentally have a hwpoisoned hugepage in free +hugepage list. It could happend in the the following scenario: + + process A process B + + migrate_huge_page + put_page (old hugepage) + linked to free hugepage list + hugetlb_fault + hugetlb_no_page + alloc_huge_page + dequeue_huge_page_vma + dequeue_huge_page_node + (steal hwpoisoned hugepage) + set_page_hwpoison_huge_page + dequeue_hwpoisoned_huge_page + (fail to dequeue) + +I tested this bug, one process keeps allocating huge page, and I +use sysfs interface to soft offline a huge page, then received: +"MCE: Killing UCP:2717 due to hardware memory corruption fault at 8200034" + +Upstream kernel is free from this bug because of these two commits: + +f15bdfa802bfa5eb6b4b5a241b97ec9fa1204a35 +mm/memory-failure.c: fix memory leak in successful soft offlining + +c8721bbbdd36382de51cd6b7a56322e0acca2414 +mm: memory-hotplug: enable memory hotplug to handle hugepage + +The first one, although the problem is about memory leak, this patch +moves unset_migratetype_isolate(), which is important to avoid the race. +The latter is not a bug fix and it's too big, so I rewrite a small one. + +The following patch can fix this bug.(please apply f15bdfa802bf first) + +Signed-off-by: Xishi Qiu +Reviewed-by: Naoya Horiguchi +Signed-off-by: Greg Kroah-Hartman + +--- + mm/hugetlb.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -517,9 +518,15 @@ static struct page *dequeue_huge_page_no + { + struct page *page; + +- if (list_empty(&h->hugepage_freelists[nid])) ++ list_for_each_entry(page, &h->hugepage_freelists[nid], lru) ++ if (!is_migrate_isolate_page(page)) ++ break; ++ /* ++ * if 'non-isolated free hugepage' not found on the list, ++ * the allocation fails. ++ */ ++ if (&h->hugepage_freelists[nid] == &page->lru) + return NULL; +- page = list_entry(h->hugepage_freelists[nid].next, struct page, lru); + list_move(&page->lru, &h->hugepage_activelist); + set_page_refcounted(page); + h->free_huge_pages--; diff --git a/queue-3.10/series b/queue-3.10/series index 0024a953650..b909455b49e 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -23,3 +23,4 @@ pinctrl-protect-pinctrl_list-add.patch mm-memory-failure.c-fix-memory-leak-in-successful-soft-offlining.patch ib-qib-convert-qib_user_sdma_pin_pages-to-use.patch intel_pstate-take-core-c0-time-into-account-for-core-busy-calculation.patch +mm-fix-process-accidentally-killed-by-mce-because-of-huge-page-migration.patch