From 32b373f45d4a287ce649350009272d5f235fb513 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 8 Feb 2021 12:25:43 +0100
Subject: [PATCH] 4.4-stable patches

added patches:
	arm-footbridge-fix-dc21285-pci-configuration-accessors.patch
	mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch
	mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch
	mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch
---
 ...-dc21285-pci-configuration-accessors.patch | 62 ++++++++++++++++
 ...e-between-isolating-and-freeing-page.patch | 64 +++++++++++++++++
 ...vm_bug_on_page-from-page_huge_active.patch | 44 ++++++++++++
 ...-migrate-the-fallocated-hugetlb-page.patch | 71 +++++++++++++++++++
 queue-4.4/series                              |  4 ++
 5 files changed, 245 insertions(+)
 create mode 100644 queue-4.4/arm-footbridge-fix-dc21285-pci-configuration-accessors.patch
 create mode 100644 queue-4.4/mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch
 create mode 100644 queue-4.4/mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch
 create mode 100644 queue-4.4/mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch

diff --git a/queue-4.4/arm-footbridge-fix-dc21285-pci-configuration-accessors.patch b/queue-4.4/arm-footbridge-fix-dc21285-pci-configuration-accessors.patch
new file mode 100644
index 00000000000..44d37aacf47
--- /dev/null
+++ b/queue-4.4/arm-footbridge-fix-dc21285-pci-configuration-accessors.patch
@@ -0,0 +1,62 @@
+From 39d3454c3513840eb123b3913fda6903e45ce671 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Sun, 18 Oct 2020 09:39:21 +0100
+Subject: ARM: footbridge: fix dc21285 PCI configuration accessors
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+commit 39d3454c3513840eb123b3913fda6903e45ce671 upstream.
+
+Building with gcc 4.9.2 reveals a latent bug in the PCI accessors
+for Footbridge platforms, which causes a fatal alignment fault
+while accessing IO memory. Fix this by making the assembly volatile.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mach-footbridge/dc21285.c |   12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/arch/arm/mach-footbridge/dc21285.c
++++ b/arch/arm/mach-footbridge/dc21285.c
+@@ -69,15 +69,15 @@ dc21285_read_config(struct pci_bus *bus,
+ 	if (addr)
+ 		switch (size) {
+ 		case 1:
+-			asm("ldrb	%0, [%1, %2]"
++			asm volatile("ldrb	%0, [%1, %2]"
+ 				: "=r" (v) : "r" (addr), "r" (where) : "cc");
+ 			break;
+ 		case 2:
+-			asm("ldrh	%0, [%1, %2]"
++			asm volatile("ldrh	%0, [%1, %2]"
+ 				: "=r" (v) : "r" (addr), "r" (where) : "cc");
+ 			break;
+ 		case 4:
+-			asm("ldr	%0, [%1, %2]"
++			asm volatile("ldr	%0, [%1, %2]"
+ 				: "=r" (v) : "r" (addr), "r" (where) : "cc");
+ 			break;
+ 		}
+@@ -103,17 +103,17 @@ dc21285_write_config(struct pci_bus *bus
+ 	if (addr)
+ 		switch (size) {
+ 		case 1:
+-			asm("strb	%0, [%1, %2]"
++			asm volatile("strb	%0, [%1, %2]"
+ 				: : "r" (value), "r" (addr), "r" (where)
+ 				: "cc");
+ 			break;
+ 		case 2:
+-			asm("strh	%0, [%1, %2]"
++			asm volatile("strh	%0, [%1, %2]"
+ 				: : "r" (value), "r" (addr), "r" (where)
+ 				: "cc");
+ 			break;
+ 		case 4:
+-			asm("str	%0, [%1, %2]"
++			asm volatile("str	%0, [%1, %2]"
+ 				: : "r" (value), "r" (addr), "r" (where)
+ 				: "cc");
+ 			break;
diff --git a/queue-4.4/mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch b/queue-4.4/mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch
new file mode 100644
index 00000000000..59cf4cda082
--- /dev/null
+++ b/queue-4.4/mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch
@@ -0,0 +1,64 @@
+From 0eb2df2b5629794020f75e94655e1994af63f0d4 Mon Sep 17 00:00:00 2001
+From: Muchun Song <songmuchun@bytedance.com>
+Date: Thu, 4 Feb 2021 18:32:10 -0800
+Subject: mm: hugetlb: fix a race between isolating and freeing page
+
+From: Muchun Song <songmuchun@bytedance.com>
+
+commit 0eb2df2b5629794020f75e94655e1994af63f0d4 upstream.
+
+There is a race between isolate_huge_page() and __free_huge_page().
+
+  CPU0:                                     CPU1:
+
+  if (PageHuge(page))
+                                            put_page(page)
+                                              __free_huge_page(page)
+                                                  spin_lock(&hugetlb_lock)
+                                                  update_and_free_page(page)
+                                                    set_compound_page_dtor(page,
+                                                      NULL_COMPOUND_DTOR)
+                                                  spin_unlock(&hugetlb_lock)
+    isolate_huge_page(page)
+      // trigger BUG_ON
+      VM_BUG_ON_PAGE(!PageHead(page), page)
+      spin_lock(&hugetlb_lock)
+      page_huge_active(page)
+        // trigger BUG_ON
+        VM_BUG_ON_PAGE(!PageHuge(page), page)
+      spin_unlock(&hugetlb_lock)
+
+When we isolate a HugeTLB page on CPU0.  Meanwhile, we free it to the
+buddy allocator on CPU1.  Then, we can trigger a BUG_ON on CPU0, because
+it is already freed to the buddy allocator.
+
+Link: https://lkml.kernel.org/r/20210115124942.46403-5-songmuchun@bytedance.com
+Fixes: c8721bbbdd36 ("mm: memory-hotplug: enable memory hotplug to handle hugepage")
+Signed-off-by: Muchun Song <songmuchun@bytedance.com>
+Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Yang Shi <shy828301@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -4544,9 +4544,9 @@ bool isolate_huge_page(struct page *page
+ {
+ 	bool ret = true;
+ 
+-	VM_BUG_ON_PAGE(!PageHead(page), page);
+ 	spin_lock(&hugetlb_lock);
+-	if (!page_huge_active(page) || !get_page_unless_zero(page)) {
++	if (!PageHeadHuge(page) || !page_huge_active(page) ||
++	    !get_page_unless_zero(page)) {
+ 		ret = false;
+ 		goto unlock;
+ 	}
diff --git a/queue-4.4/mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch b/queue-4.4/mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch
new file mode 100644
index 00000000000..324fb65f923
--- /dev/null
+++ b/queue-4.4/mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch
@@ -0,0 +1,44 @@
+From ecbf4724e6061b4b01be20f6d797d64d462b2bc8 Mon Sep 17 00:00:00 2001
+From: Muchun Song <songmuchun@bytedance.com>
+Date: Thu, 4 Feb 2021 18:32:13 -0800
+Subject: mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
+
+From: Muchun Song <songmuchun@bytedance.com>
+
+commit ecbf4724e6061b4b01be20f6d797d64d462b2bc8 upstream.
+
+The page_huge_active() can be called from scan_movable_pages() which do
+not hold a reference count to the HugeTLB page.  So when we call
+page_huge_active() from scan_movable_pages(), the HugeTLB page can be
+freed parallel.  Then we will trigger a BUG_ON which is in the
+page_huge_active() when CONFIG_DEBUG_VM is enabled.  Just remove the
+VM_BUG_ON_PAGE.
+
+Link: https://lkml.kernel.org/r/20210115124942.46403-6-songmuchun@bytedance.com
+Fixes: 7e1f049efb86 ("mm: hugetlb: cleanup using paeg_huge_active()")
+Signed-off-by: Muchun Song <songmuchun@bytedance.com>
+Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Yang Shi <shy828301@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -1184,8 +1184,7 @@ struct hstate *size_to_hstate(unsigned l
+  */
+ bool page_huge_active(struct page *page)
+ {
+-	VM_BUG_ON_PAGE(!PageHuge(page), page);
+-	return PageHead(page) && PagePrivate(&page[1]);
++	return PageHeadHuge(page) && PagePrivate(&page[1]);
+ }
+ 
+ /* never called for tail page */
diff --git a/queue-4.4/mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch b/queue-4.4/mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch
new file mode 100644
index 00000000000..a9c7a28bd80
--- /dev/null
+++ b/queue-4.4/mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch
@@ -0,0 +1,71 @@
+From 585fc0d2871c9318c949fbf45b1f081edd489e96 Mon Sep 17 00:00:00 2001
+From: Muchun Song <songmuchun@bytedance.com>
+Date: Thu, 4 Feb 2021 18:32:03 -0800
+Subject: mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
+
+From: Muchun Song <songmuchun@bytedance.com>
+
+commit 585fc0d2871c9318c949fbf45b1f081edd489e96 upstream.
+
+If a new hugetlb page is allocated during fallocate it will not be
+marked as active (set_page_huge_active) which will result in a later
+isolate_huge_page failure when the page migration code would like to
+move that page.  Such a failure would be unexpected and wrong.
+
+Only export set_page_huge_active, just leave clear_page_huge_active as
+static.  Because there are no external users.
+
+Link: https://lkml.kernel.org/r/20210115124942.46403-3-songmuchun@bytedance.com
+Fixes: 70c3547e36f5 (hugetlbfs: add hugetlbfs_fallocate())
+Signed-off-by: Muchun Song <songmuchun@bytedance.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Yang Shi <shy828301@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/hugetlbfs/inode.c    |    3 ++-
+ include/linux/hugetlb.h |    3 +++
+ mm/hugetlb.c            |    2 +-
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/hugetlbfs/inode.c
++++ b/fs/hugetlbfs/inode.c
+@@ -661,8 +661,9 @@ static long hugetlbfs_fallocate(struct f
+ 
+ 		mutex_unlock(&hugetlb_fault_mutex_table[hash]);
+ 
++		set_page_huge_active(page);
+ 		/*
+-		 * page_put due to reference from alloc_huge_page()
++		 * put_page() due to reference from alloc_huge_page()
+ 		 * unlock_page because locked by add_to_page_cache()
+ 		 */
+ 		put_page(page);
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -506,6 +506,9 @@ static inline void hugetlb_count_sub(lon
+ {
+ 	atomic_long_sub(l, &mm->hugetlb_usage);
+ }
++
++void set_page_huge_active(struct page *page);
++
+ #else	/* CONFIG_HUGETLB_PAGE */
+ struct hstate {};
+ #define alloc_huge_page(v, a, r) NULL
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -1189,7 +1189,7 @@ bool page_huge_active(struct page *page)
+ }
+ 
+ /* never called for tail page */
+-static void set_page_huge_active(struct page *page)
++void set_page_huge_active(struct page *page)
+ {
+ 	VM_BUG_ON_PAGE(!PageHeadHuge(page), page);
+ 	SetPagePrivate(&page[1]);
diff --git a/queue-4.4/series b/queue-4.4/series
index 23ff7da9310..01230f335fc 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -27,3 +27,7 @@ mac80211-fix-station-rate-table-updates-on-assoc.patch
 kretprobe-avoid-re-registration-of-the-same-kretprobe-earlier.patch
 cifs-report-error-instead-of-invalid-when-revalidating-a-dentry-fails.patch
 mmc-core-limit-retries-when-analyse-of-sdio-tuples-fails.patch
+arm-footbridge-fix-dc21285-pci-configuration-accessors.patch
+mm-hugetlbfs-fix-cannot-migrate-the-fallocated-hugetlb-page.patch
+mm-hugetlb-fix-a-race-between-isolating-and-freeing-page.patch
+mm-hugetlb-remove-vm_bug_on_page-from-page_huge_active.patch
-- 
2.47.3