From 87c049efef7f44e5feb7a6edc3d518555a4b51a9 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 27 Dec 2021 15:08:52 +0100
Subject: [PATCH] 5.4-stable patches

added patches:
	kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch
	mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch
---
 ...vm-intel.emulate_invalid_guest_state.patch |  40 ++++++
 ...ions-escaping-mempolicy-restrictions.patch | 122 ++++++++++++++++++
 queue-5.4/series                              |   2 +
 3 files changed, 164 insertions(+)
 create mode 100644 queue-5.4/kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch
 create mode 100644 queue-5.4/mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch

diff --git a/queue-5.4/kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch b/queue-5.4/kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch
new file mode 100644
index 00000000000..41814f119b3
--- /dev/null
+++ b/queue-5.4/kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch
@@ -0,0 +1,40 @@
+From 0ff29701ffad9a5d5a24344d8b09f3af7b96ffda Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 7 Dec 2021 19:30:05 +0000
+Subject: KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 0ff29701ffad9a5d5a24344d8b09f3af7b96ffda upstream.
+
+Update the documentation for kvm-intel's emulate_invalid_guest_state to
+rectify the description of KVM's default behavior, and to document that
+the behavior and thus parameter only applies to L1.
+
+Fixes: a27685c33acc ("KVM: VMX: Emulate invalid guest state by default")
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20211207193006.120997-4-seanjc@google.com>
+Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/admin-guide/kernel-parameters.txt |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -2112,8 +2112,12 @@
+ 			Default is 1 (enabled)
+ 
+ 	kvm-intel.emulate_invalid_guest_state=
+-			[KVM,Intel] Enable emulation of invalid guest states
+-			Default is 0 (disabled)
++			[KVM,Intel] Disable emulation of invalid guest state.
++			Ignored if kvm-intel.enable_unrestricted_guest=1, as
++			guest state is never invalid for unrestricted guests.
++			This param doesn't apply to nested guests (L2), as KVM
++			never emulates invalid L2 guest state.
++			Default is 1 (enabled)
+ 
+ 	kvm-intel.flexpriority=
+ 			[KVM,Intel] Disable FlexPriority feature (TPR shadow).
diff --git a/queue-5.4/mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch b/queue-5.4/mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch
new file mode 100644
index 00000000000..fb94fe001d9
--- /dev/null
+++ b/queue-5.4/mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch
@@ -0,0 +1,122 @@
+From 338635340669d5b317c7e8dcf4fff4a0f3651d87 Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <arbn@yandex-team.com>
+Date: Fri, 24 Dec 2021 21:12:35 -0800
+Subject: mm: mempolicy: fix THP allocations escaping mempolicy restrictions
+
+From: Andrey Ryabinin <arbn@yandex-team.com>
+
+commit 338635340669d5b317c7e8dcf4fff4a0f3651d87 upstream.
+
+alloc_pages_vma() may try to allocate THP page on the local NUMA node
+first:
+
+	page = __alloc_pages_node(hpage_node,
+		gfp | __GFP_THISNODE | __GFP_NORETRY, order);
+
+And if the allocation fails it retries allowing remote memory:
+
+	if (!page && (gfp & __GFP_DIRECT_RECLAIM))
+    		page = __alloc_pages_node(hpage_node,
+					gfp, order);
+
+However, this retry allocation completely ignores memory policy nodemask
+allowing allocation to escape restrictions.
+
+The first appearance of this bug seems to be the commit ac5b2c18911f
+("mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings").
+
+The bug disappeared later in the commit 89c83fb539f9 ("mm, thp:
+consolidate THP gfp handling into alloc_hugepage_direct_gfpmask") and
+reappeared again in slightly different form in the commit 76e654cc91bb
+("mm, page_alloc: allow hugepage fallback to remote nodes when
+madvised")
+
+Fix this by passing correct nodemask to the __alloc_pages() call.
+
+The demonstration/reproducer of the problem:
+
+    $ mount -oremount,size=4G,huge=always /dev/shm/
+    $ echo always > /sys/kernel/mm/transparent_hugepage/defrag
+    $ cat mbind_thp.c
+    #include <unistd.h>
+    #include <sys/mman.h>
+    #include <sys/stat.h>
+    #include <fcntl.h>
+    #include <assert.h>
+    #include <stdlib.h>
+    #include <stdio.h>
+    #include <numaif.h>
+
+    #define SIZE 2ULL << 30
+    int main(int argc, char **argv)
+    {
+        int fd;
+        unsigned long long i;
+        char *addr;
+        pid_t pid;
+        char buf[100];
+        unsigned long nodemask = 1;
+
+        fd = open("/dev/shm/test", O_RDWR|O_CREAT);
+        assert(fd > 0);
+        assert(ftruncate(fd, SIZE) == 0);
+
+        addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE,
+                           MAP_SHARED, fd, 0);
+
+        assert(mbind(addr, SIZE, MPOL_BIND, &nodemask, 2, MPOL_MF_STRICT|MPOL_MF_MOVE)==0);
+        for (i = 0; i < SIZE; i+=4096) {
+          addr[i] = 1;
+        }
+        pid = getpid();
+        snprintf(buf, sizeof(buf), "grep shm /proc/%d/numa_maps", pid);
+        system(buf);
+        sleep(10000);
+
+        return 0;
+    }
+    $ gcc mbind_thp.c -o mbind_thp -lnuma
+    $ numactl -H
+    available: 2 nodes (0-1)
+    node 0 cpus: 0 2
+    node 0 size: 1918 MB
+    node 0 free: 1595 MB
+    node 1 cpus: 1 3
+    node 1 size: 2014 MB
+    node 1 free: 1731 MB
+    node distances:
+    node   0   1
+      0:  10  20
+      1:  20  10
+    $ rm -f /dev/shm/test; taskset -c 0 ./mbind_thp
+    7fd970a00000 bind:0 file=/dev/shm/test dirty=524288 active=0 N0=396800 N1=127488 kernelpagesize_kB=4
+
+Link: https://lkml.kernel.org/r/20211208165343.22349-1-arbn@yandex-team.com
+Fixes: ac5b2c18911f ("mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings")
+Signed-off-by: Andrey Ryabinin <arbn@yandex-team.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Mel Gorman <mgorman@techsingularity.net>
+Acked-by: David Rientjes <rientjes@google.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/mempolicy.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2143,8 +2143,9 @@ alloc_pages_vma(gfp_t gfp, int order, st
+ 			 * memory as well.
+ 			 */
+ 			if (!page && (gfp & __GFP_DIRECT_RECLAIM))
+-				page = __alloc_pages_node(hpage_node,
+-						gfp | __GFP_NORETRY, order);
++				page = __alloc_pages_nodemask(gfp | __GFP_NORETRY,
++							order, hpage_node,
++							nmask);
+ 
+ 			goto out;
+ 		}
diff --git a/queue-5.4/series b/queue-5.4/series
index c0f258f3014..4d923db8acc 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -35,3 +35,5 @@ arm-9169-1-entry-fix-thumb2-bug-in-iwmmxt-exception-handling.patch
 tee-optee-fix-incorrect-page-free-bug.patch
 f2fs-fix-to-do-sanity-check-on-last-xattr-entry-in-__f2fs_setxattr.patch
 usb-gadget-u_ether-fix-race-in-setting-mac-address-in-setup-phase.patch
+kvm-vmx-fix-stale-docs-for-kvm-intel.emulate_invalid_guest_state.patch
+mm-mempolicy-fix-thp-allocations-escaping-mempolicy-restrictions.patch
-- 
2.47.2