From 8fe6114e885596f873d14fe1198fb1fcd3009b50 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 31 Oct 2022 08:51:00 +0100
Subject: [PATCH] 5.4-stable patches

added patches:
	mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
---
 ...efore-decrementing-h-resv_huge_pages.patch | 50 +++++++++++++++++++
 queue-5.4/series                              |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 queue-5.4/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch

diff --git a/queue-5.4/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch b/queue-5.4/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
new file mode 100644
index 00000000000..be0e60f9126
--- /dev/null
+++ b/queue-5.4/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
@@ -0,0 +1,50 @@
+From 12df140f0bdfae5dcfc81800970dd7f6f632e00c Mon Sep 17 00:00:00 2001
+From: Rik van Riel <riel@surriel.com>
+Date: Mon, 17 Oct 2022 20:25:05 -0400
+Subject: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
+
+From: Rik van Riel <riel@surriel.com>
+
+commit 12df140f0bdfae5dcfc81800970dd7f6f632e00c upstream.
+
+The h->*_huge_pages counters are protected by the hugetlb_lock, but
+alloc_huge_page has a corner case where it can decrement the counter
+outside of the lock.
+
+This could lead to a corrupted value of h->resv_huge_pages, which we have
+observed on our systems.
+
+Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a
+potential race.
+
+Link: https://lkml.kernel.org/r/20221017202505.0e6a4fcd@imladris.surriel.com
+Fixes: a88c76954804 ("mm: hugetlb: fix hugepage memory leak caused by wrong reserve count")
+Signed-off-by: Rik van Riel <riel@surriel.com>
+Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Cc: Glen McCready <gkmccready@meta.com>
+Cc: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Muchun Song <songmuchun@bytedance.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -2218,11 +2218,11 @@ struct page *alloc_huge_page(struct vm_a
+ 		page = alloc_buddy_huge_page_with_mpol(h, vma, addr);
+ 		if (!page)
+ 			goto out_uncharge_cgroup;
++		spin_lock(&hugetlb_lock);
+ 		if (!avoid_reserve && vma_has_reserves(vma, gbl_chg)) {
+ 			SetPagePrivate(page);
+ 			h->resv_huge_pages--;
+ 		}
+-		spin_lock(&hugetlb_lock);
+ 		list_move(&page->lru, &h->hugepage_activelist);
+ 		/* Fall through */
+ 	}
diff --git a/queue-5.4/series b/queue-5.4/series
index c4f6b396392..c5012faa0e6 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -26,3 +26,4 @@ xfs-force-the-log-after-remapping-a-synchronous-writes-file.patch
 xen-gntdev-don-t-ignore-kernel-unmapping-error.patch
 xen-gntdev-prevent-leaking-grants.patch
 cgroup-v1-add-disabled-controller-check-in-cgroup1_parse_param.patch
+mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
-- 
2.47.3