From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 31 Oct 2022 07:51:08 +0000 (+0100)
Subject: 5.10-stable patches
X-Git-Tag: v4.19.263~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4b72de3088e877c1518a9711c37fa2401a03746;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
---

diff --git a/queue-5.10/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch b/queue-5.10/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
new file mode 100644
index 00000000000..134a6d272cb
--- /dev/null
+++ b/queue-5.10/mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch
@@ -0,0 +1,50 @@
+From 12df140f0bdfae5dcfc81800970dd7f6f632e00c Mon Sep 17 00:00:00 2001
+From: Rik van Riel <riel@surriel.com>
+Date: Mon, 17 Oct 2022 20:25:05 -0400
+Subject: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
+
+From: Rik van Riel <riel@surriel.com>
+
+commit 12df140f0bdfae5dcfc81800970dd7f6f632e00c upstream.
+
+The h->*_huge_pages counters are protected by the hugetlb_lock, but
+alloc_huge_page has a corner case where it can decrement the counter
+outside of the lock.
+
+This could lead to a corrupted value of h->resv_huge_pages, which we have
+observed on our systems.
+
+Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a
+potential race.
+
+Link: https://lkml.kernel.org/r/20221017202505.0e6a4fcd@imladris.surriel.com
+Fixes: a88c76954804 ("mm: hugetlb: fix hugepage memory leak caused by wrong reserve count")
+Signed-off-by: Rik van Riel <riel@surriel.com>
+Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Cc: Glen McCready <gkmccready@meta.com>
+Cc: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Muchun Song <songmuchun@bytedance.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -2387,11 +2387,11 @@ struct page *alloc_huge_page(struct vm_a
+ 		page = alloc_buddy_huge_page_with_mpol(h, vma, addr);
+ 		if (!page)
+ 			goto out_uncharge_cgroup;
++		spin_lock(&hugetlb_lock);
+ 		if (!avoid_reserve && vma_has_reserves(vma, gbl_chg)) {
+ 			SetPagePrivate(page);
+ 			h->resv_huge_pages--;
+ 		}
+-		spin_lock(&hugetlb_lock);
+ 		list_add(&page->lru, &h->hugepage_activelist);
+ 		/* Fall through */
+ 	}
diff --git a/queue-5.10/series b/queue-5.10/series
index 0253ab19b43..dc11ea8a22d 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -32,3 +32,4 @@ s390-pci-add-missing-ex_table-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser.
 xen-gntdev-don-t-ignore-kernel-unmapping-error.patch
 xen-gntdev-prevent-leaking-grants.patch
 mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
+mm-hugetlb-take-hugetlb_lock-before-decrementing-h-resv_huge_pages.patch