From: Zefan Li <lizefan@huawei.com>
Date: Sun, 9 Oct 2016 11:06:49 +0000 (+0800)
Subject: Fix incomplete backport of commit 0f792cf949a0
X-Git-Tag: v3.4.113~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d64519bf05760fc4f2d9a31e28df56af873c5b65;p=thirdparty%2Fkernel%2Fstable.git

Fix incomplete backport of commit 0f792cf949a0

Signed-off-by: Zefan Li <lizefan@huawei.com>
---

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 416cbfd92ec8f..6726bfea86237 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2929,13 +2929,17 @@ out_page_table_lock:
 		unlock_page(pagecache_page);
 		put_page(pagecache_page);
 	}
-	if (page != pagecache_page)
-		unlock_page(page);
-	put_page(page);
-
 out_mutex:
 	mutex_unlock(&hugetlb_instantiation_mutex);
-
+	/*
+	 * Generally it's safe to hold refcount during waiting page lock. But
+	 * here we just wait to defer the next page fault to avoid busy loop and
+	 * the page is not used after unlocked before returning from the current
+	 * page fault. So we are safe from accessing freed page, even if we wait
+	 * here without taking refcount.
+	 */
+	if (need_wait_lock)
+		wait_on_page_locked(page);
 	return ret;
 }