4.4-stable patches

added patches:
	hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch

diff --git a/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch b/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch
new file mode 100644 (file)
index 0000000..80cb01a
--- /dev/null
+++ b/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch
@@ -0,0 +1,69 @@
+From dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 Mon Sep 17 00:00:00 2001
+From: Mike Kravetz <mike.kravetz@oracle.com>
+Date: Wed, 24 Feb 2021 12:07:50 -0800
+Subject: hugetlb: fix update_and_free_page contig page struct assumption
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mike Kravetz <mike.kravetz@oracle.com>
+
+commit dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 upstream.
+
+page structs are not guaranteed to be contiguous for gigantic pages.  The
+routine update_and_free_page can encounter a gigantic page, yet it assumes
+page structs are contiguous when setting page flags in subpages.
+
+If update_and_free_page encounters non-contiguous page structs, we can see
+“BUG: Bad page state in process …” errors.
+
+Non-contiguous page structs are generally not an issue.  However, they can
+exist with a specific kernel configuration and hotplug operations.  For
+example: Configure the kernel with CONFIG_SPARSEMEM and
+!CONFIG_SPARSEMEM_VMEMMAP.  Then, hotplug add memory for the area where
+the gigantic page will be allocated.  Zi Yan outlined steps to reproduce
+here [1].
+
+[1] https://lore.kernel.org/linux-mm/16F7C58B-4D79-41C5-9B64-A1A1628F4AF2@nvidia.com/
+
+Link: https://lkml.kernel.org/r/20210217184926.33567-1-mike.kravetz@oracle.com
+Fixes: 944d9fec8d7a ("hugetlb: add support for gigantic page allocation at runtime")
+Signed-off-by: Zi Yan <ziy@nvidia.com>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Zi Yan <ziy@nvidia.com>
+Cc: Davidlohr Bueso <dbueso@suse.de>
+Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: Joao Martins <joao.m.martins@oracle.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+---
+ mm/hugetlb.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -1159,14 +1159,16 @@ static inline int alloc_fresh_gigantic_p
+ static void update_and_free_page(struct hstate *h, struct page *page)
+ {
+       int i;
++      struct page *subpage = page;
+ 
+       if (hstate_is_gigantic(h) && !gigantic_page_supported())
+               return;
+ 
+       h->nr_huge_pages--;
+       h->nr_huge_pages_node[page_to_nid(page)]--;
+-      for (i = 0; i < pages_per_huge_page(h); i++) {
+-              page[i].flags &= ~(1 << PG_locked | 1 << PG_error |
++      for (i = 0; i < pages_per_huge_page(h);
++           i++, subpage = mem_map_next(subpage, page, i)) {
++              subpage->flags &= ~(1 << PG_locked | 1 << PG_error |
+                               1 << PG_referenced | 1 << PG_dirty |
+                               1 << PG_active | 1 << PG_private |
+                               1 << PG_writeback);

diff --git a/queue-4.4/series b/queue-4.4/series
index 5d2379c0dacc9ae39a41ef8902edc1c521df4db1..a1af25cb248abd7d481fb280e27b933e098e94c7 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -4,3 +4,4 @@ iwlwifi-pcie-fix-to-correct-null-check.patch
 mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch
 scripts-use-pkg-config-to-locate-libcrypto.patch
 scripts-set-proper-openssl-include-dir-also-for-sign-file.patch
+hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch