From: Greg Kroah-Hartman Date: Thu, 4 Mar 2021 13:50:32 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.4.260~59 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=59bb5720de6ff366f3557a131c091c07cdb6b59e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch --- diff --git a/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch b/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch new file mode 100644 index 00000000000..80cb01ab34e --- /dev/null +++ b/queue-4.4/hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch @@ -0,0 +1,69 @@ +From dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 Mon Sep 17 00:00:00 2001 +From: Mike Kravetz +Date: Wed, 24 Feb 2021 12:07:50 -0800 +Subject: hugetlb: fix update_and_free_page contig page struct assumption +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mike Kravetz + +commit dbfee5aee7e54f83d96ceb8e3e80717fac62ad63 upstream. + +page structs are not guaranteed to be contiguous for gigantic pages. The +routine update_and_free_page can encounter a gigantic page, yet it assumes +page structs are contiguous when setting page flags in subpages. + +If update_and_free_page encounters non-contiguous page structs, we can see +“BUG: Bad page state in process …” errors. + +Non-contiguous page structs are generally not an issue. However, they can +exist with a specific kernel configuration and hotplug operations. For +example: Configure the kernel with CONFIG_SPARSEMEM and +!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where +the gigantic page will be allocated. Zi Yan outlined steps to reproduce +here [1]. + +[1] https://lore.kernel.org/linux-mm/16F7C58B-4D79-41C5-9B64-A1A1628F4AF2@nvidia.com/ + +Link: https://lkml.kernel.org/r/20210217184926.33567-1-mike.kravetz@oracle.com +Fixes: 944d9fec8d7a ("hugetlb: add support for gigantic page allocation at runtime") +Signed-off-by: Zi Yan +Signed-off-by: Mike Kravetz +Cc: Zi Yan +Cc: Davidlohr Bueso +Cc: "Kirill A . Shutemov" +Cc: Andrea Arcangeli +Cc: Matthew Wilcox +Cc: Oscar Salvador +Cc: Joao Martins +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Mike Kravetz +--- + mm/hugetlb.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -1159,14 +1159,16 @@ static inline int alloc_fresh_gigantic_p + static void update_and_free_page(struct hstate *h, struct page *page) + { + int i; ++ struct page *subpage = page; + + if (hstate_is_gigantic(h) && !gigantic_page_supported()) + return; + + h->nr_huge_pages--; + h->nr_huge_pages_node[page_to_nid(page)]--; +- for (i = 0; i < pages_per_huge_page(h); i++) { +- page[i].flags &= ~(1 << PG_locked | 1 << PG_error | ++ for (i = 0; i < pages_per_huge_page(h); ++ i++, subpage = mem_map_next(subpage, page, i)) { ++ subpage->flags &= ~(1 << PG_locked | 1 << PG_error | + 1 << PG_referenced | 1 << PG_dirty | + 1 << PG_active | 1 << PG_private | + 1 << PG_writeback); diff --git a/queue-4.4/series b/queue-4.4/series index 5d2379c0dac..a1af25cb248 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -4,3 +4,4 @@ iwlwifi-pcie-fix-to-correct-null-check.patch mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch scripts-use-pkg-config-to-locate-libcrypto.patch scripts-set-proper-openssl-include-dir-also-for-sign-file.patch +hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch