From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 3 Jun 2014 20:08:16 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.14.6~82
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9e7057c937a79f2e868f6264d83ac500b1e136d5;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	hwpoison-hugetlb-lock_page-unlock_page-does-not-match-for-handling-a-free-hugepage.patch
	x86-mm-hugetlb-add-missing-tlb-page-invalidation-for-hugetlb_cow.patch
---

diff --git a/queue-3.4/hwpoison-hugetlb-lock_page-unlock_page-does-not-match-for-handling-a-free-hugepage.patch b/queue-3.4/hwpoison-hugetlb-lock_page-unlock_page-does-not-match-for-handling-a-free-hugepage.patch
new file mode 100644
index 00000000000..b667d07070a
--- /dev/null
+++ b/queue-3.4/hwpoison-hugetlb-lock_page-unlock_page-does-not-match-for-handling-a-free-hugepage.patch
@@ -0,0 +1,54 @@
+From b985194c8c0a130ed155b71662e39f7eaea4876f Mon Sep 17 00:00:00 2001
+From: Chen Yucong <slaoub@gmail.com>
+Date: Thu, 22 May 2014 11:54:15 -0700
+Subject: hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage
+
+From: Chen Yucong <slaoub@gmail.com>
+
+commit b985194c8c0a130ed155b71662e39f7eaea4876f upstream.
+
+For handling a free hugepage in memory failure, the race will happen if
+another thread hwpoisoned this hugepage concurrently.  So we need to
+check PageHWPoison instead of !PageHWPoison.
+
+If hwpoison_filter(p) returns true or a race happens, then we need to
+unlock_page(hpage).
+
+Signed-off-by: Chen Yucong <slaoub@gmail.com>
+Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Tested-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
+Reviewed-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memory-failure.c |   15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/mm/memory-failure.c
++++ b/mm/memory-failure.c
+@@ -1061,15 +1061,16 @@ int memory_failure(unsigned long pfn, in
+ 			return 0;
+ 		} else if (PageHuge(hpage)) {
+ 			/*
+-			 * Check "just unpoisoned", "filter hit", and
+-			 * "race with other subpage."
++			 * Check "filter hit" and "race with other subpage."
+ 			 */
+ 			lock_page(hpage);
+-			if (!PageHWPoison(hpage)
+-			    || (hwpoison_filter(p) && TestClearPageHWPoison(p))
+-			    || (p != hpage && TestSetPageHWPoison(hpage))) {
+-				atomic_long_sub(nr_pages, &mce_bad_pages);
+-				return 0;
++			if (PageHWPoison(hpage)) {
++				if ((hwpoison_filter(p) && TestClearPageHWPoison(p))
++				    || (p != hpage && TestSetPageHWPoison(hpage))) {
++					atomic_long_sub(nr_pages, &mce_bad_pages);
++					unlock_page(hpage);
++					return 0;
++				}
+ 			}
+ 			set_page_hwpoison_huge_page(hpage);
+ 			res = dequeue_hwpoisoned_huge_page(hpage);
diff --git a/queue-3.4/series b/queue-3.4/series
index 41b14f7fade..29e0ebe6f5c 100644
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -39,3 +39,5 @@ mm-make-fixup_user_fault-check-the-vma-access-rights-too.patch
 timer-prevent-overflow-in-apply_slack.patch
 ipmi-fix-a-race-restarting-the-timer.patch
 ipmi-reset-the-kcs-timeout-when-starting-error-recovery.patch
+x86-mm-hugetlb-add-missing-tlb-page-invalidation-for-hugetlb_cow.patch
+hwpoison-hugetlb-lock_page-unlock_page-does-not-match-for-handling-a-free-hugepage.patch
diff --git a/queue-3.4/x86-mm-hugetlb-add-missing-tlb-page-invalidation-for-hugetlb_cow.patch b/queue-3.4/x86-mm-hugetlb-add-missing-tlb-page-invalidation-for-hugetlb_cow.patch
new file mode 100644
index 00000000000..f8e5aa52536
--- /dev/null
+++ b/queue-3.4/x86-mm-hugetlb-add-missing-tlb-page-invalidation-for-hugetlb_cow.patch
@@ -0,0 +1,42 @@
+From 9844f5462392b53824e8b86726e7c33b5ecbb676 Mon Sep 17 00:00:00 2001
+From: Anthony Iliopoulos <anthony.iliopoulos@huawei.com>
+Date: Wed, 14 May 2014 11:29:48 +0200
+Subject: x86, mm, hugetlb: Add missing TLB page invalidation for hugetlb_cow()
+
+From: Anthony Iliopoulos <anthony.iliopoulos@huawei.com>
+
+commit 9844f5462392b53824e8b86726e7c33b5ecbb676 upstream.
+
+The invalidation is required in order to maintain proper semantics
+under CoW conditions. In scenarios where a process clones several
+threads, a thread operating on a core whose DTLB entry for a
+particular hugepage has not been invalidated, will be reading from
+the hugepage that belongs to the forked child process, even after
+hugetlb_cow().
+
+The thread will not see the updated page as long as the stale DTLB
+entry remains cached, the thread attempts to write into the page,
+the child process exits, or the thread gets migrated to a different
+processor.
+
+Signed-off-by: Anthony Iliopoulos <anthony.iliopoulos@huawei.com>
+Link: http://lkml.kernel.org/r/20140514092948.GA17391@server-36.huawei.corp
+Suggested-by: Shay Goikhman <shay.goikhman@huawei.com>
+Acked-by: Dave Hansen <dave.hansen@intel.com>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/hugetlb.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/include/asm/hugetlb.h
++++ b/arch/x86/include/asm/hugetlb.h
+@@ -51,6 +51,7 @@ static inline pte_t huge_ptep_get_and_cl
+ static inline void huge_ptep_clear_flush(struct vm_area_struct *vma,
+ 					 unsigned long addr, pte_t *ptep)
+ {
++	ptep_clear_flush(vma, addr, ptep);
+ }
+ 
+ static inline int huge_pte_none(pte_t pte)