From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 20 Sep 2017 09:22:22 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v3.18.72~39
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c0b416a10a834e7ff140f43633341e6674f2f969;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	mm-prevent-double-decrease-of-nr_reserved_highatomic.patch
---

diff --git a/queue-4.4/mm-prevent-double-decrease-of-nr_reserved_highatomic.patch b/queue-4.4/mm-prevent-double-decrease-of-nr_reserved_highatomic.patch
new file mode 100644
index 00000000000..99f2b6855d3
--- /dev/null
+++ b/queue-4.4/mm-prevent-double-decrease-of-nr_reserved_highatomic.patch
@@ -0,0 +1,83 @@
+From 4855e4a7f29d6d10b0b9c84e189c770c9a94e91e Mon Sep 17 00:00:00 2001
+From: Minchan Kim <minchan@kernel.org>
+Date: Mon, 12 Dec 2016 16:42:08 -0800
+Subject: mm: prevent double decrease of nr_reserved_highatomic
+
+From: Minchan Kim <minchan@kernel.org>
+
+commit 4855e4a7f29d6d10b0b9c84e189c770c9a94e91e upstream.
+
+There is race between page freeing and unreserved highatomic.
+
+ CPU 0				    CPU 1
+
+    free_hot_cold_page
+      mt = get_pfnblock_migratetype
+      set_pcppage_migratetype(page, mt)
+    				    unreserve_highatomic_pageblock
+    				    spin_lock_irqsave(&zone->lock)
+    				    move_freepages_block
+    				    set_pageblock_migratetype(page)
+    				    spin_unlock_irqrestore(&zone->lock)
+      free_pcppages_bulk
+        __free_one_page(mt) <- mt is stale
+
+By above race, a page on CPU 0 could go non-highorderatomic free list
+since the pageblock's type is changed.  By that, unreserve logic of
+highorderatomic can decrease reserved count on a same pageblock severak
+times and then it will make mismatch between nr_reserved_highatomic and
+the number of reserved pageblock.
+
+So, this patch verifies whether the pageblock is highatomic or not and
+decrease the count only if the pageblock is highatomic.
+
+Link: http://lkml.kernel.org/r/1476259429-18279-3-git-send-email-minchan@kernel.org
+Signed-off-by: Minchan Kim <minchan@kernel.org>
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Acked-by: Mel Gorman <mgorman@techsingularity.net>
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Cc: Sangseok Lee <sangseok.lee@lge.com>
+Cc: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Miles Chen <miles.chen@mediatek.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_alloc.c |   24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -1748,13 +1748,25 @@ static void unreserve_highatomic_pageblo
+ 						struct page, lru);
+ 
+ 			/*
+-			 * It should never happen but changes to locking could
+-			 * inadvertently allow a per-cpu drain to add pages
+-			 * to MIGRATE_HIGHATOMIC while unreserving so be safe
+-			 * and watch for underflows.
++			 * In page freeing path, migratetype change is racy so
++			 * we can counter several free pages in a pageblock
++			 * in this loop althoug we changed the pageblock type
++			 * from highatomic to ac->migratetype. So we should
++			 * adjust the count once.
+ 			 */
+-			zone->nr_reserved_highatomic -= min(pageblock_nr_pages,
+-				zone->nr_reserved_highatomic);
++			if (get_pageblock_migratetype(page) ==
++							MIGRATE_HIGHATOMIC) {
++				/*
++				 * It should never happen but changes to
++				 * locking could inadvertently allow a per-cpu
++				 * drain to add pages to MIGRATE_HIGHATOMIC
++				 * while unreserving so be safe and watch for
++				 * underflows.
++				 */
++				zone->nr_reserved_highatomic -= min(
++						pageblock_nr_pages,
++						zone->nr_reserved_highatomic);
++			}
+ 
+ 			/*
+ 			 * Convert to ac->migratetype and avoid the normal
diff --git a/queue-4.4/series b/queue-4.4/series
index e65061fec9d..19ec0b448fa 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -13,3 +13,4 @@ f2fs-check-hot_data-for-roll-forward-recovery.patch
 x86-fsgsbase-64-report-fsbase-and-gsbase-correctly-in-core-dumps.patch
 md-raid5-release-flush-io-in-raid5_do_work.patch
 nfsd-fix-general-protection-fault-in-release_lock_stateid.patch
+mm-prevent-double-decrease-of-nr_reserved_highatomic.patch
diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644
index 00000000000..9096d2ef01b
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1,6 @@
+sunrpc-refactor-svc_set_num_threads.patch
+nfsv4-fix-callback-server-shutdown.patch
+mm-prevent-double-decrease-of-nr_reserved_highatomic.patch
+orangefs-don-t-clear-sgid-when-inheriting-acls.patch
+ib-qib-hfi1-avoid-flow-control-testing-for-rdma-write-operation.patch
+drm-sun4i-implement-drm_driver-lastclose-to-restore-fbdev-console.patch