From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=hUC8=QL=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 99283C282C4
	for <stable@archiver.kernel.org>; Mon,  4 Feb 2019 09:15:29 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 592182147A
	for <stable@archiver.kernel.org>; Mon,  4 Feb 2019 09:15:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1549271729;
	bh=ek8nsaYVyQJ6lUc4seMBV0tBFddaB5v1cjc6p7LwnAo=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From;
	b=YRZfQYIIZW10Degxf0eO0sjEAC6HLQgx0aVtIkKJpOKUbFPIWtqhEM3cgmxgJ+g9Z
	 Bpzws1F60RYat3K1IhMcsRvXYbBu7qr3x0M5VozwJy6Byg/uHGswdY6l/CGPWwnUX3
	 wxDx4sHKr781ByiTW/b63Z/L3SO6jOR2rVILmDB4=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726987AbfBDJP2 (ORCPT <rfc822;stable@archiver.kernel.org>);
        Mon, 4 Feb 2019 04:15:28 -0500
Received: from mail.kernel.org ([198.145.29.99]:46960 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726320AbfBDJP2 (ORCPT <rfc822;stable@vger.kernel.org>);
        Mon, 4 Feb 2019 04:15:28 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 7387F206DD;
        Mon,  4 Feb 2019 09:15:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1549271727;
        bh=ek8nsaYVyQJ6lUc4seMBV0tBFddaB5v1cjc6p7LwnAo=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=xwRmbBjP1swPm1Mx+RZ3BVCC32LJxfQeAuSd3ACKoTQvU6E+XnPsQBz7SLysSqcxW
         IBbqo/jzT7NyZsa61kbdkAe55eRLS6i7hLCJCT5arkFCs7MYnZQkBJ+D7Sfk7/K2y3
         ppChPZu7tVRlhKOf7ZvhdUj85IN8EBuFPOupCkHM=
Date:   Mon, 4 Feb 2019 10:15:24 +0100
From:   Greg KH <gregkh@linuxfoundation.org>
To:     David Hildenbrand <david@redhat.com>
Cc:     Mel Gorman <mgorman@techsingularity.net>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Michal Hocko <mhocko@suse.com>,
        Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
        Jan Kara <jack@suse.cz>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        Matthew Wilcox <willy@infradead.org>,
        Vratislav Bendel <vbendel@redhat.com>,
        Rafael Aquini <aquini@redhat.com>,
        Konstantin Khlebnikov <k.khlebnikov@samsung.com>,
        Minchan Kim <minchan@kernel.org>, stable@vger.kernel.org,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH for-4.4-stable] mm: migrate: don't rely on
 __PageMovable() of newpage after unlocking it
Message-ID: <20190204091524.GA3432@kroah.com>
References: <154926015133103@kroah.com>
 <20190204090059.16898-1-david@redhat.com>
 <7329b017-3bac-9cc6-022b-48c528371f94@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7329b017-3bac-9cc6-022b-48c528371f94@redhat.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

On Mon, Feb 04, 2019 at 10:05:14AM +0100, David Hildenbrand wrote:
> On 04.02.19 10:00, David Hildenbrand wrote:
> > commit e0a352fabce61f730341d119fbedf71ffdb8663f upstream.
> > 
> > We had a race in the old balloon compaction code before b1123ea6d3b3
> > ("mm: balloon: use general non-lru movable page feature") refactored it
> > that became visible after backporting 195a8c43e93d ("virtio-balloon:
> > deflate via a page list") without the refactoring.
> > 
> > The bug existed from commit d6d86c0a7f8d ("mm/balloon_compaction:
> > redesign ballooned pages management") till b1123ea6d3b3 ("mm: balloon:
> > use general non-lru movable page feature").  d6d86c0a7f8d
> > ("mm/balloon_compaction: redesign ballooned pages management") was
> > backported to 3.12, so the broken kernels are stable kernels [3.12 -
> > 4.7].
> > 
> > There was a subtle race between dropping the page lock of the newpage in
> > __unmap_and_move() and checking for __is_movable_balloon_page(newpage).
> > 
> > Just after dropping this page lock, virtio-balloon could go ahead and
> > deflate the newpage, effectively dequeueing it and clearing PageBalloon,
> > in turn making __is_movable_balloon_page(newpage) fail.
> > 
> > This resulted in dropping the reference of the newpage via
> > putback_lru_page(newpage) instead of put_page(newpage), leading to
> > page->lru getting modified and a !LRU page ending up in the LRU lists.
> > With 195a8c43e93d ("virtio-balloon: deflate via a page list")
> > backported, one would suddenly get corrupted lists in
> > release_pages_balloon():
> > 
> > - WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0
> > - list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100
> > 
> > Nowadays this race is no longer possible, but it is hidden behind very
> > ugly handling of __ClearPageMovable() and __PageMovable().
> > 
> > __ClearPageMovable() will not make __PageMovable() fail, only
> > PageMovable().  So the new check (__PageMovable(newpage)) will still
> > hold even after newpage was dequeued by virtio-balloon.
> > 
> > If anybody would ever change that special handling, the BUG would be
> > introduced again.  So instead, make it explicit and use the information
> > of the original isolated page before migration.
> > 
> > This patch can be backported fairly easy to stable kernels (in contrast
> > to the refactoring).
> > 
> > Link: http://lkml.kernel.org/r/20190129233217.10747-1-david@redhat.com
> > Fixes: d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management")
> > Signed-off-by: David Hildenbrand <david@redhat.com>
> > Reported-by: Vratislav Bendel <vbendel@redhat.com>
> > Acked-by: Michal Hocko <mhocko@suse.com>
> > Acked-by: Rafael Aquini <aquini@redhat.com>
> > Cc: Mel Gorman <mgorman@techsingularity.net>
> > Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
> > Cc: Michal Hocko <mhocko@suse.com>
> > Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
> > Cc: Jan Kara <jack@suse.cz>
> > Cc: Andrea Arcangeli <aarcange@redhat.com>
> > Cc: Dominik Brodowski <linux@dominikbrodowski.net>
> > Cc: Matthew Wilcox <willy@infradead.org>
> > Cc: Vratislav Bendel <vbendel@redhat.com>
> > Cc: Rafael Aquini <aquini@redhat.com>
> > Cc: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
> > Cc: Minchan Kim <minchan@kernel.org>
> > Cc: <stable@vger.kernel.org>	[3.12 - 4.7]
> > Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> 
> Lack of coffee, missed to add my s-o.
> 
> Greg, can you add
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>

Now added (hint, it's already in the list :)

and queued up, thanks for the backport.

greg k-h