Home Home > GIT Browse > SLE15-SP1
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-07-18 11:23:37 +0200
committerTakashi Iwai <tiwai@suse.de>2019-07-18 11:23:37 +0200
commita8aa0aac4c92ecd178f88c84453883467e8589e8 (patch)
treebc2fa523b234e437039508169f2b05abf1f1f4fc
parent15a7753cd5378fa14a8e7dec2decd7bbcb9aae5b (diff)
parent2ca7d32595c0432d7c12022c1cc01f4ba41bfb39 (diff)
Merge branch 'users/mgorman/SLE15/for-next' into SLE15
Pull mm fix from Mel Gorman
-rw-r--r--patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch77
-rw-r--r--series.conf3
2 files changed, 80 insertions, 0 deletions
diff --git a/patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch b/patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch
new file mode 100644
index 0000000000..d7084c1f60
--- /dev/null
+++ b/patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch
@@ -0,0 +1,77 @@
+From 17b4ecf88713135dd439f72c5c6150d6dc84da3e Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Wed, 10 Jul 2019 11:31:01 +0200
+Subject: [PATCH] mm: migrate: Fix reference check race between
+ __find_get_block() and migration
+
+References: bnc#1137609
+Patch-mainline: No, under review, expected in 5.3
+
+buffer_migrate_page_norefs() can race with bh users in the following way:
+
+CPU1 CPU2
+buffer_migrate_page_norefs()
+ buffer_migrate_lock_buffers()
+ checks bh refs
+ spin_unlock(&mapping->private_lock)
+ __find_get_block()
+ spin_lock(&mapping->private_lock)
+ grab bh ref
+ spin_unlock(&mapping->private_lock)
+ move page do bh work
+
+This can result in various issues like lost updates to buffers (i.e.
+metadata corruption) or use after free issues for the old page.
+
+This patch closes the race by holding mapping->private_lock while the
+mapping is being moved to a new page. Ordinarily, a reference can be taken
+outside of the private_lock using the per-cpu BH LRU but the references
+are checked and the LRU invalidated if necessary. The private_lock is held
+once the references are known so the buffer lookup slow path will spin
+on the private_lock. Between the page lock and private_lock, it should
+be impossible for other references to be acquired and updates to happen
+during the migration.
+
+A user had reported data corruption issues on a distribution kernel with
+a similar page migration implementation as mainline. The data corruption
+could not be reproduced with this patch applied after 44 hours of testing
+(fastest time to produce the problem reported as 5 hours). A small number
+of migration-intensive tests were run and no performance problems were
+noted.
+
+[mgorman@techsingularity.net: Changelog, removed tracing]
+Fixes: 89cb0888ca14 "mm: migrate: provide buffer_migrate_page_norefs()"
+CC: stable@vger.kernel.org
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Mel Gorman <mgorman@suse.de>
+---
+ mm/migrate.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mm/migrate.c b/mm/migrate.c
+index e9594bc0d406..a59e4aed6d2e 100644
+--- a/mm/migrate.c
++++ b/mm/migrate.c
+@@ -771,12 +771,12 @@ static int __buffer_migrate_page(struct address_space *mapping,
+ }
+ bh = bh->b_this_page;
+ } while (bh != head);
+- spin_unlock(&mapping->private_lock);
+ if (busy) {
+ if (invalidated) {
+ rc = -EAGAIN;
+ goto unlock_buffers;
+ }
++ spin_unlock(&mapping->private_lock);
+ invalidate_bh_lrus();
+ invalidated = true;
+ goto recheck_buffers;
+@@ -809,6 +809,8 @@ static int __buffer_migrate_page(struct address_space *mapping,
+
+ rc = MIGRATEPAGE_SUCCESS;
+ unlock_buffers:
++ if (check_refs)
++ spin_unlock(&mapping->private_lock);
+ bh = head;
+ do {
+ unlock_buffer(bh);
diff --git a/series.conf b/series.conf
index 2f3ec92e26..66fff1af3c 100644
--- a/series.conf
+++ b/series.conf
@@ -23157,6 +23157,9 @@
patches.fixes/fs-dax-deposit-pagetable-even-when-installing-zero-page.patch
patches.suse/dm-dax-fix-detection-of-dax-support.patch
+ # bnc#1137609
+ patches.suse/mm-migrate-Fix-reference-check-race-between-__find_get_block-and-migration.patch
+
########################################################
# misc small fixes
########################################################