This is a note to let you know that I've just added the patch titled mm, madvise: ensure poisoned pages are removed from per-cpu lists to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mm-madvise-ensure-poisoned-pages-are-removed-from-per-cpu-lists.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From c461ad6a63b37ba74632e90c063d14823c884247 Mon Sep 17 00:00:00 2001 From: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx> Date: Thu, 31 Aug 2017 16:15:30 -0700 Subject: mm, madvise: ensure poisoned pages are removed from per-cpu lists From: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx> commit c461ad6a63b37ba74632e90c063d14823c884247 upstream. Wendy Wang reported off-list that a RAS HWPOISON-SOFT test case failed and bisected it to the commit 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP"). The problem is that a page that was poisoned with madvise() is reused. The commit removed a check that would trigger if DEBUG_VM was enabled but re-enabling the check only fixes the problem as a side-effect by printing a bad_page warning and recovering. The root of the problem is that an madvise() can leave a poisoned page on the per-cpu list. This patch drains all per-cpu lists after pages are poisoned so that they will not be reused. Wendy reports that the test case in question passes with this patch applied. While this could be done in a targeted fashion, it is over-complicated for such a rare operation. Link: http://lkml.kernel.org/r/20170828133414.7qro57jbepdcyz5x@xxxxxxxxxxxxxxxxxxx Fixes: 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP") Signed-off-by: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx> Reported-by: Wang, Wendy <wendy.wang@xxxxxxxxx> Tested-by: Wang, Wendy <wendy.wang@xxxxxxxxx> Acked-by: David Rientjes <rientjes@xxxxxxxxxx> Acked-by: Vlastimil Babka <vbabka@xxxxxxx> Cc: "Hansen, Dave" <dave.hansen@xxxxxxxxx> Cc: "Luck, Tony" <tony.luck@xxxxxxxxx> Cc: Naoya Horiguchi <nao.horiguchi@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- mm/madvise.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/madvise.c +++ b/mm/madvise.c @@ -533,6 +533,8 @@ static long madvise_remove(struct vm_are static int madvise_hwpoison(int bhv, unsigned long start, unsigned long end) { struct page *p; + struct zone *zone; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; for (; start < end; start += PAGE_SIZE << @@ -561,6 +563,11 @@ static int madvise_hwpoison(int bhv, uns if (ret) return ret; } + + /* Ensure that all poisoned pages are removed from per-cpu lists */ + for_each_populated_zone(zone) + drain_all_pages(zone); + return 0; } #endif Patches currently in stable-queue which might be from mgorman@xxxxxxxxxxxxxxxxxxx are queue-4.9/mm-madvise-ensure-poisoned-pages-are-removed-from-per-cpu-lists.patch