percpu: flush tlb in pcpu_reclaim_populated()

mainline inclusion
from mainline-v5.14-rc1
commit 93274f1d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4BE79
CVE: NA

-------------------------------------------------
Prior to "percpu: implement partial chunk depopulation",
pcpu_depopulate_chunk() was called only on the destruction path. This
meant the virtual address range was on its way back to vmalloc which
will handle flushing the tlbs for us.

However, with pcpu_reclaim_populated(), we are now calling
pcpu_depopulate_chunk() during the active lifecycle of a chunk.
Therefore, we need to flush the tlb as well otherwise we can end up
accessing the wrong page through an invalid tlb mapping as reported in
[1].

[1] https://lore.kernel.org/lkml/20210702191140.GA3166599@roeck-us.net/



Fixes: f1833241 ("percpu: implement partial chunk depopulation")
Reported-and-tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
(cherry picked from commit 93274f1d)
Conflicts:
	mm/percpu.c
Small content conflicts because of mainline-v5.14-rc1 commit
faf65dde rework memcg accounting.
Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>