From nobody Mon Apr 6 18:22:50 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A805382F2F; Wed, 18 Mar 2026 14:09:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842943; cv=none; b=cI25XluhEmWN/MPgPhvSOQmPAjfwpEpjatqzcYqB1kP8z4ut6NZltKtz94tVXoOaI8tV+vQkYQIKwo51IwHp1TLTjauyQWZ63Tb7aIDWBbWsIlw8PMgEKDWO7Xu/p32jbwXBdoH6vdokBQTc0aQKgYLukLOvAzm8IefyMDoIIWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842943; c=relaxed/simple; bh=ZKzoW4CqYUYXfg941YKlSMyeaKXqcPwfYFlm4TXgeZA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J1R4ep2TsK9EDbiIY4+814NRJUplitJQDxENpHpRi4kBarqEJa1+JCxKoMdIWe5LVtYIA+OUy6pxCeImUcOrxQRDIV85+UKaVKCRfcGawiz1FWO9zdOMxSexGbyHLcfhNmifgbe4s4iFrfEI73lyIUN0Aokj0eXpOKzngI3uolE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=eu3owpHy; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="eu3owpHy" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62IBB8oF475030; Wed, 18 Mar 2026 14:08:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=9NWO1HKrlvylPa41s TlhZntynvWlg5m99P6B8m/oAuY=; b=eu3owpHyUC9zXlJQDbBNFQiuGBwxOIYcf eJ9CoCRaBo6D1F7ICrQeslVFAtWg7YVMycvkSVjnydieDK0ii904aR4S1SPec16B T7kwy1+LlO5NoFMgIOOeTRtlbi3U0DQA/KD+UGOauZJnGgNGrKqKNsoffv8itryw KU2QV093vrM6Yr+dzYHwnf/rDB0C8rIxHHZTviGcwIE0lZgqSc/ZL46t/Pu1TQng 5IEvZVpDr5aSgefoiUTfPU8OpT10PDyfCXtogqmrH5nbgw27o0eb/Xtn4Tn7LcfM YSvOgrwaiD4pMDRtC8V3BzFp2L7exCkENvrb72peSxgW7UA3bjrHQ== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvyauhnd2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IDtjtt015655; Wed, 18 Mar 2026 14:08:58 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4cwk0ne9ey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:58 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8scu55771514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:54 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7BB4D2004E; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3E8252004D; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 1/7] KVM: s390: Remove non-atomic dat_crstep_xchg() Date: Wed, 18 Mar 2026 15:08:47 +0100 Message-ID: <20260318140853.119460-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfX0e2vXoJ9Ac90 laNnvUK5041XB5PQVWO515/wGls9vSdfw66NMVXwHff6CPsIRkL+29DBc1vrEgDLJlK0n6+Shkc u+yYJfbihXA2/i3H0JMM0TQYj2OMUpTUgTcrEMoEBWcbfpGBH7IQqJcRUIotkDQnTorvt88awTZ mycN3y2c6pZifnE+dY5XeC8Eu9BfpO7giBrJdOHC6BTrIDUQN/zGCAa1hC6AzdbJ9lkVNhed/Mr 3A2EEGNWlVpcX545usR34yBCH20073fEZMmIpJYjImcJ8A3Or9vbfCrqGhAAVTEofo1cCfnlcGL TojQhZ8qOOlMn2n9JQvIpM7r7rmc+ZgFtahQ28aYPh08LJH2/ZPawspnLNW+wZ/oNjmARvzNuTE fB68KtaRwR8eBC61RV8oxMQjI146aiPxk0dddPlLzrfIgmleWe9RyVZKZU1lWCvATNOc0P7/j/S jv1UmeSYaNSdQH/WOzQ== X-Authority-Analysis: v=2.4 cv=GIQF0+NK c=1 sm=1 tr=0 ts=69bab1fb cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=EjwUsyl_T-KN8MHjdx0A:9 X-Proofpoint-ORIG-GUID: vs4FUo-cYqAEzDzgbzMWLSrQyg5l1aRu X-Proofpoint-GUID: vs4FUo-cYqAEzDzgbzMWLSrQyg5l1aRu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" In practice dat_crstep_xchg() is racy and hard to use correctly. Simply remove it and replace its uses with dat_crstep_xchg_atomic(). This solves some actual races that lead to system hangs / crashes. Signed-off-by: Claudio Imbrenda Fixes: 589071eaaa8f ("KVM: s390: KVM page table management functions: clear= and replace") Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") --- arch/s390/kvm/dat.c | 53 ++++++++++++----------------------------- arch/s390/kvm/dat.h | 9 ++++--- arch/s390/kvm/gaccess.c | 4 +++- arch/s390/kvm/gmap.c | 32 +++++++++++++++---------- arch/s390/kvm/gmap.h | 32 ++++++++++++++----------- 5 files changed, 61 insertions(+), 69 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 670404d4fa44..b673e86c8ae5 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -134,32 +134,6 @@ int dat_set_asce_limit(struct kvm_s390_mmu_cache *mc, = union asce *asce, int newt return 0; } =20 -/** - * dat_crstep_xchg() - Exchange a gmap CRSTE with another. - * @crstep: Pointer to the CRST entry - * @new: Replacement entry. - * @gfn: The affected guest address. - * @asce: The ASCE of the address space. - * - * Context: This function is assumed to be called with kvm->mmu_lock held. - */ -void dat_crstep_xchg(union crste *crstep, union crste new, gfn_t gfn, unio= n asce asce) -{ - if (crstep->h.i) { - WRITE_ONCE(*crstep, new); - return; - } else if (cpu_has_edat2()) { - crdte_crste(crstep, *crstep, new, gfn, asce); - return; - } - - if (machine_has_tlb_guest()) - idte_crste(crstep, gfn, IDTE_GUEST_ASCE, asce, IDTE_GLOBAL); - else - idte_crste(crstep, gfn, 0, NULL_ASCE, IDTE_GLOBAL); - WRITE_ONCE(*crstep, new); -} - /** * dat_crstep_xchg_atomic() - Atomically exchange a gmap CRSTE with anothe= r. * @crstep: Pointer to the CRST entry. @@ -175,8 +149,8 @@ void dat_crstep_xchg(union crste *crstep, union crste n= ew, gfn_t gfn, union asce * * Return: %true if the exchange was successful. */ -bool dat_crstep_xchg_atomic(union crste *crstep, union crste old, union cr= ste new, gfn_t gfn, - union asce asce) +bool __must_check dat_crstep_xchg_atomic(union crste *crstep, union crste = old, union crste new, + gfn_t gfn, union asce asce) { if (old.h.i) return arch_try_cmpxchg((long *)crstep, &old.val, new.val); @@ -893,7 +867,8 @@ static long _dat_slot_crste(union crste *crstep, gfn_t = gfn, gfn_t next, struct d =20 /* This table entry needs to be updated. */ if (walk->start <=3D gfn && walk->end >=3D next) { - dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce); + if (!dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce)) + return -EINVAL; /* A lower level table was present, needs to be freed. */ if (!crste.h.fc && !crste.h.i) { if (is_pmd(crste)) @@ -1071,17 +1046,19 @@ int dat_link(struct kvm_s390_mmu_cache *mc, union a= sce asce, int level, =20 static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { - union crste crste =3D READ_ONCE(*crstep); + union crste newcrste, oldcrste; int *n =3D walk->priv; =20 - if (!crste.h.fc || crste.h.i || crste.h.p) - return 0; - - *n =3D 2; - if (crste.s.fc1.prefix_notif) - return 0; - crste.s.fc1.prefix_notif =3D 1; - dat_crstep_xchg(crstep, crste, gfn, walk->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (!oldcrste.h.fc || oldcrste.h.i || oldcrste.h.p) + return 0; + *n =3D 2; + if (oldcrste.s.fc1.prefix_notif) + return 0; + newcrste =3D oldcrste; + newcrste.s.fc1.prefix_notif =3D 1; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, walk->a= sce)); return 0; } =20 diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 123e11dcd70d..22dafc775335 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -938,11 +938,14 @@ static inline bool dat_pudp_xchg_atomic(union pud *pu= dp, union pud old, union pu return dat_crstep_xchg_atomic(_CRSTEP(pudp), _CRSTE(old), _CRSTE(new), gf= n, asce); } =20 -static inline void dat_crstep_clear(union crste *crstep, gfn_t gfn, union = asce asce) +static inline union crste dat_crstep_clear_atomic(union crste *crstep, gfn= _t gfn, union asce asce) { - union crste newcrste =3D _CRSTE_EMPTY(crstep->h.tt); + union crste oldcrste, empty =3D _CRSTE_EMPTY(crstep->h.tt); =20 - dat_crstep_xchg(crstep, newcrste, gfn, asce); + do { + oldcrste =3D READ_ONCE(*crstep); + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, empty, gfn, asce)); + return oldcrste; } =20 static inline int get_level(union crste *crstep, union pte *ptep) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index a9da9390867d..e490ae87db44 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1478,7 +1478,9 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni _gmap_crstep_xchg(sg->parent, host, newcrste, f->gfn, false); =20 newcrste =3D _crste_fc1(f->pfn, host->h.tt, 0, !p); - dat_crstep_xchg(table, newcrste, gpa_to_gfn(raddr), sg->asce); + gfn =3D gpa_to_gfn(raddr); + while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, gfn, s= g->asce)) + ; return 0; } =20 diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index ef0c6ebfdde2..3ae746fada36 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -313,13 +313,16 @@ static long gmap_clear_young_crste(union crste *crste= p, gfn_t gfn, gfn_t end, st struct clear_young_pte_priv *priv =3D walk->priv; union crste crste, new; =20 - crste =3D READ_ONCE(*crstep); + do { + crste =3D READ_ONCE(*crstep); + + if (!crste.h.fc) + return 0; + if (!crste.s.fc1.y && crste.h.i) + return 0; + if (crste_prefix(crste) && !gmap_mkold_prefix(priv->gmap, gfn, end)) + break; =20 - if (!crste.h.fc) - return 0; - if (!crste.s.fc1.y && crste.h.i) - return 0; - if (!crste_prefix(crste) || gmap_mkold_prefix(priv->gmap, gfn, end)) { new =3D crste; new.h.i =3D 1; new.s.fc1.y =3D 0; @@ -328,8 +331,8 @@ static long gmap_clear_young_crste(union crste *crstep,= gfn_t gfn, gfn_t end, st folio_set_dirty(phys_to_folio(crste_origin_large(crste))); new.s.fc1.d =3D 0; new.h.p =3D 1; - dat_crstep_xchg(crstep, new, gfn, walk->asce); - } + } while (!dat_crstep_xchg_atomic(crstep, crste, new, gfn, walk->asce)); + priv->young =3D 1; return 0; } @@ -673,7 +676,8 @@ static int gmap_ucas_map_one(struct kvm_s390_mmu_cache = *mc, struct gmap *gmap, &crstep, &ptep); if (rc) return rc; - dat_crstep_xchg(crstep, newcrste, c_gfn, gmap->asce); + while (!dat_crstep_xchg_atomic(crstep, READ_ONCE(*crstep), newcrste, c_gf= n, gmap->asce)) + ; return 0; } =20 @@ -777,8 +781,10 @@ static void gmap_ucas_unmap_one(struct gmap *gmap, gfn= _t c_gfn) int rc; =20 rc =3D dat_entry_walk(NULL, c_gfn, gmap->asce, 0, TABLE_TYPE_SEGMENT, &cr= step, &ptep); - if (!rc) - dat_crstep_xchg(crstep, _PMD_EMPTY, c_gfn, gmap->asce); + if (rc) + return; + while (!dat_crstep_xchg_atomic(crstep, READ_ONCE(*crstep), _PMD_EMPTY, c_= gfn, gmap->asce)) + ; } =20 void gmap_ucas_unmap(struct gmap *gmap, gfn_t c_gfn, unsigned long count) @@ -1017,8 +1023,8 @@ static void gmap_unshadow_level(struct gmap *sg, gfn_= t r_gfn, int level) dat_ptep_xchg(ptep, _PTE_EMPTY, r_gfn, sg->asce, uses_skeys(sg)); return; } - crste =3D READ_ONCE(*crstep); - dat_crstep_clear(crstep, r_gfn, sg->asce); + + crste =3D dat_crstep_clear_atomic(crstep, r_gfn, sg->asce); if (crste_leaf(crste) || crste.h.i) return; if (is_pmd(crste)) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index ccb5cd751e31..3ef426abdc65 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -198,25 +198,29 @@ static inline void _gmap_crstep_xchg(struct gmap *gma= p, union crste *crstep, uni gfn_t gfn, bool needs_lock) { unsigned long align =3D 8 + (is_pmd(*crstep) ? 0 : 11); + union crste oldcrste; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); if (!needs_lock) lockdep_assert_held(&gmap->children_lock); =20 - gfn =3D ALIGN_DOWN(gfn, align); - if (crste_prefix(*crstep) && (ne.h.p || ne.h.i || !crste_prefix(ne))) { - ne.s.fc1.prefix_notif =3D 0; - gmap_unmap_prefix(gmap, gfn, gfn + align); - } - if (crste_leaf(*crstep) && crstep->s.fc1.vsie_notif && - (ne.h.p || ne.h.i || !ne.s.fc1.vsie_notif)) { - ne.s.fc1.vsie_notif =3D 0; - if (needs_lock) - gmap_handle_vsie_unshadow_event(gmap, gfn); - else - _gmap_handle_vsie_unshadow_event(gmap, gfn); - } - dat_crstep_xchg(crstep, ne, gfn, gmap->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + + gfn =3D ALIGN_DOWN(gfn, align); + if (crste_prefix(oldcrste) && (ne.h.p || ne.h.i || !crste_prefix(ne))) { + ne.s.fc1.prefix_notif =3D 0; + gmap_unmap_prefix(gmap, gfn, gfn + align); + } + if (crste_leaf(oldcrste) && oldcrste.s.fc1.vsie_notif && + (ne.h.p || ne.h.i || !ne.s.fc1.vsie_notif)) { + ne.s.fc1.vsie_notif =3D 0; + if (needs_lock) + gmap_handle_vsie_unshadow_event(gmap, gfn); + else + _gmap_handle_vsie_unshadow_event(gmap, gfn); + } + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, ne, gfn, gmap->asce)); } =20 static inline void gmap_crstep_xchg(struct gmap *gmap, union crste *crstep= , union crste ne, --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B20963D9DD9; Wed, 18 Mar 2026 14:09:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; cv=none; b=HZYyUQ+eIH6a4viLIC4QzWBaaD0oxtI9GPctkoLVT0yi1f50qBZP+hhLSp3ZNqE4UX49yZitevHVYaEZtizh4UOwWWZZRMqpHw9D2wOALAu2ilTbloSI3UivtUhWhOsSYoeu3V1lwyFyDq7MMc2HTGECRo6EKB5owIUdlbkvvac= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; c=relaxed/simple; bh=Eb5j23QL/7LuUlvNV7Z9Hpyc/odf598dfKCnpJiTMRg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cOzzqlhC+oyiIKpohPBQJ+beGG1ZKA961Y9SZtmd4W955zqnfaK5wdcaVuDhX/3Kt3vCIykTH8eQeb2boZt23DIw4/pe4colh/jn5VpkrfDKd7E2gOAs7VdSZ6XWhDWNKdk9W2l8WvaxnSAXWGuqHVPz1uMw7TVGsW7B7PBfFVI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=rw1QqcCW; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="rw1QqcCW" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62I5wVXM4073613; Wed, 18 Mar 2026 14:09:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=oUKthOY+1eHEMQG37 LhH3FSdbRrL4+pPiSXUGDw+NNE=; b=rw1QqcCW9J5KG18u0ocu3aU+sf8uqKDsj 2cH1o7FUlB1KjSg95APHnraYJ1aDe+L5C7sbXBP6Qq7zc64GTCEfPDV7nIF9CzBW 0B+Hhx69fzmgvgiGOWVYBXGY4tEQ00W3zl4gRsfkvgfDbYkaLLD2849P/PDd91NR 1eiADptl5C0QHuIWh9IPLyk7XSSSu3gzJoIl2lMHA3u8mtWd50QBQM9WMXFUw43g VMDYVIqYdWb5RA3WVBRbuxPYZe5h3wl4jc7S6S3Jl86RAqycEi6MT/kO7Q94sMP1 bxNB36P16Fn/lsFJ4BUFC9WDLvBWydfucnBoGX9hvPyEjNcamtDOg== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvy64te4s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:09:00 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IDnUUN014113; Wed, 18 Mar 2026 14:08:59 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4cwjcy6cat-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:58 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8shU55771516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:54 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C304220040; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 829C92004F; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 2/7] KVM: s390: vsie: Fix check for pre-existing shadow mapping Date: Wed, 18 Mar 2026 15:08:48 +0100 Message-ID: <20260318140853.119460-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 5aWCSu0ELHsr7hwv1EOuS0kFju8fmEej X-Proofpoint-GUID: 5aWCSu0ELHsr7hwv1EOuS0kFju8fmEej X-Authority-Analysis: v=2.4 cv=KYnfcAYD c=1 sm=1 tr=0 ts=69bab1fc cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=PlgCcmkuhnOIsHVkaVAA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfX0q3sleTijXUL PC/AGhSwQIcraI369H7nYIbguZ5xmSY18J6054MDvv7xxroqc10a6RW33N3ENtmMNoSgs7hJrcv K5VMK13ttywAg55BNzZdSBhYFJqsawGq5GLV2Hk0fn1omDj2Wa/Me6fLR9ViEeDxgNbwB/u0k3r BePC46saZz+ntf/aHulq/jexj99s+o3/pGwuK+5HbbTWMIUUJGMet56PGTo3hWfIQ2lj1bhknTz 21RAW+sgxK47bNhfIQK5O7AKD2ovqdvTpi/HY94qAuP27CcadTW7957XDivpdFre0EGTr5Nek3s cpOqlapTNUbxq2WryO1dqEkTp3Cjtt3LpqcjHzWKEwPyEM7UpBaTOqERHmj47lJODUzGu0crwx1 uzV5QGU9p77KEcUybXMDd0trj7wLYFEo2OTvRb6IUj45erGP+a5NDZIUs6xM4Z6RzluPLc7W+sY 1z8f/FahcE2nATbdJ1Q== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 bulkscore=0 spamscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" When shadowing a nested guest, a check is performed and no shadowing is attempted if the nested guest is already shadowed. The existing check was incomplete; fix it by also checking whether the leaf DAT table entry in the existing shadow gmap has the same protection as the one specified in the guest DAT entry. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index e490ae87db44..f5ffb11c8ef9 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1505,7 +1505,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, return rc; =20 /* A race occourred. The shadow mapping is already valid, nothing to do */ - if ((ptep && !ptep->h.i) || (!ptep && crste_leaf(*table))) + if ((ptep && !ptep->h.i && ptep->h.p =3D=3D w->p) || + (!ptep && crste_leaf(*table) && !table->h.i && table->h.p =3D=3D w->p= )) return 0; =20 gl =3D get_level(table, ptep); --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CDFA93DAC13; Wed, 18 Mar 2026 14:09:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842953; cv=none; b=qDkGRiBTl2xEfpGAdgNmXbzp6SNZjYfWUSMBtsI2jeba1hb/m+DrLOFn7v2puxVRHuIGClpUvFmEkWcPngpsWnRF05L+zblH9tcZgSPwQ4RAcNtrjKDXlp/Vav7wc1YvLbwlYXtWN0tg6zUdWLKprkvFij3uYA2mLl0QU/t2EOs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842953; c=relaxed/simple; bh=XMutswqmex1/YtzaFxJuzs7afWGIspewhwKVKp2YUFE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IMgiMDFrXgX+Bifzhprnz7S203nEvv7K50GQmNMHfMnSGXAntbNreoPwTfGRVXGcRenpYg6t6Llag/d9QPtg/687FbUz4UHHzL+Q2tJfLeNyDMvU+he5JxL6kJ75ZVjwtJ1oHeDqNM+X7C9Fji63EdrlwN4W+OMB24JMj4XeYKk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=pHqGpOwR; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="pHqGpOwR" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62I9jcjp382519; Wed, 18 Mar 2026 14:08:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=G3GEBDkXBHa17qdP7 GesGDNd09p/ivwMNWV3TQGN9Xk=; b=pHqGpOwRQntEmAKLdTRC7TMXY4+TKPHkb 6lT2UphMuw9SFekYhX35dUtrw40nf1Ey+JX9xBHYTpIibtKCqZupjSaqPDRwCiHc z9kmcERNu32xTPuX2ADRpQ1YerufZLCPDHTQ8jnFHQMvPXSOhMzC76LTB58FHemK /R0s+y9Gr7E6FHF/1qaVKY3VKB+sn5U34ty+3wfOZ2ctz4o4YznX2RBuJhzIiCHf LnwkUadvrJDSX14NCn92RmvBWuc836ANGxdIxWvf3c4iq5aQ1ZO6Vd50I0gqPWhF 48xBj6n/3+0NXmFj0wwNHdXf4I7TpJDNJIBpo/XjgG1KLlPe0lu+g== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvyauhnd3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IA9QZk032404; Wed, 18 Mar 2026 14:08:58 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwm7jx4e1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:58 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8tbk30867834 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:55 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CA4C20040; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CA63C2004B; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:54 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 3/7] KVM: s390: Fix gmap_link() Date: Wed, 18 Mar 2026 15:08:49 +0100 Message-ID: <20260318140853.119460-4-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfX/qkpWxrIIrYg 2CuvbX9iz++nrOOIkFb94/p7F17uYBAuJx9vCcXATXN6f/cPvMQOIM1Uu1Phc+D04q4ebWxC5vO yWAi8+7ICWevEi447SgXTemyBtlrtMX0+BytNckPUrIHGIq+kGcbUx/WPjFA6RlfYyvRAJgL423 sqIW2pPQ2Ebc6RUvTjImfD4bMQm06YJiYXNGDnZNUVDaqgo+KC1IhRUuKo80BePATSNAd0F2Hx4 d6FxyVIFUHgfDVcWUd6yXgmCwbx3HxKcQJLxPmBl0lPeXSG4tM2BUqpi7kcEOAn4cKxBBE0GgD1 /6mFO63439W5TpZgvivX+1vuKUglhV5TC3hOrszVBGxOfktc9nfGgIMOOuyfvhK5eu+owznq9Zm lFCsWcgJW6aKJzEJsIGZEmf/Pb951NfXJBo2hBiEKWhtGjjtHSkpxRq6fGDXmbMzyYXFvqrHPUa WYnfVlfRLIo1ZC6n9Jg== X-Authority-Analysis: v=2.4 cv=GIQF0+NK c=1 sm=1 tr=0 ts=69bab1fb cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=jDauOpCy_z-6rDg_B6MA:9 X-Proofpoint-ORIG-GUID: 4jN5lRdVLzPXSuJFMMRN9WDxS5chqkkc X-Proofpoint-GUID: 4jN5lRdVLzPXSuJFMMRN9WDxS5chqkkc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" The slow path of the fault handler ultimately called gmap_link(), which assumed the fault was a major fault, and blindly called dat_link(). In case of minor faults, things were not always handled properly; in particular the prefix and vsie marker bits were ignored. Move dat_link() into gmap.c, renaming it accordingly. Once moved, the new _gmap_link() function will be able to correctly honour the prefix and vsie markers. Signed-off-by: Claudio Imbrenda Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") --- arch/s390/kvm/dat.c | 48 -------------------------------------- arch/s390/kvm/dat.h | 2 -- arch/s390/kvm/gmap.c | 55 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 51 insertions(+), 54 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index b673e86c8ae5..bfa84074f433 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -996,54 +996,6 @@ bool dat_test_age_gfn(union asce asce, gfn_t start, gf= n_t end) return _dat_walk_gfn_range(start, end, asce, &test_age_ops, 0, NULL) > 0; } =20 -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f) -{ - union crste oldval, newval; - union pte newpte, oldpte; - union pgste pgste; - int rc =3D 0; - - rc =3D dat_entry_walk(mc, f->gfn, asce, DAT_WALK_ALLOC_CONTINUE, level, &= f->crstep, &f->ptep); - if (rc =3D=3D -EINVAL || rc =3D=3D -ENOMEM) - return rc; - if (rc) - return -EAGAIN; - - if (WARN_ON_ONCE(unlikely(get_level(f->crstep, f->ptep) > level))) - return -EINVAL; - - if (f->ptep) { - pgste =3D pgste_get_lock(f->ptep); - oldpte =3D *f->ptep; - newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); - newpte.s.sd =3D oldpte.s.sd; - oldpte.s.sd =3D 0; - if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { - pgste =3D __dat_ptep_xchg(f->ptep, pgste, newpte, f->gfn, asce, uses_sk= eys); - if (f->callback) - f->callback(f); - } else { - rc =3D -EAGAIN; - } - pgste_set_unlock(f->ptep, pgste); - } else { - oldval =3D READ_ONCE(*f->crstep); - newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, - f->write_attempt | oldval.s.fc1.d); - newval.s.fc1.sd =3D oldval.s.fc1.sd; - if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && - crste_origin_large(oldval) !=3D crste_origin_large(newval)) - return -EAGAIN; - if (!dat_crstep_xchg_atomic(f->crstep, oldval, newval, f->gfn, asce)) - return -EAGAIN; - if (f->callback) - f->callback(f); - } - - return rc; -} - static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { union crste newcrste, oldcrste; diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 22dafc775335..efedcf96110c 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -540,8 +540,6 @@ int dat_set_slot(struct kvm_s390_mmu_cache *mc, union a= sce asce, gfn_t start, gf u16 type, u16 param); int dat_set_prefix_notif_bit(union asce asce, gfn_t gfn); bool dat_test_age_gfn(union asce asce, gfn_t start, gfn_t end); -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f); =20 int dat_perform_essa(union asce asce, gfn_t gfn, int orc, union essa_state= *state, bool *dirty); long dat_reset_cmma(union asce asce, gfn_t start_gfn); diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 3ae746fada36..759a2ed17038 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -626,10 +626,59 @@ static inline bool gmap_1m_allowed(struct gmap *gmap,= gfn_t gfn) return test_bit(GMAP_FLAG_ALLOW_HPAGE_1M, &gmap->flags); } =20 +static int _gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, in= t level, + struct guest_fault *f) +{ + union crste oldval, newval; + union pte newpte, oldpte; + union pgste pgste; + int rc =3D 0; + + rc =3D dat_entry_walk(mc, f->gfn, gmap->asce, DAT_WALK_ALLOC_CONTINUE, le= vel, + &f->crstep, &f->ptep); + if (rc =3D=3D -ENOMEM) + return rc; + if (KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm)) + return rc; + if (rc) + return -EAGAIN; + if (KVM_BUG_ON(get_level(f->crstep, f->ptep) > level, gmap->kvm)) + return -EINVAL; + + if (f->ptep) { + pgste =3D pgste_get_lock(f->ptep); + oldpte =3D *f->ptep; + newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); + newpte.s.sd =3D oldpte.s.sd; + oldpte.s.sd =3D 0; + if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { + pgste =3D gmap_ptep_xchg(gmap, f->ptep, newpte, pgste, f->gfn); + if (f->callback) + f->callback(f); + } else { + rc =3D -EAGAIN; + } + pgste_set_unlock(f->ptep, pgste); + } else { + oldval =3D READ_ONCE(*f->crstep); + newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, + f->write_attempt | oldval.s.fc1.d); + newval.s.fc1.sd =3D oldval.s.fc1.sd; + if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && + crste_origin_large(oldval) !=3D crste_origin_large(newval)) + return -EAGAIN; + gmap_crstep_xchg(gmap, f->crstep, newval, f->gfn); + if (f->callback) + f->callback(f); + } + + return rc; +} + int gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, struct gue= st_fault *f) { unsigned int order; - int rc, level; + int level; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); =20 @@ -641,9 +690,7 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau else if (order >=3D get_order(_SEGMENT_SIZE) && gmap_1m_allowed(gmap, f-= >gfn)) level =3D TABLE_TYPE_SEGMENT; } - rc =3D dat_link(mc, gmap->asce, level, uses_skeys(gmap), f); - KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm); - return rc; + return _gmap_link(mc, gmap, level, f); } =20 static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82EF53D9DD3; Wed, 18 Mar 2026 14:09:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; cv=none; b=rLvj1SIPKCTKwaa6McdcNbUlTpub95/CK4fjs9XNlXdDFZb2bKPJkXAWttR+AxZE3VkCIQVnJiuXiWmMSFRmRtlqahOZESkIQ3utbD2zbxxgMjyfKEYgD+9rddDZah4jOj/ECIucRTpP9DtxiNtbSCnSqYTPNTbu8FCqsw0qJF0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; c=relaxed/simple; bh=7HHoViA5UaeAvDtI2DNpgB8NR4rP/baKjtC52YUZChY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BwLV9IAFmV4sxy1tDkftp9JyIpJ+uqojVERDnjy/9TLbpG4Vn9gokeQbFUkOFTg5xjsa0hE8cecvrPMxFMxM1WQH6rc24Wu600xTez1Hb2ZfspIDDCgocHPuqxiIfHLJ52oq0VThEqnhI+0/x3/DtRAtzPR7+1V1ISO1OeDGrlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=C5i3kDE1; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="C5i3kDE1" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62I6MZXm4022659; Wed, 18 Mar 2026 14:09:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=0fwhjDUsim/8FQiFH USqVbqoW3hpMGVBUv+3UM6jGGw=; b=C5i3kDE1pZHKClXqwvNg7Nw/ENjKe+Nw9 NbeQEZq9mh8vFeRoDUxge8csWCu+eRhXBOkmkPr0q3F+Q4ngpR4Igz1ROysPNgI4 xP1OJvu2V3b6nPCA4cLJO8YWWtff3/66QRvvR+Bw4hYfaDhW9eAX5cHWzUxsRLix bbduOTRRVUngT/6uwLTMlLsrrryT5hDop5enpGnW0Zbw6CfbIJmzm3CrY4G2rTf5 jg66sVrPnZYuC7KvZTzQBfnJAYBvzM2akOXaTDS+OFPYfb6GleuDxz1nrsCxEmHC gkxWwnyfYEOZJr254grQ32ENGZTzHLuAJm35r67YVT3ElbXS5C9Xg== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvybsaaj6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IADZ6v028510; Wed, 18 Mar 2026 14:08:59 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwmq1e2wp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8tmD31195444 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:55 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5338620040; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 13CBA2004D; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 4/7] KVM: s390: vsie: Fix refcount overflow for shadow gmaps Date: Wed, 18 Mar 2026 15:08:50 +0100 Message-ID: <20260318140853.119460-5-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=MMttWcZl c=1 sm=1 tr=0 ts=69bab1fc cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=v6tYtx9Y7d4DOqc1eGoA:9 X-Proofpoint-ORIG-GUID: uPXr6-JW9oXNUZGBOZEkAFhC975Wjk93 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfXzbRKgwpwzeyL QghN/3IfXkQfOH04k4/SZYUUdHh/3erX5VQAZTzSTh6ta4ig93Zrods/MRoF1uFNKmq4xhtkder 2tfn8DPZ0JhHxzgvTXdsUsZCFzko78TLO3U8Z1SI2U0Fbk4xSkv51XCdb3cEy101UGnk0qTxN1s PZ+LUoiclSDkDj2j6dNLB0U6USmtjXUlNBCi18bA4XkfzqIJP5j1ood1yQzsDF7Qjhp0GfmuXTy uWAEJ8RTAjcaEe1r4L1olZTGeQ7Vpu2G7/B6SD6RfIoWnCAjWvxqYDGKoghA8HXouDw7mPWWEvU nEV42mMirAHFgfOD1jXnNa9VoRysTLhkyPpmHIOpA5cHiQMkgUstW5BPUYnuX3ERiSpGGIG/lVx L50i4da0Cqgy+5aHqk30o4fkuuh2LuubyfmBcDAaLxL9xJOP5bisuxC349x2heShRMwgJYz2/tA cpC6O+JE/dwaFu880MA== X-Proofpoint-GUID: uPXr6-JW9oXNUZGBOZEkAFhC975Wjk93 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" In most cases gmap_put() was not called when it should have. Add the missing gmap_put() in vsie_run(). Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/vsie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 0330829b4046..72895dddc39a 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1328,7 +1328,7 @@ static void unregister_shadow_scb(struct kvm_vcpu *vc= pu) static int vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { struct kvm_s390_sie_block *scb_s =3D &vsie_page->scb_s; - struct gmap *sg; + struct gmap *sg =3D NULL; int rc =3D 0; =20 while (1) { @@ -1368,6 +1368,8 @@ static int vsie_run(struct kvm_vcpu *vcpu, struct vsi= e_page *vsie_page) sg =3D gmap_put(sg); cond_resched(); } + if (sg) + sg =3D gmap_put(sg); =20 if (rc =3D=3D -EFAULT) { /* --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34CB2149C6F; Wed, 18 Mar 2026 14:09:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; cv=none; b=LPm4CCXalCdN4lls3S3tVMpj7KOQtVKEAvQkZkRUkjm8mdr2Uyihq0yrFblkzeUatOztxjXMc2YamWSSUMV6rTvQQdFKa9KqF0R6M6NADurKdw4OY6k1JdtD01L740w1l89KfHc+M+9xFEUfURMr2GqqHrqZRARUXQeF5L/Tyd0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842944; c=relaxed/simple; bh=SQJT5P89+5nPIIz/1Gc8eBUUUTdm2xmtHPkONaNcEak=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KWCtVnjke4gCQuD9buSGImbi/9IP1qHM33o2s+afldINeQFJZARu8N5QENdhA4sn+9BcFyriZTG7WetY3hhDvjXPQmzEyEmkMcvbtmLw14mEq86Emw/T9wwL3g+awoMP2gycC/WUrdhpQDFlr+V27uX6lcvLFN/IlMHE2Hi2/+s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=syl+Xijw; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="syl+Xijw" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62I88E9a4040401; Wed, 18 Mar 2026 14:09:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=w5CvRlgR1IwcPfDlW V/arL+S2Y6gS+sNdoLgNqrnA4I=; b=syl+XijwgJcJx83yLXiMPSAnAIMHV+lII JUovWbCHs1s9Y9Xg+JjwdTKtcE7VsW7IadFdDj1X1GN6oqjUvaZNgNUHcoqWGPo5 mjzgS4bISUrPSvpXOe5rVuS19gIhaqNCjFqNR+K/J3buQdth8DDGbebbeX40D0Qf TEtrNm8AzHUG1rB9eC1S0UDAFmMrCJ2BY1GaMrej8K9/4aaOGa+i0lI/CIA7FyO3 vsjYHV5klLVB6uD9dMrVEezdCIg+v0UygGchGc45CfcZ4nyahAdqnjQnZWwqKmBy NNq0DBZ2+obgzYUBGmFpDAgcEDN8mkD90D4TIGXKV5wEH0Dj3m6yw== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvybsaaj8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:09:00 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IDs9nd013996; Wed, 18 Mar 2026 14:08:59 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4cwjcy6cav-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8t4a24773044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:55 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8F85120040; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5A1E720043; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 5/7] KVM: s390: vsie: Fix unshadowing while shadowing Date: Wed, 18 Mar 2026 15:08:51 +0100 Message-ID: <20260318140853.119460-6-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=MMttWcZl c=1 sm=1 tr=0 ts=69bab1fc cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=rP4LS0jab8kgWfQMVEcA:9 X-Proofpoint-ORIG-GUID: jY4JhPcz5ytzNhUKxg-EhWJVNOM8mSdn X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfXyu1oQIkMWxBN sjEVVBeo8ssExIVxBls09xT/WPyf04sE7nRy+N8t1OZ9MyndnyzweIgqM6Gxa71PK25Jd2hzofK dpBWbbq2kONrW0q/O1N/cICq7PKeroO8fQr7gYqw4x8XFdWQzHsTFFpJtEEt+qjQEDi2mDbueQH NTL0elU3fcQZL8XZDPa00vKYMtp8hh7Ga8tIe+ooH4LWRQGDk6LZMWazwM9fjeJ+6p5R6r4xWWj qxQmsUvj7KCUZ3WSHHYKE9eKWH8qf84a3RVD8GDQvCSINrVebRPg+1xFBjEjbcun6237Ky1M3vL 4kKpGQgPTmjnGGGWQQoUO/dflfSF12UkL2L9VVoUNlYAOgt3Jk69xVr1jPiEM0xvVXEQGdqWR17 yoIFc1KD94DEOZl0+o3EJfWeRvhKvxjV392inQaHJ9LGK0epazgTPl9fOxJrqw9UiNUvEshq2V3 6yAgeUCKI/F/9ejpWLw== X-Proofpoint-GUID: jY4JhPcz5ytzNhUKxg-EhWJVNOM8mSdn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" If shadowing causes the shadow gmap to get unshadowed, exit early to prevent an attempt to dereference the parent pointer, which at this point is NULL. Opportunistically add some more checks to prevent NULL parents. Signed-off-by: Claudio Imbrenda Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Fixes: e5f98a6899bd ("KVM: s390: Add some helper functions needed for vSIE") Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 2 ++ arch/s390/kvm/gmap.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index f5ffb11c8ef9..3bcf988d6faa 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1520,6 +1520,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, entries[i - 1].pfn, i, entries[i - 1].writable); if (rc) return rc; + if (!sg->parent) + return -EAGAIN; } =20 rc =3D dat_entry_walk(NULL, entries[LEVEL_MEM].gfn, sg->parent->asce, DAT= _WALK_LEAF, diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 759a2ed17038..ba921da48019 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -1154,6 +1154,7 @@ struct gmap_protect_asce_top_level { static inline int __gmap_protect_asce_top_level(struct kvm_s390_mmu_cache = *mc, struct gmap *sg, struct gmap_protect_asce_top_level *context) { + struct gmap *parent; int rc, i; =20 guard(write_lock)(&sg->kvm->mmu_lock); @@ -1161,7 +1162,12 @@ static inline int __gmap_protect_asce_top_level(stru= ct kvm_s390_mmu_cache *mc, s if (kvm_s390_array_needs_retry_safe(sg->kvm, context->seq, context->f)) return -EAGAIN; =20 - scoped_guard(spinlock, &sg->parent->children_lock) { + parent =3D READ_ONCE(sg->parent); + if (!parent) + return -EAGAIN; + scoped_guard(spinlock, &parent->children_lock) { + if (READ_ONCE(sg->parent) !=3D parent) + return -EAGAIN; for (i =3D 0; i < CRST_TABLE_PAGES; i++) { if (!context->f[i].valid) continue; @@ -1244,6 +1250,9 @@ struct gmap *gmap_create_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *pare struct gmap *sg, *new; int rc; =20 + if (WARN_ON(!parent)) + return ERR_PTR(-EINVAL); + scoped_guard(spinlock, &parent->children_lock) { sg =3D gmap_find_shadow(parent, asce, edat_level); if (sg) { --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DB6B3DA7CF; Wed, 18 Mar 2026 14:09:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842946; cv=none; b=SRpwVyJnmqInW1NIhP5DX21jsAFDi68TNi2J8DAXp/d/fvfIKtPTZA+xgkKzshYrFu2vzRz11ndFHC+uVm/JnfP64yYnzzXXaaeGGCoW339C8BIXf16JNZqDAGBCBFy65WK48AGonHK4b3v87uUEGrFEGkls8yVwQB7je7+AAv0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842946; c=relaxed/simple; bh=fVS8jI2X+aGCXc+PBAz9mYKnFNfSMcBx70egiIJpiG8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jwGOi+gXJHHCs5h7TaJG6IxOTklIGuYcY29p7kHmDQxWoqUjdPHThntKf9m7fdHEz/APfYDTySPD+1LnSQCyYr2YPq7o99U8UYIXrZGxGe2cOdU28OcwJh9OdGYb0pHk51l8+jAFCrFzq6CvCkmtsh+KitsjJXOQTXkE4TRSLJQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=MgvfPF4n; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="MgvfPF4n" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62IDekJK1512429; Wed, 18 Mar 2026 14:09:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=cfQRZlaHbNRmIUlsM Wde7iY/BNFftsNFHVz8LTnBt9Y=; b=MgvfPF4naA0YqrFbpJV0iW6p2eWya0dC9 SJfxkc3V3A7dmQE8cIcKGgr6ofXjnbLlwCHNtHZR4BzNF8ouU3KlJ1o2jl+VH9ZI WAqQqiQ8471YBwWOd8Zm7me61LFvFK/5HpiTWVsOponQTxz+7j1yZVMtTgZaZ+GD fvbpi+1ffsDDsDtDIBz/4eOcdS7tQTqlJQH8WMWmofznU7LUTS0V4jDKEzvvILh/ OiVIdRqo4yJBp7h0CynMCUwPL/ivB6Dq0rXhv6fawoQFpNXiTizqJvfgeDkaDD30 rulJCQ+55WQFjECiTgWkkZAWbiyx4BV2C5Zep6zT03hM5G9nPQ36g== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvw3j1ujr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:09:00 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IDxVEq028765; Wed, 18 Mar 2026 14:08:59 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4cwkgke9d9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8teF24773046 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:56 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CC10320040; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 96BB02004B; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 6/7] KVM: s390: vsie: Fix off-by-one when protecting guest page tables Date: Wed, 18 Mar 2026 15:08:52 +0100 Message-ID: <20260318140853.119460-7-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: e9qMVFATTwcJSeDBRUFNU4i7TyFbSgC- X-Proofpoint-ORIG-GUID: e9qMVFATTwcJSeDBRUFNU4i7TyFbSgC- X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfX0sl2p+pCWnN1 GZ2oI413QEYJRvKvF085D362YL1vienRufEZJEYz3mQraptOjLz3F6JUy33/05c1uJ5sctJXye+ Hi3WaiFwO1s44GhFxrd1iypimZ9zLX9fbuUQ3UKLxDaOeuuy3PoFlZss96U7Ax7oCf0T89HK9P+ +0zE4rnQ1lHn6rfzTavhcFgB/yFWF3ll2vGnF5HpmJ3AmryUTzMU24CEHA2UwIPHSn4l5OYWKEJ RJ7Cs5XfnwgDcmUsjclksUgwnD7sNHKxwMelHB0DakMU5klZEQIdZBJBisRv2AhP9L6eKwmg0CT gJjkUku86+N6s9kr/nU7zSwzW+/iUonSgxxdF8DYf3eDilMrETTQzFRZpifpUQWHzp4X9OKmmQW hfnlBVdc6PqeCZShOcpbgKDcMgwIIm3y5rudYvSsIey22MZ8E9fx6EhhgxHqIKisuZB3lsWObMU iQP6mV/+eruC3Lr2iqQ== X-Authority-Analysis: v=2.4 cv=Hf8ZjyE8 c=1 sm=1 tr=0 ts=69bab1fc cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=bkfxphG0_3iQy6Gj3vsA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 impostorscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" When shadowing, the guest page tables are write-protected, in order to trap changes and properly unshadow the shadow mapping for the nested guest. Already shadowed levels are skipped, so that only the needed levels are write protected. Currently the levels that get write protected are exactly one level too deep: the last level (nested guest memory) gets protected in the wrong way, and will be protected again correctly a few lines afterwards; most importantly, the highest non-shadowed level does *not* get write protected. This leads to all sorts of races and other issues. Write protect the correct levels, so that all the levels that need to be protected are protected, and avoid double protecting the last level. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Tested-by: Christian Borntraeger --- arch/s390/kvm/gaccess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 3bcf988d6faa..8b287fcf611d 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1516,8 +1516,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, * only the page containing the entry, not the whole table. */ for (i =3D gl ; i >=3D w->level; i--) { - rc =3D gmap_protect_rmap(mc, sg, entries[i - 1].gfn, gpa_to_gfn(saddr), - entries[i - 1].pfn, i, entries[i - 1].writable); + rc =3D gmap_protect_rmap(mc, sg, entries[i].gfn, gpa_to_gfn(saddr), + entries[i].pfn, i + 1, entries[i].writable); if (rc) return rc; if (!sg->parent) --=20 2.53.0 From nobody Mon Apr 6 18:22:50 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 995FF3DA7D5; Wed, 18 Mar 2026 14:09:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842946; cv=none; b=TNZYGF3HsgP5OO1YP4lIw3qPj+me0i7YULtY3Q+omB/Iv94rYZ82lGqjn90fD46yje7gcalTv0dv6pIfkmHZ/4w8oGv0HweqQWRwTRjxFwYektcI4Ld2Rf2F7zlXMjVCGS29EeSswGHMLvQDeqNkmkdj4CUgn4QKFYwaGYCIFGM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773842946; c=relaxed/simple; bh=3yyaO6yYS+EHro00XNs8zvtdtfkSDO4PzepxX/HvxnE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SXZCoocIvJPbejtHgOMdvXA5VXKDLZN+QQSweQ8m4xStgAqjScYJinBBsyPjkTKSe8Ko5EPzGHRFpEwN2OC5CoG+3e1PEx5P1lV+w6FyAj0NuGa8QCxsnc13I5YlfH1FfQh5gHhYGn8AgASra/6WbeKr8hnVQ7fw9RR0xAT60LU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=HIo9BxBD; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="HIo9BxBD" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62IACEtW967663; Wed, 18 Mar 2026 14:09:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=odGkIRC8E2VlKgR7K fozLJ6bfmDzMFDRHWxsVPkpPvI=; b=HIo9BxBDlkXOX/R66e31IEMwVpV2L+C9t DvfMZB2pxxp8slOYyZthBiVBykeyrwQRIgH/KuinZ1m0g8lDHv3eiyneQfpho2xB RHkbSRA4acOhjsZPL5uYSV7CN6cJ1tOCize4j+2A0cyrRp2PCW6PNp4hcRSS18Lj QX3ONPMKoxQngE4+GxhnmaNQ5F6Yvcxe5NlxY/WOdSoBNDHmv9UTe+HTRfl9TFFJ lSgIE+3yTkBrIYxQQo/JvSO3X7GwpdYVLyaiisOOD1guS1gLYekaYuBopiCxEQu1 +3L8VjSOQecSlHQP6Zcdrdo4AbEItXi1YIJ4JZxFJtocMkrdfefqw== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvx3d1q0j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:09:00 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62IAJXBY032397; Wed, 18 Mar 2026 14:09:00 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwm7jx4e5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2026 14:08:59 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62IE8uZi49742314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2026 14:08:56 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 14F9D20040; Wed, 18 Mar 2026 14:08:56 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D340F20043; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2026 14:08:55 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nsg@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v1 7/7] KVM: s390: Fix KVM_S390_VCPU_FAULT ioctl Date: Wed, 18 Mar 2026 15:08:53 +0100 Message-ID: <20260318140853.119460-8-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260318140853.119460-1-imbrenda@linux.ibm.com> References: <20260318140853.119460-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=arO/yCZV c=1 sm=1 tr=0 ts=69bab1fc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=ikv_JcFPPU8SThzKSe0A:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzE4MDExNiBTYWx0ZWRfXwQ8/8axzL1ei HVYHgc6nv0dzD4tQ/uvmOcz5Z48Taw+5gbT6q7p1bWbUIEMj2cEHPqWoZTYQijz6Oos7OawpZHm iDpevR7BrPvim8PUAKzVHOzSH9f8J2wN2rfMFsIZ18npY4vh3pdXq0cOckfwVSenquord94cSXC +T6ajed8Mge+i5l/3OmuTUXhIAg9Y0oet2SglGz634WCtg6rDCsHRCR0la78kQghAiHQtTskLIR mx5zs+uLuxXloLvp9646TlaP74QJVbCfdXm9H9TYR7W25qaMBdRAaNQo+itS867J4IhcKF9ZdBb HVQWUX2cAL2ISx6eekHJKENmUvutUqc4G4kYUzm2Gxzcx66BKczJenaCh3L+wflimspMh+A6IZv ZtbL029B7hOEZykS1I687s4Bs0ZZd7t7WCYUkmKGe+weLiMhQ2ipCBKnDP/7x8fO8FW8pYsHFdW ygLwjcz2/jnVY5ehOyA== X-Proofpoint-GUID: hTpXI0e9Rp5QWFWb0lCfXJIAdhtKEsVR X-Proofpoint-ORIG-GUID: hTpXI0e9Rp5QWFWb0lCfXJIAdhtKEsVR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-18_01,2026-03-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 malwarescore=0 clxscore=1015 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603180116 Content-Type: text/plain; charset="utf-8" A previous commit changed the behaviour of the KVM_S390_VCPU_FAULT ioctl. The current (wrong) implementation will trigger a guest addressing exception if the requested address lies outside of a memslot, unless the VM is UCONTROL. Restore the previous behaviour by open coding the fault-in logic. Fixes: 3762e905ec2e ("KVM: s390: use __kvm_faultin_pfn()") Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/kvm-s390.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index ebcb0ef8835e..aebc74974ddf 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -5520,9 +5520,21 @@ long kvm_arch_vcpu_ioctl(struct file *filp, } #endif case KVM_S390_VCPU_FAULT: { - idx =3D srcu_read_lock(&vcpu->kvm->srcu); - r =3D vcpu_dat_fault_handler(vcpu, arg, 0); - srcu_read_unlock(&vcpu->kvm->srcu, idx); + gpa_t gaddr =3D arg; + + scoped_guard(srcu, &vcpu->kvm->srcu) { + r =3D -EREMOTE; + if (vcpu_ucontrol_translate(vcpu, &gaddr)) + break; + + r =3D kvm_s390_faultin_gfn_simple(vcpu, NULL, gpa_to_gfn(gaddr), false); + if (r <=3D 0) + break; + if (r =3D=3D PGM_ADDRESSING) + r =3D -ENOENT; + else + KVM_BUG_ON(r, vcpu->kvm); + } break; } case KVM_ENABLE_CAP: --=20 2.53.0