From nobody Sat Apr 4 03:19:48 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D87A3CF03D; Fri, 20 Mar 2026 16:15:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023350; cv=none; b=lDU8M2ehDW1LBZ/uYttP9SqoBehs9D1s1cbCflm+jHlqexaJu9mlDNecsjpnZp75kXxWCcAenXmQiEcYUL+alsE0YTLQL5hmLBLDL7gCLPQVAsyB6M+o9xNJhEvloE1LsoZjcFw0uIQEBpRNowvo0ImOXgOOrh6i98fA8hvEWE8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023350; c=relaxed/simple; bh=XSuyupCCocHeG1e3uelNBhprn+VVK6y728zX8CfECWY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u8w3ods2CreNQ/tMJjwB/9uBP1u5eENgm+o8iNy0RZEQG5YMOCcinQo3yTHEXFZywq7ejponO8eQnKYQHJ5xRevdm0cjoo3tbP6rWCYWzyc/CBbXrlXDjd9Jh+SXZTbdK3XpdTb1KwNCotWAP/037+ir//KcR4s2exdPPpehiIo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=NQ63O3ob; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="NQ63O3ob" Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K9TQ721189728; Fri, 20 Mar 2026 16:15:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=uV7sTapygDfJhmllU rkjGxeX11k8rcYx56CScBI5AMk=; b=NQ63O3obH/sC/UPaM1X93uq7AeyrFB4ZV FwLcvqy+qV5eGS44OINng795C89KvN6pAxtR1NSP69TZpZYoPYdo1KxsaNnVlcFt 6ZMvW+ERv9/Lcxu+JPglVLDmm2V2M5ZO8v/dlutsmiWGM9XS49CAUpSrKm1yJ8+N 8sU263mhqhvS9gYFD9+8wGostIP1lh6Qq3r5dKOocSuhxQWm1dm85RchQKj4q2Qs Bu7MJEgFD8TkpgILSFiCgI35CeEBmj73cWD1yOROqbTF9VSVC8vMJA2mVZOBThpN JmqB8VcIdWpRhFUQOLdt5FR8w/MepgUZXjwFjI9U1gR/Y7qTPsV8Q== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cx7vfxnme-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KG5sen005412; Fri, 20 Mar 2026 16:15:46 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwj0sr0d9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:46 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFgbe41288172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:42 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8DCE920040; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5DF892004B; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 1/8] KVM: s390: vsie: Fix dat_split_ste() Date: Fri, 20 Mar 2026 17:15:35 +0100 Message-ID: <20260320161542.202913-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 58IB4QlfWZsIO71Jp5LG3Acdo3blWttz X-Authority-Analysis: v=2.4 cv=KajfcAYD c=1 sm=1 tr=0 ts=69bd72b3 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=LsQdvuOhCgcXfIND9tsA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfXxo4f2gKB9Z1z Hl3gU0a8iliwNGdSk4alB/dJfmL89Qq54V0EAadggjMUXfCaTgPBTh6mfiw75/tGvXK8WjMvJKr 5Yp4zY87eTW5pBVhWEmMnIGqCwkdQs4rC2sRmFla4SqaFpIghWBKtuCFTWh3PCUK6R8UbTxbN2z Wq3S2hM4pNL6DelxuX0fDHmg5ipifJ+EgsIeYyWw+njiuvwHYLPvBp0B5qLA0uZm1KQVNZoLukJ pyLp7ewxW+24xas5uwzo6ewUa5FuGeO6kcHV1xTOBAimYOOopAr4i0jtLhXbvNH6S+EHVNq+Pyz Ur8XCLsyzateZAD7bShS+cLEwsfFh6BYGDmLfe/22WjVIlmzL7UYQR5bbZW+uZXSppJLNrr6PJr kj/M7Bm9bHPgVzQV2YLOd4bQ5/1nBnQ/vqms8O2oxBLzgbF8tecZUNQfrj4RKkp9a/wdvpTdiPw xOj2VUl8nXiiXiDgbUA== X-Proofpoint-GUID: 58IB4QlfWZsIO71Jp5LG3Acdo3blWttz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 spamscore=0 malwarescore=0 clxscore=1015 impostorscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" If the guest misbehaves and puts the page tables for its nested guest inside the memory of the nested guest itself, the shadow mapping will lose synchronization with the actual mapping. Propagate the vsie_notif bit from shadowed large pages to smaller pages when splitting a large page. Fixes: 2db149a0a6c5 ("KVM: s390: KVM page table management functions: walks= ") Signed-off-by: Claudio Imbrenda Reviewed-by: Christoph Schlameuss Reviewed-by: Janosch Frank Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 670404d4fa44..48b5f2bcf172 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -292,6 +292,7 @@ static int dat_split_ste(struct kvm_s390_mmu_cache *mc,= union pmd *pmdp, gfn_t g pt->ptes[i].val =3D init.val | i * PAGE_SIZE; /* No need to take locks as the page table is not installed yet. */ pgste_init.prefix_notif =3D old.s.fc1.prefix_notif; + pgste_init.vsie_notif =3D old.s.fc1.vsie_notif; pgste_init.pcl =3D uses_skeys && init.h.i; dat_init_pgstes(pt, pgste_init.val); } else { --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95F263CFF69; Fri, 20 Mar 2026 16:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; cv=none; b=BpR4eJppt520uxXl7sxPJVNsOvt+mgL+tL6RePdGyMtd67kroWU/pFC5HbP6YCt7sZVPc+OrwQzqBsU7siq3Pc/gxV8zZaerCatgkWAzdsAGQyvs0H0WfCK6Oqt0cKOImUkP7lm0eSAoXtGKZHkbcPQQgv30x6GOmDJ1V7Gby2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; c=relaxed/simple; bh=vCxHaPTJe4yqtPFTmAjuCn77Il9SYXklMHitFpm8R18=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=q4etpA+ad7AFWvKKVeXkcFGlGrc3nZD/dX0hnAsctPtd18NQHZ7/0oquHsYy8FOClXKHowL9lqNXJecAXQmb3OQPLycOm7P8XiAdEAq9dF6Ky/d4JB5hpQyDlzIGTsxxyRdvWGrUxOeBcHRpoLULwKsRyqxuXYLyaLptyguSPMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=kymePSSf; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="kymePSSf" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K8bUl52429037; Fri, 20 Mar 2026 16:15:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=lIPOpCb+wzrQaX0K/ fmgNVA+9F1GCJv0/JwPbMmICBE=; b=kymePSSf2j17tzExZfdyDfa06tm4jSrEa XxJocNBDG1Ltl+NLAfbX1GA6KtqnMC6cjmZEiOkOdnePMMvi7l/bOoOYZxazbUfe UaBwQiPcukojVSlra7BXRfIjob+SttZEqRXd0iiO1bIcucp/4Bj8BYTi/LA8eygW Y71oewdUL9RiAT5UqPkWaCZeVbh+lHtKjid+jbdcvAp6qvBtYDe+e3KD+myQoj+A 8Q7YWjJT0JOGPNnB7bwfir1eirNKtHCPFYejptXFzHxn+GqZjHSkv69g5SZXMPlS wD0e2EFesLlUC/tkZnkZ8gwVbj4yAeKAKz5W2Wt6A2oArd7TEH1dw== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvybsmda8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KDTNYL028496; Fri, 20 Mar 2026 16:15:46 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwmq1qmvj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:46 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFgKh41288174 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:42 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C24F220040; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9303220043; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 2/8] KVM: s390: Remove non-atomic dat_crstep_xchg() Date: Fri, 20 Mar 2026 17:15:36 +0100 Message-ID: <20260320161542.202913-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=MMttWcZl c=1 sm=1 tr=0 ts=69bd72b3 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=UWa3PdyAdGT8wWmJkKEA:9 X-Proofpoint-ORIG-GUID: nfUW8y-Ry1JSxumsqv2ufMAbXGpPlevW X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfX7FIP+tAXFxnb WCJd/r8L43bM7eF1NekiOQbGIk91CwVRbbLXhuW17djOPulaIEgG6lu9BjQQ2zmCYo6VCxL4O+X 2TiYOcCHmL9jTRL+07lj9pF7A32BlZVrMTa/K/vQXXk143bQnkDg1LcXrO7cRQlvHDaR3d0s3hf 2WKIdakVgOhfcURWIU4+2reHmKet+/1q5a6GdfQlrXLv3z5kBIPgfrN/SdCzq2fRRcVM/lULKxR ogzQL+lEtrdHB0hJtfZgZF5PB4buHgcG3UbpcUW4fglJamSw2y/xE/qdFaUU5cpgwzhCoebD8C3 34ecz+BGn7OA+at1T3JoeLBZSbY5A7Y/GGPBF82iDxv3pVzaqIJa1nwtHyS5aT/CQpJkCe2rEXA E4jqPWBc1Ar+K1sXijzqCiDBZte9utf4guMh/X1FCTj0MS7eVpSH6asYqug5wP/HoqZqgETAO35 nkBZ95hxGbxQBwuZOgA== X-Proofpoint-GUID: nfUW8y-Ry1JSxumsqv2ufMAbXGpPlevW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" In practice dat_crstep_xchg() is racy and hard to use correctly. Simply remove it and replace its uses with dat_crstep_xchg_atomic(). This solves some actual races that lead to system hangs / crashes. Signed-off-by: Claudio Imbrenda Fixes: 589071eaaa8f ("KVM: s390: KVM page table management functions: clear= and replace") Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 53 ++++++++------------------ arch/s390/kvm/dat.h | 9 +++-- arch/s390/kvm/gaccess.c | 26 +++++++------ arch/s390/kvm/gmap.c | 82 ++++++++++++++++++++++++----------------- arch/s390/kvm/gmap.h | 24 ++++++------ 5 files changed, 97 insertions(+), 97 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 48b5f2bcf172..8ba80b0b4698 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -134,32 +134,6 @@ int dat_set_asce_limit(struct kvm_s390_mmu_cache *mc, = union asce *asce, int newt return 0; } =20 -/** - * dat_crstep_xchg() - Exchange a gmap CRSTE with another. - * @crstep: Pointer to the CRST entry - * @new: Replacement entry. - * @gfn: The affected guest address. - * @asce: The ASCE of the address space. - * - * Context: This function is assumed to be called with kvm->mmu_lock held. - */ -void dat_crstep_xchg(union crste *crstep, union crste new, gfn_t gfn, unio= n asce asce) -{ - if (crstep->h.i) { - WRITE_ONCE(*crstep, new); - return; - } else if (cpu_has_edat2()) { - crdte_crste(crstep, *crstep, new, gfn, asce); - return; - } - - if (machine_has_tlb_guest()) - idte_crste(crstep, gfn, IDTE_GUEST_ASCE, asce, IDTE_GLOBAL); - else - idte_crste(crstep, gfn, 0, NULL_ASCE, IDTE_GLOBAL); - WRITE_ONCE(*crstep, new); -} - /** * dat_crstep_xchg_atomic() - Atomically exchange a gmap CRSTE with anothe= r. * @crstep: Pointer to the CRST entry. @@ -175,8 +149,8 @@ void dat_crstep_xchg(union crste *crstep, union crste n= ew, gfn_t gfn, union asce * * Return: %true if the exchange was successful. */ -bool dat_crstep_xchg_atomic(union crste *crstep, union crste old, union cr= ste new, gfn_t gfn, - union asce asce) +bool __must_check dat_crstep_xchg_atomic(union crste *crstep, union crste = old, union crste new, + gfn_t gfn, union asce asce) { if (old.h.i) return arch_try_cmpxchg((long *)crstep, &old.val, new.val); @@ -894,7 +868,8 @@ static long _dat_slot_crste(union crste *crstep, gfn_t = gfn, gfn_t next, struct d =20 /* This table entry needs to be updated. */ if (walk->start <=3D gfn && walk->end >=3D next) { - dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce); + if (!dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce)) + return -EINVAL; /* A lower level table was present, needs to be freed. */ if (!crste.h.fc && !crste.h.i) { if (is_pmd(crste)) @@ -1072,17 +1047,19 @@ int dat_link(struct kvm_s390_mmu_cache *mc, union a= sce asce, int level, =20 static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { - union crste crste =3D READ_ONCE(*crstep); + union crste newcrste, oldcrste; int *n =3D walk->priv; =20 - if (!crste.h.fc || crste.h.i || crste.h.p) - return 0; - - *n =3D 2; - if (crste.s.fc1.prefix_notif) - return 0; - crste.s.fc1.prefix_notif =3D 1; - dat_crstep_xchg(crstep, crste, gfn, walk->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (!oldcrste.h.fc || oldcrste.h.i || oldcrste.h.p) + return 0; + *n =3D 2; + if (oldcrste.s.fc1.prefix_notif) + return 0; + newcrste =3D oldcrste; + newcrste.s.fc1.prefix_notif =3D 1; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, walk->a= sce)); return 0; } =20 diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 123e11dcd70d..22dafc775335 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -938,11 +938,14 @@ static inline bool dat_pudp_xchg_atomic(union pud *pu= dp, union pud old, union pu return dat_crstep_xchg_atomic(_CRSTEP(pudp), _CRSTE(old), _CRSTE(new), gf= n, asce); } =20 -static inline void dat_crstep_clear(union crste *crstep, gfn_t gfn, union = asce asce) +static inline union crste dat_crstep_clear_atomic(union crste *crstep, gfn= _t gfn, union asce asce) { - union crste newcrste =3D _CRSTE_EMPTY(crstep->h.tt); + union crste oldcrste, empty =3D _CRSTE_EMPTY(crstep->h.tt); =20 - dat_crstep_xchg(crstep, newcrste, gfn, asce); + do { + oldcrste =3D READ_ONCE(*crstep); + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, empty, gfn, asce)); + return oldcrste; } =20 static inline int get_level(union crste *crstep, union pte *ptep) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index a9da9390867d..4ee862424ca0 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1456,7 +1456,7 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t radd= r, union pte *ptep_h, union static int _do_shadow_crste(struct gmap *sg, gpa_t raddr, union crste *hos= t, union crste *table, struct guest_fault *f, bool p) { - union crste newcrste; + union crste newcrste, oldcrste; gfn_t gfn; int rc; =20 @@ -1469,16 +1469,20 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t = raddr, union crste *host, uni if (rc) return rc; =20 - newcrste =3D _crste_fc1(f->pfn, host->h.tt, f->writable, !p); - newcrste.s.fc1.d |=3D host->s.fc1.d; - newcrste.s.fc1.sd |=3D host->s.fc1.sd; - newcrste.h.p &=3D host->h.p; - newcrste.s.fc1.vsie_notif =3D 1; - newcrste.s.fc1.prefix_notif =3D host->s.fc1.prefix_notif; - _gmap_crstep_xchg(sg->parent, host, newcrste, f->gfn, false); - - newcrste =3D _crste_fc1(f->pfn, host->h.tt, 0, !p); - dat_crstep_xchg(table, newcrste, gpa_to_gfn(raddr), sg->asce); + do { + oldcrste =3D READ_ONCE(*host); + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, f->writable, !p); + newcrste.s.fc1.d |=3D oldcrste.s.fc1.d; + newcrste.s.fc1.sd |=3D oldcrste.s.fc1.sd; + newcrste.h.p &=3D oldcrste.h.p; + newcrste.s.fc1.vsie_notif =3D 1; + newcrste.s.fc1.prefix_notif =3D oldcrste.s.fc1.prefix_notif; + } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); + + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); + gfn =3D gpa_to_gfn(raddr); + while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, gfn, s= g->asce)) + ; return 0; } =20 diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index ef0c6ebfdde2..d974cdac1cce 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -313,13 +313,16 @@ static long gmap_clear_young_crste(union crste *crste= p, gfn_t gfn, gfn_t end, st struct clear_young_pte_priv *priv =3D walk->priv; union crste crste, new; =20 - crste =3D READ_ONCE(*crstep); + do { + crste =3D READ_ONCE(*crstep); + + if (!crste.h.fc) + return 0; + if (!crste.s.fc1.y && crste.h.i) + return 0; + if (crste_prefix(crste) && !gmap_mkold_prefix(priv->gmap, gfn, end)) + break; =20 - if (!crste.h.fc) - return 0; - if (!crste.s.fc1.y && crste.h.i) - return 0; - if (!crste_prefix(crste) || gmap_mkold_prefix(priv->gmap, gfn, end)) { new =3D crste; new.h.i =3D 1; new.s.fc1.y =3D 0; @@ -328,8 +331,8 @@ static long gmap_clear_young_crste(union crste *crstep,= gfn_t gfn, gfn_t end, st folio_set_dirty(phys_to_folio(crste_origin_large(crste))); new.s.fc1.d =3D 0; new.h.p =3D 1; - dat_crstep_xchg(crstep, new, gfn, walk->asce); - } + } while (!dat_crstep_xchg_atomic(crstep, crste, new, gfn, walk->asce)); + priv->young =3D 1; return 0; } @@ -391,14 +394,18 @@ static long _gmap_unmap_crste(union crste *crstep, gf= n_t gfn, gfn_t next, struct { struct gmap_unmap_priv *priv =3D walk->priv; struct folio *folio =3D NULL; + union crste old =3D *crstep; =20 - if (crstep->h.fc) { - if (crstep->s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap-= >flags)) - folio =3D phys_to_folio(crste_origin_large(*crstep)); - gmap_crstep_xchg(priv->gmap, crstep, _CRSTE_EMPTY(crstep->h.tt), gfn); - if (folio) - uv_convert_from_secure_folio(folio); - } + if (!old.h.fc) + return 0; + + if (old.s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap->flag= s)) + folio =3D phys_to_folio(crste_origin_large(old)); + /* No races should happen because kvm->mmu_lock is held in write mode */ + KVM_BUG_ON(!gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY= (old.h.tt), gfn), + priv->gmap->kvm); + if (folio) + uv_convert_from_secure_folio(folio); =20 return 0; } @@ -474,23 +481,24 @@ static long _crste_test_and_clear_softdirty(union crs= te *table, gfn_t gfn, gfn_t =20 if (fatal_signal_pending(current)) return 1; - crste =3D READ_ONCE(*table); - if (!crste.h.fc) - return 0; - if (crste.h.p && !crste.s.fc1.sd) - return 0; + do { + crste =3D READ_ONCE(*table); + if (!crste.h.fc) + return 0; + if (crste.h.p && !crste.s.fc1.sd) + return 0; =20 - /* - * If this large page contains one or more prefixes of vCPUs that are - * currently running, do not reset the protection, leave it marked as - * dirty. - */ - if (!crste.s.fc1.prefix_notif || gmap_mkold_prefix(gmap, gfn, end)) { + /* + * If this large page contains one or more prefixes of vCPUs that are + * currently running, do not reset the protection, leave it marked as + * dirty. + */ + if (crste.s.fc1.prefix_notif && !gmap_mkold_prefix(gmap, gfn, end)) + break; new =3D crste; new.h.p =3D 1; new.s.fc1.sd =3D 0; - gmap_crstep_xchg(gmap, table, new, gfn); - } + } while (gmap_crstep_xchg_atomic(gmap, table, crste, new, gfn)); =20 for ( ; gfn < end; gfn++) mark_page_dirty(gmap->kvm, gfn); @@ -646,8 +654,8 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, gfn_t p_gfn, gfn_t c_gfn, bool force_alloc) { + union crste newcrste, oldcrste; struct page_table *pt; - union crste newcrste; union crste *crstep; union pte *ptep; int rc; @@ -673,7 +681,11 @@ static int gmap_ucas_map_one(struct kvm_s390_mmu_cache= *mc, struct gmap *gmap, &crstep, &ptep); if (rc) return rc; - dat_crstep_xchg(crstep, newcrste, c_gfn, gmap->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (oldcrste.val =3D=3D newcrste.val) + break; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, c_gfn, gmap-= >asce)); return 0; } =20 @@ -777,8 +789,10 @@ static void gmap_ucas_unmap_one(struct gmap *gmap, gfn= _t c_gfn) int rc; =20 rc =3D dat_entry_walk(NULL, c_gfn, gmap->asce, 0, TABLE_TYPE_SEGMENT, &cr= step, &ptep); - if (!rc) - dat_crstep_xchg(crstep, _PMD_EMPTY, c_gfn, gmap->asce); + if (rc) + return; + while (!dat_crstep_xchg_atomic(crstep, READ_ONCE(*crstep), _PMD_EMPTY, c_= gfn, gmap->asce)) + ; } =20 void gmap_ucas_unmap(struct gmap *gmap, gfn_t c_gfn, unsigned long count) @@ -1017,8 +1031,8 @@ static void gmap_unshadow_level(struct gmap *sg, gfn_= t r_gfn, int level) dat_ptep_xchg(ptep, _PTE_EMPTY, r_gfn, sg->asce, uses_skeys(sg)); return; } - crste =3D READ_ONCE(*crstep); - dat_crstep_clear(crstep, r_gfn, sg->asce); + + crste =3D dat_crstep_clear_atomic(crstep, r_gfn, sg->asce); if (crste_leaf(crste) || crste.h.i) return; if (is_pmd(crste)) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index ccb5cd751e31..967a280b3235 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -194,8 +194,9 @@ static inline union pgste gmap_ptep_xchg(struct gmap *g= map, union pte *ptep, uni return _gmap_ptep_xchg(gmap, ptep, newpte, pgste, gfn, true); } =20 -static inline void _gmap_crstep_xchg(struct gmap *gmap, union crste *crste= p, union crste ne, - gfn_t gfn, bool needs_lock) +static inline bool __must_check _gmap_crstep_xchg_atomic(struct gmap *gmap= , union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn, bool needs_lock) { unsigned long align =3D 8 + (is_pmd(*crstep) ? 0 : 11); =20 @@ -204,25 +205,26 @@ static inline void _gmap_crstep_xchg(struct gmap *gma= p, union crste *crstep, uni lockdep_assert_held(&gmap->children_lock); =20 gfn =3D ALIGN_DOWN(gfn, align); - if (crste_prefix(*crstep) && (ne.h.p || ne.h.i || !crste_prefix(ne))) { - ne.s.fc1.prefix_notif =3D 0; + if (crste_prefix(oldcrste) && (newcrste.h.p || newcrste.h.i || !crste_pre= fix(newcrste))) { + newcrste.s.fc1.prefix_notif =3D 0; gmap_unmap_prefix(gmap, gfn, gfn + align); } - if (crste_leaf(*crstep) && crstep->s.fc1.vsie_notif && - (ne.h.p || ne.h.i || !ne.s.fc1.vsie_notif)) { - ne.s.fc1.vsie_notif =3D 0; + if (crste_leaf(oldcrste) && oldcrste.s.fc1.vsie_notif && + (newcrste.h.p || newcrste.h.i || !newcrste.s.fc1.vsie_notif)) { + newcrste.s.fc1.vsie_notif =3D 0; if (needs_lock) gmap_handle_vsie_unshadow_event(gmap, gfn); else _gmap_handle_vsie_unshadow_event(gmap, gfn); } - dat_crstep_xchg(crstep, ne, gfn, gmap->asce); + return dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, gmap->asce= ); } =20 -static inline void gmap_crstep_xchg(struct gmap *gmap, union crste *crstep= , union crste ne, - gfn_t gfn) +static inline bool __must_check gmap_crstep_xchg_atomic(struct gmap *gmap,= union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn) { - return _gmap_crstep_xchg(gmap, crstep, ne, gfn, true); + return _gmap_crstep_xchg_atomic(gmap, crstep, oldcrste, newcrste, gfn, tr= ue); } =20 /** --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 257D93CF055; Fri, 20 Mar 2026 16:15:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023351; cv=none; b=ufBVxk9//aHicdeOk25+6jCRdByAPo0lYcXx77pEFciJ7gXh2rJnl+SRrfIJbWjlZPjGgJIl9wXIWpthyXzHmkOv23otrvYbN1ss+AfoSvIjNprftQ9rJb+LKfr4BGbCUxMGY+VXoeeN2xfgGqe8REko7Qree7GLLbnqndiBNN4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023351; c=relaxed/simple; bh=CMIxBDgO+n1A/9SEkf98kUAGvJZlIK3tSKK0E9G6p/U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tSah6kejfBSILszmizFVXm5NpZ32JR78Nd7WyC5SzdhNS3WPlgMv0QEhS2vwVZwDzd+/CHHKNI+jpfSSghIVw8L5qfkzA2oRQ6dMV67BwjGiV8rAdMhhMFDc2MK1ITC/goYHPOSfGiNboKXTAHE3qZ/8dekUsw6/LWq7NaiHKTM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=SeDthXlc; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="SeDthXlc" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K8bNNx734854; Fri, 20 Mar 2026 16:15:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=mWuEbw18p0LQsiEzb IY7JrprUCsHf+YGsUm9HrCTmCg=; b=SeDthXlcjTXC+rFpQThtKKAachbH2IJ61 dJDtA7XDwl3bgAGwR/bxRBNYjAnziKA9nootvgnt+Q9Eh1FV/dKVkcbirGkADIaI sRUwKMfd04oBSD8fvI1n7d6H0zyyAglAASwoD2kfxWgL7BnmcdfpXUN2yghAAZqI YH7FBUcO9llGFsN6p0qBMRXp0TkOhCDilKPSw4ihSUor5IK3g8mp/ftXphUKjv9h /d4REIZloPASyj8j8Oxcs/EF6G8DyUM2bPxvIEDCGyB7vBbhZ/VA+Rk5HRVGpUPi dMhBm8EKGtXDPRb6sJVqrX+1nx01XCToRUypJOQ0sdX4FN+TszBZw== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvybsmdab-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KG5seo005412; Fri, 20 Mar 2026 16:15:46 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwj0sr0db-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:46 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhkf22020564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:43 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0167E20040; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C7BA62004B; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 3/8] KVM: s390: vsie: Fix check for pre-existing shadow mapping Date: Fri, 20 Mar 2026 17:15:37 +0100 Message-ID: <20260320161542.202913-4-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=MMttWcZl c=1 sm=1 tr=0 ts=69bd72b3 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=PlgCcmkuhnOIsHVkaVAA:9 X-Proofpoint-ORIG-GUID: 8_m56WBBBjHT9L5bKGwFDaINS9Y1nPRd X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfX7QQXryXtUFpt IwSW/pD0IE5thTAfROClABmvTG9HSCyI1Tr1hbnbhZoEGX0ORcor0PZikZQG+ssw0PwfOcS4Khw RJuK7E1+NgnBgpTBNAX4F5boL+642eVvFKjAXqhYyJCd2T5OKpiKYkzae/mJjB9INQ5H8MKTFE7 Ncg8/tXCEt5EILeUWl/jLniJGhW243InIrkAV+w6Yy5VAPkOVV/+pVoWUOd+WjgAODKEr3YF7SG Pd7rdJme5OQhmelm19ARKmy5P7e/5YCRDhZDB0m8kK8RIn4Gtl1mJqN43tChQPe14wGtvH2d8tD zfIzvSxGoTEnQLsCqupugIaGchZ/GE7i8qtJ+z3HyEQY5jhZUQmHOYZJwB+BVB1Omdfku1HyLYD nJu8hd/G+gHfW1m26llryni6UblHJyn3umXTrZIepz3Teos5nlfryRxL1lHhPiSktnrkq1+TxXl siESXuR7Gz28txKipcw== X-Proofpoint-GUID: 8_m56WBBBjHT9L5bKGwFDaINS9Y1nPRd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" When shadowing a nested guest, a check is performed and no shadowing is attempted if the nested guest is already shadowed. The existing check was incomplete; fix it by also checking whether the leaf DAT table entry in the existing shadow gmap has the same protection as the one specified in the guest DAT entry. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Janosch Frank Reviewed-by: Steffen Eiden --- arch/s390/kvm/gaccess.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 4ee862424ca0..dad02f7f90f1 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1507,7 +1507,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, return rc; =20 /* A race occourred. The shadow mapping is already valid, nothing to do */ - if ((ptep && !ptep->h.i) || (!ptep && crste_leaf(*table))) + if ((ptep && !ptep->h.i && ptep->h.p =3D=3D w->p) || + (!ptep && crste_leaf(*table) && !table->h.i && table->h.p =3D=3D w->p= )) return 0; =20 gl =3D get_level(table, ptep); --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58F383D0914; Fri, 20 Mar 2026 16:15:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023360; cv=none; b=BbaV3CCsm6fzPnI9pe3chFgKrhckHd0izJEgyZ83a5qfj8/AjRZVvJpE/pdZUi2XAzUkUax1RHm8mNOPx+3OIGXd2n5lcMZ1sFdEXlsHifHH4UhCxPfkwumFbd8FsTQOxZcdEiF4H6aidTbWZi1RlBsXLwYa6jb9+H3aYl/2Xng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023360; c=relaxed/simple; bh=EVWmb6LiCuPUDzG+eTM8dHj0mZFDO0wnLSwBoZHuklA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=M60Zi7OPPEfoXiNaYumo/Sg17eK8vcHg8C3xNirQwa4iXDpdn6rqw/13cxBHBOKrU3uPx8EHno8cO9CA07CtDTYE58owi40uiHsrVRW78aDHNCVGng3u7S/9b0/4zhpdiUs5ZFhFBHbKci2Lqh2VtS8ro0xnPYNNmqnXrngyFHc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=qhgax1yU; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="qhgax1yU" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K6kCC8753346; Fri, 20 Mar 2026 16:15:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Q2GIe7nMtFanca65T PShGNCRdcguyfXxTm2P4Eabwx0=; b=qhgax1yUmrGdfyjS/tlh2LOoMPkU/rfmt hX8RX0YeUmGCLDEbCnRYRUx0NnWsqgaTNk2gE2X8HWVza/ws67nd/1seItybhNZz xF+nLVQqm4qQmWjS8u3wdHtLRVu07OBlL0wmkovQMrhu6FTzG33mU3xg4r6sBCdN Fa4GS5gToD657Wj30udeo/hZZB99X9TgykwFy7D208p5x+Z9sw6b096OXKQErU0D 0CNjzo0ZPWlO19oFGKqHFSqjDPtcmF7P3NQyFzWY1mWjIpRJNHoH+R1SXIjfe2j5 +RcIv8gBFBISLNhunYFcjf9lE+PHk/zVoaAxhk7Hz0Peohncy9hWw== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvw3jbk8a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KBdVgV015648; Fri, 20 Mar 2026 16:15:47 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4cwk0nqupr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhcg25821638 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:43 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C26020040; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 06E6320043; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:42 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 4/8] KVM: s390: Fix gmap_link() Date: Fri, 20 Mar 2026 17:15:38 +0100 Message-ID: <20260320161542.202913-5-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: q1H_sMzNhSLNU2TvGVfzsIHOXE0OeguQ X-Proofpoint-ORIG-GUID: q1H_sMzNhSLNU2TvGVfzsIHOXE0OeguQ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfX5UE45gNIIdvb O504H0OM3tSuGnDWGtdz4PugsGtXPSc/oShE8fjThB8BHHAsiNe9sJfVjE1vE6etSOXmlRlTL+M cSazoQAzMvPgASOB8FAZGWjPQOk3wV0eFGRjv6y0x/nJykz01mHfXvV1a6mGdGkx8i4n5h33/t+ tQ3N4CE0Li0nP9JRQrSaY3mQWBp4g9b8oJ40WLNousexbYxWcHjNmOiN9NWKdUCMeo5I1ivkuF2 SLz2FTAmTqO52Ryw4+F2iTIrW0zK5I7hdeLO5URi287EUbtDPUcrwozR3UJfap4jmfJ5M25dmLI rKE1DqEhyKaMAqY4e6G6y8j6RAEnMML/Oyzl6Qfv3adNB74FzhRBLrH2dho4SVLjaz2ioi3jUUQ LMI+bu3mJaV2Cmt3DwLpINH9D6HeMv62a+9mIRboJ/7JL3dzsaRzJZ+krwTqP3TShjHHifS+5Jz jlDoPgG9wkBy4lC+uPg== X-Authority-Analysis: v=2.4 cv=Hf8ZjyE8 c=1 sm=1 tr=0 ts=69bd72b3 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=jDauOpCy_z-6rDg_B6MA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 impostorscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" The slow path of the fault handler ultimately called gmap_link(), which assumed the fault was a major fault, and blindly called dat_link(). In case of minor faults, things were not always handled properly; in particular the prefix and vsie marker bits were ignored. Move dat_link() into gmap.c, renaming it accordingly. Once moved, the new _gmap_link() function will be able to correctly honour the prefix and vsie markers. Signed-off-by: Claudio Imbrenda Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 48 ------------------------------------- arch/s390/kvm/dat.h | 2 -- arch/s390/kvm/gmap.c | 56 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 52 insertions(+), 54 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 8ba80b0b4698..a4f482bd3077 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -997,54 +997,6 @@ bool dat_test_age_gfn(union asce asce, gfn_t start, gf= n_t end) return _dat_walk_gfn_range(start, end, asce, &test_age_ops, 0, NULL) > 0; } =20 -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f) -{ - union crste oldval, newval; - union pte newpte, oldpte; - union pgste pgste; - int rc =3D 0; - - rc =3D dat_entry_walk(mc, f->gfn, asce, DAT_WALK_ALLOC_CONTINUE, level, &= f->crstep, &f->ptep); - if (rc =3D=3D -EINVAL || rc =3D=3D -ENOMEM) - return rc; - if (rc) - return -EAGAIN; - - if (WARN_ON_ONCE(unlikely(get_level(f->crstep, f->ptep) > level))) - return -EINVAL; - - if (f->ptep) { - pgste =3D pgste_get_lock(f->ptep); - oldpte =3D *f->ptep; - newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); - newpte.s.sd =3D oldpte.s.sd; - oldpte.s.sd =3D 0; - if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { - pgste =3D __dat_ptep_xchg(f->ptep, pgste, newpte, f->gfn, asce, uses_sk= eys); - if (f->callback) - f->callback(f); - } else { - rc =3D -EAGAIN; - } - pgste_set_unlock(f->ptep, pgste); - } else { - oldval =3D READ_ONCE(*f->crstep); - newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, - f->write_attempt | oldval.s.fc1.d); - newval.s.fc1.sd =3D oldval.s.fc1.sd; - if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && - crste_origin_large(oldval) !=3D crste_origin_large(newval)) - return -EAGAIN; - if (!dat_crstep_xchg_atomic(f->crstep, oldval, newval, f->gfn, asce)) - return -EAGAIN; - if (f->callback) - f->callback(f); - } - - return rc; -} - static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { union crste newcrste, oldcrste; diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 22dafc775335..efedcf96110c 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -540,8 +540,6 @@ int dat_set_slot(struct kvm_s390_mmu_cache *mc, union a= sce asce, gfn_t start, gf u16 type, u16 param); int dat_set_prefix_notif_bit(union asce asce, gfn_t gfn); bool dat_test_age_gfn(union asce asce, gfn_t start, gfn_t end); -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f); =20 int dat_perform_essa(union asce asce, gfn_t gfn, int orc, union essa_state= *state, bool *dirty); long dat_reset_cmma(union asce asce, gfn_t start_gfn); diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index d974cdac1cce..e9cac6dce48b 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -631,10 +631,60 @@ static inline bool gmap_1m_allowed(struct gmap *gmap,= gfn_t gfn) return test_bit(GMAP_FLAG_ALLOW_HPAGE_1M, &gmap->flags); } =20 +static int _gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, in= t level, + struct guest_fault *f) +{ + union crste oldval, newval; + union pte newpte, oldpte; + union pgste pgste; + int rc =3D 0; + + rc =3D dat_entry_walk(mc, f->gfn, gmap->asce, DAT_WALK_ALLOC_CONTINUE, le= vel, + &f->crstep, &f->ptep); + if (rc =3D=3D -ENOMEM) + return rc; + if (KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm)) + return rc; + if (rc) + return -EAGAIN; + if (KVM_BUG_ON(get_level(f->crstep, f->ptep) > level, gmap->kvm)) + return -EINVAL; + + if (f->ptep) { + pgste =3D pgste_get_lock(f->ptep); + oldpte =3D *f->ptep; + newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); + newpte.s.sd =3D oldpte.s.sd; + oldpte.s.sd =3D 0; + if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { + pgste =3D gmap_ptep_xchg(gmap, f->ptep, newpte, pgste, f->gfn); + if (f->callback) + f->callback(f); + } else { + rc =3D -EAGAIN; + } + pgste_set_unlock(f->ptep, pgste); + } else { + do { + oldval =3D READ_ONCE(*f->crstep); + newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, + f->write_attempt | oldval.s.fc1.d); + newval.s.fc1.sd =3D oldval.s.fc1.sd; + if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && + crste_origin_large(oldval) !=3D crste_origin_large(newval)) + return -EAGAIN; + } while (!gmap_crstep_xchg_atomic(gmap, f->crstep, oldval, newval, f->gf= n)); + if (f->callback) + f->callback(f); + } + + return rc; +} + int gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, struct gue= st_fault *f) { unsigned int order; - int rc, level; + int level; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); =20 @@ -646,9 +696,7 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau else if (order >=3D get_order(_SEGMENT_SIZE) && gmap_1m_allowed(gmap, f-= >gfn)) level =3D TABLE_TYPE_SEGMENT; } - rc =3D dat_link(mc, gmap->asce, level, uses_skeys(gmap), f); - KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm); - return rc; + return _gmap_link(mc, gmap, level, f); } =20 static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7515E3CFF54; Fri, 20 Mar 2026 16:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; cv=none; b=TgdAxituMzh83BQ2bl3LuWCG8S3z8eG+NScKZwi77KA5Sl7YCruppLTo+VG82OX5S1c85i5zAcXle2IwCCcl8eDeAX3CinvKveeOAhKXypKKNcDQlw9+YqgLoT61XiszpYy9wsOprGomhzYYlaSGxDo9v7EpB0v1ZjVPXfXT1d0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; c=relaxed/simple; bh=7HHoViA5UaeAvDtI2DNpgB8NR4rP/baKjtC52YUZChY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mZrcl2zN/WeLqrfNliv2MfMDwIRjXnd/xDd39Q1oxWHYtKxSMTFF2QXFF5wHT1CXzQyBSdJMf1ywfPSysMWAUMYZE0IDB9MLShk9LQOrf/mcnRbCne7E89cEMTcuqrHePyMp3ndZbTtTGj1lenskk5zQ1hHVZRiwdO4T+2ldd5c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=NYWbp2Zx; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="NYWbp2Zx" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62KDp5BG3931551; Fri, 20 Mar 2026 16:15:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=0fwhjDUsim/8FQiFH USqVbqoW3hpMGVBUv+3UM6jGGw=; b=NYWbp2ZxHjde0qOpsJUB4YMMrDJNjsaGu 7VgUIqWEAkueFGhuyAnNl6E+7/2/MTLmu1MCOKBWSfOdYLSttyS5w+9c2NQkT40G wgYjjSBQlSXYOpczWvgzwDRcLPVhaWhbPHwMiALGNYZf75cyuMXJlTWN4NpUCuqB xQssC25jYZ4FdvJPTd7qJGxy+jiIPMp9UB6S2XGw0U7rbpw6mEXxlVNpIvcGKjTQ T3U9MuL0eSMF2RqOOsbRYUgt/gHvoUz8y5fBYzE1uPZcF/qWaUIoXkTPGr4CR48X cVqNMV5IsBYZoNkR/o/EzYQGkGrkDtMtN9L2lgMMUcrFbec9/NE7g== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvyauuf8y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:48 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KBf6Hg004737; Fri, 20 Mar 2026 16:15:47 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwj0sr0de-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhD425821644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:43 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F2CB20040; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 316422004B; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 5/8] KVM: s390: vsie: Fix refcount overflow for shadow gmaps Date: Fri, 20 Mar 2026 17:15:39 +0100 Message-ID: <20260320161542.202913-6-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfXztVFzqE1t4l9 3yUgz36AyDwYwaMF8sRYOrKgo7aA5r8aWnBwUQFKz80DVdJF5mN7waL9ZzJunQfeP6itKzeE1gJ QHRUaNQwcM47UTMuk0ph+J6MOzAwBUTKFAs2y7g3WZvOdayvso6FcOMBPZmbKWW86f7BSVxnTz/ GUS7JP54vP2sFBJg3iZ4hxXRvDGJQY9kOQTAiwvXlclY850tHfEUPTVtnTMirMJPd91oXZpR9I+ OnJO7plI/n+TrX9QUhKAUQlN8EhK7wDp+2RI+8uB4Ws2IsZ+84kTvP2UFnRj8CEP3U0haco6Tlu lWBsUgNxsznKjY0Dq1v9AU/6RrHvsO9uq8lpxjnITq8xi4YbVPHOvUhlABmbAEEsuTYLuclk16s 4WozaXtIxsYbpLxoDbSYO1jU2PKsYviYfW0XE/5f83JShnL8w/99bWZsVTBHy+k83w1i2HcpafP CQY6HYTTagd3ptTwNOw== X-Authority-Analysis: v=2.4 cv=GIQF0+NK c=1 sm=1 tr=0 ts=69bd72b4 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=v6tYtx9Y7d4DOqc1eGoA:9 X-Proofpoint-ORIG-GUID: pa8iitXycZTV1t9tl37mZ6b7QOthg6RR X-Proofpoint-GUID: pa8iitXycZTV1t9tl37mZ6b7QOthg6RR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" In most cases gmap_put() was not called when it should have. Add the missing gmap_put() in vsie_run(). Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Janosch Frank Reviewed-by: Steffen Eiden --- arch/s390/kvm/vsie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 0330829b4046..72895dddc39a 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1328,7 +1328,7 @@ static void unregister_shadow_scb(struct kvm_vcpu *vc= pu) static int vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { struct kvm_s390_sie_block *scb_s =3D &vsie_page->scb_s; - struct gmap *sg; + struct gmap *sg =3D NULL; int rc =3D 0; =20 while (1) { @@ -1368,6 +1368,8 @@ static int vsie_run(struct kvm_vcpu *vcpu, struct vsi= e_page *vsie_page) sg =3D gmap_put(sg); cond_resched(); } + if (sg) + sg =3D gmap_put(sg); =20 if (rc =3D=3D -EFAULT) { /* --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 750503CFF53; Fri, 20 Mar 2026 16:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; cv=none; b=nAM4Eoqugb0Dds1vFXD9529aME8Pb43utEgiKf6VxgnBFyGj+6FjTNpWd3CEa2o1z14sRpk+AJmuEn1M8zMv1zupsAqgG6VM30LflPP37/CsLer+SHxuv8qo2Kyyil8k4SWQV6vz5xMrb7FKbNC3bC98mOvbm4xC56k7vJBvk+g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; c=relaxed/simple; bh=Bbbonkg13c/N+CBkpYpoyzaFNRZsv8IZKmcmG2FXU8c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Cfz3Iqo8ZemLFLLtjpQxNG/vofnXmjclDxONvrzyW7KVM1FASpL/W7xyFHrsyCsc/7JOZNZZxAY4IdwFVY8hFe3T7yrVCXWh4mrpaNa1GyT7dn/ERFb4xZrpMEKlJr3CLKByJrZZhSZo+2nmPPxl/N4UU/WQA/xpEQ0WrNrrJjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=rZzjnU8M; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="rZzjnU8M" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K1kV0C1011167; Fri, 20 Mar 2026 16:15:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=RYGWKz+LPaT7GzyTg 5Yoo4nMEXdD6i6APinR5zJ6bcs=; b=rZzjnU8ManUklOlDQuvdT9bnpFZXaT/sR mZivMwNpzo/oz3ze2oVuBFqHyjt/awm0rtnWCVPvOUikPJvAfAYroLxLW2Eo2i+b Ws3x7FS7a2bQqBp9kjCpet271Zu10bcwQ10Jnb7BWHrQrnjGIuJ9V7gmsU52jvQq ryba9g+Mb9xc9D57thHZDXd4QijbshxdnxEswVRVA0xvjG9noyMZbLKTPWH6TSRN 8mceCAtIf/yYE3qk7pUB6Tng9WLRGKAysL4PyIT6g1lGvbpA56RSNAhNPa75bGAR YJlUSwiC4LDRGt6+tWBRlrxDbEQDwrLNwWXZafS6NTvh/4hxriV6A== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvw3jbk8b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:48 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KDAZNm032404; Fri, 20 Mar 2026 16:15:47 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwm7k7pnn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhqS25821646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:43 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8A61B2004B; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 649B420043; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 6/8] KVM: s390: vsie: Fix unshadowing while shadowing Date: Fri, 20 Mar 2026 17:15:40 +0100 Message-ID: <20260320161542.202913-7-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 9YCiHEd2Q6O0kvEZ-iKg5wfzTsoBfyct X-Proofpoint-ORIG-GUID: 9YCiHEd2Q6O0kvEZ-iKg5wfzTsoBfyct X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfXxsHXMQPb4nCX H+RLctohXC+2nDQl5Fj9nKz41PCDKt+3C/7cygxLJ3xdzQlLJEcsMtn+lPPFYLWT/cM0fyR4YBB vPGLedqxKIV0dY+gAjjCJW1nGyMQLG5QsJkQ1utazD/KP4kelfGKzScpWhJlcGw1+k9BOy8I64N 6XfyGNQhOUboSklqKRJuDvPBARImbncMFl/B7iuJ87IR0odkivB0+Fhrx7/GLuXW064e6zwbInz nLQWluZIfKqQvpeY40YaFR+gjBHtUDrDXbdL7j+CVxsM3irTHVoELhFB9ksn3FJd5aOkmM/sTZ/ xRzrr0T4dsswI6NFKveIHDJDKpXQvikm1RP/DfNhYT0yKXlEvpGaUJYRk/ZN1gaDFcBqUzJdVUH meKJ9HFKvd28wPuFAi27Au+u7zspqoHn4AhXL5B99DS75aRhfP88Z2V2QrXdZUopzD7dIa2jhhb ZApr/cSzvsHe8UbVfZQ== X-Authority-Analysis: v=2.4 cv=Hf8ZjyE8 c=1 sm=1 tr=0 ts=69bd72b4 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=rP4LS0jab8kgWfQMVEcA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 impostorscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" If shadowing causes the shadow gmap to get unshadowed, exit early to prevent an attempt to dereference the parent pointer, which at this point is NULL. Opportunistically add some more checks to prevent NULL parents. Signed-off-by: Claudio Imbrenda Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Fixes: e5f98a6899bd ("KVM: s390: Add some helper functions needed for vSIE") Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 2 ++ arch/s390/kvm/gmap.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index dad02f7f90f1..1054f9bd107f 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1522,6 +1522,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, entries[i - 1].pfn, i, entries[i - 1].writable); if (rc) return rc; + if (!sg->parent) + return -EAGAIN; } =20 rc =3D dat_entry_walk(NULL, entries[LEVEL_MEM].gfn, sg->parent->asce, DAT= _WALK_LEAF, diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index e9cac6dce48b..6e490735265e 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -1163,6 +1163,7 @@ struct gmap_protect_asce_top_level { static inline int __gmap_protect_asce_top_level(struct kvm_s390_mmu_cache = *mc, struct gmap *sg, struct gmap_protect_asce_top_level *context) { + struct gmap *parent; int rc, i; =20 guard(write_lock)(&sg->kvm->mmu_lock); @@ -1170,7 +1171,12 @@ static inline int __gmap_protect_asce_top_level(stru= ct kvm_s390_mmu_cache *mc, s if (kvm_s390_array_needs_retry_safe(sg->kvm, context->seq, context->f)) return -EAGAIN; =20 - scoped_guard(spinlock, &sg->parent->children_lock) { + parent =3D READ_ONCE(sg->parent); + if (!parent) + return -EAGAIN; + scoped_guard(spinlock, &parent->children_lock) { + if (READ_ONCE(sg->parent) !=3D parent) + return -EAGAIN; for (i =3D 0; i < CRST_TABLE_PAGES; i++) { if (!context->f[i].valid) continue; @@ -1253,6 +1259,9 @@ struct gmap *gmap_create_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *pare struct gmap *sg, *new; int rc; =20 + if (WARN_ON(!parent)) + return ERR_PTR(-EINVAL); + scoped_guard(spinlock, &parent->children_lock) { sg =3D gmap_find_shadow(parent, asce, edat_level); if (sg) { --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74F5D3CFF52; Fri, 20 Mar 2026 16:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; cv=none; b=qpUlNBm2XYrc1+9RrRqVhOZxFmYwx1mwjGHeYr16DPj8EzADeN3FFMBzlFw3QXZxxigGO2DxXRXMc9hdvWSu4eW8ah5z7TICjTuBh+qBp/TKeu5iKwEx7TsgQpqHuIMR2Vxwmb1cJSmBNjOC8S/3JSuEBQKQX1HkHsuUKc8aM9I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; c=relaxed/simple; bh=9LLxPughLm+7sXf/LYwlHmtJ/qYU8gc+9FkS/KNpYVA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZK4POu6nm1kQ9OeQKTWtSrI6gi+0iYq6npk9882LuFEq1eFngSVIzXRsgrSg8HaPlUnAh/4DmGSWQr1Cs+iUk3XQryUA0V1P1AnAuR3xonzMS/8xd0oQasLGAP6g2ZEv9jCUKG6SiBk9qJtp2GTTCuxhK7QHniwXTAf6XF9Gl40= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=pArr5/g+; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="pArr5/g+" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62KFdcUo3984736; Fri, 20 Mar 2026 16:15:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=iy0O7AgL5jwXmTvNw kNv5LRHBzAbfu0EojsWXXAs1vk=; b=pArr5/g+V3d2TEKmrZ+0zDm9ZZjB1rwMn LTarDZGbqdvjCtD+SFaGgQvxCZmEs4gotssh8vsxkf+spfPU7J9yCee5p2U1wApL Hg7xwWgTAv07b6RnOHxih5p5XcOs1CndZ0X8HHX8GMQpI4xg6Wg2mffcEJxQDcHC 2/7WnL2AE2bw1ySiI9LHXEIKIwaR2WLfUjWutP8W/TCRMHY3rYkDCdp9hFPyH8rf +E2b2H9yjr+vigrJX/JH+dotde6hVr12KGgMboZDLtQ3mtVtTWg9dC1XjyC81luS KwtUUNtVvS6y+1Fkza6YuWhbfD86qAi0zAJqs7Aylzp7D9PvVl+9A== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvx3dbejf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:48 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KE31nc028501; Fri, 20 Mar 2026 16:15:47 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwmq1qmvk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhvP21889292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:43 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B49CB20040; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8F8B92004D; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 7/8] KVM: s390: vsie: Fix guest page tables protection Date: Fri, 20 Mar 2026 17:15:41 +0100 Message-ID: <20260320161542.202913-8-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=arO/yCZV c=1 sm=1 tr=0 ts=69bd72b4 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=_xOeJ_NdDjmAqN1vBHoA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfXyoUZIm7FJ2bj q95UnAlOeRW4L3Y7WDmR/E3nWxwzAQ40J7jO9zbhuoNTqcizmikgJC0+1Y5NtgaS87067i+hjyQ adUWlqULI09zvqZ9+VFv2zfQjze6r1qYfuoP/6pmLC0t8/u/U8ZrsE98X4f/+QGUON1gOMmccQK rDVKnqTe0fwk5Ty5LCjObHXDUgiIHP/Tz4t2ll3H1eBv6c0Ndp8bBzSCsJCPGrAUl4WjHV4fqfl 3/KCH8gfXPnuTy/bXu+/Xg4l57byY8k0aOgwbiOGan1XOHo5m3dJG2MkJUyzlfO+bbGDkbdZ//b tTuarH64U/3msKEBXDGFtE9uyG7Nb0uOvmjr+BnUoaZ3clOFMuwBQ5XJISt8ThfpVztnrkHLIHi HugLhHjk9NqVonxdwMzbzdB6ot5KOeWTgX7CNUuHHpy9rcO+M42jXyISNN22PDuNLtyc7p5Ops4 D5e0TBAhN0IlcHAa2hg== X-Proofpoint-GUID: TijuISa9QL0hWkWS2GPUsHNHyV1w992P X-Proofpoint-ORIG-GUID: TijuISa9QL0hWkWS2GPUsHNHyV1w992P X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 malwarescore=0 clxscore=1015 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" When shadowing, the guest page tables are write-protected, in order to trap changes and properly unshadow the shadow mapping for the nested guest. Already shadowed levels are skipped, so that only the needed levels are write protected. Currently the levels that get write protected are exactly one level too deep: the last level (nested guest memory) gets protected in the wrong way, and will be protected again correctly a few lines afterwards; most importantly, the highest non-shadowed level does *not* get write protected. Moreover, if the nested guest is running in a real address space, there are no DAT tables to shadow. Write protect the correct levels, so that all the levels that need to be protected are protected, and avoid double protecting the last level; skip attempting to shadow the DAT tables when the nested guest is running in a real address space. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Janosch Frank --- arch/s390/kvm/gaccess.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 1054f9bd107f..17563f889c6b 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1517,13 +1517,15 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *sg, * Skip levels that are already protected. For each level, protect * only the page containing the entry, not the whole table. */ - for (i =3D gl ; i >=3D w->level; i--) { - rc =3D gmap_protect_rmap(mc, sg, entries[i - 1].gfn, gpa_to_gfn(saddr), - entries[i - 1].pfn, i, entries[i - 1].writable); - if (rc) - return rc; - if (!sg->parent) - return -EAGAIN; + if (w->level > LEVEL_MEM) { + for (i =3D gl ; i >=3D w->level; i--) { + rc =3D gmap_protect_rmap(mc, sg, entries[i].gfn, gpa_to_gfn(saddr), + entries[i].pfn, i + 1, entries[i].writable); + if (rc) + return rc; + if (!sg->parent) + return -EAGAIN; + } } =20 rc =3D dat_entry_walk(NULL, entries[LEVEL_MEM].gfn, sg->parent->asce, DAT= _WALK_LEAF, --=20 2.53.0 From nobody Sat Apr 4 03:19:48 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 596903D0917; Fri, 20 Mar 2026 16:15:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; cv=none; b=HFoHFHioJJmRbRAClkQLWgKfogsZiU4g+e7dpfOYfV3eWzfeSjYKmzVtzr0CvP2LJLzFQGVkiXCzT0Cee5k+pHsW+vusi4nwZVAn7YuYLZA5SPxuBc3Ck5S9zmW8dchJe1/72rUXdNd0/Q2+Sq/DVlQwVOc1lBGB1+2y2jAyfA0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774023353; c=relaxed/simple; bh=oKevwYpwXMrZRYg4Pdrx3uqixoRKv51pq42iXR6tQSs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=diMoZs28ATEIHFjueUHRL1TCHY7hC9R+f6i6kKvUxdNWDWGNc+D+uS5Xa3PgUzL5c4BDDOCpJ3f8UNUzo45+gvKf37g6O2/RD1azSUiIW20+3QTCfJA6kEuCJhZcH9/BDbyQ29Ws3zrhDqOEnEbZGSU5hCK84VmkRfIJy6EzhUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=WX/s5to8; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="WX/s5to8" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62K2U3Zx1088018; Fri, 20 Mar 2026 16:15:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=IMNzU0+TfITo7bc9Q mi5EqrZOSEBfRPTeQQ2TUQBmr8=; b=WX/s5to8iVSOKXsSKtvHTofuHH/Mt3J6k QeKp8StPOLFYESgB4vTOOp3+YQqHebEczlrJ9EeNsQ1lljJ+gJl80guxA3udbzQw UA4HXsPm768u1i/Mmljk840Mv9N/TZ9M9rOaJ8JRPMS5Pqc9XoxVumBA8chBsJE5 bfO6AdyaFhBY50gdhdfCfdjjx29N/kd1SsPdqQe+sbhxig6WN6eNmRO8WqKDgdL2 cTyy63P+elJhNrZ85oCDDf2cQcHCcV4CwTWHbE26PsI4I1S85A+GoZ3du8bR+1Ot vMlpuGlTwJ7qimCFtGcyfcQhmr6i5Sh2ttzsGHbUrNXjqh19SxKYg== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4cvyauuf90-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:48 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62KG5sep005412; Fri, 20 Mar 2026 16:15:47 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4cwj0sr0dg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Mar 2026 16:15:47 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62KGFhO321889294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Mar 2026 16:15:44 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DE5D420040; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA06A20043; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Mar 2026 16:15:43 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v2 8/8] KVM: s390: Fix KVM_S390_VCPU_FAULT ioctl Date: Fri, 20 Mar 2026 17:15:42 +0100 Message-ID: <20260320161542.202913-9-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320161542.202913-1-imbrenda@linux.ibm.com> References: <20260320161542.202913-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzIwMDEzMCBTYWx0ZWRfX0Y1j6Ph8qt9Y 6101hwb+hfUJOj7oTrvJ9y4jVNQvWf/povoD/aXmTC8TrePHV5H4QvxcIMbgYa9ynt+g8URHsUm davNAeTAzqvS17yHvop7+MM9vm+uSC3T0UFQgU/yR5e0m+H7jHy8b6Jiwp0bTvKBCBO86XOjkYx KVJpYUSUnwJDbKlMr/8wz3EPfOTaDWr/5OyX7EO5iBmiERZ26N/XT4SQ+nb2zzZQJ9j5zfkLvL7 a3OiIeHvu1nEx/lu5ZBp+ECMsvNUdALaeBWyFtmnf08MJb8H/MPQCDcnHg8lFa3kfQxaxYBUeaG mPbfI/h1t0r/ISWSajfJybEFmYc8BVt/Sn4xz0Y9rLX8uGf0g1kSuIQ+C+UH0pUasqWIeot/0Jd OsctelBhfwy27jpRMhyy4eEFyHX+702rMfiBb9UOLCvmRcLvaoc23vFOtgsK4j0srJ5gP45t2FR egkq118Pl4LlbO4YV2g== X-Authority-Analysis: v=2.4 cv=GIQF0+NK c=1 sm=1 tr=0 ts=69bd72b4 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=ikv_JcFPPU8SThzKSe0A:9 X-Proofpoint-ORIG-GUID: Gy2g5eZ-hBlNROdCOEUo7FLuY66evMHI X-Proofpoint-GUID: Gy2g5eZ-hBlNROdCOEUo7FLuY66evMHI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-20_02,2026-03-20_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603200130 Content-Type: text/plain; charset="utf-8" A previous commit changed the behaviour of the KVM_S390_VCPU_FAULT ioctl. The current (wrong) implementation will trigger a guest addressing exception if the requested address lies outside of a memslot, unless the VM is UCONTROL. Restore the previous behaviour by open coding the fault-in logic. Fixes: 3762e905ec2e ("KVM: s390: use __kvm_faultin_pfn()") Signed-off-by: Claudio Imbrenda Acked-by: Christian Borntraeger Reviewed-by: Steffen Eiden --- arch/s390/kvm/kvm-s390.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index ebcb0ef8835e..62f04931b54d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -5520,9 +5520,21 @@ long kvm_arch_vcpu_ioctl(struct file *filp, } #endif case KVM_S390_VCPU_FAULT: { - idx =3D srcu_read_lock(&vcpu->kvm->srcu); - r =3D vcpu_dat_fault_handler(vcpu, arg, 0); - srcu_read_unlock(&vcpu->kvm->srcu, idx); + gpa_t gaddr =3D arg; + + scoped_guard(srcu, &vcpu->kvm->srcu) { + r =3D vcpu_ucontrol_translate(vcpu, &gaddr); + if (r) + break; + + r =3D kvm_s390_faultin_gfn_simple(vcpu, NULL, gpa_to_gfn(gaddr), false); + if (r =3D=3D PGM_ADDRESSING) + r =3D -EFAULT; + if (r <=3D 0) + break; + r =3D -EIO; + KVM_BUG_ON(r, vcpu->kvm); + } break; } case KVM_ENABLE_CAP: --=20 2.53.0