From nobody Sun Apr 5 16:28:59 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA1B040757D; Tue, 24 Mar 2026 17:43:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374193; cv=none; b=kCKMBb2xjpL2fNOgv3ZSS8bXrzNribRECuOjnr9JmME60gyyrTCK9s1ZuH0rpsh57F4OmoN3mBZPDaPPeXLnEIxBjB/ytwOWk+bwqa6l1LgPvd8YpiReI/7JOH6i2xAY7qEi4GoEZ8SgRe75PD0r6EmKU/e9SQK41w714qsp0QQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374193; c=relaxed/simple; bh=OJ0YppEpXxWljpnDo2C4R25lit9Ina1zpzH2IgqgCAY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cghi4PqdiIuQRy9gt3DyO1EV2wuY8pTSo0C8ptad/eVHej+Pq9L0XJ/9wk1cbV+I4BdALBOqZ2JXpBonGUbRmwRGKx3j/Rdh2Y15mO89FTTGg0SE9NhK/XFKyY/POMV8CKV72IJ+vEkrXXwrB2hUU1TAYmGKG8e2BpG56iM5tdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=BnTh1ujn; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="BnTh1ujn" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62O69eRr018998; Tue, 24 Mar 2026 17:43:09 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=oDSu/bQDxMYWLBwio nStkeQoi6NLCfGdNBrHSiGUtoI=; b=BnTh1ujnDHuc5HiFug11tMO7Cb8JFBbzk K89I23eamCDJ6hEe0Iny4ime0NsXiw6lAx4u2krsSACZWQ8mfu2jieE9sWEIteGn 54S0s7ALVHA2C7CI7c3Crh3/VOAgEg6+X0778UGBGYZ4v6lFLEm1vOhQtjENXdMs RP8ahhyzaHHGkSWbiRwU7CyvuTM6/Rv7NRj9K4B6BtaYkfoOQeENSGbGP3sZm0DF 3F2P0+g8y14TbhvXResyZn/S6bXAhboC4H7oW/G/xnsflltMVGebvJekKReS00az UTzNgxcLqzRhHqQC14+j9FEYKyX7xwAZ2MDYc1Dm4jMsl7VrGuzKg== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1ktxvwcd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:09 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OGPlvR026698; Tue, 24 Mar 2026 17:43:08 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d275ku11c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:08 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHh4gn47251880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:04 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 728C320040; Tue, 24 Mar 2026 17:43:04 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4CFF72004B; Tue, 24 Mar 2026 17:43:03 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:03 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 1/9] KVM: s390: vsie: Fix dat_split_ste() Date: Tue, 24 Mar 2026 18:42:53 +0100 Message-ID: <20260324174301.232921-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=IqITsb/g c=1 sm=1 tr=0 ts=69c2cd2d cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=LsQdvuOhCgcXfIND9tsA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfX0rLEKvHtKFrS GMuhW8WLhSo+uZtLw9TMMgkvBXtlK4Z4Ad9YijoR8fnHTsX9+N1F8H3UgZZVqh0hs2Kk72/qdGg Fr4UGR1VM37dEnPVwxD2H8HphbhsF4QC+kvpRrzGG/9Jhd2tVIl5hjBrsbCZ3qFiMrnhi8q8IHu mT6VXVkqMByKlxBBvdSqBDPHSmnvPJ+5+N0fy6QpM6ZIPfXNxNpfT6ku5mTejwedBhsSWkTNc2Q 5K2aTod/fvSo+nS0uX3LRQ3Ejh4ZgrmeILY/RDTqPKmrJi7MU9o/5+KLGBUoHKmPjWBuHtZD1h1 qlZgM2EJ/JV9fU08Ynugf5xUsK8YJgPpqRO260qbwLJH9ZTAyKwDnG9y5iEMJzFj5dpcKUPYQrx EWWIaFqU2Y91Cez0G7jsTdCgs9zP9cw4fqXVaxJc2BjyShZlKeJhO6b5TYFFVRcTHGR5Ip3Htd2 uvDjFfxQh7Nk/lZW5AA== X-Proofpoint-GUID: jLXuIi1cypaD4PU5w38QWKOU-gQVcrmK X-Proofpoint-ORIG-GUID: jLXuIi1cypaD4PU5w38QWKOU-gQVcrmK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 spamscore=0 impostorscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" If the guest misbehaves and puts the page tables for its nested guest inside the memory of the nested guest itself, and the guest and nested guest are being mapped with large pages, the shadow mapping will lose synchronization with the actual mapping, since this will cause the large page with the vsie notification bit to be split, but the vsie notification bit will not be propagated to the resulting small pages. Fix this by propagating the vsie_notif bit from large pages to normal pages when splitting a large page. Fixes: 2db149a0a6c5 ("KVM: s390: KVM page table management functions: walks= ") Signed-off-by: Claudio Imbrenda Reviewed-by: Christoph Schlameuss Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/dat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 670404d4fa44..48b5f2bcf172 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -292,6 +292,7 @@ static int dat_split_ste(struct kvm_s390_mmu_cache *mc,= union pmd *pmdp, gfn_t g pt->ptes[i].val =3D init.val | i * PAGE_SIZE; /* No need to take locks as the page table is not installed yet. */ pgste_init.prefix_notif =3D old.s.fc1.prefix_notif; + pgste_init.vsie_notif =3D old.s.fc1.vsie_notif; pgste_init.pcl =3D uses_skeys && init.h.i; dat_init_pgstes(pt, pgste_init.val); } else { --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6944740B6CB; Tue, 24 Mar 2026 17:43:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374196; cv=none; b=POHTjf/Z04caYMDlK+umQA4HkIrSIfzWd6d7AaJjSAHDzSN4yb9UTCHDS4qRa83BKWr8y2ZrsO7059VjPFYlxHlIXnhsBzho8cQwkub2eVSm+bwryImhB+iWKesicrsrp/5IyWyrebPfDCe3E5TX80Gk+rtL9rsT0sFLYS9jJ0Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374196; c=relaxed/simple; bh=RP19vbwPQykxAhEcwCrCpOeRXkFJmItbVEB4OXCBRs4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e/VRUukkhxPWb0lDXiWR8m/5yp2augWVDEM7m0V3m8JxJztC92hTBoc/3vbkTnJsN7yDKzR+zbr4ZtZIUYl69SRg3ehq0WryievptyFnPXremCIPJqHeGV1yvOMnb3DHpySFyoeRS/rVtMmoQcHVNly6+AsSY1lXkB5Vlkq8ImE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=hLAEpis6; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="hLAEpis6" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OFOYfk3819926; Tue, 24 Mar 2026 17:43:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=lu+whjh2SksQpJIHI uICy4doZ5n0zpLQfOfvfgY5A9c=; b=hLAEpis6HLTHgn3NSPQT4YMrUiGnXDBFs 3ICutzWqzB/3NFqaoUDIFkijsMsc0eKujljILmoqXTXi2AL/8jJzvQdSzbvRV4b9 7yd/2bpRYP24+0Q7R5vXnSLDki8ukPrWXlDFMCWIxqVvg8XC/SWP4iVDp+18P03+ 6xkORNFdD0hGGXf3BWk45Dgw83sNe3HZiA0y1sKcY3a53ConTntcAKK/symt+PIv uxTm9H+C+p75w6QDcChbK6VJhvQ/+a30TNkohqult7RKAfTznEkdAcLFNGguwhVL OLY0FF1kaz5ZiWowsQkaOT9xjk8SldNlEnSy8EnTnjX6ew1D+9inA== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1ktxvwck-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:11 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OG02Sr008732; Tue, 24 Mar 2026 17:43:10 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d26nnk48k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:10 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHh6pT46268806 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:06 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8B30F20040; Tue, 24 Mar 2026 17:43:06 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D03852004D; Tue, 24 Mar 2026 17:43:04 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:04 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 2/9] KVM: s390: Remove non-atomic dat_crstep_xchg() Date: Tue, 24 Mar 2026 18:42:54 +0100 Message-ID: <20260324174301.232921-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=IqITsb/g c=1 sm=1 tr=0 ts=69c2cd2f cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=UWa3PdyAdGT8wWmJkKEA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfXwO1XM/Ryb1Ai AbRR08FSftwuO64E+m7w2I2ABjrjCJPPokeHmPU5l6EpoqmW3jW8dqKixSphKCoy0rHCz0ndfAd NTndfYKMfnXvXhxa0iW9/vdkksSTFp34uFUjIMOUC4JwnWEjmJVATjENmCndlsovRuT2a2gm7/f zCJi+MY3vFjjTFcXjxiI8F6yjCxKoXBYGYz+Tx+AKezYb2GVRQ/K0G3U/k4lkVGBOmtAlki/r9m w5gVPpz0Pn0mr8kbnEle/OcE1ok2xArOqwbXoPJ+6CzB+hO/GBsSBqeFO1mZSsL71eKta6jfopV jhP09LDfR66SIzbTSfBzl+IoOGosyVAhzTpBdb2rATIckrWs/vp6+J/uMTXOpe5RCv6yf33Oyc3 pHcn32lrIlPwjes1lE2Rtfr08Qvlc8Q+WOX2rvdSDH/cWiMBIiaFSZ1PBsDuWUvZh8926PauOMi EjPQOfrqMpHGsaylhRA== X-Proofpoint-GUID: hXYgKR3zgcAZdRt2i2OAuT1cQGm5BA-3 X-Proofpoint-ORIG-GUID: hXYgKR3zgcAZdRt2i2OAuT1cQGm5BA-3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 spamscore=0 impostorscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" In practice dat_crstep_xchg() is racy and hard to use correctly. Simply remove it and replace its uses with dat_crstep_xchg_atomic(). This solves some actual races that lead to system hangs / crashes. Opportunistically fix an alignment issue in _gmap_crstep_xchg_atomic(). Signed-off-by: Claudio Imbrenda Fixes: 589071eaaa8f ("KVM: s390: KVM page table management functions: clear= and replace") Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 53 ++++++++------------------ arch/s390/kvm/dat.h | 9 +++-- arch/s390/kvm/gaccess.c | 26 +++++++------ arch/s390/kvm/gmap.c | 82 ++++++++++++++++++++++++----------------- arch/s390/kvm/gmap.h | 26 +++++++------ 5 files changed, 98 insertions(+), 98 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 48b5f2bcf172..8ba80b0b4698 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -134,32 +134,6 @@ int dat_set_asce_limit(struct kvm_s390_mmu_cache *mc, = union asce *asce, int newt return 0; } =20 -/** - * dat_crstep_xchg() - Exchange a gmap CRSTE with another. - * @crstep: Pointer to the CRST entry - * @new: Replacement entry. - * @gfn: The affected guest address. - * @asce: The ASCE of the address space. - * - * Context: This function is assumed to be called with kvm->mmu_lock held. - */ -void dat_crstep_xchg(union crste *crstep, union crste new, gfn_t gfn, unio= n asce asce) -{ - if (crstep->h.i) { - WRITE_ONCE(*crstep, new); - return; - } else if (cpu_has_edat2()) { - crdte_crste(crstep, *crstep, new, gfn, asce); - return; - } - - if (machine_has_tlb_guest()) - idte_crste(crstep, gfn, IDTE_GUEST_ASCE, asce, IDTE_GLOBAL); - else - idte_crste(crstep, gfn, 0, NULL_ASCE, IDTE_GLOBAL); - WRITE_ONCE(*crstep, new); -} - /** * dat_crstep_xchg_atomic() - Atomically exchange a gmap CRSTE with anothe= r. * @crstep: Pointer to the CRST entry. @@ -175,8 +149,8 @@ void dat_crstep_xchg(union crste *crstep, union crste n= ew, gfn_t gfn, union asce * * Return: %true if the exchange was successful. */ -bool dat_crstep_xchg_atomic(union crste *crstep, union crste old, union cr= ste new, gfn_t gfn, - union asce asce) +bool __must_check dat_crstep_xchg_atomic(union crste *crstep, union crste = old, union crste new, + gfn_t gfn, union asce asce) { if (old.h.i) return arch_try_cmpxchg((long *)crstep, &old.val, new.val); @@ -894,7 +868,8 @@ static long _dat_slot_crste(union crste *crstep, gfn_t = gfn, gfn_t next, struct d =20 /* This table entry needs to be updated. */ if (walk->start <=3D gfn && walk->end >=3D next) { - dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce); + if (!dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce)) + return -EINVAL; /* A lower level table was present, needs to be freed. */ if (!crste.h.fc && !crste.h.i) { if (is_pmd(crste)) @@ -1072,17 +1047,19 @@ int dat_link(struct kvm_s390_mmu_cache *mc, union a= sce asce, int level, =20 static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { - union crste crste =3D READ_ONCE(*crstep); + union crste newcrste, oldcrste; int *n =3D walk->priv; =20 - if (!crste.h.fc || crste.h.i || crste.h.p) - return 0; - - *n =3D 2; - if (crste.s.fc1.prefix_notif) - return 0; - crste.s.fc1.prefix_notif =3D 1; - dat_crstep_xchg(crstep, crste, gfn, walk->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (!oldcrste.h.fc || oldcrste.h.i || oldcrste.h.p) + return 0; + *n =3D 2; + if (oldcrste.s.fc1.prefix_notif) + return 0; + newcrste =3D oldcrste; + newcrste.s.fc1.prefix_notif =3D 1; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, walk->a= sce)); return 0; } =20 diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 123e11dcd70d..22dafc775335 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -938,11 +938,14 @@ static inline bool dat_pudp_xchg_atomic(union pud *pu= dp, union pud old, union pu return dat_crstep_xchg_atomic(_CRSTEP(pudp), _CRSTE(old), _CRSTE(new), gf= n, asce); } =20 -static inline void dat_crstep_clear(union crste *crstep, gfn_t gfn, union = asce asce) +static inline union crste dat_crstep_clear_atomic(union crste *crstep, gfn= _t gfn, union asce asce) { - union crste newcrste =3D _CRSTE_EMPTY(crstep->h.tt); + union crste oldcrste, empty =3D _CRSTE_EMPTY(crstep->h.tt); =20 - dat_crstep_xchg(crstep, newcrste, gfn, asce); + do { + oldcrste =3D READ_ONCE(*crstep); + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, empty, gfn, asce)); + return oldcrste; } =20 static inline int get_level(union crste *crstep, union pte *ptep) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index a9da9390867d..4ee862424ca0 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1456,7 +1456,7 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t radd= r, union pte *ptep_h, union static int _do_shadow_crste(struct gmap *sg, gpa_t raddr, union crste *hos= t, union crste *table, struct guest_fault *f, bool p) { - union crste newcrste; + union crste newcrste, oldcrste; gfn_t gfn; int rc; =20 @@ -1469,16 +1469,20 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t = raddr, union crste *host, uni if (rc) return rc; =20 - newcrste =3D _crste_fc1(f->pfn, host->h.tt, f->writable, !p); - newcrste.s.fc1.d |=3D host->s.fc1.d; - newcrste.s.fc1.sd |=3D host->s.fc1.sd; - newcrste.h.p &=3D host->h.p; - newcrste.s.fc1.vsie_notif =3D 1; - newcrste.s.fc1.prefix_notif =3D host->s.fc1.prefix_notif; - _gmap_crstep_xchg(sg->parent, host, newcrste, f->gfn, false); - - newcrste =3D _crste_fc1(f->pfn, host->h.tt, 0, !p); - dat_crstep_xchg(table, newcrste, gpa_to_gfn(raddr), sg->asce); + do { + oldcrste =3D READ_ONCE(*host); + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, f->writable, !p); + newcrste.s.fc1.d |=3D oldcrste.s.fc1.d; + newcrste.s.fc1.sd |=3D oldcrste.s.fc1.sd; + newcrste.h.p &=3D oldcrste.h.p; + newcrste.s.fc1.vsie_notif =3D 1; + newcrste.s.fc1.prefix_notif =3D oldcrste.s.fc1.prefix_notif; + } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); + + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); + gfn =3D gpa_to_gfn(raddr); + while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, gfn, s= g->asce)) + ; return 0; } =20 diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index ef0c6ebfdde2..956be4c01797 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -313,13 +313,16 @@ static long gmap_clear_young_crste(union crste *crste= p, gfn_t gfn, gfn_t end, st struct clear_young_pte_priv *priv =3D walk->priv; union crste crste, new; =20 - crste =3D READ_ONCE(*crstep); + do { + crste =3D READ_ONCE(*crstep); + + if (!crste.h.fc) + return 0; + if (!crste.s.fc1.y && crste.h.i) + return 0; + if (crste_prefix(crste) && !gmap_mkold_prefix(priv->gmap, gfn, end)) + break; =20 - if (!crste.h.fc) - return 0; - if (!crste.s.fc1.y && crste.h.i) - return 0; - if (!crste_prefix(crste) || gmap_mkold_prefix(priv->gmap, gfn, end)) { new =3D crste; new.h.i =3D 1; new.s.fc1.y =3D 0; @@ -328,8 +331,8 @@ static long gmap_clear_young_crste(union crste *crstep,= gfn_t gfn, gfn_t end, st folio_set_dirty(phys_to_folio(crste_origin_large(crste))); new.s.fc1.d =3D 0; new.h.p =3D 1; - dat_crstep_xchg(crstep, new, gfn, walk->asce); - } + } while (!dat_crstep_xchg_atomic(crstep, crste, new, gfn, walk->asce)); + priv->young =3D 1; return 0; } @@ -391,14 +394,18 @@ static long _gmap_unmap_crste(union crste *crstep, gf= n_t gfn, gfn_t next, struct { struct gmap_unmap_priv *priv =3D walk->priv; struct folio *folio =3D NULL; + union crste old =3D *crstep; =20 - if (crstep->h.fc) { - if (crstep->s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap-= >flags)) - folio =3D phys_to_folio(crste_origin_large(*crstep)); - gmap_crstep_xchg(priv->gmap, crstep, _CRSTE_EMPTY(crstep->h.tt), gfn); - if (folio) - uv_convert_from_secure_folio(folio); - } + if (!old.h.fc) + return 0; + + if (old.s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap->flag= s)) + folio =3D phys_to_folio(crste_origin_large(old)); + /* No races should happen because kvm->mmu_lock is held in write mode */ + KVM_BUG_ON(!gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY= (old.h.tt), gfn), + priv->gmap->kvm); + if (folio) + uv_convert_from_secure_folio(folio); =20 return 0; } @@ -474,23 +481,24 @@ static long _crste_test_and_clear_softdirty(union crs= te *table, gfn_t gfn, gfn_t =20 if (fatal_signal_pending(current)) return 1; - crste =3D READ_ONCE(*table); - if (!crste.h.fc) - return 0; - if (crste.h.p && !crste.s.fc1.sd) - return 0; + do { + crste =3D READ_ONCE(*table); + if (!crste.h.fc) + return 0; + if (crste.h.p && !crste.s.fc1.sd) + return 0; =20 - /* - * If this large page contains one or more prefixes of vCPUs that are - * currently running, do not reset the protection, leave it marked as - * dirty. - */ - if (!crste.s.fc1.prefix_notif || gmap_mkold_prefix(gmap, gfn, end)) { + /* + * If this large page contains one or more prefixes of vCPUs that are + * currently running, do not reset the protection, leave it marked as + * dirty. + */ + if (crste.s.fc1.prefix_notif && !gmap_mkold_prefix(gmap, gfn, end)) + break; new =3D crste; new.h.p =3D 1; new.s.fc1.sd =3D 0; - gmap_crstep_xchg(gmap, table, new, gfn); - } + } while (!gmap_crstep_xchg_atomic(gmap, table, crste, new, gfn)); =20 for ( ; gfn < end; gfn++) mark_page_dirty(gmap->kvm, gfn); @@ -646,8 +654,8 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, gfn_t p_gfn, gfn_t c_gfn, bool force_alloc) { + union crste newcrste, oldcrste; struct page_table *pt; - union crste newcrste; union crste *crstep; union pte *ptep; int rc; @@ -673,7 +681,11 @@ static int gmap_ucas_map_one(struct kvm_s390_mmu_cache= *mc, struct gmap *gmap, &crstep, &ptep); if (rc) return rc; - dat_crstep_xchg(crstep, newcrste, c_gfn, gmap->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (oldcrste.val =3D=3D newcrste.val) + break; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, c_gfn, gmap-= >asce)); return 0; } =20 @@ -777,8 +789,10 @@ static void gmap_ucas_unmap_one(struct gmap *gmap, gfn= _t c_gfn) int rc; =20 rc =3D dat_entry_walk(NULL, c_gfn, gmap->asce, 0, TABLE_TYPE_SEGMENT, &cr= step, &ptep); - if (!rc) - dat_crstep_xchg(crstep, _PMD_EMPTY, c_gfn, gmap->asce); + if (rc) + return; + while (!dat_crstep_xchg_atomic(crstep, READ_ONCE(*crstep), _PMD_EMPTY, c_= gfn, gmap->asce)) + ; } =20 void gmap_ucas_unmap(struct gmap *gmap, gfn_t c_gfn, unsigned long count) @@ -1017,8 +1031,8 @@ static void gmap_unshadow_level(struct gmap *sg, gfn_= t r_gfn, int level) dat_ptep_xchg(ptep, _PTE_EMPTY, r_gfn, sg->asce, uses_skeys(sg)); return; } - crste =3D READ_ONCE(*crstep); - dat_crstep_clear(crstep, r_gfn, sg->asce); + + crste =3D dat_crstep_clear_atomic(crstep, r_gfn, sg->asce); if (crste_leaf(crste) || crste.h.i) return; if (is_pmd(crste)) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index ccb5cd751e31..19379d162777 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -194,35 +194,37 @@ static inline union pgste gmap_ptep_xchg(struct gmap = *gmap, union pte *ptep, uni return _gmap_ptep_xchg(gmap, ptep, newpte, pgste, gfn, true); } =20 -static inline void _gmap_crstep_xchg(struct gmap *gmap, union crste *crste= p, union crste ne, - gfn_t gfn, bool needs_lock) +static inline bool __must_check _gmap_crstep_xchg_atomic(struct gmap *gmap= , union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn, bool needs_lock) { - unsigned long align =3D 8 + (is_pmd(*crstep) ? 0 : 11); + unsigned long align =3D is_pmd(*crstep) ? _PAGE_ENTRIES : _PAGE_ENTRIES *= _CRST_ENTRIES; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); if (!needs_lock) lockdep_assert_held(&gmap->children_lock); =20 gfn =3D ALIGN_DOWN(gfn, align); - if (crste_prefix(*crstep) && (ne.h.p || ne.h.i || !crste_prefix(ne))) { - ne.s.fc1.prefix_notif =3D 0; + if (crste_prefix(oldcrste) && (newcrste.h.p || newcrste.h.i || !crste_pre= fix(newcrste))) { + newcrste.s.fc1.prefix_notif =3D 0; gmap_unmap_prefix(gmap, gfn, gfn + align); } - if (crste_leaf(*crstep) && crstep->s.fc1.vsie_notif && - (ne.h.p || ne.h.i || !ne.s.fc1.vsie_notif)) { - ne.s.fc1.vsie_notif =3D 0; + if (crste_leaf(oldcrste) && oldcrste.s.fc1.vsie_notif && + (newcrste.h.p || newcrste.h.i || !newcrste.s.fc1.vsie_notif)) { + newcrste.s.fc1.vsie_notif =3D 0; if (needs_lock) gmap_handle_vsie_unshadow_event(gmap, gfn); else _gmap_handle_vsie_unshadow_event(gmap, gfn); } - dat_crstep_xchg(crstep, ne, gfn, gmap->asce); + return dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, gmap->asce= ); } =20 -static inline void gmap_crstep_xchg(struct gmap *gmap, union crste *crstep= , union crste ne, - gfn_t gfn) +static inline bool __must_check gmap_crstep_xchg_atomic(struct gmap *gmap,= union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn) { - return _gmap_crstep_xchg(gmap, crstep, ne, gfn, true); + return _gmap_crstep_xchg_atomic(gmap, crstep, oldcrste, newcrste, gfn, tr= ue); } =20 /** --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFEFA40B6D6; Tue, 24 Mar 2026 17:43:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374195; cv=none; b=XNdshLInCVxv9HNVyW/BPkG3Sc0SPApkACpVTZ0MSTFawz+Vqs/GietMqVVqq8BeU/4F90SZUTsLa1PqWyva/eF8sxgLi+gT7LomzDTg7fiiEzGhnGcver8oW7e6u/aUK8cZ90XSlrAiEQjjrXK0e0N/w8rUuTXRftmsiW8tzfk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374195; c=relaxed/simple; bh=AD1Wo2ci/5DqF4gGSVesfq5rSxmCnlBmXMXYiJZ+rMg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tjJ3jhyRoxf5S/bBNSdjlzHX1VdZNILHMWANZMt71wrtojIPBTdVFw+tiH3mRsmTLILvb+ZMs036Bm4+/YeRO5FuqjyUsDyYtwWoC/EOWSyCaVGVrNRRiT0c0rF6I9UsMkA6XBlRxctPeZWDjJ53kT0MsePrfDchVTaLJH94HTU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=tC79Mmkk; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="tC79Mmkk" Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OEp8q33448655; Tue, 24 Mar 2026 17:43:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=lTiUuR+K7zie45gtF ik5T0EO3v+6hZxFUJ+mJC7sVzA=; b=tC79MmkkIfa/FcAqGV7yL4FTJkLIW8XTY jJevYnoyagRYjWdVewrJvg0ucfQkdL2G27qHTHoLdrTj+plarV4TCpn8Zt22fUqE iY5/O60uM9fRy5hot4JG/TBPwS6x6F3fVojh/ZplfEOuBRnVtPZIKMDOGJ6Ncn+p /IijYtWDaJU8VZ7NocE8kYqTvqV/EIsIUVBX0IJMwQZ74FUHEPbh0R0MY97RfXrv xA+HB/lLprVD2Cs8T6MdZKVp1BraUo8M++ACETfn9/RHVwPjeN8Cos+5Twp15zgx NHs3vKkyJ55Ks9T/KdRCWZDC3jVOuF35/3CI2opmRa+3IkWJQPwQQ== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kw9vwks-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:12 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OGIHeY026797; Tue, 24 Mar 2026 17:43:11 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d275ku11h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:11 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHh7mV31195486 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:07 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ABA7F20040; Tue, 24 Mar 2026 17:43:07 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AFE8320043; Tue, 24 Mar 2026 17:43:06 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:06 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 3/9] KVM: s390: vsie: Fix check for pre-existing shadow mapping Date: Tue, 24 Mar 2026 18:42:55 +0100 Message-ID: <20260324174301.232921-4-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: oz2qMi1cPC74z_6ZkBpdOD8DY2HohzGc X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfX+tmurLHFGu2y dE/mUlBMSP5kBbTnZkkXPfkq9E8kDhsZZQBId5VMPEZPgXvPwMVZLmjMaXDafJhipK8KFRkhOet oYEkBwclGur7kjz1GTfXxwVXplQyRTaOrvWRfSzDkm/863pMwpViZ6TjPJenVO0Q+xsYRJIkWQh Efdwmlyp5ZIrHQ52XXzraK1qPhPT7yN7AXiyiu1fYuwJUHPKVxOaXwS69pDgjptcR1RrbmxvVGG oTJHxBQZ67hs7PTEeYgVApcad/Srl5+TSiyLilPDDmSf4RDee00rTINOiMFXVZsZ4C0gVQwWjsa 7tCRk1FwYgfPT7LEOdG5fPY+F4aKSABd5zZp+amXyXtFh1Y2vjbPmQM1nkdaoHr4AvLO0q3vDqk Ru+h0WMxLeTRwIJkdIZG5WDuU39rEOhaibBRhkUM/JVm7j7PR4UR/i0jHXtBb54APlSxFtX/iBq gcF2gJvzX8nf+QkD5jQ== X-Proofpoint-GUID: oz2qMi1cPC74z_6ZkBpdOD8DY2HohzGc X-Authority-Analysis: v=2.4 cv=OsZCCi/t c=1 sm=1 tr=0 ts=69c2cd30 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=IDpXgTtpuR7I2MJaEF4A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 clxscore=1015 phishscore=0 suspectscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 spamscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" When shadowing a nested guest, a check is performed and no shadowing is attempted if the nested guest is already shadowed. The existing check was incomplete; fix it by also checking whether the leaf DAT table entry in the existing shadow gmap has the same protection as the one specified in the guest DAT entry. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/gaccess.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 4ee862424ca0..8fd690255e1b 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1506,8 +1506,9 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, if (rc) return rc; =20 - /* A race occourred. The shadow mapping is already valid, nothing to do */ - if ((ptep && !ptep->h.i) || (!ptep && crste_leaf(*table))) + /* A race occurred. The shadow mapping is already valid, nothing to do */ + if ((ptep && !ptep->h.i && ptep->h.p =3D=3D w->p) || + (!ptep && crste_leaf(*table) && !table->h.i && table->h.p =3D=3D w->p= )) return 0; =20 gl =3D get_level(table, ptep); --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB41440825A; Tue, 24 Mar 2026 17:43:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374213; cv=none; b=b3SgKcB95tTSg7d23LGiMJ2UPzTQTdxPyx+dxz9KtLcuuVYJE2pCKT7gOtjq/Zpp8MqX1UZfdmLMA4VV0tQD76mvIuOR9XYnVhkngdpNzPLrJ1pIRdrtyrZrf03BX5ib6dgfVPJ6FPBj54ro5ow1+jvXnHQUTwXH6Wo1ccoXhTE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374213; c=relaxed/simple; bh=2FFG5PWZUjng06lfMkc3vXvKO3PiSocEQu21vSTpMVE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kR8Q6hVVR2jtv5doXuMdDhmOTqKBdaNDsIIpCLxFO+SiswzUtIPKzbNv9LyaDc2sNNSRT87qMq18GEl5+NJ6bvacp4Ps7gK80XFmytPt0Gg+r50Ytc7XE6UUIFIXn9A7u1oFSNeMuCBNOvUtI/5fTxkfe7uaS+q+BipmFT8oT8Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=cpAlMXFx; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="cpAlMXFx" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OFnHwA4115693; Tue, 24 Mar 2026 17:43:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=eQDWFxksAgzoKtvrt eYUE92VENhC3nHdFpzzuFnPjMA=; b=cpAlMXFxGyu/oH0OnqalvF3sw/olq6BYo ySm2zRu+5jMSFgmTj2PtJrFlmJwtv9lDmd2muyWSdbWsF4ikkkXSAjthUmdHB60x Y9/t1sXtRfLI45+7hkVL5CNTEQt9XDV4Qcm9nviEMTrAWp+Fu4+CWdHnKfKQXNa6 OvdCYETuQQPH1hXoKKd2v1nvEJH/D3KLoBmhcTNbtl6uo9eIGO2wL0NmE7VBLS1l kIAPqSuvQ3HU+5d65DQVDR2+vrkjDRkRqNaX0hxRdXoAyXp5LD5jxtxz32bcHMAH RLEyMuVi2+7k5sqR/IzFtHF/GoHaxlAs4CevsLOFXkyiBEhy54Jgg== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1ktuv9sw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:13 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OGHYYQ011824; Tue, 24 Mar 2026 17:43:12 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d27vk2w89-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:12 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHh9qD46465404 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:09 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F33C520043; Tue, 24 Mar 2026 17:43:08 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D6F7E20040; Tue, 24 Mar 2026 17:43:07 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:07 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 4/9] KVM: s390: vsie: Fix nested guest memory shadowing Date: Tue, 24 Mar 2026 18:42:56 +0100 Message-ID: <20260324174301.232921-5-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: G83uT9_G-yK4hfY_x1x7tVvm7Bz6PgpQ X-Authority-Analysis: v=2.4 cv=aMr9aL9m c=1 sm=1 tr=0 ts=69c2cd31 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=KVoM4faz5-s9vnlyq5YA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfX8kfoYCdkTtQb HD4yyuYp/R4Xbds5FBhA4cOmqe1VR066lKTEkBdP4wzma8fDFwiw4T5kYMcVkkzvBu8aeIC+FDZ 4o9sP1RjDLkAFyDh2lVDA54zLwDhsbhyQ2876enW6q0GeO+AUCcpQPMNxkYDWeYjuBVeJZSQ3Fe f/1+hIbg9ymr79J4K+lESK3+DGecL/WJqcBxo1WOMgoRrmc9DFXIBwMiqNj+kcbQ1n4EDebVIxo 9T3wo0DCsmrcLJbv4USwWF4zcv5RKH4d5WNvML/X1EbFA4v2opFb57Wr93f/q1rbY2ns9SliMVb isZvgWxxJVzoZTsARzXm6CyKfUn54G6zjebrVkFffHOfdYEPut+b1b6MZ4q2CROWvpZCs9IYz+I MVwzj0wrO3rZpGJwWvsncAn61EsjDQGmQCB0H5k+ViapAjr3WRuHcyRtSKFwoljQKQkhbtW+zrC x5v30N3HVnU8P8zHu+w== X-Proofpoint-GUID: G83uT9_G-yK4hfY_x1x7tVvm7Bz6PgpQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 malwarescore=0 suspectscore=0 phishscore=0 priorityscore=1501 bulkscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" Fix _do_shadow_pte() and _do_shadow_crste() to properly mark the guest page as dirty if the shadow mapping is writeable but the guest mapping was write-protected and becomes writeable. Fix _do_shadow_pte() to use the correct pointer (guest pte instead of nested guest) to set up the new pte. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 8fd690255e1b..70703bf866db 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1437,9 +1437,11 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t rad= dr, union pte *ptep_h, union if (!pgste_get_trylock(ptep_h, &pgste)) return -EAGAIN; newpte =3D _pte(f->pfn, f->writable, !p, 0); - newpte.s.d |=3D ptep->s.d; - newpte.s.sd |=3D ptep->s.sd; - newpte.h.p &=3D ptep->h.p; + newpte.s.d |=3D ptep_h->s.d; + newpte.s.sd |=3D ptep_h->s.sd; + newpte.h.p &=3D ptep_h->h.p; + if (!ptep_h->s.d && newpte.s.d) + SetPageDirty(pfn_to_page(newpte.h.pfra)); pgste =3D _gmap_ptep_xchg(sg->parent, ptep_h, newpte, pgste, f->gfn, fals= e); pgste.vsie_notif =3D 1; pgste_set_unlock(ptep_h, pgste); @@ -1477,6 +1479,8 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni newcrste.h.p &=3D oldcrste.h.p; newcrste.s.fc1.vsie_notif =3D 1; newcrste.s.fc1.prefix_notif =3D oldcrste.s.fc1.prefix_notif; + if (!oldcrste.s.fc1.d && newcrste.s.fc1.d) + SetPageDirty(phys_to_page(crste_origin_large(newcrste))); } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); =20 newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9BE940823F; Tue, 24 Mar 2026 17:43:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374207; cv=none; b=XhHoA0m/+YZWaun4+gGbKDsfTwZ5FJSZlG6geX5lEFsd6WFFd/YGlX07wX3yFqI7soFTmFN63GJoud5z0PPprfGxU6Zz7va8AgYbw7McQOBvWHD0maE4DAqgWPhA4SbgeTc7I3VO4QwOnM3uwlcR3fQjhMnoEkYfVSAn8eLZS2Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374207; c=relaxed/simple; bh=geOCRXU7oMQ99+G7u/sKGQlk8E00TUceeYK8OL2A2Xk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S5uOXL49OyoDXBns31nNbzffK/3Ff11ClOpjDObJWFbrmLKVnQKRsS9QyyrO9/0loiogsPF1apoXlVatUm0TgXoh4Cq3TVqIaXaw9sqjc/1kN85Stc6n/OchfvEDJJ1R3clxV8JaqcF0dCWpGjsDT3F9Fodls6wSrYn8QLmVL7Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=bbGJGQrT; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="bbGJGQrT" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OFSKXu3792418; Tue, 24 Mar 2026 17:43:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=8dfSGCnyP4m1Lop63 yHDyFZ741TrisGV/vG6J+hB02c=; b=bbGJGQrTHECqUtHENP+qUvGH03dCKzMXe Zw880VdHQ5WIitLyiq+kGWrTWZ/Nb3ABeuiLSjpABJaANttKlwkBhIhMBKEfz0CG KqKRJx8sS+56h5K1rpMTsr06Kz//HPzjSpn7X5qWd/DWt1k5o+bLsE5vxNnThn4h MtJL9EKNrcWTfPzKKlH3gAuI6k8CMfx6HwGBGHTdBEaRaSFwqntZpsHEjGj7+In9 YkkQCBL0Qc/XgZQ66taOWs7bVXRo3uDWEclegGx7vGRbLSrA94qgYTtUci/n2SrG mV8QCCVF11ubQJ9tQyoXMCQLfo9JWOZe8yLCTQSjq17ZeAU3SUPJg== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kxqcxdc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:15 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OG6SuP026681; Tue, 24 Mar 2026 17:43:14 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d275ku11k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:14 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHhAQK15860044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:10 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3AB2120043; Tue, 24 Mar 2026 17:43:10 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 23DCD20040; Tue, 24 Mar 2026 17:43:09 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:09 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 5/9] KVM: s390: Fix gmap_link() Date: Tue, 24 Mar 2026 18:42:57 +0100 Message-ID: <20260324174301.232921-6-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: b1R8KCOTqTnwaCekzKAtGC1wR5YfgHGH X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfXwICDE4YlJp5d zSGFw9dRmDzzXfH0aDwgwbSwaM+WA/KBhKVce4hbLWGkxnSHpsu0n8ix20k0v8XY1XLnXN8kNGz m3z3V3D4ZK/hyWBn1qAoX4Hrh294Kj4Vv5OoBxHUllnP0IG3Op8YPbAY8GmGa96Mezpjw+0Do0I uD/2Ujo6OlJhLr05GM+LfnO6g4UezUROcj/Y71bbYEB5XOStgYye4AICarxC1YsZm29Y/CKifZ3 +XLXTml2VFoAhm8U2AMt6PrlxrYR1f9ktxbpmJRVoQF7MB2nmlFmYv9GcHprnhYNbRAC4vh+msC TAyDimSTg/RICm/rxSb1DvVWVhbMm4guMRlKCGhf6Fmxljt6Jbd7hkhAxeLoZOicSVlK4EZ52C3 5iucBtYgjx83Q7JrVoAH7/Rv3xQLUYfr/gjLpLT/qp2AmXuy8KhTFxsRdNALgmO8Ln1rjdqARgg Uev8Rl/0nbaNYY2Iegw== X-Authority-Analysis: v=2.4 cv=bLEb4f+Z c=1 sm=1 tr=0 ts=69c2cd33 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=jDauOpCy_z-6rDg_B6MA:9 X-Proofpoint-GUID: b1R8KCOTqTnwaCekzKAtGC1wR5YfgHGH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" The slow path of the fault handler ultimately called gmap_link(), which assumed the fault was a major fault, and blindly called dat_link(). In case of minor faults, things were not always handled properly; in particular the prefix and vsie marker bits were ignored. Move dat_link() into gmap.c, renaming it accordingly. Once moved, the new _gmap_link() function will be able to correctly honour the prefix and vsie markers. This will cause spurious unshadows in some uncommon cases. Signed-off-by: Claudio Imbrenda Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 48 ------------------------------------- arch/s390/kvm/dat.h | 2 -- arch/s390/kvm/gmap.c | 56 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 52 insertions(+), 54 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 8ba80b0b4698..a4f482bd3077 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -997,54 +997,6 @@ bool dat_test_age_gfn(union asce asce, gfn_t start, gf= n_t end) return _dat_walk_gfn_range(start, end, asce, &test_age_ops, 0, NULL) > 0; } =20 -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f) -{ - union crste oldval, newval; - union pte newpte, oldpte; - union pgste pgste; - int rc =3D 0; - - rc =3D dat_entry_walk(mc, f->gfn, asce, DAT_WALK_ALLOC_CONTINUE, level, &= f->crstep, &f->ptep); - if (rc =3D=3D -EINVAL || rc =3D=3D -ENOMEM) - return rc; - if (rc) - return -EAGAIN; - - if (WARN_ON_ONCE(unlikely(get_level(f->crstep, f->ptep) > level))) - return -EINVAL; - - if (f->ptep) { - pgste =3D pgste_get_lock(f->ptep); - oldpte =3D *f->ptep; - newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); - newpte.s.sd =3D oldpte.s.sd; - oldpte.s.sd =3D 0; - if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { - pgste =3D __dat_ptep_xchg(f->ptep, pgste, newpte, f->gfn, asce, uses_sk= eys); - if (f->callback) - f->callback(f); - } else { - rc =3D -EAGAIN; - } - pgste_set_unlock(f->ptep, pgste); - } else { - oldval =3D READ_ONCE(*f->crstep); - newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, - f->write_attempt | oldval.s.fc1.d); - newval.s.fc1.sd =3D oldval.s.fc1.sd; - if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && - crste_origin_large(oldval) !=3D crste_origin_large(newval)) - return -EAGAIN; - if (!dat_crstep_xchg_atomic(f->crstep, oldval, newval, f->gfn, asce)) - return -EAGAIN; - if (f->callback) - f->callback(f); - } - - return rc; -} - static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { union crste newcrste, oldcrste; diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 22dafc775335..efedcf96110c 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -540,8 +540,6 @@ int dat_set_slot(struct kvm_s390_mmu_cache *mc, union a= sce asce, gfn_t start, gf u16 type, u16 param); int dat_set_prefix_notif_bit(union asce asce, gfn_t gfn); bool dat_test_age_gfn(union asce asce, gfn_t start, gfn_t end); -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f); =20 int dat_perform_essa(union asce asce, gfn_t gfn, int orc, union essa_state= *state, bool *dirty); long dat_reset_cmma(union asce asce, gfn_t start_gfn); diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 956be4c01797..03e15b5e0b9a 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -631,10 +631,60 @@ static inline bool gmap_1m_allowed(struct gmap *gmap,= gfn_t gfn) return test_bit(GMAP_FLAG_ALLOW_HPAGE_1M, &gmap->flags); } =20 +static int _gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, in= t level, + struct guest_fault *f) +{ + union crste oldval, newval; + union pte newpte, oldpte; + union pgste pgste; + int rc =3D 0; + + rc =3D dat_entry_walk(mc, f->gfn, gmap->asce, DAT_WALK_ALLOC_CONTINUE, le= vel, + &f->crstep, &f->ptep); + if (rc =3D=3D -ENOMEM) + return rc; + if (KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm)) + return rc; + if (rc) + return -EAGAIN; + if (KVM_BUG_ON(get_level(f->crstep, f->ptep) > level, gmap->kvm)) + return -EINVAL; + + if (f->ptep) { + pgste =3D pgste_get_lock(f->ptep); + oldpte =3D *f->ptep; + newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); + newpte.s.sd =3D oldpte.s.sd; + oldpte.s.sd =3D 0; + if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { + pgste =3D gmap_ptep_xchg(gmap, f->ptep, newpte, pgste, f->gfn); + if (f->callback) + f->callback(f); + } else { + rc =3D -EAGAIN; + } + pgste_set_unlock(f->ptep, pgste); + } else { + do { + oldval =3D READ_ONCE(*f->crstep); + newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, + f->write_attempt | oldval.s.fc1.d); + newval.s.fc1.sd =3D oldval.s.fc1.sd; + if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && + crste_origin_large(oldval) !=3D crste_origin_large(newval)) + return -EAGAIN; + } while (!gmap_crstep_xchg_atomic(gmap, f->crstep, oldval, newval, f->gf= n)); + if (f->callback) + f->callback(f); + } + + return rc; +} + int gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, struct gue= st_fault *f) { unsigned int order; - int rc, level; + int level; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); =20 @@ -646,9 +696,7 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau else if (order >=3D get_order(_SEGMENT_SIZE) && gmap_1m_allowed(gmap, f-= >gfn)) level =3D TABLE_TYPE_SEGMENT; } - rc =3D dat_link(mc, gmap->asce, level, uses_skeys(gmap), f); - KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm); - return rc; + return _gmap_link(mc, gmap, level, f); } =20 static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E60A40FD92; Tue, 24 Mar 2026 17:43:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; cv=none; b=SxadN1kCOY3IgDcvzsPerRXSiAychfONJXOM/5FM+SOl5JUH/UdjsQtPJRYQ+KNRdQvavo7be3a6p5XLsALH4o6eVvqfx0+ccIUvF4zK/xOLFCMmkcTqLZqOZZJUIp3AKcA/TVQfASA2SJytB/+QLM/IIzKCXEwMrjeqab/3m+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; c=relaxed/simple; bh=MHdHLXyH7iuszd98LWnqBxEDGf2GEpHU/fgdAeQvjjg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Pb+D/u2+77bd8Oki20sX2w1kWCQN6lZAIIxKe0N+hJ0kFBXMu5vVMz8dAN4AoHa9/7DGwb0sneGHRyHg19tKBbDqqdYEt5KDye8fq4qwy8sHxBYEHr0dMQR+9u4FRioOhcKJ1IZ+uz9L74lkmDfzPle4QlZE+AMBUbsOF70WSPQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=lEtEaAUW; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="lEtEaAUW" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62ODWmR13255707; Tue, 24 Mar 2026 17:43:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=vT3yYaXEv73JcuJ65 PY4vf5XD+MWDZsakgN4+t2qViA=; b=lEtEaAUW46DsMEMIxqaLlJl2LJsS1pB9L vCqMaZvJsXc4OSYhNyTzIqPteJPe9vFb9NJlJGwdz26ci9/zRlCR2BXufRtrS2Si Utb5qXnh4olOc5UHxV28EdfVqYQrGLVrZrThbezDPMPAR2T/4isHWv4RllbIsSOx PyFtd5xTX6UBZmmzl2k5T+rvbFHP7M+EfUE6Rssk93LqYaBRfyq8i8zXoibwrFi5 V8Cc9XUuNFUAESWex4s/nXp/ERVbhrt84egRCAo5SXpyB+eWCXE/knUADNgWfubJ vdqOon2gOz56BB2UylTQC/pKuATwTXamXhPmveMD+iBwMAdtFDpnQ== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kummb38-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:16 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OFVmjC005996; Tue, 24 Mar 2026 17:43:15 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d261yk6yy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:15 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHhBdc61866418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:11 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 91CF120043; Tue, 24 Mar 2026 17:43:11 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F1AB20040; Tue, 24 Mar 2026 17:43:10 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:10 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 6/9] KVM: s390: vsie: Fix refcount overflow for shadow gmaps Date: Tue, 24 Mar 2026 18:42:58 +0100 Message-ID: <20260324174301.232921-7-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 5APyQLQE2ZWC_LEL3f5YnGqVOMscAHEB X-Proofpoint-ORIG-GUID: 5APyQLQE2ZWC_LEL3f5YnGqVOMscAHEB X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfXwvqmtl5qBFyN SJjHaB4PUzpodQ23DlJMVD3cSrMbZWxACHv8nbz1lorMLsZuT1s0cdNCKWH08KuCKcxLPqeKPu2 5ujCjlbEaHKZFTtmwAxkkStGY65+9Jgg0uhZqQPCcOzIwJdDP+iKfKTLjMtwWNp7spmJFv5qohK mDNERRSqNTuArnCigZs7VOxvArpWtvJwOceNXkPLcnEr+5YhcxcpQ7cv2ekpqqkAbVGHuvHLnI5 yZerrTSeiavtYgVta2Mu/1lTQPJ0nJ0f6uvS2Cm/uQDDW2XrSwRW9fiRZAWpVzPoQNFv0zygumU /ek9fB/u+dZ6zB1HZqbGnZp3VjWzTaOnEg6SLdpWYzDMpwfHtibrNKKUhS7B0I9XGUHs1KPXqrx GCHEtH58bj4CgY3q75wAVa1WiJG+h7/9fH0w2CYnVJDerE0SRrU3pVqmNuyQrekDP8MB2EH5yBp 5XkapuES4qYDEFl5YXQ== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c2cd34 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=h1h-QmE6hYAJ3QnyM7YA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" In most cases gmap_put() was not called when it should have. Add the missing gmap_put() in vsie_run(). Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/vsie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 0330829b4046..72895dddc39a 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1328,7 +1328,7 @@ static void unregister_shadow_scb(struct kvm_vcpu *vc= pu) static int vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { struct kvm_s390_sie_block *scb_s =3D &vsie_page->scb_s; - struct gmap *sg; + struct gmap *sg =3D NULL; int rc =3D 0; =20 while (1) { @@ -1368,6 +1368,8 @@ static int vsie_run(struct kvm_vcpu *vcpu, struct vsi= e_page *vsie_page) sg =3D gmap_put(sg); cond_resched(); } + if (sg) + sg =3D gmap_put(sg); =20 if (rc =3D=3D -EFAULT) { /* --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E6D040FD9A; Tue, 24 Mar 2026 17:43:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; cv=none; b=brKu036emZIpHmLJ4jraNJsMbJpKnNgA0/WQd7hOAuLQPM6gpj1EPIgslbqEAVKfl8QX4+mIvqcu+sCh1i+YuBKgxM6Ot6VEwc1RI5Ca2kTDsPv4MaLrJBWhddnzvGEQisy9cZxFZUzKpcjuXMgobOXFF6HcrD2NqWfeZCb5dtM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; c=relaxed/simple; bh=LywnmmB1veD9IRuqCGaNQJXejNEdWWcrOxFCfSTG8Hg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Oo8XqSSzLUCIZW7QO41MB5LHdkdQJWZ8xlWs+AHxqTd3Q3vZStbdSDkdU1DICt7GmEqlg75qD7fO8tY9BvGGK82RniburV2NDUA7YkhTPn5/SlXX0ik7nX9+RDEAcqHxLwVYnXCzKCiG9wAUXdcaN2IjBXD8pQ0alvEYlO/+EaM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=abCAboMl; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="abCAboMl" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OEbKNA3223936; Tue, 24 Mar 2026 17:43:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=la853ipfp+/zOew13 qvgs29vLW1YDNF0T4uyG2fCJAU=; b=abCAboMl1JrDUiF6HVNKlEiVc3bxuyQeA QN5Wwkl8KsMJdy0XcURQxvAN3f6lUNnRWWbYxToQ8yxBd2K9vJV+/g9Zyhezu41I upGBRvs8tLqryRcVLlxHEGID2s0od0s3HQZpBKPs3z4I0y/bC5CsfDNN0uyDdIp2 ICT7hnezxMmkR3BYySMz4mSydMfY0hN7SdecoikQuFIUJShl4dAytD08qnfINtNs c9cdwiGLedctZABErDI1H9zf2tWQh1Cd8oJrx8MsMV23KKLpPS/+lacMc74GLz1t SLd++8cAnKk+R02HToKyBIaseaIvp+3j/RKg+xvo96GVquLGob4jA== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kummb3b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:17 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OFYu23005964; Tue, 24 Mar 2026 17:43:16 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d261yk701-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:16 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHhCVj51446168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:12 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C2E4120043; Tue, 24 Mar 2026 17:43:12 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B5C0020040; Tue, 24 Mar 2026 17:43:11 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:11 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 7/9] KVM: s390: vsie: Fix unshadowing while shadowing Date: Tue, 24 Mar 2026 18:42:59 +0100 Message-ID: <20260324174301.232921-8-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Im_QXWuSV8fmVcba3XpL-GAVlnqPMVyO X-Proofpoint-ORIG-GUID: Im_QXWuSV8fmVcba3XpL-GAVlnqPMVyO X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfXzWtDT5sw1Yfi 7njYnGSCJW2cR0fIPM5FDwm1jV3fU+VeYEyEHA+tZz0GJkk105Se6dvZNl8gfw7DHmHdNhDLUks fs0wgD7gtd67G8sVCpj/E/zpuDCy9R3FHVku2a8NG8hu8tVWG5XkvBwQbbK1NMbqCuNdNVkc2MW 2DZ9wMN8wiBE8dDCeHVDFCgVI57OXPFaddOFAq2oOJ3qse758NqKEo8XHcLEKkUDDNqpWiVyZys JL7vRTLa+dRp9K0IaLWTT+0R1ul02qYv+SUuq02LgtMVe3dIsKEz3FHqLKwOpS0ZYZT5WepV3LH 5LD8wxqDtKFHF5zAmZlcgTeSBm7Soz2lUC+kOfhMr3fFPphIuXsEYW9Z2LK9HJRTwdYDw/pUKeF VA4ZqJKq04eR+16Za/UHf+xNyZGNij6xXmeddwJFQSazWlYDgE4jyvwEGcReqcSDR4YZF535ejS tmhX/039slSJQzspdZw== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c2cd35 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=rP4LS0jab8kgWfQMVEcA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" If shadowing causes the shadow gmap to get unshadowed, exit early to prevent an attempt to dereference the parent pointer, which at this point is NULL. Opportunistically add some more checks to prevent NULL parents. Signed-off-by: Claudio Imbrenda Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Fixes: e5f98a6899bd ("KVM: s390: Add some helper functions needed for vSIE") Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 5 +++++ arch/s390/kvm/gmap.c | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 70703bf866db..0ac2d775d4c0 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1472,6 +1472,9 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni return rc; =20 do { + /* _gmap_crstep_xchg_atomic() could have unshadowed this shadow gmap */ + if (!sg->parent) + return -EAGAIN; oldcrste =3D READ_ONCE(*host); newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, f->writable, !p); newcrste.s.fc1.d |=3D oldcrste.s.fc1.d; @@ -1526,6 +1529,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, entries[i - 1].pfn, i, entries[i - 1].writable); if (rc) return rc; + if (!sg->parent) + return -EAGAIN; } =20 rc =3D dat_entry_walk(NULL, entries[LEVEL_MEM].gfn, sg->parent->asce, DAT= _WALK_LEAF, diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 03e15b5e0b9a..fb9cc40e919c 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -1163,6 +1163,7 @@ struct gmap_protect_asce_top_level { static inline int __gmap_protect_asce_top_level(struct kvm_s390_mmu_cache = *mc, struct gmap *sg, struct gmap_protect_asce_top_level *context) { + struct gmap *parent; int rc, i; =20 guard(write_lock)(&sg->kvm->mmu_lock); @@ -1170,7 +1171,12 @@ static inline int __gmap_protect_asce_top_level(stru= ct kvm_s390_mmu_cache *mc, s if (kvm_s390_array_needs_retry_safe(sg->kvm, context->seq, context->f)) return -EAGAIN; =20 - scoped_guard(spinlock, &sg->parent->children_lock) { + parent =3D READ_ONCE(sg->parent); + if (!parent) + return -EAGAIN; + scoped_guard(spinlock, &parent->children_lock) { + if (READ_ONCE(sg->parent) !=3D parent) + return -EAGAIN; for (i =3D 0; i < CRST_TABLE_PAGES; i++) { if (!context->f[i].valid) continue; @@ -1253,6 +1259,9 @@ struct gmap *gmap_create_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *pare struct gmap *sg, *new; int rc; =20 + if (WARN_ON(!parent)) + return ERR_PTR(-EINVAL); + scoped_guard(spinlock, &parent->children_lock) { sg =3D gmap_find_shadow(parent, asce, edat_level); if (sg) { --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC48C410D1E; Tue, 24 Mar 2026 17:43:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374209; cv=none; b=OUQoXbnUgOoBHFcXmEAeEJuk6Am5g6tVzxqTOch9Uoe6JhW8Rnwnh147CwL0INWzDp+7OmGgb88DvTEUmaeHPYNg5bnKxqI5t5+df3Ey28SEf4voyHfpqbSAz9mvL7reGzHH59BA0WUkt3mXHUvVipqd6Spm0hSVTVuNNBn82QA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374209; c=relaxed/simple; bh=bYiwJyv2dcqDhI7H+Ch1gE5Ig9VLthdVcmh1o5HAfLs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AoUGiFBPwhxMKpssHNb4JgD8/e61K6lmh2UIWdHTMvwDTtQJKiLLv3xcyrYTq5ZV+kCz/gLmTWwtdN/8Mp7lZ266xYJyee/IEQm94sd5MJ4Wm1tju5T7vCHIFzTGTk2pcr489TZ+Fkyf46mvAhkJzsgZn7nnyxSw6xKHvyLvFD8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Vb4vrWuq; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Vb4vrWuq" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62O9TaDo632924; Tue, 24 Mar 2026 17:43:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=2LfC/9+FnL+kzqIPA vUKlrsfNdWWN69vrQfjhiOfWvk=; b=Vb4vrWuqbQmvlN6duk4Zb45Loy4N3MJ2v TkoKFtmMXM1tlI4+62uCz6/8217aHu7y97FxI5Kpr0NICI7NJLlorqrIu1wy3DAy 0QFu0koRVwfaVZiwuuGbwhbwIU4RhGL7p0vvpe5hmBEmMYak2TPI783bp/0K0uTV RWJcaHnZyNAQXseYxlwyFqnPXrD7DlBp8Cz+HTJrCzr61X47n8HBuUT1oSmGEmVv o6ukDOTJDLeBj3/JqM4JxtojpzMMezFOAlhSSeVrGaiGN1AMDRICohFY8Ymnz3rv 00fD6dr0bh0mMxd4Y5A24iLAmdrvFPl4g3Ej6gTZanS4Bz6SEzvqw== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kummb3e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:18 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OH55ev004369; Tue, 24 Mar 2026 17:43:17 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d28c22ujg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:17 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHhEb024969472 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:14 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1260E20043; Tue, 24 Mar 2026 17:43:14 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E599620040; Tue, 24 Mar 2026 17:43:12 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:12 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 8/9] KVM: s390: vsie: Fix guest page tables protection Date: Tue, 24 Mar 2026 18:43:00 +0100 Message-ID: <20260324174301.232921-9-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: _6Zn4SVFFUFxhLih2Wf7tBwYtc9DrWl4 X-Proofpoint-ORIG-GUID: _6Zn4SVFFUFxhLih2Wf7tBwYtc9DrWl4 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfX9D9bcrpNHNKM ttuCW1BqDgVmw0WvVDeSj9z9hJH94BZV1H/gwqR7bydihGmOILTF40EMR9MDoFubrVXJeYU7YXo mlZXGMZYEJGH44h9sIskV2vjX/U+JZqBypAX7ypnnWcSykO/Ru2/TsSgz/3sqbww+yovUlZxZOD 2O4hrqbd6qZWmpIJ95ceJGiYm9ZkjRI+ark18BWOaGGEVuooPJA+EPQQSnpy74YUK3PpGpTmq0o tzLx0toJtsSgCvRE4sS74iOhxyuDXyxxszH3NJYa7DVle8+Nd1fBHdErxTVFOAaxvOTptTNTTVV afl+Yhyw6yZh6E11VrO0xBdmIXpUppThT4Qy0qpRikLhQTWlObUgFHa+SDq2wFPfnLhC4jvT4qO uByDZmtG+GX8sGAzJpMkLjuifXWKnC67yEFJ4a1Zs0xow8uHmm+akU0EupSN0kGWGiccZoU87HZ yt0nWdjHpvRMAi78kSg== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c2cd36 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=oWLg5jHnNaD6DMA7ueYA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" When shadowing, the guest page tables are write-protected, in order to trap changes and properly unshadow the shadow mapping for the nested guest. Already shadowed levels are skipped, so that only the needed levels are write protected. Currently the levels that get write protected are exactly one level too deep: the last level (nested guest memory) gets protected in the wrong way, and will be protected again correctly a few lines afterwards; most importantly, the highest non-shadowed level does *not* get write protected. Moreover, if the nested guest is running in a real address space, there are no DAT tables to shadow. Write protect the correct levels, so that all the levels that need to be protected are protected, and avoid double protecting the last level; skip attempting to shadow the DAT tables when the nested guest is running in a real address space. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Tested-by: Christian Borntraeger Reviewed-by: Janosch Frank --- arch/s390/kvm/gaccess.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 0ac2d775d4c0..93a757749a6e 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1518,6 +1518,13 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_ca= che *mc, struct gmap *sg, (!ptep && crste_leaf(*table) && !table->h.i && table->h.p =3D=3D w->p= )) return 0; =20 + /* In case of a real address space */ + if (w->level <=3D LEVEL_MEM) { + l =3D TABLE_TYPE_PAGE_TABLE; + hl =3D TABLE_TYPE_REGION1; + goto real_address_space; + } + gl =3D get_level(table, ptep); =20 /* @@ -1525,8 +1532,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, * only the page containing the entry, not the whole table. */ for (i =3D gl ; i >=3D w->level; i--) { - rc =3D gmap_protect_rmap(mc, sg, entries[i - 1].gfn, gpa_to_gfn(saddr), - entries[i - 1].pfn, i, entries[i - 1].writable); + rc =3D gmap_protect_rmap(mc, sg, entries[i].gfn, gpa_to_gfn(saddr), + entries[i].pfn, i + 1, entries[i].writable); if (rc) return rc; if (!sg->parent) @@ -1542,6 +1549,7 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, /* Get the smallest granularity */ l =3D min3(gl, hl, w->level); =20 +real_address_space: flags =3D DAT_WALK_SPLIT_ALLOC | (uses_skeys(sg->parent) ? DAT_WALK_USES_= SKEYS : 0); /* If necessary, create the shadow mapping */ if (l < gl) { --=20 2.53.0 From nobody Sun Apr 5 16:28:59 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8C1040B6C0; Tue, 24 Mar 2026 17:43:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; cv=none; b=cpzUuV3Ng85rLvDQQfHcl3JmE8LyZMLHCulUe5eTAIeTjKaeAq/wxr4wlIAFRyVOEizd/Ss3GyxsavOtmKn2Rk/ygEcF8bf8Y2v5XxYYGdLk9m4enAiLkUqDW9eNAfEDxQtY80RVEfxaXDXqZDftr+ybVfO7ohgrfvYZb+r1A0Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774374206; c=relaxed/simple; bh=MF+Zuv+lsaPruI6piauc3ZYmB9fzDQCGBuH85He0KhY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=snY9gWo/5PKEl33LAUMg/aC+QvYYag15IoQopFIFSjJRdZ9etXsjwy+c3xabYkq72pJawdhlqcrzpDn62fdEuisPjJi6YkKFxWPltZ/WGg06fdycpb3gR5bEjoEGsbQxnTitKAsOQtP0CSs1nBe8Jmh/tNHZOrVPxawmHOvmb+o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=QrSZU7UZ; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="QrSZU7UZ" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OGjmKt3340564; Tue, 24 Mar 2026 17:43:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=nOxwK00xduMxcZUaX ts66Eik8r+8wlNhFapP0KVtJco=; b=QrSZU7UZLIkhZj5gMEfaR7bOXbj6bEBwd SwZwbiGW/zoO9CZXRsMCPaqOCjY3iuc5rbN05rymMDYKDCscSgHAK2SMXftf6KP4 hnEUjqY668i+YokWBY7YfqBcsOqdB2Yi1R2rO0zrlwi7S/865D8DTqBWKkhG8UdT rFs5JWL6SoHeZxTE1WTaIB8aW1UgDUe/TJw89/+WLKrF7SQ5MVT51v4+fMUOTOVX 2bO7i2+lLlkP4uxdab4x6jj1cn2Y1+47WiDOO6qLajoI7kapORKh9kaEwMog7IEN jQQVCm7M/ShwwhI1V5IYauMaDwzLRIreovi/6G3bQfDxSYeND/BOg== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1ky047y8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:20 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62OFCnds005969; Tue, 24 Mar 2026 17:43:19 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d261yk706-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 17:43:19 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62OHhFrm36634996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 17:43:15 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 718CA2004D; Tue, 24 Mar 2026 17:43:15 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3628A20040; Tue, 24 Mar 2026 17:43:14 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.26.26]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 24 Mar 2026 17:43:14 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v3 9/9] KVM: s390: Fix KVM_S390_VCPU_FAULT ioctl Date: Tue, 24 Mar 2026 18:43:01 +0100 Message-ID: <20260324174301.232921-10-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324174301.232921-1-imbrenda@linux.ibm.com> References: <20260324174301.232921-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzNCBTYWx0ZWRfXxX8x8OkN/FAq ahJiijR5E1VyKbibd00BX84zaO6dpRqxhqk29939DRJINomceaeAkTFtThHVjezb9whkRuqrjIk tMO7aQ/17tRLsHr92QhV1vX47/dmjFpQO2jgNtX5sNRgsB1JHdLclKyy4Xb+BjsvrFnbJo7WGj6 akrsR4s5viaJPddedNFlELMvvi3geJB7tWkKqNwaFb0rJ63YXof4YPsfqSXEIdYFSoXTi8Ch70r kdRrOixFgiSkDPvgTnze7zCkpW1sNzV/CQMj+bk+bcVVLv8RdzC3g2oKOeM6T3kODWUX/NxECUb o3+B3+3MuxrWDaBugiWz48hSkGuZfjcDLKv3c+UM1LoOOAcKeYb0lfn/besWWsRpFOnxRDtK4E5 SSsLRD808u70+ZCZKCO7JQxIuwW3dNwCcxw8qNzmDZl2B+NMtPfLFRLGl/bBMhu7X8j8N/9Ah4b P1D9PBAtC1UmvJNptyA== X-Authority-Analysis: v=2.4 cv=JK42csKb c=1 sm=1 tr=0 ts=69c2cd38 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=ikv_JcFPPU8SThzKSe0A:9 X-Proofpoint-ORIG-GUID: wzSVzYxzp_blCfZ8NhEuFTRwc7wNO9Mm X-Proofpoint-GUID: wzSVzYxzp_blCfZ8NhEuFTRwc7wNO9Mm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1015 priorityscore=1501 malwarescore=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240134 Content-Type: text/plain; charset="utf-8" A previous commit changed the behaviour of the KVM_S390_VCPU_FAULT ioctl. The current (wrong) implementation will trigger a guest addressing exception if the requested address lies outside of a memslot, unless the VM is UCONTROL. Restore the previous behaviour by open coding the fault-in logic. Fixes: 3762e905ec2e ("KVM: s390: use __kvm_faultin_pfn()") Signed-off-by: Claudio Imbrenda Acked-by: Christian Borntraeger Reviewed-by: Steffen Eiden --- arch/s390/kvm/kvm-s390.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index ebcb0ef8835e..62f04931b54d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -5520,9 +5520,21 @@ long kvm_arch_vcpu_ioctl(struct file *filp, } #endif case KVM_S390_VCPU_FAULT: { - idx =3D srcu_read_lock(&vcpu->kvm->srcu); - r =3D vcpu_dat_fault_handler(vcpu, arg, 0); - srcu_read_unlock(&vcpu->kvm->srcu, idx); + gpa_t gaddr =3D arg; + + scoped_guard(srcu, &vcpu->kvm->srcu) { + r =3D vcpu_ucontrol_translate(vcpu, &gaddr); + if (r) + break; + + r =3D kvm_s390_faultin_gfn_simple(vcpu, NULL, gpa_to_gfn(gaddr), false); + if (r =3D=3D PGM_ADDRESSING) + r =3D -EFAULT; + if (r <=3D 0) + break; + r =3D -EIO; + KVM_BUG_ON(r, vcpu->kvm); + } break; } case KVM_ENABLE_CAP: --=20 2.53.0