From nobody Thu Apr 2 20:25:28 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A87C81A5B9D; Thu, 26 Mar 2026 13:17:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531056; cv=none; b=PnZIDSKYnO9Cy8OxhB9uGsNZGa32RxSsmA0H8/T0jlDPMAVKCJAy9Bsz6YBMUk9iMA7UbTX1gS8HYSMAidK1w/RHfbvPeDzpi8Es6vNr0Oj0/X/AeQOhb35m78eiphzAyAZSl2P5Ac0R7Pm8aOTf22mqN593OKsGRFdXD9Dc/3I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531056; c=relaxed/simple; bh=OJ0YppEpXxWljpnDo2C4R25lit9Ina1zpzH2IgqgCAY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eMp+T9+1PeLDX95oo3858UnQaWVDwcBDRWgtJNkL7QmrXbr3/oVezn07gfup7SYlKeubzB5RJb3L1zn/nv0vtihpNMNR3N9mzh3JoNOxP/nYds07iMuHD4sh4elKih9scBP+Qv7cEAO1o1QzmpiVubxZyYa0OTnjmSvWqGcPMlw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Tnupxy7B; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Tnupxy7B" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q685V73481709; Thu, 26 Mar 2026 13:17:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=oDSu/bQDxMYWLBwio nStkeQoi6NLCfGdNBrHSiGUtoI=; b=Tnupxy7Bj1qh9vdTyF0lIwpXDPndQnI87 JLS6QsCsSHmfa2fSSqNwUzHo8juOiWss0m6wxKwEg/h48l9RYTAOxF695KKCHj6d jYXJI83nQ4tDgs4r2reXcK2IuJUMKwVeUUO6m4LsSYhqspSK36jPTgscbMbV85uj Pcp1NRJoGrUqQyWD/coPgQsc787ep9jYWM93p1Vul/0mokPzaMgF2oUTrpfq502y vs+ctBZYMEZv8/OsHHjF46F6WpHSxt0ddtQGKlZ5hJSeJwVsQWTD/FIEgfOI1p2Y Woik7Nr5kH/BdgdG1Zc+adaQgfoNZXOMHDGEM/YHYTGLWbTso9iWg== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kxqnd1h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:27 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QCYNq0011789; Thu, 26 Mar 2026 13:17:26 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d27vkavjp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:26 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHNuL10879264 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EE2AA2004B; Thu, 26 Mar 2026 13:17:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8B5E320043; Thu, 26 Mar 2026 13:17:21 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:21 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 01/10] KVM: s390: vsie: Fix dat_split_ste() Date: Thu, 26 Mar 2026 14:17:10 +0100 Message-ID: <20260326131719.98229-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: QG55oLlAZYJ_e-iUJmuGG0axHXMz-eJA X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfXwPdbX2e9Ygcz +udyMrpUlHzbn1fjGEubhz7Rp/5qP1gGVO60gsjGN/32kWadXgG+22PzADuX8QJvlSkPGcWshkg kiZiT/dFfa1gzbT/yMcHnq8F0fWstSlSVhlBiPW+7S5RHOtkfu0q1ApO5MU8l4P8yjYS2mMcPuk ISfRdtGzpniS8gi/s/VkOl7vQKjvhlfMjx7jOEXvU4Z8Lc2x5ThCNREX7ylTn4s5YDxOFCznAN2 LWaOTQBgzor9w7aUIyyBXSw9L2XBDzMAJ7LGp8GPON72onOkcx+R7q9tosJ29typBDIUEBXpAzn 1yoU7rYcePjoLct2pRC9WLVmaPMo9mhNoS8KTsaU3ta6kfHrUyoVnvsKYfTU8POOQlphWDc1HQT iHT1z8hxqFDsRuzXk83xCPQZY3V0TsMTutUmpAetN4uEYTsRwk96RbyyEJo2IOp19FSdt22VkOR qqm5IjNBO1/dWQnuB3Q== X-Authority-Analysis: v=2.4 cv=bLEb4f+Z c=1 sm=1 tr=0 ts=69c531e7 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=LsQdvuOhCgcXfIND9tsA:9 X-Proofpoint-GUID: QG55oLlAZYJ_e-iUJmuGG0axHXMz-eJA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" If the guest misbehaves and puts the page tables for its nested guest inside the memory of the nested guest itself, and the guest and nested guest are being mapped with large pages, the shadow mapping will lose synchronization with the actual mapping, since this will cause the large page with the vsie notification bit to be split, but the vsie notification bit will not be propagated to the resulting small pages. Fix this by propagating the vsie_notif bit from large pages to normal pages when splitting a large page. Fixes: 2db149a0a6c5 ("KVM: s390: KVM page table management functions: walks= ") Signed-off-by: Claudio Imbrenda Reviewed-by: Christoph Schlameuss Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/dat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 670404d4fa44..48b5f2bcf172 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -292,6 +292,7 @@ static int dat_split_ste(struct kvm_s390_mmu_cache *mc,= union pmd *pmdp, gfn_t g pt->ptes[i].val =3D init.val | i * PAGE_SIZE; /* No need to take locks as the page table is not installed yet. */ pgste_init.prefix_notif =3D old.s.fc1.prefix_notif; + pgste_init.vsie_notif =3D old.s.fc1.vsie_notif; pgste_init.pcl =3D uses_skeys && init.h.i; dat_init_pgstes(pt, pgste_init.val); } else { --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F62030CD82; Thu, 26 Mar 2026 13:17:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; cv=none; b=OPQltcuQ/SmwtGRiO4zyxMbrW+xpGIrwoVqzMOL0syMDXpRtWfhCKs0Hd2FC5wigT8kKCoH0GURCBNSaIMCVCZTqjj+BE+EHiARv1SnH9/RiXJrIGwpDQEMviB2pT9jOr9VERMr7oavwetJ0Vb6DmlaGdz3L38sf3GaaDfwPQac= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; c=relaxed/simple; bh=x9Dwo9eGIdpNtx9CuaUZoB/tREQkjX0cqrVUgV6nnlo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AQ65QXEWHFyXJV4Te2L/acAbfQeCl5BZ0+JpDR9J9u9hlsFSg7tKotx2Ls1yYycBWMKNyLkP3XxquzCfZrSi8MbqX9/qXhabkNQ5VXTY5CiRLJiNUHjSSELH63DPPbSHZ4vXhv+dpiYON6SNoa9ARAnsL1zfW2wBdntM0OIeFHU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=He324dZe; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="He324dZe" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q1kMme2074523; Thu, 26 Mar 2026 13:17:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=BLMIvelPDKR0ELsTb xsfx05HMFwKnYIBqajoieQu2xI=; b=He324dZecG958ef61DMXKayGyjAmpc08f CTJ6kzpW1XEHMOsRC8Pe18VYCnzfzF9pZcCEqkQ2pDzipinE9xh/CuBuPX4bU2kq o+xBRHftXZJw/xz4qHSaVPnb1v1luv8/MgJ+e4aGimOci/s7IsTRjwwEJbHRakT1 KTFl3LMCxRPcu7dYCPZnsrFPwA7NS2tEiQFJFUv8nXxhYN9kR8CV3scU8AMtNGtW kymo4idffPlF3wdtGir83rusWklSk4wehLDPvaeKe4ySadWpdfkATKedv/UgAsJ+ s2X7gbP7H034Xt9Ix1eg/YXoHIlEUZ8NfzAtUqu5tvCr6JfHFa23w== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kxqnd1m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:29 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QBQndA008745; Thu, 26 Mar 2026 13:17:28 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d26nnu3dq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:28 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHOb545810100 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:24 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 463032004B; Thu, 26 Mar 2026 13:17:24 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 23AF920043; Thu, 26 Mar 2026 13:17:23 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:23 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 02/10] KVM: s390: Remove non-atomic dat_crstep_xchg() Date: Thu, 26 Mar 2026 14:17:11 +0100 Message-ID: <20260326131719.98229-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1z9b8iY6aL7orzFgZ6txU69EU561Yflq X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfXxaJ3SQynLUDJ IVjtsAFGuYR3z53rzrpW2belMPMavpY4Zj8c+C9ylClRBV+xWSxfq9B3oKl7YjX4dqIA2I0PpcO 9xSLi8a4MWlCPGXi6Az4cHJtTtFXPZYYLLFYlTVlUXzLhASNxGpDXXh2lJ1t89/7sr62HLHC5TN ga6XGSEiqB+YUFn/9t70tbPs9awJLuUUiVDwJZ1sPvSvZtsgAHtoczL5ylk8K/BKy5FIALgtkXJ NBYBUFqUc/QNieD4rLKh2waKDuBzPiS2w/xKQUv01PPnrGdCiSW6BYndV6IML/NU3yRQ7Yby8KK dJeMVO20TQr+dr1NfKw7sJ7qLM5S7QYly4YNlszkpgi8aZ3Cor68wEmrNT123F5MR3oOV1Cjnfe 5qrdxCsOt+q/k9RsEp2DuX20fKSs48Zh7uYnhcAbWXG1g9Fj6TdCExEVEm5aoZOIhGR41DIYFKJ hwF9rroGTOJ3N+apnOA== X-Authority-Analysis: v=2.4 cv=bLEb4f+Z c=1 sm=1 tr=0 ts=69c531e9 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=UWa3PdyAdGT8wWmJkKEA:9 X-Proofpoint-GUID: 1z9b8iY6aL7orzFgZ6txU69EU561Yflq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" In practice dat_crstep_xchg() is racy and hard to use correctly. Simply remove it and replace its uses with dat_crstep_xchg_atomic(). This solves some actual races that lead to system hangs / crashes. Opportunistically fix an alignment issue in _gmap_crstep_xchg_atomic(). Signed-off-by: Claudio Imbrenda Fixes: 589071eaaa8f ("KVM: s390: KVM page table management functions: clear= and replace") Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 51 +++++++------------------ arch/s390/kvm/dat.h | 9 +++-- arch/s390/kvm/gaccess.c | 26 +++++++------ arch/s390/kvm/gmap.c | 82 ++++++++++++++++++++++++----------------- arch/s390/kvm/gmap.h | 29 +++++++++------ 5 files changed, 100 insertions(+), 97 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 48b5f2bcf172..4d44c0f9ad45 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -134,32 +134,6 @@ int dat_set_asce_limit(struct kvm_s390_mmu_cache *mc, = union asce *asce, int newt return 0; } =20 -/** - * dat_crstep_xchg() - Exchange a gmap CRSTE with another. - * @crstep: Pointer to the CRST entry - * @new: Replacement entry. - * @gfn: The affected guest address. - * @asce: The ASCE of the address space. - * - * Context: This function is assumed to be called with kvm->mmu_lock held. - */ -void dat_crstep_xchg(union crste *crstep, union crste new, gfn_t gfn, unio= n asce asce) -{ - if (crstep->h.i) { - WRITE_ONCE(*crstep, new); - return; - } else if (cpu_has_edat2()) { - crdte_crste(crstep, *crstep, new, gfn, asce); - return; - } - - if (machine_has_tlb_guest()) - idte_crste(crstep, gfn, IDTE_GUEST_ASCE, asce, IDTE_GLOBAL); - else - idte_crste(crstep, gfn, 0, NULL_ASCE, IDTE_GLOBAL); - WRITE_ONCE(*crstep, new); -} - /** * dat_crstep_xchg_atomic() - Atomically exchange a gmap CRSTE with anothe= r. * @crstep: Pointer to the CRST entry. @@ -175,8 +149,8 @@ void dat_crstep_xchg(union crste *crstep, union crste n= ew, gfn_t gfn, union asce * * Return: %true if the exchange was successful. */ -bool dat_crstep_xchg_atomic(union crste *crstep, union crste old, union cr= ste new, gfn_t gfn, - union asce asce) +bool __must_check dat_crstep_xchg_atomic(union crste *crstep, union crste = old, union crste new, + gfn_t gfn, union asce asce) { if (old.h.i) return arch_try_cmpxchg((long *)crstep, &old.val, new.val); @@ -894,7 +868,8 @@ static long _dat_slot_crste(union crste *crstep, gfn_t = gfn, gfn_t next, struct d =20 /* This table entry needs to be updated. */ if (walk->start <=3D gfn && walk->end >=3D next) { - dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce); + if (!dat_crstep_xchg_atomic(crstep, crste, new_crste, gfn, walk->asce)) + return -EINVAL; /* A lower level table was present, needs to be freed. */ if (!crste.h.fc && !crste.h.i) { if (is_pmd(crste)) @@ -1072,17 +1047,19 @@ int dat_link(struct kvm_s390_mmu_cache *mc, union a= sce asce, int level, =20 static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { - union crste crste =3D READ_ONCE(*crstep); + union crste newcrste, oldcrste; int *n =3D walk->priv; =20 - if (!crste.h.fc || crste.h.i || crste.h.p) - return 0; - + do { + oldcrste =3D READ_ONCE(*crstep); + if (!oldcrste.h.fc || oldcrste.h.i || oldcrste.h.p) + return 0; + if (oldcrste.s.fc1.prefix_notif) + break; + newcrste =3D oldcrste; + newcrste.s.fc1.prefix_notif =3D 1; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, walk->a= sce)); *n =3D 2; - if (crste.s.fc1.prefix_notif) - return 0; - crste.s.fc1.prefix_notif =3D 1; - dat_crstep_xchg(crstep, crste, gfn, walk->asce); return 0; } =20 diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 123e11dcd70d..22dafc775335 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -938,11 +938,14 @@ static inline bool dat_pudp_xchg_atomic(union pud *pu= dp, union pud old, union pu return dat_crstep_xchg_atomic(_CRSTEP(pudp), _CRSTE(old), _CRSTE(new), gf= n, asce); } =20 -static inline void dat_crstep_clear(union crste *crstep, gfn_t gfn, union = asce asce) +static inline union crste dat_crstep_clear_atomic(union crste *crstep, gfn= _t gfn, union asce asce) { - union crste newcrste =3D _CRSTE_EMPTY(crstep->h.tt); + union crste oldcrste, empty =3D _CRSTE_EMPTY(crstep->h.tt); =20 - dat_crstep_xchg(crstep, newcrste, gfn, asce); + do { + oldcrste =3D READ_ONCE(*crstep); + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, empty, gfn, asce)); + return oldcrste; } =20 static inline int get_level(union crste *crstep, union pte *ptep) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index a9da9390867d..4ee862424ca0 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1456,7 +1456,7 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t radd= r, union pte *ptep_h, union static int _do_shadow_crste(struct gmap *sg, gpa_t raddr, union crste *hos= t, union crste *table, struct guest_fault *f, bool p) { - union crste newcrste; + union crste newcrste, oldcrste; gfn_t gfn; int rc; =20 @@ -1469,16 +1469,20 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t = raddr, union crste *host, uni if (rc) return rc; =20 - newcrste =3D _crste_fc1(f->pfn, host->h.tt, f->writable, !p); - newcrste.s.fc1.d |=3D host->s.fc1.d; - newcrste.s.fc1.sd |=3D host->s.fc1.sd; - newcrste.h.p &=3D host->h.p; - newcrste.s.fc1.vsie_notif =3D 1; - newcrste.s.fc1.prefix_notif =3D host->s.fc1.prefix_notif; - _gmap_crstep_xchg(sg->parent, host, newcrste, f->gfn, false); - - newcrste =3D _crste_fc1(f->pfn, host->h.tt, 0, !p); - dat_crstep_xchg(table, newcrste, gpa_to_gfn(raddr), sg->asce); + do { + oldcrste =3D READ_ONCE(*host); + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, f->writable, !p); + newcrste.s.fc1.d |=3D oldcrste.s.fc1.d; + newcrste.s.fc1.sd |=3D oldcrste.s.fc1.sd; + newcrste.h.p &=3D oldcrste.h.p; + newcrste.s.fc1.vsie_notif =3D 1; + newcrste.s.fc1.prefix_notif =3D oldcrste.s.fc1.prefix_notif; + } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); + + newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); + gfn =3D gpa_to_gfn(raddr); + while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, gfn, s= g->asce)) + ; return 0; } =20 diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index ef0c6ebfdde2..956be4c01797 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -313,13 +313,16 @@ static long gmap_clear_young_crste(union crste *crste= p, gfn_t gfn, gfn_t end, st struct clear_young_pte_priv *priv =3D walk->priv; union crste crste, new; =20 - crste =3D READ_ONCE(*crstep); + do { + crste =3D READ_ONCE(*crstep); + + if (!crste.h.fc) + return 0; + if (!crste.s.fc1.y && crste.h.i) + return 0; + if (crste_prefix(crste) && !gmap_mkold_prefix(priv->gmap, gfn, end)) + break; =20 - if (!crste.h.fc) - return 0; - if (!crste.s.fc1.y && crste.h.i) - return 0; - if (!crste_prefix(crste) || gmap_mkold_prefix(priv->gmap, gfn, end)) { new =3D crste; new.h.i =3D 1; new.s.fc1.y =3D 0; @@ -328,8 +331,8 @@ static long gmap_clear_young_crste(union crste *crstep,= gfn_t gfn, gfn_t end, st folio_set_dirty(phys_to_folio(crste_origin_large(crste))); new.s.fc1.d =3D 0; new.h.p =3D 1; - dat_crstep_xchg(crstep, new, gfn, walk->asce); - } + } while (!dat_crstep_xchg_atomic(crstep, crste, new, gfn, walk->asce)); + priv->young =3D 1; return 0; } @@ -391,14 +394,18 @@ static long _gmap_unmap_crste(union crste *crstep, gf= n_t gfn, gfn_t next, struct { struct gmap_unmap_priv *priv =3D walk->priv; struct folio *folio =3D NULL; + union crste old =3D *crstep; =20 - if (crstep->h.fc) { - if (crstep->s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap-= >flags)) - folio =3D phys_to_folio(crste_origin_large(*crstep)); - gmap_crstep_xchg(priv->gmap, crstep, _CRSTE_EMPTY(crstep->h.tt), gfn); - if (folio) - uv_convert_from_secure_folio(folio); - } + if (!old.h.fc) + return 0; + + if (old.s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap->flag= s)) + folio =3D phys_to_folio(crste_origin_large(old)); + /* No races should happen because kvm->mmu_lock is held in write mode */ + KVM_BUG_ON(!gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY= (old.h.tt), gfn), + priv->gmap->kvm); + if (folio) + uv_convert_from_secure_folio(folio); =20 return 0; } @@ -474,23 +481,24 @@ static long _crste_test_and_clear_softdirty(union crs= te *table, gfn_t gfn, gfn_t =20 if (fatal_signal_pending(current)) return 1; - crste =3D READ_ONCE(*table); - if (!crste.h.fc) - return 0; - if (crste.h.p && !crste.s.fc1.sd) - return 0; + do { + crste =3D READ_ONCE(*table); + if (!crste.h.fc) + return 0; + if (crste.h.p && !crste.s.fc1.sd) + return 0; =20 - /* - * If this large page contains one or more prefixes of vCPUs that are - * currently running, do not reset the protection, leave it marked as - * dirty. - */ - if (!crste.s.fc1.prefix_notif || gmap_mkold_prefix(gmap, gfn, end)) { + /* + * If this large page contains one or more prefixes of vCPUs that are + * currently running, do not reset the protection, leave it marked as + * dirty. + */ + if (crste.s.fc1.prefix_notif && !gmap_mkold_prefix(gmap, gfn, end)) + break; new =3D crste; new.h.p =3D 1; new.s.fc1.sd =3D 0; - gmap_crstep_xchg(gmap, table, new, gfn); - } + } while (!gmap_crstep_xchg_atomic(gmap, table, crste, new, gfn)); =20 for ( ; gfn < end; gfn++) mark_page_dirty(gmap->kvm, gfn); @@ -646,8 +654,8 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, gfn_t p_gfn, gfn_t c_gfn, bool force_alloc) { + union crste newcrste, oldcrste; struct page_table *pt; - union crste newcrste; union crste *crstep; union pte *ptep; int rc; @@ -673,7 +681,11 @@ static int gmap_ucas_map_one(struct kvm_s390_mmu_cache= *mc, struct gmap *gmap, &crstep, &ptep); if (rc) return rc; - dat_crstep_xchg(crstep, newcrste, c_gfn, gmap->asce); + do { + oldcrste =3D READ_ONCE(*crstep); + if (oldcrste.val =3D=3D newcrste.val) + break; + } while (!dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, c_gfn, gmap-= >asce)); return 0; } =20 @@ -777,8 +789,10 @@ static void gmap_ucas_unmap_one(struct gmap *gmap, gfn= _t c_gfn) int rc; =20 rc =3D dat_entry_walk(NULL, c_gfn, gmap->asce, 0, TABLE_TYPE_SEGMENT, &cr= step, &ptep); - if (!rc) - dat_crstep_xchg(crstep, _PMD_EMPTY, c_gfn, gmap->asce); + if (rc) + return; + while (!dat_crstep_xchg_atomic(crstep, READ_ONCE(*crstep), _PMD_EMPTY, c_= gfn, gmap->asce)) + ; } =20 void gmap_ucas_unmap(struct gmap *gmap, gfn_t c_gfn, unsigned long count) @@ -1017,8 +1031,8 @@ static void gmap_unshadow_level(struct gmap *sg, gfn_= t r_gfn, int level) dat_ptep_xchg(ptep, _PTE_EMPTY, r_gfn, sg->asce, uses_skeys(sg)); return; } - crste =3D READ_ONCE(*crstep); - dat_crstep_clear(crstep, r_gfn, sg->asce); + + crste =3D dat_crstep_clear_atomic(crstep, r_gfn, sg->asce); if (crste_leaf(crste) || crste.h.i) return; if (is_pmd(crste)) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index ccb5cd751e31..150e91e15ee0 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -194,35 +194,40 @@ static inline union pgste gmap_ptep_xchg(struct gmap = *gmap, union pte *ptep, uni return _gmap_ptep_xchg(gmap, ptep, newpte, pgste, gfn, true); } =20 -static inline void _gmap_crstep_xchg(struct gmap *gmap, union crste *crste= p, union crste ne, - gfn_t gfn, bool needs_lock) +static inline bool __must_check _gmap_crstep_xchg_atomic(struct gmap *gmap= , union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn, bool needs_lock) { - unsigned long align =3D 8 + (is_pmd(*crstep) ? 0 : 11); + unsigned long align =3D is_pmd(newcrste) ? _PAGE_ENTRIES : _PAGE_ENTRIES = * _CRST_ENTRIES; + + if (KVM_BUG_ON(crstep->h.tt !=3D oldcrste.h.tt || newcrste.h.tt !=3D oldc= rste.h.tt, gmap->kvm)) + return true; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); if (!needs_lock) lockdep_assert_held(&gmap->children_lock); =20 gfn =3D ALIGN_DOWN(gfn, align); - if (crste_prefix(*crstep) && (ne.h.p || ne.h.i || !crste_prefix(ne))) { - ne.s.fc1.prefix_notif =3D 0; + if (crste_prefix(oldcrste) && (newcrste.h.p || newcrste.h.i || !crste_pre= fix(newcrste))) { + newcrste.s.fc1.prefix_notif =3D 0; gmap_unmap_prefix(gmap, gfn, gfn + align); } - if (crste_leaf(*crstep) && crstep->s.fc1.vsie_notif && - (ne.h.p || ne.h.i || !ne.s.fc1.vsie_notif)) { - ne.s.fc1.vsie_notif =3D 0; + if (crste_leaf(oldcrste) && oldcrste.s.fc1.vsie_notif && + (newcrste.h.p || newcrste.h.i || !newcrste.s.fc1.vsie_notif)) { + newcrste.s.fc1.vsie_notif =3D 0; if (needs_lock) gmap_handle_vsie_unshadow_event(gmap, gfn); else _gmap_handle_vsie_unshadow_event(gmap, gfn); } - dat_crstep_xchg(crstep, ne, gfn, gmap->asce); + return dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, gmap->asce= ); } =20 -static inline void gmap_crstep_xchg(struct gmap *gmap, union crste *crstep= , union crste ne, - gfn_t gfn) +static inline bool __must_check gmap_crstep_xchg_atomic(struct gmap *gmap,= union crste *crstep, + union crste oldcrste, union crste newcrste, + gfn_t gfn) { - return _gmap_crstep_xchg(gmap, crstep, ne, gfn, true); + return _gmap_crstep_xchg_atomic(gmap, crstep, oldcrste, newcrste, gfn, tr= ue); } =20 /** --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2E6330F93D; Thu, 26 Mar 2026 13:17:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; cv=none; b=GYULnaXYn3PSdOoLYIrXIhXRfgP6RNNuKlKRUjbUlirahYWXY0TNgEp4K11XZGyas2mKQuhhrIsdkhi6UnPCaF//gtRRuHVLPcyKuF2rlGT8TLbTXwR9loXNKQ4qSDsxArN/p71lzvP8E2RRm1UUCk9dcm3OkKoxdMWJmMfZGXc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; c=relaxed/simple; bh=AD1Wo2ci/5DqF4gGSVesfq5rSxmCnlBmXMXYiJZ+rMg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qd8kAQWwNXl6Hvuy6SXZ6Sp9kEUQdA/Qguqft26dNy0uiqVq9Ufjc0dQV7iCsSbf6QeZaZxwHuGyol6Tpp395sgd1Z1BxwmDvlfZ702OOrLJnxjDGEEHuGoJLJYQZfsF4IuylfNJTzvv2C/L6vdncMQoFiIvoRNHJXWDb/x0jTI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=tlk0LILh; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="tlk0LILh" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q14NDu632924; Thu, 26 Mar 2026 13:17:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=lTiUuR+K7zie45gtF ik5T0EO3v+6hZxFUJ+mJC7sVzA=; b=tlk0LILhgD5Z8/XW3CR7jZJADGnc3LyNR pLHvbJDV/3/XpBuD/eDJ/l9/26vLJ0skjCEuMKcD+oq/1QNUnD9bYDdKa5YUAO6F +1OyOr7dYKWTguTifRQGXAfDQrt1aQfJCWOjHidipxp5dARwvtt2nmtKKb4y3cMx jXmb0dAF9NgOPPrpCvfp3W/xSLbQ9WVHgFl7YqQcObPXLpSvJGwlusTNh3iAqn5l Wup+yixyY8geFhnF66ZCG1xPlhIdDWL05olsDtjrugtzzRykqUuAiwGjuKky9SQy cs2txF1NbRKC3cI1RRhegP8ZYCEeHr/D0oReollSIPAe2xZHFEykA== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kumvd6h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:29 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QAw11q031605; Thu, 26 Mar 2026 13:17:29 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d25nt36tr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:29 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHPp748562466 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:25 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 817F420040; Thu, 26 Mar 2026 13:17:25 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6CA0220043; Thu, 26 Mar 2026 13:17:24 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:24 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 03/10] KVM: s390: vsie: Fix check for pre-existing shadow mapping Date: Thu, 26 Mar 2026 14:17:12 +0100 Message-ID: <20260326131719.98229-4-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: N_nXmcbcX2KIilpG91GejR176kDBrxHY X-Proofpoint-ORIG-GUID: N_nXmcbcX2KIilpG91GejR176kDBrxHY X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX3i0FJLYh0j4K /1q26P0vtMEJ5HJ8WgUMJQgWYU9PUI44LpLfgfSFO3iD8dLuSM/57nQwyB1dh+cmje6iJRtze+X wB5b5dFIvoasGvbpAyQEG7Y52cj3bsbqh6roA8vkkOCjCbLn1N4I19wvsj5YMgG098fiK6Xotwx /OVmB/EFFKUECZPd8BeFmqXHn5v/qsTLOoDS5ViwPZdPwdC0gl5mttgFVeDdrS0friFFEjHdBxG 0gXc/bF1HUp/l3wRwWe0OTsB+RYZgyNlmfxbPRZc795T6Hs867ix7RuhSkiKFcVg7wpdgd83XDw DTxwT6GLEBxapQrW3khLcgP/vAfoZHWE1eNbWw/XF4h3whQvytwRpiaTiJURT8uH1FyzR38IbKI vvb9+pBSkYqm1mmZKp74zTe8zZsop6wY4NHeKc2f/7AtEUUvYtu1iXKhq4J4AlZ/aG7ai3lxDmT R3OfyiqA5jpOC5v5liA== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c531ea cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=IDpXgTtpuR7I2MJaEF4A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" When shadowing a nested guest, a check is performed and no shadowing is attempted if the nested guest is already shadowed. The existing check was incomplete; fix it by also checking whether the leaf DAT table entry in the existing shadow gmap has the same protection as the one specified in the guest DAT entry. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/gaccess.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 4ee862424ca0..8fd690255e1b 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1506,8 +1506,9 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, if (rc) return rc; =20 - /* A race occourred. The shadow mapping is already valid, nothing to do */ - if ((ptep && !ptep->h.i) || (!ptep && crste_leaf(*table))) + /* A race occurred. The shadow mapping is already valid, nothing to do */ + if ((ptep && !ptep->h.i && ptep->h.p =3D=3D w->p) || + (!ptep && crste_leaf(*table) && !table->h.i && table->h.p =3D=3D w->p= )) return 0; =20 gl =3D get_level(table, ptep); --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FE4B391515; Thu, 26 Mar 2026 13:17:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531069; cv=none; b=lzwUTi9Xm3Sn8C2wUwCnG+HI7RD6uzPmC1iJIhDazZugMntUzzTfI6kmDjnhIoYBCRbYLZVbBzfETnbkQm+9/HrWLtGXycvG3eX70tW9OExmdLWU8CfA68QT6A4C07YDUj7mQfWCNUdSfo/fDV6ODSZ8fNVgKZBZNTlEMtWoXTs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531069; c=relaxed/simple; bh=UQtUEHaQsqRmHnv53TrlrarbtmDWCkbdmo7byFNh86I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qQmTCRzRUJeDg2POK6+s1CcUlN5BoMQslt00A3GWYMpldDt4osrRfpc2DIXUabK/xx/iggdIWn+P2XKj3dbaGLc9PA2+wBv9LX3XmX4bmlHls8UUNbEqeSkD/01QOzV/ztg2A+Ef7CRKklQTUUkT7siYp25LsP7Zy8qnWtbyy7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=nXr2I9Bn; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="nXr2I9Bn" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62QD33oO028990; Thu, 26 Mar 2026 13:17:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=8c26P9cAngHTk0pkx z5TB+Mqm0wiAwcu3yunCC1wMDY=; b=nXr2I9BnmEWMCqcMXwxvnyA+XEv7W/mqL w9yzKMK/vLxtMCG2CW13L9/GrKC8OJhCXSLYsk+BLPwvvoDG+SY8RRyyHZRCRVWg T6SQAHpzTXZDULUXYL6Qk+MB/ASkHAUWIU7O4xYpirQIBdakbsF+e5K3pEfI8ROu lD7OH40RVIxkZGyKpjpQ817V2+sLUIdThOG7Cm1vRkilkkqTahJQcVrW2qmMWSH6 NN19/9nxDtcparhYniVvb/xIqV2DtMXstq/52EGmV11XWYc0fxLcX9sOY8R+frtQ VsWpsj8TQHcrZEFG5auTAj3HuG6CEmZ8SzF5VcV/7jLHLJBFencVg== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kxqnd1r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:31 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QCA6pK004387; Thu, 26 Mar 2026 13:17:30 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d28c2atxq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:30 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHQH729885044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:27 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C663E20040; Thu, 26 Mar 2026 13:17:26 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A358520043; Thu, 26 Mar 2026 13:17:25 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:25 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 04/10] KVM: s390: Fix gmap_link() Date: Thu, 26 Mar 2026 14:17:13 +0100 Message-ID: <20260326131719.98229-5-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: RYfWOBV0NQ2a_FLXKXoj1Dg4CIZgVeom X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX1o8pAZ0VnflV kb38zPgV8Sei7lc3NejZjhKKD3QRV8+Vbg3XVH5g+lC0izo7rlooEcKjev7prCeCJdrh6Iznw25 m5XtkiB6XF/KVujp5dvQuPRwmU2Gd1FvK4XGAu+LSS1jMDXVGB7S5FPexHOxDMUh+3NI+y0WZwU NjluyP/o/NEJZ+ozDw9GxOiWnNhlxgcGgiKrNJascWMde+LiQeAHDp1eA3M33mjkm/Yo040M/6S /+KYUxcgfbE+iX8YdgTk3g31n1ugv5+lNbTcFeB+Ma++MijydF06F2XeYVJrcbI03gm+U3vFkSy o47vhRjOzvh1iRtLg+jUsASaLqrWWpZeNlJF3iXTM258N8BSgXnTkV1nHXmsjg9RCA4InuLl11o 2/Y0SNaHlXkUbR0iDkR2JH/yWOKDNuelSSV6MnVBiJbl+uOD63A+sC7yp4EMsuIAiodANDpg+te tiiMQmhrrD4P1yB9ahg== X-Authority-Analysis: v=2.4 cv=bLEb4f+Z c=1 sm=1 tr=0 ts=69c531eb cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=jDauOpCy_z-6rDg_B6MA:9 X-Proofpoint-GUID: RYfWOBV0NQ2a_FLXKXoj1Dg4CIZgVeom X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" The slow path of the fault handler ultimately called gmap_link(), which assumed the fault was a major fault, and blindly called dat_link(). In case of minor faults, things were not always handled properly; in particular the prefix and vsie marker bits were ignored. Move dat_link() into gmap.c, renaming it accordingly. Once moved, the new _gmap_link() function will be able to correctly honour the prefix and vsie markers. This will cause spurious unshadows in some uncommon cases. Signed-off-by: Claudio Imbrenda Fixes: 94fd9b16cc67 ("KVM: s390: KVM page table management functions: lifec= ycle management") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Reviewed-by: Steffen Eiden --- arch/s390/kvm/dat.c | 48 ------------------------------------- arch/s390/kvm/dat.h | 2 -- arch/s390/kvm/gmap.c | 56 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 52 insertions(+), 54 deletions(-) diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c index 4d44c0f9ad45..7b8d70fe406d 100644 --- a/arch/s390/kvm/dat.c +++ b/arch/s390/kvm/dat.c @@ -997,54 +997,6 @@ bool dat_test_age_gfn(union asce asce, gfn_t start, gf= n_t end) return _dat_walk_gfn_range(start, end, asce, &test_age_ops, 0, NULL) > 0; } =20 -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f) -{ - union crste oldval, newval; - union pte newpte, oldpte; - union pgste pgste; - int rc =3D 0; - - rc =3D dat_entry_walk(mc, f->gfn, asce, DAT_WALK_ALLOC_CONTINUE, level, &= f->crstep, &f->ptep); - if (rc =3D=3D -EINVAL || rc =3D=3D -ENOMEM) - return rc; - if (rc) - return -EAGAIN; - - if (WARN_ON_ONCE(unlikely(get_level(f->crstep, f->ptep) > level))) - return -EINVAL; - - if (f->ptep) { - pgste =3D pgste_get_lock(f->ptep); - oldpte =3D *f->ptep; - newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); - newpte.s.sd =3D oldpte.s.sd; - oldpte.s.sd =3D 0; - if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { - pgste =3D __dat_ptep_xchg(f->ptep, pgste, newpte, f->gfn, asce, uses_sk= eys); - if (f->callback) - f->callback(f); - } else { - rc =3D -EAGAIN; - } - pgste_set_unlock(f->ptep, pgste); - } else { - oldval =3D READ_ONCE(*f->crstep); - newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, - f->write_attempt | oldval.s.fc1.d); - newval.s.fc1.sd =3D oldval.s.fc1.sd; - if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && - crste_origin_large(oldval) !=3D crste_origin_large(newval)) - return -EAGAIN; - if (!dat_crstep_xchg_atomic(f->crstep, oldval, newval, f->gfn, asce)) - return -EAGAIN; - if (f->callback) - f->callback(f); - } - - return rc; -} - static long dat_set_pn_crste(union crste *crstep, gfn_t gfn, gfn_t next, s= truct dat_walk *walk) { union crste newcrste, oldcrste; diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index 22dafc775335..efedcf96110c 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -540,8 +540,6 @@ int dat_set_slot(struct kvm_s390_mmu_cache *mc, union a= sce asce, gfn_t start, gf u16 type, u16 param); int dat_set_prefix_notif_bit(union asce asce, gfn_t gfn); bool dat_test_age_gfn(union asce asce, gfn_t start, gfn_t end); -int dat_link(struct kvm_s390_mmu_cache *mc, union asce asce, int level, - bool uses_skeys, struct guest_fault *f); =20 int dat_perform_essa(union asce asce, gfn_t gfn, int orc, union essa_state= *state, bool *dirty); long dat_reset_cmma(union asce asce, gfn_t start_gfn); diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 956be4c01797..03e15b5e0b9a 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -631,10 +631,60 @@ static inline bool gmap_1m_allowed(struct gmap *gmap,= gfn_t gfn) return test_bit(GMAP_FLAG_ALLOW_HPAGE_1M, &gmap->flags); } =20 +static int _gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, in= t level, + struct guest_fault *f) +{ + union crste oldval, newval; + union pte newpte, oldpte; + union pgste pgste; + int rc =3D 0; + + rc =3D dat_entry_walk(mc, f->gfn, gmap->asce, DAT_WALK_ALLOC_CONTINUE, le= vel, + &f->crstep, &f->ptep); + if (rc =3D=3D -ENOMEM) + return rc; + if (KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm)) + return rc; + if (rc) + return -EAGAIN; + if (KVM_BUG_ON(get_level(f->crstep, f->ptep) > level, gmap->kvm)) + return -EINVAL; + + if (f->ptep) { + pgste =3D pgste_get_lock(f->ptep); + oldpte =3D *f->ptep; + newpte =3D _pte(f->pfn, f->writable, f->write_attempt | oldpte.s.d, !f->= page); + newpte.s.sd =3D oldpte.s.sd; + oldpte.s.sd =3D 0; + if (oldpte.val =3D=3D _PTE_EMPTY.val || oldpte.h.pfra =3D=3D f->pfn) { + pgste =3D gmap_ptep_xchg(gmap, f->ptep, newpte, pgste, f->gfn); + if (f->callback) + f->callback(f); + } else { + rc =3D -EAGAIN; + } + pgste_set_unlock(f->ptep, pgste); + } else { + do { + oldval =3D READ_ONCE(*f->crstep); + newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, + f->write_attempt | oldval.s.fc1.d); + newval.s.fc1.sd =3D oldval.s.fc1.sd; + if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && + crste_origin_large(oldval) !=3D crste_origin_large(newval)) + return -EAGAIN; + } while (!gmap_crstep_xchg_atomic(gmap, f->crstep, oldval, newval, f->gf= n)); + if (f->callback) + f->callback(f); + } + + return rc; +} + int gmap_link(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, struct gue= st_fault *f) { unsigned int order; - int rc, level; + int level; =20 lockdep_assert_held(&gmap->kvm->mmu_lock); =20 @@ -646,9 +696,7 @@ int gmap_link(struct kvm_s390_mmu_cache *mc, struct gma= p *gmap, struct guest_fau else if (order >=3D get_order(_SEGMENT_SIZE) && gmap_1m_allowed(gmap, f-= >gfn)) level =3D TABLE_TYPE_SEGMENT; } - rc =3D dat_link(mc, gmap->asce, level, uses_skeys(gmap), f); - KVM_BUG_ON(rc =3D=3D -EINVAL, gmap->kvm); - return rc; + return _gmap_link(mc, gmap, level, f); } =20 static int gmap_ucas_map_one(struct kvm_s390_mmu_cache *mc, struct gmap *g= map, --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E5DA34B1BE; Thu, 26 Mar 2026 13:17:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531066; cv=none; b=NPjNDKBKd7ONX8pZIdP4Jj6X+/RQkLBnVProlbIaMYTof0trFJXKFn620uSmkSRqWuvBoJNDMNiMxAN/kjOuHNR6UEy3+5VyOch5pLWRjwFMv+By2lEj8pdpvAikg8/GRtuSDaBnnQ/BX5H5dMKBZA6T7xyGHTVEJR0uDRr4eP8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531066; c=relaxed/simple; bh=pvHe9Q1FBZmyVCJ9CREb4VNvkPI+HWhs0fRgRLKfKpY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ATmIG51+dyCJL5MOiIIgvzvinFaMpA/x898pyB15Gi4CGeHNFZSgrrRsb+FRPBbC9QLACr/bKS0cPAH4sB20xtUGArjOyq8Gr720wgZczT0K8LxDmJgX/yBeMFqTWwlX802l1WzgnYSVxzzpThJKWp9qdqUfa7t7vNEGbvieOQQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=YNSl6Bu2; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="YNSl6Bu2" Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q28LxA511489; Thu, 26 Mar 2026 13:17:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=YMToFAhlOgBsbN3dC 2Q3sJrD+DL+uvwWiFy3/CLg958=; b=YNSl6Bu2/yW1cxH8A+jdcuChembI4T1ng WwFfqp/wvG81ngNsaefqzQM2U5yKMpo19pjavzmru3EYXV/YvG/0lq80MhoUDbfT neS7uBsWXCnOdB0RADRhVXkBstj1OP0pK3Rv72Ga07EQdsNCQuMYKg5osORG4UaB aQyR16gXicyysr8HrGLJaGh4zTyM64psnwqUZO9G+ogGnEQdQeobFQ1EDOmJwxd1 mFS24t9/lMBQKi4EC1VTcMJ+BeREUXDgCMserpUHuSaZmu0G7+cMae0jqCcqjuj8 Lmi5w2DkYN1byqCbP2YUD0q6wHCE28yDQFVpvtCT9DBp8kTyCC5nQ== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kwa5be6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:32 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QAuMNC031631; Thu, 26 Mar 2026 13:17:31 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d25nt36tw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:31 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHSrg51970528 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:28 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 149F92004E; Thu, 26 Mar 2026 13:17:28 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EE8132004B; Thu, 26 Mar 2026 13:17:26 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:26 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 05/10] KVM: s390: Correctly handle guest mappings without struct page Date: Thu, 26 Mar 2026 14:17:14 +0100 Message-ID: <20260326131719.98229-6-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: HPMrG9SaFHMVdwRNjpPhNzXn1RaWFojn X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX2A52MU1zMh+d fkoxKyVHI7r2/YDRR5VjW679umm0U0mMBLkxkDtgCZPnd1xAV20le+cEkAB8y6xhHfofQru83U/ DbGtxua4jSbSl5BrNlaiSboC4PWQv/yyWzH8pNv7vRjmHurKx/jBUVsygLlqEqA8lAV7Yf8HLM7 2+bhS9kIkg8WuOPia7YbjThWYq7Ny+2U5Ws9AeT0Sw0S+I8PSPCnZGNuVj+BUKD90MoansrtXs+ Vy7w4LeW25+wZ0H+dwYxI7msqtOnJxmlE20SSZw1XdNMf94IQRBI4kk3naIni2TAwNTP3d6/rtK y8LVSFzAb6xrXr3W0fsQ1lmgQ/0fuZfY0YvGZt1kAMQMlkUfZIfiN5YExW+L51zVLHGKPmRA+vF IIaYdL7ZGpZTQV5VSkoah8eVLTTP9sROJitJ6ctAGkKSdOCoU73tsbHtzXlpF5o+krc62ZFtNX2 qKf/ND0n5xEzqJeGPjw== X-Proofpoint-GUID: HPMrG9SaFHMVdwRNjpPhNzXn1RaWFojn X-Authority-Analysis: v=2.4 cv=OsZCCi/t c=1 sm=1 tr=0 ts=69c531ec cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=ue6YGX6Dnm8zniBr13YA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 clxscore=1015 phishscore=0 suspectscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 spamscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" Introduce a new special softbit for large pages, like already presend for normal pages, and use it to mark guest mappings that do not have struct pages. Whenever a leaf DAT entry becomes dirty, check the special softbit and only call SetPageDirty() if there is an actual struct page. Move the logic to mark pages dirty inside _gmap_ptep_xchg() and _gmap_crstep_xchg_atomic(), to avoid needlessly duplicating the code. Signed-off-by: Claudio Imbrenda Fixes: 5a74e3d93417 ("KVM: s390: KVM-specific bitfields and helper function= s") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Reviewed-by: Christian Borntraeger --- arch/s390/kvm/dat.h | 12 ++++++------ arch/s390/kvm/gmap.c | 11 ++++------- arch/s390/kvm/gmap.h | 4 ++++ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/arch/s390/kvm/dat.h b/arch/s390/kvm/dat.h index efedcf96110c..874cc962e196 100644 --- a/arch/s390/kvm/dat.h +++ b/arch/s390/kvm/dat.h @@ -160,14 +160,14 @@ union pmd { unsigned long :44; /* HW */ unsigned long : 3; /* Unused */ unsigned long : 1; /* HW */ + unsigned long s : 1; /* Special */ unsigned long w : 1; /* Writable soft-bit */ unsigned long r : 1; /* Readable soft-bit */ unsigned long d : 1; /* Dirty */ unsigned long y : 1; /* Young */ - unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long : 3; /* HW */ + unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long vsie_notif : 1; /* Referenced in a shadow table */ - unsigned long : 1; /* Unused */ unsigned long : 4; /* HW */ unsigned long sd : 1; /* Soft-Dirty */ unsigned long pr : 1; /* Present */ @@ -183,14 +183,14 @@ union pud { unsigned long :33; /* HW */ unsigned long :14; /* Unused */ unsigned long : 1; /* HW */ + unsigned long s : 1; /* Special */ unsigned long w : 1; /* Writable soft-bit */ unsigned long r : 1; /* Readable soft-bit */ unsigned long d : 1; /* Dirty */ unsigned long y : 1; /* Young */ - unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long : 3; /* HW */ + unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long vsie_notif : 1; /* Referenced in a shadow table */ - unsigned long : 1; /* Unused */ unsigned long : 4; /* HW */ unsigned long sd : 1; /* Soft-Dirty */ unsigned long pr : 1; /* Present */ @@ -254,14 +254,14 @@ union crste { struct { unsigned long :47; unsigned long : 1; /* HW (should be 0) */ + unsigned long s : 1; /* Special */ unsigned long w : 1; /* Writable */ unsigned long r : 1; /* Readable */ unsigned long d : 1; /* Dirty */ unsigned long y : 1; /* Young */ - unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long : 3; /* HW */ + unsigned long prefix_notif : 1; /* Guest prefix invalidation notificati= on */ unsigned long vsie_notif : 1; /* Referenced in a shadow table */ - unsigned long : 1; unsigned long : 4; /* HW */ unsigned long sd : 1; /* Soft-Dirty */ unsigned long pr : 1; /* Present */ diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 03e15b5e0b9a..c8b79ad04ac9 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -519,7 +519,7 @@ void gmap_sync_dirty_log(struct gmap *gmap, gfn_t start= , gfn_t end) _dat_walk_gfn_range(start, end, gmap->asce, &walk_ops, 0, gmap); } =20 -static int gmap_handle_minor_crste_fault(union asce asce, struct guest_fau= lt *f) +static int gmap_handle_minor_crste_fault(struct gmap *gmap, struct guest_f= ault *f) { union crste newcrste, oldcrste =3D READ_ONCE(*f->crstep); =20 @@ -544,10 +544,8 @@ static int gmap_handle_minor_crste_fault(union asce as= ce, struct guest_fault *f) newcrste.s.fc1.d =3D 1; newcrste.s.fc1.sd =3D 1; } - if (!oldcrste.s.fc1.d && newcrste.s.fc1.d) - SetPageDirty(phys_to_page(crste_origin_large(newcrste))); /* In case of races, let the slow path deal with it. */ - return !dat_crstep_xchg_atomic(f->crstep, oldcrste, newcrste, f->gfn, as= ce); + return !gmap_crstep_xchg_atomic(gmap, f->crstep, oldcrste, newcrste, f->= gfn); } /* Trying to write on a read-only page, let the slow path deal with it. */ return 1; @@ -576,8 +574,6 @@ static int _gmap_handle_minor_pte_fault(struct gmap *gm= ap, union pgste *pgste, newpte.s.d =3D 1; newpte.s.sd =3D 1; } - if (!oldpte.s.d && newpte.s.d) - SetPageDirty(pfn_to_page(newpte.h.pfra)); *pgste =3D gmap_ptep_xchg(gmap, f->ptep, newpte, *pgste, f->gfn); =20 return 0; @@ -614,7 +610,7 @@ int gmap_try_fixup_minor(struct gmap *gmap, struct gues= t_fault *fault) fault->callback(fault); pgste_set_unlock(fault->ptep, pgste); } else { - rc =3D gmap_handle_minor_crste_fault(gmap->asce, fault); + rc =3D gmap_handle_minor_crste_fault(gmap, fault); if (!rc && fault->callback) fault->callback(fault); } @@ -669,6 +665,7 @@ static int _gmap_link(struct kvm_s390_mmu_cache *mc, st= ruct gmap *gmap, int leve oldval =3D READ_ONCE(*f->crstep); newval =3D _crste_fc1(f->pfn, oldval.h.tt, f->writable, f->write_attempt | oldval.s.fc1.d); + newval.s.fc1.s =3D !f->page; newval.s.fc1.sd =3D oldval.s.fc1.sd; if (oldval.val !=3D _CRSTE_EMPTY(oldval.h.tt).val && crste_origin_large(oldval) !=3D crste_origin_large(newval)) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index 150e91e15ee0..579399ef5480 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -185,6 +185,8 @@ static inline union pgste _gmap_ptep_xchg(struct gmap *= gmap, union pte *ptep, un else _gmap_handle_vsie_unshadow_event(gmap, gfn); } + if (!ptep->s.d && newpte.s.d && !newpte.s.s) + SetPageDirty(pfn_to_page(newpte.h.pfra)); return __dat_ptep_xchg(ptep, pgste, newpte, gfn, gmap->asce, uses_skeys(g= map)); } =20 @@ -220,6 +222,8 @@ static inline bool __must_check _gmap_crstep_xchg_atomi= c(struct gmap *gmap, unio else _gmap_handle_vsie_unshadow_event(gmap, gfn); } + if (!oldcrste.s.fc1.d && newcrste.s.fc1.d && !newcrste.s.fc1.s) + SetPageDirty(phys_to_page(crste_origin_large(newcrste))); return dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, gmap->asce= ); } =20 --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14FF931F987; Thu, 26 Mar 2026 13:17:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531067; cv=none; b=anV4KabhDiHOv3CvDyTUFkqPzuFPn/DuSq5WwGANw/BpjCa6dEtS/FrdajCYThaKAIBG7rANYNNyLtCFBYNvcby43A+p0TsQwU75sAYTGqKME4Xl0xHInqG/I0ORR0mxbv3Bo/U2I5hfY7q9uYj21afafmLzZla8hdfSBwcstjo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531067; c=relaxed/simple; bh=4YvQrlAPtmyy9nHrH33xmBmKGZf67ZbjsSaFj8cuQVQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bssn/cAukaGmyd+gBFqjYj9GdeRKjR6TRVsiBCMVUafaPWkt6T1frvV3VxyK2QPhFa+oX8IMwf6rM54ec10/OkKCgfJrl5FlaPt+A8yczfH8tTZOd7uqwChdbLDHK3g76iPpYJ9JZ0eeA6us5RqplzSHP1YqY6gExUHPpGb66J0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=K492sBRD; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="K492sBRD" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62PMb9A5415280; Thu, 26 Mar 2026 13:17:34 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=AvguOzHMXTpjhhD6T F8/TjFg+mCN4KBzXh8tEjFzrow=; b=K492sBRDCKpbcrBV6TwBAb4FCDIjAEJ0a CoaWQVpfTPcboFh+HLVLgB0E+hWzyymS4dpiK3SpOfdXZ+3nmIGeNkAPNDqhi0v/ fV+RewfQo4MSe9B52lx6hSqHMv5eBOaBid5k9zf7wh0y/WD97cVz5TFuHWYyYsMe MiLJSvkg1+vpXoivrmOdr+nAxzaLOZzAAW8FTecofCm2ldBdgw/qCGxwl4xp8qzT RiBYcL3uhg01GqdBjbvMOHjUYNq60BGdDAEKvF0K57W4xysSAISfeBptlIcseJcB vDtNTu8X/XB4UTbQI+sE77TkSoXCTosWpnAP1xN89K2J8mvC9ZnXw== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kumvd6t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:34 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QAWCiN031592; Thu, 26 Mar 2026 13:17:33 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d25nt36u3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:33 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHTEX34799990 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:29 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 85A5F20043; Thu, 26 Mar 2026 13:17:29 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3A1212004F; Thu, 26 Mar 2026 13:17:28 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:28 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 06/10] KVM: s390: vsie: Fix nested guest memory shadowing Date: Thu, 26 Mar 2026 14:17:15 +0100 Message-ID: <20260326131719.98229-7-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: CjAxtl4CLEis2YSUzC8bNH5cbZIMxNzE X-Proofpoint-ORIG-GUID: CjAxtl4CLEis2YSUzC8bNH5cbZIMxNzE X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX+UREqn4SmtkA v4+wVVWqCaQHhAqtpAKo0jFIY6X8hgQXLpejPKyQuzAmxXaXgozgKVx/Xup2/2+TIo87xJtNINo EB0NDrEhRgphOIcYzy9iqcE07c1KqkX1OeX+TgmhZB6iDfVBiwOMmWGapJRSjAAZ/hsa3G39MV8 0g34S9i36jprLa89Gk3KKt+GXzeY34xeDrYxO4YH/ujNTXNmq09H7/nHDkcCWG92n7GUf3UkPIJ Z45k92vngvLX+oMC//cOnSHo2RDglYGTcARLY6N+lOmN3gPLfV21kMxIZ65hPvmjTnoyDVo5+Tz mzPSKu9/XMpFJgqmP5n3V2iAZZfag/T/AHUdZG1pPAMAp1ONX69h+T5je39YES3Tho2ufbycebF 4mIFdQ4rLmGlMD+LNfo1UwFjUby9iMoJhkaFGeOkArZHgs5wvISyglTf8oUXdrhPMCD2H89+d0r OQg5VBorI1qh8xIlGVQ== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c531ee cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=qWq0Kag4T7NBTqZ9-FgA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" Fix _do_shadow_pte() to use the correct pointer (guest pte instead of nested guest) to set up the new pte. Add a check to return -EOPNOTSUPP if the mapping for the nested guest is writeable but the same page in the guest is only read-only. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 8fd690255e1b..6bc30f678921 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1436,13 +1436,19 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t ra= ddr, union pte *ptep_h, union =20 if (!pgste_get_trylock(ptep_h, &pgste)) return -EAGAIN; - newpte =3D _pte(f->pfn, f->writable, !p, 0); - newpte.s.d |=3D ptep->s.d; - newpte.s.sd |=3D ptep->s.sd; - newpte.h.p &=3D ptep->h.p; - pgste =3D _gmap_ptep_xchg(sg->parent, ptep_h, newpte, pgste, f->gfn, fals= e); - pgste.vsie_notif =3D 1; + newpte =3D _pte(f->pfn, f->writable, !p, ptep_h->s.s); + newpte.s.d |=3D ptep_h->s.d; + newpte.s.sd |=3D ptep_h->s.sd; + newpte.h.p &=3D ptep_h->h.p; + if (!newpte.h.p && !f->writable) { + rc =3D -EOPNOTSUPP; + } else { + pgste =3D _gmap_ptep_xchg(sg->parent, ptep_h, newpte, pgste, f->gfn, fal= se); + pgste.vsie_notif =3D 1; + } pgste_set_unlock(ptep_h, pgste); + if (rc) + return rc; =20 newpte =3D _pte(f->pfn, 0, !p, 0); if (!pgste_get_trylock(ptep, &pgste)) @@ -1477,6 +1483,9 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni newcrste.h.p &=3D oldcrste.h.p; newcrste.s.fc1.vsie_notif =3D 1; newcrste.s.fc1.prefix_notif =3D oldcrste.s.fc1.prefix_notif; + newcrste.s.fc1.s =3D oldcrste.s.fc1.s; + if (!newcrste.h.p && !f->writable) + return -EOPNOTSUPP; } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); =20 newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C78E6315D46; Thu, 26 Mar 2026 13:17:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; cv=none; b=pWbqFerZhZzO5tFqEPKWQfrO3UVhQAAHpgiaLUx1vdKTbTaMV7UQgxKJ5vAYYa7Jwq4LoPTp9xIvWegte4EI4XOqLrmRneuw7QF7P5l8NqHSOCwK4F+LIyof/1SerqFcexwJHsMdIKKBYGlAsYXM5gTPElqTSpmZJa7FXpzyakI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531060; c=relaxed/simple; bh=MHdHLXyH7iuszd98LWnqBxEDGf2GEpHU/fgdAeQvjjg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LTy1JcAVldyQ0QDcxujItM7vyYv+r2kwsbaPYS1EJtEoxHo6zmxnt1fdHCkjNG/YZahTBHK1jYGg2zC+wTrdzt7Up+B3QgnoNsXe5uAqU8k6QzEXzxznQiep6R3E7r4r69NN46IM1uBYs4ST6MneIibgsd0kt+kwfYwHSvZX7Oc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=ij/9/8d1; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="ij/9/8d1" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62QCQSlO3655956; Thu, 26 Mar 2026 13:17:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=vT3yYaXEv73JcuJ65 PY4vf5XD+MWDZsakgN4+t2qViA=; b=ij/9/8d1R9CXltAk0YStqPD11HoTxLl5S euwoBt4q+x+Wlh0DZS3dw0MptNAdpPnGMQl3PFQnaGMiXDUMROJ9X8S8XHbHDTwT SdC/BueQLUNASQC1O5wSyOUbxuytV/3fVnqhIG1cuzLPZjxpuVHVqcZG4Uc3xh5n VQwt9tXvrwRcYLe3JXfcX1g7M2fzGT8h26JPClJGlT3kZN0g96lZpAPSxlTr4FYC 7PzlVjgSvW3CWYBrpLCul2AW4gqWMtPgZPT9mTwh6z+El9fyRRy+BU2R+lsLkN9/ k/fzqCi1jWVM9nD06vMTCOr47UN75DVP9nmSjh5p+1kni0qWSXWTw== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1ky0c9qv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:35 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QAuMND031631; Thu, 26 Mar 2026 13:17:34 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d25nt36u7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:34 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHVG652494710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:31 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 36CC120043; Thu, 26 Mar 2026 13:17:31 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA0972004B; Thu, 26 Mar 2026 13:17:29 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:29 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 07/10] KVM: s390: vsie: Fix refcount overflow for shadow gmaps Date: Thu, 26 Mar 2026 14:17:16 +0100 Message-ID: <20260326131719.98229-8-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA4OSBTYWx0ZWRfX9RXxF2HKiqk/ QZ820ChJHhGkiCW4sVCrwGDM0IoQQho+zpIAweSDtV4fvmdn+6LMcxYNeiKM3h0mfjWUWSFcYNc RnqTLbuKhXwSbcasBbz2QS+RpH5V3/h55VFxUHk8vj51x4uhsS3VyC26BTbBzM1nxoj+rSUIREm tGFOw0E6PT1prjVGRSk3VOTuT7dxInR7EAoL/qeJCZHac+0rFIQwRggsH34FhmwV+pAHEdrqc8g QdjX5EwVbmSdtN29/rYXz/XbQZbU7SCahqvcOH+L+6Bo1fxfZFSZ1pTe/dRoeYsvWh5BJn6Of9K CBJZy/2ukI5titPlS/SHFgUkehpawNLKAsPJ9MA8vRcX6o5ED70sArOgns2PjOh7DbyBLJe4YbJ WaCmbZE9CCo1nNMJYIUlqp6FSbXqphpn8jsjZNFp2N2MMPkLU8WwhFHSgZzzeqLW9+xZQxE6JKc /EacTGKeNETR13bprTA== X-Authority-Analysis: v=2.4 cv=JK42csKb c=1 sm=1 tr=0 ts=69c531ef cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=h1h-QmE6hYAJ3QnyM7YA:9 X-Proofpoint-ORIG-GUID: KW8qg7Cm8SK72yZx2_PfjScOL5yXPqla X-Proofpoint-GUID: KW8qg7Cm8SK72yZx2_PfjScOL5yXPqla X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1015 priorityscore=1501 malwarescore=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260089 Content-Type: text/plain; charset="utf-8" In most cases gmap_put() was not called when it should have. Add the missing gmap_put() in vsie_run(). Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Reviewed-by: Steffen Eiden Reviewed-by: Janosch Frank --- arch/s390/kvm/vsie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 0330829b4046..72895dddc39a 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1328,7 +1328,7 @@ static void unregister_shadow_scb(struct kvm_vcpu *vc= pu) static int vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { struct kvm_s390_sie_block *scb_s =3D &vsie_page->scb_s; - struct gmap *sg; + struct gmap *sg =3D NULL; int rc =3D 0; =20 while (1) { @@ -1368,6 +1368,8 @@ static int vsie_run(struct kvm_vcpu *vcpu, struct vsi= e_page *vsie_page) sg =3D gmap_put(sg); cond_resched(); } + if (sg) + sg =3D gmap_put(sg); =20 if (rc =3D=3D -EFAULT) { /* --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 523BE3932E9; Thu, 26 Mar 2026 13:17:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531061; cv=none; b=jwxyu8tmLkZSrlWfYNS0rt+ffO3KzaWqPe6IjZ3xM8Mx1Xif+InEYP3nTTEXK4QKMsLl0B7T2MDCFgRA/Q19SeQB3B1pYhPTJPrXmqfSeRLzVYvjTguSqTqB53pxLJZeSP0+tzQISMezgpLYtNOjlNDsoYoaHoJdHuCfP6UQbxs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531061; c=relaxed/simple; bh=yLf16VTY8zHgbGWZObmkGq70ZNsvIQhI7H5el5ez5XY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JMtdz5KxNskmNvdNzTweZ4bsN0YShEabzh9Z+Cm1enWmc7CUC1IEijK/FshZAsRsrMOFGmAR+z1OmdB16/49snOMwnfW3Df8LkTVk2ztMZINT3l7Wej7emkKbibKPceEuUtJexz5g5AN8CEIkAiDl3X1aVqliYE9DbWBfapRSgE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=aQCreOS1; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="aQCreOS1" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62PMb9A7415280; Thu, 26 Mar 2026 13:17:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=9YFviP9GfL+MtQpHB a/uSunbeI+6rJAMULnml9gWGfo=; b=aQCreOS1LsQHSLrPm36zSpqHknyEkejp5 4xur7iLLelKdeT00oXwnDcXo0JyijPyw8H283zHpTsnhbDNCdeOrphpR2FGR6CQ5 2FaRfHTlnLzwUtlnRJkDyn7aDPI6Okh2wmM38ZWz+akNLjGXOlNcYR/D/7yWRXpV mfYUTjXyBUOvL/ILKPciCB/ZGU+yFYfE4NDtAsNpUtUsYL6fOcW26KkXOg0dWwK0 g8qlzVwxqEcJoHwtDshkL/r3jAm+KtfCmQUHEfpPomW4KLBL9LQaEN2cUwLUWBPP uLgCxFXygmD1ji8/C3B2fqevf6/gpLYWFE7lYjpNBHiPJqmyRcxag== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kumvd74-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:37 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QBhw1G012213; Thu, 26 Mar 2026 13:17:36 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d27vkavk7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:36 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHWRs37224950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:32 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B4C422004B; Thu, 26 Mar 2026 13:17:32 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6097C20043; Thu, 26 Mar 2026 13:17:31 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:31 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 08/10] KVM: s390: vsie: Fix unshadowing while shadowing Date: Thu, 26 Mar 2026 14:17:17 +0100 Message-ID: <20260326131719.98229-9-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Xm_dTDM1PNbEEUDndCoIkMOkFgEFE3l8 X-Proofpoint-ORIG-GUID: Xm_dTDM1PNbEEUDndCoIkMOkFgEFE3l8 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX7uE7yiMfPL4t RIUQdU0BXLW0CHFej5D5AbdBkN+ggCIfQuA0ST8Ttg3XZYH3C1nQ4yzvJP/a21RBPfAefOv0kko sGsApmavVpyvWs2qpysd5V3S4qoa1awgn6+ud8P9X1oGrnkZCic7cZzB1mha/aj1tSTfrwRk2Jh 6224Sqh4hfuKt16kg7kut3XocXxW3yMqZQalhdWqeHB67KhthtF1XXePIJ/KVCODhuDU9rYXoYW DmrZYaB2sif2xyjlVmn+y2Umzyoy5/+Ap4ueTr0JJGD3e7s4YTwMvHGwWFTj1PlsM/Gffaa3erx G9BaJnsT31L3DR3zOAHWKQN9m5AIaOsYWt5SMBcIjsU2u+K4Xw5Q1QCxok1A0npdaYR6lkE9fFr j2Mv1iCriH32UwNz6hauZy8LZdebpeHl+u0xBsM4Pimv7cAplsED/qyDDosjTbZF95LI3/YEf2a A+97E1zJzgGXnmVi0FA== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c531f1 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=bRHUIx8OYqRU_FziVQ0A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" If shadowing causes the shadow gmap to get unshadowed, exit early to prevent an attempt to dereference the parent pointer, which at this point is NULL. Opportunistically add some more checks to prevent NULL parents. Signed-off-by: Claudio Imbrenda Fixes: a2c17f9270cc ("KVM: s390: New gmap code") Fixes: e5f98a6899bd ("KVM: s390: Add some helper functions needed for vSIE") Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 9 +++++++++ arch/s390/kvm/gmap.c | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 6bc30f678921..8d99667e7d34 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1449,6 +1449,8 @@ static int _do_shadow_pte(struct gmap *sg, gpa_t radd= r, union pte *ptep_h, union pgste_set_unlock(ptep_h, pgste); if (rc) return rc; + if (!sg->parent) + return -EAGAIN; =20 newpte =3D _pte(f->pfn, 0, !p, 0); if (!pgste_get_trylock(ptep, &pgste)) @@ -1476,6 +1478,9 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni return rc; =20 do { + /* _gmap_crstep_xchg_atomic() could have unshadowed this shadow gmap */ + if (!sg->parent) + return -EAGAIN; oldcrste =3D READ_ONCE(*host); newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, f->writable, !p); newcrste.s.fc1.d |=3D oldcrste.s.fc1.d; @@ -1487,6 +1492,8 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni if (!newcrste.h.p && !f->writable) return -EOPNOTSUPP; } while (!_gmap_crstep_xchg_atomic(sg->parent, host, oldcrste, newcrste, = f->gfn, false)); + if (!sg->parent) + return -EAGAIN; =20 newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); gfn =3D gpa_to_gfn(raddr); @@ -1531,6 +1538,8 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, entries[i - 1].pfn, i, entries[i - 1].writable); if (rc) return rc; + if (!sg->parent) + return -EAGAIN; } =20 rc =3D dat_entry_walk(NULL, entries[LEVEL_MEM].gfn, sg->parent->asce, DAT= _WALK_LEAF, diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index c8b79ad04ac9..645c32c767d2 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -1160,6 +1160,7 @@ struct gmap_protect_asce_top_level { static inline int __gmap_protect_asce_top_level(struct kvm_s390_mmu_cache = *mc, struct gmap *sg, struct gmap_protect_asce_top_level *context) { + struct gmap *parent; int rc, i; =20 guard(write_lock)(&sg->kvm->mmu_lock); @@ -1167,7 +1168,12 @@ static inline int __gmap_protect_asce_top_level(stru= ct kvm_s390_mmu_cache *mc, s if (kvm_s390_array_needs_retry_safe(sg->kvm, context->seq, context->f)) return -EAGAIN; =20 - scoped_guard(spinlock, &sg->parent->children_lock) { + parent =3D READ_ONCE(sg->parent); + if (!parent) + return -EAGAIN; + scoped_guard(spinlock, &parent->children_lock) { + if (READ_ONCE(sg->parent) !=3D parent) + return -EAGAIN; for (i =3D 0; i < CRST_TABLE_PAGES; i++) { if (!context->f[i].valid) continue; @@ -1250,6 +1256,9 @@ struct gmap *gmap_create_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *pare struct gmap *sg, *new; int rc; =20 + if (WARN_ON(!parent)) + return ERR_PTR(-EINVAL); + scoped_guard(spinlock, &parent->children_lock) { sg =3D gmap_find_shadow(parent, asce, edat_level); if (sg) { --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 989FD3F54D0; Thu, 26 Mar 2026 13:17:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531063; cv=none; b=A0LzTNQdMg7d+YOfECa06qle/iGMYXKi1oBvB7PSKJDl0PcsBHCqV7jILbNu131yAz+UErSSompBFVh9UVhquQNgK8Q77BfOmFiMtR+pbQF56zS6ZmFnRz8nltG5i2N4uyYlC8D+E7hKo83Y/GBerMNGqCnCu54dLViP2ob2/K4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531063; c=relaxed/simple; bh=CF6OzJVaObW1uo4D09pha6CNc+28ifIe73AysbpKqHk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Z31gSshlUbQD0m+u6UgWXDmu5ENJC23jHGezyaVW3FE5XDBLH4EhP0HdWL/TevzhTwr6koTPDkKnli5B7coUnhgNWOnu3ffF29UeZC/vrXt+OP5qUMg2JjCBpgWkwhqmP4iMJnUaZQzOp6m+uFV6Wmo3jPg8CK6nC+H88Dao1Ek= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Uy8AuRNt; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Uy8AuRNt" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q2MqO7486107; Thu, 26 Mar 2026 13:17:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=M23Itk6fuMRcABNzx Vx0p//9H4wV5f0Pk3BylfCJegQ=; b=Uy8AuRNtDWl6g5hEMmbcs9T1lfM4OQQp7 CXBnspE7oqNa+VC6C/df437C6EqvjXJW7sAQ8Z0ZO9EqST0Zy4wi5Fn25oyTaiLo xVjwspSCrxmf8LAvrwwrsqTi7zumYteXNEiI41eWKl12AJatoTF4sow+vIr+kmBy +R6cFRPlrMLNN/bdgnbd7BJuEin1RbYDYYt6PEfBnYcVeArOeAgXXH+PnOrqxFRN y4lnungMFBSIVxLSF9OjaPBrYUqqGvvgQ3aLW4rBIDIG4SBgR8KqVq+tBAASuiBt ZWj5ewh7wj6X0tpK5b8/HofyxnAoVE6A06ive3STFVLRaUQ25nUNA== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kumvd75-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:38 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QCpZfa004398; Thu, 26 Mar 2026 13:17:37 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4d28c2aty9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:37 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHYok34734506 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:34 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 165962004E; Thu, 26 Mar 2026 13:17:34 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DE1AC20043; Thu, 26 Mar 2026 13:17:32 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:32 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 09/10] KVM: s390: vsie: Fix guest page tables protection Date: Thu, 26 Mar 2026 14:17:18 +0100 Message-ID: <20260326131719.98229-10-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: RMTEQR4QlTCf6cDeFKJ2anJk2TAjgB6T X-Proofpoint-ORIG-GUID: RMTEQR4QlTCf6cDeFKJ2anJk2TAjgB6T X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX4TbaHMBtgSKA 5xc2xkhFYKAjQ2N23bG5NnJaRzBKdx5jlTMB0HmfdNrH1gXKlGOi7jQwJ6HQLUVwxVOdYLYwCT3 HTcTUT0839VfwOgUEEICpqwK3bQnhN4koYGG/XYhZTk6TCuuoykBbEaVo1PomunWoVE+/hoRt4o 9LkIYgrQevcjxV6cWFV80FKNaleFs8yQZbRN6W+YFf52reIOyPHnEVstp6rpQ3HvKVRrAZeNK3L BmSA0OqXnCqo8VfTf0rcu7U4b/yBNmYADVnUcL6ib0BWpTdaSydhp6BsxmjmNmj1+gPApbsqOvl wRZCPAsVa9H9MSBIXRP/ZHOYNzxXNxxy60gofxChqhgbKIT3DbuCkleKblvt4VRbFlhGTyEkRkf sfDzF1HCJ1pUVY2MM1gIEskQcaQ4M0x0y+HhBbSsTuFAmf6qTms9v9MVc1nqjqyPKZXDbbuovMG 2woBjFFF3OYDh8lsCEg== X-Authority-Analysis: v=2.4 cv=KbXfcAYD c=1 sm=1 tr=0 ts=69c531f2 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=oWLg5jHnNaD6DMA7ueYA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" When shadowing, the guest page tables are write-protected, in order to trap changes and properly unshadow the shadow mapping for the nested guest. Already shadowed levels are skipped, so that only the needed levels are write protected. Currently the levels that get write protected are exactly one level too deep: the last level (nested guest memory) gets protected in the wrong way, and will be protected again correctly a few lines afterwards; most importantly, the highest non-shadowed level does *not* get write protected. Moreover, if the nested guest is running in a real address space, there are no DAT tables to shadow. Write protect the correct levels, so that all the levels that need to be protected are protected, and avoid double protecting the last level; skip attempting to shadow the DAT tables when the nested guest is running in a real address space. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Tested-by: Christian Borntraeger Reviewed-by: Janosch Frank --- arch/s390/kvm/gaccess.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 8d99667e7d34..53a8550e7102 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1529,13 +1529,20 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_c= ache *mc, struct gmap *sg, =20 gl =3D get_level(table, ptep); =20 + /* In case of a real address space */ + if (w->level <=3D LEVEL_MEM) { + l =3D TABLE_TYPE_PAGE_TABLE; + hl =3D TABLE_TYPE_REGION1; + goto real_address_space; + } + /* * Skip levels that are already protected. For each level, protect * only the page containing the entry, not the whole table. */ for (i =3D gl ; i >=3D w->level; i--) { - rc =3D gmap_protect_rmap(mc, sg, entries[i - 1].gfn, gpa_to_gfn(saddr), - entries[i - 1].pfn, i, entries[i - 1].writable); + rc =3D gmap_protect_rmap(mc, sg, entries[i].gfn, gpa_to_gfn(saddr), + entries[i].pfn, i + 1, entries[i].writable); if (rc) return rc; if (!sg->parent) @@ -1551,6 +1558,7 @@ static int _gaccess_do_shadow(struct kvm_s390_mmu_cac= he *mc, struct gmap *sg, /* Get the smallest granularity */ l =3D min3(gl, hl, w->level); =20 +real_address_space: flags =3D DAT_WALK_SPLIT_ALLOC | (uses_skeys(sg->parent) ? DAT_WALK_USES_= SKEYS : 0); /* If necessary, create the shadow mapping */ if (l < gl) { --=20 2.53.0 From nobody Thu Apr 2 20:25:28 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8F143F8DF1; Thu, 26 Mar 2026 13:17:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531064; cv=none; b=eJYrd2QZfPweSaDlZXfgKHECmv00NLMO3Qp3CbSsOzVRgdMH6Q5m5grw08Pd7Eg9LcMOCv7ZP1e0qj4mRUQjLgu8P42+jaAoLYPKQSNej2Z+1H2gXZfmBxGhqK5QHKur/BQ0Olokv+uo4CsoH5eQ82damsiiXJAEQBFU+5LmA4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774531064; c=relaxed/simple; bh=MF+Zuv+lsaPruI6piauc3ZYmB9fzDQCGBuH85He0KhY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FaqshMxTc7A3AP6jcUDw3moe+EuqN2bcfUh7kebzZCT7tyhY7PuOHn+NSLYQsBx0Q540RMlOHeZ38gfwQnqAEBmRodEDeYeMx60zYWsgFoSiaeFyAGRp1h3L1tXvjbVEslI4jZ6J9DPfElNSvu5/qcyDk8Qw+3YV9xWCzM/VRRM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=rKBY/8F2; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="rKBY/8F2" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62Q2NF9b826235; Thu, 26 Mar 2026 13:17:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=nOxwK00xduMxcZUaX ts66Eik8r+8wlNhFapP0KVtJco=; b=rKBY/8F2fb3PFJqjoAhgItyEAyXFSlzZ+ wQ2FRgOTVKj+MBh80aeVWB0XmknJyqJPUsa8STAlo3PJXVZw9xubZfMqwhlEU3Sp DBYcf6NCbNEzZeWE3zzZxu+ct07x8j2m1KLUAF9UwEaRF6MW0dBZubF529a78Bd/ Au0g5I7lJZVec+zWg6WAcW0Nqw71lyMl81fBvu5XnQDAgLMkq935a1gc45D5CF7k GDxbUG62rz1Y9LK34stJkWXXB5VI1Tx5+HAwmNNd5I9Is+dxT6DkLHyoVAO6iSYa EWQsPhTLz4YkH+tt7tpVmcE+mcSux4SQs7+y0YC4i1vyusjHr1QEA== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4d1kxqnd2a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:40 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 62QBWYDt026695; Thu, 26 Mar 2026 13:17:39 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4d275m2yx1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2026 13:17:39 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 62QDHZif34341128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2026 13:17:35 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8BFB020040; Thu, 26 Mar 2026 13:17:35 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 40E8A2004B; Thu, 26 Mar 2026 13:17:34 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.23.142]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2026 13:17:34 +0000 (GMT) From: Claudio Imbrenda To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, nrb@linux.ibm.com, seiden@linux.ibm.com, gra@linux.ibm.com, schlameuss@linux.ibm.com, hca@linux.ibm.com, david@kernel.org Subject: [PATCH v5 10/10] KVM: s390: Fix KVM_S390_VCPU_FAULT ioctl Date: Thu, 26 Mar 2026 14:17:19 +0100 Message-ID: <20260326131719.98229-11-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326131719.98229-1-imbrenda@linux.ibm.com> References: <20260326131719.98229-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: MTp9iHB-EkkrVc2nig7eGgnQuKvOj1lL X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI2MDA5MyBTYWx0ZWRfX0hJ3Ge+/mbi/ epqx5D8RSv0rgNPinleCfzPBH97UGsiF6MJbKyUVhzh6YsytQgBkBLhQgtIFaKVz5qi4DvLBK8D EjMVsVP1oiQGbtLmnrc56qGmxjw0N2URzlDtLGeSxyR5Ub2TxLFVI5vgHeqT4CBRGr3MewXtfmm qA5HAQIqaOKs7XRWOk706U/bXLSYimal7UjGgoNyOLHXBUy95cYn39j/kZ1ulP3ynU/PbEpVNeY 9WVPR2iTtlIt68Ay4T1MjfDw90hJGgzwnXH/WoA33jOrZ9VT5fjhnH+CBaBxsT3py8qNaV8UPXM ilYOXrcWnTx8LYygMav3GDTdBOIyFBmHORsjvFja8nbqSwUOigOzCedFwmi54gcDYaZqQZWvGhw AxkOxBvms5SwEIJ89SUHLGTbnYEen9zz3UdcnfKyRMxYSPLYWNKQc0j2bwXDdEXB3DmJ1hBUBdn X8qj18dMCJENOERXN2Q== X-Authority-Analysis: v=2.4 cv=bLEb4f+Z c=1 sm=1 tr=0 ts=69c531f4 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=ikv_JcFPPU8SThzKSe0A:9 X-Proofpoint-GUID: MTp9iHB-EkkrVc2nig7eGgnQuKvOj1lL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-26_02,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603260093 Content-Type: text/plain; charset="utf-8" A previous commit changed the behaviour of the KVM_S390_VCPU_FAULT ioctl. The current (wrong) implementation will trigger a guest addressing exception if the requested address lies outside of a memslot, unless the VM is UCONTROL. Restore the previous behaviour by open coding the fault-in logic. Fixes: 3762e905ec2e ("KVM: s390: use __kvm_faultin_pfn()") Signed-off-by: Claudio Imbrenda Acked-by: Christian Borntraeger Reviewed-by: Steffen Eiden --- arch/s390/kvm/kvm-s390.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index ebcb0ef8835e..62f04931b54d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -5520,9 +5520,21 @@ long kvm_arch_vcpu_ioctl(struct file *filp, } #endif case KVM_S390_VCPU_FAULT: { - idx =3D srcu_read_lock(&vcpu->kvm->srcu); - r =3D vcpu_dat_fault_handler(vcpu, arg, 0); - srcu_read_unlock(&vcpu->kvm->srcu, idx); + gpa_t gaddr =3D arg; + + scoped_guard(srcu, &vcpu->kvm->srcu) { + r =3D vcpu_ucontrol_translate(vcpu, &gaddr); + if (r) + break; + + r =3D kvm_s390_faultin_gfn_simple(vcpu, NULL, gpa_to_gfn(gaddr), false); + if (r =3D=3D PGM_ADDRESSING) + r =3D -EFAULT; + if (r <=3D 0) + break; + r =3D -EIO; + KVM_BUG_ON(r, vcpu->kvm); + } break; } case KVM_ENABLE_CAP: --=20 2.53.0