From nobody Mon Jun 8 04:24:52 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 818293B6348; Tue, 2 Jun 2026 14:24:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410247; cv=none; b=Vm5z3DsXpG7xGymgnuyGwpcq0f1QR4xjnvTzFcafmH5twOA+4VImqH7FD4t7AUu3e/lloPM0vP7LoUWLRtbw0prH7hzxTLDKhrOPxFCmuVuB0QSavnINbkPx5M8eJALk/bBOVbOWWfy+P9+QXfMhoGLeWap0qTISKfVI+Ai8us8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410247; c=relaxed/simple; bh=XiJXh/3Iiy/mpxpcoqsz7KBxeWf7PqfU1rlpDGcPggM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=g/BXdu9LpKW+weo0jol4BDyKZWwODZ+2uc3Kh6GbzE13qaCs2/ASYt7Sd0NKJu0VXwRGOxgcPRgAyGmlpk8TO9JjwbU6gEM6304XuVwRtaOYBvVblZZ+HN2PRsvc/ccrpvDlGCgnWa4oPXm1djjPYHuAEwkQaew8/tTWsGn0Xk0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=IJekw7Cp; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="IJekw7Cp" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6524vO5k1020056; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=8YKzseVnpG5RIeHhW V3ErjTjlQyqbpe49wYU+4K4ONs=; b=IJekw7CpkXMXYQ6H8kB54SyfehziKY42Y G1eyP5bCZWsm3BlfKlTNf0Sp8VmigdvcEiCCKPaLwnoC/FO+8T7Lltc1KMsw0o7p ay7c7iPhKVRbe/ITJOYSqjX5ruxRJEOmgu46DSZto3iW2BdOd+RTkFg8BRWmZrFv yTIi62d4cNbe1yY2WBkFv7n8JJfsEQVFwSKEp64lyeR1T6J+YRq7VKy0zSfBuHom NkEo2YwbXnt+YYNnnrCoRZ7JhqoMkGMn3sNvoY4MTPkZB7QBcx+PF/nB4iKHAMuW /XACrEpyJXsE07yYBW+lW20ht4C18+eQfmmffamepxX0EH7IG7dBQ== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqjq6aux-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652DOIWv007350; Tue, 2 Jun 2026 14:24:03 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egb7k3mpu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENvPj47776012 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 16A2420040; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E11C32004B; Tue, 2 Jun 2026 14:23:56 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:56 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 01/10] KVM: s390: Fix _gmap_unmap_crste() Date: Tue, 2 Jun 2026 16:23:47 +0200 Message-ID: <20260602142356.169458-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: srwHOVlL-bUjj5u-crP5XIhCGHpRatbp X-Proofpoint-GUID: srwHOVlL-bUjj5u-crP5XIhCGHpRatbp X-Authority-Analysis: v=2.4 cv=bcVbluPB c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=KFDtdd5XBMBq3xqWTvkA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX77jcICa4YfG7 q/ediefjkOlyIK3v5E5ifAx4LdGKC3N0QmMjQ5PvkQv3fVL9fx5tEezvAvehg8cZqD3N29QKuxC 4/0DJSGzAo5oWOW5jaE9Ot8AQqoRtTsM+6ed7Gcy/K7S4p9SoqhdpMEYVOJkWQGvVnPTLx1ffZl BGkO7d+JYUec7F5pcya7zrYB6bpgGMd7we5rDsbHa369iC8bvR20acn+mzvIZKOQwuWurNhFyOf qPPiR9slLx4us6iGtwOiX8zZleiGeZBPf2cYgnwYD637uwYBEtV7TqOyy1wmLQYc2FB1vvwZsGU 1CRgT1Fjw9xd4MlirEKg9CpHQiDQcfI3va2PFO4C4Fbg3gMYs5o6Vhz34gUyKlH6bt7Lax67Ezn F8sAysx9g3UDZ6PfUHhjwMA55ByPENaIowGyHI+HoGTdadBfi2k+R3Nj6wGSuKQph2SNcOG96S0 aEJzlGaC696wudjx2+g== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1015 adultscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 spamscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" In _gmap_unmap_crste(), the crste to be unmapped is zapped calling gmap_crstep_xchg_atomic() exactly once, and expecting it to succeed. This is a reasonable sanity check, since kvm->mmu_lock is being held in write mode, and thus no races should be possible. An upcoming patch will change the behaviour of gmap_crstep_xchg_atomic() to return false and clear the vsie_notif bit if the operation triggers an unshadow operation. With the new behaviour, an unmap operation that triggers an unshadow would cause the VM to be killed. Prepare for the change by checking if the vsie_notif bit was set in the old crste if gmap_crstep_xchg_atomic() fails the first time, and try a second time. The second time no failures are allowed. Signed-off-by: Claudio Imbrenda Fixes: b827ef02f409 ("KVM: s390: Remove non-atomic dat_crstep_xchg()") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") --- arch/s390/kvm/gmap.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c index 957126ab991c..52d55ddea8d4 100644 --- a/arch/s390/kvm/gmap.c +++ b/arch/s390/kvm/gmap.c @@ -395,15 +395,28 @@ static long _gmap_unmap_crste(union crste *crstep, gf= n_t gfn, gfn_t next, struct struct gmap_unmap_priv *priv =3D walk->priv; struct folio *folio =3D NULL; union crste old =3D *crstep; + bool ok; =20 if (!old.h.fc) return 0; =20 if (old.s.fc1.pr && test_bit(GMAP_FLAG_EXPORT_ON_UNMAP, &priv->gmap->flag= s)) folio =3D phys_to_folio(crste_origin_large(old)); - /* No races should happen because kvm->mmu_lock is held in write mode */ - KVM_BUG_ON(!gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY= (old.h.tt), gfn), - priv->gmap->kvm); + /* + * No races should happen because kvm->mmu_lock is held in write mode, + * but the unmap operation could have triggered an unshadow, which + * causes gmap_crstep_xchg_atomic() to return false and clear the + * vsie_notif bit. Allow the operation to fail once, if the old crste + * had the vsie_notif bit set. A second failure is not allowed, for + * the reasons above. + */ + ok =3D gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY(old.= h.tt), gfn); + if (!ok) { + KVM_BUG_ON(!old.s.fc1.vsie_notif, priv->gmap->kvm); + old.s.fc1.vsie_notif =3D 0; + ok =3D gmap_crstep_xchg_atomic(priv->gmap, crstep, old, _CRSTE_EMPTY(old= .h.tt), gfn); + KVM_BUG_ON(!ok, priv->gmap->kvm); + } if (folio) uv_convert_from_secure_folio(folio); =20 --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4615E3AB5B2; Tue, 2 Jun 2026 14:24:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410247; cv=none; b=dIcPMsrQSkfYbF6yX+5U6EnhwY3m+KFAt2uGR5AtK+3bihuIcU3mjeKvQZApz1/zcruzCTYmb1RolbxKZ7vDeemER/ceIhyZiOHB54Y3EYmHb9Eh9hI9uiGIZuPpRE1Mse7JLm5g4PYUXvXLdc8cRR+oUxG3hlWYzZ2ffJK3rFg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410247; c=relaxed/simple; bh=PFeMKJR8nR7wr+MoY/+dZNvE3wZJ8jFHROaaMChHhQo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=H9KKCFzHZ21nwtAZBP8eES56+vVI0SmINEZpWQkovbQDDUgy5ZzNWC2NYb0Tcx0efio9HOxnUGW7A1ZrkzSMaLGGjgmGJNl2hNauov8MyBOBdNXnXk+rRR0tyhbWVPPka28Yns2CPRT/7NG06j/5ebCRYyCn+xMSYOrgA9AAWL0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=XwkZq1+M; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="XwkZq1+M" Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6524ZR0h798759; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=lmk3DeMg100OdUmml UuLjTKMHcFnlbhpGWHXgUhCo4U=; b=XwkZq1+Md75p7OhIE2OYXhkSGdhP97brz i7N7MyFhAAvqGgc9AqNUHHiUmY69N0WW21zjI8u1UL2Kue7NvkDZn1cMK8ceF71x run+W0s5BKWiB04ledxqsIkI5Q5nhtTvGggnr2Brz2C7wPB8T4jeiqcsmpHustDc 2+L0pHnG1NbVy9WOvYUWZRqfnJAk/pFU/wpsaqTyRHbAo8ByFm5hIuD+rUk8EztO I+i6vmpt9CIlZ/S385KRhWKOsopI5W2Q2/W81y869w91C2ghFU9Mkgyok27XW/Mt wGq1Dr4V0xt1zI9/CKF3p1EfJsr2Jx1q4ZEoS63/ok/wOeZzyj00A== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqjq6auv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E9AjC014051; Tue, 2 Jun 2026 14:24:03 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4egcegkcjv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:02 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENvcX47776014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4639520040; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1C51620043; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 02/10] KVM: s390: Fix _gmap_crstep_xchg_atomic() Date: Tue, 2 Jun 2026 16:23:48 +0200 Message-ID: <20260602142356.169458-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: mK-E2199bP7qROiRrK1e9vVW50MfiwX4 X-Proofpoint-GUID: mK-E2199bP7qROiRrK1e9vVW50MfiwX4 X-Authority-Analysis: v=2.4 cv=bcVbluPB c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=SMUcQ3FjFaoWpPRfvsEA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX++PmWS8MxZfb rNmPedLv85al9ieEw5VQZUCGm4kIcxeMM0N+8JmEl0SCjfnWLLMNqjZHwEb2xKlMyfkjhGpcvf4 hVGdFRnyXphBSbFpth8qWt2wnOYtxYO4fDjggZgGFz7H4LPRHo78Xnsxsp2w4eUTN8U+jJyJWnv g4w/04gY/ThJjFWlv/wFAsbNx0yHXXlsEc5wbeFCpJ5QbYPxZYU1RHF7vnQlozcbL/OxSU3SkYV pKwHEwgfXwAfEXRCx2+J6tZ+FYMrZWR3N/uUBXb/8Dq2iNytzxS542Ee3k95gsZXxPldpShqyfQ RRoRPzDDwVvswq/q7N1sfnlBBSKyKBFlMmI9IJn3OtTd3pAdI19KS2/5x87AbEZwgKdZBQgFYxE tPO+idcyU9rWoi76WToH3Fg+hk5MHLUZJuHjiuvVHt4IE2kVbF3ikAgcUzmpMMmgmYh1O7bx02g ruLw+4t3Q8Axt+CJpkg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1015 adultscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 spamscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" The previous incorrect behaviour cleared the vsie_notif bit without returning false, which allowed shadow crstes to be installed without the vsie_notif bit. Return false and do not perform the operation if an unshadow event has been triggered, but still attempt to clear the vsie_notif bit from the existing crste. This will prevent the installation of shadow crstes without vsie_notif bit and will also prevent the caller from looping forever if it was not checking for the sg->invalidated flag. Signed-off-by: Claudio Imbrenda Fixes: b827ef02f409 ("KVM: s390: Remove non-atomic dat_crstep_xchg()") Fixes: a2c17f9270cc ("KVM: s390: New gmap code") --- arch/s390/kvm/gmap.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/s390/kvm/gmap.h b/arch/s390/kvm/gmap.h index 742e42a31744..5374f21aaf8d 100644 --- a/arch/s390/kvm/gmap.h +++ b/arch/s390/kvm/gmap.h @@ -273,11 +273,14 @@ static inline bool __must_check _gmap_crstep_xchg_ato= mic(struct gmap *gmap, unio gmap_unmap_prefix(gmap, gfn, gfn + align); } if (crste_leaf(oldcrste) && crste_needs_unshadow(oldcrste, newcrste)) { + newcrste =3D oldcrste; newcrste.s.fc1.vsie_notif =3D 0; if (needs_lock) gmap_handle_vsie_unshadow_event(gmap, gfn); else _gmap_handle_vsie_unshadow_event(gmap, gfn); + dat_crstep_xchg_atomic(crstep, oldcrste, newcrste, gfn, gmap->asce); + return false; } if (!oldcrste.s.fc1.d && newcrste.s.fc1.d && !newcrste.s.fc1.s) SetPageDirty(phys_to_page(crste_origin_large(newcrste))); --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B79553DA7DC; Tue, 2 Jun 2026 14:24:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410248; cv=none; b=Pe1xS4KwbiN0ReKFqVPzfJzOxVJtPwo7vxrlGCNBgx+dCBuyeZyqI8Y+UlUSaiLo9o9spY0DgGtunGuCooYuj0bFixRir0Jvc8Fs4acxCB3C2Z6+ua3ei/jcGQwqhy/Hvfb1TuS2FimRytww7HGiiID+JcaueLxpWzzUYhUDTA0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410248; c=relaxed/simple; bh=MhMyYUX/dAPiS9ylnes7JBSojO9LvZkIyLpEvxV4vi8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e1v6wyM8fFeuI9fYFMl4zvH6H4CCLPvcoAVwaJ08OV1LOEzrWiPuf/6y/kaCh3fBxhf6eVikOgqu3oBiZZrxksCLABt8hqhJOETPZyoNAuPh3FEsHR9sdhWkEVipo8zPuMUXplFuCthFvkyNX2/8Qmb4cE6aNKzE6vQh8QVSj5U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=auvpuO5T; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="auvpuO5T" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6523Sm011360394; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=TKV6SSaQ4WCADJcuV 4DZvER+9KJ0fj1zCgEl0eKkIqM=; b=auvpuO5T5nHtUHqzwplGK1T15lJ+NgqKz 0trzsokGBQgx8VSYLNlmbupzvkwEK2VLgvXnyBzcl2RM/nuY2vAntc8ogw9pLc6d 3L8fNwRHJfm8eXkSkSuJljdyecqD/It4uBqeXLbXaLKNPawMvq6dYQwQV4RNi9FU oIUg0/9AcTSJsN4KYC7AS1KPPwoP/gA3qLy0Y5NHidzyp/jDP3YOsgN4g/1HPDgk hhUZ3exu1QX7cz9m9DCxiLiUqlE8YSwJuRdu1vK0B+iHfK2c9ks5wIRr7P0QEo1H nSYKFkCGrZpUGWPzTY2ef/0NhZ7euqUM4wrAuC0YTr63tp0M6cqgQ== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqd46dr5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E98Nm015583; Tue, 2 Jun 2026 14:24:03 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4egcwybaah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENvwb47776020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 779BB20040; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4C9632004B; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 03/10] KVM: s390: Avoid potentially sleeping while atomic when zapping pages Date: Tue, 2 Jun 2026 16:23:49 +0200 Message-ID: <20260602142356.169458-4-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX2zDmwh9Ot7Jw o088zebNAyDf07tCGreI/OiRdh3ubqg3mO+bL8nlGoukaNLQO77WLItFLzlHA2Rlqdh5ue6JKH8 9GJaWN4X2P2cXkGQbUItzmvE4vV6sg8H4RXnF7Nzac0M+y4FqfaE8/yCML0Dep46/ElA4gHD3Nr vQXTmh6aqqGxV6FrCq6rVBQwhnvVasMNASmhX4iC5ZTpfrXUp2u6o4oNUhlgX5ckVsOJBcXBBBZ n+XzI69EVbt1F0pjHUWNKWN2nUtHXjuCktQHIJ5Jd8170bHy996LL/7ine6rKDSJtErfV4QehAg BdIPDvSnGiLJEKmpa1ZwWy6TjDplVnTzP6T0VtUOZhakyz87g3/BpdnxJL/7GCnSm6F4ajrpiwk KZnkSf5HQ7Qxujsb35jt1Sdz/0JNjbsi2dDCuTEw09NqenSqRulqcycTiSo6j7/bp9hqR1eBieL 0HMblKdEhTgUQziWAjA== X-Proofpoint-GUID: otKyG6h1jSUA9hL4ll0bQPIaeapZjBwH X-Proofpoint-ORIG-GUID: otKyG6h1jSUA9hL4ll0bQPIaeapZjBwH X-Authority-Analysis: v=2.4 cv=DZknbPtW c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=nBeMyYop4p2-dv3G0y8A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 suspectscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Factor out try_get_locked_pte(), which behaves similarly to get_locked_pte(), but does not attempt to allocate missing tables and performs a spin_trylock() instead of blocking. The new function is also exported, since it will be used in other patches. If intermediate entries are missing, there can be no pte swap entry to free, so it's safe to ignore them. This avoids potentially sleeping while atomic. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/include/asm/gmap_helpers.h | 1 + arch/s390/mm/gmap_helpers.c | 117 ++++++++++++++++----------- 2 files changed, 73 insertions(+), 45 deletions(-) diff --git a/arch/s390/include/asm/gmap_helpers.h b/arch/s390/include/asm/g= map_helpers.h index 2d3ae421077e..d2b616604a46 100644 --- a/arch/s390/include/asm/gmap_helpers.h +++ b/arch/s390/include/asm/gmap_helpers.h @@ -12,5 +12,6 @@ void gmap_helper_zap_one_page(struct mm_struct *mm, unsig= ned long vmaddr); void gmap_helper_discard(struct mm_struct *mm, unsigned long vmaddr, unsig= ned long end); int gmap_helper_disable_cow_sharing(void); void gmap_helper_try_set_pte_unused(struct mm_struct *mm, unsigned long vm= addr); +pte_t *try_get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlo= ck_t **ptl); =20 #endif /* _ASM_S390_GMAP_HELPERS_H */ diff --git a/arch/s390/mm/gmap_helpers.c b/arch/s390/mm/gmap_helpers.c index f8789ffcc05c..396207163ca6 100644 --- a/arch/s390/mm/gmap_helpers.c +++ b/arch/s390/mm/gmap_helpers.c @@ -34,6 +34,70 @@ static void ptep_zap_softleaf_entry(struct mm_struct *mm= , softleaf_t entry) swap_put_entries_direct(entry, 1); } =20 +/** + * try_get_locked_pte() - like get_locked_pte(), but atomic and with trylo= ck + * @mm: the mm + * @vmaddr: the userspace virtual address whose pte is to be found + * @ptl: will be set to the pointer to the lock used to lock the pte in ca= se + * of success. + * + * This function returns the pointer to the pte corresponding to @addr in = @mm, + * similarly to get_locked_pte(). Unlike get_locked_pte(), no attempt is m= ade + * to allocate missing page tables. If a missing or large entry is found, = the + * function will return NULL. If the ptl lock is contended, %-EAGAIN is + * returned. + * + * In case of success, *@ptl will point to the locked pte lock for the ret= urned + * pte, like get_locked_pte() does. + * + * Context: mmap_lock or vma lock for read or for write needs to be held. + * Return: + * * %NULL if the pte cannot be reached. + * * %-EAGAIN if the pte can be reached, but cannot be locked. + * * the pointer to the pte corresponding to @addr in @mm, if it can be re= ached + * and locked. + */ +pte_t *try_get_locked_pte(struct mm_struct *mm, unsigned long vmaddr, spin= lock_t **ptl) +{ + pmd_t *pmdp, pmd, pmdval; + pud_t *pudp, pud; + p4d_t *p4dp, p4d; + pgd_t *pgdp, pgd; + pte_t *ptep; + + pgdp =3D pgd_offset(mm, vmaddr); + pgd =3D pgdp_get(pgdp); + if (pgd_none(pgd) || !pgd_present(pgd)) + return NULL; + p4dp =3D p4d_offset(pgdp, vmaddr); + p4d =3D p4dp_get(p4dp); + if (p4d_none(p4d) || !p4d_present(p4d)) + return NULL; + pudp =3D pud_offset(p4dp, vmaddr); + pud =3D pudp_get(pudp); + if (pud_none(pud) || pud_leaf(pud) || !pud_present(pud)) + return NULL; + pmdp =3D pmd_offset(pudp, vmaddr); + pmd =3D pmdp_get_lockless(pmdp); + if (pmd_none(pmd) || pmd_leaf(pmd) || !pmd_present(pmd)) + return NULL; + ptep =3D pte_offset_map_rw_nolock(mm, pmdp, vmaddr, &pmdval, ptl); + if (!ptep) + return NULL; + + if (spin_trylock(*ptl)) { + if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmdp)))) { + pte_unmap_unlock(ptep, *ptl); + return ERR_PTR(-EAGAIN); + } + return ptep; + } + + pte_unmap(ptep); + return ERR_PTR(-EAGAIN); +} +EXPORT_SYMBOL_GPL(try_get_locked_pte); + /** * gmap_helper_zap_one_page() - discard a page if it was swapped. * @mm: the mm @@ -46,7 +110,7 @@ static void ptep_zap_softleaf_entry(struct mm_struct *mm= , softleaf_t entry) void gmap_helper_zap_one_page(struct mm_struct *mm, unsigned long vmaddr) { struct vm_area_struct *vma; - spinlock_t *ptl; + spinlock_t *ptl; /* Lock for the host (userspace) page table */ pte_t *ptep; =20 mmap_assert_locked(mm); @@ -57,8 +121,8 @@ void gmap_helper_zap_one_page(struct mm_struct *mm, unsi= gned long vmaddr) return; =20 /* Get pointer to the page table entry */ - ptep =3D get_locked_pte(mm, vmaddr, &ptl); - if (unlikely(!ptep)) + ptep =3D try_get_locked_pte(mm, vmaddr, &ptl); + if (IS_ERR_OR_NULL(ptep)) return; if (pte_swap(*ptep)) { ptep_zap_softleaf_entry(mm, softleaf_from_pte(*ptep)); @@ -113,37 +177,9 @@ EXPORT_SYMBOL_GPL(gmap_helper_discard); */ void gmap_helper_try_set_pte_unused(struct mm_struct *mm, unsigned long vm= addr) { - pmd_t *pmdp, pmd, pmdval; - pud_t *pudp, pud; - p4d_t *p4dp, p4d; - pgd_t *pgdp, pgd; spinlock_t *ptl; /* Lock for the host (userspace) page table */ pte_t *ptep; =20 - pgdp =3D pgd_offset(mm, vmaddr); - pgd =3D pgdp_get(pgdp); - if (pgd_none(pgd) || !pgd_present(pgd)) - return; - - p4dp =3D p4d_offset(pgdp, vmaddr); - p4d =3D p4dp_get(p4dp); - if (p4d_none(p4d) || !p4d_present(p4d)) - return; - - pudp =3D pud_offset(p4dp, vmaddr); - pud =3D pudp_get(pudp); - if (pud_none(pud) || pud_leaf(pud) || !pud_present(pud)) - return; - - pmdp =3D pmd_offset(pudp, vmaddr); - pmd =3D pmdp_get_lockless(pmdp); - if (pmd_none(pmd) || pmd_leaf(pmd) || !pmd_present(pmd)) - return; - - ptep =3D pte_offset_map_rw_nolock(mm, pmdp, vmaddr, &pmdval, &ptl); - if (!ptep) - return; - /* * Several paths exists that takes the ptl lock and then call the * mmu_notifier, which takes the mmu_lock. The unmap path, instead, @@ -156,21 +192,12 @@ void gmap_helper_try_set_pte_unused(struct mm_struct = *mm, unsigned long vmaddr) * If the lock is contended the bit is not set and the deadlock is * avoided. */ - if (spin_trylock(ptl)) { - /* - * Make sure the pte we are touching is still the correct - * one. In theory this check should not be needed, but - * better safe than sorry. - * Disabling interrupts or holding the mmap lock is enough to - * guarantee that no concurrent updates to the page tables - * are possible. - */ - if (likely(pmd_same(pmdval, pmdp_get_lockless(pmdp)))) - __atomic64_or(_PAGE_UNUSED, (long *)ptep); - spin_unlock(ptl); - } + ptep =3D try_get_locked_pte(mm, vmaddr, &ptl); + if (IS_ERR_OR_NULL(ptep)) + return; =20 - pte_unmap(ptep); + __atomic64_or(_PAGE_UNUSED, (long *)ptep); + pte_unmap_unlock(ptep, ptl); } EXPORT_SYMBOL_GPL(gmap_helper_try_set_pte_unused); =20 --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D5543EB810; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=RerdTyq5gJtm8lhHQy3jzbGaySV8DNySEjTt53x1WfVuamsU7ZDIuPMQhUFCLdzcQCgGFiKKAmJorww2WfVt5BtUtMwfftfXC28NPjKHSVp0M86VBlDuZnTEP4vkH5YmoYpXvVR0xgO+0TEBhKyoLciD5SDZNaE/WooEPnE405E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=q/4VAZUDR9wKIqDbkUpA49JakPieFRHX1ZGX+F9Tlk8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bGeXxT7BWXMUtOAnnwyga5fRL/dL9NNLmZFMo40ezeD8zzxdKHzWs8/M+Mf4pcyNuy5GcqxA1dt4khuqxMVORFZQVNqvvpJbtXBNFc/nyfjm+lV55EMQpKZqSwR0DN62AspDYuXcurXF7Xxsh0dQN5GtI7/725zRhGBYTixgQpM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=pNkKyB0O; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="pNkKyB0O" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6525WKCq2667091; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Q3ON+ZZRcqGRnrLY+ eHwQpEqFpiLy7qpH+dy3PWXk0Y=; b=pNkKyB0O2QLGgY9lMHABrLlaOzeskZdn8 bjBQAWCr2z6DbfPySu0tGAPWAXkq8VFETMM2ysTNVQNWQCEwvVEsGTdwjpTkq5KY ZG3h3cxkbzABvEa5SIJUFKKrgIr74YBB4EwmwfnxE6C5hG6VD41i5/+dTjWSa4zj dZUpJcQx2B6h+XVKoM/8mCVWQmyDiWZiTuvFtBmW9VvhPlTdxSj4RiGBCmP/I8iq UGzp2So7qHQd7j+93OwvDUR/YWimZ2QNuvDh+BY4qPkIrY1pO/T1T5Yaj9jOug3/ 28zaerK9riowob+tEA5L93TLG0skVXBT516tKatGM0WdtZgtuLujw== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqht5v8v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E95Pu027199; Tue, 2 Jun 2026 14:24:03 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egbqhbgwa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENv8E47776022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A6A4620040; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D82B20043; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 04/10] KVM: s390: Fix guest / virtual address confusion in _essa_clear_cbrl() Date: Tue, 2 Jun 2026 16:23:50 +0200 Message-ID: <20260602142356.169458-5-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BYKxJYus6tVGO9OD7OJnLRe4a6WnT_Db X-Authority-Analysis: v=2.4 cv=fv/sol4f c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=DrbGolfmOjewO6_yJogA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX7Ck8cSZNv6K3 rrTuKKnqMhwgpFoowKuOP0RgIhDZEklFdfhFZfGahCjBGE0IyFNay0KgN34Y+EmS4IxA+zQq1A8 Zs0lEMoZBry6HRQ9QmR+ogLih99rLYsuU2y8N1P1nQH8dtivMIEouPcNFmg5gJcwzJlnQVIORB+ lTuUfWuKV1lJDzEiZOwzmJa5TubobvnyPSGq7nYgKGgUEYBltrY1v5ESlFVovFgO1nMt/MVfive dG2507P5f7aT0q7/Pq/B82LDRbPRoyOv8JILTsgchvW4nxJBPzvmvF87oILbcUHEe5+tBOIc+Gg 6ZPnqTNmkjQd464tLuYO1ClMRKRhOO4W4LEEnzLO/g7RC2bnTTtuR8lAGQ2Sa4YIlQRP1rGjtyo Wn8tzmv8PEjEs0s4hknkkajeVyZLf9GKzjIOFY0D7Z+Y8vMXonXDUzTSatOuaHWtgeuKehk8WHx hxyRMJSVQfZOz9RAXUg== X-Proofpoint-ORIG-GUID: BYKxJYus6tVGO9OD7OJnLRe4a6WnT_Db X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 spamscore=0 phishscore=0 clxscore=1015 impostorscore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Until now, gmap_helper_zap_one_page() was being called with the guest absolute address, but it expects a userspace virtual address. This meant that in the best case the requested pages were not being discarded, and in the worst case that the wrong pages were being discarded. Fix this by converting the guest absolute address to host virtual before passing it to gmap_helper_zap_one_page(). Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/priv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c index cc0553da14cb..447ec7ed423d 100644 --- a/arch/s390/kvm/priv.c +++ b/arch/s390/kvm/priv.c @@ -1188,6 +1188,7 @@ static void _essa_clear_cbrl(struct kvm_vcpu *vcpu, u= nsigned long *cbrl, int len union crste *crstep; union pgste pgste; union pte *ptep; + hva_t hva; int i; =20 lockdep_assert_held(&vcpu->kvm->mmu_lock); @@ -1199,8 +1200,11 @@ static void _essa_clear_cbrl(struct kvm_vcpu *vcpu, = unsigned long *cbrl, int len if (!ptep || ptep->s.pr) continue; pgste =3D pgste_get_lock(ptep); - if (pgste.usage =3D=3D PGSTE_GPS_USAGE_UNUSED || pgste.zero) - gmap_helper_zap_one_page(vcpu->kvm->mm, cbrl[i]); + if (pgste.usage =3D=3D PGSTE_GPS_USAGE_UNUSED || pgste.zero) { + hva =3D gpa_to_hva(vcpu->kvm, cbrl[i]); + if (!kvm_is_error_hva(hva)) + gmap_helper_zap_one_page(vcpu->kvm->mm, hva); + } pgste_set_unlock(ptep, pgste); } } --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01B003ED5DB; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=tgSK5rWcu4j2S2Tv3zb5OXl2790Pos3QZrTtcTpsIGiWtUOf7J1e5W+EOUACEdKTij4UMugzyyLlRiYPk4ugty3qrj27znnEmwzTyj8k+xety7Mo9hkEsaP+Mjpo7DQzy3VM3BrJvTyakKlcFQVfhLealnIB2lqJTSjOzoEJe8w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=rxEq+p7FKrkLf08DNMOVsPgtR8katGipcUDE50aUb6g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=M6NPnlUrKiAPA8g1s9pRN7A1DcXajbWzCKgqJcjtnduRBS5ssBtptld7uY4eLFjPNcOPJCk2reZftLn8qjB8yMI53r4PGBQ5SVRNz8OIyd712cquOejg7O8MKYKrQCYWWlXqxdrI18+6eapZkg+A2fNfYQdbldfk/DhISK6tmrQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=r6b5Y1sV; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="r6b5Y1sV" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6524o71M1956882; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=f/WU64V7khT8NQeX/ zbiYQ9Mor4o7IeReycbOeZvsm0=; b=r6b5Y1sVHTfnORDui5UhhMJj29eBR9g9c NAjOqjERI4uvKQ8MPdSno3Ax71ysWdFecNozZJ9zJUN5d1hTT7zYz+A0G71IrtN6 wA0lmT5m3WbInTaDRRSmQBBrFwhr4U5h2thUib4APeccsDDB3pWlW5gvKfUXKzXY tciklmk/uYnlrIaLI2hT5UyaBBznuIG2kJF9rwBwt6xZpy88lPyhTkm3l3fx7AGp 7Po5RutbTwaCVjILZPJLpT/niun2FLs8fW6P7K8khfKpD+ZJKC5b7thB5RvPGbt0 uHAHvxRBmwG9PqDKgsTDvnX1l/ROFHO23ljMmlsTJSxNBETdGVtlg== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efnahp4gq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652DOIWw007350; Tue, 2 Jun 2026 14:24:03 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egb7k3mpw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENvPT47776024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:58 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D77A820040; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC6002004B; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 05/10] KVM: s390: vsie: Fix rmap handling in _do_shadow_crste() Date: Tue, 2 Jun 2026 16:23:51 +0200 Message-ID: <20260602142356.169458-6-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX40vZu1iuwCEv MmQ7Pi5fwX6hhJeSLL7JJYfXUs+I/7i/hrdR+tDboPREEsLybvU+NtJJsacNhYRrF3KIP6yIkEb cjFyaVSnW+u5VVfawzw1ChNWGPHNTkeDTiAyGWkKGyBtTlrHDFd0OhlYrLpRujNW362CKQ5E80n Xu77drxQOkolZTY3ZRhuS7UfX8ozxdlFOBmhGwUVcb++fDMnC4NkwkBbf8bcSPFYmxy4m5terMG 3RQjT/zEejYLaJMeo5HTiDabwKAgVjpneU5CzPGDrn1dqewGHbayNnY/RIqHYPwJJPeeI2IMxnq FxzOjeEXRobMOTrVKe/0VcuhFuU/Fx10SJ+adxHgHJ32SFfQ3H9g4s6AoCf0HGKCebR1hP9WA/R sl4nu7wQV+5WioTwlctQgW5aocPflPMEDZAXaNqYSzTgpdcHrI/gcfhleFdfphm0oVbh8QhYMaP 8bGKVSH1YY/uDoXVQIw== X-Proofpoint-ORIG-GUID: vzR4yEZjC9kAnVCHbdkvJx2WIbKnShHi X-Authority-Analysis: v=2.4 cv=cOzQdFeN c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=sChW5zZnIGAfqb-v-YwA:9 X-Proofpoint-GUID: vzR4yEZjC9kAnVCHbdkvJx2WIbKnShHi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 priorityscore=1501 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Fix _do_shadow_crste() to also apply a mask on the reverse address, to prevent spurious entries from being created, like already done in gmap_protect_rmap(). Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/gaccess.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 4f8d5592c9a9..20e28b183c1a 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -1466,15 +1466,17 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t = raddr, union crste *host, uni struct guest_fault *f, bool p) { union crste newcrste, oldcrste; - gfn_t gfn; + unsigned long mask; + gfn_t r_gfn; int rc; =20 lockdep_assert_held(&sg->kvm->mmu_lock); lockdep_assert_held(&sg->parent->children_lock); =20 - gfn =3D f->gfn & (is_pmd(*table) ? _SEGMENT_FR_MASK : _REGION3_FR_MASK); + mask =3D is_pmd(*table) ? _SEGMENT_FR_MASK : _REGION3_FR_MASK; + r_gfn =3D gpa_to_gfn(raddr) & mask; scoped_guard(spinlock, &sg->host_to_rmap_lock) - rc =3D gmap_insert_rmap(sg, gfn, gpa_to_gfn(raddr), host->h.tt); + rc =3D gmap_insert_rmap(sg, f->gfn & mask, r_gfn, host->h.tt); if (rc) return rc; =20 @@ -1497,8 +1499,7 @@ static int _do_shadow_crste(struct gmap *sg, gpa_t ra= ddr, union crste *host, uni return -EAGAIN; =20 newcrste =3D _crste_fc1(f->pfn, oldcrste.h.tt, 0, !p); - gfn =3D gpa_to_gfn(raddr); - while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, gfn, s= g->asce)) + while (!dat_crstep_xchg_atomic(table, READ_ONCE(*table), newcrste, r_gfn,= sg->asce)) ; return 0; } --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C64343ECBF1; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=pv+4mCINAWd8Z0ZBs+Yih+Pxrri1zsJdQ69exbG9hEX3GzSu67ik6hW8ACi2AmsRiNgvmgWK3Bc/tf6gyl3R5USYMWyjHB/3tVT74qtQEH+TAKZMrXFJNzw5CgarO0PTAX6vqPBTJWuHhVcCwZgJC+ATYIjz7+o2MKrm/8HHR0o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=qluj3bUF8QXR+D6ZflcYNjuSjTryJaNLsOy7TGOlz40=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WvhQ2Awaecsga0rDv1zp75hy9hAhd767Rb/jn+A82DcyV6RaMWehmlUVHQMEeH8LQLcQHPCL3IzjejR5NPt5opJotHzt3sFD3ShHk3hwiEoBn4PHyuDJ5EsCyALyQXJVczSA8h6FBXoMtTc6Ej6wQL8WqqlaPQgNBeZTSmfydGI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=hKwrWWUr; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="hKwrWWUr" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6523SL3S1502206; Tue, 2 Jun 2026 14:24:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=IE7I1BsQ0hsaDh9I2 YwFkyN3gn6mJlOwx0AUHKHfLSY=; b=hKwrWWUrQmeYs3LgmVg/vNSLrOjrwrMsa VblNOJNazLRREIVuFaWsNYP2bhrluunmuFiRt7StiaEqgkAnazp1VVzcfncMfN0z 6G7DkKh0Gq6M7KgzmTDBaYaS2CbGv7nX+tW5o5Nl+YTdXVK5i3LnwOBZ4P+ECyn+ HUYLH5g4iGaKKhTeRhmKRwRRuPX27EknETBO1UIVyXivfHd8Bj6Le9Cr4gL6qi3N zna9+L0nT1KlwSd56IVElgW8uvMWRjx2IDFNDueeOGqDajXVrHSHvkTVLDDgFtvJ LRoUoYhxAAV0/zNIuitzakjQn+wLuxXMDRZVhbLaKE/lGndmEYXsA== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efnahp4gs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E9DRS026870; Tue, 2 Jun 2026 14:24:04 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egakvur44-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENwK136962782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:58 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 11FAB20040; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DD5C320043; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:57 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 06/10] KVM: s390: Fix fault-in code Date: Tue, 2 Jun 2026 16:23:52 +0200 Message-ID: <20260602142356.169458-7-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX2YqNUfnaRNzx 2rVIHiiXKSSTtS6u89CAN2mJNUc6lyIO3hnCjNwD/brJzpSQJNj76fDAAkppJDbMjGVzJ/RyDR7 v6TGLO3hE66e52/cdBWMG9/AUzeRRzxyMDcMYw15JwyP0jN7GP5fM4VwVnZSDqobnS6ZJyu4M3S uumDmuBjr8Qp2Vbs2CSG/ei1/IFSNo4eHBljzRxhn4FOwg7BlE87trNe2Xw5bPhM5EXafFSMhYd jVPeZXm2CNwOCzglqvAyCkQdkt0fKnoikSJtjXKkleF9v2qgRytP5jy1OZiwh6TxiEzM9O2kQ/G aTGZYAr5ZMtXTiBR1MISXVmUtJOE5scUfsd4eD9IbrNCTfDa7Bh53Yek5/DYQzpoeFPA1MOmOfo xo7UtHoXqmq+E10lBBMwagf63h96aXb+5DEsniA+s51eenD6UXsWbfKqKP7Po3Mf2eEGWjTpu8v FTJF49S85m2Jw9MbQ2A== X-Proofpoint-ORIG-GUID: P4CICLaDc6PaQ1QXcOy285jue3-xdZh_ X-Authority-Analysis: v=2.4 cv=cOzQdFeN c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=p5SjDoQbJD9XZwj20uYA:9 X-Proofpoint-GUID: P4CICLaDc6PaQ1QXcOy285jue3-xdZh_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 priorityscore=1501 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Fix the fault-in code so that it does not return success if a concurrent unmap event invalidated the fault-in process between the best-effort lockless check and the proper check with lock. The new behaviour is to retry, like the best-effort lockless check already did. This prevents the fault-in handler from returning success without having actually faulted in the requested page. Fixes: e907ae530133 ("KVM: s390: Add helper functions for fault handling") Signed-off-by: Claudio Imbrenda Reviewed-by: Steffen Eiden --- arch/s390/kvm/faultin.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/s390/kvm/faultin.c b/arch/s390/kvm/faultin.c index ddf0ca71f374..cf542b0a7e8e 100644 --- a/arch/s390/kvm/faultin.c +++ b/arch/s390/kvm/faultin.c @@ -36,7 +36,8 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct kv= m *kvm, struct guest_fa struct kvm_s390_mmu_cache *mc =3D NULL; struct kvm_memory_slot *slot; unsigned long inv_seq; - int foll, rc =3D 0; + int rc =3D -EAGAIN; + int foll; =20 foll =3D f->write_attempt ? FOLL_WRITE : 0; foll |=3D f->attempt_pfault ? FOLL_NOWAIT : 0; @@ -53,7 +54,7 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct kv= m *kvm, struct guest_fa return 0; } =20 - while (1) { + while (rc =3D=3D -EAGAIN) { f->valid =3D false; inv_seq =3D kvm->mmu_invalidate_seq; /* Pairs with the smp_wmb() in kvm_mmu_invalidate_end(). */ @@ -110,20 +111,19 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struc= t kvm *kvm, struct guest_fa if (!mmu_invalidate_retry_gfn(kvm, inv_seq, f->gfn)) { f->valid =3D true; rc =3D gmap_link(mc, kvm->arch.gmap, f, slot); - kvm_release_faultin_page(kvm, f->page, !!rc, f->write_attempt); - f->page =3D NULL; } + kvm_release_faultin_page(kvm, f->page, !!rc, f->write_attempt); } - kvm_release_faultin_page(kvm, f->page, true, false); =20 if (rc =3D=3D -ENOMEM) { rc =3D kvm_s390_mmu_cache_topup(mc); if (rc) return rc; - } else if (rc !=3D -EAGAIN) { - return rc; + rc =3D -EAGAIN; } } + + return rc; } =20 int kvm_s390_get_guest_page(struct kvm *kvm, struct guest_fault *f, gfn_t = gfn, bool w) --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB3F13BE144; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=D/LBLc2gy+L7LqXZoCyGfgaALvItJn5o4A0sUIQ54PkA08uFYzXGBcPfO/Qk2OHWPgnTeT81k77KIQzgmwNW5KDXzkqJyG6iaEVWqO/w9y6vs/s1laDTML6WBfj3wzV+qvHcozZhZPMdKmexBka465f1pxtOOweIYQaB9DAesGU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=SRo5IBgPJeMhBd66Qkgvhd2/r+7I6kqyIzsB+7f9zvM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AIk5V4QCO27PLGG5niFWxgDT1s0dBbKZ8V919lwYloNFbZvrP824avWU6lD9Jfg0HVFzajp3XuyUiaVcCljWxKAvChAe4/rDNmn3AXdoSuOH0ZDhhC5kAcDQYFZCL91G52An01pArdx4JPzDBiYUl0DHoeAnGj3sgF0gnHj57c0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=oGzXJaUW; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="oGzXJaUW" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 6520RDQ13642169; Tue, 2 Jun 2026 14:24:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=FWfLyhJ6GGIDHWn6o RZIqvW5vDDYDL2zoOflL5hy3jM=; b=oGzXJaUWGuA4qvHqOTYr2ys6dWvV8ThT6 UV9gJEboorQklpkB3FDeDN6iSGufWQa4QgBOh/QPVxkJrZL4FDTZXayxHC1AzeuI js9myCbmVySCpJgLMxxOT+glgbiXNBrwb9+EyB+KoeQNTCBiLs8GxRrhAf0ySuGs 3LQEUPZCw9eeWjkbTImtNLChHtLcg6wXoGpbdKWnkjWvpAcJ3CKnS3dJOAKkWBJD lHvQvBComoCZ7JjLMLfeYPLcZ+Lo8HgTQV3EdqvoFLqlgcXgjR5enteYUibNEgEH 4DXQdfCPVESEzrfFoHB+c3Kk6hHzMxBI+cvtD1drMwnTPX10lLlQw== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efnahp4gr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E9AjD014051; Tue, 2 Jun 2026 14:24:04 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4egcegkcjw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:03 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENwjM36962784 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:58 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 405CF20040; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 17AA12004B; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 07/10] KVM: s390: Lock pte when making page secure Date: Tue, 2 Jun 2026 16:23:53 +0200 Message-ID: <20260602142356.169458-8-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfXwPWpkZJ8AQce bWbvSA5gIOeKRfhAioq8Vpup2fZ+8GiCrSrPyZyl8IPiMVHrSPmL7G/tvcKlWvtA6qfAn2ZBsHe kV1RY9mnzZ3lFf1o7pKUN2W9bgYzoasbFimCLe81upP+GpSEHLzWG4fpO7PGekuRg6Med8u/z9o xtLQxXzVwrfqHIpqGaC2J5SP1Yxv7iXGKa+5Z5UFtNzWLh7R+1E4PVfsBXWJf1FOad0g26jfRZk MiQ+yoxV5wFc6zhYeDm8BHHELV9FwfRuL47ysTSEw71kGu4MbypDtZ3kqfX5Vb7beXs1AC965Em 0jV2p+z8+3LNRA9ba853GuF8EQcBB3lPkYozviyaNOWps99pCxXvGLSq1VVNyZt/YLyguFwe7VM XQOlhb434IkqP6AYtXQ0pBSzGOQixBCMmNsMM7cMZBfUFKNYuSrnpu02FOKEE0eUCeOufE18izD WSsvkSHAW4GAnlxc2gA== X-Proofpoint-ORIG-GUID: Ql_3mSPYC-0-pvfUaRZ25xdQDXoKYPDE X-Authority-Analysis: v=2.4 cv=cOzQdFeN c=1 sm=1 tr=0 ts=6a1ee784 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=MmVNaJ3caS2uU_XaQsUA:9 X-Proofpoint-GUID: Ql_3mSPYC-0-pvfUaRZ25xdQDXoKYPDE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 priorityscore=1501 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Make sure _kvm_s390_pv_make_secure() takes the pte lock for the given address when attempting to make the page secure. One of the steps in making the page secure is freezing the folio using folio_ref_freeze(), which temporarily sets the reference count to 0. Any attempt to get such a folio while frozen will fail and cause a warning to be printed. Other users of folio_ref_freeze() make sure that the page is not mapped while it's being frozen, thus preventing gup functions from being able to access it. For _kvm_s390_pv_make_secure(), this is not possible, because the page needs to be mapped in order for the import to succeed. By taking the pte lock, gup functions will be blocked until the import operation is done, thus avoiding the race. In theory this does not completely solve the issue: if a page is mapped through multiple mappings, locking one pte does not protect from calling gup on it through the other mapping. In practice this does not happen and it is a decent stopgap solution until a more correct solution is available. Signed-off-by: Claudio Imbrenda Fixes: e38c884df921 ("KVM: s390: Switch to new gmap") --- arch/s390/kvm/pv.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/s390/kvm/pv.c b/arch/s390/kvm/pv.c index c2dafd812a3b..4b865e75351c 100644 --- a/arch/s390/kvm/pv.c +++ b/arch/s390/kvm/pv.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "kvm-s390.h" #include "dat.h" #include "gaccess.h" @@ -73,6 +74,7 @@ static bool should_export_before_import(struct uv_cb_head= er *uvcb, struct mm_str struct pv_make_secure { void *uvcb; struct folio *folio; + struct kvm *kvm; int rc; bool needs_export; }; @@ -103,9 +105,21 @@ static void _kvm_s390_pv_make_secure(struct guest_faul= t *f) { struct pv_make_secure *priv =3D f->priv; struct folio *folio; + spinlock_t *ptl; /* pte lock from try_get_locked_pte() */ + pte_t *ptep; =20 folio =3D pfn_folio(f->pfn); priv->rc =3D -EAGAIN; + + if (!mmap_read_trylock(priv->kvm->mm)) + return; + + ptep =3D try_get_locked_pte(priv->kvm->mm, gfn_to_hva(priv->kvm, f->gfn),= &ptl); + if (IS_ERR_VALUE(ptep)) { + priv->rc =3D PTR_ERR(ptep); + goto out; + } + if (folio_trylock(folio)) { priv->rc =3D __kvm_s390_pv_make_secure(f, folio); if (priv->rc =3D=3D -E2BIG || priv->rc =3D=3D -EBUSY) { @@ -114,6 +128,11 @@ static void _kvm_s390_pv_make_secure(struct guest_faul= t *f) } folio_unlock(folio); } + + if (ptep) + pte_unmap_unlock(ptep, ptl); +out: + mmap_read_unlock(priv->kvm->mm); } =20 /** @@ -127,7 +146,7 @@ static void _kvm_s390_pv_make_secure(struct guest_fault= *f) */ int kvm_s390_pv_make_secure(struct kvm *kvm, unsigned long gaddr, void *uv= cb) { - struct pv_make_secure priv =3D { .uvcb =3D uvcb }; + struct pv_make_secure priv =3D { .uvcb =3D uvcb, .kvm =3D kvm, }; struct guest_fault f =3D { .write_attempt =3D true, .gfn =3D gpa_to_gfn(gaddr), --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F76F3EB818; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=T9Epihl0MFU3hDzBmutDO5aNiyuzMirJMnyWoW6Ymm1Co6JNqeWIyQtyik7p4joPoi7iFee+InoU6ZI6pxTQ75XVT/6e6qeoBzXeU/kF8r14+8AzYv9UPckpmfNJm832NydNEHmbfd4IR+diN2UZ5L8d20Al9tI/MKLaiTXvKuo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=u+WMTR9VI7cdLumqI61v3JanMMx/MvZ5PGAdUdRUGNQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TgQY7jeR0DmNH7qfnG4PC02CnJh4mejER3zUSQmQwkBYUKK5z4Xt0Jxz7I5bSDtyAvbgOETYLp038dUemD11Q19maO9l9P1SZeagrRf5128Y0U2ZHM14JOu/joZaf3AyxbZYP8YMu03MgpOUznS/xf1CYcxCKH14SMlW6sn3f+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=KJ3yvcrv; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="KJ3yvcrv" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65250Jc52915119; Tue, 2 Jun 2026 14:24:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=zwh3k6SxurSZOBMfj IGqO/8nnX6mC2btBxG6KgvmqS0=; b=KJ3yvcrvvdo5LL22+i3ukMJRQo2N3Angc x02HLEt3fzXL+3q+/6nyr7yxn7sEOr6g2UK+Ek6L7N6H+j6qbfzGA2ZK3Xwns+VG Po60VL80SLo60zClG048Lxe075kii9oBGGdgqHR2ubRll3t9vvesKA0LEaYaGFvt 0uzEnWA4XTO8c+Yn1YWadXVuRgDOCr/xOkoF78VVQp+ecAwTliINFU+Vv34Aixs4 twFiK9W9Bs64DWbsyd3FqtfL0LwrBj6bYRXu0usbfDIE5MIHsf8HiSr1zaydlu1b Ed16eNjtBuSnawX0mpGCEp3xoEbF561/ojnXi/+1vw7khr/bjD0ag== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqd46dr9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:05 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E95OK015529; Tue, 2 Jun 2026 14:24:04 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4egcwybaap-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENwFK36962786 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:58 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6FBB420040; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 468AF20043; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 08/10] KVM: s390: Prevent memslots outside the ASCE range Date: Tue, 2 Jun 2026 16:23:54 +0200 Message-ID: <20260602142356.169458-9-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfXx1M6mtGQHjYQ cPvFsMS/75/1Vkz4t1G5JIoQNZThtNKRY+AReSTiFalu0axb2N1slOpTqsmXcJjBDzdyicyG8Bs wCjzl/82CmGMejnD1aaFSeZoJbvga9fz/JngTWowSjmH6jEuwm0pAJIwMLZmJTuPNtohltVb7k2 BN05esSzG6DpHVv/wc8/L0caycsxAS2fdqLkwskSmrKoaE4S5RJls0Yaqn4UQn2qvm75wtCi1pa +3c+5+jUl0eZgRLsTNj+kmX50nGwkLUfBTxPrfEdUrkxMlK5b115G2Zyj3WD0HsItZmSDpW/BN5 sxvGH+fVp3c7L0GwbMOSbwdJNyLfYz5+mXo3dYTzxgAOiNpHIhynULlkP83T1D1slKqAHslSW8W gBKEmyxJBKXGU95LBd5XFXdMd8FgS6akorc7+gTFBVtfJUXYMIf3ttWc51cMYn0fGek5OHZh+Jy iRZMhPN4l1NYSqF1Bng== X-Proofpoint-GUID: 5QzxN7wq_B-ilkocnZqqCDq1cw1cRM6o X-Proofpoint-ORIG-GUID: 5QzxN7wq_B-ilkocnZqqCDq1cw1cRM6o X-Authority-Analysis: v=2.4 cv=DZknbPtW c=1 sm=1 tr=0 ts=6a1ee785 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=1rJwsmJvMo9JdAIlmdgA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 suspectscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" With KVM_S390_VM_MEM_LIMIT_SIZE, userspace can set the highest address allowed for the VM. Creating a memslot that lies over the maximum address does not make sense and is only a potential source of bugs. Prevent creation of memslots over the maximum address, and prevent the maximum address from being reduced below the end of existing memslots. Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/kvm-s390.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index e09960c2e6ed..ffb20a64d328 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -999,7 +999,10 @@ static int kvm_s390_set_mem_control(struct kvm *kvm, s= truct kvm_device_attr *att break; } case KVM_S390_VM_MEM_LIMIT_SIZE: { + struct kvm_memslots *slots; + struct kvm_memory_slot *ms; unsigned long new_limit; + int bkt; =20 if (kvm_is_ucontrol(kvm)) return -EINVAL; @@ -1007,6 +1010,9 @@ static int kvm_s390_set_mem_control(struct kvm *kvm, = struct kvm_device_attr *att if (get_user(new_limit, (u64 __user *)attr->addr)) return -EFAULT; =20 + guard(mutex)(&kvm->lock); + + new_limit =3D ALIGN(new_limit, HPAGE_SIZE); if (kvm->arch.mem_limit !=3D KVM_S390_NO_MEM_LIMIT && new_limit > kvm->arch.mem_limit) return -E2BIG; @@ -1014,12 +1020,27 @@ static int kvm_s390_set_mem_control(struct kvm *kvm= , struct kvm_device_attr *att if (!new_limit) return -EINVAL; =20 - ret =3D -EBUSY; - if (!kvm->created_vcpus) - ret =3D gmap_set_limit(kvm->arch.gmap, gpa_to_gfn(new_limit)); + if (kvm->created_vcpus) + return -EBUSY; + + ret =3D 0; + scoped_guard(mutex, &kvm->slots_lock) { + slots =3D kvm_memslots(kvm); + if (slots && !kvm_memslots_empty(slots)) { + kvm_for_each_memslot(ms, bkt, slots) { + if (gpa_to_gfn(new_limit) < ms->base_gfn + ms->npages) { + ret =3D -EBUSY; + break; + } + } + } + if (!ret) + ret =3D gmap_set_limit(kvm->arch.gmap, gpa_to_gfn(new_limit)); + } + if (ret) + break; VM_EVENT(kvm, 3, "SET: max guest address: %lu", new_limit); - VM_EVENT(kvm, 3, "New guest asce: 0x%p", - (void *)kvm->arch.gmap->asce.val); + VM_EVENT(kvm, 3, "New guest asce: 0x%p", (void *)kvm->arch.gmap->asce.va= l); break; } default: @@ -5672,6 +5693,8 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, return -EINVAL; if ((new->base_gfn + new->npages) * PAGE_SIZE > kvm->arch.mem_limit) return -EINVAL; + if (!asce_contains_gfn(kvm->arch.gmap->asce, new->base_gfn + new->npages= - 1)) + return -EINVAL; } =20 if (!kvm->arch.migration_mode) --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5CD53ED3D8; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=OGUr2mTq6w9uEjnjhgVi8oGf44A1S7aIFAwgYKC+VqIQ2HUfAH2MCDCwl6wPnJ7qwUuklA8XBpV87ndsnt1nT+GWjcBvKMmlKF/vOiP+iaTRK3Ci/CbYSjjcmDC0wF0L17GO7gckNor9M5Cly6YeBce7Mbyjgj1ebksZZSgM8eY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=eh8QShNn5lZ5kvXd+kW/b+EZYzJK91vldTMc69dJ9IU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KJFnZ9rDwqL4M7DRgosDXgLrR1qMRIMVXvOfqnC6ypFVU/ix30v0PpKcyNkfw/toHJ4fWHTKGm85nrb+x5o/iGabVKeiCeZvOQoAo49ougqMICJ5ORXQxw2vxgXPS/dIw82yQL/sPiM/ABhaqbbA26467W9f/s3FGhzS4L8BsMo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=doCG4nV9; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="doCG4nV9" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 652A4XjX510186; Tue, 2 Jun 2026 14:24:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=cT/QDVl5i3sXiVxnn EqfsOzk+Ou4rRD8/+N7jayV5wA=; b=doCG4nV9Fa8ClgCILW1zeIFOiTbHmdgKW +OvsRVJ+kuay5NJXTcmxqWTggOWSTmsDRaqrOLJ5sLb5zOBwV+C/mENp1hTB5j7f tLxAsStydELmkk1q2pUsOp2aIQ74JVDPs5vWYxTQ4/2hCJh06Z6m/Wp/R5jbjvUR k0PN2ywKEH9IVZCfT00BbHl+4cdGJ26bw18iJQIe8NOmQpk7O88Wp57oqtzqDGdG 2Dy3ugAhYn1n/lTHtRM5FP/oGYCRLDWPuRkKqE6GAzqsqdKygNmjuoRewwJoCPrN CFB9HJZ4sUQ8Oj2td9tCg9vS4YDPfcAQuCYAotg52KEZ2bydawQag== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efpae5yyd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:05 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652DO8AL007309; Tue, 2 Jun 2026 14:24:04 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egb7k3mq1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENwIG36962790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:58 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E59820040; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 75EFF2004B; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 09/10] KVM: s390: Fix possible reference leak in fault-in code Date: Tue, 2 Jun 2026 16:23:55 +0200 Message-ID: <20260602142356.169458-10-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=Zt3d7d7G c=1 sm=1 tr=0 ts=6a1ee785 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=t-RmA2bz9KeGA92bHnoA:9 X-Proofpoint-GUID: N7txxF8CPC1X1z7FEA9fyJv1SIlgK7bh X-Proofpoint-ORIG-GUID: N7txxF8CPC1X1z7FEA9fyJv1SIlgK7bh X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfX8ZKYDwftVdJt l8IBlmBmC5mSbbrYisVLkKokBR6k60v+cYUOWhRy2mV7dlZMzv6Ul3uWmLTZYvhdX2ZbzZH4rX9 qaQ3GHNZ/ofxhGFXsfTZKBW2Gdc84GZs22fx7mV7BMDf/GzReRXW9KNAGqZxCWckTR/txzWrGwc 4U3Gd1Cy86xRXpqJxzuKjc1dOP9DJEDYUMQ65Rjyd8Zi9rUZTQtrXp4pXjEtlP1R4ZWBYC+Uv8w QCZjAQYFGm0wZP4hGEdspvH5FRhHyPW9kiC2XLiI/Hw5vDIk0AxjqRFIjYNl9JiC+06SHW/SCkt uOArksmQpBd+gJL8zPDG5uj/5oDqI1idjJWMVSwf23vDFKzAiZ3uTF89e7u3ZEUPzsOw9r6/1bw iBvURYPuRFCnV2DI5p5JGdStPCUwJ3LqeIFRhPJj8c/Hk95zx4kFNjcG4owRP5/u3zsFu1JXMSU XC2n01KISQzDDrI2Mbw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 suspectscore=0 priorityscore=1501 bulkscore=0 clxscore=1015 phishscore=0 spamscore=0 malwarescore=0 adultscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" If kvm_s390_new_mmu_cache() fails, kvm_s390_faultin_gfn() returns without releasing the faulted page. Fix this by moving the allocation of the memory cache outside of the loop. There is no reason to check at every iteration. Opportunistically fix a comment. Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/faultin.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/s390/kvm/faultin.c b/arch/s390/kvm/faultin.c index cf542b0a7e8e..fee80047bd94 100644 --- a/arch/s390/kvm/faultin.c +++ b/arch/s390/kvm/faultin.c @@ -54,6 +54,13 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct k= vm *kvm, struct guest_fa return 0; } =20 + if (!mc) { + local_mc =3D kvm_s390_new_mmu_cache(); + if (!local_mc) + return -ENOMEM; + mc =3D local_mc; + } + while (rc =3D=3D -EAGAIN) { f->valid =3D false; inv_seq =3D kvm->mmu_invalidate_seq; @@ -94,14 +101,7 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct = kvm *kvm, struct guest_fa if (is_error_pfn(f->pfn)) return -EFAULT; =20 - if (!mc) { - local_mc =3D kvm_s390_new_mmu_cache(); - if (!local_mc) - return -ENOMEM; - mc =3D local_mc; - } - - /* Loop, will automatically release the faulted page. */ + /* Loop, release the faulted page. */ if (mmu_invalidate_retry_gfn_unsafe(kvm, inv_seq, f->gfn)) { kvm_release_faultin_page(kvm, f->page, true, false); continue; --=20 2.54.0 From nobody Mon Jun 8 04:24:52 2026 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E18123ED3AF; Tue, 2 Jun 2026 14:24:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; cv=none; b=dq2YnKIAM0iH6qf9dCe0ditbwVjbV7StA/duDr5n4pqOiP/oaEwG/qpM7urJ8BbqlYdI1uIH9O4rdaZLnMfG0KkiQ2MWzaGhUmvWSkTmUfYknUlLizunZNBZK/U7noZ+QY3c5dZqDnHPoFS4/LKUtP93QF3h9Ejz3KQGp3uFV38= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780410249; c=relaxed/simple; bh=1kycnoBb6zMW1dCK9pPTA3MFg+MKXjsWEBZ7O7MFldU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VnFIRzJkr9euq2hW0I4AiCq08WwTWgsScXetu9q7ubFjdvJwJgRgaqQz9ZnMpk240RX8ETfWcLrbR8vh8+ZhCZe/8CHDg5rO0O/0/h7z27BADz651p2rJsKQlu1ploO3q3gD/xAQFeSRIeUYHmL5L7stP7a9V83iApxxHmT61L4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=FuK2K89Q; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="FuK2K89Q" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65280HZg2118330; Tue, 2 Jun 2026 14:24:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=3mFRcDIES0Wygdzgm w9D1J32vRwcqdCkwOIUwOsy9Uk=; b=FuK2K89QJ+xvawHdivo+sMrTmZHt0x5Z8 V4vQgdpqI4Dcr6SP4wWGrm0qia5xEp0787XERvSQ7fOLgDeyvHApJzXDMqrtycA1 5UekVjRP2WPRbvK9yNc5BimVaRWfTSlYoqxY3Ezykl9eIi17IJ5w75wlUvYlH16c eA0P5iSrfs+Kr88uaeuoYkPdlijsldFqmz0HDXdxR9LGNO1wPf7KepPMExAV2Kww U3CmJs2MWMolEEvR26x6T56OvsPcuFXhkxZjcKCOJ0NysR4EMFhk6YwlEZMDqh48 tWVXZPDfCG1/iQ6DOhu34VZRgXFxYFGX+631O1J2QfqcXREOzy+9Q== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4efqd46drc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:05 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 652E967w026810; Tue, 2 Jun 2026 14:24:04 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4egakvur47-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2026 14:24:04 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 652ENwIv36962792 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Jun 2026 14:23:59 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CD3F320040; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A48E420043; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) Received: from p-imbrenda.aag-de.ibm.com (unknown [9.52.223.175]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 2 Jun 2026 14:23:58 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com Subject: [PATCH v3 10/10] KVM: s390: Remove ptep_zap_softleaf_entry() Date: Tue, 2 Jun 2026 16:23:56 +0200 Message-ID: <20260602142356.169458-11-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260602142356.169458-1-imbrenda@linux.ibm.com> References: <20260602142356.169458-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjAyMDEzNiBTYWx0ZWRfXyUgap/Gni44x sLxukxw0AuxZxZ+DYs8T4M5arJ8TslOXlgZmtH8ejWdPb+sgAhfCKjQMXiMtANXEDE09E6nVZr9 sOsHhmD9moyeqI3FjccMciiB69FYy4PHQnvwj7fttRdCCTwbK4cmV1ex05B65wCGIskgKQyCbAB 5yPqD+J9lz/cXxNkHhRQtVsDjbCcNVDLNaefWoF+ALQqziX3O9DZXTJWyiXRs+idEyQUfYsw3q1 KB5krv2H/pJuNe6c+S6aeNQIswBTlW3wU4J353waIB4nAqIK7rgLu/zveFRQUxhNbu07Kn0MVJE VwK+mN0FOE+fWk2BibKba0gEUVv4LOLRLkmAZNnQomrjUBejic6wb7d4ImIe0OhEGaGC22ql6Ke TC/5KORsMT26jVrDwUsp5tq1JlTsTMjbNB0cvCov0gfxTavptxThXhcaUGyjqEwBS9UBC5XsuD1 cBvpFTg//hTKlP3uKeQ== X-Proofpoint-GUID: i09K8kAfgNqkg2FBT86fn8elWGH2bAa_ X-Proofpoint-ORIG-GUID: i09K8kAfgNqkg2FBT86fn8elWGH2bAa_ X-Authority-Analysis: v=2.4 cv=DZknbPtW c=1 sm=1 tr=0 ts=6a1ee786 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=LFT47s6f9hPNm4szaaUA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-02_02,2026-05-28_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 suspectscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605210000 definitions=main-2606020136 Content-Type: text/plain; charset="utf-8" Migration entries do not need to be removed. The swap subsystem has been (and still is being) heavily reworked. The current implementation of ptep_zap_softleaf_entry() has been slowly modified and is now wrong, since it unconditionally calls swap_put_entries_direct() for both swap and migration entries. Remove ptep_zap_softleaf_entry() altogether, merge the path for proper swap entries directly in the only caller, and ignore migration entries. Fixes: 200197908dc4 ("KVM: s390: Refactor and split some gmap helpers") Signed-off-by: Claudio Imbrenda --- arch/s390/mm/gmap_helpers.c | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/arch/s390/mm/gmap_helpers.c b/arch/s390/mm/gmap_helpers.c index 396207163ca6..1cfe4724fbe2 100644 --- a/arch/s390/mm/gmap_helpers.c +++ b/arch/s390/mm/gmap_helpers.c @@ -16,24 +16,6 @@ #include #include =20 -/** - * ptep_zap_softleaf_entry() - discard a software leaf entry. - * @mm: the mm - * @entry: the software leaf entry that needs to be zapped - * - * Discards the given software leaf entry. If the leaf entry was an actual - * swap entry (and not a migration entry, for example), the actual swapped - * page is also discarded from swap. - */ -static void ptep_zap_softleaf_entry(struct mm_struct *mm, softleaf_t entry) -{ - if (softleaf_is_swap(entry)) - dec_mm_counter(mm, MM_SWAPENTS); - else if (softleaf_is_migration(entry)) - dec_mm_counter(mm, mm_counter(softleaf_to_folio(entry))); - swap_put_entries_direct(entry, 1); -} - /** * try_get_locked_pte() - like get_locked_pte(), but atomic and with trylo= ck * @mm: the mm @@ -111,6 +93,7 @@ void gmap_helper_zap_one_page(struct mm_struct *mm, unsi= gned long vmaddr) { struct vm_area_struct *vma; spinlock_t *ptl; /* Lock for the host (userspace) page table */ + softleaf_t sl; pte_t *ptep; =20 mmap_assert_locked(mm); @@ -124,8 +107,10 @@ void gmap_helper_zap_one_page(struct mm_struct *mm, un= signed long vmaddr) ptep =3D try_get_locked_pte(mm, vmaddr, &ptl); if (IS_ERR_OR_NULL(ptep)) return; - if (pte_swap(*ptep)) { - ptep_zap_softleaf_entry(mm, softleaf_from_pte(*ptep)); + sl =3D softleaf_from_pte(*ptep); + if (pte_swap(*ptep) && softleaf_is_swap(sl)) { + dec_mm_counter(mm, MM_SWAPENTS); + swap_put_entries_direct(sl, 1); pte_clear(mm, vmaddr, ptep); } pte_unmap_unlock(ptep, ptl); --=20 2.54.0