From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B9013B9D98; Fri, 19 Jun 2026 15:52:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781884332; cv=none; b=gig1YqsCeRRnW+jEJd87RQ9y50viwqFd885fU9gH0+vrOoQDLytsLf1X0Isf23i4Mh3sZAywIGD53zId5EvnC6BiBcaTApIcon9oEoQ6C6ut7ax9IQ8uA+xvHqp7vZawYiYu8Jh/hOZVW2VseYnMiMoW7X/mv7NVcHdh9hhHnak= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781884332; c=relaxed/simple; bh=okAOvLQ4y0eY/fwgkvGuuxb8NOEPB30eyMm9tizr6DQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=t6xDwFQAAIFPa0iC5M3maDqSw8oNw9vJ1bOAdSu5H0STMcuiFTUtS5HvhxLGrPCu581/yKjm2u8EW33mCB6R1oYrEEYM5MK7x7zh5wEcJL9yZF8z6zC1EklMFa1RqcLfSlQg87OrF+eRjec8m21yJFoYUHXrhsWdKJzmQw4+BWo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=pC53+zR8; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="pC53+zR8" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65JDIDOn2415582; Fri, 19 Jun 2026 15:52:02 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=VlM7qhGlAWkChpNhk 2d/9oqxLbUmFTK4zaaRixCZd1I=; b=pC53+zR8XTr/Bbek9tUM1Id2dEWHLmvB7 mTxADXNL9T+phd9eAA9gQLrJaEQImjpSG2HWsOMdxh4gCOO4DUsrxwPDmy3ka3Wk q/T7acEp1iSEbHCdf1qwIOpQOf7rRCnfIaCBcj2dvz9/zhlFxEB+sCrvYYlTKgWl PIXnKq+7gzymoNUPyZsvcEp/kZLSvWD2I3hRcFqYzrfuzjbAbAhB/kSqseA8gEb/ 5D3MG1S3Blw3aSkfszzIeqctXdCA5MdgS9cdSVwY3wK+zsATT1j/AokbvU/PsabE CxUT6usWjGZWU+XZPztLVg0ILkBwTwLGo+92XgQQiScDjikKQM7DQ== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqtxgxp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Jun 2026 15:52:01 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65JFnipa003405; Fri, 19 Jun 2026 15:52:01 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ev1729hky-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Jun 2026 15:52:00 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65JFpvT013763030 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 19 Jun 2026 15:51:57 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 501622004E; Fri, 19 Jun 2026 15:51:57 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 437BA20040; Fri, 19 Jun 2026 15:51:56 +0000 (GMT) Received: from p-imbrenda.ibmuc.com (unknown [9.111.54.29]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 19 Jun 2026 15:51:56 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@kernel.org, seiden@linux.ibm.com, nrb@linux.ibm.com, schlameuss@linux.ibm.com, gra@linux.ibm.com, hca@linux.ibm.com, gerald.schaefer@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com, svens@linux.ibm.com Subject: [PATCH v4 1/7] s390/mm: Fix handling of _PAGE_UNUSED pte bit Date: Fri, 19 Jun 2026 17:51:48 +0200 Message-ID: <20260619155154.307572-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260619155154.307572-1-imbrenda@linux.ibm.com> References: <20260619155154.307572-1-imbrenda@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-s390@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: FxIqyg3UJ2kIe7IKkqa2R05lpDziVXcR X-Proofpoint-GUID: FxIqyg3UJ2kIe7IKkqa2R05lpDziVXcR X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE5MDE1MCBTYWx0ZWRfX+AW9NYVkRX/R 9a+aNvp+civd9VKURag+/4fg5NdkbJOqA1DYiXtSfXkVyeOx1jT9Gb6W1U6IYw0zp/kHck3j9ZV 6MfjiP8wBCalNCNZ1CyOI5QTKIDv07PaFexeIFupgJ3y9OHe/B7iG1/hHJF5OK6OxhAtnG7IYsX yNk9AWdYqW3EAcLezc/9hUn9a2m6u593A4A8bRKwarrvzRm6dgqZSXAEjrvdCm+frYWLxeY4b7a ePz2jsESHTEzfYyjnnIH7IdYRYUU56cn0Mml6Lilr3SwRIPFcpOX6Uqvwu7EFaXdth2ta4zoAy3 z8ptaQrOnSgV/37wEfuMnPLlz+yormxyab2WbHqCUF+TxpMdaDwZbhKCfmw/SvZYXI4JNaoJI0Y oGuEcJSqt8d+SwQU7mg8zx1fcG1G9RFXcgtrVY/QvKq1Rj4G1bjEoAoZzxFEk8nwj+i1FS0fBwX MhXxLSgJPuLsvSO6eAw== X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE5MDE1MCBTYWx0ZWRfX9ew9tWmDbHO9 LPjPaTgx45c4m7yJ7ilZ6SQNtfQCGbZMjKTdm5gcpovheCbtMBV+NofIEpH4UFz+l7YqxGaMWgd 3ZGuhg2tDa+oohkL1Ur4zSBXYmvEano= X-Authority-Analysis: v=2.4 cv=B4KJFutM c=1 sm=1 tr=0 ts=6a3565a1 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=BXoTXrUDSLvzEcKRN5AA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-19_03,2026-06-18_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 phishscore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606190150 The _PAGE_UNUSED softbit should not really be lying around. Its sole purpose is to signal to try_to_unmap_one() and try_to_migrate_one() that the page can be discarded instead of being moved / swapped. KVM has no way to know why a page is being unmapped, so it sets the bit on userspace ptes corresponding to unused guest pages every time they get unmapped. KVM has no reasonable way to clear the bit once the page is in use again. While set_ptes() checks and clears the bit, other paths that set new ptes did not. This led to used pages being thrown out as if they were unused, causing guest corruption. Fix the issue by clearing the _PAGE_UNUSED bit for present ptes in set_pte(), i.e. whenever a present pte is getting set. The check in set_ptes() is then redundant and can be removed. Also fix gmap_helper_try_set_pte_unused() to only set the bit if the pte is present; the _PAGE_UNUSED bit is only defined for present ptes and thus should not be set for non-present ptes. Signed-off-by: Claudio Imbrenda Fixes: c98175b7917f ("KVM: s390: Add gmap_helper_set_unused()") Acked-by: Heiko Carstens --- arch/s390/include/asm/pgtable.h | 4 ++-- arch/s390/mm/gmap_helpers.c | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h index ca376a9b8e41..d03663483f76 100644 --- a/arch/s390/include/asm/pgtable.h +++ b/arch/s390/include/asm/pgtable.h @@ -980,6 +980,8 @@ static inline void set_pmd(pmd_t *pmdp, pmd_t pmd) static inline void set_pte(pte_t *ptep, pte_t pte) { + if (pte_present(pte)) + pte = clear_pte_bit(pte, __pgprot(_PAGE_UNUSED)); WRITE_ONCE(*ptep, pte); } @@ -1332,8 +1334,6 @@ pgprot_t pgprot_writecombine(pgprot_t prot); static inline void set_ptes(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t entry, unsigned int nr) { - if (pte_present(entry)) - entry = clear_pte_bit(entry, __pgprot(_PAGE_UNUSED)); page_table_check_ptes_set(mm, addr, ptep, entry, nr); for (;;) { set_pte(ptep, entry); diff --git a/arch/s390/mm/gmap_helpers.c b/arch/s390/mm/gmap_helpers.c index 1cfe4724fbe2..60023b6fdcb1 100644 --- a/arch/s390/mm/gmap_helpers.c +++ b/arch/s390/mm/gmap_helpers.c @@ -181,7 +181,8 @@ void gmap_helper_try_set_pte_unused(struct mm_struct *mm, unsigned long vmaddr) if (IS_ERR_OR_NULL(ptep)) return; - __atomic64_or(_PAGE_UNUSED, (long *)ptep); + if (pte_present(*ptep)) + __atomic64_or(_PAGE_UNUSED, (long *)ptep); pte_unmap_unlock(ptep, ptl); } EXPORT_SYMBOL_GPL(gmap_helper_try_set_pte_unused); -- 2.54.0