Re: [GIT PULL v1 09/17] KVM: s390: Document the KVM_CAP_S390_HPAGE_2G capability

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] Missing mutual exclusivity check between KVM_CAP_S390_HPAGE_2G and KVM_S390_VM_MEM_ENABLE_CMMA allows conflicting features, leading to silent loss of CMMA state.
--

commit d788facb209d12a096219ba2f554a3019dcb380e
Author: Claudio Imbrenda <imbrenda@linux.ibm.com>

KVM: s390: Document the KVM_CAP_S390_HPAGE_2G capability
    
Document the KVM_CAP_S390_HPAGE_2G capability, which behaves very
similarly to the existing KVM_CAP_S390_HPAGE_1M.

> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index e7998feaa940b..dfde0bfcbce61 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
[ ... ]
> @@ -8905,6 +8905,21 @@ helpful if user space wants to emulate instructions which are not
>  This capability can be enabled dynamically even if VCPUs were already
>  created and are running.
>  
> +7.47 KVM_CAP_S390_HPAGE_2G
> +--------------------------
> +
> +:Architectures: s390
> +:Parameters: none
> +:Returns: 0 on success; -EINVAL if hpage_2g module parameter was not set,
> +          cmma is enabled, or the VM has the KVM_VM_S390_UCONTROL
> +          flag set; -EBUSY if vCPUs were already created for the VM.
> +
> +With this capability the KVM support for memory backing with 2g pages
> +through hugetlbfs can be enabled for a VM. After the capability is
> +enabled, cmma can't be enabled anymore and pfmfi and the storage key

[Severity: High]
This is a pre-existing issue, but does the implementation actually enforce
this restriction when enabling CMMA?

Looking at arch/s390/kvm/kvm-s390.c:kvm_s390_set_mem_control(), when
KVM_S390_VM_MEM_ENABLE_CMMA is called:

	else {
		kvm->arch.use_cmma = 1;
		/* Not compatible with cmma. */
		kvm->arch.use_pfmfi = 0;
		ret = 0;
	}

It appears it sets kvm->arch.use_cmma = 1 without verifying if
GMAP_FLAG_ALLOW_HPAGE_2G (or 1M) has already been enabled in the gmap flags.
If userspace enables the 2G hugepage capability first and subsequently calls
the KVM_S390_VM_MEM_ENABLE_CMMA ioctl, could this allow conflicting features?

When both are enabled, the MMU table walker (_dat_walk_gfn_range) skips over
huge pages during CMMA operations, which might lead to CMMA state for
hugepages being silently lost. Could this cause guest memory corruption or
incorrect functional behavior during live migration?

> +interpretation are disabled. If cmma has already been enabled or the
> +hpage_2g module parameter is not set to 1, -EINVAL is returned.
> +
>  8. Other capabilities.
>  ======================
>

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260615124243.187614-1-imbrenda@linux.ibm.com?part=9