From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A4341F09AD for ; Mon, 24 Nov 2025 17:17:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764004643; cv=none; b=pbUtroK4wjZRjlovnLQpmaHgQ9qeVz+tOFy8AwhRYXP9Q6Xor5+CMVFF1Ur9tkJoesr7lI9fe4OA8QaSkqPWElp/JLb+pRkV+yeNxzlO5cXH5sOjrtGIsGD74N2LugshNFla3GUd3QYUzx3rgGijJzx8s9RkTw6lsP91WWRru2w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764004643; c=relaxed/simple; bh=CxVkhFGjLTnRmm1x2tRvqPJ6+UPSpMtjQafFd4Cjyac=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a6sWkjl7GX3X1WG06PUwT3K2nDzPZNdlQoUQv1pFxC4Nhk4yG3AqqON+cYvIlkIPDEHsKp4Luw4VzQU8Ys4kuPwLtex+lpy6KA01tNB0a75WS9Wm0bLc9F6/7MA2hZurQgtj9F48x+jNRlxsJmdLChn01FzBO5OiiouHyGF7FYk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mZcUcE4B; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mZcUcE4B" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 678C2C4CEF1; Mon, 24 Nov 2025 17:17:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1764004642; bh=CxVkhFGjLTnRmm1x2tRvqPJ6+UPSpMtjQafFd4Cjyac=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mZcUcE4Btytf+3doCobfeKpiYhTUN6jAp1ZHYvjs6AKF5Cx+JA1HGgIu/OzhbFTAb it0jD6bwxHLbwV9/DJfpOEtujnTVNPKevuhpsUVuisJtDjnxJqgjWxjfK5K0sh5bqj DqA1JgHK7fhP9BzJ8GvPcKTeGwh0DwgH93Lo2VkA5RS3S3FgDM4WUTu2LfE+uPuW31 WMCwU2UJ65eQj7/c6WT7+13Y2defsTUB5+7S6NgACYxIaiNQIjyEjTOXvKDelnvS0W 1QWERj6imDUxSLWRTNMTgfbN0HvS86awvHNk0Yl45nVIf5Tp5af2UNQnu1sUG66gq7 z9gbJFeBeSVWg== From: Sasha Levin To: stable@vger.kernel.org Cc: Heiko Carstens , Gerald Schaefer , Sasha Levin Subject: [PATCH 6.12.y 3/3] s390/mm: Fix __ptep_rdp() inline assembly Date: Mon, 24 Nov 2025 12:17:19 -0500 Message-ID: <20251124171719.4158053-3-sashal@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251124171719.4158053-1-sashal@kernel.org> References: <2025112418-impish-remix-d936@gregkh> <20251124171719.4158053-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Heiko Carstens [ Upstream commit 31475b88110c4725b4f9a79c3a0d9bbf97e69e1c ] When a zero ASCE is passed to the __ptep_rdp() inline assembly, the generated instruction should have the R3 field of the instruction set to zero. However the inline assembly is written incorrectly: for such cases a zero is loaded into a register allocated by the compiler and this register is then used by the instruction. This means that selected TLB entries may not be flushed since the specified ASCE does not match the one which was used when the selected TLB entries were created. Fix this by removing the asce and opt parameters of __ptep_rdp(), since all callers always pass zero, and use a hard-coded register zero for the R3 field. Fixes: 0807b856521f ("s390/mm: add support for RDP (Reset DAT-Protection)") Cc: stable@vger.kernel.org Reviewed-by: Gerald Schaefer Signed-off-by: Heiko Carstens Signed-off-by: Sasha Levin --- arch/s390/include/asm/pgtable.h | 12 +++++------- arch/s390/mm/pgtable.c | 4 ++-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h index 4714640f0c403..2e97010ea2ec2 100644 --- a/arch/s390/include/asm/pgtable.h +++ b/arch/s390/include/asm/pgtable.h @@ -1110,17 +1110,15 @@ static inline pte_t pte_mkhuge(pte_t pte) #define IPTE_NODAT 0x400 #define IPTE_GUEST_ASCE 0x800 -static __always_inline void __ptep_rdp(unsigned long addr, pte_t *ptep, - unsigned long opt, unsigned long asce, - int local) +static __always_inline void __ptep_rdp(unsigned long addr, pte_t *ptep, int local) { unsigned long pto; pto = __pa(ptep) & ~(PTRS_PER_PTE * sizeof(pte_t) - 1); - asm volatile(".insn rrf,0xb98b0000,%[r1],%[r2],%[asce],%[m4]" + asm volatile(".insn rrf,0xb98b0000,%[r1],%[r2],%%r0,%[m4]" : "+m" (*ptep) - : [r1] "a" (pto), [r2] "a" ((addr & PAGE_MASK) | opt), - [asce] "a" (asce), [m4] "i" (local)); + : [r1] "a" (pto), [r2] "a" (addr & PAGE_MASK), + [m4] "i" (local)); } static __always_inline void __ptep_ipte(unsigned long address, pte_t *ptep, @@ -1304,7 +1302,7 @@ static inline void flush_tlb_fix_spurious_fault(struct vm_area_struct *vma, * A local RDP can be used to do the flush. */ if (cpu_has_rdp() && !(pte_val(*ptep) & _PAGE_PROTECT)) - __ptep_rdp(address, ptep, 0, 0, 1); + __ptep_rdp(address, ptep, 1); } #define flush_tlb_fix_spurious_fault flush_tlb_fix_spurious_fault diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c index b03c665d72426..8eba28b9975fe 100644 --- a/arch/s390/mm/pgtable.c +++ b/arch/s390/mm/pgtable.c @@ -293,9 +293,9 @@ void ptep_reset_dat_prot(struct mm_struct *mm, unsigned long addr, pte_t *ptep, preempt_disable(); atomic_inc(&mm->context.flush_count); if (cpumask_equal(mm_cpumask(mm), cpumask_of(smp_processor_id()))) - __ptep_rdp(addr, ptep, 0, 0, 1); + __ptep_rdp(addr, ptep, 1); else - __ptep_rdp(addr, ptep, 0, 0, 0); + __ptep_rdp(addr, ptep, 0); /* * PTE is not invalidated by RDP, only _PAGE_PROTECT is cleared. That * means it is still valid and active, and must not be changed according -- 2.51.0