<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/arch/s390, branch v7.2-rc1</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-06-25T17:21:13+00:00</updated>
<entry>
<title>Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm</title>
<updated>2026-06-25T17:21:13+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-25T17:21:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=c75597caada080effbfbc0a7fb10dc2a3bb543ad'/>
<id>urn:sha1:c75597caada080effbfbc0a7fb10dc2a3bb543ad</id>
<content type='text'>
Pull kvm fixes from Paolo Bonzini:
 "s390:

   - Fix S390_USER_OPEREXEC so it can now be enabled regardless of other
     unrelated capabilities

   - Fix handling of the _PAGE_UNUSED pte bit that could lead to guest
     memory corruption in some scenarios

   - A bunch of misc gmap fixes (locking, behaviour under memory
     pressure)

   - Fix CMMA dirty tracking

  x86:

   - Tidy up some WARN_ON() and BUG_ON(), replacing them with
     WARN_ON_ONCE() or KVM_BUG_ON(). All of these have obviously never
     triggered, or somebody would have been annoyed earlier, but still...

   - Fix missing interrupt due to stale CR8 intercept

   - Add a statistic that can come in handy to debug leaks as well as
     the vulnerability to a class of recently-discovered issues

   - Do not ask arch/x86/kernel to export
     default_cpu_present_to_apicid() just for KVM"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (22 commits)
  x86/apic: KVM: Use cpu_physical_id() to get APIC ID of running vCPU for AVIC
  KVM: x86/mmu: Expose number of shadow MMU shadow pages as a stat
  KVM: x86: Unconditionally recompute CR8 intercept on PPR update
  KVM: VMX: Grab vmcs12 on CR8 interception update iff vCPU is in guest mode
  KVM: x86: WARN (once) if RTC pending EOI tracking goes off the rails
  KVM: x86: WARN and fail kvm_set_irq() if a PIC or I/O APIC vector is invalid
  KVM: x86: Bug the VM, not the kernel, if the ISR count {under,over}flows
  KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs
  KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
  KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with get_unaligned()
  KVM: s390: Return failure in case of failure in kvm_s390_set_cmma_bits()
  KVM: s390: selftests: Fix cmma selftest
  KVM: s390: Fix cmma dirty tracking
  KVM: s390: Fix locking in kvm_s390_set_mem_control()
  KVM: s390: Fix handle_{sske,pfmf} under memory pressure
  KVM: s390: Fix code typo in gmap_protect_asce_top_level()
  KVM: s390: Do not set special large pages dirty
  KVM: s390: Fix dat_peek_cmma() overflow
  s390/mm: Fix handling of _PAGE_UNUSED pte bit
  KVM: s390: Fix typo in UCONTROL documentation
  ...
</content>
</entry>
<entry>
<title>Merge tag 'kvm-s390-next-7.2-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD</title>
<updated>2026-06-24T11:41:41+00:00</updated>
<author>
<name>Paolo Bonzini</name>
<email>pbonzini@redhat.com</email>
</author>
<published>2026-06-24T11:40:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=91b16b53a08c3684ea2b0ad3cbf8ecd48c0f8b77'/>
<id>urn:sha1:91b16b53a08c3684ea2b0ad3cbf8ecd48c0f8b77</id>
<content type='text'>
* Fix S390_USER_OPEREXEC so it can now be enabled regardless of other
  unrelated capabilities

* Fix handling of the _PAGE_UNUSED pte bit that could lead to guest
  memory corruption in some scenarios

* A bunch of misc gmap fixes (locking, behaviour under memory pressure)

* Fix CMMA dirty tracking
</content>
</entry>
<entry>
<title>KVM: s390: Return failure in case of failure in kvm_s390_set_cmma_bits()</title>
<updated>2026-06-24T08:08:57+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=babe08404e1993697a523e60bc0f9d096ffe1ef8'/>
<id>urn:sha1:babe08404e1993697a523e60bc0f9d096ffe1ef8</id>
<content type='text'>
If the allocation of the bits array failed, kvm_s390_set_cmma_bits()
would return 0 instead of an error code.

Rework the function to use the __free() macros and thus simplify the
code flow; when the above mentioned allocation fails, simply return
-ENOMEM.

Fixes: e38c884df921 ("KVM: s390: Switch to new gmap")
Reviewed-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-10-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Fix cmma dirty tracking</title>
<updated>2026-06-24T08:08:57+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=6cfd47f91f6aa3bcf9fe15388be52feb4b180440'/>
<id>urn:sha1:6cfd47f91f6aa3bcf9fe15388be52feb4b180440</id>
<content type='text'>
It is possible that some guest memory areas have not been touched yet
when starting migration mode, and thus have no ptes allocated. Only
existing and allocated ptes should count toward the total of dirty cmma
entries.

When starting migration mode, enable the migration_mode flag
immediately, so that any subsequent ESSA will trap in the host and
cause cmma_dirty_pages to be increased as needed.
Subsequently, set the cmma_d bit on all existing cmma-clean PGSTEs,
increasing cmma_dirty_pages as needed. Skipping cmma-dirty pages
prevents double counting.

Conversely, when disabling migration mode, set cmma_dirty_pages to 0
and clear the cmma_d bit in all existing PGSTEs.

The invariant is that when migration mode is off, no PGSTE has its
cmma_d bit set, and cmma_dirty_pages is 0. kvm-&gt;slots_lock protects
kvm_s390_vm_start_migration() and kvm_s390_vm_stop_migration() from
each other and from kvm_s390_get_cmma_bits().

Also fix dat_get_cmma() to properly wrap around if the first attempt
reached the end of guest memory without finding cmma-dirty pages.

[ imbrenda: Moved kvm_s390_sync_request_broadcast() before gmap_set_cmma_all_dirty() ]

Fixes: e38c884df921 ("KVM: s390: Switch to new gmap")
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-8-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Fix locking in kvm_s390_set_mem_control()</title>
<updated>2026-06-24T08:08:57+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=9b0bf9b93cbff50764713b62d0f38d5238eea8c8'/>
<id>urn:sha1:9b0bf9b93cbff50764713b62d0f38d5238eea8c8</id>
<content type='text'>
Add the missing locking around dat_reset_cmma().

Fixes: e38c884df921 ("KVM: s390: Switch to new gmap")
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-7-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Fix handle_{sske,pfmf} under memory pressure</title>
<updated>2026-06-24T08:08:57+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2bd74dce0814acc382cfd6903ec902fdcd7b0fed'/>
<id>urn:sha1:2bd74dce0814acc382cfd6903ec902fdcd7b0fed</id>
<content type='text'>
Under heavy memory pressure, handle_sske() and handle_pfmf() might
cause an endless loop if the mmu cache runs empty, the atomic
allocations fail, and the top-up function also fails. While quite
unlikely, that scenario is not impossible.

Fix the issue by not ignoring the return value of
kvm_s390_mmu_cache_topup(), and appropriately returning an error code
in case of failure.

Fixes: e38c884df921 ("KVM: s390: Switch to new gmap")
Reviewed-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-6-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Fix code typo in gmap_protect_asce_top_level()</title>
<updated>2026-06-24T08:08:56+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=6e976afdfeafeb48f002b977823f67c6a3dd70a0'/>
<id>urn:sha1:6e976afdfeafeb48f002b977823f67c6a3dd70a0</id>
<content type='text'>
The correct length to pass to kvm_s390_get_guest_pages() is asce.tl + 1,
not asce.dt + 1. It was a typo, which, due to fortuitous circumstances,
did not cause bugs. It should nonetheless be fixed.

Fixes: e5f98a6899bd ("KVM: s390: Add some helper functions needed for vSIE")
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-5-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Do not set special large pages dirty</title>
<updated>2026-06-24T08:08:56+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=e6c9b322c8cb3c08270f05e2faabd7c0cc82f809'/>
<id>urn:sha1:e6c9b322c8cb3c08270f05e2faabd7c0cc82f809</id>
<content type='text'>
Special pages / folios should not be set dirty. This also applies to
large pages.

Add a missing check in gmap_clear_young_crste() to prevent setting the
large page dirty if it is a special page.

Fixes: a2c17f9270cc ("KVM: s390: New gmap code")
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-4-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>KVM: s390: Fix dat_peek_cmma() overflow</title>
<updated>2026-06-24T08:08:56+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=7a386efcb2bf986e0c9011e92a78aed0870b08cf'/>
<id>urn:sha1:7a386efcb2bf986e0c9011e92a78aed0870b08cf</id>
<content type='text'>
If userspace passes a start address that is out of bounds,
_dat_walk_gfn_range() will fail with -EFAULT, but state.end will not be
touched and will stay 0. This will cause *count to underflow and report
a very high number, and the function will end up erroneously reporting
success.

Fix by only setting *count if the end address is not smaller than the
starting address. This way invalid starting addresses will correctly
return -EFAULT and *count will correctly indicate that no values have
been returned.

Fixes: 7b368470e1a4 ("KVM: s390: KVM page table management functions: CMMA")
Reviewed-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-3-imbrenda@linux.ibm.com&gt;
</content>
</entry>
<entry>
<title>s390/mm: Fix handling of _PAGE_UNUSED pte bit</title>
<updated>2026-06-24T08:08:56+00:00</updated>
<author>
<name>Claudio Imbrenda</name>
<email>imbrenda@linux.ibm.com</email>
</author>
<published>2026-06-23T15:33:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=d4bb00704a66024502261fa7a523c07420249fea'/>
<id>urn:sha1:d4bb00704a66024502261fa7a523c07420249fea</id>
<content type='text'>
The _PAGE_UNUSED softbit should not really be lying around. Its sole
purpose is to signal to try_to_unmap_one() and try_to_migrate_one()
that the page can be discarded instead of being moved / swapped.

KVM has no way to know why a page is being unmapped, so it sets the bit
on userspace ptes corresponding to unused guest pages every time they
get unmapped. KVM has no reasonable way to clear the bit once the page
is in use again.

While set_ptes() checks and clears the bit, other paths that set new
ptes did not. This led to used pages being thrown out as if they were
unused, causing guest corruption.

Fix the issue by clearing the _PAGE_UNUSED bit for present ptes in
set_pte(), i.e. whenever a present pte is getting set. The check in
set_ptes() is then redundant and can be removed.

Also fix gmap_helper_try_set_pte_unused() to only set the bit if the
pte is present; the _PAGE_UNUSED bit is only defined for present ptes
and thus should not be set for non-present ptes.

Fixes: c98175b7917f ("KVM: s390: Add gmap_helper_set_unused()")
Acked-by: Heiko Carstens &lt;hca@linux.ibm.com&gt;
Signed-off-by: Claudio Imbrenda &lt;imbrenda@linux.ibm.com&gt;
Message-ID: &lt;20260623153331.233784-2-imbrenda@linux.ibm.com&gt;
</content>
</entry>
</feed>
