From: Sasha Levin <sashal@kernel.org>
Date: Wed, 16 Apr 2025 15:18:52 +0000 (-0400)
Subject: Fixes for 6.12
X-Git-Tag: v6.12.24~93
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4620b173ccece0efa9a18d8f6449b9f4f3416ef4;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 6.12

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-6.12/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch b/queue-6.12/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch
new file mode 100644
index 0000000000..7767efb128
--- /dev/null
+++ b/queue-6.12/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch
@@ -0,0 +1,70 @@
+From ebf6c0726697b825f0526564feec45d23b8b67c7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Feb 2025 13:07:45 +0100
+Subject: s390/pci: Fix s390_mmio_read/write syscall page fault handling
+
+From: Niklas Schnelle <schnelle@linux.ibm.com>
+
+[ Upstream commit 41a0926e82f4963046876ed9a1b5f681be8087a8 ]
+
+The s390 MMIO syscalls when using the classic PCI instructions do not
+cause a page fault when follow_pfnmap_start() fails due to the page not
+being present. Besides being a general deficiency this breaks vfio-pci's
+mmap() handling once VFIO_PCI_MMAP gets enabled as this lazily maps on
+first access. Fix this by following a failed follow_pfnmap_start() with
+fixup_user_page() and retrying the follow_pfnmap_start(). Also fix
+a VM_READ vs VM_WRITE mixup in the read syscall.
+
+Link: https://lore.kernel.org/r/20250226-vfio_pci_mmap-v7-1-c5c0f1d26efd@linux.ibm.com
+Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/s390/pci/pci_mmio.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/arch/s390/pci/pci_mmio.c b/arch/s390/pci/pci_mmio.c
+index de5c0b389a3ec..4779c3cb6cfab 100644
+--- a/arch/s390/pci/pci_mmio.c
++++ b/arch/s390/pci/pci_mmio.c
+@@ -171,8 +171,12 @@ SYSCALL_DEFINE3(s390_pci_mmio_write, unsigned long, mmio_addr,
+ 	args.address = mmio_addr;
+ 	args.vma = vma;
+ 	ret = follow_pfnmap_start(&args);
+-	if (ret)
+-		goto out_unlock_mmap;
++	if (ret) {
++		fixup_user_fault(current->mm, mmio_addr, FAULT_FLAG_WRITE, NULL);
++		ret = follow_pfnmap_start(&args);
++		if (ret)
++			goto out_unlock_mmap;
++	}
+ 
+ 	io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) |
+ 			(mmio_addr & ~PAGE_MASK));
+@@ -305,14 +309,18 @@ SYSCALL_DEFINE3(s390_pci_mmio_read, unsigned long, mmio_addr,
+ 	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
+ 		goto out_unlock_mmap;
+ 	ret = -EACCES;
+-	if (!(vma->vm_flags & VM_WRITE))
++	if (!(vma->vm_flags & VM_READ))
+ 		goto out_unlock_mmap;
+ 
+ 	args.vma = vma;
+ 	args.address = mmio_addr;
+ 	ret = follow_pfnmap_start(&args);
+-	if (ret)
+-		goto out_unlock_mmap;
++	if (ret) {
++		fixup_user_fault(current->mm, mmio_addr, 0, NULL);
++		ret = follow_pfnmap_start(&args);
++		if (ret)
++			goto out_unlock_mmap;
++	}
+ 
+ 	io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) |
+ 			(mmio_addr & ~PAGE_MASK));
+-- 
+2.39.5
+
diff --git a/queue-6.12/series b/queue-6.12/series
index e0e548dd5a..8c96ee0860 100644
--- a/queue-6.12/series
+++ b/queue-6.12/series
@@ -162,3 +162,4 @@ pwm-fsl-ftm-handle-clk_get_rate-returning-0.patch
 erofs-set-error-to-bio-if-file-backed-io-fails.patch
 bpf-support-skf_net_off-and-skf_ll_off-on-skb-frags.patch
 ext4-don-t-treat-fhandle-lookup-of-ea_inode-as-fs-co.patch
+s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch