From 23181fe519e2de7b833892ffed235e4b45684f7c Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Wed, 16 Apr 2025 11:18:52 -0400
Subject: [PATCH] Fixes for 6.13

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...0_mmio_read-write-syscall-page-fault.patch | 70 +++++++++++++++++++
 queue-6.13/series                             |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 queue-6.13/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch

diff --git a/queue-6.13/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch b/queue-6.13/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch
new file mode 100644
index 0000000000..971fdc9f88
--- /dev/null
+++ b/queue-6.13/s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch
@@ -0,0 +1,70 @@
+From eb22121bb5923ba6109ad4b7172c4b1c9ef2f836 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Feb 2025 13:07:45 +0100
+Subject: s390/pci: Fix s390_mmio_read/write syscall page fault handling
+
+From: Niklas Schnelle <schnelle@linux.ibm.com>
+
+[ Upstream commit 41a0926e82f4963046876ed9a1b5f681be8087a8 ]
+
+The s390 MMIO syscalls when using the classic PCI instructions do not
+cause a page fault when follow_pfnmap_start() fails due to the page not
+being present. Besides being a general deficiency this breaks vfio-pci's
+mmap() handling once VFIO_PCI_MMAP gets enabled as this lazily maps on
+first access. Fix this by following a failed follow_pfnmap_start() with
+fixup_user_page() and retrying the follow_pfnmap_start(). Also fix
+a VM_READ vs VM_WRITE mixup in the read syscall.
+
+Link: https://lore.kernel.org/r/20250226-vfio_pci_mmap-v7-1-c5c0f1d26efd@linux.ibm.com
+Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/s390/pci/pci_mmio.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/arch/s390/pci/pci_mmio.c b/arch/s390/pci/pci_mmio.c
+index 46f99dc164ade..1997d9b7965df 100644
+--- a/arch/s390/pci/pci_mmio.c
++++ b/arch/s390/pci/pci_mmio.c
+@@ -175,8 +175,12 @@ SYSCALL_DEFINE3(s390_pci_mmio_write, unsigned long, mmio_addr,
+ 	args.address = mmio_addr;
+ 	args.vma = vma;
+ 	ret = follow_pfnmap_start(&args);
+-	if (ret)
+-		goto out_unlock_mmap;
++	if (ret) {
++		fixup_user_fault(current->mm, mmio_addr, FAULT_FLAG_WRITE, NULL);
++		ret = follow_pfnmap_start(&args);
++		if (ret)
++			goto out_unlock_mmap;
++	}
+ 
+ 	io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) |
+ 			(mmio_addr & ~PAGE_MASK));
+@@ -315,14 +319,18 @@ SYSCALL_DEFINE3(s390_pci_mmio_read, unsigned long, mmio_addr,
+ 	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
+ 		goto out_unlock_mmap;
+ 	ret = -EACCES;
+-	if (!(vma->vm_flags & VM_WRITE))
++	if (!(vma->vm_flags & VM_READ))
+ 		goto out_unlock_mmap;
+ 
+ 	args.vma = vma;
+ 	args.address = mmio_addr;
+ 	ret = follow_pfnmap_start(&args);
+-	if (ret)
+-		goto out_unlock_mmap;
++	if (ret) {
++		fixup_user_fault(current->mm, mmio_addr, 0, NULL);
++		ret = follow_pfnmap_start(&args);
++		if (ret)
++			goto out_unlock_mmap;
++	}
+ 
+ 	io_addr = (void __iomem *)((args.pfn << PAGE_SHIFT) |
+ 			(mmio_addr & ~PAGE_MASK));
+-- 
+2.39.5
+
diff --git a/queue-6.13/series b/queue-6.13/series
index 11a881e41d..b14ca3630e 100644
--- a/queue-6.13/series
+++ b/queue-6.13/series
@@ -170,3 +170,4 @@ pwm-stm32-search-an-appropriate-duty_cycle-if-period.patch
 erofs-set-error-to-bio-if-file-backed-io-fails.patch
 bpf-support-skf_net_off-and-skf_ll_off-on-skb-frags.patch
 ext4-don-t-treat-fhandle-lookup-of-ea_inode-as-fs-co.patch
+s390-pci-fix-s390_mmio_read-write-syscall-page-fault.patch
-- 
2.47.3