On Mon, Nov 24, 2025 at 12:17:19PM -0500, Sasha Levin wrote:
From: Heiko Carstens hca@linux.ibm.com
[ Upstream commit 31475b88110c4725b4f9a79c3a0d9bbf97e69e1c ]
When a zero ASCE is passed to the __ptep_rdp() inline assembly, the generated instruction should have the R3 field of the instruction set to zero. However the inline assembly is written incorrectly: for such cases a zero is loaded into a register allocated by the compiler and this register is then used by the instruction.
This means that selected TLB entries may not be flushed since the specified ASCE does not match the one which was used when the selected TLB entries were created.
Fix this by removing the asce and opt parameters of __ptep_rdp(), since all callers always pass zero, and use a hard-coded register zero for the R3 field.
Fixes: 0807b856521f ("s390/mm: add support for RDP (Reset DAT-Protection)") Cc: stable@vger.kernel.org Reviewed-by: Gerald Schaefer gerald.schaefer@linux.ibm.com Signed-off-by: Heiko Carstens hca@linux.ibm.com Signed-off-by: Sasha Levin sashal@kernel.org
arch/s390/include/asm/pgtable.h | 12 +++++------- arch/s390/mm/pgtable.c | 4 ++-- 2 files changed, 7 insertions(+), 9 deletions(-)
...
@@ -1304,7 +1302,7 @@ static inline void flush_tlb_fix_spurious_fault(struct vm_area_struct *vma, * A local RDP can be used to do the flush. */ if (cpu_has_rdp() && !(pte_val(*ptep) & _PAGE_PROTECT))
__ptep_rdp(address, ptep, 0, 0, 1);
__ptep_rdp(address, ptep, 1);}
I don't think it makes too much sense to backport only two of the many cpu_has_xxx() conversion patches just to avoid the minimal difference in context for this patch. From my point of view this puts the stable branch into an inconsistent state wrt s390 and cpu features - old and new interfaces are mixed.
I will provide a different stable backport patch which addresses only the context diff. Then you can decide.