<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/s390/crypto, branch master</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge tag 's390-7.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux</title>
<updated>2026-07-04T16:28:45+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-07-04T16:28:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7404ce51637231382873d0b55edabc2f3b841a9d'/>
<id>7404ce51637231382873d0b55edabc2f3b841a9d</id>
<content type='text'>
Pull s390 fixes from Vasily Gorbik:

 - Fix PKEY_VERIFYPROTK ioctl key type handling by removing the generic
   key-length based type check with its wrong bit-size calculation, and
   leaving protected key verification to the pkey handler

 - Fix monwriter buffer reuse by rejecting records that change the data
   length, preventing out of bounds user copy into the kernel buffer

* tag 's390-7.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/monwriter: Reject buffer reuse with different data length
  pkey: Move keytype check from pkey api to handler
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull s390 fixes from Vasily Gorbik:

 - Fix PKEY_VERIFYPROTK ioctl key type handling by removing the generic
   key-length based type check with its wrong bit-size calculation, and
   leaving protected key verification to the pkey handler

 - Fix monwriter buffer reuse by rejecting records that change the data
   length, preventing out of bounds user copy into the kernel buffer

* tag 's390-7.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/monwriter: Reject buffer reuse with different data length
  pkey: Move keytype check from pkey api to handler
</pre>
</div>
</content>
</entry>
<entry>
<title>Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (c files)</title>
<updated>2026-07-03T05:38:17+00:00</updated>
<author>
<name>Uwe Kleine-König (The Capable Hub)</name>
<email>u.kleine-koenig@baylibre.com</email>
</author>
<published>2026-06-30T09:24:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=995832b2cebe6969d1b42635db698803ee31294d'/>
<id>995832b2cebe6969d1b42635db698803ee31294d</id>
<content type='text'>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>pkey: Move keytype check from pkey api to handler</title>
<updated>2026-07-01T15:10:53+00:00</updated>
<author>
<name>Holger Dengler</name>
<email>dengler@linux.ibm.com</email>
</author>
<published>2026-06-23T14:20:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=754e9e49b76fd5be339172aa98544182ed3ca75e'/>
<id>754e9e49b76fd5be339172aa98544182ed3ca75e</id>
<content type='text'>
The PKEY_VERIFYPROTK ioctl takes data from user-space and verifies the
contained protected key. While checking the integrity of the ioctl
request structure is the responsibility of the generic pkey_api code,
the verification of the contained protected key is the responsibility
of the pkey handler.

The keytype verification (based on the calculated bitsize of the key)
is part of the protected key verification and therefore the
responsibility of the pkey handler (which already verifies
it). Therefore the keytype verification is removed from the generic
pkey_api code.

As the calculation of the key bitsize is currently wrong, the removal
of the keytype check in pkey_api also removes this wrong
calculation. For this reason, the commit is flagged with the Fixes:
tag.

Cc: stable@kernel.org # 6.12+
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reviewed-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
Signed-off-by: Vasily Gorbik &lt;gor@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The PKEY_VERIFYPROTK ioctl takes data from user-space and verifies the
contained protected key. While checking the integrity of the ioctl
request structure is the responsibility of the generic pkey_api code,
the verification of the contained protected key is the responsibility
of the pkey handler.

The keytype verification (based on the calculated bitsize of the key)
is part of the protected key verification and therefore the
responsibility of the pkey handler (which already verifies
it). Therefore the keytype verification is removed from the generic
pkey_api code.

As the calculation of the key bitsize is currently wrong, the removal
of the keytype check in pkey_api also removes this wrong
calculation. For this reason, the commit is flagged with the Fixes:
tag.

Cc: stable@kernel.org # 6.12+
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reviewed-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
Signed-off-by: Vasily Gorbik &lt;gor@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/pkey: Check length in pkey_pckmo handler implementation</title>
<updated>2026-06-19T12:51:08+00:00</updated>
<author>
<name>Holger Dengler</name>
<email>dengler@linux.ibm.com</email>
</author>
<published>2026-06-17T17:06:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1ac287e2af9a9112fe271427ef45eceb26bce8b4'/>
<id>1ac287e2af9a9112fe271427ef45eceb26bce8b4</id>
<content type='text'>
Explicitly check the length of the target buffer in the pkey_pckmo
implementation of the key_to_protkey() handler function. The handler
function fails, if the generated output data exceeds the length of the
provided target buffer.

Cc: stable@vger.kernel.org
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reported-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Explicitly check the length of the target buffer in the pkey_pckmo
implementation of the key_to_protkey() handler function. The handler
function fails, if the generated output data exceeds the length of the
provided target buffer.

Cc: stable@vger.kernel.org
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reported-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/pkey: Check length in PKEY_VERIFYPROTK ioctl</title>
<updated>2026-06-19T12:51:08+00:00</updated>
<author>
<name>Holger Dengler</name>
<email>dengler@linux.ibm.com</email>
</author>
<published>2026-06-15T15:39:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b3d4ab2d7df9426f7f1d3671d7e2108f2ca6e970'/>
<id>b3d4ab2d7df9426f7f1d3671d7e2108f2ca6e970</id>
<content type='text'>
Explicitly check the buffer length request structure provided by
user-space and fail, if it exceeds the buffer size.

Cc: stable@vger.kernel.org
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reported-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Explicitly check the buffer length request structure provided by
user-space and fail, if it exceeds the buffer size.

Cc: stable@vger.kernel.org
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Reported-by: Christian Borntraeger &lt;borntraeger@linux.ibm.com&gt;
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Signed-off-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/ap: Fix locking issue in SE bind and associate sysfs functions</title>
<updated>2026-06-09T17:33:00+00:00</updated>
<author>
<name>Harald Freudenberger</name>
<email>freude@linux.ibm.com</email>
</author>
<published>2026-06-03T13:04:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7ecac01cf1c094a55c687572bbc874f75e15eb84'/>
<id>7ecac01cf1c094a55c687572bbc874f75e15eb84</id>
<content type='text'>
Revisit and reorganize the locking and lock coverage of the
ap-&gt;lock spinlock as used in the two sysfs functions
se_bind_store() and se_associate_store().

A kernel run reported a possible deadlock situation, caused by
holding the spinlock (ap-&gt;lock) while triggering a uevent.
The fix rearranges the code protected by the spinlock by excluding
the uevent invocation, which does not require protection.

Additionally, the start of the protected region is moved earlier
to cover more lines, ensuring a consistent view of the AP queue
state between reading and updating its struct fields.

	=====================================================
	WARNING: SOFTIRQ-safe -&gt; SOFTIRQ-unsafe lock order detected
	7.1.0-20260601.rc6.git12.516b5dbd4d4a.300.fc44.s390x+debug #1 Not tainted
	-----------------------------------------------------
	setupseguest.sh/11034 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
	000001c991f498e8 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x5a/0x6d0
	and this task is already holding:
	000000c4a1a12378 (&amp;aq-&gt;lock){+.-.}-{2:2}, at: se_bind_store+0x96/0x3a0
	which would create a new lock dependency:
	 (&amp;aq-&gt;lock){+.-.}-{2:2} -&gt; (fs_reclaim){+.+.}-{0:0}
	but this new dependency connects a SOFTIRQ-irq-safe lock:
	 (&amp;aq-&gt;lock){+.-.}-{2:2}
	... which became SOFTIRQ-irq-safe at:
	  __lock_acquire+0x5ae/0x15a0
	  lock_acquire+0x14c/0x400
	  _raw_spin_lock_bh+0x58/0xb0
	  ap_tasklet_fn+0x72/0xd0
	  tasklet_action_common+0x174/0x1b0
	  handle_softirqs+0x180/0x5c0
	  irq_exit_rcu+0x196/0x200
	  do_ext_irq+0x12a/0x4d0
	  ext_int_handler+0xc6/0xf0
	  folio_zero_user+0x1c6/0x240
	  folio_zero_user+0x182/0x240
	  vma_alloc_anon_folio_pmd+0xa0/0x1d0
	  __do_huge_pmd_anonymous_page+0x3a/0x200
	  __handle_mm_fault+0x56c/0x590
	  handle_mm_fault+0xa2/0x370
	  do_exception+0x292/0x590
	  __do_pgm_check+0x136/0x3e0
	  pgm_check_handler+0x114/0x160
	to a SOFTIRQ-irq-unsafe lock:
	 (fs_reclaim){+.+.}-{0:0}
	... which became SOFTIRQ-irq-unsafe at:
	...
	  __lock_acquire+0x5ae/0x15a0
	  lock_acquire+0x14c/0x400
	  __fs_reclaim_acquire+0x44/0x50
	  fs_reclaim_acquire+0xbe/0x100
	  fs_reclaim_correct_nesting+0x20/0x70
	  dotest+0x5e/0x148
	  locking_selftest+0x2854/0x2a88
	  start_kernel+0x3b2/0x4f0
	  startup_continue+0x2e/0x40
	other info that might help us debug this:
	 Possible interrupt unsafe locking scenario:
	       CPU0                    CPU1
	       ----                    ----
	  lock(fs_reclaim);
				       local_irq_disable();
				       lock(&amp;aq-&gt;lock);
				       lock(fs_reclaim);
	  &lt;Interrupt&gt;
	    lock(&amp;aq-&gt;lock);
	 *** DEADLOCK ***
	4 locks held by setupseguest.sh/11034:
	 #0: 000000c485d01440 (sb_writers#4){.+.+}-{0:0}, at: vfs_write+0x2fc/0x380
	 #1: 000000c4d2283288 (&amp;of-&gt;mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x12a0x270
	 #2: 000000c4a1830e48 (kn-&gt;active#172){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1e/0x270
	 #3: 000000c4a1a12378 (&amp;aq-&gt;lock){+.-.}-{2:2}, at: se_bind_store+0x96/0x3a0
	the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
	-&gt; (&amp;aq-&gt;lock){+.-.}-{2:2} {
	   HARDIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    _raw_spin_lock_bh+0x58/0xb0
			    ap_queue_init_state+0x2e/0x50
			    ap_scan_domains+0x5d6/0x620
			    ap_scan_adapter+0x4c0/0x810
			    ap_scan_bus+0x70/0x350
			    ap_scan_bus_wq_callback+0x56/0x80
			    process_one_work+0x2ba/0x820
			    worker_thread+0x21a/0x400
			    kthread+0x164/0x190
			    __ret_from_fork+0x4c/0x340
			    ret_from_fork+0xa/0x30
	   IN-SOFTIRQ-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    _raw_spin_lock_bh+0x58/0xb0
			    ap_tasklet_fn+0x72/0xd0
			    tasklet_action_common+0x174/0x1b0
			    handle_softirqs+0x180/0x5c0
			    irq_exit_rcu+0x196/0x200
			    do_ext_irq+0x12a/0x4d0
			    ext_int_handler+0xc6/0xf0
			    folio_zero_user+0x1c6/0x240
			    folio_zero_user+0x182/0x240
			    vma_alloc_anon_folio_pmd+0xa0/0x1d0
			    __do_huge_pmd_anonymous_page+0x3a/0x200
			    __handle_mm_fault+0x56c/0x590
			    handle_mm_fault+0xa2/0x370
			    do_exception+0x292/0x590
			    __do_pgm_check+0x136/0x3e0
			    pgm_check_handler+0x114/0x160
	   INITIAL USE at:
			   __lock_acquire+0x5ae/0x15a0
			   lock_acquire+0x14c/0x400
			   _raw_spin_lock_bh+0x58/0xb0
			   ap_queue_init_state+0x2e/0x50
			   ap_scan_domains+0x5d6/0x620
			   ap_scan_adapter+0x4c0/0x810
			   ap_scan_bus+0x70/0x350
			   ap_scan_bus_wq_callback+0x56/0x80
			   process_one_work+0x2ba/0x820
			   worker_thread+0x21a/0x400
			   kthread+0x164/0x190
			   __ret_from_fork+0x4c/0x340
			   ret_from_fork+0xa/0x30
	 }
	 ... key      at: [&lt;000001c9936e8aa0&gt;] __key.7+0x0/0x10
	the dependencies between the lock to be acquired
	 and SOFTIRQ-irq-unsafe lock:
	-&gt; (fs_reclaim){+.+.}-{0:0} {
	   HARDIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    __fs_reclaim_acquire+0x44/0x50
			    fs_reclaim_acquire+0xbe/0x100
			    fs_reclaim_correct_nesting+0x20/0x70
			    dotest+0x5e/0x148
			    locking_selftest+0x2854/0x2a88
			    start_kernel+0x3b2/0x4f0
			    startup_continue+0x2e/0x40
	   SOFTIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    __fs_reclaim_acquire+0x44/0x50
			    fs_reclaim_acquire+0xbe/0x100
			    fs_reclaim_correct_nesting+0x20/0x70
			    dotest+0x5e/0x148
			    locking_selftest+0x2854/0x2a88
			    start_kernel+0x3b2/0x4f0
			    startup_continue+0x2e/0x40
	   INITIAL USE at:
			   __lock_acquire+0x5ae/0x15a0
			   lock_acquire+0x14c/0x400
			   __fs_reclaim_acquire+0x44/0x50
			   fs_reclaim_acquire+0xbe/0x100
			   fs_reclaim_correct_nesting+0x20/0x70
			   dotest+0x5e/0x148
			   locking_selftest+0x2854/0x2a88
			   start_kernel+0x3b2/0x4f0
			   startup_continue+0x2e/0x40
	 }
	 ... key      at: [&lt;000001c991f498e8&gt;] __fs_reclaim_map+0x0/0x30
	 ... acquired at:
	   check_prev_add+0x178/0xf40
	   __lock_acquire+0x12aa/0x15a0
	   lock_acquire+0x14c/0x400
	   __fs_reclaim_acquire+0x44/0x50
	   fs_reclaim_acquire+0xbe/0x100
	   __kmalloc_cache_noprof+0x5a/0x6d0
	   kobject_uevent_env+0xd4/0x420
	   ap_send_se_bind_uevent+0x48/0x70
	   se_bind_store+0x146/0x3a0
	   kernfs_fop_write_iter+0x18c/0x270
	   vfs_write+0x23c/0x380
	   ksys_write+0x88/0x120
	   __do_syscall+0x170/0x750
	   system_call+0x72/0x90
	stack backtrace:
	CPU: 6 UID: 0 PID: 11034 Comm: setupseguest.sh Not tainted 7.1.0-20260601.rc6.git2.516b5dbd4d4a.300.fc44.s390x+debug #1 PREEMPT
	Hardware name: IBM 9175 ME1 701 (KVM/Linux)
	Call Trace:
	 [&lt;000001c98ffa0a7e&gt;] dump_stack_lvl+0xae/0x108
	 [&lt;000001c9900a6d7a&gt;] print_bad_irq_dependency+0x47a/0x480
	 [&lt;000001c9900a7184&gt;] check_irq_usage+0x404/0x4c0
	 [&lt;000001c9900a73b8&gt;] check_prev_add+0x178/0xf40
	 [&lt;000001c9900aaf1a&gt;] __lock_acquire+0x12aa/0x15a0
	 [&lt;000001c9900ab35c&gt;] lock_acquire+0x14c/0x400
	 [&lt;000001c9903be454&gt;] __fs_reclaim_acquire+0x44/0x50
	 [&lt;000001c9903be51e&gt;] fs_reclaim_acquire+0xbe/0x100
	 [&lt;000001c9903cf4ca&gt;] __kmalloc_cache_noprof+0x5a/0x6d0
	 [&lt;000001c9910ca9d4&gt;] kobject_uevent_env+0xd4/0x420
	 [&lt;000001c990d84098&gt;] ap_send_se_bind_uevent+0x48/0x70
	 [&lt;000001c990d87416&gt;] se_bind_store+0x146/0x3a0
	 [&lt;000001c99057da7c&gt;] kernfs_fop_write_iter+0x18c/0x270
	 [&lt;000001c99047712c&gt;] vfs_write+0x23c/0x380
	 [&lt;000001c990477438&gt;] ksys_write+0x88/0x120
	 [&lt;000001c9910f64e0&gt;] __do_syscall+0x170/0x750
	 [&lt;000001c99110a412&gt;] system_call+0x72/0x90
	INFO: lockdep is turned off.

Fixes: 4179c3984227 ("s390/ap: Implement SE bind and associate uevents")
Reported-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Suggested-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Reviewed-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Revisit and reorganize the locking and lock coverage of the
ap-&gt;lock spinlock as used in the two sysfs functions
se_bind_store() and se_associate_store().

A kernel run reported a possible deadlock situation, caused by
holding the spinlock (ap-&gt;lock) while triggering a uevent.
The fix rearranges the code protected by the spinlock by excluding
the uevent invocation, which does not require protection.

Additionally, the start of the protected region is moved earlier
to cover more lines, ensuring a consistent view of the AP queue
state between reading and updating its struct fields.

	=====================================================
	WARNING: SOFTIRQ-safe -&gt; SOFTIRQ-unsafe lock order detected
	7.1.0-20260601.rc6.git12.516b5dbd4d4a.300.fc44.s390x+debug #1 Not tainted
	-----------------------------------------------------
	setupseguest.sh/11034 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
	000001c991f498e8 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x5a/0x6d0
	and this task is already holding:
	000000c4a1a12378 (&amp;aq-&gt;lock){+.-.}-{2:2}, at: se_bind_store+0x96/0x3a0
	which would create a new lock dependency:
	 (&amp;aq-&gt;lock){+.-.}-{2:2} -&gt; (fs_reclaim){+.+.}-{0:0}
	but this new dependency connects a SOFTIRQ-irq-safe lock:
	 (&amp;aq-&gt;lock){+.-.}-{2:2}
	... which became SOFTIRQ-irq-safe at:
	  __lock_acquire+0x5ae/0x15a0
	  lock_acquire+0x14c/0x400
	  _raw_spin_lock_bh+0x58/0xb0
	  ap_tasklet_fn+0x72/0xd0
	  tasklet_action_common+0x174/0x1b0
	  handle_softirqs+0x180/0x5c0
	  irq_exit_rcu+0x196/0x200
	  do_ext_irq+0x12a/0x4d0
	  ext_int_handler+0xc6/0xf0
	  folio_zero_user+0x1c6/0x240
	  folio_zero_user+0x182/0x240
	  vma_alloc_anon_folio_pmd+0xa0/0x1d0
	  __do_huge_pmd_anonymous_page+0x3a/0x200
	  __handle_mm_fault+0x56c/0x590
	  handle_mm_fault+0xa2/0x370
	  do_exception+0x292/0x590
	  __do_pgm_check+0x136/0x3e0
	  pgm_check_handler+0x114/0x160
	to a SOFTIRQ-irq-unsafe lock:
	 (fs_reclaim){+.+.}-{0:0}
	... which became SOFTIRQ-irq-unsafe at:
	...
	  __lock_acquire+0x5ae/0x15a0
	  lock_acquire+0x14c/0x400
	  __fs_reclaim_acquire+0x44/0x50
	  fs_reclaim_acquire+0xbe/0x100
	  fs_reclaim_correct_nesting+0x20/0x70
	  dotest+0x5e/0x148
	  locking_selftest+0x2854/0x2a88
	  start_kernel+0x3b2/0x4f0
	  startup_continue+0x2e/0x40
	other info that might help us debug this:
	 Possible interrupt unsafe locking scenario:
	       CPU0                    CPU1
	       ----                    ----
	  lock(fs_reclaim);
				       local_irq_disable();
				       lock(&amp;aq-&gt;lock);
				       lock(fs_reclaim);
	  &lt;Interrupt&gt;
	    lock(&amp;aq-&gt;lock);
	 *** DEADLOCK ***
	4 locks held by setupseguest.sh/11034:
	 #0: 000000c485d01440 (sb_writers#4){.+.+}-{0:0}, at: vfs_write+0x2fc/0x380
	 #1: 000000c4d2283288 (&amp;of-&gt;mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x12a0x270
	 #2: 000000c4a1830e48 (kn-&gt;active#172){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1e/0x270
	 #3: 000000c4a1a12378 (&amp;aq-&gt;lock){+.-.}-{2:2}, at: se_bind_store+0x96/0x3a0
	the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
	-&gt; (&amp;aq-&gt;lock){+.-.}-{2:2} {
	   HARDIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    _raw_spin_lock_bh+0x58/0xb0
			    ap_queue_init_state+0x2e/0x50
			    ap_scan_domains+0x5d6/0x620
			    ap_scan_adapter+0x4c0/0x810
			    ap_scan_bus+0x70/0x350
			    ap_scan_bus_wq_callback+0x56/0x80
			    process_one_work+0x2ba/0x820
			    worker_thread+0x21a/0x400
			    kthread+0x164/0x190
			    __ret_from_fork+0x4c/0x340
			    ret_from_fork+0xa/0x30
	   IN-SOFTIRQ-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    _raw_spin_lock_bh+0x58/0xb0
			    ap_tasklet_fn+0x72/0xd0
			    tasklet_action_common+0x174/0x1b0
			    handle_softirqs+0x180/0x5c0
			    irq_exit_rcu+0x196/0x200
			    do_ext_irq+0x12a/0x4d0
			    ext_int_handler+0xc6/0xf0
			    folio_zero_user+0x1c6/0x240
			    folio_zero_user+0x182/0x240
			    vma_alloc_anon_folio_pmd+0xa0/0x1d0
			    __do_huge_pmd_anonymous_page+0x3a/0x200
			    __handle_mm_fault+0x56c/0x590
			    handle_mm_fault+0xa2/0x370
			    do_exception+0x292/0x590
			    __do_pgm_check+0x136/0x3e0
			    pgm_check_handler+0x114/0x160
	   INITIAL USE at:
			   __lock_acquire+0x5ae/0x15a0
			   lock_acquire+0x14c/0x400
			   _raw_spin_lock_bh+0x58/0xb0
			   ap_queue_init_state+0x2e/0x50
			   ap_scan_domains+0x5d6/0x620
			   ap_scan_adapter+0x4c0/0x810
			   ap_scan_bus+0x70/0x350
			   ap_scan_bus_wq_callback+0x56/0x80
			   process_one_work+0x2ba/0x820
			   worker_thread+0x21a/0x400
			   kthread+0x164/0x190
			   __ret_from_fork+0x4c/0x340
			   ret_from_fork+0xa/0x30
	 }
	 ... key      at: [&lt;000001c9936e8aa0&gt;] __key.7+0x0/0x10
	the dependencies between the lock to be acquired
	 and SOFTIRQ-irq-unsafe lock:
	-&gt; (fs_reclaim){+.+.}-{0:0} {
	   HARDIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    __fs_reclaim_acquire+0x44/0x50
			    fs_reclaim_acquire+0xbe/0x100
			    fs_reclaim_correct_nesting+0x20/0x70
			    dotest+0x5e/0x148
			    locking_selftest+0x2854/0x2a88
			    start_kernel+0x3b2/0x4f0
			    startup_continue+0x2e/0x40
	   SOFTIRQ-ON-W at:
			    __lock_acquire+0x5ae/0x15a0
			    lock_acquire+0x14c/0x400
			    __fs_reclaim_acquire+0x44/0x50
			    fs_reclaim_acquire+0xbe/0x100
			    fs_reclaim_correct_nesting+0x20/0x70
			    dotest+0x5e/0x148
			    locking_selftest+0x2854/0x2a88
			    start_kernel+0x3b2/0x4f0
			    startup_continue+0x2e/0x40
	   INITIAL USE at:
			   __lock_acquire+0x5ae/0x15a0
			   lock_acquire+0x14c/0x400
			   __fs_reclaim_acquire+0x44/0x50
			   fs_reclaim_acquire+0xbe/0x100
			   fs_reclaim_correct_nesting+0x20/0x70
			   dotest+0x5e/0x148
			   locking_selftest+0x2854/0x2a88
			   start_kernel+0x3b2/0x4f0
			   startup_continue+0x2e/0x40
	 }
	 ... key      at: [&lt;000001c991f498e8&gt;] __fs_reclaim_map+0x0/0x30
	 ... acquired at:
	   check_prev_add+0x178/0xf40
	   __lock_acquire+0x12aa/0x15a0
	   lock_acquire+0x14c/0x400
	   __fs_reclaim_acquire+0x44/0x50
	   fs_reclaim_acquire+0xbe/0x100
	   __kmalloc_cache_noprof+0x5a/0x6d0
	   kobject_uevent_env+0xd4/0x420
	   ap_send_se_bind_uevent+0x48/0x70
	   se_bind_store+0x146/0x3a0
	   kernfs_fop_write_iter+0x18c/0x270
	   vfs_write+0x23c/0x380
	   ksys_write+0x88/0x120
	   __do_syscall+0x170/0x750
	   system_call+0x72/0x90
	stack backtrace:
	CPU: 6 UID: 0 PID: 11034 Comm: setupseguest.sh Not tainted 7.1.0-20260601.rc6.git2.516b5dbd4d4a.300.fc44.s390x+debug #1 PREEMPT
	Hardware name: IBM 9175 ME1 701 (KVM/Linux)
	Call Trace:
	 [&lt;000001c98ffa0a7e&gt;] dump_stack_lvl+0xae/0x108
	 [&lt;000001c9900a6d7a&gt;] print_bad_irq_dependency+0x47a/0x480
	 [&lt;000001c9900a7184&gt;] check_irq_usage+0x404/0x4c0
	 [&lt;000001c9900a73b8&gt;] check_prev_add+0x178/0xf40
	 [&lt;000001c9900aaf1a&gt;] __lock_acquire+0x12aa/0x15a0
	 [&lt;000001c9900ab35c&gt;] lock_acquire+0x14c/0x400
	 [&lt;000001c9903be454&gt;] __fs_reclaim_acquire+0x44/0x50
	 [&lt;000001c9903be51e&gt;] fs_reclaim_acquire+0xbe/0x100
	 [&lt;000001c9903cf4ca&gt;] __kmalloc_cache_noprof+0x5a/0x6d0
	 [&lt;000001c9910ca9d4&gt;] kobject_uevent_env+0xd4/0x420
	 [&lt;000001c990d84098&gt;] ap_send_se_bind_uevent+0x48/0x70
	 [&lt;000001c990d87416&gt;] se_bind_store+0x146/0x3a0
	 [&lt;000001c99057da7c&gt;] kernfs_fop_write_iter+0x18c/0x270
	 [&lt;000001c99047712c&gt;] vfs_write+0x23c/0x380
	 [&lt;000001c990477438&gt;] ksys_write+0x88/0x120
	 [&lt;000001c9910f64e0&gt;] __do_syscall+0x170/0x750
	 [&lt;000001c99110a412&gt;] system_call+0x72/0x90
	INFO: lockdep is turned off.

Fixes: 4179c3984227 ("s390/ap: Implement SE bind and associate uevents")
Reported-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
Suggested-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Reviewed-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/zcrypt: Replace get_zeroed_page() with kzalloc()</title>
<updated>2026-06-03T13:32:45+00:00</updated>
<author>
<name>Mike Rapoport (Microsoft)</name>
<email>rppt@kernel.org</email>
</author>
<published>2026-05-31T14:08:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a2b94afeb5166989753109949c6be6da0215739e'/>
<id>a2b94afeb5166989753109949c6be6da0215739e</id>
<content type='text'>
zcrypt_rng_device_add() allocates a buffer for the software random
number generator data cache.

This buffer can be allocated with kmalloc() as there's nothing special
about it to go directly to the page allocator.

kmalloc() provides a better API that does not require ugly casts and
kfree() does not need to know the size of the freed object.

Performance difference between kmalloc() and __get_free_pages() is not
measurable as both allocators take an object/page from a per-CPU list for
fast path allocations.

For the slow path the performance is anyway determined by the amount of
reclaim involved rather than by what allocator is used.

Replace use of get_zeroed_page() with kzalloc() and free_page() with
kfree().

Link: https://lore.kernel.org/all/635405e4-9423-4a25-a6e7-e03c8ea0bcbe@redhat.com
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Heiko Carstens &lt;hca@linux.ibm.com&gt;
Signed-off-by: Mike Rapoport (Microsoft) &lt;rppt@kernel.org&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
zcrypt_rng_device_add() allocates a buffer for the software random
number generator data cache.

This buffer can be allocated with kmalloc() as there's nothing special
about it to go directly to the page allocator.

kmalloc() provides a better API that does not require ugly casts and
kfree() does not need to know the size of the freed object.

Performance difference between kmalloc() and __get_free_pages() is not
measurable as both allocators take an object/page from a per-CPU list for
fast path allocations.

For the slow path the performance is anyway determined by the amount of
reclaim involved rather than by what allocator is used.

Replace use of get_zeroed_page() with kzalloc() and free_page() with
kfree().

Link: https://lore.kernel.org/all/635405e4-9423-4a25-a6e7-e03c8ea0bcbe@redhat.com
Reviewed-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Heiko Carstens &lt;hca@linux.ibm.com&gt;
Signed-off-by: Mike Rapoport (Microsoft) &lt;rppt@kernel.org&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/ap/zcrypt: Rearrange fields within AP and zcrypt structs</title>
<updated>2026-06-03T13:32:43+00:00</updated>
<author>
<name>Harald Freudenberger</name>
<email>freude@linux.ibm.com</email>
</author>
<published>2026-04-27T16:09:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7321674d06a4cc9e8b043a785d342dfb4074d3c0'/>
<id>7321674d06a4cc9e8b043a785d342dfb4074d3c0</id>
<content type='text'>
Rearrange some fields within AP and zcrypt structs to reduce
memory consumption and unused holes with the help of pahole
analysis of the code.

Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Reviewed-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Rearrange some fields within AP and zcrypt structs to reduce
memory consumption and unused holes with the help of pahole
analysis of the code.

Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Finn Callies &lt;fcallies@linux.ibm.com&gt;
Reviewed-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>s390/ap: Implement SE bind and associate uevents</title>
<updated>2026-05-11T14:42:31+00:00</updated>
<author>
<name>Harald Freudenberger</name>
<email>freude@linux.ibm.com</email>
</author>
<published>2026-04-27T16:43:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4179c39842273d3452db062ef73f850327bfd638'/>
<id>4179c39842273d3452db062ef73f850327bfd638</id>
<content type='text'>
Notify userspace about two important events on AP queues
when run within Secure Execution (SE) environment:
- Send AP CHANGE uevent with "SE_BIND=1" on successful bind
  operation on this AP queue device.
- Send AP CHANGE uevent with "SE_ASSOC=&lt;association_index&gt;"
  on successful association operation with the secret of the
  reported index on this AP queue device.

Note there is no SE unbind/unassociate event. Unbind/unassociate
can have different triggers and technically there is no signaling
done which the AP code could catch. A user space application can,
if this information is crucial, query the sysfs attribute se_bind
on the AP queue which runs a synchronous TAPQ. If the attribute
returns with "unbound" a reset took place and SE bind and associate
states are unbound and unassociated.

Suggested-by: Marc Hartmayer mhartmay@linux.ibm.com
Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Notify userspace about two important events on AP queues
when run within Secure Execution (SE) environment:
- Send AP CHANGE uevent with "SE_BIND=1" on successful bind
  operation on this AP queue device.
- Send AP CHANGE uevent with "SE_ASSOC=&lt;association_index&gt;"
  on successful association operation with the secret of the
  reported index on this AP queue device.

Note there is no SE unbind/unassociate event. Unbind/unassociate
can have different triggers and technically there is no signaling
done which the AP code could catch. A user space application can,
if this information is crucial, query the sysfs attribute se_bind
on the AP queue which runs a synchronous TAPQ. If the attribute
returns with "unbound" a reset took place and SE bind and associate
states are unbound and unassociated.

Suggested-by: Marc Hartmayer mhartmay@linux.ibm.com
Signed-off-by: Harald Freudenberger &lt;freude@linux.ibm.com&gt;
Reviewed-by: Holger Dengler &lt;dengler@linux.ibm.com&gt;
Signed-off-by: Alexander Gordeev &lt;agordeev@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 's390-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux</title>
<updated>2026-04-22T18:13:45+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-04-22T18:13:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2a4c0c11c0193889446cdb6f1540cc2b9aff97dd'/>
<id>2a4c0c11c0193889446cdb6f1540cc2b9aff97dd</id>
<content type='text'>
Pull s390 updates from Vasily Gorbik:

 - Add support for CONFIG_PAGE_TABLE_CHECK and enable it in
   debug_defconfig. s390 can only tell user from kernel PTEs via the mm,
   so mm_struct is now passed into pxx_user_accessible_page() callbacks

 - Expose the PCI function UID as an arch-specific slot attribute in
   sysfs so a function can be identified by its user-defined id while
   still in standby. Introduces a generic ARCH_PCI_SLOT_GROUPS hook in
   drivers/pci/slot.c

 - Refresh s390 PCI documentation to reflect current behavior and cover
   previously undocumented sysfs attributes

 - zcrypt device driver cleanup series: consistent field types, clearer
   variable naming, a kernel-doc warning fix, and a comment explaining
   the intentional synchronize_rcu() in pkey_handler_register()

 - Provide an s390 arch_raw_cpu_ptr() that avoids the detour via
   get_lowcore() using alternatives, shrinking defconfig by ~27 kB

 - Guard identity-base randomization with kaslr_enabled() so nokaslr
   keeps the identity mapping at 0 even with RANDOMIZE_IDENTITY_BASE=y

 - Build S390_MODULES_SANITY_TEST as a module only by requiring KUNIT &amp;&amp;
   m, since built-in would not exercise module loading

 - Remove the permanently commented-out HMCDRV_DEV_CLASS create_class()
   code in the hmcdrv driver

 - Drop stale ident_map_size extern conflicting with asm/page.h

* tag 's390-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/zcrypt: Fix warning about wrong kernel doc comment
  PCI: s390: Expose the UID as an arch specific PCI slot attribute
  docs: s390/pci: Improve and update PCI documentation
  s390/pkey: Add comment about synchronize_rcu() to pkey base
  s390/hmcdrv: Remove commented out code
  s390/zcrypt: Slight rework on the agent_id field
  s390/zcrypt: Explicitly use a card variable in _zcrypt_send_cprb
  s390/zcrypt: Rework MKVP fields and handling
  s390/zcrypt: Make apfs a real unsigned int field
  s390/zcrypt: Rework domain processing within zcrypt device driver
  s390/zcrypt: Move inline function rng_type6cprb_msgx from header to code
  s390/percpu: Provide arch_raw_cpu_ptr()
  s390: Enable page table check for debug_defconfig
  s390/pgtable: Add s390 support for page table check
  s390/pgtable: Use set_pmd_bit() to invalidate PMD entry
  mm/page_table_check: Pass mm_struct to pxx_user_accessible_page()
  s390/boot: Respect kaslr_enabled() for identity randomization
  s390/Kconfig: Make modules sanity test a module-only option
  s390/setup: Drop stale ident_map_size declaration
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull s390 updates from Vasily Gorbik:

 - Add support for CONFIG_PAGE_TABLE_CHECK and enable it in
   debug_defconfig. s390 can only tell user from kernel PTEs via the mm,
   so mm_struct is now passed into pxx_user_accessible_page() callbacks

 - Expose the PCI function UID as an arch-specific slot attribute in
   sysfs so a function can be identified by its user-defined id while
   still in standby. Introduces a generic ARCH_PCI_SLOT_GROUPS hook in
   drivers/pci/slot.c

 - Refresh s390 PCI documentation to reflect current behavior and cover
   previously undocumented sysfs attributes

 - zcrypt device driver cleanup series: consistent field types, clearer
   variable naming, a kernel-doc warning fix, and a comment explaining
   the intentional synchronize_rcu() in pkey_handler_register()

 - Provide an s390 arch_raw_cpu_ptr() that avoids the detour via
   get_lowcore() using alternatives, shrinking defconfig by ~27 kB

 - Guard identity-base randomization with kaslr_enabled() so nokaslr
   keeps the identity mapping at 0 even with RANDOMIZE_IDENTITY_BASE=y

 - Build S390_MODULES_SANITY_TEST as a module only by requiring KUNIT &amp;&amp;
   m, since built-in would not exercise module loading

 - Remove the permanently commented-out HMCDRV_DEV_CLASS create_class()
   code in the hmcdrv driver

 - Drop stale ident_map_size extern conflicting with asm/page.h

* tag 's390-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/zcrypt: Fix warning about wrong kernel doc comment
  PCI: s390: Expose the UID as an arch specific PCI slot attribute
  docs: s390/pci: Improve and update PCI documentation
  s390/pkey: Add comment about synchronize_rcu() to pkey base
  s390/hmcdrv: Remove commented out code
  s390/zcrypt: Slight rework on the agent_id field
  s390/zcrypt: Explicitly use a card variable in _zcrypt_send_cprb
  s390/zcrypt: Rework MKVP fields and handling
  s390/zcrypt: Make apfs a real unsigned int field
  s390/zcrypt: Rework domain processing within zcrypt device driver
  s390/zcrypt: Move inline function rng_type6cprb_msgx from header to code
  s390/percpu: Provide arch_raw_cpu_ptr()
  s390: Enable page table check for debug_defconfig
  s390/pgtable: Add s390 support for page table check
  s390/pgtable: Use set_pmd_bit() to invalidate PMD entry
  mm/page_table_check: Pass mm_struct to pxx_user_accessible_page()
  s390/boot: Respect kaslr_enabled() for identity randomization
  s390/Kconfig: Make modules sanity test a module-only option
  s390/setup: Drop stale ident_map_size declaration
</pre>
</div>
</content>
</entry>
</feed>
