Re: [PATCH v2] s390/mm: add missing secure storage access fixups for donated memory

Next message: Vishnu Sankar: "[PATCH v8 0/3] TrackPoint doubletap enablement and user control"
Previous message: Maciej Wieczor-Retman: "Re: [PATCH v9 3/3] x86/cpu: Do a sanity check on required feature bits"
In reply to: Janosch Frank: "Re: [PATCH v2] s390/mm: add missing secure storage access fixups for donated memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Heiko Carstens

Date: Wed Mar 11 2026 - 10:36:39 EST

On Wed, Mar 11, 2026 at 03:17:22PM +0100, Janosch Frank wrote:
> > > - rc = arch_make_folio_accessible(folio);
> > > + rc = uv_convert_from_secure(folio_to_phys(folio));
> > > + if (!rc)
> > > + clear_bit(PG_arch_1, &folio->flags.f);
> > > folio_put(folio);
> >
> > Isn't the clear_bit() racy? That is: another CPU could make the page secure
> > again, set (the still set) PG_arch_1, and then clear_bit() removes the bit,
> > and we end up with a secure page where PG_arch_1 is not set?
> > Which in turn would arch_make_folio_accessible() al
> >
> > Or is that not possible?
> >
> > Just wondering, since __make_folio_secure() requires the folio to be locked
> > when setting PG_arch_1, while clearing happens unlocked. But chances are high
> > that I don't understand the code.
> >
>
> __make_folio_secure() checks the refcount and if the comments hold true, it
> should protect us from a flag being set as long as we have the extra
> reference which we should have gotten via folio_try_get().
>
> It does not protect us from a double clear.

Ok, then it should work. Thanks for explaining!