Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 39 ++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 +- arch/x86/kvm/cpuid.c | 25 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 2 + drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 ++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/platform/x86/think-lmi.c | 18 +- drivers/regulator/devres.c | 192 ++++++++++++ drivers/regulator/gpio-regulator.c | 19 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 +- drivers/tty/vt/consolemap.c | 47 +-- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 +- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 38 +-- drivers/video/fbdev/core/fbcon.c | 336 ++++++++++----------- drivers/video/fbdev/core/fbcon.h | 4 +- drivers/video/fbdev/core/fbmem.c | 43 +-- fs/btrfs/inode.c | 19 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/ksmbd/smb2pdu.c | 53 ++-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 19 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/consumer.h | 31 ++ include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/unix/af_unix.c | 18 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/codecs/wcd9335.c | 62 ++-- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 182 files changed, 1971 insertions(+), 847 deletions(-)
This is the start of the stable review cycle for the 5.15.187 release.
There are 160 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.15.187-rc1
Borislav Petkov (AMD) <bp@alien8.de>
x86/process: Move the buffer clearing before MONITOR
Borislav Petkov (AMD) <bp@alien8.de>
KVM: SVM: Advertise TSA CPUID bits to guests
Paolo Bonzini <pbonzini@redhat.com>
KVM: x86: add support for CPUID leaf 0x80000021
Borislav Petkov (AMD) <bp@alien8.de>
x86/bugs: Add a Transient Scheduler Attacks mitigation
Borislav Petkov (AMD) <bp@alien8.de>
x86/bugs: Rename MDS machinery to something more generic
Andrei Kuchynski <akuchynski@chromium.org>
usb: typec: displayport: Fix potential deadlock
Kurt Borja <kuurtb@gmail.com>
platform/x86: think-lmi: Create ksets consecutively
Oliver Neukum <oneukum@suse.com>
Logitech C-270 even more broken
Michael J. Ruhl <michael.j.ruhl@intel.com>
i2c/designware: Fix an initialization issue
Peter Chen <peter.chen@cixtech.com>
usb: cdnsp: do not disable slot for disabled slot
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: dbc: Flush queued requests before stopping dbc
Łukasz Bartosik <ukaszb@chromium.org>
xhci: dbctty: disable ECHO flag by default
Kurt Borja <kuurtb@gmail.com>
platform/x86: dell-wmi-sysman: Fix class device unregistration
Kurt Borja <kuurtb@gmail.com>
platform/x86: think-lmi: Fix class device unregistration
Fushuai Wang <wangfushuai@baidu.com>
dpaa2-eth: fix xdp_rxq_info leak
Ioana Ciornei <ioana.ciornei@nxp.com>
net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
Radu Bulie <radu-andrei.bulie@nxp.com>
dpaa2-eth: Update SINGLE_STEP register access
Radu Bulie <radu-andrei.bulie@nxp.com>
dpaa2-eth: Update dpni_get_single_step_cfg command
Thomas Fourier <fourier.thomas@gmail.com>
ethernet: atl1: Add missing DMA mapping error checks and count errors
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
Maíra Canal <mcanal@igalia.com>
drm/v3d: Disable interrupts before resetting the GPU
Manivannan Sadhasivam <mani@kernel.org>
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Jerome Neanne <jneanne@baylibre.com>
regulator: gpio: Add input_supply support in gpio_regulator_config
Avri Altman <avri.altman@sandisk.com>
mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier
Uladzislau Rezki (Sony) <urezki@gmail.com>
rcu: Return early if callback is not specified
Pablo Martin-Gomez <pmartin-gomez@freebox.fr>
mtd: spinand: fix memory leak of ECC engine conf
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Refuse to evaluate a method if arguments are missing
Johannes Berg <johannes.berg@intel.com>
wifi: ath6kl: remove WARN on bad firmware input
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: drop invalid source address OCB frames
Maurizio Lombardi <mlombard@redhat.com>
scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
Madhavan Srinivasan <maddy@linux.ibm.com>
powerpc: Fix struct termio related ioctl macros
Johannes Berg <johannes.berg@intel.com>
ata: pata_cs5536: fix build on 32-bit UML
Takashi Iwai <tiwai@suse.de>
ALSA: sb: Force to disable DMAs once when DMA mode is changed
Takashi Iwai <tiwai@suse.de>
ALSA: sb: Don't allow changing the DMA mode during operations
Rob Clark <robdclark@chromium.org>
drm/msm: Fix a fence leak in submit error path
Lion Ackermann <nnamrec@gmail.com>
net/sched: Always pass notifications when child class becomes empty
Thomas Fourier <fourier.thomas@gmail.com>
nui: Fix dma_mapping_error() check
Kohei Enju <enjuk@amazon.com>
rose: fix dangling neighbour pointers in rose_rt_device_down()
Alok Tiwari <alok.a.tiwari@oracle.com>
enic: fix incorrect MTU comparison in enic_change_mtu()
Raju Rangoju <Raju.Rangoju@amd.com>
amd-xgbe: align CL37 AN sequence as per databook
Dan Carpenter <dan.carpenter@linaro.org>
lib: test_objagg: Set error message in check_expect_hints_stats()
Vitaly Lifshits <vitaly.lifshits@intel.com>
igc: disable L1.2 PCI-E link substate to avoid performance issue
Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
drm/i915/gt: Fix timeline left held on VMA alloc error
Kurt Borja <kuurtb@gmail.com>
platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
Dan Carpenter <dan.carpenter@linaro.org>
drm/i915/selftests: Change mock_request() to return error pointers
James Clark <james.clark@linaro.org>
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
Marek Szyprowski <m.szyprowski@samsung.com>
drm/exynos: fimd: Guard display clock control with runtime PM calls
Filipe Manana <fdmanana@suse.com>
btrfs: fix missing error handling when searching for inode refs during log replay
Patrisious Haddad <phaddad@nvidia.com>
RDMA/mlx5: Fix CC counters query for MPV
Bart Van Assche <bvanassche@acm.org>
scsi: ufs: core: Fix spelling of a sysfs attribute name
Thomas Fourier <fourier.thomas@gmail.com>
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
Thomas Fourier <fourier.thomas@gmail.com>
scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
Benjamin Coddington <bcodding@redhat.com>
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
Kuniyuki Iwashima <kuniyu@google.com>
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Mark Zhang <markzhang@nvidia.com>
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
David Thompson <davthompson@nvidia.com>
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
Sergey Senozhatsky <senozhatsky@chromium.org>
mtk-sd: reset host->mrq on prepare_data() error
Masami Hiramatsu (Google) <mhiramat@kernel.org>
mtk-sd: Prevent memory corruption from DMA map failure
Masami Hiramatsu (Google) <mhiramat@kernel.org>
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
RD Babiera <rdbabiera@google.com>
usb: typec: altmodes/displayport: do not index invalid pin_assignments
Ulf Hansson <ulf.hansson@linaro.org>
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
Victor Shih <victor.shih@genesyslogic.com.tw>
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
HarshaVardhana S A <harshavardhana.sa@broadcom.com>
vsock/vmci: Clear the vmci transport packet properly when initializing it
Mateusz Jończyk <mat.jonczyk@o2.pl>
rtc: cmos: use spin_lock_irqsave in cmos_interrupt
Geert Uytterhoeven <geert+renesas@glider.be>
ARM: 9354/1: ptrace: Use bitfield helpers
Josef Bacik <josef@toxicpanda.com>
btrfs: don't drop extent_map for free space inode on write error
Dev Jain <dev.jain@arm.com>
arm64: Restrict pagetable teardown to avoid false warning
Brett A C Sheffield (Librecast) <bacs@librecast.net>
Revert "ipv6: save dontfrag in cork"
Nathan Chancellor <nathan@kernel.org>
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
Heiko Carstens <hca@linux.ibm.com>
s390/entry: Fix last breaking event handling in case of stack corruption
Ricardo Ribalda <ribalda@chromium.org>
media: uvcvideo: Rollback non processed entities on error
Dexuan Cui <decui@microsoft.com>
PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
Wentao Liang <vulab@iscas.ac.cn>
drm/amd/display: Add null pointer check for get_first_active_display()
Aradhya Bhatia <a-bhatia1@ti.com>
drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
Aradhya Bhatia <a-bhatia1@ti.com>
drm/bridge: cdns-dsi: Check return value when getting default PHY config
Aradhya Bhatia <a-bhatia1@ti.com>
drm/bridge: cdns-dsi: Fix connecting to next bridge
Aradhya Bhatia <a-bhatia1@ti.com>
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
Jay Cornwall <jay.cornwall@amd.com>
drm/amdkfd: Fix race in GWS queue scheduling
Thomas Zimmermann <tzimmermann@suse.de>
drm/udl: Unregister device before cleaning up on disconnect
Qiu-ji Chen <chenqiuji666@gmail.com>
drm/tegra: Fix a possible null pointer dereference
Thierry Reding <treding@nvidia.com>
drm/tegra: Assign plane type before registration
Qasim Ijaz <qasdev00@gmail.com>
HID: wacom: fix kobject reference count leak
Qasim Ijaz <qasdev00@gmail.com>
HID: wacom: fix memory leak on sysfs attribute creation failure
Qasim Ijaz <qasdev00@gmail.com>
HID: wacom: fix memory leak on kobject creation failure
Mark Harmstone <maharmstone@fb.com>
btrfs: update superblock's device bytes_used when dropping chunk
Heinz Mauelshagen <heinzm@redhat.com>
dm-raid: fix variable in journal device check
Frédéric Danis <frederic.danis@collabora.com>
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
Yao Zi <ziyao@disroot.org>
dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
Nathan Chancellor <nathan@kernel.org>
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
Jakub Kicinski <kuba@kernel.org>
net: selftests: fix TCP packet checksum
Kuniyuki Iwashima <kuniyu@google.com>
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Simon Horman <horms@kernel.org>
net: enetc: Correct endianness handling in _enetc_rd_reg64
Tiwei Bie <tiwei.btw@antgroup.com>
um: ubd: Add missing error check in start_io_thread()
Stefano Garzarella <sgarzare@redhat.com>
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
Kuniyuki Iwashima <kuniyu@google.com>
af_unix: Don't set -ECONNRESET for consumed OOB skb.
Lachlan Hodges <lachlan.hodges@morsemicro.com>
wifi: mac80211: fix beacon interval calculation overflow
Yuan Chen <chenyuan@kylinos.cn>
libbpf: Fix null pointer dereference in btf_dump__free on allocation failure
Al Viro <viro@zeniv.linux.org.uk>
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
Youngjun Lee <yjjuny.lee@samsung.com>
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Eric Dumazet <edumazet@google.com>
atm: clip: prevent NULL deref in clip_push()
Fedor Pchelkin <pchelkin@ispras.ru>
s390/pkey: Prevent overflow in size calculation for memdup_user()
Wolfram Sang <wsa+renesas@sang-engineering.com>
i2c: robotfuzz-osif: disable zero-length read messages
Wolfram Sang <wsa+renesas@sang-engineering.com>
i2c: tiny-usb: disable zero-length read messages
Rong Zhang <i@rong.moe>
platform/x86: ideapad-laptop: use usleep_range() for EC polling
Thomas Zimmermann <tzimmermann@suse.de>
dummycon: Trigger redraw when switching consoles with deferred takeover
Jiri Slaby (SUSE) <jirislaby@kernel.org>
tty: vt: make consw::con_switch() return a bool
Jiri Slaby (SUSE) <jirislaby@kernel.org>
tty: vt: sanitize arguments of consw::con_clear()
Jiri Slaby (SUSE) <jirislaby@kernel.org>
tty: vt: make init parameter of consw::con_init() a bool
Jiri Slaby (SUSE) <jirislaby@kernel.org>
vgacon: remove unneeded forward declarations
Jiri Slaby (SUSE) <jirislaby@kernel.org>
vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
Jiri Slaby <jirislaby@kernel.org>
tty/vt: consolemap: rename and document struct uni_pagedir
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: delete a few unneeded forward decl
Long Li <longli@microsoft.com>
uio_hv_generic: Align ring size to system page
Saurabh Sengar <ssengar@linux.microsoft.com>
uio_hv_generic: Query the ringbuffer size for device
Saurabh Sengar <ssengar@linux.microsoft.com>
Drivers: hv: vmbus: Add utility function for querying ring size
Vitaly Kuznetsov <vkuznets@redhat.com>
Drivers: hv: Rename 'alloced' to 'allocated'
Murad Masimov <m.masimov@mt-integration.ru>
fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Move console_lock for register/unlink/unregister
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: use lock_fb_info in fbcon_open/release
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: move more common code into fb_open()
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Extract fbcon_open/release helpers
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Use delayed work for cursor
Chao Yu <chao@kernel.org>
f2fs: don't over-report free space or inodes in statvfs
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: codecs: wcd9335: Fix missing free of regulator supplies
Peng Fan <peng.fan@nxp.com>
ASoC: codec: wcd9335: Convert to GPIO descriptors
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe()
Matti Vaittinen <mazziesaccount@gmail.com>
regulator: Add devm helpers for get and enable
Douglas Anderson <dianders@chromium.org>
regulator: core: Allow drivers to define their init data as const
Ming Qian <ming.qian@oss.nxp.com>
media: imx-jpeg: Drop the first error frames
Miquel Raynal <miquel.raynal@bootlin.com>
clk: ti: am43xx: Add clkctrl data for am43xx ADC1
Marek Szyprowski <m.szyprowski@samsung.com>
media: omap3isp: use sgtable-based scatterlist wrappers
Dmitry Nikiforov <Dm1tryNk@yandex.ru>
media: davinci: vpif: Fix memory leak in probe error path
Vasiliy Kovalev <kovalev@altlinux.org>
jfs: validate AG parameters in dbMount() to prevent crashes
Dave Kleikamp <dave.kleikamp@oracle.com>
fs/jfs: consolidate sanity checking in dbMount
Kees Cook <kees@kernel.org>
ovl: Check for NULL d_inode() in ovl_dentry_upper()
Dmitry Kandybka <d.kandybka@gmail.com>
ceph: fix possible integer overflow in ceph_zero_objects()
Mario Limonciello <mario.limonciello@amd.com>
ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
Vijendar Mukunda <Vijendar.Mukunda@amd.com>
ALSA: hda: Add new pci id for AMD GPU display HD audio controller
Cezary Rojewski <cezary.rojewski@intel.com>
ALSA: hda: Ignore unsol events for cards being shut down
Jos Wang <joswang@lenovo.com>
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
Robert Hodaszi <robert.hodaszi@digi.com>
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: Add checks for snprintf() calls in usb_alloc_dev()
Chance Yang <chance.yang@kneron.us>
usb: common: usb-conn-gpio: use a unique name for usb connector device
Jakub Lewalski <jakub.lewalski@nokia.com>
tty: serial: uartlite: register uart driver in init
Chen Yufeng <chenyufeng@iie.ac.cn>
usb: potential integer overflow in usbg_make_tpg()
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: dwc2: also exit clock_gating when stopping udc while suspended
James Clark <james.clark@linaro.org>
coresight: Only check bottom two claim bits
Sami Tolvanen <samitolvanen@google.com>
um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
Linggang Zeng <linggang.zeng@easystack.cn>
bcache: fix NULL pointer in cache_set_flush()
Yu Kuai <yukuai3@huawei.com>
md/md-bitmap: fix dm-raid max_write_behind setting
Thomas Gessler <thomas.gessler@brueckmann-gmbh.de>
dmaengine: xilinx_dma: Set dma_device directions
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension
Alexis Czezar Torreno <alexisczezar.torreno@analog.com>
hwmon: (pmbus/max34440) Fix support for max34451
Sven Schwermer <sven.schwermer@disruptive-technologies.com>
leds: multicolor: Fix intensity setting while SW blinking
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
mfd: max14577: Fix wakeup source leaks on device unbind
Peng Fan <peng.fan@nxp.com>
mailbox: Not protect module_put with spin_lock_irqsave
Olga Kornievskaia <okorniev@redhat.com>
NFSv4.2: fix listxattr to return selinux security label
Han Young <hanyang.tony@bytedance.com>
NFSv4: Always set NLINK even if the server doesn't support it
Pali Rohár <pali@kernel.org>
cifs: Fix cifs_query_path_info() for Windows NT servers
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 1 +
Documentation/ABI/testing/sysfs-driver-ufs | 2 +-
.../hw-vuln/processor_mmio_stale_data.rst | 4 +-
Documentation/admin-guide/kernel-parameters.txt | 13 +
Documentation/devicetree/bindings/serial/8250.yaml | 2 +-
Makefile | 4 +-
arch/arm/include/asm/ptrace.h | 5 +-
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/include/uapi/asm/ioctls.h | 8 +-
arch/s390/Makefile | 2 +-
arch/s390/kernel/entry.S | 2 +-
arch/s390/purgatory/Makefile | 2 +-
arch/um/drivers/ubd_user.c | 2 +-
arch/um/include/asm/asm-prototypes.h | 5 +
arch/x86/Kconfig | 9 +
arch/x86/entry/entry.S | 8 +-
arch/x86/include/asm/cpu.h | 13 +
arch/x86/include/asm/cpufeatures.h | 6 +
arch/x86/include/asm/irqflags.h | 4 +-
arch/x86/include/asm/mwait.h | 19 +-
arch/x86/include/asm/nospec-branch.h | 39 ++-
arch/x86/kernel/cpu/amd.c | 58 ++++
arch/x86/kernel/cpu/bugs.c | 133 +++++++-
arch/x86/kernel/cpu/common.c | 14 +-
arch/x86/kernel/cpu/scattered.c | 2 +
arch/x86/kernel/process.c | 15 +-
arch/x86/kvm/cpuid.c | 25 +-
arch/x86/kvm/reverse_cpuid.h | 8 +
arch/x86/kvm/svm/vmenter.S | 6 +
arch/x86/kvm/vmx/vmx.c | 2 +-
arch/x86/um/asm/checksum.h | 3 +
drivers/acpi/acpica/dsmethod.c | 7 +
drivers/ata/pata_cs5536.c | 2 +-
drivers/base/cpu.c | 2 +
drivers/clk/ti/clk-43xx.c | 1 +
drivers/dma/xilinx/xilinx_dma.c | 2 +
drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +-
.../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +
drivers/gpu/drm/bridge/cdns-dsi.c | 27 +-
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 +
drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +-
drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-
drivers/gpu/drm/i915/selftests/mock_request.c | 2 +-
drivers/gpu/drm/msm/msm_gem_submit.c | 9 +
drivers/gpu/drm/tegra/dc.c | 17 +-
drivers/gpu/drm/tegra/hub.c | 4 +-
drivers/gpu/drm/tegra/hub.h | 3 +-
drivers/gpu/drm/udl/udl_drv.c | 2 +-
drivers/gpu/drm/v3d/v3d_drv.h | 8 +
drivers/gpu/drm/v3d/v3d_gem.c | 2 +
drivers/gpu/drm/v3d/v3d_irq.c | 39 ++-
drivers/hid/wacom_sys.c | 6 +-
drivers/hv/channel_mgmt.c | 33 +-
drivers/hv/hyperv_vmbus.h | 19 +-
drivers/hv/vmbus_drv.c | 2 +-
drivers/hwmon/pmbus/max34440.c | 48 ++-
drivers/hwtracing/coresight/coresight-core.c | 3 +-
drivers/hwtracing/coresight/coresight-priv.h | 1 +
drivers/i2c/busses/i2c-designware-master.c | 1 +
drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 +
drivers/i2c/busses/i2c-tiny-usb.c | 6 +
drivers/iio/pressure/zpa2326.c | 2 +-
drivers/infiniband/hw/mlx5/counters.c | 2 +-
drivers/infiniband/hw/mlx5/devx.c | 2 +-
drivers/leds/led-class-multicolor.c | 3 +-
drivers/mailbox/mailbox.c | 2 +-
drivers/md/bcache/super.c | 7 +-
drivers/md/dm-raid.c | 2 +-
drivers/md/md-bitmap.c | 2 +-
drivers/media/platform/davinci/vpif.c | 4 +-
drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +-
drivers/media/platform/omap3isp/ispccdc.c | 8 +-
drivers/media/platform/omap3isp/ispstat.c | 6 +-
drivers/media/usb/uvc/uvc_ctrl.c | 42 ++-
drivers/mfd/max14577.c | 1 +
drivers/mmc/core/quirks.h | 16 +-
drivers/mmc/host/mtk-sd.c | 21 +-
drivers/mmc/host/sdhci.c | 9 +-
drivers/mmc/host/sdhci.h | 16 +
drivers/mtd/nand/spi/core.c | 1 +
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 +
drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 +
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +-
drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++--
drivers/net/ethernet/cisco/enic/enic_main.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 +-
.../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +-
drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +-
drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 +
drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 +
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +-
drivers/net/ethernet/intel/igc/igc_main.c | 10 +
drivers/net/ethernet/sun/niu.c | 31 +-
drivers/net/ethernet/sun/niu.h | 4 +
drivers/net/wireless/ath/ath6kl/bmi.c | 4 +-
drivers/pci/controller/pci-hyperv.c | 17 +-
drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +-
.../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 +
.../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +-
.../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +-
.../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +-
.../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +-
drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +-
drivers/platform/x86/ideapad-laptop.c | 19 +-
drivers/platform/x86/think-lmi.c | 18 +-
drivers/regulator/devres.c | 192 ++++++++++++
drivers/regulator/gpio-regulator.c | 19 +-
drivers/rtc/rtc-cmos.c | 10 +-
drivers/s390/crypto/pkey_api.c | 2 +-
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/ufs/ufs-sysfs.c | 4 +-
drivers/spi/spi-fsl-dspi.c | 11 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 44 +--
drivers/target/target_core_pr.c | 4 +-
drivers/tty/serial/uartlite.c | 25 +-
drivers/tty/vt/consolemap.c | 47 +--
drivers/tty/vt/vt.c | 12 +-
drivers/uio/uio_hv_generic.c | 10 +-
drivers/usb/cdns3/cdnsp-ring.c | 4 +-
drivers/usb/class/cdc-wdm.c | 23 +-
drivers/usb/common/usb-conn-gpio.c | 25 +-
drivers/usb/core/quirks.c | 3 +-
drivers/usb/core/usb.c | 14 +-
drivers/usb/dwc2/gadget.c | 6 +
drivers/usb/gadget/function/f_tcm.c | 4 +-
drivers/usb/host/xhci-dbgcap.c | 4 +
drivers/usb/host/xhci-dbgtty.c | 1 +
drivers/usb/typec/altmodes/displayport.c | 5 +-
drivers/video/console/dummycon.c | 24 +-
drivers/video/console/mdacon.c | 21 +-
drivers/video/console/newport_con.c | 12 +-
drivers/video/console/sticon.c | 14 +-
drivers/video/console/vgacon.c | 38 +--
drivers/video/fbdev/core/fbcon.c | 336 ++++++++++-----------
drivers/video/fbdev/core/fbcon.h | 4 +-
drivers/video/fbdev/core/fbmem.c | 43 +--
fs/btrfs/inode.c | 19 +-
fs/btrfs/tree-log.c | 4 +-
fs/btrfs/volumes.c | 6 +
fs/ceph/file.c | 2 +-
fs/cifs/misc.c | 8 +
fs/f2fs/super.c | 30 +-
fs/jfs/jfs_dmap.c | 41 +--
fs/ksmbd/smb2pdu.c | 53 ++--
fs/namespace.c | 8 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++---
fs/nfs/inode.c | 19 +-
fs/nfs/nfs4proc.c | 12 +-
fs/nfs/pnfs.c | 4 +-
fs/overlayfs/util.c | 4 +-
include/dt-bindings/clock/am4.h | 1 +
include/linux/console.h | 13 +-
include/linux/console_struct.h | 6 +-
include/linux/cpu.h | 1 +
include/linux/hyperv.h | 2 +
include/linux/ipv6.h | 1 -
include/linux/regulator/consumer.h | 31 ++
include/linux/regulator/gpio-regulator.h | 2 +
include/linux/usb/typec_dp.h | 1 +
include/uapi/linux/vm_sockets.h | 4 +
kernel/rcu/tree.c | 4 +
lib/test_objagg.c | 4 +-
net/atm/clip.c | 11 +-
net/atm/resources.c | 3 +-
net/bluetooth/l2cap_core.c | 9 +-
net/core/selftests.c | 5 +-
net/ipv6/ip6_output.c | 9 +-
net/mac80211/rx.c | 4 +
net/mac80211/util.c | 2 +-
net/rose/rose_route.c | 15 +-
net/sched/sch_api.c | 19 +-
net/unix/af_unix.c | 18 +-
net/vmw_vsock/vmci_transport.c | 4 +-
sound/isa/sb/sb16_main.c | 7 +
sound/pci/hda/hda_bind.c | 2 +-
sound/pci/hda/hda_intel.c | 3 +
sound/soc/codecs/wcd9335.c | 62 ++--
sound/usb/quirks.c | 2 +
sound/usb/stream.c | 2 +
tools/lib/bpf/btf_dump.c | 3 +
182 files changed, 1971 insertions(+), 847 deletions(-)
On 7/8/25 10:20, Greg Kroah-Hartman wrote: > This is the start of the stable review cycle for the 5.15.187 release. > There are 160 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-rc1.gz > or in the git tree and branch at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y > and the diffstat can be found below. > > thanks, > > greg k-h > Compiled and booted on my test system. No dmesg regressions. Tested-by: Shuah Khan <skhan@linuxfoundation.org> thanks, -- Shuah
On 7/8/25 09:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.187 release.
> There are 160 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
The ARM 32-bit kernel fails to build with:
/local/users/fainelli/buildroot/output/arm/host/bin/arm-linux-ld:
drivers/base/cpu.o: in function `.LANCHOR2':
cpu.c:(.data+0xbc): undefined reference to `cpu_show_tsa'
host-make[2]: *** [Makefile:1246: vmlinux] Error 1
This is caused by:
commit 5799df885785024821d09c334612c00992aa4c4b
Author: Borislav Petkov (AMD) <bp@alien8.de>
Date: Wed Sep 11 10:53:08 2024 +0200
x86/bugs: Add a Transient Scheduler Attacks mitigation
Commit d8010d4ba43e9f790925375a7de100604a5e2dba upstream.
Add the required features detection glue to bugs.c et all in order to
support the TSA mitigation.
Co-developed-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
I don't see this in Linus' tree but it's not clear yet why that is not
happening there.
--
Florian
On Tue, Jul 08, 2025 at 10:20:01AM -0700, Florian Fainelli wrote: > On 7/8/25 09:20, Greg Kroah-Hartman wrote: > > This is the start of the stable review cycle for the 5.15.187 release. > > There are 160 patches in this series, all will be posted as a response > > to this one. If anyone has any issues with these being applied, please > > let me know. > > > > Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. > > Anything received after that time might be too late. > > > > The whole patch series can be found in one patch at: > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-rc1.gz > > or in the git tree and branch at: > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y > > and the diffstat can be found below. > > > > thanks, > > > > greg k-h > > The ARM 32-bit kernel fails to build with: > > /local/users/fainelli/buildroot/output/arm/host/bin/arm-linux-ld: > drivers/base/cpu.o: in function `.LANCHOR2': > cpu.c:(.data+0xbc): undefined reference to `cpu_show_tsa' > host-make[2]: *** [Makefile:1246: vmlinux] Error 1 > > This is caused by: > > commit 5799df885785024821d09c334612c00992aa4c4b > Author: Borislav Petkov (AMD) <bp@alien8.de> > Date: Wed Sep 11 10:53:08 2024 +0200 > > x86/bugs: Add a Transient Scheduler Attacks mitigation > > Commit d8010d4ba43e9f790925375a7de100604a5e2dba upstream. > > Add the required features detection glue to bugs.c et all in order to > support the TSA mitigation. > > Co-developed-by: Kim Phillips <kim.phillips@amd.com> > Signed-off-by: Kim Phillips <kim.phillips@amd.com> > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> > Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > I don't see this in Linus' tree but it's not clear yet why that is not > happening there. I see it in Linus's tree, you might want to do a sync :)
On Tue, Jul 08, 2025 at 10:20:01AM -0700, Florian Fainelli wrote:
> The ARM 32-bit kernel fails to build with:
Can you give .config pls?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On 7/8/25 10:23, Borislav Petkov wrote: > On Tue, Jul 08, 2025 at 10:20:01AM -0700, Florian Fainelli wrote: >> The ARM 32-bit kernel fails to build with: > > Can you give .config pls? > Sure, here it is: https://gist.github.com/ffainelli/2319e6857247796f0a9bd99c5fe6e211 FWIW, I also have the same build failure on 6.1. -- Florian
On Tue, Jul 08, 2025 at 10:26:56AM -0700, Florian Fainelli wrote:
> On 7/8/25 10:23, Borislav Petkov wrote:
> > On Tue, Jul 08, 2025 at 10:20:01AM -0700, Florian Fainelli wrote:
> > > The ARM 32-bit kernel fails to build with:
> >
> > Can you give .config pls?
> >
>
> Sure, here it is:
>
> https://gist.github.com/ffainelli/2319e6857247796f0a9bd99c5fe6e211
>
> FWIW, I also have the same build failure on 6.1.
Right, it needs the __weak functions - this is solved differently on newer
kernels. Lemme send updated patches.
---
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
index 2c8e98532310..0e7f7f54665d 100644
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -601,6 +601,11 @@ ssize_t __weak cpu_show_indirect_target_selection(struct device *dev,
return sysfs_emit(buf, "Not affected\n");
}
+ssize_t __weak cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "Not affected\n");
+}
+
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Tue, Jul 08, 2025 at 07:45:09PM +0200, Borislav Petkov wrote:
> Right, it needs the __weak functions - this is solved differently on newer
> kernels. Lemme send updated patches.
...and 6.1:
Thanks Florian!
---
From 69fdd5ec45b0adfe91432c2288302b124ffc7d6a Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@alien8.de>
Date: Wed, 11 Sep 2024 10:53:08 +0200
Subject: [PATCH] x86/bugs: Add a Transient Scheduler Attacks mitigation
Commit d8010d4ba43e9f790925375a7de100604a5e2dba upstream.
Add the required features detection glue to bugs.c et all in order to
support the TSA mitigation.
Co-developed-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../ABI/testing/sysfs-devices-system-cpu | 1 +
.../admin-guide/kernel-parameters.txt | 13 ++
arch/x86/Kconfig | 9 ++
arch/x86/include/asm/cpu.h | 12 ++
arch/x86/include/asm/cpufeatures.h | 6 +
arch/x86/include/asm/mwait.h | 2 +-
arch/x86/include/asm/nospec-branch.h | 12 +-
arch/x86/kernel/cpu/amd.c | 58 +++++++++
arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++++
arch/x86/kernel/cpu/common.c | 14 +-
arch/x86/kernel/cpu/scattered.c | 2 +
arch/x86/kvm/svm/vmenter.S | 6 +
drivers/base/cpu.c | 7 +
include/linux/cpu.h | 1 +
14 files changed, 259 insertions(+), 5 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
index 1468609052c7..97e695efa959 100644
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
@@ -526,6 +526,7 @@ What: /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v1
/sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/srbds
+ /sys/devices/system/cpu/vulnerabilities/tsa
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Date: January 2018
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 6938c8cd7a6f..eaeabff9beff 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6400,6 +6400,19 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ tsa= [X86] Control mitigation for Transient Scheduler
+ Attacks on AMD CPUs. Search the following in your
+ favourite search engine for more details:
+
+ "Technical guidance for mitigating transient scheduler
+ attacks".
+
+ off - disable the mitigation
+ on - enable the mitigation (default)
+ user - mitigate only user/kernel transitions
+ vm - mitigate only guest/host transitions
+
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 8e66bb443351..1da950b1d41a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2586,6 +2586,15 @@ config MITIGATION_ITS
disabled, mitigation cannot be enabled via cmdline.
See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst>
+config MITIGATION_TSA
+ bool "Mitigate Transient Scheduler Attacks"
+ depends on CPU_SUP_AMD
+ default y
+ help
+ Enable mitigation for Transient Scheduler Attacks. TSA is a hardware
+ security vulnerability on AMD CPUs which can lead to forwarding of
+ invalid info to subsequent instructions and thus can affect their
+ timing and thereby cause a leakage.
endif
config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h
index 37639a2d9c34..c976bbf909e0 100644
--- a/arch/x86/include/asm/cpu.h
+++ b/arch/x86/include/asm/cpu.h
@@ -98,4 +98,16 @@ extern u64 x86_read_arch_cap_msr(void);
extern struct cpumask cpus_stop_mask;
+union zen_patch_rev {
+ struct {
+ __u32 rev : 8,
+ stepping : 4,
+ model : 4,
+ __reserved : 4,
+ ext_model : 4,
+ ext_fam : 8;
+ };
+ __u32 ucode_rev;
+};
+
#endif /* _ASM_X86_CPU_H */
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 28edef597282..1c71f947b426 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -430,6 +430,7 @@
#define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */
#define X86_FEATURE_AUTOIBRS (20*32+ 8) /* "" Automatic IBRS */
+#define X86_FEATURE_VERW_CLEAR (20*32+ 10) /* "" The memory form of VERW mitigates TSA */
#define X86_FEATURE_SBPB (20*32+27) /* "" Selective Branch Prediction Barrier */
#define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */
#define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */
@@ -447,6 +448,10 @@
#define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */
#define X86_FEATURE_INDIRECT_THUNK_ITS (21*32 + 5) /* "" Use thunk for indirect branches in lower half of cacheline */
+#define X86_FEATURE_TSA_SQ_NO (21*32+11) /* "" AMD CPU not vulnerable to TSA-SQ */
+#define X86_FEATURE_TSA_L1_NO (21*32+12) /* "" AMD CPU not vulnerable to TSA-L1 */
+#define X86_FEATURE_CLEAR_CPU_BUF_VM (21*32+13) /* "" Clear CPU buffers using VERW before VMRUN */
+
/*
* BUG word(s)
*/
@@ -498,4 +503,5 @@
#define X86_BUG_IBPB_NO_RET X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB omits return target predictions */
#define X86_BUG_ITS X86_BUG(1*32 + 5) /* CPU is affected by Indirect Target Selection */
#define X86_BUG_ITS_NATIVE_ONLY X86_BUG(1*32 + 6) /* CPU is affected by ITS, VMX is not affected */
+#define X86_BUG_TSA X86_BUG(1*32+ 9) /* "tsa" CPU is affected by Transient Scheduler Attacks */
#endif /* _ASM_X86_CPUFEATURES_H */
diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index 209dce2c79b7..2c6020729dd1 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -80,7 +80,7 @@ static inline void __mwait(unsigned long eax, unsigned long ecx)
static inline void __mwaitx(unsigned long eax, unsigned long ebx,
unsigned long ecx)
{
- /* No MDS buffer clear as this is AMD/HYGON only */
+ /* No need for TSA buffer clearing on AMD */
/* "mwaitx %eax, %ebx, %ecx;" */
asm volatile(".byte 0x0f, 0x01, 0xfb;"
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 3713b6dab7f4..c77a65a3e5f1 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -208,8 +208,8 @@
* CFLAGS.ZF.
* Note: Only the memory operand variant of VERW clears the CPU buffers.
*/
-.macro CLEAR_CPU_BUFFERS
- ALTERNATIVE "jmp .Lskip_verw_\@", "", X86_FEATURE_CLEAR_CPU_BUF
+.macro __CLEAR_CPU_BUFFERS feature
+ ALTERNATIVE "jmp .Lskip_verw_\@", "", \feature
#ifdef CONFIG_X86_64
verw x86_verw_sel(%rip)
#else
@@ -223,6 +223,12 @@
.Lskip_verw_\@:
.endm
+#define CLEAR_CPU_BUFFERS \
+ __CLEAR_CPU_BUFFERS X86_FEATURE_CLEAR_CPU_BUF
+
+#define VM_CLEAR_CPU_BUFFERS \
+ __CLEAR_CPU_BUFFERS X86_FEATURE_CLEAR_CPU_BUF_VM
+
#ifdef CONFIG_X86_64
.macro CLEAR_BRANCH_HISTORY
ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP
@@ -462,7 +468,7 @@ static __always_inline void x86_clear_cpu_buffers(void)
/**
* x86_idle_clear_cpu_buffers - Buffer clearing support in idle for the MDS
- * vulnerability
+ * and TSA vulnerabilities.
*
* Clear CPU buffers if the corresponding static key is enabled
*/
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 9ac93b4ba67b..3e3679709e90 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -553,6 +553,61 @@ static void early_init_amd_mc(struct cpuinfo_x86 *c)
#endif
}
+static bool amd_check_tsa_microcode(void)
+{
+ struct cpuinfo_x86 *c = &boot_cpu_data;
+ union zen_patch_rev p;
+ u32 min_rev = 0;
+
+ p.ext_fam = c->x86 - 0xf;
+ p.model = c->x86_model;
+ p.stepping = c->x86_stepping;
+
+ if (c->x86 == 0x19) {
+ switch (p.ucode_rev >> 8) {
+ case 0xa0011: min_rev = 0x0a0011d7; break;
+ case 0xa0012: min_rev = 0x0a00123b; break;
+ case 0xa0082: min_rev = 0x0a00820d; break;
+ case 0xa1011: min_rev = 0x0a10114c; break;
+ case 0xa1012: min_rev = 0x0a10124c; break;
+ case 0xa1081: min_rev = 0x0a108109; break;
+ case 0xa2010: min_rev = 0x0a20102e; break;
+ case 0xa2012: min_rev = 0x0a201211; break;
+ case 0xa4041: min_rev = 0x0a404108; break;
+ case 0xa5000: min_rev = 0x0a500012; break;
+ case 0xa6012: min_rev = 0x0a60120a; break;
+ case 0xa7041: min_rev = 0x0a704108; break;
+ case 0xa7052: min_rev = 0x0a705208; break;
+ case 0xa7080: min_rev = 0x0a708008; break;
+ case 0xa70c0: min_rev = 0x0a70c008; break;
+ case 0xaa002: min_rev = 0x0aa00216; break;
+ default:
+ pr_debug("%s: ucode_rev: 0x%x, current revision: 0x%x\n",
+ __func__, p.ucode_rev, c->microcode);
+ return false;
+ }
+ }
+
+ if (!min_rev)
+ return false;
+
+ return c->microcode >= min_rev;
+}
+
+static void tsa_init(struct cpuinfo_x86 *c)
+{
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR))
+ return;
+
+ if (c->x86 == 0x19) {
+ if (amd_check_tsa_microcode())
+ setup_force_cpu_cap(X86_FEATURE_VERW_CLEAR);
+ } else {
+ setup_force_cpu_cap(X86_FEATURE_TSA_SQ_NO);
+ setup_force_cpu_cap(X86_FEATURE_TSA_L1_NO);
+ }
+}
+
static void bsp_init_amd(struct cpuinfo_x86 *c)
{
if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) {
@@ -663,6 +718,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
if (!(msr & MSR_K7_HWCR_SMMLOCK))
goto clear_sev;
+
+ tsa_init(c);
+
return;
clear_all:
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d0a5df576e90..dba5262e1509 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -49,6 +49,7 @@ static void __init l1d_flush_select_mitigation(void);
static void __init gds_select_mitigation(void);
static void __init srso_select_mitigation(void);
static void __init its_select_mitigation(void);
+static void __init tsa_select_mitigation(void);
/* The base value of the SPEC_CTRL MSR without task-specific bits set */
u64 x86_spec_ctrl_base;
@@ -184,6 +185,7 @@ void __init cpu_select_mitigations(void)
srso_select_mitigation();
gds_select_mitigation();
its_select_mitigation();
+ tsa_select_mitigation();
}
/*
@@ -2039,6 +2041,94 @@ static void update_mds_branch_idle(void)
#define TAA_MSG_SMT "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.\n"
#define MMIO_MSG_SMT "MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.\n"
+#undef pr_fmt
+#define pr_fmt(fmt) "Transient Scheduler Attacks: " fmt
+
+enum tsa_mitigations {
+ TSA_MITIGATION_NONE,
+ TSA_MITIGATION_UCODE_NEEDED,
+ TSA_MITIGATION_USER_KERNEL,
+ TSA_MITIGATION_VM,
+ TSA_MITIGATION_FULL,
+};
+
+static const char * const tsa_strings[] = {
+ [TSA_MITIGATION_NONE] = "Vulnerable",
+ [TSA_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode",
+ [TSA_MITIGATION_USER_KERNEL] = "Mitigation: Clear CPU buffers: user/kernel boundary",
+ [TSA_MITIGATION_VM] = "Mitigation: Clear CPU buffers: VM",
+ [TSA_MITIGATION_FULL] = "Mitigation: Clear CPU buffers",
+};
+
+static enum tsa_mitigations tsa_mitigation __ro_after_init =
+ IS_ENABLED(CONFIG_MITIGATION_TSA) ? TSA_MITIGATION_FULL : TSA_MITIGATION_NONE;
+
+static int __init tsa_parse_cmdline(char *str)
+{
+ if (!str)
+ return -EINVAL;
+
+ if (!strcmp(str, "off"))
+ tsa_mitigation = TSA_MITIGATION_NONE;
+ else if (!strcmp(str, "on"))
+ tsa_mitigation = TSA_MITIGATION_FULL;
+ else if (!strcmp(str, "user"))
+ tsa_mitigation = TSA_MITIGATION_USER_KERNEL;
+ else if (!strcmp(str, "vm"))
+ tsa_mitigation = TSA_MITIGATION_VM;
+ else
+ pr_err("Ignoring unknown tsa=%s option.\n", str);
+
+ return 0;
+}
+early_param("tsa", tsa_parse_cmdline);
+
+static void __init tsa_select_mitigation(void)
+{
+ if (tsa_mitigation == TSA_MITIGATION_NONE)
+ return;
+
+ if (cpu_mitigations_off() || !boot_cpu_has_bug(X86_BUG_TSA)) {
+ tsa_mitigation = TSA_MITIGATION_NONE;
+ return;
+ }
+
+ if (!boot_cpu_has(X86_FEATURE_VERW_CLEAR))
+ tsa_mitigation = TSA_MITIGATION_UCODE_NEEDED;
+
+ switch (tsa_mitigation) {
+ case TSA_MITIGATION_USER_KERNEL:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
+ break;
+
+ case TSA_MITIGATION_VM:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
+ break;
+
+ case TSA_MITIGATION_UCODE_NEEDED:
+ if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
+ goto out;
+
+ pr_notice("Forcing mitigation on in a VM\n");
+
+ /*
+ * On the off-chance that microcode has been updated
+ * on the host, enable the mitigation in the guest just
+ * in case.
+ */
+ fallthrough;
+ case TSA_MITIGATION_FULL:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
+ break;
+ default:
+ break;
+ }
+
+out:
+ pr_info("%s\n", tsa_strings[tsa_mitigation]);
+}
+
void cpu_bugs_smt_update(void)
{
mutex_lock(&spec_ctrl_mutex);
@@ -2092,6 +2182,24 @@ void cpu_bugs_smt_update(void)
break;
}
+ switch (tsa_mitigation) {
+ case TSA_MITIGATION_USER_KERNEL:
+ case TSA_MITIGATION_VM:
+ case TSA_MITIGATION_FULL:
+ case TSA_MITIGATION_UCODE_NEEDED:
+ /*
+ * TSA-SQ can potentially lead to info leakage between
+ * SMT threads.
+ */
+ if (sched_smt_active())
+ static_branch_enable(&cpu_buf_idle_clear);
+ else
+ static_branch_disable(&cpu_buf_idle_clear);
+ break;
+ case TSA_MITIGATION_NONE:
+ break;
+ }
+
mutex_unlock(&spec_ctrl_mutex);
}
@@ -3026,6 +3134,11 @@ static ssize_t srso_show_state(char *buf)
boot_cpu_has(X86_FEATURE_IBPB_BRTYPE) ? "" : ", no microcode");
}
+static ssize_t tsa_show_state(char *buf)
+{
+ return sysfs_emit(buf, "%s\n", tsa_strings[tsa_mitigation]);
+}
+
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
char *buf, unsigned int bug)
{
@@ -3087,6 +3200,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
case X86_BUG_ITS:
return its_show_state(buf);
+ case X86_BUG_TSA:
+ return tsa_show_state(buf);
+
default:
break;
}
@@ -3171,4 +3287,9 @@ ssize_t cpu_show_indirect_target_selection(struct device *dev, struct device_att
{
return cpu_show_common(dev, attr, buf, X86_BUG_ITS);
}
+
+ssize_t cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ return cpu_show_common(dev, attr, buf, X86_BUG_TSA);
+}
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 722eac51beae..9c849a4160cd 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1256,6 +1256,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
#define ITS BIT(8)
/* CPU is affected by Indirect Target Selection, but guest-host isolation is not affected */
#define ITS_NATIVE_ONLY BIT(9)
+/* CPU is affected by Transient Scheduler Attacks */
+#define TSA BIT(10)
static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
@@ -1303,7 +1305,7 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_AMD(0x16, RETBLEED),
VULNBL_AMD(0x17, RETBLEED | SMT_RSB | SRSO),
VULNBL_HYGON(0x18, RETBLEED | SMT_RSB | SRSO),
- VULNBL_AMD(0x19, SRSO),
+ VULNBL_AMD(0x19, SRSO | TSA),
{}
};
@@ -1508,6 +1510,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
setup_force_cpu_bug(X86_BUG_ITS_NATIVE_ONLY);
}
+ if (c->x86_vendor == X86_VENDOR_AMD) {
+ if (!cpu_has(c, X86_FEATURE_TSA_SQ_NO) ||
+ !cpu_has(c, X86_FEATURE_TSA_L1_NO)) {
+ if (cpu_matches(cpu_vuln_blacklist, TSA) ||
+ /* Enable bug on Zen guests to allow for live migration. */
+ (cpu_has(c, X86_FEATURE_HYPERVISOR) && cpu_has(c, X86_FEATURE_ZEN)))
+ setup_force_cpu_bug(X86_BUG_TSA);
+ }
+ }
+
if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
return;
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 28c357cf7c75..b9e39c9eb274 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -45,6 +45,8 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 },
{ X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 },
{ X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 },
+ { X86_FEATURE_TSA_SQ_NO, CPUID_ECX, 1, 0x80000021, 0 },
+ { X86_FEATURE_TSA_L1_NO, CPUID_ECX, 2, 0x80000021, 0 },
{ X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 },
{ X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 },
{ X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 },
diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S
index 5be9a63f09ff..42824f9b06a2 100644
--- a/arch/x86/kvm/svm/vmenter.S
+++ b/arch/x86/kvm/svm/vmenter.S
@@ -166,6 +166,9 @@ SYM_FUNC_START(__svm_vcpu_run)
#endif
mov VCPU_RDI(%_ASM_DI), %_ASM_DI
+ /* Clobbers EFLAGS.ZF */
+ VM_CLEAR_CPU_BUFFERS
+
/* Enter guest mode */
sti
@@ -336,6 +339,9 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
mov SVM_current_vmcb(%_ASM_DI), %_ASM_AX
mov KVM_VMCB_pa(%_ASM_AX), %_ASM_AX
+ /* Clobbers EFLAGS.ZF */
+ VM_CLEAR_CPU_BUFFERS
+
/* Enter guest mode */
sti
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
index 27aff2503765..d68c60f35764 100644
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -601,6 +601,11 @@ ssize_t __weak cpu_show_indirect_target_selection(struct device *dev,
return sysfs_emit(buf, "Not affected\n");
}
+ssize_t __weak cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "Not affected\n");
+}
+
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
@@ -616,6 +621,7 @@ static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL);
static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL);
static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL);
static DEVICE_ATTR(indirect_target_selection, 0444, cpu_show_indirect_target_selection, NULL);
+static DEVICE_ATTR(tsa, 0444, cpu_show_tsa, NULL);
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_meltdown.attr,
@@ -633,6 +639,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_spec_rstack_overflow.attr,
&dev_attr_reg_file_data_sampling.attr,
&dev_attr_indirect_target_selection.attr,
+ &dev_attr_tsa.attr,
NULL
};
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 186e0e0f2e40..3d3ceccf8224 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -78,6 +78,7 @@ extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev,
struct device_attribute *attr, char *buf);
extern ssize_t cpu_show_indirect_target_selection(struct device *dev,
struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf);
extern __printf(4, 5)
struct device *cpu_device_create(struct device *parent, void *drvdata,
--
2.43.0
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Tue, Jul 08, 2025 at 08:04:00PM +0200, Borislav Petkov wrote: > On Tue, Jul 08, 2025 at 07:45:09PM +0200, Borislav Petkov wrote: > > Right, it needs the __weak functions - this is solved differently on newer > > kernels. Lemme send updated patches. > > ...and 6.1: Now applied, thanks! I'll push out -rc2 versions of both of these now. greg k-h
On 7/8/2025 11:09 AM, Greg Kroah-Hartman wrote: > On Tue, Jul 08, 2025 at 08:04:00PM +0200, Borislav Petkov wrote: >> On Tue, Jul 08, 2025 at 07:45:09PM +0200, Borislav Petkov wrote: >>> Right, it needs the __weak functions - this is solved differently on newer >>> kernels. Lemme send updated patches. >> >> ...and 6.1: > > Now applied, thanks! > > I'll push out -rc2 versions of both of these now. Thank you both for the prompt reply! -- Florian
On Tue, Jul 08, 2025 at 07:45:09PM +0200, Borislav Petkov wrote:
> Right, it needs the __weak functions - this is solved differently on newer
> kernels. Lemme send updated patches.
Greg, here's an updated 5.15 patch:
From: "Borislav Petkov (AMD)" <bp@alien8.de>
Date: Wed, 11 Sep 2024 10:53:08 +0200
Subject: [PATCH] x86/bugs: Add a Transient Scheduler Attacks mitigation
Commit d8010d4ba43e9f790925375a7de100604a5e2dba upstream.
Add the required features detection glue to bugs.c et all in order to
support the TSA mitigation.
Co-developed-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../ABI/testing/sysfs-devices-system-cpu | 1 +
.../admin-guide/kernel-parameters.txt | 13 ++
arch/x86/Kconfig | 9 ++
arch/x86/include/asm/cpu.h | 13 ++
arch/x86/include/asm/cpufeatures.h | 6 +
arch/x86/include/asm/mwait.h | 2 +-
arch/x86/include/asm/nospec-branch.h | 12 +-
arch/x86/kernel/cpu/amd.c | 58 +++++++++
arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++++
arch/x86/kernel/cpu/common.c | 14 +-
arch/x86/kernel/cpu/scattered.c | 2 +
arch/x86/kvm/svm/vmenter.S | 6 +
drivers/base/cpu.c | 7 +
include/linux/cpu.h | 1 +
14 files changed, 260 insertions(+), 5 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
index 1d657a6b1b53..0301ac606cdd 100644
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
@@ -524,6 +524,7 @@ What: /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v1
/sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/srbds
+ /sys/devices/system/cpu/vulnerabilities/tsa
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Date: January 2018
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index e5e7fddc962f..f12ba5c12b91 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5990,6 +5990,19 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ tsa= [X86] Control mitigation for Transient Scheduler
+ Attacks on AMD CPUs. Search the following in your
+ favourite search engine for more details:
+
+ "Technical guidance for mitigating transient scheduler
+ attacks".
+
+ off - disable the mitigation
+ on - enable the mitigation (default)
+ user - mitigate only user/kernel transitions
+ vm - mitigate only guest/host transitions
+
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 026a5714f78f..4eca434fd80b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2528,6 +2528,15 @@ config MITIGATION_ITS
disabled, mitigation cannot be enabled via cmdline.
See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst>
+config MITIGATION_TSA
+ bool "Mitigate Transient Scheduler Attacks"
+ depends on CPU_SUP_AMD
+ default y
+ help
+ Enable mitigation for Transient Scheduler Attacks. TSA is a hardware
+ security vulnerability on AMD CPUs which can lead to forwarding of
+ invalid info to subsequent instructions and thus can affect their
+ timing and thereby cause a leakage.
endif
config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h
index 33d41e350c79..5a7491f968cd 100644
--- a/arch/x86/include/asm/cpu.h
+++ b/arch/x86/include/asm/cpu.h
@@ -72,4 +72,17 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c);
#else
static inline void init_ia32_feat_ctl(struct cpuinfo_x86 *c) {}
#endif
+
+union zen_patch_rev {
+ struct {
+ __u32 rev : 8,
+ stepping : 4,
+ model : 4,
+ __reserved : 4,
+ ext_model : 4,
+ ext_fam : 8;
+ };
+ __u32 ucode_rev;
+};
+
#endif /* _ASM_X86_CPU_H */
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index e2bf1cba02cd..63b84540cfb3 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -419,6 +419,7 @@
#define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */
#define X86_FEATURE_AUTOIBRS (20*32+ 8) /* "" Automatic IBRS */
+#define X86_FEATURE_VERW_CLEAR (20*32+ 10) /* "" The memory form of VERW mitigates TSA */
#define X86_FEATURE_SBPB (20*32+27) /* "" Selective Branch Prediction Barrier */
#define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */
#define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */
@@ -435,6 +436,10 @@
#define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */
#define X86_FEATURE_INDIRECT_THUNK_ITS (21*32 + 5) /* "" Use thunk for indirect branches in lower half of cacheline */
+#define X86_FEATURE_TSA_SQ_NO (21*32+11) /* "" AMD CPU not vulnerable to TSA-SQ */
+#define X86_FEATURE_TSA_L1_NO (21*32+12) /* "" AMD CPU not vulnerable to TSA-L1 */
+#define X86_FEATURE_CLEAR_CPU_BUF_VM (21*32+13) /* "" Clear CPU buffers using VERW before VMRUN */
+
/*
* BUG word(s)
*/
@@ -486,4 +491,5 @@
#define X86_BUG_IBPB_NO_RET X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB omits return target predictions */
#define X86_BUG_ITS X86_BUG(1*32 + 5) /* CPU is affected by Indirect Target Selection */
#define X86_BUG_ITS_NATIVE_ONLY X86_BUG(1*32 + 6) /* CPU is affected by ITS, VMX is not affected */
+#define X86_BUG_TSA X86_BUG(1*32+ 9) /* "tsa" CPU is affected by Transient Scheduler Attacks */
#endif /* _ASM_X86_CPUFEATURES_H */
diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index 35e20e8a7cc6..20b33e6370c3 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -79,7 +79,7 @@ static inline void __mwait(unsigned long eax, unsigned long ecx)
static inline void __mwaitx(unsigned long eax, unsigned long ebx,
unsigned long ecx)
{
- /* No MDS buffer clear as this is AMD/HYGON only */
+ /* No need for TSA buffer clearing on AMD */
/* "mwaitx %eax, %ebx, %ecx;" */
asm volatile(".byte 0x0f, 0x01, 0xfb;"
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index f651b0a1f5e2..b62ce153a3c4 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -208,8 +208,8 @@
* CFLAGS.ZF.
* Note: Only the memory operand variant of VERW clears the CPU buffers.
*/
-.macro CLEAR_CPU_BUFFERS
- ALTERNATIVE "jmp .Lskip_verw_\@", "", X86_FEATURE_CLEAR_CPU_BUF
+.macro __CLEAR_CPU_BUFFERS feature
+ ALTERNATIVE "jmp .Lskip_verw_\@", "", \feature
#ifdef CONFIG_X86_64
verw x86_verw_sel(%rip)
#else
@@ -223,6 +223,12 @@
.Lskip_verw_\@:
.endm
+#define CLEAR_CPU_BUFFERS \
+ __CLEAR_CPU_BUFFERS X86_FEATURE_CLEAR_CPU_BUF
+
+#define VM_CLEAR_CPU_BUFFERS \
+ __CLEAR_CPU_BUFFERS X86_FEATURE_CLEAR_CPU_BUF_VM
+
#ifdef CONFIG_X86_64
.macro CLEAR_BRANCH_HISTORY
ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP
@@ -464,7 +470,7 @@ static __always_inline void x86_clear_cpu_buffers(void)
/**
* x86_idle_clear_cpu_buffers - Buffer clearing support in idle for the MDS
- * vulnerability
+ * and TSA vulnerabilities.
*
* Clear CPU buffers if the corresponding static key is enabled
*/
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index a8dc7fe5f100..d409ba7fba85 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -582,6 +582,61 @@ static void early_init_amd_mc(struct cpuinfo_x86 *c)
#endif
}
+static bool amd_check_tsa_microcode(void)
+{
+ struct cpuinfo_x86 *c = &boot_cpu_data;
+ union zen_patch_rev p;
+ u32 min_rev = 0;
+
+ p.ext_fam = c->x86 - 0xf;
+ p.model = c->x86_model;
+ p.stepping = c->x86_stepping;
+
+ if (c->x86 == 0x19) {
+ switch (p.ucode_rev >> 8) {
+ case 0xa0011: min_rev = 0x0a0011d7; break;
+ case 0xa0012: min_rev = 0x0a00123b; break;
+ case 0xa0082: min_rev = 0x0a00820d; break;
+ case 0xa1011: min_rev = 0x0a10114c; break;
+ case 0xa1012: min_rev = 0x0a10124c; break;
+ case 0xa1081: min_rev = 0x0a108109; break;
+ case 0xa2010: min_rev = 0x0a20102e; break;
+ case 0xa2012: min_rev = 0x0a201211; break;
+ case 0xa4041: min_rev = 0x0a404108; break;
+ case 0xa5000: min_rev = 0x0a500012; break;
+ case 0xa6012: min_rev = 0x0a60120a; break;
+ case 0xa7041: min_rev = 0x0a704108; break;
+ case 0xa7052: min_rev = 0x0a705208; break;
+ case 0xa7080: min_rev = 0x0a708008; break;
+ case 0xa70c0: min_rev = 0x0a70c008; break;
+ case 0xaa002: min_rev = 0x0aa00216; break;
+ default:
+ pr_debug("%s: ucode_rev: 0x%x, current revision: 0x%x\n",
+ __func__, p.ucode_rev, c->microcode);
+ return false;
+ }
+ }
+
+ if (!min_rev)
+ return false;
+
+ return c->microcode >= min_rev;
+}
+
+static void tsa_init(struct cpuinfo_x86 *c)
+{
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR))
+ return;
+
+ if (c->x86 == 0x19) {
+ if (amd_check_tsa_microcode())
+ setup_force_cpu_cap(X86_FEATURE_VERW_CLEAR);
+ } else {
+ setup_force_cpu_cap(X86_FEATURE_TSA_SQ_NO);
+ setup_force_cpu_cap(X86_FEATURE_TSA_L1_NO);
+ }
+}
+
static void bsp_init_amd(struct cpuinfo_x86 *c)
{
if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) {
@@ -687,6 +742,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
if (!(msr & MSR_K7_HWCR_SMMLOCK))
goto clear_sev;
+
+ tsa_init(c);
+
return;
clear_all:
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 9d84a82dcdc9..261aa716971d 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -49,6 +49,7 @@ static void __init l1d_flush_select_mitigation(void);
static void __init gds_select_mitigation(void);
static void __init srso_select_mitigation(void);
static void __init its_select_mitigation(void);
+static void __init tsa_select_mitigation(void);
/* The base value of the SPEC_CTRL MSR without task-specific bits set */
u64 x86_spec_ctrl_base;
@@ -184,6 +185,7 @@ void __init cpu_select_mitigations(void)
srso_select_mitigation();
gds_select_mitigation();
its_select_mitigation();
+ tsa_select_mitigation();
}
/*
@@ -2039,6 +2041,94 @@ static void update_mds_branch_idle(void)
#define TAA_MSG_SMT "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.\n"
#define MMIO_MSG_SMT "MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.\n"
+#undef pr_fmt
+#define pr_fmt(fmt) "Transient Scheduler Attacks: " fmt
+
+enum tsa_mitigations {
+ TSA_MITIGATION_NONE,
+ TSA_MITIGATION_UCODE_NEEDED,
+ TSA_MITIGATION_USER_KERNEL,
+ TSA_MITIGATION_VM,
+ TSA_MITIGATION_FULL,
+};
+
+static const char * const tsa_strings[] = {
+ [TSA_MITIGATION_NONE] = "Vulnerable",
+ [TSA_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode",
+ [TSA_MITIGATION_USER_KERNEL] = "Mitigation: Clear CPU buffers: user/kernel boundary",
+ [TSA_MITIGATION_VM] = "Mitigation: Clear CPU buffers: VM",
+ [TSA_MITIGATION_FULL] = "Mitigation: Clear CPU buffers",
+};
+
+static enum tsa_mitigations tsa_mitigation __ro_after_init =
+ IS_ENABLED(CONFIG_MITIGATION_TSA) ? TSA_MITIGATION_FULL : TSA_MITIGATION_NONE;
+
+static int __init tsa_parse_cmdline(char *str)
+{
+ if (!str)
+ return -EINVAL;
+
+ if (!strcmp(str, "off"))
+ tsa_mitigation = TSA_MITIGATION_NONE;
+ else if (!strcmp(str, "on"))
+ tsa_mitigation = TSA_MITIGATION_FULL;
+ else if (!strcmp(str, "user"))
+ tsa_mitigation = TSA_MITIGATION_USER_KERNEL;
+ else if (!strcmp(str, "vm"))
+ tsa_mitigation = TSA_MITIGATION_VM;
+ else
+ pr_err("Ignoring unknown tsa=%s option.\n", str);
+
+ return 0;
+}
+early_param("tsa", tsa_parse_cmdline);
+
+static void __init tsa_select_mitigation(void)
+{
+ if (tsa_mitigation == TSA_MITIGATION_NONE)
+ return;
+
+ if (cpu_mitigations_off() || !boot_cpu_has_bug(X86_BUG_TSA)) {
+ tsa_mitigation = TSA_MITIGATION_NONE;
+ return;
+ }
+
+ if (!boot_cpu_has(X86_FEATURE_VERW_CLEAR))
+ tsa_mitigation = TSA_MITIGATION_UCODE_NEEDED;
+
+ switch (tsa_mitigation) {
+ case TSA_MITIGATION_USER_KERNEL:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
+ break;
+
+ case TSA_MITIGATION_VM:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
+ break;
+
+ case TSA_MITIGATION_UCODE_NEEDED:
+ if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
+ goto out;
+
+ pr_notice("Forcing mitigation on in a VM\n");
+
+ /*
+ * On the off-chance that microcode has been updated
+ * on the host, enable the mitigation in the guest just
+ * in case.
+ */
+ fallthrough;
+ case TSA_MITIGATION_FULL:
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
+ break;
+ default:
+ break;
+ }
+
+out:
+ pr_info("%s\n", tsa_strings[tsa_mitigation]);
+}
+
void cpu_bugs_smt_update(void)
{
mutex_lock(&spec_ctrl_mutex);
@@ -2092,6 +2182,24 @@ void cpu_bugs_smt_update(void)
break;
}
+ switch (tsa_mitigation) {
+ case TSA_MITIGATION_USER_KERNEL:
+ case TSA_MITIGATION_VM:
+ case TSA_MITIGATION_FULL:
+ case TSA_MITIGATION_UCODE_NEEDED:
+ /*
+ * TSA-SQ can potentially lead to info leakage between
+ * SMT threads.
+ */
+ if (sched_smt_active())
+ static_branch_enable(&cpu_buf_idle_clear);
+ else
+ static_branch_disable(&cpu_buf_idle_clear);
+ break;
+ case TSA_MITIGATION_NONE:
+ break;
+ }
+
mutex_unlock(&spec_ctrl_mutex);
}
@@ -3026,6 +3134,11 @@ static ssize_t srso_show_state(char *buf)
boot_cpu_has(X86_FEATURE_IBPB_BRTYPE) ? "" : ", no microcode");
}
+static ssize_t tsa_show_state(char *buf)
+{
+ return sysfs_emit(buf, "%s\n", tsa_strings[tsa_mitigation]);
+}
+
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
char *buf, unsigned int bug)
{
@@ -3087,6 +3200,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
case X86_BUG_ITS:
return its_show_state(buf);
+ case X86_BUG_TSA:
+ return tsa_show_state(buf);
+
default:
break;
}
@@ -3171,4 +3287,9 @@ ssize_t cpu_show_indirect_target_selection(struct device *dev, struct device_att
{
return cpu_show_common(dev, attr, buf, X86_BUG_ITS);
}
+
+ssize_t cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ return cpu_show_common(dev, attr, buf, X86_BUG_TSA);
+}
#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 8db11483e1e1..b16a77386236 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1146,6 +1146,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
#define ITS BIT(8)
/* CPU is affected by Indirect Target Selection, but guest-host isolation is not affected */
#define ITS_NATIVE_ONLY BIT(9)
+/* CPU is affected by Transient Scheduler Attacks */
+#define TSA BIT(10)
static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
@@ -1193,7 +1195,7 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_AMD(0x16, RETBLEED),
VULNBL_AMD(0x17, RETBLEED | SMT_RSB | SRSO),
VULNBL_HYGON(0x18, RETBLEED | SMT_RSB | SRSO),
- VULNBL_AMD(0x19, SRSO),
+ VULNBL_AMD(0x19, SRSO | TSA),
{}
};
@@ -1398,6 +1400,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
setup_force_cpu_bug(X86_BUG_ITS_NATIVE_ONLY);
}
+ if (c->x86_vendor == X86_VENDOR_AMD) {
+ if (!cpu_has(c, X86_FEATURE_TSA_SQ_NO) ||
+ !cpu_has(c, X86_FEATURE_TSA_L1_NO)) {
+ if (cpu_matches(cpu_vuln_blacklist, TSA) ||
+ /* Enable bug on Zen guests to allow for live migration. */
+ (cpu_has(c, X86_FEATURE_HYPERVISOR) && cpu_has(c, X86_FEATURE_ZEN)))
+ setup_force_cpu_bug(X86_BUG_TSA);
+ }
+ }
+
if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
return;
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 0f5211087810..dfcd3ed94c1c 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -44,6 +44,8 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 },
{ X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 },
{ X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 },
+ { X86_FEATURE_TSA_SQ_NO, CPUID_ECX, 1, 0x80000021, 0 },
+ { X86_FEATURE_TSA_L1_NO, CPUID_ECX, 2, 0x80000021, 0 },
{ 0, 0, 0, 0, 0 }
};
diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S
index f96060855522..eeab012e4ee0 100644
--- a/arch/x86/kvm/svm/vmenter.S
+++ b/arch/x86/kvm/svm/vmenter.S
@@ -77,6 +77,9 @@ SYM_FUNC_START(__svm_vcpu_run)
/* "POP" @vmcb to RAX. */
pop %_ASM_AX
+ /* Clobbers EFLAGS.ZF */
+ VM_CLEAR_CPU_BUFFERS
+
/* Enter guest mode */
sti
@@ -190,6 +193,9 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
/* Move @vmcb to RAX. */
mov %_ASM_ARG1, %_ASM_AX
+ /* Clobbers EFLAGS.ZF */
+ VM_CLEAR_CPU_BUFFERS
+
/* Enter guest mode */
sti
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
index df196e073097..0e7f7f54665d 100644
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -601,6 +601,11 @@ ssize_t __weak cpu_show_indirect_target_selection(struct device *dev,
return sysfs_emit(buf, "Not affected\n");
}
+ssize_t __weak cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "Not affected\n");
+}
+
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
@@ -616,6 +621,7 @@ static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL);
static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL);
static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL);
static DEVICE_ATTR(indirect_target_selection, 0444, cpu_show_indirect_target_selection, NULL);
+static DEVICE_ATTR(tsa, 0444, cpu_show_tsa, NULL);
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_meltdown.attr,
@@ -633,6 +639,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_spec_rstack_overflow.attr,
&dev_attr_reg_file_data_sampling.attr,
&dev_attr_indirect_target_selection.attr,
+ &dev_attr_tsa.attr,
NULL
};
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 87b5a176e848..ab1b88b16982 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -78,6 +78,7 @@ extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev,
struct device_attribute *attr, char *buf);
extern ssize_t cpu_show_indirect_target_selection(struct device *dev,
struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_tsa(struct device *dev, struct device_attribute *attr, char *buf);
extern __printf(4, 5)
struct device *cpu_device_create(struct device *parent, void *drvdata,
--
2.43.0
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Tue, Jul 08, 2025 at 07:51:01PM +0200, Borislav Petkov wrote: > On Tue, Jul 08, 2025 at 07:45:09PM +0200, Borislav Petkov wrote: > > Right, it needs the __weak functions - this is solved differently on newer > > kernels. Lemme send updated patches. > > Greg, here's an updated 5.15 patch: Now updated, thanks. greg k-h
© 2016 - 2025 Red Hat, Inc.