6.12-stable patches

added patches:
	kvm-svm-set-synthesized-tsa-cpuid-flags.patch

diff --git a/queue-6.12/kvm-svm-set-synthesized-tsa-cpuid-flags.patch b/queue-6.12/kvm-svm-set-synthesized-tsa-cpuid-flags.patch
new file mode 100644 (file)
index 0000000..955282b
--- /dev/null
+++ b/queue-6.12/kvm-svm-set-synthesized-tsa-cpuid-flags.patch
@@ -0,0 +1,48 @@
+From bp@kernel.org  Wed Jul 16 09:29:19 2025
+From: Borislav Petkov <bp@kernel.org>
+Date: Tue, 15 Jul 2025 21:24:59 +0200
+Subject: KVM: SVM: Set synthesized TSA CPUID flags
+To: <stable@vger.kernel.org>
+Cc: "Borislav Petkov (AMD)" <bp@alien8.de>, Jinpu Wang <jinpu.wang@ionos.com>
+Message-ID: <20250715192459.21804-1-bp@kernel.org>
+
+
+From: "Borislav Petkov (AMD)" <bp@alien8.de>
+
+VERW_CLEAR is supposed to be set only by the hypervisor to denote TSA
+mitigation support to a guest. SQ_NO and L1_NO are both synthesizable,
+and are going to be set by hw CPUID on future machines.
+
+So keep the kvm_cpu_cap_init_kvm_defined() invocation *and* set them
+when synthesized.
+
+This fix is stable-only.
+
+Co-developed-by: Jinpu Wang <jinpu.wang@ionos.com>
+Signed-off-by: Jinpu Wang <jinpu.wang@ionos.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/cpuid.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -822,6 +822,7 @@ void kvm_set_cpu_caps(void)
+       kvm_cpu_cap_check_and_set(X86_FEATURE_SBPB);
+       kvm_cpu_cap_check_and_set(X86_FEATURE_IBPB_BRTYPE);
+       kvm_cpu_cap_check_and_set(X86_FEATURE_SRSO_NO);
++      kvm_cpu_cap_check_and_set(X86_FEATURE_VERW_CLEAR);
+ 
+       kvm_cpu_cap_init_kvm_defined(CPUID_8000_0022_EAX,
+               F(PERFMON_V2)
+@@ -831,6 +832,9 @@ void kvm_set_cpu_caps(void)
+               F(TSA_SQ_NO) | F(TSA_L1_NO)
+       );
+ 
++      kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_SQ_NO);
++      kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_L1_NO);
++
+       /*
+        * Synthesize "LFENCE is serializing" into the AMD-defined entry in
+        * KVM's supported CPUID if the feature is reported as supported by the

diff --git a/queue-6.12/series b/queue-6.12/series
index 759fa7b539bf816f1541d504f53c52a0a52efdd4..b03e1d94a5965d84eca866a765c98f1537426673 100644 (file)
--- a/queue-6.12/series
+++ b/queue-6.12/series
@@ -163,3 +163,4 @@ ksmbd-fix-potential-use-after-free-in-oplock-lease-break-ack.patch
 arm64-filter-out-sme-hwcaps-when-feat_sme-isn-t-implemented.patch
 crypto-ecdsa-harden-against-integer-overflows-in-div_round_up.patch
 rseq-fix-segfault-on-registration-when-rseq_cs-is-non-zero.patch
+kvm-svm-set-synthesized-tsa-cpuid-flags.patch