From aefc9091631fea3169fb2095d2ab8de6d471e940 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 12 Jul 2025 14:09:52 +0200 Subject: [PATCH] 6.12-stable patches added patches: crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch x86-cpu-amd-properly-check-the-tsa-microcode.patch --- ...tialized-variable-in-sha-1-and-sha-2.patch | 114 ++++++++++++++++++ ...ic-ip_discovery.bin-for-legacy-asics.patch | 64 ++++++++++ ...iscovery-add-missing-ip_discovery-fw.patch | 29 +++++ queue-6.12/series | 4 + ...amd-properly-check-the-tsa-microcode.patch | 45 +++++++ 5 files changed, 256 insertions(+) create mode 100644 queue-6.12/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch create mode 100644 queue-6.12/drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch create mode 100644 queue-6.12/drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch create mode 100644 queue-6.12/x86-cpu-amd-properly-check-the-tsa-microcode.patch diff --git a/queue-6.12/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch b/queue-6.12/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch new file mode 100644 index 0000000000..fc2f2290b6 --- /dev/null +++ b/queue-6.12/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch @@ -0,0 +1,114 @@ +From 68279380266a5fa70e664de754503338e2ec3f43 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 3 Jul 2025 10:23:16 -0700 +Subject: crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 + +From: Eric Biggers + +commit 68279380266a5fa70e664de754503338e2ec3f43 upstream. + +Commit 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") +added the field s390_sha_ctx::first_message_part and made it be used by +s390_sha_update() (now s390_sha_update_blocks()). At the time, +s390_sha_update() was used by all the s390 SHA-1, SHA-2, and SHA-3 +algorithms. However, only the initialization functions for SHA-3 were +updated, leaving SHA-1 and SHA-2 using first_message_part uninitialized. + +This could cause e.g. the function code CPACF_KIMD_SHA_512 | +CPACF_KIMD_NIP to be used instead of just CPACF_KIMD_SHA_512. This +apparently was harmless, as the SHA-1 and SHA-2 function codes ignore +CPACF_KIMD_NIP; it is recognized only by the SHA-3 function codes +(https://lore.kernel.org/r/73477fe9-a1dc-4e38-98a6-eba9921e8afa@linux.ibm.com/). +Therefore, this bug was found only when first_message_part was later +converted to a boolean and UBSAN detected its uninitialized use. +Regardless, let's fix this by just initializing to zero. + +Note: in 6.16, we need to patch SHA-1, SHA-384, and SHA-512. In 6.15 +and earlier, we'll also need to patch SHA-224 and SHA-256, as they +hadn't yet been librarified (which incidentally fixed this bug). + +Fixes: 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") +Cc: stable@vger.kernel.org +Reported-by: Ingo Franzki +Closes: https://lore.kernel.org/r/12740696-595c-4604-873e-aefe8b405fbf@linux.ibm.com +Acked-by: Heiko Carstens +Link: https://lore.kernel.org/r/20250703172316.7914-1-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/crypto/sha1_s390.c | 2 ++ + arch/s390/crypto/sha256_s390.c | 3 +++ + arch/s390/crypto/sha512_s390.c | 3 +++ + 3 files changed, 8 insertions(+) + +--- a/arch/s390/crypto/sha1_s390.c ++++ b/arch/s390/crypto/sha1_s390.c +@@ -38,6 +38,7 @@ static int s390_sha1_init(struct shash_d + sctx->state[4] = SHA1_H4; + sctx->count = 0; + sctx->func = CPACF_KIMD_SHA_1; ++ sctx->first_message_part = 0; + + return 0; + } +@@ -62,6 +63,7 @@ static int s390_sha1_import(struct shash + memcpy(sctx->state, ictx->state, sizeof(ictx->state)); + memcpy(sctx->buf, ictx->buffer, sizeof(ictx->buffer)); + sctx->func = CPACF_KIMD_SHA_1; ++ sctx->first_message_part = 0; + return 0; + } + +--- a/arch/s390/crypto/sha256_s390.c ++++ b/arch/s390/crypto/sha256_s390.c +@@ -31,6 +31,7 @@ static int s390_sha256_init(struct shash + sctx->state[7] = SHA256_H7; + sctx->count = 0; + sctx->func = CPACF_KIMD_SHA_256; ++ sctx->first_message_part = 0; + + return 0; + } +@@ -55,6 +56,7 @@ static int sha256_import(struct shash_de + memcpy(sctx->state, ictx->state, sizeof(ictx->state)); + memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); + sctx->func = CPACF_KIMD_SHA_256; ++ sctx->first_message_part = 0; + return 0; + } + +@@ -90,6 +92,7 @@ static int s390_sha224_init(struct shash + sctx->state[7] = SHA224_H7; + sctx->count = 0; + sctx->func = CPACF_KIMD_SHA_256; ++ sctx->first_message_part = 0; + + return 0; + } +--- a/arch/s390/crypto/sha512_s390.c ++++ b/arch/s390/crypto/sha512_s390.c +@@ -32,6 +32,7 @@ static int sha512_init(struct shash_desc + *(__u64 *)&ctx->state[14] = SHA512_H7; + ctx->count = 0; + ctx->func = CPACF_KIMD_SHA_512; ++ ctx->first_message_part = 0; + + return 0; + } +@@ -60,6 +61,7 @@ static int sha512_import(struct shash_de + memcpy(sctx->state, ictx->state, sizeof(ictx->state)); + memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); + sctx->func = CPACF_KIMD_SHA_512; ++ sctx->first_message_part = 0; + return 0; + } + +@@ -97,6 +99,7 @@ static int sha384_init(struct shash_desc + *(__u64 *)&ctx->state[14] = SHA384_H7; + ctx->count = 0; + ctx->func = CPACF_KIMD_SHA_512; ++ ctx->first_message_part = 0; + + return 0; + } diff --git a/queue-6.12/drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch b/queue-6.12/drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch new file mode 100644 index 0000000000..c49ad82c42 --- /dev/null +++ b/queue-6.12/drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch @@ -0,0 +1,64 @@ +From 25f602fbbcc8271f6e72211b54808ba21e677762 Mon Sep 17 00:00:00 2001 +From: Flora Cui +Date: Tue, 11 Mar 2025 13:44:08 +0800 +Subject: drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics + +From: Flora Cui + +commit 25f602fbbcc8271f6e72211b54808ba21e677762 upstream. + +vega10/vega12/vega20/raven/raven2/picasso/arcturus/aldebaran + +Signed-off-by: Flora Cui +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Cc: Jonathan Gray +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 28 +++++++++++++++++++++++++- + 1 file changed, 27 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c +@@ -112,6 +112,12 @@ + #endif + + MODULE_FIRMWARE("amdgpu/ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/vega10_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/vega12_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/vega20_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/raven_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/raven2_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/picasso_ip_discovery.bin"); + + #define mmIP_DISCOVERY_VERSION 0x16A00 + #define mmRCC_CONFIG_MEMSIZE 0xde3 +@@ -400,7 +406,27 @@ static const char *amdgpu_discovery_get_ + if (amdgpu_discovery == 2) + return "amdgpu/ip_discovery.bin"; + +- return NULL; ++ switch (adev->asic_type) { ++ case CHIP_VEGA10: ++ return "amdgpu/vega10_ip_discovery.bin"; ++ case CHIP_VEGA12: ++ return "amdgpu/vega12_ip_discovery.bin"; ++ case CHIP_RAVEN: ++ if (adev->apu_flags & AMD_APU_IS_RAVEN2) ++ return "amdgpu/raven2_ip_discovery.bin"; ++ else if (adev->apu_flags & AMD_APU_IS_PICASSO) ++ return "amdgpu/picasso_ip_discovery.bin"; ++ else ++ return "amdgpu/raven_ip_discovery.bin"; ++ case CHIP_VEGA20: ++ return "amdgpu/vega20_ip_discovery.bin"; ++ case CHIP_ARCTURUS: ++ return "amdgpu/arcturus_ip_discovery.bin"; ++ case CHIP_ALDEBARAN: ++ return "amdgpu/aldebaran_ip_discovery.bin"; ++ default: ++ return NULL; ++ } + } + + static int amdgpu_discovery_init(struct amdgpu_device *adev) diff --git a/queue-6.12/drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch b/queue-6.12/drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch new file mode 100644 index 0000000000..1766280a4d --- /dev/null +++ b/queue-6.12/drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch @@ -0,0 +1,29 @@ +From 2f6dd741cdcdadb9e125cc66d4fcfbe5ab92d36a Mon Sep 17 00:00:00 2001 +From: Flora Cui +Date: Wed, 26 Mar 2025 20:06:13 +0800 +Subject: drm/amdgpu/ip_discovery: add missing ip_discovery fw + +From: Flora Cui + +commit 2f6dd741cdcdadb9e125cc66d4fcfbe5ab92d36a upstream. + +Signed-off-by: Flora Cui +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Cc: Jonathan Gray +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c +@@ -118,6 +118,8 @@ MODULE_FIRMWARE("amdgpu/vega20_ip_discov + MODULE_FIRMWARE("amdgpu/raven_ip_discovery.bin"); + MODULE_FIRMWARE("amdgpu/raven2_ip_discovery.bin"); + MODULE_FIRMWARE("amdgpu/picasso_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/arcturus_ip_discovery.bin"); ++MODULE_FIRMWARE("amdgpu/aldebaran_ip_discovery.bin"); + + #define mmIP_DISCOVERY_VERSION 0x16A00 + #define mmRCC_CONFIG_MEMSIZE 0xde3 diff --git a/queue-6.12/series b/queue-6.12/series index 616c514170..e8e741d5c1 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -1,2 +1,6 @@ eventpoll-don-t-decrement-ep-refcount-while-still-holding-the-ep-mutex.patch drm-exynos-exynos7_drm_decon-add-vblank-check-in-irq-handling.patch +x86-cpu-amd-properly-check-the-tsa-microcode.patch +drm-amdgpu-discovery-use-specific-ip_discovery.bin-for-legacy-asics.patch +drm-amdgpu-ip_discovery-add-missing-ip_discovery-fw.patch +crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch diff --git a/queue-6.12/x86-cpu-amd-properly-check-the-tsa-microcode.patch b/queue-6.12/x86-cpu-amd-properly-check-the-tsa-microcode.patch new file mode 100644 index 0000000000..36db3e865b --- /dev/null +++ b/queue-6.12/x86-cpu-amd-properly-check-the-tsa-microcode.patch @@ -0,0 +1,45 @@ +From bp@alien8.de Sat Jul 12 14:01:48 2025 +From: Borislav Petkov +Date: Fri, 11 Jul 2025 21:18:44 +0200 +Subject: x86/CPU/AMD: Properly check the TSA microcode +To: stable@vger.kernel.org +Cc: Thomas Voegtle , kim.phillips@amd.com +Message-ID: <20250711191844.GIaHFjlJiQi_HxyyWG@fat_crate.local> +Content-Disposition: inline + +From: "Borislav Petkov (AMD)" + +In order to simplify backports, I resorted to an older version of the +microcode revision checking which didn't pull in the whole struct +x86_cpu_id matching machinery. + +My simpler method, however, forgot to add the extended CPU model to the +patch revision, which lead to mismatches when determining whether TSA +mitigation support is present. + +So add that forgotten extended model. + +This is a stable-only fix and the preference is to do it this way +because it is a lot simpler. Also, the Fixes: tag below points to the +respective stable patch. + +Fixes: 7a0395f6607a ("x86/bugs: Add a Transient Scheduler Attacks mitigation") +Reported-by: Thomas Voegtle +Signed-off-by: Borislav Petkov (AMD) +Tested-by: Thomas Voegtle +Message-ID: <04ea0a8e-edb0-c59e-ce21-5f3d5d167af3@lio96.de> +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/amd.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -376,6 +376,7 @@ static bool amd_check_tsa_microcode(void + + p.ext_fam = c->x86 - 0xf; + p.model = c->x86_model; ++ p.ext_model = c->x86_model >> 4; + p.stepping = c->x86_stepping; + + if (cpu_has(c, X86_FEATURE_ZEN3) || -- 2.47.2