6.6-stable patches

added patches:
	s390-entry-scrub-r12-register-on-kernel-entry.patch

diff --git a/queue-6.6/s390-entry-scrub-r12-register-on-kernel-entry.patch b/queue-6.6/s390-entry-scrub-r12-register-on-kernel-entry.patch
new file mode 100644 (file)
index 0000000..7f5a278
--- /dev/null
+++ b/queue-6.6/s390-entry-scrub-r12-register-on-kernel-entry.patch
@@ -0,0 +1,62 @@
+From 0738d395aab8fae3b5a3ad3fc640630c91693c27 Mon Sep 17 00:00:00 2001
+From: Vasily Gorbik <gor@linux.ibm.com>
+Date: Thu, 26 Mar 2026 19:50:14 +0100
+Subject: s390/entry: Scrub r12 register on kernel entry
+
+From: Vasily Gorbik <gor@linux.ibm.com>
+
+commit 0738d395aab8fae3b5a3ad3fc640630c91693c27 upstream.
+
+Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"),
+all entry handlers loaded r12 with the current task pointer
+(lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros. That
+commit removed TIF_ISOLATE_BP, dropping both the branch prediction
+macros and the r12 load, but did not add r12 to the register clearing
+sequence.
+
+Add the missing xgr %r12,%r12 to make the register scrub consistent
+across all entry points.
+
+Fixes: f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP")
+Cc: stable@kernel.org
+Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/kernel/entry.S |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/s390/kernel/entry.S
++++ b/arch/s390/kernel/entry.S
+@@ -300,6 +300,7 @@ SYM_CODE_START(system_call)
+       xgr     %r9,%r9
+       xgr     %r10,%r10
+       xgr     %r11,%r11
++      xgr     %r12,%r12
+       la      %r2,STACK_FRAME_OVERHEAD(%r15)  # pointer to pt_regs
+       mvc     __PT_R8(64,%r2),__LC_SAVE_AREA_SYNC
+       MBEAR   %r2
+@@ -378,6 +379,7 @@ SYM_CODE_START(pgm_check_handler)
+       xgr     %r5,%r5
+       xgr     %r6,%r6
+       xgr     %r7,%r7
++      xgr     %r12,%r12
+       lgr     %r2,%r11
+       brasl   %r14,__do_pgm_check
+       tmhh    %r8,0x0001              # returning to user space?
+@@ -439,6 +441,7 @@ SYM_CODE_START(\name)
+       xgr     %r6,%r6
+       xgr     %r7,%r7
+       xgr     %r10,%r10
++      xgr     %r12,%r12
+       xc      __PT_FLAGS(8,%r11),__PT_FLAGS(%r11)
+       mvc     __PT_R8(64,%r11),__LC_SAVE_AREA_ASYNC
+       MBEAR   %r11
+@@ -547,6 +550,7 @@ SYM_CODE_START(mcck_int_handler)
+       xgr     %r6,%r6
+       xgr     %r7,%r7
+       xgr     %r10,%r10
++      xgr     %r12,%r12
+       mvc     __PT_R8(64,%r11),0(%r14)
+       stmg    %r8,%r9,__PT_PSW(%r11)
+       xc      __PT_FLAGS(8,%r11),__PT_FLAGS(%r11)

diff --git a/queue-6.6/series b/queue-6.6/series
index 8295512ee22cbdf0ccdc89b4abfbcad080bffd75..2c99d32fcc92e51e2f5ea061fe62e4cd87639c2b 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -112,3 +112,4 @@ hwmon-peci-cputemp-fix-crit_hyst-returning-delta-instead-of-absolute-temperature
 hwmon-peci-cputemp-fix-off-by-one-in-cputemp_is_visible.patch
 media-mc-v4l2-serialize-reinit-and-reqbufs-with-req_queue_mutex.patch
 virtio_net-fix-uaf-on-dst_ops-when-iff_xmit_dst_release-is-cleared-and-napi_tx-is-false.patch
+s390-entry-scrub-r12-register-on-kernel-entry.patch