From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 18 Apr 2026 08:01:25 +0000 (+0200)
Subject: 5.15-stable patches
X-Git-Tag: v5.10.253~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dc85c2b5b93999d488ae523d99ffd041374a000;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	x86-cpu-fix-fpdss-on-zen1.patch
---

diff --git a/queue-5.15/series b/queue-5.15/series
index e75891e07c..1a964a6b3d 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -89,6 +89,7 @@ unshare-fix-unshare_fs-handling.patch
 acpi-osi-add-dmi-quirk-for-acer-aspire-one-d255.patch
 scsi-ses-fix-devices-attaching-to-different-hosts.patch
 alsa-usb-audio-avoid-implicit-feedback-mode-on-diyin.patch
+x86-cpu-fix-fpdss-on-zen1.patch
 alsa-usb-audio-check-max-frame-size-for-implicit-fee.patch
 powerpc-uaccess-fix-inline-assembly-for-clang-build-.patch
 remoteproc-sysmon-correct-subsys_name_len-type-in-qm.patch
diff --git a/queue-5.15/x86-cpu-fix-fpdss-on-zen1.patch b/queue-5.15/x86-cpu-fix-fpdss-on-zen1.patch
new file mode 100644
index 0000000000..70dbf6b039
--- /dev/null
+++ b/queue-5.15/x86-cpu-fix-fpdss-on-zen1.patch
@@ -0,0 +1,47 @@
+From e55d98e7756135f32150b9b8f75d580d0d4b2dd3 Mon Sep 17 00:00:00 2001
+From: "Borislav Petkov (AMD)" <bp@alien8.de>
+Date: Tue, 7 Apr 2026 11:40:03 +0200
+Subject: x86/CPU: Fix FPDSS on Zen1
+
+From: Borislav Petkov (AMD) <bp@alien8.de>
+
+commit e55d98e7756135f32150b9b8f75d580d0d4b2dd3 upstream.
+
+Zen1's hardware divider can leave, under certain circumstances, partial
+results from previous operations.  Those results can be leaked by
+another, attacker thread.
+
+Fix that with a chicken bit.
+
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/msr-index.h |    3 +++
+ arch/x86/kernel/cpu/amd.c        |    3 +++
+ 2 files changed, 6 insertions(+)
+
+--- a/arch/x86/include/asm/msr-index.h
++++ b/arch/x86/include/asm/msr-index.h
+@@ -539,6 +539,9 @@
+ #define MSR_AMD64_DC_CFG		0xc0011022
+ #define MSR_AMD64_TW_CFG		0xc0011023
+ 
++#define MSR_AMD64_FP_CFG		0xc0011028
++#define MSR_AMD64_FP_CFG_ZEN1_DENORM_FIX_BIT	9
++
+ #define MSR_AMD64_DE_CFG		0xc0011029
+ #define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT	 1
+ #define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE	BIT_ULL(MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT)
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -1075,6 +1075,9 @@ static void init_amd_zn(struct cpuinfo_x
+ 		if (c->x86 == 0x19 && !cpu_has(c, X86_FEATURE_BTC_NO))
+ 			set_cpu_cap(c, X86_FEATURE_BTC_NO);
+ 	}
++
++	pr_notice_once("AMD Zen1 FPDSS bug detected, enabling mitigation.\n");
++	msr_set_bit(MSR_AMD64_FP_CFG, MSR_AMD64_FP_CFG_ZEN1_DENORM_FIX_BIT);
+ }
+ 
+ static bool cpu_has_zenbleed_microcode(void)