From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B6AC328B56; Fri, 15 May 2026 13:05:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778850355; cv=none; b=n54BfOeE7ijbezh0MKnyHAsI+gosGd3ewFh9kVlephZsvVMeBOR+uRLA6CB8I5kCzrPT/pdLpY9cATZ2heF/nF3Wg/oNigt96mpsqil094EchcIejinfvWF5BpExfmU6gsZmKNm6iz5w3i0jlL006wr5zTG63nel2XN/D6rXpXw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778850355; c=relaxed/simple; bh=g+gUuHFerNtk34CaM6QMQK3dagfshJ5q2vw7bgGB1ok=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dNtgXm1FVvoRG0FacAQbq0gRDO2bvYgR7SXRI4ht/mZlTYWWgsJXj9xjLPwG1TdCfLAIHmudT3j1BK/izvf4Q32RGvNo4J/CyoBt1jKECzZWC/3AXcT0Kdztb9qDGYWd77ifGGvfEcSq7A/TpNJMJQ88Y/Hfi1BeniV8CV0xW0M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=O3sgBIg7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="O3sgBIg7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83924C2BCB7; Fri, 15 May 2026 13:05:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778850354; bh=g+gUuHFerNtk34CaM6QMQK3dagfshJ5q2vw7bgGB1ok=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O3sgBIg7XD7l0duw/A7wQ+V4xZ9XE2T6q2M4mJiKgNLE/m5uOGVSRIbSmiDph2hpc 388joqnRyrt3WtSZCHhrKmGMuC4inyUq3FTjffukVCefLvRyK9IUvawJ2jrjwvE4ws QdOeendYU56B7+U/OO1V6guliPANzQr5u/G/Ddeg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, stable@vger.kernel.org Cc: lwn@lwn.net, jslaby@suse.cz, Greg Kroah-Hartman Subject: Re: Linux 6.6.139 Date: Fri, 15 May 2026 15:05:53 +0200 Message-ID: <2026051553-down-resistant-0120@gregkh> X-Mailer: git-send-email 2.54.0 In-Reply-To: <2026051552-hypnotism-unwarlike-7452@gregkh> References: <2026051552-hypnotism-unwarlike-7452@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/Makefile b/Makefile index 7878fd783212..d00b00f0c54f 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 VERSION = 6 PATCHLEVEL = 6 -SUBLEVEL = 138 +SUBLEVEL = 139 EXTRAVERSION = NAME = Pinguïn Aangedreven diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index deb5fe001776..c9f83af0e0b7 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -675,6 +675,7 @@ /* Zen4 */ #define MSR_ZEN4_BP_CFG 0xc001102e #define MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT 5 +#define MSR_ZEN2_BP_CFG_BUG_FIX_BIT 33 /* Zen 2 */ #define MSR_ZEN2_SPECTRAL_CHICKEN 0xc00110e3 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 211141d37d15..c5bcf4384830 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1166,6 +1166,9 @@ static void init_amd_zen2(struct cpuinfo_x86 *c) msr_clear_bit(MSR_AMD64_CPUID_FN_7, 18); pr_emerg("RDSEED is not reliable on this platform; disabling.\n"); } + + if (!cpu_has(c, X86_FEATURE_HYPERVISOR)) + msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN2_BP_CFG_BUG_FIX_BIT); } static void init_amd_zen3(struct cpuinfo_x86 *c) diff --git a/include/linux/sched.h b/include/linux/sched.h index 9c7c67efce34..856a560100c2 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -916,6 +916,9 @@ struct task_struct { */ unsigned sched_remote_wakeup:1; + /* Save user-dumpable when mm goes away */ + unsigned user_dumpable:1; + /* Bit to tell LSMs we're in execve(): */ unsigned in_execve:1; unsigned in_iowait:1; diff --git a/kernel/exit.c b/kernel/exit.c index 03a1dd32e6ff..686bbe72bb41 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -559,6 +559,7 @@ static void exit_mm(void) */ smp_mb__after_spinlock(); local_irq_disable(); + current->user_dumpable = (get_dumpable(mm) == SUID_DUMP_USER); current->mm = NULL; membarrier_update_current_mm(NULL); enter_lazy_tlb(mm, current); diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 443057bee87c..3c7d122a37fb 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -283,11 +283,24 @@ static bool ptrace_has_cap(struct user_namespace *ns, unsigned int mode) return ns_capable(ns, CAP_SYS_PTRACE); } +static bool task_still_dumpable(struct task_struct *task, unsigned int mode) +{ + struct mm_struct *mm = task->mm; + if (mm) { + if (get_dumpable(mm) == SUID_DUMP_USER) + return true; + return ptrace_has_cap(mm->user_ns, mode); + } + + if (task->user_dumpable) + return true; + return ptrace_has_cap(&init_user_ns, mode); +} + /* Returns 0 on success, -errno on denial. */ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) { const struct cred *cred = current_cred(), *tcred; - struct mm_struct *mm; kuid_t caller_uid; kgid_t caller_gid; @@ -348,11 +361,8 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) * Pairs with a write barrier in commit_creds(). */ smp_rmb(); - mm = task->mm; - if (mm && - ((get_dumpable(mm) != SUID_DUMP_USER) && - !ptrace_has_cap(mm->user_ns, mode))) - return -EPERM; + if (!task_still_dumpable(task, mode)) + return -EPERM; return security_ptrace_access_check(task, mode); } diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h index 76f9cad9fb62..d108bc6634ed 100644 --- a/tools/arch/x86/include/asm/msr-index.h +++ b/tools/arch/x86/include/asm/msr-index.h @@ -638,6 +638,9 @@ /* AMD Last Branch Record MSRs */ #define MSR_AMD64_LBR_SELECT 0xc000010e +#define MSR_ZEN4_BP_CFG 0xc001102e +#define MSR_ZEN2_BP_CFG_BUG_FIX_BIT 33 + /* Fam 17h MSRs */ #define MSR_F17H_IRPERF 0xc00000e9