Home Home > GIT Browse > openSUSE-15.0
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBorislav Petkov <bp@suse.de>2019-01-18 15:57:37 +0100
committerBorislav Petkov <bp@suse.de>2019-01-18 15:57:37 +0100
commit2fcd2a0727d70d1aeccd14fb740a5249add22185 (patch)
treec23d22ca7f178432c0363574d397b7030af81331
parent0e11c33a2cad289e517b159b5570215329da7d99 (diff)
- x86/mm: Drop usage of __flush_tlb_all() in
kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - blacklist.conf: - Refresh patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch.
-rw-r--r--blacklist.conf5
-rw-r--r--patches.arch/x86-mm-drop-usage-of-_flush_tlb_all-in-kernel_physical_mapping_init.patch92
-rw-r--r--patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch83
-rw-r--r--patches.arch/x86-resctrl-fix-rdt_find_domain-return-value-and-checks.patch65
-rw-r--r--patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch10
-rw-r--r--patches.arch/x86-speculation-add-retpoline_amd-support-to-the-inline-asm-call_nospec-variant.patch75
-rw-r--r--patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch42
-rw-r--r--series.conf5
8 files changed, 372 insertions, 5 deletions
diff --git a/blacklist.conf b/blacklist.conf
index fea2831108..242c1de5d5 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -981,5 +981,10 @@ af27d9403f5b80685b79c88425086edccecaf711 # Warning applies to unsupported config
613a5eb5677923fdaecfa582738c7bcf80abe186 # Problem affects debugging builds only and is harmless
d50d82faa0c964e31f7a946ba8aba7c715ca7ab0 # Problem affects SLUB which is not enabled in kconfig
8363dae23463df5d27aa3f3430ad64f5c8fcee3e # Not applicable for SLE15
+68239654acafe6aad5a3c1dc7237e60accfebc03 # triggers only on 32-bit
+ac3e233d29f7f77f28243af0132057d378d3ea58 # LLVM fix
+dbe27a002ef8573168cb64e181458ea23a74e2b6 # clang-specific
+238bcbc4e07fad2fff99c5b157d0c37ccd4d093c # ditto
+3bd9805090af843b25f97ffe5049f20ade1d86d6 # ditto
6508497cbdc70b92130fbca57402af6a94e05d20 # patch misattributed
9ff067ff4c4a08d412e51307f11f7de3fb3045e7 # cosmetic cleanup
diff --git a/patches.arch/x86-mm-drop-usage-of-_flush_tlb_all-in-kernel_physical_mapping_init.patch b/patches.arch/x86-mm-drop-usage-of-_flush_tlb_all-in-kernel_physical_mapping_init.patch
new file mode 100644
index 0000000000..97cd4c11b5
--- /dev/null
+++ b/patches.arch/x86-mm-drop-usage-of-_flush_tlb_all-in-kernel_physical_mapping_init.patch
@@ -0,0 +1,92 @@
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Tue, 4 Dec 2018 13:37:27 -0800
+Subject: x86/mm: Drop usage of __flush_tlb_all() in
+ kernel_physical_mapping_init()
+Git-commit: ba6f508d0ec4adb09f0a939af6d5e19cdfa8667d
+Patch-mainline: v5.0-rc1
+References: bsc#1114279
+
+Commit:
+
+ f77084d96355 "x86/mm/pat: Disable preemption around __flush_tlb_all()"
+
+addressed a case where __flush_tlb_all() is called without preemption
+being disabled. It also left a warning to catch other cases where
+preemption is not disabled.
+
+That warning triggers for the memory hotplug path which is also used for
+persistent memory enabling:
+
+ WARNING: CPU: 35 PID: 911 at ./arch/x86/include/asm/tlbflush.h:460
+ RIP: 0010:__flush_tlb_all+0x1b/0x3a
+ [..]
+ Call Trace:
+ phys_pud_init+0x29c/0x2bb
+ kernel_physical_mapping_init+0xfc/0x219
+ init_memory_mapping+0x1a5/0x3b0
+ arch_add_memory+0x2c/0x50
+ devm_memremap_pages+0x3aa/0x610
+ pmem_attach_disk+0x585/0x700 [nd_pmem]
+
+Andy wondered why a path that can sleep was using __flush_tlb_all() [1]
+and Dave confirmed the expectation for TLB flush is for modifying /
+invalidating existing PTE entries, but not initial population [2]. Drop
+the usage of __flush_tlb_all() in phys_{p4d,pud,pmd}_init() on the
+expectation that this path is only ever populating empty entries for the
+linear map. Note, at linear map teardown time there is a call to the
+all-cpu flush_tlb_all() to invalidate the removed mappings.
+
+[1]: https://lkml.kernel.org/r/9DFD717D-857D-493D-A606-B635D72BAC21@amacapital.net
+[2]: https://lkml.kernel.org/r/749919a4-cdb1-48a3-adb4-adb81a5fa0b5@intel.com
+
+[ mingo: Minor readability edits. ]
+
+Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
+Reported-by: Andy Lutomirski <luto@kernel.org>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Rik van Riel <riel@surriel.com>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: dave.hansen@intel.com
+Fixes: f77084d96355 ("x86/mm/pat: Disable preemption around __flush_tlb_all()")
+Link: http://lkml.kernel.org/r/154395944713.32119.15611079023837132638.stgit@dwillia2-desk3.amr.corp.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/mm/init_64.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
+@@ -535,7 +535,6 @@ phys_pud_init(pud_t *pud_page, unsigned
+ paddr_end,
+ page_size_mask,
+ prot);
+- __flush_tlb_all();
+ continue;
+ }
+ /*
+@@ -578,7 +577,6 @@ phys_pud_init(pud_t *pud_page, unsigned
+ pud_populate(&init_mm, pud, pmd);
+ spin_unlock(&init_mm.page_table_lock);
+ }
+- __flush_tlb_all();
+
+ update_page_count(PG_LEVEL_1G, pages);
+
+@@ -633,8 +631,6 @@ kernel_physical_mapping_init(unsigned lo
+ if (pgd_changed)
+ sync_global_pgds(vaddr_start, vaddr_end - 1);
+
+- __flush_tlb_all();
+-
+ return paddr_last;
+ }
+
diff --git a/patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch b/patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch
new file mode 100644
index 0000000000..c8caf45b19
--- /dev/null
+++ b/patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch
@@ -0,0 +1,83 @@
+From: WANG Chao <chao.wang@ucloud.cn>
+Date: Tue, 11 Dec 2018 00:37:25 +0800
+Subject: x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
+Git-commit: e4f358916d528d479c3c12bd2fd03f2d5a576380
+Patch-mainline: v5.0-rc2
+References: bsc#1114279
+
+Commit
+
+ 4cd24de3a098 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support")
+
+replaced the RETPOLINE define with CONFIG_RETPOLINE checks. Remove the
+remaining pieces.
+
+ [ bp: Massage commit message. ]
+
+Fixes: 4cd24de3a098 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support")
+Signed-off-by: WANG Chao <chao.wang@ucloud.cn>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
+Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: Geert Uytterhoeven <geert@linux-m68k.org>
+Cc: Jessica Yu <jeyu@kernel.org>
+Cc: Jiri Kosina <jkosina@suse.cz>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Cc: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
+Cc: Michal Marek <michal.lkml@markovi.net>
+Cc: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: Vasily Gorbik <gor@linux.ibm.com>
+Cc: linux-kbuild@vger.kernel.org
+Cc: srinivas.eeda@oracle.com
+Cc: stable <stable@vger.kernel.org>
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/20181210163725.95977-1-chao.wang@ucloud.cn
+---
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ include/linux/module.h | 2 +-
+ scripts/mod/modpost.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -331,7 +331,7 @@ static enum spectre_v2_mitigation spectr
+ static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init =
+ SPECTRE_V2_USER_NONE;
+
+-#ifdef RETPOLINE
++#ifdef CONFIG_RETPOLINE
+ static bool spectre_v2_bad_module;
+
+ bool retpoline_module_ok(bool has_retpoline)
+--- a/include/linux/module.h
++++ b/include/linux/module.h
+@@ -794,7 +794,7 @@ static inline void module_bug_finalize(c
+ static inline void module_bug_cleanup(struct module *mod) {}
+ #endif /* CONFIG_GENERIC_BUG */
+
+-#ifdef RETPOLINE
++#ifdef CONFIG_RETPOLINE
+ extern bool retpoline_module_ok(bool has_retpoline);
+ #else
+ static inline bool retpoline_module_ok(bool has_retpoline)
+--- a/scripts/mod/modpost.c
++++ b/scripts/mod/modpost.c
+@@ -2149,7 +2149,7 @@ static void add_intree_flag(struct buffe
+ /* Cannot check for assembler */
+ static void add_retpoline(struct buffer *b)
+ {
+- buf_printf(b, "\n#ifdef RETPOLINE\n");
++ buf_printf(b, "\n#ifdef CONFIG_RETPOLINE\n");
+ buf_printf(b, "MODULE_INFO(retpoline, \"Y\");\n");
+ buf_printf(b, "#endif\n");
+ }
diff --git a/patches.arch/x86-resctrl-fix-rdt_find_domain-return-value-and-checks.patch b/patches.arch/x86-resctrl-fix-rdt_find_domain-return-value-and-checks.patch
new file mode 100644
index 0000000000..31b55936bb
--- /dev/null
+++ b/patches.arch/x86-resctrl-fix-rdt_find_domain-return-value-and-checks.patch
@@ -0,0 +1,65 @@
+From: Reinette Chatre <reinette.chatre@intel.com>
+Date: Mon, 10 Dec 2018 14:31:13 -0800
+Subject: x86/resctrl: Fix rdt_find_domain() return value and checks
+Git-commit: 52eb74339a6233c69f4e3794b69ea7c98eeeae1b
+Patch-mainline: v5.0-rc1
+References: bsc#1114279
+
+rdt_find_domain() returns an ERR_PTR() that is generated from a provided
+domain id when the value is negative.
+
+Care needs to be taken when creating an ERR_PTR() from this value
+because a subsequent check using IS_ERR() expects the error to
+be within the MAX_ERRNO range. Using an invalid domain id as an
+ERR_PTR() does work at this time since this is currently always -1.
+Using this undocumented assumption is fragile since future users of
+rdt_find_domain() may not be aware of thus assumption.
+
+Two related issues are addressed:
+
+- Ensure that rdt_find_domain() always returns a valid error value by
+forcing the error to be -ENODEV when a negative domain id is provided.
+
+- In a few instances the return value of rdt_find_domain() is just
+checked for NULL - fix these to include a check of ERR_PTR.
+
+Fixes: d89b7379015f ("x86/intel_rdt/cqm: Add mon_data")
+Fixes: 521348b011d6 ("x86/intel_rdt: Introduce utility to obtain CDP peer")
+Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: fenghua.yu@intel.com
+Cc: gavin.hindman@intel.com
+Cc: jithu.joseph@intel.com
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/b88cd4ff6a75995bf8db9b0ea546908fe50f69f3.1544479852.git.reinette.chatre@intel.com
+---
+ arch/x86/kernel/cpu/intel_rdt.c | 2 +-
+ arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/cpu/intel_rdt.c
++++ b/arch/x86/kernel/cpu/intel_rdt.c
+@@ -413,7 +413,7 @@ struct rdt_domain *rdt_find_domain(struc
+ struct list_head *l;
+
+ if (id < 0)
+- return ERR_PTR(id);
++ return ERR_PTR(-ENODEV);
+
+ list_for_each(l, &r->domains) {
+ d = list_entry(l, struct rdt_domain, list);
+--- a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
++++ b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
+@@ -351,7 +351,7 @@ int rdtgroup_mondata_show(struct seq_fil
+
+ r = &rdt_resources_all[resid];
+ d = rdt_find_domain(r, domid, NULL);
+- if (!d) {
++ if (IS_ERR_OR_NULL(d)) {
+ ret = -ENOENT;
+ goto out;
+ }
diff --git a/patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch b/patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch
index 0792befa86..fa68f83662 100644
--- a/patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch
+++ b/patches.arch/x86-retpoline-make-config_retpoline-depend-on-compiler-support.patch
@@ -65,8 +65,8 @@ Acked-by: Borislav Petkov <bp@suse.de>
*/
# define CALL_NOSPEC \
ANNOTATE_NOSPEC_ALTERNATIVE \
-@@ -177,7 +178,7 @@
- X86_FEATURE_RETPOLINE)
+@@ -181,7 +182,7 @@
+ X86_FEATURE_RETPOLINE_AMD)
# define THUNK_TARGET(addr) [thunk_target] "r" (addr)
-#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
@@ -74,8 +74,8 @@ Acked-by: Borislav Petkov <bp@suse.de>
/*
* For i386 we use the original ret-equivalent retpoline, because
* otherwise we'll run out of registers. We don't care about CET
-@@ -202,6 +203,7 @@
- X86_FEATURE_RETPOLINE)
+@@ -211,6 +212,7 @@
+ X86_FEATURE_RETPOLINE_AMD)
# define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
+#endif
@@ -97,7 +97,7 @@ Acked-by: Borislav Petkov <bp@suse.de>
default n
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -368,7 +368,7 @@ static void __init spec2_print_if_secure
+@@ -369,7 +369,7 @@ static void __init spec2_print_if_secure
static inline bool retp_compiler(void)
{
diff --git a/patches.arch/x86-speculation-add-retpoline_amd-support-to-the-inline-asm-call_nospec-variant.patch b/patches.arch/x86-speculation-add-retpoline_amd-support-to-the-inline-asm-call_nospec-variant.patch
new file mode 100644
index 0000000000..daa17333b0
--- /dev/null
+++ b/patches.arch/x86-speculation-add-retpoline_amd-support-to-the-inline-asm-call_nospec-variant.patch
@@ -0,0 +1,75 @@
+From: Zhenzhong Duan <zhenzhong.duan@oracle.com>
+Date: Tue, 18 Sep 2018 07:45:00 -0700
+Subject: x86/speculation: Add RETPOLINE_AMD support to the inline asm
+ CALL_NOSPEC variant
+Git-commit: 0cbb76d6285794f30953bfa3ab831714b59dd700
+Patch-mainline: v4.20-rc1
+References: bsc#1114279
+
+..so that they match their asm counterpart.
+
+Add the missing ANNOTATE_NOSPEC_ALTERNATIVE in CALL_NOSPEC, while at it.
+
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Wang YanQing <udknight@gmail.com>
+Cc: dhaval.giani@oracle.com
+Cc: srinivas.eeda@oracle.com
+Link: http://lkml.kernel.org/r/c3975665-173e-4d70-8dee-06c926ac26ee@default
+---
+ arch/x86/include/asm/nospec-branch.h | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
+index fd2a8c1b88bc..80dc14422495 100644
+--- a/arch/x86/include/asm/nospec-branch.h
++++ b/arch/x86/include/asm/nospec-branch.h
+@@ -170,11 +170,15 @@
+ */
+ # define CALL_NOSPEC \
+ ANNOTATE_NOSPEC_ALTERNATIVE \
+- ALTERNATIVE( \
++ ALTERNATIVE_2( \
+ ANNOTATE_RETPOLINE_SAFE \
+ "call *%[thunk_target]\n", \
+ "call __x86_indirect_thunk_%V[thunk_target]\n", \
+- X86_FEATURE_RETPOLINE)
++ X86_FEATURE_RETPOLINE, \
++ "lfence;\n" \
++ ANNOTATE_RETPOLINE_SAFE \
++ "call *%[thunk_target]\n", \
++ X86_FEATURE_RETPOLINE_AMD)
+ # define THUNK_TARGET(addr) [thunk_target] "r" (addr)
+
+ #elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
+@@ -184,7 +188,8 @@
+ * here, anyway.
+ */
+ # define CALL_NOSPEC \
+- ALTERNATIVE( \
++ ANNOTATE_NOSPEC_ALTERNATIVE \
++ ALTERNATIVE_2( \
+ ANNOTATE_RETPOLINE_SAFE \
+ "call *%[thunk_target]\n", \
+ " jmp 904f;\n" \
+@@ -199,7 +204,11 @@
+ " ret;\n" \
+ " .align 16\n" \
+ "904: call 901b;\n", \
+- X86_FEATURE_RETPOLINE)
++ X86_FEATURE_RETPOLINE, \
++ "lfence;\n" \
++ ANNOTATE_RETPOLINE_SAFE \
++ "call *%[thunk_target]\n", \
++ X86_FEATURE_RETPOLINE_AMD)
+
+ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
+ #else /* No retpoline for C / inline asm */
+
diff --git a/patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch b/patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch
new file mode 100644
index 0000000000..708d3331cf
--- /dev/null
+++ b/patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch
@@ -0,0 +1,42 @@
+From: David Rientjes <rientjes@google.com>
+Date: Wed, 2 Jan 2019 12:56:33 -0800
+Subject: kvm: sev: Fail KVM_SEV_INIT if already initialized
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: 3f14a89d1132dcae3c8ce6721c6ef51f6e6d9b5f
+Patch-mainline: v5.0-rc2
+References: bsc#1114279
+
+By code inspection, it was found that multiple calls to KVM_SEV_INIT
+could deplete asid bits and overwrite kvm_sev_info's regions_list.
+
+Multiple calls to KVM_SVM_INIT is not likely to occur with QEMU, but this
+should likely be fixed anyway.
+
+This code is serialized by kvm->lock.
+
+Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
+Reported-by: Cfir Cohen <cfir@google.com>
+Signed-off-by: David Rientjes <rientjes@google.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kvm/svm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
+index 307e5bddb6d9..a157ca5b6869 100644
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -6278,6 +6278,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
+ int asid, ret;
+
+ ret = -EBUSY;
++ if (unlikely(sev->active))
++ return ret;
++
+ asid = sev_asid_new();
+ if (asid < 0)
+ return ret;
+
diff --git a/series.conf b/series.conf
index aa1911b69a..d4b383e82b 100644
--- a/series.conf
+++ b/series.conf
@@ -18877,6 +18877,7 @@
patches.fixes/0001-x86-xen-Fix-boot-loader-version-reported-for-PVH-gue.patch
patches.arch/x86-kexec-correct-kexec_backup_src_end-off-by-one-error.patch
patches.fixes/resource-include-resource-end-in-walk_-interfaces.patch
+ patches.arch/x86-speculation-add-retpoline_amd-support-to-the-inline-asm-call_nospec-variant.patch
patches.arch/x86-speculation-apply-ibpb-more-strictly-to-avoid-cross-process-data-leak.patch
patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
patches.arch/x86-speculation-propagate-information-about-rsb-filling-mitigation-to-sysfs.patch
@@ -19622,7 +19623,9 @@
patches.drivers/device-property-fix-fwnode_graph_get_next_endpoint-d.patch
patches.drivers/platform-msi-Free-descriptors-in-platform_msi_domain.patch
patches.fixes/0001-x86-speculation-l1tf-Drop-the-swap-storage-limit-res.patch
+ patches.arch/x86-resctrl-fix-rdt_find_domain-return-value-and-checks.patch
patches.fixes/tools-lib-lockdep-Rename-trywlock-into-trywrlock.patch
+ patches.arch/x86-mm-drop-usage-of-_flush_tlb_all-in-kernel_physical_mapping_init.patch
patches.arch/powerpc-pkeys-Fix-handling-of-pkey-state-across-fork.patch
patches.drivers/can-flexcan-flexcan_irq-fix-indention.patch
patches.drivers/wlcore-Fix-the-return-value-in-case-of-error-in-wlco.patch
@@ -19720,7 +19723,9 @@
patches.drivers/ALSA-cs46xx-Potential-NULL-dereference-in-probe.patch
patches.drivers/ALSA-hda-realtek-Add-unplug-function-into-unplug-sta.patch
patches.drivers/ALSA-hda-realtek-Disable-headset-Mic-VREF-for-headse.patch
+ patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch
patches.drm/0001-drm-fb-helper-Ignore-the-value-of-fb_var_screeninfo..patch
+ patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch
patches.drivers/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch
# dhowells/linux-fs keys-uefi