<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/arch/x86/coco, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Merge tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip</title>
<updated>2026-06-16T00:27:30+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-16T00:27:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c61f479852493fd2cf5ca754e42ac272b1e2d2c5'/>
<id>c61f479852493fd2cf5ca754e42ac272b1e2d2c5</id>
<content type='text'>
Pull x86 SEV updates from Borislav Petkov:

 - Remove redundant GHCB initialization guards in the SEV page state and
   SVSM call paths now that the GHCB helpers handle early-boot fallback
   internally

 - Skip SNP initialization in the CCP driver immediately when the
   preparation step fails rather than proceeding to an operation that
   will certainly fail

 - Abort SNP preparation and return an error when not all CPUs are
   online, since the firmware enforces that every CPU enables SNP and
   will fail init if not

 - Simplify the VMM communication exception entry path by replacing
   separate kernel and user mode macros with a single handler that
   dispatches based on the current privilege level

* tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
  x86/sev: Remove redundant ghcbs_initialized checks around __sev_{get,put}_ghcb()
  crypto/ccp: Skip SNP_INIT if preparation fails
  x86/sev: Do not initialize SNP if missing CPUs
  x86/entry: Zap the #VC entry user and kernel macros
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull x86 SEV updates from Borislav Petkov:

 - Remove redundant GHCB initialization guards in the SEV page state and
   SVSM call paths now that the GHCB helpers handle early-boot fallback
   internally

 - Skip SNP initialization in the CCP driver immediately when the
   preparation step fails rather than proceeding to an operation that
   will certainly fail

 - Abort SNP preparation and return an error when not all CPUs are
   online, since the firmware enforces that every CPU enables SNP and
   will fail init if not

 - Simplify the VMM communication exception entry path by replacing
   separate kernel and user mode macros with a single handler that
   dispatches based on the current privilege level

* tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
  x86/sev: Remove redundant ghcbs_initialized checks around __sev_{get,put}_ghcb()
  crypto/ccp: Skip SNP_INIT if preparation fails
  x86/sev: Do not initialize SNP if missing CPUs
  x86/entry: Zap the #VC entry user and kernel macros
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/sev: Remove redundant ghcbs_initialized checks around __sev_{get,put}_ghcb()</title>
<updated>2026-05-19T20:31:29+00:00</updated>
<author>
<name>Nikunj A Dadhania</name>
<email>nikunj@amd.com</email>
</author>
<published>2026-05-18T10:22:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9d8460a1c7a6b0f2dc6302e5d0f31d4e8c2a7913'/>
<id>9d8460a1c7a6b0f2dc6302e5d0f31d4e8c2a7913</id>
<content type='text'>
After

  3645eb7e3915 ("x86/fred: Fix early boot failures on SEV-ES/SNP guests"),

__sev_{get,put}_ghcb() handle the early-boot GHCB fallback internally, making
the ghcbs_initialized guards in __set_pages_state() and
svsm_perform_call_protocol() redundant.

Remove them.

Also initialize state-&gt;ghcb to NULL in the early-boot path of
__sev_get_ghcb() so that the ghcb_state is well-defined for all callers,
even though __sev_put_ghcb() currently returns early before reading it.

No functional change intended.

Suggested-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Link: https://patch.msgid.link/20260518102230.3394603-1-nikunj@amd.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
After

  3645eb7e3915 ("x86/fred: Fix early boot failures on SEV-ES/SNP guests"),

__sev_{get,put}_ghcb() handle the early-boot GHCB fallback internally, making
the ghcbs_initialized guards in __set_pages_state() and
svsm_perform_call_protocol() redundant.

Remove them.

Also initialize state-&gt;ghcb to NULL in the early-boot path of
__sev_get_ghcb() so that the ghcb_state is well-defined for all callers,
even though __sev_put_ghcb() currently returns early before reading it.

No functional change intended.

Suggested-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Link: https://patch.msgid.link/20260518102230.3394603-1-nikunj@amd.com
</pre>
</div>
</content>
</entry>
<entry>
<title>treewide: Explicitly include the x86 CPUID headers</title>
<updated>2026-05-06T12:29:59+00:00</updated>
<author>
<name>Ahmed S. Darwish</name>
<email>darwi@linutronix.de</email>
</author>
<published>2026-03-27T02:15:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7b49a3fb69e785a2425c8dc7dbd0779a0a4c0eb2'/>
<id>7b49a3fb69e785a2425c8dc7dbd0779a0a4c0eb2</id>
<content type='text'>
Modify all CPUID call sites which implicitly include any of the CPUID
headers to explicitly include them instead.

For KVM's reverse_cpuid.h, just include &lt;asm/cpuid/types.h&gt; since it
references the CPUID_EAX..EDX symbols without using the CPUID APIs.

Note, this allows removing the inclusion of &lt;asm/cpuid/api.h&gt; from within
&lt;asm/processor.h&gt; next.  That allows the CPUID API headers to include
&lt;asm/processor.h&gt; without introducing a circular dependency.

Signed-off-by: Ahmed S. Darwish &lt;darwi@linutronix.de&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Link: https://lore.kernel.org/20260327021645.555257-1-darwi@linutronix.de
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Modify all CPUID call sites which implicitly include any of the CPUID
headers to explicitly include them instead.

For KVM's reverse_cpuid.h, just include &lt;asm/cpuid/types.h&gt; since it
references the CPUID_EAX..EDX symbols without using the CPUID APIs.

Note, this allows removing the inclusion of &lt;asm/cpuid/api.h&gt; from within
&lt;asm/processor.h&gt; next.  That allows the CPUID API headers to include
&lt;asm/processor.h&gt; without introducing a circular dependency.

Signed-off-by: Ahmed S. Darwish &lt;darwi@linutronix.de&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Link: https://lore.kernel.org/20260327021645.555257-1-darwi@linutronix.de
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/entry: Zap the #VC entry user and kernel macros</title>
<updated>2026-05-04T09:18:41+00:00</updated>
<author>
<name>Borislav Petkov (AMD)</name>
<email>bp@alien8.de</email>
</author>
<published>2026-04-20T16:43:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=52705e72e265406255f83dbd0c725fddc5bd2c83'/>
<id>52705e72e265406255f83dbd0c725fddc5bd2c83</id>
<content type='text'>
Drop the separate kernel and user macros in favor of calling a single #VC
C handler which multiplexes between the kernel and user #VC entry points
by looking at CS's RPL.

Zap unused DEFINE_IDTENTRY_VC while at it.

There should be no functionality change resulting from this - just code
simplification.

Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Nikunj A. Dadhania &lt;nikunj@amd.com&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Joerg Roedel &lt;joerg.roedel@amd.com&gt;
Tested-by: Nikunj A. Dadhania &lt;nikunj@amd.com&gt;
Link: https://patch.msgid.link/20260420164352.32129-1-bp@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Drop the separate kernel and user macros in favor of calling a single #VC
C handler which multiplexes between the kernel and user #VC entry points
by looking at CS's RPL.

Zap unused DEFINE_IDTENTRY_VC while at it.

There should be no functionality change resulting from this - just code
simplification.

Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Nikunj A. Dadhania &lt;nikunj@amd.com&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Joerg Roedel &lt;joerg.roedel@amd.com&gt;
Tested-by: Nikunj A. Dadhania &lt;nikunj@amd.com&gt;
Link: https://patch.msgid.link/20260420164352.32129-1-bp@kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'x86_tdx_for_7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip</title>
<updated>2026-04-14T21:42:55+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-04-14T21:42:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=883af1f8e8788b99c5cd6797219bca44571775c9'/>
<id>883af1f8e8788b99c5cd6797219bca44571775c9</id>
<content type='text'>
Pull x86 TDX updates from Dave Hansen:
 "The only real thing of note here is printing the TDX module version.

  This is a little silly on its own, but the upcoming TDX module update
  code needs the same TDX module call. This shrinks that set a wee bit.

  There's also few minor macro cleanups and a tweak to the GetQuote ABI
  to make it easier for userspace to detect zero-length (failed) quotes"

* tag 'x86_tdx_for_7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  virt: tdx-guest: Return error for GetQuote failures
  KVM/TDX: Rename KVM_SUPPORTED_TD_ATTRS to KVM_SUPPORTED_TDX_TD_ATTRS
  x86/tdx: Rename TDX_ATTR_* to TDX_TD_ATTR_*
  KVM/TDX: Remove redundant definitions of TDX_TD_ATTR_*
  x86/tdx: Fix the typo in TDX_ATTR_MIGRTABLE
  x86/virt/tdx: Print TDX module version during init
  x86/virt/tdx: Retrieve TDX module version
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull x86 TDX updates from Dave Hansen:
 "The only real thing of note here is printing the TDX module version.

  This is a little silly on its own, but the upcoming TDX module update
  code needs the same TDX module call. This shrinks that set a wee bit.

  There's also few minor macro cleanups and a tweak to the GetQuote ABI
  to make it easier for userspace to detect zero-length (failed) quotes"

* tag 'x86_tdx_for_7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  virt: tdx-guest: Return error for GetQuote failures
  KVM/TDX: Rename KVM_SUPPORTED_TD_ATTRS to KVM_SUPPORTED_TDX_TD_ATTRS
  x86/tdx: Rename TDX_ATTR_* to TDX_TD_ATTR_*
  KVM/TDX: Remove redundant definitions of TDX_TD_ATTR_*
  x86/tdx: Fix the typo in TDX_ATTR_MIGRTABLE
  x86/virt/tdx: Print TDX module version during init
  x86/virt/tdx: Retrieve TDX module version
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/fred: Fix early boot failures on SEV-ES/SNP guests</title>
<updated>2026-03-23T13:18:18+00:00</updated>
<author>
<name>Nikunj A Dadhania</name>
<email>nikunj@amd.com</email>
</author>
<published>2026-03-18T07:56:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3645eb7e3915990a149460c151a00894cb586253'/>
<id>3645eb7e3915990a149460c151a00894cb586253</id>
<content type='text'>
FRED-enabled SEV-(ES,SNP) guests fail to boot due to the following issues
in the early boot sequence:

* FRED does not have a #VC exception handler in the dispatch logic

* Early FRED #VC exceptions attempt to use uninitialized per-CPU GHCBs
  instead of boot_ghcb

Add X86_TRAP_VC case to fred_hwexc() with a new exc_vmm_communication()
function that provides the unified entry point FRED requires, dispatching
to existing user/kernel handlers based on privilege level. The function is
already declared via DECLARE_IDTENTRY_VC().

Fix early GHCB access by falling back to boot_ghcb in
__sev_{get,put}_ghcb() when per-CPU GHCBs are not yet initialized.

Fixes: 14619d912b65 ("x86/fred: FRED entry/exit and dispatch code")
Signed-off-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: &lt;stable@kernel.org&gt;  # 6.12+
Link: https://patch.msgid.link/20260318075654.1792916-4-nikunj@amd.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
FRED-enabled SEV-(ES,SNP) guests fail to boot due to the following issues
in the early boot sequence:

* FRED does not have a #VC exception handler in the dispatch logic

* Early FRED #VC exceptions attempt to use uninitialized per-CPU GHCBs
  instead of boot_ghcb

Add X86_TRAP_VC case to fred_hwexc() with a new exc_vmm_communication()
function that provides the unified entry point FRED requires, dispatching
to existing user/kernel handlers based on privilege level. The function is
already declared via DECLARE_IDTENTRY_VC().

Fix early GHCB access by falling back to boot_ghcb in
__sev_{get,put}_ghcb() when per-CPU GHCBs are not yet initialized.

Fixes: 14619d912b65 ("x86/fred: FRED entry/exit and dispatch code")
Signed-off-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: &lt;stable@kernel.org&gt;  # 6.12+
Link: https://patch.msgid.link/20260318075654.1792916-4-nikunj@amd.com
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/tdx: Rename TDX_ATTR_* to TDX_TD_ATTR_*</title>
<updated>2026-03-04T00:06:49+00:00</updated>
<author>
<name>Xiaoyao Li</name>
<email>xiaoyao.li@intel.com</email>
</author>
<published>2026-03-03T03:03:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=28bcd8d83fca2c16b2d596b0dce5c4dbca4f9b50'/>
<id>28bcd8d83fca2c16b2d596b0dce5c4dbca4f9b50</id>
<content type='text'>
The macros TDX_ATTR_* and DEF_TDX_ATTR_* are related to TD attributes,
which are TD-scope attributes. Naming them as TDX_ATTR_* can be somewhat
confusing and might mislead people into thinking they are TDX global
things.

Rename TDX_ATTR_* to TDX_TD_ATTR_* to explicitly clarify they are
TD-scope things.

Suggested-by: Rick Edgecombe &lt;rick.p.edgecombe@intel.com&gt;
Signed-off-by: Xiaoyao Li &lt;xiaoyao.li@intel.com&gt;
Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Reviewed-by: Rick Edgecombe &lt;rick.p.edgecombe@intel.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linux.intel.com&gt;
Reviewed-by: Kiryl Shutsemau &lt;kas@kernel.org&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260303030335.766779-4-xiaoyao.li@intel.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The macros TDX_ATTR_* and DEF_TDX_ATTR_* are related to TD attributes,
which are TD-scope attributes. Naming them as TDX_ATTR_* can be somewhat
confusing and might mislead people into thinking they are TDX global
things.

Rename TDX_ATTR_* to TDX_TD_ATTR_* to explicitly clarify they are
TD-scope things.

Suggested-by: Rick Edgecombe &lt;rick.p.edgecombe@intel.com&gt;
Signed-off-by: Xiaoyao Li &lt;xiaoyao.li@intel.com&gt;
Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Reviewed-by: Rick Edgecombe &lt;rick.p.edgecombe@intel.com&gt;
Reviewed-by: Binbin Wu &lt;binbin.wu@linux.intel.com&gt;
Reviewed-by: Kiryl Shutsemau &lt;kas@kernel.org&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260303030335.766779-4-xiaoyao.li@intel.com
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/tdx: Fix the typo in TDX_ATTR_MIGRTABLE</title>
<updated>2026-03-04T00:06:49+00:00</updated>
<author>
<name>Xiaoyao Li</name>
<email>xiaoyao.li@intel.com</email>
</author>
<published>2026-03-03T03:03:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3aecb2e7b948400354399b26f3f1653bd2c1bae0'/>
<id>3aecb2e7b948400354399b26f3f1653bd2c1bae0</id>
<content type='text'>
The TD scoped TDCS attributes are defined by bit positions. In the guest
side of the TDX code, the 'tdx_attributes' string array holds pretty
print names for these attributes, which are generated via macros and
defines. Today these pretty print names are only used to print the
attribute names to dmesg.

Unfortunately there is a typo in the define for the migratable bit.
Change the defines TDX_ATTR_MIGRTABLE* to TDX_ATTR_MIGRATABLE*. Update
the sole user, the tdx_attributes array, to use the fixed name.

Since these defines control the string printed to dmesg, the change is
user visible. But the risk of breakage is almost zero since it is not
exposed in any interface expected to be consumed programmatically.

Fixes: 564ea84c8c14 ("x86/tdx: Dump attributes and TD_CTLS on boot")
Signed-off-by: Xiaoyao Li &lt;xiaoyao.li@intel.com&gt;
Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Reviewed-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reviewed-by: Kai Huang &lt;kai.huang@intel.com&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260303030335.766779-2-xiaoyao.li@intel.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The TD scoped TDCS attributes are defined by bit positions. In the guest
side of the TDX code, the 'tdx_attributes' string array holds pretty
print names for these attributes, which are generated via macros and
defines. Today these pretty print names are only used to print the
attribute names to dmesg.

Unfortunately there is a typo in the define for the migratable bit.
Change the defines TDX_ATTR_MIGRTABLE* to TDX_ATTR_MIGRATABLE*. Update
the sole user, the tdx_attributes array, to use the fixed name.

Since these defines control the string printed to dmesg, the change is
user visible. But the risk of breakage is almost zero since it is not
exposed in any interface expected to be consumed programmatically.

Fixes: 564ea84c8c14 ("x86/tdx: Dump attributes and TD_CTLS on boot")
Signed-off-by: Xiaoyao Li &lt;xiaoyao.li@intel.com&gt;
Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Reviewed-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reviewed-by: Kai Huang &lt;kai.huang@intel.com&gt;
Acked-by: Sean Christopherson &lt;seanjc@google.com&gt;
Link: https://patch.msgid.link/20260303030335.766779-2-xiaoyao.li@intel.com
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/sev: Allow IBPB-on-Entry feature for SNP guests</title>
<updated>2026-03-02T10:08:59+00:00</updated>
<author>
<name>Kim Phillips</name>
<email>kim.phillips@amd.com</email>
</author>
<published>2026-02-03T22:24:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9073428bb204d921ae15326bb7d4558d9d269aab'/>
<id>9073428bb204d921ae15326bb7d4558d9d269aab</id>
<content type='text'>
The SEV-SNP IBPB-on-Entry feature does not require a guest-side
implementation. It was added in Zen5 h/w, after the first SNP Zen
implementation, and thus was not accounted for when the initial set of SNP
features were added to the kernel.

In its abundant precaution, commit

  8c29f0165405 ("x86/sev: Add SEV-SNP guest feature negotiation support")

included SEV_STATUS' IBPB-on-Entry bit as a reserved bit, thereby masking
guests from using the feature.

Allow guests to make use of IBPB-on-Entry when supported by the hypervisor, as
the bit is now architecturally defined and safe to expose.

Fixes: 8c29f0165405 ("x86/sev: Add SEV-SNP guest feature negotiation support")
Signed-off-by: Kim Phillips &lt;kim.phillips@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: stable@kernel.org
Link: https://patch.msgid.link/20260203222405.4065706-2-kim.phillips@amd.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The SEV-SNP IBPB-on-Entry feature does not require a guest-side
implementation. It was added in Zen5 h/w, after the first SNP Zen
implementation, and thus was not accounted for when the initial set of SNP
features were added to the kernel.

In its abundant precaution, commit

  8c29f0165405 ("x86/sev: Add SEV-SNP guest feature negotiation support")

included SEV_STATUS' IBPB-on-Entry bit as a reserved bit, thereby masking
guests from using the feature.

Allow guests to make use of IBPB-on-Entry when supported by the hypervisor, as
the bit is now architecturally defined and safe to expose.

Fixes: 8c29f0165405 ("x86/sev: Add SEV-SNP guest feature negotiation support")
Signed-off-by: Kim Phillips &lt;kim.phillips@amd.com&gt;
Signed-off-by: Borislav Petkov (AMD) &lt;bp@alien8.de&gt;
Reviewed-by: Nikunj A Dadhania &lt;nikunj@amd.com&gt;
Reviewed-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: stable@kernel.org
Link: https://patch.msgid.link/20260203222405.4065706-2-kim.phillips@amd.com
</pre>
</div>
</content>
</entry>
<entry>
<title>Convert 'alloc_obj' family to use the new default GFP_KERNEL argument</title>
<updated>2026-02-22T01:09:51+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-02-22T00:37:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43'/>
<id>bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43</id>
<content type='text'>
This was done entirely with mindless brute force, using

    git grep -l '\&lt;k[vmz]*alloc_objs*(.*, GFP_KERNEL)' |
        xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/'

to convert the new alloc_obj() users that had a simple GFP_KERNEL
argument to just drop that argument.

Note that due to the extreme simplicity of the scripting, any slightly
more complex cases spread over multiple lines would not be triggered:
they definitely exist, but this covers the vast bulk of the cases, and
the resulting diff is also then easier to check automatically.

For the same reason the 'flex' versions will be done as a separate
conversion.

Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This was done entirely with mindless brute force, using

    git grep -l '\&lt;k[vmz]*alloc_objs*(.*, GFP_KERNEL)' |
        xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/'

to convert the new alloc_obj() users that had a simple GFP_KERNEL
argument to just drop that argument.

Note that due to the extreme simplicity of the scripting, any slightly
more complex cases spread over multiple lines would not be triggered:
they definitely exist, but this covers the vast bulk of the cases, and
the resulting diff is also then easier to check automatically.

For the same reason the 'flex' versions will be done as a separate
conversion.

Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
