diff options
9 files changed, 446 insertions, 0 deletions
diff --git a/queue-6.15/dt-bindings-i2c-nvidia-tegra20-i2c-specify-the-required-properties.patch b/queue-6.15/dt-bindings-i2c-nvidia-tegra20-i2c-specify-the-required-properties.patch new file mode 100644 index 0000000000..dc9d86b878 --- /dev/null +++ b/queue-6.15/dt-bindings-i2c-nvidia-tegra20-i2c-specify-the-required-properties.patch @@ -0,0 +1,79 @@ +From 903cc7096db22f889d48e2cee8840709ce04fdac Mon Sep 17 00:00:00 2001 +From: Akhil R <akhilrajeev@nvidia.com> +Date: Tue, 3 Jun 2025 21:00:20 +0530 +Subject: dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Akhil R <akhilrajeev@nvidia.com> + +commit 903cc7096db22f889d48e2cee8840709ce04fdac upstream. + +Specify the properties which are essential and which are not for the +Tegra I2C driver to function correctly. This was not added correctly when +the TXT binding was converted to yaml. All the existing DT nodes have +these properties already and hence this does not break the ABI. + +dmas and dma-names which were specified as a must in the TXT binding +is now made optional since the driver can work in PIO mode if dmas are +missing. + +Fixes: f10a9b722f80 ("dt-bindings: i2c: tegra: Convert to json-schemaā€¯) +Signed-off-by: Akhil R <akhilrajeev@nvidia.com> +Cc: <stable@vger.kernel.org> # v5.17+ +Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> +Signed-off-by: Andi Shyti <andi@smida.it> +Link: https://lore.kernel.org/r/20250603153022.39434-1-akhilrajeev@nvidia.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml | 24 +++++++++- + 1 file changed, 23 insertions(+), 1 deletion(-) + +--- a/Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml ++++ b/Documentation/devicetree/bindings/i2c/nvidia,tegra20-i2c.yaml +@@ -97,7 +97,10 @@ properties: + + resets: + items: +- - description: module reset ++ - description: ++ Module reset. This property is optional for controllers in Tegra194, ++ Tegra234 etc where an internal software reset is available as an ++ alternative. + + reset-names: + items: +@@ -116,6 +119,13 @@ properties: + - const: rx + - const: tx + ++required: ++ - compatible ++ - reg ++ - interrupts ++ - clocks ++ - clock-names ++ + allOf: + - $ref: /schemas/i2c/i2c-controller.yaml + - if: +@@ -169,6 +179,18 @@ allOf: + properties: + power-domains: false + ++ - if: ++ not: ++ properties: ++ compatible: ++ contains: ++ enum: ++ - nvidia,tegra194-i2c ++ then: ++ required: ++ - resets ++ - reset-names ++ + unevaluatedProperties: false + + examples: diff --git a/queue-6.15/edac-amd64-correct-number-of-umcs-for-family-19h-models-70h-7fh.patch b/queue-6.15/edac-amd64-correct-number-of-umcs-for-family-19h-models-70h-7fh.patch new file mode 100644 index 0000000000..a28f222470 --- /dev/null +++ b/queue-6.15/edac-amd64-correct-number-of-umcs-for-family-19h-models-70h-7fh.patch @@ -0,0 +1,39 @@ +From b2e673ae53ef4b943f68585207a5f21cfc9a0714 Mon Sep 17 00:00:00 2001 +From: Avadhut Naik <avadhut.naik@amd.com> +Date: Fri, 13 Jun 2025 00:51:35 +0000 +Subject: EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh + +From: Avadhut Naik <avadhut.naik@amd.com> + +commit b2e673ae53ef4b943f68585207a5f21cfc9a0714 upstream. + +AMD's Family 19h-based Models 70h-7fh support 4 unified memory controllers +(UMC) per processor die. + +The amd64_edac driver, however, assumes only 2 UMCs are supported since +max_mcs variable for the models has not been explicitly set to 4. The same +results in incomplete or incorrect memory information being logged to dmesg by +the module during initialization in some instances. + +Fixes: 6c79e42169fe ("EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh") +Closes: https://lore.kernel.org/all/27dc093f-ce27-4c71-9e81-786150a040b6@reox.at/ +Reported-by: reox <mailinglist@reox.at> +Signed-off-by: Avadhut Naik <avadhut.naik@amd.com> +Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> +Cc: stable@kernel.org +Link: https://lore.kernel.org/20250613005233.2330627-1-avadhut.naik@amd.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/edac/amd64_edac.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -3879,6 +3879,7 @@ static int per_family_init(struct amd64_ + break; + case 0x70 ... 0x7f: + pvt->ctl_name = "F19h_M70h"; ++ pvt->max_mcs = 4; + pvt->flags.zn_regs_v2 = 1; + break; + case 0x90 ... 0x9f: diff --git a/queue-6.15/i2c-k1-check-for-transfer-error.patch b/queue-6.15/i2c-k1-check-for-transfer-error.patch new file mode 100644 index 0000000000..e7ac3f7acb --- /dev/null +++ b/queue-6.15/i2c-k1-check-for-transfer-error.patch @@ -0,0 +1,50 @@ +From a6c23dac756b9541b33aa3bcd30f464df2879209 Mon Sep 17 00:00:00 2001 +From: Alex Elder <elder@riscstar.com> +Date: Mon, 16 Jun 2025 07:51:36 -0500 +Subject: i2c: k1: check for transfer error + +From: Alex Elder <elder@riscstar.com> + +commit a6c23dac756b9541b33aa3bcd30f464df2879209 upstream. + +If spacemit_i2c_xfer_msg() times out waiting for a message transfer to +complete, or if the hardware reports an error, it returns a negative +error code (-ETIMEDOUT, -EAGAIN, -ENXIO. or -EIO). + +The sole caller of spacemit_i2c_xfer_msg() is spacemit_i2c_xfer(), +which is the i2c_algorithm->xfer callback function. It currently +does not save the value returned by spacemit_i2c_xfer_msg(). + +The result is that transfer errors go unreported, and a caller +has no indication anything is wrong. + +When this code was out for review, the return value *was* checked +in early versions. But for some reason, that assignment got dropped +between versions 5 and 6 of the series, perhaps related to reworking +the code to merge spacemit_i2c_xfer_core() into spacemit_i2c_xfer(). + +Simply assigning the value returned to "ret" fixes the problem. + +Fixes: 5ea558473fa31 ("i2c: spacemit: add support for SpacemiT K1 SoC") +Signed-off-by: Alex Elder <elder@riscstar.com> +Cc: <stable@vger.kernel.org> # v6.15+ +Reviewed-by: Troy Mitchell <troymitchell988@gmail.com> +Link: https://lore.kernel.org/r/20250616125137.1555453-1-elder@riscstar.com +Signed-off-by: Andi Shyti <andi@smida.it> +Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/i2c/busses/i2c-k1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-k1.c ++++ b/drivers/i2c/busses/i2c-k1.c +@@ -477,7 +477,7 @@ static int spacemit_i2c_xfer(struct i2c_ + + ret = spacemit_i2c_wait_bus_idle(i2c); + if (!ret) +- spacemit_i2c_xfer_msg(i2c); ++ ret = spacemit_i2c_xfer_msg(i2c); + else if (ret < 0) + dev_dbg(i2c->dev, "i2c transfer error: %d\n", ret); + else diff --git a/queue-6.15/kvm-arm64-vhe-synchronize-restore-of-host-debug-registers.patch b/queue-6.15/kvm-arm64-vhe-synchronize-restore-of-host-debug-registers.patch new file mode 100644 index 0000000000..a239886a45 --- /dev/null +++ b/queue-6.15/kvm-arm64-vhe-synchronize-restore-of-host-debug-registers.patch @@ -0,0 +1,49 @@ +From cade3d57e456e69f67aa9894bf89dc8678796bb7 Mon Sep 17 00:00:00 2001 +From: Mark Rutland <mark.rutland@arm.com> +Date: Tue, 17 Jun 2025 14:37:12 +0100 +Subject: KVM: arm64: VHE: Synchronize restore of host debug registers + +From: Mark Rutland <mark.rutland@arm.com> + +commit cade3d57e456e69f67aa9894bf89dc8678796bb7 upstream. + +When KVM runs in non-protected VHE mode, there's no context +synchronization event between __debug_switch_to_host() restoring the +host debug registers and __kvm_vcpu_run() unmasking debug exceptions. +Due to this, it's theoretically possible for the host to take an +unexpected debug exception due to the stale guest configuration. + +This cannot happen in NVHE/HVHE mode as debug exceptions are masked in +the hyp code, and the exception return to the host will provide the +necessary context synchronization before debug exceptions can be taken. + +For now, avoid the problem by adding an ISB after VHE hyp code restores +the host debug registers. + +Signed-off-by: Mark Rutland <mark.rutland@arm.com> +Cc: Catalin Marinas <catalin.marinas@arm.com> +Cc: Fuad Tabba <tabba@google.com> +Cc: Marc Zyngier <maz@kernel.org> +Cc: Mark Brown <broonie@kernel.org> +Cc: Oliver Upton <oliver.upton@linux.dev> +Cc: Will Deacon <will@kernel.org> +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20250617133718.4014181-2-mark.rutland@arm.com +Signed-off-by: Marc Zyngier <maz@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/arm64/kvm/hyp/include/hyp/debug-sr.h | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/arm64/kvm/hyp/include/hyp/debug-sr.h ++++ b/arch/arm64/kvm/hyp/include/hyp/debug-sr.h +@@ -167,6 +167,9 @@ static inline void __debug_switch_to_hos + + __debug_save_state(guest_dbg, guest_ctxt); + __debug_restore_state(host_dbg, host_ctxt); ++ ++ if (has_vhe()) ++ isb(); + } + + #endif /* __ARM64_KVM_HYP_DEBUG_SR_H__ */ diff --git a/queue-6.15/perf-x86-intel-fix-crash-in-icl_update_topdown_event.patch b/queue-6.15/perf-x86-intel-fix-crash-in-icl_update_topdown_event.patch new file mode 100644 index 0000000000..0c7da1d030 --- /dev/null +++ b/queue-6.15/perf-x86-intel-fix-crash-in-icl_update_topdown_event.patch @@ -0,0 +1,64 @@ +From b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Mon Sep 17 00:00:00 2001 +From: Kan Liang <kan.liang@linux.intel.com> +Date: Thu, 12 Jun 2025 07:38:18 -0700 +Subject: perf/x86/intel: Fix crash in icl_update_topdown_event() + +From: Kan Liang <kan.liang@linux.intel.com> + +commit b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed upstream. + +The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: + + Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 + CPU: 23 UID: 0 PID: 0 Comm: swapper/23 + Tainted: [W]=WARN + Hardware name: Dell Inc. Precision 9660/0VJ762 + RIP: 0010:native_read_pmc+0x7/0x40 + Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... + RSP: 000:fffb03100273de8 EFLAGS: 00010046 + .... + Call Trace: + <TASK> + icl_update_topdown_event+0x165/0x190 + ? ktime_get+0x38/0xd0 + intel_pmu_read_event+0xf9/0x210 + __perf_event_read+0xf9/0x210 + +CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. +The icl_update_topdown_event() should not be invoked on these CPUs. + +It's a regression of commit: + + f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") + +The bug introduced by that commit is that the is_topdown_event() function +is mistakenly used to replace the is_topdown_count() call to check if the +topdown functions for the perf metrics feature should be invoked. + +Fix it. + +Fixes: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") +Closes: https://lore.kernel.org/lkml/352f0709-f026-cd45-e60c-60dfd97f73f3@maine.edu/ +Reported-by: Vince Weaver <vincent.weaver@maine.edu> +Signed-off-by: Kan Liang <kan.liang@linux.intel.com> +Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Tested-by: Vince Weaver <vincent.weaver@maine.edu> +Cc: stable@vger.kernel.org # v6.15+ +Link: https://lore.kernel.org/r/20250612143818.2889040-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/events/intel/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -2810,7 +2810,7 @@ static void intel_pmu_read_event(struct + * If the PEBS counters snapshotting is enabled, + * the topdown event is available in PEBS records. + */ +- if (is_topdown_event(event) && !is_pebs_counter_event_group(event)) ++ if (is_topdown_count(event) && !is_pebs_counter_event_group(event)) + static_call(intel_pmu_update_topdown_event)(event, NULL); + else + intel_pmu_drain_pebs_buffer(); diff --git a/queue-6.15/series b/queue-6.15/series index 0079830452..8f8ad5e1d0 100644 --- a/queue-6.15/series +++ b/queue-6.15/series @@ -502,6 +502,7 @@ sunrpc-handle-svc_garbage-during-svc-auth-processing-as-auth-error.patch io_uring-net-always-use-current-transfer-count-for-buffer-put.patch drm-xe-svm-fix-regression-disallowing-64k-svm-migration.patch drm-v3d-avoid-null-pointer-dereference-in-v3d_job_update_stats.patch +smb-fix-secondary-channel-creation-issue-with-kerberos-by-populating-hostname-when-adding-channels.patch drm-msm-dp-disable-wide-bus-support-for-sdm845.patch drm-msm-disp-correct-porch-timing-for-sdm845.patch drm-msm-dsi-dsi_phy_10nm-fix-missing-initial-vco-rat.patch @@ -553,3 +554,10 @@ net-atm-add-lec_mutex.patch net-atm-fix-proc-net-atm-lec-handling.patch tools-ynl-parse-extack-for-sub-messages.patch tools-ynl-fix-mixing-ops-and-notifications-on-one-so.patch +kvm-arm64-vhe-synchronize-restore-of-host-debug-registers.patch +x86-mm-disable-invlpgb-when-pti-is-enabled.patch +edac-amd64-correct-number-of-umcs-for-family-19h-models-70h-7fh.patch +dt-bindings-i2c-nvidia-tegra20-i2c-specify-the-required-properties.patch +perf-x86-intel-fix-crash-in-icl_update_topdown_event.patch +smb-log-an-error-when-close_all_cached_dirs-fails.patch +i2c-k1-check-for-transfer-error.patch diff --git a/queue-6.15/smb-fix-secondary-channel-creation-issue-with-kerberos-by-populating-hostname-when-adding-channels.patch b/queue-6.15/smb-fix-secondary-channel-creation-issue-with-kerberos-by-populating-hostname-when-adding-channels.patch new file mode 100644 index 0000000000..34f340854f --- /dev/null +++ b/queue-6.15/smb-fix-secondary-channel-creation-issue-with-kerberos-by-populating-hostname-when-adding-channels.patch @@ -0,0 +1,40 @@ +From 306cb65bb0cb243389fcbd0a66907d5bdea07d1e Mon Sep 17 00:00:00 2001 +From: Bharath SM <bharathsm@microsoft.com> +Date: Mon, 17 Mar 2025 15:57:27 +0530 +Subject: smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels + +From: Bharath SM <bharathsm@microsoft.com> + +commit 306cb65bb0cb243389fcbd0a66907d5bdea07d1e upstream. + +When mounting a share with kerberos authentication with multichannel +support, share mounts correctly, but fails to create secondary +channels. This occurs because the hostname is not populated when +adding the channels. The hostname is necessary for the userspace +cifs.upcall program to retrieve the required credentials and pass +it back to kernel, without hostname secondary channels fails +establish. + +Cc: stable@vger.kernel.org +Reviewed-by: Shyam Prasad N <sprasad@microsoft.com> +Signed-off-by: Bharath SM <bharathsm@microsoft.com> +Reported-by: xfuren <xfuren@gmail.com> +Link: https://bugzilla.samba.org/show_bug.cgi?id=15824 +Signed-off-by: Steve French <stfrench@microsoft.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + fs/smb/client/sess.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/fs/smb/client/sess.c ++++ b/fs/smb/client/sess.c +@@ -498,8 +498,7 @@ cifs_ses_add_channel(struct cifs_ses *se + ctx->domainauto = ses->domainAuto; + ctx->domainname = ses->domainName; + +- /* no hostname for extra channels */ +- ctx->server_hostname = ""; ++ ctx->server_hostname = ses->server->hostname; + + ctx->username = ses->user_name; + ctx->password = ses->password; diff --git a/queue-6.15/smb-log-an-error-when-close_all_cached_dirs-fails.patch b/queue-6.15/smb-log-an-error-when-close_all_cached_dirs-fails.patch new file mode 100644 index 0000000000..0b40e8978b --- /dev/null +++ b/queue-6.15/smb-log-an-error-when-close_all_cached_dirs-fails.patch @@ -0,0 +1,63 @@ +From a2182743a8b4969481f64aec4908ff162e8a206c Mon Sep 17 00:00:00 2001 +From: Paul Aurich <paul@darkrain42.org> +Date: Wed, 20 Nov 2024 08:01:54 -0800 +Subject: smb: Log an error when close_all_cached_dirs fails + +From: Paul Aurich <paul@darkrain42.org> + +commit a2182743a8b4969481f64aec4908ff162e8a206c upstream. + +Under low-memory conditions, close_all_cached_dirs() can't move the +dentries to a separate list to dput() them once the locks are dropped. +This will result in a "Dentry still in use" error, so add an error +message that makes it clear this is what happened: + +[ 495.281119] CIFS: VFS: \\otters.example.com\share Out of memory while dropping dentries +[ 495.281595] ------------[ cut here ]------------ +[ 495.281887] BUG: Dentry ffff888115531138{i=78,n=/} still in use (2) [unmount of cifs cifs] +[ 495.282391] WARNING: CPU: 1 PID: 2329 at fs/dcache.c:1536 umount_check+0xc8/0xf0 + +Also, bail out of looping through all tcons as soon as a single +allocation fails, since we're already in trouble, and kmalloc() attempts +for subseqeuent tcons are likely to fail just like the first one did. + +Signed-off-by: Paul Aurich <paul@darkrain42.org> +Acked-by: Bharath SM <bharathsm@microsoft.com> +Suggested-by: Ruben Devos <rdevos@oxya.com> +Cc: stable@vger.kernel.org +Signed-off-by: Steve French <stfrench@microsoft.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + fs/smb/client/cached_dir.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/fs/smb/client/cached_dir.c ++++ b/fs/smb/client/cached_dir.c +@@ -486,8 +486,17 @@ void close_all_cached_dirs(struct cifs_s + spin_lock(&cfids->cfid_list_lock); + list_for_each_entry(cfid, &cfids->entries, entry) { + tmp_list = kmalloc(sizeof(*tmp_list), GFP_ATOMIC); +- if (tmp_list == NULL) +- break; ++ if (tmp_list == NULL) { ++ /* ++ * If the malloc() fails, we won't drop all ++ * dentries, and unmounting is likely to trigger ++ * a 'Dentry still in use' error. ++ */ ++ cifs_tcon_dbg(VFS, "Out of memory while dropping dentries\n"); ++ spin_unlock(&cfids->cfid_list_lock); ++ spin_unlock(&cifs_sb->tlink_tree_lock); ++ goto done; ++ } + spin_lock(&cfid->fid_lock); + tmp_list->dentry = cfid->dentry; + cfid->dentry = NULL; +@@ -499,6 +508,7 @@ void close_all_cached_dirs(struct cifs_s + } + spin_unlock(&cifs_sb->tlink_tree_lock); + ++done: + list_for_each_entry_safe(tmp_list, q, &entry, entry) { + list_del(&tmp_list->entry); + dput(tmp_list->dentry); diff --git a/queue-6.15/x86-mm-disable-invlpgb-when-pti-is-enabled.patch b/queue-6.15/x86-mm-disable-invlpgb-when-pti-is-enabled.patch new file mode 100644 index 0000000000..97fec808f7 --- /dev/null +++ b/queue-6.15/x86-mm-disable-invlpgb-when-pti-is-enabled.patch @@ -0,0 +1,54 @@ +From 94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Mon Sep 17 00:00:00 2001 +From: Dave Hansen <dave.hansen@linux.intel.com> +Date: Tue, 10 Jun 2025 15:24:20 -0700 +Subject: x86/mm: Disable INVLPGB when PTI is enabled + +From: Dave Hansen <dave.hansen@linux.intel.com> + +commit 94a17f2dc90bc7eae36c0f478515d4bd1c23e877 upstream. + +PTI uses separate ASIDs (aka. PCIDs) for kernel and user address +spaces. When the kernel needs to flush the user address space, it +just sets a bit in a bitmap and then flushes the entire PCID on +the next switch to userspace. + +This bitmap is a single 'unsigned long' which is plenty for all 6 +dynamic ASIDs. But, unfortunately, the INVLPGB support brings along a +bunch more user ASIDs, as many as ~2k more. The bitmap can't address +that many. + +Fortunately, the bitmap is only needed for PTI and all the CPUs +with INVLPGB are AMD CPUs that aren't vulnerable to Meltdown and +don't need PTI. The only way someone can run into an issue in +practice is by booting with pti=on on a newer AMD CPU. + +Disable INVLPGB if PTI is enabled. Avoid overrunning the small +bitmap. + +Note: this will be fixed up properly by making the bitmap bigger. +For now, just avoid the mostly theoretical bug. + +Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes") +Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> +Acked-by: Rik van Riel <riel@surriel.com> +Cc:stable@vger.kernel.org +Link: https://lore.kernel.org/all/20250610222420.E8CBF472%40davehans-spike.ostc.intel.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/mm/pti.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/mm/pti.c ++++ b/arch/x86/mm/pti.c +@@ -98,6 +98,11 @@ void __init pti_check_boottime_disable(v + return; + + setup_force_cpu_cap(X86_FEATURE_PTI); ++ ++ if (cpu_feature_enabled(X86_FEATURE_INVLPGB)) { ++ pr_debug("PTI enabled, disabling INVLPGB\n"); ++ setup_clear_cpu_cap(X86_FEATURE_INVLPGB); ++ } + } + + static int __init pti_parse_cmdline(char *arg) |