From 757e7a9cb18b1562bc216d8b97dffc706980d005 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 16 Aug 2018 07:00:44 +0200
Subject: [PATCH] l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled

---
 debian/changelog                              |  3 ++
 ...seen-if-config_kvm_intel-is-disabled.patch | 40 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 44 insertions(+)
 create mode 100644 debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch

diff --git a/debian/changelog b/debian/changelog
index 1b991264d..0ed2f6adc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -117,6 +117,9 @@ linux (4.17.15-1) UNRELEASED; urgency=medium
   * drivers/net/phy: Enable SFP as module (Closes: #906054)
   * Revert "net: increase fragment memory usage limits" (CVE-2018-5391)
 
+  [ Salvatore Bonaccorso ]
+  * [x86] l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
+
  -- Ben Hutchings <ben@decadent.org.uk>  Tue, 14 Aug 2018 00:07:30 +0800
 
 linux (4.17.14-1) unstable; urgency=high
diff --git a/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch b/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch
new file mode 100644
index 000000000..88c2ec6c9
--- /dev/null
+++ b/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch
@@ -0,0 +1,40 @@
+From 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Wed, 15 Aug 2018 08:38:33 -0700
+Subject: x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+commit 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 upstream.
+
+allmodconfig+CONFIG_INTEL_KVM=n results in the following build error.
+
+  ERROR: "l1tf_vmx_mitigation" [arch/x86/kvm/kvm.ko] undefined!
+
+Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry")
+Reported-by: Meelis Roos <mroos@linux.ee>
+Cc: Meelis Roos <mroos@linux.ee>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/bugs.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -648,10 +648,9 @@ void x86_spec_ctrl_setup_ap(void)
+ enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH;
+ #if IS_ENABLED(CONFIG_KVM_INTEL)
+ EXPORT_SYMBOL_GPL(l1tf_mitigation);
+-
++#endif
+ enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
+ EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation);
+-#endif
+ 
+ static void __init l1tf_select_mitigation(void)
+ {
diff --git a/debian/patches/series b/debian/patches/series
index ad6f90eea..cf1cc392f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,6 +69,7 @@ bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
 bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch
 bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch
 bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch
+bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch
 
 # Arch features
 features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch