diff --git a/debian/changelog b/debian/changelog
index 44f396424..7809e5081 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,12 @@ linux (4.19.37-5+deb10u2) UNRELEASED; urgency=medium
   * Documentation: Add section about CPU vulnerabilities for Spectre
   * Documentation: Add swapgs description to the Spectre v1 documentation
 
+  [ Ben Hutchings ]
+  * [x86] cpufeatures: Avoid ABI change for swapgs mitigations:
+    - Move swapgs feature bits to existing scattered words
+    - Revert "x86/cpufeatures: Combine word 11 and 12 into a new scattered
+      features word"
+
  -- Romain Perier <romain.perier@gmail.com>  Mon, 22 Jul 2019 14:00:00 +0200
 
 linux (4.19.37-5+deb10u1) buster-security; urgency=high
diff --git a/debian/patches/debian/abi/revert-x86-cpufeatures-combine-word-11-and-12-into-a-new-sc.patch b/debian/patches/debian/abi/revert-x86-cpufeatures-combine-word-11-and-12-into-a-new-sc.patch
new file mode 100644
index 000000000..b29b97512
--- /dev/null
+++ b/debian/patches/debian/abi/revert-x86-cpufeatures-combine-word-11-and-12-into-a-new-sc.patch
@@ -0,0 +1,138 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 08 Aug 2019 02:42:32 +0100
+Subject: Revert "x86/cpufeatures: Combine word 11 and 12 into a new scattered features word"
+Forwarded: not-needed
+
+Renumbering CPU feature bits is a kABI change (even if genksyms
+doesn't notice it).  And we actually had just enough spare bits in the
+existing scattered features words.
+
+---
+--- a/arch/x86/include/asm/cpufeature.h
++++ b/arch/x86/include/asm/cpufeature.h
+@@ -22,8 +22,8 @@ enum cpuid_leafs
+ 	CPUID_LNX_3,
+ 	CPUID_7_0_EBX,
+ 	CPUID_D_1_EAX,
+-	CPUID_LNX_4,
+-	CPUID_DUMMY,
++	CPUID_F_0_EDX,
++	CPUID_F_1_EDX,
+ 	CPUID_8000_0008_EBX,
+ 	CPUID_6_EAX,
+ 	CPUID_8000_000A_EDX,
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -271,16 +271,13 @@
+ #define X86_FEATURE_XGETBV1		(10*32+ 2) /* XGETBV with ECX = 1 instruction */
+ #define X86_FEATURE_XSAVES		(10*32+ 3) /* XSAVES/XRSTORS instructions */
+ 
+-/*
+- * Extended auxiliary flags: Linux defined - for features scattered in various
+- * CPUID levels like 0xf, etc.
+- *
+- * Reuse free bits when adding new feature flags!
+- */
+-#define X86_FEATURE_CQM_LLC		(11*32+ 0) /* LLC QoS if 1 */
+-#define X86_FEATURE_CQM_OCCUP_LLC	(11*32+ 1) /* LLC occupancy monitoring */
+-#define X86_FEATURE_CQM_MBM_TOTAL	(11*32+ 2) /* LLC Total MBM monitoring */
+-#define X86_FEATURE_CQM_MBM_LOCAL	(11*32+ 3) /* LLC Local MBM monitoring */
++/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:0 (EDX), word 11 */
++#define X86_FEATURE_CQM_LLC		(11*32+ 1) /* LLC QoS if 1 */
++
++/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:1 (EDX), word 12 */
++#define X86_FEATURE_CQM_OCCUP_LLC	(12*32+ 0) /* LLC occupancy monitoring */
++#define X86_FEATURE_CQM_MBM_TOTAL	(12*32+ 1) /* LLC Total MBM monitoring */
++#define X86_FEATURE_CQM_MBM_LOCAL	(12*32+ 2) /* LLC Local MBM monitoring */
+ 
+ /* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 13 */
+ #define X86_FEATURE_CLZERO		(13*32+ 0) /* CLZERO instruction */
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -810,25 +810,33 @@ static void init_speculation_control(str
+ 
+ static void init_cqm(struct cpuinfo_x86 *c)
+ {
+-	if (!cpu_has(c, X86_FEATURE_CQM_LLC)) {
+-		c->x86_cache_max_rmid  = -1;
+-		c->x86_cache_occ_scale = -1;
+-		return;
+-	}
+-
+-	/* will be overridden if occupancy monitoring exists */
+-	c->x86_cache_max_rmid = cpuid_ebx(0xf);
+-
+-	if (cpu_has(c, X86_FEATURE_CQM_OCCUP_LLC) ||
+-	    cpu_has(c, X86_FEATURE_CQM_MBM_TOTAL) ||
+-	    cpu_has(c, X86_FEATURE_CQM_MBM_LOCAL)) {
+-		u32 eax, ebx, ecx, edx;
++	u32 eax, ebx, ecx, edx;
+ 
+-		/* QoS sub-leaf, EAX=0Fh, ECX=1 */
+-		cpuid_count(0xf, 1, &eax, &ebx, &ecx, &edx);
++	/* Additional Intel-defined flags: level 0x0000000F */
++	if (c->cpuid_level >= 0x0000000F) {
+ 
+-		c->x86_cache_max_rmid  = ecx;
+-		c->x86_cache_occ_scale = ebx;
++		/* QoS sub-leaf, EAX=0Fh, ECX=0 */
++		cpuid_count(0x0000000F, 0, &eax, &ebx, &ecx, &edx);
++		c->x86_capability[CPUID_F_0_EDX] = edx;
++
++		if (cpu_has(c, X86_FEATURE_CQM_LLC)) {
++			/* will be overridden if occupancy monitoring exists */
++			c->x86_cache_max_rmid = ebx;
++
++			/* QoS sub-leaf, EAX=0Fh, ECX=1 */
++			cpuid_count(0x0000000F, 1, &eax, &ebx, &ecx, &edx);
++			c->x86_capability[CPUID_F_1_EDX] = edx;
++
++			if ((cpu_has(c, X86_FEATURE_CQM_OCCUP_LLC)) ||
++			      ((cpu_has(c, X86_FEATURE_CQM_MBM_TOTAL)) ||
++			       (cpu_has(c, X86_FEATURE_CQM_MBM_LOCAL)))) {
++				c->x86_cache_max_rmid = ecx;
++				c->x86_cache_occ_scale = ebx;
++			}
++		} else {
++			c->x86_cache_max_rmid = -1;
++			c->x86_cache_occ_scale = -1;
++		}
+ 	}
+ }
+ 
+--- a/arch/x86/kernel/cpu/cpuid-deps.c
++++ b/arch/x86/kernel/cpu/cpuid-deps.c
+@@ -59,9 +59,6 @@ static const struct cpuid_dep cpuid_deps
+ 	{ X86_FEATURE_AVX512_4VNNIW,	X86_FEATURE_AVX512F   },
+ 	{ X86_FEATURE_AVX512_4FMAPS,	X86_FEATURE_AVX512F   },
+ 	{ X86_FEATURE_AVX512_VPOPCNTDQ, X86_FEATURE_AVX512F   },
+-	{ X86_FEATURE_CQM_OCCUP_LLC,	X86_FEATURE_CQM_LLC   },
+-	{ X86_FEATURE_CQM_MBM_TOTAL,	X86_FEATURE_CQM_LLC   },
+-	{ X86_FEATURE_CQM_MBM_LOCAL,	X86_FEATURE_CQM_LLC   },
+ 	{}
+ };
+ 
+--- a/arch/x86/kernel/cpu/scattered.c
++++ b/arch/x86/kernel/cpu/scattered.c
+@@ -21,10 +21,6 @@ struct cpuid_bit {
+ static const struct cpuid_bit cpuid_bits[] = {
+ 	{ X86_FEATURE_APERFMPERF,       CPUID_ECX,  0, 0x00000006, 0 },
+ 	{ X86_FEATURE_EPB,		CPUID_ECX,  3, 0x00000006, 0 },
+-	{ X86_FEATURE_CQM_LLC,		CPUID_EDX,  1, 0x0000000f, 0 },
+-	{ X86_FEATURE_CQM_OCCUP_LLC,	CPUID_EDX,  0, 0x0000000f, 1 },
+-	{ X86_FEATURE_CQM_MBM_TOTAL,	CPUID_EDX,  1, 0x0000000f, 1 },
+-	{ X86_FEATURE_CQM_MBM_LOCAL,	CPUID_EDX,  2, 0x0000000f, 1 },
+ 	{ X86_FEATURE_CAT_L3,		CPUID_EBX,  1, 0x00000010, 0 },
+ 	{ X86_FEATURE_CAT_L2,		CPUID_EBX,  2, 0x00000010, 0 },
+ 	{ X86_FEATURE_CDP_L3,		CPUID_ECX,  2, 0x00000010, 1 },
+--- a/arch/x86/kvm/cpuid.h
++++ b/arch/x86/kvm/cpuid.h
+@@ -47,6 +47,8 @@ static const struct cpuid_reg reverse_cp
+ 	[CPUID_8000_0001_ECX] = {0x80000001, 0, CPUID_ECX},
+ 	[CPUID_7_0_EBX]       = {         7, 0, CPUID_EBX},
+ 	[CPUID_D_1_EAX]       = {       0xd, 1, CPUID_EAX},
++	[CPUID_F_0_EDX]       = {       0xf, 0, CPUID_EDX},
++	[CPUID_F_1_EDX]       = {       0xf, 1, CPUID_EDX},
+ 	[CPUID_8000_0008_EBX] = {0x80000008, 0, CPUID_EBX},
+ 	[CPUID_6_EAX]         = {         6, 0, CPUID_EAX},
+ 	[CPUID_8000_000A_EDX] = {0x8000000a, 0, CPUID_EDX},
diff --git a/debian/patches/debian/abi/x86-cpufeatures-move-swapgs-feature-bits-to-existing.patch b/debian/patches/debian/abi/x86-cpufeatures-move-swapgs-feature-bits-to-existing.patch
new file mode 100644
index 000000000..df6f58e76
--- /dev/null
+++ b/debian/patches/debian/abi/x86-cpufeatures-move-swapgs-feature-bits-to-existing.patch
@@ -0,0 +1,37 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 08 Aug 2019 02:40:23 +0100
+Subject: x86/cpufeatures: Move swapgs feature bits to existing scattered words
+Forwarded: not-needed
+
+Renumbering CPU feature bits is a kABI change (even if genksyms
+doesn't notice it).  Move the new feature bits for the mitigations to
+spare bits in the existing "scattered" feature words.
+
+---
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -108,6 +108,7 @@
+ #define X86_FEATURE_EXTD_APICID		( 3*32+26) /* Extended APICID (8 bits) */
+ #define X86_FEATURE_AMD_DCM		( 3*32+27) /* AMD multi-node processor */
+ #define X86_FEATURE_APERFMPERF		( 3*32+28) /* P-State hardware coordination feedback capability (APERF/MPERF MSRs) */
++#define X86_FEATURE_FENCE_SWAPGS_USER	( 3*32+29) /* "" LFENCE in user entry SWAPGS path */
+ #define X86_FEATURE_NONSTOP_TSC_S3	( 3*32+30) /* TSC doesn't stop in S3 state */
+ #define X86_FEATURE_TSC_KNOWN_FREQ	( 3*32+31) /* TSC has known frequency */
+ 
+@@ -221,6 +222,7 @@
+ #define X86_FEATURE_ZEN			( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
+ #define X86_FEATURE_L1TF_PTEINV		( 7*32+29) /* "" L1TF workaround PTE inversion */
+ #define X86_FEATURE_IBRS_ENHANCED	( 7*32+30) /* Enhanced IBRS */
++#define X86_FEATURE_FENCE_SWAPGS_KERNEL	( 7*32+31) /* "" LFENCE in kernel entry SWAPGS path */
+ 
+ /* Virtualization flags: Linux defined, word 8 */
+ #define X86_FEATURE_TPR_SHADOW		( 8*32+ 0) /* Intel TPR Shadow */
+@@ -279,8 +281,6 @@
+ #define X86_FEATURE_CQM_OCCUP_LLC	(11*32+ 1) /* LLC occupancy monitoring */
+ #define X86_FEATURE_CQM_MBM_TOTAL	(11*32+ 2) /* LLC Total MBM monitoring */
+ #define X86_FEATURE_CQM_MBM_LOCAL	(11*32+ 3) /* LLC Local MBM monitoring */
+-#define X86_FEATURE_FENCE_SWAPGS_USER	(11*32+ 4) /* "" LFENCE in user entry SWAPGS path */
+-#define X86_FEATURE_FENCE_SWAPGS_KERNEL	(11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */
+ 
+ /* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 13 */
+ #define X86_FEATURE_CLZERO		(13*32+ 0) /* CLZERO instruction */
diff --git a/debian/patches/series b/debian/patches/series
index 37da9881b..d1c1e941a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -302,3 +302,5 @@ features/all/ena/0018-net-ena-update-driver-version-from-2.0.1-to-2.0.2.patch
 
 # ABI maintenance
 debian/abi/tcp-avoid-abi-change-for-dos-fixes.patch
+debian/abi/x86-cpufeatures-move-swapgs-feature-bits-to-existing.patch
+debian/abi/revert-x86-cpufeatures-combine-word-11-and-12-into-a-new-sc.patch