diff --git a/patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch b/patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch
index 074c829..fe50b8d 100644
--- a/patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch
+++ b/patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch
@@ -38,7 +38,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  
  /*
  
-@@ -318,6 +320,82 @@ For 32-bit we have the following convent
+@@ -310,6 +312,82 @@ For 32-bit we have the following convent
  #endif
  
  /*
@@ -193,10 +193,10 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	 */
  syscall_return_via_sysret:
 +	IBRS_EXIT
- 	/* rcx and r11 are already restored (see code above) */
- 	POP_REGS pop_rdi=0 skip_r11rcx=1
+ 	POP_REGS pop_rdi=0
  
-@@ -713,6 +718,7 @@ ret_from_intr:
+ 	/*
+@@ -712,6 +717,7 @@ ret_from_intr:
  	TRACE_IRQS_IRETQ
  
  GLOBAL(swapgs_restore_regs_and_return_to_usermode)
@@ -204,7 +204,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  #ifdef CONFIG_DEBUG_ENTRY
  	/* Assert that pt_regs indicates user mode. */
  	testb	$3, CS(%rsp)
-@@ -1317,6 +1323,9 @@ idtentry_vc	X86_TRAP_VC	asm_vmm_communic
+@@ -1316,6 +1322,9 @@ idtentry_vc	X86_TRAP_VC	asm_vmm_communic
   *              1 -> no SWAPGS on exit
   *
   *     Y        GSBASE value at entry, must be restored in paranoid_exit
@@ -214,7 +214,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
   */
  SYM_CODE_START_LOCAL(paranoid_entry)
  	UNWIND_HINT_FUNC
-@@ -1340,7 +1349,6 @@ SYM_CODE_START_LOCAL(paranoid_entry)
+@@ -1339,7 +1348,6 @@ SYM_CODE_START_LOCAL(paranoid_entry)
  	 * be retrieved from a kernel internal table.
  	 */
  	SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
@@ -222,7 +222,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  
  	/*
  	 * Handling GSBASE depends on the availability of FSGSBASE.
-@@ -1361,7 +1369,7 @@ SYM_CODE_START_LOCAL(paranoid_entry)
+@@ -1360,7 +1368,7 @@ SYM_CODE_START_LOCAL(paranoid_entry)
  	 * mispredicted GSBASE. No extra FENCE required.
  	 */
  	SAVE_AND_SET_GSBASE scratch_reg=%rax save_reg=%rbx
@@ -231,7 +231,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  
  .Lparanoid_entry_checkgs:
  	/* EBX = 1 -> kernel GSBASE active, no restore required */
-@@ -1380,8 +1388,16 @@ SYM_CODE_START_LOCAL(paranoid_entry)
+@@ -1379,8 +1387,16 @@ SYM_CODE_START_LOCAL(paranoid_entry)
  	xorl	%ebx, %ebx
  	SWAPGS
  .Lparanoid_kernel_gsbase:
@@ -249,7 +249,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	RET
  SYM_CODE_END(paranoid_entry)
  
-@@ -1403,12 +1419,22 @@ SYM_CODE_END(paranoid_entry)
+@@ -1402,12 +1418,22 @@ SYM_CODE_END(paranoid_entry)
   *              1 -> no SWAPGS on exit
   *
   *     Y        User space GSBASE, must be restored unconditionally
@@ -272,7 +272,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	/*
  	 * The order of operations is important. RESTORE_CR3 requires
  	 * kernel GSBASE.
-@@ -1456,9 +1482,11 @@ SYM_CODE_START_LOCAL(error_entry)
+@@ -1455,9 +1481,11 @@ SYM_CODE_START_LOCAL(error_entry)
  	FENCE_SWAPGS_USER_ENTRY
  	/* We have user CR3.  Change to kernel CR3. */
  	SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
@@ -284,7 +284,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	/* Put us onto the real thread stack. */
  	popq	%r12				/* save return addr in %12 */
  	movq	%rsp, %rdi			/* arg0 = pt_regs pointer */
-@@ -1512,6 +1540,8 @@ SYM_CODE_START_LOCAL(error_entry)
+@@ -1511,6 +1539,8 @@ SYM_CODE_START_LOCAL(error_entry)
  	SWAPGS
  	FENCE_SWAPGS_USER_ENTRY
  	SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
@@ -293,7 +293,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  
  	/*
  	 * Pretend that the exception came from user mode: set up pt_regs
-@@ -1607,7 +1637,6 @@ ENTRY(nmi)
+@@ -1606,7 +1636,6 @@ ENTRY(nmi)
  	movq	%rsp, %rdx
  	movq	PER_CPU_VAR(cpu_current_top_of_stack), %rsp
  	UNWIND_HINT_IRET_REGS base=%rdx offset=8
@@ -301,7 +301,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	pushq	5*8(%rdx)	/* pt_regs->ss */
  	pushq	4*8(%rdx)	/* pt_regs->rsp */
  	pushq	3*8(%rdx)	/* pt_regs->flags */
-@@ -1618,6 +1647,9 @@ ENTRY(nmi)
+@@ -1617,6 +1646,9 @@ ENTRY(nmi)
  	PUSH_AND_CLEAR_REGS rdx=(%rdx)
  	ENCODE_FRAME_POINTER
  
@@ -311,7 +311,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
  	/*
  	 * At this point we no longer need to worry about stack damage
  	 * due to nesting -- we're on the normal thread stack and we're
-@@ -1841,6 +1873,9 @@ end_repeat_nmi:
+@@ -1840,6 +1872,9 @@ end_repeat_nmi:
  	movq	$-1, %rsi
  	call	do_nmi
  
diff --git a/patches.suse/x86-entry-remove-skip_r11rcx.patch b/patches.suse/x86-entry-remove-skip_r11rcx.patch
new file mode 100644
index 0000000..e3ed675
--- /dev/null
+++ b/patches.suse/x86-entry-remove-skip_r11rcx.patch
@@ -0,0 +1,64 @@
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Fri, 6 May 2022 14:14:35 +0200
+Subject: x86/entry: Remove skip_r11rcx
+Git-commit: 1b331eeea7b8676fc5dbdf80d0a07e41be226177
+Patch-mainline: v5.19-rc1
+References: bsc#1201644
+
+Yes, r11 and rcx have been restored previously, but since they're being
+popped anyway (into rsi) might as well pop them into their own regs --
+setting them to the value they already are.
+
+Less magical code.
+
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Link: https://lore.kernel.org/r/20220506121631.365070674@infradead.org
+---
+ arch/x86/entry/calling.h  |   10 +---------
+ arch/x86/entry/entry_64.S |    3 +--
+ 2 files changed, 2 insertions(+), 11 deletions(-)
+
+--- a/arch/x86/entry/calling.h
++++ b/arch/x86/entry/calling.h
+@@ -147,27 +147,19 @@ For 32-bit we have the following convent
+ 
+ .endm
+ 
+-.macro POP_REGS pop_rdi=1 skip_r11rcx=0
++.macro POP_REGS pop_rdi=1
+ 	popq %r15
+ 	popq %r14
+ 	popq %r13
+ 	popq %r12
+ 	popq %rbp
+ 	popq %rbx
+-	.if \skip_r11rcx
+-	popq %rsi
+-	.else
+ 	popq %r11
+-	.endif
+ 	popq %r10
+ 	popq %r9
+ 	popq %r8
+ 	popq %rax
+-	.if \skip_r11rcx
+-	popq %rsi
+-	.else
+ 	popq %rcx
+-	.endif
+ 	popq %rdx
+ 	popq %rsi
+ 	.if \pop_rdi
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -251,8 +251,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
+ 	 * perf profiles. Nothing jumps here.
+ 	 */
+ syscall_return_via_sysret:
+-	/* rcx and r11 are already restored (see code above) */
+-	POP_REGS pop_rdi=0 skip_r11rcx=1
++	POP_REGS pop_rdi=0
+ 
+ 	/*
+ 	 * Now all regs are restored except RSP and RDI.
diff --git a/series.conf b/series.conf
index 620e4d1..d5b67c0 100644
--- a/series.conf
+++ b/series.conf
@@ -55542,6 +55542,7 @@
 	patches.suse/irqchip-exiu-Fix-acknowledgment-of-edge-triggered-in.patch
 	patches.suse/irqchip-aspeed-i2c-ic-Fix-irq_of_parse_and_map-retur.patch
 	patches.suse/irqchip-armada-370-xp-Do-not-touch-Performance-Count.patch
+	patches.suse/x86-entry-remove-skip_r11rcx.patch
 	patches.suse/irqchip-irq-xtensa-mx-fix-initial-IRQ-affinity.patch
 	patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch
 	patches.suse/tpm-ibmvtpm-Correct-the-return-value-in-tpm_ibmvtpm_.patch