update to v5.15.83

with v5.15.78 from ubuntu's master-next and the v5.15.78..v5.15.83
part cherry-picked from upstream stable linux-5.15.y branch

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -55,7 +55,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index bfc1f87aa9ae..ed601c66eef0 100644
+index b5272568a8f3..f1ef6820d39e 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
 @@ -3945,6 +3945,15 @@

patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 3ae5f6a3eae4..1888f6a9306b 100644
+index 3ffed093d3ea..0356aa39f654 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);

patches/kernel/0008-do-not-generate-split-BTF-type-info-per-default.patch

@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index ead81fad883c..9d76f3c39735 100644
+index dbbd243c865f..406d781fa9ff 100644
 --- a/lib/Kconfig.debug
 +++ b/lib/Kconfig.debug
-@@ -325,7 +325,7 @@ config PAHOLE_HAS_SPLIT_BTF
+@@ -331,7 +331,7 @@ config PAHOLE_HAS_SPLIT_BTF
  	def_bool PAHOLE_VERSION >= 119
  
  config DEBUG_INFO_BTF_MODULES

patches/kernel/0016-KVM-x86-emulator-em_sysexit-should-update-ctxt-mode.patch

@@ -1,31 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Maxim Levitsky <mlevitsk@redhat.com>
-Date: Wed, 3 Aug 2022 18:50:00 +0300
-Subject: [PATCH] KVM: x86: emulator: em_sysexit should update ctxt->mode
-
-This is one of the instructions that can change the
-processor mode.
-
-Note that this is likely a benign bug, because the only problematic
-mode change is from 32 bit to 64 bit which can lead to truncation of RIP,
-and it is not possible to do with sysexit,
-since sysexit running in 32 bit mode will be limited to 32 bit version.
-
-Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kvm/emulate.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 3b4e1d8d239a..ad58eb751b4f 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -2861,6 +2861,7 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- 	ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
- 
- 	ctxt->_eip = rdx;
-+	ctxt->mode = usermode;
- 	*reg_write(ctxt, VCPU_REGS_RSP) = rcx;
- 
- 	return X86EMUL_CONTINUE;

patches/kernel/0016-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch

@@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 5 insertions(+)
 
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index e095debb7022..9dc100399c94 100644
+index cb96e4354f31..23e4fce033a3 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
 @@ -2638,6 +2638,11 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)

patches/kernel/0017-KVM-x86-emulator-introduce-emulator_recalc_and_set_m.patch

@@ -1,158 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Maxim Levitsky <mlevitsk@redhat.com>
-Date: Wed, 3 Aug 2022 18:50:01 +0300
-Subject: [PATCH] KVM: x86: emulator: introduce emulator_recalc_and_set_mode
-
-Some instructions update the cpu execution mode, which needs
-to update the emulation mode.
-
-Extract this code, and make assign_eip_far use it.
-
-assign_eip_far now reads CS, instead of getting it via a parameter,
-which is ok, because callers always assign CS to the
-same value before calling it.
-
-No functional change is intended.
-
-Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kvm/emulate.c | 85 ++++++++++++++++++++++++++++--------------
- 1 file changed, 57 insertions(+), 28 deletions(-)
-
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index ad58eb751b4f..e095debb7022 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -795,8 +795,7 @@ static int linearize(struct x86_emulate_ctxt *ctxt,
- 			   ctxt->mode, linear);
- }
- 
--static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst,
--			     enum x86emul_mode mode)
-+static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst)
- {
- 	ulong linear;
- 	int rc;
-@@ -806,41 +805,71 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst,
- 
- 	if (ctxt->op_bytes != sizeof(unsigned long))
- 		addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1);
--	rc = __linearize(ctxt, addr, &max_size, 1, false, true, mode, &linear);
-+	rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear);
- 	if (rc == X86EMUL_CONTINUE)
- 		ctxt->_eip = addr.ea;
- 	return rc;
- }
- 
-+static inline int emulator_recalc_and_set_mode(struct x86_emulate_ctxt *ctxt)
-+{
-+	u64 efer;
-+	struct desc_struct cs;
-+	u16 selector;
-+	u32 base3;
-+
-+	ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
-+
-+	if (!ctxt->ops->get_cr(ctxt, 0) & X86_CR0_PE) {
-+		/* Real mode. cpu must not have long mode active */
-+		if (efer & EFER_LMA)
-+			return X86EMUL_UNHANDLEABLE;
-+		ctxt->mode = X86EMUL_MODE_REAL;
-+		return X86EMUL_CONTINUE;
-+	}
-+
-+	if (ctxt->eflags & X86_EFLAGS_VM) {
-+		/* Protected/VM86 mode. cpu must not have long mode active */
-+		if (efer & EFER_LMA)
-+			return X86EMUL_UNHANDLEABLE;
-+		ctxt->mode = X86EMUL_MODE_VM86;
-+		return X86EMUL_CONTINUE;
-+	}
-+
-+	if (!ctxt->ops->get_segment(ctxt, &selector, &cs, &base3, VCPU_SREG_CS))
-+		return X86EMUL_UNHANDLEABLE;
-+
-+	if (efer & EFER_LMA) {
-+		if (cs.l) {
-+			/* Proper long mode */
-+			ctxt->mode = X86EMUL_MODE_PROT64;
-+		} else if (cs.d) {
-+			/* 32 bit compatibility mode*/
-+			ctxt->mode = X86EMUL_MODE_PROT32;
-+		} else {
-+			ctxt->mode = X86EMUL_MODE_PROT16;
-+		}
-+	} else {
-+		/* Legacy 32 bit / 16 bit mode */
-+		ctxt->mode = cs.d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16;
-+	}
-+
-+	return X86EMUL_CONTINUE;
-+}
-+
- static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
- {
--	return assign_eip(ctxt, dst, ctxt->mode);
-+	return assign_eip(ctxt, dst);
- }
- 
--static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst,
--			  const struct desc_struct *cs_desc)
-+static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst)
- {
--	enum x86emul_mode mode = ctxt->mode;
--	int rc;
-+	int rc = emulator_recalc_and_set_mode(ctxt);
- 
--#ifdef CONFIG_X86_64
--	if (ctxt->mode >= X86EMUL_MODE_PROT16) {
--		if (cs_desc->l) {
--			u64 efer = 0;
-+	if (rc != X86EMUL_CONTINUE)
-+		return rc;
- 
--			ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
--			if (efer & EFER_LMA)
--				mode = X86EMUL_MODE_PROT64;
--		} else
--			mode = X86EMUL_MODE_PROT32; /* temporary value */
--	}
--#endif
--	if (mode == X86EMUL_MODE_PROT16 || mode == X86EMUL_MODE_PROT32)
--		mode = cs_desc->d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16;
--	rc = assign_eip(ctxt, dst, mode);
--	if (rc == X86EMUL_CONTINUE)
--		ctxt->mode = mode;
--	return rc;
-+	return assign_eip(ctxt, dst);
- }
- 
- static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
-@@ -2153,7 +2182,7 @@ static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
- 	if (rc != X86EMUL_CONTINUE)
- 		return rc;
- 
--	rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc);
-+	rc = assign_eip_far(ctxt, ctxt->src.val);
- 	/* Error handling is not implemented. */
- 	if (rc != X86EMUL_CONTINUE)
- 		return X86EMUL_UNHANDLEABLE;
-@@ -2234,7 +2263,7 @@ static int em_ret_far(struct x86_emulate_ctxt *ctxt)
- 				       &new_desc);
- 	if (rc != X86EMUL_CONTINUE)
- 		return rc;
--	rc = assign_eip_far(ctxt, eip, &new_desc);
-+	rc = assign_eip_far(ctxt, eip);
- 	/* Error handling is not implemented. */
- 	if (rc != X86EMUL_CONTINUE)
- 		return X86EMUL_UNHANDLEABLE;
-@@ -3458,7 +3487,7 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt)
- 	if (rc != X86EMUL_CONTINUE)
- 		return rc;
- 
--	rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc);
-+	rc = assign_eip_far(ctxt, ctxt->src.val);
- 	if (rc != X86EMUL_CONTINUE)
- 		goto fail;
- 

patches/kernel/0017-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch

@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  3 files changed, 225 insertions(+)
 
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 70ed6c458084..a332d6f5d4dc 100644
+index 23e4fce033a3..f169be004aab 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
-@@ -5827,3 +5827,9 @@ bool emulator_can_use_gpa(struct x86_emulate_ctxt *ctxt)
+@@ -5829,3 +5829,9 @@ bool emulator_can_use_gpa(struct x86_emulate_ctxt *ctxt)
  
  	return true;
  }
@@ -267,10 +267,10 @@ index fb09cd22cb7f..0b2bbcce321a 100644
  #if defined(CONFIG_X86_32)
  #define X86EMUL_MODE_HOST X86EMUL_MODE_PROT32
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index a4377e50a721..d394cf17a864 100644
+index a6c96f6f9257..6b3c5e4df3e8 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -12502,6 +12502,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
+@@ -12600,6 +12600,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
  static int __init kvm_x86_init(void)
  {
  	kvm_mmu_x86_module_init();

patches/kernel/0018-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch

@@ -40,7 +40,7 @@ index 1172a201d851..c4e382af1853 100644
  
  	int (*mem_enc_op)(struct kvm *kvm, void __user *argp);
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index a332d6f5d4dc..382d7773a8b0 100644
+index f169be004aab..d3cc1b8e2ea6 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
 @@ -2566,16 +2566,18 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt,
@@ -105,10 +105,10 @@ index 0b2bbcce321a..3b37b3e17379 100644
  	int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr);
  };
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index 81b8eb0fa912..de82175f0aad 100644
+index 6deb0553ff01..703d63ea1398 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -4313,12 +4313,14 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+@@ -4299,12 +4299,14 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
  	return !svm_smi_blocked(vcpu);
  }
  
@@ -124,7 +124,7 @@ index 81b8eb0fa912..de82175f0aad 100644
  	if (!is_guest_mode(vcpu))
  		return 0;
  
-@@ -4360,7 +4362,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+@@ -4346,7 +4348,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
  	return 0;
  }
  
@@ -133,7 +133,7 @@ index 81b8eb0fa912..de82175f0aad 100644
  {
  	struct vcpu_svm *svm = to_svm(vcpu);
  	struct kvm_host_map map, map_save;
-@@ -4368,6 +4370,8 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
+@@ -4354,6 +4356,8 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
  	struct vmcb *vmcb12;
  	int ret;
  
@@ -143,10 +143,10 @@ index 81b8eb0fa912..de82175f0aad 100644
  		return 0;
  
 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
-index ff1861312448..290f4d0aca7e 100644
+index cbf61741d39f..7ee57827710a 100644
 --- a/arch/x86/kvm/vmx/vmx.c
 +++ b/arch/x86/kvm/vmx/vmx.c
-@@ -7594,7 +7594,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+@@ -7604,7 +7604,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
  	return !is_smm(vcpu);
  }
  
@@ -155,7 +155,7 @@ index ff1861312448..290f4d0aca7e 100644
  {
  	struct vcpu_vmx *vmx = to_vmx(vcpu);
  
-@@ -7608,7 +7608,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+@@ -7618,7 +7618,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
  	return 0;
  }
  
@@ -165,10 +165,10 @@ index ff1861312448..290f4d0aca7e 100644
  	struct vcpu_vmx *vmx = to_vmx(vcpu);
  	int ret;
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index d394cf17a864..f416ccf8a71f 100644
+index 6b3c5e4df3e8..dd496c99d984 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -7351,9 +7351,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
+@@ -7421,9 +7421,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
  }
  
  static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt,
@@ -180,7 +180,7 @@ index d394cf17a864..f416ccf8a71f 100644
  }
  
  static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt)
-@@ -9212,25 +9212,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9300,25 +9300,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	struct kvm_segment cs, ds;
  	struct desc_ptr dt;
  	unsigned long cr0;

patches/kernel/0019-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch

@@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 60 insertions(+), 96 deletions(-)
 
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 382d7773a8b0..616337ad077c 100644
+index d3cc1b8e2ea6..0dd18d66f3b7 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
 @@ -2343,25 +2343,17 @@ static void rsm_set_desc_flags(struct desc_struct *desc, u32 flags)
@@ -145,10 +145,10 @@ index 382d7773a8b0..616337ad077c 100644
  	if (ret != X86EMUL_CONTINUE)
  		goto emulate_shutdown;
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index f416ccf8a71f..c42e8be7b4ab 100644
+index dd496c99d984..23f83e92e6b8 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -9066,22 +9066,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
+@@ -9154,22 +9154,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
  	return flags;
  }
  
@@ -179,7 +179,7 @@ index f416ccf8a71f..c42e8be7b4ab 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9102,54 +9098,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
+@@ -9190,54 +9186,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
  }
  #endif
  
@@ -257,7 +257,7 @@ index f416ccf8a71f..c42e8be7b4ab 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9220,7 +9209,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9308,7 +9297,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  		enter_smm_save_state_64(vcpu, (char *)&smram);
  	else
  #endif

patches/kernel/0019-KVM-x86-emulator-update-the-emulation-mode-after-CR0.patch

@@ -1,49 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Maxim Levitsky <mlevitsk@redhat.com>
-Date: Wed, 3 Aug 2022 18:50:03 +0300
-Subject: [PATCH] KVM: x86: emulator: update the emulation mode after CR0 write
-
-CR0.PE toggles real/protected mode, thus its update
-should update the emulation mode.
-
-This is likely a benign bug because there is no writeback
-of state, other than the RIP increment, and when toggling
-CR0.PE, the CPU has to execute code from a very low memory address.
-
-Also CR0.PG toggle when EFER.LMA is set, toggles the long mode.
-
-Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kvm/emulate.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 9dc100399c94..70ed6c458084 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -3634,11 +3634,23 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt)
- 
- static int em_cr_write(struct x86_emulate_ctxt *ctxt)
- {
--	if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val))
-+	int cr_num = ctxt->modrm_reg;
-+	int r;
-+
-+	if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val))
- 		return emulate_gp(ctxt, 0);
- 
- 	/* Disable writeback. */
- 	ctxt->dst.type = OP_NONE;
-+
-+	if (cr_num == 0) {
-+		/* CR0 write might have updated CR0.PE and/or CR0.PG
-+		 * which can affect the cpu execution mode */
-+		r = emulator_recalc_and_set_mode(ctxt);
-+		if (r != X86EMUL_CONTINUE)
-+			return r;
-+	}
-+
- 	return X86EMUL_CONTINUE;
- }
- 

patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch

@@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 62 insertions(+), 101 deletions(-)
 
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 616337ad077c..72e895b0b61a 100644
+index 0dd18d66f3b7..37c1662b5508 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
 @@ -2357,24 +2357,16 @@ static void rsm_load_seg_32(struct x86_emulate_ctxt *ctxt,
@@ -154,10 +154,10 @@ index 616337ad077c..72e895b0b61a 100644
  #endif
  		ret = rsm_load_state_32(ctxt, &smram.smram32);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index c42e8be7b4ab..0f38c8fa4287 100644
+index 23f83e92e6b8..9c95bd0423ab 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -9081,20 +9081,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
+@@ -9169,20 +9169,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
  }
  
  #ifdef CONFIG_X86_64
@@ -185,7 +185,7 @@ index c42e8be7b4ab..0f38c8fa4287 100644
  }
  #endif
  
-@@ -9142,57 +9139,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9230,57 +9227,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  }
  
  #ifdef CONFIG_X86_64
@@ -268,7 +268,7 @@ index c42e8be7b4ab..0f38c8fa4287 100644
  }
  #endif
  
-@@ -9206,7 +9197,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9294,7 +9285,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	memset(smram.bytes, 0, sizeof(smram.bytes));
  #ifdef CONFIG_X86_64
  	if (guest_cpuid_has(vcpu, X86_FEATURE_LM))

patches/kernel/0021-KVM-x86-SVM-use-smram-structs.patch

@@ -34,10 +34,10 @@ index c4e382af1853..932c0f659468 100644
  
  int alloc_all_memslots_rmaps(struct kvm *kvm);
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index de82175f0aad..399a7f2e0d1f 100644
+index 703d63ea1398..8742bb38b40f 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -4319,15 +4319,11 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+@@ -4305,15 +4305,11 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
  	struct kvm_host_map map_save;
  	int ret;
  
@@ -55,7 +55,7 @@ index de82175f0aad..399a7f2e0d1f 100644
  
  	svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
  	svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
-@@ -4366,28 +4362,23 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+@@ -4352,28 +4348,23 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
  {
  	struct vcpu_svm *svm = to_svm(vcpu);
  	struct kvm_host_map map, map_save;
@@ -87,7 +87,7 @@ index de82175f0aad..399a7f2e0d1f 100644
  		return 1;
  
  	ret = 1;
-@@ -4412,7 +4403,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+@@ -4398,7 +4389,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
  
  	vmcb12 = map.hva;
  	nested_load_control_from_vmcb12(svm, &vmcb12->control);

patches/kernel/0022-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch

@@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index 399a7f2e0d1f..cbfd9b23c32b 100644
+index 8742bb38b40f..b11f03673d07 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -4322,6 +4322,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+@@ -4308,6 +4308,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
  	if (!is_guest_mode(vcpu))
  		return 0;
  

patches/kernel/0023-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch

@@ -30,7 +30,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  3 files changed, 32 insertions(+), 7 deletions(-)
 
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 72e895b0b61a..dbd65ea22e46 100644
+index 37c1662b5508..b70adbee03b7 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
 @@ -2419,7 +2419,7 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt,
@@ -128,10 +128,10 @@ index 3b37b3e17379..a64c190abf28 100644
  	__CHECK_SMRAM64_OFFSET(auto_hlt_restart,	0xFEC9);
  	__CHECK_SMRAM64_OFFSET(reserved2,		0xFECA);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 0f38c8fa4287..e6da373339ca 100644
+index 9c95bd0423ab..210a310ee96c 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -7338,6 +7338,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
+@@ -7408,6 +7408,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
  	static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked);
  }
  
@@ -143,7 +143,7 @@ index 0f38c8fa4287..e6da373339ca 100644
  static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
  {
  	return emul_to_vcpu(ctxt)->arch.hflags;
-@@ -7407,6 +7412,7 @@ static const struct x86_emulate_ops emulate_ops = {
+@@ -7477,6 +7482,7 @@ static const struct x86_emulate_ops emulate_ops = {
  	.guest_has_fxsr      = emulator_guest_has_fxsr,
  	.guest_has_rdpid     = emulator_guest_has_rdpid,
  	.set_nmi_mask        = emulator_set_nmi_mask,
@@ -151,7 +151,7 @@ index 0f38c8fa4287..e6da373339ca 100644
  	.get_hflags          = emulator_get_hflags,
  	.exiting_smm         = emulator_exiting_smm,
  	.leave_smm           = emulator_leave_smm,
-@@ -9136,6 +9142,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9224,6 +9230,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  	smram->cr4 = kvm_read_cr4(vcpu);
  	smram->smm_revision = 0x00020000;
  	smram->smbase = vcpu->arch.smbase;
@@ -160,7 +160,7 @@ index 0f38c8fa4287..e6da373339ca 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9184,6 +9192,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9272,6 +9280,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  	enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS);
  	enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS);
  	enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS);
@@ -169,7 +169,7 @@ index 0f38c8fa4287..e6da373339ca 100644
  }
  #endif
  
-@@ -9220,6 +9230,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9308,6 +9318,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
  	kvm_rip_write(vcpu, 0x8000);
  

patches/kernel/0024-KVM-SVM-fix-tsc-scaling-cache-logic.patch

@@ -42,10 +42,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 19 insertions(+), 11 deletions(-)
 
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index cbfd9b23c32b..14d6cad2afdc 100644
+index b11f03673d07..11a9d3aef354 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -472,11 +472,24 @@ static int has_svm(void)
+@@ -466,11 +466,24 @@ static int has_svm(void)
  	return 1;
  }
  
@@ -71,7 +71,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644
  
  	cpu_svm_disable();
  
-@@ -518,8 +531,7 @@ static int svm_hardware_enable(void)
+@@ -512,8 +525,7 @@ static int svm_hardware_enable(void)
  	wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area));
  
  	if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
@@ -81,7 +81,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644
  	}
  
  
-@@ -1132,9 +1144,10 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
+@@ -1126,9 +1138,10 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
  
  static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
  {
@@ -93,7 +93,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644
  /* Evaluate instruction intercepts that depend on guest CPUID features. */
  static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
  					      struct vcpu_svm *svm)
-@@ -1457,13 +1470,8 @@ static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)
+@@ -1452,13 +1465,8 @@ static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)
  		vmsave(__sme_page_pa(sd->save_area));
  	}
  

patches/kernel/0028-ext4-fix-check-for-block-being-out-of-directory-size.patch

@@ -1,37 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jan Kara <jack@suse.cz>
-Date: Mon, 22 Aug 2022 13:48:32 +0200
-Subject: [PATCH] ext4: fix check for block being out of directory size
-
-commit 61a1d87a324ad5e3ed27c6699dfc93218fcf3201 upstream.
-
-The check in __ext4_read_dirblock() for block being outside of directory
-size was wrong because it compared block number against directory size
-in bytes. Fix it.
-
-Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size")
-CVE: CVE-2022-1184
-CC: stable@vger.kernel.org
-Signed-off-by: Jan Kara <jack@suse.cz>
-Reviewed-by: Lukas Czerner <lczerner@redhat.com>
-Link: https://lore.kernel.org/r/20220822114832.1482-1-jack@suse.cz
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- fs/ext4/namei.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
-index 7d3ec39121f7..86ee0e0eef67 100644
---- a/fs/ext4/namei.c
-+++ b/fs/ext4/namei.c
-@@ -126,7 +126,7 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode,
- 	struct ext4_dir_entry *dirent;
- 	int is_dx_block = 0;
- 
--	if (block >= inode->i_size) {
-+	if (block >= inode->i_size >> inode->i_blkbits) {
- 		ext4_error_inode(inode, func, line, block,
- 		       "Attempting to read directory block (%u) that is past i_size (%llu)",
- 		       block, inode->i_size);

patches/kernel/0029-drm-virtio-Correct-drm_gem_shmem_get_sg_table-error-.patch

@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
-Date: Thu, 30 Jun 2022 23:07:18 +0300
-Subject: [PATCH] drm/virtio: Correct drm_gem_shmem_get_sg_table() error
- handling
-
-[ Upstream commit 64b88afbd92fbf434759d1896a7cf705e1c00e79 ]
-
-Previous commit fixed checking of the ERR_PTR value returned by
-drm_gem_shmem_get_sg_table(), but it missed to zero out the shmem->pages,
-which will crash virtio_gpu_cleanup_object(). Add the missing zeroing of
-the shmem->pages.
-
-Fixes: c24968734abf ("drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init")
-Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
-Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
-Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-2-dmitry.osipenko@collabora.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- drivers/gpu/drm/virtio/virtgpu_object.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
-index 9af9f355e0a7..826ba2222062 100644
---- a/drivers/gpu/drm/virtio/virtgpu_object.c
-+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
-@@ -169,6 +169,7 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev,
- 	shmem->pages = drm_gem_shmem_get_sg_table(&bo->base);
- 	if (IS_ERR(shmem->pages)) {
- 		drm_gem_shmem_unpin(&bo->base);
-+		shmem->pages = NULL;
- 		return PTR_ERR(shmem->pages);
- 	}
- 

patches/kernel/0030-netfilter-nf_tables-relax-NFTA_SET_ELEM_KEY_END-set-.patch

@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Mon, 17 Oct 2022 14:12:58 +0200
-Subject: [PATCH] netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags
- requirements
-
-[ Upstream commit 96df8360dbb435cc69f7c3c8db44bf8b1c24cd7b ]
-
-Otherwise EINVAL is bogusly reported to userspace when deleting a set
-element. NFTA_SET_ELEM_KEY_END does not need to be set in case of:
-
-- insertion: if not present, start key is used as end key.
-- deletion: only start key needs to be specified, end key is ignored.
-
-Hence, relax the sanity check.
-
-Fixes: 88cccd908d51 ("netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- net/netfilter/nf_tables_api.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index 460ad341d160..f7a5b8414423 100644
---- a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -5720,8 +5720,9 @@ static bool nft_setelem_valid_key_end(const struct nft_set *set,
- 			  (NFT_SET_CONCAT | NFT_SET_INTERVAL)) {
- 		if (flags & NFT_SET_ELEM_INTERVAL_END)
- 			return false;
--		if (!nla[NFTA_SET_ELEM_KEY_END] &&
--		    !(flags & NFT_SET_ELEM_CATCHALL))
-+
-+		if (nla[NFTA_SET_ELEM_KEY_END] &&
-+		    flags & NFT_SET_ELEM_CATCHALL)
- 			return false;
- 	} else {
- 		if (nla[NFTA_SET_ELEM_KEY_END])

submodules/ubuntu-jammy

@@ -1 +1 @@
-Subproject commit 4f32dead2e302c1fdd963831e8ad6096248ae4e2
+Subproject commit 8c53ac60ea5695a4650f28f7344bec01e1c48c8f