update ABI file for 5.15.158-1-pve

(generated with debian/scripts/abi-generate) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
bump version to 5.15.158-1
2024-06-10 17:17:45 +02:00 · 2024-06-10 16:56:34 +02:00 · 2024-06-10 16:55:23 +02:00 · 2024-06-10 16:55:23 +02:00 · 2024-04-29 10:31:12 +02:00 · 2024-04-29 09:35:04 +02:00
55 changed files with 29315 additions and 29686 deletions
@@ -1,20 +1,22 @@
 include /usr/share/dpkg/pkg-info.mk

-# also bump proxmox-kernel-meta if the default MAJ.MIN version changes!
-KERNEL_MAJ=6
-KERNEL_MIN=2
-KERNEL_PATCHLEVEL=16
-# increment KREL for every published package release!
+# also bump pve-kernel-meta if either of MAJ.MIN, PATCHLEVEL or KREL change
+KERNEL_MAJ=5
+KERNEL_MIN=15
+KERNEL_PATCHLEVEL=158
+# increment KREL if the ABI changes (abicheck target in debian/rules)
 # rebuild packages with new KREL and run 'make abiupdate'
-KREL=20
+KREL=1
+
+PKGREL=1

 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
 KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)

 EXTRAVERSION=-$(KREL)-pve
 KVNAME=$(KERNEL_VER)$(EXTRAVERSION)
-PACKAGE=proxmox-kernel-$(KVNAME)
-HDRPACKAGE=proxmox-headers-$(KVNAME)
+PACKAGE=pve-kernel-$(KVNAME)
+HDRPACKAGE=pve-headers-$(KVNAME)

 ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH)

@@ -25,9 +27,11 @@ ifneq ($(ARCH), amd64)
 KERNEL_ARCH=$(ARCH)
 endif

+GITVERSION:=$(shell git rev-parse HEAD)
+
 SKIPABI=0

-BUILD_DIR=proxmox-kernel-$(KERNEL_VER)
+BUILD_DIR=pve-kernel-$(KERNEL_VER)

 KERNEL_SRC=ubuntu-kernel
 KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC)
@@ -42,33 +46,30 @@ MODULE_DIRS=$(ZFSDIR)
 # exported to debian/rules via debian/rules.d/dirs.mk
 DIRS=KERNEL_SRC ZFSDIR MODULES

-DSC=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL).dsc
-DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-META_DEB=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
-HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-META_HDR_DEB=proxmox-headers-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
-USR_HDR_DEB=proxmox-kernel-libc-dev_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
+DSC=pve-kernel_$(KERNEL_VER)-$(PKGREL).dsc
+DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb
+HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb
+USR_HDR_DEB=pve-kernel-libc-dev_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb
+LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb
+LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb

-DEBS=$(DST_DEB) $(META_DEB) $(HDR_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) # $(USR_HDR_DEB)
+DEBS=$(DST_DEB) $(HDR_DEB) $(USR_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB)
+UPLOAD_DEBS=$(DST_DEB) $(HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB)

 all: deb
 deb: $(DEBS)

-$(META_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB)
+$(LINUX_TOOLS_DEB) $(HDR_DEB) $(USR_HDR_DEB) $(LINUX_TOOLS_DBG_DEB): $(DST_DEB)
 $(DST_DEB): $(BUILD_DIR).prepared
 	cd $(BUILD_DIR); dpkg-buildpackage --jobs=auto -b -uc -us
 	lintian $(DST_DEB)
 	#lintian $(HDR_DEB)
 	lintian $(LINUX_TOOLS_DEB)

-dsc:
-	$(MAKE) $(DSC)
-	lintian $(DSC)
-
+dsc: $(DSC)
 $(DSC): $(BUILD_DIR).prepared
 	cd $(BUILD_DIR); dpkg-buildpackage -S -uc -us -d
+	lintian $(DSC)

 sbuild: $(DSC)
 	sbuild $(DSC)
@@ -79,18 +80,11 @@ $(BUILD_DIR).prepared: $(addsuffix .prepared,$(KERNEL_SRC) $(MODULES) debian)
 	cp -a abi-blacklist $(BUILD_DIR)/
 	touch $@

-.PHONY: build-dir-fresh
-build-dir-fresh:
-	$(MAKE) clean
-	$(MAKE) $(BUILD_DIR).prepared
-	echo "created build-directory: $(BUILD_DIR).prepared/"
-
 debian.prepared: debian
 	rm -rf $(BUILD_DIR)/debian
 	mkdir -p $(BUILD_DIR)
 	cp -a debian $(BUILD_DIR)/debian
-	echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout $(shell git rev-parse HEAD)" \
-	    >$(BUILD_DIR)/debian/SOURCE
+	echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout $(GITVERSION)" > $(BUILD_DIR)/debian/SOURCE
 	@$(foreach dir, $(DIRS),echo "$(dir)=$($(dir))" >> $(BUILD_DIR)/debian/rules.d/env.mk;)
 	echo "KVNAME=$(KVNAME)" >> $(BUILD_DIR)/debian/rules.d/env.mk
 	echo "KERNEL_MAJMIN=$(KERNEL_MAJMIN)" >> $(BUILD_DIR)/debian/rules.d/env.mk
@@ -126,8 +120,8 @@ $(ZFSDIR).prepared: $(ZFSONLINUX_SUBMODULE)

 .PHONY: upload
 upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION)
-upload: $(DEBS)
-	tar cf - $(DEBS)|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist $(UPLOAD_DIST) --arch $(ARCH)
+upload: $(UPLOAD_DEBS)
+	tar cf - $(UPLOAD_DEBS)|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist $(UPLOAD_DIST) --arch $(ARCH)

 .PHONY: distclean
 distclean: clean
@@ -166,5 +160,5 @@ abi-tmp-$(KVNAME):

 .PHONY: clean
 clean:
-	rm -rf *~ proxmox-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG)
-	rm -f *.deb *.dsc *.changes *.buildinfo *.build proxmox-kernel*.tar.*
+	rm -rf *~ pve-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG)
+	rm -f *.deb *.dsc *.changes *.buildinfo *.build pve-kernel*.tar.*
@@ -1,9 +1,9 @@
 KERNEL SOURCE:
 ==============

-We currently use the Ubuntu kernel sources, available from our mirror:
+We currently use the Ubuntu kernel sources, available from:

- https://git.proxmox.com/?p=mirror_ubuntu-kernels.git;a=summary
+ http://kernel.ubuntu.com/git/ubuntu/ubuntu-jammy.git/

 Ubuntu will maintain those kernels till:

@@ -24,67 +24,6 @@ Additional/Updated Modules:
  For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ


-BUILD
-=====
-
-As this is packaging for the Linux kernel with some extra integrations, like
-ZFS, this repo cannot be handled like a plain Linux kernel git repository.
-
-The actual Linux kernel source lives in a git submodule.
-
-For a build you should init the submodules and then handle it like most our
-Debian packaging builds. If unsure you can follow this:
-
-Installing Build-Dependencies
-----------------------------
-
-You can either just check the package metadata template `debian/control.in`
-and install the packages listed in the `Build-Depends` section manually
-(replace `debhelper-compat` with just `debhelper`) or use a more automated way
-described below:
-
- # install base build-dependencies and helpers
- apt update
- apt install devscripts
-
- # create build-directory so that we got final packaging control files from the
- # .in templates generated
- make build-dir-fresh
-
- # install build-dependencies (replace BUILD-DIR with actual one)
- mk-build-deps -ir BUILD-DIR/debian/control
-
-
-Package Build
-------------
-
- # start the actual build
- make deb
-
-For simple KConfig modifications you can adapt the list in `debian/rules` file.
-For quick code changes to the actual kernel code you can do them directly in
-the submodule/ubuntu-kernels directory, then re-create the build-directory, e.g.:
-
- make clean
- # now build again, explicitly creating the build-dir isn't required anymore
- # after one has the build-dependencies already installed.
- make deb
-
-
-Modify-Build-Test Cycles
------------------------
-
-Ideally you avoid the need for doing a full package build and just directly
-build linux from the ubuntu-kernels or the mainline (stable) repo with copying
-over a build-config of a proxmox-kernel to that as .config and then using the
-`make olddefconfig` target.
-
-If you need full package builds you can try to make changes inside the
-BUILD-DIR directly and then continue build from there, e.g., using
-`dpkg-buildpackage -b -uc -us --no-pre-clean`. Depending on what stage you want
-to continue build you might need to touch, or remove some *.prepared files.
-Just check `debian/rules` for how kernel build progress is tracked by make.
-
 SUBMODULE
 =========

@@ -96,7 +35,7 @@ get applied with the `patch` tool. From a git point-of-view, the copied
 directory remains clean even with extra patches applied since it does not
 contain a .git directory, but a reference to the (still pristine) submodule:

-$ cat build/ubuntu-kernel/.git
+$ cat build/ubuntu-jammy/.git

 If you mistakenly cloned the upstream repo as "normal" clone (not via the
 submodule mechanics) this means that you have a real .git directory with its
@@ -121,30 +60,18 @@ top level meta package, depends on current default kernel series meta package.

 git clone git://git.proxmox.com/git/proxmox-ve.git

-proxmox-default-kernel
----------------------
+pve-kernel-meta
+---------------

-Depends on default kernel and header meta package, e.g., proxmox-kernel-6.2 /
-proxmox-headers-6.2.
+depends on latest kernel and header package within a certain kernel series,
+e.g., pve-kernel-5.15 / pve-headers-5.15

 git clone git://git.proxmox.com/git/pve-kernel-meta.git

-proxmox-kernel-X.Y
------------------
-
-Depends on the latest kernel (or header, in case of proxmox-headers-X.Y)
-package within a certain series.
-
-e.g., proxmox-kernel-6.2 depends on proxmox-kernel-6.2.16-6-pve
-
-NOTE: Since Proxmox VE 8, based on Debian 12 Bookworm, the kernel ABI is bumped
-with every version bump due to module signing. Since then the meta package was
-pulled into the kernel repo, before that it lived in pve-kernel-meta.git.
-
 pve-firmware
 ------------

-Contains the firmware for all released PVE kernels.
+contains the firmware for all released PVE kernels.

 git clone git://git.proxmox.com/git/pve-firmware.git

@@ -172,18 +99,18 @@ Watchdog blacklist

 By default, all watchdog modules are black-listed because it is totally undefined
 which device is actually used for /dev/watchdog.
-We ship this list in /lib/modprobe.d/blacklist_proxmox-kernel-<VERSION>.conf
+We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
 The user typically edit /etc/modules to enable a specific watchdog device.

 Debug kernel and modules
 ------------------------

 In order to build a -dbgsym package containing an unstripped copy of the kernel
-image and modules, enable the 'pkg.proxmox-kernel.debug' build profile (e.g. by
-exporting DEB_BUILD_PROFILES='pkg.proxmox-kernel.debug'). The resulting package can
+image and modules, enable the 'pkg.pve-kernel.debug' build profile (e.g. by
+exporting DEB_BUILD_PROFILES='pkg.pve-kernel.debug'). The resulting package can
 be used together with 'crash'/'kdump-tools' to debug kernel crashes.

-Note: the -dbgsym package is only valid for the proxmox-kernel packages produced by
+Note: the -dbgsym package is only valid for the pve-kernel packages produced by
 the same build. A kernel/module from a different build will likely not match,
 even if both builds are of the same kernel and package version.

@@ -1,306 +1,170 @@
-proxmox-kernel-6.2 (6.2.16-20) bookworm; urgency=medium
+pve-kernel (5.15.158-1) bullseye; urgency=medium

-  * update sources to Ubuntu-6.2.0-39.40
+  * update sources to Ubuntu-5.15.0-115.125, based on 5.15.158

-  * update ZFS to 2.1.14
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Jun 2024 16:56:16 +0200

- -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Dec 2023 14:17:27 +0100
+pve-kernel (5.15.152-1) bullseye; urgency=medium

-proxmox-kernel-6.2 (6.2.16-19) bookworm; urgency=medium
+  * update to Ubuntu-5.15.0-111.121, based on 5.15.152

-  * backport exposing FLUSHBYASID when running nested VMs on AMD CPUs to fix
-    nesting of some hyper-visors like VMware Workstation.
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2024 09:31:55 +0200

-  * backport constraining guest-supported xfeatures only at KVM_GET_XSAVE{2}
-    to further improve compatibility for guests w.r.t. live-migration, or live
-    snapshot rollback, to hosts with less (FPU) xfeatures supported.
+pve-kernel (5.15.149-1) bullseye; urgency=medium

- -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Oct 2023 14:07:51 +0200
+  * update to Ubuntu-5.15.0-104.114 basing of 5.15.149

-proxmox-kernel-6.2 (6.2.16-18) bookworm; urgency=medium
+  * update ZFS to 2.1.15

-  * backport fix for AMD erratum #1485 on Zen4-based CPUs to avoid triggering
-    undefined instruction exceptions when disabling all, or certain security
-    mitigations, like using the "mitigations=off" kernel command line
-    parameter
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 29 Mar 2024 15:24:01 +0100

-  * backport ZFS fix to avoid crashes and hangs if used on modern Intel HW
-    like the Xeon Scalable 4th Gen "Sapphire Rapids" CPUs due to a HW bug as
-    per Intel SPR erratum SPR4
+pve-kernel (5.15.143-1) bullseye; urgency=medium

- -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Oct 2023 17:05:18 +0200
+  * update to Ubuntu-5.15.0-100.110 basing of 5.15.143

-proxmox-kernel-6.2 (6.2.16-16) bookworm; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 08 Feb 2024 19:12:26 +0100

-  * update sources to Ubuntu-6.2.0-36.36
+pve-kernel (5.15.136-1) bullseye; urgency=medium

- -- Proxmox Support Team <support@proxmox.com>  Tue, 03 Oct 2023 07:42:21 +0200
+  * update to Ubuntu-5.15.0-94.104 basing of 5.15.136

-proxmox-kernel-6.2 (6.2.16-15) bookworm; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Jan 2024 12:10:07 +0100

-  * fix thunderbolt ring-interrupt not being masked on suspend
+pve-kernel (5.15.131-3) bullseye; urgency=medium

-  * cherry-pick fix to avoid potentially offlining one CPU thread on some EPYC
-    CPUs with a new amd64-microcode package (still in unstable).
+  * updates ZFS to 2.1.14

-  * update ZFS to 2.1.13
+  * bump ABI to 5.15.131-2

- -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Sep 2023 15:53:58 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Dec 2023 14:42:42 +0100

-proxmox-kernel-6.2 (6.2.16-14) bookworm; urgency=medium
+pve-kernel (5.15.131-2) bullseye; urgency=medium

-  * cherry-pick fix for setting X86_FEATURE_OSXSAVE feature improving
-    performance of some code that tries to live-detect available CPU features,
-    like, e.g., ZFS.
+  * update to Ubuntu-5.15.0-91.101 fixing an issue with enumerating USB
+    devices

- -- Proxmox Support Team <support@proxmox.com>  Tue, 19 Sep 2023 10:17:16 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Nov 2023 12:32:55 +0100

-proxmox-kernel-6.2 (6.2.16-13) bookworm; urgency=medium
+pve-kernel (5.15.131-1) bullseye; urgency=medium

-  * fix #4707: add override parameter for RMRR relaxation
+  * update to Ubuntu-5.15.0-90.100 basing of the 5.15.131 stable release

-  * backport thunderbolt-net fixes for IPv6 and connection re-establishment
-    after a node got rebooted
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Nov 2023 10:29:57 +0100

-  * update sources to Ubuntu-6.2.0-34.34
+pve-kernel (5.15.126-1) bullseye; urgency=medium

- -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Sep 2023 15:31:57 +0200
+  * update to Ubuntu-5.15.0-88.98 basing of 5.15.126

-proxmox-kernel-6.2 (6.2.16-12) bookworm; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 03 Oct 2023 19:24:13 +0200

-  * cherry-pick fix for KVM vCPU page-fault loop.
-    Due to too small and signed type used for an memory related sequence
-    counter there was a chance that for long-lived VMs KVM would effectively
-    hang vCPUs due to always thinking page faults are stale, which results in
-    KVM refusing to "fix" faults.
+pve-kernel (5.15.116-1) bullseye; urgency=medium

- -- Proxmox Support Team <support@proxmox.com>  Mon, 04 Sep 2023 15:21:22 +0200
+  * disable CONFIG_GDS_FORCE_MITIGATION again to avoid software breakage with
+    older intel-microcode versions

-proxmox-kernel-6.2 (6.2.16-11) bookworm; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 29 Aug 2023 15:46:21 +0200

-  * cherry-pick fix to surpress faulty segfault logging. While harmless, such
-    logs can look scary and might let people follow them like a red herring.
+pve-kernel (5.15.111-1) bullseye; urgency=medium

-  * update sources to Ubuntu-6.2.0-32.32
+  * update to Ubuntu-5.15.0-82.91

- -- Proxmox Support Team <support@proxmox.com>  Thu, 31 Aug 2023 11:56:15 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 18 Aug 2023 10:57:15 +0200

-proxmox-kernel-6.2 (6.2.16-10) bookworm; urgency=medium
-
-  * disable CONFIG_GDS_FORCE_MITIGATION again
-    when not having installed a new-enough intel-microcode, this disables AVX
-    instructions which breaks a lot of software
-
- -- Proxmox Support Team <support@proxmox.com>  Fri, 18 Aug 2023 13:42:38 +0200
-
-proxmox-kernel-6.2 (6.2.16-9) bookworm; urgency=medium
-
-  * add fixes for downfall
-
-  * enable mitigation config option CONFIG_GDS_FORCE_MITIGATION
-
- -- Proxmox Support Team <support@proxmox.com>  Wed, 16 Aug 2023 10:07:11 +0200
-
-proxmox-kernel-6.2 (6.2.16-8) bookworm; urgency=medium
-
-  * sign modules and set trust anchor/lockdown to allow manual secure boot
-
- -- Proxmox Support Team <support@proxmox.com>  Wed, 02 Aug 2023 14:17:00 +0200
-
-proxmox-kernel-6.2 (6.2.16-7) bookworm; urgency=medium
-
-  * change `pve-` prefix to `proxmox-`
-
-  * merge proxmox-kernel-meta packaging into main kernel repository
-
-  * bump ABI to 6.2.16-6
-
- -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Aug 2023 13:23:46 +0200
-
-pve-kernel (6.2.16-6) bookworm; urgency=medium
-
-  * fix #4833: backport fix for recovering potential NX huge pages
-
-  * fix #4770: backport "nvme: don't reject probe due to duplicate IDs"
+pve-kernel (5.15.108-2) bullseye; urgency=medium

  * backport Zenbleed stop-gap workaround for CVE-2023-20593, the actual fix
    is the amd64-microcode update.

- -- Proxmox Support Team <support@proxmox.com>  Tue, 25 Jul 2023 17:33:45 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 20 Jul 2023 12:06:18 +0200

-pve-kernel (6.2.16-5) bookworm; urgency=medium
+pve-kernel (5.15.108-1) bullseye; urgency=medium

-  * kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no support to
-    improve live-migrations & snapshot-rollback of VMs running on modern Intel
-    CPUs (Skylake-Server or Tiger Lake Desktop), if configured with a
-    restricted vCPU type (e.g., qemu64) and if the migration source is from
-    our 5.15 based kernel (default in Proxmox VE 7.4) to the 6.2 (and future
-    newer) of Proxmox VE 8.0 as target.
-    This copes with the fallout of a fix, that while itself improved migration
-    compatibility for clusters with different host-CPU models, caused another
-    issue on the transition between the older "broken" and newer "fixed"
-    kernels for homogeneous clusters, i.e., those with the same PVE host-CPU
-    model.
+  * update to Ubuntu-5.15.0-77.84, based on 5.15.108

- -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Jul 2023 19:53:39 +0200
+  * bump ABI to 5.15.108-1

-pve-kernel (6.2.16-4) bookworm; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Sat, 17 Jun 2023 11:41:53 +0200

-  * backport fixes for StackRot (CVE-2023-3269)
-
- -- Proxmox Support Team <support@proxmox.com>  Fri, 07 Jul 2023 06:22:28 +0200
-
-pve-kernel (6.2.16-3) bookworm; urgency=medium
-
-  * update to Ubuntu-6.2.0-25.25
-
- -- Proxmox Support Team <support@proxmox.com>  Sat, 17 Jun 2023 07:58:57 +0200
-
-pve-kernel (6.2.16-2) bookworm; urgency=medium
-
-  * update ZFS to 2.1.12
-
-  * bump ABI to 6.2.16-2
-
-  * backport "net/sched: flower: fix possible OOB write in fl_set_geneve_opt()"
-
-  * backport re-adding mdev_set_iommu_device() kABI for support of SRIOV based
-    Nvidia vGPU
-
- -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Jun 2023 15:30:53 +0200
-
-pve-kernel (6.2.16-1) bookworm; urgency=medium
-
-  * update to Ubuntu-6.2.0-23.23 and pull in stable fixes up to v6.2.16
-
-  * build for Debian 12 Bookworm based releases
-
- -- Proxmox Support Team <support@proxmox.com>  Sat, 20 May 2023 19:23:34 +0200
-
-pve-kernel (6.2.11-2) bullseye; urgency=medium
+pve-kernel (5.15.107-2) bullseye; urgency=medium

  * backport "netfilter: nf_tables: deactivate anonymous set from preparation
    phase"

-  * bump ABI to 6.2.11-2
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 10 May 2023 11:10:23 +0200

- -- Proxmox Support Team <support@proxmox.com>  Wed, 10 May 2023 11:13:34 +0200
+pve-kernel (5.15.107-1) bullseye; urgency=medium

-pve-kernel (6.2.11-1) bullseye; urgency=medium
-
-  * update kernel to Proxmox-6.2.11-1
+  * update to Proxmox-5.15.107-1

  * update ZFS to 2.1.11

- -- Proxmox Support Team <support@proxmox.com>  Thu, 20 Apr 2023 11:59:36 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 20 Apr 2023 12:05:46 +0200

-pve-kernel (6.2.9-1) bullseye; urgency=medium
+pve-kernel (5.15.104-2) bullseye; urgency=medium

-  * update to Ubuntu-6.2.0-19.19 and cherry-pick patches up to 6.2.9
+  * backport "igb: revert rtnl_lock() that causes deadlock"

- -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Mar 2023 12:48:33 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 12 Apr 2023 13:23:09 +0200

-pve-kernel (6.2.6-1) bullseye; urgency=medium
+pve-kernel (5.15.104-1) bullseye; urgency=medium

-  * update to Ubuntu-6.2.0-17.17 based on 6.2.6
+  * update to upstream ubuntu and stable tree's v5.15.104

- -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Mar 2023 18:08:23 +0100
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 29 Mar 2023 17:51:33 +0200

-pve-kernel (6.2.2-1) bullseye; urgency=medium
+pve-kernel (5.15.102-1) bullseye; urgency=medium

-  * update to Ubuntu-6.2.0-1.1
+  * update to upstream ubuntu and stable tree's v5.15.102

- -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Mar 2023 17:57:00 +0100
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Mar 2023 14:48:39 +0100

-pve-kernel (6.1.15-1) bullseye; urgency=medium
+pve-kernel (5.15.85-1) bullseye; urgency=medium

-  * update to Proxmox-6.1.15-1
-
-  * backport patch to fix issue with large IO requests
-
- -- Proxmox Support Team <support@proxmox.com>  Wed, 08 Mar 2023 09:53:18 +0100
-
-pve-kernel (6.1.14-1) bullseye; urgency=medium
-
-  * update to Proxmox-6.1.14-1
-
- -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Feb 2023 18:09:47 +0100
-
-pve-kernel (6.1.10-1) bullseye; urgency=medium
-
-  * update to Proxmox-6.1.10-1
-
- -- Proxmox Support Team <support@proxmox.com>  Tue, 07 Feb 2023 14:10:10 +0100
-
-pve-kernel (6.1.6-1) bullseye; urgency=medium
+  * update to Ubuntu-5.15.0-65.72 based on v5.15.85

  * update ZFS to 2.1.9

-  * update to Ubuntu-6.1.0-14.14 based on upstream 6.1.6
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 01 Feb 2023 16:07:18 +0100

- -- Proxmox Support Team <support@proxmox.com>  Sat, 28 Jan 2023 15:05:09 +0100
-
-pve-kernel (6.1.2-1) bullseye; urgency=medium
-
-  * backport ZFS compat fixes for Linux 6.1 w.r.t. a OTMPFILE open syscall
-
-  * update to Ubuntu-6.1.0-12.12
-
-  * backport a few newer fixes-of-fixes from 6.1.4
-
-  * bump ABI to 6.1.2-1
-
- -- Proxmox Support Team <support@proxmox.com>  Sat, 07 Jan 2023 14:56:01 +0100
-
-pve-kernel (6.1.0-1) bullseye; urgency=medium
-
-  * update to Ubuntu-6.1.0-1.1 based on upstram v6.1
+pve-kernel (5.15.83-1) bullseye; urgency=medium

  * update ZFS to 2.1.7

- -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2022 15:08:53 +0100
+  * update to upstream stable v5.15.83

-pve-kernel (5.19.17-1) bullseye; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 14 Dec 2022 14:09:09 +0100

-  * update to Ubuntu-5.19.0-24.25
+pve-kernel (5.15.74-1) bullseye; urgency=medium

-  * bump ABI to 5.19.17-1
+  * update to Ubuntu-5.15.0-54.60

- -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Nov 2022 20:25:12 +0100
+  * bump ABI to 5.15.74-1

-pve-kernel (5.19.7-2) bullseye; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Nov 2022 20:17:15 +0100
+
+pve-kernel (5.15.64-1) bullseye; urgency=medium
+
+  * update to Ubuntu-5.15.0-51.57
+
+  * bump ABI to 5.15.64-1
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 13 Oct 2022 10:30:34 +0200
+
+pve-kernel (5.15.60-2) bullseye; urgency=medium

  * update ZFS to 2.1.6

-  * update to Ubuntu-5.19.0-19.19
+  * update to Ubuntu-5.15.0-50.56

-  * bump ABI to 5.19.7-2
+  * bump ABI to 5.15.60-2

- -- Proxmox Support Team <support@proxmox.com>  Tue, 04 Oct 2022 17:18:40 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 04 Oct 2022 16:52:28 +0200

-pve-kernel (5.19.7-1) bullseye; urgency=medium
+pve-kernel (5.15.60-1) bullseye; urgency=medium

-  * update to 5.19.7 based on Ubuntu-5.19.0-16.16
+  * update to Ubuntu-5.15.0-49.55

- -- Proxmox Support Team <support@proxmox.com>  Tue, 06 Sep 2022 07:54:58 +0200
-
-pve-kernel (5.19.0-1) bullseye; urgency=medium
-
-  * update to 5.19.0 based from Ubuntu-5.19.0-14.14
-
- -- Proxmox Support Team <support@proxmox.com>  Tue, 02 Aug 2022 09:18:39 +0200
-
-pve-kernel (5.19.0-1~rc8+2) bullseye; urgency=medium
-
-  * backport smm fixes
-
- -- Proxmox Support Team <support@proxmox.com>  Wed, 27 Jul 2022 11:27:10 +0200
-
-pve-kernel (5.19.0-1~rc8+1) bullseye; urgency=medium
-
-  * update to 5.19.0-rc8 based from Ubuntu-5.19.0-11.11
-
- -- Proxmox Support Team <support@proxmox.com>  Tue, 26 Jul 2022 11:47:30 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 19 Sep 2022 17:53:17 +0200

 pve-kernel (5.15.53-1) bullseye; urgency=medium

@@ -0,0 +1 @@
+10
@@ -1,4 +1,4 @@
-Source: proxmox-kernel-@KVMAJMIN@
+Source: pve-kernel
 Section: devel
 Priority: optional
 Maintainer: Proxmox Support Team <support@proxmox.com>
@@ -7,7 +7,7 @@ Build-Depends: asciidoc-base,
               bc,
               bison,
               cpio,
-               debhelper-compat (= 13),
+               debhelper (>= 10~),
               dh-python,
               dwarves,
               file,
@@ -25,13 +25,14 @@ Build-Depends: asciidoc-base,
               libtool,
               lintian,
               lz4,
+               python3-dev,
               python3-minimal,
               rsync,
               sphinx-common,
               xmlto,
               zlib1g-dev,
               zstd,
-Build-Conflicts: proxmox-headers-@KVNAME@,
+Build-Conflicts: pve-headers-@KVNAME@,
 Standards-Version: 4.6.2
 Vcs-Git: git://git.proxmox.com/git/pve-kernel
 Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
@@ -45,72 +46,48 @@ Description: Linux kernel version specific tools for version @KVMAJMIN@
 This package provides the architecture dependent parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy)

-Package: proxmox-headers-@KVNAME@
+Package: pve-headers-@KVNAME@
 Section: devel
 Priority: optional
 Architecture: any
-Provides: linux-headers-@KVNAME@-amd64, pve-headers-@KVNAME@
+Provides: linux-headers-@KVNAME@-amd64,
 Depends: ${misc:Depends},
 Description: Proxmox Kernel Headers
 This package contains the linux kernel headers

-Package: proxmox-kernel-@KVNAME@
+Package: pve-kernel-@KVNAME@
 Section: admin
 Priority: optional
 Architecture: any
-Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
+Provides: linux-image-@KVNAME@-amd64,
 Suggests: pve-firmware,
 Depends: busybox, initramfs-tools | linux-initramfs-tool, ${misc:Depends},
 Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64,
 Description: Proxmox Kernel Image
 This package contains the linux kernel and initial ramdisk used for booting

-Package: proxmox-kernel-@KVNAME@-dbgsym
+Package: pve-kernel-@KVNAME@-dbgsym
 Architecture: any
-Provides: linux-debug, pve-kernel-@KVNAME@-dbgsym
+Provides: linux-debug,
 Section: devel
 Priority: optional
-Build-Profiles: <pkg.proxmox-kernel.debug>
+Build-Profiles: <pkg.pve-kernel.debug>
 Depends: ${misc:Depends},
 Description: Proxmox Kernel debug image
 This package provides the kernel debug image for version @KVNAME@. The debug
 kernel image contained in this package is NOT meant to boot from - it is
 uncompressed, and unstripped, and suitable for use with crash/kdump-tools/..
- to analyze kernel crashes. This package also contains the proxmox-kernel modules
+ to analyze kernel crashes. This package also contains the pve-kernel modules
 in their unstripped version.

-Package: proxmox-kernel-libc-dev
+Package: pve-kernel-libc-dev
 Section: devel
 Priority: optional
 Architecture: any
-Provides: linux-libc-dev (=${binary:Version}), pve-kernel-libc-dev
+Provides: linux-libc-dev (=${binary:Version}),
 Conflicts: linux-libc-dev,
-Replaces: linux-libc-dev, pve-kernel-libc-dev
-Breaks: pve-kernel-libc-dev
+Replaces: linux-libc-dev,
 Depends: ${misc:Depends},
 Description: Linux support headers for userspace development
 This package provides userspaces headers from the Linux kernel.  These headers
 are used by the installed headers for GNU libc and other system libraries.
-
-Package: proxmox-headers-@KVMAJMIN@
-Architecture: all
-Section: admin
-Provides: linux-headers-amd64, linux-headers-generic, pve-headers-@KVMAJMIN@
-Replaces: pve-headers-@KVMAJMIN@
-Priority: optional
-Depends: proxmox-headers-@KVNAME@, ${misc:Depends},
-Description: Latest Proxmox Kernel Headers
- This is a metapackage which will install the kernel headers
- for the latest available proxmox kernel from the @KVMAJMIN@
- series.
-
-Package: proxmox-kernel-@KVMAJMIN@
-Architecture: all
-Section: admin
-Provides: linux-image-amd64, linux-image-generic, wireguard-modules (=1.0.0), pve-kernel-@KVMAJMIN@
-Replaces: pve-kernel-@KVMAJMIN@
-Priority: optional
-Depends: pve-firmware, proxmox-kernel-@KVNAME@, ${misc:Depends},
-Description: Latest Proxmox Kernel Image
- This is a metapackage which will install the latest available
- proxmox kernel from the @KVMAJMIN@ series.
@@ -1,17 +0,0 @@
-#! /bin/sh
-
-# Abort if any command returns an error value 
-set -e
-
-case "$1" in
-  configure)
-    # setup kernel links for installation CD (rescue boot)
-    mkdir -p /boot/pve
-    ln -sf /boot/vmlinuz-@@KVNAME@@ /boot/pve/vmlinuz-@@KVMAJMIN@@
-    ln -sf /boot/initrd.img-@@KVNAME@@ /boot/pve/initrd.img-@@KVMAJMIN@@
-    ;;
-esac
-
-#DEBHELPER#
-
-exit 0
@@ -1,19 +0,0 @@
-#! /bin/sh
-
-# Abort if any command returns an error value
-set -e
-
-case "$1" in
-    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-        # remove kernel symlinks
-        rm -f /boot/pve/vmlinuz-@@KVNAME@@
-        rm -f /boot/pve/initrd.img-@@KVNAME@@
-    ;;
-
-    *)
-        echo "postrm called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-#DEBHELPER#
@@ -1,46 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-
-# Ignore all 'upgrade' invocations .
-exit 0 if $ARGV[0] =~ /upgrade/;
-
-my $imagedir = "/boot";
-
-my $version = "@@KVNAME@@";
-
-if (-d "/etc/kernel/postrm.d") {
-  print STDERR "Examining /etc/kernel/postrm.d.\n";
-  system (
-      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postrm.d"
-  ) && die "Failed to process /etc/kernel/postrm.d";
-}
-
-unlink "$imagedir/initrd.img-$version";
-unlink "$imagedir/initrd.img-$version.bak";
-unlink "/var/lib/initramfs-tools/$version";
-
-# Ignore all invocations except when called on to purge.
-exit 0 unless $ARGV[0] =~ /purge/;
-
-my @files_to_remove = qw{
-    modules.dep modules.isapnpmap modules.pcimap
-    modules.usbmap modules.parportmap
-    modules.generic_string modules.ieee1394map
-    modules.ieee1394map modules.pnpbiosmap
-    modules.alias modules.ccwmap modules.inputmap
-    modules.symbols modules.ofmap
-    modules.seriomap modules.*.bin
-    modules.softdep modules.devname
-};
-
-foreach my $extra_file (@files_to_remove) {
-    for (glob("/lib/modules/$version/$extra_file")) {
-	unlink;
-    }
-}
-
-system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
-
-exit 0
@@ -1,7 +1,6 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w

 use strict;
-use warnings;

 # Ignore all invocations except when called on to configure.
 exit 0 unless $ARGV[0] =~ /configure/;
@@ -17,9 +16,10 @@ system("depmod $version");

 if (-d "/etc/kernel/postinst.d") {
  print STDERR "Examining /etc/kernel/postinst.d.\n";
-  system(
-      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postinst.d"
-  ) && die "Failed to process /etc/kernel/postinst.d";
+  system ("run-parts --verbose --exit-on-error --arg=$version " .
+          "--arg=$imagedir/vmlinuz-$version " .
+          "/etc/kernel/postinst.d") &&
+            die "Failed to process /etc/kernel/postinst.d";
 }

 exit 0
@@ -0,0 +1,46 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+# Ignore all 'upgrade' invocations .
+exit 0 if $ARGV[0] =~ /upgrade/;
+
+my $imagedir = "/boot";
+
+my $version = "@@KVNAME@@";
+
+if (-d "/etc/kernel/postrm.d") {
+  print STDERR "Examining /etc/kernel/postrm.d.\n";
+  system ("run-parts --verbose --exit-on-error --arg=$version " .
+          "--arg=$imagedir/vmlinuz-$version " .
+          "/etc/kernel/postrm.d") &&
+            die "Failed to process /etc/kernel/postrm.d";
+}
+
+unlink "$imagedir/initrd.img-$version";
+unlink "$imagedir/initrd.img-$version.bak";
+unlink "/var/lib/initramfs-tools/$version";
+
+# Ignore all invocations except when called on to purge.
+exit 0 unless $ARGV[0] =~ /purge/;
+
+my @files_to_remove = qw{
+                         modules.dep modules.isapnpmap modules.pcimap
+                         modules.usbmap modules.parportmap
+                         modules.generic_string modules.ieee1394map
+                         modules.ieee1394map modules.pnpbiosmap
+                         modules.alias modules.ccwmap modules.inputmap
+                         modules.symbols modules.ofmap
+                         modules.seriomap modules.*.bin
+			 modules.softdep modules.devname
+                       };
+
+foreach my $extra_file (@files_to_remove) {
+    for (glob("/lib/modules/$version/$extra_file")) {
+	unlink;
+    }
+}
+
+system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
+
+exit 0
@@ -1,7 +1,6 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w

 use strict;
-use warnings;

 # Ignore all invocations uxcept when called on to remove
 exit 0 unless ($ARGV[0] && $ARGV[0] =~ /remove/) ;
@@ -15,9 +14,10 @@ my $version = "@@KVNAME@@";

 if (-d "/etc/kernel/prerm.d") {
  print STDERR "Examining /etc/kernel/prerm.d.\n";
-  system(
-      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/prerm.d"
-  ) && die "Failed to process /etc/kernel/prerm.d";
+  system ("run-parts --verbose --exit-on-error --arg=$version " . 
+          "--arg=$imagedir/vmlinuz-$version " .
+          "/etc/kernel/prerm.d") &&
+	  die "Failed to process /etc/kernel/prerm.d";
 }

 exit 0
@@ -16,16 +16,16 @@ MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
 CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
 CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ)

-PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME)
-PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN)
-PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
-PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
-PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
+PVE_KERNEL_PKG=pve-kernel-$(KVNAME)
+PVE_DEBUG_KERNEL_PKG=pve-kernel-$(KVNAME)-dbgsym
+PVE_HEADER_PKG=pve-headers-$(KVNAME)
+PVE_USR_HEADER_PKG=pve-kernel-libc-dev
 LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
 KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp

 # TODO: split for archs, move to files?
-PMX_CONFIG_OPTS= \
+PVE_CONFIG_OPTS= \
+--set-val INET_TABLE_PERTURB_ORDER 16 \
 -m INTEL_MEI_WDT \
 -d CONFIG_SND_PCM_OSS \
 -e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
@@ -33,7 +33,6 @@ PMX_CONFIG_OPTS= \
 -m CONFIG_CEPH_FS \
 -m CONFIG_BLK_DEV_NBD \
 -m CONFIG_BLK_DEV_RBD \
-m CONFIG_BLK_DEV_UBLK \
 -d CONFIG_SND_PCSP \
 -m CONFIG_BCACHE \
 -m CONFIG_JFS_FS \
@@ -54,13 +53,7 @@ PMX_CONFIG_OPTS= \
 -e CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE \
 -e CONFIG_SYSFB_SIMPLEFB \
 -e CONFIG_DRM_SIMPLEDRM \
-e CONFIG_MODULE_SIG \
-e CONFIG_MODULE_SIG_ALL \
-e CONFIG_MODULE_SIG_FORMAT \
--set-str CONFIG_MODULE_SIG_HASH sha512 \
--set-str CONFIG_MODULE_SIG_KEY certs/signing_key.pem \
-e CONFIG_MODULE_SIG_KEY_TYPE_RSA \
-e CONFIG_MODULE_SIG_SHA512 \
+-d CONFIG_MODULE_SIG \
 -d CONFIG_MEMCG_DISABLED \
 -e CONFIG_MEMCG_SWAP_ENABLED \
 -e CONFIG_HYPERV \
@@ -83,36 +76,29 @@ PMX_CONFIG_OPTS= \
 -d CONFIG_DEFAULT_CFQ \
 -e CONFIG_DEFAULT_DEADLINE \
 -e CONFIG_MODVERSIONS \
-e CONFIG_ZSTD_COMPRESS \
 -d CONFIG_DEFAULT_SECURITY_DAC \
 -e CONFIG_DEFAULT_SECURITY_APPARMOR \
 --set-str CONFIG_DEFAULT_SECURITY apparmor \
-e CONFIG_MODULE_ALLOW_BTF_MISMATCH \
 -d CONFIG_UNWINDER_ORC \
 -d CONFIG_UNWINDER_GUESS \
 -e CONFIG_UNWINDER_FRAME_POINTER \
 --set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\
 --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\
-e CONFIG_SECURITY_LOCKDOWN_LSM \
-e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
--set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION \
-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
-d CONFIG_GDS_FORCE_MITIGATION
+-d CONFIG_SECURITY_LOCKDOWN_LSM \
+-d CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
+--set-str CONFIG_LSM yama,integrity,apparmor \
+-d MICROCODE_LATE_LOADING \
+-e CONFIG_PAGE_TABLE_ISOLATION

 debian/control: $(wildcard debian/*.in)
-	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
-	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm
-	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst
-	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst
-	sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm
-	sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst
-	chmod +x debian/$(PMX_KERNEL_PKG).prerm
-	chmod +x debian/$(PMX_KERNEL_PKG).postrm
-	chmod +x debian/$(PMX_KERNEL_PKG).postinst
-	chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm
-	chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst
-	chmod +x debian/$(PMX_HEADER_PKG).postinst
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.prerm.in > debian/$(PVE_KERNEL_PKG).prerm
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.postrm.in > debian/$(PVE_KERNEL_PKG).postrm
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.postinst.in > debian/$(PVE_KERNEL_PKG).postinst
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-headers.postinst.in > debian/$(PVE_HEADER_PKG).postinst
+	chmod +x debian/$(PVE_KERNEL_PKG).prerm
+	chmod +x debian/$(PVE_KERNEL_PKG).postrm
+	chmod +x debian/$(PVE_KERNEL_PKG).postinst
+	chmod +x debian/$(PVE_HEADER_PKG).postinst
 	sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control

 build: .compile_mark .tools_compile_mark .modules_compile_mark
@@ -127,7 +113,7 @@ install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_in

 binary: install
 	debian/rules fwcheck abicheck
-	dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG)
+	dh_strip -N$(PVE_HEADER_PKG) -N$(PVE_USR_HEADER_PKG)
 	dh_makeshlibs
 	dh_shlibdeps
 	dh_installdeb
@@ -136,7 +122,7 @@ binary: install
 	dh_builddeb

 .config_mark:
-	cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
+	cd $(KERNEL_SRC); scripts/config $(PVE_CONFIG_OPTS)
 	$(MAKE) -C $(KERNEL_SRC) oldconfig
 	# copy to allow building in parallel to kernel/module compilation without interference
 	rm -rf $(KERNEL_SRC_COPY)
@@ -144,55 +130,47 @@ binary: install
 	touch $@

 .compile_mark: .config_mark
-	$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
+	$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PVE $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
 	touch $@

 .install_mark: .compile_mark .modules_compile_mark
-	rm -rf debian/$(PMX_KERNEL_PKG)
-	mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)
-	mkdir debian/$(PMX_KERNEL_PKG)/boot
-	install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME)
-	install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME)
-	install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
-	$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install
+	rm -rf debian/$(PVE_KERNEL_PKG)
+	mkdir -p debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)
+	mkdir debian/$(PVE_KERNEL_PKG)/boot
+	install -m 644 $(KERNEL_SRC)/.config debian/$(PVE_KERNEL_PKG)/boot/config-$(KVNAME)
+	install -m 644 $(KERNEL_SRC)/System.map debian/$(PVE_KERNEL_PKG)/boot/System.map-$(KVNAME)
+	install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PVE_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
+	$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PVE_KERNEL_PKG)/ modules_install
 	# install zfs drivers
-	install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
-	install -m 644 $(addprefix $(MODULES)/,zfs.ko zavl.ko znvpair.ko zunicode.ko zcommon.ko icp.ko zlua.ko spl.ko zzstd.ko) debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
+	install -d -m 0755 debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
+	install -m 644 $(addprefix $(MODULES)/,zfs.ko zavl.ko znvpair.ko zunicode.ko zcommon.ko icp.ko zlua.ko spl.ko zzstd.ko) debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
 	# remove firmware
-	rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware
+	rm -rf debian/$(PVE_KERNEL_PKG)/lib/firmware

-ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),)
-	echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation"
+ifeq ($(filter pkg.pve-kernel.debug,$(DEB_BUILD_PROFILES)),)
+	echo "'pkg.pve-kernel.debug' build profile disabled, skipping -dbgsym creation"
 else
-	echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents"
-	mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
-	mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
-	install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
-	cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
-	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
-	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
-	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
+	echo "'pkg.pve-kernel.debug' build profile enabled, creating -dbgsym contents"
+	mkdir -p debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
+	mkdir debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
+	install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
+	cp -r debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
+	rm -f debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
+	rm -f debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
+	rm -f debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
 endif

 	# strip debug info
-	find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
-
-	# sign modules using ephemeral, embedded key
-	if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \
-		find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \
-			./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \
-		done; \
-		rm ./ubuntu-kernel/certs/signing_key.pem ; \
-	fi
+	find debian/$(PVE_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
 	# finalize
-	/sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME)
+	/sbin/depmod -b debian/$(PVE_KERNEL_PKG)/ $(KVNAME)
 	# Autogenerate blacklist for watchdog devices (see README)
-	install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d
-	ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
+	install -m 0755 -d debian/$(PVE_KERNEL_PKG)/lib/modprobe.d
+	ls debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
 	echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
-	cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
-	rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
-	rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
+	cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PVE_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PVE_KERNEL_PKG).conf
+	rm -f debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)/source
+	rm -f debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME)/build
 	touch $@

 .tools_compile_mark: .compile_mark
@@ -215,9 +193,9 @@ endif
 	touch $@

 .headers_prepare_mark: .config_mark
-	rm -rf debian/$(PMX_HEADER_PKG)
-	mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	rm -rf debian/$(PVE_HEADER_PKG)
+	mkdir -p debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	install -m 0644 $(KERNEL_SRC)/.config debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
 	make -C $(KERNEL_SRC_COPY) mrproper
 	cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \
 	    -o -path './include/*' -prune \
@@ -231,35 +209,35 @@ endif
 	        -o -name '*.sh' \
 	        -o -name '*.pl' \
 	    \) \
-	    -print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	    -print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
 	cd $(KERNEL_SRC_COPY); \
 	    ( \
 	        find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \
 	        xargs -n1 -i: find : -type f \
 	    ) | \
-	    cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	    cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
 	touch $@

 .headers_compile_mark: .headers_prepare_mark
 	# set output to subdir of source to reduce number of hardcoded paths in output files
-	rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
-	mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
-	cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config
-	$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
-	cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
-	rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
+	rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG)
+	mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG)
+	cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG)/.config
+	$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
+	cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
+	rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PVE_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
 	rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)
 	touch $@

 .headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
-	cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
-	install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)
-	ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build
+	cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
+	install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
+	mkdir -p debian/$(PVE_HEADER_PKG)/lib/modules/$(KVNAME)
+	ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PVE_HEADER_PKG)/lib/modules/$(KVNAME)/build
 	touch $@

-.usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG)
+.usr_headers_install_mark: PKG_DIR = debian/$(PVE_USR_HEADER_PKG)
 .usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr
 .usr_headers_install_mark: .config_mark
 	rm -rf '$(PKG_DIR)'
@@ -293,7 +271,7 @@ $(MODULES)/zfs.ko: .compile_mark
 	cp $(MODULES)/$(ZFSDIR)/module/zstd/zzstd.ko $(MODULES)/

 fwlist-$(KVNAME): .compile_mark .modules_compile_mark
-	debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
+	debian/scripts/find-firmware.pl debian/$(PVE_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
 	mv fwlist.tmp $@

 .PHONY: fwcheck
@@ -308,7 +286,7 @@ fwcheck: fwlist-$(KVNAME) fwlist-previous


 abi-$(KVNAME): .compile_mark
-	debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)
+	debian/scripts/abi-generate debian/$(PVE_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)

 .PHONY: abicheck
 abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist
@@ -1,7 +1,4 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
+#!/usr/bin/perl -w

 my $abinew = shift;
 my $abiold = shift;
@@ -25,30 +22,30 @@ my $count;
 print "II: Checking ABI...\n";

 if ($skipabi) {
-    print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
-    $fail_exit = 0;
-    $abiskip = 1;
-    $EE = "WW:";
+	print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
+	$fail_exit = 0;
+	$abiskip = 1;
+	$EE = "WW:";
 }

 if ($prev_abistr ne $abistr) {
-    print "II: Different ABI's, running in no-fail mode\n";
-    $fail_exit = 0;
-    $EE = "WW:";
+	print "II: Different ABI's, running in no-fail mode\n";
+	$fail_exit = 0;
+	$EE = "WW:";
 }

 if (not -f "$abinew" or not -f "$abiold") {
-    print "EE: Previous or current ABI file missing!\n";
-    print "    $abinew\n" if not -f "$abinew";
-    print "    $abiold\n" if not -f "$abiold";
+	print "EE: Previous or current ABI file missing!\n";
+	print "    $abinew\n" if not -f "$abinew";
+	print "    $abiold\n" if not -f "$abiold";

-    # Exit if the ABI files are missing, but return status based on whether
-    # skip ABI was indicated.
-    if ("$abiskip" eq "1") {
-	exit(0);
-    } else {
-	exit(1);
-    }
+	# Exit if the ABI files are missing, but return status based on whether
+	# skip ABI was indicated.
+	if ("$abiskip" eq "1") {
+		exit(0);
+	} else {
+		exit(1);
+	}
 }

 my %symbols;
@@ -60,97 +57,101 @@ my %module_syms;
 my $ignore = 0;
 print "    Reading symbols/modules to ignore...";

-for my $file ("abi-blacklist") {
-    next if !-f $file;
-    open(my $IGNORE_FH, '<', $file) or die "Could not open $file - $!";
-
-    while (<$IGNORE_FH>) {
-	chomp;
-	if ($_ =~ m/M: (.*)/) {
-	    $modules_ignore{$1} = 1;
-	} else {
-	    $symbols_ignore{$_} = 1;
+for $file ("abi-blacklist") {
+	if (-f $file) {
+		open(IGNORE, "< $file") or
+			die "Could not open $file";
+		while (<IGNORE>) {
+			chomp;
+			if ($_ =~ m/M: (.*)/) {
+				$modules_ignore{$1} = 1;
+			} else {
+				$symbols_ignore{$_} = 1;
+			}
+			$ignore++;
+		}
+		close(IGNORE);
 	}
-	$ignore++;
-    }
-    close($IGNORE_FH);
 }
 print "read $ignore symbols/modules.\n";

 sub is_ignored($$) {
-    my ($mod, $sym) = @_;
+	my ($mod, $sym) = @_;

-    die "Missing module name in is_ignored()" if not defined($mod);
-    die "Missing symbol name in is_ignored()" if not defined($sym);
+	die "Missing module name in is_ignored()" if not defined($mod);
+	die "Missing symbol name in is_ignored()" if not defined($sym);

-    if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
-	return 1;
-    }
-    return 0;
+	if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
+		return 1;
+	}
+	return 0;
 }

 # Read new syms first
 print "    Reading new symbols ($abistr)...";
 $count = 0;
-open(my $NEW_FH, '<', $abinew) or die "Could not open $abinew - $!";
-while (<$NEW_FH>) {
-    chomp;
-    m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
-    $symbols{$4}{'type'} = $1;
-    $symbols{$4}{'loc'} = $2;
-    $symbols{$4}{'hash'} = $3;
-    $module_syms{$2} = 0;
-    $count++;
+open(NEW, "< $abinew") or
+	die "Could not open $abinew";
+while (<NEW>) {
+	chomp;
+	m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
+	$symbols{$4}{'type'} = $1;
+	$symbols{$4}{'loc'} = $2;
+	$symbols{$4}{'hash'} = $3;
+	$module_syms{$2} = 0;
+	$count++;
 }
-close($NEW_FH);
+close(NEW);
 print "read $count symbols.\n";

 # Now the old symbols, checking for missing ones
 print "    Reading old symbols...";
 $count = 0;
-open(my $OLD_FH, '<', $abiold) or die "Could not open $abiold - $!";
-while (<$OLD_FH>) {
-    chomp;
-    m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
-    $symbols{$4}{'old_type'} = $1;
-    $symbols{$4}{'old_loc'} = $2;
-    $symbols{$4}{'old_hash'} = $3;
-    $count++;
+open(OLD, "< $abiold") or
+	die "Could not open $abiold";
+while (<OLD>) {
+	chomp;
+	m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
+	$symbols{$4}{'old_type'} = $1;
+	$symbols{$4}{'old_loc'} = $2;
+	$symbols{$4}{'old_hash'} = $3;
+	$count++;
 }
-close($OLD_FH);
+close(OLD);

 print "read $count symbols.\n";

 print "II: Checking for missing symbols in new ABI...";
 $count = 0;
-for my $sym (keys(%symbols)) {
-    if (!defined($symbols{$sym}{'type'})) {
-	print "\n" if not $count;
-	printf("    MISS : %s%s\n", $sym, is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
-	$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
-    }
+foreach $sym (keys(%symbols)) {
+	if (!defined($symbols{$sym}{'type'})) {
+		print "\n" if not $count;
+		printf("    MISS : %s%s\n", $sym,
+			is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
+		$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
+	}
 }
 print "    " if $count;
 print "found $count missing symbols\n";
 if ($count) {
-    print "$EE Symbols gone missing (what did you do!?!)\n";
-    $errors++;
+	print "$EE Symbols gone missing (what did you do!?!)\n";
+	$errors++;
 }


 print "II: Checking for new symbols in new ABI...";
 $count = 0;
-for my $sym (keys(%symbols)) {
-    if (!defined($symbols{$sym}{'old_type'})) {
-	print "\n" if not $count;
-	print "    NEW : $sym\n";
-	$count++;
-    }
+foreach $sym (keys(%symbols)) {
+	if (!defined($symbols{$sym}{'old_type'})) {
+		print "\n" if not $count;
+		print "    NEW : $sym\n";
+		$count++;
+	}
 }
 print "    " if $count;
 print "found $count new symbols\n";
 if ($count) {
-    print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
+	print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
 }

 print "II: Checking for changes to ABI...\n";
@@ -158,34 +159,37 @@ $count = 0;
 my $moved = 0;
 my $changed_type = 0;
 my $changed_hash = 0;
-for my $sym (keys(%symbols)) {
-    if (!defined($symbols{$sym}{'old_type'}) or !defined($symbols{$sym}{'type'})) {
-	next;
-    }
+foreach $sym (keys(%symbols)) {
+	if (!defined($symbols{$sym}{'old_type'}) or
+	    !defined($symbols{$sym}{'type'})) {
+		next;
+	}

-    # Changes in location don't hurt us, but log it anyway
-    if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
-	printf("    MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'}, $symbols{$sym}{'loc'});
-	$moved++;
-    }
+	# Changes in location don't hurt us, but log it anyway
+	if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
+		printf("    MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'},
+			$symbols{$sym}{'loc'});
+		$moved++;
+	}

-    # Changes to export type are only bad if new type isn't
-    # EXPORT_SYMBOL. Changing things to GPL are bad.
-    if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
-	printf("    TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
-	    $symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
-	    ? " (ignored)" : "");
-	$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL" and !is_ignored($symbols{$sym}{'loc'}, $sym);
-    }
+	# Changes to export type are only bad if new type isn't
+	# EXPORT_SYMBOL. Changing things to GPL are bad.
+	if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
+		printf("    TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
+			$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
+			? " (ignored)" : "");
+		$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL"
+			and !is_ignored($symbols{$sym}{'loc'}, $sym);
+	}

-    # Changes to the hash are always bad
-    if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
-	printf("    HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
-	    $symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
-	    ? " (ignored)" : "");
-	$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
-	$module_syms{$symbols{$sym}{'loc'}}++;
-    }
+	# Changes to the hash are always bad
+	if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
+		printf("    HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
+			$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
+			? " (ignored)" : "");
+		$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
+		$module_syms{$symbols{$sym}{'loc'}}++;
+	}
 }

 print "WW: $moved symbols changed location\n" if $moved;
@@ -194,17 +198,17 @@ print "$EE $changed_hash symbols changed hash and weren't ignored\n" if $changed

 $errors++ if $changed_hash or $changed_type;
 if ($changed_hash) {
-    print "II: Module hash change summary...\n";
-    for my $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
-	next if ! $module_syms{$mod};
-	printf("    %-40s: %d\n", $mod, $module_syms{$mod});
-    }
+	print "II: Module hash change summary...\n";
+	foreach $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
+		next if ! $module_syms{$mod};
+		printf("    %-40s: %d\n", $mod, $module_syms{$mod});
+	}
 }

 print "II: Done\n";

 if ($errors) {
-    exit($fail_exit);
+	exit($fail_exit);
 } else {
-    exit(0);
+	exit(0);
 }
@@ -1,11 +1,8 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w

-use strict;
-use warnings;
+use PVE::Tools;

-use PVE::Tools ();
-
-use IO::File ();
+use IO::File;

 sub usage {
    die "USAGE: $0 INFILE OUTFILE [ABI INFILE-IS-DEB]\n";
@@ -1,7 +1,6 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w

 use strict;
-use warnings;

 my $dir = shift;

@@ -13,21 +12,21 @@ warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\

 my $apiver = $2;

-open(my $FIND_KO_FH, "find '$dir' -name '*.ko'|");
-while (defined(my $fn = <$FIND_KO_FH>)) {
+open(TMP, "find '$dir' -name '*.ko'|");
+while (defined(my $fn = <TMP>)) {
    chomp $fn;
    my $relfn = $fn;
    $relfn =~ s|^$dir/*||;

    my $cmd = "/sbin/modinfo -F firmware '$fn'";
-    open(my $MOD_FH, "$cmd|");
-    while (defined(my $fw = <$MOD_FH>)) {
+    open(MOD, "$cmd|");
+    while (defined(my $fw = <MOD>)) {
 	chomp $fw;
 	print "$fw $relfn\n";
    }
-    close($MOD_FH);
+    close(MOD);

 }
-close($FIND_KO_FH);
+close TMP;

 exit 0;
@@ -1,2 +1,2 @@
-proxmox-kernel-6.2 source: debian-control-has-dbgsym-package (in section for proxmox-kernel-*-pve-dbgsym) Package [debian/control:*]
-proxmox-kernel-6.2 source: license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]
+pve-kernel source: debian-control-has-dbgsym-package (in section for pve-kernel-*-pve-dbgsym) Package [debian/control:*]
+pve-kernel source: license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]
@@ -17,19 +17,28 @@ $KBUILD_BUILD_TIMESTAMP.
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- init/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ scripts/mkcompile_h | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)

-diff --git a/init/Makefile b/init/Makefile
-index ec557ada3c12..72095034f338 100644
--- a/init/Makefile
-+++ b/init/Makefile
-@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC)	:= PREEMPT_DYNAMIC
- preempt-flag-$(CONFIG_PREEMPT_RT)	:= PREEMPT_RT
+diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h
+index 6a2a04d92f42..6c9430ee1a09 100755
+--- a/scripts/mkcompile_h
+++ b/scripts/mkcompile_h
+@@ -22,10 +22,14 @@ else
+ 	VERSION=$KBUILD_BUILD_VERSION
+ fi
 
- build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto))
-build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
-+build-timestamp = $(or $(KBUILD_BUILD_VERSION_TIMESTAMP), $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
- 
- # Maximum length of UTS_VERSION is 64 chars
- filechk_uts_version = \
+-if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then
+-	TIMESTAMP=`date`
+if [ -z "$KBUILD_BUILD_VERSION_TIMESTAMP" ]; then
+	if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then
+		TIMESTAMP=`date`
+	else
+		TIMESTAMP=$KBUILD_BUILD_TIMESTAMP
+	fi
+ else
+-	TIMESTAMP=$KBUILD_BUILD_TIMESTAMP
+	TIMESTAMP=$KBUILD_BUILD_VERSION_TIMESTAMP
+ fi
+ if test -z "$KBUILD_BUILD_USER"; then
+ 	LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/')
@@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 1 file changed, 1 insertion(+), 4 deletions(-)

 diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
-index 75204d36d7f9..1fb5ff73ec1e 100644
+index 3326dfced68a..3f1604948ace 100644
 --- a/net/bridge/br_stp_if.c
 +++ b/net/bridge/br_stp_if.c
-@@ -265,10 +265,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
+@@ -268,10 +268,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
 		return false;
 
 	list_for_each_entry(p, &br->port_list, list) {
@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2 files changed, 111 insertions(+)

 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 5d47f23514d0..f06df077504b 100644
+index 6c1254a22225..91c091c0f2c9 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4210,6 +4210,15 @@
+@@ -4035,6 +4035,15 @@
 				Also, it enforces the PCI Local Bus spec
 				rule that those bits should be 0 in system reset
 				events (useful for kexec/kdump cases).
@@ -75,7 +75,7 @@ index 5d47f23514d0..f06df077504b 100644
 				Safety option to keep boot IRQs enabled. This
 				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 592e1c4ae697..aebf6f412203 100644
+index bc680bdcbbed..faa53ccc9b69 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
@@ -194,6 +194,106 @@ static int __init pci_apply_final_quirks(void)
@@ -185,7 +185,7 @@ index 592e1c4ae697..aebf6f412203 100644
 /*
  * Decoding should be disabled for a PCI device during BAR sizing to avoid
  * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4974,6 +5074,8 @@ static const struct pci_dev_acs_enabled {
+@@ -4972,6 +5072,8 @@ static const struct pci_dev_acs_enabled {
 	{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
 	/* APM X-Gene */
 	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 73fad57408f7..99ae3e468ce6 100644
+index d11c581ce9b9..0b0ce6979370 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
@@ -3,26 +3,22 @@ From: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Date: Wed, 7 Oct 2020 17:18:28 +0200
 Subject: [PATCH] net: core: downgrade unregister_netdevice refcount leak from
 emergency to error
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit

 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 ---
 net/core/dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/net/core/dev.c b/net/core/dev.c
-index 555bbe774734..de2e0d0185fc 100644
+index f80bc2ca888a..6ca7a4b8a8f4 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10262,7 +10262,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
- 		if (time_after(jiffies, warning_time +
- 			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
- 			list_for_each_entry(dev, list, todo_list) {
-				pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
-+				pr_err("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
- 					 dev->name, netdev_refcnt_read(dev));
- 				ref_tracker_dir_print(&dev->refcnt_tracker, 10);
- 			}
+@@ -10562,7 +10562,7 @@ static void netdev_wait_allrefs(struct net_device *dev)
+ 		if (refcnt != 1 &&
+ 		    time_after(jiffies, warning_time +
+ 			       netdev_unregister_timeout_secs * HZ)) {
+-			pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
+			pr_err("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
+ 				 dev->name, refcnt);
+ 			warning_time = jiffies;
+ 		}
@@ -0,0 +1,104 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Mon, 27 Sep 2021 11:28:39 +0200
+Subject: [PATCH] Revert "PCI: Coalesce host bridge contiguous apertures"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit ab20e43b20b60f5cc8e2ea3763ffa388158469ac.
+
+was reverted upstream because of reports similar to
+
+Link: https://bugzilla.proxmox.com/show_bug.cgi?id=3552
+Link: https://lore.kernel.org/r/20210709231529.GA3270116@roeck-us.net
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/pci/probe.c | 50 ++++-----------------------------------------
+ 1 file changed, 4 insertions(+), 46 deletions(-)
+
+diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
+index 103ee42f6717..6b73e9179111 100644
+--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
+@@ -20,7 +20,6 @@
+ #include <linux/irqdomain.h>
+ #include <linux/pm_runtime.h>
+ #include <linux/bitfield.h>
+-#include <linux/list_sort.h>
+ #include "pci.h"
+ 
+ #define CARDBUS_LATENCY_TIMER	176	/* secondary latency timer */
+@@ -881,31 +880,14 @@ static void pci_set_bus_msi_domain(struct pci_bus *bus)
+ 	dev_set_msi_domain(&bus->dev, d);
+ }
+ 
+-static int res_cmp(void *priv, const struct list_head *a,
+-		   const struct list_head *b)
+-{
+-	struct resource_entry *entry1, *entry2;
+-
+-	entry1 = container_of(a, struct resource_entry, node);
+-	entry2 = container_of(b, struct resource_entry, node);
+-
+-	if (entry1->res->flags != entry2->res->flags)
+-		return entry1->res->flags > entry2->res->flags;
+-
+-	if (entry1->offset != entry2->offset)
+-		return entry1->offset > entry2->offset;
+-
+-	return entry1->res->start > entry2->res->start;
+-}
+-
+ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
+ {
+ 	struct device *parent = bridge->dev.parent;
+-	struct resource_entry *window, *next, *n;
+	struct resource_entry *window, *n;
+ 	struct pci_bus *bus, *b;
+-	resource_size_t offset, next_offset;
+	resource_size_t offset;
+ 	LIST_HEAD(resources);
+-	struct resource *res, *next_res;
+	struct resource *res;
+ 	char addr[64], *fmt;
+ 	const char *name;
+ 	int err;
+@@ -988,35 +970,11 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
+ 	if (nr_node_ids > 1 && pcibus_to_node(bus) == NUMA_NO_NODE)
+ 		dev_warn(&bus->dev, "Unknown NUMA node; performance will be reduced\n");
+ 
+-	/* Sort and coalesce contiguous windows */
+-	list_sort(NULL, &resources, res_cmp);
+-	resource_list_for_each_entry_safe(window, n, &resources) {
+-		if (list_is_last(&window->node, &resources))
+-			break;
+-
+-		next = list_next_entry(window, node);
+-		offset = window->offset;
+-		res = window->res;
+-		next_offset = next->offset;
+-		next_res = next->res;
+-
+-		if (res->flags != next_res->flags || offset != next_offset)
+-			continue;
+-
+-		if (res->end + 1 == next_res->start) {
+-			next_res->start = res->start;
+-			res->flags = res->start = res->end = 0;
+-		}
+-	}
+-
+ 	/* Add initial resources to the bus */
+ 	resource_list_for_each_entry_safe(window, n, &resources) {
+		list_move_tail(&window->node, &bridge->windows);
+ 		offset = window->offset;
+ 		res = window->res;
+-		if (!res->end)
+-			continue;
+-
+-		list_move_tail(&window->node, &bridge->windows);
+ 
+ 		if (res->flags & IORESOURCE_BUS)
+ 			pci_bus_insert_busn_res(bus, bus->number, res->end);
@@ -1,29 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Date: Tue, 10 Jan 2023 08:52:40 +0100
-Subject: [PATCH] Revert "fortify: Do not cast to "unsigned char""
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
-
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- include/linux/fortify-string.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
-index 7cad8bb031e9..acc24887db3e 100644
--- a/include/linux/fortify-string.h
-+++ b/include/linux/fortify-string.h
-@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
- 
- #define __compiletime_strlen(p)					\
- ({								\
-	char *__p = (char *)(p);				\
-+	unsigned char *__p = (unsigned char *)(p);		\
- 	size_t __ret = SIZE_MAX;				\
- 	size_t __p_size = __member_size(p);			\
- 	if (__p_size != SIZE_MAX &&				\
@@ -0,0 +1,112 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Tue, 13 Jul 2021 20:50:07 +0800
+Subject: [PATCH] PCI: Reinstate "PCI: Coalesce host bridge contiguous
+ apertures"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Built-in graphics on HP EliteDesk 805 G6 doesn't work because graphics
+can't get the BAR it needs:
+  pci_bus 0000:00: root bus resource [mem 0x10020200000-0x100303fffff window]
+  pci_bus 0000:00: root bus resource [mem 0x10030400000-0x100401fffff window]
+
+  pci 0000:00:08.1:   bridge window [mem 0xd2000000-0xd23fffff]
+  pci 0000:00:08.1:   bridge window [mem 0x10030000000-0x100401fffff 64bit pref]
+  pci 0000:00:08.1: can't claim BAR 15 [mem 0x10030000000-0x100401fffff 64bit pref]: no compatible bridge window
+  pci 0000:00:08.1: [mem 0x10030000000-0x100401fffff 64bit pref] clipped to [mem 0x10030000000-0x100303fffff 64bit pref]
+  pci 0000:00:08.1:   bridge window [mem 0x10030000000-0x100303fffff 64bit pref]
+  pci 0000:07:00.0: can't claim BAR 0 [mem 0x10030000000-0x1003fffffff 64bit pref]: no compatible bridge window
+  pci 0000:07:00.0: can't claim BAR 2 [mem 0x10040000000-0x100401fffff 64bit pref]: no compatible bridge window
+
+However, the root bus has two contiguous apertures that can contain the
+child resource requested.
+
+Coalesce contiguous apertures so we can allocate from the entire contiguous
+region.
+
+This is the second take of commit 65db04053efe ("PCI: Coalesce host
+bridge contiguous apertures"). The original approach sorts the apertures
+by address, but that makes NVMe stop working on QEMU ppc:sam460ex:
+  PCI host bridge to bus 0002:00
+  pci_bus 0002:00: root bus resource [io  0x0000-0xffff]
+  pci_bus 0002:00: root bus resource [mem 0xd80000000-0xdffffffff] (bus address [0x80000000-0xffffffff])
+  pci_bus 0002:00: root bus resource [mem 0xc0ee00000-0xc0eefffff] (bus address [0x00000000-0x000fffff])
+
+After the offending commit:
+  PCI host bridge to bus 0002:00
+  pci_bus 0002:00: root bus resource [io  0x0000-0xffff]
+  pci_bus 0002:00: root bus resource [mem 0xc0ee00000-0xc0eefffff] (bus address [0x00000000-0x000fffff])
+  pci_bus 0002:00: root bus resource [mem 0xd80000000-0xdffffffff] (bus address [0x80000000-0xffffffff])
+
+Since the apertures on HP EliteDesk 805 G6 are already in ascending
+order, doing a precautious sorting is not necessary.
+
+Remove the sorting part to avoid the regression on ppc:sam460ex.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212013
+Cc: Guenter Roeck <linux@roeck-us.net>
+Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/pci/probe.c | 31 +++++++++++++++++++++++++++----
+ 1 file changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
+index 6b73e9179111..50eef5b211f4 100644
+--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
+@@ -883,11 +883,11 @@ static void pci_set_bus_msi_domain(struct pci_bus *bus)
+ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
+ {
+ 	struct device *parent = bridge->dev.parent;
+-	struct resource_entry *window, *n;
+	struct resource_entry *window, *next, *n;
+ 	struct pci_bus *bus, *b;
+-	resource_size_t offset;
+	resource_size_t offset, next_offset;
+ 	LIST_HEAD(resources);
+-	struct resource *res;
+	struct resource *res, *next_res;
+ 	char addr[64], *fmt;
+ 	const char *name;
+ 	int err;
+@@ -970,11 +970,34 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
+ 	if (nr_node_ids > 1 && pcibus_to_node(bus) == NUMA_NO_NODE)
+ 		dev_warn(&bus->dev, "Unknown NUMA node; performance will be reduced\n");
+ 
+	/* Coalesce contiguous windows */
+	resource_list_for_each_entry_safe(window, n, &resources) {
+		if (list_is_last(&window->node, &resources))
+			break;
+
+		next = list_next_entry(window, node);
+		offset = window->offset;
+		res = window->res;
+		next_offset = next->offset;
+		next_res = next->res;
+
+		if (res->flags != next_res->flags || offset != next_offset)
+			continue;
+
+		if (res->end + 1 == next_res->start) {
+			next_res->start = res->start;
+			res->flags = res->start = res->end = 0;
+		}
+	}
+
+ 	/* Add initial resources to the bus */
+ 	resource_list_for_each_entry_safe(window, n, &resources) {
+-		list_move_tail(&window->node, &bridge->windows);
+ 		offset = window->offset;
+ 		res = window->res;
+		if (!res->end)
+			continue;
+
+		list_move_tail(&window->node, &bridge->windows);
+ 
+ 		if (res->flags & IORESOURCE_BUS)
+ 			pci_bus_insert_busn_res(bus, bus->number, res->end);
@@ -1,133 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Date: Fri, 14 Jul 2023 18:10:32 +0200
-Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no
- support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes live-migrations & snapshot-rollback of VMs with a restricted
-CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox
-VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0.
-
-Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to
-supported bits of XCR0") the PKRU bit of the host could leak into the
-state from the guest, which caused trouble when migrating between
-hosts with different CPUs, i.e., where the source supported it but
-the target did not, causing a general protection fault when the guest
-tried to use a pkru related instruction after the migration.
-
-But the fix, while welcome, caused a temporary out-of-sync state when
-migrating such a VM from a kernel without the fix to a kernel with
-the fix, as it threw of KVM when the CPUID of the guest and most of
-the state doesn't report XSAVE and thus any xfeatures, but PKRU and
-the related state is set as enabled, causing the vCPU to spin at 100%
-without any progress forever.
-
-The fix could be at two sites, either in QEMU or in the kernel, I
-choose the kernel as we have all the info there for a targeted
-heuristic so that we don't have to adapt QEMU and qemu-server, the
-latter even on both sides.
-
-Still, a short summary of the possible fixes and short drawbacks:
-* on QEMU-side either
-  - clear the PKRU state in the migration saved state would be rather
-    complicated to implement as the vCPU is initialised way before we
-    have the saved xfeature state available to check what we'd need
-    to do, plus the user-space only gets a memory blob from ioctl
-    KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are
-    no ABI guarantees, and while the struct seem stable for 5.15 to
-    6.5-rc1, that doesn't has to be for future kernels, so off the
-    table.
-  - enforce that the CPUID reports PKU support even if it normally
-    wouldn't. While this works (tested by hard-coding it as POC) it
-    is a) not really nice and b) needs some interaction from
-    qemu-server to enable this flag as otherwise we have no good info
-    to decide when it's OK to do this, which means we need to adapt
-    both PVE 7 and 8's qemu-server and also pve-qemu, workable but
-    not optimal
-
-* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to
-  the KVM subsystem, which already reduces chance of regression for
-  all other places. There we have access to the union/struct
-  definitions of the saved state and thus can savely cast to that.
-  We also got access to the vCPU's CPUID capabilities, meaning we can
-  check if the XCR0 (first XSAVE Control Register) reports
-  that it support the PKRU feature, and if it does *NOT* but the
-  saved xfeatures register from XSAVE *DOES* report it, we can safely
-  assume that this combination is due to an migration from an older,
-  leaky kernel – and clear the bit in the xfeature register before
-  restoring it to the guest vCPU KVM state, avoiding the confusing
-  situation that made the vCPU spin at 100%.
-  This should be safe to do, as the guest vCPU CPUID never reported
-  support for the PKRU feature, and it's also a relatively niche and
-  newish feature.
-
-If it gains us something we can drop this patch a bit in the future
-Proxmox VE 9 major release, but we should ensure that VMs that where
-started before PVE 8 cannot be directly live-migrated to the release
-that includes that change; so we should rather only drop it if the
-maintenance burden is high.
-
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- arch/x86/kvm/cpuid.c |  6 ++++++
- arch/x86/kvm/cpuid.h |  2 ++
- arch/x86/kvm/x86.c   | 13 +++++++++++++
- 3 files changed, 21 insertions(+)
-
-diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 7ccdf991d18e..61aefeb3fdbc 100644
--- a/arch/x86/kvm/cpuid.c
-+++ b/arch/x86/kvm/cpuid.c
-@@ -251,6 +251,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
- 	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
- }
- 
-+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
-+	u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
-+	    vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
-+	return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
-+}
-+
- static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
- 				       int nent)
- {
-diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
-index b1658c0de847..12a02851ff57 100644
--- a/arch/x86/kvm/cpuid.h
-+++ b/arch/x86/kvm/cpuid.h
-@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
- bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
- 	       u32 *ecx, u32 *edx, bool exact_only);
- 
-+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu);
-+
- u32 xstate_required_size(u64 xstate_bv, bool compacted);
- 
- int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index ee603f4edce1..ff92ff41d5ce 100644
--- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -5342,6 +5342,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
- 	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
- 		return 0;
- 
-+	if (!vcpu_supports_xsave_pkru(vcpu)) {
-+		void *buf = guest_xsave->region;
-+		union fpregs_state *ustate = buf;
-+		if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
-+			printk(
-+				KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d"
-+				" reports no PKRU support - migration from fpu-leaky kernel?",
-+				current->pid
-+			);
-+			ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU;
-+		}
-+	}
-+
- 	return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu,
- 					      guest_xsave->region,
- 					      kvm_caps.supported_xcr0,
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: kiler129 <grzegorz@noflash.pl>
-Date: Mon, 18 Sep 2023 15:19:26 +0200
-Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
-
-adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
---
- drivers/iommu/intel/iommu.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
-index 1c5ba4dbfe78..887667218e3b 100644
--- a/drivers/iommu/intel/iommu.c
-+++ b/drivers/iommu/intel/iommu.c
-@@ -297,6 +297,7 @@ static int dmar_map_gfx = 1;
- static int dmar_map_ipu = 1;
- static int intel_iommu_superpage = 1;
- static int iommu_identity_mapping;
-+static int intel_relaxable_rmrr = 0;
- static int iommu_skip_te_disable;
- 
- #define IDENTMAP_GFX		2
-@@ -358,6 +359,9 @@ static int __init intel_iommu_setup(char *str)
- 		} else if (!strncmp(str, "tboot_noforce", 13)) {
- 			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
- 			intel_iommu_tboot_noforce = 1;
-+		} else if (!strncmp(str, "relax_rmrr", 10)) {
-+			pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
-+			intel_relaxable_rmrr = 1;
- 		} else {
- 			pr_notice("Unknown option - '%s'\n", str);
- 		}
-@@ -2538,7 +2542,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
- 		return false;
- 
- 	pdev = to_pci_dev(dev);
-	if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
-+	if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
- 		return true;
- 	else
- 		return false;
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Thu, 14 Sep 2017 11:09:58 +0200
+Subject: [PATCH] do not generate split BTF type info per default
+
+This reverts commit a8ed1a0607cfa5478ff6009539f44790c4d0956d.
+
+It breaks ZFS sometimes:
+https://github.com/openzfs/zfs/issues/12301#issuecomment-873303739
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ lib/Kconfig.debug | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
+index 28faea9b5da6..9cfb8a026adb 100644
+--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
+@@ -331,7 +331,7 @@ config PAHOLE_HAS_SPLIT_BTF
+ 	def_bool PAHOLE_VERSION >= 119
+ 
+ config DEBUG_INFO_BTF_MODULES
+-	def_bool y
+	def_bool n
+ 	depends on DEBUG_INFO_BTF && MODULES && PAHOLE_HAS_SPLIT_BTF
+ 	help
+ 	  Generate compact split BTF type information for kernel modules.
@@ -0,0 +1,147 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Tue, 11 Jan 2022 09:31:59 +0100
+Subject: [PATCH] blk-cgroup: always terminate io.stat lines
+
+With the removal of seq_get_buf in blkcg_print_one_stat, we
+cannot make adding the newline conditional on there being
+relevant stats because the name was already written out
+unconditionally.
+Otherwise we may end up with multiple device names in one
+line which is confusing and doesn't follow the nested-keyed
+file format.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: 252c651a4c85 ("blk-cgroup: stop using seq_get_buf")
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ block/blk-cgroup.c         | 9 ++-------
+ block/blk-iocost.c         | 5 ++---
+ block/blk-iolatency.c      | 8 +++-----
+ include/linux/blk-cgroup.h | 2 +-
+ 4 files changed, 8 insertions(+), 16 deletions(-)
+
+diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
+index fd81a7370864..4677829e4ae3 100644
+--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
+@@ -900,7 +900,6 @@ static void blkcg_print_one_stat(struct blkcg_gq *blkg, struct seq_file *s)
+ {
+ 	struct blkg_iostat_set *bis = &blkg->iostat;
+ 	u64 rbytes, wbytes, rios, wios, dbytes, dios;
+-	bool has_stats = false;
+ 	const char *dname;
+ 	unsigned seq;
+ 	int i;
+@@ -926,14 +925,12 @@ static void blkcg_print_one_stat(struct blkcg_gq *blkg, struct seq_file *s)
+ 	} while (u64_stats_fetch_retry(&bis->sync, seq));
+ 
+ 	if (rbytes || wbytes || rios || wios) {
+-		has_stats = true;
+ 		seq_printf(s, "rbytes=%llu wbytes=%llu rios=%llu wios=%llu dbytes=%llu dios=%llu",
+ 			rbytes, wbytes, rios, wios,
+ 			dbytes, dios);
+ 	}
+ 
+ 	if (blkcg_debug_stats && atomic_read(&blkg->use_delay)) {
+-		has_stats = true;
+ 		seq_printf(s, " use_delay=%d delay_nsec=%llu",
+ 			atomic_read(&blkg->use_delay),
+ 			atomic64_read(&blkg->delay_nsec));
+@@ -945,12 +942,10 @@ static void blkcg_print_one_stat(struct blkcg_gq *blkg, struct seq_file *s)
+ 		if (!blkg->pd[i] || !pol->pd_stat_fn)
+ 			continue;
+ 
+-		if (pol->pd_stat_fn(blkg->pd[i], s))
+-			has_stats = true;
+		pol->pd_stat_fn(blkg->pd[i], s);
+ 	}
+ 
+-	if (has_stats)
+-		seq_printf(s, "\n");
+	seq_puts(s, "\n");
+ }
+ 
+ static int blkcg_print_stat(struct seq_file *sf, void *v)
+diff --git a/block/blk-iocost.c b/block/blk-iocost.c
+index 645a589edda8..b0846da38eda 100644
+--- a/block/blk-iocost.c
+++ b/block/blk-iocost.c
+@@ -3028,13 +3028,13 @@ static void ioc_pd_free(struct blkg_policy_data *pd)
+ 	kfree(iocg);
+ }
+ 
+-static bool ioc_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+static void ioc_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+ {
+ 	struct ioc_gq *iocg = pd_to_iocg(pd);
+ 	struct ioc *ioc = iocg->ioc;
+ 
+ 	if (!ioc->enabled)
+-		return false;
+		return;
+ 
+ 	if (iocg->level == 0) {
+ 		unsigned vp10k = DIV64_U64_ROUND_CLOSEST(
+@@ -3050,7 +3050,6 @@ static bool ioc_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+ 			iocg->last_stat.wait_us,
+ 			iocg->last_stat.indebt_us,
+ 			iocg->last_stat.indelay_us);
+-	return true;
+ }
+ 
+ static u64 ioc_weight_prfill(struct seq_file *sf, struct blkg_policy_data *pd,
+diff --git a/block/blk-iolatency.c b/block/blk-iolatency.c
+index bdef8395af6e..a5f13743a280 100644
+--- a/block/blk-iolatency.c
+++ b/block/blk-iolatency.c
+@@ -906,7 +906,7 @@ static int iolatency_print_limit(struct seq_file *sf, void *v)
+ 	return 0;
+ }
+ 
+-static bool iolatency_ssd_stat(struct iolatency_grp *iolat, struct seq_file *s)
+static void iolatency_ssd_stat(struct iolatency_grp *iolat, struct seq_file *s)
+ {
+ 	struct latency_stat stat;
+ 	int cpu;
+@@ -929,17 +929,16 @@ static bool iolatency_ssd_stat(struct iolatency_grp *iolat, struct seq_file *s)
+ 			(unsigned long long)stat.ps.missed,
+ 			(unsigned long long)stat.ps.total,
+ 			iolat->rq_depth.max_depth);
+-	return true;
+ }
+ 
+-static bool iolatency_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+static void iolatency_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+ {
+ 	struct iolatency_grp *iolat = pd_to_lat(pd);
+ 	unsigned long long avg_lat;
+ 	unsigned long long cur_win;
+ 
+ 	if (!blkcg_debug_stats)
+-		return false;
+		return;
+ 
+ 	if (iolat->ssd)
+ 		return iolatency_ssd_stat(iolat, s);
+@@ -952,7 +951,6 @@ static bool iolatency_pd_stat(struct blkg_policy_data *pd, struct seq_file *s)
+ 	else
+ 		seq_printf(s, " depth=%u avg_lat=%llu win=%llu",
+ 			iolat->rq_depth.max_depth, avg_lat, cur_win);
+-	return true;
+ }
+ 
+ static struct blkg_policy_data *iolatency_pd_alloc(gfp_t gfp,
+diff --git a/include/linux/blk-cgroup.h b/include/linux/blk-cgroup.h
+index bc5c04d711bb..618359e3beca 100644
+--- a/include/linux/blk-cgroup.h
+++ b/include/linux/blk-cgroup.h
+@@ -153,7 +153,7 @@ typedef void (blkcg_pol_online_pd_fn)(struct blkg_policy_data *pd);
+ typedef void (blkcg_pol_offline_pd_fn)(struct blkg_policy_data *pd);
+ typedef void (blkcg_pol_free_pd_fn)(struct blkg_policy_data *pd);
+ typedef void (blkcg_pol_reset_pd_stats_fn)(struct blkg_policy_data *pd);
+-typedef bool (blkcg_pol_stat_pd_fn)(struct blkg_policy_data *pd,
+typedef void (blkcg_pol_stat_pd_fn)(struct blkg_policy_data *pd,
+ 				struct seq_file *s);
+ 
+ struct blkcg_policy {
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mika Westerberg <mika.westerberg@linux.intel.com>
-Date: Wed, 13 Sep 2023 08:26:47 +0300
-Subject: [PATCH] net: thunderbolt: Fix TCPv6 GSO checksum calculation
-
-Alex reported that running ssh over IPv6 does not work with
-Thunderbolt/USB4 networking driver. The reason for that is that driver
-should call skb_is_gso() before calling skb_is_gso_v6(), and it should
-not return false after calculates the checksum successfully. This probably
-was a copy paste error from the original driver where it was done properly.
-
-Reported-by: Alex Balcanquall <alex@alexbal.com>
-Fixes: e69b6c02b4c3 ("net: Add support for networking over Thunderbolt cable")
-Cc: stable@vger.kernel.org
-Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Reviewed-by: Jiri Pirko <jiri@nvidia.com>
-Reviewed-by: Jiri Pirko <jiri@nvidia.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- drivers/net/thunderbolt.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/drivers/net/thunderbolt.c b/drivers/net/thunderbolt.c
-index 990484776f2d..0c554a7a5ce4 100644
--- a/drivers/net/thunderbolt.c
-+++ b/drivers/net/thunderbolt.c
-@@ -1005,12 +1005,11 @@ static bool tbnet_xmit_csum_and_map(struct tbnet *net, struct sk_buff *skb,
- 		*tucso = ~csum_tcpudp_magic(ip_hdr(skb)->saddr,
- 					    ip_hdr(skb)->daddr, 0,
- 					    ip_hdr(skb)->protocol, 0);
-	} else if (skb_is_gso_v6(skb)) {
-+	} else if (skb_is_gso(skb) && skb_is_gso_v6(skb)) {
- 		tucso = dest + ((void *)&(tcp_hdr(skb)->check) - data);
- 		*tucso = ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
- 					  &ipv6_hdr(skb)->daddr, 0,
- 					  IPPROTO_TCP, 0);
-		return false;
- 	} else if (protocol == htons(ETH_P_IPV6)) {
- 		tucso = dest + skb_checksum_start_offset(skb) + skb->csum_offset;
- 		*tucso = ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 25 Jan 2022 10:12:19 +0100
+Subject: [PATCH] drivers/firmware: Don't mark as busy the simple-framebuffer
+ IO resource
+
+The sysfb_create_simplefb() function requests a IO memory resource for the
+simple-framebuffer platform device, but it also marks it as busy which can
+lead to drivers requesting the same memory resource to fail.
+
+Let's drop the IORESOURCE_BUSY flag and let drivers to request it as busy
+instead.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Zack Rusin <zackr@vmware.com>
+Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/firmware/sysfb_simplefb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/firmware/sysfb_simplefb.c b/drivers/firmware/sysfb_simplefb.c
+index fd4fa923088a..ca907f7e76c6 100644
+--- a/drivers/firmware/sysfb_simplefb.c
+++ b/drivers/firmware/sysfb_simplefb.c
+@@ -99,7 +99,7 @@ __init struct platform_device *sysfb_create_simplefb(const struct screen_info *s
+ 
+ 	/* setup IORESOURCE_MEM as framebuffer memory */
+ 	memset(&res, 0, sizeof(res));
+-	res.flags = IORESOURCE_MEM | IORESOURCE_BUSY;
+	res.flags = IORESOURCE_MEM;
+ 	res.name = simplefb_resname;
+ 	res.start = base;
+ 	res.end = res.start + length - 1;
@@ -1,134 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mika Westerberg <mika.westerberg@linux.intel.com>
-Date: Thu, 7 Sep 2023 16:02:30 +0300
-Subject: [PATCH] thunderbolt: Restart XDomain discovery handshake after
- failure
-
-Alex reported that after rebooting the other host the peer-to-peer link
-does not come up anymore. The reason for this is that the host that was
-not rebooted tries to send the UUID request only 10 times according to
-the USB4 Inter-Domain spec and gives up if it does not get reply. Then
-when the other side is actually ready it cannot get the link established
-anymore. The USB4 Inter-Domain spec requires that the discovery protocol
-is restarted in that case so implement this now.
-
-Reported-by: Alex Balcanquall <alex@alexbal.com>
-Fixes: 8e1de7042596 ("thunderbolt: Add support for XDomain lane bonding")
-Cc: stable@vger.kernel.org
-Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- drivers/thunderbolt/xdomain.c | 58 +++++++++++++++++++++++++----------
- 1 file changed, 41 insertions(+), 17 deletions(-)
-
-diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
-index 3c51e47dd86b..0b17a4d4e9b9 100644
--- a/drivers/thunderbolt/xdomain.c
-+++ b/drivers/thunderbolt/xdomain.c
-@@ -704,6 +704,27 @@ static void update_property_block(struct tb_xdomain *xd)
- 	mutex_unlock(&xdomain_lock);
- }
- 
-+static void start_handshake(struct tb_xdomain *xd)
-+{
-+	xd->state = XDOMAIN_STATE_INIT;
-+	queue_delayed_work(xd->tb->wq, &xd->state_work,
-+			   msecs_to_jiffies(XDOMAIN_SHORT_TIMEOUT));
-+}
-+
-+/* Can be called from state_work */
-+static void __stop_handshake(struct tb_xdomain *xd)
-+{
-+	cancel_delayed_work_sync(&xd->properties_changed_work);
-+	xd->properties_changed_retries = 0;
-+	xd->state_retries = 0;
-+}
-+
-+static void stop_handshake(struct tb_xdomain *xd)
-+{
-+	cancel_delayed_work_sync(&xd->state_work);
-+	__stop_handshake(xd);
-+}
-+
- static void tb_xdp_handle_request(struct work_struct *work)
- {
- 	struct xdomain_request_work *xw = container_of(work, typeof(*xw), work);
-@@ -766,6 +787,15 @@ static void tb_xdp_handle_request(struct work_struct *work)
- 	case UUID_REQUEST:
- 		tb_dbg(tb, "%llx: received XDomain UUID request\n", route);
- 		ret = tb_xdp_uuid_response(ctl, route, sequence, uuid);
-+		/*
-+		 * If we've stopped the discovery with an error such as
-+		 * timing out, we will restart the handshake now that we
-+		 * received UUID request from the remote host.
-+		 */
-+		if (!ret && xd && xd->state == XDOMAIN_STATE_ERROR) {
-+			dev_dbg(&xd->dev, "restarting handshake\n");
-+			start_handshake(xd);
-+		}
- 		break;
- 
- 	case LINK_STATE_STATUS_REQUEST:
-@@ -1522,6 +1552,13 @@ static void tb_xdomain_queue_properties_changed(struct tb_xdomain *xd)
- 			   msecs_to_jiffies(XDOMAIN_SHORT_TIMEOUT));
- }
- 
-+static void tb_xdomain_failed(struct tb_xdomain *xd)
-+{
-+	xd->state = XDOMAIN_STATE_ERROR;
-+	queue_delayed_work(xd->tb->wq, &xd->state_work,
-+			   msecs_to_jiffies(XDOMAIN_DEFAULT_TIMEOUT));
-+}
-+
- static void tb_xdomain_state_work(struct work_struct *work)
- {
- 	struct tb_xdomain *xd = container_of(work, typeof(*xd), state_work.work);
-@@ -1548,7 +1585,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
- 		if (ret) {
- 			if (ret == -EAGAIN)
- 				goto retry_state;
-			xd->state = XDOMAIN_STATE_ERROR;
-+			tb_xdomain_failed(xd);
- 		} else {
- 			tb_xdomain_queue_properties_changed(xd);
- 			if (xd->bonding_possible)
-@@ -1613,7 +1650,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
- 		if (ret) {
- 			if (ret == -EAGAIN)
- 				goto retry_state;
-			xd->state = XDOMAIN_STATE_ERROR;
-+			tb_xdomain_failed(xd);
- 		} else {
- 			xd->state = XDOMAIN_STATE_ENUMERATED;
- 		}
-@@ -1624,6 +1661,8 @@ static void tb_xdomain_state_work(struct work_struct *work)
- 		break;
- 
- 	case XDOMAIN_STATE_ERROR:
-+		dev_dbg(&xd->dev, "discovery failed, stopping handshake\n");
-+		__stop_handshake(xd);
- 		break;
- 
- 	default:
-@@ -1793,21 +1832,6 @@ static void tb_xdomain_release(struct device *dev)
- 	kfree(xd);
- }
- 
-static void start_handshake(struct tb_xdomain *xd)
-{
-	xd->state = XDOMAIN_STATE_INIT;
-	queue_delayed_work(xd->tb->wq, &xd->state_work,
-			   msecs_to_jiffies(XDOMAIN_SHORT_TIMEOUT));
-}
-
-static void stop_handshake(struct tb_xdomain *xd)
-{
-	cancel_delayed_work_sync(&xd->properties_changed_work);
-	cancel_delayed_work_sync(&xd->state_work);
-	xd->properties_changed_retries = 0;
-	xd->state_retries = 0;
-}
-
- static int __maybe_unused tb_xdomain_suspend(struct device *dev)
- {
- 	stop_handshake(tb_to_xdomain(dev));
@@ -0,0 +1,63 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Zimmermann <tzimmermann@suse.de>
+Date: Tue, 25 Jan 2022 10:12:20 +0100
+Subject: [PATCH] drm/simpledrm: Request memory region in driver
+
+Requesting the framebuffer memory in simpledrm marks the memory
+range as busy. This used to be done by the firmware sysfb code,
+but the driver is the correct place.
+
+v2:
+	* use I/O memory if request_mem_region() fails (Jocelyn)
+
+Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Jocelyn Falempe <jfalempe@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/gpu/drm/tiny/simpledrm.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/tiny/simpledrm.c b/drivers/gpu/drm/tiny/simpledrm.c
+index f3c2c173ca4b..da58c0d0f44d 100644
+--- a/drivers/gpu/drm/tiny/simpledrm.c
+++ b/drivers/gpu/drm/tiny/simpledrm.c
+@@ -525,21 +525,33 @@ static int simpledrm_device_init_mm(struct simpledrm_device *sdev)
+ {
+ 	struct drm_device *dev = &sdev->dev;
+ 	struct platform_device *pdev = sdev->pdev;
+-	struct resource *mem;
+	struct resource *res, *mem;
+ 	void __iomem *screen_base;
+ 	int ret;
+ 
+-	mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+-	if (!mem)
+	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+	if (!res)
+ 		return -EINVAL;
+ 
+-	ret = devm_aperture_acquire_from_firmware(dev, mem->start, resource_size(mem));
+	ret = devm_aperture_acquire_from_firmware(dev, res->start, resource_size(res));
+ 	if (ret) {
+ 		drm_err(dev, "could not acquire memory range %pr: error %d\n",
+-			mem, ret);
+			res, ret);
+ 		return ret;
+ 	}
+ 
+	mem = devm_request_mem_region(&pdev->dev, res->start, resource_size(res),
+				      sdev->dev.driver->name);
+	if (!mem) {
+		/*
+		 * We cannot make this fatal. Sometimes this comes from magic
+		 * spaces our resource handlers simply don't know about. Use
+		 * the I/O-memory resource as-is and try to map that instead.
+		 */
+		drm_warn(dev, "could not acquire memory region %pr\n", res);
+		mem = res;
+	}
+
+ 	screen_base = devm_ioremap_wc(&pdev->dev, mem->start,
+ 				      resource_size(mem));
+ 	if (!screen_base)
@@ -1,72 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Borislav Petkov (AMD)" <bp@alien8.de>
-Date: Sat, 7 Oct 2023 12:57:02 +0200
-Subject: [PATCH] x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fix erratum #1485 on Zen4 parts where running with STIBP disabled can
-cause an #UD exception. The performance impact of the fix is negligible.
-
-Reported-by: René Rebe <rene@exactcode.de>
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Tested-by: René Rebe <rene@exactcode.de>
-Cc: <stable@kernel.org>
-Link: https://lore.kernel.org/r/D99589F4-BC5D-430B-87B2-72C20370CF57@exactcode.com
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- arch/x86/include/asm/msr-index.h | 9 +++++++--
- arch/x86/kernel/cpu/amd.c        | 8 ++++++++
- 2 files changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index ebbf80d8b8bd..a79b10e57757 100644
--- a/arch/x86/include/asm/msr-index.h
-+++ b/arch/x86/include/asm/msr-index.h
-@@ -630,12 +630,17 @@
- /* AMD Last Branch Record MSRs */
- #define MSR_AMD64_LBR_SELECT			0xc000010e
- 
-/* Fam 17h MSRs */
-#define MSR_F17H_IRPERF			0xc00000e9
-+/* Zen4 */
-+#define MSR_ZEN4_BP_CFG			0xc001102e
-+#define MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT 5
- 
-+/* Zen 2 */
- #define MSR_ZEN2_SPECTRAL_CHICKEN	0xc00110e3
- #define MSR_ZEN2_SPECTRAL_CHICKEN_BIT	BIT_ULL(1)
- 
-+/* Fam 17h MSRs */
-+#define MSR_F17H_IRPERF			0xc00000e9
-+
- /* Fam 16h MSRs */
- #define MSR_F16H_L2I_PERF_CTL		0xc0010230
- #define MSR_F16H_L2I_PERF_CTR		0xc0010231
-diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index a608a2b78073..154e9c0c16bd 100644
--- a/arch/x86/kernel/cpu/amd.c
-+++ b/arch/x86/kernel/cpu/amd.c
-@@ -80,6 +80,10 @@ static const int amd_div0[] =
- 	AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x00, 0x0, 0x2f, 0xf),
- 			   AMD_MODEL_RANGE(0x17, 0x50, 0x0, 0x5f, 0xf));
- 
-+static const int amd_erratum_1485[] =
-+	AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x19, 0x10, 0x0, 0x1f, 0xf),
-+			   AMD_MODEL_RANGE(0x19, 0x60, 0x0, 0xaf, 0xf));
-+
- static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
- {
- 	int osvw_id = *erratum++;
-@@ -1125,6 +1129,10 @@ static void init_amd(struct cpuinfo_x86 *c)
- 		pr_notice_once("AMD Zen1 DIV0 bug detected. Disable SMT for full protection.\n");
- 		setup_force_cpu_bug(X86_BUG_DIV0);
- 	}
-+
-+	if (!cpu_has(c, X86_FEATURE_HYPERVISOR) &&
-+	     cpu_has_amd_erratum(c, amd_erratum_1485))
-+		msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT);
- }
- 
- #ifdef CONFIG_X86_32
@@ -1,46 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Sterz <s.sterz@proxmox.com>
-Date: Wed, 18 Oct 2023 10:45:45 +0200
-Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
- nested VMCB"
-
-This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
-
-Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
- arch/x86/kvm/svm/nested.c | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
-index add65dd59756..61a6c0235519 100644
--- a/arch/x86/kvm/svm/nested.c
-+++ b/arch/x86/kvm/svm/nested.c
-@@ -242,18 +242,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
- 	    kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
- }
- 
-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
-{
-	/* Nested FLUSHBYASID is not supported yet.  */
-	switch(tlb_ctl) {
-		case TLB_CONTROL_DO_NOTHING:
-		case TLB_CONTROL_FLUSH_ALL_ASID:
-			return true;
-		default:
-			return false;
-	}
-}
-
- static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
- 					 struct vmcb_ctrl_area_cached *control)
- {
-@@ -273,9 +261,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
- 					   IOPM_SIZE)))
- 		return false;
- 
-	if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
-		return false;
-
- 	return true;
- }
- 
@@ -0,0 +1,148 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Zimmermann <tzimmermann@suse.de>
+Date: Tue, 25 Jan 2022 10:12:21 +0100
+Subject: [PATCH] fbdev/simplefb: Request memory region in driver
+
+Requesting the framebuffer memory in simpledrm marks the memory
+range as busy. This used to be done by the firmware sysfb code,
+but the driver is the correct place.
+
+v2:
+	* store memory region in struct for later cleanup (Javier)
+
+Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/video/fbdev/simplefb.c | 65 +++++++++++++++++++++++-----------
+ 1 file changed, 45 insertions(+), 20 deletions(-)
+
+diff --git a/drivers/video/fbdev/simplefb.c b/drivers/video/fbdev/simplefb.c
+index a2e3a4690025..8acfb12abfee 100644
+--- a/drivers/video/fbdev/simplefb.c
+++ b/drivers/video/fbdev/simplefb.c
+@@ -66,7 +66,21 @@ static int simplefb_setcolreg(u_int regno, u_int red, u_int green, u_int blue,
+ 	return 0;
+ }
+ 
+-struct simplefb_par;
+struct simplefb_par {
+	u32 palette[PSEUDO_PALETTE_SIZE];
+	struct resource *mem;
+#if defined CONFIG_OF && defined CONFIG_COMMON_CLK
+	bool clks_enabled;
+	unsigned int clk_count;
+	struct clk **clks;
+#endif
+#if defined CONFIG_OF && defined CONFIG_REGULATOR
+	bool regulators_enabled;
+	u32 regulator_count;
+	struct regulator **regulators;
+#endif
+};
+
+ static void simplefb_clocks_destroy(struct simplefb_par *par);
+ static void simplefb_regulators_destroy(struct simplefb_par *par);
+ 
+@@ -76,12 +90,18 @@ static void simplefb_regulators_destroy(struct simplefb_par *par);
+  */
+ static void simplefb_destroy(struct fb_info *info)
+ {
+	struct simplefb_par *par = info->par;
+	struct resource *mem = par->mem;
+
+ 	simplefb_regulators_destroy(info->par);
+ 	simplefb_clocks_destroy(info->par);
+ 	if (info->screen_base)
+ 		iounmap(info->screen_base);
+ 
+ 	framebuffer_release(info);
+
+	if (mem)
+		release_mem_region(mem->start, resource_size(mem));
+ }
+ 
+ static const struct fb_ops simplefb_ops = {
+@@ -175,20 +195,6 @@ static int simplefb_parse_pd(struct platform_device *pdev,
+ 	return 0;
+ }
+ 
+-struct simplefb_par {
+-	u32 palette[PSEUDO_PALETTE_SIZE];
+-#if defined CONFIG_OF && defined CONFIG_COMMON_CLK
+-	bool clks_enabled;
+-	unsigned int clk_count;
+-	struct clk **clks;
+-#endif
+-#if defined CONFIG_OF && defined CONFIG_REGULATOR
+-	bool regulators_enabled;
+-	u32 regulator_count;
+-	struct regulator **regulators;
+-#endif
+-};
+-
+ #if defined CONFIG_OF && defined CONFIG_COMMON_CLK
+ /*
+  * Clock handling code.
+@@ -411,7 +417,7 @@ static int simplefb_probe(struct platform_device *pdev)
+ 	struct simplefb_params params;
+ 	struct fb_info *info;
+ 	struct simplefb_par *par;
+-	struct resource *mem;
+	struct resource *res, *mem;
+ 
+ 	/*
+ 	 * Generic drivers must not be registered if a framebuffer exists.
+@@ -436,15 +442,28 @@ static int simplefb_probe(struct platform_device *pdev)
+ 	if (ret)
+ 		return ret;
+ 
+-	mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+-	if (!mem) {
+	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+	if (!res) {
+ 		dev_err(&pdev->dev, "No memory resource\n");
+ 		return -EINVAL;
+ 	}
+ 
+	mem = request_mem_region(res->start, resource_size(res), "simplefb");
+	if (!mem) {
+		/*
+		 * We cannot make this fatal. Sometimes this comes from magic
+		 * spaces our resource handlers simply don't know about. Use
+		 * the I/O-memory resource as-is and try to map that instead.
+		 */
+		dev_warn(&pdev->dev, "simplefb: cannot reserve video memory at %pR\n", res);
+		mem = res;
+	}
+
+ 	info = framebuffer_alloc(sizeof(struct simplefb_par), &pdev->dev);
+-	if (!info)
+-		return -ENOMEM;
+	if (!info) {
+		ret = -ENOMEM;
+		goto error_release_mem_region;
+	}
+ 	platform_set_drvdata(pdev, info);
+ 
+ 	par = info->par;
+@@ -501,6 +520,9 @@ static int simplefb_probe(struct platform_device *pdev)
+ 			     info->var.xres, info->var.yres,
+ 			     info->var.bits_per_pixel, info->fix.line_length);
+ 
+	if (mem != res)
+		par->mem = mem; /* release in clean-up handler */
+
+ 	ret = register_framebuffer(info);
+ 	if (ret < 0) {
+ 		dev_err(&pdev->dev, "Unable to register simplefb: %d\n", ret);
+@@ -519,6 +541,9 @@ static int simplefb_probe(struct platform_device *pdev)
+ 	iounmap(info->screen_base);
+ error_fb_release:
+ 	framebuffer_release(info);
+error_release_mem_region:
+	if (mem != res)
+		release_mem_region(mem->start, resource_size(mem));
+ 	return ret;
+ }
+ 
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sean Christopherson <seanjc@google.com>
-Date: Wed, 18 Oct 2023 12:41:04 -0700
-Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
-
-Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
-always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
-with a new, fresh ASID in vmcb02.  Some modern hypervisors, e.g. VMWare
-Workstation 17, require FLUSHBYASID support and will refuse to run if it's
-not present.
-
-Punt on proper support, as "Honor L1's request to flush an ASID on nested
-VMRUN" is one of the TODO items in the (incomplete) list of issues that
-need to be addressed in order for KVM to NOT do a full TLB flush on every
-nested SVM transition (see nested_svm_transition_tlb_flush()).
-
-Reported-by: Stefan Sterz <s.sterz@proxmox.com>
-Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
-Signed-off-by: Sean Christopherson <seanjc@google.com>
-Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
- arch/x86/kvm/svm/svm.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index cf31babfbbb9..99a7e93b2edf 100644
--- a/arch/x86/kvm/svm/svm.c
-+++ b/arch/x86/kvm/svm/svm.c
-@@ -4920,6 +4920,7 @@ static __init void svm_set_cpu_caps(void)
- 	if (nested) {
- 		kvm_cpu_cap_set(X86_FEATURE_SVM);
- 		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
-+		kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
- 
- 		if (nrips)
- 			kvm_cpu_cap_set(X86_FEATURE_NRIPS);
@@ -0,0 +1,81 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Wed, 16 Mar 2022 18:24:26 -0400
+Subject: [PATCH] NFSv4.1 provide mount option to toggle trunking discovery
+
+Introduce a new mount option -- trunkdiscovery,notrunkdiscovery -- to
+toggle whether or not the client will engage in actively discovery
+of trunking locations.
+
+v2 make notrunkdiscovery default
+
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Fixes: 1976b2b31462 ("NFSv4.1 query for fs_location attr on a new file system")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+(cherry picked from commit a43bf604446414103b7535f38e739b65601c4fb2)
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ fs/nfs/client.c           | 3 ++-
+ fs/nfs/fs_context.c       | 8 ++++++++
+ include/linux/nfs_fs_sb.h | 1 +
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index 090b16890e3d..f303e96ce165 100644
+--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
+@@ -861,7 +861,8 @@ int nfs_probe_fsinfo(struct nfs_server *server, struct nfs_fh *mntfh, struct nfs
+ 	}
+ 
+ 	if (clp->rpc_ops->discover_trunking != NULL &&
+-			(server->caps & NFS_CAP_FS_LOCATIONS)) {
+			(server->caps & NFS_CAP_FS_LOCATIONS &&
+			 (server->flags & NFS_MOUNT_TRUNK_DISCOVERY))) {
+ 		error = clp->rpc_ops->discover_trunking(server, mntfh);
+ 		if (error < 0)
+ 			return error;
+diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
+index fb3cad38b149..0166370f088e 100644
+--- a/fs/nfs/fs_context.c
+++ b/fs/nfs/fs_context.c
+@@ -79,6 +79,7 @@ enum nfs_param {
+ 	Opt_source,
+ 	Opt_tcp,
+ 	Opt_timeo,
+	Opt_trunkdiscovery,
+ 	Opt_udp,
+ 	Opt_v,
+ 	Opt_vers,
+@@ -179,6 +180,7 @@ static const struct fs_parameter_spec nfs_fs_parameters[] = {
+ 	fsparam_string("source",	Opt_source),
+ 	fsparam_flag  ("tcp",		Opt_tcp),
+ 	fsparam_u32   ("timeo",		Opt_timeo),
+	fsparam_flag_no("trunkdiscovery", Opt_trunkdiscovery),
+ 	fsparam_flag  ("udp",		Opt_udp),
+ 	fsparam_flag  ("v2",		Opt_v),
+ 	fsparam_flag  ("v3",		Opt_v),
+@@ -528,6 +530,12 @@ static int nfs_fs_context_parse_param(struct fs_context *fc,
+ 		else
+ 			ctx->flags &= ~NFS_MOUNT_NOCTO;
+ 		break;
+	case Opt_trunkdiscovery:
+		if (result.negated)
+			ctx->flags &= ~NFS_MOUNT_TRUNK_DISCOVERY;
+		else
+			ctx->flags |= NFS_MOUNT_TRUNK_DISCOVERY;
+		break;
+ 	case Opt_ac:
+ 		if (result.negated)
+ 			ctx->flags |= NFS_MOUNT_NOAC;
+diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
+index 5e065f16d061..324bdd653ad4 100644
+--- a/include/linux/nfs_fs_sb.h
+++ b/include/linux/nfs_fs_sb.h
+@@ -157,6 +157,7 @@ struct nfs_server {
+ #define NFS_MOUNT_SOFTREVAL		0x800000
+ #define NFS_MOUNT_WRITE_EAGER		0x01000000
+ #define NFS_MOUNT_WRITE_WAIT		0x02000000
+#define NFS_MOUNT_TRUNK_DISCOVERY	0x04000000
+ 
+ 	unsigned int		fattr_valid;	/* Valid attributes */
+ 	unsigned int		caps;		/* server capabilities */
@@ -0,0 +1,69 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marc Bevand <m@zorinaq.com>
+Date: Tue, 21 Dec 2021 15:31:12 -0800
+Subject: [PATCH] EDAC/amd64: Add PCI device IDs for family 19h model 50h
+
+Add the new family 19h model 50h PCI IDs (device 18h functions 0 and 6)
+to support Ryzen 5000 APUs ("Cezanne").
+
+Signed-off-by: Marc Bevand <m@zorinaq.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/edac/amd64_edac.c | 15 +++++++++++++++
+ drivers/edac/amd64_edac.h |  3 +++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
+index c6c58f01067f..f8ef2edf8abf 100644
+--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
+@@ -2660,6 +2660,16 @@ static struct amd64_family_type family_types[] = {
+ 			.dbam_to_cs		= f17_addr_mask_to_cs_size,
+ 		}
+ 	},
+	[F19_M50H_CPUS] = {
+		.ctl_name = "F19h_M50h",
+		.f0_id = PCI_DEVICE_ID_AMD_19H_M50H_DF_F0,
+		.f6_id = PCI_DEVICE_ID_AMD_19H_M50H_DF_F6,
+		.max_mcs = 2,
+		.ops = {
+			.early_channel_count	= f17_early_channel_count,
+			.dbam_to_cs		= f17_addr_mask_to_cs_size,
+		}
+	},
+ };
+ 
+ /*
+@@ -3706,6 +3716,11 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt)
+ 			pvt->ops = &family_types[F17_M70H_CPUS].ops;
+ 			fam_type->ctl_name = "F19h_M20h";
+ 			break;
+		} else if (pvt->model >= 0x50 && pvt->model <= 0x5f) {
+			fam_type = &family_types[F19_M50H_CPUS];
+			pvt->ops = &family_types[F19_M50H_CPUS].ops;
+			fam_type->ctl_name = "F19h_M50h";
+			break;
+ 		} else if (pvt->model >= 0xa0 && pvt->model <= 0xaf) {
+ 			fam_type = &family_types[F19_M10H_CPUS];
+ 			pvt->ops = &family_types[F19_M10H_CPUS].ops;
+diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h
+index 650cab401e21..352bda9803f6 100644
+--- a/drivers/edac/amd64_edac.h
+++ b/drivers/edac/amd64_edac.h
+@@ -128,6 +128,8 @@
+ #define PCI_DEVICE_ID_AMD_19H_DF_F6	0x1656
+ #define PCI_DEVICE_ID_AMD_19H_M10H_DF_F0 0x14ad
+ #define PCI_DEVICE_ID_AMD_19H_M10H_DF_F6 0x14b3
+#define PCI_DEVICE_ID_AMD_19H_M50H_DF_F0 0x166a
+#define PCI_DEVICE_ID_AMD_19H_M50H_DF_F6 0x1670
+ 
+ /*
+  * Function 1 - Address Map
+@@ -301,6 +303,7 @@ enum amd_families {
+ 	F17_M70H_CPUS,
+ 	F19_CPUS,
+ 	F19_M10H_CPUS,
+	F19_M50H_CPUS,
+ 	NUM_FAMILIES,
+ };
+ 
@@ -1,164 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sean Christopherson <seanjc@google.com>
-Date: Wed, 27 Sep 2023 17:19:52 -0700
-Subject: [PATCH] x86/fpu: Allow caller to constrain xfeatures when copying to
- uabi buffer
-
-Plumb an xfeatures mask into __copy_xstate_to_uabi_buf() so that KVM can
-constrain which xfeatures are saved into the userspace buffer without
-having to modify the user_xfeatures field in KVM's guest_fpu state.
-
-KVM's ABI for KVM_GET_XSAVE{2} is that features that are not exposed to
-guest must not show up in the effective xstate_bv field of the buffer.
-Saving only the guest-supported xfeatures allows userspace to load the
-saved state on a different host with a fewer xfeatures, so long as the
-target host supports the xfeatures that are exposed to the guest.
-
-KVM currently sets user_xfeatures directly to restrict KVM_GET_XSAVE{2} to
-the set of guest-supported xfeatures, but doing so broke KVM's historical
-ABI for KVM_SET_XSAVE, which allows userspace to load any xfeatures that
-are supported by the *host*.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Sean Christopherson <seanjc@google.com>
-Message-Id: <20230928001956.924301-2-seanjc@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 18164f66e6c59fda15c198b371fa008431efdb22)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- arch/x86/include/asm/fpu/api.h |  3 ++-
- arch/x86/kernel/fpu/core.c     |  5 +++--
- arch/x86/kernel/fpu/xstate.c   |  7 +++++--
- arch/x86/kernel/fpu/xstate.h   |  3 ++-
- arch/x86/kvm/x86.c             | 21 +++++++++------------
- 5 files changed, 21 insertions(+), 18 deletions(-)
-
-diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
-index b475d9a582b8..e829fa4c6788 100644
--- a/arch/x86/include/asm/fpu/api.h
-+++ b/arch/x86/include/asm/fpu/api.h
-@@ -148,7 +148,8 @@ static inline void fpu_update_guest_xfd(struct fpu_guest *guest_fpu, u64 xfd) {
- static inline void fpu_sync_guest_vmexit_xfd_state(void) { }
- #endif
- 
-extern void fpu_copy_guest_fpstate_to_uabi(struct fpu_guest *gfpu, void *buf, unsigned int size, u32 pkru);
-+extern void fpu_copy_guest_fpstate_to_uabi(struct fpu_guest *gfpu, void *buf,
-+					   unsigned int size, u64 xfeatures, u32 pkru);
- extern int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf, u64 xcr0, u32 *vpkru);
- 
- static inline void fpstate_set_confidential(struct fpu_guest *gfpu)
-diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
-index a083f9ac9e4f..1d190761d00f 100644
--- a/arch/x86/kernel/fpu/core.c
-+++ b/arch/x86/kernel/fpu/core.c
-@@ -369,14 +369,15 @@ int fpu_swap_kvm_fpstate(struct fpu_guest *guest_fpu, bool enter_guest)
- EXPORT_SYMBOL_GPL(fpu_swap_kvm_fpstate);
- 
- void fpu_copy_guest_fpstate_to_uabi(struct fpu_guest *gfpu, void *buf,
-				    unsigned int size, u32 pkru)
-+				    unsigned int size, u64 xfeatures, u32 pkru)
- {
- 	struct fpstate *kstate = gfpu->fpstate;
- 	union fpregs_state *ustate = buf;
- 	struct membuf mb = { .p = buf, .left = size };
- 
- 	if (cpu_feature_enabled(X86_FEATURE_XSAVE)) {
-		__copy_xstate_to_uabi_buf(mb, kstate, pkru, XSTATE_COPY_XSAVE);
-+		__copy_xstate_to_uabi_buf(mb, kstate, xfeatures, pkru,
-+					  XSTATE_COPY_XSAVE);
- 	} else {
- 		memcpy(&ustate->fxsave, &kstate->regs.fxsave,
- 		       sizeof(ustate->fxsave));
-diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
-index 1afbc4866b10..463ec0cd0dab 100644
--- a/arch/x86/kernel/fpu/xstate.c
-+++ b/arch/x86/kernel/fpu/xstate.c
-@@ -1053,6 +1053,7 @@ static void copy_feature(bool from_xstate, struct membuf *to, void *xstate,
-  * __copy_xstate_to_uabi_buf - Copy kernel saved xstate to a UABI buffer
-  * @to:		membuf descriptor
-  * @fpstate:	The fpstate buffer from which to copy
-+ * @xfeatures:	The mask of xfeatures to save (XSAVE mode only)
-  * @pkru_val:	The PKRU value to store in the PKRU component
-  * @copy_mode:	The requested copy mode
-  *
-@@ -1063,7 +1064,8 @@ static void copy_feature(bool from_xstate, struct membuf *to, void *xstate,
-  * It supports partial copy but @to.pos always starts from zero.
-  */
- void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
-			       u32 pkru_val, enum xstate_copy_mode copy_mode)
-+			       u64 xfeatures, u32 pkru_val,
-+			       enum xstate_copy_mode copy_mode)
- {
- 	const unsigned int off_mxcsr = offsetof(struct fxregs_state, mxcsr);
- 	struct xregs_state *xinit = &init_fpstate.regs.xsave;
-@@ -1087,7 +1089,7 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
- 		break;
- 
- 	case XSTATE_COPY_XSAVE:
-		header.xfeatures &= fpstate->user_xfeatures;
-+		header.xfeatures &= fpstate->user_xfeatures & xfeatures;
- 		break;
- 	}
- 
-@@ -1189,6 +1191,7 @@ void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
- 			     enum xstate_copy_mode copy_mode)
- {
- 	__copy_xstate_to_uabi_buf(to, tsk->thread.fpu.fpstate,
-+				  tsk->thread.fpu.fpstate->user_xfeatures,
- 				  tsk->thread.pkru, copy_mode);
- }
- 
-diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
-index a4ecb04d8d64..3518fb26d06b 100644
--- a/arch/x86/kernel/fpu/xstate.h
-+++ b/arch/x86/kernel/fpu/xstate.h
-@@ -43,7 +43,8 @@ enum xstate_copy_mode {
- 
- struct membuf;
- extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
-				      u32 pkru_val, enum xstate_copy_mode copy_mode);
-+				      u64 xfeatures, u32 pkru_val,
-+				      enum xstate_copy_mode copy_mode);
- extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
- 				    enum xstate_copy_mode mode);
- extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index ff92ff41d5ce..a43a950d04cb 100644
--- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -5314,26 +5314,23 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
- 	return 0;
- }
- 
-static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
-					 struct kvm_xsave *guest_xsave)
-+
-+static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu,
-+					  u8 *state, unsigned int size)
- {
- 	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
- 		return;
- 
-	fpu_copy_guest_fpstate_to_uabi(&vcpu->arch.guest_fpu,
-				       guest_xsave->region,
-				       sizeof(guest_xsave->region),
-+	fpu_copy_guest_fpstate_to_uabi(&vcpu->arch.guest_fpu, state, size,
-+				       vcpu->arch.guest_fpu.fpstate->user_xfeatures,
- 				       vcpu->arch.pkru);
- }
- 
-static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu,
-					  u8 *state, unsigned int size)
-+static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
-+					 struct kvm_xsave *guest_xsave)
- {
-	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
-		return;
-
-	fpu_copy_guest_fpstate_to_uabi(&vcpu->arch.guest_fpu,
-				       state, size, vcpu->arch.pkru);
-+	return kvm_vcpu_ioctl_x86_get_xsave2(vcpu, (void *)guest_xsave->region,
-+					     sizeof(guest_xsave->region));
- }
- 
- static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
@@ -1,119 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sean Christopherson <seanjc@google.com>
-Date: Wed, 27 Sep 2023 17:19:53 -0700
-Subject: [PATCH] KVM: x86: Constrain guest-supported xfeatures only at
- KVM_GET_XSAVE{2}
-
-Mask off xfeatures that aren't exposed to the guest only when saving guest
-state via KVM_GET_XSAVE{2} instead of modifying user_xfeatures directly.
-Preserving the maximal set of xfeatures in user_xfeatures restores KVM's
-ABI for KVM_SET_XSAVE, which prior to commit ad856280ddea ("x86/kvm/fpu:
-Limit guest user_xfeatures to supported bits of XCR0") allowed userspace
-to load xfeatures that are supported by the host, irrespective of what
-xfeatures are exposed to the guest.
-
-There is no known use case where userspace *intentionally* loads xfeatures
-that aren't exposed to the guest, but the bug fixed by commit ad856280ddea
-was specifically that KVM_GET_SAVE{2} would save xfeatures that weren't
-exposed to the guest, e.g. would lead to userspace unintentionally loading
-guest-unsupported xfeatures when live migrating a VM.
-
-Restricting KVM_SET_XSAVE to guest-supported xfeatures is especially
-problematic for QEMU-based setups, as QEMU has a bug where instead of
-terminating the VM if KVM_SET_XSAVE fails, QEMU instead simply stops
-loading guest state, i.e. resumes the guest after live migration with
-incomplete guest state, and ultimately results in guest data corruption.
-
-Note, letting userspace restore all host-supported xfeatures does not fix
-setups where a VM is migrated from a host *without* commit ad856280ddea,
-to a target with a subset of host-supported xfeatures.  However there is
-no way to safely address that scenario, e.g. KVM could silently drop the
-unsupported features, but that would be a clear violation of KVM's ABI and
-so would require userspace to opt-in, at which point userspace could
-simply be updated to sanitize the to-be-loaded XSAVE state.
-
-Reported-by: Tyler Stachecki <stachecki.tyler@gmail.com>
-Closes: https://lore.kernel.org/all/20230914010003.358162-1-tstachecki@bloomberg.net
-Fixes: ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0")
-Cc: stable@vger.kernel.org
-Cc: Leonardo Bras <leobras@redhat.com>
-Signed-off-by: Sean Christopherson <seanjc@google.com>
-Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
-Message-Id: <20230928001956.924301-3-seanjc@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 8647c52e9504c99752a39f1d44f6268f82c40a5c)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- arch/x86/kernel/fpu/xstate.c |  5 +----
- arch/x86/kvm/cpuid.c         |  8 --------
- arch/x86/kvm/x86.c           | 18 ++++++++++++++++--
- 3 files changed, 17 insertions(+), 14 deletions(-)
-
-diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
-index 463ec0cd0dab..ebe698f8af73 100644
--- a/arch/x86/kernel/fpu/xstate.c
-+++ b/arch/x86/kernel/fpu/xstate.c
-@@ -1543,10 +1543,7 @@ static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
- 		fpregs_restore_userregs();
- 
- 	newfps->xfeatures = curfps->xfeatures | xfeatures;
-
-	if (!guest_fpu)
-		newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
-
-+	newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
- 	newfps->xfd = curfps->xfd & ~xfeatures;
- 
- 	/* Do the final updates within the locked region */
-diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 61aefeb3fdbc..e5393ee652ba 100644
--- a/arch/x86/kvm/cpuid.c
-+++ b/arch/x86/kvm/cpuid.c
-@@ -350,14 +350,6 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
- 	vcpu->arch.guest_supported_xcr0 =
- 		cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
- 
-	/*
-	 * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if
-	 * XSAVE/XCRO are not exposed to the guest, and even if XSAVE isn't
-	 * supported by the host.
-	 */
-	vcpu->arch.guest_fpu.fpstate->user_xfeatures = vcpu->arch.guest_supported_xcr0 |
-						       XFEATURE_MASK_FPSSE;
-
- 	kvm_update_pv_runtime(vcpu);
- 
- 	vcpu->arch.maxphyaddr = cpuid_query_maxphyaddr(vcpu);
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index a43a950d04cb..a4a44adf7c72 100644
--- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -5318,12 +5318,26 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
- static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu,
- 					  u8 *state, unsigned int size)
- {
-+	/*
-+	 * Only copy state for features that are enabled for the guest.  The
-+	 * state itself isn't problematic, but setting bits in the header for
-+	 * features that are supported in *this* host but not exposed to the
-+	 * guest can result in KVM_SET_XSAVE failing when live migrating to a
-+	 * compatible host without the features that are NOT exposed to the
-+	 * guest.
-+	 *
-+	 * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if
-+	 * XSAVE/XCRO are not exposed to the guest, and even if XSAVE isn't
-+	 * supported by the host.
-+	 */
-+	u64 supported_xcr0 = vcpu->arch.guest_supported_xcr0 |
-+			     XFEATURE_MASK_FPSSE;
-+
- 	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
- 		return;
- 
- 	fpu_copy_guest_fpstate_to_uabi(&vcpu->arch.guest_fpu, state, size,
-				       vcpu->arch.guest_fpu.fpstate->user_xfeatures,
-				       vcpu->arch.pkru);
-+				       supported_xcr0, vcpu->arch.pkru);
- }
- 
- static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:49:59 +0300
+Subject: [PATCH] bug: introduce ASSERT_STRUCT_OFFSET
+
+ASSERT_STRUCT_OFFSET allows to assert during the build of
+the kernel that a field in a struct have an expected offset.
+
+KVM used to have such macro, but there is almost nothing KVM specific
+in it so move it to build_bug.h, so that it can be used in other
+places in KVM.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/vmx/vmcs12.h | 5 ++---
+ include/linux/build_bug.h | 9 +++++++++
+ 2 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h
+index 2a45f026ee11..ba8617964982 100644
+--- a/arch/x86/kvm/vmx/vmcs12.h
+++ b/arch/x86/kvm/vmx/vmcs12.h
+@@ -208,9 +208,8 @@ struct __packed vmcs12 {
+ /*
+  * For save/restore compatibility, the vmcs12 field offsets must not change.
+  */
+-#define CHECK_OFFSET(field, loc)				\
+-	BUILD_BUG_ON_MSG(offsetof(struct vmcs12, field) != (loc),	\
+-		"Offset of " #field " in struct vmcs12 has changed.")
+#define CHECK_OFFSET(field, loc) \
+	ASSERT_STRUCT_OFFSET(struct vmcs12, field, loc)
+ 
+ static inline void vmx_check_vmcs12_offsets(void)
+ {
+diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
+index e3a0be2c90ad..3aa3640f8c18 100644
+--- a/include/linux/build_bug.h
+++ b/include/linux/build_bug.h
+@@ -77,4 +77,13 @@
+ #define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr)
+ #define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+ 
+
+/*
+ * Compile time check that field has an expected offset
+ */
+#define ASSERT_STRUCT_OFFSET(type, field, expected_offset)	\
+	BUILD_BUG_ON_MSG(offsetof(type, field) != (expected_offset),	\
+		"Offset of " #field " in " #type " has changed.")
+
+
+ #endif	/* _LINUX_BUILD_BUG_H */
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:02 +0300
+Subject: [PATCH] KVM: x86: emulator: update the emulation mode after rsm
+
+This ensures that RIP will be correctly written back,
+because the RSM instruction can switch the CPU mode from
+32 bit (or less) to 64 bit.
+
+This fixes a guest crash in case the #SMI is received
+while the guest runs a code from an address > 32 bit.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/emulate.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index 98b25a7af8ce..0616ee9cd977 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -2638,6 +2638,11 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
+ 	if (ret != X86EMUL_CONTINUE)
+ 		goto emulate_shutdown;
+ 
+
+	ret = emulator_recalc_and_set_mode(ctxt);
+	if (ret != X86EMUL_CONTINUE)
+		goto emulate_shutdown;
+
+ 	/*
+ 	 * Note, the ctxt->ops callbacks are responsible for handling side
+ 	 * effects when writing MSRs and CRs, e.g. MMU context resets, CPUID
@@ -0,0 +1,280 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:05 +0300
+Subject: [PATCH] KVM: x86: emulator/smm: add structs for KVM's smram layout
+
+Those structs will be used to read/write the smram state image.
+
+Also document the differences between KVM's SMRAM layout and SMRAM
+layout that is used by real Intel/AMD cpus.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/emulate.c     |   6 +
+ arch/x86/kvm/kvm_emulate.h | 218 +++++++++++++++++++++++++++++++++++++
+ arch/x86/kvm/x86.c         |   1 +
+ 3 files changed, 225 insertions(+)
+
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index 0616ee9cd977..6866f09a5b53 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -5829,3 +5829,9 @@ bool emulator_can_use_gpa(struct x86_emulate_ctxt *ctxt)
+ 
+ 	return true;
+ }
+
+void  __init kvm_emulator_init(void)
+{
+	__check_smram32_offsets();
+	__check_smram64_offsets();
+}
+diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h
+index fb09cd22cb7f..0b2bbcce321a 100644
+--- a/arch/x86/kvm/kvm_emulate.h
+++ b/arch/x86/kvm/kvm_emulate.h
+@@ -13,6 +13,7 @@
+ #define _ASM_X86_KVM_X86_EMULATE_H
+ 
+ #include <asm/desc_defs.h>
+#include <linux/build_bug.h>
+ #include "fpu.h"
+ 
+ struct x86_emulate_ctxt;
+@@ -482,6 +483,223 @@ enum x86_intercept {
+ 	nr_x86_intercepts
+ };
+ 
+
+/* 32 bit KVM's emulated SMM layout. Loosely based on Intel's layout */
+
+struct kvm_smm_seg_state_32 {
+	u32 flags;
+	u32 limit;
+	u32 base;
+} __packed;
+
+struct kvm_smram_state_32 {
+	u32 reserved1[62];
+	u32 smbase;
+	u32 smm_revision;
+	u32 reserved2[5];
+	u32 cr4; /* CR4 is not present in Intel/AMD SMRAM image */
+	u32 reserved3[5];
+
+	/*
+	 * Segment state is not present/documented in the Intel/AMD SMRAM image
+	 * Instead this area on Intel/AMD contains IO/HLT restart flags.
+	 */
+	struct kvm_smm_seg_state_32 ds;
+	struct kvm_smm_seg_state_32 fs;
+	struct kvm_smm_seg_state_32 gs;
+	struct kvm_smm_seg_state_32 idtr; /* IDTR has only base and limit */
+	struct kvm_smm_seg_state_32 tr;
+	u32 reserved;
+	struct kvm_smm_seg_state_32 gdtr; /* GDTR has only base and limit */
+	struct kvm_smm_seg_state_32 ldtr;
+	struct kvm_smm_seg_state_32 es;
+	struct kvm_smm_seg_state_32 cs;
+	struct kvm_smm_seg_state_32 ss;
+
+	u32 es_sel;
+	u32 cs_sel;
+	u32 ss_sel;
+	u32 ds_sel;
+	u32 fs_sel;
+	u32 gs_sel;
+	u32 ldtr_sel;
+	u32 tr_sel;
+
+	u32 dr7;
+	u32 dr6;
+	u32 gprs[8]; /* GPRS in the "natural" X86 order (EAX/ECX/EDX.../EDI) */
+	u32 eip;
+	u32 eflags;
+	u32 cr3;
+	u32 cr0;
+} __packed;
+
+
+static inline void __check_smram32_offsets(void)
+{
+#define __CHECK_SMRAM32_OFFSET(field, offset) \
+	ASSERT_STRUCT_OFFSET(struct kvm_smram_state_32, field, offset - 0xFE00)
+
+	__CHECK_SMRAM32_OFFSET(reserved1,	0xFE00);
+	__CHECK_SMRAM32_OFFSET(smbase,		0xFEF8);
+	__CHECK_SMRAM32_OFFSET(smm_revision,	0xFEFC);
+	__CHECK_SMRAM32_OFFSET(reserved2,	0xFF00);
+	__CHECK_SMRAM32_OFFSET(cr4,		0xFF14);
+	__CHECK_SMRAM32_OFFSET(reserved3,	0xFF18);
+	__CHECK_SMRAM32_OFFSET(ds,		0xFF2C);
+	__CHECK_SMRAM32_OFFSET(fs,		0xFF38);
+	__CHECK_SMRAM32_OFFSET(gs,		0xFF44);
+	__CHECK_SMRAM32_OFFSET(idtr,		0xFF50);
+	__CHECK_SMRAM32_OFFSET(tr,		0xFF5C);
+	__CHECK_SMRAM32_OFFSET(gdtr,		0xFF6C);
+	__CHECK_SMRAM32_OFFSET(ldtr,		0xFF78);
+	__CHECK_SMRAM32_OFFSET(es,		0xFF84);
+	__CHECK_SMRAM32_OFFSET(cs,		0xFF90);
+	__CHECK_SMRAM32_OFFSET(ss,		0xFF9C);
+	__CHECK_SMRAM32_OFFSET(es_sel,		0xFFA8);
+	__CHECK_SMRAM32_OFFSET(cs_sel,		0xFFAC);
+	__CHECK_SMRAM32_OFFSET(ss_sel,		0xFFB0);
+	__CHECK_SMRAM32_OFFSET(ds_sel,		0xFFB4);
+	__CHECK_SMRAM32_OFFSET(fs_sel,		0xFFB8);
+	__CHECK_SMRAM32_OFFSET(gs_sel,		0xFFBC);
+	__CHECK_SMRAM32_OFFSET(ldtr_sel,	0xFFC0);
+	__CHECK_SMRAM32_OFFSET(tr_sel,		0xFFC4);
+	__CHECK_SMRAM32_OFFSET(dr7,		0xFFC8);
+	__CHECK_SMRAM32_OFFSET(dr6,		0xFFCC);
+	__CHECK_SMRAM32_OFFSET(gprs,		0xFFD0);
+	__CHECK_SMRAM32_OFFSET(eip,		0xFFF0);
+	__CHECK_SMRAM32_OFFSET(eflags,		0xFFF4);
+	__CHECK_SMRAM32_OFFSET(cr3,		0xFFF8);
+	__CHECK_SMRAM32_OFFSET(cr0,		0xFFFC);
+#undef __CHECK_SMRAM32_OFFSET
+}
+
+
+/* 64 bit KVM's emulated SMM layout. Based on AMD64 layout */
+
+struct kvm_smm_seg_state_64 {
+	u16 selector;
+	u16 attributes;
+	u32 limit;
+	u64 base;
+};
+
+struct kvm_smram_state_64 {
+
+	struct kvm_smm_seg_state_64 es;
+	struct kvm_smm_seg_state_64 cs;
+	struct kvm_smm_seg_state_64 ss;
+	struct kvm_smm_seg_state_64 ds;
+	struct kvm_smm_seg_state_64 fs;
+	struct kvm_smm_seg_state_64 gs;
+	struct kvm_smm_seg_state_64 gdtr; /* GDTR has only base and limit*/
+	struct kvm_smm_seg_state_64 ldtr;
+	struct kvm_smm_seg_state_64 idtr; /* IDTR has only base and limit*/
+	struct kvm_smm_seg_state_64 tr;
+
+	/* I/O restart and auto halt restart are not implemented by KVM */
+	u64 io_restart_rip;
+	u64 io_restart_rcx;
+	u64 io_restart_rsi;
+	u64 io_restart_rdi;
+	u32 io_restart_dword;
+	u32 reserved1;
+	u8 io_inst_restart;
+	u8 auto_hlt_restart;
+	u8 reserved2[6];
+
+	u64 efer;
+
+	/*
+	 * Two fields below are implemented on AMD only, to store
+	 * SVM guest vmcb address if the #SMI was received while in the guest mode.
+	 */
+	u64 svm_guest_flag;
+	u64 svm_guest_vmcb_gpa;
+	u64 svm_guest_virtual_int; /* unknown purpose, not implemented */
+
+	u32 reserved3[3];
+	u32 smm_revison;
+	u32 smbase;
+	u32 reserved4[5];
+
+	/* ssp and svm_* fields below are not implemented by KVM */
+	u64 ssp;
+	u64 svm_guest_pat;
+	u64 svm_host_efer;
+	u64 svm_host_cr4;
+	u64 svm_host_cr3;
+	u64 svm_host_cr0;
+
+	u64 cr4;
+	u64 cr3;
+	u64 cr0;
+	u64 dr7;
+	u64 dr6;
+	u64 rflags;
+	u64 rip;
+	u64 gprs[16]; /* GPRS in a reversed "natural" X86 order (R15/R14/../RCX/RAX.) */
+};
+
+
+static inline void __check_smram64_offsets(void)
+{
+#define __CHECK_SMRAM64_OFFSET(field, offset) \
+	ASSERT_STRUCT_OFFSET(struct kvm_smram_state_64, field, offset - 0xFE00)
+
+	__CHECK_SMRAM64_OFFSET(es,			0xFE00);
+	__CHECK_SMRAM64_OFFSET(cs,			0xFE10);
+	__CHECK_SMRAM64_OFFSET(ss,			0xFE20);
+	__CHECK_SMRAM64_OFFSET(ds,			0xFE30);
+	__CHECK_SMRAM64_OFFSET(fs,			0xFE40);
+	__CHECK_SMRAM64_OFFSET(gs,			0xFE50);
+	__CHECK_SMRAM64_OFFSET(gdtr,			0xFE60);
+	__CHECK_SMRAM64_OFFSET(ldtr,			0xFE70);
+	__CHECK_SMRAM64_OFFSET(idtr,			0xFE80);
+	__CHECK_SMRAM64_OFFSET(tr,			0xFE90);
+	__CHECK_SMRAM64_OFFSET(io_restart_rip,		0xFEA0);
+	__CHECK_SMRAM64_OFFSET(io_restart_rcx,		0xFEA8);
+	__CHECK_SMRAM64_OFFSET(io_restart_rsi,		0xFEB0);
+	__CHECK_SMRAM64_OFFSET(io_restart_rdi,		0xFEB8);
+	__CHECK_SMRAM64_OFFSET(io_restart_dword,	0xFEC0);
+	__CHECK_SMRAM64_OFFSET(reserved1,		0xFEC4);
+	__CHECK_SMRAM64_OFFSET(io_inst_restart,		0xFEC8);
+	__CHECK_SMRAM64_OFFSET(auto_hlt_restart,	0xFEC9);
+	__CHECK_SMRAM64_OFFSET(reserved2,		0xFECA);
+	__CHECK_SMRAM64_OFFSET(efer,			0xFED0);
+	__CHECK_SMRAM64_OFFSET(svm_guest_flag,		0xFED8);
+	__CHECK_SMRAM64_OFFSET(svm_guest_vmcb_gpa,	0xFEE0);
+	__CHECK_SMRAM64_OFFSET(svm_guest_virtual_int,	0xFEE8);
+	__CHECK_SMRAM64_OFFSET(reserved3,		0xFEF0);
+	__CHECK_SMRAM64_OFFSET(smm_revison,		0xFEFC);
+	__CHECK_SMRAM64_OFFSET(smbase,			0xFF00);
+	__CHECK_SMRAM64_OFFSET(reserved4,		0xFF04);
+	__CHECK_SMRAM64_OFFSET(ssp,			0xFF18);
+	__CHECK_SMRAM64_OFFSET(svm_guest_pat,		0xFF20);
+	__CHECK_SMRAM64_OFFSET(svm_host_efer,		0xFF28);
+	__CHECK_SMRAM64_OFFSET(svm_host_cr4,		0xFF30);
+	__CHECK_SMRAM64_OFFSET(svm_host_cr3,		0xFF38);
+	__CHECK_SMRAM64_OFFSET(svm_host_cr0,		0xFF40);
+	__CHECK_SMRAM64_OFFSET(cr4,			0xFF48);
+	__CHECK_SMRAM64_OFFSET(cr3,			0xFF50);
+	__CHECK_SMRAM64_OFFSET(cr0,			0xFF58);
+	__CHECK_SMRAM64_OFFSET(dr7,			0xFF60);
+	__CHECK_SMRAM64_OFFSET(dr6,			0xFF68);
+	__CHECK_SMRAM64_OFFSET(rflags,			0xFF70);
+	__CHECK_SMRAM64_OFFSET(rip,			0xFF78);
+	__CHECK_SMRAM64_OFFSET(gprs,			0xFF80);
+#undef __CHECK_SMRAM64_OFFSET
+}
+
+union kvm_smram {
+	struct kvm_smram_state_64 smram64;
+	struct kvm_smram_state_32 smram32;
+	u8 bytes[512];
+};
+
+void  __init kvm_emulator_init(void);
+
+
+ /* Host execution mode. */
+ #if defined(CONFIG_X86_32)
+ #define X86EMUL_MODE_HOST X86EMUL_MODE_PROT32
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 7e817493667d..f62bce0a74f0 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -12695,6 +12695,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
+ static int __init kvm_x86_init(void)
+ {
+ 	kvm_mmu_x86_module_init();
+	kvm_emulator_init();
+ 	mitigate_smt_rsb &= boot_cpu_has_bug(X86_BUG_SMT_RSB) && cpu_smt_possible();
+ 	return 0;
+ }
@@ -0,0 +1,214 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:06 +0300
+Subject: [PATCH] KVM: x86: emulator/smm: use smram structs in the common code
+
+Switch from using a raw array to 'union kvm_smram'.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/include/asm/kvm_host.h |  5 +++--
+ arch/x86/kvm/emulate.c          | 12 +++++++-----
+ arch/x86/kvm/kvm_emulate.h      |  3 ++-
+ arch/x86/kvm/svm/svm.c          |  8 ++++++--
+ arch/x86/kvm/vmx/vmx.c          |  4 ++--
+ arch/x86/kvm/x86.c              | 16 ++++++++--------
+ 6 files changed, 28 insertions(+), 20 deletions(-)
+
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index b2a98914a63c..4b1514a174b0 100644
+--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
+@@ -200,6 +200,7 @@ typedef enum exit_fastpath_completion fastpath_t;
+ 
+ struct x86_emulate_ctxt;
+ struct x86_exception;
+union kvm_smram;
+ enum x86_intercept;
+ enum x86_intercept_stage;
+ 
+@@ -1464,8 +1465,8 @@ struct kvm_x86_ops {
+ 	void (*setup_mce)(struct kvm_vcpu *vcpu);
+ 
+ 	int (*smi_allowed)(struct kvm_vcpu *vcpu, bool for_injection);
+-	int (*enter_smm)(struct kvm_vcpu *vcpu, char *smstate);
+-	int (*leave_smm)(struct kvm_vcpu *vcpu, const char *smstate);
+	int (*enter_smm)(struct kvm_vcpu *vcpu, union kvm_smram *smram);
+	int (*leave_smm)(struct kvm_vcpu *vcpu, const union kvm_smram *smram);
+ 	void (*enable_smi_window)(struct kvm_vcpu *vcpu);
+ 
+ 	int (*mem_enc_op)(struct kvm *kvm, void __user *argp);
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index 6866f09a5b53..ae6f89b79ef2 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -2566,16 +2566,18 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt,
+ static int em_rsm(struct x86_emulate_ctxt *ctxt)
+ {
+ 	unsigned long cr0, cr4, efer;
+-	char buf[512];
+	const union kvm_smram smram;
+ 	u64 smbase;
+ 	int ret;
+ 
+	BUILD_BUG_ON(sizeof(smram) != 512);
+
+ 	if ((ctxt->ops->get_hflags(ctxt) & X86EMUL_SMM_MASK) == 0)
+ 		return emulate_ud(ctxt);
+ 
+ 	smbase = ctxt->ops->get_smbase(ctxt);
+ 
+-	ret = ctxt->ops->read_phys(ctxt, smbase + 0xfe00, buf, sizeof(buf));
+	ret = ctxt->ops->read_phys(ctxt, smbase + 0xfe00, (void *)&smram, sizeof(smram));
+ 	if (ret != X86EMUL_CONTINUE)
+ 		return X86EMUL_UNHANDLEABLE;
+ 
+@@ -2625,15 +2627,15 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
+ 	 * state (e.g. enter guest mode) before loading state from the SMM
+ 	 * state-save area.
+ 	 */
+-	if (ctxt->ops->leave_smm(ctxt, buf))
+	if (ctxt->ops->leave_smm(ctxt, &smram))
+ 		goto emulate_shutdown;
+ 
+ #ifdef CONFIG_X86_64
+ 	if (emulator_has_longmode(ctxt))
+-		ret = rsm_load_state_64(ctxt, buf);
+		ret = rsm_load_state_64(ctxt, (const char *)&smram);
+ 	else
+ #endif
+-		ret = rsm_load_state_32(ctxt, buf);
+		ret = rsm_load_state_32(ctxt, (const char *)&smram);
+ 
+ 	if (ret != X86EMUL_CONTINUE)
+ 		goto emulate_shutdown;
+diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h
+index 0b2bbcce321a..3b37b3e17379 100644
+--- a/arch/x86/kvm/kvm_emulate.h
+++ b/arch/x86/kvm/kvm_emulate.h
+@@ -19,6 +19,7 @@
+ struct x86_emulate_ctxt;
+ enum x86_intercept;
+ enum x86_intercept_stage;
+union kvm_smram;
+ 
+ struct x86_exception {
+ 	u8 vector;
+@@ -233,7 +234,7 @@ struct x86_emulate_ops {
+ 
+ 	unsigned (*get_hflags)(struct x86_emulate_ctxt *ctxt);
+ 	void (*exiting_smm)(struct x86_emulate_ctxt *ctxt);
+-	int (*leave_smm)(struct x86_emulate_ctxt *ctxt, const char *smstate);
+	int (*leave_smm)(struct x86_emulate_ctxt *ctxt, const union kvm_smram *smram);
+ 	void (*triple_fault)(struct x86_emulate_ctxt *ctxt);
+ 	int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr);
+ };
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index af33aafcb410..76a35d939b9f 100644
+--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
+@@ -4328,12 +4328,14 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+ 	return !svm_smi_blocked(vcpu);
+ }
+ 
+-static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+ {
+ 	struct vcpu_svm *svm = to_svm(vcpu);
+ 	struct kvm_host_map map_save;
+ 	int ret;
+ 
+	char *smstate = (char *)smram;
+
+ 	if (!is_guest_mode(vcpu))
+ 		return 0;
+ 
+@@ -4375,7 +4377,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+ 	return 0;
+ }
+ 
+-static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
+static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+ {
+ 	struct vcpu_svm *svm = to_svm(vcpu);
+ 	struct kvm_host_map map, map_save;
+@@ -4383,6 +4385,8 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
+ 	struct vmcb *vmcb12;
+ 	int ret;
+ 
+	const char *smstate = (const char *)smram;
+
+ 	if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
+ 		return 0;
+ 
+diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
+index ab7141c1def4..f844864b5763 100644
+--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
+@@ -7652,7 +7652,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+ 	return !is_smm(vcpu);
+ }
+ 
+-static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+static int vmx_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+ {
+ 	struct vcpu_vmx *vmx = to_vmx(vcpu);
+ 
+@@ -7666,7 +7666,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+ 	return 0;
+ }
+ 
+-static int vmx_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
+static int vmx_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+ {
+ 	struct vcpu_vmx *vmx = to_vmx(vcpu);
+ 	int ret;
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index f62bce0a74f0..3d282bcce9ef 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -7489,9 +7489,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
+ }
+ 
+ static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt,
+-				  const char *smstate)
+			      const union kvm_smram *smram)
+ {
+-	return static_call(kvm_x86_leave_smm)(emul_to_vcpu(ctxt), smstate);
+	return static_call(kvm_x86_leave_smm)(emul_to_vcpu(ctxt), smram);
+ }
+ 
+ static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt)
+@@ -9370,25 +9370,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+ 	struct kvm_segment cs, ds;
+ 	struct desc_ptr dt;
+ 	unsigned long cr0;
+-	char buf[512];
+	union kvm_smram smram;
+ 
+-	memset(buf, 0, 512);
+	memset(smram.bytes, 0, sizeof(smram.bytes));
+ #ifdef CONFIG_X86_64
+ 	if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
+-		enter_smm_save_state_64(vcpu, buf);
+		enter_smm_save_state_64(vcpu, (char *)&smram);
+ 	else
+ #endif
+-		enter_smm_save_state_32(vcpu, buf);
+		enter_smm_save_state_32(vcpu, (char *)&smram);
+ 
+ 	/*
+ 	 * Give enter_smm() a chance to make ISA-specific changes to the vCPU
+ 	 * state (e.g. leave guest mode) after we've saved the state into the
+ 	 * SMM state-save area.
+ 	 */
+-	static_call(kvm_x86_enter_smm)(vcpu, buf);
+	static_call(kvm_x86_enter_smm)(vcpu, &smram);
+ 
+ 	kvm_smm_changed(vcpu, true);
+-	kvm_vcpu_write_guest(vcpu, vcpu->arch.smbase + 0xfe00, buf, sizeof(buf));
+	kvm_vcpu_write_guest(vcpu, vcpu->arch.smbase + 0xfe00, &smram, sizeof(smram));
+ 
+ 	if (static_call(kvm_x86_get_nmi_mask)(vcpu))
+ 		vcpu->arch.hflags |= HF_SMM_INSIDE_NMI_MASK;
@@ -0,0 +1,268 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:07 +0300
+Subject: [PATCH] KVM: x86: emulator/smm: use smram struct for 32 bit smram
+ load/restore
+
+Use kvm_smram_state_32 struct to save/restore 32 bit SMM state
+(used when X86_FEATURE_LM is not present in the guest CPUID).
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/emulate.c | 81 +++++++++++++++---------------------------
+ arch/x86/kvm/x86.c     | 75 +++++++++++++++++---------------------
+ 2 files changed, 60 insertions(+), 96 deletions(-)
+
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index ae6f89b79ef2..36c45c89563c 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -2343,25 +2343,17 @@ static void rsm_set_desc_flags(struct desc_struct *desc, u32 flags)
+ 	desc->type = (flags >>  8) & 15;
+ }
+ 
+-static int rsm_load_seg_32(struct x86_emulate_ctxt *ctxt, const char *smstate,
+static void rsm_load_seg_32(struct x86_emulate_ctxt *ctxt,
+			   const struct kvm_smm_seg_state_32 *state,
+			   u16 selector,
+ 			   int n)
+ {
+ 	struct desc_struct desc;
+-	int offset;
+-	u16 selector;
+-
+-	selector = GET_SMSTATE(u32, smstate, 0x7fa8 + n * 4);
+-
+-	if (n < 3)
+-		offset = 0x7f84 + n * 12;
+-	else
+-		offset = 0x7f2c + (n - 3) * 12;
+ 
+-	set_desc_base(&desc,      GET_SMSTATE(u32, smstate, offset + 8));
+-	set_desc_limit(&desc,     GET_SMSTATE(u32, smstate, offset + 4));
+-	rsm_set_desc_flags(&desc, GET_SMSTATE(u32, smstate, offset));
+	set_desc_base(&desc,      state->base);
+	set_desc_limit(&desc,     state->limit);
+	rsm_set_desc_flags(&desc, state->flags);
+ 	ctxt->ops->set_segment(ctxt, selector, &desc, 0, n);
+-	return X86EMUL_CONTINUE;
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -2432,63 +2424,46 @@ static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,
+ }
+ 
+ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt,
+-			     const char *smstate)
+			     const struct kvm_smram_state_32 *smstate)
+ {
+-	struct desc_struct desc;
+ 	struct desc_ptr dt;
+-	u16 selector;
+-	u32 val, cr0, cr3, cr4;
+ 	int i;
+ 
+-	cr0 =                      GET_SMSTATE(u32, smstate, 0x7ffc);
+-	cr3 =                      GET_SMSTATE(u32, smstate, 0x7ff8);
+-	ctxt->eflags =             GET_SMSTATE(u32, smstate, 0x7ff4) | X86_EFLAGS_FIXED;
+-	ctxt->_eip =               GET_SMSTATE(u32, smstate, 0x7ff0);
+	ctxt->eflags =  smstate->eflags | X86_EFLAGS_FIXED;
+	ctxt->_eip =  smstate->eip;
+ 
+ 	for (i = 0; i < 8; i++)
+-		*reg_write(ctxt, i) = GET_SMSTATE(u32, smstate, 0x7fd0 + i * 4);
+-
+-	val = GET_SMSTATE(u32, smstate, 0x7fcc);
+		*reg_write(ctxt, i) = smstate->gprs[i];
+ 
+-	if (ctxt->ops->set_dr(ctxt, 6, val))
+	if (ctxt->ops->set_dr(ctxt, 6, smstate->dr6))
+ 		return X86EMUL_UNHANDLEABLE;
+-
+-	val = GET_SMSTATE(u32, smstate, 0x7fc8);
+-
+-	if (ctxt->ops->set_dr(ctxt, 7, val))
+	if (ctxt->ops->set_dr(ctxt, 7, smstate->dr7))
+ 		return X86EMUL_UNHANDLEABLE;
+ 
+-	selector =                 GET_SMSTATE(u32, smstate, 0x7fc4);
+-	set_desc_base(&desc,       GET_SMSTATE(u32, smstate, 0x7f64));
+-	set_desc_limit(&desc,      GET_SMSTATE(u32, smstate, 0x7f60));
+-	rsm_set_desc_flags(&desc,  GET_SMSTATE(u32, smstate, 0x7f5c));
+-	ctxt->ops->set_segment(ctxt, selector, &desc, 0, VCPU_SREG_TR);
+	rsm_load_seg_32(ctxt, &smstate->tr, smstate->tr_sel, VCPU_SREG_TR);
+	rsm_load_seg_32(ctxt, &smstate->ldtr, smstate->ldtr_sel, VCPU_SREG_LDTR);
+ 
+-	selector =                 GET_SMSTATE(u32, smstate, 0x7fc0);
+-	set_desc_base(&desc,       GET_SMSTATE(u32, smstate, 0x7f80));
+-	set_desc_limit(&desc,      GET_SMSTATE(u32, smstate, 0x7f7c));
+-	rsm_set_desc_flags(&desc,  GET_SMSTATE(u32, smstate, 0x7f78));
+-	ctxt->ops->set_segment(ctxt, selector, &desc, 0, VCPU_SREG_LDTR);
+ 
+-	dt.address =               GET_SMSTATE(u32, smstate, 0x7f74);
+-	dt.size =                  GET_SMSTATE(u32, smstate, 0x7f70);
+	dt.address =               smstate->gdtr.base;
+	dt.size =                  smstate->gdtr.limit;
+ 	ctxt->ops->set_gdt(ctxt, &dt);
+ 
+-	dt.address =               GET_SMSTATE(u32, smstate, 0x7f58);
+-	dt.size =                  GET_SMSTATE(u32, smstate, 0x7f54);
+	dt.address =               smstate->idtr.base;
+	dt.size =                  smstate->idtr.limit;
+ 	ctxt->ops->set_idt(ctxt, &dt);
+ 
+-	for (i = 0; i < 6; i++) {
+-		int r = rsm_load_seg_32(ctxt, smstate, i);
+-		if (r != X86EMUL_CONTINUE)
+-			return r;
+-	}
+	rsm_load_seg_32(ctxt, &smstate->es, smstate->es_sel, VCPU_SREG_ES);
+	rsm_load_seg_32(ctxt, &smstate->cs, smstate->cs_sel, VCPU_SREG_CS);
+	rsm_load_seg_32(ctxt, &smstate->ss, smstate->ss_sel, VCPU_SREG_SS);
+ 
+-	cr4 = GET_SMSTATE(u32, smstate, 0x7f14);
+	rsm_load_seg_32(ctxt, &smstate->ds, smstate->ds_sel, VCPU_SREG_DS);
+	rsm_load_seg_32(ctxt, &smstate->fs, smstate->fs_sel, VCPU_SREG_FS);
+	rsm_load_seg_32(ctxt, &smstate->gs, smstate->gs_sel, VCPU_SREG_GS);
+ 
+-	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smstate, 0x7ef8));
+	ctxt->ops->set_smbase(ctxt, smstate->smbase);
+ 
+-	return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
+	return rsm_enter_protected_mode(ctxt, smstate->cr0,
+					smstate->cr3, smstate->cr4);
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -2635,7 +2610,7 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
+ 		ret = rsm_load_state_64(ctxt, (const char *)&smram);
+ 	else
+ #endif
+-		ret = rsm_load_state_32(ctxt, (const char *)&smram);
+		ret = rsm_load_state_32(ctxt, &smram.smram32);
+ 
+ 	if (ret != X86EMUL_CONTINUE)
+ 		goto emulate_shutdown;
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 3d282bcce9ef..c6b5c0543931 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -9224,22 +9224,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
+ 	return flags;
+ }
+ 
+-static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu, char *buf, int n)
+static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
+					 struct kvm_smm_seg_state_32 *state,
+					 u32 *selector,
+					 int n)
+ {
+ 	struct kvm_segment seg;
+-	int offset;
+ 
+ 	kvm_get_segment(vcpu, &seg, n);
+-	put_smstate(u32, buf, 0x7fa8 + n * 4, seg.selector);
+-
+-	if (n < 3)
+-		offset = 0x7f84 + n * 12;
+-	else
+-		offset = 0x7f2c + (n - 3) * 12;
+-
+-	put_smstate(u32, buf, offset + 8, seg.base);
+-	put_smstate(u32, buf, offset + 4, seg.limit);
+-	put_smstate(u32, buf, offset, enter_smm_get_segment_flags(&seg));
+	*selector = seg.selector;
+	state->base = seg.base;
+	state->limit = seg.limit;
+	state->flags = enter_smm_get_segment_flags(&seg);
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -9260,54 +9256,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
+ }
+ #endif
+ 
+-static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, char *buf)
+static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_state_32 *smram)
+ {
+ 	struct desc_ptr dt;
+-	struct kvm_segment seg;
+ 	unsigned long val;
+ 	int i;
+ 
+-	put_smstate(u32, buf, 0x7ffc, kvm_read_cr0(vcpu));
+-	put_smstate(u32, buf, 0x7ff8, kvm_read_cr3(vcpu));
+-	put_smstate(u32, buf, 0x7ff4, kvm_get_rflags(vcpu));
+-	put_smstate(u32, buf, 0x7ff0, kvm_rip_read(vcpu));
+	smram->cr0     = kvm_read_cr0(vcpu);
+	smram->cr3     = kvm_read_cr3(vcpu);
+	smram->eflags  = kvm_get_rflags(vcpu);
+	smram->eip     = kvm_rip_read(vcpu);
+ 
+ 	for (i = 0; i < 8; i++)
+-		put_smstate(u32, buf, 0x7fd0 + i * 4, kvm_register_read_raw(vcpu, i));
+		smram->gprs[i] = kvm_register_read_raw(vcpu, i);
+ 
+ 	kvm_get_dr(vcpu, 6, &val);
+-	put_smstate(u32, buf, 0x7fcc, (u32)val);
+	smram->dr6     = (u32)val;
+ 	kvm_get_dr(vcpu, 7, &val);
+-	put_smstate(u32, buf, 0x7fc8, (u32)val);
+	smram->dr7     = (u32)val;
+ 
+-	kvm_get_segment(vcpu, &seg, VCPU_SREG_TR);
+-	put_smstate(u32, buf, 0x7fc4, seg.selector);
+-	put_smstate(u32, buf, 0x7f64, seg.base);
+-	put_smstate(u32, buf, 0x7f60, seg.limit);
+-	put_smstate(u32, buf, 0x7f5c, enter_smm_get_segment_flags(&seg));
+-
+-	kvm_get_segment(vcpu, &seg, VCPU_SREG_LDTR);
+-	put_smstate(u32, buf, 0x7fc0, seg.selector);
+-	put_smstate(u32, buf, 0x7f80, seg.base);
+-	put_smstate(u32, buf, 0x7f7c, seg.limit);
+-	put_smstate(u32, buf, 0x7f78, enter_smm_get_segment_flags(&seg));
+	enter_smm_save_seg_32(vcpu, &smram->tr, &smram->tr_sel, VCPU_SREG_TR);
+	enter_smm_save_seg_32(vcpu, &smram->ldtr, &smram->ldtr_sel, VCPU_SREG_LDTR);
+ 
+ 	static_call(kvm_x86_get_gdt)(vcpu, &dt);
+-	put_smstate(u32, buf, 0x7f74, dt.address);
+-	put_smstate(u32, buf, 0x7f70, dt.size);
+	smram->gdtr.base = dt.address;
+	smram->gdtr.limit = dt.size;
+ 
+ 	static_call(kvm_x86_get_idt)(vcpu, &dt);
+-	put_smstate(u32, buf, 0x7f58, dt.address);
+-	put_smstate(u32, buf, 0x7f54, dt.size);
+	smram->idtr.base = dt.address;
+	smram->idtr.limit = dt.size;
+ 
+-	for (i = 0; i < 6; i++)
+-		enter_smm_save_seg_32(vcpu, buf, i);
+	enter_smm_save_seg_32(vcpu, &smram->es, &smram->es_sel, VCPU_SREG_ES);
+	enter_smm_save_seg_32(vcpu, &smram->cs, &smram->cs_sel, VCPU_SREG_CS);
+	enter_smm_save_seg_32(vcpu, &smram->ss, &smram->ss_sel, VCPU_SREG_SS);
+ 
+-	put_smstate(u32, buf, 0x7f14, kvm_read_cr4(vcpu));
+	enter_smm_save_seg_32(vcpu, &smram->ds, &smram->ds_sel, VCPU_SREG_DS);
+	enter_smm_save_seg_32(vcpu, &smram->fs, &smram->fs_sel, VCPU_SREG_FS);
+	enter_smm_save_seg_32(vcpu, &smram->gs, &smram->gs_sel, VCPU_SREG_GS);
+ 
+-	/* revision id */
+-	put_smstate(u32, buf, 0x7efc, 0x00020000);
+-	put_smstate(u32, buf, 0x7ef8, vcpu->arch.smbase);
+	smram->cr4 = kvm_read_cr4(vcpu);
+	smram->smm_revision = 0x00020000;
+	smram->smbase = vcpu->arch.smbase;
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -9378,7 +9367,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+ 		enter_smm_save_state_64(vcpu, (char *)&smram);
+ 	else
+ #endif
+-		enter_smm_save_state_32(vcpu, (char *)&smram);
+		enter_smm_save_state_32(vcpu, &smram.smram32);
+ 
+ 	/*
+ 	 * Give enter_smm() a chance to make ISA-specific changes to the vCPU
@@ -0,0 +1,279 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:08 +0300
+Subject: [PATCH] KVM: x86: emulator/smm: use smram struct for 64 bit smram
+ load/restore
+
+Use kvm_smram_state_64 struct to save/restore the 64 bit SMM state
+(used when X86_FEATURE_LM is present in the guest CPUID,
+regardless of 32-bitness of the guest).
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/emulate.c | 88 ++++++++++++++----------------------------
+ arch/x86/kvm/x86.c     | 75 ++++++++++++++++-------------------
+ 2 files changed, 62 insertions(+), 101 deletions(-)
+
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index 36c45c89563c..eb2f5e43f6ad 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -2357,24 +2357,16 @@ static void rsm_load_seg_32(struct x86_emulate_ctxt *ctxt,
+ }
+ 
+ #ifdef CONFIG_X86_64
+-static int rsm_load_seg_64(struct x86_emulate_ctxt *ctxt, const char *smstate,
+-			   int n)
+static void rsm_load_seg_64(struct x86_emulate_ctxt *ctxt,
+			    const struct kvm_smm_seg_state_64 *state,
+			    int n)
+ {
+ 	struct desc_struct desc;
+-	int offset;
+-	u16 selector;
+-	u32 base3;
+-
+-	offset = 0x7e00 + n * 16;
+-
+-	selector =                GET_SMSTATE(u16, smstate, offset);
+-	rsm_set_desc_flags(&desc, GET_SMSTATE(u16, smstate, offset + 2) << 8);
+-	set_desc_limit(&desc,     GET_SMSTATE(u32, smstate, offset + 4));
+-	set_desc_base(&desc,      GET_SMSTATE(u32, smstate, offset + 8));
+-	base3 =                   GET_SMSTATE(u32, smstate, offset + 12);
+ 
+-	ctxt->ops->set_segment(ctxt, selector, &desc, base3, n);
+-	return X86EMUL_CONTINUE;
+	rsm_set_desc_flags(&desc, state->attributes << 8);
+	set_desc_limit(&desc,     state->limit);
+	set_desc_base(&desc,      (u32)state->base);
+	ctxt->ops->set_segment(ctxt, state->selector, &desc, state->base >> 32, n);
+ }
+ #endif
+ 
+@@ -2468,71 +2460,49 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt,
+ 
+ #ifdef CONFIG_X86_64
+ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt,
+-			     const char *smstate)
+			     const struct kvm_smram_state_64 *smstate)
+ {
+-	struct desc_struct desc;
+ 	struct desc_ptr dt;
+-	u64 val, cr0, cr3, cr4;
+-	u32 base3;
+-	u16 selector;
+ 	int i, r;
+ 
+ 	for (i = 0; i < 16; i++)
+-		*reg_write(ctxt, i) = GET_SMSTATE(u64, smstate, 0x7ff8 - i * 8);
+		*reg_write(ctxt, i) = smstate->gprs[15 - i];
+ 
+-	ctxt->_eip   = GET_SMSTATE(u64, smstate, 0x7f78);
+-	ctxt->eflags = GET_SMSTATE(u32, smstate, 0x7f70) | X86_EFLAGS_FIXED;
+	ctxt->_eip   = smstate->rip;
+	ctxt->eflags = smstate->rflags | X86_EFLAGS_FIXED;
+ 
+-	val = GET_SMSTATE(u64, smstate, 0x7f68);
+-
+-	if (ctxt->ops->set_dr(ctxt, 6, val))
+	if (ctxt->ops->set_dr(ctxt, 6, smstate->dr6))
+ 		return X86EMUL_UNHANDLEABLE;
+-
+-	val = GET_SMSTATE(u64, smstate, 0x7f60);
+-
+-	if (ctxt->ops->set_dr(ctxt, 7, val))
+	if (ctxt->ops->set_dr(ctxt, 7, smstate->dr7))
+ 		return X86EMUL_UNHANDLEABLE;
+ 
+-	cr0 =                       GET_SMSTATE(u64, smstate, 0x7f58);
+-	cr3 =                       GET_SMSTATE(u64, smstate, 0x7f50);
+-	cr4 =                       GET_SMSTATE(u64, smstate, 0x7f48);
+-	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smstate, 0x7f00));
+-	val =                       GET_SMSTATE(u64, smstate, 0x7ed0);
+	ctxt->ops->set_smbase(ctxt, smstate->smbase);
+ 
+-	if (ctxt->ops->set_msr(ctxt, MSR_EFER, val & ~EFER_LMA))
+	if (ctxt->ops->set_msr(ctxt, MSR_EFER, smstate->efer & ~EFER_LMA))
+ 		return X86EMUL_UNHANDLEABLE;
+ 
+-	selector =                  GET_SMSTATE(u32, smstate, 0x7e90);
+-	rsm_set_desc_flags(&desc,   GET_SMSTATE(u32, smstate, 0x7e92) << 8);
+-	set_desc_limit(&desc,       GET_SMSTATE(u32, smstate, 0x7e94));
+-	set_desc_base(&desc,        GET_SMSTATE(u32, smstate, 0x7e98));
+-	base3 =                     GET_SMSTATE(u32, smstate, 0x7e9c);
+-	ctxt->ops->set_segment(ctxt, selector, &desc, base3, VCPU_SREG_TR);
+	rsm_load_seg_64(ctxt, &smstate->tr, VCPU_SREG_TR);
+ 
+-	dt.size =                   GET_SMSTATE(u32, smstate, 0x7e84);
+-	dt.address =                GET_SMSTATE(u64, smstate, 0x7e88);
+	dt.size =                   smstate->idtr.limit;
+	dt.address =                smstate->idtr.base;
+ 	ctxt->ops->set_idt(ctxt, &dt);
+ 
+-	selector =                  GET_SMSTATE(u32, smstate, 0x7e70);
+-	rsm_set_desc_flags(&desc,   GET_SMSTATE(u32, smstate, 0x7e72) << 8);
+-	set_desc_limit(&desc,       GET_SMSTATE(u32, smstate, 0x7e74));
+-	set_desc_base(&desc,        GET_SMSTATE(u32, smstate, 0x7e78));
+-	base3 =                     GET_SMSTATE(u32, smstate, 0x7e7c);
+-	ctxt->ops->set_segment(ctxt, selector, &desc, base3, VCPU_SREG_LDTR);
+	rsm_load_seg_64(ctxt, &smstate->ldtr, VCPU_SREG_LDTR);
+ 
+-	dt.size =                   GET_SMSTATE(u32, smstate, 0x7e64);
+-	dt.address =                GET_SMSTATE(u64, smstate, 0x7e68);
+	dt.size =                   smstate->gdtr.limit;
+	dt.address =                smstate->gdtr.base;
+ 	ctxt->ops->set_gdt(ctxt, &dt);
+ 
+-	r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
+	r = rsm_enter_protected_mode(ctxt, smstate->cr0, smstate->cr3, smstate->cr4);
+ 	if (r != X86EMUL_CONTINUE)
+ 		return r;
+ 
+-	for (i = 0; i < 6; i++) {
+-		r = rsm_load_seg_64(ctxt, smstate, i);
+-		if (r != X86EMUL_CONTINUE)
+-			return r;
+-	}
+	rsm_load_seg_64(ctxt, &smstate->es, VCPU_SREG_ES);
+	rsm_load_seg_64(ctxt, &smstate->cs, VCPU_SREG_CS);
+	rsm_load_seg_64(ctxt, &smstate->ss, VCPU_SREG_SS);
+	rsm_load_seg_64(ctxt, &smstate->ds, VCPU_SREG_DS);
+	rsm_load_seg_64(ctxt, &smstate->fs, VCPU_SREG_FS);
+	rsm_load_seg_64(ctxt, &smstate->gs, VCPU_SREG_GS);
+ 
+ 	return X86EMUL_CONTINUE;
+ }
+@@ -2607,7 +2577,7 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
+ 
+ #ifdef CONFIG_X86_64
+ 	if (emulator_has_longmode(ctxt))
+-		ret = rsm_load_state_64(ctxt, (const char *)&smram);
+		ret = rsm_load_state_64(ctxt, &smram.smram64);
+ 	else
+ #endif
+ 		ret = rsm_load_state_32(ctxt, &smram.smram32);
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index c6b5c0543931..f309248fa888 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -9239,20 +9239,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
+ }
+ 
+ #ifdef CONFIG_X86_64
+-static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
+static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu,
+				  struct kvm_smm_seg_state_64 *state,
+				  int n)
+ {
+ 	struct kvm_segment seg;
+-	int offset;
+-	u16 flags;
+ 
+ 	kvm_get_segment(vcpu, &seg, n);
+-	offset = 0x7e00 + n * 16;
+-
+-	flags = enter_smm_get_segment_flags(&seg) >> 8;
+-	put_smstate(u16, buf, offset, seg.selector);
+-	put_smstate(u16, buf, offset + 2, flags);
+-	put_smstate(u32, buf, offset + 4, seg.limit);
+-	put_smstate(u64, buf, offset + 8, seg.base);
+	state->selector = seg.selector;
+	state->attributes = enter_smm_get_segment_flags(&seg) >> 8;
+	state->limit = seg.limit;
+	state->base = seg.base;
+ }
+ #endif
+ 
+@@ -9300,57 +9297,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+ }
+ 
+ #ifdef CONFIG_X86_64
+-static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, char *buf)
+static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_state_64 *smram)
+ {
+ 	struct desc_ptr dt;
+-	struct kvm_segment seg;
+ 	unsigned long val;
+ 	int i;
+ 
+ 	for (i = 0; i < 16; i++)
+-		put_smstate(u64, buf, 0x7ff8 - i * 8, kvm_register_read_raw(vcpu, i));
+		smram->gprs[15 - i] = kvm_register_read_raw(vcpu, i);
+
+	smram->rip    = kvm_rip_read(vcpu);
+	smram->rflags = kvm_get_rflags(vcpu);
+ 
+-	put_smstate(u64, buf, 0x7f78, kvm_rip_read(vcpu));
+-	put_smstate(u32, buf, 0x7f70, kvm_get_rflags(vcpu));
+ 
+ 	kvm_get_dr(vcpu, 6, &val);
+-	put_smstate(u64, buf, 0x7f68, val);
+	smram->dr6 = val;
+ 	kvm_get_dr(vcpu, 7, &val);
+-	put_smstate(u64, buf, 0x7f60, val);
+-
+-	put_smstate(u64, buf, 0x7f58, kvm_read_cr0(vcpu));
+-	put_smstate(u64, buf, 0x7f50, kvm_read_cr3(vcpu));
+-	put_smstate(u64, buf, 0x7f48, kvm_read_cr4(vcpu));
+	smram->dr7 = val;
+ 
+-	put_smstate(u32, buf, 0x7f00, vcpu->arch.smbase);
+	smram->cr0 = kvm_read_cr0(vcpu);
+	smram->cr3 = kvm_read_cr3(vcpu);
+	smram->cr4 = kvm_read_cr4(vcpu);
+ 
+-	/* revision id */
+-	put_smstate(u32, buf, 0x7efc, 0x00020064);
+	smram->smbase = vcpu->arch.smbase;
+	smram->smm_revison = 0x00020064;
+ 
+-	put_smstate(u64, buf, 0x7ed0, vcpu->arch.efer);
+	smram->efer = vcpu->arch.efer;
+ 
+-	kvm_get_segment(vcpu, &seg, VCPU_SREG_TR);
+-	put_smstate(u16, buf, 0x7e90, seg.selector);
+-	put_smstate(u16, buf, 0x7e92, enter_smm_get_segment_flags(&seg) >> 8);
+-	put_smstate(u32, buf, 0x7e94, seg.limit);
+-	put_smstate(u64, buf, 0x7e98, seg.base);
+	enter_smm_save_seg_64(vcpu, &smram->tr, VCPU_SREG_TR);
+ 
+ 	static_call(kvm_x86_get_idt)(vcpu, &dt);
+-	put_smstate(u32, buf, 0x7e84, dt.size);
+-	put_smstate(u64, buf, 0x7e88, dt.address);
+	smram->idtr.limit = dt.size;
+	smram->idtr.base = dt.address;
+ 
+-	kvm_get_segment(vcpu, &seg, VCPU_SREG_LDTR);
+-	put_smstate(u16, buf, 0x7e70, seg.selector);
+-	put_smstate(u16, buf, 0x7e72, enter_smm_get_segment_flags(&seg) >> 8);
+-	put_smstate(u32, buf, 0x7e74, seg.limit);
+-	put_smstate(u64, buf, 0x7e78, seg.base);
+	enter_smm_save_seg_64(vcpu, &smram->ldtr, VCPU_SREG_LDTR);
+ 
+ 	static_call(kvm_x86_get_gdt)(vcpu, &dt);
+-	put_smstate(u32, buf, 0x7e64, dt.size);
+-	put_smstate(u64, buf, 0x7e68, dt.address);
+	smram->gdtr.limit = dt.size;
+	smram->gdtr.base = dt.address;
+ 
+-	for (i = 0; i < 6; i++)
+-		enter_smm_save_seg_64(vcpu, buf, i);
+	enter_smm_save_seg_64(vcpu, &smram->es, VCPU_SREG_ES);
+	enter_smm_save_seg_64(vcpu, &smram->cs, VCPU_SREG_CS);
+	enter_smm_save_seg_64(vcpu, &smram->ss, VCPU_SREG_SS);
+	enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS);
+	enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS);
+	enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS);
+ }
+ #endif
+ 
+@@ -9364,7 +9355,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+ 	memset(smram.bytes, 0, sizeof(smram.bytes));
+ #ifdef CONFIG_X86_64
+ 	if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
+-		enter_smm_save_state_64(vcpu, (char *)&smram);
+		enter_smm_save_state_64(vcpu, &smram.smram64);
+ 	else
+ #endif
+ 		enter_smm_save_state_32(vcpu, &smram.smram32);
@@ -0,0 +1,98 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:09 +0300
+Subject: [PATCH] KVM: x86: SVM: use smram structs
+
+This removes the last user of put_smstate/GET_SMSTATE so
+remove these functions as well.
+
+Also add a sanity check that we don't attempt to enter the SMM
+on non long mode capable guest CPU with a running nested guest.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/include/asm/kvm_host.h |  6 ------
+ arch/x86/kvm/svm/svm.c          | 21 ++++++---------------
+ 2 files changed, 6 insertions(+), 21 deletions(-)
+
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index 4b1514a174b0..95d609e67dd0 100644
+--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
+@@ -1936,12 +1936,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
+ #endif
+ }
+ 
+-#define put_smstate(type, buf, offset, val)                      \
+-	*(type *)((buf) + (offset) - 0x7e00) = val
+-
+-#define GET_SMSTATE(type, buf, offset)		\
+-	(*(type *)((buf) + (offset) - 0x7e00))
+-
+ int kvm_cpu_dirty_log_size(void);
+ 
+ int alloc_all_memslots_rmaps(struct kvm *kvm);
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index 76a35d939b9f..ba3861d5114b 100644
+--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
+@@ -4334,15 +4334,11 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+ 	struct kvm_host_map map_save;
+ 	int ret;
+ 
+-	char *smstate = (char *)smram;
+-
+ 	if (!is_guest_mode(vcpu))
+ 		return 0;
+ 
+-	/* FED8h - SVM Guest */
+-	put_smstate(u64, smstate, 0x7ed8, 1);
+-	/* FEE0h - SVM Guest VMCB Physical Address */
+-	put_smstate(u64, smstate, 0x7ee0, svm->nested.vmcb12_gpa);
+	smram->smram64.svm_guest_flag = 1;
+	smram->smram64.svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;
+ 
+ 	svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
+ 	svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
+@@ -4381,28 +4377,23 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+ {
+ 	struct vcpu_svm *svm = to_svm(vcpu);
+ 	struct kvm_host_map map, map_save;
+-	u64 saved_efer, vmcb12_gpa;
+ 	struct vmcb *vmcb12;
+ 	int ret;
+ 
+-	const char *smstate = (const char *)smram;
+-
+ 	if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
+ 		return 0;
+ 
+ 	/* Non-zero if SMI arrived while vCPU was in guest mode. */
+-	if (!GET_SMSTATE(u64, smstate, 0x7ed8))
+	if (!smram->smram64.svm_guest_flag)
+ 		return 0;
+ 
+ 	if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
+ 		return 1;
+ 
+-	saved_efer = GET_SMSTATE(u64, smstate, 0x7ed0);
+-	if (!(saved_efer & EFER_SVME))
+	if (!(smram->smram64.efer & EFER_SVME))
+ 		return 1;
+ 
+-	vmcb12_gpa = GET_SMSTATE(u64, smstate, 0x7ee0);
+-	if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map) == -EINVAL)
+	if (kvm_vcpu_map(vcpu, gpa_to_gfn(smram->smram64.svm_guest_vmcb_gpa), &map) == -EINVAL)
+ 		return 1;
+ 
+ 	ret = 1;
+@@ -4427,7 +4418,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+ 
+ 	vmcb12 = map.hva;
+ 	nested_load_control_from_vmcb12(svm, &vmcb12->control);
+-	ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);
+	ret = enter_svm_guest_mode(vcpu, smram->smram64.svm_guest_vmcb_gpa, vmcb12, false);
+ 
+ 	if (ret)
+ 		goto unmap_save;
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:10 +0300
+Subject: [PATCH] KVM: x86: SVM: don't save SVM state to SMRAM when VM is not
+ long mode capable
+
+When the guest CPUID doesn't have support for long mode, 32 bit SMRAM
+layout is used and it has no support for preserving EFER and/or SVM
+state.
+
+Note that this isn't relevant to running 32 bit guests on VM which is
+long mode capable - such VM can still run 32 bit guests in compatibility
+mode.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/svm/svm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index ba3861d5114b..ebbd2d3b4e53 100644
+--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
+@@ -4337,6 +4337,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+ 	if (!is_guest_mode(vcpu))
+ 		return 0;
+ 
+	/*
+	 * 32 bit SMRAM format doesn't preserve EFER and SVM state.
+	 * SVM should not be enabled by the userspace without marking
+	 * the CPU as at least long mode capable.
+	 */
+
+	if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
+		return 1;
+
+ 	smram->smram64.svm_guest_flag = 1;
+ 	smram->smram64.svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;
+ 
@@ -0,0 +1,180 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Wed, 3 Aug 2022 18:50:11 +0300
+Subject: [PATCH] KVM: x86: emulator/smm: preserve interrupt shadow in SMRAM
+
+When #SMI is asserted, the CPU can be in interrupt shadow
+due to sti or mov ss.
+
+It is not mandatory in  Intel/AMD prm to have the #SMI
+blocked during the shadow, and on top of
+that, since neither SVM nor VMX has true support for SMI
+window, waiting for one instruction would mean single stepping
+the guest.
+
+Instead, allow #SMI in this case, but both reset the interrupt
+window and stash its value in SMRAM to restore it on exit
+from SMM.
+
+This fixes rare failures seen mostly on windows guests on VMX,
+when #SMI falls on the sti instruction which mainfest in
+VM entry failure due to EFLAGS.IF not being set, but STI interrupt
+window still being set in the VMCS.
+
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/emulate.c     | 17 ++++++++++++++---
+ arch/x86/kvm/kvm_emulate.h | 10 ++++++----
+ arch/x86/kvm/x86.c         | 12 ++++++++++++
+ 3 files changed, 32 insertions(+), 7 deletions(-)
+
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index eb2f5e43f6ad..7f5710c34f4e 100644
+--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
+@@ -2419,7 +2419,7 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt,
+ 			     const struct kvm_smram_state_32 *smstate)
+ {
+ 	struct desc_ptr dt;
+-	int i;
+	int i, r;
+ 
+ 	ctxt->eflags =  smstate->eflags | X86_EFLAGS_FIXED;
+ 	ctxt->_eip =  smstate->eip;
+@@ -2454,8 +2454,16 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt,
+ 
+ 	ctxt->ops->set_smbase(ctxt, smstate->smbase);
+ 
+-	return rsm_enter_protected_mode(ctxt, smstate->cr0,
+-					smstate->cr3, smstate->cr4);
+	r = rsm_enter_protected_mode(ctxt, smstate->cr0,
+				     smstate->cr3, smstate->cr4);
+
+	if (r != X86EMUL_CONTINUE)
+		return r;
+
+	ctxt->ops->set_int_shadow(ctxt, 0);
+	ctxt->interruptibility = (u8)smstate->int_shadow;
+
+	return X86EMUL_CONTINUE;
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -2504,6 +2512,9 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt,
+ 	rsm_load_seg_64(ctxt, &smstate->fs, VCPU_SREG_FS);
+ 	rsm_load_seg_64(ctxt, &smstate->gs, VCPU_SREG_GS);
+ 
+	ctxt->ops->set_int_shadow(ctxt, 0);
+	ctxt->interruptibility = (u8)smstate->int_shadow;
+
+ 	return X86EMUL_CONTINUE;
+ }
+ #endif
+diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h
+index 3b37b3e17379..a64c190abf28 100644
+--- a/arch/x86/kvm/kvm_emulate.h
+++ b/arch/x86/kvm/kvm_emulate.h
+@@ -231,6 +231,7 @@ struct x86_emulate_ops {
+ 	bool (*guest_has_rdpid)(struct x86_emulate_ctxt *ctxt);
+ 
+ 	void (*set_nmi_mask)(struct x86_emulate_ctxt *ctxt, bool masked);
+	void (*set_int_shadow)(struct x86_emulate_ctxt *ctxt, u8 shadow);
+ 
+ 	unsigned (*get_hflags)(struct x86_emulate_ctxt *ctxt);
+ 	void (*exiting_smm)(struct x86_emulate_ctxt *ctxt);
+@@ -497,7 +498,8 @@ struct kvm_smram_state_32 {
+ 	u32 reserved1[62];
+ 	u32 smbase;
+ 	u32 smm_revision;
+-	u32 reserved2[5];
+	u32 reserved2[4];
+	u32 int_shadow; /* KVM extension */
+ 	u32 cr4; /* CR4 is not present in Intel/AMD SMRAM image */
+ 	u32 reserved3[5];
+ 
+@@ -545,6 +547,7 @@ static inline void __check_smram32_offsets(void)
+ 	__CHECK_SMRAM32_OFFSET(smbase,		0xFEF8);
+ 	__CHECK_SMRAM32_OFFSET(smm_revision,	0xFEFC);
+ 	__CHECK_SMRAM32_OFFSET(reserved2,	0xFF00);
+	__CHECK_SMRAM32_OFFSET(int_shadow,	0xFF10);
+ 	__CHECK_SMRAM32_OFFSET(cr4,		0xFF14);
+ 	__CHECK_SMRAM32_OFFSET(reserved3,	0xFF18);
+ 	__CHECK_SMRAM32_OFFSET(ds,		0xFF2C);
+@@ -604,7 +607,7 @@ struct kvm_smram_state_64 {
+ 	u64 io_restart_rsi;
+ 	u64 io_restart_rdi;
+ 	u32 io_restart_dword;
+-	u32 reserved1;
+	u32 int_shadow;
+ 	u8 io_inst_restart;
+ 	u8 auto_hlt_restart;
+ 	u8 reserved2[6];
+@@ -642,7 +645,6 @@ struct kvm_smram_state_64 {
+ 	u64 gprs[16]; /* GPRS in a reversed "natural" X86 order (R15/R14/../RCX/RAX.) */
+ };
+ 
+-
+ static inline void __check_smram64_offsets(void)
+ {
+ #define __CHECK_SMRAM64_OFFSET(field, offset) \
+@@ -663,7 +665,7 @@ static inline void __check_smram64_offsets(void)
+ 	__CHECK_SMRAM64_OFFSET(io_restart_rsi,		0xFEB0);
+ 	__CHECK_SMRAM64_OFFSET(io_restart_rdi,		0xFEB8);
+ 	__CHECK_SMRAM64_OFFSET(io_restart_dword,	0xFEC0);
+-	__CHECK_SMRAM64_OFFSET(reserved1,		0xFEC4);
+	__CHECK_SMRAM64_OFFSET(int_shadow,		0xFEC4);
+ 	__CHECK_SMRAM64_OFFSET(io_inst_restart,		0xFEC8);
+ 	__CHECK_SMRAM64_OFFSET(auto_hlt_restart,	0xFEC9);
+ 	__CHECK_SMRAM64_OFFSET(reserved2,		0xFECA);
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index f309248fa888..4ea0e8112c42 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -7476,6 +7476,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
+ 	static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked);
+ }
+ 
+static void emulator_set_int_shadow(struct x86_emulate_ctxt *ctxt, u8 shadow)
+{
+	 static_call(kvm_x86_set_interrupt_shadow)(emul_to_vcpu(ctxt), shadow);
+}
+
+ static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
+ {
+ 	return emul_to_vcpu(ctxt)->arch.hflags;
+@@ -7545,6 +7550,7 @@ static const struct x86_emulate_ops emulate_ops = {
+ 	.guest_has_fxsr      = emulator_guest_has_fxsr,
+ 	.guest_has_rdpid     = emulator_guest_has_rdpid,
+ 	.set_nmi_mask        = emulator_set_nmi_mask,
+	.set_int_shadow      = emulator_set_int_shadow,
+ 	.get_hflags          = emulator_get_hflags,
+ 	.exiting_smm         = emulator_exiting_smm,
+ 	.leave_smm           = emulator_leave_smm,
+@@ -9294,6 +9300,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+ 	smram->cr4 = kvm_read_cr4(vcpu);
+ 	smram->smm_revision = 0x00020000;
+ 	smram->smbase = vcpu->arch.smbase;
+
+	smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu);
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -9342,6 +9350,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+ 	enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS);
+ 	enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS);
+ 	enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS);
+
+	smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu);
+ }
+ #endif
+ 
+@@ -9378,6 +9388,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+ 	kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
+ 	kvm_rip_write(vcpu, 0x8000);
+ 
+	static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0);
+
+ 	cr0 = vcpu->arch.cr0 & ~(X86_CR0_PE | X86_CR0_EM | X86_CR0_TS | X86_CR0_PG);
+ 	static_call(kvm_x86_set_cr0)(vcpu, cr0);
+ 	vcpu->arch.cr0 = cr0;