update submodules

2024-07-02 01:19:26 +03:00 · 2024-07-02 01:18:13 +03:00 · 2024-07-02 01:01:54 +03:00 · 2024-07-02 00:59:07 +03:00 · 2024-07-02 00:29:43 +03:00 · 2024-07-02 00:15:58 +03:00
45 changed files with 31079 additions and 28445 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 ubuntu-zesty
 *.prepared
 .*/
--- a/.gitmodules
+++ b/.gitmodules
@ -1,6 +1,6 @@
 [submodule "submodules/zfsonlinux"]
 	path = submodules/zfsonlinux
 	url = ../zfsonlinux
 [submodule "submodules/ubuntu-kernel"]
 	path = submodules/ubuntu-kernel
-	url = ../mirror_ubuntu-kernels
+	url = https://dev.lirent.ru/c/mirror_ubuntu-kernels.git
 [submodule "submodules/zfsonlinux"]
 	path = submodules/zfsonlinux
 	url = https://dev.lirent.ru/c/zfsonlinux.git
--- a/170
+++ b/170
@ -1,110 +1,134 @@
-# also bump pve-kernel-meta if either of MAJ.MIN, PATCHLEVEL or KREL change
+include /usr/share/dpkg/pkg-info.mk
 # also bump proxmox-kernel-meta if the default MAJ.MIN version changes!
 KERNEL_MAJ=6
-KERNEL_MIN=2
+KERNEL_MIN=8
-KERNEL_PATCHLEVEL=6
+KERNEL_PATCHLEVEL=8
-# increment KREL if the ABI changes (abicheck target in debian/rules)
+# increment KREL for every published package release!
 # rebuild packages with new KREL and run 'make abiupdate'
 KREL=2
 PKGREL=2~secureboot1
 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
 KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
-EXTRAVERSION=-${KREL}-pve
+EXTRAVERSION=-$(KREL)-pve
-KVNAME=${KERNEL_VER}${EXTRAVERSION}
+KVNAME=$(KERNEL_VER)$(EXTRAVERSION)
-PACKAGE=pve-kernel-${KVNAME}
+PACKAGE=proxmox-kernel-$(KVNAME)
-HDRPACKAGE=pve-headers-${KVNAME}
+HDRPACKAGE=proxmox-headers-$(KVNAME)
 ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
 # amd64/x86_64/x86 share the arch subdirectory in the kernel, 'x86' so we need
 # a mapping
 KERNEL_ARCH=x86
-ifneq (${ARCH}, amd64)
+ifneq ($(ARCH), amd64)
-KERNEL_ARCH=${ARCH}
+KERNEL_ARCH=$(ARCH)
 endif
 GITVERSION:=$(shell git rev-parse HEAD)
 SKIPABI=0
-BUILD_DIR=build
+BUILD_DIR=proxmox-kernel-$(KERNEL_VER)
 KERNEL_SRC=ubuntu-kernel
 KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC)
-KERNEL_CFG_ORG=config-${KERNEL_VER}.org
+KERNEL_CFG_ORG=config-$(KERNEL_VER).org
 ZFSONLINUX_SUBMODULE=submodules/zfsonlinux
 ZFSDIR=pkg-zfs
 MODULES=modules
-MODULE_DIRS=${ZFSDIR}
+MODULE_DIRS=$(ZFSDIR)
 # exported to debian/rules via debian/rules.d/dirs.mk
 DIRS=KERNEL_SRC ZFSDIR MODULES
-DST_DEB=${PACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
+DSC=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL).dsc
-HDR_DEB=${HDRPACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
+DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-USR_HDR_DEB=pve-kernel-libc-dev_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
+SIGNED_TEMPLATE_DEB=$(PACKAGE)-signed-template_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
+META_DEB=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
-LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
+HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
 META_HDR_DEB=proxmox-headers-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
 USR_HDR_DEB=proxmox-kernel-libc-dev_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
 LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
 LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
-DEBS=${DST_DEB} ${HDR_DEB} ${LINUX_TOOLS_DEB} ${LINUX_TOOLS_DBG_DEB} # ${USR_HDR_DEB}
+DEBS=$(DST_DEB) $(META_DEB) $(HDR_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) $(SIGNED_TEMPLATE_DEB) # $(USR_HDR_DEB)
 all: deb
-deb: ${DEBS}
+deb: $(DEBS)
-${LINUX_TOOLS_DEB} ${HDR_DEB}: ${DST_DEB}
+$(META_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB)
-${DST_DEB}: ${BUILD_DIR}.prepared
+$(DST_DEB): $(BUILD_DIR).prepared
-	cd ${BUILD_DIR}; dpkg-buildpackage --jobs=auto -b -uc -us
+	cd $(BUILD_DIR); dpkg-buildpackage --jobs=auto -b -uc -us
-	lintian ${DST_DEB}
+	lintian $(DST_DEB)
-	#lintian ${HDR_DEB}
+	#lintian $(HDR_DEB)
-	lintian ${LINUX_TOOLS_DEB}
+	lintian $(LINUX_TOOLS_DEB)
-${BUILD_DIR}.prepared: $(addsuffix .prepared,${KERNEL_SRC} ${MODULES} debian)
+dsc:
-	cp -a fwlist-previous ${BUILD_DIR}/
+	$(MAKE) $(DSC)
-	cp -a abi-prev-* ${BUILD_DIR}/
+	lintian $(DSC)
-	cp -a abi-blacklist ${BUILD_DIR}/
+
 $(DSC): $(BUILD_DIR).prepared
 	cd $(BUILD_DIR); dpkg-buildpackage -S -uc -us -d
 sbuild: $(DSC)
 	sbuild $(DSC)
 $(BUILD_DIR).prepared: $(addsuffix .prepared,$(KERNEL_SRC) $(MODULES) debian)
 	cp -a fwlist-previous $(BUILD_DIR)/
 	cp -a abi-prev-* $(BUILD_DIR)/
 	cp -a abi-blacklist $(BUILD_DIR)/
 	touch $@
 .PHONY: build-dir-fresh
 build-dir-fresh:
 	$(MAKE) clean
 	$(MAKE) $(BUILD_DIR).prepared
 	echo "created build-directory: $(BUILD_DIR).prepared/"
 debian.prepared: debian
-	rm -rf ${BUILD_DIR}/debian
+	rm -rf $(BUILD_DIR)/debian
-	mkdir -p ${BUILD_DIR}
+	mkdir -p $(BUILD_DIR)
-	cp -a debian ${BUILD_DIR}/debian
+	cp -a debian $(BUILD_DIR)/debian
-	echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > ${BUILD_DIR}/debian/SOURCE
+	echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout $(shell git rev-parse HEAD)" \
-	@$(foreach dir, ${DIRS},echo "${dir}=${${dir}}" >> ${BUILD_DIR}/debian/rules.d/env.mk;)
+	    >$(BUILD_DIR)/debian/SOURCE
-	echo "KVNAME=${KVNAME}" >> ${BUILD_DIR}/debian/rules.d/env.mk
+	@$(foreach dir, $(DIRS),echo "$(dir)=$($(dir))" >> $(BUILD_DIR)/debian/rules.d/env.mk;)
-	echo "KERNEL_MAJMIN=${KERNEL_MAJMIN}" >> ${BUILD_DIR}/debian/rules.d/env.mk
+	echo "KVNAME=$(KVNAME)" >> $(BUILD_DIR)/debian/rules.d/env.mk
-	cd ${BUILD_DIR}; debian/rules debian/control
+	echo "KERNEL_MAJMIN=$(KERNEL_MAJMIN)" >> $(BUILD_DIR)/debian/rules.d/env.mk
 	cd $(BUILD_DIR); debian/rules debian/control
 	touch $@
-${KERNEL_SRC}.prepared: ${KERNEL_SRC_SUBMODULE} | submodule
+$(KERNEL_SRC).prepared: $(KERNEL_SRC_SUBMODULE) | submodule
-	rm -rf ${BUILD_DIR}/${KERNEL_SRC} $@
+	rm -rf $(BUILD_DIR)/$(KERNEL_SRC) $@
-	mkdir -p ${BUILD_DIR}
+	mkdir -p $(BUILD_DIR)
-	cp -a ${KERNEL_SRC_SUBMODULE} ${BUILD_DIR}/${KERNEL_SRC}
+	cp -a $(KERNEL_SRC_SUBMODULE) $(BUILD_DIR)/$(KERNEL_SRC)
 # TODO: split for archs, track and diff in our repository?
-	cd ${BUILD_DIR}/${KERNEL_SRC}; python3 debian/scripts/misc/annotations --arch amd64 --export >../../${KERNEL_CFG_ORG}
+	cd $(BUILD_DIR)/$(KERNEL_SRC); python3 debian/scripts/misc/annotations --arch amd64 --export >../../$(KERNEL_CFG_ORG)
-	cp ${KERNEL_CFG_ORG} ${BUILD_DIR}/${KERNEL_SRC}/.config
+	cp $(KERNEL_CFG_ORG) $(BUILD_DIR)/$(KERNEL_SRC)/.config
-	sed -i ${BUILD_DIR}/${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
+	sed -i $(BUILD_DIR)/$(KERNEL_SRC)/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=$(EXTRAVERSION)/'
-	rm -rf ${BUILD_DIR}/${KERNEL_SRC}/debian ${BUILD_DIR}/${KERNEL_SRC}/debian.master
+	rm -rf $(BUILD_DIR)/$(KERNEL_SRC)/debian $(BUILD_DIR)/$(KERNEL_SRC)/debian.master
-	set -e; cd ${BUILD_DIR}/${KERNEL_SRC}; for patch in ../../patches/kernel/*.patch; do echo "applying patch '$$patch'" && patch -p1 < $${patch}; done
+	set -e; cd $(BUILD_DIR)/$(KERNEL_SRC); \
 	  for patch in ../../patches/kernel/*.patch; do \
 	    echo "applying patch '$$patch'"; \
 	    patch --batch -p1 < "$${patch}"; \
 	  done
 	touch $@
-${MODULES}.prepared: $(addsuffix .prepared,${MODULE_DIRS})
+$(MODULES).prepared: $(addsuffix .prepared,$(MODULE_DIRS))
 	touch $@
-${ZFSDIR}.prepared: ${ZFSONLINUX_SUBMODULE}
+$(ZFSDIR).prepared: $(ZFSONLINUX_SUBMODULE)
-	rm -rf ${BUILD_DIR}/${MODULES}/${ZFSDIR} ${BUILD_DIR}/${MODULES}/tmp $@
+	rm -rf $(BUILD_DIR)/$(MODULES)/$(ZFSDIR) $(BUILD_DIR)/$(MODULES)/tmp $@
-	mkdir -p ${BUILD_DIR}/${MODULES}/tmp
+	mkdir -p $(BUILD_DIR)/$(MODULES)/tmp
-	cp -a ${ZFSONLINUX_SUBMODULE}/* ${BUILD_DIR}/${MODULES}/tmp
+	cp -a $(ZFSONLINUX_SUBMODULE)/* $(BUILD_DIR)/$(MODULES)/tmp
-	cd ${BUILD_DIR}/${MODULES}/tmp; make kernel
+	cd $(BUILD_DIR)/$(MODULES)/tmp; make kernel
-	rm -rf ${BUILD_DIR}/${MODULES}/tmp
+	rm -rf $(BUILD_DIR)/$(MODULES)/tmp
-	touch ${ZFSDIR}.prepared
+	touch $(ZFSDIR).prepared
 .PHONY: upload
-upload: ${DEBS}
+upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION)
-	tar cf - ${DEBS}|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist bullseye --arch ${ARCH}
+upload: $(DEBS)
 	tar cf - $(DEBS)|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist $(UPLOAD_DIST) --arch $(ARCH)
 .PHONY: distclean
 distclean: clean
@ -114,18 +138,18 @@ distclean: clean
 .PHONY: update_modules
 update_modules: submodule
 	git submodule foreach 'git pull --ff-only origin master'
-	cd ${ZFSONLINUX_SUBMODULE}; git pull --ff-only origin master
+	cd $(ZFSONLINUX_SUBMODULE); git pull --ff-only origin master
 # make sure submodules were initialized
 .PHONY: submodule
 submodule:
-	test -f "${KERNEL_SRC_SUBMODULE}/README" || git submodule update --init ${KERNEL_SRC_SUBMODULE}
+	test -f "$(KERNEL_SRC_SUBMODULE)/README" || git submodule update --init $(KERNEL_SRC_SUBMODULE)
-	test -f "${ZFSONLINUX_SUBMODULE}/Makefile" || git submodule update --init --recursive ${ZFSONLINUX_SUBMODULE}
+	test -f "$(ZFSONLINUX_SUBMODULE)/Makefile" || git submodule update --init --recursive $(ZFSONLINUX_SUBMODULE)
 # call after ABI bump with header deb in working directory
 .PHONY: abiupdate
-abiupdate: abi-prev-${KVNAME}
+abiupdate: abi-prev-$(KVNAME)
-abi-prev-${KVNAME}: abi-tmp-${KVNAME}
+abi-prev-$(KVNAME): abi-tmp-$(KVNAME)
 ifneq ($(strip $(shell git status --untracked-files=no --porcelain -z)),)
 	@echo "working directory unclean, aborting!"
 	@false
@ -133,15 +157,15 @@ else
 	git rm "abi-prev-*"
 	mv $< $@
 	git add $@
-	git commit -s -m "update ABI file for ${KVNAME}" -m "(generated with debian/scripts/abi-generate)"
+	git commit -s -m "update ABI file for $(KVNAME)" -m "(generated with debian/scripts/abi-generate)"
-	@echo "update abi-prev-${KVNAME} committed!"
+	@echo "update abi-prev-$(KVNAME) committed!"
 endif
-abi-tmp-${KVNAME}:
+abi-tmp-$(KVNAME):
-	@ test -e ${HDR_DEB} || (echo "need ${HDR_DEB} to extract ABI data!" && false)
+	@ test -e $(HDR_DEB) || (echo "need $(HDR_DEB) to extract ABI data!" && false)
-	debian/scripts/abi-generate ${HDR_DEB} $@ ${KVNAME} 1
+	debian/scripts/abi-generate $(HDR_DEB) $@ $(KVNAME) 1
 .PHONY: clean
 clean:
-	rm -rf *~ build *.prepared ${KERNEL_CFG_ORG}
+	rm -rf *~ proxmox-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG)
-	rm -f *.deb *.changes *.buildinfo
+	rm -f *.deb *.dsc *.changes *.buildinfo *.build proxmox-kernel*.tar.*
--- a/89
+++ b/89
@ -24,6 +24,67 @@ Additional/Updated Modules:
  For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
 BUILD
 =====
 As this is packaging for the Linux kernel with some extra integrations, like
 ZFS, this repo cannot be handled like a plain Linux kernel git repository.
 The actual Linux kernel source lives in a git submodule.
 For a build you should init the submodules and then handle it like most our
 Debian packaging builds. If unsure you can follow this:
 Installing Build-Dependencies
 -----------------------------
 You can either just check the package metadata template `debian/control.in`
 and install the packages listed in the `Build-Depends` section manually
 (replace `debhelper-compat` with just `debhelper`) or use a more automated way
 described below:
 # install base build-dependencies and helpers
 apt update
 apt install devscripts
 # create build-directory so that we got final packaging control files from the
 # .in templates generated
 make build-dir-fresh
 # install build-dependencies (replace BUILD-DIR with actual one)
 mk-build-deps -ir BUILD-DIR/debian/control
 Package Build
 -------------
 # start the actual build
 make deb
 For simple KConfig modifications you can adapt the list in `debian/rules` file.
 For quick code changes to the actual kernel code you can do them directly in
 the submodule/ubuntu-kernels directory, then re-create the build-directory, e.g.:
 make clean
 # now build again, explicitly creating the build-dir isn't required anymore
 # after one has the build-dependencies already installed.
 make deb
 Modify-Build-Test Cycles
 ------------------------
 Ideally you avoid the need for doing a full package build and just directly
 build linux from the ubuntu-kernels or the mainline (stable) repo with copying
 over a build-config of a proxmox-kernel to that as .config and then using the
 `make olddefconfig` target.
 If you need full package builds you can try to make changes inside the
 BUILD-DIR directly and then continue build from there, e.g., using
 `dpkg-buildpackage -b -uc -us --no-pre-clean`. Depending on what stage you want
 to continue build you might need to touch, or remove some *.prepared files.
 Just check `debian/rules` for how kernel build progress is tracked by make.
 SUBMODULE
 =========
@ -60,14 +121,26 @@ top level meta package, depends on current default kernel series meta package.
 git clone git://git.proxmox.com/git/proxmox-ve.git
-pve-kernel-meta
+proxmox-default-kernel
---------------
+----------------------
-Depends on latest kernel and header package within a certain kernel series,
+Depends on default kernel and header meta package, e.g., proxmox-kernel-6.2 /
-e.g., pve-kernel-5.15 / pve-headers-5.15
+proxmox-headers-6.2.
 git clone git://git.proxmox.com/git/pve-kernel-meta.git
 proxmox-kernel-X.Y
 ------------------
 Depends on the latest kernel (or header, in case of proxmox-headers-X.Y)
 package within a certain series.
 e.g., proxmox-kernel-6.2 depends on proxmox-kernel-6.2.16-6-pve
 NOTE: Since Proxmox VE 8, based on Debian 12 Bookworm, the kernel ABI is bumped
 with every version bump due to module signing. Since then the meta package was
 pulled into the kernel repo, before that it lived in pve-kernel-meta.git.
 pve-firmware
 ------------
@ -99,18 +172,18 @@ Watchdog blacklist
 By default, all watchdog modules are black-listed because it is totally undefined
 which device is actually used for /dev/watchdog.
-We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
+We ship this list in /lib/modprobe.d/blacklist_proxmox-kernel-<VERSION>.conf
 The user typically edit /etc/modules to enable a specific watchdog device.
 Debug kernel and modules
 ------------------------
 In order to build a -dbgsym package containing an unstripped copy of the kernel
-image and modules, enable the 'pkg.pve-kernel.debug' build profile (e.g. by
+image and modules, enable the 'pkg.proxmox-kernel.debug' build profile (e.g. by
-exporting DEB_BUILD_PROFILES='pkg.pve-kernel.debug'). The resulting package can
+exporting DEB_BUILD_PROFILES='pkg.proxmox-kernel.debug'). The resulting package can
 be used together with 'crash'/'kdump-tools' to debug kernel crashes.
-Note: the -dbgsym package is only valid for the pve-kernel packages produced by
+Note: the -dbgsym package is only valid for the proxmox-kernel packages produced by
 the same build. A kernel/module from a different build will likely not match,
 even if both builds are of the same kernel and package version.
--- a/abi-prev-6.2.6-1-pve
+++ b/abi-prev-6.2.6-1-pve
--- a/abi-prev-6.8.8-2-pve
+++ b/abi-prev-6.8.8-2-pve
--- a/debian/changelog
+++ b/debian/changelog
@ -1,8 +1,371 @@
-pve-kernel (6.2.6-2~secureboot1) bullseye; urgency=medium
+proxmox-kernel-6.8 (6.8.8-2) bookworm; urgency=medium
-  * test build with lockdown, trusted key and module signing
+  * fix #5448: support SCSI controllers with bad VDP page length encoding again
- -- Proxmox Support Team <support@proxmox.com>  Thu, 16 Mar 2023 14:56:01 +0100
+  * fix #5554: improve e1000e stability on cable reconnection
  * cherry-pick "virtio-pci: Check if is_avq is NULL"
 -- Proxmox Support Team <support@proxmox.com>  Mon, 24 Jun 2024 11:00:48 +0200
 proxmox-kernel-6.8 (6.8.8-1) bookworm; urgency=medium
  * update fix for managing block flush queue list to avioid a regression with
    LVM
  * update sources to Ubuntu-6.8.0-38.38 based on Linux 6.8.8
 -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Jun 2024 13:42:20 +0200
 proxmox-kernel-6.8 (6.8.4-4) bookworm; urgency=medium
  * update ZFS to 2.2.4
  * backport fix for NFS memory leak on mount that can add up if there are
    many mount operations
  * backport fix for managing block flush queue list, resolving a potential
    crash due to dereferebcing a NULL pointer with, e.g., the
    blk_flush_complete_seq function in the stack trace of the error.
 -- Proxmox Support Team <support@proxmox.com>  Tue, 04 Jun 2024 12:37:16 +0200
 proxmox-kernel-6.8 (6.8.4-3) bookworm; urgency=medium
  *  update sources and patches to Ubuntu-6.8.0-32.32
 -- Proxmox Support Team <support@proxmox.com>  Thu, 02 May 2024 13:55:46 +0200
 proxmox-kernel-6.8 (6.8.4-2) bookworm; urgency=medium
  * patch apparmor to make it cope with recvmsg returning EINVAL
 -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Apr 2024 19:36:43 +0200
 proxmox-kernel-6.8 (6.8.4-1) bookworm; urgency=medium
  * update sources to Ubuntu-6.8.0-23.23 based on v6.8.4 upstream stable
    release
 -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Apr 2024 17:49:22 +0200
 proxmox-kernel-6.8 (6.8.1-1) bookworm; urgency=medium
  * update submodule and patches for 24.04 Noble based kernel with tag
    Ubuntu-6.8.0-20.20
 -- Proxmox Support Team <support@proxmox.com>  Tue, 02 Apr 2024 18:19:23 +0200
 proxmox-kernel-6.5 (6.5.13-4) bookworm; urgency=medium
  * update sources to Ubuntu-6.5.0-32.32 based on stable-tree backports of up
    to v6.1.77, v6.6.16
 -- Proxmox Support Team <support@proxmox.com>  Fri, 29 Mar 2024 15:28:57 +0100
 proxmox-kernel-6.5 (6.5.13-3) bookworm; urgency=medium
  * updated sources to Ubuntu-6.5.0-27.28 to fix a regression in the tracing &
    debugging related eventfs, potentially breaking bpftrace.
 -- Proxmox Support Team <support@proxmox.com>  Wed, 20 Mar 2024 11:45:08 +0100
 proxmox-kernel-6.5 (6.5.13-2) bookworm; urgency=medium
  * update sources to Ubuntu-6.5.0-27.27 based on stable-tree backports of
    v6.1.74, v6.6.13
  * update ZFS to 2.2.3
  * Revert "cherry-pick scheduler fix to avoid temporary VM freezes on NUMA
    hosts" as user feedback did not show real improvement.
 -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Mar 2024 14:36:05 +0100
 proxmox-kernel-6.5 (6.5.13-1) bookworm; urgency=medium
  * update sources to Ubuntu-6.5.0-20.20 based on v6.5.13 and some newer
    stable-tree backports
  * backport scheduler fix to avoid temporary VM freezes on NUMA hosts
 -- Proxmox Support Team <support@proxmox.com>  Mon, 05 Feb 2024 14:50:54 +0100
 proxmox-kernel-6.5 (6.5.11-8) bookworm; urgency=medium
  * fix #5077: cherry-pick revert for aacraid resets
  * fix #5158: cherry-pick ext4 fix for high-CPU flush
 -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Jan 2024 13:27:34 +0100
 proxmox-kernel-6.5 (6.5.11-7) bookworm; urgency=medium
  * update ZFS to 2.2.2 to make it easier for users to ensure we're not
    affected by any recently uncovered data integrity issues (which got
    already patched out earlier via backports).
 -- Proxmox Support Team <support@proxmox.com>  Tue, 05 Dec 2023 10:44:02 +0100
 proxmox-kernel-6.5 (6.5.11-6) bookworm; urgency=medium
  * cherry-pick ZFS fix for (rare) dirty dnode data corruption bug
 -- Proxmox Support Team <support@proxmox.com>  Wed, 29 Nov 2023 09:32:26 +0100
 proxmox-kernel-6.5 (6.5.11-5) bookworm; urgency=medium
  * properly set CONFIG_VFIO_VIRQFD as a boolean
  * cherry-pick fix for RCU stall issue after VM live migration
 -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Nov 2023 20:52:25 +0100
 proxmox-kernel-6.5 (6.5.11-4) bookworm; urgency=medium
  * add signed kernel variant for secure boot
 -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Nov 2023 11:19:53 +0100
 proxmox-kernel-6.5 (6.5.11-3) bookworm; urgency=medium
  * ZFS: pick bug-fixes staged for 2.2.1:
    - add a tunable to disable BRT support and disable it by default
    - fix block cloning between unencrypted and encrypted datasets
    - disable block cloning by default
 -- Proxmox Support Team <support@proxmox.com>  Fri, 17 Nov 2023 17:34:32 +0100
 proxmox-kernel-6.5 (6.5.11-2) bookworm; urgency=medium
  * rebase on Ubuntu-6.5.0-14.14 to include a fix for viewing ast/bmc remote
    consoles
  * backport flexible-array-member fixes for the amdgpu module to avoid UBSAN
    warnings.
  * disable UBSAN bounds checking again completely, to many false-positives
 -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Nov 2023 18:19:51 +0100
 proxmox-kernel-6.5 (6.5.11-1) bookworm; urgency=medium
  * update to v6.5.11 upstream stable release
  * revert "memfd: improve userspace warnings for missing exec-related flags",
    producing to much log noise without any benefit
  * Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put
    before unmounting"
 -- Proxmox Support Team <support@proxmox.com>  Wed, 08 Nov 2023 15:40:29 +0100
 proxmox-kernel-6.5 (6.5.3-1) bookworm; urgency=medium
  * disable UBSAN bounds checking to avoid false-positive oopses due to the
    ZFS module using an older style for declaring flexible array member.
 -- Proxmox Support Team <support@proxmox.com>  Mon, 23 Oct 2023 10:03:52 +0200
 proxmox-kernel-6.5 (6.5.3-1~1) bookworm; urgency=medium
  * update kernel to 6.5 based Ubuntu 23.10 Mantic release
 -- Proxmox Support Team <support@proxmox.com>  Fri, 13 Oct 2023 15:28:11 +0200
 proxmox-kernel-6.2 (6.2.16-19) bookworm; urgency=medium
  * backport exposing FLUSHBYASID when running nested VMs on AMD CPUs to fix
    nesting of some hyper-visors like VMware Workstation.
  * backport constraining guest-supported xfeatures only at KVM_GET_XSAVE{2}
    to further improve compatibility for guests w.r.t. live-migration, or live
    snapshot rollback, to hosts with less (FPU) xfeatures supported.
 -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Oct 2023 14:07:51 +0200
 proxmox-kernel-6.2 (6.2.16-18) bookworm; urgency=medium
  * backport fix for AMD erratum #1485 on Zen4-based CPUs to avoid triggering
    undefined instruction exceptions when disabling all, or certain security
    mitigations, like using the "mitigations=off" kernel command line
    parameter
  * backport ZFS fix to avoid crashes and hangs if used on modern Intel HW
    like the Xeon Scalable 4th Gen "Sapphire Rapids" CPUs due to a HW bug as
    per Intel SPR erratum SPR4
 -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Oct 2023 17:05:18 +0200
 proxmox-kernel-6.2 (6.2.16-16) bookworm; urgency=medium
  * update sources to Ubuntu-6.2.0-36.36
 -- Proxmox Support Team <support@proxmox.com>  Tue, 03 Oct 2023 07:42:21 +0200
 proxmox-kernel-6.2 (6.2.16-15) bookworm; urgency=medium
  * fix thunderbolt ring-interrupt not being masked on suspend
  * cherry-pick fix to avoid potentially offlining one CPU thread on some EPYC
    CPUs with a new amd64-microcode package (still in unstable).
  * update ZFS to 2.1.13
 -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Sep 2023 15:53:58 +0200
 proxmox-kernel-6.2 (6.2.16-14) bookworm; urgency=medium
  * cherry-pick fix for setting X86_FEATURE_OSXSAVE feature improving
    performance of some code that tries to live-detect available CPU features,
    like, e.g., ZFS.
 -- Proxmox Support Team <support@proxmox.com>  Tue, 19 Sep 2023 10:17:16 +0200
 proxmox-kernel-6.2 (6.2.16-13) bookworm; urgency=medium
  * fix #4707: add override parameter for RMRR relaxation
  * backport thunderbolt-net fixes for IPv6 and connection re-establishment
    after a node got rebooted
  * update sources to Ubuntu-6.2.0-34.34
 -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Sep 2023 15:31:57 +0200
 proxmox-kernel-6.2 (6.2.16-12) bookworm; urgency=medium
  * cherry-pick fix for KVM vCPU page-fault loop.
    Due to too small and signed type used for an memory related sequence
    counter there was a chance that for long-lived VMs KVM would effectively
    hang vCPUs due to always thinking page faults are stale, which results in
    KVM refusing to "fix" faults.
 -- Proxmox Support Team <support@proxmox.com>  Mon, 04 Sep 2023 15:21:22 +0200
 proxmox-kernel-6.2 (6.2.16-11) bookworm; urgency=medium
  * cherry-pick fix to surpress faulty segfault logging. While harmless, such
    logs can look scary and might let people follow them like a red herring.
  * update sources to Ubuntu-6.2.0-32.32
 -- Proxmox Support Team <support@proxmox.com>  Thu, 31 Aug 2023 11:56:15 +0200
 proxmox-kernel-6.2 (6.2.16-10) bookworm; urgency=medium
  * disable CONFIG_GDS_FORCE_MITIGATION again
    when not having installed a new-enough intel-microcode, this disables AVX
    instructions which breaks a lot of software
 -- Proxmox Support Team <support@proxmox.com>  Fri, 18 Aug 2023 13:42:38 +0200
 proxmox-kernel-6.2 (6.2.16-9) bookworm; urgency=medium
  * add fixes for downfall
  * enable mitigation config option CONFIG_GDS_FORCE_MITIGATION
 -- Proxmox Support Team <support@proxmox.com>  Wed, 16 Aug 2023 10:07:11 +0200
 proxmox-kernel-6.2 (6.2.16-8) bookworm; urgency=medium
  * sign modules and set trust anchor/lockdown to allow manual secure boot
 -- Proxmox Support Team <support@proxmox.com>  Wed, 02 Aug 2023 14:17:00 +0200
 proxmox-kernel-6.2 (6.2.16-7) bookworm; urgency=medium
  * change `pve-` prefix to `proxmox-`
  * merge proxmox-kernel-meta packaging into main kernel repository
  * bump ABI to 6.2.16-6
 -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Aug 2023 13:23:46 +0200
 pve-kernel (6.2.16-6) bookworm; urgency=medium
  * fix #4833: backport fix for recovering potential NX huge pages
  * fix #4770: backport "nvme: don't reject probe due to duplicate IDs"
  * backport Zenbleed stop-gap workaround for CVE-2023-20593, the actual fix
    is the amd64-microcode update.
 -- Proxmox Support Team <support@proxmox.com>  Tue, 25 Jul 2023 17:33:45 +0200
 pve-kernel (6.2.16-5) bookworm; urgency=medium
  * kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no support to
    improve live-migrations & snapshot-rollback of VMs running on modern Intel
    CPUs (Skylake-Server or Tiger Lake Desktop), if configured with a
    restricted vCPU type (e.g., qemu64) and if the migration source is from
    our 5.15 based kernel (default in Proxmox VE 7.4) to the 6.2 (and future
    newer) of Proxmox VE 8.0 as target.
    This copes with the fallout of a fix, that while itself improved migration
    compatibility for clusters with different host-CPU models, caused another
    issue on the transition between the older "broken" and newer "fixed"
    kernels for homogeneous clusters, i.e., those with the same PVE host-CPU
    model.
 -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Jul 2023 19:53:39 +0200
 pve-kernel (6.2.16-4) bookworm; urgency=medium
  * backport fixes for StackRot (CVE-2023-3269)
 -- Proxmox Support Team <support@proxmox.com>  Fri, 07 Jul 2023 06:22:28 +0200
 pve-kernel (6.2.16-3) bookworm; urgency=medium
  * update to Ubuntu-6.2.0-25.25
 -- Proxmox Support Team <support@proxmox.com>  Sat, 17 Jun 2023 07:58:57 +0200
 pve-kernel (6.2.16-2) bookworm; urgency=medium
  * update ZFS to 2.1.12
  * bump ABI to 6.2.16-2
  * backport "net/sched: flower: fix possible OOB write in fl_set_geneve_opt()"
  * backport re-adding mdev_set_iommu_device() kABI for support of SRIOV based
    Nvidia vGPU
 -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Jun 2023 15:30:53 +0200
 pve-kernel (6.2.16-1) bookworm; urgency=medium
  * update to Ubuntu-6.2.0-23.23 and pull in stable fixes up to v6.2.16
  * build for Debian 12 Bookworm based releases
 -- Proxmox Support Team <support@proxmox.com>  Sat, 20 May 2023 19:23:34 +0200
 pve-kernel (6.2.11-2) bullseye; urgency=medium
  * backport "netfilter: nf_tables: deactivate anonymous set from preparation
    phase"
  * bump ABI to 6.2.11-2
 -- Proxmox Support Team <support@proxmox.com>  Wed, 10 May 2023 11:13:34 +0200
 pve-kernel (6.2.11-1) bullseye; urgency=medium
  * update kernel to Proxmox-6.2.11-1
  * update ZFS to 2.1.11
 -- Proxmox Support Team <support@proxmox.com>  Thu, 20 Apr 2023 11:59:36 +0200
 pve-kernel (6.2.9-1) bullseye; urgency=medium
  * update to Ubuntu-6.2.0-19.19 and cherry-pick patches up to 6.2.9
 -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Mar 2023 12:48:33 +0200
 pve-kernel (6.2.6-1) bullseye; urgency=medium
--- a/debian/compat
+++ b/debian/compat
@ -1 +0,0 @@
 10
--- a/debian/control.in
+++ b/debian/control.in
@ -1,4 +1,4 @@
-Source: pve-kernel
+Source: proxmox-kernel-@KVMAJMIN@
 Section: devel
 Priority: optional
 Maintainer: Proxmox Support Team <support@proxmox.com>
@ -7,7 +7,7 @@ Build-Depends: asciidoc-base,
               bc,
               bison,
               cpio,
-               debhelper (>= 10~),
+               debhelper-compat (= 13),
               dh-python,
               dwarves,
               file,
@ -25,16 +25,15 @@ Build-Depends: asciidoc-base,
               libtool,
               lintian,
               lz4,
-               perl-modules,
+               python3-dev,
               python3-minimal,
               rsync,
               sed,
               sphinx-common,
               tar,
               xmlto,
               zlib1g-dev,
               zstd,
-Build-Conflicts: pve-headers-@KVNAME@
+Build-Conflicts: proxmox-headers-@KVNAME@,
 Standards-Version: 4.6.2
 Vcs-Git: git://git.proxmox.com/git/pve-kernel
 Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
@ -42,59 +41,84 @@ Package: linux-tools-@KVMAJMIN@
 Architecture: any
 Section: devel
 Priority: optional
-Depends: linux-base, ${misc:Depends}, ${shlibs:Depends}
+Depends: linux-base, ${misc:Depends}, ${shlibs:Depends},
 Description: Linux kernel version specific tools for version @KVMAJMIN@
 This package provides the architecture dependent parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy)
-Package: pve-headers-@KVNAME@
+Package: proxmox-headers-@KVNAME@
 Section: devel
 Priority: optional
 Architecture: any
-Provides: linux-headers-@KVNAME@-amd64
+Provides: linux-headers-@KVNAME@-amd64, pve-headers-@KVNAME@
-Depends: coreutils | fileutils (>= 4.0)
+Depends: ${misc:Depends},
 Description: Proxmox Kernel Headers
 This package contains the linux kernel headers
-Package: pve-kernel-@KVNAME@
+Package: proxmox-kernel-@KVNAME@
 Section: admin
 Priority: optional
 Architecture: any
-Provides: linux-image-@KVNAME@-amd64
+Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
-Suggests: pve-firmware
+Suggests: pve-firmware,
-Depends: busybox, initramfs-tools | linux-initramfs-tool
+Depends: busybox, initramfs-tools | linux-initramfs-tool, ${misc:Depends},
-Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64
+Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64,
 Description: Proxmox Kernel Image
 This package contains the linux kernel and initial ramdisk used for booting
-Package: pve-kernel-@KVNAME@-dbgsym
+Package: proxmox-kernel-@KVNAME@-dbgsym
 Architecture: any
-Provides: linux-debug
+Provides: linux-debug, pve-kernel-@KVNAME@-dbgsym
 Section: devel
 Priority: optional
-Build-Profiles: <pkg.pve-kernel.debug>
+Build-Profiles: <pkg.proxmox-kernel.debug>
 Depends: ${misc:Depends},
 Description: Proxmox Kernel debug image
 This package provides the kernel debug image for version @KVNAME@. The debug
 kernel image contained in this package is NOT meant to boot from - it is
 uncompressed, and unstripped, and suitable for use with crash/kdump-tools/..
- to analyze kernel crashes. This package also contains the pve-kernel modules
+ to analyze kernel crashes. This package also contains the proxmox-kernel modules
 in their unstripped version.
-Package: pve-kernel-@KVNAME@-signed-template
+Package: proxmox-kernel-@KVNAME@-signed-template
 Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}, make | build-essential | dpkg-dev
 Description: Template for signed kernel package
 This package is used to control code signing by the Proxmox signing
 service.
-Package: pve-kernel-libc-dev
+Package: proxmox-kernel-libc-dev
 Section: devel
 Priority: optional
 Architecture: any
-Provides: linux-libc-dev (=${binary:Version})
+Provides: linux-libc-dev (=${binary:Version}), pve-kernel-libc-dev
-Conflicts: linux-libc-dev
+Conflicts: linux-libc-dev,
-Replaces: linux-libc-dev
+Replaces: linux-libc-dev, pve-kernel-libc-dev
-Depends: ${misc:Depends}
+Breaks: pve-kernel-libc-dev
 Depends: ${misc:Depends},
 Description: Linux support headers for userspace development
 This package provides userspaces headers from the Linux kernel.  These headers
 are used by the installed headers for GNU libc and other system libraries.
 Package: proxmox-headers-@KVMAJMIN@
 Architecture: all
 Section: admin
 Provides: linux-headers-amd64, linux-headers-generic, pve-headers-@KVMAJMIN@
 Replaces: pve-headers-@KVMAJMIN@
 Priority: optional
 Depends: proxmox-headers-@KVNAME@, ${misc:Depends},
 Description: Latest Proxmox Kernel Headers
 This is a metapackage which will install the kernel headers
 for the latest available proxmox kernel from the @KVMAJMIN@
 series.
 Package: proxmox-kernel-@KVMAJMIN@
 Architecture: all
 Section: admin
 Provides: linux-image-amd64, linux-image-generic, wireguard-modules (=1.0.0), pve-kernel-@KVMAJMIN@
 Replaces: pve-kernel-@KVMAJMIN@
 Priority: optional
 Depends: pve-firmware, proxmox-kernel-@KVNAME@-signed | proxmox-kernel-@KVNAME@, ${misc:Depends},
 Description: Latest Proxmox Kernel Image
 This is a metapackage which will install the latest available
 proxmox kernel from the @KVMAJMIN@ series.
--- a/debian/proxmox-headers.postinst.in
+++ b/debian/proxmox-headers.postinst.in
--- a/debian/proxmox-kernel-meta.postinst.in
+++ b/debian/proxmox-kernel-meta.postinst.in
@ -0,0 +1,17 @@
 #! /bin/sh
 # Abort if any command returns an error value 
 set -e
 case "$1" in
  configure)
    # setup kernel links for installation CD (rescue boot)
    mkdir -p /boot/pve
    ln -sf /boot/vmlinuz-@@KVNAME@@ /boot/pve/vmlinuz-@@KVMAJMIN@@
    ln -sf /boot/initrd.img-@@KVNAME@@ /boot/pve/initrd.img-@@KVMAJMIN@@
    ;;
 esac
 #DEBHELPER#
 exit 0
--- a/debian/proxmox-kernel-meta.postrm.in
+++ b/debian/proxmox-kernel-meta.postrm.in
@ -0,0 +1,19 @@
 #! /bin/sh
 # Abort if any command returns an error value
 set -e
 case "$1" in
    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
        # remove kernel symlinks
        rm -f /boot/pve/vmlinuz-@@KVNAME@@
        rm -f /boot/pve/initrd.img-@@KVNAME@@
    ;;
    *)
        echo "postrm called with unknown argument \`$1'" >&2
        exit 1
    ;;
 esac
 #DEBHELPER#
--- a/debian/proxmox-kernel.postinst.in
+++ b/debian/proxmox-kernel.postinst.in
@ -1,6 +1,7 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 use strict;
 use warnings;
 # Ignore all invocations except when called on to configure.
 exit 0 unless $ARGV[0] =~ /configure/;
@ -16,10 +17,9 @@ system("depmod $version");
 if (-d "/etc/kernel/postinst.d") {
  print STDERR "Examining /etc/kernel/postinst.d.\n";
-  system ("run-parts --verbose --exit-on-error --arg=$version " .
+  system(
-          "--arg=$imagedir/vmlinuz-$version " .
+      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postinst.d"
-          "/etc/kernel/postinst.d") &&
+  ) && die "Failed to process /etc/kernel/postinst.d";
            die "Failed to process /etc/kernel/postinst.d";
 }
 exit 0
--- a/debian/proxmox-kernel.postrm.in
+++ b/debian/proxmox-kernel.postrm.in
@ -0,0 +1,46 @@
 #!/usr/bin/perl
 use strict;
 use warnings;
 # Ignore all 'upgrade' invocations .
 exit 0 if $ARGV[0] =~ /upgrade/;
 my $imagedir = "/boot";
 my $version = "@@KVNAME@@";
 if (-d "/etc/kernel/postrm.d") {
  print STDERR "Examining /etc/kernel/postrm.d.\n";
  system (
      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postrm.d"
  ) && die "Failed to process /etc/kernel/postrm.d";
 }
 unlink "$imagedir/initrd.img-$version";
 unlink "$imagedir/initrd.img-$version.bak";
 unlink "/var/lib/initramfs-tools/$version";
 # Ignore all invocations except when called on to purge.
 exit 0 unless $ARGV[0] =~ /purge/;
 my @files_to_remove = qw{
    modules.dep modules.isapnpmap modules.pcimap
    modules.usbmap modules.parportmap
    modules.generic_string modules.ieee1394map
    modules.ieee1394map modules.pnpbiosmap
    modules.alias modules.ccwmap modules.inputmap
    modules.symbols modules.ofmap
    modules.seriomap modules.*.bin
    modules.softdep modules.devname
 };
 foreach my $extra_file (@files_to_remove) {
    for (glob("/lib/modules/$version/$extra_file")) {
 	unlink;
    }
 }
 system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
 exit 0
--- a/debian/proxmox-kernel.prerm.in
+++ b/debian/proxmox-kernel.prerm.in
@ -1,6 +1,7 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 use strict;
 use warnings;
 # Ignore all invocations uxcept when called on to remove
 exit 0 unless ($ARGV[0] && $ARGV[0] =~ /remove/) ;
@ -14,10 +15,9 @@ my $version = "@@KVNAME@@";
 if (-d "/etc/kernel/prerm.d") {
  print STDERR "Examining /etc/kernel/prerm.d.\n";
-  system ("run-parts --verbose --exit-on-error --arg=$version " . 
+  system(
-          "--arg=$imagedir/vmlinuz-$version " .
+      "run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/prerm.d"
-          "/etc/kernel/prerm.d") &&
+  ) && die "Failed to process /etc/kernel/prerm.d";
 	  die "Failed to process /etc/kernel/prerm.d";
 }
 exit 0
--- a/debian/pve-kernel.postrm.in
+++ b/debian/pve-kernel.postrm.in
@ -1,46 +0,0 @@
 #!/usr/bin/perl -w
 use strict;
 # Ignore all 'upgrade' invocations .
 exit 0 if $ARGV[0] =~ /upgrade/;
 my $imagedir = "/boot";
 my $version = "@@KVNAME@@";
 if (-d "/etc/kernel/postrm.d") {
  print STDERR "Examining /etc/kernel/postrm.d.\n";
  system ("run-parts --verbose --exit-on-error --arg=$version " .
          "--arg=$imagedir/vmlinuz-$version " .
          "/etc/kernel/postrm.d") &&
            die "Failed to process /etc/kernel/postrm.d";
 }
 unlink "$imagedir/initrd.img-$version";
 unlink "$imagedir/initrd.img-$version.bak";
 unlink "/var/lib/initramfs-tools/$version";
 # Ignore all invocations except when called on to purge.
 exit 0 unless $ARGV[0] =~ /purge/;
 my @files_to_remove = qw{
                         modules.dep modules.isapnpmap modules.pcimap
                         modules.usbmap modules.parportmap
                         modules.generic_string modules.ieee1394map
                         modules.ieee1394map modules.pnpbiosmap
                         modules.alias modules.ccwmap modules.inputmap
                         modules.symbols modules.ofmap
                         modules.seriomap modules.*.bin
 			 modules.softdep modules.devname
                       };
 foreach my $extra_file (@files_to_remove) {
    for (glob("/lib/modules/$version/$extra_file")) {
 	unlink;
    }
 }
 system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
 exit 0
--- a/debian/rules
+++ b/debian/rules
@ -9,22 +9,25 @@ BUILD_DIR=$(shell pwd)
 include /usr/share/dpkg/default.mk
 include debian/rules.d/env.mk
-include debian/rules.d/${DEB_BUILD_ARCH}.mk
+include debian/rules.d/$(DEB_BUILD_ARCH).mk
 MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
 CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
 CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ)
-PVE_KERNEL_PKG=pve-kernel-${KVNAME}
+PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME)
-PVE_DEBUG_KERNEL_PKG=pve-kernel-${KVNAME}-dbgsym
+PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN)
-PVE_HEADER_PKG=pve-headers-${KVNAME}
+PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
-PVE_USR_HEADER_PKG=pve-kernel-libc-dev
+PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
-PVE_KERNEL_SIGNING_TEMPLATE_PKG=pve-kernel-${KVNAME}-signed-template
+PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
-PVE_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
+PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template
-LINUX_TOOLS_PKG=linux-tools-${KERNEL_MAJMIN}
+PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
-KERNEL_SRC_COPY=${KERNEL_SRC}_tmp
+LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
 KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp
 # TODO: split for archs, move to files?
-PVE_CONFIG_OPTS= \
+PMX_CONFIG_OPTS= \
 -m INTEL_MEI_WDT \
 -d CONFIG_SND_PCM_OSS \
 -e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
@ -64,7 +67,7 @@ PVE_CONFIG_OPTS= \
 -e CONFIG_MEMCG_SWAP_ENABLED \
 -e CONFIG_HYPERV \
 -m CONFIG_VFIO_IOMMU_TYPE1 \
-m CONFIG_VFIO_VIRQFD \
+-e CONFIG_VFIO_VIRQFD \
 -m CONFIG_VFIO \
 -m CONFIG_VFIO_PCI \
 -m CONFIG_USB_XHCI_HCD \
@ -90,35 +93,41 @@ PVE_CONFIG_OPTS= \
 -d CONFIG_UNWINDER_ORC \
 -d CONFIG_UNWINDER_GUESS \
 -e CONFIG_UNWINDER_FRAME_POINTER \
--set-str CONFIG_SYSTEM_TRUSTED_KEYS "../debian/certs/combined.pem"\
+--set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\
 --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\
 -e CONFIG_SECURITY_LOCKDOWN_LSM \
 -e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
 --set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION
+-e CONFIG_PAGE_TABLE_ISOLATION \
 -e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
 -d CONFIG_GDS_FORCE_MITIGATION \
 -d CONFIG_WQ_CPU_INTENSIVE_REPORT \
 -d CONFIG_N_GSM \
 -d UBSAN_BOUNDS \
 debian/control: $(wildcard debian/*.in)
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.prerm.in > debian/${PVE_KERNEL_PKG}.prerm
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postrm.in > debian/${PVE_KERNEL_PKG}.postrm
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postinst.in > debian/${PVE_KERNEL_PKG}.postinst
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-headers.postinst.in > debian/${PVE_HEADER_PKG}.postinst
+	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst
-	chmod +x debian/${PVE_KERNEL_PKG}.prerm
+	sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm
-	chmod +x debian/${PVE_KERNEL_PKG}.postrm
+	sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst
-	chmod +x debian/${PVE_KERNEL_PKG}.postinst
+	chmod +x debian/$(PMX_KERNEL_PKG).prerm
-	chmod +x debian/${PVE_HEADER_PKG}.postinst
+	chmod +x debian/$(PMX_KERNEL_PKG).postrm
-	sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/${KERNEL_MAJMIN}/g' < debian/control.in > debian/control
+	chmod +x debian/$(PMX_KERNEL_PKG).postinst
-
+	chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm
-	# combine trusted certificates
+	chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst
-	cat debian/certs/*.pem > debian/certs/combined.pem
+	chmod +x debian/$(PMX_HEADER_PKG).postinst
 	sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control
 	# signing-template
-	sed -e '1 s/pve-kernel/pve-kernel-signed/' -e '1 s/${DEB_VERSION}/${PVE_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
+	sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
-	sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
+	sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
 	sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json
 	sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.prerm.in > debian/signing-template/prerm
+	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postrm.in > debian/signing-template/postrm
+	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm
-	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postinst.in > debian/signing-template/postinst
+	sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst
 	rm debian/signing-template/*.in
 	cp debian/SOURCE debian/signing-template/
@ -134,7 +143,7 @@ install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_in
 binary: install
 	debian/rules fwcheck abicheck
-	dh_strip -N${PVE_HEADER_PKG} -N${PVE_USR_HEADER_PKG}
+	dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG)
 	dh_makeshlibs
 	dh_shlibdeps
 	dh_installdeb
@ -143,67 +152,67 @@ binary: install
 	dh_builddeb
 .config_mark:
-	cd ${KERNEL_SRC}; scripts/config ${PVE_CONFIG_OPTS}
+	cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
-	${MAKE} -C ${KERNEL_SRC} oldconfig
+	$(MAKE) -C $(KERNEL_SRC) olddefconfig
 	# copy to allow building in parallel to kernel/module compilation without interference
-	rm -rf ${KERNEL_SRC_COPY}
+	rm -rf $(KERNEL_SRC_COPY)
-	cp -ar ${KERNEL_SRC} ${KERNEL_SRC_COPY}
+	cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY)
 	touch $@
 .compile_mark: .config_mark
-	${MAKE} -C ${KERNEL_SRC} KBUILD_BUILD_VERSION_TIMESTAMP="PVE ${DEB_VERSION} (${CHANGELOG_DATE_UTC_ISO})"
+	$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
 	touch $@
 .install_mark: .compile_mark .modules_compile_mark
-	rm -rf debian/${PVE_KERNEL_PKG}
+	rm -rf debian/$(PMX_KERNEL_PKG)
-	mkdir -p debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}
+	mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)
-	mkdir debian/${PVE_KERNEL_PKG}/boot
+	mkdir debian/$(PMX_KERNEL_PKG)/boot
-	install -m 644 ${KERNEL_SRC}/.config debian/${PVE_KERNEL_PKG}/boot/config-${KVNAME}
+	install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME)
-	install -m 644 ${KERNEL_SRC}/System.map debian/${PVE_KERNEL_PKG}/boot/System.map-${KVNAME}
+	install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME)
-	install -m 644 ${KERNEL_SRC}/${KERNEL_IMAGE_PATH} debian/${PVE_KERNEL_PKG}/boot/${KERNEL_INSTALL_FILE}-${KVNAME}
+	install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
-	${MAKE} -C ${KERNEL_SRC} INSTALL_MOD_PATH=${BUILD_DIR}/debian/${PVE_KERNEL_PKG}/ modules_install
+	$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install
 	# install zfs drivers
-	install -d -m 0755 debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/zfs
+	install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
-	install -m 644 $(addprefix ${MODULES}/,zfs.ko zavl.ko znvpair.ko zunicode.ko zcommon.ko icp.ko zlua.ko spl.ko zzstd.ko) debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/zfs
+	install -m 644 $(MODULES)/zfs.ko $(MODULES)/spl.ko debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
 	# remove firmware
-	rm -rf debian/${PVE_KERNEL_PKG}/lib/firmware
+	rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware
-ifeq ($(filter pkg.pve-kernel.debug,$(DEB_BUILD_PROFILES)),)
+ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),)
-	echo "'pkg.pve-kernel.debug' build profile disabled, skipping -dbgsym creation"
+	echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation"
 else
-	echo "'pkg.pve-kernel.debug' build profile enabled, creating -dbgsym contents"
+	echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents"
-	mkdir -p debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}
+	mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
-	mkdir debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/boot
+	mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
-	install -m 644 ${KERNEL_SRC}/vmlinux debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/boot/vmlinux-${KVNAME}
+	install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
-	cp -r debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME} debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/
+	cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
-	rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/source
+	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
-	rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/build
+	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
-	rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/modules.*
+	rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
 endif
 	# strip debug info
-	find debian/${PVE_KERNEL_PKG}/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
+	find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
 	# sign modules using ephemeral, embedded key
 	if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \
-		find debian/${PVE_KERNEL_PKG}/lib/modules -name \*.ko -print | while read f ; do \
+		find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \
 			./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \
 		done; \
 		rm ./ubuntu-kernel/certs/signing_key.pem ; \
 	fi
 	# finalize
-	/sbin/depmod -b debian/${PVE_KERNEL_PKG}/ ${KVNAME}
+	/sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME)
 	# Autogenerate blacklist for watchdog devices (see README)
-	install -m 0755 -d debian/${PVE_KERNEL_PKG}/lib/modprobe.d
+	install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d
-	ls debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
+	ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
 	echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
-	cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/${PVE_KERNEL_PKG}/lib/modprobe.d/blacklist_${PVE_KERNEL_PKG}.conf
+	cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
-	rm -f debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/source
+	rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
-	rm -f debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/build
+	rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
 	# copy signing template contents
-	rm -rf debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}
+	rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}
-	mkdir -p debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
+	mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
 	cp -R debian/copyright \
 		debian/signing-template/rules \
 		debian/signing-template/control \
@ -213,36 +222,36 @@ endif
 		debian/signing-template/postrm \
 		debian/signing-template/postinst \
 		debian/signing-template/SOURCE \
-		debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
+		debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
-	cp debian/signing-template/files.json debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/
+	cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/
 	touch $@
 .tools_compile_mark: .compile_mark
-	${MAKE} -C ${KERNEL_SRC}/tools/perf prefix=/usr HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
+	$(MAKE) -C $(KERNEL_SRC)/tools/perf prefix=/usr NO_LIBTRACEEVENT=1 HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
 	echo "checking GPL-2 only perf binary for library linkage with incompatible licenses.."
-	! ldd ${KERNEL_SRC}/tools/perf/perf | grep -q -E '\blibbfd'
+	! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibbfd'
-	! ldd ${KERNEL_SRC}/tools/perf/perf | grep -q -E '\blibcrypto'
+	! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibcrypto'
-	${MAKE} -C ${KERNEL_SRC}/tools/perf man
+	$(MAKE) -C $(KERNEL_SRC)/tools/perf NO_LIBTRACEEVENT=1 man
 	touch $@
 .tools_install_mark: .tools_compile_mark
-	rm -rf debian/${LINUX_TOOLS_PKG}
+	rm -rf debian/$(LINUX_TOOLS_PKG)
-	mkdir -p debian/${LINUX_TOOLS_PKG}/usr/bin
+	mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/bin
-	mkdir -p debian/${LINUX_TOOLS_PKG}/usr/share/man/man1
+	mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1
-	install -m 755 ${BUILD_DIR}/${KERNEL_SRC}/tools/perf/perf debian/${LINUX_TOOLS_PKG}/usr/bin/perf_$(KERNEL_MAJMIN)
+	install -m 755 $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/perf debian/$(LINUX_TOOLS_PKG)/usr/bin/perf_$(KERNEL_MAJMIN)
-	for i in ${BUILD_DIR}/${KERNEL_SRC}/tools/perf/Documentation/*.1; do \
+	for i in $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/Documentation/*.1; do \
 	    fname="$${i##*/}"; manname="$${fname%.1}"; \
-	    install -m644 "$$i" "debian/${LINUX_TOOLS_PKG}/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
+	    install -m644 "$$i" "debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
 	done
 	touch $@
 .headers_prepare_mark: .config_mark
-	rm -rf debian/${PVE_HEADER_PKG}
+	rm -rf debian/$(PMX_HEADER_PKG)
-	mkdir -p debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	install -m 0644 ${KERNEL_SRC}/.config debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	make -C ${KERNEL_SRC_COPY} mrproper
+	make -C $(KERNEL_SRC_COPY) mrproper
-	cd ${KERNEL_SRC_COPY}; find . -path './debian/*' -prune \
+	cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \
 	    -o -path './include/*' -prune \
 	    -o -path './Documentation' -prune \
 	    -o -path './scripts' -prune \
@ -254,40 +263,40 @@ endif
 	        -o -name '*.sh' \
 	        -o -name '*.pl' \
 	    \) \
-	    -print | cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	    -print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	cd ${KERNEL_SRC_COPY}; \
+	cd $(KERNEL_SRC_COPY); \
 	    ( \
-	        find arch/${KERNEL_HEADER_ARCH} -name include -type d -print | \
+	        find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \
 	        xargs -n1 -i: find : -type f \
 	    ) | \
-	    cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	    cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
 	touch $@
 .headers_compile_mark: .headers_prepare_mark
 	# set output to subdir of source to reduce number of hardcoded paths in output files
-	rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
+	rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
-	mkdir -p ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
+	mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
-	cp ${KERNEL_SRC}/.config ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/.config
+	cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config
-	${MAKE} -C ${KERNEL_SRC_COPY} O=${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -j1 syncconfig modules_prepare prepare scripts
+	$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
-	cd ${KERNEL_SRC_COPY}; cp -a include scripts ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	find ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
+	find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
-	rsync --ignore-existing -r -v -a $(addprefix ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/,arch include kernel scripts tools) ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/
+	rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
-	rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}
+	rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)
 	touch $@
 .headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
-	cp ${KERNEL_SRC}/include/generated/compile.h debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/include/generated/compile.h
+	cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
-	install -m 0644 ${KERNEL_SRC}/Module.symvers debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
-	mkdir -p debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}
+	mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)
-	ln -sf /usr/src/linux-headers-${KVNAME} debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}/build
+	ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build
 	touch $@
-.usr_headers_install_mark: PKG_DIR = debian/${PVE_USR_HEADER_PKG}
+.usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG)
-.usr_headers_install_mark: OUT_DIR = ${PKG_DIR}/usr
+.usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr
 .usr_headers_install_mark: .config_mark
-	rm -rf '${PKG_DIR}'
+	rm -rf '$(PKG_DIR)'
-	mkdir -p  '${PKG_DIR}'
+	mkdir -p  '$(PKG_DIR)'
-	$(MAKE) -C ${KERNEL_SRC} headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
+	$(MAKE) -C $(KERNEL_SRC) headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
 	rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi
 	find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} +
@ -298,43 +307,36 @@ endif
 		mv $(OUT_DIR)/include/arch $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
 	touch $@
-.modules_compile_mark: ${MODULES}/zfs.ko
+.modules_compile_mark: $(MODULES)/zfs.ko
 	touch $@
-${MODULES}/zfs.ko: .compile_mark
+$(MODULES)/zfs.ko: .compile_mark
-	cd ${MODULES}/${ZFSDIR}; ./autogen.sh
+	cd $(MODULES)/$(ZFSDIR); ./autogen.sh
-	cd ${MODULES}/${ZFSDIR}; ./configure --with-config=kernel --with-linux=${BUILD_DIR}/${KERNEL_SRC} --with-linux-obj=${BUILD_DIR}/${KERNEL_SRC}
+	cd $(MODULES)/$(ZFSDIR); ./configure --with-config=kernel --with-linux=$(BUILD_DIR)/$(KERNEL_SRC) --with-linux-obj=$(BUILD_DIR)/$(KERNEL_SRC)
-	${MAKE} -C ${MODULES}/${ZFSDIR}
+	$(MAKE) -C $(MODULES)/$(ZFSDIR)
-	cp ${MODULES}/${ZFSDIR}/module/avl/zavl.ko ${MODULES}/
+	cp $(MODULES)/$(ZFSDIR)/module/zfs.ko $(MODULES)/
-	cp ${MODULES}/${ZFSDIR}/module/nvpair/znvpair.ko ${MODULES}/
+	cp $(MODULES)/$(ZFSDIR)/module/spl.ko $(MODULES)/
 	cp ${MODULES}/${ZFSDIR}/module/unicode/zunicode.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/zcommon/zcommon.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/icp/icp.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/zfs/zfs.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/lua/zlua.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/spl/spl.ko ${MODULES}/
 	cp ${MODULES}/${ZFSDIR}/module/zstd/zzstd.ko ${MODULES}/
-fwlist-${KVNAME}: .compile_mark .modules_compile_mark
+fwlist-$(KVNAME): .compile_mark .modules_compile_mark
-	debian/scripts/find-firmware.pl debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME} >fwlist.tmp
+	debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
 	mv fwlist.tmp $@
 .PHONY: fwcheck
-fwcheck: fwlist-${KVNAME} fwlist-previous
+fwcheck: fwlist-$(KVNAME) fwlist-previous
 	@echo "checking fwlist for changes since last built firmware package.."
-	@echo "if this check fails, add fwlist-${KVNAME} to the pve-firmware repository and upload a new firmware package together with the ${KVNAME} kernel"
+	@echo "if this check fails, add fwlist-$(KVNAME) to the pve-firmware repository and upload a new firmware package together with the $(KVNAME) kernel"
 	sort fwlist-previous | uniq > fwlist-previous.sorted
-	sort fwlist-${KVNAME} | uniq > fwlist-${KVNAME}.sorted
+	sort fwlist-$(KVNAME) | uniq > fwlist-$(KVNAME).sorted
-	diff -up -N fwlist-previous.sorted fwlist-${KVNAME}.sorted > fwlist.diff
+	diff -up -N fwlist-previous.sorted fwlist-$(KVNAME).sorted > fwlist.diff
-	rm fwlist.diff fwlist-previous.sorted fwlist-${KVNAME}.sorted
+	rm fwlist.diff fwlist-previous.sorted fwlist-$(KVNAME).sorted
 	@echo "done, no need to rebuild pve-firmware"
-abi-${KVNAME}: .compile_mark
+abi-$(KVNAME): .compile_mark
-	debian/scripts/abi-generate debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/Module.symvers abi-${KVNAME} ${KVNAME}
+	debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)
 .PHONY: abicheck
-abicheck: debian/scripts/abi-check abi-${KVNAME} abi-prev-* abi-blacklist
+abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist
-	debian/scripts/abi-check abi-${KVNAME} abi-prev-* ${SKIPABI}
+	debian/scripts/abi-check abi-$(KVNAME) abi-prev-* $(SKIPABI)
 .PHONY: clean
--- a/debian/scripts/abi-check
+++ b/debian/scripts/abi-check
@ -1,4 +1,7 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 use strict;
 use warnings;
 my $abinew = shift;
 my $abiold = shift;
@ -22,30 +25,30 @@ my $count;
 print "II: Checking ABI...\n";
 if ($skipabi) {
-	print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
+    print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
-	$fail_exit = 0;
+    $fail_exit = 0;
-	$abiskip = 1;
+    $abiskip = 1;
-	$EE = "WW:";
+    $EE = "WW:";
 }
 if ($prev_abistr ne $abistr) {
-	print "II: Different ABI's, running in no-fail mode\n";
+    print "II: Different ABI's, running in no-fail mode\n";
-	$fail_exit = 0;
+    $fail_exit = 0;
-	$EE = "WW:";
+    $EE = "WW:";
 }
 if (not -f "$abinew" or not -f "$abiold") {
-	print "EE: Previous or current ABI file missing!\n";
+    print "EE: Previous or current ABI file missing!\n";
-	print "    $abinew\n" if not -f "$abinew";
+    print "    $abinew\n" if not -f "$abinew";
-	print "    $abiold\n" if not -f "$abiold";
+    print "    $abiold\n" if not -f "$abiold";
-	# Exit if the ABI files are missing, but return status based on whether
+    # Exit if the ABI files are missing, but return status based on whether
-	# skip ABI was indicated.
+    # skip ABI was indicated.
-	if ("$abiskip" eq "1") {
+    if ("$abiskip" eq "1") {
-		exit(0);
+	exit(0);
-	} else {
+    } else {
-		exit(1);
+	exit(1);
-	}
+    }
 }
 my %symbols;
@ -57,101 +60,97 @@ my %module_syms;
 my $ignore = 0;
 print "    Reading symbols/modules to ignore...";
-for $file ("abi-blacklist") {
+for my $file ("abi-blacklist") {
-	if (-f $file) {
+    next if !-f $file;
-		open(IGNORE, "< $file") or
+    open(my $IGNORE_FH, '<', $file) or die "Could not open $file - $!";
-			die "Could not open $file";
+
-		while (<IGNORE>) {
+    while (<$IGNORE_FH>) {
-			chomp;
+	chomp;
-			if ($_ =~ m/M: (.*)/) {
+	if ($_ =~ m/M: (.*)/) {
-				$modules_ignore{$1} = 1;
+	    $modules_ignore{$1} = 1;
-			} else {
+	} else {
-				$symbols_ignore{$_} = 1;
+	    $symbols_ignore{$_} = 1;
 			}
 			$ignore++;
 		}
 		close(IGNORE);
 	}
 	$ignore++;
    }
    close($IGNORE_FH);
 }
 print "read $ignore symbols/modules.\n";
 sub is_ignored($$) {
-	my ($mod, $sym) = @_;
+    my ($mod, $sym) = @_;
-	die "Missing module name in is_ignored()" if not defined($mod);
+    die "Missing module name in is_ignored()" if not defined($mod);
-	die "Missing symbol name in is_ignored()" if not defined($sym);
+    die "Missing symbol name in is_ignored()" if not defined($sym);
-	if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
+    if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
-		return 1;
+	return 1;
-	}
+    }
-	return 0;
+    return 0;
 }
 # Read new syms first
 print "    Reading new symbols ($abistr)...";
 $count = 0;
-open(NEW, "< $abinew") or
+open(my $NEW_FH, '<', $abinew) or die "Could not open $abinew - $!";
-	die "Could not open $abinew";
+while (<$NEW_FH>) {
-while (<NEW>) {
+    chomp;
-	chomp;
+    m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
-	m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
+    $symbols{$4}{'type'} = $1;
-	$symbols{$4}{'type'} = $1;
+    $symbols{$4}{'loc'} = $2;
-	$symbols{$4}{'loc'} = $2;
+    $symbols{$4}{'hash'} = $3;
-	$symbols{$4}{'hash'} = $3;
+    $module_syms{$2} = 0;
-	$module_syms{$2} = 0;
+    $count++;
 	$count++;
 }
-close(NEW);
+close($NEW_FH);
 print "read $count symbols.\n";
 # Now the old symbols, checking for missing ones
 print "    Reading old symbols...";
 $count = 0;
-open(OLD, "< $abiold") or
+open(my $OLD_FH, '<', $abiold) or die "Could not open $abiold - $!";
-	die "Could not open $abiold";
+while (<$OLD_FH>) {
-while (<OLD>) {
+    chomp;
-	chomp;
+    m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
-	m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
+    $symbols{$4}{'old_type'} = $1;
-	$symbols{$4}{'old_type'} = $1;
+    $symbols{$4}{'old_loc'} = $2;
-	$symbols{$4}{'old_loc'} = $2;
+    $symbols{$4}{'old_hash'} = $3;
-	$symbols{$4}{'old_hash'} = $3;
+    $count++;
 	$count++;
 }
-close(OLD);
+close($OLD_FH);
 print "read $count symbols.\n";
 print "II: Checking for missing symbols in new ABI...";
 $count = 0;
-foreach $sym (keys(%symbols)) {
+for my $sym (keys(%symbols)) {
-	if (!defined($symbols{$sym}{'type'})) {
+    if (!defined($symbols{$sym}{'type'})) {
-		print "\n" if not $count;
+	print "\n" if not $count;
-		printf("    MISS : %s%s\n", $sym,
+	printf("    MISS : %s%s\n", $sym, is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
-			is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
+	$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
-		$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
+    }
 	}
 }
 print "    " if $count;
 print "found $count missing symbols\n";
 if ($count) {
-	print "$EE Symbols gone missing (what did you do!?!)\n";
+    print "$EE Symbols gone missing (what did you do!?!)\n";
-	$errors++;
+    $errors++;
 }
 print "II: Checking for new symbols in new ABI...";
 $count = 0;
-foreach $sym (keys(%symbols)) {
+for my $sym (keys(%symbols)) {
-	if (!defined($symbols{$sym}{'old_type'})) {
+    if (!defined($symbols{$sym}{'old_type'})) {
-		print "\n" if not $count;
+	print "\n" if not $count;
-		print "    NEW : $sym\n";
+	print "    NEW : $sym\n";
-		$count++;
+	$count++;
-	}
+    }
 }
 print "    " if $count;
 print "found $count new symbols\n";
 if ($count) {
-	print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
+    print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
 }
 print "II: Checking for changes to ABI...\n";
@ -159,37 +158,34 @@ $count = 0;
 my $moved = 0;
 my $changed_type = 0;
 my $changed_hash = 0;
-foreach $sym (keys(%symbols)) {
+for my $sym (keys(%symbols)) {
-	if (!defined($symbols{$sym}{'old_type'}) or
+    if (!defined($symbols{$sym}{'old_type'}) or !defined($symbols{$sym}{'type'})) {
-	    !defined($symbols{$sym}{'type'})) {
+	next;
-		next;
+    }
 	}
-	# Changes in location don't hurt us, but log it anyway
+    # Changes in location don't hurt us, but log it anyway
-	if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
+    if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
-		printf("    MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'},
+	printf("    MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'}, $symbols{$sym}{'loc'});
-			$symbols{$sym}{'loc'});
+	$moved++;
-		$moved++;
+    }
 	}
-	# Changes to export type are only bad if new type isn't
+    # Changes to export type are only bad if new type isn't
-	# EXPORT_SYMBOL. Changing things to GPL are bad.
+    # EXPORT_SYMBOL. Changing things to GPL are bad.
-	if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
+    if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
-		printf("    TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
+	printf("    TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
-			$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
+	    $symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
-			? " (ignored)" : "");
+	    ? " (ignored)" : "");
-		$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL"
+	$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL" and !is_ignored($symbols{$sym}{'loc'}, $sym);
-			and !is_ignored($symbols{$sym}{'loc'}, $sym);
+    }
 	}
-	# Changes to the hash are always bad
+    # Changes to the hash are always bad
-	if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
+    if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
-		printf("    HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
+	printf("    HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
-			$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
+	    $symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
-			? " (ignored)" : "");
+	    ? " (ignored)" : "");
-		$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
+	$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
-		$module_syms{$symbols{$sym}{'loc'}}++;
+	$module_syms{$symbols{$sym}{'loc'}}++;
-	}
+    }
 }
 print "WW: $moved symbols changed location\n" if $moved;
@ -198,17 +194,17 @@ print "$EE $changed_hash symbols changed hash and weren't ignored\n" if $changed
 $errors++ if $changed_hash or $changed_type;
 if ($changed_hash) {
-	print "II: Module hash change summary...\n";
+    print "II: Module hash change summary...\n";
-	foreach $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
+    for my $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
-		next if ! $module_syms{$mod};
+	next if ! $module_syms{$mod};
-		printf("    %-40s: %d\n", $mod, $module_syms{$mod});
+	printf("    %-40s: %d\n", $mod, $module_syms{$mod});
-	}
+    }
 }
 print "II: Done\n";
 if ($errors) {
-	exit($fail_exit);
+    exit($fail_exit);
 } else {
-	exit(0);
+    exit(0);
 }
--- a/debian/scripts/abi-generate
+++ b/debian/scripts/abi-generate
@ -1,8 +1,11 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
-use PVE::Tools;
+use strict;
 use warnings;
-use IO::File;
+use PVE::Tools ();
 use IO::File ();
 sub usage {
    die "USAGE: $0 INFILE OUTFILE [ABI INFILE-IS-DEB]\n";
--- a/debian/scripts/find-firmware.pl
+++ b/debian/scripts/find-firmware.pl
@ -1,6 +1,7 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 use strict;
 use warnings;
 my $dir = shift;
@ -12,21 +13,21 @@ warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\
 my $apiver = $2;
-open(TMP, "find '$dir' -name '*.ko'|");
+open(my $FIND_KO_FH, "find '$dir' -name '*.ko'|");
-while (defined(my $fn = <TMP>)) {
+while (defined(my $fn = <$FIND_KO_FH>)) {
    chomp $fn;
    my $relfn = $fn;
    $relfn =~ s|^$dir/*||;
    my $cmd = "/sbin/modinfo -F firmware '$fn'";
-    open(MOD, "$cmd|");
+    open(my $MOD_FH, "$cmd|");
-    while (defined(my $fw = <MOD>)) {
+    while (defined(my $fw = <$MOD_FH>)) {
 	chomp $fw;
 	print "$fw $relfn\n";
    }
-    close(MOD);
+    close($MOD_FH);
 }
-close TMP;
+close($FIND_KO_FH);
 exit 0;
--- a/debian/signing-template/control.in
+++ b/debian/signing-template/control.in
@ -1,24 +1,24 @@
-Source: pve-kernel-signed
+Source: proxmox-kernel-signed-@KVMAJMIN@
 Section: kernel
 Priority: optional
 Maintainer: Proxmox Support Team <support@proxmox.com>
 Standards-Version: 4.2.0
-Build-Depends: debhelper-compat (= 12), dh-exec, python3:any, rsync, sbsigntool, pve-kernel-@KVNAME@ (= @UNSIGNED_VERSION@)
+Build-Depends: debhelper-compat (= 12), dh-exec, python3:any, rsync, sbsigntool, proxmox-kernel-@KVNAME@ (= @UNSIGNED_VERSION@)
 Rules-Requires-Root: no
 Vcs-Git: git://git.proxmox.com/git/pve-kernel
 Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
-Package: pve-kernel-@KVNAME@-signed
+Package: proxmox-kernel-@KVNAME@-signed
 Section: admin
 Priority: optional
 Architecture: any
-Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
+Provides: linux-image-@KVNAME@-amd64, proxmox-kernel-@KVNAME@
 Depends: ${unsigned:Depends}, ${misc:Depends}
 Recommends: ${unsigned:Recommends}
 Suggests: ${unsigned:Suggests}
 Breaks: ${unsigned:Breaks}
-Conflicts: pve-kernel-@KVNAME@
+Conflicts: proxmox-kernel-@KVNAME@
-Replaces: pve-kernel-@KVNAME@
+Replaces: proxmox-kernel-@KVNAME@
 Description: ${unsigned:DescriptionShort} (signed)
 ${unsigned:DescriptionLong}
 .
--- a/debian/signing-template/files.json.in
+++ b/debian/signing-template/files.json.in
@ -1,6 +1,6 @@
 {
 	"packages": {
-		"pve-kernel-@KVNAME@": {
+		"proxmox-kernel-@KVNAME@": {
 			"trusted_certs": [],
 			"files": [
 				{
--- a/debian/signing-template/rules.in
+++ b/debian/signing-template/rules.in
@ -7,7 +7,7 @@ export DH_OPTIONS
 include /usr/share/dpkg/architecture.mk
 KERNEL_VERSION=@KVNAME@
-IMAGE_PACKAGE_NAME=pve-kernel-$(KERNEL_VERSION)
+IMAGE_PACKAGE_NAME=proxmox-kernel-$(KERNEL_VERSION)
 PACKAGE_NAME=$(IMAGE_PACKAGE_NAME)-signed
 PACKAGE_VERSION=@PKG_VERSION@
 PACKAGE_DIR=debian/$(PACKAGE_NAME)
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@ -0,0 +1,2 @@
 debian-control-has-dbgsym-package (in section for proxmox-kernel-*-pve-dbgsym) Package [debian/control:*]
 license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]
--- a/826
+++ b/826
--- a/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch
+++ b/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch
@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/init/Makefile b/init/Makefile
-index 26de459006c4..3157d9c79901 100644
+index cbac576c57d6..479b1253fcbe 100644
 --- a/init/Makefile
 +++ b/init/Makefile
@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC)	:= PREEMPT_DYNAMIC
--- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2 files changed, 111 insertions(+)
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 2e77ecc12692..eae6fdc4c683 100644
+index 4272acb3d047..d18cc2c1f9c3 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4188,6 +4188,15 @@
+@@ -4400,6 +4400,15 @@
 				Also, it enforces the PCI Local Bus spec
 				rule that those bits should be 0 in system reset
 				events (useful for kexec/kdump cases).
@ -75,10 +75,10 @@ index 2e77ecc12692..eae6fdc4c683 100644
 				Safety option to keep boot IRQs enabled. This
 				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 267e6002e29f..fac76ca1d16a 100644
+index ce469d84ebae..4f163ef55e7b 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -194,6 +194,106 @@ static int __init pci_apply_final_quirks(void)
+@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
 }
 fs_initcall_sync(pci_apply_final_quirks);
@ -185,7 +185,7 @@ index 267e6002e29f..fac76ca1d16a 100644
 /*
  * Decoding should be disabled for a PCI device during BAR sizing to avoid
  * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4959,6 +5059,8 @@ static const struct pci_dev_acs_enabled {
+@@ -5100,6 +5200,8 @@ static const struct pci_dev_acs_enabled {
 	{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
 	/* APM X-Gene */
 	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
--- a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch
+++ b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch
@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 07aae60288f9..949b7204cf52 100644
+index 0f50960b0e3a..37f840f57f32 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
-@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
+@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
 EXPORT_SYMBOL_GPL(halt_poll_ns);
 /* Default doubles per-vcpu halt_poll_ns. */
--- a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
+++ b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/net/core/dev.c b/net/core/dev.c
-index fce980d531bd..5079a3851798 100644
+index c365aa06f886..c9066a7aa4c5 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10257,7 +10257,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -10470,7 +10470,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
 		if (time_after(jiffies, warning_time +
 			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
 			list_for_each_entry(dev, list, todo_list) {
--- a/patches/kernel/0007-Revert-RDMA-irdma-Report-the-correct-link-speed.patch
+++ b/patches/kernel/0007-Revert-RDMA-irdma-Report-the-correct-link-speed.patch
@ -1,72 +0,0 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Date: Sat, 7 Jan 2023 13:48:41 +0100
 Subject: [PATCH] Revert "RDMA/irdma: Report the correct link speed"
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 seem to cause a regression with some NICs:
 https://lore.kernel.org/netdev/CAK8fFZ6A_Gphw_3-QMGKEFQk=sfCw1Qmq0TVZK3rtAi7vb621A@mail.gmail.com/
 This reverts commit e8553504e366c8a47d1f6156c30d6eb9778cda13.
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 ---
 drivers/infiniband/hw/irdma/verbs.c | 35 ++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)
 diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
 index f6973ea55eda..132fe91bb799 100644
 --- a/drivers/infiniband/hw/irdma/verbs.c
 +++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -63,6 +63,36 @@ static int irdma_query_device(struct ib_device *ibdev,
 	return 0;
 }
 +/**
 + * irdma_get_eth_speed_and_width - Get IB port speed and width from netdev speed
 + * @link_speed: netdev phy link speed
 + * @active_speed: IB port speed
 + * @active_width: IB port width
 + */
 +static void irdma_get_eth_speed_and_width(u32 link_speed, u16 *active_speed,
 +					  u8 *active_width)
 +{
 +	if (link_speed <= SPEED_1000) {
 +		*active_width = IB_WIDTH_1X;
 +		*active_speed = IB_SPEED_SDR;
 +	} else if (link_speed <= SPEED_10000) {
 +		*active_width = IB_WIDTH_1X;
 +		*active_speed = IB_SPEED_FDR10;
 +	} else if (link_speed <= SPEED_20000) {
 +		*active_width = IB_WIDTH_4X;
 +		*active_speed = IB_SPEED_DDR;
 +	} else if (link_speed <= SPEED_25000) {
 +		*active_width = IB_WIDTH_1X;
 +		*active_speed = IB_SPEED_EDR;
 +	} else if (link_speed <= SPEED_40000) {
 +		*active_width = IB_WIDTH_4X;
 +		*active_speed = IB_SPEED_FDR10;
 +	} else {
 +		*active_width = IB_WIDTH_4X;
 +		*active_speed = IB_SPEED_EDR;
 +	}
 +}
 +
 /**
  * irdma_query_port - get port attributes
  * @ibdev: device pointer from stack
@@ -90,9 +120,8 @@ static int irdma_query_port(struct ib_device *ibdev, u32 port,
 		props->state = IB_PORT_DOWN;
 		props->phys_state = IB_PORT_PHYS_STATE_DISABLED;
 	}
 -
 -	ib_get_eth_speed(ibdev, port, &props->active_speed,
 -			 &props->active_width);
 +	irdma_get_eth_speed_and_width(SPEED_100000, &props->active_speed,
 +				      &props->active_width);
 	if (rdma_protocol_roce(ibdev, 1)) {
 		props->gid_tbl_len = 32;
--- a/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
+++ b/patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
@ -10,12 +10,13 @@ This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 include/linux/fortify-string.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
-index 7cad8bb031e9..acc24887db3e 100644
+index 89a6888f2f9e..66e0b60dcabb 100644
 --- a/include/linux/fortify-string.h
 +++ b/include/linux/fortify-string.h
@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
@ -25,5 +26,5 @@ index 7cad8bb031e9..acc24887db3e 100644
 -	char *__p = (char *)(p);				\
 +	unsigned char *__p = (unsigned char *)(p);		\
 	size_t __ret = SIZE_MAX;				\
- 	size_t __p_size = __member_size(p);			\
+ 	const size_t __p_size = __member_size(p);		\
 	if (__p_size != SIZE_MAX &&				\
--- a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
+++ b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
@ -0,0 +1,133 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Date: Fri, 14 Jul 2023 18:10:32 +0200
 Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no
 support
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Fixes live-migrations & snapshot-rollback of VMs with a restricted
 CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox
 VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0.
 Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to
 supported bits of XCR0") the PKRU bit of the host could leak into the
 state from the guest, which caused trouble when migrating between
 hosts with different CPUs, i.e., where the source supported it but
 the target did not, causing a general protection fault when the guest
 tried to use a pkru related instruction after the migration.
 But the fix, while welcome, caused a temporary out-of-sync state when
 migrating such a VM from a kernel without the fix to a kernel with
 the fix, as it threw of KVM when the CPUID of the guest and most of
 the state doesn't report XSAVE and thus any xfeatures, but PKRU and
 the related state is set as enabled, causing the vCPU to spin at 100%
 without any progress forever.
 The fix could be at two sites, either in QEMU or in the kernel, I
 choose the kernel as we have all the info there for a targeted
 heuristic so that we don't have to adapt QEMU and qemu-server, the
 latter even on both sides.
 Still, a short summary of the possible fixes and short drawbacks:
 * on QEMU-side either
  - clear the PKRU state in the migration saved state would be rather
    complicated to implement as the vCPU is initialised way before we
    have the saved xfeature state available to check what we'd need
    to do, plus the user-space only gets a memory blob from ioctl
    KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are
    no ABI guarantees, and while the struct seem stable for 5.15 to
    6.5-rc1, that doesn't has to be for future kernels, so off the
    table.
  - enforce that the CPUID reports PKU support even if it normally
    wouldn't. While this works (tested by hard-coding it as POC) it
    is a) not really nice and b) needs some interaction from
    qemu-server to enable this flag as otherwise we have no good info
    to decide when it's OK to do this, which means we need to adapt
    both PVE 7 and 8's qemu-server and also pve-qemu, workable but
    not optimal
 * on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to
  the KVM subsystem, which already reduces chance of regression for
  all other places. There we have access to the union/struct
  definitions of the saved state and thus can savely cast to that.
  We also got access to the vCPU's CPUID capabilities, meaning we can
  check if the XCR0 (first XSAVE Control Register) reports
  that it support the PKRU feature, and if it does *NOT* but the
  saved xfeatures register from XSAVE *DOES* report it, we can safely
  assume that this combination is due to an migration from an older,
  leaky kernel – and clear the bit in the xfeature register before
  restoring it to the guest vCPU KVM state, avoiding the confusing
  situation that made the vCPU spin at 100%.
  This should be safe to do, as the guest vCPU CPUID never reported
  support for the PKRU feature, and it's also a relatively niche and
  newish feature.
 If it gains us something we can drop this patch a bit in the future
 Proxmox VE 9 major release, but we should ensure that VMs that where
 started before PVE 8 cannot be directly live-migrated to the release
 that includes that change; so we should rather only drop it if the
 maintenance burden is high.
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 arch/x86/kvm/cpuid.c |  6 ++++++
 arch/x86/kvm/cpuid.h |  2 ++
 arch/x86/kvm/x86.c   | 13 +++++++++++++
 3 files changed, 21 insertions(+)
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
 index 3a02276899db..e07a6089ba4b 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
@@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
 	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
 }
 +bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
 +	u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
 +	    vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
 +	return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
 +}
 +
 static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
 				       int nent)
 {
 diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
 index 23dbb9eb277c..07da153802e4 100644
 --- a/arch/x86/kvm/cpuid.h
 +++ b/arch/x86/kvm/cpuid.h
@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
 bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
 	       u32 *ecx, u32 *edx, bool exact_only);
 +bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu);
 +
 u32 xstate_required_size(u64 xstate_bv, bool compacted);
 int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
 index c84927216fad..880e2b87777e 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
@@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
 	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
 		return 0;
 +	if (!vcpu_supports_xsave_pkru(vcpu)) {
 +		void *buf = guest_xsave->region;
 +		union fpregs_state *ustate = buf;
 +		if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
 +			printk(
 +				KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d"
 +				" reports no PKRU support - migration from fpu-leaky kernel?",
 +				current->pid
 +			);
 +			ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU;
 +		}
 +	}
 +
 	return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu,
 					      guest_xsave->region,
 					      kvm_caps.supported_xcr0,
--- a/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
+++ b/patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
@ -0,0 +1,43 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: kiler129 <grzegorz@noflash.pl>
 Date: Mon, 18 Sep 2023 15:19:26 +0200
 Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
 adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 drivers/iommu/intel/iommu.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
 index c4c6240d14f9..5e037a9ea6a6 100644
 --- a/drivers/iommu/intel/iommu.c
 +++ b/drivers/iommu/intel/iommu.c
@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1;
 static int dmar_map_ipu = 1;
 static int intel_iommu_superpage = 1;
 static int iommu_identity_mapping;
 +static int intel_relaxable_rmrr = 0;
 static int iommu_skip_te_disable;
 #define IDENTMAP_GFX		2
@@ -296,6 +297,9 @@ static int __init intel_iommu_setup(char *str)
 		} else if (!strncmp(str, "tboot_noforce", 13)) {
 			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
 			intel_iommu_tboot_noforce = 1;
 +		} else if (!strncmp(str, "relax_rmrr", 10)) {
 +			pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
 +			intel_relaxable_rmrr = 1;
 		} else {
 			pr_notice("Unknown option - '%s'\n", str);
 		}
@@ -2470,7 +2474,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
 		return false;
 	pdev = to_pci_dev(dev);
 -	if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
 +	if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
 		return true;
 	else
 		return false;
--- a/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
+++ b/patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
@ -0,0 +1,37 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Sean Christopherson <seanjc@google.com>
 Date: Wed, 18 Oct 2023 12:41:04 -0700
 Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
 Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
 always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
 with a new, fresh ASID in vmcb02.  Some modern hypervisors, e.g. VMWare
 Workstation 17, require FLUSHBYASID support and will refuse to run if it's
 not present.
 Punt on proper support, as "Honor L1's request to flush an ASID on nested
 VMRUN" is one of the TODO items in the (incomplete) list of issues that
 need to be addressed in order for KVM to NOT do a full TLB flush on every
 nested SVM transition (see nested_svm_transition_tlb_flush()).
 Reported-by: Stefan Sterz <s.sterz@proxmox.com>
 Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
 Signed-off-by: Sean Christopherson <seanjc@google.com>
 Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 arch/x86/kvm/svm/svm.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
 index e90b429c84f1..5c7faf7c447f 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
@@ -5085,6 +5085,7 @@ static __init void svm_set_cpu_caps(void)
 	if (nested) {
 		kvm_cpu_cap_set(X86_FEATURE_SVM);
 		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
 +		kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
 		/*
 		 * KVM currently flushes TLBs on *every* nested SVM transition,
--- a/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
+++ b/patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
@ -0,0 +1,44 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Date: Mon, 6 Nov 2023 10:17:02 +0100
 Subject: [PATCH] revert "memfd: improve userspace warnings for missing
 exec-related flags".
 This warning is telling userspace developers to pass MFD_EXEC and
 MFD_NOEXEC_SEAL to memfd_create().  Commit 434ed3350f57 ("memfd: improve
 userspace warnings for missing exec-related flags") made the warning more
 frequent and visible in the hope that this would accelerate the fixing of
 errant userspace.
 But the overall effect is to generate far too much dmesg noise.
 Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags")
 Reported-by: Damian Tometzki <dtometzki@fedoraproject.org>
 Closes: https://lkml.kernel.org/r/ZPFzCSIgZ4QuHsSC@fedora.fritz.box
 Cc: Aleksa Sarai <cyphar@cyphar.com>
 Cc: Christian Brauner <brauner@kernel.org>
 Cc: Daniel Verkamp <dverkamp@chromium.org>
 Cc: Jeff Xu <jeffxu@google.com>
 Cc: Kees Cook <keescook@chromium.org>
 Cc: Shuah Khan <shuah@kernel.org>
 Cc: <stable@vger.kernel.org>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 (cherry picked from commit 2562d67b1bdf91c7395b0225d60fdeb26b4bc5a0)
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 mm/memfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/mm/memfd.c b/mm/memfd.c
 index d3a1ba4208c9..6a9de5d9105e 100644
 --- a/mm/memfd.c
 +++ b/mm/memfd.c
@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
 	}
 	if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) {
 -		pr_err_ratelimited(
 +		pr_warn_once(
 			"%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n",
 			current->comm, task_pid_nr(current), sysctl);
 		return -EACCES;
--- a/patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
+++ b/patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
@ -0,0 +1,31 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
 Date: Wed, 10 Apr 2024 13:21:59 +0200
 Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls
 When coming from sys_recvmsg, msg->msg_namelen is explicitly set to
 zero early on. (see ____sys_recvmsg in net/socket.c)
 We still end up in 'map_addr' where the assumption is that addr !=
 NULL means addrlen has a valid size.
 This is likely not a final fix, it was suggested by jjohansen on irc
 to get things going until this is resolved properly.
 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 ---
 security/apparmor/af_inet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c
 index 57b710054a76..35f905d9b960 100644
 --- a/security/apparmor/af_inet.c
 +++ b/security/apparmor/af_inet.c
@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
 	/* do we need early bailout for !family ... */
 	return sk_has_perm2(sock->sk, op, request, profile, ad,
 			    map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad),
 -			    map_addr(msg->msg_name, msg->msg_namelen, 0,
 +			    map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0,
 				     ADDR_REMOTE, &raddr, &ad),
 			    profile_remote_perm(profile, sock->sk, request,
 						&raddr, &laddr.maddr, &ad));
--- a/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
+++ b/patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
@ -0,0 +1,79 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: "Borislav Petkov (AMD)" <bp@alien8.de>
 Date: Sun, 24 Mar 2024 20:51:35 +0100
 Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
 Disable XSAVES only on machines which haven't loaded the microcode
 revision containing the erratum fix.
 This will come in handy when running archaic OSes as guests. OSes whose
 brilliant programmers thought that CPUID is overrated and one should not
 query it but use features directly, ala shoot first, ask questions
 later... but only if you're alive after the shooting.
 Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
 Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
 Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
 ---
 arch/x86/include/asm/cpu_device_id.h |  8 ++++++++
 arch/x86/kernel/cpu/amd.c            | 12 ++++++++++++
 2 files changed, 20 insertions(+)
 diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
 index eb8fcede9e3b..bf4e065cf1e2 100644
 --- a/arch/x86/include/asm/cpu_device_id.h
 +++ b/arch/x86/include/asm/cpu_device_id.h
@@ -190,6 +190,14 @@ struct x86_cpu_desc {
 	.x86_microcode_rev	= (revision),			\
 }
 +#define AMD_CPU_DESC(fam, model, stepping, revision) {		\
 +	.x86_family		= (fam),			\
 +	.x86_vendor		= X86_VENDOR_AMD,		\
 +	.x86_model		= (model),			\
 +	.x86_stepping		= (stepping),			\
 +	.x86_microcode_rev	= (revision),			\
 +}
 +
 extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
 extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
 index dfa8d0cf5e18..22a263b1a884 100644
 --- a/arch/x86/kernel/cpu/amd.c
 +++ b/arch/x86/kernel/cpu/amd.c
@@ -13,6 +13,7 @@
 #include <asm/apic.h>
 #include <asm/cacheinfo.h>
 #include <asm/cpu.h>
 +#include <asm/cpu_device_id.h>
 #include <asm/spec-ctrl.h>
 #include <asm/smp.h>
 #include <asm/numa.h>
@@ -926,6 +927,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
 	clear_rdrand_cpuid_bit(c);
 }
 +static const struct x86_cpu_desc erratum_1386_microcode[] = {
 +	AMD_CPU_DESC(0x17,  0x1, 0x2, 0x0800126e),
 +	AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
 +};
 +
 static void fix_erratum_1386(struct cpuinfo_x86 *c)
 {
 	/*
@@ -935,7 +941,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
 	 *
 	 * Affected parts all have no supervisor XSAVE states, meaning that
 	 * the XSAVEC instruction (which works fine) is equivalent.
 +	 *
 +	 * Clear the feature flag only on microcode revisions which
 +	 * don't have the fix.
 	 */
 +	if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
 +		return;
 +
 	clear_cpu_cap(c, X86_FEATURE_XSAVES);
 }
--- a/patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch
+++ b/patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch
@ -0,0 +1,64 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Chengming Zhou <chengming.zhou@linux.dev>
 Date: Sat, 8 Jun 2024 22:31:15 +0800
 Subject: [PATCH] block: fix request.queuelist usage in flush
 Friedrich Weber reported a kernel crash problem and bisected to commit
 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine").
 The root cause is that we use "list_move_tail(&rq->queuelist, pending)"
 in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since
 it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().
 We don't initialize its queuelist just for this first request, although
 the queuelist of all later popped requests will be initialized.
 Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so
 rq->queuelist doesn't need to be initialized. It should be ok since rq
 can't be on any list when PREFLUSH or POSTFLUSH, has no move actually.
 Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in
 flush state machine") also has another requirement that no drivers would
 touch rq->queuelist after blk_mq_end_request() since we will reuse it to
 add rq to the post-flush pending list in POSTFLUSH. If this is not true,
 we will have to revert that commit IMHO.
 This updated version adds "list_del_init(&rq->queuelist)" in flush rq
 callback since the dm layer may submit request of a weird invalid format
 (REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add
 if without this "list_del_init(&rq->queuelist)". The weird invalid format
 problem should be fixed in dm layer.
 Reported-by: Friedrich Weber <f.weber@proxmox.com>
 Closes: https://lore.kernel.org/lkml/14b89dfb-505c-49f7-aebb-01c54451db40@proxmox.com/
 Closes: https://lore.kernel.org/lkml/c9d03ff7-27c5-4ebd-b3f6-5a90d96f35ba@proxmox.com/
 Fixes: 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine")
 Cc: Christoph Hellwig <hch@lst.de>
 Cc: ming.lei@redhat.com
 Cc: bvanassche@acm.org
 Tested-by: Friedrich Weber <f.weber@proxmox.com>
 Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
 ---
 block/blk-flush.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/block/blk-flush.c b/block/blk-flush.c
 index 3f4d41952ef2..d72b57898b23 100644
 --- a/block/blk-flush.c
 +++ b/block/blk-flush.c
@@ -183,7 +183,7 @@ static void blk_flush_complete_seq(struct request *rq,
 		/* queue for flush */
 		if (list_empty(pending))
 			fq->flush_pending_since = jiffies;
 -		list_move_tail(&rq->queuelist, pending);
 +		list_add_tail(&rq->queuelist, pending);
 		break;
 	case REQ_FSEQ_DATA:
@@ -261,6 +261,7 @@ static enum rq_end_io_ret flush_end_io(struct request *flush_rq,
 		unsigned int seq = blk_flush_cur_seq(rq);
 		BUG_ON(seq != REQ_FSEQ_PREFLUSH && seq != REQ_FSEQ_POSTFLUSH);
 +		list_del_init(&rq->queuelist);
 		blk_flush_complete_seq(rq, fq, seq, error);
 	}
--- a/patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch
+++ b/patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch
@ -0,0 +1,49 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: "Martin K. Petersen" <martin.petersen@oracle.com>
 Date: Mon, 20 May 2024 22:30:40 -0400
 Subject: [PATCH] scsi: core: Handle devices which return an unusually large
 VPD page count
 Peter Schneider reported that a system would no longer boot after
 updating to 6.8.4.  Peter bisected the issue and identified commit
 b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to
 fetching page") as being the culprit.
 Turns out the enclosure device in Peter's system reports a byteswapped
 page length for VPD page 0. It reports "02 00" as page length instead
 of "00 02". This causes us to attempt to access 516 bytes (page length
 + header) of information despite only 2 pages being present.
 Limit the page search scope to the size of our VPD buffer to guard
 against devices returning a larger page count than requested.
 Link: https://lore.kernel.org/r/20240521023040.2703884-1-martin.petersen@oracle.com
 Fixes: b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to fetching page")
 Cc: stable@vger.kernel.org
 Reported-by: Peter Schneider <pschneider1968@googlemail.com>
 Closes: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@googlemail.com/
 Tested-by: Peter Schneider <pschneider1968@googlemail.com>
 Reviewed-by: Bart Van Assche <bvanassche@acm.org>
 Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
 ---
 drivers/scsi/scsi.c | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
 index 8cad9792a562..b3ff3a633a1e 100644
 --- a/drivers/scsi/scsi.c
 +++ b/drivers/scsi/scsi.c
@@ -350,6 +350,13 @@ static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page)
 		if (result < SCSI_VPD_HEADER_SIZE)
 			return 0;
 +		if (result > sizeof(vpd)) {
 +			dev_warn_once(&sdev->sdev_gendev,
 +				      "%s: long VPD page 0 length: %d bytes\n",
 +				      __func__, result);
 +			result = sizeof(vpd);
 +		}
 +
 		result -= SCSI_VPD_HEADER_SIZE;
 		if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result))
 			return 0;
--- a/patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch
+++ b/patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch
@ -0,0 +1,73 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Vitaly Lifshits <vitaly.lifshits@intel.com>
 Date: Mon, 29 Apr 2024 10:10:40 -0700
 Subject: [PATCH] e1000e: change usleep_range to udelay in PHY mdic access
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
 for sporadic MDI error on Meteor Lake systems"). The referenced commit
 used usleep_range inside the PHY access routines, which are sometimes
 called from an atomic context. This can lead to a kernel panic in some
 scenarios, such as cable disconnection and reconnection on vPro systems.
 Solve this by changing the usleep_range calls back to udelay.
 Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems")
 Cc: stable@vger.kernel.org
 Reported-by: Jérôme Carretero <cJ@zougloub.eu>
 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740
 Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel@zougloub.eu/
 Co-developed-by: Sasha Neftin <sasha.neftin@intel.com>
 Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
 Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
 Tested-by: Dima Ruinskiy <dima.ruinskiy@intel.com>
 Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
 Reviewed-by: Simon Horman <horms@kernel.org>
 Link: https://lore.kernel.org/r/20240429171040.1152516-1-anthony.l.nguyen@intel.com
 Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 ---
 drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c
 index 93544f1cc2a5..f7ae0e0aa4a4 100644
 --- a/drivers/net/ethernet/intel/e1000e/phy.c
 +++ b/drivers/net/ethernet/intel/e1000e/phy.c
@@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
 		 * the lower time out
 		 */
 		for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
 -			usleep_range(50, 60);
 +			udelay(50);
 			mdic = er32(MDIC);
 			if (mdic & E1000_MDIC_READY)
 				break;
@@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
 		 * reading duplicate data in the next MDIC transaction.
 		 */
 		if (hw->mac.type == e1000_pch2lan)
 -			usleep_range(100, 150);
 +			udelay(100);
 		if (success) {
 			*data = (u16)mdic;
@@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
 		 * the lower time out
 		 */
 		for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
 -			usleep_range(50, 60);
 +			udelay(50);
 			mdic = er32(MDIC);
 			if (mdic & E1000_MDIC_READY)
 				break;
@@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
 		 * reading duplicate data in the next MDIC transaction.
 		 */
 		if (hw->mac.type == e1000_pch2lan)
 -			usleep_range(100, 150);
 +			udelay(100);
 		if (success)
 			return 0;
--- a/patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch
+++ b/patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch
@ -0,0 +1,48 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Li Zhang <zhanglikernel@gmail.com>
 Date: Tue, 18 Jun 2024 07:28:00 +0200
 Subject: [PATCH] virtio-pci: Check if is_avq is NULL
 BugLink: https://bugs.launchpad.net/bugs/2067862
 [bug]
 In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved
 to determine whether it is admin virtqueue, but this function vp_dev->is_avq
 may be empty. For installations, virtio_pci_legacy does not assign a value
 to vp_dev->is_avq.
 [fix]
 Check whether it is vp_dev->is_avq before use.
 [test]
 Test with virsh Attach device
 Before this patch, the following command would crash the guest system
 After applying the patch, everything seems to be working fine.
 Signed-off-by: Li Zhang <zhanglikernel@gmail.com>
 Message-Id: <1710566754-3532-1-git-send-email-zhanglikernel@gmail.com>
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 (cherry picked from commit c8fae27d141a32a1624d0d0d5419d94252824498)
 Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
 Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
 Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
 Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
 ---
 drivers/virtio/virtio_pci_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
 index b655fccaf773..3c18fc14cd66 100644
 --- a/drivers/virtio/virtio_pci_common.c
 +++ b/drivers/virtio/virtio_pci_common.c
@@ -236,7 +236,7 @@ void vp_del_vqs(struct virtio_device *vdev)
 	int i;
 	list_for_each_entry_safe(vq, n, &vdev->vqs, list) {
 -		if (vp_dev->is_avq(vdev, vq->index))
 +		if (vp_dev->is_avq && vp_dev->is_avq(vdev, vq->index))
 			continue;
 		if (vp_dev->per_vq_vectors) {
--- a/patches/kernel/9998-rdtsc-spoof-hook-0.patch
+++ b/patches/kernel/9998-rdtsc-spoof-hook-0.patch
@ -0,0 +1,14 @@
 diff -Naur --no-dereference a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
 --- a/arch/x86/kvm/vmx/vmx.c     2024-07-01 21:03:34.000000000 +0300
 +++ b/arch/x86/kvm/vmx/vmx.c     2024-07-01 20:24:05.000000000 +0300
@@ -6137,6 +6137,10 @@
 	[EXIT_REASON_ENCLS]		      = handle_encls,
 	[EXIT_REASON_BUS_LOCK]                = handle_bus_lock_vmexit,
 	[EXIT_REASON_NOTIFY]		      = handle_notify,
 +	[EXIT_REASON_RDTSC]                        = handle_rdtsc,
 +	[EXIT_REASON_RDTSCP]               = handle_rdtscp,
 +	[EXIT_REASON_UMWAIT]                  = handle_umwait,
 +	[EXIT_REASON_TPAUSE]                  = handle_tpause,
 };
 static const int kvm_vmx_max_exit_handlers =
--- a/patches/kernel/9999-rdtsc-spoof-hook-1.patch
+++ b/patches/kernel/9999-rdtsc-spoof-hook-1.patch
@ -0,0 +1,40 @@
 diff -Naur --no-dereference a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
 --- a/arch/x86/kvm/vmx/vmx.c     2024-07-01 21:03:34.000000000 +0300
 +++ b/arch/x86/kvm/vmx/vmx.c     2024-07-01 20:24:05.000000000 +0300
@@ -6079,6 +6079,36 @@
 	return 1;
 }
 +static int handle_rdtsc(struct kvm_vcpu *vcpu)
 +{
 +	u64 _rdtsc = rdtsc();
 +	printk_once("[HookEntry] hook entry function handle_rdtsc is working, return the rdtsc() if no hook , you can hook here!\n");
 +	vcpu->arch.regs[VCPU_REGS_RAX] = _rdtsc & -1u;
 +	vcpu->arch.regs[VCPU_REGS_RDX] = (_rdtsc >> 32) & -1u;
 +	return kvm_skip_emulated_instruction(vcpu);
 +}
 +
 +static int handle_rdtscp(struct kvm_vcpu *vcpu)
 +{
 +	u64 _rdtsc = rdtsc();
 +	printk_once("[HookEntry] hook entry function handle_rdtscp is working, return the rdtsc() if no hook , you can hook here!\n");
 +	vcpu->arch.regs[VCPU_REGS_RAX] = _rdtsc & -1u;
 +	vcpu->arch.regs[VCPU_REGS_RDX] = (_rdtsc >> 32) & -1u;
 +	return kvm_skip_emulated_instruction(vcpu);
 +}
 +
 +static int handle_umwait(struct kvm_vcpu *vcpu)
 +{
 +	kvm_skip_emulated_instruction(vcpu);
 +	return 1;
 +}
 +
 +static int handle_tpause(struct kvm_vcpu *vcpu)
 +{
 +	kvm_skip_emulated_instruction(vcpu);
 +	return 1;
 +}
 +
 /*
  * The exit handlers return 1 if the exit was handled fully and guest execution
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
--- a/submodules/ubuntu-kernel
+++ b/submodules/ubuntu-kernel
@ -1 +1 @@
-Subproject commit e3be6fa29eb28c17aa143a81ecf5ae00b7b3e610
+Subproject commit 52a389ffcb4a5a544790d46c53f79c845364692e
--- a/submodules/zfsonlinux
+++ b/submodules/zfsonlinux
@ -1 +1 @@
-Subproject commit 5ea8a38968ee2cc9e50b3a66819b5520f46eb660
+Subproject commit f5c9e3a9a85e73ef96f02375a745b10115a319b3
		`@ -0,0 +1,2 @@`
							`debian-control-has-dbgsym-package (in section for proxmox-kernel--pve-dbgsym) Package [debian/control:]`
							license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]
		`@ -1 +1 @@`
			`Subproject commit e3be6fa29eb28c17aa143a81ecf5ae00b7b3e610`				`Subproject commit 52a389ffcb4a5a544790d46c53f79c845364692e`
		`@ -1 +1 @@`
			`Subproject commit 5ea8a38968ee2cc9e50b3a66819b5520f46eb660`				`Subproject commit f5c9e3a9a85e73ef96f02375a745b10115a319b3`