update submodule to Ubuntu-6.5.0-9.9

from ubuntu mantic sources

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index fa73bbcb0c8d..4964bb2e931e 100644
+index 9f2bcb8b7f96..a60a4220be95 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4209,6 +4209,15 @@
+@@ -4281,6 +4281,15 @@
  				Also, it enforces the PCI Local Bus spec
  				rule that those bits should be 0 in system reset
  				events (useful for kexec/kdump cases).
@@ -75,10 +75,10 @@ index fa73bbcb0c8d..4964bb2e931e 100644
  				Safety option to keep boot IRQs enabled. This
  				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 592e1c4ae697..aebf6f412203 100644
+index 92302d5749d8..71387b9aca33 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -194,6 +194,106 @@ static int __init pci_apply_final_quirks(void)
+@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
  }
  fs_initcall_sync(pci_apply_final_quirks);
  
@@ -185,7 +185,7 @@ index 592e1c4ae697..aebf6f412203 100644
  /*
   * Decoding should be disabled for a PCI device during BAR sizing to avoid
   * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4974,6 +5074,8 @@ static const struct pci_dev_acs_enabled {
+@@ -5069,6 +5169,8 @@ static const struct pci_dev_acs_enabled {
  	{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
  	/* APM X-Gene */
  	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },

patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 73fad57408f7..99ae3e468ce6 100644
+index 5bbb5612b207..691ce10e7647 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
-@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
+@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
  EXPORT_SYMBOL_GPL(halt_poll_ns);
  
  /* Default doubles per-vcpu halt_poll_ns. */

patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch

@@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 555bbe774734..de2e0d0185fc 100644
+index 69a3e544676c..56a45b9b602e 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10262,7 +10262,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -10269,7 +10269,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
  		if (time_after(jiffies, warning_time +
  			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
  			list_for_each_entry(dev, list, todo_list) {

patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch

@@ -10,12 +10,13 @@ This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
 
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
  include/linux/fortify-string.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
-index 7cad8bb031e9..acc24887db3e 100644
+index da51a83b2829..9d9e7822eddf 100644
 --- a/include/linux/fortify-string.h
 +++ b/include/linux/fortify-string.h
 @@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
@@ -25,5 +26,5 @@ index 7cad8bb031e9..acc24887db3e 100644
 -	char *__p = (char *)(p);				\
 +	unsigned char *__p = (unsigned char *)(p);		\
  	size_t __ret = SIZE_MAX;				\
- 	size_t __p_size = __member_size(p);			\
+ 	const size_t __p_size = __member_size(p);		\
  	if (__p_size != SIZE_MAX &&				\

patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch

@@ -78,10 +78,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  3 files changed, 21 insertions(+)
 
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 7ccdf991d18e..61aefeb3fdbc 100644
+index d3432687c9e6..2c20da9aa2ac 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
-@@ -251,6 +251,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
+@@ -249,6 +249,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
  	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
  }
  
@@ -108,10 +108,10 @@ index b1658c0de847..12a02851ff57 100644
  
  int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index ee603f4edce1..ff92ff41d5ce 100644
+index c381770bcbf1..6690a3722007 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -5342,6 +5342,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+@@ -5413,6 +5413,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
  	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
  		return 0;
  

patches/kernel/0009-KVM-x86-mmu-Fix-an-sign-extension-bug-with-mmu_seq-t.patch

@@ -1,75 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sean Christopherson <seanjc@google.com>
-Date: Wed, 23 Aug 2023 18:01:04 -0700
-Subject: [PATCH] KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that
- hangs vCPUs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream commit ba6e3fe25543 ("KVM: x86/mmu: Grab mmu_invalidate_seq in
-kvm_faultin_pfn()") unknowingly fixed the bug in v6.3 when refactoring
-how KVM tracks the sequence counter snapshot.
-
-Take the vCPU's mmu_seq snapshot as an "unsigned long" instead of an "int"
-when checking to see if a page fault is stale, as the sequence count is
-stored as an "unsigned long" everywhere else in KVM.  This fixes a bug
-where KVM will effectively hang vCPUs due to always thinking page faults
-are stale, which results in KVM refusing to "fix" faults.
-
-mmu_invalidate_seq (née mmu_notifier_seq) is a sequence counter used when
-KVM is handling page faults to detect if userspace mappings relevant to
-the guest were invalidated between snapshotting the counter and acquiring
-mmu_lock, i.e. to ensure that the userspace mapping KVM is using to
-resolve the page fault is fresh.  If KVM sees that the counter has
-changed, KVM simply resumes the guest without fixing the fault.
-
-What _should_ happen is that the source of the mmu_notifier invalidations
-eventually goes away, mmu_invalidate_seq becomes stable, and KVM can once
-again fix guest page fault(s).
-
-But for a long-lived VM and/or a VM that the host just doesn't particularly
-like, it's possible for a VM to be on the receiving end of 2 billion (with
-a B) mmu_notifier invalidations.  When that happens, bit 31 will be set in
-mmu_invalidate_seq.  This causes the value to be turned into a 32-bit
-negative value when implicitly cast to an "int" by is_page_fault_stale(),
-and then sign-extended into a 64-bit unsigned when the signed "int" is
-implicitly cast back to an "unsigned long" on the call to
-mmu_invalidate_retry_hva().
-
-As a result of the casting and sign-extension, given a sequence counter of
-e.g. 0x8002dc25, mmu_invalidate_retry_hva() ends up doing
-
-	if (0x8002dc25 != 0xffffffff8002dc25)
-
-and signals that the page fault is stale and needs to be retried even
-though the sequence counter is stable, and KVM effectively hangs any vCPU
-that takes a page fault (EPT violation or #NPF when TDP is enabled).
-
-Reported-by: Brian Rak <brak@vultr.com>
-Reported-by: Amaan Cheval <amaan.cheval@gmail.com>
-Reported-by: Eric Wheeler <kvm@lists.ewheeler.net>
-Closes: https://lore.kernel.org/all/f023d927-52aa-7e08-2ee5-59a2fbc65953@gameservers.com
-Fixes: a955cad84cda ("KVM: x86/mmu: Retry page fault if root is invalidated by memslot update")
-Signed-off-by: Sean Christopherson <seanjc@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-(cherry-picked from commit 82d811ff566594de3676f35808e8a9e19c5c864c in stable v6.1.51)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- arch/x86/kvm/mmu/mmu.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
-index 3220c1285984..c42ba5cde7a4 100644
---- a/arch/x86/kvm/mmu/mmu.c
-+++ b/arch/x86/kvm/mmu/mmu.c
-@@ -4261,7 +4261,8 @@ static int kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault)
-  * root was invalidated by a memslot update or a relevant mmu_notifier fired.
-  */
- static bool is_page_fault_stale(struct kvm_vcpu *vcpu,
--				struct kvm_page_fault *fault, int mmu_seq)
-+				struct kvm_page_fault *fault,
-+				unsigned long mmu_seq)
- {
- 	struct kvm_mmu_page *sp = to_shadow_page(vcpu->arch.mmu->root.hpa);
- 

patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch

@@ -4,15 +4,17 @@ Date: Mon, 18 Sep 2023 15:19:26 +0200
 Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
 
 adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
  drivers/iommu/intel/iommu.c | 6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
-index 1c5ba4dbfe78..887667218e3b 100644
+index a377f8e0a414..3be334d34317 100644
 --- a/drivers/iommu/intel/iommu.c
 +++ b/drivers/iommu/intel/iommu.c
-@@ -297,6 +297,7 @@ static int dmar_map_gfx = 1;
+@@ -298,6 +298,7 @@ static int dmar_map_gfx = 1;
  static int dmar_map_ipu = 1;
  static int intel_iommu_superpage = 1;
  static int iommu_identity_mapping;
@@ -20,7 +22,7 @@ index 1c5ba4dbfe78..887667218e3b 100644
  static int iommu_skip_te_disable;
  
  #define IDENTMAP_GFX		2
-@@ -358,6 +359,9 @@ static int __init intel_iommu_setup(char *str)
+@@ -359,6 +360,9 @@ static int __init intel_iommu_setup(char *str)
  		} else if (!strncmp(str, "tboot_noforce", 13)) {
  			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
  			intel_iommu_tboot_noforce = 1;
@@ -30,7 +32,7 @@ index 1c5ba4dbfe78..887667218e3b 100644
  		} else {
  			pr_notice("Unknown option - '%s'\n", str);
  		}
-@@ -2538,7 +2542,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
+@@ -2503,7 +2507,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
  		return false;
  
  	pdev = to_pci_dev(dev);

patches/kernel/0010-net-thunderbolt-Fix-TCPv6-GSO-checksum-calculation.patch

@@ -19,14 +19,14 @@ Reviewed-by: Jiri Pirko <jiri@nvidia.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- drivers/net/thunderbolt.c | 3 +--
+ drivers/net/thunderbolt/main.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
 
-diff --git a/drivers/net/thunderbolt.c b/drivers/net/thunderbolt.c
-index 990484776f2d..0c554a7a5ce4 100644
---- a/drivers/net/thunderbolt.c
-+++ b/drivers/net/thunderbolt.c
-@@ -1005,12 +1005,11 @@ static bool tbnet_xmit_csum_and_map(struct tbnet *net, struct sk_buff *skb,
+diff --git a/drivers/net/thunderbolt/main.c b/drivers/net/thunderbolt/main.c
+index 0c1e8970ee58..0a53ec293d04 100644
+--- a/drivers/net/thunderbolt/main.c
++++ b/drivers/net/thunderbolt/main.c
+@@ -1049,12 +1049,11 @@ static bool tbnet_xmit_csum_and_map(struct tbnet *net, struct sk_buff *skb,
  		*tucso = ~csum_tcpudp_magic(ip_hdr(skb)->saddr,
  					    ip_hdr(skb)->daddr, 0,
  					    ip_hdr(skb)->protocol, 0);

patches/kernel/0011-thunderbolt-Restart-XDomain-discovery-handshake-afte.patch

@@ -22,10 +22,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 41 insertions(+), 17 deletions(-)
 
 diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
-index 3c51e47dd86b..0b17a4d4e9b9 100644
+index 5b5566862318..9803f0bbf20d 100644
 --- a/drivers/thunderbolt/xdomain.c
 +++ b/drivers/thunderbolt/xdomain.c
-@@ -704,6 +704,27 @@ static void update_property_block(struct tb_xdomain *xd)
+@@ -703,6 +703,27 @@ static void update_property_block(struct tb_xdomain *xd)
  	mutex_unlock(&xdomain_lock);
  }
  
@@ -53,7 +53,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  static void tb_xdp_handle_request(struct work_struct *work)
  {
  	struct xdomain_request_work *xw = container_of(work, typeof(*xw), work);
-@@ -766,6 +787,15 @@ static void tb_xdp_handle_request(struct work_struct *work)
+@@ -765,6 +786,15 @@ static void tb_xdp_handle_request(struct work_struct *work)
  	case UUID_REQUEST:
  		tb_dbg(tb, "%llx: received XDomain UUID request\n", route);
  		ret = tb_xdp_uuid_response(ctl, route, sequence, uuid);
@@ -69,7 +69,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  		break;
  
  	case LINK_STATE_STATUS_REQUEST:
-@@ -1522,6 +1552,13 @@ static void tb_xdomain_queue_properties_changed(struct tb_xdomain *xd)
+@@ -1521,6 +1551,13 @@ static void tb_xdomain_queue_properties_changed(struct tb_xdomain *xd)
  			   msecs_to_jiffies(XDOMAIN_SHORT_TIMEOUT));
  }
  
@@ -83,7 +83,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  static void tb_xdomain_state_work(struct work_struct *work)
  {
  	struct tb_xdomain *xd = container_of(work, typeof(*xd), state_work.work);
-@@ -1548,7 +1585,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
+@@ -1547,7 +1584,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
  		if (ret) {
  			if (ret == -EAGAIN)
  				goto retry_state;
@@ -92,7 +92,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  		} else {
  			tb_xdomain_queue_properties_changed(xd);
  			if (xd->bonding_possible)
-@@ -1613,7 +1650,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
+@@ -1612,7 +1649,7 @@ static void tb_xdomain_state_work(struct work_struct *work)
  		if (ret) {
  			if (ret == -EAGAIN)
  				goto retry_state;
@@ -101,7 +101,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  		} else {
  			xd->state = XDOMAIN_STATE_ENUMERATED;
  		}
-@@ -1624,6 +1661,8 @@ static void tb_xdomain_state_work(struct work_struct *work)
+@@ -1623,6 +1660,8 @@ static void tb_xdomain_state_work(struct work_struct *work)
  		break;
  
  	case XDOMAIN_STATE_ERROR:
@@ -110,7 +110,7 @@ index 3c51e47dd86b..0b17a4d4e9b9 100644
  		break;
  
  	default:
-@@ -1793,21 +1832,6 @@ static void tb_xdomain_release(struct device *dev)
+@@ -1833,21 +1872,6 @@ static void tb_xdomain_release(struct device *dev)
  	kfree(xd);
  }
  

patches/kernel/0012-x86-cpu-Fix-AMD-erratum-1485-on-Zen4-based-CPUs.patch

@@ -21,10 +21,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 15 insertions(+), 2 deletions(-)
 
 diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index ebbf80d8b8bd..a79b10e57757 100644
+index 1d111350197f..b37abb55e948 100644
 --- a/arch/x86/include/asm/msr-index.h
 +++ b/arch/x86/include/asm/msr-index.h
-@@ -630,12 +630,17 @@
+@@ -637,12 +637,17 @@
  /* AMD Last Branch Record MSRs */
  #define MSR_AMD64_LBR_SELECT			0xc000010e
  
@@ -45,10 +45,10 @@ index ebbf80d8b8bd..a79b10e57757 100644
  #define MSR_F16H_L2I_PERF_CTL		0xc0010230
  #define MSR_F16H_L2I_PERF_CTR		0xc0010231
 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 6daf6a8fa0c7..044e3869620c 100644
+index 7eca6a8abbb1..981bc23665a3 100644
 --- a/arch/x86/kernel/cpu/amd.c
 +++ b/arch/x86/kernel/cpu/amd.c
-@@ -79,6 +79,10 @@ static const int amd_div0[] =
+@@ -80,6 +80,10 @@ static const int amd_div0[] =
  	AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x00, 0x0, 0x2f, 0xf),
  			   AMD_MODEL_RANGE(0x17, 0x50, 0x0, 0x5f, 0xf));
  
@@ -59,7 +59,7 @@ index 6daf6a8fa0c7..044e3869620c 100644
  static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
  {
  	int osvw_id = *erratum++;
-@@ -1124,6 +1128,10 @@ static void init_amd(struct cpuinfo_x86 *c)
+@@ -1140,6 +1144,10 @@ static void init_amd(struct cpuinfo_x86 *c)
  		pr_notice_once("AMD Zen1 DIV0 bug detected. Disable SMT for full protection.\n");
  		setup_force_cpu_bug(X86_BUG_DIV0);
  	}

patches/kernel/0013-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch

@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Wed, 18 Oct 2023 12:41:03 -0700
+Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
+ nested VMCB"
+
+Revert KVM's made-up consistency check on SVM's TLB control.  The APM says
+that unsupported encodings are reserved, but the APM doesn't state that
+VMRUN checks for a supported encoding.  Unless something is called out
+in "Canonicalization and Consistency Checks" or listed as MBZ (Must Be
+Zero), AMD behavior is typically to let software shoot itself in the foot.
+
+This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
+
+Fixes: 174a921b6975 ("nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB")
+Reported-by: Stefan Sterz <s.sterz@proxmox.com>
+Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/svm/nested.c | 15 ---------------
+ 1 file changed, 15 deletions(-)
+
+diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
+index 96936ddf1b3c..92db000409a9 100644
+--- a/arch/x86/kvm/svm/nested.c
++++ b/arch/x86/kvm/svm/nested.c
+@@ -247,18 +247,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
+ 	    kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
+ }
+ 
+-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
+-{
+-	/* Nested FLUSHBYASID is not supported yet.  */
+-	switch(tlb_ctl) {
+-		case TLB_CONTROL_DO_NOTHING:
+-		case TLB_CONTROL_FLUSH_ALL_ASID:
+-			return true;
+-		default:
+-			return false;
+-	}
+-}
+-
+ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					 struct vmcb_ctrl_area_cached *control)
+ {
+@@ -278,9 +266,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					   IOPM_SIZE)))
+ 		return false;
+ 
+-	if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
+-		return false;
+-
+ 	if (CC((control->int_ctl & V_NMI_ENABLE_MASK) &&
+ 	       !vmcb12_is_intercept(control, INTERCEPT_NMI))) {
+ 		return false;

patches/kernel/0014-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch

@@ -18,15 +18,16 @@ Reported-by: Stefan Sterz <s.sterz@proxmox.com>
 Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
 Signed-off-by: Sean Christopherson <seanjc@google.com>
 Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
  arch/x86/kvm/svm/svm.c | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index fb9cde86930d..db8028864094 100644
+index 2ec76ab525ea..ef3215286428 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -4921,6 +4921,7 @@ static __init void svm_set_cpu_caps(void)
+@@ -4969,6 +4969,7 @@ static __init void svm_set_cpu_caps(void)
  	if (nested) {
  		kvm_cpu_cap_set(X86_FEATURE_SVM);
  		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);

patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch

@@ -1,46 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Sterz <s.sterz@proxmox.com>
-Date: Wed, 18 Oct 2023 10:45:45 +0200
-Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
- nested VMCB"
-
-This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
-
-Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
----
- arch/x86/kvm/svm/nested.c | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
-index add65dd59756..61a6c0235519 100644
---- a/arch/x86/kvm/svm/nested.c
-+++ b/arch/x86/kvm/svm/nested.c
-@@ -242,18 +242,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
- 	    kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
- }
- 
--static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
--{
--	/* Nested FLUSHBYASID is not supported yet.  */
--	switch(tlb_ctl) {
--		case TLB_CONTROL_DO_NOTHING:
--		case TLB_CONTROL_FLUSH_ALL_ASID:
--			return true;
--		default:
--			return false;
--	}
--}
--
- static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
- 					 struct vmcb_ctrl_area_cached *control)
- {
-@@ -273,9 +261,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
- 					   IOPM_SIZE)))
- 		return false;
- 
--	if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
--		return false;
--
- 	return true;
- }
- 

patches/kernel/0015-x86-fpu-Allow-caller-to-constrain-xfeatures-when-cop.patch

@@ -48,7 +48,7 @@ index b475d9a582b8..e829fa4c6788 100644
  
  static inline void fpstate_set_confidential(struct fpu_guest *gfpu)
 diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
-index caf33486dc5e..cddd5018e6a4 100644
+index 98e507cc7d34..b582325b9c37 100644
 --- a/arch/x86/kernel/fpu/core.c
 +++ b/arch/x86/kernel/fpu/core.c
 @@ -369,14 +369,15 @@ int fpu_swap_kvm_fpstate(struct fpu_guest *guest_fpu, bool enter_guest)
@@ -123,10 +123,10 @@ index a4ecb04d8d64..3518fb26d06b 100644
  				    enum xstate_copy_mode mode);
  extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index ff92ff41d5ce..a43a950d04cb 100644
+index 6690a3722007..394d3a8b4682 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -5314,26 +5314,23 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+@@ -5385,26 +5385,23 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
  	return 0;
  }
  

patches/kernel/0016-KVM-x86-Constrain-guest-supported-xfeatures-only-at-.patch

@@ -66,10 +66,10 @@ index 463ec0cd0dab..ebe698f8af73 100644
  
  	/* Do the final updates within the locked region */
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 61aefeb3fdbc..e5393ee652ba 100644
+index 2c20da9aa2ac..e2b67975869c 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
-@@ -350,14 +350,6 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
+@@ -332,14 +332,6 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
  	vcpu->arch.guest_supported_xcr0 =
  		cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
  
@@ -85,10 +85,10 @@ index 61aefeb3fdbc..e5393ee652ba 100644
  
  	vcpu->arch.maxphyaddr = cpuid_query_maxphyaddr(vcpu);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index a43a950d04cb..a4a44adf7c72 100644
+index 394d3a8b4682..e0cea0f8380a 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -5318,12 +5318,26 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+@@ -5389,12 +5389,26 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
  static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu,
  					  u8 *state, unsigned int size)
  {

submodules/ubuntu-kernel

@@ -1 +1 @@
-Subproject commit 0b6a250fd5bb058a9965d904b3e6f83b87a0c3b7
+Subproject commit 0f112085de77ffd667df863f7240164da1b8d26f