Update to Linux 6.5.11

autobuild.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 sudo apt install devscripts  rsync -y
-yes | sudo mk-build-deps --install --remove
-git submodule update --init --depth=1
+#git submodule update --init --depth=1
 rm build -rf
 mkdir build && rsync -ra * build/
 cd build
+debian/rules debian/control
+yes | sudo mk-build-deps --install --remove
 dpkg-buildpackage -b -us -uc

debian/changelog

@@ -1,3 +1,9 @@
+pve-kernel (6.5.11) generic; urgency=medium
+
+  * Update to Linux 6.5.11
+
+ -- jiangcuo <jiangcuo@bingsin.com>  Sun, 19 Nov 2023 21:35:31 +0800
+
 pve-kernel (6.1.62) generic; urgency=medium
 
   * Update to Linux 6.1.62

debian/control

@@ -1,98 +0,0 @@
-Source: pve-kernel
-Section: devel
-Priority: optional
-Maintainer: Fabian Mastenbroek <mail.fabianm@gmail.com>
-Build-Depends: asciidoc,
-               automake,
-               bc,
-               bison,
-               cpio,
-               debhelper (>= 10~),
-               dwarves (>= 1.16),
-               flex,
-               gcc (>= 8.3.0-6),
-               git,
-               kmod,
-               libdw-dev,
-               libelf-dev,
-               libiberty-dev,
-               libnuma-dev,
-               libslang2-dev,
-               libssl-dev,
-               lz4,
-               python3-minimal,
-               python3-dev,
-               quilt,
-               rsync,
-               xmlto,
-               zlib1g-dev,
-               zstd
-Build-Conflicts: pve-headers-6.1.62-generic,
-Vcs-Git: git://github.com/fabianishere/pve-generic-kernel.git
-Vcs-Browser: https://github.com/fabianishere/pve-generic-kernel
-
-Package: linux-tools-6.1
-Architecture: any
-Section: devel
-Priority: optional
-Depends: linux-base,
-         ${misc:Depends},
-         ${shlibs:Depends},
-Description: Linux kernel version specific tools for version 6.1
- This package provides the architecture dependent parts for kernel
- version locked tools (such as perf and x86_energy_perf_policy)
-
-Package: pve-headers-6.1-generic
-Architecture: all
-Section: admin
-Priority: optional
-Depends: pve-headers-6.1.62-generic,
-Description: Latest Proxmox Edge Kernel Headers
- This is a metapackage which will install the kernel headers
- for the latest available Proxmox Edge kernel from the 6.1
- series.
-
-Package: pve-kernel-6.1-generic
-Architecture: all
-Section: admin
-Priority: optional
-Depends: pve-firmware,
-         pve-kernel-6.1.62-generic,
-Description: Latest Proxmox Edge Kernel Image
- This is a metapackage which will install the latest available
- Proxmox Edge kernel from the 6.1 series.
-
-Package: pve-headers-6.1.62-generic
-Section: devel
-Priority: optional
-Architecture: any
-Provides: linux-headers,
-          linux-headers-2.6,
-Depends:
-Description: The Proxmox Edge Kernel Headers
- This package contains the Proxmox Edge Linux kernel headers
-
-Package: pve-kernel-6.1.62-generic
-Section: admin
-Priority: optional
-Architecture: any
-Provides: linux-image,
-          linux-image-2.6,
-Suggests: pve-firmware,
-Depends: busybox,
-         initramfs-tools,
-Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64,
-Description: The Proxmox PVE Kernel Image
- This package contains the Linux kernel and initial ramdisk used for booting
-
-Package: pve-kernel-libc-dev
-Section: devel
-Priority: optional
-Architecture: any
-Provides: linux-libc-dev,
-Conflicts: linux-libc-dev,
-Replaces: linux-libc-dev,
-Depends: ${misc:Depends}
-Description: Linux support headers for userspace development
- This package provides userspaces headers from the Linux kernel.  These headers
- are used by the installed headers for GNU libc and other system libraries.

debian/patches/pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 12 May 2015 19:29:22 +0100
+Subject: [PATCH] Make mkcompile_h accept an alternate timestamp string
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We want to include the Debian version in the utsname::version string
+instead of a full timestamp string.  However, we still need to provide
+a standard timestamp string for gen_initramfs_list.sh to make the
+kernel image reproducible.
+
+Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
+$KBUILD_BUILD_TIMESTAMP.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ init/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init/Makefile b/init/Makefile
+index ec557ada3c12..72095034f338 100644
+--- a/init/Makefile
++++ b/init/Makefile
+@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC)	:= PREEMPT_DYNAMIC
+ preempt-flag-$(CONFIG_PREEMPT_RT)	:= PREEMPT_RT
+ 
+ build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto))
+-build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
++build-timestamp = $(or $(KBUILD_BUILD_VERSION_TIMESTAMP), $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
+ 
+ # Maximum length of UTS_VERSION is 64 chars
+ filechk_uts_version = \

debian/patches/pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -0,0 +1,176 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Mark Weiman <mark.weiman@markzz.com>
+Date: Wed, 7 Feb 2018 16:04:03 -0500
+Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This an updated version of Alex Williamson's patch from:
+https://lkml.org/lkml/2013/5/30/513
+
+Original commit message follows:
+PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
+allows us to control whether transactions are allowed to be redirected
+in various subnodes of a PCIe topology.  For instance, if two
+endpoints are below a root port or downsteam switch port, the
+downstream port may optionally redirect transactions between the
+devices, bypassing upstream devices.  The same can happen internally
+on multifunction devices.  The transaction may never be visible to the
+upstream devices.
+
+One upstream device that we particularly care about is the IOMMU.  If
+a redirection occurs in the topology below the IOMMU, then the IOMMU
+cannot provide isolation between devices.  This is why the PCIe spec
+encourages topologies to include ACS support.  Without it, we have to
+assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
+
+Unfortunately, far too many topologies do not support ACS to make this
+a steadfast requirement.  Even the latest chipsets from Intel are only
+sporadically supporting ACS.  We have trouble getting interconnect
+vendors to include the PCIe spec required PCIe capability, let alone
+suggested features.
+
+Therefore, we need to add some flexibility.  The pcie_acs_override=
+boot option lets users opt-in specific devices or sets of devices to
+assume ACS support.  The "downstream" option assumes full ACS support
+on root ports and downstream switch ports.  The "multifunction"
+option assumes the subset of ACS features available on multifunction
+endpoints and upstream switch ports are supported.  The "id:nnnn:nnnn"
+option enables ACS support on devices matching the provided vendor
+and device IDs, allowing more strategic ACS overrides.  These options
+may be combined in any order.  A maximum of 16 id specific overrides
+are available.  It's suggested to use the most limited set of options
+necessary to avoid completely disabling ACS across the topology.
+Note to hardware vendors, we have facilities to permanently quirk
+specific devices which enforce isolation but not provide an ACS
+capability.  Please contact me to have your devices added and save
+your customers the hassle of this boot option.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ .../admin-guide/kernel-parameters.txt         |   9 ++
+ drivers/pci/quirks.c                          | 102 ++++++++++++++++++
+ 2 files changed, 111 insertions(+)
+
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
+index 139df46ed306..08450329f1a3 100644
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
+ }
+ fs_initcall_sync(pci_apply_final_quirks);
+ 
++static bool acs_on_downstream;
++static bool acs_on_multifunction;
++
++#define NUM_ACS_IDS 16
++struct acs_on_id {
++	unsigned short vendor;
++	unsigned short device;
++};
++static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
++static u8 max_acs_id;
++
++static __init int pcie_acs_override_setup(char *p)
++{
++	if (!p)
++		return -EINVAL;
++
++	while (*p) {
++		if (!strncmp(p, "downstream", 10))
++			acs_on_downstream = true;
++		if (!strncmp(p, "multifunction", 13))
++			acs_on_multifunction = true;
++		if (!strncmp(p, "id:", 3)) {
++			char opt[5];
++			int ret;
++			long val;
++
++			if (max_acs_id >= NUM_ACS_IDS - 1) {
++				pr_warn("Out of PCIe ACS override slots (%d)\n",
++						NUM_ACS_IDS);
++				goto next;
++			}
++
++			p += 3;
++			snprintf(opt, 5, "%s", p);
++			ret = kstrtol(opt, 16, &val);
++			if (ret) {
++				pr_warn("PCIe ACS ID parse error %d\n", ret);
++				goto next;
++			}
++			acs_on_ids[max_acs_id].vendor = val;
++			p += strcspn(p, ":");
++			if (*p != ':') {
++				pr_warn("PCIe ACS invalid ID\n");
++				goto next;
++			}
++
++			p++;
++			snprintf(opt, 5, "%s", p);
++			ret = kstrtol(opt, 16, &val);
++			if (ret) {
++				pr_warn("PCIe ACS ID parse error %d\n", ret);
++				goto next;
++			}
++			acs_on_ids[max_acs_id].device = val;
++			max_acs_id++;
++		}
++next:
++		p += strcspn(p, ",");
++		if (*p == ',')
++			p++;
++	}
++
++	if (acs_on_downstream || acs_on_multifunction || max_acs_id)
++		pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
++
++	return 0;
++}
++early_param("pcie_acs_override", pcie_acs_override_setup);
++
++static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
++{
++	int i;
++
++	/* Never override ACS for legacy devices or devices with ACS caps */
++	if (!pci_is_pcie(dev) ||
++		pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
++			return -ENOTTY;
++
++	for (i = 0; i < max_acs_id; i++)
++		if (acs_on_ids[i].vendor == dev->vendor &&
++			acs_on_ids[i].device == dev->device)
++				return 1;
++
++	switch (pci_pcie_type(dev)) {
++		case PCI_EXP_TYPE_DOWNSTREAM:
++		case PCI_EXP_TYPE_ROOT_PORT:
++			if (acs_on_downstream)
++				return 1;
++			break;
++		case PCI_EXP_TYPE_ENDPOINT:
++		case PCI_EXP_TYPE_UPSTREAM:
++		case PCI_EXP_TYPE_LEG_END:
++		case PCI_EXP_TYPE_RC_END:
++			if (acs_on_multifunction && dev->multifunction)
++				return 1;
++	}
++
++	return -ENOTTY;
++}
++
+ /*
+  * Decoding should be disabled for a PCI device during BAR sizing to avoid
+  * conflict. But doing so may cause problems on host bridge and perhaps other
+@@ -5071,6 +5171,8 @@ static const struct pci_dev_acs_enabled {
+ 	{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
+ 	/* APM X-Gene */
+ 	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
++	/* Enable overrides for missing ACS capabilities */
++	{ PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
+ 	/* Ampere Computing */
+ 	{ PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs },
+ 	{ PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs },

debian/patches/pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index fab4d3790578..adae153354c2 100644
+index 5bbb5612b207..691ce10e7647 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
-@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
+@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
  EXPORT_SYMBOL_GPL(halt_poll_ns);
  
  /* Default doubles per-vcpu halt_poll_ns. */

debian/patches/pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch

@@ -3,17 +3,21 @@ From: Thomas Lamprecht <t.lamprecht@proxmox.com>
 Date: Wed, 7 Oct 2020 17:18:28 +0200
 Subject: [PATCH] net: core: downgrade unregister_netdevice refcount leak from
  emergency to error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 ---
  net/core/dev.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 3be256051e99..e79b1695a4cb 100644
+index fe8c46c46505..db9ce84f2006 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10273,7 +10273,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -10298,7 +10298,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
  		if (time_after(jiffies, warning_time +
  			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
  			list_for_each_entry(dev, list, todo_list) {

debian/patches/pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch

@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Tue, 10 Jan 2023 08:52:40 +0100
+Subject: [PATCH] Revert "fortify: Do not cast to "unsigned char""
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ include/linux/fortify-string.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
+index da51a83b2829..9d9e7822eddf 100644
+--- a/include/linux/fortify-string.h
++++ b/include/linux/fortify-string.h
+@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
+ 
+ #define __compiletime_strlen(p)					\
+ ({								\
+-	char *__p = (char *)(p);				\
++	unsigned char *__p = (unsigned char *)(p);		\
+ 	size_t __ret = SIZE_MAX;				\
+ 	const size_t __p_size = __member_size(p);		\
+ 	if (__p_size != SIZE_MAX &&				\

debian/patches/pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch

@@ -0,0 +1,133 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Fri, 14 Jul 2023 18:10:32 +0200
+Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no
+ support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes live-migrations & snapshot-rollback of VMs with a restricted
+CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox
+VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0.
+
+Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to
+supported bits of XCR0") the PKRU bit of the host could leak into the
+state from the guest, which caused trouble when migrating between
+hosts with different CPUs, i.e., where the source supported it but
+the target did not, causing a general protection fault when the guest
+tried to use a pkru related instruction after the migration.
+
+But the fix, while welcome, caused a temporary out-of-sync state when
+migrating such a VM from a kernel without the fix to a kernel with
+the fix, as it threw of KVM when the CPUID of the guest and most of
+the state doesn't report XSAVE and thus any xfeatures, but PKRU and
+the related state is set as enabled, causing the vCPU to spin at 100%
+without any progress forever.
+
+The fix could be at two sites, either in QEMU or in the kernel, I
+choose the kernel as we have all the info there for a targeted
+heuristic so that we don't have to adapt QEMU and qemu-server, the
+latter even on both sides.
+
+Still, a short summary of the possible fixes and short drawbacks:
+* on QEMU-side either
+  - clear the PKRU state in the migration saved state would be rather
+    complicated to implement as the vCPU is initialised way before we
+    have the saved xfeature state available to check what we'd need
+    to do, plus the user-space only gets a memory blob from ioctl
+    KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are
+    no ABI guarantees, and while the struct seem stable for 5.15 to
+    6.5-rc1, that doesn't has to be for future kernels, so off the
+    table.
+  - enforce that the CPUID reports PKU support even if it normally
+    wouldn't. While this works (tested by hard-coding it as POC) it
+    is a) not really nice and b) needs some interaction from
+    qemu-server to enable this flag as otherwise we have no good info
+    to decide when it's OK to do this, which means we need to adapt
+    both PVE 7 and 8's qemu-server and also pve-qemu, workable but
+    not optimal
+
+* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to
+  the KVM subsystem, which already reduces chance of regression for
+  all other places. There we have access to the union/struct
+  definitions of the saved state and thus can savely cast to that.
+  We also got access to the vCPU's CPUID capabilities, meaning we can
+  check if the XCR0 (first XSAVE Control Register) reports
+  that it support the PKRU feature, and if it does *NOT* but the
+  saved xfeatures register from XSAVE *DOES* report it, we can safely
+  assume that this combination is due to an migration from an older,
+  leaky kernel – and clear the bit in the xfeature register before
+  restoring it to the guest vCPU KVM state, avoiding the confusing
+  situation that made the vCPU spin at 100%.
+  This should be safe to do, as the guest vCPU CPUID never reported
+  support for the PKRU feature, and it's also a relatively niche and
+  newish feature.
+
+If it gains us something we can drop this patch a bit in the future
+Proxmox VE 9 major release, but we should ensure that VMs that where
+started before PVE 8 cannot be directly live-migrated to the release
+that includes that change; so we should rather only drop it if the
+maintenance burden is high.
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/cpuid.c |  6 ++++++
+ arch/x86/kvm/cpuid.h |  2 ++
+ arch/x86/kvm/x86.c   | 13 +++++++++++++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
+index 7bdc66abfc92..e2b67975869c 100644
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -249,6 +249,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
+ 	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
+ }
+ 
++bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
++	u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
++	    vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
++	return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
++}
++
+ static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
+ 				       int nent)
+ {
+diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
+index b1658c0de847..12a02851ff57 100644
+--- a/arch/x86/kvm/cpuid.h
++++ b/arch/x86/kvm/cpuid.h
+@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
+ 	       u32 *ecx, u32 *edx, bool exact_only);
+ 
++bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu);
++
+ u32 xstate_required_size(u64 xstate_bv, bool compacted);
+ 
+ int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 7bcf1a76a6ab..aa225f430299 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -5424,6 +5424,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+ 	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
+ 		return 0;
+ 
++	if (!vcpu_supports_xsave_pkru(vcpu)) {
++		void *buf = guest_xsave->region;
++		union fpregs_state *ustate = buf;
++		if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
++			printk(
++				KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d"
++				" reports no PKRU support - migration from fpu-leaky kernel?",
++				current->pid
++			);
++			ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU;
++		}
++	}
++
+ 	return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu,
+ 					      guest_xsave->region,
+ 					      kvm_caps.supported_xcr0,

debian/patches/pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch

@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: kiler129 <grzegorz@noflash.pl>
+Date: Mon, 18 Sep 2023 15:19:26 +0200
+Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
+
+adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/iommu/intel/iommu.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
+index 656b2150643e..06fefd2a4bfa 100644
+--- a/drivers/iommu/intel/iommu.c
++++ b/drivers/iommu/intel/iommu.c
+@@ -298,6 +298,7 @@ static int dmar_map_gfx = 1;
+ static int dmar_map_ipu = 1;
+ static int intel_iommu_superpage = 1;
+ static int iommu_identity_mapping;
++static int intel_relaxable_rmrr = 0;
+ static int iommu_skip_te_disable;
+ 
+ #define IDENTMAP_GFX		2
+@@ -359,6 +360,9 @@ static int __init intel_iommu_setup(char *str)
+ 		} else if (!strncmp(str, "tboot_noforce", 13)) {
+ 			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
+ 			intel_iommu_tboot_noforce = 1;
++		} else if (!strncmp(str, "relax_rmrr", 10)) {
++			pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
++			intel_relaxable_rmrr = 1;
+ 		} else {
+ 			pr_notice("Unknown option - '%s'\n", str);
+ 		}
+@@ -2503,7 +2507,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
+ 		return false;
+ 
+ 	pdev = to_pci_dev(dev);
+-	if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
++	if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+ 		return true;
+ 	else
+ 		return false;

debian/patches/pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch

@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Wed, 18 Oct 2023 12:41:03 -0700
+Subject: [PATCH] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
+ nested VMCB"
+
+Revert KVM's made-up consistency check on SVM's TLB control.  The APM says
+that unsupported encodings are reserved, but the APM doesn't state that
+VMRUN checks for a supported encoding.  Unless something is called out
+in "Canonicalization and Consistency Checks" or listed as MBZ (Must Be
+Zero), AMD behavior is typically to let software shoot itself in the foot.
+
+This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
+
+Fixes: 174a921b6975 ("nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB")
+Reported-by: Stefan Sterz <s.sterz@proxmox.com>
+Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/svm/nested.c | 15 ---------------
+ 1 file changed, 15 deletions(-)
+
+diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
+index 36482780a42f..43481f26a34b 100644
+--- a/arch/x86/kvm/svm/nested.c
++++ b/arch/x86/kvm/svm/nested.c
+@@ -247,18 +247,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
+ 	    kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
+ }
+ 
+-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
+-{
+-	/* Nested FLUSHBYASID is not supported yet.  */
+-	switch(tlb_ctl) {
+-		case TLB_CONTROL_DO_NOTHING:
+-		case TLB_CONTROL_FLUSH_ALL_ASID:
+-			return true;
+-		default:
+-			return false;
+-	}
+-}
+-
+ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					 struct vmcb_ctrl_area_cached *control)
+ {
+@@ -278,9 +266,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					   IOPM_SIZE)))
+ 		return false;
+ 
+-	if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
+-		return false;
+-
+ 	if (CC((control->int_ctl & V_NMI_ENABLE_MASK) &&
+ 	       !vmcb12_is_intercept(control, INTERCEPT_NMI))) {
+ 		return false;

debian/patches/pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch

@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Wed, 18 Oct 2023 12:41:04 -0700
+Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
+
+Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
+always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
+with a new, fresh ASID in vmcb02.  Some modern hypervisors, e.g. VMWare
+Workstation 17, require FLUSHBYASID support and will refuse to run if it's
+not present.
+
+Punt on proper support, as "Honor L1's request to flush an ASID on nested
+VMRUN" is one of the TODO items in the (incomplete) list of issues that
+need to be addressed in order for KVM to NOT do a full TLB flush on every
+nested SVM transition (see nested_svm_transition_tlb_flush()).
+
+Reported-by: Stefan Sterz <s.sterz@proxmox.com>
+Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/svm/svm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index c8466bc64b87..6154eda73d41 100644
+--- a/arch/x86/kvm/svm/svm.c
++++ b/arch/x86/kvm/svm/svm.c
+@@ -4983,6 +4983,7 @@ static __init void svm_set_cpu_caps(void)
+ 	if (nested) {
+ 		kvm_cpu_cap_set(X86_FEATURE_SVM);
+ 		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
++		kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
+ 
+ 		if (nrips)
+ 			kvm_cpu_cap_set(X86_FEATURE_NRIPS);

debian/patches/pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch

@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Mon, 6 Nov 2023 10:17:02 +0100
+Subject: [PATCH] revert "memfd: improve userspace warnings for missing
+ exec-related flags".
+
+This warning is telling userspace developers to pass MFD_EXEC and
+MFD_NOEXEC_SEAL to memfd_create().  Commit 434ed3350f57 ("memfd: improve
+userspace warnings for missing exec-related flags") made the warning more
+frequent and visible in the hope that this would accelerate the fixing of
+errant userspace.
+
+But the overall effect is to generate far too much dmesg noise.
+
+Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags")
+Reported-by: Damian Tometzki <dtometzki@fedoraproject.org>
+Closes: https://lkml.kernel.org/r/ZPFzCSIgZ4QuHsSC@fedora.fritz.box
+Cc: Aleksa Sarai <cyphar@cyphar.com>
+Cc: Christian Brauner <brauner@kernel.org>
+Cc: Daniel Verkamp <dverkamp@chromium.org>
+Cc: Jeff Xu <jeffxu@google.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Shuah Khan <shuah@kernel.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+ (cherry picked from commit 2562d67b1bdf91c7395b0225d60fdeb26b4bc5a0)
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ mm/memfd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mm/memfd.c b/mm/memfd.c
+index 2dba2cb6f0d0..1c077e98e116 100644
+--- a/mm/memfd.c
++++ b/mm/memfd.c
+@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
+ 	}
+ 
+ 	if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) {
+-		pr_err_ratelimited(
++		pr_warn_once(
+ 			"%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n",
+ 			current->comm, task_pid_nr(current), sysctl);
+ 		return -EACCES;

debian/patches/pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch

@@ -0,0 +1,55 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Tue, 7 Nov 2023 09:26:16 +0100
+Subject: [PATCH] Revert "UBUNTU: SAUCE: ceph: make sure all the files
+ successfully put before unmounting"
+
+This reverts commit a53dba9297be9597eac7b17738723bd44bac97ea, which
+was an early attempt to fix a bug that was actually present in the
+ceph layer, as confirmed by the original patch author [0], and fixed
+actually there now [1].
+
+[0]: https://lore.kernel.org/all/8443166a-7182-7777-a489-14b5dab20bd5@redhat.com/
+[1]: https://patchwork.kernel.org/project/ceph-devel/patch/20221221093031.132792-1-xiubli@redhat.com/
+Hide
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ fs/crypto/keyring.c | 6 +-----
+ fs/inode.c          | 5 +----
+ 2 files changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
+index 147b9a11c62c..7cbb1fd872ac 100644
+--- a/fs/crypto/keyring.c
++++ b/fs/crypto/keyring.c
+@@ -237,11 +237,7 @@ void fscrypt_destroy_keyring(struct super_block *sb)
+ 			 * with ->mk_secret.  There should be no structural refs
+ 			 * beyond the one associated with the active ref.
+ 			 */
+-			if (refcount_read(&mk->mk_active_refs) != 1) {
+-				printk("fscrypt_destroy_keyring: mk_active_refs = %d\n",
+-				       refcount_read(&mk->mk_active_refs));
+-				WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
+-			}
++			WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
+ 			WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1);
+ 			WARN_ON_ONCE(!is_master_key_secret_present(&mk->mk_secret));
+ 			wipe_master_key_secret(&mk->mk_secret);
+diff --git a/fs/inode.c b/fs/inode.c
+index 3b8abad427b4..67611a360031 100644
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -716,11 +716,8 @@ void evict_inodes(struct super_block *sb)
+ again:
+ 	spin_lock(&sb->s_inode_list_lock);
+ 	list_for_each_entry_safe(inode, next, &sb->s_inodes, i_sb_list) {
+-		if (atomic_read(&inode->i_count)) {
+-			printk("evict_inodes inode %p, i_count = %d, was skipped!\n",
+-			       inode, atomic_read(&inode->i_count));
++		if (atomic_read(&inode->i_count))
+ 			continue;
+-		}
+ 
+ 		spin_lock(&inode->i_lock);
+ 		if (inode->i_state & (I_NEW | I_FREEING | I_WILL_FREE)) {

debian/patches/pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch

@@ -0,0 +1,63 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@amd.com>
+Date: Wed, 4 Oct 2023 15:22:52 -0500
+Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
+
+For pptable structs that use flexible array sizes, use flexible arrays.
+
+Suggested-by: Felix Held <felix.held@amd.com>
+Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2874
+Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+(cherry-picked from commit 760efbca74a405dc439a013a5efaa9fadc95a8c3)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ drivers/gpu/drm/amd/include/pptable.h                 | 4 ++--
+ drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/include/pptable.h b/drivers/gpu/drm/amd/include/pptable.h
+index 0b6a057e0a4c..5aac8d545bdc 100644
+--- a/drivers/gpu/drm/amd/include/pptable.h
++++ b/drivers/gpu/drm/amd/include/pptable.h
+@@ -78,7 +78,7 @@ typedef struct _ATOM_PPLIB_THERMALCONTROLLER
+ typedef struct _ATOM_PPLIB_STATE
+ {
+     UCHAR ucNonClockStateIndex;
+-    UCHAR ucClockStateIndices[1]; // variable-sized
++    UCHAR ucClockStateIndices[]; // variable-sized
+ } ATOM_PPLIB_STATE;
+ 
+ 
+@@ -473,7 +473,7 @@ typedef struct _ATOM_PPLIB_STATE_V2
+       /**
+       * Driver will read the first ucNumDPMLevels in this array
+       */
+-      UCHAR clockInfoIndex[1];
++      UCHAR clockInfoIndex[];
+ } ATOM_PPLIB_STATE_V2;
+ 
+ typedef struct _StateArray{
+diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+index b0ac4d121adc..41444e27bfc0 100644
+--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
++++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+@@ -179,7 +179,7 @@ typedef struct _ATOM_Tonga_MCLK_Dependency_Record {
+ typedef struct _ATOM_Tonga_MCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries; 										/* Number of entries. */
+-	ATOM_Tonga_MCLK_Dependency_Record entries[1];				/* Dynamically allocate entries. */
++	ATOM_Tonga_MCLK_Dependency_Record entries[];				/* Dynamically allocate entries. */
+ } ATOM_Tonga_MCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Tonga_SCLK_Dependency_Record {
+@@ -194,7 +194,7 @@ typedef struct _ATOM_Tonga_SCLK_Dependency_Record {
+ typedef struct _ATOM_Tonga_SCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries; 										/* Number of entries. */
+-	ATOM_Tonga_SCLK_Dependency_Record entries[1];				 /* Dynamically allocate entries. */
++	ATOM_Tonga_SCLK_Dependency_Record entries[];				 /* Dynamically allocate entries. */
+ } ATOM_Tonga_SCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Polaris_SCLK_Dependency_Record {

debian/patches/pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch

@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@amd.com>
+Date: Wed, 4 Oct 2023 15:46:44 -0500
+Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
+ Tonga
+
+For pptable structs that use flexible array sizes, use flexible arrays.
+
+Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036742
+Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+(cherry-picked from commit 0f0e59075b5c22f1e871fbd508d6e4f495048356)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ .../gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h    | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+index 41444e27bfc0..e0e40b054c08 100644
+--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
++++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+@@ -164,7 +164,7 @@ typedef struct _ATOM_Tonga_State {
+ typedef struct _ATOM_Tonga_State_Array {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;		/* Number of entries. */
+-	ATOM_Tonga_State entries[1];	/* Dynamically allocate entries. */
++	ATOM_Tonga_State entries[];	/* Dynamically allocate entries. */
+ } ATOM_Tonga_State_Array;
+ 
+ typedef struct _ATOM_Tonga_MCLK_Dependency_Record {
+@@ -210,7 +210,7 @@ typedef struct _ATOM_Polaris_SCLK_Dependency_Record {
+ typedef struct _ATOM_Polaris_SCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;							/* Number of entries. */
+-	ATOM_Polaris_SCLK_Dependency_Record entries[1];				 /* Dynamically allocate entries. */
++	ATOM_Polaris_SCLK_Dependency_Record entries[];				 /* Dynamically allocate entries. */
+ } ATOM_Polaris_SCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Tonga_PCIE_Record {
+@@ -222,7 +222,7 @@ typedef struct _ATOM_Tonga_PCIE_Record {
+ typedef struct _ATOM_Tonga_PCIE_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries; 										/* Number of entries. */
+-	ATOM_Tonga_PCIE_Record entries[1];							/* Dynamically allocate entries. */
++	ATOM_Tonga_PCIE_Record entries[];							/* Dynamically allocate entries. */
+ } ATOM_Tonga_PCIE_Table;
+ 
+ typedef struct _ATOM_Polaris10_PCIE_Record {
+@@ -235,7 +235,7 @@ typedef struct _ATOM_Polaris10_PCIE_Record {
+ typedef struct _ATOM_Polaris10_PCIE_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries. */
+-	ATOM_Polaris10_PCIE_Record entries[1];                      /* Dynamically allocate entries. */
++	ATOM_Polaris10_PCIE_Record entries[];                      /* Dynamically allocate entries. */
+ } ATOM_Polaris10_PCIE_Table;
+ 
+ 
+@@ -252,7 +252,7 @@ typedef struct _ATOM_Tonga_MM_Dependency_Record {
+ typedef struct _ATOM_Tonga_MM_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries; 										/* Number of entries. */
+-	ATOM_Tonga_MM_Dependency_Record entries[1]; 			   /* Dynamically allocate entries. */
++	ATOM_Tonga_MM_Dependency_Record entries[]; 			   /* Dynamically allocate entries. */
+ } ATOM_Tonga_MM_Dependency_Table;
+ 
+ typedef struct _ATOM_Tonga_Voltage_Lookup_Record {
+@@ -265,7 +265,7 @@ typedef struct _ATOM_Tonga_Voltage_Lookup_Record {
+ typedef struct _ATOM_Tonga_Voltage_Lookup_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries; 										/* Number of entries. */
+-	ATOM_Tonga_Voltage_Lookup_Record entries[1];				/* Dynamically allocate entries. */
++	ATOM_Tonga_Voltage_Lookup_Record entries[];				/* Dynamically allocate entries. */
+ } ATOM_Tonga_Voltage_Lookup_Table;
+ 
+ typedef struct _ATOM_Tonga_Fan_Table {

debian/patches/pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch

@@ -0,0 +1,146 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Fri, 27 Oct 2023 16:40:47 -0400
+Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Powerplay
+ headers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For pptable structs that use flexible array sizes, use flexible arrays.
+
+Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039926
+Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
+Acked-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+(cherry-picked from commit 49afe91370b86566857a3c2c39612cf098110885)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ .../drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h |  4 ++--
+ .../amd/pm/powerplay/hwmgr/vega10_pptable.h   | 24 +++++++++----------
+ 2 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+index e0e40b054c08..5ec564dbf339 100644
+--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
++++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+@@ -367,7 +367,7 @@ typedef struct _ATOM_Tonga_VCE_State_Record {
+ typedef struct _ATOM_Tonga_VCE_State_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;
+-	ATOM_Tonga_VCE_State_Record entries[1];
++	ATOM_Tonga_VCE_State_Record entries[];
+ } ATOM_Tonga_VCE_State_Table;
+ 
+ typedef struct _ATOM_Tonga_PowerTune_Table {
+@@ -482,7 +482,7 @@ typedef struct _ATOM_Tonga_Hard_Limit_Record {
+ typedef struct _ATOM_Tonga_Hard_Limit_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;
+-	ATOM_Tonga_Hard_Limit_Record entries[1];
++	ATOM_Tonga_Hard_Limit_Record entries[];
+ } ATOM_Tonga_Hard_Limit_Table;
+ 
+ typedef struct _ATOM_Tonga_GPIO_Table {
+diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
+index 9c479bd9a786..a372abcd01be 100644
+--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
++++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
+@@ -129,7 +129,7 @@ typedef struct _ATOM_Vega10_State {
+ typedef struct _ATOM_Vega10_State_Array {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries. */
+-	ATOM_Vega10_State states[1];                             /* Dynamically allocate entries. */
++	ATOM_Vega10_State states[];                             /* Dynamically allocate entries. */
+ } ATOM_Vega10_State_Array;
+ 
+ typedef struct _ATOM_Vega10_CLK_Dependency_Record {
+@@ -169,37 +169,37 @@ typedef struct _ATOM_Vega10_GFXCLK_Dependency_Table {
+ typedef struct _ATOM_Vega10_MCLK_Dependency_Table {
+     UCHAR ucRevId;
+     UCHAR ucNumEntries;                                         /* Number of entries. */
+-    ATOM_Vega10_MCLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++    ATOM_Vega10_MCLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_MCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_SOCCLK_Dependency_Table {
+     UCHAR ucRevId;
+     UCHAR ucNumEntries;                                         /* Number of entries. */
+-    ATOM_Vega10_CLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++    ATOM_Vega10_CLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_SOCCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_DCEFCLK_Dependency_Table {
+     UCHAR ucRevId;
+     UCHAR ucNumEntries;                                         /* Number of entries. */
+-    ATOM_Vega10_CLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++    ATOM_Vega10_CLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_DCEFCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_PIXCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries. */
+-	ATOM_Vega10_CLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++	ATOM_Vega10_CLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_PIXCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_DISPCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries.*/
+-	ATOM_Vega10_CLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++	ATOM_Vega10_CLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_DISPCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_PHYCLK_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries. */
+-	ATOM_Vega10_CLK_Dependency_Record entries[1];            /* Dynamically allocate entries. */
++	ATOM_Vega10_CLK_Dependency_Record entries[];            /* Dynamically allocate entries. */
+ } ATOM_Vega10_PHYCLK_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_MM_Dependency_Record {
+@@ -213,7 +213,7 @@ typedef struct _ATOM_Vega10_MM_Dependency_Record {
+ typedef struct _ATOM_Vega10_MM_Dependency_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                         /* Number of entries */
+-	ATOM_Vega10_MM_Dependency_Record entries[1];             /* Dynamically allocate entries */
++	ATOM_Vega10_MM_Dependency_Record entries[];             /* Dynamically allocate entries */
+ } ATOM_Vega10_MM_Dependency_Table;
+ 
+ typedef struct _ATOM_Vega10_PCIE_Record {
+@@ -225,7 +225,7 @@ typedef struct _ATOM_Vega10_PCIE_Record {
+ typedef struct _ATOM_Vega10_PCIE_Table {
+ 	UCHAR  ucRevId;
+ 	UCHAR  ucNumEntries;                                        /* Number of entries */
+-	ATOM_Vega10_PCIE_Record entries[1];                      /* Dynamically allocate entries. */
++	ATOM_Vega10_PCIE_Record entries[];                      /* Dynamically allocate entries. */
+ } ATOM_Vega10_PCIE_Table;
+ 
+ typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
+@@ -235,7 +235,7 @@ typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
+ typedef struct _ATOM_Vega10_Voltage_Lookup_Table {
+ 	UCHAR ucRevId;
+ 	UCHAR ucNumEntries;                                          /* Number of entries */
+-	ATOM_Vega10_Voltage_Lookup_Record entries[1];             /* Dynamically allocate entries */
++	ATOM_Vega10_Voltage_Lookup_Record entries[];             /* Dynamically allocate entries */
+ } ATOM_Vega10_Voltage_Lookup_Table;
+ 
+ typedef struct _ATOM_Vega10_Fan_Table {
+@@ -329,7 +329,7 @@ typedef struct _ATOM_Vega10_VCE_State_Table
+ {
+     UCHAR ucRevId;
+     UCHAR ucNumEntries;
+-    ATOM_Vega10_VCE_State_Record entries[1];
++    ATOM_Vega10_VCE_State_Record entries[];
+ } ATOM_Vega10_VCE_State_Table;
+ 
+ typedef struct _ATOM_Vega10_PowerTune_Table {
+@@ -432,7 +432,7 @@ typedef struct _ATOM_Vega10_Hard_Limit_Table
+ {
+     UCHAR ucRevId;
+     UCHAR ucNumEntries;
+-    ATOM_Vega10_Hard_Limit_Record entries[1];
++    ATOM_Vega10_Hard_Limit_Record entries[];
+ } ATOM_Vega10_Hard_Limit_Table;
+ 
+ typedef struct _Vega10_PPTable_Generic_SubTable_Header

debian/patches/series.linux

@@ -1,2 +1,16 @@
-pve/0002-bridge-keep-MAC-of-first-assigned-port.patch
-pve/0004-kvm-disable-default-dynamic-halt-polling-growth.patch
+pve/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch
+pve/0002-wireless-Add-Debian-wireless-regdb-certificates.patch
+pve/0003-bridge-keep-MAC-of-first-assigned-port.patch
+pve/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+pve/0005-kvm-disable-default-dynamic-halt-polling-growth.patch
+pve/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
+pve/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
+pve/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
+pve/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
+pve/0010-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch
+pve/0011-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
+pve/0012-revert-memfd-improve-userspace-warnings-for-missing-.patch
+#pve/0013-Revert-UBUNTU-SAUCE-ceph-make-sure-all-the-files-suc.patch
+pve/0014-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
+pve/0015-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
+pve/0016-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch

debian/patches/series.zfs

@@ -9,3 +9,4 @@ zfs/0008-Patch-move-manpage-arcstat-1-to-arcstat-8.patch
 zfs/0009-arc-stat-summary-guard-access-to-l2arc-MFU-MRU-stats.patch
 zfs/0010-zvol-Remove-broken-blk-mq-optimization.patch
 zfs/0011-Revert-zvol-Temporally-disable-blk-mq.patch
+zfs/0012-change-zfs-lic-cddl-to-gpl.patch

debian/patches/zfs/0012-change-zfs-lic-cddl-to-gpl.patch

@@ -0,0 +1,13 @@
+diff --git a/META b/META
+index 0d7df10..76f5194 100644
+--- a/META
++++ b/META
+@@ -4,7 +4,7 @@ Branch:        1.0
+ Version:       2.2.0
+ Release:       1
+ Release-Tags:  relext
+-License:       CDDL
++License:       GPL
+ Author:        OpenZFS
+ Linux-Maximum: 6.5
+ Linux-Minimum: 3.10

debian/templates/control.in

@@ -19,6 +19,12 @@ Build-Depends: asciidoc,
                libnuma-dev,
                libslang2-dev,
                libssl-dev,
+	       systemtap-sdt-dev,
+	       libunwind-dev,
+               libcap-dev,
+               libbabeltrace-dev,
+	       openjdk-8-jdk,
+               libtraceevent-dev,
                lz4,
                python3-minimal,
                python3-dev,

linux

@@ -1 +1 @@
-Subproject commit fb2635ac69abac0060cc2be2873dc4f524f12e66
+Subproject commit 799441832db16b99e400ccbec55db801e6992819