update source and patches to Ubuntu 25.04 Plucky based 6.14 kernel

Provide a newer – currently – opt-in kernel that will form the base
for Ubuntu's 25.04 release.

Using the current relevant tag Ubuntu-6.14.0-12.12 (the newer 13.13
tag includes only some packaging changes that do not affect us) from
the upstream repo [0].

Update the patches, drop those that got applied upstream or are simply
not relevant for the newer kernel anymore. Update the ZFS submodule to
include a cherry-pick of the two Linux 6.14 compat patches that
already got applied to ZFS upstream [1].

[0]: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/plucky/
[1]: https://github.com/openzfs/zfs/pull/17026

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 5ea6b2d54edaff9b7efa20235de92970cabcf769..e36ab4a38709f697860e785c1eb2e8c44f9f7b64 100644
+index 12441846bfe207fd768a66c84bbdce008a731397..0f7d31fad2aa302dc36f7627bff702976f57ba58 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4422,6 +4422,15 @@
+@@ -4648,6 +4648,15 @@
  				Also, it enforces the PCI Local Bus spec
  				rule that those bits should be 0 in system reset
  				events (useful for kexec/kdump cases).
@@ -75,10 +75,10 @@ index 5ea6b2d54edaff9b7efa20235de92970cabcf769..e36ab4a38709f697860e785c1eb2e8c4
  				Safety option to keep boot IRQs enabled. This
  				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 3914e23f7f22c23fde6bb5905904212a348efcdb..a7aea52a0dd01379427f41718064ac4fbad1f66c 100644
+index 0d51c5d378da941203f97dde644910849f968727..f3f2b68de4a3cea603adf6103d8310018629461e 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -300,6 +300,106 @@ static int __init pci_apply_final_quirks(void)
+@@ -305,6 +305,106 @@ static int __init pci_apply_final_quirks(void)
  }
  fs_initcall_sync(pci_apply_final_quirks);
  

patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 16f0c3566f16141af8f5cfeb5dc6b15838ff6ecc..e232b463912db788345e0d38b3128cbee30948ae 100644
+index ba0327e2d0d3336c680be6543289b88ff22540e8..1164827c00537ada8f8bcd2c112e3c6d9daa58d7 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -80,7 +80,7 @@ module_param(halt_poll_ns, uint, 0644);

patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch

@@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 06a02e87394e22e279bc7e62822164988e9e973c..fac4fed1b3f9620cc2ec15b7c7683f9c311192de 100644
+index 2f7f5fd9ffec7c0fc219eb6ba57d57a55134186e..c120194dd862d01c018b068cb2f4f197fade924c 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10699,7 +10699,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -11152,7 +11152,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
  		if (time_after(jiffies, warning_time +
  			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
  			list_for_each_entry(dev, list, todo_list) {

patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch

@@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
-index 0d99bf11d260a3482bbe46e35c7553c0ccfb8b94..fe04f7f9357506baf21a0c3cc070c37f00a24d5c 100644
+index e4ce1cae03bf770047ce8a7c032b183683388cd5..16fcaf15da54f93fb1c14e392d0e0b7907435f25 100644
 --- a/include/linux/fortify-string.h
 +++ b/include/linux/fortify-string.h
 @@ -62,7 +62,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("

patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch

@@ -72,33 +72,32 @@ maintenance burden is high.
 
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- arch/x86/kvm/cpuid.c |  6 ++++++
+ arch/x86/kvm/cpuid.c |  5 +++++
  arch/x86/kvm/cpuid.h |  3 +++
  arch/x86/kvm/x86.c   | 13 +++++++++++++
- 3 files changed, 22 insertions(+)
+ 3 files changed, 21 insertions(+)
 
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index be2baf851ec7d63a2095247d828f390b9757f905..dc73965aa73b21d26b4cf039336da3ca38e89bc6 100644
+index 121edf1f2a79ac9f7fcf881a51d374c62f689c5b..837035bb4e3629428befeac73f14793b5cb45c82 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
-@@ -290,6 +290,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
+@@ -291,6 +291,11 @@ static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *vcpu)
  	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
  }
  
 +bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
-+	u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
-+	    vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
++	u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(vcpu);
 +	return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
 +}
 +
- static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
- 				       int nent)
- {
+ static __always_inline void kvm_update_feature_runtime(struct kvm_vcpu *vcpu,
+ 						       struct kvm_cpuid_entry2 *entry,
+ 						       unsigned int x86_feature,
 diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
-index ad479cfb91bc7bc5d400d2c098536abb4d4babe5..e55eecb2f3646ff7ef63c107c5cc5481fabb8a51 100644
+index 67d80aa72d50d1323375068f7a75224d8529974b..47b08881a3f0e3f6c0b2e8085d75250fe5a32f65 100644
 --- a/arch/x86/kvm/cpuid.h
 +++ b/arch/x86/kvm/cpuid.h
-@@ -32,7 +32,10 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+@@ -31,7 +31,10 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
  bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
  	       u32 *ecx, u32 *edx, bool exact_only);
  
@@ -110,10 +109,10 @@ index ad479cfb91bc7bc5d400d2c098536abb4d4babe5..e55eecb2f3646ff7ef63c107c5cc5481
  
  int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 4040bdebebf2ff5783895608215505f13ded668f..aa7d3ef88a644565afdacec434547a284b2f0f76 100644
+index 4b64ab350bcd4d122adbe9416523bec692e5fc4f..2e8d971f9df00537581cf41eae64d93a4e932801 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -5633,6 +5633,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+@@ -5596,6 +5596,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
  	if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
  		return vcpu->kvm->arch.has_protected_state ? -EINVAL : 0;
  

patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch

@@ -11,10 +11,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 5 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
-index 0d80f97ecc8a3d9c6a75d522494e1687fa29ac49..676f94c491dc87b5882100c6e08af0f3221592b2 100644
+index b859d7396e7e8a80856e86d50ecffbe181e945c3..7c8f66e29463e82269c4b8893ccd9647cebcacd5 100644
 --- a/drivers/iommu/intel/iommu.c
 +++ b/drivers/iommu/intel/iommu.c
-@@ -228,6 +228,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled);
+@@ -218,6 +218,7 @@ EXPORT_SYMBOL_GPL(intel_iommu_enabled);
  static int dmar_map_ipu = 1;
  static int intel_iommu_superpage = 1;
  static int iommu_identity_mapping;
@@ -22,7 +22,7 @@ index 0d80f97ecc8a3d9c6a75d522494e1687fa29ac49..676f94c491dc87b5882100c6e08af0f3
  static int iommu_skip_te_disable;
  static int disable_igfx_iommu;
  
-@@ -290,6 +291,9 @@ static int __init intel_iommu_setup(char *str)
+@@ -280,6 +281,9 @@ static int __init intel_iommu_setup(char *str)
  		} else if (!strncmp(str, "tboot_noforce", 13)) {
  			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
  			intel_iommu_tboot_noforce = 1;
@@ -32,7 +32,7 @@ index 0d80f97ecc8a3d9c6a75d522494e1687fa29ac49..676f94c491dc87b5882100c6e08af0f3
  		} else {
  			pr_notice("Unknown option - '%s'\n", str);
  		}
-@@ -2165,7 +2169,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
+@@ -1889,7 +1893,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
  		return false;
  
  	pdev = to_pci_dev(dev);

patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch

@@ -1,37 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sean Christopherson <seanjc@google.com>
-Date: Wed, 18 Oct 2023 12:41:04 -0700
-Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
-
-Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
-always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
-with a new, fresh ASID in vmcb02.  Some modern hypervisors, e.g. VMWare
-Workstation 17, require FLUSHBYASID support and will refuse to run if it's
-not present.
-
-Punt on proper support, as "Honor L1's request to flush an ASID on nested
-VMRUN" is one of the TODO items in the (incomplete) list of issues that
-need to be addressed in order for KVM to NOT do a full TLB flush on every
-nested SVM transition (see nested_svm_transition_tlb_flush()).
-
-Reported-by: Stefan Sterz <s.sterz@proxmox.com>
-Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
-Signed-off-by: Sean Christopherson <seanjc@google.com>
-Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kvm/svm/svm.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index 22513133925e0ca5a889ae6105a829af3957778c..1435e5b0a7f604bd0146b7feb5dd06a4516925a1 100644
---- a/arch/x86/kvm/svm/svm.c
-+++ b/arch/x86/kvm/svm/svm.c
-@@ -5176,6 +5176,7 @@ static __init void svm_set_cpu_caps(void)
- 	if (nested) {
- 		kvm_cpu_cap_set(X86_FEATURE_SVM);
- 		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
-+		kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
- 
- 		/*
- 		 * KVM currently flushes TLBs on *every* nested SVM transition,

patches/kernel/0010-revert-memfd-improve-userspace-warnings-for-missing-.patch

@@ -30,7 +30,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/mm/memfd.c b/mm/memfd.c
-index c17c3ea701a17e9f3a652e77ba60ca9c58b0ca8e..63340d874f1e4aa139b3cce8e4fffcffc0106884 100644
+index 37f7be57c2f505cbee9c5d7b661dfd6c1e99b758..8e8b2799a17e4b02b8e796b468b4021f848fbef0 100644
 --- a/mm/memfd.c
 +++ b/mm/memfd.c
 @@ -318,7 +318,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)

patches/kernel/0011-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch

@@ -17,10 +17,10 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c
-index 57b710054a76582346f37671843f3f8d6e99331c..35f905d9b960f62fa2ecb80b5c1a8e9edecd9b5d 100644
+index e352652554d24543e822520305f07ea21149c7ac..b9c7f501aaaf38247b70b5b06f0e6eecbe08a230 100644
 --- a/security/apparmor/af_inet.c
 +++ b/security/apparmor/af_inet.c
-@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
+@@ -738,7 +738,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
  	/* do we need early bailout for !family ... */
  	return sk_has_perm2(sock->sk, op, request, profile, ad,
  			    map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad),

patches/kernel/0012-Revert-UBUNTU-SAUCE-iommu-intel-disable-DMAR-for-SKL.patch

@@ -17,10 +17,10 @@ gfx").
  1 file changed, 68 deletions(-)
 
 diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
-index 676f94c491dc87b5882100c6e08af0f3221592b2..00bf41e964fb3c62fce13b49f55c01295ea3e6fd 100644
+index 7c8f66e29463e82269c4b8893ccd9647cebcacd5..851667c6c22f063a47f569ab9c4bf2781f68230a 100644
 --- a/drivers/iommu/intel/iommu.c
 +++ b/drivers/iommu/intel/iommu.c
-@@ -4782,74 +4782,6 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1632, quirk_iommu_igfx);
+@@ -4557,74 +4557,6 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x1632, quirk_iommu_igfx);
  DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163A, quirk_iommu_igfx);
  DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx);
  

patches/kernel/0013-netfs-reset-subreq-iov-iter-before-tail-clean.patch

@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Christian Ebner <c.ebner@proxmox.com>
-Date: Wed, 2 Oct 2024 15:24:31 +0200
-Subject: [PATCH] netfs: reset subreq iov iter before tail clean
-
-Make sure the iter is at the correct location when cleaning up tail
-bytes for incomplete read subrequests.
-
-Fixes: 92b6cc5d ("netfs: Add iov_iters to (sub)requests to describe various buffers")
-Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219237
-
-Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
----
- fs/netfs/io.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fs/netfs/io.c b/fs/netfs/io.c
-index d6ada4eba74455aad26273a63247356a3910dc4e..500119285346be28a87698dd6ac66b5e276a6c66 100644
---- a/fs/netfs/io.c
-+++ b/fs/netfs/io.c
-@@ -528,6 +528,7 @@ void netfs_subreq_terminated(struct netfs_io_subrequest *subreq,
- 
- incomplete:
- 	if (test_bit(NETFS_SREQ_CLEAR_TAIL, &subreq->flags)) {
-+		netfs_reset_subreq_iter(rreq, subreq);
- 		netfs_clear_unread(subreq);
- 		subreq->transferred = subreq->len;
- 		goto complete;

patches/kernel/0015-x86-mm-Don-t-disable-PCID-when-INVLPG-has-been-fixed.patch

@@ -1,78 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xi Ruoyao <xry111@xry111.site>
-Date: Wed, 22 May 2024 10:06:24 +0800
-Subject: [PATCH] x86/mm: Don't disable PCID when INVLPG has been fixed by
- microcode
-
-Per the "Processor Specification Update" documentations referred by
-the intel-microcode-20240312 release note, this microcode release has
-fixed the issue for all affected models.
-
-So don't disable PCID if the microcode is new enough.  The precise
-minimum microcode revision fixing the issue was provided by Pawan
-Intel.
-
-[ dhansen: comment and changelog tweaks ]
-
-Signed-off-by: Xi Ruoyao <xry111@xry111.site>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
-Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/
-Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
-Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13
-Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24
-Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/
-Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site
- (cherry-picked from f24f669d03f884a6ef95cca84317d0f329e93961)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/mm/init.c | 23 ++++++++++++++---------
- 1 file changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index eb503f53c3195ca4f299593c0112dab0fb09e7dd..101725c149c4294f22e337845e01c82dfe71cde5 100644
---- a/arch/x86/mm/init.c
-+++ b/arch/x86/mm/init.c
-@@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void)
- }
- 
- /*
-- * INVLPG may not properly flush Global entries
-- * on these CPUs when PCIDs are enabled.
-+ * INVLPG may not properly flush Global entries on
-+ * these CPUs.  New microcode fixes the issue.
-  */
- static const struct x86_cpu_id invlpg_miss_ids[] = {
--	X86_MATCH_VFM(INTEL_ALDERLAKE,	    0),
--	X86_MATCH_VFM(INTEL_ALDERLAKE_L,    0),
--	X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0),
--	X86_MATCH_VFM(INTEL_RAPTORLAKE,	    0),
--	X86_MATCH_VFM(INTEL_RAPTORLAKE_P,   0),
--	X86_MATCH_VFM(INTEL_RAPTORLAKE_S,   0),
-+	X86_MATCH_VFM(INTEL_ALDERLAKE,	    0x2e),
-+	X86_MATCH_VFM(INTEL_ALDERLAKE_L,    0x42c),
-+	X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0x11),
-+	X86_MATCH_VFM(INTEL_RAPTORLAKE,	    0x118),
-+	X86_MATCH_VFM(INTEL_RAPTORLAKE_P,   0x4117),
-+	X86_MATCH_VFM(INTEL_RAPTORLAKE_S,   0x2e),
- 	{}
- };
- 
- static void setup_pcid(void)
- {
-+	const struct x86_cpu_id *invlpg_miss_match;
-+
- 	if (!IS_ENABLED(CONFIG_X86_64))
- 		return;
- 
- 	if (!boot_cpu_has(X86_FEATURE_PCID))
- 		return;
- 
--	if (x86_match_cpu(invlpg_miss_ids)) {
-+	invlpg_miss_match = x86_match_cpu(invlpg_miss_ids);
-+
-+	if (invlpg_miss_match &&
-+	    boot_cpu_data.microcode < invlpg_miss_match->driver_data) {
- 		pr_info("Incomplete global flushes, disabling PCID");
- 		setup_clear_cpu_cap(X86_FEATURE_PCID);
- 		return;

submodules/ubuntu-kernel

@@ -1 +1 @@
-Subproject commit 273a2e40bc580c8356334ecf28f97a5513992f96
+Subproject commit faaab1a31a2ea4ed626fd001a4d27e9d69cc0d36

submodules/zfsonlinux

@@ -1 +1 @@
-Subproject commit 3db234ab64fd19425827df4379a5e4c6e70f269a
+Subproject commit 7cbbd2bfe5f149cc2f1c4180047b95b3bf072b2a