+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Thu, 14 Sep 2017 11:02:18 +0200
-Subject: [PATCH] bridge: keep MAC of first assigned port
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-original commit message:
-
-Default bridge changes MAC dynamically using smallest MAC of all
-connected ports (for no real reason). To avoid problems with ARP
-we simply use the MAC of the first connected port.
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- net/bridge/br_stp_if.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
-index d174d3a566aa..885e18c72c87 100644
---- a/net/bridge/br_stp_if.c
-+++ b/net/bridge/br_stp_if.c
-@@ -256,10 +256,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
- return false;
-
- list_for_each_entry(p, &br->port_list, list) {
-- if (addr == br_mac_zero ||
-- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
-- addr = p->dev->dev_addr;
--
-+ addr = p->dev->dev_addr;
- }
-
- if (ether_addr_equal(br->bridge_id.addr, addr))
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Thu, 14 Sep 2017 11:02:18 +0200
+Subject: [PATCH] bridge: keep MAC of first assigned port
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+original commit message:
+
+Default bridge changes MAC dynamically using smallest MAC of all
+connected ports (for no real reason). To avoid problems with ARP
+we simply use the MAC of the first connected port.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ net/bridge/br_stp_if.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
+index d174d3a566aa..885e18c72c87 100644
+--- a/net/bridge/br_stp_if.c
++++ b/net/bridge/br_stp_if.c
+@@ -256,10 +256,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
+ return false;
+
+ list_for_each_entry(p, &br->port_list, list) {
+- if (addr == br_mac_zero ||
+- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
+- addr = p->dev->dev_addr;
+-
++ addr = p->dev->dev_addr;
+ }
+
+ if (ether_addr_equal(br->bridge_id.addr, addr))
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mark Weiman <mark.weiman@markzz.com>
-Date: Wed, 7 Feb 2018 16:04:03 -0500
-Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This an updated version of Alex Williamson's patch from:
-https://lkml.org/lkml/2013/5/30/513
-
-Original commit message follows:
-PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
-allows us to control whether transactions are allowed to be redirected
-in various subnodes of a PCIe topology. For instance, if two
-endpoints are below a root port or downsteam switch port, the
-downstream port may optionally redirect transactions between the
-devices, bypassing upstream devices. The same can happen internally
-on multifunction devices. The transaction may never be visible to the
-upstream devices.
-
-One upstream device that we particularly care about is the IOMMU. If
-a redirection occurs in the topology below the IOMMU, then the IOMMU
-cannot provide isolation between devices. This is why the PCIe spec
-encourages topologies to include ACS support. Without it, we have to
-assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
-
-Unfortunately, far too many topologies do not support ACS to make this
-a steadfast requirement. Even the latest chipsets from Intel are only
-sporadically supporting ACS. We have trouble getting interconnect
-vendors to include the PCIe spec required PCIe capability, let alone
-suggested features.
-
-Therefore, we need to add some flexibility. The pcie_acs_override=
-boot option lets users opt-in specific devices or sets of devices to
-assume ACS support. The "downstream" option assumes full ACS support
-on root ports and downstream switch ports. The "multifunction"
-option assumes the subset of ACS features available on multifunction
-endpoints and upstream switch ports are supported. The "id:nnnn:nnnn"
-option enables ACS support on devices matching the provided vendor
-and device IDs, allowing more strategic ACS overrides. These options
-may be combined in any order. A maximum of 16 id specific overrides
-are available. It's suggested to use the most limited set of options
-necessary to avoid completely disabling ACS across the topology.
-Note to hardware vendors, we have facilities to permanently quirk
-specific devices which enforce isolation but not provide an ACS
-capability. Please contact me to have your devices added and save
-your customers the hassle of this boot option.
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- .../admin-guide/kernel-parameters.txt | 9 ++
- drivers/pci/quirks.c | 102 ++++++++++++++++++
- 2 files changed, 111 insertions(+)
-
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 174554924fb8..efa4a99121b7 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3434,6 +3434,15 @@
- Also, it enforces the PCI Local Bus spec
- rule that those bits should be 0 in system reset
- events (useful for kexec/kdump cases).
-+ pci_acs_override =
-+ [PCIE] Override missing PCIe ACS support for:
-+ downstream
-+ All downstream ports - full ACS capabilities
-+ multifunction
-+ Add multifunction devices - multifunction ACS subset
-+ id:nnnn:nnnn
-+ Specific device - full ACS capabilities
-+ Specified as vid:did (vendor/device ID) in hex
- noioapicquirk [APIC] Disable all boot interrupt quirks.
- Safety option to keep boot IRQs enabled. This
- should never be necessary.
-diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 18119626d5c8..529feee083e2 100644
---- a/drivers/pci/quirks.c
-+++ b/drivers/pci/quirks.c
-@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
- }
- fs_initcall_sync(pci_apply_final_quirks);
-
-+static bool acs_on_downstream;
-+static bool acs_on_multifunction;
-+
-+#define NUM_ACS_IDS 16
-+struct acs_on_id {
-+ unsigned short vendor;
-+ unsigned short device;
-+};
-+static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
-+static u8 max_acs_id;
-+
-+static __init int pcie_acs_override_setup(char *p)
-+{
-+ if (!p)
-+ return -EINVAL;
-+
-+ while (*p) {
-+ if (!strncmp(p, "downstream", 10))
-+ acs_on_downstream = true;
-+ if (!strncmp(p, "multifunction", 13))
-+ acs_on_multifunction = true;
-+ if (!strncmp(p, "id:", 3)) {
-+ char opt[5];
-+ int ret;
-+ long val;
-+
-+ if (max_acs_id >= NUM_ACS_IDS - 1) {
-+ pr_warn("Out of PCIe ACS override slots (%d)\n",
-+ NUM_ACS_IDS);
-+ goto next;
-+ }
-+
-+ p += 3;
-+ snprintf(opt, 5, "%s", p);
-+ ret = kstrtol(opt, 16, &val);
-+ if (ret) {
-+ pr_warn("PCIe ACS ID parse error %d\n", ret);
-+ goto next;
-+ }
-+ acs_on_ids[max_acs_id].vendor = val;
-+ p += strcspn(p, ":");
-+ if (*p != ':') {
-+ pr_warn("PCIe ACS invalid ID\n");
-+ goto next;
-+ }
-+
-+ p++;
-+ snprintf(opt, 5, "%s", p);
-+ ret = kstrtol(opt, 16, &val);
-+ if (ret) {
-+ pr_warn("PCIe ACS ID parse error %d\n", ret);
-+ goto next;
-+ }
-+ acs_on_ids[max_acs_id].device = val;
-+ max_acs_id++;
-+ }
-+next:
-+ p += strcspn(p, ",");
-+ if (*p == ',')
-+ p++;
-+ }
-+
-+ if (acs_on_downstream || acs_on_multifunction || max_acs_id)
-+ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
-+
-+ return 0;
-+}
-+early_param("pcie_acs_override", pcie_acs_override_setup);
-+
-+static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
-+{
-+ int i;
-+
-+ /* Never override ACS for legacy devices or devices with ACS caps */
-+ if (!pci_is_pcie(dev) ||
-+ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
-+ return -ENOTTY;
-+
-+ for (i = 0; i < max_acs_id; i++)
-+ if (acs_on_ids[i].vendor == dev->vendor &&
-+ acs_on_ids[i].device == dev->device)
-+ return 1;
-+
-+ switch (pci_pcie_type(dev)) {
-+ case PCI_EXP_TYPE_DOWNSTREAM:
-+ case PCI_EXP_TYPE_ROOT_PORT:
-+ if (acs_on_downstream)
-+ return 1;
-+ break;
-+ case PCI_EXP_TYPE_ENDPOINT:
-+ case PCI_EXP_TYPE_UPSTREAM:
-+ case PCI_EXP_TYPE_LEG_END:
-+ case PCI_EXP_TYPE_RC_END:
-+ if (acs_on_multifunction && dev->multifunction)
-+ return 1;
-+ }
-+
-+ return -ENOTTY;
-+}
-+
- /*
- * Decoding should be disabled for a PCI device during BAR sizing to avoid
- * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4698,6 +4798,8 @@ static const struct pci_dev_acs_enabled {
- { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
- /* APM X-Gene */
- { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
-+ /* Enable overrides for missing ACS capabilities */
-+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
- /* Ampere Computing */
- { PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs },
- { PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs },
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Thu, 14 Sep 2017 11:09:58 +0200
-Subject: [PATCH] kvm: disable default dynamic halt polling growth
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- virt/kvm/kvm_main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 35a82cb10556..84cf5dcb0405 100644
---- a/virt/kvm/kvm_main.c
-+++ b/virt/kvm/kvm_main.c
-@@ -76,7 +76,7 @@ module_param(halt_poll_ns, uint, 0644);
- EXPORT_SYMBOL_GPL(halt_poll_ns);
-
- /* Default doubles per-vcpu halt_poll_ns. */
--unsigned int halt_poll_ns_grow = 2;
-+unsigned int halt_poll_ns_grow = 0;
- module_param(halt_poll_ns_grow, uint, 0644);
- EXPORT_SYMBOL_GPL(halt_poll_ns_grow);
-
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Mark Weiman <mark.weiman@markzz.com>
+Date: Wed, 7 Feb 2018 16:04:03 -0500
+Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This an updated version of Alex Williamson's patch from:
+https://lkml.org/lkml/2013/5/30/513
+
+Original commit message follows:
+PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
+allows us to control whether transactions are allowed to be redirected
+in various subnodes of a PCIe topology. For instance, if two
+endpoints are below a root port or downsteam switch port, the
+downstream port may optionally redirect transactions between the
+devices, bypassing upstream devices. The same can happen internally
+on multifunction devices. The transaction may never be visible to the
+upstream devices.
+
+One upstream device that we particularly care about is the IOMMU. If
+a redirection occurs in the topology below the IOMMU, then the IOMMU
+cannot provide isolation between devices. This is why the PCIe spec
+encourages topologies to include ACS support. Without it, we have to
+assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
+
+Unfortunately, far too many topologies do not support ACS to make this
+a steadfast requirement. Even the latest chipsets from Intel are only
+sporadically supporting ACS. We have trouble getting interconnect
+vendors to include the PCIe spec required PCIe capability, let alone
+suggested features.
+
+Therefore, we need to add some flexibility. The pcie_acs_override=
+boot option lets users opt-in specific devices or sets of devices to
+assume ACS support. The "downstream" option assumes full ACS support
+on root ports and downstream switch ports. The "multifunction"
+option assumes the subset of ACS features available on multifunction
+endpoints and upstream switch ports are supported. The "id:nnnn:nnnn"
+option enables ACS support on devices matching the provided vendor
+and device IDs, allowing more strategic ACS overrides. These options
+may be combined in any order. A maximum of 16 id specific overrides
+are available. It's suggested to use the most limited set of options
+necessary to avoid completely disabling ACS across the topology.
+Note to hardware vendors, we have facilities to permanently quirk
+specific devices which enforce isolation but not provide an ACS
+capability. Please contact me to have your devices added and save
+your customers the hassle of this boot option.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ .../admin-guide/kernel-parameters.txt | 9 ++
+ drivers/pci/quirks.c | 102 ++++++++++++++++++
+ 2 files changed, 111 insertions(+)
+
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 174554924fb8..efa4a99121b7 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -3434,6 +3434,15 @@
+ Also, it enforces the PCI Local Bus spec
+ rule that those bits should be 0 in system reset
+ events (useful for kexec/kdump cases).
++ pci_acs_override =
++ [PCIE] Override missing PCIe ACS support for:
++ downstream
++ All downstream ports - full ACS capabilities
++ multifunction
++ Add multifunction devices - multifunction ACS subset
++ id:nnnn:nnnn
++ Specific device - full ACS capabilities
++ Specified as vid:did (vendor/device ID) in hex
+ noioapicquirk [APIC] Disable all boot interrupt quirks.
+ Safety option to keep boot IRQs enabled. This
+ should never be necessary.
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
+index 8991b59c5c5b..86f6b7ae6fe6 100644
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
+ }
+ fs_initcall_sync(pci_apply_final_quirks);
+
++static bool acs_on_downstream;
++static bool acs_on_multifunction;
++
++#define NUM_ACS_IDS 16
++struct acs_on_id {
++ unsigned short vendor;
++ unsigned short device;
++};
++static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
++static u8 max_acs_id;
++
++static __init int pcie_acs_override_setup(char *p)
++{
++ if (!p)
++ return -EINVAL;
++
++ while (*p) {
++ if (!strncmp(p, "downstream", 10))
++ acs_on_downstream = true;
++ if (!strncmp(p, "multifunction", 13))
++ acs_on_multifunction = true;
++ if (!strncmp(p, "id:", 3)) {
++ char opt[5];
++ int ret;
++ long val;
++
++ if (max_acs_id >= NUM_ACS_IDS - 1) {
++ pr_warn("Out of PCIe ACS override slots (%d)\n",
++ NUM_ACS_IDS);
++ goto next;
++ }
++
++ p += 3;
++ snprintf(opt, 5, "%s", p);
++ ret = kstrtol(opt, 16, &val);
++ if (ret) {
++ pr_warn("PCIe ACS ID parse error %d\n", ret);
++ goto next;
++ }
++ acs_on_ids[max_acs_id].vendor = val;
++ p += strcspn(p, ":");
++ if (*p != ':') {
++ pr_warn("PCIe ACS invalid ID\n");
++ goto next;
++ }
++
++ p++;
++ snprintf(opt, 5, "%s", p);
++ ret = kstrtol(opt, 16, &val);
++ if (ret) {
++ pr_warn("PCIe ACS ID parse error %d\n", ret);
++ goto next;
++ }
++ acs_on_ids[max_acs_id].device = val;
++ max_acs_id++;
++ }
++next:
++ p += strcspn(p, ",");
++ if (*p == ',')
++ p++;
++ }
++
++ if (acs_on_downstream || acs_on_multifunction || max_acs_id)
++ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
++
++ return 0;
++}
++early_param("pcie_acs_override", pcie_acs_override_setup);
++
++static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
++{
++ int i;
++
++ /* Never override ACS for legacy devices or devices with ACS caps */
++ if (!pci_is_pcie(dev) ||
++ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
++ return -ENOTTY;
++
++ for (i = 0; i < max_acs_id; i++)
++ if (acs_on_ids[i].vendor == dev->vendor &&
++ acs_on_ids[i].device == dev->device)
++ return 1;
++
++ switch (pci_pcie_type(dev)) {
++ case PCI_EXP_TYPE_DOWNSTREAM:
++ case PCI_EXP_TYPE_ROOT_PORT:
++ if (acs_on_downstream)
++ return 1;
++ break;
++ case PCI_EXP_TYPE_ENDPOINT:
++ case PCI_EXP_TYPE_UPSTREAM:
++ case PCI_EXP_TYPE_LEG_END:
++ case PCI_EXP_TYPE_RC_END:
++ if (acs_on_multifunction && dev->multifunction)
++ return 1;
++ }
++
++ return -ENOTTY;
++}
++
+ /*
+ * Decoding should be disabled for a PCI device during BAR sizing to avoid
+ * conflict. But doing so may cause problems on host bridge and perhaps other
+@@ -4764,6 +4864,8 @@ static const struct pci_dev_acs_enabled {
+ { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
+ /* APM X-Gene */
+ { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
++ /* Enable overrides for missing ACS capabilities */
++ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
+ /* Ampere Computing */
+ { PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs },
+ { PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs },
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Date: Fri, 7 Jun 2019 21:16:42 +0200
-Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default"
-
-This reverts commit 1e58e5e59148916fa43444a406335a990783fb78
-
-As we're not yet there, and this effectively breaks live migration
-for all VMs using host or +vmx which did not manually enabled nesting
-
-Those which already enabled nesting manually have already breakage,
-but that was something to expect. The situation will get better in
-the future (probably post qemu 4.1).
-
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- arch/x86/kvm/vmx/vmx.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
-index 8129b6b27c93..49987441862e 100644
---- a/arch/x86/kvm/vmx/vmx.c
-+++ b/arch/x86/kvm/vmx/vmx.c
-@@ -103,7 +103,7 @@ module_param(enable_apicv, bool, S_IRUGO);
- * VMX and be a hypervisor for its own guests. If nested=0, guests may not
- * use VMX instructions.
- */
--static bool __read_mostly nested = 1;
-+static bool __read_mostly nested = 0;
- module_param(nested, bool, S_IRUGO);
-
- static u64 __read_mostly host_xss;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Thu, 14 Sep 2017 11:09:58 +0200
+Subject: [PATCH] kvm: disable default dynamic halt polling growth
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ virt/kvm/kvm_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index 35a82cb10556..84cf5dcb0405 100644
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -76,7 +76,7 @@ module_param(halt_poll_ns, uint, 0644);
+ EXPORT_SYMBOL_GPL(halt_poll_ns);
+
+ /* Default doubles per-vcpu halt_poll_ns. */
+-unsigned int halt_poll_ns_grow = 2;
++unsigned int halt_poll_ns_grow = 0;
+ module_param(halt_poll_ns_grow, uint, 0644);
+ EXPORT_SYMBOL_GPL(halt_poll_ns_grow);
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Fri, 7 Jun 2019 21:16:42 +0200
+Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default"
+
+This reverts commit 1e58e5e59148916fa43444a406335a990783fb78
+
+As we're not yet there, and this effectively breaks live migration
+for all VMs using host or +vmx which did not manually enabled nesting
+
+Those which already enabled nesting manually have already breakage,
+but that was something to expect. The situation will get better in
+the future (probably post qemu 4.1).
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/vmx/vmx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
+index 39a116d43993..25ecb53517eb 100644
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -103,7 +103,7 @@ module_param(enable_apicv, bool, S_IRUGO);
+ * VMX and be a hypervisor for its own guests. If nested=0, guests may not
+ * use VMX instructions.
+ */
+-static bool __read_mostly nested = 1;
++static bool __read_mostly nested = 0;
+ module_param(nested, bool, S_IRUGO);
+
+ static u64 __read_mostly host_xss;