vmx patch

The vmx patch tag covers a specific Linux kernel security fix for KVM VMX, registered as CVE-2022-49610. This patch addresses a Return Stack Buffer (RSB) underflow vulnerability that could occur between setting the guest's speculative-control state and executing the vmenter instruction on VMX. The fix enforces that no return instructions are executed between writing SPEC_CTRL and vmenter, hardening KVM against speculative execution exposures and preventing potential availability issues on affected hosts. The patch is a small but important change that strengthens Linux hypervisors while preserving normal VM entry behavior for typical workloads.