Commit Graph

248 Commits

Author SHA1 Message Date
Thomas Lamprecht
818dfceac5 patches: make disable split btf diff a full-blown patch
else our update-to-tag rebase script fails to "git-am" this one

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-01-11 06:28:23 +01:00
Thomas Lamprecht
7ffd90ef3e update to Ubuntu-5.15.0-14.14
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-12-14 18:22:39 +01:00
Fabian Grünbichler
bc1d191389 KConfig: disable module BTF debug info
enabling this effectively makes the debug info of the kernel image part
of the kernel <-> module ABI[0], potentially breaking module loading for
otherwise compatible kernel/module combinations.

there were several user reports[1,2,3,..], and although a workaround
exists (re-installing the currently booted version, loading the module,
then upgrading again) disabling this until it's clear how to proceed
seems like the way to go.

disabling via patch is needed, since leaving it unset via `-d` or
explicitly disabled via `--set-val` doesn't work - it's auto-enabled
based on build-env pahole supporting split BTF generation.

0: https://lore.kernel.org/all/1637926692.uyvrkty41j.astroid@nora.none/
1: https://forum.proxmox.com/threads/realtek-8156-2-5gbe-usb-nic.69903/#post-433793
2: https://forum.proxmox.com/threads/usb-storage-can-not-be-mounted.100480/
3: https://forum.proxmox.com/threads/neuer-server-und-probleme.99098/#post-427862

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-12-14 13:31:05 +01:00
Thomas Lamprecht
74962917c2 switch from impish to jelly as base ubuntu kernel
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-11-30 15:55:43 +01:00
Thomas Lamprecht
3ea6393f63 rebase patches on top of Ubuntu-5.13.0-23.23
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-11-29 18:09:38 +01:00
Thomas Lamprecht
fda70d3865 drop oboslete ocfs2 patch
now upstreamed in a slightly different way

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-11-29 18:09:38 +01:00
Fabian Ebner
25aba572ca Backport two io-wq fixes relevant for io_uring
There were quite a few reports in the community forum about Windows
VMs with SATA disks not working after upgrading to kernel 5.13.
Issue was reproducible during the installation of Win2019 (suggested
by Thomas), and it's already fixed in 5.15. Bisecting led to
    io-wq: split bounded and unbounded work into separate lists
as the commit fixing the issue.

Indeed, the commit states
    Fixes: ecc53c48c13d ("io-wq: check max_worker limits if a worker transitions bound state")
which is present as a backport in ubuntu-impish:
    f9eb79f840052285408ae9082dc4419dc1397954

The first backport
    io-wq: fix queue stalling race
also sounds nice to have and additionally served as a preparation for
the second one to apply more cleanly.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2021-11-23 13:19:53 +01:00
Thomas Lamprecht
38c898a1b6 Revert "block: remove the -ERESTARTSYS handling in blkdev_get_by_dev"
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2021-11-09 12:56:54 +01:00
Thomas Lamprecht
46951972bc rebase patches on top of Ubuntu-5.13.0-22.22
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-11-06 13:07:52 +01:00
Thomas Lamprecht
4fce12053e rebase patches on top of Ubuntu-5.13.0-21.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-10-19 13:40:56 +02:00
Thomas Lamprecht
68145b3f84 backport "ocfs2: mount fails with buffer overflow in strlen"
we've got good feedback from customers and the patch got two R-b's
and no NAK or the like upstream:

https://lore.kernel.org/all/20210929180654.32460-1-vvidic@valentin-vidic.from.hr/t/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-10-18 14:04:36 +02:00
Fabian Ebner
fb9edd57ac remove outdated io_uring patch
The patch is not needed anymore, because the fix is already in
ubuntu-impish (commit d0b69849e40b2c3582f1cd6573f8e0d3a033d078).
Unfortunately, the patch still applied (in the wrong place), making it
hard to notice.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2021-09-30 17:41:47 +02:00
Thomas Lamprecht
2445fd0873 update patches for Ubuntu-5.13.0-17.17
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-09-27 12:43:06 +02:00
Thomas Lamprecht
d6a491197c backport "blk-mq: fix kernel panic during iterating over flush request"
see https://forum.proxmox.com/threads/96598/#post-418247

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-09-21 07:15:18 +02:00
Thomas Lamprecht
c058ed8e33 rebase patches on top of Ubuntu-5.11.0-34.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-08-27 09:20:57 +02:00
Fabian Grünbichler
a7de27ff7d fix #3552: cherry-pick PCI probe fixes
breaking some NVME setups. these should be picked up by one of the next
Ubuntu kernel releases, since both the breaking change and the fix are
authored by Canonical devs.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-08-26 14:51:27 +02:00
Stoiko Ivanov
a7073f6bff cherry-pick fixes for CVE-2021-3653 and CVE-2021-3656
from ubuntu-hirsute upstream/master-next

cherry-pick only the 2 patches, because master-next is 970 commits
ahead of our current master.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-08-19 08:49:26 +02:00
Fabian Ebner
437b51a73b backport fix for io_uring to prevent kernel panic
which could be triggered in some corner cases with (but most likely
not limited to) LVM-backed QEMU guests using io_uring.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2021-07-28 10:50:19 +02:00
Thomas Lamprecht
bf5098de79 rebase patches on top of Ubuntu-5.11.0-26.28
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-21 18:22:17 +02:00
Thomas Lamprecht
97b871128f bump version to 5.11.22-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-20 21:40:49 +02:00
Thomas Lamprecht
53dd604743 net: bridge: sync fdb to new unicast-filtering ports
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-02 16:21:17 +02:00
Thomas Lamprecht
be7e04a3d7 rebase patches on top of Ubuntu-5.11.0-23.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-06-23 08:52:39 +02:00
Thomas Lamprecht
63bf12370e update to Ubuntu-5.11.0-12.13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-18 14:03:14 +01:00
Thomas Lamprecht
b9aab0288c ubdate sources and patches to Ubuntu-5.11.0-11.12
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-02 13:34:58 +01:00
Thomas Lamprecht
1deaf0f816 stop reverting turning on nested virtualization by default
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-02 13:34:34 +01:00
Thomas Lamprecht
b65123988c base on Ubuntu Hirsute kernel
drop applied patches and update README

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-15 15:10:56 +01:00
Thomas Lamprecht
2d22bb871a cherry-pick "vfs: allow unprivileged whiteout creation"
This was in v5.7 and is rather straight forward, fixes issue for some
users:
https://forum.proxmox.com/threads/task-error-unable-to-restore-ct-106.79901/#post-354223

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 13:36:13 +01:00
Thomas Lamprecht
2501fb7b84 Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
Reported to cause problems with HPE DL gen 9 servers, where the
module is in use[0].

Upstream has not followup for this (at least none obvious), replied
to the original patch to notify them about potential problems[1]

[0]: https://forum.proxmox.com/threads/hp-dl-380-gen-9-issues-on-5-4-73-5-4-78-kernel.79907/page-2#post-354176
[1]: https://lore.kernel.org/linux-scsi/54f36c62-10bf-8736-39ce-27ece097d9de@proxmox.com/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-12-03 11:21:44 +01:00
Thomas Lamprecht
aa81f09ac6 rebase patches on top of Ubuntu-5.4.0-57.63
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-30 10:57:04 +01:00
Thomas Lamprecht
11ed605e92 rebase patches on top of Ubuntu-5.4.0-55.61
(generated with debian/scripts/import-upstream-tag)
+ manually dropped the now hopefully superfluous.
0006-Revert-scsi-lpfc-Fix-broken-Credit-Recovery-after-dr.patch

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-16 10:50:31 +01:00
Thomas Lamprecht
09ceb5a3e4 make unregister_netdev error less of a PITA
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-07 17:19:42 +02:00
Thomas Lamprecht
aca38cac89 update sources to Ubuntu-5.4.0-49.53
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-09-21 15:39:37 +02:00
Thomas Lamprecht
861cb4ecb1 backport overflow fix for net/packet receive handling
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-09-04 10:21:46 +02:00
Thomas Lamprecht
0054ae0629 rebase patches on top of Ubuntu-5.4.0-46.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-08-31 10:34:18 +02:00
Thomas Lamprecht
6b841d38be update to Ubuntu-5.4.0-43.47
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-08-19 16:30:53 +02:00
Thomas Lamprecht
0ced22e49e backport cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-01 16:02:48 +02:00
Thomas Lamprecht
161bea4e83 Revert "scsi: lpfc: Fix broken Credit Recovery after driver load"
https://forum.proxmox.com/threads/proxmox-6-2-lpfc-error-port-type-wrong.69680/#post-312491
https://lore.kernel.org/linux-scsi/20200512212855.36q2ut2io2cdtagn@zeha.at/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-15 14:50:07 +02:00
Thomas Lamprecht
6865b4eac1 rebase patches on top of Ubuntu-5.4.0-32.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-15 14:02:12 +02:00
Thomas Lamprecht
502cef0d4f drop upstreamed fix shifts patch
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-15 14:01:12 +02:00
Thomas Lamprecht
9cb1be298d backport followup fix for shiftfs/overlayfs
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-07 10:01:19 +02:00
Thomas Lamprecht
9522496954 rebase patches on top of Ubuntu-5.4.0-30.34
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-06 10:35:12 +02:00
Thomas Lamprecht
9f9b41276c rebase patches on top of Ubuntu-5.4.0-24.28
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-04-10 09:11:21 +02:00
Thomas Lamprecht
9e78c7995a rebase patches on top of Ubuntu-5.4.0-19.23
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-23 15:01:39 +01:00
Thomas Lamprecht
a80f88c1be rebase patches on top of Ubuntu-5.4.0-18.22
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 12:58:18 +01:00
Thomas Lamprecht
625b5c77e0 switch over to ubuntu focal 20.04 kernel
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-02 17:32:42 +01:00
Thomas Lamprecht
17f964317d rebase patches on top of Ubuntu-5.3.0-41.33
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-02-15 14:00:47 +01:00
Thomas Lamprecht
6ad155377d rebase patches on top of Ubuntu-5.3.0-40.32
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-02-05 11:47:41 +01:00
Thomas Lamprecht
de6f4b1d95 backport fixes for information leak within a KVM guest
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-31 13:14:32 +01:00
Thomas Lamprecht
7284a6db39 rebase patches on top of Ubuntu-5.3.0-29.31
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-24 09:48:43 +01:00
Thomas Lamprecht
34fce89fd4 fix #2549: backport: drm/i915: Avoid HPD poll detect triggering a new detect cycle
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-23 13:04:17 +01:00
Stefan Reiter
9538cc28e9 Add MCE patch for Threadripper 3000 series compatibility
A forum user reported that our kernel does not boot on Threadripper 3000
series CPUs, unless 'mce=off' is provided on the kernel commandline. [0]

This is a known issue, which has been fixed in mainline kernels and
backported to 5.4, 4.19 and 4.14 [1]. It is not, however, included in
5.3, nor in the Ubuntu builds. [2]

This patch is the original one posted for 5.5, which is the same as the
one ported to 5.4. It also applies cleanly to 5.3, and should work the
same, seeing as the backports to older versions do not have functional
changes either.

[0] https://forum.proxmox.com/threads/bug-pve-wont-boot-properly.63432/
[1] https://patchwork.kernel.org/project/linux-edac/list/?q=Allow+Reserved+types+to+be+overwritten+in+smca_banks
[2] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/log/?qt=grep&q=Allow+Reserved+types+to+be+overwritten+in+smca_banks

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2020-01-15 15:26:11 +01:00
Thomas Lamprecht
6985f5cc9e rebase patches on top of Ubuntu-5.3.0-25.27
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-05 07:16:43 +01:00
Thomas Lamprecht
8d0ce71c45 rebase patches on top of Ubuntu-5.3.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-14 10:42:02 +01:00
Thomas Lamprecht
a7939a9abe rebase patches on top of Ubuntu-5.3.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-23 18:58:29 +02:00
Thomas Lamprecht
225abd65e1 remove unused patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-02 17:04:35 +02:00
Thomas Lamprecht
ba68212d64 rebase patches for eoan
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-01 18:57:02 +02:00
Thomas Lamprecht
0570f90d28 backport new FPU register copy helpers
This allows us to fix the ZFS SIMD patch for 5.0 kernel way easier.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-09-27 14:43:41 +02:00
Thomas Lamprecht
b671e62ef8 rebase patches on top of Ubuntu-5.0.0-28.30
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-09-05 10:26:04 +02:00
Thomas Lamprecht
b9200da0c5 backport vhost_net: disable zerocopy by default
It seems to make general problems[0], and upstream changed the
default back to 0 again[1] (was enabled long ago, ca. 2012).

[0]: https://pve.proxmox.com/pipermail/pve-devel/2019-August/038571.html
[1]: https://git.kernel.org/torvalds/c/098eadce3c622c07b328d0a43dda379b38cf7c5e

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-08-21 09:50:11 +02:00
Thomas Lamprecht
118616fd5f rebase patches on top of Ubuntu-5.0.0-26.27
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-08-20 17:13:36 +02:00
Thomas Lamprecht
f4beb2f868 rebase patches on top of Ubuntu-5.0.0-22.23
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-24 08:12:25 +02:00
Thomas Lamprecht
225d38f866 backport: rbd: don't assert on writes to snapshots
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-24 08:11:49 +02:00
Thomas Lamprecht
ff93581f3f rebase patches on top of Ubuntu-5.0.0-18.19
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-18 07:28:40 +02:00
Thomas Lamprecht
6ac09c547c revert KVM nested param back to off as default, for now
Else everyone booting the 5.0 based kernel will have nesting
activated by default[0], and this break live migration for all VMs
with CPU type host, even if they do not host KVM (nested) guests
themself and never made a VMX call, at least with newer QEMU versions
>= 3.1 [1]

While the kernel now may had good reasons to change the default to
true for this[0], i.e., it can now handle nested guest migrations in
a nice and sane way, the user space side of this in QEMU is not yet
ready, and may only become so with or even after 4.1.

After we have a working qemu which can also live migrate arbitrary
nested guest we may well enable this as default, but until then it
brings just pain but no advantage.

So let's protect people which did not manually enabled nesting for
a live-migration breakage. All those who enabled nesting manually
them self knew that it was still experimental and thus will have to
live with their decision and have a live migration breakage (for
those VMs with CPU type 'host')

[0]: https://git.kernel.org/torvalds/c/1e58e5e59148916fa43444a406335a990783fb78
[1]: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=d98f26073bebddcd3da0ba1b86c3a34e840c0fb8

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-08 20:12:35 +02:00
Thomas Lamprecht
ff71f8b949 update patches for 5.0.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 14:11:57 +02:00
Thomas Lamprecht
a599f53da3 rebase patches on top of Ubuntu-4.15.0-50.54
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:55:36 +02:00
Thomas Lamprecht
81801c5658 update patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 12:10:08 +02:00
Thomas Lamprecht
8713734e79 fix #2008: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
clean backport from kernel mainline commit
0e1b869fff60c81b510c2d00602d778f8f59dd9a  [0]

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e1b869fff60c81b510c2d00602d778f8f59dd9a

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-16 17:48:59 +02:00
Thomas Lamprecht
2de599de08 rebase patches on top of Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:18:45 +02:00
Thomas Lamprecht
89d8eaee98 rebase patches on top of Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
4e6465dfa5 backport fixes for multiple KVM vulnerabilities
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 14:51:28 +01:00
Thomas Lamprecht
cf6ea5cf34 backport: net: crypto set sk to NULL when af_alg_release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-21 14:39:03 +01:00
David Limbeck
c774433e2a add patch to fix ipset memory exhaustion
Add a patch from upstream until it is fixed in the Ubuntu 4.15 kernel.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
2019-02-20 15:43:31 +01:00
Thomas Lamprecht
91b336e761 backport i40e fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:42:55 +01:00
Thomas Lamprecht
322691b072 rebase patches on top of Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:41:14 +01:00
Thomas Lamprecht
835a39ebaa add fix for possible NULL pointer dereference in net/ipip
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:10:33 +01:00
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
0c12c00b3a rebase patches on top of Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
dbb1ed6d87 backport: block: fix silent corruption in Linux kernel 4.15
reproducer: https://www.spinics.net/lists/linux-block/msg28507.html
ubuntu bugreport: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1796542

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:22:27 +02:00
Thomas Lamprecht
9de43ded7a rebase patches on top of Ubuntu-4.15.0-35.38
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-09-17 11:46:13 +02:00
Thomas Lamprecht
16fb26e70c backport protection against userspace-userspace spectreRSB
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
72d7b7039d rebase patches on top of Ubuntu-4.15.0-34.37
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-28 12:00:57 +02:00
Thomas Lamprecht
9464be5351 rebase patches on top of Ubuntu-4.15.0-33.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 10:30:36 +02:00
Stoiko Ivanov
61721594cf add patch for hpsa, preventing clean reboots
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Stoiko Ivanov
2d13a2bdc2 add patch for CVE-2018-1118
The commit is already on bionic/master-next (first commit after the
latest tag on master-next)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Alexandre Derumier
49b6d16422 vrf patches
This fix
https://github.com/FRRouting/frr/issues/2460

we can remove the workaround net.ipv4.tcp_l3mdev_accept=1 with this patches.
2018-08-21 09:10:33 +02:00
Stoiko Ivanov
e2af2a6161 rebase patches on top of Ubuntu-4.15.0-32.35
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:43 +02:00
Stoiko Ivanov
72f9fd46cc add SGID non-directory fix
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792 add apparmor socket mediation fix
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336 rebase patches on top of Ubuntu-4.15.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e add KVM L1 guest escape - CVE-2018-12904 patch
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
e8834e95a2 igb: ensure setting MTU sets also max_frame_size
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
d3722c5c8a backport SUN NICs fix for OVS use
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
515973635b renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.

[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377 rebase patches on top of Ubuntu-4.15.0-22.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00
Thomas Lamprecht
c3592848d1 rebase patches on top of Ubuntu-4.15.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-03 08:16:40 +02:00
Wolfgang Bumiller
1e12ef0dcc fix #1737: merge: net: fix deadlock while clearing neighbor proxy table
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-25 14:28:43 +02:00
Fabian Grünbichler
927081a949 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
2068d368d7 revert broken kernel Makefile modification
see [1] for upstream report

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1758856/comments/1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
a214614ea9 rebase patches on top of Ubuntu-4.15.0-14.15
and drop those applied upstream

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
b25749a58c fix #1633: potential deadlock with shmem
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-28 15:17:19 +02:00
Fabian Grünbichler
8e89f13c59 fix #1633: potential deadlock with THPs
see https://marc.info/?l=linux-mm&m=151683828707588

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-27 16:02:05 +02:00
Fabian Grünbichler
ecef40a218 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
15baf5b4c2 rebase patches
and drop those applied in 4.14/4.15
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
55f9bfa990 update ACS override patch for 4.15
based on https://aur.archlinux.org/linux-vfio.git
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
3323a8b78c add cherry-picks for OCFS2 bug
see https://forum.proxmox.com/threads/ocfs2-kernel-bug.39163/
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
863ccb9670 add cherry-pick for NFS in network namespaces 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
38c79e8118 fix refcnt leaks with net namespaces
see https://github.com/lxc/lxc/issues/2141 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/
2018-02-21 09:18:49 +01:00
Fabian Grünbichler
a4b1a797a0 warn when non-RETPOLINED module gets loaded 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
ef812b062d cherry-pick sched-wait bug fix
(included in 4.15 and queued for 4.14)
2018-02-14 12:14:12 +01:00
Fabian Grünbichler
d320e5b2c3 cherry-pick scsi lpfc HBA bug fix
see https://forum.proxmox.com/threads/proxmox-5-1-lpfc-hba-emulex-lpe12000-error.39179/
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
3adc532101 rebase patches 2018-02-13 12:41:35 +01:00
Fabian Grünbichler
1da60899e3 add EDAC cherry-picks 2018-01-29 15:00:40 +01:00
Fabian Grünbichler
a70918fbbc restructure patches
rebase on Ubuntu-4.13.0-32.35

the effective kernel tree which gets compiled after patches have been
applied is functionally identical (modulo parts for architectures which
we don't care about and Ubuntu build files)
2018-01-29 14:22:56 +01:00
Fabian Grünbichler
81f370d513 fix syscall retpoline 2018-01-26 10:46:25 +01:00
Fabian Grünbichler
a0f7ab8a6a fix #1622: i40e memory leak
cherry-pick from upstream 4.14
2018-01-19 12:43:16 +01:00
Fabian Grünbichler
f90505f3a2 add tc fixes 2018-01-19 12:27:49 +01:00
Fabian Grünbichler
035dbe6708 KPTI/Spectre: add more fixes
* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre

based on Ubuntu-4.13.0-29.32 and mainline 4.14
2018-01-15 12:34:50 +01:00
Fabian Grünbichler
59d5af6732 build: reformat existing patches
drop numbers and commit hashes from patch metadata to reduce future
patch churn
2018-01-15 12:26:15 +01:00
Fabian Grünbichler
633c5ed17f revert buggy SCSI error handler commit
this causes kernel OOPS and upstream is unresponsive about it.

see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1726519
2018-01-08 11:51:24 +01:00
Fabian Grünbichler
76ec7e5931 update Spectre KVM PoC fix for AMD 2018-01-08 10:58:23 +01:00
Fabian Grünbichler
04f3b8beca KPTI: disable on AMD
and allow loading of microcode on recent AMD systems in preparation of
further Spectre fixes
2018-01-08 10:25:31 +01:00
Fabian Grünbichler
e4cdf2a53e KPTI: add follow-up fixes 2018-01-08 10:25:09 +01:00
Fabian Grünbichler
b378f209dd add objtool build fix 2018-01-07 13:18:22 +01:00
Fabian Grünbichler
7c7389df50 add Spectre PoC fix
picked from https://patchwork.kernel.org/patch/10147679/
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
321d628a98 add KPTI and related patches
picked from Ubuntu-4.13.0-23.26
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
19894df472 reorder patches
numbering got messed up in the previous upload
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
9e94988ca1 fix #1537: cherry-pick AMD NPT / IOMMU fix 2018-01-02 10:01:56 +01:00
Fabian Grünbichler
6eb123031d revert igb to 5.3.5.10
because 5.3.5.12 broke JUMBO_FRAMES (again)
2017-12-05 13:05:16 +01:00
Fabian Grünbichler
b42b4a1b96 cherry-pick KVM fix for old CPUs 2017-12-04 09:36:58 +01:00
Fabian Grünbichler
905722fbce cherry-pick / backport IB fixes
see https://forum.proxmox.com/threads/pve-5-1-and-infiniband-issues.37575/
2017-12-04 09:36:19 +01:00
Fabian Grünbichler
ddad99c986 cherry-pick vhost perf regression and mem-leak fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
9a9f6e04a7 cherry-pick final KVM BSOD fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
777ee9fe67 revert mmu changes causing bluescreens 2017-11-29 09:48:40 +01:00
Fabian Grünbichler
25c35b26a1 update intel drivers to latest upstream releases 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
d060c84f4d drop patches applied upstream 2017-11-17 11:59:22 +01:00
Fabian Grünbichler
0e3176e76f fix CVE-2017-12188: nested KVM stack overflow 2017-10-13 11:33:03 +02:00
Fabian Grünbichler
2e38f6f987 update ZFS/SPL to 0.7.2
and switch submodule to simplify patch handling
2017-10-13 11:33:03 +02:00
Fabian Grünbichler
d84d9cdc47 ZFS/SPL: add 4.13 compat patches 2017-09-27 10:06:33 +02:00
Fabian Grünbichler
e03fa66fce add cpuset v2 in v1 cherry-picks 2017-09-27 10:06:33 +02:00
Fabian Grünbichler
a8ee21761c ixgbe: add 4.13 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
628004c405 igb: add 4.12 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
8021de509c intel: drop patches which are no longer needed 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
2f7beffd96 build: move intel NIC patches 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
b9e76370ab build: rebase and refactor kernel patches 2017-09-26 10:46:35 +02:00