Commit Graph

222 Commits

Author SHA1 Message Date
Thomas Lamprecht
ff71f8b949 update patches for 5.0.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 14:11:57 +02:00
Thomas Lamprecht
a599f53da3 rebase patches on top of Ubuntu-4.15.0-50.54
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:55:36 +02:00
Thomas Lamprecht
81801c5658 update patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 12:10:08 +02:00
Thomas Lamprecht
8713734e79 fix #2008: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
clean backport from kernel mainline commit
0e1b869fff60c81b510c2d00602d778f8f59dd9a  [0]

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e1b869fff60c81b510c2d00602d778f8f59dd9a

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-16 17:48:59 +02:00
Thomas Lamprecht
2de599de08 rebase patches on top of Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:18:45 +02:00
Thomas Lamprecht
89d8eaee98 rebase patches on top of Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
4e6465dfa5 backport fixes for multiple KVM vulnerabilities
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 14:51:28 +01:00
Thomas Lamprecht
cf6ea5cf34 backport: net: crypto set sk to NULL when af_alg_release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-21 14:39:03 +01:00
David Limbeck
c774433e2a add patch to fix ipset memory exhaustion
Add a patch from upstream until it is fixed in the Ubuntu 4.15 kernel.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
2019-02-20 15:43:31 +01:00
Thomas Lamprecht
91b336e761 backport i40e fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:42:55 +01:00
Thomas Lamprecht
322691b072 rebase patches on top of Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:41:14 +01:00
Thomas Lamprecht
835a39ebaa add fix for possible NULL pointer dereference in net/ipip
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:10:33 +01:00
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
0c12c00b3a rebase patches on top of Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
dbb1ed6d87 backport: block: fix silent corruption in Linux kernel 4.15
reproducer: https://www.spinics.net/lists/linux-block/msg28507.html
ubuntu bugreport: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1796542

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:22:27 +02:00
Thomas Lamprecht
9de43ded7a rebase patches on top of Ubuntu-4.15.0-35.38
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-09-17 11:46:13 +02:00
Thomas Lamprecht
16fb26e70c backport protection against userspace-userspace spectreRSB
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
72d7b7039d rebase patches on top of Ubuntu-4.15.0-34.37
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-28 12:00:57 +02:00
Thomas Lamprecht
9464be5351 rebase patches on top of Ubuntu-4.15.0-33.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 10:30:36 +02:00
Stoiko Ivanov
61721594cf add patch for hpsa, preventing clean reboots
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Stoiko Ivanov
2d13a2bdc2 add patch for CVE-2018-1118
The commit is already on bionic/master-next (first commit after the
latest tag on master-next)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Alexandre Derumier
49b6d16422 vrf patches
This fix
https://github.com/FRRouting/frr/issues/2460

we can remove the workaround net.ipv4.tcp_l3mdev_accept=1 with this patches.
2018-08-21 09:10:33 +02:00
Stoiko Ivanov
e2af2a6161 rebase patches on top of Ubuntu-4.15.0-32.35
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:43 +02:00
Stoiko Ivanov
72f9fd46cc add SGID non-directory fix
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792 add apparmor socket mediation fix
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336 rebase patches on top of Ubuntu-4.15.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e add KVM L1 guest escape - CVE-2018-12904 patch
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
d3722c5c8a backport SUN NICs fix for OVS use
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377 rebase patches on top of Ubuntu-4.15.0-22.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00
Thomas Lamprecht
c3592848d1 rebase patches on top of Ubuntu-4.15.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-03 08:16:40 +02:00
Wolfgang Bumiller
1e12ef0dcc fix #1737: merge: net: fix deadlock while clearing neighbor proxy table
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-25 14:28:43 +02:00
Fabian Grünbichler
927081a949 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
2068d368d7 revert broken kernel Makefile modification
see [1] for upstream report

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1758856/comments/1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
a214614ea9 rebase patches on top of Ubuntu-4.15.0-14.15
and drop those applied upstream

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
b25749a58c fix #1633: potential deadlock with shmem
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-28 15:17:19 +02:00
Fabian Grünbichler
8e89f13c59 fix #1633: potential deadlock with THPs
see https://marc.info/?l=linux-mm&m=151683828707588

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-27 16:02:05 +02:00
Fabian Grünbichler
ecef40a218 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
15baf5b4c2 rebase patches
and drop those applied in 4.14/4.15
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
55f9bfa990 update ACS override patch for 4.15
based on https://aur.archlinux.org/linux-vfio.git
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
3323a8b78c add cherry-picks for OCFS2 bug
see https://forum.proxmox.com/threads/ocfs2-kernel-bug.39163/
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
863ccb9670 add cherry-pick for NFS in network namespaces 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
38c79e8118 fix refcnt leaks with net namespaces
see https://github.com/lxc/lxc/issues/2141 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/
2018-02-21 09:18:49 +01:00
Fabian Grünbichler
a4b1a797a0 warn when non-RETPOLINED module gets loaded 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
ef812b062d cherry-pick sched-wait bug fix
(included in 4.15 and queued for 4.14)
2018-02-14 12:14:12 +01:00
Fabian Grünbichler
d320e5b2c3 cherry-pick scsi lpfc HBA bug fix
see https://forum.proxmox.com/threads/proxmox-5-1-lpfc-hba-emulex-lpe12000-error.39179/
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
3adc532101 rebase patches 2018-02-13 12:41:35 +01:00
Fabian Grünbichler
1da60899e3 add EDAC cherry-picks 2018-01-29 15:00:40 +01:00
Fabian Grünbichler
a70918fbbc restructure patches
rebase on Ubuntu-4.13.0-32.35

the effective kernel tree which gets compiled after patches have been
applied is functionally identical (modulo parts for architectures which
we don't care about and Ubuntu build files)
2018-01-29 14:22:56 +01:00
Fabian Grünbichler
81f370d513 fix syscall retpoline 2018-01-26 10:46:25 +01:00
Fabian Grünbichler
a0f7ab8a6a fix #1622: i40e memory leak
cherry-pick from upstream 4.14
2018-01-19 12:43:16 +01:00
Fabian Grünbichler
f90505f3a2 add tc fixes 2018-01-19 12:27:49 +01:00
Fabian Grünbichler
035dbe6708 KPTI/Spectre: add more fixes
* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre

based on Ubuntu-4.13.0-29.32 and mainline 4.14
2018-01-15 12:34:50 +01:00
Fabian Grünbichler
59d5af6732 build: reformat existing patches
drop numbers and commit hashes from patch metadata to reduce future
patch churn
2018-01-15 12:26:15 +01:00
Fabian Grünbichler
633c5ed17f revert buggy SCSI error handler commit
this causes kernel OOPS and upstream is unresponsive about it.

see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1726519
2018-01-08 11:51:24 +01:00
Fabian Grünbichler
76ec7e5931 update Spectre KVM PoC fix for AMD 2018-01-08 10:58:23 +01:00
Fabian Grünbichler
04f3b8beca KPTI: disable on AMD
and allow loading of microcode on recent AMD systems in preparation of
further Spectre fixes
2018-01-08 10:25:31 +01:00
Fabian Grünbichler
e4cdf2a53e KPTI: add follow-up fixes 2018-01-08 10:25:09 +01:00
Fabian Grünbichler
b378f209dd add objtool build fix 2018-01-07 13:18:22 +01:00
Fabian Grünbichler
7c7389df50 add Spectre PoC fix
picked from https://patchwork.kernel.org/patch/10147679/
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
321d628a98 add KPTI and related patches
picked from Ubuntu-4.13.0-23.26
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
19894df472 reorder patches
numbering got messed up in the previous upload
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
9e94988ca1 fix #1537: cherry-pick AMD NPT / IOMMU fix 2018-01-02 10:01:56 +01:00
Fabian Grünbichler
b42b4a1b96 cherry-pick KVM fix for old CPUs 2017-12-04 09:36:58 +01:00
Fabian Grünbichler
905722fbce cherry-pick / backport IB fixes
see https://forum.proxmox.com/threads/pve-5-1-and-infiniband-issues.37575/
2017-12-04 09:36:19 +01:00
Fabian Grünbichler
ddad99c986 cherry-pick vhost perf regression and mem-leak fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
9a9f6e04a7 cherry-pick final KVM BSOD fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
777ee9fe67 revert mmu changes causing bluescreens 2017-11-29 09:48:40 +01:00
Fabian Grünbichler
e03fa66fce add cpuset v2 in v1 cherry-picks 2017-09-27 10:06:33 +02:00
Fabian Grünbichler
b9e76370ab build: rebase and refactor kernel patches 2017-09-26 10:46:35 +02:00