Thomas Lamprecht
16fb26e70c
backport protection against userspace-userspace spectreRSB
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
72d7b7039d
rebase patches on top of Ubuntu-4.15.0-34.37
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-28 12:00:57 +02:00
Thomas Lamprecht
9464be5351
rebase patches on top of Ubuntu-4.15.0-33.36
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 10:30:36 +02:00
Stoiko Ivanov
61721594cf
add patch for hpsa, preventing clean reboots
...
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Stoiko Ivanov
2d13a2bdc2
add patch for CVE-2018-1118
...
The commit is already on bionic/master-next (first commit after the
latest tag on master-next)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Alexandre Derumier
49b6d16422
vrf patches
...
This fix
https://github.com/FRRouting/frr/issues/2460
we can remove the workaround net.ipv4.tcp_l3mdev_accept=1 with this patches.
2018-08-21 09:10:33 +02:00
Stoiko Ivanov
e2af2a6161
rebase patches on top of Ubuntu-4.15.0-32.35
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:43 +02:00
Stoiko Ivanov
72f9fd46cc
add SGID non-directory fix
...
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405 )
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792
add apparmor socket mediation fix
...
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336
rebase patches on top of Ubuntu-4.15.0-24.26
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e
add KVM L1 guest escape - CVE-2018-12904 patch
...
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
e8834e95a2
igb: ensure setting MTU sets also max_frame_size
...
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
d3722c5c8a
backport SUN NICs fix for OVS use
...
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
515973635b
renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
...
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.
[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377
rebase patches on top of Ubuntu-4.15.0-22.24
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00
Thomas Lamprecht
c3592848d1
rebase patches on top of Ubuntu-4.15.0-20.21
...
(generated with debian/scripts/import-upstream-tag)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-03 08:16:40 +02:00
Wolfgang Bumiller
1e12ef0dcc
fix #1737 : merge: net: fix deadlock while clearing neighbor proxy table
...
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-25 14:28:43 +02:00
Fabian Grünbichler
927081a949
rebase patches
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
2068d368d7
revert broken kernel Makefile modification
...
see [1] for upstream report
1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1758856/comments/1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
a214614ea9
rebase patches on top of Ubuntu-4.15.0-14.15
...
and drop those applied upstream
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
b25749a58c
fix #1633 : potential deadlock with shmem
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-28 15:17:19 +02:00
Fabian Grünbichler
8e89f13c59
fix #1633 : potential deadlock with THPs
...
see https://marc.info/?l=linux-mm&m=151683828707588
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-27 16:02:05 +02:00
Fabian Grünbichler
ecef40a218
rebase patches
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
15baf5b4c2
rebase patches
...
and drop those applied in 4.14/4.15
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
55f9bfa990
update ACS override patch for 4.15
...
based on https://aur.archlinux.org/linux-vfio.git
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
3323a8b78c
add cherry-picks for OCFS2 bug
...
see https://forum.proxmox.com/threads/ocfs2-kernel-bug.39163/
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
863ccb9670
add cherry-pick for NFS in network namespaces
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
38c79e8118
fix refcnt leaks with net namespaces
...
see https://github.com/lxc/lxc/issues/2141 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/
2018-02-21 09:18:49 +01:00
Fabian Grünbichler
a4b1a797a0
warn when non-RETPOLINED module gets loaded
2018-02-16 09:58:12 +01:00
Fabian Grünbichler
ef812b062d
cherry-pick sched-wait bug fix
...
(included in 4.15 and queued for 4.14)
2018-02-14 12:14:12 +01:00
Fabian Grünbichler
d320e5b2c3
cherry-pick scsi lpfc HBA bug fix
...
see https://forum.proxmox.com/threads/proxmox-5-1-lpfc-hba-emulex-lpe12000-error.39179/
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
3adc532101
rebase patches
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
1da60899e3
add EDAC cherry-picks
2018-01-29 15:00:40 +01:00
Fabian Grünbichler
a70918fbbc
restructure patches
...
rebase on Ubuntu-4.13.0-32.35
the effective kernel tree which gets compiled after patches have been
applied is functionally identical (modulo parts for architectures which
we don't care about and Ubuntu build files)
2018-01-29 14:22:56 +01:00
Fabian Grünbichler
81f370d513
fix syscall retpoline
2018-01-26 10:46:25 +01:00
Fabian Grünbichler
a0f7ab8a6a
fix #1622 : i40e memory leak
...
cherry-pick from upstream 4.14
2018-01-19 12:43:16 +01:00
Fabian Grünbichler
f90505f3a2
add tc fixes
2018-01-19 12:27:49 +01:00
Fabian Grünbichler
035dbe6708
KPTI/Spectre: add more fixes
...
* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre
based on Ubuntu-4.13.0-29.32 and mainline 4.14
2018-01-15 12:34:50 +01:00
Fabian Grünbichler
59d5af6732
build: reformat existing patches
...
drop numbers and commit hashes from patch metadata to reduce future
patch churn
2018-01-15 12:26:15 +01:00
Fabian Grünbichler
633c5ed17f
revert buggy SCSI error handler commit
...
this causes kernel OOPS and upstream is unresponsive about it.
see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1726519
2018-01-08 11:51:24 +01:00
Fabian Grünbichler
76ec7e5931
update Spectre KVM PoC fix for AMD
2018-01-08 10:58:23 +01:00
Fabian Grünbichler
04f3b8beca
KPTI: disable on AMD
...
and allow loading of microcode on recent AMD systems in preparation of
further Spectre fixes
2018-01-08 10:25:31 +01:00
Fabian Grünbichler
e4cdf2a53e
KPTI: add follow-up fixes
2018-01-08 10:25:09 +01:00
Fabian Grünbichler
b378f209dd
add objtool build fix
2018-01-07 13:18:22 +01:00
Fabian Grünbichler
7c7389df50
add Spectre PoC fix
...
picked from https://patchwork.kernel.org/patch/10147679/
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
321d628a98
add KPTI and related patches
...
picked from Ubuntu-4.13.0-23.26
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
19894df472
reorder patches
...
numbering got messed up in the previous upload
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
9e94988ca1
fix #1537 : cherry-pick AMD NPT / IOMMU fix
2018-01-02 10:01:56 +01:00
Fabian Grünbichler
6eb123031d
revert igb to 5.3.5.10
...
because 5.3.5.12 broke JUMBO_FRAMES (again)
2017-12-05 13:05:16 +01:00
Fabian Grünbichler
b42b4a1b96
cherry-pick KVM fix for old CPUs
2017-12-04 09:36:58 +01:00