Commit Graph

72 Commits

Author SHA1 Message Date
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
0c12c00b3a rebase patches on top of Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
dbb1ed6d87 backport: block: fix silent corruption in Linux kernel 4.15
reproducer: https://www.spinics.net/lists/linux-block/msg28507.html
ubuntu bugreport: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1796542

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:22:27 +02:00
Thomas Lamprecht
9de43ded7a rebase patches on top of Ubuntu-4.15.0-35.38
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-09-17 11:46:13 +02:00
Thomas Lamprecht
16fb26e70c backport protection against userspace-userspace spectreRSB
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
72d7b7039d rebase patches on top of Ubuntu-4.15.0-34.37
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-28 12:00:57 +02:00
Thomas Lamprecht
9464be5351 rebase patches on top of Ubuntu-4.15.0-33.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 10:30:36 +02:00
Stoiko Ivanov
61721594cf add patch for hpsa, preventing clean reboots
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Stoiko Ivanov
2d13a2bdc2 add patch for CVE-2018-1118
The commit is already on bionic/master-next (first commit after the
latest tag on master-next)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Alexandre Derumier
49b6d16422 vrf patches
This fix
https://github.com/FRRouting/frr/issues/2460

we can remove the workaround net.ipv4.tcp_l3mdev_accept=1 with this patches.
2018-08-21 09:10:33 +02:00
Stoiko Ivanov
e2af2a6161 rebase patches on top of Ubuntu-4.15.0-32.35
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:43 +02:00
Stoiko Ivanov
72f9fd46cc add SGID non-directory fix
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792 add apparmor socket mediation fix
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336 rebase patches on top of Ubuntu-4.15.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e add KVM L1 guest escape - CVE-2018-12904 patch
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
e8834e95a2 igb: ensure setting MTU sets also max_frame_size
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
d3722c5c8a backport SUN NICs fix for OVS use
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
515973635b renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.

[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377 rebase patches on top of Ubuntu-4.15.0-22.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00
Thomas Lamprecht
c3592848d1 rebase patches on top of Ubuntu-4.15.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-03 08:16:40 +02:00
Wolfgang Bumiller
1e12ef0dcc fix #1737: merge: net: fix deadlock while clearing neighbor proxy table
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-25 14:28:43 +02:00
Fabian Grünbichler
927081a949 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
2068d368d7 revert broken kernel Makefile modification
see [1] for upstream report

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1758856/comments/1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
a214614ea9 rebase patches on top of Ubuntu-4.15.0-14.15
and drop those applied upstream

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
b25749a58c fix #1633: potential deadlock with shmem
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-28 15:17:19 +02:00
Fabian Grünbichler
8e89f13c59 fix #1633: potential deadlock with THPs
see https://marc.info/?l=linux-mm&m=151683828707588

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-27 16:02:05 +02:00
Fabian Grünbichler
ecef40a218 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
15baf5b4c2 rebase patches
and drop those applied in 4.14/4.15
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
55f9bfa990 update ACS override patch for 4.15
based on https://aur.archlinux.org/linux-vfio.git
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
3323a8b78c add cherry-picks for OCFS2 bug
see https://forum.proxmox.com/threads/ocfs2-kernel-bug.39163/
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
863ccb9670 add cherry-pick for NFS in network namespaces 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
38c79e8118 fix refcnt leaks with net namespaces
see https://github.com/lxc/lxc/issues/2141 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/
2018-02-21 09:18:49 +01:00
Fabian Grünbichler
a4b1a797a0 warn when non-RETPOLINED module gets loaded 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
ef812b062d cherry-pick sched-wait bug fix
(included in 4.15 and queued for 4.14)
2018-02-14 12:14:12 +01:00
Fabian Grünbichler
d320e5b2c3 cherry-pick scsi lpfc HBA bug fix
see https://forum.proxmox.com/threads/proxmox-5-1-lpfc-hba-emulex-lpe12000-error.39179/
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
3adc532101 rebase patches 2018-02-13 12:41:35 +01:00
Fabian Grünbichler
1da60899e3 add EDAC cherry-picks 2018-01-29 15:00:40 +01:00
Fabian Grünbichler
a70918fbbc restructure patches
rebase on Ubuntu-4.13.0-32.35

the effective kernel tree which gets compiled after patches have been
applied is functionally identical (modulo parts for architectures which
we don't care about and Ubuntu build files)
2018-01-29 14:22:56 +01:00
Fabian Grünbichler
81f370d513 fix syscall retpoline 2018-01-26 10:46:25 +01:00
Fabian Grünbichler
a0f7ab8a6a fix #1622: i40e memory leak
cherry-pick from upstream 4.14
2018-01-19 12:43:16 +01:00
Fabian Grünbichler
f90505f3a2 add tc fixes 2018-01-19 12:27:49 +01:00
Fabian Grünbichler
035dbe6708 KPTI/Spectre: add more fixes
* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre

based on Ubuntu-4.13.0-29.32 and mainline 4.14
2018-01-15 12:34:50 +01:00
Fabian Grünbichler
59d5af6732 build: reformat existing patches
drop numbers and commit hashes from patch metadata to reduce future
patch churn
2018-01-15 12:26:15 +01:00
Fabian Grünbichler
633c5ed17f revert buggy SCSI error handler commit
this causes kernel OOPS and upstream is unresponsive about it.

see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1726519
2018-01-08 11:51:24 +01:00
Fabian Grünbichler
76ec7e5931 update Spectre KVM PoC fix for AMD 2018-01-08 10:58:23 +01:00
Fabian Grünbichler
04f3b8beca KPTI: disable on AMD
and allow loading of microcode on recent AMD systems in preparation of
further Spectre fixes
2018-01-08 10:25:31 +01:00
Fabian Grünbichler
e4cdf2a53e KPTI: add follow-up fixes 2018-01-08 10:25:09 +01:00