update ABI file for 4.15.18-30-pve

(generated with debian/scripts/abi-generate) Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
bump version to 4.15.18-58
2020-06-16 16:07:50 +02:00 · 2020-06-12 14:21:52 +02:00 · 2020-06-12 13:50:05 +02:00 · 2020-05-18 15:48:05 +02:00 · 2020-05-18 14:35:07 +02:00 · 2020-05-18 14:04:32 +02:00
52 changed files with 25103 additions and 25104 deletions
@@ -1 +1,2 @@
 ubuntu-zesty
+*.prepared
@@ -1,6 +1,6 @@
-[submodule "submodules/ubuntu-artful"]
-	path = submodules/ubuntu-artful
-	url = ../mirror_ubuntu-artful-kernel
 [submodule "submodules/zfsonlinux"]
 	path = submodules/zfsonlinux
 	url = ../zfsonlinux
+[submodule "submodules/ubuntu-bionic"]
+	path = submodules/ubuntu-bionic
+	url = ../mirror_ubuntu-bionic-kernel
@@ -1,12 +1,12 @@
-RELEASE=5.1
-
-# also update pve-kernel-meta.git if either of these change
+# also bump pve-kernel-meta if either of MAJ.MIN, PATCHLEVEL or KREL change
 KERNEL_MAJ=4
-KERNEL_MIN=13
-KERNEL_PATCHLEVEL=16
-KREL=4
+KERNEL_MIN=15
+KERNEL_PATCHLEVEL=18
+# increment KREL if the ABI changes (abicheck target in debian/rules)
+# rebuild packages with new KREL and run 'make abiupdate'
+KREL=30

-PKGREL=51
+PKGREL=58

 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
 KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
@@ -37,30 +37,25 @@ endif

 BUILD_DIR=build

-KERNEL_SRC=ubuntu-artful
+KERNEL_SRC=ubuntu-bionic
 KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC)
 KERNEL_CFG_ORG=config-${KERNEL_VER}.org

-E1000EDIR=e1000e-3.3.6
+E1000EDIR=e1000e-3.4.1.1
 E1000ESRC=${E1000EDIR}.tar.gz

-IGBDIR=igb-5.3.5.10
+IGBDIR=igb-5.3.5.18
 IGBSRC=${IGBDIR}.tar.gz

-IXGBEDIR=ixgbe-5.3.3
-IXGBESRC=${IXGBEDIR}.tar.gz
-
 ZFSONLINUX_SUBMODULE=submodules/zfsonlinux
 SPLDIR=pkg-spl
-SPLSRC=${ZFSONLINUX_SUBMODULE}/spl-debian
 ZFSDIR=pkg-zfs
-ZFSSRC=${ZFSONLINUX_SUBMODULE}/zfs-debian

 MODULES=modules
-MODULE_DIRS=${E1000EDIR} ${IGBDIR} ${IXGBEDIR} ${SPLDIR} ${ZFSDIR}
+MODULE_DIRS=${E1000EDIR} ${IGBDIR} ${SPLDIR} ${ZFSDIR}

 # exported to debian/rules via debian/rules.d/dirs.mk
-DIRS=KERNEL_SRC E1000EDIR IGBDIR IXGBEDIR SPLDIR ZFSDIR MODULES
+DIRS=KERNEL_SRC E1000EDIR IGBDIR SPLDIR ZFSDIR MODULES

 DST_DEB=${PACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
 HDR_DEB=${HDRPACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
@@ -112,7 +107,7 @@ ${KERNEL_SRC}.prepared: ${KERNEL_SRC_SUBMODULE} | submodule
 	cp ${KERNEL_CFG_ORG} ${BUILD_DIR}/${KERNEL_SRC}/.config
 	sed -i ${BUILD_DIR}/${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
 	rm -rf ${BUILD_DIR}/${KERNEL_SRC}/debian ${BUILD_DIR}/${KERNEL_SRC}/debian.master
-	cd ${BUILD_DIR}/${KERNEL_SRC}; for patch in ../../patches/kernel/*.patch; do patch -p1 < $${patch}; done
+	set -e; cd ${BUILD_DIR}/${KERNEL_SRC}; for patch in ../../patches/kernel/*.patch; do echo "applying patch '$$patch'" && patch -p1 < $${patch}; done
 	touch $@

 ${MODULES}.prepared: $(addsuffix .prepared,${MODULE_DIRS})
@@ -124,41 +119,28 @@ ${E1000EDIR}.prepared: ${E1000ESRC}
 	tar --strip-components=1 -C ${BUILD_DIR}/${MODULES}/${E1000EDIR} -xf ${E1000ESRC}
 	cd ${BUILD_DIR}/${MODULES}/${E1000EDIR}; patch -p1 < ../../../patches/intel/intel-module-gcc6-compat.patch
 	cd ${BUILD_DIR}/${MODULES}/${E1000EDIR}; patch -p1 < ../../../patches/intel/e1000e/e1000e_4.10_max-mtu.patch
+	cd ${BUILD_DIR}/${MODULES}/${E1000EDIR}; patch -p1 < ../../../patches/intel/e1000e/e1000e_4.15-new-timer.patch
 	touch $@

 ${IGBDIR}.prepared: ${IGBSRC}
 	rm -rf ${BUILD_DIR}/${MODULES}/${IGBDIR} $@
 	mkdir -p ${BUILD_DIR}/${MODULES}/${IGBDIR}
 	tar --strip-components=1 -C ${BUILD_DIR}/${MODULES}/${IGBDIR} -xf ${IGBSRC}
-	cd ${BUILD_DIR}/${MODULES}/${IGBDIR}; patch -p1 < ../../../patches/intel/igb/igb_4.10_max-mtu.patch
-	cd ${BUILD_DIR}/${MODULES}/${IGBDIR}; patch -p1 < ../../../patches/intel/igb/igb_4.12_compat.patch
+	cd ${BUILD_DIR}/${MODULES}/${IGBDIR}; patch -p1 < ../../../patches/intel/igb/igb_4.15_mtu.patch
 	touch $@

-${IXGBEDIR}.prepared: ${IXGBESRC}
-	rm -rf ${BUILD_DIR}/${MODULES}/${IXGBEDIR} $@
-	mkdir -p ${BUILD_DIR}/${MODULES}/${IXGBEDIR}
-	tar --strip-components=1 -C ${BUILD_DIR}/${MODULES}/${IXGBEDIR} -xf ${IXGBESRC}
-	touch $@
-
-$(SPLDIR).prepared: ${SPLSRC}
-	rm -rf ${BUILD_DIR}/${MODULES}/${SPLDIR} $@
-	mkdir -p ${BUILD_DIR}/${MODULES}/${SPLDIR}
-	cp -a ${SPLSRC}/* ${BUILD_DIR}/${MODULES}/${SPLDIR}
-	cd ${BUILD_DIR}/${MODULES}/${SPLDIR}; for patch in ../../../${SPLSRC}/../spl-patches/*.patch; do patch -p1 < $${patch}; done
-	touch $@
-
-$(ZFSDIR).prepared: ${ZFSSRC}
-	rm -rf ${BUILD_DIR}/${MODULES}/${ZFSDIR} $@
-	mkdir -p ${BUILD_DIR}/${MODULES}/${ZFSDIR}
-	cp -a ${ZFSSRC}/* ${BUILD_DIR}/${MODULES}/${ZFSDIR}
-	cd ${BUILD_DIR}/${MODULES}/${ZFSDIR}; for patch in ../../../${ZFSSRC}/../zfs-patches/*.patch; do patch -p1 < $${patch}; done
-	# temporarily since patch does not know about permissions, remove after 0.7.7 was merged properly
-	chmod +x ${BUILD_DIR}/${MODULES}/${ZFSDIR}/scripts/enum-extract.pl
-	touch $@
+${SPLDIR}.prepared: ${ZFSDIR}.prepared
+${ZFSDIR}.prepared: ${ZFSONLINUX_SUBMODULE}
+	rm -rf ${BUILD_DIR}/${MODULES}/${SPLDIR} ${BUILD_DIR}/${MODULES}/${ZFSDIR} ${BUILD_DIR}/${MODULES}/tmp $@
+	mkdir -p ${BUILD_DIR}/${MODULES}/tmp
+	cp -a ${ZFSONLINUX_SUBMODULE}/* ${BUILD_DIR}/${MODULES}/tmp
+	cd ${BUILD_DIR}/${MODULES}/tmp; make kernel
+	rm -rf ${BUILD_DIR}/${MODULES}/tmp
+	touch ${ZFSDIR}.prepared ${SPLDIR}.prepared

 .PHONY: upload
 upload: ${DEBS}
-	tar cf - ${DEBS}|ssh repoman@repo.proxmox.com -- upload --product pve,pmg --dist stretch --arch ${ARCH}
+	tar cf - ${DEBS}|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg --dist stretch --arch ${ARCH}

 .PHONY: distclean
 distclean: clean
@@ -168,15 +150,14 @@ distclean: clean
 .PHONY: update_modules
 update_modules: submodule
 	git submodule foreach 'git pull --ff-only origin master'
-	cd ${ZFSSRC}; git pull --ff-only origin master
-	cd ${SPLSRC}; git pull --ff-only origin master
+	cd ${ZFSONLINUX_SUBMODULE}; git pull --ff-only origin master

 # make sure submodules were initialized
 .PHONY: submodule
 submodule:
 	test -f "${KERNEL_SRC_SUBMODULE}/README" || git submodule update --init ${KERNEL_SRC_SUBMODULE}
 	test -f "${ZFSONLINUX_SUBMODULE}/Makefile" || git submodule update --init ${ZFSONLINUX_SUBMODULE}
-	(test -f "${ZFSSRC}/debian/changelog" && test -f "${SPLZRC}/debian/changelog") || (cd ${ZFSONLINUX_SUBMODULE}; git submodule update --init)
+	(test -f "${ZFSONLINUX_SUBMODULE}/zfs/upstream/README.markdown" && test -f "${ZFSONLINUX_SUBMODULE}/spl/upstream/README.markdown") || (cd ${ZFSONLINUX_SUBMODULE}; git submodule update --init)

 # call after ABI bump with header deb in working directory
 .PHONY: abiupdate
@@ -3,7 +3,7 @@ KERNEL SOURCE:

 We currently use the Ubuntu kernel sources, available from:

- http://kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/
+ http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/

 Ubuntu will maintain those kernels till:

@@ -15,8 +15,6 @@ Additional/Updated Modules:

 - include latest e1000e driver from intel/sourceforge

- include latest ixgbe driver from intel/sourceforge
-
 - include latest igb driver from intel/sourceforge

 - include native OpenZFS filesystem kernel modules for Linux
@@ -26,6 +24,32 @@ Additional/Updated Modules:
  For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ


+SUBMODULE
+=========
+
+We track the current upstream repository as submodule. Besides obvious
+advantages over tracking binary tar archives this also has some implications.
+
+For building the submodule directory gets copied into build/ and a few patches
+get applied with the `patch` tool. From a git point-of-view, the copied
+directory remains clean even with extra patches applied since it does not
+contain a .git directory, but a reference to the (still pristine) submodule:
+
+$ cat build/ubuntu-bionic/.git
+
+If you mistakenly cloned the upstream repo as "normal" clone (not via the
+submodule mechanics) this means that you have a real .git directory with its
+independent objects and tracking info when copying for building, thus git
+operates on the copied directory - and "sees" that it was dirtied by `patch`,
+and thus the kernel buildsystem sees this too and will add a '+' to the version
+as a result. This changes the output directories for modules and other build
+artefacts and let's then the build fail on packaging.
+
+So always ensure that you really checked it out as submodule, not as full
+"normal" clone. You can also explicitly set the LOCALVERSION variable to
+undefined with: `export LOCALVERSION= but that should only be done for test
+builds.
+
 RELATED PACKAGES:
 =================

@@ -40,7 +64,7 @@ pve-kernel-meta
 ---------------

 depends on latest kernel and header package within a certain kernel series,
-e.g., pve-kernel-4.13 / pve-headers-4.13
+e.g., pve-kernel-4.15 / pve-headers-4.15

 git clone git://git.proxmox.com/git/pve-kernel-meta.git

@@ -55,6 +79,21 @@ git clone git://git.proxmox.com/git/pve-firmware.git
 NOTES:
 ======

+ABI versions, package versions and package name:
+------------------------------------------------
+
+We follow debian's versioning w.r.t ABI changes:
+
+https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html
+https://wiki.debian.org/DebianKernelABIChanges
+
+The debian/rules file has a target comparing the build kernel's ABI against the
+version stored in the repository and indicates when an ABI bump is necessary.
+An ABI bump within one upstream version consists of incrementing the KREL
+variable in the Makefile, rebuilding the packages and running 'make abiupdate'
+(the 'abiupdate' target in 'Makefile' contains the steps for consistently
+updating the repository).
+
 Watchdog blacklist
 ------------------

@@ -69,7 +108,7 @@ Additional information
 We use the default configuration provided by Ubuntu, and apply
 the following modifications:

-see debian/rules (PVE_CONFIG_OPTS)
+NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS)

 - enable INTEL_MEI_WDT=m (to allow disabling via patch)

@@ -80,7 +119,7 @@ see debian/rules (PVE_CONFIG_OPTS)
 - enable CONFIG_CEPH_FS=m (request from user)

 - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
-  problems (udev, undate-initramfs have serious problems without that)
+  problems (udev, update-initramfs have serious problems without that)

  	 CONFIG_BLK_DEV_SD=y
  	 CONFIG_BLK_DEV_SR=y
@@ -95,20 +134,13 @@ see debian/rules (PVE_CONFIG_OPTS)
 	 CONFIG_BLK_DEV_NBD=m
 	 CONFIG_BLK_DEV_RBD=m

- set LOOP_MIN_COUNT to 8 (debian defaults)
-	 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+- enable IBM JFS file system as module

- disable module signatures (CONFIG_MODULE_SIG)
+  enable it as requested by users (bug #64)

- enable IBM JFS file system
+- enable apple HFS and HFSPLUS as module

-  This is disabled in RHEL kernel for no real reason, so we enable
-  it as requested by users (bug #64)
-
- enable apple HFS and HFSPLUS
-
-  This is disabled in RHEL kernel for no real reason, so we enable
-  it as requested by users
+  enable it as requested by users

 - enable CONFIG_BCACHE=m (requested by user)

@@ -1,69 +1,459 @@
-pve-kernel (4.13.16-51) unstable; urgency=medium
+pve-kernel (4.15.18-58) pve pmg; urgency=medium

-  * update sources to Ubuntu-4.13.0-45.50
+  * update to Ubuntu-4.15.0-107.108

-  * bump ABI to 4.13.16-4-pve
+  * bump ABI to 4.15.18-30

- -- Proxmox Support Team <support@proxmox.com>  Thu, 05 Jul 2018 10:25:38 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 12 Jun 2020 13:53:01 +0200

-pve-kernel (4.13.16-50) unstable; urgency=medium
+pve-kernel (4.15.18-57) pve pmg; urgency=medium

-  * fix KVM L1 guest escape when nested virtualization is used - CVE-
-    2018-12904
+  * update to Ubuntu-4.15.0-102.103

- -- Proxmox Support Team <support@proxmox.com>  Wed, 27 Jun 2018 18:02:52 +0200
+  * bump ABI to 4.15.18-29

-pve-kernel (4.13.16-49) unstable; urgency=medium
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 18 May 2020 14:34:54 +0200

-  * update to Ubuntu-4.13.0-43.48
+pve-kernel (4.15.18-56) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-97.98
+
+  * bump ABI to 4.15.18-28
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 08 Apr 2020 20:06:11 +0200
+
+pve-kernel (4.15.18-55) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-92.93
+
+  * bump ABI to 4.15.18-27
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Mar 2020 15:32:02 +0100
+
+pve-kernel (4.15.18-54) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-89.89
+
+  * bump ABI to 4.15.18-26
+
+ -- Proxmox Support Team <support@proxmox.com>  Sat, 15 Feb 2020 15:34:24 +0100
+
+pve-kernel (4.15.18-53) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-87.87
+
+  * bump ABI to 4.15.18-25
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 05 Feb 2020 11:58:15 +0100
+
+pve-kernel (4.15.18-52) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-73.82
+
+  * bump ABI to 4.15.18-24
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 05 Dec 2019 10:14:17 +0100
+
+pve-kernel (4.15.18-51) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-69.78
+
+  * avoid bogus error message about PC Speaker module being already registered
+    on boot
+
+  * bump ABI to 4.15.18-23
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 13 Nov 2019 11:20:34 +0100
+
+pve-kernel (4.15.18-50) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-68.77
+
+  * fix #2458: fix issues with Linux KVM guest on old Intel CPUs
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Nov 2019 15:28:06 +0100
+
+pve-kernel (4.15.18-49) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-67.76
+
+  * bump ABI to 4.15.18-22
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Oct 2019 20:39:55 +0200
+
+pve-kernel (4.15.18-48) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-65.74
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 20 Sep 2019 11:28:30 +0200
+
+pve-kernel (4.15.18-47) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-63.72
+
+  * bump ABI to 4.15.18-21
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 06 Sep 2019 16:08:32 +0200
+
+pve-kernel (4.15.18-46) pve pmg; urgency=medium
+
+  * update to Ubuntu-4.15.0-58.64
+
+  * bump ABI to 4.15.18-20
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 8 Aug 2019 10:42:06 +0200
+
+pve-kernel (4.15.18-45) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-56.62
+
+  * bump ABI to 4.15.18-19
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 26 Jul 2019 09:34:08 +0200
+
+pve-kernel (4.15.18-44) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-55.60
+
+  * bump ABI to 4.15.18-18
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Jul 2019 11:19:13 +0200
+
+pve-kernel (4.15.18-43) unstable; urgency=medium
+
+  * backport refinement for TCP SACK mitigations to avoid regressions for some
+    clients
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 25 Jun 2019 17:59:49 +0200
+
+pve-kernel (4.15.18-42) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-53.57
+
+  * bump ABI to 4.15.18-17
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 21 Jun 2019 06:45:23 +0200
+
+pve-kernel (4.15.18-41) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-52.56
+
+  * backport: KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
+
+  * backport: net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock()
+
+  * bump ABI to 4.15.18-16
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 18 Jun 2019 07:36:54 +0200
+
+pve-kernel (4.15.18-40) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-51.55
+
+  * bump ABI to 4.15.18-15
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 21 May 2019 17:43:20 +0200
+
+pve-kernel (4.15.18-39) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-50.54 with MDS mitigations
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 15 May 2019 06:56:23 +0200
+
+pve-kernel (4.15.18-38) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-49.53
+
+  * bump ABI to 4.15.18-14
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Apr 2019 10:51:33 +0200
+
+pve-kernel (4.15.18-37) unstable; urgency=medium
+
+  * bump ABI to 4.15.18-13
+
+ -- Proxmox Support Team <support@proxmox.com>  Sat, 13 Apr 2019 21:09:15 +0200
+
+pve-kernel (4.15.18-36) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-48.51
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Apr 2019 18:47:13 +0200
+
+pve-kernel (4.15.18-35) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-47.50
+
+  * update ZFS to 0.7.13
+
+  * bump ABI to 4.15.18-12
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 13 Mar 2019 08:24:42 +0100
+
+pve-kernel (4.15.18-34) unstable; urgency=medium
+
+  * backport fix for possible ipset memory exhaustion bug
+
+  * backport fix for possible use after free in crypto stack
+
+  * backport fixes for multiple KVM vulnerabilities: CVE-2019-6974,
+    CVE-2019-7221, CVE-2019-7222
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 25 Feb 2019 14:51:06 +0100
+
+pve-kernel (4.15.18-33) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-46.49
+
+  * bump ABI to 4.15.18-11
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 05 Feb 2019 07:36:16 +0100
+
+pve-kernel (4.15.18-32) unstable; urgency=medium
+
+  * fix NULL pointer dereference possibility in net/ipip
+
+ -- Proxmox Support Team <support@proxmox.com>  Sat, 19 Jan 2019 10:09:37 +0100
+
+pve-kernel (4.15.18-31) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-44.47
+
+  * bump ABI to 4.15.18-10
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Jan 2019 10:59:31 +0100
+
+pve-kernel (4.15.18-30) unstable; urgency=medium
+
+  * add patches for CVE-2018-18955 and  https://launchpad.net/bugs/1789161
+
+  * update ZFS to 0.7.12
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Nov 2018 13:32:46 +0100
+
+pve-kernel (4.15.18-29) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-40.43
+
+  * bump ABI to 4.15.18-9
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 12 Nov 2018 14:01:34 +0100
+
+pve-kernel (4.15.18-28) unstable; urgency=medium
+
+  * backport deadlock fix for issue ZOL#7939
+
+  * cherry-pick 2 patches planned for zfs-0.7.12
+
+  * update sources to Ubuntu-4.15.0-39.42
+
+  * bump ABI to 4.15.18-8
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Oct 2018 14:27:50 +0100
+
+pve-kernel (4.15.18-27) unstable; urgency=medium
+
+  * backport fix for silent corruption in Linux kernel 4.15 with O_DIRECT
+    (e.g., VM with cache=none disk)
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Oct 2018 10:50:11 +0200
+
+pve-kernel (4.15.18-26) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-37.40
+
+  * bump ABI to 4.15.18-7-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 04 Oct 2018 11:03:06 +0200
+
+pve-kernel (4.15.18-25) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-36.39
+
+  * bump ABI to 4.15.18-6-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Oct 2018 14:09:02 +0200
+
+pve-kernel (4.15.18-24) unstable; urgency=medium
+
+  * bump spl and zfs to 0.7.11
+
+  * update sources to Ubuntu-4.15.0-35.38
+
+  * bump ABI to 4.15.18-5-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 13 Sep 2018 09:15:10 +0200
+
+pve-kernel (4.15.18-23) unstable; urgency=medium
+
+  * backport protection against userspace-userspace spectreRSB
+
+  * update sources to Ubuntu-4.15.0-34.37
+
+  * bump ABI to 4.15.18-4-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Aug 2018 13:04:08 +0200
+
+pve-kernel (4.15.18-22) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-33.36
+
+  * bump ABI to 4.15.18-3-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 24 Aug 2018 11:12:20 +0200
+
+pve-kernel (4.15.18-21) unstable; urgency=medium
+
+  * backport fix for udp/tcp with SO_BINDTODEVICE
+
+  * scsi: hpsa: disable device during shutdown
+
+  * vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Aug 2018 11:01:17 +0200
+
+pve-kernel (4.15.18-20) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-32.35
+
+  * bump ABI to 4.15.18-2-pve
+
+  * fix CVE-2018-3620, CVE-2018-3646, CVE-2018-5391
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 16 Aug 2018 11:06:35 +0200
+
+pve-kernel (4.15.18-19) unstable; urgency=medium
+
+  * update ZFS submodule to 0.7.9-pve3
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Aug 2018 07:50:59 +0200
+
+pve-kernel (4.15.18-18) unstable; urgency=medium
+
+  * add SGID non-directory fix (fixes CVE-2018-13405)
+  * update to Ubuntu-4.15.0-30.32 (fixes CVE-2018-5390)
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 07 Aug 2018 16:04:18 +0200
+
+pve-kernel (4.15.18-17) unstable; urgency=medium
+
+  * apparmor: fix apparmor mediating locking non-fs unix sockets
+    Addresses issues with newer systemd versions found in, e.g., Arch or Fedora
+    containers
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 30 Jul 2018 12:53:35 +0200
+
+pve-kernel (4.15.18-16) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-29.31
+
+  * cherry-pick fix for zpl_mount deadlock possibility
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 23 Jul 2018 15:59:19 +0200
+
+pve-kernel (4.15.18-15) unstable; urgency=medium
+
+  * update sources to Ubuntu-4.15.0-24.26
+
+  * drop out-of-tree IXGBE driver
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 04 Jul 2018 15:42:56 +0200
+
+pve-kernel (4.15.17-14) unstable; urgency=medium
+
+  * fix KVM L1 guest escape when nested virtualization is used - CVE-2018-12904
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 27 Jun 2018 17:18:05 +0200
+
+pve-kernel (4.15.17-13) unstable; urgency=medium
+
+  * fix regression for newer out-of-tree IGB driver when setting a non-
+    default MTU
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Jun 2018 17:15:04 +0200
+
+pve-kernel (4.15.17-12) unstable; urgency=medium
+
+  * backport fix for SUN NICs when used with Open vSwitch
+
+  * update and re-enable out-of-tree Intel ethernet drivers (e1000e, igb, ixgbe)
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jun 2018 11:18:32 +0200
+
+pve-kernel (4.15.17-10) unstable; urgency=medium
+
+  * update to Ubuntu-4.15.0-22.24

  * update ZFS to 0.7.9-pve1

- -- Proxmox Support Team <support@proxmox.com>  Tue, 22 May 2018 15:10:48 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 22 May 2018 11:15:44 +0200

-pve-kernel (4.13.16-48) unstable; urgency=medium
+pve-kernel (4.15.17-9) unstable; urgency=medium
+
+  * include objtool in pve-headers-* package (needed for some external
+    modules)
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 9 May 2018 13:31:43 +0200
+
+pve-kernel (4.15.17-8) unstable; urgency=medium

  * update ZFS to 0.7.8-pve1

-  * update to Ubuntu-4.13.0-40.45
+  * update sources to Ubuntu-4.15.0-20.21

- -- Proxmox Support Team <support@proxmox.com>  Fri, 04 May 2018 11:00:32 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 03 May 2018 08:43:38 +0200

-pve-kernel (4.13.16-47) unstable; urgency=medium
+pve-kernel (4.15.17-7) unstable; urgency=medium

-  * update to Ubuntu-4.13.0-39.44
+  * update sources to Ubuntu-4.15.0-17.18

-  * bump ABI to 4.13.16-2-pve
+  * bump ABI to 4.15.17-1-pve
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Apr 2018 14:43:22 +0200
+
+pve-kernel (4.15.15-6) unstable; urgency=medium

  * update ZFS to 0.7.7-pve2

- -- Proxmox Support Team <support@proxmox.com>  Mon, 9 Apr 2018 09:58:12 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 9 Apr 2018 12:24:42 +0200

-pve-kernel (4.13.16-46) unstable; urgency=medium
+pve-kernel (4.15.15-5) unstable; urgency=medium

-  * update ZFS/SPL to 0.7.7
+  * update sources to Ubuntu-4.15.0-14.15

- -- Proxmox Support Team <support@proxmox.com>  Wed, 4 Apr 2018 10:30:30 +0200
+  * bump ABI to 4.15.15-1-pve

-pve-kernel (4.13.16-45) unstable; urgency=medium
+  * update SPL/ZFS to 0.7.7
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 4 Apr 2018 09:50:07 +0200
+
+pve-kernel (4.15.10-4) unstable; urgency=medium

  * cherry-pick fix for shmem related deadlock

- -- Proxmox Support Team <support@proxmox.com>  Wed, 28 Mar 2018 15:47:11 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 28 Mar 2018 15:47:48 +0200

-pve-kernel (4.13.16-44) unstable; urgency=medium
+pve-kernel (4.15.10-3) unstable; urgency=medium

  * cherry-pick fix for THP related deadlock

- -- Proxmox Support Team <support@proxmox.com>  Wed, 28 Mar 2018 10:36:55 +0200
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 28 Mar 2018 11:07:39 +0200

-pve-kernel (4.13.16-43) unstable; urgency=medium
+pve-kernel (4.15.10-2) unstable; urgency=medium

-  * update to Ubuntu-4.13.0-38.43
+  * update to Ubuntu-4.15.0-13.14

-  * bump ABI to 4.13.16-1-pve
+  * bump ABI to 4.15.10-1-pve

- -- Proxmox Support Team <support@proxmox.com>  Fri, 16 Mar 2018 19:41:43 +0100
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 21 Mar 2018 10:35:07 +0100
+
+pve-kernel (4.15.3-1) unstable; urgency=medium
+
+  * switch source to Ubuntu-4.15.0-10.11
+
+  * switch to in-tree Intel NIC drivers (e1000e, igb, ixgbe)
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 9 Mar 2018 14:45:34 +0100

 pve-kernel (4.13.13-42) unstable; urgency=medium

@@ -2,17 +2,33 @@ Source: pve-kernel
 Section: devel
 Priority: optional
 Maintainer: Proxmox Support Team <support@proxmox.com>
-Build-Depends: asciidoc,
+Build-Depends: asciidoc-base,
+               automake,
               bc,
               bison,
+               cpio,
+               debhelper (>= 10~),
+               file,
               flex,
               gcc-6 (>= 6.3.0-18+deb9u1),
+               git,
+               kmod,
+               libdw-dev,
+               libelf-dev,
               libiberty-dev,
+               libnuma-dev,
+               libpve-common-perl,
+               libslang2-dev,
               libssl-dev,
+               libtool,
               lintian,
+               perl-modules,
+               python-minimal,
+               rsync,
               sed,
               tar,
               xmlto,
+               zlib1g-dev,
 Build-Conflicts: pve-headers-@KVNAME@,
 Vcs-Git: git://git.proxmox.com/git/pve-kernel
 Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
@@ -16,6 +16,7 @@ CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
 PVE_KERNEL_PKG=pve-kernel-${KVNAME}
 PVE_HEADER_PKG=pve-headers-${KVNAME}
 LINUX_TOOLS_PKG=linux-tools-${KERNEL_MAJMIN}
+KERNEL_SRC_COPY=${KERNEL_SRC}_tmp

 # TODO: split for archs, move to files?
 PVE_CONFIG_OPTS= \
@@ -26,6 +27,7 @@ PVE_CONFIG_OPTS= \
 -m CONFIG_CEPH_FS \
 -m CONFIG_BLK_DEV_NBD \
 -m CONFIG_BLK_DEV_RBD \
+-d CONFIG_SND_PCSP \
 -m CONFIG_BCACHE \
 -m CONFIG_JFS_FS \
 -m CONFIG_HFS_FS \
@@ -85,9 +87,12 @@ binary: install
 	dh_md5sums
 	dh_builddeb

-.compile_mark: ${KERNEL_SRC}/.config
+.config_mark:
 	cd ${KERNEL_SRC}; scripts/config ${PVE_CONFIG_OPTS}
 	${MAKE} -C ${KERNEL_SRC} oldconfig
+	touch $@
+
+.compile_mark: .config_mark
 	${MAKE} -C ${KERNEL_SRC} KBUILD_BUILD_VERSION_TIMESTAMP="PVE ${DEB_VERSION} (${CHANGELOG_DATE})"
 	touch $@

@@ -101,8 +106,6 @@ binary: install
 	${MAKE} -C ${KERNEL_SRC} INSTALL_MOD_PATH=${BUILD_DIR}/debian/${PVE_KERNEL_PKG}/ modules_install
 	## install latest ibg driver
 	install -m 644 ${MODULES}/igb.ko debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/igb/
-	# install latest ixgbe driver
-	install -m 644 ${MODULES}/ixgbe.ko debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/ixgbe/
 	# install latest e1000e driver
 	install -m 644 ${MODULES}/e1000e.ko debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/e1000e/
 	# install zfs drivers
@@ -142,12 +145,15 @@ binary: install
 	done
 	touch $@

-.headers_install_mark: .compile_mark .modules_compile_mark
+.headers_prepare_mark: .config_mark
 	rm -rf debian/${PVE_HEADER_PKG}
 	mkdir -p debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
 	install -m 0644 ${KERNEL_SRC}/.config debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
-	install -m 0644 ${KERNEL_SRC}/Module.symvers debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
-	cd ${KERNEL_SRC}; find . -path './debian/*' -prune \
+	# copy to allow building in parallel to kernel/module compilation without interference
+	rm -rf ${KERNEL_SRC_COPY}
+	cp -ar ${KERNEL_SRC} ${KERNEL_SRC_COPY}
+	make -C ${KERNEL_SRC_COPY} mrproper
+	cd ${KERNEL_SRC_COPY}; find . -path './debian/*' -prune \
 	    -o -path './include/*' -prune \
 	    -o -path './Documentation' -prune \
 	    -o -path './scripts' -prune \
@@ -160,18 +166,34 @@ binary: install
 	        -o -name '*.pl' \
 	    \) \
 	    -print | cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
-	cd ${KERNEL_SRC}; cp -a include scripts ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
-	cd ${KERNEL_SRC}; \
+	cd ${KERNEL_SRC_COPY}; cp -a include scripts ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	cd ${KERNEL_SRC_COPY}; \
 	    ( \
 	        find arch/${KERNEL_HEADER_ARCH} -name include -type d -print | \
 	        xargs -n1 -i: find : -type f \
 	    ) | \
 	    cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
+	touch $@
+
+.headers_compile_mark: .headers_prepare_mark
+	# set output to subdir of source to reduce number of hardcoded paths in output files
+	rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
+	mkdir -p ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
+	cp ${KERNEL_SRC}/.config ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/.config
+	${MAKE} -C ${KERNEL_SRC_COPY} O=${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -j1 silentoldconfig prepare scripts
+	find ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -name \*.o.ur-\* | xargs rm -f
+	rsync --ignore-existing -r -v -a $(addprefix ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/,arch include kernel scripts tools) ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/
+	rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}
+	touch $@
+
+.headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
+	cp ${KERNEL_SRC}/include/generated/compile.h debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/include/generated/compile.h
+	install -m 0644 ${KERNEL_SRC}/Module.symvers debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
 	mkdir -p debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}
 	ln -sf /usr/src/linux-headers-${KVNAME} debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}/build
 	touch $@

-.modules_compile_mark: $(addprefix ${MODULES}/,igb.ko ixgbe.ko e1000e.ko spl.ko zfs.ko)
+.modules_compile_mark: $(addprefix ${MODULES}/,igb.ko e1000e.ko spl.ko zfs.ko)
 	touch $@

 ${MODULES}/spl.ko: .compile_mark
@@ -197,10 +219,6 @@ ${MODULES}/igb.ko: .compile_mark
 	${MAKE} -C ${MODULES}/${IGBDIR}/src BUILD_KERNEL=${KVNAME} KSRC=${BUILD_DIR}/${KERNEL_SRC}
 	cp ${MODULES}/${IGBDIR}/src/igb.ko ${MODULES}/

-${MODULES}/ixgbe.ko: .compile_mark
-	${MAKE} -C ${MODULES}/${IXGBEDIR}/src CFLAGS_EXTRA="-DIXGBE_NO_LRO" BUILD_KERNEL=${KVNAME} KSRC=${BUILD_DIR}/${KERNEL_SRC}
-	cp ${MODULES}/${IXGBEDIR}/src/ixgbe.ko ${MODULES}/
-
 ${MODULES}/e1000e.ko: .compile_mark
 	${MAKE} -C ${MODULES}/${E1000EDIR}/src BUILD_KERNEL=${KVNAME} KSRC=${BUILD_DIR}/${KERNEL_SRC}
 	cp ${MODULES}/${E1000EDIR}/src/e1000e.ko ${MODULES}/
@@ -8,7 +8,7 @@ die "no directory to scan" if !$dir;

 die "no such directory" if ! -d $dir;

-die "strange directory name" if $dir !~ m|^(.*/)?(4.13.\d+\-\d+\-pve)(/+)?$|;
+die "strange directory name" if $dir !~ m|^(.*/)?(4.15.\d+\-\d+\-pve)(/+)?$|;

 my $apiver = $2;

@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Tue, 5 Jun 2018 11:16:29 +0200
+Subject: [PATCH] port to new internal kernel timer API
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+diff --git a/src/netdev.c b/src/netdev.c
+--- a/src/netdev.c
+++ b/src/netdev.c
+@@ -5389,9 +5389,10 @@
+  * Need to wait a few seconds after link up to get diagnostic information from
+  * the phy
+  **/
+-static void e1000_update_phy_info(unsigned long data)
+static void e1000_update_phy_info(struct timer_list *t)
+ {
+-	struct e1000_adapter *adapter = (struct e1000_adapter *)data;
+	struct e1000_adapter *adapter;
+	adapter = from_timer(adapter, t, phy_info_timer);
+ 
+ 	if (test_bit(__E1000_DOWN, &adapter->state))
+ 		return;
+@@ -5774,9 +5775,10 @@
+  * e1000_watchdog - Timer Call-back
+  * @data: pointer to adapter cast into an unsigned long
+  **/
+-static void e1000_watchdog(unsigned long data)
+static void e1000_watchdog(struct timer_list *t)
+ {
+-	struct e1000_adapter *adapter = (struct e1000_adapter *)data;
+	struct e1000_adapter *adapter;
+	adapter = from_timer(adapter, t, watchdog_timer);
+ 
+ 	/* Do the rest outside of interrupt context */
+ 	schedule_work(&adapter->watchdog_task);
+@@ -8348,13 +8348,9 @@
+ 		goto err_eeprom;
+ 	}
+ 
+-	init_timer(&adapter->watchdog_timer);
+-	adapter->watchdog_timer.function = e1000_watchdog;
+-	adapter->watchdog_timer.data = (unsigned long)adapter;
+-
+-	init_timer(&adapter->phy_info_timer);
+-	adapter->phy_info_timer.function = e1000_update_phy_info;
+-	adapter->phy_info_timer.data = (unsigned long)adapter;
+	timer_setup(&adapter->watchdog_timer, e1000_watchdog, 0);
+
+	timer_setup(&adapter->phy_info_timer, e1000_update_phy_info, 0);
+ 
+ 	INIT_WORK(&adapter->reset_task, e1000_reset_task);
+ 	INIT_WORK(&adapter->watchdog_task, e1000_watchdog_task);
@@ -1,47 +0,0 @@
-diff --git a/src/e1000_defines.h b/src/e1000_defines.h
-index 6de3988..d58e12f 100644
--- a/src/e1000_defines.h
-+++ b/src/e1000_defines.h
-@@ -423,7 +423,8 @@
- #define ETHERNET_IEEE_VLAN_TYPE		0x8100  /* 802.3ac packet */
- 
- #define ETHERNET_FCS_SIZE		4
-#define MAX_JUMBO_FRAME_SIZE		0x3F00
-+#define MAX_JUMBO_FRAME_SIZE		0x2600
-+#define MAX_STD_JUMBO_FRAME_SIZE	9216
- /* The datasheet maximum supported RX size is 9.5KB (9728 bytes) */
- #define MAX_RX_JUMBO_FRAME_SIZE		0x2600
- #define E1000_TX_PTR_GAP		0x1F
-diff --git a/src/igb_main.c b/src/igb_main.c
-index 2dff0f4..bbfe87e 100644
--- a/src/igb_main.c
-+++ b/src/igb_main.c
-@@ -2852,6 +2852,10 @@ static int igb_probe(struct pci_dev *pdev,
- 	if (pci_using_dac)
- 		netdev->features |= NETIF_F_HIGHDMA;
- 
-+	/* MTU range: 68 - 9216 */
-+	netdev->min_mtu = ETH_MIN_MTU;
-+	netdev->max_mtu = MAX_STD_JUMBO_FRAME_SIZE;
-+
- 	adapter->en_mng_pt = e1000_enable_mng_pass_thru(hw);
- #ifdef DEBUG
- 	if (adapter->dmac != IGB_DMAC_DISABLE)
-@@ -5832,17 +5836,6 @@ static int igb_change_mtu(struct net_device *netdev, int new_mtu)
- 	struct pci_dev *pdev = adapter->pdev;
- 	int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN + VLAN_HLEN;
- 
-	if ((new_mtu < 68) || (max_frame > MAX_JUMBO_FRAME_SIZE)) {
-		dev_err(pci_dev_to_dev(pdev), "Invalid MTU setting\n");
-		return -EINVAL;
-	}
-
-#define MAX_STD_JUMBO_FRAME_SIZE 9238
-	if (max_frame > MAX_STD_JUMBO_FRAME_SIZE) {
-		dev_err(pci_dev_to_dev(pdev), "MTU > 9216 not supported.\n");
-		return -EINVAL;
-	}
-
- 	/* adjust max frame to be at least the size of a standard frame */
- 	if (max_frame < (ETH_FRAME_LEN + ETH_FCS_LEN))
- 		max_frame = ETH_FRAME_LEN + ETH_FCS_LEN;
@@ -1,17 +0,0 @@
-diff --git a/src/igb_main.c.orig b/src/igb_main.c
-index 3ee1ec7..c8adf04 100644
--- a/src/igb_main.c.orig
-+++ b/src/igb_main.c
-@@ -1047,8 +1047,10 @@ static void igb_set_interrupt_capability(struct igb_adapter *adapter, bool msix)
- 			for (i = 0; i < numvecs; i++)
- 				adapter->msix_entries[i].entry = i;
- 
-			err = pci_enable_msix(pdev,
-					      adapter->msix_entries, numvecs);
-+			err = pci_enable_msix_range(pdev,
-+						    adapter->msix_entries,
-+						    numvecs,
-+						    numvecs);
- 			if (err == 0)
- 				break;
- 		}
@@ -0,0 +1,15 @@
+diff --git a/src/igb_main.c.orig b/src/igb_main.c
+index 3ee1ec7..c8adf04 100644
+--- a/src/igb_main.c.orig
+++ b/src/igb_main.c
+@@ -5888,10 +5888,8 @@ static int igb_change_mtu(struct net_dev
+ 	while (test_and_set_bit(__IGB_RESETTING, &adapter->state))
+ 		usleep_range(1000, 2000);
+ 
+-#ifndef HAVE_NETDEVICE_MIN_MAX_MTU
+ 	/* igb_down has a dependency on max_frame_size */
+ 	adapter->max_frame_size = max_frame;
+-#endif
+ 
+ 	if (netif_running(netdev))
+ 		igb_down(adapter);
@@ -15,15 +15,16 @@ Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
 $KBUILD_BUILD_TIMESTAMP.

 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 scripts/mkcompile_h | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

 diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h
-index fd8fdb91581d..1e35ac9fc810 100755
+index 87f1fc9801d7..4ef868f1f244 100755
 --- a/scripts/mkcompile_h
 +++ b/scripts/mkcompile_h
-@@ -37,10 +37,14 @@ else
+@@ -33,10 +33,14 @@ else
 	VERSION=$KBUILD_BUILD_VERSION
 fi
 
@@ -13,12 +13,13 @@ connected ports (for no real reason). To avoid problems with ARP
 we simply use the MAC of the first connected port.

 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 net/bridge/br_stp_if.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

 diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
-index 89110319ef0f..5e73fff65f47 100644
+index 808e2b914015..b0ad54384826 100644
 --- a/net/bridge/br_stp_if.c
 +++ b/net/bridge/br_stp_if.c
@@ -259,10 +259,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
@@ -1,7 +1,7 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Mark Weiman <mark.weiman@markzz.com>
-Date: Sat, 29 Jul 2017 09:15:32 -0400
-Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.12+)
+Date: Wed, 7 Feb 2018 16:04:03 -0500
+Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -48,36 +48,37 @@ capability.  Please contact me to have your devices added and save
 your customers the hassle of this boot option.

 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- Documentation/admin-guide/kernel-parameters.txt |   9 +++
- drivers/pci/quirks.c                            | 102 ++++++++++++++++++++++++
- 2 files changed, 111 insertions(+)
+ .../admin-guide/kernel-parameters.txt         |   9 ++
+ drivers/pci/quirks.c                          | 101 ++++++++++++++++++
+ 2 files changed, 110 insertions(+)

 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index ce24cb1e8f46..0cc1d4200c24 100644
+index 325a5dd7813d..a95cc0b61b29 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -2938,6 +2938,15 @@
- 		nomsi		[MSI] If the PCI_MSI kernel config parameter is
- 				enabled, this kernel boot option can be used to
- 				disable the use of MSI interrupts system-wide.
+@@ -3181,6 +3181,15 @@
+ 				Also, it enforces the PCI Local Bus spec
+ 				rule that those bits should be 0 in system reset
+ 				events (useful for kexec/kdump cases).
 +		pci_acs_override =
-+					[PCIE] Override missing PCIe ACS support for:
+				[PCIE] Override missing PCIe ACS support for:
 +				downstream
 +					All downstream ports - full ACS capabilities
-+				multfunction
-+					All multifunction devices - multifunction ACS subset
+				multifunction
+					Add multifunction devices - multifunction ACS subset
 +				id:nnnn:nnnn
-+					Specfic device - full ACS capabilities
+					Specific device - full ACS capabilities
 +					Specified as vid:did (vendor/device ID) in hex
 		noioapicquirk	[APIC] Disable all boot interrupt quirks.
 				Safety option to keep boot IRQs enabled. This
 				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 9dcd5ed5a05b..8882b8d38d7d 100644
+index e5d1a00c481d..7ecd84506d8d 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -3694,6 +3694,107 @@ static int __init pci_apply_final_quirks(void)
+@@ -3769,6 +3769,106 @@ static int __init pci_apply_final_quirks(void)
 
 fs_initcall_sync(pci_apply_final_quirks);
 
@@ -121,7 +122,6 @@ index 9dcd5ed5a05b..8882b8d38d7d 100644
 +				goto next;
 +			}
 +			acs_on_ids[max_acs_id].vendor = val;
-+
 +			p += strcspn(p, ":");
 +			if (*p != ':') {
 +				pr_warn("PCIe ACS invalid ID\n");
@@ -166,17 +166,17 @@ index 9dcd5ed5a05b..8882b8d38d7d 100644
 +				return 1;
 +
 +	switch (pci_pcie_type(dev)) {
-+	case PCI_EXP_TYPE_DOWNSTREAM:
-+	case PCI_EXP_TYPE_ROOT_PORT:
-+		if (acs_on_downstream)
-+			return 1;
-+		break;
-+	case PCI_EXP_TYPE_ENDPOINT:
-+	case PCI_EXP_TYPE_UPSTREAM:
-+	case PCI_EXP_TYPE_LEG_END:
-+	case PCI_EXP_TYPE_RC_END:
-+		if (acs_on_multifunction && dev->multifunction)
-+			return 1;
+		case PCI_EXP_TYPE_DOWNSTREAM:
+		case PCI_EXP_TYPE_ROOT_PORT:
+			if (acs_on_downstream)
+				return 1;
+			break;
+		case PCI_EXP_TYPE_ENDPOINT:
+		case PCI_EXP_TYPE_UPSTREAM:
+		case PCI_EXP_TYPE_LEG_END:
+		case PCI_EXP_TYPE_RC_END:
+			if (acs_on_multifunction && dev->multifunction)
+				return 1;
 +	}
 +
 +	return -ENOTTY;
@@ -185,10 +185,10 @@ index 9dcd5ed5a05b..8882b8d38d7d 100644
 /*
  * Following are device-specific reset methods which can be used to
  * reset a single function if other methods (e.g. FLR, PM D0->D3) are
-@@ -4536,6 +4637,7 @@ static const struct pci_dev_acs_enabled {
- 	{ 0x10df, 0x720, pci_quirk_mf_endpoint_acs }, /* Emulex Skyhawk-R */
- 	/* Cavium ThunderX */
+@@ -4664,6 +4764,7 @@ static const struct pci_dev_acs_enabled {
 	{ PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
+ 	/* APM X-Gene */
+ 	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
 +	{ PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
 	{ 0 }
 };
@@ -7,15 +7,16 @@ Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 virt/kvm/kvm_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 3b3e54742263..d0085c9d6297 100644
+index 706b13f0c698..c6749d154ebc 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
-@@ -77,7 +77,7 @@ module_param(halt_poll_ns, uint, 0644);
+@@ -78,7 +78,7 @@ module_param(halt_poll_ns, uint, 0644);
 EXPORT_SYMBOL_GPL(halt_poll_ns);
 
 /* Default doubles per-vcpu halt_poll_ns. */
@@ -1,63 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Waiman Long <longman@redhat.com>
-Date: Thu, 17 Aug 2017 15:33:09 -0400
-Subject: [PATCH] cgroup: Add mount flag to enable cpuset to use v2 behavior in
- v1 cgroup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A new mount option "cpuset_v2_mode" is added to the v1 cgroupfs
-filesystem to enable cpuset controller to use v2 behavior in a v1
-cgroup. This mount option applies only to cpuset controller and have
-no effect on other controllers.
-
-Signed-off-by: Waiman Long <longman@redhat.com>
-Signed-off-by: Tejun Heo <tj@kernel.org>
-(cherry-picked from e1cba4b85daa71b710384d451ff6238d5e4d1ff6)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- include/linux/cgroup-defs.h | 5 +++++
- kernel/cgroup/cgroup-v1.c   | 6 ++++++
- 2 files changed, 11 insertions(+)
-
-diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
-index 09f4c7df1478..c344e77707a5 100644
--- a/include/linux/cgroup-defs.h
-+++ b/include/linux/cgroup-defs.h
-@@ -74,6 +74,11 @@ enum {
- 	 * aren't writeable from inside the namespace.
- 	 */
- 	CGRP_ROOT_NS_DELEGATE	= (1 << 3),
-+
-+	/*
-+	 * Enable cpuset controller in v1 cgroup to use v2 behavior.
-+	 */
-+	CGRP_ROOT_CPUSET_V2_MODE = (1 << 4),
- };
- 
- /* cftype->flags */
-diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
-index 7bf4b1533f34..ce7426b875f5 100644
--- a/kernel/cgroup/cgroup-v1.c
-+++ b/kernel/cgroup/cgroup-v1.c
-@@ -846,6 +846,8 @@ static int cgroup1_show_options(struct seq_file *seq, struct kernfs_root *kf_roo
- 		seq_puts(seq, ",noprefix");
- 	if (root->flags & CGRP_ROOT_XATTR)
- 		seq_puts(seq, ",xattr");
-+	if (root->flags & CGRP_ROOT_CPUSET_V2_MODE)
-+		seq_puts(seq, ",cpuset_v2_mode");
- 
- 	spin_lock(&release_agent_path_lock);
- 	if (strlen(root->release_agent_path))
-@@ -900,6 +902,10 @@ static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
- 			opts->cpuset_clone_children = true;
- 			continue;
- 		}
-+		if (!strcmp(token, "cpuset_v2_mode")) {
-+			opts->flags |= CGRP_ROOT_CPUSET_V2_MODE;
-+			continue;
-+		}
- 		if (!strcmp(token, "xattr")) {
- 			opts->flags |= CGRP_ROOT_XATTR;
- 			continue;
@@ -23,15 +23,16 @@ Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 (cherry picked from commit 63de8bd9328bf2a778fc277503da163ae3defa3c)
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
 fs/ocfs2/aops.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
-index 88a31e9340a0..77ec9b495027 100644
+index 7de0c9562b70..209cec7efef4 100644
 --- a/fs/ocfs2/aops.c
 +++ b/fs/ocfs2/aops.c
-@@ -784,6 +784,7 @@ struct ocfs2_write_ctxt {
+@@ -797,6 +797,7 @@ struct ocfs2_write_ctxt {
 	struct ocfs2_cached_dealloc_ctxt w_dealloc;
 
 	struct list_head		w_unwritten_list;
@@ -39,7 +40,7 @@ index 88a31e9340a0..77ec9b495027 100644
 };
 
 void ocfs2_unlock_and_free_pages(struct page **pages, int num_pages)
-@@ -1373,6 +1374,7 @@ static int ocfs2_unwritten_check(struct inode *inode,
+@@ -1386,6 +1387,7 @@ static int ocfs2_unwritten_check(struct inode *inode,
 	desc->c_clear_unwritten = 0;
 	list_add_tail(&new->ue_ip_node, &oi->ip_unwritten_list);
 	list_add_tail(&new->ue_node, &wc->w_unwritten_list);
@@ -47,7 +48,7 @@ index 88a31e9340a0..77ec9b495027 100644
 	new = NULL;
 unlock:
 	spin_unlock(&oi->ip_lock);
-@@ -2246,7 +2248,7 @@ static int ocfs2_dio_get_block(struct inode *inode, sector_t iblock,
+@@ -2277,7 +2279,7 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock,
 		ue->ue_phys = desc->c_phys;
 
 		list_splice_tail_init(&wc->w_unwritten_list, &dwc->dw_zero_list);
@@ -1,138 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Waiman Long <longman@redhat.com>
-Date: Thu, 17 Aug 2017 15:33:10 -0400
-Subject: [PATCH] cpuset: Allow v2 behavior in v1 cgroup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Cpuset v2 has some useful behaviors that are not present in v1 because
-of backward compatibility concern. One of that is the restoration of
-the original cpu and memory node mask after a hot removal and addition
-event sequence.
-
-This patch makes the cpuset controller to check the
-CGRP_ROOT_CPUSET_V2_MODE flag and use the v2 behavior if it is set.
-
-Signed-off-by: Waiman Long <longman@redhat.com>
-Signed-off-by: Tejun Heo <tj@kernel.org>
-(cherry-picked from b8d1b8ee93df8ffbabbeadd65d39853cfad6d698)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- kernel/cgroup/cpuset.c | 33 ++++++++++++++++++++-------------
- 1 file changed, 20 insertions(+), 13 deletions(-)
-
-diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
-index e8cb34193433..f76c4bf3d46a 100644
--- a/kernel/cgroup/cpuset.c
-+++ b/kernel/cgroup/cpuset.c
-@@ -300,6 +300,16 @@ static DECLARE_WORK(cpuset_hotplug_work, cpuset_hotplug_workfn);
- static DECLARE_WAIT_QUEUE_HEAD(cpuset_attach_wq);
- 
- /*
-+ * Cgroup v2 behavior is used when on default hierarchy or the
-+ * cgroup_v2_mode flag is set.
-+ */
-+static inline bool is_in_v2_mode(void)
-+{
-+	return cgroup_subsys_on_dfl(cpuset_cgrp_subsys) ||
-+	      (cpuset_cgrp_subsys.root->flags & CGRP_ROOT_CPUSET_V2_MODE);
-+}
-+
-+/*
-  * This is ugly, but preserves the userspace API for existing cpuset
-  * users. If someone tries to mount the "cpuset" filesystem, we
-  * silently switch it to mount "cgroup" instead
-@@ -489,8 +499,7 @@ static int validate_change(struct cpuset *cur, struct cpuset *trial)
- 
- 	/* On legacy hiearchy, we must be a subset of our parent cpuset. */
- 	ret = -EACCES;
-	if (!cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-	    !is_cpuset_subset(trial, par))
-+	if (!is_in_v2_mode() && !is_cpuset_subset(trial, par))
- 		goto out;
- 
- 	/*
-@@ -896,8 +905,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus)
- 		 * If it becomes empty, inherit the effective mask of the
- 		 * parent, which is guaranteed to have some CPUs.
- 		 */
-		if (cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-		    cpumask_empty(new_cpus))
-+		if (is_in_v2_mode() && cpumask_empty(new_cpus))
- 			cpumask_copy(new_cpus, parent->effective_cpus);
- 
- 		/* Skip the whole subtree if the cpumask remains the same. */
-@@ -914,7 +922,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus)
- 		cpumask_copy(cp->effective_cpus, new_cpus);
- 		spin_unlock_irq(&callback_lock);
- 
-		WARN_ON(!cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-+		WARN_ON(!is_in_v2_mode() &&
- 			!cpumask_equal(cp->cpus_allowed, cp->effective_cpus));
- 
- 		update_tasks_cpumask(cp);
-@@ -1150,8 +1158,7 @@ static void update_nodemasks_hier(struct cpuset *cs, nodemask_t *new_mems)
- 		 * If it becomes empty, inherit the effective mask of the
- 		 * parent, which is guaranteed to have some MEMs.
- 		 */
-		if (cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-		    nodes_empty(*new_mems))
-+		if (is_in_v2_mode() && nodes_empty(*new_mems))
- 			*new_mems = parent->effective_mems;
- 
- 		/* Skip the whole subtree if the nodemask remains the same. */
-@@ -1168,7 +1175,7 @@ static void update_nodemasks_hier(struct cpuset *cs, nodemask_t *new_mems)
- 		cp->effective_mems = *new_mems;
- 		spin_unlock_irq(&callback_lock);
- 
-		WARN_ON(!cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-+		WARN_ON(!is_in_v2_mode() &&
- 			!nodes_equal(cp->mems_allowed, cp->effective_mems));
- 
- 		update_tasks_nodemask(cp);
-@@ -1460,7 +1467,7 @@ static int cpuset_can_attach(struct cgroup_taskset *tset)
- 
- 	/* allow moving tasks into an empty cpuset if on default hierarchy */
- 	ret = -ENOSPC;
-	if (!cgroup_subsys_on_dfl(cpuset_cgrp_subsys) &&
-+	if (!is_in_v2_mode() &&
- 	    (cpumask_empty(cs->cpus_allowed) || nodes_empty(cs->mems_allowed)))
- 		goto out_unlock;
- 
-@@ -1979,7 +1986,7 @@ static int cpuset_css_online(struct cgroup_subsys_state *css)
- 	cpuset_inc();
- 
- 	spin_lock_irq(&callback_lock);
-	if (cgroup_subsys_on_dfl(cpuset_cgrp_subsys)) {
-+	if (is_in_v2_mode()) {
- 		cpumask_copy(cs->effective_cpus, parent->effective_cpus);
- 		cs->effective_mems = parent->effective_mems;
- 	}
-@@ -2056,7 +2063,7 @@ static void cpuset_bind(struct cgroup_subsys_state *root_css)
- 	mutex_lock(&cpuset_mutex);
- 	spin_lock_irq(&callback_lock);
- 
-	if (cgroup_subsys_on_dfl(cpuset_cgrp_subsys)) {
-+	if (is_in_v2_mode()) {
- 		cpumask_copy(top_cpuset.cpus_allowed, cpu_possible_mask);
- 		top_cpuset.mems_allowed = node_possible_map;
- 	} else {
-@@ -2250,7 +2257,7 @@ static void cpuset_hotplug_update_tasks(struct cpuset *cs)
- 	cpus_updated = !cpumask_equal(&new_cpus, cs->effective_cpus);
- 	mems_updated = !nodes_equal(new_mems, cs->effective_mems);
- 
-	if (cgroup_subsys_on_dfl(cpuset_cgrp_subsys))
-+	if (is_in_v2_mode())
- 		hotplug_update_tasks(cs, &new_cpus, &new_mems,
- 				     cpus_updated, mems_updated);
- 	else
-@@ -2288,7 +2295,7 @@ static void cpuset_hotplug_workfn(struct work_struct *work)
- 	static cpumask_t new_cpus;
- 	static nodemask_t new_mems;
- 	bool cpus_updated, mems_updated;
-	bool on_dfl = cgroup_subsys_on_dfl(cpuset_cgrp_subsys);
-+	bool on_dfl = is_in_v2_mode();
- 
- 	mutex_lock(&cpuset_mutex);
- 
@@ -65,14 +65,15 @@ Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 (cherry picked from commit 71a36944042b7d9dd71f6a5d1c5ea1c2353b5d42)
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- fs/ocfs2/alloc.c | 206 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
+ fs/ocfs2/alloc.c | 206 ++++++++++++++++++++++++++++++++++++++++++++---
 fs/ocfs2/alloc.h |   1 +
 fs/ocfs2/aops.c  |   6 ++
 3 files changed, 203 insertions(+), 10 deletions(-)

 diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c
-index 386aecce881d..9b5e7d8ba710 100644
+index 6b177de324c0..3760888f2e76 100644
 --- a/fs/ocfs2/alloc.c
 +++ b/fs/ocfs2/alloc.c
@@ -165,6 +165,13 @@ static int ocfs2_dinode_insert_check(struct ocfs2_extent_tree *et,
@@ -97,7 +98,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 
 	et->et_ops->eo_fill_root_el(et);
 	if (!et->et_ops->eo_fill_max_leaf_clusters)
-@@ -1159,7 +1167,7 @@ static int ocfs2_add_branch(handle_t *handle,
+@@ -1158,7 +1166,7 @@ static int ocfs2_add_branch(handle_t *handle,
 			    struct buffer_head **last_eb_bh,
 			    struct ocfs2_alloc_context *meta_ac)
 {
@@ -106,7 +107,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 	u64 next_blkno, new_last_eb_blk;
 	struct buffer_head *bh;
 	struct buffer_head **new_eb_bhs = NULL;
-@@ -1214,11 +1222,31 @@ static int ocfs2_add_branch(handle_t *handle,
+@@ -1213,11 +1221,31 @@ static int ocfs2_add_branch(handle_t *handle,
 		goto bail;
 	}
 
@@ -143,7 +144,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 	}
 
 	/* Note: new_eb_bhs[new_blocks - 1] is the guy which will be
-@@ -1341,15 +1369,25 @@ static int ocfs2_shift_tree_depth(handle_t *handle,
+@@ -1340,15 +1368,25 @@ static int ocfs2_shift_tree_depth(handle_t *handle,
 				  struct ocfs2_alloc_context *meta_ac,
 				  struct buffer_head **ret_new_eb_bh)
 {
@@ -172,7 +173,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 	if (status < 0) {
 		mlog_errno(status);
 		goto bail;
-@@ -1512,7 +1550,7 @@ static int ocfs2_grow_tree(handle_t *handle, struct ocfs2_extent_tree *et,
+@@ -1511,7 +1549,7 @@ static int ocfs2_grow_tree(handle_t *handle, struct ocfs2_extent_tree *et,
 	int depth = le16_to_cpu(el->l_tree_depth);
 	struct buffer_head *bh = NULL;
 
@@ -181,7 +182,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 
 	shift = ocfs2_find_branch_target(et, &bh);
 	if (shift < 0) {
-@@ -6593,6 +6631,154 @@ ocfs2_find_per_slot_free_list(int type,
+@@ -6585,6 +6623,154 @@ ocfs2_find_per_slot_free_list(int type,
 	return fl;
 }
 
@@ -337,7 +338,7 @@ index 386aecce881d..9b5e7d8ba710 100644
 			      int type, int slot, u64 suballoc,
 			      u64 blkno, unsigned int bit)
 diff --git a/fs/ocfs2/alloc.h b/fs/ocfs2/alloc.h
-index 4a5152ec88a3..571692171dd1 100644
+index 27b75cf32cfa..250bcacdf9e9 100644
 --- a/fs/ocfs2/alloc.h
 +++ b/fs/ocfs2/alloc.h
@@ -61,6 +61,7 @@ struct ocfs2_extent_tree {
@@ -349,10 +350,10 @@ index 4a5152ec88a3..571692171dd1 100644
 
 /*
 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
-index 77ec9b495027..2ff02dda97d8 100644
+index 209cec7efef4..1cf7ac84b70b 100644
 --- a/fs/ocfs2/aops.c
 +++ b/fs/ocfs2/aops.c
-@@ -2322,6 +2322,12 @@ static int ocfs2_dio_end_io_write(struct inode *inode,
+@@ -2353,6 +2353,12 @@ static int ocfs2_dio_end_io_write(struct inode *inode,
 
 	ocfs2_init_dinode_extent_tree(&et, INODE_CACHE(inode), di_bh);
 
@@ -1,90 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Parav Pandit <parav@mellanox.com>
-Date: Fri, 5 Jan 2018 23:51:12 +0100
-Subject: [PATCH] IB/core: Avoid crash on pkey enforcement failed in received
- MADs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 89548bcafec7ecfeea58c553f0834b5d575a66eb upstream.
-
-Below kernel crash is observed when Pkey security enforcement fails on
-received MADs. This issue is reported in [1].
-
-ib_free_recv_mad() accesses the rmpp_list, whose initialization is
-needed before accessing it.
-When security enformcent fails on received MADs, MAD processing avoided
-due to security checks failed.
-
-OpenSM[3770]: SM port is down
-kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
-kernel: IP: ib_free_recv_mad+0x44/0xa0 [ib_core]
-kernel: PGD 0
-kernel: P4D 0
-kernel:
-kernel: Oops: 0002 [#1] SMP
-kernel: CPU: 0 PID: 2833 Comm: kworker/0:1H Tainted: P          IO    4.13.4-1-pve #1
-kernel: Hardware name: Dell       XS23-TY3        /9CMP63, BIOS 1.71 09/17/2013
-kernel: Workqueue: ib-comp-wq ib_cq_poll_work [ib_core]
-kernel: task: ffffa069c6541600 task.stack: ffffb9a729054000
-kernel: RIP: 0010:ib_free_recv_mad+0x44/0xa0 [ib_core]
-kernel: RSP: 0018:ffffb9a729057d38 EFLAGS: 00010286
-kernel: RAX: ffffa069cb138a48 RBX: ffffa069cb138a10 RCX: 0000000000000000
-kernel: RDX: ffffb9a729057d38 RSI: 0000000000000000 RDI: ffffa069cb138a20
-kernel: RBP: ffffb9a729057d60 R08: ffffa072d2d49800 R09: ffffa069cb138ae0
-kernel: R10: ffffa069cb138ae0 R11: ffffa072b3994e00 R12: ffffb9a729057d38
-kernel: R13: ffffa069d1c90000 R14: 0000000000000000 R15: ffffa069d1c90880
-kernel: FS:  0000000000000000(0000) GS:ffffa069dba00000(0000) knlGS:0000000000000000
-kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-kernel: CR2: 0000000000000008 CR3: 00000011f51f2000 CR4: 00000000000006f0
-kernel: Call Trace:
-kernel:  ib_mad_recv_done+0x5cc/0xb50 [ib_core]
-kernel:  __ib_process_cq+0x5c/0xb0 [ib_core]
-kernel:  ib_cq_poll_work+0x20/0x60 [ib_core]
-kernel:  process_one_work+0x1e9/0x410
-kernel:  worker_thread+0x4b/0x410
-kernel:  kthread+0x109/0x140
-kernel:  ? process_one_work+0x410/0x410
-kernel:  ? kthread_create_on_node+0x70/0x70
-kernel:  ? SyS_exit_group+0x14/0x20
-kernel:  ret_from_fork+0x25/0x30
-kernel: RIP: ib_free_recv_mad+0x44/0xa0 [ib_core] RSP: ffffb9a729057d38
-kernel: CR2: 0000000000000008
-
-[1] : https://www.spinics.net/lists/linux-rdma/msg56190.html
-
-Fixes: 47a2b338fe63 ("IB/core: Enforce security on management datagrams")
-Signed-off-by: Parav Pandit <parav@mellanox.com>
-Reported-by: Chris Blake <chrisrblake93@gmail.com>
-Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
-Reviewed-by: Hal Rosenstock <hal@mellanox.com>
-Signed-off-by: Doug Ledford <dledford@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- drivers/infiniband/core/mad.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
-index f8f53bb90837..cb91245e9163 100644
--- a/drivers/infiniband/core/mad.c
-+++ b/drivers/infiniband/core/mad.c
-@@ -1974,14 +1974,15 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
- 	unsigned long flags;
- 	int ret;
- 
-+	INIT_LIST_HEAD(&mad_recv_wc->rmpp_list);
- 	ret = ib_mad_enforce_security(mad_agent_priv,
- 				      mad_recv_wc->wc->pkey_index);
- 	if (ret) {
- 		ib_free_recv_mad(mad_recv_wc);
- 		deref_mad_agent(mad_agent_priv);
-+		return;
- 	}
- 
-	INIT_LIST_HEAD(&mad_recv_wc->rmpp_list);
- 	list_add(&mad_recv_wc->recv_buf.list, &mad_recv_wc->rmpp_list);
- 	if (ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)) {
- 		mad_recv_wc = ib_process_rmpp_recv_wc(mad_agent_priv,
@@ -1,23 +1,29 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
-Date: Mon, 9 Apr 2018 09:33:25 +0200
-Subject: [PATCH] Revert Ubuntu RETPOLINE checks in kernel Makefile
+Date: Tue, 3 Apr 2018 14:59:26 +0200
+Subject: [PATCH] Revert "UBUNTU: [Packaging] retpoline -- add safe usage hint
+ support"
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

-these break builds outside of Ubuntu's packaging.
+This (partially) reverts commit 1e39020902132b3065bedf0a0c33031e89f9f57a.
+
+this modifies the upstream kernel build to call an Ubuntu script which
+we remove before building. it would also be required by any module
+builds afterwards and is not shipped by Ubuntu's kernel packages either.

 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- scripts/Makefile.build | 8 --------
- 1 file changed, 8 deletions(-)
+ scripts/Makefile.build | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)

 diff --git a/scripts/Makefile.build b/scripts/Makefile.build
-index d74c3f9f1fa8..436005392047 100644
+index 5d72aa39d3c1..451546219dfc 100644
 --- a/scripts/Makefile.build
 +++ b/scripts/Makefile.build
-@@ -282,18 +282,11 @@ objtool_dep = $(objtool_obj)					\
+@@ -295,27 +295,19 @@ objtool_dep = $(objtool_obj)					\
 	      $(wildcard include/config/orc/unwinder.h		\
 			 include/config/stack/validation.h)
 
@@ -30,17 +36,19 @@ index d74c3f9f1fa8..436005392047 100644
 define rule_cc_o_c
 	$(call echo-cmd,checksrc) $(cmd_checksrc)			  \
 	$(call cmd_and_fixdep,cc_o_c)					  \
- 	$(cmd_modversions_c)						  \
+ 	$(cmd_checkdoc)							  \
 	$(call echo-cmd,objtool) $(cmd_objtool)				  \
+ 	$(cmd_modversions_c)						  \
 -	$(call echo-cmd,ubuntu-retpoline) $(cmd_ubuntu_retpoline)	  \
 	$(call echo-cmd,record_mcount) $(cmd_record_mcount)
 endef
 
-@@ -301,7 +294,6 @@ define rule_as_o_S
+ define rule_as_o_S
 	$(call cmd_and_fixdep,as_o_S)					  \
- 	$(cmd_modversions_S)						  \
- 	$(call echo-cmd,objtool) $(cmd_objtool)
+ 	$(call echo-cmd,objtool) $(cmd_objtool)				  \
+-	$(cmd_modversions_S)						  \
 -	$(call echo-cmd,ubuntu-retpoline) $(cmd_ubuntu_retpoline)
+	$(cmd_modversions_S)
 endef
 
 # List module undefined symbols (or empty line if not enabled)
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniel Jurgens <danielj@mellanox.com>
-Date: Mon, 20 Nov 2017 16:47:45 -0600
-Subject: [PATCH] IB/core: Don't enforce PKey security on SMI MADs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Per the infiniband spec an SMI MAD can have any PKey. Checking the pkey
-on SMI MADs is not necessary, and it seems that some older adapters
-using the mthca driver don't follow the convention of using the default
-PKey, resulting in false denials, or errors querying the PKey cache.
-
-SMI MAD security is still enforced, only agents allowed to manage the
-subnet are able to receive or send SMI MADs.
-
-Reported-by: Chris Blake <chrisrblake93@gmail.com>
-Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams")
-Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
-Reviewed-by: Parav Pandit <parav@mellanox.com>
-Signed-off-by: Leon Romanovsky <leon@kernel.org>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- drivers/infiniband/core/security.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c
-index 70ad19c4c73e..8f9fd3b757db 100644
--- a/drivers/infiniband/core/security.c
-+++ b/drivers/infiniband/core/security.c
-@@ -692,8 +692,11 @@ int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index)
- {
- 	int ret;
- 
-	if (map->agent.qp->qp_type == IB_QPT_SMI && !map->agent.smp_allowed)
-		return -EACCES;
-+	if (map->agent.qp->qp_type == IB_QPT_SMI) {
-+		if (!map->agent.smp_allowed)
-+			return -EACCES;
-+		return 0;
-+	}
- 
- 	ret = ib_security_pkey_access(map->agent.device,
- 				      map->agent.port_num,
@@ -0,0 +1,168 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christoffer Dall <christoffer.dall@linaro.org>
+Date: Mon, 4 Dec 2017 21:35:23 +0100
+Subject: [PATCH] KVM: Take vcpu->mutex outside vcpu_load
+
+As we're about to call vcpu_load() from architecture-specific
+implementations of the KVM vcpu ioctls, but yet we access data
+structures protected by the vcpu->mutex in the generic code, factor
+this logic out from vcpu_load().
+
+x86 is the only architecture which calls vcpu_load() outside of the main
+vcpu ioctl function, and these calls will no longer take the vcpu mutex
+following this patch.  However, with the exception of
+kvm_arch_vcpu_postcreate (see below), the callers are either in the
+creation or destruction path of the VCPU, which means there cannot be
+any concurrent access to the data structure, because the file descriptor
+is not yet accessible, or is already gone.
+
+kvm_arch_vcpu_postcreate makes the newly created vcpu potentially
+accessible by other in-kernel threads through the kvm->vcpus array, and
+we therefore take the vcpu mutex in this case directly.
+
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit ec7660ccdd2b71d8c7f0243f8590253713e9b75d)
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/vmx.c       |  4 +---
+ arch/x86/kvm/x86.c       | 16 ++++++----------
+ include/linux/kvm_host.h |  2 +-
+ virt/kvm/kvm_main.c      | 17 ++++++-----------
+ 4 files changed, 14 insertions(+), 25 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 6875c8d13052..5dc2144a0991 100644
+--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
+@@ -10017,10 +10017,8 @@ static void vmx_switch_vmcs(struct kvm_vcpu *vcpu, struct loaded_vmcs *vmcs)
+ static void vmx_free_vcpu_nested(struct kvm_vcpu *vcpu)
+ {
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+-       int r;
+ 
+-       r = vcpu_load(vcpu);
+-       BUG_ON(r);
+       vcpu_load(vcpu);
+        vmx_switch_vmcs(vcpu, &vmx->vmcs01);
+        free_nested(vmx);
+        vcpu_put(vcpu);
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 960b14ba645e..6b1e434ceaf8 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -8061,17 +8061,13 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
+ 
+ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
+ {
+-	int r;
+-
+ 	vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
+ 	kvm_vcpu_mtrr_init(vcpu);
+-	r = vcpu_load(vcpu);
+-	if (r)
+-		return r;
+	vcpu_load(vcpu);
+ 	kvm_vcpu_reset(vcpu, false);
+ 	kvm_mmu_setup(vcpu);
+ 	vcpu_put(vcpu);
+-	return r;
+	return 0;
+ }
+ 
+ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
+@@ -8081,13 +8077,15 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
+ 
+ 	kvm_hv_vcpu_postcreate(vcpu);
+ 
+-	if (vcpu_load(vcpu))
+	if (mutex_lock_killable(&vcpu->mutex))
+ 		return;
+	vcpu_load(vcpu);
+ 	msr.data = 0x0;
+ 	msr.index = MSR_IA32_TSC;
+ 	msr.host_initiated = true;
+ 	kvm_write_tsc(vcpu, &msr);
+ 	vcpu_put(vcpu);
+	mutex_unlock(&vcpu->mutex);
+ 
+ 	if (!kvmclock_periodic_sync)
+ 		return;
+@@ -8474,9 +8472,7 @@ int kvm_arch_post_init_vm(struct kvm *kvm)
+ 
+ static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
+ {
+-	int r;
+-	r = vcpu_load(vcpu);
+-	BUG_ON(r);
+	vcpu_load(vcpu);
+ 	kvm_mmu_unload(vcpu);
+ 	vcpu_put(vcpu);
+ }
+diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
+index f182bbfb0ac5..f8b7ac63219d 100644
+--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
+@@ -560,7 +560,7 @@ static inline int kvm_vcpu_get_idx(struct kvm_vcpu *vcpu)
+ int kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id);
+ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
+ 
+-int __must_check vcpu_load(struct kvm_vcpu *vcpu);
+void vcpu_load(struct kvm_vcpu *vcpu);
+ void vcpu_put(struct kvm_vcpu *vcpu);
+ 
+ #ifdef __KVM_HAVE_IOAPIC
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index c6749d154ebc..66998264619b 100644
+--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
+@@ -172,17 +172,12 @@ bool kvm_is_reserved_pfn(kvm_pfn_t pfn)
+ /*
+  * Switches to specified vcpu, until a matching vcpu_put()
+  */
+-int vcpu_load(struct kvm_vcpu *vcpu)
+void vcpu_load(struct kvm_vcpu *vcpu)
+ {
+-	int cpu;
+-
+-	if (mutex_lock_killable(&vcpu->mutex))
+-		return -EINTR;
+-	cpu = get_cpu();
+	int cpu = get_cpu();
+ 	preempt_notifier_register(&vcpu->preempt_notifier);
+ 	kvm_arch_vcpu_load(vcpu, cpu);
+ 	put_cpu();
+-	return 0;
+ }
+ EXPORT_SYMBOL_GPL(vcpu_load);
+ 
+@@ -192,7 +187,6 @@ void vcpu_put(struct kvm_vcpu *vcpu)
+ 	kvm_arch_vcpu_put(vcpu);
+ 	preempt_notifier_unregister(&vcpu->preempt_notifier);
+ 	preempt_enable();
+-	mutex_unlock(&vcpu->mutex);
+ }
+ EXPORT_SYMBOL_GPL(vcpu_put);
+ 
+@@ -2786,9 +2780,9 @@ static long kvm_vcpu_ioctl(struct file *filp,
+ #endif
+ 
+ 
+-	r = vcpu_load(vcpu);
+-	if (r)
+-		return r;
+	if (mutex_lock_killable(&vcpu->mutex))
+		return -EINTR;
+	vcpu_load(vcpu);
+ 	switch (ioctl) {
+ 	case KVM_RUN: {
+ 		struct pid *oldpid;
+@@ -2961,6 +2955,7 @@ static long kvm_vcpu_ioctl(struct file *filp,
+ 	}
+ out:
+ 	vcpu_put(vcpu);
+	mutex_unlock(&vcpu->mutex);
+ 	kfree(fpu);
+ 	kfree(kvm_sregs);
+ 	return r;
@@ -1,53 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 26 Oct 2017 09:13:27 +0200
-Subject: [PATCH] KVM: SVM: obey guest PAT
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-For many years some users of assigned devices have reported worse
-performance on AMD processors with NPT than on AMD without NPT,
-Intel or bare metal.
-
-The reason turned out to be that SVM is discarding the guest PAT
-setting and uses the default (PA0=PA4=WB, PA1=PA5=WT, PA2=PA6=UC-,
-PA3=UC).  The guest might be using a different setting, and
-especially might want write combining but isn't getting it
-(instead getting slow UC or UC- accesses).
-
-Thanks a lot to geoff@hostfission.com for noticing the relation
-to the g_pat setting.  The patch has been tested also by a bunch
-of people on VFIO users forums.
-
-Fixes: 709ddebf81cb40e3c36c6109a7892e8b93a09464
-Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=196409
-Cc: stable@vger.kernel.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Tested-by: Nick Sarnie <commendsarnex@gmail.com>
-Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
-(cherry picked from commit 15038e14724799b8c205beb5f20f9e54896013c3)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- arch/x86/kvm/svm.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 068084c8e540..da10db3de636 100644
--- a/arch/x86/kvm/svm.c
-+++ b/arch/x86/kvm/svm.c
-@@ -3666,6 +3666,13 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
- 	u32 ecx = msr->index;
- 	u64 data = msr->data;
- 	switch (ecx) {
-+	case MSR_IA32_CR_PAT:
-+		if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
-+			return 1;
-+		vcpu->arch.pat = data;
-+		svm->vmcb->save.g_pat = data;
-+		mark_dirty(svm->vmcb, VMCB_NPT);
-+		break;
- 	case MSR_IA32_TSC:
- 		kvm_write_tsc(vcpu, msr);
- 		break;
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Tue, 30 Oct 2018 12:20:21 -0700
+Subject: [PATCH] kvm: x86: Don't modify MSR_PLATFORM_INFO on vCPU reset
+
+If userspace has provided a different value for this MSR (e.g with the
+turbo bits set), the userspace-provided value should survive a vCPU
+reset. For backwards compatibility, MSR_PLATFORM_INFO is initialized
+in kvm_arch_vcpu_setup.
+
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Drew Schmitt <dasch@google.com>
+Cc: Abhiroop Dabral <adabral@paloaltonetworks.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit e53d88af63ab4104e1226b8f9959f1e9903da10b)
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ arch/x86/kvm/x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 6b1e434ceaf8..93bc3504d39e 100644
+--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
+@@ -8062,6 +8062,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
+ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
+ {
+ 	vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
+	vcpu->arch.msr_platform_info = MSR_PLATFORM_INFO_CPUID_FAULT;
+ 	kvm_vcpu_mtrr_init(vcpu);
+ 	vcpu_load(vcpu);
+ 	kvm_vcpu_reset(vcpu, false);
+@@ -8157,7 +8158,6 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
+ 		kvm_pmu_reset(vcpu);
+ 		vcpu->arch.smbase = 0x30000;
+ 
+-		vcpu->arch.msr_platform_info = MSR_PLATFORM_INFO_CPUID_FAULT;
+ 		vcpu->arch.msr_misc_features_enables = 0;
+ 
+ 		vcpu->arch.xcr0 = XFEATURE_MASK_FP;
@@ -1,65 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Felix Wilhelm <fwilhelm@google.com>
-Date: Mon, 11 Jun 2018 09:43:44 +0200
-Subject: [PATCH] kvm: nVMX: Enforce cpl=0 for VMX instructions
-
-VMX instructions executed inside a L1 VM will always trigger a VM exit
-even when executed with cpl 3. This means we must perform the
-privilege check in software.
-
-Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks")
-Cc: stable@vger.kernel.org
-Signed-off-by: Felix Wilhelm <fwilhelm@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- arch/x86/kvm/vmx.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 54980817194a..b2d75b59b6e5 100644
--- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -7180,6 +7180,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
- 		return 1;
- 	}
- 
-+	/* CPL=0 must be checked manually. */
-+	if (vmx_get_cpl(vcpu)) {
-+		kvm_queue_exception(vcpu, UD_VECTOR);
-+		return 1;
-+	}
-+
- 	if (vmx->nested.vmxon) {
- 		nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
- 		return kvm_skip_emulated_instruction(vcpu);
-@@ -7239,6 +7245,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
-  */
- static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
- {
-+	if (vmx_get_cpl(vcpu)) {
-+		kvm_queue_exception(vcpu, UD_VECTOR);
-+		return 0;
-+	}
-+
- 	if (!to_vmx(vcpu)->nested.vmxon) {
- 		kvm_queue_exception(vcpu, UD_VECTOR);
- 		return 0;
-@@ -7577,7 +7588,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
- 		if (get_vmx_mem_address(vcpu, exit_qualification,
- 				vmx_instruction_info, true, &gva))
- 			return 1;
-		/* _system ok, as hardware has verified cpl=0 */
-+		/* _system ok, nested_vmx_check_permission has verified cpl=0 */
- 		kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva,
- 			     &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL);
- 	}
-@@ -7720,7 +7731,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu)
- 	if (get_vmx_mem_address(vcpu, exit_qualification,
- 			vmx_instruction_info, true, &vmcs_gva))
- 		return 1;
-	/* ok to use *_system, as hardware has verified cpl=0 */
-+	/* *_system ok, nested_vmx_check_permission has verified cpl=0 */
- 	if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva,
- 				 (void *)&to_vmx(vcpu)->nested.current_vmptr,
- 				 sizeof(u64), &e)) {
@@ -0,0 +1,22 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht@proxmox.com>
+Date: Fri, 6 Sep 2019 13:04:30 +0200
+Subject: [PATCH] ntb test: remove unused conflicting SZ_4G define
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ drivers/ntb/test/ntb_perf.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/ntb/test/ntb_perf.c b/drivers/ntb/test/ntb_perf.c
+index 427112cf101a..1f8ee33a07a2 100644
+--- a/drivers/ntb/test/ntb_perf.c
+++ b/drivers/ntb/test/ntb_perf.c
+@@ -74,7 +74,6 @@
+ #define MAX_SRCS		32
+ #define DMA_OUT_RESOURCE_TO	msecs_to_jiffies(50)
+ #define DMA_RETRIES		20
+-#define SZ_4G			(1ULL << 32)
+ #define MAX_SEG_ORDER		20 /* no larger than 1M for kmalloc buffer */
+ #define PIDX			NTB_DEF_PEER_IDX
+ 
@@ -1,30 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 19 Jan 2018 11:12:37 +0100
-Subject: [PATCH] net: sched: em_nbyte: don't add the data offset twice
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-'ptr' is shifted by the offset and then validated,
-the memcmp should not add it a second time.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- net/sched/em_nbyte.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/net/sched/em_nbyte.c b/net/sched/em_nbyte.c
-index df3110d69585..07c10bac06a0 100644
--- a/net/sched/em_nbyte.c
-+++ b/net/sched/em_nbyte.c
-@@ -51,7 +51,7 @@ static int em_nbyte_match(struct sk_buff *skb, struct tcf_ematch *em,
- 	if (!tcf_valid_offset(skb, ptr, nbyte->hdr.len))
- 		return 0;
- 
-	return !memcmp(ptr + nbyte->hdr.off, nbyte->pattern, nbyte->hdr.len);
-+	return !memcmp(ptr, nbyte->pattern, nbyte->hdr.len);
- }
- 
- static struct tcf_ematch_ops em_nbyte_ops = {
@@ -1,31 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 19 Jan 2018 11:12:38 +0100
-Subject: [PATCH] net: sched: fix TCF_LAYER_LINK case in tcf_get_base_ptr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-TCF_LAYER_LINK and TCF_LAYER_NETWORK returned the same pointer as
-skb->data points to the network header.
-Use skb_mac_header instead.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- include/net/pkt_cls.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
-index 537d0a0ad4c4..4450961b1554 100644
--- a/include/net/pkt_cls.h
-+++ b/include/net/pkt_cls.h
-@@ -395,7 +395,7 @@ static inline unsigned char * tcf_get_base_ptr(struct sk_buff *skb, int layer)
- {
- 	switch (layer) {
- 		case TCF_LAYER_LINK:
-			return skb->data;
-+			return skb_mac_header(skb);
- 		case TCF_LAYER_NETWORK:
- 			return skb_network_header(skb);
- 		case TCF_LAYER_TRANSPORT:
@@ -1,46 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Andrew Honig <ahonig@google.com>
-Date: Wed, 10 Jan 2018 10:12:03 -0800
-Subject: [PATCH] KVM: x86: Add memory barrier on vmcs field lookup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream.
-
-This adds a memory barrier when performing a lookup into
-the vmcs_field_to_offset_table.  This is related to
-CVE-2017-5753.
-
-Signed-off-by: Andrew Honig <ahonig@google.com>
-Reviewed-by: Jim Mattson <jmattson@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- arch/x86/kvm/vmx.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index b2d75b59b6e5..a393186d14b1 100644
--- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -883,8 +883,16 @@ static inline short vmcs_field_to_offset(unsigned long field)
- {
- 	BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
- 
-	if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) ||
-	    vmcs_field_to_offset_table[field] == 0)
-+	if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))
-+		return -ENOENT;
-+
-+	/*
-+	 * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a
-+	 * generic mechanism.
-+	 */
-+	asm("lfence");
-+
-+	if (vmcs_field_to_offset_table[field] == 0)
- 		return -ENOENT;
- 
- 	return vmcs_field_to_offset_table[field];
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
-Date: Mon, 16 Oct 2017 12:40:29 -0500
-Subject: [PATCH] EDAC, sb_edac: Fix missing break in switch
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Add missing break statement in order to prevent the code from falling
-through.
-
-Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
-Cc: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
-Cc: linux-edac <linux-edac@vger.kernel.org>
-Link: http://lkml.kernel.org/r/20171016174029.GA19757@embeddedor.com
-Signed-off-by: Borislav Petkov <bp@suse.de>
-(cherry picked from commit a8e9b186f153a44690ad0363a56716e7077ad28c)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- drivers/edac/sb_edac.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
-index 5c3e707ff3fc..59af590b660c 100644
--- a/drivers/edac/sb_edac.c
-+++ b/drivers/edac/sb_edac.c
-@@ -2454,6 +2454,7 @@ static int ibridge_mci_bind_devs(struct mem_ctl_info *mci,
- 		case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_TA:
- 		case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA1_TA:
- 			pvt->pci_ta = pdev;
-+			break;
- 		case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_RAS:
- 		case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA1_RAS:
- 			pvt->pci_ras = pdev;
@@ -1,49 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Omar Sandoval <osandov@fb.com>
-Date: Tue, 5 Dec 2017 23:15:31 -0800
-Subject: [PATCH] sched/wait: Fix add_wait_queue() behavioral change
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The following cleanup commit:
-
-  50816c48997a ("sched/wait: Standardize internal naming of wait-queue entries")
-
-... unintentionally changed the behavior of add_wait_queue() from
-inserting the wait entry at the head of the wait queue to the tail
-of the wait queue.
-
-Beyond a negative performance impact this change in behavior
-theoretically also breaks wait queues which mix exclusive and
-non-exclusive waiters, as non-exclusive waiters will not be
-woken up if they are queued behind enough exclusive waiters.
-
-Signed-off-by: Omar Sandoval <osandov@fb.com>
-Reviewed-by: Jens Axboe <axboe@kernel.dk>
-Acked-by: Peter Zijlstra <peterz@infradead.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: kernel-team@fb.com
-Fixes: ("sched/wait: Standardize internal naming of wait-queue entries")
-Link: http://lkml.kernel.org/r/a16c8ccffd39bd08fdaa45a5192294c784b803a7.1512544324.git.osandov@fb.com
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-(cherry picked from commit c6b9d9a33029014446bd9ed84c1688f6d3d4eab9)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- kernel/sched/wait.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
-index d6afed6d0752..c09ebe92a40a 100644
--- a/kernel/sched/wait.c
-+++ b/kernel/sched/wait.c
-@@ -27,7 +27,7 @@ void add_wait_queue(struct wait_queue_head *wq_head, struct wait_queue_entry *wq
- 
- 	wq_entry->flags &= ~WQ_FLAG_EXCLUSIVE;
- 	spin_lock_irqsave(&wq_head->lock, flags);
-	__add_wait_queue_entry_tail(wq_head, wq_entry);
-+	__add_wait_queue(wq_head, wq_entry);
- 	spin_unlock_irqrestore(&wq_head->lock, flags);
- }
- EXPORT_SYMBOL(add_wait_queue);
@@ -1,161 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Andi Kleen <ak@linux.intel.com>
-Date: Thu, 25 Jan 2018 15:50:28 -0800
-Subject: [PATCH] module/retpoline: Warn about missing retpoline in module
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There's a risk that a kernel which has full retpoline mitigations becomes
-vulnerable when a module gets loaded that hasn't been compiled with the
-right compiler or the right option.
-
-To enable detection of that mismatch at module load time, add a module info
-string "retpoline" at build time when the module was compiled with
-retpoline support. This only covers compiled C source, but assembler source
-or prebuilt object files are not checked.
-
-If a retpoline enabled kernel detects a non retpoline protected module at
-load time, print a warning and report it in the sysfs vulnerability file.
-
-[ tglx: Massaged changelog ]
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: David Woodhouse <dwmw2@infradead.org>
-Cc: gregkh@linuxfoundation.org
-Cc: torvalds@linux-foundation.org
-Cc: jeyu@kernel.org
-Cc: arjan@linux.intel.com
-Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org
-(backported from commit caf7501a1b4ec964190f31f9c3f163de252273b8)
-Conflicts:
-	arch/x86/kernel/cpu/bugs.c
-context changes
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- arch/x86/kernel/cpu/bugs.c | 18 +++++++++++++++++-
- include/linux/module.h     |  9 +++++++++
- kernel/module.c            | 11 +++++++++++
- scripts/mod/modpost.c      |  9 +++++++++
- 4 files changed, 46 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 7e5db5aa37f3..b5bcdf7e94d7 100644
--- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -11,6 +11,7 @@
- #include <linux/utsname.h>
- #include <linux/cpu.h>
- #include <linux/smp.h>
-+#include <linux/module.h>
- #include <linux/nospec.h>
- #include <linux/prctl.h>
- 
-@@ -131,6 +132,19 @@ static const char *spectre_v2_strings[] = {
- 
- static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
- 	SPECTRE_V2_NONE;
-+static bool spectre_v2_bad_module;
-+
-+#ifdef RETPOLINE
-+bool retpoline_module_ok(bool has_retpoline)
-+{
-+	if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline)
-+		return true;
-+
-+	pr_err("System may be vunerable to spectre v2\n");
-+	spectre_v2_bad_module = true;
-+	return false;
-+}
-+#endif
- 
- void
- x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
-@@ -627,7 +641,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
- 			return sprintf(buf, "Mitigation: OSB (observable speculation barrier, Intel v6)\n");
- 
- 	case X86_BUG_SPECTRE_V2:
-		return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled], ibpb_inuse ? ", IBPB (Intel v4)" : "");
-+		return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-+		               ibpb_inuse ? ",IBPB (Intel v4)" : "",
-+		               spectre_v2_bad_module ? " - vulnerable module loaded" : "");
- 
- 	case X86_BUG_SPEC_STORE_BYPASS:
- 		return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
-diff --git a/include/linux/module.h b/include/linux/module.h
-index e7bdd549e527..c4fdf7661f82 100644
--- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -794,6 +794,15 @@ static inline void module_bug_finalize(const Elf_Ehdr *hdr,
- static inline void module_bug_cleanup(struct module *mod) {}
- #endif	/* CONFIG_GENERIC_BUG */
- 
-+#ifdef RETPOLINE
-+extern bool retpoline_module_ok(bool has_retpoline);
-+#else
-+static inline bool retpoline_module_ok(bool has_retpoline)
-+{
-+	return true;
-+}
-+#endif
-+
- #ifdef CONFIG_MODULE_SIG
- static inline bool module_sig_ok(struct module *module)
- {
-diff --git a/kernel/module.c b/kernel/module.c
-index 41b97a191a72..1c3fd6f767b4 100644
--- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2855,6 +2855,15 @@ static int check_modinfo_livepatch(struct module *mod, struct load_info *info)
- }
- #endif /* CONFIG_LIVEPATCH */
- 
-+static void check_modinfo_retpoline(struct module *mod, struct load_info *info)
-+{
-+	if (retpoline_module_ok(get_modinfo(info, "retpoline")))
-+		return;
-+
-+	pr_warn("%s: loading module not compiled with retpoline compiler.\n",
-+		mod->name);
-+}
-+
- /* Sets info->hdr and info->len. */
- static int copy_module_from_user(const void __user *umod, unsigned long len,
- 				  struct load_info *info)
-@@ -3021,6 +3030,8 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
- 		add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
- 	}
- 
-+	check_modinfo_retpoline(mod, info);
-+
- 	if (get_modinfo(info, "staging")) {
- 		add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
- 		pr_warn("%s: module is from the staging directory, the quality "
-diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 48397feb08fb..cc91f81ac33e 100644
--- a/scripts/mod/modpost.c
-+++ b/scripts/mod/modpost.c
-@@ -2147,6 +2147,14 @@ static void add_intree_flag(struct buffer *b, int is_intree)
- 		buf_printf(b, "\nMODULE_INFO(intree, \"Y\");\n");
- }
- 
-+/* Cannot check for assembler */
-+static void add_retpoline(struct buffer *b)
-+{
-+	buf_printf(b, "\n#ifdef RETPOLINE\n");
-+	buf_printf(b, "MODULE_INFO(retpoline, \"Y\");\n");
-+	buf_printf(b, "#endif\n");
-+}
-+
- static void add_staging_flag(struct buffer *b, const char *name)
- {
- 	static const char *staging_dir = "drivers/staging";
-@@ -2492,6 +2500,7 @@ int main(int argc, char **argv)
- 
- 		add_header(&buf, mod);
- 		add_intree_flag(&buf, !external_module);
-+		add_retpoline(&buf);
- 		add_staging_flag(&buf, mod->name);
- 		err |= add_versions(&buf, mod);
- 		add_depends(&buf, mod, modules);
@@ -1,124 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dan Streetman <ddstreet@ieee.org>
-Date: Thu, 18 Jan 2018 16:14:26 -0500
-Subject: [PATCH] net: tcp: close sock if net namespace is exiting
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When a tcp socket is closed, if it detects that its net namespace is
-exiting, close immediately and do not wait for FIN sequence.
-
-For normal sockets, a reference is taken to their net namespace, so it will
-never exit while the socket is open.  However, kernel sockets do not take a
-reference to their net namespace, so it may begin exiting while the kernel
-socket is still open.  In this case if the kernel socket is a tcp socket,
-it will stay open trying to complete its close sequence.  The sock's dst(s)
-hold a reference to their interface, which are all transferred to the
-namespace's loopback interface when the real interfaces are taken down.
-When the namespace tries to take down its loopback interface, it hangs
-waiting for all references to the loopback interface to release, which
-results in messages like:
-
-unregister_netdevice: waiting for lo to become free. Usage count = 1
-
-These messages continue until the socket finally times out and closes.
-Since the net namespace cleanup holds the net_mutex while calling its
-registered pernet callbacks, any new net namespace initialization is
-blocked until the current net namespace finishes exiting.
-
-After this change, the tcp socket notices the exiting net namespace, and
-closes immediately, releasing its dst(s) and their reference to the
-loopback interface, which lets the net namespace continue exiting.
-
-Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=97811
-Signed-off-by: Dan Streetman <ddstreet@canonical.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- include/net/net_namespace.h | 10 ++++++++++
- net/ipv4/tcp.c              |  3 +++
- net/ipv4/tcp_timer.c        | 15 +++++++++++++++
- 3 files changed, 28 insertions(+)
-
-diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
-index 1c401bd4c2e0..a5d023fa78db 100644
--- a/include/net/net_namespace.h
-+++ b/include/net/net_namespace.h
-@@ -221,6 +221,11 @@ int net_eq(const struct net *net1, const struct net *net2)
- 	return net1 == net2;
- }
- 
-+static inline int check_net(const struct net *net)
-+{
-+	return atomic_read(&net->count) != 0;
-+}
-+
- void net_drop_ns(void *);
- 
- #else
-@@ -245,6 +250,11 @@ int net_eq(const struct net *net1, const struct net *net2)
- 	return 1;
- }
- 
-+static inline int check_net(const struct net *net)
-+{
-+	return 1;
-+}
-+
- #define net_drop_ns NULL
- #endif
- 
-diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index a3e91b552edc..fd2a086da910 100644
--- a/net/ipv4/tcp.c
-+++ b/net/ipv4/tcp.c
-@@ -2258,6 +2258,9 @@ void tcp_close(struct sock *sk, long timeout)
- 			tcp_send_active_reset(sk, GFP_ATOMIC);
- 			__NET_INC_STATS(sock_net(sk),
- 					LINUX_MIB_TCPABORTONMEMORY);
-+		} else if (!check_net(sock_net(sk))) {
-+			/* Not possible to send reset; just close */
-+			tcp_set_state(sk, TCP_CLOSE);
- 		}
- 	}
- 
-diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
-index e906014890b6..ec1e5de41653 100644
--- a/net/ipv4/tcp_timer.c
-+++ b/net/ipv4/tcp_timer.c
-@@ -50,11 +50,19 @@ static void tcp_write_err(struct sock *sk)
-  *  to prevent DoS attacks. It is called when a retransmission timeout
-  *  or zero probe timeout occurs on orphaned socket.
-  *
-+ *  Also close if our net namespace is exiting; in that case there is no
-+ *  hope of ever communicating again since all netns interfaces are already
-+ *  down (or about to be down), and we need to release our dst references,
-+ *  which have been moved to the netns loopback interface, so the namespace
-+ *  can finish exiting.  This condition is only possible if we are a kernel
-+ *  socket, as those do not hold references to the namespace.
-+ *
-  *  Criteria is still not confirmed experimentally and may change.
-  *  We kill the socket, if:
-  *  1. If number of orphaned sockets exceeds an administratively configured
-  *     limit.
-  *  2. If we have strong memory pressure.
-+ *  3. If our net namespace is exiting.
-  */
- static int tcp_out_of_resources(struct sock *sk, bool do_reset)
- {
-@@ -83,6 +91,13 @@ static int tcp_out_of_resources(struct sock *sk, bool do_reset)
- 		__NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONMEMORY);
- 		return 1;
- 	}
-+
-+	if (!check_net(sock_net(sk))) {
-+		/* Not possible to send reset; just close */
-+		tcp_done(sk);
-+		return 1;
-+	}
-+
- 	return 0;
- }
- 
@@ -1,86 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Tommi Rantala <tommi.t.rantala@nokia.com>
-Date: Mon, 5 Feb 2018 21:48:14 +0200
-Subject: [PATCH] sctp: fix dst refcnt leak in sctp_v4_get_dst
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fix dst reference count leak in sctp_v4_get_dst() introduced in commit
-410f03831 ("sctp: add routing output fallback"):
-
-When walking the address_list, successive ip_route_output_key() calls
-may return the same rt->dst with the reference incremented on each call.
-
-The code would not decrement the dst refcount when the dst pointer was
-identical from the previous iteration, causing the dst refcnt leak.
-
-Testcase:
-  ip netns add TEST
-  ip netns exec TEST ip link set lo up
-  ip link add dummy0 type dummy
-  ip link add dummy1 type dummy
-  ip link add dummy2 type dummy
-  ip link set dev dummy0 netns TEST
-  ip link set dev dummy1 netns TEST
-  ip link set dev dummy2 netns TEST
-  ip netns exec TEST ip addr add 192.168.1.1/24 dev dummy0
-  ip netns exec TEST ip link set dummy0 up
-  ip netns exec TEST ip addr add 192.168.1.2/24 dev dummy1
-  ip netns exec TEST ip link set dummy1 up
-  ip netns exec TEST ip addr add 192.168.1.3/24 dev dummy2
-  ip netns exec TEST ip link set dummy2 up
-  ip netns exec TEST sctp_test -H 192.168.1.2 -P 20002 -h 192.168.1.1 -p 20000 -s -B 192.168.1.3
-  ip netns del TEST
-
-In 4.4 and 4.9 kernels this results to:
-  [  354.179591] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  [  364.419674] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  [  374.663664] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  [  384.903717] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  [  395.143724] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  [  405.383645] unregister_netdevice: waiting for lo to become free. Usage count = 1
-  ...
-
-Fixes: 410f03831 ("sctp: add routing output fallback")
-Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses")
-Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
-Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
-Acked-by: Neil Horman <nhorman@tuxdriver.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- net/sctp/protocol.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
-index 989a900383b5..e1a3ae4f3cab 100644
--- a/net/sctp/protocol.c
-+++ b/net/sctp/protocol.c
-@@ -514,22 +514,20 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
- 		if (IS_ERR(rt))
- 			continue;
- 
-		if (!dst)
-			dst = &rt->dst;
-
- 		/* Ensure the src address belongs to the output
- 		 * interface.
- 		 */
- 		odev = __ip_dev_find(sock_net(sk), laddr->a.v4.sin_addr.s_addr,
- 				     false);
- 		if (!odev || odev->ifindex != fl4->flowi4_oif) {
-			if (&rt->dst != dst)
-+			if (!dst)
-+				dst = &rt->dst;
-+			else
- 				dst_release(&rt->dst);
- 			continue;
- 		}
- 
-		if (dst != &rt->dst)
-			dst_release(dst);
-+		dst_release(dst);
- 		dst = &rt->dst;
- 		break;
- 	}
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexey Kodanev <alexey.kodanev@oracle.com>
-Date: Mon, 5 Feb 2018 15:10:35 +0300
-Subject: [PATCH] sctp: fix dst refcnt leak in sctp_v6_get_dst()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When going through the bind address list in sctp_v6_get_dst() and
-the previously found address is better ('matchlen > bmatchlen'),
-the code continues to the next iteration without releasing currently
-held destination.
-
-Fix it by releasing 'bdst' before continue to the next iteration, and
-instead of introducing one more '!IS_ERR(bdst)' check for dst_release(),
-move the already existed one right after ip6_dst_lookup_flow(), i.e. we
-shouldn't proceed further if we get an error for the route lookup.
-
-Fixes: dbc2b5e9a09e ("sctp: fix src address selection if using secondary addresses for ipv6")
-Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
-Acked-by: Neil Horman <nhorman@tuxdriver.com>
-Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- net/sctp/ipv6.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
-index edb462b0b73b..e626d72868fe 100644
--- a/net/sctp/ipv6.c
-+++ b/net/sctp/ipv6.c
-@@ -326,8 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
- 		final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
- 		bdst = ip6_dst_lookup_flow(sk, fl6, final_p);
- 
-		if (!IS_ERR(bdst) &&
-		    ipv6_chk_addr(dev_net(bdst->dev),
-+		if (IS_ERR(bdst))
-+			continue;
-+
-+		if (ipv6_chk_addr(dev_net(bdst->dev),
- 				  &laddr->a.v6.sin6_addr, bdst->dev, 1)) {
- 			if (!IS_ERR_OR_NULL(dst))
- 				dst_release(dst);
-@@ -336,8 +338,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
- 		}
- 
- 		bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a);
-		if (matchlen > bmatchlen)
-+		if (matchlen > bmatchlen) {
-+			dst_release(bdst);
- 			continue;
-+		}
- 
- 		if (!IS_ERR_OR_NULL(dst))
- 			dst_release(dst);
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vasily Averin <vvs@virtuozzo.com>
-Date: Thu, 2 Nov 2017 13:03:42 +0300
-Subject: [PATCH] lockd: lost rollback of set_grace_period() in
- lockd_down_net()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit efda760fe95ea ("lockd: fix lockd shutdown race") is incorrect,
-it removes lockd_manager and disarm grace_period_end for init_net only.
-
-If nfsd was started from another net namespace lockd_up_net() calls
-set_grace_period() that adds lockd_manager into per-netns list
-and queues grace_period_end delayed work.
-
-These action should be reverted in lockd_down_net().
-Otherwise it can lead to double list_add on after restart nfsd in netns,
-and to use-after-free if non-disarmed delayed work will be executed after netns destroy.
-
-Fixes: efda760fe95e ("lockd: fix lockd shutdown race")
-Cc: stable@vger.kernel.org
-Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-(cherry picked from commit 3a2b19d1ee5633f76ae8a88da7bc039a5d1732aa)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- fs/lockd/svc.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
-index 726b6cecf430..fa8f6effcf00 100644
--- a/fs/lockd/svc.c
-+++ b/fs/lockd/svc.c
-@@ -274,6 +274,8 @@ static void lockd_down_net(struct svc_serv *serv, struct net *net)
- 	if (ln->nlmsvc_users) {
- 		if (--ln->nlmsvc_users == 0) {
- 			nlm_shutdown_hosts_net(net);
-+			cancel_delayed_work_sync(&ln->grace_period_end);
-+			locks_end_grace(&ln->lockd_manager);
- 			svc_shutdown_net(serv, net);
- 			dprintk("lockd_down_net: per-net data destroyed; net=%p\n", net);
- 		}
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
-Date: Fri, 23 Mar 2018 09:19:21 +0100
-Subject: [PATCH] mm/shmem: do not wait for lock_page() in
- shmem_unused_huge_shrink()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-shmem_unused_huge_shrink() gets called from reclaim path.  Waiting for
-page lock may lead to deadlock there.
-
-There was a bug report that may be attributed to this:
-
-http://lkml.kernel.org/r/alpine.LRH.2.11.1801242349220.30642@mail.ewheeler.net
-
-Replace lock_page() with trylock_page() and skip the page if we failed to
-lock it.  We will get to the page on the next scan.
-
-We can test for the PageTransHuge() outside the page lock as we only need
-protection against splitting the page under us.  Holding pin oni the page
-is enough for this.
-
-Link: http://lkml.kernel.org/r/20180316210830.43738-1-kirill.shutemov@linux.intel.com
-Fixes: 779750d20b93 ("shmem: split huge pages beyond i_size under memory pressure")
-Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
-Reported-by: Eric Wheeler <linux-mm@lists.ewheeler.net>
-Acked-by: Michal Hocko <mhocko@suse.com>
-Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
-Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Cc: Hugh Dickins <hughd@google.com>
-Cc: <stable@vger.kernel.org>	[4.8+]
-Signed-off-by: Andrew Morton <>
-(cherry-picked from https://git.kernel.org/pub/scm/linux/kernel/git/mhocko/mm.git/commit/?h=since-4.15&id=73eccc61c701ee7b4223aea2079542a712feeea7)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- mm/shmem.c | 31 ++++++++++++++++++++-----------
- 1 file changed, 20 insertions(+), 11 deletions(-)
-
-diff --git a/mm/shmem.c b/mm/shmem.c
-index 859e4c224b80..2aae929eb90b 100644
--- a/mm/shmem.c
-+++ b/mm/shmem.c
-@@ -483,36 +483,45 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo,
- 		info = list_entry(pos, struct shmem_inode_info, shrinklist);
- 		inode = &info->vfs_inode;
- 
-		if (nr_to_split && split >= nr_to_split) {
-			iput(inode);
-			continue;
-		}
-+		if (nr_to_split && split >= nr_to_split)
-+			goto leave;
- 
-		page = find_lock_page(inode->i_mapping,
-+		page = find_get_page(inode->i_mapping,
- 				(inode->i_size & HPAGE_PMD_MASK) >> PAGE_SHIFT);
- 		if (!page)
- 			goto drop;
- 
-+		/* No huge page at the end of the file: nothing to split */
- 		if (!PageTransHuge(page)) {
-			unlock_page(page);
- 			put_page(page);
- 			goto drop;
- 		}
- 
-+		/*
-+		 * Leave the inode on the list if we failed to lock
-+		 * the page at this time.
-+		 *
-+		 * Waiting for the lock may lead to deadlock in the
-+		 * reclaim path.
-+		 */
-+		if (!trylock_page(page)) {
-+			put_page(page);
-+			goto leave;
-+		}
-+
- 		ret = split_huge_page(page);
- 		unlock_page(page);
- 		put_page(page);
- 
-		if (ret) {
-			/* split failed: leave it on the list */
-			iput(inode);
-			continue;
-		}
-+		/* If split failed leave the inode on the list */
-+		if (ret)
-+			goto leave;
- 
- 		split++;
- drop:
- 		list_del_init(&info->shrinklist);
- 		removed++;
-+leave:
- 		iput(inode);
- 	}
- 
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
-Date: Thu, 15 Mar 2018 18:07:47 +0300
-Subject: [PATCH] mm/thp: Do not wait for lock_page() in deferred_split_scan()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-deferred_split_scan() gets called from reclaim path. Waiting for page
-lock may lead to deadlock there.
-
-Replace lock_page() with trylock_page() and skip the page if we failed
-to lock it. We will get to the page on the next scan.
-
-Fixes: 9a982250f773 ("thp: introduce deferred_split_huge_page()")
-
-Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
-Acked-by: Michal Hocko <mhocko@suse.com>
-(cherry-picked from https://patchwork.kernel.org/patch/10284703/)
-Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
- mm/huge_memory.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 8b887db33383..5c4093e0be8d 100644
--- a/mm/huge_memory.c
-+++ b/mm/huge_memory.c
-@@ -2621,11 +2621,13 @@ static unsigned long deferred_split_scan(struct shrinker *shrink,
- 
- 	list_for_each_safe(pos, next, &list) {
- 		page = list_entry((void *)pos, struct page, mapping);
-		lock_page(page);
-+		if (!trylock_page(page))
-+			goto next;
- 		/* split_huge_page() removes page from list on success */
- 		if (!split_huge_page(page))
- 			split++;
- 		unlock_page(page);
-+next:
- 		put_page(page);
- 	}
- 
@@ -1,92 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Mon, 9 Apr 2018 14:56:29 +0200
-Subject: [PATCH] net: fix deadlock while clearing neighbor proxy table
-
-When coming from ndisc_netdev_event() in net/ipv6/ndisc.c,
-neigh_ifdown() is called with &nd_tbl, locking this while
-clearing the proxy neighbor entries when eg. deleting an
-interface. Calling the table's pndisc_destructor() with the
-lock still held, however, can cause a deadlock: When a
-multicast listener is available an IGMP packet of type
-ICMPV6_MGM_REDUCTION may be sent out. When reaching
-ip6_finish_output2(), if no neighbor entry for the target
-address is found, __neigh_create() is called with &nd_tbl,
-which it'll want to lock.
-
-Move the elements into their own list, then unlock the table
-and perform the destruction.
-
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199289
-Fixes: 6fd6ce2056de ("ipv6: Do not depend on rt->n in ip6_finish_output2().")
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
- net/core/neighbour.c | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index d0713627deb6..3b495739bf65 100644
--- a/net/core/neighbour.c
-+++ b/net/core/neighbour.c
-@@ -55,7 +55,8 @@ static void neigh_timer_handler(unsigned long arg);
- static void __neigh_notify(struct neighbour *n, int type, int flags,
- 			   u32 pid);
- static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
-static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev);
-+static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
-+				    struct net_device *dev);
- 
- #ifdef CONFIG_PROC_FS
- static const struct file_operations neigh_stat_seq_fops;
-@@ -291,8 +292,7 @@ int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
- {
- 	write_lock_bh(&tbl->lock);
- 	neigh_flush_dev(tbl, dev);
-	pneigh_ifdown(tbl, dev);
-	write_unlock_bh(&tbl->lock);
-+	pneigh_ifdown_and_unlock(tbl, dev);
- 
- 	del_timer_sync(&tbl->proxy_timer);
- 	pneigh_queue_purge(&tbl->proxy_queue);
-@@ -681,9 +681,10 @@ int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
- 	return -ENOENT;
- }
- 
-static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
-+static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
-+				    struct net_device *dev)
- {
-	struct pneigh_entry *n, **np;
-+	struct pneigh_entry *n, **np, *freelist = NULL;
- 	u32 h;
- 
- 	for (h = 0; h <= PNEIGH_HASHMASK; h++) {
-@@ -691,16 +692,23 @@ static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
- 		while ((n = *np) != NULL) {
- 			if (!dev || n->dev == dev) {
- 				*np = n->next;
-				if (tbl->pdestructor)
-					tbl->pdestructor(n);
-				if (n->dev)
-					dev_put(n->dev);
-				kfree(n);
-+				n->next = freelist;
-+				freelist = n;
- 				continue;
- 			}
- 			np = &n->next;
- 		}
- 	}
-+	write_unlock_bh(&tbl->lock);
-+	while ((n = freelist)) {
-+		freelist = n->next;
-+		n->next = NULL;
-+		if (tbl->pdestructor)
-+			tbl->pdestructor(n);
-+		if (n->dev)
-+			dev_put(n->dev);
-+		kfree(n);
-+	}
- 	return -ENOENT;
- }
-