Commit Graph

100 Commits

Author SHA1 Message Date
Thomas Lamprecht
7284a6db39 rebase patches on top of Ubuntu-5.3.0-29.31
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-24 09:48:43 +01:00
Thomas Lamprecht
34fce89fd4 fix #2549: backport: drm/i915: Avoid HPD poll detect triggering a new detect cycle
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-23 13:04:17 +01:00
Stefan Reiter
9538cc28e9 Add MCE patch for Threadripper 3000 series compatibility
A forum user reported that our kernel does not boot on Threadripper 3000
series CPUs, unless 'mce=off' is provided on the kernel commandline. [0]

This is a known issue, which has been fixed in mainline kernels and
backported to 5.4, 4.19 and 4.14 [1]. It is not, however, included in
5.3, nor in the Ubuntu builds. [2]

This patch is the original one posted for 5.5, which is the same as the
one ported to 5.4. It also applies cleanly to 5.3, and should work the
same, seeing as the backports to older versions do not have functional
changes either.

[0] https://forum.proxmox.com/threads/bug-pve-wont-boot-properly.63432/
[1] https://patchwork.kernel.org/project/linux-edac/list/?q=Allow+Reserved+types+to+be+overwritten+in+smca_banks
[2] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/log/?qt=grep&q=Allow+Reserved+types+to+be+overwritten+in+smca_banks

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2020-01-15 15:26:11 +01:00
Thomas Lamprecht
6985f5cc9e rebase patches on top of Ubuntu-5.3.0-25.27
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-05 07:16:43 +01:00
Thomas Lamprecht
8d0ce71c45 rebase patches on top of Ubuntu-5.3.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-14 10:42:02 +01:00
Thomas Lamprecht
a7939a9abe rebase patches on top of Ubuntu-5.3.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-23 18:58:29 +02:00
Thomas Lamprecht
225abd65e1 remove unused patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-02 17:04:35 +02:00
Thomas Lamprecht
ba68212d64 rebase patches for eoan
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-01 18:57:02 +02:00
Thomas Lamprecht
0570f90d28 backport new FPU register copy helpers
This allows us to fix the ZFS SIMD patch for 5.0 kernel way easier.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-09-27 14:43:41 +02:00
Thomas Lamprecht
b671e62ef8 rebase patches on top of Ubuntu-5.0.0-28.30
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-09-05 10:26:04 +02:00
Thomas Lamprecht
b9200da0c5 backport vhost_net: disable zerocopy by default
It seems to make general problems[0], and upstream changed the
default back to 0 again[1] (was enabled long ago, ca. 2012).

[0]: https://pve.proxmox.com/pipermail/pve-devel/2019-August/038571.html
[1]: https://git.kernel.org/torvalds/c/098eadce3c622c07b328d0a43dda379b38cf7c5e

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-08-21 09:50:11 +02:00
Thomas Lamprecht
118616fd5f rebase patches on top of Ubuntu-5.0.0-26.27
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-08-20 17:13:36 +02:00
Thomas Lamprecht
f4beb2f868 rebase patches on top of Ubuntu-5.0.0-22.23
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-24 08:12:25 +02:00
Thomas Lamprecht
225d38f866 backport: rbd: don't assert on writes to snapshots
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-24 08:11:49 +02:00
Thomas Lamprecht
ff93581f3f rebase patches on top of Ubuntu-5.0.0-18.19
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-18 07:28:40 +02:00
Thomas Lamprecht
6ac09c547c revert KVM nested param back to off as default, for now
Else everyone booting the 5.0 based kernel will have nesting
activated by default[0], and this break live migration for all VMs
with CPU type host, even if they do not host KVM (nested) guests
themself and never made a VMX call, at least with newer QEMU versions
>= 3.1 [1]

While the kernel now may had good reasons to change the default to
true for this[0], i.e., it can now handle nested guest migrations in
a nice and sane way, the user space side of this in QEMU is not yet
ready, and may only become so with or even after 4.1.

After we have a working qemu which can also live migrate arbitrary
nested guest we may well enable this as default, but until then it
brings just pain but no advantage.

So let's protect people which did not manually enabled nesting for
a live-migration breakage. All those who enabled nesting manually
them self knew that it was still experimental and thus will have to
live with their decision and have a live migration breakage (for
those VMs with CPU type 'host')

[0]: https://git.kernel.org/torvalds/c/1e58e5e59148916fa43444a406335a990783fb78
[1]: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=d98f26073bebddcd3da0ba1b86c3a34e840c0fb8

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-08 20:12:35 +02:00
Thomas Lamprecht
ff71f8b949 update patches for 5.0.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 14:11:57 +02:00
Thomas Lamprecht
a599f53da3 rebase patches on top of Ubuntu-4.15.0-50.54
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:55:36 +02:00
Thomas Lamprecht
81801c5658 update patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 12:10:08 +02:00
Thomas Lamprecht
8713734e79 fix #2008: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
clean backport from kernel mainline commit
0e1b869fff60c81b510c2d00602d778f8f59dd9a  [0]

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e1b869fff60c81b510c2d00602d778f8f59dd9a

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-16 17:48:59 +02:00
Thomas Lamprecht
2de599de08 rebase patches on top of Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:18:45 +02:00
Thomas Lamprecht
89d8eaee98 rebase patches on top of Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
4e6465dfa5 backport fixes for multiple KVM vulnerabilities
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 14:51:28 +01:00
Thomas Lamprecht
cf6ea5cf34 backport: net: crypto set sk to NULL when af_alg_release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-21 14:39:03 +01:00
David Limbeck
c774433e2a add patch to fix ipset memory exhaustion
Add a patch from upstream until it is fixed in the Ubuntu 4.15 kernel.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
2019-02-20 15:43:31 +01:00
Thomas Lamprecht
91b336e761 backport i40e fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:42:55 +01:00
Thomas Lamprecht
322691b072 rebase patches on top of Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:41:14 +01:00
Thomas Lamprecht
835a39ebaa add fix for possible NULL pointer dereference in net/ipip
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:10:33 +01:00
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
0c12c00b3a rebase patches on top of Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
dbb1ed6d87 backport: block: fix silent corruption in Linux kernel 4.15
reproducer: https://www.spinics.net/lists/linux-block/msg28507.html
ubuntu bugreport: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1796542

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:22:27 +02:00
Thomas Lamprecht
9de43ded7a rebase patches on top of Ubuntu-4.15.0-35.38
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-09-17 11:46:13 +02:00
Thomas Lamprecht
16fb26e70c backport protection against userspace-userspace spectreRSB
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
72d7b7039d rebase patches on top of Ubuntu-4.15.0-34.37
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-28 12:00:57 +02:00
Thomas Lamprecht
9464be5351 rebase patches on top of Ubuntu-4.15.0-33.36
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 10:30:36 +02:00
Stoiko Ivanov
61721594cf add patch for hpsa, preventing clean reboots
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Stoiko Ivanov
2d13a2bdc2 add patch for CVE-2018-1118
The commit is already on bionic/master-next (first commit after the
latest tag on master-next)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-22 13:01:23 +02:00
Alexandre Derumier
49b6d16422 vrf patches
This fix
https://github.com/FRRouting/frr/issues/2460

we can remove the workaround net.ipv4.tcp_l3mdev_accept=1 with this patches.
2018-08-21 09:10:33 +02:00
Stoiko Ivanov
e2af2a6161 rebase patches on top of Ubuntu-4.15.0-32.35
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:43 +02:00
Stoiko Ivanov
72f9fd46cc add SGID non-directory fix
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792 add apparmor socket mediation fix
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336 rebase patches on top of Ubuntu-4.15.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e add KVM L1 guest escape - CVE-2018-12904 patch
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
e8834e95a2 igb: ensure setting MTU sets also max_frame_size
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
d3722c5c8a backport SUN NICs fix for OVS use
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
515973635b renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.

[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377 rebase patches on top of Ubuntu-4.15.0-22.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00