Commit graph

412 commits

Author SHA1 Message Date
Thomas Lamprecht
6f58e3c81d update sources to Ubuntu-4.15.0-50.54
It mainly comes with some mitigation for MDS[1][3][4][5], for best
result a microupdate of the CPU is required, else the kernel falls
back to some "best effort mitigation", trying to clear the CPU
buffers on kernel/userspace, hypervisor/guest and C-state (idle)
transitions.

With this applied you will have a new file in sysfs to get the
mitigation state of the server regarding MDS:
 $ cat /sys/devices/system/cpu/vulnerabilities/mds

Microcode updates should come available in stretch with
3.20190514.1~deb9u1 [2] version currently only tagged[2], but not yet
released.

[1]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-strategy
[2]: https://salsa.debian.org/hmh/intel-microcode/commits/debian/3.20190514.1_deb9u1
[3]: https://mdsattacks.com/
[4]: https://cpu.fail/
[5]: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-15 08:54:30 +02:00
Thomas Lamprecht
e560b66842 update ABI file for 4.15.18-14-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 14:07:31 +02:00
Thomas Lamprecht
8ba6ec4ad4 bump version to 4.15.18-38
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 13:52:32 +02:00
Thomas Lamprecht
075873666c update submodule to Ubuntu-4.15.0-49.53
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 13:52:32 +02:00
Thomas Lamprecht
81801c5658 update patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-30 12:10:08 +02:00
Thomas Lamprecht
8713734e79 fix #2008: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
clean backport from kernel mainline commit
0e1b869fff60c81b510c2d00602d778f8f59dd9a  [0]

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e1b869fff60c81b510c2d00602d778f8f59dd9a

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-16 17:48:59 +02:00
Thomas Lamprecht
1e7994545c update ABI file for 4.15.18-13-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 22:00:24 +02:00
Thomas Lamprecht
90eff7b943 bump version to 4.15.18-37
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 22:00:24 +02:00
Thomas Lamprecht
2b3306dee4 update ABI file for 4.15.18-12-pve
Late followup for commit 61f33dc8f2
bump version to 4.15.18-35
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 21:59:02 +02:00
Thomas Lamprecht
a4ea6fb33c bump version to 4.15.18-36
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-11 13:06:49 +02:00
Thomas Lamprecht
2de599de08 rebase patches on top of Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:18:45 +02:00
Thomas Lamprecht
4cb71ccc3b update sources to Ubuntu-4.15.0-48.51
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-05 07:17:43 +02:00
Thomas Lamprecht
61f33dc8f2 bump version to 4.15.18-35
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 08:40:24 +01:00
Thomas Lamprecht
89d8eaee98 rebase patches on top of Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
c19df7fe61 update sources to Ubuntu-4.15.0-47.50
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 07:25:59 +01:00
Thomas Lamprecht
67bef33bd4 update zfsonlinux to 0.7.13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-08 06:57:18 +01:00
Fabian Grünbichler
62307a081a ZFS/SPL: rework submodule and build
to follow changes made to our zfsonlinux repository.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-02-27 15:38:52 +01:00
Thomas Lamprecht
9bd09ca97a bump version to 4.15.18-34
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 15:31:07 +01:00
Thomas Lamprecht
4e6465dfa5 backport fixes for multiple KVM vulnerabilities
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 14:51:28 +01:00
Thomas Lamprecht
cf6ea5cf34 backport: net: crypto set sk to NULL when af_alg_release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-21 14:39:03 +01:00
David Limbeck
c774433e2a add patch to fix ipset memory exhaustion
Add a patch from upstream until it is fixed in the Ubuntu 4.15 kernel.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
2019-02-20 15:43:31 +01:00
Thomas Lamprecht
3ec7f4d1ea add *.prepared to .gitignore
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:29 +01:00
Thomas Lamprecht
7c03f8fe85 update ABI file for 4.15.18-11-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:04 +01:00
Thomas Lamprecht
c47b16cb68 bump version to 4.15.18-33
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:04 +01:00
Thomas Lamprecht
91b336e761 backport i40e fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:42:55 +01:00
Thomas Lamprecht
322691b072 rebase patches on top of Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:41:14 +01:00
Thomas Lamprecht
a7aea31f47 update sources to Ubuntu-4.15.0-46.49
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:07:36 +01:00
Thomas Lamprecht
4adf30b011 bump version to 4.15.18-32
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:11:14 +01:00
Thomas Lamprecht
835a39ebaa add fix for possible NULL pointer dereference in net/ipip
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:10:33 +01:00
Thomas Lamprecht
f4922eba0c update ABI file for 4.15.18-10-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 14:51:46 +01:00
Thomas Lamprecht
da7def12fd bump version to 4.15.18-31
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 14:00:25 +01:00
Thomas Lamprecht
4618decfe0 update ACS capabillities patch context
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
05c4f2217f drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Thomas Lamprecht
99413e5a07 Update sources to Ubuntu-4.15.0-44.47
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 13:59:17 +01:00
Stoiko Ivanov
3db86f1084 bump version to 4.15.18-30
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-15 13:33:28 +01:00
Stoiko Ivanov
5e543c74cf update ZFS on Linux to 0.7.12 2018-11-14 18:33:19 +01:00
Stoiko Ivanov
47f3b8990f Add 3 Patches addressing security issues
* CVE-2018-18955 (https://launchpad.net/bugs/1801924) is addressed by
  0009-userns-also-map-extents-in-the-reverse-map-to-kernel.patch
* https://launchpad.net/bugs/1789161 is addressed by the other 2 patches. (see
  the link for a reproducer)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-11-14 18:29:55 +01:00
Thomas Lamprecht
64e7e7daff update ABI file for 4.15.18-9-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 16:02:59 +01:00
Thomas Lamprecht
89a09f9102 bump version to 4.15.18-29
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 16:01:40 +01:00
Thomas Lamprecht
9aa2d28ebb rebase patches on top of Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
c7bb6c514f update sources to Ubuntu-4.15.0-40.43
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 13:33:04 +01:00
Thomas Lamprecht
645ef9e161 bump version to 4.15.18-28
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:28:06 +01:00
Thomas Lamprecht
84fe105196 update ABI file for 4.15.18-8-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:28:06 +01:00
Thomas Lamprecht
d7571cfde0 update ABI and firmware
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:27:22 +01:00
Thomas Lamprecht
63b112e6a7 update ZFS on Linux
Fix #1957
* This patchset mainly addresses a race in ZFS, reported by a user [0].
* While adding this patch, I also updated the submodules to the latest
  versions, and dropped the patches we kept for 0.7.10 and 0.7.11
* Two other issues [1,2] are addressed, where 1 (a performance improvement)
  was a straight-forward cherry-pick and the other (a deadlock fix) needed
  minor backporting (mostly related to the SPL and ZFS repository merge with
  0.8)

[0] https://github.com/zfsonlinux/zfs/pull/8005
[1] https://github.com/zfsonlinux/zfs/pull/8011
[2] https://github.com/zfsonlinux/zfs/pull/7939

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:27:22 +01:00
Thomas Lamprecht
0c12c00b3a rebase patches on top of Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
d032d8b224 update sources to Ubuntu-4.15.0-39.42
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-25 11:48:58 +02:00
Thomas Lamprecht
fd921db9eb README: document different behaviour of submodule vs. clone
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-24 13:09:41 +02:00
Fabian Grünbichler
03f37cb2bb d/control: update build-depends
with the help of "dpkg-checkdep" to mimic the current build-environment

asciidoc-base: used by perf man pages
automake: used by ZFS/SPL (among other things)
cpio: used in debian/rules
debhelper: used in debian/rules
kmod: used in debian/rules (depmod)
libdw-dev,libelf-dev: used for unwinder
libnuma-dev: used by perf
libslang2-dev: used by perf tui
python-minimal: used by perf
zlib1g-dev: used by perf

thank you Thomas for additional review and extensive discussions
regarding what to include (or not ;))!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-12 10:41:58 +02:00
Thomas Lamprecht
b8885eda75 bump version to 4.15.18-27
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:23:25 +02:00