Commit graph

58 commits

Author SHA1 Message Date
Stoiko Ivanov
72f9fd46cc add SGID non-directory fix
fixes CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:08:54 +02:00
Wolfgang Bumiller
cd0e07c792 add apparmor socket mediation fix
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-30 11:47:20 +02:00
Thomas Lamprecht
c0514fa336 rebase patches on top of Ubuntu-4.15.0-24.26
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 11:50:41 +02:00
Thomas Lamprecht
2dc5b5fe0e add KVM L1 guest escape - CVE-2018-12904 patch
see: http://www.openwall.com/lists/oss-security/2018/06/27/7
2018-06-27 17:17:27 +02:00
Thomas Lamprecht
e8834e95a2 igb: ensure setting MTU sets also max_frame_size
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
d3722c5c8a backport SUN NICs fix for OVS use
See: https://pve.proxmox.com/pipermail/pve-user/2018-June/169567.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
515973635b renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.

[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
e4087db377 rebase patches on top of Ubuntu-4.15.0-22.24
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-23 11:46:22 +02:00
Thomas Lamprecht
c3592848d1 rebase patches on top of Ubuntu-4.15.0-20.21
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-03 08:16:40 +02:00
Wolfgang Bumiller
1e12ef0dcc fix #1737: merge: net: fix deadlock while clearing neighbor proxy table
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-25 14:28:43 +02:00
Fabian Grünbichler
927081a949 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
2068d368d7 revert broken kernel Makefile modification
see [1] for upstream report

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1758856/comments/1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
a214614ea9 rebase patches on top of Ubuntu-4.15.0-14.15
and drop those applied upstream

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
b25749a58c fix #1633: potential deadlock with shmem
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-28 15:17:19 +02:00
Fabian Grünbichler
8e89f13c59 fix #1633: potential deadlock with THPs
see https://marc.info/?l=linux-mm&m=151683828707588

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-27 16:02:05 +02:00
Fabian Grünbichler
ecef40a218 rebase patches
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
15baf5b4c2 rebase patches
and drop those applied in 4.14/4.15
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
55f9bfa990 update ACS override patch for 4.15
based on https://aur.archlinux.org/linux-vfio.git
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
3323a8b78c add cherry-picks for OCFS2 bug
see https://forum.proxmox.com/threads/ocfs2-kernel-bug.39163/
2018-03-09 11:57:49 +01:00
Fabian Grünbichler
863ccb9670 add cherry-pick for NFS in network namespaces 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
38c79e8118 fix refcnt leaks with net namespaces
see https://github.com/lxc/lxc/issues/2141 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/
2018-02-21 09:18:49 +01:00
Fabian Grünbichler
a4b1a797a0 warn when non-RETPOLINED module gets loaded 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
ef812b062d cherry-pick sched-wait bug fix
(included in 4.15 and queued for 4.14)
2018-02-14 12:14:12 +01:00
Fabian Grünbichler
d320e5b2c3 cherry-pick scsi lpfc HBA bug fix
see https://forum.proxmox.com/threads/proxmox-5-1-lpfc-hba-emulex-lpe12000-error.39179/
2018-02-13 12:41:35 +01:00
Fabian Grünbichler
3adc532101 rebase patches 2018-02-13 12:41:35 +01:00
Fabian Grünbichler
1da60899e3 add EDAC cherry-picks 2018-01-29 15:00:40 +01:00
Fabian Grünbichler
a70918fbbc restructure patches
rebase on Ubuntu-4.13.0-32.35

the effective kernel tree which gets compiled after patches have been
applied is functionally identical (modulo parts for architectures which
we don't care about and Ubuntu build files)
2018-01-29 14:22:56 +01:00
Fabian Grünbichler
81f370d513 fix syscall retpoline 2018-01-26 10:46:25 +01:00
Fabian Grünbichler
a0f7ab8a6a fix #1622: i40e memory leak
cherry-pick from upstream 4.14
2018-01-19 12:43:16 +01:00
Fabian Grünbichler
f90505f3a2 add tc fixes 2018-01-19 12:27:49 +01:00
Fabian Grünbichler
035dbe6708 KPTI/Spectre: add more fixes
* initial IBRS/IBPB/SPEC_CTRL support
* regression fixes for KPTI
* additional hardening against Spectre

based on Ubuntu-4.13.0-29.32 and mainline 4.14
2018-01-15 12:34:50 +01:00
Fabian Grünbichler
59d5af6732 build: reformat existing patches
drop numbers and commit hashes from patch metadata to reduce future
patch churn
2018-01-15 12:26:15 +01:00
Fabian Grünbichler
633c5ed17f revert buggy SCSI error handler commit
this causes kernel OOPS and upstream is unresponsive about it.

see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1726519
2018-01-08 11:51:24 +01:00
Fabian Grünbichler
76ec7e5931 update Spectre KVM PoC fix for AMD 2018-01-08 10:58:23 +01:00
Fabian Grünbichler
04f3b8beca KPTI: disable on AMD
and allow loading of microcode on recent AMD systems in preparation of
further Spectre fixes
2018-01-08 10:25:31 +01:00
Fabian Grünbichler
e4cdf2a53e KPTI: add follow-up fixes 2018-01-08 10:25:09 +01:00
Fabian Grünbichler
b378f209dd add objtool build fix 2018-01-07 13:18:22 +01:00
Fabian Grünbichler
7c7389df50 add Spectre PoC fix
picked from https://patchwork.kernel.org/patch/10147679/
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
321d628a98 add KPTI and related patches
picked from Ubuntu-4.13.0-23.26
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
19894df472 reorder patches
numbering got messed up in the previous upload
2018-01-06 15:15:39 +01:00
Fabian Grünbichler
9e94988ca1 fix #1537: cherry-pick AMD NPT / IOMMU fix 2018-01-02 10:01:56 +01:00
Fabian Grünbichler
6eb123031d revert igb to 5.3.5.10
because 5.3.5.12 broke JUMBO_FRAMES (again)
2017-12-05 13:05:16 +01:00
Fabian Grünbichler
b42b4a1b96 cherry-pick KVM fix for old CPUs 2017-12-04 09:36:58 +01:00
Fabian Grünbichler
905722fbce cherry-pick / backport IB fixes
see https://forum.proxmox.com/threads/pve-5-1-and-infiniband-issues.37575/
2017-12-04 09:36:19 +01:00
Fabian Grünbichler
ddad99c986 cherry-pick vhost perf regression and mem-leak fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
9a9f6e04a7 cherry-pick final KVM BSOD fix 2017-12-04 09:27:58 +01:00
Fabian Grünbichler
777ee9fe67 revert mmu changes causing bluescreens 2017-11-29 09:48:40 +01:00
Fabian Grünbichler
25c35b26a1 update intel drivers to latest upstream releases 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
d060c84f4d drop patches applied upstream 2017-11-17 11:59:22 +01:00
Fabian Grünbichler
0e3176e76f fix CVE-2017-12188: nested KVM stack overflow 2017-10-13 11:33:03 +02:00