From 6062ca3daad5117392db13f956512df1d2d3edff Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 2 Jun 2016 12:32:23 +0200 Subject: [PATCH] remove stale patches (fixes are upstream now) --- Makefile | 3 - changelog.Debian | 4 ++ infinite-loop-fix.patch | 97 ------------------------------ veth-do-not-modify-ip_summed.patch | 73 ---------------------- 4 files changed, 4 insertions(+), 173 deletions(-) delete mode 100644 infinite-loop-fix.patch delete mode 100644 veth-do-not-modify-ip_summed.patch diff --git a/Makefile b/Makefile index 38ee27c..c7ecd12 100644 --- a/Makefile +++ b/Makefile @@ -207,9 +207,6 @@ ${KERNEL_SRC}/README: ${KERNEL_SRC}.org/README cd ${KERNEL_SRC}; patch -p1 <../fix-idr-header-for-drbd-compilation.patch cd ${KERNEL_SRC}; patch -p1 <../kvm-x86-ignore-ioapic-polarity.patch cd ${KERNEL_SRC}; patch -p1 <../fix-jfs-compile-error.patch - cd ${KERNEL_SRC}; patch -p1 <../infinite-loop-fix.patch - # fix veth checksum errors - cd ${KERNEL_SRC}; patch -p1 <../veth-do-not-modify-ip_summed.patch sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/' touch $@ diff --git a/changelog.Debian b/changelog.Debian index a62645c..59ee5ad 100644 --- a/changelog.Debian +++ b/changelog.Debian @@ -4,6 +4,10 @@ pve-kernel-2.6.32 (2.6.32-175) unstable; urgency=low * bump kernel API to 46-pve + * remove infinite-loop-fix.patch (upstream) + + * remove veth-do-not-modify-ip_summed.patch (upstream) + -- Proxmox Support Team Thu, 02 Jun 2016 11:49:32 +0200 pve-kernel-2.6.32 (2.6.32-174) unstable; urgency=low diff --git a/infinite-loop-fix.patch b/infinite-loop-fix.patch deleted file mode 100644 index cdef6b8..0000000 --- a/infinite-loop-fix.patch +++ /dev/null @@ -1,97 +0,0 @@ -commit 54a20552e1eae07aa240fa370a0293e006b5faed -Author: Eric Northup -Date: Tue Nov 3 18:03:53 2015 +0100 - - KVM: x86: work around infinite loop in microcode when #AC is delivered - - It was found that a guest can DoS a host by triggering an infinite - stream of "alignment check" (#AC) exceptions. This causes the - microcode to enter an infinite loop where the core never receives - another interrupt. The host kernel panics pretty quickly due to the - effects (CVE-2015-5307). - - Signed-off-by: Eric Northup - Cc: stable@vger.kernel.org - Signed-off-by: Paolo Bonzini - -diff --git a/arch/x86/include/asm/kvm.h b/arch/x86/include/asm/kvm.h ---- a/arch/x86/include/asm/kvm.h -+++ b/arch/x86/include/asm/kvm.h -@@ -23,6 +23,7 @@ - #define GP_VECTOR 13 - #define PF_VECTOR 14 - #define MF_VECTOR 16 -+#define AC_VECTOR 17 - #define MC_VECTOR 18 - - /* Select x86 specific features in */ -diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h -index b5d7640..8a4add8 100644 ---- a/arch/x86/include/asm/svm.h -+++ b/arch/x86/include/asm/svm.h -@@ -100,6 +100,7 @@ - { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \ - { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \ - { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \ -+ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \ - { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \ - { SVM_EXIT_INTR, "interrupt" }, \ - { SVM_EXIT_NMI, "nmi" }, \ -diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index f2ba919..1839264 100644 ---- a/arch/x86/kvm/svm.c -+++ b/arch/x86/kvm/svm.c -@@ -1019,7 +1019,8 @@ static void init_vmcb(struct vcpu_svm *svm) - - control->intercept_exceptions = (1 << PF_VECTOR) | - (1 << UD_VECTOR) | -- (1 << MC_VECTOR); -+ (1 << MC_VECTOR) | -+ (1 << AC_VECTOR); - - control->intercept = (1ULL << INTERCEPT_INTR) | - (1ULL << INTERCEPT_NMI) | -@@ -1707,6 +1708,12 @@ static int ud_interception(struct vcpu_svm *svm) - return 1; - } - -+static int ac_interception(struct vcpu_svm *svm) -+{ -+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0); -+ return 1; -+} -+ - static int nm_interception(struct vcpu_svm *svm) - { - svm->vmcb->control.intercept_exceptions &= ~(1 << NM_VECTOR); -@@ -3270,6 +3277,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { - [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception, - [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception, - [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception, -+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception, - [SVM_EXIT_INTR] = intr_interception, - [SVM_EXIT_NMI] = nmi_interception, - [SVM_EXIT_SMI] = nop_on_interception, -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index b765b03..89aaedd 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -1639,7 +1639,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu) - u32 eb; - - eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) -- | (1u << NM_VECTOR); -+ | (1u << NM_VECTOR) | (1u << AC_VECTOR); - /* - * Unconditionally intercept #DB so we can maintain dr6 without - * reading it every exit. -@@ -5261,6 +5261,9 @@ static int handle_exception(struct kvm_vcpu *vcpu) - return handle_rmode_exception(vcpu, ex_no, error_code); - - switch (ex_no) { -+ case AC_VECTOR: -+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); -+ return 1; - case DB_VECTOR: - dr6 = vmcs_readl(EXIT_QUALIFICATION); - if (!(vcpu->guest_debug & diff --git a/veth-do-not-modify-ip_summed.patch b/veth-do-not-modify-ip_summed.patch deleted file mode 100644 index adf67df..0000000 --- a/veth-do-not-modify-ip_summed.patch +++ /dev/null @@ -1,73 +0,0 @@ -From ce8c839b74e3017996fad4e1b7ba2e2625ede82f Mon Sep 17 00:00:00 2001 -From: Vijay Pandurangan -Date: Fri, 18 Dec 2015 14:34:59 -0500 -Subject: =?UTF-8?q?veth:=20don=E2=80=99t=20modify=20ip=5Fsummed;=20doing?= - =?UTF-8?q?=20so=20treats=20packets=20with=20bad=20checksums=20as=20good.?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Packets that arrive from real hardware devices have ip_summed == -CHECKSUM_UNNECESSARY if the hardware verified the checksums, or -CHECKSUM_NONE if the packet is bad or it was unable to verify it. The -current version of veth will replace CHECKSUM_NONE with -CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to -a veth device to be delivered to the application. This caused applications -at Twitter to receive corrupt data when network hardware was corrupting -packets. - -We believe this was added as an optimization to skip computing and -verifying checksums for communication between containers. However, locally -generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as -written does nothing for them. As far as we can tell, after removing this -code, these packets are transmitted from one stack to another unmodified -(tcpdump shows invalid checksums on both sides, as expected), and they are -delivered correctly to applications. We didn’t test every possible network -configuration, but we tried a few common ones such as bridging containers, -using NAT between the host and a container, and routing from hardware -devices to containers. We have effectively deployed this in production at -Twitter (by disabling RX checksum offloading on veth devices). - -This code dates back to the first version of the driver, commit - ("[NET]: Virtual ethernet device driver"), so I -suspect this bug occurred mostly because the driver API has evolved -significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix -packet checksumming") (in December 2010) fixed this for packets that get -created locally and sent to hardware devices, by not changing -CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming -in from hardware devices. - -Co-authored-by: Evan Jones -Signed-off-by: Evan Jones -Cc: Nicolas Dichtel -Cc: Phil Sutter -Cc: Toshiaki Makita -Cc: netdev@vger.kernel.org -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Vijay Pandurangan -Acked-by: Cong Wang -Signed-off-by: David S. Miller ---- - drivers/net/veth.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/drivers/net/veth.c b/drivers/net/veth.c -index 0ef4a5a..ba21d07 100644 ---- a/drivers/net/veth.c -+++ b/drivers/net/veth.c -@@ -117,12 +117,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev) - kfree_skb(skb); - goto drop; - } -- /* don't change ip_summed == CHECKSUM_PARTIAL, as that -- * will cause bad checksum on forwarded packets -- */ -- if (skb->ip_summed == CHECKSUM_NONE && -- rcv->features & NETIF_F_RXCSUM) -- skb->ip_summed = CHECKSUM_UNNECESSARY; - - if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) { - struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats); --- -cgit v0.12 - -- 2.39.5