cd ${KERNEL_SRC}; patch -p1 < ../CVE-2016-4485-net-fix-infoleak-in-llc.patch
cd ${KERNEL_SRC}; patch -p1 < ../CVE-2016-4486-net-fix-infoleak-in-rtnetlink.patch
cd ${KERNEL_SRC}; patch -p1 < ../CVE-2016-4558-bpf-fix-refcnt-overflow.patch
+ cd ${KERNEL_SRC}; patch -p1 < ../kvm-dynamic-halt-polling-disable-default.patch
sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
touch $@
* Fix CVE-2016-4485, CVE-2016-4486, CVE-2016-4558
+ * By default disable the new dynamic halt polling behavior
+
-- Proxmox Support Team <support@proxmox.com> Thu, 12 May 2016 09:20:02 +0200
pve-kernel (4.4.8-49) unstable; urgency=medium
--- /dev/null
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+--- a/virt/kvm/kvm_main.c 2016-05-12 10:39:37.540387127 +0200
++++ b/virt/kvm/kvm_main.c 2016-05-04 10:43:38.063996221 +0200
+@@ -71,7 +71,7 @@ static unsigned int halt_poll_ns = KVM_H
+ module_param(halt_poll_ns, uint, S_IRUGO | S_IWUSR);
+
+ /* Default doubles per-vcpu halt_poll_ns. */
+-static unsigned int halt_poll_ns_grow = 2;
++static unsigned int halt_poll_ns_grow = 0;
+ module_param(halt_poll_ns_grow, int, S_IRUGO);
+
+ /* Default resets per-vcpu halt_poll_ns . */