From: Thomas Lamprecht Date: Wed, 4 Jul 2018 09:50:41 +0000 (+0200) Subject: rebase patches on top of Ubuntu-4.15.0-24.26 X-Git-Url: https://git.proxmox.com/?p=pve-kernel.git;a=commitdiff_plain;h=c0514fa336bd49d68fd6b2682bf0b6b755c0687c rebase patches on top of Ubuntu-4.15.0-24.26 (generated with debian/scripts/import-upstream-tag) Signed-off-by: Thomas Lamprecht --- diff --git a/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch b/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch index acd4b3f..bb4ad13 100644 --- a/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch +++ b/patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch @@ -41,6 +41,3 @@ index 87f1fc9801d7..4ef868f1f244 100755 fi if test -z "$KBUILD_BUILD_USER"; then LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/') --- -2.14.2 - diff --git a/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch b/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch index 658c3f1..74710aa 100644 --- a/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch +++ b/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch @@ -33,6 +33,3 @@ index 808e2b914015..b0ad54384826 100644 } if (ether_addr_equal(br->bridge_id.addr, addr)) --- -2.14.2 - diff --git a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index affa6a1..483ac38 100644 --- a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -74,7 +74,7 @@ index c14cccce6272..b3aa6fcfe035 100644 Safety option to keep boot IRQs enabled. This should never be necessary. diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 451fd28f1855..a928bd86e102 100644 +index 26b3ed731208..d66c874a7a6e 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -3702,6 +3702,106 @@ static int __init pci_apply_final_quirks(void) @@ -184,7 +184,7 @@ index 451fd28f1855..a928bd86e102 100644 /* * Following are device-specific reset methods which can be used to * reset a single function if other methods (e.g. FLR, PM D0->D3) are -@@ -4536,6 +4636,7 @@ static const struct pci_dev_acs_enabled { +@@ -4538,6 +4638,7 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs }, /* APM X-Gene */ { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, @@ -192,6 +192,3 @@ index 451fd28f1855..a928bd86e102 100644 { 0 } }; --- -2.14.2 - diff --git a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch index adf9ef7..74fc4fb 100644 --- a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -12,7 +12,7 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index e536977e7b6d..4c63296eb5a8 100644 +index 234d03abcb75..2e7d3aee779d 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -77,7 +77,7 @@ module_param(halt_poll_ns, uint, 0644); @@ -24,6 +24,3 @@ index e536977e7b6d..4c63296eb5a8 100644 module_param(halt_poll_ns_grow, uint, 0644); EXPORT_SYMBOL_GPL(halt_poll_ns_grow); --- -2.14.2 - diff --git a/patches/kernel/0005-ocfs2-make-metadata-estimation-accurate-and-clear.patch b/patches/kernel/0005-ocfs2-make-metadata-estimation-accurate-and-clear.patch index 60e1f42..576e42d 100644 --- a/patches/kernel/0005-ocfs2-make-metadata-estimation-accurate-and-clear.patch +++ b/patches/kernel/0005-ocfs2-make-metadata-estimation-accurate-and-clear.patch @@ -56,6 +56,3 @@ index d1516327b787..256986aca8df 100644 } ret = ocfs2_write_end_nolock(inode->i_mapping, pos, len, len, wc); --- -2.14.2 - diff --git a/patches/kernel/0006-ocfs2-try-to-reuse-extent-block-in-dealloc-without-m.patch b/patches/kernel/0006-ocfs2-try-to-reuse-extent-block-in-dealloc-without-m.patch index cdd7cf9..1fa2f95 100644 --- a/patches/kernel/0006-ocfs2-try-to-reuse-extent-block-in-dealloc-without-m.patch +++ b/patches/kernel/0006-ocfs2-try-to-reuse-extent-block-in-dealloc-without-m.patch @@ -365,6 +365,3 @@ index 256986aca8df..e8e205bf2e41 100644 ret = ocfs2_lock_allocators(inode, &et, 0, dwc->dw_zero_count*2, &data_ac, &meta_ac); if (ret) { --- -2.14.2 - diff --git a/patches/kernel/0007-Revert-UBUNTU-Packaging-retpoline-add-safe-usage-hin.patch b/patches/kernel/0007-Revert-UBUNTU-Packaging-retpoline-add-safe-usage-hin.patch index 0fdf812..2aabb41 100644 --- a/patches/kernel/0007-Revert-UBUNTU-Packaging-retpoline-add-safe-usage-hin.patch +++ b/patches/kernel/0007-Revert-UBUNTU-Packaging-retpoline-add-safe-usage-hin.patch @@ -51,6 +51,3 @@ index e79e11fbd22c..36247e983f4b 100644 endef # List module undefined symbols (or empty line if not enabled) --- -2.14.2 - diff --git a/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch b/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch new file mode 100644 index 0000000..e5a2727 --- /dev/null +++ b/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Rob Taglang +Date: Thu, 3 May 2018 17:13:06 -0400 +Subject: [PATCH] net: ethernet: sun: niu set correct packet size in skb + +Currently, skb->len and skb->data_len are set to the page size, not +the packet size. This causes the frame check sequence to not be +located at the "end" of the packet resulting in ethernet frame check +errors. The driver does work currently, but stricter kernel facing +networking solutions like OpenVSwitch will drop these packets as +invalid. + +These changes set the packet size correctly so that these errors no +longer occur. The length does not include the frame check sequence, so +that subtraction was removed. + +Tested on Oracle/SUN Multithreaded 10-Gigabit Ethernet Network +Controller [108e:abcd] and validated in wireshark. + +Signed-off-by: Rob Taglang +Signed-off-by: David S. Miller +Signed-off-by: Thomas Lamprecht +--- + drivers/net/ethernet/sun/niu.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c +index 06001bacbe0f..64f1b3a3afa8 100644 +--- a/drivers/net/ethernet/sun/niu.c ++++ b/drivers/net/ethernet/sun/niu.c +@@ -3442,7 +3442,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, + + len = (val & RCR_ENTRY_L2_LEN) >> + RCR_ENTRY_L2_LEN_SHIFT; +- len -= ETH_FCS_LEN; ++ append_size = len + ETH_HLEN + ETH_FCS_LEN; + + addr = (val & RCR_ENTRY_PKT_BUF_ADDR) << + RCR_ENTRY_PKT_BUF_ADDR_SHIFT; +@@ -3452,7 +3452,6 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, + RCR_ENTRY_PKTBUFSZ_SHIFT]; + + off = addr & ~PAGE_MASK; +- append_size = rcr_size; + if (num_rcr == 1) { + int ptype; + +@@ -3465,7 +3464,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, + else + skb_checksum_none_assert(skb); + } else if (!(val & RCR_ENTRY_MULTI)) +- append_size = len - skb->len; ++ append_size = append_size - skb->len; + + niu_rx_skb_append(skb, page, off, append_size, rcr_size); + if ((page->index + rp->rbr_block_size) - rcr_size == addr) { diff --git a/patches/kernel/0008-net-fix-deadlock-while-clearing-neighbor-proxy-table.patch b/patches/kernel/0008-net-fix-deadlock-while-clearing-neighbor-proxy-table.patch deleted file mode 100644 index 2c4fee6..0000000 --- a/patches/kernel/0008-net-fix-deadlock-while-clearing-neighbor-proxy-table.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Wolfgang Bumiller -Date: Mon, 9 Apr 2018 14:56:29 +0200 -Subject: [PATCH] net: fix deadlock while clearing neighbor proxy table - -When coming from ndisc_netdev_event() in net/ipv6/ndisc.c, -neigh_ifdown() is called with &nd_tbl, locking this while -clearing the proxy neighbor entries when eg. deleting an -interface. Calling the table's pndisc_destructor() with the -lock still held, however, can cause a deadlock: When a -multicast listener is available an IGMP packet of type -ICMPV6_MGM_REDUCTION may be sent out. When reaching -ip6_finish_output2(), if no neighbor entry for the target -address is found, __neigh_create() is called with &nd_tbl, -which it'll want to lock. - -Move the elements into their own list, then unlock the table -and perform the destruction. - -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199289 -Fixes: 6fd6ce2056de ("ipv6: Do not depend on rt->n in ip6_finish_output2().") -Signed-off-by: Wolfgang Bumiller ---- - net/core/neighbour.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 7f831711b6e0..ff6c491d92ac 100644 ---- a/net/core/neighbour.c -+++ b/net/core/neighbour.c -@@ -55,7 +55,8 @@ static void neigh_timer_handler(struct timer_list *t); - static void __neigh_notify(struct neighbour *n, int type, int flags, - u32 pid); - static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); --static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev); -+static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, -+ struct net_device *dev); - - #ifdef CONFIG_PROC_FS - static const struct file_operations neigh_stat_seq_fops; -@@ -291,8 +292,7 @@ int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) - { - write_lock_bh(&tbl->lock); - neigh_flush_dev(tbl, dev); -- pneigh_ifdown(tbl, dev); -- write_unlock_bh(&tbl->lock); -+ pneigh_ifdown_and_unlock(tbl, dev); - - del_timer_sync(&tbl->proxy_timer); - pneigh_queue_purge(&tbl->proxy_queue); -@@ -681,9 +681,10 @@ int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, - return -ENOENT; - } - --static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev) -+static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, -+ struct net_device *dev) - { -- struct pneigh_entry *n, **np; -+ struct pneigh_entry *n, **np, *freelist = NULL; - u32 h; - - for (h = 0; h <= PNEIGH_HASHMASK; h++) { -@@ -691,16 +692,23 @@ static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev) - while ((n = *np) != NULL) { - if (!dev || n->dev == dev) { - *np = n->next; -- if (tbl->pdestructor) -- tbl->pdestructor(n); -- if (n->dev) -- dev_put(n->dev); -- kfree(n); -+ n->next = freelist; -+ freelist = n; - continue; - } - np = &n->next; - } - } -+ write_unlock_bh(&tbl->lock); -+ while ((n = freelist)) { -+ freelist = n->next; -+ n->next = NULL; -+ if (tbl->pdestructor) -+ tbl->pdestructor(n); -+ if (n->dev) -+ dev_put(n->dev); -+ kfree(n); -+ } - return -ENOENT; - } - --- -2.14.2 - diff --git a/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch b/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch new file mode 100644 index 0000000..cc72250 --- /dev/null +++ b/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Felix Wilhelm +Date: Mon, 11 Jun 2018 09:43:44 +0200 +Subject: [PATCH] kvm: nVMX: Enforce cpl=0 for VMX instructions + +VMX instructions executed inside a L1 VM will always trigger a VM exit +even when executed with cpl 3. This means we must perform the +privilege check in software. + +Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks") +Cc: stable@vger.kernel.org +Signed-off-by: Felix Wilhelm +Signed-off-by: Paolo Bonzini +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/vmx.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index ddfb9914e105..d81ee9ed4e83 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7402,6 +7402,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu) + return 1; + } + ++ /* CPL=0 must be checked manually. */ ++ if (vmx_get_cpl(vcpu)) { ++ kvm_queue_exception(vcpu, UD_VECTOR); ++ return 1; ++ } ++ + if (vmx->nested.vmxon) { + nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION); + return kvm_skip_emulated_instruction(vcpu); +@@ -7461,6 +7467,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu) + */ + static int nested_vmx_check_permission(struct kvm_vcpu *vcpu) + { ++ if (vmx_get_cpl(vcpu)) { ++ kvm_queue_exception(vcpu, UD_VECTOR); ++ return 0; ++ } ++ + if (!to_vmx(vcpu)->nested.vmxon) { + kvm_queue_exception(vcpu, UD_VECTOR); + return 0; +@@ -7794,7 +7805,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) + if (get_vmx_mem_address(vcpu, exit_qualification, + vmx_instruction_info, true, &gva)) + return 1; +- /* _system ok, as hardware has verified cpl=0 */ ++ /* _system ok, nested_vmx_check_permission has verified cpl=0 */ + kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva, + &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL); + } +@@ -7937,7 +7948,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu) + if (get_vmx_mem_address(vcpu, exit_qualification, + vmx_instruction_info, true, &vmcs_gva)) + return 1; +- /* ok to use *_system, as hardware has verified cpl=0 */ ++ /* *_system ok, nested_vmx_check_permission has verified cpl=0 */ + if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva, + (void *)&to_vmx(vcpu)->nested.current_vmptr, + sizeof(u64), &e)) { diff --git a/patches/kernel/0009-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch b/patches/kernel/0009-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch deleted file mode 100644 index 3f58da8..0000000 --- a/patches/kernel/0009-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 14224923c3600bae2ac4dcae3bf0c3d4dc2812be Mon Sep 17 00:00:00 2001 -From: Rob Taglang -Date: Thu, 3 May 2018 17:13:06 -0400 -Subject: net: ethernet: sun: niu set correct packet size in skb - -Currently, skb->len and skb->data_len are set to the page size, not -the packet size. This causes the frame check sequence to not be -located at the "end" of the packet resulting in ethernet frame check -errors. The driver does work currently, but stricter kernel facing -networking solutions like OpenVSwitch will drop these packets as -invalid. - -These changes set the packet size correctly so that these errors no -longer occur. The length does not include the frame check sequence, so -that subtraction was removed. - -Tested on Oracle/SUN Multithreaded 10-Gigabit Ethernet Network -Controller [108e:abcd] and validated in wireshark. - -Signed-off-by: Rob Taglang -Signed-off-by: David S. Miller -Signed-off-by: Thomas Lamprecht ---- - drivers/net/ethernet/sun/niu.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c -index f081de4..88c1247 100644 ---- a/drivers/net/ethernet/sun/niu.c -+++ b/drivers/net/ethernet/sun/niu.c -@@ -3443,7 +3443,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - - len = (val & RCR_ENTRY_L2_LEN) >> - RCR_ENTRY_L2_LEN_SHIFT; -- len -= ETH_FCS_LEN; -+ append_size = len + ETH_HLEN + ETH_FCS_LEN; - - addr = (val & RCR_ENTRY_PKT_BUF_ADDR) << - RCR_ENTRY_PKT_BUF_ADDR_SHIFT; -@@ -3453,7 +3453,6 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - RCR_ENTRY_PKTBUFSZ_SHIFT]; - - off = addr & ~PAGE_MASK; -- append_size = rcr_size; - if (num_rcr == 1) { - int ptype; - -@@ -3466,7 +3465,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - else - skb_checksum_none_assert(skb); - } else if (!(val & RCR_ENTRY_MULTI)) -- append_size = len - skb->len; -+ append_size = append_size - skb->len; - - niu_rx_skb_append(skb, page, off, append_size, rcr_size); - if ((page->index + rp->rbr_block_size) - rcr_size == addr) { --- -cgit v1.1 diff --git a/patches/kernel/0010-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch b/patches/kernel/0010-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch deleted file mode 100644 index 2da036a..0000000 --- a/patches/kernel/0010-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 727ba748e110b4de50d142edca9d6a9b7e6111d8 Mon Sep 17 00:00:00 2001 -From: Felix Wilhelm -Date: Mon, 11 Jun 2018 09:43:44 +0200 -Subject: kvm: nVMX: Enforce cpl=0 for VMX instructions - -VMX instructions executed inside a L1 VM will always trigger a VM exit -even when executed with cpl 3. This means we must perform the -privilege check in software. - -Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks") -Cc: stable@vger.kernel.org -Signed-off-by: Felix Wilhelm -Signed-off-by: Paolo Bonzini -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/vmx.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 709de996..4bf1f9d 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -7905,6 +7905,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu) - return 1; - } - -+ /* CPL=0 must be checked manually. */ -+ if (vmx_get_cpl(vcpu)) { -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+ } -+ - if (vmx->nested.vmxon) { - nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION); - return kvm_skip_emulated_instruction(vcpu); -@@ -7964,6 +7970,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu) - */ - static int nested_vmx_check_permission(struct kvm_vcpu *vcpu) - { -+ if (vmx_get_cpl(vcpu)) { -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 0; -+ } -+ - if (!to_vmx(vcpu)->nested.vmxon) { - kvm_queue_exception(vcpu, UD_VECTOR); - return 0; -@@ -8283,7 +8294,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) - if (get_vmx_mem_address(vcpu, exit_qualification, - vmx_instruction_info, true, &gva)) - return 1; -- /* _system ok, as hardware has verified cpl=0 */ -+ /* _system ok, nested_vmx_check_permission has verified cpl=0 */ - kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva, - &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL); - } -@@ -8448,7 +8459,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu) - if (get_vmx_mem_address(vcpu, exit_qualification, - vmx_instruction_info, true, &vmcs_gva)) - return 1; -- /* ok to use *_system, as hardware has verified cpl=0 */ -+ /* *_system ok, nested_vmx_check_permission has verified cpl=0 */ - if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva, - (void *)&to_vmx(vcpu)->nested.current_vmptr, - sizeof(u64), &e)) { --- -cgit v1.1 -