debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 3.12.6 

svn path=/dists/sid/linux/; revision=20905
This commit is contained in:
Ben Hutchings 2013-12-21 01:26:27 +00:00
parent 0813c82451
commit 0a09a09a42
8 changed files with 43 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
debian/changelog vendored
View File

@ -1,4 +1,4 @@
linux (3.12.5-1) UNRELEASED; urgency=medium
linux (3.12.6-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
@ -34,6 +34,48 @@ linux (3.12.5-1) UNRELEASED; urgency=medium
- SCSI: Disable WRITE SAME for RAID and virtual host adapter drivers
- tg3: avoid double-freeing of rx data memory
- crypto: scatterwalk - Use sg_chain_ptr on chain entries
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.6
- ALSA: memalloc.h - fix wrong truncation of dma_addr_t
- [arm] 7912/1: check stack pointer in get_wchan
- [arm] 7913/1: fix framepointer check in unwind_frame
- KVM: Improve create VCPU parameter (CVE-2013-4587)
- [x86] KVM: Fix potential divide by 0 in lapic (CVE-2013-6367)
- [x86] KVM: Convert vapic synchronization to _cached functions
(CVE-2013-6368)
- [x86] KVM: fix guest-initiated crash with x2apic (CVE-2013-6376)
- xfs: growfs overruns AGFL buffer on V4 filesystems
- futex: fix handling of read-only-mapped hugepages
- nfsd: when reusing an existing repcache entry, unhash it first
- [armhf] usb: musb: musb_cppi41: handle pre-mature TX complete interrupt
- powerpc: Fix PTE page address mismatch in pgtable ctor/dtor
- mm: memcg: do not allow task about to OOM kill to bypass the limit
- mm: memcg: fix race condition between memcg teardown and swapin
- cfg80211: disable 5/10 MHz support for all drivers
- Revert "mac80211: allow disable power save in mesh"
- mac80211: fix scheduled scan rtnl deadlock
- iwlwifi: mvm: check sta_id/drain values in debugfs
- Btrfs: fix access_ok() check in btrfs_ioctl_send()
- dm snapshot: avoid snapshot space leak on crash
- dm array: fix a reference counting bug in shadow_ablock
- dm space map metadata: return on failure in sm_metadata_new_block
- dm space map: disallow decrementing a reference count below zero
- dm table: fail dm_table_create on dm_round_up overflow
- dm thin: switch to read only mode if a mapping insert fails
- dm thin: switch to read-only mode if metadata space is exhausted
- dm thin: always fallback the pool mode if commit fails
- dm thin: re-establish read-only state when switching to fail mode
- dm thin: allow pool in read-only mode to transition to read-write mode
- media/cxd2820r_core: Fix regression in 3.12.3
- sched: Avoid throttle_cfs_rq() racing with period_timer stopping
- Btrfs: do a full search everytime in btrfs_search_old_slot
- Btrfs: reset intwrite on transaction abort
- Btrfs: fix memory leak of chunks' extent map
- Btrfs: fix hole check in log_one_extent
- Btrfs: fix incorrect inode acl reset
- Btrfs: take ordered root lock when removing ordered operations inode
- Btrfs: do not run snapshot-aware defragment on error
- Btrfs: fix a crash when running balance and defrag concurrently
- Btrfs: fix lockdep error in async commit
[ Ben Hutchings ]
* udeb: Add ohci-pci to usb-modules (Closes: #730789)
@ -53,12 +95,6 @@ linux (3.12.5-1) UNRELEASED; urgency=medium
(Closes: #732106)
* linux-source: Compress with gzip -1 (Closes: #725492)
* [alpha] Prevent a NULL ptr dereference in csum_partial_copy
* media/cxd2820r_core: Fix regression in 3.12.3, thanks to Frederik Himpe
* KVM: Improve create VCPU parameter (CVE-2013-4587)
* [x86] KVM: Fix potential divide by 0 in lapic (CVE-2013-6367)
* [x86] KVM: Convert vapic synchronization to _cached functions
(CVE-2013-6368)
* [x86] KVM: fix guest-initiated crash with x2apic (CVE-2013-6376)
* Set ABI to 1
* [ia64] Enable PSTORE, EFI_VARS_PSTORE
* [x86,ia64] udeb: Remove zlib-modules as zlib is now built-in

32
debian/patches/bugfix/all/KVM-Improve-create-VCPU-parameter-CVE-2013-4587.patch vendored
View File

@ -1,32 +0,0 @@
From: Andy Honig <ahonig@google.com>
Date: Mon, 18 Nov 2013 16:09:22 -0800
Subject: KVM: Improve create VCPU parameter (CVE-2013-4587)
Origin: https://git.kernel.org/linus/338c7dbadd2671189cec7faf64c84d01071b3f96
In multiple functions the vcpu_id is used as an offset into a bitfield. Ag
malicious user could specify a vcpu_id greater than 255 in order to set or
clear bits in kernel memory. This could be used to elevate priveges in the
kernel. This patch verifies that the vcpu_id provided is less than 255.
The api documentation already specifies that the vcpu_id must be less than
max_vcpus, but this is currently not checked.
Reported-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
virt/kvm/kvm_main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1893,6 +1893,9 @@ static int kvm_vm_ioctl_create_vcpu(stru
int r;
struct kvm_vcpu *vcpu, *v;
+ if (id >= KVM_MAX_VCPUS)
+ return -EINVAL;
+
vcpu = kvm_arch_vcpu_create(kvm, id);
if (IS_ERR(vcpu))
return PTR_ERR(vcpu);

41
debian/patches/bugfix/all/KVM-x86-Fix-potential-divide-by-0-in-lapic-CVE-2013-.patch vendored
View File

@ -1,41 +0,0 @@
From: Andy Honig <ahonig@google.com>
Date: Tue, 19 Nov 2013 14:12:18 -0800
Subject: KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
Origin: https://git.kernel.org/linus/b963a22e6d1a266a67e9eecc88134713fd54775c
Under guest controllable circumstances apic_get_tmcct will execute a
divide by zero and cause a crash. If the guest cpuid support
tsc deadline timers and performs the following sequence of requests
the host will crash.
- Set the mode to periodic
- Set the TMICT to 0
- Set the mode bits to 11 (neither periodic, nor one shot, nor tsc deadline)
- Set the TMICT to non-zero.
Then the lapic_timer.period will be 0, but the TMICT will not be. If the
guest then reads from the TMCCT then the host will perform a divide by 0.
This patch ensures that if the lapic_timer.period is 0, then the division
does not occur.
Reported-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/lapic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 5439117..89b52ec 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -841,7 +841,8 @@ static u32 apic_get_tmcct(struct kvm_lapic *apic)
ASSERT(apic != NULL);
/* if initial count is 0, current count should also be 0 */
- if (kvm_apic_get_reg(apic, APIC_TMICT) == 0)
+ if (kvm_apic_get_reg(apic, APIC_TMICT) == 0 ||
+ apic->lapic_timer.period == 0)
return 0;
remaining = hrtimer_get_remaining(&apic->lapic_timer.timer);

39
debian/patches/bugfix/all/media-cxd2820r_core-fix-sparse-warnings.patch vendored
View File

@ -1,39 +0,0 @@
From: Hans Verkuil <hans.verkuil@cisco.com>
Date: Fri, 4 Oct 2013 11:01:43 -0300
Subject: [media] cxd2820r_core: fix sparse warnings
Origin: https://git.kernel.org/linus/0db3fa2741ad8371c21b3a6785416a4afc0cc1d4
drivers/media/dvb-frontends/cxd2820r_core.c:34:32: error: cannot size expression
drivers/media/dvb-frontends/cxd2820r_core.c:68:32: error: cannot size expression
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Antti Palosaari <crope@iki.fi>
Reviewed-by: Antti Palosaari <crope@iki.fi>
Reviewed-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
[bwh: Commit 8393796dfa4c ('media: dvb-frontends: Don't use dynamic static
allocation') depends on this but was cherry-picked for 3.12.3 without this]
---
drivers/media/dvb-frontends/cxd2820r_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/dvb-frontends/cxd2820r_core.c
+++ b/drivers/media/dvb-frontends/cxd2820r_core.c
@@ -34,7 +34,7 @@ static int cxd2820r_wr_regs_i2c(struct c
{
.addr = i2c,
.flags = 0,
- .len = sizeof(buf),
+ .len = len + 1,
.buf = buf,
}
};
@@ -75,7 +75,7 @@ static int cxd2820r_rd_regs_i2c(struct c
}, {
.addr = i2c,
.flags = I2C_M_RD,
- .len = sizeof(buf),
+ .len = len,
.buf = buf,
}
};

46
debian/patches/bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch vendored
View File

@ -1,46 +0,0 @@
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Sat, 23 Nov 2013 15:59:42 +1100
Subject: xfs: underflow bug in xfs_attrlist_by_handle()
Origin: http://www.ozlabs.org/~akpm/mmotm/broken-out/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
If we allocate less than sizeof(struct attrlist) then we end up corrupting
memory or doing a ZERO_PTR_SIZE dereference.
This can only be triggered with CAP_SYS_ADMIN.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Acked-by: Ben Myers <bpm@sgi.com>
Cc: Alex Elder <elder@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/xfs/xfs_ioctl.c | 3 ++-
fs/xfs/xfs_ioctl32.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -443,7 +443,8 @@ xfs_attrlist_by_handle(
return -XFS_ERROR(EPERM);
if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t)))
return -XFS_ERROR(EFAULT);
- if (al_hreq.buflen > XATTR_LIST_MAX)
+ if (al_hreq.buflen < sizeof(struct attrlist) ||
+ al_hreq.buflen > XATTR_LIST_MAX)
return -XFS_ERROR(EINVAL);
/*
--- a/fs/xfs/xfs_ioctl32.c
+++ b/fs/xfs/xfs_ioctl32.c
@@ -357,7 +357,8 @@ xfs_compat_attrlist_by_handle(
if (copy_from_user(&al_hreq, arg,
sizeof(compat_xfs_fsop_attrlist_handlereq_t)))
return -XFS_ERROR(EFAULT);
- if (al_hreq.buflen > XATTR_LIST_MAX)
+ if (al_hreq.buflen < sizeof(struct attrlist) ||
+ al_hreq.buflen > XATTR_LIST_MAX)
return -XFS_ERROR(EINVAL);
/*

183
debian/patches/bugfix/x86/KVM-x86-Convert-vapic-synchronization-to-_cached-fun.patch vendored
View File

@ -1,183 +0,0 @@
From: Andy Honig <ahonig@google.com>
Date: Wed, 20 Nov 2013 10:23:22 -0800
Subject: KVM: x86: Convert vapic synchronization to _cached functions
(CVE-2013-6368)
Origin: https://git.kernel.org/linus/fda4e2e85589191b123d31cdc21fd33ee70f50fd
In kvm_lapic_sync_from_vapic and kvm_lapic_sync_to_vapic there is the
potential to corrupt kernel memory if userspace provides an address that
is at the end of a page. This patches concerts those functions to use
kvm_write_guest_cached and kvm_read_guest_cached. It also checks the
vapic_address specified by userspace during ioctl processing and returns
an error to userspace if the address is not a valid GPA.
This is generally not guest triggerable, because the required write is
done by firmware that runs before the guest. Also, it only affects AMD
processors and oldish Intel that do not have the FlexPriority feature
(unless you disable FlexPriority, of course; then newer processors are
also affected).
Fixes: b93463aa59d6 ('KVM: Accelerated apic support')
Reported-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/lapic.c | 27 +++++++++++++++------------
arch/x86/kvm/lapic.h | 4 ++--
arch/x86/kvm/x86.c | 40 +---------------------------------------
3 files changed, 18 insertions(+), 53 deletions(-)
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -1692,7 +1692,6 @@ static void apic_sync_pv_eoi_from_guest(
void kvm_lapic_sync_from_vapic(struct kvm_vcpu *vcpu)
{
u32 data;
- void *vapic;
if (test_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention))
apic_sync_pv_eoi_from_guest(vcpu, vcpu->arch.apic);
@@ -1700,9 +1699,8 @@ void kvm_lapic_sync_from_vapic(struct kv
if (!test_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention))
return;
- vapic = kmap_atomic(vcpu->arch.apic->vapic_page);
- data = *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr));
- kunmap_atomic(vapic);
+ kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.apic->vapic_cache, &data,
+ sizeof(u32));
apic_set_tpr(vcpu->arch.apic, data & 0xff);
}
@@ -1738,7 +1736,6 @@ void kvm_lapic_sync_to_vapic(struct kvm_
u32 data, tpr;
int max_irr, max_isr;
struct kvm_lapic *apic = vcpu->arch.apic;
- void *vapic;
apic_sync_pv_eoi_to_guest(vcpu, apic);
@@ -1754,18 +1751,24 @@ void kvm_lapic_sync_to_vapic(struct kvm_
max_isr = 0;
data = (tpr & 0xff) | ((max_isr & 0xf0) << 8) | (max_irr << 24);
- vapic = kmap_atomic(vcpu->arch.apic->vapic_page);
- *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr)) = data;
- kunmap_atomic(vapic);
+ kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.apic->vapic_cache, &data,
+ sizeof(u32));
}
-void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr)
+int kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr)
{
- vcpu->arch.apic->vapic_addr = vapic_addr;
- if (vapic_addr)
+ if (vapic_addr) {
+ if (kvm_gfn_to_hva_cache_init(vcpu->kvm,
+ &vcpu->arch.apic->vapic_cache,
+ vapic_addr, sizeof(u32)))
+ return -EINVAL;
__set_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention);
- else
+ } else {
__clear_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention);
+ }
+
+ vcpu->arch.apic->vapic_addr = vapic_addr;
+ return 0;
}
int kvm_x2apic_msr_write(struct kvm_vcpu *vcpu, u32 msr, u64 data)
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -34,7 +34,7 @@ struct kvm_lapic {
*/
void *regs;
gpa_t vapic_addr;
- struct page *vapic_page;
+ struct gfn_to_hva_cache vapic_cache;
unsigned long pending_events;
unsigned int sipi_vector;
};
@@ -76,7 +76,7 @@ void kvm_set_lapic_tscdeadline_msr(struc
void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset);
void kvm_apic_set_eoi_accelerated(struct kvm_vcpu *vcpu, int vector);
-void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr);
+int kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr);
void kvm_lapic_sync_from_vapic(struct kvm_vcpu *vcpu);
void kvm_lapic_sync_to_vapic(struct kvm_vcpu *vcpu);
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3192,8 +3192,7 @@ long kvm_arch_vcpu_ioctl(struct file *fi
r = -EFAULT;
if (copy_from_user(&va, argp, sizeof va))
goto out;
- r = 0;
- kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
+ r = kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
break;
}
case KVM_X86_SETUP_MCE: {
@@ -5718,36 +5717,6 @@ static void post_kvm_run_save(struct kvm
!kvm_event_needs_reinjection(vcpu);
}
-static int vapic_enter(struct kvm_vcpu *vcpu)
-{
- struct kvm_lapic *apic = vcpu->arch.apic;
- struct page *page;
-
- if (!apic || !apic->vapic_addr)
- return 0;
-
- page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
- if (is_error_page(page))
- return -EFAULT;
-
- vcpu->arch.apic->vapic_page = page;
- return 0;
-}
-
-static void vapic_exit(struct kvm_vcpu *vcpu)
-{
- struct kvm_lapic *apic = vcpu->arch.apic;
- int idx;
-
- if (!apic || !apic->vapic_addr)
- return;
-
- idx = srcu_read_lock(&vcpu->kvm->srcu);
- kvm_release_page_dirty(apic->vapic_page);
- mark_page_dirty(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
- srcu_read_unlock(&vcpu->kvm->srcu, idx);
-}
-
static void update_cr8_intercept(struct kvm_vcpu *vcpu)
{
int max_irr, tpr;
@@ -6047,11 +6016,6 @@ static int __vcpu_run(struct kvm_vcpu *v
struct kvm *kvm = vcpu->kvm;
vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
- r = vapic_enter(vcpu);
- if (r) {
- srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
- return r;
- }
r = 1;
while (r > 0) {
@@ -6110,8 +6074,6 @@ static int __vcpu_run(struct kvm_vcpu *v
srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
- vapic_exit(vcpu);
-
return r;
}

50
debian/patches/bugfix/x86/KVM-x86-fix-guest-initiated-crash-with-x2apic-CVE-20.patch vendored
View File

@ -1,50 +0,0 @@
From: Gleb Natapov <gleb@redhat.com>
Date: Thu, 12 Dec 2013 21:20:08 +0100
Subject: KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
Origin: https://git.kernel.org/linus/17d68b763f09a9ce824ae23eb62c9efc57b69271
A guest can cause a BUG_ON() leading to a host kernel crash.
When the guest writes to the ICR to request an IPI, while in x2apic
mode the following things happen, the destination is read from
ICR2, which is a register that the guest can control.
kvm_irq_delivery_to_apic_fast uses the high 16 bits of ICR2 as the
cluster id. A BUG_ON is triggered, which is a protection against
accessing map->logical_map with an out-of-bounds access and manages
to avoid that anything really unsafe occurs.
The logic in the code is correct from real HW point of view. The problem
is that KVM supports only one cluster with ID 0 in clustered mode, but
the code that has the bug does not take this into account.
Reported-by: Lars Bull <larsbull@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/lapic.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index b8bec45..dec48bf 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -143,6 +143,8 @@ static inline int kvm_apic_id(struct kvm_lapic *apic)
return (kvm_apic_get_reg(apic, APIC_ID) >> 24) & 0xff;
}
+#define KVM_X2APIC_CID_BITS 0
+
static void recalculate_apic_map(struct kvm *kvm)
{
struct kvm_apic_map *new, *old = NULL;
@@ -180,7 +182,8 @@ static void recalculate_apic_map(struct kvm *kvm)
if (apic_x2apic_mode(apic)) {
new->ldr_bits = 32;
new->cid_shift = 16;
- new->cid_mask = new->lid_mask = 0xffff;
+ new->cid_mask = (1 << KVM_X2APIC_CID_BITS) - 1;
+ new->lid_mask = 0xffff;
} else if (kvm_apic_sw_enabled(apic) &&
!new->cid_mask /* flat mode */ &&
kvm_apic_get_reg(apic, APIC_DFR) == APIC_DFR_CLUSTER) {

6
debian/patches/series vendored
View File

@ -77,13 +77,7 @@ bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch
bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
bugfix/arm/ahci-imx-Explicitly-clear-IMX6Q_GPR13_SATA_MPLL_CLK_.patch
bugfix/all/disable-some-marvell-phys.patch
features/all/media-az6007-support-Technisat-Cablestar-Combo-HDCI-.patch
bugfix/all/alpha-Prevent-a-NULL-ptr-dereference-in-csum_partial.patch
bugfix/all/media-cxd2820r_core-fix-sparse-warnings.patch
bugfix/all/KVM-Improve-create-VCPU-parameter-CVE-2013-4587.patch
bugfix/all/KVM-x86-Fix-potential-divide-by-0-in-lapic-CVE-2013-.patch
bugfix/x86/KVM-x86-Convert-vapic-synchronization-to-_cached-fun.patch
bugfix/x86/KVM-x86-fix-guest-initiated-crash-with-x2apic-CVE-20.patch