[linux-yocto] v4.12.x - stable updates comprising v4.12.25

Bruce Ashfield bruce.ashfield at windriver.com
Mon Jul 2 19:27:48 PDT 2018 

On 2018-06-27 3:00 AM, Paul Gortmaker wrote:
> Bruce, Yocto kernel folks:
> 
> Here is another 4.12.x stable update "extension" primarily created for
> the Yocto project, continuing on top of the previous v4.12.24 kernel.
> 
> This is also a good time to note that people using 4.12.x should be
> getting their plans in place to moving to a newer kernel in the near
> future, as the number of additional 4.12.x releases that I do will be
> limited to a couple more over the next several months.
> 
> Unfortunately, after only two releases with what were "normal" single
> issue commits for stable releases, we are back to what is largely a
> whole release aimed at a single issue.  There are close to 70 commits
> here, and they are all related to spectre/speculative-store-bypass (SSB)
> or dependency commits paving the road to using those SSB commits.
> 
> Also unfortunate, is that once again, these changes are in core low
> level files, mixed with assembly, and not just one line simple
> "stable" fixes.  A look at the top "winners" in the diffstat shows:
> 
>   arch/x86/kernel/cpu/bugs.c                         | 369 +++++++++++++++++++--
>   arch/x86/entry/calling.h                           | 104 +++---
>   arch/x86/entry/entry_64.S                          |  91 ++---
>   arch/x86/kernel/cpu/common.c                       |  78 ++++-
>   arch/x86/include/asm/nospec-branch.h               |  54 ++-
>   include/linux/nospec.h                             |  46 ++-
>   arch/x86/include/asm/spec-ctrl.h                   |  40 +++
>   arch/x86/entry/entry_64_compat.S                   |  30 ++
> 
> In an ideal world I'd rather not see any changes to these types of files
> in "stable" content, but it seems our hands are tied.
> 
> The selection of commits is largely from those that appeared from two
> mainline merges, in 4.16 and 4.17 respectively.  For those who want more
> details, please consult the series file in the queue repository listed
> at the end of this message to see the ID prefix of those merges and
> their individual commit content.
> 
> Given that the focus is largely on SSB, a few notes are in order.
> Firstly, the backports in this release give the key new status file:
> 
>     /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
> 
> which is specific to the new SSB changes announced in late May. It is
> too much to get into here on the details, so folks should start with the
> file Documentation/userspace-api/spec_ctrl.rst and the new boot-args
> related to spec_store_bypass_disable added to the existing file in
> Documentation/admin-guide/kernel-parameters.txt -- from there, folks
> should have enough keywords to do effective online searches for more
> specific details.
> 
> As this is a two part solution (kernel and microcode), testing was done
> on an older xeon v2 (circa 2014 firmware) and a very recent laptop with
> a firmware update only weeks old.
> 
> The xeon with patches but old firmware -- /sys status file reported:
>    Vulnerable
> 
> The modern laptop with latest BIOS/firmware/microcode reported:
>    Mitigation: Speculative Store Bypass disabled via prctl and seccomp
> 
> If you don't see the status file at all, you've not booted a kernel with
> the SSB patches applied.
> 
> In addition to the SSB specifics, I've put this 4.12.x queue through the
> usual testing that I figured made sense, which includes but is not
> limited to:
> 
> -x86-64 sanity boot test + workloads of defconfig on COTS Core2 box.
> -build MIPS, PPC, ARM, ARM64 with defconfig
> -build x86-64 allmodconfig/allyesconfig
> -build i386 allmodconfig/allyesconfig
> 
> Given the content was 99% x86, the non-x86 builds were probably a waste
> of time, but a routine is a routine...
> 
> I bumped the 4.12 Makefile and did the signed tag just as per the previously
> released 4.12.x versions.
> 
> Please find a signed v4.12.25 tag using this key:
> 
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
> 
> in the repo in the kernel.org directory here:
> 
>     https://git.kernel.org/cgit/linux/kernel/git/paulg/linux-4.12.y.git/
>     git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-4.12.y.git
> 

Thanks Paul, this is now merged.

Bruce

> for merge to standard/base in linux-yocto-4.12 and then out from there
> into the other base and BSP branches.
> 
> For those who are interested, the evolution of the commits is here:
> 
>     https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-4.12.git/
> 
> This repo isn't needed for anything; it just exists for transparency and
> so people can see the raw commits that were used to create this 4.12.x
> release.  As mentioned above, the series file in release/v4.12.25 has
> information relating to the commits used in this release.
> 
> Paul.
> --
>

More information about the linux-yocto mailing list