[linux-yocto] v5.2.x - stable updates comprising v5.2.23
Paul Gortmaker
paul.gortmaker at windriver.com
Fri Nov 15 14:36:02 PST 2019
Bruce, Yocto kernel folks:
Here is the next 5.2.x stable update "extension" primarily created for
the Yocto project, continuing from the first v5.2.22 post-EOL release.
This 5.2.22 release only contains about 22 mainline commits. Rather
than continue the audit of what went into 5.3.8 - I jumped ahead to
5.3.11 in order to get the latest CVE embargo commits relating to
iTLB/tsx/TAA, as I assumed they would be of interest to people.
Folks will find in /sys/devices/system/cpu/vulnerabilities - alongside
spectre and meltdown, new files itlb_multihit and tsx_async_abort, and
can look them up in the documentation for more details.
I will circle back to 5.3.8+ content for the next v5.2.24 release I'll
be starting shortly.
The CVE was significant to KVM, and as such, the commits had a fairly
high footprint in that subsystem. I used a code refactoring mainline
commit from between 5.2 and 5.3 in order to enable using the CVE related
KVM commits with as little alteration as possible. Also possibly worth
a mention, is that post-5.2 the main kvm_lock went from being a spinlock
to a mutex. Rather than risk any possible impact to -rt, I simply
retained it being a spin, and adjusted the CVE commits accordingly.
I've put this 5.2.23 queue through the usual testing; build testing on
x86-64/32, ARM-64/32, PPC and MIPS, plus some static analysis and
finally some sanity runtime tests on x86-64.
In addition, since there was a significant KVM footprint in the
changelog, I also built a defconfig with KVM and KVM_INTEL enabled, and
booted that same kernel as host and guest, on both kvm-intel enabled and
older non-kvm-intel enabled systems, and saw no obvious issues.
I did the signed tag just as per the previously released versions.
Please find a signed v5.2.23 tag using this key:
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
in the repo in the kernel.org directory here:
https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y
git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git
for merge to standard/base in linux-yocto-5.2 and then out from there
into the other base and BSP branches.
For those who are interested, the evolution of the commits is here:
https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/
This repo isn't needed for anything; it just exists for transparency and
so people can see the evolution of the raw commits that were originally
selected to create this 5.2.x release.
Paul.
More information about the linux-yocto
mailing list