[linux-yocto] v5.2.x - stable updates comprising v5.2.23
Bruce Ashfield
bruce.ashfield at gmail.com
Sun Nov 17 19:17:03 PST 2019
In message: v5.2.x - stable updates comprising v5.2.23
on 15/11/2019 Paul Gortmaker wrote:
> Bruce, Yocto kernel folks:
>
> Here is the next 5.2.x stable update "extension" primarily created for
> the Yocto project, continuing from the first v5.2.22 post-EOL release.
>
> This 5.2.22 release only contains about 22 mainline commits. Rather
> than continue the audit of what went into 5.3.8 - I jumped ahead to
> 5.3.11 in order to get the latest CVE embargo commits relating to
> iTLB/tsx/TAA, as I assumed they would be of interest to people.
>
> Folks will find in /sys/devices/system/cpu/vulnerabilities - alongside
> spectre and meltdown, new files itlb_multihit and tsx_async_abort, and
> can look them up in the documentation for more details.
>
> I will circle back to 5.3.8+ content for the next v5.2.24 release I'll
> be starting shortly.
>
> The CVE was significant to KVM, and as such, the commits had a fairly
> high footprint in that subsystem. I used a code refactoring mainline
> commit from between 5.2 and 5.3 in order to enable using the CVE related
> KVM commits with as little alteration as possible. Also possibly worth
> a mention, is that post-5.2 the main kvm_lock went from being a spinlock
> to a mutex. Rather than risk any possible impact to -rt, I simply
> retained it being a spin, and adjusted the CVE commits accordingly.
>
> I've put this 5.2.23 queue through the usual testing; build testing on
> x86-64/32, ARM-64/32, PPC and MIPS, plus some static analysis and
> finally some sanity runtime tests on x86-64.
>
> In addition, since there was a significant KVM footprint in the
> changelog, I also built a defconfig with KVM and KVM_INTEL enabled, and
> booted that same kernel as host and guest, on both kvm-intel enabled and
> older non-kvm-intel enabled systems, and saw no obvious issues.
Sounds good. Thanks for the extra testing!
This is now merged and pushed.
Bruce
>
> I did the signed tag just as per the previously released versions.
> Please find a signed v5.2.23 tag using this key:
>
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
>
> in the repo in the kernel.org directory here:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y
> git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git
>
> for merge to standard/base in linux-yocto-5.2 and then out from there
> into the other base and BSP branches.
>
> For those who are interested, the evolution of the commits is here:
>
> https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/
>
> This repo isn't needed for anything; it just exists for transparency and
> so people can see the evolution of the raw commits that were originally
> selected to create this 5.2.x release.
>
> Paul.
More information about the linux-yocto
mailing list