In message: v5.2.x - stable updates comprising v5.2.29 on 10/01/2020 Paul Gortmaker wrote:
> Bruce, Yocto kernel folks: > > Here is the next 5.2.x stable update "extension" primarily created for > the Yocto project, as the 8th v5.2.x post-EOL release. > > This release is kind of "normal" -- where it started out as an audit of > what went into 5.3.1[234], but in the 5.3.14 content, we see that x86-32 > is getting caught up on some low level fixes - in places like entry_32.S > and similar, fixing up CR2 handling and so on. > > People who tracked these stable extensions through the various 4.x > versions may recall that when faced with these type of significant low > level changes in the past (meltdown/spectre/etc) I chose to update the > underlying context with mainline backports so the commits of interest > could be used as-is, rather than altering them in ways that would no > longer truly reflect the original mainline commit -- possibly > invalidating testing/validation, and overlooking implicit dependencies. > > So a similar thing has been done here - as I've looked at the 5.2-5.3 > commits in that area to better align our v5.2 with 5.3 for these and > possible future similar CVE updates. A side benefit of this is we also > get CR0 and CR4 changes that block a whole group of exploits. > > Complicating things, is that the 5.2--5.3 window contained the FSGSBASE > support, about a dozen commits, with changes in x86/entry/ -- that was > then bulk reverted in 049331f277fe ("x86/fsgsbase: Revert FSGSBASE > support") - the commit log is worth a read. I've flltered out all that > churn so none of it appears here in this v5.2.29 release. > > Folks who are interested in more details should look at the series file > in release/5.2.29 in the commit repository below, as I've annotated it > with git descriptions for clarity as to what feature/fix merge sets the > mainline x86 commits came from. > > Given the x86/entry_32 changes, I did a sanity boot test on an older > 32bit only system. I've also put this 5.2.29 queue through the usual > testing; build testing on x86-64/32, ARM-64/32, PPC and MIPS, plus some > static analysis and finally some sanity runtime tests on x86-64. > > All that said and done, there are about 150 commits in this release. Sorry for the delay on this, I was tied up with 5.4 and 5.5 efforts. I had a minor conflict with -rt, but I resolved it and things look ok to me. This is now merged. Bruce > > I did the signed tag just as per the previously released versions. > Please find a signed v5.2.27 tag using this key: > > http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6 > > in the repo in the kernel.org directory here: > > > https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y > git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git > > for merge to standard/base in linux-yocto-5.2 and then out from there > into the other base and BSP branches. > > For those who are interested, the evolution of the commits is here: > > https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/ > > This repo isn't needed for anything; it just exists for transparency and > so people can see the evolution of the raw commits that were originally > selected to create this 5.2.x release. > > Paul.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8307): https://lists.yoctoproject.org/g/linux-yocto/message/8307 Mute This Topic: https://lists.yoctoproject.org/mt/69604904/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-