In message: v5.2.x - stable updates comprising v5.2.29
on 10/01/2020 Paul Gortmaker wrote:
> Bruce, Yocto kernel folks:
>
> Here is the next 5.2.x stable update "extension" primarily created for
> the Yocto project, as the 8th v5.2.x post-EOL release.
>
> This release is kind of "normal" -- where it started out as an audit of
> what went into 5.3.1[234], but in the 5.3.14 content, we see that x86-32
> is getting caught up on some low level fixes - in places like entry_32.S
> and similar, fixing up CR2 handling and so on.
>
> People who tracked these stable extensions through the various 4.x
> versions may recall that when faced with these type of significant low
> level changes in the past (meltdown/spectre/etc) I chose to update the
> underlying context with mainline backports so the commits of interest
> could be used as-is, rather than altering them in ways that would no
> longer truly reflect the original mainline commit -- possibly
> invalidating testing/validation, and overlooking implicit dependencies.
>
> So a similar thing has been done here - as I've looked at the 5.2-5.3
> commits in that area to better align our v5.2 with 5.3 for these and
> possible future similar CVE updates. A side benefit of this is we also
> get CR0 and CR4 changes that block a whole group of exploits.
>
> Complicating things, is that the 5.2--5.3 window contained the FSGSBASE
> support, about a dozen commits, with changes in x86/entry/ -- that was
> then bulk reverted in 049331f277fe ("x86/fsgsbase: Revert FSGSBASE
> support") - the commit log is worth a read. I've flltered out all that
> churn so none of it appears here in this v5.2.29 release.
>
> Folks who are interested in more details should look at the series file
> in release/5.2.29 in the commit repository below, as I've annotated it
> with git descriptions for clarity as to what feature/fix merge sets the
> mainline x86 commits came from.
>
> Given the x86/entry_32 changes, I did a sanity boot test on an older
> 32bit only system. I've also put this 5.2.29 queue through the usual
> testing; build testing on x86-64/32, ARM-64/32, PPC and MIPS, plus some
> static analysis and finally some sanity runtime tests on x86-64.
>
> All that said and done, there are about 150 commits in this release.
Sorry for the delay on this, I was tied up with 5.4 and 5.5 efforts.
I had a minor conflict with -rt, but I resolved it and things look ok
to me.
This is now merged.
Bruce
>
> I did the signed tag just as per the previously released versions.
> Please find a signed v5.2.27 tag using this key:
>
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
>
> in the repo in the kernel.org directory here:
>
>
> https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y
> git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git
>
> for merge to standard/base in linux-yocto-5.2 and then out from there
> into the other base and BSP branches.
>
> For those who are interested, the evolution of the commits is here:
>
> https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/
>
> This repo isn't needed for anything; it just exists for transparency and
> so people can see the evolution of the raw commits that were originally
> selected to create this 5.2.x release.
>
> Paul.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8307):
https://lists.yoctoproject.org/g/linux-yocto/message/8307
Mute This Topic: https://lists.yoctoproject.org/mt/69604904/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
