Bruce, Yocto kernel folks: Here is another 4.8.x stable update. Continuing on top of the previously released v4.8.26 kernel, we now have content selected from the 4.9.x series to address some of the high profile CVEs that have garnered a lot of attention this year.
One departure of note, is that in the past, I have used other nearby releases as a reference for content we might want to consider, but then always re-exported the commits directly from mainline, to ensure that I get to see all conflicts and similar 1st hand. However, the 4.9.x stable tree (and it seems all older backports) are early adopters of the KAISER patch set: https://lwn.net/Articles/738975/ ...which to be sure, influenced what eventually went into mainline, however there is no 1:1 mapping between the KAISER patches and mainline. As such, there really isn't much choice but to use the 4.9.x versions of the KAISER patches, since having worked on mainline backports for the 4.12 version, I know trying to take them back to 4.9 would not be the right choice here. One thing this shares with the 4.12 release is the much more complex interdependency between the commits and the baseline they are designed for. So, just like 4.12, I have backported select commits from 4.9 in order to facilitate using the 4.9 versions of the stable commits largely as-is, in the interest of having the most stable end result. As usual, I've put this 4.8.x queue through the various testing that I figured made sense, which includes but is not limited to: -x86-64 sanity boot test + workloads of defconfig on COTS Core2 box. -build MIPS, PPC, ARM, ARM64 with defconfig -build x86-64 allmodconfig/allyesconfig -build i386 allmodconfig/allyesconfig I also got some local assistance in running specific tests related to the CVEs, which was greatly appreciated. I bumped the Makefile and did the signed tag just as per the previously released 4.8.x versions. Please find a signed v4.8.27 tag using this key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6 in the repo in my kernel.org directory here: https://git.kernel.org/cgit/linux/kernel/git/paulg/linux-4.8.y.git/ git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-4.8.y.git for merge to standard/base in linux-yocto-4.8 and then out from there into the other base and BSP branches. For those who are interested, the raw commits can be found here: https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-4.8.git/ This repo isn't needed for anything; but one thing that might be of interest is to inspect the series file, since it is self documenting in terms of what patches were 4.9 backports of mainline and what came from the 4.9 stable queue directly, and hence can be used as a quick summary guide of what was addressed with this release. I suspect we will need to do another 4.8.x release to cover off similar issues on non-x86 architecture targets. Paul. -- -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto
