Bruce, Yocto kernel folks: Here is another 4.12.x stable update "extension" primarily created for the Yocto project, continuing on top of the previous v4.12.24 kernel.
This is also a good time to note that people using 4.12.x should be getting their plans in place to moving to a newer kernel in the near future, as the number of additional 4.12.x releases that I do will be limited to a couple more over the next several months. Unfortunately, after only two releases with what were "normal" single issue commits for stable releases, we are back to what is largely a whole release aimed at a single issue. There are close to 70 commits here, and they are all related to spectre/speculative-store-bypass (SSB) or dependency commits paving the road to using those SSB commits. Also unfortunate, is that once again, these changes are in core low level files, mixed with assembly, and not just one line simple "stable" fixes. A look at the top "winners" in the diffstat shows: arch/x86/kernel/cpu/bugs.c | 369 +++++++++++++++++++-- arch/x86/entry/calling.h | 104 +++--- arch/x86/entry/entry_64.S | 91 ++--- arch/x86/kernel/cpu/common.c | 78 ++++- arch/x86/include/asm/nospec-branch.h | 54 ++- include/linux/nospec.h | 46 ++- arch/x86/include/asm/spec-ctrl.h | 40 +++ arch/x86/entry/entry_64_compat.S | 30 ++ In an ideal world I'd rather not see any changes to these types of files in "stable" content, but it seems our hands are tied. The selection of commits is largely from those that appeared from two mainline merges, in 4.16 and 4.17 respectively. For those who want more details, please consult the series file in the queue repository listed at the end of this message to see the ID prefix of those merges and their individual commit content. Given that the focus is largely on SSB, a few notes are in order. Firstly, the backports in this release give the key new status file: /sys/devices/system/cpu/vulnerabilities/spec_store_bypass which is specific to the new SSB changes announced in late May. It is too much to get into here on the details, so folks should start with the file Documentation/userspace-api/spec_ctrl.rst and the new boot-args related to spec_store_bypass_disable added to the existing file in Documentation/admin-guide/kernel-parameters.txt -- from there, folks should have enough keywords to do effective online searches for more specific details. As this is a two part solution (kernel and microcode), testing was done on an older xeon v2 (circa 2014 firmware) and a very recent laptop with a firmware update only weeks old. The xeon with patches but old firmware -- /sys status file reported: Vulnerable The modern laptop with latest BIOS/firmware/microcode reported: Mitigation: Speculative Store Bypass disabled via prctl and seccomp If you don't see the status file at all, you've not booted a kernel with the SSB patches applied. In addition to the SSB specifics, I've put this 4.12.x queue through the usual testing that I figured made sense, which includes but is not limited to: -x86-64 sanity boot test + workloads of defconfig on COTS Core2 box. -build MIPS, PPC, ARM, ARM64 with defconfig -build x86-64 allmodconfig/allyesconfig -build i386 allmodconfig/allyesconfig Given the content was 99% x86, the non-x86 builds were probably a waste of time, but a routine is a routine... I bumped the 4.12 Makefile and did the signed tag just as per the previously released 4.12.x versions. Please find a signed v4.12.25 tag using this key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6 in the repo in the kernel.org directory here: https://git.kernel.org/cgit/linux/kernel/git/paulg/linux-4.12.y.git/ git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-4.12.y.git for merge to standard/base in linux-yocto-4.12 and then out from there into the other base and BSP branches. For those who are interested, the evolution of the commits is here: https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-4.12.git/ This repo isn't needed for anything; it just exists for transparency and so people can see the raw commits that were used to create this 4.12.x release. As mentioned above, the series file in release/v4.12.25 has information relating to the commits used in this release. Paul. -- -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto