On 2018-06-27 3:00 AM, Paul Gortmaker wrote:
Bruce, Yocto kernel folks:
Here is another 4.12.x stable update "extension" primarily created for
the Yocto project, continuing on top of the previous v4.12.24 kernel.
This is also a good time to note that people using 4.12.x should be
getting their plans in place to moving to a newer kernel in the near
future, as the number of additional 4.12.x releases that I do will be
limited to a couple more over the next several months.
Unfortunately, after only two releases with what were "normal" single
issue commits for stable releases, we are back to what is largely a
whole release aimed at a single issue. There are close to 70 commits
here, and they are all related to spectre/speculative-store-bypass (SSB)
or dependency commits paving the road to using those SSB commits.
Also unfortunate, is that once again, these changes are in core low
level files, mixed with assembly, and not just one line simple
"stable" fixes. A look at the top "winners" in the diffstat shows:
arch/x86/kernel/cpu/bugs.c | 369 +++++++++++++++++++--
arch/x86/entry/calling.h | 104 +++---
arch/x86/entry/entry_64.S | 91 ++---
arch/x86/kernel/cpu/common.c | 78 ++++-
arch/x86/include/asm/nospec-branch.h | 54 ++-
include/linux/nospec.h | 46 ++-
arch/x86/include/asm/spec-ctrl.h | 40 +++
arch/x86/entry/entry_64_compat.S | 30 ++
In an ideal world I'd rather not see any changes to these types of files
in "stable" content, but it seems our hands are tied.
The selection of commits is largely from those that appeared from two
mainline merges, in 4.16 and 4.17 respectively. For those who want more
details, please consult the series file in the queue repository listed
at the end of this message to see the ID prefix of those merges and
their individual commit content.
Given that the focus is largely on SSB, a few notes are in order.
Firstly, the backports in this release give the key new status file:
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
which is specific to the new SSB changes announced in late May. It is
too much to get into here on the details, so folks should start with the
file Documentation/userspace-api/spec_ctrl.rst and the new boot-args
related to spec_store_bypass_disable added to the existing file in
Documentation/admin-guide/kernel-parameters.txt -- from there, folks
should have enough keywords to do effective online searches for more
specific details.
As this is a two part solution (kernel and microcode), testing was done
on an older xeon v2 (circa 2014 firmware) and a very recent laptop with
a firmware update only weeks old.
The xeon with patches but old firmware -- /sys status file reported:
Vulnerable
The modern laptop with latest BIOS/firmware/microcode reported:
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
If you don't see the status file at all, you've not booted a kernel with
the SSB patches applied.
In addition to the SSB specifics, I've put this 4.12.x queue through the
usual testing that I figured made sense, which includes but is not
limited to:
-x86-64 sanity boot test + workloads of defconfig on COTS Core2 box.
-build MIPS, PPC, ARM, ARM64 with defconfig
-build x86-64 allmodconfig/allyesconfig
-build i386 allmodconfig/allyesconfig
Given the content was 99% x86, the non-x86 builds were probably a waste
of time, but a routine is a routine...
I bumped the 4.12 Makefile and did the signed tag just as per the previously
released 4.12.x versions.
Please find a signed v4.12.25 tag using this key:
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
in the repo in the kernel.org directory here:
https://git.kernel.org/cgit/linux/kernel/git/paulg/linux-4.12.y.git/
git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-4.12.y.git
Thanks Paul, this is now merged.
Bruce
for merge to standard/base in linux-yocto-4.12 and then out from there
into the other base and BSP branches.
For those who are interested, the evolution of the commits is here:
https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-4.12.git/
This repo isn't needed for anything; it just exists for transparency and
so people can see the raw commits that were used to create this 4.12.x
release. As mentioned above, the series file in release/v4.12.25 has
information relating to the commits used in this release.
Paul.
--
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
