Bruce, Yocto kernel folks: Here is the next 5.2.x stable update "extension" primarily created for the Yocto project, continuing from the first v5.2.22 post-EOL release.
This 5.2.22 release only contains about 22 mainline commits. Rather than continue the audit of what went into 5.3.8 - I jumped ahead to 5.3.11 in order to get the latest CVE embargo commits relating to iTLB/tsx/TAA, as I assumed they would be of interest to people. Folks will find in /sys/devices/system/cpu/vulnerabilities - alongside spectre and meltdown, new files itlb_multihit and tsx_async_abort, and can look them up in the documentation for more details. I will circle back to 5.3.8+ content for the next v5.2.24 release I'll be starting shortly. The CVE was significant to KVM, and as such, the commits had a fairly high footprint in that subsystem. I used a code refactoring mainline commit from between 5.2 and 5.3 in order to enable using the CVE related KVM commits with as little alteration as possible. Also possibly worth a mention, is that post-5.2 the main kvm_lock went from being a spinlock to a mutex. Rather than risk any possible impact to -rt, I simply retained it being a spin, and adjusted the CVE commits accordingly. I've put this 5.2.23 queue through the usual testing; build testing on x86-64/32, ARM-64/32, PPC and MIPS, plus some static analysis and finally some sanity runtime tests on x86-64. In addition, since there was a significant KVM footprint in the changelog, I also built a defconfig with KVM and KVM_INTEL enabled, and booted that same kernel as host and guest, on both kvm-intel enabled and older non-kvm-intel enabled systems, and saw no obvious issues. I did the signed tag just as per the previously released versions. Please find a signed v5.2.23 tag using this key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6 in the repo in the kernel.org directory here: https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git for merge to standard/base in linux-yocto-5.2 and then out from there into the other base and BSP branches. For those who are interested, the evolution of the commits is here: https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/ This repo isn't needed for anything; it just exists for transparency and so people can see the evolution of the raw commits that were originally selected to create this 5.2.x release. Paul. -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto
