Bruce, Yocto kernel folks:
Here is the next 5.2.x stable update "extension" primarily created for
the Yocto project, as the 8th v5.2.x post-EOL release.
This release is kind of "normal" -- where it started out as an audit of
what went into 5.3.1[234], but in the 5.3.14 content, we see that x86-32
is getting caught up on some low level fixes - in places like entry_32.S
and similar, fixing up CR2 handling and so on.
People who tracked these stable extensions through the various 4.x
versions may recall that when faced with these type of significant low
level changes in the past (meltdown/spectre/etc) I chose to update the
underlying context with mainline backports so the commits of interest
could be used as-is, rather than altering them in ways that would no
longer truly reflect the original mainline commit -- possibly
invalidating testing/validation, and overlooking implicit dependencies.
So a similar thing has been done here - as I've looked at the 5.2-5.3
commits in that area to better align our v5.2 with 5.3 for these and
possible future similar CVE updates. A side benefit of this is we also
get CR0 and CR4 changes that block a whole group of exploits.
Complicating things, is that the 5.2--5.3 window contained the FSGSBASE
support, about a dozen commits, with changes in x86/entry/ -- that was
then bulk reverted in 049331f277fe ("x86/fsgsbase: Revert FSGSBASE
support") - the commit log is worth a read. I've flltered out all that
churn so none of it appears here in this v5.2.29 release.
Folks who are interested in more details should look at the series file
in release/5.2.29 in the commit repository below, as I've annotated it
with git descriptions for clarity as to what feature/fix merge sets the
mainline x86 commits came from.
Given the x86/entry_32 changes, I did a sanity boot test on an older
32bit only system. I've also put this 5.2.29 queue through the usual
testing; build testing on x86-64/32, ARM-64/32, PPC and MIPS, plus some
static analysis and finally some sanity runtime tests on x86-64.
All that said and done, there are about 150 commits in this release.
I did the signed tag just as per the previously released versions.
Please find a signed v5.2.27 tag using this key:
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xEBCE84042C07D1D6
in the repo in the kernel.org directory here:
https://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git/?h=linux-5.2.y
git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux-5.2.y.git
for merge to standard/base in linux-yocto-5.2 and then out from there
into the other base and BSP branches.
For those who are interested, the evolution of the commits is here:
https://git.kernel.org/cgit/linux/kernel/git/paulg/longterm-queue-5.2.git/
This repo isn't needed for anything; it just exists for transparency and
so people can see the evolution of the raw commits that were originally
selected to create this 5.2.x release.
Paul.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8303):
https://lists.yoctoproject.org/g/linux-yocto/message/8303
Mute This Topic: https://lists.yoctoproject.org/mt/69604904/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
