[PATCH 0/2] linux-yocto: 4.1/4.4 -stable and CVE fixes

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH 0/2] linux-yocto: 4.1/4.4 -stable and CVE fixes
@ 2016-10-22  3:47 Bruce Ashfield
  2016-10-22  3:47 ` [PATCH 1/2] linux-yocto/4.4: update to v4.4.26 Bruce Ashfield
  2016-10-22  3:47 ` [PATCH 2/2] linux-yocto/4.1: fix CVE-2016-5195 (dirtycow) Bruce Ashfield
  0 siblings, 2 replies; 3+ messages in thread
From: Bruce Ashfield @ 2016-10-22  3:47 UTC (permalink / raw)
  To: richard.purdie; +Cc: openembedded-core

Hi all,

While preparing the 4.8.3 update, and looking more at the dirtycow CVE it
was worthwhile to also speed up the refresh of 4.4 to pick up the -stable
fix for the CVE.

I've also done my own backport of the CVE fix to 4.1 (and will also do an
update when a 4.1 -stable picks up the same change).

I've built and booted both 4.1 and 4.4 to make sure everything is sane,
and I have more builds running for additional coverage.

I'd consider these two commits as candidates for the 2.2 release if there
is another -rc build, they are also safe for backporting to the -stable
branches that have the linux-yocto 4.1 and 4.4 kernels, since these are
not new features and bug/CVE fixes.

Cheers,

Bruce

The following changes since commit 1f75397b7244e989b3cec138e6b2ec0b0eaea42c:

  linux-yocto/4.8: update to v4.8.3 (2016-10-21 11:29:30 -0400)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib zedd/kernel
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel

Bruce Ashfield (2):
  linux-yocto/4.4: update to v4.4.26
  linux-yocto/4.1: fix CVE-2016-5195 (dirtycow)

 meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb   |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb   |  6 +++---
 meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_4.1.bb      | 18 +++++++++---------
 meta/recipes-kernel/linux/linux-yocto_4.4.bb      | 20 ++++++++++----------
 6 files changed, 29 insertions(+), 29 deletions(-)

-- 
2.5.0

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 1/2] linux-yocto/4.4: update to v4.4.26
  2016-10-22  3:47 [PATCH 0/2] linux-yocto: 4.1/4.4 -stable and CVE fixes Bruce Ashfield
@ 2016-10-22  3:47 ` Bruce Ashfield
  2016-10-22  3:47 ` [PATCH 2/2] linux-yocto/4.1: fix CVE-2016-5195 (dirtycow) Bruce Ashfield
  1 sibling, 0 replies; 3+ messages in thread
From: Bruce Ashfield @ 2016-10-22  3:47 UTC (permalink / raw)
  To: richard.purdie; +Cc: openembedded-core

Integrating the 4.4.23->26 -stable releases. Among other fixes
this contains commit:

  mm: remove gup_flags FOLL_WRITE games from __get_user_pages()

Which addresses CVE-2016-5195.

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb   |  6 +++---
 meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_4.4.bb      | 20 ++++++++++----------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
index 33091f1b4ff6..6c1138277e54 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "6f27f97ed8466b5d7390e8fbb8696c13835a0b1f"
-SRCREV_meta ?= "bbaf01752b0168a63b164978495fad4ead7e8972"
+SRCREV_machine ?= "652b564985db555b549ef73405aea6c38919eefc"
+SRCREV_meta ?= "3030330b066a33ce21164a8b30d0503cf9f68e5b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.4.22"
+LINUX_VERSION ?= "4.4.26"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
index 44ddf21c04b8..76c41639c0d2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "4.4.22"
+LINUX_VERSION ?= "4.4.26"
 
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_meta ?= "bbaf01752b0168a63b164978495fad4ead7e8972"
+SRCREV_machine ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_meta ?= "3030330b066a33ce21164a8b30d0503cf9f68e5b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
index 41db3f682ae6..e3a3d901d1b2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86  ?= "standard/base"
 KBRANCH_qemux86-64 ?= "standard/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "de294849e02680399a6dd03fedcc03a69e9a6a04"
-SRCREV_machine_qemuarm64 ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_machine_qemumips ?= "a41dd187e7d42be65780f25997eb890ead6cc7d9"
-SRCREV_machine_qemuppc ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_machine_qemux86 ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_machine_qemux86-64 ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_machine_qemumips64 ?= "857685d23d1e8d8a8deb4198b139b95a5bb80825"
-SRCREV_machine ?= "f4e52341c304e044dbe581a35aad6b930c9410d1"
-SRCREV_meta ?= "bbaf01752b0168a63b164978495fad4ead7e8972"
+SRCREV_machine_qemuarm ?= "187bcc13f3023c3ae0a3ba5c69ae85c4e5e693ac"
+SRCREV_machine_qemuarm64 ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_machine_qemumips ?= "2f273556495dd2871f08c73fc3f40d1ad546c638"
+SRCREV_machine_qemuppc ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_machine_qemux86 ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_machine_qemux86-64 ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_machine_qemumips64 ?= "0a19cacf5738876666a4b530a9fa14f05b355299"
+SRCREV_machine ?= "ca6a08bd7f86ebef11f763d26f787f7d65270473"
+SRCREV_meta ?= "3030330b066a33ce21164a8b30d0503cf9f68e5b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.4.22"
+LINUX_VERSION ?= "4.4.26"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
2.5.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH 2/2] linux-yocto/4.1: fix CVE-2016-5195 (dirtycow)
  2016-10-22  3:47 [PATCH 0/2] linux-yocto: 4.1/4.4 -stable and CVE fixes Bruce Ashfield
  2016-10-22  3:47 ` [PATCH 1/2] linux-yocto/4.4: update to v4.4.26 Bruce Ashfield
@ 2016-10-22  3:47 ` Bruce Ashfield
  1 sibling, 0 replies; 3+ messages in thread
From: Bruce Ashfield @ 2016-10-22  3:47 UTC (permalink / raw)
  To: richard.purdie; +Cc: openembedded-core

Backporting commit 19be0eaffa [mm: remove gup_flags FOLL_WRITE games
from __get_user_pages()] to address the dirtycow exploit.

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb   |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb |  4 ++--
 meta/recipes-kernel/linux/linux-yocto_4.1.bb      | 18 +++++++++---------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
index ed7a916be948..b95fb5857725 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb
@@ -11,8 +11,8 @@ python () {
         raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "71daecbcd3f3e8fa73aa036a5539722004e7759c"
-SRCREV_meta ?= "322fa5b2796bfcff7bfbbde1d76c73636ecf5857"
+SRCREV_machine ?= "966ddde490030166010c5770f8f86cdd0e961c76"
+SRCREV_meta ?= "3c3197e65b6f2f5514853c1fe78ae8ffc131b02c"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.1;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
index 78600427b375..ba01702cb63e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb
@@ -9,8 +9,8 @@ LINUX_VERSION ?= "4.1.33"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "a38cb202738a2b055ac216b3699cc9377edea45a"
-SRCREV_meta ?= "322fa5b2796bfcff7bfbbde1d76c73636ecf5857"
+SRCREV_machine ?= "f4d0900b2851e829e990e0f64b09ed3b8e355fae"
+SRCREV_meta ?= "3c3197e65b6f2f5514853c1fe78ae8ffc131b02c"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.1.bb b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
index 413234b6d559..788a8eaaa8be 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
@@ -11,15 +11,15 @@ KBRANCH_qemux86  ?= "standard/base"
 KBRANCH_qemux86-64 ?= "standard/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "89241b98386f752ab073d3ab5518cb69bacbd97e"
-SRCREV_machine_qemuarm64 ?= "a38cb202738a2b055ac216b3699cc9377edea45a"
-SRCREV_machine_qemumips ?= "e00505a0c07a352d1dd57adb8da1768863022979"
-SRCREV_machine_qemuppc ?= "d5ef1ced9d019d20d986e205bddc317961407188"
-SRCREV_machine_qemux86 ?= "a38cb202738a2b055ac216b3699cc9377edea45a"
-SRCREV_machine_qemux86-64 ?= "a38cb202738a2b055ac216b3699cc9377edea45a"
-SRCREV_machine_qemumips64 ?= "ac476ecd7a56288e3e8ed1ef3872554de661e823"
-SRCREV_machine ?= "a38cb202738a2b055ac216b3699cc9377edea45a"
-SRCREV_meta ?= "322fa5b2796bfcff7bfbbde1d76c73636ecf5857"
+SRCREV_machine_qemuarm ?= "d67ef485ce1420df11bda2d9f6fb78ef50c1adff"
+SRCREV_machine_qemuarm64 ?= "f4d0900b2851e829e990e0f64b09ed3b8e355fae"
+SRCREV_machine_qemumips ?= "65116339cfd210990c9c4710cdfec3ebd59abb0e"
+SRCREV_machine_qemuppc ?= "30816907653b57f1f3d5f9a7a2f6339bab14a680"
+SRCREV_machine_qemux86 ?= "f4d0900b2851e829e990e0f64b09ed3b8e355fae"
+SRCREV_machine_qemux86-64 ?= "f4d0900b2851e829e990e0f64b09ed3b8e355fae"
+SRCREV_machine_qemumips64 ?= "f7a0b532b6ac81757d85b0c9a928f45a87c9e364"
+SRCREV_machine ?= "f4d0900b2851e829e990e0f64b09ed3b8e355fae"
+SRCREV_meta ?= "3c3197e65b6f2f5514853c1fe78ae8ffc131b02c"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.1;destsuffix=${KMETA}"
-- 
2.5.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-10-22  3:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-22  3:47 [PATCH 0/2] linux-yocto: 4.1/4.4 -stable and CVE fixes Bruce Ashfield
2016-10-22  3:47 ` [PATCH 1/2] linux-yocto/4.4: update to v4.4.26 Bruce Ashfield
2016-10-22  3:47 ` [PATCH 2/2] linux-yocto/4.1: fix CVE-2016-5195 (dirtycow) Bruce Ashfield

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox