From: Bruce Ashfield <bruce.ashfield@windriver.com>
To: <richard.purdie@linuxfoundation.org>
Cc: openembedded-core@lists.openembedded.org
Subject: [PATCH 00/12] kernel-yocto: consolidated pull request
Date: Fri, 26 Jan 2018 08:59:11 -0500 [thread overview]
Message-ID: <cover.1516973739.git.bruce.ashfield@windriver.com> (raw)
Hi all,
Here is another consolidated pull request. I was in a cycle waiting for
the right set of Spectre/Meltdown fixes to land, and finally they did
appear for 4.4 and 4.9, so I've triggerd this pull request.
On that CVE note, mitigations for 4.12 and 4.8 (i.e. kernels that have
been released as defaults in the past) will follow in a bit, they just
aren't quite ready yet.
My plan on the kernel front is to get mitigations in place, and then
for the next release put everything but 4.14 and 4.15+ into maintenance
mode.
Along with the -stable updates, I have a build failure fix ([YOCTO #12430)
[PATCH 02/12] linux-yocto/4.9: fix aufs build
As well as some bug fix backports:
[PATCH 04/12] linux-yocto/4.12: CQM and rdt backports
[PATCH 05/12] linux-yocto/4.12: coffeeLake-s graphics and audio support
[PATCH 06/12] linux-yocto/4.12: drm & mips fixes
[PATCH 08/12] linux-yocto/4.12: iwlwifi and pci id backports
There is also a build process fix ([YOCTO #12487])
[PATCH 07/12] kernel-yocto: make SRC_URI defconfig removal more specific
And finally, a RFC patch that tweaks the way make-mod-scripts are built.
I've been carrying this in my tree since last Fall and haven't had any
issues .. but I've still left it as RFC to indicate if there's feedback
please do send it along. That's for YOCTO #12228 if you need extra history
on the bug.
[RFC][PATCH 12/12] make-mod-scripts: change how some kernel module tools are built
I've built and booted all the arches and variants that I possibly could,
but the test matrix is large, so there always remains the possibility that
something has slipped through.
And finally, here are the Spectre/Meltdown reports for 4.9 and 4.4:
4.4 spectre test:
-----------------
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
> STATUS: VULNERABLE (Vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: NO (kernel reports minimal retpoline compilation)
* Retpoline enabled: YES
> STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
4.9 Spectre test:
----------------
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
> STATUS: VULNERABLE (Vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: NO (kernel reports minimal retpoline compilation)
* Retpoline enabled: YES
> STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
Cheers,
Bruce
The following changes since commit 902b77bf91d96517b935bce00a11003604dc3d54:
lib/oe/package_manager/sdk: Ensure do_populate_sdk_ext and do_populate_sdk repos don't conflict (2018-01-22 10:39:10 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib zedd/kernel
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel
Bruce Ashfield (11):
linux-yocto/4.9: update to v4.9.71
linux-yocto/4.9: fix aufs build
linux-yocto/4.4: update to 4.4.99
linux-yocto/4.12: CQM and rdt backports
linux-yocto/4.12: coffeeLake-s graphics and audio support
linux-yocto/4.12: drm & mips fixes
kernel-yocto: make SRC_URI defconfig removal more specific
linux-yocto/4.12: iwlwifi and pci id backports
linux-yocto/4.4: update to v4.4.113
linux-yocto/4.9: update to v4.9.78
linux-yocto/4.12: update to v4.12.19
Joe Slater (1):
make-mod-scripts: change how some kernel module tools are built
meta/classes/kernel-yocto.bbclass | 2 +-
meta/classes/module-base.bbclass | 12 +++--------
meta/classes/module.bbclass | 4 ----
meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto_4.12.bb | 20 +++++++++---------
meta/recipes-kernel/linux/linux-yocto_4.4.bb | 20 +++++++++---------
meta/recipes-kernel/linux/linux-yocto_4.9.bb | 20 +++++++++---------
.../make-mod-scripts/make-mod-scripts_1.0.bb | 24 ++++++++++++++++++++++
13 files changed, 76 insertions(+), 62 deletions(-)
create mode 100644 meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
--
2.5.0
next reply other threads:[~2018-01-26 13:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-26 13:59 Bruce Ashfield [this message]
2018-01-26 13:59 ` [PATCH 01/12] linux-yocto/4.9: update to v4.9.71 Bruce Ashfield
2018-01-26 13:59 ` [PATCH 02/12] linux-yocto/4.9: fix aufs build Bruce Ashfield
2018-01-26 13:59 ` [PATCH 03/12] linux-yocto/4.4: update to 4.4.99 Bruce Ashfield
2018-01-26 13:59 ` [PATCH 04/12] linux-yocto/4.12: CQM and rdt backports Bruce Ashfield
2018-01-26 13:59 ` [PATCH 05/12] linux-yocto/4.12: coffeeLake-s graphics and audio support Bruce Ashfield
2018-01-26 13:59 ` [PATCH 06/12] linux-yocto/4.12: drm & mips fixes Bruce Ashfield
2018-01-26 13:59 ` [PATCH 07/12] kernel-yocto: make SRC_URI defconfig removal more specific Bruce Ashfield
2018-01-26 13:59 ` [PATCH 08/12] linux-yocto/4.12: iwlwifi and pci id backports Bruce Ashfield
2018-01-26 13:59 ` [PATCH 09/12] linux-yocto/4.4: update to v4.4.113 Bruce Ashfield
2018-01-26 13:59 ` [PATCH 10/12] linux-yocto/4.9: update to v4.9.78 Bruce Ashfield
2018-01-26 13:59 ` [PATCH 11/12] linux-yocto/4.12: update to v4.12.19 Bruce Ashfield
2018-01-26 13:59 ` [RFC][PATCH 12/12] make-mod-scripts: change how some kernel module tools are built Bruce Ashfield
2018-02-15 20:12 ` Peter Kjellerstedt
2018-02-16 16:16 ` Bruce Ashfield
2018-01-26 14:32 ` ✗ patchtest: failure for kernel-yocto: consolidated pull request Patchwork
-- strict thread matches above, loose matches on Subject: below --
2023-11-08 14:16 [PATCH 00/12] " bruce.ashfield
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1516973739.git.bruce.ashfield@windriver.com \
--to=bruce.ashfield@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox