* [OE-core][kirkstone 1/8] qemu: backport Debian patch to fix CVE-2023-0330
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 2/8] ghostscript: fix CVE-2023-36664 Steve Sakoman
` (6 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from ubuntu to fix
CVE-2023-0330
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-0330.patch | 75 +++++++++++++++++++
2 files changed, 76 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 7f2b52fa88..c6c6e49ebf 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -93,6 +93,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2022-4144.patch \
file://0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch \
file://0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
+ file://CVE-2023-0330.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
new file mode 100644
index 0000000000..025075fd6d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
@@ -0,0 +1,75 @@
+[Ubuntu note: remove fuzz-lsi53c895a-test.c changes since the file does not
+ exist for this release]
+From b987718bbb1d0eabf95499b976212dd5f0120d75 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Mon, 22 May 2023 11:10:11 +0200
+Subject: [PATCH] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI
+ controller (CVE-2023-0330)
+
+We cannot use the generic reentrancy guard in the LSI code, so
+we have to manually prevent endless reentrancy here. The problematic
+lsi_execute_script() function has already a way to detect whether
+too many instructions have been executed - we just have to slightly
+change the logic here that it also takes into account if the function
+has been called too often in a reentrant way.
+
+The code in fuzz-lsi53c895a-test.c has been taken from an earlier
+patch by Mauro Matteo Cascella.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
+Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2023-0330.patch?h=ubuntu/jammy-security
+Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75]
+CVE: CVE-2023-0330
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ hw/scsi/lsi53c895a.c | 23 +++++++++++++++------
+ tests/qtest/fuzz-lsi53c895a-test.c | 33 ++++++++++++++++++++++++++++++
+ 2 files changed, 50 insertions(+), 6 deletions(-)
+
+--- qemu-6.2+dfsg.orig/hw/scsi/lsi53c895a.c
++++ qemu-6.2+dfsg/hw/scsi/lsi53c895a.c
+@@ -1135,15 +1135,24 @@ static void lsi_execute_script(LSIState
+ uint32_t addr, addr_high;
+ int opcode;
+ int insn_processed = 0;
++ static int reentrancy_level;
++
++ reentrancy_level++;
+
+ s->istat1 |= LSI_ISTAT1_SRUN;
+ again:
+- if (++insn_processed > LSI_MAX_INSN) {
+- /* Some windows drivers make the device spin waiting for a memory
+- location to change. If we have been executed a lot of code then
+- assume this is the case and force an unexpected device disconnect.
+- This is apparently sufficient to beat the drivers into submission.
+- */
++ /*
++ * Some windows drivers make the device spin waiting for a memory location
++ * to change. If we have executed more than LSI_MAX_INSN instructions then
++ * assume this is the case and force an unexpected device disconnect. This
++ * is apparently sufficient to beat the drivers into submission.
++ *
++ * Another issue (CVE-2023-0330) can occur if the script is programmed to
++ * trigger itself again and again. Avoid this problem by stopping after
++ * being called multiple times in a reentrant way (8 is an arbitrary value
++ * which should be enough for all valid use cases).
++ */
++ if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) {
+ if (!(s->sien0 & LSI_SIST0_UDC)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "lsi_scsi: inf. loop with UDC masked");
+@@ -1597,6 +1606,8 @@ again:
+ }
+ }
+ trace_lsi_execute_script_stop();
++
++ reentrancy_level--;
+ }
+
+ static uint8_t lsi_reg_readb(LSIState *s, int offset)
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 2/8] ghostscript: fix CVE-2023-36664
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 1/8] qemu: backport Debian patch to fix CVE-2023-0330 Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 3/8] linux-yocto/5.15: update to v5.15.119 Steve Sakoman
` (5 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664
Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ghostscript/CVE-2023-36664-0001.patch | 146 ++++++++++++++++++
.../ghostscript/CVE-2023-36664-0002.patch | 60 +++++++
.../ghostscript/ghostscript_9.55.0.bb | 2 +
3 files changed, 208 insertions(+)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch
new file mode 100644
index 0000000000..99fcc61b9b
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch
@@ -0,0 +1,146 @@
+From ed607fedbcd41f4a0e71df6af4ba5b07dd630209 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 7 Jun 2023 10:23:06 +0100
+Subject: [PATCH 1/2] Bug 706761: Don't "reduce" %pipe% file names for
+ permission validation
+
+For regular file names, we try to simplfy relative paths before we use them.
+
+Because the %pipe% device can, effectively, accept command line calls, we
+shouldn't be simplifying that string, because the command line syntax can end
+up confusing the path simplifying code. That can result in permitting a pipe
+command which does not match what was originally permitted.
+
+Special case "%pipe" in the validation code so we always deal with the entire
+string.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea]
+CVE: CVE-2023-36664
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gpmisc.c | 31 +++++++++++++++++++--------
+ base/gslibctx.c | 56 ++++++++++++++++++++++++++++++++++++-------------
+ 2 files changed, 64 insertions(+), 23 deletions(-)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index 8b6458a..c61ab3f 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1076,16 +1076,29 @@ gp_validate_path_len(const gs_memory_t *mem,
+ && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) {
+ prefix_len = 0;
+ }
+- rlen = len+1;
+- bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
+- if (bufferfull == NULL)
+- return gs_error_VMerror;
+-
+- buffer = bufferfull + prefix_len;
+- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
+- return gs_error_invalidfileaccess;
+- buffer[rlen] = 0;
+
++ /* "%pipe%" do not follow the normal rules for path definitions, so we
++ don't "reduce" them to avoid unexpected results
++ */
++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path");
++ if (buffer == NULL)
++ return gs_error_VMerror;
++ memcpy(buffer, path, len);
++ buffer[len] = 0;
++ rlen = len;
++ }
++ else {
++ rlen = len+1;
++ bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
++ if (bufferfull == NULL)
++ return gs_error_VMerror;
++
++ buffer = bufferfull + prefix_len;
++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
++ return gs_error_invalidfileaccess;
++ buffer[rlen] = 0;
++ }
+ while (1) {
+ switch (mode[0])
+ {
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 5bf497b..5fdfe25 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -734,14 +734,28 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co
+ return gs_error_rangecheck;
+ }
+
+- rlen = len+1;
+- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path");
+- if (buffer == NULL)
+- return gs_error_VMerror;
++ /* "%pipe%" do not follow the normal rules for path definitions, so we
++ don't "reduce" them to avoid unexpected results
++ */
++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len");
++ if (buffer == NULL)
++ return gs_error_VMerror;
++ memcpy(buffer, path, len);
++ buffer[len] = 0;
++ rlen = len;
++ }
++ else {
++ rlen = len + 1;
+
+- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
+- return gs_error_invalidfileaccess;
+- buffer[rlen] = 0;
++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_add_control_path_len");
++ if (buffer == NULL)
++ return gs_error_VMerror;
++
++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
++ return gs_error_invalidfileaccess;
++ buffer[rlen] = 0;
++ }
+
+ n = control->num;
+ for (i = 0; i < n; i++)
+@@ -827,14 +841,28 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type,
+ return gs_error_rangecheck;
+ }
+
+- rlen = len+1;
+- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path");
+- if (buffer == NULL)
+- return gs_error_VMerror;
++ /* "%pipe%" do not follow the normal rules for path definitions, so we
++ don't "reduce" them to avoid unexpected results
++ */
++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len");
++ if (buffer == NULL)
++ return gs_error_VMerror;
++ memcpy(buffer, path, len);
++ buffer[len] = 0;
++ rlen = len;
++ }
++ else {
++ rlen = len+1;
+
+- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
+- return gs_error_invalidfileaccess;
+- buffer[rlen] = 0;
++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_remove_control_path_len");
++ if (buffer == NULL)
++ return gs_error_VMerror;
++
++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
++ return gs_error_invalidfileaccess;
++ buffer[rlen] = 0;
++ }
+
+ n = control->num;
+ for (i = 0; i < n; i++) {
+--
+2.40.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch
new file mode 100644
index 0000000000..7d78e6b1b1
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch
@@ -0,0 +1,60 @@
+From f96350aeb7f8c2e3f7129866c694a24f241db18c Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 14 Jun 2023 09:08:12 +0100
+Subject: [PATCH 2/2] Bug 706778: 706761 revisit
+
+Two problems with the original commit. The first a silly typo inverting the
+logic of a test.
+
+The second was forgetting that we actually actually validate two candidate
+strings for pipe devices. One with the expected "%pipe%" prefix, the other
+using the pipe character prefix: "|".
+
+This addresses both those.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099]
+CVE: CVE-2023-36664
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gpmisc.c | 2 +-
+ base/gslibctx.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index c61ab3f..e459f6a 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1080,7 +1080,7 @@ gp_validate_path_len(const gs_memory_t *mem,
+ /* "%pipe%" do not follow the normal rules for path definitions, so we
+ don't "reduce" them to avoid unexpected results
+ */
+- if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
+ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path");
+ if (buffer == NULL)
+ return gs_error_VMerror;
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 5fdfe25..2a1addf 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -737,7 +737,7 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co
+ /* "%pipe%" do not follow the normal rules for path definitions, so we
+ don't "reduce" them to avoid unexpected results
+ */
+- if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
+ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len");
+ if (buffer == NULL)
+ return gs_error_VMerror;
+@@ -844,7 +844,7 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type,
+ /* "%pipe%" do not follow the normal rules for path definitions, so we
+ don't "reduce" them to avoid unexpected results
+ */
+- if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
+ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len");
+ if (buffer == NULL)
+ return gs_error_VMerror;
+--
+2.40.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index f29c57beea..48508fd6a2 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -35,6 +35,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://mkdir-p.patch \
file://CVE-2022-2085.patch \
file://cve-2023-28879.patch \
+ file://CVE-2023-36664-0001.patch \
+ file://CVE-2023-36664-0002.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 3/8] linux-yocto/5.15: update to v5.15.119
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 1/8] qemu: backport Debian patch to fix CVE-2023-0330 Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 2/8] ghostscript: fix CVE-2023-36664 Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 4/8] linux-yocto/5.15: update to v5.15.120 Steve Sakoman
` (4 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
4af60700a60c Linux 5.15.119
10fbd2e04e40 act_mirred: remove unneded merge conflict markers
2230b3f874d9 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
907a069ec38f x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
7949f83f7ecc vhost_net: revert upend_idx only on retriable error
fdac0aa4a175 drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
f012d3037c15 drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
a44b4230d2ba drm/exynos: vidi: fix a wrong error return
79b4125bce96 ARM: dts: Fix erroneous ADS touchscreen polarities
9684c4fdeeca s390/purgatory: disable branch profiling
3c4d87e9fa8a ASoC: nau8824: Add quirk to active-high jack-detect
d77eac1b14e0 soundwire: dmi-quirks: add new mapping for HP Spectre x360
53ad4af4ec90 ASoC: simple-card: Add missing of_node_put() in case of error
bb45dc7b67c5 spi: lpspi: disable lpspi module irq in DMA mode
f8d9d8f1727d s390/cio: unregister device when the only path is gone
e10d15fdfced Input: soc_button_array - add invalid acpi_index DMI quirk handling
26bde09a1512 nvme: double KA polling frequency to avoid KATO with TBKAS on
e3bbc148377d usb: gadget: udc: fix NULL dereference in remove()
cce681383d34 nfcsim.c: Fix error checking for debugfs_create_dir
8a5ddd1430d4 media: cec: core: don't set last_initiator if tx in progress
01cf989090da arm64: Add missing Set/Way CMO encodings
f97b16c0a538 HID: wacom: Add error check to wacom_parse_and_register()
e8bdb1f88699 scsi: target: iscsi: Prevent login threads from racing between each other
1cc379d53b66 gpio: sifive: add missing check for platform_get_irq
497d40140865 gpiolib: Fix GPIO chip IRQ initialization restriction
7973c4b3b97d gpio: Allow per-parent interrupt data
c1a2b52d999e sch_netem: acquire qdisc lock in netem_change()
3138c85031e8 selftests: forwarding: Fix race condition in mirror installation
b7db41a86541 bpf/btf: Accept function names that contain dots
0f8d81254fd6 Revert "net: phy: dp83867: perform soft reset and retain established link"
57130334da4e netfilter: nfnetlink_osf: fix module autoload
53defc6ecff4 netfilter: nf_tables: disallow updates of anonymous sets
2f2f9eaa6da1 netfilter: nf_tables: reject unbound chain set before commit phase
2938e7d582d7 netfilter: nf_tables: reject unbound anonymous set before commit phase
baa3ec1b31f5 netfilter: nf_tables: disallow element updates of bound anonymous sets
45eb6944d0f5 netfilter: nft_set_pipapo: .walk does not deal with generations
4004f12aaca8 netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
314a8697d080 netfilter: nf_tables: fix chain binding transaction logic
1328e8d4c3ee be2net: Extend xmit workaround to BE3 chip
768f94c5f639 net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
aa528e7d379f net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
efea112a87b6 ipvs: align inner_mac_header for encapsulation
24d7d9aee03d mmc: usdhi60rol0: fix deferred probing
d1e08bed0307 mmc: sh_mmcif: fix deferred probing
34c4906b9a06 mmc: sdhci-acpi: fix deferred probing
41f1e8dab08d mmc: owl: fix deferred probing
b86ca9e08ca9 mmc: omap_hsmmc: fix deferred probing
445a9568dec1 mmc: omap: fix deferred probing
840deb8d1418 mmc: mvsdio: fix deferred probing
92f73c4f927c mmc: mtk-sd: fix deferred probing
aedecd013d2c net: qca_spi: Avoid high load if QCA7000 is not available
156dd06fb337 xfrm: Linearize the skb after offloading if needed.
d967bd7ea6cc selftests: net: fcnal-test: check if FIPS mode is enabled
964cfdfd4b4f xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
25e89fa7b5a8 bpf: Fix verifier id tracking of scalars on spill
0b180495f6b0 bpf: track immediate values written to stack by BPF_ST instruction
3229a29e95f5 xfrm: Ensure policies always checked on XFRM-I input path
d055ee18cab8 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
491ce3c1d98a xfrm: Treat already-verified secpath entries as optional
0ce3d0c068d9 ieee802154: hwsim: Fix possible memory leaks
29672dc47d99 mmc: meson-gx: fix deferred probing
9bac4a2b7326 memfd: check for non-NULL file_seals in memfd_create() syscall
103734b429b9 x86/mm: Avoid using set_pgd() outside of real PGD pages
793d0224bb60 nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
96987c383c2b io_uring/net: disable partial retries for recvmsg with cmsg
25a543ca3005 io_uring/net: clear msg_controllen on partial sendmsg retry
34a7e5021a43 io_uring/net: save msghdr->msg_control for retries
b07bb2914ada writeback: fix dereferencing NULL mapping->host on writeback_page_template
3c46a240ddba regmap: spi-avmm: Fix regmap_bus max_raw_write
4796d9b06917 regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
ba9952e2f50b ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
acee272283f4 mmc: mmci: stm32: fix max busy timeout calculation
999173f295cc mmc: meson-gx: remove redundant mmc_request_done() call from irq context
00010b52c705 mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
4a557910bbed cgroup: Do not corrupt task iteration when rebinding subsystem
815b24401165 PCI: hv: Add a per-bus mutex state_lock
34e21b8ff3e6 PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
7d852ca7af37 PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
5e0d33cc7813 Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
ac0df91c7d98 PCI: hv: Fix a race condition bug in hv_pci_query_relations()
80c5d97b4aa1 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
4d31eb2e266c Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
953dd7e2df81 KVM: Avoid illegal stage2 mapping on invalid memory slot
1d6c93206839 ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
b12011cea56b nilfs2: fix buffer corruption due to concurrent device reads
485f6be2549c selftests: mptcp: join: skip check if MIB counter not supported
64cb73ea77ab selftests: mptcp: join: use 'iptables-legacy' if available
979a941d7ed3 selftests: mptcp: pm nl: remove hardcoded default limits
ac65930751c4 selftests/mount_setattr: fix redefine struct mount_attr build error
726d033133e7 selftests: mptcp: lib: skip if not below kernel version
b28fc26683b4 selftests: mptcp: lib: skip if missing symbol
024a24e5d4dd tick/common: Align tick period during sched_timer setup
3c1aa91b37f9 drm/amd/display: Add wrapper to call planes and stream update
eea850c025b5 drm/amd/display: Use dc_update_planes_and_stream
fb7c68bbccad drm/amd/display: Add minimal pipe split transition state
b5f0e898f674 tpm, tpm_tis: Claim locality in interrupt handler
39e787253720 tracing: Add tracing_reset_all_online_cpus_unlocked() function
5a24be76af79 drm/amd/display: fix the system hang while disable PSR
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 8ecf81b1960ab1001efe41cb3d132accf985e3dc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 8e5ff78790..5507690d74 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "b2a7dbd4edac7627c091c2ab14fec83726a4c79b"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine ?= "482797bf5730cf22143afe28d489363ca4bf44a2"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 77e11c100b..2641fe60f8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "b79e89ab973aeb8ec48e2cd987436ab52678e795"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine ?= "ded230a888ef81ccedf0044bd8c2236f3b809599"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index c4266c6f30..9ee7a350d3 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "2290ac7e8d7fbb8e13a34468b85066c398c7d1f3"
-SRCREV_machine:qemuarm64 ?= "3f3f2067c3ee4d9dffaed9b757583d013671cf25"
-SRCREV_machine:qemumips ?= "f61a3b045bdfc9aa7da440852e0a79fd8d9b4d69"
-SRCREV_machine:qemuppc ?= "7a2773ad8fb4ae4eb0183ccda8ec133098d13ec9"
-SRCREV_machine:qemuriscv64 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemuriscv32 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemux86 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemux86-64 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemumips64 ?= "47d334232ab28f0f8d5316e07e11f8f14c6aaecc"
-SRCREV_machine ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine:qemuarm ?= "9ae4c8018039201ce683ff26bde47a3e3e6664ef"
+SRCREV_machine:qemuarm64 ?= "58394274da1b4fdf69ca780001bf25eebfd1950f"
+SRCREV_machine:qemumips ?= "bacfb28c9349b36afe3041e57d98551aa723bbc2"
+SRCREV_machine:qemuppc ?= "d9efae0cb3731ab62cb81778c2fa5689594d34b1"
+SRCREV_machine:qemuriscv64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemuriscv32 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemux86 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemux86-64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemumips64 ?= "2ae09c410d8a5a0ec66d50368579dd3d3616072b"
+SRCREV_machine ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "f67653019430833d5003f16817d7fa85272a6a76"
+SRCREV_machine:class-devupstream ?= "4af60700a60cc45ee4fb6d579cccf1b7bca20c34"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 4/8] linux-yocto/5.15: update to v5.15.120
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-07-24 2:33 ` [OE-core][kirkstone 3/8] linux-yocto/5.15: update to v5.15.119 Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 5/8] gcc: don't pass --enable-standard-branch-protection Steve Sakoman
` (3 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
d54cfc420586 Linux 5.15.120
c06edf13f4cf nubus: Partially revert proc_create_single_data() conversion
6e65fa33edf5 parisc: Delete redundant register definitions in <asm/assembly.h>
b4d8f8900021 drm/amdgpu: Validate VM ioctl flags.
26eb191bf5a0 scripts/tags.sh: Resolve gtags empty index generation
989b4a753c7e perf symbols: Symbol lookup with kcore can fail if multiple segments match stext
87f51cf60e3e Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe"
6a28f3490d3d HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
67ce7724637c HID: wacom: Use ktime_t rather than int when dealing with timestamps
347732317749 bpf: ensure main program has an extable
d874cf9799a9 can: isotp: isotp_sendmsg(): fix return error fix on TX path
27d03d15bb8b x86/smp: Use dedicated cache-line for mwait_play_dead()
d6c745ca4fc5 x86/microcode/AMD: Load late on both threads too
9052349685e9 drm/amdgpu: Set vmbo destroy after pt bo is created
796481bedc3e mm, hwpoison: when copy-on-write hits poison, take page offline
6713b8f11aa0 mm, hwpoison: try to recover from copy-on write faults
b46021ab8304 mptcp: consolidate fallback and non fallback state machine
42ff95b4bd11 mptcp: fix possible divide by zero in recvmsg()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 51c474534c27ac0739a6373595a49ebbc52c3715)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 5507690d74..8361787bdb 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "482797bf5730cf22143afe28d489363ca4bf44a2"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine ?= "0b2e44360ea08b441883f16826c4720546a0886c"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 2641fe60f8..517aede49c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "ded230a888ef81ccedf0044bd8c2236f3b809599"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine ?= "bb0cc3f9542c03fba314f5da44e91556c641706f"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 9ee7a350d3..dc2cd79f97 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "9ae4c8018039201ce683ff26bde47a3e3e6664ef"
-SRCREV_machine:qemuarm64 ?= "58394274da1b4fdf69ca780001bf25eebfd1950f"
-SRCREV_machine:qemumips ?= "bacfb28c9349b36afe3041e57d98551aa723bbc2"
-SRCREV_machine:qemuppc ?= "d9efae0cb3731ab62cb81778c2fa5689594d34b1"
-SRCREV_machine:qemuriscv64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemuriscv32 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemux86 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemux86-64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemumips64 ?= "2ae09c410d8a5a0ec66d50368579dd3d3616072b"
-SRCREV_machine ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine:qemuarm ?= "938c0c130bc6403d7e54ffc026a1eb32d10b34f9"
+SRCREV_machine:qemuarm64 ?= "d248c07ace0f6bf2a94eaba26a2bdbdbcfb2ec15"
+SRCREV_machine:qemumips ?= "19fdaea3b322820eb042622e68ede3cc99cdf87f"
+SRCREV_machine:qemuppc ?= "8db87cbed6574bec3ece05bf4cbb275fd3497f50"
+SRCREV_machine:qemuriscv64 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemuriscv32 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemux86 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemux86-64 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemumips64 ?= "f7673229ddb5c9f3d77b5fb521c98f7dcd20f2ea"
+SRCREV_machine ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4af60700a60cc45ee4fb6d579cccf1b7bca20c34"
+SRCREV_machine:class-devupstream ?= "d54cfc420586425d418a53871290cc4a59d33501"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 5/8] gcc: don't pass --enable-standard-branch-protection
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-07-24 2:33 ` [OE-core][kirkstone 4/8] linux-yocto/5.15: update to v5.15.120 Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 6/8] machine/arch-arm64: add -mbranch-protection=standard Steve Sakoman
` (2 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
By changing the default code generation of GCC we're inadvertently
breaking the GCC test suite, which has ~120K+ more failures when run for
aarch64 compared to x86-64.
This was because the generated code fragments included the BTI
instructions, which the test case wasn't expecting. We can't tell the
tests globally to run without branch protection, as that will break the
tests which also turn it on.
Remove the enabling of branch protection by standard in GCC, we'll
enable it in the tune files instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb4b9017db6a893ed054a2d2ad4cc671dec09c42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-configure-common.inc | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index e4cdb73f0a..dba25eb754 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,7 +40,6 @@ EXTRA_OECONF = "\
${@get_gcc_mips_plt_setting(bb, d)} \
${@get_gcc_ppc_plt_settings(bb, d)} \
${@get_gcc_multiarch_setting(bb, d)} \
- --enable-standard-branch-protection \
"
# glibc version is a minimum controlling whether features are enabled.
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 6/8] machine/arch-arm64: add -mbranch-protection=standard
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-07-24 2:33 ` [OE-core][kirkstone 5/8] gcc: don't pass --enable-standard-branch-protection Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 7/8] gcc-testsuite: Fix ppc cpu specification Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 8/8] package.bbclass: moving field data process before variable process in process_pkgconfig Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Enable branch protection (PAC/BTI) for all aarch64 builds. This was
previously enabled at a global level in the GCC build, but that breaks
the gcc test suite.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8905639d1cdc5ce809cc5ecd9672f5e86bf8a579)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/machine/include/arm/arch-arm64.inc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/conf/machine/include/arm/arch-arm64.inc b/meta/conf/machine/include/arm/arch-arm64.inc
index 0e2efb5a40..832d0000ac 100644
--- a/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/meta/conf/machine/include/arm/arch-arm64.inc
@@ -37,3 +37,8 @@ TUNE_ARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_ARCH_64}',
TUNE_PKGARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_PKGARCH_64}', '${TUNE_PKGARCH_32}', d)}"
ABIEXTENSION = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${ABIEXTENSION_64}', '${ABIEXTENSION_32}', d)}"
TARGET_FPU = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TARGET_FPU_64}', '${TARGET_FPU_32}', d)}"
+
+# Emit branch protection (PAC/BTI) instructions. On hardware that doesn't
+# support these they're meaningless NOP instructions, so there's very little
+# reason not to.
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ' -mbranch-protection=standard', '', d)}"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 7/8] gcc-testsuite: Fix ppc cpu specification
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-07-24 2:33 ` [OE-core][kirkstone 6/8] machine/arch-arm64: add -mbranch-protection=standard Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
2023-07-24 2:33 ` [OE-core][kirkstone 8/8] package.bbclass: moving field data process before variable process in process_pkgconfig Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
After this change in qemu:
https://gitlab.com/qemu-project/qemu/-/commit/c7e89de13224c1e6409152602ac760ac91f606b4
there is no 'max' cpu model on ppc. Drop it to clean up ppc gcc testsuite failures.
In order for this to work we do need to pull in the alternative cpu option from
QEMU_EXTRAOPTIONS on powerpc.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c447f2b21b20fb2b1829d540af2cc0bf8242700c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-testsuite.inc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f68fec58ed..64f60c730f 100644
--- a/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -51,9 +51,10 @@ python check_prepare() {
# enable all valid instructions, since the test suite itself does not
# limit itself to the target cpu options.
# - valid for x86*, powerpc, arm, arm64
- if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "ppc", "arm", "aarch64"]:
+ if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]:
args += ["-cpu", "max"]
-
+ elif qemu_binary.lstrip("qemu-") in ["ppc"]:
+ args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split()
sysroot = d.getVar("RECIPE_SYSROOT")
args += ["-L", sysroot]
# lib paths are static here instead of using $libdir since this is used by a -cross recipe
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 8/8] package.bbclass: moving field data process before variable process in process_pkgconfig
2023-07-24 2:33 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-07-24 2:33 ` [OE-core][kirkstone 7/8] gcc-testsuite: Fix ppc cpu specification Steve Sakoman
@ 2023-07-24 2:33 ` Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
From: Xiangyu Chen <xiangyu.chen@windriver.com>
Currently, the latest version abseil-cpp contains a new library named "absl_log_internal_format", it's
basic package config(.pc file) as below:
prefix=/usr
exec_prefix=${prefix}
......
Requires: absl_config = 20230125, absl_core_headers = 20230125, absl_log_internal_append_truncated = 20230125,
absl_log_internal_config = 20230125, absl_log_internal_globals = 20230125, absl_log_severity = 20230125,
absl_strings = 20230125, absl_str_format = 20230125, absl_time = 20230125, absl_span = 20230125
......
Normally, the process_pkgconfig() would process variable data before field data in a .pc file, but in the
absl_log_internal_format, the field data in "Requires" section contains "xxxx = xxxx" format, the
process_pkgconfig() treats them as normal variable and using the setVar() in bitbake's data_smart.py
try to process. The absl_log_internal_format field data contains "_append_", this hit the setVar() checking
and finally bitbake stop building and reporting an error as below:
"Variable xxx contains an operation using the old override syntax. Please convert this layer/metadata before attempting to use with a newer bitbake."
This patch move the field data process before variable process to avoid the process_pkgconfig() treat the field
data as variable.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
(cherry picked from commit a73e269d3e591a10bb397b94b82e3fb960112d33)
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/package.bbclass | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index fed2f5531d..67351b2510 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -2178,18 +2178,18 @@ python package_do_pkgconfig () {
with open(file, 'r') as f:
lines = f.readlines()
for l in lines:
- m = var_re.match(l)
- if m:
- name = m.group(1)
- val = m.group(2)
- pd.setVar(name, pd.expand(val))
- continue
m = field_re.match(l)
if m:
hdr = m.group(1)
exp = pd.expand(m.group(2))
if hdr == 'Requires':
pkgconfig_needed[pkg] += exp.replace(',', ' ').split()
+ continue
+ m = var_re.match(l)
+ if m:
+ name = m.group(1)
+ val = m.group(2)
+ pd.setVar(name, pd.expand(val))
for pkg in packages.split():
pkgs_file = os.path.join(shlibswork_dir, pkg + ".pclist")
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread