[linux-yocto] v4.8.x - stable updates comprising v4.8.27
bruce.ashfield at windriver.com
Thu Mar 1 20:17:48 PST 2018
On 2018-02-28 3:32 PM, Paul Gortmaker wrote:
> Bruce, Yocto kernel folks:
> Here is another 4.8.x stable update. Continuing on top of the
> previously released v4.8.26 kernel, we now have content selected from
> the 4.9.x series to address some of the high profile CVEs that have
> garnered a lot of attention this year.
> One departure of note, is that in the past, I have used other nearby
> releases as a reference for content we might want to consider, but then
> always re-exported the commits directly from mainline, to ensure that I
> get to see all conflicts and similar 1st hand.
> However, the 4.9.x stable tree (and it seems all older backports) are
> early adopters of the KAISER patch set:
> ...which to be sure, influenced what eventually went into mainline,
> however there is no 1:1 mapping between the KAISER patches and mainline.
> As such, there really isn't much choice but to use the 4.9.x versions of
> the KAISER patches, since having worked on mainline backports for the
> 4.12 version, I know trying to take them back to 4.9 would not be the
> right choice here.
> One thing this shares with the 4.12 release is the much more complex
> interdependency between the commits and the baseline they are designed
> for. So, just like 4.12, I have backported select commits from 4.9 in
> order to facilitate using the 4.9 versions of the stable commits largely
> as-is, in the interest of having the most stable end result.
> As usual, I've put this 4.8.x queue through the various testing that I
> figured made sense, which includes but is not limited to:
> -x86-64 sanity boot test + workloads of defconfig on COTS Core2 box.
> -build MIPS, PPC, ARM, ARM64 with defconfig
> -build x86-64 allmodconfig/allyesconfig
> -build i386 allmodconfig/allyesconfig
> I also got some local assistance in running specific tests related to
> the CVEs, which was greatly appreciated.
> I bumped the Makefile and did the signed tag just as per the previously
> released 4.8.x versions.
> Please find a signed v4.8.27 tag using this key:
> in the repo in my kernel.org directory here:
> for merge to standard/base in linux-yocto-4.8 and then out from there
> into the other base and BSP branches.
> For those who are interested, the raw commits can be found here:
> This repo isn't needed for anything; but one thing that might be of
> interest is to inspect the series file, since it is self documenting in
> terms of what patches were 4.9 backports of mainline and what came from
> the 4.9 stable queue directly, and hence can be used as a quick summary
> guide of what was addressed with this release.
If anyone is watching and wondering "why hasn't this merged?", we are
working through some parts of the -rt merge, and will likely have this
ready to go by early next week.
> I suspect we will need to do another 4.8.x release to cover off similar
> issues on non-x86 architecture targets.
More information about the linux-yocto