The yocto website has changed its structure. Update the section for
Accessing the Downloads page to match the new structure.
(From yocto-docs rev: fda5e5a915d3441252eaf0c7a9ede8d13fb4539e)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pulls in the changes:
Eilís 'pidge' Ní Fhlannagáin (1):
subports: Add _GNU_SOURCE for syncfs probe
Richard Purdie (1):
SECURITY.md: Add file
Wu Zhenyu (1):
pseudo.1: Fix a typo
(From OE-Core rev: ff0dc585479136e3d031da08ef15e8e5c6e92c8d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9aab5be508c0dd88a4d9767f65ba5b6fcd5fb9dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
zstd is dual-licensed under BSD _OR_ GPLv2. License wording in the
README for v1.5.5 is misleading, but license headers in the code clearly
state that there is a choice between the two licenses.
(From OE-Core rev: 6c9a5fefeaa9225c193a0445bae869e6844bf34d)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 40f85de590c188c9c3985e64a83efaf06b0b4fbc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Avahi has moved to a new parent organisation on GitHub, so update the
URLs to match.
(From OE-Core rev: b541fbeb99df15a1548f93ddbd654fb629ebc2ce)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 02caef1567186f250e64ae3ef84fcff33d7323e4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.
The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,
fatal error: stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.
(From OE-Core rev: 5599eaefee3818c865d71f5b7c3cc04fc01de848)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current description is only pertinent to the kernel, even though
do_menuconfig task is used by other projects, such as Busybox and
U-Boot.
Replace "for the kernel" by an agnostic alternative (i.e., "in the
compilation directory").
(From OE-Core rev: adf91e340d5d8121c87585fd7340f947b21396b1)
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52e053bce5e359995ebdaa21d6899f04ad2306a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
bnx2x is another broadcom ethernet adapter with its own firmware. Place
it into its own subpackage.
(From OE-Core rev: bb9eeafb13a69fe71919832b89a01ef8b561f7d7)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 414f71bb692da7ca1899b07ebb689edeb53f8e0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The bnx2 module uses both the mips and rv2p files, so package them all
together. Remove -mips from the package name, but add an RPROVIDES for
compatibility.
(From OE-Core rev: 49ca6eb5ef93bf90c682ea06c83db147aed250fa)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46f2b7b3bebc7efdb4199cdfe386dc16c049d8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The iwlwifi uses the .pnvm files for newer AX210+ cards, so package them
into the iwlwifi-misc subpackage.
(From OE-Core rev: d4f7a9f4715ba2eda753ff6bac07f6905233c3d7)
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 056c4de1422ff06745c5669f871a1bb6f5390d01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.11..go1.20.12
97c8ff8d53 (tag: go1.20.12, origin/release-branch.go1.20) [release-branch.go1.20] go1.20.12
6446af942e [release-branch.go1.20] net/http: limit chunked data overhead
77397ffcb2 [release-branch.go1.20] crypto/rand,runtime: revert "switch RtlGenRandom for ProcessPrng"
d77307f855 [release-branch.go1.20] cmd/compile: fix findIndVar so it does not match disjointed loop headers
1bd76576fe [release-branch.go1.20] crypto/rand,runtime: switch RtlGenRandom for ProcessPrng
1b59b017db [release-branch.go1.20] path/filepath: consider \\?\c: as a volume on Windows
46bc33819a [release-branch.go1.20] cmd/go/internal/vcs: error out if the requested repo does not support a secure protocol
e1dc209be8 [release-branch.go1.20] cmd/go/internal/modfetch/codehost: set core.longpaths in Git repos on Windows
[1] https://github.com/golang/go/compare/go1.20.11...go1.20.12
(From OE-Core rev: 3e7981c7e575b0e16a7b7aba47993e9c58a719c5)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8515842b5c503b9a8840675d9cbcfe147d25c1d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Adds context manager API for the asyncrcp client class which allow
writing code that will automatically close the connection like so:
with hashserv.create_client(address) as client:
...
Rework the bitbake-hashclient tool and PR server to use this new API to
fix warnings about unclosed event loops when exiting
(Bitbake rev: 52226a7244968c8dad6f4ee9ccec57ac1979217a)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d01d684a0f6398270fe35ed59b7d28f3fd9b7e41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
(From OE-Core rev: e6a2793afdf4d48479e5f369a0446db51a681117)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825#14882#15081 ]
(From OE-Core rev: bd9070fbf4942d412099b4a0a8d199f9d63e33e3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The target_dumper code is basically broken. It has been reading binary files
over the text base serial communication and runs at every command failure which
makes no sense. Each run might overwrite files from the previous run and the
output appears corrupted due to confusion from the binary data.
For now, remove the commands and the target dumper code as the command
and execution point are problematic. Also remove the same pieces of the monitor
code but leave the command list since in theory this can be moved to a more
useful place in the code.
(From OE-Core rev: 4c7aa982a996b23a4c5100c5a5a9390e26e5fe46)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a24d787987dccc95fdd95b7e85bf525a1c55b285)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch Signed-off-by test's output line is excessively long, and can
trigger a failsafe in the patchtest automated service's email content
generation. Shorten the output by reducing redundant phrasing and using
os.path.basename to get only the failing patch's name, not the entire
path, as the submitter should have a good idea of where it is located
regardless.
(From OE-Core rev: f6a6af896dd1968eded614b0c519dc375eff407a)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc7546ded87dd44a988d7a23f1d7645094b5cdd4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Skip -Werror to make it possible to compile this recipe with ICECC else
all fallthrough comments will be removed since we pre-process the files
on the host before sending them to the compile nodes which then cause
errors because of default -Werror switch.
Fixes: caf64f85b5c5 ("json-c: update 0.13.1 - > 0.14")
(From OE-Core rev: edda50f28826fd84f83ccecaffbc7705204bccd6)
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 915f8307b063e17ddadd5dface83578b8ad254e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Cups documentation states:
The default contains "admin", "lpadmin", "root", "sys" and/or "system".
https://www.cups.org/doc/man-cups-files.conf.html#:~:text=SystemGroup
Add root and sys accordingly
Also add wheel group. This is required for systems with polkit support in order to
control the printer settings with cups-pk-helper.
Not only for gnome-control-center, but also when using plain system-config-printer on
a system with running polkit, cups-pk-helper would be a required rdepend.
(From OE-Core rev: 1cca30bb163fbc3f6b79fe3cff6d6b405830a63a)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 572fed0ac6dbcf5749e19c7b624826fc30cf301e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bluez 5.69 added a regression. Bluetooth connection for playstation controllers
stopped working. This adds a backport patch for the issue
(From OE-Core rev: a4ba3de4248ee05119ae944a972f88517e4e087b)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be05a177f943e9c8ce6c0fdbd157ee6f9103eef9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When specifying --mode / -m srcrev with devtool finish/update-recipe on
recipes that are not fetched from a SCM repository we get the following
error:
Traceback (most recent call last):
[..]
File "<...>/poky/meta/lib/oe/patch.py", line 49, in runcmd
raise CmdError(cmd, exitstatus >> 8, "stdout: %s\nstderr: %s" % (stdout, stderr))
oe.patch.CmdError: Command Error: 'sh -c 'git format-patch --no-signature --no-numbered INVALID -o /tmp/oepatchbj7pfmzj -- .'' exited with 0 Output:
stdout:
stderr: fatal: bad revision 'INVALID'
Fix this by adding a check and abort with a proper error message.
(From OE-Core rev: 9254b08fbfba3734d5bc717a382d909595833db1)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b77f60e85d07921ae5e808daa1fd7d8c3dc40ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[YOCTO #14933]
test_storlines is yet another Python ptest that fails intermittently on
the Yocto AB, so disable it during ptests for now.
(From OE-Core rev: 11eab2b5d14efa75fcb0686a9f835f9675883113)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d7b9f8157e6214a83b5495e8a32e11540ae65ff8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When running devtool update-recipe with --mode=srcrev AND --append switch
in dry-run, we get the following error:
Traceback (most recent call last):
[...]
Exception: destpath should be set here
Fix this by removing a misplaced else statement in _update_recipe_srcrev
(From OE-Core rev: edfa2aac5c39e12e1149134a6241ad4e5b2ebc46)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 85ba125703d5b442133fd7c470b915460ee68ac9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes an issue running "opkg upgrade" on a system with systemd
(and when there is an update to "systemd-compat-units",
for example between yocto 4.2.2 and 4.2.3):
//var/lib/opkg/info/systemd-compat-units.postinst: cd: line 3: can't cd to /etc/init.d: No such file or directory
The existence of /etc/init.d is now tested
without causing an error if doesn't exist.
Fixes [YOCTO #15292]
(From OE-Core rev: d114814fa2628cfea2769d65a26514b76e61a0fa)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0330331a1386fd2a34b410a7f62b29bfc8dc23c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Source: variable is generated from FILE but this is excluded from checksums
normally which results in a reproduciubility issue when the filename changes.
Add in a dependency by reworking the code a little to avoid this.
(From OE-Core rev: 431e6ad7c5b0af3909f5a43599764c529146e6d6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ea7da76c6930031a0071069027b1d71f737fbc9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If we chdir(), do the chdir back to the original directory in a finally
block so they always run.
(From OE-Core rev: 1680d1766445b21e35c6b874c4767b385862017f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cdc40292818683b6df1c814498c7589450a163fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A previous commit tried to add the --follow-symlinks option to
the perform_passwd_expire function in useradd_base.bbclass, however it used
a single -.
This is interpreted as --file=ollow-symlinks which results in...
sed: couldn't open file ollow-symlinks: No such file or directory
and...
ERROR: <image name>: passwd --expire operation did not succeed.
Fix by adding the missing -
(From OE-Core rev: 67721b71bf677097645b9150a31ac833125c0c23)
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c0deafcfcea3f610c7dd9a2d2884a16fbfe0497)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed
(From OE-Core rev: 7b4343a30a02d8f8664ac4c4bc09e5acfb4fa60e)
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6ec004b2e7b4342465af8e5e6cc66041834821a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As stated in the LICENSES/README.md "Unless otherwise noted, the systemd
project sources are licensed under the terms and conditions of the GNU
Lesser General Public License v2.1 or later", so replace LGPL-2.1-only
with LGPL-2.1-or-later.
With the exception of some udev sources that are licensed under
GPL-2.0-or-later (but are packaged separately), the project is licensed
under LGPL, and all the components are LGPL or under LGPL compatible
licenses. The package libsystemd is currently under the main package
license, which can cause problems when scanning for GPL software linked
to CLOSED one. Add more granularity by setting a license for libsystemd
to LGPL-2.1-or-later.
(From OE-Core rev: 2c65ec32ce3c4a74b7117588151a94a4c6e506a6)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54975f4b2184fe12c4995c289eba8358958e6c21)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changes made since CMake 3.27.6:
Brad King (6):
Android: Require Clang 18 for -std=c++23
Tests: Clarify RunCMake.CTestTimeout case name
ctest: Restore support for --timeout values higher than default test timeout
Help: Document CMP0124 behavior on already-set variables
FindPostgreSQL: Add support for version 16
CMake 3.27.7
Orkun Tokdemir (1):
Linting: Fix empty evaluated genex
(From OE-Core rev: 3f3f3118dd6976259e8d971ebf76f2eeaf96f930)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0faec0c8606b31216702252d0db7aa88388df231)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
- extensions: Don't search imports for extension prefixes
- transform: Check maximum depth when processing default templates
- build: Add more missing includes
- python: Don't set deprecated global
- build: Add missing includes
- imports: Limit nesting depth
- extensions: Report top-level elements in xsltDebugDumpExtensions
- Add extern "C" { } block to xsltlocale.h
- python: Make it compatible with python3.12
- date: Fix check for localtime_s
- date: Fix check for gmtime_s
- pkg-config files include cflags for static builds
- Handle NOCONFIG case when setting locations from CMake target properties
- autotools: Make xslt-config executable
- tests: Structured error handler now passes a const xmlError
- python: Fix tests on MinGW
- fuzz: Fix xmlFuzzEntityLoader after recent libxml2 changes
(From OE-Core rev: 7828e780813857a6667cb07472a0371823781e9b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 48b353f3fb8e5ab1853cba7faa3065d2fe6f36b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
- Fix public key computation for other EdDSA curves.
- Remove out of core handler diagnostic in FIPS mode.
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md.
- Make store an s-exp with \0 is considered to be binary.
- Various constant-time improvements.
- Use getrandom call only when supported by the platform.
- Change the default for --with-libtool-modification to never.
(From OE-Core rev: 451480be9e8693d026fb408f5bfd1c6c77ad7182)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e21583896116cf37bf6b95aea466854e4fd5e54b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
============
-Fix missing newlines in the output of "rndc nta -dump".
-Take into account local authoritative zones when falling back to serve-stale.
-Fix assertion failure when using lock-file configuration option together -X
argument to named.
-The 'lock-file' file was being removed when it shouldn't have been making it
ineffective if named was started 3 or more times.
-Fix a shutdown race in dns__catz_update_cb().
-B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b.
-The timeouts for resending zone refresh queries over UDP were lowered to enable
named to more quickly determine that a primary is down.
-Don't schedule resign operations on the raw version of an inline-signing zone.
-Fix a possible assertion failure on an error path in resolver.c:fctx_query(),
when using an uninitialized link.
-Add semantic patch to do an explicit cast from char to unsigned char in ctype.h
class of functions.
-Python system tests have to be executed by invoking pytest directly. Executing
them with the legacy test runner is no longer supported.
-The wrong covered value was being set by dns_ncache_current for RRSIG records
in the returned rdataset structure. This resulted in TYPE0 being reported as
the covered value of the RRSIG when dumping the cache contents.
(From OE-Core rev: 6103a28c3b3df76a679acae577140d4ad2346894)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9b34124561d926d9273c52163853161515e5666a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Version 0.7.26
- selected bug fixes:
* fix evr roundtrip in testcases
* do not use deprecated headerUnload with newer rpm versions
(From OE-Core rev: a749063e3f978a429d192445dcb5d636de668b82)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit abd47f16a4ef8a50af4287795969832d1391d8d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/6.5:
1/2 [
Author: Thomas Gleixner
Email: tglx@linutronix.de
Subject: x86/alternatives: Sync core before enabling interrupts
Date: Thu, 7 Dec 2023 20:49:24 +0100
text_poke_early() does:
local_irq_save(flags);
memcpy(addr, opcode, len);
local_irq_restore(flags);
sync_core();
That's not really correct because the synchronization should happen before
interrupts are reenabled to ensure that a pending interrupt observes the
complete update of the opcodes.
It's not entirely clear whether the interrupt entry provides enough
serialization already, but moving the sync_core() invocation into interrupt
disabled region does no harm and is obviously correct.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
2/2 [
Author: Thomas Gleixner
Email: tglx@linutronix.de
Subject: x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
Date: Thu, 7 Dec 2023 20:49:26 +0100
apply_alternatives() treats alternatives with the ALT_FLAG_NOT flag set
special as it optimizes the existing NOPs in place.
Unfortunately this happens with interrupts enabled and does not provide any
form of core synchronization.
So an interrupt hitting in the middle of the update and using the affected
code path will observe a half updated NOP and crash and burn. The following
3 NOP sequence was observed to expose this crash halfways reliably under
QEMU 32bit:
0x90 0x90 0x90
which is replaced by the optimized 3 byte NOP:
0x8d 0x76 0x00
So an interrupt can observe:
1) 0x90 0x90 0x90 nop nop nop
2) 0x8d 0x90 0x90 undefined
3) 0x8d 0x76 0x90 lea -0x70(%esi),%esi
4) 0x8d 0x76 0x00 lea 0x0(%esi),%esi
Where only #1 and #4 are true NOPs. The same problem exists for 64bit obviously.
Disable interrupts around this NOP optimization and invoke sync_core()
before reenabling them.
Fixes: 270a69c4485d ("x86/alternative: Support relocations in alternatives")
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: eaa14acddf8259bef87143956766e7d3cf01d6ff)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c8d29ab6b02c5b783429db3b67583deb1637142)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Paul Gortmaker
Email: paul.gortmaker@windriver.com
Subject: features/ima: drop now retired IMA_TRUSTED_KEYRING option
Date: Wed, 6 Dec 2023 09:15:38 -0500
Unfortunately linux-stable backported this:
Subject: ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
From: Nayna Jain <nayna@linux.ibm.com>
[ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ]
Time to remove "IMA_TRUSTED_KEYRING".
...to all releases still being maintained.
stable-queue$git grep -l 5087fd9e80e539
releases/5.10.195/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
releases/5.15.132/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
releases/5.4.257/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
releases/6.1.53/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
releases/6.4.16/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
releases/6.5.3/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
So now when someone uses the feature, it triggers a do_kernel_configcheck
warning when the audit runs.
We added this file way back in 2019 so this fix will be needed on all
active branches that are using an LTS linux-stable kernel listed above.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 0f8eaea3a46c9f6e3c99fb59e689e2a3843979d0)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d575b2822c1779077177deb177bafa94ab975bfc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
