starlingx/integ
Code Issues Proposed changes
bad86583a0
integ/kernel-std/centos/meta_patches/Fix-compile-warnings-in-scsi-drivers.patch
Jim Somerville 50a9ff6df4 Kernel Upgrades for Meltdown and Spectre 
The kernel is moved ahead to version 3.10.0-693.21.1.el7

To summarize:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
This is fixed by load fences and is "baked in" and cannot
be turned off.

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
This is fixed by a combination of retpolines and IBPB, or
IBRS+IBPB if on skylake.  This requires a microcode change in
the processors.  This feature, if on, has a significant performance
impact.  It is assumed on unless turned off via the
"nospectre_v2" bootarg.

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
This is fixed by page table isolation using the Kaiser patches.
This feature is assumed on unless turned off via the
"nopti" bootarg.

As of the commit date, we have changed the installer kickstarts
to issue both "nopti nospectre_v2" bootargs to minimize realtime
impacts by default.  The customer will be able to optionally
sacrifice performance for extra security at datafill time.

Change-Id: Id7c99923f2ee2ee91f77c7bd9940e684eff8b476
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2018-06-22 12:53:11 -04:00

42 lines
1.8 KiB
Diff
Raw Blame History

From 784a33ecc2a8732ef773c68b1990d165398b6d71 Mon Sep 17 00:00:00 2001
Message-Id: <784a33ecc2a8732ef773c68b1990d165398b6d71.1522099420.git.Jim.Somerville@windriver.com>
In-Reply-To: <37dfb62264baec527d56aaf20db887840bec1ea1.1522099415.git.Jim.Somerville@windriver.com>
References: <37dfb62264baec527d56aaf20db887840bec1ea1.1522099415.git.Jim.Somerville@windriver.com>
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Thu, 9 Nov 2017 15:53:41 -0500
Subject: [PATCH 27/32] Fix compile warnings in scsi drivers
They get turned into errors and thus break the build.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
---
SPECS/kernel.spec | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index d1dc5bf..735f8a0 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -445,6 +445,9 @@ Patch40022: cpuidle-menu-Avoid-taking-spinlock-for-accessing-QoS.patch
Patch40023: US101216-IMA-support-in-Titanium-kernel.patch
Patch40024: US103091-IMA-System-Configuration.patch
Patch40025: Fix-CentOS-mistake-thinking-that-Xen-is-always-enabl.patch
+# Fix compile warnings that break the build
+Patch40026: aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch
+Patch40027: dpt_i2o-fix-build-warning.patch
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
@@ -793,6 +796,8 @@ ApplyOptionalPatch cpuidle-menu-Avoid-taking-spinlock-for-accessing-QoS.patch
ApplyOptionalPatch US101216-IMA-support-in-Titanium-kernel.patch
ApplyOptionalPatch US103091-IMA-System-Configuration.patch
ApplyOptionalPatch Fix-CentOS-mistake-thinking-that-Xen-is-always-enabl.patch
+ApplyOptionalPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch
+ApplyOptionalPatch dpt_i2o-fix-build-warning.patch
# Any further pre-build tree manipulations happen here.
--
1.8.3.1
View Git Blame Copy Permalink