StarlingX

  1. Bug #2043947
  2. Comment #2

Comment 2 for bug 2043947

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/906036
Committed: https://opendev.org/starlingx/kernel/commit/706581da39e96f2ad3ca906c38f3eb4778fb78a2
Submitter: "Zuul (22348)"
Branch: master

commit 706581da39e96f2ad3ca906c38f3eb4778fb78a2
Author: Peng Zhang <email address hidden>
Date: Thu Jan 18 11:20:58 2024 +0000

    Update kernel to v5.10.205

    This commit updates kernel to v5.10.205 to fix following CVE issues:
    1.CVE-2023-51782: https://nvd.nist.gov/vuln/detail/CVE-2023-51782
    2.CVE-2023-51781:https://nvd.nist.gov/vuln/detail/CVE-2023-51781
    3.CVE-2023-51780: https://nvd.nist.gov/vuln/detail/CVE-2023-51780
    4.CVE-2023-6531: https://nvd.nist.gov/vuln/detail/CVE-2023-6531
    5.CVE-2023-6121: https://nvd.nist.gov/vuln/detail/CVE-2023-6121
    6.CVE-2023-6546: https://nvd.nist.gov/vuln/detail/CVE-2023-6546
    7.CVE-2023-6931: https://nvd.nist.gov/vuln/detail/CVE-2023-6931
    8.CVE-2023-6932: https://nvd.nist.gov/vuln/detail/CVE-2023-6932
    9.CVE-2023-6817: https://nvd.nist.gov/vuln/detail/CVE-2023-6817
    10.CVE-2023-46862: https://nvd.nist.gov/vuln/detail/CVE-2023-46862
    11.CVE-2023-39197: https://nvd.nist.gov/vuln/detail/CVE-2023-39197
    12.CVE-2023-6176: https://nvd.nist.gov/vuln/detail/CVE-2023-6176
    13.CVE-2023-4881: https://nvd.nist.gov/vuln/detail/CVE-2023-4881
    14.CVE-2023-34324: https://nvd.nist.gov/vuln/detail/CVE-2023-34324
    15.CVE-2023-5717: https://nvd.nist.gov/vuln/detail/CVE-2023-5717
    16.CVE-2023-5178: https://nvd.nist.gov/vuln/detail/CVE-2023-5178
    17.CVE-2023-46813: https://nvd.nist.gov/vuln/detail/CVE-2023-46813
    18.CVE-2023-35827: https://nvd.nist.gov/vuln/detail/CVE-2023-35827

    A local StarlingX kernel patch had already been integrated into the
    linux-yocto repository's v5.10/standard/preempt-rt/base branch after
    v5.10.198 as commit 2dccf008aa65 ("net: replace
    raw_write_seqcount_t_begin by do_raw_write_seqcount_begin").
    Hence, we drop the following now-redundant local patch:
      0083-net-replace-raw_write_seqcount_t_begin-by-do_raw_wri.patch.

    Verification:
    - Build kernel and out of tree modules success for rt and std.
    - Build iso success for rt and std.
    - Install success onto a AIO-DX lab with rt kernel.
    - Boot up successfully in the lab.
    - The sanity testing was done by our test team and no regression
      defect was found.
    - The cyclictest benchmark was also run on the starlingx lab, the
      result is "samples: 259200000 avg: 1602 max: 4460 99.9999th
      percentile: 2737 overflows: 0".
      Given that the maximum and 99.9999 percentile latency values are
      well below 5 microseconds, the results are acceptable, and they are
      not significantly different than the ones acquired with kernel
      v5.10.198.

    Closes-Bug: 2043947

    Change-Id: I558e40c4398428d73444bd4f50928c5248da0899
    Signed-off-by: Peng Zhang <email address hidden>