starlingx/kernel
Code Issues Proposed changes
kernel/kernel-std
History
Jiping Ma 2e912eed62 kernel: upgrade the kernel to the version 6.6.40 
We upgrade the kernel to the version 6.6.40 to fix the following CVEs.
CVE-2023-46838: https://nvd.nist.gov/vuln/detail/CVE-2023-46838
CVE-2024-38667: https://nvd.nist.gov/vuln/detail/CVE-2024-38667
CVE-2024-38664: https://nvd.nist.gov/vuln/detail/CVE-2024-38664
CVE-2024-36971: https://nvd.nist.gov/vuln/detail/CVE-2024-36971
CVE-2024-36477: https://nvd.nist.gov/vuln/detail/CVE-2024-36477
CVE-2024-27022: https://nvd.nist.gov/vuln/detail/CVE-2024-27022
CVE-2024-27020: https://nvd.nist.gov/vuln/detail/CVE-2024-27020
CVE-2024-27018: https://nvd.nist.gov/vuln/detail/CVE-2024-27018
CVE-2024-26952: https://nvd.nist.gov/vuln/detail/CVE-2024-26952
CVE-2024-26934: https://nvd.nist.gov/vuln/detail/CVE-2024-26934
CVE-2024-26933: https://nvd.nist.gov/vuln/detail/CVE-2024-26933
CVE-2024-26930: https://nvd.nist.gov/vuln/detail/CVE-2024-26930
CVE-2024-26929: https://nvd.nist.gov/vuln/detail/CVE-2024-26929
CVE-2024-23307: https://nvd.nist.gov/vuln/detail/CVE-2024-23307
CVE-2024-0841: https://nvd.nist.gov/vuln/detail/CVE-2024-0841
CVE-2023-6610: https://nvd.nist.gov/vuln/detail/CVE-2023-6610
CVE-2023-6606: https://nvd.nist.gov/vuln/detail/CVE-2023-6606
CVE-2023-6535: https://nvd.nist.gov/vuln/detail/CVE-2023-6535
CVE-2023-6356: https://nvd.nist.gov/vuln/detail/CVE-2023-6356
CVE-2023-6270: https://nvd.nist.gov/vuln/detail/CVE-2023-6270
CVE-2023-46838: https://nvd.nist.gov/vuln/detail/CVE-2023-46838
CVE-2024-39291: https://nvd.nist.gov/vuln/detail/CVE-2024-39291
CVE-2024-39480: https://nvd.nist.gov/vuln/detail/CVE-2024-39480
CVE-2024-39479: https://nvd.nist.gov/vuln/detail/CVE-2024-39479
CVE-2024-39277: https://nvd.nist.gov/vuln/detail/CVE-2024-39277

The following changes we made to support the kernel upgrade.

For deb_patches folder:
1) We adapt the patch efi-lock-down-the-kernel-if-booted-in-secure-boot-
   mo.patch based on kernel-6.6.40 because of the changed context.
2) The patch 00xx-mod-fix-the-undefined-errors.patch is added to fix the
   mod build failure because symsearch.c is added in kernel-6.6.40.

For patches folder:
1) We adapt the patch 0001, 0016 and 0017 based on kernel-6.6.40.
2) Remove 0018-SUNRPC-use-request-size-to-initialize-bio_vec-in-
   svc.patch because it had been included in kernel-6.6.40.

Verification:
- Build kernel and out of tree modules success for rt and std.
- Build iso success for rt and std.
- Install success onto a All-in-One lab with rt kernel.
- Boot up successfully in the lab.
- The sanity testing was run and the test results PASS.
- The cyclictest benchmark was also run on the starlingx lab, the result
  is "samples:  86400000  avg: 1658.509   std_dev: 44.463 max: 4451
  99.9999th percentile: 2590", It is not big difference with 6.6.7.
- The network performance test had been done, the test results are
  almost same with kernel-6.6.7.

Closes-Bug: 2073449

Change-Id: I0f3bb1210f6ac454db52c22e621b111d22202196
Signed-off-by: Jiping Ma <jiping.ma2@windriver.com>
2024-08-06 00:49:56 +00:00
..
debian
kernel: upgrade the kernel to the version 6.6.40
2024-08-06 00:49:56 +00:00
files
Kernel: Enable the use of WireGuard secure network tunnel.
2022-09-18 22:05:52 -04:00