[security] Upgrade kernel to 3.16.57-2 on 201803 branch (#2116)

* [security] Upgrade kernel to 3.16.57-2 Fix issues below: https://www.debian.org/security/2018/dsa-4120 https://www.debian.org/security/2018/dsa-4179 https://www.debian.org/security/2018/dsa-4187 https://www.debian.org/security/2018/dsa-4188 https://www.debian.org/security/2018/dsa-4196 and more. * update opennsl-modules-3.16.0-6-amd64_3.4.1.11-7_amd64.deb package Signed-off-by: Guohan Lu <gulv@microsoft.com> * [mellanox] update sdk base url (new kernel version)
2018-10-10 23:41:27 -07:00 · 2018-10-10 23:41:27 -07:00 · 773ed99d0a
commit 773ed99d0a
parent eba171b222
25 changed files with 52 additions and 50 deletions
--- a/build_debian.sh
+++ b/build_debian.sh
@ -114,7 +114,7 @@ echo '[INFO] Install SONiC linux kernel image'
 ## Note: duplicate apt-get command to ensure every line return zero
 sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/initramfs-tools_*.deb || \
    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
-sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/linux-image-3.16.0-5-amd64_*.deb || \
+sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/linux-image-3.16.0-6-amd64_*.deb || \
    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 ## Update initramfs for booting with squashfs+aufs
@ -152,10 +152,10 @@ sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/union-fsck
 sudo chroot $FILESYSTEM_ROOT update-initramfs -u
 ## Install latest intel igb driver
-sudo cp target/debs/igb.ko $FILESYSTEM_ROOT/lib/modules/3.16.0-5-amd64/kernel/drivers/net/ethernet/intel/igb/igb.ko
+sudo cp target/debs/igb.ko $FILESYSTEM_ROOT/lib/modules/3.16.0-6-amd64/kernel/drivers/net/ethernet/intel/igb/igb.ko
 ## Install latest intel ixgbe driver
-sudo cp target/debs/ixgbe.ko $FILESYSTEM_ROOT/lib/modules/3.16.0-5-amd64/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
+sudo cp target/debs/ixgbe.ko $FILESYSTEM_ROOT/lib/modules/3.16.0-6-amd64/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
 ## Install docker
 echo '[INFO] Install docker'
--- a/files/build_templates/swss.service.j2
+++ b/files/build_templates/swss.service.j2
@ -2,16 +2,16 @@
 Description=switch state service
 Requires=database.service updategraph.service
 {% if sonic_asic_platform == 'broadcom' %}
-Requires=opennsl-modules-3.16.0-5-amd64.service
+Requires=opennsl-modules-3.16.0-6-amd64.service
 {% elif sonic_asic_platform == 'nephos' %}
-Requires=nps-modules-3.16.0-5-amd64.service
+Requires=nps-modules-3.16.0-6-amd64.service
 {% endif %}
 After=database.service updategraph.service
 After=interfaces-config.service
 {% if sonic_asic_platform == 'broadcom' %}
-After=opennsl-modules-3.16.0-5-amd64.service
+After=opennsl-modules-3.16.0-6-amd64.service
 {% elif sonic_asic_platform == 'nephos' %}
-After=nps-modules-3.16.0-5-amd64.service
+After=nps-modules-3.16.0-6-amd64.service
 {% endif %}
 [Service]
--- a/installer/x86_64/install.sh
+++ b/installer/x86_64/install.sh
@ -570,11 +570,11 @@ menuentry '$demo_grub_entry' {
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_msdos
        insmod ext2
-        linux   /$image_dir/boot/vmlinuz-3.16.0-5-amd64 root=$grub_cfg_root rw $GRUB_CMDLINE_LINUX  \
+        linux   /$image_dir/boot/vmlinuz-3.16.0-6-amd64 root=$grub_cfg_root rw $GRUB_CMDLINE_LINUX  \
                loop=$image_dir/$FILESYSTEM_SQUASHFS loopfstype=squashfs                       \
                apparmor=1 security=apparmor varlog_size=$VAR_LOG_SIZE usbcore.autosuspend=-1 $ONIE_PLATFORM_EXTRA_CMDLINE_LINUX
        echo    'Loading $demo_volume_label $demo_type initial ramdisk ...'
-        initrd  /$image_dir/boot/initrd.img-3.16.0-5-amd64
+        initrd  /$image_dir/boot/initrd.img-3.16.0-6-amd64
 }
 EOF
--- a/platform/broadcom/sdk.mk
+++ b/platform/broadcom/sdk.mk
@ -1,4 +1,6 @@
-BRCM_OPENNSL_KERNEL = opennsl-modules-3.16.0-5-amd64_3.4.1.11-2_amd64.deb
+# mock link here, need to be replaced by real link from MSFT
-$(BRCM_OPENNSL_KERNEL)_URL = "https://sonicstorage.blob.core.windows.net/packages/opennsl-modules-3.16.0-5-amd64_3.4.1.11-2_amd64.deb?sv=2015-04-05&sr=b&sig=xtf8nafmS1pcqx5hhBsfmLNSx2BeqmwN4Dwq5uwM1bo%3D&se=2031-11-16T21%3A54%3A27Z&sp=r"
+
 BRCM_OPENNSL_KERNEL = opennsl-modules-3.16.0-6-amd64_3.4.1.11-7_amd64.deb
 $(BRCM_OPENNSL_KERNEL)_URL = "https://sonicstorage.blob.core.windows.net/packages/bcmsai/opennsl-modules-3.16.0-6-amd64_3.4.1.11-7_amd64.deb?sv=2015-04-05&sr=b&sig=HGePoJSCcURIMW3bPRh5iXlx6z5SWiElmqD44mqUchI%3D&se=2155-08-28T16%3A31%3A48Z&sp=r"
 SONIC_ONLINE_DEBS += $(BRCM_OPENNSL_KERNEL)
--- a/platform/broadcom/sonic-platform-modules-accton/as5712-54x/utils/README
+++ b/platform/broadcom/sonic-platform-modules-accton/as5712-54x/utils/README
@ -39,7 +39,7 @@ User is not necessary to handle docker environment creation.
  - Copy patches and series from patch/kernel of this release to 
    sonic-linux-kernel/patch.
  - Build kernel by "make".
-  - The built kernel package, linux-image-3.16.0-5-amd64_3.16.51-3+deb8u1_amd64.deb
+  - The built kernel package, linux-image-3.16.0-6-amd64_3.16.51-3+deb8u1_amd64.deb
    , is generated.
 3. Build installer 
  - Change directory back to sonic-buildimage/.
@ -52,7 +52,7 @@ User is not necessary to handle docker environment creation.
    The default user and password are "admin" & "YourPaSsWoRd" respectively.
  - Run "make configure PLATFORM=broadcom"
  - Copy the built kernel debian package to target/debs/.
-    The file is linux-image-3.16.0-5-amd64_*_amd64.deb under directory
+    The file is linux-image-3.16.0-6-amd64_*_amd64.deb under directory
    src/sonic-linux-kernel/.
  - Run "make target/sonic-generic.bin"
  - Get the installer, target/sonic-generic.bin, to target machine and install.
--- a/platform/broadcom/sonic-platform-modules-accton/as7312-54x/utils/README
+++ b/platform/broadcom/sonic-platform-modules-accton/as7312-54x/utils/README
@ -39,7 +39,7 @@ User is not necessary to handle docker environment creation.
  - Copy patches and series from patch/kernel of this release to 
    sonic-linux-kernel/patch.
  - Build kernel by "make".
-  - The built kernel package, linux-image-3.16.0-5-amd64_3.16.51-3+deb8u1_amd64.deb
+  - The built kernel package, linux-image-3.16.0-6-amd64_3.16.51-3+deb8u1_amd64.deb
    , is generated.
 3. Build installer 
  - Change directory back to sonic-buildimage/.
@ -52,7 +52,7 @@ User is not necessary to handle docker environment creation.
    The default user and password are "admin" & "YourPaSsWoRd" respectively.
  - Run "make configure PLATFORM=broadcom"
  - Copy the built kernel debian package to target/debs/.
-    The file is linux-image-3.16.0-5-amd64_*_amd64.deb under directory
+    The file is linux-image-3.16.0-6-amd64_*_amd64.deb under directory
    src/sonic-linux-kernel/.
  - Run "make target/sonic-generic.bin"
  - Get the installer, target/sonic-generic.bin, to target machine and install.
--- a/platform/broadcom/sonic-platform-modules-accton/as7716-32x/utils/README
+++ b/platform/broadcom/sonic-platform-modules-accton/as7716-32x/utils/README
@ -39,7 +39,7 @@ User is not necessary to handle docker environment creation.
  - Copy patches and series from patch/kernel of this release to 
    sonic-linux-kernel/patch.
  - Build kernel by "make".
-  - The built kernel package, linux-image-3.16.0-5-amd64_3.16.51-3+deb8u1_amd64.deb
+  - The built kernel package, linux-image-3.16.0-6-amd64_3.16.51-3+deb8u1_amd64.deb
    , is generated.
 3. Build installer 
  - Change directory back to sonic-buildimage/.
@ -52,7 +52,7 @@ User is not necessary to handle docker environment creation.
    The default user and password are "admin" & "YourPaSsWoRd" respectively.
  - Run "make configure PLATFORM=broadcom"
  - Copy the built kernel debian package to target/debs/.
-    The file is linux-image-3.16.0-5-amd64_*_amd64.deb under directory
+    The file is linux-image-3.16.0-6-amd64_*_amd64.deb under directory
    src/sonic-linux-kernel/.
  - Run "make target/sonic-generic.bin"
  - Get the installer, target/sonic-generic.bin, to target machine and install.
--- a/platform/broadcom/sonic-platform-modules-accton/debian/control
+++ b/platform/broadcom/sonic-platform-modules-accton/debian/control
@ -7,35 +7,35 @@ Standards-Version: 3.9.3
 Package: sonic-platform-accton-as7712-32x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as5712-54x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as7816-64x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as7716-32x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as7716-32xb
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as7312-54x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: sonic-platform-accton-as7326-56x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/broadcom/sonic-platform-modules-arista/confs/arista-drivers.service
+++ b/platform/broadcom/sonic-platform-modules-arista/confs/arista-drivers.service
@ -1,7 +1,7 @@
 [Unit]
 Description=Arista kernel modules init
 After=local-fs.target
-Before=opennsl-modules-3.16.0-5-amd64.service
+Before=opennsl-modules-3.16.0-6-amd64.service
 ConditionKernelCommandLine=Aboot
 [Service]
--- a/platform/broadcom/sonic-platform-modules-arista/confs/gardena-watchdog-stop.service
+++ b/platform/broadcom/sonic-platform-modules-arista/confs/gardena-watchdog-stop.service
@ -1,7 +1,7 @@
 [Unit]
 Description=Disable the watchdog after boot
 After=swss.service
-After=opennsl-modules-3.16.0-5-amd64.service
+After=opennsl-modules-3.16.0-6-amd64.service
 ConditionKernelCommandLine=sid=Gardena
 [Service]
--- a/platform/broadcom/sonic-platform-modules-arista/debian/control
+++ b/platform/broadcom/sonic-platform-modules-arista/debian/control
@ -21,7 +21,7 @@ Package: drivers-sonic-platform-arista
 Architecture: amd64
 Depends:
   ${misc:Depends},
-   linux-image-3.16.0-5-amd64
+   linux-image-3.16.0-6-amd64
 Description: Arista kernel modules for arista platform devices such as fan, led, sfp, psu
 Package: python-sonic-platform-arista
--- a/platform/broadcom/sonic-platform-modules-arista/utils/boot0
+++ b/platform/broadcom/sonic-platform-modules-arista/utils/boot0
@ -18,8 +18,8 @@
 set -x
-kernel=boot/vmlinuz-3.16.0-5-amd64
+kernel=boot/vmlinuz-3.16.0-6-amd64
-initrd=boot/initrd.img-3.16.0-5-amd64
+initrd=boot/initrd.img-3.16.0-6-amd64
 kernel_params=kernel-params
 aboot_machine="arista_unknown"
--- a/platform/broadcom/sonic-platform-modules-cel/debian/control
+++ b/platform/broadcom/sonic-platform-modules-cel/debian/control
@ -7,6 +7,6 @@ Standards-Version: 3.9.3
 Package: platform-modules-dx010
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/broadcom/sonic-platform-modules-dell/debian/control
+++ b/platform/broadcom/sonic-platform-modules-dell/debian/control
@ -7,11 +7,11 @@ Standards-Version: 3.9.3
 Package: platform-modules-z9100
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: platform-modules-s6100
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/broadcom/sonic-platform-modules-delta/debian/control
+++ b/platform/broadcom/sonic-platform-modules-delta/debian/control
@ -7,15 +7,15 @@ Standards-Version: 3.9.3
 Package: platform-modules-ag9032v1
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: platform-modules-ag9064
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: platform-modules-ag5648
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/broadcom/sonic-platform-modules-inventec/debian/control
+++ b/platform/broadcom/sonic-platform-modules-inventec/debian/control
@ -7,11 +7,11 @@ Standards-Version: 3.9.3
 Package: platform-modules-d7032q28b
 Architecture: amd64 
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led
 Package: platform-modules-d7054q28b
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led
--- a/platform/broadcom/sonic-platform-modules-mitac/debian/control
+++ b/platform/broadcom/sonic-platform-modules-mitac/debian/control
@ -7,6 +7,6 @@ Standards-Version: 3.9.3
 Package: sonic-platform-mitac-ly1200-32x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/broadcom/sonic-platform-modules-quanta/debian/control
+++ b/platform/broadcom/sonic-platform-modules-quanta/debian/control
@ -7,6 +7,6 @@ Standards-Version: 3.9.3
 Package: sonic-platform-quanta-ix1b-32x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as psu, led, sfp
--- a/platform/broadcom/sonic-platform-modules-s6000/debian/control
+++ b/platform/broadcom/sonic-platform-modules-s6000/debian/control
@ -7,6 +7,6 @@ Standards-Version: 3.9.3
 Package: platform-modules-s6000
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/centec/sonic-platform-modules-e582/debian/control
+++ b/platform/centec/sonic-platform-modules-e582/debian/control
@ -7,11 +7,11 @@ Standards-Version: 3.9.3
 Package: platform-modules-e582-48x2q4z
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
 Package: platform-modules-e582-48x6q
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/platform/mellanox/sdk.mk
+++ b/platform/mellanox/sdk.mk
@ -1,4 +1,4 @@
-MLNX_SDK_BASE_URL = https://github.com/Mellanox/SAI-Implementation/raw/5675ef1037813992cd234d3afcee43959e1ca4f6/sdk
+MLNX_SDK_BASE_URL = https://github.com/Mellanox/SAI-Implementation/raw/dc2bafed31d0a84d9282d65bd94b5e20574d1a4d/sdk
 MLNX_SDK_VERSION = 4.2.7303
 MLNX_SDK_RDEBS += $(APPLIBS) $(IPROUTE2_MLNX) $(SX_ACL_RM) $(SX_COMPLIB) \
 		  $(SX_EXAMPLES) $(SX_GEN_UTILS) $(SX_SCEW) $(SX_SDN_HAL) \
--- a/platform/nephos/sdk.mk
+++ b/platform/nephos/sdk.mk
@ -1,4 +1,4 @@
-NEPHOS_NPS_KERNEL = nps-modules-3.16.0-5_2.0.3_3147dc_amd64.deb
+NEPHOS_NPS_KERNEL = nps-modules-3.16.0-6_2.0.3_3147dc_amd64.deb
-$(NEPHOS_NPS_KERNEL)_URL = "https://github.com/NephosInc/SONiC/raw/master/sdk/nps-modules-3.16.0-5_2.0.3_3147dc_amd64.deb"
+$(NEPHOS_NPS_KERNEL)_URL = "https://github.com/NephosInc/SONiC/raw/master/sdk/nps-modules-3.16.0-6_2.0.3_3147dc_amd64.deb"
 SONIC_ONLINE_DEBS += $(NEPHOS_NPS_KERNEL)
--- a/platform/nephos/sonic-platform-modules-accton/debian/control
+++ b/platform/nephos/sonic-platform-modules-accton/debian/control
@ -7,5 +7,5 @@ Standards-Version: 3.9.3
 Package: sonic-platform-accton-as7116-54x
 Architecture: amd64
-Depends: linux-image-3.16.0-5-amd64
+Depends: linux-image-3.16.0-6-amd64
 Description: kernel modules for platform devices such as fan, led, sfp
--- a/rules/linux-kernel.mk
+++ b/rules/linux-kernel.mk
@ -1,9 +1,9 @@
 # linux kernel package
-KVERSION_SHORT = 3.16.0-5
+KVERSION_SHORT = 3.16.0-6
 KVERSION ?= $(KVERSION_SHORT)-amd64
-KERNEL_VERSION = 3.16.51
+KERNEL_VERSION = 3.16.57
-KERNEL_SUBVERSION = 3+deb8u1
+KERNEL_SUBVERSION = 2
 export KVERSION_SHORT KVERSION KERNEL_VERSION KERNEL_SUBVERSION
--- a/src/sonic-linux-kernel
+++ b/src/sonic-linux-kernel
@ -1 +1 @@
-Subproject commit 652f2592b90c2ae10064b9131b5217fbdde63526
+Subproject commit dff16eb00bf3fc45c4b3cb4d557732ce7a64be17
		`@ -1 +1 @@`
			`Subproject commit 652f2592b90c2ae10064b9131b5217fbdde63526`				`Subproject commit dff16eb00bf3fc45c4b3cb4d557732ce7a64be17`