Merge pull request #2519 from jcvenegas/kernel-experimental-5.13.10

kernel: Enable SGX in experimental kernel.

.github/workflows/kata-deploy-push.yaml

@@ -9,6 +9,7 @@ jobs:
       matrix:
         asset:
           - kernel
+          - kernel-experimental
           - shim-v2
           - qemu
           - cloud-hypervisor

tools/packaging/kata-deploy/local-build/Makefile

@@ -38,6 +38,10 @@ firecracker-tarball:
 kernel-tarball:
 	${MAKE} $@-build
 
+kernel-experimental-tarball:
+	${MAKE} $@-build
+
+
 qemu-tarball:
 	${MAKE} $@-build
 

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -67,6 +67,7 @@ options:
 	cloud-hypervisor
 	firecracker
 	kernel
+	kernel-experimental
 	qemu
 	rootfs-image
 	rootfs-initrd
@@ -91,17 +92,16 @@ install_initrd() {
 #Install kernel asset
 install_kernel() {
 	export kernel_version="$(yq r $versions_yaml assets.kernel.version)"
-	DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" "${kernel_version}"
+	DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }
 
+
 #Install experimental kernel asset
 install_experimental_kernel() {
 	info "build experimental kernel"
-	export kernel_version="$(yq r $versions_yaml assets.kernel-experimental.version)"
-	"${kernel_builder}" -e setup
-	"${kernel_builder}" -e build
-	info "install experimental kernel"
-	DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" -e install
+	export kernel_version="$(yq r $versions_yaml assets.kernel-experimental.tag)"
+	info "Kernel version ${kernel_version}"
+	DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" -f -b experimental -v ${kernel_version}
 }
 
 # Install static qemu asset
@@ -158,7 +158,6 @@ handle_build() {
 	case "${build_target}" in
 	all)
 		install_clh
-		install_experimental_kernel
 		install_firecracker
 		install_image
 		install_initrd
@@ -173,6 +172,8 @@ handle_build() {
 
 	kernel) install_kernel ;;
 
+	kernel-experimental) install_experimental_kernel;;
+
 	qemu) install_qemu ;;
 
 	rootfs-image) install_image ;;
@@ -201,6 +202,7 @@ main() {
 		cloud-hypervisor
 		firecracker
 		kernel
+		kernel-experimental
 		qemu
 		rootfs-image
 		rootfs-initrd

tools/packaging/kernel/build-kernel.sh

@@ -38,7 +38,7 @@ readonly GV_NVIDIA="nvidia"
 #Path to kernel directory
 kernel_path=""
 #Experimental kernel support. Pull from virtio-fs GitLab instead of kernel.org
-experimental_kernel="false"
+build_type=""
 #Force generate config when setup
 force_setup_generate_config="false"
 #GPU kernel support
@@ -83,6 +83,7 @@ Commands:
 Options:
 
 	-a <arch>   	: Arch target to build the kernel, such as aarch64/ppc64le/s390x/x86_64.
+	-b <type>    	: Enable optional config type.
 	-c <path>   	: Path to config file to build the kernel.
 	-d          	: Enable bash debug.
 	-e          	: Enable experimental kernel.
@@ -127,8 +128,9 @@ get_kernel() {
 		kernel_tarball="linux-${version}.tar.xz"
 
                 if [ ! -f sha256sums.asc ] || ! grep -q "${kernel_tarball}" sha256sums.asc; then
-                        info "Download kernel checksum file: sha256sums.asc"
-                        curl --fail -OL "https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
+                        shasum_url="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
+                        info "Download kernel checksum file: sha256sums.asc from ${shasum_url}"
+                        curl --fail -OL "${shasum_url}"
                 fi
                 grep "${kernel_tarball}" sha256sums.asc >"${kernel_tarball}.sha256"
 
@@ -178,10 +180,16 @@ get_kernel_frag_path() {
 	# Exclude configs if they have !$arch tag in the header
 	local common_configs="$(grep "\!${arch}" ${common_path}/*.conf -L)"
 
-	local experimental_configs=""
-	local experimental_dir="${common_path}/experimental"
-	if [ -d "$experimental_dir" ]; then
-		experimental_configs=$(find "$experimental_dir" -name '*.conf')
+	local extra_configs=""
+	if [ "${build_type}" != "" ];then
+		local build_type_dir=$(readlink -m "${arch_path}/../build-type/${build_type}")
+		if [ ! -d "$build_type_dir" ]; then
+			die "No config fragments dir for ${build_type}: ${build_type_dir}"
+		fi
+		extra_configs=$(find "$build_type_dir" -name '*.conf')
+		if [ "${extra_configs}" == "" ];then
+			die "No extra configs found in ${build_type_dir}"
+		fi
 	fi
 
 	# These are the strings that the kernel merge_config.sh script kicks out
@@ -195,8 +203,8 @@ get_kernel_frag_path() {
 	# handle specific cases, then add the path definition and search/list/cat
 	# here.
 	local all_configs="${common_configs} ${arch_configs}"
-	if [[ ${experimental_kernel} == "true" ]]; then
-		all_configs="${all_configs} ${experimental_configs}"
+	if [[ ${build_type} != "" ]]; then
+		all_configs="${all_configs} ${extra_configs}"
 	fi
 
 	if [[ "${gpu_vendor}" != "" ]];then
@@ -333,7 +341,7 @@ setup_kernel() {
 	local major_kernel
 	major_kernel=$(get_major_kernel_version "${kernel_version}")
 	local patches_dir_for_version="${patches_path}/${major_kernel}.x"
-	local experimental_patches_dir="${patches_path}/${major_kernel}.x/experimental"
+	local build_type_patches_dir="${patches_path}/${major_kernel}.x/${build_type}"
 
 	[ -n "${arch_target}" ] || arch_target="$(uname -m)"
 	arch_target=$(arch_to_kernel "${arch_target}")
@@ -343,10 +351,10 @@ setup_kernel() {
 	# Apply version specific patches
 	${packaging_scripts_dir}/apply_patches.sh "${patches_dir_for_version}"
 
-	# Apply version specific patches for experimental build
-	if [ "${experimental_kernel}" == "true" ] ;then
-		info "Apply experimental patches"
-		${packaging_scripts_dir}/apply_patches.sh "${experimental_patches_dir}"
+	# Apply version specific patches for build_type build
+	if [ "${build_type}" == "true" ] ;then
+		info "Apply build_type patches from ${build_type_patches_dir}"
+		${packaging_scripts_dir}/apply_patches.sh "${build_type_patches_dir}"
 	fi
 
 	[ -n "${hypervisor_target}" ] || hypervisor_target="kvm"
@@ -382,8 +390,8 @@ install_kata() {
 	install_path=$(readlink -m "${DESTDIR}/${PREFIX}/share/${project_name}")
 
 	suffix=""
-	if [[ ${experimental_kernel} == "true" ]]; then
-		suffix="-experimental"
+	if [[ ${build_type} != "" ]]; then
+		suffix="-${build_type}"
 	fi
 	if [[ ${gpu_vendor} != "" ]];then
 		suffix="-${gpu_vendor}-gpu${suffix}"
@@ -430,11 +438,14 @@ install_kata() {
 }
 
 main() {
-	while getopts "a:c:defg:hk:p:t:v:x:" opt; do
+	while getopts "a:b:c:defg:hk:p:t:v:x:" opt; do
 		case "$opt" in
 			a)
 				arch_target="${OPTARG}"
 				;;
+			b)
+				build_type="${OPTARG}"
+				;;
 			c)
 				kernel_config_path="${OPTARG}"
 				;;
@@ -443,7 +454,7 @@ main() {
 				set -x
 				;;
 			e)
-				experimental_kernel="true"
+				build_type="experimental"
 				;;
 			f)
 				force_setup_generate_config="true"
@@ -485,7 +496,7 @@ main() {
 
 	# If not kernel version take it from versions.yaml
 	if [ -z "$kernel_version" ]; then
-		if [[ ${experimental_kernel} == "true" ]]; then
+		if [[ ${build_type} == "experimental" ]]; then
 			kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
 		else
 			kernel_version=$(get_from_kata_deps "assets.kernel.version")
@@ -496,8 +507,8 @@ main() {
 
 	if [ -z "${kernel_path}" ]; then
 		config_version=$(get_config_version)
-		if [[ ${experimental_kernel} == "true" ]]; then
-			kernel_path="${PWD}/kata-linux-experimental-${kernel_version}-${config_version}"
+		if [[ ${build_type} != "" ]]; then
+			kernel_path="${PWD}/kata-linux-${build_type}-${kernel_version}-${config_version}"
 		else
 			kernel_path="${PWD}/kata-linux-${kernel_version}-${config_version}"
 		fi

tools/packaging/kernel/configs/fragments/build-type/experimental/sgx.conf

@@ -0,0 +1 @@
+CONFIG_X86_SGX=y

tools/packaging/kernel/configs/fragments/whitelist.conf

@@ -10,3 +10,5 @@ CONFIG_REFCOUNT_FULL
 CONFIG_MEMCG_SWAP_ENABLED
 CONFIG_CRYPTO_DEV_SP_PSP
 CONFIG_CRYPTO_DEV_CCP
+CONFIG_HAVE_NET_DSA
+CONFIG_NF_LOG_COMMON

tools/packaging/static-build/kernel/build.sh

@@ -13,26 +13,24 @@ readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)"
 readonly kernel_builder="${repo_root_dir}/tools/packaging/kernel/build-kernel.sh"
 
 
-kernel_version=${1}
 DESTDIR=${DESTDIR:-${PWD}}
 PREFIX=${PREFIX:-/opt/kata}
 container_image="kata-kernel-builder"
 
 sudo docker build -t "${container_image}" "${script_dir}"
 
-echo "build ${kernel_version}"
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${PWD}" \
 	"${container_image}" \
-	bash -c "${kernel_builder} -v ${kernel_version} setup"
+	bash -c "${kernel_builder} $* setup"
 
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${PWD}" \
 	"${container_image}" \
-	bash -c "${kernel_builder} -v ${kernel_version} build"
+	bash -c "${kernel_builder} $* build"
 
 sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${PWD}" \
 	--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
 	"${container_image}" \
-	bash -c "${kernel_builder} -v ${kernel_version} install"
+	bash -c "${kernel_builder} $* install"

versions.yaml

@@ -153,14 +153,12 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
-    uscan-url: >-
-      https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-(5\.4\..+)\.tar\.gz
     version: "v5.10.25"
 
   kernel-experimental:
     description: "Linux kernel with virtio-fs support"
     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
-    tag: "v5.10.25"
+    tag: "v5.13.10"
 
 externals:
   description: "Third-party projects used by the system"