github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-18 17:33:02 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4861 from ryansavino/upgrade-kernel-support-5.19

Browse Source 
kernel: upgrade guest kernel support to 5.19
This commit is contained in:
Fabiano Fidêncio 2022-08-22 14:57:00 +02:00 committed by GitHub
commit d797036b77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 23 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
snap/snapcraft.yaml
View File

@ -206,7 +206,7 @@ parts:
# Install raw kernel # Install raw kernel
vmlinux_path="vmlinux" vmlinux_path="vmlinux"
[ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/compressed/vmlinux" [ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/vmlinux"
vmlinux_name="vmlinux-${kernel_suffix}" vmlinux_name="vmlinux-${kernel_suffix}"
cp "${vmlinux_path}" "${kata_kernel_dir}/${vmlinux_name}" cp "${vmlinux_path}" "${kata_kernel_dir}/${vmlinux_name}"
ln -sf "${vmlinux_name}" "${kata_kernel_dir}/vmlinux.container" ln -sf "${vmlinux_name}" "${kata_kernel_dir}/vmlinux.container"

6
src/agent/Cargo.lock generated
View File

@ -168,13 +168,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]] [[package]]
name = "cgroups-rs" name = "cgroups-rs"
version = "0.2.9" version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdae996d9638ba03253ffa1c93345a585974a97abbdeab9176c77922f3efc1e8" checksum = "cf5525f2cf84d5113ab26bfb6474180eb63224b4b1e4be31ee87be4098f11399"
dependencies = [ dependencies = [
"libc", "libc",
"log", "log",
"nix 0.23.1", "nix 0.24.2",
"regex", "regex",
] ]

2
src/agent/Cargo.toml
View File

@ -50,7 +50,7 @@ log = "0.4.11"
prometheus = { version = "0.13.0", features = ["process"] } prometheus = { version = "0.13.0", features = ["process"] }
procfs = "0.12.0" procfs = "0.12.0"
anyhow = "1.0.32" anyhow = "1.0.32"
cgroups = { package = "cgroups-rs", version = "0.2.8" } cgroups = { package = "cgroups-rs", version = "0.2.10" }
# Tracing # Tracing
tracing = "0.1.26" tracing = "0.1.26"

2
src/agent/rustjail/Cargo.toml
View File

@ -23,7 +23,7 @@ scan_fmt = "0.2.6"
regex = "1.5.5" regex = "1.5.5"
path-absolutize = "1.2.0" path-absolutize = "1.2.0"
anyhow = "1.0.32" anyhow = "1.0.32"
cgroups = { package = "cgroups-rs", version = "0.2.8" } cgroups = { package = "cgroups-rs", version = "0.2.10" }
rlimit = "0.5.3" rlimit = "0.5.3"
cfg-if = "0.1.0" cfg-if = "0.1.0"

10
tools/packaging/kernel/build-kernel.sh
View File

@ -127,7 +127,10 @@ get_tee_kernel() {
mkdir -p ${kernel_path} mkdir -p ${kernel_path}
[ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") [ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
kernel_tarball="${version}.tar.gz"
kernel_tarball="linux-${version}.tar.gz"
tarball_name=$(get_from_kata_deps "assets.kernel.${tee}.tarball")
[ -z "$tarball_name" ] || kernel_tarball="$tarball_name"
if [ ! -f "${kernel_tarball}" ]; then if [ ! -f "${kernel_tarball}" ]; then
curl --fail -OL "${kernel_url}/${kernel_tarball}" curl --fail -OL "${kernel_url}/${kernel_tarball}"
@ -456,7 +459,7 @@ install_kata() {
if [ "${arch_target}" = "arm64" ]; then if [ "${arch_target}" = "arm64" ]; then
install --mode 0644 -D "arch/${arch_target}/boot/Image" "${install_path}/${vmlinux}" install --mode 0644 -D "arch/${arch_target}/boot/Image" "${install_path}/${vmlinux}"
elif [ "${arch_target}" = "s390" ]; then elif [ "${arch_target}" = "s390" ]; then
install --mode 0644 -D "arch/${arch_target}/boot/compressed/vmlinux" "${install_path}/${vmlinux}" install --mode 0644 -D "arch/${arch_target}/boot/vmlinux" "${install_path}/${vmlinux}"
else else
install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}" install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}"
fi fi
@ -553,7 +556,8 @@ main() {
esac esac
elif [[ "${conf_guest}" != "" ]]; then elif [[ "${conf_guest}" != "" ]]; then
#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues #If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag") kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.version" 2>/dev/null || true)
[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
else else
kernel_version=$(get_from_kata_deps "assets.kernel.version") kernel_version=$(get_from_kata_deps "assets.kernel.version")
fi fi

2
tools/packaging/kernel/configs/fragments/common/dax.conf
View File

@ -12,7 +12,6 @@ CONFIG_SPARSEMEM_VMEMMAP=y
# Without these the pmem_should_map_pages() call in the kernel fails with new # Without these the pmem_should_map_pages() call in the kernel fails with new
# Related to the ARCH_HAS_HMM set in the arch files. # Related to the ARCH_HAS_HMM set in the arch files.
CONFIG_ZONE_DEVICE=y CONFIG_ZONE_DEVICE=y
CONFIG_DEV_PAGEMAP_OPS=y
CONFIG_ND_PFN=y CONFIG_ND_PFN=y
CONFIG_NVDIMM_PFN=y CONFIG_NVDIMM_PFN=y
@ -23,7 +22,6 @@ CONFIG_BLK_DEV=y
CONFIG_BLK_DEV_PMEM=y CONFIG_BLK_DEV_PMEM=y
CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM=y
CONFIG_LIBNVDIMM=y CONFIG_LIBNVDIMM=y
CONFIG_ND_BLK=y
CONFIG_BTT=y CONFIG_BTT=y
# FIXME: Should check if this is really needed # FIXME: Should check if this is really needed
# https://github.com/kata-containers/packaging/issues/483 # https://github.com/kata-containers/packaging/issues/483

2
tools/packaging/kernel/configs/fragments/s390/network.conf
View File

@ -1,2 +0,0 @@
# Options needed by HAVE_EBPF_JIT
CONFIG_PACK_STACK=y

1
tools/packaging/kernel/configs/fragments/x86_64/base.conf
View File

@ -15,6 +15,7 @@ CONFIG_NR_CPUS=240
# For security # For security
CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_LEGACY_VSYSCALL_NONE=y
CONFIG_SPECULATION_MITIGATIONS=y
CONFIG_RETPOLINE=y CONFIG_RETPOLINE=y
# Boot directly into the uncompressed kernel # Boot directly into the uncompressed kernel

7
tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf
View File

@ -1,12 +1,9 @@
# AMD Secure Encrypted Virtualization (SEV) # AMD Secure Encrypted Virtualization (SEV)
CONFIG_AMD_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y
CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y
CONFIG_CRYPTO_DEV_SP_PSP=y
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_SECURITYFS=y
CONFIG_VIRT_DRIVERS=y
CONFIG_EFI=y CONFIG_EFI=y
CONFIG_EFI_SECRET=m CONFIG_EFI_SECRET=m
CONFIG_EFI_STUB=y
CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG=y
CONFIG_MODULES=y CONFIG_MODULES=y
CONFIG_VIRT_DRIVERS=y

2
tools/packaging/kernel/kata_config_version
View File

@ -1 +1 @@
94 95

0
tools/packaging/kernel/patches/5.19.x/no_patches.txt Normal file
View File

10
versions.yaml
View File

@ -153,16 +153,16 @@ assets:
kernel: kernel:
description: "Linux kernel optimised for virtual machines" description: "Linux kernel optimised for virtual machines"
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
version: "v5.15.48" version: "v5.19.2"
tdx: tdx:
description: "Linux kernel that supports TDX" description: "Linux kernel that supports TDX"
url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags" url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags"
tag: "SPR-BKC-PC-v9.6" tag: "SPR-BKC-PC-v9.6"
tarball: "SPR-BKC-PC-v9.6.tar.gz"
sev: sev:
description: "Linux kernel with efi_secret support" description: "Linux kernel that supports SEV"
url: "https://github.com/confidential-containers-demo/\ url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
linux/archive/refs/tags/" version: "v5.19.2"
tag: "efi-secret-v5.17-rc6"
kernel-experimental: kernel-experimental:
description: "Linux kernel with virtio-fs support" description: "Linux kernel with virtio-fs support"