versions: Update kernel to v6.12.8

There are lots of configs removed from latest kernel. Update them here
for convenience of next kernel upgrade.

Remove CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE [1]
Remove CONFIG_IP_NF_TARGET_CLUSTERIP [2]
Remove CONFIG_NET_SCH_CBQ [3]
Remove CONFIG_AUTOFS4_FS [4]
Remove CONFIG_EMBEDDED [5]
Remove CONFIG_ARCH_RANDOM & CONFIG_RANDOM_TRUST_CPU [6]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=a7e4676e8e2cb158a4d24123de778087955e1b36
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=9db5d918e2c07fa09fab18bc7addf3408da0c76f
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=051d442098421c28c7951625652f61b1e15c4bd5
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=1f2190d6b7112d22d3f8dfeca16a2f6a2f51444e
[5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=ef815d2cba782e96b9aad9483523d474ed41c62a
[6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.2&id=b9b01a5625b5a9e9d96d14d4a813a54e8a124f4b

Apart from the removals, CONFIG_CPU_MITIGATIONS is now a dependency for
CONFIG_RETPOLINE (which has been renamed to CONFIG_MITIGATION_RETPOLINE)
and CONFIG_PAGE_TABLE_ISOLATION (which has been renamed to
CONFIG_MITIGATION_PAGE_TABLE_ISOLATION).  I've added that to the
whitelist because we still build older versions of the kernel that
do not have that dependency.

Fixes: #8408
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>

tools/packaging/kernel/configs/fragments/arm64/base.conf

@@ -42,9 +42,6 @@ CONFIG_ARM64_RAS_EXTN=y
 #
 # ARMv8.5 architectural features
 #
-CONFIG_ARCH_RANDOM=y
-CONFIG_RANDOM_TRUST_CPU=y
-
 CONFIG_NO_HZ_FULL=y
 CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 CONFIG_RANDOMIZE_BASE=y

tools/packaging/kernel/configs/fragments/common/cgroup.conf

@@ -2,6 +2,7 @@
 # also used/looked for by systemd rootfs.
 CONFIG_CGROUPS=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_V1=y
 CONFIG_BLK_CGROUP=y
 CONFIG_CGROUP_WRITEBACK=y
 CONFIG_CGROUP_SCHED=y
@@ -10,6 +11,7 @@ CONFIG_CFS_BANDWIDTH=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CPUSETS=y
+CONFIG_CPUSETS_V1=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_HUGETLB=y

tools/packaging/kernel/configs/fragments/s390/base.conf

@@ -7,8 +7,6 @@ CONFIG_S390_UV_UAPI=y
 CONFIG_CCW=y
 # Select default KVM options from arch/s390/kvm/Kconfig
 CONFIG_VIRTUALIZATION=y
-CONFIG_HAVE_KVM=y
-CONFIG_KVM=y
 
 CONFIG_MODULES=y
 CONFIG_MODULE_SIG=y

tools/packaging/kernel/configs/fragments/s390/secure-execution.conf

@@ -1,3 +0,0 @@
-# IBM Secure Execution (Protected Virtualization in kernel)
-
-CONFIG_PROTECTED_VIRTUALIZATION_GUEST=y

tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf

@@ -1,5 +1,7 @@
 # see https://www.kernel.org/doc/html/latest/s390/vfio-ap.html for more information
 
+# Support for Adjunct Processors (ap)
+CONFIG_AP=y
 # VFIO support for AP devices
 CONFIG_VFIO_AP=y
 CONFIG_VFIO_IOMMU_TYPE1=y

tools/packaging/kernel/configs/fragments/whitelist.conf

@@ -1,12 +1,14 @@
 # configuration options which may dropped in newer kernels
 # without generating an error in fragment merging
 CONFIG_ARCH_RANDOM
+CONFIG_RANDOM_TRUST_CPU
 CONFIG_ARM64_CRYPTO
 CONFIG_AUTOFS4_FS
 CONFIG_GENERIC_MSI_IRQ_DOMAIN
 CONFIG_IP_NF_TARGET_CLUSTERIP
 CONFIG_PCI_MSI_IRQ_DOMAIN
 CONFIG_CLK_LGM_CGU
+CONFIG_MEMCG_SWAP
 CONFIG_NET_SCH_CBQ
 CONFIG_NF_NAT_IPV4
 CONFIG_NF_NAT_NEEDED
@@ -29,3 +31,12 @@ CONFIG_VIRTIO_IOMMU
 CONFIG_CRYPTO_ECDSA
 CONFIG_TN3270_TTY
 CONFIG_S390_AP_IOMMU
+CONFIG_CPU_MITIGATIONS
+CONFIG_RETPOLINE
+CONFIG_MITIGATION_RETPOLINE
+CONFIG_PAGE_TABLE_ISOLATION
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
+CONFIG_VFIO_AP
+CONFIG_VFIO_MDEV
+CONFIG_CPUSETS_V1
+CONFIG_MEMCG_V1

tools/packaging/kernel/configs/fragments/x86_64/acpi.conf

@@ -6,7 +6,7 @@ CONFIG_X86_MPPARSE=y
 
 CONFIG_ACPI_CPU_FREQ_PSS=y
 CONFIG_ACPI_HOTPLUG_IOAPIC=y
-CONFIG_ACPI_LEGACY_TABLES_LOOKUP
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
 CONFIG_ACPI_LPIT=y
 CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
 CONFIG_ACPI_PROCESSOR_CSTATE=y

tools/packaging/kernel/configs/fragments/x86_64/base.conf

@@ -14,9 +14,11 @@ CONFIG_PARAVIRT=y
 CONFIG_NR_CPUS=240
 
 # For security
+CONFIG_CPU_MITIGATIONS=y
 CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_RETPOLINE=y
+CONFIG_MITIGATION_RETPOLINE=y
 
 # Boot directly into the uncompressed kernel
 # Reduce memory footprint

tools/packaging/kernel/configs/fragments/x86_64/mmu.conf

@@ -2,3 +2,4 @@
 
 # Remove the kernel mapping from the user space - security improvement.
 CONFIG_PAGE_TABLE_ISOLATION=y
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y

tools/packaging/kernel/kata_config_version

@@ -1 +1 @@
-141
+142

versions.yaml

@@ -194,11 +194,11 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-    version: "v6.1.62"
+    version: "v6.12.8"
     confidential:
       description: "Linux kernel with x86_64 TEEs (SEV, SNP, and TDX) support"
       url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-      version: "v6.7"
+      version: "v6.12.8"
 
   kernel-arm-experimental:
     description: "Linux kernel with cpu/mem hotplug support on arm64"