From f563f0d3fc27e841ecc6dde1685811f7709e9adf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano@fidencio.org>
Date: Fri, 1 Nov 2024 14:13:44 +0100
Subject: [PATCH] versions: Update kernel to v6.12.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There are lots of configs removed from latest kernel. Update them here
for convenience of next kernel upgrade.

Remove CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE [1]
Remove CONFIG_IP_NF_TARGET_CLUSTERIP [2]
Remove CONFIG_NET_SCH_CBQ [3]
Remove CONFIG_AUTOFS4_FS [4]
Remove CONFIG_EMBEDDED [5]
Remove CONFIG_ARCH_RANDOM & CONFIG_RANDOM_TRUST_CPU [6]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=a7e4676e8e2cb158a4d24123de778087955e1b36
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=9db5d918e2c07fa09fab18bc7addf3408da0c76f
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=051d442098421c28c7951625652f61b1e15c4bd5
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=1f2190d6b7112d22d3f8dfeca16a2f6a2f51444e
[5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.6&id=ef815d2cba782e96b9aad9483523d474ed41c62a
[6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.2&id=b9b01a5625b5a9e9d96d14d4a813a54e8a124f4b

Apart from the removals, CONFIG_CPU_MITIGATIONS is now a dependency for
CONFIG_RETPOLINE (which has been renamed to CONFIG_MITIGATION_RETPOLINE)
and CONFIG_PAGE_TABLE_ISOLATION (which has been renamed to
CONFIG_MITIGATION_PAGE_TABLE_ISOLATION).  I've added that to the
whitelist because we still build older versions of the kernel that
do not have that dependency.

Fixes: #8408
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
---
 .../kernel/configs/fragments/arm64/base.conf          |  3 ---
 .../kernel/configs/fragments/common/cgroup.conf       |  2 ++
 .../packaging/kernel/configs/fragments/s390/base.conf |  2 --
 .../configs/fragments/s390/secure-execution.conf      |  3 ---
 .../kernel/configs/fragments/s390/vfio-ap.conf        |  2 ++
 .../packaging/kernel/configs/fragments/whitelist.conf | 11 +++++++++++
 .../kernel/configs/fragments/x86_64/acpi.conf         |  2 +-
 .../kernel/configs/fragments/x86_64/base.conf         |  2 ++
 .../kernel/configs/fragments/x86_64/mmu.conf          |  1 +
 tools/packaging/kernel/kata_config_version            |  2 +-
 tools/packaging/kernel/patches/6.12.x/no_patches.txt  |  0
 versions.yaml                                         |  4 ++--
 12 files changed, 22 insertions(+), 12 deletions(-)
 delete mode 100644 tools/packaging/kernel/configs/fragments/s390/secure-execution.conf
 create mode 100644 tools/packaging/kernel/patches/6.12.x/no_patches.txt

diff --git a/tools/packaging/kernel/configs/fragments/arm64/base.conf b/tools/packaging/kernel/configs/fragments/arm64/base.conf
index 45ec5b815..9a616a12b 100644
--- a/tools/packaging/kernel/configs/fragments/arm64/base.conf
+++ b/tools/packaging/kernel/configs/fragments/arm64/base.conf
@@ -42,9 +42,6 @@ CONFIG_ARM64_RAS_EXTN=y
 #
 # ARMv8.5 architectural features
 #
-CONFIG_ARCH_RANDOM=y
-CONFIG_RANDOM_TRUST_CPU=y
-
 CONFIG_NO_HZ_FULL=y
 CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 CONFIG_RANDOMIZE_BASE=y
diff --git a/tools/packaging/kernel/configs/fragments/common/cgroup.conf b/tools/packaging/kernel/configs/fragments/common/cgroup.conf
index 1976f440d..6b734156a 100644
--- a/tools/packaging/kernel/configs/fragments/common/cgroup.conf
+++ b/tools/packaging/kernel/configs/fragments/common/cgroup.conf
@@ -2,6 +2,7 @@
 # also used/looked for by systemd rootfs.
 CONFIG_CGROUPS=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_V1=y
 CONFIG_BLK_CGROUP=y
 CONFIG_CGROUP_WRITEBACK=y
 CONFIG_CGROUP_SCHED=y
@@ -10,6 +11,7 @@ CONFIG_CFS_BANDWIDTH=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CPUSETS=y
+CONFIG_CPUSETS_V1=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_HUGETLB=y
diff --git a/tools/packaging/kernel/configs/fragments/s390/base.conf b/tools/packaging/kernel/configs/fragments/s390/base.conf
index 3825ad0bd..859df0d93 100644
--- a/tools/packaging/kernel/configs/fragments/s390/base.conf
+++ b/tools/packaging/kernel/configs/fragments/s390/base.conf
@@ -7,8 +7,6 @@ CONFIG_S390_UV_UAPI=y
 CONFIG_CCW=y
 # Select default KVM options from arch/s390/kvm/Kconfig
 CONFIG_VIRTUALIZATION=y
-CONFIG_HAVE_KVM=y
-CONFIG_KVM=y
 
 CONFIG_MODULES=y
 CONFIG_MODULE_SIG=y
diff --git a/tools/packaging/kernel/configs/fragments/s390/secure-execution.conf b/tools/packaging/kernel/configs/fragments/s390/secure-execution.conf
deleted file mode 100644
index d2f3630b8..000000000
--- a/tools/packaging/kernel/configs/fragments/s390/secure-execution.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# IBM Secure Execution (Protected Virtualization in kernel)
-
-CONFIG_PROTECTED_VIRTUALIZATION_GUEST=y
diff --git a/tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf b/tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf
index 920142dd8..f2a5ed288 100644
--- a/tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf
+++ b/tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf
@@ -1,5 +1,7 @@
 # see https://www.kernel.org/doc/html/latest/s390/vfio-ap.html for more information
 
+# Support for Adjunct Processors (ap)
+CONFIG_AP=y
 # VFIO support for AP devices
 CONFIG_VFIO_AP=y
 CONFIG_VFIO_IOMMU_TYPE1=y
diff --git a/tools/packaging/kernel/configs/fragments/whitelist.conf b/tools/packaging/kernel/configs/fragments/whitelist.conf
index 171e51d45..b23363c82 100644
--- a/tools/packaging/kernel/configs/fragments/whitelist.conf
+++ b/tools/packaging/kernel/configs/fragments/whitelist.conf
@@ -1,12 +1,14 @@
 # configuration options which may dropped in newer kernels
 # without generating an error in fragment merging
 CONFIG_ARCH_RANDOM
+CONFIG_RANDOM_TRUST_CPU
 CONFIG_ARM64_CRYPTO
 CONFIG_AUTOFS4_FS
 CONFIG_GENERIC_MSI_IRQ_DOMAIN
 CONFIG_IP_NF_TARGET_CLUSTERIP
 CONFIG_PCI_MSI_IRQ_DOMAIN
 CONFIG_CLK_LGM_CGU
+CONFIG_MEMCG_SWAP
 CONFIG_NET_SCH_CBQ
 CONFIG_NF_NAT_IPV4
 CONFIG_NF_NAT_NEEDED
@@ -29,3 +31,12 @@ CONFIG_VIRTIO_IOMMU
 CONFIG_CRYPTO_ECDSA
 CONFIG_TN3270_TTY
 CONFIG_S390_AP_IOMMU
+CONFIG_CPU_MITIGATIONS
+CONFIG_RETPOLINE
+CONFIG_MITIGATION_RETPOLINE
+CONFIG_PAGE_TABLE_ISOLATION
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
+CONFIG_VFIO_AP
+CONFIG_VFIO_MDEV
+CONFIG_CPUSETS_V1
+CONFIG_MEMCG_V1
diff --git a/tools/packaging/kernel/configs/fragments/x86_64/acpi.conf b/tools/packaging/kernel/configs/fragments/x86_64/acpi.conf
index e44ba0983..6c260c0ba 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/acpi.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/acpi.conf
@@ -6,7 +6,7 @@ CONFIG_X86_MPPARSE=y
 
 CONFIG_ACPI_CPU_FREQ_PSS=y
 CONFIG_ACPI_HOTPLUG_IOAPIC=y
-CONFIG_ACPI_LEGACY_TABLES_LOOKUP
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
 CONFIG_ACPI_LPIT=y
 CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
 CONFIG_ACPI_PROCESSOR_CSTATE=y
diff --git a/tools/packaging/kernel/configs/fragments/x86_64/base.conf b/tools/packaging/kernel/configs/fragments/x86_64/base.conf
index b26a78831..52c5dec8f 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/base.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/base.conf
@@ -14,9 +14,11 @@ CONFIG_PARAVIRT=y
 CONFIG_NR_CPUS=240
 
 # For security
+CONFIG_CPU_MITIGATIONS=y
 CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_RETPOLINE=y
+CONFIG_MITIGATION_RETPOLINE=y
 
 # Boot directly into the uncompressed kernel
 # Reduce memory footprint
diff --git a/tools/packaging/kernel/configs/fragments/x86_64/mmu.conf b/tools/packaging/kernel/configs/fragments/x86_64/mmu.conf
index d8009aef3..c4e225820 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/mmu.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/mmu.conf
@@ -2,3 +2,4 @@
 
 # Remove the kernel mapping from the user space - security improvement.
 CONFIG_PAGE_TABLE_ISOLATION=y
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index b4f334f26..aaacbe662 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-141
+142
diff --git a/tools/packaging/kernel/patches/6.12.x/no_patches.txt b/tools/packaging/kernel/patches/6.12.x/no_patches.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/versions.yaml b/versions.yaml
index 591cff0a2..c75f55634 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -194,11 +194,11 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-    version: "v6.1.62"
+    version: "v6.12.8"
     confidential:
       description: "Linux kernel with x86_64 TEEs (SEV, SNP, and TDX) support"
       url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-      version: "v6.7"
+      version: "v6.12.8"
 
   kernel-arm-experimental:
     description: "Linux kernel with cpu/mem hotplug support on arm64"