Note, on x86_64 for 4.12.9 a new kernel option,
HARDLOCKUP_CHECK_TIMESTAMP was added which defaults to enabled. It enables
a low pass filter to compensate for perf based hard lockup detection.
Added this option to the x86_64 4.12.x kernel confog file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Due to https://github.com/moby/moby/issues/34199 we can't supply
the FROM image via --build-arg and use DOCKER_CONTENT_TRUST=1 for build.
So we pull the image with DCT and then explicitly build it without.
This regression was introduced with 8b84baf2 ("kernel: Allow disabling content trust")
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
For some use cases, we may want to add additional kernel
configuration options (e.g. when adding AUFS). This commit
enables it by:
- renaming DEBUG to EXTRA
- append kernel_config${EXTRA} to the kernel config
- allowing passing in an EXTRA argument to the make file
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
specifying NOTRUST=1 on the make command line disables
content trust just like with packages.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Without this change, recent Docker build produce this warning:
[WARNING]: Empty continuation line found in:
RUN apk add xz xz-dev zlib-dev && if [ $(uname -m) == x86_64 ]; then apk add libunwind-dev;
fi
[WARNING]: Empty continuation lines will become errors in a future release.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- The x86_64 kernel config was derived from our 4.11 config
and then adjusted with the recent changes
- The arm64 kernel config was derived from the 4.9 config
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The VMBus/Hyper-V socket patches were partly taken from the now
defunct 4.11 tree and partly form the WIP 4.12 tree at:
https://github.com/dcui/linux/commits/decui/msft-4.12.y
From the 4.11 tree:
- 0001-tools-build-Add-test-for-sched_getcpu.patch
Does not apply, may not be needed anymore to compile perf
- 0002-vmbus-vmbus_open-reset-onchannel_callback-on-error.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0003-vmbus-add-the-matching-tasklet_enable-in-vmbus_close.patch
Already upstream: 5116f5e2e05cf("vmbus: re-enable channel tasklet")
- 0004-vmbus-remove-goto-error_clean_msglist-in-vmbus_open
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0005-vmbus-dynamically-enqueue-dequeue-a-channel-on-vmbus.patch
From the 4.11 patches
- 0006-hv_sock-implements-Hyper-V-transport-for-Virtual-Soc.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0007-VMCI-only-try-to-load-on-VMware-hypervisor.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0008-hv_sock-add-the-support-of-auto-loading.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0009-tools-hv_sock-2-simple-test-cases.patch
Dropped, this was just test code
- 0010-vmbus-introduce-in-place-packet-iterator.patch
Already upstream: f3dd3f4797652("vmbus: introduce in-place packet iterator")
- 0011-hvsock-fix-a-race-in-hvs_stream_dequeue.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0012-hvsock-fix-vsock_dequeue-enqueue_accept-race.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0013-Drivers-hv-vmbus-Fix-rescind-handling.patch
From the 4.11 patches
- 0014-vmbus-fix-hv_percpu_channel_deq-enq-race.patch
From the 4.11 patches
- 0015-vmbus-add-vmbus-onoffer-onoffer_rescind-sync.patch
From the 4.11 patches
- 0016-hv-sock-a-temporary-workaround-for-the-pending_send_.patch
DROPPED. Does not apply at all anymore. Was a hack anyway
- 0017-vmbus-fix-the-missed-signaling-in-hv_signal_on_read.patch
Applied manually from the 4.11 patches
- 0018-hv-sock-avoid-double-FINs-if-shutdown-is-called.patch
From https://github.com/dcui/linux/commits/decui/msft-4.12.y
- 0019-Added-vsock-transport-support-to-9pfs.patch
From the 4.11 patches
- 0020-NVDIMM-reducded-ND_MIN_NAMESPACE_SIZE-from-4MB-to-4K.patch
From the 4.11 patches
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The host side VSOCK implementation introduced with
0009-VSOCK-Introduce-vhost_vsock.ko.patch
does not compile due to vhost_vq_init_access not being defined.
VHOST support (including VHOST_VSOCK) was enabled with
86deeaff ("kernel: Bring 4.4 x86_64 kernel config more in line
with 4.9") but not compile tested. Having VHOST support in
itself is fine, it's just the VHOST_VSOCK portion which is not
avail.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The kernel config for debug kernels is created by concatenating
config files, so we can't use diff to check it.
This fixes a regression introduced by:
9362de0a ("kernel: Verify kernel config")
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Note, vhost vsock is disabled on arm64 because it failed to compile.
'vhost_vq_init_access' was not defined, but with a quick check
I could not find where it was supposed to be defined.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The new Dockerfile.kconfig can be used, via the 'kconfig' make target
to build a 'linuxkit/kconfig' images. This images contains the patched
source and default kernel configs for all supported kernels.
It's useful to updating the kernel config files.
While at it, also update the alpine base.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The kernel build currently downloads the source tar ball every
time, which is a little tedious when experimenting with kernel
configs or when compiling the kernel multiple times.
This commit adds a new 'fetch' make target which downloads the
kernel sources into ./sources. Then in the Dockerfile we add
the directory and only download the source if it is not present.
The tarballs signature is till checked on each build.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Since we supply a full .config file we can check that after
make defconfig/oldconfig it hasn't changed. This should catch
cases where a config option has changed between releases.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is a recommended security measure to protect the low portion
of virtual memory. On x86_64 the recommended value is 65536 while
for arm it shouldn't be higher than 32768.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The resulting kernel boots fine on qemu and on Cavium Thunder,
though the latter still has some issues.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Enable DEVPTS_MULTIPLE_INSTANCES in kernel configuration file
to avoid the devpts mounting hang issue during bootup when
running LinuxKit.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
It has been EOLed today and won't receive any further updates.
The images are still on hub so can be continued to be used
for the time being.
4.12 support is coming soon.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Adding NFS debug modules to kernel_config.debug
- Also updating some dead links in the kernels.md doc file
Signed-off-by: Dave Freitag <dcfreita@us.ibm.com>
- Enables module for some common 10/40G NICs
from Broadcom, Intel, and Mellanox
- Enable KVM and related modules
These are targeted to support more bare metal
configuration with LinuxKit.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
