github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-04-10 04:52:18 +00:00
Code Issues Projects Releases Wiki Activity
6,023 Commits 1 Branch 32 Tags
e36eae4820b96d2fd89942e3eb4e7d35793a1e21
Commit Graph

72 Commits

Author SHA1 Message Date
Rolf Neugebauer
2eec092862 kernel: Adjust kernel configs 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-22 10:01:18 +01:00
Rolf Neugebauer
9f1f99026d kernel: Update to 4.16.17/4.14.51/4.4.138 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-22 10:01:18 +01:00
Rolf Neugebauer
2ff0491ac1 kernel: Update to 4.17.2/4.16.16/4.14.50/4.9.109 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-20 13:50:23 +01:00
Rolf Neugebauer
45f563fc66 kernel: Update to 4.17.1/4.16.15/4.14.49 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-12 17:18:11 +01:00
Rolf Neugebauer
4e830a35a1 kernel: Update to 4.16.14/4.14.48/4.9.107/4.4.136 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-07 12:10:22 +01:00
Rolf Neugebauer
ba5e75a24e kernel: Update to 4.14.47/4.9.105/4.4.135 
These releases are a single patch only, fixing  a bug.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-06-06 08:26:54 +01:00
Rolf Neugebauer
9e8f458780 kernel: Adjust kernel config for arm64/x86 for 4.14.x and 4.16.x 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-30 16:14:53 +01:00
Rolf Neugebauer
acc059e6c8 kernel: Updatr to 4.16.13/4.14.46/4.9.104/4.4.134 
Note, we skip 4.14.45 because 4.14.46 only has 3 patches
in it which unbreak 'perf' compilation.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-30 15:59:03 +01:00
Rolf Neugebauer
d9a1ea45ce kernel: Update to 4.16.12/4.14.44/4.9.103/4.4.133 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-30 14:36:14 +01:00
Rolf Neugebauer
00ce115df9 kernel: Update to 4.16.11/4.14.43/4.9.102 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-24 13:11:31 +01:00
Rolf Neugebauer
454d2142f3 kernel: Update to 4.16.10/4.14.42/4.9.101 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-24 10:54:45 +01:00
Rolf Neugebauer
c4a265c77f kernel: Update to 4.16.9/4.14.41/4.9.100/4.4.132 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-16 17:55:10 +01:00
Rolf Neugebauer
2e2de63133 kernel: Update to 4.16.8/4.14.40/4.9.99 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-10 13:06:28 +01:00
Rolf Neugebauer
be8929da30 kernel: Fix SCTP kernel config 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-05-03 18:48:02 +01:00
Rolf Neugebauer
655bb391ca kernel: Update to 4.16.7/4.14.39/4.9.98/4.4.131 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-05-03 17:22:26 +01:00
Sukchan Lee
aa7d5fc942 kernel: SCTP support 
Enable SCTP protocol as a kernel module

Signed-off-by: Sukchan Lee <acetcom@gmail.com>
 2018-05-01 23:04:29 +09:00
Rolf Neugebauer
7a4233dec5 kernel: Add USB storage support for x86_64 and arm64 
This is useful for some baremetal configs, such as using
USB sticks on a RPi3. I enabled it for x86_64 as well
to keep the differences smaller.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-04-30 10:35:33 +01:00
Rolf Neugebauer
262b25f874 kernel: Update to 4.16.6/4.14.38/4.9.97/4.4.130 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-30 10:35:33 +01:00
Rolf Neugebauer
54ed15ccce kernel: Update to 4.16.5/4.14.37/4.9.96/4.4.129 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-27 16:45:36 +01:00
Rolf Neugebauer
865c6691b1 kernel: Update to 4.16.4/4.14.36 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-27 15:01:42 +01:00
Rolf Neugebauer
2a9d21bee7 kernel: Update to 4.16.3/4.15.18/4.14.35 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-19 13:46:35 +01:00
Rolf Neugebauer
4454c7b854 kernel: Enable MPLS_ROUTING and MPLS_IPTUNNEL as modules 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-13 15:21:57 +01:00
Rolf Neugebauer
d1b73f7cf3 kernel: Update to 4.16.2/4.15.17/4.14.34 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-13 14:53:19 +01:00
Rolf Neugebauer
fa9452af09 kernel: Update to 4.15.16/4.14.33/4.9.93/4.4.127 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-04-09 10:35:34 +01:00
Rolf Neugebauer
a5a685750d kernel: Update to 4.15.15/4.14.32/4.9.92/4.4.126 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-04-01 17:52:14 +01:00
Rolf Neugebauer
462961d5c9 kernel: Update to 4.15.14/4.14.31/4.9.91/4.4.125 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-03-30 13:29:03 +01:00
Rolf Neugebauer
7f12cb577a kernel: Update to 4.15.13/4.14.30/4.9.90/4.4.124 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-03-30 12:19:02 +01:00
Rolf Neugebauer
9cb6f2d802 kernel: Enable CONFIG_FB_EFI for x86_64 and arm64 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-03-30 12:18:31 +01:00
Rolf Neugebauer
208811355a kernel: Update to 4.15.12/4.14.29/4.9.89/4.4.123 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
 2018-03-22 19:55:57 +00:00
Rolf Neugebauer
45b613e668 kernel: Update to 4.15.11/4.14.28/4.9.88/4.4.122 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-20 12:05:27 +00:00
Rolf Neugebauer
513e368880 kernel: Enable CEPH, DRBD, and RBD 
All enabled as modules

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-15 13:50:18 +00:00
Rolf Neugebauer
28f1ae2e77 kernel: Update to 4.15.10/4.14.27 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-15 11:22:11 +00:00
Rolf Neugebauer
659f877da6 kernel: Update to 4.15.9/4.14.26/4.9.87/4.4.121 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-12 17:00:06 +00:00
Rolf Neugebauer
c573eee0ff kernel: Update kernels to 4.14.25/4.15.26 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-12 15:30:51 +00:00
Rolf Neugebauer
48251e8bcf kernel: Enable IMA for 4.14.x and 4.15.x 
Enable the Integrity Measurement Architecture (IMA) for 4.14.x
and 4.15.x kernels. This pretty much uses the defaults except we
also enable INTEGRITY_ASYMMETRIC_KEYS and IMA_READ_POLICY. The
latter may be useful for debugging.

For s390x we also needed to enable TPM support.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-12 15:26:23 +00:00
Rolf Neugebauer
ae30674227 kernel: Update to 4.14.24/4.9.86/4.4.120 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-03-09 12:39:11 +00:00
Rolf Neugebauer
fcba3e2350 kernel: Update to 4.15.7/4.4.23/4.9.85/4.4.119 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-28 11:02:15 +00:00
Rolf Neugebauer
75ac2563f5 kernel: Update to 4.15.6/4.14.22/4.9.84/4.4.118 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-26 12:16:51 +00:00
Rolf Neugebauer
89c5941b88 kernel: Adjust kernel config files for 4.14 
- KMEMCHECK has been removed
- PROFILE_ALL_BRANCHES was added (but is disabled)

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-23 18:33:21 +00:00
Rolf Neugebauer
5c68ca489d kernel: Update to 4.15.5/4.14.21/4.9.83/4.4.117 
Also remove the 4.4 patch which should have been removed by
231cead2cc ("kernel: Update to 4.15.4/4.14.20/4.9.82/4.4.116")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-23 18:06:18 +00:00
Rolf Neugebauer
231cead2cc kernel: Update to 4.15.4/4.14.20/4.9.82/4.4.116 
The 4.14.20 update has Meltdown/Spectre fixes for arm64

The 4.4.116 update incorporates the proper fix for the
div by zero crash in the firmware loader, so the patch
with the hackish workaround was dropped.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-19 14:06:11 +00:00
Rolf Neugebauer
43ba6de147 kernel: Update to 4.15.3/4.14.19/4.9.81 
Drop the hack for the microcode division by 0 on GCP as
a proper fix is in upstream as:
2760f452a718 ("x86/microcode: Do the family check first")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-13 17:22:23 +00:00
Rolf Neugebauer
acfca26038 kernel: Update to 4.15.2/4.14.18 
These kernels have significant changes/addition for Spectre
mitigation as well as the usual other set of fixes.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-08 11:50:17 +00:00
Rolf Neugebauer
ee0f182014 kernel: Update to 4.15.1/4.14.17/4.9.80/4.4.115 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-06 18:06:25 +00:00
Rolf Neugebauer
82f3f9ae9a kernel: Enable new BPF_JIT_ALWAYS_ON 
This option is not enabled by default, but disables the
BPF interpreter which can be used to inject speculative
execution into the kernel. Enabled it as it seems
like a good security measure.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-06 13:23:40 +00:00
Rolf Neugebauer
a6a5f69c8d kernel: Update to 4.14.16/4.9.79/4.4.114 
The 4.14 and 4.9 kernels have a significant number of
fixes to eBPF and also a fix for kernel level sockets
and namespace removals, ie fixes some aspects of
https://github.com/moby/moby/issues/5618
"unregister_netdevice: waiting for lo to become free"

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-02-06 13:23:40 +00:00
Rolf Neugebauer
5de66f4fd9 kernel: Update to 4.14.15/4.9.78/4.4.113 
While at it, also update to latest alpine base

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-24 11:56:34 +00:00
Rolf Neugebauer
130c6222bb kernel: Adjust kernel config with new options 
- Enable RETPOLINE by default. Note, however, this will
  only be used if the compiler supports it.
- Enable sysfs interface for vulnerabilities

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:36:30 +00:00
Rolf Neugebauer
bfceb1dfbb kernel: Update to 4.14.14/4.9.77/4.4.112 
The 4.4.14 has a number of important fixes/additions:
- New support for retpolines (enabled but requires newer gcc
  to take advantage of). This provides mitigation for Spectre
  style attacks.
- Various KPTI fixes including fixes for EFI booting
- More eBPF fixes around out-of-bounds and overflow of
  maps. These were used for variant 1 of CVE-2017-5753.
- Several KVM related to CVE-2017-5753, CVE-2017-5715,
  CVE-2017-17741.
- New sysfs interface listing vulnerabilities:
  /sys/devices/system/cpu/vulnerabilities

The 4.9.77 kernel also has seems to have most/all of the above
back-ported.

See https://lwn.net/SubscriberLink/744287/1fc3c18173f732e7/
for more details on the Spectre mitigation.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:31:54 +00:00
Rolf Neugebauer
9a101d1136 kernel: Update to 4.14.13/4.9.76/4.4.111 
This looks like there are a couple of minor fixes to the
recent KPTI changes but nothing major...

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-10 11:12:27 +00:00