Commit Graph

326 Commits

Author SHA1 Message Date
Rolf Neugebauer
a8cc4f4f42 kernel: Don't compile -rt kernels on s390x
Looks like commit 9a88a5e986 ("Upgrade -rt patches to
v4.14.29-rt25") accidentally added compiling -rt kernels
for s390x. Remove it.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-04-04 22:51:07 +01:00
Rolf Neugebauer
a5a685750d kernel: Update to 4.15.15/4.14.32/4.9.92/4.4.126
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-04-01 17:52:14 +01:00
Tiejun Chen
9a88a5e986 Upgrade -rt patches to v4.14.29-rt25
Signed-off-by: Tiejun Chen <tiejun.china@gmail.com>
2018-03-30 21:10:01 -07:00
Rolf Neugebauer
462961d5c9 kernel: Update to 4.15.14/4.14.31/4.9.91/4.4.125
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-30 13:29:03 +01:00
Rolf Neugebauer
7f12cb577a kernel: Update to 4.15.13/4.14.30/4.9.90/4.4.124
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-30 12:19:02 +01:00
Rolf Neugebauer
9cb6f2d802 kernel: Enable CONFIG_FB_EFI for x86_64 and arm64
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-30 12:18:31 +01:00
Rolf Neugebauer
913f31e150 kernel: Drop 4.9.x for arm64
There are too many kernels to compile and arm64 takes a bit
too long to compile even on a beefy arm64 server.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-30 12:18:05 +01:00
Rolf Neugebauer
80f5f228e0 kernel: Cherry-pick two Hyper-V SCSI driver patche
These fix some issues around hot-unplugging devices which may be the cause
of some LCOW issues we are seeing.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-22 20:00:20 +00:00
Rolf Neugebauer
208811355a kernel: Update to 4.15.12/4.14.29/4.9.89/4.4.123
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2018-03-22 19:55:57 +00:00
Rolf Neugebauer
45b613e668 kernel: Update to 4.15.11/4.14.28/4.9.88/4.4.122
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-20 12:05:27 +00:00
Rolf Neugebauer
513e368880 kernel: Enable CEPH, DRBD, and RBD
All enabled as modules

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-15 13:50:18 +00:00
Rolf Neugebauer
1ff6f2eea5 kernel: Update Intel CPU firmware to 20180312
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-15 13:50:18 +00:00
Rolf Neugebauer
627e982b79 kernel: Update rt kernel to 4.14.24
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-15 11:22:11 +00:00
Rolf Neugebauer
28f1ae2e77 kernel: Update to 4.15.10/4.14.27
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-15 11:22:11 +00:00
Rolf Neugebauer
9a5727f5e4 kernel: Update to latest alpine base image
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-15 11:22:11 +00:00
Rolf Neugebauer
659f877da6 kernel: Update to 4.15.9/4.14.26/4.9.87/4.4.121
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-12 17:00:06 +00:00
Rolf Neugebauer
c573eee0ff kernel: Update kernels to 4.14.25/4.15.26
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-12 15:30:51 +00:00
Rolf Neugebauer
48251e8bcf kernel: Enable IMA for 4.14.x and 4.15.x
Enable the Integrity Measurement Architecture (IMA) for 4.14.x
and 4.15.x kernels. This pretty much uses the defaults except we
also enable INTEGRITY_ASYMMETRIC_KEYS and IMA_READ_POLICY. The
latter may be useful for debugging.

For s390x we also needed to enable TPM support.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-12 15:26:23 +00:00
Justin Ko
2eefd62710 Non-existent target check is marked phony
The non-existent target "check" is marked phony.

Signed-off-by: Justin Ko <oknitsuj@gmail.com>
2018-03-09 09:13:59 -08:00
Rolf Neugebauer
ae30674227 kernel: Update to 4.14.24/4.9.86/4.4.120
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-09 12:39:11 +00:00
Rolf Neugebauer
eee71f46e0 kernel: Adjust s390x kernel config
- Disable all network device driver apart from Mellanox, which
  is the only support NIC on s390x
- Disable Fusion MPT
- Disable DAX/NVMEM/NVME
- Disable USB

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-09 12:39:11 +00:00
Rolf Neugebauer
35c6e782e3 kernel: Make it clearer which kernels are compiled per arch
While this now has some duplication, it is clearer as to which
kernels are compiled for each architecture.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-03-09 11:35:58 +00:00
Jason A. Donenfeld
dc92ae7e39 wireguard: update to 0.0.20180304
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-05 13:47:34 +01:00
Alice Frosi
db0045b0c9 Add s390 support for linuxkit kernel
Update building process to add s390 support.

The patch serial-forbid-8250-on-s390.patch has been added to disable
8250 serial for s390.

The patch is available upstream https://patchwork.kernel.org/patch/10106437/
but it is not backported.

Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
2018-03-01 12:18:16 +00:00
Rolf Neugebauer
c08a2f19a8 kernel: Update alpine base to latest
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-28 16:35:23 +00:00
Rolf Neugebauer
fcba3e2350 kernel: Update to 4.15.7/4.4.23/4.9.85/4.4.119
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-28 11:02:15 +00:00
Rolf Neugebauer
afd255d6c9 kernel: Adjust 4.4.x config file
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-26 14:37:44 +00:00
Rolf Neugebauer
75ac2563f5 kernel: Update to 4.15.6/4.14.22/4.9.84/4.4.118
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-26 12:16:51 +00:00
Rolf Neugebauer
89c5941b88 kernel: Adjust kernel config files for 4.14
- KMEMCHECK has been removed
- PROFILE_ALL_BRANCHES was added (but is disabled)

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-23 18:33:21 +00:00
Rolf Neugebauer
5c68ca489d kernel: Update to 4.15.5/4.14.21/4.9.83/4.4.117
Also remove the 4.4 patch which should have been removed by
231cead2cc ("kernel: Update to 4.15.4/4.14.20/4.9.82/4.4.116")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-23 18:06:18 +00:00
Rolf Neugebauer
cfc9c49269 kernel: Handle non-existing config file for 'make kconfig'
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-21 13:24:29 +00:00
Rolf Neugebauer
dbb14dfb69 kernel: Introduce per arch kernels and drop 4.4.x for arm64
We may soon get another arch, so wanted to set the template
for having per arch list of kernels to compile.

While at it also drop the 4.4.x kernel for arm64. We never really
tested it and folks should be on 4.9 or 4.14 anyway. I'll leave
4.4.x for x86 for now as it might be useful to test for regressions.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-21 13:24:28 +00:00
Rolf Neugebauer
bcc72c3502 kernel: Remove the 4.9.x and 4.14.x-rt debug kernels from build
In order to cut the number of kernels we build, remove the debug
kernel for the now non-default 4.9.x series.

Also remove the -rt debug kernel. Users who need it can build
it themselves with 'make EXTRA=-rt DEBUG=-dbg build_4.14.x'

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-21 10:44:22 +00:00
Rolf Neugebauer
1e9b769d65 kernel: Enable KAISER and Hardened Branch predictor for arm64
These are part of the Meltdown/Spectre mitigations for arm64
now available for 4.14 and 4.15

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-19 14:23:31 +00:00
Rolf Neugebauer
231cead2cc kernel: Update to 4.15.4/4.14.20/4.9.82/4.4.116
The 4.14.20 update has Meltdown/Spectre fixes for arm64

The 4.4.116 update incorporates the proper fix for the
div by zero crash in the firmware loader, so the patch
with the hackish workaround was dropped.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-19 14:06:11 +00:00
Rolf Neugebauer
1baf815c9a
Merge pull request #2897 from TiejunChina/master-dev
Support Preempt-RT Linux kernel
2018-02-19 14:00:54 +00:00
Jason A. Donenfeld
82ec5cd4e7 wireguard: update to 0.0.20180218
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-18 21:46:59 +01:00
Tiejun Chen
0e5d447f07 Support Preempt-RT Linux kernel
In order to get such a preempt-rt Linux kerne, we grab -rt patch via
https://www.kernel.org/pub/linux/kernel/projects/rt/. So far we just enable it
over 4.14.x.

Signed-off-by: Tiejun Chen <tiejun.china@gmail.com>
2018-02-16 05:47:22 -08:00
Rolf Neugebauer
bf18c1366b kernel: Add Hyper-V socket trace points to 4.14 kernel
This should make debugging a lot easier. Note, 991f8f1c6eb6
("hyper-v: trace channel events"), patch 18, required some
minor modifications from upstream as another patch was not easy
to cherry-pick.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-13 18:00:39 +00:00
Rolf Neugebauer
43ba6de147 kernel: Update to 4.15.3/4.14.19/4.9.81
Drop the hack for the microcode division by 0 on GCP as
a proper fix is in upstream as:
2760f452a718 ("x86/microcode: Do the family check first")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-13 17:22:23 +00:00
Rolf Neugebauer
acfca26038 kernel: Update to 4.15.2/4.14.18
These kernels have significant changes/addition for Spectre
mitigation as well as the usual other set of fixes.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-08 11:50:17 +00:00
Rolf Neugebauer
d0d7738efa kernel: Tighten patching of the kernel
- Disable any fuzzing. Patches should apply cleanly
- Assume unified diffs

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-08 11:50:17 +00:00
Rolf Neugebauer
334334cea9 kernel: Adjust 4.4 kernel config
The CONFIG_BPF_JIT_ALWAYS_ON option has now been back-ported
to 4.4.115 as well. Enable it.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 18:43:34 +00:00
Rolf Neugebauer
ee0f182014 kernel: Update to 4.15.1/4.14.17/4.9.80/4.4.115
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 18:06:25 +00:00
Rolf Neugebauer
9ccfe3cef7 kernel: Add the 4.15.x kernel series
The kernel config was derived from the 4.14.x config being run
through make oldconfig

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 13:23:40 +00:00
Rolf Neugebauer
e4c4737548 kernel: Add patch to prevent division by zero panic
This adds a patch to avoid a division by zero panic for 4.4.x
and 4.9.x kernels on single vCPU machine types on Google Cloud.

4.14.x and 4.15.x kernels seem to work fine.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 13:23:40 +00:00
Rolf Neugebauer
82f3f9ae9a kernel: Enable new BPF_JIT_ALWAYS_ON
This option is not enabled by default, but disables the
BPF interpreter which can be used to inject speculative
execution into the kernel. Enabled it as it seems
like a good security measure.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 13:23:40 +00:00
Rolf Neugebauer
a6a5f69c8d kernel: Update to 4.14.16/4.9.79/4.4.114
The 4.14 and 4.9 kernels have a significant number of
fixes to eBPF and also a fix for kernel level sockets
and namespace removals, ie fixes some aspects of
https://github.com/moby/moby/issues/5618
"unregister_netdevice: waiting for lo to become free"

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2018-02-06 13:23:40 +00:00
Jason A. Donenfeld
fa77458231 wireguard: update to 0.0.20180202
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-02 19:12:19 +01:00
Emily Casey
e0374afb54 Use microcode-20171117 in kernel build as microcode-20180108 is no longer available
Signed-off-by: Emily Casey <ecasey@pivotal.io>
Signed-off-by: Steve Hiehn <shiehn@pivotal.io>
2018-01-30 17:51:40 -05:00