Commit Graph

723 Commits

Author SHA1 Message Date
Krister Johansen
4dbdfb65d2 Move up to the 0.11.0 bcc release.
Allows us to drop some patches we were carrying, since the bugs were
fixed upstream.  Gives numerous tooling improvements too.

Signed-off-by: Krister Johansen <krister.johansen@oracle.com>
2019-12-16 14:02:34 -08:00
Krister Johansen
a0d797916d Re-enable perf build. Update bcc build.
Re-enable perf builds for 5.3.x and 4.19.x since they're the latest
stable and LTS, respectively.

Update the bcc build rules to map to these same kernel releases, too.

Signed-off-by: Krister Johansen <krister.johansen@oracle.com>
2019-12-16 14:02:34 -08:00
Krister Johansen
dad20f2e91 Add a patch that ensures that bcc can run on the 5.3.x kernel.
Signed-off-by: Krister Johansen <krister.johansen@oracle.com>
2019-12-16 14:00:42 -08:00
Krister Johansen
59481bd5d3 Add patches to unbreak perf and bcc.
The first patch re-adds symbol definitions that were temporarily omitted
from the 4.19 stable branch.

The latter patch corrects the uapi swab.h to that errors about "unknown
type name '__always_inline'" are no longer present in builds.  Without
this patch, bcc would build but attempts to compile the internal
programs at runtime would fail.

Signed-off-by: Krister Johansen <krister.johansen@oracle.com>
2019-12-16 14:00:42 -08:00
David Scott
e2e941dad3 wireguard: update to 0.0.20191212
Signed-off-by: David Scott <dave.scott@docker.com>
2019-12-16 11:32:02 +00:00
Rolf Neugebauer
4092a10063
Merge pull request #3436 from Ptitpote/kconfig-tag-patch
Add the possibility to tag linuxkit/kconfig with a custom tag
2019-11-06 19:50:02 +00:00
Gabriel Chabot
db10873122 Add the possibility to tag linuxkit/kconfig with a custom tag instead of latest
KCONFIG_TAG variable can be used to set a custom kconfig tag.
If KCONFIG_TAG is not set, the the image is tagged as linuxkit/kconfig:latest
This is useful for projects requiring to build multiple kernels that have
different patches.
When trying to edit an unpatched kernel config after working on a patched
kernel config (same kernel version), one had to rerun make kconfig first
in order to edit the config of an unpatched kernel.
Now it is possible to generate a tegged kconfig image and then, get the wanted
config by selecting the corresponding linuxkit/kexec:tag.

Signed-off-by: Gabriel Chabot <gabriel.chabot@qarnot-computing.com>
2019-10-29 09:26:59 +01:00
Rolf Neugebauer
c2566e8dd0 kernel: Drop 5.2.x kernel from arm64 and s390x
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 20:05:44 +01:00
Rolf Neugebauer
b457648c40 kernel: Update to 5.3.2/5.2.18/4.19.76
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 20:05:05 +01:00
Rolf Neugebauer
eeafff3d27 kernel: Add rsync (required by 5.3.x kernel compile)
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
d1d731105b kernel: Enable GVE for 5.3.x kernel for x86
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
615303a1e3 kernel: Add support for 5.3.x kernels
The kernel config is copied from the 5.2.x config and
run through make oldconfig

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
4f0cd57748 kernel: Update to 5.2.17/4.19.75/4.14.146/4.9.194
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
c7cf340fd2 kernel: Update Intel ucode to 20190918
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
805271f12c kernel: Adjust kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
acab34371a kernel: Update to 5.2.16/4.19.74/4.14.145/4.9.193
This skips 5.2.10-15, 4.19.72-73, and 4.14.143-144

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
177de7512f kernel: Re-enable 5.2.x kernel for s390x
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Rolf Neugebauer
84375a65b9 kernel: Add -fPIC to kernel compile on s390x
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-10-02 19:45:33 +01:00
Yoann Ricordel
1ee293bcc2 Move microcode download earlier in Dockerfile
Intel microrode download is moved earlier in the Dockerfile, before the
kernel is actually built, so that it's available in the context of a
build and can be referenced in CONFIG_EXTRA_FIRMWARE for people who want
the microcode to be built-in the kernel.
It is still copied in the out/ directory and so that it is still
available for addition in a 'ucode:' section in linuxkit.yml.

Signed-off-by: Yoann Ricordel <yoann.ricordel@qarnot-computing.com>
2019-09-23 12:30:35 +02:00
Rolf Neugebauer
a89c556125 kernel: Disable 5.2.x kernel for s390x for now
see: https://github.com/linuxkit/linuxkit/issues/3412

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:54 +01:00
Rolf Neugebauer
3b00838d6d kernel: Adjust s390x defconfig location
With 5.2.x the location moved to the configs subdirectory
to be more in line with other architectures.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:54 +01:00
Rolf Neugebauer
6649327285 kernel: Bump WireGuard to 0.0.20190913
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:54 +01:00
Rolf Neugebauer
0b352bae73 kernel: Update kernel build to latest alpine base
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:54 +01:00
Rolf Neugebauer
b406e5358b kernel: Remove 5.1.x
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:54 +01:00
Rolf Neugebauer
f620837773 kernel: Tweak 5.2.x kernel config
Disable Backlight drivers.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:53 +01:00
Rolf Neugebauer
a1cd1a9c43 kernel: Add 5.2.x kernels
The kernel config is derived from the 5.1.x config and
run through make oldconfig

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:53 +01:00
Rolf Neugebauer
515505b76e kernel: Adjust kernel config files
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:53 +01:00
Rolf Neugebauer
afd271fb85 kernel: Update to v4.19.71/4.14.142/4.9.192
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:53 +01:00
Rolf Neugebauer
ac4786ebb8 kernel: Make VSOCKETS a module in all kernels
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-09-17 21:36:53 +01:00
Rolf Neugebauer
b4e0fdb891
Merge pull request #3407 from djs55/module-vsock
Switch to vsock as a module
2019-09-15 12:03:30 +01:00
Tiejun Chen
0388410192 update -rt to 4.19.59-rt24
Signed-off-by: Tiejun Chen <tiejunc@vmware.com>
2019-09-10 17:54:21 -07:00
Rolf Neugebauer
472c7d944f kernel: Update to 5.1.15/4.19.56/4.14.131/4.9.184
Note, this skips 4.14.130 and 4.9.183 as the diff
is just one commit.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-08-29 09:04:42 +01:00
Rolf Neugebauer
315ddf88e2 kernel: Enable WIRELESS and WLAN in x86 and arm64 configs
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-08-29 09:04:41 +01:00
Rolf Neugebauer
380a05e416 kernel: Update to 5.1.14/4.19.55/4.14.129
This skips 5.1.13 and 4.19.54 because the diff was
a single commit.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-08-29 09:04:41 +01:00
Rolf Neugebauer
54f54f0791 kernel: Update to 5.1.12/4.19.53/4.14.128
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-08-29 09:04:41 +01:00
David Scott
138199299a Switch to vsock as a module
Signed-off-by: David Scott <dave.scott@docker.com>
2019-07-09 15:30:01 +01:00
Rolf Neugebauer
f7b3eb38ef kernel: Update wireguard to 0.0.20190601
This skips 0.0.20190531

Changelog for 0.0.20190601

== Changes ==

  * compat: don't call xgetbv on cpus with no XSAVE

  There was an issue with the backport compat layer in yesterday's snapshot,
  causing issues on certain (mostly Atom) Intel chips on kernels older than
  4.2, due to the use of xgetbv without checking cpu flags for xsave support.
  This manifested itself simply at module load time. Indeed it's somewhat tricky
  to support 33 different kernel versions (3.10+), plus weird distro
  frankenkernels.

Changelog for 0.0.20190531

== Changes ==

  * tools: add wincompat layer to wg(8)

  Consistent with a lot of the Windows work we've been doing this last cycle,
  wg(8) now supports the WireGuard for Windows app by talking through a named
  pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
  Because programming things for Windows is pretty ugly, we've done this via a
  separate standalone wincompat layer, so that we don't pollute our pretty *nix
  utility.

  * compat: udp_tunnel: force cast sk_data_ready

  This is a hack to work around broken Android kernel wrapper scripts.

  * wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

  FreeBSD had a number of kernel race conditions, some of which we can vaguely
  work around. These are in the process of being fixed upstream, but probably
  people won't update for a while.

  * wg-quick: make darwin and freebsd path search strict like linux

  Correctness.

  * socket: set ignore_df=1 on xmit

  This was intended from early on but didn't work on IPv6 without the ignore_df
  flag. It allows sending fragments over IPv6.

  * qemu: use newer iproute2 and kernel
  * qemu: build iproute2 with libmnl support
  * qemu: do not check for alignment with ubsan

  The QEMU build system has been improved to compile newer versions. Linking
  against libmnl gives us better error messages. As well, enabling the alignment
  check on x86 UBSAN isn't realistic.

  * wg-quick: look up existing routes properly
  * wg-quick: specify protocol to ip(8), because of inconsistencies

  The route inclusion check was wrong prior, and Linux 5.1 made it break
  entirely. This makes a better invocation of `ip route show match`.

  * netlink: use new strict length types in policy for 5.2
  * kbuild: account for recent upstream changes
  * zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2

  The usual churn of changes required for the upcoming 5.2.

  * timers: add jitter on ack failure reinitiation

  Correctness tweak in the timer system.

  * blake2s,chacha: latency tweak
  * blake2s: shorten ssse3 loop

  In every odd-numbered round, instead of operating over the state
      x00 x01 x02 x03
      x05 x06 x07 x04
      x10 x11 x08 x09
      x15 x12 x13 x14
  we operate over the rotated state
      x03 x00 x01 x02
      x04 x05 x06 x07
      x09 x10 x11 x08
      x14 x15 x12 x13
  The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
  row, which is in the critical path. This results in a noticeable latency
  improvement of roughly R cycles, for R diagonal rounds in the primitive. As
  well, the blake2s AVX implementation is now SSSE3 and considerably shorter.

  * tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

  System integrators can now specify things like
  WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
  scripts and services, or 0, or any other integer.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-28 00:39:23 +01:00
Rolf Neugebauer
d58859dd7f
Merge pull request #3363 from lpottier/fix-kconfig-urls
Fixed urls used to download kernel images from kernel.org in kernel/Dockerfile.kconfig, used by make kconfig
2019-06-25 22:52:39 +02:00
Loïc Pottier
52aa902800
Added --create-dirs to Dockerfile.kconfig to fix a crash when
the sources/ directory does not exist

Signed-off-by: Loïc Pottier <lpottier@isi.edu>
2019-06-25 11:37:45 -07:00
Rolf Neugebauer
24eb7b048c
Merge pull request #3381 from bjornin/update-zfs-0.8.1
Update zfs to 0.8.1
2019-06-20 01:02:38 +01:00
Björn Ingeson
3322e7ad18 Update zfs to 0.8.1
Since SPL is included in the ZFS repo from 0.8.0 this change will not be backwards compatible.

Signed-off-by: Björn Ingeson <bjorn.ingeson@gmail.com>
2019-06-19 23:30:44 +02:00
Tiejun Chen
ee4ebc7f2a update -rt to 4.19.50-rt22
Signed-off-by: Tiejun Chen <tiejunc@vmware.com>
2019-06-18 16:39:12 -07:00
Rolf Neugebauer
8922b437dd kernel: Update to 5.1.11/4.19.52/4.14.127/4.9.182/4.4.182
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-17 23:05:46 +01:00
Rolf Neugebauer
b1991877f6 kernel: Update to 5.1.10/4.19.51/4.14.126/4.9.181
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-17 08:38:26 +01:00
Rolf Neugebauer
c77ef1560f kernel: Update to 5.1.9/4.19.50/4.14.125
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-16 21:53:37 +01:00
Rolf Neugebauer
b3805745f2 kernel: Update to 5.1.8/4.19.49/4.14.124
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-10 09:35:08 +01:00
Rolf Neugebauer
4a86f4423d kernel: Adjust 4.19.x kernel config file
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-10 09:35:08 +01:00
Rolf Neugebauer
ae53b3f28f kernel: Update to 5.1.7/4.19.48
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-10 09:35:08 +01:00
Rolf Neugebauer
fcb618822b Remove the 5.0.x kernel
It was EOLed with 5.0.21

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-10 09:35:08 +01:00
Dominic White
340dba89a0 Update kernel Dockerfile with openssl-dev dep
Kernel series 5.1.x requires openssl headers to compile scripts/extract-cert.c.

Signed-off-by: singe <singe-github@singe.za.net>
2019-06-06 15:24:08 +02:00
Rolf Neugebauer
07847a51a5 kernel: Adjust arm64 kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-01 19:26:11 +01:00
Rolf Neugebauer
409a06ba5d kernel: Update to 5.1.6/5.0.20/4.19.47/4.9.180
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-06-01 13:46:12 +01:00
Tiejun Chen
2fc3151ccd update -rt to 4.19.37-rt20
Signed-off-by: Tiejun Chen <tiejunc@vmware.com>
2019-05-30 17:57:53 -07:00
Rolf Neugebauer
7b784fedb5 kernel: Adjust kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-27 08:39:19 +01:00
Rolf Neugebauer
747138ca72 kernel: Update to 5.1.5/5.0.19/4.19.46/4.14.122/4.9.179
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-26 23:14:14 +01:00
Rolf Neugebauer
3c983a78e8 kernel: Adjust s390x config file
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-26 16:22:53 +01:00
Rolf Neugebauer
76e9d95fda kernel: Update to 5.1.4/5.0.18/4.19.45/4.14.121/4.9.178
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-26 14:35:06 +01:00
Rolf Neugebauer
fde7e0e612 kernel: Update to 5.1.3/5.0.17/4.19.44/4.14.120/4.9.177
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-26 12:09:27 +01:00
Rolf Neugebauer
f040d05d20 kernel: Enable HOTPLUG_PCI_ACPI for x86
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 18:53:41 +01:00
Rolf Neugebauer
7cb48d2e82 kernel: Update kernels to 5.1.2/5.0.16/4.19.43/4.14.119/4.9.176
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 18:37:18 +01:00
Rolf Neugebauer
13e232519b kernel: Update Intel microcode
Intel seem to have switched to hosting the microcode on GitHub.
Use this source and update to the 20190514 version.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 18:32:35 +01:00
Rolf Neugebauer
d7d2f1af8e kernel: Remove 5.0.x kernel for arm64 and s390x
To reduce the number of kernels to compile...

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 18:32:35 +01:00
Rolf Neugebauer
750bdfd5eb
Merge pull request #3350 from schrotthaufen/rpi3bp
kernel: Include lan78xx kernel module for use with rpi3b+
2019-05-25 10:31:35 -07:00
Rolf Neugebauer
20d47a9bc3 Revert "kernel: Disable WireGuard for 5.1.x kernels"
This reverts commit 0a46f29a05.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 14:16:25 +01:00
Rolf Neugebauer
9f6b8ee81d kernel: Update WireGuard to 0.0.20190406
== Changes ==

  * allowedips: initialize list head when removing intermediate nodes

  Fix for an important regression in removing allowed IPs from the last
  snapshot. We have new test cases to catch these in the future as well.

  * wg-quick: freebsd: rebreak interface loopback, while fixing localhost
  * wg-quick: freebsd: export TMPDIR when restoring and don't make empty

  Two fixes for FreeBSD which have already been backported into ports.

  * tools: genkey: account for short reads of /dev/urandom
  * tools: add support for Haiku

  The tools now support Haiku! Maybe somebody is working on a WireGuard
  implementation for it?

  * tools: warn if an AllowedIP has a nonzero host part

  If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
  will now print a warning. Even though we mask this automatically down to
  192.168.1.0/24, usually when people specify it like this, it's a mistake.

  * wg-quick: add 'strip' subcommand

  The new strip subcommand prints the config file to stdout after stripping
  it of all wg-quick-specific options. This enables tricks such as:
  `wg addconf $DEV <(wg-quick strip $DEV)`.

  * tools: avoid unneccessary next_peer assignments in sort_peers()

  Small C optimization the compiler was probably already doing.

  * peerlookup: rename from hashtables
  * allowedips: do not use __always_inline
  * device: use skb accessor functions where possible

  Suggested tweaks from Dave Miller.

  * qemu: set framewarn 1280 for 64bit and 1024 for 32bit

  These should indicate to us more clearly when we cross the most strict stack
  thresholds expected when using recent compilers with the kernel.

  * blake2s: simplify
  * blake2s: remove outlen parameter from final

  The blake2s implementation has been simplified, since we don't use any of the
  fancy tree hashing parameters or the like. We also no longer separate the
  output length at initialization time from the output length at finalization
  time.

  * global: the _bh variety of rcu helpers have been unified
  * compat: nf_nat_core.h was removed upstream
  * compat: backport skb_mark_not_on_list

  The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-25 14:05:51 +01:00
schrotthaufen
0120b7dc74 kernel: Include lan78xx kernel module for use with rpi3b+
Signed-off-by: schrotthaufen <schrotthaufen@invalid.invalid>
2019-05-16 20:32:43 +02:00
Rolf Neugebauer
0a46f29a05 kernel: Disable WireGuard for 5.1.x kernels
Getting compile errors:

AS [M]  /wireguard/crypto/zinc/chacha20/chacha20-x86_64.o
In file included from <command-line>:
/wireguard/compat/compat.h:795:10: fatal error: net/netfilter/nf_nat_core.h: No such file or directory
 #include <net/netfilter/nf_nat_core.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-12 18:24:40 +01:00
Rolf Neugebauer
63a120c4a1 kernel: Add support for 5.1.x kernels
The config files were derived from the 5.0.x config
files and run through make oldconfig.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-12 16:10:51 +01:00
Rolf Neugebauer
7bebc0fae5 kernel: Update to 5.0.15/4.19.42/4.14.118/4.9.175
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-12 11:54:15 +01:00
Rolf Neugebauer
7cb1d40a4a kernel: Update to 5.0.14/4.19.41/4.14.117/4.9.174
Skip 5.0.13 and 4.19.40 as the delta to the previous
version is like ~25 patches.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-11 18:36:13 +01:00
Rolf Neugebauer
7e6f117f9e kernel: Update to 5.0.12/4.19.39/4.14.116/4.9.173
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-05 13:31:12 +01:00
Rolf Neugebauer
9a969a6bbe kernels: Update to 5.0.11/4.19.38/4.14.115/4.9.172
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-05-05 10:31:40 +01:00
Rolf Neugebauer
44b91954b6 kernel: Update to 5.0.10/4.19.37/4.14.114/4.9.172
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-28 11:10:30 +01:00
Rolf Neugebauer
b22ba61a2b kernel: Update to 5.0.9/4.19.36/4.14.113/4.9.170
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-22 11:03:01 +01:00
Rolf Neugebauer
a39ee60478 kernel: Remove dependency on 'sources'
Commit d47b283df4 ("kernel: Remove fetch target") removed
the 'fetch' target to simplify the Makefile. This left
dependencies on 'sources' lingering. Remove it.

resolves #3333

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-22 11:03:01 +01:00
Rolf Neugebauer
724c807b49 kernel: Update config files
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-19 11:19:21 +01:00
Rolf Neugebauer
719a2753db kernel: Update to 5.0.8/4.19.35/4.14.112/4.9.169
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-19 10:54:27 +01:00
Rolf Neugebauer
51fd2916c6 kernel: Update gcc version in kernel config files
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-17 08:28:21 +01:00
Rolf Neugebauer
03e0d67051 kernel: Update alpine to latest
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-17 07:43:18 +01:00
Rolf Neugebauer
74c8caa450 kernel: Update to 5.0.7/4.19.34/4.14.111/4.9.168
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-13 18:36:44 +01:00
Rolf Neugebauer
250b14661b kernel: Use elfutils-dev instead of libelf-dev
With kernel 5.0.6 we start seeing compile errors such as:

  HOSTCXX -fPIC scripts/gcc-plugins/randomize_layout_plugin.o
In file included from <stdin>:1:
/usr/include/libelf/libelf.h:28:5: error: "__LIBELF_INTERNAL__" is not defined, evaluates to 0 [-Werror=undef]
 #if __LIBELF_INTERNAL__
     ^~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

elutils-dev installs a different version of libelf.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-05 19:01:51 +01:00
Rolf Neugebauer
658da5b94a kernel: Update to 5.0.6/4.19.33/4.14.110/4.9.167
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-04-03 23:26:06 +01:00
Rolf Neugebauer
01b7472e98 kernel: Update to 5.0.5/4.19.32/4.14.109/4.9.166
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-31 19:45:53 +01:00
Rolf Neugebauer
b1249c28ca kernel: Update to 5.0.4/4.19.31
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-25 09:11:10 +00:00
Rolf Neugebauer
e1b94133f1 kernel: Remove 4.20.x
It has been EOLed

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-25 09:07:29 +00:00
Rolf Neugebauer
edb8c29e8e kernel: Update to 5.03/4.20.17/4.19.30/4.14.108/4.9.165
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-24 23:21:29 +00:00
Rolf Neugebauer
f3e7087114 kernel: Enable BFQ in 5.x kernels
All our 4.x kernels had CFQ enabled. This was removed
in 5.x and replaced with BFQ. Enable it.

resolves #3308

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-24 13:41:33 +00:00
Rolf Neugebauer
cf5221eca9 kernel: Adjust 4.20.x/4.19.x x86 kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-24 13:14:18 +00:00
Rolf Neugebauer
0a8d501c41 kernel: Update to 5.02/4.20.16/5/19.29/4.14.107/4.9.164
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-24 13:00:34 +00:00
Rolf Neugebauer
aed0401150 kernel: Adjust 4.14.x/4.9.x config files
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-23 23:21:49 +00:00
Rolf Neugebauer
410aefb425 kernel: Update Intel microcode
Hmm, the URL changed, the md5 changed, but the date
on the website and the file stayed the same...

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-23 21:17:09 +00:00
Rolf Neugebauer
e5d8ded27e kernel: Update to 4.14106/4.9.163
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-23 19:38:49 +00:00
Rolf Neugebauer
8972f35d9a kernel: Remove 4.14.x for s390x and arm64
To reduce the number of kernels we maintain, for s390x
and ar64 we only support the latest LTS and newer kernels.
v4.19.x has been out for a while, so lets remove support for
v4.14.x.

resolves #3302

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-23 19:31:23 +00:00
Rolf Neugebauer
419c808f07 kernel: Update to 4.20.15/4.19.28
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-10 23:29:31 +00:00
Rolf Neugebauer
74d9638275 kernel: Add support for the v5.0.x kernel
The kernel config files are 4.20.x config files run through
make oldconfig for the 5.0 kernel.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-10 23:29:19 +00:00
Rolf Neugebauer
d47b283df4 kernel: Remove fetch target
This target allowed to locally download the kernel source
tar balls. We haven't used this foir a while and adding
v5.x kernel support for it would add yet another conditional.

Remove it to keep the Makefile simpler.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-10 23:29:04 +00:00
Rolf Neugebauer
d79e8d9d6c kernel: Support v5.x kernels in kconfig build
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-10 23:28:49 +00:00
Rolf Neugebauer
9502197456 kernel: Add support for building v5.x kernels
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-10 23:28:37 +00:00
Rolf Neugebauer
00b0abcf59 kernel: Update to 4.20.14/4.19.37/4.14.105/4.9.162
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-08 00:52:36 +00:00
Rolf Neugebauer
7d31ea1135 kernel: Reorder build targets to be in numerical order
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-08 00:52:36 +00:00
Rolf Neugebauer
05c8849a97 kernel: Build a 4.19 debug kernel on x86 (instead of 4.14)
We switched to 4.19.x as the default kernel and debug
kernel build was not updated. Fix it.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-08 00:52:36 +00:00
Rolf Neugebauer
043faae78e
Merge pull request #3298 from TiejunChina/master-dev
Enable Preempt-RT Linux 4.19.x into Linuxkit
2019-03-07 20:16:17 +00:00
Rolf Neugebauer
3228d21abf kernel: Update gcc version in 4.19.x and 4.20 kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-06 20:12:00 +00:00
Rolf Neugebauer
94cdfb55b6 kernel: Skip perf build for now
See https://github.com/linuxkit/linuxkit/issues/3299

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-06 01:04:54 +00:00
Rolf Neugebauer
d041e7d2bf kernel: Factor our perf build from main kernel build
The build of the perf utility has been quite bothersome,
with different arches and kernel versions failing.

Since we now have the ful kernel source in the package,
factor out the actual build into Dockerfile.perf

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-06 00:37:31 +00:00
Rolf Neugebauer
94516fe2a8 kernel: Remove libressl from kernel build Dockerfile
Alpine 3.9 no longer uses libressl

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-05 23:18:58 +00:00
Tiejun Chen
92ebe10a62 enable 4.19.x-rt with preempt-rt Linux 4.19.15
Signed-off-by: Tiejun Chen <tiejun.china@gmail.com>
2019-03-04 13:43:55 -08:00
Tiejun Chen
daab1a1ecc remove 4.14.x-rt stuff
Signed-off-by: Tiejun Chen <tiejun.china@gmail.com>
2019-03-04 13:43:48 -08:00
Rolf Neugebauer
9a9d9670e8 kernel: Update build to use the latest linuxkit/alpine
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-03 11:18:21 +00:00
Rolf Neugebauer
1e916001f0 kernel: Adjust kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-01 08:33:49 +00:00
Rolf Neugebauer
5a1e83e639 kernel: Update to 4.20.13/4.19.26/4.14.104/4.9.161
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-03-01 08:06:52 +00:00
Jason A. Donenfeld
572c7c221a wireguard: upgrade to 0.0.20190227
* wg-quick: freebsd: allow loopback to work

FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.

* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention

Usual nits.

* systemd: wg-quick should depend on nss-lookup.target

Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp

This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.

* hashtables: decouple hashtable allocations from the main device allocation

The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.

* chacha20poly1305: permit unaligned strides on certain platforms

The map allocations required to fix this are mostly slower than unaligned
paths.

* noise: store clamped key instead of raw key

This causes `wg show` to now show the right thing. Useful for doing
comparisons.

* compat: ipv6_stub is sometimes null

On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.

* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable

* queueing: net-next has changed signature of skb_probe_transport_header

A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.

* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips

This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 00:35:24 +01:00
Rolf Neugebauer
9440e48f4f kernels: Update to 4.20.12/4.19.25/4.14.103/4.9.160
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-24 19:48:17 +00:00
Rolf Neugebauer
882ee6afb5 kernels: Update to 4.20.11/4.19.24/4.14.102/4.9.159
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-24 13:12:28 +00:00
Rolf Neugebauer
402d712ed6 kernel: Adjust 4.9.x kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-24 10:20:43 +00:00
Rolf Neugebauer
0ebc73d57f kernels: Update to 4.20.10/4.19.23/4.14.101/4.9.158
This skiks 4.20.9/4.19.22/4.14.100/4.9.157 because they
contained a bug. See:
https://lwn.net/Articles/779934/

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-23 13:26:12 +00:00
Rolf Neugebauer
fee4e492fd kernels: Update to 4.20.8/4.19.21/4.14.99/4.19.156
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-23 09:47:19 +00:00
Rolf Neugebauer
5ffa60f639 kernel: Update to 4.20.7/4.19.20/4.14.98/4.9.155
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-08 23:25:28 +00:00
Rolf Neugebauer
1c49fa2c8f kernels: Update to 4.20.6/4.19.19/4.14.97/4.9.154
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-02-01 19:34:57 +00:00
Rolf Neugebauer
405500aac0 kernels: Adjust 4.14.x config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-28 19:34:27 +00:00
Rolf Neugebauer
ab527e7afb kernels: Update to 4.2.5/4.19.18/4.14.96/4.9.153
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-28 18:20:01 +00:00
Rolf Neugebauer
f85b16e0bd kernel: Update to 4.20.4/4.19.17/4.14.95/4.9.152
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-25 20:16:00 +00:00
Jason A. Donenfeld
a94099639e wireguard: upgrade to 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:50:55 +01:00
Ilya Dmitrichenko
872a92849b
Use latest stable release of ZFS
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
2019-01-19 10:04:34 +00:00
Rolf Neugebauer
ffd8d19cfd kernel: Update to 4.20.3/4.19.16/4.14.94/4.9.151
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-17 19:51:32 +00:00
Rolf Neugebauer
3b4f70dd76 kernel: Update to 4.20.2/4.19.15/4.14.93/4.9.150
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-16 22:28:57 +00:00
Tiejun Chen
ef9302bc01 update -rt to 4.14.87-rt50
Signed-off-by: Tiejun Chen <tiejunc@vmware.com>
2019-01-14 20:49:28 -08:00
Rolf Neugebauer
be99dbcda2 kernel: Adjust the 4.20/4.19 configs for x86 and arm64
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-12 13:28:22 +00:00
Rolf Neugebauer
d9504a7904 kernel: Update to 4.20.1/4.19.14/4.14.92/4.9.149
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-12 11:55:36 +00:00
Tiejun Chen
e7481213e4 update -rt to 4.14.87-rt49
Signed-off-by: Tiejun Chen <tiejunc@vmware.com>
2019-01-06 13:29:54 -08:00
Rolf Neugebauer
77422d26c0 kernel/arm64: Enable ENA driver
The new AWS A1 instances use the ENA network driver.
Enable it.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-02 22:17:36 +00:00
Rolf Neugebauer
ae1f2dd6af kernel/x86_64,arm64: Enable STACKLEAK GCC plugin
Enable the STACKLEAK GCC plugin which erases the
kernel stack before returning from system calls.
This security options has a reported performance
hit of around 1% which seem like a reasonable amount.

For more details see: https://outflux.net/blog/archives/2018/12/24/security-things-in-linux-v4-20/

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-02 22:17:36 +00:00
Rolf Neugebauer
ce3dc79509 kernel: Add support for 4.20.x kernels
The kernel config was derived from the 4.19.13 kernel config
run through the 'make oldconfig' with all defaults accepted,
except for:
- NET_VENDOR_MICROCHIP (defauly 'y', set to 'n')

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-02 22:17:36 +00:00
Rolf Neugebauer
6c59e083f4 kernel: Simplify perf and bcc build logic
Since we removed the 4.4.x kernel, simply don't build
perf and bcc for 4.9.x kernels.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-02 22:17:36 +00:00
Rolf Neugebauer
2ab3b0a24e Remove 4.4 kernel
We already have 4.9.x, 4.14.x, and 4,19.x as LTS releases.
4.9.x has a longer lifetime as 4.4.x as well and fewer security
fixes can be backported to 4.4.x. Remove it.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2019-01-01 17:06:06 +00:00
Rolf Neugebauer
8ba5e2416d kernel: Update to 4.19.13/4.14.92/4.9.148
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-30 21:06:50 +00:00
Rolf Neugebauer
4863059b7e kernels: Enable Netronome drivers for x86/arm64
packet.net will soon have x86 and arm64 machines with NFPs.
Enable the driver for it.

The 4.9 kernel only has support for the NFP VF driver,
so don't enable it there.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-22 11:11:27 +00:00
Rolf Neugebauer
6bda9db3fc kernel: Adjust kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-22 11:04:51 +00:00
Rolf Neugebauer
cdcfcb7347 kernel: Update to 4.19.12/4.14.90/4.9.147/4.4.169
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-22 10:19:45 +00:00
Rolf Neugebauer
4ae342c097 kernel: Update to 4.19.11/4.14.89/4.9.146/4.4.168
Note this skips 4.19.10. The diff is pretty small.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-19 22:28:00 +00:00
Jason A. Donenfeld
4621b91939 wireguard: upgrade to 0.0.20181218
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 18:06:35 +01:00
Rolf Neugebauer
65e2c50b88 kernel: Update to 4.19.9/4.14.88/4.9.145/4.4.167
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-13 23:24:01 +00:00
Rolf Neugebauer
a26ff89ce8 kernel: Update to 4.19.8/4.14.87/4.9.144
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-09 13:46:31 +00:00
Rolf Neugebauer
055c0f8403 kernel: Tweak the x86 kernel config
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-06 21:55:49 +00:00
Rolf Neugebauer
765cf6c917 kernel: Update to 4.19.7/4.14.86/4.9.143
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-06 20:38:45 +00:00
Rolf Neugebauer
2b6a0e15bb kernel: Update to 4.19.6/4.14.85/4.9.142/4.4.166
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-03 23:51:48 +00:00
Rolf Neugebauer
1d405ae5cf kernel: Update to 4.19.5/4.14.84/4.9.141/4.4.165
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-12-03 22:03:55 +00:00
Rolf Neugebauer
63cfbb28d2 kernel: Disable ACPI_WMI for x86
WMI is mostly used for laptops and not relevant for
VMs and servers. Disable it.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-11-23 23:59:15 +00:00
Rolf Neugebauer
70f320db20 kernels: Update to 4.19.4/4,14.83/4.9.140
This skips 4.9.139 which is just two revert commits from
4.9.140.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-11-23 23:44:34 +00:00
Rolf Neugebauer
28ce2bbdca kernel: Remove support for 4.18.x
4.18.20 was the last 4.18.x release. Remove it.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
2018-11-23 23:40:44 +00:00