diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.6.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.17.6.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.6.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.17.6.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 43a4e8dc6e..b657c7c3d3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,4 +1,4 @@ DIST linux-4.14.tar.xz 100770500 SHA256 f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 WHIRLPOOL fee10d54ecb210156aa55364ecc15867127819e9f7ff9ec5f6ef159b1013e2ae3d3a28d35c62d663886cbe826b996a1387671766093be002536309045a8e4d10 DIST linux-4.17.tar.xz 102165892 SHA256 9faa1dd896eaea961dc6e886697c0b3301277102e5bc976b2758f9a62d3ccd13 SHA512 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db WHIRLPOOL 60573a6837a5daae91ea8d36f7aea0439a398d47810524df378b37df20ebb6fa83d518380348ec66cfe8f94b2405de59f884d52ac879cb4ff78f6674ad322077 DIST patch-4.14.54.xz 1431256 SHA256 4e2b1ba719ccced76ff8b2f9854352cef2be7d719cd19004278fa3d88b4ff345 SHA512 9a10b551c80c3670221e803e40f6bec70ca09a95bead328bd390d2d029abcdb216334d5178c54d0128e8cd6e4ae197ccb2c053d7c643c5665f04afa56857f03c WHIRLPOOL c2215b8d436a4d2d945221944f88b0bc7ef5d702066ab8d84cb8c9d6de590263fdb2f8397b6af3f97239ff8388252415d2676a44bff4c4ba1df75b671521491c -DIST patch-4.17.5.xz 121080 SHA256 cc18fcf14df25f0bab047aa180b9362bd4f3ce96f1b05e1f7764cfcc0e271bbd SHA512 2623f82b4664b5ef6af4f1f9e2758661d7c3b4b7445990fb22b1a93d33006316a7a19c03d7dfccb0c49c7cfc2791c4b0aa6c543730ffc1d095c72402f060dd5c WHIRLPOOL c3204e719418afa7da539921667e2ee3552986406e195c82acf26b086f8f5d1155e05a3e5240a9ebba711e7c37a8531d2d6898a9d1feea96f572015f07a479af +DIST patch-4.17.6.xz 138580 SHA256 7699b2246e4ed1e284f2947d5e0b66653c27574995caf6a02a3280bd055cfedf SHA512 4b791d94db704cbbe3dbf6b340735fe7999957741f116ca14060ced836aece1d4b51d0c3f376af1564e7379fbb9c9132a8e4d021fc74599f3ab037237d718651 WHIRLPOOL 81dbb7899c75150bd6bc16ca0c6ba8e1d1ee441fb5a2edf7175bb3e1220e279304334252b5de2a6abd0f3ad5b6c4c33dce7f274888988c28b2d31fb2d98724ff diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.6.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.6.ebuild index 8269e139d0..1d3b1187cc 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.17.6.ebuild @@ -40,5 +40,5 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \ ${PATCH_DIR}/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch \ ${PATCH_DIR}/z0005-xen-netfront-Update-features-after-registering-netde.patch \ - ${PATCH_DIR}/z0006-Revert-x86-boot-compressed-64-Handle-5-level-paging-.patch \ + ${PATCH_DIR}/z0006-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index adaee4e622..3141afdc47 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,4 +1,4 @@ -From 0c3103a6f47796394e400d8f4d5f8ca0cdd0851c Mon Sep 17 00:00:00 2001 +From e45b47baa01835164367387a75a1e18a1f22b9f3 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 Subject: [PATCH 1/6] kbuild: derive relative path for KBUILD_SRC from CURDIR @@ -12,7 +12,7 @@ by some undesirable path component. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index e4ddbad49636..0444b7ac844b 100644 +index 1a885c8f82ef..a9549cda93fb 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make @@ -26,5 +26,5 @@ index e4ddbad49636..0444b7ac844b 100644 # Leave processing to above invocation of make -- -2.14.4 +2.17.1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch index 66191afef2..bdd33bec82 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0002-Add-arm64-coreos-verity-hash.patch @@ -1,4 +1,4 @@ -From e8e6f7ecf0e3e62573730265b05928d4ea250062 Mon Sep 17 00:00:00 2001 +From 004c2ed4bbe430e6d700588c0b43a4d0ec9789bf Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 Subject: [PATCH 2/6] Add arm64 coreos verity hash @@ -25,5 +25,5 @@ index 613fc3000677..fdaf86c78332 100644 /* * The debug table is referenced via its Relative Virtual Address (RVA), -- -2.14.4 +2.17.1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch index 6bc61f54da..964a4e8eca 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch @@ -1,4 +1,4 @@ -From 20e5dbdef3b477c1cd0e8a8d303d56972b0146bc Mon Sep 17 00:00:00 2001 +From 9e799d52e03f0c53012543fd8fe8450617c5c068 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 8 Feb 2018 21:23:12 -0500 Subject: [PATCH 3/6] tools/objtool/Makefile: Don't fail on fallthrough with @@ -23,5 +23,5 @@ index 95563b8e1ad7..307652c42a7b 100644 CFLAGS += -I$(srctree)/tools/include/ -- -2.14.4 +2.17.1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch index 8d65b49f63..8a45b7c6a0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch @@ -1,4 +1,4 @@ -From 2e4ddc35026d1cbd95b31766626ded7fd26e2f05 Mon Sep 17 00:00:00 2001 +From 076984201d09be7d1629b99a70472afe538d4f51 Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:20 +0100 Subject: [PATCH 4/6] xen-netfront: Fix mismatched rtnl_unlock @@ -34,5 +34,5 @@ index 4dd0668003e7..244095bfd604 100644 return err; } -- -2.14.4 +2.17.1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-xen-netfront-Update-features-after-registering-netde.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-xen-netfront-Update-features-after-registering-netde.patch index ccc3f2e096..8d6fa7ed62 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-xen-netfront-Update-features-after-registering-netde.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0005-xen-netfront-Update-features-after-registering-netde.patch @@ -1,4 +1,4 @@ -From 1d2a593355a04f39157c94c72b86cf763455ccf5 Mon Sep 17 00:00:00 2001 +From 27e6afb3bb0190bcdddf5e56c54938da86818908 Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:21 +0100 Subject: [PATCH 5/6] xen-netfront: Update features after registering netdev @@ -45,5 +45,5 @@ index 244095bfd604..1d5082d30187 100644 * All public and private state should now be sane. Get * ready to start sending and receiving packets and give the driver -- -2.14.4 +2.17.1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch new file mode 100644 index 0000000000..41aa8f8cee --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch @@ -0,0 +1,77 @@ +From 05aa6dd51095317744ead6d2c500442b7a1f6905 Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Wed, 4 Jul 2018 18:08:57 +0300 +Subject: [PATCH 6/6] 4.17.x won't boot due to "x86/boot/compressed/64: Handle + 5-level paging boot if kernel is above 4G" + +On Tue, Jul 03, 2018 at 05:21:50PM +0300, Kirill A. Shutemov wrote: +> On Tue, Jul 03, 2018 at 03:44:03PM +0300, Kirill A. Shutemov wrote: +> > On Tue, Jul 03, 2018 at 01:24:49PM +0200, Gabriel C wrote: +> > > 2018-07-01 23:32 GMT+02:00 Benjamin Gilbert : +> > > > On Sun, Jul 01, 2018 at 05:15:59PM -0400, Benjamin Gilbert wrote: +> > > >> 4.17 kernels built with the CoreOS Container Linux toolchain and kconfig, +> > > >> up to and including 4.17.3, fail to boot on AMD64 running in (at least) +> > > >> QEMU/KVM. No messages are shown post-GRUB; the VM instantly reboots. +> > > >> Reverting commit 194a9749c73d ("x86/boot/compressed/64: Handle 5-level +> > > >> paging boot if kernel is above 4G") fixes it. I've attached our kernel +> > > >> config for reference, and am happy to test patches, provide sample QCOW +> > > >> images, etc. +> > > > +> > > +> > > Also see https://bugzilla.kernel.org/show_bug.cgi?id=200385 , +> > > +> > > 0a1756bd2897951c03c1cb671bdfd40729ac2177 is acting up +> > > too with the same symptoms +> > +> > I tracked it down to -flto in LDFLAGS. I'll look more into this. +> +> -flto in LDFLAGS screws up this part of paging_prepare(): + ++Masahiro, Michal. + +I've got it wrong. *Any* LDFLAGS option passed to make this way: + + make LDFLAGS="..." + +would cause a issue. Even empty. + +It overrides all assignments to the variable in the makefile. +As result the image is built without -pie and linker doesn't generate +position independed code. + +Looks like the patch below helps, but my make-fu is poor. +I don't see many override directives in kernel makefiles. +It makes me think that there's a better way to fix this. + +Hm? +--- + arch/x86/boot/compressed/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile +index fa42f895fdde..4f24baa8cdeb 100644 +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -42,16 +42,16 @@ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ + GCOV_PROFILE := n + UBSAN_SANITIZE :=n + +-LDFLAGS := -m elf_$(UTS_MACHINE) ++override LDFLAGS := -m elf_$(UTS_MACHINE) + # Compressed kernel should be built as PIE since it may be loaded at any + # address by the bootloader. + ifeq ($(CONFIG_X86_32),y) +-LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) ++override LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) + else + # To build 64-bit compressed kernel as PIE, we disable relocation + # overflow check to avoid relocation overflow error with a new linker + # command-line option, -z noreloc-overflow. +-LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ ++override LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ + && echo "-z noreloc-overflow -pie --no-dynamic-linker") + endif + LDFLAGS_vmlinux := -T +-- +2.17.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-Revert-x86-boot-compressed-64-Handle-5-level-paging-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-Revert-x86-boot-compressed-64-Handle-5-level-paging-.patch deleted file mode 100644 index afcb5066e3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.17/z0006-Revert-x86-boot-compressed-64-Handle-5-level-paging-.patch +++ /dev/null @@ -1,132 +0,0 @@ -From ef3afa473f6d31812979d6f1ed0b553aefa7ca41 Mon Sep 17 00:00:00 2001 -From: Benjamin Gilbert -Date: Sun, 1 Jul 2018 12:13:35 -0700 -Subject: [PATCH 6/6] Revert "x86/boot/compressed/64: Handle 5-level paging - boot if kernel is above 4G" - -This reverts commit 194a9749c73d650c0b1dfdee04fb0bdf0a888ba8, which causes -instantaneous and silent boot failures. ---- - arch/x86/boot/compressed/head_64.S | 69 +++++++++----------------------------- - 1 file changed, 16 insertions(+), 53 deletions(-) - -diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 8169e8b7a4dc..7588e65a9c4a 100644 ---- a/arch/x86/boot/compressed/head_64.S -+++ b/arch/x86/boot/compressed/head_64.S -@@ -326,27 +326,11 @@ ENTRY(startup_64) - - /* - * At this point we are in long mode with 4-level paging enabled, -- * but we might want to enable 5-level paging or vice versa. -+ * but we want to enable 5-level paging. - * -- * The problem is that we cannot do it directly. Setting or clearing -- * CR4.LA57 in long mode would trigger #GP. So we need to switch off -- * long mode and paging first. -- * -- * We also need a trampoline in lower memory to switch over from -- * 4- to 5-level paging for cases when the bootloader puts the kernel -- * above 4G, but didn't enable 5-level paging for us. -- * -- * The same trampoline can be used to switch from 5- to 4-level paging -- * mode, like when starting 4-level paging kernel via kexec() when -- * original kernel worked in 5-level paging mode. -- * -- * For the trampoline, we need the top page table to reside in lower -- * memory as we don't have a way to load 64-bit values into CR3 in -- * 32-bit mode. -- * -- * We go though the trampoline even if we don't have to: if we're -- * already in a desired paging mode. This way the trampoline code gets -- * tested on every boot. -+ * The problem is that we cannot do it directly. Setting LA57 in -+ * long mode would trigger #GP. So we need to switch off long mode -+ * first. - */ - - /* Make sure we have GDT with 32-bit code segment */ -@@ -371,18 +355,13 @@ ENTRY(startup_64) - /* Save the trampoline address in RCX */ - movq %rax, %rcx - -- /* -- * Load the address of trampoline_return() into RDI. -- * It will be used by the trampoline to return to the main code. -- */ -- leaq trampoline_return(%rip), %rdi - - /* Switch to compatibility mode (CS.L = 0 CS.D = 1) via far return */ - pushq $__KERNEL32_CS -- leaq TRAMPOLINE_32BIT_CODE_OFFSET(%rax), %rax -+ leaq compatible_mode(%rip), %rax - pushq %rax - lretq --trampoline_return: -+lvl5: - /* Restore the stack, the 32-bit trampoline uses its own stack */ - leaq boot_stack_end(%rbx), %rsp - -@@ -559,14 +538,8 @@ adjust_got: - ret - - .code32 --/* -- * This is the 32-bit trampoline that will be copied over to low memory. -- * -- * RDI contains the return address (might be above 4G). -- * ECX contains the base address of the trampoline memory. -- * Non zero RDX on return means we need to enable 5-level paging. -- */ - ENTRY(trampoline_32bit_src) -+compatible_mode: - /* Set up data and stack segments */ - movl $__KERNEL_DS, %eax - movl %eax, %ds -@@ -607,34 +580,24 @@ ENTRY(trampoline_32bit_src) - 1: - movl %eax, %cr4 - -- /* Calculate address of paging_enabled() once we are executing in the trampoline */ -- leal paging_enabled - trampoline_32bit_src + TRAMPOLINE_32BIT_CODE_OFFSET(%ecx), %eax -+ /* Calculate address we are running at */ -+ call 1f -+1: popl %edi -+ subl $1b, %edi - -- /* Prepare the stack for far return to Long Mode */ -+ /* Prepare stack for far return to Long Mode */ - pushl $__KERNEL_CS -- pushl %eax -+ leal lvl5(%edi), %eax -+ push %eax - -- /* Enable paging again */ -+ /* Enable paging back */ - movl $(X86_CR0_PG | X86_CR0_PE), %eax - movl %eax, %cr0 - - lret - -- .code64 --paging_enabled: -- /* Return from the trampoline */ -- jmp *%rdi -- -- /* -- * The trampoline code has a size limit. -- * Make sure we fail to compile if the trampoline code grows -- * beyond TRAMPOLINE_32BIT_CODE_SIZE bytes. -- */ -- .org trampoline_32bit_src + TRAMPOLINE_32BIT_CODE_SIZE -- -- .code32 - no_longmode: -- /* This isn't an x86-64 CPU, so hang intentionally, we cannot continue */ -+ /* This isn't an x86-64 CPU so hang */ - 1: - hlt - jmp 1b --- -2.14.4 -