From 50fdab4387908d33f355d403752a7f23a3590a42 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Tue, 17 Nov 2020 14:12:23 +0100 Subject: [PATCH 1/3] sys-kernel: enable CONFIG_BPF_JIT_ALWAYS_ON CONFIG_BPF_JIT_ALWAYS_ON enables BPF JIT and removes BPF interpreter to avoid speculative execution of BPF instructions by the interpreter. See also https://github.com/kinvolk/Flatcar/issues/185. --- .../sys-kernel/coreos-modules/files/commonconfig-5.9 | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 index 17367c24d4..b745b6158e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 @@ -50,6 +50,7 @@ CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y CONFIG_BOOT_PRINTK_DELAY=y CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT=y +CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_SYSCALL=y CONFIG_BRIDGE=m CONFIG_BRIDGE_EBT_802_3=m From 92a5bb56e80378ca76c20952403a7060536371ed Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Tue, 17 Nov 2020 14:15:35 +0100 Subject: [PATCH 2/3] sys-kernel: enable CONFIG_POWER_SUPPLY CONFIG_POWER_SUPPLY enables power supply class used to represent battery, UPS, AC or DC power supply properties to user-space. It defines core set of attributes, which should be applicable to most power supplies out there. See also https://github.com/kinvolk/Flatcar/issues/215. --- .../sys-kernel/coreos-modules/files/commonconfig-5.9 | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 index b745b6158e..5f079033b1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 @@ -714,6 +714,7 @@ CONFIG_PCI_MSI=y CONFIG_PCNET32=m CONFIG_PDC_ADMA=m CONFIG_POSIX_MQUEUE=y +CONFIG_POWER_SUPPLY=y CONFIG_PPP=m CONFIG_PPPOE=m CONFIG_PPP_ASYNC=m From 8243944c991da206b5a809a39c3335504a00d559 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Tue, 17 Nov 2020 14:20:37 +0100 Subject: [PATCH 3/3] sys-kernel: enable metacopy and redirect_dir for overlayfs Enable CONFIG_OVERLAY_FS_METACOPY, metadata only copy up feature in overlayfs. When turned on, overlayfs will only copy up metadata when a metadata specific operation like chown/chmod is performed. Full file will be copied up later when file is opened for WRITE operation. More or less like delayed data copy up operation. Enable CONFIG_OVERLAY_FS_REDIRECT_DIR, which is equivalent to "redirect_dir=on" in the kernel command-line. When turned on, overlayfs will copy up directory first, before the actual contents. See also https://github.com/kinvolk/Flatcar/issues/170 --- .../sys-kernel/coreos-modules/files/commonconfig-5.9 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 index 5f079033b1..fe01a50a73 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 @@ -696,6 +696,8 @@ CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_OPENVSWITCH=m CONFIG_OVERLAY_FS=m +CONFIG_OVERLAY_FS_METACOPY=y +CONFIG_OVERLAY_FS_REDIRECT_DIR=y CONFIG_PACKET=y CONFIG_PACKET_DIAG=m CONFIG_PANIC_ON_OOPS=y