Merge pull request #3431 from bgilbert/4.19

sys-kernel/coreos-*: Bump 4.18.12 to 4.19-rc7

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest

@@ -1 +1 @@
-DIST linux-firmware-20180606.tar.gz 152670671 BLAKE2B 7c4fb07451c1c459bd0bf8bec15e3bff41bdb64166decfd7776650c85f0b373c97dfa23330ebb7ddd4bc144bffb57751f3a94bb4a352e5f8ef1dd0b8a3679c81 SHA512 4eb02e11beffde5bf8daff45af78304881e01eb51004ff0758bfff3a4a4cb59f6a2e081b7a3c3e07734a29954f09fa6277f920c2bdab6aeb608065936861c650
+DIST linux-firmware-20181001.tar.gz 158397569 BLAKE2B 2694014f847fb60f5f0c208a479f4cdf0b422ef249735f22f0ef72e0fd385e8ba6737da1b1cf24daf74fd5f28c3c69b96e14850520f16b8a556c7ca734a3557e SHA512 f20b65122381423597cebd5a3018bbe55f0f8697a03b5ae3e7c1c6dd1cddcb1da4f3fddc8e4accb2d780faf1c0e66bed7dda6b1ab1c48d2e0b2435a5a7eb03f7

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild

@@ -15,7 +15,7 @@ if [[ ${PV} == 99999999* ]]; then
 	EGIT_REPO_URI="git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
 	KEYWORDS=""
 else
-	GIT_COMMIT="d1147327232ec4616a66ab898df84f9700c816c1"
+	GIT_COMMIT="7c81f23ad903f72e87e2102d8f52408305c0f7a2"
 	SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-${GIT_COMMIT}.tar.gz -> linux-firmware-${PV}.tar.gz"
 	KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86"
 fi
@@ -68,6 +68,8 @@ RDEPEND="${CDEPEND}
 	"
 #add anything else that collides to this
 
+RESTRICT="binchecks strip"
+
 # source name is linux-firmware, not coreos-firmware
 S="${WORKDIR}/linux-firmware-${PV}"
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.19_rc7.ebuild

@@ -53,6 +53,8 @@ pkg_setup() {
 src_prepare() {
 	# KV_OUT_DIR points to the minimal build tree installed by coreos-modules
 	# Pull in the config and public module signing key
+	# FIXME(bgilbert): remove after final release
+	KV_OUT_DIR=/build/amd64-usr/usr/lib/modules/4.19.0-rc7-coreos/build
 	cp -v "${KV_OUT_DIR}/.config" build/ || die
 	local sig_key="$(getconfig MODULE_SIG_KEY)"
 	mkdir -p "build/${sig_key%/*}" || die

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.19

@@ -340,7 +340,6 @@ CONFIG_NFT_FIB_INET=m
 CONFIG_NFT_DUP_NETDEV=m
 CONFIG_NFT_FWD_NETDEV=m
 CONFIG_NFT_FIB_NETDEV=m
-CONFIG_NF_CONNTRACK_IPV4=m
 CONFIG_NF_SOCKET_IPV4=m
 CONFIG_NF_TABLES_IPV4=y
 CONFIG_NFT_CHAIN_ROUTE_IPV4=m
@@ -479,7 +478,6 @@ CONFIG_IP_NF_SECURITY=m
 CONFIG_IP_NF_ARPTABLES=m
 CONFIG_IP_NF_ARPFILTER=m
 CONFIG_IP_NF_ARP_MANGLE=m
-CONFIG_NF_CONNTRACK_IPV6=m
 CONFIG_IP6_NF_MATCH_AH=m
 CONFIG_IP6_NF_MATCH_EUI64=m
 CONFIG_IP6_NF_MATCH_FRAG=m
@@ -928,6 +926,7 @@ CONFIG_MMC_SDHCI_PCI=m
 # CONFIG_MMC_RICOH_MMC is not set
 CONFIG_INFINIBAND=m
 CONFIG_INFINIBAND_USER_MAD=m
+CONFIG_INFINIBAND_USER_ACCESS=m
 CONFIG_INFINIBAND_RDMAVT=m
 CONFIG_INFINIBAND_MTHCA=m
 CONFIG_INFINIBAND_QIB=m
@@ -1012,7 +1011,6 @@ CONFIG_CEPH_FS=m
 CONFIG_CEPH_FSCACHE=y
 CONFIG_CEPH_FS_POSIX_ACL=y
 CONFIG_CIFS=m
-CONFIG_CIFS_STATS=y
 CONFIG_CIFS_STATS2=y
 CONFIG_CIFS_WEAK_PW_HASH=y
 CONFIG_CIFS_UPCALL=y

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest

@@ -1,4 +1,4 @@
 DIST linux-4.14.tar.xz 100770500 BLAKE2B 85dc4aa953fe65e273a24473d8de98e4f204f97c43be9fc87cf5be01f796f94cfde5c8f9c84619751f1cac51f83ce0b4681fb19c5f2965a72d4a94fe5577846a SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8
 DIST linux-4.18.tar.xz 101781564 BLAKE2B 138bdc49dc8871e5566b5e23a9e5ed0e68fff480a7a04fc659a9efe2d4bcc778ac01368a32bc5d1dbde870102ce7294b9d315f81c4e6e762ee781135e83033f2 SHA512 950eb85ac743b291afe9f21cd174d823e25f11883ee62cecfbfff8fe8c5672aae707654b1b8f29a133b1f2e3529e63b9f7fba4c45d6dacccc8000b3a9a9ae038
 DIST patch-4.14.74.xz 1818060 BLAKE2B d375c5e0e87fa9a963b3315596227b250500253837eb873162103ba66122eb5244313a69f03b921d08ed87d427a6589b547d021cd7b02021829a703bc8a788e8 SHA512 86b6e8ed2a3493e0d97efba5c7c94a7f1c91735fc0b8479ffeb74b894910b317172ec6af37fe5e83ef6b42130fc83da8a299cabc9f5c8ec7f32a72bde8cf1703
-DIST patch-4.18.12.xz 360576 BLAKE2B 40737d68a61211898a215883b2292d72104de3d4e67b37823eaec80eb546132bfe41ba29f5269044997146d4a9b2d79e004c7b437a5b4b51c9382f441b4ddcf7 SHA512 26d739fd52d4017666bc4f3203cc71ed48ed92a6b42e683421dfbffd67cddab0ebdeccc3a46d1e8e1e6b7fe22a7881c0c08c87936e2fc19238d25f09f1b494e3
+DIST patch-4.19-rc7.patch 39634304 BLAKE2B 98bf6c83118e7ce7f90ecd7c70412b8854a83c4ed6843021e7fc6b4340dc9bf89e29b30404c2e4ba16a3ba7c85d7d48bb00b16531de7b625a5ddf731b43c526c SHA512 cb0bc2ab8b3efe7332fb498bef706c556071e6623d76092dbbcc14d6741051bb1fe97d7c52baa0a950803c7cc186868b87b842e9fb9f61fce95befaa5be40cd0

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.19_rc7.ebuild

@@ -37,6 +37,4 @@ RDEPEND+="
 UNIPATCH_LIST="
 	${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
 	${PATCH_DIR}/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \
-	${PATCH_DIR}/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch \
-	${PATCH_DIR}/z0004-Revert-net-increase-fragment-memory-usage-limits.patch \
 "

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch

@@ -1,77 +0,0 @@
-From 853b835eaa966dea775c65333b31ba45d3539008 Mon Sep 17 00:00:00 2001
-From: "Kirill A. Shutemov" <kirill@shutemov.name>
-Date: Wed, 4 Jul 2018 18:08:57 +0300
-Subject: [PATCH 3/4] 4.17.x won't boot due to "x86/boot/compressed/64: Handle
- 5-level paging boot if kernel is above 4G"
-
-On Tue, Jul 03, 2018 at 05:21:50PM +0300, Kirill A. Shutemov wrote:
-> On Tue, Jul 03, 2018 at 03:44:03PM +0300, Kirill A. Shutemov wrote:
-> > On Tue, Jul 03, 2018 at 01:24:49PM +0200, Gabriel C wrote:
-> > > 2018-07-01 23:32 GMT+02:00 Benjamin Gilbert <bgilbert@redhat.com>:
-> > > > On Sun, Jul 01, 2018 at 05:15:59PM -0400, Benjamin Gilbert wrote:
-> > > >> 4.17 kernels built with the CoreOS Container Linux toolchain and kconfig,
-> > > >> up to and including 4.17.3, fail to boot on AMD64 running in (at least)
-> > > >> QEMU/KVM.  No messages are shown post-GRUB; the VM instantly reboots.
-> > > >> Reverting commit 194a9749c73d ("x86/boot/compressed/64: Handle 5-level
-> > > >> paging boot if kernel is above 4G") fixes it.  I've attached our kernel
-> > > >> config for reference, and am happy to test patches, provide sample QCOW
-> > > >> images, etc.
-> > > >
-> > >
-> > > Also see https://bugzilla.kernel.org/show_bug.cgi?id=200385 ,
-> > >
-> > > 0a1756bd2897951c03c1cb671bdfd40729ac2177 is acting up
-> > > too with the same symptoms
-> >
-> > I tracked it down to -flto in LDFLAGS. I'll look more into this.
->
-> -flto in LDFLAGS screws up this part of paging_prepare():
-
-+Masahiro, Michal.
-
-I've got it wrong. *Any* LDFLAGS option passed to make this way:
-
-  make LDFLAGS="..."
-
-would cause a issue. Even empty.
-
-It overrides all assignments to the variable in the makefile.
-As result the image is built without -pie and linker doesn't generate
-position independed code.
-
-Looks like the patch below helps, but my make-fu is poor.
-I don't see many override directives in kernel makefiles.
-It makes me think that there's a better way to fix this.
-
-Hm?
----
- arch/x86/boot/compressed/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 169c2feda14a..01b237707498 100644
---- a/arch/x86/boot/compressed/Makefile
-+++ b/arch/x86/boot/compressed/Makefile
-@@ -42,16 +42,16 @@ KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
- GCOV_PROFILE := n
- UBSAN_SANITIZE :=n
- 
--LDFLAGS := -m elf_$(UTS_MACHINE)
-+override LDFLAGS := -m elf_$(UTS_MACHINE)
- # Compressed kernel should be built as PIE since it may be loaded at any
- # address by the bootloader.
- ifeq ($(CONFIG_X86_32),y)
--LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker)
-+override LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker)
- else
- # To build 64-bit compressed kernel as PIE, we disable relocation
- # overflow check to avoid relocation overflow error with a new linker
- # command-line option, -z noreloc-overflow.
--LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
-+override LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
- 	&& echo "-z noreloc-overflow -pie --no-dynamic-linker")
- endif
- LDFLAGS_vmlinux := -T
--- 
-2.17.1
-

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0004-Revert-net-increase-fragment-memory-usage-limits.patch

@@ -1,63 +0,0 @@
-From 016f7b6bd539b870c3d1c857cf88a40fd924007c Mon Sep 17 00:00:00 2001
-From: David Michael <dm0@redhat.com>
-Date: Wed, 15 Aug 2018 12:50:10 -0400
-Subject: [PATCH 4/4] Revert "net: increase fragment memory usage limits"
-
-This reverts commit c2a936600f78aea00d3312ea4b66a79a4619f9b4.
----
- include/net/ipv6.h     |  4 ++--
- net/ipv4/ip_fragment.c | 22 +++++++---------------
- 2 files changed, 9 insertions(+), 17 deletions(-)
-
-diff --git a/include/net/ipv6.h b/include/net/ipv6.h
-index 8f73be494503..04a865cb4a83 100644
---- a/include/net/ipv6.h
-+++ b/include/net/ipv6.h
-@@ -373,8 +373,8 @@ static inline bool ipv6_accept_ra(struct inet6_dev *idev)
- 	    idev->cnf.accept_ra;
- }
- 
--#define IPV6_FRAG_HIGH_THRESH	(4 * 1024*1024)	/* 4194304 */
--#define IPV6_FRAG_LOW_THRESH	(3 * 1024*1024)	/* 3145728 */
-+#define IPV6_FRAG_HIGH_THRESH	(256 * 1024)	/* 262144 */
-+#define IPV6_FRAG_LOW_THRESH	(192 * 1024)	/* 196608 */
- #define IPV6_FRAG_TIMEOUT	(60 * HZ)	/* 60 seconds */
- 
- int __ipv6_addr_type(const struct in6_addr *addr);
-diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index d14d741fb05e..bd10399eb916 100644
---- a/net/ipv4/ip_fragment.c
-+++ b/net/ipv4/ip_fragment.c
-@@ -788,22 +788,14 @@ static int __net_init ipv4_frags_init_net(struct net *net)
- {
- 	int res;
- 
--	/* Fragment cache limits.
--	 *
--	 * The fragment memory accounting code, (tries to) account for
--	 * the real memory usage, by measuring both the size of frag
--	 * queue struct (inet_frag_queue (ipv4:ipq/ipv6:frag_queue))
--	 * and the SKB's truesize.
--	 *
--	 * A 64K fragment consumes 129736 bytes (44*2944)+200
--	 * (1500 truesize == 2944, sizeof(struct ipq) == 200)
--	 *
--	 * We will commit 4MB at one time. Should we cross that limit
--	 * we will prune down to 3MB, making room for approx 8 big 64K
--	 * fragments 8x128k.
-+	/*
-+	 * Fragment cache limits. We will commit 256K at one time. Should we
-+	 * cross that limit we will prune down to 192K. This should cope with
-+	 * even the most extreme cases without allowing an attacker to
-+	 * measurably harm machine performance.
- 	 */
--	net->ipv4.frags.high_thresh = 4 * 1024 * 1024;
--	net->ipv4.frags.low_thresh  = 3 * 1024 * 1024;
-+	net->ipv4.frags.high_thresh = 256 * 1024;
-+	net->ipv4.frags.low_thresh = 192 * 1024;
- 	/*
- 	 * Important NOTE! Fragment queue must be destroyed before MSL expires.
- 	 * RFC791 is wrong proposing to prolongate timer each fragment arrival
--- 
-2.17.1
-

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch

@@ -1,7 +1,7 @@
-From 9f2da9625b40e8ae3c3abea19d771968c21cfb52 Mon Sep 17 00:00:00 2001
+From cebc8dbefdc9d944165fa217a4739b440629c498 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 1/4] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 1/2] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 466e07af8473..d955c5363bbf 100644
+index 9b2df076885a..49895ad7bfe0 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch

@@ -1,7 +1,7 @@
-From 2cad23e79da47c44d1870024db1e93651be39bad Mon Sep 17 00:00:00 2001
+From fb8f7c2a38fc4cac0e8a2866bdd2637a33187d04 Mon Sep 17 00:00:00 2001
 From: David Michael <david.michael@coreos.com>
 Date: Thu, 8 Feb 2018 21:23:12 -0500
-Subject: [PATCH 2/4] tools/objtool/Makefile: Don't fail on fallthrough with
+Subject: [PATCH 2/2] tools/objtool/Makefile: Don't fail on fallthrough with
  new GCCs
 
 ---