diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.18.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.19_rc7.ebuild similarity index 96% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.18.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.19_rc7.ebuild index 390f180fee..0e4e644523 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.18.12.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.19_rc7.ebuild @@ -53,6 +53,8 @@ pkg_setup() { src_prepare() { # KV_OUT_DIR points to the minimal build tree installed by coreos-modules # Pull in the config and public module signing key + # FIXME(bgilbert): remove after final release + KV_OUT_DIR=/build/amd64-usr/usr/lib/modules/4.19.0-rc7-coreos/build cp -v "${KV_OUT_DIR}/.config" build/ || die local sig_key="$(getconfig MODULE_SIG_KEY)" mkdir -p "build/${sig_key%/*}" || die diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.18.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.19_rc7.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.18.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.19_rc7.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.18 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.19 similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.18 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.19 index c681f6aa9f..825fd897db 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.18 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.19 @@ -340,7 +340,6 @@ CONFIG_NFT_FIB_INET=m CONFIG_NFT_DUP_NETDEV=m CONFIG_NFT_FWD_NETDEV=m CONFIG_NFT_FIB_NETDEV=m -CONFIG_NF_CONNTRACK_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TABLES_IPV4=y CONFIG_NFT_CHAIN_ROUTE_IPV4=m @@ -479,7 +478,6 @@ CONFIG_IP_NF_SECURITY=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m -CONFIG_NF_CONNTRACK_IPV6=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_MATCH_FRAG=m @@ -928,6 +926,7 @@ CONFIG_MMC_SDHCI_PCI=m # CONFIG_MMC_RICOH_MMC is not set CONFIG_INFINIBAND=m CONFIG_INFINIBAND_USER_MAD=m +CONFIG_INFINIBAND_USER_ACCESS=m CONFIG_INFINIBAND_RDMAVT=m CONFIG_INFINIBAND_MTHCA=m CONFIG_INFINIBAND_QIB=m @@ -1012,7 +1011,6 @@ CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y CONFIG_CEPH_FS_POSIX_ACL=y CONFIG_CIFS=m -CONFIG_CIFS_STATS=y CONFIG_CIFS_STATS2=y CONFIG_CIFS_WEAK_PW_HASH=y CONFIG_CIFS_UPCALL=y diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 89a1b0aca8..8ef12af26b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,4 +1,4 @@ DIST linux-4.14.tar.xz 100770500 BLAKE2B 85dc4aa953fe65e273a24473d8de98e4f204f97c43be9fc87cf5be01f796f94cfde5c8f9c84619751f1cac51f83ce0b4681fb19c5f2965a72d4a94fe5577846a SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 DIST linux-4.18.tar.xz 101781564 BLAKE2B 138bdc49dc8871e5566b5e23a9e5ed0e68fff480a7a04fc659a9efe2d4bcc778ac01368a32bc5d1dbde870102ce7294b9d315f81c4e6e762ee781135e83033f2 SHA512 950eb85ac743b291afe9f21cd174d823e25f11883ee62cecfbfff8fe8c5672aae707654b1b8f29a133b1f2e3529e63b9f7fba4c45d6dacccc8000b3a9a9ae038 DIST patch-4.14.74.xz 1818060 BLAKE2B d375c5e0e87fa9a963b3315596227b250500253837eb873162103ba66122eb5244313a69f03b921d08ed87d427a6589b547d021cd7b02021829a703bc8a788e8 SHA512 86b6e8ed2a3493e0d97efba5c7c94a7f1c91735fc0b8479ffeb74b894910b317172ec6af37fe5e83ef6b42130fc83da8a299cabc9f5c8ec7f32a72bde8cf1703 -DIST patch-4.18.12.xz 360576 BLAKE2B 40737d68a61211898a215883b2292d72104de3d4e67b37823eaec80eb546132bfe41ba29f5269044997146d4a9b2d79e004c7b437a5b4b51c9382f441b4ddcf7 SHA512 26d739fd52d4017666bc4f3203cc71ed48ed92a6b42e683421dfbffd67cddab0ebdeccc3a46d1e8e1e6b7fe22a7881c0c08c87936e2fc19238d25f09f1b494e3 +DIST patch-4.19-rc7.patch 39634304 BLAKE2B 98bf6c83118e7ce7f90ecd7c70412b8854a83c4ed6843021e7fc6b4340dc9bf89e29b30404c2e4ba16a3ba7c85d7d48bb00b16531de7b625a5ddf731b43c526c SHA512 cb0bc2ab8b3efe7332fb498bef706c556071e6623d76092dbbcc14d6741051bb1fe97d7c52baa0a950803c7cc186868b87b842e9fb9f61fce95befaa5be40cd0 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.18.12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.19_rc7.ebuild similarity index 88% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.18.12.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.19_rc7.ebuild index 6758903782..0fe829eb45 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.18.12.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.19_rc7.ebuild @@ -37,6 +37,4 @@ RDEPEND+=" UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \ ${PATCH_DIR}/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \ - ${PATCH_DIR}/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch \ - ${PATCH_DIR}/z0004-Revert-net-increase-fragment-memory-usage-limits.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch deleted file mode 100644 index a6744ac9da..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0003-4.17.x-won-t-boot-due-to-x86-boot-compressed-64-Hand.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 853b835eaa966dea775c65333b31ba45d3539008 Mon Sep 17 00:00:00 2001 -From: "Kirill A. Shutemov" -Date: Wed, 4 Jul 2018 18:08:57 +0300 -Subject: [PATCH 3/4] 4.17.x won't boot due to "x86/boot/compressed/64: Handle - 5-level paging boot if kernel is above 4G" - -On Tue, Jul 03, 2018 at 05:21:50PM +0300, Kirill A. Shutemov wrote: -> On Tue, Jul 03, 2018 at 03:44:03PM +0300, Kirill A. Shutemov wrote: -> > On Tue, Jul 03, 2018 at 01:24:49PM +0200, Gabriel C wrote: -> > > 2018-07-01 23:32 GMT+02:00 Benjamin Gilbert : -> > > > On Sun, Jul 01, 2018 at 05:15:59PM -0400, Benjamin Gilbert wrote: -> > > >> 4.17 kernels built with the CoreOS Container Linux toolchain and kconfig, -> > > >> up to and including 4.17.3, fail to boot on AMD64 running in (at least) -> > > >> QEMU/KVM. No messages are shown post-GRUB; the VM instantly reboots. -> > > >> Reverting commit 194a9749c73d ("x86/boot/compressed/64: Handle 5-level -> > > >> paging boot if kernel is above 4G") fixes it. I've attached our kernel -> > > >> config for reference, and am happy to test patches, provide sample QCOW -> > > >> images, etc. -> > > > -> > > -> > > Also see https://bugzilla.kernel.org/show_bug.cgi?id=200385 , -> > > -> > > 0a1756bd2897951c03c1cb671bdfd40729ac2177 is acting up -> > > too with the same symptoms -> > -> > I tracked it down to -flto in LDFLAGS. I'll look more into this. -> -> -flto in LDFLAGS screws up this part of paging_prepare(): - -+Masahiro, Michal. - -I've got it wrong. *Any* LDFLAGS option passed to make this way: - - make LDFLAGS="..." - -would cause a issue. Even empty. - -It overrides all assignments to the variable in the makefile. -As result the image is built without -pie and linker doesn't generate -position independed code. - -Looks like the patch below helps, but my make-fu is poor. -I don't see many override directives in kernel makefiles. -It makes me think that there's a better way to fix this. - -Hm? ---- - arch/x86/boot/compressed/Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 169c2feda14a..01b237707498 100644 ---- a/arch/x86/boot/compressed/Makefile -+++ b/arch/x86/boot/compressed/Makefile -@@ -42,16 +42,16 @@ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ - GCOV_PROFILE := n - UBSAN_SANITIZE :=n - --LDFLAGS := -m elf_$(UTS_MACHINE) -+override LDFLAGS := -m elf_$(UTS_MACHINE) - # Compressed kernel should be built as PIE since it may be loaded at any - # address by the bootloader. - ifeq ($(CONFIG_X86_32),y) --LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) -+override LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) - else - # To build 64-bit compressed kernel as PIE, we disable relocation - # overflow check to avoid relocation overflow error with a new linker - # command-line option, -z noreloc-overflow. --LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ -+override LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ - && echo "-z noreloc-overflow -pie --no-dynamic-linker") - endif - LDFLAGS_vmlinux := -T --- -2.17.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0004-Revert-net-increase-fragment-memory-usage-limits.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0004-Revert-net-increase-fragment-memory-usage-limits.patch deleted file mode 100644 index 479ba30def..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0004-Revert-net-increase-fragment-memory-usage-limits.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 016f7b6bd539b870c3d1c857cf88a40fd924007c Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Wed, 15 Aug 2018 12:50:10 -0400 -Subject: [PATCH 4/4] Revert "net: increase fragment memory usage limits" - -This reverts commit c2a936600f78aea00d3312ea4b66a79a4619f9b4. ---- - include/net/ipv6.h | 4 ++-- - net/ipv4/ip_fragment.c | 22 +++++++--------------- - 2 files changed, 9 insertions(+), 17 deletions(-) - -diff --git a/include/net/ipv6.h b/include/net/ipv6.h -index 8f73be494503..04a865cb4a83 100644 ---- a/include/net/ipv6.h -+++ b/include/net/ipv6.h -@@ -373,8 +373,8 @@ static inline bool ipv6_accept_ra(struct inet6_dev *idev) - idev->cnf.accept_ra; - } - --#define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */ --#define IPV6_FRAG_LOW_THRESH (3 * 1024*1024) /* 3145728 */ -+#define IPV6_FRAG_HIGH_THRESH (256 * 1024) /* 262144 */ -+#define IPV6_FRAG_LOW_THRESH (192 * 1024) /* 196608 */ - #define IPV6_FRAG_TIMEOUT (60 * HZ) /* 60 seconds */ - - int __ipv6_addr_type(const struct in6_addr *addr); -diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index d14d741fb05e..bd10399eb916 100644 ---- a/net/ipv4/ip_fragment.c -+++ b/net/ipv4/ip_fragment.c -@@ -788,22 +788,14 @@ static int __net_init ipv4_frags_init_net(struct net *net) - { - int res; - -- /* Fragment cache limits. -- * -- * The fragment memory accounting code, (tries to) account for -- * the real memory usage, by measuring both the size of frag -- * queue struct (inet_frag_queue (ipv4:ipq/ipv6:frag_queue)) -- * and the SKB's truesize. -- * -- * A 64K fragment consumes 129736 bytes (44*2944)+200 -- * (1500 truesize == 2944, sizeof(struct ipq) == 200) -- * -- * We will commit 4MB at one time. Should we cross that limit -- * we will prune down to 3MB, making room for approx 8 big 64K -- * fragments 8x128k. -+ /* -+ * Fragment cache limits. We will commit 256K at one time. Should we -+ * cross that limit we will prune down to 192K. This should cope with -+ * even the most extreme cases without allowing an attacker to -+ * measurably harm machine performance. - */ -- net->ipv4.frags.high_thresh = 4 * 1024 * 1024; -- net->ipv4.frags.low_thresh = 3 * 1024 * 1024; -+ net->ipv4.frags.high_thresh = 256 * 1024; -+ net->ipv4.frags.low_thresh = 192 * 1024; - /* - * Important NOTE! Fragment queue must be destroyed before MSL expires. - * RFC791 is wrong proposing to prolongate timer each fragment arrival --- -2.17.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index 1f864a979b..16fa461c70 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,7 +1,7 @@ -From 9f2da9625b40e8ae3c3abea19d771968c21cfb52 Mon Sep 17 00:00:00 2001 +From cebc8dbefdc9d944165fa217a4739b440629c498 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 -Subject: [PATCH 1/4] kbuild: derive relative path for KBUILD_SRC from CURDIR +Subject: [PATCH 1/2] kbuild: derive relative path for KBUILD_SRC from CURDIR This enables relocating source and build trees to different roots, provided they stay reachable relative to one another. Useful for @@ -12,7 +12,7 @@ by some undesirable path component. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 466e07af8473..d955c5363bbf 100644 +index 9b2df076885a..49895ad7bfe0 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch similarity index 83% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch index fc360e6111..ce7c8ac99a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.18/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.19/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch @@ -1,7 +1,7 @@ -From 2cad23e79da47c44d1870024db1e93651be39bad Mon Sep 17 00:00:00 2001 +From fb8f7c2a38fc4cac0e8a2866bdd2637a33187d04 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 8 Feb 2018 21:23:12 -0500 -Subject: [PATCH 2/4] tools/objtool/Makefile: Don't fail on fallthrough with +Subject: [PATCH 2/2] tools/objtool/Makefile: Don't fail on fallthrough with new GCCs ---