Merge pull request #2226 from arnaldo2792/kernel-5.15

Add kernel 5.15 sources
bottlerocket-os · Jul 8, 2022 · 6a47e69 · 6a47e69
2 parents 84d074d + 4e09a94
commit 6a47e69
Show file tree

Hide file tree

Showing 16 changed files with 645 additions and 10 deletions.
diff --git a/packages/kernel-5.15/1001-Makefile-add-prepare-target-for-external-modules.patch b/packages/kernel-5.15/1001-Makefile-add-prepare-target-for-external-modules.patch
@@ -0,0 +1,51 @@
+From 0f672709ce4e4dcce5e4f08e47169b9a18c0df08 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Mon, 19 Apr 2021 18:46:04 +0000
+Subject: [PATCH 1001/1002] Makefile: add prepare target for external modules
+
+We need to ensure that native versions of programs like `objtool` are
+built before trying to build out-of-tree modules, or else the build
+will fail.
+
+Unlike other distributions, we cannot include these programs in our
+kernel-devel archive, because we rely on cross-compilation: these are
+"host" programs and may not match the architecture of the target.
+
+Ideally, out-of-tree builds would run `make prepare` first, so that
+these programs could be compiled in the normal fashion. We ship all
+the files needed for this to work. However, this requirement is
+specific to our use case, and DKMS does not support it.
+
+Adding a minimal prepare target to the dependency graph causes the
+programs to be built automatically and improves compatibility with
+existing solutions.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+---
+ Makefile | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 6192e6be4..473594c61 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1736,6 +1736,15 @@ else # KBUILD_EXTMOD
+ KBUILD_BUILTIN :=
+ KBUILD_MODULES := 1
+
++PHONY += modules_prepare
++modules_prepare: tools/objtool
++	$(Q)$(MAKE) $(build)=scripts/basic
++	$(Q)$(MAKE) $(build)=scripts/dtc
++	$(Q)$(MAKE) $(build)=scripts/mod
++	$(Q)$(MAKE) $(build)=scripts
++
++prepare: modules_prepare
++
+ build-dirs := $(KBUILD_EXTMOD)
+ $(MODORDER): descend
+ 	@:
+-- 
+2.33.1
+
diff --git a/packages/kernel-5.15/1002-Revert-kbuild-hide-tools-build-targets-from-external.patch b/packages/kernel-5.15/1002-Revert-kbuild-hide-tools-build-targets-from-external.patch
@@ -0,0 +1,64 @@
+From 3d31def7545ae4e6fc33a5b648610fa9c1e06e68 Mon Sep 17 00:00:00 2001
+From: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+Date: Wed, 22 Jun 2022 19:26:43 +0000
+Subject: [PATCH 1002/1002] Revert "kbuild: hide tools/ build targets from
+ external module builds"
+
+This reverts commit 1bb0b18a06dceee1fdc32161a72e28eab6f011c4 in which
+the targets to build "tools/*" were hidden for external modules, but
+they are required by the kmod kit since the 'tools/*' binaries are not
+distributed as part of the archive.
+
+Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+---
+ Makefile | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 473594c61..da4f000ef 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1357,19 +1357,6 @@ ifneq ($(wildcard $(resolve_btfids_O)),)
+ 	$(Q)$(MAKE) -sC $(srctree)/tools/bpf/resolve_btfids O=$(resolve_btfids_O) clean
+ endif
+
+-# Clear a bunch of variables before executing the submake
+-ifeq ($(quiet),silent_)
+-tools_silent=s
+-endif
+-
+-tools/: FORCE
+-	$(Q)mkdir -p $(objtree)/tools
+-	$(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/
+-
+-tools/%: FORCE
+-	$(Q)mkdir -p $(objtree)/tools
+-	$(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/ $*
+-
+ # ---------------------------------------------------------------------------
+ # Kernel selftest
+
+@@ -1989,6 +1976,20 @@ kernelversion:
+ image_name:
+ 	@echo $(KBUILD_IMAGE)
+
++# Clear a bunch of variables before executing the submake
++
++ifeq ($(quiet),silent_)
++tools_silent=s
++endif
++
++tools/: FORCE
++	$(Q)mkdir -p $(objtree)/tools
++	$(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/
++
++tools/%: FORCE
++	$(Q)mkdir -p $(objtree)/tools
++	$(Q)$(MAKE) LDFLAGS= MAKEFLAGS="$(tools_silent) $(filter --j% -j,$(MAKEFLAGS))" O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/ $*
++
+ quiet_cmd_rmfiles = $(if $(wildcard $(rm-files)),CLEAN   $(wildcard $(rm-files)))
+       cmd_rmfiles = rm -rf $(rm-files)
+
+-- 
+2.33.1
+
diff --git a/packages/kernel-5.15/Cargo.toml b/packages/kernel-5.15/Cargo.toml
@@ -0,0 +1,20 @@
+[package]
+name = "kernel-5_15"
+version = "0.1.0"
+edition = "2018"
+publish = false
+build = "build.rs"
+
+[package.metadata.build-package]
+package-name = "kernel-5.15"
+
+[lib]
+path = "pkg.rs"
+
+[[package.metadata.build-package.external-files]]
+# Use latest-srpm-url.sh to get this.
+url = "https://cdn.amazonlinux.com/blobstore/14fac2ab958b3193693bea1691e23f27600ba44cb63009bdc6cc9368271227a5/kernel-5.15.43-20.123.amzn2.src.rpm"
+sha512 = "0d54742e3d4cf03dcfc398f0ebcd2c3294119683ec830efb79a0470e71f039a58d1669d1f84d21827be7d5a785225ffc15e4c0613c154ff7c54de2a208d77c5b"
+
+[build-dependencies]
+microcode = { path = "../microcode" }
diff --git a/packages/kernel-5.15/build.rs b/packages/kernel-5.15/build.rs
@@ -0,0 +1,9 @@
+use std::process::{exit, Command};
+
+fn main() -> Result<(), std::io::Error> {
+    let ret = Command::new("buildsys").arg("build-package").status()?;
+    if !ret.success() {
+        exit(1);
+    }
+    Ok(())
+}
diff --git a/packages/kernel-5.15/config-bottlerocket b/packages/kernel-5.15/config-bottlerocket
@@ -0,0 +1,129 @@
+# Because Bottlerocket does not have an initramfs, modules required to mount
+# the root filesystem must be set to y.
+
+# The root filesystem is ext4
+CONFIG_EXT4_FS=y
+
+# NVMe support
+CONFIG_BLK_DEV_NVME=y
+CONFIG_NVME_CORE=y
+
+# Xen blkfront for Xen-based EC2 platforms
+CONFIG_XEN_BLKDEV_FRONTEND=y
+
+# virtio for local testing with QEMU
+CONFIG_VIRTIO=y
+CONFIG_VIRTIO_BLK=y
+CONFIG_VIRTIO_PCI=y
+
+# dm-verity and enabling it on the kernel command line
+CONFIG_BLK_DEV_DM=y
+CONFIG_DAX=y
+CONFIG_DM_INIT=y
+CONFIG_DM_VERITY=y
+
+# TCMU/LIO
+CONFIG_TCM_USER2=m
+
+# EFI
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+CONFIG_EFI_MIXED=y
+
+# EFI video
+CONFIG_FB=y
+CONFIG_FB_EFI=y
+CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+
+# yama LSM for ptrace restrictions
+CONFIG_SECURITY_YAMA=y
+
+# Do not allow SELinux to be disabled at boot.
+CONFIG_SECURITY_SELINUX_BOOTPARAM=n
+
+# Do not allow SELinux to be disabled at runtime.
+CONFIG_SECURITY_SELINUX_DISABLE=n
+
+# Do not allow SELinux to use `enforcing=0` behavior.
+CONFIG_SECURITY_SELINUX_DEVELOP=n
+
+# Check the protection applied by the kernel for mmap and mprotect,
+# rather than the protection requested by userspace.
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+
+# Enable support for the kernel lockdown security module.
+CONFIG_SECURITY_LOCKDOWN_LSM=y
+
+# Enable lockdown early so that if the option is present on the
+# kernel command line, it can be enforced.
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+
+# Enable zstd compression for squashfs.
+CONFIG_SQUASHFS_ZSTD=y
+
+# enable /proc/config.gz
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+
+# kernel headers at /sys/kernel/kheaders.tar.xz
+CONFIG_IKHEADERS=y
+
+# BTF debug info at /sys/kernel/btf/vmlinux
+CONFIG_DEBUG_INFO_BTF=y
+
+# We don't want to extend the kernel command line with any upstream defaults;
+# Bottlerocket uses a fairly custom setup that needs tight control over it.
+CONFIG_CMDLINE_EXTEND=n
+
+# Enable ZSTD kernel image compression
+CONFIG_HAVE_KERNEL_ZSTD=y
+CONFIG_KERNEL_ZSTD=y
+CONFIG_ZSTD_COMPRESS=y
+CONFIG_ZSTD_DECOMPRESS=y
+CONFIG_DECOMPRESS_ZSTD=y
+
+# Load i8042 controller, keyboard, and mouse as modules, to avoid waiting for
+# them before mounting the root device.
+CONFIG_SERIO_I8042=m
+CONFIG_KEYBOARD_ATKBD=m
+CONFIG_MOUSE_PS2=m
+
+# Add support for IPMI drivers
+CONFIG_IPMI_HANDLER=m
+
+# Add support for bootconfig
+CONFIG_BOOT_CONFIG=y
+
+# Enables support for checkpoint/restore
+CONFIG_CHECKPOINT_RESTORE=y
+
+# Disable unused filesystems.
+CONFIG_AFS_FS=n
+CONFIG_CRAMFS=n
+CONFIG_ECRYPT_FS=n
+CONFIG_EXT2_FS=n
+CONFIG_EXT3_FS=n
+CONFIG_EXT4_USE_FOR_EXT2=y
+CONFIG_GFS2_FS=n
+CONFIG_HFS_FS=n
+CONFIG_HFSPLUS_FS=n
+CONFIG_JFS_FS=n
+CONFIG_JFFS2_FS=n
+CONFIG_NFS_V2=n
+CONFIG_NILFS2_FS=n
+CONFIG_NTFS_FS=n
+CONFIG_ROMFS_FS=n
+CONFIG_UFS_FS=n
+CONFIG_ZONEFS_FS=n
+CONFIG_NTFS3_FS=n
+
+# Disable unused network protocols.
+CONFIG_AF_RXRPC=n
+CONFIG_ATM=n
+CONFIG_CAN=n
+CONFIG_HSR=n
+CONFIG_IP_DCCP=n
+CONFIG_L2TP=n
+CONFIG_RDS=n
+CONFIG_RFKILL=n
+CONFIG_TIPC=n
diff --git a/packages/kernel-5.15/config-bottlerocket-metal b/packages/kernel-5.15/config-bottlerocket-metal
@@ -0,0 +1,44 @@
+# This file holds all the settings that are specific to hardware enablement
+# we do for the metal variants.
+
+# SATA support
+CONFIG_BLK_DEV_SD=y
+CONFIG_SATA_AHCI=y
+CONFIG_ATA=y
+CONFIG_ATA_PIIX=y
+
+# Intel network support
+CONFIG_IGB=m
+CONFIG_IGBVF=m
+CONFIG_NET_VENDOR_INTEL=y
+CONFIG_IGB_HWMON=y
+CONFIG_E1000=m
+CONFIG_E1000E=m
+CONFIG_E1000E_HWTS=y
+
+# Broadcom network support
+CONFIG_NET_VENDOR_BROADCOM=y
+CONFIG_TIGON3_HWMON=y
+CONFIG_TIGON3=m
+CONFIG_BNXT=m
+
+# Intel 10G network support
+CONFIG_IXGB=m
+CONFIG_IXGBE=m
+CONFIG_IXGBE_DCB=y
+CONFIG_IXGBE_HWMON=y
+CONFIG_IXGBEVF=m
+
+# Mellanox network support
+CONFIG_MLXFW=m
+CONFIG_MLX5_CORE=m
+CONFIG_MLX5_INFINIBAND=m
+CONFIG_NET_VENDOR_MELLANOX=y
+CONFIG_MLX5_CORE_EN=y
+CONFIG_NET_SWITCHDEV=y
+
+# LSI Logic's SAS based RAID controllers
+CONFIG_MEGARAID_SAS=y
+
+# Microsemi PQI controllers
+CONFIG_SCSI_SMARTPQI=y