c/pve-kernel-lowlatency-qoup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: c/pve-kernel-lowlatency-qoup:bookworm-6.5
Branches Tags
c/pve-kernel-lowlatency-qoup:master c/pve-kernel-lowlatency-qoup:pve-kernel-5.15 c/pve-kernel-lowlatency-qoup:bookworm-6.5 c/pve-kernel-lowlatency-qoup:bullseye-6.2 c/pve-kernel-lowlatency-qoup:bookworm-6.2 c/pve-kernel-lowlatency-qoup:wip-secureboot c/pve-kernel-lowlatency-qoup:pve-kernel-5.19 c/pve-kernel-lowlatency-qoup:pve-kernel-5.4 c/pve-kernel-lowlatency-qoup:pve-kernel-5.13 c/pve-kernel-lowlatency-qoup:pve-kernel-5.11 c/pve-kernel-lowlatency-qoup:buster-pve-kernel-5.11 c/pve-kernel-lowlatency-qoup:pve-kernel-4.15 c/pve-kernel-lowlatency-qoup:pve-kernel-5.3 c/pve-kernel-lowlatency-qoup:pve-kernel-5.0 c/pve-kernel-lowlatency-qoup:pve-kernel-4.13 c/pve-kernel-lowlatency-qoup:pve-kernel-4.10
..
pull from: c/pve-kernel-lowlatency-qoup:wip-secureboot
Branches Tags
c/pve-kernel-lowlatency-qoup:master c/pve-kernel-lowlatency-qoup:pve-kernel-5.15 c/pve-kernel-lowlatency-qoup:bookworm-6.5 c/pve-kernel-lowlatency-qoup:bullseye-6.2 c/pve-kernel-lowlatency-qoup:bookworm-6.2 c/pve-kernel-lowlatency-qoup:wip-secureboot c/pve-kernel-lowlatency-qoup:pve-kernel-5.19 c/pve-kernel-lowlatency-qoup:pve-kernel-5.4 c/pve-kernel-lowlatency-qoup:pve-kernel-5.13 c/pve-kernel-lowlatency-qoup:pve-kernel-5.11 c/pve-kernel-lowlatency-qoup:buster-pve-kernel-5.11 c/pve-kernel-lowlatency-qoup:pve-kernel-4.15 c/pve-kernel-lowlatency-qoup:pve-kernel-5.3 c/pve-kernel-lowlatency-qoup:pve-kernel-5.0 c/pve-kernel-lowlatency-qoup:pve-kernel-4.13 c/pve-kernel-lowlatency-qoup:pve-kernel-4.10

4 Commits
bookworm-6.5 .. wip-secureboot

Author SHA1 Message Date
Fabian Grünbichler 78a1b94540 WIP: bump version 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-04-05 10:17:06 +02:00
Fabian Grünbichler 14107dc511 build: add pve-kernel-X.Y-pve-signed-template 
the signed template together with the binary package(s) containing the unsigned
files form the input to our secure boot signing service.

the signed template consists of
- files.json (specifying which files are signed how and by which key)
- packaging template used to build the signed package(s)

the signing service
- extracts and checks the signed-template binary package
- extracts the unsigned package(s)
- signs the needed files
- packs up the signatures + the template contained in the signed-template
  package into the signed source package

the signed source package can then be built in the regular fashion (in case of
the kernel packages, it will copy the kernel image, modules and some helper
files from the unsigned package, attach the signature created by the signing
service, and re-pack the result as signed-kernel package).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-04-05 10:16:11 +02:00
Fabian Grünbichler e7d49e787a add Proxmox UEFI certificates 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-04-05 10:15:43 +02:00
Fabian Grünbichler 360ed44476 build: sign modules and set trust anchor/lockdown 
this is required for secure boot support.

at build time, an ephemeral key pair will be generated and all built modules
will be signed with it. the private key is discarded, and the public key
embedded in the kernel image for signature validation at module load time.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-03-17 12:00:11 +01:00
42 changed files with 28421 additions and 30609 deletions
Expand all files Collapse all files
Makefile
+74 -98
View File
@@ -1,134 +1,110 @@
include /usr/share/dpkg/pkg-info.mk
# also bump proxmox-kernel-meta if the default MAJ.MIN version changes!
# also bump pve-kernel-meta if either of MAJ.MIN, PATCHLEVEL or KREL change
KERNEL_MAJ=6
KERNEL_MIN=5
KERNEL_PATCHLEVEL=13
# increment KREL for every published package release!
KERNEL_MIN=2
KERNEL_PATCHLEVEL=6
# increment KREL if the ABI changes (abicheck target in debian/rules)
# rebuild packages with new KREL and run 'make abiupdate'
KREL=5
KREL=2
PKGREL=2~secureboot1
KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
EXTRAVERSION=-$(KREL)-pve
KVNAME=$(KERNEL_VER)$(EXTRAVERSION)
PACKAGE=proxmox-kernel-$(KVNAME)
HDRPACKAGE=proxmox-headers-$(KVNAME)
EXTRAVERSION=-${KREL}-pve
KVNAME=${KERNEL_VER}${EXTRAVERSION}
PACKAGE=pve-kernel-${KVNAME}
HDRPACKAGE=pve-headers-${KVNAME}
ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
# amd64/x86_64/x86 share the arch subdirectory in the kernel, 'x86' so we need
# a mapping
KERNEL_ARCH=x86
ifneq ($(ARCH), amd64)
KERNEL_ARCH=$(ARCH)
ifneq (${ARCH}, amd64)
KERNEL_ARCH=${ARCH}
endif
GITVERSION:=$(shell git rev-parse HEAD)
SKIPABI=0
BUILD_DIR=proxmox-kernel-$(KERNEL_VER)
BUILD_DIR=build
KERNEL_SRC=ubuntu-kernel
KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC)
KERNEL_CFG_ORG=config-$(KERNEL_VER).org
KERNEL_CFG_ORG=config-${KERNEL_VER}.org
ZFSONLINUX_SUBMODULE=submodules/zfsonlinux
ZFSDIR=pkg-zfs
MODULES=modules
MODULE_DIRS=$(ZFSDIR)
MODULE_DIRS=${ZFSDIR}
# exported to debian/rules via debian/rules.d/dirs.mk
DIRS=KERNEL_SRC ZFSDIR MODULES
DSC=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL).dsc
DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
SIGNED_TEMPLATE_DEB=$(PACKAGE)-signed-template_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
META_DEB=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
META_HDR_DEB=proxmox-headers-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
USR_HDR_DEB=proxmox-kernel-libc-dev_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
DST_DEB=${PACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
HDR_DEB=${HDRPACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
USR_HDR_DEB=pve-kernel-libc-dev_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
DEBS=$(DST_DEB) $(META_DEB) $(HDR_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) $(SIGNED_TEMPLATE_DEB) # $(USR_HDR_DEB)
DEBS=${DST_DEB} ${HDR_DEB} ${LINUX_TOOLS_DEB} ${LINUX_TOOLS_DBG_DEB} # ${USR_HDR_DEB}
all: deb
deb: $(DEBS)
deb: ${DEBS}
$(META_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB)
$(DST_DEB): $(BUILD_DIR).prepared
cd $(BUILD_DIR); dpkg-buildpackage --jobs=auto -b -uc -us
lintian $(DST_DEB)
#lintian $(HDR_DEB)
lintian $(LINUX_TOOLS_DEB)
${LINUX_TOOLS_DEB} ${HDR_DEB}: ${DST_DEB}
${DST_DEB}: ${BUILD_DIR}.prepared
cd ${BUILD_DIR}; dpkg-buildpackage --jobs=auto -b -uc -us
lintian ${DST_DEB}
#lintian ${HDR_DEB}
lintian ${LINUX_TOOLS_DEB}
dsc:
$(MAKE) $(DSC)
lintian $(DSC)
$(DSC): $(BUILD_DIR).prepared
cd $(BUILD_DIR); dpkg-buildpackage -S -uc -us -d
sbuild: $(DSC)
sbuild $(DSC)
$(BUILD_DIR).prepared: $(addsuffix .prepared,$(KERNEL_SRC) $(MODULES) debian)
cp -a fwlist-previous $(BUILD_DIR)/
cp -a abi-prev-* $(BUILD_DIR)/
cp -a abi-blacklist $(BUILD_DIR)/
${BUILD_DIR}.prepared: $(addsuffix .prepared,${KERNEL_SRC} ${MODULES} debian)
cp -a fwlist-previous ${BUILD_DIR}/
cp -a abi-prev-* ${BUILD_DIR}/
cp -a abi-blacklist ${BUILD_DIR}/
touch $@
.PHONY: build-dir-fresh
build-dir-fresh:
$(MAKE) clean
$(MAKE) $(BUILD_DIR).prepared
echo "created build-directory: $(BUILD_DIR).prepared/"
debian.prepared: debian
rm -rf $(BUILD_DIR)/debian
mkdir -p $(BUILD_DIR)
cp -a debian $(BUILD_DIR)/debian
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout $(shell git rev-parse HEAD)" \
>$(BUILD_DIR)/debian/SOURCE
@$(foreach dir, $(DIRS),echo "$(dir)=$($(dir))" >> $(BUILD_DIR)/debian/rules.d/env.mk;)
echo "KVNAME=$(KVNAME)" >> $(BUILD_DIR)/debian/rules.d/env.mk
echo "KERNEL_MAJMIN=$(KERNEL_MAJMIN)" >> $(BUILD_DIR)/debian/rules.d/env.mk
cd $(BUILD_DIR); debian/rules debian/control
rm -rf ${BUILD_DIR}/debian
mkdir -p ${BUILD_DIR}
cp -a debian ${BUILD_DIR}/debian
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > ${BUILD_DIR}/debian/SOURCE
@$(foreach dir, ${DIRS},echo "${dir}=${${dir}}" >> ${BUILD_DIR}/debian/rules.d/env.mk;)
echo "KVNAME=${KVNAME}" >> ${BUILD_DIR}/debian/rules.d/env.mk
echo "KERNEL_MAJMIN=${KERNEL_MAJMIN}" >> ${BUILD_DIR}/debian/rules.d/env.mk
cd ${BUILD_DIR}; debian/rules debian/control
touch $@
$(KERNEL_SRC).prepared: $(KERNEL_SRC_SUBMODULE) | submodule
rm -rf $(BUILD_DIR)/$(KERNEL_SRC) $@
mkdir -p $(BUILD_DIR)
cp -a $(KERNEL_SRC_SUBMODULE) $(BUILD_DIR)/$(KERNEL_SRC)
${KERNEL_SRC}.prepared: ${KERNEL_SRC_SUBMODULE} | submodule
rm -rf ${BUILD_DIR}/${KERNEL_SRC} $@
mkdir -p ${BUILD_DIR}
cp -a ${KERNEL_SRC_SUBMODULE} ${BUILD_DIR}/${KERNEL_SRC}
# TODO: split for archs, track and diff in our repository?
cd $(BUILD_DIR)/$(KERNEL_SRC); python3 debian/scripts/misc/annotations --arch amd64 --export >../../$(KERNEL_CFG_ORG)
cp $(KERNEL_CFG_ORG) $(BUILD_DIR)/$(KERNEL_SRC)/.config
sed -i $(BUILD_DIR)/$(KERNEL_SRC)/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=$(EXTRAVERSION)/'
rm -rf $(BUILD_DIR)/$(KERNEL_SRC)/debian $(BUILD_DIR)/$(KERNEL_SRC)/debian.master
set -e; cd $(BUILD_DIR)/$(KERNEL_SRC); \
for patch in ../../patches/kernel/*.patch; do \
echo "applying patch '$$patch'"; \
patch --batch -p1 < "$${patch}"; \
done
cd ${BUILD_DIR}/${KERNEL_SRC}; python3 debian/scripts/misc/annotations --arch amd64 --export >../../${KERNEL_CFG_ORG}
cp ${KERNEL_CFG_ORG} ${BUILD_DIR}/${KERNEL_SRC}/.config
sed -i ${BUILD_DIR}/${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
rm -rf ${BUILD_DIR}/${KERNEL_SRC}/debian ${BUILD_DIR}/${KERNEL_SRC}/debian.master
set -e; cd ${BUILD_DIR}/${KERNEL_SRC}; for patch in ../../patches/kernel/*.patch; do echo "applying patch '$$patch'" && patch -p1 < $${patch}; done
touch $@
$(MODULES).prepared: $(addsuffix .prepared,$(MODULE_DIRS))
${MODULES}.prepared: $(addsuffix .prepared,${MODULE_DIRS})
touch $@
$(ZFSDIR).prepared: $(ZFSONLINUX_SUBMODULE)
rm -rf $(BUILD_DIR)/$(MODULES)/$(ZFSDIR) $(BUILD_DIR)/$(MODULES)/tmp $@
mkdir -p $(BUILD_DIR)/$(MODULES)/tmp
cp -a $(ZFSONLINUX_SUBMODULE)/* $(BUILD_DIR)/$(MODULES)/tmp
cd $(BUILD_DIR)/$(MODULES)/tmp; make kernel
rm -rf $(BUILD_DIR)/$(MODULES)/tmp
touch $(ZFSDIR).prepared
${ZFSDIR}.prepared: ${ZFSONLINUX_SUBMODULE}
rm -rf ${BUILD_DIR}/${MODULES}/${ZFSDIR} ${BUILD_DIR}/${MODULES}/tmp $@
mkdir -p ${BUILD_DIR}/${MODULES}/tmp
cp -a ${ZFSONLINUX_SUBMODULE}/* ${BUILD_DIR}/${MODULES}/tmp
cd ${BUILD_DIR}/${MODULES}/tmp; make kernel
rm -rf ${BUILD_DIR}/${MODULES}/tmp
touch ${ZFSDIR}.prepared
.PHONY: upload
upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION)
upload: $(DEBS)
tar cf - $(DEBS)|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist $(UPLOAD_DIST) --arch $(ARCH)
upload: ${DEBS}
tar cf - ${DEBS}|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist bullseye --arch ${ARCH}
.PHONY: distclean
distclean: clean
@@ -138,18 +114,18 @@ distclean: clean
.PHONY: update_modules
update_modules: submodule
git submodule foreach 'git pull --ff-only origin master'
cd $(ZFSONLINUX_SUBMODULE); git pull --ff-only origin master
cd ${ZFSONLINUX_SUBMODULE}; git pull --ff-only origin master
# make sure submodules were initialized
.PHONY: submodule
submodule:
test -f "$(KERNEL_SRC_SUBMODULE)/README" || git submodule update --init $(KERNEL_SRC_SUBMODULE)
test -f "$(ZFSONLINUX_SUBMODULE)/Makefile" || git submodule update --init --recursive $(ZFSONLINUX_SUBMODULE)
test -f "${KERNEL_SRC_SUBMODULE}/README" || git submodule update --init ${KERNEL_SRC_SUBMODULE}
test -f "${ZFSONLINUX_SUBMODULE}/Makefile" || git submodule update --init --recursive ${ZFSONLINUX_SUBMODULE}
# call after ABI bump with header deb in working directory
.PHONY: abiupdate
abiupdate: abi-prev-$(KVNAME)
abi-prev-$(KVNAME): abi-tmp-$(KVNAME)
abiupdate: abi-prev-${KVNAME}
abi-prev-${KVNAME}: abi-tmp-${KVNAME}
ifneq ($(strip $(shell git status --untracked-files=no --porcelain -z)),)
@echo "working directory unclean, aborting!"
@false
@@ -157,15 +133,15 @@ else
git rm "abi-prev-*"
mv $< $@
git add $@
git commit -s -m "update ABI file for $(KVNAME)" -m "(generated with debian/scripts/abi-generate)"
@echo "update abi-prev-$(KVNAME) committed!"
git commit -s -m "update ABI file for ${KVNAME}" -m "(generated with debian/scripts/abi-generate)"
@echo "update abi-prev-${KVNAME} committed!"
endif
abi-tmp-$(KVNAME):
@ test -e $(HDR_DEB) || (echo "need $(HDR_DEB) to extract ABI data!" && false)
debian/scripts/abi-generate $(HDR_DEB) $@ $(KVNAME) 1
abi-tmp-${KVNAME}:
@ test -e ${HDR_DEB} || (echo "need ${HDR_DEB} to extract ABI data!" && false)
debian/scripts/abi-generate ${HDR_DEB} $@ ${KVNAME} 1
.PHONY: clean
clean:
rm -rf *~ proxmox-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG)
rm -f *.deb *.dsc *.changes *.buildinfo *.build proxmox-kernel*.tar.*
rm -rf *~ build *.prepared ${KERNEL_CFG_ORG}
rm -f *.deb *.changes *.buildinfo
README
+8 -81
View File
@@ -24,67 +24,6 @@ Additional/Updated Modules:
For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
BUILD
=====
As this is packaging for the Linux kernel with some extra integrations, like
ZFS, this repo cannot be handled like a plain Linux kernel git repository.
The actual Linux kernel source lives in a git submodule.
For a build you should init the submodules and then handle it like most our
Debian packaging builds. If unsure you can follow this:
Installing Build-Dependencies
-----------------------------
You can either just check the package metadata template `debian/control.in`
and install the packages listed in the `Build-Depends` section manually
(replace `debhelper-compat` with just `debhelper`) or use a more automated way
described below:
# install base build-dependencies and helpers
apt update
apt install devscripts
# create build-directory so that we got final packaging control files from the
# .in templates generated
make build-dir-fresh
# install build-dependencies (replace BUILD-DIR with actual one)
mk-build-deps -ir BUILD-DIR/debian/control
Package Build
-------------
# start the actual build
make deb
For simple KConfig modifications you can adapt the list in `debian/rules` file.
For quick code changes to the actual kernel code you can do them directly in
the submodule/ubuntu-kernels directory, then re-create the build-directory, e.g.:
make clean
# now build again, explicitly creating the build-dir isn't required anymore
# after one has the build-dependencies already installed.
make deb
Modify-Build-Test Cycles
------------------------
Ideally you avoid the need for doing a full package build and just directly
build linux from the ubuntu-kernels or the mainline (stable) repo with copying
over a build-config of a proxmox-kernel to that as .config and then using the
`make olddefconfig` target.
If you need full package builds you can try to make changes inside the
BUILD-DIR directly and then continue build from there, e.g., using
`dpkg-buildpackage -b -uc -us --no-pre-clean`. Depending on what stage you want
to continue build you might need to touch, or remove some *.prepared files.
Just check `debian/rules` for how kernel build progress is tracked by make.
SUBMODULE
=========
@@ -121,26 +60,14 @@ top level meta package, depends on current default kernel series meta package.
git clone git://git.proxmox.com/git/proxmox-ve.git
proxmox-default-kernel
----------------------
pve-kernel-meta
---------------
Depends on default kernel and header meta package, e.g., proxmox-kernel-6.2 /
proxmox-headers-6.2.
Depends on latest kernel and header package within a certain kernel series,
e.g., pve-kernel-5.15 / pve-headers-5.15
git clone git://git.proxmox.com/git/pve-kernel-meta.git
proxmox-kernel-X.Y
------------------
Depends on the latest kernel (or header, in case of proxmox-headers-X.Y)
package within a certain series.
e.g., proxmox-kernel-6.2 depends on proxmox-kernel-6.2.16-6-pve
NOTE: Since Proxmox VE 8, based on Debian 12 Bookworm, the kernel ABI is bumped
with every version bump due to module signing. Since then the meta package was
pulled into the kernel repo, before that it lived in pve-kernel-meta.git.
pve-firmware
------------
@@ -172,18 +99,18 @@ Watchdog blacklist
By default, all watchdog modules are black-listed because it is totally undefined
which device is actually used for /dev/watchdog.
We ship this list in /lib/modprobe.d/blacklist_proxmox-kernel-<VERSION>.conf
We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
The user typically edit /etc/modules to enable a specific watchdog device.
Debug kernel and modules
------------------------
In order to build a -dbgsym package containing an unstripped copy of the kernel
image and modules, enable the 'pkg.proxmox-kernel.debug' build profile (e.g. by
exporting DEB_BUILD_PROFILES='pkg.proxmox-kernel.debug'). The resulting package can
image and modules, enable the 'pkg.pve-kernel.debug' build profile (e.g. by
exporting DEB_BUILD_PROFILES='pkg.pve-kernel.debug'). The resulting package can
be used together with 'crash'/'kdump-tools' to debug kernel crashes.
Note: the -dbgsym package is only valid for the proxmox-kernel packages produced by
Note: the -dbgsym package is only valid for the pve-kernel packages produced by
the same build. A kernel/module from a different build will likely not match,
even if both builds are of the same kernel and package version.
abi-prev-6.2.6-1-pve
+27597
View File
File diff suppressed because it is too large Load Diff
abi-prev-6.5.13-5-pve
-28343
View File
File diff suppressed because it is too large Load Diff
debian/changelog
Vendored
+3 -317
View File
@@ -1,322 +1,8 @@
proxmox-kernel-6.5 (6.5.13-5) bookworm; urgency=medium
pve-kernel (6.2.6-2~secureboot1) bullseye; urgency=medium
* revert a backport to avoid breaking copying files within a CIFS mount
* test build with lockdown, trusted key and module signing
* revert a backport for the thermal subsystem that causes early boot failure
for some hardware using the step-wise-throttle governor
-- Proxmox Support Team <support@proxmox.com> Fri, 05 Apr 2024 13:03:12 +0200
proxmox-kernel-6.5 (6.5.13-4) bookworm; urgency=medium
* update sources to Ubuntu-6.5.0-32.32 based on stable-tree backports of up
to v6.1.77, v6.6.16
-- Proxmox Support Team <support@proxmox.com> Fri, 29 Mar 2024 15:28:57 +0100
proxmox-kernel-6.5 (6.5.13-3) bookworm; urgency=medium
* updated sources to Ubuntu-6.5.0-27.28 to fix a regression in the tracing &
debugging related eventfs, potentially breaking bpftrace.
-- Proxmox Support Team <support@proxmox.com> Wed, 20 Mar 2024 11:45:08 +0100
proxmox-kernel-6.5 (6.5.13-2) bookworm; urgency=medium
* update sources to Ubuntu-6.5.0-27.27 based on stable-tree backports of
v6.1.74, v6.6.13
* update ZFS to 2.2.3
* Revert "cherry-pick scheduler fix to avoid temporary VM freezes on NUMA
hosts" as user feedback did not show real improvement.
-- Proxmox Support Team <support@proxmox.com> Mon, 11 Mar 2024 14:36:05 +0100
proxmox-kernel-6.5 (6.5.13-1) bookworm; urgency=medium
* update sources to Ubuntu-6.5.0-20.20 based on v6.5.13 and some newer
stable-tree backports
* backport scheduler fix to avoid temporary VM freezes on NUMA hosts
-- Proxmox Support Team <support@proxmox.com> Mon, 05 Feb 2024 14:50:54 +0100
proxmox-kernel-6.5 (6.5.11-8) bookworm; urgency=medium
* fix #5077: cherry-pick revert for aacraid resets
* fix #5158: cherry-pick ext4 fix for high-CPU flush
-- Proxmox Support Team <support@proxmox.com> Tue, 30 Jan 2024 13:27:34 +0100
proxmox-kernel-6.5 (6.5.11-7) bookworm; urgency=medium
* update ZFS to 2.2.2 to make it easier for users to ensure we're not
affected by any recently uncovered data integrity issues (which got
already patched out earlier via backports).
-- Proxmox Support Team <support@proxmox.com> Tue, 05 Dec 2023 10:44:02 +0100
proxmox-kernel-6.5 (6.5.11-6) bookworm; urgency=medium
* cherry-pick ZFS fix for (rare) dirty dnode data corruption bug
-- Proxmox Support Team <support@proxmox.com> Wed, 29 Nov 2023 09:32:26 +0100
proxmox-kernel-6.5 (6.5.11-5) bookworm; urgency=medium
* properly set CONFIG_VFIO_VIRQFD as a boolean
* cherry-pick fix for RCU stall issue after VM live migration
-- Proxmox Support Team <support@proxmox.com> Mon, 27 Nov 2023 20:52:25 +0100
proxmox-kernel-6.5 (6.5.11-4) bookworm; urgency=medium
* add signed kernel variant for secure boot
-- Proxmox Support Team <support@proxmox.com> Mon, 20 Nov 2023 11:19:53 +0100
proxmox-kernel-6.5 (6.5.11-3) bookworm; urgency=medium
* ZFS: pick bug-fixes staged for 2.2.1:
- add a tunable to disable BRT support and disable it by default
- fix block cloning between unencrypted and encrypted datasets
- disable block cloning by default
-- Proxmox Support Team <support@proxmox.com> Fri, 17 Nov 2023 17:34:32 +0100
proxmox-kernel-6.5 (6.5.11-2) bookworm; urgency=medium
* rebase on Ubuntu-6.5.0-14.14 to include a fix for viewing ast/bmc remote
consoles
* backport flexible-array-member fixes for the amdgpu module to avoid UBSAN
warnings.
* disable UBSAN bounds checking again completely, to many false-positives
-- Proxmox Support Team <support@proxmox.com> Tue, 14 Nov 2023 18:19:51 +0100
proxmox-kernel-6.5 (6.5.11-1) bookworm; urgency=medium
* update to v6.5.11 upstream stable release
* revert "memfd: improve userspace warnings for missing exec-related flags",
producing to much log noise without any benefit
* Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put
before unmounting"
-- Proxmox Support Team <support@proxmox.com> Wed, 08 Nov 2023 15:40:29 +0100
proxmox-kernel-6.5 (6.5.3-1) bookworm; urgency=medium
* disable UBSAN bounds checking to avoid false-positive oopses due to the
ZFS module using an older style for declaring flexible array member.
-- Proxmox Support Team <support@proxmox.com> Mon, 23 Oct 2023 10:03:52 +0200
proxmox-kernel-6.5 (6.5.3-1~1) bookworm; urgency=medium
* update kernel to 6.5 based Ubuntu 23.10 Mantic release
-- Proxmox Support Team <support@proxmox.com> Fri, 13 Oct 2023 15:28:11 +0200
proxmox-kernel-6.2 (6.2.16-19) bookworm; urgency=medium
* backport exposing FLUSHBYASID when running nested VMs on AMD CPUs to fix
nesting of some hyper-visors like VMware Workstation.
* backport constraining guest-supported xfeatures only at KVM_GET_XSAVE{2}
to further improve compatibility for guests w.r.t. live-migration, or live
snapshot rollback, to hosts with less (FPU) xfeatures supported.
-- Proxmox Support Team <support@proxmox.com> Tue, 24 Oct 2023 14:07:51 +0200
proxmox-kernel-6.2 (6.2.16-18) bookworm; urgency=medium
* backport fix for AMD erratum #1485 on Zen4-based CPUs to avoid triggering
undefined instruction exceptions when disabling all, or certain security
mitigations, like using the "mitigations=off" kernel command line
parameter
* backport ZFS fix to avoid crashes and hangs if used on modern Intel HW
like the Xeon Scalable 4th Gen "Sapphire Rapids" CPUs due to a HW bug as
per Intel SPR erratum SPR4
-- Proxmox Support Team <support@proxmox.com> Wed, 11 Oct 2023 17:05:18 +0200
proxmox-kernel-6.2 (6.2.16-16) bookworm; urgency=medium
* update sources to Ubuntu-6.2.0-36.36
-- Proxmox Support Team <support@proxmox.com> Tue, 03 Oct 2023 07:42:21 +0200
proxmox-kernel-6.2 (6.2.16-15) bookworm; urgency=medium
* fix thunderbolt ring-interrupt not being masked on suspend
* cherry-pick fix to avoid potentially offlining one CPU thread on some EPYC
CPUs with a new amd64-microcode package (still in unstable).
* update ZFS to 2.1.13
-- Proxmox Support Team <support@proxmox.com> Thu, 28 Sep 2023 15:53:58 +0200
proxmox-kernel-6.2 (6.2.16-14) bookworm; urgency=medium
* cherry-pick fix for setting X86_FEATURE_OSXSAVE feature improving
performance of some code that tries to live-detect available CPU features,
like, e.g., ZFS.
-- Proxmox Support Team <support@proxmox.com> Tue, 19 Sep 2023 10:17:16 +0200
proxmox-kernel-6.2 (6.2.16-13) bookworm; urgency=medium
* fix #4707: add override parameter for RMRR relaxation
* backport thunderbolt-net fixes for IPv6 and connection re-establishment
after a node got rebooted
* update sources to Ubuntu-6.2.0-34.34
-- Proxmox Support Team <support@proxmox.com> Mon, 18 Sep 2023 15:31:57 +0200
proxmox-kernel-6.2 (6.2.16-12) bookworm; urgency=medium
* cherry-pick fix for KVM vCPU page-fault loop.
Due to too small and signed type used for an memory related sequence
counter there was a chance that for long-lived VMs KVM would effectively
hang vCPUs due to always thinking page faults are stale, which results in
KVM refusing to "fix" faults.
-- Proxmox Support Team <support@proxmox.com> Mon, 04 Sep 2023 15:21:22 +0200
proxmox-kernel-6.2 (6.2.16-11) bookworm; urgency=medium
* cherry-pick fix to surpress faulty segfault logging. While harmless, such
logs can look scary and might let people follow them like a red herring.
* update sources to Ubuntu-6.2.0-32.32
-- Proxmox Support Team <support@proxmox.com> Thu, 31 Aug 2023 11:56:15 +0200
proxmox-kernel-6.2 (6.2.16-10) bookworm; urgency=medium
* disable CONFIG_GDS_FORCE_MITIGATION again
when not having installed a new-enough intel-microcode, this disables AVX
instructions which breaks a lot of software
-- Proxmox Support Team <support@proxmox.com> Fri, 18 Aug 2023 13:42:38 +0200
proxmox-kernel-6.2 (6.2.16-9) bookworm; urgency=medium
* add fixes for downfall
* enable mitigation config option CONFIG_GDS_FORCE_MITIGATION
-- Proxmox Support Team <support@proxmox.com> Wed, 16 Aug 2023 10:07:11 +0200
proxmox-kernel-6.2 (6.2.16-8) bookworm; urgency=medium
* sign modules and set trust anchor/lockdown to allow manual secure boot
-- Proxmox Support Team <support@proxmox.com> Wed, 02 Aug 2023 14:17:00 +0200
proxmox-kernel-6.2 (6.2.16-7) bookworm; urgency=medium
* change `pve-` prefix to `proxmox-`
* merge proxmox-kernel-meta packaging into main kernel repository
* bump ABI to 6.2.16-6
-- Proxmox Support Team <support@proxmox.com> Tue, 01 Aug 2023 13:23:46 +0200
pve-kernel (6.2.16-6) bookworm; urgency=medium
* fix #4833: backport fix for recovering potential NX huge pages
* fix #4770: backport "nvme: don't reject probe due to duplicate IDs"
* backport Zenbleed stop-gap workaround for CVE-2023-20593, the actual fix
is the amd64-microcode update.
-- Proxmox Support Team <support@proxmox.com> Tue, 25 Jul 2023 17:33:45 +0200
pve-kernel (6.2.16-5) bookworm; urgency=medium
* kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no support to
improve live-migrations & snapshot-rollback of VMs running on modern Intel
CPUs (Skylake-Server or Tiger Lake Desktop), if configured with a
restricted vCPU type (e.g., qemu64) and if the migration source is from
our 5.15 based kernel (default in Proxmox VE 7.4) to the 6.2 (and future
newer) of Proxmox VE 8.0 as target.
This copes with the fallout of a fix, that while itself improved migration
compatibility for clusters with different host-CPU models, caused another
issue on the transition between the older "broken" and newer "fixed"
kernels for homogeneous clusters, i.e., those with the same PVE host-CPU
model.
-- Proxmox Support Team <support@proxmox.com> Fri, 14 Jul 2023 19:53:39 +0200
pve-kernel (6.2.16-4) bookworm; urgency=medium
* backport fixes for StackRot (CVE-2023-3269)
-- Proxmox Support Team <support@proxmox.com> Fri, 07 Jul 2023 06:22:28 +0200
pve-kernel (6.2.16-3) bookworm; urgency=medium
* update to Ubuntu-6.2.0-25.25
-- Proxmox Support Team <support@proxmox.com> Sat, 17 Jun 2023 07:58:57 +0200
pve-kernel (6.2.16-2) bookworm; urgency=medium
* update ZFS to 2.1.12
* bump ABI to 6.2.16-2
* backport "net/sched: flower: fix possible OOB write in fl_set_geneve_opt()"
* backport re-adding mdev_set_iommu_device() kABI for support of SRIOV based
Nvidia vGPU
-- Proxmox Support Team <support@proxmox.com> Tue, 13 Jun 2023 15:30:53 +0200
pve-kernel (6.2.16-1) bookworm; urgency=medium
* update to Ubuntu-6.2.0-23.23 and pull in stable fixes up to v6.2.16
* build for Debian 12 Bookworm based releases
-- Proxmox Support Team <support@proxmox.com> Sat, 20 May 2023 19:23:34 +0200
pve-kernel (6.2.11-2) bullseye; urgency=medium
* backport "netfilter: nf_tables: deactivate anonymous set from preparation
phase"
* bump ABI to 6.2.11-2
-- Proxmox Support Team <support@proxmox.com> Wed, 10 May 2023 11:13:34 +0200
pve-kernel (6.2.11-1) bullseye; urgency=medium
* update kernel to Proxmox-6.2.11-1
* update ZFS to 2.1.11
-- Proxmox Support Team <support@proxmox.com> Thu, 20 Apr 2023 11:59:36 +0200
pve-kernel (6.2.9-1) bullseye; urgency=medium
* update to Ubuntu-6.2.0-19.19 and cherry-pick patches up to 6.2.9
-- Proxmox Support Team <support@proxmox.com> Fri, 31 Mar 2023 12:48:33 +0200
-- Proxmox Support Team <support@proxmox.com> Thu, 16 Mar 2023 14:56:01 +0100
pve-kernel (6.2.6-1) bullseye; urgency=medium
debian/compat
Vendored
+1
View File
@@ -0,0 +1 @@
10
debian/control.in
Vendored
+25 -49
View File
@@ -1,4 +1,4 @@
Source: proxmox-kernel-@KVMAJMIN@
Source: pve-kernel
Section: devel
Priority: optional
Maintainer: Proxmox Support Team <support@proxmox.com>
@@ -7,7 +7,7 @@ Build-Depends: asciidoc-base,
bc,
bison,
cpio,
debhelper-compat (= 13),
debhelper (>= 10~),
dh-python,
dwarves,
file,
@@ -25,15 +25,16 @@ Build-Depends: asciidoc-base,
libtool,
lintian,
lz4,
python3-dev,
perl-modules,
python3-minimal,
rsync,
sed,
sphinx-common,
tar,
xmlto,
zlib1g-dev,
zstd,
Build-Conflicts: proxmox-headers-@KVNAME@,
Standards-Version: 4.6.2
Build-Conflicts: pve-headers-@KVNAME@
Vcs-Git: git://git.proxmox.com/git/pve-kernel
Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
@@ -41,84 +42,59 @@ Package: linux-tools-@KVMAJMIN@
Architecture: any
Section: devel
Priority: optional
Depends: linux-base, ${misc:Depends}, ${shlibs:Depends},
Depends: linux-base, ${misc:Depends}, ${shlibs:Depends}
Description: Linux kernel version specific tools for version @KVMAJMIN@
This package provides the architecture dependent parts for kernel
version locked tools (such as perf and x86_energy_perf_policy)
Package: proxmox-headers-@KVNAME@
Package: pve-headers-@KVNAME@
Section: devel
Priority: optional
Architecture: any
Provides: linux-headers-@KVNAME@-amd64, pve-headers-@KVNAME@
Depends: ${misc:Depends},
Provides: linux-headers-@KVNAME@-amd64
Depends: coreutils | fileutils (>= 4.0)
Description: Proxmox Kernel Headers
This package contains the linux kernel headers
Package: proxmox-kernel-@KVNAME@
Package: pve-kernel-@KVNAME@
Section: admin
Priority: optional
Architecture: any
Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
Suggests: pve-firmware,
Depends: busybox, initramfs-tools | linux-initramfs-tool, ${misc:Depends},
Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64,
Provides: linux-image-@KVNAME@-amd64
Suggests: pve-firmware
Depends: busybox, initramfs-tools | linux-initramfs-tool
Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64
Description: Proxmox Kernel Image
This package contains the linux kernel and initial ramdisk used for booting
Package: proxmox-kernel-@KVNAME@-dbgsym
Package: pve-kernel-@KVNAME@-dbgsym
Architecture: any
Provides: linux-debug, pve-kernel-@KVNAME@-dbgsym
Provides: linux-debug
Section: devel
Priority: optional
Build-Profiles: <pkg.proxmox-kernel.debug>
Depends: ${misc:Depends},
Build-Profiles: <pkg.pve-kernel.debug>
Description: Proxmox Kernel debug image
This package provides the kernel debug image for version @KVNAME@. The debug
kernel image contained in this package is NOT meant to boot from - it is
uncompressed, and unstripped, and suitable for use with crash/kdump-tools/..
to analyze kernel crashes. This package also contains the proxmox-kernel modules
to analyze kernel crashes. This package also contains the pve-kernel modules
in their unstripped version.
Package: proxmox-kernel-@KVNAME@-signed-template
Package: pve-kernel-@KVNAME@-signed-template
Architecture: amd64
Depends: ${shlibs:Depends}, ${misc:Depends}, make | build-essential | dpkg-dev
Description: Template for signed kernel package
This package is used to control code signing by the Proxmox signing
service.
Package: proxmox-kernel-libc-dev
Package: pve-kernel-libc-dev
Section: devel
Priority: optional
Architecture: any
Provides: linux-libc-dev (=${binary:Version}), pve-kernel-libc-dev
Conflicts: linux-libc-dev,
Replaces: linux-libc-dev, pve-kernel-libc-dev
Breaks: pve-kernel-libc-dev
Depends: ${misc:Depends},
Provides: linux-libc-dev (=${binary:Version})
Conflicts: linux-libc-dev
Replaces: linux-libc-dev
Depends: ${misc:Depends}
Description: Linux support headers for userspace development
This package provides userspaces headers from the Linux kernel. These headers
are used by the installed headers for GNU libc and other system libraries.
Package: proxmox-headers-@KVMAJMIN@
Architecture: all
Section: admin
Provides: linux-headers-amd64, linux-headers-generic, pve-headers-@KVMAJMIN@
Replaces: pve-headers-@KVMAJMIN@
Priority: optional
Depends: proxmox-headers-@KVNAME@, ${misc:Depends},
Description: Latest Proxmox Kernel Headers
This is a metapackage which will install the kernel headers
for the latest available proxmox kernel from the @KVMAJMIN@
series.
Package: proxmox-kernel-@KVMAJMIN@
Architecture: all
Section: admin
Provides: linux-image-amd64, linux-image-generic, wireguard-modules (=1.0.0), pve-kernel-@KVMAJMIN@
Replaces: pve-kernel-@KVMAJMIN@
Priority: optional
Depends: pve-firmware, proxmox-kernel-@KVNAME@-signed | proxmox-kernel-@KVNAME@, ${misc:Depends},
Description: Latest Proxmox Kernel Image
This is a metapackage which will install the latest available
proxmox kernel from the @KVMAJMIN@ series.
debian/proxmox-kernel-meta.postinst.in
Vendored
-17
View File
@@ -1,17 +0,0 @@
#! /bin/sh
# Abort if any command returns an error value
set -e
case "$1" in
configure)
# setup kernel links for installation CD (rescue boot)
mkdir -p /boot/pve
ln -sf /boot/vmlinuz-@@KVNAME@@ /boot/pve/vmlinuz-@@KVMAJMIN@@
ln -sf /boot/initrd.img-@@KVNAME@@ /boot/pve/initrd.img-@@KVMAJMIN@@
;;
esac
#DEBHELPER#
exit 0
debian/proxmox-kernel-meta.postrm.in
Vendored
-19
View File
@@ -1,19 +0,0 @@
#! /bin/sh
# Abort if any command returns an error value
set -e
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
# remove kernel symlinks
rm -f /boot/pve/vmlinuz-@@KVNAME@@
rm -f /boot/pve/initrd.img-@@KVNAME@@
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
debian/proxmox-kernel.postrm.in
Vendored
-46
View File
@@ -1,46 +0,0 @@
#!/usr/bin/perl
use strict;
use warnings;
# Ignore all 'upgrade' invocations .
exit 0 if $ARGV[0] =~ /upgrade/;
my $imagedir = "/boot";
my $version = "@@KVNAME@@";
if (-d "/etc/kernel/postrm.d") {
print STDERR "Examining /etc/kernel/postrm.d.\n";
system (
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postrm.d"
) && die "Failed to process /etc/kernel/postrm.d";
}
unlink "$imagedir/initrd.img-$version";
unlink "$imagedir/initrd.img-$version.bak";
unlink "/var/lib/initramfs-tools/$version";
# Ignore all invocations except when called on to purge.
exit 0 unless $ARGV[0] =~ /purge/;
my @files_to_remove = qw{
modules.dep modules.isapnpmap modules.pcimap
modules.usbmap modules.parportmap
modules.generic_string modules.ieee1394map
modules.ieee1394map modules.pnpbiosmap
modules.alias modules.ccwmap modules.inputmap
modules.symbols modules.ofmap
modules.seriomap modules.*.bin
modules.softdep modules.devname
};
foreach my $extra_file (@files_to_remove) {
for (glob("/lib/modules/$version/$extra_file")) {
unlink;
}
}
system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
exit 0
debian/proxmox-headers.postinst.in → debian/pve-headers.postinst.in
Vendored
View File
debian/proxmox-kernel.postinst.in → debian/pve-kernel.postinst.in
Vendored
+5 -5
View File
@@ -1,7 +1,6 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
# Ignore all invocations except when called on to configure.
exit 0 unless $ARGV[0] =~ /configure/;
@@ -17,9 +16,10 @@ system("depmod $version");
if (-d "/etc/kernel/postinst.d") {
print STDERR "Examining /etc/kernel/postinst.d.\n";
system(
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postinst.d"
) && die "Failed to process /etc/kernel/postinst.d";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/postinst.d") &&
die "Failed to process /etc/kernel/postinst.d";
}
exit 0
debian/pve-kernel.postrm.in
Vendored
+46
View File
@@ -0,0 +1,46 @@
#!/usr/bin/perl -w
use strict;
# Ignore all 'upgrade' invocations .
exit 0 if $ARGV[0] =~ /upgrade/;
my $imagedir = "/boot";
my $version = "@@KVNAME@@";
if (-d "/etc/kernel/postrm.d") {
print STDERR "Examining /etc/kernel/postrm.d.\n";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/postrm.d") &&
die "Failed to process /etc/kernel/postrm.d";
}
unlink "$imagedir/initrd.img-$version";
unlink "$imagedir/initrd.img-$version.bak";
unlink "/var/lib/initramfs-tools/$version";
# Ignore all invocations except when called on to purge.
exit 0 unless $ARGV[0] =~ /purge/;
my @files_to_remove = qw{
modules.dep modules.isapnpmap modules.pcimap
modules.usbmap modules.parportmap
modules.generic_string modules.ieee1394map
modules.ieee1394map modules.pnpbiosmap
modules.alias modules.ccwmap modules.inputmap
modules.symbols modules.ofmap
modules.seriomap modules.*.bin
modules.softdep modules.devname
};
foreach my $extra_file (@files_to_remove) {
for (glob("/lib/modules/$version/$extra_file")) {
unlink;
}
}
system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
exit 0
debian/proxmox-kernel.prerm.in → debian/pve-kernel.prerm.in
Vendored
+5 -5
View File
@@ -1,7 +1,6 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
# Ignore all invocations uxcept when called on to remove
exit 0 unless ($ARGV[0] && $ARGV[0] =~ /remove/) ;
@@ -15,9 +14,10 @@ my $version = "@@KVNAME@@";
if (-d "/etc/kernel/prerm.d") {
print STDERR "Examining /etc/kernel/prerm.d.\n";
system(
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/prerm.d"
) && die "Failed to process /etc/kernel/prerm.d";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/prerm.d") &&
die "Failed to process /etc/kernel/prerm.d";
}
exit 0
debian/rules
Vendored
+129 -131
View File
@@ -9,25 +9,22 @@ BUILD_DIR=$(shell pwd)
include /usr/share/dpkg/default.mk
include debian/rules.d/env.mk
include debian/rules.d/$(DEB_BUILD_ARCH).mk
MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
include debian/rules.d/${DEB_BUILD_ARCH}.mk
CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ)
PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME)
PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN)
PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template
PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp
PVE_KERNEL_PKG=pve-kernel-${KVNAME}
PVE_DEBUG_KERNEL_PKG=pve-kernel-${KVNAME}-dbgsym
PVE_HEADER_PKG=pve-headers-${KVNAME}
PVE_USR_HEADER_PKG=pve-kernel-libc-dev
PVE_KERNEL_SIGNING_TEMPLATE_PKG=pve-kernel-${KVNAME}-signed-template
PVE_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
LINUX_TOOLS_PKG=linux-tools-${KERNEL_MAJMIN}
KERNEL_SRC_COPY=${KERNEL_SRC}_tmp
# TODO: split for archs, move to files?
PMX_CONFIG_OPTS= \
PVE_CONFIG_OPTS= \
-m INTEL_MEI_WDT \
-d CONFIG_SND_PCM_OSS \
-e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
@@ -67,7 +64,7 @@ PMX_CONFIG_OPTS= \
-e CONFIG_MEMCG_SWAP_ENABLED \
-e CONFIG_HYPERV \
-m CONFIG_VFIO_IOMMU_TYPE1 \
-e CONFIG_VFIO_VIRQFD \
-m CONFIG_VFIO_VIRQFD \
-m CONFIG_VFIO \
-m CONFIG_VFIO_PCI \
-m CONFIG_USB_XHCI_HCD \
@@ -93,41 +90,35 @@ PMX_CONFIG_OPTS= \
-d CONFIG_UNWINDER_ORC \
-d CONFIG_UNWINDER_GUESS \
-e CONFIG_UNWINDER_FRAME_POINTER \
--set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\
--set-str CONFIG_SYSTEM_TRUSTED_KEYS "../debian/certs/combined.pem"\
--set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\
-e CONFIG_SECURITY_LOCKDOWN_LSM \
-e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
--set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION \
-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
-d CONFIG_GDS_FORCE_MITIGATION \
-d CONFIG_WQ_CPU_INTENSIVE_REPORT \
-d CONFIG_N_GSM \
-d UBSAN_BOUNDS \
-e CONFIG_PAGE_TABLE_ISOLATION
debian/control: $(wildcard debian/*.in)
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_KERNEL_PKG).prerm
chmod +x debian/$(PMX_KERNEL_PKG).postrm
chmod +x debian/$(PMX_KERNEL_PKG).postinst
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.prerm.in > debian/${PVE_KERNEL_PKG}.prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postrm.in > debian/${PVE_KERNEL_PKG}.postrm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postinst.in > debian/${PVE_KERNEL_PKG}.postinst
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-headers.postinst.in > debian/${PVE_HEADER_PKG}.postinst
chmod +x debian/${PVE_KERNEL_PKG}.prerm
chmod +x debian/${PVE_KERNEL_PKG}.postrm
chmod +x debian/${PVE_KERNEL_PKG}.postinst
chmod +x debian/${PVE_HEADER_PKG}.postinst
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/${KERNEL_MAJMIN}/g' < debian/control.in > debian/control
# combine trusted certificates
cat debian/certs/*.pem > debian/certs/combined.pem
# signing-template
sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
sed -e '1 s/pve-kernel/pve-kernel-signed/' -e '1 s/${DEB_VERSION}/${PVE_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.prerm.in > debian/signing-template/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postrm.in > debian/signing-template/postrm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/pve-kernel.postinst.in > debian/signing-template/postinst
rm debian/signing-template/*.in
cp debian/SOURCE debian/signing-template/
@@ -143,7 +134,7 @@ install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_in
binary: install
debian/rules fwcheck abicheck
dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG)
dh_strip -N${PVE_HEADER_PKG} -N${PVE_USR_HEADER_PKG}
dh_makeshlibs
dh_shlibdeps
dh_installdeb
@@ -152,67 +143,67 @@ binary: install
dh_builddeb
.config_mark:
cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
$(MAKE) -C $(KERNEL_SRC) olddefconfig
cd ${KERNEL_SRC}; scripts/config ${PVE_CONFIG_OPTS}
${MAKE} -C ${KERNEL_SRC} oldconfig
# copy to allow building in parallel to kernel/module compilation without interference
rm -rf $(KERNEL_SRC_COPY)
cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY)
rm -rf ${KERNEL_SRC_COPY}
cp -ar ${KERNEL_SRC} ${KERNEL_SRC_COPY}
touch $@
.compile_mark: .config_mark
$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
${MAKE} -C ${KERNEL_SRC} KBUILD_BUILD_VERSION_TIMESTAMP="PVE ${DEB_VERSION} (${CHANGELOG_DATE_UTC_ISO})"
touch $@
.install_mark: .compile_mark .modules_compile_mark
rm -rf debian/$(PMX_KERNEL_PKG)
mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)
mkdir debian/$(PMX_KERNEL_PKG)/boot
install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME)
install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME)
install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install
rm -rf debian/${PVE_KERNEL_PKG}
mkdir -p debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}
mkdir debian/${PVE_KERNEL_PKG}/boot
install -m 644 ${KERNEL_SRC}/.config debian/${PVE_KERNEL_PKG}/boot/config-${KVNAME}
install -m 644 ${KERNEL_SRC}/System.map debian/${PVE_KERNEL_PKG}/boot/System.map-${KVNAME}
install -m 644 ${KERNEL_SRC}/${KERNEL_IMAGE_PATH} debian/${PVE_KERNEL_PKG}/boot/${KERNEL_INSTALL_FILE}-${KVNAME}
${MAKE} -C ${KERNEL_SRC} INSTALL_MOD_PATH=${BUILD_DIR}/debian/${PVE_KERNEL_PKG}/ modules_install
# install zfs drivers
install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
install -m 644 $(MODULES)/zfs.ko $(MODULES)/spl.ko debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
install -d -m 0755 debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/zfs
install -m 644 $(addprefix ${MODULES}/,zfs.ko zavl.ko znvpair.ko zunicode.ko zcommon.ko icp.ko zlua.ko spl.ko zzstd.ko) debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/zfs
# remove firmware
rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware
rm -rf debian/${PVE_KERNEL_PKG}/lib/firmware
ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),)
echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation"
ifeq ($(filter pkg.pve-kernel.debug,$(DEB_BUILD_PROFILES)),)
echo "'pkg.pve-kernel.debug' build profile disabled, skipping -dbgsym creation"
else
echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents"
mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
echo "'pkg.pve-kernel.debug' build profile enabled, creating -dbgsym contents"
mkdir -p debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}
mkdir debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/boot
install -m 644 ${KERNEL_SRC}/vmlinux debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/boot/vmlinux-${KVNAME}
cp -r debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME} debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/
rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/source
rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/build
rm -f debian/${PVE_DEBUG_KERNEL_PKG}/usr/lib/debug/lib/modules/${KVNAME}/modules.*
endif
# strip debug info
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
find debian/${PVE_KERNEL_PKG}/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
# sign modules using ephemeral, embedded key
if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \
find debian/${PVE_KERNEL_PKG}/lib/modules -name \*.ko -print | while read f ; do \
./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \
done; \
rm ./ubuntu-kernel/certs/signing_key.pem ; \
fi
# finalize
/sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME)
/sbin/depmod -b debian/${PVE_KERNEL_PKG}/ ${KVNAME}
# Autogenerate blacklist for watchdog devices (see README)
install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d
ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
install -m 0755 -d debian/${PVE_KERNEL_PKG}/lib/modprobe.d
ls debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/${PVE_KERNEL_PKG}/lib/modprobe.d/blacklist_${PVE_KERNEL_PKG}.conf
rm -f debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/source
rm -f debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME}/build
# copy signing template contents
rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}
mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
rm -rf debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}
mkdir -p debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp -R debian/copyright \
debian/signing-template/rules \
debian/signing-template/control \
@@ -222,36 +213,36 @@ endif
debian/signing-template/postrm \
debian/signing-template/postinst \
debian/signing-template/SOURCE \
debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/
debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp debian/signing-template/files.json debian/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PVE_KERNEL_SIGNING_TEMPLATE_PKG}/
touch $@
.tools_compile_mark: .compile_mark
$(MAKE) -C $(KERNEL_SRC)/tools/perf prefix=/usr NO_LIBTRACEEVENT=1 HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
${MAKE} -C ${KERNEL_SRC}/tools/perf prefix=/usr HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
echo "checking GPL-2 only perf binary for library linkage with incompatible licenses.."
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibbfd'
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibcrypto'
$(MAKE) -C $(KERNEL_SRC)/tools/perf NO_LIBTRACEEVENT=1 man
! ldd ${KERNEL_SRC}/tools/perf/perf | grep -q -E '\blibbfd'
! ldd ${KERNEL_SRC}/tools/perf/perf | grep -q -E '\blibcrypto'
${MAKE} -C ${KERNEL_SRC}/tools/perf man
touch $@
.tools_install_mark: .tools_compile_mark
rm -rf debian/$(LINUX_TOOLS_PKG)
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/bin
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1
install -m 755 $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/perf debian/$(LINUX_TOOLS_PKG)/usr/bin/perf_$(KERNEL_MAJMIN)
for i in $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/Documentation/*.1; do \
rm -rf debian/${LINUX_TOOLS_PKG}
mkdir -p debian/${LINUX_TOOLS_PKG}/usr/bin
mkdir -p debian/${LINUX_TOOLS_PKG}/usr/share/man/man1
install -m 755 ${BUILD_DIR}/${KERNEL_SRC}/tools/perf/perf debian/${LINUX_TOOLS_PKG}/usr/bin/perf_$(KERNEL_MAJMIN)
for i in ${BUILD_DIR}/${KERNEL_SRC}/tools/perf/Documentation/*.1; do \
fname="$${i##*/}"; manname="$${fname%.1}"; \
install -m644 "$$i" "debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
install -m644 "$$i" "debian/${LINUX_TOOLS_PKG}/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
done
touch $@
.headers_prepare_mark: .config_mark
rm -rf debian/$(PMX_HEADER_PKG)
mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
make -C $(KERNEL_SRC_COPY) mrproper
cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \
rm -rf debian/${PVE_HEADER_PKG}
mkdir -p debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
install -m 0644 ${KERNEL_SRC}/.config debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
make -C ${KERNEL_SRC_COPY} mrproper
cd ${KERNEL_SRC_COPY}; find . -path './debian/*' -prune \
-o -path './include/*' -prune \
-o -path './Documentation' -prune \
-o -path './scripts' -prune \
@@ -263,40 +254,40 @@ endif
-o -name '*.sh' \
-o -name '*.pl' \
\) \
-print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
cd $(KERNEL_SRC_COPY); \
-print | cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
cd ${KERNEL_SRC_COPY}; \
( \
find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \
find arch/${KERNEL_HEADER_ARCH} -name include -type d -print | \
xargs -n1 -i: find : -type f \
) | \
cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
cpio -pd --preserve-modification-time ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
touch $@
.headers_compile_mark: .headers_prepare_mark
# set output to subdir of source to reduce number of hardcoded paths in output files
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config
$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)
rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
mkdir -p ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}
cp ${KERNEL_SRC}/.config ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/.config
${MAKE} -C ${KERNEL_SRC_COPY} O=${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -j1 syncconfig modules_prepare prepare scripts
cd ${KERNEL_SRC_COPY}; cp -a include scripts ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
find ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG} -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
rsync --ignore-existing -r -v -a $(addprefix ${BUILD_DIR}/${KERNEL_SRC_COPY}/${PVE_HEADER_PKG}/,arch include kernel scripts tools) ${BUILD_DIR}/debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/
rm -rf ${BUILD_DIR}/${KERNEL_SRC_COPY}
touch $@
.headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)
ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build
cp ${KERNEL_SRC}/include/generated/compile.h debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/include/generated/compile.h
install -m 0644 ${KERNEL_SRC}/Module.symvers debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}
mkdir -p debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}
ln -sf /usr/src/linux-headers-${KVNAME} debian/${PVE_HEADER_PKG}/lib/modules/${KVNAME}/build
touch $@
.usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG)
.usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr
.usr_headers_install_mark: PKG_DIR = debian/${PVE_USR_HEADER_PKG}
.usr_headers_install_mark: OUT_DIR = ${PKG_DIR}/usr
.usr_headers_install_mark: .config_mark
rm -rf '$(PKG_DIR)'
mkdir -p '$(PKG_DIR)'
$(MAKE) -C $(KERNEL_SRC) headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
rm -rf '${PKG_DIR}'
mkdir -p '${PKG_DIR}'
$(MAKE) -C ${KERNEL_SRC} headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi
find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} +
@@ -307,36 +298,43 @@ endif
mv $(OUT_DIR)/include/arch $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
touch $@
.modules_compile_mark: $(MODULES)/zfs.ko
.modules_compile_mark: ${MODULES}/zfs.ko
touch $@
$(MODULES)/zfs.ko: .compile_mark
cd $(MODULES)/$(ZFSDIR); ./autogen.sh
cd $(MODULES)/$(ZFSDIR); ./configure --with-config=kernel --with-linux=$(BUILD_DIR)/$(KERNEL_SRC) --with-linux-obj=$(BUILD_DIR)/$(KERNEL_SRC)
$(MAKE) -C $(MODULES)/$(ZFSDIR)
cp $(MODULES)/$(ZFSDIR)/module/zfs.ko $(MODULES)/
cp $(MODULES)/$(ZFSDIR)/module/spl.ko $(MODULES)/
${MODULES}/zfs.ko: .compile_mark
cd ${MODULES}/${ZFSDIR}; ./autogen.sh
cd ${MODULES}/${ZFSDIR}; ./configure --with-config=kernel --with-linux=${BUILD_DIR}/${KERNEL_SRC} --with-linux-obj=${BUILD_DIR}/${KERNEL_SRC}
${MAKE} -C ${MODULES}/${ZFSDIR}
cp ${MODULES}/${ZFSDIR}/module/avl/zavl.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/nvpair/znvpair.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/unicode/zunicode.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/zcommon/zcommon.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/icp/icp.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/zfs/zfs.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/lua/zlua.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/spl/spl.ko ${MODULES}/
cp ${MODULES}/${ZFSDIR}/module/zstd/zzstd.ko ${MODULES}/
fwlist-$(KVNAME): .compile_mark .modules_compile_mark
debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
fwlist-${KVNAME}: .compile_mark .modules_compile_mark
debian/scripts/find-firmware.pl debian/${PVE_KERNEL_PKG}/lib/modules/${KVNAME} >fwlist.tmp
mv fwlist.tmp $@
.PHONY: fwcheck
fwcheck: fwlist-$(KVNAME) fwlist-previous
fwcheck: fwlist-${KVNAME} fwlist-previous
@echo "checking fwlist for changes since last built firmware package.."
@echo "if this check fails, add fwlist-$(KVNAME) to the pve-firmware repository and upload a new firmware package together with the $(KVNAME) kernel"
@echo "if this check fails, add fwlist-${KVNAME} to the pve-firmware repository and upload a new firmware package together with the ${KVNAME} kernel"
sort fwlist-previous | uniq > fwlist-previous.sorted
sort fwlist-$(KVNAME) | uniq > fwlist-$(KVNAME).sorted
diff -up -N fwlist-previous.sorted fwlist-$(KVNAME).sorted > fwlist.diff
rm fwlist.diff fwlist-previous.sorted fwlist-$(KVNAME).sorted
sort fwlist-${KVNAME} | uniq > fwlist-${KVNAME}.sorted
diff -up -N fwlist-previous.sorted fwlist-${KVNAME}.sorted > fwlist.diff
rm fwlist.diff fwlist-previous.sorted fwlist-${KVNAME}.sorted
@echo "done, no need to rebuild pve-firmware"
abi-$(KVNAME): .compile_mark
debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)
abi-${KVNAME}: .compile_mark
debian/scripts/abi-generate debian/${PVE_HEADER_PKG}/usr/src/linux-headers-${KVNAME}/Module.symvers abi-${KVNAME} ${KVNAME}
.PHONY: abicheck
abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist
debian/scripts/abi-check abi-$(KVNAME) abi-prev-* $(SKIPABI)
abicheck: debian/scripts/abi-check abi-${KVNAME} abi-prev-* abi-blacklist
debian/scripts/abi-check abi-${KVNAME} abi-prev-* ${SKIPABI}
.PHONY: clean
debian/scripts/abi-check
Vendored
+111 -107
View File
@@ -1,7 +1,4 @@
#!/usr/bin/perl
use strict;
use warnings;
#!/usr/bin/perl -w
my $abinew = shift;
my $abiold = shift;
@@ -25,30 +22,30 @@ my $count;
print "II: Checking ABI...\n";
if ($skipabi) {
print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
$fail_exit = 0;
$abiskip = 1;
$EE = "WW:";
print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
$fail_exit = 0;
$abiskip = 1;
$EE = "WW:";
}
if ($prev_abistr ne $abistr) {
print "II: Different ABI's, running in no-fail mode\n";
$fail_exit = 0;
$EE = "WW:";
print "II: Different ABI's, running in no-fail mode\n";
$fail_exit = 0;
$EE = "WW:";
}
if (not -f "$abinew" or not -f "$abiold") {
print "EE: Previous or current ABI file missing!\n";
print " $abinew\n" if not -f "$abinew";
print " $abiold\n" if not -f "$abiold";
print "EE: Previous or current ABI file missing!\n";
print " $abinew\n" if not -f "$abinew";
print " $abiold\n" if not -f "$abiold";
# Exit if the ABI files are missing, but return status based on whether
# skip ABI was indicated.
if ("$abiskip" eq "1") {
exit(0);
} else {
exit(1);
}
# Exit if the ABI files are missing, but return status based on whether
# skip ABI was indicated.
if ("$abiskip" eq "1") {
exit(0);
} else {
exit(1);
}
}
my %symbols;
@@ -60,97 +57,101 @@ my %module_syms;
my $ignore = 0;
print " Reading symbols/modules to ignore...";
for my $file ("abi-blacklist") {
next if !-f $file;
open(my $IGNORE_FH, '<', $file) or die "Could not open $file - $!";
while (<$IGNORE_FH>) {
chomp;
if ($_ =~ m/M: (.*)/) {
$modules_ignore{$1} = 1;
} else {
$symbols_ignore{$_} = 1;
for $file ("abi-blacklist") {
if (-f $file) {
open(IGNORE, "< $file") or
die "Could not open $file";
while (<IGNORE>) {
chomp;
if ($_ =~ m/M: (.*)/) {
$modules_ignore{$1} = 1;
} else {
$symbols_ignore{$_} = 1;
}
$ignore++;
}
close(IGNORE);
}
$ignore++;
}
close($IGNORE_FH);
}
print "read $ignore symbols/modules.\n";
sub is_ignored($$) {
my ($mod, $sym) = @_;
my ($mod, $sym) = @_;
die "Missing module name in is_ignored()" if not defined($mod);
die "Missing symbol name in is_ignored()" if not defined($sym);
die "Missing module name in is_ignored()" if not defined($mod);
die "Missing symbol name in is_ignored()" if not defined($sym);
if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
return 1;
}
return 0;
if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
return 1;
}
return 0;
}
# Read new syms first
print " Reading new symbols ($abistr)...";
$count = 0;
open(my $NEW_FH, '<', $abinew) or die "Could not open $abinew - $!";
while (<$NEW_FH>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'type'} = $1;
$symbols{$4}{'loc'} = $2;
$symbols{$4}{'hash'} = $3;
$module_syms{$2} = 0;
$count++;
open(NEW, "< $abinew") or
die "Could not open $abinew";
while (<NEW>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'type'} = $1;
$symbols{$4}{'loc'} = $2;
$symbols{$4}{'hash'} = $3;
$module_syms{$2} = 0;
$count++;
}
close($NEW_FH);
close(NEW);
print "read $count symbols.\n";
# Now the old symbols, checking for missing ones
print " Reading old symbols...";
$count = 0;
open(my $OLD_FH, '<', $abiold) or die "Could not open $abiold - $!";
while (<$OLD_FH>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'old_type'} = $1;
$symbols{$4}{'old_loc'} = $2;
$symbols{$4}{'old_hash'} = $3;
$count++;
open(OLD, "< $abiold") or
die "Could not open $abiold";
while (<OLD>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'old_type'} = $1;
$symbols{$4}{'old_loc'} = $2;
$symbols{$4}{'old_hash'} = $3;
$count++;
}
close($OLD_FH);
close(OLD);
print "read $count symbols.\n";
print "II: Checking for missing symbols in new ABI...";
$count = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'type'})) {
print "\n" if not $count;
printf(" MISS : %s%s\n", $sym, is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
}
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'type'})) {
print "\n" if not $count;
printf(" MISS : %s%s\n", $sym,
is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
}
}
print " " if $count;
print "found $count missing symbols\n";
if ($count) {
print "$EE Symbols gone missing (what did you do!?!)\n";
$errors++;
print "$EE Symbols gone missing (what did you do!?!)\n";
$errors++;
}
print "II: Checking for new symbols in new ABI...";
$count = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'})) {
print "\n" if not $count;
print " NEW : $sym\n";
$count++;
}
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'})) {
print "\n" if not $count;
print " NEW : $sym\n";
$count++;
}
}
print " " if $count;
print "found $count new symbols\n";
if ($count) {
print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
}
print "II: Checking for changes to ABI...\n";
@@ -158,34 +159,37 @@ $count = 0;
my $moved = 0;
my $changed_type = 0;
my $changed_hash = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'}) or !defined($symbols{$sym}{'type'})) {
next;
}
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'}) or
!defined($symbols{$sym}{'type'})) {
next;
}
# Changes in location don't hurt us, but log it anyway
if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
printf(" MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'}, $symbols{$sym}{'loc'});
$moved++;
}
# Changes in location don't hurt us, but log it anyway
if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
printf(" MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'},
$symbols{$sym}{'loc'});
$moved++;
}
# Changes to export type are only bad if new type isn't
# EXPORT_SYMBOL. Changing things to GPL are bad.
if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
printf(" TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL" and !is_ignored($symbols{$sym}{'loc'}, $sym);
}
# Changes to export type are only bad if new type isn't
# EXPORT_SYMBOL. Changing things to GPL are bad.
if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
printf(" TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL"
and !is_ignored($symbols{$sym}{'loc'}, $sym);
}
# Changes to the hash are always bad
if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
printf(" HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
$module_syms{$symbols{$sym}{'loc'}}++;
}
# Changes to the hash are always bad
if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
printf(" HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
$module_syms{$symbols{$sym}{'loc'}}++;
}
}
print "WW: $moved symbols changed location\n" if $moved;
@@ -194,17 +198,17 @@ print "$EE $changed_hash symbols changed hash and weren't ignored\n" if $changed
$errors++ if $changed_hash or $changed_type;
if ($changed_hash) {
print "II: Module hash change summary...\n";
for my $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
next if ! $module_syms{$mod};
printf(" %-40s: %d\n", $mod, $module_syms{$mod});
}
print "II: Module hash change summary...\n";
foreach $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
next if ! $module_syms{$mod};
printf(" %-40s: %d\n", $mod, $module_syms{$mod});
}
}
print "II: Done\n";
if ($errors) {
exit($fail_exit);
exit($fail_exit);
} else {
exit(0);
exit(0);
}
debian/scripts/abi-generate
Vendored
+3 -6
View File
@@ -1,11 +1,8 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
use PVE::Tools;
use PVE::Tools ();
use IO::File ();
use IO::File;
sub usage {
die "USAGE: $0 INFILE OUTFILE [ABI INFILE-IS-DEB]\n";
debian/scripts/find-firmware.pl
Vendored
+7 -8
View File
@@ -1,7 +1,6 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
my $dir = shift;
@@ -13,21 +12,21 @@ warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\
my $apiver = $2;
open(my $FIND_KO_FH, "find '$dir' -name '*.ko'|");
while (defined(my $fn = <$FIND_KO_FH>)) {
open(TMP, "find '$dir' -name '*.ko'|");
while (defined(my $fn = <TMP>)) {
chomp $fn;
my $relfn = $fn;
$relfn =~ s|^$dir/*||;
my $cmd = "/sbin/modinfo -F firmware '$fn'";
open(my $MOD_FH, "$cmd|");
while (defined(my $fw = <$MOD_FH>)) {
open(MOD, "$cmd|");
while (defined(my $fw = <MOD>)) {
chomp $fw;
print "$fw $relfn\n";
}
close($MOD_FH);
close(MOD);
}
close($FIND_KO_FH);
close TMP;
exit 0;
debian/signing-template/control.in
Vendored
+6 -6
View File
@@ -1,24 +1,24 @@
Source: proxmox-kernel-signed-@KVMAJMIN@
Source: pve-kernel-signed
Section: kernel
Priority: optional
Maintainer: Proxmox Support Team <support@proxmox.com>
Standards-Version: 4.2.0
Build-Depends: debhelper-compat (= 12), dh-exec, python3:any, rsync, sbsigntool, proxmox-kernel-@KVNAME@ (= @UNSIGNED_VERSION@)
Build-Depends: debhelper-compat (= 12), dh-exec, python3:any, rsync, sbsigntool, pve-kernel-@KVNAME@ (= @UNSIGNED_VERSION@)
Rules-Requires-Root: no
Vcs-Git: git://git.proxmox.com/git/pve-kernel
Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
Package: proxmox-kernel-@KVNAME@-signed
Package: pve-kernel-@KVNAME@-signed
Section: admin
Priority: optional
Architecture: any
Provides: linux-image-@KVNAME@-amd64, proxmox-kernel-@KVNAME@
Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
Depends: ${unsigned:Depends}, ${misc:Depends}
Recommends: ${unsigned:Recommends}
Suggests: ${unsigned:Suggests}
Breaks: ${unsigned:Breaks}
Conflicts: proxmox-kernel-@KVNAME@
Replaces: proxmox-kernel-@KVNAME@
Conflicts: pve-kernel-@KVNAME@
Replaces: pve-kernel-@KVNAME@
Description: ${unsigned:DescriptionShort} (signed)
${unsigned:DescriptionLong}
.
debian/signing-template/files.json.in
Vendored
+1 -1
View File
@@ -1,6 +1,6 @@
{
"packages": {
"proxmox-kernel-@KVNAME@": {
"pve-kernel-@KVNAME@": {
"trusted_certs": [],
"files": [
{
debian/signing-template/rules.in
Vendored
+1 -1
View File
@@ -7,7 +7,7 @@ export DH_OPTIONS
include /usr/share/dpkg/architecture.mk
KERNEL_VERSION=@KVNAME@
IMAGE_PACKAGE_NAME=proxmox-kernel-$(KERNEL_VERSION)
IMAGE_PACKAGE_NAME=pve-kernel-$(KERNEL_VERSION)
PACKAGE_NAME=$(IMAGE_PACKAGE_NAME)-signed
PACKAGE_VERSION=@PKG_VERSION@
PACKAGE_DIR=debian/$(PACKAGE_NAME)
debian/source/lintian-overrides
Vendored
-2
View File
@@ -1,2 +0,0 @@
debian-control-has-dbgsym-package (in section for proxmox-kernel-*-pve-dbgsym) Package [debian/control:*]
license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]
fwlist-previous
+313 -370
View File
File diff suppressed because it is too large Load Diff
patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch
+1 -1
View File
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init/Makefile b/init/Makefile
index cbac576c57d6..479b1253fcbe 100644
index 26de459006c4..3157d9c79901 100644
--- a/init/Makefile
+++ b/init/Makefile
@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC
patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+5 -5
View File
@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 111 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 90ddf08e8409..eedfabda597f 100644
index 2e77ecc12692..eae6fdc4c683 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4285,6 +4285,15 @@
@@ -4188,6 +4188,15 @@
Also, it enforces the PCI Local Bus spec
rule that those bits should be 0 in system reset
events (useful for kexec/kdump cases).
@@ -75,10 +75,10 @@ index 90ddf08e8409..eedfabda597f 100644
Safety option to keep boot IRQs enabled. This
should never be necessary.
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index c7a5718e5729..901f55b9ac64 100644
index 267e6002e29f..fac76ca1d16a 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
@@ -194,6 +194,106 @@ static int __init pci_apply_final_quirks(void)
}
fs_initcall_sync(pci_apply_final_quirks);
@@ -185,7 +185,7 @@ index c7a5718e5729..901f55b9ac64 100644
/*
* Decoding should be disabled for a PCI device during BAR sizing to avoid
* conflict. But doing so may cause problems on host bridge and perhaps other
@@ -5091,6 +5191,8 @@ static const struct pci_dev_acs_enabled {
@@ -4959,6 +5059,8 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
/* APM X-Gene */
{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch
+2 -2
View File
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 5bbb5612b207..691ce10e7647 100644
index 07aae60288f9..949b7204cf52 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
@@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644);
EXPORT_SYMBOL_GPL(halt_poll_ns);
/* Default doubles per-vcpu halt_poll_ns. */
patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
+2 -2
View File
@@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 4811937f572d..8850f9be9044 100644
index fce980d531bd..5079a3851798 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10355,7 +10355,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
@@ -10257,7 +10257,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
if (time_after(jiffies, warning_time +
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
list_for_each_entry(dev, list, todo_list) {
patches/kernel/0007-Revert-RDMA-irdma-Report-the-correct-link-speed.patch
+72
View File
@@ -0,0 +1,72 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Sat, 7 Jan 2023 13:48:41 +0100
Subject: [PATCH] Revert "RDMA/irdma: Report the correct link speed"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
seem to cause a regression with some NICs:
https://lore.kernel.org/netdev/CAK8fFZ6A_Gphw_3-QMGKEFQk=sfCw1Qmq0TVZK3rtAi7vb621A@mail.gmail.com/
This reverts commit e8553504e366c8a47d1f6156c30d6eb9778cda13.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
drivers/infiniband/hw/irdma/verbs.c | 35 ++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index f6973ea55eda..132fe91bb799 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -63,6 +63,36 @@ static int irdma_query_device(struct ib_device *ibdev,
return 0;
}
+/**
+ * irdma_get_eth_speed_and_width - Get IB port speed and width from netdev speed
+ * @link_speed: netdev phy link speed
+ * @active_speed: IB port speed
+ * @active_width: IB port width
+ */
+static void irdma_get_eth_speed_and_width(u32 link_speed, u16 *active_speed,
+ u8 *active_width)
+{
+ if (link_speed <= SPEED_1000) {
+ *active_width = IB_WIDTH_1X;
+ *active_speed = IB_SPEED_SDR;
+ } else if (link_speed <= SPEED_10000) {
+ *active_width = IB_WIDTH_1X;
+ *active_speed = IB_SPEED_FDR10;
+ } else if (link_speed <= SPEED_20000) {
+ *active_width = IB_WIDTH_4X;
+ *active_speed = IB_SPEED_DDR;
+ } else if (link_speed <= SPEED_25000) {
+ *active_width = IB_WIDTH_1X;
+ *active_speed = IB_SPEED_EDR;
+ } else if (link_speed <= SPEED_40000) {
+ *active_width = IB_WIDTH_4X;
+ *active_speed = IB_SPEED_FDR10;
+ } else {
+ *active_width = IB_WIDTH_4X;
+ *active_speed = IB_SPEED_EDR;
+ }
+}
+
/**
* irdma_query_port - get port attributes
* @ibdev: device pointer from stack
@@ -90,9 +120,8 @@ static int irdma_query_port(struct ib_device *ibdev, u32 port,
props->state = IB_PORT_DOWN;
props->phys_state = IB_PORT_PHYS_STATE_DISABLED;
}
-
- ib_get_eth_speed(ibdev, port, &props->active_speed,
- &props->active_width);
+ irdma_get_eth_speed_and_width(SPEED_100000, &props->active_speed,
+ &props->active_width);
if (rdma_protocol_roce(ibdev, 1)) {
props->gid_tbl_len = 32;
patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch → patches/kernel/0008-Revert-fortify-Do-not-cast-to-unsigned-char.patch
+2 -3
View File
@@ -10,13 +10,12 @@ This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
include/linux/fortify-string.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index da51a83b2829..9d9e7822eddf 100644
index 7cad8bb031e9..acc24887db3e 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
@@ -26,5 +25,5 @@ index da51a83b2829..9d9e7822eddf 100644
- char *__p = (char *)(p); \
+ unsigned char *__p = (unsigned char *)(p); \
size_t __ret = SIZE_MAX; \
const size_t __p_size = __member_size(p); \
size_t __p_size = __member_size(p); \
if (__p_size != SIZE_MAX && \
patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
-133
View File
@@ -1,133 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 14 Jul 2023 18:10:32 +0200
Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no
support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes live-migrations & snapshot-rollback of VMs with a restricted
CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox
VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0.
Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to
supported bits of XCR0") the PKRU bit of the host could leak into the
state from the guest, which caused trouble when migrating between
hosts with different CPUs, i.e., where the source supported it but
the target did not, causing a general protection fault when the guest
tried to use a pkru related instruction after the migration.
But the fix, while welcome, caused a temporary out-of-sync state when
migrating such a VM from a kernel without the fix to a kernel with
the fix, as it threw of KVM when the CPUID of the guest and most of
the state doesn't report XSAVE and thus any xfeatures, but PKRU and
the related state is set as enabled, causing the vCPU to spin at 100%
without any progress forever.
The fix could be at two sites, either in QEMU or in the kernel, I
choose the kernel as we have all the info there for a targeted
heuristic so that we don't have to adapt QEMU and qemu-server, the
latter even on both sides.
Still, a short summary of the possible fixes and short drawbacks:
* on QEMU-side either
- clear the PKRU state in the migration saved state would be rather
complicated to implement as the vCPU is initialised way before we
have the saved xfeature state available to check what we'd need
to do, plus the user-space only gets a memory blob from ioctl
KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are
no ABI guarantees, and while the struct seem stable for 5.15 to
6.5-rc1, that doesn't has to be for future kernels, so off the
table.
- enforce that the CPUID reports PKU support even if it normally
wouldn't. While this works (tested by hard-coding it as POC) it
is a) not really nice and b) needs some interaction from
qemu-server to enable this flag as otherwise we have no good info
to decide when it's OK to do this, which means we need to adapt
both PVE 7 and 8's qemu-server and also pve-qemu, workable but
not optimal
* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to
the KVM subsystem, which already reduces chance of regression for
all other places. There we have access to the union/struct
definitions of the saved state and thus can savely cast to that.
We also got access to the vCPU's CPUID capabilities, meaning we can
check if the XCR0 (first XSAVE Control Register) reports
that it support the PKRU feature, and if it does *NOT* but the
saved xfeatures register from XSAVE *DOES* report it, we can safely
assume that this combination is due to an migration from an older,
leaky kernel and clear the bit in the xfeature register before
restoring it to the guest vCPU KVM state, avoiding the confusing
situation that made the vCPU spin at 100%.
This should be safe to do, as the guest vCPU CPUID never reported
support for the PKRU feature, and it's also a relatively niche and
newish feature.
If it gains us something we can drop this patch a bit in the future
Proxmox VE 9 major release, but we should ensure that VMs that where
started before PVE 8 cannot be directly live-migrated to the release
that includes that change; so we should rather only drop it if the
maintenance burden is high.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
arch/x86/kvm/cpuid.c | 6 ++++++
arch/x86/kvm/cpuid.h | 2 ++
arch/x86/kvm/x86.c | 13 +++++++++++++
3 files changed, 21 insertions(+)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 7bdc66abfc92..e2b67975869c 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -249,6 +249,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
}
+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
+ u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
+ vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
+ return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
+}
+
static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
int nent)
{
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index b1658c0de847..12a02851ff57 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
u32 *ecx, u32 *edx, bool exact_only);
+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu);
+
u32 xstate_required_size(u64 xstate_bv, bool compacted);
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a5c8a01f7e7e..632d2d18041a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5426,6 +5426,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
return 0;
+ if (!vcpu_supports_xsave_pkru(vcpu)) {
+ void *buf = guest_xsave->region;
+ union fpregs_state *ustate = buf;
+ if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
+ printk(
+ KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d"
+ " reports no PKRU support - migration from fpu-leaky kernel?",
+ current->pid
+ );
+ ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU;
+ }
+ }
+
return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu,
guest_xsave->region,
kvm_caps.supported_xcr0,
patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
-43
View File
@@ -1,43 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: kiler129 <grzegorz@noflash.pl>
Date: Mon, 18 Sep 2023 15:19:26 +0200
Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
drivers/iommu/intel/iommu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8faccfdfe500..2b9ef40799a5 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -298,6 +298,7 @@ static int dmar_map_gfx = 1;
static int dmar_map_ipu = 1;
static int intel_iommu_superpage = 1;
static int iommu_identity_mapping;
+static int intel_relaxable_rmrr = 0;
static int iommu_skip_te_disable;
#define IDENTMAP_GFX 2
@@ -359,6 +360,9 @@ static int __init intel_iommu_setup(char *str)
} else if (!strncmp(str, "tboot_noforce", 13)) {
pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
intel_iommu_tboot_noforce = 1;
+ } else if (!strncmp(str, "relax_rmrr", 10)) {
+ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
+ intel_relaxable_rmrr = 1;
} else {
pr_notice("Unknown option - '%s'\n", str);
}
@@ -2506,7 +2510,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
return false;
pdev = to_pci_dev(dev);
- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
return true;
else
return false;
patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
-37
View File
@@ -1,37 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@google.com>
Date: Wed, 18 Oct 2023 12:41:04 -0700
Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
with a new, fresh ASID in vmcb02. Some modern hypervisors, e.g. VMWare
Workstation 17, require FLUSHBYASID support and will refuse to run if it's
not present.
Punt on proper support, as "Honor L1's request to flush an ASID on nested
VMRUN" is one of the TODO items in the (incomplete) list of issues that
need to be addressed in order for KVM to NOT do a full TLB flush on every
nested SVM transition (see nested_svm_transition_tlb_flush()).
Reported-by: Stefan Sterz <s.sterz@proxmox.com>
Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
arch/x86/kvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 99832814341c..e8bb2bfd1ba1 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4985,6 +4985,7 @@ static __init void svm_set_cpu_caps(void)
if (nested) {
kvm_cpu_cap_set(X86_FEATURE_SVM);
kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
+ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
if (nrips)
kvm_cpu_cap_set(X86_FEATURE_NRIPS);
patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
-44
View File
@@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Mon, 6 Nov 2023 10:17:02 +0100
Subject: [PATCH] revert "memfd: improve userspace warnings for missing
exec-related flags".
This warning is telling userspace developers to pass MFD_EXEC and
MFD_NOEXEC_SEAL to memfd_create(). Commit 434ed3350f57 ("memfd: improve
userspace warnings for missing exec-related flags") made the warning more
frequent and visible in the hope that this would accelerate the fixing of
errant userspace.
But the overall effect is to generate far too much dmesg noise.
Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags")
Reported-by: Damian Tometzki <dtometzki@fedoraproject.org>
Closes: https://lkml.kernel.org/r/ZPFzCSIgZ4QuHsSC@fedora.fritz.box
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Daniel Verkamp <dverkamp@chromium.org>
Cc: Jeff Xu <jeffxu@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 2562d67b1bdf91c7395b0225d60fdeb26b4bc5a0)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
mm/memfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memfd.c b/mm/memfd.c
index 2dba2cb6f0d0..1c077e98e116 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
}
if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) {
- pr_err_ratelimited(
+ pr_warn_once(
"%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n",
current->comm, task_pid_nr(current), sysctl);
return -EACCES;
patches/kernel/0012-drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Powe.patch
-146
View File
@@ -1,146 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Fri, 27 Oct 2023 16:40:47 -0400
Subject: [PATCH] drm/amd: Fix UBSAN array-index-out-of-bounds for Powerplay
headers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For pptable structs that use flexible array sizes, use flexible arrays.
Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039926
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry-picked from commit 49afe91370b86566857a3c2c39612cf098110885)
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
.../drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h | 4 ++--
.../amd/pm/powerplay/hwmgr/vega10_pptable.h | 24 +++++++++----------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
index e0e40b054c08..5ec564dbf339 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h
@@ -367,7 +367,7 @@ typedef struct _ATOM_Tonga_VCE_State_Record {
typedef struct _ATOM_Tonga_VCE_State_Table {
UCHAR ucRevId;
UCHAR ucNumEntries;
- ATOM_Tonga_VCE_State_Record entries[1];
+ ATOM_Tonga_VCE_State_Record entries[];
} ATOM_Tonga_VCE_State_Table;
typedef struct _ATOM_Tonga_PowerTune_Table {
@@ -482,7 +482,7 @@ typedef struct _ATOM_Tonga_Hard_Limit_Record {
typedef struct _ATOM_Tonga_Hard_Limit_Table {
UCHAR ucRevId;
UCHAR ucNumEntries;
- ATOM_Tonga_Hard_Limit_Record entries[1];
+ ATOM_Tonga_Hard_Limit_Record entries[];
} ATOM_Tonga_Hard_Limit_Table;
typedef struct _ATOM_Tonga_GPIO_Table {
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
index 9c479bd9a786..a372abcd01be 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_pptable.h
@@ -129,7 +129,7 @@ typedef struct _ATOM_Vega10_State {
typedef struct _ATOM_Vega10_State_Array {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_State states[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_State states[]; /* Dynamically allocate entries. */
} ATOM_Vega10_State_Array;
typedef struct _ATOM_Vega10_CLK_Dependency_Record {
@@ -169,37 +169,37 @@ typedef struct _ATOM_Vega10_GFXCLK_Dependency_Table {
typedef struct _ATOM_Vega10_MCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_MCLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_MCLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_MCLK_Dependency_Table;
typedef struct _ATOM_Vega10_SOCCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_SOCCLK_Dependency_Table;
typedef struct _ATOM_Vega10_DCEFCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_DCEFCLK_Dependency_Table;
typedef struct _ATOM_Vega10_PIXCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_PIXCLK_Dependency_Table;
typedef struct _ATOM_Vega10_DISPCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries.*/
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_DISPCLK_Dependency_Table;
typedef struct _ATOM_Vega10_PHYCLK_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries. */
- ATOM_Vega10_CLK_Dependency_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_CLK_Dependency_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_PHYCLK_Dependency_Table;
typedef struct _ATOM_Vega10_MM_Dependency_Record {
@@ -213,7 +213,7 @@ typedef struct _ATOM_Vega10_MM_Dependency_Record {
typedef struct _ATOM_Vega10_MM_Dependency_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries */
- ATOM_Vega10_MM_Dependency_Record entries[1]; /* Dynamically allocate entries */
+ ATOM_Vega10_MM_Dependency_Record entries[]; /* Dynamically allocate entries */
} ATOM_Vega10_MM_Dependency_Table;
typedef struct _ATOM_Vega10_PCIE_Record {
@@ -225,7 +225,7 @@ typedef struct _ATOM_Vega10_PCIE_Record {
typedef struct _ATOM_Vega10_PCIE_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries */
- ATOM_Vega10_PCIE_Record entries[1]; /* Dynamically allocate entries. */
+ ATOM_Vega10_PCIE_Record entries[]; /* Dynamically allocate entries. */
} ATOM_Vega10_PCIE_Table;
typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
@@ -235,7 +235,7 @@ typedef struct _ATOM_Vega10_Voltage_Lookup_Record {
typedef struct _ATOM_Vega10_Voltage_Lookup_Table {
UCHAR ucRevId;
UCHAR ucNumEntries; /* Number of entries */
- ATOM_Vega10_Voltage_Lookup_Record entries[1]; /* Dynamically allocate entries */
+ ATOM_Vega10_Voltage_Lookup_Record entries[]; /* Dynamically allocate entries */
} ATOM_Vega10_Voltage_Lookup_Table;
typedef struct _ATOM_Vega10_Fan_Table {
@@ -329,7 +329,7 @@ typedef struct _ATOM_Vega10_VCE_State_Table
{
UCHAR ucRevId;
UCHAR ucNumEntries;
- ATOM_Vega10_VCE_State_Record entries[1];
+ ATOM_Vega10_VCE_State_Record entries[];
} ATOM_Vega10_VCE_State_Table;
typedef struct _ATOM_Vega10_PowerTune_Table {
@@ -432,7 +432,7 @@ typedef struct _ATOM_Vega10_Hard_Limit_Table
{
UCHAR ucRevId;
UCHAR ucNumEntries;
- ATOM_Vega10_Hard_Limit_Record entries[1];
+ ATOM_Vega10_Hard_Limit_Record entries[];
} ATOM_Vega10_Hard_Limit_Table;
typedef struct _Vega10_PPTable_Generic_SubTable_Header
patches/kernel/0013-ext4-fallback-to-complex-scan-if-aligned-scan-doesn-.patch
-56
View File
@@ -1,56 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Date: Fri, 15 Dec 2023 16:49:50 +0530
Subject: [PATCH] ext4: fallback to complex scan if aligned scan doesn't work
Currently in case the goal length is a multiple of stripe size we use
ext4_mb_scan_aligned() to find the stripe size aligned physical blocks.
In case we are not able to find any, we again go back to calling
ext4_mb_choose_next_group() to search for a different suitable block
group. However, since the linear search always begins from the start,
most of the times we end up with the same BG and the cycle continues.
With large fliesystems, the CPU can be stuck in this loop for hours
which can slow down the whole system. Hence, until we figure out a
better way to continue the search (rather than starting from beginning)
in ext4_mb_choose_next_group(), lets just fallback to
ext4_mb_complex_scan_group() in case aligned scan fails, as it is much
more likely to find the needed blocks.
Signed-off-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
---
fs/ext4/mballoc.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 2690d47a9ea2..9ff8ea02f79d 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -2894,14 +2894,19 @@ ext4_mb_regular_allocator(struct ext4_allocation_context *ac)
ac->ac_groups_scanned++;
if (cr == CR_POWER2_ALIGNED)
ext4_mb_simple_scan_group(ac, &e4b);
- else if ((cr == CR_GOAL_LEN_FAST ||
- cr == CR_BEST_AVAIL_LEN) &&
- sbi->s_stripe &&
- !(ac->ac_g_ex.fe_len %
- EXT4_B2C(sbi, sbi->s_stripe)))
- ext4_mb_scan_aligned(ac, &e4b);
- else
- ext4_mb_complex_scan_group(ac, &e4b);
+ else {
+ bool is_stripe_aligned = sbi->s_stripe &&
+ !(ac->ac_g_ex.fe_len %
+ EXT4_B2C(sbi, sbi->s_stripe));
+
+ if ((cr == CR_GOAL_LEN_FAST ||
+ cr == CR_BEST_AVAIL_LEN) &&
+ is_stripe_aligned)
+ ext4_mb_scan_aligned(ac, &e4b);
+
+ if (ac->ac_status == AC_STATUS_CONTINUE)
+ ext4_mb_complex_scan_group(ac, &e4b);
+ }
ext4_unlock_group(sb, group);
ext4_mb_unload_buddy(&e4b);
patches/kernel/0014-Revert-cifs-fix-flushing-folio-regression-for-6.1-ba.patch
-23
View File
@@ -1,23 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Wed, 3 Apr 2024 10:29:59 +0200
Subject: [PATCH] Revert "cifs: fix flushing folio regression for 6.1 backport"
This reverts commit 2dc07a11e269bfbe5589e99b60cdbae0118be979.
---
fs/smb/client/cifsfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/cifsfs.c b/fs/smb/client/cifsfs.c
index 55a6d0296ec82..82313b2534631 100644
--- a/fs/smb/client/cifsfs.c
+++ b/fs/smb/client/cifsfs.c
@@ -1245,7 +1245,7 @@ static int cifs_flush_folio(struct inode *inode, loff_t pos, loff_t *_fstart, lo
int rc = 0;
folio = filemap_get_folio(inode->i_mapping, index);
- if (!folio)
+ if (IS_ERR(folio))
return 0;
size = folio_size(folio);
patches/kernel/0014-Revert-thermal-trip-Drop-lockdep-assertion-from-ther.patch
-24
View File
@@ -1,24 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Thu, 4 Apr 2024 11:41:15 +0200
Subject: [PATCH] Revert "thermal: trip: Drop lockdep assertion from
thermal_zone_trip_id()"
This reverts commit c723c4fca6d2db3815623ff4dc0ea51667b56b89.
---
drivers/thermal/thermal_trip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/thermal/thermal_trip.c b/drivers/thermal/thermal_trip.c
index 68bea8706c597..1d4fe63e09f77 100644
--- a/drivers/thermal/thermal_trip.c
+++ b/drivers/thermal/thermal_trip.c
@@ -201,6 +201,8 @@ int thermal_zone_trip_id(struct thermal_zone_device *tz,
{
int i;
+ lockdep_assert_held(&tz->lock);
+
for (i = 0; i < tz->num_trips; i++) {
if (&tz->trips[i] == trip)
return i;
patches/kernel/0015-Revert-thermal-core-Store-trip-pointer-in-struct-the.patch
-343
View File
@@ -1,343 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Thu, 4 Apr 2024 11:41:17 +0200
Subject: [PATCH] Revert "thermal: core: Store trip pointer in struct
thermal_instance"
This reverts commit 643b451957369f28b7770af387d14d4e4712074b.
---
drivers/thermal/gov_bang_bang.c | 23 +++++++++++++++--------
drivers/thermal/gov_fair_share.c | 5 ++---
drivers/thermal/gov_power_allocator.c | 11 +++--------
drivers/thermal/gov_step_wise.c | 16 +++++++++-------
drivers/thermal/thermal_core.c | 15 +++++----------
drivers/thermal/thermal_core.h | 4 +---
drivers/thermal/thermal_helpers.c | 5 +----
drivers/thermal/thermal_sysfs.c | 3 +--
drivers/thermal/thermal_trip.c | 15 ---------------
9 files changed, 37 insertions(+), 60 deletions(-)
diff --git a/drivers/thermal/gov_bang_bang.c b/drivers/thermal/gov_bang_bang.c
index 49cdfaa3a9279..1b121066521ff 100644
--- a/drivers/thermal/gov_bang_bang.c
+++ b/drivers/thermal/gov_bang_bang.c
@@ -13,21 +13,28 @@
#include "thermal_core.h"
-static int thermal_zone_trip_update(struct thermal_zone_device *tz, int trip_index)
+static int thermal_zone_trip_update(struct thermal_zone_device *tz, int trip_id)
{
- const struct thermal_trip *trip = &tz->trips[trip_index];
+ struct thermal_trip trip;
struct thermal_instance *instance;
+ int ret;
+
+ ret = __thermal_zone_get_trip(tz, trip_id, &trip);
+ if (ret) {
+ pr_warn_once("Failed to retrieve trip point %d\n", trip_id);
+ return ret;
+ }
- if (!trip->hysteresis)
+ if (!trip.hysteresis)
dev_info_once(&tz->device,
"Zero hysteresis value for thermal zone %s\n", tz->type);
dev_dbg(&tz->device, "Trip%d[temp=%d]:temp=%d:hyst=%d\n",
- trip_index, trip->temperature, tz->temperature,
- trip->hysteresis);
+ trip_id, trip.temperature, tz->temperature,
+ trip.hysteresis);
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
- if (instance->trip != trip)
+ if (instance->trip != trip_id)
continue;
/* in case fan is in initial state, switch the fan off */
@@ -45,10 +52,10 @@ static int thermal_zone_trip_update(struct thermal_zone_device *tz, int trip_ind
* enable fan when temperature exceeds trip_temp and disable
* the fan in case it falls below trip_temp minus hysteresis
*/
- if (instance->target == 0 && tz->temperature >= trip->temperature)
+ if (instance->target == 0 && tz->temperature >= trip.temperature)
instance->target = 1;
else if (instance->target == 1 &&
- tz->temperature <= trip->temperature - trip->hysteresis)
+ tz->temperature <= trip.temperature - trip.hysteresis)
instance->target = 0;
dev_dbg(&instance->cdev->device, "target=%d\n",
diff --git a/drivers/thermal/gov_fair_share.c b/drivers/thermal/gov_fair_share.c
index 2abeb8979f500..03c2daeb6ee8b 100644
--- a/drivers/thermal/gov_fair_share.c
+++ b/drivers/thermal/gov_fair_share.c
@@ -49,7 +49,7 @@ static long get_target_state(struct thermal_zone_device *tz,
/**
* fair_share_throttle - throttles devices associated with the given zone
* @tz: thermal_zone_device
- * @trip_index: trip point index
+ * @trip: trip point index
*
* Throttling Logic: This uses three parameters to calculate the new
* throttle state of the cooling devices associated with the given zone.
@@ -65,9 +65,8 @@ static long get_target_state(struct thermal_zone_device *tz,
* (Heavily assumes the trip points are in ascending order)
* new_state of cooling device = P3 * P2 * P1
*/
-static int fair_share_throttle(struct thermal_zone_device *tz, int trip_index)
+static int fair_share_throttle(struct thermal_zone_device *tz, int trip)
{
- const struct thermal_trip *trip = &tz->trips[trip_index];
struct thermal_instance *instance;
int total_weight = 0;
int total_instance = 0;
diff --git a/drivers/thermal/gov_power_allocator.c b/drivers/thermal/gov_power_allocator.c
index fc969642f70b7..fb311339bd08f 100644
--- a/drivers/thermal/gov_power_allocator.c
+++ b/drivers/thermal/gov_power_allocator.c
@@ -90,14 +90,12 @@ static u32 estimate_sustainable_power(struct thermal_zone_device *tz)
u32 sustainable_power = 0;
struct thermal_instance *instance;
struct power_allocator_params *params = tz->governor_data;
- const struct thermal_trip *trip_max_desired_temperature =
- &tz->trips[params->trip_max_desired_temperature];
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
struct thermal_cooling_device *cdev = instance->cdev;
u32 min_power;
- if (instance->trip != trip_max_desired_temperature)
+ if (instance->trip != params->trip_max_desired_temperature)
continue;
if (!cdev_is_power_actor(cdev))
@@ -385,13 +383,12 @@ static int allocate_power(struct thermal_zone_device *tz,
{
struct thermal_instance *instance;
struct power_allocator_params *params = tz->governor_data;
- const struct thermal_trip *trip_max_desired_temperature =
- &tz->trips[params->trip_max_desired_temperature];
u32 *req_power, *max_power, *granted_power, *extra_actor_power;
u32 *weighted_req_power;
u32 total_req_power, max_allocatable_power, total_weighted_req_power;
u32 total_granted_power, power_range;
int i, num_actors, total_weight, ret = 0;
+ int trip_max_desired_temperature = params->trip_max_desired_temperature;
num_actors = 0;
total_weight = 0;
@@ -567,14 +564,12 @@ static void allow_maximum_power(struct thermal_zone_device *tz, bool update)
{
struct thermal_instance *instance;
struct power_allocator_params *params = tz->governor_data;
- const struct thermal_trip *trip_max_desired_temperature =
- &tz->trips[params->trip_max_desired_temperature];
u32 req_power;
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
struct thermal_cooling_device *cdev = instance->cdev;
- if ((instance->trip != trip_max_desired_temperature) ||
+ if ((instance->trip != params->trip_max_desired_temperature) ||
(!cdev_is_power_actor(instance->cdev)))
continue;
diff --git a/drivers/thermal/gov_step_wise.c b/drivers/thermal/gov_step_wise.c
index 849dc1ec8d27c..1050fb4d94c2d 100644
--- a/drivers/thermal/gov_step_wise.c
+++ b/drivers/thermal/gov_step_wise.c
@@ -81,24 +81,26 @@ static void update_passive_instance(struct thermal_zone_device *tz,
static void thermal_zone_trip_update(struct thermal_zone_device *tz, int trip_id)
{
- const struct thermal_trip *trip = &tz->trips[trip_id];
enum thermal_trend trend;
struct thermal_instance *instance;
+ struct thermal_trip trip;
bool throttle = false;
int old_target;
+ __thermal_zone_get_trip(tz, trip_id, &trip);
+
trend = get_tz_trend(tz, trip_id);
- if (tz->temperature >= trip->temperature) {
+ if (tz->temperature >= trip.temperature) {
throttle = true;
- trace_thermal_zone_trip(tz, trip_id, trip->type);
+ trace_thermal_zone_trip(tz, trip_id, trip.type);
}
dev_dbg(&tz->device, "Trip%d[type=%d,temp=%d]:trend=%d,throttle=%d\n",
- trip_id, trip->type, trip->temperature, trend, throttle);
+ trip_id, trip.type, trip.temperature, trend, throttle);
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
- if (instance->trip != trip)
+ if (instance->trip != trip_id)
continue;
old_target = instance->target;
@@ -112,11 +114,11 @@ static void thermal_zone_trip_update(struct thermal_zone_device *tz, int trip_id
/* Activate a passive thermal instance */
if (old_target == THERMAL_NO_TARGET &&
instance->target != THERMAL_NO_TARGET)
- update_passive_instance(tz, trip->type, 1);
+ update_passive_instance(tz, trip.type, 1);
/* Deactivate a passive thermal instance */
else if (old_target != THERMAL_NO_TARGET &&
instance->target == THERMAL_NO_TARGET)
- update_passive_instance(tz, trip->type, -1);
+ update_passive_instance(tz, trip.type, -1);
instance->initialized = true;
mutex_lock(&instance->cdev->lock);
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index c066c09555667..69cff5fc32156 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -582,7 +582,7 @@ struct thermal_zone_device *thermal_zone_get_by_id(int id)
/**
* thermal_zone_bind_cooling_device() - bind a cooling device to a thermal zone
* @tz: pointer to struct thermal_zone_device
- * @trip_index: indicates which trip point the cooling devices is
+ * @trip: indicates which trip point the cooling devices is
* associated with in this thermal zone.
* @cdev: pointer to struct thermal_cooling_device
* @upper: the Maximum cooling state for this trip point.
@@ -602,7 +602,7 @@ struct thermal_zone_device *thermal_zone_get_by_id(int id)
* Return: 0 on success, the proper error value otherwise.
*/
int thermal_zone_bind_cooling_device(struct thermal_zone_device *tz,
- int trip_index,
+ int trip,
struct thermal_cooling_device *cdev,
unsigned long upper, unsigned long lower,
unsigned int weight)
@@ -611,15 +611,12 @@ int thermal_zone_bind_cooling_device(struct thermal_zone_device *tz,
struct thermal_instance *pos;
struct thermal_zone_device *pos1;
struct thermal_cooling_device *pos2;
- const struct thermal_trip *trip;
bool upper_no_limit;
int result;
- if (trip_index >= tz->num_trips || trip_index < 0)
+ if (trip >= tz->num_trips || trip < 0)
return -EINVAL;
- trip = &tz->trips[trip_index];
-
list_for_each_entry(pos1, &thermal_tz_list, node) {
if (pos1 == tz)
break;
@@ -724,7 +721,7 @@ EXPORT_SYMBOL_GPL(thermal_zone_bind_cooling_device);
* thermal_zone_unbind_cooling_device() - unbind a cooling device from a
* thermal zone.
* @tz: pointer to a struct thermal_zone_device.
- * @trip_index: indicates which trip point the cooling devices is
+ * @trip: indicates which trip point the cooling devices is
* associated with in this thermal zone.
* @cdev: pointer to a struct thermal_cooling_device.
*
@@ -735,15 +732,13 @@ EXPORT_SYMBOL_GPL(thermal_zone_bind_cooling_device);
* Return: 0 on success, the proper error value otherwise.
*/
int thermal_zone_unbind_cooling_device(struct thermal_zone_device *tz,
- int trip_index,
+ int trip,
struct thermal_cooling_device *cdev)
{
struct thermal_instance *pos, *next;
- const struct thermal_trip *trip;
mutex_lock(&tz->lock);
mutex_lock(&cdev->lock);
- trip = &tz->trips[trip_index];
list_for_each_entry_safe(pos, next, &tz->thermal_instances, tz_node) {
if (pos->tz == tz && pos->trip == trip && pos->cdev == cdev) {
list_del(&pos->tz_node);
diff --git a/drivers/thermal/thermal_core.h b/drivers/thermal/thermal_core.h
index a33b389bbcfe8..17c1bbed734d3 100644
--- a/drivers/thermal/thermal_core.h
+++ b/drivers/thermal/thermal_core.h
@@ -91,7 +91,7 @@ struct thermal_instance {
char name[THERMAL_NAME_LENGTH];
struct thermal_zone_device *tz;
struct thermal_cooling_device *cdev;
- const struct thermal_trip *trip;
+ int trip;
bool initialized;
unsigned long upper; /* Highest cooling state for this trip point */
unsigned long lower; /* Lowest cooling state for this trip point */
@@ -123,8 +123,6 @@ void __thermal_zone_device_update(struct thermal_zone_device *tz,
void __thermal_zone_set_trips(struct thermal_zone_device *tz);
int __thermal_zone_get_trip(struct thermal_zone_device *tz, int trip_id,
struct thermal_trip *trip);
-int thermal_zone_trip_id(struct thermal_zone_device *tz,
- const struct thermal_trip *trip);
int __thermal_zone_get_temp(struct thermal_zone_device *tz, int *temp);
/* sysfs I/F */
diff --git a/drivers/thermal/thermal_helpers.c b/drivers/thermal/thermal_helpers.c
index 421ed301541e1..cfba0965a22da 100644
--- a/drivers/thermal/thermal_helpers.c
+++ b/drivers/thermal/thermal_helpers.c
@@ -41,17 +41,14 @@ int get_tz_trend(struct thermal_zone_device *tz, int trip)
struct thermal_instance *
get_thermal_instance(struct thermal_zone_device *tz,
- struct thermal_cooling_device *cdev, int trip_index)
+ struct thermal_cooling_device *cdev, int trip)
{
struct thermal_instance *pos = NULL;
struct thermal_instance *target_instance = NULL;
- const struct thermal_trip *trip;
mutex_lock(&tz->lock);
mutex_lock(&cdev->lock);
- trip = &tz->trips[trip_index];
-
list_for_each_entry(pos, &tz->thermal_instances, tz_node) {
if (pos->tz == tz && pos->trip == trip && pos->cdev == cdev) {
target_instance = pos;
diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c
index eef40d4f30639..4e6a97db894e9 100644
--- a/drivers/thermal/thermal_sysfs.c
+++ b/drivers/thermal/thermal_sysfs.c
@@ -943,8 +943,7 @@ trip_point_show(struct device *dev, struct device_attribute *attr, char *buf)
instance =
container_of(attr, struct thermal_instance, attr);
- return sprintf(buf, "%d\n",
- thermal_zone_trip_id(instance->tz, instance->trip));
+ return sprintf(buf, "%d\n", instance->trip);
}
ssize_t
diff --git a/drivers/thermal/thermal_trip.c b/drivers/thermal/thermal_trip.c
index 1d4fe63e09f77..21736e02fa360 100644
--- a/drivers/thermal/thermal_trip.c
+++ b/drivers/thermal/thermal_trip.c
@@ -195,18 +195,3 @@ int thermal_zone_set_trip(struct thermal_zone_device *tz, int trip_id,
return 0;
}
-
-int thermal_zone_trip_id(struct thermal_zone_device *tz,
- const struct thermal_trip *trip)
-{
- int i;
-
- lockdep_assert_held(&tz->lock);
-
- for (i = 0; i < tz->num_trips; i++) {
- if (&tz->trips[i] == trip)
- return i;
- }
-
- return -ENODATA;
-}
patches/kernel/0016-net-usb-ax88179_178a-avoid-the-interface-always-conf.patch
-50
View File
@@ -1,50 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Date: Wed, 3 Apr 2024 15:21:58 +0200
Subject: [PATCH] net: usb: ax88179_178a: avoid the interface always configured
as random address
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two
consecutive device resets"), reset is not executed from bind operation and
mac address is not read from the device registers or the devicetree at that
moment. Since the check to configure if the assigned mac address is random
or not for the interface, happens after the bind operation from
usbnet_probe, the interface keeps configured as random address, although the
address is correctly read and set during open operation (the only reset
now).
In order to keep only one reset for the device and to avoid the interface
always configured as random address, after reset, configure correctly the
suitable field from the driver, if the mac address is read successfully from
the device registers or the devicetree. Take into account if a locally
administered address (random) was previously stored.
cc: stable@vger.kernel.org # 6.6+
Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets")
Reported-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240403132158.344838-1-jtornosm@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 2e91bb99b9d4f756e92e83c4453f894dda220f09)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
drivers/net/usb/ax88179_178a.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c
index d837c1887416..e0e9b4c53cb0 100644
--- a/drivers/net/usb/ax88179_178a.c
+++ b/drivers/net/usb/ax88179_178a.c
@@ -1273,6 +1273,8 @@ static void ax88179_get_mac_addr(struct usbnet *dev)
if (is_valid_ether_addr(mac)) {
eth_hw_addr_set(dev->net, mac);
+ if (!is_local_ether_addr(mac))
+ dev->net->addr_assign_type = NET_ADDR_PERM;
} else {
netdev_info(dev->net, "invalid MAC address, using random\n");
eth_hw_addr_random(dev->net);
patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
-83
View File
@@ -1,83 +0,0 @@
From fe4261ef5f99878f60290709d10d44bba326f95f Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@alien8.de>
Date: Sun, 24 Mar 2024 20:51:35 +0100
Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
Disable XSAVES only on machines which haven't loaded the microcode
revision containing the erratum fix.
This will come in handy when running archaic OSes as guests. OSes whose
brilliant programmers thought that CPUID is overrated and one should not
query it but use features directly, ala shoot first, ask questions
later... but only if you're alive after the shooting.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
[ FG: port to 6.5 ]
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
---
arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
arch/x86/kernel/cpu/amd.c | 11 +++++++++++
2 files changed, 19 insertions(+)
diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
index eb8fcede9e3b..bf4e065cf1e2 100644
--- a/arch/x86/include/asm/cpu_device_id.h
+++ b/arch/x86/include/asm/cpu_device_id.h
@@ -190,6 +190,14 @@ struct x86_cpu_desc {
.x86_microcode_rev = (revision), \
}
+#define AMD_CPU_DESC(fam, model, stepping, revision) { \
+ .x86_family = (fam), \
+ .x86_vendor = X86_VENDOR_AMD, \
+ .x86_model = (model), \
+ .x86_stepping = (stepping), \
+ .x86_microcode_rev = (revision), \
+}
+
extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 9390074ddb25..8201271f6505 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -13,6 +13,7 @@
#include <asm/apic.h>
#include <asm/cacheinfo.h>
#include <asm/cpu.h>
+#include <asm/cpu_device_id.h>
#include <asm/spec-ctrl.h>
#include <asm/smp.h>
#include <asm/numa.h>
@@ -945,6 +946,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
clear_rdrand_cpuid_bit(c);
}
+static const struct x86_cpu_desc erratum_1386_microcode[] = {
+ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
+ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
+};
+
void init_spectral_chicken(struct cpuinfo_x86 *c)
{
#ifdef CONFIG_CPU_UNRET_ENTRY
@@ -972,7 +978,12 @@ void init_spectral_chicken(struct cpuinfo_x86 *c)
*
* Affected parts all have no supervisor XSAVE states, meaning that
* the XSAVEC instruction (which works fine) is equivalent.
+ * Clear the feature flag only on microcode revisions which
+ * don't have the fix.
*/
+ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
+ return;
+
clear_cpu_cap(c, X86_FEATURE_XSAVES);
}
--
2.39.2
submodules/ubuntu-kernel
+1 -1
Submodule submodules/ubuntu-kernel updated: 262b099bd0...e3be6fa29e
submodules/zfsonlinux
+1 -1
Submodule submodules/zfsonlinux updated: 6c9ff9b992...5ea8a38968