Rebase on a v6.6.59 kernel

This is a clean rebase with no changes needed in the downstream patches. Signed-off-by: Sergio Lopez <[email protected]>
containers · Nov 4, 2024 · 8b6c27c · 8b6c27c
1 parent 2581d12
commit 8b6c27c
Show file tree

Hide file tree

Showing 25 changed files with 99 additions and 137 deletions.
diff --git a/Makefile b/Makefile
@@ -1,13 +1,13 @@
-KERNEL_VERSION = linux-6.6.52
+KERNEL_VERSION = linux-6.6.59
 KERNEL_REMOTE = https://cdn.kernel.org/pub/linux/kernel/v6.x/$(KERNEL_VERSION).tar.xz
 KERNEL_TARBALL = tarballs/$(KERNEL_VERSION).tar.xz
 KERNEL_SOURCES = $(KERNEL_VERSION)
 KERNEL_PATCHES = $(shell find patches/ -name "0*.patch" | sort)
 KERNEL_C_BUNDLE = kernel.c
 
 ABI_VERSION = 4
-FULL_VERSION = 4.4.2
-TIMESTAMP = "Tue Oct  8 13:02:33 CEST 2024"
+FULL_VERSION = 4.5.0
+TIMESTAMP = "Mon Nov  4 12:34:02 CET 2024"
 
 KERNEL_FLAGS = KBUILD_BUILD_TIMESTAMP=$(TIMESTAMP)
 KERNEL_FLAGS += KBUILD_BUILD_USER=root

diff --git a/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch b/patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch
@@ -1,4 +1,4 @@
-From 6616593252269d81b003d7aa1e7e4dd156d1a629 Mon Sep 17 00:00:00 2001
+From 1a74153dbecfd3ef07450282623e19e3eff07e02 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Fri, 10 Sep 2021 13:05:01 +0200
 Subject: [PATCH 1/4] virtio: enable DMA API if memory is restricted
@@ -54,5 +54,5 @@ index 80669e05bf0e..438b4f6c5cdb 100644
  	/*
  	 * In theory, it's possible to have a buggy QEMU-supposed
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches-sev/0002-x86-sev-write-AP-reset-vector.patch b/patches-sev/0002-x86-sev-write-AP-reset-vector.patch
@@ -1,4 +1,4 @@
-From ecbb6d5db802293ef27575a672336e17e8c2abfd Mon Sep 17 00:00:00 2001
+From d207d9d626b491547cc79ad561f8b937230260d8 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Thu, 20 Oct 2022 10:23:16 +0200
 Subject: [PATCH 2/4] x86/sev: write AP reset vector
@@ -55,5 +55,5 @@ index 9905dc0e0b09..38df85fd1324 100644
  	/* Check if AP Jump Table is page-aligned */
  	if (jump_table_addr & ~PAGE_MASK)
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch b/patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch
@@ -1,4 +1,4 @@
-From 0738c09d916b06afa162facb0edc84ffe121c35a Mon Sep 17 00:00:00 2001
+From 8f8bd55d6eeae2329d28e61815f930b990f7e40f Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Wed, 3 Aug 2022 12:35:12 +0200
 Subject: [PATCH 3/4] Implement driver to retrieve secrets from cmdline
@@ -292,5 +292,5 @@ index c787e94cc898..2fb8a8af9af6 100644
 
  /*
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch b/patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch
@@ -1,4 +1,4 @@
-From 95ae01ac9240b47dcdeda540e59a24ba0bdaf963 Mon Sep 17 00:00:00 2001
+From 7d1316354c1f9cdab71270e3785ed17c6166e48e Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Wed, 5 Jun 2024 16:20:08 +0200
 Subject: [PATCH 4/4] x86/sev: Avoid using native_cpuid
@@ -61,5 +61,5 @@ index cc47a818a640..a2b5b08eee23 100644
  	/* Check the SEV MSR whether SEV or SME is enabled */
  	RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV);
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch
@@ -1,7 +1,7 @@
-From 7f18f75689b7b0f34ca711daa4e29e2d4ae5f910 Mon Sep 17 00:00:00 2001
+From 1b10ce0f3957352710d9218761ef30b306f44d2b Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Thu, 2 Mar 2023 07:34:49 +0100
-Subject: [PATCH 01/17] krunfw: Don't panic when init dies
+Subject: [PATCH 01/20] krunfw: Don't panic when init dies
 
 In libkrun, the isolated process runs as PID 1. When it exits,
 trigger an orderly reboot instead of panic'ing.
@@ -58,5 +58,5 @@ index 6ebef11c8876..4323caa5b871 100644
  	machine_restart(cmd);
  }
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch
@@ -1,7 +1,7 @@
-From 5ed6edb3e75df34958f788bca363748cea75eea1 Mon Sep 17 00:00:00 2001
+From 6b799d0ece7be4526086389f499ba128e58402f2 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Mon, 16 May 2022 16:04:27 +0200
-Subject: [PATCH 02/17] krunfw: Ignore run_cmd on orderly reboot
+Subject: [PATCH 02/20] krunfw: Ignore run_cmd on orderly reboot
 
 We don't really support restarting the conventional way, so ignore
 "run_cmd" so we can fall back to an emergency sync and reboot.
@@ -28,5 +28,5 @@ index 4323caa5b871..d9d6f0dd2ebc 100644
  	if (ret) {
  		pr_warn("Failed to start orderly reboot: forcing the issue\n");
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch b/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch
@@ -1,7 +1,7 @@
-From 06a9c813b4f59d92edf78a6011a719629323081c Mon Sep 17 00:00:00 2001
+From 07196cd4cb4df62bef3d8f0d89e11f5042b4e84b Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:28 +0000
-Subject: [PATCH 03/17] vsock/dgram: generalize recvmsg and drop
+Subject: [PATCH 03/20] vsock/dgram: generalize recvmsg and drop
  transport->dgram_dequeue
 
 This commit drops the transport->dgram_dequeue callback and makes
@@ -203,7 +203,7 @@ index 2925f5d27ad3..332d6d580cba 100644
  		.stream_dequeue           = virtio_transport_stream_dequeue,
  		.stream_enqueue           = virtio_transport_stream_enqueue,
 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
-index e87fd9480acd..ed1235d57ffb 100644
+index 78b5f4f8808b..0f5845e3bb53 100644
 --- a/net/vmw_vsock/virtio_transport_common.c
 +++ b/net/vmw_vsock/virtio_transport_common.c
 @@ -860,6 +860,24 @@ int virtio_transport_dgram_bind(struct vsock_sock *vsk,
@@ -348,5 +348,5 @@ index 0ce65d0a4a44..6b19e308a140 100644
  		.stream_dequeue           = virtio_transport_stream_dequeue,
  		.stream_enqueue           = virtio_transport_stream_enqueue,
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0004-vsock-refactor-transport-lookup-code.patch b/patches/0004-vsock-refactor-transport-lookup-code.patch
@@ -1,7 +1,7 @@
-From 5a2b5b9c1a9f473836c361153b15c10eab012e9a Mon Sep 17 00:00:00 2001
+From db20ca78bf5bc3215088350e87435ad17657dca1 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:29 +0000
-Subject: [PATCH 04/17] vsock: refactor transport lookup code
+Subject: [PATCH 04/20] vsock: refactor transport lookup code
 
 Introduce new reusable function vsock_connectible_lookup_transport()
 that performs the transport lookup logic.
@@ -57,5 +57,5 @@ index c3fdb22cfd39..5a517638deed 100644
  	default:
  		return -ESOCKTNOSUPPORT;
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0005-vsock-support-multi-transport-datagrams.patch b/patches/0005-vsock-support-multi-transport-datagrams.patch
@@ -1,7 +1,7 @@
-From 10b18bb2d94abcf35e199c76fcf9921de1dbb9ae Mon Sep 17 00:00:00 2001
+From 064e3d05e17efc1cbc385f0bb12577677d07f0d1 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:30 +0000
-Subject: [PATCH 05/17] vsock: support multi-transport datagrams
+Subject: [PATCH 05/20] vsock: support multi-transport datagrams
 
 This patch adds support for multi-transport datagrams.
 
@@ -274,7 +274,7 @@ index 332d6d580cba..4e138ad3c113 100644
  		.dgram_allow              = virtio_transport_dgram_allow,
  		.dgram_get_cid		  = virtio_transport_dgram_get_cid,
 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
-index ed1235d57ffb..0b2f6c211544 100644
+index 0f5845e3bb53..4811cc37ffb8 100644
 --- a/net/vmw_vsock/virtio_transport_common.c
 +++ b/net/vmw_vsock/virtio_transport_common.c
 @@ -853,13 +853,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port)
@@ -304,5 +304,5 @@ index 6b19e308a140..21a4debde550 100644
  		.dgram_allow              = virtio_transport_dgram_allow,
  		.dgram_get_cid		  = virtio_transport_dgram_get_cid,
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0006-vsock-make-vsock-bind-reusable.patch b/patches/0006-vsock-make-vsock-bind-reusable.patch
@@ -1,7 +1,7 @@
-From 9b076ce6da60de7904d340289a2187325efee512 Mon Sep 17 00:00:00 2001
+From 79797b2902e0874ee78ff63e12f416342233de95 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:31 +0000
-Subject: [PATCH 06/17] vsock: make vsock bind reusable
+Subject: [PATCH 06/20] vsock: make vsock bind reusable
 
 This commit makes the bind table management functions in vsock usable
 for different bind tables. For use by datagrams in a future patch.
@@ -102,5 +102,5 @@ index afe28d3b0b74..6a94a623dd07 100644
  			      struct sockaddr_vm *addr)
  {
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch b/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch
@@ -1,7 +1,7 @@
-From f9c572bf348f3eda2d0763ecf0e212cf6861d769 Mon Sep 17 00:00:00 2001
+From 0bf3a61890218db07f728911ede76e92c2a33eff Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:32 +0000
-Subject: [PATCH 07/17] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
+Subject: [PATCH 07/20] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
 
 This commit adds a feature bit for virtio vsock to support datagrams.
 
@@ -24,5 +24,5 @@ index 64738838bee5..9c25f267bbc0 100644
  struct virtio_vsock_config {
  	__le64 guest_cid;
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0008-virtio-vsock-support-dgrams.patch b/patches/0008-virtio-vsock-support-dgrams.patch
@@ -1,7 +1,7 @@
-From cea879931c45169784b8b2301ae02ee45c4aa20d Mon Sep 17 00:00:00 2001
+From 4d7457f846830badc6f6d44ea3e51d635e62731a Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:33 +0000
-Subject: [PATCH 08/17] virtio/vsock: support dgrams
+Subject: [PATCH 08/20] virtio/vsock: support dgrams
 
 This commit adds support for datagrams over virtio/vsock.
 
@@ -345,7 +345,7 @@ index 4e138ad3c113..3dd63dc8f6b7 100644
 
  static struct virtio_driver virtio_vsock_driver = {
 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
-index 0b2f6c211544..7ff2d3a44dc2 100644
+index 4811cc37ffb8..62c5a1785389 100644
 --- a/net/vmw_vsock/virtio_transport_common.c
 +++ b/net/vmw_vsock/virtio_transport_common.c
 @@ -37,6 +37,35 @@ virtio_transport_get_ops(struct vsock_sock *vsk)
@@ -475,23 +475,23 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
 +EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_cid);
 +
 +int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port)
-+{
+ {
+-	return -EOPNOTSUPP;
 +	*port = le32_to_cpu(virtio_vsock_hdr(skb)->src_port);
 +	return 0;
-+}
+ }
+-EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue);
 +EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_port);
 +
 +int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len)
- {
--	return -EOPNOTSUPP;
++{
 +	/* The device layer must have already moved the data ptr beyond the
 +	 * header for skb->len to be correct.
 +	 */
 +	WARN_ON(skb->data == skb->head);
 +	*len = skb->len;
 +	return 0;
- }
--EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue);
++}
 +EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_length);
 
  s64 virtio_transport_stream_has_data(struct vsock_sock *vsk)
@@ -741,5 +741,5 @@ index 21a4debde550..20f5b123bde5 100644
  {
  	return true;
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0009-tests-add-vsock-dgram-tests.patch b/patches/0009-tests-add-vsock-dgram-tests.patch
@@ -1,7 +1,7 @@
-From aacd77363c0f5c8515f9ef55889cd367d42d06f9 Mon Sep 17 00:00:00 2001
+From 2133d4c828f49f49a1f74428680f6ad717d84e47 Mon Sep 17 00:00:00 2001
 From: Jiang Wang <[email protected]>
 Date: Sat, 10 Jun 2023 00:58:35 +0000
-Subject: [PATCH 09/17] tests: add vsock dgram tests
+Subject: [PATCH 09/20] tests: add vsock dgram tests
 
 This patch adds tests for vsock datagram.
 
@@ -667,5 +667,5 @@ index 5dc7767039f6..7c66e934341a 100644
  	{},
  };
 -- 
-2.46.0
+2.45.2
 
diff --git a/patches/0010-Transparent-Socket-Impersonation-implementation.patch b/patches/0010-Transparent-Socket-Impersonation-implementation.patch
@@ -1,7 +1,7 @@
-From b4ce449d32a4a9c71041052c1e4599f3a01eccfa Mon Sep 17 00:00:00 2001
+From 2cfe7358a0ab882db5f2ae65853f8b30429e8532 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Thu, 19 May 2022 22:38:26 +0200
-Subject: [PATCH 10/21] Transparent Socket Impersonation implementation
+Subject: [PATCH 10/20] Transparent Socket Impersonation implementation
 
 Transparent Socket Impersonation (AF_TSI) is an address family that
 provides sockets presenting two simultaneous personalities, AF_INET
@@ -22,17 +22,15 @@ TODO - implement remote [get|set]sockopt
 
 Signed-off-by: Sergio Lopez <[email protected]>
 ---
- include/linux/socket.h              |    4 +-
- net/Kconfig                         |    1 +
- net/Makefile                        |    1 +
- net/socket.c                        |    1 +
- net/tsi/Kconfig                     |    7 +
- net/tsi/Makefile                    |    4 +
- net/tsi/af_tsi.c                    | 1280 +++++++++++++++++++++++++++
- net/tsi/af_tsi.h                    |  100 +++
- security/selinux/hooks.c            |    4 +-
- security/selinux/include/classmap.h |    4 +-
- 10 files changed, 1403 insertions(+), 3 deletions(-)
+ include/linux/socket.h |    4 +-
+ net/Kconfig            |    1 +
+ net/Makefile           |    1 +
+ net/socket.c           |    1 +
+ net/tsi/Kconfig        |    7 +
+ net/tsi/Makefile       |    4 +
+ net/tsi/af_tsi.c       | 1280 ++++++++++++++++++++++++++++++++++++++++
+ net/tsi/af_tsi.h       |  100 ++++
+ 8 files changed, 1397 insertions(+), 1 deletion(-)
  create mode 100644 net/tsi/Kconfig
  create mode 100644 net/tsi/Makefile
  create mode 100644 net/tsi/af_tsi.c
@@ -83,7 +81,7 @@ index 4c4dc535453d..b07f65c0ef56 100644
  obj-$(CONFIG_NET_HANDSHAKE)	+= handshake/
 +obj-$(CONFIG_TSI)		+= tsi/
 diff --git a/net/socket.c b/net/socket.c
-index 9db33cd4a71b..8b92dd098235 100644
+index bad58f23f307..9992976a67ff 100644
 --- a/net/socket.c
 +++ b/net/socket.c
 @@ -218,6 +218,7 @@ static const char * const pf_family_names[] = {
@@ -1509,42 +1507,6 @@ index 000000000000..cf381734bebe
 +} __attribute__((packed));
 +
 +#endif
-diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index d4a99d98ec77..82fd1f975ef6 100644
---- a/security/selinux/hooks.c
-+++ b/security/selinux/hooks.c
-@@ -1295,7 +1295,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
- 			return SECCLASS_XDP_SOCKET;
- 		case PF_MCTP:
- 			return SECCLASS_MCTP_SOCKET;
--#if PF_MAX > 46
-+		case PF_TSI:
-+			return SECCLASS_TSI_SOCKET;
-+#if PF_MAX > 47
- #error New address family defined, please update this function.
- #endif
- 		}
-diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
-index a3c380775d41..4640eb408c06 100644
---- a/security/selinux/include/classmap.h
-+++ b/security/selinux/include/classmap.h
-@@ -248,6 +248,8 @@ const struct security_class_mapping secclass_map[] = {
- 	  { COMMON_SOCK_PERMS, NULL } },
- 	{ "mctp_socket",
- 	  { COMMON_SOCK_PERMS, NULL } },
-+	{ "tsi_socket",
-+	  { COMMON_SOCK_PERMS, NULL } },
- 	{ "perf_event",
- 	  { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } },
- 	{ "anon_inode",
-@@ -259,6 +261,6 @@ const struct security_class_mapping secclass_map[] = {
- 	{ NULL }
-   };
-
--#if PF_MAX > 46
-+#if PF_MAX > 47
- #error New address family defined, please update secclass_map.
- #endif
 -- 
 2.45.2
 
diff --git a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch b/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch
@@ -1,7 +1,7 @@
-From 38643ecb3d75f3c156249b6488b76ef608e990cb Mon Sep 17 00:00:00 2001
+From 26705fda00730b304024546aae7307a306547f2d Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <[email protected]>
 Date: Thu, 19 May 2022 22:42:01 +0200
-Subject: [PATCH 11/17] tsi: allow hijacking sockets (tsi_hijack)
+Subject: [PATCH 11/20] tsi: allow hijacking sockets (tsi_hijack)
 
 Add a kernel command line option (tsi_hijack) enabling users to
 request the kernel to hijack AF_INET(SOCK_STREAM || SOCK_DGRAM)
@@ -14,7 +14,7 @@ Signed-off-by: Sergio Lopez <[email protected]>
  2 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/net/socket.c b/net/socket.c
-index 8b92dd098235..ab2bd178bcc7 100644
+index 9992976a67ff..2a928d25f282 100644
 --- a/net/socket.c
 +++ b/net/socket.c
 @@ -115,6 +115,10 @@ unsigned int sysctl_net_busy_read __read_mostly;
@@ -69,5 +69,5 @@ index eda6c4ba7961..6cf01d7ce8f5 100644
  	int err;
 
 -- 
-2.46.0
+2.45.2