From: Waiman Long <longman(a)redhat.com>
redhat/configs: Enable CONFIG_MITIGATION_SLS for RHEL
Like Fedora, CONFIG_MITIGATION_SLS had been enabled for RHEL9 since
9.3. Update the kernel-ark setting to match current RHEL9 setting.
Signed-off-by: Waiman Long <longman(a)redhat.com>
diff --git a/redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS b/redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
rename from redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS
rename to redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
index blahblah..blahblah 100644
--- a/redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS
+++ b/redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
diff --git a/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS b/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_MITIGATION_SLS is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3222
From: Don Zickus <dzickus(a)redhat.com>
Add wildcard macros -baseonly -gcov
There are multiple usecases for -baseonly and -gcov on various
targets in the Makefile. Instead of calling those targets out
repeatedly, lets generalize them a bit.
Allow adding -baseonly and -gcov to:
dist-rpm
dist-srpm
dist-brew
dist-koji
distg-brew
distg-koji
Gcov is useful for adding code coverage. Baseonly is useful to only
build the kernel for debugging purposes without userspace tools.
Signed-off-by: Don Zickus <dzickus(a)redhat.com>
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -297,6 +297,12 @@ dist-sources: dist-kabi dist-kabi-dup sources-rh
dist-test-patch: generate-testpatch-tmp
@mv $(TESTPATCH).tmp $(TESTPATCH);
+%-baseonly: RPMBUILDOPTS=--target $(MACH) --without debug --without debuginfo --without vdso_install --without bpftool --without perf --without tools --without selftests -bb
+%-baseonly: BUILDOPTS+=-debug -debuginfo -vdso_install -bpftool -perf -tools -selftests
+
+%-gcov: BUILDID=".gcov"
+%-gcov: BUILDOPTS+="+gcov"
+
do-rpmbuild: dist-sources
$(RPMBUILD) --define "_sourcedir $(SOURCES)" --define "_builddir $(RPM)/BUILD" --define "_srcrpmdir $(RPM)/SRPMS" --define "_rpmdir $(RPM)/RPMS" --define "_specdir $(RPM)/SPECS" --define "dist $(DIST)" $(RPMBUILDOPTS) $(RPM)/SOURCES/$(PACKAGE_NAME).spec
@@ -306,9 +312,9 @@ dist-all-rpms: dist-sources do-rpmbuild
dist-srpm: RPMBUILDOPTS=--nodeps -bs
dist-srpm: dist-sources do-rpmbuild
-dist-srpm-gcov: BUILDID=".gcov"
-dist-srpm-gcov: BUILDOPTS+="+gcov"
-dist-srpm-gcov: dist-srpm
+dist-srpm-%: dist-srpm
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
dist-rpms: RPMBUILDOPTS=--target $(MACH) -bb
dist-rpms: dist-sources do-rpmbuild
@@ -322,8 +328,7 @@ dist-prep: dist-sources do-rpmbuild
dist-perf: RPMBUILDOPTS=--without up --without smp --without zfcpdump --without debug --without doc --without headers --without --without doc --without debuginfo --target $(MACH) -bb
dist-perf: dist-sources do-rpmbuild
-dist-rpm-baseonly: RPMBUILDOPTS=--target $(MACH) --without debug --without debuginfo --without vdso_install --without bpftool --without perf --without tools -bb
-dist-rpm-baseonly: dist-sources do-rpmbuild
+dist-rpm-%: dist-sources do-rpmbuild
# unless you know what you're doing, you don't want to use the next four ones
dist-release-finish: setup-source
@@ -388,9 +393,25 @@ distg-koji: BUILD_FLAGS ?= $(KOJI_FLAGS) $(TEST_FLAGS)
dist-brew dist-koji: dist-%: dist-srpm
$* $(BUILD_PROFILE) build $(BUILD_FLAGS) $(BUILD_TARGET) $(SRPMS)/$(PACKAGE_NAME)-$(KVERSION)-$(PKGRELEASE)$(DIST).src.rpm $(OUTPUT_FILE)
+dist-brew-%: dist-brew
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
+dist-koji-%: dist-koji
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
distg-brew distg-koji: distg-%:
$* $(BUILD_PROFILE) build $(BUILD_FLAGS) $(BUILD_TARGET) "$(RHGITURL)?redhat/koji#$(RHGITCOMMIT)"
+distg-brew-%: dist-brew
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
+distg-koji-%: dist-koji
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
.PHONY: $(REDHAT)/rpm/SOURCES/$(PACKAGE_NAME).spec
$(REDHAT)/rpm/SOURCES/$(PACKAGE_NAME).spec:
@echo "dist-sources"
@@ -469,34 +490,30 @@ dist-full-help:
@echo 'Building targets:'
@echo ' All RPM/SRPM files will be put under the redhat/rpm/ directory.'
@echo ''
- @echo ' dist-srpm - Create a source RPM and put it into the redhat/rpm/SRPMS/'
+ @echo ' dist-srpm@ - Create a source RPM and put it into the redhat/rpm/SRPMS/'
@echo ' directory. See the dist-brew target for available options.'
- @echo ' dist-srpm-gcov - Create a source RPM with gcov enabled and put it into the'
- @echo ' redhat/rpm/SRPMS/ directory.'
- @echo ' dist-brew - Create a kernel SRPM and then call brew to build the'
+ @echo ' dist-brew@ - Create a kernel SRPM and then call brew to build the'
@echo ' created SRPM. Add BUILDOPTS="+<opt> -<opt> [...]" to'
@echo ' enable/disable build options.'
@echo ' Available <opt>s and their default values:' \
$$(sed -n -e 's/^%define with_\([^ \t]*\).*\?_without_.*/+\1/p' \
-e 's/^%define with_\([^ \t]*\).*\?_with_.*/-\1/p' kernel.spec.template | \
grep -v 'only$$') | fmt -80
- @echo ' dist-koji - Create a kernel SRPM and then call koji to build the'
+ @echo ' dist-koji@ - Create a kernel SRPM and then call koji to build the'
@echo ' created SRPM. See the dist-brew target for available'
@echo ' options.'
- @echo ' distg-brew - Pass HEAD of the current git branch to brew to build an'
+ @echo ' distg-brew@ - Pass HEAD of the current git branch to brew to build an'
@echo ' RPM set. Do not forget to push to the remote repository'
@echo ' first. Preceed make command by RHGITCOMMIT=<commitID>'
@echo ' specify commit ID to use.'
@echo ' To set the remote repo, invoke:'
@echo ' git config rhg.url git://<repo_path>'
- @echo ' distg-koji - Pass HEAD of the current git branch to koji to build an'
+ @echo ' distg-koji@ - Pass HEAD of the current git branch to koji to build an'
@echo ' RPM set. Do not forget to push to the remote repository'
@echo ' first. See the distg-brew target for options and'
@echo ' configuration.'
- @echo ' dist-rpms - Create the binary RPMS for the kernel.'
+ @echo ' dist-rpms@ - Create the binary RPMS for the kernel.'
@echo ' See the dist-brew target for available options.'
- @echo ' dist-rpm-baseonly - Create the binary RPMS for the kernel and modules'
- @echo ' (no userspace tools or debuginfo).'
@echo ' dist-kernel-<type> - Create binary RPMS for a particular kernel type.'
@echo ' Available <type>s:'\
$$(sed -n 's/^%define with_\([^ ]*only\).*/\1/p' kernel.spec.template)
@@ -524,6 +541,12 @@ dist-full-help:
@echo ' dist-rhel-configs - build ELN configs'
@echo ' dist-fedora-configs - build Fedora configs'
+ @echo ''
+ @echo 'Wildcard targets: [indicated by '@' above]'
+ @echo ' *-baseonly - builds only the kernel (disables userspace and debuginfo)'
+ @echo ' - Examples: dist-srpm-baseonly, dist-brew-baseonly'
+ @echo ' *-gcov - builds a kernel with gcov enabled'
+ @echo ' - Examples: dist-srpm-gcov, dist-brew-gcov'
@echo ''
@echo 'kABI targets:'
@echo ' dist-kabi - Create kABI stablelist files in redhat/kabi/kabi-rhel*/'
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1444
From: Don Zickus <dzickus(a)redhat.com>
Fix binutils breakage
The binutils package in Rawhide has stricter checks about PIE/PIC code
and will start reporting errors if it detects mixing and matching no-PIE
with PIE binaries (especially around bpf binaries).
Example errors look like:
/usr/bin/ld: /tmp/ccL7dkfR.o: relocation R_X86_64_32S against `.rodata'
can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Fix this by adding more CFLAGS to force PIE/PIC generated binaries to
bpf releated selftests, tools and samples.
This patch was provided by Carlos O'Donell and understands how it works.
I am just the middle man.
All -fPIE errors are resolved except for one about libbpf.a. The static
version of the library doesn't take CFLAGS so it can't be forced to
build with PIE/PIC. This error is ignored by the spec file, so it is
ignored by this patch too.
Signed-off-by: Don Zickus <dzickus(a)redhat.com>
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -2769,7 +2769,7 @@ if [ ! -f include/generated/autoconf.h ]; then
%{make} %{?_smp_mflags} modules_prepare
fi
-%{make} %{?_smp_mflags} ARCH=$Arch V=1 M=samples/bpf/ VMLINUX_H="${RPM_VMLINUX_H}" || true
+%{make} %{?_smp_mflags} TPROGS_USER_CFLAGS="%{?build_hostcflags}" TPROGS_USER_LDFLAGS="%{?build_hostldflags}" EXTRA_CFLAGS="%{?build_hostcflags}" EXTRA_LDFLAGS="%{?build_hostldflags}" ARCH=$Arch V=1 M=samples/bpf/ VMLINUX_H="${RPM_VMLINUX_H}" || true
# Prevent bpf selftests to build bpftool repeatedly:
export BPFTOOL=$(pwd)/tools/bpf/bpftool/bpftool
@@ -2783,7 +2783,7 @@ pushd tools/testing/selftests
force_targets=""
%endif
-%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf mm livepatch net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install
+%{make} %{?_smp_mflags} USERCFLAGS="%{?build_hostcflags}" USERLDFLAGS="%{?build_hostldflags}" ARCH=$Arch V=1 TARGETS="bpf mm livepatch net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install
# 'make install' for bpf is broken and upstream refuses to fix it.
# Install the needed files manually.
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2749
From: Emanuele Giuseppe Esposito on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917
We want to enable kernel.spec to optionally ship UKI addons defined in a
common config file in redhat folder.
The folder redhat/uki_addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/uki_addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/uki_addons that are part of the addon config path.
The folder hierarchy inside of redhat/uki_addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive (uki_addons.tar.gz)
containing all the files in redhat/uki_addons. It will then passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
As an example of this feature, add the fips addon to optionally enable fips
(https://issues.redhat.com/browse/RHEL-23049)
---
redhat/scripts/uki_addons.py | 162 +++++++++++++++++++++++++++++++
redhat/uki_addons/virt/common/fips.addon | 1 +
redhat/Makefile | 3 +
redhat/kernel.spec.template | 44 ++++++++
4 files changed, 210 insertions(+), 0 deletions(-)
From: Brian Masney <bmasney(a)redhat.com>
redhat/configs: enable CONFIG_LOCK_STAT on the debug kernels for aarch64
CONFIG_LOCK_STAT is enabled on all of the RHEL architectures except for
aarch64. The git history doesn't give any clues as to why this is the
case. Let's enable this since this is also supported on aarch64 and we
need this for RT on aarch64 for automotive.
Signed-off-by: Brian Masney <bmasney(a)redhat.com>
diff --git a/redhat/configs/rhel/debug/arm/aarch64/CONFIG_LOCK_STAT b/redhat/configs/rhel/debug/arm/aarch64/CONFIG_LOCK_STAT
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/rhel/debug/arm/aarch64/CONFIG_LOCK_STAT
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_LOCK_STAT is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3305