-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Linux kernel from 6.6 to 6.12 #2300
base: main
Are you sure you want to change the base?
Conversation
ZFS 2.2.5 does not support kernel 6.10, the zfs upgrade patches will be dropped after portage stable update PR gets merged (with 2.2.6 zfs): #2298 |
@@ -36,6 +36,5 @@ IUSE="" | |||
# local patches overlap with the upstream patch. | |||
UNIPATCH_LIST=" | |||
${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ | |||
${PATCH_DIR}/z0002-revert-pahole-flags.patch \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tested this?
When pahole
is executed with -j
(parallel) then btf metadata order is non-deterministic and the built kernel and modules don't match.
It doesn't have to be a revert, but we need to carry some patch (unless something significant changed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
definitely, working on it. pahole flags moved to scripts/Makefile.btf, so that needs to be addressed, was working now on a patch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We recently updated pahole to a newer version (1.27) that was supposed to be reproducible regardless of how many threads it uses, but dropping the patch didn't work for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like we may still need a kernel patch to pass --btf_features=all,reproducible_build
: https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?h=v1.27&id=43bd3efa85656565129063cdd6dd7499e44a7867
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this could be upstreamed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will test it asap and send it to LKML if it works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the reproducible_build flag to the pahole params, although I don't like how that addition is done, that file is a beautiful soup and needs some better management.
Things like this make me want to wait with an upgrade to 6.10: It takes a couple minor releases on a new stable branch before it is ready to make its way into Flatcar. |
Adding the blocker bug here: https://bugzilla.kernel.org/show_bug.cgi?id=219229 Possible resolution from the bug discussion in the kernel config: CONFIG_TCG_TPM2_HMAC=n |
The feature CONFIG_TCG_TPM2_HMAC has been introduced in 6.10 as extra security layer: https://github.com/torvalds/linux/blob/master/drivers/char/tpm/Kconfig#L37 |
cce5dc3
to
6dd0a5b
Compare
Managed to get the ARM64 image built, but the AMD64 image fails at the initrd/grub stage with error: Full error bellow:
|
Successful build for the AMD64:
|
The bpf amd64 |
...oreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch
Outdated
Show resolved
Hide resolved
...oreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch
Outdated
Show resolved
Hide resolved
...oreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch
Outdated
Show resolved
Hide resolved
5595c96
to
4ad039e
Compare
@t-lo I observed that from Linux kernel 6.10, there is a change in name of a hyper-v daemon binary - see torvalds/linux@82b0945. Should we leave the same systemd unit name though? I wonder how the https://github.com/microsoft/azurelinux will be doing it (have not seen yet any patch). I am oscillating between this 4ad039e vs changing the name in all places. |
I think we should rename the systemd service to prevent confusion down the road. |
The thing is that the binaries do the same thing / have the same interface, but just internally have a different implementation aka uio_hv_generic. The weird part is that the old implementation is still present, but has build disabled. I will add a new service definition (as it also has a different device path trigger) for the new version, to keep things separate. |
The /boot partition is very close to a critical level, 49% already used, leaving around 1.5MB free to use:
|
04d37b9
to
0d9b839
Compare
Note: on AMD64 vmlinuz-a, the build_library/extract-initramfs-from-vmlinuz.sh fails due to the fact now that the scripts finds the corrupted CPIO first. Need to do some more debugging on why this issue happens in the first place (what has changed upstream). |
06de6c8
to
f62e9ba
Compare
Verified and the securebot patches from https://sources.debian.org/data/main/l/linux/6.12.5-1/debian/patches/features/all/lockdown/ are bitwise the same with the ones from https://sources.debian.org/data/main/l/linux/6.10.6-1~bpo12+1/debian/patches/features/all/lockdown/ (the previous sourced ones) |
f2eca1b
to
5759d67
Compare
5759d67
to
582883a
Compare
Upgrade Linux kernel from the 6.6.y stable branch to 6.12.y stable branch.
See: flatcar/Flatcar#1527
This PR is mostly to reveal any possible big blockers before getting to the new 6.12 LTS release.
Tested 6.10.y and it works as expected.
Tested 6.11.y and it works as expected.
Now testing 6.12.y.
Testing done
[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]
changelog/
directory (user-facing change, bug fix, security fix, update)/boot
and/usr
size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.Boot partition size: