Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel: Update to 5.10.186, 5.15.122, and 6.1.41 #3339

Merged
merged 5 commits into from
Aug 21, 2023
Merged

kernel: Update to 5.10.186, 5.15.122, and 6.1.41 #3339

merged 5 commits into from
Aug 21, 2023

Conversation

foersleo
Copy link
Contributor

Issue number: -

Description of changes:

Update kernels to latest AL kernels available in the repositories. With those updates we ingest upstream variants for the Zenbleed fix from #3300 for 5.15 and 6.1, so drop the downstream backports. In addition I did drop one downstream patch from Amazon Linux that reverted an upstream commit to accommodate for nvidia driver dependencies, which we provide differently. I finally removed the various added SCSI drivers from the generic config for 6.1. We carry these drivers on the metal variants already and only need them there.

Testing done:

  • Compiles
  • Sonobuoy quick test

Sonobuoy quick test results. (No test for the 6.1 kernel update as 6.1 currently is only on *-dev variants):

> kubectl get nodes -o wide
NAME                                              STATUS   ROLES    AGE     VERSION                INTERNAL-IP      EXTERNAL-IP     OS-IMAGE                                KERNEL-VERSION   CONTAINER-RUNTIME
ip-192-168-40-160.eu-central-1.compute.internal   Ready    <none>   2m14s   v1.23.17-eks-bbbebb8   192.168.40.160   3.68.198.116    Bottlerocket OS 1.15.0 (aws-k8s-1.23)   5.10.186         containerd://1.6.20+bottlerocket
ip-192-168-45-73.eu-central-1.compute.internal    Ready    <none>   103s    v1.27.4-eks-cedffd4    192.168.45.73    18.185.79.254   Bottlerocket OS 1.15.0 (aws-k8s-1.27)   5.15.122         containerd://1.6.20+bottlerocket

> sonobuoy run --mode=quick --wait
[...]
15:13:57             e2e                                            global   complete   passed   Passed:  1, Failed:  0, Remaining:  0
15:13:57    systemd-logs   ip-192-168-40-160.eu-central-1.compute.internal   complete   passed                                        
15:13:57    systemd-logs    ip-192-168-45-73.eu-central-1.compute.internal   complete   passed

Config diff reports some changes:

config-aarch64-aws-dev-diff:      1 removed,   7 added,   3 changed
config-aarch64-aws-k8s-1.23-diff:         1 removed,   0 added,   0 changed
config-aarch64-aws-k8s-1.26-diff:         1 removed,   0 added,   0 changed
config-aarch64-metal-dev-diff:    1 removed,   7 added,   3 changed
config-x86_64-aws-dev-diff:       3 removed,   9 added,   3 changed
config-x86_64-aws-k8s-1.23-diff:          1 removed,   0 added,   0 changed
config-x86_64-aws-k8s-1.26-diff:          1 removed,   0 added,   0 changed
config-x86_64-metal-dev-diff:     3 removed,   9 added,   3 changed
config-x86_64-metal-k8s-1.23-diff:        1 removed,   0 added,   0 changed
config-x86_64-metal-k8s-1.26-diff:        1 removed,   0 added,   0 changed

The full diff-report on Gist.

Summary of changes:

For 5.10 and 5.15 series upstream removed the DECNET driver from the kernels as it had been orphaned in 2010 already. It has been removed in 5.10 through 1c004b379b03 introduced in 5.10.185 and in 5.15 through 2a974abc0976 introduced in 5.15.118.

6.1:

  • CRYPTO_DH_RFC7919_GROUPS n -> y and CRYPTO_SHA3 m -> y have been set by AL as part of work to get towards FIPS certification readiness.

  • +DEVICE_PRIVATE y was enabled by AL to cater to CUDA 12.2 usage of HMM to allow for seamless sharing data between host memory and accelerator devices. The following options are changed as a result of this:

    • +GET_FREE_REGION y -> selected by DEVICE_PRIVATE
    • ZONE_DEVICE n -> y -> dependency of DEVICE_PRIVATE
    • +DEVICE_MIGRATION y -> defined as MIGRATION && ZONE_DEVICE
    • +PCI_P2PDMA n, +FS_DAX n, +XEN_UNPOPULATED_ALLOC n -> depend on ZONE_DEVICE and are thus now visible

  • +X86_PLATFORM_DRIVERS_HP n - Consolidation of HP platform drivers under this new toplevel option introduced in v6.1.30 through 1189b7f495408

    • -HP_ACCEL n -> now depends on X86_PLATFORM_DRIVERS_HP
    • -HP_WMI n -> now depends on X86_PLATFORM_DRIVERS_HP

  • +LOCK_MM_AND_FIND_VMA y - new option introduced in v6.1.37 through d6a5c7a1a6e52

  • -SMBFS_COMMON m and +SMBFS m -> reorganize SMBFS options upstream, introduced in v6.1.36 through 29429a1f5871

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@foersleo
kernel-5.10: update to 5.10.186
19243a5 
Rebase to Amazon Linux upstream version 5.10.186-179.751.amzn2.

Signed-off-by: Leonard Foerster <[email protected]>
@foersleo
kernel-5.15: update to 5.15.122
e453ff4 
Rebase to Amazon Linux upstream version 5.15.122-77.145.amzn2.

Signed-off-by: Leonard Foerster <[email protected]>
@foersleo
kernel-6.1: update to 6.1.41
fe079e4 
Rebase to Amazon Linux upstream version 6.1.41-63.114.amzn2023.
Drop backport of Zenbleed mitigation in favour of upstream variant
included in upstream version v6.1.41.

Signed-off-by: Leonard Foerster <[email protected]>
markusboehme
markusboehme approved these changes Aug 14, 2023
View reviewed changes
Copy link
Member

@markusboehme markusboehme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config changes and the patch revert make sense to me to stay closer to upstream. The Amazon Linux kernel repository on GitHub seems to have issue tracking turned off, but perhaps we can compare notes on our differing approaches for building out-of-tree graphics drivers via the discussion feature on the commit.

@foersleo
kernel-6.1: Revert back to upstream behaviour for fb_helper
e6e9015 
Amazon Linux reverted an upstream patch cleaning up DRM config option
dependency as they wanted to retain the old behavior in order to provide
dependency options for nvidia DKMS. For Bottlerocket we had solved this
issue already by enableing DRM_SIMPLEDRM in fd73bff, retaining
upstream functionality.

Signed-off-by: Leonard Foerster <[email protected]>
@foersleo
kernel-6.1: Disable specific SCSI drivers for the generic images
a62b9da 
Amazon Linux has added some specific SCSI drivers on their kernels. We
do not need these for vmware and aws use cases and had set them already
for the metal variants separately. Disable them for the generic case in
order to not introduce additional bloat.

Signed-off-by: Leonard Foerster <[email protected]>
@foersleo
Copy link
Contributor Author

⬆️ force push softened the language in the commit message as requested by Ben.

@foersleo foersleo merged commit 3f716bd into bottlerocket-os:develop Aug 21, 2023
42 checks passed
@foersleo foersleo deleted the kernel_update_2023-08-11 branch August 21, 2023 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@markusboehme markusboehme markusboehme approved these changes

@arnaldo2792 arnaldo2792 Awaiting requested review from arnaldo2792

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@foersleo @bcressey @markusboehme