Andrea Righi [Mon, 28 Jun 2021 06:36:16 +0000 (08:36 +0200)]
UBUNTU: [Config] update configs and annotations after rebase to 5.13
Commit c6414e1a2bd2 ("gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP")
added a dependency of HAS_IOPORT_MAP for TQMX86, so this module cannot
be enabled anymore on armhf.
Also update CONFIG_KERNEL_LZ4 in the config, because of commit 4ed757d8a68f ("UBUNTU: [Config] use ZSTD to compress amd64 kernels").
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
UBUNTU: [Packaging] use ZSTD to compress s390 kernels
BugLink: https://bugs.launchpad.net/bugs/1931725
linux-next has ZSTD support for s390 arch now, cherry-pick those
commits and enable ZSTD compression for s390x like it was already done
on amd64.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1912789
Encounted below errors, prefer 'help' over '---help---' for new help texts
ubuntu/Kconfig:7: syntax error
ubuntu/Kconfig:6: unknown statement "---help---"
ubuntu/Kconfig:7: unknown statement "Turn"
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Stefan Bader [Fri, 11 Jun 2021 10:01:30 +0000 (18:01 +0800)]
UBUNTU: [Packaging] Fix ODM support in actual build
BugLink: https://bugs.launchpad.net/bugs/1912789
The config update was working with the conditional entry but the actual
build is different and was just ignoring everything.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
(cherry picked commit from 198971108d5dfe12b9846bf0d115accc3d1c3fe8
focal) Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Stefan Bader [Fri, 11 Jun 2021 10:01:29 +0000 (18:01 +0800)]
UBUNTU: [Packaging] Turn on ODM support for amd64
BugLink: https://bugs.launchpad.net/1912789
Now there is the support in place let us turn this on for amd64. This is
added as enabled generally in the config because otherwise updating the
config for drivers depending on it would not work. It is changed at
build time for arches which have not enabled it. Also it will
automatically go away for backports.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
(backported from commit 4aeffc246531a666c1fad1925ebf1a6e68a704e4 focal) Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Stefan Bader [Fri, 11 Jun 2021 10:01:28 +0000 (18:01 +0800)]
UBUNTU: [Packaging] Add support for ODM drivers
BugLink: https://bugs.launchpad.net/bugs/1912789
We want to be able to selectively turn on ODM driver support for those
kernels/arches we have to but otherwise not inherit this to other
derivatives. This is done by a new config option which we will have to
depend on in the new drivers config options. Support is toggled by
changing a makefile rule variable. The new config option will be hidden
as long as not at least one of the arches supported turns on the rule
variable.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
(cherry picked from commit 4aeffc246531a666c1fad1925ebf1a6e68a704e4
focal) Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Kunyang_Fan [Wed, 16 Jun 2021 05:56:58 +0000 (13:56 +0800)]
UBUNTU: ODM: mfd: Add support for IO functions of AAEON devices
BugLink: https://bugs.launchpad.net/bugs/1929504
This adds the supports for multiple IO functions of the
AAEON x86 devices and makes use of the WMI interface to
control the these IO devices including:
- GPIO
- LED
- Watchdog
- HWMON
It also adds the mfd child device drivers to support
the above IO functions.
Signed-off-by: Kunyang_Fan <kunyang_fan@asus.com> Review-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Review-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Kunyang_Fan [Wed, 16 Jun 2021 05:57:01 +0000 (13:57 +0800)]
UBUNTU: ODM: hwmon: add driver for AAEON devices
BugLink: https://bugs.launchpad.net/bugs/1929504
This refator patch adds support for the hwmon information
which are transported to userspace through ASUS WMI interface.
Signed-off-by: Kunyang_Fan <kunyang_fan@asus.com> Review-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Review-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
UBUNTU: [Packaging]: Add kernel command line condition to hv-kvp-daemon service
linux-cloud-tools-common ships a service for hyper-v hypervisor. It is
known to be prohibited on certain instance types. Add a kernel command
line condition to skip starting this service there.
BugLink: https://bugs.launchpad.net/bugs/1932081 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
cc: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Seth Forshee [Thu, 17 Jun 2021 19:48:08 +0000 (14:48 -0500)]
UBUNTU: SAUCE: Revert "net/tls(TLS_SW): Add selftest for 'chunked' sendfile test"
This reverts commit 0e6fbe39bdf71b4e665767bcbf53567a3e6d0623. Based
on the commit message, this commit was added to demonstrate a problem
with sendfile when using ktls, but there's no indication that this
problem has ever been fixed. I'm inquiring about this upstream [1],
but in the mean time let's remove this test as it looks like its
expected to fail.
Seth Forshee [Mon, 14 Jun 2021 12:22:48 +0000 (07:22 -0500)]
UBUNTU: [Config] enable signing for ppc64el
A bug in 5.13 is preventing IBM from testing secure boot. They will
provide a fix, and we will need to provide a new signed kernel build
for them to test. Thus we must re-enable signing.
Seth Forshee [Mon, 14 Jun 2021 12:08:19 +0000 (07:08 -0500)]
UBUNTU: [Config] use ZSTD to compress amd64 kernels
BugLink: https://bugs.launchpad.net/bugs/1931725
Testing shows that while LZ4 decompresses faster than ZSTD, ZSTD
compresses much better, and the decreased load time for the smaller
kernel image more than makes up for the slower decompression. Switch
to ZSTD for kernel compression on amd64, which is the only arch which
currently supports it.
Seth Forshee [Tue, 1 Jun 2021 13:26:19 +0000 (08:26 -0500)]
UBUNTU: [Debian] remove nvidia dkms build support
We no longer need to generate signatures for nvidia modules during our
kernel build, as they are signed using the ubuntu drivers key. Remove
support for building the nvidia modules.
We must still keep the dkms-build--* scripts for now, as our tooling
currently syncs these scripts from the kernel tree into
linux-restricted-modules.
Seth Forshee [Wed, 2 Jun 2021 20:16:14 +0000 (15:16 -0500)]
UBUNTU: [Debian] exclude $(DEBIAN)/__abi.current from linux-source
BugLink: https://bugs.launchpad.net/bugs/1930713
Previously install-source ran before the flavour install, but that is
no longer the case. As a result the __abi.current driectory ends up
in the linux-source package. Explicitly exclude it when installing
files for linux-source.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Tue, 1 Jun 2021 15:36:03 +0000 (10:36 -0500)]
UBUNTU: [Debian] dkms-build -- use fakeroot if not running as root
BugLink: https://bugs.launchpad.net/bugs/1930713
Some dkms builds require running as root, or at least the illusion of
doing so. However we need to do dkms builds before deleting the
flavour build directory in order to sign the modules, and this may
happen without fakeroot. Detect whether or not dkms-build has been
invoked as root, and if not use fakeroot to do the dkms build.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Thu, 20 May 2021 21:15:13 +0000 (16:15 -0500)]
UBUNTU: [Debian] run install-$(flavour) targets during build phase
BugLink: https://bugs.launchpad.net/bugs/1930713
Move installation of files from the flavour build directories to the
build phase. This results in cleaning up of one flavour build
directory before starting the build of the next flavour, significantly
reducing the amount of space needed on builders.
Note that this will result in incorrect ownership of files in cases
where the build and binary phases of building packages are run
separately. This will be addressed in a later commit.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Seth Forshee [Thu, 20 May 2021 20:32:25 +0000 (15:32 -0500)]
UBUNTU: [Debian] use stamps for flavour install targets
BugLink: https://bugs.launchpad.net/bugs/1930713
In preparation for moving installation of files from the flavour
build directories over to the build phase, convert relevant install-*
targets to use stamps.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com>
Install the kvm_stat systemd service in linux-host-tools package,
disabled by default. The service logs KVM kernel module trace events to
/var/log/kvm_stat.csv.
This tool is useful for observing guest behavior from the host
perspective. Often conclusions about performance or buggy behavior can
be drawn from the output.
BugLink: https://bugs.launchpad.net/bugs/1921870 Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
UBUNTU: [Packaging] Build and include GDB Python scripts into debug packages
The kernel comes with useful GDB debugging scripts/commands (enabled
with CONFIG_GDB_SCRIPTS), however these are built either with "all" make
target or with "scripts_gdb". Build these in
"$(stampdir)/stamp-build-%" target and package in "install-%" under
/usr/share/gdb/auto-load.
BugLink: https://bugs.launchpad.net/bugs/1928715 Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1920180 Signed-off-by: Alex Hung <alex.hung@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1921632
The soundwire audio driver in the kernel could work on some Dell cml
machines, so enable the machine driver and some needed codec driver.
Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Andrea Righi [Mon, 31 May 2021 10:02:50 +0000 (12:02 +0200)]
UBUNTU: [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
This option will disable uprivileged BPF by default. It can be reenabled,
though, as it uses the new value 2 for the kernel.unprivileged_bpf_disabled
sysctl. That value disables it, but allows the sysctl knob to be set back
to 0.
This allows sysadmins to enable unprivileged BPF back by using sysctl
config files.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Seth Forshee [Wed, 19 May 2021 15:21:20 +0000 (10:21 -0500)]
UBUNTU: [Config] Temporarily disable signing for ppc64el and s390x
We're awaiting testing of lockdown under secureboot on these
architectures. Disable signing in the meantime to allow putting
linux-unstable into -proposed.
UBUNTU: SAUCE: integrity: add informational messages when revoking certs
integrity_load_cert() prints messages of the source and cert details
when adding certs as trusted. Mirror those messages in
uefi_revocation_list_x509() when adding certs as revoked.
UBUNTU: SAUCE: integrity: Load mokx certs from the EFI MOK config table
Refactor load_moklist_certs() to load either MokListRT into db, or
MokListXRT into dbx. Call load_moklist_certs() twice - first to load
mokx certs into dbx, then mok certs into db.
This thus now attempts to load mokx certs via the EFI MOKvar config
table first, and if that fails, via the EFI variable. Previously mokx
certs were only loaded via the EFI variable. Which fails when
MokListXRT is large. Instead of large MokListXRT variable, only
MokListXRT{1,2,3} are available which are not loaded. This is the case
with Ubuntu's 15.4 based shim. This patch is required to address
CVE-2020-26541 when certificates are revoked via MokListXRT.
Fixes: ebd9c2ae369a ("integrity: Load mokx variables into the blacklist keyring") BugLink: https://bugs.launchpad.net/bugs/1928679 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>