Merge pull request kata-containers#10468 from fidencio/topic/early-te…

…sts-on-next-lts-kernel

versions: Move kernel to the latest 6.12 release (the current LTS)

tests/integration/kubernetes/k8s-empty-dirs.bats

@@ -45,6 +45,8 @@ setup() {
 }
 
 @test "Empty dir volume when FSGroup is specified with non-root container" {
+	skip "See: https://github.com/kata-containers/kata-containers/issues/10706"
+
 	# This is a reproducer of k8s e2e "[sig-storage] EmptyDir volumes when FSGroup is specified [LinuxOnly] [NodeFeature:FSGroup] new files should be created with FSGroup ownership when container is non-root" test
 	pod_file="${pod_config_dir}/pod-empty-dir-fsgroup.yaml"
 	agnhost_name="${container_images_agnhost_name}"

tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml

@@ -16,7 +16,7 @@ spec:
       imagePullPolicy: IfNotPresent
       name: oom-test
       command: ["/bin/sh"]
-      args: ["-c", "sleep 2; stress --vm 2 --vm-bytes 400M --timeout 30s"]
+      args: ["-c", "sleep 2; stress --vm 2 --vm-bytes 500M --timeout 30s"]
       resources:
         limits:
           memory: 500Mi

tools/packaging/kernel/configs/fragments/arm64/base.conf

@@ -42,9 +42,6 @@ CONFIG_ARM64_RAS_EXTN=y
 #
 # ARMv8.5 architectural features
 #
-CONFIG_ARCH_RANDOM=y
-CONFIG_RANDOM_TRUST_CPU=y
-
 CONFIG_NO_HZ_FULL=y
 CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 CONFIG_RANDOMIZE_BASE=y

tools/packaging/kernel/configs/fragments/common/cgroup.conf

@@ -2,6 +2,7 @@
 # also used/looked for by systemd rootfs.
 CONFIG_CGROUPS=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_V1=y
 CONFIG_BLK_CGROUP=y
 CONFIG_CGROUP_WRITEBACK=y
 CONFIG_CGROUP_SCHED=y
@@ -10,6 +11,7 @@ CONFIG_CFS_BANDWIDTH=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CPUSETS=y
+CONFIG_CPUSETS_V1=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_HUGETLB=y

tools/packaging/kernel/configs/fragments/s390/base.conf

@@ -7,8 +7,6 @@ CONFIG_S390_UV_UAPI=y
 CONFIG_CCW=y
 # Select default KVM options from arch/s390/kvm/Kconfig
 CONFIG_VIRTUALIZATION=y
-CONFIG_HAVE_KVM=y
-CONFIG_KVM=y
 
 CONFIG_MODULES=y
 CONFIG_MODULE_SIG=y

tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf

@@ -1,5 +1,7 @@
 # see https://www.kernel.org/doc/html/latest/s390/vfio-ap.html for more information
 
+# Support for Adjunct Processors (ap)
+CONFIG_AP=y
 # VFIO support for AP devices
 CONFIG_VFIO_AP=y
 CONFIG_VFIO_IOMMU_TYPE1=y

tools/packaging/kernel/configs/fragments/whitelist.conf

@@ -1,12 +1,14 @@
 # configuration options which may dropped in newer kernels
 # without generating an error in fragment merging
 CONFIG_ARCH_RANDOM
+CONFIG_RANDOM_TRUST_CPU
 CONFIG_ARM64_CRYPTO
 CONFIG_AUTOFS4_FS
 CONFIG_GENERIC_MSI_IRQ_DOMAIN
 CONFIG_IP_NF_TARGET_CLUSTERIP
 CONFIG_PCI_MSI_IRQ_DOMAIN
 CONFIG_CLK_LGM_CGU
+CONFIG_MEMCG_SWAP
 CONFIG_NET_SCH_CBQ
 CONFIG_NF_NAT_IPV4
 CONFIG_NF_NAT_NEEDED
@@ -29,3 +31,12 @@ CONFIG_VIRTIO_IOMMU
 CONFIG_CRYPTO_ECDSA
 CONFIG_TN3270_TTY
 CONFIG_S390_AP_IOMMU
+CONFIG_CPU_MITIGATIONS
+CONFIG_RETPOLINE
+CONFIG_MITIGATION_RETPOLINE
+CONFIG_PAGE_TABLE_ISOLATION
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
+CONFIG_VFIO_AP
+CONFIG_VFIO_MDEV
+CONFIG_CPUSETS_V1
+CONFIG_MEMCG_V1

tools/packaging/kernel/configs/fragments/x86_64/acpi.conf

@@ -6,7 +6,7 @@ CONFIG_X86_MPPARSE=y
 
 CONFIG_ACPI_CPU_FREQ_PSS=y
 CONFIG_ACPI_HOTPLUG_IOAPIC=y
-CONFIG_ACPI_LEGACY_TABLES_LOOKUP
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
 CONFIG_ACPI_LPIT=y
 CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
 CONFIG_ACPI_PROCESSOR_CSTATE=y

tools/packaging/kernel/configs/fragments/x86_64/base.conf

@@ -14,9 +14,11 @@ CONFIG_PARAVIRT=y
 CONFIG_NR_CPUS=240
 
 # For security
+CONFIG_CPU_MITIGATIONS=y
 CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_RETPOLINE=y
+CONFIG_MITIGATION_RETPOLINE=y
 
 # Boot directly into the uncompressed kernel
 # Reduce memory footprint

tools/packaging/kernel/configs/fragments/x86_64/mmu.conf

@@ -2,3 +2,4 @@
 
 # Remove the kernel mapping from the user space - security improvement.
 CONFIG_PAGE_TABLE_ISOLATION=y
+CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y

tools/packaging/kernel/kata_config_version

@@ -1 +1 @@
-141
+142

versions.yaml

@@ -194,11 +194,11 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-    version: "v6.1.62"
+    version: "v6.12.8"
     confidential:
       description: "Linux kernel with x86_64 TEEs (SEV, SNP, and TDX) support"
       url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-      version: "v6.7"
+      version: "v6.12.8"
 
   kernel-arm-experimental:
     description: "Linux kernel with cpu/mem hotplug support on arm64"