linux: disable KUnit#247826
Merged
yu-re-ka merged 1 commit intoNixOS:masterfrom Aug 9, 2023
yu-re-ka:rpi4-no-kunit
Merged
Conversation
ofborg
bot
requested review from
Ma27,
NeQuissimus,
TredwellGit,
alyssais and
thoughtpolice
ofborg
bot
added
10.rebuild-darwin: 0
purcell
reviewed
Aug 8, 2023
purcell
approved these changes
Aug 8, 2023
Member
purcell
left a comment
purcell
left a comment
There was a problem hiding this comment.
The method for this fix seems reasonable, and the fix itself is vital for this kernel to work correctly.
kloenk
approved these changes
Aug 8, 2023
Member
kloenk
left a comment
kloenk
left a comment
There was a problem hiding this comment.
KUNIT is not designed for production use. LGTM
Contributor
Author
|
Changed from a linux_rpi* specific patch to generic |
kloenk
approved these changes
Aug 9, 2023
Member
kloenk
left a comment
kloenk
left a comment
There was a problem hiding this comment.
Disabling globally sounds more reasonable. LGTM
ofborg
bot
added
10.rebuild-darwin: 1-10
Member
|
@yu-re-ka wrote to me as a member of the security team since she suspected that the option previously broke KASLR (thanks for your vigilance!), but it seems not to be the case based on this test: with import ./. {};
nixosTest {
name = "kaslr";
nodes.machine = {
# uncommenting this breaks the test, so I guess kaslr works
#boot.kernelParams = ["nokaslr"];
};
testScript = ''
start_all()
a = machine.succeed("grep pvh_start_xen /proc/kallsyms").strip()
machine.shutdown()
start_all()
b = machine.succeed("grep pvh_start_xen /proc/kallsyms").strip()
assert a != b
'';
} |
Member
|
This broke configuration of some older kernels, e.g. 5.4: |
Contributor
|
I think |
CHN-beta
pushed a commit
to CHN-beta/nixpkgs
that referenced
this pull request
Aug 26, 2023
partial revert of f371975 Revert "linuxManualConfig: restore functionality of isModular and buildDTBs" This reverts commit 284d76e. Revert "lib/systems: strip kernel to avoid reference cycles" This reverts commit 2458c94. Revert "linuxManualConfig: set badPlatforms" This reverts commit 5c5e5e2. Revert "linux.configfile: remove unused kernelTarget attr" This reverts commit 01b3642. Revert "linuxManualConfig: always depend on ubootTools" This reverts commit e5e02f3. Revert "linux: default stdenv.hostPlatform.linux-kernel" This reverts commit febe477. Revert "linux: manual-config: use a non-random path for $buildRoot" This reverts commit a695425. Revert "linuxManualConfig: fix inaccurate FIXME comment" This reverts commit 4d15632. Revert "linuxManualConfig: get rid of drvAttrs" This reverts commit f521f46. Revert "linuxManualConfig: install GDB scripts" This reverts commit d57568f. Revert "linuxManualConfig: use the default make target" This reverts commit 41f788b. Revert "linuxManualConfig: unpack directly into $dev" This reverts commit 7de3f08. Revert "linuxManualConfig: don't build inside source tree" This reverts commit d75cff2. kernel: fix passthru.tests NixOS#191540 indirectly broke kernel passthru.tests; calling the testsForLinuxPackages and testsForKernel functions with some args intended for some other exposed test-internal function. Organise the passed-through functions under `passthru` to prevent this from happening. linuxPackages_testing.perf: fix patchShebang Without the change `perf` build fails as: $ nix build --no-link -f. linuxPackages_testing.perf -L build flags: SHELL=/nix/store/p6dlr3skfhxpyphipg2bqnj52999banh-bash-5.2-p15/bin/bash prefix=\$\(out\) WERROR=0 ASCIIDOC8=1 O=\$\(buildRoot\) CC=/nix/store/bxic6j2whyg3z4h2x3xjyqgp7fl83bnp-gcc-wrapper-12.3.0/bin/cc HOSTCC=/nix/store/bxic6j2whyg3z4h2x3xjyqgp7fl83bnp-gcc-wrapper-12.3.0/bin/cc HOSTLD=/nix/store/kcp78dk7h5gcs7d4qss7rbz3skxhzdnn-binutils-wrapper-2.40/bin/ld ARCH=x86_64 NO_GTK2=1 BUILD: Doing 'make -j16' parallel build HOSTCC fixdep.o HOSTLD fixdep-in.o LINK fixdep make[1]: ./check-headers.sh: No such file or directory make[1]: *** [Makefile.perf:241: sub-make] Error 127 make: *** [Makefile:70: all] Error 2 This started happening because upstream linux commit torvalds/linux@d674838 changed shebang from /bin/sh to /bin/bash. Let's retroactively switch all `perf` releases to shell interpreter from store. linux: 4.14.320 -> 4.14.321 linux: 4.19.289 -> 4.19.290 linux: 5.10.188 -> 5.10.189 linux: 5.15.124 -> 5.15.125 linux: 5.4.251 -> 5.4.252 linux: 6.1.43 -> 6.1.44 linux: 6.4.8 -> 6.4.9 linux: disable KUnit (NixOS#247826) linux_testing: 6.5-rc3 -> 6.5-rc5 rc5: https://lwn.net/Articles/940617/ rc4: https://lwn.net/Articles/939684/ linux: 4.14.321 -> 4.14.322 linux: 4.19.290 -> 4.19.291 linux: 5.10.189 -> 5.10.190 linux: 5.4.252 -> 5.4.253 linux: 6.1.44 -> 6.1.45 linux: 6.4.9 -> 6.4.10 linux-rt_5_15: 5.15.119-rt65 -> 5.15.125-rt66 linux: 5.15.125 -> 5.15.126 linux: disable KUNIT only at 5.5 and later `KUNIT` knob was added around 5.5 release: torvalds/linux@914cc63 linux_xanmod: 6.1.43 -> 6.1.45 linux_xanmod_latest: 6.4.8 -> 6.4.10 linux: 4.14.322 -> 4.14.323 linux: 4.19.291 -> 4.19.292 linux: 5.10.190 -> 5.10.191 linux: 5.15.126 -> 5.15.127 linux: 5.4.253 -> 5.4.254 linux: 6.1.45 -> 6.1.46 linux: 6.4.10 -> 6.4.11 linux_latest-libre: 19337 -> 19386 linux/hardened/patches/4.14: 4.14.320-hardened1 -> 4.14.322-hardened1 linux/hardened/patches/4.19: 4.19.289-hardened1 -> 4.19.291-hardened1 linux/hardened/patches/5.10: 5.10.188-hardened1 -> 5.10.190-hardened1 linux/hardened/patches/5.15: 5.15.123-hardened1 -> 5.15.126-hardened1 linux/hardened/patches/5.4: 5.4.251-hardened1 -> 5.4.253-hardened1 linux/hardened/patches/6.1: 6.1.42-hardened1 -> 6.1.45-hardened1 linux/hardened/patches/6.4: 6.4.7-hardened1 -> 6.4.10-hardened1 linux_xanmod: 6.1.45 -> 6.1.46 linux_xanmod_latest: 6.4.10 -> 6.4.11 linux-rt_6_1: 6.1.33-rt11 -> 6.1.46-rt13 linux: make main update script slightly more robust On NixOS#249636 I had to manually run the updaters for hardened & libre kernels. The cause was that `update-rt.sh` suddenly broke. Because I didn't want to inhibit other kernel updates because of a rather niche variant, I decided to move forward temporarily and take care of it later. One issue was that the script failed silently, i.e. I only saw that the script terminated early from my prompt. This is fixed now by making each niche kernel updater print its exit code code if it failed. Also, errors are allowed, i.e. a broken `update-rt.sh` doesn't block `hardened/update.py` etc.. The issue itself is rather simple. When I updated the kernels in NixOS#249636, the sha256sums.asc for rt kernels[1] looked like this: 199bbb0cdb97ead22732473b95c8b2e8da62dfd71bde2339163119fb537a2b7c patch-6.1.38-rt13-rc1.patch.gz a1af54f6987e96de06cad0a3226c5b5a992b60df084a904b6b94ea247fb46027 patch-6.1.38-rt13-rc1.patch.xz 7bb68561787e46e3c433d9b514373ce368d587ac459b91df41934e70280d008f patches-6.1.38-rt13-rc1.tar.gz ee65336dd6ae0be398796e7b75291918811a23e10121dc09bd84b244b12402fa patches-6.1.38-rt13-rc1.tar.xz However, the script itself skips any RC versions of the realtime patches, so no releases were usable and the script failed. It's probably possible to use the overview over all releases instead[2], however that'd complicate the script notably. Anyways, since RT kernels don't bump to each patch-level release, I don't think it hurts too much if such an update is slightly more delayed. However if we want to fix this, I'd prefer this to be fixed by folks who care more about rt kernels than I do. [1] https://kernel.org/pub/linux/kernel/projects/rt/6.1/sha256sums.asc [2] https://mirrors.edge.kernel.org/pub/linux/kernel/projects/rt/6.1/older/sha256sums.asc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes a crash when loading the vc4 driver
Description of changes
Fixes parts of NixOS/nixos-hardware#631
The downstream vc4 driver uses kunit tests: https://github.com/raspberrypi/linux/blob/9d516c9f10eb7c6950131488e9893d3c1530c0dc/Documentation/gpu/vc4.rst#kunit-tests
When it is detected that the driver is running in a kunit test, it frees an allocation that is later needed to work with real hardware.
vc4_hvs.c
For some reason, when our config has CONFIG_KUNIT=m, it believes it is running in a kunit test and this leads to a crash such as NixOS/nixos-hardware#631 (comment).
Raspbian does not have AUTO_MODULES like we have, so there CONFIG_KUNIT is always 'n'.
I'm not entirely sure if this is the correct place to add it, but seemingly there is no other place either.
Upstream bug report: raspberrypi/linux#5568
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)