[CIQ 6.18] Rebase to v6.18.3 #802

github-actions · 2026-01-07T20:21:26Z

https://ciqinc.atlassian.net/browse/KERNEL-421

Automated Rebase to v6.18.3

Config Changes

commit 53b64bee207eef927b4d23afecbedb308755c8c0 (HEAD -> {automation_tmp}_ciq-6.18.y-next, origin/{automation_tmp}_ciq-6.18.y-next)
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date:   Wed Jan 7 16:24:32 2026 +0000

    [CIQ] v6.18.3 - rebased configs

    CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3
     spi: microchip: rename driver file and internal identifiers
     Upstream 71c814e98696f2cd53e9e6cef7501c2d667d4c5a

 ciq/configs/kernel-aarch64-64k-debug.config | 3 +--
 ciq/configs/kernel-aarch64-64k.config       | 3 +--
 ciq/configs/kernel-aarch64-debug.config     | 3 +--
 ciq/configs/kernel-aarch64.config           | 3 +--
 ciq/configs/kernel-x86_64-debug.config      | 3 +--
 ciq/configs/kernel-x86_64.config            | 3 +--
 6 files changed, 6 insertions(+), 12 deletions(-)

Build Log

/__w/kernel-src-tree/kernel-src-tree/kernel-src-tree
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
  CLEAN   include/config include/generated .config .config.old
[TIMER]{MRPROPER}: 4s
x86_64 architecture detected, copying config
'ciq/configs/kernel-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-automation_tmp_ciq-6.18.y-next-d93d84ce4d05"
Making olddefconfig
--
  HOSTCC  scripts/kconfig/util.o
  HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
Starting Build
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  GEN     arch/x86/include/generated/asm/orc_hash.h
  WRAP    arch/x86/include/generated/uapi/asm/errno.h
  WRAP    arch/x86/include/generated/uapi/asm/fcntl.h
  WRAP    arch/x86/include/generated/uapi/asm/ioctl.h
--
  LD [M]  net/qrtr/qrtr-mhi.ko
  BTF [M] net/qrtr/qrtr-mhi.ko
  LD [M]  virt/lib/irqbypass.ko
  BTF [M] virt/lib/irqbypass.ko
  BTF [M] net/mac80211/mac80211.ko
[TIMER]{BUILD}: 2114s
Making Modules
  SYMLINK /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/build
  INSTALL /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/modules.order
  INSTALL /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/modules.builtin
  INSTALL /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/modules.builtin.modinfo
--
  SIGN    /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/kernel/net/qrtr/qrtr.ko
  STRIP   /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/kernel/virt/lib/irqbypass.ko
  SIGN    /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+/kernel/virt/lib/irqbypass.ko
  DEPMOD  /lib/modules/6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+
[TIMER]{MODULES}: 11s
Making Install
  INSTALL /boot
dracut: WARNING: running in hostonly mode in a container!!
[TIMER]{INSTALL}: 15s
Skipping kABI check
Setting Default Kernel to /boot/vmlinuz-6.18.3-automation_tmp_ciq-6.18.y-next-d93d84ce4d05+ and Index to 0

Testing

Selftests passed: 578 tests

Artifacts

Adding configs based of Fedora-ARK default config from 6.18.2.

We are modifying these with the following configs where available CONFIG_MODIFY_LDT_SYSCALL=n CONFIG_LEGACY_VSYSCALL_NONE=n These options are for old software support which adds performance overhead and potential attack surfaces with go against the CIQ LT kernels priority of performance and security. CONFIG_LIVEPATCH=n We do not have Live patching on for any road-map CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y This should be enabled, it often improves performance funnily enough CONFIG_PREEMPT_VOLUNTARY=y CONFIG_HZ=100 These are set to increase throughput CONFIG_PREEMPT_VOLUNTARY=y (default Fedora config) but CONFIG_HZ=100 for higher throughput over the x86_64 default of CONFIG_HZ=1000 which provides lower latency. After modification 'make CROSS_COMPILE=./scripts/dummy-tools/' was run

Setting up the default build configs to ensure everything builds when we update and rebase.

jira LE-2629 feature Additional SecureBoot patches for dynamic lockdown commit b24fbd012b781b752cc51d6ef1fe1c6d5875ae87 commit-source https://salsa.debian.org/kernel-team/linux.git commit-patch-path debian/patches/features/all/lockdown commit-info Checkout the commit sha above and move to the directory listed above to find Debian patches matching this commits summary line. Add a kernel configuration option to lock down the kernel, to restrict userspace's ability to modify the running kernel when UEFI Secure Boot is enabled. Based on the x86 patch by Matthew Garrett. Determine the state of Secure Boot in the EFI stub and pass this to the kernel using the FDT. Signed-off-by: Linn Crosetto <linn@hpe.com> [bwh: Forward-ported to 4.10: adjust context] [Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] [bwh: Forward-ported to 4.15 and lockdown patch set: - Pass result of efi_get_secureboot() in stub through to efi_set_secure_boot() in main kernel - Use lockdown API and naming] [bwh: Forward-ported to 4.19.3: adjust context in update_fdt()] [dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection] [bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this] [bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a sys_table parameter] [bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so: - Add Secure Boot mode to the parameter enumeration in fdtparams.c - Add a parameter to efi_get_fdt_params() to return the Secure Boot mode - Since Xen does not have a property name defined for Secure Boot mode, change efi_get_fdt_prop() to handle a missing property name by clearing the output variable] [Salvatore Bonaccorso: Forward-ported to 5.10: f30f242 ("efi: Rename arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c] Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira LE-2629 feature Additional SecureBoot patches for dynamic lockdown commit b24fbd012b781b752cc51d6ef1fe1c6d5875ae87 commit-source https://salsa.debian.org/kernel-team/linux.git commit-patch-path debian/patches/features/all/lockdown commit-info Checkout the commit sha above and move to the directory listed above to find Debian patches matching this commits summary line. UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT flag that can be passed to efi_enabled() to find out whether secure boot is enabled. Move the switch-statement in x86's setup_arch() that inteprets the secure_boot boot parameter to generic code and set the bit there. Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> cc: linux-efi@vger.kernel.org [rperier: Forward-ported to 5.5: - Use pr_warn() - Adjust context] [bwh: Forward-ported to 5.6: adjust context] [bwh: Forward-ported to 5.7: - Use the next available bit in efi.flags - Adjust context] Signed-off-by: Jonathan Maple <jmaple@ciq.com> Revert "efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode" This reverts commit 4047f887e98539d07d664eaa6699d9c8fb6c0ca4.

jira LE-2629 feature Additional SecureBoot patches for dynamic lockdown commit b24fbd012b781b752cc51d6ef1fe1c6d5875ae87 commit-source https://salsa.debian.org/kernel-team/linux.git commit-patch-path debian/patches/features/all/lockdown commit-info Checkout the commit sha above and move to the directory listed above to find Debian patches matching this commits summary line. Based on an earlier patch by David Howells, who wrote the following description: > UEFI Secure Boot provides a mechanism for ensuring that the firmware will > only load signed bootloaders and kernels. Certain use cases may also > require that all kernel modules also be signed. Add a configuration option > that to lock down the kernel - which includes requiring validly signed > modules - if the kernel is secure-booted. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> [Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)] Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira LE-2629 feature Additional SecureBoot patches for dynamic lockdown commit b24fbd012b781b752cc51d6ef1fe1c6d5875ae87 commit-source https://salsa.debian.org/kernel-team/linux.git commit-patch-path debian/patches/features/all/lockdown commit-info Checkout the commit sha above and move to the directory listed above to find Debian patches matching this commits summary line. These drivers allow mapping arbitrary memory ranges as MTD devices. This should be disabled to preserve the kernel's integrity when it is locked down. * Add the HWPARAM flag to the module parameters * When slram is built-in, it uses __setup() to read kernel parameters, so add an explicit check security_locked_down() check Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Cc: Matthew Garrett <mjg59@google.com> Cc: David Howells <dhowells@redhat.com> Cc: Joern Engel <joern@lazybastard.org> Cc: linux-mtd@lists.infradead.org Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira LE-2629 feature Fedora EFI status status ommit 7a60169d168d6aae70aca10b7b71070666068529 commit-source https://gitlab.com/cki-project/kernel-ark/ This adds efi_status_to_str() for use when printing efi_status_t messages, and reworks efi_status_to_err() so that the two use a common list of errors. Upstream Status: RHEL only Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Jonathan Maple <jmaple@ciq.com>

CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3 spi: microchip: rename driver file and internal identifiers Upstream 71c814e

PlaidCat · 2026-01-08T22:41:08Z

Is the change from TESTING TESTING TESTING due to the use of this workflow?
https://github.com/ctrliq/kernel-src-tree/blob/refs/heads/clk-rebase-ga/.github/workflows/clk-rebase.yml

PlaidCat · 2026-01-08T23:22:22Z

Discussion Topic

For the below changes below the driver Name and Config changes torvalds/linux@71c814e

In our case of the kernel we're seeing a removal the not set which is still true that the aption would not be set as the ARCH_MICROCHIP is not defined however SPI_MASTER is set to Y.

Should we mention this? I'm not sure its valid.

Config Changes

commit 53b64bee207eef927b4d23afecbedb308755c8c0 (HEAD -> {automation_tmp}_ciq-6.18.y-next, origin/{automation_tmp}_ciq-6.18.y-next)
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date:   Wed Jan 7 16:24:32 2026 +0000

    [CIQ] v6.18.3 - rebased configs

    CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3
     spi: microchip: rename driver file and internal identifiers
     Upstream 71c814e98696f2cd53e9e6cef7501c2d667d4c5a

 ciq/configs/kernel-aarch64-64k-debug.config | 3 +--
 ciq/configs/kernel-aarch64-64k.config       | 3 +--
 ciq/configs/kernel-aarch64-debug.config     | 3 +--
 ciq/configs/kernel-aarch64.config           | 3 +--
 ciq/configs/kernel-x86_64-debug.config      | 3 +--
 ciq/configs/kernel-x86_64.config            | 3 +--
 6 files changed, 6 insertions(+), 12 deletions(-)

bmastbergen · 2026-01-09T14:22:53Z

Is the change from TESTING TESTING TESTING due to the use of this workflow? https://github.com/ctrliq/kernel-src-tree/blob/refs/heads/clk-rebase-ga/.github/workflows/clk-rebase.yml

Yes, I still consider this workflow a work in progress so I mark the title as TESTING so nobody jumps on it as soon as it shows up. But after I review it, if it looks ok, I remove the TESTING and submit it to the team.

bmastbergen · 2026-01-09T14:38:53Z

Discussion Topic

For the below changes below the driver Name and Config changes torvalds/linux@71c814e

In our case of the kernel we're seeing a removal the not set which is still true that the aption would not be set as the ARCH_MICROCHIP is not defined however SPI_MASTER is set to Y.

Should we mention this? I'm not sure its valid.

Config Changes

commit 53b64bee207eef927b4d23afecbedb308755c8c0 (HEAD -> {automation_tmp}_ciq-6.18.y-next, origin/{automation_tmp}_ciq-6.18.y-next)
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date:   Wed Jan 7 16:24:32 2026 +0000

    [CIQ] v6.18.3 - rebased configs

    CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3
     spi: microchip: rename driver file and internal identifiers
     Upstream 71c814e98696f2cd53e9e6cef7501c2d667d4c5a

 ciq/configs/kernel-aarch64-64k-debug.config | 3 +--
 ciq/configs/kernel-aarch64-64k.config       | 3 +--
 ciq/configs/kernel-aarch64-debug.config     | 3 +--
 ciq/configs/kernel-aarch64.config           | 3 +--
 ciq/configs/kernel-x86_64-debug.config      | 3 +--
 ciq/configs/kernel-x86_64.config            | 3 +--
 6 files changed, 6 insertions(+), 12 deletions(-)

I guess I leaned towards the side of brevity since it was a not set to begin with. The sha is there for the more curious reader.

PlaidCat · 2026-01-09T17:17:14Z

Discussion Topic

For the below changes below the driver Name and Config changes torvalds/linux@71c814e
In our case of the kernel we're seeing a removal the not set which is still true that the aption would not be set as the ARCH_MICROCHIP is not defined however SPI_MASTER is set to Y.
Should we mention this? I'm not sure its valid.

Config Changes
commit 53b64bee207eef927b4d23afecbedb308755c8c0 (HEAD -> {automation_tmp}_ciq-6.18.y-next, origin/{automation_tmp}_ciq-6.18.y-next)
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date:   Wed Jan 7 16:24:32 2026 +0000

    [CIQ] v6.18.3 - rebased configs

    CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3
     spi: microchip: rename driver file and internal identifiers
     Upstream 71c814e98696f2cd53e9e6cef7501c2d667d4c5a

 ciq/configs/kernel-aarch64-64k-debug.config | 3 +--
 ciq/configs/kernel-aarch64-64k.config       | 3 +--
 ciq/configs/kernel-aarch64-debug.config     | 3 +--
 ciq/configs/kernel-aarch64.config           | 3 +--
 ciq/configs/kernel-x86_64-debug.config      | 3 +--
 ciq/configs/kernel-x86_64.config            | 3 +--
 6 files changed, 6 insertions(+), 12 deletions(-)
I guess I leaned towards the side of brevity since it was a not set to begin with. The sha is there for the more curious reader.

Sounds good to me

PlaidCat

bmastbergen and others added 8 commits January 7, 2026 16:24

Add CIQ configs

4c51e1f

Adding configs based of Fedora-ARK default config from 6.18.2.

github actions: Make Builds on Merge Request Work

4675a01

Setting up the default build configs to ensure everything builds when we update and rebase.

bmastbergen force-pushed the {automation_tmp}_ciq-6.18.y-next branch from d93d84c to 1a1343f Compare January 7, 2026 20:36

[CIQ] v6.18.3 - rebased configs

53b64be

CONFIG_SPI_MICROCHIP_CORE is no longer a valid config option in 6.18.3 spi: microchip: rename driver file and internal identifiers Upstream 71c814e

bmastbergen force-pushed the {automation_tmp}_ciq-6.18.y-next branch from 1a1343f to 53b64be Compare January 7, 2026 20:39

bmastbergen changed the title ~~TESTING TESTING TESTING [CIQ 6.12] Rebase to v6.18.3~~ [CIQ 6.18] Rebase to v6.18.3 Jan 7, 2026

bmastbergen requested a review from a team January 8, 2026 20:05

PlaidCat approved these changes Jan 9, 2026

View reviewed changes

PlaidCat requested a review from a team January 9, 2026 17:17

shreeya-patel98 approved these changes Jan 12, 2026

View reviewed changes

bmastbergen merged commit 53b64be into ciq-6.18.y-next Jan 12, 2026
6 checks passed

bmastbergen deleted the {automation_tmp}_ciq-6.18.y-next branch January 12, 2026 16:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[CIQ 6.18] Rebase to v6.18.3 #802

[CIQ 6.18] Rebase to v6.18.3 #802

Uh oh!

github-actions bot commented Jan 7, 2026 •

edited by bmastbergen

Loading

Uh oh!

PlaidCat commented Jan 8, 2026

Uh oh!

PlaidCat commented Jan 8, 2026

Uh oh!

bmastbergen commented Jan 9, 2026

Uh oh!

bmastbergen commented Jan 9, 2026

Discussion Topic

Config Changes

Uh oh!

PlaidCat commented Jan 9, 2026

Discussion Topic

Config Changes

Uh oh!

PlaidCat left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

7 participants

[CIQ 6.18] Rebase to v6.18.3 #802

[CIQ 6.18] Rebase to v6.18.3 #802

Uh oh!

Conversation

github-actions bot commented Jan 7, 2026 • edited by bmastbergen Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Automated Rebase to v6.18.3

Config Changes

Build Log

Testing

Artifacts

Uh oh!

PlaidCat commented Jan 8, 2026

Uh oh!

PlaidCat commented Jan 8, 2026

Discussion Topic

Config Changes

Uh oh!

bmastbergen commented Jan 9, 2026

Uh oh!

bmastbergen commented Jan 9, 2026

Discussion Topic

Config Changes

Uh oh!

PlaidCat commented Jan 9, 2026

Discussion Topic

Config Changes

Uh oh!

PlaidCat left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

7 participants

github-actions bot commented Jan 7, 2026 •

edited by bmastbergen

Loading