kernels: Update to version 4.19.6 and enable EFI support in linux-aws

Remove 0055-net-ipv4-defensive-cipso-option-parsing.patch from
linux-aws, since it got merged in linux-stable 4.19.2.

Enable EFI in linux-aws config in order to support kernel signing.

Change-Id: I27b866bdeec59711000b00549c69f8023924a79e
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6242
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>

SPECS/linux-api-headers/linux-api-headers.spec

@@ -1,14 +1,14 @@
 Summary:	Linux API header files
 Name:		linux-api-headers
-Version:	4.19.1
+Version:	4.19.6
 Release:	1%{?dist}
 License:	GPLv2
 URL:		http://www.kernel.org/
 Group:		System Environment/Kernel
 Vendor:		VMware, Inc.
 Distribution: Photon
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952
+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61
 BuildArch:	noarch
 %description
 The Linux API Headers expose the kernel's API for use by Glibc.
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
 %defattr(-,root,root)
 %{_includedir}/*
 %changelog
+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1
+-   Update to version 4.19.6
 *   Mon Nov 05 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.1-1
 -   Update to version 4.19.1
 *   Thu Sep 20 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.18.9-1

SPECS/linux/aws/0014-xen-manage-introduce-helper-function-to-know-the-on-.patch

@@ -22,7 +22,7 @@ Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>
  2 files changed, 19 insertions(+)
 
 diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
-index 1c9750fefa64..1720225eecb6 100644
+index 609fca8..2676b52 100644
 --- a/drivers/xen/manage.c
 +++ b/drivers/xen/manage.c
 @@ -50,6 +50,21 @@ enum suspend_modes {
@@ -48,10 +48,10 @@ index 1c9750fefa64..1720225eecb6 100644
  	int cancelled;
  };
 diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h
-index a95e65ec83c3..2e4b476b516c 100644
+index f6e798d..2aa94d8 100644
 --- a/include/xen/xen-ops.h
 +++ b/include/xen/xen-ops.h
-@@ -38,6 +38,10 @@ u64 xen_steal_clock(int cpu);
+@@ -39,6 +39,10 @@ u64 xen_steal_clock(int cpu);
 
  int xen_setup_shutdown_event(void);
 
@@ -61,7 +61,6 @@ index a95e65ec83c3..2e4b476b516c 100644
 +
  extern unsigned long *xen_contiguous_bitmap;
 
- #ifdef CONFIG_XEN_PV
+ #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64)
 -- 
-2.14.4
-
+2.7.4

SPECS/linux/aws/0017-x86-xen-add-system-core-suspend-and-resume-callbacks.patch

@@ -23,10 +23,10 @@ Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>
  3 files changed, 56 insertions(+)
 
 diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
-index 8afb6dd311f1..c78b3e8fb2e5 100644
+index d24ad16..4196a65 100644
 --- a/arch/x86/xen/enlighten_hvm.c
 +++ b/arch/x86/xen/enlighten_hvm.c
-@@ -201,6 +201,7 @@ static void __init xen_hvm_guest_init(void)
+@@ -202,6 +202,7 @@ static void __init xen_hvm_guest_init(void)
  	if (xen_feature(XENFEAT_hvm_callback_vector))
  		xen_have_vector_callback = 1;
 
@@ -35,7 +35,7 @@ index 8afb6dd311f1..c78b3e8fb2e5 100644
  	WARN_ON(xen_cpuhp_setup(xen_cpu_up_prepare_hvm, xen_cpu_dead_hvm));
  	xen_unplug_emulated_devices();
 diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c
-index 3e3a58ea669e..5e542b7e5802 100644
+index 1d83152..784c448 100644
 --- a/arch/x86/xen/suspend.c
 +++ b/arch/x86/xen/suspend.c
 @@ -2,17 +2,22 @@
@@ -61,7 +61,7 @@ index 3e3a58ea669e..5e542b7e5802 100644
 
  #include "xen-ops.h"
  #include "mmu.h"
-@@ -78,3 +83,51 @@ void xen_arch_suspend(void)
+@@ -82,3 +87,51 @@ void xen_arch_suspend(void)
 
  	on_each_cpu(xen_vcpu_notify_suspend, NULL, 1);
  }
@@ -114,18 +114,18 @@ index 3e3a58ea669e..5e542b7e5802 100644
 +		register_syscore_ops(&xen_hvm_syscore_ops);
 +}
 diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h
-index 2e4b476b516c..90c2b41eb4f3 100644
+index 2aa94d8..77f65e5 100644
 --- a/include/xen/xen-ops.h
 +++ b/include/xen/xen-ops.h
-@@ -42,6 +42,8 @@ bool xen_suspend_mode_is_xen_suspend(void);
+@@ -43,6 +43,8 @@ bool xen_suspend_mode_is_xen_suspend(void);
  bool xen_suspend_mode_is_pm_suspend(void);
  bool xen_suspend_mode_is_pm_hibernation(void);
 
 +void xen_setup_syscore_ops(void);
 +
  extern unsigned long *xen_contiguous_bitmap;
 
- #ifdef CONFIG_XEN_PV
+ #if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64)
 -- 
-2.14.4
+2.7.4
 

SPECS/linux/config-aws

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.1 Kernel Configuration
+# Linux/x86 4.19.6 Kernel Configuration
 #
 
 #
@@ -397,7 +397,9 @@ CONFIG_X86_SMAP=y
 CONFIG_X86_INTEL_UMIP=y
 # CONFIG_X86_INTEL_MPX is not set
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
-# CONFIG_EFI is not set
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+# CONFIG_EFI_MIXED is not set
 CONFIG_SECCOMP=y
 # CONFIG_HZ_100 is not set
 CONFIG_HZ_250=y
@@ -484,6 +486,7 @@ CONFIG_ACPI_HOTPLUG_IOAPIC=y
 CONFIG_ACPI_SBS=m
 # CONFIG_ACPI_HED is not set
 # CONFIG_ACPI_CUSTOM_METHOD is not set
+# CONFIG_ACPI_BGRT is not set
 # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
 # CONFIG_ACPI_NFIT is not set
 CONFIG_HAVE_ACPI_APEI=y
@@ -641,6 +644,19 @@ CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
 # CONFIG_ISCSI_IBFT_FIND is not set
 # CONFIG_FW_CFG_SYSFS is not set
 # CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# EFI (Extensible Firmware Interface) Support
+#
+# CONFIG_EFI_VARS is not set
+CONFIG_EFI_ESRT=y
+# CONFIG_EFI_RUNTIME_MAP is not set
+# CONFIG_EFI_FAKE_MEMMAP is not set
+CONFIG_EFI_RUNTIME_WRAPPERS=y
+# CONFIG_EFI_CAPSULE_LOADER is not set
+# CONFIG_EFI_TEST is not set
+# CONFIG_APPLE_PROPERTIES is not set
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_UEFI_CPER=y
 CONFIG_UEFI_CPER_X86=y
 
@@ -2971,6 +2987,7 @@ CONFIG_FB_CIRRUS=m
 # CONFIG_FB_VGA16 is not set
 # CONFIG_FB_UVESA is not set
 CONFIG_FB_VESA=y
+# CONFIG_FB_EFI is not set
 # CONFIG_FB_N411 is not set
 # CONFIG_FB_HGA is not set
 # CONFIG_FB_OPENCORES is not set
@@ -3525,6 +3542,7 @@ CONFIG_XEN_PRIVCMD=m
 # CONFIG_XEN_ACPI_PROCESSOR is not set
 # CONFIG_XEN_MCE_LOG is not set
 CONFIG_XEN_HAVE_PVMMU=y
+CONFIG_XEN_EFI=y
 CONFIG_XEN_AUTO_XLATE=y
 CONFIG_XEN_ACPI=y
 # CONFIG_XEN_SYMS is not set
@@ -3846,6 +3864,7 @@ CONFIG_HUGETLB_PAGE=y
 CONFIG_MEMFD_CREATE=y
 CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
 CONFIG_CONFIGFS_FS=m
+CONFIG_EFIVAR_FS=m
 CONFIG_MISC_FILESYSTEMS=y
 # CONFIG_ORANGEFS_FS is not set
 # CONFIG_ADFS_FS is not set
@@ -4216,7 +4235,6 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 # CONFIG_CRYPTO_SM4 is not set
-# CONFIG_CRYPTO_SPECK is not set
 CONFIG_CRYPTO_TEA=m
 CONFIG_CRYPTO_TWOFISH=m
 CONFIG_CRYPTO_TWOFISH_COMMON=m
@@ -4360,7 +4378,7 @@ CONFIG_CLZ_TAB=y
 CONFIG_IRQ_POLL=y
 CONFIG_MPILIB=y
 CONFIG_OID_REGISTRY=y
-CONFIG_UCS2_STRING=m
+CONFIG_UCS2_STRING=y
 CONFIG_FONT_SUPPORT=y
 # CONFIG_FONTS is not set
 CONFIG_FONT_8x8=y
@@ -4566,8 +4584,10 @@ CONFIG_TRACE_IRQFLAGS_SUPPORT=y
 # CONFIG_X86_VERBOSE_BOOTUP is not set
 CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_EARLY_PRINTK_EFI is not set
 # CONFIG_EARLY_PRINTK_USB_XDBC is not set
 # CONFIG_X86_PTDUMP is not set
+# CONFIG_EFI_PGT_DUMP is not set
 # CONFIG_DEBUG_WX is not set
 CONFIG_DOUBLEFAULT=y
 # CONFIG_DEBUG_TLBFLUSH is not set

SPECS/linux/linux-aws.spec

@@ -1,15 +1,15 @@
 %global security_hardening none
 Summary:        Kernel
 Name:           linux-aws
-Version:        4.19.1
-Release:        3%{?kat_build:.%kat_build}%{?dist}
+Version:        4.19.6
+Release:        1%{?kat_build:.%kat_build}%{?dist}
 License:    	GPLv2
 URL:        	http://www.kernel.org/
 Group:        	System Environment/Kernel
 Vendor:         VMware, Inc.
 Distribution: 	Photon
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952
+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61
 Source1:	config-aws
 Source2:	initramfs.trigger
 # common
@@ -62,7 +62,6 @@ Patch123: 0027-xen-blkfront-add-persistent_grants-parameter.patch
 Patch125: 0029-Revert-xen-dont-fiddle-with-event-channel-masking-in.patch
 Patch131: 0035-xen-blkfront-Fixed-blkfront_restore-to-remove-a-call.patch
 Patch133: 0037-x86-tsc-avoid-system-instability-in-hibernation.patch
-Patch151: 0055-net-ipv4-defensive-cipso-option-parsing.patch
 Patch152: 0056-Amazon-ENA-driver-Update-to-version-1.6.0.patch
 
 %if 0%{?kat_build:1}
@@ -179,7 +178,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.
 %patch125 -p1
 %patch131 -p1
 %patch133 -p1
-%patch151 -p1
 %patch152 -p1
 
 %if 0%{?kat_build:1}
@@ -358,6 +356,9 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
 %{_libdir}/perf/include/bpf/*
 
 %changelog
+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1
+-   Update to version 4.19.6
+-   Enable EFI in config-aws to support kernel signing.
 *   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.1-3
 -   Set nvme io_timeout to maximum in kernel cmdline.
 *   Wed Nov 14 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

SPECS/linux/linux-esx.spec

@@ -1,15 +1,15 @@
 %global security_hardening none
 Summary:        Kernel
 Name:           linux-esx
-Version:        4.19.1
-Release:        3%{?dist}
+Version:        4.19.6
+Release:        1%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org/
 Group:          System Environment/Kernel
 Vendor:         VMware, Inc.
 Distribution:   Photon
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952
+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61
 Source1:        config-esx
 Source2:        initramfs.trigger
 # common
@@ -186,6 +186,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 /usr/src/linux-headers-%{uname_r}
 
 %changelog
+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1
+-   Update to version 4.19.6
 *   Thu Nov 29 2018 Alexey Makhalov <amakhalov@vmware.com> 4.19.1-3
 -   Fix BAR4 is zero issue for IDE devices
 *   Thu Nov 15 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2

SPECS/linux/linux-secure.spec

@@ -1,15 +1,15 @@
 %global security_hardening none
 Summary:        Kernel
 Name:           linux-secure
-Version:        4.19.1
-Release:        2%{?kat_build:.%kat_build}%{?dist}
+Version:        4.19.6
+Release:        1%{?kat_build:.%kat_build}%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org/
 Group:          System Environment/Kernel
 Vendor:         VMware, Inc.
 Distribution:   Photon
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
-%define sha1 linux=5ece7a7149eeef06bba906eeabbc2f29a8ac3952
+%define sha1 linux=d96fd72968960268b2203a3b4aff9497cd3abc61
 Source1:        config-secure
 Source2:        initramfs.trigger
 # common
@@ -234,6 +234,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 /usr/src/linux-headers-%{uname_r}
 
 %changelog
+*   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1
+-   Update to version 4.19.6
 *   Thu Nov 15 2018 Ajay Kaher <akaher@vmware.com> 4.19.1-2
 -   Adding BuildArch
 *   Thu Nov 08 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.1-1