From 3a0a5a7f2530abc776d0f6c61a8289f2b41ce393 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Mon, 17 Nov 2025 17:40:00 -0500 Subject: [PATCH 01/15] Enable EROFS --- arch/arm64/configs/ch_defconfig | 7 ++++++- arch/riscv/configs/ch_defconfig | 7 ++++++- arch/x86/configs/ch_defconfig | 8 +++++++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index 9bd97d72900e86..da3aa77b9f729b 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -2777,7 +2777,12 @@ CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 # CONFIG_PSTORE is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set -# CONFIG_EROFS_FS is not set +CONFIG_EROFS_FS=y +CONFIG_EROFS_FS_XATTR=y +CONFIG_EROFS_FS_POSIX_ACL=y +CONFIG_EROFS_FS_SECURITY=y +CONFIG_EROFS_FS_ZIP=y +CONFIG_EROFS_FS_ZIP_LZMA=y # CONFIG_NETWORK_FILESYSTEMS is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 2f119831b8c266..56f5750ae3fb99 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -2477,7 +2477,12 @@ CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 # CONFIG_PSTORE is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set -# CONFIG_EROFS_FS is not set +CONFIG_EROFS_FS=y +CONFIG_EROFS_FS_XATTR=y +CONFIG_EROFS_FS_POSIX_ACL=y +CONFIG_EROFS_FS_SECURITY=y +CONFIG_EROFS_FS_ZIP=y +CONFIG_EROFS_FS_ZIP_LZMA=y # CONFIG_NETWORK_FILESYSTEMS is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index c920bc41aa26b8..8909d8f0ac46a4 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -2647,7 +2647,13 @@ CONFIG_CONFIGFS_FS=y CONFIG_EFIVAR_FS=y # end of Pseudo filesystems -# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_MISC_FILESYSTEMS=y +CONFIG_EROFS_FS=y +CONFIG_EROFS_FS_XATTR=y +CONFIG_EROFS_FS_POSIX_ACL=y +CONFIG_EROFS_FS_SECURITY=y +CONFIG_EROFS_FS_ZIP=y +CONFIG_EROFS_FS_ZIP_LZMA=y # CONFIG_NETWORK_FILESYSTEMS is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" From 14caed42a0322f9d607c2c74e30c4f42e87cd71f Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 18 Nov 2025 08:51:41 -0500 Subject: [PATCH 02/15] Github workflow permissions --- .github/workflows/release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 70d4214376ff20..85ed46f37f6e42 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,6 +1,9 @@ name: Cloud Hypervisor Linux Release on: [create] +permissions: + contents: write + jobs: release: if: github.event_name == 'create' && github.event.ref_type == 'tag' From 52bead740e668e4d67598a3d453238e8c1a42f08 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 18 Nov 2025 11:46:05 -0500 Subject: [PATCH 03/15] build with vsock kernel module --- .github/workflows/release.yaml | 2 +- arch/arm64/configs/ch_defconfig | 4 ++-- arch/riscv/configs/ch_defconfig | 4 ++-- arch/x86/configs/ch_defconfig | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 85ed46f37f6e42..576f516282f881 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: release: if: github.event_name == 'create' && github.event.ref_type == 'tag' name: Release - runs-on: ubuntu-22.04 + runs-on: [self-hosted, linux, x64, kvm] steps: - name: Code checkout uses: actions/checkout@v4 diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index da3aa77b9f729b..a6ac60f506fe9f 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -1141,8 +1141,6 @@ CONFIG_NET_PTP_CLASSIFY=y CONFIG_VSOCKETS=y CONFIG_VSOCKETS_DIAG=y # CONFIG_VSOCKETS_LOOPBACK is not set -CONFIG_VIRTIO_VSOCKETS=y -CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_NETLINK_DIAG is not set # CONFIG_MPLS is not set # CONFIG_NET_NSH is not set @@ -2326,6 +2324,8 @@ CONFIG_VIRTIO_MEM=y CONFIG_VIRTIO_INPUT=y CONFIG_VIRTIO_MMIO=y CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_VIRTIO_DEBUG is not set # CONFIG_VDPA is not set CONFIG_VHOST_MENU=y diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 56f5750ae3fb99..af72f8b2b76c78 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -947,8 +947,6 @@ CONFIG_NET_PTP_CLASSIFY=y CONFIG_VSOCKETS=y CONFIG_VSOCKETS_DIAG=y # CONFIG_VSOCKETS_LOOPBACK is not set -CONFIG_VIRTIO_VSOCKETS=y -CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_NETLINK_DIAG is not set # CONFIG_MPLS is not set # CONFIG_NET_NSH is not set @@ -2077,6 +2075,8 @@ CONFIG_VIRTIO_MEM=y CONFIG_VIRTIO_INPUT=y CONFIG_VIRTIO_MMIO=y CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_VIRTIO_DEBUG is not set # CONFIG_VDPA is not set CONFIG_VHOST_MENU=y diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index 8909d8f0ac46a4..49505fe3960046 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -1154,8 +1154,6 @@ CONFIG_NET_PTP_CLASSIFY=y CONFIG_VSOCKETS=y CONFIG_VSOCKETS_DIAG=y # CONFIG_VSOCKETS_LOOPBACK is not set -CONFIG_VIRTIO_VSOCKETS=y -CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_HYPERV_VSOCKETS is not set # CONFIG_NETLINK_DIAG is not set # CONFIG_MPLS is not set @@ -2308,6 +2306,8 @@ CONFIG_VIRTIO_MEM=y CONFIG_VIRTIO_INPUT=y CONFIG_VIRTIO_MMIO=y CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_VIRTIO_DEBUG is not set # CONFIG_VDPA is not set # CONFIG_VHOST_MENU is not set From df90d623e91a00466267989d4f41351cd2b9e667 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 18 Nov 2025 12:07:21 -0500 Subject: [PATCH 04/15] autoapprove installs github actions --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 576f516282f881..0d8e910fd39be7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,7 +15,7 @@ jobs: with: fetch-depth: 1 - name: Install build tools - run: sudo apt install build-essential flex bison libssl-dev libelf-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu + run: sudo apt install -y build-essential flex bison libssl-dev libelf-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu - name: Configure (aarch64) run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make ch_defconfig - name: Build (aarch64) From c6e11d72ba5ed0b116f179e4e007d0e470e432e8 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 18 Nov 2025 12:27:52 -0500 Subject: [PATCH 05/15] Enable CONFIG_IKCONFIG --- arch/arm64/configs/ch_defconfig | 3 ++- arch/riscv/configs/ch_defconfig | 3 ++- arch/x86/configs/ch_defconfig | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index a6ac60f506fe9f..22b9be15dd52c6 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -137,7 +137,8 @@ CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem -# CONFIG_IKCONFIG is not set +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y # CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=21 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index af72f8b2b76c78..4a84dd13a7bc00 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -153,7 +153,8 @@ CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem -# CONFIG_IKCONFIG is not set +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y # CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=21 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index 49505fe3960046..a71ed0fe7506a0 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -160,7 +160,8 @@ CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y # end of RCU Subsystem -# CONFIG_IKCONFIG is not set +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y # CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=21 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 From 0303f29a5799500bcd1b0e92b1cf151acff59cd7 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 18 Nov 2025 12:52:39 -0500 Subject: [PATCH 06/15] Disable CONFIG_EXPERT --- arch/arm64/configs/ch_defconfig | 2 +- arch/riscv/configs/ch_defconfig | 2 +- arch/x86/configs/ch_defconfig | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index 22b9be15dd52c6..37528279573d5e 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -216,7 +216,7 @@ CONFIG_LD_ORPHAN_WARN=y CONFIG_LD_ORPHAN_WARN_LEVEL="warn" CONFIG_SYSCTL=y CONFIG_SYSCTL_EXCEPTION_TRACE=y -CONFIG_EXPERT=y +# CONFIG_EXPERT is not set CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 4a84dd13a7bc00..1dc1a0db790993 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -235,7 +235,7 @@ CONFIG_LD_ORPHAN_WARN_LEVEL="warn" CONFIG_SYSCTL=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW=y -CONFIG_EXPERT=y +# CONFIG_EXPERT is not set CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index a71ed0fe7506a0..bf0e3fc9b67f34 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -241,7 +241,7 @@ CONFIG_LD_ORPHAN_WARN_LEVEL="warn" CONFIG_SYSCTL=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y -CONFIG_EXPERT=y +# CONFIG_EXPERT is not set CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y From 0cbd8659fd636e30c92855aea6b3de7c986333c8 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Wed, 10 Dec 2025 21:38:28 +0000 Subject: [PATCH 07/15] Enable kernel modules and DRM for NVIDIA GPU passthrough - Enable CONFIG_MODULES for loadable module support - Enable CONFIG_DRM and CONFIG_DRM_BOCHS (which selects DRM_TTM) - Add CI steps to build NVIDIA open-gpu-kernel-modules - Download NVIDIA driver and extract GSP firmware for H100/modern GPUs - Package kernel modules + firmware as nvidia-modules-x86_64.tar.gz - Package userspace driver libraries as nvidia-driver-libs-x86_64.tar.gz (libcuda.so, libnvidia-ml.so, nvidia-smi, etc. for container injection) --- .github/workflows/release.yaml | 93 +++++++++++++++++++++++++++++++++ arch/arm64/configs/ch_defconfig | 7 ++- arch/riscv/configs/ch_defconfig | 7 ++- arch/x86/configs/ch_defconfig | 7 ++- 4 files changed, 108 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0d8e910fd39be7..290cb6bf521ea9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -28,6 +28,81 @@ jobs: run: make ch_defconfig - name: Build kernel (x86-64) run: CFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc` + - name: Build kernel modules (x86-64) + run: make modules -j `nproc` + - name: Clone NVIDIA open-gpu-kernel-modules + run: git clone --depth 1 --branch 570.86.16 https://github.com/NVIDIA/open-gpu-kernel-modules.git + - name: Build NVIDIA modules (x86-64) + run: | + cd open-gpu-kernel-modules + make modules KERNEL_UNAME=$(cd .. && make -s kernelrelease) SYSSRC=$(pwd)/.. -j $(nproc) + - name: Download NVIDIA driver for firmware + run: | + DRIVER_VERSION=570.86.16 + wget -q https://download.nvidia.com/XFree86/Linux-x86_64/${DRIVER_VERSION}/NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run + chmod +x NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run + ./NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run --extract-only --target nvidia-driver + - name: Package NVIDIA modules (x86-64) + run: | + KVER=$(make -s kernelrelease) + DRIVER_VERSION=570.86.16 + mkdir -p nvidia-modules/lib/modules/$KVER/kernel/drivers/gpu + mkdir -p nvidia-modules/lib/firmware/nvidia/${DRIVER_VERSION} + cp open-gpu-kernel-modules/kernel-open/*.ko nvidia-modules/lib/modules/$KVER/kernel/drivers/gpu/ + cp nvidia-driver/firmware/*.bin nvidia-modules/lib/firmware/nvidia/${DRIVER_VERSION}/ + tar czf nvidia-modules-x86_64.tar.gz -C nvidia-modules . + # ============================================================ + # NVIDIA DRIVER USERSPACE LIBRARIES + # ============================================================ + # These libraries are injected into containers at VM boot time by hypeman, + # eliminating the need for containers to bundle matching NVIDIA drivers. + # + # When upgrading the driver version: + # 1. Check NVIDIA release notes: https://download.nvidia.com/XFree86/Linux-x86_64/ + # 2. Ensure compatibility with the kernel version being built + # 3. Update DRIVER_VERSION in ALL places in this file (search for 570.86.16) + # 4. Update NvidiaDriverVersion in hypeman/lib/system/versions.go + # 5. Test GPU passthrough thoroughly before deploying + # ============================================================ + - name: Package NVIDIA driver libraries (x86-64) + run: | + DRIVER_VERSION=570.86.16 + + mkdir -p nvidia-driver-libs/usr/lib/nvidia + mkdir -p nvidia-driver-libs/usr/bin + + # Essential libraries for CUDA inference (minimal set to keep initrd small) + # libcuda.so - CUDA driver API (required for all GPU compute) ~68MB + cp nvidia-driver/libcuda.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + # libnvidia-ml.so - NVML for nvidia-smi and GPU monitoring ~2MB + cp nvidia-driver/libnvidia-ml.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + # libnvidia-ptxjitcompiler.so - PTX JIT compilation ~37MB + cp nvidia-driver/libnvidia-ptxjitcompiler.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + + # Small utility libraries + cp nvidia-driver/libnvidia-allocator.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + cp nvidia-driver/libnvidia-cfg.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + + # Note: The following large libraries are NOT included to keep initrd small: + # - libnvidia-nvvm.so (~79MB) - Only needed for CUDA runtime compilation + # - libnvidia-gpucomp.so (~61MB) - Only needed for some compute workloads + # - libnvidia-opencl.so (~63MB) - Only needed for OpenCL (not CUDA) + # - libnvcuvid.so (~16MB) - Only needed for video decoding + # - libnvidia-encode.so - Only needed for video encoding + # Containers requiring these can install them directly. + + # Binaries + cp nvidia-driver/nvidia-smi nvidia-driver-libs/usr/bin/ + cp nvidia-driver/nvidia-modprobe nvidia-driver-libs/usr/bin/ + + # Version file for runtime verification + echo "${DRIVER_VERSION}" > nvidia-driver-libs/usr/lib/nvidia/version + + tar czf nvidia-driver-libs-x86_64.tar.gz -C nvidia-driver-libs . + + echo "Driver libraries packaged:" + ls -lah nvidia-driver-libs/usr/lib/nvidia/ + ls -lah nvidia-driver-libs/usr/bin/ - name: Create release id: create_release uses: actions/create-release@v1 @@ -55,6 +130,24 @@ jobs: asset_path: vmlinux asset_name: vmlinux-x86_64 asset_content_type: application/octet-stream + - name: Upload NVIDIA modules for x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: nvidia-modules-x86_64.tar.gz + asset_name: nvidia-modules-x86_64.tar.gz + asset_content_type: application/gzip + - name: Upload NVIDIA driver libraries for x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: nvidia-driver-libs-x86_64.tar.gz + asset_name: nvidia-driver-libs-x86_64.tar.gz + asset_content_type: application/gzip - name: Upload Image.gz for aarch64 uses: actions/upload-release-asset@v1 env: diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index 37528279573d5e..353bd773ebef9b 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -794,7 +794,9 @@ CONFIG_FUNCTION_ALIGNMENT=4 # end of General architecture-dependent options CONFIG_RT_MUTEXES=y -# CONFIG_MODULES is not set +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +CONFIG_MODVERSIONS=y CONFIG_BLOCK=y CONFIG_BLOCK_LEGACY_AUTOLOAD=y CONFIG_BLK_CGROUP_RWSTAT=y @@ -2002,7 +2004,8 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_VIDEO=y # CONFIG_AUXDISPLAY is not set -# CONFIG_DRM is not set +CONFIG_DRM=y +CONFIG_DRM_BOCHS=y # # Frame buffer Devices diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 1dc1a0db790993..1bef44e88ef0cf 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -655,7 +655,9 @@ CONFIG_FUNCTION_ALIGNMENT=0 # end of General architecture-dependent options CONFIG_RT_MUTEXES=y -# CONFIG_MODULES is not set +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +CONFIG_MODVERSIONS=y CONFIG_BLOCK=y CONFIG_BLOCK_LEGACY_AUTOLOAD=y CONFIG_BLK_CGROUP_RWSTAT=y @@ -1769,7 +1771,8 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_VIDEO=y # CONFIG_AUXDISPLAY is not set -# CONFIG_DRM is not set +CONFIG_DRM=y +CONFIG_DRM_BOCHS=y # # Frame buffer Devices diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index bf0e3fc9b67f34..7dc4218f0052b2 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -857,7 +857,9 @@ CONFIG_CC_HAS_SANE_FUNCTION_ALIGNMENT=y # end of General architecture-dependent options CONFIG_RT_MUTEXES=y -# CONFIG_MODULES is not set +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +CONFIG_MODVERSIONS=y CONFIG_BLOCK=y CONFIG_BLOCK_LEGACY_AUTOLOAD=y CONFIG_BLK_CGROUP_RWSTAT=y @@ -2024,7 +2026,8 @@ CONFIG_VIDEO=y # CONFIG_AUXDISPLAY is not set # CONFIG_AGP is not set # CONFIG_VGA_SWITCHEROO is not set -# CONFIG_DRM is not set +CONFIG_DRM=y +CONFIG_DRM_BOCHS=y # # Frame buffer Devices From 9afdbad91b69789aa77ab338925e7689f4972f01 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 11 Dec 2025 16:44:37 -0500 Subject: [PATCH 08/15] Enable networking configs --- arch/arm64/configs/ch_defconfig | 7 +++++-- arch/riscv/configs/ch_defconfig | 7 +++++-- arch/x86/configs/ch_defconfig | 7 +++++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index 37528279573d5e..cbb32c0f72676b 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -1118,14 +1118,17 @@ CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_NETWORK_SECMARK is not set CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set -# CONFIG_NETFILTER is not set +CONFIG_NETFILTER=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set +CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set # CONFIG_LLC2 is not set diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 1dc1a0db790993..8f6df41123a4f8 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -924,14 +924,17 @@ CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_NETWORK_SECMARK is not set CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set -# CONFIG_NETFILTER is not set +CONFIG_NETFILTER=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set +CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set # CONFIG_LLC2 is not set diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index bf0e3fc9b67f34..f3c371bef9ec77 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -1131,14 +1131,17 @@ CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_NETWORK_SECMARK is not set CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set -# CONFIG_NETFILTER is not set +CONFIG_NETFILTER=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set +CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set # CONFIG_LLC2 is not set From 074fac4651652a70839c11262d6e0bb1a8cb2e3a Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 11 Dec 2025 17:17:09 -0500 Subject: [PATCH 09/15] Add missing dependencies --- arch/arm64/configs/ch_defconfig | 2 ++ arch/riscv/configs/ch_defconfig | 2 ++ arch/x86/configs/ch_defconfig | 2 ++ 3 files changed, 6 insertions(+) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index cbb32c0f72676b..820187bcb1ea3b 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -1119,6 +1119,8 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_NAT=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_TARGET_MASQUERADE=y diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 8f6df41123a4f8..a4fb4966b64141 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -925,6 +925,8 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_NAT=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_TARGET_MASQUERADE=y diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index f3c371bef9ec77..f8b40a9b309cf5 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -1132,6 +1132,8 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_NAT=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_TARGET_MASQUERADE=y From 7dee9abca901d58196225c0c624c3bca7dc0b884 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Sat, 13 Dec 2025 21:21:38 +0000 Subject: [PATCH 10/15] Fix YAML indentation in release workflow --- .github/workflows/release.yaml | 78 +++++++++++++++++----------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 290cb6bf521ea9..a7061d28858b2a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -64,45 +64,45 @@ jobs: # 4. Update NvidiaDriverVersion in hypeman/lib/system/versions.go # 5. Test GPU passthrough thoroughly before deploying # ============================================================ - - name: Package NVIDIA driver libraries (x86-64) - run: | - DRIVER_VERSION=570.86.16 - - mkdir -p nvidia-driver-libs/usr/lib/nvidia - mkdir -p nvidia-driver-libs/usr/bin - - # Essential libraries for CUDA inference (minimal set to keep initrd small) - # libcuda.so - CUDA driver API (required for all GPU compute) ~68MB - cp nvidia-driver/libcuda.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - # libnvidia-ml.so - NVML for nvidia-smi and GPU monitoring ~2MB - cp nvidia-driver/libnvidia-ml.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - # libnvidia-ptxjitcompiler.so - PTX JIT compilation ~37MB - cp nvidia-driver/libnvidia-ptxjitcompiler.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - - # Small utility libraries - cp nvidia-driver/libnvidia-allocator.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - cp nvidia-driver/libnvidia-cfg.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - - # Note: The following large libraries are NOT included to keep initrd small: - # - libnvidia-nvvm.so (~79MB) - Only needed for CUDA runtime compilation - # - libnvidia-gpucomp.so (~61MB) - Only needed for some compute workloads - # - libnvidia-opencl.so (~63MB) - Only needed for OpenCL (not CUDA) - # - libnvcuvid.so (~16MB) - Only needed for video decoding - # - libnvidia-encode.so - Only needed for video encoding - # Containers requiring these can install them directly. - - # Binaries - cp nvidia-driver/nvidia-smi nvidia-driver-libs/usr/bin/ - cp nvidia-driver/nvidia-modprobe nvidia-driver-libs/usr/bin/ - - # Version file for runtime verification - echo "${DRIVER_VERSION}" > nvidia-driver-libs/usr/lib/nvidia/version - - tar czf nvidia-driver-libs-x86_64.tar.gz -C nvidia-driver-libs . - - echo "Driver libraries packaged:" - ls -lah nvidia-driver-libs/usr/lib/nvidia/ - ls -lah nvidia-driver-libs/usr/bin/ + - name: Package NVIDIA driver libraries (x86-64) + run: | + DRIVER_VERSION=570.86.16 + + mkdir -p nvidia-driver-libs/usr/lib/nvidia + mkdir -p nvidia-driver-libs/usr/bin + + # Essential libraries for CUDA inference (minimal set to keep initrd small) + # libcuda.so - CUDA driver API (required for all GPU compute) ~68MB + cp nvidia-driver/libcuda.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + # libnvidia-ml.so - NVML for nvidia-smi and GPU monitoring ~2MB + cp nvidia-driver/libnvidia-ml.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + # libnvidia-ptxjitcompiler.so - PTX JIT compilation ~37MB + cp nvidia-driver/libnvidia-ptxjitcompiler.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + + # Small utility libraries + cp nvidia-driver/libnvidia-allocator.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + cp nvidia-driver/libnvidia-cfg.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ + + # Note: The following large libraries are NOT included to keep initrd small: + # - libnvidia-nvvm.so (~79MB) - Only needed for CUDA runtime compilation + # - libnvidia-gpucomp.so (~61MB) - Only needed for some compute workloads + # - libnvidia-opencl.so (~63MB) - Only needed for OpenCL (not CUDA) + # - libnvcuvid.so (~16MB) - Only needed for video decoding + # - libnvidia-encode.so - Only needed for video encoding + # Containers requiring these can install them directly. + + # Binaries + cp nvidia-driver/nvidia-smi nvidia-driver-libs/usr/bin/ + cp nvidia-driver/nvidia-modprobe nvidia-driver-libs/usr/bin/ + + # Version file for runtime verification + echo "${DRIVER_VERSION}" > nvidia-driver-libs/usr/lib/nvidia/version + + tar czf nvidia-driver-libs-x86_64.tar.gz -C nvidia-driver-libs . + + echo "Driver libraries packaged:" + ls -lah nvidia-driver-libs/usr/lib/nvidia/ + ls -lah nvidia-driver-libs/usr/bin/ - name: Create release id: create_release uses: actions/create-release@v1 From 7a67df1809b5cd72b6bfe68e75dcb0f65ea1b1a0 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 15 Jan 2026 11:26:03 -0500 Subject: [PATCH 11/15] Publish kernel header files --- .github/workflows/release.yaml | 56 ++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a7061d28858b2a..2c6bcc0962b4d4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,6 +20,26 @@ jobs: run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make ch_defconfig - name: Build (aarch64) run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make Image.gz -j `nproc` + - name: Build kernel modules (aarch64) + run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make modules -j `nproc` + - name: Package kernel headers (aarch64) + run: | + KVER=$(ARCH=arm64 make -s kernelrelease) + HEADERS_DIR="$(pwd)/kernel-headers-arm64" + + # Use the kernel's built-in script via make run-command to ensure proper env vars + mkdir -p "${HEADERS_DIR}" + ARCH=arm64 make run-command KBUILD_RUN_COMMAND="\${srctree}/scripts/package/install-extmod-build ${HEADERS_DIR}" + + # Add System.map and .config + cp System.map "${HEADERS_DIR}/" + cp .config "${HEADERS_DIR}/" + + # Package just the headers contents (flat structure) + tar czf kernel-headers-aarch64.tar.gz -C "${HEADERS_DIR}" . + + echo "Kernel headers packaged for ${KVER} (aarch64):" + du -sh kernel-headers-aarch64.tar.gz - name: Configure (riscv64) run: ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- make ch_defconfig - name: Build (riscv64) @@ -30,6 +50,24 @@ jobs: run: CFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc` - name: Build kernel modules (x86-64) run: make modules -j `nproc` + - name: Package kernel headers (x86-64) + run: | + KVER=$(make -s kernelrelease) + HEADERS_DIR="$(pwd)/kernel-headers-x86" + + # Use the kernel's built-in script via make run-command to ensure proper env vars + mkdir -p "${HEADERS_DIR}" + make run-command KBUILD_RUN_COMMAND="\${srctree}/scripts/package/install-extmod-build ${HEADERS_DIR}" + + # Add System.map and .config (useful for debugging and some build scenarios) + cp System.map "${HEADERS_DIR}/" + cp .config "${HEADERS_DIR}/" + + # Package just the headers contents (flat structure) + tar czf kernel-headers-x86_64.tar.gz -C "${HEADERS_DIR}" . + + echo "Kernel headers packaged for ${KVER}:" + du -sh kernel-headers-x86_64.tar.gz - name: Clone NVIDIA open-gpu-kernel-modules run: git clone --depth 1 --branch 570.86.16 https://github.com/NVIDIA/open-gpu-kernel-modules.git - name: Build NVIDIA modules (x86-64) @@ -139,6 +177,24 @@ jobs: asset_path: nvidia-modules-x86_64.tar.gz asset_name: nvidia-modules-x86_64.tar.gz asset_content_type: application/gzip + - name: Upload kernel headers for x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: kernel-headers-x86_64.tar.gz + asset_name: kernel-headers-x86_64.tar.gz + asset_content_type: application/gzip + - name: Upload kernel headers for aarch64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: kernel-headers-aarch64.tar.gz + asset_name: kernel-headers-aarch64.tar.gz + asset_content_type: application/gzip - name: Upload NVIDIA driver libraries for x86_64 uses: actions/upload-release-asset@v1 env: From f2a1148748701cb75b6647b5a090f1ab0743bca2 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 15 Jan 2026 13:29:31 -0500 Subject: [PATCH 12/15] Static link instead of depend on host glibc for dkms script tools --- .github/workflows/release.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2c6bcc0962b4d4..f78959bece9d7f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,13 +15,15 @@ jobs: with: fetch-depth: 1 - name: Install build tools - run: sudo apt install -y build-essential flex bison libssl-dev libelf-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu + run: sudo apt install -y build-essential flex bison libssl-dev libelf-dev zlib1g-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu - name: Configure (aarch64) run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make ch_defconfig - name: Build (aarch64) run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make Image.gz -j `nproc` - name: Build kernel modules (aarch64) - run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make modules -j `nproc` + # HOSTLDFLAGS=-static makes scripts tools (modpost, etc.) statically linked + # so they don't depend on the build host's glibc version. -lz needed for objtool. + run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- HOSTLDFLAGS="-static -lz" make modules -j `nproc` - name: Package kernel headers (aarch64) run: | KVER=$(ARCH=arm64 make -s kernelrelease) @@ -49,7 +51,9 @@ jobs: - name: Build kernel (x86-64) run: CFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc` - name: Build kernel modules (x86-64) - run: make modules -j `nproc` + # HOSTLDFLAGS=-static makes scripts tools (modpost, etc.) statically linked + # so they don't depend on the build host's glibc version. -lz needed for objtool. + run: HOSTLDFLAGS="-static -lz" make modules -j `nproc` - name: Package kernel headers (x86-64) run: | KVER=$(make -s kernelrelease) From f4e1c62d8f2fc9becffc547f67052bd028648b3e Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 15 Jan 2026 13:47:57 -0500 Subject: [PATCH 13/15] Remove nvidia driver builds --- .github/workflows/release.yaml | 91 --------------------------------- arch/arm64/configs/ch_defconfig | 2 +- arch/riscv/configs/ch_defconfig | 2 +- arch/x86/configs/ch_defconfig | 2 +- 4 files changed, 3 insertions(+), 94 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f78959bece9d7f..dc17d3808fb20b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -72,79 +72,6 @@ jobs: echo "Kernel headers packaged for ${KVER}:" du -sh kernel-headers-x86_64.tar.gz - - name: Clone NVIDIA open-gpu-kernel-modules - run: git clone --depth 1 --branch 570.86.16 https://github.com/NVIDIA/open-gpu-kernel-modules.git - - name: Build NVIDIA modules (x86-64) - run: | - cd open-gpu-kernel-modules - make modules KERNEL_UNAME=$(cd .. && make -s kernelrelease) SYSSRC=$(pwd)/.. -j $(nproc) - - name: Download NVIDIA driver for firmware - run: | - DRIVER_VERSION=570.86.16 - wget -q https://download.nvidia.com/XFree86/Linux-x86_64/${DRIVER_VERSION}/NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run - chmod +x NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run - ./NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run --extract-only --target nvidia-driver - - name: Package NVIDIA modules (x86-64) - run: | - KVER=$(make -s kernelrelease) - DRIVER_VERSION=570.86.16 - mkdir -p nvidia-modules/lib/modules/$KVER/kernel/drivers/gpu - mkdir -p nvidia-modules/lib/firmware/nvidia/${DRIVER_VERSION} - cp open-gpu-kernel-modules/kernel-open/*.ko nvidia-modules/lib/modules/$KVER/kernel/drivers/gpu/ - cp nvidia-driver/firmware/*.bin nvidia-modules/lib/firmware/nvidia/${DRIVER_VERSION}/ - tar czf nvidia-modules-x86_64.tar.gz -C nvidia-modules . - # ============================================================ - # NVIDIA DRIVER USERSPACE LIBRARIES - # ============================================================ - # These libraries are injected into containers at VM boot time by hypeman, - # eliminating the need for containers to bundle matching NVIDIA drivers. - # - # When upgrading the driver version: - # 1. Check NVIDIA release notes: https://download.nvidia.com/XFree86/Linux-x86_64/ - # 2. Ensure compatibility with the kernel version being built - # 3. Update DRIVER_VERSION in ALL places in this file (search for 570.86.16) - # 4. Update NvidiaDriverVersion in hypeman/lib/system/versions.go - # 5. Test GPU passthrough thoroughly before deploying - # ============================================================ - - name: Package NVIDIA driver libraries (x86-64) - run: | - DRIVER_VERSION=570.86.16 - - mkdir -p nvidia-driver-libs/usr/lib/nvidia - mkdir -p nvidia-driver-libs/usr/bin - - # Essential libraries for CUDA inference (minimal set to keep initrd small) - # libcuda.so - CUDA driver API (required for all GPU compute) ~68MB - cp nvidia-driver/libcuda.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - # libnvidia-ml.so - NVML for nvidia-smi and GPU monitoring ~2MB - cp nvidia-driver/libnvidia-ml.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - # libnvidia-ptxjitcompiler.so - PTX JIT compilation ~37MB - cp nvidia-driver/libnvidia-ptxjitcompiler.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - - # Small utility libraries - cp nvidia-driver/libnvidia-allocator.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - cp nvidia-driver/libnvidia-cfg.so.${DRIVER_VERSION} nvidia-driver-libs/usr/lib/nvidia/ - - # Note: The following large libraries are NOT included to keep initrd small: - # - libnvidia-nvvm.so (~79MB) - Only needed for CUDA runtime compilation - # - libnvidia-gpucomp.so (~61MB) - Only needed for some compute workloads - # - libnvidia-opencl.so (~63MB) - Only needed for OpenCL (not CUDA) - # - libnvcuvid.so (~16MB) - Only needed for video decoding - # - libnvidia-encode.so - Only needed for video encoding - # Containers requiring these can install them directly. - - # Binaries - cp nvidia-driver/nvidia-smi nvidia-driver-libs/usr/bin/ - cp nvidia-driver/nvidia-modprobe nvidia-driver-libs/usr/bin/ - - # Version file for runtime verification - echo "${DRIVER_VERSION}" > nvidia-driver-libs/usr/lib/nvidia/version - - tar czf nvidia-driver-libs-x86_64.tar.gz -C nvidia-driver-libs . - - echo "Driver libraries packaged:" - ls -lah nvidia-driver-libs/usr/lib/nvidia/ - ls -lah nvidia-driver-libs/usr/bin/ - name: Create release id: create_release uses: actions/create-release@v1 @@ -172,15 +99,6 @@ jobs: asset_path: vmlinux asset_name: vmlinux-x86_64 asset_content_type: application/octet-stream - - name: Upload NVIDIA modules for x86_64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: nvidia-modules-x86_64.tar.gz - asset_name: nvidia-modules-x86_64.tar.gz - asset_content_type: application/gzip - name: Upload kernel headers for x86_64 uses: actions/upload-release-asset@v1 env: @@ -199,15 +117,6 @@ jobs: asset_path: kernel-headers-aarch64.tar.gz asset_name: kernel-headers-aarch64.tar.gz asset_content_type: application/gzip - - name: Upload NVIDIA driver libraries for x86_64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: nvidia-driver-libs-x86_64.tar.gz - asset_name: nvidia-driver-libs-x86_64.tar.gz - asset_content_type: application/gzip - name: Upload Image.gz for aarch64 uses: actions/upload-release-asset@v1 env: diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index 2d1f30af7c5dfa..ff95746a45bbf8 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -33,7 +33,7 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_BUILD_SALT="" CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="cloud-hypervisor" +CONFIG_DEFAULT_HOSTNAME="hypeman" CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index 5d2785df69ed1c..d6c010d3f3cdd7 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -50,7 +50,7 @@ CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_ZSTD is not set # CONFIG_KERNEL_UNCOMPRESSED is not set CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="cloud-hypervisor" +CONFIG_DEFAULT_HOSTNAME="hypeman" CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index 0b72336c436fd7..f75dcf3e8d3d09 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -49,7 +49,7 @@ CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_LZ4 is not set # CONFIG_KERNEL_ZSTD is not set CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="cloud-hypervisor" +CONFIG_DEFAULT_HOSTNAME="hypeman" CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y From 09de4df8597193f24870659589f16269fabab134 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Thu, 15 Jan 2026 14:15:04 -0500 Subject: [PATCH 14/15] Fix static linking --- .github/workflows/release.yaml | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index dc17d3808fb20b..13151bedc76cff 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,6 +9,9 @@ jobs: if: github.event_name == 'create' && github.event.ref_type == 'tag' name: Release runs-on: [self-hosted, linux, x64, kvm] + env: + # Static link host tools so they don't depend on build host's glibc version + HOSTLDFLAGS: "-static -lz" steps: - name: Code checkout uses: actions/checkout@v4 @@ -21,9 +24,7 @@ jobs: - name: Build (aarch64) run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make Image.gz -j `nproc` - name: Build kernel modules (aarch64) - # HOSTLDFLAGS=-static makes scripts tools (modpost, etc.) statically linked - # so they don't depend on the build host's glibc version. -lz needed for objtool. - run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- HOSTLDFLAGS="-static -lz" make modules -j `nproc` + run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make modules -j `nproc` - name: Package kernel headers (aarch64) run: | KVER=$(ARCH=arm64 make -s kernelrelease) @@ -51,9 +52,7 @@ jobs: - name: Build kernel (x86-64) run: CFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc` - name: Build kernel modules (x86-64) - # HOSTLDFLAGS=-static makes scripts tools (modpost, etc.) statically linked - # so they don't depend on the build host's glibc version. -lz needed for objtool. - run: HOSTLDFLAGS="-static -lz" make modules -j `nproc` + run: make modules -j `nproc` - name: Package kernel headers (x86-64) run: | KVER=$(make -s kernelrelease) @@ -72,6 +71,28 @@ jobs: echo "Kernel headers packaged for ${KVER}:" du -sh kernel-headers-x86_64.tar.gz + - name: Verify tools are statically linked + run: | + echo "Checking that host tools are statically linked..." + FAILED=0 + for tool in kernel-headers-x86/scripts/basic/fixdep \ + kernel-headers-x86/scripts/mod/modpost \ + kernel-headers-x86/tools/objtool/objtool; do + if [ -f "$tool" ]; then + if file "$tool" | grep -q "statically linked"; then + echo "✓ $tool: statically linked" + else + echo "✗ $tool: DYNAMICALLY LINKED - this will cause glibc compatibility issues!" + file "$tool" + FAILED=1 + fi + fi + done + if [ $FAILED -eq 1 ]; then + echo "ERROR: Some tools are dynamically linked. Check HOSTLDFLAGS setting." + exit 1 + fi + echo "All tools verified as statically linked." - name: Create release id: create_release uses: actions/create-release@v1 From d64ceea5c9add9b4cb895a0775ae348b3cb95114 Mon Sep 17 00:00:00 2001 From: Steven Miller Date: Tue, 10 Feb 2026 17:26:34 -0500 Subject: [PATCH 15/15] Enable overlayfs redirect_dir and index Allow native overlay nesting (overlay-on-overlay) so BuildKit can use the kernel overlayfs snapshotter instead of falling back to fuse-overlayfs. --- arch/arm64/configs/ch_defconfig | 5 ++--- arch/riscv/configs/ch_defconfig | 5 ++--- arch/x86/configs/ch_defconfig | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/arch/arm64/configs/ch_defconfig b/arch/arm64/configs/ch_defconfig index ff95746a45bbf8..65ceee397cfa51 100644 --- a/arch/arm64/configs/ch_defconfig +++ b/arch/arm64/configs/ch_defconfig @@ -2691,9 +2691,8 @@ CONFIG_VIRTIO_FS=y CONFIG_FUSE_DAX=y CONFIG_FUSE_PASSTHROUGH=y CONFIG_OVERLAY_FS=y -# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set -CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y -# CONFIG_OVERLAY_FS_INDEX is not set +CONFIG_OVERLAY_FS_REDIRECT_DIR=y +CONFIG_OVERLAY_FS_INDEX=y # CONFIG_OVERLAY_FS_XINO_AUTO is not set # CONFIG_OVERLAY_FS_METACOPY is not set # CONFIG_OVERLAY_FS_DEBUG is not set diff --git a/arch/riscv/configs/ch_defconfig b/arch/riscv/configs/ch_defconfig index d6c010d3f3cdd7..b7407ba54eb58a 100644 --- a/arch/riscv/configs/ch_defconfig +++ b/arch/riscv/configs/ch_defconfig @@ -2389,9 +2389,8 @@ CONFIG_VIRTIO_FS=y CONFIG_FUSE_DAX=y CONFIG_FUSE_PASSTHROUGH=y CONFIG_OVERLAY_FS=y -# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set -CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y -# CONFIG_OVERLAY_FS_INDEX is not set +CONFIG_OVERLAY_FS_REDIRECT_DIR=y +CONFIG_OVERLAY_FS_INDEX=y # CONFIG_OVERLAY_FS_XINO_AUTO is not set # CONFIG_OVERLAY_FS_METACOPY is not set # CONFIG_OVERLAY_FS_DEBUG is not set diff --git a/arch/x86/configs/ch_defconfig b/arch/x86/configs/ch_defconfig index f75dcf3e8d3d09..0a9c530bb0d1a4 100644 --- a/arch/x86/configs/ch_defconfig +++ b/arch/x86/configs/ch_defconfig @@ -2597,9 +2597,8 @@ CONFIG_VIRTIO_FS=y CONFIG_FUSE_DAX=y CONFIG_FUSE_PASSTHROUGH=y CONFIG_OVERLAY_FS=y -# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set -CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y -# CONFIG_OVERLAY_FS_INDEX is not set +CONFIG_OVERLAY_FS_REDIRECT_DIR=y +CONFIG_OVERLAY_FS_INDEX=y # CONFIG_OVERLAY_FS_XINO_AUTO is not set # CONFIG_OVERLAY_FS_METACOPY is not set # CONFIG_OVERLAY_FS_DEBUG is not set