Upgrade ASK kernel base to Linux 6.18.30

Move the custom ASK/NXP kernel build from lf-6.18.2-1.0.0 toward the upstream stable 6.18.y baseline, currently 6.18.30. This pulls in upstream stable fixes, including the BPF verifier fix needed by Cilium. The previous 6.18.2-based kernel triggered: verifier bug: REG INVARIANTS VIOLATION (false_reg1) reg_bounds_sanity_check() bpf_prog_load() cilium-agent The issue is no longer reproduced on 6.18.30 after fresh boot: Cilium 1.19.2 reports healthy, BPF datapath is active, all controllers are healthy, cluster health is reachable, and dmesg no longer shows the verifier warning. Refresh affected ASK upstream patch splits: - add bridge br_input patch - refresh xfrm policy/state patches - update package/kernel build inputs for 6.18.30
2026-05-16 03:38:21 +08:00
parent 3324412142
commit a2e5c2aa7a
7 changed files with 75 additions and 27 deletions
@@ -7,13 +7,13 @@ TAG ?= dev
 PACKAGES_DIR := packages
 OUT_DIR      := out

-E2FSPROGS_TAR := $(PACKAGES_DIR)/e2fsprogs-v$(E2FSPROGS_VERSION).tar.gz
-BUSYBOX_TAR   := $(PACKAGES_DIR)/busybox-$(BUSYBOX_VERSION).tar.gz
-ALPINE_TAR    := $(PACKAGES_DIR)/alpine-minirootfs-$(ALPINE_VER)-$(ALPINE_ARCH).tar.gz
-NXP_TAR       := $(PACKAGES_DIR)/nxp/kernel/$(NXP_VERSION).tar.gz
-VPP_TAR       := $(PACKAGES_DIR)/nxp/vpp/$(VPP_VERSION).tar.gz
-DPDK_TAR      := $(PACKAGES_DIR)/nxp/dpdk/$(DPDK_VERSION).tar.gz
-CRIO_TAR      := $(PACKAGES_DIR)/$(CRIO_VERSION).tar.gz
+E2FSPROGS_TAR  := $(PACKAGES_DIR)/e2fsprogs-v$(E2FSPROGS_VERSION).tar.gz
+BUSYBOX_TAR    := $(PACKAGES_DIR)/busybox-$(BUSYBOX_VERSION).tar.gz
+ALPINE_TAR     := $(PACKAGES_DIR)/alpine-minirootfs-$(ALPINE_VER)-$(ALPINE_ARCH).tar.gz
+NXP_KERNEL_TAR := $(PACKAGES_DIR)/nxp/kernel/$(NXP_KERNEL_VERSION).tar.gz
+VPP_TAR        := $(PACKAGES_DIR)/nxp/vpp/$(VPP_VERSION).tar.gz
+DPDK_TAR       := $(PACKAGES_DIR)/nxp/dpdk/$(DPDK_VERSION).tar.gz
+CRIO_TAR       := $(PACKAGES_DIR)/$(CRIO_VERSION).tar.gz

 AARCH64_MUSL_CC_TAR := $(PACKAGES_DIR)/aarch64-linux-musl-cross.tgz

@@ -166,7 +166,9 @@ $(DOWNLOAD_PACKAGES_STAMP): docker/download-packages.Dockerfile build.env makefi
 		--build-arg LIBPCAP_TAR=$(LIBPCAP_TAR) \
 		--build-arg TCLAP_TAR=$(TCLAP_TAR) \
 		--build-arg ALPINE_TAR=$(ALPINE_TAR) \
-		--build-arg NXP_TAR=$(NXP_TAR) \
+		--build-arg NXP_KERNEL_VERSION=$(NXP_KERNEL_VERSION) \
+		--build-arg NXP_KERNEL_TAR=$(NXP_KERNEL_TAR) \
+		--build-arg NXP_KERNEL_URL=$(NXP_KERNEL_URL) \
 		--build-arg CRIO_TAR=$(CRIO_TAR) \
 		--output type=local,dest=./$(PACKAGES_DIR) .
 	@touch $@
@@ -233,7 +235,7 @@ ASK: $(ASK_TAR) $(LIBNFCT_TAR) $(LIBNFNETLINK_TAR) $(TCLAP_TAR) $(LIBXML2_TAR) |
 		--build-arg BUILD_BASE_TAG=$$build_base_tag \
 		--build-arg MONO_ASK_TAR=$(MONO_ASK_TAR) \
 		--build-arg AARCH64_MUSL_CC_TAR=$(AARCH64_MUSL_CC_TAR) \
-		--build-arg NXP_TAR=$(NXP_TAR) \
+		--build-arg NXP_KERNEL_TAR=$(NXP_KERNEL_TAR) \
 		--build-arg FMLIB_TAR=$(FMLIB_TAR) \
 		--build-arg FMC_TAR=$(FMC_TAR) \
 		--build-arg LIBNFNETLINK_TAR=$(LIBNFNETLINK_TAR) \
@@ -260,7 +262,7 @@ push-cmm-image: cmm-image
 	docker tag -t localhost/monok8s/cmm:$(TAG) $(IMAGE_REPOSITORY)/cmm:$(KUBE_VERSION)-$(TAG) .
 	docker push $(IMAGE_REPOSITORY)/cmm:$(KUBE_VERSION)-$(TAG)

-vpp: $(BUILD_BASE_STAMP) $(VPP_TAR) $(DPDK_TAR) $(FMLIB_TAR) $(FMC_TAR) $(NXP_TAR)
+vpp: $(BUILD_BASE_STAMP) $(VPP_TAR) $(DPDK_TAR) $(FMLIB_TAR) $(FMC_TAR) $(NXP_KERNEL_TAR)
 	@build_base_tag=$$(docker image inspect \
 		--format '{{.Id}}' \
 		$(DOCKER_IMAGE_ROOT)/build-base:$(TAG) \