Skip to content

{jmaple} fips 8 compliant/4.18.0 553.16.1 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 2, 2025
Merged

{jmaple} fips 8 compliant/4.18.0 553.16.1 #39

merged 2 commits into from
Jan 2, 2025

Conversation

PlaidCat
Copy link
Collaborator

This is a pull commits forward from the 4.18.0-425.13.1 FIPS-legacy-8 kernel and set up the githubactions

This change is actually against 2 different Distros 8.6 and 8.10 for FIPS-8-Compliant

el8_6 Build

[maple@r86-fips-553 kernel-src-tree]$ ../kernel-tools/kernel_build.sh
/mnt/code/kernel-src-tree
  CLEAN   scripts/basic
  CLEAN   scripts/genksyms
  CLEAN   scripts/kconfig
  CLEAN   scripts/mod
  CLEAN   scripts/selinux/genheaders
  CLEAN   scripts/selinux/mdp
  CLEAN   scripts
  CLEAN   include/config include/generated arch/x86/include/generated
  CLEAN   .config .config.old
[TIMER]{MRPROPER}: 8s
x86_64 architecture detected, copying config
'configs/kernel-4.18.0-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-_jmaple__fips-8-compliant_4.18.0-553.16.1"
Making olddefconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  YACC    scripts/kconfig/zconf.tab.c
  LEX     scripts/kconfig/zconf.lex.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h

[SNIP]

  LD [M]  sound/x86/snd-hdmi-lpe-audio.ko
  LD [M]  virt/lib/irqbypass.ko
[TIMER]{BUILD}: 2123s
Making Modules
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko

[SNIP]

  INSTALL virt/lib/irqbypass.ko
  DEPMOD  4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
[TIMER]{MODULES}: 44s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ arch/x86/boot/bzImage \
	System.map "/boot"
[TIMER]{INSTALL}: 21s
Checking kABI
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ and Index to 0
The default is /boot/loader/entries/d1717353012c405384c2da92bcca57cd-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
The default is /boot/loader/entries/d1717353012c405384c2da92bcca57cd-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
Generating grub configuration file ...
done
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 8s
[TIMER]{BUILD}: 2123s
[TIMER]{MODULES}: 44s
[TIMER]{INSTALL}: 21s
[TIMER]{TOTAL} 2199s
Rebooting in 10 seconds
Connection to 192.168.122.46 closed by remote host.

el8_6 Kselftest Execution

[maple@r86-fips-553 ~]$ uname -a
Linux r86-fips-553 4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ #1 SMP Tue Dec 31 14:02:19 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
[maple@r86-fips-553 ~]$ cd /mnt/code/
[maple@r86-fips-553 code]$ ./run_kerselftests.sh 5
Starting Test Loop 1
Test Loop 1 Done
Starting Test Loop 2
Test Loop 2 Done
Starting Test Loop 3
Test Loop 3 Done
Starting Test Loop 4
Test Loop 4 Done
Starting Test Loop 5
Test Loop 5 Done

[maple@r86-fips-553 code]$ ls *log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_1.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_1_nocomments.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_2.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_2_nocomments.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_3.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_3_nocomments.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_4.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_4_nocomments.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_5.log
kernel_4.18.0-553.16.1.el8_6.ciqfips.5.1.x86_64_iteration_5_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_1.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_1_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_2.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_2_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_3.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_3_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_4.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_4_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_5.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_5_nocomments.log

Test results

Usual set of noise but since I did 5 loops of the before and after there are several screenshots
el8_6_basediff
el8_6_compilediff
el8_6_base-vs-compilediff

EL8_10 Build

[maple@r810-fips-553 kernel-src-tree]$ ../kernel-tools/kernel_build.sh
/mnt/code/kernel-src-tree
  CLEAN   .
  CLEAN   arch/x86/entry/vdso
  CLEAN   arch/x86/kernel/cpu
  CLEAN   arch/x86/kernel
  CLEAN   arch/x86/purgatory
  CLEAN   arch/x86/realmode/rm
  CLEAN   arch/x86/lib
  CLEAN   certs
  CLEAN   drivers/firmware/efi/libstub
  CLEAN   drivers/gpu/drm/radeon
  CLEAN   drivers/scsi
  CLEAN   drivers/tty/vt
  CLEAN   drivers/video/logo
  CLEAN   kernel/debug/kdb
  CLEAN   kernel
  CLEAN   lib/raid6
  CLEAN   lib
  CLEAN   net/wireless
  CLEAN   security/selinux
  CLEAN   usr
  CLEAN   samples/hidraw
  CLEAN   arch/x86/boot/compressed
  CLEAN   arch/x86/boot
  CLEAN   arch/x86/tools
  CLEAN    resolve_btfids
  CLEAN   .tmp_versions
  CLEAN   scripts/basic
  CLEAN   scripts/genksyms
  CLEAN   scripts/kconfig
  CLEAN   scripts/mod
  CLEAN   scripts/selinux/genheaders
  CLEAN   scripts/selinux/mdp
  CLEAN   scripts
  CLEAN   include/config usr/include include/generated arch/x86/include/generated
  CLEAN   .config .config.old .version Module.symvers
[TIMER]{MRPROPER}: 8s
x86_64 architecture detected, copying config
'configs/kernel-4.18.0-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-_jmaple__fips-8-compliant_4.18.0-553.16.1"
Making olddefconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  YACC    scripts/kconfig/zconf.tab.c
  LEX     scripts/kconfig/zconf.lex.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h

[SNIP]

  LD [M]  sound/xen/snd_xen_front.ko
  LD [M]  virt/lib/irqbypass.ko
[TIMER]{BUILD}: 2104s
Making Modules
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko

[SNIP]

  DEPMOD  4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
[TIMER]{MODULES}: 52s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ arch/x86/boot/bzImage \
	System.map "/boot"
[TIMER]{INSTALL}: 25s
Checking kABI
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ and Index to 0
The default is /boot/loader/entries/820d03ec33154f8a8cf95f4fcb411d78-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
The default is /boot/loader/entries/820d03ec33154f8a8cf95f4fcb411d78-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+.conf with index 0 and kernel /boot/vmlinuz-4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+
Generating grub configuration file ...
done
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 8s
[TIMER]{BUILD}: 2104s
[TIMER]{MODULES}: 52s
[TIMER]{INSTALL}: 25s
[TIMER]{TOTAL} 2195s
Rebooting in 10 seconds
Connection to 192.168.122.200 closed by remote host.

EL8_10 Kselftest

[maple@r810-fips-553 ~]$ uname -a
Linux r810-fips-553 4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+ #1 SMP Tue Dec 31 13:41:09 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
[maple@r810-fips-553 ~]$ cd /mnt/code/kernel-src-tree/
[maple@r810-fips-553 kernel-src-tree]$ cd ../
[maple@r810-fips-553 code]$ ./run_kerselftests.sh 5
Starting Test Loop 1
Test Loop 1 Done
Starting Test Loop 2
Test Loop 2 Done
Starting Test Loop 3
Test Loop 3 Done
Starting Test Loop 4
Test Loop 4 Done
Starting Test Loop 5
Test Loop 5 Done

[jmaple@devbox code]$ ls *.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_1.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_1_nocomments.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_2.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_2_nocomments.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_3.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_3_nocomments.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_4.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_4_nocomments.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_5.log
kernel_4.18.0-553.16.1.el8_10.ciqfips.5.1.x86_64_iteration_5_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_1.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_1_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_2.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_2_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_3.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_3_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_4.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_4_nocomments.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_5.log
kernel_4.18.0-_jmaple__fips-8-compliant_4.18.0-553.16.1+_iteration_5_nocomments.log

Test results

Usual set of noise but since I did 5 loops of the before and after there are several screenshots
el8_10_basediff
el8_10_compilediff
el8_10_base-vs-compilediff

PlaidCat and others added 2 commits December 27, 2024 18:02
@PlaidCat
net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)…
676c3c1 
… packets

jira LE-1733
bugfix geneve_fixes
commit 791b408

Move the vxlan_features_check() call to after we verified the packet is
a tunneled VXLAN packet.

Without this, tunneled UDP non-VXLAN packets (for ex. GENENVE) might
wrongly not get offloaded.
In some cases, it worked by chance as GENEVE header is the same size as
VXLAN, but it is obviously incorrect.

Fixes: e3cfc7e ("net/mlx5e: TX, Add geneve tunnel stateless offload support")
	Signed-off-by: Gal Pressman <[email protected]>
	Reviewed-by: Dragos Tatulea <[email protected]>
	Signed-off-by: Tariq Toukan <[email protected]>
	Reviewed-by: Wojciech Drewek <[email protected]>
	Signed-off-by: David S. Miller <[email protected]>
(cherry picked from commit 791b408)
Signed-off-by: Jonathan Maple <[email protected]>
@gvrose8192 @PlaidCat
github actions: Incorporate feedback on workflows
2967948 
Add workflows for pushes and pull requests.

Signed-off-by: Greg Rose <[email protected]>
Signed-off-by: Jonathan Maple <[email protected]>
gvrose8192
gvrose8192 approved these changes Dec 31, 2024
View reviewed changes
Copy link

@gvrose8192 gvrose8192 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Thanks Maple.

@PlaidCat PlaidCat merged commit 47c493f into fips-8-complaint/4.18.0-553.16.1 Jan 2, 2025
4 checks passed
@PlaidCat PlaidCat deleted the {jmaple}_fips-8-compliant/4.18.0-553.16.1 branch January 21, 2025 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gvrose8192 gvrose8192 gvrose8192 approved these changes

@bmastbergen bmastbergen bmastbergen approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PlaidCat @gvrose8192 @bmastbergen