Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apply patch to fix jitterentropy init in kernel and kernel-64k #12239

Merged
merged 2 commits into from
Feb 6, 2025
Merged

apply patch to fix jitterentropy init in kernel and kernel-64k #12239

merged 2 commits into from
Feb 6, 2025

Conversation

tobiasb-ms
Copy link
Contributor

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

We are seeing frequent, though not 100% repro, kernel panics on boot on certain vm sizes of arm64 FIPS machines in azure:

[0.702079] Kernel panic - not syncing: jitterentropy: Initialization failed with host not compliant with requirements: 9

This indicates a failure to generate enough entropy in the kernel's crypto module.

There have been multiple changes to this code upstream that address the core issue and allow configuration of certain jitter entropy parameters. For this change, I've taken four upstream commits:

  1. crypto: jitter - add RCT/APT support for different OSRs · torvalds/linux@04597c8
  2. crypto: jitter - Allow configuration of memory size · torvalds/linux@59bcfd7
  3. crypto: jitter - Allow configuration of oversampling rate · torvalds/linux@0baa8fa
  4. crypto: jitter - set default OSR to 3 · torvalds/linux@95a798d
Change Log
  • Patch kernel and kernel-64k with the aforementioned patches.
  • Update config files for kernel and kernel-64k
  • Bump releases on all relevant packages.
Does this affect the toolchain?

YES

Associated issues
Test Methodology

@tobiasb-ms tobiasb-ms requested a review from a team as a code owner February 5, 2025 22:21
@microsoft-github-policy-service microsoft-github-policy-service bot added Packaging 3.0-dev PRs Destined for AzureLinux 3.0 labels Feb 5, 2025
rlmenge
rlmenge approved these changes Feb 5, 2025
View reviewed changes
Copy link
Contributor

@rlmenge rlmenge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me. The kernel was able to boot and run sysbench, unixbench, and some basic smoke tests

AMD

*** Smoke Testing Kernel 6.6.64.2-9.azl3 (est. < 1 min) ***
PASS: Kernel version matches the running kernel version.
PASS: eth0 interface is up.
PASS: iptables service is running.
Boot times:
Startup finished in 1.613s (kernel) + 1.442s (initrd) + 8.756s (userspace) = 11.811s 
graphical.target reached after 8.366s in userspace.
Kernel size:
-rw------- 1 root root 15028224 Feb  5 19:43 /boot/vmlinuz-6.6.64.2-9.azl3
kernel memory:
MemTotal:       32874304 kB
MemFree:        32518624 kB
MemAvailable:   32339484 kB
Total memory:
               total        used        free      shared  buff/cache   available
Mem:           32103         522       31755           8         119       31581
Swap:              0           0           0

ARM on a Cobalt machine

*** Smoke Testing Kernel 6.6.64.2-9.azl3 (est. < 1 min) ***
PASS: Kernel version matches the running kernel version.
PASS: eth0 interface is up.
PASS: iptables service is running.
Boot times:
Startup finished in 2.226s (kernel) + 1.281s (initrd) + 4.889s (userspace) = 8.397s 
graphical.target reached after 4.631s in userspace.
Kernel size:
-rw------- 1 root root 48650752 Feb  5 19:49 /boot/vmlinuz-6.6.64.2-9.azl3
kernel memory:
MemTotal:       395447252 kB
MemFree:        392634756 kB
MemAvailable:   391078936 kB
Total memory:
               total        used        free      shared  buff/cache   available
Mem:          386178        4265      383431           1         166      381913
Swap:              0           0           0

@tobiasb-ms tobiasb-ms merged commit 5be9138 into 3.0-dev Feb 6, 2025
13 checks passed
@tobiasb-ms tobiasb-ms deleted the tobiasb-ms/kernel-fix-jitterentropy-init-panic branch February 6, 2025 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rlmenge rlmenge rlmenge approved these changes

@christopherco christopherco christopherco approved these changes

Assignees
No one assigned
Labels
3.0-dev PRs Destined for AzureLinux 3.0 Packaging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tobiasb-ms @rlmenge @christopherco