From c0365df3ca95b99a0d28d7bc553847993acbc7e9 Mon Sep 17 00:00:00 2001
From: RageLtMan <rageltman [at] sempervictus>
Date: Thu, 20 Jun 2024 20:14:50 -0400
Subject: [PATCH 1/5] T6231: Mellanox OFED Kernel and Userspace Packages

Build OFED drivers and userspace components against the kernel
source tree similar to Intel's NIC drivers.

OFED installers create Debian packages of their own tageting the
kernel version defined in the build invocation if DKMS is omitted.
Script builds with supporting components for VPP to permit handoff
of function to the underlying hardware as appropriate. Updating the
version is fairly trivial along with adding patching as needed to
handle kCFI and hardening measures as they are introduced.

Testing:
  Tested against GCC-built Linux Hardened kernel with the various
additions from PR 132 - sustained line-rate testing against 4x100g
links on a single machine at a hair below 200g for each LACP pair.
---
 packages/linux-kernel/Jenkinsfile            |  3 +
 packages/linux-kernel/build-mellanox-ofed.sh | 87 ++++++++++++++++++++
 2 files changed, 90 insertions(+)
 create mode 100755 packages/linux-kernel/build-mellanox-ofed.sh

diff --git a/packages/linux-kernel/Jenkinsfile b/packages/linux-kernel/Jenkinsfile
index 9d88663af2..ba4a5a1c7d 100644
--- a/packages/linux-kernel/Jenkinsfile
+++ b/packages/linux-kernel/Jenkinsfile
@@ -62,6 +62,9 @@ def pkgList = [
     // Intel IXGBEVF
     ['name': 'ixgbevf', 'buildCmd': 'cd ..; ./build-intel-ixgbevf.sh'],
 
+    // Mellanox OFED
+    ['name': 'ofed', 'buildCmd': 'cd ..; ./build-mellanox-ofed.sh'],
+
     // Jool
     ['name': 'jool', 'buildCmd': 'cd ..; ./build-jool.py'],
 
diff --git a/packages/linux-kernel/build-mellanox-ofed.sh b/packages/linux-kernel/build-mellanox-ofed.sh
new file mode 100755
index 0000000000..0ddf084e78
--- /dev/null
+++ b/packages/linux-kernel/build-mellanox-ofed.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+DROP_DEV_DBG_DEBS=1
+DEB_DISTRO='debian12.1'
+CWD=$(pwd)
+KERNEL_VAR_FILE=${CWD}/kernel-vars
+
+if ! dpkg-architecture -iamd64; then
+    echo "Mellanox OFED is only buildable on amd64 platforms"
+    exit 0
+fi
+
+if [ ! -f ${KERNEL_VAR_FILE} ]; then
+    echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
+    exit 1
+fi
+
+. ${KERNEL_VAR_FILE}
+
+url="https://www.mellanox.com/downloads/ofed/MLNX_OFED-24.04-0.6.6.0/MLNX_OFED_SRC-debian-24.04-0.6.6.0.tgz"
+
+cd ${CWD}
+
+DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
+DRIVER_DIR="${DRIVER_FILE%.tgz}"
+DRIVER_NAME="ofed"
+DRIVER_PRFX="MLNX_OFED"
+DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_PRFX} '{print $2}' | sed 's/^-//;s|_SRC-debian-||')
+DRIVER_VERSION_EXTRA=""
+
+# Build up Debian related variables required for packaging
+DEBIAN_ARCH=$(dpkg --print-architecture)
+DEBIAN_DIR="${CWD}/vyos-mellanox-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
+DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
+DEBIAN_POSTINST="${CWD}/vyos-mellanox-ofed.postinst"
+
+# Fetch OFED driver source from Nvidia
+if [ -e ${DRIVER_FILE} ]; then
+    rm -f ${DRIVER_FILE}
+fi
+curl -L -o ${DRIVER_FILE} ${url}
+if [ "$?" -ne "0" ]; then
+    exit 1
+fi
+
+# Unpack archive
+if [ -d ${DRIVER_DIR} ]; then
+    rm -rf ${DRIVER_DIR}
+fi
+mkdir -p ${DRIVER_DIR}
+tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE}
+
+# Build/install debs
+cd ${DRIVER_DIR}
+if [ -z $KERNEL_DIR ]; then
+    echo "KERNEL_DIR not defined"
+    exit 1
+fi
+
+sudo ./install.pl \
+  --basic --dpdk \
+  --without-dkms \
+  --without-mlnx-nvme-modules \
+  --with-vma --vma-vpi --vma-eth \
+  --guest --hypervisor \
+  --builddir $DEBIAN_DIR/mlx \
+  --distro $DEB_DISTRO \
+  -s $KERNEL_DIR \
+  -k $KERNEL_VERSION
+
+if [ $DROP_DEV_DBG_DEBS -eq 1 ]; then
+  echo "I: Removing development and debug packages"
+  sudo rm $(find $CWD/$DRIVER_DIR/DEBS/$DEB_DISTRO -type f | grep -E '\-dev|\-dbg')
+fi
+
+cp $(find $CWD/$DRIVER_DIR/DEBS/$DEB_DISTRO -type f | grep '\.deb$') "$CWD/"
+
+echo "I: Cleanup ${DRIVER_NAME} source"
+cd ${CWD}
+if [ -e ${DRIVER_FILE} ]; then
+    rm -f ${DRIVER_FILE}
+fi
+if [ -d ${DRIVER_DIR} ]; then
+    sudo rm -rf ${DRIVER_DIR}
+fi
+if [ -d ${DEBIAN_DIR} ]; then
+    sudo rm -rf ${DEBIAN_DIR}
+fi

From 9cbc700aee4f05aab5f2c2d223c3af173ebeb4db Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 25 Jul 2024 15:30:57 +0200
Subject: [PATCH 2/5] Kernel: T6231: update .gitignore for mellanox drivers

---
 packages/linux-kernel/.gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/linux-kernel/.gitignore b/packages/linux-kernel/.gitignore
index 97e392e372..a3e9257cb1 100644
--- a/packages/linux-kernel/.gitignore
+++ b/packages/linux-kernel/.gitignore
@@ -23,3 +23,5 @@ vyos-intel-*/
 vyos-linux-firmware*/
 kernel-vars
 r8152-*.tar.bz2
+/MLNX_OFED_SRC*
+/vyos-mellanox-ofed*

From 0ce12e4c1a9d3aeffb4d59f262667d1f9e4d3de7 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 25 Jul 2024 15:31:26 +0200
Subject: [PATCH 3/5] Kernel: T6231: verify mellanox driver source by SHA1 hash

---
 packages/linux-kernel/build-mellanox-ofed.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/linux-kernel/build-mellanox-ofed.sh b/packages/linux-kernel/build-mellanox-ofed.sh
index 0ddf084e78..7418af61e7 100755
--- a/packages/linux-kernel/build-mellanox-ofed.sh
+++ b/packages/linux-kernel/build-mellanox-ofed.sh
@@ -21,6 +21,8 @@ url="https://www.mellanox.com/downloads/ofed/MLNX_OFED-24.04-0.6.6.0/MLNX_OFED_S
 cd ${CWD}
 
 DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
+DRIVER_SHA1="003c1c022f9f6558d45750eacc0a64d06cf9cd42"
+
 DRIVER_DIR="${DRIVER_FILE%.tgz}"
 DRIVER_NAME="ofed"
 DRIVER_PRFX="MLNX_OFED"
@@ -42,6 +44,13 @@ if [ "$?" -ne "0" ]; then
     exit 1
 fi
 
+# Verify integrity
+echo "${DRIVER_SHA1} ${DRIVER_FILE}" | sha1sum -c -
+if [[ $? != 0 ]]; then
+    echo SHA1 checksum missmatch
+    exit 1
+fi
+
 # Unpack archive
 if [ -d ${DRIVER_DIR} ]; then
     rm -rf ${DRIVER_DIR}

From 404fec71d1c0a262f831689a7bc79df518e15981 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 25 Jul 2024 15:32:04 +0200
Subject: [PATCH 4/5] mellanox: T6231: add missing KERNEL_SUFFIX for module
 installation path

All VyOS kernel modules must live in the appropriate module directory,
example: /lib/modules/6.6.41-amd64-vyos/

In addition we do not abbreviate script options to make reading easier,
without call --help all the time.
---
 packages/linux-kernel/build-mellanox-ofed.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/linux-kernel/build-mellanox-ofed.sh b/packages/linux-kernel/build-mellanox-ofed.sh
index 7418af61e7..d0b4dbfcf6 100755
--- a/packages/linux-kernel/build-mellanox-ofed.sh
+++ b/packages/linux-kernel/build-mellanox-ofed.sh
@@ -71,10 +71,10 @@ sudo ./install.pl \
   --without-mlnx-nvme-modules \
   --with-vma --vma-vpi --vma-eth \
   --guest --hypervisor \
-  --builddir $DEBIAN_DIR/mlx \
-  --distro $DEB_DISTRO \
-  -s $KERNEL_DIR \
-  -k $KERNEL_VERSION
+  --builddir ${DEBIAN_DIR}/mlx \
+  --distro ${DEB_DISTRO} \
+  --kernel-sources ${KERNEL_DIR} \
+  --kernel ${KERNEL_VERSION}${KERNEL_SUFFIX}
 
 if [ $DROP_DEV_DBG_DEBS -eq 1 ]; then
   echo "I: Removing development and debug packages"

From f33a22bcf36d52a1150ce048a9b60db774416c49 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 25 Jul 2024 15:34:06 +0200
Subject: [PATCH 5/5] mellanox: T6231: we do not need to build all packages,
 delete all unused ones

---
 packages/linux-kernel/build-mellanox-ofed.sh | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/packages/linux-kernel/build-mellanox-ofed.sh b/packages/linux-kernel/build-mellanox-ofed.sh
index d0b4dbfcf6..0dffcfdb82 100755
--- a/packages/linux-kernel/build-mellanox-ofed.sh
+++ b/packages/linux-kernel/build-mellanox-ofed.sh
@@ -65,6 +65,33 @@ if [ -z $KERNEL_DIR ]; then
     exit 1
 fi
 
+rm -f SOURCES/ibarr_0.1.3.orig.tar.gz
+rm -f SOURCES/ibdump_6.0.0.orig.tar.gz
+rm -f SOURCES/ibsim_0.12.orig.tar.gz
+rm -f SOURCES/iser_24.04.OFED.24.04.0.6.6.1.orig.tar.gz
+rm -f SOURCES/isert_24.04.OFED.24.04.0.6.6.1.orig.tar.gz
+rm -f SOURCES/kernel-mft_4.28.0.92.orig.tar.gz
+rm -f SOURCES/knem_1.1.4.90mlnx3.orig.tar.gz
+rm -f SOURCES/libvma_9.8.60.orig.tar.gz
+rm -f SOURCES/libxlio_3.30.5.orig.tar.gz
+rm -f SOURCES/mlnx-ethtool_6.7.orig.tar.gz
+rm -f SOURCES/mlnx-iproute2_6.7.0.orig.tar.gz
+rm -f SOURCES/mlnx-nfsrdma_24.04.OFED.24.04.0.6.6.1.orig.tar.gz
+rm -f SOURCES/mlnx-nvme_24.04.OFED.24.04.0.6.6.1.orig.tar.gz
+rm -f SOURCES/mlx-steering-dump_1.0.0.orig.tar.gz
+rm -f SOURCES/mpitests_3.2.23.orig.tar.gz
+rm -f SOURCES/mstflint_4.16.1.orig.tar.gz
+rm -f SOURCES/ofed-scripts_24.04.OFED.24.04.0.6.6.orig.tar.gz
+rm -f SOURCES/openmpi_4.1.7a1.orig.tar.gz
+rm -f SOURCES/openvswitch_2.17.8.orig.tar.gz
+rm -f SOURCES/perftest_24.04.0.orig.tar.gz
+rm -f SOURCES/rdma-core_2404mlnx51.orig.tar.gz
+rm -f SOURCES/rshim_2.0.28.orig.tar.gz
+rm -f SOURCES/sockperf_3.10.orig.tar.gz
+rm -f SOURCES/srp_24.04.OFED.24.04.0.6.6.1.orig.tar.gz
+rm -f SOURCES/ucx_1.17.0.orig.tar.gz
+
+
 sudo ./install.pl \
   --basic --dpdk \
   --without-dkms \