crypto : tolerate new crypto hardware for z Systems

Bug #1644557 reported by bugproxy on 2016-11-24
28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Undecided
Unassigned
linux (Ubuntu)
Status tracked in Zesty
Xenial
Undecided
Tim Gardner
Yakkety
Undecided
Tim Gardner
Zesty
Undecided
Unassigned

Bug Description

crypto : tolerate new crypto hardware for z Systems

cherrypick patches from v4.10.

CVE References

bugproxy (bugproxy) on 2016-11-24
tags: added: architecture-s39064 bugnameltc-149078 severity-high targetmilestone-inin16041
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
information type: Public → Private

------- Comment From <email address hidden> 2016-11-24 08:31 EDT-------
Backport request of cryto-toleration patch for new crypto HW for Ubuntu 16.04 LTS

Dimitri John Ledkov (xnox) wrote :

No, that's probably wrong as it's from 2014. Do you have git commit ids to the relevant patches upstream per-chance?

Dimitri John Ledkov (xnox) wrote :

Please note that:
commit 42f4dd613fe808676126472bbe1283e452201148
Author: Ingo Tuchscherer <email address hidden>
Date: Thu Oct 2 14:48:46 2014 +0200

    s390/zcrypt: Toleration of new crypto hardware

    The zcrypt device driver will accept the new crypto adapter
    in toleration mode. A new sysfs attribute 'raw_hwtype' will
    expose the raw hardware type.

    Signed-off-by: Ingo Tuchscherer <email address hidden>
    Signed-off-by: Harald Freudenberger <email address hidden>

Is available in all ubuntu releases.

Changed in linux (Ubuntu Zesty):
status: New → Incomplete
Changed in linux (Ubuntu Yakkety):
status: New → Incomplete
Changed in linux (Ubuntu Xenial):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-11-29 09:54 EDT-------
Hello Heinz-Werner, hi xnox

the required patch is still not upstream. It is in the pipe for Martin to be sent to Linus for the next kernel 4.10.
Of course the fix is ready and I could attach it here, but I think Ubuntu wants to wait until it is upstream available.

regards
H.Freudenberger

Frank Heimes (frank-heimes) wrote :

LP 1644533 has been marked as duplicate of this tickets Zesty section.

Changed in linux (Ubuntu Zesty):
milestone: none → ubuntu-17.03
Changed in linux (Ubuntu Xenial):
milestone: none → xenial-updates
description: updated
Changed in linux (Ubuntu Zesty):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel (canonical-kernel)
status: Incomplete → Confirmed
Changed in linux (Ubuntu Yakkety):
status: Incomplete → Confirmed
Changed in ubuntu-z-systems:
status: Incomplete → Confirmed
Changed in linux (Ubuntu Xenial):
status: Incomplete → Confirmed
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-12-19 09:15 EDT-------
This is the git commit.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3e8652bcbfa04807e44708d4d0c8cdad39c9215

If further information needed, let me know.

Tim Gardner (timg-tpi) wrote :

There needs to be a public bug before I can submit a patch to the kernel team email list.

Frank Heimes (frank-heimes) wrote :

Made bug public after brief consulting ...

information type: Private → Public
Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Xenial):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → In Progress
Changed in linux (Ubuntu Yakkety):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → In Progress
Tim Gardner (timg-tpi) wrote :

commit b3e8652bcbfa04807e44708d4d0c8cdad39c9215 ('s390/zcrypt: Introduce CEX6 toleration') will be released in v4.10-rc1

Changed in linux (Ubuntu Zesty):
assignee: Canonical Kernel (canonical-kernel) → nobody
status: Confirmed → Fix Released
Changed in ubuntu-z-systems:
status: Confirmed → In Progress
Luis Henriques (henrix) on 2016-12-19
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
Po-Hsu Lin (cypressyew) wrote :

Hello folks,
can anyone help us to verify this fix in -proposed?
Thanks

Launchpad Janitor (janitor) wrote :
Download full text (5.9 KiB)

This bug was fixed in the package linux - 4.4.0-59.80

---------------
linux (4.4.0-59.80) xenial; urgency=low

  [ John Donnelly ]

  * Release Tracking Bug
    - LP: #1654282

  * [2.1.1] MAAS has nvme0n1 set as boot disk, curtin fails (LP: #1651602)
    - (fix) nvme: only require 1 interrupt vector, not 2+

linux (4.4.0-58.79) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1651402

  * Support ACPI probe for IIO sensor drivers from ST Micro (LP: #1650123)
    - SAUCE: iio: st_sensors: match sensors using ACPI handle
    - SAUCE: iio: st_accel: Support sensor i2c probe using acpi
    - SAUCE: iio: st_pressure: Support i2c probe using acpi
    - [Config] CONFIG_HTS221=m, CONFIG_HTS221_I2C=m, CONFIG_HTS221_SPI=m

  * Fix channel data parsing in ST Micro sensor IIO drivers (LP: #1650189)
    - SAUCE: iio: common: st_sensors: fix channel data parsing

  * ST Micro lng2dm 3-axis "femto" accelerometer support (LP: #1650112)
    - SAUCE: iio: st-accel: add support for lis2dh12
    - SAUCE: iio: st_sensors: support active-low interrupts
    - SAUCE: iio: accel: Add support for the h3lis331dl accelerometer
    - SAUCE: iio: st_sensors: verify interrupt event to status
    - SAUCE: iio: st_sensors: support open drain mode
    - SAUCE: iio:st_sensors: fix power regulator usage
    - SAUCE: iio: st_sensors: switch to a threaded interrupt
    - SAUCE: iio: accel: st_accel: Add lis3l02dq support
    - SAUCE: iio: st_sensors: fix scale configuration for h3lis331dl
    - SAUCE: iio: accel: st_accel: add support to lng2dm
    - SAUCE: iio: accel: st_accel: inline per-sensor data
    - SAUCE: Documentation: dt: iio: accel: add lng2dm sensor device binding

  * ST Micro hts221 relative humidity sensor support (LP: #1650116)
    - SAUCE: iio: humidity: add support to hts221 rh/temp combo device
    - SAUCE: Documentation: dt: iio: humidity: add hts221 sensor device binding
    - SAUCE: iio: humidity: remove
    - SAUCE: iio: humidity: Support acpi probe for hts211

  * crypto : tolerate new crypto hardware for z Systems (LP: #1644557)
    - s390/zcrypt: Introduce CEX6 toleration

  * Acer, Inc ID 5986:055a is useless after 14.04.2 installed. (LP: #1433906)
    - uvcvideo: uvc_scan_fallback() for webcams with broken chain

  * vmxnet3 driver could causes kernel panic with v4.4 if LRO enabled.
    (LP: #1650635)
    - vmxnet3: segCnt can be 1 for LRO packets

  * system freeze when swapping to encrypted swap partition (LP: #1647400)
    - mm, oom: rework oom detection
    - mm: throttle on IO only when there are too many dirty and writeback pages

  * Kernel Fixes to get TCMU File Backed Optical to work (LP: #1646204)
    - target/user: Use sense_reason_t in tcmu_queue_cmd_ring
    - target/user: Return an error if cmd data size is too large
    - target/user: Fix comments to not refer to data ring
    - SAUCE: (no-up) target/user: Fix use-after-free of tcmu_cmds if they are
      expired

  * CVE-2016-9756
    - KVM: x86: drop error recovery in em_jmp_far and em_ret_far

  * Dell Precision 5520 & 3520 freezes at login screent (LP: #1650054)
    - ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520

  * CVE-2016-979...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package linux - 4.8.0-34.36

---------------
linux (4.8.0-34.36) yakkety; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1651800

  * Miscellaneous Ubuntu changes
    - SAUCE: Do not build the xr-usb-serial driver for s390

linux (4.8.0-33.35) yakkety; urgency=low

  [ Thadeu Lima de Souza Cascardo ]

  * Release Tracking Bug
    - LP: #1651721

  [ Luis Henriques ]

  * crypto : tolerate new crypto hardware for z Systems (LP: #1644557)
    - s390/zcrypt: Introduce CEX6 toleration

  * Several new Asus laptops are missing touchpad support (LP: #1650895)
    - HID: asus: Add i2c touchpad support

  * Acer, Inc ID 5986:055a is useless after 14.04.2 installed. (LP: #1433906)
    - uvcvideo: uvc_scan_fallback() for webcams with broken chain

  * cdc_ether fills kernel log (LP: #1626371)
    - cdc_ether: Fix handling connection notification

  * Kernel Fixes to get TCMU File Backed Optical to work (LP: #1646204)
    - SAUCE: target/user: Fix use-after-free of tcmu_cmds if they are expired

  * CVE-2016-9756
    - KVM: x86: drop error recovery in em_jmp_far and em_ret_far

  * On boot excessive number of kworker threads are running (LP: #1649905)
    - slub: move synchronize_sched out of slab_mutex on shrink

  * Ethernet not work after upgrade from kernel 3.19 to 4.4 [10ec:8168]
    (LP: #1648279)
    - ACPI / blacklist: Make Dell Latitude 3350 ethernet work

  * Ubuntu 16.10 netboot install fails with "Oops: Exception in kernel mode,
    sig: 5 [#1] " (lpfc) (LP: #1648873)
    - scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put()

  * CVE-2016-9793
    - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

  * [Hyper-V] Kernel panic not functional on 32bit Ubuntu 14.10, 15.04, and
    15.10 (LP: #1400319)
    - Drivers: hv: avoid vfree() on crash

  * d-i is missing usb support for platforms that use the xhci-platform driver
    (LP: #1625222)
    - d-i initrd needs additional usb modules to support the merlin platform

  * overlayfs no longer supports nested overlayfs mounts, but there is a fix
    upstream (LP: #1647007)
    - ovl: fix d_real() for stacked fs

  * Yakkety: arm64: CONFIG_ARM64_ERRATUM_845719 isn't enabled (LP: #1647793)
    - [Config] CONFIG_ARM64_ERRATUM_845719=y

  * Ubuntu16.10 - EEH on BELL3 adapter fails to recover (serial/tty)
    (LP: #1646857)
    - serial: 8250_pci: Detach low-level driver during PCI error recovery

  * Driver for Exar USB UART (LP: #1645591)
    - SAUCE: xr-usb-serial: Driver for Exar USB serial ports
    - SAUCE: xr-usb-serial: interface for switching modes
    - SAUCE: cdc-acm: Exclude Exar USB serial ports

  * [Bug] (Purley) x86/hpet: Reduce HPET counter read contention (LP: #1645928)
    - x86/hpet: Reduce HPET counter read contention

  * Need Alps upstream their new touchpad driver (LP: #1571530)
    - Input: ALPS - add touchstick support for SS5 hardware
    - Input: ALPS - handle 0-pressure 1F events
    - Input: ALPS - allow touchsticks to report pressure
    - Input: ALPS - set DualPoint flag for 74 03 28 devices

  * CONFIG_NR_CPUS=256 is too low (LP: #1579205)
    - [Config] Increase the NR_CPUS to 512 for amd64 to support systems with a...

Read more...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2017-01-09 12:30 EDT-------
Verification pending, please keep integration window open at least until Jan 11th - thanks.

bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2017-01-10 09:54 EDT-------
Verifying on xenial:
====================
...
Setting up linux-image-generic (4.4.0.59.62) ...
Setting up linux-headers-4.4.0-59 (4.4.0-59.80) ...
Setting up linux-headers-4.4.0-59-generic (4.4.0-59.80) ...
Setting up linux-headers-generic (4.4.0.59.62) ...
Setting up linux-generic (4.4.0.59.62) ...

ii linux-generic 4.4.0.59.62 s390x Complete Generic Linux kernel and headers

Running 16.04.1 LTS (Xenial Xerus)" I updated the linux-generic package from xenial-proposed to version 4.4.0.59.62 and ran a basic regression test on Cryptographic Adapters. Cards came online upon modprobe ap, could be set offline/online, and passed basic workload tests.

Verifying on yakkety:
=====================
Used linux-generic Version: 4.8.0.34.43
Running 16.10 (Yakkety Yak) we successfully executed the above mentioned tests.

------- Comment From <email address hidden> 2017-01-10 09:58 EDT-------
IBM bugzilla -> closed

tags: added: verification-done-xenial verification-done-yakkety
removed: verification-needed-xenial verification-needed-yakkety
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers