[18.10 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver binding

Bug #1784331 reported by bugproxy on 2018-07-30
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
Medium
Seth Forshee

Bug Description

With the introduction of KVM crypto virtualization the driver bound to an AP queue device is no longer unique determined.
This feature provides a deterministic hot plugging semantics of AP queues that may be bound to multiple drivers.
In particular it enables to configure an AP queue (APQN) as being bound to a particular driver even if the associate HW gets intermittently lost and reconnected.

Is planned as part of kernel 4.19. Therefore a backport to kernel 4.18 will be required.

CVE References

bugproxy (bugproxy) on 2018-07-30
tags: added: architecture-s39064 bugnameltc-169982 severity-high targetmilestone-inin1810
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Dimitri John Ledkov (xnox) wrote :

Will such the backported git tree for the v4.18 series be provided by the IBM kernel team?
Do you have these patches already ready or staged in the s390/kvm git trees?
Such that our kernel team can assess pulling those in.

Andy Whitcroft (apw) on 2018-07-30
Changed in linux (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
Changed in ubuntu-z-systems:
importance: Undecided → High
Changed in ubuntu-z-systems:
status: New → Triaged
Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: Triaged → Incomplete
Dimitri John Ledkov (xnox) wrote :

Merge window is almost closed. Was this pulled? What are the git commit ids please?

I see:

commit 7e0bdbe5c21cb8316a694e46ad5aad339f6894a6
Author: Harald Freudenberger <email address hidden>
Date: Fri Jul 20 08:36:53 2018 +0200

    s390/zcrypt: AP bus support for alternate driver(s)

Is that complete? Or other commits needed as well?

Please provide full list of ids, in the Linus' tree, or provide pointers to a maintainer tree.

------- Comment From <email address hidden> 2018-08-30 07:58 EDT-------
@Xnox:
Please also provide following git committed Code.
This came up after patch integration into 4.19.

commit 3d8f60d38e249f989a7fca9c2370c31c3d5487e1

s390/zcrypt: hex string mask improvements for apmask and aqmask.

The sysfs attributes /sys/bus/ap/apmask and /sys/bus/ap/aqmask
and the kernel command line arguments ap.apm and ap.aqm get
an improvement of the value parsing with this patch:

The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes and the kernel command line accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- Relative format - a concatenation (done with ',') of the terms
+<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255.
Here are some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"

Frank Heimes (frank-heimes) wrote :

Just to double check - the following TWO commmits from 4.19 are need, right?

commit 7e0bdbe5c21cb8316a694e46ad5aad339f6894a6
s390/zcrypt: AP bus support for alternate driver(s)

commit 3d8f60d38e249f989a7fca9c2370c31c3d5487e1
s390/zcrypt: hex string mask improvements for apmask and aqmask.

Do you know if the commits apply cleanly? Or will you provide a backport (in case not)?
(Assigning to kernel team ...)

Changed in ubuntu-z-systems:
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
status: Incomplete → Triaged
Changed in linux (Ubuntu):
status: Incomplete → New
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-08-30 08:53 EDT-------
@Frank:
To make it smooth, apply clean to 4.18 please use also
1) Git-commit:
ac2b96f351d7d222
s390/zcrypt: code beautify"

2)Git-commit
7e0bdbe5c21cb831
"s390/zcrypt: AP bus support for alternate driver(s)"

3) Git-commit
3d8f60d38e249f98
s390/zcrypt: hex string mask improvements for apmask and aqmask

Now it should be final . sorry for the later updates......
Thx in advance

Seth Forshee (sforshee) wrote :

Can this bug be made public, or else a public bug created for this feature?

information type: Private → Public
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-08-30 09:47 EDT-------
I don't see a reason , do not make this request public... All git-commits are currently available with kernel 4.19 .

Changed in linux (Ubuntu):
milestone: none → ubuntu-18.10
Seth Forshee (sforshee) on 2018-08-31
Changed in linux (Ubuntu):
assignee: Canonical Kernel Team (canonical-kernel-team) → Seth Forshee (sforshee)
importance: Undecided → Medium
status: New → Fix Committed
Changed in ubuntu-z-systems:
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (29.0 KiB)

This bug was fixed in the package linux - 4.18.0-8.9

---------------
linux (4.18.0-8.9) cosmic; urgency=medium

  * linux: 4.18.0-8.9 -proposed tracker (LP: #1791663)

  * Cosmic update to v4.18.7 stable release (LP: #1791660)
    - rcu: Make expedited GPs handle CPU 0 being offline
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - spi: davinci: fix a NULL pointer dereference
    - spi: pxa2xx: Add support for Intel Ice Lake
    - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
    - spi: cadence: Change usleep_range() to udelay(), for atomic context
    - mmc: block: Fix unsupported parallel dispatch of requests
    - mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts
    - mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
    - readahead: stricter check for bdi io_pages
    - block: fix infinite loop if the device loses discard capability
    - block: blk_init_allocated_queue() set q->fq as NULL in the fail case
    - block: really disable runtime-pm for blk-mq
    - blkcg: Introduce blkg_root_lookup()
    - block: Introduce blk_exit_queue()
    - block: Ensure that a request queue is dissociated from the cgroup controller
    - apparmor: fix bad debug check in apparmor_secid_to_secctx()
    - dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
    - libertas: fix suspend and resume for SDIO connected cards
    - media: Revert "[media] tvp5150: fix pad format frame height"
    - mailbox: xgene-slimpro: Fix potential NULL pointer dereference
    - Replace magic for trusting the secondary keyring with #define
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/64s: Fix page table fragment refcount race vs speculative references
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - powerpc/pkeys: Give all threads control of their key permissions
    - powerpc/pkeys: Deny read/write/execute by default
    - powerpc/pkeys: key allocation/deallocation must not change pkey registers
    - powerpc/pkeys: Save the pkey registers before fork
    - powerpc/pkeys: Fix calculation of total pkeys.
    - powerpc/pkeys: Preallocate execute-only key
    - powerpc/nohash: fix pte_access_permitted()
    - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
    - powerpc/powernv/pci: Work around races in PCI bridge enabling
    - cxl: Fix wrong comparison in cxl_adapter_context_get()
    - IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
    - IB/mlx5: Fix leaking stack memory to userspace
    - IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
    - IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
    - IB/srpt: Support HCAs with more than two ports
    - overflow.h: Add arithmetic shift helper
    - RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
    - ib_srpt: Fix a use-after-free in srpt_close_ch()
    - ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
    - RDMA/rxe: Set wqe->status correctly if an unexpected...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Changed in ubuntu-z-systems:
status: Fix Released → Fix Committed
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-10-23 07:25 EDT-------
IBM bugzilla status->closed; Fix Released in Cosmic.
For Bionic another LP is opened.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1799184

Andy Whitcroft (apw) on 2019-02-14
tags: added: kernel-fixup-verification-needed-bionic
removed: verification-needed-bionic
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Andy Whitcroft (apw) wrote :

This bug was erroneously marked for verification in bionic; verification is not required and verification-needed-bionic is being removed.

tags: removed: verification-needed-bionic
tags: added: verification-done-bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers