| 2021-08-11 19:49:27 |
bugproxy |
bug |
|
|
added bug |
| 2021-08-11 19:49:30 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-193902 severity-high targetmilestone-inin2004 |
|
| 2021-08-11 19:49:32 |
bugproxy |
attachment added |
|
backport sec1814 for Ubuntu 20.04 https://bugs.launchpad.net/bugs/1939618/+attachment/5517362/+files/backport_sec1814_ubuntu2004.zip |
|
| 2021-08-11 19:49:33 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2021-08-11 19:49:36 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2021-08-12 06:10:07 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
| 2021-08-12 06:10:31 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2021-08-12 06:10:51 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2021-08-12 08:06:36 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
| 2021-08-12 08:06:50 |
Frank Heimes |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Canonical Kernel Team (canonical-kernel-team) |
|
| 2021-08-12 11:47:20 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
Incomplete |
|
| 2021-08-12 11:47:23 |
Frank Heimes |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2021-08-30 15:08:50 |
Frank Heimes |
summary |
EP11 cards going offline => Fix backport to U20.04LTS |
CryptoExpress EP11 cards are going offline |
|
| 2021-08-31 09:11:49 |
Frank Heimes |
description |
Here is the backport against current git for ubuntu 20.04.
It is a zip file with a patches subdir and all the patches in there together with a series file. So just unpack it and apply with quilt. |
SRU Justification:
[Impact]
* With current focal kernels IBM Z CryptoExpress adapters in EP11 mode go offline in case of unknown error indications from the hardware.
* This does not only lead to a software fallback, but can also lead to errors and crashes,
if certain crypto operations are currently ongoing.
* A rework of the AP bus and zcrypt device driver, as it was done in 5.11, fixes the situation.
* From the below range of commits, the last 1/3 are the ones that fix the issue mentioned here
and the others are pre-requisites to get the relevant ones applied.
* In theory the patch set could have been made smaller,
but with the cost that the code would be a mix between old and new, with maybe some new code snippets,
hence it would divert from what's upstream accepted (in 5.11 and above), the risk would increase,
increased effort to maintain and less test coverage.
[Fix]
* The SRU request was created as pull request,
so please pull f904c400c9c4^..f6d9ab1de03a (means starting at f904c400c9c4 {incl.} to head/f6d9ab1de03a {incl.})
from here: https://code.launchpad.net/~fheimes/+git/lp1939618
[Test Case]
* An Ubuntu Server 20.04 on IBM Z or LinuxONE installation is required,
with ideally three attached CryptoExpress adapters running in CCA, EP11 and accelerator mode.
* Run stress test on these three CryptoExpress adapters.
* IBM has such stress tests and ran these based on a patched Ubuntu 20.04 kernel.
The tests come with a specially focus on error path tests,
since this patch set mainly focuses on doing a better error patch handling.
* Note: A a new config option for the zcrypt driver was introduced
that enables the possibility to inject erroneous messages.
* An application exists that generates such messages and thus tests these error paths.
* Canonical's focus will mainly be on regression testing.
[Regression Potential]
* Like with all modification there is a certain risk of regressions,
especially with bigger patch sets.
* But the modifications here are limited to the s390x platform,
and there again largely to the s390x hardware crypto stack and driver
(CryptoExpress adapter) which is optional hardware.
(See the diff stat in the comment below.)
* The crypto-specific tools (located at the s390-tools package) may no longer work with this patched driver.
But this got tested by IBM with the result that the changes are fully backward compatible.
The 'older' s390 tools package (from focal) can just not show and control the new (config state) feature,
but the functionality covered by the older s390 tools package is utterly covered by this patch set.
* The core of this patch set went into the 5.11 kernel upstream,
hence is in hirsute (and has also been picked by other distros).
* Since this patch set is a rework of the AP bus and zcrypt driver code,
it may now show new errors that were never thrown before, like for or example memory leaks.
However, this is not unique to this patch set, it the same for upstream, Hirsute and Impish (and other distros).
* The patches are all upstream and all needed upstream commits could just be cherry-picked,
hence no modifications were needed.
* So the commits were not only tested by IBM upfront,
but a patched focal master-next kernel is also available as PPA (see comment below) for further testing.
* This patch set was also tested on 5.11, where two issues were found that are already part of this set.
[Other]
* I iterated through all commits and found that that the latest ones got upstream with 5.13,
hence Impish includes all commits needed and is not affected!
* Looks like all commits, expect three, are even upstream with 5.11,
but the missing three came in on top via upstream stable,
hence Hirsute master-next includes all commits needed too and is also not affected!
* But non of the commits could be found in current Focal master-next (aot: 5.4.0-84),
the first commits from this set started to land with 5.7,
hence this SRU request is for focal only.
__________
Here is the backport against current git for ubuntu 20.04.
It is a zip file with a patches subdir and all the patches in there together with a series file. So just unpack it and apply with quilt. |
|
| 2021-08-31 09:12:09 |
Frank Heimes |
linux (Ubuntu): status |
Incomplete |
Triaged |
|
| 2021-08-31 09:12:13 |
Frank Heimes |
ubuntu-z-systems: status |
Incomplete |
Triaged |
|
| 2021-08-31 13:25:54 |
Frank Heimes |
linux (Ubuntu): status |
Triaged |
In Progress |
|
| 2021-08-31 13:26:00 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
| 2021-08-31 15:10:40 |
Kleber Sacilotto de Souza |
nominated for series |
|
Ubuntu Focal |
|
| 2021-08-31 15:10:40 |
Kleber Sacilotto de Souza |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2021-08-31 15:10:48 |
Kleber Sacilotto de Souza |
linux (Ubuntu Focal): status |
New |
In Progress |
|
| 2021-08-31 17:21:03 |
Kleber Sacilotto de Souza |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2021-08-31 17:31:18 |
Frank Heimes |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2021-08-31 17:31:22 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2021-08-31 18:33:20 |
Frank Heimes |
nominated for series |
|
Ubuntu Impish |
|
| 2021-08-31 18:33:20 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Impish) |
|
| 2021-08-31 18:33:20 |
Frank Heimes |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-08-31 18:33:20 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Hirsute) |
|
| 2021-08-31 18:33:35 |
Frank Heimes |
bug task deleted |
linux (Ubuntu Hirsute) |
|
|
| 2021-08-31 18:33:41 |
Frank Heimes |
bug task deleted |
linux (Ubuntu Impish) |
|
|
| 2021-09-07 17:01:42 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-193902 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-193902 severity-high targetmilestone-inin2004 verification-needed-focal |
|
| 2021-09-08 11:26:02 |
Frank Heimes |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2021-09-08 11:26:19 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-193902 severity-high targetmilestone-inin2004 verification-needed-focal |
architecture-s39064 bugnameltc-193902 severity-high targetmilestone-inin2004 verification-done-focal |
|
| 2021-09-27 10:20:54 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-09-27 10:44:23 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
