2021-12-13 16:49:18 |
bugproxy |
bug |
|
|
added bug |
2021-12-13 16:49:21 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 |
|
2021-12-13 16:49:22 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2021-12-13 16:49:24 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
2021-12-13 16:49:26 |
bugproxy |
bug |
|
|
added subscriber CDE Administration |
2021-12-13 16:49:27 |
bugproxy |
bug |
|
|
added subscriber Boris Barth |
2021-12-13 16:50:13 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
2021-12-13 16:59:15 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2021-12-13 16:59:20 |
Frank Heimes |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Frank Heimes (fheimes) |
|
2021-12-13 16:59:33 |
Frank Heimes |
nominated for series |
|
Ubuntu Impish |
|
2021-12-13 16:59:33 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Impish) |
|
2021-12-13 16:59:33 |
Frank Heimes |
nominated for series |
|
Ubuntu Focal |
|
2021-12-13 16:59:33 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Focal) |
|
2021-12-13 16:59:33 |
Frank Heimes |
nominated for series |
|
Ubuntu Jammy |
|
2021-12-13 16:59:33 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Jammy) |
|
2021-12-13 16:59:33 |
Frank Heimes |
nominated for series |
|
Ubuntu Hirsute |
|
2021-12-13 16:59:33 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Hirsute) |
|
2021-12-13 17:00:41 |
Frank Heimes |
linux (Ubuntu Jammy): status |
New |
Fix Released |
|
2021-12-13 17:00:53 |
Frank Heimes |
linux (Ubuntu Jammy): importance |
Undecided |
High |
|
2021-12-13 17:00:55 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
2021-12-13 17:25:45 |
Frank Heimes |
description |
Toleration support for new IBM Z crypto hardware - Backport to focal (20.04)
Patch from kernel 5.14:
Summary: kernel: support new dynamic AP bus size limit
Description: This patch provides support for new dynamic AP bus
message limit with the existing zcrypt device driver
and AP bus core code. There is support for a new
field 'ml' from the TAPQ query which indicates the
per card AP bus message size limit. This TAPQ
improvement will come with an updated firmware and
this patch exploits this new field and thus makes
it possible to send/receive AP messages greater
than the current limit of 12K.
Upstream-ID: bd39654a2282c1a51c044575a6bc00d641d5dfd1 |
Toleration support for new IBM Z crypto hardware - Backport to focal (20.04)
Patch from kernel 5.14:
Summary: s390/AP: support new dynamic AP bus size limit
Description: This patch provides support for new dynamic AP bus
message limit with the existing zcrypt device driver
and AP bus core code. There is support for a new
field 'ml' from the TAPQ query which indicates the
per card AP bus message size limit. This TAPQ
improvement will come with an updated firmware and
this patch exploits this new field and thus makes
it possible to send/receive AP messages greater
than the current limit of 12K.
Upstream-ID: bd39654a2282c1a51c044575a6bc00d641d5dfd1 |
|
2021-12-13 17:56:46 |
Frank Heimes |
linux (Ubuntu Impish): status |
New |
Fix Released |
|
2021-12-13 18:31:06 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
New |
Confirmed |
|
2021-12-13 18:31:11 |
Frank Heimes |
linux (Ubuntu Focal): status |
New |
Confirmed |
|
2021-12-13 18:31:15 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Confirmed |
|
2021-12-14 11:07:04 |
Frank Heimes |
description |
Toleration support for new IBM Z crypto hardware - Backport to focal (20.04)
Patch from kernel 5.14:
Summary: s390/AP: support new dynamic AP bus size limit
Description: This patch provides support for new dynamic AP bus
message limit with the existing zcrypt device driver
and AP bus core code. There is support for a new
field 'ml' from the TAPQ query which indicates the
per card AP bus message size limit. This TAPQ
improvement will come with an updated firmware and
this patch exploits this new field and thus makes
it possible to send/receive AP messages greater
than the current limit of 12K.
Upstream-ID: bd39654a2282c1a51c044575a6bc00d641d5dfd1 |
SRU Justification:
==================
[Impact]
* CEX8 hardware CryptoExpress adapter shall support quantum-safe crypto
and therefore require nowadays message sizes > 12kB.
* This change here is mainly required to support EP11 responses to admin requests at zNext
which due to QS certificates can grow larger than 12kB.
* It's to cover a minimal patch to provide toleration support for this feature
which shall be back-ported to all distribution releases in service at zNext
* This SRU requests belongs to the hardware enablement case.
[Fix]
* bd39654a2282 bd39654a2282c1a51c044575a6bc00d641d5dfd1 "s390/AP: support new dynamic AP bus size limit"
[Test Plan]
* An Ubuntu 20.04 (respectively 21.04) LPAR or z/VM guest is needed
that has access to at least one online crypto domain.
* Ideally using a CEX8 adapter (but can be too early to get one).
* Then get the patched kernel installed (see PPA below).
* And look for the /sys/devices/ap/cardxx/max_msg_size sysfs attributes.
* On top IBM has some more in-depth zcrypt tests (see also LP#1933805).
[Where problems could occur]
* First of all the modification are limited to:
the zcrypt driver ("/drivers/s390/crypto/ap_*.*" and
"/drivers/s390/crypto/zcrypt_*.*")
hence are s390x platform specific and crypto specific and
should even affect CEX8 cards only.
So in case anything fails, it's limited to s390x cryptography,
which usually allows sw fall-backs.
* The function signature of ap_queue_info and ap_test_queue got modified,
which may lead to issues if called with the old signatures,
but that would be identified by the test compile already.
* Some minor new structures like 'info', 'ml' got introduced,
but are properly declared and initialized.
* The way ap_queue_info and ap_card_create get filled and used was changed,
therefore in some code areas slightly different data might be expected,
if not properly adapted to the new way.
But a verification test will prove this.
* The actual msg length is now handled based on bufsize rather than len
and with that zq is calculated in a different way (using zcrypt_queue_alloc)
which may cause some side effects if not properly (alloc)
or not thoroughly done.
* in _zcrypt_send_cprb and _zcrypt_send_ep11_cprb some additional calculations
and checks (if-stmts) were introduced, but they look sane.
* New code to identify older cards got added, since message sizes > 12kB
are supported by CEX8 and higher only.
The dispatcher responsible for choosing the right card and queue is aware
of the individual card AP bus message limit.
But already at the user space tools it should be ensured that the right
card is used.
* Nevertheless, the patch is not small, hence s390x hardware crypto
zcrypt driver needs to be properly re-tested.
[Other Info]
* The above commit/patch is upstream accepted with 5.14.
* Impish's Kernel 5.13 was already patched, based on LP#1933805.
* With that there is already a certain level of testing that was done
based on Impish (since the zcrypt driver is largely the same now with
these cherry-picks).
* Hence the SRU is only needed for Focal
and Hirsute (just to avoid regressions on upgrades).
__________
Toleration support for new IBM Z crypto hardware - Backport to focal (20.04)
Patch from kernel 5.14:
Summary: s390/AP: support new dynamic AP bus size limit
Description: This patch provides support for new dynamic AP bus
message limit with the existing zcrypt device driver
and AP bus core code. There is support for a new
field 'ml' from the TAPQ query which indicates the
per card AP bus message size limit. This TAPQ
improvement will come with an updated firmware and
this patch exploits this new field and thus makes
it possible to send/receive AP messages greater
than the current limit of 12K.
Upstream-ID: bd39654a2282c1a51c044575a6bc00d641d5dfd1 |
|
2021-12-14 11:37:25 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
Confirmed |
In Progress |
|
2021-12-14 11:37:29 |
Frank Heimes |
linux (Ubuntu Impish): assignee |
|
Frank Heimes (fheimes) |
|
2021-12-14 11:37:33 |
Frank Heimes |
linux (Ubuntu Focal): status |
Confirmed |
In Progress |
|
2021-12-14 11:37:49 |
Frank Heimes |
linux (Ubuntu Hirsute): assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
2021-12-14 11:38:10 |
Frank Heimes |
linux (Ubuntu Focal): assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
2021-12-14 11:38:15 |
Frank Heimes |
ubuntu-z-systems: status |
Confirmed |
In Progress |
|
2021-12-15 13:49:52 |
Frank Heimes |
information type |
Private |
Public |
|
2021-12-15 13:58:18 |
Kleber Sacilotto de Souza |
linux (Ubuntu Hirsute): status |
In Progress |
Fix Committed |
|
2021-12-15 13:58:21 |
Kleber Sacilotto de Souza |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2021-12-15 14:21:28 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2022-01-12 13:36:38 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-needed-hirsute |
|
2022-01-14 10:41:50 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-needed-hirsute |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-hirsute |
|
2022-01-19 13:18:28 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-hirsute |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-hirsute verification-needed-focal |
|
2022-01-24 10:33:17 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-hirsute verification-needed-focal |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-focal verification-done-hirsute |
|
2022-01-31 12:27:53 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-01-31 12:48:38 |
Frank Heimes |
linux (Ubuntu Hirsute): status |
Fix Committed |
Invalid |
|
2022-01-31 12:48:43 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
2022-02-07 15:05:31 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-focal verification-done-hirsute |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-focal verification-done-hirsute verification-needed-bionic |
|
2022-02-07 16:11:56 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-focal verification-done-hirsute verification-needed-bionic |
architecture-s39064 bugnameltc-195656 severity-high targetmilestone-inin2004 verification-done-bionic verification-done-focal verification-done-hirsute |
|