[Bug 1959548] Re: [22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware (s390-tools part)
Launchpad Bug Tracker
1959548 at bugs.launchpad.net
Tue Jul 5 20:35:13 UTC 2022
This bug was fixed in the package s390-tools - 2.20.0-0ubuntu3.1
---------------
s390-tools (2.20.0-0ubuntu3.1) jammy; urgency=medium
* Fix chreipl-fcp-mpath (LP: #1971993)
- Move chreipl-fcp-mpath* from /lib/udev/rules.d to /lib/udev.
- d/control:
+ Build-Depend on bsdextrautils for hexdump
+ Add multiple explicit Depends on udev
+ s390-tools-chreipl-fcp-mpath: drop unnecessary Depends on lvm2
- No longer change attributes of chreipl-fcp-mpath-common.sh to 755,
since only the input script '.in' has a she-bang, but not the '.sh'
anymore (was done with commit c2f8988).
- Add d/p/0d15a07-chreipl-fcp-mpath-bundle-a-pre-cooked-man-page.patch
to bundle a pre-cooked version of the man page for chreipl-fcp-mpath
Required minor context adjustment for CHANGELOG.md hunk
and changes in d/rules.
- Add missing README.md to s390-tools-chreipl-fcp-mpath.doc
(and with that also the README.md for genprotimg to s390-tools.docs).
* Add new CPU-MF Counters for new IBM Z hardware (LP: #1960119) by:
- d/p/2515832-util_arch-Add-IBM-z16-as-known-machine.patch and
- d/p/cce5f51-cpumf-lscpumf-Add-IBM-z16-extended-counter-set-def.patch
* Add exploitation support of new IBM Z crypto hardware (LP: #1959548) with:
- d/p/b16a6d4f-lszcrypt-add-CEX8S-support.patch
- d/p/bcbb6fca-zcryptstats-add-CEX8-support.patch
- d/p/4382901d-lszcrypt-show-AP-bus-msg-size-limit-capability.patch
- d/p/27dce331-lszcrypt-add-support-for-checkstop-state.patch
- d/p/a29b3c89-lszcrypt-new-options-to-show-only-accel-cca-or-ep11-.patch
- d/p/a8b0d7ac-lszcrypt-new-options-to-filter-cards-queues-only.patch
- d/p/46fd42af-lszcrypt-new-option-to-show-the-serial-numbers-of-CC.patch
* Stabilization of data collection in dbginfo.sh script (LP: #1971959)
by adding several upstream patches:
- d/p/*-dbginfo.sh-*.patch
- whereas one needed minor context adjutment for the CHANGELOG.md hunk:
d/p/50a4740-dbginfo.sh-replace-which-by-builtin-command-type-for.patch
* Fix cmsfs-fuse mount failure due to unknown option '-o hard_remove'
(LP: #1978323) with:
d/p/0981df6-cmsfs-fuse-fix-enabling-of-hard_remove-option.patch
-- Frank Heimes <frank.heimes at canonical.com> Fri, 20 May 2022 13:48:34
+0200
** Changed in: s390-tools (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1959548
Title:
[22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto
Hardware (s390-tools part)
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in s390-tools package in Ubuntu:
Fix Released
Status in s390-tools-signed package in Ubuntu:
Fix Committed
Status in s390-tools source package in Jammy:
Fix Released
Status in s390-tools-signed source package in Jammy:
Fix Committed
Status in s390-tools source package in Kinetic:
Fix Released
Status in s390-tools-signed source package in Kinetic:
Fix Committed
Bug description:
SRU Justification:
==================
[Impact]
* This in a hardware enablement SRU,
and mainly adds support for CryptoExpress 8S adapters
to the s390-tools package.
* With that the new options 'show_serialnumbers',
'--accelonly', '--ccaonly' and '--ep11only'
are introduced to the lszcrypt tool.
* In addition lszcrypt now supports the checkstop state
of a crypto card, that is provided by the 'chkstop'
attribute in the sysfs of newer kernels.
* And lszcrypt now shows the AP bus msg size limit capability,
which is needed for new adapter cards.
* New codes for zcryptstats are needed as well.
[Test Plan]
* Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
that has an CryptoExpress 8S adapter attached to it
and at least one crypto domain online and available.
* Call 'lszcrypt -V' and check the 2nd column called 'type'
and the last column called 'driver'.
* If both have entries that start with "cex8..." then the new
CryptoExpress 8S driver is active and the new card is detected
and can be used (and the new features exploited).
* If the driver listed there is older than 'cex8',
than the new card is probably detected as an older type
and it runs in toleration mode only.
* Try and test the new options.
* Run zcryptstats and with that make use of the new codes
(which actually means add CEX8S support for zcryptstats).
* And finally extending lszcrypt's capabilities and
make it aware of CEX8S.
[Where problems could occur]
* The new declarations, initializations or the scan for the serial numbers
of the devices could fail, which would lead to a non-working
or even erroneous new '-s' option.
* The new filter mechanism could be broken and now incorrect
resources, but this would be limited to the new options
'--cardonly' and '--queueonly'.
* The same applies to the new options
'--accelonly', '--ccaonly' and '--ep11only'.
* The handling of the new chkstop state can be confusing or might be
broken, which may lead to wrong state representations.
* The new AP bus msg size limit mights be incorrectly calculated,
which leads to a wrong size and with that certain feature not to work.
* The new zcryptstats might come with wrong or mixed codes,
which would lead to wrong and misleading statistics,
or even break zcryptstats.
* Regarding the lszcrypt capability extension there is no danger
since an existing case statement is extended and the case content
reused unchanged.
* All this is s390x specific, and only affects the handling for
CryptoExpress 8S adapters. It won't have an impact on CPACF.
__________
zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware -
s390-tools part
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959548/+subscriptions
More information about the foundations-bugs
mailing list