Hi Harald, glad that you now have a test-system at hand (and thx for the clarification).
Well, so far this LP tickets asks (in LP comment #8: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1954680/comments/7) for verification on hirsute. focal/20.04 need to be verified soon too, but the 'ubuntu-kernel-bot' did not left a comment regarding focal verification, yet. I just checked if the code landed in the focal master-next tree: $ git log --oneline --grep "s390/AP: support new dynamic AP bus size limit" f65525ab6604 s390/AP: support new dynamic AP bus size limit and it is and it's tagged to be included in kernel 'Ubuntu-5.4.0-95', which is the next upcoming kernel: $ git tag --contains f65525ab6604 Ubuntu-5.4.0-95.107 But 'Ubuntu-5.4.0-95' is still in preparation and not yet ready, hence did not arrived in the archives yet (will btw. first land in -proposed): $ rmadison -a s390x linux-generic | grep focal linux-generic | 5.4.0.26.32 | focal | s390x linux-generic | 5.4.0.94.98 | focal-security | s390x linux-generic | 5.4.0.94.98 | focal-updates | s390x (-proposed is not yet listed) So I apologize, that currently on hirsute/21.04 verification is possible (you may just leave the focal system sitting there for a while ...?!) For hirsute the kernel 5.11.0-47 is the one that incl. the requested patch (according to comment #7) - and I just double checked the hirsute master-next tree: $ git log --oneline --grep "s390/AP: support new dynamic AP bus size limit" c0c6e76a5dd8 s390/AP: support new dynamic AP bus size limit $ git tag --contains c0c6e76a5dd8 Ubuntu-5.11.0-47.52 $ rmadison -a s390x linux-generic | grep hirsute linux-generic | 5.11.0.16.17 | hirsute | s390x linux-generic | 5.11.0.46.46 | hirsute-security | s390x linux-generic | 5.11.0.46.46 | hirsute-updates | s390x linux-generic | 5.11.0.47.47 | hirsute-proposed | s390x So the hirsute kernel is indeed ready to test from proposed (btw. please ignore the right-most digits of the kernel version, they just incl. build info). And to get a kernel installed and running from the "-proposed" pocket of the archive, the following is needed on top of a standard installation: 1) enable proposed with: "sudo add-apt-repository "deb http://us.ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc)-proposed main" (for the src use "sudo add-apt-repository "deb-src http://us.ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc)-proposed main") 2) Do an "sudo apt update" (if not automatically triggered) and you will find new packages listed by: "apt list --upgradable" 3) You can just install all of them (e.g. with "sudo apt full-upgrade"), or just selectively install an updated package, like the kernel (e.g. "sudo apt install linux-generic"). 4) Reboot to activate the new kernel (and check with 'uname' or 'apt-cache policy linux-generic' after reboot and before testing). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1954680 Title: zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu 20.04) Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Hirsute: Fix Committed Status in linux source package in Impish: Fix Released Status in linux source package in Jammy: Fix Released Bug description: SRU Justification: ================== [Impact] * CEX8 hardware CryptoExpress adapter shall support quantum-safe crypto and therefore require nowadays message sizes > 12kB. * This change here is mainly required to support EP11 responses to admin requests at zNext which due to QS certificates can grow larger than 12kB. * It's to cover a minimal patch to provide toleration support for this feature which shall be back-ported to all distribution releases in service at zNext * This SRU requests belongs to the hardware enablement case. [Fix] * bd39654a2282 bd39654a2282c1a51c044575a6bc00d641d5dfd1 "s390/AP: support new dynamic AP bus size limit" [Test Plan] * An Ubuntu 20.04 (respectively 21.04) LPAR or z/VM guest is needed that has access to at least one online crypto domain. * Ideally using a CEX8 adapter (but can be too early to get one). * Then get the patched kernel installed (see PPA below). * And look for the /sys/devices/ap/cardxx/max_msg_size sysfs attributes. * On top IBM has some more in-depth zcrypt tests (see also LP#1933805). [Where problems could occur] * First of all the modification are limited to: the zcrypt driver ("/drivers/s390/crypto/ap_*.*" and "/drivers/s390/crypto/zcrypt_*.*") hence are s390x platform specific and crypto specific and should even affect CEX8 cards only. So in case anything fails, it's limited to s390x cryptography, which usually allows sw fall-backs. * The function signature of ap_queue_info and ap_test_queue got modified, which may lead to issues if called with the old signatures, but that would be identified by the test compile already. * Some minor new structures like 'info', 'ml' got introduced, but are properly declared and initialized. * The way ap_queue_info and ap_card_create get filled and used was changed, therefore in some code areas slightly different data might be expected, if not properly adapted to the new way. But a verification test will prove this. * The actual msg length is now handled based on bufsize rather than len and with that zq is calculated in a different way (using zcrypt_queue_alloc) which may cause some side effects if not properly (alloc) or not thoroughly done. * in _zcrypt_send_cprb and _zcrypt_send_ep11_cprb some additional calculations and checks (if-stmts) were introduced, but they look sane. * New code to identify older cards got added, since message sizes > 12kB are supported by CEX8 and higher only. The dispatcher responsible for choosing the right card and queue is aware of the individual card AP bus message limit. But already at the user space tools it should be ensured that the right card is used. * Nevertheless, the patch is not small, hence s390x hardware crypto zcrypt driver needs to be properly re-tested. [Other Info] * The above commit/patch is upstream accepted with 5.14. * Impish's Kernel 5.13 was already patched, based on LP#1933805. * With that there is already a certain level of testing that was done based on Impish (since the zcrypt driver is largely the same now with these cherry-picks). * Hence the SRU is only needed for Focal and Hirsute (just to avoid regressions on upgrades). __________ Toleration support for new IBM Z crypto hardware - Backport to focal (20.04) Patch from kernel 5.14: Summary: s390/AP: support new dynamic AP bus size limit Description: This patch provides support for new dynamic AP bus message limit with the existing zcrypt device driver and AP bus core code. There is support for a new field 'ml' from the TAPQ query which indicates the per card AP bus message size limit. This TAPQ improvement will come with an updated firmware and this patch exploits this new field and thus makes it possible to send/receive AP messages greater than the current limit of 12K. Upstream-ID: bd39654a2282c1a51c044575a6bc00d641d5dfd1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1954680/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
