Ubuntu
linux package

[24.04 FEAT] [SEC2353] zcrypt: extend error recovery to deal with device scans

Bug #2050019 reported by bugproxy
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
linux (Ubuntu)
Fix Released
Undecided
Canonical Kernel Team

Bug Description

The error recovery of a crypto request currently fails if a device is not available or the device is not completely setup and bound if the device has been discovered due to a bus scan.
If, during request handling, a device is lost and a bus scan is triggered the DD must wait for the bus scan (including the device binding) to complete before giving up on reties.

This item is important to support life guest relocation where the APQN sets on the source and target guests differ.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-204744 severity-high targetmilestone-inin2404
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Thanks for the request - any pointer to the commit(s) or an indication of the kernel version this is planned to land in?

Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
importance: Undecided → High
status: New → Incomplete
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-01-23 11:18 EDT-------
No - this feature is still under development ....

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2024-03-20 03:04 EDT-------
This is upstream available in Linux kernel 6.8 with these commit ids:

5dabfecad4a0 s390/pkey: improve pkey retry behavior
c3384369bc53 s390/zcrypt: improve zcrypt retry behavior
77c51fc6fba7 s390/zcrypt: introduce retries on in-kernel send CPRB functions
eacf5b3651c5 s390/ap: introduce mutex to lock the AP bus scan
b5caf05ee879 s390/ap: rework ap_scan_bus() to return true on config change
99b3126e46ef s390/ap: clarify AP scan bus related functions and variables
778412ab915d s390/ap: rearm APQNs bindings complete completion

Revision history for this message
Frank Heimes (fheimes) wrote :

Thanks for the update, Harald!
I've found them all in linux-next tagged with next-20240320 and s390-6.9-1.
Looks like they are for 6.9 (rather than 6.8), but anyway I guess that we should be able to cherry-pick them cleanly into our 24.04 kernel 6.8.

Changed in ubuntu-z-systems:
status: Incomplete → New
Changed in linux (Ubuntu):
status: Incomplete → New
Revision history for this message
Frank Heimes (fheimes) wrote :

Well, I was not able to easily cherry-pick these t commits.
I got merge conflicts due to several debug lines.

After some investigations (using git blame) I found that the commits:
0ccac4529540 s390/pkey: harmonize pkey s390 debug feature calls
6d749b4e0208 s390/pkey: introduce dynamic debugging for pkey
seem to be needed - then even some more.
I finally found that adding the following set of commits (that I've found as block earlier in git log):
88e4c0da9b08 s390/zcrypt: harmonize debug feature calls and defines
08b2c3706de2 s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
0ccac4529540 s390/pkey: harmonize pkey s390 debug feature calls
6d749b4e0208 s390/pkey: introduce dynamic debugging for pkey
6a2892d09df5 s390/ap: add debug possibility for AP messages
b69b65f51148 s390/zcrypt: add debug possibility for CCA and EP11 messages
helped me to apply the initial commits.

And with that I was also able to build a test kernel in PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2050019

Please can you confirm that it's reasonable to go with these (in total now) 13 commits instead?

Changed in ubuntu-z-systems:
status: New → In Progress
Changed in linux (Ubuntu):
status: New → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

I've submitted the PR to the kernel teams mailing list:
https://lists.ubuntu.com/archives/kernel-team/2024-March/thread.html#149742

Changed in linux (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
information type: Private → Public
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2024-03-28 03:42 EDT-------
(In reply to comment #13)
> Well, I was not able to easily cherry-pick these t commits.
> I got merge conflicts due to several debug lines.
>
> After some investigations (using git blame) I found that the commits:
> 0ccac4529540 s390/pkey: harmonize pkey s390 debug feature calls
> 6d749b4e0208 s390/pkey: introduce dynamic debugging for pkey
> seem to be needed - then even some more.
> I finally found that adding the following set of commits (that I've found as
> block earlier in git log):
> 88e4c0da9b08 s390/zcrypt: harmonize debug feature calls and defines
> 08b2c3706de2 s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
> 0ccac4529540 s390/pkey: harmonize pkey s390 debug feature calls
> 6d749b4e0208 s390/pkey: introduce dynamic debugging for pkey
> 6a2892d09df5 s390/ap: add debug possibility for AP messages
> b69b65f51148 s390/zcrypt: add debug possibility for CCA and EP11 messages
> helped me to apply the initial commits.
>
> And with that I was also able to build a test kernel in PPA:
> https://launchpad.net/~fheimes/+archive/ubuntu/lp2050019
>
> Please can you confirm that it's reasonable to go with these (in total now)
> 13 commits instead?

Well, dependent on your kernel base you may need to pull in some more fixes. Best is to simple follow the commit chain. For example with an
git log drivers/s390/crypto
you get the commit chain. Filter out the vfio stuff (or even simpler, pick it also) - this way you get an update of the while AP bus + zcrypt + pkey + vfio stuff. Dependencies to the rest of the kernel are rare and can usually be solved simple by pulling in one patch or so.
Doing the update this way keeps the code consistent and ready for future backports.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 6.8.0-31.31

---------------
linux (6.8.0-31.31) noble; urgency=medium

  * noble/linux: 6.8.0-31.31 -proposed tracker (LP: #2062933)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/d2024.04.04)

 -- Andrea Righi <email address hidden> Fri, 19 Apr 2024 23:46:38 +0200

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.