Bug#948367: [ppc64] linux-source: please enable LPARCFG kernel option

2020-01-07 Thread anatoly pugachev 
Package: linux-source
Version: 5.4
Severity: wishlist

Dear Maintainer,

Could you please enable LPARCFG ppc64 kernel compile option, to be able
to get stats (lparstat) on a running LPAR ?!

Thanks.

Sample output:

# lparstat -i
Could not open /proc/ppc64/lparcfg
Node Name: redpanda
Partition Name   : redpanda
Type : Dedicated
Mode : Uncapped
Entitled Capacity: 0.00
Online Memory: 33456128 kB
Minimum Capacity : 0.00
Maximum Capacity : 0.00
Capacity Increment   : 0.00
Active CPUs in Pool  : 0
Maximum Capacity of Pool : 0.00
Physical CPU Percentage  : 0
Memory Mode  : Shared

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unreleased')
Architecture: ppc64

Kernel: Linux 5.4.0-1-powerpc64 (SMP w/32 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-source depends on:
pn  linux-source-5.3  
pn  linux-source-5.4  

linux-source recommends no packages.

linux-source suggests no packages.

Bug#931374: linux: enable nx-crypto on ppc64 (power7+ cpus)

2019-07-03 Thread anatoly pugachev 
Source: linux
Severity: wishlist

Hello!

Can you please enable nx-crypto module on ppc64 arch for Power7+ cpus,
to enable crypto accelerators included with mentioned cpu.

Linux kernel config options:

CONFIG_CRYPTO_DEV_NX
CONFIG_CRYPTO_DEV_NX_ENCRYPT
CONFIG_CRYPTO_DEV_NX_COMPRESS
CONFIG_CRYPTO_DEV_NX_COMPRESS_PSERIES
CONFIG_CRYPTO_DEV_NX_COMPRESS_POWERNV

(probably as modules)

Thanks.


-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unreleased')
Architecture: ppc64

Kernel: Linux 5.2.0-rc7 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

kernel modules does not have signatures, so taints kernel

2016-06-01 Thread Anatoly Pugachev 
Ben, hello!

Can you please tell, why do we have in kernel config file:

CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_KEY=""

so loading any kernel module (checked with sid/unstable with kernels
linux-image-4.5.0-2-amd64 and linux-image-4.5.0-2-sparc64-smp ) taints
kernel :

on x86_64:

mator@windrunner:~$ dmesg | grep -i taint
[1.056795] fjes: module verification failed: signature and/or
required key missing - tainting kernel
root@windrunner:/home/mator# modinfo fjes
filename:   /lib/modules/4.5.0-2-amd64/kernel/drivers/net/fjes/fjes.ko
version:1.0
license:GPL
description:FUJITSU Extended Socket Network Device Driver
author: Taku Izumi 
srcversion: C09FB90B0DA9890395D27B8
alias:  acpi*:PNP0C02:*
depends:
intree: Y
vermagic:   4.5.0-2-amd64 SMP mod_unload modversions
mator@windrunner:~$ cat /proc/sys/kernel/tainted
8192

[1] states that 8192 code is for "An unsigned module has been loaded
in a kernel supporting module signature."

on sparc64:

mator@nvg5120:~$ dmesg | grep taint
[1800486.552168] aes_sparc64: module verification failed: signature
and/or required key missing - tainting kernel
root@nvg5120:~# modinfo aes_sparc64
filename:
/lib/modules/4.5.0-2-sparc64-smp/kernel/arch/sparc/crypto/aes-sparc64.ko
alias:  crypto-aes
alias:  aes
description:Rijndael (AES) Cipher Algorithm, sparc64 aes opcode accelerated
license:GPL
alias:  of:NcpuT*Csun4vC*
alias:  of:NcpuT*Csun4v
depends:
intree: Y
vermagic:   4.5.0-2-sparc64-smp SMP mod_unload modversions

Looking at the output of modinfo, there's no lines like this (as
example of signed module):

user$ modinfo usbcore | grep '^sig'
signer: Modules
sig_key:B0:3B:5E:DB:57:00:F9:D5:D7:85:EB:2D:6F:3E:19:D3:4A:20:20:5B
sig_hashalgo:   sha512

If module signing only for Secure Boot on EFI [2], why do we have it on sparc64?

Thanks.

[1] https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
[2] 
https://www.decadent.org.uk/ben/blog/experiments-with-signed-kernels-and-modules-in-debian.html

Bug#812928: udev: cdrom_id terminated by signal BUS

2016-01-27 Thread Anatoly Pugachev 
On Thu, Jan 28, 2016 at 3:31 AM, Patrick Baggett <baggett.patr...@gmail.com>
wrote:
>
> On Wed, Jan 27, 2016 at 5:23 PM, Ben Hutchings <b...@decadent.org.uk>
wrote:
> > Control: tag -1 moreinfo
> >
> > On Wed, 2016-01-27 at 23:54 +0100, Marco d'Itri wrote:
> >> Control: reassign -1 src:linux
> >> Control: found -1 4.3.0-1
> >> Control: retitle -1 getauxval(AT_RANDOM) broken on sparc64
> >>
> >> On Jan 27, Anatoly Pugachev <mator...@gmail.com> wrote:
> >>
> >> > Program terminated with signal SIGUSR1, User defined signal 1.
> >> > #0  0x0101b9b8 in initialize_srand () at src/basic/random-
> >> > util.c:107
> >> > 107 x ^= *(unsigned*) auxv;
> >> > (gdb) bt
> >> Looks like getauxval(AT_RANDOM) returns garbage on sparc64:
> >>
> >> x = 0;
> >> auxv = (void*) getauxval(AT_RANDOM);
> >> if (auxv)
> >> x ^= *(unsigned*) auxv;
> >
> > There is no documented alignment guarantee for the AT_RANDOM bytes so I
> > think this caller is wrong to treat it as an array of unsigned int.
>
> Also, you can verify that from a debugger without changing the code,
> by printing the value of the pointer `auxv` and check if either of the
> lower two bits are set.
>
> > What happens if you change it to:
> >
> > if (auxv)
> > memcpy(, auxv, sizeof(x));
> >


restored original cdrom_id.c (with initialize_srand() function call) and
recompiled with memcpy() and run:

mator@deb4g:~/systemd$ sudo ./cdrom_id -l /dev/vdiskb
ID_CDROM=1

there's no SIGBUS. And I don't know what it should output. Probably fixed.
Thanks.

Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

2016-01-13 Thread Anatoly Pugachev 
On Mon, Jan 11, 2016 at 3:08 AM, Ben Hutchings <b...@decadent.org.uk> wrote:
> On Thu, 2016-01-07 at 20:30 +0300, Anatoly Pugachev wrote:
>> Can you please suggest, what to do next? Close this bugreport as
>> invalid, and fill new one against n2_rng module in debian, or report
>> first to lkml? Thanks.
> [...]
>
> You should send this patch upstream (linux-cry...@vger.kernel.org and
> sparcli...@vger.kernel.org mailing lists).

Ben,
submitted to both mentioned mailing lists, it got to DaveM processing
queue, see http://patchwork.ozlabs.org/project/sparclinux/list/?submitter=68078
As I told earlier, I'm not a kernel developer in any form, not even
C/C++ programmer. I'm not sure I would be able to answer to any
objections on this patch.
But thanks anyway, probably someone else (oracle guys, with their
linux for sparc [L4S] project) would be able to make this patch to
kernel.

Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

2016-01-07 Thread Anatoly Pugachev 
On Thu, Jan 7, 2016 at 5:49 AM, Ben Hutchings <b...@decadent.org.uk> wrote:
> On Wed, 2016-01-06 at 23:13 +0300, Anatoly Pugachev wrote:
> [...]
>> Sorry for wrong feature request, please close this bug as non-valid. Thanks.
>
> I don't mind keeping it open if you're still hoping to get more
> information.

Ben,

below is a long description of how I made (dirty hack to n2_rng)
hardware random number generator to work in linux sparc64 LDOM.

Can you please suggest, what to do next? Close this bugreport as
invalid, and fill new one against n2_rng module in debian, or report
first to lkml? Thanks.

Here is what I find out, not that I'm a kernel developer nor I do it every time.

If we look at linux/drivers/char/hw_random/n2-drv.c [1] there would be
(line 731)
struct of_device_id n2rng_match[]
which lists only 3 compatible driver names:
SUNW,n2-rng
SUNW,vf-rng
SUNW,kt-rng

but running "prtconf -p -v" in linux/debian/sparc64 LDOM, i can see
the following device node:

Node 0xf029a4f4
.node:  f029a4f4
rng-#units:  0002
compatible: 'ORCL,m4-rng'
reg:  000e
name: 'random-number-generator'


and "ORCL,m4-rng" does not hit match in linux kernel sources for n2_rng driver.

running prtconf in solaris 11.3 LDOM, running on the same physical
hardware (T5-2), we can see:

root@deimos:~# uname -a
SunOS deimos 5.11 11.3 sun4v sparc sun4v
(stock, not updated, solaris 11.3 sparc)

root@deimos:~# prtconf -p -v
...
Node 0xf029a834
rng-#units:  0002
compatible: 'ORCL,m4-rng'
reg:  000e
name:  'random-number-generator'

root@deimos:~# modinfo -i 128
 Id Loadaddr   Size Info Rev Module Name
128 11a2d708   4650 144   1  n2rng (N2 RNG Driver)

root@deimos:~# kstat  n2rng
module: n2rng   instance: 0
name:   n2rng0  class:misc
...
status  online

(notice status online - means that it does work, besides of more stats
in cut-here ... lines). I actually have no idea, how to test it
directly, [6] does not state methods to test it directly, but running
cryptoadm, it tells that kernel n2rng enabled:

root@deimos:~# cryptoadm list fips-140

User-level providers:
=
/usr/lib/security/$ISA/pkcs11_softtoken: FIPS 140 mode is enabled.

Kernel providers:
=
des: FIPS 140 mode is enabled.
aes: FIPS 140 mode is enabled.
ecc: FIPS 140 mode is enabled.
sha1: FIPS 140 mode is enabled.
sha2: FIPS 140 mode is enabled.
rsa: FIPS 140 mode is enabled.
swrand: FIPS 140 mode is enabled.
intelrd: FIPS 140 mode is enabled.
n2rng: FIPS 140 mode is enabled.

lets look at installed n2rng solaris package metadata/description (or
from [2] , search for n2rng via [3], press manifest) :

root@deimos:~# pkg contents -m n2rng | grep name
set name=pkg.fmri
value=pkg://solaris/driver/crypto/n2rng@0.5.11,5.11-0.175.3.0.0.30.0:20150821T154254Z
set name=pkg.description value="The n2rng(7D) device driver is a
cryptographic framework provider for the hardware random number
generator on Oracle SPARC processors."
set name=info.classification value=org.opensolaris.category.2008:System/Hardware
set name=pkg.summary value="SPARC HW Random Number Provider"
set name=org.opensolaris.consolidation value=osnet
set name=variant.opensolaris.zone value=global value=nonglobal
set name=variant.arch value=sparc
set name=variant.debug.osnet value=true value=false
driver alias=ORCL,m4-rng alias=ORCL,m7-rng alias=SUNW,kt-rng
alias=SUNW,n2-rng alias=SUNW,vf-rng name=n2rng
variant.opensolaris.zone=global


so driver works for ORCL,m4-rng and ORCL,m7-rng names as well.

I made a quick edit to drivers/char/hw_random/n2-drv.c to include "ORCL,m4-rng"

mator@deb4g:~/linux-4.3.3$ diff -u
drivers/char/hw_random/n2-drv.c-orig  drivers/char/hw_random/n2-drv.c
--- drivers/char/hw_random/n2-drv.c-orig2016-01-07
09:01:02.672227383 -0500
+++ drivers/char/hw_random/n2-drv.c 2016-01-07 09:07:56.928876710 -0500
@@ -743,6 +743,10 @@
.compatible = "SUNW,kt-rng",
.data   = (void *) 1,
},
+   {
+   .name   = "random-number-generator",
+   .compatible = "ORCL,m4-rng",
+   },
{},
 };
 MODULE_DEVICE_TABLE(of, n2rng_match);

compiled and installed module with insmod. I've got working n2_rng in
linux sparc64 LDOM:

root@deb4g:/etc/init.d# lsmod
Module  Size  Used by
n2_rng  6503  0
rng_core6684  1 n2_rng

root@deb4g:/home/mator# tail -f /var/log/kern.log
Jan  7 09:10:40 deb4g kernel: [2391276.745713] n2rng.c:v0.2 (July 27, 2011)
Jan  7 09:10:40 deb4g kernel: [2391276.745739] n2rng f029a4f4:
Registered RNG HVAPI major 2 minor 0
Jan  7 09:10:40 deb4g kernel: [2391276.745750] n2rng f029a4f4: Found
sing

Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

2016-01-06 Thread Anatoly Pugachev 
On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <b...@decadent.org.uk> wrote:
> Control: tag -1 moreinfo
>
> On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote:
>> Package: src:linux
>> Version: 4.3.3-2
>> Severity: wishlist
>>
>> Dear Maintainer,
>>
>> Can you please enable CONFIG_TCG_TPM (TPM security chip) and
>> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to
>> enable hardware RNG device for use in LDOM (containers) of debian
>> sparc64.
>>
>> Right now, there's no hardware RNG provider is available :
> [...]
>
> Both of those are generic TPM code and won't help you without a driver
> for the specific TPM that's present in LDOMs.
>
> I can't find any hint in the kernel source of which driver is needed
> for an LDOM, even in the UEK patched source, so perhaps it is out-of-
> tree?

Ben, well,

I'm going to build a generic (vanilla) kernel with this CONFIGs and
test how it would work. Going to report back soon. Thanks.

Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

2016-01-06 Thread Anatoly Pugachev 
On Wed, Jan 6, 2016 at 5:21 PM, Anatoly Pugachev <mator...@gmail.com> wrote:
> On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <b...@decadent.org.uk> wrote:
>> Control: tag -1 moreinfo
>>
>> On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote:
>>> Package: src:linux
>>> Version: 4.3.3-2
>>> Severity: wishlist
>>>
>>> Dear Maintainer,
>>>
>>> Can you please enable CONFIG_TCG_TPM (TPM security chip) and
>>> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to
>>> enable hardware RNG device for use in LDOM (containers) of debian
>>> sparc64.
>>>
>>> Right now, there's no hardware RNG provider is available :
>> [...]
>>
>> Both of those are generic TPM code and won't help you without a driver
>> for the specific TPM that's present in LDOMs.
>>
>> I can't find any hint in the kernel source of which driver is needed
>> for an LDOM, even in the UEK patched source, so perhaps it is out-of-
>> tree?
>
> Ben, well,
>
> I'm going to build a generic (vanilla) kernel with this CONFIGs and
> test how it would work. Going to report back soon. Thanks.

Ben,

you was right, this modules does not help.

root@deb4g:/home/mator# lsmod | grep rng
tpm_rng 1020  0
n2_rng  6878  0
rng_core8172  2 n2_rng,tpm_rng
root@deb4g:/home/mator# cat /sys/class/misc/hw_random/rng_available
tpm-rng

rngd still gives error:

root@deb4g:/home/mator# rngd -f -r /dev/hwrng
error reading from entropy source:: No such device

I don't know, but I probably should report to upstream kernel
bugzilla, about n2_rng, that it does not work.
Openbsd says [1] it does support it (starting from T1 and T2 processors),
Solaris says [2] it does support it (from T2 till M6 processors,
including this machine T5 cpu)

running show-devs from openboot console for this LDOM, i can see
random-number-generator device is being present:

{0} ok show-devs
/cpu@3
/cpu@2
/cpu@1
/cpu@0
/virtual-devices@100
/reboot-memory@0
/iscsi-hba
/virtual-memory
/memory@m0,3000
/aliases
/options
/openprom
/chosen
/packages
/virtual-devices@100/channel-devices@200
/virtual-devices@100/console@1
/virtual-devices@100/random-number-generator@e
/virtual-devices@100/flashprom@0
/virtual-devices@100/channel-devices@200/virtual-domain-service@0
/virtual-devices@100/channel-devices@200/pciv-communication@0
/virtual-devices@100/channel-devices@200/disk@1
/virtual-devices@100/channel-devices@200/disk@0
/virtual-devices@100/channel-devices@200/network@0
/iscsi-hba/disk
/openprom/client-services
/packages/vnet-helper-pkg
/packages/vdisk-helper-pkg
/packages/obp-tftp
/packages/kbd-translator
/packages/SUNW,asr
/packages/dropins
/packages/terminal-emulator
/packages/disk-label
/packages/deblocker
/packages/SUNW,builtin-drivers
{0} ok

but n2_rng does not see it. I'm going to test a more recent kernel,
instead of 4.1.15. The choice of old 4.1.15 kernel to test, was
because oracle sparc linux is using 4.1.8, and i wanted to test it
first. Compiling 4.4rc8 right now...

Searching on the web, found [3], where cpu is T4 and 4.3.0 kernel, but
n2rng gives more messages on boot.

Sorry for wrong feature request, please close this bug as non-valid. Thanks.

1. http://undeadly.org/cgi?action=article=20090201164147
2. http://prsync.com/oracle/solaris-random-number-generation-570469/
3. https://lkml.org/lkml/2015/10/30/678

Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

2016-01-04 Thread Anatoly Pugachev 
Package: src:linux
Version: 4.3.3-2
Severity: wishlist

Dear Maintainer,

Can you please enable CONFIG_TCG_TPM (TPM security chip) and
CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to
enable hardware RNG device for use in LDOM (containers) of debian
sparc64.

Right now, there's no hardware RNG provider is available :

$ ls /sys/class/misc/hw_random
ls: cannot access /sys/class/misc/hw_random: No such file or directory
# grep -i TPM /boot/config-4.3.0-1-sparc64-smp
# CONFIG_TCG_TPM is not set


But if we enable TPM random module (tpm-rng), it will be (output taken
from oracle linux for sparc):

[root@linuxsparc log]# cat /sys/class/misc/hw_random/rng_available
tpm-rng
[root@linuxsparc log]# cat /sys/class/misc/hw_random/rng_current
tpm-rng

[root@linuxsparc log]# grep TPM /boot/config-4.1.8-15.1.el6uek.sparc64
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y

Thanks.


-- Package-specific info:
** Version:
Linux version 4.3.0-1-sparc64-smp (debian-kernel@lists.debian.org)
(gcc version 4.9.3 (Debian 4.9.3-10) ) #1 SMP Debian 4.3.3-2
(2015-12-17)

** Command line:
root=/dev/vdiska1 ro

** Not tainted

** Model information
cpu : UltraSparc T5 (Niagara5)
fpu : UltraSparc T5 integrated FPU
pmu : niagara5
prom: OBP 4.38.1 2015/08/21 14:26
type: sun4v

** Loaded modules:
camellia_sparc64
des_sparc64
des_generic
aes_sparc64
md5_sparc64
sha512_sparc64
sha256_sparc64
sha1_sparc64
autofs4
ext4
crc16
mbcache
jbd2
sunvnet
sunvdc
crc32c_sparc64

** PCI devices:

** USB devices:
not available


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: sparc64

Kernel: Linux 4.3.0-1-sparc64-smp (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages linux-image-4.3.0-1-sparc64-smp depends on:
ii  debconf [debconf-2.0]   1.5.58
ii  initramfs-tools [linux-initramfs-tool]  0.120
ii  kmod21-1
ii  linux-base  4.0

Versions of packages linux-image-4.3.0-1-sparc64-smp recommends:
ii  firmware-linux-free  3.4
ii  irqbalance   1.0.6-3

Versions of packages linux-image-4.3.0-1-sparc64-smp suggests:
pn  debian-kernel-handbook  
pn  fdutils 
pn  linux-doc-4.3   
ii  silo1.4.14+git20141019-4

Versions of packages linux-image-4.3.0-1-sparc64-smp is related to:
pn  firmware-atheros
pn  firmware-bnx2   
pn  firmware-bnx2x  
pn  firmware-brcm80211  
pn  firmware-intelwimax 
pn  firmware-ipw2x00
pn  firmware-ivtv   
pn  firmware-iwlwifi
pn  firmware-libertas   
pn  firmware-linux  
pn  firmware-linux-nonfree  
pn  firmware-myricom
pn  firmware-netxen 
pn  firmware-qlogic 
pn  firmware-ralink 
pn  firmware-realtek
pn  xen-hypervisor  

-- debconf information:
  
linux-image-4.3.0-1-sparc64-smp/postinst/depmod-error-initrd-4.3.0-1-sparc64-smp:
false
  linux-image-4.3.0-1-sparc64-smp/postinst/mips-initrd-4.3.0-1-sparc64-smp:
  
linux-image-4.3.0-1-sparc64-smp/prerm/removing-running-kernel-4.3.0-1-sparc64-smp:
true