Bug#948367: [ppc64] linux-source: please enable LPARCFG kernel option
Package: linux-source Version: 5.4 Severity: wishlist Dear Maintainer, Could you please enable LPARCFG ppc64 kernel compile option, to be able to get stats (lparstat) on a running LPAR ?! Thanks. Sample output: # lparstat -i Could not open /proc/ppc64/lparcfg Node Name: redpanda Partition Name : redpanda Type : Dedicated Mode : Uncapped Entitled Capacity: 0.00 Online Memory: 33456128 kB Minimum Capacity : 0.00 Maximum Capacity : 0.00 Capacity Increment : 0.00 Active CPUs in Pool : 0 Maximum Capacity of Pool : 0.00 Physical CPU Percentage : 0 Memory Mode : Shared -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unreleased') Architecture: ppc64 Kernel: Linux 5.4.0-1-powerpc64 (SMP w/32 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages linux-source depends on: pn linux-source-5.3 pn linux-source-5.4 linux-source recommends no packages. linux-source suggests no packages.
Bug#931374: linux: enable nx-crypto on ppc64 (power7+ cpus)
Source: linux Severity: wishlist Hello! Can you please enable nx-crypto module on ppc64 arch for Power7+ cpus, to enable crypto accelerators included with mentioned cpu. Linux kernel config options: CONFIG_CRYPTO_DEV_NX CONFIG_CRYPTO_DEV_NX_ENCRYPT CONFIG_CRYPTO_DEV_NX_COMPRESS CONFIG_CRYPTO_DEV_NX_COMPRESS_PSERIES CONFIG_CRYPTO_DEV_NX_COMPRESS_POWERNV (probably as modules) Thanks. -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'unreleased') Architecture: ppc64 Kernel: Linux 5.2.0-rc7 (SMP w/32 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
kernel modules does not have signatures, so taints kernel
Ben, hello! Can you please tell, why do we have in kernel config file: CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_KEY="" so loading any kernel module (checked with sid/unstable with kernels linux-image-4.5.0-2-amd64 and linux-image-4.5.0-2-sparc64-smp ) taints kernel : on x86_64: mator@windrunner:~$ dmesg | grep -i taint [1.056795] fjes: module verification failed: signature and/or required key missing - tainting kernel root@windrunner:/home/mator# modinfo fjes filename: /lib/modules/4.5.0-2-amd64/kernel/drivers/net/fjes/fjes.ko version:1.0 license:GPL description:FUJITSU Extended Socket Network Device Driver author: Taku Izumisrcversion: C09FB90B0DA9890395D27B8 alias: acpi*:PNP0C02:* depends: intree: Y vermagic: 4.5.0-2-amd64 SMP mod_unload modversions mator@windrunner:~$ cat /proc/sys/kernel/tainted 8192 [1] states that 8192 code is for "An unsigned module has been loaded in a kernel supporting module signature." on sparc64: mator@nvg5120:~$ dmesg | grep taint [1800486.552168] aes_sparc64: module verification failed: signature and/or required key missing - tainting kernel root@nvg5120:~# modinfo aes_sparc64 filename: /lib/modules/4.5.0-2-sparc64-smp/kernel/arch/sparc/crypto/aes-sparc64.ko alias: crypto-aes alias: aes description:Rijndael (AES) Cipher Algorithm, sparc64 aes opcode accelerated license:GPL alias: of:NcpuT*Csun4vC* alias: of:NcpuT*Csun4v depends: intree: Y vermagic: 4.5.0-2-sparc64-smp SMP mod_unload modversions Looking at the output of modinfo, there's no lines like this (as example of signed module): user$ modinfo usbcore | grep '^sig' signer: Modules sig_key:B0:3B:5E:DB:57:00:F9:D5:D7:85:EB:2D:6F:3E:19:D3:4A:20:20:5B sig_hashalgo: sha512 If module signing only for Secure Boot on EFI [2], why do we have it on sparc64? Thanks. [1] https://www.kernel.org/doc/Documentation/sysctl/kernel.txt [2] https://www.decadent.org.uk/ben/blog/experiments-with-signed-kernels-and-modules-in-debian.html
Bug#812928: udev: cdrom_id terminated by signal BUS
On Thu, Jan 28, 2016 at 3:31 AM, Patrick Baggett <baggett.patr...@gmail.com> wrote: > > On Wed, Jan 27, 2016 at 5:23 PM, Ben Hutchings <b...@decadent.org.uk> wrote: > > Control: tag -1 moreinfo > > > > On Wed, 2016-01-27 at 23:54 +0100, Marco d'Itri wrote: > >> Control: reassign -1 src:linux > >> Control: found -1 4.3.0-1 > >> Control: retitle -1 getauxval(AT_RANDOM) broken on sparc64 > >> > >> On Jan 27, Anatoly Pugachev <mator...@gmail.com> wrote: > >> > >> > Program terminated with signal SIGUSR1, User defined signal 1. > >> > #0 0x0101b9b8 in initialize_srand () at src/basic/random- > >> > util.c:107 > >> > 107 x ^= *(unsigned*) auxv; > >> > (gdb) bt > >> Looks like getauxval(AT_RANDOM) returns garbage on sparc64: > >> > >> x = 0; > >> auxv = (void*) getauxval(AT_RANDOM); > >> if (auxv) > >> x ^= *(unsigned*) auxv; > > > > There is no documented alignment guarantee for the AT_RANDOM bytes so I > > think this caller is wrong to treat it as an array of unsigned int. > > Also, you can verify that from a debugger without changing the code, > by printing the value of the pointer `auxv` and check if either of the > lower two bits are set. > > > What happens if you change it to: > > > > if (auxv) > > memcpy(, auxv, sizeof(x)); > > restored original cdrom_id.c (with initialize_srand() function call) and recompiled with memcpy() and run: mator@deb4g:~/systemd$ sudo ./cdrom_id -l /dev/vdiskb ID_CDROM=1 there's no SIGBUS. And I don't know what it should output. Probably fixed. Thanks.
Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
On Mon, Jan 11, 2016 at 3:08 AM, Ben Hutchings <b...@decadent.org.uk> wrote: > On Thu, 2016-01-07 at 20:30 +0300, Anatoly Pugachev wrote: >> Can you please suggest, what to do next? Close this bugreport as >> invalid, and fill new one against n2_rng module in debian, or report >> first to lkml? Thanks. > [...] > > You should send this patch upstream (linux-cry...@vger.kernel.org and > sparcli...@vger.kernel.org mailing lists). Ben, submitted to both mentioned mailing lists, it got to DaveM processing queue, see http://patchwork.ozlabs.org/project/sparclinux/list/?submitter=68078 As I told earlier, I'm not a kernel developer in any form, not even C/C++ programmer. I'm not sure I would be able to answer to any objections on this patch. But thanks anyway, probably someone else (oracle guys, with their linux for sparc [L4S] project) would be able to make this patch to kernel.
Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
On Thu, Jan 7, 2016 at 5:49 AM, Ben Hutchings <b...@decadent.org.uk> wrote: > On Wed, 2016-01-06 at 23:13 +0300, Anatoly Pugachev wrote: > [...] >> Sorry for wrong feature request, please close this bug as non-valid. Thanks. > > I don't mind keeping it open if you're still hoping to get more > information. Ben, below is a long description of how I made (dirty hack to n2_rng) hardware random number generator to work in linux sparc64 LDOM. Can you please suggest, what to do next? Close this bugreport as invalid, and fill new one against n2_rng module in debian, or report first to lkml? Thanks. Here is what I find out, not that I'm a kernel developer nor I do it every time. If we look at linux/drivers/char/hw_random/n2-drv.c [1] there would be (line 731) struct of_device_id n2rng_match[] which lists only 3 compatible driver names: SUNW,n2-rng SUNW,vf-rng SUNW,kt-rng but running "prtconf -p -v" in linux/debian/sparc64 LDOM, i can see the following device node: Node 0xf029a4f4 .node: f029a4f4 rng-#units: 0002 compatible: 'ORCL,m4-rng' reg: 000e name: 'random-number-generator' and "ORCL,m4-rng" does not hit match in linux kernel sources for n2_rng driver. running prtconf in solaris 11.3 LDOM, running on the same physical hardware (T5-2), we can see: root@deimos:~# uname -a SunOS deimos 5.11 11.3 sun4v sparc sun4v (stock, not updated, solaris 11.3 sparc) root@deimos:~# prtconf -p -v ... Node 0xf029a834 rng-#units: 0002 compatible: 'ORCL,m4-rng' reg: 000e name: 'random-number-generator' root@deimos:~# modinfo -i 128 Id Loadaddr Size Info Rev Module Name 128 11a2d708 4650 144 1 n2rng (N2 RNG Driver) root@deimos:~# kstat n2rng module: n2rng instance: 0 name: n2rng0 class:misc ... status online (notice status online - means that it does work, besides of more stats in cut-here ... lines). I actually have no idea, how to test it directly, [6] does not state methods to test it directly, but running cryptoadm, it tells that kernel n2rng enabled: root@deimos:~# cryptoadm list fips-140 User-level providers: = /usr/lib/security/$ISA/pkcs11_softtoken: FIPS 140 mode is enabled. Kernel providers: = des: FIPS 140 mode is enabled. aes: FIPS 140 mode is enabled. ecc: FIPS 140 mode is enabled. sha1: FIPS 140 mode is enabled. sha2: FIPS 140 mode is enabled. rsa: FIPS 140 mode is enabled. swrand: FIPS 140 mode is enabled. intelrd: FIPS 140 mode is enabled. n2rng: FIPS 140 mode is enabled. lets look at installed n2rng solaris package metadata/description (or from [2] , search for n2rng via [3], press manifest) : root@deimos:~# pkg contents -m n2rng | grep name set name=pkg.fmri value=pkg://solaris/driver/crypto/n2rng@0.5.11,5.11-0.175.3.0.0.30.0:20150821T154254Z set name=pkg.description value="The n2rng(7D) device driver is a cryptographic framework provider for the hardware random number generator on Oracle SPARC processors." set name=info.classification value=org.opensolaris.category.2008:System/Hardware set name=pkg.summary value="SPARC HW Random Number Provider" set name=org.opensolaris.consolidation value=osnet set name=variant.opensolaris.zone value=global value=nonglobal set name=variant.arch value=sparc set name=variant.debug.osnet value=true value=false driver alias=ORCL,m4-rng alias=ORCL,m7-rng alias=SUNW,kt-rng alias=SUNW,n2-rng alias=SUNW,vf-rng name=n2rng variant.opensolaris.zone=global so driver works for ORCL,m4-rng and ORCL,m7-rng names as well. I made a quick edit to drivers/char/hw_random/n2-drv.c to include "ORCL,m4-rng" mator@deb4g:~/linux-4.3.3$ diff -u drivers/char/hw_random/n2-drv.c-orig drivers/char/hw_random/n2-drv.c --- drivers/char/hw_random/n2-drv.c-orig2016-01-07 09:01:02.672227383 -0500 +++ drivers/char/hw_random/n2-drv.c 2016-01-07 09:07:56.928876710 -0500 @@ -743,6 +743,10 @@ .compatible = "SUNW,kt-rng", .data = (void *) 1, }, + { + .name = "random-number-generator", + .compatible = "ORCL,m4-rng", + }, {}, }; MODULE_DEVICE_TABLE(of, n2rng_match); compiled and installed module with insmod. I've got working n2_rng in linux sparc64 LDOM: root@deb4g:/etc/init.d# lsmod Module Size Used by n2_rng 6503 0 rng_core6684 1 n2_rng root@deb4g:/home/mator# tail -f /var/log/kern.log Jan 7 09:10:40 deb4g kernel: [2391276.745713] n2rng.c:v0.2 (July 27, 2011) Jan 7 09:10:40 deb4g kernel: [2391276.745739] n2rng f029a4f4: Registered RNG HVAPI major 2 minor 0 Jan 7 09:10:40 deb4g kernel: [2391276.745750] n2rng f029a4f4: Found sing
Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <b...@decadent.org.uk> wrote: > Control: tag -1 moreinfo > > On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote: >> Package: src:linux >> Version: 4.3.3-2 >> Severity: wishlist >> >> Dear Maintainer, >> >> Can you please enable CONFIG_TCG_TPM (TPM security chip) and >> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to >> enable hardware RNG device for use in LDOM (containers) of debian >> sparc64. >> >> Right now, there's no hardware RNG provider is available : > [...] > > Both of those are generic TPM code and won't help you without a driver > for the specific TPM that's present in LDOMs. > > I can't find any hint in the kernel source of which driver is needed > for an LDOM, even in the UEK patched source, so perhaps it is out-of- > tree? Ben, well, I'm going to build a generic (vanilla) kernel with this CONFIGs and test how it would work. Going to report back soon. Thanks.
Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
On Wed, Jan 6, 2016 at 5:21 PM, Anatoly Pugachev <mator...@gmail.com> wrote: > On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <b...@decadent.org.uk> wrote: >> Control: tag -1 moreinfo >> >> On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote: >>> Package: src:linux >>> Version: 4.3.3-2 >>> Severity: wishlist >>> >>> Dear Maintainer, >>> >>> Can you please enable CONFIG_TCG_TPM (TPM security chip) and >>> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to >>> enable hardware RNG device for use in LDOM (containers) of debian >>> sparc64. >>> >>> Right now, there's no hardware RNG provider is available : >> [...] >> >> Both of those are generic TPM code and won't help you without a driver >> for the specific TPM that's present in LDOMs. >> >> I can't find any hint in the kernel source of which driver is needed >> for an LDOM, even in the UEK patched source, so perhaps it is out-of- >> tree? > > Ben, well, > > I'm going to build a generic (vanilla) kernel with this CONFIGs and > test how it would work. Going to report back soon. Thanks. Ben, you was right, this modules does not help. root@deb4g:/home/mator# lsmod | grep rng tpm_rng 1020 0 n2_rng 6878 0 rng_core8172 2 n2_rng,tpm_rng root@deb4g:/home/mator# cat /sys/class/misc/hw_random/rng_available tpm-rng rngd still gives error: root@deb4g:/home/mator# rngd -f -r /dev/hwrng error reading from entropy source:: No such device I don't know, but I probably should report to upstream kernel bugzilla, about n2_rng, that it does not work. Openbsd says [1] it does support it (starting from T1 and T2 processors), Solaris says [2] it does support it (from T2 till M6 processors, including this machine T5 cpu) running show-devs from openboot console for this LDOM, i can see random-number-generator device is being present: {0} ok show-devs /cpu@3 /cpu@2 /cpu@1 /cpu@0 /virtual-devices@100 /reboot-memory@0 /iscsi-hba /virtual-memory /memory@m0,3000 /aliases /options /openprom /chosen /packages /virtual-devices@100/channel-devices@200 /virtual-devices@100/console@1 /virtual-devices@100/random-number-generator@e /virtual-devices@100/flashprom@0 /virtual-devices@100/channel-devices@200/virtual-domain-service@0 /virtual-devices@100/channel-devices@200/pciv-communication@0 /virtual-devices@100/channel-devices@200/disk@1 /virtual-devices@100/channel-devices@200/disk@0 /virtual-devices@100/channel-devices@200/network@0 /iscsi-hba/disk /openprom/client-services /packages/vnet-helper-pkg /packages/vdisk-helper-pkg /packages/obp-tftp /packages/kbd-translator /packages/SUNW,asr /packages/dropins /packages/terminal-emulator /packages/disk-label /packages/deblocker /packages/SUNW,builtin-drivers {0} ok but n2_rng does not see it. I'm going to test a more recent kernel, instead of 4.1.15. The choice of old 4.1.15 kernel to test, was because oracle sparc linux is using 4.1.8, and i wanted to test it first. Compiling 4.4rc8 right now... Searching on the web, found [3], where cpu is T4 and 4.3.0 kernel, but n2rng gives more messages on boot. Sorry for wrong feature request, please close this bug as non-valid. Thanks. 1. http://undeadly.org/cgi?action=article=20090201164147 2. http://prsync.com/oracle/solaris-random-number-generation-570469/ 3. https://lkml.org/lkml/2015/10/30/678
Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
Package: src:linux Version: 4.3.3-2 Severity: wishlist Dear Maintainer, Can you please enable CONFIG_TCG_TPM (TPM security chip) and CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to enable hardware RNG device for use in LDOM (containers) of debian sparc64. Right now, there's no hardware RNG provider is available : $ ls /sys/class/misc/hw_random ls: cannot access /sys/class/misc/hw_random: No such file or directory # grep -i TPM /boot/config-4.3.0-1-sparc64-smp # CONFIG_TCG_TPM is not set But if we enable TPM random module (tpm-rng), it will be (output taken from oracle linux for sparc): [root@linuxsparc log]# cat /sys/class/misc/hw_random/rng_available tpm-rng [root@linuxsparc log]# cat /sys/class/misc/hw_random/rng_current tpm-rng [root@linuxsparc log]# grep TPM /boot/config-4.1.8-15.1.el6uek.sparc64 CONFIG_HW_RANDOM_TPM=y CONFIG_TCG_TPM=y Thanks. -- Package-specific info: ** Version: Linux version 4.3.0-1-sparc64-smp (debian-kernel@lists.debian.org) (gcc version 4.9.3 (Debian 4.9.3-10) ) #1 SMP Debian 4.3.3-2 (2015-12-17) ** Command line: root=/dev/vdiska1 ro ** Not tainted ** Model information cpu : UltraSparc T5 (Niagara5) fpu : UltraSparc T5 integrated FPU pmu : niagara5 prom: OBP 4.38.1 2015/08/21 14:26 type: sun4v ** Loaded modules: camellia_sparc64 des_sparc64 des_generic aes_sparc64 md5_sparc64 sha512_sparc64 sha256_sparc64 sha1_sparc64 autofs4 ext4 crc16 mbcache jbd2 sunvnet sunvdc crc32c_sparc64 ** PCI devices: ** USB devices: not available -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: sparc64 Kernel: Linux 4.3.0-1-sparc64-smp (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-4.3.0-1-sparc64-smp depends on: ii debconf [debconf-2.0] 1.5.58 ii initramfs-tools [linux-initramfs-tool] 0.120 ii kmod21-1 ii linux-base 4.0 Versions of packages linux-image-4.3.0-1-sparc64-smp recommends: ii firmware-linux-free 3.4 ii irqbalance 1.0.6-3 Versions of packages linux-image-4.3.0-1-sparc64-smp suggests: pn debian-kernel-handbook pn fdutils pn linux-doc-4.3 ii silo1.4.14+git20141019-4 Versions of packages linux-image-4.3.0-1-sparc64-smp is related to: pn firmware-atheros pn firmware-bnx2 pn firmware-bnx2x pn firmware-brcm80211 pn firmware-intelwimax pn firmware-ipw2x00 pn firmware-ivtv pn firmware-iwlwifi pn firmware-libertas pn firmware-linux pn firmware-linux-nonfree pn firmware-myricom pn firmware-netxen pn firmware-qlogic pn firmware-ralink pn firmware-realtek pn xen-hypervisor -- debconf information: linux-image-4.3.0-1-sparc64-smp/postinst/depmod-error-initrd-4.3.0-1-sparc64-smp: false linux-image-4.3.0-1-sparc64-smp/postinst/mips-initrd-4.3.0-1-sparc64-smp: linux-image-4.3.0-1-sparc64-smp/prerm/removing-running-kernel-4.3.0-1-sparc64-smp: true