[Kernel-packages] [Bug 1832624] Re: [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs

Mon, 17 Jun 2019 21:26:39 -0700 

** Changed in: ubuntu-z-systems
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1832624

Title:
  [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs

Status in Ubuntu on IBM z Systems:
  In Progress
Status in linux package in Ubuntu:
  New

Bug description:
  Description:   kernel: Fix wrong dispatching for control domain CPRBs

  Symptom:       Unable to maintain control-only crypto domains

  Problem:       LPARs may have control-only crypto domains assigned.
                 Such a domain can be controlled (for example master keys can
                 be set) but can't be used for regualar crypto load (usage).
                 A crypto domain may be assigned for control-and-usage to
                 only one active LPAR. But the very same domain may be
                 assigned for control-only to one or more other LPARs.
                 However, trying to communicate in any way with a
                 control-only crypto domain did not work. So a simple query
                 for the state of the master keys on a control-only domain
                 failed and the TKE does not even show this domain. Even
                 worse, when the lowest domain (in a numerically sense) is a
                 control-only domain, the TKE does not even see the crypto
                 cards at all.

  Solution:      This fix introduces some code which checks if an CCA CPRB is
                 addressing a control-only domain. If that's the case and
                 there is a default control-and-usage domain available the
                 CPRB is send to this other domain instead. The target domain
                 field within the CPRB is untouched and the crypto card
                 firmware code detects this working-as-designed mismatch and
                 does the right job and addresses the control domain.

  Reproduction:  1. Add a control-only domain to the crypto configuration of
                    an LPAR and re-activate the LPAR.
                 2. Connect the TKE the LPAR and try to visit the master key
                    verification patterns of this control-only domain.
                 3. Will fail without the fix, will succeed with the fix.

  Component: kernel
  Upstream-ID:   7379e652797c0b9b5f6caea1576f2dff9ce6a708

  This fix is requested for 19.10 but should also be applied to 18.04
  and 19.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1832624/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to