6f83d79828
- Added the following patches for Fate#326862 (bsc#1113328) zcrypt DD: introduce APQN tags to support deterministic driver binding * s390-tools-sles15sp1-01-chzcrypt-Corrections-at-the-chzcrypt-man-page.patch * s390-tools-sles15sp1-02-lszcrypt-support-for-alternate-zcrypt-device-drivers.patch - Added the following patches for Fate#326804 (bsc#1113330) Extended access controls for AP queue * s390-tools-sles15sp1-01-zcryptctl-new-tool-zcryptctl-for-multiple-zcrypt-node.patch OBS-URL: https://build.opensuse.org/request/show/653160 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=59
370 lines
13 KiB
Diff
370 lines
13 KiB
Diff
Subject: lszcrypt: support for alternate zcrypt device drivers
|
|
From: Harald Freudenberger <freude@linux.ibm.com>
|
|
|
|
Summary: lszcrypt: support for alternate zcrypt device drivers
|
|
Description: With kernel 4.19 there comes an extension to the
|
|
existing AP bus which supports alternate zcrypt
|
|
drivers. For details about this see kernel patch
|
|
"s390/zcrypt: AP bus support for alternate
|
|
driver(s)". So now lszcrypt displays the driver name
|
|
in verbose mode. As some of the information
|
|
displayed by lszcrypt was based on sysfs attributes,
|
|
which are only available when the default zcrypt
|
|
driver is bound to the device, this also needed some
|
|
rework. If a sysfs attribute is not available
|
|
because of an alternate driver binding (or no
|
|
driver) a question mark is printed into the field.
|
|
Upstream-ID: 0a0b4c382693cded5652404e8fa2c0e483aa33df
|
|
Problem-ID: SEC1806
|
|
|
|
Upstream-Description:
|
|
|
|
lszcrypt: support for alternate zcrypt device drivers
|
|
|
|
With kernel 4.19 there comes an extension to the existing
|
|
AP bus which supports alternate zcrypt drivers. For details
|
|
about this see kernel patch "s390/zcrypt: AP bus support for
|
|
alternate driver(s)". So now lszcrypt displays the driver
|
|
name in verbose mode. As some of the information displayed
|
|
by lszcrypt was based on sysfs attributes, which are only
|
|
available when the default zcrypt driver is bound to the
|
|
device, this also needed some rework. If a sysfs attribute
|
|
is not available because of an alternate driver binding
|
|
(or no driver) a question mark is printed into the field.
|
|
|
|
Together with this a slight rework of the displayed information
|
|
has been done. The two columns for pending requests and pending
|
|
replies has been merged to one pending column and the column
|
|
sizes have been adjusted.
|
|
|
|
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
|
|
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
|
|
|
|
|
|
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
|
|
---
|
|
zconf/zcrypt/lszcrypt.8 | 4 -
|
|
zconf/zcrypt/lszcrypt.c | 163 ++++++++++++++++++++++++++++++++----------------
|
|
2 files changed, 112 insertions(+), 55 deletions(-)
|
|
|
|
--- a/zconf/zcrypt/lszcrypt.8
|
|
+++ b/zconf/zcrypt/lszcrypt.8
|
|
@@ -54,8 +54,8 @@ status.
|
|
.B -V, --verbose
|
|
The verbose level for cryptographic device information.
|
|
With this verbose level additional information like hardware card type,
|
|
-hardware queue depth, pending request queue count, outstanding
|
|
-request queue count, and installed function facilities are displayed.
|
|
+hardware queue depth, pending requests count, installed function
|
|
+facilities and driver binding is displayed.
|
|
.TP 8
|
|
.B <device-id>
|
|
Specifies a cryptographic device to display. A cryptographic device can be
|
|
--- a/zconf/zcrypt/lszcrypt.c
|
|
+++ b/zconf/zcrypt/lszcrypt.c
|
|
@@ -1,7 +1,7 @@
|
|
/**
|
|
* lszcrypt - Display zcrypt devices and configuration settings
|
|
*
|
|
- * Copyright IBM Corp. 2008, 2017
|
|
+ * Copyright IBM Corp. 2008, 2018
|
|
*
|
|
* s390-tools is free software; you can redistribute it and/or modify
|
|
* it under the terms of the MIT license. See LICENSE for details.
|
|
@@ -57,6 +57,25 @@ struct lszcrypt_l *lszcrypt_l = &l;
|
|
#define CLASS_STATELESS "restricted function set"
|
|
|
|
/*
|
|
+ * facility bits
|
|
+ */
|
|
+#define MAX_FAC_BITS 9
|
|
+static struct fac_bits_s {
|
|
+ int mask;
|
|
+ char c;
|
|
+} fac_bits[MAX_FAC_BITS] = {
|
|
+ { 0x80000000, 'S' },
|
|
+ { 0x40000000, 'M' },
|
|
+ { 0x20000000, 'C' },
|
|
+ { 0x10000000, 'D' },
|
|
+ { 0x08000000, 'A' },
|
|
+ { 0x04000000, 'X' },
|
|
+ { 0x02000000, 'N' },
|
|
+ { 0x00800000, 'F' },
|
|
+ { 0x00400000, 'R' },
|
|
+};
|
|
+
|
|
+/*
|
|
* Program configuration
|
|
*/
|
|
const struct util_prg prg = {
|
|
@@ -66,7 +85,7 @@ const struct util_prg prg = {
|
|
{
|
|
.owner = "IBM Corp.",
|
|
.pub_first = 2008,
|
|
- .pub_last = 2017,
|
|
+ .pub_last = 2018,
|
|
},
|
|
UTIL_PRG_COPYRIGHT_END
|
|
}
|
|
@@ -255,7 +274,8 @@ static void show_capability(const char *
|
|
/* Skip devices, which are not supported by zcrypt layer */
|
|
if (!util_path_is_readable("%s/type", dev) ||
|
|
!util_path_is_readable("%s/online", dev)) {
|
|
- printf("Detailed capability information for %s (hardware type %ld) is not available.\n", card, hwtype);
|
|
+ printf("Detailed capability information for %s (hardware type %ld) is not available.\n",
|
|
+ card, hwtype);
|
|
return;
|
|
}
|
|
cbuf[0] = '\0';
|
|
@@ -299,11 +319,13 @@ static void show_capability(const char *
|
|
} else if (func_val & MASK_EP11) {
|
|
printf("%s", CAP_EP11);
|
|
} else {
|
|
- printf("Detailed capability information for %s (hardware type %ld) is not available.", card, hwtype);
|
|
+ printf("Detailed capability information for %s (hardware type %ld) is not available.",
|
|
+ card, hwtype);
|
|
}
|
|
break;
|
|
default:
|
|
- printf("Detailed capability information for %s (hardware type %ld) is not available.", card, hwtype);
|
|
+ printf("Detailed capability information for %s (hardware type %ld) is not available.",
|
|
+ card, hwtype);
|
|
break;
|
|
}
|
|
printf("\n");
|
|
@@ -315,17 +337,22 @@ static void show_capability(const char *
|
|
static void read_subdev_rec_default(struct util_rec *rec, const char *grp_dev,
|
|
const char *sub_dev)
|
|
{
|
|
- unsigned long facility;
|
|
char buf[256];
|
|
+ unsigned long facility;
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/type", grp_dev);
|
|
- util_rec_set(rec, "type", buf);
|
|
+ if (util_file_read_line(buf, sizeof(buf), "%s/type", grp_dev))
|
|
+ util_rec_set(rec, "type", "-");
|
|
+ else
|
|
+ util_rec_set(rec, "type", buf);
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/%s/online", grp_dev, sub_dev);
|
|
- if (strcmp(buf, "0") == 0)
|
|
- util_rec_set(rec, "online", "offline");
|
|
+ if (util_file_read_line(buf, sizeof(buf), "%s/%s/online",
|
|
+ grp_dev, sub_dev))
|
|
+ util_rec_set(rec, "online", "-");
|
|
else
|
|
- util_rec_set(rec, "online", "online");
|
|
+ if (strcmp(buf, "0") == 0)
|
|
+ util_rec_set(rec, "online", "offline");
|
|
+ else
|
|
+ util_rec_set(rec, "online", "online");
|
|
|
|
util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
|
|
if (facility & MASK_COPRO)
|
|
@@ -339,7 +366,7 @@ static void read_subdev_rec_default(stru
|
|
|
|
util_file_read_line(buf, sizeof(buf), "%s/%s/request_count",
|
|
grp_dev, sub_dev);
|
|
- util_rec_set(rec, "request_count", buf);
|
|
+ util_rec_set(rec, "requests", buf);
|
|
}
|
|
|
|
/*
|
|
@@ -348,20 +375,19 @@ static void read_subdev_rec_default(stru
|
|
static void read_subdev_rec_verbose(struct util_rec *rec, const char *grp_dev,
|
|
const char *sub_dev)
|
|
{
|
|
+ int i;
|
|
unsigned long facility;
|
|
- char buf[256];
|
|
- long depth;
|
|
+ char buf[256], afile[PATH_MAX];
|
|
+ long depth, pending1, pending2;
|
|
|
|
if (l.verbose == 0)
|
|
return;
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/%s/pendingq_count",
|
|
- grp_dev, sub_dev);
|
|
- util_rec_set(rec, "pendingq_count", buf);
|
|
-
|
|
- util_file_read_line(buf, sizeof(buf), "%s/%s/requestq_count",
|
|
- grp_dev, sub_dev);
|
|
- util_rec_set(rec, "requestq_count", buf);
|
|
+ util_file_read_l(&pending1, 10, "%s/%s/pendingq_count",
|
|
+ grp_dev, sub_dev);
|
|
+ util_file_read_l(&pending2, 10, "%s/%s/requestq_count",
|
|
+ grp_dev, sub_dev);
|
|
+ util_rec_set(rec, "pending", "%ld", pending1 + pending2);
|
|
|
|
util_file_read_line(buf, sizeof(buf), "%s/hwtype", grp_dev);
|
|
util_rec_set(rec, "hwtype", buf);
|
|
@@ -370,7 +396,18 @@ static void read_subdev_rec_verbose(stru
|
|
util_rec_set(rec, "depth", "%02d", depth + 1);
|
|
|
|
util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
|
|
- util_rec_set(rec, "facility", "0x%08x", facility);
|
|
+ for (i = 0; i < MAX_FAC_BITS; i++)
|
|
+ buf[i] = facility & fac_bits[i].mask ? fac_bits[i].c : '-';
|
|
+ buf[i] = '\0';
|
|
+ util_rec_set(rec, "facility", buf);
|
|
+
|
|
+ snprintf(afile, sizeof(afile), "%s/%s/driver", grp_dev, sub_dev);
|
|
+ afile[sizeof(afile) - 1] = '\0';
|
|
+ memset(buf, 0, sizeof(buf));
|
|
+ if (readlink(afile, buf, sizeof(buf)) > 0)
|
|
+ util_rec_set(rec, "driver", strrchr(buf, '/') + 1);
|
|
+ else
|
|
+ util_rec_set(rec, "driver", "-no-driver-");
|
|
}
|
|
|
|
/*
|
|
@@ -382,9 +419,13 @@ static void show_subdevice(struct util_r
|
|
if (!util_path_is_dir("%s/%s", grp_dev, sub_dev))
|
|
errx(EXIT_FAILURE, "Error - cryptographic device %s/%s does not exist.", grp_dev, sub_dev);
|
|
|
|
- /* Skip devices, which are not supported by zcrypt layer */
|
|
- if (!util_path_is_readable("%s/type", grp_dev) ||
|
|
- !util_path_is_readable("%s/%s/online", grp_dev, sub_dev))
|
|
+ /*
|
|
+ * If not verbose mode, skip devices which are not supported
|
|
+ * by the zcrypt layer.
|
|
+ */
|
|
+ if (l.verbose == 0 &&
|
|
+ (!util_path_is_readable("%s/type", grp_dev) ||
|
|
+ !util_path_is_readable("%s/%s/online", grp_dev, sub_dev)))
|
|
return;
|
|
|
|
util_rec_set(rec, "card", sub_dev);
|
|
@@ -414,11 +455,13 @@ static void show_subdevices(struct util_
|
|
*/
|
|
static void read_rec_default(struct util_rec *rec, const char *grp_dev)
|
|
{
|
|
- unsigned long facility;
|
|
char buf[256];
|
|
+ unsigned long facility;
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/type", grp_dev);
|
|
- util_rec_set(rec, "type", buf);
|
|
+ if (util_file_read_line(buf, sizeof(buf), "%s/type", grp_dev))
|
|
+ util_rec_set(rec, "type", "-");
|
|
+ else
|
|
+ util_rec_set(rec, "type", buf);
|
|
|
|
util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
|
|
if (facility & MASK_COPRO)
|
|
@@ -430,14 +473,16 @@ static void read_rec_default(struct util
|
|
else
|
|
util_rec_set(rec, "mode", "Unknown");
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/online", grp_dev);
|
|
- if (strcmp(buf, "0") == 0)
|
|
- util_rec_set(rec, "online", "offline");
|
|
+ if (util_file_read_line(buf, sizeof(buf), "%s/online", grp_dev))
|
|
+ util_rec_set(rec, "online", "-");
|
|
else
|
|
- util_rec_set(rec, "online", "online");
|
|
+ if (strcmp(buf, "0") == 0)
|
|
+ util_rec_set(rec, "online", "offline");
|
|
+ else
|
|
+ util_rec_set(rec, "online", "online");
|
|
|
|
util_file_read_line(buf, sizeof(buf), "%s/request_count", grp_dev);
|
|
- util_rec_set(rec, "request_count", buf);
|
|
+ util_rec_set(rec, "requests", buf);
|
|
}
|
|
|
|
/*
|
|
@@ -445,18 +490,17 @@ static void read_rec_default(struct util
|
|
*/
|
|
static void read_rec_verbose(struct util_rec *rec, const char *grp_dev)
|
|
{
|
|
+ int i;
|
|
unsigned long facility;
|
|
- char buf[256];
|
|
- long depth;
|
|
+ char buf[256], afile[PATH_MAX];
|
|
+ long depth, pending1, pending2;
|
|
|
|
if (l.verbose == 0)
|
|
return;
|
|
|
|
- util_file_read_line(buf, sizeof(buf), "%s/pendingq_count", grp_dev);
|
|
- util_rec_set(rec, "pendingq_count", buf);
|
|
-
|
|
- util_file_read_line(buf, sizeof(buf), "%s/requestq_count", grp_dev);
|
|
- util_rec_set(rec, "requestq_count", buf);
|
|
+ util_file_read_l(&pending1, 10, "%s/pendingq_count", grp_dev);
|
|
+ util_file_read_l(&pending2, 10, "%s/requestq_count", grp_dev);
|
|
+ util_rec_set(rec, "pending", "%ld", pending1 + pending2);
|
|
|
|
util_file_read_line(buf, sizeof(buf), "%s/hwtype", grp_dev);
|
|
util_rec_set(rec, "hwtype", buf);
|
|
@@ -465,7 +509,18 @@ static void read_rec_verbose(struct util
|
|
util_rec_set(rec, "depth", "%02d", depth + 1);
|
|
|
|
util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
|
|
- util_rec_set(rec, "facility", "0x%08x", facility);
|
|
+ for (i = 0; i < MAX_FAC_BITS; i++)
|
|
+ buf[i] = facility & fac_bits[i].mask ? fac_bits[i].c : '-';
|
|
+ buf[i] = '\0';
|
|
+ util_rec_set(rec, "facility", buf);
|
|
+
|
|
+ snprintf(afile, sizeof(afile), "%s/driver", grp_dev);
|
|
+ afile[sizeof(afile) - 1] = '\0';
|
|
+ memset(buf, 0, sizeof(buf));
|
|
+ if (readlink(afile, buf, sizeof(buf)) > 0)
|
|
+ util_rec_set(rec, "driver", strrchr(buf, '/') + 1);
|
|
+ else
|
|
+ util_rec_set(rec, "driver", "-no-driver-");
|
|
}
|
|
|
|
/*
|
|
@@ -481,9 +536,14 @@ static void show_device(struct util_rec
|
|
grp_dev = util_path_sysfs("devices/ap/%s", device);
|
|
if (!util_path_is_dir(grp_dev))
|
|
errx(EXIT_FAILURE, "Error - cryptographic device %s does not exist.", device);
|
|
- /* Skip devices, which are not supported by zcrypt layer */
|
|
- if (!util_path_is_readable("%s/type", grp_dev) ||
|
|
- !util_path_is_readable("%s/online", grp_dev)) {
|
|
+
|
|
+ /*
|
|
+ * If not verbose mode, skip devices which are not supported
|
|
+ * by the zcrypt layer.
|
|
+ */
|
|
+ if (l.verbose == 0 &&
|
|
+ (!util_path_is_readable("%s/type", grp_dev) ||
|
|
+ !util_path_is_readable("%s/online", grp_dev))) {
|
|
goto out_free;
|
|
}
|
|
util_rec_set(rec, "card", card);
|
|
@@ -506,8 +566,7 @@ static void define_rec_default(struct ut
|
|
util_rec_def(rec, "type", UTIL_REC_ALIGN_LEFT, 5, "TYPE");
|
|
util_rec_def(rec, "mode", UTIL_REC_ALIGN_LEFT, 11, "MODE");
|
|
util_rec_def(rec, "online", UTIL_REC_ALIGN_LEFT, 7, "STATUS");
|
|
- util_rec_def(rec, "request_count", UTIL_REC_ALIGN_RIGHT, 11,
|
|
- "REQUEST_CNT");
|
|
+ util_rec_def(rec, "requests", UTIL_REC_ALIGN_RIGHT, 8, "REQUESTS");
|
|
}
|
|
|
|
/*
|
|
@@ -517,13 +576,11 @@ static void define_rec_verbose(struct ut
|
|
{
|
|
if (l.verbose == 0)
|
|
return;
|
|
- util_rec_def(rec, "pendingq_count", UTIL_REC_ALIGN_RIGHT, 12,
|
|
- "PENDINGQ_CNT");
|
|
- util_rec_def(rec, "requestq_count", UTIL_REC_ALIGN_RIGHT, 12,
|
|
- "REQUESTQ_CNT");
|
|
- util_rec_def(rec, "hwtype", UTIL_REC_ALIGN_RIGHT, 7, "HW_TYPE");
|
|
- util_rec_def(rec, "depth", UTIL_REC_ALIGN_RIGHT, 7, "Q_DEPTH");
|
|
+ util_rec_def(rec, "pending", UTIL_REC_ALIGN_RIGHT, 8, "PENDING");
|
|
+ util_rec_def(rec, "hwtype", UTIL_REC_ALIGN_RIGHT, 6, "HWTYPE");
|
|
+ util_rec_def(rec, "depth", UTIL_REC_ALIGN_RIGHT, 6, "QDEPTH");
|
|
util_rec_def(rec, "facility", UTIL_REC_ALIGN_LEFT, 10, "FUNCTIONS");
|
|
+ util_rec_def(rec, "driver", UTIL_REC_ALIGN_LEFT, 11, "DRIVER");
|
|
}
|
|
|
|
/*
|