forked from pool/s390-tools
Accepting request 772274 from Base:System
OBS-URL: https://build.opensuse.org/request/show/772274 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/s390-tools?expand=0&rev=27
This commit is contained in:
commit
0f065998ca
@ -0,0 +1,50 @@
|
||||
Subject: zdev: Add support for handling I/O configuration data
|
||||
From: Peter Oberparleiter <oberpar@linux.ibm.com>
|
||||
|
||||
Summary: zdev: Add support for handling I/O configuration data
|
||||
Description: LPARs that are running in IBM Dynamic Partition Manager (DPM) mode
|
||||
can access a firmware-generated I/O configuration data file that
|
||||
contains s390-specific information about available I/O devices
|
||||
such as qeth device numbers and parameters, and FCP device IDs.
|
||||
|
||||
This data file is intended to remove the need for users to
|
||||
manually enter the corresponding device data during installation.
|
||||
|
||||
Linux kernels with the corresponding support make the I/O
|
||||
configuration data available at the following location:
|
||||
|
||||
/sys/firmware/sclp_sd/config/data
|
||||
|
||||
This patch set adds support for handling this data file using the
|
||||
chzdev and lszdev tools:
|
||||
|
||||
- I/O configuration data can be applied using chzdev's --import
|
||||
option
|
||||
- Initial RAM-Disk scripts automatically apply the
|
||||
I/O configuration data to the system configuration
|
||||
- lszdev can be used to display the applied auto-configuration
|
||||
data
|
||||
- chzdev can be used to manually override the
|
||||
auto-configuration data
|
||||
|
||||
Upstream-ID: -
|
||||
Problem-ID: LS1604
|
||||
|
||||
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
|
||||
---
|
||||
zdev/src/zdev-root-update.dracut | 6 ------
|
||||
1 file changed, 6 deletions(-)
|
||||
|
||||
--- a/zdev/src/zdev-root-update.dracut
|
||||
+++ b/zdev/src/zdev-root-update.dracut
|
||||
@@ -20,10 +20,4 @@ dracut -f || {
|
||||
exit 1
|
||||
}
|
||||
|
||||
-echo "Installing IPL record"
|
||||
-zipl --noninteractive || {
|
||||
- echo "${TOOLNAME}: Error: Could not install IPL record" >&2
|
||||
- exit 1
|
||||
-}
|
||||
-
|
||||
exit 0
|
@ -0,0 +1,11 @@
|
||||
--- a/zdev/dracut/95zdev/module-setup.sh 2019-01-10 11:39:08.000000000 -0500
|
||||
+++ b/zdev/dracut/95zdev/module-setup.sh 2019-01-14 13:28:33.983461097 -0500
|
||||
@@ -32,7 +32,7 @@
|
||||
installkernel() {
|
||||
# Add modules for all device types supported by chzdev (required for
|
||||
# auto-configuration)
|
||||
- instmods lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
|
||||
+ instmods ctcm lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
|
||||
dasd_diag_mod zfcp
|
||||
}
|
||||
|
@ -0,0 +1,60 @@
|
||||
Subject: [PATCH] [BZ 183401] zkey: Fix display of clear key size for XTS keys
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
Description: zkey: Fix display of clear key size for XTS keys
|
||||
Symptom: The 'zkey list' command shows bogus values for the
|
||||
keys 'Clear key size' for XTS keys of type CCA-AESDATA
|
||||
or CCA-AESCIPHER.
|
||||
Problem: XTS keys consist of 2 keys concatenated to each other.
|
||||
To calculate the clear key size, the clear key size of
|
||||
both keys must be added. The code does not address the
|
||||
second key correctly, and thus reads the clear key size
|
||||
of the second key from an invalid memory location. This
|
||||
results in bogus values reported as clear key size.
|
||||
This bug has been introduced with feature SEC1717 "Cipher
|
||||
key support" with commit 298fab68fee8 "zkey: Preparations
|
||||
for introducing a new key type".
|
||||
Solution: Correct the addressing of the second key.
|
||||
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
|
||||
and then run 'zkey list'.
|
||||
Upstream-ID: e7f446432b92b293e758099842843cfb1f18fa97
|
||||
Problem-ID: 183401
|
||||
|
||||
Upstream-Description:
|
||||
|
||||
zkey: Fix display of clear key size for XTS keys
|
||||
|
||||
Fixes: 298fab68fee8 ("zkey: Preparations for introducing a new key type")
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
---
|
||||
zkey/pkey.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/zkey/pkey.c
|
||||
+++ b/zkey/pkey.c
|
||||
@@ -1591,8 +1591,8 @@ int get_key_bit_size(const u8 *key, size
|
||||
if (is_cca_aes_data_key(key, key_size)) {
|
||||
*bitsize = datakey->bitsize;
|
||||
if (key_size == 2 * AESDATA_KEY_SIZE) {
|
||||
- datakey = (struct aesdatakeytoken *)key +
|
||||
- AESDATA_KEY_SIZE;
|
||||
+ datakey = (struct aesdatakeytoken *)(key +
|
||||
+ AESDATA_KEY_SIZE);
|
||||
*bitsize += datakey->bitsize;
|
||||
}
|
||||
} else if (is_cca_aes_cipher_key(key, key_size)) {
|
||||
@@ -1601,8 +1601,8 @@ int get_key_bit_size(const u8 *key, size
|
||||
else
|
||||
*bitsize = 0; /* Unknown */
|
||||
if (key_size > cipherkey->length) {
|
||||
- cipherkey = (struct aescipherkeytoken *)key +
|
||||
- cipherkey->length;
|
||||
+ cipherkey = (struct aescipherkeytoken *)(key +
|
||||
+ cipherkey->length);
|
||||
if (cipherkey->pfv == 0x00) /* V0 payload */
|
||||
*bitsize += cipherkey->pl - 384;
|
||||
}
|
@ -0,0 +1,62 @@
|
||||
Subject: [PATCH] [BZ 183125] zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
Description: zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
|
||||
Symptom: When the zkey key repository is located in a file system that
|
||||
does not have full support for report the file type, such as
|
||||
XFS, the 'zkey list' command does not show any keys, although
|
||||
keys exist in the repository.
|
||||
Problem: The zkey list function uses scandir() to look for files in the
|
||||
zkey key repository directory. It checks the dirent.d_type field
|
||||
to consider only regular files, but skips all others. File
|
||||
systems that do not have full support for returning the file
|
||||
type in d_type will return DT_UNKNOWN instead. zkey skips
|
||||
those directory entries and thus does not show any keys.
|
||||
Solution: Also consider directory entries with d_type = DT_UNKNOWN.
|
||||
Reproduction: Use zkey with a zkey repository directory located in a file
|
||||
system that does not have full support for returning the file
|
||||
type, such as XFS. Generate a key in the repository and then
|
||||
list the key s with 'zkey list'.
|
||||
Note: Newly created XFS file systems usually support returning
|
||||
the file type, but existing XFS file systems might not. To
|
||||
create an XFS file system that does not support returning the
|
||||
file type, use 'mkfs.xfs -f -m crc=0 -n ftype=0' to create
|
||||
the file system.
|
||||
Upstream-ID: 0de533aef9def920fed751c6025e4f19c4cba763~
|
||||
Problem-ID: 183125
|
||||
|
||||
Upstream-Description:
|
||||
|
||||
zkey: Fix listing of keys on file systems reporting DT_UNKNOWN
|
||||
|
||||
The zkey list function uses scandir() to look for files in the
|
||||
zkey key repository directory. It checks the dirent.d_type field
|
||||
to consider only regular files, but skip all others.
|
||||
|
||||
Unfortunately, not all file systems have full support for returning
|
||||
the file type in d_type. When the zkey repository is located in a file
|
||||
system that does not support d_type, such as xfs, zkey list shows no
|
||||
keys, although the key repository contains keys.
|
||||
|
||||
Fix this by also considering directory entries with d_type = DT_UNKNOWN.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
---
|
||||
zkey/keystore.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/zkey/keystore.c
|
||||
+++ b/zkey/keystore.c
|
||||
@@ -906,7 +906,7 @@ static int _keystore_info_file_filter(co
|
||||
{
|
||||
size_t len;
|
||||
|
||||
- if (dirent->d_type != DT_REG)
|
||||
+ if (dirent->d_type != DT_REG && dirent->d_type != DT_UNKNOWN)
|
||||
return 0;
|
||||
|
||||
len = strlen(dirent->d_name);
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 8 02:25:58 UTC 2020 - Mark Post <mpost@suse.com>
|
||||
|
||||
- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
|
||||
(bsc#1160373).
|
||||
- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
|
||||
(bsc#1162840).
|
||||
- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
|
||||
(bsc#1162996).
|
||||
- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
|
||||
(bsc#1163002).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 11 15:30:19 UTC 2019 - Mark Post <mpost@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package s390-tools
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019-2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -123,6 +123,9 @@ Patch34: s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys
|
||||
Patch35: s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch
|
||||
Patch36: s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch
|
||||
Patch37: s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch
|
||||
Patch38: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
|
||||
Patch39: s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
|
||||
Patch40: s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
|
||||
|
||||
# SUSE patches
|
||||
Patch900: s390-tools-sles12-zipl_boot_msg.patch
|
||||
@ -137,6 +140,7 @@ Patch908: dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
|
||||
Patch909: 59-dasd.rules-wait_for.patch
|
||||
Patch910: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
|
||||
Patch911: s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch
|
||||
Patch912: s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
|
||||
|
||||
BuildRequires: dracut
|
||||
BuildRequires: fuse-devel
|
||||
|
Loading…
Reference in New Issue
Block a user