From fae628f0c44794863dbc70a90cf6893099d557e8133c90534551f1a47f638d75 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Sat, 8 Feb 2020 03:21:31 +0000 Subject: [PATCH] Accepting request 772273 from home:markkp:branches:Base:System - Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch (bsc#1160373). - Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch (bsc#1162840). - Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch (bsc#1162996). - Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch (bsc#1163002). OBS-URL: https://build.opensuse.org/request/show/772273 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=85 --- ...ev-Do-not-call-zipl-on-initrd-update.patch | 50 +++++++++++++++ ...include-the-ctc-driver-in-the-initrd.patch | 11 ++++ ...splay-of-clear-key-size-for-XTS-keys.patch | 60 ++++++++++++++++++ ...-of-keys-on-file-systems-reporting-D.patch | 62 +++++++++++++++++++ s390-tools.changes | 12 ++++ s390-tools.spec | 6 +- 6 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch create mode 100644 s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch create mode 100644 s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch create mode 100644 s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch diff --git a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch new file mode 100644 index 0000000..4f51a0a --- /dev/null +++ b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch @@ -0,0 +1,50 @@ +Subject: zdev: Add support for handling I/O configuration data +From: Peter Oberparleiter + +Summary: zdev: Add support for handling I/O configuration data +Description: LPARs that are running in IBM Dynamic Partition Manager (DPM) mode + can access a firmware-generated I/O configuration data file that + contains s390-specific information about available I/O devices + such as qeth device numbers and parameters, and FCP device IDs. + + This data file is intended to remove the need for users to + manually enter the corresponding device data during installation. + + Linux kernels with the corresponding support make the I/O + configuration data available at the following location: + + /sys/firmware/sclp_sd/config/data + + This patch set adds support for handling this data file using the + chzdev and lszdev tools: + + - I/O configuration data can be applied using chzdev's --import + option + - Initial RAM-Disk scripts automatically apply the + I/O configuration data to the system configuration + - lszdev can be used to display the applied auto-configuration + data + - chzdev can be used to manually override the + auto-configuration data + +Upstream-ID: - +Problem-ID: LS1604 + +Signed-off-by: Peter Oberparleiter +--- + zdev/src/zdev-root-update.dracut | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/zdev/src/zdev-root-update.dracut ++++ b/zdev/src/zdev-root-update.dracut +@@ -20,10 +20,4 @@ dracut -f || { + exit 1 + } + +-echo "Installing IPL record" +-zipl --noninteractive || { +- echo "${TOOLNAME}: Error: Could not install IPL record" >&2 +- exit 1 +-} +- + exit 0 diff --git a/s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch b/s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch new file mode 100644 index 0000000..9b9977c --- /dev/null +++ b/s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch @@ -0,0 +1,11 @@ +--- a/zdev/dracut/95zdev/module-setup.sh 2019-01-10 11:39:08.000000000 -0500 ++++ b/zdev/dracut/95zdev/module-setup.sh 2019-01-14 13:28:33.983461097 -0500 +@@ -32,7 +32,7 @@ + installkernel() { + # Add modules for all device types supported by chzdev (required for + # auto-configuration) +- instmods lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \ ++ instmods ctcm lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \ + dasd_diag_mod zfcp + } + diff --git a/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch b/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch new file mode 100644 index 0000000..8d298f4 --- /dev/null +++ b/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch @@ -0,0 +1,60 @@ +Subject: [PATCH] [BZ 183401] zkey: Fix display of clear key size for XTS keys +From: Ingo Franzki + +Description: zkey: Fix display of clear key size for XTS keys +Symptom: The 'zkey list' command shows bogus values for the + keys 'Clear key size' for XTS keys of type CCA-AESDATA + or CCA-AESCIPHER. +Problem: XTS keys consist of 2 keys concatenated to each other. + To calculate the clear key size, the clear key size of + both keys must be added. The code does not address the + second key correctly, and thus reads the clear key size + of the second key from an invalid memory location. This + results in bogus values reported as clear key size. + This bug has been introduced with feature SEC1717 "Cipher + key support" with commit 298fab68fee8 "zkey: Preparations + for introducing a new key type". +Solution: Correct the addressing of the second key. +Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER + and then run 'zkey list'. +Upstream-ID: e7f446432b92b293e758099842843cfb1f18fa97 +Problem-ID: 183401 + +Upstream-Description: + + zkey: Fix display of clear key size for XTS keys + + Fixes: 298fab68fee8 ("zkey: Preparations for introducing a new key type") + Signed-off-by: Ingo Franzki + Signed-off-by: Jan Hoeppner + + +Signed-off-by: Ingo Franzki +--- + zkey/pkey.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/zkey/pkey.c ++++ b/zkey/pkey.c +@@ -1591,8 +1591,8 @@ int get_key_bit_size(const u8 *key, size + if (is_cca_aes_data_key(key, key_size)) { + *bitsize = datakey->bitsize; + if (key_size == 2 * AESDATA_KEY_SIZE) { +- datakey = (struct aesdatakeytoken *)key + +- AESDATA_KEY_SIZE; ++ datakey = (struct aesdatakeytoken *)(key + ++ AESDATA_KEY_SIZE); + *bitsize += datakey->bitsize; + } + } else if (is_cca_aes_cipher_key(key, key_size)) { +@@ -1601,8 +1601,8 @@ int get_key_bit_size(const u8 *key, size + else + *bitsize = 0; /* Unknown */ + if (key_size > cipherkey->length) { +- cipherkey = (struct aescipherkeytoken *)key + +- cipherkey->length; ++ cipherkey = (struct aescipherkeytoken *)(key + ++ cipherkey->length); + if (cipherkey->pfv == 0x00) /* V0 payload */ + *bitsize += cipherkey->pl - 384; + } diff --git a/s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch b/s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch new file mode 100644 index 0000000..76ce461 --- /dev/null +++ b/s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch @@ -0,0 +1,62 @@ +Subject: [PATCH] [BZ 183125] zkey: Fix listing of keys on file systems reporting DT_UNKNOWN. +From: Ingo Franzki + +Description: zkey: Fix listing of keys on file systems reporting DT_UNKNOWN. +Symptom: When the zkey key repository is located in a file system that + does not have full support for report the file type, such as + XFS, the 'zkey list' command does not show any keys, although + keys exist in the repository. +Problem: The zkey list function uses scandir() to look for files in the + zkey key repository directory. It checks the dirent.d_type field + to consider only regular files, but skips all others. File + systems that do not have full support for returning the file + type in d_type will return DT_UNKNOWN instead. zkey skips + those directory entries and thus does not show any keys. +Solution: Also consider directory entries with d_type = DT_UNKNOWN. +Reproduction: Use zkey with a zkey repository directory located in a file + system that does not have full support for returning the file + type, such as XFS. Generate a key in the repository and then + list the key s with 'zkey list'. + Note: Newly created XFS file systems usually support returning + the file type, but existing XFS file systems might not. To + create an XFS file system that does not support returning the + file type, use 'mkfs.xfs -f -m crc=0 -n ftype=0' to create + the file system. +Upstream-ID: 0de533aef9def920fed751c6025e4f19c4cba763~ +Problem-ID: 183125 + +Upstream-Description: + + zkey: Fix listing of keys on file systems reporting DT_UNKNOWN + + The zkey list function uses scandir() to look for files in the + zkey key repository directory. It checks the dirent.d_type field + to consider only regular files, but skip all others. + + Unfortunately, not all file systems have full support for returning + the file type in d_type. When the zkey repository is located in a file + system that does not support d_type, such as xfs, zkey list shows no + keys, although the key repository contains keys. + + Fix this by also considering directory entries with d_type = DT_UNKNOWN. + + Signed-off-by: Ingo Franzki + Signed-off-by: Jan Hoeppner + + +Signed-off-by: Ingo Franzki +--- + zkey/keystore.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/zkey/keystore.c ++++ b/zkey/keystore.c +@@ -906,7 +906,7 @@ static int _keystore_info_file_filter(co + { + size_t len; + +- if (dirent->d_type != DT_REG) ++ if (dirent->d_type != DT_REG && dirent->d_type != DT_UNKNOWN) + return 0; + + len = strlen(dirent->d_name); diff --git a/s390-tools.changes b/s390-tools.changes index 905c259..562e715 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sat Feb 8 02:25:58 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch + (bsc#1160373). +- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch + (bsc#1162840). +- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch + (bsc#1162996). +- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch + (bsc#1163002). + ------------------------------------------------------------------- Fri Oct 11 15:30:19 UTC 2019 - Mark Post diff --git a/s390-tools.spec b/s390-tools.spec index 51623a6..2060174 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -1,7 +1,7 @@ # # spec file for package s390-tools # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019-2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -123,6 +123,9 @@ Patch34: s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys Patch35: s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch Patch36: s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch Patch37: s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch +Patch38: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch +Patch39: s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch +Patch40: s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch # SUSE patches Patch900: s390-tools-sles12-zipl_boot_msg.patch @@ -137,6 +140,7 @@ Patch908: dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch Patch909: 59-dasd.rules-wait_for.patch Patch910: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch Patch911: s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch +Patch912: s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch BuildRequires: dracut BuildRequires: fuse-devel