SHA256
1
0
forked from pool/s390-tools
Dominique Leuenberger 2020-02-15 21:23:48 +00:00 committed by Git OBS Bridge
commit 0f065998ca
6 changed files with 200 additions and 1 deletions

View File

@ -0,0 +1,50 @@
Subject: zdev: Add support for handling I/O configuration data
From: Peter Oberparleiter <oberpar@linux.ibm.com>
Summary: zdev: Add support for handling I/O configuration data
Description: LPARs that are running in IBM Dynamic Partition Manager (DPM) mode
can access a firmware-generated I/O configuration data file that
contains s390-specific information about available I/O devices
such as qeth device numbers and parameters, and FCP device IDs.
This data file is intended to remove the need for users to
manually enter the corresponding device data during installation.
Linux kernels with the corresponding support make the I/O
configuration data available at the following location:
/sys/firmware/sclp_sd/config/data
This patch set adds support for handling this data file using the
chzdev and lszdev tools:
- I/O configuration data can be applied using chzdev's --import
option
- Initial RAM-Disk scripts automatically apply the
I/O configuration data to the system configuration
- lszdev can be used to display the applied auto-configuration
data
- chzdev can be used to manually override the
auto-configuration data
Upstream-ID: -
Problem-ID: LS1604
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
---
zdev/src/zdev-root-update.dracut | 6 ------
1 file changed, 6 deletions(-)
--- a/zdev/src/zdev-root-update.dracut
+++ b/zdev/src/zdev-root-update.dracut
@@ -20,10 +20,4 @@ dracut -f || {
exit 1
}
-echo "Installing IPL record"
-zipl --noninteractive || {
- echo "${TOOLNAME}: Error: Could not install IPL record" >&2
- exit 1
-}
-
exit 0

View File

@ -0,0 +1,11 @@
--- a/zdev/dracut/95zdev/module-setup.sh 2019-01-10 11:39:08.000000000 -0500
+++ b/zdev/dracut/95zdev/module-setup.sh 2019-01-14 13:28:33.983461097 -0500
@@ -32,7 +32,7 @@
installkernel() {
# Add modules for all device types supported by chzdev (required for
# auto-configuration)
- instmods lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
+ instmods ctcm lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
dasd_diag_mod zfcp
}

View File

@ -0,0 +1,60 @@
Subject: [PATCH] [BZ 183401] zkey: Fix display of clear key size for XTS keys
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fix display of clear key size for XTS keys
Symptom: The 'zkey list' command shows bogus values for the
keys 'Clear key size' for XTS keys of type CCA-AESDATA
or CCA-AESCIPHER.
Problem: XTS keys consist of 2 keys concatenated to each other.
To calculate the clear key size, the clear key size of
both keys must be added. The code does not address the
second key correctly, and thus reads the clear key size
of the second key from an invalid memory location. This
results in bogus values reported as clear key size.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations
for introducing a new key type".
Solution: Correct the addressing of the second key.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey list'.
Upstream-ID: e7f446432b92b293e758099842843cfb1f18fa97
Problem-ID: 183401
Upstream-Description:
zkey: Fix display of clear key size for XTS keys
Fixes: 298fab68fee8 ("zkey: Preparations for introducing a new key type")
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/pkey.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/zkey/pkey.c
+++ b/zkey/pkey.c
@@ -1591,8 +1591,8 @@ int get_key_bit_size(const u8 *key, size
if (is_cca_aes_data_key(key, key_size)) {
*bitsize = datakey->bitsize;
if (key_size == 2 * AESDATA_KEY_SIZE) {
- datakey = (struct aesdatakeytoken *)key +
- AESDATA_KEY_SIZE;
+ datakey = (struct aesdatakeytoken *)(key +
+ AESDATA_KEY_SIZE);
*bitsize += datakey->bitsize;
}
} else if (is_cca_aes_cipher_key(key, key_size)) {
@@ -1601,8 +1601,8 @@ int get_key_bit_size(const u8 *key, size
else
*bitsize = 0; /* Unknown */
if (key_size > cipherkey->length) {
- cipherkey = (struct aescipherkeytoken *)key +
- cipherkey->length;
+ cipherkey = (struct aescipherkeytoken *)(key +
+ cipherkey->length);
if (cipherkey->pfv == 0x00) /* V0 payload */
*bitsize += cipherkey->pl - 384;
}

View File

@ -0,0 +1,62 @@
Subject: [PATCH] [BZ 183125] zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
Symptom: When the zkey key repository is located in a file system that
does not have full support for report the file type, such as
XFS, the 'zkey list' command does not show any keys, although
keys exist in the repository.
Problem: The zkey list function uses scandir() to look for files in the
zkey key repository directory. It checks the dirent.d_type field
to consider only regular files, but skips all others. File
systems that do not have full support for returning the file
type in d_type will return DT_UNKNOWN instead. zkey skips
those directory entries and thus does not show any keys.
Solution: Also consider directory entries with d_type = DT_UNKNOWN.
Reproduction: Use zkey with a zkey repository directory located in a file
system that does not have full support for returning the file
type, such as XFS. Generate a key in the repository and then
list the key s with 'zkey list'.
Note: Newly created XFS file systems usually support returning
the file type, but existing XFS file systems might not. To
create an XFS file system that does not support returning the
file type, use 'mkfs.xfs -f -m crc=0 -n ftype=0' to create
the file system.
Upstream-ID: 0de533aef9def920fed751c6025e4f19c4cba763~
Problem-ID: 183125
Upstream-Description:
zkey: Fix listing of keys on file systems reporting DT_UNKNOWN
The zkey list function uses scandir() to look for files in the
zkey key repository directory. It checks the dirent.d_type field
to consider only regular files, but skip all others.
Unfortunately, not all file systems have full support for returning
the file type in d_type. When the zkey repository is located in a file
system that does not support d_type, such as xfs, zkey list shows no
keys, although the key repository contains keys.
Fix this by also considering directory entries with d_type = DT_UNKNOWN.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/keystore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/zkey/keystore.c
+++ b/zkey/keystore.c
@@ -906,7 +906,7 @@ static int _keystore_info_file_filter(co
{
size_t len;
- if (dirent->d_type != DT_REG)
+ if (dirent->d_type != DT_REG && dirent->d_type != DT_UNKNOWN)
return 0;
len = strlen(dirent->d_name);

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Sat Feb 8 02:25:58 UTC 2020 - Mark Post <mpost@suse.com>
- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
(bsc#1160373).
- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
(bsc#1162840).
- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
(bsc#1162996).
- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
(bsc#1163002).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 11 15:30:19 UTC 2019 - Mark Post <mpost@suse.com> Fri Oct 11 15:30:19 UTC 2019 - Mark Post <mpost@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package s390-tools # spec file for package s390-tools
# #
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2019-2020 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -123,6 +123,9 @@ Patch34: s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys
Patch35: s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch Patch35: s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch
Patch36: s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch Patch36: s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch
Patch37: s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch Patch37: s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch
Patch38: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
Patch39: s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
Patch40: s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
# SUSE patches # SUSE patches
Patch900: s390-tools-sles12-zipl_boot_msg.patch Patch900: s390-tools-sles12-zipl_boot_msg.patch
@ -137,6 +140,7 @@ Patch908: dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
Patch909: 59-dasd.rules-wait_for.patch Patch909: 59-dasd.rules-wait_for.patch
Patch910: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch Patch910: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
Patch911: s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch Patch911: s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch
Patch912: s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
BuildRequires: dracut BuildRequires: dracut
BuildRequires: fuse-devel BuildRequires: fuse-devel