rpms
/
s390utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
s390utils/SOURCES/s390utils-2.27.0-rhel.patch

1393 lines
48 KiB
Diff
Raw Normal View History

Update to 2.27.0
2023-11-01 06:58:46 +00:00
From 26251ccda8351529b8f1e8cb2aa5e73a8e9c4685 Mon Sep 17 00:00:00 2001
From: Stefan Haberland <sth@linux.ibm.com>
Date: Mon, 8 May 2023 14:52:54 +0200
Subject: [PATCH 1/4] zdev: add support for autoquiesce related sysfs
attributes (#2196510)
Autoquiesce is a mechanism that tells Linux to stop issuing I/Os to a
specific DASD after certain events.
Add support for configuring related DASD device attributes
that govern the following aspects of autoquiesce:
aq_mask - Configure which events lead to autoquiesce.
aq_requeue - Configure if autoquiesce will requeue all I/O to blocklayer.
aq_timeouts - Configure the number of timeouts before autoquiesce.
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
(cherry picked from commit 493af760ed47454f5719f05a6e6316f43a3be98a)
---
zdev/src/dasd.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/zdev/src/dasd.c b/zdev/src/dasd.c
index f9fd231..4330229 100644
--- a/zdev/src/dasd.c
+++ b/zdev/src/dasd.c
@@ -344,6 +344,68 @@ static struct attrib dasd_attr_fc_security = {
.readonly = 1,
};
+static struct attrib dasd_attr_aq_mask = {
+ .name = "aq_mask",
+ .title = "Specify autoquiesce triggers",
+ .desc =
+ "Use the aq_mask attribute to automatically quiesce a device and block\n"
+ "new I/O after certain events.\n"
+ "\n"
+ "The value is a bitmask in decimal or hexadecimal format where each set bit\n"
+ "indicates that the associated event shown in the table below triggers an\n"
+ "autoquiesce.\n"
+ " Bit 0 is not used.\n"
+ " 1 - 0x02 - A terminal I/O error occurred\n"
+ " 2 - 0x04 - No active channel paths remain for the device\n"
+ " 3 - 0x08 - A state change interrupt occurred\n"
+ " 4 - 0x10 - The device is PPRC suspended\n"
+ " 5 - 0x20 - No space is left on an ESE device\n"
+ " 6 - 0x40 The number of timeouts specified in aq_timeouts is reached\n"
+ " 7 - 0x80 - I/O was not started because of an error in the start function\n"
+ "\n"
+ "For example bits 1,3 and 5 set (0010 1010) lead to an integer value of 42\n"
+ "or 0x2A.\n"
+ "An integer value of 0 turns off the autoquiesce function.\n",
+ .order_cmp = ccw_online_only_order_cmp,
+ .check = ccw_online_only_check,
+ .defval = "0",
+ /*
+ * Currently only 8 bits are defined and the max value is 255.
+ * This needs to be adjusted if more bits are defined.
+ */
+ .accept = ACCEPT_ARRAY(ACCEPT_RANGE(0, 255)),
+};
+
+static struct attrib dasd_attr_aq_requeue = {
+ .name = "aq_requeue",
+ .title = "Control I/O requeing during autoquiesce",
+ .desc =
+ "Use the aq_requeue attribute to control whether outstanding I/O\n"
+ "operations to the blocklayer should be automatically requeued after\n"
+ "an autoquiesce event.\n"
+ "Valid values are 1 for requeuing, or 0 for no requeueing.\n"
+ "Requeing the I/O requests to the blocklayer might benefit I/O\n"
+ "in case of a copy_pair swap operation.\n",
+ .order_cmp = ccw_online_only_order_cmp,
+ .check = ccw_online_only_check,
+ .defval = "0",
+ .accept = ACCEPT_ARRAY(ACCEPT_RANGE(0, 1)),
+};
+
+static struct attrib dasd_attr_aq_timeouts = {
+ .name = "aq_timeouts",
+ .title = "Specify timeout retry threshold",
+ .desc =
+ "Specify the number of sequential timeout events for an I/O operation\n"
+ "before an autoquiesce is triggered on a device.\n"
+ "This requires that the corresponding trigger bit 6 is set\n"
+ "in the aq_mask attribute.\n",
+ .order_cmp = ccw_online_only_order_cmp,
+ .check = ccw_online_only_check,
+ .defval = "32768",
+ .accept = ACCEPT_ARRAY(ACCEPT_RANGE(0, 32768)),
+};
+
/*
* DASD subtype methods.
*/
@@ -725,6 +787,9 @@ struct subtype dasd_subtype_eckd = {
&dasd_attr_safe_offline,
&dasd_attr_fc_security,
&dasd_attr_copy_pair,
+ &dasd_attr_aq_mask,
+ &dasd_attr_aq_requeue,
+ &dasd_attr_aq_timeouts,
&internal_attr_early,
),
.unknown_dev_attribs = 1,
--
2.41.0
From d26696e5bfbc0c95b9ca70c3bd4b8fff0e36e38f Mon Sep 17 00:00:00 2001
From: Harald Freudenberger <freude@linux.ibm.com>
Date: Wed, 17 May 2023 11:43:08 +0200
Subject: [PATCH 2/4] lszcrypt: Support for SE AP pass-through support
(#2110510)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch adds support for Secure Execution with AP pass-through
support for lszcrypt.
lszcrypt details:
* extension to -b: list AP bus features
* extension to -c: now also valid for queue devices, shows
bind and assoicate state in SE environment;
shows MK states (only for current MKs).
* extension to -V: new column SESTAT within an SE guest, shows text
for the BS bits within an SE environment:
"usable", "bond", "avail", "unuse".
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
(cherry picked from commit f821f31a51e395c0d0b048413360eeff92eaee9c)
---
zconf/zcrypt/lszcrypt.8 | 195 +++++++++++++++++++++++++---------------
zconf/zcrypt/lszcrypt.c | 136 ++++++++++++++++++++++++----
zconf/zcrypt/misc.c | 38 +++++++-
zconf/zcrypt/misc.h | 3 +-
4 files changed, 278 insertions(+), 94 deletions(-)
diff --git a/zconf/zcrypt/lszcrypt.8 b/zconf/zcrypt/lszcrypt.8
index e1de2e9..536a3e3 100644
--- a/zconf/zcrypt/lszcrypt.8
+++ b/zconf/zcrypt/lszcrypt.8
@@ -1,6 +1,6 @@
.\" lszcrypt.8
.\"
-.\" Copyright IBM Corp. 2019, 2022
+.\" Copyright IBM Corp. 2019, 2023
.\" s390-tools is free software; you can redistribute it and/or modify
.\" it under the terms of the MIT license. See LICENSE for details.
.\"
@@ -10,7 +10,7 @@
.\" nroff -man lszcrypt.8
.\" to process this source
.\"
-.TH LSZCRYPT 8 "FEB 2022" "s390-tools"
+.TH LSZCRYPT 8 "MAY 2023" "s390-tools"
.SH NAME
lszcrypt \- display zcrypt device and configuration information
.SH SYNOPSIS
@@ -24,7 +24,7 @@ lszcrypt \- display zcrypt device and configuration information
.TP
.B lszcrypt
.B -c
-<card-id>
+<device-id>
.TP
.B lszcrypt -b
.TP
@@ -41,43 +41,60 @@ lszcrypt \- display zcrypt device and configuration information
.SH DESCRIPTION
The
.B lszcrypt
-command is used to display information about cryptographic devices managed by
-zcrypt and the AP bus attributes of zcrypt. Displayed information depends on the
-kernel version.
+command is used to display information about cryptographic devices
+managed by zcrypt and the AP bus attributes of zcrypt. Displayed
+information depends on the kernel version.
.B lszcrypt
requires that sysfs is mounted.
.P
The following information can be displayed for each cryptographic
device: card ID, domain ID, card type (symbolic), mode, online status,
-hardware card type (numeric), installed function facilities, card capability,
-hardware queue depth, request count, number of requests in hardware queue, and
-the number of outstanding requests.
-The following AP bus attributes can be displayed: AP domain, Max AP domain,
-configuration timer, poll thread status, poll timeout, and AP interrupt
-status.
+hardware card type (numeric), installed function facilities, card
+capability, hardware queue depth, request count, number of requests in
+hardware queue, and the number of outstanding requests. The following
+AP bus attributes can be displayed: AP domain, Max AP domain,
+configuration timer, poll thread status, poll timeout, and AP
+interrupt status.
.SH OPTIONS
.TP 8
.B -V, --verbose
-The verbose level for cryptographic device information.
-With this verbose level additional information like hardware card type,
-hardware queue depth, pending requests count, installed function
-facilities and driver binding is displayed.
+The verbose level for cryptographic device information. With this
+verbose level additional information like hardware card type, hardware
+queue depth, pending requests count, installed function facilities and
+driver binding is displayed.
.TP 8
.B <device-id>
-Specifies a cryptographic device to display. A cryptographic device can be
-either a card device or a queue device. If no devices are specified information
-about all available devices is displayed.
+Specifies a cryptographic device to display. A cryptographic device
+can be either a card device or a queue device. If no devices are
+specified information about all available devices is displayed.
Please note that the card device representation and the queue device
are both in hexadecimal notation.
.TP 8
.B -b, --bus
Displays the AP bus attributes and exits.
+
+There is also a list of AP bus features shown here:
+.RS
+.IP "o" 3
+APSC - Extended TAPQ (Test AP Queue) support.
+.IP "o"
+APXA - Support for more than 16 domains per card.
+.IP "o"
+QACT - QACT support for toleration of new unknown crypto cards.
+.IP "o"
+RC8A - Firmware reports 0x8A instead of 0x42 on some error conditions.
+.IP "o"
+APSB - AP bus has Secure Execution AP pass-through support.
+.RE
.TP 8
-.B -c, --capability <card-id>
-Shows the capabilities of a cryptographic card device of hardware type 6 or
-higher. The card device id value may be given as decimal or hex value (with
-a leading 0x). The capabilities of a cryptographic card device depend on
-the card type and the installed function facilities. A cryptographic card
+.B -c, --capability <device-id>
+Shows the capabilities of a cryptographic card or queue device of
+hardware type 6 or higher. A card device id value may be given as
+decimal or hex value (with a leading 0x), a queue device needs to be
+given as xy.abcd (as it is displayed by lszcrypt).
+
+The capabilities of a cryptographic card device depend on the card
+type and the installed function facilities. A cryptographic card
device can provide one or more of the following capabilities:
.RS
.IP "o" 3
@@ -94,14 +111,25 @@ Long RNG
.RS 8
The CCA Secure Key capability may be limited by a hypervisor
-layer. The remarks 'full function set' or 'restricted function set' may
-reflect this. For details about these limitations please check the
+layer. The remarks 'full function set' or 'restricted function set'
+may reflect this. For details about these limitations please check the
hypervisor documentation.
.RE
+
+.RS 8
+The capabilities of a cryptographic queue device may vary depending
+on some state or environment. However if a queue device is given here,
+and the runtime environment is a KVM guest in Secure Execution mode
+with AP pass-through support, then the AP queue bind state and AP
+queue association state is shown here. Furthermore the state(s) and
+mkvp(s) (Master Key Verification Pattern) of the current master WK
+(Wrapping Key - EP11 mode) or current master AES, APKA and ASYM (CCA
+mode) are shown here.
+.RE
.TP 8
.B -d, --domains
-Shows the usage and control domains of the cryptographic devices.
-The displayed domains of the cryptographic device depends on the initial
+Shows the usage and control domains of the cryptographic devices. The
+displayed domains of the cryptographic device depends on the initial
cryptographic configuration.
.RS
.IP "o" 3
@@ -140,18 +168,20 @@ Here is an explanation of the columns displayed. Please note that some
of the columns show up in verbose mode only.
.TP
.B CARD.DOM
-The crypto card number in hexadecimal for a crypto card line or
-the crypto card number and the domain id both in hex separated by a single
+The crypto card number in hexadecimal for a crypto card line or the
+crypto card number and the domain id both in hex separated by a single
dot for a queue line.
.TP
.B TYPE and HWTYPE
-The HWTYPE is a numeric value showing which type of hardware the zcrypt
-device driver presumes that this crypto card is. The currently known values
-are 7=CEX3C, 8=CEX3A, 10=CEX4, 11=CEX5, 12=CEX6, 13=CEX7 and 14=CEX8.
+The HWTYPE is a numeric value showing which type of hardware the
+zcrypt device driver presumes that this crypto card is. The currently
+known values are 7=CEX3C, 8=CEX3A, 10=CEX4, 11=CEX5, 12=CEX6, 13=CEX7
+and 14=CEX8.
.br
-The TYPE is a human readable value showing the hardware type and the basic
-function type (A=Accelerator, C=CCA Coprocessor, P=EP11 Coprocessor). So
-for example CEX6P means a CEX6 card in EP11 Coprocessor mode.
+The TYPE is a human readable value showing the hardware type and the
+basic function type (A=Accelerator, C=CCA Coprocessor, P=EP11
+Coprocessor). So for example CEX6P means a CEX6 card in EP11
+Coprocessor mode.
.TP
.B MODE
A crypto card can be configured to run into one of 3 modes:
@@ -170,13 +200,13 @@ online/offline state is kept by the zcrypt device driver and can be
switched on or off with the help of the chzcrypt application.
.br
A crypto card can also be 'configured' or 'deconfigured'. This state
-may be adjusted on the HMC or SE. The chzcrypt application can also
-trigger this state with the --config-on and --config-off options.
+may be adjusted on the HMC. The chzcrypt application can also trigger
+this state with the --config-on and --config-off options.
.br
lszcrypt shows 'online' when a card or queue is available for
cryptographic operations. 'offline' is displayed when a card or queue
is switched to (software) offline. If a card is 'deconfigured' via
-HMC, SE or chzcrypt the field shows 'deconfig'.
+HMC or chzcrypt the field shows 'deconfig'.
.br
A crypto card may also reach a 'checkstopped' state. lszcrypt shows
this as 'chkstop'.
@@ -184,21 +214,22 @@ this as 'chkstop'.
If a queue is not bound to a device driver there is no detailed
information available and thus the status shows only '-'.
.br
-If a queue is bound to the vfio-ap device driver it is up to this driver
-to give some status information and what exactly this means. So lszcrypt
-shows the text retrieved from the underlying sysfs attribute here.
+If a queue is bound to the vfio-ap device driver it is up to this
+driver to give some status information and what exactly this means. So
+lszcrypt shows the text retrieved from the underlying sysfs attribute
+here.
.TP
.B REQUESTS
-This is the counter value of successful processed requests on card or queue
-level. Successful here means the request was processed without any failure
-in the whole processing chain.
+This is the counter value of successful processed requests on card or
+queue level. Successful here means the request was processed without
+any failure in the whole processing chain.
.TP
.B PENDING
-The underlying firmware and hardware layer usually provide some queuing
-space for requests. When this queue is already filled up, the zcrypt device
-driver maintains a software queue of pending requests. The sum of these
-both values is displayed here and shows the amount of requests waiting for
-processing on card or queue level.
+The underlying firmware and hardware layer usually provide some
+queuing space for requests. When this queue is already filled up, the
+zcrypt device driver maintains a software queue of pending
+requests. The sum of these both values is displayed here and shows the
+amount of requests waiting for processing on card or queue level.
.TP
.B FUNCTIONS
This column shows firmware and hardware function details:
@@ -224,48 +255,64 @@ F - Full function support (opposed to restricted function support, see below).
.br
R - Restricted function support. The F and R flag both reflect if a
hypervisor is somehow restricting this crypto resource in a virtual
-environment. Dependent on the hypervisor configuration the crypto requests
-may be filtered by the hypervisor to allow only a subset of functions
-within the virtual runtime environment. For example a shared CCA
-Coprocessor may be restricted by the hypervisor to allow only clear key
-operations within the guests.
+environment. Dependent on the hypervisor configuration the crypto
+requests may be filtered by the hypervisor to allow only a subset of
+functions within the virtual runtime environment. For example a shared
+CCA Coprocessor may be restricted by the hypervisor to allow only
+clear key operations within the guests.
.TP
.B DRIVER
.br
Shows which card or queue device driver currently handles this crypto
resource. Currently known drivers are cex4card/cex4queue (CEX4-CEX8
hardware), cex2card/cex2cqueue (CEX2C and CEX3C hardware),
-cex2acard/cex2aqueue (CEX2A and CEX3A hardware) and vfio_ap (queue reserved
-for use by kvm hypervisor for kvm guests and not accessible to host
-applications). It is also valid to have no driver handling a queue which is
-shown as a -no-driver- entry.
+cex2acard/cex2aqueue (CEX2A and CEX3A hardware) and vfio_ap (queue
+reserved for use by KVM hypervisor for KVM guests and not accessible
+to host applications). It is also valid to have no driver handling a
+queue which is shown as a -no-driver- entry.
+.TP
+.B SESTAT
+.br
+Shows the state of the BS bits associated with every AP queue within a
+Secure Execution guest when AP Pass-through support is available:
+.br
+usable - AP queue is usable for crypto load.
+.br
+bound - AP queue is bound but not yet associated.
+.br
+unbound - AP queue is unbound and needs to get bound to this Secure
+Execution guest.
+.br
+illicit - AP queue is not available for this Secure Execution guest.
.SH NOTES
-Use only one of the mode filtering options --accelonly, --ccaonly, --ep11only.
-Same with card/queue filtering: Use only one of --cardonly, --queueonly.
-However, one of the mode filtering options and one of the card/queue filtering
-can be combined.
+Use only one of the mode filtering options --accelonly, --ccaonly,
+--ep11only. Same with card/queue filtering: Use only one of
+--cardonly, --queueonly. However, one of the mode filtering options
+and one of the card/queue filtering can be combined.
.SH EXAMPLES
.TP
.B lszcrypt
-Displays the card/domain ID, card type (short name), mode (long name), online
-status and request count of all available cryptographic devices.
+Displays the card/domain ID, card type (short name), mode (long name),
+online status and request count of all available cryptographic
+devices.
.TP
.B lszcrypt 1 3 5
-Displays the card/domain ID, card type, mode, online status and request count
-for cryptographic devices 1, 3, and 5.
+Displays the card/domain ID, card type, mode, online status and
+request count for cryptographic devices 1, 3, and 5.
.TP
.B lszcrypt -V 3 7 11
-Displays the card/domain ID, card type, mode, online status, request count,
-number of requests in the hardware queue, number of outstanding requests and
-installed function facilities for cryptographic devices 3, 7 and 17 (0x11).
+Displays the card/domain ID, card type, mode, online status, request
+count, number of requests in the hardware queue, number of outstanding
+requests and installed function facilities for cryptographic devices
+3, 7 and 17 (0x11).
.TP
.B lszcrypt 10.0038
-Displays information of the cryptographic device '10.0038' respectively card
-id 16 (0x10) with domain 56 (0x38).
+Displays information of the cryptographic device '10.0038'
+respectively card id 16 (0x10) with domain 56 (0x38).
.TP
.B lszcrypt .0038
-Displays information of all available queue devices (potentially multiple
-adapters) with domain 56 (0x38).
+Displays information of all available queue devices (potentially
+multiple adapters) with domain 56 (0x38).
.TP
.B lszcrypt -b
Displays AP bus information.
diff --git a/zconf/zcrypt/lszcrypt.c b/zconf/zcrypt/lszcrypt.c
index 43a3c39..09de77e 100644
--- a/zconf/zcrypt/lszcrypt.c
+++ b/zconf/zcrypt/lszcrypt.c
@@ -1,7 +1,7 @@
/**
* lszcrypt - Display zcrypt devices and configuration settings
*
- * Copyright IBM Corp. 2008, 2022
+ * Copyright IBM Corp. 2008, 2023
*
* s390-tools is free software; you can redistribute it and/or modify
* it under the terms of the MIT license. See LICENSE for details.
@@ -55,7 +55,7 @@ static struct lszcrypt_l {
#define MASK_COPRO 0x10000000
#define MASK_ACCEL 0x08000000
#define MASK_EP11 0x04000000
-#define MASK_HSL 0x01000000
+#define MASK_HSL 0x01000000
/*
* Classification
@@ -85,6 +85,8 @@ static struct fac_bits_s {
{ 0x00400000, 'R' }, /* bit 9, restricted function set */
};
+#define EXTRACT_BS_BITS(f) (((f) & 0x0000c000UL) >> 14)
+
/*
* Program configuration
*/
@@ -95,7 +97,7 @@ static const struct util_prg prg = {
{
.owner = "IBM Corp.",
.pub_first = 2008,
- .pub_last = 2020,
+ .pub_last = 2023,
},
UTIL_PRG_COPYRIGHT_END
}
@@ -169,8 +171,9 @@ static struct util_opt opt_vec[] = {
static void show_bus(void)
{
long domain, max_domain, config_time, value;
- unsigned long long poll_timeout;
const char *poll_thread, *ap_interrupts;
+ unsigned long long poll_timeout;
+ char features[256];
char *ap;
/* check if ap driver is available */
@@ -178,6 +181,10 @@ static void show_bus(void)
if (!util_path_is_dir(ap))
errx(EXIT_FAILURE, "Crypto device driver not available.");
+ if (util_path_is_readable("%s/features", ap))
+ util_file_read_line(features, sizeof(features), "%s/features", ap);
+ else
+ features[0] = '\0';
util_file_read_l(&domain, 10, "%s/ap_domain", ap);
util_file_read_l(&max_domain, 10, "%s/ap_max_domain_id", ap);
util_file_read_l(&config_time, 10, "%s/config_time", ap);
@@ -192,6 +199,8 @@ static void show_bus(void)
ap_interrupts = "enabled";
else
ap_interrupts = "disabled";
+ if (features[0])
+ printf("features: %s\n", features);
printf("ap_domain=0x%lx\n", domain);
printf("ap_max_domain_id=0x%lx\n", max_domain);
if (util_path_is_reg_file("%s/ap_interrupts", ap))
@@ -374,23 +383,15 @@ next:
}
/*
- * Show capability
+ * Show card capability
*/
-static void show_capability(const char *id_str)
+static void show_card_capability(int id)
{
unsigned long func_val;
- long hwtype, id, max_msg_size;
- char *p, *ap, *dev, card[16], cbuf[256];
-
- /* check if ap driver is available */
- ap = util_path_sysfs("bus/ap");
- if (!util_path_is_dir(ap))
- errx(EXIT_FAILURE, "Crypto device driver not available.");
+ long hwtype, max_msg_size;
+ char *dev, card[16], cbuf[256];
- id = strtol(id_str, &p, 0);
- if (id < 0 || id > 255 || p == id_str || *p != '\0')
- errx(EXIT_FAILURE, "Error - '%s' is an invalid cryptographic device id.", id_str);
- snprintf(card, sizeof(card), "card%02lx", id);
+ snprintf(card, sizeof(card), "card%02x", id);
dev = util_path_sysfs("devices/ap/%s", card);
if (!util_path_is_dir(dev))
errx(EXIT_FAILURE, "Error - cryptographic device %s does not exist.", card);
@@ -464,6 +465,78 @@ static void show_capability(const char *id_str)
card, hwtype);
break;
}
+
+ free(dev);
+}
+
+/*
+ * Show queue capability
+ */
+static void show_queue_capability(int id, int dom)
+{
+ char *dev, card[16], queue[16], buf[256];
+
+ snprintf(card, sizeof(card), "card%02x", id);
+ snprintf(queue, sizeof(queue), "%02x.%04x", id, dom);
+ dev = util_path_sysfs("devices/ap/%s/%s", card, queue);
+ if (!util_path_is_dir(dev))
+ errx(EXIT_FAILURE, "Error - cryptographic queue device %02x.%04x does not exist.",
+ id, dom);
+
+ printf("queue %02x.%04x capabilities:\n", id, dom);
+
+ if (util_path_is_reg_file("%s/se_bind", dev)) {
+ util_file_read_line(buf, sizeof(buf), "%s/se_bind", dev);
+ printf("SE bind state: %s\n", buf);
+ }
+ if (util_path_is_reg_file("%s/se_associate", dev)) {
+ util_file_read_line(buf, sizeof(buf), "%s/se_associate", dev);
+ printf("SE association state: %s\n", buf);
+ }
+ if (util_path_is_reg_file("%s/mkvps", dev)) {
+ char *mkvps = util_path_sysfs("devices/ap/%s/%s/mkvps", card, queue);
+ FILE *f = fopen(mkvps, "r");
+
+ if (!f)
+ errx(EXIT_FAILURE, "Error - failed to open sysfs file %s.",
+ mkvps);
+ while (fgets(buf, sizeof(buf), f)) {
+ if (strstr(buf, "WK CUR") ||
+ strstr(buf, "AES CUR") ||
+ strstr(buf, "APKA CUR") ||
+ strstr(buf, "ASYM CUR"))
+ printf("MK %s", buf); /* no newline here */
+ }
+ fclose(f);
+ free(mkvps);
+ }
+
+ free(dev);
+}
+
+/*
+ * Show capability
+ */
+static void show_capability(const char *id_str)
+{
+ char *p, *ap;
+ int id, dom;
+
+ /* check if ap driver is available */
+ ap = util_path_sysfs("bus/ap");
+ if (!util_path_is_dir(ap))
+ errx(EXIT_FAILURE, "Crypto device driver not available.");
+
+ if (sscanf(id_str, "%x.%x", &id, &dom) == 2) {
+ show_queue_capability(id, dom);
+ } else {
+ id = strtol(id_str, &p, 0);
+ if (id < 0 || id > 255 || p == id_str || *p != '\0')
+ errx(EXIT_FAILURE,
+ "Error - '%s' is an invalid cryptographic device id.",
+ id_str);
+ show_card_capability(id);
+ }
}
/*
@@ -601,11 +674,33 @@ static void read_subdev_rec_verbose(struct util_rec *rec, const char *grp_dev,
util_file_read_l(&depth, 10, "%s/depth", grp_dev);
util_rec_set(rec, "depth", "%02d", depth + 1);
- util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
+ if (util_path_is_readable("%s/%s/ap_functions", grp_dev, sub_dev))
+ util_file_read_ul(&facility, 16, "%s/%s/ap_functions", grp_dev, sub_dev);
+ else
+ util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev);
for (i = 0; i < MAX_FAC_BITS; i++)
buf[i] = facility & fac_bits[i].mask ? fac_bits[i].c : '-';
buf[i] = '\0';
util_rec_set(rec, "facility", buf);
+
+ if (ap_bus_has_SB_support()) {
+ switch (EXTRACT_BS_BITS(facility)) {
+ case 0:
+ util_rec_set(rec, "sestat", "usable");
+ break;
+ case 1:
+ util_rec_set(rec, "sestat", "bound");
+ break;
+ case 2:
+ util_rec_set(rec, "sestat", "unbound");
+ break;
+ case 3:
+ util_rec_set(rec, "sestat", "illicit");
+ break;
+ default:
+ util_rec_set(rec, "sestat", "-");
+ }
+ }
}
/*
@@ -750,6 +845,9 @@ static void read_rec_verbose(struct util_rec *rec, const char *grp_dev)
i = read_driver(grp_dev, NULL, buf, sizeof(buf));
util_rec_set(rec, "driver", i > 0 ? buf : "-no-driver-");
+
+ if (ap_bus_has_SB_support())
+ util_rec_set(rec, "sestat", "-");
}
/*
@@ -818,6 +916,8 @@ static void define_rec_verbose(struct util_rec *rec)
util_rec_def(rec, "depth", UTIL_REC_ALIGN_RIGHT, 6, "QDEPTH");
util_rec_def(rec, "facility", UTIL_REC_ALIGN_LEFT, 10, "FUNCTIONS");
util_rec_def(rec, "driver", UTIL_REC_ALIGN_LEFT, 11, "DRIVER");
+ if (ap_bus_has_SB_support())
+ util_rec_def(rec, "sestat", UTIL_REC_ALIGN_LEFT, 11, "SESTAT");
}
/*
diff --git a/zconf/zcrypt/misc.c b/zconf/zcrypt/misc.c
index 4296cb1..05913d6 100644
--- a/zconf/zcrypt/misc.c
+++ b/zconf/zcrypt/misc.c
@@ -1,16 +1,20 @@
/*
* Misc - Local helper functions
*
- * Copyright IBM Corp. 2016, 2017
+ * Copyright IBM Corp. 2016, 2023
*
* s390-tools is free software; you can redistribute it and/or modify
* it under the terms of the MIT license. See LICENSE for details.
*/
#include <regex.h>
+#include <string.h>
#include <sys/types.h>
+#include "lib/util_base.h"
+#include "lib/util_file.h"
#include "lib/util_panic.h"
+#include "lib/util_path.h"
#include "misc.h"
/**
@@ -35,3 +39,35 @@ bool misc_regex_match(const char *str, const char *regex)
regfree(&preg);
return rc == 0 ? true : false;
}
+
+/**
+ * Test if AP bus has SB support available.
+ *
+ * @returns true Yes, SB support is available
+ * false No
+ */
+bool ap_bus_has_SB_support(void)
+{
+ static int sb_support = -1;
+
+ if (sb_support < 0) {
+ char *ap, buf[256];
+
+ ap = util_path_sysfs("bus/ap");
+ if (!util_path_is_dir(ap)) {
+ sb_support = 0;
+ } else {
+ if (!util_path_is_readable("%s/features", ap)) {
+ sb_support = 0;
+ } else {
+ util_file_read_line(buf, sizeof(buf),
+ "%s/features", ap);
+ if (strstr(buf, "APSB"))
+ sb_support = 1;
+ }
+ }
+ free(ap);
+ }
+
+ return sb_support > 0 ? true : false;
+}
diff --git a/zconf/zcrypt/misc.h b/zconf/zcrypt/misc.h
index 502a687..92cf453 100644
--- a/zconf/zcrypt/misc.h
+++ b/zconf/zcrypt/misc.h
@@ -1,7 +1,7 @@
/*
* misc - Local helper functions
*
- * Copyright IBM Corp. 2016, 2017
+ * Copyright IBM Corp. 2016, 2023
*
* s390-tools is free software; you can redistribute it and/or modify
* it under the terms of the MIT license. See LICENSE for details.
@@ -13,5 +13,6 @@
#include <stdbool.h>
bool misc_regex_match(const char *str, const char *regex);
+bool ap_bus_has_SB_support(void);
#endif /* MISC_H */
--
2.41.0
From 4b8726135731ee039d8eb33566bfa051b66b7bfb Mon Sep 17 00:00:00 2001
From: Harald Freudenberger <freude@linux.ibm.com>
Date: Wed, 17 May 2023 13:13:09 +0200
Subject: [PATCH 3/4] chzcrypt: Support for SE bind, unbind and associate
(#2110510)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch adds support for Secure Execution with AP pass-through
support for chzcrypt.
chzcrypt details:
* new command: --se-associate <secret-id> <queue device>
* new command: --se-bind <queue device>
* new command: --se-unbind <queue device>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
(cherry picked from commit e35e73d2a3f60d43b109168cc37f9c43bc35b0a4)
---
zconf/zcrypt/chzcrypt.8 | 72 +++++++----
zconf/zcrypt/chzcrypt.c | 278 +++++++++++++++++++++++++++++++++++++---
2 files changed, 310 insertions(+), 40 deletions(-)
diff --git a/zconf/zcrypt/chzcrypt.8 b/zconf/zcrypt/chzcrypt.8
index a73ff27..94e32fb 100644
--- a/zconf/zcrypt/chzcrypt.8
+++ b/zconf/zcrypt/chzcrypt.8
@@ -1,10 +1,16 @@
.\" chzcrypt.8
.\"
-.\" Copyright 2020 IBM Corp.
+.\" Copyright 2020, 2023 IBM Corp.
.\" s390-tools is free software; you can redistribute it and/or modify
.\" it under the terms of the MIT license. See LICENSE for details.
.\"
-.TH CHZCRYPT 8 "OCT 2020" "s390-tools"
+.\" use
+.\" groff -man -Tutf8 chzcrypt.8
+.\" or
+.\" nroff -man chzcrypt.8
+.\" to process this source
+.\"
+.TH CHZCRYPT 8 "MAY 2023" "s390-tools"
.SH NAME
chzcrypt \- modify zcrypt configuration
.SH SYNOPSIS
@@ -46,8 +52,8 @@ chzcrypt \- modify zcrypt configuration
.SH DESCRIPTION
The
.B chzcrypt
-command is used to configure cryptographic devices managed by zcrypt and
-modify zcrypt's AP bus attributes.
+command is used to configure cryptographic devices managed by zcrypt
+and modify zcrypt's AP bus attributes.
Attributes may vary depending on the kernel
version.
@@ -70,19 +76,6 @@ Set the given cryptographic card device(s) config on ('configured').
.B --config-off
Set the given cryptographic card device(s) config off ('deconfigured').
.TP 8
-.B <device id>
-Specifies a cryptographic device which will be set either online or
-offline or configured on or off. For online and offline the device can
-either be a card device or a queue device. A queue device can only get
-switched online when the providing card is online.
-.br
-For config on/off the device needs to be a card device. A card or
-queue device cannot get switched online if the card is in deconfigured
-state.
-.br
-Please note that the card device and queue device representation are both
-in hexadecimal notation.
-.TP 8
.B -p, --poll-thread-enable
Enable zcrypt's poll thread.
.TP 8
@@ -94,15 +87,28 @@ Set configuration timer for re-scanning the AP bus to
.I <timeout>
seconds.
.TP 8
+.B --se-associate <association-index> <queue-device>
+Associate the given queue device with the given association
+index. This command is only valid within an Secure Execution guest
+with AP pass-through support enabled.
+.TP 8
+.B --se-bind <queue-device>
+Bind the given queue device. This command is only valid within an
+Secure Execution guest with AP pass-through support enabled.
+.TP 8
+.B --se-unbind <queue-device>
+Unbind the given queue device. This command is only valid within an
+Secure Execution guest with AP pass-through support enabled.
+.TP 8
.BI "-t, --poll-timeout" " <poll_timeout>"
Set poll timer to run poll tasklet all
.I <poll_timeout>
nanoseconds.
.TP 8
.BI "-q, --default-domain" " <domain>"
-Set the new default domain of the AP bus to <domain>.
-The number of available domains can be retrieved with the lszcrypt
-command ('-d' option).
+Set the new default domain of the AP bus to <domain>. The number of
+available domains can be retrieved with the lszcrypt command ('-d'
+option).
.TP 8
.B -V, --verbose
Print verbose messages.
@@ -112,6 +118,22 @@ Print help text and exit.
.TP 8
.B -v, --version
Print version information and exit.
+.TP 8
+.B <device id>
+Specifies a cryptographic device which will be set either online or
+offline or configured on or off. For online and offline the device can
+either be a card device or a queue device. A queue device can only get
+switched online when the providing card is online.
+.br
+For config on/off the device needs to be a card device. A card or
+queue device cannot get switched online if the card is in deconfigured
+state.
+.br
+Please note that the card device and queue device representation are
+both in hexadecimal notation.
+.TP 8
+.B <queue-device>
+An APQN queue device given as xy.abcd as it is listed by lszcrypt -V.
.SH EXAMPLES
.TP
.B chzcrypt -e 0 1 12
@@ -131,8 +153,8 @@ Set all available crypto cards to config on, be verbose.
Switch the two crypto cards 1 and 3 to deconfigured, be verbose.
.TP
.B chzcrypt -c 60 -n
-Will set configuration timer for re-scanning the AP bus to 60 seconds and
-disable zcrypt's poll thread.
+Will set configuration timer for re-scanning the AP bus to 60 seconds
+and disable zcrypt's poll thread.
.TP
.B chzcrypt -q 67
Will set the default domain to 67.
@@ -144,5 +166,11 @@ chzcrypt exits with an appropriate message. Even more config on/off
may require support from a hypervisor like KVM or zVM and may fail if
the Linux kernel is unable to perform the SCLP command. Check syslog
on failure.
+.TP
+Bind, associate and unbind command on an queue device are only
+available and valid within an Secure Execution environment with AP
+pass-through enabled and a Linux kernel providing the low level sysfs
+API. If these conditions are not fulfilled, the command will fail with
+an appropriate error messages.
.SH SEE ALSO
\fBlszcrypt\fR(8)
diff --git a/zconf/zcrypt/chzcrypt.c b/zconf/zcrypt/chzcrypt.c
index 68b36a5..b04bcfa 100644
--- a/zconf/zcrypt/chzcrypt.c
+++ b/zconf/zcrypt/chzcrypt.c
@@ -1,7 +1,7 @@
/*
* chzcrypt - Tool to modify zcrypt configuration
*
- * Copyright IBM Corp. 2008, 2020
+ * Copyright IBM Corp. 2008, 2023
*
* s390-tools is free software; you can redistribute it and/or modify
* it under the terms of the MIT license. See LICENSE for details.
@@ -28,6 +28,12 @@
#include "misc.h"
+/* max seconds the se-association command will wait for completion */
+#define MAX_ASSOC_POLL_TIME_IN_S 30
+
+/* max seconds the se-unbind command will wait for unbind complete */
+#define MAX_UNBIND_POLL_TIME_IN_S 30
+
/*
* Private data
*/
@@ -45,7 +51,7 @@ static const struct util_prg prg = {
{
.owner = "IBM Corp.",
.pub_first = 2008,
- .pub_last = 2020,
+ .pub_last = 2023,
},
UTIL_PRG_COPYRIGHT_END
}
@@ -57,6 +63,9 @@ static const struct util_prg prg = {
#define OPT_CONFIG_ON 0x80
#define OPT_CONFIG_OFF 0x81
+#define OPT_SE_ASSOC 0x82
+#define OPT_SE_BIND 0x83
+#define OPT_SE_UNBIND 0x84
static struct util_opt opt_vec[] = {
{
@@ -116,6 +125,22 @@ static struct util_opt opt_vec[] = {
.option = { "verbose", no_argument, NULL, 'V'},
.desc = "Print verbose messages",
},
+ {
+ .option = { "se-associate", required_argument, NULL, OPT_SE_ASSOC},
+ .argument = "assoc_idx",
+ .flags = UTIL_OPT_FLAG_NOSHORT,
+ .desc = "SE guest with AP support only: Associate the given queue device",
+ },
+ {
+ .option = { "se-bind", no_argument, NULL, OPT_SE_BIND},
+ .flags = UTIL_OPT_FLAG_NOSHORT,
+ .desc = "SE guest with AP support only: Bind the given queue device",
+ },
+ {
+ .option = { "se-unbind", no_argument, NULL, OPT_SE_UNBIND},
+ .flags = UTIL_OPT_FLAG_NOSHORT,
+ .desc = "SE guest with AP support only: Unbind the given queue device",
+ },
UTIL_OPT_HELP,
UTIL_OPT_VERSION,
UTIL_OPT_END
@@ -336,6 +361,186 @@ next:
}
}
+static void se_assoc(const char *assoc_idx, const char *dev)
+{
+ int i, idx, rc, ap, dom, loop;
+ char *dev_path, *attr;
+ char buf[256];
+
+ if (!ap_bus_has_SB_support())
+ errx(EXIT_FAILURE, "Error - AP bus: SE bind support is not available.");
+
+ if (sscanf(dev, "%02x.%04x", &ap, &dom) != 2)
+ errx(EXIT_FAILURE, "Error - Can't parse queue device '%s' as xy.abcd.",
+ dev);
+ dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x",
+ ap, ap, dom);
+ if (!util_path_is_dir(dev_path))
+ errx(EXIT_FAILURE, "Error - Queue device %s does not exist.",
+ dev);
+
+ if (sscanf(assoc_idx, "%i", &idx) != 1)
+ errx(EXIT_FAILURE, "Error - Can't parse association index '%s' as number.",
+ assoc_idx);
+ if (idx < 0 || idx > 0xFFFF)
+ errx(EXIT_FAILURE, "Error - Association index needs to be in range [0...%d].",
+ 0xffff);
+
+ attr = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x/se_associate",
+ ap, ap, dom);
+ if (!util_path_is_writable(attr))
+ errx(EXIT_FAILURE, "Error - Can't write to %s (errno '%s').",
+ attr, strerror(errno));
+
+ /* read se_associate attribute and check for 'unassociated' */
+ rc = util_file_read_line(buf, sizeof(buf), attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure reading from %s (errno '%s').",
+ attr, strerror(errno));
+ if (strcmp(buf, "unassociated"))
+ errx(EXIT_FAILURE,
+ "Error - Queue device %s is NOT in 'unassociated' state (state '%s' found).",
+ dev, buf);
+
+ /* write assocition index to the se_associate attribute */
+ rc = util_file_write_l(idx, 10, attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure writing to %s (errno '%s').",
+ attr, strerror(errno));
+
+ /* loop up to MAX_ASSOC_POLL_TIME_IN_S seconds for completion */
+ for (loop = 0; loop < 2 * MAX_ASSOC_POLL_TIME_IN_S; usleep(500000), loop++) {
+ rc = util_file_read_line(buf, sizeof(buf), attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure reading from %s (errno '%s').",
+ attr, strerror(errno));
+ if (!strncmp(buf, "associated", strlen("associated")))
+ break;
+ if (!strcmp(buf, "unassociated"))
+ errx(EXIT_FAILURE,
+ "Error - Failure associating queue device %s (state '%s' found).",
+ dev, buf);
+ }
+ if (loop >= 2 * MAX_ASSOC_POLL_TIME_IN_S)
+ errx(EXIT_FAILURE,
+ "Error - Failure associating queue device %s (timeout after %d s).",
+ dev, MAX_ASSOC_POLL_TIME_IN_S);
+
+ if (sscanf(buf, "associated %d", &i) != 1 || idx != i)
+ errx(EXIT_FAILURE,
+ "Error - Failure associating queue device %s (state '%s' found).",
+ dev, buf);
+
+ verbose("Queue device %s successful associated with index %d.\n",
+ dev, idx);
+
+ free(dev_path);
+ free(attr);
+}
+
+static void se_bind(const char *dev)
+{
+ char *dev_path, *attr;
+ int rc, ap, dom;
+ char buf[256];
+
+ if (!ap_bus_has_SB_support())
+ errx(EXIT_FAILURE, "Error - AP bus: SE bind support is not available.");
+
+ if (sscanf(dev, "%02x.%04x", &ap, &dom) != 2)
+ errx(EXIT_FAILURE, "Error - Can't parse queue device '%s' as xy.abcd.",
+ dev);
+ dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x",
+ ap, ap, dom);
+ if (!util_path_is_dir(dev_path))
+ errx(EXIT_FAILURE, "Error - Queue device %s does not exist.",
+ dev);
+
+ attr = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x/se_bind",
+ ap, ap, dom);
+ if (!util_path_is_writable(attr))
+ errx(EXIT_FAILURE, "Error - Can't write to %s (errno '%s').",
+ attr, strerror(errno));
+
+ /* read se_bind attribute and check for 'unboud' */
+ rc = util_file_read_line(buf, sizeof(buf), attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure reading from %s (errno '%s').",
+ attr, strerror(errno));
+ if (strcmp(buf, "unbound"))
+ errx(EXIT_FAILURE,
+ "Error - Queue device %s is NOT in 'unbound' state (state '%s' found).",
+ dev, buf);
+
+ /* write se_bind attribute, check for 'bound' afterwards */
+ rc = util_file_write_l(1, 10, attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure writing to %s (errno '%s').",
+ attr, strerror(errno));
+ rc = util_file_read_line(buf, sizeof(buf), attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure reading from %s (errno '%s').",
+ attr, strerror(errno));
+ if (strcmp(buf, "bound"))
+ errx(EXIT_FAILURE, "Error - Failure binding queue device %s (state '%s' found).",
+ dev, buf);
+
+ verbose("Queue device %s successful bound.\n", dev);
+
+ free(dev_path);
+ free(attr);
+}
+
+static void se_unbind(const char *dev)
+{
+ int rc, ap, dom, loop;
+ char *dev_path, *attr;
+ char buf[256];
+
+ if (!ap_bus_has_SB_support())
+ errx(EXIT_FAILURE, "Error - AP bus: SE bind support is not available.");
+
+ if (sscanf(dev, "%02x.%04x", &ap, &dom) != 2)
+ errx(EXIT_FAILURE, "Error - Can't parse queue device '%s' as xy.abcd.",
+ dev);
+ dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x",
+ ap, ap, dom);
+ if (!util_path_is_dir(dev_path))
+ errx(EXIT_FAILURE, "Error - Queue device %s does not exist.",
+ dev);
+
+ attr = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x/se_bind",
+ ap, ap, dom);
+ if (!util_path_is_writable(attr))
+ errx(EXIT_FAILURE, "Error - Can't write to %s (errno '%s').",
+ attr, strerror(errno));
+
+ /* write se_bind attribute */
+ rc = util_file_write_l(0, 10, attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure writing to %s (errno '%s').",
+ attr, strerror(errno));
+
+ /* loop up to MAX_UNBIND_POLL_TIME_IN_S seconds for completion */
+ for (loop = 0; loop < 2 * MAX_UNBIND_POLL_TIME_IN_S; usleep(500000), loop++) {
+ rc = util_file_read_line(buf, sizeof(buf), attr);
+ if (rc)
+ errx(EXIT_FAILURE, "Error - Failure reading from %s (errno '%s').",
+ attr, strerror(errno));
+ if (!strcmp(buf, "unbound"))
+ break;
+ }
+ if (loop >= 2 * MAX_UNBIND_POLL_TIME_IN_S)
+ errx(EXIT_FAILURE,
+ "Error - Failure unbinding queue device %s (timeout after %d s).",
+ dev, MAX_UNBIND_POLL_TIME_IN_S);
+
+ verbose("Queue device %s successful unbound.\n", dev);
+
+ free(dev_path);
+ free(attr);
+}
+
/*
* Print invalid commandline error message and then exit with error code
*/
@@ -389,10 +594,10 @@ static void print_adapter_id_help(void)
printf("DEVICE_IDS\n");
printf(" List of cryptographic device ids separated by blanks which will be set\n");
printf(" online/offline. Must be used in conjunction with the enable or disable option.\n");
-
printf(" DEVICE_ID could either be card device id ('<card-id>') or queue device id\n");
- printf(" '<card-id>.<domain-id>').\n");
- printf(" \n");
+ printf(" '<card-id>.<domain-id>').\n\n");
+ printf("QUEUE_DEVICE:\n");
+ printf(" An APQN queue device given as xy.abcd as it is listed by lszcrypt -V.\n\n");
printf("EXAMPLE:\n");
printf(" Disable the cryptographic device with card id '02' (inclusive all queues).\n");
printf(" #>chzcrypt -d 02\n");
@@ -407,13 +612,14 @@ static void print_adapter_id_help(void)
*/
int main(int argc, char *argv[])
{
+ const char *default_domain = NULL, *config = NULL, *config_text = NULL;
const char *online = NULL, *online_text = NULL, *poll_thread = NULL;
const char *config_time = NULL, *poll_timeout = NULL;
- const char *default_domain = NULL, *config = NULL, *config_text = NULL;
+ const char *queue_device = NULL, *assoc_idx = NULL;
+ int c, i, j, action = 0;
char *path, *dev_list;
- bool all = false, actionset = false;
+ bool all = false;
size_t len;
- int c, i, j;
for (i=0; i < argc; i++)
for (j=2; j < (int) strlen(argv[i]); j++)
@@ -428,12 +634,12 @@ int main(int argc, char *argv[])
break;
switch (c) {
case 'e':
- actionset = true;
+ action = c;
online = "1";
online_text = "online";
break;
case 'd':
- actionset = true;
+ action = c;
online = "0";
online_text = "offline";
break;
@@ -441,23 +647,23 @@ int main(int argc, char *argv[])
all = true;
break;
case 'p':
- actionset = true;
+ action = c;
poll_thread = "1";
break;
case 'n':
- actionset = true;
+ action = c;
poll_thread = "0";
break;
case 'c':
- actionset = true;
+ action = c;
config_time = optarg;
break;
case 't':
- actionset = true;
+ action = c;
poll_timeout = optarg;
break;
case 'q':
- actionset = true;
+ action = c;
default_domain = optarg;
break;
case 'V':
@@ -472,21 +678,31 @@ int main(int argc, char *argv[])
util_prg_print_version();
return EXIT_SUCCESS;
case OPT_CONFIG_ON:
- actionset = true;
+ action = c;
config = "1";
config_text = "config on";
break;
case OPT_CONFIG_OFF:
- actionset = true;
+ action = c;
config = "0";
config_text = "config off";
break;
+ case OPT_SE_ASSOC:
+ action = c;
+ assoc_idx = optarg;
+ break;
+ case OPT_SE_BIND:
+ action = c;
+ break;
+ case OPT_SE_UNBIND:
+ action = c;
+ break;
default:
util_opt_print_parse_error(c, argv);
return EXIT_FAILURE;
}
}
- if (!actionset)
+ if (!action)
invalid_cmdline_exit("Error - missing argument.\n");
path = util_path_sysfs("bus/ap");
if (!util_path_is_dir(path))
@@ -508,6 +724,32 @@ int main(int argc, char *argv[])
default_domain_set(default_domain);
return EXIT_SUCCESS;
}
+
+ if (action == OPT_SE_ASSOC) {
+ if (optind >= argc)
+ errx(EXIT_FAILURE,
+ "Error - The --se-associate needs a queue device given.");
+ queue_device = argv[optind];
+ se_assoc(assoc_idx, queue_device);
+ return EXIT_SUCCESS;
+ }
+ if (action == OPT_SE_BIND) {
+ if (optind >= argc)
+ errx(EXIT_FAILURE,
+ "Error - The --se-bind needs a queue device given.");
+ queue_device = argv[optind];
+ se_bind(queue_device);
+ return EXIT_SUCCESS;
+ }
+ if (action == OPT_SE_UNBIND) {
+ if (optind >= argc)
+ errx(EXIT_FAILURE,
+ "Error - The --se-unbind needs a queue device given.");
+ queue_device = argv[optind];
+ se_unbind(queue_device);
+ return EXIT_SUCCESS;
+ }
+
if (all)
dev_list_all(&dev_list, &len);
else
--
2.41.0
From 8212d3474c84309adb5955dcc3820a375f76c7ad Mon Sep 17 00:00:00 2001
From: Steffen Maier <maier@linux.ibm.com>
Date: Tue, 1 Aug 2023 18:58:45 +0200
Subject: [PATCH 4/4] zdev/dracut: fix kdump build to integrate with site
support (#2229178)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This complements v2.27.0 commit 73c46a30563d ("zdev/dracut: fix kdump by
only activating required devices"). On older distributions, the absence of
zdev_id can cause the following harmless error messages for each udev
event:
(spawn)[387]: failed to execute '/lib/s390-tools/zdev_id' \
'/lib/s390-tools/zdev_id': No such file or directory
Kdump is still functional nonetheless.
As of v2.24.0 commit 2e89722ef0ec ("zdev: make site specific udev-rule for
ccw"), the invocations of chzdev within
zdev/dracut/95zdev-kdump/module-setup.sh generate
/etc/udev/rules.d/40-zdev-id.rules. And so even though zdev-kdump
intentionally does not install zdev_id and its previous singular user
zdev/udev/81-dpm.rules into the kdump initrd, because DPM device auto
configuration is not desired in the kdump environment, zdev_id meanwhile
has an additional functionality for site-support and the generated
40-zdev-id.rules calls /lib/s390-tools/zdev_id. By installing zdev_id into
the kdump initrd, 40-zdev-id.rules can work without error.
Fixes: 73c46a30563d ("zdev/dracut: fix kdump by only activating required devices")
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Reviewed-by: Vineeth Vijayan <vneethv@linux.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
(cherry picked from commit 4b486e87cc2875f532784bd69ee680e714508059)
---
zdev/dracut/95zdev-kdump/module-setup.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/zdev/dracut/95zdev-kdump/module-setup.sh b/zdev/dracut/95zdev-kdump/module-setup.sh
index ad8e309..4ce2fc6 100755
--- a/zdev/dracut/95zdev-kdump/module-setup.sh
+++ b/zdev/dracut/95zdev-kdump/module-setup.sh
@@ -46,6 +46,10 @@ installkernel() {
install() {
local _tempfile
+ # zdev_id is not functionally required for kdump but optionally
+ # installing avoids error messages from zdev site udev rule processing
+ inst_multiple -o /lib/s390-tools/zdev_id
+
# Obtain kdump target device configuration
_tempfile=$(mktemp --tmpdir dracut-zdev.XXXXXX)
--
2.41.0