Public bug reported:
Description: kernel: Fix wrong dispatching for control domain CPRBs
Symptom: Unable to maintain control-only crypto domains
Problem: LPARs may have control-only crypto domains assigned.
Such a domain can be controlled (for example master keys can
be set) but can't be used for regualar crypto load (usage).
A crypto domain may be assigned for control-and-usage to
only one active LPAR. But the very same domain may be
assigned for control-only to one or more other LPARs.
However, trying to communicate in any way with a
control-only crypto domain did not work. So a simple query
for the state of the master keys on a control-only domain
failed and the TKE does not even show this domain. Even
worse, when the lowest domain (in a numerically sense) is a
control-only domain, the TKE does not even see the crypto
cards at all.
Solution: This fix introduces some code which checks if an CCA CPRB is
addressing a control-only domain. If that's the case and
there is a default control-and-usage domain available the
CPRB is send to this other domain instead. The target domain
field within the CPRB is untouched and the crypto card
firmware code detects this working-as-designed mismatch and
does the right job and addresses the control domain.
Reproduction: 1. Add a control-only domain to the crypto configuration of
an LPAR and re-activate the LPAR.
2. Connect the TKE the LPAR and try to visit the master key
verification patterns of this control-only domain.
3. Will fail without the fix, will succeed with the fix.
Component: kernel
Upstream-ID: 7379e652797c0b9b5f6caea1576f2dff9ce6a708
This fix is requested for 19.10 but should also be applied to 18.04 and
19.04
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-178125 severity-high
targetmilestone-inin1910
** Tags added: architecture-s39064 bugnameltc-178125 severity-high
targetmilestone-inin1910
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832624
Title:
[UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832624/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
