smc-tools v1.2.2 is now available for download here.
For more information on the changes, see the included README.
New Release: Ubuntu 19.10
Ubuntu Server 19.10 is out!
It ships
- Linux kernel 5.3: Supports IBM z15, including hardware compression as detailed here.
- gcc 9.2.1, including support for z15
- llvm 9.0: See details on z15 support here.
HOWTO: Exploiting Hardware Compression in zlib with IBM z15
This blog posting details how to take advantage of the hardware compression feature in z15 with zlib in Linux distributions.
The following build instructions have been tested on RHEL 7.7 and SLES 12 SP4. However, they can be easily adopted to other Linux distributions or levels as well. Ubuntu 19.10 includes support out of the box.
The following build instructions have been tested on RHEL 7.7 and SLES 12 SP4. However, they can be easily adopted to other Linux distributions or levels as well. Ubuntu 19.10 includes support out of the box.
- Install build requirements:
RHEL 7.7:
sudo yum install git autoconf automake libtool cpp gcc \
glibc-devel glibc-headers kernel-headers libgomp \
libmpc m4 mpfr perl-Test-Harness perl-Thread-Queue python
SLES 12 SP4:
sudo zypper install git-core autoconf automake libltdl7 \
libtool python gcc - Validate current compression performance by running a typical python compression test:
time python -c 'import gzip
gzip.open("test.gz","wb",compresslevel=6). \
write(b"abcdefghijklmnopqrstuvwxyz" * 50000000)' - Clone the IBM zlib fork which already contains the required patch:
git clone https://github.com/iii-i/zlib.git --branch dfltcc \
--single-branch
cd zlib - Configure with the proper build flags to enable hardware compression support. You can specify options to determine at which compression levels hardware compression should be used. This can also be overriden at runtime using the DFLTCC_LEVEL_MASK environment variable.
CFLAGS="-O2 -DDFLTCC -DDFLTCC_LEVEL_MASK=0x7e" ./configure \
--libdir=/usr/local/lib64
The DFLTCC_LEVEL_MASK macro at configuration time as well as the environment variable at runtime are expected to contain bitmasks with ones enabling hardware compression for a particular level. A value of 0x7e (0...01111110) enables hardware compression for levels 1-6 out of 0-9. Note that the hardware compression algorithm will not distinguish between compression levels for which it is enabled - it will always produce compression ratios similar to software compression at level 1.
We build with compiler optimization level -O2 to be comparable to the regular Linux distribution builds. Performance enthusiasts might want to bump this to -O3 here.
The --libdir setting is required to make the library be installed into the lib64 sub directory instead of just lib after installation. - During the build step (using the make command) the additional files need to be pulled in. So build with:
make OBJA=dfltcc.o PIC_OBJA=dfltcc.lo - Install as usual:
sudo make install - (RHEL only): Enable shared libraries to be searched for in /usr/local/lib64
sudo sh -c 'echo /usr/local/lib64 > /etc/ld.so.conf.d \
/usrlocal.conf'
sudo ldconfig - Verify that existing binaries linked against zlib have the dynamic linker now resolve to our new version of the zlib library (located in /usr/local/lib64 instead of /usr/lib64):
ldd $(which git) | grep libz
libz.so.1 => /usr/local/lib64/libz.so.1 (0x000003ff99900000) - Validate the improved compression performance by re-running the test from step 2.
time python -c 'import gzip; gzip.open("test.gz", "wb", \
compresslevel=6).write(b"abcdefghijklmnopqrstuvwxyz" * \
50000000)'
The new time should be about a fifth of the old value. (We do not reach top-speed here since Python calls into zlib with small buffer sizes)
New Release: Linux Kernel 5.3
Linux kernel 5.3 (available here) has been released. Here are the highlights from a Linux on Z perspective:
- Secure Boot for SCSI IPL
Ensure that only signed code is loaded during IPL. Check
/sys/firmware/ipl/has_secure whether support is available, and
/sys/firmware/ipl/secure whether the Linux instance was booted securely.
Use new zipl option secure to enable. Requires additional configuration on HMC/SE load panel. - Thin provisioning Base Support for DASD
With DASD devices configured for thin provisioning on the storage server, not all disk space is allocated in the storage server when the disk is empty - disk space gets allocated only if in use.
Use dasdfmt -M quick or dasdfmt --mode quick to format the first two tracks only, speeding up the formatting process significantly. - CPU-MF Counters for IBM z15
Adds Measurement Facility (MF) counters for ECC. Access using lscpumf command:
$ lscpumf -c|fgrep ECC_
r50 ECC_FUNCTION_COUNT
r51 ECC_CYCLES_COUNT
r52 ECC_BLOCKED_FUNCTION_COUNT
r53 ECC_BLOCKED_CYCLES_COUNT - Crypto Passthrough Interrupt Support
Receive crypto adapter interrupts in KVM guests immediately, improving performance.
Webinar: Crypto for Virtual Servers and Containers, October 9
Abstract
Efficiently hosting multiple workloads is one of the top reasons to run Linux on IBM Z and LinuxONE. The hosting infrastructure may be a hypervisor (z/VM or KVM) or a host running containers (Docker). This presentation describes how to use IBM Z hardware crypto in virtual servers and containers and how crypto operations can be isolated if different workloads are run by different tenants.
Speaker
Dr. Reinhard Buendgen, Product Owner Security Linux on IBM Z.
Registration
Register here. You can check the system requirements here.
After registering, you will receive a confirmation email containing information about joining the webinar.
Replay & Archive
All sessions are recorded. For the archive as well as a replay and handout of this session and all previous webcasts see here.
Efficiently hosting multiple workloads is one of the top reasons to run Linux on IBM Z and LinuxONE. The hosting infrastructure may be a hypervisor (z/VM or KVM) or a host running containers (Docker). This presentation describes how to use IBM Z hardware crypto in virtual servers and containers and how crypto operations can be isolated if different workloads are run by different tenants.
Speaker
Dr. Reinhard Buendgen, Product Owner Security Linux on IBM Z.
Registration
Register here. You can check the system requirements here.
After registering, you will receive a confirmation email containing information about joining the webinar.
Replay & Archive
All sessions are recorded. For the archive as well as a replay and handout of this session and all previous webcasts see here.
Subscribe to:
Posts (Atom)
Popular Posts
-
Thanks to a joined effort of IBM, RedHat, Microsoft, and Sine Nomine Associates, as well as the .NET and Mono open source communities, .NET ...
-
This blog posting details how to take advantage of the hardware compression feature in z15 with zlib in Linux distributions. The following...
-
Secure Boot is a feature of a system bootloader that is intended to restrict a system to only boot trustworthy operating systems. In the cas...