Linux kernel 5.11 (available here) has been released. Here are the highlights from a Linux on Z perspective:
- zcrypt: Applications that use crypto adapters in the early boot phase (e.g. protected key dm-crypt) may occasionally detect that the crypto devices are not (yet?) ready for use which may result in unexpected error situations. So far, the Linux kernel did not indicate when AP bus scanning was complete and all crypto devices online.
With the new feature, the kernel sends uevents to indicate that the AP bus scan is complete and that the bindings are complete. In addition, two new sysfs attributes are introduced that indicate the completion of the AP bus scan and the progress in device bindings. These mechanisms allow applications (or udev rules) to delay the use of crypto devices until they initialization is complete.
- SMC-R Link Group Support: Kernel-side support for monitoring link groups. Requires smc-tools v1.4 for userspace-side exploitation.
In particular, state and protection against failures on a per-link basis are available, so that administrators can identify critical infrastructure and act accordingly.
$ smcr device show all
Net-Dev IB-Dev IB-P IB-State Type Crit #Links PNET-ID
ens281 mlx4_0 1 ACTIVE RoCE_EXPRESS No 1 NET1
ens281d1 mlx4_0 2 INACTIVE RoCE_EXPRESS No 1 NET2
Also provides insights into link groups (further details available with option --detail):
$ smcr linkgroup link-show all
LG-ID LG-Role LG-Type Net-Dev Link-State #Conns
00000100 CLNT SYM ens281 LINK_ACTIVE 1
00000100 CLNT SYM enP1s282 LINK_ACTIVE 0
- Fibre Channel Endpoint Security capability: Exposes the Fibre Channel Endpoint Security (FCES) for DASDs via the sysfs filesystem.
$ cat /sys/bus/ccw/devices/0.0.c600/fc_security
Further integrated in lsdasd and lszdev commands. See the following output for further details:
$ chzdev dasd --help-attribute fc_security
This read-only attribute shows the Fibre Channel Endpoint Security
status of the connection to the
Unsupported : The DASD device does not support Fibre Channel
Inconsistent : The operational channel paths of the DASD device
report inconsistent Fibre Channel Endpoint
Authentication: The connection has been
Encryption : The connection is encrypted
Post a Comment