New Release: Linux Kernel 5.11

Linux kernel 5.11 (available here) has been released. Here are the highlights from a Linux on Z perspective:

  • Crypto  
    • zcrypt: Applications that use crypto adapters in the early boot phase (e.g. protected key dm-crypt) may occasionally detect that the crypto devices are not (yet?) ready for use which may result in unexpected error situations. So far, the Linux kernel did not indicate when AP bus scanning was complete and all crypto devices online.
      With the new feature, the kernel sends uevents to indicate that the AP bus scan is complete and that the bindings are complete. In addition, two new sysfs attributes are introduced that indicate the completion of the AP bus scan and the progress in device bindings. These mechanisms allow applications (or udev rules) to delay the use of crypto devices until they initialization is complete.
  • Networking
    • SMC-R Link Group Support: Kernel-side support for monitoring link groups. Requires smc-tools v1.4 for userspace-side exploitation.
      In particular, state and protection against failures on a per-link basis are available, so that administrators can identify critical infrastructure and act accordingly.
        $ smcr device show all
        Net-Dev   IB-Dev  IB-P  IB-State  Type          Crit  #Links  PNET-ID
        ens281    mlx4_0  1       ACTIVE  RoCE_EXPRESS  No    1       NET1
        ens281d1  mlx4_0  2     INACTIVE  RoCE
      _EXPRESS  No    1       NET2
      Also provides insights into link groups (further details available with option --detail):
        $ smcr linkgroup link-show all
        LG-ID     LG-Role  LG-Type  Net-Dev   Link-State   #Conns
        00000100  CLNT     SYM      ens281    LINK_ACTIVE  1
        00000100  CLNT     SYM      enP1s282  LINK_ACTIVE  0

  • Storage
    • Fibre Channel Endpoint Security capability: Exposes the Fibre Channel Endpoint Security (FCES) for DASDs via the sysfs filesystem.
        $ cat /sys/bus/ccw/devices/0.0.c600/fc_security
        Encryption

      Further integrated in lsdasd and lszdev commands. See the following output for further details:
        $ chzdev dasd --help-attribute fc_security
        ATTRIBUTE fc_security
        DESCRIPTION
        This read-only attribute shows the Fibre Channel Endpoint Security 
        status of the connection to the
        DASD device:
          Unsupported :   The DASD device does not support Fibre Channel
                          Endpoint Security
          Inconsistent :  The operational channel paths of the DASD device
                          report inconsistent Fibre Channel Endpoint
                          Security status
          Authentication: The connection has been
                          authenticated
          Encryption :    The connection is encrypted

No comments:

Post a Comment

Popular Posts