Distribution hints


The "Development Stream" pages will be updated occasionally with descriptions of features already integrated into upstream kernel and also patches with descriptions for functionality soon to be submitted for upstream integration.

The contributions from the Linux on z Systems development team to Linux on z Systems distribution releases (mostly retrofits from the "Development Stream") will be documented on these "Distribution Hints" pages shortly after the distribution release are generally available. Besides documenting bugfixes, the focus for these hints will be on mapping the new features in the distributions against the "Development Stream" documentation.

Please refer to Distribution hints for z13 for detailed information about prerequisites and support for z13 in current Linux on System z distributions.

Please refer to IBM Linux on z Systems - Tested Platforms to see the IBM support for your distribution.

Important Information for current Distributions (dated 2015-04-24)

On IBM z Systems z196, z114, and earlier machines, a problem might occur when using the cryptographic device driver on the following Linux Kernel releases:

  • SLES11 SP3 (kernel 3.0.101-42-1)
  • SLES12 (kernel 3.12.32-33.1)
  • Red Hat Enterprise Linux 6 Update 6 (kernel 2.6.32-504-3.3 and 2.6.32-504.8.1)
The generic lookup of a valid domain does not work as expected and might causes a kernel oops. The circumvention as described below should be implemented to avoid this problem.

The following Linux Kernel updates have been released to address the issue:

  • SLES12 (kernel 3.12.36-38.1 and later)
  • SLES11 SP3 (kernel 3.0.101- and later)
  • RHEL6.6 (kernel 2.6.32-504.16.2.el6)

To circumvent this issue, load the z90crypt module, specifying a domain parameter in the range 0 - 15. There are two possible scenarios:

  1. Running Linux on IBM z Systems in an LPAR:
    1. Check for the domain that is assigned to the cryptographic adapter of the LPAR based on the crypto configuration on the Support Element.
    2. Load the z90crypt module by using the domain parameter:
      #> modprobe z90crypt domain=<domain>
  2. Running Linux on z Systems on z/VM:
    1. On the z/VM guest, query for the crypto devices and note the assigned domain:
      #q v crypto

      As an alternative, start the Linux guest, load the vmcp module, and query for the crypto devices:
      #> modprobe vmcp

      #> vmcp "q v crypto"
    2. Load the z90crypt module by using the domain parameter:
      #> modprobe z90crypt domain=<domain>

If there are multiple cryptographic adapters defined, chose one of the domains available on all adapters, because the z90crypt device driver can only make use of one domain.

Note: When using cryptographic adapters on an LPAR, or when using dedicated cryptographic adapters on z/VM, the domain can also be made persistent. To make the domain persistent, create a file, for example /etc/modprobe.d/z90crypt.conf with the following content:

options z90crypt domain=<domain>

This triggers the kernel module to use the specified domain when using 'modprobe z90crypt'.

The steps above describe a temporary workaround. To obtain the kernel fix, contact your service provider.

Hints for SUSE distributions

SUSE Linux Enterprise Server 15

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Server 11 SP1

SUSE Linux Enterprise Server 11

SUSE Linux Enterprise Server 10

SUSE Linux Enterprise Server 9

Hints for Red Hat distributions

Red Hat Enterprise Linux 7.5

Red Hat Enterprise Linux 7.4

Red Hat Enterprise Linux 7.2

Red Hat Enterprise Linux 7.1

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 6.4

Red Hat Enterprise Linux 6.3

Red Hat Enterprise Linux 6.2

Red Hat Enterprise Linux 6.1

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 5

Red Hat Enterprise Linux 4

Hints for Canonical distributions (Ubuntu)

Ubuntu Server 16.04 LTS