[PATCH v1 20/20] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Harald Freudenberger <freude@linux.ibm.com>
To: dengler@linux.ibm.com, ifranzki@linux.ibm.com, fcallies@linux.ibm.com
Cc: linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: [PATCH v1 20/20] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API
Date: Sun, 23 Feb 2025 10:54:59 +0100	[thread overview]
Message-ID: <20250223095459.43058-21-freude@linux.ibm.com> (raw)
In-Reply-To: <20250223095459.43058-1-freude@linux.ibm.com>

Add a new parameter xflags to the in-kernel API function
pkey_key2protkey(). Currently there is only one flag supported:

  * PKEY_XFLAG_NOMEMALLOC - If this flag is given in the xflags
    parameter, the pkey implementation is not allowed to allocate
    memory but instead should fail with -ENOMEM. This flag is for
    protected key derive within a cipher or similar which must not
    allocate memory - see also the CRYPTO_ALG_ALLOCATES_MEMORY
    flag in crypto.h.

The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
---
 arch/s390/crypto/paes_s390.c     |  2 +-
 arch/s390/include/asm/pkey.h     | 13 ++++++++++++-
 drivers/s390/crypto/pkey_api.c   |  3 +--
 drivers/s390/crypto/zcrypt_api.h | 10 +++++++---
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 511093713a6f..646cbbf0678d 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -189,7 +189,7 @@ static inline int __paes_keyblob2pkey(const u8 *key, unsigned int keylen,
 				return -EINTR;
 		}
 		rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len,
-				      &pk->type);
+				      &pk->type, PKEY_XFLAG_NOMEMALLOC);
 	}
 
 	return rc;
diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h
index 5dca1a46a9f6..2bd344cbc2ec 100644
--- a/arch/s390/include/asm/pkey.h
+++ b/arch/s390/include/asm/pkey.h
@@ -20,9 +20,20 @@
  * @param key pointer to a buffer containing the key blob
  * @param keylen size of the key blob in bytes
  * @param protkey pointer to buffer receiving the protected key
+ * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below)
  * @return 0 on success, negative errno value on failure
  */
 int pkey_key2protkey(const u8 *key, u32 keylen,
-		     u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+		     u8 *protkey, u32 *protkeylen, u32 *protkeytype,
+		     u32 xflags);
+
+/*
+ * If this flag is given in the xflags parameter, the pkey implementation
+ * is not allowed to allocate memory but instead should fail with -ENOMEM.
+ * This flag is for protected key derive within a cipher or similar
+ * which must not allocate memory - see also the CRYPTO_ALG_ALLOCATES_MEMORY
+ * flag in crypto.h.
+ */
+#define PKEY_XFLAG_NOMEMALLOC 0x0001
 
 #endif /* _KAPI_PKEY_H */
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 55a4e70b866b..cef60770f68b 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -53,10 +53,9 @@ static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
  * In-Kernel function: Transform a key blob (of any type) into a protected key
  */
 int pkey_key2protkey(const u8 *key, u32 keylen,
-		     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+		     u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags)
 {
 	int rc;
-	const u32 xflags = 0;
 
 	rc = key2protkey(NULL, 0, key, keylen,
 			 protkey, protkeylen, protkeytype, xflags);
diff --git a/drivers/s390/crypto/zcrypt_api.h b/drivers/s390/crypto/zcrypt_api.h
index 92027304f0d8..f6d84751631f 100644
--- a/drivers/s390/crypto/zcrypt_api.h
+++ b/drivers/s390/crypto/zcrypt_api.h
@@ -16,6 +16,7 @@
 
 #include <linux/atomic.h>
 #include <asm/debug.h>
+#include <asm/pkey.h>
 #include <asm/zcrypt.h>
 #include "ap_bus.h"
 
@@ -79,10 +80,13 @@ struct zcrypt_track {
 /*
  * Do not allocate memory xflag. To be used with
  * zcrypt_send_cprb() and zcrypt_send_ep11_cprb().
- * Currently only available and used for the in-kernel
- * zcrpyt api.
+ * But also used within the cca and ep11 misc functions
+ * and the pkey layer exposes this as a PKEY_XFLAG_
+ * via the in-kernel-api for protected key support.
+ * ZCRYPT_XFLAG_NOMEMALLOC and PKEY_XFLAG_NOMEMALLOC
+ * should have same value to avoid unnecessary conversions.
  */
-#define ZCRYPT_XFLAG_NOMEMALLOC 0x0001
+#define ZCRYPT_XFLAG_NOMEMALLOC PKEY_XFLAG_NOMEMALLOC
 
 struct zcrypt_ops {
 	long (*rsa_modexpo)(struct zcrypt_queue *, struct ica_rsa_modexpo *,
-- 
2.43.0

     prev parent reply	other threads:[~2025-02-23  9:55 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-23  9:54 [PATCH v1 00/20] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 01/20] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-02-24 15:23   ` Holger Dengler
2025-02-25  7:39     ` Holger Dengler
2025-02-25  8:56     ` Harald Freudenberger
2025-02-25  9:22       ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 02/20] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-02-25  8:12   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 03/20] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-02-25 13:52   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 04/20] s390/zcrypt: Rework zcrypt layer to support new flag NOMEMALLOC Harald Freudenberger
2025-02-27  8:21   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 05/20] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-03-03  8:07   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 06/20] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-03-03  8:29   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 07/20] s390/zcrypt: New zcrypt function zcrypt_device_status_mask_ext2 Harald Freudenberger
2025-02-27 11:34   ` Holger Dengler
2025-02-23  9:54 ` [PATCH v1 08/20] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 09/20] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 10/20] s390/zcrypt/pkey: Rework cca findcard() implementation and callers Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 11/20] s390/zcrypt/pkey: Rework ep11 " Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 12/20] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 13/20] s390/zcrypt: Add small mempool for cca info list entries Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 14/20] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 15/20] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 16/20] s390/zcrypt: Add small mempool for ep11 card info list entries Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 17/20] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 18/20] s390/pkey: Rework EP11 " Harald Freudenberger
2025-02-23  9:54 ` [PATCH v1 19/20] s390/zcrypt/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-02-23  9:54 ` Harald Freudenberger [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:511093713a6 dfblob:646cbbf0678 dfblob:5dca1a46a9f
dfblob:2bd344cbc2e dfblob:55a4e70b866 dfblob:cef60770f68
dfblob:92027304f0d dfblob:f6d84751631 )
 OR (
bs:"[PATCH v1 20/20] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250223095459.43058-21-freude@linux.ibm.com \
    --to=freude@linux.ibm.com \
    --cc=dengler@linux.ibm.com \
    --cc=fcallies@linux.ibm.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=ifranzki@linux.ibm.com \
    --cc=linux-s390@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.