From: Holger Dengler <dengler@linux.ibm.com>
To: Harald Freudenberger <freude@linux.ibm.com>,
ifranzki@linux.ibm.com, fcallies@linux.ibm.com,
hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com,
seiden@linux.ibm.com, borntraeger@linux.ibm.com,
frankja@linux.ibm.com, imbrenda@linux.ibm.com
Cc: linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: Re: [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions
Date: Fri, 11 Apr 2025 14:40:51 +0200 [thread overview]
Message-ID: <53b1ca15-e679-4e62-bf3e-50ff2b62d484@linux.ibm.com> (raw)
In-Reply-To: <20250409140305.58900-7-freude@linux.ibm.com>
On 09/04/2025 16:02, Harald Freudenberger wrote:
> Introduce a new module parameter "zcrypt_mempool_threshold"
> for the zcrypt module. This parameter controls the minimal
> amount of mempool items which are pre-allocated for urgent
> requests/replies and will be used with the support for the
> new xflag ZCRYPT_XFLAG_NOMEMALLOC. The default value of 5
> shall provide enough memory items to support up to 5 requests
> (and their associated reply) in parallel. The minimum value
> is 1 and is checked and maybe adjusted in the module init().
>
> If the mempool is depleted upon one cca misc functions is called
> with the named xflag set, the function will fail with -ENOMEM
> and the caller is responsible for taking further actions.
>
> For CCA each mempool item is 16KB, as a CCA CPRB needs to
> hold the request and the reply. The pool items only support
> requests/replies with a limit of about 8KB.
> So by default the CCA mempool consumes
> 5 * 16KB = 80KB
>
> This is only part of an rework to support a new xflag
> ZCRYPT_XFLAG_NOMEMALLOC but not yet complete.
>
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
See my comment below. With these fixed you can keep my R-b.
> ---
> drivers/s390/crypto/zcrypt_api.c | 16 +++-
> drivers/s390/crypto/zcrypt_api.h | 2 +
> drivers/s390/crypto/zcrypt_ccamisc.c | 116 ++++++++++++++++++++-------
> drivers/s390/crypto/zcrypt_ccamisc.h | 1 +
> 4 files changed, 104 insertions(+), 31 deletions(-)
>
> diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
> index f753c0403a18..888ab289bd10 100644
> --- a/drivers/s390/crypto/zcrypt_api.c
> +++ b/drivers/s390/crypto/zcrypt_api.c
> @@ -50,6 +50,10 @@ MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \
> "Copyright IBM Corp. 2001, 2012");
> MODULE_LICENSE("GPL");
>
> +unsigned int zcrypt_mempool_threshold = 5;
> +module_param_named(mempool_threshold, zcrypt_mempool_threshold, uint, 0440);
> +MODULE_PARM_DESC(mempool_threshold, "CCA and EP11 request/reply mempool minimal items.");
Maybe you can mention the minimum value here as well?
"CCA and EP11 request/reply mempool minimal items (min: 1)."
> +
> /*
> * zcrypt tracepoint functions
> */
> @@ -2147,13 +2151,20 @@ int __init zcrypt_api_init(void)
> {
> int rc;
>
> + /* make sure the mempool threshold is >= 1 */
> + zcrypt_mempool_threshold = max_t(unsigned int, zcrypt_mempool_threshold, 1);
> +
BTW: As far as I can see, mempool allows 0 as minimal preallocated elements. The result will be a mempool without any pre-allocated elements. This means, no NOMEMALLOC request could be processed. This is sad, but it is not really an error.
Anyhow, if you would limit the mempool to at least 1 element, a threshold value < 1 is an error and should be treated as such. So, do not silently fix the value, but printout an error message and return with -EINVAL here.
> rc = zcrypt_debug_init();
> if (rc)
> goto out;
>
> rc = zcdn_init();
> if (rc)
> - goto out;
> + goto out_zcdn_init_failed;
> +
> + rc = zcrypt_ccamisc_init();
> + if (rc)
> + goto out_ccamisc_init_failed;
>
> /* Register the request sprayer. */
> rc = misc_register(&zcrypt_misc_device);
[...]
> diff --git a/drivers/s390/crypto/zcrypt_api.h b/drivers/s390/crypto/zcrypt_api.h
> index 94dffb01942f..84d636fd14a4 100644
> --- a/drivers/s390/crypto/zcrypt_api.h
> +++ b/drivers/s390/crypto/zcrypt_api.h
[...]
> diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
> index 521baaea06ff..05085b40a55c 100644
> --- a/drivers/s390/crypto/zcrypt_ccamisc.c
> +++ b/drivers/s390/crypto/zcrypt_ccamisc.c
[...]
> @@ -229,7 +241,16 @@ static int alloc_and_prep_cprbmem(size_t paramblen,
> * allocate consecutive memory for request CPRB, request param
> * block, reply CPRB and reply param block
> */
> - cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
> + if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
> + size_t len = 2 * cprbplusparamblen;
> +
> + if (cprb_mempool && len <= CPRB_MEMPOOL_ITEM_SIZE) {
Remove the check for cprb_mempool != NULL. This case can never happen.
> + cprbmem = mempool_alloc_preallocated(cprb_mempool);
> + memset(cprbmem, 0, len);
Check for cprbmem != NULL before memset(), or move the memset() down.
> + }
> + } else {
> + cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
Use kmalloc here and ...
> + }
> if (!cprbmem)
> return -ENOMEM;
... wait until cprbmem is always valid and do the memset() here.
if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
size_t len = 2 * cprbplusparamblen;
if (len <= CPRB_MEMPOOL_ITEM_SIZE)
cprbmem = mempool_alloc_preallocated(cprb_mempool);
} else {
cprbmem = kmalloc(2 * cprbplusparamblen, GFP_KERNEL);
}
if (!cprbmem)
return -ENOMEM;
memset(cprbmem, 0, len);
[...]
--
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
dengler@linux.ibm.com
next prev parent reply other threads:[~2025-04-11 12:41 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 14:02 [PATCH v4 00/24] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 01/24] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 02/24] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 03/24] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 04/24] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-09 16:19 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 05/24] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-09 16:25 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-11 12:40 ` Holger Dengler [this message]
2025-04-14 14:17 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 07/24] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-11 12:58 ` Holger Dengler
2025-04-14 14:21 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 08/24] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 09/24] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-11 13:06 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 10/24] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-11 13:08 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 11/24] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-11 13:10 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 12/24] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-11 13:25 ` Holger Dengler
2025-04-14 14:39 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 13/24] s390/zcrypt/pkey: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-11 14:16 ` Holger Dengler
2025-04-14 14:41 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 14/24] s390/zcrypt/pkey: Rework ep11 " Harald Freudenberger
2025-04-11 14:18 ` Holger Dengler
2025-04-14 14:42 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 15/24] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 16/24] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-11 14:25 ` Holger Dengler
2025-04-14 14:48 ` Harald Freudenberger
2025-04-14 15:04 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 17/24] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 18/24] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 19/24] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 20/24] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 21/24] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-11 14:53 ` Holger Dengler
2025-04-14 8:08 ` Steffen Eiden
2025-04-14 15:15 ` Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 22/24] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-11 15:24 ` Holger Dengler
2025-04-14 8:02 ` Steffen Eiden
2025-04-09 14:03 ` [PATCH v4 23/24] s390/zcrypt/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-11 14:36 ` Holger Dengler
2025-04-09 14:03 ` [PATCH v4 24/24] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API Harald Freudenberger
2025-04-14 13:34 ` Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53b1ca15-e679-4e62-bf3e-50ff2b62d484@linux.ibm.com \
--to=dengler@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.