Re: [PATCH v4 2/3] s390/crypto: Rework protected key AES for true asynch support

[Holger Dengler <dengler@linux.ibm.com>]

On 09/05/2025 12:24, Harald Freudenberger wrote:
> This is a complete rework of the protected key AES (PAES) implementation.
> The goal of this rework is to implement the 4 modes (ecb, cbc, ctr, xts)
> in a real asynchronous fashion:
> - init(), exit() and setkey() are synchronous and don't allocate any memory.

Please wrap this line (checkpatch complains, it's too long).

> - the encrypt/decrypt functions first try to do the job in a synchronous
>   manner. If this fails, for example the protected key got invalid caused
>   by a guest suspend/resume or guest migration action, the encrypt/decrypt
>   is transferred to an instance of the crypto engine (see below) for
>   asynchronous processing.
>   These postponed requests are then handled by the crypto engine by
>   invoking the do_one_request() callback but may of course again run into
>   a still not converted key or the key is getting invalid. If the key is
>   still not converted, the first thread does the conversion and updates
>   the key status in the transformation context. The conversion is
>   invoked via pkey API with a new flag PKEY_XFLAG_NOMEMALLOC.
>   Note that once there is an active requests enqueued to get async
>   processed via crypto engine, further requests also need to go via
>   crypto engine to keep the request sequence.
> 
> This patch together with the pkey/zcrypt/AP extensions to support
> the new PKEY_XFLAG_NOMEMMALOC should toughen the paes crypto algorithms
> to truly meet the requirements for in-kernel skcipher implementations
> and the usage patterns for the dm-crypt and dm-integrity layers.
> 
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>

With the line wrap and the typos fixed
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>

> ---
>  arch/s390/crypto/paes_s390.c | 1812 ++++++++++++++++++++++++----------
>  1 file changed, 1270 insertions(+), 542 deletions(-)
> 
> diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
> index 1f62a9460405..596698ce7084 100644
> --- a/arch/s390/crypto/paes_s390.c
> +++ b/arch/s390/crypto/paes_s390.c
[...]
> @@ -89,214 +129,367 @@ static inline u32 make_clrkey_token(const u8 *ck, size_t cklen, u8 *dest)
>  	return sizeof(*token) + cklen;
>  }
>  
> -static inline int _key_to_kb(struct key_blob *kb,
> -			     const u8 *key,
> -			     unsigned int keylen)
> +/*
> + * paes_ctx_setkey() - Set key value into context, maybe construct
> + * a clear key token digestable by pkey from a clear key value.

typo: digestible

> + */
> +static inline int paes_ctx_setkey(struct s390_paes_ctx *ctx,
> +				  const u8 *key, unsigned int keylen)
[...]
> +/*
> + * pxts_ctx_setkey() - Set key value into context, maybe construct
> + * a clear key token digestable by pkey from a clear key value.

typo: digestible

> + */
> +static inline int pxts_ctx_setkey(struct s390_pxts_ctx *ctx,
> +				  const u8 *key, unsigned int keylen)
[...]
>  {
>  	size_t cklen = keylen / 2;
>  

-- 
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
dengler@linux.ibm.com