From: Harald Freudenberger <freude@linux.ibm.com>
To: dengler@linux.ibm.com, ifranzki@linux.ibm.com,
fcallies@linux.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com,
agordeev@linux.ibm.com, seiden@linux.ibm.com
Cc: linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: [PATCH v5 25/25] Add a new parameter xflags to the in-kernel API function pkey_key2protkey(). Currently there is only one flag supported:
Date: Tue, 15 Apr 2025 16:24:38 +0200 [thread overview]
Message-ID: <20250415142438.118474-26-freude@linux.ibm.com> (raw)
In-Reply-To: <20250415142438.118474-1-freude@linux.ibm.com>
* PKEY_XFLAG_NOMEMALLOC:
If this flag is given in the xflags parameter, the pkey
implementation is not allowed to allocate memory but instead should
fall back to use preallocated memory or simple fail with -ENOMEM.
This flag is for protected key derive within a cipher or similar
which must not allocate memory which would cause io operations - see
also the CRYPTO_ALG_ALLOCATES_MEMORY flag in crypto.h.
The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
---
arch/s390/crypto/paes_s390.c | 6 +++---
arch/s390/include/asm/pkey.h | 5 ++++-
drivers/s390/crypto/pkey_api.c | 3 +--
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 511093713a6f..1f62a9460405 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -182,14 +182,14 @@ static inline int __paes_keyblob2pkey(const u8 *key, unsigned int keylen,
{
int i, rc = -EIO;
- /* try three times in case of busy card */
+ /* try three times in case of busy card or no mem */
for (i = 0; rc && i < 3; i++) {
- if (rc == -EBUSY && in_task()) {
+ if ((rc == -EBUSY || rc == -ENOMEM) && in_task()) {
if (msleep_interruptible(1000))
return -EINTR;
}
rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len,
- &pk->type);
+ &pk->type, PKEY_XFLAG_NOMEMALLOC);
}
return rc;
diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h
index a709a72be79a..c0e7f8c25e9f 100644
--- a/arch/s390/include/asm/pkey.h
+++ b/arch/s390/include/asm/pkey.h
@@ -20,10 +20,13 @@
* @param key pointer to a buffer containing the key blob
* @param keylen size of the key blob in bytes
* @param protkey pointer to buffer receiving the protected key
+ * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below)
+ * As of now the only supported flag is PKEY_XFLAG_NOMEMALLOC.
* @return 0 on success, negative errno value on failure
*/
int pkey_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype,
+ u32 xflags);
/*
* If this flag is given in the xflags parameter, the pkey implementation
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 55a4e70b866b..cef60770f68b 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -53,10 +53,9 @@ static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
* In-Kernel function: Transform a key blob (of any type) into a protected key
*/
int pkey_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags)
{
int rc;
- const u32 xflags = 0;
rc = key2protkey(NULL, 0, key, keylen,
protkey, protkeylen, protkeytype, xflags);
--
2.43.0
next prev parent reply other threads:[~2025-04-15 14:24 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 14:24 [PATCH v5 00/25] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 01/25] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 02/25] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 03/25] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 04/25] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 05/25] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 06/25] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-15 15:07 ` Heiko Carstens
2025-04-16 9:39 ` Harald Freudenberger
2025-04-16 9:06 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 07/25] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 08/25] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 09/25] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 10/25] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 11/25] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 12/25] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 13/25] s390/zcrypt: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 14/25] s390/zcrypt: Rework ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 15/25] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 16/25] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 17/25] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 18/25] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 19/25] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 20/25] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 21/25] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 22/25] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-15 14:52 ` Heiko Carstens
2025-04-16 8:58 ` Steffen Eiden
2025-04-15 14:24 ` [PATCH v5 23/25] s390/uv: Remove uv_get_secret_metadata function Harald Freudenberger
2025-04-16 9:00 ` Steffen Eiden
2025-04-16 9:25 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 24/25] s390/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-16 9:36 ` Holger Dengler
2025-04-15 14:24 ` Harald Freudenberger [this message]
2025-04-16 9:39 ` [PATCH v5 25/25] Add a new parameter xflags to the in-kernel API function pkey_key2protkey(). Currently there is only one flag supported: Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250415142438.118474-26-freude@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox