From: Heiko Carstens <hca@linux.ibm.com>
To: Harald Freudenberger <freude@linux.ibm.com>
Cc: dengler@linux.ibm.com, ifranzki@linux.ibm.com,
fcallies@linux.ibm.com, gor@linux.ibm.com,
agordeev@linux.ibm.com, seiden@linux.ibm.com,
linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: Re: [PATCH v5 22/25] s390/pkey: Use preallocated memory for retrieve of UV secret metadata
Date: Tue, 15 Apr 2025 16:52:57 +0200 [thread overview]
Message-ID: <20250415145257.12735Eca-hca@linux.ibm.com> (raw)
In-Reply-To: <20250415142438.118474-23-freude@linux.ibm.com>
On Tue, Apr 15, 2025 at 04:24:35PM +0200, Harald Freudenberger wrote:
> The pkey uv functions may be called in a situation where memory
> allocations which trigger IO operations are not allowed. An example:
> decryption of the swap partition with protected key (PAES).
>
> The pkey uv code takes care of this by holding one preallocated
> struct uv_secret_list to be used with the new UV function
> uv_find_secret(). The older function uv_get_secret_metadata()
> used before always allocates/frees an ephemeral memory buffer.
> The preallocated struct is concurrency protected by a mutex.
>
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
> Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
> ---
> drivers/s390/crypto/pkey_uv.c | 37 ++++++++++++++++++++++++++++++++---
> 1 file changed, 34 insertions(+), 3 deletions(-)
...
> +static int get_secret_metadata(const u8 secret_id[UV_SECRET_ID_LEN],
> + struct uv_secret_list_item_hdr *secret)
> +{
> + int rc;
> +
> + mutex_lock(&uv_list_mutex);
> + rc = uv_find_secret(secret_id, uv_list, secret);
> + mutex_unlock(&uv_list_mutex);
> +
> + return rc;
> +}
This is a change to the previous code, and potentially is also a problem:
uvlist is not set to zero before it is used (unlike before). The condition
code of the uvc is partially ignored, and instead the return code of the
response is taken into account to tell if the uvc succeeded. This works since
memory was initialized, but now the contents of the previous invocation may be
used to tell if the uvc succeeded.
Or in other words: I think you need to add a memset() call to uv_find_secret()
before uv_list is used for the uvc.
next prev parent reply other threads:[~2025-04-15 14:53 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 14:24 [PATCH v5 00/25] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 01/25] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 02/25] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 03/25] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 04/25] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 05/25] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 06/25] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-15 15:07 ` Heiko Carstens
2025-04-16 9:39 ` Harald Freudenberger
2025-04-16 9:06 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 07/25] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 08/25] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 09/25] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 10/25] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 11/25] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 12/25] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 13/25] s390/zcrypt: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 14/25] s390/zcrypt: Rework ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 15/25] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 16/25] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 17/25] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 18/25] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 19/25] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 20/25] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 21/25] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 22/25] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-15 14:52 ` Heiko Carstens [this message]
2025-04-16 8:58 ` Steffen Eiden
2025-04-15 14:24 ` [PATCH v5 23/25] s390/uv: Remove uv_get_secret_metadata function Harald Freudenberger
2025-04-16 9:00 ` Steffen Eiden
2025-04-16 9:25 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 24/25] s390/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-16 9:36 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 25/25] Add a new parameter xflags to the in-kernel API function pkey_key2protkey(). Currently there is only one flag supported: Harald Freudenberger
2025-04-16 9:39 ` Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250415145257.12735Eca-hca@linux.ibm.com \
--to=hca@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox