From: Steffen Eiden <seiden@linux.ibm.com>
To: Heiko Carstens <hca@linux.ibm.com>
Cc: Harald Freudenberger <freude@linux.ibm.com>,
dengler@linux.ibm.com, ifranzki@linux.ibm.com,
fcallies@linux.ibm.com, gor@linux.ibm.com,
agordeev@linux.ibm.com, linux-s390@vger.kernel.org,
herbert@gondor.apana.org.au
Subject: Re: [PATCH v5 22/25] s390/pkey: Use preallocated memory for retrieve of UV secret metadata
Date: Wed, 16 Apr 2025 10:58:57 +0200 [thread overview]
Message-ID: <20250416085857.150408-A-seiden@linux.ibm.com> (raw)
In-Reply-To: <20250415145257.12735Eca-hca@linux.ibm.com>
On Tue, Apr 15, 2025 at 04:52:57PM +0200, Heiko Carstens wrote:
> On Tue, Apr 15, 2025 at 04:24:35PM +0200, Harald Freudenberger wrote:
> > The pkey uv functions may be called in a situation where memory
> > allocations which trigger IO operations are not allowed. An example:
> > decryption of the swap partition with protected key (PAES).
> >
> > The pkey uv code takes care of this by holding one preallocated
> > struct uv_secret_list to be used with the new UV function
> > uv_find_secret(). The older function uv_get_secret_metadata()
> > used before always allocates/frees an ephemeral memory buffer.
> > The preallocated struct is concurrency protected by a mutex.
> >
> > Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> > Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
> > Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
> > ---
> > drivers/s390/crypto/pkey_uv.c | 37 ++++++++++++++++++++++++++++++++---
> > 1 file changed, 34 insertions(+), 3 deletions(-)
>
> ...
>
> > +static int get_secret_metadata(const u8 secret_id[UV_SECRET_ID_LEN],
> > + struct uv_secret_list_item_hdr *secret)
> > +{
> > + int rc;
> > +
> > + mutex_lock(&uv_list_mutex);
> > + rc = uv_find_secret(secret_id, uv_list, secret);
> > + mutex_unlock(&uv_list_mutex);
> > +
> > + return rc;
> > +}
>
> This is a change to the previous code, and potentially is also a problem:
> uvlist is not set to zero before it is used (unlike before). The condition
> code of the uvc is partially ignored, and instead the return code of the
> response is taken into account to tell if the uvc succeeded. This works since
> memory was initialized, but now the contents of the previous invocation may be
> used to tell if the uvc succeeded.
>
> Or in other words: I think you need to add a memset() call to uv_find_secret()
> before uv_list is used for the uvc.
Yes you do.
Thanks Heiko!
next prev parent reply other threads:[~2025-04-16 8:59 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 14:24 [PATCH v5 00/25] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 01/25] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 02/25] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 03/25] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 04/25] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 05/25] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 06/25] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-15 15:07 ` Heiko Carstens
2025-04-16 9:39 ` Harald Freudenberger
2025-04-16 9:06 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 07/25] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 08/25] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 09/25] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 10/25] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 11/25] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 12/25] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 13/25] s390/zcrypt: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 14/25] s390/zcrypt: Rework ep11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 15/25] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 16/25] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 17/25] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 18/25] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 19/25] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 20/25] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 21/25] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-15 14:24 ` [PATCH v5 22/25] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-15 14:52 ` Heiko Carstens
2025-04-16 8:58 ` Steffen Eiden [this message]
2025-04-15 14:24 ` [PATCH v5 23/25] s390/uv: Remove uv_get_secret_metadata function Harald Freudenberger
2025-04-16 9:00 ` Steffen Eiden
2025-04-16 9:25 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 24/25] s390/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-16 9:36 ` Holger Dengler
2025-04-15 14:24 ` [PATCH v5 25/25] Add a new parameter xflags to the in-kernel API function pkey_key2protkey(). Currently there is only one flag supported: Harald Freudenberger
2025-04-16 9:39 ` Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250416085857.150408-A-seiden@linux.ibm.com \
--to=seiden@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox