From: Steffen Eiden <seiden@linux.ibm.com>
To: Janosch Frank <frankja@linux.ibm.com>,
linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Ingo Franzki <ifranzki@linux.ibm.com>,
Harald Freudenberger <freude@linux.ibm.com>,
Christoph Schlameuss <schlameuss@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>
Subject: Re: [PATCH v2 2/6] s390/uv: Retrieve UV secrets support
Date: Mon, 14 Oct 2024 13:46:32 +0200 [thread overview]
Message-ID: <3463a84c-1f68-4d60-b705-3079491f0176@linux.ibm.com> (raw)
In-Reply-To: <6ea3cfb4-47ab-478e-b5f0-0a02ec28b37d@linux.ibm.com>
Thanks for your comments Janosch.
On 10/7/24 2:31 PM, Janosch Frank wrote:
> On 10/2/24 6:05 PM, Steffen Eiden wrote:
>> Provide a kernel API to retrieve secrets from the UV secret store.
>> Add two new functions:
>> * `uv_get_secret_metadata` - get metadata for a given secret identifier
>> * `uv_retrieve_secret` - get the secret value for the secret index
>>
>> With those two functions one can extract the secret for a given secret
>> id, if the secret is retrievable.
>>
>> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
>> ---
>> arch/s390/include/asm/uv.h | 131 ++++++++++++++++++++++++++++++++++++-
>> arch/s390/kernel/uv.c | 127 ++++++++++++++++++++++++++++++++++-
>> 2 files changed, 256 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
>> index 94ff58336e8e..aef333aaaef4 100644
>> --- a/arch/s390/include/asm/uv.h
>> +++ b/arch/s390/include/asm/uv.h
>> @@ -62,6 +62,7 @@
>> #define UVC_CMD_ADD_SECRET 0x1031
>> #define UVC_CMD_LIST_SECRETS 0x1033
>> #define UVC_CMD_LOCK_SECRETS 0x1034
>> +#define UVC_CMD_RETR_SECRET 0x1035
>> /* Bits in installed uv calls */
>> enum uv_cmds_inst {
>> @@ -95,6 +96,7 @@ enum uv_cmds_inst {
>> BIT_UVC_CMD_ADD_SECRET = 29,
>> BIT_UVC_CMD_LIST_SECRETS = 30,
>> BIT_UVC_CMD_LOCK_SECRETS = 31,
>> + BIT_UVC_CMD_RETR_SECRETS = 33,
>
> One is SECRET and the other is SECRET_S_.
> I know that you coded this according to spec, but sometimes we need to fix the spec. I've contacted the spec authors to fix it on their end if possible.
Yes we should fix the specs.
I will use singular forms on both constants.
>
> [...]
>
>> + * Do the actual search for `uv_get_secret_metadata`
>> + *
>> + * Context: might sleep
>> + */
>> +static int find_secret(const u8 secret_id[UV_SECRET_ID_LEN],
>> + struct uv_secret_list *list,
>> + struct uv_secret_list_item_hdr *secret)
>> +{
>> + u16 start_idx = 0;
>> + u16 list_rc;
>> + int ret;
>> +
>> + do {
>> + uv_list_secrets((u8 *)list, start_idx, &list_rc, NULL);
>> + if (!(list_rc == UVC_RC_EXECUTED || list_rc == UVC_RC_MORE_DATA)) {
>
> Inverting this conditional would get rid of 3 characters.
> Did you chose to implement it like this on purpose?
>
No special purpose behind that. In fact, I prefer your shorter variant.
Thanks, I'll change that.
>> + if (list_rc == UVC_RC_INV_CMD)
>> + return -ENODEV;
>> + else
>> + return -EIO;
>> + }
>> + ret = find_secret_in_page(secret_id, list, secret);
>> + if (ret == 0)
>> + return ret;
>> + start_idx = list->next_secret_idx;
>> + } while (list_rc == UVC_RC_MORE_DATA && start_idx < list->next_secret_idx);
>> +
>> + return -ENOENT;
>
>
Steffen
next prev parent reply other threads:[~2024-10-14 11:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 16:05 [PATCH v2 0/6] s390/uv: Retrieve Secrets Ultravisor Call support Steffen Eiden
2024-10-02 16:05 ` [PATCH v2 1/6] s390/boot/uv.c: Use a constant for more-data rc Steffen Eiden
2024-10-02 16:05 ` [PATCH v2 2/6] s390/uv: Retrieve UV secrets support Steffen Eiden
2024-10-07 12:31 ` Janosch Frank
2024-10-14 11:46 ` Steffen Eiden [this message]
2024-10-08 14:36 ` Heiko Carstens
2024-10-02 16:05 ` [PATCH v2 3/6] s390/uvdevice: Add Retrieve Secret IOCTL Steffen Eiden
2024-10-02 16:05 ` [PATCH v2 4/6] s390/uvdevice: Increase indent in IOCTL definitions Steffen Eiden
2024-10-02 16:05 ` [PATCH v2 5/6] s390/uvdevice: Add List Secrets Ext IOCTL Steffen Eiden
2024-10-08 9:01 ` Christoph Schlameuss
2024-10-08 14:48 ` Heiko Carstens
2024-10-02 16:05 ` [PATCH v2 6/6] s390/uv: Retrieve UV secrets sysfs support Steffen Eiden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3463a84c-1f68-4d60-b705-3079491f0176@linux.ibm.com \
--to=seiden@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=ifranzki@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=schlameuss@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox