From: Holger Dengler <dengler@linux.ibm.com>
To: Harald Freudenberger <freude@linux.ibm.com>,
ifranzki@linux.ibm.com, fcallies@linux.ibm.com,
hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com,
seiden@linux.ibm.com, borntraeger@linux.ibm.com,
frankja@linux.ibm.com, imbrenda@linux.ibm.com
Cc: linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: Re: [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions
Date: Fri, 11 Apr 2025 14:40:51 +0200 [thread overview]
Message-ID: <53b1ca15-e679-4e62-bf3e-50ff2b62d484@linux.ibm.com> (raw)
In-Reply-To: <20250409140305.58900-7-freude@linux.ibm.com>
On 09/04/2025 16:02, Harald Freudenberger wrote:
> Introduce a new module parameter "zcrypt_mempool_threshold"
> for the zcrypt module. This parameter controls the minimal
> amount of mempool items which are pre-allocated for urgent
> requests/replies and will be used with the support for the
> new xflag ZCRYPT_XFLAG_NOMEMALLOC. The default value of 5
> shall provide enough memory items to support up to 5 requests
> (and their associated reply) in parallel. The minimum value
> is 1 and is checked and maybe adjusted in the module init().
>
> If the mempool is depleted upon one cca misc functions is called
> with the named xflag set, the function will fail with -ENOMEM
> and the caller is responsible for taking further actions.
>
> For CCA each mempool item is 16KB, as a CCA CPRB needs to
> hold the request and the reply. The pool items only support
> requests/replies with a limit of about 8KB.
> So by default the CCA mempool consumes
> 5 * 16KB = 80KB
>
> This is only part of an rework to support a new xflag
> ZCRYPT_XFLAG_NOMEMALLOC but not yet complete.
>
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
See my comment below. With these fixed you can keep my R-b.
> ---
> drivers/s390/crypto/zcrypt_api.c | 16 +++-
> drivers/s390/crypto/zcrypt_api.h | 2 +
> drivers/s390/crypto/zcrypt_ccamisc.c | 116 ++++++++++++++++++++-------
> drivers/s390/crypto/zcrypt_ccamisc.h | 1 +
> 4 files changed, 104 insertions(+), 31 deletions(-)
>
> diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
> index f753c0403a18..888ab289bd10 100644
> --- a/drivers/s390/crypto/zcrypt_api.c
> +++ b/drivers/s390/crypto/zcrypt_api.c
> @@ -50,6 +50,10 @@ MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \
> "Copyright IBM Corp. 2001, 2012");
> MODULE_LICENSE("GPL");
>
> +unsigned int zcrypt_mempool_threshold = 5;
> +module_param_named(mempool_threshold, zcrypt_mempool_threshold, uint, 0440);
> +MODULE_PARM_DESC(mempool_threshold, "CCA and EP11 request/reply mempool minimal items.");
Maybe you can mention the minimum value here as well?
"CCA and EP11 request/reply mempool minimal items (min: 1)."
> +
> /*
> * zcrypt tracepoint functions
> */
> @@ -2147,13 +2151,20 @@ int __init zcrypt_api_init(void)
> {
> int rc;
>
> + /* make sure the mempool threshold is >= 1 */
> + zcrypt_mempool_threshold = max_t(unsigned int, zcrypt_mempool_threshold, 1);
> +
BTW: As far as I can see, mempool allows 0 as minimal preallocated elements. The result will be a mempool without any pre-allocated elements. This means, no NOMEMALLOC request could be processed. This is sad, but it is not really an error.
Anyhow, if you would limit the mempool to at least 1 element, a threshold value < 1 is an error and should be treated as such. So, do not silently fix the value, but printout an error message and return with -EINVAL here.
> rc = zcrypt_debug_init();
> if (rc)
> goto out;
>
> rc = zcdn_init();
> if (rc)
> - goto out;
> + goto out_zcdn_init_failed;
> +
> + rc = zcrypt_ccamisc_init();
> + if (rc)
> + goto out_ccamisc_init_failed;
>
> /* Register the request sprayer. */
> rc = misc_register(&zcrypt_misc_device);
[...]
> diff --git a/drivers/s390/crypto/zcrypt_api.h b/drivers/s390/crypto/zcrypt_api.h
> index 94dffb01942f..84d636fd14a4 100644
> --- a/drivers/s390/crypto/zcrypt_api.h
> +++ b/drivers/s390/crypto/zcrypt_api.h
[...]
> diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
> index 521baaea06ff..05085b40a55c 100644
> --- a/drivers/s390/crypto/zcrypt_ccamisc.c
> +++ b/drivers/s390/crypto/zcrypt_ccamisc.c
[...]
> @@ -229,7 +241,16 @@ static int alloc_and_prep_cprbmem(size_t paramblen,
> * allocate consecutive memory for request CPRB, request param
> * block, reply CPRB and reply param block
> */
> - cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
> + if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
> + size_t len = 2 * cprbplusparamblen;
> +
> + if (cprb_mempool && len <= CPRB_MEMPOOL_ITEM_SIZE) {
Remove the check for cprb_mempool != NULL. This case can never happen.
> + cprbmem = mempool_alloc_preallocated(cprb_mempool);
> + memset(cprbmem, 0, len);
Check for cprbmem != NULL before memset(), or move the memset() down.
> + }
> + } else {
> + cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
Use kmalloc here and ...
> + }
> if (!cprbmem)
> return -ENOMEM;
... wait until cprbmem is always valid and do the memset() here.
if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
size_t len = 2 * cprbplusparamblen;
if (len <= CPRB_MEMPOOL_ITEM_SIZE)
cprbmem = mempool_alloc_preallocated(cprb_mempool);
} else {
cprbmem = kmalloc(2 * cprbplusparamblen, GFP_KERNEL);
}
if (!cprbmem)
return -ENOMEM;
memset(cprbmem, 0, len);
[...]
--
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
dengler@linux.ibm.com
next prev parent reply other threads:[~2025-04-11 12:41 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 14:02 [PATCH v4 00/24] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 01/24] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 02/24] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 03/24] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 04/24] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-09 16:19 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 05/24] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-09 16:25 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-11 12:40 ` Holger Dengler [this message]
2025-04-14 14:17 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 07/24] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-11 12:58 ` Holger Dengler
2025-04-14 14:21 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 08/24] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 09/24] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-11 13:06 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 10/24] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-11 13:08 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 11/24] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-11 13:10 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 12/24] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-11 13:25 ` Holger Dengler
2025-04-14 14:39 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 13/24] s390/zcrypt/pkey: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-11 14:16 ` Holger Dengler
2025-04-14 14:41 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 14/24] s390/zcrypt/pkey: Rework ep11 " Harald Freudenberger
2025-04-11 14:18 ` Holger Dengler
2025-04-14 14:42 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 15/24] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 16/24] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-11 14:25 ` Holger Dengler
2025-04-14 14:48 ` Harald Freudenberger
2025-04-14 15:04 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 17/24] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 18/24] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 19/24] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 20/24] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 21/24] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-11 14:53 ` Holger Dengler
2025-04-14 8:08 ` Steffen Eiden
2025-04-14 15:15 ` Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 22/24] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-11 15:24 ` Holger Dengler
2025-04-14 8:02 ` Steffen Eiden
2025-04-09 14:03 ` [PATCH v4 23/24] s390/zcrypt/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-11 14:36 ` Holger Dengler
2025-04-09 14:03 ` [PATCH v4 24/24] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API Harald Freudenberger
2025-04-14 13:34 ` Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53b1ca15-e679-4e62-bf3e-50ff2b62d484@linux.ibm.com \
--to=dengler@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox