From: Harald Freudenberger <freude@linux.ibm.com>
To: Holger Dengler <dengler@linux.ibm.com>
Cc: ifranzki@linux.ibm.com, fcallies@linux.ibm.com,
hca@linux.ibm.com, gor@linux.ibm.com, agordeev@linux.ibm.com,
seiden@linux.ibm.com, borntraeger@linux.ibm.com,
frankja@linux.ibm.com, imbrenda@linux.ibm.com,
linux-s390@vger.kernel.org, herbert@gondor.apana.org.au
Subject: Re: [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions
Date: Mon, 14 Apr 2025 16:17:18 +0200 [thread overview]
Message-ID: <75a7e907ab922aacde1231bf63bd64ea@linux.ibm.com> (raw)
In-Reply-To: <53b1ca15-e679-4e62-bf3e-50ff2b62d484@linux.ibm.com>
On 2025-04-11 14:40, Holger Dengler wrote:
> On 09/04/2025 16:02, Harald Freudenberger wrote:
>> Introduce a new module parameter "zcrypt_mempool_threshold"
>> for the zcrypt module. This parameter controls the minimal
>> amount of mempool items which are pre-allocated for urgent
>> requests/replies and will be used with the support for the
>> new xflag ZCRYPT_XFLAG_NOMEMALLOC. The default value of 5
>> shall provide enough memory items to support up to 5 requests
>> (and their associated reply) in parallel. The minimum value
>> is 1 and is checked and maybe adjusted in the module init().
>>
>> If the mempool is depleted upon one cca misc functions is called
>> with the named xflag set, the function will fail with -ENOMEM
>> and the caller is responsible for taking further actions.
>>
>> For CCA each mempool item is 16KB, as a CCA CPRB needs to
>> hold the request and the reply. The pool items only support
>> requests/replies with a limit of about 8KB.
>> So by default the CCA mempool consumes
>> 5 * 16KB = 80KB
>>
>> This is only part of an rework to support a new xflag
>> ZCRYPT_XFLAG_NOMEMALLOC but not yet complete.
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
>
> See my comment below. With these fixed you can keep my R-b.
>
>> ---
>> drivers/s390/crypto/zcrypt_api.c | 16 +++-
>> drivers/s390/crypto/zcrypt_api.h | 2 +
>> drivers/s390/crypto/zcrypt_ccamisc.c | 116
>> ++++++++++++++++++++-------
>> drivers/s390/crypto/zcrypt_ccamisc.h | 1 +
>> 4 files changed, 104 insertions(+), 31 deletions(-)
>>
>> diff --git a/drivers/s390/crypto/zcrypt_api.c
>> b/drivers/s390/crypto/zcrypt_api.c
>> index f753c0403a18..888ab289bd10 100644
>> --- a/drivers/s390/crypto/zcrypt_api.c
>> +++ b/drivers/s390/crypto/zcrypt_api.c
>> @@ -50,6 +50,10 @@ MODULE_DESCRIPTION("Cryptographic Coprocessor
>> interface, " \
>> "Copyright IBM Corp. 2001, 2012");
>> MODULE_LICENSE("GPL");
>>
>> +unsigned int zcrypt_mempool_threshold = 5;
>> +module_param_named(mempool_threshold, zcrypt_mempool_threshold, uint,
>> 0440);
>> +MODULE_PARM_DESC(mempool_threshold, "CCA and EP11 request/reply
>> mempool minimal items.");
>
> Maybe you can mention the minimum value here as well?
>
> "CCA and EP11 request/reply mempool minimal items (min: 1)."
Done
>
>> +
>> /*
>> * zcrypt tracepoint functions
>> */
>> @@ -2147,13 +2151,20 @@ int __init zcrypt_api_init(void)
>> {
>> int rc;
>>
>> + /* make sure the mempool threshold is >= 1 */
>> + zcrypt_mempool_threshold = max_t(unsigned int,
>> zcrypt_mempool_threshold, 1);
>> +
>
> BTW: As far as I can see, mempool allows 0 as minimal preallocated
> elements. The result will be a mempool without any pre-allocated
> elements. This means, no NOMEMALLOC request could be processed. This
> is sad, but it is not really an error.
>
> Anyhow, if you would limit the mempool to at least 1 element, a
> threshold value < 1 is an error and should be treated as such. So, do
> not silently fix the value, but printout an error message and return
> with -EINVAL here.
>
>> rc = zcrypt_debug_init();
>> if (rc)
>> goto out;
>>
>> rc = zcdn_init();
>> if (rc)
>> - goto out;
>> + goto out_zcdn_init_failed;
>> +
>> + rc = zcrypt_ccamisc_init();
>> + if (rc)
>> + goto out_ccamisc_init_failed;
>>
>> /* Register the request sprayer. */
>> rc = misc_register(&zcrypt_misc_device);
> [...]
>> diff --git a/drivers/s390/crypto/zcrypt_api.h
>> b/drivers/s390/crypto/zcrypt_api.h
>> index 94dffb01942f..84d636fd14a4 100644
>> --- a/drivers/s390/crypto/zcrypt_api.h
>> +++ b/drivers/s390/crypto/zcrypt_api.h
> [...]
>> diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c
>> b/drivers/s390/crypto/zcrypt_ccamisc.c
>> index 521baaea06ff..05085b40a55c 100644
>> --- a/drivers/s390/crypto/zcrypt_ccamisc.c
>> +++ b/drivers/s390/crypto/zcrypt_ccamisc.c
> [...]
>
>> @@ -229,7 +241,16 @@ static int alloc_and_prep_cprbmem(size_t
>> paramblen,
>> * allocate consecutive memory for request CPRB, request param
>> * block, reply CPRB and reply param block
>> */
>> - cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
>> + if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
>> + size_t len = 2 * cprbplusparamblen;
>> +
>> + if (cprb_mempool && len <= CPRB_MEMPOOL_ITEM_SIZE) {
>
> Remove the check for cprb_mempool != NULL. This case can never happen.
>
>> + cprbmem = mempool_alloc_preallocated(cprb_mempool);
>> + memset(cprbmem, 0, len);
>
> Check for cprbmem != NULL before memset(), or move the memset() down.
>
>> + }
>> + } else {
>> + cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
>
> Use kmalloc here and ...
>
>> + }
>> if (!cprbmem)
>> return -ENOMEM;
>
> ... wait until cprbmem is always valid and do the memset() here.
>
> if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
> size_t len = 2 * cprbplusparamblen;
>
> if (len <= CPRB_MEMPOOL_ITEM_SIZE)
> cprbmem = mempool_alloc_preallocated(cprb_mempool);
> } else {
> cprbmem = kmalloc(2 * cprbplusparamblen, GFP_KERNEL);
> }
> if (!cprbmem)
> return -ENOMEM;
> memset(cprbmem, 0, len);
>
> [...]
Hm, not clear what exactly you mean. I changed the code to:
{
u8 *cprbmem = NULL;
size_t cprbplusparamblen = sizeof(struct CPRBX) + paramblen;
size_t len = 2 * cprbplusparamblen;
struct CPRBX *preqcblk, *prepcblk;
/*
* allocate consecutive memory for request CPRB, request param
* block, reply CPRB and reply param block
*/
if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
if (len <= CPRB_MEMPOOL_ITEM_SIZE)
cprbmem = mempool_alloc_preallocated(cprb_mempool);
} else {
cprbmem = kmalloc(len, GFP_KERNEL);
}
if (!cprbmem)
return -ENOMEM;
memset(cprbmem, 0, len);
...
next prev parent reply other threads:[~2025-04-14 14:17 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 14:02 [PATCH v4 00/24] AP bus/zcrypt/pkey/paes no-mem-alloc patches Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 01/24] s390/ap: Move response_type struct into ap_msg struct Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 02/24] s390/ap/zcrypt: Rework AP message buffer allocation Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 03/24] s390/ap: Introduce ap message buffer pool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 04/24] s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb Harald Freudenberger
2025-04-09 16:19 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 05/24] s390/ap/zcrypt: New xflag parameter Harald Freudenberger
2025-04-09 16:25 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 06/24] s390/zcrypt: Introduce cprb mempool for cca misc functions Harald Freudenberger
2025-04-11 12:40 ` Holger Dengler
2025-04-14 14:17 ` Harald Freudenberger [this message]
2025-04-09 14:02 ` [PATCH v4 07/24] s390/zcrypt: Introduce cprb mempool for ep11 " Harald Freudenberger
2025-04-11 12:58 ` Holger Dengler
2025-04-14 14:21 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 08/24] s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 09/24] s390/zcrypt: Introduce pre-allocated device status array for cca misc Harald Freudenberger
2025-04-11 13:06 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 10/24] s390/zcrypt: Introduce pre-allocated device status array for ep11 misc Harald Freudenberger
2025-04-11 13:08 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 11/24] s390/zcrypt: Remove unused functions from cca misc Harald Freudenberger
2025-04-11 13:10 ` Holger Dengler
2025-04-09 14:02 ` [PATCH v4 12/24] s390/zcrypt: Remove CCA and EP11 card and domain info caches Harald Freudenberger
2025-04-11 13:25 ` Holger Dengler
2025-04-14 14:39 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 13/24] s390/zcrypt/pkey: Rework cca findcard() implementation and callers Harald Freudenberger
2025-04-11 14:16 ` Holger Dengler
2025-04-14 14:41 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 14/24] s390/zcrypt/pkey: Rework ep11 " Harald Freudenberger
2025-04-11 14:18 ` Holger Dengler
2025-04-14 14:42 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 15/24] s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 16/24] s390/zcrypt: Propagate xflags argument with cca_get_info() Harald Freudenberger
2025-04-11 14:25 ` Holger Dengler
2025-04-14 14:48 ` Harald Freudenberger
2025-04-14 15:04 ` Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 17/24] s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc Harald Freudenberger
2025-04-09 14:02 ` [PATCH v4 18/24] s390/zcrypt: Rework ep11 misc functions to use cprb mempool Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 19/24] s390/pkey: Rework CCA pkey handler to use stack for small memory allocs Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 20/24] s390/pkey: Rework EP11 " Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 21/24] s390/uv: Rename find_secret() to uv_find_secret() and publish Harald Freudenberger
2025-04-11 14:53 ` Holger Dengler
2025-04-14 8:08 ` Steffen Eiden
2025-04-14 15:15 ` Harald Freudenberger
2025-04-09 14:03 ` [PATCH v4 22/24] s390/pkey: Use preallocated memory for retrieve of UV secret metadata Harald Freudenberger
2025-04-11 15:24 ` Holger Dengler
2025-04-14 8:02 ` Steffen Eiden
2025-04-09 14:03 ` [PATCH v4 23/24] s390/zcrypt/pkey: Provide and pass xflags within pkey and zcrypt layers Harald Freudenberger
2025-04-11 14:36 ` Holger Dengler
2025-04-09 14:03 ` [PATCH v4 24/24] s390/pkey/crypto: Introduce xflags param for pkey in-kernel API Harald Freudenberger
2025-04-14 13:34 ` Holger Dengler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75a7e907ab922aacde1231bf63bd64ea@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox