diff options
| author | Harald Freudenberger <freude@linux.ibm.com> | 2025-04-24 16:36:19 +0300 |
|---|---|---|
| committer | Heiko Carstens <hca@linux.ibm.com> | 2025-04-30 12:34:03 +0300 |
| commit | f6884295491c805b1af5df689b0bc30505d1d5ba (patch) | |
| tree | ff0c21ca1572520172d1bc722708ca065b51f170 | |
| parent | e5a7f7e0c61cc061f63e5659a0527fd48b216c77 (diff) | |
| download | linux-f6884295491c805b1af5df689b0bc30505d1d5ba.tar.xz | |
s390/pkey/crypto: Introduce xflags param for pkey in-kernel API
Add a new parameter xflags to the in-kernel API function
pkey_key2protkey(). Currently there is only one flag supported:
* PKEY_XFLAG_NOMEMALLOC:
If this flag is given in the xflags parameter, the pkey
implementation is not allowed to allocate memory but instead should
fall back to use preallocated memory or simple fail with -ENOMEM.
This flag is for protected key derive within a cipher or similar
which must not allocate memory which would cause io operations - see
also the CRYPTO_ALG_ALLOCATES_MEMORY flag in crypto.h.
The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Link: https://lore.kernel.org/r/20250424133619.16495-26-freude@linux.ibm.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
| -rw-r--r-- | arch/s390/crypto/paes_s390.c | 6 | ||||
| -rw-r--r-- | arch/s390/include/asm/pkey.h | 5 | ||||
| -rw-r--r-- | drivers/s390/crypto/pkey_api.c | 3 |
3 files changed, 8 insertions, 6 deletions
diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c index 511093713a6f..1f62a9460405 100644 --- a/arch/s390/crypto/paes_s390.c +++ b/arch/s390/crypto/paes_s390.c @@ -182,14 +182,14 @@ static inline int __paes_keyblob2pkey(const u8 *key, unsigned int keylen, { int i, rc = -EIO; - /* try three times in case of busy card */ + /* try three times in case of busy card or no mem */ for (i = 0; rc && i < 3; i++) { - if (rc == -EBUSY && in_task()) { + if ((rc == -EBUSY || rc == -ENOMEM) && in_task()) { if (msleep_interruptible(1000)) return -EINTR; } rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len, - &pk->type); + &pk->type, PKEY_XFLAG_NOMEMALLOC); } return rc; diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h index a709a72be79a..b7b59faf16f4 100644 --- a/arch/s390/include/asm/pkey.h +++ b/arch/s390/include/asm/pkey.h @@ -20,10 +20,13 @@ * @param key pointer to a buffer containing the key blob * @param keylen size of the key blob in bytes * @param protkey pointer to buffer receiving the protected key + * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below) + * As of now the only supported flag is PKEY_XFLAG_NOMEMALLOC. * @return 0 on success, negative errno value on failure */ int pkey_key2protkey(const u8 *key, u32 keylen, - u8 *protkey, u32 *protkeylen, u32 *protkeytype); + u8 *protkey, u32 *protkeylen, u32 *protkeytype, + u32 xflags); /* * If this flag is given in the xflags parameter, the pkey implementation diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index 55a4e70b866b..cef60770f68b 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -53,10 +53,9 @@ static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, * In-Kernel function: Transform a key blob (of any type) into a protected key */ int pkey_key2protkey(const u8 *key, u32 keylen, - u8 *protkey, u32 *protkeylen, u32 *protkeytype) + u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags) { int rc; - const u32 xflags = 0; rc = key2protkey(NULL, 0, key, keylen, protkey, protkeylen, protkeytype, xflags); |