tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

s390/pkey/crypto: Introduce xflags param for pkey in-kernel API

Add a new parameter xflags to the in-kernel API function
pkey_key2protkey(). Currently there is only one flag supported:

* PKEY_XFLAG_NOMEMALLOC:
If this flag is given in the xflags parameter, the pkey
implementation is not allowed to allocate memory but instead should
fall back to use preallocated memory or simple fail with -ENOMEM.
This flag is for protected key derive within a cipher or similar
which must not allocate memory which would cause io operations - see
also the CRYPTO_ALG_ALLOCATES_MEMORY flag in crypto.h.

The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Link: https://lore.kernel.org/r/20250424133619.16495-26-freude@linux.ibm.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

authored by

Harald Freudenberger and committed by
Heiko Carstens f6884295 e5a7f7e0

+8 -6
+3 -3
arch/s390/crypto/paes_s390.c
··· 182 182 { 183 183 int i, rc = -EIO; 184 184 185 - /* try three times in case of busy card */ 185 + /* try three times in case of busy card or no mem */ 186 186 for (i = 0; rc && i < 3; i++) { 187 - if (rc == -EBUSY && in_task()) { 187 + if ((rc == -EBUSY || rc == -ENOMEM) && in_task()) { 188 188 if (msleep_interruptible(1000)) 189 189 return -EINTR; 190 190 } 191 191 rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len, 192 - &pk->type); 192 + &pk->type, PKEY_XFLAG_NOMEMALLOC); 193 193 } 194 194 195 195 return rc;
+4 -1
arch/s390/include/asm/pkey.h
··· 20 20 * @param key pointer to a buffer containing the key blob 21 21 * @param keylen size of the key blob in bytes 22 22 * @param protkey pointer to buffer receiving the protected key 23 + * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below) 24 + * As of now the only supported flag is PKEY_XFLAG_NOMEMALLOC. 23 25 * @return 0 on success, negative errno value on failure 24 26 */ 25 27 int pkey_key2protkey(const u8 *key, u32 keylen, 26 - u8 *protkey, u32 *protkeylen, u32 *protkeytype); 28 + u8 *protkey, u32 *protkeylen, u32 *protkeytype, 29 + u32 xflags); 27 30 28 31 /* 29 32 * If this flag is given in the xflags parameter, the pkey implementation
+1 -2
drivers/s390/crypto/pkey_api.c
··· 53 53 * In-Kernel function: Transform a key blob (of any type) into a protected key 54 54 */ 55 55 int pkey_key2protkey(const u8 *key, u32 keylen, 56 - u8 *protkey, u32 *protkeylen, u32 *protkeytype) 56 + u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags) 57 57 { 58 58 int rc; 59 - const u32 xflags = 0; 60 59 61 60 rc = key2protkey(NULL, 0, key, keylen, 62 61 protkey, protkeylen, protkeytype, xflags);