When both the paes and the pkey kernel module are statically build into the kernel, the paes cipher selftests run before the pkey kernel module is initialized. So a static variable set in the pkey init function and used in the pkey_clr2protkey function is not initialized when the paes cipher's selftests request to call pckmo for transforming a clear key value into a protected key.
This patch moves the initial setup of the static variable into the function pck_clr2protkey. So it's possible, to use the function for transforming a clear to a protected key even before the pkey init function has been called and the paes selftests may run successful.
Signed-off-by: Harald Freudenberger freude@linux.ibm.com Reported-by: Alexander Egorenkov Alexander.Egorenkov@ibm.com Cc: Stable stable@vger.kernel.org --- drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index 490917cd44d0..5f75c9dfe071 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface"); #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */
-/* mask of available pckmo subfunctions, fetched once at module init */ -static cpacf_mask_t pckmo_functions; - /* * debug feature data and functions */ @@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype, const struct pkey_clrkey *clrkey, struct pkey_protkey *protkey) { + /* mask of available pckmo subfunctions */ + static cpacf_mask_t pckmo_functions; + long fc; int keysize; u8 paramblock[64]; @@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype, return -EINVAL; }
- /* - * Check if the needed pckmo subfunction is available. - * These subfunctions can be enabled/disabled by customers - * in the LPAR profile or may even change on the fly. - */ + /* did we already check for PCKMO ? */ + if (!pckmo_functions.bytes[0]) { + /* no, so check now */ + if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) + return -ENODEV; + } + /* check for the pckmo subfunction we need now */ if (!cpacf_test_func(&pckmo_functions, fc)) { DEBUG_ERR("%s pckmo functions not available\n", __func__); return -ENODEV; @@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = { */ static int __init pkey_init(void) { - cpacf_mask_t kmc_functions; + cpacf_mask_t func_mask;
/* * The pckmo instruction should be available - even if we don't @@ -1861,15 +1863,15 @@ static int __init pkey_init(void) * is also the minimum level for the kmc instructions which * are able to work with protected keys. */ - if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) + if (!cpacf_query(CPACF_PCKMO, &func_mask)) return -ENODEV;
/* check for kmc instructions available */ - if (!cpacf_query(CPACF_KMC, &kmc_functions)) + if (!cpacf_query(CPACF_KMC, &func_mask)) return -ENODEV; - if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) || - !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) || - !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256)) + if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || + !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || + !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) return -ENODEV;
pkey_debug_init();
On 15.09.2020 11:21, Harald Freudenberger wrote:
When both the paes and the pkey kernel module are statically build into the kernel, the paes cipher selftests run before the pkey kernel module is initialized. So a static variable set in the pkey init function and used in the pkey_clr2protkey function is not initialized when the paes cipher's selftests request to call pckmo for transforming a clear key value into a protected key.
This patch moves the initial setup of the static variable into the function pck_clr2protkey. So it's possible, to use the function for transforming a clear to a protected key even before the pkey init function has been called and the paes selftests may run successful.
Signed-off-by: Harald Freudenberger freude@linux.ibm.com Reported-by: Alexander Egorenkov Alexander.Egorenkov@ibm.com Cc: Stable stable@vger.kernel.org
drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index 490917cd44d0..5f75c9dfe071 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface"); #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ -/* mask of available pckmo subfunctions, fetched once at module init */ -static cpacf_mask_t pckmo_functions;
/*
- debug feature data and functions
*/ @@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype, const struct pkey_clrkey *clrkey, struct pkey_protkey *protkey) {
- /* mask of available pckmo subfunctions */
- static cpacf_mask_t pckmo_functions;
- long fc; int keysize; u8 paramblock[64];
@@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype, return -EINVAL; }
- /*
* Check if the needed pckmo subfunction is available.* These subfunctions can be enabled/disabled by customers* in the LPAR profile or may even change on the fly.*/
- /* did we already check for PCKMO ? */
- if (!pckmo_functions.bytes[0]) {
/* no, so check now */if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))return -ENODEV;- }
Does this need a lock here? What if 2 processes or threads call this concurrently? Certainly the cpacf_query will produce the same result, but updating static pckmo_functions concurrently might cause problems.
- /* check for the pckmo subfunction we need now */ if (!cpacf_test_func(&pckmo_functions, fc)) { DEBUG_ERR("%s pckmo functions not available\n", __func__); return -ENODEV;
@@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = { */ static int __init pkey_init(void) {
- cpacf_mask_t kmc_functions;
- cpacf_mask_t func_mask;
/* * The pckmo instruction should be available - even if we don't @@ -1861,15 +1863,15 @@ static int __init pkey_init(void) * is also the minimum level for the kmc instructions which * are able to work with protected keys. */
- if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
- if (!cpacf_query(CPACF_PCKMO, &func_mask)) return -ENODEV;
/* check for kmc instructions available */
- if (!cpacf_query(CPACF_KMC, &kmc_functions))
- if (!cpacf_query(CPACF_KMC, &func_mask)) return -ENODEV;
- if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256))
- if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
!cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||!cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))pkey_debug_init();
On 17.09.20 17:01, Ingo Franzki wrote:
On 15.09.2020 11:21, Harald Freudenberger wrote:
When both the paes and the pkey kernel module are statically build into the kernel, the paes cipher selftests run before the pkey kernel module is initialized. So a static variable set in the pkey init function and used in the pkey_clr2protkey function is not initialized when the paes cipher's selftests request to call pckmo for transforming a clear key value into a protected key.
This patch moves the initial setup of the static variable into the function pck_clr2protkey. So it's possible, to use the function for transforming a clear to a protected key even before the pkey init function has been called and the paes selftests may run successful.
Signed-off-by: Harald Freudenberger freude@linux.ibm.com Reported-by: Alexander Egorenkov Alexander.Egorenkov@ibm.com Cc: Stable stable@vger.kernel.org
drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index 490917cd44d0..5f75c9dfe071 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface"); #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ -/* mask of available pckmo subfunctions, fetched once at module init */ -static cpacf_mask_t pckmo_functions;
/*
- debug feature data and functions
*/ @@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype, const struct pkey_clrkey *clrkey, struct pkey_protkey *protkey) {
- /* mask of available pckmo subfunctions */
- static cpacf_mask_t pckmo_functions;
- long fc; int keysize; u8 paramblock[64];
@@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype, return -EINVAL; }
- /*
* Check if the needed pckmo subfunction is available.* These subfunctions can be enabled/disabled by customers* in the LPAR profile or may even change on the fly.*/
- /* did we already check for PCKMO ? */
- if (!pckmo_functions.bytes[0]) {
/* no, so check now */if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))return -ENODEV;- }
Does this need a lock here? What if 2 processes or threads call this concurrently? Certainly the cpacf_query will produce the same result, but updating static pckmo_functions concurrently might cause problems.
I'd say as long as both concurrent threads will fetch the very same value - No, even if the update is not done atomically. For example: u64 blubber[2] = { 0, 0 }; // thread 1 updates blubber but unfortunately not in an atomic way: blubber[0] = 0x1122334455667788; // now interrupted by thread 2 which updates blubber now: blubber[1] = 0x8877665544332211; blubber[0] = 0x1122334455667788; // and finally thread1 comes again and does the 2. half of the update: blubber[1] = 0x8877665544332211; even if you reshuffle this the result is the very same as long as both threads update blubber WITH THE SAME VALUE. For a different value, I do agree some kind of locking is needed. At least this is my understanding...
- /* check for the pckmo subfunction we need now */ if (!cpacf_test_func(&pckmo_functions, fc)) { DEBUG_ERR("%s pckmo functions not available\n", __func__); return -ENODEV;
@@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = { */ static int __init pkey_init(void) {
- cpacf_mask_t kmc_functions;
- cpacf_mask_t func_mask;
/* * The pckmo instruction should be available - even if we don't @@ -1861,15 +1863,15 @@ static int __init pkey_init(void) * is also the minimum level for the kmc instructions which * are able to work with protected keys. */
- if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
- if (!cpacf_query(CPACF_PCKMO, &func_mask)) return -ENODEV;
/* check for kmc instructions available */
- if (!cpacf_query(CPACF_KMC, &kmc_functions))
- if (!cpacf_query(CPACF_KMC, &func_mask)) return -ENODEV;
- if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256))
- if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
!cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||!cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))pkey_debug_init();
Hi
[This is an automated email]
This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all
The bot has tested the following trees: v5.8.9, v5.4.65, v4.19.145, v4.14.198, v4.9.236, v4.4.236.
v5.8.9: Build OK! v5.4.65: Build OK! v4.19.145: Failed to apply! Possible dependencies: 00fab2350e6b ("s390/zcrypt: multiple zcrypt device nodes support") 0534bde7de19 ("s390/pkey: Define protected key blob format") 183cb46954dd ("s390/pkey: pkey cleanup: narrow in-kernel API, fix some variable types") a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation") af504452d10e ("s390/pkey: Add sysfs attributes to emit secure key blobs") cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification") d632c0478d64 ("s390/pkey: Add sysfs attributes to emit protected key blobs") ebb7c695d3bc ("pkey: Indicate old mkvp only if old and current mkvp are different") ee410de890cd ("s390/zcrypt: zcrypt device driver cleanup") efc598e6c8a9 ("s390/zcrypt: move cca misc functions to new code file") f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") f822ad2c2c03 ("s390/pkey: move pckmo subfunction available checks away from module init") fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs")
v4.14.198: Failed to apply! Possible dependencies: 01451ad47e27 ("powerpc/powermac: Use setup_timer() helper") 0534bde7de19 ("s390/pkey: Define protected key blob format") 2a80786d477a ("s390/zcrypt: Remove deprecated ioctls.") 812141a9fe61 ("s390: crypto: add SPDX identifiers to the remaining files") 83ad1e6a1dc0 ("powerpc/oprofile: Use setup_timer() helper") 8d6b1bf20f61 ("powerpc/6xx: Use setup_timer() helper") 9a5641080bf4 ("s390/zcrypt: Introduce QACT support for AP bus devices.") a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation") ac2b96f351d7 ("s390/zcrypt: code beautify") af4a72276d49 ("s390/zcrypt: Support up to 256 crypto adapters.") b9eaf1872222 ("treewide: init_timer() -> setup_timer()") c828a8920307 ("treewide: Use DEVICE_ATTR_RO") cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification") e629cfa36ea0 ("MIPS: Lasat: Use setup_timer() helper") e99e88a9d2b0 ("treewide: setup_timer() -> timer_setup()") f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs")
v4.9.236: Failed to apply! Possible dependencies: 1d9995771fcb ("s390: update defconfigs") 80abb39b504e ("s390: update defconfig") a3358e3de393 ("s390/zcrypt: Rework CONFIG_ZCRYPT Kconfig text.") a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation") cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification") e61a6134e7a5 ("s390/pkey: Introduce new API for secure key verification") e80d4af0a320 ("s390/pkey: Introduce pkey kernel module") f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs") fc1d3f02544a ("s390/zcrypt: Move the ap bus into kernel")
v4.4.236: Failed to apply! Possible dependencies: 1d9995771fcb ("s390: update defconfigs") 6e127efeeae5 ("s390/config: make the vector optimized crc function builtin") 80abb39b504e ("s390: update defconfig") a086171ad886 ("s390: Updated kernel config files") cb14def6a9ca ("s390/configs: update default configurations") e80d4af0a320 ("s390/pkey: Introduce pkey kernel module") e9bc15f28e5f ("s390/config: update default configuration") f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support") fdcebf6f18ee ("s390/config: Enable config options for Docker")
NOTE: The patch will not be queued to stable trees until it is upstream.
How should we proceed with this patch?
linux-stable-mirror@lists.linaro.org
-
Harald Freudenberger -
Ingo Franzki -
Sasha Levin