s390/pkey/crypto: Introduce xflags param for pkey in-kernel API

Add a new parameter xflags to the in-kernel API function
pkey_key2protkey(). Currently there is only one flag supported:

* PKEY_XFLAG_NOMEMALLOC:
  If this flag is given in the xflags parameter, the pkey
  implementation is not allowed to allocate memory but instead should
  fall back to use preallocated memory or simple fail with -ENOMEM.
  This flag is for protected key derive within a cipher or similar
  which must not allocate memory which would cause io operations - see
  also the CRYPTO_ALG_ALLOCATES_MEMORY flag in crypto.h.

The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Link: https://lore.kernel.org/r/20250424133619.16495-26-freude@linux.ibm.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 511093713a6fc8870d373ba290be236180bfbb26..1f62a946040505382c061e4c43a5951424bd64d8 100644 (file)
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -182,14 +182,14 @@ static inline int __paes_keyblob2pkey(const u8 *key, unsigned int keylen,
 {
        int i, rc = -EIO;
 
-       /* try three times in case of busy card */
+       /* try three times in case of busy card or no mem */
        for (i = 0; rc && i < 3; i++) {
-               if (rc == -EBUSY && in_task()) {
+               if ((rc == -EBUSY || rc == -ENOMEM) && in_task()) {
                        if (msleep_interruptible(1000))
                                return -EINTR;
                }
                rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len,
-                                     &pk->type);
+                                     &pk->type, PKEY_XFLAG_NOMEMALLOC);
        }
 
        return rc;

diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h
index a709a72be79a51dff3a2592c3b158985f5cdc49a..b7b59faf16f497a9c58ce2e15bf8d89d2b898c8a 100644 (file)
--- a/arch/s390/include/asm/pkey.h
+++ b/arch/s390/include/asm/pkey.h
@@ -20,10 +20,13 @@
  * @param key pointer to a buffer containing the key blob
  * @param keylen size of the key blob in bytes
  * @param protkey pointer to buffer receiving the protected key
+ * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below)
+ *       As of now the only supported flag is PKEY_XFLAG_NOMEMALLOC.
  * @return 0 on success, negative errno value on failure
  */
 int pkey_key2protkey(const u8 *key, u32 keylen,
-                    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+                    u8 *protkey, u32 *protkeylen, u32 *protkeytype,
+                    u32 xflags);
 
 /*
  * If this flag is given in the xflags parameter, the pkey implementation

diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 55a4e70b866b736daeec0a2ec0836bc57d4db5bc..cef60770f68bc69bb359badf45a3d7793c2d4a2b 100644 (file)
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -53,10 +53,9 @@ static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
  * In-Kernel function: Transform a key blob (of any type) into a protected key
  */
 int pkey_key2protkey(const u8 *key, u32 keylen,
-                    u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+                    u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags)
 {
        int rc;
-       const u32 xflags = 0;
 
        rc = key2protkey(NULL, 0, key, keylen,
                         protkey, protkeylen, protkeytype, xflags);