[PATCH] s390/pkey: fix paes selftest failure with paes and pkey static build

[PATCH] s390/pkey: fix paes selftest failure with paes and pkey static build

[Harald Freudenberger]

When both the paes and the pkey kernel module are statically build
into the kernel, the paes cipher selftests run before the pkey
kernel module is initialized. So a static variable set in the pkey
init function and used in the pkey_clr2protkey function is not
initialized when the paes cipher's selftests request to call pckmo for
transforming a clear key value into a protected key.

This patch moves the initial setup of the static variable into
the function pck_clr2protkey. So it's possible, to use the function
for transforming a clear to a protected key even before the pkey
init function has been called and the paes selftests may run
successful.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reported-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
Cc: Stable <stable@vger.kernel.org>
---
 drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 490917cd44d0..5f75c9dfe071 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface");
 #define KEYBLOBBUFSIZE 8192  /* key buffer size used for internal processing */
 #define MAXAPQNSINLIST 64    /* max 64 apqns within a apqn list */
 
-/* mask of available pckmo subfunctions, fetched once at module init */
-static cpacf_mask_t pckmo_functions;
-
 /*
  * debug feature data and functions
  */
@@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype,
 			    const struct pkey_clrkey *clrkey,
 			    struct pkey_protkey *protkey)
 {
+	/* mask of available pckmo subfunctions */
+	static cpacf_mask_t pckmo_functions;
+
 	long fc;
 	int keysize;
 	u8 paramblock[64];
@@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype,
 		return -EINVAL;
 	}
 
-	/*
-	 * Check if the needed pckmo subfunction is available.
-	 * These subfunctions can be enabled/disabled by customers
-	 * in the LPAR profile or may even change on the fly.
-	 */
+	/* did we already check for PCKMO ? */
+	if (!pckmo_functions.bytes[0]) {
+		/* no, so check now */
+		if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
+			return -ENODEV;
+	}
+	/* check for the pckmo subfunction we need now */
 	if (!cpacf_test_func(&pckmo_functions, fc)) {
 		DEBUG_ERR("%s pckmo functions not available\n", __func__);
 		return -ENODEV;
@@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = {
  */
 static int __init pkey_init(void)
 {
-	cpacf_mask_t kmc_functions;
+	cpacf_mask_t func_mask;
 
 	/*
 	 * The pckmo instruction should be available - even if we don't
@@ -1861,15 +1863,15 @@ static int __init pkey_init(void)
 	 * is also the minimum level for the kmc instructions which
 	 * are able to work with protected keys.
 	 */
-	if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
+	if (!cpacf_query(CPACF_PCKMO, &func_mask))
 		return -ENODEV;
 
 	/* check for kmc instructions available */
-	if (!cpacf_query(CPACF_KMC, &kmc_functions))
+	if (!cpacf_query(CPACF_KMC, &func_mask))
 		return -ENODEV;
-	if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
-	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||
-	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256))
+	if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
+	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
+	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
 		return -ENODEV;
 
 	pkey_debug_init();
-- 
2.17.1

Re: [PATCH] s390/pkey: fix paes selftest failure with paes and pkey static build

[Ingo Franzki]

On 15.09.2020 11:21, Harald Freudenberger wrote:
> When both the paes and the pkey kernel module are statically build
> into the kernel, the paes cipher selftests run before the pkey
> kernel module is initialized. So a static variable set in the pkey
> init function and used in the pkey_clr2protkey function is not
> initialized when the paes cipher's selftests request to call pckmo for
> transforming a clear key value into a protected key.
> 
> This patch moves the initial setup of the static variable into
> the function pck_clr2protkey. So it's possible, to use the function
> for transforming a clear to a protected key even before the pkey
> init function has been called and the paes selftests may run
> successful.
> 
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> Reported-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
> Cc: Stable <stable@vger.kernel.org>
> ---
>  drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++--------------
>  1 file changed, 16 insertions(+), 14 deletions(-)
> 
> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
> index 490917cd44d0..5f75c9dfe071 100644
> --- a/drivers/s390/crypto/pkey_api.c
> +++ b/drivers/s390/crypto/pkey_api.c
> @@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface");
>  #define KEYBLOBBUFSIZE 8192  /* key buffer size used for internal processing */
>  #define MAXAPQNSINLIST 64    /* max 64 apqns within a apqn list */
>  
> -/* mask of available pckmo subfunctions, fetched once at module init */
> -static cpacf_mask_t pckmo_functions;
> -
>  /*
>   * debug feature data and functions
>   */
> @@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype,
>  			    const struct pkey_clrkey *clrkey,
>  			    struct pkey_protkey *protkey)
>  {
> +	/* mask of available pckmo subfunctions */
> +	static cpacf_mask_t pckmo_functions;
> +
>  	long fc;
>  	int keysize;
>  	u8 paramblock[64];
> @@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype,
>  		return -EINVAL;
>  	}
>  
> -	/*
> -	 * Check if the needed pckmo subfunction is available.
> -	 * These subfunctions can be enabled/disabled by customers
> -	 * in the LPAR profile or may even change on the fly.
> -	 */
> +	/* did we already check for PCKMO ? */
> +	if (!pckmo_functions.bytes[0]) {
> +		/* no, so check now */
> +		if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
> +			return -ENODEV;
> +	}
Does this need a lock here? What if 2 processes or threads call this concurrently? 
Certainly the cpacf_query will produce the same result, but updating static pckmo_functions concurrently might cause problems.
> +	/* check for the pckmo subfunction we need now */
>  	if (!cpacf_test_func(&pckmo_functions, fc)) {
>  		DEBUG_ERR("%s pckmo functions not available\n", __func__);
>  		return -ENODEV;
> @@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = {
>   */
>  static int __init pkey_init(void)
>  {
> -	cpacf_mask_t kmc_functions;
> +	cpacf_mask_t func_mask;
>  
>  	/*
>  	 * The pckmo instruction should be available - even if we don't
> @@ -1861,15 +1863,15 @@ static int __init pkey_init(void)
>  	 * is also the minimum level for the kmc instructions which
>  	 * are able to work with protected keys.
>  	 */
> -	if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
> +	if (!cpacf_query(CPACF_PCKMO, &func_mask))
>  		return -ENODEV;
>  
>  	/* check for kmc instructions available */
> -	if (!cpacf_query(CPACF_KMC, &kmc_functions))
> +	if (!cpacf_query(CPACF_KMC, &func_mask))
>  		return -ENODEV;
> -	if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
> -	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||
> -	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256))
> +	if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
> +	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
> +	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
>  		return -ENODEV;
>  
>  	pkey_debug_init();
> 


-- 
Ingo Franzki
eMail: ifranzki@linux.ibm.com  
Tel: ++49 (0)7031-16-4648
Fax: ++49 (0)7031-16-3456
Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany

IBM Deutschland Research & Development GmbH / Vorsitzender des Aufsichtsrats: Matthias Hartmann
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/

Re: [PATCH] s390/pkey: fix paes selftest failure with paes and pkey static build

[Harald Freudenberger]

On 17.09.20 17:01, Ingo Franzki wrote:
> On 15.09.2020 11:21, Harald Freudenberger wrote:
>> When both the paes and the pkey kernel module are statically build
>> into the kernel, the paes cipher selftests run before the pkey
>> kernel module is initialized. So a static variable set in the pkey
>> init function and used in the pkey_clr2protkey function is not
>> initialized when the paes cipher's selftests request to call pckmo for
>> transforming a clear key value into a protected key.
>>
>> This patch moves the initial setup of the static variable into
>> the function pck_clr2protkey. So it's possible, to use the function
>> for transforming a clear to a protected key even before the pkey
>> init function has been called and the paes selftests may run
>> successful.
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Reported-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
>> Cc: Stable <stable@vger.kernel.org>
>> ---
>>  drivers/s390/crypto/pkey_api.c | 30 ++++++++++++++++--------------
>>  1 file changed, 16 insertions(+), 14 deletions(-)
>>
>> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
>> index 490917cd44d0..5f75c9dfe071 100644
>> --- a/drivers/s390/crypto/pkey_api.c
>> +++ b/drivers/s390/crypto/pkey_api.c
>> @@ -34,9 +34,6 @@ MODULE_DESCRIPTION("s390 protected key interface");
>>  #define KEYBLOBBUFSIZE 8192  /* key buffer size used for internal processing */
>>  #define MAXAPQNSINLIST 64    /* max 64 apqns within a apqn list */
>>  
>> -/* mask of available pckmo subfunctions, fetched once at module init */
>> -static cpacf_mask_t pckmo_functions;
>> -
>>  /*
>>   * debug feature data and functions
>>   */
>> @@ -90,6 +87,9 @@ static int pkey_clr2protkey(u32 keytype,
>>  			    const struct pkey_clrkey *clrkey,
>>  			    struct pkey_protkey *protkey)
>>  {
>> +	/* mask of available pckmo subfunctions */
>> +	static cpacf_mask_t pckmo_functions;
>> +
>>  	long fc;
>>  	int keysize;
>>  	u8 paramblock[64];
>> @@ -113,11 +113,13 @@ static int pkey_clr2protkey(u32 keytype,
>>  		return -EINVAL;
>>  	}
>>  
>> -	/*
>> -	 * Check if the needed pckmo subfunction is available.
>> -	 * These subfunctions can be enabled/disabled by customers
>> -	 * in the LPAR profile or may even change on the fly.
>> -	 */
>> +	/* did we already check for PCKMO ? */
>> +	if (!pckmo_functions.bytes[0]) {
>> +		/* no, so check now */
>> +		if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
>> +			return -ENODEV;
>> +	}
> Does this need a lock here? What if 2 processes or threads call this concurrently? 
> Certainly the cpacf_query will produce the same result, but updating static pckmo_functions concurrently might cause problems.
I'd say as long as both concurrent threads will fetch the very same value - No, even if the update is not done atomically.
For example:
  u64 blubber[2] = { 0, 0 };
  // thread 1 updates blubber but unfortunately not in an atomic way:
  blubber[0] = 0x1122334455667788;
  // now interrupted by thread 2 which updates blubber now:
  blubber[1] = 0x8877665544332211;
  blubber[0] = 0x1122334455667788;
  // and finally thread1 comes again and does the 2. half of the update:
  blubber[1] = 0x8877665544332211;
even if you reshuffle this the result is the very same as long as both threads
update blubber WITH THE SAME VALUE.
For a different value, I do agree some kind of locking is needed.
At least this is my understanding...
>> +	/* check for the pckmo subfunction we need now */
>>  	if (!cpacf_test_func(&pckmo_functions, fc)) {
>>  		DEBUG_ERR("%s pckmo functions not available\n", __func__);
>>  		return -ENODEV;
>> @@ -1853,7 +1855,7 @@ static struct miscdevice pkey_dev = {
>>   */
>>  static int __init pkey_init(void)
>>  {
>> -	cpacf_mask_t kmc_functions;
>> +	cpacf_mask_t func_mask;
>>  
>>  	/*
>>  	 * The pckmo instruction should be available - even if we don't
>> @@ -1861,15 +1863,15 @@ static int __init pkey_init(void)
>>  	 * is also the minimum level for the kmc instructions which
>>  	 * are able to work with protected keys.
>>  	 */
>> -	if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
>> +	if (!cpacf_query(CPACF_PCKMO, &func_mask))
>>  		return -ENODEV;
>>  
>>  	/* check for kmc instructions available */
>> -	if (!cpacf_query(CPACF_KMC, &kmc_functions))
>> +	if (!cpacf_query(CPACF_KMC, &func_mask))
>>  		return -ENODEV;
>> -	if (!cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_128) ||
>> -	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_192) ||
>> -	    !cpacf_test_func(&kmc_functions, CPACF_KMC_PAES_256))
>> +	if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
>> +	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
>> +	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
>>  		return -ENODEV;
>>  
>>  	pkey_debug_init();
>>
>

Re: [PATCH] s390/pkey: fix paes selftest failure with paes and pkey static build

[Sasha Levin]

Hi

[This is an automated email]

This commit has been processed because it contains a -stable tag.
The stable tag indicates that it's relevant for the following trees: all

The bot has tested the following trees: v5.8.9, v5.4.65, v4.19.145, v4.14.198, v4.9.236, v4.4.236.

v5.8.9: Build OK!
v5.4.65: Build OK!
v4.19.145: Failed to apply! Possible dependencies:
    00fab2350e6b ("s390/zcrypt: multiple zcrypt device nodes support")
    0534bde7de19 ("s390/pkey: Define protected key blob format")
    183cb46954dd ("s390/pkey: pkey cleanup: narrow in-kernel API, fix some variable types")
    a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation")
    af504452d10e ("s390/pkey: Add sysfs attributes to emit secure key blobs")
    cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification")
    d632c0478d64 ("s390/pkey: Add sysfs attributes to emit protected key blobs")
    ebb7c695d3bc ("pkey: Indicate old mkvp only if old and current mkvp are different")
    ee410de890cd ("s390/zcrypt: zcrypt device driver cleanup")
    efc598e6c8a9 ("s390/zcrypt: move cca misc functions to new code file")
    f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support")
    f822ad2c2c03 ("s390/pkey: move pckmo subfunction available checks away from module init")
    fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs")

v4.14.198: Failed to apply! Possible dependencies:
    01451ad47e27 ("powerpc/powermac: Use setup_timer() helper")
    0534bde7de19 ("s390/pkey: Define protected key blob format")
    2a80786d477a ("s390/zcrypt: Remove deprecated ioctls.")
    812141a9fe61 ("s390: crypto: add SPDX identifiers to the remaining files")
    83ad1e6a1dc0 ("powerpc/oprofile: Use setup_timer() helper")
    8d6b1bf20f61 ("powerpc/6xx: Use setup_timer() helper")
    9a5641080bf4 ("s390/zcrypt: Introduce QACT support for AP bus devices.")
    a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation")
    ac2b96f351d7 ("s390/zcrypt: code beautify")
    af4a72276d49 ("s390/zcrypt: Support up to 256 crypto adapters.")
    b9eaf1872222 ("treewide: init_timer() -> setup_timer()")
    c828a8920307 ("treewide: Use DEVICE_ATTR_RO")
    cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification")
    e629cfa36ea0 ("MIPS: Lasat: Use setup_timer() helper")
    e99e88a9d2b0 ("treewide: setup_timer() -> timer_setup()")
    f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support")
    fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs")

v4.9.236: Failed to apply! Possible dependencies:
    1d9995771fcb ("s390: update defconfigs")
    80abb39b504e ("s390: update defconfig")
    a3358e3de393 ("s390/zcrypt: Rework CONFIG_ZCRYPT Kconfig text.")
    a45a5c7d36a5 ("s390/pkey: Introduce new API for random protected key generation")
    cb26b9ff7187 ("s390/pkey: Introduce new API for random protected key verification")
    e61a6134e7a5 ("s390/pkey: Introduce new API for secure key verification")
    e80d4af0a320 ("s390/pkey: Introduce pkey kernel module")
    f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support")
    fb1136d6580c ("s390/pkey: Introduce new API for transforming key blobs")
    fc1d3f02544a ("s390/zcrypt: Move the ap bus into kernel")

v4.4.236: Failed to apply! Possible dependencies:
    1d9995771fcb ("s390: update defconfigs")
    6e127efeeae5 ("s390/config: make the vector optimized crc function builtin")
    80abb39b504e ("s390: update defconfig")
    a086171ad886 ("s390: Updated kernel config files")
    cb14def6a9ca ("s390/configs: update default configurations")
    e80d4af0a320 ("s390/pkey: Introduce pkey kernel module")
    e9bc15f28e5f ("s390/config: update default configuration")
    f2bbc96e7cfa ("s390/pkey: add CCA AES cipher key support")
    fdcebf6f18ee ("s390/config: Enable config options for Docker")


NOTE: The patch will not be queued to stable trees until it is upstream.

How should we proceed with this patch?

-- 
Thanks
Sasha