Commit 5dabfeca authored by Harald Freudenberger's avatar Harald Freudenberger Committed by Heiko Carstens
Browse files

s390/pkey: improve pkey retry behavior 



This patch reworks and improves the pkey retry behavior for the
pkey_ep11key2pkey() function. In contrast to the pkey_skey2pkey()
function which is used to trigger a protected key derivation from an
CCA secure data or cipher key the EP11 counterpart function had no
proper retry loop implemented. This patch now introduces code which
acts similar to the retry already done for CCA keys for this function
used for EP11 keys.

Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
parent c3384369

drivers/s390/crypto/pkey_api.c

+21 −18
Original line number Diff line number Diff line
@@ -293,33 +293,36 @@ static int pkey_ep11key2pkey(const u8 *key, size_t keylen, 
			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)

{

	u32 nr_apqns, *apqns = NULL;

	int i, j, rc = -ENODEV;

	u16 card, dom;

	int i, rc;



	zcrypt_wait_api_operational();



	/* try two times in case of failure */

	for (i = 0; i < 2 && rc; i++) {



		/* build a list of apqns suitable for this key */

		rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,

				    ZCRYPT_CEX7,

				    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,

				    ep11_kb_wkvp(key, keylen));

		if (rc)

		goto out;

			continue; /* retry findcard on failure */



		/* go through the list of apqns and try to derive an pkey */

	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {

		card = apqns[i] >> 16;

		dom = apqns[i] & 0xFFFF;

		for (rc = -ENODEV, j = 0; j < nr_apqns && rc; j++) {

			card = apqns[j] >> 16;

			dom = apqns[j] & 0xFFFF;

			rc = ep11_kblob2protkey(card, dom, key, keylen,

						protkey, protkeylen, protkeytype);

		if (rc == 0)

			break;

		}



out:

		kfree(apqns);

	}



	if (rc)

		pr_debug("%s failed rc=%d\n", __func__, rc);



	return rc;

}