[GIT PULL] s390 updates for 6.5 merge window
From: Alexander Gordeev
Date: Tue Jun 27 2023 - 14:38:18 EST
Hello Linus,
These three commits were on 'protected-key' branch:
9e436c195e2d s390/pkey: add support for ecc clear key
f370f45c6475 s390/pkey: do not use struct pkey_protkey
46a29b039e2e s390/pkey: introduce reverse x-mas trees
and were merged into 'features' branch as:
e23b4fdb5cd0 Merge branch 'protected-key' into features
The three merged commits are on top of a prerequisite fix
844cf829e5f3 ("s390/pkey: zeroize key blobs"), which together
with the preceding commit are in the mainline already:
844cf829e5f3 s390/pkey: zeroize key blobs
8703dd6b238d s390/crypto: use vector instructions only if available for ChaCha20
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 5a05d1cdfec2..a8def50c149b 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1293,6 +1293,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
return PTR_ERR(kkey);
rc = pkey_keyblob2pkey(kkey, ktp.keylen, &ktp.protkey);
DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
+ memzero_explicit(kkey, ktp.keylen);
kfree(kkey);
if (rc)
break;
@@ -1426,6 +1427,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
kkey, ktp.keylen, &ktp.protkey);
DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
kfree(apqns);
+ memzero_explicit(kkey, ktp.keylen);
kfree(kkey);
if (rc)
break;
@@ -1552,6 +1554,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
protkey, &protkeylen);
DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
kfree(apqns);
+ memzero_explicit(kkey, ktp.keylen);
kfree(kkey);
if (rc) {
kfree(protkey);
diff --git a/arch/s390/crypto/chacha-glue.c b/arch/s390/crypto/chacha-glue.c
index 7752bd314558..5fae187f947a 100644
--- a/arch/s390/crypto/chacha-glue.c
+++ b/arch/s390/crypto/chacha-glue.c
@@ -82,7 +82,7 @@ void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src,
* it cannot handle a block of data or less, but otherwise
* it can handle data of arbitrary size
*/
- if (bytes <= CHACHA_BLOCK_SIZE || nrounds != 20)
+ if (bytes <= CHACHA_BLOCK_SIZE || nrounds != 20 || !MACHINE_HAS_VX)
chacha_crypt_generic(state, dst, src, bytes, nrounds);
else
chacha20_crypt_s390(state, dst, src, bytes,
As result, the shortstat when merging will look different
to the one generated with 'git request-pull' below:
21 files changed, 997 insertions(+), 328 deletions(-)
Please pull s390 changes for 6.5 merge window.
Thank you,
Alexander
The following changes since commit f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6:
Linux 6.4-rc2 (2023-05-14 12:51:40 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git tags/s390-6.5-1
for you to fetch changes up to 9b9cf3c77e7e090b30657b3d2c288deb58dfb4f2:
s390/cpum_cf: rework PER_CPU_DEFINE of struct cpu_cf_events (2023-06-15 13:31:58 +0200)
----------------------------------------------------------------
s390 updates for 6.5 merge window
- Fix the style of protected key API driver source: use
x-mas tree for all local variable declarations.
- Rework protected key API driver to not use the struct
pkey_protkey and pkey_clrkey anymore. Both structures
have a fixed size buffer, but with the support of ECC
protected key these buffers are not big enough. Use
dynamic buffers internally and transparently for
userspace.
- Add support for a new 'non CCA clear key token' with
ECC clear keys supported: ECC P256, ECC P384, ECC P521,
ECC ED25519 and ECC ED448. This makes it possible to
derive a protected key from the ECC clear key input via
PKEY_KBLOB2PROTK3 ioctl, while currently the only way
to derive is via PCKMO instruction.
- The s390 PMU of PAI crypto and extension 1 NNPA counters
use atomic_t for reference counting. Replace this with
the proper data type refcount_t.
- Select ARCH_SUPPORTS_INT128, but limit this to clang for
now, since gcc generates inefficient code, which may lead
to stack overflows.
- Replace one-element array with flexible-array member in
struct vfio_ccw_parent and refactor the rest of the code
accordingly. Also, prefer struct_size() over sizeof() open-
coded versions.
- Introduce OS_INFO_FLAGS_ENTRY pointing to a flags field and
OS_INFO_FLAG_REIPL_CLEAR flag that informs a dumper whether
the system memory should be cleared or not once dumped.
- Fix a hang when a user attempts to remove a VFIO-AP mediated
device attached to a guest: add VFIO_DEVICE_GET_IRQ_INFO and
VFIO_DEVICE_SET_IRQS IOCTLs and wire up the VFIO bus driver
callback to request a release of the device.
- Fix calculation for R_390_GOTENT relocations for modules.
- Allow any user space process with CAP_PERFMON capability
read and display the CPU Measurement facility counter sets.
- Rework large statically-defined per-CPU cpu_cf_events data
structure and replace it with dynamically allocated structures
created when a perf_event_open() system call is invoked or
/dev/hwctr device is accessed.
----------------------------------------------------------------
Alexander Gordeev (1):
Merge branch 'protected-key' into features
Gustavo A. R. Silva (2):
vfio/ccw: replace one-element array with flexible-array member
vfio/ccw: use struct_size() helper
Harald Freudenberger (3):
s390/pkey: introduce reverse x-mas trees
s390/pkey: do not use struct pkey_protkey
s390/pkey: add support for ecc clear key
Heiko Carstens (2):
s390: select ARCH_SUPPORTS_INT128
s390/crypto: use vector instructions only if available for ChaCha20
Holger Dengler (1):
s390/pkey: zeroize key blobs
Mikhail Zaslonko (2):
s390/ipl: add REIPL_CLEAR flag to os_info
s390/zcore: conditionally clear memory on reipl
Sumanth Korikkar (1):
s390/module: fix rela calculation for R_390_GOTENT
Thomas Richter (4):
s390/pai_crypto: replace atomic_t with refcount_t
s390/pai_ext: replace atomic_t with refcount_t
s390/cpum_cf: open access to hwctr device for CAP_PERFMON privileged process
s390/cpum_cf: rework PER_CPU_DEFINE of struct cpu_cf_events
Tony Krowiak (3):
s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl
s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl
s390/vfio-ap: wire in the vfio_device_ops request callback
arch/s390/Kconfig | 1 +
arch/s390/crypto/chacha-glue.c | 2 +-
arch/s390/crypto/paes_s390.c | 9 +-
arch/s390/include/asm/asm-prototypes.h | 4 +
arch/s390/include/asm/cpacf.h | 7 +-
arch/s390/include/asm/os_info.h | 7 +-
arch/s390/include/asm/pkey.h | 4 +-
arch/s390/include/uapi/asm/pkey.h | 15 +-
arch/s390/kernel/ipl.c | 16 +
arch/s390/kernel/module.c | 3 +-
arch/s390/kernel/perf_cpum_cf.c | 452 ++++++++++++++++------
arch/s390/kernel/perf_pai_crypto.c | 19 +-
arch/s390/kernel/perf_pai_ext.c | 23 +-
arch/s390/lib/Makefile | 2 +-
arch/s390/lib/tishift.S | 63 +++
drivers/s390/char/zcore.c | 41 +-
drivers/s390/cio/vfio_ccw_drv.c | 2 +-
drivers/s390/cio/vfio_ccw_private.h | 2 +-
drivers/s390/crypto/pkey_api.c | 512 ++++++++++++++++---------
drivers/s390/crypto/vfio_ap_ops.c | 134 ++++++-
drivers/s390/crypto/vfio_ap_private.h | 3 +
include/uapi/linux/vfio.h | 9 +
22 files changed, 1001 insertions(+), 329 deletions(-)
create mode 100644 arch/s390/lib/tishift.S