s390/pkey: improve pkey retry behavior

This patch reworks and improves the pkey retry behavior for the pkey_ep11key2pkey() function. In contrast to the pkey_skey2pkey() function which is used to trigger a protected key derivation from an CCA secure data or cipher key the EP11 counterpart function had no proper retry loop implemented. This patch now introduces code which acts similar to the retry already done for CCA keys for this function used for EP11 keys. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Holger Dengler <dengler@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

s390/pkey: improve pkey retry behavior
This patch reworks and improves the pkey retry behavior for the pkey_ep11key2pkey() function. In contrast to the pkey_skey2pkey() function which is used to trigger a protected key derivation from an CCA secure data or cipher key the EP11 counterpart function had no proper retry loop implemented. This patch now introduces code which acts similar to the retry already done for CCA keys for this function used for EP11 keys. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Holger Dengler <dengler@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
5dabfeca · Harald Freudenberger · Heiko Carstens · c3384369 · 5dabfeca
Commit 5dabfeca authored Feb 08, 2024 by Harald Freudenberger Committed by Heiko Carstens Mar 07, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 18 deletions

drivers/s390/crypto/pkey_api.c drivers/s390/crypto/pkey_api.c +21 -18

No files found.
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -293,33 +293,36 @@ static int pkey_ep11key2pkey(const u8 *key, size_t keylen,
 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
 {
 	u32 nr_apqns, *apqns = NULL;
+	int i, j, rc = -ENODEV;
 	u16 card, dom;
-	int i, rc;
 	zcrypt_wait_api_operational();
-	/* build a list of apqns suitable for this key */
+	/* try two times in case of failure */
-	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
+	for (i = 0; i < 2 && rc; i++) {
-			    ZCRYPT_CEX7,
-			    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
-			    ep11_kb_wkvp(key, keylen));
-	if (rc)
-		goto out;
-	/* go through the list of apqns and try to derive an pkey */
+		/* build a list of apqns suitable for this key */
-	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
+		rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
-		card = apqns[i] >> 16;
+				    ZCRYPT_CEX7,
-		dom = apqns[i] & 0xFFFF;
+				    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
-		rc = ep11_kblob2protkey(card, dom, key, keylen,
+				    ep11_kb_wkvp(key, keylen));
-					protkey, protkeylen, protkeytype);
+		if (rc)
-		if (rc == 0)
+			continue; /* retry findcard on failure */
-			break;
+		/* go through the list of apqns and try to derive an pkey */
+		for (rc = -ENODEV, j = 0; j < nr_apqns && rc; j++) {
+			card = apqns[j] >> 16;
+			dom = apqns[j] & 0xFFFF;
+			rc = ep11_kblob2protkey(card, dom, key, keylen,
+						protkey, protkeylen, protkeytype);
+		}
+		kfree(apqns);
 	}
-out:
-	kfree(apqns);
 	if (rc)
 		pr_debug("%s failed rc=%d\n", __func__, rc);
 	return rc;
 }