6f3196b74d
There have been some findings during Eric Biggers rework of the
paes implementation which this patch tries to address:
A very minor finding within paes ctr where when the cpacf instruction
returns with only partially data en/decrytped the walk_done() was
mistakenly done with the all data counter. Please note this can only
happen when the kmctr returns because the protected key became invalid
in the middle of the operation. And this is only with suspend and
resume on a system with different effective wrapping key.
Eric Biggers mentioned that the context struct within the tfm struct
may be shared among multiple kernel threads. So here now a rework
which uses a spinlock per context to protect the read and write of the
protected key blob value. The en/decrypt functions copy the protected
key(s) at the beginning into a param struct and do not work with the
protected key within the context any more. If the protected key in the
param struct becomes invalid, the key material is again converted to
protected key(s) and the context gets this update protected by the
spinlock. Race conditions are still possible and may result in writing
the very same protected key value more than once. So the spinlock
needs to make sure the protected key(s) within the context are
consistent updated.
The ctr page is now locked by a mutex instead of a spinlock. A similar
patch went into the aes_s390 code as a result of a complain "sleeping
function called from invalid context at ...algapi.h". See
commit
|
||
---|---|---|
.. | ||
aes_s390.c | ||
arch_random.c | ||
crc32-vx.c | ||
crc32be-vx.S | ||
crc32le-vx.S | ||
des_s390.c | ||
ghash_s390.c | ||
Makefile | ||
paes_s390.c | ||
prng.c | ||
sha1_s390.c | ||
sha3_256_s390.c | ||
sha3_512_s390.c | ||
sha256_s390.c | ||
sha512_s390.c | ||
sha_common.c | ||
sha.h |