Commit 7bbe449d authored by Harald Freudenberger's avatar Harald Freudenberger Committed by Alexander Gordeev

s390/paes: Reestablish retry loop in paes

With commit ed6776c9 ("s390/crypto: remove retry
loop with sleep from PAES pkey invocation") the retry
loop to retry derivation of a protected key from a
secure key has been removed. This was based on the
assumption that theses retries are not needed any
more as proper retries are done in the zcrypt layer.

However, tests have revealed that there exist some
cases with master key change in the HSM and immediately
(< 1 second) attempt to derive a protected key from a
secure key with exact this HSM may eventually fail.

The low level functions in zcrypt_ccamisc.c and
zcrypt_ep11misc.c detect and report this temporary
failure and report it to the caller as -EBUSY. The
re-established retry loop in the paes implementation
catches exactly this -EBUSY and eventually may run
some retries.

Fixes: ed6776c9 ("s390/crypto: remove retry loop with sleep from PAES pkey invocation")
Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Reviewed-by: default avatarIngo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
Signed-off-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
parent da565832
...@@ -125,8 +125,19 @@ struct s390_pxts_ctx { ...@@ -125,8 +125,19 @@ struct s390_pxts_ctx {
static inline int __paes_keyblob2pkey(struct key_blob *kb, static inline int __paes_keyblob2pkey(struct key_blob *kb,
struct pkey_protkey *pk) struct pkey_protkey *pk)
{ {
return pkey_keyblob2pkey(kb->key, kb->keylen, int i, ret = -EIO;
pk->protkey, &pk->len, &pk->type);
/* try three times in case of busy card */
for (i = 0; ret && i < 3; i++) {
if (ret == -EBUSY && in_task()) {
if (msleep_interruptible(1000))
return -EINTR;
}
ret = pkey_keyblob2pkey(kb->key, kb->keylen,
pk->protkey, &pk->len, &pk->type);
}
return ret;
} }
static inline int __paes_convert_key(struct s390_paes_ctx *ctx) static inline int __paes_convert_key(struct s390_paes_ctx *ctx)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment