From patchwork Wed May 8 14:43:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 10935831 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 11FD21515 for ; Wed, 8 May 2019 14:45:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3E46276D6 for ; Wed, 8 May 2019 14:45:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E30462844B; Wed, 8 May 2019 14:45:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C6FA276D6 for ; Wed, 8 May 2019 14:45:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6FB0C6B0274; Wed, 8 May 2019 10:44:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 654496B0276; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 457626B0278; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 0B1F26B0274 for ; Wed, 8 May 2019 10:44:46 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id x5so12774108pfi.5 for ; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=W6m17Hrz7mMXRuCnuzuaf5je4qoyo8lsRAEw+Mb4/RY=; b=T0+FdC3grnmVGqlXPxeha+U1u4Rnj9F9HBCzPrW4ORUylWfMXIoD5/mB13gYPX4H4J kW5U/HKsoEw8CnkbpTOla4Fru/VHsgaIzduNXDDWsEM2hj/UrnnmxCCQOldxHmMhK+Pv j0ZIk6JkPWv6cv1z61ERYhyBe06sCDFhxFry3JpPanmhollX+eC4l451pLkGFjX16pW/ x3HFhDOsCpV9/0mlx71uAJZCLQTKe8ZoyRD1XVhw5K6KPQuA8VAQ+K4GQmY2ltNFDp36 x/nBiJuwCg04bNu9fUMuSmlXgoda2vTd3VJ7kwP/tbi9czkMt5N9nrrU/xCvhPkr1dNd lliA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWiHdZezENoHiJ9RSZJn7cvrutWX12NDOi6n7c1T9iX+WhM3uBJ vrjA6tK+fmSsLKs9yoWO1F1Ld4Jw+iEov6k7fMzoAaE9+g0qpSSTlFxzBaOrcRqKM4Z5Qu9r5hV Ued1lfeEy9aI90O0rCXo4qWuQGWS9LTacgevtDAhdeF1GiAsEm35Zm7SIIlSgde/t3g== X-Received: by 2002:a17:902:5ac8:: with SMTP id g8mr16475265plm.154.1557326685693; Wed, 08 May 2019 07:44:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqy4LP429x9KQVXRobkucxd2vmd6VRyGlv1g99pH3N1xLhUr6JUE1BhRdkQQtWhrF2zgFJzM X-Received: by 2002:a17:902:5ac8:: with SMTP id g8mr16475139plm.154.1557326684418; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=DVOL3uFxB4j1e4uUKk4tUtISYSPUwhT8mELDMlk6j8RhpVDon2XtvhFAhKB/RwqyY1 M1UY2LgiddLk1yUj70PTQOZpIQj5x7ZAlLlRH1OJWckDoWgdSfNx6V57wSEYzr08QUyp AIBnH+6JwF1dMjhZkNM6uJs5MpDxOgQ+nVcp4wVzg+FifCrkEmdEeSePdtK6XqhwNQeU gzKveygxY0uGoyEBPaSJAs2X6bJucOCGE186ILu8MVDNBimbDB5nOIyajows0vprUJQO UGRPumNMHDDSMWnmXduuBv7nFKfQ++6ST+45w1+icnaAXMyeI4FTOrSnBjhvboXcQW9T +72Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=W6m17Hrz7mMXRuCnuzuaf5je4qoyo8lsRAEw+Mb4/RY=; b=o1IntS4GdIz2DE6Mlpnhw/0+osJXlhDu/k3BvaWu2Sl70fj+klNMX59YZjVzVtVCL1 hWHKmGgHW4D17yEivjRihKO+HcHxEwtG8X88K50ei1bQLQWlRv+CB+1cFl2+a8/gcOJv Cei53K2bHhmaEPOOqp+g0+d541Mh/ZeLUqgtXkmn6hAEKqLVMjEChO1mf2aBf+eNb0o7 hovWHTsFp9PJx0g1Z77JouiNL64XTjTmt1EKLfPAqbfPUXlw01sEz1JNLC0bS+CjdN4n 9iXY1RJaGvZSZfQpw08ar6KwwpRqB0CVNMlItYHoYI6EC+nXqAK40wLgC1nJo4hHYWyC VgnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id f6si24524459plf.90.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656541" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id E5276ABE; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 25/62] keys/mktme: Instantiate and destroy MKTME keys Date: Wed, 8 May 2019 17:43:45 +0300 Message-Id: <20190508144422.13171-26-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Instantiating and destroying are two Kernel Key Service methods that are invoked by the kernel key service when a key is added (add_key, request_key) or removed (invalidate, revoke, timeout). During instantiation, MKTME needs to allocate an available hardware KeyID and map it to the Userspace Key. During destroy, MKTME wil returned the hardware KeyID to the pool of available keys. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 92a047caa829..14bc4e600978 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -14,6 +14,8 @@ #include "internal.h" +static DEFINE_SPINLOCK(mktme_lock); + /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { unsigned int mapped_keyids; @@ -95,6 +97,26 @@ struct mktme_payload { u8 tweak_key[MKTME_AES_XTS_SIZE]; }; +/* Key Service Method called when a Userspace Key is garbage collected. */ +static void mktme_destroy_key(struct key *key) +{ + mktme_release_keyid(mktme_keyid_from_key(key)); +} + +/* Key Service Method to create a new key. Payload is preparsed. */ +int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) +{ + unsigned long flags; + int keyid; + + spin_lock_irqsave(&mktme_lock, flags); + keyid = mktme_reserve_keyid(key); + spin_unlock_irqrestore(&mktme_lock, flags); + if (!keyid) + return -ENOKEY; + return 0; +} + /* Make sure arguments are correct for the TYPE of key requested */ static int mktme_check_options(struct mktme_payload *payload, unsigned long token_mask, enum mktme_type type) @@ -236,7 +258,9 @@ struct key_type key_type_mktme = { .name = "mktme", .preparse = mktme_preparse_payload, .free_preparse = mktme_free_preparsed_payload, + .instantiate = mktme_instantiate_key, .describe = user_describe, + .destroy = mktme_destroy_key, }; static int __init init_mktme(void)