From e29851c910af605f1b42e9762cc830184826a93b Mon Sep 17 00:00:00 2001 From: Andrey Markovytch Date: Wed, 20 Apr 2016 17:40:00 +0300 Subject: PFK: fix race between key set and key invalidate in TZ When working with multiple files and multiple threads, the following scenario can occur: 1. File Close -> Key cache removal -> context switch 2. Open new file -> occupy the entry cleaned in 1 -> TZ_ES_SET_ICE_KEY -> context switch 3. Back to 1 -> TZ_ES_INVALIDATE_ICE_KEY 4. Back to 2 -> ICE uses the key that is already invalid 5. Crash due to PARTIALLY_SET_KEY_USED To fix this, pfk must know when requests using some key are completed. Only then key removal shall be allowed and until then key invalidation must wait. A new callback was added to let clients inform PFK when requests end. Change-Id: Id7f8a3302fac9fafd1203d8d56ca13d59b45bbd5 Signed-off-by: Gilad Broner Signed-off-by: Andrey Markovytch --- include/linux/pfk.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'include/linux') diff --git a/include/linux/pfk.h b/include/linux/pfk.h index f492d758291e..a7e8ecbea8f5 100644 --- a/include/linux/pfk.h +++ b/include/linux/pfk.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -19,13 +19,20 @@ struct ice_crypto_setting; #ifdef CONFIG_PFK -int pfk_load_key(const struct bio *bio, struct ice_crypto_setting *ice_setting); +int pfk_load_key_start(const struct bio *bio, + struct ice_crypto_setting *ice_setting, bool *is_pfe, bool); +int pfk_load_key_end(const struct bio *bio, bool *is_pfe); int pfk_remove_key(const unsigned char *key, size_t key_size); bool pfk_allow_merge_bio(struct bio *bio1, struct bio *bio2); #else -static inline int pfk_load_key(const struct bio *bio, - struct ice_crypto_setting *ice_setting) +static inline int pfk_load_key_start(const struct bio *bio, + struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) +{ + return -ENODEV; +} + +static inline int pfk_load_key_end(const struct bio *bio, bool *is_pfe) { return -ENODEV; } -- cgit v1.2.3