1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * Cornelia Huck <cornelia.huck@de.ibm.com> 7 * 8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 10 * Ralph Wuerthner <rwuerthn@de.ibm.com> 11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com> 13 */ 14 15 #include <linux/module.h> 16 #include <linux/init.h> 17 #include <linux/interrupt.h> 18 #include <linux/miscdevice.h> 19 #include <linux/fs.h> 20 #include <linux/compat.h> 21 #include <linux/slab.h> 22 #include <linux/atomic.h> 23 #include <linux/uaccess.h> 24 #include <linux/hw_random.h> 25 #include <linux/debugfs.h> 26 #include <linux/cdev.h> 27 #include <linux/ctype.h> 28 #include <asm/debug.h> 29 30 #define CREATE_TRACE_POINTS 31 #include <asm/trace/zcrypt.h> 32 33 #include "zcrypt_api.h" 34 #include "zcrypt_debug.h" 35 36 #include "zcrypt_msgtype6.h" 37 #include "zcrypt_msgtype50.h" 38 #include "zcrypt_ccamisc.h" 39 #include "zcrypt_ep11misc.h" 40 41 /* 42 * Module description. 43 */ 44 MODULE_AUTHOR("IBM Corporation"); 45 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \ 46 "Copyright IBM Corp. 2001, 2012"); 47 MODULE_LICENSE("GPL"); 48 49 /* 50 * zcrypt tracepoint functions 51 */ 52 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 54 55 static int zcrypt_hwrng_seed = 1; 56 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 57 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 58 59 DEFINE_SPINLOCK(zcrypt_list_lock); 60 LIST_HEAD(zcrypt_card_list); 61 int zcrypt_device_count; 62 63 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 64 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0); 65 66 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0); 67 EXPORT_SYMBOL(zcrypt_rescan_req); 68 69 static LIST_HEAD(zcrypt_ops_list); 70 71 /* Zcrypt related debug feature stuff. */ 72 debug_info_t *zcrypt_dbf_info; 73 74 /** 75 * Process a rescan of the transport layer. 76 * 77 * Returns 1, if the rescan has been processed, otherwise 0. 78 */ 79 static inline int zcrypt_process_rescan(void) 80 { 81 if (atomic_read(&zcrypt_rescan_req)) { 82 atomic_set(&zcrypt_rescan_req, 0); 83 atomic_inc(&zcrypt_rescan_count); 84 ap_bus_force_rescan(); 85 ZCRYPT_DBF(DBF_INFO, "rescan count=%07d\n", 86 atomic_inc_return(&zcrypt_rescan_count)); 87 return 1; 88 } 89 return 0; 90 } 91 92 void zcrypt_msgtype_register(struct zcrypt_ops *zops) 93 { 94 list_add_tail(&zops->list, &zcrypt_ops_list); 95 } 96 97 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops) 98 { 99 list_del_init(&zops->list); 100 } 101 102 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant) 103 { 104 struct zcrypt_ops *zops; 105 106 list_for_each_entry(zops, &zcrypt_ops_list, list) 107 if ((zops->variant == variant) && 108 (!strncmp(zops->name, name, sizeof(zops->name)))) 109 return zops; 110 return NULL; 111 } 112 EXPORT_SYMBOL(zcrypt_msgtype); 113 114 /* 115 * Multi device nodes extension functions. 116 */ 117 118 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 119 120 struct zcdn_device; 121 122 static struct class *zcrypt_class; 123 static dev_t zcrypt_devt; 124 static struct cdev zcrypt_cdev; 125 126 struct zcdn_device { 127 struct device device; 128 struct ap_perms perms; 129 }; 130 131 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device) 132 133 #define ZCDN_MAX_NAME 32 134 135 static int zcdn_create(const char *name); 136 static int zcdn_destroy(const char *name); 137 138 /* 139 * Find zcdn device by name. 140 * Returns reference to the zcdn device which needs to be released 141 * with put_device() after use. 142 */ 143 static inline struct zcdn_device *find_zcdndev_by_name(const char *name) 144 { 145 struct device *dev = class_find_device_by_name(zcrypt_class, name); 146 147 return dev ? to_zcdn_dev(dev) : NULL; 148 } 149 150 /* 151 * Find zcdn device by devt value. 152 * Returns reference to the zcdn device which needs to be released 153 * with put_device() after use. 154 */ 155 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt) 156 { 157 struct device *dev = class_find_device_by_devt(zcrypt_class, devt); 158 159 return dev ? to_zcdn_dev(dev) : NULL; 160 } 161 162 static ssize_t ioctlmask_show(struct device *dev, 163 struct device_attribute *attr, 164 char *buf) 165 { 166 int i, rc; 167 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 168 169 if (mutex_lock_interruptible(&ap_perms_mutex)) 170 return -ERESTARTSYS; 171 172 buf[0] = '0'; 173 buf[1] = 'x'; 174 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++) 175 snprintf(buf + 2 + 2 * i * sizeof(long), 176 PAGE_SIZE - 2 - 2 * i * sizeof(long), 177 "%016lx", zcdndev->perms.ioctlm[i]); 178 buf[2 + 2 * i * sizeof(long)] = '\n'; 179 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 180 rc = 2 + 2 * i * sizeof(long) + 1; 181 182 mutex_unlock(&ap_perms_mutex); 183 184 return rc; 185 } 186 187 static ssize_t ioctlmask_store(struct device *dev, 188 struct device_attribute *attr, 189 const char *buf, size_t count) 190 { 191 int rc; 192 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 193 194 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm, 195 AP_IOCTLS, &ap_perms_mutex); 196 if (rc) 197 return rc; 198 199 return count; 200 } 201 202 static DEVICE_ATTR_RW(ioctlmask); 203 204 static ssize_t apmask_show(struct device *dev, 205 struct device_attribute *attr, 206 char *buf) 207 { 208 int i, rc; 209 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 210 211 if (mutex_lock_interruptible(&ap_perms_mutex)) 212 return -ERESTARTSYS; 213 214 buf[0] = '0'; 215 buf[1] = 'x'; 216 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++) 217 snprintf(buf + 2 + 2 * i * sizeof(long), 218 PAGE_SIZE - 2 - 2 * i * sizeof(long), 219 "%016lx", zcdndev->perms.apm[i]); 220 buf[2 + 2 * i * sizeof(long)] = '\n'; 221 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 222 rc = 2 + 2 * i * sizeof(long) + 1; 223 224 mutex_unlock(&ap_perms_mutex); 225 226 return rc; 227 } 228 229 static ssize_t apmask_store(struct device *dev, 230 struct device_attribute *attr, 231 const char *buf, size_t count) 232 { 233 int rc; 234 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 235 236 rc = ap_parse_mask_str(buf, zcdndev->perms.apm, 237 AP_DEVICES, &ap_perms_mutex); 238 if (rc) 239 return rc; 240 241 return count; 242 } 243 244 static DEVICE_ATTR_RW(apmask); 245 246 static ssize_t aqmask_show(struct device *dev, 247 struct device_attribute *attr, 248 char *buf) 249 { 250 int i, rc; 251 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 252 253 if (mutex_lock_interruptible(&ap_perms_mutex)) 254 return -ERESTARTSYS; 255 256 buf[0] = '0'; 257 buf[1] = 'x'; 258 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++) 259 snprintf(buf + 2 + 2 * i * sizeof(long), 260 PAGE_SIZE - 2 - 2 * i * sizeof(long), 261 "%016lx", zcdndev->perms.aqm[i]); 262 buf[2 + 2 * i * sizeof(long)] = '\n'; 263 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 264 rc = 2 + 2 * i * sizeof(long) + 1; 265 266 mutex_unlock(&ap_perms_mutex); 267 268 return rc; 269 } 270 271 static ssize_t aqmask_store(struct device *dev, 272 struct device_attribute *attr, 273 const char *buf, size_t count) 274 { 275 int rc; 276 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 277 278 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm, 279 AP_DOMAINS, &ap_perms_mutex); 280 if (rc) 281 return rc; 282 283 return count; 284 } 285 286 static DEVICE_ATTR_RW(aqmask); 287 288 static struct attribute *zcdn_dev_attrs[] = { 289 &dev_attr_ioctlmask.attr, 290 &dev_attr_apmask.attr, 291 &dev_attr_aqmask.attr, 292 NULL 293 }; 294 295 static struct attribute_group zcdn_dev_attr_group = { 296 .attrs = zcdn_dev_attrs 297 }; 298 299 static const struct attribute_group *zcdn_dev_attr_groups[] = { 300 &zcdn_dev_attr_group, 301 NULL 302 }; 303 304 static ssize_t zcdn_create_store(struct class *class, 305 struct class_attribute *attr, 306 const char *buf, size_t count) 307 { 308 int rc; 309 char name[ZCDN_MAX_NAME]; 310 311 strncpy(name, skip_spaces(buf), sizeof(name)); 312 name[sizeof(name) - 1] = '\0'; 313 314 rc = zcdn_create(strim(name)); 315 316 return rc ? rc : count; 317 } 318 319 static const struct class_attribute class_attr_zcdn_create = 320 __ATTR(create, 0600, NULL, zcdn_create_store); 321 322 static ssize_t zcdn_destroy_store(struct class *class, 323 struct class_attribute *attr, 324 const char *buf, size_t count) 325 { 326 int rc; 327 char name[ZCDN_MAX_NAME]; 328 329 strncpy(name, skip_spaces(buf), sizeof(name)); 330 name[sizeof(name) - 1] = '\0'; 331 332 rc = zcdn_destroy(strim(name)); 333 334 return rc ? rc : count; 335 } 336 337 static const struct class_attribute class_attr_zcdn_destroy = 338 __ATTR(destroy, 0600, NULL, zcdn_destroy_store); 339 340 static void zcdn_device_release(struct device *dev) 341 { 342 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 343 344 ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n", 345 MAJOR(dev->devt), MINOR(dev->devt)); 346 347 kfree(zcdndev); 348 } 349 350 static int zcdn_create(const char *name) 351 { 352 dev_t devt; 353 int i, rc = 0; 354 char nodename[ZCDN_MAX_NAME]; 355 struct zcdn_device *zcdndev; 356 357 if (mutex_lock_interruptible(&ap_perms_mutex)) 358 return -ERESTARTSYS; 359 360 /* check if device node with this name already exists */ 361 if (name[0]) { 362 zcdndev = find_zcdndev_by_name(name); 363 if (zcdndev) { 364 put_device(&zcdndev->device); 365 rc = -EEXIST; 366 goto unlockout; 367 } 368 } 369 370 /* find an unused minor number */ 371 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 372 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 373 zcdndev = find_zcdndev_by_devt(devt); 374 if (zcdndev) 375 put_device(&zcdndev->device); 376 else 377 break; 378 } 379 if (i == ZCRYPT_MAX_MINOR_NODES) { 380 rc = -ENOSPC; 381 goto unlockout; 382 } 383 384 /* alloc and prepare a new zcdn device */ 385 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL); 386 if (!zcdndev) { 387 rc = -ENOMEM; 388 goto unlockout; 389 } 390 zcdndev->device.release = zcdn_device_release; 391 zcdndev->device.class = zcrypt_class; 392 zcdndev->device.devt = devt; 393 zcdndev->device.groups = zcdn_dev_attr_groups; 394 if (name[0]) 395 strncpy(nodename, name, sizeof(nodename)); 396 else 397 snprintf(nodename, sizeof(nodename), 398 ZCRYPT_NAME "_%d", (int) MINOR(devt)); 399 nodename[sizeof(nodename)-1] = '\0'; 400 if (dev_set_name(&zcdndev->device, nodename)) { 401 rc = -EINVAL; 402 goto unlockout; 403 } 404 rc = device_register(&zcdndev->device); 405 if (rc) { 406 put_device(&zcdndev->device); 407 goto unlockout; 408 } 409 410 ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n", 411 MAJOR(devt), MINOR(devt)); 412 413 unlockout: 414 mutex_unlock(&ap_perms_mutex); 415 return rc; 416 } 417 418 static int zcdn_destroy(const char *name) 419 { 420 int rc = 0; 421 struct zcdn_device *zcdndev; 422 423 if (mutex_lock_interruptible(&ap_perms_mutex)) 424 return -ERESTARTSYS; 425 426 /* try to find this zcdn device */ 427 zcdndev = find_zcdndev_by_name(name); 428 if (!zcdndev) { 429 rc = -ENOENT; 430 goto unlockout; 431 } 432 433 /* 434 * The zcdn device is not hard destroyed. It is subject to 435 * reference counting and thus just needs to be unregistered. 436 */ 437 put_device(&zcdndev->device); 438 device_unregister(&zcdndev->device); 439 440 unlockout: 441 mutex_unlock(&ap_perms_mutex); 442 return rc; 443 } 444 445 static void zcdn_destroy_all(void) 446 { 447 int i; 448 dev_t devt; 449 struct zcdn_device *zcdndev; 450 451 mutex_lock(&ap_perms_mutex); 452 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 453 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 454 zcdndev = find_zcdndev_by_devt(devt); 455 if (zcdndev) { 456 put_device(&zcdndev->device); 457 device_unregister(&zcdndev->device); 458 } 459 } 460 mutex_unlock(&ap_perms_mutex); 461 } 462 463 #endif 464 465 /** 466 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 467 * 468 * This function is not supported beyond zcrypt 1.3.1. 469 */ 470 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 471 size_t count, loff_t *f_pos) 472 { 473 return -EPERM; 474 } 475 476 /** 477 * zcrypt_write(): Not allowed. 478 * 479 * Write is is not allowed 480 */ 481 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 482 size_t count, loff_t *f_pos) 483 { 484 return -EPERM; 485 } 486 487 /** 488 * zcrypt_open(): Count number of users. 489 * 490 * Device open function to count number of users. 491 */ 492 static int zcrypt_open(struct inode *inode, struct file *filp) 493 { 494 struct ap_perms *perms = &ap_perms; 495 496 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 497 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 498 struct zcdn_device *zcdndev; 499 500 if (mutex_lock_interruptible(&ap_perms_mutex)) 501 return -ERESTARTSYS; 502 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 503 /* find returns a reference, no get_device() needed */ 504 mutex_unlock(&ap_perms_mutex); 505 if (zcdndev) 506 perms = &zcdndev->perms; 507 } 508 #endif 509 filp->private_data = (void *) perms; 510 511 atomic_inc(&zcrypt_open_count); 512 return stream_open(inode, filp); 513 } 514 515 /** 516 * zcrypt_release(): Count number of users. 517 * 518 * Device close function to count number of users. 519 */ 520 static int zcrypt_release(struct inode *inode, struct file *filp) 521 { 522 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 523 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 524 struct zcdn_device *zcdndev; 525 526 mutex_lock(&ap_perms_mutex); 527 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 528 mutex_unlock(&ap_perms_mutex); 529 if (zcdndev) { 530 /* 2 puts here: one for find, one for open */ 531 put_device(&zcdndev->device); 532 put_device(&zcdndev->device); 533 } 534 } 535 #endif 536 537 atomic_dec(&zcrypt_open_count); 538 return 0; 539 } 540 541 static inline int zcrypt_check_ioctl(struct ap_perms *perms, 542 unsigned int cmd) 543 { 544 int rc = -EPERM; 545 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT; 546 547 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) { 548 if (test_bit_inv(ioctlnr, perms->ioctlm)) 549 rc = 0; 550 } 551 552 if (rc) 553 ZCRYPT_DBF(DBF_WARN, 554 "ioctl check failed: ioctlnr=0x%04x rc=%d\n", 555 ioctlnr, rc); 556 557 return rc; 558 } 559 560 static inline bool zcrypt_check_card(struct ap_perms *perms, int card) 561 { 562 return test_bit_inv(card, perms->apm) ? true : false; 563 } 564 565 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue) 566 { 567 return test_bit_inv(queue, perms->aqm) ? true : false; 568 } 569 570 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc, 571 struct zcrypt_queue *zq, 572 struct module **pmod, 573 unsigned int weight) 574 { 575 if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner)) 576 return NULL; 577 zcrypt_queue_get(zq); 578 get_device(&zq->queue->ap_dev.device); 579 atomic_add(weight, &zc->load); 580 atomic_add(weight, &zq->load); 581 zq->request_count++; 582 *pmod = zq->queue->ap_dev.drv->driver.owner; 583 return zq; 584 } 585 586 static inline void zcrypt_drop_queue(struct zcrypt_card *zc, 587 struct zcrypt_queue *zq, 588 struct module *mod, 589 unsigned int weight) 590 { 591 zq->request_count--; 592 atomic_sub(weight, &zc->load); 593 atomic_sub(weight, &zq->load); 594 put_device(&zq->queue->ap_dev.device); 595 zcrypt_queue_put(zq); 596 module_put(mod); 597 } 598 599 static inline bool zcrypt_card_compare(struct zcrypt_card *zc, 600 struct zcrypt_card *pref_zc, 601 unsigned int weight, 602 unsigned int pref_weight) 603 { 604 if (!pref_zc) 605 return false; 606 weight += atomic_read(&zc->load); 607 pref_weight += atomic_read(&pref_zc->load); 608 if (weight == pref_weight) 609 return atomic64_read(&zc->card->total_request_count) > 610 atomic64_read(&pref_zc->card->total_request_count); 611 return weight > pref_weight; 612 } 613 614 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq, 615 struct zcrypt_queue *pref_zq, 616 unsigned int weight, 617 unsigned int pref_weight) 618 { 619 if (!pref_zq) 620 return false; 621 weight += atomic_read(&zq->load); 622 pref_weight += atomic_read(&pref_zq->load); 623 if (weight == pref_weight) 624 return zq->queue->total_request_count > 625 pref_zq->queue->total_request_count; 626 return weight > pref_weight; 627 } 628 629 /* 630 * zcrypt ioctls. 631 */ 632 static long zcrypt_rsa_modexpo(struct ap_perms *perms, 633 struct ica_rsa_modexpo *mex) 634 { 635 struct zcrypt_card *zc, *pref_zc; 636 struct zcrypt_queue *zq, *pref_zq; 637 unsigned int weight, pref_weight; 638 unsigned int func_code; 639 int qid = 0, rc = -ENODEV; 640 struct module *mod; 641 642 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO); 643 644 if (mex->outputdatalength < mex->inputdatalength) { 645 func_code = 0; 646 rc = -EINVAL; 647 goto out; 648 } 649 650 /* 651 * As long as outputdatalength is big enough, we can set the 652 * outputdatalength equal to the inputdatalength, since that is the 653 * number of bytes we will copy in any case 654 */ 655 mex->outputdatalength = mex->inputdatalength; 656 657 rc = get_rsa_modex_fc(mex, &func_code); 658 if (rc) 659 goto out; 660 661 pref_zc = NULL; 662 pref_zq = NULL; 663 spin_lock(&zcrypt_list_lock); 664 for_each_zcrypt_card(zc) { 665 /* Check for online accelarator and CCA cards */ 666 if (!zc->online || !(zc->card->functions & 0x18000000)) 667 continue; 668 /* Check for size limits */ 669 if (zc->min_mod_size > mex->inputdatalength || 670 zc->max_mod_size < mex->inputdatalength) 671 continue; 672 /* check if device node has admission for this card */ 673 if (!zcrypt_check_card(perms, zc->card->id)) 674 continue; 675 /* get weight index of the card device */ 676 weight = zc->speed_rating[func_code]; 677 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 678 continue; 679 for_each_zcrypt_queue(zq, zc) { 680 /* check if device is online and eligible */ 681 if (!zq->online || !zq->ops->rsa_modexpo) 682 continue; 683 /* check if device node has admission for this queue */ 684 if (!zcrypt_check_queue(perms, 685 AP_QID_QUEUE(zq->queue->qid))) 686 continue; 687 if (zcrypt_queue_compare(zq, pref_zq, 688 weight, pref_weight)) 689 continue; 690 pref_zc = zc; 691 pref_zq = zq; 692 pref_weight = weight; 693 } 694 } 695 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 696 spin_unlock(&zcrypt_list_lock); 697 698 if (!pref_zq) { 699 rc = -ENODEV; 700 goto out; 701 } 702 703 qid = pref_zq->queue->qid; 704 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex); 705 706 spin_lock(&zcrypt_list_lock); 707 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 708 spin_unlock(&zcrypt_list_lock); 709 710 out: 711 trace_s390_zcrypt_rep(mex, func_code, rc, 712 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 713 return rc; 714 } 715 716 static long zcrypt_rsa_crt(struct ap_perms *perms, 717 struct ica_rsa_modexpo_crt *crt) 718 { 719 struct zcrypt_card *zc, *pref_zc; 720 struct zcrypt_queue *zq, *pref_zq; 721 unsigned int weight, pref_weight; 722 unsigned int func_code; 723 int qid = 0, rc = -ENODEV; 724 struct module *mod; 725 726 trace_s390_zcrypt_req(crt, TP_ICARSACRT); 727 728 if (crt->outputdatalength < crt->inputdatalength) { 729 func_code = 0; 730 rc = -EINVAL; 731 goto out; 732 } 733 734 /* 735 * As long as outputdatalength is big enough, we can set the 736 * outputdatalength equal to the inputdatalength, since that is the 737 * number of bytes we will copy in any case 738 */ 739 crt->outputdatalength = crt->inputdatalength; 740 741 rc = get_rsa_crt_fc(crt, &func_code); 742 if (rc) 743 goto out; 744 745 pref_zc = NULL; 746 pref_zq = NULL; 747 spin_lock(&zcrypt_list_lock); 748 for_each_zcrypt_card(zc) { 749 /* Check for online accelarator and CCA cards */ 750 if (!zc->online || !(zc->card->functions & 0x18000000)) 751 continue; 752 /* Check for size limits */ 753 if (zc->min_mod_size > crt->inputdatalength || 754 zc->max_mod_size < crt->inputdatalength) 755 continue; 756 /* check if device node has admission for this card */ 757 if (!zcrypt_check_card(perms, zc->card->id)) 758 continue; 759 /* get weight index of the card device */ 760 weight = zc->speed_rating[func_code]; 761 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 762 continue; 763 for_each_zcrypt_queue(zq, zc) { 764 /* check if device is online and eligible */ 765 if (!zq->online || !zq->ops->rsa_modexpo_crt) 766 continue; 767 /* check if device node has admission for this queue */ 768 if (!zcrypt_check_queue(perms, 769 AP_QID_QUEUE(zq->queue->qid))) 770 continue; 771 if (zcrypt_queue_compare(zq, pref_zq, 772 weight, pref_weight)) 773 continue; 774 pref_zc = zc; 775 pref_zq = zq; 776 pref_weight = weight; 777 } 778 } 779 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 780 spin_unlock(&zcrypt_list_lock); 781 782 if (!pref_zq) { 783 rc = -ENODEV; 784 goto out; 785 } 786 787 qid = pref_zq->queue->qid; 788 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt); 789 790 spin_lock(&zcrypt_list_lock); 791 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 792 spin_unlock(&zcrypt_list_lock); 793 794 out: 795 trace_s390_zcrypt_rep(crt, func_code, rc, 796 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 797 return rc; 798 } 799 800 static long _zcrypt_send_cprb(struct ap_perms *perms, 801 struct ica_xcRB *xcRB) 802 { 803 struct zcrypt_card *zc, *pref_zc; 804 struct zcrypt_queue *zq, *pref_zq; 805 struct ap_message ap_msg; 806 unsigned int weight, pref_weight; 807 unsigned int func_code; 808 unsigned short *domain, tdom; 809 int qid = 0, rc = -ENODEV; 810 struct module *mod; 811 812 trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB); 813 814 xcRB->status = 0; 815 ap_init_message(&ap_msg); 816 rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain); 817 if (rc) 818 goto out; 819 820 /* 821 * If a valid target domain is set and this domain is NOT a usage 822 * domain but a control only domain, use the default domain as target. 823 */ 824 tdom = *domain; 825 if (tdom >= 0 && tdom < AP_DOMAINS && 826 !ap_test_config_usage_domain(tdom) && 827 ap_test_config_ctrl_domain(tdom) && 828 ap_domain_index >= 0) 829 tdom = ap_domain_index; 830 831 pref_zc = NULL; 832 pref_zq = NULL; 833 spin_lock(&zcrypt_list_lock); 834 for_each_zcrypt_card(zc) { 835 /* Check for online CCA cards */ 836 if (!zc->online || !(zc->card->functions & 0x10000000)) 837 continue; 838 /* Check for user selected CCA card */ 839 if (xcRB->user_defined != AUTOSELECT && 840 xcRB->user_defined != zc->card->id) 841 continue; 842 /* check if device node has admission for this card */ 843 if (!zcrypt_check_card(perms, zc->card->id)) 844 continue; 845 /* get weight index of the card device */ 846 weight = speed_idx_cca(func_code) * zc->speed_rating[SECKEY]; 847 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 848 continue; 849 for_each_zcrypt_queue(zq, zc) { 850 /* check if device is online and eligible */ 851 if (!zq->online || 852 !zq->ops->send_cprb || 853 (tdom != AUTOSEL_DOM && 854 tdom != AP_QID_QUEUE(zq->queue->qid))) 855 continue; 856 /* check if device node has admission for this queue */ 857 if (!zcrypt_check_queue(perms, 858 AP_QID_QUEUE(zq->queue->qid))) 859 continue; 860 if (zcrypt_queue_compare(zq, pref_zq, 861 weight, pref_weight)) 862 continue; 863 pref_zc = zc; 864 pref_zq = zq; 865 pref_weight = weight; 866 } 867 } 868 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 869 spin_unlock(&zcrypt_list_lock); 870 871 if (!pref_zq) { 872 rc = -ENODEV; 873 goto out; 874 } 875 876 /* in case of auto select, provide the correct domain */ 877 qid = pref_zq->queue->qid; 878 if (*domain == AUTOSEL_DOM) 879 *domain = AP_QID_QUEUE(qid); 880 881 rc = pref_zq->ops->send_cprb(pref_zq, xcRB, &ap_msg); 882 883 spin_lock(&zcrypt_list_lock); 884 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 885 spin_unlock(&zcrypt_list_lock); 886 887 out: 888 ap_release_message(&ap_msg); 889 trace_s390_zcrypt_rep(xcRB, func_code, rc, 890 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 891 return rc; 892 } 893 894 long zcrypt_send_cprb(struct ica_xcRB *xcRB) 895 { 896 return _zcrypt_send_cprb(&ap_perms, xcRB); 897 } 898 EXPORT_SYMBOL(zcrypt_send_cprb); 899 900 static bool is_desired_ep11_card(unsigned int dev_id, 901 unsigned short target_num, 902 struct ep11_target_dev *targets) 903 { 904 while (target_num-- > 0) { 905 if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP) 906 return true; 907 targets++; 908 } 909 return false; 910 } 911 912 static bool is_desired_ep11_queue(unsigned int dev_qid, 913 unsigned short target_num, 914 struct ep11_target_dev *targets) 915 { 916 int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid); 917 918 while (target_num-- > 0) { 919 if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) && 920 (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM)) 921 return true; 922 targets++; 923 } 924 return false; 925 } 926 927 static long _zcrypt_send_ep11_cprb(struct ap_perms *perms, 928 struct ep11_urb *xcrb) 929 { 930 struct zcrypt_card *zc, *pref_zc; 931 struct zcrypt_queue *zq, *pref_zq; 932 struct ep11_target_dev *targets; 933 unsigned short target_num; 934 unsigned int weight, pref_weight; 935 unsigned int func_code; 936 struct ap_message ap_msg; 937 int qid = 0, rc = -ENODEV; 938 struct module *mod; 939 940 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB); 941 942 ap_init_message(&ap_msg); 943 944 target_num = (unsigned short) xcrb->targets_num; 945 946 /* empty list indicates autoselect (all available targets) */ 947 targets = NULL; 948 if (target_num != 0) { 949 struct ep11_target_dev __user *uptr; 950 951 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL); 952 if (!targets) { 953 func_code = 0; 954 rc = -ENOMEM; 955 goto out; 956 } 957 958 uptr = (struct ep11_target_dev __force __user *) xcrb->targets; 959 if (copy_from_user(targets, uptr, 960 target_num * sizeof(*targets))) { 961 func_code = 0; 962 rc = -EFAULT; 963 goto out_free; 964 } 965 } 966 967 rc = get_ep11cprb_fc(xcrb, &ap_msg, &func_code); 968 if (rc) 969 goto out_free; 970 971 pref_zc = NULL; 972 pref_zq = NULL; 973 spin_lock(&zcrypt_list_lock); 974 for_each_zcrypt_card(zc) { 975 /* Check for online EP11 cards */ 976 if (!zc->online || !(zc->card->functions & 0x04000000)) 977 continue; 978 /* Check for user selected EP11 card */ 979 if (targets && 980 !is_desired_ep11_card(zc->card->id, target_num, targets)) 981 continue; 982 /* check if device node has admission for this card */ 983 if (!zcrypt_check_card(perms, zc->card->id)) 984 continue; 985 /* get weight index of the card device */ 986 weight = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY]; 987 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 988 continue; 989 for_each_zcrypt_queue(zq, zc) { 990 /* check if device is online and eligible */ 991 if (!zq->online || 992 !zq->ops->send_ep11_cprb || 993 (targets && 994 !is_desired_ep11_queue(zq->queue->qid, 995 target_num, targets))) 996 continue; 997 /* check if device node has admission for this queue */ 998 if (!zcrypt_check_queue(perms, 999 AP_QID_QUEUE(zq->queue->qid))) 1000 continue; 1001 if (zcrypt_queue_compare(zq, pref_zq, 1002 weight, pref_weight)) 1003 continue; 1004 pref_zc = zc; 1005 pref_zq = zq; 1006 pref_weight = weight; 1007 } 1008 } 1009 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 1010 spin_unlock(&zcrypt_list_lock); 1011 1012 if (!pref_zq) { 1013 rc = -ENODEV; 1014 goto out_free; 1015 } 1016 1017 qid = pref_zq->queue->qid; 1018 rc = pref_zq->ops->send_ep11_cprb(pref_zq, xcrb, &ap_msg); 1019 1020 spin_lock(&zcrypt_list_lock); 1021 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 1022 spin_unlock(&zcrypt_list_lock); 1023 1024 out_free: 1025 kfree(targets); 1026 out: 1027 ap_release_message(&ap_msg); 1028 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1029 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1030 return rc; 1031 } 1032 1033 long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb) 1034 { 1035 return _zcrypt_send_ep11_cprb(&ap_perms, xcrb); 1036 } 1037 EXPORT_SYMBOL(zcrypt_send_ep11_cprb); 1038 1039 static long zcrypt_rng(char *buffer) 1040 { 1041 struct zcrypt_card *zc, *pref_zc; 1042 struct zcrypt_queue *zq, *pref_zq; 1043 unsigned int weight, pref_weight; 1044 unsigned int func_code; 1045 struct ap_message ap_msg; 1046 unsigned int domain; 1047 int qid = 0, rc = -ENODEV; 1048 struct module *mod; 1049 1050 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB); 1051 1052 ap_init_message(&ap_msg); 1053 rc = get_rng_fc(&ap_msg, &func_code, &domain); 1054 if (rc) 1055 goto out; 1056 1057 pref_zc = NULL; 1058 pref_zq = NULL; 1059 spin_lock(&zcrypt_list_lock); 1060 for_each_zcrypt_card(zc) { 1061 /* Check for online CCA cards */ 1062 if (!zc->online || !(zc->card->functions & 0x10000000)) 1063 continue; 1064 /* get weight index of the card device */ 1065 weight = zc->speed_rating[func_code]; 1066 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 1067 continue; 1068 for_each_zcrypt_queue(zq, zc) { 1069 /* check if device is online and eligible */ 1070 if (!zq->online || !zq->ops->rng) 1071 continue; 1072 if (zcrypt_queue_compare(zq, pref_zq, 1073 weight, pref_weight)) 1074 continue; 1075 pref_zc = zc; 1076 pref_zq = zq; 1077 pref_weight = weight; 1078 } 1079 } 1080 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 1081 spin_unlock(&zcrypt_list_lock); 1082 1083 if (!pref_zq) { 1084 rc = -ENODEV; 1085 goto out; 1086 } 1087 1088 qid = pref_zq->queue->qid; 1089 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg); 1090 1091 spin_lock(&zcrypt_list_lock); 1092 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 1093 spin_unlock(&zcrypt_list_lock); 1094 1095 out: 1096 ap_release_message(&ap_msg); 1097 trace_s390_zcrypt_rep(buffer, func_code, rc, 1098 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1099 return rc; 1100 } 1101 1102 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus) 1103 { 1104 struct zcrypt_card *zc; 1105 struct zcrypt_queue *zq; 1106 struct zcrypt_device_status *stat; 1107 int card, queue; 1108 1109 memset(devstatus, 0, MAX_ZDEV_ENTRIES 1110 * sizeof(struct zcrypt_device_status)); 1111 1112 spin_lock(&zcrypt_list_lock); 1113 for_each_zcrypt_card(zc) { 1114 for_each_zcrypt_queue(zq, zc) { 1115 card = AP_QID_CARD(zq->queue->qid); 1116 if (card >= MAX_ZDEV_CARDIDS) 1117 continue; 1118 queue = AP_QID_QUEUE(zq->queue->qid); 1119 stat = &devstatus[card * AP_DOMAINS + queue]; 1120 stat->hwtype = zc->card->ap_dev.device_type; 1121 stat->functions = zc->card->functions >> 26; 1122 stat->qid = zq->queue->qid; 1123 stat->online = zq->online ? 0x01 : 0x00; 1124 } 1125 } 1126 spin_unlock(&zcrypt_list_lock); 1127 } 1128 1129 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus) 1130 { 1131 struct zcrypt_card *zc; 1132 struct zcrypt_queue *zq; 1133 struct zcrypt_device_status_ext *stat; 1134 int card, queue; 1135 1136 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT 1137 * sizeof(struct zcrypt_device_status_ext)); 1138 1139 spin_lock(&zcrypt_list_lock); 1140 for_each_zcrypt_card(zc) { 1141 for_each_zcrypt_queue(zq, zc) { 1142 card = AP_QID_CARD(zq->queue->qid); 1143 queue = AP_QID_QUEUE(zq->queue->qid); 1144 stat = &devstatus[card * AP_DOMAINS + queue]; 1145 stat->hwtype = zc->card->ap_dev.device_type; 1146 stat->functions = zc->card->functions >> 26; 1147 stat->qid = zq->queue->qid; 1148 stat->online = zq->online ? 0x01 : 0x00; 1149 } 1150 } 1151 spin_unlock(&zcrypt_list_lock); 1152 } 1153 EXPORT_SYMBOL(zcrypt_device_status_mask_ext); 1154 1155 int zcrypt_device_status_ext(int card, int queue, 1156 struct zcrypt_device_status_ext *devstat) 1157 { 1158 struct zcrypt_card *zc; 1159 struct zcrypt_queue *zq; 1160 1161 memset(devstat, 0, sizeof(*devstat)); 1162 1163 spin_lock(&zcrypt_list_lock); 1164 for_each_zcrypt_card(zc) { 1165 for_each_zcrypt_queue(zq, zc) { 1166 if (card == AP_QID_CARD(zq->queue->qid) && 1167 queue == AP_QID_QUEUE(zq->queue->qid)) { 1168 devstat->hwtype = zc->card->ap_dev.device_type; 1169 devstat->functions = zc->card->functions >> 26; 1170 devstat->qid = zq->queue->qid; 1171 devstat->online = zq->online ? 0x01 : 0x00; 1172 spin_unlock(&zcrypt_list_lock); 1173 return 0; 1174 } 1175 } 1176 } 1177 spin_unlock(&zcrypt_list_lock); 1178 1179 return -ENODEV; 1180 } 1181 EXPORT_SYMBOL(zcrypt_device_status_ext); 1182 1183 static void zcrypt_status_mask(char status[], size_t max_adapters) 1184 { 1185 struct zcrypt_card *zc; 1186 struct zcrypt_queue *zq; 1187 int card; 1188 1189 memset(status, 0, max_adapters); 1190 spin_lock(&zcrypt_list_lock); 1191 for_each_zcrypt_card(zc) { 1192 for_each_zcrypt_queue(zq, zc) { 1193 card = AP_QID_CARD(zq->queue->qid); 1194 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1195 || card >= max_adapters) 1196 continue; 1197 status[card] = zc->online ? zc->user_space_type : 0x0d; 1198 } 1199 } 1200 spin_unlock(&zcrypt_list_lock); 1201 } 1202 1203 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters) 1204 { 1205 struct zcrypt_card *zc; 1206 struct zcrypt_queue *zq; 1207 int card; 1208 1209 memset(qdepth, 0, max_adapters); 1210 spin_lock(&zcrypt_list_lock); 1211 local_bh_disable(); 1212 for_each_zcrypt_card(zc) { 1213 for_each_zcrypt_queue(zq, zc) { 1214 card = AP_QID_CARD(zq->queue->qid); 1215 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1216 || card >= max_adapters) 1217 continue; 1218 spin_lock(&zq->queue->lock); 1219 qdepth[card] = 1220 zq->queue->pendingq_count + 1221 zq->queue->requestq_count; 1222 spin_unlock(&zq->queue->lock); 1223 } 1224 } 1225 local_bh_enable(); 1226 spin_unlock(&zcrypt_list_lock); 1227 } 1228 1229 static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters) 1230 { 1231 struct zcrypt_card *zc; 1232 struct zcrypt_queue *zq; 1233 int card; 1234 u64 cnt; 1235 1236 memset(reqcnt, 0, sizeof(int) * max_adapters); 1237 spin_lock(&zcrypt_list_lock); 1238 local_bh_disable(); 1239 for_each_zcrypt_card(zc) { 1240 for_each_zcrypt_queue(zq, zc) { 1241 card = AP_QID_CARD(zq->queue->qid); 1242 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1243 || card >= max_adapters) 1244 continue; 1245 spin_lock(&zq->queue->lock); 1246 cnt = zq->queue->total_request_count; 1247 spin_unlock(&zq->queue->lock); 1248 reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX; 1249 } 1250 } 1251 local_bh_enable(); 1252 spin_unlock(&zcrypt_list_lock); 1253 } 1254 1255 static int zcrypt_pendingq_count(void) 1256 { 1257 struct zcrypt_card *zc; 1258 struct zcrypt_queue *zq; 1259 int pendingq_count; 1260 1261 pendingq_count = 0; 1262 spin_lock(&zcrypt_list_lock); 1263 local_bh_disable(); 1264 for_each_zcrypt_card(zc) { 1265 for_each_zcrypt_queue(zq, zc) { 1266 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1267 continue; 1268 spin_lock(&zq->queue->lock); 1269 pendingq_count += zq->queue->pendingq_count; 1270 spin_unlock(&zq->queue->lock); 1271 } 1272 } 1273 local_bh_enable(); 1274 spin_unlock(&zcrypt_list_lock); 1275 return pendingq_count; 1276 } 1277 1278 static int zcrypt_requestq_count(void) 1279 { 1280 struct zcrypt_card *zc; 1281 struct zcrypt_queue *zq; 1282 int requestq_count; 1283 1284 requestq_count = 0; 1285 spin_lock(&zcrypt_list_lock); 1286 local_bh_disable(); 1287 for_each_zcrypt_card(zc) { 1288 for_each_zcrypt_queue(zq, zc) { 1289 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1290 continue; 1291 spin_lock(&zq->queue->lock); 1292 requestq_count += zq->queue->requestq_count; 1293 spin_unlock(&zq->queue->lock); 1294 } 1295 } 1296 local_bh_enable(); 1297 spin_unlock(&zcrypt_list_lock); 1298 return requestq_count; 1299 } 1300 1301 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 1302 unsigned long arg) 1303 { 1304 int rc; 1305 struct ap_perms *perms = 1306 (struct ap_perms *) filp->private_data; 1307 1308 rc = zcrypt_check_ioctl(perms, cmd); 1309 if (rc) 1310 return rc; 1311 1312 switch (cmd) { 1313 case ICARSAMODEXPO: { 1314 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 1315 struct ica_rsa_modexpo mex; 1316 1317 if (copy_from_user(&mex, umex, sizeof(mex))) 1318 return -EFAULT; 1319 do { 1320 rc = zcrypt_rsa_modexpo(perms, &mex); 1321 } while (rc == -EAGAIN); 1322 /* on failure: retry once again after a requested rescan */ 1323 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1324 do { 1325 rc = zcrypt_rsa_modexpo(perms, &mex); 1326 } while (rc == -EAGAIN); 1327 if (rc) { 1328 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc); 1329 return rc; 1330 } 1331 return put_user(mex.outputdatalength, &umex->outputdatalength); 1332 } 1333 case ICARSACRT: { 1334 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 1335 struct ica_rsa_modexpo_crt crt; 1336 1337 if (copy_from_user(&crt, ucrt, sizeof(crt))) 1338 return -EFAULT; 1339 do { 1340 rc = zcrypt_rsa_crt(perms, &crt); 1341 } while (rc == -EAGAIN); 1342 /* on failure: retry once again after a requested rescan */ 1343 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1344 do { 1345 rc = zcrypt_rsa_crt(perms, &crt); 1346 } while (rc == -EAGAIN); 1347 if (rc) { 1348 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc); 1349 return rc; 1350 } 1351 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 1352 } 1353 case ZSECSENDCPRB: { 1354 struct ica_xcRB __user *uxcRB = (void __user *) arg; 1355 struct ica_xcRB xcRB; 1356 1357 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 1358 return -EFAULT; 1359 do { 1360 rc = _zcrypt_send_cprb(perms, &xcRB); 1361 } while (rc == -EAGAIN); 1362 /* on failure: retry once again after a requested rescan */ 1363 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1364 do { 1365 rc = _zcrypt_send_cprb(perms, &xcRB); 1366 } while (rc == -EAGAIN); 1367 if (rc) 1368 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n", 1369 rc, xcRB.status); 1370 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 1371 return -EFAULT; 1372 return rc; 1373 } 1374 case ZSENDEP11CPRB: { 1375 struct ep11_urb __user *uxcrb = (void __user *)arg; 1376 struct ep11_urb xcrb; 1377 1378 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1379 return -EFAULT; 1380 do { 1381 rc = _zcrypt_send_ep11_cprb(perms, &xcrb); 1382 } while (rc == -EAGAIN); 1383 /* on failure: retry once again after a requested rescan */ 1384 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1385 do { 1386 rc = _zcrypt_send_ep11_cprb(perms, &xcrb); 1387 } while (rc == -EAGAIN); 1388 if (rc) 1389 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc); 1390 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1391 return -EFAULT; 1392 return rc; 1393 } 1394 case ZCRYPT_DEVICE_STATUS: { 1395 struct zcrypt_device_status_ext *device_status; 1396 size_t total_size = MAX_ZDEV_ENTRIES_EXT 1397 * sizeof(struct zcrypt_device_status_ext); 1398 1399 device_status = kzalloc(total_size, GFP_KERNEL); 1400 if (!device_status) 1401 return -ENOMEM; 1402 zcrypt_device_status_mask_ext(device_status); 1403 if (copy_to_user((char __user *) arg, device_status, 1404 total_size)) 1405 rc = -EFAULT; 1406 kfree(device_status); 1407 return rc; 1408 } 1409 case ZCRYPT_STATUS_MASK: { 1410 char status[AP_DEVICES]; 1411 1412 zcrypt_status_mask(status, AP_DEVICES); 1413 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1414 return -EFAULT; 1415 return 0; 1416 } 1417 case ZCRYPT_QDEPTH_MASK: { 1418 char qdepth[AP_DEVICES]; 1419 1420 zcrypt_qdepth_mask(qdepth, AP_DEVICES); 1421 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1422 return -EFAULT; 1423 return 0; 1424 } 1425 case ZCRYPT_PERDEV_REQCNT: { 1426 u32 *reqcnt; 1427 1428 reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL); 1429 if (!reqcnt) 1430 return -ENOMEM; 1431 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); 1432 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1433 rc = -EFAULT; 1434 kfree(reqcnt); 1435 return rc; 1436 } 1437 case Z90STAT_REQUESTQ_COUNT: 1438 return put_user(zcrypt_requestq_count(), (int __user *) arg); 1439 case Z90STAT_PENDINGQ_COUNT: 1440 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 1441 case Z90STAT_TOTALOPEN_COUNT: 1442 return put_user(atomic_read(&zcrypt_open_count), 1443 (int __user *) arg); 1444 case Z90STAT_DOMAIN_INDEX: 1445 return put_user(ap_domain_index, (int __user *) arg); 1446 /* 1447 * Deprecated ioctls 1448 */ 1449 case ZDEVICESTATUS: { 1450 /* the old ioctl supports only 64 adapters */ 1451 struct zcrypt_device_status *device_status; 1452 size_t total_size = MAX_ZDEV_ENTRIES 1453 * sizeof(struct zcrypt_device_status); 1454 1455 device_status = kzalloc(total_size, GFP_KERNEL); 1456 if (!device_status) 1457 return -ENOMEM; 1458 zcrypt_device_status_mask(device_status); 1459 if (copy_to_user((char __user *) arg, device_status, 1460 total_size)) 1461 rc = -EFAULT; 1462 kfree(device_status); 1463 return rc; 1464 } 1465 case Z90STAT_STATUS_MASK: { 1466 /* the old ioctl supports only 64 adapters */ 1467 char status[MAX_ZDEV_CARDIDS]; 1468 1469 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS); 1470 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1471 return -EFAULT; 1472 return 0; 1473 } 1474 case Z90STAT_QDEPTH_MASK: { 1475 /* the old ioctl supports only 64 adapters */ 1476 char qdepth[MAX_ZDEV_CARDIDS]; 1477 1478 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS); 1479 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1480 return -EFAULT; 1481 return 0; 1482 } 1483 case Z90STAT_PERDEV_REQCNT: { 1484 /* the old ioctl supports only 64 adapters */ 1485 u32 reqcnt[MAX_ZDEV_CARDIDS]; 1486 1487 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS); 1488 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1489 return -EFAULT; 1490 return 0; 1491 } 1492 /* unknown ioctl number */ 1493 default: 1494 ZCRYPT_DBF(DBF_DEBUG, "unknown ioctl 0x%08x\n", cmd); 1495 return -ENOIOCTLCMD; 1496 } 1497 } 1498 1499 #ifdef CONFIG_COMPAT 1500 /* 1501 * ioctl32 conversion routines 1502 */ 1503 struct compat_ica_rsa_modexpo { 1504 compat_uptr_t inputdata; 1505 unsigned int inputdatalength; 1506 compat_uptr_t outputdata; 1507 unsigned int outputdatalength; 1508 compat_uptr_t b_key; 1509 compat_uptr_t n_modulus; 1510 }; 1511 1512 static long trans_modexpo32(struct ap_perms *perms, struct file *filp, 1513 unsigned int cmd, unsigned long arg) 1514 { 1515 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 1516 struct compat_ica_rsa_modexpo mex32; 1517 struct ica_rsa_modexpo mex64; 1518 long rc; 1519 1520 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 1521 return -EFAULT; 1522 mex64.inputdata = compat_ptr(mex32.inputdata); 1523 mex64.inputdatalength = mex32.inputdatalength; 1524 mex64.outputdata = compat_ptr(mex32.outputdata); 1525 mex64.outputdatalength = mex32.outputdatalength; 1526 mex64.b_key = compat_ptr(mex32.b_key); 1527 mex64.n_modulus = compat_ptr(mex32.n_modulus); 1528 do { 1529 rc = zcrypt_rsa_modexpo(perms, &mex64); 1530 } while (rc == -EAGAIN); 1531 /* on failure: retry once again after a requested rescan */ 1532 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1533 do { 1534 rc = zcrypt_rsa_modexpo(perms, &mex64); 1535 } while (rc == -EAGAIN); 1536 if (rc) 1537 return rc; 1538 return put_user(mex64.outputdatalength, 1539 &umex32->outputdatalength); 1540 } 1541 1542 struct compat_ica_rsa_modexpo_crt { 1543 compat_uptr_t inputdata; 1544 unsigned int inputdatalength; 1545 compat_uptr_t outputdata; 1546 unsigned int outputdatalength; 1547 compat_uptr_t bp_key; 1548 compat_uptr_t bq_key; 1549 compat_uptr_t np_prime; 1550 compat_uptr_t nq_prime; 1551 compat_uptr_t u_mult_inv; 1552 }; 1553 1554 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp, 1555 unsigned int cmd, unsigned long arg) 1556 { 1557 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 1558 struct compat_ica_rsa_modexpo_crt crt32; 1559 struct ica_rsa_modexpo_crt crt64; 1560 long rc; 1561 1562 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 1563 return -EFAULT; 1564 crt64.inputdata = compat_ptr(crt32.inputdata); 1565 crt64.inputdatalength = crt32.inputdatalength; 1566 crt64.outputdata = compat_ptr(crt32.outputdata); 1567 crt64.outputdatalength = crt32.outputdatalength; 1568 crt64.bp_key = compat_ptr(crt32.bp_key); 1569 crt64.bq_key = compat_ptr(crt32.bq_key); 1570 crt64.np_prime = compat_ptr(crt32.np_prime); 1571 crt64.nq_prime = compat_ptr(crt32.nq_prime); 1572 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 1573 do { 1574 rc = zcrypt_rsa_crt(perms, &crt64); 1575 } while (rc == -EAGAIN); 1576 /* on failure: retry once again after a requested rescan */ 1577 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1578 do { 1579 rc = zcrypt_rsa_crt(perms, &crt64); 1580 } while (rc == -EAGAIN); 1581 if (rc) 1582 return rc; 1583 return put_user(crt64.outputdatalength, 1584 &ucrt32->outputdatalength); 1585 } 1586 1587 struct compat_ica_xcRB { 1588 unsigned short agent_ID; 1589 unsigned int user_defined; 1590 unsigned short request_ID; 1591 unsigned int request_control_blk_length; 1592 unsigned char padding1[16 - sizeof(compat_uptr_t)]; 1593 compat_uptr_t request_control_blk_addr; 1594 unsigned int request_data_length; 1595 char padding2[16 - sizeof(compat_uptr_t)]; 1596 compat_uptr_t request_data_address; 1597 unsigned int reply_control_blk_length; 1598 char padding3[16 - sizeof(compat_uptr_t)]; 1599 compat_uptr_t reply_control_blk_addr; 1600 unsigned int reply_data_length; 1601 char padding4[16 - sizeof(compat_uptr_t)]; 1602 compat_uptr_t reply_data_addr; 1603 unsigned short priority_window; 1604 unsigned int status; 1605 } __packed; 1606 1607 static long trans_xcRB32(struct ap_perms *perms, struct file *filp, 1608 unsigned int cmd, unsigned long arg) 1609 { 1610 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 1611 struct compat_ica_xcRB xcRB32; 1612 struct ica_xcRB xcRB64; 1613 long rc; 1614 1615 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 1616 return -EFAULT; 1617 xcRB64.agent_ID = xcRB32.agent_ID; 1618 xcRB64.user_defined = xcRB32.user_defined; 1619 xcRB64.request_ID = xcRB32.request_ID; 1620 xcRB64.request_control_blk_length = 1621 xcRB32.request_control_blk_length; 1622 xcRB64.request_control_blk_addr = 1623 compat_ptr(xcRB32.request_control_blk_addr); 1624 xcRB64.request_data_length = 1625 xcRB32.request_data_length; 1626 xcRB64.request_data_address = 1627 compat_ptr(xcRB32.request_data_address); 1628 xcRB64.reply_control_blk_length = 1629 xcRB32.reply_control_blk_length; 1630 xcRB64.reply_control_blk_addr = 1631 compat_ptr(xcRB32.reply_control_blk_addr); 1632 xcRB64.reply_data_length = xcRB32.reply_data_length; 1633 xcRB64.reply_data_addr = 1634 compat_ptr(xcRB32.reply_data_addr); 1635 xcRB64.priority_window = xcRB32.priority_window; 1636 xcRB64.status = xcRB32.status; 1637 do { 1638 rc = _zcrypt_send_cprb(perms, &xcRB64); 1639 } while (rc == -EAGAIN); 1640 /* on failure: retry once again after a requested rescan */ 1641 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1642 do { 1643 rc = _zcrypt_send_cprb(perms, &xcRB64); 1644 } while (rc == -EAGAIN); 1645 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 1646 xcRB32.reply_data_length = xcRB64.reply_data_length; 1647 xcRB32.status = xcRB64.status; 1648 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 1649 return -EFAULT; 1650 return rc; 1651 } 1652 1653 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 1654 unsigned long arg) 1655 { 1656 int rc; 1657 struct ap_perms *perms = 1658 (struct ap_perms *) filp->private_data; 1659 1660 rc = zcrypt_check_ioctl(perms, cmd); 1661 if (rc) 1662 return rc; 1663 1664 if (cmd == ICARSAMODEXPO) 1665 return trans_modexpo32(perms, filp, cmd, arg); 1666 if (cmd == ICARSACRT) 1667 return trans_modexpo_crt32(perms, filp, cmd, arg); 1668 if (cmd == ZSECSENDCPRB) 1669 return trans_xcRB32(perms, filp, cmd, arg); 1670 return zcrypt_unlocked_ioctl(filp, cmd, arg); 1671 } 1672 #endif 1673 1674 /* 1675 * Misc device file operations. 1676 */ 1677 static const struct file_operations zcrypt_fops = { 1678 .owner = THIS_MODULE, 1679 .read = zcrypt_read, 1680 .write = zcrypt_write, 1681 .unlocked_ioctl = zcrypt_unlocked_ioctl, 1682 #ifdef CONFIG_COMPAT 1683 .compat_ioctl = zcrypt_compat_ioctl, 1684 #endif 1685 .open = zcrypt_open, 1686 .release = zcrypt_release, 1687 .llseek = no_llseek, 1688 }; 1689 1690 /* 1691 * Misc device. 1692 */ 1693 static struct miscdevice zcrypt_misc_device = { 1694 .minor = MISC_DYNAMIC_MINOR, 1695 .name = "z90crypt", 1696 .fops = &zcrypt_fops, 1697 }; 1698 1699 static int zcrypt_rng_device_count; 1700 static u32 *zcrypt_rng_buffer; 1701 static int zcrypt_rng_buffer_index; 1702 static DEFINE_MUTEX(zcrypt_rng_mutex); 1703 1704 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1705 { 1706 int rc; 1707 1708 /* 1709 * We don't need locking here because the RNG API guarantees serialized 1710 * read method calls. 1711 */ 1712 if (zcrypt_rng_buffer_index == 0) { 1713 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1714 /* on failure: retry once again after a requested rescan */ 1715 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1716 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1717 if (rc < 0) 1718 return -EIO; 1719 zcrypt_rng_buffer_index = rc / sizeof(*data); 1720 } 1721 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1722 return sizeof(*data); 1723 } 1724 1725 static struct hwrng zcrypt_rng_dev = { 1726 .name = "zcrypt", 1727 .data_read = zcrypt_rng_data_read, 1728 .quality = 990, 1729 }; 1730 1731 int zcrypt_rng_device_add(void) 1732 { 1733 int rc = 0; 1734 1735 mutex_lock(&zcrypt_rng_mutex); 1736 if (zcrypt_rng_device_count == 0) { 1737 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1738 if (!zcrypt_rng_buffer) { 1739 rc = -ENOMEM; 1740 goto out; 1741 } 1742 zcrypt_rng_buffer_index = 0; 1743 if (!zcrypt_hwrng_seed) 1744 zcrypt_rng_dev.quality = 0; 1745 rc = hwrng_register(&zcrypt_rng_dev); 1746 if (rc) 1747 goto out_free; 1748 zcrypt_rng_device_count = 1; 1749 } else 1750 zcrypt_rng_device_count++; 1751 mutex_unlock(&zcrypt_rng_mutex); 1752 return 0; 1753 1754 out_free: 1755 free_page((unsigned long) zcrypt_rng_buffer); 1756 out: 1757 mutex_unlock(&zcrypt_rng_mutex); 1758 return rc; 1759 } 1760 1761 void zcrypt_rng_device_remove(void) 1762 { 1763 mutex_lock(&zcrypt_rng_mutex); 1764 zcrypt_rng_device_count--; 1765 if (zcrypt_rng_device_count == 0) { 1766 hwrng_unregister(&zcrypt_rng_dev); 1767 free_page((unsigned long) zcrypt_rng_buffer); 1768 } 1769 mutex_unlock(&zcrypt_rng_mutex); 1770 } 1771 1772 int __init zcrypt_debug_init(void) 1773 { 1774 zcrypt_dbf_info = debug_register("zcrypt", 1, 1, 1775 DBF_MAX_SPRINTF_ARGS * sizeof(long)); 1776 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view); 1777 debug_set_level(zcrypt_dbf_info, DBF_ERR); 1778 1779 return 0; 1780 } 1781 1782 void zcrypt_debug_exit(void) 1783 { 1784 debug_unregister(zcrypt_dbf_info); 1785 } 1786 1787 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1788 1789 static int __init zcdn_init(void) 1790 { 1791 int rc; 1792 1793 /* create a new class 'zcrypt' */ 1794 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME); 1795 if (IS_ERR(zcrypt_class)) { 1796 rc = PTR_ERR(zcrypt_class); 1797 goto out_class_create_failed; 1798 } 1799 zcrypt_class->dev_release = zcdn_device_release; 1800 1801 /* alloc device minor range */ 1802 rc = alloc_chrdev_region(&zcrypt_devt, 1803 0, ZCRYPT_MAX_MINOR_NODES, 1804 ZCRYPT_NAME); 1805 if (rc) 1806 goto out_alloc_chrdev_failed; 1807 1808 cdev_init(&zcrypt_cdev, &zcrypt_fops); 1809 zcrypt_cdev.owner = THIS_MODULE; 1810 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1811 if (rc) 1812 goto out_cdev_add_failed; 1813 1814 /* need some class specific sysfs attributes */ 1815 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create); 1816 if (rc) 1817 goto out_class_create_file_1_failed; 1818 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy); 1819 if (rc) 1820 goto out_class_create_file_2_failed; 1821 1822 return 0; 1823 1824 out_class_create_file_2_failed: 1825 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1826 out_class_create_file_1_failed: 1827 cdev_del(&zcrypt_cdev); 1828 out_cdev_add_failed: 1829 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1830 out_alloc_chrdev_failed: 1831 class_destroy(zcrypt_class); 1832 out_class_create_failed: 1833 return rc; 1834 } 1835 1836 static void zcdn_exit(void) 1837 { 1838 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1839 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy); 1840 zcdn_destroy_all(); 1841 cdev_del(&zcrypt_cdev); 1842 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1843 class_destroy(zcrypt_class); 1844 } 1845 1846 #endif 1847 1848 /** 1849 * zcrypt_api_init(): Module initialization. 1850 * 1851 * The module initialization code. 1852 */ 1853 int __init zcrypt_api_init(void) 1854 { 1855 int rc; 1856 1857 rc = zcrypt_debug_init(); 1858 if (rc) 1859 goto out; 1860 1861 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1862 rc = zcdn_init(); 1863 if (rc) 1864 goto out; 1865 #endif 1866 1867 /* Register the request sprayer. */ 1868 rc = misc_register(&zcrypt_misc_device); 1869 if (rc < 0) 1870 goto out_misc_register_failed; 1871 1872 zcrypt_msgtype6_init(); 1873 zcrypt_msgtype50_init(); 1874 1875 return 0; 1876 1877 out_misc_register_failed: 1878 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1879 zcdn_exit(); 1880 #endif 1881 zcrypt_debug_exit(); 1882 out: 1883 return rc; 1884 } 1885 1886 /** 1887 * zcrypt_api_exit(): Module termination. 1888 * 1889 * The module termination code. 1890 */ 1891 void __exit zcrypt_api_exit(void) 1892 { 1893 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1894 zcdn_exit(); 1895 #endif 1896 misc_deregister(&zcrypt_misc_device); 1897 zcrypt_msgtype6_exit(); 1898 zcrypt_msgtype50_exit(); 1899 zcrypt_ccamisc_exit(); 1900 zcrypt_ep11misc_exit(); 1901 zcrypt_debug_exit(); 1902 } 1903 1904 module_init(zcrypt_api_init); 1905 module_exit(zcrypt_api_exit); 1906