xref: /openbmc/linux/drivers/s390/crypto/zcrypt_api.c (revision 0a4cad9c)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  Copyright IBM Corp. 2001, 2018
4  *  Author(s): Robert Burroughs
5  *	       Eric Rossman (edrossma@us.ibm.com)
6  *	       Cornelia Huck <cornelia.huck@de.ibm.com>
7  *
8  *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
9  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
10  *				  Ralph Wuerthner <rwuerthn@de.ibm.com>
11  *  MSGTYPE restruct:		  Holger Dengler <hd@linux.vnet.ibm.com>
12  *  Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com>
13  */
14 
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/interrupt.h>
18 #include <linux/miscdevice.h>
19 #include <linux/fs.h>
20 #include <linux/compat.h>
21 #include <linux/slab.h>
22 #include <linux/atomic.h>
23 #include <linux/uaccess.h>
24 #include <linux/hw_random.h>
25 #include <linux/debugfs.h>
26 #include <linux/cdev.h>
27 #include <linux/ctype.h>
28 #include <linux/capability.h>
29 #include <asm/debug.h>
30 
31 #define CREATE_TRACE_POINTS
32 #include <asm/trace/zcrypt.h>
33 
34 #include "zcrypt_api.h"
35 #include "zcrypt_debug.h"
36 
37 #include "zcrypt_msgtype6.h"
38 #include "zcrypt_msgtype50.h"
39 #include "zcrypt_ccamisc.h"
40 #include "zcrypt_ep11misc.h"
41 
42 /*
43  * Module description.
44  */
45 MODULE_AUTHOR("IBM Corporation");
46 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \
47 		   "Copyright IBM Corp. 2001, 2012");
48 MODULE_LICENSE("GPL");
49 
50 /*
51  * zcrypt tracepoint functions
52  */
53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req);
54 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep);
55 
56 static int zcrypt_hwrng_seed = 1;
57 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440);
58 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on).");
59 
60 DEFINE_SPINLOCK(zcrypt_list_lock);
61 LIST_HEAD(zcrypt_card_list);
62 
63 static atomic_t zcrypt_open_count = ATOMIC_INIT(0);
64 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0);
65 
66 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0);
67 EXPORT_SYMBOL(zcrypt_rescan_req);
68 
69 static LIST_HEAD(zcrypt_ops_list);
70 
71 /* Zcrypt related debug feature stuff. */
72 debug_info_t *zcrypt_dbf_info;
73 
74 /*
75  * Process a rescan of the transport layer.
76  *
77  * Returns 1, if the rescan has been processed, otherwise 0.
78  */
79 static inline int zcrypt_process_rescan(void)
80 {
81 	if (atomic_read(&zcrypt_rescan_req)) {
82 		atomic_set(&zcrypt_rescan_req, 0);
83 		atomic_inc(&zcrypt_rescan_count);
84 		ap_bus_force_rescan();
85 		ZCRYPT_DBF_INFO("%s rescan count=%07d\n", __func__,
86 				atomic_inc_return(&zcrypt_rescan_count));
87 		return 1;
88 	}
89 	return 0;
90 }
91 
92 void zcrypt_msgtype_register(struct zcrypt_ops *zops)
93 {
94 	list_add_tail(&zops->list, &zcrypt_ops_list);
95 }
96 
97 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops)
98 {
99 	list_del_init(&zops->list);
100 }
101 
102 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant)
103 {
104 	struct zcrypt_ops *zops;
105 
106 	list_for_each_entry(zops, &zcrypt_ops_list, list)
107 		if ((zops->variant == variant) &&
108 		    (!strncmp(zops->name, name, sizeof(zops->name))))
109 			return zops;
110 	return NULL;
111 }
112 EXPORT_SYMBOL(zcrypt_msgtype);
113 
114 /*
115  * Multi device nodes extension functions.
116  */
117 
118 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
119 
120 struct zcdn_device;
121 
122 static struct class *zcrypt_class;
123 static dev_t zcrypt_devt;
124 static struct cdev zcrypt_cdev;
125 
126 struct zcdn_device {
127 	struct device device;
128 	struct ap_perms perms;
129 };
130 
131 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device)
132 
133 #define ZCDN_MAX_NAME 32
134 
135 static int zcdn_create(const char *name);
136 static int zcdn_destroy(const char *name);
137 
138 /*
139  * Find zcdn device by name.
140  * Returns reference to the zcdn device which needs to be released
141  * with put_device() after use.
142  */
143 static inline struct zcdn_device *find_zcdndev_by_name(const char *name)
144 {
145 	struct device *dev = class_find_device_by_name(zcrypt_class, name);
146 
147 	return dev ? to_zcdn_dev(dev) : NULL;
148 }
149 
150 /*
151  * Find zcdn device by devt value.
152  * Returns reference to the zcdn device which needs to be released
153  * with put_device() after use.
154  */
155 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt)
156 {
157 	struct device *dev = class_find_device_by_devt(zcrypt_class, devt);
158 
159 	return dev ? to_zcdn_dev(dev) : NULL;
160 }
161 
162 static ssize_t ioctlmask_show(struct device *dev,
163 			      struct device_attribute *attr,
164 			      char *buf)
165 {
166 	int i, rc;
167 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
168 
169 	if (mutex_lock_interruptible(&ap_perms_mutex))
170 		return -ERESTARTSYS;
171 
172 	buf[0] = '0';
173 	buf[1] = 'x';
174 	for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++)
175 		snprintf(buf + 2 + 2 * i * sizeof(long),
176 			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
177 			 "%016lx", zcdndev->perms.ioctlm[i]);
178 	buf[2 + 2 * i * sizeof(long)] = '\n';
179 	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
180 	rc = 2 + 2 * i * sizeof(long) + 1;
181 
182 	mutex_unlock(&ap_perms_mutex);
183 
184 	return rc;
185 }
186 
187 static ssize_t ioctlmask_store(struct device *dev,
188 			       struct device_attribute *attr,
189 			       const char *buf, size_t count)
190 {
191 	int rc;
192 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
193 
194 	rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm,
195 			       AP_IOCTLS, &ap_perms_mutex);
196 	if (rc)
197 		return rc;
198 
199 	return count;
200 }
201 
202 static DEVICE_ATTR_RW(ioctlmask);
203 
204 static ssize_t apmask_show(struct device *dev,
205 			   struct device_attribute *attr,
206 			   char *buf)
207 {
208 	int i, rc;
209 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
210 
211 	if (mutex_lock_interruptible(&ap_perms_mutex))
212 		return -ERESTARTSYS;
213 
214 	buf[0] = '0';
215 	buf[1] = 'x';
216 	for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++)
217 		snprintf(buf + 2 + 2 * i * sizeof(long),
218 			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
219 			 "%016lx", zcdndev->perms.apm[i]);
220 	buf[2 + 2 * i * sizeof(long)] = '\n';
221 	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
222 	rc = 2 + 2 * i * sizeof(long) + 1;
223 
224 	mutex_unlock(&ap_perms_mutex);
225 
226 	return rc;
227 }
228 
229 static ssize_t apmask_store(struct device *dev,
230 			    struct device_attribute *attr,
231 			    const char *buf, size_t count)
232 {
233 	int rc;
234 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
235 
236 	rc = ap_parse_mask_str(buf, zcdndev->perms.apm,
237 			       AP_DEVICES, &ap_perms_mutex);
238 	if (rc)
239 		return rc;
240 
241 	return count;
242 }
243 
244 static DEVICE_ATTR_RW(apmask);
245 
246 static ssize_t aqmask_show(struct device *dev,
247 			   struct device_attribute *attr,
248 			   char *buf)
249 {
250 	int i, rc;
251 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
252 
253 	if (mutex_lock_interruptible(&ap_perms_mutex))
254 		return -ERESTARTSYS;
255 
256 	buf[0] = '0';
257 	buf[1] = 'x';
258 	for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++)
259 		snprintf(buf + 2 + 2 * i * sizeof(long),
260 			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
261 			 "%016lx", zcdndev->perms.aqm[i]);
262 	buf[2 + 2 * i * sizeof(long)] = '\n';
263 	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
264 	rc = 2 + 2 * i * sizeof(long) + 1;
265 
266 	mutex_unlock(&ap_perms_mutex);
267 
268 	return rc;
269 }
270 
271 static ssize_t aqmask_store(struct device *dev,
272 			    struct device_attribute *attr,
273 			    const char *buf, size_t count)
274 {
275 	int rc;
276 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
277 
278 	rc = ap_parse_mask_str(buf, zcdndev->perms.aqm,
279 			       AP_DOMAINS, &ap_perms_mutex);
280 	if (rc)
281 		return rc;
282 
283 	return count;
284 }
285 
286 static DEVICE_ATTR_RW(aqmask);
287 
288 static ssize_t admask_show(struct device *dev,
289 			   struct device_attribute *attr,
290 			   char *buf)
291 {
292 	int i, rc;
293 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
294 
295 	if (mutex_lock_interruptible(&ap_perms_mutex))
296 		return -ERESTARTSYS;
297 
298 	buf[0] = '0';
299 	buf[1] = 'x';
300 	for (i = 0; i < sizeof(zcdndev->perms.adm) / sizeof(long); i++)
301 		snprintf(buf + 2 + 2 * i * sizeof(long),
302 			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
303 			 "%016lx", zcdndev->perms.adm[i]);
304 	buf[2 + 2 * i * sizeof(long)] = '\n';
305 	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
306 	rc = 2 + 2 * i * sizeof(long) + 1;
307 
308 	mutex_unlock(&ap_perms_mutex);
309 
310 	return rc;
311 }
312 
313 static ssize_t admask_store(struct device *dev,
314 			    struct device_attribute *attr,
315 			    const char *buf, size_t count)
316 {
317 	int rc;
318 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
319 
320 	rc = ap_parse_mask_str(buf, zcdndev->perms.adm,
321 			       AP_DOMAINS, &ap_perms_mutex);
322 	if (rc)
323 		return rc;
324 
325 	return count;
326 }
327 
328 static DEVICE_ATTR_RW(admask);
329 
330 static struct attribute *zcdn_dev_attrs[] = {
331 	&dev_attr_ioctlmask.attr,
332 	&dev_attr_apmask.attr,
333 	&dev_attr_aqmask.attr,
334 	&dev_attr_admask.attr,
335 	NULL
336 };
337 
338 static struct attribute_group zcdn_dev_attr_group = {
339 	.attrs = zcdn_dev_attrs
340 };
341 
342 static const struct attribute_group *zcdn_dev_attr_groups[] = {
343 	&zcdn_dev_attr_group,
344 	NULL
345 };
346 
347 static ssize_t zcdn_create_store(struct class *class,
348 				 struct class_attribute *attr,
349 				 const char *buf, size_t count)
350 {
351 	int rc;
352 	char name[ZCDN_MAX_NAME];
353 
354 	strncpy(name, skip_spaces(buf), sizeof(name));
355 	name[sizeof(name) - 1] = '\0';
356 
357 	rc = zcdn_create(strim(name));
358 
359 	return rc ? rc : count;
360 }
361 
362 static const struct class_attribute class_attr_zcdn_create =
363 	__ATTR(create, 0600, NULL, zcdn_create_store);
364 
365 static ssize_t zcdn_destroy_store(struct class *class,
366 				  struct class_attribute *attr,
367 				  const char *buf, size_t count)
368 {
369 	int rc;
370 	char name[ZCDN_MAX_NAME];
371 
372 	strncpy(name, skip_spaces(buf), sizeof(name));
373 	name[sizeof(name) - 1] = '\0';
374 
375 	rc = zcdn_destroy(strim(name));
376 
377 	return rc ? rc : count;
378 }
379 
380 static const struct class_attribute class_attr_zcdn_destroy =
381 	__ATTR(destroy, 0600, NULL, zcdn_destroy_store);
382 
383 static void zcdn_device_release(struct device *dev)
384 {
385 	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
386 
387 	ZCRYPT_DBF_INFO("%s releasing zcdn device %d:%d\n",
388 			__func__, MAJOR(dev->devt), MINOR(dev->devt));
389 
390 	kfree(zcdndev);
391 }
392 
393 static int zcdn_create(const char *name)
394 {
395 	dev_t devt;
396 	int i, rc = 0;
397 	char nodename[ZCDN_MAX_NAME];
398 	struct zcdn_device *zcdndev;
399 
400 	if (mutex_lock_interruptible(&ap_perms_mutex))
401 		return -ERESTARTSYS;
402 
403 	/* check if device node with this name already exists */
404 	if (name[0]) {
405 		zcdndev = find_zcdndev_by_name(name);
406 		if (zcdndev) {
407 			put_device(&zcdndev->device);
408 			rc = -EEXIST;
409 			goto unlockout;
410 		}
411 	}
412 
413 	/* find an unused minor number */
414 	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
415 		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
416 		zcdndev = find_zcdndev_by_devt(devt);
417 		if (zcdndev)
418 			put_device(&zcdndev->device);
419 		else
420 			break;
421 	}
422 	if (i == ZCRYPT_MAX_MINOR_NODES) {
423 		rc = -ENOSPC;
424 		goto unlockout;
425 	}
426 
427 	/* alloc and prepare a new zcdn device */
428 	zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL);
429 	if (!zcdndev) {
430 		rc = -ENOMEM;
431 		goto unlockout;
432 	}
433 	zcdndev->device.release = zcdn_device_release;
434 	zcdndev->device.class = zcrypt_class;
435 	zcdndev->device.devt = devt;
436 	zcdndev->device.groups = zcdn_dev_attr_groups;
437 	if (name[0])
438 		strncpy(nodename, name, sizeof(nodename));
439 	else
440 		snprintf(nodename, sizeof(nodename),
441 			 ZCRYPT_NAME "_%d", (int) MINOR(devt));
442 	nodename[sizeof(nodename)-1] = '\0';
443 	if (dev_set_name(&zcdndev->device, nodename)) {
444 		rc = -EINVAL;
445 		goto unlockout;
446 	}
447 	rc = device_register(&zcdndev->device);
448 	if (rc) {
449 		put_device(&zcdndev->device);
450 		goto unlockout;
451 	}
452 
453 	ZCRYPT_DBF_INFO("%s created zcdn device %d:%d\n",
454 			__func__, MAJOR(devt), MINOR(devt));
455 
456 unlockout:
457 	mutex_unlock(&ap_perms_mutex);
458 	return rc;
459 }
460 
461 static int zcdn_destroy(const char *name)
462 {
463 	int rc = 0;
464 	struct zcdn_device *zcdndev;
465 
466 	if (mutex_lock_interruptible(&ap_perms_mutex))
467 		return -ERESTARTSYS;
468 
469 	/* try to find this zcdn device */
470 	zcdndev = find_zcdndev_by_name(name);
471 	if (!zcdndev) {
472 		rc = -ENOENT;
473 		goto unlockout;
474 	}
475 
476 	/*
477 	 * The zcdn device is not hard destroyed. It is subject to
478 	 * reference counting and thus just needs to be unregistered.
479 	 */
480 	put_device(&zcdndev->device);
481 	device_unregister(&zcdndev->device);
482 
483 unlockout:
484 	mutex_unlock(&ap_perms_mutex);
485 	return rc;
486 }
487 
488 static void zcdn_destroy_all(void)
489 {
490 	int i;
491 	dev_t devt;
492 	struct zcdn_device *zcdndev;
493 
494 	mutex_lock(&ap_perms_mutex);
495 	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
496 		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
497 		zcdndev = find_zcdndev_by_devt(devt);
498 		if (zcdndev) {
499 			put_device(&zcdndev->device);
500 			device_unregister(&zcdndev->device);
501 		}
502 	}
503 	mutex_unlock(&ap_perms_mutex);
504 }
505 
506 #endif
507 
508 /*
509  * zcrypt_read (): Not supported beyond zcrypt 1.3.1.
510  *
511  * This function is not supported beyond zcrypt 1.3.1.
512  */
513 static ssize_t zcrypt_read(struct file *filp, char __user *buf,
514 			   size_t count, loff_t *f_pos)
515 {
516 	return -EPERM;
517 }
518 
519 /*
520  * zcrypt_write(): Not allowed.
521  *
522  * Write is is not allowed
523  */
524 static ssize_t zcrypt_write(struct file *filp, const char __user *buf,
525 			    size_t count, loff_t *f_pos)
526 {
527 	return -EPERM;
528 }
529 
530 /*
531  * zcrypt_open(): Count number of users.
532  *
533  * Device open function to count number of users.
534  */
535 static int zcrypt_open(struct inode *inode, struct file *filp)
536 {
537 	struct ap_perms *perms = &ap_perms;
538 
539 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
540 	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
541 		struct zcdn_device *zcdndev;
542 
543 		if (mutex_lock_interruptible(&ap_perms_mutex))
544 			return -ERESTARTSYS;
545 		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
546 		/* find returns a reference, no get_device() needed */
547 		mutex_unlock(&ap_perms_mutex);
548 		if (zcdndev)
549 			perms = &zcdndev->perms;
550 	}
551 #endif
552 	filp->private_data = (void *) perms;
553 
554 	atomic_inc(&zcrypt_open_count);
555 	return stream_open(inode, filp);
556 }
557 
558 /*
559  * zcrypt_release(): Count number of users.
560  *
561  * Device close function to count number of users.
562  */
563 static int zcrypt_release(struct inode *inode, struct file *filp)
564 {
565 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
566 	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
567 		struct zcdn_device *zcdndev;
568 
569 		mutex_lock(&ap_perms_mutex);
570 		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
571 		mutex_unlock(&ap_perms_mutex);
572 		if (zcdndev) {
573 			/* 2 puts here: one for find, one for open */
574 			put_device(&zcdndev->device);
575 			put_device(&zcdndev->device);
576 		}
577 	}
578 #endif
579 
580 	atomic_dec(&zcrypt_open_count);
581 	return 0;
582 }
583 
584 static inline int zcrypt_check_ioctl(struct ap_perms *perms,
585 				     unsigned int cmd)
586 {
587 	int rc = -EPERM;
588 	int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT;
589 
590 	if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) {
591 		if (test_bit_inv(ioctlnr, perms->ioctlm))
592 			rc = 0;
593 	}
594 
595 	if (rc)
596 		ZCRYPT_DBF_WARN("%s ioctl check failed: ioctlnr=0x%04x rc=%d\n",
597 				__func__, ioctlnr, rc);
598 
599 	return rc;
600 }
601 
602 static inline bool zcrypt_check_card(struct ap_perms *perms, int card)
603 {
604 	return test_bit_inv(card, perms->apm) ? true : false;
605 }
606 
607 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue)
608 {
609 	return test_bit_inv(queue, perms->aqm) ? true : false;
610 }
611 
612 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
613 						     struct zcrypt_queue *zq,
614 						     struct module **pmod,
615 						     unsigned int weight)
616 {
617 	if (!zq || !try_module_get(zq->queue->ap_dev.device.driver->owner))
618 		return NULL;
619 	zcrypt_queue_get(zq);
620 	get_device(&zq->queue->ap_dev.device);
621 	atomic_add(weight, &zc->load);
622 	atomic_add(weight, &zq->load);
623 	zq->request_count++;
624 	*pmod = zq->queue->ap_dev.device.driver->owner;
625 	return zq;
626 }
627 
628 static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
629 				     struct zcrypt_queue *zq,
630 				     struct module *mod,
631 				     unsigned int weight)
632 {
633 	zq->request_count--;
634 	atomic_sub(weight, &zc->load);
635 	atomic_sub(weight, &zq->load);
636 	put_device(&zq->queue->ap_dev.device);
637 	zcrypt_queue_put(zq);
638 	module_put(mod);
639 }
640 
641 static inline bool zcrypt_card_compare(struct zcrypt_card *zc,
642 				       struct zcrypt_card *pref_zc,
643 				       unsigned int weight,
644 				       unsigned int pref_weight)
645 {
646 	if (!pref_zc)
647 		return true;
648 	weight += atomic_read(&zc->load);
649 	pref_weight += atomic_read(&pref_zc->load);
650 	if (weight == pref_weight)
651 		return atomic64_read(&zc->card->total_request_count) <
652 			atomic64_read(&pref_zc->card->total_request_count);
653 	return weight < pref_weight;
654 }
655 
656 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq,
657 					struct zcrypt_queue *pref_zq,
658 					unsigned int weight,
659 					unsigned int pref_weight)
660 {
661 	if (!pref_zq)
662 		return true;
663 	weight += atomic_read(&zq->load);
664 	pref_weight += atomic_read(&pref_zq->load);
665 	if (weight == pref_weight)
666 		return zq->queue->total_request_count <
667 			pref_zq->queue->total_request_count;
668 	return weight < pref_weight;
669 }
670 
671 /*
672  * zcrypt ioctls.
673  */
674 static long zcrypt_rsa_modexpo(struct ap_perms *perms,
675 			       struct zcrypt_track *tr,
676 			       struct ica_rsa_modexpo *mex)
677 {
678 	struct zcrypt_card *zc, *pref_zc;
679 	struct zcrypt_queue *zq, *pref_zq;
680 	struct ap_message ap_msg;
681 	unsigned int wgt = 0, pref_wgt = 0;
682 	unsigned int func_code;
683 	int cpen, qpen, qid = 0, rc = -ENODEV;
684 	struct module *mod;
685 
686 	trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
687 
688 	ap_init_message(&ap_msg);
689 
690 #ifdef CONFIG_ZCRYPT_DEBUG
691 	if (tr && tr->fi.cmd)
692 		ap_msg.fi.cmd = tr->fi.cmd;
693 #endif
694 
695 	if (mex->outputdatalength < mex->inputdatalength) {
696 		func_code = 0;
697 		rc = -EINVAL;
698 		goto out;
699 	}
700 
701 	/*
702 	 * As long as outputdatalength is big enough, we can set the
703 	 * outputdatalength equal to the inputdatalength, since that is the
704 	 * number of bytes we will copy in any case
705 	 */
706 	mex->outputdatalength = mex->inputdatalength;
707 
708 	rc = get_rsa_modex_fc(mex, &func_code);
709 	if (rc)
710 		goto out;
711 
712 	pref_zc = NULL;
713 	pref_zq = NULL;
714 	spin_lock(&zcrypt_list_lock);
715 	for_each_zcrypt_card(zc) {
716 		/* Check for useable accelarator or CCA card */
717 		if (!zc->online || !zc->card->config || zc->card->chkstop ||
718 		    !(zc->card->functions & 0x18000000))
719 			continue;
720 		/* Check for size limits */
721 		if (zc->min_mod_size > mex->inputdatalength ||
722 		    zc->max_mod_size < mex->inputdatalength)
723 			continue;
724 		/* check if device node has admission for this card */
725 		if (!zcrypt_check_card(perms, zc->card->id))
726 			continue;
727 		/* get weight index of the card device	*/
728 		wgt = zc->speed_rating[func_code];
729 		/* penalty if this msg was previously sent via this card */
730 		cpen = (tr && tr->again_counter && tr->last_qid &&
731 			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
732 			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
733 		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
734 			continue;
735 		for_each_zcrypt_queue(zq, zc) {
736 			/* check if device is useable and eligible */
737 			if (!zq->online || !zq->ops->rsa_modexpo ||
738 			    !zq->queue->config || zq->queue->chkstop)
739 				continue;
740 			/* check if device node has admission for this queue */
741 			if (!zcrypt_check_queue(perms,
742 						AP_QID_QUEUE(zq->queue->qid)))
743 				continue;
744 			/* penalty if the msg was previously sent at this qid */
745 			qpen = (tr && tr->again_counter && tr->last_qid &&
746 				tr->last_qid == zq->queue->qid) ?
747 				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
748 			if (!zcrypt_queue_compare(zq, pref_zq,
749 						  wgt + cpen + qpen, pref_wgt))
750 				continue;
751 			pref_zc = zc;
752 			pref_zq = zq;
753 			pref_wgt = wgt + cpen + qpen;
754 		}
755 	}
756 	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
757 	spin_unlock(&zcrypt_list_lock);
758 
759 	if (!pref_zq) {
760 		ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n",
761 			       __func__);
762 		rc = -ENODEV;
763 		goto out;
764 	}
765 
766 	qid = pref_zq->queue->qid;
767 	rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg);
768 
769 	spin_lock(&zcrypt_list_lock);
770 	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
771 	spin_unlock(&zcrypt_list_lock);
772 
773 out:
774 	ap_release_message(&ap_msg);
775 	if (tr) {
776 		tr->last_rc = rc;
777 		tr->last_qid = qid;
778 	}
779 	trace_s390_zcrypt_rep(mex, func_code, rc,
780 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
781 	return rc;
782 }
783 
784 static long zcrypt_rsa_crt(struct ap_perms *perms,
785 			   struct zcrypt_track *tr,
786 			   struct ica_rsa_modexpo_crt *crt)
787 {
788 	struct zcrypt_card *zc, *pref_zc;
789 	struct zcrypt_queue *zq, *pref_zq;
790 	struct ap_message ap_msg;
791 	unsigned int wgt = 0, pref_wgt = 0;
792 	unsigned int func_code;
793 	int cpen, qpen, qid = 0, rc = -ENODEV;
794 	struct module *mod;
795 
796 	trace_s390_zcrypt_req(crt, TP_ICARSACRT);
797 
798 	ap_init_message(&ap_msg);
799 
800 #ifdef CONFIG_ZCRYPT_DEBUG
801 	if (tr && tr->fi.cmd)
802 		ap_msg.fi.cmd = tr->fi.cmd;
803 #endif
804 
805 	if (crt->outputdatalength < crt->inputdatalength) {
806 		func_code = 0;
807 		rc = -EINVAL;
808 		goto out;
809 	}
810 
811 	/*
812 	 * As long as outputdatalength is big enough, we can set the
813 	 * outputdatalength equal to the inputdatalength, since that is the
814 	 * number of bytes we will copy in any case
815 	 */
816 	crt->outputdatalength = crt->inputdatalength;
817 
818 	rc = get_rsa_crt_fc(crt, &func_code);
819 	if (rc)
820 		goto out;
821 
822 	pref_zc = NULL;
823 	pref_zq = NULL;
824 	spin_lock(&zcrypt_list_lock);
825 	for_each_zcrypt_card(zc) {
826 		/* Check for useable accelarator or CCA card */
827 		if (!zc->online || !zc->card->config || zc->card->chkstop ||
828 		    !(zc->card->functions & 0x18000000))
829 			continue;
830 		/* Check for size limits */
831 		if (zc->min_mod_size > crt->inputdatalength ||
832 		    zc->max_mod_size < crt->inputdatalength)
833 			continue;
834 		/* check if device node has admission for this card */
835 		if (!zcrypt_check_card(perms, zc->card->id))
836 			continue;
837 		/* get weight index of the card device	*/
838 		wgt = zc->speed_rating[func_code];
839 		/* penalty if this msg was previously sent via this card */
840 		cpen = (tr && tr->again_counter && tr->last_qid &&
841 			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
842 			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
843 		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
844 			continue;
845 		for_each_zcrypt_queue(zq, zc) {
846 			/* check if device is useable and eligible */
847 			if (!zq->online || !zq->ops->rsa_modexpo_crt ||
848 			    !zq->queue->config || zq->queue->chkstop)
849 				continue;
850 			/* check if device node has admission for this queue */
851 			if (!zcrypt_check_queue(perms,
852 						AP_QID_QUEUE(zq->queue->qid)))
853 				continue;
854 			/* penalty if the msg was previously sent at this qid */
855 			qpen = (tr && tr->again_counter && tr->last_qid &&
856 				tr->last_qid == zq->queue->qid) ?
857 				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
858 			if (!zcrypt_queue_compare(zq, pref_zq,
859 						  wgt + cpen + qpen, pref_wgt))
860 				continue;
861 			pref_zc = zc;
862 			pref_zq = zq;
863 			pref_wgt = wgt + cpen + qpen;
864 		}
865 	}
866 	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
867 	spin_unlock(&zcrypt_list_lock);
868 
869 	if (!pref_zq) {
870 		ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n",
871 			       __func__);
872 		rc = -ENODEV;
873 		goto out;
874 	}
875 
876 	qid = pref_zq->queue->qid;
877 	rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg);
878 
879 	spin_lock(&zcrypt_list_lock);
880 	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
881 	spin_unlock(&zcrypt_list_lock);
882 
883 out:
884 	ap_release_message(&ap_msg);
885 	if (tr) {
886 		tr->last_rc = rc;
887 		tr->last_qid = qid;
888 	}
889 	trace_s390_zcrypt_rep(crt, func_code, rc,
890 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
891 	return rc;
892 }
893 
894 static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms,
895 			      struct zcrypt_track *tr,
896 			      struct ica_xcRB *xcRB)
897 {
898 	struct zcrypt_card *zc, *pref_zc;
899 	struct zcrypt_queue *zq, *pref_zq;
900 	struct ap_message ap_msg;
901 	unsigned int wgt = 0, pref_wgt = 0;
902 	unsigned int func_code;
903 	unsigned short *domain, tdom;
904 	int cpen, qpen, qid = 0, rc = -ENODEV;
905 	struct module *mod;
906 
907 	trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
908 
909 	xcRB->status = 0;
910 	ap_init_message(&ap_msg);
911 
912 #ifdef CONFIG_ZCRYPT_DEBUG
913 	if (tr && tr->fi.cmd)
914 		ap_msg.fi.cmd = tr->fi.cmd;
915 	if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) {
916 		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n",
917 				__func__, tr->fi.cmd);
918 		xcRB->agent_ID = 0x4646;
919 	}
920 #endif
921 
922 	rc = prep_cca_ap_msg(userspace, xcRB, &ap_msg, &func_code, &domain);
923 	if (rc)
924 		goto out;
925 
926 	tdom = *domain;
927 	if (perms != &ap_perms && tdom < AP_DOMAINS) {
928 		if (ap_msg.flags & AP_MSG_FLAG_ADMIN) {
929 			if (!test_bit_inv(tdom, perms->adm)) {
930 				rc = -ENODEV;
931 				goto out;
932 			}
933 		} else if ((ap_msg.flags & AP_MSG_FLAG_USAGE) == 0) {
934 			rc = -EOPNOTSUPP;
935 			goto out;
936 		}
937 	}
938 	/*
939 	 * If a valid target domain is set and this domain is NOT a usage
940 	 * domain but a control only domain, autoselect target domain.
941 	 */
942 	if (tdom < AP_DOMAINS &&
943 	    !ap_test_config_usage_domain(tdom) &&
944 	    ap_test_config_ctrl_domain(tdom))
945 		tdom = AUTOSEL_DOM;
946 
947 	pref_zc = NULL;
948 	pref_zq = NULL;
949 	spin_lock(&zcrypt_list_lock);
950 	for_each_zcrypt_card(zc) {
951 		/* Check for useable CCA card */
952 		if (!zc->online || !zc->card->config || zc->card->chkstop ||
953 		    !(zc->card->functions & 0x10000000))
954 			continue;
955 		/* Check for user selected CCA card */
956 		if (xcRB->user_defined != AUTOSELECT &&
957 		    xcRB->user_defined != zc->card->id)
958 			continue;
959 		/* check if request size exceeds card max msg size */
960 		if (ap_msg.len > zc->card->maxmsgsize)
961 			continue;
962 		/* check if device node has admission for this card */
963 		if (!zcrypt_check_card(perms, zc->card->id))
964 			continue;
965 		/* get weight index of the card device	*/
966 		wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
967 		/* penalty if this msg was previously sent via this card */
968 		cpen = (tr && tr->again_counter && tr->last_qid &&
969 			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
970 			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
971 		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
972 			continue;
973 		for_each_zcrypt_queue(zq, zc) {
974 			/* check for device useable and eligible */
975 			if (!zq->online || !zq->ops->send_cprb ||
976 			    !zq->queue->config || zq->queue->chkstop ||
977 			    (tdom != AUTOSEL_DOM &&
978 			     tdom != AP_QID_QUEUE(zq->queue->qid)))
979 				continue;
980 			/* check if device node has admission for this queue */
981 			if (!zcrypt_check_queue(perms,
982 						AP_QID_QUEUE(zq->queue->qid)))
983 				continue;
984 			/* penalty if the msg was previously sent at this qid */
985 			qpen = (tr && tr->again_counter && tr->last_qid &&
986 				tr->last_qid == zq->queue->qid) ?
987 				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
988 			if (!zcrypt_queue_compare(zq, pref_zq,
989 						  wgt + cpen + qpen, pref_wgt))
990 				continue;
991 			pref_zc = zc;
992 			pref_zq = zq;
993 			pref_wgt = wgt + cpen + qpen;
994 		}
995 	}
996 	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
997 	spin_unlock(&zcrypt_list_lock);
998 
999 	if (!pref_zq) {
1000 		ZCRYPT_DBF_DBG("%s no match for address %02x.%04x => ENODEV\n",
1001 			       __func__, xcRB->user_defined, *domain);
1002 		rc = -ENODEV;
1003 		goto out;
1004 	}
1005 
1006 	/* in case of auto select, provide the correct domain */
1007 	qid = pref_zq->queue->qid;
1008 	if (*domain == AUTOSEL_DOM)
1009 		*domain = AP_QID_QUEUE(qid);
1010 
1011 #ifdef CONFIG_ZCRYPT_DEBUG
1012 	if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) {
1013 		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n",
1014 				__func__, tr->fi.cmd);
1015 		*domain = 99;
1016 	}
1017 #endif
1018 
1019 	rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg);
1020 
1021 	spin_lock(&zcrypt_list_lock);
1022 	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1023 	spin_unlock(&zcrypt_list_lock);
1024 
1025 out:
1026 	ap_release_message(&ap_msg);
1027 	if (tr) {
1028 		tr->last_rc = rc;
1029 		tr->last_qid = qid;
1030 	}
1031 	trace_s390_zcrypt_rep(xcRB, func_code, rc,
1032 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1033 	return rc;
1034 }
1035 
1036 long zcrypt_send_cprb(struct ica_xcRB *xcRB)
1037 {
1038 	return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB);
1039 }
1040 EXPORT_SYMBOL(zcrypt_send_cprb);
1041 
1042 static bool is_desired_ep11_card(unsigned int dev_id,
1043 				 unsigned short target_num,
1044 				 struct ep11_target_dev *targets)
1045 {
1046 	while (target_num-- > 0) {
1047 		if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP)
1048 			return true;
1049 		targets++;
1050 	}
1051 	return false;
1052 }
1053 
1054 static bool is_desired_ep11_queue(unsigned int dev_qid,
1055 				  unsigned short target_num,
1056 				  struct ep11_target_dev *targets)
1057 {
1058 	int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid);
1059 
1060 	while (target_num-- > 0) {
1061 		if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) &&
1062 		    (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM))
1063 			return true;
1064 		targets++;
1065 	}
1066 	return false;
1067 }
1068 
1069 static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms,
1070 				   struct zcrypt_track *tr,
1071 				   struct ep11_urb *xcrb)
1072 {
1073 	struct zcrypt_card *zc, *pref_zc;
1074 	struct zcrypt_queue *zq, *pref_zq;
1075 	struct ep11_target_dev *targets;
1076 	unsigned short target_num;
1077 	unsigned int wgt = 0, pref_wgt = 0;
1078 	unsigned int func_code, domain;
1079 	struct ap_message ap_msg;
1080 	int cpen, qpen, qid = 0, rc = -ENODEV;
1081 	struct module *mod;
1082 
1083 	trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB);
1084 
1085 	ap_init_message(&ap_msg);
1086 
1087 #ifdef CONFIG_ZCRYPT_DEBUG
1088 	if (tr && tr->fi.cmd)
1089 		ap_msg.fi.cmd = tr->fi.cmd;
1090 #endif
1091 
1092 	target_num = (unsigned short) xcrb->targets_num;
1093 
1094 	/* empty list indicates autoselect (all available targets) */
1095 	targets = NULL;
1096 	if (target_num != 0) {
1097 		struct ep11_target_dev __user *uptr;
1098 
1099 		targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL);
1100 		if (!targets) {
1101 			func_code = 0;
1102 			rc = -ENOMEM;
1103 			goto out;
1104 		}
1105 
1106 		uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
1107 		if (z_copy_from_user(userspace, targets, uptr,
1108 				   target_num * sizeof(*targets))) {
1109 			func_code = 0;
1110 			rc = -EFAULT;
1111 			goto out_free;
1112 		}
1113 	}
1114 
1115 	rc = prep_ep11_ap_msg(userspace, xcrb, &ap_msg, &func_code, &domain);
1116 	if (rc)
1117 		goto out_free;
1118 
1119 	if (perms != &ap_perms && domain < AUTOSEL_DOM) {
1120 		if (ap_msg.flags & AP_MSG_FLAG_ADMIN) {
1121 			if (!test_bit_inv(domain, perms->adm)) {
1122 				rc = -ENODEV;
1123 				goto out_free;
1124 			}
1125 		} else if ((ap_msg.flags & AP_MSG_FLAG_USAGE) == 0) {
1126 			rc = -EOPNOTSUPP;
1127 			goto out_free;
1128 		}
1129 	}
1130 
1131 	pref_zc = NULL;
1132 	pref_zq = NULL;
1133 	spin_lock(&zcrypt_list_lock);
1134 	for_each_zcrypt_card(zc) {
1135 		/* Check for useable EP11 card */
1136 		if (!zc->online || !zc->card->config || zc->card->chkstop ||
1137 		    !(zc->card->functions & 0x04000000))
1138 			continue;
1139 		/* Check for user selected EP11 card */
1140 		if (targets &&
1141 		    !is_desired_ep11_card(zc->card->id, target_num, targets))
1142 			continue;
1143 		/* check if request size exceeds card max msg size */
1144 		if (ap_msg.len > zc->card->maxmsgsize)
1145 			continue;
1146 		/* check if device node has admission for this card */
1147 		if (!zcrypt_check_card(perms, zc->card->id))
1148 			continue;
1149 		/* get weight index of the card device	*/
1150 		wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
1151 		/* penalty if this msg was previously sent via this card */
1152 		cpen = (tr && tr->again_counter && tr->last_qid &&
1153 			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
1154 			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
1155 		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
1156 			continue;
1157 		for_each_zcrypt_queue(zq, zc) {
1158 			/* check if device is useable and eligible */
1159 			if (!zq->online || !zq->ops->send_ep11_cprb ||
1160 			    !zq->queue->config || zq->queue->chkstop ||
1161 			    (targets &&
1162 			     !is_desired_ep11_queue(zq->queue->qid,
1163 						    target_num, targets)))
1164 				continue;
1165 			/* check if device node has admission for this queue */
1166 			if (!zcrypt_check_queue(perms,
1167 						AP_QID_QUEUE(zq->queue->qid)))
1168 				continue;
1169 			/* penalty if the msg was previously sent at this qid */
1170 			qpen = (tr && tr->again_counter && tr->last_qid &&
1171 				tr->last_qid == zq->queue->qid) ?
1172 				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
1173 			if (!zcrypt_queue_compare(zq, pref_zq,
1174 						  wgt + cpen + qpen, pref_wgt))
1175 				continue;
1176 			pref_zc = zc;
1177 			pref_zq = zq;
1178 			pref_wgt = wgt + cpen + qpen;
1179 		}
1180 	}
1181 	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1182 	spin_unlock(&zcrypt_list_lock);
1183 
1184 	if (!pref_zq) {
1185 		if (targets && target_num == 1) {
1186 			ZCRYPT_DBF_DBG("%s no match for address %02x.%04x => ENODEV\n",
1187 				       __func__, (int) targets->ap_id,
1188 				       (int) targets->dom_id);
1189 		} else if (targets) {
1190 			ZCRYPT_DBF_DBG("%s no match for %d target addrs => ENODEV\n",
1191 				       __func__, (int) target_num);
1192 		} else {
1193 			ZCRYPT_DBF_DBG("%s no match for address ff.ffff => ENODEV\n",
1194 				       __func__);
1195 		}
1196 		rc = -ENODEV;
1197 		goto out_free;
1198 	}
1199 
1200 	qid = pref_zq->queue->qid;
1201 	rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg);
1202 
1203 	spin_lock(&zcrypt_list_lock);
1204 	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1205 	spin_unlock(&zcrypt_list_lock);
1206 
1207 out_free:
1208 	kfree(targets);
1209 out:
1210 	ap_release_message(&ap_msg);
1211 	if (tr) {
1212 		tr->last_rc = rc;
1213 		tr->last_qid = qid;
1214 	}
1215 	trace_s390_zcrypt_rep(xcrb, func_code, rc,
1216 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1217 	return rc;
1218 }
1219 
1220 long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1221 {
1222 	return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb);
1223 }
1224 EXPORT_SYMBOL(zcrypt_send_ep11_cprb);
1225 
1226 static long zcrypt_rng(char *buffer)
1227 {
1228 	struct zcrypt_card *zc, *pref_zc;
1229 	struct zcrypt_queue *zq, *pref_zq;
1230 	unsigned int wgt = 0, pref_wgt = 0;
1231 	unsigned int func_code;
1232 	struct ap_message ap_msg;
1233 	unsigned int domain;
1234 	int qid = 0, rc = -ENODEV;
1235 	struct module *mod;
1236 
1237 	trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB);
1238 
1239 	ap_init_message(&ap_msg);
1240 	rc = prep_rng_ap_msg(&ap_msg, &func_code, &domain);
1241 	if (rc)
1242 		goto out;
1243 
1244 	pref_zc = NULL;
1245 	pref_zq = NULL;
1246 	spin_lock(&zcrypt_list_lock);
1247 	for_each_zcrypt_card(zc) {
1248 		/* Check for useable CCA card */
1249 		if (!zc->online || !zc->card->config || zc->card->chkstop ||
1250 		    !(zc->card->functions & 0x10000000))
1251 			continue;
1252 		/* get weight index of the card device	*/
1253 		wgt = zc->speed_rating[func_code];
1254 		if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt))
1255 			continue;
1256 		for_each_zcrypt_queue(zq, zc) {
1257 			/* check if device is useable and eligible */
1258 			if (!zq->online || !zq->ops->rng ||
1259 			    !zq->queue->config || zq->queue->chkstop)
1260 				continue;
1261 			if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt))
1262 				continue;
1263 			pref_zc = zc;
1264 			pref_zq = zq;
1265 			pref_wgt = wgt;
1266 		}
1267 	}
1268 	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1269 	spin_unlock(&zcrypt_list_lock);
1270 
1271 	if (!pref_zq) {
1272 		ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n",
1273 			__func__);
1274 		rc = -ENODEV;
1275 		goto out;
1276 	}
1277 
1278 	qid = pref_zq->queue->qid;
1279 	rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg);
1280 
1281 	spin_lock(&zcrypt_list_lock);
1282 	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1283 	spin_unlock(&zcrypt_list_lock);
1284 
1285 out:
1286 	ap_release_message(&ap_msg);
1287 	trace_s390_zcrypt_rep(buffer, func_code, rc,
1288 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1289 	return rc;
1290 }
1291 
1292 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus)
1293 {
1294 	struct zcrypt_card *zc;
1295 	struct zcrypt_queue *zq;
1296 	struct zcrypt_device_status *stat;
1297 	int card, queue;
1298 
1299 	memset(devstatus, 0, MAX_ZDEV_ENTRIES
1300 	       * sizeof(struct zcrypt_device_status));
1301 
1302 	spin_lock(&zcrypt_list_lock);
1303 	for_each_zcrypt_card(zc) {
1304 		for_each_zcrypt_queue(zq, zc) {
1305 			card = AP_QID_CARD(zq->queue->qid);
1306 			if (card >= MAX_ZDEV_CARDIDS)
1307 				continue;
1308 			queue = AP_QID_QUEUE(zq->queue->qid);
1309 			stat = &devstatus[card * AP_DOMAINS + queue];
1310 			stat->hwtype = zc->card->ap_dev.device_type;
1311 			stat->functions = zc->card->functions >> 26;
1312 			stat->qid = zq->queue->qid;
1313 			stat->online = zq->online ? 0x01 : 0x00;
1314 		}
1315 	}
1316 	spin_unlock(&zcrypt_list_lock);
1317 }
1318 
1319 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus)
1320 {
1321 	struct zcrypt_card *zc;
1322 	struct zcrypt_queue *zq;
1323 	struct zcrypt_device_status_ext *stat;
1324 	int card, queue;
1325 
1326 	memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT
1327 	       * sizeof(struct zcrypt_device_status_ext));
1328 
1329 	spin_lock(&zcrypt_list_lock);
1330 	for_each_zcrypt_card(zc) {
1331 		for_each_zcrypt_queue(zq, zc) {
1332 			card = AP_QID_CARD(zq->queue->qid);
1333 			queue = AP_QID_QUEUE(zq->queue->qid);
1334 			stat = &devstatus[card * AP_DOMAINS + queue];
1335 			stat->hwtype = zc->card->ap_dev.device_type;
1336 			stat->functions = zc->card->functions >> 26;
1337 			stat->qid = zq->queue->qid;
1338 			stat->online = zq->online ? 0x01 : 0x00;
1339 		}
1340 	}
1341 	spin_unlock(&zcrypt_list_lock);
1342 }
1343 EXPORT_SYMBOL(zcrypt_device_status_mask_ext);
1344 
1345 int zcrypt_device_status_ext(int card, int queue,
1346 			     struct zcrypt_device_status_ext *devstat)
1347 {
1348 	struct zcrypt_card *zc;
1349 	struct zcrypt_queue *zq;
1350 
1351 	memset(devstat, 0, sizeof(*devstat));
1352 
1353 	spin_lock(&zcrypt_list_lock);
1354 	for_each_zcrypt_card(zc) {
1355 		for_each_zcrypt_queue(zq, zc) {
1356 			if (card == AP_QID_CARD(zq->queue->qid) &&
1357 			    queue == AP_QID_QUEUE(zq->queue->qid)) {
1358 				devstat->hwtype = zc->card->ap_dev.device_type;
1359 				devstat->functions = zc->card->functions >> 26;
1360 				devstat->qid = zq->queue->qid;
1361 				devstat->online = zq->online ? 0x01 : 0x00;
1362 				spin_unlock(&zcrypt_list_lock);
1363 				return 0;
1364 			}
1365 		}
1366 	}
1367 	spin_unlock(&zcrypt_list_lock);
1368 
1369 	return -ENODEV;
1370 }
1371 EXPORT_SYMBOL(zcrypt_device_status_ext);
1372 
1373 static void zcrypt_status_mask(char status[], size_t max_adapters)
1374 {
1375 	struct zcrypt_card *zc;
1376 	struct zcrypt_queue *zq;
1377 	int card;
1378 
1379 	memset(status, 0, max_adapters);
1380 	spin_lock(&zcrypt_list_lock);
1381 	for_each_zcrypt_card(zc) {
1382 		for_each_zcrypt_queue(zq, zc) {
1383 			card = AP_QID_CARD(zq->queue->qid);
1384 			if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1385 			    || card >= max_adapters)
1386 				continue;
1387 			status[card] = zc->online ? zc->user_space_type : 0x0d;
1388 		}
1389 	}
1390 	spin_unlock(&zcrypt_list_lock);
1391 }
1392 
1393 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters)
1394 {
1395 	struct zcrypt_card *zc;
1396 	struct zcrypt_queue *zq;
1397 	int card;
1398 
1399 	memset(qdepth, 0, max_adapters);
1400 	spin_lock(&zcrypt_list_lock);
1401 	local_bh_disable();
1402 	for_each_zcrypt_card(zc) {
1403 		for_each_zcrypt_queue(zq, zc) {
1404 			card = AP_QID_CARD(zq->queue->qid);
1405 			if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1406 			    || card >= max_adapters)
1407 				continue;
1408 			spin_lock(&zq->queue->lock);
1409 			qdepth[card] =
1410 				zq->queue->pendingq_count +
1411 				zq->queue->requestq_count;
1412 			spin_unlock(&zq->queue->lock);
1413 		}
1414 	}
1415 	local_bh_enable();
1416 	spin_unlock(&zcrypt_list_lock);
1417 }
1418 
1419 static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters)
1420 {
1421 	struct zcrypt_card *zc;
1422 	struct zcrypt_queue *zq;
1423 	int card;
1424 	u64 cnt;
1425 
1426 	memset(reqcnt, 0, sizeof(int) * max_adapters);
1427 	spin_lock(&zcrypt_list_lock);
1428 	local_bh_disable();
1429 	for_each_zcrypt_card(zc) {
1430 		for_each_zcrypt_queue(zq, zc) {
1431 			card = AP_QID_CARD(zq->queue->qid);
1432 			if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1433 			    || card >= max_adapters)
1434 				continue;
1435 			spin_lock(&zq->queue->lock);
1436 			cnt = zq->queue->total_request_count;
1437 			spin_unlock(&zq->queue->lock);
1438 			reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX;
1439 		}
1440 	}
1441 	local_bh_enable();
1442 	spin_unlock(&zcrypt_list_lock);
1443 }
1444 
1445 static int zcrypt_pendingq_count(void)
1446 {
1447 	struct zcrypt_card *zc;
1448 	struct zcrypt_queue *zq;
1449 	int pendingq_count;
1450 
1451 	pendingq_count = 0;
1452 	spin_lock(&zcrypt_list_lock);
1453 	local_bh_disable();
1454 	for_each_zcrypt_card(zc) {
1455 		for_each_zcrypt_queue(zq, zc) {
1456 			if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1457 				continue;
1458 			spin_lock(&zq->queue->lock);
1459 			pendingq_count += zq->queue->pendingq_count;
1460 			spin_unlock(&zq->queue->lock);
1461 		}
1462 	}
1463 	local_bh_enable();
1464 	spin_unlock(&zcrypt_list_lock);
1465 	return pendingq_count;
1466 }
1467 
1468 static int zcrypt_requestq_count(void)
1469 {
1470 	struct zcrypt_card *zc;
1471 	struct zcrypt_queue *zq;
1472 	int requestq_count;
1473 
1474 	requestq_count = 0;
1475 	spin_lock(&zcrypt_list_lock);
1476 	local_bh_disable();
1477 	for_each_zcrypt_card(zc) {
1478 		for_each_zcrypt_queue(zq, zc) {
1479 			if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1480 				continue;
1481 			spin_lock(&zq->queue->lock);
1482 			requestq_count += zq->queue->requestq_count;
1483 			spin_unlock(&zq->queue->lock);
1484 		}
1485 	}
1486 	local_bh_enable();
1487 	spin_unlock(&zcrypt_list_lock);
1488 	return requestq_count;
1489 }
1490 
1491 static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg)
1492 {
1493 	int rc;
1494 	struct zcrypt_track tr;
1495 	struct ica_rsa_modexpo mex;
1496 	struct ica_rsa_modexpo __user *umex = (void __user *) arg;
1497 
1498 	memset(&tr, 0, sizeof(tr));
1499 	if (copy_from_user(&mex, umex, sizeof(mex)))
1500 		return -EFAULT;
1501 
1502 #ifdef CONFIG_ZCRYPT_DEBUG
1503 	if (mex.inputdatalength & (1U << 31)) {
1504 		if (!capable(CAP_SYS_ADMIN))
1505 			return -EPERM;
1506 		tr.fi.cmd = (u16)(mex.inputdatalength >> 16);
1507 	}
1508 	mex.inputdatalength &= 0x0000FFFF;
1509 #endif
1510 
1511 	do {
1512 		rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1513 		if (rc == -EAGAIN)
1514 			tr.again_counter++;
1515 #ifdef CONFIG_ZCRYPT_DEBUG
1516 		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1517 			break;
1518 #endif
1519 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1520 	/* on failure: retry once again after a requested rescan */
1521 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1522 		do {
1523 			rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1524 			if (rc == -EAGAIN)
1525 				tr.again_counter++;
1526 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1527 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1528 		rc = -EIO;
1529 	if (rc) {
1530 		ZCRYPT_DBF_DBG("ioctl ICARSAMODEXPO rc=%d\n", rc);
1531 		return rc;
1532 	}
1533 	return put_user(mex.outputdatalength, &umex->outputdatalength);
1534 }
1535 
1536 static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg)
1537 {
1538 	int rc;
1539 	struct zcrypt_track tr;
1540 	struct ica_rsa_modexpo_crt crt;
1541 	struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
1542 
1543 	memset(&tr, 0, sizeof(tr));
1544 	if (copy_from_user(&crt, ucrt, sizeof(crt)))
1545 		return -EFAULT;
1546 
1547 #ifdef CONFIG_ZCRYPT_DEBUG
1548 	if (crt.inputdatalength & (1U << 31)) {
1549 		if (!capable(CAP_SYS_ADMIN))
1550 			return -EPERM;
1551 		tr.fi.cmd = (u16)(crt.inputdatalength >> 16);
1552 	}
1553 	crt.inputdatalength &= 0x0000FFFF;
1554 #endif
1555 
1556 	do {
1557 		rc = zcrypt_rsa_crt(perms, &tr, &crt);
1558 		if (rc == -EAGAIN)
1559 			tr.again_counter++;
1560 #ifdef CONFIG_ZCRYPT_DEBUG
1561 		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1562 			break;
1563 #endif
1564 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1565 	/* on failure: retry once again after a requested rescan */
1566 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1567 		do {
1568 			rc = zcrypt_rsa_crt(perms, &tr, &crt);
1569 			if (rc == -EAGAIN)
1570 				tr.again_counter++;
1571 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1572 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1573 		rc = -EIO;
1574 	if (rc) {
1575 		ZCRYPT_DBF_DBG("ioctl ICARSACRT rc=%d\n", rc);
1576 		return rc;
1577 	}
1578 	return put_user(crt.outputdatalength, &ucrt->outputdatalength);
1579 }
1580 
1581 static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg)
1582 {
1583 	int rc;
1584 	struct ica_xcRB xcRB;
1585 	struct zcrypt_track tr;
1586 	struct ica_xcRB __user *uxcRB = (void __user *) arg;
1587 
1588 	memset(&tr, 0, sizeof(tr));
1589 	if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
1590 		return -EFAULT;
1591 
1592 #ifdef CONFIG_ZCRYPT_DEBUG
1593 	if ((xcRB.status & 0x8000FFFF) == 0x80004649 /* 'FI' */) {
1594 		if (!capable(CAP_SYS_ADMIN))
1595 			return -EPERM;
1596 		tr.fi.cmd = (u16)(xcRB.status >> 16);
1597 	}
1598 	xcRB.status = 0;
1599 #endif
1600 
1601 	do {
1602 		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1603 		if (rc == -EAGAIN)
1604 			tr.again_counter++;
1605 #ifdef CONFIG_ZCRYPT_DEBUG
1606 		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1607 			break;
1608 #endif
1609 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1610 	/* on failure: retry once again after a requested rescan */
1611 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1612 		do {
1613 			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1614 			if (rc == -EAGAIN)
1615 				tr.again_counter++;
1616 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1617 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1618 		rc = -EIO;
1619 	if (rc)
1620 		ZCRYPT_DBF_DBG("ioctl ZSENDCPRB rc=%d status=0x%x\n",
1621 			       rc, xcRB.status);
1622 	if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
1623 		return -EFAULT;
1624 	return rc;
1625 }
1626 
1627 static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg)
1628 {
1629 	int rc;
1630 	struct ep11_urb xcrb;
1631 	struct zcrypt_track tr;
1632 	struct ep11_urb __user *uxcrb = (void __user *)arg;
1633 
1634 	memset(&tr, 0, sizeof(tr));
1635 	if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
1636 		return -EFAULT;
1637 
1638 #ifdef CONFIG_ZCRYPT_DEBUG
1639 	if (xcrb.req_len & (1ULL << 63)) {
1640 		if (!capable(CAP_SYS_ADMIN))
1641 			return -EPERM;
1642 		tr.fi.cmd = (u16)(xcrb.req_len >> 48);
1643 	}
1644 	xcrb.req_len &= 0x0000FFFFFFFFFFFFULL;
1645 #endif
1646 
1647 	do {
1648 		rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1649 		if (rc == -EAGAIN)
1650 			tr.again_counter++;
1651 #ifdef CONFIG_ZCRYPT_DEBUG
1652 		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1653 			break;
1654 #endif
1655 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1656 	/* on failure: retry once again after a requested rescan */
1657 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1658 		do {
1659 			rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1660 			if (rc == -EAGAIN)
1661 				tr.again_counter++;
1662 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1663 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1664 		rc = -EIO;
1665 	if (rc)
1666 		ZCRYPT_DBF_DBG("ioctl ZSENDEP11CPRB rc=%d\n", rc);
1667 	if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
1668 		return -EFAULT;
1669 	return rc;
1670 }
1671 
1672 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
1673 				  unsigned long arg)
1674 {
1675 	int rc;
1676 	struct ap_perms *perms =
1677 		(struct ap_perms *) filp->private_data;
1678 
1679 	rc = zcrypt_check_ioctl(perms, cmd);
1680 	if (rc)
1681 		return rc;
1682 
1683 	switch (cmd) {
1684 	case ICARSAMODEXPO:
1685 		return icarsamodexpo_ioctl(perms, arg);
1686 	case ICARSACRT:
1687 		return icarsacrt_ioctl(perms, arg);
1688 	case ZSECSENDCPRB:
1689 		return zsecsendcprb_ioctl(perms, arg);
1690 	case ZSENDEP11CPRB:
1691 		return zsendep11cprb_ioctl(perms, arg);
1692 	case ZCRYPT_DEVICE_STATUS: {
1693 		struct zcrypt_device_status_ext *device_status;
1694 		size_t total_size = MAX_ZDEV_ENTRIES_EXT
1695 			* sizeof(struct zcrypt_device_status_ext);
1696 
1697 		device_status = kzalloc(total_size, GFP_KERNEL);
1698 		if (!device_status)
1699 			return -ENOMEM;
1700 		zcrypt_device_status_mask_ext(device_status);
1701 		if (copy_to_user((char __user *) arg, device_status,
1702 				 total_size))
1703 			rc = -EFAULT;
1704 		kfree(device_status);
1705 		return rc;
1706 	}
1707 	case ZCRYPT_STATUS_MASK: {
1708 		char status[AP_DEVICES];
1709 
1710 		zcrypt_status_mask(status, AP_DEVICES);
1711 		if (copy_to_user((char __user *) arg, status, sizeof(status)))
1712 			return -EFAULT;
1713 		return 0;
1714 	}
1715 	case ZCRYPT_QDEPTH_MASK: {
1716 		char qdepth[AP_DEVICES];
1717 
1718 		zcrypt_qdepth_mask(qdepth, AP_DEVICES);
1719 		if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1720 			return -EFAULT;
1721 		return 0;
1722 	}
1723 	case ZCRYPT_PERDEV_REQCNT: {
1724 		u32 *reqcnt;
1725 
1726 		reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL);
1727 		if (!reqcnt)
1728 			return -ENOMEM;
1729 		zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES);
1730 		if (copy_to_user((int __user *) arg, reqcnt,
1731 				 sizeof(u32) * AP_DEVICES))
1732 			rc = -EFAULT;
1733 		kfree(reqcnt);
1734 		return rc;
1735 	}
1736 	case Z90STAT_REQUESTQ_COUNT:
1737 		return put_user(zcrypt_requestq_count(), (int __user *) arg);
1738 	case Z90STAT_PENDINGQ_COUNT:
1739 		return put_user(zcrypt_pendingq_count(), (int __user *) arg);
1740 	case Z90STAT_TOTALOPEN_COUNT:
1741 		return put_user(atomic_read(&zcrypt_open_count),
1742 				(int __user *) arg);
1743 	case Z90STAT_DOMAIN_INDEX:
1744 		return put_user(ap_domain_index, (int __user *) arg);
1745 	/*
1746 	 * Deprecated ioctls
1747 	 */
1748 	case ZDEVICESTATUS: {
1749 		/* the old ioctl supports only 64 adapters */
1750 		struct zcrypt_device_status *device_status;
1751 		size_t total_size = MAX_ZDEV_ENTRIES
1752 			* sizeof(struct zcrypt_device_status);
1753 
1754 		device_status = kzalloc(total_size, GFP_KERNEL);
1755 		if (!device_status)
1756 			return -ENOMEM;
1757 		zcrypt_device_status_mask(device_status);
1758 		if (copy_to_user((char __user *) arg, device_status,
1759 				 total_size))
1760 			rc = -EFAULT;
1761 		kfree(device_status);
1762 		return rc;
1763 	}
1764 	case Z90STAT_STATUS_MASK: {
1765 		/* the old ioctl supports only 64 adapters */
1766 		char status[MAX_ZDEV_CARDIDS];
1767 
1768 		zcrypt_status_mask(status, MAX_ZDEV_CARDIDS);
1769 		if (copy_to_user((char __user *) arg, status, sizeof(status)))
1770 			return -EFAULT;
1771 		return 0;
1772 	}
1773 	case Z90STAT_QDEPTH_MASK: {
1774 		/* the old ioctl supports only 64 adapters */
1775 		char qdepth[MAX_ZDEV_CARDIDS];
1776 
1777 		zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS);
1778 		if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1779 			return -EFAULT;
1780 		return 0;
1781 	}
1782 	case Z90STAT_PERDEV_REQCNT: {
1783 		/* the old ioctl supports only 64 adapters */
1784 		u32 reqcnt[MAX_ZDEV_CARDIDS];
1785 
1786 		zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS);
1787 		if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt)))
1788 			return -EFAULT;
1789 		return 0;
1790 	}
1791 	/* unknown ioctl number */
1792 	default:
1793 		ZCRYPT_DBF_DBG("unknown ioctl 0x%08x\n", cmd);
1794 		return -ENOIOCTLCMD;
1795 	}
1796 }
1797 
1798 #ifdef CONFIG_COMPAT
1799 /*
1800  * ioctl32 conversion routines
1801  */
1802 struct compat_ica_rsa_modexpo {
1803 	compat_uptr_t	inputdata;
1804 	unsigned int	inputdatalength;
1805 	compat_uptr_t	outputdata;
1806 	unsigned int	outputdatalength;
1807 	compat_uptr_t	b_key;
1808 	compat_uptr_t	n_modulus;
1809 };
1810 
1811 static long trans_modexpo32(struct ap_perms *perms, struct file *filp,
1812 			    unsigned int cmd, unsigned long arg)
1813 {
1814 	struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg);
1815 	struct compat_ica_rsa_modexpo mex32;
1816 	struct ica_rsa_modexpo mex64;
1817 	struct zcrypt_track tr;
1818 	long rc;
1819 
1820 	memset(&tr, 0, sizeof(tr));
1821 	if (copy_from_user(&mex32, umex32, sizeof(mex32)))
1822 		return -EFAULT;
1823 	mex64.inputdata = compat_ptr(mex32.inputdata);
1824 	mex64.inputdatalength = mex32.inputdatalength;
1825 	mex64.outputdata = compat_ptr(mex32.outputdata);
1826 	mex64.outputdatalength = mex32.outputdatalength;
1827 	mex64.b_key = compat_ptr(mex32.b_key);
1828 	mex64.n_modulus = compat_ptr(mex32.n_modulus);
1829 	do {
1830 		rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1831 		if (rc == -EAGAIN)
1832 			tr.again_counter++;
1833 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1834 	/* on failure: retry once again after a requested rescan */
1835 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1836 		do {
1837 			rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1838 			if (rc == -EAGAIN)
1839 				tr.again_counter++;
1840 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1841 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1842 		rc = -EIO;
1843 	if (rc)
1844 		return rc;
1845 	return put_user(mex64.outputdatalength,
1846 			&umex32->outputdatalength);
1847 }
1848 
1849 struct compat_ica_rsa_modexpo_crt {
1850 	compat_uptr_t	inputdata;
1851 	unsigned int	inputdatalength;
1852 	compat_uptr_t	outputdata;
1853 	unsigned int	outputdatalength;
1854 	compat_uptr_t	bp_key;
1855 	compat_uptr_t	bq_key;
1856 	compat_uptr_t	np_prime;
1857 	compat_uptr_t	nq_prime;
1858 	compat_uptr_t	u_mult_inv;
1859 };
1860 
1861 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp,
1862 				unsigned int cmd, unsigned long arg)
1863 {
1864 	struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg);
1865 	struct compat_ica_rsa_modexpo_crt crt32;
1866 	struct ica_rsa_modexpo_crt crt64;
1867 	struct zcrypt_track tr;
1868 	long rc;
1869 
1870 	memset(&tr, 0, sizeof(tr));
1871 	if (copy_from_user(&crt32, ucrt32, sizeof(crt32)))
1872 		return -EFAULT;
1873 	crt64.inputdata = compat_ptr(crt32.inputdata);
1874 	crt64.inputdatalength = crt32.inputdatalength;
1875 	crt64.outputdata = compat_ptr(crt32.outputdata);
1876 	crt64.outputdatalength = crt32.outputdatalength;
1877 	crt64.bp_key = compat_ptr(crt32.bp_key);
1878 	crt64.bq_key = compat_ptr(crt32.bq_key);
1879 	crt64.np_prime = compat_ptr(crt32.np_prime);
1880 	crt64.nq_prime = compat_ptr(crt32.nq_prime);
1881 	crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv);
1882 	do {
1883 		rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1884 		if (rc == -EAGAIN)
1885 			tr.again_counter++;
1886 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1887 	/* on failure: retry once again after a requested rescan */
1888 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1889 		do {
1890 			rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1891 			if (rc == -EAGAIN)
1892 				tr.again_counter++;
1893 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1894 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1895 		rc = -EIO;
1896 	if (rc)
1897 		return rc;
1898 	return put_user(crt64.outputdatalength,
1899 			&ucrt32->outputdatalength);
1900 }
1901 
1902 struct compat_ica_xcRB {
1903 	unsigned short	agent_ID;
1904 	unsigned int	user_defined;
1905 	unsigned short	request_ID;
1906 	unsigned int	request_control_blk_length;
1907 	unsigned char	padding1[16 - sizeof(compat_uptr_t)];
1908 	compat_uptr_t	request_control_blk_addr;
1909 	unsigned int	request_data_length;
1910 	char		padding2[16 - sizeof(compat_uptr_t)];
1911 	compat_uptr_t	request_data_address;
1912 	unsigned int	reply_control_blk_length;
1913 	char		padding3[16 - sizeof(compat_uptr_t)];
1914 	compat_uptr_t	reply_control_blk_addr;
1915 	unsigned int	reply_data_length;
1916 	char		padding4[16 - sizeof(compat_uptr_t)];
1917 	compat_uptr_t	reply_data_addr;
1918 	unsigned short	priority_window;
1919 	unsigned int	status;
1920 } __packed;
1921 
1922 static long trans_xcRB32(struct ap_perms *perms, struct file *filp,
1923 			 unsigned int cmd, unsigned long arg)
1924 {
1925 	struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg);
1926 	struct compat_ica_xcRB xcRB32;
1927 	struct zcrypt_track tr;
1928 	struct ica_xcRB xcRB64;
1929 	long rc;
1930 
1931 	memset(&tr, 0, sizeof(tr));
1932 	if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32)))
1933 		return -EFAULT;
1934 	xcRB64.agent_ID = xcRB32.agent_ID;
1935 	xcRB64.user_defined = xcRB32.user_defined;
1936 	xcRB64.request_ID = xcRB32.request_ID;
1937 	xcRB64.request_control_blk_length =
1938 		xcRB32.request_control_blk_length;
1939 	xcRB64.request_control_blk_addr =
1940 		compat_ptr(xcRB32.request_control_blk_addr);
1941 	xcRB64.request_data_length =
1942 		xcRB32.request_data_length;
1943 	xcRB64.request_data_address =
1944 		compat_ptr(xcRB32.request_data_address);
1945 	xcRB64.reply_control_blk_length =
1946 		xcRB32.reply_control_blk_length;
1947 	xcRB64.reply_control_blk_addr =
1948 		compat_ptr(xcRB32.reply_control_blk_addr);
1949 	xcRB64.reply_data_length = xcRB32.reply_data_length;
1950 	xcRB64.reply_data_addr =
1951 		compat_ptr(xcRB32.reply_data_addr);
1952 	xcRB64.priority_window = xcRB32.priority_window;
1953 	xcRB64.status = xcRB32.status;
1954 	do {
1955 		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1956 		if (rc == -EAGAIN)
1957 			tr.again_counter++;
1958 	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1959 	/* on failure: retry once again after a requested rescan */
1960 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1961 		do {
1962 			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1963 			if (rc == -EAGAIN)
1964 				tr.again_counter++;
1965 		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1966 	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1967 		rc = -EIO;
1968 	xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length;
1969 	xcRB32.reply_data_length = xcRB64.reply_data_length;
1970 	xcRB32.status = xcRB64.status;
1971 	if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32)))
1972 		return -EFAULT;
1973 	return rc;
1974 }
1975 
1976 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd,
1977 			 unsigned long arg)
1978 {
1979 	int rc;
1980 	struct ap_perms *perms =
1981 		(struct ap_perms *) filp->private_data;
1982 
1983 	rc = zcrypt_check_ioctl(perms, cmd);
1984 	if (rc)
1985 		return rc;
1986 
1987 	if (cmd == ICARSAMODEXPO)
1988 		return trans_modexpo32(perms, filp, cmd, arg);
1989 	if (cmd == ICARSACRT)
1990 		return trans_modexpo_crt32(perms, filp, cmd, arg);
1991 	if (cmd == ZSECSENDCPRB)
1992 		return trans_xcRB32(perms, filp, cmd, arg);
1993 	return zcrypt_unlocked_ioctl(filp, cmd, arg);
1994 }
1995 #endif
1996 
1997 /*
1998  * Misc device file operations.
1999  */
2000 static const struct file_operations zcrypt_fops = {
2001 	.owner		= THIS_MODULE,
2002 	.read		= zcrypt_read,
2003 	.write		= zcrypt_write,
2004 	.unlocked_ioctl	= zcrypt_unlocked_ioctl,
2005 #ifdef CONFIG_COMPAT
2006 	.compat_ioctl	= zcrypt_compat_ioctl,
2007 #endif
2008 	.open		= zcrypt_open,
2009 	.release	= zcrypt_release,
2010 	.llseek		= no_llseek,
2011 };
2012 
2013 /*
2014  * Misc device.
2015  */
2016 static struct miscdevice zcrypt_misc_device = {
2017 	.minor	    = MISC_DYNAMIC_MINOR,
2018 	.name	    = "z90crypt",
2019 	.fops	    = &zcrypt_fops,
2020 };
2021 
2022 static int zcrypt_rng_device_count;
2023 static u32 *zcrypt_rng_buffer;
2024 static int zcrypt_rng_buffer_index;
2025 static DEFINE_MUTEX(zcrypt_rng_mutex);
2026 
2027 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data)
2028 {
2029 	int rc;
2030 
2031 	/*
2032 	 * We don't need locking here because the RNG API guarantees serialized
2033 	 * read method calls.
2034 	 */
2035 	if (zcrypt_rng_buffer_index == 0) {
2036 		rc = zcrypt_rng((char *) zcrypt_rng_buffer);
2037 		/* on failure: retry once again after a requested rescan */
2038 		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
2039 			rc = zcrypt_rng((char *) zcrypt_rng_buffer);
2040 		if (rc < 0)
2041 			return -EIO;
2042 		zcrypt_rng_buffer_index = rc / sizeof(*data);
2043 	}
2044 	*data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index];
2045 	return sizeof(*data);
2046 }
2047 
2048 static struct hwrng zcrypt_rng_dev = {
2049 	.name		= "zcrypt",
2050 	.data_read	= zcrypt_rng_data_read,
2051 	.quality	= 990,
2052 };
2053 
2054 int zcrypt_rng_device_add(void)
2055 {
2056 	int rc = 0;
2057 
2058 	mutex_lock(&zcrypt_rng_mutex);
2059 	if (zcrypt_rng_device_count == 0) {
2060 		zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL);
2061 		if (!zcrypt_rng_buffer) {
2062 			rc = -ENOMEM;
2063 			goto out;
2064 		}
2065 		zcrypt_rng_buffer_index = 0;
2066 		if (!zcrypt_hwrng_seed)
2067 			zcrypt_rng_dev.quality = 0;
2068 		rc = hwrng_register(&zcrypt_rng_dev);
2069 		if (rc)
2070 			goto out_free;
2071 		zcrypt_rng_device_count = 1;
2072 	} else
2073 		zcrypt_rng_device_count++;
2074 	mutex_unlock(&zcrypt_rng_mutex);
2075 	return 0;
2076 
2077 out_free:
2078 	free_page((unsigned long) zcrypt_rng_buffer);
2079 out:
2080 	mutex_unlock(&zcrypt_rng_mutex);
2081 	return rc;
2082 }
2083 
2084 void zcrypt_rng_device_remove(void)
2085 {
2086 	mutex_lock(&zcrypt_rng_mutex);
2087 	zcrypt_rng_device_count--;
2088 	if (zcrypt_rng_device_count == 0) {
2089 		hwrng_unregister(&zcrypt_rng_dev);
2090 		free_page((unsigned long) zcrypt_rng_buffer);
2091 	}
2092 	mutex_unlock(&zcrypt_rng_mutex);
2093 }
2094 
2095 /*
2096  * Wait until the zcrypt api is operational.
2097  * The AP bus scan and the binding of ap devices to device drivers is
2098  * an asynchronous job. This function waits until these initial jobs
2099  * are done and so the zcrypt api should be ready to serve crypto
2100  * requests - if there are resources available. The function uses an
2101  * internal timeout of 60s. The very first caller will either wait for
2102  * ap bus bindings complete or the timeout happens. This state will be
2103  * remembered for further callers which will only be blocked until a
2104  * decision is made (timeout or bindings complete).
2105  * On timeout -ETIME is returned, on success the return value is 0.
2106  */
2107 int zcrypt_wait_api_operational(void)
2108 {
2109 	static DEFINE_MUTEX(zcrypt_wait_api_lock);
2110 	static int zcrypt_wait_api_state;
2111 	int rc;
2112 
2113 	rc = mutex_lock_interruptible(&zcrypt_wait_api_lock);
2114 	if (rc)
2115 		return rc;
2116 
2117 	switch (zcrypt_wait_api_state) {
2118 	case 0:
2119 		/* initial state, invoke wait for the ap bus complete */
2120 		rc = ap_wait_init_apqn_bindings_complete(
2121 			msecs_to_jiffies(60 * 1000));
2122 		switch (rc) {
2123 		case 0:
2124 			/* ap bus bindings are complete */
2125 			zcrypt_wait_api_state = 1;
2126 			break;
2127 		case -EINTR:
2128 			/* interrupted, go back to caller */
2129 			break;
2130 		case -ETIME:
2131 			/* timeout */
2132 			ZCRYPT_DBF_WARN("%s ap_wait_init_apqn_bindings_complete()=ETIME\n",
2133 					__func__);
2134 			zcrypt_wait_api_state = -ETIME;
2135 			break;
2136 		default:
2137 			/* other failure */
2138 			ZCRYPT_DBF_DBG("%s ap_wait_init_apqn_bindings_complete()=%d\n",
2139 				       __func__, rc);
2140 			break;
2141 		}
2142 		break;
2143 	case 1:
2144 		/* a previous caller already found ap bus bindings complete */
2145 		rc = 0;
2146 		break;
2147 	default:
2148 		/* a previous caller had timeout or other failure */
2149 		rc = zcrypt_wait_api_state;
2150 		break;
2151 	}
2152 
2153 	mutex_unlock(&zcrypt_wait_api_lock);
2154 
2155 	return rc;
2156 }
2157 EXPORT_SYMBOL(zcrypt_wait_api_operational);
2158 
2159 int __init zcrypt_debug_init(void)
2160 {
2161 	zcrypt_dbf_info = debug_register("zcrypt", 2, 1,
2162 					 DBF_MAX_SPRINTF_ARGS * sizeof(long));
2163 	debug_register_view(zcrypt_dbf_info, &debug_sprintf_view);
2164 	debug_set_level(zcrypt_dbf_info, DBF_ERR);
2165 
2166 	return 0;
2167 }
2168 
2169 void zcrypt_debug_exit(void)
2170 {
2171 	debug_unregister(zcrypt_dbf_info);
2172 }
2173 
2174 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2175 
2176 static int __init zcdn_init(void)
2177 {
2178 	int rc;
2179 
2180 	/* create a new class 'zcrypt' */
2181 	zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME);
2182 	if (IS_ERR(zcrypt_class)) {
2183 		rc = PTR_ERR(zcrypt_class);
2184 		goto out_class_create_failed;
2185 	}
2186 	zcrypt_class->dev_release = zcdn_device_release;
2187 
2188 	/* alloc device minor range */
2189 	rc = alloc_chrdev_region(&zcrypt_devt,
2190 				 0, ZCRYPT_MAX_MINOR_NODES,
2191 				 ZCRYPT_NAME);
2192 	if (rc)
2193 		goto out_alloc_chrdev_failed;
2194 
2195 	cdev_init(&zcrypt_cdev, &zcrypt_fops);
2196 	zcrypt_cdev.owner = THIS_MODULE;
2197 	rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2198 	if (rc)
2199 		goto out_cdev_add_failed;
2200 
2201 	/* need some class specific sysfs attributes */
2202 	rc = class_create_file(zcrypt_class, &class_attr_zcdn_create);
2203 	if (rc)
2204 		goto out_class_create_file_1_failed;
2205 	rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy);
2206 	if (rc)
2207 		goto out_class_create_file_2_failed;
2208 
2209 	return 0;
2210 
2211 out_class_create_file_2_failed:
2212 	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2213 out_class_create_file_1_failed:
2214 	cdev_del(&zcrypt_cdev);
2215 out_cdev_add_failed:
2216 	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2217 out_alloc_chrdev_failed:
2218 	class_destroy(zcrypt_class);
2219 out_class_create_failed:
2220 	return rc;
2221 }
2222 
2223 static void zcdn_exit(void)
2224 {
2225 	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2226 	class_remove_file(zcrypt_class, &class_attr_zcdn_destroy);
2227 	zcdn_destroy_all();
2228 	cdev_del(&zcrypt_cdev);
2229 	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2230 	class_destroy(zcrypt_class);
2231 }
2232 
2233 #endif
2234 
2235 /*
2236  * zcrypt_api_init(): Module initialization.
2237  *
2238  * The module initialization code.
2239  */
2240 int __init zcrypt_api_init(void)
2241 {
2242 	int rc;
2243 
2244 	rc = zcrypt_debug_init();
2245 	if (rc)
2246 		goto out;
2247 
2248 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2249 	rc = zcdn_init();
2250 	if (rc)
2251 		goto out;
2252 #endif
2253 
2254 	/* Register the request sprayer. */
2255 	rc = misc_register(&zcrypt_misc_device);
2256 	if (rc < 0)
2257 		goto out_misc_register_failed;
2258 
2259 	zcrypt_msgtype6_init();
2260 	zcrypt_msgtype50_init();
2261 
2262 	return 0;
2263 
2264 out_misc_register_failed:
2265 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2266 	zcdn_exit();
2267 #endif
2268 	zcrypt_debug_exit();
2269 out:
2270 	return rc;
2271 }
2272 
2273 /*
2274  * zcrypt_api_exit(): Module termination.
2275  *
2276  * The module termination code.
2277  */
2278 void __exit zcrypt_api_exit(void)
2279 {
2280 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2281 	zcdn_exit();
2282 #endif
2283 	misc_deregister(&zcrypt_misc_device);
2284 	zcrypt_msgtype6_exit();
2285 	zcrypt_msgtype50_exit();
2286 	zcrypt_ccamisc_exit();
2287 	zcrypt_ep11misc_exit();
2288 	zcrypt_debug_exit();
2289 }
2290 
2291 module_init(zcrypt_api_init);
2292 module_exit(zcrypt_api_exit);
2293