1 /* 2 * linux/drivers/s390/crypto/zcrypt_api.c 3 * 4 * zcrypt 2.1.0 5 * 6 * Copyright (C) 2001, 2006 IBM Corporation 7 * Author(s): Robert Burroughs 8 * Eric Rossman (edrossma@us.ibm.com) 9 * Cornelia Huck <cornelia.huck@de.ibm.com> 10 * 11 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 12 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 13 * Ralph Wuerthner <rwuerthn@de.ibm.com> 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2, or (at your option) 18 * any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with this program; if not, write to the Free Software 27 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 #include <linux/module.h> 31 #include <linux/init.h> 32 #include <linux/interrupt.h> 33 #include <linux/miscdevice.h> 34 #include <linux/fs.h> 35 #include <linux/proc_fs.h> 36 #include <linux/seq_file.h> 37 #include <linux/compat.h> 38 #include <linux/slab.h> 39 #include <asm/atomic.h> 40 #include <asm/uaccess.h> 41 #include <linux/hw_random.h> 42 43 #include "zcrypt_api.h" 44 45 /* 46 * Module description. 47 */ 48 MODULE_AUTHOR("IBM Corporation"); 49 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " 50 "Copyright 2001, 2006 IBM Corporation"); 51 MODULE_LICENSE("GPL"); 52 53 static DEFINE_SPINLOCK(zcrypt_device_lock); 54 static LIST_HEAD(zcrypt_device_list); 55 static int zcrypt_device_count = 0; 56 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 57 58 static int zcrypt_rng_device_add(void); 59 static void zcrypt_rng_device_remove(void); 60 61 /* 62 * Device attributes common for all crypto devices. 63 */ 64 static ssize_t zcrypt_type_show(struct device *dev, 65 struct device_attribute *attr, char *buf) 66 { 67 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 68 return snprintf(buf, PAGE_SIZE, "%s\n", zdev->type_string); 69 } 70 71 static DEVICE_ATTR(type, 0444, zcrypt_type_show, NULL); 72 73 static ssize_t zcrypt_online_show(struct device *dev, 74 struct device_attribute *attr, char *buf) 75 { 76 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 77 return snprintf(buf, PAGE_SIZE, "%d\n", zdev->online); 78 } 79 80 static ssize_t zcrypt_online_store(struct device *dev, 81 struct device_attribute *attr, 82 const char *buf, size_t count) 83 { 84 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 85 int online; 86 87 if (sscanf(buf, "%d\n", &online) != 1 || online < 0 || online > 1) 88 return -EINVAL; 89 zdev->online = online; 90 if (!online) 91 ap_flush_queue(zdev->ap_dev); 92 return count; 93 } 94 95 static DEVICE_ATTR(online, 0644, zcrypt_online_show, zcrypt_online_store); 96 97 static struct attribute * zcrypt_device_attrs[] = { 98 &dev_attr_type.attr, 99 &dev_attr_online.attr, 100 NULL, 101 }; 102 103 static struct attribute_group zcrypt_device_attr_group = { 104 .attrs = zcrypt_device_attrs, 105 }; 106 107 /** 108 * __zcrypt_increase_preference(): Increase preference of a crypto device. 109 * @zdev: Pointer the crypto device 110 * 111 * Move the device towards the head of the device list. 112 * Need to be called while holding the zcrypt device list lock. 113 * Note: cards with speed_rating of 0 are kept at the end of the list. 114 */ 115 static void __zcrypt_increase_preference(struct zcrypt_device *zdev) 116 { 117 struct zcrypt_device *tmp; 118 struct list_head *l; 119 120 if (zdev->speed_rating == 0) 121 return; 122 for (l = zdev->list.prev; l != &zcrypt_device_list; l = l->prev) { 123 tmp = list_entry(l, struct zcrypt_device, list); 124 if ((tmp->request_count + 1) * tmp->speed_rating <= 125 (zdev->request_count + 1) * zdev->speed_rating && 126 tmp->speed_rating != 0) 127 break; 128 } 129 if (l == zdev->list.prev) 130 return; 131 /* Move zdev behind l */ 132 list_move(&zdev->list, l); 133 } 134 135 /** 136 * __zcrypt_decrease_preference(): Decrease preference of a crypto device. 137 * @zdev: Pointer to a crypto device. 138 * 139 * Move the device towards the tail of the device list. 140 * Need to be called while holding the zcrypt device list lock. 141 * Note: cards with speed_rating of 0 are kept at the end of the list. 142 */ 143 static void __zcrypt_decrease_preference(struct zcrypt_device *zdev) 144 { 145 struct zcrypt_device *tmp; 146 struct list_head *l; 147 148 if (zdev->speed_rating == 0) 149 return; 150 for (l = zdev->list.next; l != &zcrypt_device_list; l = l->next) { 151 tmp = list_entry(l, struct zcrypt_device, list); 152 if ((tmp->request_count + 1) * tmp->speed_rating > 153 (zdev->request_count + 1) * zdev->speed_rating || 154 tmp->speed_rating == 0) 155 break; 156 } 157 if (l == zdev->list.next) 158 return; 159 /* Move zdev before l */ 160 list_move_tail(&zdev->list, l); 161 } 162 163 static void zcrypt_device_release(struct kref *kref) 164 { 165 struct zcrypt_device *zdev = 166 container_of(kref, struct zcrypt_device, refcount); 167 zcrypt_device_free(zdev); 168 } 169 170 void zcrypt_device_get(struct zcrypt_device *zdev) 171 { 172 kref_get(&zdev->refcount); 173 } 174 EXPORT_SYMBOL(zcrypt_device_get); 175 176 int zcrypt_device_put(struct zcrypt_device *zdev) 177 { 178 return kref_put(&zdev->refcount, zcrypt_device_release); 179 } 180 EXPORT_SYMBOL(zcrypt_device_put); 181 182 struct zcrypt_device *zcrypt_device_alloc(size_t max_response_size) 183 { 184 struct zcrypt_device *zdev; 185 186 zdev = kzalloc(sizeof(struct zcrypt_device), GFP_KERNEL); 187 if (!zdev) 188 return NULL; 189 zdev->reply.message = kmalloc(max_response_size, GFP_KERNEL); 190 if (!zdev->reply.message) 191 goto out_free; 192 zdev->reply.length = max_response_size; 193 spin_lock_init(&zdev->lock); 194 INIT_LIST_HEAD(&zdev->list); 195 return zdev; 196 197 out_free: 198 kfree(zdev); 199 return NULL; 200 } 201 EXPORT_SYMBOL(zcrypt_device_alloc); 202 203 void zcrypt_device_free(struct zcrypt_device *zdev) 204 { 205 kfree(zdev->reply.message); 206 kfree(zdev); 207 } 208 EXPORT_SYMBOL(zcrypt_device_free); 209 210 /** 211 * zcrypt_device_register() - Register a crypto device. 212 * @zdev: Pointer to a crypto device 213 * 214 * Register a crypto device. Returns 0 if successful. 215 */ 216 int zcrypt_device_register(struct zcrypt_device *zdev) 217 { 218 int rc; 219 220 rc = sysfs_create_group(&zdev->ap_dev->device.kobj, 221 &zcrypt_device_attr_group); 222 if (rc) 223 goto out; 224 get_device(&zdev->ap_dev->device); 225 kref_init(&zdev->refcount); 226 spin_lock_bh(&zcrypt_device_lock); 227 zdev->online = 1; /* New devices are online by default. */ 228 list_add_tail(&zdev->list, &zcrypt_device_list); 229 __zcrypt_increase_preference(zdev); 230 zcrypt_device_count++; 231 spin_unlock_bh(&zcrypt_device_lock); 232 if (zdev->ops->rng) { 233 rc = zcrypt_rng_device_add(); 234 if (rc) 235 goto out_unregister; 236 } 237 return 0; 238 239 out_unregister: 240 spin_lock_bh(&zcrypt_device_lock); 241 zcrypt_device_count--; 242 list_del_init(&zdev->list); 243 spin_unlock_bh(&zcrypt_device_lock); 244 sysfs_remove_group(&zdev->ap_dev->device.kobj, 245 &zcrypt_device_attr_group); 246 put_device(&zdev->ap_dev->device); 247 zcrypt_device_put(zdev); 248 out: 249 return rc; 250 } 251 EXPORT_SYMBOL(zcrypt_device_register); 252 253 /** 254 * zcrypt_device_unregister(): Unregister a crypto device. 255 * @zdev: Pointer to crypto device 256 * 257 * Unregister a crypto device. 258 */ 259 void zcrypt_device_unregister(struct zcrypt_device *zdev) 260 { 261 if (zdev->ops->rng) 262 zcrypt_rng_device_remove(); 263 spin_lock_bh(&zcrypt_device_lock); 264 zcrypt_device_count--; 265 list_del_init(&zdev->list); 266 spin_unlock_bh(&zcrypt_device_lock); 267 sysfs_remove_group(&zdev->ap_dev->device.kobj, 268 &zcrypt_device_attr_group); 269 put_device(&zdev->ap_dev->device); 270 zcrypt_device_put(zdev); 271 } 272 EXPORT_SYMBOL(zcrypt_device_unregister); 273 274 /** 275 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 276 * 277 * This function is not supported beyond zcrypt 1.3.1. 278 */ 279 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 280 size_t count, loff_t *f_pos) 281 { 282 return -EPERM; 283 } 284 285 /** 286 * zcrypt_write(): Not allowed. 287 * 288 * Write is is not allowed 289 */ 290 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 291 size_t count, loff_t *f_pos) 292 { 293 return -EPERM; 294 } 295 296 /** 297 * zcrypt_open(): Count number of users. 298 * 299 * Device open function to count number of users. 300 */ 301 static int zcrypt_open(struct inode *inode, struct file *filp) 302 { 303 atomic_inc(&zcrypt_open_count); 304 return nonseekable_open(inode, filp); 305 } 306 307 /** 308 * zcrypt_release(): Count number of users. 309 * 310 * Device close function to count number of users. 311 */ 312 static int zcrypt_release(struct inode *inode, struct file *filp) 313 { 314 atomic_dec(&zcrypt_open_count); 315 return 0; 316 } 317 318 /* 319 * zcrypt ioctls. 320 */ 321 static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex) 322 { 323 struct zcrypt_device *zdev; 324 int rc; 325 326 if (mex->outputdatalength < mex->inputdatalength) 327 return -EINVAL; 328 /* 329 * As long as outputdatalength is big enough, we can set the 330 * outputdatalength equal to the inputdatalength, since that is the 331 * number of bytes we will copy in any case 332 */ 333 mex->outputdatalength = mex->inputdatalength; 334 335 spin_lock_bh(&zcrypt_device_lock); 336 list_for_each_entry(zdev, &zcrypt_device_list, list) { 337 if (!zdev->online || 338 !zdev->ops->rsa_modexpo || 339 zdev->min_mod_size > mex->inputdatalength || 340 zdev->max_mod_size < mex->inputdatalength) 341 continue; 342 zcrypt_device_get(zdev); 343 get_device(&zdev->ap_dev->device); 344 zdev->request_count++; 345 __zcrypt_decrease_preference(zdev); 346 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 347 spin_unlock_bh(&zcrypt_device_lock); 348 rc = zdev->ops->rsa_modexpo(zdev, mex); 349 spin_lock_bh(&zcrypt_device_lock); 350 module_put(zdev->ap_dev->drv->driver.owner); 351 } 352 else 353 rc = -EAGAIN; 354 zdev->request_count--; 355 __zcrypt_increase_preference(zdev); 356 put_device(&zdev->ap_dev->device); 357 zcrypt_device_put(zdev); 358 spin_unlock_bh(&zcrypt_device_lock); 359 return rc; 360 } 361 spin_unlock_bh(&zcrypt_device_lock); 362 return -ENODEV; 363 } 364 365 static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt) 366 { 367 struct zcrypt_device *zdev; 368 unsigned long long z1, z2, z3; 369 int rc, copied; 370 371 if (crt->outputdatalength < crt->inputdatalength || 372 (crt->inputdatalength & 1)) 373 return -EINVAL; 374 /* 375 * As long as outputdatalength is big enough, we can set the 376 * outputdatalength equal to the inputdatalength, since that is the 377 * number of bytes we will copy in any case 378 */ 379 crt->outputdatalength = crt->inputdatalength; 380 381 copied = 0; 382 restart: 383 spin_lock_bh(&zcrypt_device_lock); 384 list_for_each_entry(zdev, &zcrypt_device_list, list) { 385 if (!zdev->online || 386 !zdev->ops->rsa_modexpo_crt || 387 zdev->min_mod_size > crt->inputdatalength || 388 zdev->max_mod_size < crt->inputdatalength) 389 continue; 390 if (zdev->short_crt && crt->inputdatalength > 240) { 391 /* 392 * Check inputdata for leading zeros for cards 393 * that can't handle np_prime, bp_key, or 394 * u_mult_inv > 128 bytes. 395 */ 396 if (copied == 0) { 397 unsigned int len; 398 spin_unlock_bh(&zcrypt_device_lock); 399 /* len is max 256 / 2 - 120 = 8 400 * For bigger device just assume len of leading 401 * 0s is 8 as stated in the requirements for 402 * ica_rsa_modexpo_crt struct in zcrypt.h. 403 */ 404 if (crt->inputdatalength <= 256) 405 len = crt->inputdatalength / 2 - 120; 406 else 407 len = 8; 408 if (len > sizeof(z1)) 409 return -EFAULT; 410 z1 = z2 = z3 = 0; 411 if (copy_from_user(&z1, crt->np_prime, len) || 412 copy_from_user(&z2, crt->bp_key, len) || 413 copy_from_user(&z3, crt->u_mult_inv, len)) 414 return -EFAULT; 415 z1 = z2 = z3 = 0; 416 copied = 1; 417 /* 418 * We have to restart device lookup - 419 * the device list may have changed by now. 420 */ 421 goto restart; 422 } 423 if (z1 != 0ULL || z2 != 0ULL || z3 != 0ULL) 424 /* The device can't handle this request. */ 425 continue; 426 } 427 zcrypt_device_get(zdev); 428 get_device(&zdev->ap_dev->device); 429 zdev->request_count++; 430 __zcrypt_decrease_preference(zdev); 431 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 432 spin_unlock_bh(&zcrypt_device_lock); 433 rc = zdev->ops->rsa_modexpo_crt(zdev, crt); 434 spin_lock_bh(&zcrypt_device_lock); 435 module_put(zdev->ap_dev->drv->driver.owner); 436 } 437 else 438 rc = -EAGAIN; 439 zdev->request_count--; 440 __zcrypt_increase_preference(zdev); 441 put_device(&zdev->ap_dev->device); 442 zcrypt_device_put(zdev); 443 spin_unlock_bh(&zcrypt_device_lock); 444 return rc; 445 } 446 spin_unlock_bh(&zcrypt_device_lock); 447 return -ENODEV; 448 } 449 450 static long zcrypt_send_cprb(struct ica_xcRB *xcRB) 451 { 452 struct zcrypt_device *zdev; 453 int rc; 454 455 spin_lock_bh(&zcrypt_device_lock); 456 list_for_each_entry(zdev, &zcrypt_device_list, list) { 457 if (!zdev->online || !zdev->ops->send_cprb || 458 (xcRB->user_defined != AUTOSELECT && 459 AP_QID_DEVICE(zdev->ap_dev->qid) != xcRB->user_defined) 460 ) 461 continue; 462 zcrypt_device_get(zdev); 463 get_device(&zdev->ap_dev->device); 464 zdev->request_count++; 465 __zcrypt_decrease_preference(zdev); 466 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 467 spin_unlock_bh(&zcrypt_device_lock); 468 rc = zdev->ops->send_cprb(zdev, xcRB); 469 spin_lock_bh(&zcrypt_device_lock); 470 module_put(zdev->ap_dev->drv->driver.owner); 471 } 472 else 473 rc = -EAGAIN; 474 zdev->request_count--; 475 __zcrypt_increase_preference(zdev); 476 put_device(&zdev->ap_dev->device); 477 zcrypt_device_put(zdev); 478 spin_unlock_bh(&zcrypt_device_lock); 479 return rc; 480 } 481 spin_unlock_bh(&zcrypt_device_lock); 482 return -ENODEV; 483 } 484 485 static long zcrypt_rng(char *buffer) 486 { 487 struct zcrypt_device *zdev; 488 int rc; 489 490 spin_lock_bh(&zcrypt_device_lock); 491 list_for_each_entry(zdev, &zcrypt_device_list, list) { 492 if (!zdev->online || !zdev->ops->rng) 493 continue; 494 zcrypt_device_get(zdev); 495 get_device(&zdev->ap_dev->device); 496 zdev->request_count++; 497 __zcrypt_decrease_preference(zdev); 498 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 499 spin_unlock_bh(&zcrypt_device_lock); 500 rc = zdev->ops->rng(zdev, buffer); 501 spin_lock_bh(&zcrypt_device_lock); 502 module_put(zdev->ap_dev->drv->driver.owner); 503 } else 504 rc = -EAGAIN; 505 zdev->request_count--; 506 __zcrypt_increase_preference(zdev); 507 put_device(&zdev->ap_dev->device); 508 zcrypt_device_put(zdev); 509 spin_unlock_bh(&zcrypt_device_lock); 510 return rc; 511 } 512 spin_unlock_bh(&zcrypt_device_lock); 513 return -ENODEV; 514 } 515 516 static void zcrypt_status_mask(char status[AP_DEVICES]) 517 { 518 struct zcrypt_device *zdev; 519 520 memset(status, 0, sizeof(char) * AP_DEVICES); 521 spin_lock_bh(&zcrypt_device_lock); 522 list_for_each_entry(zdev, &zcrypt_device_list, list) 523 status[AP_QID_DEVICE(zdev->ap_dev->qid)] = 524 zdev->online ? zdev->user_space_type : 0x0d; 525 spin_unlock_bh(&zcrypt_device_lock); 526 } 527 528 static void zcrypt_qdepth_mask(char qdepth[AP_DEVICES]) 529 { 530 struct zcrypt_device *zdev; 531 532 memset(qdepth, 0, sizeof(char) * AP_DEVICES); 533 spin_lock_bh(&zcrypt_device_lock); 534 list_for_each_entry(zdev, &zcrypt_device_list, list) { 535 spin_lock(&zdev->ap_dev->lock); 536 qdepth[AP_QID_DEVICE(zdev->ap_dev->qid)] = 537 zdev->ap_dev->pendingq_count + 538 zdev->ap_dev->requestq_count; 539 spin_unlock(&zdev->ap_dev->lock); 540 } 541 spin_unlock_bh(&zcrypt_device_lock); 542 } 543 544 static void zcrypt_perdev_reqcnt(int reqcnt[AP_DEVICES]) 545 { 546 struct zcrypt_device *zdev; 547 548 memset(reqcnt, 0, sizeof(int) * AP_DEVICES); 549 spin_lock_bh(&zcrypt_device_lock); 550 list_for_each_entry(zdev, &zcrypt_device_list, list) { 551 spin_lock(&zdev->ap_dev->lock); 552 reqcnt[AP_QID_DEVICE(zdev->ap_dev->qid)] = 553 zdev->ap_dev->total_request_count; 554 spin_unlock(&zdev->ap_dev->lock); 555 } 556 spin_unlock_bh(&zcrypt_device_lock); 557 } 558 559 static int zcrypt_pendingq_count(void) 560 { 561 struct zcrypt_device *zdev; 562 int pendingq_count = 0; 563 564 spin_lock_bh(&zcrypt_device_lock); 565 list_for_each_entry(zdev, &zcrypt_device_list, list) { 566 spin_lock(&zdev->ap_dev->lock); 567 pendingq_count += zdev->ap_dev->pendingq_count; 568 spin_unlock(&zdev->ap_dev->lock); 569 } 570 spin_unlock_bh(&zcrypt_device_lock); 571 return pendingq_count; 572 } 573 574 static int zcrypt_requestq_count(void) 575 { 576 struct zcrypt_device *zdev; 577 int requestq_count = 0; 578 579 spin_lock_bh(&zcrypt_device_lock); 580 list_for_each_entry(zdev, &zcrypt_device_list, list) { 581 spin_lock(&zdev->ap_dev->lock); 582 requestq_count += zdev->ap_dev->requestq_count; 583 spin_unlock(&zdev->ap_dev->lock); 584 } 585 spin_unlock_bh(&zcrypt_device_lock); 586 return requestq_count; 587 } 588 589 static int zcrypt_count_type(int type) 590 { 591 struct zcrypt_device *zdev; 592 int device_count = 0; 593 594 spin_lock_bh(&zcrypt_device_lock); 595 list_for_each_entry(zdev, &zcrypt_device_list, list) 596 if (zdev->user_space_type == type) 597 device_count++; 598 spin_unlock_bh(&zcrypt_device_lock); 599 return device_count; 600 } 601 602 /** 603 * zcrypt_ica_status(): Old, depracted combi status call. 604 * 605 * Old, deprecated combi status call. 606 */ 607 static long zcrypt_ica_status(struct file *filp, unsigned long arg) 608 { 609 struct ica_z90_status *pstat; 610 int ret; 611 612 pstat = kzalloc(sizeof(*pstat), GFP_KERNEL); 613 if (!pstat) 614 return -ENOMEM; 615 pstat->totalcount = zcrypt_device_count; 616 pstat->leedslitecount = zcrypt_count_type(ZCRYPT_PCICA); 617 pstat->leeds2count = zcrypt_count_type(ZCRYPT_PCICC); 618 pstat->requestqWaitCount = zcrypt_requestq_count(); 619 pstat->pendingqWaitCount = zcrypt_pendingq_count(); 620 pstat->totalOpenCount = atomic_read(&zcrypt_open_count); 621 pstat->cryptoDomain = ap_domain_index; 622 zcrypt_status_mask(pstat->status); 623 zcrypt_qdepth_mask(pstat->qdepth); 624 ret = 0; 625 if (copy_to_user((void __user *) arg, pstat, sizeof(*pstat))) 626 ret = -EFAULT; 627 kfree(pstat); 628 return ret; 629 } 630 631 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 632 unsigned long arg) 633 { 634 int rc; 635 636 switch (cmd) { 637 case ICARSAMODEXPO: { 638 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 639 struct ica_rsa_modexpo mex; 640 if (copy_from_user(&mex, umex, sizeof(mex))) 641 return -EFAULT; 642 do { 643 rc = zcrypt_rsa_modexpo(&mex); 644 } while (rc == -EAGAIN); 645 if (rc) 646 return rc; 647 return put_user(mex.outputdatalength, &umex->outputdatalength); 648 } 649 case ICARSACRT: { 650 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 651 struct ica_rsa_modexpo_crt crt; 652 if (copy_from_user(&crt, ucrt, sizeof(crt))) 653 return -EFAULT; 654 do { 655 rc = zcrypt_rsa_crt(&crt); 656 } while (rc == -EAGAIN); 657 if (rc) 658 return rc; 659 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 660 } 661 case ZSECSENDCPRB: { 662 struct ica_xcRB __user *uxcRB = (void __user *) arg; 663 struct ica_xcRB xcRB; 664 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 665 return -EFAULT; 666 do { 667 rc = zcrypt_send_cprb(&xcRB); 668 } while (rc == -EAGAIN); 669 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 670 return -EFAULT; 671 return rc; 672 } 673 case Z90STAT_STATUS_MASK: { 674 char status[AP_DEVICES]; 675 zcrypt_status_mask(status); 676 if (copy_to_user((char __user *) arg, status, 677 sizeof(char) * AP_DEVICES)) 678 return -EFAULT; 679 return 0; 680 } 681 case Z90STAT_QDEPTH_MASK: { 682 char qdepth[AP_DEVICES]; 683 zcrypt_qdepth_mask(qdepth); 684 if (copy_to_user((char __user *) arg, qdepth, 685 sizeof(char) * AP_DEVICES)) 686 return -EFAULT; 687 return 0; 688 } 689 case Z90STAT_PERDEV_REQCNT: { 690 int reqcnt[AP_DEVICES]; 691 zcrypt_perdev_reqcnt(reqcnt); 692 if (copy_to_user((int __user *) arg, reqcnt, 693 sizeof(int) * AP_DEVICES)) 694 return -EFAULT; 695 return 0; 696 } 697 case Z90STAT_REQUESTQ_COUNT: 698 return put_user(zcrypt_requestq_count(), (int __user *) arg); 699 case Z90STAT_PENDINGQ_COUNT: 700 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 701 case Z90STAT_TOTALOPEN_COUNT: 702 return put_user(atomic_read(&zcrypt_open_count), 703 (int __user *) arg); 704 case Z90STAT_DOMAIN_INDEX: 705 return put_user(ap_domain_index, (int __user *) arg); 706 /* 707 * Deprecated ioctls. Don't add another device count ioctl, 708 * you can count them yourself in the user space with the 709 * output of the Z90STAT_STATUS_MASK ioctl. 710 */ 711 case ICAZ90STATUS: 712 return zcrypt_ica_status(filp, arg); 713 case Z90STAT_TOTALCOUNT: 714 return put_user(zcrypt_device_count, (int __user *) arg); 715 case Z90STAT_PCICACOUNT: 716 return put_user(zcrypt_count_type(ZCRYPT_PCICA), 717 (int __user *) arg); 718 case Z90STAT_PCICCCOUNT: 719 return put_user(zcrypt_count_type(ZCRYPT_PCICC), 720 (int __user *) arg); 721 case Z90STAT_PCIXCCMCL2COUNT: 722 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2), 723 (int __user *) arg); 724 case Z90STAT_PCIXCCMCL3COUNT: 725 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 726 (int __user *) arg); 727 case Z90STAT_PCIXCCCOUNT: 728 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2) + 729 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 730 (int __user *) arg); 731 case Z90STAT_CEX2CCOUNT: 732 return put_user(zcrypt_count_type(ZCRYPT_CEX2C), 733 (int __user *) arg); 734 case Z90STAT_CEX2ACOUNT: 735 return put_user(zcrypt_count_type(ZCRYPT_CEX2A), 736 (int __user *) arg); 737 default: 738 /* unknown ioctl number */ 739 return -ENOIOCTLCMD; 740 } 741 } 742 743 #ifdef CONFIG_COMPAT 744 /* 745 * ioctl32 conversion routines 746 */ 747 struct compat_ica_rsa_modexpo { 748 compat_uptr_t inputdata; 749 unsigned int inputdatalength; 750 compat_uptr_t outputdata; 751 unsigned int outputdatalength; 752 compat_uptr_t b_key; 753 compat_uptr_t n_modulus; 754 }; 755 756 static long trans_modexpo32(struct file *filp, unsigned int cmd, 757 unsigned long arg) 758 { 759 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 760 struct compat_ica_rsa_modexpo mex32; 761 struct ica_rsa_modexpo mex64; 762 long rc; 763 764 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 765 return -EFAULT; 766 mex64.inputdata = compat_ptr(mex32.inputdata); 767 mex64.inputdatalength = mex32.inputdatalength; 768 mex64.outputdata = compat_ptr(mex32.outputdata); 769 mex64.outputdatalength = mex32.outputdatalength; 770 mex64.b_key = compat_ptr(mex32.b_key); 771 mex64.n_modulus = compat_ptr(mex32.n_modulus); 772 do { 773 rc = zcrypt_rsa_modexpo(&mex64); 774 } while (rc == -EAGAIN); 775 if (!rc) 776 rc = put_user(mex64.outputdatalength, 777 &umex32->outputdatalength); 778 return rc; 779 } 780 781 struct compat_ica_rsa_modexpo_crt { 782 compat_uptr_t inputdata; 783 unsigned int inputdatalength; 784 compat_uptr_t outputdata; 785 unsigned int outputdatalength; 786 compat_uptr_t bp_key; 787 compat_uptr_t bq_key; 788 compat_uptr_t np_prime; 789 compat_uptr_t nq_prime; 790 compat_uptr_t u_mult_inv; 791 }; 792 793 static long trans_modexpo_crt32(struct file *filp, unsigned int cmd, 794 unsigned long arg) 795 { 796 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 797 struct compat_ica_rsa_modexpo_crt crt32; 798 struct ica_rsa_modexpo_crt crt64; 799 long rc; 800 801 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 802 return -EFAULT; 803 crt64.inputdata = compat_ptr(crt32.inputdata); 804 crt64.inputdatalength = crt32.inputdatalength; 805 crt64.outputdata= compat_ptr(crt32.outputdata); 806 crt64.outputdatalength = crt32.outputdatalength; 807 crt64.bp_key = compat_ptr(crt32.bp_key); 808 crt64.bq_key = compat_ptr(crt32.bq_key); 809 crt64.np_prime = compat_ptr(crt32.np_prime); 810 crt64.nq_prime = compat_ptr(crt32.nq_prime); 811 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 812 do { 813 rc = zcrypt_rsa_crt(&crt64); 814 } while (rc == -EAGAIN); 815 if (!rc) 816 rc = put_user(crt64.outputdatalength, 817 &ucrt32->outputdatalength); 818 return rc; 819 } 820 821 struct compat_ica_xcRB { 822 unsigned short agent_ID; 823 unsigned int user_defined; 824 unsigned short request_ID; 825 unsigned int request_control_blk_length; 826 unsigned char padding1[16 - sizeof (compat_uptr_t)]; 827 compat_uptr_t request_control_blk_addr; 828 unsigned int request_data_length; 829 char padding2[16 - sizeof (compat_uptr_t)]; 830 compat_uptr_t request_data_address; 831 unsigned int reply_control_blk_length; 832 char padding3[16 - sizeof (compat_uptr_t)]; 833 compat_uptr_t reply_control_blk_addr; 834 unsigned int reply_data_length; 835 char padding4[16 - sizeof (compat_uptr_t)]; 836 compat_uptr_t reply_data_addr; 837 unsigned short priority_window; 838 unsigned int status; 839 } __attribute__((packed)); 840 841 static long trans_xcRB32(struct file *filp, unsigned int cmd, 842 unsigned long arg) 843 { 844 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 845 struct compat_ica_xcRB xcRB32; 846 struct ica_xcRB xcRB64; 847 long rc; 848 849 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 850 return -EFAULT; 851 xcRB64.agent_ID = xcRB32.agent_ID; 852 xcRB64.user_defined = xcRB32.user_defined; 853 xcRB64.request_ID = xcRB32.request_ID; 854 xcRB64.request_control_blk_length = 855 xcRB32.request_control_blk_length; 856 xcRB64.request_control_blk_addr = 857 compat_ptr(xcRB32.request_control_blk_addr); 858 xcRB64.request_data_length = 859 xcRB32.request_data_length; 860 xcRB64.request_data_address = 861 compat_ptr(xcRB32.request_data_address); 862 xcRB64.reply_control_blk_length = 863 xcRB32.reply_control_blk_length; 864 xcRB64.reply_control_blk_addr = 865 compat_ptr(xcRB32.reply_control_blk_addr); 866 xcRB64.reply_data_length = xcRB32.reply_data_length; 867 xcRB64.reply_data_addr = 868 compat_ptr(xcRB32.reply_data_addr); 869 xcRB64.priority_window = xcRB32.priority_window; 870 xcRB64.status = xcRB32.status; 871 do { 872 rc = zcrypt_send_cprb(&xcRB64); 873 } while (rc == -EAGAIN); 874 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 875 xcRB32.reply_data_length = xcRB64.reply_data_length; 876 xcRB32.status = xcRB64.status; 877 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 878 return -EFAULT; 879 return rc; 880 } 881 882 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 883 unsigned long arg) 884 { 885 if (cmd == ICARSAMODEXPO) 886 return trans_modexpo32(filp, cmd, arg); 887 if (cmd == ICARSACRT) 888 return trans_modexpo_crt32(filp, cmd, arg); 889 if (cmd == ZSECSENDCPRB) 890 return trans_xcRB32(filp, cmd, arg); 891 return zcrypt_unlocked_ioctl(filp, cmd, arg); 892 } 893 #endif 894 895 /* 896 * Misc device file operations. 897 */ 898 static const struct file_operations zcrypt_fops = { 899 .owner = THIS_MODULE, 900 .read = zcrypt_read, 901 .write = zcrypt_write, 902 .unlocked_ioctl = zcrypt_unlocked_ioctl, 903 #ifdef CONFIG_COMPAT 904 .compat_ioctl = zcrypt_compat_ioctl, 905 #endif 906 .open = zcrypt_open, 907 .release = zcrypt_release, 908 .llseek = no_llseek, 909 }; 910 911 /* 912 * Misc device. 913 */ 914 static struct miscdevice zcrypt_misc_device = { 915 .minor = MISC_DYNAMIC_MINOR, 916 .name = "z90crypt", 917 .fops = &zcrypt_fops, 918 }; 919 920 /* 921 * Deprecated /proc entry support. 922 */ 923 static struct proc_dir_entry *zcrypt_entry; 924 925 static void sprintcl(struct seq_file *m, unsigned char *addr, unsigned int len) 926 { 927 int i; 928 929 for (i = 0; i < len; i++) 930 seq_printf(m, "%01x", (unsigned int) addr[i]); 931 seq_putc(m, ' '); 932 } 933 934 static void sprintrw(struct seq_file *m, unsigned char *addr, unsigned int len) 935 { 936 int inl, c, cx; 937 938 seq_printf(m, " "); 939 inl = 0; 940 for (c = 0; c < (len / 16); c++) { 941 sprintcl(m, addr+inl, 16); 942 inl += 16; 943 } 944 cx = len%16; 945 if (cx) { 946 sprintcl(m, addr+inl, cx); 947 inl += cx; 948 } 949 seq_putc(m, '\n'); 950 } 951 952 static void sprinthx(unsigned char *title, struct seq_file *m, 953 unsigned char *addr, unsigned int len) 954 { 955 int inl, r, rx; 956 957 seq_printf(m, "\n%s\n", title); 958 inl = 0; 959 for (r = 0; r < (len / 64); r++) { 960 sprintrw(m, addr+inl, 64); 961 inl += 64; 962 } 963 rx = len % 64; 964 if (rx) { 965 sprintrw(m, addr+inl, rx); 966 inl += rx; 967 } 968 seq_putc(m, '\n'); 969 } 970 971 static void sprinthx4(unsigned char *title, struct seq_file *m, 972 unsigned int *array, unsigned int len) 973 { 974 int r; 975 976 seq_printf(m, "\n%s\n", title); 977 for (r = 0; r < len; r++) { 978 if ((r % 8) == 0) 979 seq_printf(m, " "); 980 seq_printf(m, "%08X ", array[r]); 981 if ((r % 8) == 7) 982 seq_putc(m, '\n'); 983 } 984 seq_putc(m, '\n'); 985 } 986 987 static int zcrypt_proc_show(struct seq_file *m, void *v) 988 { 989 char workarea[sizeof(int) * AP_DEVICES]; 990 991 seq_printf(m, "\nzcrypt version: %d.%d.%d\n", 992 ZCRYPT_VERSION, ZCRYPT_RELEASE, ZCRYPT_VARIANT); 993 seq_printf(m, "Cryptographic domain: %d\n", ap_domain_index); 994 seq_printf(m, "Total device count: %d\n", zcrypt_device_count); 995 seq_printf(m, "PCICA count: %d\n", zcrypt_count_type(ZCRYPT_PCICA)); 996 seq_printf(m, "PCICC count: %d\n", zcrypt_count_type(ZCRYPT_PCICC)); 997 seq_printf(m, "PCIXCC MCL2 count: %d\n", 998 zcrypt_count_type(ZCRYPT_PCIXCC_MCL2)); 999 seq_printf(m, "PCIXCC MCL3 count: %d\n", 1000 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3)); 1001 seq_printf(m, "CEX2C count: %d\n", zcrypt_count_type(ZCRYPT_CEX2C)); 1002 seq_printf(m, "CEX2A count: %d\n", zcrypt_count_type(ZCRYPT_CEX2A)); 1003 seq_printf(m, "CEX3C count: %d\n", zcrypt_count_type(ZCRYPT_CEX3C)); 1004 seq_printf(m, "CEX3A count: %d\n", zcrypt_count_type(ZCRYPT_CEX3A)); 1005 seq_printf(m, "requestq count: %d\n", zcrypt_requestq_count()); 1006 seq_printf(m, "pendingq count: %d\n", zcrypt_pendingq_count()); 1007 seq_printf(m, "Total open handles: %d\n\n", 1008 atomic_read(&zcrypt_open_count)); 1009 zcrypt_status_mask(workarea); 1010 sprinthx("Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) " 1011 "4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A 7=CEX3C 8=CEX3A", 1012 m, workarea, AP_DEVICES); 1013 zcrypt_qdepth_mask(workarea); 1014 sprinthx("Waiting work element counts", m, workarea, AP_DEVICES); 1015 zcrypt_perdev_reqcnt((int *) workarea); 1016 sprinthx4("Per-device successfully completed request counts", 1017 m, (unsigned int *) workarea, AP_DEVICES); 1018 return 0; 1019 } 1020 1021 static int zcrypt_proc_open(struct inode *inode, struct file *file) 1022 { 1023 return single_open(file, zcrypt_proc_show, NULL); 1024 } 1025 1026 static void zcrypt_disable_card(int index) 1027 { 1028 struct zcrypt_device *zdev; 1029 1030 spin_lock_bh(&zcrypt_device_lock); 1031 list_for_each_entry(zdev, &zcrypt_device_list, list) 1032 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1033 zdev->online = 0; 1034 ap_flush_queue(zdev->ap_dev); 1035 break; 1036 } 1037 spin_unlock_bh(&zcrypt_device_lock); 1038 } 1039 1040 static void zcrypt_enable_card(int index) 1041 { 1042 struct zcrypt_device *zdev; 1043 1044 spin_lock_bh(&zcrypt_device_lock); 1045 list_for_each_entry(zdev, &zcrypt_device_list, list) 1046 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1047 zdev->online = 1; 1048 break; 1049 } 1050 spin_unlock_bh(&zcrypt_device_lock); 1051 } 1052 1053 static ssize_t zcrypt_proc_write(struct file *file, const char __user *buffer, 1054 size_t count, loff_t *pos) 1055 { 1056 unsigned char *lbuf, *ptr; 1057 size_t local_count; 1058 int j; 1059 1060 if (count <= 0) 1061 return 0; 1062 1063 #define LBUFSIZE 1200UL 1064 lbuf = kmalloc(LBUFSIZE, GFP_KERNEL); 1065 if (!lbuf) 1066 return 0; 1067 1068 local_count = min(LBUFSIZE - 1, count); 1069 if (copy_from_user(lbuf, buffer, local_count) != 0) { 1070 kfree(lbuf); 1071 return -EFAULT; 1072 } 1073 lbuf[local_count] = '\0'; 1074 1075 ptr = strstr(lbuf, "Online devices"); 1076 if (!ptr) 1077 goto out; 1078 ptr = strstr(ptr, "\n"); 1079 if (!ptr) 1080 goto out; 1081 ptr++; 1082 1083 if (strstr(ptr, "Waiting work element counts") == NULL) 1084 goto out; 1085 1086 for (j = 0; j < 64 && *ptr; ptr++) { 1087 /* 1088 * '0' for no device, '1' for PCICA, '2' for PCICC, 1089 * '3' for PCIXCC_MCL2, '4' for PCIXCC_MCL3, 1090 * '5' for CEX2C and '6' for CEX2A' 1091 * '7' for CEX3C and '8' for CEX3A 1092 */ 1093 if (*ptr >= '0' && *ptr <= '8') 1094 j++; 1095 else if (*ptr == 'd' || *ptr == 'D') 1096 zcrypt_disable_card(j++); 1097 else if (*ptr == 'e' || *ptr == 'E') 1098 zcrypt_enable_card(j++); 1099 else if (*ptr != ' ' && *ptr != '\t') 1100 break; 1101 } 1102 out: 1103 kfree(lbuf); 1104 return count; 1105 } 1106 1107 static const struct file_operations zcrypt_proc_fops = { 1108 .owner = THIS_MODULE, 1109 .open = zcrypt_proc_open, 1110 .read = seq_read, 1111 .llseek = seq_lseek, 1112 .release = single_release, 1113 .write = zcrypt_proc_write, 1114 }; 1115 1116 static int zcrypt_rng_device_count; 1117 static u32 *zcrypt_rng_buffer; 1118 static int zcrypt_rng_buffer_index; 1119 static DEFINE_MUTEX(zcrypt_rng_mutex); 1120 1121 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1122 { 1123 int rc; 1124 1125 /* 1126 * We don't need locking here because the RNG API guarantees serialized 1127 * read method calls. 1128 */ 1129 if (zcrypt_rng_buffer_index == 0) { 1130 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1131 if (rc < 0) 1132 return -EIO; 1133 zcrypt_rng_buffer_index = rc / sizeof *data; 1134 } 1135 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1136 return sizeof *data; 1137 } 1138 1139 static struct hwrng zcrypt_rng_dev = { 1140 .name = "zcrypt", 1141 .data_read = zcrypt_rng_data_read, 1142 }; 1143 1144 static int zcrypt_rng_device_add(void) 1145 { 1146 int rc = 0; 1147 1148 mutex_lock(&zcrypt_rng_mutex); 1149 if (zcrypt_rng_device_count == 0) { 1150 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1151 if (!zcrypt_rng_buffer) { 1152 rc = -ENOMEM; 1153 goto out; 1154 } 1155 zcrypt_rng_buffer_index = 0; 1156 rc = hwrng_register(&zcrypt_rng_dev); 1157 if (rc) 1158 goto out_free; 1159 zcrypt_rng_device_count = 1; 1160 } else 1161 zcrypt_rng_device_count++; 1162 mutex_unlock(&zcrypt_rng_mutex); 1163 return 0; 1164 1165 out_free: 1166 free_page((unsigned long) zcrypt_rng_buffer); 1167 out: 1168 mutex_unlock(&zcrypt_rng_mutex); 1169 return rc; 1170 } 1171 1172 static void zcrypt_rng_device_remove(void) 1173 { 1174 mutex_lock(&zcrypt_rng_mutex); 1175 zcrypt_rng_device_count--; 1176 if (zcrypt_rng_device_count == 0) { 1177 hwrng_unregister(&zcrypt_rng_dev); 1178 free_page((unsigned long) zcrypt_rng_buffer); 1179 } 1180 mutex_unlock(&zcrypt_rng_mutex); 1181 } 1182 1183 /** 1184 * zcrypt_api_init(): Module initialization. 1185 * 1186 * The module initialization code. 1187 */ 1188 int __init zcrypt_api_init(void) 1189 { 1190 int rc; 1191 1192 /* Register the request sprayer. */ 1193 rc = misc_register(&zcrypt_misc_device); 1194 if (rc < 0) 1195 goto out; 1196 1197 /* Set up the proc file system */ 1198 zcrypt_entry = proc_create("driver/z90crypt", 0644, NULL, &zcrypt_proc_fops); 1199 if (!zcrypt_entry) { 1200 rc = -ENOMEM; 1201 goto out_misc; 1202 } 1203 1204 return 0; 1205 1206 out_misc: 1207 misc_deregister(&zcrypt_misc_device); 1208 out: 1209 return rc; 1210 } 1211 1212 /** 1213 * zcrypt_api_exit(): Module termination. 1214 * 1215 * The module termination code. 1216 */ 1217 void zcrypt_api_exit(void) 1218 { 1219 remove_proc_entry("driver/z90crypt", NULL); 1220 misc_deregister(&zcrypt_misc_device); 1221 } 1222 1223 #ifndef CONFIG_ZCRYPT_MONOLITHIC 1224 module_init(zcrypt_api_init); 1225 module_exit(zcrypt_api_exit); 1226 #endif 1227